*/
/**
+ * alias can be provided as an alias alone, or together with label - in this
+ * case, separator " " (space bar) is used to separate label and alias.
+ * @see key-manager_doc.h
+ */
+extern char const * const ckmc_label_name_separator;
+
+/**
* @brief Enumeration for key types of key manager.
* @since_tizen 2.3
*/
CKMC_KEY_RSA_PRIVATE, /**< RSA private key */
CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */
CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */
+ CKMC_KEY_DSA_PUBLIC, /**< DSA public key */
+ CKMC_KEY_DSA_PRIVATE, /**< DSA private key */
+ CKMC_KEY_AES, /**< AES key */
} ckmc_key_type_e;
/**
* @since_tizen 2.3
*/
typedef enum __ckmc_hash_algo {
- CKMC_HASH_SHA1 = 0, /**< Hash Algorithm SHA1 */
+ CKMC_HASH_NONE = 0, /**< No Hash Algorithm */
+ CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */
CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */
CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */
CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */
* @since_tizen 2.3
*/
typedef enum __ckmc_rsa_padding_algo {
- CKMC_PKCS1_PADDING = 0, /**< PKCS#1 Padding */
+ CKMC_NONE_PADDING = 0, /**< No Padding */
+ CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */
CKMC_X931_PADDING /**< X9.31 padding */
} ckmc_rsa_padding_algo_e;
/**
+ * @brief Enumeration for database access rights.
+ * @since_tizen 2.3
+ */
+typedef enum __ckmc_access_right{
+ CKMC_AR_READ = 0, /**< access right for read*/
+ CKMC_AR_READ_REMOVE /**< access right for read and remove*/
+} ckmc_access_right_e;
+
+/**
* @brief the structure for binary buffer used in key manager CAPI.
* @since_tizen 2.3
*/
typedef struct __ckmc_raw_buff {
- unsigned char* data; /**< Byte array containing binary data */
- size_t size; /**< The size of the binary data */
+ unsigned char* data; /**< Byte array containing binary data */
+ size_t size; /**< The size of the binary data */
} ckmc_raw_buffer_s;
/**
* @since_tizen 2.3
*/
typedef struct __ckmc_policy {
- char* password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data(or key, or certificate) is stored encrypted with this password inside key manager */
- bool extractable; /**< If true key may be extracted from storage */
+ char* password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data(or key, or certificate) is stored encrypted with this password inside key manager */
+ bool extractable; /**< If true key may be extracted from storage */
} ckmc_policy_s;
/**
* @since_tizen 2.3
*/
typedef struct __ckmc_key {
- unsigned char* raw_key; /**< Byte array of key. raw_key may be encrypted with password */
- size_t key_size; /**< The byte size of raw_key */
- ckmc_key_type_e key_type; /**< The raw_key's type */
- char* password; /**< Byte array used to decrypt data raw_key inside key manager. */
+ unsigned char* raw_key; /**< Byte array of key. raw_key may be encrypted with password */
+ size_t key_size; /**< The byte size of raw_key */
+ ckmc_key_type_e key_type; /**< The raw_key's type */
+ char* password; /**< Byte array used to decrypt data raw_key inside key manager. */
} ckmc_key_s;
/**
* @since_tizen 2.3
*/
typedef struct __ckmc_cert {
- unsigned char* raw_cert; /**< Byte array of certificate */
- size_t cert_size; /**< Byte size of raw_cert */
- ckmc_data_format_e data_format; /**< Raw_cert's encoding format */
+ unsigned char* raw_cert; /**< Byte array of certificate */
+ size_t cert_size; /**< Byte size of raw_cert */
+ ckmc_data_format_e data_format; /**< Raw_cert's encoding format */
} ckmc_cert_s;
/**
* @since_tizen 2.3
*/
typedef struct __ckmc_alias_list {
- char *alias; /**< The name of key, certificate or data stored in key manager */
- struct __ckmc_alias_list *next; /**< The pointer pointing to the next ckmc_alias_list_s */
+ char *alias; /**< The name of key, certificate or data stored in key manager */
+ struct __ckmc_alias_list *next; /**< The pointer pointing to the next ckmc_alias_list_s */
} ckmc_alias_list_s;
/**
* @since_tizen 2.3
*/
typedef struct __ckmc_cert_list {
- ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */
- struct __ckmc_cert_list *next; /**< The pointer pointing to the next ckmc_cert_list_s */
+ ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */
+ struct __ckmc_cert_list *next; /**< The pointer pointing to the next ckmc_cert_list_s */
} ckmc_cert_list_s;
/**
+ * @brief The structure for PKCS12 used in key manager CAPI.
+ * @since_tizen 2.3
+ */
+typedef struct __ckmc_pkcs12 {
+ ckmc_key_s *priv_key; /**< private key, may be null */
+ ckmc_cert_s *cert; /**< certificate, may be null */
+ ckmc_cert_list_s *ca_chain; /**< chain certificates list, may be null */
+} ckmc_pkcs12_s;
+
+
+/**
* @internal
* @brief Creates a new @a ckmc_key_s handle and returns it.
*
*
* @see ckmc_cert_free()
* @see ckmc_load_cert_from_file()
- * @see ckmc_load_from_pkcs12_file
* @see #ckmc_cert_s
*/
int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size,
* @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
*
* @see ckmc_cert_free()
- * @see ckmc_load_from_pkcs12_file()
* @see #ckmc_cert_s
*/
int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert);
/**
+ * @brief Creates a new @a ckmc_pkcs12_s handle and returns it.
+ *
+ * @since_tizen 2.3
+ *
+ * @remarks You must destroy the newly created @a ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it is no longer needed.
+ * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly returned ckmc_pkcs12_s.
+ *
+ * @param[in] private_key @a ckmc_key_s handle to the private key (optional)
+ * @param[in] cert @a ckmc_cert_s handle to the certificate (optional)
+ * @param[in] ca_cert_list @a ckmc_cert_list_s list of chain certificate handles (optional)
+ * @param[out] pkcs12_bundle The pointer to a newly created @a ckmc_pkcs12_s handle
+ *
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and ca_cert_list all are null.
+ * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
+ *
+ * @see ckmc_pkcs12_free()
+ * @see ckmc_load_from_pkcs12_file()
+ * @see ckmc_load_from_pkcs12_file2()
+ * @see #ckmc_key_s
+ * @see #ckmc_cert_s
+ * @see #ckmc_cert_list_s
+ * @see #ckmc_pkcs12_s
+ */
+int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert,
+ ckmc_cert_list_s *ca_cert_list, ckmc_pkcs12_s **pkcs12_bundle);
+
+/**
+ * @deprecated, use @a ckmc_load_from_pkcs12_file2() instead
* @brief Creates a new @a ckmc_key_s(private key), @a ckmc_cert_s(certificate), and @a ckmc_cert_list_s(CA certificates) handle from a given PKCS#12 file and returns them.
*
* @since_tizen 2.3
* @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format
* @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
*
+ * @see ckmc_pkcs12_new()
+ * @see ckmc_load_from_pkcs12_file2()
* @see ckmc_key_free()
* @see ckmc_cert_free()
* @see ckmc_cert_list_all_free()
ckmc_cert_list_s **ca_cert_list);
/**
+ * @brief Creates a new @a ckmc_pkcs12_s handle from a given PKCS#12 file and returns it.
+ *
+ * @since_tizen 2.3
+ *
+ * @remarks You must destroy the newly created @a ckmc_pkcs12_s by calling ckmc_pkcs12_free() if they are no longer needed.
+ *
+ * @param[in] file_path The path of PKCS12 file to be loaded
+ * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n
+ * If PKCS12 file is not encrypted, passphrase can be null.
+ * @param[out] ca_cert_list The pointer of newly created @a ckmc_cert_list_s handle for CA certificates \n
+ * It is null if the PKCS12 file does not contain CA certificates.
+ *
+ * @return #CKMC_ERROR_NONE on success,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space
+ * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format
+ * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
+ *
+ * @see ckmc_pkcs12_free()
+ * @see #ckmc_pkcs12_s
+ */
+int ckmc_load_from_pkcs12_file2(const char *file_path, const char *passphrase, ckmc_pkcs12_s **pkcs12_bundle);
+
+/**
+ * @brief Destroys the @a ckmc_pkcs12_s handle and releases all its resources.
+ *
+ * @since_tizen 2.3
+ *
+ * @param[in] pkcs12 The @a ckmc_pkcs12_s handle to destroy
+ *
+ * @see ckmc_pkcs12_new()
+ * @see ckmc_load_from_pkcs12_file2()
+ */
+void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12);
+
+/**
* @internal
* @brief Creates a new @a ckmc_alias_list_s handle and returns it.
* The alias pointer in the returned @a ckmc_alias_list_s handle points to the provided characters and next is null.
projects / platform / core / security / key-manager.git / blobdiff