2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys, certificates and data of a user and additional crypto functions.
23 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
24 #define __TIZEN_CORE_CKMC_MANAGER_H
27 #include <sys/types.h>
29 #include <ckmc/ckmc-type.h>
30 #include <ckmc/ckmc-error.h>
37 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
43 * @brief Stores a key inside key manager based on the provided policy.
47 * @privilege %http://tizen.org/privilege/keymanager
49 * @remarks Currently only six types of keys are supported for this API. These are RSA public/private key, DSA public/private key and ECDSA public/private key.
50 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys.
51 * @remarks Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the #ckmc_key_s structure.
52 * @remarks If password in policy is provided, the key is additionally encrypted with the password in policy.
54 * @param[in] alias The name of a key to be stored
55 * @param[in] key The key's binary value to be stored
56 * @param[in] policy The policy about how to store a key securely
58 * @return @c 0 on success,
59 * otherwise a negative error value
61 * @retval #CKMC_ERROR_NONE Successful
62 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
63 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
64 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
65 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
66 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
67 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
69 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
71 * @see ckmc_remove_key()
73 * @see ckmc_get_key_alias_list()
77 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
80 * @brief Removes a key from key manager.
84 * @privilege %http://tizen.org/privilege/keymanager
86 * @remarks To remove key, client must have remove permission to the specified key.
87 * @remarks The key owner can remove by default.
89 * @param[in] alias The name of a key to be removed
91 * @return @c 0 on success,
92 * otherwise a negative error value
94 * @retval #CKMC_ERROR_NONE Successful
95 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
96 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
97 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
98 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
99 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
101 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
103 * @see ckmc_save_key()
104 * @see ckmc_get_key()
105 * @see ckmc_get_key_alias_list()
107 int ckmc_remove_key(const char *alias);
110 * @brief Gets a key from key manager.
114 * @privilege %http://tizen.org/privilege/keymanager
116 * @remarks A client can access only data stored by the client.
117 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no longer needed.
119 * @param[in] alias The name of a key to retrieve
120 * @param[in] password The password used in decrypting a key value \n
121 * If password of policy is provided in ckmc_save_key(), the same password should be provided.
122 * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
124 * @return @c 0 on success,
125 * otherwise a negative error value
127 * @retval #CKMC_ERROR_NONE Successful
128 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
129 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
130 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
131 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
132 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
134 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
136 * @see ckmc_save_key()
137 * @see ckmc_remove_key()
138 * @see ckmc_get_key_alias_list()
140 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
143 * @brief Gets all the alias of keys that the client can access.
147 * @privilege %http://tizen.org/privilege/keymanager
149 * @remarks A client can access only data stored by the client.
150 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
152 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n
153 * If there is no available key alias, *ppalias_list will be null.
155 * @return @c 0 on success,
156 * otherwise a negative error value
158 * @retval #CKMC_ERROR_NONE Successful
159 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
160 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
161 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
162 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
163 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
165 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
167 * @see ckmc_save_key()
168 * @see ckmc_remove_key()
169 * @see ckmc_get_key()
171 int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
177 * @brief Stores a certificate inside key manager based on the provided policy.
181 * @privilege %http://tizen.org/privilege/keymanager
183 * @remarks the certificate's binary value will be converted and saved as binary DER encoded certificates.
185 * @param[in] alias The name of a certificate to be stored
186 * @param[in] cert The certificate's binary value to be stored
187 * @param[in] policy The policy about how to store a certificate securely
189 * @return @c 0 on success,
190 * otherwise a negative error value
192 * @retval #CKMC_ERROR_NONE Successful
193 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
194 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
195 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
196 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
197 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
198 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
200 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
202 * @see ckmc_remove_cert()
203 * @see ckmc_get_cert()
204 * @see ckmc_get_cert_alias_list()
206 * @see #ckmc_policy_s
208 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
211 * @brief Removes a certificate from key manager.
