2 * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys,
20 * certificates and data of a user and additional crypto functions.
24 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
25 #define __TIZEN_CORE_CKMC_MANAGER_H
28 #include <sys/types.h>
30 #include <ckmc/ckmc-type.h>
31 #include <ckmc/ckmc-error.h>
38 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
44 * @brief Stores a key inside key manager based on the provided policy.
47 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
49 * @remarks Currently API supports seven types of keys. These are RSA public/private key,
50 * DSA public/private key, ECDSA public/private key and AES symmetric key.
51 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside
52 * key manager during storing keys.
53 * @remarks Some private key files are protected by a password. If raw_key in key read from those
54 * encrypted files is encrypted with a password, the password should be provided in the
55 * #ckmc_key_s structure.
56 * @remarks If password in policy is provided, the key is additionally encrypted with the password
59 * @param[in] alias The name of a key to be stored
60 * @param[in] key The key's binary value to be stored
61 * @param[in] policy The policy about how to store a key securely
63 * @return @c 0 on success,
64 * otherwise a negative error value
66 * @retval #CKMC_ERROR_NONE Successful
67 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
68 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
70 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
71 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
72 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
73 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
75 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
77 * @see ckmc_remove_alias()
79 * @see ckmc_get_key_alias_list()
83 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
86 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
87 * @brief Removes a key from key manager.
90 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
92 * @remarks To remove key, client must have remove permission to the specified key.
93 * @remarks The key owner can remove by default.
95 * @param[in] alias The name of a key to be removed
97 * @return @c 0 on success,
98 * otherwise a negative error value
100 * @retval #CKMC_ERROR_NONE Successful
101 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
102 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
104 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
105 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
106 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
108 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
110 * @see ckmc_save_key()
111 * @see ckmc_get_key()
112 * @see ckmc_get_key_alias_list()
114 int ckmc_remove_key(const char *alias);
117 * @brief Gets a key from key manager.
120 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
122 * @remarks A client can access only data stored by the client.
123 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no
126 * @param[in] alias The name of a key to retrieve
127 * @param[in] password The password used in decrypting a key value \n
128 * If password of policy is provided in ckmc_save_key(), the same password
129 * should be provided.
130 * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
132 * @return @c 0 on success,
133 * otherwise a negative error value
135 * @retval #CKMC_ERROR_NONE Successful
136 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
137 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
139 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
140 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
141 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
142 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
143 * Decryption failed because password is incorrect.
145 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
147 * @see ckmc_save_key()
148 * @see ckmc_remove_alias()
149 * @see ckmc_get_key_alias_list()
151 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
154 * @brief Gets all the alias of keys that the client can access.
157 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
159 * @remarks A client can access only data stored by the client.
160 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
161 * if it is no longer needed.
163 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
164 * available alias of keys \n
165 * If there is no available key alias, *ppalias_list will be null.
167 * @return @c 0 on success,
168 * otherwise a negative error value
170 * @retval #CKMC_ERROR_NONE Successful
171 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
172 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
174 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
175 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
176 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
178 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
180 * @see ckmc_save_key()
181 * @see ckmc_remove_alias()
182 * @see ckmc_get_key()
184 int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
190 * @brief Stores a certificate inside key manager based on the provided policy.
193 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
195 * @remarks the certificate's binary value will be converted and saved as binary DER encoded
198 * @param[in] alias The name of a certificate to be stored
199 * @param[in] cert The certificate's binary value to be stored
200 * @param[in] policy The policy about how to store a certificate securely
202 * @return @c 0 on success,
203 * otherwise a negative error value
205 * @retval #CKMC_ERROR_NONE Successful
206 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
207 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
209 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
210 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
211 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
212 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
214 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
216 * @see ckmc_remove_alias()
217 * @see ckmc_get_cert()
218 * @see ckmc_get_cert_alias_list()
220 * @see #ckmc_policy_s
222 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
225 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
226 * @brief Removes a certificate from key manager.
229 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
231 * @remarks To remove certificate, client must have remove permission to the specified certificate.
