1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptomgmtlibs/cryptotokenfw/inc_interfaces/MCTKeyStore_v2.h Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,405 @@
1.4 +/*
1.5 +* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +* MCTKeystore.h
1.19 +*
1.20 +*/
1.21 +
1.22 +
1.23 +/**
1.24 + @file
1.25 + @publishedPartner
1.26 + @released
1.27 +*/
1.28 +
1.29 +#ifndef __MCTKEYSTORE_H__
1.30 +#define __MCTKEYSTORE_H__
1.31 +
1.32 +#include <securitydefs.h>
1.33 +#include <mkeystore.h>
1.34 +#include <s32file.h>
1.35 +
1.36 +#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
1.37 +#include <mctkeystoreuids.h>
1.38 +#endif
1.39 +
1.40 +/** The UID of the filekey store */
1.41 +const TInt KTokenTypeFileKeystore = 0x101F7333;
1.42 +
1.43 +#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
1.44 +
1.45 +/** The type ID of CCTKeyInfo objects */
1.46 +const TUid KKeyInfoUID = {0x101F5152};
1.47 +const TUid KNonRepudiationSignerUID = {0x101F7A40};
1.48 +const TUid KKeyStoreAuthObjectUID = {0x101FE681};
1.49 +
1.50 +#endif
1.51 +
1.52 +class MCTAuthenticationObject;
1.53 +
1.54 +/**
1.55 + * Defines the interface for a read-only key store token.
1.56 + *
1.57 + * All the details are defined in MKeyStore as they are shared by the unified
1.58 + * key store.
1.59 + *
1.60 + * The class adds no extra member functions or data.
1.61 + *
1.62 + */
1.63 +class MCTKeyStore : public MCTTokenInterface, public MKeyStore
1.64 + {
1.65 + };
1.66 +
1.67 +/**
1.68 + * Base class for CCTKeyInfo.
1.69 + *
1.70 + */
1.71 +class CKeyInfoBase : protected CBase
1.72 + {
1.73 +public:
1.74 +
1.75 + /** Key algorithms. */
1.76 + enum EKeyAlgorithm
1.77 + {
1.78 + EInvalidAlgorithm = 0,
1.79 + ERSA = 1,
1.80 + EDSA = 2,
1.81 + EDH = 3,
1.82 +#ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT
1.83 + EECC = 4,
1.84 +#endif
1.85 + };
1.86 +
1.87 + /** Flags for key access bitfield. */
1.88 + enum EKeyAccess
1.89 + {
1.90 + EInvalidAccess = 0x00,
1.91 + ESensitive = 0x01,
1.92 + EExtractable = 0x02,
1.93 + EAlwaysSensitive = 0x04,
1.94 + ENeverExtractable = 0x08,
1.95 + ELocal = 0x10
1.96 + };
1.97 +
1.98 +public:
1.99 +
1.100 + inline TKeyIdentifier ID() const; ///< The ID (SHA-1 hash) of the key
1.101 + inline TKeyUsagePKCS15 Usage() const; ///< The key usage
1.102 + inline TUint Size() const; ///< The size of the key
1.103 + inline const TDesC& Label() const; ///< The key's label.
1.104 + inline const TSecurityPolicy& UsePolicy() const; ///< The security policy for key use
1.105 + inline const TSecurityPolicy& ManagementPolicy() const; ///< The security policy for key management
1.106 + inline EKeyAlgorithm Algorithm() const; ///< The key algorithm
1.107 +
1.108 + /**
1.109 + * The key access type. The return code is bitfield made up of 0 or more
1.110 + * values from EKeyAccess ORed together.
1.111 + */
1.112 + inline TInt AccessType() const;
1.113 +
1.114 + /**
1.115 + * Returns whether the key is native.
1.116 + *
1.117 + * A native key is one where operations on the key are performed on the same
1.118 + * hardware as the the key is stored. For instance, if a key that is stored
1.119 + * on secure hardware but calculations are carried out on the main
1.120 + * processor, it isn't native.
