// send request for list of all keys/certificates/data that application/user may use
int getKeyAliasVector(AliasVector &aliasVector);
- int getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getKeyAliasInfoVector(AliasInfoVector &aliasInfoVector);
int getKeyEncryptionStatus(const Alias &alias, bool &status);
int getCertificateAliasVector(AliasVector &aliasVector);
- int getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getCertificateAliasInfoVector(AliasInfoVector &aliasInfoVector);
int getCertificateEncryptionStatus(const Alias &alias, bool &status);
int getDataAliasVector(AliasVector &aliasVector);
- int getDataAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getDataAliasInfoVector(AliasInfoVector &aliasInfoVector);
int getDataEncryptionStatus(const Alias &alias, bool &status);
int createKeyPairRSA(
*/
typedef std::string ClientId;
typedef std::vector<Alias> AliasVector;
-typedef std::vector<std::pair<Alias, bool>> AliasPwdVector;
+
+// backend identifiers
+enum class BackendId : int {
+ SW = 0,
+ TZ,
+ // keep in sync with ckmc_backend_id_e !
+};
+
+struct AliasInfo {
+ bool passwordProtected;
+ BackendId backend;
+};
+typedef std::vector<std::pair<Alias, AliasInfo>> AliasInfoVector;
enum class KeyType : int {
KEY_NONE = 0,
*/
void ckmc_cipher_free(ckmc_cipher_ctx_h context);
+/**
+ * @brief Retrieves backend information.
+ *
+ * @since_tizen 6.5
+ *
+ * @remarks The newly created @a ppinfo must be destroyed using ckmc_backend_info_free() when it's
+ * no longer needed.
+ *
+ * @param[in] backend Backend identifier
+ * @param[out] ppinfo Backend information handle
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (@a backend is invalid,
+ * @a ppinfo = NULL)
+ * @retval #CKMC_ERROR_SERVER_ERROR Unknown error
+ *
+ * @see #ckmc_backend_id_e
+ * @see #ckmc_backend_info_h
+ * @see ckmc_alias_info_get_backend()
+ * @see ckmc_backend_get_max_chunk_size()
+ * @see ckmc_backend_info_free()
+ */
+int ckmc_get_backend_info(ckmc_backend_id_e backend, ckmc_backend_info_h* ppinfo);
+
#ifdef __cplusplus
}
#endif
CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */
} ckmc_permission_e;
-
/**
* @brief The structure for binary buffer used in key manager CAPI.
* @since_tizen 2.3
} ckmc_algo_type_e;
/**
+ * @brief Enumeration for backend identifiers.
+ * @since_tizen 6.5
+ * @see ckmc_get_backend_info()
+ * @see ckmc_alias_info_get_backend()
+ */
+typedef enum __ckmc_backend_id {
+ CKMC_BACKEND_SW = 0, /**< Software backend */
+ CKMC_BACKEND_TZ /**< TrustZone backend */
+} ckmc_backend_id_e;
+
+struct __ckmc_backend_info_s;
+
+/**
+ * @brief Backend information handle.
+ * @since_tizen 6.5
+ * @see ckmc_alias_info_get_backend()
+ * @see ckmc_get_backend_info()
+ * @see ckmc_backend_get_max_chunk_size()
+ * @see ckmc_backend_info_free()
+ */
+typedef struct __ckmc_backend_info_s *ckmc_backend_info_h;
+
+/**
* @brief Encryption/decryption context handle.
* @since_tizen 6.5
* @see ckmc_cipher_initialize()
* @param[in] info The pointer to the #ckmc_alias_info_s structure
* @param[out] alias The pointer to the alias
* @return #CKMC_ERROR_NONE on success,
- * othervise a negative error value
+ * otherwise a negative error value
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @see #ckmc_alias_info_s
* @param[in] info The pointer to the #ckmc_alias_info_s structure
* @param[out] is_password_protected The pointer to the password protection flag
* @return #CKMC_ERROR_NONE on success,
- * othervise a negative error value
+ * otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @see #ckmc_alias_info_s
+ */
+int ckmc_alias_info_is_password_protected(const ckmc_alias_info_s* info,
+ bool* is_password_protected);
+
+/**
+ * @brief Gets the backend identifier from #ckmc_alias_info_s structure.
