Tizen Native API
5.5
|
It provides APIs accessing on the secure repository and additional secure cryptographic operations.
#include <ckmc/ckmc-manager.h>
It provides APIs for storing, getting, and removing APIs for keys, certificates, and sensitive data on/from the Key Manager secure repository which is protected by a user’s passwords. Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
Functions | |
int | ckmc_save_key (const char *alias, const ckmc_key_s key, const ckmc_policy_s policy) |
Stores a key inside key manager based on the provided policy. | |
int | ckmc_remove_key (const char *alias) TIZEN_DEPRECATED_API |
Removes a key from key manager. | |
int | ckmc_get_key (const char *alias, const char *password, ckmc_key_s **ppkey) |
Gets a key from key manager. | |
int | ckmc_get_key_alias_list (ckmc_alias_list_s **ppalias_list) |
Gets all the alias of keys that the client can access. | |
int | ckmc_get_key_alias_info_list (ckmc_alias_info_list_s **ppalias_list) |
Gets the information about all the aliases of keys that the client can access. | |
int | ckmc_save_cert (const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy) |
Stores a certificate inside key manager based on the provided policy. | |
int | ckmc_remove_cert (const char *alias) TIZEN_DEPRECATED_API |
Removes a certificate from key manager. | |
int | ckmc_get_cert (const char *alias, const char *password, ckmc_cert_s **ppcert) |
Gets a certificate from key manager. | |
int | ckmc_get_cert_alias_list (ckmc_alias_list_s **ppalias_list) |
Gets all alias of certificates which the client can access. | |
int | ckmc_get_cert_alias_info_list (ckmc_alias_info_list_s **ppalias_list) |
Gets the information about all the aliases of certificates that the client can access. | |
int | ckmc_save_pkcs12 (const char *alias, const ckmc_pkcs12_s *pkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy) |
Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias. | |
int | ckmc_get_pkcs12 (const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12) |
Gets a pkcs12 from key manager. | |
int | ckmc_save_data (const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy) |
Stores a data inside key manager based on the provided policy. | |
int | ckmc_remove_data (const char *alias) TIZEN_DEPRECATED_API |
Removes a data from key manager. | |
int | ckmc_get_data (const char *alias, const char *password, ckmc_raw_buffer_s **ppdata) |
Gets a data from key manager. | |
int | ckmc_get_data_alias_list (ckmc_alias_list_s **ppalias_list) |
Gets all alias of data which the client can access. | |
int | ckmc_get_data_alias_info_list (ckmc_alias_info_list_s **ppalias_list) |
Gets the information about all the aliases of data that the client can access. | |
int | ckmc_create_key_pair_rsa (const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) |
Creates RSA private/public key pair and stores them inside key manager based on each policy. | |
int | ckmc_create_key_pair_dsa (const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) |
Creates DSA private/public key pair and stores them inside key manager based on each policy. | |
int | ckmc_create_key_pair_ecdsa (const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key) |
Creates ECDSA private/public key pair and stores them inside key manager based on each policy. | |
int | ckmc_create_key_aes (size_t size, const char *key_alias, ckmc_policy_s key_policy) |
Creates AES key and stores it inside key manager based on the policy. | |
int | ckmc_create_signature (const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature) |
Creates a signature on a given message using a private key and returns the signature. | |
int | ckmc_verify_signature (const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding) |
Verifies a given signature on a given message using a public key and returns the signature status. | |
int | ckmc_get_cert_chain (const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) |
Verifies a certificate chain and returns that chain. | |
int | ckmc_get_cert_chain_with_alias (const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list) TIZEN_DEPRECATED_API |
Verifies a certificate chain using an alias list of untrusted certificates and return that chain. | |
int | ckmc_get_cert_chain_with_trustedcert (const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, const ckmc_cert_list_s *trustedcerts, const bool use_trustedsystemcerts, ckmc_cert_list_s **ppcert_chain_list) |