215 * @privilege %http://tizen.org/privilege/keymanager
217 * @remarks To remove certificate, client must have remove permission to the specified certificate.
218 * @remarks The key owner can remove by default.
220 * @param[in] alias The name of a certificate to be removed
222 * @return @c 0 on success,
223 * otherwise a negative error value
225 * @retval #CKMC_ERROR_NONE Successful
226 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
227 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
228 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
229 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
230 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
232 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
234 * @see ckmc_save_cert()
235 * @see ckmc_get_cert()
236 * @see ckmc_get_cert_alias_list()
238 int ckmc_remove_cert(const char *alias);
241 * @brief Gets a certificate from key manager.
245 * @privilege %http://tizen.org/privilege/keymanager
247 * @remarks A client can access only certificate stored by the client.
248 * @remarks A DER encoded certificate will be returned as a return value.
249 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no longer needed.
251 * @param[in] alias The name of a certificate to retrieve
252 * @param[in] password The password used in decrypting a certificate value \n
253 * If password of policy is provided in ckmc_save_cert(), the same password should be provided.
254 * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
256 * @return @c 0 on success,
257 * otherwise a negative error value
259 * @retval #CKMC_ERROR_NONE Successful
260 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
261 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
262 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
263 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
264 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
266 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
268 * @see ckmc_save_cert()
269 * @see ckmc_remove_cert()
270 * @see ckmc_get_cert_alias_list()
272 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
275 * @brief Gets all alias of certificates which the client can access.
279 * @privilege %http://tizen.org/privilege/keymanager
281 * @remarks A client can access only data stored by the client.
282 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
284 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n
285 * If there is no available key alias, *ppalias_list will be null.
287 * @return @c 0 on success,
288 * otherwise a negative error value
290 * @retval #CKMC_ERROR_NONE Successful
291 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
292 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
293 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
294 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
295 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
297 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
299 * @see ckmc_save_cert()
300 * @see ckmc_remove_cert()
301 * @see ckmc_get_cert()
303 int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
309 * @brief Stores PKCS12's contents inside key manager based on the provided policies.
310 * All items from the PKCS12 will use the same alias.
314 * @privilege %http://tizen.org/privilege/keymanager
316 * @param[in] alias The name of a data to be stored
317 * @param[in] pkcs Pointer to the pkcs12 structure to be saved
318 * @param[in] key_policy The policy about how to store pkcs's private key
319 * @param[in] cert_policy The policy about how to store pkcs's certificate
321 * @return @c 0 on success,
322 * otherwise a negative error value
324 * @retval #CKMC_ERROR_NONE Successful
325 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
326 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
327 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
328 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
329 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
331 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
333 * @see ckmc_remove_pkcs12()
334 * @see ckmc_get_pkcs12()
335 * @see ckmc_get_data_alias_list()
336 * @see ckmc_load_from_pkcs12_file2()
337 * @see #ckmc_pkcs12_s
338 * @see #ckmc_policy_s
340 int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *pkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy);
343 * @brief Removes all PKCS12 contents from key manager.
347 * @privilege %http://tizen.org/privilege/keymanager
349 * @remarks To remove PKCS12, client must have remove permission to the specified PKCS12 object.
350 * @remarks The key owner can remove by default.
352 * @param[in] alias The name of PKCS12 to be removed
354 * @return @c 0 on success,
355 * otherwise a negative error value
357 * @retval #CKMC_ERROR_NONE Successful
358 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
359 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
360 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
361 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
362 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
364 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
366 * @see ckmc_save_pkcs12()
367 * @see ckmc_get_pkcs12()
369 int ckmc_remove_pkcs12(const char *alias);
372 * @brief Gets a pkcs12 from key manager.
376 * @privilege %http://tizen.org/privilege/keymanager
378 * @remarks A client can access only data stored by the client.
379 * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no longer needed.