1.121 + */
1.122 + inline TBool Native() const;
1.123 +
1.124 + inline TTime StartDate() const; ///< The start time, or TTime(0) if not set
1.125 + inline TTime EndDate() const; ///< The end time, or TTime(0) if not set
1.126 + inline const TDesC8& PKCS8AttributeSet() const; ///< The PKCS#8 attribute set.
1.127 +
1.128 + /**
1.129 + * Externalizes the key data to stream
1.130 + */
1.131 + IMPORT_C void ExternalizeL(RWriteStream& aStream) const;
1.132 +
1.133 +public:
1.134 +
1.135 + /**
1.136 + * Get the handle of the key. This is a identifier that uniquely identifies
1.137 + * the key within one store, and is used to construct the token handle.
1.138 + */
1.139 + inline TInt HandleID() const;
1.140 +
1.141 + /**
1.142 + * Set the handle of the key. Called by the token when a key is created.
1.143 + *
1.144 + * @param aHandle The new handle of the key
1.145 + */
1.146 + inline void SetHandle(TInt aHandle);
1.147 +
1.148 + /**
1.149 + * Called by the token when a key is created, to set the key identifier
1.150 + * (SHA-1 hash) of the new key
1.151 + *
1.152 + * @param aId The newly generated SHA-1 hash
1.153 + */
1.154 + inline void SetIdentifier(TKeyIdentifier aId);
1.155 +
1.156 + /**
1.157 + * Set the size of a key.
1.158 + */
1.159 + inline void SetSize(TUint aSize);
1.160 +
1.161 + /**
1.162 + * Set the key algorithm.
1.163 + */
1.164 + inline void SetAlgorithm(EKeyAlgorithm aAlg);
1.165 +
1.166 +protected:
1.167 +
1.168 + /**
1.169 + * Protected constructor, called by derived classes.
1.170 + */
1.171 + IMPORT_C CKeyInfoBase(TKeyIdentifier aID,
1.172 + TKeyUsagePKCS15 aUsage,
1.173 + TUint aSize,
1.174 + HBufC* aLabel,
1.175 + TInt aHandle,
1.176 + const TSecurityPolicy& aUsePolicy,
1.177 + const TSecurityPolicy& aManagementPolicy,
1.178 + EKeyAlgorithm aAlgorithm,
1.179 + TInt aAccessType,
1.180 + TBool aNative,
1.181 + TTime aStartDate,
1.182 + TTime aEndDate,
1.183 + HBufC8* aPKCS8AttributeSet);
1.184 +
1.185 + /**
1.186 + * Protected constructor, called by derived classes.
1.187 + */
1.188 + IMPORT_C CKeyInfoBase();
1.189 +
1.190 + /**
1.191 + * Second phase constructor. Called by derived classes' NewL methods.
1.192 + */
1.193 + IMPORT_C void ConstructL();
1.194 +
1.195 + /**
1.196 + * Second phase constructor. Called by derived classes' NewL methods.
1.197 + */
1.198 + IMPORT_C void ConstructL(RReadStream& aIn);
1.199 +
1.200 + /**
1.201 + * Destructor is protected so CCTKeyInfo can force users to call Release.
1.202 + */
1.203 + IMPORT_C ~CKeyInfoBase();
1.204 +
1.205 +private:
1.206 +
1.207 + /**
1.208 + * Internalizes key data from a stream.
1.209 + */
1.210 + void InternalizeL(RReadStream& aStream);
1.211 +
1.212 +protected:
1.213 + TKeyIdentifier iID; ///< The ID of the key
1.214 + TKeyUsagePKCS15 iUsage; ///< The usage of the key
1.215 + TUint iSize; ///< The size of the key
1.216 + HBufC* iLabel; ///< The identifying label of the key
1.217 + TInt iHandle; ///< The handle of the key
1.218 + TSecurityPolicy iUsePolicy; ///< The secutity policy for key use
1.219 + TSecurityPolicy iManagementPolicy; ///< The secutity policy for key management
1.220 + EKeyAlgorithm iAlgorithm; ///< The key type (RSA, DSA etc)
1.221 + TInt iAccessType; ///< Key sensitivity
1.222 + TBool iNative; ///< Key is native (cryptographic operations are carried out on the store)
1.223 + TTime iStartDate; ///< Key Start Date
1.224 + TTime iEndDate; ///< Key end date
1.225 + HBufC8* iPKCS8AttributeSet; ///< Attributes as a DER-encoded set
1.226 + };
1.227 +
1.228 +/**
1.229 + * Information about a key, as returned by MCTKeyStore::List.