Verifies a certificate chain and returns that chain using user-entered, trusted, and untrusted CA certificates. | |
int | ckmc_ocsp_check (const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status) |
Perform OCSP that checks certificate is whether revoked or not. | |
int | ckmc_allow_access (const char *alias, const char *accessor, ckmc_access_right_e granted) TIZEN_DEPRECATED_API |
Allows another application to access client's application data. | |
int | ckmc_set_permission (const char *alias, const char *accessor, int permissions) |
Allows another application to access client's application data. | |
int | ckmc_deny_access (const char *alias, const char *accessor) TIZEN_DEPRECATED_API |
Revokes another application's access to client's application data. | |
int | ckmc_remove_alias (const char *alias) |
Removes an entry (no matter of type) from the key manager. | |
int | ckmc_encrypt_data (ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s decrypted, ckmc_raw_buffer_s **ppencrypted) |
Encrypts data using selected key and algorithm. | |
int | ckmc_decrypt_data (ckmc_param_list_h params, const char *key_alias, const char *password, const ckmc_raw_buffer_s encrypted, ckmc_raw_buffer_s **ppdecrypted) |
Decrypts data using selected key and algorithm. |
int ckmc_allow_access | ( | const char * | alias, |
const char * | accessor, | ||
ckmc_access_right_e | granted | ||
) |
Allows another application to access client's application data.
[in] | alias | Data alias for which access will be granted |
[in] | accessor | Package id of the application that will gain access rights |
[in] | granted | Rights granted for accessor application |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_create_key_aes | ( | size_t | size, |
const char * | key_alias, | ||
ckmc_policy_s | key_policy | ||
) |
Creates AES key and stores it inside key manager based on the policy.
[in] | size | The size of key strength to be created 128 , 192 and 256 are supported |
[in] | key_alias | The name of key to be stored |
[in] | key_policy | The policy about how to store the key securely |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ALIAS_EXISTS | Alias already exists |
CKMC_ERROR_DB_ERROR | Failed due to other DB transaction unexpectedly |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_create_key_pair_dsa | ( | const size_t | size, |
const char * | private_key_alias, | ||
const char * | public_key_alias, | ||
const ckmc_policy_s | policy_private_key, | ||
const ckmc_policy_s | policy_public_key | ||
) |
Creates DSA private/public key pair and stores them inside key manager based on each policy.
[in] | size | The size of key strength to be created 1024 , 2048 , 3072 and 4096 are supported |
[in] | private_key_alias | The name of private key to be stored |
[in] | public_key_alias | The name of public key to be stored |
[in] | policy_private_key | The policy about how to store a private key securely |
[in] | policy_public_key | The policy about how to store a public key securely |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ALIAS_EXISTS | Alias already exists |
CKMC_ERROR_DB_ERROR | Failed due to other DB transaction unexpectedly |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_create_key_pair_ecdsa | ( | const ckmc_ec_type_e | type, |
const char * | private_key_alias, | ||
const char * | public_key_alias, | ||
const ckmc_policy_s | policy_private_key, | ||
const ckmc_policy_s | policy_public_key | ||
) |
Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
[in] | type | The type of elliptic curve of ECDSA |
[in] | private_key_alias | The name of private key to be stored |
[in] | public_key_alias | The name of public key to be stored |
[in] | policy_private_key | The policy about how to store a private key securely |
[in] | policy_public_key | The policy about how to store a public key securely |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ALIAS_EXISTS | Alias already exists |
CKMC_ERROR_DB_ERROR | Failed due to other DB transaction unexpectedly |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_create_key_pair_rsa | ( | const size_t | size, |
const char * | private_key_alias, | ||
const char * | public_key_alias, | ||
const ckmc_policy_s | policy_private_key, | ||
const ckmc_policy_s | policy_public_key | ||
) |
Creates RSA private/public key pair and stores them inside key manager based on each policy.
