1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoservices/certificateandkeymgmt/inc/unifiedkeystore_v2.h Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,704 @@
1.4 +/*
1.5 +* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +* UNIFIEDKEYSTORE.H
1.19 +* The unified key store implementation
1.20 +*
1.21 +*/
1.22 +
1.23 +
1.24 +/**
1.25 + @file
1.26 + @publishedPartner
1.27 + @released
1.28 +*/
1.29 +
1.30 +#ifndef __UNIFIEDKEYSTORE_H__
1.31 +#define __UNIFIEDKEYSTORE_H__
1.32 +
1.33 +#include <f32file.h>
1.34 +#include <e32base.h>
1.35 +
1.36 +#include <mctkeystoremanager.h>
1.37 +
1.38 +#ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT
1.39 +namespace CryptoSpi
1.40 + {
1.41 + class CSigner;
1.42 + class CAsymmetricCipher;
1.43 + class CCryptoParams;
1.44 + }
1.45 +#endif
1.46 +
1.47 +/**
1.48 + * Unified KeyStore panics
1.49 + *
1.50 + * @publishedPartner
1.51 + * @released
1.52 + */
1.53 +enum TUnifiedKeyStorePanic
1.54 + {
1.55 + EUnexpectedInitialise = 1, ///< Unexpected initialise
1.56 + EArrayAccessOutOfBounds = 2, ///< Array access out of bounds
1.57 + ETokensArrayAlreadyInUse = 3, ///< Tokens array already in use
1.58 + EUnrecognisedState = 4, ///< Unrecognised state
1.59 + };
1.60 +
1.61 +/**
1.62 + * The unified key store.
1.63 + *
1.64 + * This class provides a key store whose contents are the sum of the contents of
1.65 + * all key store implementations on the device. It is intended a single point
1.66 + * of access for clients wishing to access key stores.
1.67 + *
1.68 + * Since this class is intended for widespread use, capability checks relating
1.69 + * to key access are documented here even though the checks are actually made in
1.70 + * the individual key store implementations.
1.71 + *
1.72 + * @publishedPartner
1.73 + * @released
1.74 + */
1.75 +NONSHARABLE_CLASS(CUnifiedKeyStore) : public CActive, public MKeyStore
1.76 + {
1.77 + public:
1.78 + /**
1.79 + * Creates a new CUnifiedKeyStore object.
1.80 + *
1.81 + * @param aFs A file server session. It must already be open.
1.82 + * @return A pointer to an instance of the CUnifiedKeyStore class.
1.83 + */
1.84 + IMPORT_C static CUnifiedKeyStore* NewL(RFs& aFs);
1.85 +
1.86 + /**
1.87 + * Creates a new CUnifiedKeyStore object and and puts a pointer to the new object
1.88 + * onto the cleanup stack.
1.89 + *
1.90 + * @param aFs A file server session. It must already be open.
1.91 + * @return A pointer to an instance of the CUnifiedKeyStore class.
1.92 + */
1.93 + IMPORT_C static CUnifiedKeyStore* NewLC(RFs& aFs);
1.94 +
1.95 + /**
1.96 + * The destructor destroys all the resources owned by this object.
1.97 + */
1.98 + IMPORT_C ~CUnifiedKeyStore();
1.99 +
1.100 + /**
1.101 + * Initialises the manager.
1.102 + *
1.103 + * It must be called after the manager has been constructed and before any call
1.104 + * to the manager functions.
1.105 + *
1.106 + * This is an asynchronous request.
1.107 + *
1.108 + * @param aStatus The request status object; contains the result of the Initialize()
1.109 + * request when complete. Set to KErrCancel if any outstanding request is cancelled.
1.110 + */
1.111 + IMPORT_C void Initialize(TRequestStatus& aStatus);
1.112 +
1.113 + /**
1.114 + * Cancels an ongoing Initialize() operation.
1.115 + *
1.116 + * The operation completes with KErrCancel.