+ * @since_tizen 6.5
+ * @param[in] info The pointer to the #ckmc_alias_info_s structure
+ * @param[out] backend The pointer to the backend identifier
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @see #ckmc_backend_id_e
* @see #ckmc_alias_info_s
+ * @see ckmc_get_backend_info()
+ * @see ckmc_backend_info_free()
+ * @see ckmc_backend_get_max_chunk_size()
*/
-int ckmc_alias_info_is_password_protected(const ckmc_alias_info_s* info, bool* is_password_protected);
+int ckmc_alias_info_get_backend(const ckmc_alias_info_s* info, ckmc_backend_id_e* backend);
/**
* @brief Destroys the #ckmc_alias_info_list_s handle and releases resources of
*/
int ckmc_generate_new_params(ckmc_algo_type_e type, ckmc_param_list_h *pparams);
+/**
+ * @brief Retrieves maximum data chunk size that can be passed to given backend. This is the maximum
+ * size of data passed for encryption/decryption.
+ *
+ * @since_tizen 6.5
+ *
+ * @param[in] info Backend info handle
+ * @param[out] size Maximum chunk size
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (@a info is invalid,
+ * @a size = NULL)
+ *
+ * @see #ckmc_backend_info_h
+ * @see ckmc_get_backend_info()
+ */
+int ckmc_backend_get_max_chunk_size(const ckmc_backend_info_h info, size_t* size);
+
+/**
+ * @brief Destroys the backend information handle and releases all its resources.
+ *
+ * @since_tizen 6.5
+ *
+ * @param[in] info Backend information handle created with ckmc_get_backend_info()
+ *
+ * @see #ckmc_backend_info_h
+ * @see ckmc_get_backend_info()
+ * @see ckmc_backend_get_max_chunk_size()
+ */
+void ckmc_backend_info_free(ckmc_backend_info_h info);
+
/**
* @}
const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
const CKM::AliasVector EMPTY_ALIAS_VECTOR;
-int _ckmc_alias_info_new(const char* alias, bool is_password_protected, ckmc_alias_info_s** info)
+int _ckmc_alias_info_new(const char* alias,
+ bool is_password_protected,
+ ckmc_backend_id_e backend,
+ ckmc_alias_info_s** info)
{
if (alias == NULL)
return CKMC_ERROR_SERVER_ERROR;
return CKMC_ERROR_OUT_OF_MEMORY;
}
_info->is_password_protected = is_password_protected;
+ _info->backend = backend;
*info = _info;
return CKMC_ERROR_NONE;
}
return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout);
}
-int _toNewCkmcAliasInfoList(const CKM::AliasPwdVector &aliasPwdVector,
+int _toNewCkmcAliasInfoList(const CKM::AliasInfoVector &aliasInfoVector,
ckmc_alias_info_list_s **alias_info_list)
{
int ret = CKMC_ERROR_NONE;
if (alias_info_list == nullptr)
return CKMC_ERROR_UNKNOWN;
- if (aliasPwdVector.size() == 0) {
+ if (aliasInfoVector.size() == 0) {
*alias_info_list = nullptr; // according to documentation from header
return CKMC_ERROR_DB_ALIAS_UNKNOWN;
}
ckmc_alias_info_list_s *plist = nullptr;
ckmc_alias_info_list_s *previous = nullptr;
- for (const auto &it : aliasPwdVector) {
+ for (const auto &it : aliasInfoVector) {
previous = plist;
if (previous != nullptr)
previous->next = plist;
- ret = _ckmc_alias_info_new(std::get<0>(it).c_str(), std::get<1>(it), &plist->info);
+ const auto& info = std::get<1>(it);
+ ret = _ckmc_alias_info_new(std::get<0>(it).c_str(),
+ info.passwordProtected,
+ static_cast<ckmc_backend_id_e>(info.backend),
+ &plist->info);
if (ret != CKMC_ERROR_NONE)
break;
}
}
int ckmc_generic_get_alias_info_list_helper(ckmc_alias_info_list_s **alias_info_list,
- int(CKM::Manager::*func)(CKM::AliasPwdVector&))
+ int(CKM::Manager::*func)(CKM::AliasInfoVector&))
{
EXCEPTION_GUARD_START_CAPI
if (alias_info_list == nullptr)
return CKMC_ERROR_INVALID_PARAMETER;
- CKM::AliasPwdVector aliasPwdVector;
+ CKM::AliasInfoVector aliasInfoVector;
