From 891379568381b38df849b98c466eeed809069bac Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Fri, 16 Dec 2016 14:22:57 +0900 Subject: [PATCH 01/16] Apply the result of English documentation reivew Change-Id: I3c8cf110fb96669f5e479c576e1d1bfad9428284 Signed-off-by: Dongsun Lee --- doc/key-manager-client_doc.h | 8 +- doc/key-manager-types_doc.h | 11 +- doc/key-manager_doc.h | 20 +- src/include/ckmc/ckmc-error.h | 54 +- src/include/ckmc/ckmc-manager.h | 1175 ++++++++++++++------------------------- src/include/ckmc/ckmc-type.h | 827 +++++++++++---------------- 6 files changed, 795 insertions(+), 1300 deletions(-) diff --git a/doc/key-manager-client_doc.h b/doc/key-manager-client_doc.h index 25720cc..b17a65c 100644 --- a/doc/key-manager-client_doc.h +++ b/doc/key-manager-client_doc.h @@ -13,13 +13,16 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + + #ifndef __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ + + /** * @ingroup CAPI_KEY_MANAGER_MODULE * @defgroup CAPI_KEY_MANAGER_CLIENT_MODULE Key Manager Client - * @brief It provides APIs accessing on the secure repository and additional secure cryptographic operations. - * + * @brief It provides APIs accessing on the secure repository and additional secure cryptographic operations. * @section CAPI_KEY_MANAGER_CLIENT_MODULE_HEADER Required Header * \#include * @@ -28,4 +31,5 @@ * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients. */ + #endif /* __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ */ diff --git a/doc/key-manager-types_doc.h b/doc/key-manager-types_doc.h index c13d822..e274dbd 100644 --- a/doc/key-manager-types_doc.h +++ b/doc/key-manager-types_doc.h @@ -13,20 +13,23 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + + #ifndef __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ + + /** * @ingroup CAPI_KEY_MANAGER_MODULE * @defgroup CAPI_KEY_MANAGER_TYPES_MODULE Key Manager Data Types - * @brief It defines data types used in these APIs and provides utility methods handling them. - * + * @brief It defines data types used in these APIs and provides utility methods handling them. * @section CAPI_KEY_MANAGER_TYPES_MODULE_HEADER Required Header * \#include * * @section CAPI_KEY_MANAGER_TYPES_MODULE_OVERVIEW Overview - * It defines data types for key, certificate,raw buffer, and linked list used in these APIs. + * It defines data types for key, certificate, raw buffer, and linked list used in these APIs. * It also provides new and free methods for them. - * */ + #endif /* __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ */ diff --git a/doc/key-manager_doc.h b/doc/key-manager_doc.h index d34293f..d9eb510 100644 --- a/doc/key-manager_doc.h +++ b/doc/key-manager_doc.h @@ -13,14 +13,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + + #ifndef __TIZEN_CORE_KEY_MANAGER_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_DOC_H__ + + /** * @ingroup CAPI_SECURITY_FRAMEWORK * @defgroup CAPI_KEY_MANAGER_MODULE Key Manager - * @brief The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs. - * Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients. - * + * @brief The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs. + * Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients. * @section CAPI_KEY_MANAGER_MODULE_OVERVIEW Overview * * @@ -33,18 +36,15 @@ * * *
APIDescription
Defines data types used in these APIs and provides utility methods handling them.
- * * It provides a secure repository for keys, certificates, and sensitive data of users and/or their APPs which are protected by Tizen platform. * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients. * * @image html capi_key_manager_overview_diagram.png - * * The key manager provides 2 types of API. * - secure repository APIs : These APIs provides storing, retrieving, and removing functions for keys, certificates, and data. * - secure crypto APIs : These APIs provides additional cryptographic operations (create asymmetric key pair, sign/verify signature, verify certificate). - * * Data Store Policy: - * A client can specify simple access rules when storing a data in Key Manager. + * A client can specify simple access rules when storing data in Key Manager. * - Exportable/Non-Exportable: * Only for data tagged as exportable, Key Manager returns the raw value of the data. * If data is tagged as non-exportable, Key Manager does not return its raw value. @@ -53,20 +53,18 @@ * All data in Key Manager is protected by Tizen platform. * Besides, a client can encrypt its data using its own password additionally. * If a client provides a password when storing a data, the data will be encrypted with the password. - * This password should be provided when get the data from Key Manager. - * + * This password should be provided when getting the data from Key Manager. * Data Access Control * - By default, only the owner of a data can access to the data. * - If the owner grants the access to other applications, those applications can read or delete the data from key-manager DB. * - When an application is deleted, the data and access control information granted by the application are also removed. - * * Alias Format * - The format of alias is "package_id name". * - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally. * - The client can specify only its own package id in the alias when storing a key, certificate, or data. * - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications. * - Aliases are returned as the format of "package_id name" from the key-manager. - * */ + #endif /* __TIZEN_CORE_KEY_MANAGER_DOC_H__ */ diff --git a/src/include/ckmc/ckmc-error.h b/src/include/ckmc/ckmc-error.h index 082c887..9153841 100644 --- a/src/include/ckmc/ckmc-error.h +++ b/src/include/ckmc/ckmc-error.h @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,9 +13,9 @@ * See the License for the specific language governing permissions and * limitations under the License * - * @file ckmc-error.h + * @file ckmc-error.h * @version 1.0 - * @brief This file contains error codes of the Key Manager. + * @brief This file contains error codes of the Key Manager. */ #ifndef __TIZEN_CORE_CKMC_ERROR_H_ #define __TIZEN_CORE_CKMC_ERROR_H_ @@ -31,37 +31,39 @@ extern "C" { * @{ */ + /** * @brief Enumeration for Key Manager Errors. * @since_tizen 2.3 */ typedef enum { - CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ - CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ - CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ - CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ - CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ + CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ + CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ + CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ + CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ + CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ - CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ - CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ - CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */ - CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */ - CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */ - CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Optional password which used when saving is incorrect */ - CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */ - CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */ - CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */ - CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */ - CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */ - CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */ - CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */ - CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */ - CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */ - CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< The data is saved as unexportable so it cannot be leaked */ - CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */ - CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */ + CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ + CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ + CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */ + CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */ + CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */ + CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Optional password which used when saving is incorrect */ + CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */ + CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */ + CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */ + CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */ + CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */ + CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */ + CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */ + CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */ + CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */ + CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< The data is saved as unexportable so it cannot be leaked */ + CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */ + CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */ } key_manager_error_e; + /** * @} */ diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index 1898129..33ca5b0 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,10 +14,10 @@ * limitations under the License * * - * @file ckmc-manager.h - * @version 1.0 - * @brief Provides management functions(storing, retrieving, and removing) for keys, - * certificates and data of a user and additional crypto functions. + * @file ckmc-manager.h + * @version 1.0 + * @brief Provides management functions(storing, retrieving, and removing) for keys, + * certificates and data of a user and additional crypto functions. */ @@ -42,74 +42,52 @@ extern "C" { /** * @brief Stores a key inside key manager based on the provided policy. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks Currently API supports seven types of keys. These are RSA public/private key, - * DSA public/private key, ECDSA public/private key and AES symmetric key. - * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside - * key manager during storing keys. - * @remarks Some private key files are protected by a password. If raw_key in key read from those - * encrypted files is encrypted with a password, the password should be provided in the - * #ckmc_key_s structure. - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] alias The name of a key to be stored - * @param[in] key The key's binary value to be stored - * @param[in] policy The policy about how to store a key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks Currently API supports seven types of keys. These are RSA public/private key, DSA public/private key, ECDSA public/private key, and AES symmetric key. + * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys. + * @remarks Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the + #ckmc_key_s structure. + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] alias The name of a key to be stored + * @param[in] key The key's binary value to be stored + * @param[in] policy The policy about how to store a key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_key() * @see ckmc_get_key_alias_list() * @see #ckmc_key_s * @see #ckmc_policy_s */ -int ckmc_save_key(const char *alias, const ckmc_key_s key, - const ckmc_policy_s policy); +int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a key from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove key, client must have remove permission to the specified key. * @remarks The key owner can remove by default. - * * @param[in] alias The name of a key to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_get_key() * @see ckmc_get_key_alias_list() @@ -117,72 +95,53 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, int ckmc_remove_key(const char *alias) TIZEN_DEPRECATED_API; + /** * @brief Gets a key from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no - * longer needed. - * - * @param[in] alias The name of a key to retrieve - * @param[in] password The password used in decrypting a key value \n - * If password of policy is provided in ckmc_save_key(), the same password - * should be provided. - * @param[out] ppkey The pointer to a newly created ckmc_key_s handle - * + * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no longer needed. + * @param[in] alias The name of a key to retrieve + * @param[in] password The password used in decrypting a key value \n + * If password of policy is provided in ckmc_save_key(), the same password should be provided. + * @param[out] ppkey The pointer to a newly created ckmc_key_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect. - * + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_remove_alias() * @see ckmc_get_key_alias_list() */ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey); + /** * @brief Gets all the alias of keys that the client can access. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() * if it is no longer needed. - * - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all - * available alias of keys \n - * If there is no available key alias, *ppalias_list will be null. - * + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all + * available alias of keys \n + * If there is no available key alias, *ppalias_list will be null * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_remove_alias() * @see ckmc_get_key() @@ -190,70 +149,50 @@ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey); int ckmc_get_key_alias_list(ckmc_alias_list_s **ppalias_list); - - /** * @brief Stores a certificate inside key manager based on the provided policy. - * * @since_tizen 2.3 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0 - * - * @remarks the certificate's binary value will be converted and saved as binary DER encoded - * certificates. - * - * @param[in] alias The name of a certificate to be stored - * @param[in] cert The certificate's binary value to be stored + * @remarks The certificate's binary value will be converted and saved as binary DER encoded certificates. + * @param[in] alias The name of a certificate to be stored + * @param[in] cert The certificate's binary value to be stored * @param[in] policy The policy about how to store a certificate securely - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_cert() * @see ckmc_get_cert_alias_list() * @see #ckmc_cert_s * @see #ckmc_policy_s */ -int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, - const ckmc_policy_s policy); +int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a certificate from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove certificate, client must have remove permission to the specified certificate. * @remarks The key owner can remove by default. - * * @param[in] alias The name of a certificate to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_cert() * @see ckmc_get_cert() * @see ckmc_get_cert_alias_list() @@ -261,74 +200,54 @@ int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, int ckmc_remove_cert(const char *alias) TIZEN_DEPRECATED_API; + /** * @brief Gets a certificate from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only certificate stored by the client. * @remarks A DER encoded certificate will be returned as a return value. - * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no - * longer needed. - * - * @param[in] alias The name of a certificate to retrieve + * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no longer needed. + * @param[in] alias The name of a certificate to retrieve * @param[in] password The password used in decrypting a certificate value \n * If password of policy is provided in ckmc_save_cert(), the same password - * should be provided. + * should be provided * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect. - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_cert() * @see ckmc_remove_alias() * @see ckmc_get_cert_alias_list() */ -int ckmc_get_cert(const char *alias, const char *password, - ckmc_cert_s **ppcert); +int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert); + /** * @brief Gets all alias of certificates which the client can access. * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() - * if it is no longer needed. - * - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all - * available alias of keys \n + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed. + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n * If there is no available key alias, *ppalias_list will be null. - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_cert() * @see ckmc_remove_alias() * @see ckmc_get_cert() @@ -336,34 +255,23 @@ int ckmc_get_cert(const char *alias, const char *password, int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list); - - /** - * @brief Stores PKCS12's contents inside key manager based on the provided policies. - * All items from the PKCS12 will use the same alias. - * + * @brief Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @param[in] alias The name of a data to be stored - * @param[in] pkcs Pointer to the pkcs12 structure to be saved - * @param[in] key_policy The policy about how to store pkcs's private key - * @param[in] cert_policy The policy about how to store pkcs's certificate - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @param[in] alias The name of a data to be stored + * @param[in] pkcs Pointer to the pkcs12 structure to be saved + * @param[in] key_policy The policy about how to store pkcs's private key + * @param[in] cert_policy The policy about how to store pkcs's certificate * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_pkcs12() * @see ckmc_get_data_alias_list() @@ -371,108 +279,77 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list); * @see #ckmc_pkcs12_s * @see #ckmc_policy_s */ -int ckmc_save_pkcs12(const char *alias, - const ckmc_pkcs12_s *pkcs, - const ckmc_policy_s key_policy, - const ckmc_policy_s cert_policy); +int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *pkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy); + /** * @brief Gets a pkcs12 from key manager. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no - * longer needed. - * - * @param[in] alias The name of a data to retrieve - * @param[in] key_password Password that was used to encrypt privateKey (may be NULL) - * @param[in] cert_password Password used to encrypt certificates (may be NULL) - * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle - * + * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no longer needed. + * @param[in] alias The name of a data to retrieve + * @param[in] key_password Password that was used to encrypt privateKey (may be NULL) + * @param[in] cert_password Password used to encrypt certificates (may be NULL) + * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * key_password or cert_password does not match with password - * used to encrypt data - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED key_password or cert_password does not match with password used to encrypt data * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_pkcs12() * @see ckmc_remove_alias() */ -int ckmc_get_pkcs12(const char *alias, const char *key_password, - const char *cert_password, ckmc_pkcs12_s **pkcs12); +int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12); + /** * @brief Stores a data inside key manager based on the provided policy. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @param[in] alias The name of a data to be stored - * @param[in] data The binary value to be stored + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @param[in] alias The name of a data to be stored + * @param[in] data The binary value to be stored * @param[in] policy The policy about how to store a data securely - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_data() * @see ckmc_get_data_alias_list() * @see #ckmc_raw_buffer_s * @see #ckmc_policy_s */ -int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, - const ckmc_policy_s policy); +int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a data from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove data, client must have remove permission to the specified data object. * @remarks The data owner can remove by default. - * * @param[in] alias The name of a data to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_data() * @see ckmc_get_data() * @see ckmc_get_data_alias_list() @@ -480,72 +357,52 @@ int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, int ckmc_remove_data(const char *alias) TIZEN_DEPRECATED_API; + /** * @brief Gets a data from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no * longer needed. - * - * @param[in] alias The name of a data to retrieve - * @param[in] password The password used in decrypting a data value \n - * If password of policy is provided in ckmc_save_data(), the same password - * should be provided. - * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle - * + * @param[in] alias The name of a data to retrieve + * @param[in] password The password used in decrypting a data value \n + * If password of policy is provided in ckmc_save_data(), the same password should be provided. + * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect. + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect. * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_data() * @see ckmc_remove_alias() * @see ckmc_get_data_alias_list() */ -int ckmc_get_data(const char *alias, const char *password, - ckmc_raw_buffer_s **ppdata); +int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata); + /** * @brief Gets all alias of data which the client can access. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() - * if it is no longer needed. - * - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all - * available alias of keys \n + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed. + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n * If there is no available key alias, *ppalias_list will be null. - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_data() * @see ckmc_remove_alias() * @see ckmc_get_data() @@ -553,205 +410,139 @@ int ckmc_get_data(const char *alias, const char *password, int ckmc_get_data_alias_list(ckmc_alias_list_s **ppalias_list); - - /** - * @brief Creates RSA private/public key pair and stores them inside key manager based on each - * policy. - * + * @brief Creates RSA private/public key pair and stores them inside key manager based on each policy. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] size The size of key strength to be created \n - * @c 1024, @c 2048, and @c 4096 are supported - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] size The size of key strength to be created \n + * @c 1024, @c 2048, and @c 4096 are supported + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_dsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() */ -int ckmc_create_key_pair_rsa(const size_t size, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key); +int ckmc_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); + /** - * @brief Creates DSA private/public key pair and stores them inside key manager based on each - * policy. - * + * @brief Creates DSA private/public key pair and stores them inside key manager based on each policy. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] size The size of key strength to be created \n - * @c 1024, @c 2048, @c 3072 and @c 4096 are supported - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] size The size of key strength to be created \n + * @c 1024, @c 2048, @c 3072 and @c 4096 are supported + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() */ -int ckmc_create_key_pair_dsa(const size_t size, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key); +int ckmc_create_key_pair_dsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); + /** - * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each - * policy. - * + * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each policy. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] type The type of elliptic curve of ECDSA - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] type The type of elliptic curve of ECDSA + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_dsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() * @see #ckmc_ec_type_e */ -int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key); +int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); + /** * @brief Creates AES key and stores it inside key manager based on the policy. - * * @since_tizen 3.0 - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] size The size of key strength to be created \n - * @c 128, @c 192 and @c 256 are supported - * @param[in] key_alias The name of key to be stored - * @param[in] key_policy The policy about how to store the key securely - * + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] size The size of key strength to be created \n + * @c 128, @c 192 and @c 256 are supported + * @param[in] key_alias The name of key to be stored + * @param[in] key_policy The policy about how to store the key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_dsa() * @see ckmc_create_key_pair_ecdsa() * @see #ckmc_policy_s */ -int ckmc_create_key_aes(size_t size, - const char *key_alias, - ckmc_policy_s key_policy); +int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_policy); + /** * @brief Creates a signature on a given message using a private key and returns the signature. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password of policy is provided during storing a key, the same password should be - * provided. - * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is - * no longer needed. - * - * @param[in] private_key_alias The name of private key - * @param[in] password The password used in decrypting a private key value - * @param[in] message The message that is signed with a private key - * @param[in] hash The hash algorithm used in creating signature - * @param[in] padding The RSA padding algorithm used in creating signature \n - * It is used only when the signature algorithm is RSA - * @param[out] ppsignature The pointer to a newly created signature \n - * If an error occurs, @a *ppsignature will be null - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password of policy is provided during storing a key, the same password should be provided. + * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is no longer needed. + * @param[in] private_key_alias The name of private key + * @param[in] password The password used in decrypting a private key value + * @param[in] message The message that is signed with a private key + * @param[in] hash The hash algorithm used in creating signature + * @param[in] padding The RSA padding algorithm used in creating signature \n + * It is used only when the signature algorithm is RSA + * @param[out] ppsignature The pointer to a newly created signature \n + * If an error occurs, @a *ppsignature will be null * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_verify_signature() @@ -759,344 +550,238 @@ int ckmc_create_key_aes(size_t size, * @see #ckmc_hash_algo_e * @see #ckmc_rsa_padding_algo_e */ -int ckmc_create_signature(const char *private_key_alias, - const char *password, - const ckmc_raw_buffer_s message, - const ckmc_hash_algo_e hash, - const ckmc_rsa_padding_algo_e padding, - ckmc_raw_buffer_s **ppsignature); +int ckmc_create_signature(const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature); + /** - * @brief Verifies a given signature on a given message using a public key and returns the signature - * status. - * + * @brief Verifies a given signature on a given message using a public key and returns the signature status. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password of policy is provided during storing a key, the same password should be - * provided. - * - * @param[in] public_key_alias The name of public key - * @param[in] password The password used in decrypting a public key value - * @param[in] message The input on which the signature is created - * @param[in] signature The signature that is verified with public key - * @param[in] hash The hash algorithm used in verifying signature - * @param[in] padding The RSA padding algorithm used in verifying signature \n - * It is used only when the signature algorithm is RSA - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password of policy is provided during storing a key, the same password should be provided. + * @param[in] public_key_alias The name of public key + * @param[in] password The password used in decrypting a public key value + * @param[in] message The input on which the signature is created + * @param[in] signature The signature that is verified with public key + * @param[in] hash The hash algorithm used in verifying signature + * @param[in] padding The RSA padding algorithm used in verifying signature \n + * It is used only when the signature algorithm is RSA * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_verify_signature() * @see #ckmc_hash_algo_e * @see #ckmc_rsa_padding_algo_e */ -int ckmc_verify_signature(const char *public_key_alias, - const char *password, - const ckmc_raw_buffer_s message, - const ckmc_raw_buffer_s signature, - const ckmc_hash_algo_e hash, - const ckmc_rsa_padding_algo_e padding); +int ckmc_verify_signature(const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding); + /** * @brief Verifies a certificate chain and returns that chain. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks The trusted root certificate of the chain should exist in the system's certificate - * storage. - * @remarks You must destroy the newly created @a ppcert_chain_list by calling - * ckmc_cert_list_all_free() if it is no longer needed. - * - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate - * chain + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks The trusted root certificate of the chain should exist in the system's certificate storage. + * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed. + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null - * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain(const ckmc_cert_s *cert, - const ckmc_cert_list_s *untrustedcerts, - ckmc_cert_list_s **ppcert_chain_list); +int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_get_cert_chain() instead] - * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that - * chain. - * + * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that chain. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks The trusted root certificate of the chain should exist in the system's certificate - * storage. - * @remarks You must destroy the newly created @a ppcert_chain_list by calling - * ckmc_cert_list_all_free() if it is no longer needed. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks The trusted root certificate of the chain should exist in the system's certificate storage. + * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed. * @remarks @a untrustedcerts shouldn't be protected with optional password. - * - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager - * to be used in verifying a certificate chain + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null - * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Some certificates were encrypted with password and could not - * be used - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Some certificates were encrypted with password and could not be used * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_get_cert_chain() * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, - const ckmc_alias_list_s *untrustedcerts, - ckmc_cert_list_s **ppcert_chain_list) +int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) TIZEN_DEPRECATED_API; + /** - * @brief Verifies a certificate chain and returns that chain using user entered trusted and - * untrusted CA certificates. - * + * @brief Verifies a certificate chain and returns that chain using user-entered, trusted, and untrusted CA certificates. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks If the trusted root certificates are provided as a user input, these certificates do not * need to exist in the system's certificate storage. * @remarks You must destroy the newly created @a ppcert_chain_list by calling * ckmc_cert_list_all_free() if it is no longer needed. - * - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a - * certificate chain - * @param[in] trustedcerts The trusted CA certificates to be used in verifying a - * certificate chain - * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates - * in the system's certificate storage + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain + * @param[in] trustedcerts The trusted CA certificates to be used in verifying a certificate chain + * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates in the system's certificate storage * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null - * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert, - const ckmc_cert_list_s *untrustedcerts, - const ckmc_cert_list_s *trustedcerts, - const bool use_trustedsystemcerts, - ckmc_cert_list_s **ppcert_chain_list); +int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, const ckmc_cert_list_s *trustedcerts, const bool use_trustedsystemcerts, ckmc_cert_list_s **ppcert_chain_list); + /** - * @brief Perform OCSP which checks certificate is whether revoked or not. - * + * @brief Perform OCSP that checks certificate is whether revoked or not. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif * @privlevel public * @privilege %http://tizen.org/privilege/internet - * - * @remarks %http://tizen.org/privilege/internet (public level privilege) is required - * to use this API instead of %http://tizen.org/privilege/keymanager (public - * level privilege) since 3.0. - * - * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check - * @param[out] ocsp_status The pointer to status result of OCSP check - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported - * + * @remarks %http://tizen.org/privilege/internet (public level privilege) is required to use this API instead of %http://tizen.org/privilege/keymanager (public + level privilege) since 3.0. + * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check + * @param[out] ocsp_status The pointer to status result of OCSP check + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or - * ckmc_get_certificate_chain_with_alias(). - * + * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or ckmc_get_certificate_chain_with_alias(). * @see ckmc_get_cert_chain()) * @see ckmc_cert_list_all_free() */ -int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, - ckmc_ocsp_status_e *ocsp_status); +int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead] * @brief Allows another application to access client's application data. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks Data identified by @a alias should exist. - * - * @param[in] alias Data alias for which access will be granted - * @param[in] accessor Package id of the application that will gain access rights - * @param[in] granted Rights granted for @a accessor application - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @param[in] alias Data alias for which access will be granted + * @param[in] accessor Package id of the application that will gain access rights + * @param[in] granted Rights granted for @a accessor application + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_deny_access() */ -int ckmc_allow_access(const char *alias, const char *accessor, - ckmc_access_right_e granted) +int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted) TIZEN_DEPRECATED_API; + /** * @brief Allows another application to access client's application data. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks Data identified by @a alias should exist. - * - * @param[in] alias Data alias for which access will be granted - * @param[in] accessor Package id of the application that will gain access rights + * @param[in] alias Data alias for which access will be granted + * @param[in] accessor Package id of the application that will gain access rights * @param[in] permissions Mask of permissions granted for @a accessor application - * (#ckmc_permission_e) + * (@a ckmc_permission_e) * (previous permission mask will be replaced with the new mask value) - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. */ -int ckmc_set_permission(const char *alias, const char *accessor, - int permissions); +int ckmc_set_permission(const char *alias, const char *accessor, int permissions); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead] * @brief Revokes another application's access to client's application data. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks Data identified by @a alias should exist. * @remarks Only access previously granted with ckmc_allow_access can be revoked. - * - * @param[in] alias Data alias for which access will be revoked - * @param[in] accessor Package id of the application that will lose access rights - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't - * have access to @a alias - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @param[in] alias Data alias for which access will be revoked + * @param[in] accessor Package id of the application that will lose access rights + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't have access to @a alias + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_allow_access() * @see ckmc_set_permission() */ int ckmc_deny_access(const char *alias, const char *accessor) TIZEN_DEPRECATED_API; + /** - * @brief Removes a an entry (no matter of type) from the key manager. - * + * @brief Removes an entry (no matter of type) from the key manager. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove item, client must have remove permission to the specified item. * @remarks The item owner can remove by default. - * * @param[in] alias Item alias to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_save_cert() * @see ckmc_save_data() @@ -1107,44 +792,35 @@ TIZEN_DEPRECATED_API; */ int ckmc_remove_alias(const char *alias); + /** * @brief Encrypts data using selected key and algorithm. - * * @since_tizen 3.0 - * * @remarks Key identified by @a key_alias should exist. - * - * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and - * #ckmc_algo_type_e for details - * @param[in] key_alias Alias of the key to be used for encryption - * @param[in] password The password used in decrypting a key value \n - * If password of policy is provided in ckmc_save_key(), the same - * password should be provided - * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no - * restrictions on the size of data. For RSA the size must be smaller - * or equal to key size in bytes - 42. Example: for 1024 RSA key the - * maximum data size is 1024/8 - 42 = 86. - * @param[out] ppencrypted Encrypted data (some algorithms may return additional information - * embedded in encrypted data. AES GCM is an example) \n - * The caller is responsible for freeing @a encrypted with - * ckmc_buffer_free() - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid - * mandatory algorithm parameter, decrypted = NULL, - * ppencrypted = NULL) - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Key decryption failed because password is incorrect - * + * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and + * #ckmc_algo_type_e for details + * @param[in] key_alias Alias of the key to be used for encryption + * @param[in] password The password used in decrypting a key value \n + * If password of the policy is provided in ckmc_save_key(), the same + * password should be provided + * @param[in] decrypted Data to be encrypted. In case of AES algorithm, there are no restrictions on the size of data. + * For RSA, the size must be smaller or equal to - 42. + * Example: for 1024 RSA key, the maximum data size is 1024/8 - 42 = 86 + * @param[out] ppencrypted Encrypted data (some algorithms may return additional information embedded in encrypted data. + * AES GCM is an example) \n + * The caller is responsible for freeing @a encrypted with ckmc_buffer_free() + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, decrypted = NULL, + * ppencrypted = NULL) + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_buffer_free() * @see ckmc_param_list_new() * @see ckmc_param_list_free() @@ -1155,48 +831,33 @@ int ckmc_remove_alias(const char *alias); * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_encrypt_data(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s decrypted, - ckmc_raw_buffer_s **ppencrypted); +int ckmc_encrypt_data(ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s decrypted, ckmc_raw_buffer_s **ppencrypted); + /** * @brief Decrypts data using selected key and algorithm. - * * @since_tizen 3.0 - * * @remarks Key identified by @a key_alias should exist. - * - * @param[in] params Algorithm parameter list handle. You should use the same parameters - * that were used for encryption. See #ckmc_param_list_h and - * #ckmc_algo_type_e for details - * @param[in] key_alias Alias of the key to be used for encryption - * @param[in] password The password used in decrypting a key value \n - * If password of policy is provided in ckmc_save_key(), the same - * password should be provided - * @param[in] encrypted Data to be decrypted (some algorithms may require additional - * information embedded in encrypted data. AES GCM is an example) - * @param[out] ppdecrypted Decrypted data \n - * The caller is responsible for freeing @a decrypted with - * ckmc_buffer_free() - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid - * mandatory algorithm parameter, encrypted = NULL, - * ppdecrypted = NULL) - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Key decryption failed because password is incorrect - * + * @param[in] params Algorithm parameter list handle. You should use the same parameters that were used for encryption. + * See #ckmc_param_list_h and #ckmc_algo_type_e for details + * @param[in] key_alias Alias of the key to be used for encryption + * @param[in] password The password used in decrypting a key value \n + * If password of the policy is provided in ckmc_save_key(), the same password should be provided + * @param[in] encrypted Data to be decrypted (some algorithms may require additional information embedded in encrypted data. AES GCM is an example) + * @param[out] ppdecrypted Decrypted data \n + * The caller is responsible for freeing @a decrypted with ckmc_buffer_free() + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, encrypted = NULL, + * ppdecrypted = NULL) + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_buffer_free() * @see ckmc_param_list_new() * @see ckmc_param_list_free() @@ -1207,11 +868,8 @@ int ckmc_encrypt_data(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_decrypt_data(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s encrypted, - ckmc_raw_buffer_s **ppdecrypted); +int ckmc_decrypt_data(ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s encrypted, ckmc_raw_buffer_s **ppdecrypted); + #ifdef __cplusplus } @@ -1221,5 +879,4 @@ int ckmc_decrypt_data(ckmc_param_list_h params, * @} */ - #endif /* __TIZEN_CORE_CKMC_MANAGER_H */ diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h index 86e99fe..9f41ad9 100644 --- a/src/include/ckmc/ckmc-type.h +++ b/src/include/ckmc/ckmc-type.h @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,11 +14,12 @@ * limitations under the License * * - * @file ckmc-type.h - * @version 1.0 - * @brief Definitions of struct for the Key Manager's CAPI and their utility functions. + * @file ckmc-type.h + * @version 1.0 + * @brief Definitions of struct for the Key Manager's CAPI and their utility functions. */ + #ifndef __TIZEN_CORE_CKMC_TYPE_H #define __TIZEN_CORE_CKMC_TYPE_H @@ -28,7 +29,6 @@ #define KEY_MANAGER_CAPI __attribute__((visibility("default"))) - #ifdef __cplusplus extern "C" { #endif @@ -41,219 +41,229 @@ extern "C" { /* * Note: on tizen 3.0 owner id is equal to pkgId. * Preinstalled system(uid < 5000) and user (uid >= 5000) applications - * does not have any pkgId. Thats why ckm uses special "virtual" + * does not have any pkgId. That's why ckm uses special "virtual" * pkgid for them. The virtual strings are defined under: - * ckmc_owner_id_system + * ckmc_ownerid_system + * ckmc_ownerid_user + * */ + /** * @deprecated Deprecated since 3.0. [Use ckmc_owner_id_separator instead] * @brief Separator between alias and label. - * * @since_tizen 2.3 - * * @remarks Alias can be provided as an alias alone, or together with label - in this * case, separator " " (space bar) is used to separate label and alias. - * * @see #ckmc_owner_id_separator + * @see key-manager_doc.h */ KEY_MANAGER_CAPI extern char const *const ckmc_label_name_separator; + /** * @brief Separator between alias and owner id. - * * @since_tizen 3.0 - * * @remarks Alias can be provided as an alias alone, or together with owner id. * In this case, separator " " (space bar) is used to separate id and alias. - * - * @see ckmc_alias_new() + * @see key-manager_doc.h */ KEY_MANAGER_CAPI extern char const *const ckmc_owner_id_separator; + /** * @brief The owner of system database. - * * @since_tizen 3.0 - * - * @remarks #ckmc_owner_id_system constains id connected with all system applications - * that run with uid less than 5000. - * @remarks Client should use #ckmc_owner_id_system to access data owned by system - * application and stored in system database. - * @remarks Client must have permission to access proper row. - * - * @see ckmc_alias_new() + * @remarks ckmc_owner_id_system constrains id connected with all SYSTEM applications that run with uid less than 5000. + * Client should use ckmc_owner_id_system to access data owned by system application and stored in system database. + * Note: Client must have permission to access proper row. */ KEY_MANAGER_CAPI extern char const *const ckmc_owner_id_system; + /** * @brief Enumeration for key types of key manager. * @since_tizen 2.3 */ typedef enum __ckmc_key_type { - CKMC_KEY_NONE = 0, /**< Key type not specified */ - CKMC_KEY_RSA_PUBLIC, /**< RSA public key */ - CKMC_KEY_RSA_PRIVATE, /**< RSA private key */ - CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */ - CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */ - CKMC_KEY_DSA_PUBLIC, /**< DSA public key */ - CKMC_KEY_DSA_PRIVATE, /**< DSA private key */ - CKMC_KEY_AES, /**< AES key */ + CKMC_KEY_NONE = 0, /**< Key type not specified */ + CKMC_KEY_RSA_PUBLIC, /**< RSA public key */ + CKMC_KEY_RSA_PRIVATE, /**< RSA private key */ + CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */ + CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */ + CKMC_KEY_DSA_PUBLIC, /**< DSA public key */ + CKMC_KEY_DSA_PRIVATE, /**< DSA private key */ + CKMC_KEY_AES, /**< AES key */ } ckmc_key_type_e; + /** * @brief Enumeration for data format. * @since_tizen 2.3 */ typedef enum __ckmc_data_format { - CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */ - CKMC_FORM_DER, /**< DER encoded data */ - CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded - with additional header and footer lines. */ + CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */ + CKMC_FORM_DER, /**< DER encoded data */ + CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded + with additional header and footer lines. */ } ckmc_data_format_e; + /** * @brief Enumeration for elliptic curve. * @since_tizen 2.3 */ typedef enum __ckmc_ec_type { - CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended - elliptic curve domain */ - CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */ - CKMC_EC_SECP384R1 /**< NIST curve P-384(covers "secp384r1", the elliptic curve domain - listed in See SEC 2 */ + CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended + elliptic curve domain */ + CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */ + CKMC_EC_SECP384R1 /**< NIST curve P-384(covers "secp384r1", the elliptic curve domain + listed in See SEC 2 */ } ckmc_ec_type_e; + /** * @brief Enumeration for hash algorithm. * @since_tizen 2.3 */ typedef enum __ckmc_hash_algo { CKMC_HASH_NONE = 0, /**< No Hash Algorithm */ - CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */ - CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */ - CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */ - CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */ + CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */ + CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */ + CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */ + CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */ } ckmc_hash_algo_e; + /** * @brief Enumeration for RSA padding algorithm. * @since_tizen 2.3 */ typedef enum __ckmc_rsa_padding_algo { - CKMC_NONE_PADDING = 0, /**< No Padding */ - CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */ - CKMC_X931_PADDING /**< X9.31 padding */ + CKMC_NONE_PADDING = 0, /**< No Padding */ + CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */ + CKMC_X931_PADDING /**< X9.31 padding */ } ckmc_rsa_padding_algo_e; + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_permission_e() instead] * @brief Enumeration for database access rights. * @since_tizen 2.3 */ typedef enum __ckmc_access_right { - CKMC_AR_READ = 0, /**< Access right for read*/ - CKMC_AR_READ_REMOVE /**< Access right for read and remove*/ + CKMC_AR_READ = 0, /**< Access right for read*/ + CKMC_AR_READ_REMOVE /**< Access right for read and remove*/ } ckmc_access_right_e; + /** * @brief Enumeration for permissions to access/modify alias. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef enum __ckmc_permission { - CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */ - CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */ - CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */ + CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */ + CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */ + CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */ } ckmc_permission_e; + /** * @brief The structure for binary buffer used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_raw_buff { unsigned char *data; /**< Byte array containing binary data */ - size_t size; /**< The size of the binary data */ + size_t size; /**< The size of the binary data */ } ckmc_raw_buffer_s; + /** * @brief The structure for a policy for storing key/certificate/binary data. * @since_tizen 2.3 */ typedef struct __ckmc_policy { - char *password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data - (or key, or certificate) is stored encrypted with this password inside - key manager */ + char *password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data + (or key, or certificate) is stored encrypted with this password inside + key manager */ bool extractable; /**< If true key may be extracted from storage */ } ckmc_policy_s; + /** * @brief The structure for key used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_key { unsigned char - *raw_key; /**< Byte array of key. raw_key may be encrypted with password */ - size_t key_size; /**< The byte size of raw_key */ + *raw_key; /**< Byte array of key. raw_key may be encrypted with password */ + size_t key_size; /**< The byte size of raw_key */ ckmc_key_type_e key_type; /**< The raw_key's type */ - char *password; /**< Byte array used to decrypt data raw_key inside key manager. */ + char *password; /**< Byte array used to decrypt data raw_key inside key manager. */ } ckmc_key_s; + /** * @brief The structure for certificate used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_cert { - unsigned char *raw_cert; /**< Byte array of certificate */ - size_t cert_size; /**< Byte size of raw_cert */ + unsigned char *raw_cert; /**< Byte array of certificate */ + size_t cert_size; /**< Byte size of raw_cert */ ckmc_data_format_e data_format; /**< Raw_cert's encoding format */ } ckmc_cert_s; + /** * @brief The structure for linked list of alias. * @since_tizen 2.3 */ typedef struct __ckmc_alias_list { - char *alias; /**< The name of key, certificate or data stored in key manager */ + char *alias; /**< The name of key, certificate or data stored in key manager */ struct __ckmc_alias_list *next; /**< The pointer pointing to the next ckmc_alias_list_s */ } ckmc_alias_list_s; + /** * @brief The structure for linked list of ckmc_cert_s * @since_tizen 2.3 */ typedef struct __ckmc_cert_list { - ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */ + ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */ struct __ckmc_cert_list *next; /**< The pointer pointing to the next ckmc_cert_list_s */ } ckmc_cert_list_s; + /** * @brief Enumeration for OCSP status. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef enum __ckmc_ocsp_status { - CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */ - CKMC_OCSP_STATUS_REVOKED, /**< The certificate is revoked */ - CKMC_OCSP_STATUS_UNKNOWN, /**< Unknown error */ - CKMC_OCSP_ERROR_UNSUPPORTED, /**< The certificate does not provide OCSP extension */ - CKMC_OCSP_ERROR_INVALID_URL, /**< The invalid URL in certificate OCSP extension */ - CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< The invalid response from OCSP server */ - CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */ - CKMC_OCSP_ERROR_NET, /**< Network connection error */ - CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */ + CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */ + CKMC_OCSP_STATUS_REVOKED, /**< The certificate is revoked */ + CKMC_OCSP_STATUS_UNKNOWN, /**< Unknown error */ + CKMC_OCSP_ERROR_UNSUPPORTED, /**< The certificate does not provide OCSP extension */ + CKMC_OCSP_ERROR_INVALID_URL, /**< The invalid URL in certificate OCSP extension */ + CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< The invalid response from OCSP server */ + CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */ + CKMC_OCSP_ERROR_NET, /**< Network connection error */ + CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */ } ckmc_ocsp_status_e; + /** * @brief The structure for PKCS12 used in key manager CAPI. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef struct __ckmc_pkcs12 { - ckmc_key_s *priv_key; /**< The private key, may be null */ - ckmc_cert_s *cert; /**< The certificate, may be null */ + ckmc_key_s *priv_key; /**< The private key, may be null */ + ckmc_cert_s *cert; /**< The certificate, may be null */ ckmc_cert_list_s *ca_chain; /**< The chain certificate list, may be null */ } ckmc_pkcs12_s; + /** * @brief Enumeration for crypto algorithm parameters. * @since_tizen 3.0 @@ -263,21 +273,19 @@ typedef struct __ckmc_pkcs12 { typedef enum __ckmc_param_name { CKMC_PARAM_ALGO_TYPE = 1, - CKMC_PARAM_ED_IV = 101, /**< 16B buffer (up to 2^64-1 bytes long in case of AES GCM) */ - CKMC_PARAM_ED_CTR_LEN, /**< integer - ctr length in bits*/ - CKMC_PARAM_ED_AAD, /**< buffer */ - CKMC_PARAM_ED_TAG_LEN, /**< integer - tag length in bits */ - CKMC_PARAM_ED_LABEL /**< buffer */ + CKMC_PARAM_ED_IV = 101, /**< 16B buffer (up to 2^64-1 bytes long in case of AES GCM) */ + CKMC_PARAM_ED_CTR_LEN, /**< integer - ctr length in bits*/ + CKMC_PARAM_ED_AAD, /**< buffer */ + CKMC_PARAM_ED_TAG_LEN, /**< integer - tag length in bits */ + CKMC_PARAM_ED_LABEL /**< buffer */ } ckmc_param_name_e; + /** - * @brief Handle for algorithm parameter list. + * @brief Algorithm parameter list handle. * @since_tizen 3.0 - * - * @remarks Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the - * algorithm. - * @remarks See #ckmc_algo_type_e for available algorithms and additional parameters they support. - * + * Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the + * algorithm. See #ckmc_algo_type_e for available algorithms and additional parameters they support. * @see ckmc_generate_new_params() * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() @@ -290,6 +298,7 @@ typedef enum __ckmc_param_name { */ typedef struct __ckmc_param_list *ckmc_param_list_h; + /** * @brief Enumeration for crypto algorithm types. * @since_tizen 3.0 @@ -297,272 +306,196 @@ typedef struct __ckmc_param_list *ckmc_param_list_h; * @see #ckmc_param_name_e */ typedef enum __ckmc_algo_type { - CKMC_ALGO_AES_CTR = 1, /**< AES-CTR algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CTR(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) - - CKMC_PARAM_ED_CTR_LEN = length of counter block in bits - (optional, only 128b is supported at the moment) */ - - CKMC_ALGO_AES_CBC, /**< AES-CBC algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CBC(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ - - CKMC_ALGO_AES_GCM, /**< AES-GCM algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_GCM(mandatory), - - CKMC_PARAM_ED_IV = initialization vector(mandatory) - - CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of - {32, 64, 96, 104, 112, 120, 128} (optional, if not present the - length 128 is used) - - CKMC_PARAM_ED_AAD = additional authentication data(optional) */ - - CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CFB(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ - - CKMC_ALGO_RSA_OAEP /**< RSA-OAEP algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_RSA_OAEP(required), - - CKMC_PARAM_ED_LABEL = label to be associated with the message - (optional, not supported at the moment) */ + CKMC_ALGO_AES_CTR = 1, /**< AES-CTR algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CTR(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) + - CKMC_PARAM_ED_CTR_LEN = length of counter block in bits + (optional, only 128b is supported at the moment) */ + + CKMC_ALGO_AES_CBC, /**< AES-CBC algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CBC(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ + + CKMC_ALGO_AES_GCM, /**< AES-GCM algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_GCM(mandatory), + - CKMC_PARAM_ED_IV = initialization vector(mandatory) + - CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of + {32, 64, 96, 104, 112, 120, 128} (optional, if not present, the + length 128 is used) + - CKMC_PARAM_ED_AAD = additional authentication data(optional) */ + + CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CFB(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ + + CKMC_ALGO_RSA_OAEP /**< RSA-OAEP algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_RSA_OAEP(required), + - CKMC_PARAM_ED_LABEL = label to be associated with the message + (optional, not supported at the moment) */ } ckmc_algo_type_e; -/** - * @brief Creates a new full alias which is a concatenation of @a owner_id and @a alias. - * - * @since_tizen 3.0 - * - * @remarks @a full_alias should be freed with free() after use. - * @remarks Returns #CKMC_ERROR_INVALID_PARAMETER if any of parameter is NULL. - * @remarks Returns #CKMC_ERROR_INVALID_PARAMETER if @a owner_id is empty. - * - * @param[in] owner_id Data owner's id. This should be package id if data owner is - * application. If you want to access data stored by system - * services, it should be #ckmc_owner_id_system - * @param[in] alias Data alias - * @param[out] full_alias The newly created alias which is a concatenation of - * @a owner_id, #ckmc_owner_id_separator and @a alias. - * Destroy by free() after use - * - * @return #CKMC_ERROR_NONE on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * - * @see #ckmc_owner_id_separator - * @see #ckmc_owner_id_system - */ -int ckmc_alias_new(const char *owner_id, const char *alias, char **full_alias); /** - * @brief Creates a new #ckmc_key_s handle and returns it. - * + * @brief Creates a new @a ckmc_key_s handle and returns it. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_key_s by calling ckmc_key_free() if it is no - * longer needed. - * - * @param[in] raw_key The byte array of key \n - * @a raw_key may be encrypted with password + * @remarks You must destroy the newly created @a ckmc_key_s by calling ckmc_key_free() if it is no longer needed. + * @param[in] raw_key The byte array of key \n + * @a raw_key may be encrypted with password * @param[in] key_size The byte size of @a raw_key * @param[in] key_type The @a raw_key's type * @param[in] password The byte array used to decrypt @a raw_key inside key manager \n * If @a raw_key is not encrypted, @a password can be null - * @param[out] ppkey The pointer to a newly created #ckmc_key_s handle - * + * @param[out] ppkey The pointer to a newly created @a ckmc_key_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory\ * @see ckmc_key_free() * @see #ckmc_key_s */ -int ckmc_key_new(unsigned char *raw_key, - size_t key_size, - ckmc_key_type_e key_type, - char *password, ckmc_key_s **ppkey); +int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey); + /** - * @brief Destroys the #ckmc_key_s handle and releases all its resources. - * + * @brief Destroys the @a ckmc_key_s handle and releases all its resources. * @since_tizen 2.3 - * - * @param[in] key The #ckmc_key_s handle to destroy + * @param[in] key The @a ckmc_key_s handle to destroy * */ void ckmc_key_free(ckmc_key_s *key); + /** - * @brief Creates a new #ckmc_raw_buffer_s handle and returns it. - * + * @brief Creates a new @a ckmc_raw_buffer_s handle and returns it. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_raw_buffer_s by calling ckmc_buffer_free() if - * it is no longer needed. - * - * @param[in] data The byte array of buffer - * @param[in] size The byte size of buffer - * @param[out] ppbuffer The pointer to a newly created #ckmc_raw_buffer_s handle - * + * @remarks You must destroy the newly created @a ckmc_raw_buffer_s by calling ckmc_buffer_free() if it is no longer needed. + * @param[in] data The byte array of buffer + * @param[in] size The byte size of buffer + * @param[out] ppbuffer The pointer to a newly created @a ckmc_buffer_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * * @see ckmc_buffer_free() * @see #ckmc_raw_buffer_s */ -int ckmc_buffer_new(unsigned char *data, size_t size, - ckmc_raw_buffer_s **ppbuffer); +int ckmc_buffer_new(unsigned char *data, size_t size, ckmc_raw_buffer_s **ppbuffer); + /** - * @brief Destroys the #ckmc_raw_buffer_s handle and releases all its resources. - * + * @brief Destroys the @a ckmc_raw_buffer_s handle and releases all its resources. * @since_tizen 2.3 - * - * @param[in] buffer The #ckmc_raw_buffer_s structure to destroy + * @param[in] buffer The @a ckmc_raw_buffer_s structure to destroy * */ void ckmc_buffer_free(ckmc_raw_buffer_s *buffer); + /** - * @brief Creates a new #ckmc_cert_s handle and returns it. - * + * @brief Creates a new @a ckmc_cert_s handle and returns it. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is - * no longer needed. - * - * @param[in] raw_cert The byte array of certificate - * @param[in] cert_size The byte size of raw_cert - * @param[in] data_format The encoding format of raw_cert - * @param[out] ppcert The pointer to a newly created #ckmc_cert_s handle - * + * @remarks You must destroy the newly created @a ckmc_cert_s by calling ckmc_cert_free() if it is no longer needed. + * @param[in] raw_cert The byte array of certificate + * @param[in] cert_size The byte size of raw_cert + * @param[in] data_format The encoding format of raw_cert + * @param[out] ppcert The pointer to a newly created @a ckmc_cert_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * * @see ckmc_cert_free() * @see ckmc_load_cert_from_file() * @see #ckmc_cert_s */ -int ckmc_cert_new(unsigned char *raw_cert, - size_t cert_size, - ckmc_data_format_e data_format, - ckmc_cert_s **ppcert); +int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert); + /** - * @brief Destroys the #ckmc_cert_s handle and releases all its resources. - * + * @brief Destroys the @a ckmc_cert handle and releases all its resources. * @since_tizen 2.3 - * - * @param[in] cert The #ckmc_cert_s handle to destroy - * + * @param[in] cert The @a ckmc_cert_s handle to destroy * @see ckmc_load_cert_from_file() + * @see ckmc_load_from_pkcs12_file */ void ckmc_cert_free(ckmc_cert_s *cert); + /** - * @brief Creates a new #ckmc_cert_s handle from a given file and returns it. - * + * @brief Creates a new @a ckmc_cert_s handle from a given file and returns it. * @since_tizen 2.3 - * - * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is - * no longer needed. - * - * @param[in] file_path The path of certificate file to be loaded \n - * The only DER or PEM encoded certificate file is supported - * @param[out] cert The pointer of newly created #ckmc_cert_s handle - * + * @remarks You must destroy the newly created @a ckmc_cert_s by calling ckmc_cert_free() if it is no longer needed. + * @param[in] file_path The path of certificate file to be loaded \n + * The only DER or PEM encoded certificate file is supported + * @param[out] cert The pointer of newly created @a ckmc_cert_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed * @see ckmc_cert_free() * @see #ckmc_cert_s */ int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert); + /** - * @brief Creates a new #ckmc_pkcs12_s handle and returns it. - * + * @brief Creates a new @a ckmc_pkcs12_s handle and returns it. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it - * is no longer needed. - * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly - * returned ckmc_pkcs12_s. - * - * @param[in] private_key #ckmc_key_s handle to the private key (optional) - * @param[in] cert #ckmc_cert_s handle to the certificate (optional) - * @param[in] ca_cert_list #ckmc_cert_list_s list of chain certificate handles (optional) - * @param[out] pkcs12_bundle The pointer to a newly created #ckmc_pkcs12_s handle - * + * @remarks You must destroy the newly created @a ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it is no longer needed. + * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly returned ckmc_pkcs12_s. + * @param[in] private_key @a ckmc_key_s handle to the private key (optional) + * @param[in] cert @a ckmc_cert_s handle to the certificate (optional) + * @param[in] ca_cert_list @a ckmc_cert_list_s list of chain certificate handles (optional) + * @param[out] pkcs12_bundle The pointer to a newly created @a ckmc_pkcs12_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and - * ca_cert_list all are null - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and ca_cert_list all are null + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_pkcs12_free() + * @see ckmc_load_from_pkcs12_file() * @see ckmc_pkcs12_load() * @see #ckmc_key_s * @see #ckmc_cert_s * @see #ckmc_cert_list_s * @see #ckmc_pkcs12_s */ -int ckmc_pkcs12_new(ckmc_key_s *private_key, - ckmc_cert_s *cert, - ckmc_cert_list_s *ca_cert_list, - ckmc_pkcs12_s **pkcs12_bundle); +int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert, ckmc_cert_list_s *ca_cert_list, ckmc_pkcs12_s **pkcs12_bundle); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_pkcs12_load() instead] - * @brief Creates a new #ckmc_key_s (@a private_key), #ckmc_cert_s (@a cert), and - * #ckmc_cert_list_s (@a ca_cert_list) handle from a given PKCS#12 file and returns them. - * + * @brief Creates a new @a ckmc_key_s(private key), @a ckmc_cert_s(certificate), and + * @a ckmc_cert_list_s(CA certificates) handle from a given PKCS#12 file and returns them. * @since_tizen 2.3 - * - * @remarks You must destroy the newly created #ckmc_key_s, #ckmc_cert_s, and - * #ckmc_cert_list_s by calling ckmc_key_free(), ckmc_cert_free(), and + * @remarks You must destroy the newly created @a ckmc_key_s, @a ckmc_cert_s and + * @a ckmc_cert_list_s by calling ckmc_key_free(), ckmc_cert_free(), and * ckmc_cert_list_all_free() if they are no longer needed. - * - * @param[in] file_path The path of PKCS12 file to be loaded - * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n - * If PKCS12 file is not encrypted, passphrase can be null - * @param[out] private_key The pointer of newly created #ckmc_key_s handle for a private key - * @param[out] cert The pointer of newly created #ckmc_cert_s handle for a certificate \n - * It is null if the PKCS12 file does not contain a certificate - * @param[out] ca_cert_list The pointer of newly created #ckmc_cert_list_s handle for CA - * certificates \n + * @param[in] file_path The path of PKCS12 file to be loaded + * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n + * If PKCS12 file is not encrypted, passphrase can be null + * @param[out] private_key The pointer of newly created @a ckmc_key_s handle for a private key + * @param[out] cert The pointer of newly created @a ckmc_cert_s handle for a certificate \n + * It is null if the PKCS12 file does not contain a certificate + * @param[out] ca_cert_list The pointer of newly created @a ckmc_cert_list_s handle for CA certificates \n * It is null if the PKCS12 file does not contain CA certificates - * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed * @see ckmc_pkcs12_new() * @see ckmc_pkcs12_load() * @see ckmc_key_free() @@ -572,230 +505,166 @@ int ckmc_pkcs12_new(ckmc_key_s *private_key, * @see #ckmc_cert_s * @see #ckmc_cert_list_s */ -int ckmc_load_from_pkcs12_file(const char *file_path, - const char *passphrase, - ckmc_key_s **private_key, ckmc_cert_s **cert, - ckmc_cert_list_s **ca_cert_list) +int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **cert, ckmc_cert_list_s **ca_cert_list) TIZEN_DEPRECATED_API; + /** - * @brief Creates a new #ckmc_pkcs12_s handle from a given PKCS#12 file and returns it. - * + * @brief Creates a new @a ckmc_pkcs12_s handle from a given PKCS#12 file and returns it. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if - * they are no longer needed. - * - * @param[in] file_path The path of PKCS12 file to be loaded - * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n - * If PKCS12 file is not encrypted, passphrase can be null - * @param[out] pkcs12_bundle The pointer of newly created #ckmc_cert_list_s handle for CA - * certificates \n - * It is null if the PKCS12 file does not contain CA certificates - * + * @remarks You must destroy the newly created @a ckmc_pkcs12_s by calling ckmc_pkcs12_free() if they are no longer needed. + * @param[in] file_path The path of PKCS12 file to be loaded + * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n + * If PKCS12 file is not encrypted, passphrase can be null + * @param[out] ca_cert_list The pointer of newly created @a ckmc_cert_list_s handle for CA certificates \n + * It is null if the PKCS12 file does not contain CA certificates * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed * @see ckmc_pkcs12_free() * @see #ckmc_pkcs12_s */ -int ckmc_pkcs12_load(const char *file_path, - const char *passphrase, - ckmc_pkcs12_s **pkcs12_bundle); +int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_s **pkcs12_bundle); + /** - * @brief Destroys the #ckmc_pkcs12_s handle and releases all its resources. - * + * @brief Destroys the @a ckmc_pkcs12_s handle and releases all its resources. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @param[in] pkcs12 The #ckmc_pkcs12_s handle to destroy - * + * @param[in] pkcs12 The @a ckmc_pkcs12_s handle to destroy * @see ckmc_pkcs12_new() * @see ckmc_pkcs12_load() */ void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12); + /** - * @brief Creates a new #ckmc_alias_list_s handle and returns it. - * The alias pointer in the returned #ckmc_alias_list_s handle points to the provided - * characters and next is null. - * + * @brief Creates a new @a ckmc_alias_list_s handle and returns it. + * The alias pointer in the returned @a ckmc_alias_list_s handle points to the provided characters and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_alias_list_s - * by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer - * needed. - * - * @param[in] alias The first item to be set in the newly created #ckmc_alias_list_s - * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle - * + * @remarks You must destroy the newly created @a ckmc_alias_list_s + * by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer needed. + * @param[in] alias The first item to be set in the newly created @a ckmc_alias_list_s + * @param[out] ppalias_list The pointer to a newly created @a ckmc_alias_list_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list); + /** - * @brief Creates a new #ckmc_alias_list_s handle, adds it to a previous #ckmc_alias_list_s and - * returns it. The alias pointer in the returned #ckmc_alias_list_s handle points to the - * provided characters and next is null. - * + * @brief Creates a new @a ckmc_alias_list_s handle, adds it to a previous @a ckmc_alias_list_s and returns it. + * The alias pointer in the returned @a ckmc_alias_list_s handle points to the provided characters and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @param[in] previous The last #ckmc_alias_list_s handle to which a newly created - * #ckmc_alias_list_s is added - * @param[in] alias The item to be set in the newly created #ckmc_alias_list_s - * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle - * + * @param[in] previous The last @a ckmc_alias_list_s handle to which a newly created @a ckmc_alias_list_s is added + * @param[in] alias The item to be set in the newly created @a ckmc_alias_list_s + * @param[out] pplast The pointer to a newly created and added @a ckmc_alias_list_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ -int ckmc_alias_list_add(ckmc_alias_list_s *previous, - char *alias, - ckmc_alias_list_s **pplast); +int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast); + /** - * @brief Destroys the #ckmc_alias_list_s handle and releases resources of #ckmc_alias_list_s - * from the provided first handle cascadingly. - * + * @brief Destroys the @a ckmc_alias_list_s handle and releases resources of @a ckmc_alias_list_s from the provided first handle cascadingly. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks It does not destroy an alias itself in #ckmc_alias_list_s. - * - * @param[in] first The first #ckmc_alias_list_s handle to destroy - * + * @remarks It does not destroy an alias itself in @a ckmc_alias_list_s. + * @param[in] first The first @a ckmc_alias_list_s handle to destroy * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ void ckmc_alias_list_free(ckmc_alias_list_s *first); + /** - * @brief Destroys the #ckmc_alias_list_s handle and releases all its resources from the provided - * first handle cascadingly. - * + * @brief Destroys the @a ckmc_alias_list_s handle and releases all its resources from the provided first handle cascadingly. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks It also destroys the alias in #ckmc_alias_list_s. - * - * @param[in] first The first #ckmc_alias_list_s handle to destroy - * + * @remarks It also destroys the alias in @a ckmc_alias_list_s. + * @param[in] first The first @a ckmc_alias_list_s handle to destroy * @see #ckmc_alias_list_s */ void ckmc_alias_list_all_free(ckmc_alias_list_s *first); + /** - * @brief Creates a new #ckmc_cert_list_s handle and returns it. - * The cert pointer in the returned #ckmc_cert_list_s handle points to the provided - * #ckmc_cert_s and next is null. - * + * @brief Creates a new @a ckmc_cert_list_s handle and returns it. + * The cert pointer in the returned @a ckmc_cert_list_s handle points to the provided @a ckmc_cert_s and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_cert_list_s by calling ckmc_cert_list_free() + * @remarks You must destroy the newly created @a ckmc_cert_list_s by calling ckmc_cert_list_free() * or ckmc_cert_list_all_free() if it is no longer needed. - * - * @param[in] cert The first item to be set in the newly created #ckmc_cert_list_s - * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle - * + * @param[in] cert The first item to be set in the newly created @a ckmc_cert_list_s + * @param[out] ppalias_list The pointer to a newly created @a ckmc_alias_list_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list); + /** - * @brief Creates a new #ckmc_cert_list_s handle, adds it to a previous #ckmc_cert_list_s and - * returns it. The cert pointer in the returned #ckmc_alias_list_s handle points to the - * provided #ckmc_cert_s and next is null. - * + * @brief Creates a new @a ckmc_cert_list_s handle, adds it to a previous @a ckmc_cert_list_s and returns it. + * The cert pointer in the returned @a ckmc_alias_list_s handle points to the provided @a ckmc_cert_s and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @param[in] previous The last #ckmc_cert_list_s handle to which a newly created - * #ckmc_cert_list_s is added - * @param[in] cert The item to be set in the newly created #ckmc_cert_list_s - * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle - * + * @param[in] previous The last @a ckmc_cert_list_s handle to which a newly created @a ckmc_cert_list_s is added + * @param[in] cert The item to be set in the newly created @a ckmc_cert_list_s + * @param[out] pplast The pointer to a newly created and added @a ckmc_alias_list_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ -int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, - ckmc_cert_list_s **pplast); +int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast); + /** - * @brief Destroys the #ckmc_cert_list_s handle and releases resources of #ckmc_cert_list_s - * from the provided first handle cascadingly. - * + * @brief Destroys the @a ckmc_cert_list_s handle and releases resources of @a ckmc_cert_list_s from the provided first handle cascadingly. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks It does not destroy #ckmc_cert_s itself in #ckmc_cert_list_s. - * - * @param[in] first The first #ckmc_cert_list_s handle to destroy - * + * @remarks It does not destroy @a ckmc_cert_s itself in @a ckmc_cert_list_s. + * @param[in] first The first @a ckmc_cert_list_s handle to destroy * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ void ckmc_cert_list_free(ckmc_cert_list_s *first); + /** - * @brief Destroys the #ckmc_cert_list_s handle and releases all its resources from the provided - * first handle cascadingly. - * + * @brief Destroys the @a ckmc_cert_list_s handle and releases all its resources from the provided first handle cascadingly. * @since_tizen 2.3 - * - * @remarks It also destroys #ckmc_cert_s in #ckmc_cert_list_s. - * - * @param[in] first The first #ckmc_cert_list_s handle to destroy - * + * @remarks It also destroys @a ckmc_cert_s in @a ckmc_cert_list_s. + * @param[in] first The first @a ckmc_cert_list_s handle to destroy * @see #ckmc_cert_list_s */ void ckmc_cert_list_all_free(ckmc_cert_list_s *first); + /** * @brief Creates new parameter list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for freeing it with ckmc_param_list_free(). - * - * @param[in] pparams Double pointer to the handle of param list to which the - * newly created algorithm param list will be assigned - * + * @param[in] pparams Double pointer to the handle of param list to which the newly created algorithm param list will be assigned * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() * @see ckmc_param_list_free() @@ -806,27 +675,21 @@ void ckmc_cert_list_all_free(ckmc_cert_list_s *first); */ int ckmc_param_list_new(ckmc_param_list_h *pparams); + /** * @brief Sets integer parameter to the list. - * * @since_tizen 3.0 - * - * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() \n - * New param with @a name and @a value will be set` here - * @param[in] name Name of parameter to set \n - * Existing parameter will be overwritten \n - * Passing invalid parameter name will result in an error - * @param[in] value Value of the parameter in form of a integer - * + * @remarks Caller is responsible for @a ckmc_param_list_h creation. + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() \n + * New param with @a name and @a value will be set here + * @param[in] name Name of parameter to set \n + * Existing parameter will be overwritten \n + * Passing invalid parameter name will result in an error + * @param[in] value Value of the parameter in form of an integer * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER nput parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_buffer() * @see ckmc_param_list_get_integer() @@ -837,32 +700,24 @@ int ckmc_param_list_new(ckmc_param_list_h *pparams); * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_set_integer(ckmc_param_list_h params, - ckmc_param_name_e name, - uint64_t value); +int ckmc_param_list_set_integer(ckmc_param_list_h params, ckmc_param_name_e name, uint64_t value); + /** * @brief Sets buffer parameter to the list. - * * @since_tizen 3.0 - * - * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() - * New param with @a name and @a buffer will be set here - * @param[in] name Name of parameter to set \n - * Existing parameter will be overwritten \n - * Passing invalid parameter name will result in an error - * @param[in] buffer Value of the parameter in form of a buffer \n - * Caller is responsible for creating and freeing the buffer - * + * @remarks Caller is responsible for @a ckmc_param_list_h creation. + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() + * New param with @a name and @a buffer will be set here + * @param[in] name Name of parameter to set \n + * Existing parameter will be overwritten \n + * Passing invalid parameter name will result in an error + * @param[in] buffer Value of the parameter in the form of a buffer \n + * Caller is responsible for creating and freeing the buffer * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_get_integer() @@ -873,29 +728,21 @@ int ckmc_param_list_set_integer(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_set_buffer(ckmc_param_list_h params, - ckmc_param_name_e name, - const ckmc_raw_buffer_s *buffer); +int ckmc_param_list_set_buffer(ckmc_param_list_h params, ckmc_param_name_e name, const ckmc_raw_buffer_s *buffer); + /** * @brief Gets integer parameter from the list. - * * @since_tizen 3.0 - * - * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() - * which contains param with @a name - * @param[in] name Name of parameter to get - * @param[out] pvalue Value of the parameter in form of a integer - * + * @remarks Caller is responsible for @a ckmc_param_list_h creation. + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() + * which contains param with @a name + * @param[in] name Name of parameter to get + * @param[out] pvalue Value of the parameter in the form of an integer * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -907,30 +754,22 @@ int ckmc_param_list_set_buffer(ckmc_param_list_h params, * @see #ckmc_algo_type_e */ -int ckmc_param_list_get_integer(ckmc_param_list_h params, - ckmc_param_name_e name, - uint64_t *pvalue); +int ckmc_param_list_get_integer(ckmc_param_list_h params, ckmc_param_name_e name, uint64_t *pvalue); + /** * @brief Gets buffer parameter from the list. - * * @since_tizen 3.0 - * - * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() - * which contains param with @a name - * @param[in] name Name of parameter to get + * @remarks Caller is responsible for @a ckmc_param_list_h creation. + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() + * which contains param with @a name + * @param[in] name Name of parameter to get * @param[out] ppbuffer Value of the parameter in form of a buffer \n * Caller is responsible for creating and freeing the buffer - * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -942,17 +781,13 @@ int ckmc_param_list_get_integer(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_get_buffer(ckmc_param_list_h params, - ckmc_param_name_e name, - ckmc_raw_buffer_s **ppbuffer); +int ckmc_param_list_get_buffer(ckmc_param_list_h params, ckmc_param_name_e name, ckmc_raw_buffer_s **ppbuffer); + /** * @brief Frees previously allocated list of algorithm params. - * * @since_tizen 3.0 - * - * @param[in] params First element of the list to be freed - * + * @param[in] first First element of the list to be freed * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -965,26 +800,21 @@ int ckmc_param_list_get_buffer(ckmc_param_list_h params, */ void ckmc_param_list_free(ckmc_param_list_h params); + /** * @brief Generates algorithm parameters for a given algorithm type and set them to the list. - * * @since_tizen 3.0 - * - * @remarks Caller is responsible for #ckmc_param_list_h destruction. + * @remarks Caller is responsible for @a ckmc_param_list_h destruction. * @remarks Algorithm parameters are set to default values. Optional fields are left empty. - * Initialization vectors are left empty (they have to be set manually). Caller is - * responsible for freeing the list with ckmc_param_list_free(). + * Initialization vectors are left empty (they have to be set manually). + * Caller is responsible for freeing the list with ckmc_param_list_free(). * @remarks If the function returns error, provided param list may contain some of default parameters. - * - * @param[in] type Type of the algorithm - * @param[out] pparams Newly generated handle of param list which should be freed by caller after used - * + * @param[in] type Type of the algorithm + * @param[out] pparams Newly generated handle of param list which should be freed by caller after use * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -997,6 +827,7 @@ void ckmc_param_list_free(ckmc_param_list_h params); */ int ckmc_generate_new_params(ckmc_algo_type_e type, ckmc_param_list_h *pparams); + /** * @} */ -- 2.7.4 From 6851efcb3bdf1d1519f3651e3f60ac304ad9e168 Mon Sep 17 00:00:00 2001 From: Dong Sun Lee Date: Mon, 19 Dec 2016 15:27:52 -0800 Subject: [PATCH 02/16] Revert "Apply the result of English documentation reivew" This reverts commit 891379568381b38df849b98c466eeed809069bac. Change-Id: Iec0ad8337b3bf150010bdf0948f64e5a9b6728fa --- doc/key-manager-client_doc.h | 8 +- doc/key-manager-types_doc.h | 11 +- doc/key-manager_doc.h | 20 +- src/include/ckmc/ckmc-error.h | 54 +- src/include/ckmc/ckmc-manager.h | 1175 +++++++++++++++++++++++++-------------- src/include/ckmc/ckmc-type.h | 827 ++++++++++++++++----------- 6 files changed, 1300 insertions(+), 795 deletions(-) diff --git a/doc/key-manager-client_doc.h b/doc/key-manager-client_doc.h index b17a65c..25720cc 100644 --- a/doc/key-manager-client_doc.h +++ b/doc/key-manager-client_doc.h @@ -13,16 +13,13 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - #ifndef __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ - - /** * @ingroup CAPI_KEY_MANAGER_MODULE * @defgroup CAPI_KEY_MANAGER_CLIENT_MODULE Key Manager Client - * @brief It provides APIs accessing on the secure repository and additional secure cryptographic operations. + * @brief It provides APIs accessing on the secure repository and additional secure cryptographic operations. + * * @section CAPI_KEY_MANAGER_CLIENT_MODULE_HEADER Required Header * \#include * @@ -31,5 +28,4 @@ * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients. */ - #endif /* __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ */ diff --git a/doc/key-manager-types_doc.h b/doc/key-manager-types_doc.h index e274dbd..c13d822 100644 --- a/doc/key-manager-types_doc.h +++ b/doc/key-manager-types_doc.h @@ -13,23 +13,20 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - #ifndef __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ - - /** * @ingroup CAPI_KEY_MANAGER_MODULE * @defgroup CAPI_KEY_MANAGER_TYPES_MODULE Key Manager Data Types - * @brief It defines data types used in these APIs and provides utility methods handling them. + * @brief It defines data types used in these APIs and provides utility methods handling them. + * * @section CAPI_KEY_MANAGER_TYPES_MODULE_HEADER Required Header * \#include * * @section CAPI_KEY_MANAGER_TYPES_MODULE_OVERVIEW Overview - * It defines data types for key, certificate, raw buffer, and linked list used in these APIs. + * It defines data types for key, certificate,raw buffer, and linked list used in these APIs. * It also provides new and free methods for them. + * */ - #endif /* __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ */ diff --git a/doc/key-manager_doc.h b/doc/key-manager_doc.h index d9eb510..d34293f 100644 --- a/doc/key-manager_doc.h +++ b/doc/key-manager_doc.h @@ -13,17 +13,14 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - #ifndef __TIZEN_CORE_KEY_MANAGER_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_DOC_H__ - - /** * @ingroup CAPI_SECURITY_FRAMEWORK * @defgroup CAPI_KEY_MANAGER_MODULE Key Manager - * @brief The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs. - * Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients. + * @brief The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs. + * Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients. + * * @section CAPI_KEY_MANAGER_MODULE_OVERVIEW Overview * * @@ -36,15 +33,18 @@ * * *
APIDescription
Defines data types used in these APIs and provides utility methods handling them.