1.117 + */
1.118 + IMPORT_C void CancelInitialize();
1.119 +
1.120 +public: // Implementation of MKeyStore interface
1.121 + virtual void List(RMPointerArray<CCTKeyInfo>& aKeys, const TCTKeyAttributeFilter& aFilter, TRequestStatus& aStatus);
1.122 + virtual void CancelList();
1.123 + virtual void GetKeyInfo(TCTTokenObjectHandle aHandle, CCTKeyInfo*& aInfo,TRequestStatus& aStatus);
1.124 + virtual void CancelGetKeyInfo();
1.125 + virtual void Open(const TCTTokenObjectHandle& aHandle,
1.126 + MRSASigner*& aSigner,
1.127 + TRequestStatus& aStatus);
1.128 + virtual void Open(const TCTTokenObjectHandle& aHandle,
1.129 + MDSASigner*& aSigner,
1.130 + TRequestStatus& aStatus);
1.131 + virtual void Open(const TCTTokenObjectHandle& aHandle,
1.132 + MCTDecryptor*& aDecryptor,
1.133 + TRequestStatus& aStatus);
1.134 + virtual void Open(const TCTTokenObjectHandle& aHandle,
1.135 + MCTDH*& aDH, TRequestStatus& aStatus);
1.136 + virtual void CancelOpen();
1.137 + virtual void ExportPublic(const TCTTokenObjectHandle& aHandle,
1.138 + HBufC8*& aPublicKey,
1.139 + TRequestStatus& aStatus);
1.140 + virtual void CancelExportPublic();
1.141 +
1.142 +#ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT
1.143 + virtual void Open(const TCTTokenObjectHandle& aHandle,
1.144 + CryptoSpi::CSigner*& aSigner,
1.145 + TRequestStatus& aStatus);
1.146 + virtual void Open(const TCTTokenObjectHandle& aHandle,
1.147 + CryptoSpi::CAsymmetricCipher*& asymmetricCipherObj,
1.148 + TRequestStatus& aStatus);
1.149 + virtual void Decrypt(const TCTTokenObjectHandle& aHandle,
1.150 + const TDesC8& aCiphertext,
1.151 + HBufC8*& aPlaintextPtr,
1.152 + TRequestStatus& aStatus);
1.153 + virtual void Sign(const TCTTokenObjectHandle& aHandle,
1.154 + const TDesC8& aPlaintext,
1.155 + CryptoSpi::CCryptoParams*& aSignature,
1.156 + TRequestStatus& aStatus);
1.157 +#endif
1.158 +
1.159 +public: // For MCTKeyStoreManager except those (CreateKey, ImportKey, ImportEncryptedKey)
1.160 + // that require a caller-specified store
1.161 +
1.162 + /**
1.163 + * Exports a key pair in the clear.
1.164 + *
1.165 + * The key is exported as DER-encoded PKCS#8 data.
1.166 + *
1.167 + * @param aHandle The handle of the key to export
1.168 + * @param aKey A reference to a HBufC8 pointer. The pointer will be set to
1.169 + * a newly allocated buffer containing the key data. It is the caller's
1.170 + * responsibility to delete this buffer.
1.171 + * @param aStatus The request status object; contains the result of the ExportKey() request
1.172 + * when complete. Set to KErrCancel if any outstanding request is cancelled.
1.173 + *
1.174 + * @capability ReadUserData Requires the caller to have ReadUserData capability
1.175 + * @leave KErrPermissionDenied If the caller does not have ReadUserData capability,
1.176 + * or is not the owner of the key.
1.177 + * @leave KErrNotFound If the key the handle referes to does not exist.
1.178 + * @leave KErrKeyAccess If the sensitive flag is set for the key, or the
1.179 + * exportable flag is not set.
1.180 + * @leave KErrKeyAlgorithm If this type of key cannot be exported.
1.181 + */
1.182 + IMPORT_C void ExportKey(TCTTokenObjectHandle aHandle, HBufC8*& aKey, TRequestStatus& aStatus);
1.183 +
1.184 + /**
1.185 + * Cancels an ongoing ExportKey() operation.
1.186 + *
1.187 + * The operation completes with KErrCancel.
1.188 + */
1.189 + IMPORT_C void CancelExportKey();
1.190 +
1.191 + /**
1.192 + * Exports an encrypted key pair.
1.193 + *
1.194 + * The key is exported as DER-encoded PKCS#5/PKCS#8 data.
1.195 + *
1.196 + * @param aHandle The handle of the key to export
1.197 + * @param aKey A reference to a HBufC8 pointer. The pointer will be set to
1.198 + * a newly allocated buffer containing the key data.
1.199 + * @param aParams The PBE encryption parameters to use when encrypting the key.