[in] | size | The size of key strength to be created 1024 , 2048 , and 4096 are supported |
[in] | private_key_alias | The name of private key to be stored |
[in] | public_key_alias | The name of public key to be stored |
[in] | policy_private_key | The policy about how to store a private key securely |
[in] | policy_public_key | The policy about how to store a public key securely |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ALIAS_EXISTS | Alias already exists |
CKMC_ERROR_DB_ERROR | Failed due to other DB transaction unexpectedly |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_create_signature | ( | const char * | private_key_alias, |
const char * | password, | ||
const ckmc_raw_buffer_s | message, | ||
const ckmc_hash_algo_e | hash, | ||
const ckmc_rsa_padding_algo_e | padding, | ||
ckmc_raw_buffer_s ** | ppsignature | ||
) |
Creates a signature on a given message using a private key and returns the signature.
[in] | private_key_alias | The name of private key |
[in] | password | The password used in decrypting a private key value |
[in] | message | The message that is signed with a private key |
[in] | hash | The hash algorithm used in creating signature. CKMC_HASH_NONE is invalid for DSA & ECDSA |
[in] | padding | The RSA padding algorithm used in creating signature It is used only when the signature algorithm is RSA. If padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE and the message must be equal to key length |
[out] | ppsignature | The pointer to a newly created signature If an error occurs, *ppsignature will be null |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_AUTHENTICATION_FAILED | Decryption failed because password is incorrect |
int ckmc_decrypt_data | ( | ckmc_param_list_h | params, |
const char * | key_alias, | ||
const char * | password, | ||
const ckmc_raw_buffer_s | encrypted, | ||
ckmc_raw_buffer_s ** | ppdecrypted | ||
) |
Decrypts data using selected key and algorithm.
[in] | params | Algorithm parameter list handle. You should use the same parameters that were used for encryption. See ckmc_param_list_h and ckmc_algo_type_e for details |
[in] | key_alias | Alias of the key to be used for encryption |
[in] | password | The password used in decrypting a key value If password of the policy is provided in ckmc_save_key(), the same password should be provided |
[in] | encrypted | Data to be decrypted (some algorithms may require additional information embedded in encrypted data. AES GCM is an example) Since Tizen 5.0, on chosen images where module is using TEE backend, data size is limited to at least 500 kB (TEE implementation-specific). |
[out] | ppdecrypted | Decrypted data The caller is responsible for freeing decrypted with ckmc_buffer_free() |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid (missing or invalid mandatory algorithm parameter, GCM tag authentication failed, key or data is wrong, in case of RSA key is wrong or data too long, encrypted = NULL, ppdecrypted = NULL) |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Key with given alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_AUTHENTICATION_FAILED | Key decryption failed because password is incorrect |
CKMC_ERROR_SERVER_ERROR | Too big data size or unsupported GCM mode (32 and 64 bit tag lengths not supported on TEE backend) or internal error |
int ckmc_deny_access | ( | const char * | alias, |
const char * | accessor | ||
) |
Revokes another application's access to client's application data.
[in] | alias | Data alias for which access will be revoked |
[in] | accessor | Package id of the application that will lose access rights |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid or the accessor doesn't have access to alias |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_encrypt_data | ( | ckmc_param_list_h | params, |
const char * | key_alias, | ||
const char * | password, | ||
const ckmc_raw_buffer_s | decrypted, | ||
ckmc_raw_buffer_s ** | ppencrypted | ||
) |
Encrypts data using selected key and algorithm.
[in] | params | Algorithm parameter list handle. See ckmc_param_list_h and ckmc_algo_type_e for details |
[in] | key_alias | Alias of the key to be used for encryption |
[in] | password | The password used in decrypting a key value If password of the policy is provided in ckmc_save_key(), the same password should be provided |
[in] | decrypted | Data to be encrypted. In case of AES algorithm there are no restrictions on the size of data, if S/W backend is used. If module uses TEE backend (since Tizen 5.0 on chosen images), maximum size of data is implementation-specific and at least 500 kB. For RSA the size must be smaller or equal to key size in bytes - 42. Example: for 1024 RSA key the maximum data size is 1024/8 - 42 = 86. |
[out] | ppencrypted | Encrypted data (some algorithms may return additional information embedded in encrypted data. AES GCM is an example) The caller is responsible for freeing encrypted with ckmc_buffer_free() |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid (missing or invalid mandatory algorithm parameter or RSA data too long, decrypted = NULL, ppencrypted = NULL) |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Key with given alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_AUTHENTICATION_FAILED | Key decryption failed because password is incorrect |
CKMC_ERROR_SERVER_ERROR | Too big data size or unsupported GCM mode (32 and 64 bit tag lengths not supported on TEE backend) or internal error |
int ckmc_get_cert | ( | const char * | alias, |
const char * | password, | ||
ckmc_cert_s ** | ppcert | ||
) |
Gets a certificate from key manager.
[in] | alias | The name of a certificate to retrieve |
[in] | password | The password used in decrypting a certificate value If password of policy is provided in ckmc_save_cert(), the same password should be provided |
[out] | ppcert | The pointer to a newly created ckmc_cert_s handle |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exists |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_AUTHENTICATION_FAILED | Decryption failed because password is incorrect |
int ckmc_get_cert_alias_info_list | ( | ckmc_alias_info_list_s ** | ppalias_list | ) |
Gets the information about all the aliases of certificates that the client can access.
[out] | ppalias_list | The pointer to a newly created ckmc_alias_info_list_s handle containing information about all certificate aliases If there is no available certificate alias, *ppalias_list will be null |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_get_cert_alias_list | ( | ckmc_alias_list_s ** | ppalias_list | ) |
Gets all alias of certificates which the client can access.
[out] | ppalias_list | The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys If there is no available key alias, *ppalias_list will be null |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_get_cert_chain | ( | const ckmc_cert_s * | cert, |
const ckmc_cert_list_s * | untrustedcerts, | ||
ckmc_cert_list_s ** | ppcert_chain_list | ||
) |
Verifies a certificate chain and returns that chain.
[in] | cert | The certificate to be verified |
[in] | untrustedcerts | The untrusted CA certificates to be used in verifying a certificate chain |
[out] | ppcert_chain_list | The pointer to a newly created certificate chain's handle If an error occurs, *ppcert_chain_list will be null |
0
on success and the signature is valid, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_VERIFICATION_FAILED | The certificate chain is not valid |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_INVALID_FORMAT | The format of certificate is not valid |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_AUTHENTICATION_FAILED | Decryption failed because password is incorrect |
int ckmc_get_cert_chain_with_alias | ( | const ckmc_cert_s * | cert, |
const ckmc_alias_list_s * | untrustedcerts, | ||
ckmc_cert_list_s ** | ppcert_chain_list | ||
) |
Verifies a certificate chain using an alias list of untrusted certificates and return that chain.
[in] | cert | The certificate to be verified |
[in] | untrustedcerts | The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain |
[out] | ppcert_chain_list | The pointer to a newly created certificate chain's handle If an error occurs, *ppcert_chain_list will be null |
0
on success and the signature is valid, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_VERIFICATION_FAILED | The certificate chain is not valid |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_INVALID_FORMAT | The format of certificate is not valid |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_AUTHENTICATION_FAILED | Some certificates were encrypted with password and could not be used |
int ckmc_get_cert_chain_with_trustedcert | ( | const ckmc_cert_s * | cert, |
const ckmc_cert_list_s * | untrustedcerts, | ||
const ckmc_cert_list_s * | trustedcerts, | ||
const bool | use_trustedsystemcerts, | ||
ckmc_cert_list_s ** | ppcert_chain_list | ||
) |
Verifies a certificate chain and returns that chain using user-entered, trusted, and untrusted CA certificates.