- if ((ret = ((*mgr).*func)(aliasPwdVector)) != CKM_API_SUCCESS)
+ if ((ret = ((*mgr).*func)(aliasInfoVector)) != CKM_API_SUCCESS)
return to_ckmc_error(ret);
- if ((ret = _toNewCkmcAliasInfoList(aliasPwdVector, alias_info_list)) != CKM_API_SUCCESS)
+ if ((ret = _toNewCkmcAliasInfoList(aliasInfoVector, alias_info_list)) != CKM_API_SUCCESS)
return ret;
return CKMC_ERROR_NONE;
{
return ckmc_generic_get_alias_info_list_helper(alias_info_list,
- &CKM::Manager::getKeyAliasPwdVector);
+ &CKM::Manager::getKeyAliasInfoVector);
}
KEY_MANAGER_CAPI
int ckmc_get_cert_alias_info_list(ckmc_alias_info_list_s **alias_info_list)
{
return ckmc_generic_get_alias_info_list_helper(alias_info_list,
- &CKM::Manager::getCertificateAliasPwdVector);
+ &CKM::Manager::getCertificateAliasInfoVector);
}
KEY_MANAGER_CAPI
int ckmc_get_data_alias_info_list(ckmc_alias_info_list_s **alias_info_list)
{
return ckmc_generic_get_alias_info_list_helper(alias_info_list,
- &CKM::Manager::getDataAliasPwdVector);
+ &CKM::Manager::getDataAliasInfoVector);
}
KEY_MANAGER_CAPI
return ret;
EXCEPTION_GUARD_END
}
+
+KEY_MANAGER_CAPI
+int ckmc_get_backend_info(ckmc_backend_id_e backend, ckmc_backend_info_h* ppinfo)
+{
+ EXCEPTION_GUARD_START_CAPI
+
+ if (backend < CKMC_BACKEND_SW || backend > CKMC_BACKEND_TZ || ppinfo == nullptr)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ // TODO get it
+ auto _info = static_cast<ckmc_backend_info_h>(malloc(sizeof(__ckmc_backend_info_s)));
+ if (_info == nullptr)
+ return CKMC_ERROR_OUT_OF_MEMORY;
+
+ *ppinfo = _info;
+
+ return CKMC_ERROR_SERVER_ERROR;
+
+ EXCEPTION_GUARD_END
+}
}
KEY_MANAGER_CAPI
-int ckmc_alias_info_is_password_protected(const ckmc_alias_info_s* info, bool* is_password_protected)
+int ckmc_alias_info_get_backend(const ckmc_alias_info_s* info, ckmc_backend_id_e* backend)
+{
+ if (info == NULL || backend == NULL)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ *backend = info->backend;
+ return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_alias_info_is_password_protected(const ckmc_alias_info_s* info,
+ bool* is_password_protected)
{
if (info == NULL || is_password_protected == NULL)
return CKMC_ERROR_INVALID_PARAMETER;
return CKMC_ERROR_NONE;
}
+
+KEY_MANAGER_CAPI
+int ckmc_backend_get_max_chunk_size(const ckmc_backend_info_h info, size_t* size)
+{
+ EXCEPTION_GUARD_START_CAPI
+
+ if (info == nullptr || size == nullptr)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ *size = info->max_chunk_size;
+ return CKMC_ERROR_NONE;
+
+ EXCEPTION_GUARD_END
+}
+
+KEY_MANAGER_CAPI
+void ckmc_backend_info_free(ckmc_backend_info_h info)
+{
+ free(info);
+}
#include <noncopyable.h>
#include <ckm/ckm-type.h>
+#include <ckmc/ckmc-type.h>
#include <ckmc/ckmc-error.h>
#include <message-buffer.h>
#include <protocols.h>
struct ckmc_alias_info_s {
char* alias;
bool is_password_protected;
+ ckmc_backend_id_e backend;
};
+ struct __ckmc_backend_info_s {
+ size_t max_chunk_size;
+ };
}
namespace CKM {
EXCEPTION_GUARD_END
}
-int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType,
- AliasPwdVector &aliasPwdVector)
+int Manager::Impl::getBinaryDataAliasInfoVector(DataType dataType,
+ AliasInfoVector &aliasInfoVector)
{
EXCEPTION_GUARD_START_CPPAPI
OwnerNameVector ownerNameVector;
if (retCode != CKM_API_SUCCESS)
return retCode;
- aliasPwdVector.push_back(std::make_pair(alias, status));
+ // TODO get the actual backend
+ aliasInfoVector.push_back(std::make_pair(alias, AliasInfo({status, BackendId::SW})));
}
return CKM_API_SUCCESS;
EXCEPTION_GUARD_END
return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
}
