--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__
+#define __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__
+/**
+ * @ingroup CAPI_KEY_MANAGER_MODULE *
+ * @defgroup CAPI_KEY_MANAGER_CLIENT_MODULE Key Manager Client
+ * @brief It provides APIs accessing on the secure repository and additional secure cryptographic operations.
+ *
+ * @section CAPI_KEY_MANAGER_CLIENT_MODULE_HEADER Required Header
+ * \#include <ckmc/ckmc_manager.h>
+ *
+ * @section CAPI_KEY_MANAGER_CLIENT_MODULE_OVERVIEW Overview
+ * It provides APIs storing, getting, and removing APIs for keys, certificates, and sensitive data on/from Key Manager secure repository which is protected by a user’s passwords.
+ * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
+ */
+
+#endif /* __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __TIZEN_CORE_KEY_MANAGER_CONTROL_DOC_H__
+#define __TIZEN_CORE_KEY_MANAGER_CONTROL_DOC_H__
+/**
+ * @ingroup CAPI_KEY_MANAGER_MODULE
+ * @defgroup CAPI_KEY_MANAGER_CONTROL_MODULE Key Manager Control
+ * @brief These APIs controls the key manager state(Unlocked/Locked) and reflects the user's password change.
+ *
+ * @section CAPI_KEY_MANAGER_CONTROL_MODULE_HEADER Required Header
+ * \#include <ckmc/ckmc_control.h>
+ *
+ * @section CAPI_KEY_MANAGER_CONTROL_MODULE_OVERVIEW Overview
+ * It provides APIs encrypting, decrypting, and re-encrypting a DKEK(with which a user's data file is encrypted).
+ * When a user logs in for the first time, the DKEK will be generated randomly.
+ */
+
+#endif /* __TIZEN_CORE_KEY_MANAGER_CONTROL_DOC_H__ */
--- /dev/null
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__
+#define __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__
+/**
+ * @ingroup CAPI_KEY_MANAGER_MODULE
+ * @defgroup CAPI_KEY_MANAGER_TYPES_MODULE Key Manager Data Types
+ * @brief It defines a data types used in this APIs and provides utility methods handling them.
+ *
+ * @section CAPI_KEY_MANAGER_TYPES_MODULE_HEADER Required Header
+ * \#include <ckmc/ckmc_type.h>
+ *
+ * @section CAPI_KEY_MANAGER_TYPES_MODULE_OVERVIEW Overview
+ * It defines data types for key, certificate,raw buffer, and linked list used in this APIs.
+ * And it also provides new and free methods for them.
+ *
+ */
+
+#endif /* __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ */
* @defgroup CAPI_KEY_MANAGER_MODULE Key Manager
* @brief The key manager provides a secure repository protected by a user’s passwords for keys, certificates, and sensitive data of users and/or their APPs. Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
*
- * @section CAPI_KEY_MANAGER_MODULE_HEADER Required Header
- * \#include <ckmc/ckmc_control.h>
- * \#include <ckmc/ckmc_manager.h>
- * \#include <ckmc/ckmc_type.h>
- * \#include <ckmc/ckmc_error.h>
- *
* @section CAPI_KEY_MANAGER_MODULE_OVERVIEW Overview
+ * <table>
+ * <tr><th>API</th><th>Description</th></tr>
+ * <tr>
+ * <td> @ref CAPI_KEY_MANAGER_CLIENT_MODULE</td>
+ * <td> Provides APIs accessing on the secure repository and additional secure cryptographic operations.</td>
+ * </tr>
+ * <tr>
+ * <td> @ref CAPI_KEY_MANAGER_TYPES_MODULE</td>
+ * <td> Defines a data types used in this APIs and provides utility methods handling them.</td>
+ * </tr>
+ * </table>
+ *
* It provides a secure repository for keys, certificates, and sensitive data of users and/or their APPs which are protected by a user’s passwords.
* Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
*
* @image html capi_key_manager_overview_diagram.png
*
- * The key manager provides three types of API.
+ * The key manager provides 2 types of API.
* - secure repository APIs : These APIs provides storing, retrieving, and removing functions for keys, certificates, and data.
* - secure crypto APIs : These APIs provides additional cryptographic operations(create asymmetric key pair, sign/verify signature, verify certificate)
- * - key manager control APIs : These APIs controls the key manager state(Unlocked/Locked) and reflects the user's password change.
*
- * Data Store Policy
+ * Data Store Policy:
* A client can specify a simple access rules when storing a data in Key Manager.
* - Restricted/Non-Restricted:
* Data stored in Key Manager can be access on only by its owner if the data is tagged as restricted.