232 * @remarks The key owner can remove by default.
234 * @param[in] alias The name of a certificate to be removed
236 * @return @c 0 on success,
237 * otherwise a negative error value
239 * @retval #CKMC_ERROR_NONE Successful
240 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
241 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
243 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
244 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
245 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
247 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
249 * @see ckmc_save_cert()
250 * @see ckmc_get_cert()
251 * @see ckmc_get_cert_alias_list()
253 int ckmc_remove_cert(const char *alias);
256 * @brief Gets a certificate from key manager.
259 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
261 * @remarks A client can access only certificate stored by the client.
262 * @remarks A DER encoded certificate will be returned as a return value.
263 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no
266 * @param[in] alias The name of a certificate to retrieve
267 * @param[in] password The password used in decrypting a certificate value \n
268 * If password of policy is provided in ckmc_save_cert(), the same password
269 * should be provided.
270 * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
272 * @return @c 0 on success,
273 * otherwise a negative error value
275 * @retval #CKMC_ERROR_NONE Successful
276 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
277 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
279 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
280 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
281 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
282 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
283 * Decryption failed because password is incorrect.
285 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
287 * @see ckmc_save_cert()
288 * @see ckmc_remove_alias()
289 * @see ckmc_get_cert_alias_list()
291 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
294 * @brief Gets all alias of certificates which the client can access.
297 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
299 * @remarks A client can access only data stored by the client.
300 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
301 * if it is no longer needed.
303 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
304 * available alias of keys \n
305 * If there is no available key alias, *ppalias_list will be null.
307 * @return @c 0 on success,
308 * otherwise a negative error value
310 * @retval #CKMC_ERROR_NONE Successful
311 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
312 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
314 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
315 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
316 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
318 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
320 * @see ckmc_save_cert()
321 * @see ckmc_remove_alias()
322 * @see ckmc_get_cert()
324 int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
330 * @brief Stores PKCS12's contents inside key manager based on the provided policies.
331 * All items from the PKCS12 will use the same alias.
334 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
336 * @param[in] alias The name of a data to be stored
337 * @param[in] pkcs Pointer to the pkcs12 structure to be saved
338 * @param[in] key_policy The policy about how to store pkcs's private key
339 * @param[in] cert_policy The policy about how to store pkcs's certificate
341 * @return @c 0 on success,
342 * otherwise a negative error value
344 * @retval #CKMC_ERROR_NONE Successful
345 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
346 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
348 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
349 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
350 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
352 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
354 * @see ckmc_remove_alias()
355 * @see ckmc_get_pkcs12()
356 * @see ckmc_get_data_alias_list()
357 * @see ckmc_pkcs12_load()
358 * @see #ckmc_pkcs12_s
359 * @see #ckmc_policy_s
361 int ckmc_save_pkcs12(const char *alias,
362 const ckmc_pkcs12_s *pkcs,
363 const ckmc_policy_s key_policy,
364 const ckmc_policy_s cert_policy);
367 * @brief Gets a pkcs12 from key manager.
370 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
372 * @remarks A client can access only data stored by the client.
373 * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
376 * @param[in] alias The name of a data to retrieve
377 * @param[in] key_password Password that was used to encrypt privateKey (may be NULL)
378 * @param[in] cert_password Password used to encrypt certificates (may be NULL)
379 * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
381 * @return @c 0 on success,
382 * otherwise a negative error value
384 * @retval #CKMC_ERROR_NONE Successful
385 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
386 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
388 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
389 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
390 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
391 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
392 * key_password or cert_password does not match with password
393 * used to encrypt data
395 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
397 * @see ckmc_save_pkcs12()
398 * @see ckmc_remove_alias()
400 int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12);
403 * @brief Stores a data inside key manager based on the provided policy.
