--- /dev/null
+/*
+ * Copyright (c) 2023 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include "e2ee-adaptation-layer.h"
+
+int ckmew_key_agreement(const char * /*private_key_alias*/,
+ const unsigned char * /*raw_public_key*/,
+ size_t /*raw_public_key_len*/,
+ const char * /*new_key_alias*/)
+{
+ // TODO
+ return CKMC_ERROR_NONE;
+}
+
+int ckmew_key_derive_pbkdf2(const char * /*password*/,
+ const unsigned char * /*salt*/,
+ size_t /*salt_len*/,
+ size_t /*new_key_len*/,
+ const char * /*new_key_alias*/)
+{
+ // TODO
+ return CKMC_ERROR_NONE;
+}
+
+int ckmew_get_ocf_cert_chain(char ** /*cert_chain*/, size_t * /*cert_chain_len*/)
+{
+ // TODO
+ return DCM_ERROR_NONE;
+}
+
+int ckmew_sign_with_ocf(const char * /*public_key_alias*/,
+ ckmc_raw_buffer_s** /*message_buf*/,
+ ckmc_raw_buffer_s** /*signature_buf*/)
+{
+ // TODO
+ return DCM_ERROR_NONE;
+}
--- /dev/null
+/*
+ * Copyright (c) 2023 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#pragma once
+
+#include <stddef.h>
+#include <ckmc/ckmc-type.h>
+
+/**
+ * @brief Derives a common symmetric key using ECDH and KBKDF.
+ *
+ * @since_tizen 7.5
+ *
+ * @remarks The derived key will be a symmetric one. It will be stored as a #CKMC_KEY_AES.
+ * @remarks The function first generates a shared secret using ECDH and temporarily stores it in
+ * key-manager. Then it derives a symmetric key from it, stores it in key-manager too and
+ * removes the shared secret.
+ * @remarks Shared secret length and KBKDF algorithm parameters are fixed in the code.
+ * @remarks To simplify the API, it is assumed that the private key alias does not use a custom
+ * password.
+ *
+ * @param[in] private_key_alias Alias of the private key to be used in ECDH
+ * @param[in] raw_public_key Peer's public key in DER format to be used in ECDH
+ * @param[in] raw_public_key_len Length of the @a raw_public_key
+ * @param[in] new_key_alias The name under which the new key will be known in key-manager
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (@a private_key_alias = NULL,
+ * @a raw_public_key = NULL, @a new_key_alias = NULL)
+ * @retval #CKMC_ERROR_DB_LOCKED A user is not logged in to key-manager
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN @a private_key_alias does not exist
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS @a new_key_alias already exists
+ * @retval #CKMC_ERROR_INVALID_FORMAT The format of @a raw_public_key is not valid
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Secret decryption failed because @a private_key_alias
+ * needed a password and none was given
+ * @retval #CKMC_ERROR_SERVER_ERROR Unknown error
+ *
+ * @pre User is already logged in to key-manager.
+ *
+ * @see ckmc_key_derive()
+ */
+int ckmew_key_agreement(const char *private_key_alias,
+ const unsigned char *raw_public_key,
+ size_t raw_public_key_len,
+ const char *new_key_alias);
+
+/**
+ * @brief Derives a symmetric key from a password using PBKFD2 and stores it in key-manager
+ *
+ * @since_tizen 7.5
+ *
+ * @remarks The password is temporarily stored in key-manager. It is deleted after key derivation
+ * is performed.
+ * @remarks The key-manager's policy for storing the derived key is fixed in the code.
+ * @remarks The number of PBKDF2 iteration is fixed in the code.
+ *
+ * @param[in] password The password to derive the key from
+ * @param[in] salt The salt used for PBKDF2
+ * @param[in] salt_len Length of the @a salt
+ * @param[in] new_key_len The desired length of the derived key
+ * @param[in] new_key_alias The name under which the new key will be known in key-manager
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (@a password = NULL or
+ * @a salt = NULL)
+ * @retval #CKMC_ERROR_NOT_SUPPORTED Unsupported key length
+ * @retval #CKMC_ERROR_DB_LOCKED A user is not logged in to key-manager
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS @a new_key_alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_SERVER_ERROR Unknown error
+ *
+ * @pre User is already logged in to key-manager.
+ *
+ * @see ckmc_key_derive()
+ */
+int ckmew_key_derive_pbkdf2(const char *password,
+ const unsigned char *salt,
+ size_t salt_len,
+ size_t new_key_len,
+ const char *new_key_alias);
+
+/**
+ * @platform
+ *
+ * @since_tizen 7.5
+ *
+ * @brief Constructs OCF certificate chain and returns it
+ *
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/devicecertificate
+ *
+ * @remarks The @a cert_chain should be freed using free().
+ *
+ * @param[out] cert_chain Certificate chain in binary, will be allocated by the library
+ * @param[out] cert_chain_len The total length of certificate chain
+ *
+ * @return #DCM_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #DCM_ERROR_NONE Successful
+ * @retval #DCM_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #DCM_ERROR_OUT_OF_MEMORY Out of memory during processing
+ * @retval #DCM_ERROR_PERMISSION_DENIED Failed to access device certificate manager
+ * @retval #DCM_ERROR_NOT_SUPPORTED Feature needed to run API is not supported
+ * @retval #DCM_ERROR_SOCKET Socket error between client and server
+ * @retval #DCM_ERROR_NO_DATA No certificate chain available
+ * @retval #DCM_ERROR_UNKNOWN Unknown error
+ */
+int ckmew_get_ocf_cert_chain(char **cert_chain, size_t *cert_chain_len);
+
+/**
+ * @platform
+ *
+ * @since_tizen 7.5
+ *
+ * @brief Signs given public key with OCF using E2EE signing scheme.
+ *
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/devicecertificate
+ *
+ * @remarks The public key will be retrieved from key-manager.
+ * @remarks It is assumed that the public key is not encrypted with a custom password in
+ * key-manager and thus there's no need to pass additional argument.
+ *
+ * @param[in] public_key_alias Alias of the public key to be signed
+ * @param[out] message The E2EE message composed from public key and E2EE prefixes. It has to be
+ * freed using ckmc_buffer_free()
+ * @param[out] signature The OCF signature calculated for @a message. It has to be
+ * freed using ckmc_buffer_free()
+ *
+ * @return #DCM_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #DCM_ERROR_NONE Successful
+ * @retval #DCM_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #DCM_ERROR_OUT_OF_MEMORY Out of memory during processing
+ * @retval #DCM_ERROR_PERMISSION_DENIED Failed to access device certificate manager
+ * @retval #DCM_ERROR_NOT_SUPPORTED Feature needed to run API is not supported
+ * @retval #DCM_ERROR_SOCKET Socket error between client and server
+ * @retval #DCM_ERROR_NO_DATA If OCF or public key are not available
+ * @retval #DCM_ERROR_UNKNOWN Unknown error
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect
+ */
+int ckmew_sign_with_ocf(const char *public_key_alias,
+ ckmc_raw_buffer_s **message,
+ ckmc_raw_buffer_s **signature);