2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
27 #include <ckm/ckm-certificate.h>
28 #include <ckm/ckm-error.h>
29 #include <ckm/ckm-key.h>
30 #include <ckm/ckm-pkcs12.h>
31 #include <ckm/ckm-type.h>
33 // Central Key Manager namespace
37 typedef std::shared_ptr<Manager> ManagerShPtr;
39 class KEY_MANAGER_API Manager {
43 virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0;
44 virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0;
45 virtual int savePKCS12(
47 const PKCS12ShPtr &pkcs,
48 const Policy &keyPolicy,
49 const Policy &certPolicy) = 0;
52 * Data must be extractable. If you set extractable bit to false function will
53 * return ERROR_INPUT_PARAM.
55 virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0;
57 virtual int removeAlias(const Alias &alias) = 0;
59 virtual int getKey(const Alias &alias, const Password &password, KeyShPtr &key) = 0;
60 virtual int getCertificate(
62 const Password &password,
63 CertificateShPtr &certificate) = 0;
64 virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0;
65 virtual int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) = 0;
66 virtual int getPKCS12(
68 const Password &keyPass,
69 const Password &certPass,
70 PKCS12ShPtr &pkcs) = 0;
72 // send request for list of all keys/certificates/data that application/user may use
73 virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
74 virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0;
75 virtual int getDataAliasVector(AliasVector &aliasVector) = 0;
77 virtual int createKeyPairRSA(
78 const int size, // size in bits [1024, 2048, 4096]
79 const Alias &privateKeyAlias,
80 const Alias &publicKeyAlias,
81 const Policy &policyPrivateKey = Policy(),
82 const Policy &policyPublicKey = Policy()) = 0;
84 virtual int createKeyPairDSA(
85 const int size, // size in bits [1024, 2048, 3072, 4096]
86 const Alias &privateKeyAlias,
87 const Alias &publicKeyAlias,
88 const Policy &policyPrivateKey = Policy(),
89 const Policy &policyPublicKey = Policy()) = 0;
91 virtual int createKeyPairECDSA(
92 const ElipticCurve type,
93 const Alias &privateKeyAlias,
94 const Alias &publicKeyAlias,
95 const Policy &policyPrivateKey = Policy(),
96 const Policy &policyPublicKey = Policy()) = 0;
98 virtual int getCertificateChain(
99 const CertificateShPtr &certificate,
100 const CertificateShPtrVector &untrustedCertificates,
101 const CertificateShPtrVector &trustedCertificates,
102 bool useTrustedSystemCertificates,
103 CertificateShPtrVector &certificateChainVector) = 0;
105 virtual int getCertificateChain(
106 const CertificateShPtr &certificate,
107 const AliasVector &untrustedCertificates,
108 const AliasVector &trustedCertificates,
109 bool useTrustedSystemCertificates,
110 CertificateShPtrVector &certificateChainVector) = 0;
112 virtual int createSignature(
113 const Alias &privateKeyAlias,
114 const Password &password, // password for private_key
115 const RawBuffer &message,
116 const HashAlgorithm hash,
117 const RSAPaddingAlgorithm padding,
118 RawBuffer &signature) = 0;
120 virtual int verifySignature(
121 const Alias &publicKeyOrCertAlias,
122 const Password &password, // password for public_key (optional)
123 const RawBuffer &message,
124 const RawBuffer &signature,
125 const HashAlgorithm hash,
126 const RSAPaddingAlgorithm padding) = 0;
128 // This function will check all certificates in chain except Root CA.
129 // This function will delegate task to service. You may use this even
130 // if application does not have permission to use network.
131 virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
133 virtual int setPermission(const Alias &alias, const Label &accessor, PermissionMask permissionMask) = 0;
136 static ManagerShPtr create();
137 // static ManagerShPtr getManager(int uid); // TODO