ckmc_raw_buffer_s **ppdata);
+/**
+ * @platform
+ * @brief Creates private/public key pair based on Key-Encapsulation Mechanism (KEM) type and stores
+ * them inside key manager based on each policy.
+ *
+ * @since_tizen 7.0
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.extended
+ *
+ * @remarks If password in @a policy_private_key or @a policy_public_key is provided, the stored key
+ * is additionally encrypted with it.
+ * @remarks Currently supported KEM types are: #CKMC_ML_KEM_768, #CKMC_ML_KEM_1024.
+ *
+ * @param[in] kem_type The type of KEM key to be created
+ * @param[in] private_key_alias The name of private key to be stored
+ * @param[in] public_key_alias The name of public key to be stored
+ * @param[in] policy_private_key Private key storing policy
+ * @param[in] policy_public_key Public key storing policy
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory
+ * algorithm parameter, @a private_key_alias = NULL,
+ * @a public_key_alias = NULL)
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_SERVER_ERROR Unknown error
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_encapsulate_key()
+ * @see ckmc_decapsulate_key()
+ * @see #ckmc_kem_type_e
+ * @see #ckmc_policy_s
+ */
+int ckmc_create_key_pair_kem(const ckmc_kem_type_e kem_type,
+ const char *private_key_alias,
+ const char *public_key_alias,
+ const ckmc_policy_s policy_private_key,
+ const ckmc_policy_s policy_public_key);
+
+
+/**
+ * @platform
+ * @brief Generates a random shared secret, encapsulates it using a public KEM key and produces a
+ * ciphertext. The ciphertext is returned and the shared secret is stored inside key
+ * manager using the shared secret alias and the policy provided.
+ *
+ * @since_tizen 7.0
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.extended
+ *
+ * @remarks The key used for encapsulation must be public KEM type key (#CKMC_KEY_KEM_PUBLIC).
+ * @remarks The KEM type used in key pair creation and encapsulation/decapsulation must be the same.
+ * @remarks The supported format of the shared secret is a 32-byte #CKMC_KEY_AES key.
+ * @remarks If policy contains password when storing a public key, the same password should be
+ * provided.
+ * @remarks If password in @a shared_secret_policy is provided, the stored key is additionally
+ * encrypted with it.
+ * @remarks The @a ppciphertext should be released using ckmc_buffer_free().
+ *
+ * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and #ckmc_algo_type_e
+ * for details. Supported algorithms:
+ * - #CKMC_ALGO_KEM
+ * @param[in] public_key_alias Alias of the public KEM type key to be used for encapsulation
+ * @param[in] public_key_password An optional password used in decrypting a key value
+ * @param[in] shared_secret_alias Alias to store the shared secret
+ * @param[in] shared_secret_policy Shared secret storing policy
+ * @param[out] ppciphertext Ciphertext
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory
+ * algorithm parameter, @a public_key_alias = NULL,
+ * @a shared_secret_alias = NULL)
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN @a public_key_alias does not exist
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS @a shared_secret_alias already exist
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Public key decryption failed because
+ * @a public_key_password is incorrect
+ * @retval #CKMC_ERROR_SERVER_ERROR Unknown error
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @code
+ * ckmc_param_list_h params; // Initialized elsewhere
+ * ckmc_policy_s shared_secret_policy; // Initialized elsewhere
+ * ckmc_raw_buffer_s *ppciphertext;
+ * int ret = ckmc_encapsulate_key(params,
+ * "public_key_alias",
+ * "public_key_password",
+ * "shared_secret_alias",
+ * shared_secret_policy,
+ * &ppciphertext);
+ * ...
+ * ckmc_buffer_free(ppciphertext);
+ * @endcode
+ *
+ * @see ckmc_create_key_pair_kem()
+ * @see ckmc_decapsulate_key()
+ * @see ckmc_key_derive_hybrid()
+ * @see #ckmc_param_list_h
+ * @see #ckmc_policy_s
+ * @see #ckmc_raw_buffer_s
+ */
+int ckmc_encapsulate_key(const ckmc_param_list_h params,
+ const char *public_key_alias,
+ const char *public_key_password,
+ const char *shared_secret_alias,
+ const ckmc_policy_s shared_secret_policy,
+ ckmc_raw_buffer_s **ppciphertext);
+
+
+/**
+ * @platform
+ * @brief Decapsulates the shared secret from the ciphertext and KEM type private key.
+ * The shared secret is stored inside key manager using the shared secret alias and
+ * the policy provided.
+ *
+ * @since_tizen 7.0
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.extended
+ *
+ * @remarks The key used for decapsulation must be private KEM type key (#CKMC_KEY_KEM_PRIVATE).
+ * @remarks The KEM type used in key pair creation and encapsulation/decapsulation must be the same.
+ * @remarks The supported format of the shared secret is a 32-byte #CKMC_KEY_AES key.
+ * @remarks If policy contains password when storing a private key, the same password should be
+ * provided.
+ * @remarks If password in @a shared_secret_policy is provided, the stored key is additionally
+ * encrypted with it.