406 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
408 * @param[in] alias The name of a data to be stored
409 * @param[in] data The binary value to be stored
410 * @param[in] policy The policy about how to store a data securely
412 * @return @c 0 on success,
413 * otherwise a negative error value
415 * @retval #CKMC_ERROR_NONE Successful
416 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
417 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
419 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
420 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
421 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
423 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
425 * @see ckmc_remove_alias()
426 * @see ckmc_get_data()
427 * @see ckmc_get_data_alias_list()
428 * @see #ckmc_raw_buffer_s
429 * @see #ckmc_policy_s
431 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
434 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
435 * @brief Removes a data from key manager.
438 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
440 * @remarks To remove data, client must have remove permission to the specified data object.
441 * @remarks The data owner can remove by default.
443 * @param[in] alias The name of a data to be removed
445 * @return @c 0 on success,
446 * otherwise a negative error value
448 * @retval #CKMC_ERROR_NONE Successful
449 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
450 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
452 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
453 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
454 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
456 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
458 * @see ckmc_save_data()
459 * @see ckmc_get_data()
460 * @see ckmc_get_data_alias_list()
462 int ckmc_remove_data(const char *alias);
465 * @brief Gets a data from key manager.
468 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
470 * @remarks A client can access only data stored by the client.
471 * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no
474 * @param[in] alias The name of a data to retrieve
475 * @param[in] password The password used in decrypting a data value \n
476 * If password of policy is provided in ckmc_save_data(), the same password
477 * should be provided.
478 * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
480 * @return @c 0 on success,
481 * otherwise a negative error value
483 * @retval #CKMC_ERROR_NONE Successful
484 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
485 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
487 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
488 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
489 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
490 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
491 * Decryption failed because password is incorrect.
492 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
494 * @see ckmc_save_data()
495 * @see ckmc_remove_alias()
496 * @see ckmc_get_data_alias_list()
498 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
501 * @brief Gets all alias of data which the client can access.
504 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
506 * @remarks A client can access only data stored by the client.
507 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
508 * if it is no longer needed.
510 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
511 * available alias of keys \n
512 * If there is no available key alias, *ppalias_list will be null.
514 * @return @c 0 on success,
515 * otherwise a negative error value
517 * @retval #CKMC_ERROR_NONE Successful
518 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
519 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
521 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
522 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
523 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
525 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
527 * @see ckmc_save_data()
528 * @see ckmc_remove_alias()
529 * @see ckmc_get_data()
531 int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
537 * @brief Creates RSA private/public key pair and stores them inside key manager based on each
541 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
543 * @remarks If password in policy is provided, the key is additionally encrypted with the password
546 * @param[in] size The size of key strength to be created \n
547 * @c 1024, @c 2048, and @c 4096 are supported.
548 * @param[in] private_key_alias The name of private key to be stored
549 * @param[in] public_key_alias The name of public key to be stored
550 * @param[in] policy_private_key The policy about how to store a private key securely
551 * @param[in] policy_public_key The policy about how to store a public key securely
553 * @return @c 0 on success,
554 * otherwise a negative error value
556 * @retval #CKMC_ERROR_NONE Successful
557 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
558 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
560 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
561 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
562 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
564 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
566 * @see ckmc_create_key_pair_dsa()
567 * @see ckmc_create_key_pair_ecdsa()
568 * @see ckmc_create_signature()
569 * @see ckmc_verify_signature()
571 int ckmc_create_key_pair_rsa(const size_t size,
572 const char *private_key_alias,
573 const char *public_key_alias,
574 const ckmc_policy_s policy_private_key,
575 const ckmc_policy_s policy_public_key);
578 * @brief Creates DSA private/public key pair and stores them inside key manager based on each
582 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
584 * @remarks If password in policy is provided, the key is additionally encrypted with the password
587 * @param[in] size The size of key strength to be created \n
588 * @c 1024, @c 2048, @c 3072 and @c 4096 are supported.