+ * * It provides a secure repository for keys, certificates, and sensitive data of users and/or their APPs which are protected by Tizen platform. * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients. * * @image html capi_key_manager_overview_diagram.png + * * The key manager provides 2 types of API. * - secure repository APIs : These APIs provides storing, retrieving, and removing functions for keys, certificates, and data. * - secure crypto APIs : These APIs provides additional cryptographic operations (create asymmetric key pair, sign/verify signature, verify certificate). + * * Data Store Policy: - * A client can specify simple access rules when storing data in Key Manager. + * A client can specify simple access rules when storing a data in Key Manager. * - Exportable/Non-Exportable: * Only for data tagged as exportable, Key Manager returns the raw value of the data. * If data is tagged as non-exportable, Key Manager does not return its raw value. @@ -53,18 +53,20 @@ * All data in Key Manager is protected by Tizen platform. * Besides, a client can encrypt its data using its own password additionally. * If a client provides a password when storing a data, the data will be encrypted with the password. - * This password should be provided when getting the data from Key Manager. + * This password should be provided when get the data from Key Manager. + * * Data Access Control * - By default, only the owner of a data can access to the data. * - If the owner grants the access to other applications, those applications can read or delete the data from key-manager DB. * - When an application is deleted, the data and access control information granted by the application are also removed. + * * Alias Format * - The format of alias is "package_id name". * - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally. * - The client can specify only its own package id in the alias when storing a key, certificate, or data. * - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications. * - Aliases are returned as the format of "package_id name" from the key-manager. + * */ - #endif /* __TIZEN_CORE_KEY_MANAGER_DOC_H__ */ diff --git a/src/include/ckmc/ckmc-error.h b/src/include/ckmc/ckmc-error.h index 9153841..082c887 100644 --- a/src/include/ckmc/ckmc-error.h +++ b/src/include/ckmc/ckmc-error.h @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -13,9 +13,9 @@ * See the License for the specific language governing permissions and * limitations under the License * - * @file ckmc-error.h + * @file ckmc-error.h * @version 1.0 - * @brief This file contains error codes of the Key Manager. + * @brief This file contains error codes of the Key Manager. */ #ifndef __TIZEN_CORE_CKMC_ERROR_H_ #define __TIZEN_CORE_CKMC_ERROR_H_ @@ -31,39 +31,37 @@ extern "C" { * @{ */ - /** * @brief Enumeration for Key Manager Errors. * @since_tizen 2.3 */ typedef enum { - CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ - CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ - CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ - CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ - CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ + CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ + CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ + CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ + CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ + CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ - CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ - CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ - CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */ - CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */ - CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */ - CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Optional password which used when saving is incorrect */ - CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */ - CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */ - CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */ - CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */ - CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */ - CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */ - CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */ - CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */ - CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */ - CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< The data is saved as unexportable so it cannot be leaked */ - CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */ - CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */ + CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ + CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ + CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */ + CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */ + CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */ + CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Optional password which used when saving is incorrect */ + CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */ + CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */ + CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */ + CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */ + CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */ + CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */ + CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */ + CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */ + CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */ + CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< The data is saved as unexportable so it cannot be leaked */ + CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */ + CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */ } key_manager_error_e; - /** * @} */ diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index 33ca5b0..1898129 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,10 +14,10 @@ * limitations under the License * * - * @file ckmc-manager.h - * @version 1.0 - * @brief Provides management functions(storing, retrieving, and removing) for keys, - * certificates and data of a user and additional crypto functions. + * @file ckmc-manager.h + * @version 1.0 + * @brief Provides management functions(storing, retrieving, and removing) for keys, + * certificates and data of a user and additional crypto functions. */ @@ -42,52 +42,74 @@ extern "C" { /** * @brief Stores a key inside key manager based on the provided policy. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. - * @remarks Currently API supports seven types of keys. These are RSA public/private key, DSA public/private key, ECDSA public/private key, and AES symmetric key. - * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys. - * @remarks Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the - #ckmc_key_s structure. - * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. - * @param[in] alias The name of a key to be stored - * @param[in] key The key's binary value to be stored - * @param[in] policy The policy about how to store a key securely + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * + * @remarks Currently API supports seven types of keys. These are RSA public/private key, + * DSA public/private key, ECDSA public/private key and AES symmetric key. + * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside + * key manager during storing keys. + * @remarks Some private key files are protected by a password. If raw_key in key read from those + * encrypted files is encrypted with a password, the password should be provided in the + * #ckmc_key_s structure. + * @remarks If password in policy is provided, the key is additionally encrypted with the password + * in policy. + * + * @param[in] alias The name of a key to be stored + * @param[in] key The key's binary value to be stored + * @param[in] policy The policy about how to store a key securely + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful + * + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_remove_alias() * @see ckmc_get_key() * @see ckmc_get_key_alias_list() * @see #ckmc_key_s * @see #ckmc_policy_s */ -int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy); - +int ckmc_save_key(const char *alias, const ckmc_key_s key, + const ckmc_policy_s policy); /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a key from key manager. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks To remove key, client must have remove permission to the specified key. * @remarks The key owner can remove by default. + * * @param[in] alias The name of a key to be removed + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful + * + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_key() * @see ckmc_get_key() * @see ckmc_get_key_alias_list() @@ -95,53 +117,72 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s p int ckmc_remove_key(const char *alias) TIZEN_DEPRECATED_API; - /** * @brief Gets a key from key manager. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no longer needed. - * @param[in] alias The name of a key to retrieve - * @param[in] password The password used in decrypting a key value \n - * If password of policy is provided in ckmc_save_key(), the same password should be provided. - * @param[out] ppkey The pointer to a newly created ckmc_key_s handle + * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no + * longer needed. + * + * @param[in] alias The name of a key to retrieve + * @param[in] password The password used in decrypting a key value \n + * If password of policy is provided in ckmc_save_key(), the same password + * should be provided. + * @param[out] ppkey The pointer to a newly created ckmc_key_s handle + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful + * + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED + * Decryption failed because password is incorrect. + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_key() * @see ckmc_remove_alias() * @see ckmc_get_key_alias_list() */ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey); - /** * @brief Gets all the alias of keys that the client can access. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks A client can access only data stored by the client. * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() * if it is no longer needed. - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all - * available alias of keys \n - * If there is no available key alias, *ppalias_list will be null + * + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all + * available alias of keys \n + * If there is no available key alias, *ppalias_list will be null. + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful + * + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_key() * @see ckmc_remove_alias() * @see ckmc_get_key() @@ -149,50 +190,70 @@ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey); int ckmc_get_key_alias_list(ckmc_alias_list_s **ppalias_list); + + /** * @brief Stores a certificate inside key manager based on the provided policy. + * * @since_tizen 2.3 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0 - * @remarks The certificate's binary value will be converted and saved as binary DER encoded certificates. - * @param[in] alias The name of a certificate to be stored - * @param[in] cert The certificate's binary value to be stored + * + * @remarks the certificate's binary value will be converted and saved as binary DER encoded + * certificates. + * + * @param[in] alias The name of a certificate to be stored + * @param[in] cert The certificate's binary value to be stored * @param[in] policy The policy about how to store a certificate securely + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_remove_alias() * @see ckmc_get_cert() * @see ckmc_get_cert_alias_list() * @see #ckmc_cert_s * @see #ckmc_policy_s */ -int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy); - +int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, + const ckmc_policy_s policy); /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a certificate from key manager. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks To remove certificate, client must have remove permission to the specified certificate. * @remarks The key owner can remove by default. + * * @param[in] alias The name of a certificate to be removed + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_cert() * @see ckmc_get_cert() * @see ckmc_get_cert_alias_list() @@ -200,54 +261,74 @@ int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_ int ckmc_remove_cert(const char *alias) TIZEN_DEPRECATED_API; - /** * @brief Gets a certificate from key manager. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks A client can access only certificate stored by the client. * @remarks A DER encoded certificate will be returned as a return value. - * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no longer needed. - * @param[in] alias The name of a certificate to retrieve + * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no + * longer needed. + * + * @param[in] alias The name of a certificate to retrieve * @param[in] password The password used in decrypting a certificate value \n * If password of policy is provided in ckmc_save_cert(), the same password - * should be provided + * should be provided. * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED + * Decryption failed because password is incorrect. + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_cert() * @see ckmc_remove_alias() * @see ckmc_get_cert_alias_list() */ -int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert); - +int ckmc_get_cert(const char *alias, const char *password, + ckmc_cert_s **ppcert); /** * @brief Gets all alias of certificates which the client can access. * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed. - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() + * if it is no longer needed. + * + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all + * available alias of keys \n * If there is no available key alias, *ppalias_list will be null. + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_cert() * @see ckmc_remove_alias() * @see ckmc_get_cert() @@ -255,23 +336,34 @@ int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert) int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list); + + /** - * @brief Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias. + * @brief Stores PKCS12's contents inside key manager based on the provided policies. + * All items from the PKCS12 will use the same alias. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. - * @param[in] alias The name of a data to be stored - * @param[in] pkcs Pointer to the pkcs12 structure to be saved - * @param[in] key_policy The policy about how to store pkcs's private key - * @param[in] cert_policy The policy about how to store pkcs's certificate + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * + * @param[in] alias The name of a data to be stored + * @param[in] pkcs Pointer to the pkcs12 structure to be saved + * @param[in] key_policy The policy about how to store pkcs's private key + * @param[in] cert_policy The policy about how to store pkcs's certificate + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_remove_alias() * @see ckmc_get_pkcs12() * @see ckmc_get_data_alias_list() @@ -279,77 +371,108 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list); * @see #ckmc_pkcs12_s * @see #ckmc_policy_s */ -int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *pkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy); - +int ckmc_save_pkcs12(const char *alias, + const ckmc_pkcs12_s *pkcs, + const ckmc_policy_s key_policy, + const ckmc_policy_s cert_policy); /** * @brief Gets a pkcs12 from key manager. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no longer needed. - * @param[in] alias The name of a data to retrieve - * @param[in] key_password Password that was used to encrypt privateKey (may be NULL) - * @param[in] cert_password Password used to encrypt certificates (may be NULL) - * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle + * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no + * longer needed. + * + * @param[in] alias The name of a data to retrieve + * @param[in] key_password Password that was used to encrypt privateKey (may be NULL) + * @param[in] cert_password Password used to encrypt certificates (may be NULL) + * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED key_password or cert_password does not match with password used to encrypt data + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED + * key_password or cert_password does not match with password + * used to encrypt data + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_pkcs12() * @see ckmc_remove_alias() */ -int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12); - +int ckmc_get_pkcs12(const char *alias, const char *key_password, + const char *cert_password, ckmc_pkcs12_s **pkcs12); /** * @brief Stores a data inside key manager based on the provided policy. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. - * @param[in] alias The name of a data to be stored - * @param[in] data The binary value to be stored + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * + * @param[in] alias The name of a data to be stored + * @param[in] data The binary value to be stored * @param[in] policy The policy about how to store a data securely + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_remove_alias() * @see ckmc_get_data() * @see ckmc_get_data_alias_list() * @see #ckmc_raw_buffer_s * @see #ckmc_policy_s */ -int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy); - +int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, + const ckmc_policy_s policy); /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a data from key manager. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks To remove data, client must have remove permission to the specified data object. * @remarks The data owner can remove by default. + * * @param[in] alias The name of a data to be removed + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_data() * @see ckmc_get_data() * @see ckmc_get_data_alias_list() @@ -357,52 +480,72 @@ int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_ int ckmc_remove_data(const char *alias) TIZEN_DEPRECATED_API; - /** * @brief Gets a data from key manager. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks A client can access only data stored by the client. * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no * longer needed. - * @param[in] alias The name of a data to retrieve - * @param[in] password The password used in decrypting a data value \n - * If password of policy is provided in ckmc_save_data(), the same password should be provided. - * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle + * + * @param[in] alias The name of a data to retrieve + * @param[in] password The password used in decrypting a data value \n + * If password of policy is provided in ckmc_save_data(), the same password + * should be provided. + * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect. + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED + * Decryption failed because password is incorrect. * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_data() * @see ckmc_remove_alias() * @see ckmc_get_data_alias_list() */ -int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata); - +int ckmc_get_data(const char *alias, const char *password, + ckmc_raw_buffer_s **ppdata); /** * @brief Gets all alias of data which the client can access. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed. - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() + * if it is no longer needed. + * + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all + * available alias of keys \n * If there is no available key alias, *ppalias_list will be null. + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_data() * @see ckmc_remove_alias() * @see ckmc_get_data() @@ -410,139 +553,205 @@ int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **p int ckmc_get_data_alias_list(ckmc_alias_list_s **ppalias_list); + + /** - * @brief Creates RSA private/public key pair and stores them inside key manager based on each policy. + * @brief Creates RSA private/public key pair and stores them inside key manager based on each + * policy. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. - * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. - * @param[in] size The size of key strength to be created \n - * @c 1024, @c 2048, and @c 4096 are supported - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * + * @remarks If password in policy is provided, the key is additionally encrypted with the password + * in policy. + * + * @param[in] size The size of key strength to be created \n + * @c 1024, @c 2048, and @c 4096 are supported + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_create_key_pair_dsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() */ -int ckmc_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); - +int ckmc_create_key_pair_rsa(const size_t size, + const char *private_key_alias, + const char *public_key_alias, + const ckmc_policy_s policy_private_key, + const ckmc_policy_s policy_public_key); /** - * @brief Creates DSA private/public key pair and stores them inside key manager based on each policy. + * @brief Creates DSA private/public key pair and stores them inside key manager based on each + * policy. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. - * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. - * @param[in] size The size of key strength to be created \n - * @c 1024, @c 2048, @c 3072 and @c 4096 are supported - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * + * @remarks If password in policy is provided, the key is additionally encrypted with the password + * in policy. + * + * @param[in] size The size of key strength to be created \n + * @c 1024, @c 2048, @c 3072 and @c 4096 are supported + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() */ -int ckmc_create_key_pair_dsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); - +int ckmc_create_key_pair_dsa(const size_t size, + const char *private_key_alias, + const char *public_key_alias, + const ckmc_policy_s policy_private_key, + const ckmc_policy_s policy_public_key); /** - * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each policy. + * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each + * policy. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. - * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. - * @param[in] type The type of elliptic curve of ECDSA - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * + * @remarks If password in policy is provided, the key is additionally encrypted with the password + * in policy. + * + * @param[in] type The type of elliptic curve of ECDSA + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_dsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() * @see #ckmc_ec_type_e */ -int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); - +int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, + const char *private_key_alias, + const char *public_key_alias, + const ckmc_policy_s policy_private_key, + const ckmc_policy_s policy_public_key); /** * @brief Creates AES key and stores it inside key manager based on the policy. + * * @since_tizen 3.0 - * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. - * @param[in] size The size of key strength to be created \n - * @c 128, @c 192 and @c 256 are supported - * @param[in] key_alias The name of key to be stored - * @param[in] key_policy The policy about how to store the key securely + * + * @remarks If password in policy is provided, the key is additionally encrypted with the password + * in policy. + * + * @param[in] size The size of key strength to be created \n + * @c 128, @c 192 and @c 256 are supported + * @param[in] key_alias The name of key to be stored + * @param[in] key_policy The policy about how to store the key securely + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_dsa() * @see ckmc_create_key_pair_ecdsa() * @see #ckmc_policy_s */ -int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_policy); - +int ckmc_create_key_aes(size_t size, + const char *key_alias, + ckmc_policy_s key_policy); /** * @brief Creates a signature on a given message using a private key and returns the signature. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. - * @remarks If password of policy is provided during storing a key, the same password should be provided. - * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is no longer needed. - * @param[in] private_key_alias The name of private key - * @param[in] password The password used in decrypting a private key value - * @param[in] message The message that is signed with a private key - * @param[in] hash The hash algorithm used in creating signature - * @param[in] padding The RSA padding algorithm used in creating signature \n - * It is used only when the signature algorithm is RSA - * @param[out] ppsignature The pointer to a newly created signature \n - * If an error occurs, @a *ppsignature will be null + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * + * @remarks If password of policy is provided during storing a key, the same password should be + * provided. + * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is + * no longer needed. + * + * @param[in] private_key_alias The name of private key + * @param[in] password The password used in decrypting a private key value + * @param[in] message The message that is signed with a private key + * @param[in] hash The hash algorithm used in creating signature + * @param[in] padding The RSA padding algorithm used in creating signature \n + * It is used only when the signature algorithm is RSA + * @param[out] ppsignature The pointer to a newly created signature \n + * If an error occurs, @a *ppsignature will be null + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED + * Decryption failed because password is incorrect + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_verify_signature() @@ -550,238 +759,344 @@ int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_po * @see #ckmc_hash_algo_e * @see #ckmc_rsa_padding_algo_e */ -int ckmc_create_signature(const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature); - +int ckmc_create_signature(const char *private_key_alias, + const char *password, + const ckmc_raw_buffer_s message, + const ckmc_hash_algo_e hash, + const ckmc_rsa_padding_algo_e padding, + ckmc_raw_buffer_s **ppsignature); /** - * @brief Verifies a given signature on a given message using a public key and returns the signature status. + * @brief Verifies a given signature on a given message using a public key and returns the signature + * status. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. - * @remarks If password of policy is provided during storing a key, the same password should be provided. - * @param[in] public_key_alias The name of public key - * @param[in] password The password used in decrypting a public key value - * @param[in] message The input on which the signature is created - * @param[in] signature The signature that is verified with public key - * @param[in] hash The hash algorithm used in verifying signature - * @param[in] padding The RSA padding algorithm used in verifying signature \n - * It is used only when the signature algorithm is RSA + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * + * @remarks If password of policy is provided during storing a key, the same password should be + * provided. + * + * @param[in] public_key_alias The name of public key + * @param[in] password The password used in decrypting a public key value + * @param[in] message The input on which the signature is created + * @param[in] signature The signature that is verified with public key + * @param[in] hash The hash algorithm used in verifying signature + * @param[in] padding The RSA padding algorithm used in verifying signature \n + * It is used only when the signature algorithm is RSA + * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED + * Decryption failed because password is incorrect + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_verify_signature() * @see #ckmc_hash_algo_e * @see #ckmc_rsa_padding_algo_e */ -int ckmc_verify_signature(const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding); - +int ckmc_verify_signature(const char *public_key_alias, + const char *password, + const ckmc_raw_buffer_s message, + const ckmc_raw_buffer_s signature, + const ckmc_hash_algo_e hash, + const ckmc_rsa_padding_algo_e padding); /** * @brief Verifies a certificate chain and returns that chain. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. - * @remarks The trusted root certificate of the chain should exist in the system's certificate storage. - * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed. - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * + * @remarks The trusted root certificate of the chain should exist in the system's certificate + * storage. + * @remarks You must destroy the newly created @a ppcert_chain_list by calling + * ckmc_cert_list_all_free() if it is no longer needed. + * + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate + * chain * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null + * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED + * Decryption failed because password is incorrect + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list); - +int ckmc_get_cert_chain(const ckmc_cert_s *cert, + const ckmc_cert_list_s *untrustedcerts, + ckmc_cert_list_s **ppcert_chain_list); /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_get_cert_chain() instead] - * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that chain. + * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that + * chain. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. - * @remarks The trusted root certificate of the chain should exist in the system's certificate storage. - * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * + * @remarks The trusted root certificate of the chain should exist in the system's certificate + * storage. + * @remarks You must destroy the newly created @a ppcert_chain_list by calling + * ckmc_cert_list_all_free() if it is no longer needed. * @remarks @a untrustedcerts shouldn't be protected with optional password. - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain + * + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager + * to be used in verifying a certificate chain * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null + * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Some certificates were encrypted with password and could not be used + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED + * Some certificates were encrypted with password and could not + * be used + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_get_cert_chain() * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) +int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, + const ckmc_alias_list_s *untrustedcerts, + ckmc_cert_list_s **ppcert_chain_list) TIZEN_DEPRECATED_API; - /** - * @brief Verifies a certificate chain and returns that chain using user-entered, trusted, and untrusted CA certificates. + * @brief Verifies a certificate chain and returns that chain using user entered trusted and + * untrusted CA certificates. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks If the trusted root certificates are provided as a user input, these certificates do not * need to exist in the system's certificate storage. * @remarks You must destroy the newly created @a ppcert_chain_list by calling * ckmc_cert_list_all_free() if it is no longer needed. - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain - * @param[in] trustedcerts The trusted CA certificates to be used in verifying a certificate chain - * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates in the system's certificate storage + * + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a + * certificate chain + * @param[in] trustedcerts The trusted CA certificates to be used in verifying a + * certificate chain + * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates + * in the system's certificate storage * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null + * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, const ckmc_cert_list_s *trustedcerts, const bool use_trustedsystemcerts, ckmc_cert_list_s **ppcert_chain_list); - +int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert, + const ckmc_cert_list_s *untrustedcerts, + const ckmc_cert_list_s *trustedcerts, + const bool use_trustedsystemcerts, + ckmc_cert_list_s **ppcert_chain_list); /** - * @brief Perform OCSP that checks certificate is whether revoked or not. + * @brief Perform OCSP which checks certificate is whether revoked or not. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif * @privlevel public * @privilege %http://tizen.org/privilege/internet - * @remarks %http://tizen.org/privilege/internet (public level privilege) is required to use this API instead of %http://tizen.org/privilege/keymanager (public - level privilege) since 3.0. - * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check - * @param[out] ocsp_status The pointer to status result of OCSP check - * @return @c 0 on success, - * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported + * + * @remarks %http://tizen.org/privilege/internet (public level privilege) is required + * to use this API instead of %http://tizen.org/privilege/keymanager (public + * level privilege) since 3.0. + * + * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check + * @param[out] ocsp_status The pointer to status result of OCSP check + * + * @return @c 0 on success, otherwise a negative error value + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or ckmc_get_certificate_chain_with_alias(). + * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or + * ckmc_get_certificate_chain_with_alias(). + * * @see ckmc_get_cert_chain()) * @see ckmc_cert_list_all_free() */ -int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status); - +int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, + ckmc_ocsp_status_e *ocsp_status); /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead] * @brief Allows another application to access client's application data. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks Data identified by @a alias should exist. - * @param[in] alias Data alias for which access will be granted - * @param[in] accessor Package id of the application that will gain access rights - * @param[in] granted Rights granted for @a accessor application - * @return @c 0 on success, - * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @param[in] alias Data alias for which access will be granted + * @param[in] accessor Package id of the application that will gain access rights + * @param[in] granted Rights granted for @a accessor application + * + * @return @c 0 on success, otherwise a negative error value + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_deny_access() */ -int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted) +int ckmc_allow_access(const char *alias, const char *accessor, + ckmc_access_right_e granted) TIZEN_DEPRECATED_API; - /** * @brief Allows another application to access client's application data. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks Data identified by @a alias should exist. - * @param[in] alias Data alias for which access will be granted - * @param[in] accessor Package id of the application that will gain access rights + * + * @param[in] alias Data alias for which access will be granted + * @param[in] accessor Package id of the application that will gain access rights * @param[in] permissions Mask of permissions granted for @a accessor application - * (@a ckmc_permission_e) + * (#ckmc_permission_e) * (previous permission mask will be replaced with the new mask value) - * @return @c 0 on success, - * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @return @c 0 on success, otherwise a negative error value + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. */ -int ckmc_set_permission(const char *alias, const char *accessor, int permissions); - +int ckmc_set_permission(const char *alias, const char *accessor, + int permissions); /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead] * @brief Revokes another application's access to client's application data. + * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks Data identified by @a alias should exist. * @remarks Only access previously granted with ckmc_allow_access can be revoked. - * @param[in] alias Data alias for which access will be revoked - * @param[in] accessor Package id of the application that will lose access rights - * @return @c 0 on success, - * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't have access to @a alias - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * + * @param[in] alias Data alias for which access will be revoked + * @param[in] accessor Package id of the application that will lose access rights + * + * @return @c 0 on success, otherwise a negative error value + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't + * have access to @a alias + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_allow_access() * @see ckmc_set_permission() */ int ckmc_deny_access(const char *alias, const char *accessor) TIZEN_DEPRECATED_API; - /** - * @brief Removes an entry (no matter of type) from the key manager. + * @brief Removes a an entry (no matter of type) from the key manager. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer + * required to use this API since 3.0. + * * @remarks To remove item, client must have remove permission to the specified item. * @remarks The item owner can remove by default. + * * @param[in] alias Item alias to be removed + * * @return @c 0 on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful + * + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_save_key() * @see ckmc_save_cert() * @see ckmc_save_data() @@ -792,35 +1107,44 @@ TIZEN_DEPRECATED_API; */ int ckmc_remove_alias(const char *alias); - /** * @brief Encrypts data using selected key and algorithm. + * * @since_tizen 3.0 + * * @remarks Key identified by @a key_alias should exist. - * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and - * #ckmc_algo_type_e for details - * @param[in] key_alias Alias of the key to be used for encryption - * @param[in] password The password used in decrypting a key value \n - * If password of the policy is provided in ckmc_save_key(), the same - * password should be provided - * @param[in] decrypted Data to be encrypted. In case of AES algorithm, there are no restrictions on the size of data. - * For RSA, the size must be smaller or equal to - 42. - * Example: for 1024 RSA key, the maximum data size is 1024/8 - 42 = 86 - * @param[out] ppencrypted Encrypted data (some algorithms may return additional information embedded in encrypted data. - * AES GCM is an example) \n - * The caller is responsible for freeing @a encrypted with ckmc_buffer_free() - * @return @c 0 on success, - * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid - * mandatory algorithm parameter, decrypted = NULL, - * ppencrypted = NULL) - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect + * + * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and + * #ckmc_algo_type_e for details + * @param[in] key_alias Alias of the key to be used for encryption + * @param[in] password The password used in decrypting a key value \n + * If password of policy is provided in ckmc_save_key(), the same + * password should be provided + * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no + * restrictions on the size of data. For RSA the size must be smaller + * or equal to key size in bytes - 42. Example: for 1024 RSA key the + * maximum data size is 1024/8 - 42 = 86. + * @param[out] ppencrypted Encrypted data (some algorithms may return additional information + * embedded in encrypted data. AES GCM is an example) \n + * The caller is responsible for freeing @a encrypted with + * ckmc_buffer_free() + * + * @return @c 0 on success, otherwise a negative error value + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, decrypted = NULL, + * ppencrypted = NULL) + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED + * Key decryption failed because password is incorrect + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_buffer_free() * @see ckmc_param_list_new() * @see ckmc_param_list_free() @@ -831,33 +1155,48 @@ int ckmc_remove_alias(const char *alias); * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_encrypt_data(ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s decrypted, ckmc_raw_buffer_s **ppencrypted); - +int ckmc_encrypt_data(ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s decrypted, + ckmc_raw_buffer_s **ppencrypted); /** * @brief Decrypts data using selected key and algorithm. + * * @since_tizen 3.0 + * * @remarks Key identified by @a key_alias should exist. - * @param[in] params Algorithm parameter list handle. You should use the same parameters that were used for encryption. - * See #ckmc_param_list_h and #ckmc_algo_type_e for details - * @param[in] key_alias Alias of the key to be used for encryption - * @param[in] password The password used in decrypting a key value \n - * If password of the policy is provided in ckmc_save_key(), the same password should be provided - * @param[in] encrypted Data to be decrypted (some algorithms may require additional information embedded in encrypted data. AES GCM is an example) - * @param[out] ppdecrypted Decrypted data \n - * The caller is responsible for freeing @a decrypted with ckmc_buffer_free() - * @return @c 0 on success, - * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid - * mandatory algorithm parameter, encrypted = NULL, - * ppdecrypted = NULL) - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect + * + * @param[in] params Algorithm parameter list handle. You should use the same parameters + * that were used for encryption. See #ckmc_param_list_h and + * #ckmc_algo_type_e for details + * @param[in] key_alias Alias of the key to be used for encryption + * @param[in] password The password used in decrypting a key value \n + * If password of policy is provided in ckmc_save_key(), the same + * password should be provided + * @param[in] encrypted Data to be decrypted (some algorithms may require additional + * information embedded in encrypted data. AES GCM is an example) + * @param[out] ppdecrypted Decrypted data \n + * The caller is responsible for freeing @a decrypted with + * ckmc_buffer_free() + * + * @return @c 0 on success, otherwise a negative error value + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, encrypted = NULL, + * ppdecrypted = NULL) + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged + * in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED + * Key decryption failed because password is incorrect + * * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * * @see ckmc_buffer_free() * @see ckmc_param_list_new() * @see ckmc_param_list_free() @@ -868,8 +1207,11 @@ int ckmc_encrypt_data(ckmc_param_list_h params, const char *key_alias, const cha * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_decrypt_data(ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s encrypted, ckmc_raw_buffer_s **ppdecrypted); - +int ckmc_decrypt_data(ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s encrypted, + ckmc_raw_buffer_s **ppdecrypted); #ifdef __cplusplus } @@ -879,4 +1221,5 @@ int ckmc_decrypt_data(ckmc_param_list_h params, const char *key_alias, const cha * @} */ + #endif /* __TIZEN_CORE_CKMC_MANAGER_H */ diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h index 9f41ad9..86e99fe 100644 --- a/src/include/ckmc/ckmc-type.h +++ b/src/include/ckmc/ckmc-type.h @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -14,12 +14,11 @@ * limitations under the License * * - * @file ckmc-type.h - * @version 1.0 - * @brief Definitions of struct for the Key Manager's CAPI and their utility functions. + * @file ckmc-type.h + * @version 1.0 + * @brief Definitions of struct for the Key Manager's CAPI and their utility functions. */ - #ifndef __TIZEN_CORE_CKMC_TYPE_H #define __TIZEN_CORE_CKMC_TYPE_H @@ -29,6 +28,7 @@ #define KEY_MANAGER_CAPI __attribute__((visibility("default"))) + #ifdef __cplusplus extern "C" { #endif @@ -41,229 +41,219 @@ extern "C" { /* * Note: on tizen 3.0 owner id is equal to pkgId. * Preinstalled system(uid < 5000) and user (uid >= 5000) applications - * does not have any pkgId. That's why ckm uses special "virtual" + * does not have any pkgId. Thats why ckm uses special "virtual" * pkgid for them. The virtual strings are defined under: - * ckmc_ownerid_system - * ckmc_ownerid_user - * + * ckmc_owner_id_system */ - /** * @deprecated Deprecated since 3.0. [Use ckmc_owner_id_separator instead] * @brief Separator between alias and label. + * * @since_tizen 2.3 + * * @remarks Alias can be provided as an alias alone, or together with label - in this * case, separator " " (space bar) is used to separate label and alias. + * * @see #ckmc_owner_id_separator - * @see key-manager_doc.h */ KEY_MANAGER_CAPI extern char const *const ckmc_label_name_separator; - /** * @brief Separator between alias and owner id. + * * @since_tizen 3.0 + * * @remarks Alias can be provided as an alias alone, or together with owner id. * In this case, separator " " (space bar) is used to separate id and alias. - * @see key-manager_doc.h + * + * @see ckmc_alias_new() */ KEY_MANAGER_CAPI extern char const *const ckmc_owner_id_separator; - /** * @brief The owner of system database. + * * @since_tizen 3.0 - * @remarks ckmc_owner_id_system constrains id connected with all SYSTEM applications that run with uid less than 5000. - * Client should use ckmc_owner_id_system to access data owned by system application and stored in system database. - * Note: Client must have permission to access proper row. + * + * @remarks #ckmc_owner_id_system constains id connected with all system applications + * that run with uid less than 5000. + * @remarks Client should use #ckmc_owner_id_system to access data owned by system + * application and stored in system database. + * @remarks Client must have permission to access proper row. + * + * @see ckmc_alias_new() */ KEY_MANAGER_CAPI extern char const *const ckmc_owner_id_system; - /** * @brief Enumeration for key types of key manager. * @since_tizen 2.3 */ typedef enum __ckmc_key_type { - CKMC_KEY_NONE = 0, /**< Key type not specified */ - CKMC_KEY_RSA_PUBLIC, /**< RSA public key */ - CKMC_KEY_RSA_PRIVATE, /**< RSA private key */ - CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */ - CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */ - CKMC_KEY_DSA_PUBLIC, /**< DSA public key */ - CKMC_KEY_DSA_PRIVATE, /**< DSA private key */ - CKMC_KEY_AES, /**< AES key */ + CKMC_KEY_NONE = 0, /**< Key type not specified */ + CKMC_KEY_RSA_PUBLIC, /**< RSA public key */ + CKMC_KEY_RSA_PRIVATE, /**< RSA private key */ + CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */ + CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */ + CKMC_KEY_DSA_PUBLIC, /**< DSA public key */ + CKMC_KEY_DSA_PRIVATE, /**< DSA private key */ + CKMC_KEY_AES, /**< AES key */ } ckmc_key_type_e; - /** * @brief Enumeration for data format. * @since_tizen 2.3 */ typedef enum __ckmc_data_format { - CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */ - CKMC_FORM_DER, /**< DER encoded data */ - CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded - with additional header and footer lines. */ + CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */ + CKMC_FORM_DER, /**< DER encoded data */ + CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded + with additional header and footer lines. */ } ckmc_data_format_e; - /** * @brief Enumeration for elliptic curve. * @since_tizen 2.3 */ typedef enum __ckmc_ec_type { - CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended - elliptic curve domain */ - CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */ - CKMC_EC_SECP384R1 /**< NIST curve P-384(covers "secp384r1", the elliptic curve domain - listed in See SEC 2 */ + CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended + elliptic curve domain */ + CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */ + CKMC_EC_SECP384R1 /**< NIST curve P-384(covers "secp384r1", the elliptic curve domain + listed in See SEC 2 */ } ckmc_ec_type_e; - /** * @brief Enumeration for hash algorithm. * @since_tizen 2.3 */ typedef enum __ckmc_hash_algo { CKMC_HASH_NONE = 0, /**< No Hash Algorithm */ - CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */ - CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */ - CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */ - CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */ + CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */ + CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */ + CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */ + CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */ } ckmc_hash_algo_e; - /** * @brief Enumeration for RSA padding algorithm. * @since_tizen 2.3 */ typedef enum __ckmc_rsa_padding_algo { - CKMC_NONE_PADDING = 0, /**< No Padding */ - CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */ - CKMC_X931_PADDING /**< X9.31 padding */ + CKMC_NONE_PADDING = 0, /**< No Padding */ + CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */ + CKMC_X931_PADDING /**< X9.31 padding */ } ckmc_rsa_padding_algo_e; - /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_permission_e() instead] * @brief Enumeration for database access rights. * @since_tizen 2.3 */ typedef enum __ckmc_access_right { - CKMC_AR_READ = 0, /**< Access right for read*/ - CKMC_AR_READ_REMOVE /**< Access right for read and remove*/ + CKMC_AR_READ = 0, /**< Access right for read*/ + CKMC_AR_READ_REMOVE /**< Access right for read and remove*/ } ckmc_access_right_e; - /** * @brief Enumeration for permissions to access/modify alias. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef enum __ckmc_permission { - CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */ - CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */ - CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */ + CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */ + CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */ + CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */ } ckmc_permission_e; - /** * @brief The structure for binary buffer used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_raw_buff { unsigned char *data; /**< Byte array containing binary data */ - size_t size; /**< The size of the binary data */ + size_t size; /**< The size of the binary data */ } ckmc_raw_buffer_s; - /** * @brief The structure for a policy for storing key/certificate/binary data. * @since_tizen 2.3 */ typedef struct __ckmc_policy { - char *password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data - (or key, or certificate) is stored encrypted with this password inside - key manager */ + char *password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data + (or key, or certificate) is stored encrypted with this password inside + key manager */ bool extractable; /**< If true key may be extracted from storage */ } ckmc_policy_s; - /** * @brief The structure for key used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_key { unsigned char - *raw_key; /**< Byte array of key. raw_key may be encrypted with password */ - size_t key_size; /**< The byte size of raw_key */ + *raw_key; /**< Byte array of key. raw_key may be encrypted with password */ + size_t key_size; /**< The byte size of raw_key */ ckmc_key_type_e key_type; /**< The raw_key's type */ - char *password; /**< Byte array used to decrypt data raw_key inside key manager. */ + char *password; /**< Byte array used to decrypt data raw_key inside key manager. */ } ckmc_key_s; - /** * @brief The structure for certificate used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_cert { - unsigned char *raw_cert; /**< Byte array of certificate */ - size_t cert_size; /**< Byte size of raw_cert */ + unsigned char *raw_cert; /**< Byte array of certificate */ + size_t cert_size; /**< Byte size of raw_cert */ ckmc_data_format_e data_format; /**< Raw_cert's encoding format */ } ckmc_cert_s; - /** * @brief The structure for linked list of alias. * @since_tizen 2.3 */ typedef struct __ckmc_alias_list { - char *alias; /**< The name of key, certificate or data stored in key manager */ + char *alias; /**< The name of key, certificate or data stored in key manager */ struct __ckmc_alias_list *next; /**< The pointer pointing to the next ckmc_alias_list_s */ } ckmc_alias_list_s; - /** * @brief The structure for linked list of ckmc_cert_s * @since_tizen 2.3 */ typedef struct __ckmc_cert_list { - ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */ + ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */ struct __ckmc_cert_list *next; /**< The pointer pointing to the next ckmc_cert_list_s */ } ckmc_cert_list_s; - /** * @brief Enumeration for OCSP status. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef enum __ckmc_ocsp_status { - CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */ - CKMC_OCSP_STATUS_REVOKED, /**< The certificate is revoked */ - CKMC_OCSP_STATUS_UNKNOWN, /**< Unknown error */ - CKMC_OCSP_ERROR_UNSUPPORTED, /**< The certificate does not provide OCSP extension */ - CKMC_OCSP_ERROR_INVALID_URL, /**< The invalid URL in certificate OCSP extension */ - CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< The invalid response from OCSP server */ - CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */ - CKMC_OCSP_ERROR_NET, /**< Network connection error */ - CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */ + CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */ + CKMC_OCSP_STATUS_REVOKED, /**< The certificate is revoked */ + CKMC_OCSP_STATUS_UNKNOWN, /**< Unknown error */ + CKMC_OCSP_ERROR_UNSUPPORTED, /**< The certificate does not provide OCSP extension */ + CKMC_OCSP_ERROR_INVALID_URL, /**< The invalid URL in certificate OCSP extension */ + CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< The invalid response from OCSP server */ + CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */ + CKMC_OCSP_ERROR_NET, /**< Network connection error */ + CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */ } ckmc_ocsp_status_e; - /** * @brief The structure for PKCS12 used in key manager CAPI. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef struct __ckmc_pkcs12 { - ckmc_key_s *priv_key; /**< The private key, may be null */ - ckmc_cert_s *cert; /**< The certificate, may be null */ + ckmc_key_s *priv_key; /**< The private key, may be null */ + ckmc_cert_s *cert; /**< The certificate, may be null */ ckmc_cert_list_s *ca_chain; /**< The chain certificate list, may be null */ } ckmc_pkcs12_s; - /** * @brief Enumeration for crypto algorithm parameters. * @since_tizen 3.0 @@ -273,19 +263,21 @@ typedef struct __ckmc_pkcs12 { typedef enum __ckmc_param_name { CKMC_PARAM_ALGO_TYPE = 1, - CKMC_PARAM_ED_IV = 101, /**< 16B buffer (up to 2^64-1 bytes long in case of AES GCM) */ - CKMC_PARAM_ED_CTR_LEN, /**< integer - ctr length in bits*/ - CKMC_PARAM_ED_AAD, /**< buffer */ - CKMC_PARAM_ED_TAG_LEN, /**< integer - tag length in bits */ - CKMC_PARAM_ED_LABEL /**< buffer */ + CKMC_PARAM_ED_IV = 101, /**< 16B buffer (up to 2^64-1 bytes long in case of AES GCM) */ + CKMC_PARAM_ED_CTR_LEN, /**< integer - ctr length in bits*/ + CKMC_PARAM_ED_AAD, /**< buffer */ + CKMC_PARAM_ED_TAG_LEN, /**< integer - tag length in bits */ + CKMC_PARAM_ED_LABEL /**< buffer */ } ckmc_param_name_e; - /** - * @brief Algorithm parameter list handle. + * @brief Handle for algorithm parameter list. * @since_tizen 3.0 - * Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the - * algorithm. See #ckmc_algo_type_e for available algorithms and additional parameters they support. + * + * @remarks Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the + * algorithm. + * @remarks See #ckmc_algo_type_e for available algorithms and additional parameters they support. + * * @see ckmc_generate_new_params() * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() @@ -298,7 +290,6 @@ typedef enum __ckmc_param_name { */ typedef struct __ckmc_param_list *ckmc_param_list_h; - /** * @brief Enumeration for crypto algorithm types. * @since_tizen 3.0 @@ -306,196 +297,272 @@ typedef struct __ckmc_param_list *ckmc_param_list_h; * @see #ckmc_param_name_e */ typedef enum __ckmc_algo_type { - CKMC_ALGO_AES_CTR = 1, /**< AES-CTR algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CTR(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) - - CKMC_PARAM_ED_CTR_LEN = length of counter block in bits - (optional, only 128b is supported at the moment) */ - - CKMC_ALGO_AES_CBC, /**< AES-CBC algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CBC(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ - - CKMC_ALGO_AES_GCM, /**< AES-GCM algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_GCM(mandatory), - - CKMC_PARAM_ED_IV = initialization vector(mandatory) - - CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of - {32, 64, 96, 104, 112, 120, 128} (optional, if not present, the - length 128 is used) - - CKMC_PARAM_ED_AAD = additional authentication data(optional) */ - - CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CFB(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ - - CKMC_ALGO_RSA_OAEP /**< RSA-OAEP algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_RSA_OAEP(required), - - CKMC_PARAM_ED_LABEL = label to be associated with the message - (optional, not supported at the moment) */ + CKMC_ALGO_AES_CTR = 1, /**< AES-CTR algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CTR(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) + - CKMC_PARAM_ED_CTR_LEN = length of counter block in bits + (optional, only 128b is supported at the moment) */ + + CKMC_ALGO_AES_CBC, /**< AES-CBC algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CBC(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ + + CKMC_ALGO_AES_GCM, /**< AES-GCM algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_GCM(mandatory), + - CKMC_PARAM_ED_IV = initialization vector(mandatory) + - CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of + {32, 64, 96, 104, 112, 120, 128} (optional, if not present the + length 128 is used) + - CKMC_PARAM_ED_AAD = additional authentication data(optional) */ + + CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CFB(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ + + CKMC_ALGO_RSA_OAEP /**< RSA-OAEP algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_RSA_OAEP(required), + - CKMC_PARAM_ED_LABEL = label to be associated with the message + (optional, not supported at the moment) */ } ckmc_algo_type_e; +/** + * @brief Creates a new full alias which is a concatenation of @a owner_id and @a alias. + * + * @since_tizen 3.0 + * + * @remarks @a full_alias should be freed with free() after use. + * @remarks Returns #CKMC_ERROR_INVALID_PARAMETER if any of parameter is NULL. + * @remarks Returns #CKMC_ERROR_INVALID_PARAMETER if @a owner_id is empty. + * + * @param[in] owner_id Data owner's id. This should be package id if data owner is + * application. If you want to access data stored by system + * services, it should be #ckmc_owner_id_system + * @param[in] alias Data alias + * @param[out] full_alias The newly created alias which is a concatenation of + * @a owner_id, #ckmc_owner_id_separator and @a alias. + * Destroy by free() after use + * + * @return #CKMC_ERROR_NONE on success, otherwise a negative error value + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * + * @see #ckmc_owner_id_separator + * @see #ckmc_owner_id_system + */ +int ckmc_alias_new(const char *owner_id, const char *alias, char **full_alias); /** - * @brief Creates a new @a ckmc_key_s handle and returns it. + * @brief Creates a new #ckmc_key_s handle and returns it. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks You must destroy the newly created @a ckmc_key_s by calling ckmc_key_free() if it is no longer needed. - * @param[in] raw_key The byte array of key \n - * @a raw_key may be encrypted with password + * + * @remarks You must destroy the newly created #ckmc_key_s by calling ckmc_key_free() if it is no + * longer needed. + * + * @param[in] raw_key The byte array of key \n + * @a raw_key may be encrypted with password * @param[in] key_size The byte size of @a raw_key * @param[in] key_type The @a raw_key's type * @param[in] password The byte array used to decrypt @a raw_key inside key manager \n * If @a raw_key is not encrypted, @a password can be null - * @param[out] ppkey The pointer to a newly created @a ckmc_key_s handle + * @param[out] ppkey The pointer to a newly created #ckmc_key_s handle + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful + * + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory\ + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * * @see ckmc_key_free() * @see #ckmc_key_s */ -int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey); - +int ckmc_key_new(unsigned char *raw_key, + size_t key_size, + ckmc_key_type_e key_type, + char *password, ckmc_key_s **ppkey); /** - * @brief Destroys the @a ckmc_key_s handle and releases all its resources. + * @brief Destroys the #ckmc_key_s handle and releases all its resources. + * * @since_tizen 2.3 - * @param[in] key The @a ckmc_key_s handle to destroy + * + * @param[in] key The #ckmc_key_s handle to destroy * */ void ckmc_key_free(ckmc_key_s *key); - /** - * @brief Creates a new @a ckmc_raw_buffer_s handle and returns it. + * @brief Creates a new #ckmc_raw_buffer_s handle and returns it. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks You must destroy the newly created @a ckmc_raw_buffer_s by calling ckmc_buffer_free() if it is no longer needed. - * @param[in] data The byte array of buffer - * @param[in] size The byte size of buffer - * @param[out] ppbuffer The pointer to a newly created @a ckmc_buffer_s handle + * + * @remarks You must destroy the newly created #ckmc_raw_buffer_s by calling ckmc_buffer_free() if + * it is no longer needed. + * + * @param[in] data The byte array of buffer + * @param[in] size The byte size of buffer + * @param[out] ppbuffer The pointer to a newly created #ckmc_raw_buffer_s handle + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * * @see ckmc_buffer_free() * @see #ckmc_raw_buffer_s */ -int ckmc_buffer_new(unsigned char *data, size_t size, ckmc_raw_buffer_s **ppbuffer); - +int ckmc_buffer_new(unsigned char *data, size_t size, + ckmc_raw_buffer_s **ppbuffer); /** - * @brief Destroys the @a ckmc_raw_buffer_s handle and releases all its resources. + * @brief Destroys the #ckmc_raw_buffer_s handle and releases all its resources. + * * @since_tizen 2.3 - * @param[in] buffer The @a ckmc_raw_buffer_s structure to destroy + * + * @param[in] buffer The #ckmc_raw_buffer_s structure to destroy * */ void ckmc_buffer_free(ckmc_raw_buffer_s *buffer); - /** - * @brief Creates a new @a ckmc_cert_s handle and returns it. + * @brief Creates a new #ckmc_cert_s handle and returns it. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks You must destroy the newly created @a ckmc_cert_s by calling ckmc_cert_free() if it is no longer needed. - * @param[in] raw_cert The byte array of certificate - * @param[in] cert_size The byte size of raw_cert - * @param[in] data_format The encoding format of raw_cert - * @param[out] ppcert The pointer to a newly created @a ckmc_cert_s handle + * + * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is + * no longer needed. + * + * @param[in] raw_cert The byte array of certificate + * @param[in] cert_size The byte size of raw_cert + * @param[in] data_format The encoding format of raw_cert + * @param[out] ppcert The pointer to a newly created #ckmc_cert_s handle + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * * @see ckmc_cert_free() * @see ckmc_load_cert_from_file() * @see #ckmc_cert_s */ -int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert); - +int ckmc_cert_new(unsigned char *raw_cert, + size_t cert_size, + ckmc_data_format_e data_format, + ckmc_cert_s **ppcert); /** - * @brief Destroys the @a ckmc_cert handle and releases all its resources. + * @brief Destroys the #ckmc_cert_s handle and releases all its resources. + * * @since_tizen 2.3 - * @param[in] cert The @a ckmc_cert_s handle to destroy + * + * @param[in] cert The #ckmc_cert_s handle to destroy + * * @see ckmc_load_cert_from_file() - * @see ckmc_load_from_pkcs12_file */ void ckmc_cert_free(ckmc_cert_s *cert); - /** - * @brief Creates a new @a ckmc_cert_s handle from a given file and returns it. + * @brief Creates a new #ckmc_cert_s handle from a given file and returns it. + * * @since_tizen 2.3 - * @remarks You must destroy the newly created @a ckmc_cert_s by calling ckmc_cert_free() if it is no longer needed. - * @param[in] file_path The path of certificate file to be loaded \n - * The only DER or PEM encoded certificate file is supported - * @param[out] cert The pointer of newly created @a ckmc_cert_s handle + * + * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is + * no longer needed. + * + * @param[in] file_path The path of certificate file to be loaded \n + * The only DER or PEM encoded certificate file is supported + * @param[out] cert The pointer of newly created #ckmc_cert_s handle + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed + * * @see ckmc_cert_free() * @see #ckmc_cert_s */ int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert); - /** - * @brief Creates a new @a ckmc_pkcs12_s handle and returns it. + * @brief Creates a new #ckmc_pkcs12_s handle and returns it. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks You must destroy the newly created @a ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it is no longer needed. - * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly returned ckmc_pkcs12_s. - * @param[in] private_key @a ckmc_key_s handle to the private key (optional) - * @param[in] cert @a ckmc_cert_s handle to the certificate (optional) - * @param[in] ca_cert_list @a ckmc_cert_list_s list of chain certificate handles (optional) - * @param[out] pkcs12_bundle The pointer to a newly created @a ckmc_pkcs12_s handle + * + * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it + * is no longer needed. + * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly + * returned ckmc_pkcs12_s. + * + * @param[in] private_key #ckmc_key_s handle to the private key (optional) + * @param[in] cert #ckmc_cert_s handle to the certificate (optional) + * @param[in] ca_cert_list #ckmc_cert_list_s list of chain certificate handles (optional) + * @param[out] pkcs12_bundle The pointer to a newly created #ckmc_pkcs12_s handle + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and ca_cert_list all are null - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and + * ca_cert_list all are null + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * * @see ckmc_pkcs12_free() - * @see ckmc_load_from_pkcs12_file() * @see ckmc_pkcs12_load() * @see #ckmc_key_s * @see #ckmc_cert_s * @see #ckmc_cert_list_s * @see #ckmc_pkcs12_s */ -int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert, ckmc_cert_list_s *ca_cert_list, ckmc_pkcs12_s **pkcs12_bundle); - +int ckmc_pkcs12_new(ckmc_key_s *private_key, + ckmc_cert_s *cert, + ckmc_cert_list_s *ca_cert_list, + ckmc_pkcs12_s **pkcs12_bundle); /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_pkcs12_load() instead] - * @brief Creates a new @a ckmc_key_s(private key), @a ckmc_cert_s(certificate), and - * @a ckmc_cert_list_s(CA certificates) handle from a given PKCS#12 file and returns them. + * @brief Creates a new #ckmc_key_s (@a private_key), #ckmc_cert_s (@a cert), and + * #ckmc_cert_list_s (@a ca_cert_list) handle from a given PKCS#12 file and returns them. + * * @since_tizen 2.3 - * @remarks You must destroy the newly created @a ckmc_key_s, @a ckmc_cert_s and - * @a ckmc_cert_list_s by calling ckmc_key_free(), ckmc_cert_free(), and + * + * @remarks You must destroy the newly created #ckmc_key_s, #ckmc_cert_s, and + * #ckmc_cert_list_s by calling ckmc_key_free(), ckmc_cert_free(), and * ckmc_cert_list_all_free() if they are no longer needed. - * @param[in] file_path The path of PKCS12 file to be loaded - * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n - * If PKCS12 file is not encrypted, passphrase can be null - * @param[out] private_key The pointer of newly created @a ckmc_key_s handle for a private key - * @param[out] cert The pointer of newly created @a ckmc_cert_s handle for a certificate \n - * It is null if the PKCS12 file does not contain a certificate - * @param[out] ca_cert_list The pointer of newly created @a ckmc_cert_list_s handle for CA certificates \n + * + * @param[in] file_path The path of PKCS12 file to be loaded + * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n + * If PKCS12 file is not encrypted, passphrase can be null + * @param[out] private_key The pointer of newly created #ckmc_key_s handle for a private key + * @param[out] cert The pointer of newly created #ckmc_cert_s handle for a certificate \n + * It is null if the PKCS12 file does not contain a certificate + * @param[out] ca_cert_list The pointer of newly created #ckmc_cert_list_s handle for CA + * certificates \n * It is null if the PKCS12 file does not contain CA certificates + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed + * * @see ckmc_pkcs12_new() * @see ckmc_pkcs12_load() * @see ckmc_key_free() @@ -505,166 +572,230 @@ int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert, ckmc_cert_list_s * @see #ckmc_cert_s * @see #ckmc_cert_list_s */ -int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **cert, ckmc_cert_list_s **ca_cert_list) +int ckmc_load_from_pkcs12_file(const char *file_path, + const char *passphrase, + ckmc_key_s **private_key, ckmc_cert_s **cert, + ckmc_cert_list_s **ca_cert_list) TIZEN_DEPRECATED_API; - /** - * @brief Creates a new @a ckmc_pkcs12_s handle from a given PKCS#12 file and returns it. + * @brief Creates a new #ckmc_pkcs12_s handle from a given PKCS#12 file and returns it. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks You must destroy the newly created @a ckmc_pkcs12_s by calling ckmc_pkcs12_free() if they are no longer needed. - * @param[in] file_path The path of PKCS12 file to be loaded - * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n - * If PKCS12 file is not encrypted, passphrase can be null - * @param[out] ca_cert_list The pointer of newly created @a ckmc_cert_list_s handle for CA certificates \n - * It is null if the PKCS12 file does not contain CA certificates + * + * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if + * they are no longer needed. + * + * @param[in] file_path The path of PKCS12 file to be loaded + * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n + * If PKCS12 file is not encrypted, passphrase can be null + * @param[out] pkcs12_bundle The pointer of newly created #ckmc_cert_list_s handle for CA + * certificates \n + * It is null if the PKCS12 file does not contain CA certificates + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed + * * @see ckmc_pkcs12_free() * @see #ckmc_pkcs12_s */ -int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_s **pkcs12_bundle); - +int ckmc_pkcs12_load(const char *file_path, + const char *passphrase, + ckmc_pkcs12_s **pkcs12_bundle); /** - * @brief Destroys the @a ckmc_pkcs12_s handle and releases all its resources. + * @brief Destroys the #ckmc_pkcs12_s handle and releases all its resources. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @param[in] pkcs12 The @a ckmc_pkcs12_s handle to destroy + * + * @param[in] pkcs12 The #ckmc_pkcs12_s handle to destroy + * * @see ckmc_pkcs12_new() * @see ckmc_pkcs12_load() */ void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12); - /** - * @brief Creates a new @a ckmc_alias_list_s handle and returns it. - * The alias pointer in the returned @a ckmc_alias_list_s handle points to the provided characters and next is null. + * @brief Creates a new #ckmc_alias_list_s handle and returns it. + * The alias pointer in the returned #ckmc_alias_list_s handle points to the provided + * characters and next is null. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks You must destroy the newly created @a ckmc_alias_list_s - * by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer needed. - * @param[in] alias The first item to be set in the newly created @a ckmc_alias_list_s - * @param[out] ppalias_list The pointer to a newly created @a ckmc_alias_list_s handle + * + * @remarks You must destroy the newly created #ckmc_alias_list_s + * by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer + * needed. + * + * @param[in] alias The first item to be set in the newly created #ckmc_alias_list_s + * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful + * + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list); - /** - * @brief Creates a new @a ckmc_alias_list_s handle, adds it to a previous @a ckmc_alias_list_s and returns it. - * The alias pointer in the returned @a ckmc_alias_list_s handle points to the provided characters and next is null. + * @brief Creates a new #ckmc_alias_list_s handle, adds it to a previous #ckmc_alias_list_s and + * returns it. The alias pointer in the returned #ckmc_alias_list_s handle points to the + * provided characters and next is null. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @param[in] previous The last @a ckmc_alias_list_s handle to which a newly created @a ckmc_alias_list_s is added - * @param[in] alias The item to be set in the newly created @a ckmc_alias_list_s - * @param[out] pplast The pointer to a newly created and added @a ckmc_alias_list_s handle + * + * @param[in] previous The last #ckmc_alias_list_s handle to which a newly created + * #ckmc_alias_list_s is added + * @param[in] alias The item to be set in the newly created #ckmc_alias_list_s + * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ -int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast); - +int ckmc_alias_list_add(ckmc_alias_list_s *previous, + char *alias, + ckmc_alias_list_s **pplast); /** - * @brief Destroys the @a ckmc_alias_list_s handle and releases resources of @a ckmc_alias_list_s from the provided first handle cascadingly. + * @brief Destroys the #ckmc_alias_list_s handle and releases resources of #ckmc_alias_list_s + * from the provided first handle cascadingly. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks It does not destroy an alias itself in @a ckmc_alias_list_s. - * @param[in] first The first @a ckmc_alias_list_s handle to destroy + * + * @remarks It does not destroy an alias itself in #ckmc_alias_list_s. + * + * @param[in] first The first #ckmc_alias_list_s handle to destroy + * * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ void ckmc_alias_list_free(ckmc_alias_list_s *first); - /** - * @brief Destroys the @a ckmc_alias_list_s handle and releases all its resources from the provided first handle cascadingly. + * @brief Destroys the #ckmc_alias_list_s handle and releases all its resources from the provided + * first handle cascadingly. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks It also destroys the alias in @a ckmc_alias_list_s. - * @param[in] first The first @a ckmc_alias_list_s handle to destroy + * + * @remarks It also destroys the alias in #ckmc_alias_list_s. + * + * @param[in] first The first #ckmc_alias_list_s handle to destroy + * * @see #ckmc_alias_list_s */ void ckmc_alias_list_all_free(ckmc_alias_list_s *first); - /** - * @brief Creates a new @a ckmc_cert_list_s handle and returns it. - * The cert pointer in the returned @a ckmc_cert_list_s handle points to the provided @a ckmc_cert_s and next is null. + * @brief Creates a new #ckmc_cert_list_s handle and returns it. + * The cert pointer in the returned #ckmc_cert_list_s handle points to the provided + * #ckmc_cert_s and next is null. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks You must destroy the newly created @a ckmc_cert_list_s by calling ckmc_cert_list_free() + * + * @remarks You must destroy the newly created #ckmc_cert_list_s by calling ckmc_cert_list_free() * or ckmc_cert_list_all_free() if it is no longer needed. - * @param[in] cert The first item to be set in the newly created @a ckmc_cert_list_s - * @param[out] ppalias_list The pointer to a newly created @a ckmc_alias_list_s handle + * + * @param[in] cert The first item to be set in the newly created #ckmc_cert_list_s + * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list); - /** - * @brief Creates a new @a ckmc_cert_list_s handle, adds it to a previous @a ckmc_cert_list_s and returns it. - * The cert pointer in the returned @a ckmc_alias_list_s handle points to the provided @a ckmc_cert_s and next is null. + * @brief Creates a new #ckmc_cert_list_s handle, adds it to a previous #ckmc_cert_list_s and + * returns it. The cert pointer in the returned #ckmc_alias_list_s handle points to the + * provided #ckmc_cert_s and next is null. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @param[in] previous The last @a ckmc_cert_list_s handle to which a newly created @a ckmc_cert_list_s is added - * @param[in] cert The item to be set in the newly created @a ckmc_cert_list_s - * @param[out] pplast The pointer to a newly created and added @a ckmc_alias_list_s handle + * + * @param[in] previous The last #ckmc_cert_list_s handle to which a newly created + * #ckmc_cert_list_s is added + * @param[in] cert The item to be set in the newly created #ckmc_cert_list_s + * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory + * * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ -int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast); - +int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, + ckmc_cert_list_s **pplast); /** - * @brief Destroys the @a ckmc_cert_list_s handle and releases resources of @a ckmc_cert_list_s from the provided first handle cascadingly. + * @brief Destroys the #ckmc_cert_list_s handle and releases resources of #ckmc_cert_list_s + * from the provided first handle cascadingly. + * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks It does not destroy @a ckmc_cert_s itself in @a ckmc_cert_list_s. - * @param[in] first The first @a ckmc_cert_list_s handle to destroy + * + * @remarks It does not destroy #ckmc_cert_s itself in #ckmc_cert_list_s. + * + * @param[in] first The first #ckmc_cert_list_s handle to destroy + * * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ void ckmc_cert_list_free(ckmc_cert_list_s *first); - /** - * @brief Destroys the @a ckmc_cert_list_s handle and releases all its resources from the provided first handle cascadingly. + * @brief Destroys the #ckmc_cert_list_s handle and releases all its resources from the provided + * first handle cascadingly. + * * @since_tizen 2.3 - * @remarks It also destroys @a ckmc_cert_s in @a ckmc_cert_list_s. - * @param[in] first The first @a ckmc_cert_list_s handle to destroy + * + * @remarks It also destroys #ckmc_cert_s in #ckmc_cert_list_s. + * + * @param[in] first The first #ckmc_cert_list_s handle to destroy + * * @see #ckmc_cert_list_s */ void ckmc_cert_list_all_free(ckmc_cert_list_s *first); - /** * @brief Creates new parameter list. + * * @since_tizen 3.0 + * * @remarks Caller is responsible for freeing it with ckmc_param_list_free(). - * @param[in] pparams Double pointer to the handle of param list to which the newly created algorithm param list will be assigned + * + * @param[in] pparams Double pointer to the handle of param list to which the + * newly created algorithm param list will be assigned + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() * @see ckmc_param_list_free() @@ -675,21 +806,27 @@ void ckmc_cert_list_all_free(ckmc_cert_list_s *first); */ int ckmc_param_list_new(ckmc_param_list_h *pparams); - /** * @brief Sets integer parameter to the list. + * * @since_tizen 3.0 - * @remarks Caller is responsible for @a ckmc_param_list_h creation. - * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() \n - * New param with @a name and @a value will be set here - * @param[in] name Name of parameter to set \n - * Existing parameter will be overwritten \n - * Passing invalid parameter name will result in an error - * @param[in] value Value of the parameter in form of an integer + * + * @remarks Caller is responsible for #ckmc_param_list_h creation. + * + * @param[in] params Algorithm param list handle created with + * ckmc_param_list_new() or ckmc_generate_new_params() \n + * New param with @a name and @a value will be set` here + * @param[in] name Name of parameter to set \n + * Existing parameter will be overwritten \n + * Passing invalid parameter name will result in an error + * @param[in] value Value of the parameter in form of a integer + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER nput parameter is invalid + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * * @see ckmc_param_list_new() * @see ckmc_param_list_set_buffer() * @see ckmc_param_list_get_integer() @@ -700,24 +837,32 @@ int ckmc_param_list_new(ckmc_param_list_h *pparams); * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_set_integer(ckmc_param_list_h params, ckmc_param_name_e name, uint64_t value); - +int ckmc_param_list_set_integer(ckmc_param_list_h params, + ckmc_param_name_e name, + uint64_t value); /** * @brief Sets buffer parameter to the list. + * * @since_tizen 3.0 - * @remarks Caller is responsible for @a ckmc_param_list_h creation. - * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() - * New param with @a name and @a buffer will be set here - * @param[in] name Name of parameter to set \n - * Existing parameter will be overwritten \n - * Passing invalid parameter name will result in an error - * @param[in] buffer Value of the parameter in the form of a buffer \n - * Caller is responsible for creating and freeing the buffer + * + * @remarks Caller is responsible for #ckmc_param_list_h creation. + * + * @param[in] params Algorithm param list handle created with + * ckmc_param_list_new() or ckmc_generate_new_params() + * New param with @a name and @a buffer will be set here + * @param[in] name Name of parameter to set \n + * Existing parameter will be overwritten \n + * Passing invalid parameter name will result in an error + * @param[in] buffer Value of the parameter in form of a buffer \n + * Caller is responsible for creating and freeing the buffer + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_get_integer() @@ -728,21 +873,29 @@ int ckmc_param_list_set_integer(ckmc_param_list_h params, ckmc_param_name_e name * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_set_buffer(ckmc_param_list_h params, ckmc_param_name_e name, const ckmc_raw_buffer_s *buffer); - +int ckmc_param_list_set_buffer(ckmc_param_list_h params, + ckmc_param_name_e name, + const ckmc_raw_buffer_s *buffer); /** * @brief Gets integer parameter from the list. + * * @since_tizen 3.0 - * @remarks Caller is responsible for @a ckmc_param_list_h creation. - * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() - * which contains param with @a name - * @param[in] name Name of parameter to get - * @param[out] pvalue Value of the parameter in the form of an integer + * + * @remarks Caller is responsible for #ckmc_param_list_h creation. + * + * @param[in] params Algorithm param list handle created with + * ckmc_param_list_new() or ckmc_generate_new_params() + * which contains param with @a name + * @param[in] name Name of parameter to get + * @param[out] pvalue Value of the parameter in form of a integer + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -754,22 +907,30 @@ int ckmc_param_list_set_buffer(ckmc_param_list_h params, ckmc_param_name_e name, * @see #ckmc_algo_type_e */ -int ckmc_param_list_get_integer(ckmc_param_list_h params, ckmc_param_name_e name, uint64_t *pvalue); - +int ckmc_param_list_get_integer(ckmc_param_list_h params, + ckmc_param_name_e name, + uint64_t *pvalue); /** * @brief Gets buffer parameter from the list. + * * @since_tizen 3.0 - * @remarks Caller is responsible for @a ckmc_param_list_h creation. - * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() - * which contains param with @a name - * @param[in] name Name of parameter to get + * + * @remarks Caller is responsible for #ckmc_param_list_h creation. + * + * @param[in] params Algorithm param list handle created with + * ckmc_param_list_new() or ckmc_generate_new_params() + * which contains param with @a name + * @param[in] name Name of parameter to get * @param[out] ppbuffer Value of the parameter in form of a buffer \n * Caller is responsible for creating and freeing the buffer + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -781,13 +942,17 @@ int ckmc_param_list_get_integer(ckmc_param_list_h params, ckmc_param_name_e name * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_get_buffer(ckmc_param_list_h params, ckmc_param_name_e name, ckmc_raw_buffer_s **ppbuffer); - +int ckmc_param_list_get_buffer(ckmc_param_list_h params, + ckmc_param_name_e name, + ckmc_raw_buffer_s **ppbuffer); /** * @brief Frees previously allocated list of algorithm params. + * * @since_tizen 3.0 - * @param[in] first First element of the list to be freed + * + * @param[in] params First element of the list to be freed + * * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -800,21 +965,26 @@ int ckmc_param_list_get_buffer(ckmc_param_list_h params, ckmc_param_name_e name, */ void ckmc_param_list_free(ckmc_param_list_h params); - /** * @brief Generates algorithm parameters for a given algorithm type and set them to the list. + * * @since_tizen 3.0 - * @remarks Caller is responsible for @a ckmc_param_list_h destruction. + * + * @remarks Caller is responsible for #ckmc_param_list_h destruction. * @remarks Algorithm parameters are set to default values. Optional fields are left empty. - * Initialization vectors are left empty (they have to be set manually). - * Caller is responsible for freeing the list with ckmc_param_list_free(). + * Initialization vectors are left empty (they have to be set manually). Caller is + * responsible for freeing the list with ckmc_param_list_free(). * @remarks If the function returns error, provided param list may contain some of default parameters. - * @param[in] type Type of the algorithm - * @param[out] pparams Newly generated handle of param list which should be freed by caller after use + * + * @param[in] type Type of the algorithm + * @param[out] pparams Newly generated handle of param list which should be freed by caller after used + * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -827,7 +997,6 @@ void ckmc_param_list_free(ckmc_param_list_h params); */ int ckmc_generate_new_params(ckmc_algo_type_e type, ckmc_param_list_h *pparams); - /** * @} */ -- 2.7.4 From edf7e603070dedac237898a9c60ec5205a44d4d3 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Thu, 5 Jan 2017 20:11:57 +0900 Subject: [PATCH 03/16] Apply the reviewed API documentation Change-Id: Ifab4e5d251ce90642b07a5c5274adcf58e3083f7 Signed-off-by: Dongsun Lee --- src/include/ckmc/ckmc-control.h | 20 +- src/include/ckmc/ckmc-error.h | 81 +-- src/include/ckmc/ckmc-manager.h | 1212 ++++++++++++++------------------------- src/include/ckmc/ckmc-type.h | 786 ++++++++++--------------- 4 files changed, 806 insertions(+), 1293 deletions(-) diff --git a/src/include/ckmc/ckmc-control.h b/src/include/ckmc/ckmc-control.h index cec7569..687deb1 100644 --- a/src/include/ckmc/ckmc-control.h +++ b/src/include/ckmc/ckmc-control.h @@ -1,17 +1,17 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License * * * @file ckmc-control.h diff --git a/src/include/ckmc/ckmc-error.h b/src/include/ckmc/ckmc-error.h index 082c887..defd187 100644 --- a/src/include/ckmc/ckmc-error.h +++ b/src/include/ckmc/ckmc-error.h @@ -1,73 +1,82 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License * - * @file ckmc-error.h + * @file ckmc-error.h * @version 1.0 - * @brief This file contains error codes of the Key Manager. + * @brief This file contains error codes of the Key Manager. */ + + #ifndef __TIZEN_CORE_CKMC_ERROR_H_ #define __TIZEN_CORE_CKMC_ERROR_H_ + #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_KEY_MANAGER_TYPES_MODULE * @{ */ + /** * @brief Enumeration for Key Manager Errors. * @since_tizen 2.3 */ typedef enum { - CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ - CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ - CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ - CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ - CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ - - CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ - CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ - CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */ - CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */ - CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */ - CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Optional password which used when saving is incorrect */ - CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */ - CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */ - CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */ - CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */ - CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */ - CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */ - CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */ - CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */ - CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */ - CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< The data is saved as unexportable so it cannot be leaked */ - CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */ - CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */ + CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ + CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ + CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ + CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ + CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ + + CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ + CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ + CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */ + CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */ + CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */ + CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Optional password which used when saving is incorrect */ + CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */ + CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */ + CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */ + CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */ + CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */ + CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */ + CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */ + CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */ + CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */ + CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< The data is saved as unexportable so it cannot be leaked */ + CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */ + CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */ } key_manager_error_e; + /** * @} */ + #ifdef __cplusplus } #endif + #endif /* __TIZEN_CORE_CKMC_ERROR_H_ */ diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index 1898129..1ed88bf 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -1,39 +1,42 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License * * - * @file ckmc-manager.h - * @version 1.0 - * @brief Provides management functions(storing, retrieving, and removing) for keys, - * certificates and data of a user and additional crypto functions. + * @file ckmc-manager.h + * @version 1.0 + * @brief Provides management functions(storing, retrieving, and removing) for keys, + * certificates and data of a user and additional crypto functions. */ #ifndef __TIZEN_CORE_CKMC_MANAGER_H #define __TIZEN_CORE_CKMC_MANAGER_H + #include #include #include #include #include + #ifdef __cplusplus extern "C" { #endif + /** * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE * @{ @@ -42,74 +45,51 @@ extern "C" { /** * @brief Stores a key inside key manager based on the provided policy. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks Currently API supports seven types of keys. These are RSA public/private key, - * DSA public/private key, ECDSA public/private key and AES symmetric key. - * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside - * key manager during storing keys. - * @remarks Some private key files are protected by a password. If raw_key in key read from those - * encrypted files is encrypted with a password, the password should be provided in the - * #ckmc_key_s structure. - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] alias The name of a key to be stored - * @param[in] key The key's binary value to be stored - * @param[in] policy The policy about how to store a key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks Currently API supports seven types of keys. These are RSA public/private key, DSA public/private key, ECDSA public/private key, and AES symmetric key. + * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys. + * @remarks Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the #ckmc_key_s structure. + * @remarks If password in policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] alias The name of a key to be stored + * @param[in] key The key's binary value to be stored + * @param[in] policy The policy about how to store a key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_key() * @see ckmc_get_key_alias_list() * @see #ckmc_key_s * @see #ckmc_policy_s */ -int ckmc_save_key(const char *alias, const ckmc_key_s key, - const ckmc_policy_s policy); +int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a key from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove key, client must have remove permission to the specified key. * @remarks The key owner can remove by default. - * * @param[in] alias The name of a key to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_get_key() * @see ckmc_get_key_alias_list() @@ -117,72 +97,53 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, int ckmc_remove_key(const char *alias) TIZEN_DEPRECATED_API; + /** * @brief Gets a key from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no - * longer needed. - * - * @param[in] alias The name of a key to retrieve - * @param[in] password The password used in decrypting a key value \n - * If password of policy is provided in ckmc_save_key(), the same password - * should be provided. - * @param[out] ppkey The pointer to a newly created ckmc_key_s handle - * + * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no longer needed. + * @param[in] alias The name of a key to retrieve + * @param[in] password The password used in decrypting a key value \n + * If password of policy is provided in ckmc_save_key(), the same password should be provided + * @param[out] ppkey The pointer to a newly created ckmc_key_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect. - * + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_remove_alias() * @see ckmc_get_key_alias_list() */ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey); + /** * @brief Gets all the alias of keys that the client can access. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() * if it is no longer needed. - * - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all - * available alias of keys \n - * If there is no available key alias, *ppalias_list will be null. - * + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all + * available alias of keys \n + * If there is no available key alias, *ppalias_list will be null * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_remove_alias() * @see ckmc_get_key() @@ -191,69 +152,50 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s **ppalias_list); - /** * @brief Stores a certificate inside key manager based on the provided policy. - * * @since_tizen 2.3 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0 - * - * @remarks the certificate's binary value will be converted and saved as binary DER encoded - * certificates. - * - * @param[in] alias The name of a certificate to be stored - * @param[in] cert The certificate's binary value to be stored + * @remarks The certificate's binary value will be converted and saved as binary DER encoded certificates. + * @param[in] alias The name of a certificate to be stored + * @param[in] cert The certificate's binary value to be stored * @param[in] policy The policy about how to store a certificate securely - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_cert() * @see ckmc_get_cert_alias_list() * @see #ckmc_cert_s * @see #ckmc_policy_s */ -int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, - const ckmc_policy_s policy); +int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a certificate from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove certificate, client must have remove permission to the specified certificate. * @remarks The key owner can remove by default. - * * @param[in] alias The name of a certificate to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_cert() * @see ckmc_get_cert() * @see ckmc_get_cert_alias_list() @@ -261,74 +203,53 @@ int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, int ckmc_remove_cert(const char *alias) TIZEN_DEPRECATED_API; + /** * @brief Gets a certificate from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only certificate stored by the client. * @remarks A DER encoded certificate will be returned as a return value. - * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no - * longer needed. - * - * @param[in] alias The name of a certificate to retrieve + * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no longer needed. + * @param[in] alias The name of a certificate to retrieve * @param[in] password The password used in decrypting a certificate value \n * If password of policy is provided in ckmc_save_cert(), the same password - * should be provided. - * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle - * + * should be provided + * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect. - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_cert() * @see ckmc_remove_alias() * @see ckmc_get_cert_alias_list() */ -int ckmc_get_cert(const char *alias, const char *password, - ckmc_cert_s **ppcert); +int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert); + /** * @brief Gets all alias of certificates which the client can access. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() - * if it is no longer needed. - * - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all - * available alias of keys \n - * If there is no available key alias, *ppalias_list will be null. - * + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed. + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n + * If there is no available key alias, *ppalias_list will be null * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_cert() * @see ckmc_remove_alias() * @see ckmc_get_cert() @@ -336,34 +257,23 @@ int ckmc_get_cert(const char *alias, const char *password, int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list); - - /** - * @brief Stores PKCS12's contents inside key manager based on the provided policies. - * All items from the PKCS12 will use the same alias. - * + * @brief Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @param[in] alias The name of a data to be stored - * @param[in] pkcs Pointer to the pkcs12 structure to be saved - * @param[in] key_policy The policy about how to store pkcs's private key - * @param[in] cert_policy The policy about how to store pkcs's certificate - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @param[in] alias The name of a data to be stored + * @param[in] pkcs Pointer to the pkcs12 structure to be saved + * @param[in] key_policy The policy about how to store pkcs's private key + * @param[in] cert_policy The policy about how to store pkcs's certificate * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_pkcs12() * @see ckmc_get_data_alias_list() @@ -371,108 +281,77 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list); * @see #ckmc_pkcs12_s * @see #ckmc_policy_s */ -int ckmc_save_pkcs12(const char *alias, - const ckmc_pkcs12_s *pkcs, - const ckmc_policy_s key_policy, - const ckmc_policy_s cert_policy); +int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *pkcs, const ckmc_policy_s key_policy,const ckmc_policy_s cert_policy); + /** * @brief Gets a pkcs12 from key manager. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no - * longer needed. - * - * @param[in] alias The name of a data to retrieve - * @param[in] key_password Password that was used to encrypt privateKey (may be NULL) - * @param[in] cert_password Password used to encrypt certificates (may be NULL) - * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle - * + * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no longer needed. + * @param[in] alias The name of a data to retrieve + * @param[in] key_password Password that was used to encrypt privateKey (may be NULL) + * @param[in] cert_password Password used to encrypt certificates (may be NULL) + * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * key_password or cert_password does not match with password - * used to encrypt data - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED key_password or cert_password does not match with password used to encrypt data * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_pkcs12() * @see ckmc_remove_alias() */ -int ckmc_get_pkcs12(const char *alias, const char *key_password, - const char *cert_password, ckmc_pkcs12_s **pkcs12); +int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12); + /** * @brief Stores a data inside key manager based on the provided policy. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @param[in] alias The name of a data to be stored - * @param[in] data The binary value to be stored + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @param[in] alias The name of a data to be stored + * @param[in] data The binary value to be stored * @param[in] policy The policy about how to store a data securely - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_remove_alias() * @see ckmc_get_data() * @see ckmc_get_data_alias_list() * @see #ckmc_raw_buffer_s * @see #ckmc_policy_s */ -int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, - const ckmc_policy_s policy); +int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead] * @brief Removes a data from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove data, client must have remove permission to the specified data object. * @remarks The data owner can remove by default. - * * @param[in] alias The name of a data to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_data() * @see ckmc_get_data() * @see ckmc_get_data_alias_list() @@ -480,72 +359,52 @@ int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, int ckmc_remove_data(const char *alias) TIZEN_DEPRECATED_API; + /** * @brief Gets a data from key manager. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no - * longer needed. - * - * @param[in] alias The name of a data to retrieve - * @param[in] password The password used in decrypting a data value \n - * If password of policy is provided in ckmc_save_data(), the same password - * should be provided. - * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle - * + * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no longer needed. + * @param[in] alias The name of a data to retrieve + * @param[in] password The password used in decrypting a data value \n + * If password of policy is provided in ckmc_save_data(), the same password + * should be provided + * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect. + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_data() * @see ckmc_remove_alias() * @see ckmc_get_data_alias_list() */ -int ckmc_get_data(const char *alias, const char *password, - ckmc_raw_buffer_s **ppdata); +int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata); + /** * @brief Gets all alias of data which the client can access. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks A client can access only data stored by the client. - * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() - * if it is no longer needed. - * - * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all - * available alias of keys \n - * If there is no available key alias, *ppalias_list will be null. - * + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed. + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n + * If there is no available key alias, *ppalias_list will be null * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_data() * @see ckmc_remove_alias() * @see ckmc_get_data() @@ -553,205 +412,139 @@ int ckmc_get_data(const char *alias, const char *password, int ckmc_get_data_alias_list(ckmc_alias_list_s **ppalias_list); - - /** - * @brief Creates RSA private/public key pair and stores them inside key manager based on each - * policy. - * + * @brief Creates RSA private/public key pair and stores them inside key manager based on each policy. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] size The size of key strength to be created \n - * @c 1024, @c 2048, and @c 4096 are supported - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] size The size of key strength to be created \n + * @c 1024, @c 2048, and @c 4096 are supported + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_dsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() */ -int ckmc_create_key_pair_rsa(const size_t size, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key); +int ckmc_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); + /** - * @brief Creates DSA private/public key pair and stores them inside key manager based on each - * policy. - * + * @brief Creates DSA private/public key pair and stores them inside key manager based on each policy. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] size The size of key strength to be created \n - * @c 1024, @c 2048, @c 3072 and @c 4096 are supported - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] size The size of key strength to be created \n + * @c 1024, @c 2048, @c 3072 and @c 4096 are supported + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() */ -int ckmc_create_key_pair_dsa(const size_t size, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key); +int ckmc_create_key_pair_dsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); + /** - * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each - * policy. - * + * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each policy. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] type The type of elliptic curve of ECDSA - * @param[in] private_key_alias The name of private key to be stored - * @param[in] public_key_alias The name of public key to be stored - * @param[in] policy_private_key The policy about how to store a private key securely - * @param[in] policy_public_key The policy about how to store a public key securely - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] type The type of elliptic curve of ECDSA + * @param[in] private_key_alias The name of private key to be stored + * @param[in] public_key_alias The name of public key to be stored + * @param[in] policy_private_key The policy about how to store a private key securely + * @param[in] policy_public_key The policy about how to store a public key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_dsa() * @see ckmc_create_signature() * @see ckmc_verify_signature() * @see #ckmc_ec_type_e */ -int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key); +int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key); + /** * @brief Creates AES key and stores it inside key manager based on the policy. - * * @since_tizen 3.0 - * - * @remarks If password in policy is provided, the key is additionally encrypted with the password - * in policy. - * - * @param[in] size The size of key strength to be created \n - * @c 128, @c 192 and @c 256 are supported - * @param[in] key_alias The name of key to be stored - * @param[in] key_policy The policy about how to store the key securely - * + * @remarks If password in the policy is provided, the key is additionally encrypted with the password in the policy. + * @param[in] size The size of key strength to be created \n + * @c 128, @c 192 and @c 256 are supported + * @param[in] key_alias The name of key to be stored + * @param[in] key_policy The policy about how to store the key securely * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists - * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists + * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_dsa() * @see ckmc_create_key_pair_ecdsa() * @see #ckmc_policy_s */ -int ckmc_create_key_aes(size_t size, - const char *key_alias, - ckmc_policy_s key_policy); +int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_policy); + /** * @brief Creates a signature on a given message using a private key and returns the signature. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password of policy is provided during storing a key, the same password should be - * provided. - * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is - * no longer needed. - * - * @param[in] private_key_alias The name of private key - * @param[in] password The password used in decrypting a private key value - * @param[in] message The message that is signed with a private key - * @param[in] hash The hash algorithm used in creating signature - * @param[in] padding The RSA padding algorithm used in creating signature \n - * It is used only when the signature algorithm is RSA - * @param[out] ppsignature The pointer to a newly created signature \n - * If an error occurs, @a *ppsignature will be null - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password of policy is provided during storing a key, the same password should be provided. + * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is no longer needed. + * @param[in] private_key_alias The name of private key + * @param[in] password The password used in decrypting a private key value + * @param[in] message The message that is signed with a private key + * @param[in] hash The hash algorithm used in creating signature + * @param[in] padding The RSA padding algorithm used in creating signature \n + * It is used only when the signature algorithm is RSA + * @param[out] ppsignature The pointer to a newly created signature \n + * If an error occurs, @a *ppsignature will be null * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_verify_signature() @@ -759,344 +552,233 @@ int ckmc_create_key_aes(size_t size, * @see #ckmc_hash_algo_e * @see #ckmc_rsa_padding_algo_e */ -int ckmc_create_signature(const char *private_key_alias, - const char *password, - const ckmc_raw_buffer_s message, - const ckmc_hash_algo_e hash, - const ckmc_rsa_padding_algo_e padding, - ckmc_raw_buffer_s **ppsignature); +int ckmc_create_signature(const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature); + /** - * @brief Verifies a given signature on a given message using a public key and returns the signature - * status. - * + * @brief Verifies a given signature on a given message using a public key and returns the signature status. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If password of policy is provided during storing a key, the same password should be - * provided. - * - * @param[in] public_key_alias The name of public key - * @param[in] password The password used in decrypting a public key value - * @param[in] message The input on which the signature is created - * @param[in] signature The signature that is verified with public key - * @param[in] hash The hash algorithm used in verifying signature - * @param[in] padding The RSA padding algorithm used in verifying signature \n - * It is used only when the signature algorithm is RSA - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If password of policy is provided during storing a key, the same password should be provided. + * @param[in] public_key_alias The name of public key + * @param[in] password The password used in decrypting a public key value + * @param[in] message The input on which the signature is created + * @param[in] signature The signature that is verified with public key + * @param[in] hash The hash algorithm used in verifying signature + * @param[in] padding The RSA padding algorithm used in verifying signature \n + * It is used only when the signature algorithm is RSA * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_ecdsa() * @see ckmc_verify_signature() * @see #ckmc_hash_algo_e * @see #ckmc_rsa_padding_algo_e */ -int ckmc_verify_signature(const char *public_key_alias, - const char *password, - const ckmc_raw_buffer_s message, - const ckmc_raw_buffer_s signature, - const ckmc_hash_algo_e hash, - const ckmc_rsa_padding_algo_e padding); +int ckmc_verify_signature(const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding); + /** * @brief Verifies a certificate chain and returns that chain. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks The trusted root certificate of the chain should exist in the system's certificate - * storage. - * @remarks You must destroy the newly created @a ppcert_chain_list by calling - * ckmc_cert_list_all_free() if it is no longer needed. - * - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate - * chain + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks The trusted root certificate of the chain should exist in the system's certificate storage. + * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed. + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null - * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Decryption failed because password is incorrect - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain(const ckmc_cert_s *cert, - const ckmc_cert_list_s *untrustedcerts, - ckmc_cert_list_s **ppcert_chain_list); +int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_get_cert_chain() instead] - * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that - * chain. - * + * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that chain. * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks The trusted root certificate of the chain should exist in the system's certificate - * storage. - * @remarks You must destroy the newly created @a ppcert_chain_list by calling - * ckmc_cert_list_all_free() if it is no longer needed. + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks The trusted root certificate of the chain should exist in the system's certificate storage. + * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed. * @remarks @a untrustedcerts shouldn't be protected with optional password. - * - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager - * to be used in verifying a certificate chain + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null - * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Some certificates were encrypted with password and could not - * be used - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Some certificates were encrypted with password and could not be used * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_get_cert_chain() * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, - const ckmc_alias_list_s *untrustedcerts, - ckmc_cert_list_s **ppcert_chain_list) -TIZEN_DEPRECATED_API; +int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) TIZEN_DEPRECATED_API; + /** - * @brief Verifies a certificate chain and returns that chain using user entered trusted and - * untrusted CA certificates. - * + * @brief Verifies a certificate chain and returns that chain using user-entered, trusted, and untrusted CA certificates. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * - * @remarks If the trusted root certificates are provided as a user input, these certificates do not - * need to exist in the system's certificate storage. - * @remarks You must destroy the newly created @a ppcert_chain_list by calling - * ckmc_cert_list_all_free() if it is no longer needed. - * - * @param[in] cert The certificate to be verified - * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a - * certificate chain - * @param[in] trustedcerts The trusted CA certificates to be used in verifying a - * certificate chain - * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates - * in the system's certificate storage + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. + * @remarks If the trusted root certificates are provided as a user input, these certificates do not need to exist in the system's certificate storage. + * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed. + * @param[in] cert The certificate to be verified + * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain + * @param[in] trustedcerts The trusted CA certificates to be used in verifying a certificate chain + * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates in the system's certificate storage * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n * If an error occurs, @a *ppcert_chain_list will be null - * * @return @c 0 on success and the signature is valid, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_cert_list_all_free() */ -int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert, - const ckmc_cert_list_s *untrustedcerts, - const ckmc_cert_list_s *trustedcerts, - const bool use_trustedsystemcerts, - ckmc_cert_list_s **ppcert_chain_list); +int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, const ckmc_cert_list_s *trustedcerts, const bool use_trustedsystemcerts, ckmc_cert_list_s **ppcert_chain_list); + /** - * @brief Perform OCSP which checks certificate is whether revoked or not. - * + * @brief Perform OCSP that checks certificate is whether revoked or not. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif * @privlevel public * @privilege %http://tizen.org/privilege/internet - * - * @remarks %http://tizen.org/privilege/internet (public level privilege) is required - * to use this API instead of %http://tizen.org/privilege/keymanager (public - * level privilege) since 3.0. - * - * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check - * @param[out] ocsp_status The pointer to status result of OCSP check - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported - * + * @remarks %http://tizen.org/privilege/internet (public level privilege) is required to use this API instead of %http://tizen.org/privilege/keymanager (public level privilege) since 3.0. + * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check + * @param[out] ocsp_status The pointer to status result of OCSP check + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported * @pre User is already logged in and the user key is already loaded into memory in plain text form. * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or * ckmc_get_certificate_chain_with_alias(). - * * @see ckmc_get_cert_chain()) * @see ckmc_cert_list_all_free() */ -int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, - ckmc_ocsp_status_e *ocsp_status); +int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead] * @brief Allows another application to access client's application data. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks Data identified by @a alias should exist. - * - * @param[in] alias Data alias for which access will be granted - * @param[in] accessor Package id of the application that will gain access rights - * @param[in] granted Rights granted for @a accessor application - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @param[in] alias Data alias for which access will be granted + * @param[in] accessor Package id of the application that will gain access rights + * @param[in] granted Rights granted for @a accessor application + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_deny_access() */ -int ckmc_allow_access(const char *alias, const char *accessor, - ckmc_access_right_e granted) -TIZEN_DEPRECATED_API; +int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted) TIZEN_DEPRECATED_API; + /** * @brief Allows another application to access client's application data. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks Data identified by @a alias should exist. - * - * @param[in] alias Data alias for which access will be granted - * @param[in] accessor Package id of the application that will gain access rights + * @param[in] alias Data alias for which access will be granted + * @param[in] accessor Package id of the application that will gain access rights * @param[in] permissions Mask of permissions granted for @a accessor application * (#ckmc_permission_e) * (previous permission mask will be replaced with the new mask value) - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. */ -int ckmc_set_permission(const char *alias, const char *accessor, - int permissions); +int ckmc_set_permission(const char *alias, const char *accessor, int permissions); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead] * @brief Revokes another application's access to client's application data. - * * @since_tizen 2.3 - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks Data identified by @a alias should exist. * @remarks Only access previously granted with ckmc_allow_access can be revoked. - * - * @param[in] alias Data alias for which access will be revoked - * @param[in] accessor Package id of the application that will lose access rights - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't - * have access to @a alias - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * + * @param[in] alias Data alias for which access will be revoked + * @param[in] accessor Package id of the application that will lose access rights + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't have access to @a alias + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_allow_access() * @see ckmc_set_permission() */ -int ckmc_deny_access(const char *alias, const char *accessor) -TIZEN_DEPRECATED_API; +int ckmc_deny_access(const char *alias, const char *accessor) TIZEN_DEPRECATED_API; + /** - * @brief Removes a an entry (no matter of type) from the key manager. - * + * @brief Removes an entry (no matter of type) from the key manager. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer - * required to use this API since 3.0. - * + * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. * @remarks To remove item, client must have remove permission to the specified item. * @remarks The item owner can remove by default. - * * @param[in] alias Item alias to be removed - * * @return @c 0 on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_save_key() * @see ckmc_save_cert() * @see ckmc_save_data() @@ -1107,44 +789,35 @@ TIZEN_DEPRECATED_API; */ int ckmc_remove_alias(const char *alias); + /** * @brief Encrypts data using selected key and algorithm. - * * @since_tizen 3.0 - * * @remarks Key identified by @a key_alias should exist. - * - * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and - * #ckmc_algo_type_e for details - * @param[in] key_alias Alias of the key to be used for encryption - * @param[in] password The password used in decrypting a key value \n - * If password of policy is provided in ckmc_save_key(), the same - * password should be provided - * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no - * restrictions on the size of data. For RSA the size must be smaller - * or equal to key size in bytes - 42. Example: for 1024 RSA key the - * maximum data size is 1024/8 - 42 = 86. - * @param[out] ppencrypted Encrypted data (some algorithms may return additional information - * embedded in encrypted data. AES GCM is an example) \n - * The caller is responsible for freeing @a encrypted with - * ckmc_buffer_free() - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid - * mandatory algorithm parameter, decrypted = NULL, - * ppencrypted = NULL) - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Key decryption failed because password is incorrect - * + * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and + * #ckmc_algo_type_e for details + * @param[in] key_alias Alias of the key to be used for encryption + * @param[in] password The password used in decrypting a key value \n + * If password of the policy is provided in ckmc_save_key(), the same + * password should be provided + * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no restrictions on the size of data. + * For RSA the size must be smaller or equal to key size in bytes - 42. + * Example: for 1024 RSA key the maximum data size is 1024/8 - 42 = 86 + * @param[out] ppencrypted Encrypted data (some algorithms may return additional information embedded in encrypted data. + * AES GCM is an example) \n + * The caller is responsible for freeing @a encrypted with ckmc_buffer_free() + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, decrypted = NULL, + * ppencrypted = NULL) + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_buffer_free() * @see ckmc_param_list_new() * @see ckmc_param_list_free() @@ -1155,48 +828,33 @@ int ckmc_remove_alias(const char *alias); * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_encrypt_data(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s decrypted, - ckmc_raw_buffer_s **ppencrypted); +int ckmc_encrypt_data(ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s decrypted, ckmc_raw_buffer_s **ppencrypted); + /** * @brief Decrypts data using selected key and algorithm. - * * @since_tizen 3.0 - * * @remarks Key identified by @a key_alias should exist. - * - * @param[in] params Algorithm parameter list handle. You should use the same parameters - * that were used for encryption. See #ckmc_param_list_h and - * #ckmc_algo_type_e for details - * @param[in] key_alias Alias of the key to be used for encryption - * @param[in] password The password used in decrypting a key value \n - * If password of policy is provided in ckmc_save_key(), the same - * password should be provided - * @param[in] encrypted Data to be decrypted (some algorithms may require additional - * information embedded in encrypted data. AES GCM is an example) - * @param[out] ppdecrypted Decrypted data \n - * The caller is responsible for freeing @a decrypted with - * ckmc_buffer_free() - * - * @return @c 0 on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid - * mandatory algorithm parameter, encrypted = NULL, - * ppdecrypted = NULL) - * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged - * in) - * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason - * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist - * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager - * @retval #CKMC_ERROR_AUTHENTICATION_FAILED - * Key decryption failed because password is incorrect - * + * @param[in] params Algorithm parameter list handle. You should use the same parameters that were used for encryption. + * See #ckmc_param_list_h and #ckmc_algo_type_e for details + * @param[in] key_alias Alias of the key to be used for encryption + * @param[in] password The password used in decrypting a key value \n + * If password of the policy is provided in ckmc_save_key(), the same password should be provided + * @param[in] encrypted Data to be decrypted (some algorithms may require additional information embedded in encrypted data. AES GCM is an example) + * @param[out] ppdecrypted Decrypted data \n + * The caller is responsible for freeing @a decrypted with ckmc_buffer_free() + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, encrypted = NULL, + * ppdecrypted = NULL) + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect * @pre User is already logged in and the user key is already loaded into memory in plain text form. - * * @see ckmc_buffer_free() * @see ckmc_param_list_new() * @see ckmc_param_list_free() @@ -1207,16 +865,14 @@ int ckmc_encrypt_data(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_decrypt_data(ckmc_param_list_h params, - const char *key_alias, - const char *password, - const ckmc_raw_buffer_s encrypted, - ckmc_raw_buffer_s **ppdecrypted); +int ckmc_decrypt_data(ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s encrypted, ckmc_raw_buffer_s **ppdecrypted); + #ifdef __cplusplus } #endif + /** * @} */ diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h index 86e99fe..949fbec 100644 --- a/src/include/ckmc/ckmc-type.h +++ b/src/include/ckmc/ckmc-type.h @@ -1,31 +1,34 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License * * - * @file ckmc-type.h - * @version 1.0 - * @brief Definitions of struct for the Key Manager's CAPI and their utility functions. + * @file ckmc-type.h + * @version 1.0 + * @brief Definitions of struct for the Key Manager's CAPI and their utility functions. */ + #ifndef __TIZEN_CORE_CKMC_TYPE_H #define __TIZEN_CORE_CKMC_TYPE_H + #include #include #include + #define KEY_MANAGER_CAPI __attribute__((visibility("default"))) @@ -33,251 +36,258 @@ extern "C" { #endif + /** * @addtogroup CAPI_KEY_MANAGER_TYPES_MODULE * @{ */ + /* * Note: on tizen 3.0 owner id is equal to pkgId. * Preinstalled system(uid < 5000) and user (uid >= 5000) applications - * does not have any pkgId. Thats why ckm uses special "virtual" + * does not have any pkgId. That's why ckm uses special "virtual" * pkgid for them. The virtual strings are defined under: - * ckmc_owner_id_system + * ckmc_owner_id_system */ + /** * @deprecated Deprecated since 3.0. [Use ckmc_owner_id_separator instead] * @brief Separator between alias and label. - * * @since_tizen 2.3 - * * @remarks Alias can be provided as an alias alone, or together with label - in this * case, separator " " (space bar) is used to separate label and alias. - * * @see #ckmc_owner_id_separator */ KEY_MANAGER_CAPI extern char const *const ckmc_label_name_separator; + /** * @brief Separator between alias and owner id. - * * @since_tizen 3.0 - * * @remarks Alias can be provided as an alias alone, or together with owner id. * In this case, separator " " (space bar) is used to separate id and alias. - * * @see ckmc_alias_new() */ KEY_MANAGER_CAPI extern char const *const ckmc_owner_id_separator; + /** * @brief The owner of system database. - * * @since_tizen 3.0 - * - * @remarks #ckmc_owner_id_system constains id connected with all system applications - * that run with uid less than 5000. - * @remarks Client should use #ckmc_owner_id_system to access data owned by system - * application and stored in system database. - * @remarks Client must have permission to access proper row. - * + * @remarks #ckmc_owner_id_system constains id connected with all system applications that run with uid less than 5000. + * Client should use #ckmc_owner_id_system to access data owned by system application and stored in system database. + * Client must have permission to access proper row. * @see ckmc_alias_new() */ KEY_MANAGER_CAPI extern char const *const ckmc_owner_id_system; + /** * @brief Enumeration for key types of key manager. * @since_tizen 2.3 */ typedef enum __ckmc_key_type { - CKMC_KEY_NONE = 0, /**< Key type not specified */ - CKMC_KEY_RSA_PUBLIC, /**< RSA public key */ - CKMC_KEY_RSA_PRIVATE, /**< RSA private key */ - CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */ - CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */ - CKMC_KEY_DSA_PUBLIC, /**< DSA public key */ - CKMC_KEY_DSA_PRIVATE, /**< DSA private key */ - CKMC_KEY_AES, /**< AES key */ + CKMC_KEY_NONE = 0, /**< Key type not specified */ + CKMC_KEY_RSA_PUBLIC, /**< RSA public key */ + CKMC_KEY_RSA_PRIVATE, /**< RSA private key */ + CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */ + CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */ + CKMC_KEY_DSA_PUBLIC, /**< DSA public key */ + CKMC_KEY_DSA_PRIVATE, /**< DSA private key */ + CKMC_KEY_AES, /**< AES key */ } ckmc_key_type_e; + /** * @brief Enumeration for data format. * @since_tizen 2.3 */ typedef enum __ckmc_data_format { - CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */ - CKMC_FORM_DER, /**< DER encoded data */ - CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded - with additional header and footer lines. */ + CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */ + CKMC_FORM_DER, /**< DER encoded data */ + CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded + with additional header and footer lines. */ } ckmc_data_format_e; + /** * @brief Enumeration for elliptic curve. * @since_tizen 2.3 */ typedef enum __ckmc_ec_type { - CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended - elliptic curve domain */ - CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */ - CKMC_EC_SECP384R1 /**< NIST curve P-384(covers "secp384r1", the elliptic curve domain - listed in See SEC 2 */ + CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended + elliptic curve domain */ + CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */ + CKMC_EC_SECP384R1 /**< NIST curve P-384(covers "secp384r1", the elliptic curve domain + listed in See SEC 2 */ } ckmc_ec_type_e; + /** * @brief Enumeration for hash algorithm. * @since_tizen 2.3 */ typedef enum __ckmc_hash_algo { - CKMC_HASH_NONE = 0, /**< No Hash Algorithm */ - CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */ - CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */ - CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */ - CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */ + CKMC_HASH_NONE = 0, /**< No Hash Algorithm */ + CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */ + CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */ + CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */ + CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */ } ckmc_hash_algo_e; + /** * @brief Enumeration for RSA padding algorithm. * @since_tizen 2.3 */ typedef enum __ckmc_rsa_padding_algo { - CKMC_NONE_PADDING = 0, /**< No Padding */ - CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */ - CKMC_X931_PADDING /**< X9.31 padding */ + CKMC_NONE_PADDING = 0, /**< No Padding */ + CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */ + CKMC_X931_PADDING /**< X9.31 padding */ } ckmc_rsa_padding_algo_e; + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_permission_e() instead] * @brief Enumeration for database access rights. * @since_tizen 2.3 */ typedef enum __ckmc_access_right { - CKMC_AR_READ = 0, /**< Access right for read*/ - CKMC_AR_READ_REMOVE /**< Access right for read and remove*/ + CKMC_AR_READ = 0, /**< Access right for read*/ + CKMC_AR_READ_REMOVE /**< Access right for read and remove*/ } ckmc_access_right_e; + /** * @brief Enumeration for permissions to access/modify alias. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef enum __ckmc_permission { - CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */ - CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */ - CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */ + CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */ + CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */ + CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */ } ckmc_permission_e; + /** * @brief The structure for binary buffer used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_raw_buff { unsigned char *data; /**< Byte array containing binary data */ - size_t size; /**< The size of the binary data */ + size_t size; /**< The size of the binary data */ } ckmc_raw_buffer_s; + /** * @brief The structure for a policy for storing key/certificate/binary data. * @since_tizen 2.3 */ typedef struct __ckmc_policy { - char *password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data - (or key, or certificate) is stored encrypted with this password inside - key manager */ + char *password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data + (or key, or certificate) is stored encrypted with this password inside + key manager */ bool extractable; /**< If true key may be extracted from storage */ } ckmc_policy_s; + /** * @brief The structure for key used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_key { unsigned char - *raw_key; /**< Byte array of key. raw_key may be encrypted with password */ - size_t key_size; /**< The byte size of raw_key */ + *raw_key; /**< Byte array of key. raw_key may be encrypted with password */ + size_t key_size; /**< The byte size of raw_key */ ckmc_key_type_e key_type; /**< The raw_key's type */ - char *password; /**< Byte array used to decrypt data raw_key inside key manager. */ + char *password; /**< Byte array used to decrypt data raw_key inside key manager. */ } ckmc_key_s; + /** * @brief The structure for certificate used in key manager CAPI. * @since_tizen 2.3 */ typedef struct __ckmc_cert { - unsigned char *raw_cert; /**< Byte array of certificate */ - size_t cert_size; /**< Byte size of raw_cert */ + unsigned char *raw_cert; /**< Byte array of certificate */ + size_t cert_size; /**< Byte size of raw_cert */ ckmc_data_format_e data_format; /**< Raw_cert's encoding format */ } ckmc_cert_s; + /** * @brief The structure for linked list of alias. * @since_tizen 2.3 */ typedef struct __ckmc_alias_list { - char *alias; /**< The name of key, certificate or data stored in key manager */ + char *alias; /**< The name of key, certificate or data stored in key manager */ struct __ckmc_alias_list *next; /**< The pointer pointing to the next ckmc_alias_list_s */ } ckmc_alias_list_s; + /** * @brief The structure for linked list of ckmc_cert_s * @since_tizen 2.3 */ typedef struct __ckmc_cert_list { - ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */ + ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */ struct __ckmc_cert_list *next; /**< The pointer pointing to the next ckmc_cert_list_s */ } ckmc_cert_list_s; + /** * @brief Enumeration for OCSP status. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef enum __ckmc_ocsp_status { - CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */ - CKMC_OCSP_STATUS_REVOKED, /**< The certificate is revoked */ - CKMC_OCSP_STATUS_UNKNOWN, /**< Unknown error */ - CKMC_OCSP_ERROR_UNSUPPORTED, /**< The certificate does not provide OCSP extension */ - CKMC_OCSP_ERROR_INVALID_URL, /**< The invalid URL in certificate OCSP extension */ - CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< The invalid response from OCSP server */ - CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */ - CKMC_OCSP_ERROR_NET, /**< Network connection error */ - CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */ + CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */ + CKMC_OCSP_STATUS_REVOKED, /**< The certificate is revoked */ + CKMC_OCSP_STATUS_UNKNOWN, /**< Unknown error */ + CKMC_OCSP_ERROR_UNSUPPORTED, /**< The certificate does not provide OCSP extension */ + CKMC_OCSP_ERROR_INVALID_URL, /**< The invalid URL in certificate OCSP extension */ + CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< The invalid response from OCSP server */ + CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */ + CKMC_OCSP_ERROR_NET, /**< Network connection error */ + CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */ } ckmc_ocsp_status_e; + /** * @brief The structure for PKCS12 used in key manager CAPI. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif */ typedef struct __ckmc_pkcs12 { - ckmc_key_s *priv_key; /**< The private key, may be null */ - ckmc_cert_s *cert; /**< The certificate, may be null */ + ckmc_key_s *priv_key; /**< The private key, may be null */ + ckmc_cert_s *cert; /**< The certificate, may be null */ ckmc_cert_list_s *ca_chain; /**< The chain certificate list, may be null */ } ckmc_pkcs12_s; + /** * @brief Enumeration for crypto algorithm parameters. * @since_tizen 3.0 - * * @see #ckmc_algo_type_e */ typedef enum __ckmc_param_name { CKMC_PARAM_ALGO_TYPE = 1, - CKMC_PARAM_ED_IV = 101, /**< 16B buffer (up to 2^64-1 bytes long in case of AES GCM) */ - CKMC_PARAM_ED_CTR_LEN, /**< integer - ctr length in bits*/ - CKMC_PARAM_ED_AAD, /**< buffer */ - CKMC_PARAM_ED_TAG_LEN, /**< integer - tag length in bits */ - CKMC_PARAM_ED_LABEL /**< buffer */ + CKMC_PARAM_ED_IV = 101, /**< 16B buffer (up to 2^64-1 bytes long in case of AES GCM) */ + CKMC_PARAM_ED_CTR_LEN, /**< integer - ctr length in bits*/ + CKMC_PARAM_ED_AAD, /**< buffer */ + CKMC_PARAM_ED_TAG_LEN, /**< integer - tag length in bits */ + CKMC_PARAM_ED_LABEL /**< buffer */ } ckmc_param_name_e; + /** - * @brief Handle for algorithm parameter list. + * @brief Algorithm parameter list handle. * @since_tizen 3.0 - * - * @remarks Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the - * algorithm. - * @remarks See #ckmc_algo_type_e for available algorithms and additional parameters they support. - * + * @remarks Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the algorithm. + * See #ckmc_algo_type_e for available algorithms and additional parameters they support. * @see ckmc_generate_new_params() * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() @@ -290,238 +300,189 @@ typedef enum __ckmc_param_name { */ typedef struct __ckmc_param_list *ckmc_param_list_h; + /** * @brief Enumeration for crypto algorithm types. * @since_tizen 3.0 - * * @see #ckmc_param_name_e */ typedef enum __ckmc_algo_type { - CKMC_ALGO_AES_CTR = 1, /**< AES-CTR algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CTR(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) - - CKMC_PARAM_ED_CTR_LEN = length of counter block in bits - (optional, only 128b is supported at the moment) */ - - CKMC_ALGO_AES_CBC, /**< AES-CBC algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CBC(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ - - CKMC_ALGO_AES_GCM, /**< AES-GCM algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_GCM(mandatory), - - CKMC_PARAM_ED_IV = initialization vector(mandatory) - - CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of - {32, 64, 96, 104, 112, 120, 128} (optional, if not present the - length 128 is used) - - CKMC_PARAM_ED_AAD = additional authentication data(optional) */ - - CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CFB(mandatory), - - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ - - CKMC_ALGO_RSA_OAEP /**< RSA-OAEP algorithm - Supported parameters: - - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_RSA_OAEP(required), - - CKMC_PARAM_ED_LABEL = label to be associated with the message - (optional, not supported at the moment) */ + CKMC_ALGO_AES_CTR = 1, /**< AES-CTR algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CTR(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) + - CKMC_PARAM_ED_CTR_LEN = length of counter block in bits + (optional, only 128b is supported at the moment) */ + + CKMC_ALGO_AES_CBC, /**< AES-CBC algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CBC(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ + + CKMC_ALGO_AES_GCM, /**< AES-GCM algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_GCM(mandatory), + - CKMC_PARAM_ED_IV = initialization vector(mandatory) + - CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of + {32, 64, 96, 104, 112, 120, 128} (optional, if not present, the + length 128 is used) + - CKMC_PARAM_ED_AAD = additional authentication data(optional) */ + + CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CFB(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ + + CKMC_ALGO_RSA_OAEP /**< RSA-OAEP algorithm + Supported parameters: + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_RSA_OAEP(required), + - CKMC_PARAM_ED_LABEL = label to be associated with the message + (optional, not supported at the moment) */ } ckmc_algo_type_e; + /** * @brief Creates a new full alias which is a concatenation of @a owner_id and @a alias. - * * @since_tizen 3.0 - * * @remarks @a full_alias should be freed with free() after use. * @remarks Returns #CKMC_ERROR_INVALID_PARAMETER if any of parameter is NULL. * @remarks Returns #CKMC_ERROR_INVALID_PARAMETER if @a owner_id is empty. - * - * @param[in] owner_id Data owner's id. This should be package id if data owner is - * application. If you want to access data stored by system - * services, it should be #ckmc_owner_id_system - * @param[in] alias Data alias - * @param[out] full_alias The newly created alias which is a concatenation of - * @a owner_id, #ckmc_owner_id_separator and @a alias. - * Destroy by free() after use - * - * @return #CKMC_ERROR_NONE on success, otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @param[in] owner_id Data owner's id. This should be package id if data owner is + * application. If you want to access data stored by system + * services, it should be #ckmc_owner_id_system + * @param[in] alias Data alias + * @param[out] full_alias The newly created alias which is a concatenation of + * @a owner_id, #ckmc_owner_id_separator and @a alias. + * Destroy by free() after use + * @return #CKMC_ERROR_NONE on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see #ckmc_owner_id_separator * @see #ckmc_owner_id_system */ int ckmc_alias_new(const char *owner_id, const char *alias, char **full_alias); + /** * @brief Creates a new #ckmc_key_s handle and returns it. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_key_s by calling ckmc_key_free() if it is no - * longer needed. - * - * @param[in] raw_key The byte array of key \n - * @a raw_key may be encrypted with password + * @remarks You must destroy the newly created #ckmc_key_s by calling ckmc_key_free() if it is no longer needed. + * @param[in] raw_key The byte array of key \n + * @a raw_key may be encrypted with password * @param[in] key_size The byte size of @a raw_key * @param[in] key_type The @a raw_key's type * @param[in] password The byte array used to decrypt @a raw_key inside key manager \n * If @a raw_key is not encrypted, @a password can be null - * @param[out] ppkey The pointer to a newly created #ckmc_key_s handle - * + * @param[out] ppkey The pointer to a newly created #ckmc_key_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_key_free() * @see #ckmc_key_s */ -int ckmc_key_new(unsigned char *raw_key, - size_t key_size, - ckmc_key_type_e key_type, - char *password, ckmc_key_s **ppkey); +int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey); + /** * @brief Destroys the #ckmc_key_s handle and releases all its resources. - * * @since_tizen 2.3 - * * @param[in] key The #ckmc_key_s handle to destroy - * */ void ckmc_key_free(ckmc_key_s *key); + /** * @brief Creates a new #ckmc_raw_buffer_s handle and returns it. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_raw_buffer_s by calling ckmc_buffer_free() if - * it is no longer needed. - * - * @param[in] data The byte array of buffer - * @param[in] size The byte size of buffer - * @param[out] ppbuffer The pointer to a newly created #ckmc_raw_buffer_s handle - * + * @remarks You must destroy the newly created #ckmc_raw_buffer_s by calling ckmc_buffer_free() if it is no longer needed. + * @param[in] data The byte array of buffer + * @param[in] size The byte size of buffer + * @param[out] ppbuffer The pointer to a newly created #ckmc_raw_buffer_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_buffer_free() * @see #ckmc_raw_buffer_s */ -int ckmc_buffer_new(unsigned char *data, size_t size, - ckmc_raw_buffer_s **ppbuffer); +int ckmc_buffer_new(unsigned char *data, size_t size, ckmc_raw_buffer_s **ppbuffer); + /** * @brief Destroys the #ckmc_raw_buffer_s handle and releases all its resources. - * * @since_tizen 2.3 - * * @param[in] buffer The #ckmc_raw_buffer_s structure to destroy - * */ void ckmc_buffer_free(ckmc_raw_buffer_s *buffer); + /** * @brief Creates a new #ckmc_cert_s handle and returns it. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is - * no longer needed. - * - * @param[in] raw_cert The byte array of certificate - * @param[in] cert_size The byte size of raw_cert - * @param[in] data_format The encoding format of raw_cert - * @param[out] ppcert The pointer to a newly created #ckmc_cert_s handle - * + * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is no longer needed. + * @param[in] raw_cert The byte array of certificate + * @param[in] cert_size The byte size of raw_cert + * @param[in] data_format The encoding format of raw_cert + * @param[out] ppcert The pointer to a newly created #ckmc_cert_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_cert_free() * @see ckmc_load_cert_from_file() * @see #ckmc_cert_s */ -int ckmc_cert_new(unsigned char *raw_cert, - size_t cert_size, - ckmc_data_format_e data_format, - ckmc_cert_s **ppcert); +int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert); + /** * @brief Destroys the #ckmc_cert_s handle and releases all its resources. - * * @since_tizen 2.3 - * * @param[in] cert The #ckmc_cert_s handle to destroy - * * @see ckmc_load_cert_from_file() */ void ckmc_cert_free(ckmc_cert_s *cert); + /** * @brief Creates a new #ckmc_cert_s handle from a given file and returns it. - * * @since_tizen 2.3 - * - * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is - * no longer needed. - * - * @param[in] file_path The path of certificate file to be loaded \n - * The only DER or PEM encoded certificate file is supported - * @param[out] cert The pointer of newly created #ckmc_cert_s handle - * + * @remarks You must destroy the newly created #ckmc_cert_s by calling ckmc_cert_free() if it is no longer needed. + * @param[in] file_path The path of certificate file to be loaded \n + * The only DER or PEM encoded certificate file is supported + * @param[out] cert The pointer of newly created #ckmc_cert_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed * @see ckmc_cert_free() * @see #ckmc_cert_s */ int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert); + /** * @brief Creates a new #ckmc_pkcs12_s handle and returns it. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it - * is no longer needed. - * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly - * returned ckmc_pkcs12_s. - * - * @param[in] private_key #ckmc_key_s handle to the private key (optional) - * @param[in] cert #ckmc_cert_s handle to the certificate (optional) - * @param[in] ca_cert_list #ckmc_cert_list_s list of chain certificate handles (optional) - * @param[out] pkcs12_bundle The pointer to a newly created #ckmc_pkcs12_s handle - * + * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it is no longer needed. + * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly returned ckmc_pkcs12_s. + * @param[in] private_key #ckmc_key_s handle to the private key (optional) + * @param[in] cert #ckmc_cert_s handle to the certificate (optional) + * @param[in] ca_cert_list #ckmc_cert_list_s list of chain certificate handles (optional) + * @param[out] pkcs12_bundle The pointer to a newly created #ckmc_pkcs12_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and - * ca_cert_list all are null - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and ca_cert_list all are null + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_pkcs12_free() * @see ckmc_pkcs12_load() * @see #ckmc_key_s @@ -529,40 +490,30 @@ int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert); * @see #ckmc_cert_list_s * @see #ckmc_pkcs12_s */ -int ckmc_pkcs12_new(ckmc_key_s *private_key, - ckmc_cert_s *cert, - ckmc_cert_list_s *ca_cert_list, - ckmc_pkcs12_s **pkcs12_bundle); +int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert, ckmc_cert_list_s *ca_cert_list, ckmc_pkcs12_s **pkcs12_bundle); + /** * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_pkcs12_load() instead] - * @brief Creates a new #ckmc_key_s (@a private_key), #ckmc_cert_s (@a cert), and - * #ckmc_cert_list_s (@a ca_cert_list) handle from a given PKCS#12 file and returns them. - * + * @brief Creates a new #ckmc_key_s (@a private_key), #ckmc_cert_s (@a cert), and #ckmc_cert_list_s (@a ca_cert_list) handle from a given PKCS#12 file and returns them. * @since_tizen 2.3 - * * @remarks You must destroy the newly created #ckmc_key_s, #ckmc_cert_s, and * #ckmc_cert_list_s by calling ckmc_key_free(), ckmc_cert_free(), and * ckmc_cert_list_all_free() if they are no longer needed. - * - * @param[in] file_path The path of PKCS12 file to be loaded - * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n - * If PKCS12 file is not encrypted, passphrase can be null - * @param[out] private_key The pointer of newly created #ckmc_key_s handle for a private key - * @param[out] cert The pointer of newly created #ckmc_cert_s handle for a certificate \n - * It is null if the PKCS12 file does not contain a certificate - * @param[out] ca_cert_list The pointer of newly created #ckmc_cert_list_s handle for CA - * certificates \n + * @param[in] file_path The path of PKCS12 file to be loaded + * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n + * If PKCS12 file is not encrypted, passphrase can be null + * @param[out] private_key The pointer of newly created #ckmc_key_s handle for a private key + * @param[out] cert The pointer of newly created #ckmc_cert_s handle for a certificate \n + * It is null if the PKCS12 file does not contain a certificate + * @param[out] ca_cert_list The pointer of newly created #ckmc_cert_list_s handle for CA certificates \n * It is null if the PKCS12 file does not contain CA certificates - * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed * @see ckmc_pkcs12_new() * @see ckmc_pkcs12_load() * @see ckmc_key_free() @@ -572,230 +523,164 @@ int ckmc_pkcs12_new(ckmc_key_s *private_key, * @see #ckmc_cert_s * @see #ckmc_cert_list_s */ -int ckmc_load_from_pkcs12_file(const char *file_path, - const char *passphrase, - ckmc_key_s **private_key, ckmc_cert_s **cert, - ckmc_cert_list_s **ca_cert_list) -TIZEN_DEPRECATED_API; +int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **cert, ckmc_cert_list_s **ca_cert_list) TIZEN_DEPRECATED_API; + /** * @brief Creates a new #ckmc_pkcs12_s handle from a given PKCS#12 file and returns it. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if - * they are no longer needed. - * - * @param[in] file_path The path of PKCS12 file to be loaded - * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n - * If PKCS12 file is not encrypted, passphrase can be null - * @param[out] pkcs12_bundle The pointer of newly created #ckmc_cert_list_s handle for CA - * certificates \n - * It is null if the PKCS12 file does not contain CA certificates - * + * @remarks You must destroy the newly created #ckmc_pkcs12_s by calling ckmc_pkcs12_free() if they are no longer needed. + * @param[in] file_path The path of PKCS12 file to be loaded + * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n + * If PKCS12 file is not encrypted, passphrase can be null + * @param[out] pkcs12_bundle The pointer of newly created #ckmc_cert_list_s handle for CA certificates \n + * It is null if the PKCS12 file does not contain CA certificates * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space - * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format - * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space + * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format + * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed * @see ckmc_pkcs12_free() * @see #ckmc_pkcs12_s */ -int ckmc_pkcs12_load(const char *file_path, - const char *passphrase, - ckmc_pkcs12_s **pkcs12_bundle); +int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_s **pkcs12_bundle); + /** * @brief Destroys the #ckmc_pkcs12_s handle and releases all its resources. - * * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * * @param[in] pkcs12 The #ckmc_pkcs12_s handle to destroy - * * @see ckmc_pkcs12_new() * @see ckmc_pkcs12_load() */ void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12); + /** * @brief Creates a new #ckmc_alias_list_s handle and returns it. - * The alias pointer in the returned #ckmc_alias_list_s handle points to the provided - * characters and next is null. - * + * The alias pointer in the returned #ckmc_alias_list_s handle points to the provided characters and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * * @remarks You must destroy the newly created #ckmc_alias_list_s - * by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer - * needed. - * - * @param[in] alias The first item to be set in the newly created #ckmc_alias_list_s + * by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer needed. + * @param[in] alias The first item to be set in the newly created #ckmc_alias_list_s * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle - * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list); + /** - * @brief Creates a new #ckmc_alias_list_s handle, adds it to a previous #ckmc_alias_list_s and - * returns it. The alias pointer in the returned #ckmc_alias_list_s handle points to the - * provided characters and next is null. - * + * @brief Creates a new #ckmc_alias_list_s handle, adds it to a previous #ckmc_alias_list_s and returns it. + * The alias pointer in the returned #ckmc_alias_list_s handle points to the provided characters and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @param[in] previous The last #ckmc_alias_list_s handle to which a newly created - * #ckmc_alias_list_s is added - * @param[in] alias The item to be set in the newly created #ckmc_alias_list_s - * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle - * + * @param[in] previous The last #ckmc_alias_list_s handle to which a newly created #ckmc_alias_list_s is added + * @param[in] alias The item to be set in the newly created #ckmc_alias_list_s + * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ -int ckmc_alias_list_add(ckmc_alias_list_s *previous, - char *alias, - ckmc_alias_list_s **pplast); +int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast); + /** - * @brief Destroys the #ckmc_alias_list_s handle and releases resources of #ckmc_alias_list_s - * from the provided first handle cascadingly. - * + * @brief Destroys the #ckmc_alias_list_s handle and releases resources of #ckmc_alias_list_s from the provided first handle cascadingly. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * * @remarks It does not destroy an alias itself in #ckmc_alias_list_s. - * * @param[in] first The first #ckmc_alias_list_s handle to destroy - * * @see ckmc_alias_list_all_free() * @see #ckmc_alias_list_s */ void ckmc_alias_list_free(ckmc_alias_list_s *first); + /** - * @brief Destroys the #ckmc_alias_list_s handle and releases all its resources from the provided - * first handle cascadingly. - * + * @brief Destroys the #ckmc_alias_list_s handle and releases all its resources from the provided first handle cascadingly. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * * @remarks It also destroys the alias in #ckmc_alias_list_s. - * * @param[in] first The first #ckmc_alias_list_s handle to destroy - * * @see #ckmc_alias_list_s */ void ckmc_alias_list_all_free(ckmc_alias_list_s *first); + /** * @brief Creates a new #ckmc_cert_list_s handle and returns it. - * The cert pointer in the returned #ckmc_cert_list_s handle points to the provided - * #ckmc_cert_s and next is null. - * + * The cert pointer in the returned #ckmc_cert_list_s handle points to the provided #ckmc_cert_s and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @remarks You must destroy the newly created #ckmc_cert_list_s by calling ckmc_cert_list_free() - * or ckmc_cert_list_all_free() if it is no longer needed. - * - * @param[in] cert The first item to be set in the newly created #ckmc_cert_list_s - * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle - * + * @remarks You must destroy the newly created #ckmc_cert_list_s by calling ckmc_cert_list_free() or ckmc_cert_list_all_free() if it is no longer needed. + * @param[in] cert The first item to be set in the newly created #ckmc_cert_list_s + * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list); + /** - * @brief Creates a new #ckmc_cert_list_s handle, adds it to a previous #ckmc_cert_list_s and - * returns it. The cert pointer in the returned #ckmc_alias_list_s handle points to the - * provided #ckmc_cert_s and next is null. - * + * @brief Creates a new #ckmc_cert_list_s handle, adds it to a previous #ckmc_cert_list_s and returns it. + * The cert pointer in the returned #ckmc_alias_list_s handle points to the provided #ckmc_cert_s and next is null. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * - * @param[in] previous The last #ckmc_cert_list_s handle to which a newly created - * #ckmc_cert_list_s is added - * @param[in] cert The item to be set in the newly created #ckmc_cert_list_s - * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle - * + * @param[in] previous The last #ckmc_cert_list_s handle to which a newly created #ckmc_cert_list_s is added + * @param[in] cert The item to be set in the newly created #ckmc_cert_list_s + * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ -int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, - ckmc_cert_list_s **pplast); +int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast); + /** - * @brief Destroys the #ckmc_cert_list_s handle and releases resources of #ckmc_cert_list_s - * from the provided first handle cascadingly. - * + * @brief Destroys the #ckmc_cert_list_s handle and releases resources of #ckmc_cert_list_s from the provided first handle cascadingly. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif - * * @remarks It does not destroy #ckmc_cert_s itself in #ckmc_cert_list_s. - * * @param[in] first The first #ckmc_cert_list_s handle to destroy - * * @see ckmc_cert_list_all_free() * @see #ckmc_cert_list_s */ void ckmc_cert_list_free(ckmc_cert_list_s *first); + /** - * @brief Destroys the #ckmc_cert_list_s handle and releases all its resources from the provided - * first handle cascadingly. - * + * @brief Destroys the #ckmc_cert_list_s handle and releases all its resources from the provided first handle cascadingly. * @since_tizen 2.3 - * * @remarks It also destroys #ckmc_cert_s in #ckmc_cert_list_s. - * * @param[in] first The first #ckmc_cert_list_s handle to destroy - * * @see #ckmc_cert_list_s */ void ckmc_cert_list_all_free(ckmc_cert_list_s *first); + /** * @brief Creates new parameter list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for freeing it with ckmc_param_list_free(). - * - * @param[in] pparams Double pointer to the handle of param list to which the - * newly created algorithm param list will be assigned - * + * @param[in] pparams Double pointer to the handle of param list to which the newly created algorithm param list will be assigned * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() * @see ckmc_param_list_free() @@ -806,27 +691,21 @@ void ckmc_cert_list_all_free(ckmc_cert_list_s *first); */ int ckmc_param_list_new(ckmc_param_list_h *pparams); + /** * @brief Sets integer parameter to the list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() \n - * New param with @a name and @a value will be set` here - * @param[in] name Name of parameter to set \n - * Existing parameter will be overwritten \n - * Passing invalid parameter name will result in an error - * @param[in] value Value of the parameter in form of a integer - * + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() \n + * New param with @a name and @a value will be set here + * @param[in] name Name of parameter to set \n + * Existing parameter will be overwritten \n + * Passing invalid parameter name will result in an error + * @param[in] value Value of the parameter in form of a integer * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_buffer() * @see ckmc_param_list_get_integer() @@ -837,32 +716,24 @@ int ckmc_param_list_new(ckmc_param_list_h *pparams); * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_set_integer(ckmc_param_list_h params, - ckmc_param_name_e name, - uint64_t value); +int ckmc_param_list_set_integer(ckmc_param_list_h params, ckmc_param_name_e name, uint64_t value); + /** * @brief Sets buffer parameter to the list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() - * New param with @a name and @a buffer will be set here - * @param[in] name Name of parameter to set \n - * Existing parameter will be overwritten \n - * Passing invalid parameter name will result in an error - * @param[in] buffer Value of the parameter in form of a buffer \n - * Caller is responsible for creating and freeing the buffer - * + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() + * New param with @a name and @a buffer will be set here + * @param[in] name Name of parameter to set \n + * Existing parameter will be overwritten \n + * Passing invalid parameter name will result in an error + * @param[in] buffer Value of the parameter in form of a buffer \n + * Caller is responsible for creating and freeing the buffer * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_get_integer() @@ -873,29 +744,21 @@ int ckmc_param_list_set_integer(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_set_buffer(ckmc_param_list_h params, - ckmc_param_name_e name, - const ckmc_raw_buffer_s *buffer); +int ckmc_param_list_set_buffer(ckmc_param_list_h params, ckmc_param_name_e name, const ckmc_raw_buffer_s *buffer); + /** * @brief Gets integer parameter from the list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() - * which contains param with @a name - * @param[in] name Name of parameter to get - * @param[out] pvalue Value of the parameter in form of a integer - * + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() + * which contains param with @a name + * @param[in] name Name of parameter to get + * @param[out] pvalue Value of the parameter in form of a integer * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -906,31 +769,22 @@ int ckmc_param_list_set_buffer(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ +int ckmc_param_list_get_integer(ckmc_param_list_h params, ckmc_param_name_e name, uint64_t *pvalue); -int ckmc_param_list_get_integer(ckmc_param_list_h params, - ckmc_param_name_e name, - uint64_t *pvalue); /** * @brief Gets buffer parameter from the list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for #ckmc_param_list_h creation. - * - * @param[in] params Algorithm param list handle created with - * ckmc_param_list_new() or ckmc_generate_new_params() - * which contains param with @a name - * @param[in] name Name of parameter to get + * @param[in] params Algorithm param list handle created with ckmc_param_list_new() or ckmc_generate_new_params() + * which contains param with @a name + * @param[in] name Name of parameter to get * @param[out] ppbuffer Value of the parameter in form of a buffer \n * Caller is responsible for creating and freeing the buffer - * * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -942,17 +796,13 @@ int ckmc_param_list_get_integer(ckmc_param_list_h params, * @see #ckmc_param_name_e * @see #ckmc_algo_type_e */ -int ckmc_param_list_get_buffer(ckmc_param_list_h params, - ckmc_param_name_e name, - ckmc_raw_buffer_s **ppbuffer); +int ckmc_param_list_get_buffer(ckmc_param_list_h params, ckmc_param_name_e name, ckmc_raw_buffer_s **ppbuffer); + /** * @brief Frees previously allocated list of algorithm params. - * * @since_tizen 3.0 - * - * @param[in] params First element of the list to be freed - * + * @param[in] params First element of the list to be freed * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -965,26 +815,21 @@ int ckmc_param_list_get_buffer(ckmc_param_list_h params, */ void ckmc_param_list_free(ckmc_param_list_h params); + /** * @brief Generates algorithm parameters for a given algorithm type and set them to the list. - * * @since_tizen 3.0 - * * @remarks Caller is responsible for #ckmc_param_list_h destruction. * @remarks Algorithm parameters are set to default values. Optional fields are left empty. - * Initialization vectors are left empty (they have to be set manually). Caller is - * responsible for freeing the list with ckmc_param_list_free(). + * Initialization vectors are left empty (they have to be set manually). + * Caller is responsible for freeing the list with ckmc_param_list_free(). * @remarks If the function returns error, provided param list may contain some of default parameters. - * - * @param[in] type Type of the algorithm - * @param[out] pparams Newly generated handle of param list which should be freed by caller after used - * + * @param[in] type Type of the algorithm + * @param[out] pparams Newly generated handle of param list which should be freed by caller after use * @return #CKMC_ERROR_NONE on success, * otherwise a negative error value - * - * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid - * + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @see ckmc_param_list_new() * @see ckmc_param_list_set_integer() * @see ckmc_param_list_set_buffer() @@ -997,12 +842,15 @@ void ckmc_param_list_free(ckmc_param_list_h params); */ int ckmc_generate_new_params(ckmc_algo_type_e type, ckmc_param_list_h *pparams); + /** * @} */ + #ifdef __cplusplus } #endif + #endif /* __TIZEN_CORE_CKMC_TYPE_H */ -- 2.7.4 From 40cf296488d386b60e858d1793a78bcd40fa3c0e Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 3 Feb 2017 11:13:09 +0900 Subject: [PATCH 04/16] Update documents in doc/ Change-Id: I3de73523d2a51f8508482247eddb2bc2a0078ad7 Signed-off-by: Kyungwook Tak (cherry picked from commit 95fa5548e0f83e620c683d56cbfa41dede72d38c) --- doc/key-manager-client_doc.h | 8 ++++++-- doc/key-manager-types_doc.h | 10 ++++++---- doc/key-manager_doc.h | 24 +++++++++++------------- 3 files changed, 23 insertions(+), 19 deletions(-) diff --git a/doc/key-manager-client_doc.h b/doc/key-manager-client_doc.h index 25720cc..b17a65c 100644 --- a/doc/key-manager-client_doc.h +++ b/doc/key-manager-client_doc.h @@ -13,13 +13,16 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + + #ifndef __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ + + /** * @ingroup CAPI_KEY_MANAGER_MODULE * @defgroup CAPI_KEY_MANAGER_CLIENT_MODULE Key Manager Client - * @brief It provides APIs accessing on the secure repository and additional secure cryptographic operations. - * + * @brief It provides APIs accessing on the secure repository and additional secure cryptographic operations. * @section CAPI_KEY_MANAGER_CLIENT_MODULE_HEADER Required Header * \#include * @@ -28,4 +31,5 @@ * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients. */ + #endif /* __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ */ diff --git a/doc/key-manager-types_doc.h b/doc/key-manager-types_doc.h index c13d822..8c975b8 100644 --- a/doc/key-manager-types_doc.h +++ b/doc/key-manager-types_doc.h @@ -13,20 +13,22 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + + #ifndef __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ + + /** * @ingroup CAPI_KEY_MANAGER_MODULE * @defgroup CAPI_KEY_MANAGER_TYPES_MODULE Key Manager Data Types - * @brief It defines data types used in these APIs and provides utility methods handling them. - * + * @brief It defines data types used in these APIs and provides utility methods handling them. * @section CAPI_KEY_MANAGER_TYPES_MODULE_HEADER Required Header * \#include * * @section CAPI_KEY_MANAGER_TYPES_MODULE_OVERVIEW Overview - * It defines data types for key, certificate,raw buffer, and linked list used in these APIs. + * It defines data types for key, certificate, raw buffer, and linked list used in these APIs. * It also provides new and free methods for them. - * */ #endif /* __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ */ diff --git a/doc/key-manager_doc.h b/doc/key-manager_doc.h index d34293f..776a124 100644 --- a/doc/key-manager_doc.h +++ b/doc/key-manager_doc.h @@ -13,14 +13,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + + #ifndef __TIZEN_CORE_KEY_MANAGER_DOC_H__ #define __TIZEN_CORE_KEY_MANAGER_DOC_H__ + + /** * @ingroup CAPI_SECURITY_FRAMEWORK * @defgroup CAPI_KEY_MANAGER_MODULE Key Manager - * @brief The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs. - * Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients. - * + * @brief The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs. + * Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients. * @section CAPI_KEY_MANAGER_MODULE_OVERVIEW Overview * * @@ -33,18 +36,15 @@ * * *
APIDescription
Defines data types used in these APIs and provides utility methods handling them.