* All data in Key Manager is protected by a user’s password.
* Besides, a client can encrypt its data using its own password additionally.
* If a client provides a password when storing a data, the data will be encrypted with the password. This password should be provided when get the data from Key Manager.
-
- * User Login and control API
- * - When a user logs in, logs out, and changes his/her password, the key manager should be notified.
- * - Only privileged APPs such as LockScreen APP or Setting APP can notify to key manager using the control APIs.
- * - When a user logs in, the key manager decrypts the user's DKEK with a user password.
- * So during the loggin period, any client can access its data which is protected by a user's password(technically encrypted with the client's ADEK).
+ *
+ * User Login/Logout and Data Protection
+ * - When a user logs in, logs out or changes his/her password, Key Manager should know about it.
+ * Privileged APPs such as ockScreen APP or Setting APP can notify to key manager using these control APIs.
+ * - When a user logs in, the key manager decrypts the user's DKEK(with which a user's data file is encrypted) with a user password.
+ * So during the login period, any client can access its data which is protected by a user's password.
+ * "user key" in API means DKEK.
* - When a user logs out, the key manager removes the user's DKEK from memory.
* Therefore, any clients cannot access to any data.
* - When a user change his/her password, the key manager re-encrypted the user's DKEK with a new password.
+ *
*/
#endif /* __TIZEN_CORE_KEY_MANAGER_DOC_H__ */
#endif
/**
- * @internal // control APIs are platform level APIs.
- * @addtogroup CAPI_KEY_MANAGER_MODULE
+ * @addtogroup CAPI_KEY_MANAGER_CONTROL_MODULE
* @{
*/
/**
* @brief Decrypts a user key with password. A decrypted user key exists only on memory. If this API is called for the first time, a user key will be generated internally.
+ *
+ * @since_tizen 2.3
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.admin
+ *
* @remarks The user key is a randomly generated key used in encrypting user data. And the user key is protected by a user's password.
*
* @param[in] user is a uid of a user whose key is decrypted.
* @see ckmc_remove_user_data()
* @see ckmc_change_user_password()
* @see ckmc_reset_user_password()
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager.admin *
*/
int ckmc_unlock_user_key(uid_t user, const char *password);
/**
* @brief remove a decrypted user key from memory
*
+ * @since_tizen 2.3
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.admin
+ *
* @param[in] user is a uid of a user whose key is removed from memory.
*
* @return 0 on success, otherwise a negative error value
* @see ckmc_remove_user_data()
* @see ckmc_change_user_password()
* @see ckmc_reset_user_password()
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager.admin *
*/
int ckmc_lock_user_key(uid_t user);
/**
* @brief remove user data from Store and erase a user key used for encryption
*
+ * @since_tizen 2.3
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.admin
+ *
* @param[in] user is a uid of a user whose data and key are removed
*
* @return 0 on success, otherwise a negative error value
* @see ckmc_lock_user_key()
* @see ckmc_change_user_password()
* @see ckmc_reset_user_password()
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager.admin *
*/
int ckmc_remove_user_data(uid_t user);
/**
* @brief change a password for a user. key manager decrypts a user key with old password and re-encrypts a user key with new password.
*
+ * @since_tizen 2.3
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.admin
+ *
* @param[in] user is a uid of a user whose user key is re-encrypted
* @param[in] old_password is used in decrypting a user key.
* @param[in] new_password is used in re-encrypting a user key.
* @see ckmc_lock_user_key()
* @see ckmc_remove_user_data()
* @see ckmc_reset_user_password()
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager.admin *
*/
int ckmc_change_user_password(uid_t user, const char *old_password, const char *new_password);
/**
* @brief change a password for a user without old password.
*
+ * @since_tizen 2.3
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.admin
+ *
* @param[in] user is a uid of a user whose user key is re-encrypted
* @param[in] new_password is used in re-encrypting a user key.
*
* @see ckmc_remove_user_data()
* @see ckmc_change_user_password()
*
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager.admin *
*/
int ckmc_reset_user_password(uid_t user, const char *new_password);
#endif
/**
- * @addtogroup CAPI_KEY_MANAGER_MODULE
+ * @addtogroup CAPI_KEY_MANAGER_TYPES_MODULE
* @{
*/
/**
* @brief indicating the transmitting request failed.
- * @remarks This Error code is deprecated.
*/
#define CKMC_API_ERROR_SEND_FAILED -4
/**
* @brief indicating the receiving response failed.
- * @remarks This Error code is deprecated.