589 * @param[in] private_key_alias The name of private key to be stored
590 * @param[in] public_key_alias The name of public key to be stored
591 * @param[in] policy_private_key The policy about how to store a private key securely
592 * @param[in] policy_public_key The policy about how to store a public key securely
594 * @return @c 0 on success,
595 * otherwise a negative error value
597 * @retval #CKMC_ERROR_NONE Successful
598 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
599 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
601 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
602 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
603 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
605 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
607 * @see ckmc_create_key_pair_rsa()
608 * @see ckmc_create_key_pair_ecdsa()
609 * @see ckmc_create_signature()
610 * @see ckmc_verify_signature()
612 int ckmc_create_key_pair_dsa(const size_t size,
613 const char *private_key_alias,
614 const char *public_key_alias,
615 const ckmc_policy_s policy_private_key,
616 const ckmc_policy_s policy_public_key);
619 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
623 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
625 * @remarks If password in policy is provided, the key is additionally encrypted with the password
628 * @param[in] type The type of elliptic curve of ECDSA
629 * @param[in] private_key_alias The name of private key to be stored
630 * @param[in] public_key_alias The name of public key to be stored
631 * @param[in] policy_private_key The policy about how to store a private key securely
632 * @param[in] policy_public_key The policy about how to store a public key securely
634 * @return @c 0 on success,
635 * otherwise a negative error value
637 * @retval #CKMC_ERROR_NONE Successful
638 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
639 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
641 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
642 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
643 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
645 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
647 * @see ckmc_create_key_pair_rsa()
648 * @see ckmc_create_key_pair_dsa()
649 * @see ckmc_create_signature()
650 * @see ckmc_verify_signature()
651 * @see #ckmc_ec_type_e
653 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
654 const char *private_key_alias,
655 const char *public_key_alias,
656 const ckmc_policy_s policy_private_key,
657 const ckmc_policy_s policy_public_key);
660 * @brief Creates AES key and stores it inside key manager based on the policy.
664 * @remarks If password in policy is provided, the key is additionally encrypted with the password
667 * @param[in] size The size of key strength to be created. \n
668 * @c 128, @c 192 and @c 256 are supported.
669 * @param[in] key_alias The name of key to be stored
670 * @param[in] key_policy The policy about how to store the key securely
672 * @return @c 0 on success,
673 * otherwise a negative error value
675 * @retval #CKMC_ERROR_NONE Successful
676 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
677 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
679 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
680 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
681 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
683 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
685 * @see ckmc_create_key_pair_rsa()
686 * @see ckmc_create_key_pair_dsa()
687 * @see ckmc_create_key_pair_ecdsa()
689 int ckmc_create_key_aes(const size_t size,
690 const char *key_alias,
691 const ckmc_policy_s key_policy);
694 * @brief Creates a signature on a given message using a private key and returns the signature.
697 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
699 * @remarks If password of policy is provided during storing a key, the same password should be
701 * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is
704 * @param[in] private_key_alias The name of private key
705 * @param[in] password The password used in decrypting a private key value
706 * @param[in] message The message that is signed with a private key
707 * @param[in] hash The hash algorithm used in creating signature
708 * @param[in] padding The RSA padding algorithm used in creating signature \n
709 * It is used only when the signature algorithm is RSA.
710 * @param[out] ppsignature The pointer to a newly created signature \n
711 * If an error occurs, @a *ppsignature will be null.
713 * @return @c 0 on success,
714 * otherwise a negative error value
716 * @retval #CKMC_ERROR_NONE Successful
717 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
718 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
720 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
721 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
722 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
723 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
724 * Decryption failed because password is incorrect.
726 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
728 * @see ckmc_create_key_pair_rsa()
729 * @see ckmc_create_key_pair_ecdsa()
730 * @see ckmc_verify_signature()
731 * @see ckmc_buffer_free()
732 * @see #ckmc_hash_algo_e
733 * @see #ckmc_rsa_padding_algo_e
735 int ckmc_create_signature(const char *private_key_alias,
736 const char *password,
737 const ckmc_raw_buffer_s message,
738 const ckmc_hash_algo_e hash,
739 const ckmc_rsa_padding_algo_e padding,
740 ckmc_raw_buffer_s **ppsignature);
743 * @brief Verifies a given signature on a given message using a public key and returns the signature
747 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
749 * @remarks If password of policy is provided during storing a key, the same password should be
752 * @param[in] public_key_alias The name of public key
753 * @param[in] password The password used in decrypting a public key value
754 * @param[in] message The input on which the signature is created
755 * @param[in] signature The signature that is verified with public key
756 * @param[in] hash The hash algorithm used in verifying signature
757 * @param[in] padding The RSA padding algorithm used in verifying signature \n
758 * It is used only when the signature algorithm is RSA.
