sl@0: /* sl@0: * Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). sl@0: * All rights reserved. sl@0: * This component and the accompanying materials are made available sl@0: * under the terms of the License "Eclipse Public License v1.0" sl@0: * which accompanies this distribution, and is available sl@0: * at the URL "http://www.eclipse.org/legal/epl-v10.html". sl@0: * sl@0: * Initial Contributors: sl@0: * Nokia Corporation - initial contribution. sl@0: * sl@0: * Contributors: sl@0: * sl@0: * Description: sl@0: * MCTKeystore.h sl@0: * sl@0: */ sl@0: sl@0: sl@0: /** sl@0: @file sl@0: @publishedPartner sl@0: @released sl@0: */ sl@0: sl@0: #ifndef __MCTKEYSTORE_H__ sl@0: #define __MCTKEYSTORE_H__ sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: #ifndef SYMBIAN_ENABLE_SPLIT_HEADERS sl@0: #include sl@0: #endif sl@0: sl@0: /** The UID of the filekey store */ sl@0: const TInt KTokenTypeFileKeystore = 0x101F7333; sl@0: sl@0: #ifndef SYMBIAN_ENABLE_SPLIT_HEADERS sl@0: sl@0: /** The type ID of CCTKeyInfo objects */ sl@0: const TUid KKeyInfoUID = {0x101F5152}; sl@0: const TUid KNonRepudiationSignerUID = {0x101F7A40}; sl@0: const TUid KKeyStoreAuthObjectUID = {0x101FE681}; sl@0: sl@0: #endif sl@0: sl@0: class MCTAuthenticationObject; sl@0: sl@0: /** sl@0: * Defines the interface for a read-only key store token. sl@0: * sl@0: * All the details are defined in MKeyStore as they are shared by the unified sl@0: * key store. sl@0: * sl@0: * The class adds no extra member functions or data. sl@0: * sl@0: */ sl@0: class MCTKeyStore : public MCTTokenInterface, public MKeyStore sl@0: { sl@0: }; sl@0: sl@0: /** sl@0: * Base class for CCTKeyInfo. sl@0: * sl@0: */ sl@0: class CKeyInfoBase : protected CBase sl@0: { sl@0: public: sl@0: sl@0: /** Key algorithms. */ sl@0: enum EKeyAlgorithm sl@0: { sl@0: EInvalidAlgorithm = 0, sl@0: ERSA = 1, sl@0: EDSA = 2, sl@0: EDH = 3, sl@0: #ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT sl@0: EECC = 4, sl@0: #endif sl@0: }; sl@0: sl@0: /** Flags for key access bitfield. */ sl@0: enum EKeyAccess sl@0: { sl@0: EInvalidAccess = 0x00, sl@0: ESensitive = 0x01, sl@0: EExtractable = 0x02, sl@0: EAlwaysSensitive = 0x04, sl@0: ENeverExtractable = 0x08, sl@0: ELocal = 0x10 sl@0: }; sl@0: sl@0: public: sl@0: sl@0: inline TKeyIdentifier ID() const; ///< The ID (SHA-1 hash) of the key sl@0: inline TKeyUsagePKCS15 Usage() const; ///< The key usage sl@0: inline TUint Size() const; ///< The size of the key sl@0: inline const TDesC& Label() const; ///< The key's label. sl@0: inline const TSecurityPolicy& UsePolicy() const; ///< The security policy for key use sl@0: inline const TSecurityPolicy& ManagementPolicy() const; ///< The security policy for key management sl@0: inline EKeyAlgorithm Algorithm() const; ///< The key algorithm sl@0: sl@0: /** sl@0: * The key access type. The return code is bitfield made up of 0 or more sl@0: * values from EKeyAccess ORed together. sl@0: */ sl@0: inline TInt AccessType() const; sl@0: sl@0: /** sl@0: * Returns whether the key is native. sl@0: * sl@0: * A native key is one where operations on the key are performed on the same sl@0: * hardware as the the key is stored. For instance, if a key that is stored sl@0: * on secure hardware but calculations are carried out on the main sl@0: * processor, it isn't native. sl@0: */ sl@0: inline TBool Native() const; sl@0: sl@0: inline TTime StartDate() const; ///< The start time, or TTime(0) if not set sl@0: inline TTime EndDate() const; ///< The end time, or TTime(0) if not set sl@0: inline const TDesC8& PKCS8AttributeSet() const; ///< The PKCS#8 attribute set. sl@0: sl@0: /** sl@0: * Externalizes the key data to stream sl@0: */ sl@0: IMPORT_C void ExternalizeL(RWriteStream& aStream) const; sl@0: sl@0: public: sl@0: sl@0: /** sl@0: * Get the handle of the key. This is a identifier that uniquely identifies sl@0: * the key within one store, and is used to construct the token handle. sl@0: */ sl@0: inline TInt HandleID() const; sl@0: sl@0: /** sl@0: * Set the handle of the key. Called by the token when a key is created. sl@0: * sl@0: * @param aHandle The new handle of the key sl@0: */ sl@0: inline void SetHandle(TInt aHandle); sl@0: sl@0: /** sl@0: * Called by the token when a key is created, to set the key identifier sl@0: * (SHA-1 hash) of the new key sl@0: * sl@0: * @param aId The newly generated SHA-1 hash sl@0: */ sl@0: inline void SetIdentifier(TKeyIdentifier aId); sl@0: sl@0: /** sl@0: * Set the size of a key. sl@0: */ sl@0: inline void SetSize(TUint aSize); sl@0: sl@0: /** sl@0: * Set the key algorithm. sl@0: */ sl@0: inline void SetAlgorithm(EKeyAlgorithm aAlg); sl@0: sl@0: protected: sl@0: sl@0: /** sl@0: * Protected constructor, called by derived classes. sl@0: */ sl@0: IMPORT_C CKeyInfoBase(TKeyIdentifier aID, sl@0: TKeyUsagePKCS15 aUsage, sl@0: TUint aSize, sl@0: HBufC* aLabel, sl@0: TInt aHandle, sl@0: const TSecurityPolicy& aUsePolicy, sl@0: const TSecurityPolicy& aManagementPolicy, sl@0: EKeyAlgorithm aAlgorithm, sl@0: TInt aAccessType, sl@0: TBool aNative, sl@0: TTime aStartDate, sl@0: TTime aEndDate, sl@0: HBufC8* aPKCS8AttributeSet); sl@0: sl@0: /** sl@0: * Protected constructor, called by derived classes. sl@0: */ sl@0: IMPORT_C CKeyInfoBase(); sl@0: sl@0: /** sl@0: * Second phase constructor. Called by derived classes' NewL methods. sl@0: */ sl@0: IMPORT_C void ConstructL(); sl@0: sl@0: /** sl@0: * Second phase constructor. Called by derived classes' NewL methods. sl@0: */ sl@0: IMPORT_C void ConstructL(RReadStream& aIn); sl@0: sl@0: /** sl@0: * Destructor is protected so CCTKeyInfo can force users to call Release. sl@0: */ sl@0: IMPORT_C ~CKeyInfoBase(); sl@0: sl@0: private: sl@0: sl@0: /** sl@0: * Internalizes key data from a stream. sl@0: */ sl@0: void InternalizeL(RReadStream& aStream); sl@0: sl@0: protected: sl@0: TKeyIdentifier iID; ///< The ID of the key sl@0: TKeyUsagePKCS15 iUsage; ///< The usage of the key sl@0: TUint iSize; ///< The size of the key sl@0: HBufC* iLabel; ///< The identifying label of the key sl@0: TInt iHandle; ///< The handle of the key sl@0: TSecurityPolicy iUsePolicy; ///< The secutity policy for key use sl@0: TSecurityPolicy iManagementPolicy; ///< The secutity policy for key management sl@0: EKeyAlgorithm iAlgorithm; ///< The key type (RSA, DSA etc) sl@0: TInt iAccessType; ///< Key sensitivity sl@0: TBool iNative; ///< Key is native (cryptographic operations are carried out on the store) sl@0: TTime iStartDate; ///< Key Start Date sl@0: TTime iEndDate; ///< Key end date sl@0: HBufC8* iPKCS8AttributeSet; ///< Attributes as a DER-encoded set sl@0: }; sl@0: sl@0: /** sl@0: * Information about a key, as returned by MCTKeyStore::List. sl@0: * sl@0: */ sl@0: class CCTKeyInfo : public CKeyInfoBase, public MCTTokenObject sl@0: { sl@0: public: sl@0: sl@0: /** sl@0: * sl@0: * Creates a CCTKeyInfo from constituents. This is called by the unified sl@0: * key store, and should not be called directly. sl@0: * sl@0: * @param aID The SHA1 hash of the key sl@0: * @param aUsage The usage of the key sl@0: * @param aSize The size of the key in bytes sl@0: * @param aProtector A protector object if the key is protected by a PIN. sl@0: * This may be NULL if the protector is not known. sl@0: * @param aLabel The label of the key (takes ownership). sl@0: * @param aToken The token the key is in sl@0: * @param aHandle The object ID part of the object handle; an sl@0: * integer that is unique amongst keys in this token. sl@0: * @param aUsePolicy The security policy for key use sl@0: * @param aManagementPolicy The security policy for key management sl@0: * @param aAlgorithm The key algorithm (RSA, DSA or Diffie-Hellman) sl@0: * @param aAccessType The access type of the key sl@0: * @param aNative Defines whether the key is native sl@0: * @param aStartDate The key validity start date sl@0: * @param aEndDate The key validity end date sl@0: * @param aPKCS8AttributeSet (optional) The DER encoded PKCS8 attribute set sl@0: * (takes ownership). sl@0: * sl@0: * @leave KErrKeyUsage If the key usage flags are not valid or not sl@0: * consistent with the key algorithm. sl@0: * @leave KErrKeyValidity If the validity start and end dates are specified sl@0: * but do not form a valid time period. sl@0: */ sl@0: IMPORT_C static CCTKeyInfo* NewL(TKeyIdentifier aID, sl@0: TKeyUsagePKCS15 aUsage, sl@0: TUint aSize, sl@0: MCTAuthenticationObject* aProtector, sl@0: HBufC* aLabel, sl@0: MCTToken& aToken, sl@0: TInt aHandle, sl@0: const TSecurityPolicy& aUsePolicy, sl@0: const TSecurityPolicy& aManagementPolicy, sl@0: EKeyAlgorithm aAlgorithm, sl@0: TInt aAccessType, sl@0: TBool aNative, sl@0: TTime aStartDate, sl@0: TTime aEndDate, sl@0: HBufC8* aPKCS8AttributeSet = NULL); sl@0: sl@0: /** sl@0: * Creates a new KeyInfo from a stream. sl@0: * sl@0: * @param aStream The stream to read the key data from sl@0: * @param aToken The token that the key is in sl@0: * sl@0: * @leave KErrKeyUsage If the key usage flags are not valid or not sl@0: * consistent with the key algorithm. sl@0: * @leave KErrKeyValidity If the validity start and end dates are specified sl@0: * but do not form a valid time period. sl@0: */ sl@0: IMPORT_C static CCTKeyInfo* NewL(RReadStream& aStream, MCTToken& aToken); sl@0: sl@0: public: sl@0: sl@0: /** sl@0: * The PIN (or other authentication object) that protects the key, or NULL sl@0: * if not set. This object is owned by key store. sl@0: */ sl@0: inline MCTAuthenticationObject* Protector() const; sl@0: sl@0: /** sl@0: * Sets the authentication object for this key. The object's Release method sl@0: * will be called by the destructor, allowing for refence counting of auth sl@0: * objects to be implemented if desired. sl@0: */ sl@0: inline void SetProtector(MCTAuthenticationObject& aProtector); sl@0: sl@0: /** The CT handle to this object. */ sl@0: inline operator TCTTokenObjectHandle() const; sl@0: sl@0: public: sl@0: sl@0: // from MCTTokenObject sl@0: sl@0: /** The label of the key */ sl@0: virtual const TDesC& Label() const; sl@0: sl@0: /** The token the key is in */ sl@0: virtual MCTToken& Token() const; sl@0: sl@0: /** Returns KKeyInfoUID to indicate this is a key info object */ sl@0: virtual TUid Type() const; sl@0: sl@0: /** sl@0: * A handle for the key. This can be used to identify a key to sl@0: * another process. sl@0: */ sl@0: virtual TCTTokenObjectHandle Handle() const; sl@0: sl@0: private: sl@0: sl@0: CCTKeyInfo(TKeyIdentifier aID, sl@0: TKeyUsagePKCS15 aUsage, sl@0: TUint aSize, sl@0: MCTAuthenticationObject* aProtector, sl@0: HBufC* aLabel, sl@0: MCTToken& aToken, sl@0: TInt aHandle, sl@0: const TSecurityPolicy& aUsePolicy, sl@0: const TSecurityPolicy& aManagementPolicy, sl@0: EKeyAlgorithm aAlgorithm, sl@0: TInt aAccessType, sl@0: TBool aNative, sl@0: TTime aStartDate, sl@0: TTime aEndDate, sl@0: HBufC8* aPKCS8AttributeSet); sl@0: sl@0: CCTKeyInfo(MCTToken& aToken); sl@0: sl@0: ~CCTKeyInfo(); sl@0: sl@0: private: sl@0: sl@0: /** The token the key is in*/ sl@0: MCTToken& iToken; sl@0: sl@0: /** The protector object of the key. This pointer is not owned by the class */ sl@0: MCTAuthenticationObject* iProtector; sl@0: }; sl@0: sl@0: /** sl@0: * A filter to specify which keys should be returned from the store by sl@0: * MCTKeyStore::List. sl@0: * sl@0: */ sl@0: struct TCTKeyAttributeFilter sl@0: { sl@0: enum TPolicyFilter sl@0: { sl@0: EAllKeys, sl@0: EUsableKeys, sl@0: EManageableKeys, sl@0: EUsableOrManageableKeys sl@0: }; sl@0: sl@0: /** Constructor */ sl@0: IMPORT_C TCTKeyAttributeFilter(); sl@0: sl@0: /** sl@0: * The hash of the key we're looking for. A zero-length descriptor means sl@0: * 'don't care sl@0: */ sl@0: TKeyIdentifier iKeyId; sl@0: sl@0: /** sl@0: * The required usage of the key. A key must match any of the usages sl@0: * specified. Use EAllUsages to return all usages. sl@0: */ sl@0: TKeyUsagePKCS15 iUsage; sl@0: sl@0: /** sl@0: * Filter returned keys by the operations the calling process is allowed to sl@0: * perform on them (as determined by the security policies set on them). sl@0: * sl@0: * The default is EUsableKeys. Note that if this is to set to KAllKeys, all sl@0: * keys will be returned, including those that are unusable by the calling sl@0: * process. sl@0: */ sl@0: TPolicyFilter iPolicyFilter; sl@0: sl@0: /** The algorithm. EInvalidAlgorithm indicates 'don't care */ sl@0: CCTKeyInfo::EKeyAlgorithm iKeyAlgorithm; sl@0: }; sl@0: sl@0: #include "mctkeystore.inl" sl@0: sl@0: #endif // __MCTKEYSTORE_H__