2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
19 * @brief Definitions of struct for the Key Manager's CAPI and their utility functions.
22 #ifndef __TIZEN_CORE_CKMC_TYPE_H
23 #define __TIZEN_CORE_CKMC_TYPE_H
26 #include <ckmc/ckmc-error.h>
28 #define KEY_MANAGER_CAPI __attribute__((visibility("default")))
36 * @addtogroup CAPI_KEY_MANAGER_TYPES_MODULE
41 * alias can be provided as an alias alone, or together with label - in this
42 * case, separator " " (space bar) is used to separate label and alias.
43 * @see key-manager_doc.h
45 KEY_MANAGER_CAPI extern char const * const ckmc_label_name_separator;
48 * shared database label - user may be given permission to access shared
49 * database items. In such case, the alias should contain shared database
51 * @see ckmc_label_name_separator
52 * @see key-manager_doc.h
54 KEY_MANAGER_CAPI extern char const * const ckmc_label_shared_owner;
57 * @brief Enumeration for key types of key manager.
60 typedef enum __ckmc_key_type {
61 CKMC_KEY_NONE = 0, /**< key type not specified */
62 CKMC_KEY_RSA_PUBLIC, /**< RSA public key */
63 CKMC_KEY_RSA_PRIVATE, /**< RSA private key */
64 CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */
65 CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */
66 CKMC_KEY_DSA_PUBLIC, /**< DSA public key */
67 CKMC_KEY_DSA_PRIVATE, /**< DSA private key */
68 CKMC_KEY_AES, /**< AES key */
72 * @brief Enumeration for data format.
75 typedef enum __ckmc_data_format {
76 CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */
77 CKMC_FORM_DER, /**< DER encoded data */
78 CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded
79 with additional header and footer lines. */
83 * @brief Enumeration for elliptic curve.
86 typedef enum __ckmc_ec_type {
87 CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended
88 elliptic curve domain */
89 CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */
90 CKMC_EC_SECP384R1 /**< NIST curve P-384 (covers "secp384r1", the elliptic curve domain
91 listed in See SEC 2 */
95 * @brief Enumeration for hash algorithm.
98 typedef enum __ckmc_hash_algo {
99 CKMC_HASH_NONE = 0, /**< No Hash Algorithm */
100 CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */
101 CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */
102 CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */
103 CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */
107 * @brief Enumeration for RSA padding algorithm.
110 typedef enum __ckmc_rsa_padding_algo {
111 CKMC_NONE_PADDING = 0, /**< No Padding */
112 CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */
113 CKMC_X931_PADDING /**< X9.31 padding */
114 } ckmc_rsa_padding_algo_e;
117 * @deprecated Deprecated since 2.4. [Use ckmc_permission_e() instead]
118 * @brief Enumeration for database access rights.
121 typedef enum __ckmc_access_right{
122 CKMC_AR_READ = 0, /**< access right for read*/
123 CKMC_AR_READ_REMOVE /**< access right for read and remove*/
124 } ckmc_access_right_e;
127 * @brief Enumeration for permissions to access/modify alias.
130 typedef enum __ckmc_permission{
131 CKMC_PERMISSION_NONE = 0x00, /**< clear permissions */
132 CKMC_PERMISSION_READ = 0x01, /**< read allowed */
133 CKMC_PERMISSION_REMOVE = 0x02 /**< remove allowed */
137 * @brief the structure for binary buffer used in key manager CAPI.
140 typedef struct __ckmc_raw_buff {
141 unsigned char* data; /**< Byte array containing binary data */
142 size_t size; /**< The size of the binary data */
146 * @brief The structure for a policy for storing key/certificate/binary data.
149 typedef struct __ckmc_policy {
150 char* password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data
151 (or key, or certificate) is stored encrypted with this password inside
153 bool extractable; /**< If true key may be extracted from storage */
157 * @brief The structure for key used in key manager CAPI.
160 typedef struct __ckmc_key {
161 unsigned char* raw_key; /**< Byte array of key. raw_key may be encrypted with password */
162 size_t key_size; /**< The byte size of raw_key */
163 ckmc_key_type_e key_type; /**< The raw_key's type */
164 char* password; /**< Byte array used to decrypt data raw_key inside key manager. */
168 * @brief The structure for certificate used in key manager CAPI.
171 typedef struct __ckmc_cert {
172 unsigned char* raw_cert; /**< Byte array of certificate */
173 size_t cert_size; /**< Byte size of raw_cert */
174 ckmc_data_format_e data_format; /**< Raw_cert's encoding format */
178 * @brief The structure for linked list of alias.