-int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
+int Manager::Impl::getKeyAliasInfoVector(AliasInfoVector &aliasInfoVector)
{
- return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector);
+ return getBinaryDataAliasInfoVector(DataType::DB_KEY_LAST, aliasInfoVector);
}
int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
}
-int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
+int Manager::Impl::getCertificateAliasInfoVector(AliasInfoVector &aliasInfoVector)
{
- return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector);
+ return getBinaryDataAliasInfoVector(DataType::CERTIFICATE, aliasInfoVector);
}
int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
}
-int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
+int Manager::Impl::getDataAliasInfoVector(AliasInfoVector &aliasInfoVector)
{
- return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector);
+ return getBinaryDataAliasInfoVector(DataType::BINARY_DATA, aliasInfoVector);
}
int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy);
int getKey(const Alias &alias, const Password &password, KeyShPtr &key);
int getKeyAliasVector(AliasVector &aliasVector);
- int getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getKeyAliasInfoVector(AliasInfoVector &aliasInfoVector);
int getKeyEncryptionStatus(const Alias &alias, bool &status);
int saveCertificate(const Alias &alias, const CertificateShPtr &cert,
int getCertificate(const Alias &alias, const Password &password,
CertificateShPtr &cert);
int getCertificateAliasVector(AliasVector &aliasVector);
- int getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getCertificateAliasInfoVector(AliasInfoVector &aliasInfoVector);
int getCertificateEncryptionStatus(const Alias &alias, bool &status);
int saveData(const Alias &alias, const RawBuffer &rawData,
const Policy &policy);
int getData(const Alias &alias, const Password &password, RawBuffer &cert);
int getDataAliasVector(AliasVector &aliasVector);
- int getDataAliasPwdVector(AliasPwdVector &aliasPwdVector);
+ int getDataAliasInfoVector(AliasInfoVector &aliasInfoVector);
int getDataEncryptionStatus(const Alias &alias, bool &status);
int savePKCS12(
DataType sendDataType,
OwnerNameVector &ownerNameVector);
- int getBinaryDataAliasPwdVector(
+ int getBinaryDataAliasInfoVector(
DataType sendDataType,
- AliasPwdVector &aliasPwdVector);
+ AliasInfoVector &aliasInfoVector);
int createKeyPair(
const KeyType key_type,
return m_impl->getKeyAliasVector(aliasVector);
}
-int Manager::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
+int Manager::getKeyAliasInfoVector(AliasInfoVector &aliasInfoVector)
{
- return m_impl->getKeyAliasPwdVector(aliasPwdVector);
+ return m_impl->getKeyAliasInfoVector(aliasInfoVector);
}
int Manager::getCertificateAliasVector(AliasVector &aliasVector)
return m_impl->getCertificateAliasVector(aliasVector);
}
-int Manager::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
+int Manager::getCertificateAliasInfoVector(AliasInfoVector &aliasInfoVector)
{
- return m_impl->getCertificateAliasPwdVector(aliasPwdVector);
+ return m_impl->getCertificateAliasInfoVector(aliasInfoVector);
}
int Manager::getDataAliasVector(AliasVector &aliasVector)
return m_impl->getDataAliasVector(aliasVector);
}
-int Manager::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
+int Manager::getDataAliasInfoVector(AliasInfoVector &aliasInfoVector)
{
- return m_impl->getDataAliasPwdVector(aliasPwdVector);
+ return m_impl->getDataAliasInfoVector(aliasInfoVector);
}
int Manager::createKeyPairRSA(
projects / platform / core / security / key-manager.git / commitdiff