[in] | cert | The certificate to be verified |
[in] | untrustedcerts | The untrusted CA certificates to be used in verifying a certificate chain |
[in] | trustedcerts | The trusted CA certificates to be used in verifying a certificate chain |
[in] | use_trustedsystemcerts | The flag indicating the use of the trusted root certificates in the system's certificate storage |
[out] | ppcert_chain_list | The pointer to a newly created certificate chain's handle If an error occurs, *ppcert_chain_list will be null |
0
on success and the signature is valid, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_VERIFICATION_FAILED | The certificate chain is not valid |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_INVALID_FORMAT | The format of certificate is not valid |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_get_data | ( | const char * | alias, |
const char * | password, | ||
ckmc_raw_buffer_s ** | ppdata | ||
) |
Gets a data from key manager.
[in] | alias | The name of a data to retrieve |
[in] | password | The password used in decrypting a data value If password of policy is provided in ckmc_save_data(), the same password should be provided |
[out] | ppdata | The pointer to a newly created ckmc_raw_buffer_s handle |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_AUTHENTICATION_FAILED | Decryption failed because password is incorrect |
int ckmc_get_data_alias_info_list | ( | ckmc_alias_info_list_s ** | ppalias_list | ) |
Gets the information about all the aliases of data that the client can access.
[out] | ppalias_list | The pointer to a newly created ckmc_alias_info_list_s handle containing information about all data aliases If there is no available data alias, *ppalias_list will be null |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_get_data_alias_list | ( | ckmc_alias_list_s ** | ppalias_list | ) |
Gets all alias of data which the client can access.
[out] | ppalias_list | The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys If there is no available key alias, *ppalias_list will be null |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_get_key | ( | const char * | alias, |
const char * | password, | ||
ckmc_key_s ** | ppkey | ||
) |
Gets a key from key manager.
[in] | alias | The name of a key to retrieve |
[in] | password | The password used in decrypting a key value If password of policy is provided in ckmc_save_key(), the same password should be provided |
[out] | ppkey | The pointer to a newly created ckmc_key_s handle |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_AUTHENTICATION_FAILED | Decryption failed because password is incorrect |
int ckmc_get_key_alias_info_list | ( | ckmc_alias_info_list_s ** | ppalias_list | ) |
Gets the information about all the aliases of keys that the client can access.
[out] | ppalias_list | The pointer to a newly created ckmc_alias_info_list_s handle containing information about all key aliases If there is no available key alias, *ppalias_list will be null |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_get_key_alias_list | ( | ckmc_alias_list_s ** | ppalias_list | ) |
Gets all the alias of keys that the client can access.
[out] | ppalias_list | The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys If there is no available key alias, *ppalias_list will be null |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_get_pkcs12 | ( | const char * | alias, |
const char * | key_password, | ||
const char * | cert_password, | ||
ckmc_pkcs12_s ** | pkcs12 | ||
) |
Gets a pkcs12 from key manager.
[in] | alias | The name of a data to retrieve |
[in] | key_password | Password that was used to encrypt privateKey (may be NULL) |
[in] | cert_password | Password used to encrypt certificates (may be NULL) |
[out] | pkcs12 | The pointer to a newly created ckmc_pkcs12_s handle |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_AUTHENTICATION_FAILED | key_password or cert_password does not match with password used to encrypt data |
int ckmc_ocsp_check | ( | const ckmc_cert_list_s * | pcert_chain_list, |
ckmc_ocsp_status_e * | ocsp_status | ||
) |
Perform OCSP that checks certificate is whether revoked or not.
[in] | pcert_chain_list | Valid certificate chain to perform OCSP check |
[out] | ocsp_status | The pointer to status result of OCSP check |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_NOT_SUPPORTED | Device needed to run API is not supported |
int ckmc_remove_alias | ( | const char * | alias | ) |
Removes an entry (no matter of type) from the key manager.
[in] | alias | Item alias to be removed |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_remove_cert | ( | const char * | alias | ) |
Removes a certificate from key manager.
[in] | alias | The name of a certificate to be removed |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_remove_data | ( | const char * | alias | ) |
Removes a data from key manager.
[in] | alias | The name of a data to be removed |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_remove_key | ( | const char * | alias | ) |
Removes a key from key manager.