181 typedef struct __ckmc_alias_list {
182 char *alias; /**< The name of key, certificate or data stored in key manager */
183 struct __ckmc_alias_list *next; /**< The pointer pointing to the next ckmc_alias_list_s */
187 * @brief The structure for linked list of ckmc_cert_s
190 typedef struct __ckmc_cert_list {
191 ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */
192 struct __ckmc_cert_list *next; /**< The pointer pointing to the next ckmc_cert_list_s */
196 * @brief Enumeration for OCSP status.
199 typedef enum __ckmc_ocsp_status {
200 CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */
201 CKMC_OCSP_STATUS_REVOKED, /**< certificate is revoked */
202 CKMC_OCSP_STATUS_UNKNOWN, /**< unknown error */
203 CKMC_OCSP_ERROR_UNSUPPORTED, /**< certificate does not provide OCSP extension */
204 CKMC_OCSP_ERROR_INVALID_URL, /**< invalid URL in certificate OCSP extension */
205 CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< invalid response from OCSP server */
206 CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */
207 CKMC_OCSP_ERROR_NET, /**< network connection error */
208 CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */
209 } ckmc_ocsp_status_e;
212 * @brief The structure for PKCS12 used in key manager CAPI.
215 typedef struct __ckmc_pkcs12 {
216 ckmc_key_s *priv_key; /**< private key, may be null */
217 ckmc_cert_s *cert; /**< certificate, may be null */
218 ckmc_cert_list_s *ca_chain; /**< chain certificates list, may be null */
224 * @brief Creates a new @a ckmc_key_s handle and returns it.
228 * @remarks You must destroy the newly created @a ckmc_key_s by calling ckmc_key_free() if it is no
231 * @param[in] raw_key The byte array of key \n
232 * @a raw_key may be encrypted with password.
233 * @param[in] key_size The byte size of @a raw_key
234 * @param[in] key_type The @a raw_key's type
235 * @param[in] password The byte array used to decrypt @a raw_key inside key manager \n
236 * If @a raw_key is not encrypted, @a password can be null.
237 * @param[out] ppkey The pointer to a newly created @a ckmc_key_s handle
239 * @return @c 0 on success,
240 * otherwise a negative error value
242 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
243 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
245 * @see ckmc_key_free()
248 int ckmc_key_new(unsigned char *raw_key,
250 ckmc_key_type_e key_type,
251 char *password, ckmc_key_s **ppkey);
254 * @brief Destroys the @a ckmc_key_s handle and releases all its resources.
258 * @param[in] key The @a ckmc_key_s handle to destroy
261 void ckmc_key_free(ckmc_key_s *key);
265 * @brief Creates a new @a ckmc_raw_buffer_s handle and returns it.
269 * @remarks You must destroy the newly created @a ckmc_raw_buffer_s by calling ckmc_buffer_free() if
270 * it is no longer needed.
272 * @param[in] data The byte array of buffer
273 * @param[in] size The byte size of buffer
274 * @param[out] ppbuffer The pointer to a newly created @a ckmc_buffer_s handle
276 * @return @c 0 on success,
277 * otherwise a negative error value
279 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
280 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
282 * @see ckmc_buffer_free()
283 * @see #ckmc_raw_buffer_s
285 int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer);
288 * @brief Destroys the @a ckmc_raw_buffer_s handle and releases all its resources.
292 * @param[in] buffer The @a ckmc_raw_buffer_s handle to destroy
295 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer);
299 * @brief Creates a new @a ckmc_cert_s handle and returns it.
303 * @remarks You must destroy the newly created @a ckmc_cert_s by calling ckmc_cert_free() if it is
306 * @param[in] raw_cert The byte array of certificate
307 * @param[in] cert_size The byte size of raw_cert
308 * @param[in] data_format The encoding format of raw_cert
309 * @param[out] ppcert The pointer to a newly created @a ckmc_cert_s handle
311 * @return @c 0 on success,
312 * otherwise a negative error value
314 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
315 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
317 * @see ckmc_cert_free()
318 * @see ckmc_load_cert_from_file()
321 int ckmc_cert_new(unsigned char *raw_cert,
323 ckmc_data_format_e data_format,
324 ckmc_cert_s **ppcert);
327 * @brief Destroys the @a ckmc_cert handle and releases all its resources.
331 * @param[in] cert The @a ckmc_cert_s handle to destroy
333 * @see ckmc_load_cert_from_file()
334 * @see ckmc_load_from_pkcs12_file
336 void ckmc_cert_free(ckmc_cert_s *cert);
339 * @brief Creates a new @a ckmc_cert_s handle from a given file and returns it.
343 * @remarks You must destroy the newly created @a ckmc_cert_s by calling ckmc_cert_free() if it is
346 * @param[in] file_path The path of certificate file to be loaded \n
347 * The only DER or PEM encoded certificate file is supported.