1.200 + * @param aStatus The request status object; contains the result of the ExportEncryptedKey() request
1.201 + * when complete. Set to KErrCancel if any outstanding request is cancelled.
1.202 + *
1.203 + * @capability ReadUserData Requires the caller to have ReadUserData capability
1.204 + * @leave KErrPermissionDenied If the caller does not have ReadUserData capability,
1.205 + * or is not the owner of the key.
1.206 + * @leave KErrNotFound If the key the handle referes to does not exist.
1.207 + * @leave KErrKeyAccess If the exportable flag is not set for the key.
1.208 + * @leave KErrKeyAlgorithm If this type of key cannot be exported.
1.209 + */
1.210 + IMPORT_C void ExportEncryptedKey(TCTTokenObjectHandle aHandle, const CPBEncryptParms& aEncryptParams,
1.211 + HBufC8*& aKey, TRequestStatus& aStatus);
1.212 +
1.213 + /**
1.214 + * Cancels an ongoing ExportEncryptedKey() operation.
1.215 + *
1.216 + * The operation completes with KErrCancel.
1.217 + */
1.218 + IMPORT_C void CancelExportEncryptedKey();
1.219 +
1.220 + /**
1.221 + * Deletes a key.
1.222 + *
1.223 + * @param aHandle The handle of the key to delete
1.224 + * @param aStatus The request status object; contains the result of the DeleteKey() request
1.225 + * when complete. Set to KErrCancel if any outstanding request is cancelled.
1.226 + *
1.227 + * @capability WriteUserData Requires the caller to have WriteUserData capability
1.228 + * @leave KErrPermissionDenied If the caller does not have WriteUserData capability,
1.229 + * or is not the owner of the key.
1.230 + * @leave KErrNotFound If the key the handle referes to does not exist.
1.231 + * @leave KErrAccessDenied If the calling process is not allowed to delete the key.
1.232 + * @leave KErrInUse If another client is currently using the key.
1.233 + */
1.234 + IMPORT_C void DeleteKey(TCTTokenObjectHandle aHandle, TRequestStatus& aStatus);
1.235 +
1.236 + /**
1.237 + * Cancels an ongoing DeleteKey() operation.
1.238 + *
1.239 + * The operation completes with KErrCancel.
1.240 + */
1.241 + IMPORT_C void CancelDeleteKey();
1.242 +
1.243 + /**
1.244 + * Sets the security policy for key use.
1.245 + *
1.246 + * Specifies which processes are allowed to use the key for cryptographic
1.247 + * operations.
1.248 + *
1.249 + * @param aHandle The handle of the key
1.250 + * @param aPolicy The new security policy.
1.251 + * @param aStatus The request status object; contains the result of the SetUsePolicy() request
1.252 + * when complete. Set to KErrCancel if any outstanding request is cancelled.
1.253 + *
1.254 + * @capability WriteUserData Requires the caller to have WriteUserData capability
1.255 + * @leave KErrPermissionDenied If the caller does not have WriteUserData capability,
1.256 + * or is not the owner of the key.
1.257 + * @leave KErrNotFound If the key the handle referes to does not exist.
1.258 + */
1.259 + IMPORT_C void SetUsePolicy(TCTTokenObjectHandle aHandle,
1.260 + const TSecurityPolicy& aPolicy,
1.261 + TRequestStatus& aStatus);
1.262 +
1.263 + /**
1.264 + * Cancels an ongoing SetUsePolicy() operation.
1.265 + *
1.266 + * The operation completes with KErrCancel.
1.267 + */
1.268 + IMPORT_C void CancelSetUsePolicy();
1.269 +
1.270 + /**
1.271 + * Sets the security policy for key management.
1.272 + *
1.273 + * Specifies which processes are allowed to perform management operations on
1.274 + * the key.
1.275 + *
1.276 + * @param aHandle The handle of the key
1.277 + * @param aPolicy The new security policy.
1.278 + * @param aStatus The request status object; contains the result of the SetManagementPolicy() request
1.279 + * when complete. Set to KErrCancel if any outstanding request is cancelled.
1.280 + *
1.281 + * @capability WriteUserData Requires the caller to have WriteUserData capability
1.282 + * @leave KErrPermissionDenied If the caller does not have WriteUserData capability,
1.283 + * or is not the owner of the key.
