/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* @file ckmc-manager.h
* @version 1.0
- * @brief Provides management functions(storing, retrieving, and removing) for keys, certificates and data of a user and additional crypto functions.
+ * @brief Provides management functions(storing, retrieving, and removing) for keys,
+ * certificates and data of a user and additional crypto functions.
*/
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks Currently only four types of keys are supported for this API. These are RSA public/private key and ECDSA /private key.
- * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys.
- * @remarks Some private key files are protected by a password. if raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the #ckmc_key_s structure.
- * @remarks if password in policy is provided, the key is additionally encrypted with the password in policy.
- *
- * @param[in] alias the name of a key to be stored
- * @param[in] key a key's binary value to be stored.
- * @param[in] policy about how to store a key securely.
- *
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ALIAS_EXISTS alias already exists.
- * @retval #CKMC_ERROR_INVALID_FORMAT the format of raw_key is not valid.
- * @retval #CKMC_ERROR_DB_ERROR failed due to other DB transaction unexpectedly.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
- *
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
- *
- * @see ckmc_remove_key()
+ * @remarks Currently API supports seven types of keys. These are RSA public/private key,
+ * DSA public/private key, ECDSA public/private key and AES symmetric key.
+ * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside
+ * key manager during storing keys.
+ * @remarks Some private key files are protected by a password. If raw_key in key read from those
+ * encrypted files is encrypted with a password, the password should be provided in the
+ * #ckmc_key_s structure.
+ * @remarks If password in policy is provided, the key is additionally encrypted with the password
+ * in policy.
+ *
+ * @param[in] alias The name of a key to be stored
+ * @param[in] key The key's binary value to be stored
+ * @param[in] policy The policy about how to store a key securely
+ *
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_remove_alias()
* @see ckmc_get_key()
* @see ckmc_get_key_alias_list()
* @see #ckmc_key_s
int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
/**
- * @brief Removes a key from key manager
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
+ * @brief Removes a key from key manager.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks a client can remove only keys stored by the client.
+ * @remarks To remove key, client must have remove permission to the specified key.
+ * @remarks The key owner can remove by default.
+ *
+ * @param[in] alias The name of a key to be removed
*
- * @param[in] alias the name of a key to be removed
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_key()
* @see ckmc_get_key()
int ckmc_remove_key(const char *alias);
/**
- * @brief Gets a key from key manager
+ * @brief Gets a key from key manager.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
- * @remarks A newly created ppkey should be destroyed by calling ckmc_key_free() if it is no longer needed.
+ * @remarks A client can access only data stored by the client.
+ * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no
+ * longer needed.
+ *
+ * @param[in] alias The name of a key to retrieve
+ * @param[in] password The password used in decrypting a key value \n
+ * If password of policy is provided in ckmc_save_key(), the same password
+ * should be provided.
+ * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
*
- * @param[in] alias the name of a key to retrieve
- * @param[in] password used in decrypting a key value. If password of policy is provided in ckmc_save_key(), the same password should be provided.
- * @param[out] ppkey a pointer to a newly created ckmc_key_s handle
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
- * @retval #CKMC_ERROR_NOT_EXPORTABLE a key is not exportable and could not be returned to client
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_key()
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
* @see ckmc_get_key_alias_list()
*/
int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
/**
- * @brief Gets a all alias of keys to which the client can access
+ * @brief Gets all the alias of keys that the client can access.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
- * @remarks A newly created ppalias_list should be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
+ * @remarks A client can access only data stored by the client.
+ * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
+ * if it is no longer needed.
+ *
+ * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
+ * available alias of keys \n
+ * If there is no available key alias, *ppalias_list will be null.
*
- * @param[out] ppalias_list a pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys. If there is no available key alias, *ppalias_list will be null.
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_key()
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
* @see ckmc_get_key()
*/
int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @param[in] alias the name of a certificate to be stored
- * @param[in] cert a certificate's binary value to be stored.
- * @param[in] policy about how to store a certificate securely.
+ * @remarks the certificate's binary value will be converted and saved as binary DER encoded
+ * certificates.
+ *
+ * @param[in] alias The name of a certificate to be stored
+ * @param[in] cert The certificate's binary value to be stored
+ * @param[in] policy The policy about how to store a certificate securely
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ALIAS_EXISTS alias already exists.
- * @retval #CKMC_ERROR_INVALID_FORMAT the format of raw_cert is not valid.
- * @retval #CKMC_ERROR_DB_ERROR failed due to other DB transaction unexpectedly.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @see ckmc_remove_cert()
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_remove_alias()
* @see ckmc_get_cert()
* @see ckmc_get_cert_alias_list()
* @see #ckmc_cert_s
int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
/**
- * @brief Removes a certificate from key manager
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
+ * @brief Removes a certificate from key manager.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks a client can remove only certificates stored by the client.
+ * @remarks To remove certificate, client must have remove permission to the specified certificate.
+ * @remarks The key owner can remove by default.
+ *
+ * @param[in] alias The name of a certificate to be removed
*
- * @param[in] alias the name of a certificate to be removed
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_cert()
* @see ckmc_get_cert()
int ckmc_remove_cert(const char *alias);
/**
- * @brief Gets a certificate from key manager
+ * @brief Gets a certificate from key manager.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks a client can access only certificate stored by the client and non-restricted certificate stored by other clients.
- * @remarks A newly created ppcert should be destroyed by calling ckmc_cert_free() if it is no longer needed.
+ * @remarks A client can access only certificate stored by the client.
+ * @remarks A DER encoded certificate will be returned as a return value.
+ * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no
+ * longer needed.
*
- * @param[in] alias the name of a certificate to retrieve
- * @param[in] password used in decrypting a certificate value. If password of policy is provided in ckmc_save_cert(), the same password should be provided.
- * @param[out] ppcert a pointer to a newly created ckmc_cert_s handle
+ * @param[in] alias The name of a certificate to retrieve
+ * @param[in] password The password used in decrypting a certificate value \n
+ * If password of policy is provided in ckmc_save_cert(), the same password
+ * should be provided.
+ * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
- * @retval #CKMC_ERROR_NOT_EXPORTABLE a certification is not exportable and could not be returned to client
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_cert()
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
* @see ckmc_get_cert_alias_list()
*/
int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
/**
- * @brief Gets a all alias of certificates to which the client can access
+ * @brief Gets all alias of certificates which the client can access.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
- * @remarks A newly created ppalias_list should be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
+ * @remarks A client can access only data stored by the client.
+ * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
+ * if it is no longer needed.
+ *
+ * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
+ * available alias of keys \n
+ * If there is no available key alias, *ppalias_list will be null.
*
- * @param[out] ppalias_list a pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys. If there is no available key alias, *ppalias_list will be null.
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_cert()
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
* @see ckmc_get_cert()
*/
int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
/**
+ * @brief Stores PKCS12's contents inside key manager based on the provided policies.
+ * All items from the PKCS12 will use the same alias.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @param[in] alias The name of a data to be stored
+ * @param[in] pkcs Pointer to the pkcs12 structure to be saved
+ * @param[in] key_policy The policy about how to store pkcs's private key
+ * @param[in] cert_policy The policy about how to store pkcs's certificate
+ *
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_remove_alias()
+ * @see ckmc_get_pkcs12()
+ * @see ckmc_get_data_alias_list()
+ * @see ckmc_pkcs12_load()
+ * @see #ckmc_pkcs12_s
+ * @see #ckmc_policy_s
+ */
+int ckmc_save_pkcs12(const char *alias,
+ const ckmc_pkcs12_s *pkcs,
+ const ckmc_policy_s key_policy,
+ const ckmc_policy_s cert_policy);
+
+/**
+ * @brief Gets a pkcs12 from key manager.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks A client can access only data stored by the client.
+ * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
+ * longer needed.
+ *
+ * @param[in] alias The name of a data to retrieve
+ * @param[in] key_password Password that was used to encrypt privateKey (may be NULL)
+ * @param[in] cert_password Password used to encrypt certificates (may be NULL)
+ * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
+ *
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * key_password or cert_password does not match with password
+ * used to encrypt data
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_save_pkcs12()
+ * @see ckmc_remove_alias()
+ */
+int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12);
+
+/**
* @brief Stores a data inside key manager based on the provided policy.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @param[in] alias the name of a data to be stored
- * @param[in] data a binary value to be stored.
- * @param[in] policy about how to store a data securely.
+ * @param[in] alias The name of a data to be stored
+ * @param[in] data The binary value to be stored
+ * @param[in] policy The policy about how to store a data securely
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ALIAS_EXISTS alias already exists.