1.230 + *
1.231 + */
1.232 +class CCTKeyInfo : public CKeyInfoBase, public MCTTokenObject
1.233 + {
1.234 +public:
1.235 +
1.236 + /**
1.237 + *
1.238 + * Creates a CCTKeyInfo from constituents. This is called by the unified
1.239 + * key store, and should not be called directly.
1.240 + *
1.241 + * @param aID The SHA1 hash of the key
1.242 + * @param aUsage The usage of the key
1.243 + * @param aSize The size of the key in bytes
1.244 + * @param aProtector A protector object if the key is protected by a PIN.
1.245 + * This may be NULL if the protector is not known.
1.246 + * @param aLabel The label of the key (takes ownership).
1.247 + * @param aToken The token the key is in
1.248 + * @param aHandle The object ID part of the object handle; an
1.249 + * integer that is unique amongst keys in this token.
1.250 + * @param aUsePolicy The security policy for key use
1.251 + * @param aManagementPolicy The security policy for key management
1.252 + * @param aAlgorithm The key algorithm (RSA, DSA or Diffie-Hellman)
1.253 + * @param aAccessType The access type of the key
1.254 + * @param aNative Defines whether the key is native
1.255 + * @param aStartDate The key validity start date
1.256 + * @param aEndDate The key validity end date
1.257 + * @param aPKCS8AttributeSet (optional) The DER encoded PKCS8 attribute set
1.258 + * (takes ownership).
1.259 + *
1.260 + * @leave KErrKeyUsage If the key usage flags are not valid or not
1.261 + * consistent with the key algorithm.
1.262 + * @leave KErrKeyValidity If the validity start and end dates are specified
1.263 + * but do not form a valid time period.
1.264 + */
1.265 + IMPORT_C static CCTKeyInfo* NewL(TKeyIdentifier aID,
1.266 + TKeyUsagePKCS15 aUsage,
1.267 + TUint aSize,
1.268 + MCTAuthenticationObject* aProtector,
1.269 + HBufC* aLabel,
1.270 + MCTToken& aToken,
1.271 + TInt aHandle,
1.272 + const TSecurityPolicy& aUsePolicy,
1.273 + const TSecurityPolicy& aManagementPolicy,
1.274 + EKeyAlgorithm aAlgorithm,
1.275 + TInt aAccessType,
1.276 + TBool aNative,
1.277 + TTime aStartDate,
1.278 + TTime aEndDate,
1.279 + HBufC8* aPKCS8AttributeSet = NULL);
1.280 +
1.281 + /**
1.282 + * Creates a new KeyInfo from a stream.
1.283 + *
1.284 + * @param aStream The stream to read the key data from
1.285 + * @param aToken The token that the key is in
1.286 + *
1.287 + * @leave KErrKeyUsage If the key usage flags are not valid or not
1.288 + * consistent with the key algorithm.
1.289 + * @leave KErrKeyValidity If the validity start and end dates are specified
1.290 + * but do not form a valid time period.
1.291 + */
1.292 + IMPORT_C static CCTKeyInfo* NewL(RReadStream& aStream, MCTToken& aToken);
1.293 +
1.294 +public:
1.295 +
1.296 + /**
1.297 + * The PIN (or other authentication object) that protects the key, or NULL
1.298 + * if not set. This object is owned by key store.
1.299 + */
1.300 + inline MCTAuthenticationObject* Protector() const;
1.301 +
1.302 + /**
1.303 + * Sets the authentication object for this key. The object's Release method
1.304 + * will be called by the destructor, allowing for refence counting of auth
1.305 + * objects to be implemented if desired.
