os/security/cryptoservices/filebasedcertificateandkeystores/test/tcryptotokenhai/tcryptotokenhai.cpp
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoservices/filebasedcertificateandkeystores/test/tcryptotokenhai/tcryptotokenhai.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,619 @@
1.4 +/*
1.5 +* Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +* This class implements the reference Crypto Token Hardware Abstraction
1.19 +* Interface (HAI). It is just intended to show how operations using
1.20 +* device keys can be performed using crypto token framework. In the
1.21 +* real world scenario, this HAI should be replaced by device drivers
1.22 +* by the licensees. In such a case, all the operations performed by
1.23 +* the replacing class would be performed in Kernel Space.
1.24 +*
1.25 +*/
1.26 +
1.27 +
1.28 +#include "tcryptotokenhai.h"
1.29 +#include "tkeydetails.h"
1.30 +#include "cryptosignatureapi.h"
1.31 +#include "keys.h"
1.32 +
1.33 +#include <cryptospi/cryptoparams.h>
1.34 +#include <cryptospi/cryptospidef.h>
1.35 +
1.36 +EXPORT_C CCryptoTokenHai* CCryptoTokenHai::NewLC(MCTToken* aToken)
1.37 + {
1.38 + CCryptoTokenHai* instance = new(ELeave) CCryptoTokenHai(*aToken);
1.39 + CleanupStack::PushL(instance);
1.40 + instance->ConstructL();
1.41 + return instance;
1.42 + }
1.43 +
1.44 +EXPORT_C CCryptoTokenHai* CCryptoTokenHai::NewL(MCTToken* aToken)
1.45 + {
1.46 + CCryptoTokenHai* instance = CCryptoTokenHai::NewLC(aToken);
1.47 + CleanupStack::Pop(instance);
1.48 + return instance;
1.49 + }
1.50 +
1.51 +void CCryptoTokenHai::ConstructL()
1.52 + {
1.53 + User::LeaveIfError(iFs.Connect());
1.54 + OpenStoreL();
1.55 + }
1.56 +
1.57 +CCryptoTokenHai::CCryptoTokenHai(MCTToken& aToken)
1.58 + :iToken(aToken)
1.59 + {}
1.60 +
1.61 +EXPORT_C CCryptoTokenHai::~CCryptoTokenHai()
1.62 + {
1.63 + if(iFileStore)
1.64 + {
1.65 + CompactStore();
1.66 + delete iFileStore;
1.67 + }
1.68 +
1.69 + iFs.Close();
1.70 + iKeys.ResetAndDestroy();
1.71 + iKeys.Close();
1.72 + }
1.73 +
1.74 +/**
1.75 + * Performs the decryption operation.
1.76 + *
1.77 + * This API gets called when the decryption is supposed to be done in
1.78 + * the hardware.
1.79 + *
1.80 + * @param aHandle The key handle
1.81 + * @param aCiphertext The cipher text. This is not being used presently
1.82 + * due to decryption logic used in this function.
1.83 + * @param aPlainText Output param. The decrypted plain text. Ownership
1.84 + * of the pointer lies with the caller.
1.85 + *
1.86 + * @leave This function can leave with following error codes:-
1.87 + * - KErrNotFound - If the key corresponding to given handle is not
1.88 + * found.
1.89 + * - Any other error code returned by AllocL().
1.90 + *
1.91 + * @note This function does not actually implement ECC decryption. It
1.92 + * just intends to show that the key is with this class and it can
1.93 + * do actual ECC decryption here. This function just returns the
1.94 + * private key as decrypted text. The caller can verify the decryption
1.95 + * by ensuring that test case has same public and private keys and then
1.96 + * comparing the decrypted text with public key.
1.97 + */
1.98 +EXPORT_C void CCryptoTokenHai::DecryptL( TInt aHandle,
1.99 + const TDesC8& /* aCiphertext */,
1.100 + HBufC8*& aPlainText )
1.101 + {
1.102 + TInt keyIndex = KeyPresent(aHandle);
1.103 + if(keyIndex == KErrNotFound)
1.104 + {
1.105 + User::Leave(KErrNotFound);
1.106 + }
1.107 +
1.108 + ExportPrivateKeyL(aHandle, aPlainText);
1.109 + }
1.110 +
1.111 +/**
1.112 + * Performs the signing operation.
1.113 + *
1.114 + * This API gets called when the signing is supposed to be done inside
1.115 + * the hardware.