*/
#define CKMC_API_ERROR_RECV_FAILED -5
/**
* @brief indicating the authentication between client and manager failed.
- * @remarks This Error code is deprecated.
*/
#define CKMC_API_ERROR_AUTHENTICATION_FAILED -6
#include <stddef.h>
#include <sys/types.h>
#include <ckmc/ckmc-type.h>
+#include <ckmc/ckmc-error.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
- * @addtogroup CAPI_KEY_MANAGER_MODULE
+ * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
* @{
*/
/**
* @brief Stores a key inside key manager based on the provided policy.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks Currently only four types of keys are supported for this API. These are RSA public/private key and ECDSA /private key.
* @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys.
* @remarks Some private key files are protected by a password. if raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the #ckmc_key structure.
* @see ckmc_get_key_alias_list()
* @see #ckmc_key
* @see #ckmc_policy
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_save_key(const char *alias, const ckmc_key key, const ckmc_policy policy);
/**
* @brief Removes a key from key manager
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks a client can remove only keys stored by the client.
*
* @param[in] alias is the name of a key to be removed
* @see ckmc_save_key()
* @see ckmc_get_key()
* @see ckmc_get_key_alias_list()
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_remove_key(const char *alias);
/**
* @brief Get a key from key manager
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
* @remarks A newly created ppkey should be destroyed by calling ckmc_key_free() if it is no longer needed.
*
* @see ckmc_save_key()
* @see ckmc_remove_key()
* @see ckmc_get_key_alias_list()
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_get_key(const char *alias, const char *password, ckmc_key **ppkey);
/**
* @brief Get a all alias of keys to which the client can access
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
* @remarks A newly created ppalias_list should be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
*
* @see ckmc_save_key()
* @see ckmc_remove_key()
* @see ckmc_get_key()
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_get_key_alias_list(ckmc_alias_list** ppalias_list);
/**
* @brief Stores a certificate inside key manager based on the provided policy.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @param[in] alias is the name of a certificate to be stored
* @param[in] cert has a certificate's binary value to be stored.
* @param[in] policy is about how to store a certificate securely.
* @see ckmc_get_cert_alias_list()
* @see #ckmc_cert
* @see #ckmc_policy
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_save_cert(const char *alias, const ckmc_cert cert, const ckmc_policy policy);
/**
* @brief Removes a certificate from key manager
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks a client can remove only certificates stored by the client.
*
* @param[in] alias is the name of a certificate to be removed
* @see ckmc_save_cert()
* @see ckmc_get_cert()
* @see ckmc_get_cert_alias_list()
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_remove_cert(const char *alias);
/**
* @brief Get a certificate from key manager
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks a client can access only certificate stored by the client and non-restricted certificate stored by other clients.
* @remarks A newly created ppcert should be destroyed by calling ckmc_cert_free() if it is no longer needed.
*
* @see ckmc_save_cert()
* @see ckmc_remove_cert()
* @see ckmc_get_cert_alias_list()
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_get_cert(const char *alias, const char *password, ckmc_cert **ppcert);
/**
* @brief Get a all alias of certificates to which the client can access
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
* @remarks A newly created ppalias_list should be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
*
* @see ckmc_save_cert()
* @see ckmc_remove_cert()
* @see ckmc_get_cert()
- *
- * @since 2.3
- * @privlevel platform
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_get_cert_alias_list(ckmc_alias_list** ppalias_list);
/**
* @brief Stores a data inside key manager based on the provided policy.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @param[in] alias is the name of a data to be stored
* @param[in] data has a binary value to be stored.
* @param[in] policy is about how to store a data securely.
* @see ckmc_get_data_alias_list()
* @see #ckmc_raw_buffer
* @see #ckmc_policy
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_save_data(const char *alias, ckmc_raw_buffer data, const ckmc_policy policy);
/**
* @brief Removes a data from key manager
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks a client can remove only data stored by the client.
*
* @param[in] alias is the name of a data to be removed
* @see ckmc_save_data()
* @see ckmc_get_data()
* @see ckmc_get_data_alias_list()
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_remove_data(const char *alias);
/**
* @brief Get a data from key manager
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
* @remarks A newly created ppdata should be destroyed by calling ckmc_buffer_free() if it is no longer needed.
*
* @see ckmc_save_data()
* @see ckmc_remove_data()
* @see ckmc_get_data_alias_list()
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer **ppdata);
/**
* @brief Get a all alias of data to which the client can access
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
* @remarks A newly created ppalias_list should be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
*
* @see ckmc_save_data()
* @see ckmc_remove_data()
* @see ckmc_get_data()
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_get_data_alias_list(ckmc_alias_list** ppalias_list);
/**
* @brief Creates RSA private/public key pair and stores them inside key manager based on each policy.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks if password in policy is provided, the key is additionally encrypted with the password in policy.
