Unwraps concatenated key and data (key|data) with wrapping key. Splits to key (stored inside key manager) and data (returned to the client).

Warning:

This is not for use by third-party applications.

Since :

7.0

Privilege Level:

platform

Privilege:

http://tizen.org/privilege/keymanager.extended

Remarks:

The wrapping key must be private RSA (CKMC_KEY_RSA_PRIVATE).

key_type in wrapped_key can only be CKMC_KEY_AES.

password in wrapped_key must be set to NULL. There's no need to additionally encrypt a wrapped key.

The key denoted by alias can only be CKMC_KEY_AES.

If password in policy is provided, the stored key is additionally encrypted with it.

If extractable in policy is set to false, the stored key may still be exported in a wrapped form.

The ppdata should be released using ckmc_buffer_free().

Parameters:

[in]	params	Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details. Supported algorithms: CKMC_ALGO_RSA_OAEP
[in]	wrapping_key_alias	The name of the wrapping key
[in]	wrapping_key_password	An optional password of the wrapping key
[in]	wrapped_key	The wrapped key to be unwrapped, split and stored
[in]	alias	The name of a key to be stored
[in]	size	The size in bits of the key to be stored. 128, 192 and 256 are supported
[in]	policy	The policy about how to store a key securely
[out]	ppdata	The unwrapped data.

Returns:

0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_PERMISSION_DENIED	Insufficient permissions to access key manager, the wrapping key or to create the unwrapped key
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid (missing or invalid mandatory algorithm parameter or invalid key size, wrapping_key_alias = NULL, wrapped_key = NULL, alias = NULL, ppdata = NULL)
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_UNKNOWN	wrapping_key_alias does not exist
CKMC_ERROR_DB_ALIAS_EXISTS	alias already exists
CKMC_ERROR_INVALID_FORMAT	The format of wrapped_key is not valid
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_AUTHENTICATION_FAILED	Wrapping key decryption failed because wrapping_key_password is incorrect
CKMC_ERROR_SERVER_ERROR	Unknown error

Precondition:

User is already logged in and the user key is already loaded into memory in plain text form.

 ckmc_param_list_h params;    // Initialized elsewhere
 ckmc_key_s *wrapped_key;     // Initialized elsewhere
 ckmc_policy_s policy;        // Initialized elsewhere
 ckmc_raw_buffer_s *ppdata;
 int ret = ckmc_unwrap_concatenated_data(params,
                                         "wrapping_key_alias",
                                         "wrapping_key_password",
                                         wrapped_key,
                                         "alias,"
                                         192,
                                         policy,
                                         &ppdata);
  ...
 ckmc_buffer_free(ppdata);

See also:

ckmc_wrap_concatenated_data()

ckmc_param_list_h

ckmc_key_s

ckmc_policy_s

ckmc_raw_buffer_s

Wraps concatenated key and data (key|data) with wrapping key and returns it to the client.

Warning:

This is not for use by third-party applications.

Since :

7.0

Privilege Level:

platform

Privilege:

http://tizen.org/privilege/keymanager.extended

Remarks:

The wrapping key must be public RSA (CKMC_KEY_RSA_PUBLIC).

The key denoted by alias can only be CKMC_KEY_AES.

The key and the wrapping key must be stored in the same backend.

The data size must be smaller or equal to: wrapping key size in bytes - key size in bytes - 2* hash function output size in bytes - 2. Example: for 3072 RSA wrapping key, 256 AES key and hash SHA384 the maximum data size is: 3072/8 - 256/8 - 2*384/8 - 2 = 254 bytes.

Considering the data size limit it's recommended to use RSA key longer than 1024 bits.

The ppwrapped_key should be released using ckmc_key_free().

Parameters:

[in]	params	Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details. Supported algorithms: CKMC_ALGO_RSA_OAEP
[in]	wrapping_key_alias	The name of the wrapping key
[in]	wrapping_key_password	An optional password of the wrapping key
[in]	alias	The name of the key to be concatenated, wrapped and exported
[in]	password	An optional password used to decrypt the key pointed by alias
[in]	data	Data to be concatenated, wrapped and exported
[out]	ppwrapped_key	The wrapped key.

Returns:

0 on success, otherwise a negative error value

Return values:

CKMC_ERROR_NONE	Successful
CKMC_ERROR_PERMISSION_DENIED	Insufficient permissions to access key manager, the wrapping key or the key being wrapped
CKMC_ERROR_INVALID_PARAMETER	Input parameter is invalid (missing or invalid mandatory algorithm parameter or data too long, wrapping_key_alias = NULL, alias = NULL, data = NULL, ppwrapped_key = NULL)
CKMC_ERROR_DB_LOCKED	A user key is not loaded in memory (a user is not logged in)
CKMC_ERROR_DB_ALIAS_UNKNOWN	wrapping_key_alias or alias does not exist
CKMC_ERROR_DB_ERROR	Failed due to a database error
CKMC_ERROR_AUTHENTICATION_FAILED	Wrapping key decryption failed because wrapping_key_password is incorrect
CKMC_ERROR_SERVER_ERROR	Unknown error

Precondition:

User is already logged in and the user key is already loaded into memory in plain text form.

 ckmc_param_list_h params;    // Initialized elsewhere
 ckmc_raw_buffer_s *data;     // Initialized elsewhere
 ckmc_key_s *ppwrapped_key;
 int ret = ckmc_wrap_concatenated_data(params,
                                       "wrapping_key_alias",
                                       "wrapping_key_password",
                                       "alias",
                                       "password",
                                       data,
                                       &ppwrapped_key);
  ...
 ckmc_key_free(ppwrapped_key);

See also:

ckmc_unwrap_concatenated_data()

ckmc_param_list_h

ckmc_raw_buffer_s

ckmc_key_s