381 * @param[in] alias The name of a data to retrieve
382 * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
384 * @return @c 0 on success,
385 * otherwise a negative error value
387 * @retval #CKMC_ERROR_NONE Successful
388 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
389 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
390 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
391 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
392 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
394 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
396 * @see ckmc_save_pkcs12()
397 * @see ckmc_remove_pkcs12()
399 int ckmc_get_pkcs12(const char *alias, ckmc_pkcs12_s **pkcs12);
405 * @brief Stores a data inside key manager based on the provided policy.
409 * @privilege %http://tizen.org/privilege/keymanager
411 * @param[in] alias The name of a data to be stored
412 * @param[in] data The binary value to be stored
413 * @param[in] policy The policy about how to store a data securely
415 * @return @c 0 on success,
416 * otherwise a negative error value
418 * @retval #CKMC_ERROR_NONE Successful
419 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
420 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
421 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
422 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
423 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
425 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
427 * @see ckmc_remove_data()
428 * @see ckmc_get_data()
429 * @see ckmc_get_data_alias_list()
430 * @see #ckmc_raw_buffer_s
431 * @see #ckmc_policy_s
433 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
436 * @brief Removes a data from key manager.
440 * @privilege %http://tizen.org/privilege/keymanager
442 * @remarks To remove data, client must have remove permission to the specified data object.
443 * @remarks The data owner can remove by default.
445 * @param[in] alias The name of a data to be removed
447 * @return @c 0 on success,
448 * otherwise a negative error value
450 * @retval #CKMC_ERROR_NONE Successful
451 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
452 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
453 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
454 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
455 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
457 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
459 * @see ckmc_save_data()
460 * @see ckmc_get_data()
461 * @see ckmc_get_data_alias_list()
463 int ckmc_remove_data(const char *alias);
466 * @brief Gets a data from key manager.
470 * @privilege %http://tizen.org/privilege/keymanager
472 * @remarks A client can access only data stored by the client.
473 * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no longer needed.
475 * @param[in] alias The name of a data to retrieve
476 * @param[in] password The password used in decrypting a data value \n
477 * If password of policy is provided in ckmc_save_data(), the same password should be provided.
478 * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
480 * @return @c 0 on success,
481 * otherwise a negative error value
483 * @retval #CKMC_ERROR_NONE Successful
484 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
485 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
486 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
487 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
488 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
490 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
492 * @see ckmc_save_data()
493 * @see ckmc_remove_data()
494 * @see ckmc_get_data_alias_list()
496 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
499 * @brief Gets all alias of data which the client can access.
503 * @privilege %http://tizen.org/privilege/keymanager
505 * @remarks A client can access only data stored by the client.
506 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
508 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n
509 * If there is no available key alias, *ppalias_list will be null.
511 * @return @c 0 on success,
512 * otherwise a negative error value
514 * @retval #CKMC_ERROR_NONE Successful
515 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
516 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
517 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
518 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
519 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
521 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
523 * @see ckmc_save_data()
524 * @see ckmc_remove_data()
525 * @see ckmc_get_data()
527 int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
533 * @brief Creates RSA private/public key pair and stores them inside key manager based on each policy.
537 * @privilege %http://tizen.org/privilege/keymanager
539 * @remarks If password in policy is provided, the key is additionally encrypted with the password in policy.
541 * @param[in] size The size of key strength to be created \n
542 * @c 1024, @c 2048, and @c 4096 are supported.
543 * @param[in] private_key_alias The name of private key to be stored
544 * @param[in] public_key_alias The name of public key to be stored
545 * @param[in] policy_private_key The policy about how to store a private key securely
546 * @param[in] policy_public_key The policy about how to store a public key securely
548 * @return @c 0 on success,
549 * otherwise a negative error value
551 * @retval #CKMC_ERROR_NONE Successful
552 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
553 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
554 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
555 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
556 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
558 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
560 * @see ckmc_create_key_pair_dsa()
561 * @see ckmc_create_key_pair_ecdsa()
562 * @see ckmc_create_signature()
563 * @see ckmc_verify_signature()
565 int ckmc_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key);
568 * @brief Creates DSA private/public key pair and stores them inside key manager based on each policy.