*
* @param[in] size is the size of key strength to be created. 1024, 2048, and 4096 are supported.
* @see ckmc_create_key_pair_ecdsa()
* @see ckmc_create_signature()
* @see ckmc_verify_signature()
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy policy_private_key, const ckmc_policy policy_public_key);
/**
* @brief Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks if password in policy is provided, the key is additionally encrypted with the password in policy.
*
* @param[in] type is the type of eliptic curve of ECDSA.
* @see ckmc_create_signature()
* @see ckmc_verify_signature()
* @see #ckmc_ec_type
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_create_key_pair_ecdsa(const ckmc_ec_type type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy policy_private_key, const ckmc_policy policy_public_key);
/**
* @brief Creates a signature on a given message using a private key and returns the signature
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks If password of policy is provided during storing a key, the same password should be provided.
* @remarks A newly created ppsignature should be destroyed by calling ckmc_buffer_free() if it is no longer needed.
*
* @see ckmc_buffer_free()
* @see #ckmc_hash_algo
* @see #ckmc_rsa_padding_algo
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_create_signature(const char *private_key_alias, const char *password, const ckmc_raw_buffer message, const ckmc_hash_algo hash, const ckmc_rsa_padding_algo padding, ckmc_raw_buffer **ppsignature);
/**
* @brief Verify a given signature on a given message using a public key and returns the signature status.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks If password of policy is provided during storing a key, the same password should be provided.
*
* @param[in] public_key_alias is the name of public key.
* @see ckmc_verify_signature()
* @see #ckmc_hash_algo
* @see #ckmc_rsa_padding_algo
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_verify_signature(const char *public_key_alias, const char *password, const ckmc_raw_buffer message, const ckmc_raw_buffer signature, const ckmc_hash_algo hash, const ckmc_rsa_padding_algo padding);
/**
* @brief Verify a certificate chain and return that chain.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks The trusted root certificate of the chain should exist in the system's certificate storage.
* @remarks A newly created ppcert_chain_list should be destroyed by calling ckmc_cert_list_all_free() if it is no longer needed.
*
*
* @see ckmc_get_cert_chain_with_alias())
* @see ckmc_cert_list_all_free()
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_get_cert_chain(const ckmc_cert *cert, const ckmc_cert_list *untrustedcerts, ckmc_cert_list **ppcert_chain_list);
/**
* @brief Verify a certificate chain using a alias list of untrusted certificates and return that chain.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks The trusted root certificate of the chain should exist in the system's certificate storage.
* @remarks A newly created ppcert_chain_list should be destroyed by calling ckmc_cert_list_all_free() if it is no longer needed.
*
*
* @see ckmc_get_cert_chain())
* @see ckmc_cert_list_all_free()
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_get_cert_chain_with_alias(const ckmc_cert *cert, const ckmc_alias_list *untrustedcerts, ckmc_cert_list **ppcert_chain_list);
#define __TIZEN_CORE_CKMC_TYPE_H
#include <stddef.h>
+#include <ckmc/ckmc-error.h>
#define KEY_MANAGER_CAPI __attribute__((visibility("default")))
#endif
/**
- * @addtogroup CAPI_KEY_MANAGER_MODULE
+ * @addtogroup CAPI_KEY_MANAGER_TYPES_MODULE
* @{
*/
/**
* @brief Creates a new ckmc_key handle and returns it.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks A newly created ckmc_key should be destroyed by calling ckmc_key_free() if it is no longer needed.
*
* @param[in] raw_key is byte array of key. raw_key may be encrypted with password
* @exception If out of memory, returns a null value.
* @see ckmc_key_free()
* @see #ckmc_key
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
ckmc_key *ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type key_type, char *password);
/**
* @brief Destroys the ckmc_key handle and releases all its resources.
- * @param[in] key a ckmc_key handle to destroy
- * @see ckmc_key_new()
*
- * @since 2.3
+ * @since_tizen 2.3
* @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @param[in] key a ckmc_key handle to destroy
+ * @see ckmc_key_new()
*/
void ckmc_key_free(ckmc_key *key);
/**
* @brief Creates a new ckmc_raw_buffer handle and returns it.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks A newly created ckmc_raw_buffer should be destroyed by calling ckmc_buffer_free() if it is no longer needed.
*
* @param[in] data is byte array of buffer.
/**
* @brief Destroys the ckmc_raw_buffer handle and releases all its resources.
- * @param[in] buffer a ckmc_raw_buffer handle to destroy
- * @see ckmc_buffer_new()
*
- * @since 2.3
+ * @since_tizen 2.3
* @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @param[in] buffer a ckmc_raw_buffer handle to destroy
+ * @see ckmc_buffer_new()
*/
void ckmc_buffer_free(ckmc_raw_buffer *buffer);
/**
* @brief Creates a new ckmc_cert handle and returns it.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks A newly created ckmc_cert should be destroyed by calling ckmc_cert_free() if it is no longer needed.
*
* @param[in] raw_cert is byte array of certificate.
* @see ckmc_load_cert_from_file()
* @see ckmc_load_from_pkcs12_file
* @see #ckmc_cert
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
ckmc_cert *ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format data_format);
/**
* @brief Destroys the ckmc_cert handle and releases all its resources.
+ *
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @param[in] cert a ckmc_cert handle to destroy
* @see ckmc_cert_new()
* @see ckmc_load_cert_from_file()
* @see ckmc_load_from_pkcs12_file
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
void ckmc_cert_free(ckmc_cert *cert);
/**
* @brief Create a new ckmc_cert handle from a given file and returns it.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks A newly created ckmc_cert should be destroyed by calling ckmc_cert_free() if it is no longer needed.
*
* @param[in] file_path is a path of certificate file to be loaded. The only DER or PEM encoded certificate file is supported.
* @see ckmc_cert_new()
* @see ckmc_load_from_pkcs12_file()
* @see #ckmc_cert
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_load_cert_from_file(const char *file_path, ckmc_cert **cert);
/**
* @brief Create a new ckmc_key(private key), ckmc_cert(certificate), and ckmc_cert_list(CA certificates) handle from a given PKCS#12 file and returns them.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks A newly created ckmc_key, ckmc_cert, and ckmc_cert_list should be destroyed by calling ckmc_key_free(), ckmc_cert_free(), and ckmc_cert_list_all_free() if they are no longer needed.
*
* @param[in] file_path is a path of PKCS12 file to be loaded.
* @see #ckmc_key
* @see #ckmc_cert
* @see #ckmc_cert_list
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key **private_key, ckmc_cert **cert, ckmc_cert_list **ca_cert_list);
/**
* @brief Creates a new ckmc_alias_list handle and returns it. The alias pointer in the returned ckmc_alias_list handle points to the provided characters and the next is null.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks A newly created ckmc_alias_list should be destroyed by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer needed.
*
* @param[in] alias is the first item to be set in the newly created ckmc_alias_list.
* @see ckmc_alias_list_free()
* @see ckmc_alias_list_all_free()
* @see #ckmc_alias_list
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
ckmc_alias_list *ckmc_alias_list_new(char *alias);
/**
* @brief Creates a new ckmc_alias_list handle, add it to a previous ckmc_alias_list and returns it. The alias pointer in the returned ckmc_alias_list handle points to the provided characters and the next is null.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @param[in] previous the last ckmc_alias_list handle to which a newly created ckmc_alias_list is added
* @param[in] alias is an item to be set in the newly created ckmc_alias_list.
* @return a newly added ckmc_alias_list handle. It should be given as previous when ckmc_cert_list_add() is called again.
* @see ckmc_alias_list_free()
* @see ckmc_alias_list_all_free()
* @see #ckmc_alias_list
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
ckmc_alias_list *ckmc_alias_list_add(ckmc_alias_list *previous, char *alias);
/**
* @brief Destroys the ckmc_alias_list handle and releases resources of ckmc_alias_list from the provided first handle cascadingly.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks It does not destroy an alias itself in ckmc_alias_list.
*
* @param[in] first the first ckmc_alias_list handle to destroy
* @see ckmc_alias_list_add()
* @see ckmc_alias_list_all_free()
* @see #ckmc_alias_list
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
void ckmc_alias_list_free(ckmc_alias_list *first);
/**
* @brief Destroys the ckmc_alias_list handle and releases all its resources from the provided first handle cascadingly.
*
+ * @since_tizen 2.3
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
* @remarks It also destroy an alias in ckmc_alias_list.
*
* @param[in] first the first ckmc_alias_list handle to destroy
* @see ckmc_alias_list_add()
* @see ckmc_alias_list_free()
* @see #ckmc_alias_list
- *
- * @since 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager *
*/
void ckmc_alias_list_all_free(ckmc_alias_list *first);