- * @retval #CKMC_ERROR_DB_ERROR failed due to other DB transaction unexpectedly.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @see ckmc_remove_data()
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_remove_alias()
* @see ckmc_get_data()
* @see ckmc_get_data_alias_list()
* @see #ckmc_raw_buffer_s
int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
/**
- * @brief Removes a data from key manager
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
+ * @brief Removes a data from key manager.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks a client can remove only data stored by the client.
+ * @remarks To remove data, client must have remove permission to the specified data object.
+ * @remarks The data owner can remove by default.
+ *
+ * @param[in] alias The name of a data to be removed
*
- * @param[in] alias the name of a data to be removed
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_data()
* @see ckmc_get_data()
int ckmc_remove_data(const char *alias);
/**
- * @brief Gets a data from key manager
+ * @brief Gets a data from key manager.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
- * @remarks A newly created ppdata should be destroyed by calling ckmc_buffer_free() if it is no longer needed.
- *
- * @param[in] alias the name of a data to retrieve
- * @param[in] password used in decrypting a data value. If password of policy is provided in ckmc_save_data(), the same password should be provided.
- * @param[out] ppdata a pointer to a newly created ckmc_raw_buffer_s handle
- *
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
- * @retval #CKMC_ERROR_NOT_EXPORTABLE data is not exportable and could not be returned to client
- *
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @remarks A client can access only data stored by the client.
+ * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no
+ * longer needed.
+ *
+ * @param[in] alias The name of a data to retrieve
+ * @param[in] password The password used in decrypting a data value \n
+ * If password of policy is provided in ckmc_save_data(), the same password
+ * should be provided.
+ * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
+ *
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_data()
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
* @see ckmc_get_data_alias_list()
*/
int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
/**
- * @brief Gets a all alias of data to which the client can access
+ * @brief Gets all alias of data which the client can access.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
- * @remarks A newly created ppalias_list should be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
+ * @remarks A client can access only data stored by the client.
+ * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
+ * if it is no longer needed.
*
- * @param[out] ppalias_list a pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys. If there is no available key alias, *ppalias_list will be null.
+ * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
+ * available alias of keys \n
+ * If there is no available key alias, *ppalias_list will be null.
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_data()
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
* @see ckmc_get_data()
*/
int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
/**
- * @brief Creates RSA private/public key pair and stores them inside key manager based on each policy.
+ * @brief Creates RSA private/public key pair and stores them inside key manager based on each
+ * policy.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks if password in policy is provided, the key is additionally encrypted with the password in policy.
+ * @remarks If password in policy is provided, the key is additionally encrypted with the password
+ * in policy.
+ *
+ * @param[in] size The size of key strength to be created \n
+ * @c 1024, @c 2048, and @c 4096 are supported.
+ * @param[in] private_key_alias The name of private key to be stored
+ * @param[in] public_key_alias The name of public key to be stored
+ * @param[in] policy_private_key The policy about how to store a private key securely
+ * @param[in] policy_public_key The policy about how to store a public key securely
*
- * @param[in] size the size of key strength to be created. 1024, 2048, and 4096 are supported.
- * @param[in] private_key_alias the name of private key to be stored.
- * @param[in] public_key_alias the name of public key to be stored.
- * @param[in] policy_private_key about how to store a private key securely.
- * @param[in] policy_public_key about how to store a public key securely.
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ALIAS_EXISTS alias already exists.
- * @retval #CKMC_ERROR_DB_ERROR failed due to other DB transaction unexpectedly.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
+ * @see ckmc_create_key_pair_dsa()
* @see ckmc_create_key_pair_ecdsa()
* @see ckmc_create_signature()
* @see ckmc_verify_signature()
*/
-int ckmc_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key);
+int ckmc_create_key_pair_rsa(const size_t size,
+ const char *private_key_alias,
+ const char *public_key_alias,
+ const ckmc_policy_s policy_private_key,
+ const ckmc_policy_s policy_public_key);
/**
- * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
+ * @brief Creates DSA private/public key pair and stores them inside key manager based on each
+ * policy.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks if password in policy is provided, the key is additionally encrypted with the password in policy.
+ * @remarks If password in policy is provided, the key is additionally encrypted with the password
+ * in policy.
+ *
+ * @param[in] size The size of key strength to be created \n
+ * @c 1024, @c 2048, @c 3072 and @c 4096 are supported.