572 * @privilege %http://tizen.org/privilege/keymanager
574 * @remarks If password in policy is provided, the key is additionally encrypted with the password in policy.
576 * @param[in] size The size of key strength to be created \n
577 * @c 1024, @c 2048, @c 3072 and @c 4096 are supported.
578 * @param[in] private_key_alias The name of private key to be stored
579 * @param[in] public_key_alias The name of public key to be stored
580 * @param[in] policy_private_key The policy about how to store a private key securely
581 * @param[in] policy_public_key The policy about how to store a public key securely
583 * @return @c 0 on success,
584 * otherwise a negative error value
586 * @retval #CKMC_ERROR_NONE Successful
587 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
588 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
589 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
590 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
591 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
593 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
595 * @see ckmc_create_key_pair_rsa()
596 * @see ckmc_create_key_pair_ecdsa()
597 * @see ckmc_create_signature()
598 * @see ckmc_verify_signature()
600 int ckmc_create_key_pair_dsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key);
603 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
607 * @privilege %http://tizen.org/privilege/keymanager
609 * @remarks If password in policy is provided, the key is additionally encrypted with the password in policy.
611 * @param[in] type The type of elliptic curve of ECDSA
612 * @param[in] private_key_alias The name of private key to be stored
613 * @param[in] public_key_alias The name of public key to be stored
614 * @param[in] policy_private_key The policy about how to store a private key securely
615 * @param[in] policy_public_key The policy about how to store a public key securely
617 * @return @c 0 on success,
618 * otherwise a negative error value
620 * @retval #CKMC_ERROR_NONE Successful
621 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
622 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
623 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
624 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
625 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
627 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
629 * @see ckmc_create_key_pair_rsa()
630 * @see ckmc_create_key_pair_dsa()
631 * @see ckmc_create_signature()
632 * @see ckmc_verify_signature()
633 * @see #ckmc_ec_type_e
635 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key);
638 * @brief Creates a signature on a given message using a private key and returns the signature.
642 * @privilege %http://tizen.org/privilege/keymanager
644 * @remarks If password of policy is provided during storing a key, the same password should be provided.
645 * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is no longer needed.
647 * @param[in] private_key_alias The name of private key
648 * @param[in] password The password used in decrypting a private key value
649 * @param[in] message The message that is signed with a private key
650 * @param[in] hash The hash algorithm used in creating signature
651 * @param[in] padding The RSA padding algorithm used in creating signature \n
652 * It is used only when the signature algorithm is RSA.
653 * @param[out] ppsignature The pointer to a newly created signature \n
654 * If an error occurs, @a *ppsignature will be null.
656 * @return @c 0 on success,
657 * otherwise a negative error value
659 * @retval #CKMC_ERROR_NONE Successful
660 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
661 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
662 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
663 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
664 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
666 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
668 * @see ckmc_create_key_pair_rsa()
669 * @see ckmc_create_key_pair_ecdsa()
670 * @see ckmc_verify_signature()
671 * @see ckmc_buffer_free()
672 * @see #ckmc_hash_algo_e
673 * @see #ckmc_rsa_padding_algo_e
675 int ckmc_create_signature(const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature);
678 * @brief Verifies a given signature on a given message using a public key and returns the signature status.
682 * @privilege %http://tizen.org/privilege/keymanager
684 * @remarks If password of policy is provided during storing a key, the same password should be provided.
686 * @param[in] public_key_alias The name of public key
687 * @param[in] password The password used in decrypting a public key value
688 * @param[in] message The input on which the signature is created
689 * @param[in] signature The signature that is verified with public key
690 * @param[in] hash The hash algorithm used in verifying signature
691 * @param[in] padding The RSA padding algorithm used in verifying signature \n
692 * It is used only when the signature algorithm is RSA.