1.116 + *
1.117 + * @param aHandle The key handle
1.118 + * @param aPlaintext The text which has to be signed. This is not being
1.119 + * used due to signing logic used in this function.
1.120 + * @param aSignature Output param. The signature in HBufC8 format.
1.121 + * Ownership of the pointer lies with the caller. This should be
1.122 + * converted to CCryptoParams by the crypto token reference plugin.
1.123 + *
1.124 + * @leave This function can leave with following error codes:-
1.125 + * - KErrNotFound - If the key corresponding to given handle is not
1.126 + * found.
1.127 + * - Any other error code returned by AllocL().
1.128 + *
1.129 + * @note This function does not actually implement ECC signing. It
1.130 + * just intends to show that the key is with this class and it can
1.131 + * do actual ECC signing here. Currently this function just returns
1.132 + * the private key as output signature. The caller can verify the
1.133 + * signature by ensuring that test case has same public and private
1.134 + * keys and then comparing the signature with public key.
1.135 + */
1.136 +EXPORT_C void CCryptoTokenHai::SignL( TInt aHandle,
1.137 + const TDesC8& /* aPlaintext */,
1.138 + HBufC8*& aSignature )
1.139 + {
1.140 + TInt keyIndex = KeyPresent(aHandle);
1.141 + if(keyIndex == KErrNotFound)
1.142 + {
1.143 + User::Leave(KErrNotFound);
1.144 + }
1.145 +
1.146 + ExportPrivateKeyL(aHandle, aSignature);
1.147 + }
1.148 +
1.149 +/**
1.150 + * Returns the index of the key whose handle is given.
1.151 + *
1.152 + * @param aHandle Handle of the key. This is used to search the key.
1.153 + *
1.154 + * @return index of the key if search is successful, KErrNotFound
1.155 + * otherwise.
1.156 + */
1.157 +EXPORT_C TInt CCryptoTokenHai::KeyPresent( TInt aHandle )
1.158 + {
1.159 + int keysCount = iKeys.Count();
1.160 + for(TInt i=0; i < keysCount; ++i)
1.161 + {
1.162 + if(iKeys[i]->Handle() == aHandle)
1.163 + {
1.164 + return i;
1.165 + }
1.166 + }
1.167 + return KErrNotFound;
1.168 + }
1.169 +
1.170 +/**
1.171 + * Extracts the private key.
1.172 + *
1.173 + * @param aHandle Handle of the private key to be extracted.
1.174 + * @param aKey Output Parameter. Stores the private key on success.
1.175 + * Ownership of pointer is with the caller.
1.176 + *
1.177 + * @leave Following leave codes possible:-
1.178 + * - Any leave code returned by AllocL().
1.179 + * - KErrNotFound - If key corresponding to the given handle is not
1.180 + * found.
1.181 + *
1.182 + * @note In the actual implementation, licensees should ensure that
1.183 + * this function can be called only in Kernel space. In the reference
1.184 + * implementation, this function gets called only by CCryptoSpiHai,
1.185 + * which is assumed to operate in kernel space. This would ensure that
1.186 + * the private key always stays inside the hardware.
1.187 + */
1.188 +EXPORT_C void CCryptoTokenHai::ExportPrivateKeyL( TInt aHandle, HBufC8*& aKey )
1.189 + {
1.190 + int keysCount = iKeys.Count();
1.191 + for(int i = 0; i < keysCount; ++i)
1.192 + {
1.193 + if(iKeys[i]->Handle() == aHandle)
1.194 + {
1.195 + aKey = iKeys[i]->PrivateKey()->AllocL();
1.196 + return;
1.197 + }
1.198 + }
1.199 + User::Leave(KErrNotFound);
1.200 + }
1.201 +
1.202 +/**
1.203 + * Extracts the public key.
1.204 + *
1.205 + * @param aHandle Handle of the public key to be extracted.
1.206 + * @param aKey Output Parameter. Stores the public key on success.
1.207 + * Ownership of pointer is with the caller.
1.208 + *
1.209 + * @leave Following leave codes possible:-
1.210 + * - Any leave code returned by AllocL().
1.211 + * - KErrNotFound - If key corresponding to the given handle is not
1.212 + * found.
