*
*
* @file ckmc-manager.h
- * @version 1.0
+ * @version 1.2
* @brief Provides management functions(storing, retrieving, and removing) for keys,
* certificates and data of a user and additional crypto functions.
*/
#define __TIZEN_CORE_CKMC_MANAGER_H
#include <stddef.h>
+#include <stdbool.h>
#include <sys/types.h>
#include <tizen.h>
-#include <ckmc/ckmc-type.h>
#include <ckmc/ckmc-error.h>
-
+#include <ckmc/ckmc-type.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Stores a key inside key manager based on the provided policy.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @param[in] key The key's binary value to be stored
* @param[in] policy The policy about how to store a key securely
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
* @see ckmc_get_key()
* @see ckmc_get_key_alias_list()
+ * @see ckmc_key_free()
* @see #ckmc_key_s
* @see #ckmc_policy_s
*/
int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
/**
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
* @brief Removes a key from key manager.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
*
* @param[in] alias The name of a key to be removed
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @see ckmc_save_key()
* @see ckmc_get_key()
* @see ckmc_get_key_alias_list()
+ * @see ckmc_remove_alias()
*/
int ckmc_remove_key(const char *alias);
/**
* @brief Gets a key from key manager.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @param[in] alias The name of a key to retrieve
* @param[in] password The password used in decrypting a key value \n
* If password of policy is provided in ckmc_save_key(), the same password
- * should be provided.
- * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
+ * should be provided
+ * @param[out] ppkey The pointer to a newly created #ckmc_key_s handle
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
* @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- * Decryption failed because password is incorrect.
+ * Decryption failed because password is incorrect
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_key()
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
* @see ckmc_get_key_alias_list()
+ * @see ckmc_key_free()
+ * @see #ckmc_key_s
*/
int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
/**
* @brief Gets all the alias of keys that the client can access.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
* if it is no longer needed.
*
- * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
+ * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle containing all
* available alias of keys \n
- * If there is no available key alias, *ppalias_list will be null.
+ * If there is no available key alias, @a *ppalias_list will be null
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_key()
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
* @see ckmc_get_key()
+ * @see ckmc_alias_list_all_free()
+ * @see #ckmc_alias_list_s
*/
int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
/**
* @brief Stores a certificate inside key manager based on the provided policy.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @param[in] cert The certificate's binary value to be stored
* @param[in] policy The policy about how to store a certificate securely
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
* @see ckmc_get_cert()
* @see ckmc_get_cert_alias_list()
* @see #ckmc_cert_s
int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
/**
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
* @brief Removes a certificate from key manager.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
*
* @param[in] alias The name of a certificate to be removed
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @see ckmc_save_cert()
* @see ckmc_get_cert()
* @see ckmc_get_cert_alias_list()
+ * @see ckmc_remove_alias()
*/
int ckmc_remove_cert(const char *alias);
/**
* @brief Gets a certificate from key manager.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @param[in] alias The name of a certificate to retrieve
* @param[in] password The password used in decrypting a certificate value \n
* If password of policy is provided in ckmc_save_cert(), the same password
- * should be provided.
- * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
+ * should be provided
+ * @param[out] ppcert The pointer to a newly created #ckmc_cert_s handle
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
* @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- * Decryption failed because password is incorrect.
+ * Decryption failed because password is incorrect
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_cert()
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
* @see ckmc_get_cert_alias_list()
+ * @see #ckmc_cert_s
*/
int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
/**
* @brief Gets all alias of certificates which the client can access.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
* if it is no longer needed.
*
- * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
+ * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle containing all
* available alias of keys \n
- * If there is no available key alias, *ppalias_list will be null.
+ * If there is no available key alias, @a *ppalias_list will be null
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_cert()
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
* @see ckmc_get_cert()
+ * @see ckmc_alias_list_all_free()
+ * @see #ckmc_alias_list_s
*/
int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
+
+/**
+ * @brief Stores PKCS12's contents inside key manager based on the provided policies.