694 * @return @c 0 on success and the signature is valid,
695 * otherwise a negative error value
697 * @retval #CKMC_ERROR_NONE Successful
698 * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
699 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
700 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
701 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
702 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
703 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
705 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
707 * @see ckmc_create_key_pair_rsa()
708 * @see ckmc_create_key_pair_ecdsa()
709 * @see ckmc_verify_signature()
710 * @see #ckmc_hash_algo_e
711 * @see #ckmc_rsa_padding_algo_e
713 int ckmc_verify_signature(const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding);
716 * @deprecated, see ckmc_get_certificate_chain()
717 * @brief Verifies a certificate chain and returns that chain.
721 * @privilege %http://tizen.org/privilege/keymanager
723 * @remarks The trusted root certificate of the chain should exist in the system's certificate storage.
724 * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.
726 * @param[in] cert The certificate to be verified
727 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain
728 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
729 * If an error occurs, @a *ppcert_chain_list will be null.
731 * @return @c 0 on success and the signature is valid,
732 * otherwise a negative error value
734 * @retval #CKMC_ERROR_NONE Successful
735 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
736 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
737 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
738 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
739 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
740 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
742 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
744 * @see ckmc_get_cert_chain_with_alias())
745 * @see ckmc_cert_list_all_free()
747 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list);
750 * @deprecated, see ckmc_get_certificate_chain_with_alias()
751 * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that chain.
755 * @privilege %http://tizen.org/privilege/keymanager
757 * @remarks The trusted root certificate of the chain should exist in the system's certificate storage.
758 * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.
760 * @param[in] cert The certificate to be verified
761 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain
762 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
763 * If an error occurs, @a *ppcert_chain_list will be null.
765 * @return @c 0 on success and the signature is valid,
766 * otherwise a negative error value
768 * @retval #CKMC_ERROR_NONE Successful
769 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
770 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
771 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
772 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
773 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
774 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
775 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
777 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
779 * @see ckmc_get_cert_chain())
780 * @see ckmc_cert_list_all_free()
782 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list);
785 * @brief Verifies a certificate chain and returns that chain using user entered trusted and untrusted CA certificates
789 * @privilege %http://tizen.org/privilege/keymanager
791 * @remarks If the trusted root certificates are provided as a user input, these certificates do not need to exist in the system's certificate storage.
792 * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.
794 * @param[in] cert The certificate to be verified
795 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain
796 * @param[in] trustedcerts The trusted CA certificates to be used in verifying a certificate chain
797 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates in the system's certificate storage.
798 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
799 * If an error occurs, @a *ppcert_chain_list will be null.
801 * @return @c 0 on success and the signature is valid,
802 * otherwise a negative error value
804 * @retval #CKMC_ERROR_NONE Successful
805 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
806 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
807 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
808 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
809 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
810 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
812 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
814 * @see ckmc_get_cert_chain_with_alias())
815 * @see ckmc_cert_list_all_free()
817 int ckmc_get_certificate_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, const ckmc_cert_list_s *trustedcerts, const bool use_trustedsystemcerts, ckmc_cert_list_s **ppcert_chain_list);
820 * @brief Verifies a certificate chain and returns that chain using alias lists of untrusted and trusted certificates
824 * @privilege %http://tizen.org/privilege/keymanager
826 * @remarks If the alias list of trusted root certificates is provided as a user input, these certificates do not need to exist in the system's certificate storage.
827 * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.
829 * @param[in] cert The certificate to be verified
830 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain
831 * @param[in] trustedcerts The alias list of trusted CA certificates stored in key manager to be used in verifying a certificate chain
832 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates in the system's certificate storage.
833 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
834 * If an error occurs, @a *ppcert_chain_list will be null.
