Tizen Native API
8.0
|
It provides APIs that allow access to extended key manager functionality.
Required Header
#include <ckmc/ckmc-extended.h>
Overview
It provides APIs for extended functionalty including concatenated data wrapping and unwrapping
Functions | |
int | ckmc_wrap_concatenated_data (const ckmc_param_list_h params, const char *wrapping_key_alias, const char *wrapping_key_password, const char *alias, const char *password, const ckmc_raw_buffer_s *data, ckmc_key_s **ppwrapped_key) |
Wraps concatenated key and data (key|data) with wrapping key and returns it to the client. | |
int | ckmc_unwrap_concatenated_data (const ckmc_param_list_h params, const char *wrapping_key_alias, const char *wrapping_key_password, const ckmc_key_s *wrapped_key, const char *alias, size_t size, const ckmc_policy_s policy, ckmc_raw_buffer_s **ppdata) |
Unwraps concatenated key and data (key|data) with wrapping key. Splits to key (stored inside key manager) and data (returned to the client). |
Function Documentation
int ckmc_unwrap_concatenated_data | ( | const ckmc_param_list_h | params, |
const char * | wrapping_key_alias, | ||
const char * | wrapping_key_password, | ||
const ckmc_key_s * | wrapped_key, | ||
const char * | alias, | ||
size_t | size, | ||
const ckmc_policy_s | policy, | ||
ckmc_raw_buffer_s ** | ppdata | ||
) |
Unwraps concatenated key and data (key|data) with wrapping key. Splits to key (stored inside key manager) and data (returned to the client).
- Warning:
- This is not for use by third-party applications.
- Since :
- 7.0
- Privilege Level:
- platform
- Privilege:
- http://tizen.org/privilege/keymanager.extended
- Remarks:
- The wrapping key must be private RSA (CKMC_KEY_RSA_PRIVATE).
- key_type in wrapped_key can only be CKMC_KEY_AES.
- password in wrapped_key must be set to NULL. There's no need to additionally encrypt a wrapped key.
- The key denoted by alias can only be CKMC_KEY_AES.
- If password in policy is provided, the stored key is additionally encrypted with it.
- If extractable in policy is set to false, the stored key may still be exported in a wrapped form.
- The ppdata should be released using ckmc_buffer_free().
- Parameters:
-
[in] params Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details. Supported algorithms: [in] wrapping_key_alias The name of the wrapping key [in] wrapping_key_password An optional password of the wrapping key [in] wrapped_key The wrapped key to be unwrapped, split and stored [in] alias The name of a key to be stored [in] size The size in bits of the key to be stored. 128
,192
and256
are supported[in] policy The policy about how to store a key securely [out] ppdata The unwrapped data.
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager, the wrapping key or to create the unwrapped key CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory algorithm parameter or invalid key size, wrapping_key_alias = NULL, wrapped_key = NULL, alias = NULL, ppdata = NULL) CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_UNKNOWN wrapping_key_alias does not exist CKMC_ERROR_DB_ALIAS_EXISTS alias already exists CKMC_ERROR_INVALID_FORMAT The format of wrapped_key is not valid CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_AUTHENTICATION_FAILED Wrapping key decryption failed because wrapping_key_password is incorrect CKMC_ERROR_SERVER_ERROR Unknown error
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
ckmc_param_list_h params; // Initialized elsewhere ckmc_key_s *wrapped_key; // Initialized elsewhere ckmc_policy_s policy; // Initialized elsewhere ckmc_raw_buffer_s *ppdata; int ret = ckmc_unwrap_concatenated_data(params, "wrapping_key_alias", "wrapping_key_password", wrapped_key, "alias," 192, policy, &ppdata); ... ckmc_buffer_free(ppdata);
int ckmc_wrap_concatenated_data | ( | const ckmc_param_list_h | params, |
const char * | wrapping_key_alias, | ||
const char * | wrapping_key_password, | ||
const char * | alias, | ||
const char * | password, | ||
const ckmc_raw_buffer_s * | data, | ||
ckmc_key_s ** | ppwrapped_key | ||
) |
Wraps concatenated key and data (key|data) with wrapping key and returns it to the client.
- Warning:
- This is not for use by third-party applications.
- Since :
- 7.0
- Privilege Level:
- platform
- Privilege:
- http://tizen.org/privilege/keymanager.extended
- Remarks:
- The wrapping key must be public RSA (CKMC_KEY_RSA_PUBLIC).
- The key denoted by alias can only be CKMC_KEY_AES.
- The key and the wrapping key must be stored in the same backend.
- The data size must be smaller or equal to: wrapping key size in bytes - key size in bytes - 2* hash function output size in bytes - 2. Example: for 3072 RSA wrapping key, 256 AES key and hash SHA384 the maximum data size is: 3072/8 - 256/8 - 2*384/8 - 2 = 254 bytes.
-
Considering the data size limit it's recommended to use RSA key longer than
1024
bits. - The ppwrapped_key should be released using ckmc_key_free().
- Parameters:
-
[in] params Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details. Supported algorithms: [in] wrapping_key_alias The name of the wrapping key [in] wrapping_key_password An optional password of the wrapping key [in] alias The name of the key to be concatenated, wrapped and exported [in] password An optional password used to decrypt the key pointed by alias [in] data Data to be concatenated, wrapped and exported [out] ppwrapped_key The wrapped key.
- Returns:
0
on success, otherwise a negative error value
- Return values:
-
CKMC_ERROR_NONE Successful CKMC_ERROR_PERMISSION_DENIED Insufficient permissions to access key manager, the wrapping key or the key being wrapped CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid mandatory algorithm parameter or data too long, wrapping_key_alias = NULL, alias = NULL, data = NULL, ppwrapped_key = NULL) CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) CKMC_ERROR_DB_ALIAS_UNKNOWN wrapping_key_alias or alias does not exist CKMC_ERROR_DB_ERROR Failed due to a database error CKMC_ERROR_AUTHENTICATION_FAILED Wrapping key decryption failed because wrapping_key_password is incorrect CKMC_ERROR_SERVER_ERROR Unknown error
- Precondition:
- User is already logged in and the user key is already loaded into memory in plain text form.
ckmc_param_list_h params; // Initialized elsewhere ckmc_raw_buffer_s *data; // Initialized elsewhere ckmc_key_s *ppwrapped_key; int ret = ckmc_wrap_concatenated_data(params, "wrapping_key_alias", "wrapping_key_password", "alias", "password", data, &ppwrapped_key); ... ckmc_key_free(ppwrapped_key);