+ * All items from the PKCS12 will use the same alias.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @param[in] alias The name of a data to be stored
+ * @param[in] pkcs Pointer to the pkcs12 structure to be saved
+ * @param[in] key_policy The policy about how to store pkcs's private key
+ * @param[in] cert_policy The policy about how to store pkcs's certificate
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_remove_alias()
+ * @see ckmc_get_pkcs12()
+ * @see ckmc_get_data_alias_list()
+ * @see ckmc_pkcs12_load()
+ * @see #ckmc_pkcs12_s
+ * @see #ckmc_policy_s
+ */
+int ckmc_save_pkcs12(const char *alias,
+ const ckmc_pkcs12_s *pkcs,
+ const ckmc_policy_s key_policy,
+ const ckmc_policy_s cert_policy);
+
+/**
+ * @brief Gets a pkcs12 from key manager.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks A client can access only data stored by the client.
+ * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
+ * longer needed.
+ *
+ * @param[in] alias The name of a data to retrieve
+ * @param[in] key_password Password that was used to encrypt privateKey (may be NULL)
+ * @param[in] cert_password Password used to encrypt certificates (may be NULL)
+ * @param[out] pkcs12 The pointer to a newly created #ckmc_pkcs12_s handle
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * keyPassword or certPassword does not match with password
+ * used to encrypt data
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_save_pkcs12()
+ * @see ckmc_remove_alias()
+ * @see ckmc_pkcs12_free()
+ * @see #ckmc_pkcs12_s
+ */
+int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12);
+
/**
* @brief Stores a data inside key manager based on the provided policy.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @param[in] data The binary value to be stored
* @param[in] policy The policy about how to store a data securely
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
* @see ckmc_get_data()
* @see ckmc_get_data_alias_list()
* @see #ckmc_raw_buffer_s
int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
/**
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
* @brief Removes a data from key manager.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
*
* @param[in] alias The name of a data to be removed
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @see ckmc_save_data()
* @see ckmc_get_data()
* @see ckmc_get_data_alias_list()
+ * @see ckmc_remove_alias()
*/
int ckmc_remove_data(const char *alias);
/**
* @brief Gets a data from key manager.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @param[in] alias The name of a data to retrieve
* @param[in] password The password used in decrypting a data value \n
* If password of policy is provided in ckmc_save_data(), the same password
- * should be provided.
- * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
+ * should be provided
+ * @param[out] ppdata The pointer to a newly created #ckmc_raw_buffer_s handle
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_data()
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
* @see ckmc_get_data_alias_list()
+ * @see ckmc_buffer_free()
+ * @see #ckmc_raw_buffer_s
*/
int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
/**
* @brief Gets all alias of data which the client can access.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
* if it is no longer needed.
*
- * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
+ * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle containing all
* available alias of keys \n
- * If there is no available key alias, *ppalias_list will be null.
+ * If there is no available key alias, @a *ppalias_list will be null
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_data()
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
* @see ckmc_get_data()
+ * @see ckmc_alias_list_all_free()
+ * @see #ckmc_alias_list_s
*/
int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
* @brief Creates RSA private/public key pair and stores them inside key manager based on each
* policy.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* in policy.
*
* @param[in] size The size of key strength to be created \n
- * @c 1024, @c 2048, and @c 4096 are supported.
+ * @c 1024, @c 2048, and @c 4096 are supported
* @param[in] private_key_alias The name of private key to be stored
* @param[in] public_key_alias The name of public key to be stored
* @param[in] policy_private_key The policy about how to store a private key securely
* @param[in] policy_public_key The policy about how to store a public key securely
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @see ckmc_create_key_pair_ecdsa()
* @see ckmc_create_signature()
* @see ckmc_verify_signature()
+ * @see #ckmc_policy_s
*/
int ckmc_create_key_pair_rsa(const size_t size,
const char *private_key_alias,
* @brief Creates DSA private/public key pair and stores them inside key manager based on each
* policy.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* in policy.
*
* @param[in] size The size of key strength to be created \n
- * @c 1024, @c 2048, @c 3072 and @c 4096 are supported.