760 * @return @c 0 on success and the signature is valid,
761 * otherwise a negative error value
763 * @retval #CKMC_ERROR_NONE Successful
764 * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
765 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
766 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
768 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
769 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
770 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
771 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
772 * Decryption failed because password is incorrect.
774 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
776 * @see ckmc_create_key_pair_rsa()
777 * @see ckmc_create_key_pair_ecdsa()
778 * @see ckmc_verify_signature()
779 * @see #ckmc_hash_algo_e
780 * @see #ckmc_rsa_padding_algo_e
782 int ckmc_verify_signature(const char *public_key_alias,
783 const char *password,
784 const ckmc_raw_buffer_s message,
785 const ckmc_raw_buffer_s signature,
786 const ckmc_hash_algo_e hash,
787 const ckmc_rsa_padding_algo_e padding);
790 * @brief Verifies a certificate chain and returns that chain.
793 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
795 * @remarks The trusted root certificate of the chain should exist in the system's certificate
797 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
798 * ckmc_cert_list_all_free() if it is no longer needed.
800 * @param[in] cert The certificate to be verified
801 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
803 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
804 * If an error occurs, @a *ppcert_chain_list will be null.
806 * @return @c 0 on success and the signature is valid,
807 * otherwise a negative error value
809 * @retval #CKMC_ERROR_NONE Successful
810 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
811 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
812 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
814 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
815 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
816 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
817 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
818 * Decryption failed because password is incorrect.
820 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
822 * @see ckmc_get_cert_chain_with_alias())
823 * @see ckmc_cert_list_all_free()
825 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
826 const ckmc_cert_list_s *untrustedcerts,
827 ckmc_cert_list_s **ppcert_chain_list);
830 * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
834 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
836 * @remarks The trusted root certificate of the chain should exist in the system's certificate
838 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
839 * ckmc_cert_list_all_free() if it is no longer needed.
841 * @param[in] cert The certificate to be verified
842 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
843 * to be used in verifying a certificate chain
844 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
845 * If an error occurs, @a *ppcert_chain_list will be null.
847 * @return @c 0 on success and the signature is valid,
848 * otherwise a negative error value
850 * @retval #CKMC_ERROR_NONE Successful
851 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
852 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
853 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
855 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
856 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
857 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
858 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
859 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
860 * Some certificates were encrypted with password and could not
863 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
865 * @see ckmc_get_cert_chain()
866 * @see ckmc_cert_list_all_free()
868 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
869 const ckmc_alias_list_s *untrustedcerts,
870 ckmc_cert_list_s **ppcert_chain_list);
873 * @brief Verifies a certificate chain and returns that chain using user entered trusted and
874 * untrusted CA certificates
877 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
879 * @remarks If the trusted root certificates are provided as a user input, these certificates do not
880 * need to exist in the system's certificate storage.
881 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
882 * ckmc_cert_list_all_free() if it is no longer needed.
884 * @param[in] cert The certificate to be verified
885 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a
887 * @param[in] trustedcerts The trusted CA certificates to be used in verifying a
889 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
890 * in the system's certificate storage.
891 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
892 * If an error occurs, @a *ppcert_chain_list will be null.