1.284 + * @leave KErrNotFound If the key the handle referes to does not exist.
1.285 + */
1.286 + IMPORT_C void SetManagementPolicy(TCTTokenObjectHandle aHandle,
1.287 + const TSecurityPolicy& aPolicy,
1.288 + TRequestStatus& aStatus);
1.289 +
1.290 + /**
1.291 + * Cancels an ongoing SetManagementPolicy() operation.
1.292 + *
1.293 + * The operation completes with KErrCancel.
1.294 + */
1.295 + IMPORT_C void CancelSetManagementPolicy();
1.296 +
1.297 + /**
1.298 + * Sets the passphrase timeout for all keys owned by this process.
1.299 + *
1.300 + * @param aTimeout The timeout in seconds. 0 means that the passphrase is
1.301 + * always asked for, and -1 means that it is never expired
1.302 + * @param aStatus The request status object; contains the result of the SetPassphraseTimeout() request
1.303 + * when complete. Set to KErrCancel if any outstanding request is cancelled.
1.304 + *
1.305 + * @capability WriteUserData Requires the caller to have WriteUserData capability
1.306 + * @leave KErrPermissionDenied If the caller does not have WriteUserData capability,
1.307 + * or is not the owner of the key
1.308 + * @leave KErrArgument If the timeout specified is invalid.
1.309 + */
1.310 + IMPORT_C void SetPassphraseTimeout(TInt aTimeout, TRequestStatus& aStatus);
1.311 +
1.312 + /**
1.313 + * Cancels an ongoing SetPassphraseTimeout() operation.
1.314 + *
1.315 + * The operation completes with KErrCancel.
1.316 + */
1.317 + IMPORT_C void CancelSetPassphraseTimeout();
1.318 +
1.319 + /**
1.320 + * Re-locks the entire store (i.e., forget the passphrase).
1.321 + *
1.322 + * @param aStatus The request status object; contains the result of the Relock() request
1.323 + * when complete. Set to KErrCancel if any outstanding request is cancelled.
1.324 + */
1.325 + IMPORT_C void Relock(TRequestStatus& aStatus);
1.326 +
1.327 + /**
1.328 + * Cancels an ongoing Relock() operation.
1.329 + *
1.330 + * The operation completes with KErrCancel.
1.331 + */
1.332 + IMPORT_C void CancelRelock();
1.333 +
1.334 +public:
1.335 + /**
1.336 + * Generates a new key pair.
1.337 + *
1.338 + * For the software key store, the owner of the new key is set to the
1.339 + * calling process. Users can subsequently be added by calling SetUsers().
1.340 + *
1.341 + * @param aKeyStoreIndex The index of the key store manager in which to
1.342 + * create the key. Must be between zero and
1.343 + * KeyStoreMangerCount() exclusive.
1.344 + * @param aUsage The key usage flags in the PKCS#15 format.
1.345 + * @param aSize The size of the key in bits.
1.346 + * @param aLabel A textual label for the key.
1.347 + * @param aAlgorithm The type of key.
1.348 + * @param aAccessType The key access type - a bitfield specifying key
1.349 + * access requirements. Allowed values are zero, or
1.350 + * a comination of CCTKeyInfo::EKeyAccess::ESenstive
1.351 + * and CCTKeyInfo::EKeyAccess::EExtractable
1.352 + * @param aStartDate The start of the validity period.
1.353 + * @param aEndDate The end of the validity period.
1.354 + * @param aKeyInfoOut A pointer that is set to a newly created key info
1.355 + * object on successful completion.
1.356 + * @param aStatus The request status object; contains the result of
1.357 + * the CreateKey() request when complete. Set to
1.358 + * KErrCancel if any outstanding request is cancelled.
1.359 + *
1.360 + * @capability WriteUserData Requires the caller to have WriteUserData capability
1.361 + * @leave KErrPermissionDenied If the caller does not have WriteUserData capability
1.362 + * @leave KErrKeyUsage If the key usage flags are not valid or not
1.363 + * consistent with the key algorithm.
1.364 + * @leave KErrKeyValidity If the validity start and end dates are specified
1.365 + * but do not form a valid time period.
1.366 + * @panic If aKeyStoreIndex does not specify a valid keystore manager.
1.367 + */
1.368 + IMPORT_C void CreateKey(TInt aKeyStoreIndex, TKeyUsagePKCS15 aUsage,TUint aSize,
1.369 + const TDesC& aLabel, CCTKeyInfo::EKeyAlgorithm aAlgorithm,
1.370 + TInt aAccessType, TTime aStartDate, TTime aEndDate,
1.371 + CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus);
1.372 +
1.373 + /**
1.374 + * Cancels an ongoing CreateKey() operation.
1.375 + *
1.376 + * The operation completes with KErrCancel.
1.377 + */
1.378 + IMPORT_C void CancelCreateKey();
1.379 +
1.380 + /**
1.381 + * Imports a key pair.
1.382 + *
1.383 + * For the software key store, the owner of the new key is set to the
1.384 + * calling process. Users can subsequently be added by calling SetUsers().
1.385 + *
1.386 + * The key data should be in PKCS#8 format. Both encrypted and cleartext
1.387 + * versions are allowed.
1.388 + *
1.389 + * @param aKeyStoreIndex The index of the key store manager in which to
1.390 + * create the key. Must be between zero and
1.391 + * KeyStoreMangerCount() exclusive.
1.392 + * @param aKeyData The key data to import, ASN.1 DER encoded PKCS#8.
1.393 + * @param aUsage The key usage flags in the PKCS#15 format.
1.394 + * @param aLabel A textual label for the key.
1.395 + * @param aAccessType The key access type - a bitfield specifying key
1.396 + * access requirements. Allowed values are zero, or
1.397 + * a comination of CCTKeyInfo::EKeyAccess::ESenstive
1.398 + * and CCTKeyInfo::EKeyAccess::EExtractable
1.399 + * @param aStartDate The start of the validity period.
1.400 + * @param aEndDate The end of the validity period.
1.401 + * @param aKeyInfoOut A pointer that is set to a newly created key info
1.402 + * object on successful completion.
1.403 + * @param aStatus The request status object; contains the result of
1.404 + * the ImportKey() request when complete. Set to
1.405 + * KErrCancel if any outstanding request is cancelled.
1.406 + *
1.407 + * @capability WriteUserData Requires the caller to have WriteUserData capability
1.408 + * @leave KErrPermissionDenied If the caller does not have WriteUserData capability
1.409 + * @leave KErrKeyUsage If the key usage flags are not valid or not
1.410 + * consistent with the key algorithm.
1.411 + * @leave KErrKeyValidity If the validity start and end dates are specified
1.412 + * but do not form a valid time period.
1.413 + * @leave KErrArgument If the key data cannot be parsed.
1.414 + * @panic If aKeyStoreIndex does not specify a valid keystore manager.
1.415 + */
1.416 + IMPORT_C void ImportKey(TInt aKeyStoreIndex, const TDesC8& aKeyData,
1.417 + TKeyUsagePKCS15 aUsage, const TDesC& aLabel,
1.418 + TInt aAccessType, TTime aStartDate, TTime aEndDate,
1.419 + CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus);
1.420 +
1.421 + /**
1.422 + * Cancels an ongoing ImportKey() operation.
1.423 + *
1.424 + * The operation completes with KErrCancel.
1.425 + */
1.426 + IMPORT_C void CancelImportKey();
1.427 +
1.428 +public:
1.429 +
1.430 + /**
1.431 + * Gets the number of available read-only key stores.
1.432 + *
1.433 + * @return The number of available read-only key stores.
1.434 + */
1.435 + IMPORT_C TInt KeyStoreCount() const;
1.436 +
1.437 + /**
1.438 + * Gets a read-only interface to a key store.
1.439 + *
1.440 + * @param aIndex An ordinal number that identifies the key store.
1.441 + * @return A read-only interface to the key store specified by aIndex.
1.442 + *
1.443 + * @panic CUnifiedKeyStore 2 If aIndex is out of range, ie it is greater
1.444 + * than or equal to the value returned by KeyStoreCount().
1.445 + */
1.446 + IMPORT_C MCTKeyStore& KeyStore(TInt aIndex);
1.447 +
1.448 + /**
1.449 + * Gets the number of available read-write key stores.
1.450 + *
1.451 + * @return The number of key stores that are open for read-write access.
1.452 + */
1.453 + IMPORT_C TInt KeyStoreManagerCount() const;
1.454 +
1.455 + /**
1.456 + * Gets a read-write interface to the store specified by aIndex.