- * * It provides a secure repository for keys, certificates, and sensitive data of users and/or their APPs which are protected by Tizen platform. * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients. * * @image html capi_key_manager_overview_diagram.png - * * The key manager provides 2 types of API. - * - secure repository APIs : These APIs provides storing, retrieving, and removing functions for keys, certificates, and data. - * - secure crypto APIs : These APIs provides additional cryptographic operations (create asymmetric key pair, sign/verify signature, verify certificate). - * + * - secure repository APIs: These APIs provides storing, retrieving, and removing functions for keys, certificates, and data. + * - secure crypto APIs: These APIs provides additional cryptographic operations (create asymmetric key pair, sign/verify signature, verify certificate). * Data Store Policy: - * A client can specify simple access rules when storing a data in Key Manager. + * A client can specify simple access rules when storing data in Key Manager. * - Exportable/Non-Exportable: * Only for data tagged as exportable, Key Manager returns the raw value of the data. * If data is tagged as non-exportable, Key Manager does not return its raw value. @@ -53,20 +53,18 @@ * All data in Key Manager is protected by Tizen platform. * Besides, a client can encrypt its data using its own password additionally. * If a client provides a password when storing a data, the data will be encrypted with the password. - * This password should be provided when get the data from Key Manager. - * + * This password should be provided when getting the data from Key Manager. * Data Access Control * - By default, only the owner of a data can access to the data. * - If the owner grants the access to other applications, those applications can read or delete the data from key-manager DB. * - When an application is deleted, the data and access control information granted by the application are also removed. - * * Alias Format * - The format of alias is "package_id name". * - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally. * - The client can specify only its own package id in the alias when storing a key, certificate, or data. * - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications. * - Aliases are returned as the format of "package_id name" from the key-manager. - * */ + #endif /* __TIZEN_CORE_KEY_MANAGER_DOC_H__ */ -- 2.7.4 From a5564b5f554bd65c65fd179dac18d7035ac753cc Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Thu, 9 Feb 2017 15:48:15 +0900 Subject: [PATCH 05/16] Fix svace defects Change-Id: I66ecb17a5ca78ac7e3f64181b57039251c189b41 Signed-off-by: Kyungwook Tak --- src/manager/service/db-row.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/manager/service/db-row.h b/src/manager/service/db-row.h index 722e149..97edfab 100644 --- a/src/manager/service/db-row.h +++ b/src/manager/service/db-row.h @@ -43,11 +43,11 @@ struct Row : public Token { Name name; Label ownerLabel; - int exportable; - DBCMAlgType algorithmType; // Algorithm type used for row data encryption - int encryptionScheme; // for example: (ENCR_BASE64 | ENCR_PASSWORD) + int exportable = 0; + DBCMAlgType algorithmType = DBCMAlgType::NONE; // Row data encryption algorithm + int encryptionScheme = 0; // for example: (ENCR_BASE64 | ENCR_PASSWORD) RawBuffer iv; // encoded in base64 - int dataSize; // size of information without hash and padding + int dataSize = 0; // size of information without hash and padding RawBuffer tag; // tag for Aes Gcm algorithm }; -- 2.7.4 From b43fe16d9f7b2862115e73ac1116b25ad01b0f05 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Wed, 29 Mar 2017 17:18:37 +0900 Subject: [PATCH 06/16] Add %license macro for each sub package Change-Id: Iab00d7a0f4b4e19e30ab37d9bfe3dde755981fe2 Signed-off-by: Dongsun Lee (cherry picked from commit 4455ee508bc764d55d55dbe8585cca623de7ad38) --- packaging/key-manager.spec | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 8ec74d6..b229120 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -7,7 +7,7 @@ Summary: Central Key Manager and utilities Version: 0.1.23 Release: 1 Group: Security/Secure Storage -License: Apache-2.0 and BSL-1.0 and BSD-3-Clause +License: Apache-2.0 and BSD-3-Clause Source0: %{name}-%{version}.tar.gz Source1001: key-manager-pam-plugin.manifest Source1002: libkey-manager-client.manifest @@ -67,6 +67,7 @@ application to sign and verify (DSA/RSA/ECDSA) signatures. %package -n libkey-manager-common Summary: Central Key Manager (common libraries) Group: Security/Libraries +License: Apache-2.0 Requires(post): %{sbin_dir}/ldconfig Requires(postun): %{sbin_dir}/ldconfig @@ -76,6 +77,7 @@ Central Key Manager package (common library) %package -n libkey-manager-client Summary: Central Key Manager (client) Group: Security/Libraries +License: Apache-2.0 Requires: key-manager = %{version}-%{release} Requires: libkey-manager-common = %{version}-%{release} Requires(post): %{sbin_dir}/ldconfig @@ -87,6 +89,7 @@ Central Key Manager package (client) %package -n libkey-manager-client-devel Summary: Central Key Manager (client-devel) Group: Security/Development +License: Apache-2.0 BuildRequires: pkgconfig(capi-base-common) Requires: pkgconfig(capi-base-common) Requires: libkey-manager-client = %{version}-%{release} @@ -97,6 +100,7 @@ Central Key Manager package (client-devel) %package -n key-manager-tests Summary: Internal test for key-manager Group: Security/Testing +License: Apache-2.0 and BSL-1.0 BuildRequires: pkgconfig(libxml-2.0) Requires: boost-test Requires: key-manager = %{version}-%{release} @@ -107,6 +111,7 @@ Internal test for key-manager implementation. %package -n key-manager-pam-plugin Summary: CKM login/password module to PAM Group: Security/Libraries +License: Apache-2.0 BuildRequires: pam-devel Requires: key-manager = %{version}-%{release} Requires(post): %{sbin_dir}/ldconfig @@ -243,7 +248,6 @@ fi %files -n key-manager %manifest key-manager.manifest %license LICENSE -%license LICENSE.BSL-1.0 %license LICENSE.BSD-3-Clause %{bin_dir}/key-manager %{_unitdir}/multi-user.target.wants/central-key-manager.service @@ -274,10 +278,12 @@ fi %files -n key-manager-pam-plugin %manifest key-manager-pam-plugin.manifest +%license LICENSE %{_libdir}/security/pam_key_manager_plugin.so* %files -n libkey-manager-common %manifest libkey-manager-common.manifest +%license LICENSE %{_libdir}/libkey-manager-common.so.* %files -n libkey-manager-client @@ -288,6 +294,7 @@ fi %files -n libkey-manager-client-devel %manifest libkey-manager-client-devel.manifest +%license LICENSE %{_libdir}/libkey-manager-client.so %{_libdir}/libkey-manager-control-client.so %{_libdir}/libkey-manager-common.so @@ -309,6 +316,8 @@ fi %files -n key-manager-tests %manifest key-manager-tests.manifest +%license LICENSE +%license LICENSE.BSL-1.0 %{bin_dir}/ckm-tests-internal %{bin_dir}/ckm_so_loader %{bin_dir}/ckm_db_tool -- 2.7.4 From 83ef2aa9939319fc25537036dde2c651ca4c935f Mon Sep 17 00:00:00 2001 From: Tomasz Swierczek Date: Tue, 5 Sep 2017 08:01:02 +0200 Subject: [PATCH 07/16] setPermissions should succeed when called with empty permissions & no permissions exist Change-Id: Ibe94959942b300779adb1ab82bd794791b33630d Signed-off-by: Tomasz Swierczek --- src/manager/service/ckm-logic.cpp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 36f2ea7..5f13444 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -1794,12 +1794,6 @@ int CKMLogic::setPermissionHelper( if (!handler.database.isNameLabelPresent(name, ownerLabel)) return CKM_API_ERROR_DB_ALIAS_UNKNOWN; - // removing non-existing permissions: fail - if (permissionMask == Permission::NONE) { - if (!handler.database.getPermissionRow(name, ownerLabel, accessorLabel)) - return CKM_API_ERROR_INPUT_PARAM; - } - // set permissions to the row owned by ownerLabel for accessorLabel handler.database.setPermission(name, ownerLabel, accessorLabel, permissionMask); transaction.commit(); -- 2.7.4 From 43a85e015001f0958f1d345d6d101134b3ffa2e6 Mon Sep 17 00:00:00 2001 From: Dong Sun Lee Date: Mon, 18 Sep 2017 00:07:07 +0000 Subject: [PATCH 08/16] Revert "setPermissions should succeed when called with empty permissions & no permissions exist" This reverts commit 83ef2aa9939319fc25537036dde2c651ca4c935f. This should be applied since tizen 4.0 Change-Id: I1eb2aa2d32a93762e2521870815ff5d84873e532 --- src/manager/service/ckm-logic.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 5f13444..36f2ea7 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -1794,6 +1794,12 @@ int CKMLogic::setPermissionHelper( if (!handler.database.isNameLabelPresent(name, ownerLabel)) return CKM_API_ERROR_DB_ALIAS_UNKNOWN; + // removing non-existing permissions: fail + if (permissionMask == Permission::NONE) { + if (!handler.database.getPermissionRow(name, ownerLabel, accessorLabel)) + return CKM_API_ERROR_INPUT_PARAM; + } + // set permissions to the row owned by ownerLabel for accessorLabel handler.database.setPermission(name, ownerLabel, accessorLabel, permissionMask); transaction.commit(); -- 2.7.4 From 048f5ffc3828657c7d320d05e4f9c502acb922ad Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Wed, 20 Sep 2017 11:19:33 +0200 Subject: [PATCH 09/16] Prevent key-manager client crash Key-manager client crashed during pthread_cancel because try catch sections did not support stack unwind correctly. Change-Id: I7089160603394a11d94b437bb4f80cf19b632da0 (cherry picked from commit 3eb9315f621035b8ea237096506e77dfb232d842) --- src/manager/client/client-common.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/manager/client/client-common.cpp b/src/manager/client/client-common.cpp index d0c7a2f..7cb1108 100644 --- a/src/manager/client/client-common.cpp +++ b/src/manager/client/client-common.cpp @@ -27,6 +27,7 @@ #include #include #include +#include #include #include @@ -330,6 +331,9 @@ int try_catch(const std::function &func) LogError("CKM::MessageBuffer::Exception " << e.DumpToString()); } catch (const std::exception &e) { LogError("STD exception " << e.what()); + } catch (const abi::__forced_unwind &) { + LogDebug("abi::__forced_unwind caught. Thread cancelation."); + throw; } catch (...) { LogError("Unknown exception occured"); } @@ -347,6 +351,9 @@ int try_catch_enclosure(const std::function &func) } catch (const std::exception &e) { LogError("std exception occured: " << e.what()); return CKMC_ERROR_UNKNOWN; + } catch (const abi::__forced_unwind &) { + LogDebug("abi::__forced_unwind caught. Thread cancelation."); + throw; } catch (...) { LogError("Unknown exception occured."); return CKMC_ERROR_UNKNOWN; @@ -367,6 +374,9 @@ void try_catch_async(const std::function &func, } catch (const std::exception &e) { LogError("STD exception " << e.what()); error(CKM_API_ERROR_UNKNOWN); + } catch (const abi::__forced_unwind &) { + LogDebug("abi::__forced_unwind caught. Thread cancelation."); + throw; } catch (...) { LogError("Unknown exception occured"); error(CKM_API_ERROR_UNKNOWN); -- 2.7.4 From d3bc195f43cc4972bb4ab71b4529d3de0e4c3628 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Thu, 2 Nov 2017 14:40:12 +0100 Subject: [PATCH 10/16] OCSP implementation update Add support for OCSP responses that does not contain issuer certificate. Change-Id: I7fd5367c4c5f34c1d672fcf8506af6a2e9b9d2f7 --- src/manager/service/certificate-store.cpp | 8 ++++++-- src/manager/service/ocsp.cpp | 10 +++++++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/manager/service/certificate-store.cpp b/src/manager/service/certificate-store.cpp index f7ac84e..871b8a9 100644 --- a/src/manager/service/certificate-store.cpp +++ b/src/manager/service/certificate-store.cpp @@ -57,8 +57,8 @@ int CertificateStore::verifyCertificate( int ret; LogDebug("Certificate for verfication ptr: " << (void *)cert.getX509()); LogDebug("Verfication with " << untrustedVector.size() << - " untrusted certificates" << - trustedVector.size() << "trusted certificates" << + " untrusted certificates " << + trustedVector.size() << " trusted certificates" << " and system certificates set to: " << useTrustedSystemCertificates); @@ -108,6 +108,10 @@ int CertificateStore::verifyCertificate( int result = X509_verify_cert(csc.get()); // 1 == ok; 0 == fail; -1 == error LogDebug("Openssl verification result: " << result); + if (result == 0) { + int error = X509_STORE_CTX_get_error(csc.get()); + LogDebug("Verification error: " << X509_verify_cert_error_string(error)); + } if (result > 0) { STACK_OF(X509) *chain = X509_STORE_CTX_get_chain(csc.get()); diff --git a/src/manager/service/ocsp.cpp b/src/manager/service/ocsp.cpp index 25219fc..0b51bf5 100644 --- a/src/manager/service/ocsp.cpp +++ b/src/manager/service/ocsp.cpp @@ -310,7 +310,15 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, X509_STORE_add_cert(trustedStore, issuer); } - int response = OCSP_basic_verify(bs, NULL, trustedStore, 0); + // Additional certificates to search for signer. + // OCSP response may not contain issuer certificate in this case + // we must pass it by 'other' certificates. + X509_STACK_PTR verifyOther = create_x509_stack(); + sk_X509_push(verifyOther.get(), issuer); + + int response = OCSP_basic_verify(bs, verifyOther.get(), trustedStore, 0); + + verifyOther.reset(); if (response <= 0) { OCSP_REQUEST_free(req); -- 2.7.4 From 26779a29543a965c85638e6857fb55c3c2550625 Mon Sep 17 00:00:00 2001 From: Piotr Sawicki Date: Tue, 18 Apr 2017 11:42:01 +0200 Subject: [PATCH 11/16] Fix defects detected by SVACE Use a dedicated ckmc_cert_free() function to safely destroy ckmc_cert_s struct. Change-Id: Icd6ac4faef597d93e7b617c3e4e5dce8449baa92 --- src/manager/client-capi/ckmc-manager.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index 53a183e..9356a4e 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -114,6 +114,7 @@ ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector ret = ckmc_cert_list_add(plist, pcert, &plist); if (ret != CKMC_ERROR_NONE) { + ckmc_cert_free(pcert); ckmc_cert_list_all_free(start); return nullptr; } -- 2.7.4 From 9d8d0d2a5564aa54e260ef0a0c8e10a31039b64b Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 17 Jul 2017 14:59:06 +0200 Subject: [PATCH 12/16] Fix defects reported by SVACE Change-Id: Ia890a846836d2c7cf9657a889b304ec1e0171ead --- src/manager/client-capi/ckmc-manager.cpp | 27 +++++---- src/manager/client-capi/ckmc-type.cpp | 14 +++-- src/manager/dpl/core/include/dpl/exception.h | 67 ++++++++-------------- .../initial-values/initial-value-loader.cpp | 6 +- src/manager/main/generic-socket-manager.h | 1 + src/manager/main/socket-manager.cpp | 6 +- src/manager/service/file-lock.cpp | 2 +- 7 files changed, 60 insertions(+), 63 deletions(-) diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index 9356a4e..7eb4c9e 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -409,6 +409,10 @@ int ckmc_get_pkcs12(const char *alias, const char *key_password, int ret; CKM::PKCS12ShPtr pkcs; auto mgr = CKM::Manager::create(); + std::unique_ptr private_key_uptr( + NULL, ckmc_key_free); + std::unique_ptr cert_uptr( + NULL, ckmc_cert_free); if ((ret = mgr->getPKCS12(alias, _tostring(key_password), _tostring(cert_password), pkcs)) != CKM_API_SUCCESS) @@ -417,10 +421,10 @@ int ckmc_get_pkcs12(const char *alias, const char *key_password, if (!pkcs) return CKMC_ERROR_BAD_RESPONSE; - ckmc_key_s *private_key = nullptr; auto pkcsKey = pkcs->getKey(); if (pkcsKey) { + ckmc_key_s *private_key = nullptr; auto buffer = pkcsKey->getDER(); ckmc_key_type_e keyType = static_cast(pkcsKey->getType()); ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, nullptr, @@ -428,29 +432,32 @@ int ckmc_get_pkcs12(const char *alias, const char *key_password, if (ret != CKMC_ERROR_NONE) return ret; + + private_key_uptr.reset(private_key); } - ckmc_cert_s *cert = nullptr; auto pkcsCert = pkcs->getCertificate(); if (pkcsCert) { + ckmc_cert_s *cert = nullptr; CKM::RawBuffer buffer = pkcsCert->getDER(); ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert); if (ret != CKMC_ERROR_NONE) { - ckmc_key_free(private_key); return ret; } + cert_uptr.reset(cert); } - auto ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector()); - - ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12); + std::unique_ptr cert_list_uptr( + _toNewCkmCertList(pkcs->getCaCertificateShPtrVector()), + ckmc_cert_list_free); - if (ret != CKMC_ERROR_NONE) { - ckmc_key_free(private_key); - ckmc_cert_free(cert); - ckmc_cert_list_all_free(ca_cert_list); + ret = ckmc_pkcs12_new(private_key_uptr.get(), cert_uptr.get(), cert_list_uptr.get(), pkcs12); + if (ret == CKMC_ERROR_NONE) { + private_key_uptr.release(); + cert_uptr.release(); + cert_list_uptr.release(); } return ret; diff --git a/src/manager/client-capi/ckmc-type.cpp b/src/manager/client-capi/ckmc-type.cpp index 8ac6a2b..d7b212c 100644 --- a/src/manager/client-capi/ckmc-type.cpp +++ b/src/manager/client-capi/ckmc-type.cpp @@ -36,6 +36,7 @@ #include #include #include +#include namespace { @@ -119,16 +120,12 @@ int ckmc_key_new(unsigned char *raw_key, size_t key_size, pkey->key_type = key_type; if (password != NULL) { - pkey->password = reinterpret_cast(malloc(strlen(password) + 1)); - + pkey->password = strdup(password); if (pkey->password == NULL) { free(pkey->raw_key); free(pkey); return CKMC_ERROR_OUT_OF_MEMORY; } - - memset(pkey->password, 0, strlen(password) + 1); - strncpy(pkey->password, password, strlen(password)); } else { pkey->password = NULL; } @@ -241,7 +238,12 @@ int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert) X509 *pcert = NULL; if (!(pcert = d2i_X509_fp(fp, NULL))) { - fseek(fp, 0, SEEK_SET); + if (-1 == fseek(fp, 0, SEEK_SET)) { + LogError("fseek() failed: " << CKM::GetErrnoString(errno)); + fclose(fp); + return CKMC_ERROR_UNKNOWN; + } + pcert = PEM_read_X509(fp, NULL, NULL, NULL); } diff --git a/src/manager/dpl/core/include/dpl/exception.h b/src/manager/dpl/core/include/dpl/exception.h index 538076b..efaafee 100644 --- a/src/manager/dpl/core/include/dpl/exception.h +++ b/src/manager/dpl/core/include/dpl/exception.h @@ -29,6 +29,7 @@ #include #include #include +#include namespace CKM { COMMON_API void LogUnhandledException(const std::string &str); @@ -78,6 +79,25 @@ private: } } + void InternalDump(std::ostream& os) const + { + if (m_reason != NULL) + m_reason->InternalDump(os); + + const char *file = strchr(m_path.c_str(), '/'); + + if (file == NULL) + file = m_path.c_str(); + else + ++file; + + os << "\033[0;36m" << "[" << file << ":" << m_line << "]" << + "\033[m " << m_function << "() " << + "\033[4;35m" << m_className << + "\033[m: " << (m_message.empty() ? "" : m_message) << + "\033[m" << "\n"; + } + Exception *m_reason; std::string m_path; std::string m_function; @@ -200,53 +220,14 @@ public: void Dump() const { - // Show reason first - if (m_reason != NULL) - m_reason->Dump(); - - // Afterward, dump exception - const char *file = strchr(m_path.c_str(), '/'); - - if (file == NULL) - file = m_path.c_str(); - else - ++file; - - printf("\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n", - file, m_line, - m_function.c_str(), - m_className.c_str(), - m_message.empty() ? "" : m_message.c_str()); + InternalDump(std::cout); } std::string DumpToString() const { - std::string ret; - - if (m_reason != NULL) - ret = m_reason->DumpToString(); - - const char *file = strchr(m_path.c_str(), '/'); - - if (file == NULL) - file = m_path.c_str(); - else - ++file; - - char buf[1024]; - snprintf(buf, - sizeof(buf), - "\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n", - file, - m_line, - m_function.c_str(), - m_className.c_str(), - m_message.empty() ? "" : m_message.c_str()); - - buf[sizeof(buf) - 1] = '\n'; - ret += buf; - - return ret; + std::ostringstream oss; + InternalDump(oss); + return oss.str(); } Exception *GetReason() const diff --git a/src/manager/initial-values/initial-value-loader.cpp b/src/manager/initial-values/initial-value-loader.cpp index 4cdfb2d..d2c9408 100644 --- a/src/manager/initial-values/initial-value-loader.cpp +++ b/src/manager/initial-values/initial-value-loader.cpp @@ -21,9 +21,12 @@ */ #include +#include + #include #include #include +#include namespace { const char *const INIT_VALUES_XSD = RO_DATA_DIR "/initial_values.xsd"; @@ -64,7 +67,8 @@ void LoadFiles(CKMLogic &logic) rc); } - unlink(file.c_str()); + if (-1 == unlink(file.c_str())) + LogError("Unlink() failed for " << file << ":" << CKM::GetErrnoString(errno)); } } catch (...) { LogError("The implementation of exception handling in xml parser is broken!"); diff --git a/src/manager/main/generic-socket-manager.h b/src/manager/main/generic-socket-manager.h index bc06bac..90c9156 100644 --- a/src/manager/main/generic-socket-manager.h +++ b/src/manager/main/generic-socket-manager.h @@ -137,6 +137,7 @@ protected: struct GenericSocketManager { virtual void MainLoop() = 0; + virtual void MainLoopStop() = 0; virtual void RegisterSocketService(GenericSocketService *ptr) = 0; virtual void CynaraSocket(int oldFd, int newFd, bool isRW) = 0; virtual void Close(ConnectionID connectionID) = 0; diff --git a/src/manager/main/socket-manager.cpp b/src/manager/main/socket-manager.cpp index 6a4a45d..ee5a0bf 100644 --- a/src/manager/main/socket-manager.cpp +++ b/src/manager/main/socket-manager.cpp @@ -131,7 +131,7 @@ struct SignalService : public GenericSocketService { if (siginfo->ssi_signo == SIGTERM) { LogInfo("Got signal: SIGTERM"); - dynamic_cast(m_serviceManager)->MainLoopStop(); + m_serviceManager->MainLoopStop(); return; } @@ -589,7 +589,9 @@ int SocketManager::CreateDomainSocketHelp( serverAddress.sun_family = AF_UNIX; strncpy(serverAddress.sun_path, desc.serviceHandlerPath.c_str(), sizeof(serverAddress.sun_path) - 1); - unlink(serverAddress.sun_path); + if (-1 == unlink(serverAddress.sun_path)) + LogError("Unlink failed for " << serverAddress.sun_path << ": " << + CKM::GetErrnoString(errno)); mode_t originalUmask; originalUmask = umask(0); diff --git a/src/manager/service/file-lock.cpp b/src/manager/service/file-lock.cpp index e7e4032..48ee743 100644 --- a/src/manager/service/file-lock.cpp +++ b/src/manager/service/file-lock.cpp @@ -50,7 +50,7 @@ std::runtime_error io_exception(const Args &... args) FileLock::FileLock(const char *const file) { // Open lock file - m_lockFd = TEMP_FAILURE_RETRY(creat(file, 0644)); + m_lockFd = TEMP_FAILURE_RETRY(creat(file, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)); if (m_lockFd == -1) throw io_exception("Cannot open lock file. Errno: ", GetErrnoString()); -- 2.7.4 From b5096132b2b5aac5f654cb7a06e6bd5cb044e7dc Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 4 Jul 2017 11:00:05 +0200 Subject: [PATCH 13/16] Detect invalid rsa padding parameter Return proper error in case of wrong RSA padding parameter. Add more detailed description of valid parameter combinations. Change-Id: I100f0b900566dbb17bd66c62fabe278baf83c1ff --- src/include/ckmc/ckmc-manager.h | 8 ++++++-- src/manager/crypto/sw-backend/internals.cpp | 8 ++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index 1ed88bf..7cc2d9a 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -532,7 +532,9 @@ int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_po * @param[in] message The message that is signed with a private key * @param[in] hash The hash algorithm used in creating signature * @param[in] padding The RSA padding algorithm used in creating signature \n - * It is used only when the signature algorithm is RSA + * It is used only when the signature algorithm is RSA. If + * @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE + * and the message must be equal to key length * @param[out] ppsignature The pointer to a newly created signature \n * If an error occurs, @a *ppsignature will be null * @return @c 0 on success, @@ -566,7 +568,9 @@ int ckmc_create_signature(const char *private_key_alias, const char *password, c * @param[in] signature The signature that is verified with public key * @param[in] hash The hash algorithm used in verifying signature * @param[in] padding The RSA padding algorithm used in verifying signature \n - * It is used only when the signature algorithm is RSA + * It is used only when the signature algorithm is RSA. If + * @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE + * and the message must be equal to key length * @return @c 0 on success and the signature is valid, * otherwise a negative error value * @retval #CKMC_ERROR_NONE Successful diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp index 91a61fe..f37d2ef 100644 --- a/src/manager/crypto/sw-backend/internals.cpp +++ b/src/manager/crypto/sw-backend/internals.cpp @@ -839,7 +839,7 @@ RawBuffer signMessage(EVP_PKEY *privKey, /* Set padding algorithm */ if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); /* Finalize the Sign operation */ @@ -888,7 +888,7 @@ RawBuffer digestSignMessage(EVP_PKEY *privKey, /* Set padding algorithm */ if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); /* Call update with the message */ @@ -973,7 +973,7 @@ int verifyMessage(EVP_PKEY *pubKey, /* Set padding algorithm */ if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); if (EVP_SUCCESS == EVP_PKEY_verify(pctx.get(), signature.data(), @@ -1003,7 +1003,7 @@ int digestVerifyMessage(EVP_PKEY *pubKey, if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); if (EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx.get(), message.data(), -- 2.7.4 From 11e039c51bb16e04ced894813a56946bff58c9ac Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Tue, 17 Oct 2017 16:47:59 +0200 Subject: [PATCH 14/16] Support for http proxy during ocsp check Change-Id: I4966c6dc08411491b419809be402ac8808027478 --- packaging/key-manager.spec | 1 + src/CMakeLists.txt | 1 + src/manager/service/ocsp.cpp | 73 +++++++++++++++++++++++++------------------- 3 files changed, 43 insertions(+), 32 deletions(-) diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index b229120..e037f12 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -29,6 +29,7 @@ BuildRequires: pkgconfig(cynara-creds-socket) BuildRequires: pkgconfig(libtzplatform-config) BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(pkgmgr) +BuildRequires: pkgconfig(vconf) %if 0%{?watchdog_enabled} BuildRequires: pkgconfig(argos_watchdog) %endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index a784d15..d4dfddb 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -19,6 +19,7 @@ PKG_CHECK_MODULES(KEY_MANAGER_DEP cynara-client-async cynara-creds-socket pkgmgr + vconf ${EXTRA_KM_DEPS} ) FIND_PACKAGE(Threads REQUIRED) diff --git a/src/manager/service/ocsp.cpp b/src/manager/service/ocsp.cpp index 0b51bf5..dcccf2a 100644 --- a/src/manager/service/ocsp.cpp +++ b/src/manager/service/ocsp.cpp @@ -32,6 +32,7 @@ #include #include #include +#include /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) @@ -134,7 +135,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, OCSP_CERTID *certid = NULL; BIO *cbio = NULL; SSL_CTX *use_ssl_ctx = NULL; - char *host = NULL, *port = NULL, *path = NULL; + std::string host, port, path; ASN1_GENERALIZEDTIME *rev = NULL; ASN1_GENERALIZEDTIME *thisupd = NULL; ASN1_GENERALIZEDTIME *nextupd = NULL; @@ -151,16 +152,48 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, std::vector url(constUrl.begin(), constUrl.end()); url.push_back(0); - if (!OCSP_parse_url(url.data(), &host, &port, &path, &use_ssl)) - /* report error */ - return CKM_API_OCSP_STATUS_INVALID_URL; + { + char *chost = NULL, *cport = NULL, *cpath = NULL; + + if (!OCSP_parse_url(url.data(), &chost, &cport, &cpath, &use_ssl)) + /* report error */ + return CKM_API_OCSP_STATUS_INVALID_URL; + + if (chost) host = chost; + if (cport) port = cport; + if (cpath) path = cpath; + + OPENSSL_free(chost); + OPENSSL_free(cport); + OPENSSL_free(cpath); + } LogDebug("Host: " << host); LogDebug("Port: " << port); LogDebug("Path: " << path); LogDebug("Use_ssl: " << use_ssl); - cbio = BIO_new_connect(host); + std::unique_ptr proxy(vconf_get_str(VCONFKEY_NETWORK_PROXY), free); + + if (proxy && strlen(proxy.get()) > 0) { + char *phost = NULL, *pport = NULL, *ppath = NULL; + + LogDebug("Using proxy: " << proxy.get()); + + if (!OCSP_parse_url(proxy.get(), &phost, &pport, &ppath, &use_ssl)) { + return CKM_API_OCSP_STATUS_INVALID_URL; + } + + path = url.data(); + if (phost) host = phost; + if (pport) port = pport; + + OPENSSL_free(phost); + OPENSSL_free(pport); + OPENSSL_free(ppath); + } + + cbio = BIO_new_connect(host.c_str()); if (cbio == NULL) { /*BIO_printf(bio_err, "Error creating connect BIO\n");*/ @@ -168,8 +201,8 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, return CKM_API_OCSP_STATUS_INTERNAL_ERROR; } - if (port != NULL) - BIO_set_conn_port(cbio, port); + if (!port.empty()) + BIO_set_conn_port(cbio, port.c_str()); if (use_ssl == 1) { BIO *sbio = NULL; @@ -201,18 +234,6 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, ERR_print_errors(bioLogger.get()); /* report error */ - /* free stuff */ - if (host != NULL) - OPENSSL_free(host); - - if (port != NULL) - OPENSSL_free(port); - - if (path != NULL) - OPENSSL_free(path); - - host = port = path = NULL; - if (use_ssl && use_ssl_ctx) SSL_CTX_free(use_ssl_ctx); @@ -245,19 +266,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, return CKM_API_OCSP_STATUS_INTERNAL_ERROR; } - resp = OCSP_sendreq_bio(cbio, path, req); - - /* free some stuff we no longer need */ - if (host != NULL) - OPENSSL_free(host); - - if (port != NULL) - OPENSSL_free(port); - - if (path != NULL) - OPENSSL_free(path); - - host = port = path = NULL; + resp = OCSP_sendreq_bio(cbio, path.c_str(), req); if (use_ssl && use_ssl_ctx) SSL_CTX_free(use_ssl_ctx); -- 2.7.4 From c3fda7d2adb1d0ebee9118826fd6ccb1fb9e6d67 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Thu, 9 Nov 2017 14:21:13 +0100 Subject: [PATCH 15/16] Add host parameter in HTTP header Change-Id: Iacd8d8e244df289af8c4ab0fe87a26fcb91b5644 --- src/manager/service/ocsp.cpp | 62 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 59 insertions(+), 3 deletions(-) diff --git a/src/manager/service/ocsp.cpp b/src/manager/service/ocsp.cpp index dcccf2a..acbf9d3 100644 --- a/src/manager/service/ocsp.cpp +++ b/src/manager/service/ocsp.cpp @@ -37,6 +37,9 @@ /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) +/* Timeout in seconds for ocsp response */ +#define OCSP_TIMEOUT 30 + namespace CKM { namespace { @@ -151,6 +154,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, std::vector url(constUrl.begin(), constUrl.end()); url.push_back(0); + std::string headerHost; { char *chost = NULL, *cport = NULL, *cpath = NULL; @@ -159,7 +163,10 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, /* report error */ return CKM_API_OCSP_STATUS_INVALID_URL; - if (chost) host = chost; + if (chost) { + host = chost; + headerHost = chost; + } if (cport) port = cport; if (cpath) path = cpath; @@ -198,6 +205,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, if (cbio == NULL) { /*BIO_printf(bio_err, "Error creating connect BIO\n");*/ /* report error */ + LogError("Connection to ocsp host failed: " << host); return CKM_API_OCSP_STATUS_INTERNAL_ERROR; } @@ -266,7 +274,56 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, return CKM_API_OCSP_STATUS_INTERNAL_ERROR; } - resp = OCSP_sendreq_bio(cbio, path.c_str(), req); + std::unique_ptr ctx(OCSP_sendreq_new(cbio, path.c_str(), NULL, -1), OCSP_REQ_CTX_free); + if (!ctx) { + LogError("Error creating OCSP_REQ_CTX"); + return CKM_API_OCSP_STATUS_INTERNAL_ERROR; + } + + if (!OCSP_REQ_CTX_add1_header(ctx.get(), "host", headerHost.c_str())) { + LogError("Error adding header"); + return CKM_API_OCSP_STATUS_INTERNAL_ERROR; + } + + if (!OCSP_REQ_CTX_set1_req(ctx.get(), req)) { + LogError("Error setting ocsp request"); + return CKM_API_OCSP_STATUS_INTERNAL_ERROR; + } + + int fd; + if (BIO_get_fd(cbio, &fd) < 0) { + LogError("Error extracting fd from bio"); + return CKM_API_OCSP_STATUS_INTERNAL_ERROR; + } + + for (;;) { + fd_set confds; + int req_timeout = OCSP_TIMEOUT; + struct timeval tv; + int rv = OCSP_sendreq_nbio(&resp, ctx.get()); + if (rv != -1) + break; + FD_ZERO(&confds); + FD_SET(fd, &confds); + tv.tv_usec = 0; + tv.tv_sec = req_timeout; + if (BIO_should_read(cbio)) { + rv = select(fd + 1, &confds, NULL, NULL, &tv); + } else if (BIO_should_write(cbio)) { + rv = select(fd + 1, NULL, &confds, NULL, &tv); + } else { + LogError("Unexpected retry condition\n"); + return CKM_API_OCSP_STATUS_INTERNAL_ERROR; + } + if (rv == 0) { + LogError("Timeout on request\n"); + break; + } + if (rv == -1) { + LogError("Select error\n"); + break; + } + } if (use_ssl && use_ssl_ctx) SSL_CTX_free(use_ssl_ctx); @@ -370,7 +427,6 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, return CKM_API_OCSP_STATUS_INVALID_RESPONSE; } - /* Check validity: if invalid write to output BIO so we * know which response this refers to. */ -- 2.7.4 From c5b282e7a302dd2aef39abea8d0bc129d1941c03 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Fri, 10 Nov 2017 13:53:17 +0100 Subject: [PATCH 16/16] Fix SVACE defects - Initialize required members in default Row ctor - Remove unused Row objects - Refactor string memcpy'ing so that SVACE stops complaining - Fix memory leak in DescriptorSet Change-Id: I8a22a3c5388b0c17b6f44ebaf89d32e9065526dd --- src/manager/client-async/descriptor-set.cpp | 3 +++ src/manager/service/ckm-logic.cpp | 20 +++++-------------- src/manager/service/db-row.h | 7 ++++++- src/manager/service/key-provider.cpp | 30 +++++++---------------------- 4 files changed, 21 insertions(+), 39 deletions(-) diff --git a/src/manager/client-async/descriptor-set.cpp b/src/manager/client-async/descriptor-set.cpp index 83442b2..fdee29d 100644 --- a/src/manager/client-async/descriptor-set.cpp +++ b/src/manager/client-async/descriptor-set.cpp @@ -34,6 +34,8 @@ DescriptorSet::DescriptorSet() : m_dirty(true), m_fds(NULL) DescriptorSet::~DescriptorSet() { purge(); + + delete[] m_fds; } void DescriptorSet::purge() @@ -42,6 +44,7 @@ void DescriptorSet::purge() close(it.first); m_descriptors.clear(); + m_dirty = true; } void DescriptorSet::add(int fd, short events, Callback &&callback) diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 36f2ea7..c1b02c2 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -487,8 +487,6 @@ int CKMLogic::getKeyForService( const Password &pass, Crypto::GObjShPtr &key) { - DB::Row row; - try { // Key is for internal service use. It won't be exported to the client Crypto::GObjUPtr obj; @@ -946,7 +944,7 @@ RawBuffer CKMLogic::getData( const Password &password) { int retCode = CKM_API_SUCCESS; - DB::Row row; + RawBuffer rowData; DataType objDataType; try { @@ -955,7 +953,7 @@ RawBuffer CKMLogic::getData( objDataType); if (retCode == CKM_API_SUCCESS) - row.data = std::move(obj->getBinary()); + rowData = obj->getBinary(); } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { @@ -963,16 +961,14 @@ RawBuffer CKMLogic::getData( retCode = CKM_API_ERROR_SERVER_ERROR; } - if (CKM_API_SUCCESS != retCode) { - row.data.clear(); - row.dataType = dataType; - } + if (CKM_API_SUCCESS != retCode) + rowData.clear(); auto response = MessageBuffer::Serialize(static_cast(LogicCommand::GET), commandId, retCode, static_cast(objDataType), - row.data); + rowData); return response.Pop(); } @@ -1470,8 +1466,6 @@ int CKMLogic::readCertificateHelper( const LabelNameVector &labelNameVector, CertificateImplVector &certVector) { - DB::Row row; - for (auto &i : labelNameVector) { // certificates can't be protected with custom user password Crypto::GObjUPtr obj; @@ -1569,7 +1563,6 @@ int CKMLogic::getCertificateChainHelper( CertificateImplVector untrustedCertVector; CertificateImplVector trustedCertVector; CertificateImplVector chainVector; - DB::Row row; if (cert.empty()) return CKM_API_ERROR_INPUT_PARAM; @@ -1681,7 +1674,6 @@ RawBuffer CKMLogic::createSignature( const RawBuffer &message, const CryptoAlgorithm &cryptoAlg) { - DB::Row row; RawBuffer signature; int retCode = CKM_API_SUCCESS; @@ -1724,8 +1716,6 @@ RawBuffer CKMLogic::verifySignature( int retCode = CKM_API_ERROR_VERIFICATION_FAILED; try { - DB::Row row; - // try certificate first - looking for a public key. // in case of PKCS, pub key from certificate will be found first // rather than private key from the same PKCS. diff --git a/src/manager/service/db-row.h b/src/manager/service/db-row.h index 97edfab..45e079a 100644 --- a/src/manager/service/db-row.h +++ b/src/manager/service/db-row.h @@ -30,7 +30,12 @@ namespace CKM { namespace DB { struct Row : public Token { - Row() = default; + Row() : + Token(), + exportable(0), + algorithmType(DBCMAlgType::NONE), + encryptionScheme(0), + dataSize(0) {} Row(Token token, const Name &pName, const Label &pLabel, int pExportable) : Token(std::move(token)), diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp index 4ca4f03..60cce23 100644 --- a/src/manager/service/key-provider.cpp +++ b/src/manager/service/key-provider.cpp @@ -602,29 +602,13 @@ int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext, char *KeyProvider::concat_password_user(const char *user, const char *password) { - char *concat_user_pass = NULL; - char *resized_user = NULL; - int concat_user_pass_len = 0; - - if (strlen(user) > MAX_LABEL_SIZE - 1) { - resized_user = new char[MAX_LABEL_SIZE]; - memcpy(resized_user, user, MAX_LABEL_SIZE - 1); - resized_user[MAX_LABEL_SIZE - 1] = '\0'; - } else { - resized_user = new char[strlen(user) + 1]; - memcpy(resized_user, user, strlen(user)); - resized_user[strlen(user)] = '\0'; - } - - concat_user_pass_len = strlen(resized_user) + strlen(password) + 1; - concat_user_pass = new char[concat_user_pass_len]; + std::string result(password); + result += user; - memset(concat_user_pass, '\0', concat_user_pass_len); - memcpy(concat_user_pass, password, strlen(password)); - memcpy(&(concat_user_pass[strlen(password)]), resized_user, - strlen(resized_user)); - concat_user_pass[strlen(resized_user) + strlen(password)] = '\0'; + if (strlen(user) > MAX_LABEL_SIZE - 1) + result.resize(strlen(password) + MAX_LABEL_SIZE - 1); - delete[] resized_user; - return concat_user_pass; + char *ret = new char[result.size() + 1]; + memcpy(ret, result.c_str(), result.size() + 1); + return ret; } -- 2.7.4