+ *
+ * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and #ckmc_algo_type_e
+ * for details. Supported algorithms:
+ * - #CKMC_ALGO_KEM
+ * @param[in] private_key_alias Alias of the private KEM type key to be used for decapsulation
+ * @param[in] private_key_password An optional password used in decrypting a key value
+ * @param[in] shared_secret_alias Alias to store the shared secret
+ * @param[in] shared_secret_policy Shared secret storing policy
+ * @param[in] ciphertext Ciphertext
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory
+ * algorithm parameter, @a private_key_alias = NULL,
+ * @a shared_secret_alias = NULL, @a ciphertext = NULL)
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN @a private_key_alias does not exist
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS @a shared_secret_alias already exist
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Private key decryption failed because
+ * @a private_key_password is incorrect
+ * @retval #CKMC_ERROR_SERVER_ERROR Unknown error
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_create_key_pair_kem()
+ * @see ckmc_encapsulate_key()
+ * @see ckmc_key_derive_hybrid()
+ * @see #ckmc_param_list_h
+ * @see #ckmc_policy_s
+ * @see #ckmc_raw_buffer_s
+ */
+int ckmc_decapsulate_key(const ckmc_param_list_h params,
+ const char *private_key_alias,
+ const char *private_key_password,
+ const char *shared_secret_alias,
+ const ckmc_policy_s shared_secret_policy,
+ const ckmc_raw_buffer_s *ciphertext);
+
+
+/**
+ * @platform
+ * @brief Derives a new key from another two concatenated keys/secrets (first|second) with a given
+ * algorithm and stores it inside key manager using a new key alias and policy.
+ *
+ * @since_tizen 7.0
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.extended
+ *
+ * @remarks The key/secret, pointed to by @a first_secret_alias and @a second_secret_alias must be
+ * a binary data or a symmetric key (#CKMC_KEY_AES).
+ * @remarks The derived key pointed to by @a new_key_alias will be a symmetric one. It will be
+ * stored as a #CKMC_KEY_AES.
+ * @remarks In this method, AES-type keys can be hybridized with KEM-type secrets derived
+ * from encapsulation/decapsulation methods.
+ * @remarks If policy contains password when storing a key/secret, the same password should be
+ * provided.
+ * @remarks If password in @a new_key_policy is provided, the stored key is additionally
+ * encrypted with it.
+ *
+ * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and #ckmc_algo_type_e
+ * for details. Supported algorithms:
+ * - #CKMC_ALGO_KBKDF
+ * @param[in] first_secret_alias Alias of the first key/secret to use as an input
+ * @param[in] first_secret_password Optional password of the first key/secret used as an input
+ * @param[in] second_secret_alias Alias of the second key/secret to use as an input
+ * @param[in] second_secret_password Optional password of the second key/secret used as an input
+ * @param[in] new_key_alias Alias to store the new derived key/secret
+ * @param[in] new_key_policy Policy used to store the new derived key/secret
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory
+ * algorithm parameter, @a first_secret_alias = NULL,
+ * @a second_secret_alias = NULL, @a new_key_alias = NULL)
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN @a first_secret_alias or @a second_secret_alias
+ * does not exist
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS @a new_key_alias already exist
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because @a first_secret_password
+ * or @a second_secret_password is incorrect
+ * @retval #CKMC_ERROR_SERVER_ERROR Unknown error
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_create_key_pair_kem()
+ * @see ckmc_encapsulate_key()
+ * @see ckmc_decapsulate_key()
+ * @see #ckmc_param_list_h
+ * @see #ckmc_policy_s
+ */
+int ckmc_key_derive_hybrid(const ckmc_param_list_h params,
+ const char *first_secret_alias,
+ const char *first_secret_password,
+ const char *second_secret_alias,
+ const char *second_secret_password,
+ const char *new_key_alias,
+ const ckmc_policy_s new_key_policy);
+
+
#ifdef __cplusplus
}
#endif
return ret;
EXCEPTION_GUARD_END
+}
+
+KEY_MANAGER_CAPI
+int ckmc_create_key_pair_kem(const ckmc_kem_type_e kem_type,
+ const char *private_key_alias,
+ const char *public_key_alias,
+ const ckmc_policy_s policy_private_key,
+ const ckmc_policy_s policy_public_key)
+{
+ (void) kem_type;
+ (void) private_key_alias;
+ (void) public_key_alias;
+ (void) policy_private_key;
+ (void) policy_public_key;
+
+ return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_encapsulate_key(const ckmc_param_list_h params,
+ const char *public_key_alias,
+ const char *public_key_password,
+ const char *shared_secret_alias,
+ const ckmc_policy_s shared_secret_policy,
+ ckmc_raw_buffer_s **ppciphertext)
+{
+ (void) params;
+ (void) public_key_alias;
+ (void) public_key_password;
+ (void) shared_secret_alias;
+ (void) shared_secret_policy;
+ (void) ppciphertext;
+
+ return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_decapsulate_key(const ckmc_param_list_h params,
+ const char *private_key_alias,
+ const char *private_key_password,
+ const char *shared_secret_alias,
+ const ckmc_policy_s shared_secret_policy,
+ const ckmc_raw_buffer_s *ciphertext)
+{
+ (void) params;
+ (void) private_key_alias;
+ (void) private_key_password;
+ (void) shared_secret_alias;
+ (void) shared_secret_policy;
+ (void) ciphertext;
+
+ return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_key_derive_hybrid(const ckmc_param_list_h params,
+ const char *first_secret_alias,
+ const char *first_secret_password,
+ const char *second_secret_alias,
+ const char *second_secret_password,
+ const char *new_key_alias,
+ const ckmc_policy_s new_key_policy)
+{
+ (void) params;
+ (void) first_secret_alias;
+ (void) first_secret_password;
+ (void) second_secret_alias;
+ (void) second_secret_password;
+ (void) new_key_alias;
+ (void) new_key_policy;
+
+ return CKMC_ERROR_NONE;
}
\ No newline at end of file
projects / platform / core / security / key-manager.git / commitdiff