836 * @return @c 0 on success and the signature is valid,
837 * otherwise a negative error value
839 * @retval #CKMC_ERROR_NONE Successful
840 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
841 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
842 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
843 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
844 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
845 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
846 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
848 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
850 * @see ckmc_get_cert_chain())
851 * @see ckmc_cert_list_all_free()
853 int ckmc_get_certificate_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, const ckmc_alias_list_s *trustedcerts, const bool use_trustedsystemcerts, ckmc_cert_list_s **ppcert_chain_list);
856 * @brief Perform OCSP which checks certificate is whether revoked or not
860 * @privilege %http://tizen.org/privilege/keymanager
862 * @param[in] pcert_chain_list Certificate chain to perform OCSP check
863 * @param[out] ocsp_status The pointer to status result of OCSP check
865 * @return @c 0 on success, otherwise a negative error value
867 * @retval #CKMC_ERROR_NONE Successful
868 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
869 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
871 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
873 * @see ckmc_get_cert_chain())
874 * @see ckmc_cert_list_all_free()
876 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
879 * @deprecated, see ckmc_set_permission()
880 * @brief Allows another application to access client's application data
884 * @privilege %http://tizen.org/privilege/keymanager
886 * @remarks Data identified by @a alias should exist
888 * @param[in] alias Data alias for which access will be granted
889 * @param[in] accessor Package id of the application that will gain access rights
890 * @param[in] granted Rights granted for @a accessor application
892 * @return @c 0 on success, otherwise a negative error value
894 * @retval #CKMC_ERROR_NONE Successful
895 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
896 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
897 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
898 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
899 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
901 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
903 * @see ckmc_deny_access()
905 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
908 * @brief Allows another application to access client's application data
912 * @privilege %http://tizen.org/privilege/keymanager
914 * @remarks Data identified by @a alias should exist
916 * @param[in] alias Data alias for which access will be granted
917 * @param[in] accessor Package id of the application that will gain access rights
918 * @param[in] permissions Mask of permissions granted for @a accessor application (@a ckmc_permission_e)
919 * (previous permission mask will be replaced with the new mask value)
921 * @return @c 0 on success, otherwise a negative error value
923 * @retval #CKMC_ERROR_NONE Successful
924 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
925 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
926 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
927 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
928 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
930 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
932 int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
935 * @deprecated, see ckmc_set_permission()
936 * @brief Revokes another application's access to client's application data
940 * @privilege %http://tizen.org/privilege/keymanager
942 * @remarks Data identified by @a alias should exist
943 * @remarks Only access previously granted with ckmc_allow_access can be revoked.
945 * @param[in] alias Data alias for which access will be revoked
946 * @param[in] accessor Package id of the application that will lose access rights
948 * @return @c 0 on success, otherwise a negative error value
950 * @retval #CKMC_ERROR_NONE Successful
951 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
952 * have access to @a alias
953 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
954 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
955 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
956 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
958 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
960 * @see ckmc_allow_access()
961 * @see ckmc_set_permission()
963 int ckmc_deny_access(const char *alias, const char *accessor);
966 * @brief Removes a an entry (no matter of type) from the key manager.
970 * @privilege %http://tizen.org/privilege/keymanager
972 * @remarks To remove item, client must have remove permission to the specified item.
973 * @remarks The item owner can remove by default.
975 * @param[in] alias Item alias to be removed
977 * @return @c 0 on success,
978 * otherwise a negative error value
980 * @retval #CKMC_ERROR_NONE Successful
981 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
982 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
983 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
984 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
985 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
987 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
989 * @see ckmc_save_key()
990 * @see ckmc_save_cert
991 * @see ckmc_save_data
992 * @see ckmc_save_pkcs12
993 * @see ckmc_create_key_pair_rsa
994 * @see ckmc_create_key_pair_dsa
995 * @see ckmc_create_key_pair_ecdsa
997 int ckmc_remove_alias(const char *alias);
1008 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */