os/security/cryptoservices/filebasedcertificateandkeystores/source/keystore/Server/CCreateKey.cpp
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoservices/filebasedcertificateandkeystores/source/keystore/Server/CCreateKey.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,269 @@
1.4 +/*
1.5 +* Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +*
1.19 +*/
1.20 +
1.21 +
1.22 +#include "CCreateKey.h"
1.23 +#include "tokenserverdebug.h"
1.24 +#include <bigint.h>
1.25 +#include <securityerr.h>
1.26 +
1.27 +// Wrapper class because we differ from crypto on what a DH key is
1.28 +class CSimpleDHKey : public CBase
1.29 + {
1.30 + public:
1.31 + static CSimpleDHKey* NewL(TInt aSize);
1.32 + ~CSimpleDHKey();
1.33 + public:
1.34 + inline RInteger& DHKey() {return (iKey);};
1.35 + private:
1.36 + CSimpleDHKey() {};
1.37 + void ConstructL(TInt aSize);
1.38 + private:
1.39 + RInteger iKey;
1.40 + };
1.41 +
1.42 +CSimpleDHKey* CSimpleDHKey::NewL(TInt aSize)
1.43 + {
1.44 + CSimpleDHKey* me = new (ELeave) CSimpleDHKey();
1.45 + CleanupStack::PushL(me);
1.46 + me->ConstructL(aSize);
1.47 + CleanupStack::Pop(me);
1.48 + return (me);
1.49 + }
1.50 +
1.51 +void CSimpleDHKey::ConstructL(TInt aSize)
1.52 + {
1.53 + iKey = RInteger::NewRandomL(aSize - 1);
1.54 + }
1.55 +
1.56 +CSimpleDHKey::~CSimpleDHKey()
1.57 + {
1.58 + iKey.Close();
1.59 + }
1.60 +
1.61 +CKeyCreator::CKeyCreator()
1.62 + : CActive(EPriorityStandard),
1.63 + iAction(EIdle)
1.64 + {
1.65 + CActiveScheduler::Add(this);
1.66 + }
1.67 +
1.68 +CKeyCreator::~CKeyCreator()
1.69 + {
1.70 + Cancel();
1.71 +
1.72 + iCreatorThread.LogonCancel(iStatus);
1.73 + iCreatorThread.Close();
1.74 +
1.75 + delete iCreateData;
1.76 + }
1.77 +
1.78 +// Spin a thread to create an appropriate key, if successful, left on CleanupStack
1.79 +void CKeyCreator::DoCreateKeyAsync(CKeyInfo::EKeyAlgorithm aAlgorithm, TInt aSize, TRequestStatus& aStatus)
1.80 + {
1.81 + iClientStatus = &aStatus;
1.82 + *iClientStatus = KRequestPending;
1.83 + iStatus = KRequestPending;
1.84 +
1.85 + TInt err = KErrNone;
1.86 +
1.87 + if ( (aSize <= 0) ||
1.88 + (aAlgorithm==CKeyInfo::EInvalidAlgorithm) ||
1.89 + ((aAlgorithm!=CKeyInfo::ERSA) && (aAlgorithm!=CKeyInfo::EDSA) && (aAlgorithm!=CKeyInfo::EDH)) )
1.90 + {
1.91 + err = KErrKeyAlgorithm;
1.92 + }
1.93 + if(err == KErrNone)
1.94 + {
1.95 + iCreateData = new CKeyCreatorData(aAlgorithm, aSize);
1.96 + if(iCreateData == NULL)
1.97 + {
1.98 + err = KErrNoMemory;
1.99 + }
1.100 + }
1.101 + else
1.102 + {
1.103 + User::RequestComplete(iClientStatus, err);
1.104 + return;
1.105 + }
1.106 +
1.107 + // OK, ready to start the async operation...do it in RunL
1.108 + iAction = EReadyToCreateKey;
1.109 +
1.110 + SetActive();
1.111 + TRequestStatus* stat = &iStatus;
1.112 + User::RequestComplete(stat, err);
1.113 + }
1.114 +
1.115 +// HERE'S THE THREAD TO CREATE THE KEY
1.116 +// Code cannot leave in here, but not as many traps as it looks
1.117 +/*static*/ TInt CKeyCreator::CreatorThreadEntryPoint(TAny* aParameters)
1.118 + {
1.119 + CTrapCleanup* cleanup = CTrapCleanup::New();
1.120 + if (!cleanup)
1.121 + User::Exit(KErrNoMemory);
1.122 +
1.123 +#ifdef _DEBUG
1.124 + TokenServerDebug::PauseOOMTest();
1.125 +#endif
1.126 +
1.127 + ASSERT(aParameters);
1.128 + TInt result = KErrNone;
1.129 + CKeyCreatorData* createData = static_cast<CKeyCreatorData*>(aParameters);
1.130 + switch (createData->iKeyAlgorithm)
1.131 + {
1.132 + case(CKeyInfo::ERSA):
1.133 + {// Currently, CRT signing is not supported, in case the key is to be used
1.134 + // for such, create a standard (private) key as part of the pair
1.135 + TRAP(result, createData->iKey.iRSAKey = CRSAKeyPair::NewL(createData->iSize));
1.136 + }
1.137 + break;
1.138 + case (CKeyInfo::EDSA):
1.139 + {
1.140 + TRAP(result, createData->iKey.iDSAKey = CDSAKeyPair::NewL(createData->iSize));
1.141 + }
1.142 + break;
1.143 + case (CKeyInfo::EDH):
1.144 + {// Generate a number that's less than N. The snag is that
1.145 + // we don't know what N is. We do know that it'll be of a