+ * @c 1024, @c 2048, @c 3072 and @c 4096 are supported
* @param[in] private_key_alias The name of private key to be stored
* @param[in] public_key_alias The name of public key to be stored
* @param[in] policy_private_key The policy about how to store a private key securely
* @param[in] policy_public_key The policy about how to store a public key securely
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @see ckmc_create_key_pair_ecdsa()
* @see ckmc_create_signature()
* @see ckmc_verify_signature()
+ * @see #ckmc_policy_s
*/
int ckmc_create_key_pair_dsa(const size_t size,
const char *private_key_alias,
* @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
* policy.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @param[in] policy_private_key The policy about how to store a private key securely
* @param[in] policy_public_key The policy about how to store a public key securely
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @see ckmc_create_signature()
* @see ckmc_verify_signature()
* @see #ckmc_ec_type_e
+ * @see #ckmc_policy_s
*/
int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
const char *private_key_alias,
/**
* @brief Creates a signature on a given message using a private key and returns the signature.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @param[in] message The message that is signed with a private key
* @param[in] hash The hash algorithm used in creating signature
* @param[in] padding The RSA padding algorithm used in creating signature \n
- * It is used only when the signature algorithm is RSA.
+ * It is used only when the signature algorithm is RSA
* @param[out] ppsignature The pointer to a newly created signature \n
- * If an error occurs, @a *ppsignature will be null.
+ * If an error occurs, @a *ppsignature will be null
*
- * @return @c 0 on success,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
* @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- * Decryption failed because password is incorrect.
+ * Decryption failed because password is incorrect
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_create_key_pair_ecdsa()
* @see ckmc_verify_signature()
* @see ckmc_buffer_free()
+ * @see #ckmc_raw_buffer_s
* @see #ckmc_hash_algo_e
* @see #ckmc_rsa_padding_algo_e
*/
* @brief Verifies a given signature on a given message using a public key and returns the signature
* status.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @param[in] signature The signature that is verified with public key
* @param[in] hash The hash algorithm used in verifying signature
* @param[in] padding The RSA padding algorithm used in verifying signature \n
- * It is used only when the signature algorithm is RSA.
+ * It is used only when the signature algorithm is RSA
*
- * @return @c 0 on success and the signature is valid,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
* @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- * Decryption failed because password is incorrect.
+ * Decryption failed because password is incorrect
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_create_key_pair_rsa()
+ * @see ckmc_create_key_pair_dsa()
* @see ckmc_create_key_pair_ecdsa()
- * @see ckmc_verify_signature()
+ * @see #ckmc_raw_buffer_s
* @see #ckmc_hash_algo_e
* @see #ckmc_rsa_padding_algo_e
*/
/**
* @brief Verifies a certificate chain and returns that chain.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @remarks You must destroy the newly created @a ppcert_chain_list by calling
* ckmc_cert_list_all_free() if it is no longer needed.
*
- * @param[in] cert The certificate to be verified
- * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
+ * @param[in] cert The certificate to be verified
+ * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
* chain
* @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
- * If an error occurs, @a *ppcert_chain_list will be null.
+ * If an error occurs, @a *ppcert_chain_list will be null
*
- * @return @c 0 on success and the signature is valid,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
* @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
* @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- * Decryption failed because password is incorrect.
+ * Decryption failed because password is incorrect
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_get_cert_chain_with_alias())
* @see ckmc_cert_list_all_free()
+ * @see #ckmc_cert_list_s
*/
int ckmc_get_cert_chain(const ckmc_cert_s *cert,
const ckmc_cert_list_s *untrustedcerts,
ckmc_cert_list_s **ppcert_chain_list);
/**
+ * @deprecated Deprecated since 2.4. [Use ckmc_get_cert_chain() instead]
* @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
* chain.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* storage.
* @remarks You must destroy the newly created @a ppcert_chain_list by calling
* ckmc_cert_list_all_free() if it is no longer needed.
+ * @remarks @a untrustedcerts shouldn't be protected with optional password.
*
- * @param[in] cert The certificate to be verified
- * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
+ * @param[in] cert The certificate to be verified
+ * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
* to be used in verifying a certificate chain
* @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
- * If an error occurs, @a *ppcert_chain_list will be null.
+ * If an error occurs, @a *ppcert_chain_list will be null
*
- * @return @c 0 on success and the signature is valid,
- * otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
* @retval #CKMC_ERROR_AUTHENTICATION_FAILED
* Some certificates were encrypted with password and could not
- * be used.
+ * be used
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_get_cert_chain()
* @see ckmc_cert_list_all_free()
+ * @see #ckmc_cert_s
+ * @see #ckmc_alias_list_s
+ * @see #ckmc_cert_list_s
*/
int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
const ckmc_alias_list_s *untrustedcerts,
ckmc_cert_list_s **ppcert_chain_list);
+/**
+ * @brief Verifies a certificate chain and returns that chain using user entered trusted and
+ * untrusted CA certificates.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks If the trusted root certificates are provided as a user input, these certificates do not
+ * need to exist in the system's certificate storage.
+ * @remarks You must destroy the newly created @a ppcert_chain_list by calling
+ * ckmc_cert_list_all_free() if it is no longer needed.
+ *
+ * @param[in] cert The certificate to be verified
+ * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a
+ * certificate chain
+ * @param[in] trustedcerts The trusted CA certificates to be used in verifying a
+ * certificate chain
+ * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
+ * in the system's certificate storage
+ * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
+ * If an error occurs, @a *ppcert_chain_list will be null
+ *
+ * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_cert_list_all_free()
+ * @see #ckmc_cert_s
+ * @see #ckmc_cert_list_s
+ */
+int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
+ const ckmc_cert_list_s *untrustedcerts,
+ const ckmc_cert_list_s *trustedcerts,
+ const bool use_trustedsystemcerts,
+ ckmc_cert_list_s **ppcert_chain_list);
+
+/**
+ * @brief Perform OCSP which checks certificate is whether revoked or not.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check
+ * @param[out] ocsp_status The pointer to status result of OCSP check
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
+ * ckmc_get_certificate_chain_with_alias().
+ *
+ * @see ckmc_get_cert_chain()
+ * @see ckmc_get_cert_chain_with_alias()
+ * @see ckmc_get_cert_chain_with_trustedcert()
+ * @see ckmc_cert_list_all_free()
+ * @see #ckmc_cert_list_s
+ * @see #ckmc_ocsp_status_e
+ */
+int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
/**
- * @brief Allows another application to access client's application data
+ * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
+ * @brief Allows another application to access client's application data.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks Data identified by @a alias should exist
+ * @remarks Data identified by @a alias should exist.
*
* @param[in] alias Data alias for which access will be granted
* @param[in] accessor Package id of the application that will gain access rights
* @param[in] granted Rights granted for @a accessor application
*
- * @return @c 0 on success, otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_deny_access()
+ * @see ckmc_set_permission()
+ * @see #ckmc_access_right_e
*/
int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
+/**
+ * @brief Allows another application to access client's application data.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Data identified by @a alias should exist.
+ *
+ * @param[in] alias Data alias for which access will be granted
+ * @param[in] accessor Package id of the application that will gain access rights
+ * @param[in] permissions Mask of #ckmc_permission_e granted for @a accessor application \n
+ * Previous permission mask will be replaced with the new mask value
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see #ckmc_permission_e
+ */
+int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
/**
- * @brief Revokes another application's access to client's application data
+ * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
+ * @brief Revokes another application's access to client's application data.
*
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks Data identified by @a alias should exist
- * @remarks Only access previously granted with ckmc_allow_access can be revoked.
+ * @remarks Data identified by @a alias should exist.
+ * @remarks Only access previously granted with ckmc_allow_access() can be revoked.
*
* @param[in] alias Data alias for which access will be revoked
* @param[in] accessor Package id of the application that will lose access rights
*
- * @return @c 0 on success, otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_allow_access()
+ * @see ckmc_set_permission()
*/
int ckmc_deny_access(const char *alias, const char *accessor);
+/**
+ * @brief Removes a an entry (no matter of type) from the key manager.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks To remove item, client must have remove permission to the specified item.
+ * @remarks The item owner can remove by default.
+ *
+ * @param[in] alias Item alias to be removed
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_save_key()
+ * @see ckmc_save_cert()
+ * @see ckmc_save_data()
+ * @see ckmc_save_pkcs12()
+ * @see ckmc_create_key_pair_rsa()
+ * @see ckmc_create_key_pair_dsa()
+ * @see ckmc_create_key_pair_ecdsa()
+ */
+int ckmc_remove_alias(const char *alias);
+
#ifdef __cplusplus
}
#endif