1.306 + */
1.307 + inline void SetProtector(MCTAuthenticationObject& aProtector);
1.308 +
1.309 + /** The CT handle to this object. */
1.310 + inline operator TCTTokenObjectHandle() const;
1.311 +
1.312 +public:
1.313 +
1.314 + // from MCTTokenObject
1.315 +
1.316 + /** The label of the key */
1.317 + virtual const TDesC& Label() const;
1.318 +
1.319 + /** The token the key is in */
1.320 + virtual MCTToken& Token() const;
1.321 +
1.322 + /** Returns KKeyInfoUID to indicate this is a key info object */
1.323 + virtual TUid Type() const;
1.324 +
1.325 + /**
1.326 + * A handle for the key. This can be used to identify a key to
1.327 + * another process.
1.328 + */
1.329 + virtual TCTTokenObjectHandle Handle() const;
1.330 +
1.331 +private:
1.332 +
1.333 + CCTKeyInfo(TKeyIdentifier aID,
1.334 + TKeyUsagePKCS15 aUsage,
1.335 + TUint aSize,
1.336 + MCTAuthenticationObject* aProtector,
1.337 + HBufC* aLabel,
1.338 + MCTToken& aToken,
1.339 + TInt aHandle,
1.340 + const TSecurityPolicy& aUsePolicy,
1.341 + const TSecurityPolicy& aManagementPolicy,
1.342 + EKeyAlgorithm aAlgorithm,
1.343 + TInt aAccessType,
1.344 + TBool aNative,
1.345 + TTime aStartDate,
1.346 + TTime aEndDate,
1.347 + HBufC8* aPKCS8AttributeSet);
1.348 +
1.349 + CCTKeyInfo(MCTToken& aToken);
1.350 +
1.351 + ~CCTKeyInfo();
1.352 +
1.353 +private:
1.354 +
1.355 + /** The token the key is in*/
1.356 + MCTToken& iToken;
1.357 +
1.358 + /** The protector object of the key. This pointer is not owned by the class */
1.359 + MCTAuthenticationObject* iProtector;
1.360 +};
1.361 +
1.362 +/**
1.363 + * A filter to specify which keys should be returned from the store by
1.364 + * MCTKeyStore::List.
1.365 + *
1.366 + */
1.367 +struct TCTKeyAttributeFilter
1.368 + {
1.369 + enum TPolicyFilter
1.370 + {
1.371 + EAllKeys,
1.372 + EUsableKeys,
1.373 + EManageableKeys,
1.374 + EUsableOrManageableKeys
1.375 + };
1.376 +
1.377 + /** Constructor */
1.378 + IMPORT_C TCTKeyAttributeFilter();
1.379 +
1.380 + /**
1.381 + * The hash of the key we're looking for. A zero-length descriptor means
1.382 + * 'don't care
1.383 + */
1.384 + TKeyIdentifier iKeyId;
1.385 +
1.386 + /**
1.387 + * The required usage of the key. A key must match any of the usages
1.388 + * specified. Use EAllUsages to return all usages.
1.389 + */
1.390 + TKeyUsagePKCS15 iUsage;
1.391 +
1.392 + /**
1.393 + * Filter returned keys by the operations the calling process is allowed to
1.394 + * perform on them (as determined by the security policies set on them).
1.395 + *
1.396 + * The default is EUsableKeys. Note that if this is to set to KAllKeys, all
1.397 + * keys will be returned, including those that are unusable by the calling
1.398 + * process.
1.399 + */
1.400 + TPolicyFilter iPolicyFilter;
1.401 +
1.402 + /** The algorithm. EInvalidAlgorithm indicates 'don't care */
1.403 + CCTKeyInfo::EKeyAlgorithm iKeyAlgorithm;
1.404 + };
1.405 +
1.406 +#include "mctkeystore.inl"
1.407 +
1.408 +#endif // __MCTKEYSTORE_H__