894 * @return @c 0 on success and the signature is valid,
895 * otherwise a negative error value
897 * @retval #CKMC_ERROR_NONE Successful
898 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
899 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
900 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
902 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
903 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
904 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
906 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
908 * @see ckmc_get_cert_chain_with_trustedcert_alias()
909 * @see ckmc_cert_list_all_free()
911 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
912 const ckmc_cert_list_s *untrustedcerts,
913 const ckmc_cert_list_s *trustedcerts,
914 const bool use_trustedsystemcerts,
915 ckmc_cert_list_s **ppcert_chain_list);
918 * @brief Verifies a certificate chain and returns that chain using alias lists of untrusted and
919 * trusted certificates
922 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
924 * @remarks If the alias list of trusted root certificates is provided as a user input, these
925 * certificates do not need to exist in the system's certificate storage.
926 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
927 * ckmc_cert_list_all_free() if it is no longer needed.
929 * @param[in] cert The certificate to be verified
930 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key
931 * manager to be used in verifying a certificate chain
932 * @param[in] trustedcerts The alias list of trusted CA certificates stored in key
933 * manager to be used in verifying a certificate chain
934 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
935 * in the system's certificate storage.
936 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
937 * If an error occurs, @a *ppcert_chain_list will be null.
939 * @return @c 0 on success and the signature is valid,
940 * otherwise a negative error value
942 * @retval #CKMC_ERROR_NONE Successful
943 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
944 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
945 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
947 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
948 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
949 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
950 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
951 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
952 * Some certificates were encrypted with password and could not
955 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
957 * @see ckmc_get_cert_chain_with_trustedcert()
958 * @see ckmc_cert_list_all_free()
960 int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s *cert,
961 const ckmc_alias_list_s *untrustedcerts,
962 const ckmc_alias_list_s *trustedcerts,
963 const bool use_trustedsystemcerts,
964 ckmc_cert_list_s **ppcert_chain_list);
967 * @brief Perform OCSP which checks certificate is whether revoked or not
971 * @privilege %http://tizen.org/privilege/internet
973 * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check
974 * @param[out] ocsp_status The pointer to status result of OCSP check
976 * @return @c 0 on success, otherwise a negative error value
978 * @retval #CKMC_ERROR_NONE Successful
979 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
980 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
981 * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported
983 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
984 * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
985 * ckmc_get_certificate_chain_with_alias()
987 * @see ckmc_get_cert_chain())
988 * @see ckmc_cert_list_all_free()
990 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
993 * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
994 * @brief Allows another application to access client's application data
997 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
999 * @remarks Data identified by @a alias should exist
1001 * @param[in] alias Data alias for which access will be granted
1002 * @param[in] accessor Package id of the application that will gain access rights
1003 * @param[in] granted Rights granted for @a accessor application
1005 * @return @c 0 on success, otherwise a negative error value
1007 * @retval #CKMC_ERROR_NONE Successful
1008 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1009 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1011 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1012 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1013 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1015 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1017 * @see ckmc_deny_access()
1019 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
1022 * @brief Allows another application to access client's application data
1025 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
1027 * @remarks Data identified by @a alias should exist
1029 * @param[in] alias Data alias for which access will be granted
1030 * @param[in] accessor Package id of the application that will gain access rights
1031 * @param[in] permissions Mask of permissions granted for @a accessor application
1032 * (@a ckmc_permission_e)
1033 * (previous permission mask will be replaced with the new mask value)
1035 * @return @c 0 on success, otherwise a negative error value
1037 * @retval #CKMC_ERROR_NONE Successful
1038 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1039 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1041 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1042 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1043 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1045 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1047 int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
1050 * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
1051 * @brief Revokes another application's access to client's application data
1054 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
1056 * @remarks Data identified by @a alias should exist
1057 * @remarks Only access previously granted with ckmc_allow_access can be revoked.
1059 * @param[in] alias Data alias for which access will be revoked
1060 * @param[in] accessor Package id of the application that will lose access rights
1062 * @return @c 0 on success, otherwise a negative error value
1064 * @retval #CKMC_ERROR_NONE Successful
1065 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
1066 * have access to @a alias
1067 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1069 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1070 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1071 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1073 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1075 * @see ckmc_allow_access()
1076 * @see ckmc_set_permission()
1078 int ckmc_deny_access(const char *alias, const char *accessor);
1081 * @brief Removes a an entry (no matter of type) from the key manager.