1.457 + *
1.458 + * @param aIndex An ordinal number that identifies the key store.
1.459 + * @return A read-write interface to the key store specified by aIndex.
1.460 + *
1.461 + * @panic CUnifiedKeyStore 2 If aIndex s out of range, ie it is greater than
1.462 + * or equal to the value returned by KeyStoreManagerCount().
1.463 + */
1.464 + IMPORT_C MCTKeyStoreManager& KeyStoreManager(TInt aIndex);
1.465 +
1.466 +#ifdef SYMBIAN_AUTH_SERVER
1.467 +public:
1.468 + /**
1.469 + * Generates a new key pair. The creation of key is for currently authenticated
1.470 + * user. If currently there is no authenticated user then authentication of an user
1.471 + * would be required.
1.472 + *
1.473 + * For the software key store, the owner of the new key is set to the
1.474 + * calling process. Users can subsequently be added by calling SetUsers().
1.475 + *
1.476 + * @param aKeyStoreIndex The index of the key store manager in which to
1.477 + * create the key. Must be between zero and
1.478 + * KeyStoreMangerCount() exclusive.
1.479 + * @param aUsage The key usage flags in the PKCS#15 format.
1.480 + * @param aSize The size of the key in bits.
1.481 + * @param aLabel A textual label for the key.
1.482 + * @param aAlgorithm The type of key.
1.483 + * @param aAccessType The key access type - a bitfield specifying key
1.484 + * access requirements. Allowed values are zero, or
1.485 + * a comination of CCTKeyInfo::EKeyAccess::ESenstive
1.486 + * and CCTKeyInfo::EKeyAccess::EExtractable
1.487 + * @param aStartDate The start of the validity period.
1.488 + * @param aEndDate The end of the validity period.
1.489 + * @param aAuthenticationString The expression through which a user can be authenticated.
1.490 + * Currently this should correspond to one of the alias values
1.491 + * set by the licensee for authentication server configuration.
1.492 + * @param aFreshness The validity to be considered for an already authenticated
1.493 + * identity. Specification is in seconds.
1.494 + * @param aKeyInfoOut A pointer that is set to a newly created key info
1.495 + * object on successful completion.
1.496 + * @param aStatus Final status of the operation.
1.497 + *
1.498 + * @capability WriteUserData Requires the caller to have WriteUserData capability
1.499 + * @leave KErrPermissionDenied If the caller does not have WriteUserData capability
1.500 + * @leave KErrKeyUsage If the key usage flags are not valid or not
1.501 + * consistent with the key algorithm.
1.502 + * @leave KErrKeyValidity If the validity start and end dates are specified
1.503 + * but do not form a valid time period.
1.504 + * @leave KErrAuthenticationFailure If the user authentication fails.
1.505 + * @leave ... Any of the system wide error code.
1.506 + * @panic If aKeyStoreIndex does not specify a valid keystore manager.
1.507 + */
1.508 +
1.509 + IMPORT_C void CreateKey(TInt aKeyStoreIndex, TKeyUsagePKCS15 aUsage,TUint aSize,
1.510 + const TDesC& aLabel, CCTKeyInfo::EKeyAlgorithm aAlgorithm,
1.511 + TInt aAccessType, TTime aStartDate, TTime aEndDate,
1.512 + const TDesC& aAuthenticationString, TInt aFreshness,
1.513 + CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus) ;
1.514 +
1.515 + /**
1.516 + * Imports a key pair. The import of key is for currently authenticated
1.517 + * user. If currently there is no authenticated user then authentication
1.518 + * of an user would be required.
1.519 + *
1.520 + * For the software key store, the owner of the new key is set to the
1.521 + * calling process. Users can subsequently be added by calling SetUsers().
1.522 + *
1.523 + * The key data should be in PKCS#8 format. Both encrypted and cleartext
1.524 + * versions are allowed.
1.525 + *
1.526 + * @param aKeyStoreIndex The index of the key store manager in which to
1.527 + * create the key. Must be between zero and
1.528 + * KeyStoreMangerCount() exclusive.
1.529 + * @param aKeyData The key data to import, ASN.1 DER encoded PKCS#8.
1.530 + * @param aUsage The key usage flags in the PKCS#15 format.
1.531 + * @param aLabel A textual label for the key.
1.532 + * @param aAccessType The key access type - a bitfield specifying key
1.533 + * access requirements. Allowed values are zero, or
1.534 + * a comination of CCTKeyInfo::EKeyAccess::ESenstive
1.535 + * and CCTKeyInfo::EKeyAccess::EExtractable
1.536 + * @param aStartDate The start of the validity period.
1.537 + * @param aEndDate The end of the validity period.
1.538 + * @param aAuthenticationString The expression through which a user can be authenticated.
1.539 + * Currently this should correspond to one of the alias values
1.540 + * set by the licensee for authentication server configuration.
1.541 + * @param aFreshness The validity to be considered for an already authenticated
1.542 + * identity. Specification is in seconds.
1.543 + * @param aKeyInfoOut A pointer that is set to a newly created key info
1.544 + * object on successful completion.
1.545 + * @param aStatus Final status of the operation.
1.546 + *
1.547 + * @capability WriteUserData Requires the caller to have WriteUserData capability
1.548 + * @leave KErrPermissionDenied If the caller does not have WriteUserData capability
1.549 + * @leave KErrKeyUsage If the key usage flags are not valid or not
1.550 + * consistent with the key algorithm.
1.551 + * @leave KErrKeyValidity If the validity start and end dates are specified
1.552 + * but do not form a valid time period.
1.553 + * @leave KErrArgument If the key data cannot be parsed.
1.554 + * @panic If aKeyStoreIndex does not specify a valid keystore manager.
1.555 + */
1.556 +
1.557 + IMPORT_C void ImportKey( TInt aKeyStoreIndex, const TDesC8& aKeyData,
1.558 + TKeyUsagePKCS15 aUsage, const TDesC& aLabel,
1.559 + TInt aAccessType, TTime aStartDate, TTime aEndDate,
1.560 + const TDesC& aAuthenticationString, TInt aFreshness,
1.561 + CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus);
1.562 +
1.563 + /**
1.564 + * Set the authentication policy for an already existing key in the store.
1.565 + *
1.566 + * @param aHandle The handle of the key whose policy is to be changed.
1.567 + * @param aAuthenticationString The expression associated to this key.
1.568 + * @param aFreshness The validity associated to this key.
1.569 + * Specification is in seconds.
1.570 + * @param aStatus Final status of the operation.
1.571 + */
1.572 +
1.573 + IMPORT_C void SetAuthenticationPolicy( const TCTTokenObjectHandle aHandle,
1.574 + const TDesC& aAuthenticationString,
1.575 + TInt aFreshness,
1.576 + TRequestStatus& aStatus);
1.577 +
1.578 + /**
1.579 + * Retrieve authentication policy for an already existing key in the store.
1.580 + *
1.581 + * @param aHandle The handle of the key whose policy is to be retrieved.
1.582 + * @param aAuthenticationString The expression associated to this key. The memory would
1.583 + * be allocated at the server side.
1.584 + * @param aFreshness The validity associated to this key.
1.585 + * Specification is in seconds.
1.586 + * @param aStatus Final status of the operation.