+ * @param[in] private_key_alias The name of private key to be stored
+ * @param[in] public_key_alias The name of public key to be stored
+ * @param[in] policy_private_key The policy about how to store a private key securely
+ * @param[in] policy_public_key The policy about how to store a public key securely
*
- * @param[in] type the type of eliptic curve of ECDSA.
- * @param[in] private_key_alias the name of private key to be stored.
- * @param[in] public_key_alias the name of public key to be stored.
- * @param[in] policy_private_key about how to store a private key securely.
- * @param[in] policy_public_key about how to store a public key securely.
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ALIAS_EXISTS alias already exists.
- * @retval #CKMC_ERROR_DB_ERROR failed due to other DB transaction unexpectedly.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_create_key_pair_rsa()
+ * @see ckmc_create_key_pair_ecdsa()
* @see ckmc_create_signature()
* @see ckmc_verify_signature()
- * @see #ckmc_ec_type_e
*/
-int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key);
+int ckmc_create_key_pair_dsa(const size_t size,
+ const char *private_key_alias,
+ const char *public_key_alias,
+ const ckmc_policy_s policy_private_key,
+ const ckmc_policy_s policy_public_key);
/**
- * @brief Creates a signature on a given message using a private key and returns the signature
+ * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
+ * policy.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks If password of policy is provided during storing a key, the same password should be provided.
- * @remarks A newly created ppsignature should be destroyed by calling ckmc_buffer_free() if it is no longer needed.
+ * @remarks If password in policy is provided, the key is additionally encrypted with the password
+ * in policy.
*
+ * @param[in] type The type of elliptic curve of ECDSA
+ * @param[in] private_key_alias The name of private key to be stored
+ * @param[in] public_key_alias The name of public key to be stored
+ * @param[in] policy_private_key The policy about how to store a private key securely
+ * @param[in] policy_public_key The policy about how to store a public key securely
*
- * @param[in] private_key_alias the name of private key.
- * @param[in] password used in decrypting a private key value.
- * @param[in] message signed with a private key .
- * @param[in] hash the hash algorithm used in creating signature.
- * @param[in] padding the RSA padding algorithm used in creating signature. It is used only when the signature algorithm is RSA.
- * @param[out] ppsignature a pointer to a newly created signature's. If an error occurs, *ppsignature will be null.
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @return 0 on success, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_create_key_pair_rsa()
- * @see ckmc_create_key_pair_ecdsa()
+ * @see ckmc_create_key_pair_dsa()
+ * @see ckmc_create_signature()
* @see ckmc_verify_signature()
- * @see ckmc_buffer_free()
- * @see #ckmc_hash_algo_e
- * @see #ckmc_rsa_padding_algo_e
+ * @see #ckmc_ec_type_e
*/
-int ckmc_create_signature(const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature);
+int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
+ const char *private_key_alias,
+ const char *public_key_alias,
+ const ckmc_policy_s policy_private_key,
+ const ckmc_policy_s policy_public_key);
/**
- * @brief Verifies a given signature on a given message using a public key and returns the signature status.
+ * @brief Creates AES key and stores it inside key manager based on the policy.
*
- * @since_tizen 2.3
+ * @since_tizen 3.0
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks If password of policy is provided during storing a key, the same password should be provided.
+ * @remarks If password in policy is provided, the key is additionally encrypted with the password
+ * in policy.
+ *
+ * @param[in] size The size of key strength to be created. \n
+ * @c 128, @c 192 and @c 256 are supported.
+ * @param[in] key_alias The name of key to be stored
+ * @param[in] key_policy The policy about how to store the key securely
*
- * @param[in] public_key_alias the name of public key.
- * @param[in] password used in decrypting a public key value.
- * @param[in] message a input on which the signature is created.
- * @param[in] signature verified with public key.
- * @param[in] hash the hash algorithm used in verifying signature.
- * @param[in] padding the RSA padding algorithm used in verifying signature. It is used only when the signature algorithm is RSA.
+ * @return @c 0 on success,
+ * otherwise a negative error value
*
- * @return 0 on success and the signature is valid, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_VERIFICATION_FAILED the signature is invalid
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_create_key_pair_rsa()
+ * @see ckmc_create_key_pair_dsa()
+ * @see ckmc_create_key_pair_ecdsa()
+ */
+int ckmc_create_key_aes(const size_t size,
+ const char *key_alias,
+ const ckmc_policy_s key_policy);
+
+/**
+ * @brief Creates a signature on a given message using a private key and returns the signature.
+ *
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks If password of policy is provided during storing a key, the same password should be
+ * provided.
+ * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is
+ * no longer needed.
+ *
+ * @param[in] private_key_alias The name of private key
+ * @param[in] password The password used in decrypting a private key value
+ * @param[in] message The message that is signed with a private key
+ * @param[in] hash The hash algorithm used in creating signature
+ * @param[in] padding The RSA padding algorithm used in creating signature \n
+ * It is used only when the signature algorithm is RSA.
+ * @param[out] ppsignature The pointer to a newly created signature \n
+ * If an error occurs, @a *ppsignature will be null.
+ *
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_create_key_pair_rsa()
* @see ckmc_create_key_pair_ecdsa()
* @see ckmc_verify_signature()
+ * @see ckmc_buffer_free()
* @see #ckmc_hash_algo_e
* @see #ckmc_rsa_padding_algo_e
*/
-int ckmc_verify_signature(const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding);
+int ckmc_create_signature(const char *private_key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s message,
+ const ckmc_hash_algo_e hash,
+ const ckmc_rsa_padding_algo_e padding,
+ ckmc_raw_buffer_s **ppsignature);
/**
- * @brief Verifies a certificate chain and return that chain.
+ * @brief Verifies a given signature on a given message using a public key and returns the signature
+ * status.
*
* @since_tizen 2.3
* @privlevel public
- * @privilege %http://tizen.orckmc_buffer_freeg/privilege/keymanager
+ * @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks The trusted root certificate of the chain should exist in the system's certificate storage.
- * @remarks A newly created ppcert_chain_list should be destroyed by calling ckmc_cert_list_all_free() if it is no longer needed.
+ * @remarks If password of policy is provided during storing a key, the same password should be
+ * provided.
+ *
+ * @param[in] public_key_alias The name of public key
+ * @param[in] password The password used in decrypting a public key value
+ * @param[in] message The input on which the signature is created
+ * @param[in] signature The signature that is verified with public key
+ * @param[in] hash The hash algorithm used in verifying signature
+ * @param[in] padding The RSA padding algorithm used in verifying signature \n
+ * It is used only when the signature algorithm is RSA.
+ *
+ * @return @c 0 on success and the signature is valid,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @param[in] cert the certificate to be verified
- * @param[in] untrustedcerts the untrusted CA certificates to be used in verifying a certificate chain.
- * @param[out] ppcert_chain_list a pointer to a newly created certificate chain's handle. If an error occurs, *ppcert_chain_list will be null.
+ * @see ckmc_create_key_pair_rsa()
+ * @see ckmc_create_key_pair_ecdsa()
+ * @see ckmc_verify_signature()
+ * @see #ckmc_hash_algo_e
+ * @see #ckmc_rsa_padding_algo_e
+ */
+int ckmc_verify_signature(const char *public_key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s message,
+ const ckmc_raw_buffer_s signature,
+ const ckmc_hash_algo_e hash,
+ const ckmc_rsa_padding_algo_e padding);
+
+/**
+ * @brief Verifies a certificate chain and returns that chain.
*
- * @return 0 on success and the signature is valid, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_VERIFICATION_FAILED the certificate chain is not valid
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_INVALID_FORMAT the format of certificate is not valid.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @remarks The trusted root certificate of the chain should exist in the system's certificate
+ * storage.
+ * @remarks You must destroy the newly created @a ppcert_chain_list by calling
+ * ckmc_cert_list_all_free() if it is no longer needed.
+ *
+ * @param[in] cert The certificate to be verified
+ * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
+ * chain
+ * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
+ * If an error occurs, @a *ppcert_chain_list will be null.
+ *
+ * @return @c 0 on success and the signature is valid,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_get_cert_chain_with_alias())
* @see ckmc_cert_list_all_free()
*/
-int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list);
+int ckmc_get_cert_chain(const ckmc_cert_s *cert,
+ const ckmc_cert_list_s *untrustedcerts,
+ ckmc_cert_list_s **ppcert_chain_list);
/**
- * @brief Verifies a certificate chain using a alias list of untrusted certificates and return that chain.
+ * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
+ * chain.
*
* @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks The trusted root certificate of the chain should exist in the system's certificate storage.
- * @remarks A newly created ppcert_chain_list should be destroyed by calling ckmc_cert_list_all_free() if it is no longer needed.
+ * @remarks The trusted root certificate of the chain should exist in the system's certificate
+ * storage.
+ * @remarks You must destroy the newly created @a ppcert_chain_list by calling
+ * ckmc_cert_list_all_free() if it is no longer needed.
+ *
+ * @param[in] cert The certificate to be verified
+ * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
+ * to be used in verifying a certificate chain
+ * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
+ * If an error occurs, @a *ppcert_chain_list will be null.
+ *
+ * @return @c 0 on success and the signature is valid,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Some certificates were encrypted with password and could not
+ * be used.
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_get_cert_chain()
+ * @see ckmc_cert_list_all_free()
+ */
+int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
+ const ckmc_alias_list_s *untrustedcerts,
+ ckmc_cert_list_s **ppcert_chain_list);
+
+/**
+ * @brief Verifies a certificate chain and returns that chain using user entered trusted and
+ * untrusted CA certificates
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks If the trusted root certificates are provided as a user input, these certificates do not
+ * need to exist in the system's certificate storage.
+ * @remarks You must destroy the newly created @a ppcert_chain_list by calling
+ * ckmc_cert_list_all_free() if it is no longer needed.
+ * *
+ * @param[in] cert The certificate to be verified
+ * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a
+ * certificate chain
+ * @param[in] trustedcerts The trusted CA certificates to be used in verifying a
+ * certificate chain
+ * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
+ * in the system's certificate storage.
+ * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
+ * If an error occurs, @a *ppcert_chain_list will be null.
+ *
+ * @return @c 0 on success and the signature is valid,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_get_cert_chain_with_trustedcert_alias()
+ * @see ckmc_cert_list_all_free()
+ */
+int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
+ const ckmc_cert_list_s *untrustedcerts,
+ const ckmc_cert_list_s *trustedcerts,
+ const bool use_trustedsystemcerts,
+ ckmc_cert_list_s **ppcert_chain_list);
+
+/**
+ * @brief Verifies a certificate chain and returns that chain using alias lists of untrusted and
+ * trusted certificates
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks If the alias list of trusted root certificates is provided as a user input, these
+ * certificates do not need to exist in the system's certificate storage.
+ * @remarks You must destroy the newly created @a ppcert_chain_list by calling
+ * ckmc_cert_list_all_free() if it is no longer needed.
+ *
+ * @param[in] cert The certificate to be verified
+ * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key
+ * manager to be used in verifying a certificate chain
+ * @param[in] trustedcerts The alias list of trusted CA certificates stored in key
+ * manager to be used in verifying a certificate chain
+ * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
+ * in the system's certificate storage.
+ * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
+ * If an error occurs, @a *ppcert_chain_list will be null.
+ *
+ * @return @c 0 on success and the signature is valid,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Some certificates were encrypted with password and could not
+ * be used.
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_get_cert_chain_with_trustedcert()
+ * @see ckmc_cert_list_all_free()
+ */
+int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s *cert,
+ const ckmc_alias_list_s *untrustedcerts,
+ const ckmc_alias_list_s *trustedcerts,
+ const bool use_trustedsystemcerts,
+ ckmc_cert_list_s **ppcert_chain_list);
+
+/**
+ * @brief Perform OCSP which checks certificate is whether revoked or not
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check
+ * @param[out] ocsp_status The pointer to status result of OCSP check
*
- * @param[in] cert the certificate to be verified
- * @param[in] untrustedcerts an alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain.
- * @param[out] ppcert_chain_list a pointer to a newly created certificate chain's handle. If an error occurs, *ppcert_chain_list will be null.
+ * @return @c 0 on success, otherwise a negative error value
*
- * @return 0 on success and the signature is valid, otherwise a negative error value
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_VERIFICATION_FAILED the certificate chain is not valid
- * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
- * @retval #CKMC_ERROR_INVALID_FORMAT the format of certificate is not valid.
- * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported
*
- * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
+ * ckmc_get_certificate_chain_with_alias()
*
* @see ckmc_get_cert_chain())
* @see ckmc_cert_list_all_free()
*/
-int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list);
+int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
+/**
+ * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
+ * @brief Allows another application to access client's application data
+ *
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Data identified by @a alias should exist
+ *
+ * @param[in] alias Data alias for which access will be granted
+ * @param[in] accessor Package id of the application that will gain access rights
+ * @param[in] granted Rights granted for @a accessor application
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_deny_access()
+ */
+int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
+
+/**
+ * @brief Allows another application to access client's application data
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Data identified by @a alias should exist
+ *
+ * @param[in] alias Data alias for which access will be granted
+ * @param[in] accessor Package id of the application that will gain access rights
+ * @param[in] permissions Mask of permissions granted for @a accessor application
+ * (@a ckmc_permission_e)
+ * (previous permission mask will be replaced with the new mask value)
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ */
+int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
+
+/**
+ * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
+ * @brief Revokes another application's access to client's application data
+ *
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Data identified by @a alias should exist
+ * @remarks Only access previously granted with ckmc_allow_access can be revoked.
+ *
+ * @param[in] alias Data alias for which access will be revoked
+ * @param[in] accessor Package id of the application that will lose access rights
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
+ * have access to @a alias
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_allow_access()
+ * @see ckmc_set_permission()
+ */
+int ckmc_deny_access(const char *alias, const char *accessor);
+
+/**
+ * @brief Removes a an entry (no matter of type) from the key manager.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks To remove item, client must have remove permission to the specified item.
+ * @remarks The item owner can remove by default.
+ *
+ * @param[in] alias Item alias to be removed
+ *
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_save_key()
+ * @see ckmc_save_cert()
+ * @see ckmc_save_data()
+ * @see ckmc_save_pkcs12()
+ * @see ckmc_create_key_pair_rsa()
+ * @see ckmc_create_key_pair_dsa()
+ * @see ckmc_create_key_pair_ecdsa()
+ */
+int ckmc_remove_alias(const char *alias);
+
+/**
+ * @brief Encrypts data using selected key and algorithm.
+ *
+ * @since_tizen 3.0
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Key identified by @a key_alias should exist.
+ *
+ * @param[in] params Algorithm parameters
+ * @param[in] key_alias Alias of the key to be used for encryption
+ * @param[in] password The password used in decrypting a key value \n
+ * If password of policy is provided in ckmc_save_key(), the same
+ * password should be provided
+ * @param[in] decrypted Data to be encrypted
+ * @param[out] ppencrypted Encrypted data (some algorithms may return additional information
+ * embedded in encrypted data. AES GCM is an example) \n
+ * The caller is responsible for freeing ppencrypted with
+ * ckmc_buffer_free()
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Key decryption failed because password is incorrect
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_buffer_free()
+ * @see ckmc_param_list_new()
+ * @see ckmc_param_list_free()
+ * @see ckmc_param_list_add_integer()
+ * @see ckmc_param_list_add_buffer()
+ * @see ckmc_generate_params()
+ * @see #ckmc_param_list_s
+ * @see #ckmc_param_name_e
+ */
+int ckmc_encrypt_data(const ckmc_param_list_s *params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s decrypted,
+ ckmc_raw_buffer_s **ppencrypted);
+
+/**
+ * @brief Decrypts data using selected key and algorithm.
+ *
+ * @since_tizen 3.0
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Key identified by @a key_alias should exist.
+ *
+ * @param[in] params Algorithm parameters
+ * @param[in] key_alias Alias of the key to be used for encryption
+ * @param[in] password The password used in decrypting a key value \n
+ * If password of policy is provided in ckmc_save_key(), the same
+ * password should be provided
+ * @param[in] encrypted Data to be decrypted (some algorithms may require additional
+ * information embedded in encrypted data. AES GCM is an example)
+ * @param[out] ppdecrypted Decrypted data \n
+ * The caller is responsible for freeing ppdecrypted with
+ * ckmc_buffer_free()
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Key decryption failed because password is incorrect
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_buffer_free()
+ * @see ckmc_param_list_new()
+ * @see ckmc_param_list_free()
+ * @see ckmc_param_list_add_integer()
+ * @see ckmc_param_list_add_buffer()
+ * @see ckmc_generate_params()
+ * @see #ckmc_param_list_s
+ * @see #ckmc_param_name_e
+ */
+int ckmc_decrypt_data(const ckmc_param_list_s *params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s encrypted,
+ ckmc_raw_buffer_s **ppdecrypted);
#ifdef __cplusplus
}