1084 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
1086 * @remarks To remove item, client must have remove permission to the specified item.
1087 * @remarks The item owner can remove by default.
1089 * @param[in] alias Item alias to be removed
1091 * @return @c 0 on success,
1092 * otherwise a negative error value
1094 * @retval #CKMC_ERROR_NONE Successful
1095 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1096 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1098 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
1099 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1100 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1102 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1104 * @see ckmc_save_key()
1105 * @see ckmc_save_cert()
1106 * @see ckmc_save_data()
1107 * @see ckmc_save_pkcs12()
1108 * @see ckmc_create_key_pair_rsa()
1109 * @see ckmc_create_key_pair_dsa()
1110 * @see ckmc_create_key_pair_ecdsa()
1112 int ckmc_remove_alias(const char *alias);
1115 * @brief Encrypts data using selected key and algorithm.
1119 * @remarks Key identified by @a key_alias should exist.
1121 * @param[in] params Algorithm parameters
1122 * @param[in] key_alias Alias of the key to be used for encryption
1123 * @param[in] password The password used in decrypting a key value \n
1124 * If password of policy is provided in ckmc_save_key(), the same
1125 * password should be provided
1126 * @param[in] decrypted Data to be encrypted
1127 * @param[out] ppencrypted Encrypted data (some algorithms may return additional information
1128 * embedded in encrypted data. AES GCM is an example) \n
1129 * The caller is responsible for freeing ppencrypted with
1130 * ckmc_buffer_free()
1132 * @return @c 0 on success, otherwise a negative error value
1134 * @retval #CKMC_ERROR_NONE Successful
1135 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1136 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1138 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1139 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
1140 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1141 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1142 * Key decryption failed because password is incorrect
1144 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1146 * @see ckmc_buffer_free()
1147 * @see ckmc_param_list_new()
1148 * @see ckmc_param_list_free()
1149 * @see ckmc_param_list_add_integer()
1150 * @see ckmc_param_list_add_buffer()
1151 * @see ckmc_generate_params()
1152 * @see #ckmc_param_list_s
1153 * @see #ckmc_param_name_e
1155 int ckmc_encrypt_data(const ckmc_param_list_s *params,
1156 const char *key_alias,
1157 const char *password,
1158 const ckmc_raw_buffer_s decrypted,
1159 ckmc_raw_buffer_s **ppencrypted);
1162 * @brief Decrypts data using selected key and algorithm.
1166 * @remarks Key identified by @a key_alias should exist.
1168 * @param[in] params Algorithm parameters
1169 * @param[in] key_alias Alias of the key to be used for encryption
1170 * @param[in] password The password used in decrypting a key value \n
1171 * If password of policy is provided in ckmc_save_key(), the same
1172 * password should be provided
1173 * @param[in] encrypted Data to be decrypted (some algorithms may require additional
1174 * information embedded in encrypted data. AES GCM is an example)
1175 * @param[out] ppdecrypted Decrypted data \n
1176 * The caller is responsible for freeing ppdecrypted with
1177 * ckmc_buffer_free()
1179 * @return @c 0 on success, otherwise a negative error value
1181 * @retval #CKMC_ERROR_NONE Successful
1182 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1183 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1185 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1186 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
1187 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1188 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1189 * Key decryption failed because password is incorrect
1191 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1193 * @see ckmc_buffer_free()
1194 * @see ckmc_param_list_new()
1195 * @see ckmc_param_list_free()
1196 * @see ckmc_param_list_add_integer()
1197 * @see ckmc_param_list_add_buffer()
1198 * @see ckmc_generate_params()
1199 * @see #ckmc_param_list_s
1200 * @see #ckmc_param_name_e
1202 int ckmc_decrypt_data(const ckmc_param_list_s *params,
1203 const char *key_alias,
1204 const char *password,
1205 const ckmc_raw_buffer_s encrypted,
1206 ckmc_raw_buffer_s **ppdecrypted);
1217 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */