From 31231c9a52033726e7daf2062cc432140b6c6ba6 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 16 Dec 2016 13:10:39 +0900 Subject: [PATCH 01/16] Static cast enum value to int Change-Id: I738b0a745725c47a0608c58396df79f745ccd412 Signed-off-by: Kyungwook Tak --- src/manager/dpl/log/src/old_style_log_provider.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manager/dpl/log/src/old_style_log_provider.cpp b/src/manager/dpl/log/src/old_style_log_provider.cpp index dabf0b5..d955827 100644 --- a/src/manager/dpl/log/src/old_style_log_provider.cpp +++ b/src/manager/dpl/log/src/old_style_log_provider.cpp @@ -104,7 +104,7 @@ void OldStyleLogProvider::Log(AbstractLogProvider::LogLevel level, std::string("] ") << function << std::string("(): ") << message << mark.end; fprintf(stdout, "%s\n", val.str().c_str()); } catch (const std::out_of_range &) { - fprintf(stdout, "Unsupported log level: %d\n", level); + fprintf(stdout, "Unsupported log level: %d\n", static_cast(level)); } } -- 2.7.4 From 929bf4077a37a70b077032d76e8c829402d27ef5 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 16 Dec 2016 17:27:58 +0900 Subject: [PATCH 02/16] Add missing header Change-Id: Ic9660e80708abb71c293245755912c1bf4bdd438 Signed-off-by: Kyungwook Tak --- tests/test_xml-parser.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test_xml-parser.cpp b/tests/test_xml-parser.cpp index ab25ce9..4b71217 100644 --- a/tests/test_xml-parser.cpp +++ b/tests/test_xml-parser.cpp @@ -20,6 +20,7 @@ * @brief XML parser tests. */ +#include #include #include #include -- 2.7.4 From 3392a52f08948a65389685c0b91fdd46362280c8 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 16 Dec 2016 13:11:00 +0900 Subject: [PATCH 03/16] C++11 destructor should not throw exception Change-Id: If6e3e469acec69bd0a4c2678348d92af607b39d2 Signed-off-by: Kyungwook Tak --- src/manager/service/db-crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manager/service/db-crypto.h b/src/manager/service/db-crypto.h index 501a360..3fbacf6 100644 --- a/src/manager/service/db-crypto.h +++ b/src/manager/service/db-crypto.h @@ -186,7 +186,7 @@ public: m_db->m_connection->RollbackTransaction(); } } catch (const SqlConnection::Exception::InternalError &) { - ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); + LogError("sqlite got into infinite busy state"); } catch (const SqlConnection::Exception::Base &) { LogError("Transaction rollback failed!"); } -- 2.7.4 From eb62f62d570a6749be233b2680412e68639c5440 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 16 Dec 2016 17:31:08 +0900 Subject: [PATCH 04/16] Fix shift overflow which makes build err in gcc6.2 Change-Id: I17a1c729b83442e90ff91f0771ea845d09140873 Signed-off-by: Kyungwook Tak --- src/manager/service/crypto-logic.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp index 32022cd..f0fb903 100644 --- a/src/manager/service/crypto-logic.cpp +++ b/src/manager/service/crypto-logic.cpp @@ -56,7 +56,8 @@ const int ENCR_PASSWORD = 1 << 2; // Encryption order flags (single choice) const int ENCR_ORDER_OFFSET = 24; -const int ENCR_ORDER_FILTER = INT_MAX << ENCR_ORDER_OFFSET; // 0xff000000 +const int ENCR_ORDER_FILTER = + (UINT_MAX >> ENCR_ORDER_OFFSET) << ENCR_ORDER_OFFSET; // 0xff000000 const int ENCR_ORDER_CLEAR = ~ENCR_ORDER_FILTER; // 0x00ffffff /* * ENCR_ORDER_V1 - v1 encryption order. Token returned from store is encrypted with app key and -- 2.7.4 From 68495f439183a9f5fdaae8669fdadd29dfd16837 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 16 Dec 2016 19:35:18 +0900 Subject: [PATCH 05/16] Clean up bit masking ENCR in CryptoLogic Clean up some variables are double declared in anonymous namespace and class member. Make inline private member function for bit masking operations for encryption scheme/version to clean up related codes. Change-Id: I7bccdccd3f80fd259fa54b95d1906e1f386b2116 Signed-off-by: Kyungwook Tak --- src/manager/service/crypto-logic.cpp | 45 ++++++++++-------------------------- src/manager/service/crypto-logic.h | 45 +++++++++++++++++++++++++----------- 2 files changed, 44 insertions(+), 46 deletions(-) diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp index f0fb903..9951e9c 100644 --- a/src/manager/service/crypto-logic.cpp +++ b/src/manager/service/crypto-logic.cpp @@ -49,27 +49,6 @@ namespace { const static int AES_CBC_KEY_SIZE = 32; const static int AES_GCM_TAG_SIZE = 16; -// Encryption scheme flags (enable/disable specific encryption type, multiple choice) -const int ENCR_BASE64 = 1 << 0; -const int ENCR_APPKEY = 1 << 1; -const int ENCR_PASSWORD = 1 << 2; - -// Encryption order flags (single choice) -const int ENCR_ORDER_OFFSET = 24; -const int ENCR_ORDER_FILTER = - (UINT_MAX >> ENCR_ORDER_OFFSET) << ENCR_ORDER_OFFSET; // 0xff000000 -const int ENCR_ORDER_CLEAR = ~ENCR_ORDER_FILTER; // 0x00ffffff -/* - * ENCR_ORDER_V1 - v1 encryption order. Token returned from store is encrypted with app key and - * optionally by custom user password. In such form it is stored in db. - */ -const int ENCR_ORDER_V1 = CryptoLogic::ENCRYPTION_V1 << ENCR_ORDER_OFFSET; -/* - * ENCR_ORDER_V2 - v2 encryption order. Stored data is optionally encrypted by store with - * user password. Returned token is encrypted with app key and stored in db. - */ -const int ENCR_ORDER_V2 = CryptoLogic::ENCRYPTION_V2 << ENCR_ORDER_OFFSET; - } // anonymous namespace CryptoLogic::CryptoLogic() {} @@ -165,7 +144,8 @@ void CryptoLogic::encryptRow(DB::Row &row) crow.iv = generateRandIV(); key = m_keyMap[row.ownerLabel]; - crow.encryptionScheme = ENCR_APPKEY; + CLEAR_FLAG(crow.encryptionScheme); + SET_FLAG(ENCR_APPKEY, crow.encryptionScheme); auto dataPair = Crypto::SW::Internals::encryptDataAesGcm(key, crow.data, crow.iv, AES_GCM_TAG_SIZE); @@ -174,11 +154,10 @@ void CryptoLogic::encryptRow(DB::Row &row) crow.tag = dataPair.second; encBase64(crow.data); - crow.encryptionScheme |= ENCR_BASE64; + SET_FLAG(ENCR_BASE64, crow.encryptionScheme); encBase64(crow.iv); - crow.encryptionScheme &= ENCR_ORDER_CLEAR; - crow.encryptionScheme |= ENCR_ORDER_V2; + SET_ENCRYPTION_VERSION(ENCRYPTION_V2, crow.encryptionScheme); row = std::move(crow); } @@ -197,15 +176,15 @@ void CryptoLogic::decryptRow(const Password &password, DB::Row &row) if (row.algorithmType != DBCMAlgType::AES_GCM_256) ThrowErr(Exc::AuthenticationFailed, "Invalid algorithm type."); - if ((row.encryptionScheme & ENCR_PASSWORD) && password.empty()) + if (GET_FLAG(ENCR_PASSWORD, row.encryptionScheme) && password.empty()) ThrowErr(Exc::AuthenticationFailed, "DB row is password protected, but given password is empty."); - if (!(row.encryptionScheme & ENCR_PASSWORD) && !password.empty()) + if (!GET_FLAG(ENCR_PASSWORD, row.encryptionScheme) && !password.empty()) ThrowErr(Exc::AuthenticationFailed, "DB row is not password protected, but given password is not empty."); - if ((row.encryptionScheme & ENCR_APPKEY) && !haveKey(row.ownerLabel)) + if (GET_FLAG(ENCR_APPKEY, row.encryptionScheme) && !haveKey(row.ownerLabel)) ThrowErr(Exc::AuthenticationFailed, "Missing application key for ", row.ownerLabel, @@ -213,24 +192,24 @@ void CryptoLogic::decryptRow(const Password &password, DB::Row &row) decBase64(crow.iv); - if (crow.encryptionScheme & ENCR_BASE64) + if (GET_FLAG(ENCR_BASE64, crow.encryptionScheme)) decBase64(crow.data); try { - if ((crow.encryptionScheme >> ENCR_ORDER_OFFSET) == ENCR_ORDER_V2) { - if (crow.encryptionScheme & ENCR_APPKEY) { + if (GET_ENCRYPTION_VERSION(crow.encryptionScheme) == ENCRYPTION_V2) { + if (GET_FLAG(ENCR_APPKEY, crow.encryptionScheme)) { key = m_keyMap[crow.ownerLabel]; crow.data = Crypto::SW::Internals::decryptDataAesGcm(key, crow.data, crow.iv, crow.tag); } } else { - if (crow.encryptionScheme & ENCR_PASSWORD) { + if (GET_FLAG(ENCR_PASSWORD, crow.encryptionScheme)) { key = passwordToKey(password, crow.iv, AES_CBC_KEY_SIZE); crow.data = Crypto::SW::Internals::decryptDataAes(AlgoType::AES_CBC, key, crow.data, crow.iv); } - if (crow.encryptionScheme & ENCR_APPKEY) { + if (GET_FLAG(ENCR_APPKEY, crow.encryptionScheme)) { key = m_keyMap[crow.ownerLabel]; crow.data = Crypto::SW::Internals::decryptDataAesGcm(key, crow.data, crow.iv, crow.tag); diff --git a/src/manager/service/crypto-logic.h b/src/manager/service/crypto-logic.h index 9415ead..707b070 100644 --- a/src/manager/service/crypto-logic.h +++ b/src/manager/service/crypto-logic.h @@ -47,7 +47,18 @@ public: const RawBuffer &applicationKey); void removeKey(const Label &smackLabel); + /* + * v1 encryption. + * Token returned from store is encrypted with app key and + * optionally by custom user password. + */ static const int ENCRYPTION_V1 = 0; + + /* + * v2 encryption. + * Stored data is optionally encrypted by store with user password. + * Returned token is encrypted with app key and stored in db. + */ static const int ENCRYPTION_V2 = 1; private: @@ -56,19 +67,27 @@ private: static const int ENCR_APPKEY = 1 << 1; static const int ENCR_PASSWORD = 1 << 2; - // Encryption order flags (single choice) - static const int ENCR_ORDER_CLEAR = 0x00ffffff; - static const int ENCR_ORDER_FILTER = ~ENCR_ORDER_CLEAR; - /* - * ENCR_ORDER_V1 - v1 encryption order. Token returned from store is encrypted with app key and - * optionally by custom user password. Is such form it is stored in db. - */ - static const int ENCR_ORDER_V1 = ENCR_ORDER_CLEAR + 0; - /* - * ENCR_ORDER_V2 - v2 encryption order. Stored data is optionally encrypted by store with - * user password. Returned token is encrypted with app key and stored in db. - */ - static const int ENCR_ORDER_V2 = ENCR_ORDER_CLEAR + 1; + static const int ENCR_ORDER_OFFSET = 24; + + static inline void CLEAR_FLAG(int &encryptionScheme) { + encryptionScheme = 0; + } + + static inline void SET_FLAG(int fieldId, int &encryptionScheme) { + encryptionScheme |= fieldId; + } + + static inline bool GET_FLAG(int fieldId, int encryptionScheme) { + return encryptionScheme & fieldId; + } + + static inline void SET_ENCRYPTION_VERSION(int version, int &encryptionScheme) { + encryptionScheme |= (version << ENCR_ORDER_OFFSET); + } + + static inline int GET_ENCRYPTION_VERSION(int encryptionScheme) { + return encryptionScheme >> ENCR_ORDER_OFFSET; + } std::map m_keyMap; -- 2.7.4 From e618ecd8e4cc84138e90c655d58a3e627ed7a1e5 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 16 Dec 2016 13:22:32 +0900 Subject: [PATCH 06/16] Replace deprecated readdir_r with readdir Change-Id: I10857c628068c2a53978c16670fab1f9f9d23033 Signed-off-by: Kyungwook Tak --- src/manager/service/for-each-file.cpp | 3 +-- src/manager/service/ss-migrate.cpp | 17 +++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/manager/service/for-each-file.cpp b/src/manager/service/for-each-file.cpp index d992e4d..0121547 100644 --- a/src/manager/service/for-each-file.cpp +++ b/src/manager/service/for-each-file.cpp @@ -50,9 +50,8 @@ void forEachFile(const std::string &dirpath, ActionFunc func) if (!pEntry) ThrowErr(Exc::InternalError, "Memory allocation failed for dir entry"); - struct dirent *pDirEntry = nullptr; - while ((!readdir_r(dirp.get(), pEntry.get(), &pDirEntry)) && pDirEntry) { + while (struct dirent *pDirEntry = readdir(dirp.get())) { /* run func for every file names in dirpath. d_name is only file name, not path */ func(pDirEntry->d_name); } diff --git a/src/manager/service/ss-migrate.cpp b/src/manager/service/ss-migrate.cpp index efadd2f..635c10c 100644 --- a/src/manager/service/ss-migrate.cpp +++ b/src/manager/service/ss-migrate.cpp @@ -96,14 +96,15 @@ void visit_dir(const std::string &dirpath, struct dirent *buf, size_t depth, } while (true) { - struct dirent *result = nullptr; - auto ret = ::readdir_r(dirptr.get(), buf, &result); - if (ret != 0) { - LogError("readdir_r error on secure-storage dir: " << dirpath << - " with errno: " << errno); - break; - } else if (result == nullptr) { - remove_path(dirpath, isAdminUser); + errno = 0; + struct dirent *result = ::readdir(dirptr.get()); + if (result == nullptr) { + if (errno != 0) + LogError("readdir error on secure-storage dir: " << dirpath << + " with errno: " << errno); + else + remove_path(dirpath, isAdminUser); // end of stream + break; } -- 2.7.4 From 3dc3c159424f8edf3cc552c76e855b816c6a56d0 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Tue, 20 Dec 2016 13:10:16 +0900 Subject: [PATCH 07/16] [CryptoLogic] Fix func name and set max schema version Change function name: CLEAR_FLAG => CLEAR_FLAGS Define maximum variable of schema version available. To changing encryption schema bitmask from int to std::bitset makes some backward compatability issue because it resides in DB::Row::encryptionScheme as int already which is in DB. But std::bitset cannot support converting to int (only ulong & ulong long) so it's hard to use. Change-Id: Ia27ec252f67c61fece9b34b1458724476b653b77 Signed-off-by: Kyungwook Tak --- src/manager/service/crypto-logic.cpp | 2 +- src/manager/service/crypto-logic.h | 20 ++++++++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp index 9951e9c..536783c 100644 --- a/src/manager/service/crypto-logic.cpp +++ b/src/manager/service/crypto-logic.cpp @@ -144,7 +144,7 @@ void CryptoLogic::encryptRow(DB::Row &row) crow.iv = generateRandIV(); key = m_keyMap[row.ownerLabel]; - CLEAR_FLAG(crow.encryptionScheme); + CLEAR_FLAGS(crow.encryptionScheme); SET_FLAG(ENCR_APPKEY, crow.encryptionScheme); auto dataPair = Crypto::SW::Internals::encryptDataAesGcm(key, crow.data, diff --git a/src/manager/service/crypto-logic.h b/src/manager/service/crypto-logic.h index 707b070..fab4cf9 100644 --- a/src/manager/service/crypto-logic.h +++ b/src/manager/service/crypto-logic.h @@ -24,6 +24,7 @@ #include #include #include +#include namespace CKM { @@ -63,13 +64,20 @@ public: private: // Encryption scheme flags (enable/disable specific encryption type, multiple choice) - static const int ENCR_BASE64 = 1 << 0; - static const int ENCR_APPKEY = 1 << 1; + static const int ENCR_BASE64 = 1 << 0; + static const int ENCR_APPKEY = 1 << 1; static const int ENCR_PASSWORD = 1 << 2; static const int ENCR_ORDER_OFFSET = 24; - static inline void CLEAR_FLAG(int &encryptionScheme) { + /* + * available maximum encryption version. + * This limitation is from bitset which is in DB::Row::encryptionScheme(int). + * 24bit is used for schema flag and upper 7 bit is for schema version. + */ + static const int ENCRYPTION_V_MAX = 128; + + static inline void CLEAR_FLAGS(int &encryptionScheme) { encryptionScheme = 0; } @@ -81,7 +89,11 @@ private: return encryptionScheme & fieldId; } - static inline void SET_ENCRYPTION_VERSION(int version, int &encryptionScheme) { + static void SET_ENCRYPTION_VERSION(int version, int &encryptionScheme) { + if (version >= ENCRYPTION_V_MAX) + ThrowErr(Exc::InputParam, + "encryption schema version is bigger than max: ", version); + encryptionScheme |= (version << ENCR_ORDER_OFFSET); } -- 2.7.4 From b42ccb7f20acfaaa1bf37a37ef934f8911cf7908 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Mon, 2 Jan 2017 17:13:25 +0900 Subject: [PATCH 08/16] Suppress warning on sqlcipher(unused-const-variable) unused-const-variable warning occurs in sqlcipher when it built with gcc version 6.2. sqlcipher code is hard to touch and not recommended so just suppress the warning on that file only by pragma Change-Id: Icc29d829ed460592b8d883497b69bd9dc9df2a3f Signed-off-by: Kyungwook Tak --- src/manager/sqlcipher/sqlcipher.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/manager/sqlcipher/sqlcipher.c b/src/manager/sqlcipher/sqlcipher.c index 2008e5a..64f35df 100644 --- a/src/manager/sqlcipher/sqlcipher.c +++ b/src/manager/sqlcipher/sqlcipher.c @@ -47,6 +47,7 @@ #pragma GCC diagnostic warning "-Wunused-but-set-variable" #pragma GCC diagnostic warning "-Wunused-parameter" #pragma GCC diagnostic warning "-Wsign-compare" +#pragma GCC diagnostic ignored "-Wunused-const-variable" #define SQLCIPHER_CORE 1 #define SQLCIPHER_AMALGAMATION 1 -- 2.7.4 From 6c0e730cf780fa903918199807230965f0e03a3d Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 6 Jan 2017 17:52:44 +0900 Subject: [PATCH 09/16] gcc version condition check on using pragma pragma dianogstic ignored makes warning on gcc version 4 so define it when gcc version is 6 or upper Change-Id: I0a62af50418ae4f11d7396fc52bbc770143e037f Signed-off-by: Kyungwook Tak --- src/manager/sqlcipher/sqlcipher.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/manager/sqlcipher/sqlcipher.c b/src/manager/sqlcipher/sqlcipher.c index 64f35df..c881d32 100644 --- a/src/manager/sqlcipher/sqlcipher.c +++ b/src/manager/sqlcipher/sqlcipher.c @@ -47,7 +47,9 @@ #pragma GCC diagnostic warning "-Wunused-but-set-variable" #pragma GCC diagnostic warning "-Wunused-parameter" #pragma GCC diagnostic warning "-Wsign-compare" +#if __GNUC__ >= 6 #pragma GCC diagnostic ignored "-Wunused-const-variable" +#endif #define SQLCIPHER_CORE 1 #define SQLCIPHER_AMALGAMATION 1 -- 2.7.4 From d29c3ca02480d0943e291865cc237e8eb562efef Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Thu, 5 Jan 2017 20:11:57 +0900 Subject: [PATCH 10/16] Apply the reviewed API documentation Change-Id: Ifab4e5d251ce90642b07a5c5274adcf58e3083f7 Signed-off-by: Dongsun Lee (cherry picked from commit edf7e603070dedac237898a9c60ec5205a44d4d3) --- src/include/ckmc/ckmc-control.h | 20 +- src/include/ckmc/ckmc-error.h | 81 +-- src/include/ckmc/ckmc-manager.h | 1212 ++++++++++++++------------------------- src/include/ckmc/ckmc-type.h | 786 ++++++++++--------------- 4 files changed, 806 insertions(+), 1293 deletions(-) diff --git a/src/include/ckmc/ckmc-control.h b/src/include/ckmc/ckmc-control.h index cec7569..687deb1 100644 --- a/src/include/ckmc/ckmc-control.h +++ b/src/include/ckmc/ckmc-control.h @@ -1,17 +1,17 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License * * * @file ckmc-control.h diff --git a/src/include/ckmc/ckmc-error.h b/src/include/ckmc/ckmc-error.h index 082c887..defd187 100644 --- a/src/include/ckmc/ckmc-error.h +++ b/src/include/ckmc/ckmc-error.h @@ -1,73 +1,82 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License * - * @file ckmc-error.h + * @file ckmc-error.h * @version 1.0 - * @brief This file contains error codes of the Key Manager. + * @brief This file contains error codes of the Key Manager. */ + + #ifndef __TIZEN_CORE_CKMC_ERROR_H_ #define __TIZEN_CORE_CKMC_ERROR_H_ + #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_KEY_MANAGER_TYPES_MODULE * @{ */ + /** * @brief Enumeration for Key Manager Errors. * @since_tizen 2.3 */ typedef enum { - CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ - CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ - CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ - CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ - CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ - - CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ - CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ - CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */ - CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */ - CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */ - CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Optional password which used when saving is incorrect */ - CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */ - CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */ - CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */ - CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */ - CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */ - CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */ - CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */ - CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */ - CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */ - CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< The data is saved as unexportable so it cannot be leaked */ - CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */ - CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */ + CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ + CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ + CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ + CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ + CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ + + CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ + CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ + CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */ + CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */ + CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */ + CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Optional password which used when saving is incorrect */ + CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */ + CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */ + CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */ + CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */ + CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */ + CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */ + CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */ + CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */ + CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */ + CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< The data is saved as unexportable so it cannot be leaked */ + CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */ + CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */ } key_manager_error_e; + /** * @} */ + #ifdef __cplusplus } #endif + #endif /* __TIZEN_CORE_CKMC_ERROR_H_ */ diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index 1898129..1ed88bf 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -1,39 +1,42 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License * * - * @file ckmc-manager.h - * @version 1.0 - * @brief Provides management functions(storing, retrieving, and removing) for keys, - * certificates and data of a user and additional crypto functions. + * @file ckmc-manager.h + * @version 1.0 + * @brief Provides management functions(storing, retrieving, and removing) for keys, + * certificates and data of a user and additional crypto functions. */ #ifndef __TIZEN_CORE_CKMC_MANAGER_H #define __TIZEN_CORE_CKMC_MANAGER_H + #include #include #include #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE * @{ @@ -42,74 +45,51 @@ extern "C" { /** * @brief Stores a key inside key manager based on the provided policy. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks Currently API supports seven types of keys. These are RSA public/private key, - * DSA public/private key, ECDSA public/private key and AES symmetric key. - * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside - * key manager during storing keys. - * @remarks Some private key files are protected by a password. If raw_key in key read from those - * encrypted files is encrypted with a password, the password should be provided in the - * #ckmc_key_s structure. - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] alias The name of a key to be stored - * @param[in] key The key's binary value to be stored - * @param[in] policy The policy about how to store a key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks Currently API supports seven types of keys. These are RSA public/private key, DSA public/private key, ECDSA public/private key, and AES symmetric key. + * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys. + * @remarks Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the #ckmc_key_s structure. + * @remarks If password in policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] alias The name of a key to be stored + * @param[in] key The key's binary value to be stored + * @param[in] policy The policy about how to store a key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_key() * @see ckmc_get_key_alias_list() * @see #ckmc_key_s * @see #ckmc_policy_s */ -int ckmc_save_key(const char *alias, const ckmc_key_s key, - const ckmc_policy_s policy); +int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a key from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove key, client must have remove permission to the specified key. * @remarks The key owner can remove by default. - * * @param[in] alias The name of a key to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_get_key() * @see ckmc_get_key_alias_list() @@ -117,72 +97,53 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, int ckmc_remove_key(const char *alias) TIZEN_DEPRECATED_API; + /** * @brief Gets a key from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no - * longer needed. - * - * @param[in] alias The name of a key to retrieve - * @param[in] password The password used in decrypting a key value \n - * If password of policy is provided in ckmc_save_key(), the same password - * should be provided. - * @param[out] ppkey The pointer to a newly created ckmc_key_s handle - * + * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no longer needed. + * @param[in] alias The name of a key to retrieve + * @param[in] password The password used in decrypting a key value \n + * If password of policy is provided in ckmc_save_key(), the same password should be provided + * @param[out] ppkey The pointer to a newly created ckmc_key_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect. - * + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_remove_alias() * @see ckmc_get_key_alias_list() */ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey); + /** * @brief Gets all the alias of keys that the client can access. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() * if it is no longer needed. - * - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all - * available alias of keys \n - * If there is no available key alias, *ppalias_list will be null. - * + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all + * available alias of keys \n + * If there is no available key alias, *ppalias_list will be null * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_remove_alias() * @see ckmc_get_key() @@ -191,69 +152,50 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s **ppalias_list); - /** * @brief Stores a certificate inside key manager based on the provided policy. - * * @since_tizen 2.3 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0 - * - * @remarks the certificate's binary value will be converted and saved as binary DER encoded - * certificates. - * - * @param[in] alias The name of a certificate to be stored - * @param[in] cert The certificate's binary value to be stored + * @remarks The certificate's binary value will be converted and saved as binary DER encoded certificates. + * @param[in] alias The name of a certificate to be stored + * @param[in] cert The certificate's binary value to be stored * @param[in] policy The policy about how to store a certificate securely - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_cert() * @see ckmc_get_cert_alias_list() * @see #ckmc_cert_s * @see #ckmc_policy_s */ -int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, - const ckmc_policy_s policy); +int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a certificate from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove certificate, client must have remove permission to the specified certificate. * @remarks The key owner can remove by default. - * * @param[in] alias The name of a certificate to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_cert() * @see ckmc_get_cert() * @see ckmc_get_cert_alias_list() @@ -261,74 +203,53 @@ int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, int ckmc_remove_cert(const char *alias) TIZEN_DEPRECATED_API; + /** * @brief Gets a certificate from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only certificate stored by the client. * @remarks A DER encoded certificate will be returned as a return value. - * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no - * longer needed. - * - * @param[in] alias The name of a certificate to retrieve + * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no longer needed. + * @param[in] alias The name of a certificate to retrieve * @param[in] password The password used in decrypting a certificate value \n * If password of policy is provided in ckmc_save_cert(), the same password - * should be provided. - * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle - * + * should be provided + * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect. - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_cert() * @see ckmc_remove_alias() * @see ckmc_get_cert_alias_list() */ -int ckmc_get_cert(const char *alias, const char *password, - ckmc_cert_s **ppcert); +int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert); + /** * @brief Gets all alias of certificates which the client can access. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() - * if it is no longer needed. - * - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all - * available alias of keys \n - * If there is no available key alias, *ppalias_list will be null. - * + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed. + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n + * If there is no available key alias, *ppalias_list will be null * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_cert() * @see ckmc_remove_alias() * @see ckmc_get_cert() @@ -336,34 +257,23 @@ int ckmc_get_cert(const char *alias, const char *password, int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list); - - /** - * @brief Stores PKCS12's contents inside key manager based on the provided policies. - * All items from the PKCS12 will use the same alias. - * + * @brief Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @param[in] alias The name of a data to be stored - * @param[in] pkcs Pointer to the pkcs12 structure to be saved - * @param[in] key_policy The policy about how to store pkcs's private key - * @param[in] cert_policy The policy about how to store pkcs's certificate - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @param[in] alias The name of a data to be stored + * @param[in] pkcs Pointer to the pkcs12 structure to be saved + * @param[in] key_policy The policy about how to store pkcs's private key + * @param[in] cert_policy The policy about how to store pkcs's certificate * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_pkcs12() * @see ckmc_get_data_alias_list() @@ -371,108 +281,77 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list); * @see #ckmc_pkcs12_s * @see #ckmc_policy_s */ -int ckmc_save_pkcs12(const char *alias, - const ckmc_pkcs12_s *pkcs, - const ckmc_policy_s key_policy, - const ckmc_policy_s cert_policy); +int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *pkcs, const ckmc_policy_s key_policy,const ckmc_policy_s cert_policy); + /** * @brief Gets a pkcs12 from key manager. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no - * longer needed. - * - * @param[in] alias The name of a data to retrieve - * @param[in] key_password Password that was used to encrypt privateKey (may be NULL) - * @param[in] cert_password Password used to encrypt certificates (may be NULL) - * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle - * + * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no longer needed. + * @param[in] alias The name of a data to retrieve + * @param[in] key_password Password that was used to encrypt privateKey (may be NULL) + * @param[in] cert_password Password used to encrypt certificates (may be NULL) + * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * key_password or cert_password does not match with password - * used to encrypt data - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED key_password or cert_password does not match with password used to encrypt data * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_pkcs12() * @see ckmc_remove_alias() */ -int ckmc_get_pkcs12(const char *alias, const char *key_password, - const char *cert_password, ckmc_pkcs12_s **pkcs12); +int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12); + /** * @brief Stores a data inside key manager based on the provided policy. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @param[in] alias The name of a data to be stored - * @param[in] data The binary value to be stored + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @param[in] alias The name of a data to be stored + * @param[in] data The binary value to be stored * @param[in] policy The policy about how to store a data securely - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_data() * @see ckmc_get_data_alias_list() * @see #ckmc_raw_buffer_s * @see #ckmc_policy_s */ -int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, - const ckmc_policy_s policy); +int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a data from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove data, client must have remove permission to the specified data object. * @remarks The data owner can remove by default. - * * @param[in] alias The name of a data to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_data() * @see ckmc_get_data() * @see ckmc_get_data_alias_list() @@ -480,72 +359,52 @@ int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, int ckmc_remove_data(const char *alias) TIZEN_DEPRECATED_API; + /** * @brief Gets a data from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no - * longer needed. - * - * @param[in] alias The name of a data to retrieve - * @param[in] password The password used in decrypting a data value \n - * If password of policy is provided in ckmc_save_data(), the same password - * should be provided. - * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle - * + * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no longer needed. + * @param[in] alias The name of a data to retrieve + * @param[in] password The password used in decrypting a data value \n + * If password of policy is provided in ckmc_save_data(), the same password + * should be provided + * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect. + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_data() * @see ckmc_remove_alias() * @see ckmc_get_data_alias_list() */ -int ckmc_get_data(const char *alias, const char *password, - ckmc_raw_buffer_s **ppdata); +int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata); + /** * @brief Gets all alias of data which the client can access. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() - * if it is no longer needed. - * - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all - * available alias of keys \n - * If there is no available key alias, *ppalias_list will be null. - * + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed. + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n + * If there is no available key alias, *ppalias_list will be null * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_data() * @see ckmc_remove_alias() * @see ckmc_get_data() @@ -553,205 +412,139 @@ int ckmc_get_data(const char *alias, const char *password, int ckmc_get_data_alias_list(ckmc_alias_list_s **ppalias_list); - - /** - * @brief Creates RSA private/public key pair and stores them inside key manager based on each - * policy. - * + * @brief Creates RSA private/public key pair and stores them inside key manager based on each policy. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] size The size of key strength to be created \n - * @c 1024, @c 2048, and @c 4096 are supported - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] size The size of key strength to be created \n + * @c 1024, @c 2048, and @c 4096 are supported + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_dsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() */ -int ckmc_create_key_pair_rsa(const size_t size, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key); +int ckmc_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); + /** - * @brief Creates DSA private/public key pair and stores them inside key manager based on each - * policy. - * + * @brief Creates DSA private/public key pair and stores them inside key manager based on each policy. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] size The size of key strength to be created \n - * @c 1024, @c 2048, @c 3072 and @c 4096 are supported - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] size The size of key strength to be created \n + * @c 1024, @c 2048, @c 3072 and @c 4096 are supported + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() */ -int ckmc_create_key_pair_dsa(const size_t size, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key); +int ckmc_create_key_pair_dsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); + /** - * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each - * policy. - * + * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each policy. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] type The type of elliptic curve of ECDSA - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] type The type of elliptic curve of ECDSA + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_dsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() * @see #ckmc_ec_type_e */ -int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key); +int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); + /** * @brief Creates AES key and stores it inside key manager based on the policy. - * * @since_tizen 3.0 - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] size The size of key strength to be created \n - * @c 128, @c 192 and @c 256 are supported - * @param[in] key_alias The name of key to be stored - * @param[in] key_policy The policy about how to store the key securely - * + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] size The size of key strength to be created \n + * @c 128, @c 192 and @c 256 are supported + * @param[in] key_alias The name of key to be stored + * @param[in] key_policy The policy about how to store the key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_dsa() * @see ckmc_create_key_pair_ecdsa() * @see #ckmc_policy_s */ -int ckmc_create_key_aes(size_t size, - const char *key_alias, - ckmc_policy_s key_policy); +int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_policy); + /** * @brief Creates a signature on a given message using a private key and returns the signature. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password of policy is provided during storing a key, the same password should be - * provided. - * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is - * no longer needed. - * - * @param[in] private_key_alias The name of private key - * @param[in] password The password used in decrypting a private key value - * @param[in] message The message that is signed with a private key - * @param[in] hash The hash algorithm used in creating signature - * @param[in] padding The RSA padding algorithm used in creating signature \n - * It is used only when the signature algorithm is RSA - * @param[out] ppsignature The pointer to a newly created signature \n - * If an error occurs, @a *ppsignature will be null - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password of policy is provided during storing a key, the same password should be provided. + * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is no longer needed. + * @param[in] private_key_alias The name of private key + * @param[in] password The password used in decrypting a private key value + * @param[in] message The message that is signed with a private key + * @param[in] hash The hash algorithm used in creating signature + * @param[in] padding The RSA padding algorithm used in creating signature \n + * It is used only when the signature algorithm is RSA + * @param[out] ppsignature The pointer to a newly created signature \n + * If an error occurs, @a *ppsignature will be null * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_verify_signature() @@ -759,344 +552,233 @@ int ckmc_create_key_aes(size_t size, * @see #ckmc_hash_algo_e * @see #ckmc_rsa_padding_algo_e */ -int ckmc_create_signature(const char *private_key_alias, - const char *password, - const ckmc_raw_buffer_s message, - const ckmc_hash_algo_e hash, - const ckmc_rsa_padding_algo_e padding, - ckmc_raw_buffer_s **ppsignature); +int ckmc_create_signature(const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature); + /** - * @brief Verifies a given signature on a given message using a public key and returns the signature - * status. - * + * @brief Verifies a given signature on a given message using a public key and returns the signature status. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password of policy is provided during storing a key, the same password should be - * provided. - * - * @param[in] public_key_alias The name of public key - * @param[in] password The password used in decrypting a public key value - * @param[in] message The input on which the signature is created - * @param[in] signature The signature that is verified with public key - * @param[in] hash The hash algorithm used in verifying signature - * @param[in] padding The RSA padding algorithm used in verifying signature \n - * It is used only when the signature algorithm is RSA - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password of policy is provided during storing a key, the same password should be provided. + * @param[in] public_key_alias The name of public key + * @param[in] password The password used in decrypting a public key value + * @param[in] message The input on which the signature is created + * @param[in] signature The signature that is verified with public key + * @param[in] hash The hash algorithm used in verifying signature + * @param[in] padding The RSA padding algorithm used in verifying signature \n + * It is used only when the signature algorithm is RSA * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_verify_signature() * @see #ckmc_hash_algo_e * @see #ckmc_rsa_padding_algo_e */ -int ckmc_verify_signature(const char *public_key_alias, - const char *password, - const ckmc_raw_buffer_s message, - const ckmc_raw_buffer_s signature, - const ckmc_hash_algo_e hash, - const ckmc_rsa_padding_algo_e padding); +int ckmc_verify_signature(const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding); + /** * @brief Verifies a certificate chain and returns that chain. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks The trusted root certificate of the chain should exist in the system's certificate - * storage. - * @remarks You must destroy the newly created @a ppcert_chain_list by calling - * ckmc_cert_list_all_free() if it is no longer needed. - * - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate - * chain + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks The trusted root certificate of the chain should exist in the system's certificate storage. + * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed. + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null - * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain(const ckmc_cert_s *cert, - const ckmc_cert_list_s *untrustedcerts, - ckmc_cert_list_s **ppcert_chain_list); +int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_get_cert_chain() instead] - * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that - * chain. - * + * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that chain. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks The trusted root certificate of the chain should exist in the system's certificate - * storage. - * @remarks You must destroy the newly created @a ppcert_chain_list by calling - * ckmc_cert_list_all_free() if it is no longer needed. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks The trusted root certificate of the chain should exist in the system's certificate storage. + * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed. * @remarks @a untrustedcerts shouldn't be protected with optional password. - * - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager - * to be used in verifying a certificate chain + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null - * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Some certificates were encrypted with password and could not - * be used - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Some certificates were encrypted with password and could not be used * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_get_cert_chain() * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, - const ckmc_alias_list_s *untrustedcerts, - ckmc_cert_list_s **ppcert_chain_list) -TIZEN_DEPRECATED_API; +int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) TIZEN_DEPRECATED_API; + /** - * @brief Verifies a certificate chain and returns that chain using user entered trusted and - * untrusted CA certificates. - * + * @brief Verifies a certificate chain and returns that chain using user-entered, trusted, and untrusted CA certificates. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If the trusted root certificates are provided as a user input, these certificates do not - * need to exist in the system's certificate storage. - * @remarks You must destroy the newly created @a ppcert_chain_list by calling - * ckmc_cert_list_all_free() if it is no longer needed. - * - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a - * certificate chain - * @param[in] trustedcerts The trusted CA certificates to be used in verifying a - * certificate chain - * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates - * in the system's certificate storage + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If the trusted root certificates are provided as a user input, these certificates do not need to exist in the system's certificate storage. + * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed. + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain + * @param[in] trustedcerts The trusted CA certificates to be used in verifying a certificate chain + * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates in the system's certificate storage * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null - * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert, - const ckmc_cert_list_s *untrustedcerts, - const ckmc_cert_list_s *trustedcerts, - const bool use_trustedsystemcerts, - ckmc_cert_list_s **ppcert_chain_list); +int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, const ckmc_cert_list_s *trustedcerts, const bool use_trustedsystemcerts, ckmc_cert_list_s **ppcert_chain_list); + /** - * @brief Perform OCSP which checks certificate is whether revoked or not. - * + * @brief Perform OCSP that checks certificate is whether revoked or not. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif * @privlevel public * @privilege %http://tizen.org/privilege/internet - * - * @remarks %http://tizen.org/privilege/internet (public level privilege) is required - * to use this API instead of %http://tizen.org/privilege/keymanager (public - * level privilege) since 3.0. - * - * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check - * @param[out] ocsp_status The pointer to status result of OCSP check - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported - * + * @remarks %http://tizen.org/privilege/internet (public level privilege) is required to use this API instead of %http://tizen.org/privilege/keymanager (public level privilege) since 3.0. + * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check + * @param[out] ocsp_status The pointer to status result of OCSP check + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported * @pre User is already logged in and the user key is already loaded into memory in plain text form. * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or * ckmc_get_certificate_chain_with_alias(). - * * @see ckmc_get_cert_chain()) * @see ckmc_cert_list_all_free() */ -int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, - ckmc_ocsp_status_e *ocsp_status); +int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead] * @brief Allows another application to access client's application data. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks Data identified by @a alias should exist. - * - * @param[in] alias Data alias for which access will be granted - * @param[in] accessor Package id of the application that will gain access rights - * @param[in] granted Rights granted for @a accessor application - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @param[in] alias Data alias for which access will be granted + * @param[in] accessor Package id of the application that will gain access rights + * @param[in] granted Rights granted for @a accessor application + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_deny_access() */ -int ckmc_allow_access(const char *alias, const char *accessor, - ckmc_access_right_e granted) -TIZEN_DEPRECATED_API; +int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted) TIZEN_DEPRECATED_API; + /** * @brief Allows another application to access client's application data. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks Data identified by @a alias should exist. - * - * @param[in] alias Data alias for which access will be granted - * @param[in] accessor Package id of the application that will gain access rights + * @param[in] alias Data alias for which access will be granted + * @param[in] accessor Package id of the application that will gain access rights * @param[in] permissions Mask of permissions granted for @a accessor application * (#ckmc_permission_e) * (previous permission mask will be replaced with the new mask value) - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. */ -int ckmc_set_permission(const char *alias, const char *accessor, - int permissions); +int ckmc_set_permission(const char *alias, const char *accessor, int permissions); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead] * @brief Revokes another application's access to client's application data. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks Data identified by @a alias should exist. * @remarks Only access previously granted with ckmc_allow_access can be revoked. - * - * @param[in] alias Data alias for which access will be revoked - * @param[in] accessor Package id of the application that will lose access rights - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't - * have access to @a alias - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @param[in] alias Data alias for which access will be revoked + * @param[in] accessor Package id of the application that will lose access rights + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't have access to @a alias + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_allow_access() * @see ckmc_set_permission() */ -int ckmc_deny_access(const char *alias, const char *accessor) -TIZEN_DEPRECATED_API; +int ckmc_deny_access(const char *alias, const char *accessor) TIZEN_DEPRECATED_API; + /** - * @brief Removes a an entry (no matter of type) from the key manager. - * + * @brief Removes an entry (no matter of type) from the key manager. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove item, client must have remove permission to the specified item. * @remarks The item owner can remove by default. - * * @param[in] alias Item alias to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_save_cert() * @see ckmc_save_data() @@ -1107,44 +789,35 @@ TIZEN_DEPRECATED_API; */ int ckmc_remove_alias(const char *alias); + /** * @brief Encrypts data using selected key and algorithm. - * * @since_tizen 3.0 - * * @remarks Key identified by @a key_alias should exist. - * - * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and - * #ckmc_algo_type_e for details - * @param[in] key_alias Alias of the key to be used for encryption - * @param[in] password The password used in decrypting a key value \n - * If password of policy is provided in ckmc_save_key(), the same - * password should be provided - * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no - * restrictions on the size of data. For RSA the size must be smaller - * or equal to key size in bytes - 42. Example: for 1024 RSA key the - * maximum data size is 1024/8 - 42 = 86. - * @param[out] ppencrypted Encrypted data (some algorithms may return additional information - * embedded in encrypted data. AES GCM is an example) \n - * The caller is responsible for freeing @a encrypted with - * ckmc_buffer_free() - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid - * mandatory algorithm parameter, decrypted = NULL, - * ppencrypted = NULL) - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Key decryption failed because password is incorrect - * + * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and + * #ckmc_algo_type_e for details + * @param[in] key_alias Alias of the key to be used for encryption + * @param[in] password The password used in decrypting a key value \n + * If password of the policy is provided in ckmc_save_key(), the same + * password should be provided + * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no restrictions on the size of data. + * For RSA the size must be smaller or equal to key size in bytes - 42. + * Example: for 1024 RSA key the maximum data size is 1024/8 - 42 = 86 + * @param[out] ppencrypted Encrypted data (some algorithms may return additional information embedded in encrypted data. + * AES GCM is an example) \n + * The caller is responsible for freeing @a encrypted with ckmc_buffer_free() + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, decrypted = NULL, + * ppencrypted = NULL) + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_buffer_free() * @see ckmc_param_list_new() * @see ckmc_param_list_free() @@ -1155,48 +828,33 @@ int ckmc_remove_alias(const char *alias); * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_encrypt_data(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s decrypted, - ckmc_raw_buffer_s **ppencrypted); +int ckmc_encrypt_data(ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s decrypted, ckmc_raw_buffer_s **ppencrypted); + /** * @brief Decrypts data using selected key and algorithm. - * * @since_tizen 3.0 - * * @remarks Key identified by @a key_alias should exist. - * - * @param[in] params Algorithm parameter list handle. You should use the same parameters - * that were used for encryption. See #ckmc_param_list_h and - * #ckmc_algo_type_e for details - * @param[in] key_alias Alias of the key to be used for encryption - * @param[in] password The password used in decrypting a key value \n - * If password of policy is provided in ckmc_save_key(), the same - * password should be provided - * @param[in] encrypted Data to be decrypted (some algorithms may require additional - * information embedded in encrypted data. AES GCM is an example) - * @param[out] ppdecrypted Decrypted data \n - * The caller is responsible for freeing @a decrypted with - * ckmc_buffer_free() - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid - * mandatory algorithm parameter, encrypted = NULL, - * ppdecrypted = NULL) - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Key decryption failed because password is incorrect - * + * @param[in] params Algorithm parameter list handle. You should use the same parameters that were used for encryption. + * See #ckmc_param_list_h and #ckmc_algo_type_e for details + * @param[in] key_alias Alias of the key to be used for encryption + * @param[in] password The password used in decrypting a key value \n + * If password of the policy is provided in ckmc_save_key(), the same password should be provided + * @param[in] encrypted Data to be decrypted (some algorithms may require additional information embedded in encrypted data. AES GCM is an example) + * @param[out] ppdecrypted Decrypted data \n + * The caller is responsible for freeing @a decrypted with ckmc_buffer_free() + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, encrypted = NULL, + * ppdecrypted = NULL) + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_buffer_free() * @see ckmc_param_list_new() * @see ckmc_param_list_free() @@ -1207,16 +865,14 @@ int ckmc_encrypt_data(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_decrypt_data(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s encrypted, - ckmc_raw_buffer_s **ppdecrypted); +int ckmc_decrypt_data(ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s encrypted, ckmc_raw_buffer_s **ppdecrypted); + #ifdef __cplusplus } #endif + /** * @} */ diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h index 86e99fe..949fbec 100644 --- a/src/include/ckmc/ckmc-type.h +++ b/src/include/ckmc/ckmc-type.h @@ -1,31 +1,34 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License * * - * @file ckmc-type.h - * @version 1.0 - * @brief Definitions of struct for the Key Manager's CAPI and their utility functions. + * @file ckmc-type.h + * @version 1.0 + * @brief Definitions of struct for the Key Manager's CAPI and their utility functions. */ + #ifndef __TIZEN_CORE_CKMC_TYPE_H #define __TIZEN_CORE_CKMC_TYPE_H + #include #include #include + #define KEY_MANAGER_CAPI __attribute__((visibility("default"))) @@ -33,251 +36,258 @@ extern "C" { #endif + /** * @addtogroup CAPI_KEY_MANAGER_TYPES_MODULE * @{ */ + /* * Note: on tizen 3.0 owner id is equal to pkgId. * Preinstalled system(uid < 5000) and user (uid >= 5000) applications - * does not have any pkgId. Thats why ckm uses special "virtual" + * does not have any pkgId. That's why ckm uses special "virtual" * pkgid for them. The virtual strings are defined under: - * ckmc_owner_id_system + * ckmc_owner_id_system */ + /** * @deprecated Deprecated since 3.0. [Use ckmc_owner_id_separator instead] * @brief Separator between alias and label. - * * @since_tizen 2.3 - * * @remarks Alias can be provided as an alias alone, or together with label - in this * case, separator " " (space bar) is used to separate label and alias. - * * @see #ckmc_owner_id_separator */ KEY_MANAGER_CAPI extern char const *const ckmc_label_name_separator; + /** * @brief Separator between alias and owner id. - * * @since_tizen 3.0 - * * @remarks Alias can be provided as an alias alone, or together with owner id. * In this case, separator " " (space bar) is used to separate id and alias. - * * @see ckmc_alias_new() */ KEY_MANAGER_CAPI extern char const *const ckmc_owner_id_separator; + /** * @brief The owner of system database. - * * @since_tizen 3.0 - * - * @remarks #ckmc_owner_id_system constains id connected with all system applications - * that run with uid less than 5000. - * @remarks Client should use #ckmc_owner_id_system to access data owned by system - * application and stored in system database. - * @remarks Client must have permission to access proper row. - * + * @remarks #ckmc_owner_id_system constains id connected with all system applications that run with uid less than 5000. + * Client should use #ckmc_owner_id_system to access data owned by system application and stored in system database. + * Client must have permission to access proper row. * @see ckmc_alias_new() */ KEY_MANAGER_CAPI extern char const *const ckmc_owner_id_system; + /** * @brief Enumeration for key types of key manager. * @since_tizen 2.3 */ typedef enum __ckmc_key_type { - CKMC_KEY_NONE = 0, /**< Key type not specified */ - CKMC_KEY_RSA_PUBLIC, /**< RSA public key */ - CKMC_KEY_RSA_PRIVATE, /**< RSA private key */ - CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */ - CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */ - CKMC_KEY_DSA_PUBLIC, /**< DSA public key */ - CKMC_KEY_DSA_PRIVATE, /**< DSA private key */ - CKMC_KEY_AES, /**< AES key */ + CKMC_KEY_NONE = 0, /**< Key type not specified */ + CKMC_KEY_RSA_PUBLIC, /**< RSA public key */ + CKMC_KEY_RSA_PRIVATE, /**< RSA private key */ + CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */ + CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */ + CKMC_KEY_DSA_PUBLIC, /**< DSA public key */ + CKMC_KEY_DSA_PRIVATE, /**< DSA private key */ + CKMC_KEY_AES, /**< AES key */ } ckmc_key_type_e; + /** * @brief Enumeration for data format. * @since_tizen 2.3 */ typedef enum __ckmc_data_format { - CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */ - CKMC_FORM_DER, /**< DER encoded data */ - CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded - with additional header and footer lines. */ + CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */ + CKMC_FORM_DER, /**< DER encoded data */ + CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded + with additional header and footer lines. */ } ckmc_data_format_e; + /** * @brief Enumeration for elliptic curve. * @since_tizen 2.3 */ typedef enum __ckmc_ec_type { - CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended - elliptic curve domain */ - CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */ - CKMC_EC_SECP384R1 /**< NIST curve P-384(covers "secp384r1", the elliptic curve domain - listed in See SEC 2 */ + CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended + elliptic curve domain */ + CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */ + CKMC_EC_SECP384R1 /**< NIST curve P-384(covers "secp384r1", the elliptic curve domain + listed in See SEC 2 */ } ckmc_ec_type_e; + /** * @brief Enumeration for hash algorithm. * @since_tizen 2.3 */ typedef enum __ckmc_hash_algo { - CKMC_HASH_NONE = 0, /**< No Hash Algorithm */ - CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */ - CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */ - CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */ - CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */ + CKMC_HASH_NONE = 0, /**< No Hash Algorithm */ + CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */ + CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */ + CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */ + CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */ } ckmc_hash_algo_e; + /** * @brief Enumeration for RSA padding algorithm. * @since_tizen 2.3 */ typedef enum __ckmc_rsa_padding_algo { - CKMC_NONE_PADDING = 0, /**< No Padding */ - CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */ - CKMC_X931_PADDING /**< X9.31 padding */ + CKMC_NONE_PADDING = 0, /**< No Padding */ + CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */ + CKMC_X931_PADDING /**< X9.31 padding */ } ckmc_rsa_padding_algo_e; + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_permission_e() instead] * @brief Enumeration for database access rights. * @since_tizen 2.3 */ typedef enum __ckmc_access_right { - CKMC_AR_READ = 0, /**< Access right for read*/ - CKMC_AR_READ_REMOVE /**< Access right for read and remove*/ + CKMC_AR_READ = 0, /**< Access right for read*/ + CKMC_AR_READ_REMOVE /**< Access right for read and remove*/ } ckmc_access_right_e; + /** * @brief Enumeration for permissions to access/modify alias. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef enum __ckmc_permission { - CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */ - CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */ - CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */ + CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */ + CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */ + CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */ } ckmc_permission_e; + /** * @brief The structure for binary buffer used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_raw_buff { unsigned char *data; /**< Byte array containing binary data */ - size_t size; /**< The size of the binary data */ + size_t size; /**< The size of the binary data */ } ckmc_raw_buffer_s; + /** * @brief The structure for a policy for storing key/certificate/binary data. * @since_tizen 2.3 */ typedef struct __ckmc_policy { - char *password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data - (or key, or certificate) is stored encrypted with this password inside - key manager */ + char *password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data + (or key, or certificate) is stored encrypted with this password inside + key manager */ bool extractable; /**< If true key may be extracted from storage */ } ckmc_policy_s; + /** * @brief The structure for key used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_key { unsigned char - *raw_key; /**< Byte array of key. raw_key may be encrypted with password */ - size_t key_size; /**< The byte size of raw_key */ + *raw_key; /**< Byte array of key. raw_key may be encrypted with password */ + size_t key_size; /**< The byte size of raw_key */ ckmc_key_type_e key_type; /**< The raw_key's type */ - char *password; /**< Byte array used to decrypt data raw_key inside key manager. */ + char *password; /**< Byte array used to decrypt data raw_key inside key manager. */ } ckmc_key_s; + /** * @brief The structure for certificate used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_cert { - unsigned char *raw_cert; /**< Byte array of certificate */ - size_t cert_size; /**< Byte size of raw_cert */ + unsigned char *raw_cert; /**< Byte array of certificate */ + size_t cert_size; /**< Byte size of raw_cert */ ckmc_data_format_e data_format; /**< Raw_cert's encoding format */ } ckmc_cert_s; + /** * @brief The structure for linked list of alias. * @since_tizen 2.3 */ typedef struct __ckmc_alias_list { - char *alias; /**< The name of key, certificate or data stored in key manager */ + char *alias; /**< The name of key, certificate or data stored in key manager */ struct __ckmc_alias_list *next; /**< The pointer pointing to the next ckmc_alias_list_s */ } ckmc_alias_list_s; + /** * @brief The structure for linked list of ckmc_cert_s * @since_tizen 2.3 */ typedef struct __ckmc_cert_list { - ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */ + ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */ struct __ckmc_cert_list *next; /**< The pointer pointing to the next ckmc_cert_list_s */ } ckmc_cert_list_s; + /** * @brief Enumeration for OCSP status. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef enum __ckmc_ocsp_status { - CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */ - CKMC_OCSP_STATUS_REVOKED, /**< The certificate is revoked */ - CKMC_OCSP_STATUS_UNKNOWN, /**< Unknown error */ - CKMC_OCSP_ERROR_UNSUPPORTED, /**< The certificate does not provide OCSP extension */ - CKMC_OCSP_ERROR_INVALID_URL, /**< The invalid URL in certificate OCSP extension */ - CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< The invalid response from OCSP server */ - CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */ - CKMC_OCSP_ERROR_NET, /**< Network connection error */ - CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */ + CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */ + CKMC_OCSP_STATUS_REVOKED, /**< The certificate is revoked */ + CKMC_OCSP_STATUS_UNKNOWN, /**< Unknown error */ + CKMC_OCSP_ERROR_UNSUPPORTED, /**< The certificate does not provide OCSP extension */ + CKMC_OCSP_ERROR_INVALID_URL, /**< The invalid URL in certificate OCSP extension */ + CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< The invalid response from OCSP server */ + CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */ + CKMC_OCSP_ERROR_NET, /**< Network connection error */ + CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */ } ckmc_ocsp_status_e; + /** * @brief The structure for PKCS12 used in key manager CAPI. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef struct __ckmc_pkcs12 { - ckmc_key_s *priv_key; /**< The private key, may be null */ - ckmc_cert_s *cert; /**< The certificate, may be null */ + ckmc_key_s *priv_key; /**< The private key, may be null */ + ckmc_cert_s *cert; /**< The certificate, may be null */ ckmc_cert_list_s *ca_chain; /**< The chain certificate list, may be null */ } ckmc_pkcs12_s; + /** * @brief Enumeration for crypto algorithm parameters. * @since_tizen 3.0 - * * @see #ckmc_algo_type_e */ typedef enum __ckmc_param_name { CKMC_PARAM_ALGO_TYPE = 1, - CKMC_PARAM_ED_IV = 101, /**< 16B buffer (up to 2^64-1 bytes long in case of AES GCM) */ - CKMC_PARAM_ED_CTR_LEN, /**< integer - ctr length in bits*/ - CKMC_PARAM_ED_AAD, /**< buffer */ - CKMC_PARAM_ED_TAG_LEN, /**< integer - tag length in bits */ - CKMC_PARAM_ED_LABEL /**< buffer */ + CKMC_PARAM_ED_IV = 101, /**< 16B buffer (up to 2^64-1 bytes long in case of AES GCM) */ + CKMC_PARAM_ED_CTR_LEN, /**< integer - ctr length in bits*/ + CKMC_PARAM_ED_AAD, /**< buffer */ + CKMC_PARAM_ED_TAG_LEN, /**< integer - tag length in bits */ + CKMC_PARAM_ED_LABEL /**< buffer */ } ckmc_param_name_e; + /** - * @brief Handle for algorithm parameter list. + * @brief Algorithm parameter list handle. * @since_tizen 3.0 - * - * @remarks Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the - * algorithm. - * @remarks See #ckmc_algo_type_e for available algorithms and additional parameters they support. - * + * @remarks Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the algorithm. + * See #ckmc_algo_type_e for available algorithms and additional parameters they support. * @see ckmc_generate_new_params() * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() @@ -290,238 +300,189 @@ typedef enum __ckmc_param_name { */ typedef struct __ckmc_param_list *ckmc_param_list_h; + /** * @brief Enumeration for crypto algorithm types. * @since_tizen 3.0 - * * @see #ckmc_param_name_e */ typedef enum __ckmc_algo_type { - CKMC_ALGO_AES_CTR = 1, /**< AES-CTR algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CTR(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) - - CKMC_PARAM_ED_CTR_LEN = length of counter block in bits - (optional, only 128b is supported at the moment) */ - - CKMC_ALGO_AES_CBC, /**< AES-CBC algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CBC(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ - - CKMC_ALGO_AES_GCM, /**< AES-GCM algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_GCM(mandatory), - - CKMC_PARAM_ED_IV = initialization vector(mandatory) - - CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of - {32, 64, 96, 104, 112, 120, 128} (optional, if not present the - length 128 is used) - - CKMC_PARAM_ED_AAD = additional authentication data(optional) */ - - CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CFB(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ - - CKMC_ALGO_RSA_OAEP /**< RSA-OAEP algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_RSA_OAEP(required), - - CKMC_PARAM_ED_LABEL = label to be associated with the message - (optional, not supported at the moment) */ + CKMC_ALGO_AES_CTR = 1, /**< AES-CTR algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CTR(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) + - CKMC_PARAM_ED_CTR_LEN = length of counter block in bits + (optional, only 128b is supported at the moment) */ + + CKMC_ALGO_AES_CBC, /**< AES-CBC algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CBC(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ + + CKMC_ALGO_AES_GCM, /**< AES-GCM algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_GCM(mandatory), + - CKMC_PARAM_ED_IV = initialization vector(mandatory) + - CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of + {32, 64, 96, 104, 112, 120, 128} (optional, if not present, the + length 128 is used) + - CKMC_PARAM_ED_AAD = additional authentication data(optional) */ + + CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CFB(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ + + CKMC_ALGO_RSA_OAEP /**< RSA-OAEP algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_RSA_OAEP(required), + - CKMC_PARAM_ED_LABEL = label to be associated with the message + (optional, not supported at the moment) */ } ckmc_algo_type_e; + /** * @brief Creates a new full alias which is a concatenation of @a owner_id and @a alias. - * * @since_tizen 3.0 - * * @remarks @a full_alias should be freed with free() after use. * @remarks Returns #CKMC_ERROR_INVALID_PARAMETER if any of parameter is NULL. * @remarks Returns #CKMC_ERROR_INVALID_PARAMETER if @a owner_id is empty. - * - * @param[in] owner_id Data owner's id. This should be package id if data owner is - * application. If you want to access data stored by system - * services, it should be #ckmc_owner_id_system - * @param[in] alias Data alias - * @param[out] full_alias The newly created alias which is a concatenation of - * @a owner_id, #ckmc_owner_id_separator and @a alias. - * Destroy by free() after use - * - * @return #CKMC_ERROR_NONE on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @param[in] owner_id Data owner's id. This should be package id if data owner is + * application. If you want to access data stored by system + * services, it should be #ckmc_owner_id_system + * @param[in] alias Data alias + * @param[out] full_alias The newly created alias which is a concatenation of + * @a owner_id, #ckmc_owner_id_separator and @a alias. + * Destroy by free() after use + * @return #CKMC_ERROR_NONE on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see #ckmc_owner_id_separator * @see #ckmc_owner_id_system */ int ckmc_alias_new(const char *owner_id, const char *alias, char **full_alias); + /** * @brief Creates a new #ckmc_key_s handle and returns it. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_key_s by calling ckmc_key_free() if it is no - * longer needed. - * - * @param[in] raw_key The byte array of key \n - * @a raw_key may be encrypted with password + * @remarks You must destroy the newly created #ckmc_key_s by calling ckmc_key_free() if it is no longer needed. + * @param[in] raw_key The byte array of key \n + * @a raw_key may be encrypted with password * @param[in] key_size The byte size of @a raw_key * @param[in] key_type The @a raw_key's type * @param[in] password The byte array used to decrypt @a raw_key inside key manager \n * If @a raw_key is not encrypted, @a password can be null - * @param[out] ppkey The pointer to a newly created #ckmc_key_s handle - * + * @param[out] ppkey The pointer to a newly created #ckmc_key_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_key_free() * @see #ckmc_key_s */ -int ckmc_key_new(unsigned char *raw_key, - size_t key_size, - ckmc_key_type_e key_type, - char *password, ckmc_key_s **ppkey); +int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey); + /** * @brief Destroys the #ckmc_key_s handle and releases all its resources. - * * @since_tizen 2.3 - * * @param[in] key The #ckmc_key_s handle to destroy - * */ void ckmc_key_free(ckmc_key_s *key); + /** * @brief Creates a new #ckmc_raw_buffer_s handle and returns it. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_raw_buffer_s by calling ckmc_buffer_free() if - * it is no longer needed. - * - * @param[in] data The byte array of buffer - * @param[in] size The byte size of buffer - * @param[out] ppbuffer The pointer to a newly created #ckmc_raw_buffer_s handle - * + * @remarks You must destroy the newly created #ckmc_raw_buffer_s by calling ckmc_buffer_free() if it is no longer needed. + * @param[in] data The byte array of buffer + * @param[in] size The byte size of buffer + * @param[out] ppbuffer The pointer to a newly created #ckmc_raw_buffer_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_buffer_free() * @see #ckmc_raw_buffer_s */ -int ckmc_buffer_new(unsigned char *data, size_t size, - ckmc_raw_buffer_s **ppbuffer); +int ckmc_buffer_new(unsigned char *data, size_t size, ckmc_raw_buffer_s **ppbuffer); + /** * @brief Destroys the #ckmc_raw_buffer_s handle and releases all its resources. - * * @since_tizen 2.3 - * * @param[in] buffer The #ckmc_raw_buffer_s structure to destroy - * */ void ckmc_buffer_free(ckmc_raw_buffer_s *buffer); + /** * @brief Creates a new #ckmc_cert_s handle and returns it. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is - * no longer needed. - * - * @param[in] raw_cert The byte array of certificate - * @param[in] cert_size The byte size of raw_cert - * @param[in] data_format The encoding format of raw_cert - * @param[out] ppcert The pointer to a newly created #ckmc_cert_s handle - * + * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is no longer needed. + * @param[in] raw_cert The byte array of certificate + * @param[in] cert_size The byte size of raw_cert + * @param[in] data_format The encoding format of raw_cert + * @param[out] ppcert The pointer to a newly created #ckmc_cert_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_cert_free() * @see ckmc_load_cert_from_file() * @see #ckmc_cert_s */ -int ckmc_cert_new(unsigned char *raw_cert, - size_t cert_size, - ckmc_data_format_e data_format, - ckmc_cert_s **ppcert); +int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert); + /** * @brief Destroys the #ckmc_cert_s handle and releases all its resources. - * * @since_tizen 2.3 - * * @param[in] cert The #ckmc_cert_s handle to destroy - * * @see ckmc_load_cert_from_file() */ void ckmc_cert_free(ckmc_cert_s *cert); + /** * @brief Creates a new #ckmc_cert_s handle from a given file and returns it. - * * @since_tizen 2.3 - * - * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is - * no longer needed. - * - * @param[in] file_path The path of certificate file to be loaded \n - * The only DER or PEM encoded certificate file is supported - * @param[out] cert The pointer of newly created #ckmc_cert_s handle - * + * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is no longer needed. + * @param[in] file_path The path of certificate file to be loaded \n + * The only DER or PEM encoded certificate file is supported + * @param[out] cert The pointer of newly created #ckmc_cert_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed * @see ckmc_cert_free() * @see #ckmc_cert_s */ int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert); + /** * @brief Creates a new #ckmc_pkcs12_s handle and returns it. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it - * is no longer needed. - * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly - * returned ckmc_pkcs12_s. - * - * @param[in] private_key #ckmc_key_s handle to the private key (optional) - * @param[in] cert #ckmc_cert_s handle to the certificate (optional) - * @param[in] ca_cert_list #ckmc_cert_list_s list of chain certificate handles (optional) - * @param[out] pkcs12_bundle The pointer to a newly created #ckmc_pkcs12_s handle - * + * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it is no longer needed. + * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly returned ckmc_pkcs12_s. + * @param[in] private_key #ckmc_key_s handle to the private key (optional) + * @param[in] cert #ckmc_cert_s handle to the certificate (optional) + * @param[in] ca_cert_list #ckmc_cert_list_s list of chain certificate handles (optional) + * @param[out] pkcs12_bundle The pointer to a newly created #ckmc_pkcs12_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and - * ca_cert_list all are null - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and ca_cert_list all are null + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_pkcs12_free() * @see ckmc_pkcs12_load() * @see #ckmc_key_s @@ -529,40 +490,30 @@ int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert); * @see #ckmc_cert_list_s * @see #ckmc_pkcs12_s */ -int ckmc_pkcs12_new(ckmc_key_s *private_key, - ckmc_cert_s *cert, - ckmc_cert_list_s *ca_cert_list, - ckmc_pkcs12_s **pkcs12_bundle); +int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert, ckmc_cert_list_s *ca_cert_list, ckmc_pkcs12_s **pkcs12_bundle); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_pkcs12_load() instead] - * @brief Creates a new #ckmc_key_s (@a private_key), #ckmc_cert_s (@a cert), and - * #ckmc_cert_list_s (@a ca_cert_list) handle from a given PKCS#12 file and returns them. - * + * @brief Creates a new #ckmc_key_s (@a private_key), #ckmc_cert_s (@a cert), and #ckmc_cert_list_s (@a ca_cert_list) handle from a given PKCS#12 file and returns them. * @since_tizen 2.3 - * * @remarks You must destroy the newly created #ckmc_key_s, #ckmc_cert_s, and * #ckmc_cert_list_s by calling ckmc_key_free(), ckmc_cert_free(), and * ckmc_cert_list_all_free() if they are no longer needed. - * - * @param[in] file_path The path of PKCS12 file to be loaded - * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n - * If PKCS12 file is not encrypted, passphrase can be null - * @param[out] private_key The pointer of newly created #ckmc_key_s handle for a private key - * @param[out] cert The pointer of newly created #ckmc_cert_s handle for a certificate \n - * It is null if the PKCS12 file does not contain a certificate - * @param[out] ca_cert_list The pointer of newly created #ckmc_cert_list_s handle for CA - * certificates \n + * @param[in] file_path The path of PKCS12 file to be loaded + * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n + * If PKCS12 file is not encrypted, passphrase can be null + * @param[out] private_key The pointer of newly created #ckmc_key_s handle for a private key + * @param[out] cert The pointer of newly created #ckmc_cert_s handle for a certificate \n + * It is null if the PKCS12 file does not contain a certificate + * @param[out] ca_cert_list The pointer of newly created #ckmc_cert_list_s handle for CA certificates \n * It is null if the PKCS12 file does not contain CA certificates - * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed * @see ckmc_pkcs12_new() * @see ckmc_pkcs12_load() * @see ckmc_key_free() @@ -572,230 +523,164 @@ int ckmc_pkcs12_new(ckmc_key_s *private_key, * @see #ckmc_cert_s * @see #ckmc_cert_list_s */ -int ckmc_load_from_pkcs12_file(const char *file_path, - const char *passphrase, - ckmc_key_s **private_key, ckmc_cert_s **cert, - ckmc_cert_list_s **ca_cert_list) -TIZEN_DEPRECATED_API; +int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **cert, ckmc_cert_list_s **ca_cert_list) TIZEN_DEPRECATED_API; + /** * @brief Creates a new #ckmc_pkcs12_s handle from a given PKCS#12 file and returns it. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if - * they are no longer needed. - * - * @param[in] file_path The path of PKCS12 file to be loaded - * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n - * If PKCS12 file is not encrypted, passphrase can be null - * @param[out] pkcs12_bundle The pointer of newly created #ckmc_cert_list_s handle for CA - * certificates \n - * It is null if the PKCS12 file does not contain CA certificates - * + * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if they are no longer needed. + * @param[in] file_path The path of PKCS12 file to be loaded + * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n + * If PKCS12 file is not encrypted, passphrase can be null + * @param[out] pkcs12_bundle The pointer of newly created #ckmc_cert_list_s handle for CA certificates \n + * It is null if the PKCS12 file does not contain CA certificates * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed * @see ckmc_pkcs12_free() * @see #ckmc_pkcs12_s */ -int ckmc_pkcs12_load(const char *file_path, - const char *passphrase, - ckmc_pkcs12_s **pkcs12_bundle); +int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_s **pkcs12_bundle); + /** * @brief Destroys the #ckmc_pkcs12_s handle and releases all its resources. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * * @param[in] pkcs12 The #ckmc_pkcs12_s handle to destroy - * * @see ckmc_pkcs12_new() * @see ckmc_pkcs12_load() */ void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12); + /** * @brief Creates a new #ckmc_alias_list_s handle and returns it. - * The alias pointer in the returned #ckmc_alias_list_s handle points to the provided - * characters and next is null. - * + * The alias pointer in the returned #ckmc_alias_list_s handle points to the provided characters and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * * @remarks You must destroy the newly created #ckmc_alias_list_s - * by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer - * needed. - * - * @param[in] alias The first item to be set in the newly created #ckmc_alias_list_s + * by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer needed. + * @param[in] alias The first item to be set in the newly created #ckmc_alias_list_s * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle - * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list); + /** - * @brief Creates a new #ckmc_alias_list_s handle, adds it to a previous #ckmc_alias_list_s and - * returns it. The alias pointer in the returned #ckmc_alias_list_s handle points to the - * provided characters and next is null. - * + * @brief Creates a new #ckmc_alias_list_s handle, adds it to a previous #ckmc_alias_list_s and returns it. + * The alias pointer in the returned #ckmc_alias_list_s handle points to the provided characters and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @param[in] previous The last #ckmc_alias_list_s handle to which a newly created - * #ckmc_alias_list_s is added - * @param[in] alias The item to be set in the newly created #ckmc_alias_list_s - * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle - * + * @param[in] previous The last #ckmc_alias_list_s handle to which a newly created #ckmc_alias_list_s is added + * @param[in] alias The item to be set in the newly created #ckmc_alias_list_s + * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ -int ckmc_alias_list_add(ckmc_alias_list_s *previous, - char *alias, - ckmc_alias_list_s **pplast); +int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast); + /** - * @brief Destroys the #ckmc_alias_list_s handle and releases resources of #ckmc_alias_list_s - * from the provided first handle cascadingly. - * + * @brief Destroys the #ckmc_alias_list_s handle and releases resources of #ckmc_alias_list_s from the provided first handle cascadingly. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * * @remarks It does not destroy an alias itself in #ckmc_alias_list_s. - * * @param[in] first The first #ckmc_alias_list_s handle to destroy - * * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ void ckmc_alias_list_free(ckmc_alias_list_s *first); + /** - * @brief Destroys the #ckmc_alias_list_s handle and releases all its resources from the provided - * first handle cascadingly. - * + * @brief Destroys the #ckmc_alias_list_s handle and releases all its resources from the provided first handle cascadingly. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * * @remarks It also destroys the alias in #ckmc_alias_list_s. - * * @param[in] first The first #ckmc_alias_list_s handle to destroy - * * @see #ckmc_alias_list_s */ void ckmc_alias_list_all_free(ckmc_alias_list_s *first); + /** * @brief Creates a new #ckmc_cert_list_s handle and returns it. - * The cert pointer in the returned #ckmc_cert_list_s handle points to the provided - * #ckmc_cert_s and next is null. - * + * The cert pointer in the returned #ckmc_cert_list_s handle points to the provided #ckmc_cert_s and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_cert_list_s by calling ckmc_cert_list_free() - * or ckmc_cert_list_all_free() if it is no longer needed. - * - * @param[in] cert The first item to be set in the newly created #ckmc_cert_list_s - * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle - * + * @remarks You must destroy the newly created #ckmc_cert_list_s by calling ckmc_cert_list_free() or ckmc_cert_list_all_free() if it is no longer needed. + * @param[in] cert The first item to be set in the newly created #ckmc_cert_list_s + * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list); + /** - * @brief Creates a new #ckmc_cert_list_s handle, adds it to a previous #ckmc_cert_list_s and - * returns it. The cert pointer in the returned #ckmc_alias_list_s handle points to the - * provided #ckmc_cert_s and next is null. - * + * @brief Creates a new #ckmc_cert_list_s handle, adds it to a previous #ckmc_cert_list_s and returns it. + * The cert pointer in the returned #ckmc_alias_list_s handle points to the provided #ckmc_cert_s and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @param[in] previous The last #ckmc_cert_list_s handle to which a newly created - * #ckmc_cert_list_s is added - * @param[in] cert The item to be set in the newly created #ckmc_cert_list_s - * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle - * + * @param[in] previous The last #ckmc_cert_list_s handle to which a newly created #ckmc_cert_list_s is added + * @param[in] cert The item to be set in the newly created #ckmc_cert_list_s + * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ -int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, - ckmc_cert_list_s **pplast); +int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast); + /** - * @brief Destroys the #ckmc_cert_list_s handle and releases resources of #ckmc_cert_list_s - * from the provided first handle cascadingly. - * + * @brief Destroys the #ckmc_cert_list_s handle and releases resources of #ckmc_cert_list_s from the provided first handle cascadingly. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * * @remarks It does not destroy #ckmc_cert_s itself in #ckmc_cert_list_s. - * * @param[in] first The first #ckmc_cert_list_s handle to destroy - * * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ void ckmc_cert_list_free(ckmc_cert_list_s *first); + /** - * @brief Destroys the #ckmc_cert_list_s handle and releases all its resources from the provided - * first handle cascadingly. - * + * @brief Destroys the #ckmc_cert_list_s handle and releases all its resources from the provided first handle cascadingly. * @since_tizen 2.3 - * * @remarks It also destroys #ckmc_cert_s in #ckmc_cert_list_s. - * * @param[in] first The first #ckmc_cert_list_s handle to destroy - * * @see #ckmc_cert_list_s */ void ckmc_cert_list_all_free(ckmc_cert_list_s *first); + /** * @brief Creates new parameter list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for freeing it with ckmc_param_list_free(). - * - * @param[in] pparams Double pointer to the handle of param list to which the - * newly created algorithm param list will be assigned - * + * @param[in] pparams Double pointer to the handle of param list to which the newly created algorithm param list will be assigned * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() * @see ckmc_param_list_free() @@ -806,27 +691,21 @@ void ckmc_cert_list_all_free(ckmc_cert_list_s *first); */ int ckmc_param_list_new(ckmc_param_list_h *pparams); + /** * @brief Sets integer parameter to the list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() \n - * New param with @a name and @a value will be set` here - * @param[in] name Name of parameter to set \n - * Existing parameter will be overwritten \n - * Passing invalid parameter name will result in an error - * @param[in] value Value of the parameter in form of a integer - * + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() \n + * New param with @a name and @a value will be set here + * @param[in] name Name of parameter to set \n + * Existing parameter will be overwritten \n + * Passing invalid parameter name will result in an error + * @param[in] value Value of the parameter in form of a integer * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_buffer() * @see ckmc_param_list_get_integer() @@ -837,32 +716,24 @@ int ckmc_param_list_new(ckmc_param_list_h *pparams); * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_set_integer(ckmc_param_list_h params, - ckmc_param_name_e name, - uint64_t value); +int ckmc_param_list_set_integer(ckmc_param_list_h params, ckmc_param_name_e name, uint64_t value); + /** * @brief Sets buffer parameter to the list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() - * New param with @a name and @a buffer will be set here - * @param[in] name Name of parameter to set \n - * Existing parameter will be overwritten \n - * Passing invalid parameter name will result in an error - * @param[in] buffer Value of the parameter in form of a buffer \n - * Caller is responsible for creating and freeing the buffer - * + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() + * New param with @a name and @a buffer will be set here + * @param[in] name Name of parameter to set \n + * Existing parameter will be overwritten \n + * Passing invalid parameter name will result in an error + * @param[in] buffer Value of the parameter in form of a buffer \n + * Caller is responsible for creating and freeing the buffer * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_get_integer() @@ -873,29 +744,21 @@ int ckmc_param_list_set_integer(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_set_buffer(ckmc_param_list_h params, - ckmc_param_name_e name, - const ckmc_raw_buffer_s *buffer); +int ckmc_param_list_set_buffer(ckmc_param_list_h params, ckmc_param_name_e name, const ckmc_raw_buffer_s *buffer); + /** * @brief Gets integer parameter from the list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() - * which contains param with @a name - * @param[in] name Name of parameter to get - * @param[out] pvalue Value of the parameter in form of a integer - * + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() + * which contains param with @a name + * @param[in] name Name of parameter to get + * @param[out] pvalue Value of the parameter in form of a integer * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -906,31 +769,22 @@ int ckmc_param_list_set_buffer(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ +int ckmc_param_list_get_integer(ckmc_param_list_h params, ckmc_param_name_e name, uint64_t *pvalue); -int ckmc_param_list_get_integer(ckmc_param_list_h params, - ckmc_param_name_e name, - uint64_t *pvalue); /** * @brief Gets buffer parameter from the list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() - * which contains param with @a name - * @param[in] name Name of parameter to get + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() + * which contains param with @a name + * @param[in] name Name of parameter to get * @param[out] ppbuffer Value of the parameter in form of a buffer \n * Caller is responsible for creating and freeing the buffer - * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -942,17 +796,13 @@ int ckmc_param_list_get_integer(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_get_buffer(ckmc_param_list_h params, - ckmc_param_name_e name, - ckmc_raw_buffer_s **ppbuffer); +int ckmc_param_list_get_buffer(ckmc_param_list_h params, ckmc_param_name_e name, ckmc_raw_buffer_s **ppbuffer); + /** * @brief Frees previously allocated list of algorithm params. - * * @since_tizen 3.0 - * - * @param[in] params First element of the list to be freed - * + * @param[in] params First element of the list to be freed * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -965,26 +815,21 @@ int ckmc_param_list_get_buffer(ckmc_param_list_h params, */ void ckmc_param_list_free(ckmc_param_list_h params); + /** * @brief Generates algorithm parameters for a given algorithm type and set them to the list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for #ckmc_param_list_h destruction. * @remarks Algorithm parameters are set to default values. Optional fields are left empty. - * Initialization vectors are left empty (they have to be set manually). Caller is - * responsible for freeing the list with ckmc_param_list_free(). + * Initialization vectors are left empty (they have to be set manually). + * Caller is responsible for freeing the list with ckmc_param_list_free(). * @remarks If the function returns error, provided param list may contain some of default parameters. - * - * @param[in] type Type of the algorithm - * @param[out] pparams Newly generated handle of param list which should be freed by caller after used - * + * @param[in] type Type of the algorithm + * @param[out] pparams Newly generated handle of param list which should be freed by caller after use * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -997,12 +842,15 @@ void ckmc_param_list_free(ckmc_param_list_h params); */ int ckmc_generate_new_params(ckmc_algo_type_e type, ckmc_param_list_h *pparams); + /** * @} */ + #ifdef __cplusplus } #endif + #endif /* __TIZEN_CORE_CKMC_TYPE_H */ -- 2.7.4 From 95fa5548e0f83e620c683d56cbfa41dede72d38c Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 3 Feb 2017 11:13:09 +0900 Subject: [PATCH 11/16] Update documents in doc/ Change-Id: I3de73523d2a51f8508482247eddb2bc2a0078ad7 Signed-off-by: Kyungwook Tak --- doc/key-manager-client_doc.h | 8 ++++++-- doc/key-manager-types_doc.h | 10 ++++++---- doc/key-manager_doc.h | 24 +++++++++++------------- 3 files changed, 23 insertions(+), 19 deletions(-) diff --git a/doc/key-manager-client_doc.h b/doc/key-manager-client_doc.h index 25720cc..b17a65c 100644 --- a/doc/key-manager-client_doc.h +++ b/doc/key-manager-client_doc.h @@ -13,13 +13,16 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + + #ifndef __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ + + /** * @ingroup CAPI_KEY_MANAGER_MODULE * @defgroup CAPI_KEY_MANAGER_CLIENT_MODULE Key Manager Client - * @brief It provides APIs accessing on the secure repository and additional secure cryptographic operations. - * + * @brief It provides APIs accessing on the secure repository and additional secure cryptographic operations. * @section CAPI_KEY_MANAGER_CLIENT_MODULE_HEADER Required Header * \#include * @@ -28,4 +31,5 @@ * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients. */ + #endif /* __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ */ diff --git a/doc/key-manager-types_doc.h b/doc/key-manager-types_doc.h index c13d822..8c975b8 100644 --- a/doc/key-manager-types_doc.h +++ b/doc/key-manager-types_doc.h @@ -13,20 +13,22 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + + #ifndef __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ + + /** * @ingroup CAPI_KEY_MANAGER_MODULE * @defgroup CAPI_KEY_MANAGER_TYPES_MODULE Key Manager Data Types - * @brief It defines data types used in these APIs and provides utility methods handling them. - * + * @brief It defines data types used in these APIs and provides utility methods handling them. * @section CAPI_KEY_MANAGER_TYPES_MODULE_HEADER Required Header * \#include * * @section CAPI_KEY_MANAGER_TYPES_MODULE_OVERVIEW Overview - * It defines data types for key, certificate,raw buffer, and linked list used in these APIs. + * It defines data types for key, certificate, raw buffer, and linked list used in these APIs. * It also provides new and free methods for them. - * */ #endif /* __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ */ diff --git a/doc/key-manager_doc.h b/doc/key-manager_doc.h index d34293f..776a124 100644 --- a/doc/key-manager_doc.h +++ b/doc/key-manager_doc.h @@ -13,14 +13,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + + #ifndef __TIZEN_CORE_KEY_MANAGER_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_DOC_H__ + + /** * @ingroup CAPI_SECURITY_FRAMEWORK * @defgroup CAPI_KEY_MANAGER_MODULE Key Manager - * @brief The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs. - * Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients. - * + * @brief The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs. + * Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients. * @section CAPI_KEY_MANAGER_MODULE_OVERVIEW Overview * * @@ -33,18 +36,15 @@ * * *
APIDescription
Defines data types used in these APIs and provides utility methods handling them.
- * * It provides a secure repository for keys, certificates, and sensitive data of users and/or their APPs which are protected by Tizen platform. * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients. * * @image html capi_key_manager_overview_diagram.png - * * The key manager provides 2 types of API. - * - secure repository APIs : These APIs provides storing, retrieving, and removing functions for keys, certificates, and data. - * - secure crypto APIs : These APIs provides additional cryptographic operations (create asymmetric key pair, sign/verify signature, verify certificate). - * + * - secure repository APIs: These APIs provides storing, retrieving, and removing functions for keys, certificates, and data. + * - secure crypto APIs: These APIs provides additional cryptographic operations (create asymmetric key pair, sign/verify signature, verify certificate). * Data Store Policy: - * A client can specify simple access rules when storing a data in Key Manager. + * A client can specify simple access rules when storing data in Key Manager. * - Exportable/Non-Exportable: * Only for data tagged as exportable, Key Manager returns the raw value of the data. * If data is tagged as non-exportable, Key Manager does not return its raw value. @@ -53,20 +53,18 @@ * All data in Key Manager is protected by Tizen platform. * Besides, a client can encrypt its data using its own password additionally. * If a client provides a password when storing a data, the data will be encrypted with the password. - * This password should be provided when get the data from Key Manager. - * + * This password should be provided when getting the data from Key Manager. * Data Access Control * - By default, only the owner of a data can access to the data. * - If the owner grants the access to other applications, those applications can read or delete the data from key-manager DB. * - When an application is deleted, the data and access control information granted by the application are also removed. - * * Alias Format * - The format of alias is "package_id name". * - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally. * - The client can specify only its own package id in the alias when storing a key, certificate, or data. * - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications. * - Aliases are returned as the format of "package_id name" from the key-manager. - * */ + #endif /* __TIZEN_CORE_KEY_MANAGER_DOC_H__ */ -- 2.7.4 From ce59c45df52731ad63aea8c78a8bb9aff97b85b0 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Wed, 25 Jan 2017 13:12:44 +0900 Subject: [PATCH 12/16] Replace stringify template to macro Change-Id: Ifc6e0d65d903ec17c2669ddfa32c3b3b23a7bcb0 Signed-off-by: Kyungwook Tak --- src/manager/common/exception.h | 35 ++++++-------- src/manager/common/stringify.h | 97 +++++++++++++++++---------------------- src/manager/service/file-lock.cpp | 27 ++++------- 3 files changed, 68 insertions(+), 91 deletions(-) diff --git a/src/manager/common/exception.h b/src/manager/common/exception.h index 380675f..874fbd0 100644 --- a/src/manager/common/exception.h +++ b/src/manager/common/exception.h @@ -74,24 +74,21 @@ public: template < int Error = 0, - typename Stringify = StringifyAvoid, + bool IsDebug = true, typename Before = DefaultExceptionLogger, - typename After = DefaultExceptionLogger > + typename After = DefaultExceptionLogger> class COMMON_API DefineException : public Exception { public: - template DefineException(const char *path, const char *function, int line, - const Args &... args) - : Exception(path, function, line, Stringify::Merge(args...)) + const std::string &message) + : Exception(path, function, line, IsDebug ? std::string() : message) { - Before(m_path, m_function, m_line, - DefineException::error(), m_message); + Before(m_path, m_function, m_line, Error, m_message); } ~DefineException() noexcept { - After(m_path, m_function, m_line, - DefineException::error(), m_message); + After(m_path, m_function, m_line, Error, m_message); } virtual int error(void) const @@ -116,29 +113,27 @@ public: }; using InternalError = - DefineException; + DefineException; using DatabaseLocked = - DefineException; + DefineException; using DatabaseFailed = - DefineException; + DefineException; using FileSystemFailed = - DefineException; + DefineException; using InputParam = - DefineException; + DefineException; using AuthenticationFailed = - DefineException; + DefineException; struct TransactionFailed : public DatabaseFailed { - template TransactionFailed(const char *path, const char *function, int line, - const Args &... args) - : DatabaseFailed(path, function, line, args...) {} + const std::string &message) + : DatabaseFailed(path, function, line, message) {} }; } // namespace Exc } // namespace CKM #define ThrowErr(name, ...) \ - throw name(__FILE__, __FUNCTION__, __LINE__, ##__VA_ARGS__); - + throw name(__FILE__, __FUNCTION__, __LINE__, Stringify(__VA_ARGS__)) diff --git a/src/manager/common/stringify.h b/src/manager/common/stringify.h index 64edfa6..c8b32d2 100644 --- a/src/manager/common/stringify.h +++ b/src/manager/common/stringify.h @@ -17,6 +17,7 @@ * @file stringify.h * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @author Kyungwook Tak (k.tak@samsung.com) * @version 1.0 */ #pragma once @@ -24,68 +25,56 @@ #include #include -namespace CKM { +#define PP_ARG_N(_1, _2, _3, _4, _5, _6, _7, _8, _9, _10, _11, _12, _13, _14, _15, N, ...) N +#define PP_RSEQ_N() 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 +#define PP_COMMASEQ_N 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0 -template -class StringifyBasic; +#define PP_NARG_(...) PP_ARG_N(__VA_ARGS__) +#define PP_HASCOMMA(...) PP_NARG_(__VA_ARGS__, PP_COMMASEQ_N()) -template <> -class StringifyBasic { - StringifyBasic() = delete; +#define PP_NARG_HELPER3_11(N) N +#define PP_NARG_HELPER3_00(N) 1 +#define PP_NARG_HELPER3_01(N) 0 +#define PP_NARG_HELPER2(a, b, N) PP_NARG_HELPER3_ ## a ## b(N) +#define PP_NARG_HELPER1(a, b, N) PP_NARG_HELPER2(a, b, N) +#define PP_HASARG() , -public: - static std::string Merge() - { - return std::string(); - } +#define PP_NARG(...) \ + PP_NARG_HELPER1( \ + PP_HASCOMMA(__VA_ARGS__), \ + PP_HASCOMMA(PP_HASARG __VA_ARGS__ ()), \ + PP_NARG_(__VA_ARGS__, PP_RSEQ_N())) - template - static std::string Merge(const Args &...) - { - return std::string(); - } -}; +#define CONCAT_(arg1, arg2) arg1 ## arg2 +#define CONCAT(arg1, arg2) CONCAT_(arg1, arg2) -template <> -class StringifyBasic { - StringifyBasic() = delete; +#define STRINGIFY_0() << "" +#define STRINGIFY_1(msg) << msg +#define STRINGIFY_2(msg, ...) << msg STRINGIFY_1(__VA_ARGS__) +#define STRINGIFY_3(msg, ...) << msg STRINGIFY_2(__VA_ARGS__) +#define STRINGIFY_4(msg, ...) << msg STRINGIFY_3(__VA_ARGS__) +#define STRINGIFY_5(msg, ...) << msg STRINGIFY_4(__VA_ARGS__) +#define STRINGIFY_6(msg, ...) << msg STRINGIFY_5(__VA_ARGS__) +#define STRINGIFY_7(msg, ...) << msg STRINGIFY_6(__VA_ARGS__) +#define STRINGIFY_8(msg, ...) << msg STRINGIFY_7(__VA_ARGS__) +#define STRINGIFY_9(msg, ...) << msg STRINGIFY_8(__VA_ARGS__) +#define STRINGIFY_10(msg, ...) << msg STRINGIFY_9(__VA_ARGS__) +#define STRINGIFY_11(msg, ...) << msg STRINGIFY_10(__VA_ARGS__) +#define STRINGIFY_12(msg, ...) << msg STRINGIFY_11(__VA_ARGS__) +#define STRINGIFY_13(msg, ...) << msg STRINGIFY_12(__VA_ARGS__) +#define STRINGIFY_14(msg, ...) << msg STRINGIFY_13(__VA_ARGS__) +#define STRINGIFY_15(msg, ...) << msg STRINGIFY_14(__VA_ARGS__) +#define STRINGIFY_(N, ...) CONCAT(STRINGIFY_, N)(__VA_ARGS__) - static void Concatenate(std::ostringstream &) {} +#define Stringify(...) \ + (static_cast(std::ostringstream() \ + STRINGIFY_(PP_NARG(__VA_ARGS__), __VA_ARGS__))).str() - template - static void Concatenate(std::ostringstream &stream, const t &arg1, - const Args &... args) - { - stream << arg1; - Concatenate(stream, args...); - } - -public: - static std::string Merge() - { - return std::string(); - } - - template - static std::string Merge(const T &arg1, const Args &... args) - { - std::ostringstream stream; - Concatenate(stream, arg1, args...); - return stream.str(); - } -}; +#define StringifyAvoid(...) std::string() +#define StringifyError(...) Stringify(__VA_ARGS__) #ifdef DEBUG -#define DEBUG_STATUS true +#define StringifyDebug(...) Stringify(__VA_ARGS__) #else -#define DEBUG_STATUS false +#define StringifyDebug(...) std::string() #endif - -using Stringify = StringifyBasic; -using StringifyAvoid = StringifyBasic; -using StringifyError = StringifyBasic; -using StringifyDebug = StringifyBasic; - -#undef DEBUG_STATUS - -} // namespace CKM diff --git a/src/manager/service/file-lock.cpp b/src/manager/service/file-lock.cpp index e7e4032..1c5f107 100644 --- a/src/manager/service/file-lock.cpp +++ b/src/manager/service/file-lock.cpp @@ -31,35 +31,27 @@ #include #include -#include +#include #include namespace CKM { -namespace { - -// TODO replace it with custom exception when they are implemented -template -std::runtime_error io_exception(const Args &... args) -{ - return std::runtime_error(Stringify::Merge(args...)); -}; - -} // namespace anonymous - FileLock::FileLock(const char *const file) { // Open lock file m_lockFd = TEMP_FAILURE_RETRY(creat(file, 0644)); if (m_lockFd == -1) - throw io_exception("Cannot open lock file. Errno: ", GetErrnoString()); + ThrowErr(Exc::FileSystemFailed, + "Cannot open lock file. errno: ", GetErrnoString()); if (-1 == lockf(m_lockFd, F_TLOCK, 0)) { if (errno == EACCES || errno == EAGAIN) - throw io_exception("Can't acquire lock. Another instance must be running."); + ThrowErr(Exc::FileSystemFailed, + "Can't acquire lock. Another instance is running"); else - throw io_exception("Can't acquire lock. Errno: ", GetErrnoString()); + ThrowErr(Exc::FileSystemFailed, + "Can't acquire lock. errno: ", GetErrnoString()); } std::string pid = std::to_string(getpid()); @@ -67,12 +59,13 @@ FileLock::FileLock(const char *const file) ssize_t written = TEMP_FAILURE_RETRY(write(m_lockFd, pid.c_str(), pid.size())); if (-1 == written || static_cast(pid.size()) > written) - throw io_exception("Can't write file lock. Errno: ", GetErrnoString()); + ThrowErr(Exc::FileSystemFailed, + "Can't write file lock. errno: ", GetErrnoString()); int ret = fsync(m_lockFd); if (-1 == ret) - throw io_exception("Fsync failed. Errno: ", GetErrnoString()); + ThrowErr(Exc::FileSystemFailed, "Fsync failed. errno: ", GetErrnoString()); } FileLock::~FileLock() -- 2.7.4 From b2a729fb76e3e6e2964e82e10ce8edc85e251a3e Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 13 Jan 2017 20:06:41 +0900 Subject: [PATCH 13/16] Add internal test cases Change-Id: Ifd6b70245a8210f17097cd47d7739c8d19ab1819 Signed-off-by: Kyungwook Tak (cherry picked from commit 925c8d123fd9ece130ccf359446ad9e0e63906e3) --- packaging/key-manager.spec | 6 +- tests/CMakeLists.txt | 48 ++++++- tests/test_async-observer.cpp | 95 +++++++++++++ tests/test_binary-queue.cpp | 142 +++++++++++++++++++ tests/test_certificate.cpp | 131 ++++++++++++++++++ tests/test_common.cpp | 13 ++ tests/test_common.h | 1 + tests/test_crypto-logic.cpp | 141 +++++++++++++++++++ tests/test_dpl-db.cpp | 47 +++++++ tests/test_dpl-exception.cpp | 38 +++++ tests/test_exception.cpp | 88 ++++++++++++ tests/test_generic-backend.cpp | 154 +++++++++++++++++++++ ...test-key-provider.cpp => test_key-provider.cpp} | 53 ++++++- tests/test_key.cpp | 95 +++++++++++++ tests/test_log-provider.cpp | 97 +++++++++++++ tests/test_ss-crypto.cpp | 56 ++++++++ tests/test_stringify.cpp | 44 ++++++ tests/test_sw-backend.cpp | 58 ++++++++ tests/test_tz-backend.cpp | 40 ++++++ 19 files changed, 1335 insertions(+), 12 deletions(-) create mode 100644 tests/test_async-observer.cpp create mode 100644 tests/test_binary-queue.cpp create mode 100644 tests/test_certificate.cpp create mode 100644 tests/test_crypto-logic.cpp create mode 100644 tests/test_dpl-db.cpp create mode 100644 tests/test_dpl-exception.cpp create mode 100644 tests/test_exception.cpp create mode 100644 tests/test_generic-backend.cpp rename tests/{test-key-provider.cpp => test_key-provider.cpp} (78%) create mode 100644 tests/test_key.cpp create mode 100644 tests/test_log-provider.cpp create mode 100644 tests/test_ss-crypto.cpp create mode 100644 tests/test_stringify.cpp create mode 100644 tests/test_sw-backend.cpp create mode 100644 tests/test_tz-backend.cpp diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 8ec74d6..8e40485 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -45,7 +45,7 @@ Requires: libkey-manager-common = %{version}-%{release} %global old_rw_data_dir /opt/data/ckm %global rw_data_dir %{?TZ_SYS_DATA:%TZ_SYS_DATA/ckm}%{!?TZ_SYS_DATA:%old_rw_data_dir} %global ro_data_dir %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE/ckm}%{!?TZ_SYS_RO_SHARE:%_datadir/ckm} -%global db_test_dir %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE/ckm-db-test}%{!?TZ_SYS_RO_SHARE:%_datadir/ckm-db-test} +%global test_dir %{?TZ_SYS_DATA:%TZ_SYS_DATA/ckm-tests-internal}%{!?TZ_SYS_DATA:%/opt/data/ckm-tests-internal} %global bin_dir %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir} # image creation error occured if /usr/sbin used for ldconfig #%global sbin_dir %{?TZ_SYS_SBIN:%TZ_SYS_SBIN}%{!?TZ_SYS_SBIN:%_sbindir} @@ -150,7 +150,7 @@ export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions " -DRO_ETC_DIR=%{ro_etc_dir} \ -DBIN_DIR=%{bin_dir} \ -DINITIAL_VALUES_DIR=%{initial_values_dir} \ - -DDB_TEST_DIR=%{db_test_dir} \ + -DTEST_DIR=%{test_dir} \ -DCA_CERTS_DIR=%{ca_certs_dir} \ %if 0%{?watchdog_enabled} -DWATCHDOG_ENABLED=%{watchdog_enabled} \ @@ -313,4 +313,4 @@ fi %{bin_dir}/ckm_so_loader %{bin_dir}/ckm_db_tool %{bin_dir}/ckm_generate_db -%db_test_dir +%test_dir diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 186a659..5431f8e 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -4,8 +4,13 @@ PKG_CHECK_MODULES(KEY_MANAGER_TEST_DEP ) FIND_PACKAGE(Threads REQUIRED) -ADD_DEFINITIONS( "-DBOOST_TEST_DYN_LINK" ) +ADD_DEFINITIONS("-DBOOST_TEST_DYN_LINK") + +SET(DB_TEST_DIR ${TEST_DIR}/db) +SET(SS_TEST_DIR ${TEST_DIR}/secure-storage) + ADD_DEFINITIONS("-DDB_TEST_DIR=\"${DB_TEST_DIR}\"") +ADD_DEFINITIONS("-DSS_TEST_DIR=\"${SS_TEST_DIR}\"") SET(KEY_MANAGER_SRC_PATH ${PROJECT_SOURCE_DIR}/src) SET(KEY_MANAGER_PATH ${PROJECT_SOURCE_DIR}/src/manager) @@ -26,44 +31,72 @@ INCLUDE_DIRECTORIES( ${KEY_MANAGER_PATH}/service ${KEY_MANAGER_PATH}/initial-values ${KEY_MANAGER_PATH}/main - ${KEY_MANAGER_PATH}/common/ - ${KEY_MANAGER_PATH}/client-async/ + ${KEY_MANAGER_PATH}/common + ${KEY_MANAGER_PATH}/crypto + ${KEY_MANAGER_PATH}/client-async ${KEY_MANAGER_SRC_PATH}/include - ${KEY_MANAGER_TEST_MERGED_SRC}/ - ${KEY_MANAGER_TEST_MERGED_SRC}/encryption-scheme/ + ${KEY_MANAGER_TEST_MERGED_SRC} + ${KEY_MANAGER_TEST_MERGED_SRC}/encryption-scheme ) SET(TEST_MERGED_SOURCES ${KEY_MANAGER_TEST_MERGED_SRC}/colour_log_formatter.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/DBFixture.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/main.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_async-observer.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_base64.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_binary-queue.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_certificate.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_comm-manager.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_common.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_crypto-logic.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_data-type.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_db_crypto.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_descriptor-set.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_dpl-db.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_dpl-exception.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_encryption-scheme.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_exception.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_for-each-file.cpp - ${KEY_MANAGER_TEST_MERGED_SRC}/test-key-provider.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_generic-backend.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_key.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_key-provider.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_log-provider.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_safe-buffer.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_serialization.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_sql.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_stringify.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_ss-crypto.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_sw-backend.cpp + ${KEY_MANAGER_TEST_MERGED_SRC}/test_tz-backend.cpp ${KEY_MANAGER_TEST_MERGED_SRC}/test_xml-parser.cpp # duplicated srcs to test hidden symbols ${KEY_MANAGER_PATH}/client-async/descriptor-set.cpp + ${KEY_MANAGER_PATH}/crypto/platform/decider.cpp + ${KEY_MANAGER_PATH}/crypto/sw-backend/internals.cpp + ${KEY_MANAGER_PATH}/crypto/sw-backend/obj.cpp + ${KEY_MANAGER_PATH}/crypto/sw-backend/store.cpp + ${KEY_MANAGER_PATH}/crypto/tz-backend/obj.cpp + ${KEY_MANAGER_PATH}/crypto/tz-backend/store.cpp ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp ${KEY_MANAGER_PATH}/dpl/core/src/colors.cpp ${KEY_MANAGER_PATH}/dpl/core/src/errno_string.cpp ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp + ${KEY_MANAGER_PATH}/dpl/log/src/abstract_log_provider.cpp + ${KEY_MANAGER_PATH}/dpl/log/src/dlog_log_provider.cpp + ${KEY_MANAGER_PATH}/dpl/log/src/journal_log_provider.cpp + ${KEY_MANAGER_PATH}/dpl/log/src/log.cpp + ${KEY_MANAGER_PATH}/dpl/log/src/old_style_log_provider.cpp ${KEY_MANAGER_PATH}/initial-values/parser.cpp + ${KEY_MANAGER_PATH}/initial-values/SWKeyFile.cpp ${KEY_MANAGER_PATH}/initial-values/xml-utils.cpp + ${KEY_MANAGER_PATH}/service/crypto-logic.cpp ${KEY_MANAGER_PATH}/service/db-crypto.cpp ${KEY_MANAGER_PATH}/service/for-each-file.cpp ${KEY_MANAGER_PATH}/service/key-provider.cpp - ${KEY_MANAGER_PATH}/sqlcipher/sqlcipher.c + ${KEY_MANAGER_PATH}/service/ss-crypto.cpp ) LINK_DIRECTORIES(${KEY_MANAGER_DEP_LIBRARY_DIRS}) @@ -102,5 +135,6 @@ INSTALL( ) INSTALL(DIRECTORY resources/traverse DESTINATION ${DB_TEST_DIR}) +INSTALL(DIRECTORY secure-storage-old-data/ DESTINATION ${SS_TEST_DIR}) ADD_SUBDIRECTORY(encryption-scheme) diff --git a/tests/test_async-observer.cpp b/tests/test_async-observer.cpp new file mode 100644 index 0000000..7479605 --- /dev/null +++ b/tests/test_async-observer.cpp @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include +#include + +using namespace CKM; + +namespace { + +class TestObserver : public ManagerAsync::Observer { +public: + void ReceivedError(int) { throw std::invalid_argument("test observer recv err"); } +}; + +const std::string CERT_PEM = + "-----BEGIN CERTIFICATE-----\n" + "MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV\n" + "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD\n" + "VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw\n" + "HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET\n" + "MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz\n" + "dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq\n" + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC\n" + "9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da\n" + "eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W\n" + "rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo\n" + "5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs\n" + "BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw\n" + "TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk\n" + "zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC\n" + "AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX\n" + "ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus\n" + "9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS\n" + "Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV\n" + "qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK\n" + "kOg11TpPdNDkhb1J4ZCh2gupDg==\n" + "-----END CERTIFICATE-----\n"; + +} + +BOOST_AUTO_TEST_SUITE(ASYNC_OBSERVER_TEST) + +BOOST_AUTO_TEST_CASE(base) +{ + TestObserver o; + + BOOST_REQUIRE_THROW(o.ReceivedError(0), std::invalid_argument); + + BOOST_REQUIRE_NO_THROW(o.ReceivedSaveKey()); + BOOST_REQUIRE_NO_THROW(o.ReceivedSaveCertificate()); + BOOST_REQUIRE_NO_THROW(o.ReceivedSaveData()); + BOOST_REQUIRE_NO_THROW(o.ReceivedSavePKCS12()); + BOOST_REQUIRE_NO_THROW(o.ReceivedRemovedAlias()); + + BOOST_REQUIRE_NO_THROW(o.ReceivedKey(std::move(*Key::createAES(RawBuffer({ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }))))); + BOOST_REQUIRE_NO_THROW(o.ReceivedCertificate(std::move(*Certificate::create( + RawBuffer(CERT_PEM.begin(), CERT_PEM.end()), DataFormat::FORM_PEM)))); + BOOST_REQUIRE_NO_THROW(o.ReceivedData(RawBuffer())); + BOOST_REQUIRE_NO_THROW(o.ReceivedPKCS12(PKCS12ShPtr())); + + BOOST_REQUIRE_NO_THROW(o.ReceivedKeyAliasVector(AliasVector())); + BOOST_REQUIRE_NO_THROW(o.ReceivedCertificateAliasVector(AliasVector())); + BOOST_REQUIRE_NO_THROW(o.ReceivedDataAliasVector(AliasVector())); + + BOOST_REQUIRE_NO_THROW(o.ReceivedCreateKeyAES()); + BOOST_REQUIRE_NO_THROW(o.ReceivedCreateKeyPair()); + + BOOST_REQUIRE_NO_THROW(o.ReceivedGetCertificateChain(CertificateShPtrVector())); + + BOOST_REQUIRE_NO_THROW(o.ReceivedCreateSignature(RawBuffer())); + BOOST_REQUIRE_NO_THROW(o.ReceivedVerifySignature()); + BOOST_REQUIRE_NO_THROW(o.ReceivedOCSPCheck(0)); + BOOST_REQUIRE_NO_THROW(o.ReceivedSetPermission()); + BOOST_REQUIRE_NO_THROW(o.ReceivedEncrypted(RawBuffer())); + BOOST_REQUIRE_NO_THROW(o.ReceivedDecrypted(RawBuffer())); +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_binary-queue.cpp b/tests/test_binary-queue.cpp new file mode 100644 index 0000000..5180ded --- /dev/null +++ b/tests/test_binary-queue.cpp @@ -0,0 +1,142 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include +#include + +using namespace CKM; + +namespace { + +RawBuffer buf({0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}); + +} // namespace anonymous + +BOOST_AUTO_TEST_SUITE(BINARY_QUEUE_TEST) + +BOOST_AUTO_TEST_CASE(copy_assignment) +{ + BinaryQueue bq1; + bq1.AppendCopy(buf.data(), buf.size()); + + BinaryQueue bq2; + bq2 = bq1; + + BOOST_REQUIRE(bq1.Size() == bq2.Size() && bq1.Size() == buf.size()); + + RawBuffer buf1(bq1.Size(), 0x00); + RawBuffer buf2(bq2.Size(), 0x00); + + bq1.Flatten(buf1.data(), buf1.size()); + bq2.Flatten(buf2.data(), buf2.size()); + + BOOST_REQUIRE(buf1 == buf2); +} + +BOOST_AUTO_TEST_CASE(append_copy_to) +{ + BinaryQueue bq1; + bq1.AppendCopy(buf.data(), buf.size()); + + BinaryQueue bq2; + bq1.AppendCopyTo(bq2); + + BOOST_REQUIRE(bq1.Size() == bq2.Size() && bq1.Size() == buf.size()); + + RawBuffer buf1(bq1.Size(), 0x00); + RawBuffer buf2(bq2.Size(), 0x00); + + bq1.Flatten(buf1.data(), buf1.size()); + bq2.Flatten(buf2.data(), buf2.size()); + + BOOST_REQUIRE(buf1 == buf2); +} + +BOOST_AUTO_TEST_CASE(append_move_to) +{ + BinaryQueue bq1; + bq1.AppendCopy(buf.data(), buf.size()); + + BinaryQueue bq2; + bq1.AppendMoveTo(bq2); + + BOOST_REQUIRE(bq2.Size() == buf.size() && bq1.Empty()); + + RawBuffer buf2(bq2.Size(), 0x00); + bq2.Flatten(buf2.data(), buf2.size()); + BOOST_REQUIRE(buf == buf2); +} + +BOOST_AUTO_TEST_CASE(read) +{ + BinaryQueue bq1; + bq1.AppendCopy(buf.data(), buf.size()); + + auto bq2 = bq1.Read(buf.size()); + BOOST_REQUIRE(bq1.Empty()); + + RawBuffer buf2(bq2->Size(), 0x00); + bq2->Flatten(buf2.data(), buf2.size()); + BOOST_REQUIRE(buf == buf2); +} + +BOOST_AUTO_TEST_CASE(write) +{ + BinaryQueue bq1; + bq1.AppendCopy(buf.data(), buf.size()); + + BinaryQueue bq2; + bq2.Write(bq1, bq1.Size()); + + RawBuffer buf1(bq1.Size(), 0x00); + RawBuffer buf2(bq2.Size(), 0x00); + + bq1.Flatten(buf1.data(), buf1.size()); + bq2.Flatten(buf2.data(), buf2.size()); + + BOOST_REQUIRE(buf1 == buf2); +} + +BOOST_AUTO_TEST_CASE(bucket_visitor) +{ + static std::vector globalBuf; + + class BucketVisitorTest : public BinaryQueue::BucketVisitor { + public: + virtual void OnVisitBucket(const void *buffer, size_t bufferSize) override + { + for (size_t i = 0; i < bufferSize; ++i) + globalBuf.push_back(static_cast(buffer)[i]); + } + }; + + BucketVisitorTest visitor; + + constexpr size_t BucketNum = 3; + BinaryQueue bq; + for (size_t i = 0; i < BucketNum; ++i) + bq.AppendCopy(buf.data(), buf.size()); + + bq.VisitBuckets(&visitor); + + BOOST_REQUIRE(globalBuf.size() == buf.size() * BucketNum); + for (size_t i = 0; i < BucketNum; ++i) + for (size_t j = 0; j < buf.size(); ++j) + BOOST_REQUIRE(globalBuf[i * buf.size() + j] == buf[j]); +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_certificate.cpp b/tests/test_certificate.cpp new file mode 100644 index 0000000..8c7695a --- /dev/null +++ b/tests/test_certificate.cpp @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include + +namespace { +const std::string CERT_PEM = + "-----BEGIN CERTIFICATE-----\n" + "MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV\n" + "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD\n" + "VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw\n" + "HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET\n" + "MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz\n" + "dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq\n" + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC\n" + "9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da\n" + "eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W\n" + "rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo\n" + "5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs\n" + "BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw\n" + "TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk\n" + "zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC\n" + "AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX\n" + "ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus\n" + "9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS\n" + "Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV\n" + "qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK\n" + "kOg11TpPdNDkhb1J4ZCh2gupDg==\n" + "-----END CERTIFICATE-----\n"; + +const std::string CERT_BASE64 = + "MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV\n" + "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYD\n" + "VQQLDAdUZXN0aW5nMSEwHwYDVQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUw\n" + "HhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcyMTUyWjBmMQswCQYDVQQGEwJBVTET\n" + "MBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQMA4GA1UECwwHVGVz\n" + "dGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjANBgkq\n" + "hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC\n" + "9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3da\n" + "eDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/W\n" + "rQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo\n" + "5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz+HHv31AllgFs\n" + "BquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQIDAQABo1Aw\n" + "TjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pk\n" + "zFt1PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC\n" + "AQEAld7Qwq0cdzDQ51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBX\n" + "ldvGBG5Tn0vT7xSuhmSgI2/HnBpy9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus\n" + "9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYUwJFQEofkjmd4UpOYSqmcRXhS\n" + "Jzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX77+XYvhodLRsV\n" + "qMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK\n" + "kOg11TpPdNDkhb1J4ZCh2gupDg==\n"; + +const std::string CERT_PUBKEY_PEM = + "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7Qxv\n" + "DKzyFCF3w9vC9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh\n" + "7xk8qfEgH3daeDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5k\n" + "bCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/r\n" + "rTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz\n" + "+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsq\n" + "GQIDAQAB\n" + "-----END PUBLIC KEY-----\n"; +} + +using namespace CKM; + +BOOST_AUTO_TEST_SUITE(CERTIFICATE_TEST) + +BOOST_AUTO_TEST_CASE(constructors) +{ + RawBuffer certpem(CERT_PEM.begin(), CERT_PEM.end()); + BOOST_REQUIRE_NO_THROW(CertificateImpl(certpem, DataFormat::FORM_PEM)); + + RawBuffer certbase64(CERT_BASE64.begin(), CERT_BASE64.end()); + BOOST_REQUIRE_NO_THROW(CertificateImpl(certbase64, DataFormat::FORM_DER_BASE64)); + + RawBuffer dummy({0x0a, 0x0b, 0x0c, 0x0d}); + BOOST_REQUIRE(!Certificate::create(dummy, DataFormat::FORM_PEM)); +} + +BOOST_AUTO_TEST_CASE(move_semantics) +{ + RawBuffer certbuf(CERT_PEM.begin(), CERT_PEM.end()); + + CertificateImpl cert1(certbuf, DataFormat::FORM_PEM); + CertificateImpl cert2(cert1.getX509(), true); + CertificateImpl moveAssigned(cert1.getX509(), true); + + moveAssigned = std::move(cert2); + BOOST_REQUIRE(cert1.getDER() == moveAssigned.getDER()); + + CertificateImpl moveConstructed(std::move(moveAssigned)); + BOOST_REQUIRE(cert1.getDER() == moveConstructed.getDER()); +} + +BOOST_AUTO_TEST_CASE(get_evp_sh_ptr) +{ + RawBuffer certbuf(CERT_PEM.begin(), CERT_PEM.end()); + RawBuffer pubkeybuf(CERT_PUBKEY_PEM.begin(), CERT_PUBKEY_PEM.end()); + + CertificateImpl cert(certbuf, DataFormat::FORM_PEM); + KeyImpl pubkey(pubkeybuf); + + KeyImpl pubkeyFromCert(cert.getEvpShPtr(), KeyType::KEY_RSA_PUBLIC); + + BOOST_REQUIRE(pubkeyFromCert.getDER() == pubkey.getDER()); +} + +BOOST_AUTO_TEST_CASE(get_ocsp_url) +{ + RawBuffer certbuf(CERT_PEM.begin(), CERT_PEM.end()); + CertificateImpl cert(certbuf, DataFormat::FORM_PEM); + + BOOST_REQUIRE(cert.getOCSPURL().empty()); +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_common.cpp b/tests/test_common.cpp index ec2b242..d01b92a 100644 --- a/tests/test_common.cpp +++ b/tests/test_common.cpp @@ -22,6 +22,8 @@ */ #include #include +#include +#include using namespace CKM; @@ -45,6 +47,17 @@ RawBuffer createBigBlob(std::size_t size) return createPass(0, size); } +RawBuffer createRandom(std::size_t size) +{ + static unsigned int seed = ::time(nullptr); + + RawBuffer buf(size, 0x00); + for (size_t i = 0; i < size; ++i) + buf[i] = static_cast(::rand_r(&seed) % 256); + + return buf; +} + //raw to hex string conversion from SqlConnection std::string rawToHexString(const RawBuffer &raw) { diff --git a/tests/test_common.h b/tests/test_common.h index 07aae64..49eb8b7 100644 --- a/tests/test_common.h +++ b/tests/test_common.h @@ -32,6 +32,7 @@ CKM::RawBuffer createDefaultPass(); CKM::RawBuffer createPass(std::size_t from, std::size_t to); CKM::RawBuffer createBigBlob(std::size_t size); +CKM::RawBuffer createRandom(std::size_t size); const CKM::RawBuffer defaultPass = createDefaultPass(); const std::string pattern = diff --git a/tests/test_crypto-logic.cpp b/tests/test_crypto-logic.cpp new file mode 100644 index 0000000..ffe67ff --- /dev/null +++ b/tests/test_crypto-logic.cpp @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "test_common.h" + +using namespace CKM; + +namespace { + +Password createRandomPass(size_t size) +{ + static unsigned int seed = ::time(nullptr); + + Password buf(size, 0x00); + for (size_t i = 0; i < size; ++i) + buf[i] = static_cast(::rand_r(&seed) % 256); + + return buf; +} + +} // namespace anonymous + +BOOST_AUTO_TEST_SUITE(CRYPTO_LOGIC_TEST) + +BOOST_AUTO_TEST_CASE(move_semantics) +{ + CryptoLogic logic; + + const std::string label = "test_label"; + BOOST_REQUIRE_NO_THROW(logic.pushKey(label, createRandom(10))); + + CryptoLogic moved(std::move(logic)); + BOOST_REQUIRE(!logic.haveKey(label)); + BOOST_REQUIRE(moved.haveKey(label)); + + CryptoLogic moveAssigned = std::move(moved); + BOOST_REQUIRE(!moved.haveKey(label)); + BOOST_REQUIRE(moveAssigned.haveKey(label)); + + moveAssigned = std::move(moveAssigned); + BOOST_REQUIRE(moveAssigned.haveKey(label)); +} + +BOOST_AUTO_TEST_CASE(push_key) +{ + CryptoLogic logic; + + const std::string label = "test_label"; + BOOST_REQUIRE_THROW(logic.pushKey(std::string(), createRandom(10)), + Exc::InternalError); + BOOST_REQUIRE_THROW(logic.pushKey(label, RawBuffer()), + Exc::InternalError); + + BOOST_REQUIRE_NO_THROW(logic.pushKey(label, createRandom(10))); + BOOST_REQUIRE_THROW(logic.pushKey(label, createRandom(10)), + Exc::InternalError); + + std::string increasingLabel = "a"; + for (size_t i = 0; i < 20; ++i, increasingLabel.push_back('a')) { + BOOST_REQUIRE_NO_THROW(logic.pushKey(increasingLabel, createRandom(10))); + BOOST_REQUIRE_THROW(logic.pushKey(increasingLabel, createRandom(10)), + Exc::InternalError); + } +} + +BOOST_AUTO_TEST_CASE(row_encryption) +{ + Policy policy(Password(), true); + Crypto::Data data(DataType(DataType::Type::BINARY_DATA), createRandom(10)); + Crypto::Decider decider; + Crypto::GStore &store = decider.getStore(data.type, true); + Token token = store.import(data, policy.password); + + Name name = "test_data"; + Label label = "test_owner"; + DB::Row row(token, name, label, static_cast(policy.extractable)); + + CryptoLogic logic; + + BOOST_REQUIRE_THROW(logic.encryptRow(row), Exc::InternalError); + + auto key = createRandom(32); + BOOST_REQUIRE_NO_THROW(logic.pushKey(label, key)); + BOOST_REQUIRE_NO_THROW(logic.encryptRow(row)); + BOOST_REQUIRE_NO_THROW(logic.decryptRow(policy.password, row)); +} + +BOOST_AUTO_TEST_CASE(row_encryption_negatives) +{ + Policy policy(Password(), true); + Crypto::Data data(DataType(DataType::Type::BINARY_DATA), createRandom(10)); + Crypto::Decider decider; + Crypto::GStore &store = decider.getStore(data.type, true); + Token token = store.import(data, policy.password); + + Name name = "test_data"; + Label label = "test_owner"; + DB::Row row(token, name, label, static_cast(policy.extractable)); + + CryptoLogic logic; + + auto key = createRandom(32); + BOOST_REQUIRE_NO_THROW(logic.pushKey(label, key)); + BOOST_REQUIRE_NO_THROW(logic.encryptRow(row)); + + BOOST_REQUIRE_THROW(logic.decryptRow(createRandomPass(10), row), + Exc::AuthenticationFailed); + + BOOST_REQUIRE_NO_THROW(logic.removeKey(label)); + BOOST_REQUIRE_THROW(logic.decryptRow(Password(), row), + Exc::AuthenticationFailed); + BOOST_REQUIRE_NO_THROW(logic.pushKey(label, key)); + + row.algorithmType = DBCMAlgType::NONE; + BOOST_REQUIRE_THROW(logic.decryptRow(Password(), row), + Exc::AuthenticationFailed); +} + +BOOST_AUTO_TEST_SUITE_END() // CRYPTO_LOGIC_TEST diff --git a/tests/test_dpl-db.cpp b/tests/test_dpl-db.cpp new file mode 100644 index 0000000..610c9ad --- /dev/null +++ b/tests/test_dpl-db.cpp @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include + +using namespace CKM; +using namespace CKM::DB; + +BOOST_AUTO_TEST_SUITE(DPL_DB_TEST) + +BOOST_AUTO_TEST_SUITE(NAIVE_SYNCHRONIZATION_OBJECT) + +BOOST_AUTO_TEST_CASE(base) +{ + NaiveSynchronizationObject obj; + + BOOST_REQUIRE_NO_THROW(obj.Synchronize()); + BOOST_REQUIRE_NO_THROW(obj.NotifyAll()); +} + +BOOST_AUTO_TEST_SUITE_END() + +BOOST_AUTO_TEST_SUITE(SQL_CONNECTION) + +BOOST_AUTO_TEST_CASE(connection_broken) +{ + BOOST_REQUIRE_THROW( + SqlConnection("test-db", static_cast(999999)), + SqlConnection::Exception::ConnectionBroken); +} + +BOOST_AUTO_TEST_SUITE_END() +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_dpl-exception.cpp b/tests/test_dpl-exception.cpp new file mode 100644 index 0000000..35214e5 --- /dev/null +++ b/tests/test_dpl-exception.cpp @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include + +using namespace CKM; + +BOOST_AUTO_TEST_SUITE(DPL_EXCEPTION_TEST) + +BOOST_AUTO_TEST_CASE(dpl_exception) +{ + try { + throw Exception(__FILE__, __func__, __LINE__, "message"); + } catch (const Exception &e) { + BOOST_REQUIRE_NO_THROW(e.DumpToString()); + BOOST_REQUIRE_NO_THROW(e.Dump()); + BOOST_REQUIRE_NO_THROW(Exception::DisplayKnownException(e)); + BOOST_REQUIRE_NO_THROW(Exception::DisplayUnknownException()); + } catch (...) { + BOOST_REQUIRE_MESSAGE(false, "Unknown exception catched."); + } +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_exception.cpp b/tests/test_exception.cpp new file mode 100644 index 0000000..009b2d2 --- /dev/null +++ b/tests/test_exception.cpp @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include +#include + +using namespace CKM; + +#define CHECK_EXCEPTION(exception, ec, isDebug) \ +do { \ + const std::string errmsg = "test exception string"; \ + BOOST_REQUIRE_THROW(ThrowErr(exception, errmsg), exception); \ + try { \ + ThrowErr(exception, errmsg); \ + } catch (const exception &e) { \ + checkExceptionInternal(e, ec, isDebug ? std::string() : errmsg); \ + } \ +} while (false) + +namespace { + +void checkExceptionInternal(const Exc::Exception &e, int ec, const std::string &msg) +{ + BOOST_REQUIRE_MESSAGE(e.error() == ec, + "ec(" << ec << ") not matched(" << e.error() << ")"); + + BOOST_REQUIRE_MESSAGE(msg == e.what(), + "msg(" << msg << ") isn't matched(" << e.what() << ")"); + + BOOST_REQUIRE_MESSAGE(e.message().find(msg) != std::string::npos, + "msg(" << msg << ") isn't contained from message(" + << e.message() << ")"); +} + +} // namespace anonymous + +BOOST_AUTO_TEST_SUITE(EXCEPTION_TEST) + +BOOST_AUTO_TEST_CASE(internal_error) +{ + CHECK_EXCEPTION(Exc::InternalError, CKM_API_ERROR_SERVER_ERROR, false); +} + +BOOST_AUTO_TEST_CASE(database_locked) +{ + CHECK_EXCEPTION(Exc::DatabaseLocked, CKM_API_ERROR_DB_LOCKED, false); +} + +BOOST_AUTO_TEST_CASE(database_failed) +{ + CHECK_EXCEPTION(Exc::DatabaseFailed, CKM_API_ERROR_DB_ERROR, false); +} + +BOOST_AUTO_TEST_CASE(filesystem_failed) +{ + CHECK_EXCEPTION(Exc::FileSystemFailed, CKM_API_ERROR_FILE_SYSTEM, false); +} + +BOOST_AUTO_TEST_CASE(inputparam) +{ + CHECK_EXCEPTION(Exc::InputParam, CKM_API_ERROR_INPUT_PARAM, true); +} + +BOOST_AUTO_TEST_CASE(authentication_failed) +{ + CHECK_EXCEPTION(Exc::AuthenticationFailed, CKM_API_ERROR_AUTHENTICATION_FAILED, true); +} + +BOOST_AUTO_TEST_CASE(transaction_failed) +{ + CHECK_EXCEPTION(Exc::TransactionFailed, CKM_API_ERROR_DB_ERROR, false); +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_generic-backend.cpp b/tests/test_generic-backend.cpp new file mode 100644 index 0000000..c2e80a0 --- /dev/null +++ b/tests/test_generic-backend.cpp @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include +//#include + +#include + +using namespace CKM; + +namespace { + +class GObjTest : public Crypto::GObj { +public: + GObjTest() : Crypto::GObj() {} +}; + +class GStoreTest : public Crypto::GStore { +public: + GStoreTest(CryptoBackend backendId) : Crypto::GStore(backendId) {} +}; + +struct TestException : public std::exception {}; + +class ThrowingHandlerTest { +public: + static void Handle(const std::string &) + { + throw TestException(); + } +}; + +} // namespace anonymous + +BOOST_AUTO_TEST_SUITE(GENERIC_BACKEND_TEST) + +BOOST_AUTO_TEST_CASE(gobj) +{ + GObjTest obj; + + BOOST_REQUIRE_THROW(obj.getBinary(), Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(obj.encrypt(CryptoAlgorithm(), RawBuffer()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(obj.decrypt(CryptoAlgorithm(), RawBuffer()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(obj.sign(CryptoAlgorithm(), RawBuffer()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(obj.verify(CryptoAlgorithm(), RawBuffer(), RawBuffer()), + Exc::Crypto::OperationNotSupported); +} + +BOOST_AUTO_TEST_CASE(gstore) +{ + GStoreTest store(static_cast(0)); + + BOOST_REQUIRE_THROW(store.getObject(Token(), Password()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(store.generateAKey(CryptoAlgorithm(), Password(), Password()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(store.generateSKey(CryptoAlgorithm(), Password()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(store.import(Crypto::Data(), Password()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(store.importEncrypted(Crypto::Data(), Password(), + Crypto::DataEncryption()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(store.destroy(Token()), + Exc::Crypto::OperationNotSupported); +} + +#if 0 +BOOST_AUTO_TEST_CASE(algo_validation_not_mandatory) +{ + constexpr ParamName pn = ParamName::ALGO_TYPE; + using Checker = Crypto::ParamCheck< + pn, int, false, Crypto::Type::Equals<0, 1, 2, 3, 4>, + Crypto::DefaultGetter>; + + Checker checker; + CryptoAlgorithm ca; + + BOOST_REQUIRE_NO_THROW(checker.Check(ca)); + + for (int i = 0; i < 5; ++i) { + ca.setParam(pn, i); + BOOST_REQUIRE_NO_THROW(checker.Check(ca)); + } + + for (int i = 5; i < 10; ++i) { + ca.setParam(pn, i); + BOOST_REQUIRE_THROW(checker.Check(ca), Exc::Crypto::InputParam); + } +} + +BOOST_AUTO_TEST_CASE(algo_validation_mandatory) +{ + constexpr ParamName pn = ParamName::ALGO_TYPE; + using Checker = Crypto::ParamCheck< + pn, int, true, Crypto::Type::Equals<0, 1, 2, 3, 4>, + Crypto::DefaultGetter>; + + Checker checker; + CryptoAlgorithm ca; + + BOOST_REQUIRE_THROW(checker.Check(ca), Exc::Crypto::InputParam); + + for (int i = 0; i < 5; ++i) { + ca.setParam(pn, i); + BOOST_REQUIRE_NO_THROW(checker.Check(ca)); + } + + for (int i = 5; i < 10; ++i) { + ca.setParam(pn, i); + BOOST_REQUIRE_THROW(checker.Check(ca), Exc::Crypto::InputParam); + } +} + +BOOST_AUTO_TEST_CASE(algo_validation_throwing_handler) +{ + constexpr ParamName pn = ParamName::ALGO_TYPE; + using Checker = Crypto::ParamCheck< + pn, int, true, Crypto::Type::Equals<0, 1, 2, 3, 4>, + Crypto::DefaultGetter, ThrowingHandlerTest>; + + Checker checker; + CryptoAlgorithm ca; + BOOST_REQUIRE_THROW(checker.Check(ca), TestException); + + for (int i = 0; i < 5; ++i) { + ca.setParam(pn, i); + BOOST_REQUIRE_NO_THROW(checker.Check(ca)); + } + + for (int i = 5; i < 10; ++i) { + ca.setParam(pn, i); + BOOST_REQUIRE_THROW(checker.Check(ca), TestException); + } +} +#endif + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test-key-provider.cpp b/tests/test_key-provider.cpp similarity index 78% rename from tests/test-key-provider.cpp rename to tests/test_key-provider.cpp index 2186304..274080d 100644 --- a/tests/test-key-provider.cpp +++ b/tests/test_key-provider.cpp @@ -15,7 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License * - * @file test-key-provider.cpp + * @file test_key-provider.cpp * @author Kyungwook Tak (k.tak@samsung.com) * @version * @brief @@ -163,5 +163,54 @@ BOOST_AUTO_TEST_CASE(KeyGetPureDEK_after_reencrypt) BOOST_REQUIRE_NO_THROW(keyProvider.getPureDEK(rb_DEK1)); } -BOOST_AUTO_TEST_SUITE_END() +BOOST_AUTO_TEST_CASE(wrapped_container) +{ + CKM::WrappedKeyAndInfoContainer wrappedContainer; + + auto salt = createRandom(20); + BOOST_REQUIRE_NO_THROW(wrappedContainer.setKeyInfoSalt(salt.data(), salt.size())); + BOOST_REQUIRE_NO_THROW(wrappedContainer.setKeyInfoLabel("key_info_label")); + + CKM::WrappedKeyAndInfoContainer wrappedContainer2; + BOOST_REQUIRE_NO_THROW( + wrappedContainer2.setKeyInfo(&wrappedContainer.getWrappedKeyAndInfo().keyInfo)); + + BOOST_REQUIRE( + wrappedContainer.getWrappedKeyAndInfo().keyInfo.keyLength == + wrappedContainer2.getWrappedKeyAndInfo().keyInfo.keyLength); + BOOST_REQUIRE(memcmp( + wrappedContainer.getWrappedKeyAndInfo().keyInfo.salt, + wrappedContainer2.getWrappedKeyAndInfo().keyInfo.salt, + sizeof(wrappedContainer.getWrappedKeyAndInfo().keyInfo.salt)) == 0); + BOOST_REQUIRE(memcmp( + wrappedContainer.getWrappedKeyAndInfo().keyInfo.label, + wrappedContainer2.getWrappedKeyAndInfo().keyInfo.label, + sizeof(wrappedContainer.getWrappedKeyAndInfo().keyInfo.label)) == 0); +} + +BOOST_AUTO_TEST_CASE(container) +{ + CKM::KeyAndInfoContainer container; + BOOST_REQUIRE_NO_THROW(container.setKeyInfoKeyLength(10)); + CKM::KeyAndInfoContainer container2; + BOOST_REQUIRE_NO_THROW(container2.setKeyInfo(&container.getKeyAndInfo().keyInfo)); + + BOOST_REQUIRE( + container.getKeyAndInfo().keyInfo.keyLength == + container2.getKeyAndInfo().keyInfo.keyLength); +} + +BOOST_AUTO_TEST_CASE(moves) +{ + CKM::KeyProvider provider; + + try { + CKM::KeyProvider provider2(std::move(provider)); + CKM::KeyProvider provider3 = std::move(provider2); + } catch (...) { + BOOST_REQUIRE_MESSAGE(false, "Unknown exception on moving KeyProvider"); + } +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_key.cpp b/tests/test_key.cpp new file mode 100644 index 0000000..fa80504 --- /dev/null +++ b/tests/test_key.cpp @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +#include +#include + +namespace { +const std::string PUBKEY_PEM = + "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7Qxv\n" + "DKzyFCF3w9vC9IDE/Yr12w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh\n" + "7xk8qfEgH3daeDoV59IZ9r543KM+g8jm6KffYGX1bIJVVY5OhBRbO9nY6byYpd5k\n" + "bCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x54bxt/itMX4agHJ9ZC/r\n" + "rTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY+Cgw1Yoz\n" + "+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsq\n" + "GQIDAQAB\n" + "-----END PUBLIC KEY-----\n"; +} + +using namespace CKM; + +BOOST_AUTO_TEST_SUITE(KEY_TEST) + +BOOST_AUTO_TEST_CASE(constructors) +{ + RawBuffer keybuf(PUBKEY_PEM.begin(), PUBKEY_PEM.end()); + + KeyImpl key(keybuf); + BOOST_REQUIRE(!key.empty()); + + // valid key type case + BOOST_REQUIRE(!KeyImpl(key.getEvpShPtr(), KeyType::KEY_RSA_PUBLIC).empty()); + + // invalid key type cases + BOOST_REQUIRE(KeyImpl(key.getEvpShPtr(), KeyType::KEY_DSA_PUBLIC).empty()); + BOOST_REQUIRE(KeyImpl(key.getEvpShPtr(), KeyType::KEY_DSA_PRIVATE).empty()); + BOOST_REQUIRE(KeyImpl(key.getEvpShPtr(), KeyType::KEY_ECDSA_PUBLIC).empty()); + BOOST_REQUIRE(KeyImpl(key.getEvpShPtr(), KeyType::KEY_ECDSA_PRIVATE).empty()); + BOOST_REQUIRE(KeyImpl(key.getEvpShPtr(), KeyType::KEY_AES).empty()); + BOOST_REQUIRE(KeyImpl(key.getEvpShPtr(), static_cast(999999)).empty()); +} + +BOOST_AUTO_TEST_CASE(get_size) +{ + RawBuffer keybuf(PUBKEY_PEM.begin(), PUBKEY_PEM.end()); + + KeyImpl key(keybuf); + BOOST_REQUIRE(!key.empty()); + + // not ipmlemented yet but test for coverage. It'll just return 0 + BOOST_REQUIRE_NO_THROW(key.getSize()); +} + +BOOST_AUTO_TEST_SUITE_END() + +BOOST_AUTO_TEST_SUITE(AES_KEY_TEST) + +BOOST_AUTO_TEST_CASE(constructors) +{ + // invalid key size + RawBuffer keybuf({0x01, 0x02, 0x03, 0x04}); + BOOST_REQUIRE(!Key::createAES(keybuf)); + + keybuf.clear(); + for (size_t i = 0; i < 16; ++i) + keybuf.push_back(i); + BOOST_REQUIRE(Key::createAES(keybuf)); + + keybuf.clear(); + for (size_t i = 0; i < 24; ++i) + keybuf.push_back(i); + BOOST_REQUIRE(Key::createAES(keybuf)); + + keybuf.clear(); + for (size_t i = 0; i < 32; ++i) + keybuf.push_back(i); + BOOST_REQUIRE(Key::createAES(keybuf)); +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_log-provider.cpp b/tests/test_log-provider.cpp new file mode 100644 index 0000000..5d13104 --- /dev/null +++ b/tests/test_log-provider.cpp @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include +#include +#include +#include + +using namespace CKM; +using namespace CKM::Log; + +namespace { + +std::vector levels({ + AbstractLogProvider::LogLevel::Error, + AbstractLogProvider::LogLevel::Warning, + AbstractLogProvider::LogLevel::Info, + AbstractLogProvider::LogLevel::Debug, + AbstractLogProvider::LogLevel::Pedantic, + static_cast(999) +}); + +void testProvider(AbstractLogProvider &provider) +{ + for (auto level : levels) + BOOST_REQUIRE_NO_THROW(provider.Log( + level, "message", __FILE__, __LINE__, __func__)); + + BOOST_REQUIRE_NO_THROW(provider.SetTag("tag")); +} + +} // namespace anonymous + +BOOST_AUTO_TEST_SUITE(LOG_PROVIDER_TEST) + +BOOST_AUTO_TEST_CASE(oldstyle_backend) +{ + OldStyleLogProvider provider; + + testProvider(provider); +} + +BOOST_AUTO_TEST_CASE(journal_backend) +{ + JournalLogProvider provider; + + testProvider(provider); +} + +BOOST_AUTO_TEST_CASE(dlog_backend) +{ + DLOGLogProvider provider; + + testProvider(provider); +} + +BOOST_AUTO_TEST_CASE(log_system) +{ + LogSystem system; + + system.AddProvider(new OldStyleLogProvider); + system.AddProvider(new JournalLogProvider); + system.AddProvider(new DLOGLogProvider); + + for (auto level : levels) + BOOST_REQUIRE_NO_THROW(system.Log( + level, "message", __FILE__, __LINE__, __func__)); + + BOOST_REQUIRE_NO_THROW(system.SetTag("Test")); + + BOOST_REQUIRE_NO_THROW(system.SetLogLevel("5")); + BOOST_REQUIRE_NO_THROW(system.SetLogLevel("4")); + BOOST_REQUIRE_NO_THROW(system.SetLogLevel("3")); + BOOST_REQUIRE_NO_THROW(system.SetLogLevel("2")); + BOOST_REQUIRE_NO_THROW(system.SetLogLevel("1")); + BOOST_REQUIRE_NO_THROW(system.SetLogLevel("0")); + BOOST_REQUIRE(system.GetLogLevel() == AbstractLogProvider::LogLevel::None); + + BOOST_REQUIRE_NO_THROW(system.SelectProvider("DLOG")); + BOOST_REQUIRE_NO_THROW(system.SelectProvider("JOURNALD")); +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_ss-crypto.cpp b/tests/test_ss-crypto.cpp new file mode 100644 index 0000000..c009207 --- /dev/null +++ b/tests/test_ss-crypto.cpp @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include + +#include +#include + +using namespace CKM; + +namespace { + +RawBuffer readFile(const std::string &path) +{ + std::ifstream f(path.c_str(), std::ios::binary); + BOOST_REQUIRE_MESSAGE(f.is_open(), "Failed to open file: " << path); + + f.seekg(0, f.end); + auto len = f.tellg(); + BOOST_REQUIRE_MESSAGE(len > 0, "Failed to get file length: " << path); + + f.seekg(0, f.beg); + + RawBuffer buf(len, 0x00); + f.read(reinterpret_cast(buf.data()), buf.size()); + BOOST_REQUIRE_MESSAGE(!!f, "Failed to read file: " << path); + + return buf; +} + +} // namespace anonymous + +BOOST_AUTO_TEST_SUITE(SS_CRYPTO_TEST) + +BOOST_AUTO_TEST_CASE(decrypt) +{ + const std::string seed = "secure-storage::test1"; + const std::string path = std::string(SS_TEST_DIR) + "/" + seed + "/test-data-1"; + BOOST_REQUIRE(!SsMigration::decrypt(seed, readFile(path)).empty()); +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_stringify.cpp b/tests/test_stringify.cpp new file mode 100644 index 0000000..f4c5c7a --- /dev/null +++ b/tests/test_stringify.cpp @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include +#include + +BOOST_AUTO_TEST_SUITE(STRINGIFY_TEST) + +BOOST_AUTO_TEST_CASE(stringify_default) +{ + BOOST_REQUIRE(Stringify("a", "b", "c") == "abc"); + BOOST_REQUIRE(Stringify(std::string("a"), "b", "c") == "abc"); + BOOST_REQUIRE(Stringify().empty()); +} + +BOOST_AUTO_TEST_CASE(stringify_avoid) +{ + BOOST_REQUIRE(StringifyAvoid("a", "b", "c").empty()); + BOOST_REQUIRE(StringifyAvoid(std::string("a"), "b", "c").empty()); + BOOST_REQUIRE(StringifyAvoid().empty()); +} + +BOOST_AUTO_TEST_CASE(stringify_error) +{ + BOOST_REQUIRE(StringifyError("a", "b", "c") == "abc"); + BOOST_REQUIRE(StringifyError(std::string("a"), "b", "c") == "abc"); + BOOST_REQUIRE(StringifyError().empty()); +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/test_sw-backend.cpp b/tests/test_sw-backend.cpp new file mode 100644 index 0000000..603a1bf --- /dev/null +++ b/tests/test_sw-backend.cpp @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include + +#include "test_common.h" + +using namespace CKM; +using namespace CKM::Crypto::SW::Cipher; + +BOOST_AUTO_TEST_SUITE(SW_BACKEND_TEST) + +BOOST_AUTO_TEST_SUITE(CRYPTO) + +BOOST_AUTO_TEST_CASE(constructs) +{ + BOOST_REQUIRE_NO_THROW(AesCbcEncryption128(createRandom(16), createRandom(16))); + + BOOST_REQUIRE_THROW(AesCbcEncryption128(createRandom(16), createRandom(5)), + Exc::Crypto::InternalError); + BOOST_REQUIRE_THROW(AesCbcEncryption128(createRandom(17), createRandom(16)), + Exc::Crypto::InternalError); +} + +BOOST_AUTO_TEST_CASE(encryption_cbc) +{ + AesCbcEncryption128 cipher(createRandom(16), createRandom(16)); + + BOOST_REQUIRE_NO_THROW(cipher.Append(createRandom(10))); + BOOST_REQUIRE_NO_THROW(cipher.Finalize()); +} + +BOOST_AUTO_TEST_CASE(encryption_gcm) +{ + AesGcmEncryption128 cipher(createRandom(16), createRandom(16)); + + BOOST_REQUIRE_NO_THROW(cipher.AppendAAD(createRandom(10))); + BOOST_REQUIRE_NO_THROW(cipher.Append(createRandom(10))); + BOOST_REQUIRE_NO_THROW(cipher.Finalize()); +} + +BOOST_AUTO_TEST_SUITE_END() // CRYPTO + +BOOST_AUTO_TEST_SUITE_END() // SW_BACKEND_TEST diff --git a/tests/test_tz-backend.cpp b/tests/test_tz-backend.cpp new file mode 100644 index 0000000..745d3f8 --- /dev/null +++ b/tests/test_tz-backend.cpp @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include + +#include + +using namespace CKM; +using namespace CKM::Crypto; + +BOOST_AUTO_TEST_SUITE(TZ_BACKEND_TEST) + +BOOST_AUTO_TEST_CASE(store) +{ + TZ::Store store(static_cast(0)); + + BOOST_REQUIRE_THROW(store.getObject(Token(), Password()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(store.generateAKey(CryptoAlgorithm(), Password(), Password()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(store.import(Data(), Password()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_THROW(store.importEncrypted(Data(), Password(), DataEncryption()), + Exc::Crypto::OperationNotSupported); + BOOST_REQUIRE_NO_THROW(store.destroy(Token())); +} + +BOOST_AUTO_TEST_SUITE_END() -- 2.7.4 From 4455ee508bc764d55d55dbe8585cca623de7ad38 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Wed, 29 Mar 2017 17:18:37 +0900 Subject: [PATCH 14/16] Add %license macro for each sub package Change-Id: Iab00d7a0f4b4e19e30ab37d9bfe3dde755981fe2 Signed-off-by: Dongsun Lee --- packaging/key-manager.spec | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 8e40485..799164b 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -7,7 +7,7 @@ Summary: Central Key Manager and utilities Version: 0.1.23 Release: 1 Group: Security/Secure Storage -License: Apache-2.0 and BSL-1.0 and BSD-3-Clause +License: Apache-2.0 and BSD-3-Clause Source0: %{name}-%{version}.tar.gz Source1001: key-manager-pam-plugin.manifest Source1002: libkey-manager-client.manifest @@ -67,6 +67,7 @@ application to sign and verify (DSA/RSA/ECDSA) signatures. %package -n libkey-manager-common Summary: Central Key Manager (common libraries) Group: Security/Libraries +License: Apache-2.0 Requires(post): %{sbin_dir}/ldconfig Requires(postun): %{sbin_dir}/ldconfig @@ -76,6 +77,7 @@ Central Key Manager package (common library) %package -n libkey-manager-client Summary: Central Key Manager (client) Group: Security/Libraries +License: Apache-2.0 Requires: key-manager = %{version}-%{release} Requires: libkey-manager-common = %{version}-%{release} Requires(post): %{sbin_dir}/ldconfig @@ -87,6 +89,7 @@ Central Key Manager package (client) %package -n libkey-manager-client-devel Summary: Central Key Manager (client-devel) Group: Security/Development +License: Apache-2.0 BuildRequires: pkgconfig(capi-base-common) Requires: pkgconfig(capi-base-common) Requires: libkey-manager-client = %{version}-%{release} @@ -97,6 +100,7 @@ Central Key Manager package (client-devel) %package -n key-manager-tests Summary: Internal test for key-manager Group: Security/Testing +License: Apache-2.0 and BSL-1.0 BuildRequires: pkgconfig(libxml-2.0) Requires: boost-test Requires: key-manager = %{version}-%{release} @@ -107,6 +111,7 @@ Internal test for key-manager implementation. %package -n key-manager-pam-plugin Summary: CKM login/password module to PAM Group: Security/Libraries +License: Apache-2.0 BuildRequires: pam-devel Requires: key-manager = %{version}-%{release} Requires(post): %{sbin_dir}/ldconfig @@ -243,7 +248,6 @@ fi %files -n key-manager %manifest key-manager.manifest %license LICENSE -%license LICENSE.BSL-1.0 %license LICENSE.BSD-3-Clause %{bin_dir}/key-manager %{_unitdir}/multi-user.target.wants/central-key-manager.service @@ -274,10 +278,12 @@ fi %files -n key-manager-pam-plugin %manifest key-manager-pam-plugin.manifest +%license LICENSE %{_libdir}/security/pam_key_manager_plugin.so* %files -n libkey-manager-common %manifest libkey-manager-common.manifest +%license LICENSE %{_libdir}/libkey-manager-common.so.* %files -n libkey-manager-client @@ -288,6 +294,7 @@ fi %files -n libkey-manager-client-devel %manifest libkey-manager-client-devel.manifest +%license LICENSE %{_libdir}/libkey-manager-client.so %{_libdir}/libkey-manager-control-client.so %{_libdir}/libkey-manager-common.so @@ -309,6 +316,8 @@ fi %files -n key-manager-tests %manifest key-manager-tests.manifest +%license LICENSE +%license LICENSE.BSL-1.0 %{bin_dir}/ckm-tests-internal %{bin_dir}/ckm_so_loader %{bin_dir}/ckm_db_tool -- 2.7.4 From 21b2af039aeb0edf373d1678d926304ed024ada2 Mon Sep 17 00:00:00 2001 From: Piotr Sawicki Date: Thu, 6 Apr 2017 15:50:20 +0200 Subject: [PATCH 15/16] Fix issues detected by SVACE Fix possible memory leak in _toNewCkmCertList() Change-Id: I706332a37a48fb720b693b526425c03d2d04e0aa --- src/manager/client-capi/ckmc-manager.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index 53a183e..035430b 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -114,6 +114,7 @@ ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector ret = ckmc_cert_list_add(plist, pcert, &plist); if (ret != CKMC_ERROR_NONE) { + free(pcert); ckmc_cert_list_all_free(start); return nullptr; } -- 2.7.4 From c43d3b9266824c01f6d0e450b00aab47ff155181 Mon Sep 17 00:00:00 2001 From: Piotr Sawicki Date: Tue, 11 Apr 2017 16:35:58 +0200 Subject: [PATCH 16/16] Version 0.1.24 - Fix issues detected by the SVACE tool - Add internal test cases - Replace stringify template with macro - Update API documentation - CryptoLogic: Fix function name (CLEAR_FLAGS) and set max schema version - CryptoLogic: Clean up bit masking ENCR - Fix issues associated with OpenSSL and locking functions - Map System subdomains to System for sharing data between system services - Enable privilege check on control API - Use argos_watchdog - Add upgrade script for moving rw data - Return incomplete PKCS12 with exportable parts only - CAPI: add ckmc_alias_new() - Fix buffer overflow in sqlcipher.c - Adjust smack labels on ipc unix sockets - Add secure-storage data migration - Replace old exceptions with new ones - CAPI: Fix memory leak - Apply coding style rules - Change priorities of temporary directories used by sqlcipher.c - Change API visibility for mobile and wearable profiles - Hotfix: build error by warning on 64bit arch Change-Id: I40c4199a6c48392db0d79a91680048ad148959db --- packaging/key-manager.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 799164b..65fc982 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -4,7 +4,7 @@ Name: key-manager Summary: Central Key Manager and utilities -Version: 0.1.23 +Version: 0.1.24 Release: 1 Group: Security/Secure Storage License: Apache-2.0 and BSD-3-Clause -- 2.7.4