[in] | alias | The name of a key to be removed |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_save_cert | ( | const char * | alias, |
const ckmc_cert_s | cert, | ||
const ckmc_policy_s | policy | ||
) |
Stores a certificate inside key manager based on the provided policy.
[in] | alias | The name of a certificate to be stored |
[in] | cert | The certificate's binary value to be stored |
[in] | policy | The policy about how to store a certificate securely |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ALIAS_EXISTS | Alias already exists |
CKMC_ERROR_INVALID_FORMAT | The format of raw_cert is not valid |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_save_data | ( | const char * | alias, |
ckmc_raw_buffer_s | data, | ||
const ckmc_policy_s | policy | ||
) |
Stores a data inside key manager based on the provided policy.
[in] | alias | The name of a data to be stored |
[in] | data | The binary value to be stored |
[in] | policy | The policy about how to store a data securely |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ALIAS_EXISTS | Alias already exists |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_save_key | ( | const char * | alias, |
const ckmc_key_s | key, | ||
const ckmc_policy_s | policy | ||
) |
Stores a key inside key manager based on the provided policy.
[in] | alias | The name of a key to be stored |
[in] | key | The key's binary value to be stored |
[in] | policy | The policy about how to store a key securely |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ALIAS_EXISTS | Alias already exists |
CKMC_ERROR_INVALID_FORMAT | The format of raw_key is not valid |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_save_pkcs12 | ( | const char * | alias, |
const ckmc_pkcs12_s * | pkcs, | ||
const ckmc_policy_s | key_policy, | ||
const ckmc_policy_s | cert_policy | ||
) |
Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias.
[in] | alias | The name of a data to be stored |
[in] | pkcs | Pointer to the pkcs12 structure to be saved |
[in] | key_policy | The policy about how to store pkcs's private key |
[in] | cert_policy | The policy about how to store pkcs's certificate |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ALIAS_EXISTS | Alias already exists |
CKMC_ERROR_DB_ERROR | Failed due to a database error |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_set_permission | ( | const char * | alias, |
const char * | accessor, | ||
int | permissions | ||
) |
Allows another application to access client's application data.
[in] | alias | Data alias for which access will be granted |
[in] | accessor | Package id of the application that will gain access rights |
[in] | permissions | Mask of permissions granted for accessor application (ckmc_permission_e) (previous permission mask will be replaced with the new mask value) |
0
on success, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
int ckmc_verify_signature | ( | const char * | public_key_alias, |
const char * | password, | ||
const ckmc_raw_buffer_s | message, | ||
const ckmc_raw_buffer_s | signature, | ||
const ckmc_hash_algo_e | hash, | ||
const ckmc_rsa_padding_algo_e | padding | ||
) |
Verifies a given signature on a given message using a public key and returns the signature status.
[in] | public_key_alias | The name of public key |
[in] | password | The password used in decrypting a public key value |
[in] | message | The input on which the signature is created |
[in] | signature | The signature that is verified with public key |
[in] | hash | The hash algorithm used in verifying signature. CKMC_HASH_NONE is invalid for DSA & ECDSA |
[in] | padding | The RSA padding algorithm used in verifying signature It is used only when the signature algorithm is RSA. If padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE and the message must be equal to key length |
0
on success and the signature is valid, otherwise a negative error value CKMC_ERROR_NONE | Successful |
CKMC_ERROR_VERIFICATION_FAILED | The signature is invalid |
CKMC_ERROR_INVALID_PARAMETER | Input parameter is invalid |
CKMC_ERROR_DB_LOCKED | A user key is not loaded in memory (a user is not logged in) |
CKMC_ERROR_DB_ERROR | Failed due to the error with unknown reason |
CKMC_ERROR_DB_ALIAS_UNKNOWN | Alias does not exist |
CKMC_ERROR_PERMISSION_DENIED | Failed to access key manager |
CKMC_ERROR_AUTHENTICATION_FAILED | Decryption failed because password is incorrect |