348 * @param[out] cert The pointer of newly created @a ckmc_cert_s handle
350 * @return #CKMC_ERROR_NONE on success,
351 * otherwise a negative error value
353 * @retval #CKMC_ERROR_NONE Successful
354 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space
355 * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format
356 * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
358 * @see ckmc_cert_free()
361 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert);
365 * @brief Creates a new @a ckmc_pkcs12_s handle and returns it.
369 * @remarks You must destroy the newly created @a ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it
370 * is no longer needed.
371 * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly
372 * returned ckmc_pkcs12_s.
374 * @param[in] private_key @a ckmc_key_s handle to the private key (optional)
375 * @param[in] cert @a ckmc_cert_s handle to the certificate (optional)
376 * @param[in] ca_cert_list @a ckmc_cert_list_s list of chain certificate handles (optional)
377 * @param[out] pkcs12_bundle The pointer to a newly created @a ckmc_pkcs12_s handle
379 * @return @c 0 on success,
380 * otherwise a negative error value
382 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and
383 * ca_cert_list all are null.
384 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
386 * @see ckmc_pkcs12_free()
387 * @see ckmc_load_from_pkcs12_file()
388 * @see ckmc_pkcs12_load()
391 * @see #ckmc_cert_list_s
392 * @see #ckmc_pkcs12_s
394 int ckmc_pkcs12_new(ckmc_key_s *private_key,
396 ckmc_cert_list_s *ca_cert_list,
397 ckmc_pkcs12_s **pkcs12_bundle);
400 * @deprecated Deprecated since 2.4. [Use ckmc_pkcs12_load() instead]
401 * @brief Creates a new @a ckmc_key_s(private key), @a ckmc_cert_s(certificate), and
402 * @a ckmc_cert_list_s(CA certificates) handle from a given PKCS#12 file and returns them.
406 * @remarks You must destroy the newly created @a ckmc_key_s, @a ckmc_cert_s, and
407 * @a ckmc_cert_list_s by calling ckmc_key_free(), ckmc_cert_free(), and
408 * ckmc_cert_list_all_free() if they are no longer needed.
410 * @param[in] file_path The path of PKCS12 file to be loaded
411 * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n
412 * If PKCS12 file is not encrypted, passphrase can be null.
413 * @param[out] private_key The pointer of newly created @a ckmc_key_s handle for a private key
414 * @param[out] cert The pointer of newly created @a ckmc_cert_s handle for a certificate \n
415 * It is null if the PKCS12 file does not contain a certificate.
416 * @param[out] ca_cert_list The pointer of newly created @a ckmc_cert_list_s handle for CA
418 * It is null if the PKCS12 file does not contain CA certificates.
420 * @return #CKMC_ERROR_NONE on success,
421 * otherwise a negative error value
423 * @retval #CKMC_ERROR_NONE Successful
424 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space
425 * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format
426 * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
428 * @see ckmc_pkcs12_new()
429 * @see ckmc_pkcs12_load()
430 * @see ckmc_key_free()
431 * @see ckmc_cert_free()
432 * @see ckmc_cert_list_all_free()
435 * @see #ckmc_cert_list_s
437 int ckmc_load_from_pkcs12_file(const char *file_path,
438 const char *passphrase,
439 ckmc_key_s **private_key, ckmc_cert_s **cert,
440 ckmc_cert_list_s **ca_cert_list);
443 * @brief Creates a new @a ckmc_pkcs12_s handle from a given PKCS#12 file and returns it.
447 * @remarks You must destroy the newly created @a ckmc_pkcs12_s by calling ckmc_pkcs12_free() if
448 * they are no longer needed.
450 * @param[in] file_path The path of PKCS12 file to be loaded
451 * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n
452 * If PKCS12 file is not encrypted, passphrase can be null.
453 * @param[out] ca_cert_list The pointer of newly created @a ckmc_cert_list_s handle for CA
455 * It is null if the PKCS12 file does not contain CA certificates.
457 * @return #CKMC_ERROR_NONE on success,
458 * otherwise a negative error value
460 * @retval #CKMC_ERROR_NONE Successful
461 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space
462 * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format
463 * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
465 * @see ckmc_pkcs12_free()
466 * @see #ckmc_pkcs12_s
468 int ckmc_pkcs12_load(const char *file_path,
469 const char *passphrase,
470 ckmc_pkcs12_s **pkcs12_bundle);
473 * @brief Destroys the @a ckmc_pkcs12_s handle and releases all its resources.
477 * @param[in] pkcs12 The @a ckmc_pkcs12_s handle to destroy
479 * @see ckmc_pkcs12_new()
480 * @see ckmc_pkcs12_load()
482 void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12);
486 * @brief Creates a new @a ckmc_alias_list_s handle and returns it.
487 * The alias pointer in the returned @a ckmc_alias_list_s handle points to the provided
488 * characters and next is null.
492 * @remarks You must destroy the newly created @a ckmc_alias_list_s
493 * by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer
496 * @param[in] alias The first item to be set in the newly created @a ckmc_alias_list_s
497 * @param[out] ppalias_list The pointer to a newly created @a ckmc_alias_list_s handle
499 * @return @c 0 on success,
500 * otherwise a negative error value
502 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
503 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
505 * @see ckmc_alias_list_all_free()
506 * @see #ckmc_alias_list_s
508 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list);
512 * @brief Creates a new @a ckmc_alias_list_s handle, adds it to a previous @a ckmc_alias_list_s and
513 * returns it. The alias pointer in the returned @a ckmc_alias_list_s handle points to the
514 * provided characters and next is null.
518 * @param[in] previous The last @a ckmc_alias_list_s handle to which a newly created
519 * @a ckmc_alias_list_s is added
520 * @param[in] alias The item to be set in the newly created @a ckmc_alias_list_s
521 * @param[out] pplast The pointer to a newly created and added @a ckmc_alias_list_s handle
523 * @return @c 0 on success,
524 * otherwise a negative error value
526 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
527 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
529 * @see ckmc_alias_list_all_free()
530 * @see #ckmc_alias_list_s
532 int ckmc_alias_list_add(ckmc_alias_list_s *previous,
534 ckmc_alias_list_s **pplast);
538 * @brief Destroys the @a ckmc_alias_list_s handle and releases resources of @a ckmc_alias_list_s
539 * from the provided first handle cascadingly.
543 * @remarks It does not destroy an alias itself in @a ckmc_alias_list_s.
545 * @param[in] first The first @a ckmc_alias_list_s handle to destroy
547 * @see ckmc_alias_list_all_free()
548 * @see #ckmc_alias_list_s
550 void ckmc_alias_list_free(ckmc_alias_list_s *first);
553 * @brief Destroys the @a ckmc_alias_list_s handle and releases all its resources from the provided
554 * first handle cascadingly.
558 * @remarks It also destroys the alias in @a ckmc_alias_list_s.
560 * @param[in] first The first @a ckmc_alias_list_s handle to destroy
562 * @see #ckmc_alias_list_s
564 void ckmc_alias_list_all_free(ckmc_alias_list_s *first);
568 * @brief Creates a new @a ckmc_cert_list_s handle and returns it.
569 * The cert pointer in the returned @a ckmc_cert_list_s handle points to the provided
570 * @a ckmc_cert_s and next is null.
574 * @remarks You must destroy the newly created @a ckmc_cert_list_s by calling ckmc_cert_list_free()
575 * or ckmc_cert_list_all_free() if it is no longer needed.
577 * @param[in] cert The first item to be set in the newly created @a ckmc_cert_list_s
578 * @param[out] ppalias_list The pointer to a newly created @a ckmc_alias_list_s handle
580 * @return @c 0 on success,
581 * otherwise a negative error value
583 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
584 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
586 * @see ckmc_cert_list_all_free()
587 * @see #ckmc_cert_list_s
589 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list);
593 * @brief Creates a new @a ckmc_cert_list_s handle, adds it to a previous @a ckmc_cert_list_s and
594 * returns it. The cert pointer in the returned @a ckmc_alias_list_s handle points to the
595 * provided @a ckmc_cert_s and next is null.
599 * @param[in] previous The last @a ckmc_cert_list_s handle to which a newly created
600 * @a ckmc_cert_list_s is added
601 * @param[in] cert The item to be set in the newly created @a ckmc_cert_list_s
602 * @param[out] pplast The pointer to a newly created and added @a ckmc_alias_list_s handle
604 * @return @c 0 on success,
605 * otherwise a negative error value
607 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
608 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
610 * @see ckmc_cert_list_all_free()
611 * @see #ckmc_cert_list_s
613 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast);
617 * @brief Destroys the @a ckmc_cert_list_s handle and releases resources of @a ckmc_cert_list_s
618 * from the provided first handle cascadingly.
622 * @remarks It does not destroy @a ckmc_cert_s itself in @a ckmc_cert_list_s.
624 * @param[in] first The first @a ckmc_cert_list_s handle to destroy
626 * @see ckmc_cert_list_all_free()
627 * @see #ckmc_cert_list_s
629 void ckmc_cert_list_free(ckmc_cert_list_s *first);
632 * @brief Destroys the @a ckmc_cert_list_s handle and releases all its resources from the provided
633 * first handle cascadingly.
637 * @remarks It also destroys @a ckmc_cert_s in ckmc_cert_list_s.
639 * @param[in] first The first @a ckmc_cert_list_s handle to destroy
641 * @see #ckmc_cert_list_s
643 void ckmc_cert_list_all_free(ckmc_cert_list_s *first);
653 #endif /* __TIZEN_CORE_CKMC_TYPE_H */