1.213 + */
1.214 +EXPORT_C void CCryptoTokenHai::ExportPublicKeyL( TInt aHandle, HBufC8*& aKey )
1.215 + {
1.216 + int keysCount = iKeys.Count();
1.217 + for(int i = 0; i < keysCount; ++i)
1.218 + {
1.219 + if(iKeys[i]->Handle() == aHandle)
1.220 + {
1.221 + aKey = iKeys[i]->PublicKey()->AllocL();
1.222 + return;
1.223 + }
1.224 + }
1.225 + User::Leave(KErrNotFound);
1.226 + }
1.227 +
1.228 +/**
1.229 + * Stores the key with given details.
1.230 + *
1.231 + * @param aLabel Label of the key.
1.232 + * @param aPrivateKey Private component of the key.
1.233 + * @param aPublicKey Public component of the key.
1.234 + *
1.235 + * @leave Following leave codes possible:-
1.236 + * - KErrAlreadyExists If there is already a key with the inputted
1.237 + * label.
1.238 + * - Any other leave code returned by NewL() or AppendL().
1.239 + *
1.240 + * @note In the present reference implementation this function is not
1.241 + * being used, since device keys are pre-provisioned by the licensees.
1.242 + * Hence licensees may decide not to implement this function in their
1.243 + * real implementation.
1.244 + */
1.245 +EXPORT_C void CCryptoTokenHai::ImportKeyL(const TDesC& aLabel,
1.246 + const TDesC8& aPrivateKey, const TDesC8& aPublicKey)
1.247 + {
1.248 + int keysCount = iKeys.Count();
1.249 + for(int i = 0; i < keysCount; ++i)
1.250 + {
1.251 + if(iKeys[i]->Label() == aLabel)
1.252 + {
1.253 + User::Leave(KErrAlreadyExists);
1.254 + }
1.255 + }
1.256 + CKeyDetails* keyDetails = CKeyDetails::NewL(keysCount+1,aLabel,aPrivateKey,aPublicKey);
1.257 + iKeys.AppendL(keyDetails);
1.258 + }
1.259 +
1.260 +/**
1.261 + * Populates the string containing full RAM path of file containing
1.262 + * keys.
1.263 + */
1.264 +void CCryptoTokenHai::MakePrivateFilenameL(RFs& aFs, const TDesC& aLeafName, TDes& aNameOut)
1.265 + {
1.266 + aNameOut.SetLength(0);
1.267 + aNameOut.Append(RFs::GetSystemDriveChar());
1.268 +
1.269 + aNameOut.Append(':');
1.270 +
1.271 + // Get private path
1.272 + TBuf<20> privatePath;
1.273 + User::LeaveIfError(aFs.PrivatePath(privatePath));
1.274 + aNameOut.Append(privatePath);
1.275 +
1.276 + aNameOut.Append(aLeafName);
1.277 + }
1.278 +
1.279 +/**
1.280 + * Creates the corresponding directory, if it does not exist.
1.281 + */
1.282 +void CCryptoTokenHai::EnsurePathL(RFs& aFs, const TDesC& aFile)
1.283 + {
1.284 + TInt err = aFs.MkDirAll(aFile);
1.285 + if (err != KErrNone && err != KErrAlreadyExists)
1.286 + {
1.287 + User::Leave(err);
1.288 + }
1.289 + }
1.290 +
1.291 +/**
1.292 + * Populates the string containing full ROM path of the keys file.
1.293 + */
1.294 +void CCryptoTokenHai::MakePrivateROMFilenameL(RFs& aFs, const TDesC& aLeafName, TDes& aNameOut)
1.295 + {
1.296 + _LIT(KFileStoreROMDrive, "Z:");
1.297 +
1.298 + aNameOut.Copy(KFileStoreROMDrive);
1.299 +
1.300 + // Get private path
1.301 + TBuf<20> privatePath;
1.302 + User::LeaveIfError(aFs.PrivatePath(privatePath));
1.303 + aNameOut.Append(privatePath);
1.304 + aNameOut.Append(aLeafName);
1.305 + }
1.306 +
1.307 +/**
1.308 + * Copies the contents of source file to destination file.
1.309 + *
1.310 + * This is typically used to copy the keys file from ROM to RAM.
1.311 + */
1.312 +void CCryptoTokenHai::CopyL(RFs& aFs, const TDesC& aSouce, const TDesC& aDest)
1.313 + {
1.314 + RFileReadStream in;
1.315 + User::LeaveIfError(in.Open(aFs, aSouce, EFileRead | EFileShareReadersOnly));
1.316 + CleanupClosePushL(in);
1.317 +
1.318 + RFileWriteStream out;
1.319 + User::LeaveIfError(out.Replace(aFs, aDest, EFileWrite | EFileShareExclusive));
1.320 + CleanupClosePushL(out);
1.321 +
1.322 + in.ReadL(out);
1.323 + CleanupStack::PopAndDestroy(2, &in);
1.324 + }
1.325 +
1.326 +/**
1.327 + * Keys corresponding to this store are present in hwkeys.dat.
1.328 + * In the production code written by licensees, this would be the path
1.329 + * where device keys are stored.
1.330 + */
1.331 +_LIT(KKeyStoreFilename,"hwkeys.dat");
1.332 +
1.333 +/**
1.334 + * Opens a store containing hardware keys.
1.335 + *
1.336 + * This function uses the following logic to open the store:-
1.337 + * -# Try to open the store from the private directory.
1.338 + * -# If this fails copy the file from ROM to RAM.
1.339 + * -# If both fail, create your own keys store from scratch.
1.340 + */
1.341 +void CCryptoTokenHai::OpenStoreL()
1.342 + {
1.343 + TFileName fullPath;
1.344 + MakePrivateFilenameL(iFs, KKeyStoreFilename, fullPath);
1.345 +
1.346 + EnsurePathL(iFs, fullPath);
1.347 + TRAPD(result, OpenStoreInFileL(fullPath));
1.348 +
1.349 + if (result == KErrInUse )
1.350 + {
1.351 + // Cannot access the file now. Abort rather than wiping the keystore.
1.352 + User::Leave(result);
1.353 + }
1.354 +
1.355 + if (result != KErrNone )
1.356 + {
1.357 + /*
1.358 + * Not yet opened a valid store, either no file to be found, or
1.359 + * no valid store in it. Copy the original one stored in the
1.360 + * ROM.
1.361 + */
1.362 + TRAPD(result2, CopyStoreFromROML(fullPath, result));
1.363 +
1.364 + if (KErrNone != result2)
1.365 + {
1.366 + /*
1.367 + * We tried to copy the keystore from ROM. For some reason this
1.368 + * failed and we still cannot open the file. Create a new one from
1.369 + * scratch.
1.370 + */
1.371 + CreateStoreInFileL(fullPath);
1.372 + }
1.373 + }
1.374 +
1.375 + }
1.376 +
1.377 +/**
1.378 + * Copies the key store file from ROM to RAM.
1.379 + */
1.380 +void CCryptoTokenHai::CopyStoreFromROML(const TDesC& fullPath, TInt result)
1.381 + {
1.382 + if (result != KErrNotFound)
1.383 + {
1.384 + // Wipe the keystore if we can't open it (it's corrupt anyway)
1.385 + User::LeaveIfError(iFs.Delete(fullPath));
1.386 + }
1.387 +
1.388 + TFileName romPath;
1.389 + MakePrivateROMFilenameL(iFs, KKeyStoreFilename, romPath);
1.390 +
1.391 + // Copy data from rom and open it
1.392 + CopyL(iFs, romPath, fullPath);
1.393 + OpenStoreInFileL(fullPath);
1.394 + }
1.395 +
1.396 +/**
1.397 + * Opens a store from the given file.
1.398 + */
1.399 +void CCryptoTokenHai::OpenStoreInFileL(const TDesC& aFile)
1.400 + {
1.401 + RFile file;
1.402 + User::LeaveIfError(file.Open(iFs, aFile, EFileRead | EFileWrite | EFileShareAny));
1.403 + CleanupClosePushL(file);
1.404 + delete iFileStore;
1.405 + iFileStore = NULL;
1.406 +
1.407 + iFileStore = CPermanentFileStore::FromL(file);
1.408 + // iFileStore takes ownership of file now
1.409 + CleanupStack::Pop(&file);
1.410 +
1.411 + // Get the salt, root and manager TStreamIds
1.412 + iRootStreamId = iFileStore->Root();
1.413 + if (iRootStreamId == KNullStreamId)
1.414 + {
1.415 + User::Leave(KErrCorrupt);
1.416 + }
1.417 + RStoreReadStream rootStream;
1.418 + rootStream.OpenLC(*iFileStore, iRootStreamId);
1.419 + ReadKeysFromStoreL();
1.420 + CleanupStack::PopAndDestroy(&rootStream);
1.421 + }
1.422 +
1.423 +/**
1.424 + * Creates a keys store in RAM from scratch.
1.425 + *
1.426 + * @note This function should never get called as hwkeys.dat should be
1.427 + * always present in ROM. If this function somehow gets called, it
1.428 + * will create a hwkeys.dat file from scratch. However, this file would
1.429 + * not contain any keys and tests would not pass.
1.430 + */
1.431 +void CCryptoTokenHai::CreateStoreInFileL(const TDesC& aFile)
1.432 + {
1.433 + TInt r = iFs.MkDirAll(aFile);
1.434 + if ( (r!=KErrNone) && (r!=KErrAlreadyExists) )
1.435 + User::Leave(r);
1.436 +
1.437 + delete iFileStore;
1.438 + iFileStore = NULL;
1.439 + iFileStore = CPermanentFileStore::ReplaceL(iFs, aFile, EFileRead | EFileWrite | EFileShareExclusive);
1.440 + iFileStore->SetTypeL(KPermanentFileStoreLayoutUid);
1.441 +
1.442 + TCleanupItem cleanupStore(RevertStore, iFileStore);
1.443 + CleanupStack::PushL(cleanupStore);
1.444 +
1.445 + // Create root stream - just contains id of info stream
1.446 + RStoreWriteStream rootStream;
1.447 + iRootStreamId = rootStream.CreateLC(*iFileStore);
1.448 + iFileStore->SetRootL(iRootStreamId);
1.449 + WriteKeysToStoreL(rootStream);
1.450 + iFileStore->CommitL();
1.451 + CleanupStack::PopAndDestroy(&rootStream);
1.452 + CleanupStack::Pop(); // cleanupStore
1.453 + }
1.454 +
1.455 +/**
1.456 + * Copies the keys stored in the instance to inputted write stream.
1.457 + *
1.458 + * This invokes the CKeyDetails::ExternalizeL() function.
1.459 + */
1.460 +void CCryptoTokenHai::WriteKeysToStoreL(RStoreWriteStream& aRootStream)
1.461 + {
1.462 + TInt keyCount = iKeys.Count();
1.463 + aRootStream.WriteInt32L(keyCount);
1.464 +
1.465 + for (TInt index = 0; index < keyCount; index++)
1.466 + {
1.467 + aRootStream << *iKeys[index];
1.468 + }
1.469 + aRootStream.CommitL();
1.470 + }
1.471 +
1.472 +/**
1.473 + * Copies the keys present in the read store to instance of class.
1.474 + *
1.475 + * This eventually invokes the CKeyDetails::InternalizeL() function.
1.476 + */
1.477 +void CCryptoTokenHai::ReadKeysFromStoreL()
1.478 + {
1.479 + RStoreReadStream rootStream;
1.480 +
1.481 + rootStream.OpenLC(*iFileStore, iRootStreamId);
1.482 + TInt keyCount = rootStream.ReadInt32L();
1.483 +
1.484 + for (TInt index = 0; index < keyCount; index++)
1.485 + {
1.486 + CKeyDetails* keyDetails = CKeyDetails::NewL(rootStream);
1.487 + iKeys.Append(keyDetails);
1.488 + }
1.489 + CleanupStack::PopAndDestroy(&rootStream);
1.490 + }
1.491 +
1.492 +/**
1.493 + * This is a cleanup item that reverts the store.
1.494 + */
1.495 +void CCryptoTokenHai::RevertStore(TAny* aStore)
1.496 + {
1.497 + CPermanentFileStore* store = reinterpret_cast<CPermanentFileStore*>(aStore);
1.498 + TRAP_IGNORE(store->RevertL());
1.499 + }
1.500 +
1.501 +/**
1.502 + * Compacts the store.
1.503 + */
1.504 +void CCryptoTokenHai::CompactStore()
1.505 + {
1.506 + ASSERT(iFileStore);
1.507 + TRAP_IGNORE(iFileStore->ReclaimL(); iFileStore->CompactL());
1.508 + }
1.509 +
1.510 +/**
1.511 + * Populates the list of keys based on the input filter.
1.512 + *
1.513 + * @param aFilter Set of conditions to be used to decide which keys
1.514 + * should be listed
1.515 + * @param aKeys Output param. Contains the array of keys which fulfil
1.516 + * criteria mentioned in filter. Caller should take responsibility of
1.517 + * this array.
1.518 + *
1.519 + * @leave Any of the system wide error codes.
1.520 + *
1.521 + * @note Though Crypto Token HAI internally operates in CKeyDetails,
1.522 + * this function returns CCTKeyInfo array.
1.523 + */
1.524 +EXPORT_C void CCryptoTokenHai::ListL(const TCTKeyAttributeFilter& aFilter ,
1.525 + RPointerArray<CCTKeyInfo>& aKeys) const
1.526 + {
1.527 + TInt count = iKeys.Count();
1.528 + for(TInt index = 0 ;index < count; ++ index)
1.529 + {
1.530 + const CKeyDetails* keyDetails = iKeys[index];
1.531 +
1.532 + if(KeyMatchesFilterL(*keyDetails,aFilter))
1.533 + {
1.534 + MCTAuthenticationObject* authObject = NULL;
1.535 + HBufC8* attribute = keyDetails->PKCS8AttributeSet().AllocLC();
1.536 + HBufC* label = keyDetails->Label().AllocLC();
1.537 +
1.538 + CCTKeyInfo* keyInfo = CCTKeyInfo::NewL(
1.539 + keyDetails->ID(),keyDetails->Usage(),keyDetails->Size(),
1.540 + authObject,label,iToken,keyDetails->Handle(),keyDetails->UsePolicy(),
1.541 + keyDetails->ManagementPolicy(),keyDetails->Algorithm(),keyDetails->AccessType(),
1.542 + keyDetails->Native(),keyDetails->StartDate(),keyDetails->EndDate(),attribute);
1.543 +
1.544 + CleanupStack::Pop(2, attribute); // label
1.545 + CleanupReleasePushL(*keyInfo);
1.546 +
1.547 + User::LeaveIfError(aKeys.Append(keyInfo));
1.548 + CleanupStack::Pop(keyInfo);
1.549 +
1.550 + }
1.551 + }
1.552 +
1.553 + }
1.554 +
1.555 +/**
1.556 + * Takes in a filter and key details and decides if key fulfils the
1.557 + * filter criteria.
1.558 + *
1.559 + * @param aInfo The Key Details
1.560 + * @param aFilter Filter specifying the conditions to be satisfied for
1.561 + * listing the keys.
1.562 + *
1.563 + * @retval ETrue if key satisfies the conditions specified in filter
1.564 + * @retval EFalse otherwise.
1.565 + *
1.566 + * @leave KErrArgument If there is an issue in policy filter.
1.567 + */
1.568 +TBool CCryptoTokenHai::KeyMatchesFilterL(const CKeyDetails& aInfo,
1.569 + const TCTKeyAttributeFilter& aFilter) const
1.570 + {
1.571 +
1.572 + if (aFilter.iKeyId.Length() && aFilter.iKeyId != aInfo.ID())
1.573 + {
1.574 + return EFalse;
1.575 + }
1.576 +
1.577 + if (aFilter.iUsage != EPKCS15UsageAll)
1.578 + {
1.579 + if ((aInfo.Usage() & aFilter.iUsage) == 0)
1.580 + return EFalse;
1.581 + }
1.582 +
1.583 + if (aFilter.iKeyAlgorithm != CCTKeyInfo::EInvalidAlgorithm &&
1.584 + aFilter.iKeyAlgorithm != aInfo.Algorithm())
1.585 + {
1.586 + return EFalse;
1.587 + }
1.588 +
1.589 + switch (aFilter.iPolicyFilter)
1.590 + {
1.591 + case TCTKeyAttributeFilter::EAllKeys:
1.592 + // All keys pass
1.593 + break;
1.594 +
1.595 + case TCTKeyAttributeFilter::EUsableKeys:
1.596 + if (!aInfo.UsePolicy().CheckPolicy(RThread()))
1.597 + {
1.598 + return EFalse;
1.599 + }
1.600 + break;
1.601 + case TCTKeyAttributeFilter::EManageableKeys:
1.602 + // As this key store implementation is a hardware simulation,
1.603 + // the support for managing through software interface has been diabled.
1.604 + return EFalse;
1.605 +
1.606 + case TCTKeyAttributeFilter::EUsableOrManageableKeys:
1.607 + if (!aInfo.UsePolicy().CheckPolicy(RThread()) &&
1.608 + !aInfo.ManagementPolicy().CheckPolicy(RThread()))
1.609 + {
1.610 + return EFalse;
1.611 + }
1.612 + break;
1.613 +
1.614 + default:
1.615 + User::Leave(KErrArgument);
1.616 + }
1.617 +
1.618 + return ETrue;
1.619 + }
1.620 +
1.621 +
1.622 +