1.587 + */
1.588 +
1.589 + IMPORT_C void GetAuthenticationPolicy( const TCTTokenObjectHandle aHandle,
1.590 + HBufC*& aAuthenticationString,
1.591 + TInt& aFreshness,
1.592 + TRequestStatus& aStatus);
1.593 +#endif // SYMBIAN_AUTH_SERVER
1.594 +
1.595 +private:
1.596 + CUnifiedKeyStore(RFs& aFs);
1.597 + void ConstructL();
1.598 +private: // From CActive
1.599 + void RunL();
1.600 + TInt RunError(TInt aError);
1.601 + void DoCancel();
1.602 +private:
1.603 + enum TState
1.604 + {
1.605 + EIdle,
1.606 + EInitializeGetTokenList,
1.607 + EInitializeGetToken,
1.608 + EInitialiseGetKeyManagerInterface,
1.609 + EInitializeGetKeyUserInterface,
1.610 + EInitializeGetKeyUserInterfaceFinished,
1.611 + EInitializeFinished,
1.612 + // ----------------------------------------------
1.613 + EList,
1.614 + EGetKeyInfo,
1.615 + EOpen,
1.616 + // ----------------------------------------------
1.617 + ECreateKey,
1.618 + EImportKey,
1.619 + EImportKeyEncrypted,
1.620 + EExportKey,
1.621 + EExportEncryptedKey,
1.622 + EExportPublic,
1.623 + EDeleteKey,
1.624 + ESetUsePolicy,
1.625 + ESetManagementPolicy,
1.626 + ESetPassphraseTimeout,
1.627 + ERelock,
1.628 + ESetAuthenticationPolicy,
1.629 + EGetAuthenticationPolicy
1.630 + };
1.631 +private:
1.632 + void StartAsyncOperation(TState aState, TRequestStatus& aStatus);
1.633 + void DoInitializeL();
1.634 + TBool DoOpen(const TCTTokenObjectHandle& aHandle,
1.635 + TRequestStatus& aStatus);
1.636 + void PrepareToCreateKeyL(TInt aKeyStoreIndex,
1.637 + TKeyUsagePKCS15 aUsage, TUint aSize,
1.638 + const TDesC& aLabel,
1.639 + CCTKeyInfo::EKeyAlgorithm aAlgorithm,
1.640 + TInt aAccessType,
1.641 + TTime aStartDate, TTime aEndDate,
1.642 + TRequestStatus& aStatus);
1.643 + /**
1.644 + * A synchronous method to find the key store given a token object handle.
1.645 + * Returns NULL if none found.
1.646 + */
1.647 + MCTKeyStore* FindKeyStore(const TCTTokenObjectHandle& aHandle);
1.648 + /**
1.649 + * A synchronous method to find the key store manager given a token object
1.650 + * handle. Returns NULL if none found.
1.651 + */
1.652 + MCTKeyStoreManager* FindKeyStoreManager(const TCTTokenObjectHandle& aHandle);
1.653 + /** Complete the user's request and clean up state. */
1.654 + void Complete(TInt aError);
1.655 + /** Clean up state. */
1.656 + void Cleanup();
1.657 + /** Cancel the outstanding request. */
1.658 + void CancelOutstandingRequest();
1.659 +private:
1.660 + /**
1.661 + * A wrapper around a keystore interface that remebers whether it is a
1.662 + * readonly or manager interface.
1.663 + */
1.664 + class CKeyStoreIF
1.665 + {
1.666 + public:
1.667 + CKeyStoreIF(MCTTokenInterface*, TBool);
1.668 + ~CKeyStoreIF();
1.669 + public:
1.670 + inline MCTTokenInterface* KeyStore() const {return (iKeyStore);};
1.671 + inline TBool IsKeyManager() const {return (iIsKeyManager);};
1.672 + private:
1.673 + CKeyStoreIF(){};
1.674 + private:
1.675 + MCTTokenInterface* iKeyStore;
1.676 + TBool iIsKeyManager;
1.677 + };
1.678 +private:
1.679 + RFs& iFs;
1.680 + TState iState;
1.681 + TRequestStatus* iOriginalRequestStatus;
1.682 + RPointerArray<CKeyStoreIF> iKeyStoresHolder;
1.683 +
1.684 + RCPointerArray<CCTTokenTypeInfo> iTokenTypes;
1.685 + TInt iIndexTokenTypes;
1.686 + MCTTokenType* iTokenType;
1.687 + MCTToken* iToken;
1.688 + MCTTokenInterface* iTokenInterface;
1.689 + TUid iRequestUid;
1.690 + RCPointerArray<HBufC> iTokens;
1.691 + TInt iIndexTokens;
1.692 +
1.693 + MCTKeyStore* iKeyStore; ///< The key store in use by the current operation or NULL
1.694 + MCTKeyStoreManager* iKeyStoreManager; ///< The key store manager in use by the current operation or NULL
1.695 +
1.696 + RMPointerArray<CCTKeyInfo>* iKeyInfos;
1.697 + TCTKeyAttributeFilter* iFilter;
1.698 + CCTKeyInfo* iKeyInfo;
1.699 + HBufC8* iKeyData;
1.700 + CCTKeyInfo** iKeyInfoOut; ///< Pointer to client's key info pointer
1.701 + CPBEncryptParms* iPbeParams; // PBE parameters for encrypted key export
1.702 +
1.703 + TInt iIndex;
1.704 + TInt iNewTimeout;
1.705 +};
1.706 +
1.707 +#endif