1.146 + // particular size, so we can safely generate any number
1.147 + // with less than iSize digits
1.148 + TRAP(result, createData->iKey.iDHKey = CSimpleDHKey::NewL(createData->iSize));
1.149 + }
1.150 + break;
1.151 + default:
1.152 + ASSERT(EFalse);
1.153 + result = KErrArgument;
1.154 + }
1.155 +
1.156 + #ifdef _DEBUG
1.157 + TokenServerDebug::ResumeOOMTest();
1.158 + #endif
1.159 + delete cleanup;
1.160 + User::Exit(result);
1.161 + return (KErrNone);
1.162 + }
1.163 +
1.164 +CRSAKeyPair* CKeyCreator::GetCreatedRSAKey()
1.165 + {
1.166 + // Check algorithm is as expected, return NULL if no key or wrong type
1.167 + if ( (!iCreateData) || (CKeyInfo::ERSA!=iCreateData->iKeyAlgorithm) )
1.168 + return (NULL);
1.169 + else
1.170 + return (iCreateData->iKey.iRSAKey);
1.171 + }
1.172 +
1.173 +CDSAKeyPair* CKeyCreator::GetCreatedDSAKey()
1.174 + {
1.175 + // Check algorithm is as expected, return NULL if no key or wrong type
1.176 + if ( (!iCreateData) || (CKeyInfo::EDSA!=iCreateData->iKeyAlgorithm) )
1.177 + return (NULL);
1.178 + else
1.179 + return (iCreateData->iKey.iDSAKey);
1.180 + }
1.181 +
1.182 +void CKeyCreator::GetCreatedDHKey(RInteger& aDHKey)
1.183 + {
1.184 + ASSERT(iCreateData);
1.185 + ASSERT(CKeyInfo::EDH==iCreateData->iKeyAlgorithm);
1.186 + aDHKey = iCreateData->iKey.iDHKey->DHKey();
1.187 + }
1.188 +
1.189 +void CKeyCreator::DoCancel()
1.190 + {
1.191 + // Only do the cancel if in the middle of creating a key. Kill the thread.
1.192 + if (iAction!=EIdle)
1.193 + {
1.194 + TExitType exitType = iCreatorThread.ExitType();
1.195 + if (EExitPending==exitType) // Still alive, so kill it
1.196 + {
1.197 + iCreatorThread.Kill(KErrCancel);
1.198 + }
1.199 + iAction = EIdle;
1.200 + }
1.201 +
1.202 + ASSERT(iClientStatus);
1.203 + User::RequestComplete(iClientStatus, KErrCancel);
1.204 + }
1.205 +
1.206 +void CKeyCreator::RunL()
1.207 + {
1.208 + ASSERT(iClientStatus);
1.209 + User::LeaveIfError(iStatus.Int());
1.210 +
1.211 + switch (iAction)
1.212 + {
1.213 + case (EReadyToCreateKey):
1.214 + {
1.215 + // Spin off the thread and pass it the parameter data, then stand by
1.216 + // INC118634
1.217 + // To be safe, we should use anonymous threads because naming a thread means anybody could have opened a handle on the thread,
1.218 + // most likely system applications which want to know about panicing threads. So next thread creation will fail with KErrAlreadyExist(-11).
1.219 + User::LeaveIfError(iCreatorThread.Create(KNullDesC, CreatorThreadEntryPoint, KDefaultStackSize, NULL, (TAny*)iCreateData));
1.220 + iStatus = KRequestPending;
1.221 + iCreatorThread.Logon(iStatus);
1.222 + iAction = ECreatedKey;
1.223 + SetActive();
1.224 + iCreatorThread.Resume();
1.225 + }
1.226 + break;
1.227 +
1.228 + case (ECreatedKey):
1.229 + {// Notify the caller
1.230 + ASSERT(iClientStatus);
1.231 + // May be OOM creating logon, in which case we should kill thread
1.232 + if (iStatus.Int() == KErrNoMemory)
1.233 + {
1.234 + TExitType exitType = iCreatorThread.ExitType();
1.235 + if (EExitPending==exitType) // Still alive, so kill it
1.236 + iCreatorThread.Kill(KErrNone);
1.237 + }
1.238 +
1.239 + User::RequestComplete(iClientStatus, iStatus.Int());
1.240 + iAction = EIdle;
1.241 + }
1.242 + break;
1.243 + default:
1.244 + ASSERT(EFalse);
1.245 + }
1.246 + }
1.247 +
1.248 +TInt CKeyCreator::RunError(TInt anError)
1.249 + {
1.250 + if (iClientStatus)
1.251 + User::RequestComplete(iClientStatus, anError);
1.252 +
1.253 + return (KErrNone);
1.254 + }
1.255 +
1.256 +
1.257 +
1.258 +CKeyCreator::CKeyCreatorData::CKeyCreatorData(CKeyInfo::EKeyAlgorithm aAlgorithm, TInt aSize)
1.259 + :iSize(aSize),
1.260 + iKeyAlgorithm(aAlgorithm)
1.261 + {}
1.262 +
1.263 +CKeyCreator::CKeyCreatorData::~CKeyCreatorData()
1.264 + {
1.265 + if (iKeyAlgorithm==CKeyInfo::ERSA)
1.266 + delete iKey.iRSAKey;
1.267 + else if (iKeyAlgorithm==CKeyInfo::EDSA)
1.268 + delete iKey.iDSAKey;
1.269 + else if (iKeyAlgorithm==CKeyInfo::EDH)
1.270 + delete iKey.iDHKey;
1.271 + }
1.272 +