X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Finclude%2Fckm%2Fckm-manager.h;h=defe6ce07eae1e2726f5b73cca98de384200fb87;hb=c36626103cad463618e75f57abca98919842fa71;hp=a4ad4e14669b876603a82c5c2741f060fb08161a;hpb=e0ef338b740caf2501c07e03893f32ad3fb66449;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git diff --git a/src/include/ckm/ckm-manager.h b/src/include/ckm/ckm-manager.h index a4ad4e1..defe6ce 100644 --- a/src/include/ckm/ckm-manager.h +++ b/src/include/ckm/ckm-manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,7 +16,7 @@ * * @file ckm-manager.h * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 + * @version 2.0 * @brief Main header file for client library. */ #pragma once @@ -38,104 +38,156 @@ typedef std::shared_ptr ManagerShPtr; class KEY_MANAGER_API Manager { public: - virtual ~Manager(){} - - virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0; - virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0; - virtual int savePKCS12( - const Alias &alias, - const PKCS12ShPtr &pkcs, - const Policy &keyPolicy, - const Policy &certPolicy) = 0; - - /* - * Data must be extractable. If you set extractable bit to false function will - * return ERROR_INPUT_PARAM. - */ - virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0; - - virtual int removeAlias(const Alias &alias) = 0; - - virtual int getKey(const Alias &alias, const Password &password, KeyShPtr &key) = 0; - virtual int getCertificate( - const Alias &alias, - const Password &password, - CertificateShPtr &certificate) = 0; - virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0; - virtual int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) = 0; - virtual int getPKCS12( - const Alias &alias, - const Password &keyPass, - const Password &certPass, - PKCS12ShPtr &pkcs) = 0; - - // send request for list of all keys/certificates/data that application/user may use - virtual int getKeyAliasVector(AliasVector &aliasVector) = 0; - virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0; - virtual int getDataAliasVector(AliasVector &aliasVector) = 0; - - virtual int createKeyPairRSA( - const int size, // size in bits [1024, 2048, 4096] - const Alias &privateKeyAlias, - const Alias &publicKeyAlias, - const Policy &policyPrivateKey = Policy(), - const Policy &policyPublicKey = Policy()) = 0; - - virtual int createKeyPairDSA( - const int size, // size in bits [1024, 2048, 3072, 4096] - const Alias &privateKeyAlias, - const Alias &publicKeyAlias, - const Policy &policyPrivateKey = Policy(), - const Policy &policyPublicKey = Policy()) = 0; - - virtual int createKeyPairECDSA( - const ElipticCurve type, - const Alias &privateKeyAlias, - const Alias &publicKeyAlias, - const Policy &policyPrivateKey = Policy(), - const Policy &policyPublicKey = Policy()) = 0; - - virtual int getCertificateChain( - const CertificateShPtr &certificate, - const CertificateShPtrVector &untrustedCertificates, - const CertificateShPtrVector &trustedCertificates, - bool useTrustedSystemCertificates, - CertificateShPtrVector &certificateChainVector) = 0; - - virtual int getCertificateChain( - const CertificateShPtr &certificate, - const AliasVector &untrustedCertificates, - const AliasVector &trustedCertificates, - bool useTrustedSystemCertificates, - CertificateShPtrVector &certificateChainVector) = 0; - - virtual int createSignature( - const Alias &privateKeyAlias, - const Password &password, // password for private_key - const RawBuffer &message, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding, - RawBuffer &signature) = 0; - - virtual int verifySignature( - const Alias &publicKeyOrCertAlias, - const Password &password, // password for public_key (optional) - const RawBuffer &message, - const RawBuffer &signature, - const HashAlgorithm hash, - const RSAPaddingAlgorithm padding) = 0; - - // This function will check all certificates in chain except Root CA. - // This function will delegate task to service. You may use this even - // if application does not have permission to use network. - virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0; - - virtual int setPermission(const Alias &alias, const Label &accessor, PermissionMask permissionMask) = 0; - - - static ManagerShPtr create(); -// static ManagerShPtr getManager(int uid); // TODO + class Impl; + + Manager(); + Manager(const Manager &) = delete; + Manager &operator=(const Manager &) = delete; + + virtual ~Manager(); + + int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy); + int saveCertificate(const Alias &alias, const CertificateShPtr &cert, + const Policy &policy); + int savePKCS12( + const Alias &alias, + const PKCS12ShPtr &pkcs, + const Policy &keyPolicy, + const Policy &certPolicy); + + int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy); + + int removeAlias(const Alias &alias); + + int getKey(const Alias &alias, const Password &password, KeyShPtr &key); + int getCertificate( + const Alias &alias, + const Password &password, + CertificateShPtr &certificate); + int getData(const Alias &alias, const Password &password, RawBuffer &data); + int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs); + int getPKCS12( + const Alias &alias, + const Password &keyPass, + const Password &certPass, + PKCS12ShPtr &pkcs); + + // send request for list of all keys/certificates/data that application/user may use + int getKeyAliasVector(AliasVector &aliasVector); + int getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector); + int getKeyEncryptionStatus(const Alias &alias, bool &status); + int getCertificateAliasVector(AliasVector &aliasVector); + int getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector); + int getCertificateEncryptionStatus(const Alias &alias, bool &status); + int getDataAliasVector(AliasVector &aliasVector); + int getDataAliasPwdVector(AliasPwdVector &aliasPwdVector); + int getDataEncryptionStatus(const Alias &alias, bool &status); + + int createKeyPairRSA( + const int size, // size in bits [1024, 2048, 4096] + const Alias &privateKeyAlias, + const Alias &publicKeyAlias, + const Policy &policyPrivateKey = Policy(), + const Policy &policyPublicKey = Policy()); + + int createKeyPairDSA( + const int size, // size in bits [1024, 2048, 3072, 4096] + const Alias &privateKeyAlias, + const Alias &publicKeyAlias, + const Policy &policyPrivateKey = Policy(), + const Policy &policyPublicKey = Policy()); + + int createKeyPairECDSA( + const ElipticCurve type, + const Alias &privateKeyAlias, + const Alias &publicKeyAlias, + const Policy &policyPrivateKey = Policy(), + const Policy &policyPublicKey = Policy()); + + int createKeyAES( + const int size, // size in bits [128, 192, 256] + const Alias &keyAlias, + const Policy &policyKey = Policy()); + + int getCertificateChain( + const CertificateShPtr &certificate, + const CertificateShPtrVector &untrustedCertificates, + const CertificateShPtrVector &trustedCertificates, + bool useTrustedSystemCertificates, + CertificateShPtrVector &certificateChainVector); + + int getCertificateChain( + const CertificateShPtr &certificate, + const AliasVector &untrustedCertificates, + const AliasVector &trustedCertificates, + bool useTrustedSystemCertificates, + CertificateShPtrVector &certificateChainVector); + + int createSignature( + const Alias &privateKeyAlias, + const Password &password, // password for private_key + const RawBuffer &message, + const HashAlgorithm hash, + const RSAPaddingAlgorithm padding, + RawBuffer &signature); + + int verifySignature( + const Alias &publicKeyOrCertAlias, + const Password &password, // password for public_key (optional) + const RawBuffer &message, + const RawBuffer &signature, + const HashAlgorithm hash, + const RSAPaddingAlgorithm padding); + + // This function will check all certificates in chain except Root CA. + // This function will delegate task to service. You may use this even + // if application does not have permission to use network. + int ocspCheck(const CertificateShPtrVector &certificateChainVector, + int &ocspStatus); + + int setPermission(const Alias &alias, const ClientId &accessor, + PermissionMask permissionMask); + + // This function will encrypt data. + // Since Tizen 5.0, on chosen images using TEE backend: + // * maximum size of data can be limited to TEE-specific value; minimum 500 kB is supported) + // * GCM modes with short tags (32 and 64 bits) are not supported + // In these cases, key-manager can return a CKM_API_ERROR_SERVER_ERROR + int encrypt(const CryptoAlgorithm &algo, + const Alias &keyAlias, + const Password &password, + const RawBuffer &plain, + RawBuffer &encrypted); + + // This function will decrypt data. + // Since Tizen 5.0, on chosen images using TEE backend: + // * maximum size of data can be limited to TEE-specific value; minimum 500 kB is supported) + // * GCM modes with short tags (32 and 64 bits) are not supported + // In these cases, key-manager can return a CKM_API_ERROR_SERVER_ERROR + int decrypt(const CryptoAlgorithm &algo, + const Alias &keyAlias, + const Password &password, + const RawBuffer &encrypted, + RawBuffer &decrypted); + + int deriveKey(const CryptoAlgorithm &algo, + const Alias &secretAlias, + const Password &secretPassword, + const Alias &newKeyAlias, + const Policy &newKeyPolicy); + + static ManagerShPtr create(); + + int importWrappedKey(const CryptoAlgorithm ¶ms, + const Alias &wrappingKeyAlias, + const Password &wrappingKeyPassword, + const Alias &alias, + const RawBuffer &encryptedKey, + const KeyType keyType, + const Policy &policy); + +private: + std::unique_ptr m_impl; }; } // namespace CKM -