Move the Security package to EPL, and add the implementations of the cryptographic algorithms
/*
* Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description:
* Implements PKCS#10 certificate request class.
*
*/
#include <pkcs10.h>
#include <asn1enc.h>
#include <e32std.h>
#include <e32def.h>
#include <x500dn.h>
#include <x509keys.h>
#include <hash.h>
#include <pkcs10attr.h>
#include "keyhelper.h"
void Panic(TInt aError)
{
_LIT(KCategory, "PKCS10");
User::Panic(KCategory, aError);
}
// CPKCS10Request Class Implementation
CPKCS10Request::CPKCS10Request(const CX500DistinguishedName* aDN,
const CCTKeyInfo* aKeyInfo,
CPKCS10Attributes* aAttr) :
CActive(EPriorityNormal),
iDN(aDN),
iKeyInfo(aKeyInfo),
iAttributes(aAttr),
iDigestId(ESHA1)
{
CActiveScheduler::Add(this);
}
EXPORT_C CPKCS10Request* CPKCS10Request::NewLC(const CX500DistinguishedName& aDN,
const CCTKeyInfo& aKeyInfo,
CPKCS10Attributes* aAttr/* = NULL*/)
{
// Sanity Check the input parameters
if (&aDN == NULL)
{
User::Leave(KErrArgument);
}
if (&aKeyInfo == NULL)
{
User::Leave(KErrArgument);
}
CPKCS10Request* self = new (ELeave) CPKCS10Request(&aDN, &aKeyInfo, aAttr);
CleanupStack::PushL(self);
return self;
}
EXPORT_C CPKCS10Request* CPKCS10Request::NewL(const CX500DistinguishedName& aDN,
const CCTKeyInfo& aKeyInfo,
CPKCS10Attributes* aAttr/* = NULL*/)
{
CPKCS10Request* self = NewLC(aDN, aKeyInfo, aAttr);
CleanupStack::Pop(self);
return self;
}
EXPORT_C CPKCS10Request::~CPKCS10Request()
{
Cancel();
delete iAttributes;
Reset();
}
void CPKCS10Request::Reset()
{
delete iExportedKey;
iExportedKey = NULL;
delete iTBSData;
iTBSData = NULL;
delete iKeyHelper;
iKeyHelper = NULL;
if (iKeyStore)
{
iKeyStore->Release();
iKeyStore = NULL;
}
iState = EIdle;
}
EXPORT_C void CPKCS10Request::SetDistinguishedNameL(const CX500DistinguishedName& aDN)
{
// Sanity check
if (&aDN == NULL)
{
User::Leave(KErrArgument);
}
iDN = &aDN;
}
EXPORT_C void CPKCS10Request::SetKeyInfoL(const CCTKeyInfo& aKeyInfo)
{
// Sanity check
if (&aKeyInfo == NULL)
{
User::Leave(KErrArgument);
}
iKeyInfo = &aKeyInfo;
}
EXPORT_C void CPKCS10Request::SetAttributes(CPKCS10Attributes* aAttr)
{
delete iAttributes;
iAttributes = aAttr;
}
EXPORT_C void CPKCS10Request::SetDigestAlgL(TAlgorithmId aDigestId)
{
if (aDigestId != EMD2 && aDigestId != EMD5 && aDigestId != ESHA1)
{
User::Leave(KErrArgument);
}
if (iKeyInfo->Algorithm() == CCTKeyInfo::EDSA && aDigestId != ESHA1)
{
User::Leave(KErrArgument);
}
iDigestId = aDigestId;
}
EXPORT_C void CPKCS10Request::CreateEncoding(HBufC8*& aResult, TRequestStatus& aStatus)
{
ASSERT(iState == EIdle);
iClientStatus = &aStatus;
iResult = &aResult;
aResult = NULL;
aStatus = KRequestPending;
iState = EInitialize;
SetActive();
TRequestStatus* status = &iStatus;
User::RequestComplete(status, KErrNone);
}
TInt CPKCS10Request::RunError(TInt aErr)
{
User::RequestComplete(iClientStatus, aErr);
iState = EIdle;
return KErrNone;
}
void CPKCS10Request::DoCancel()
{
switch (iState)
{
case EGetKeyStore:
iKeyInfo->Token().CancelGetInterface();
break;
case EGetPublicKey:
iKeyStore->CancelExportPublic();
break;
case EOpenSigner:
iKeyHelper->CancelOpenSigner();
break;
case ESign:
iKeyHelper->CancelSignDigest();
break;
default:
// do nothing, keep compiler happy
break;
}
if (iClientStatus)
User::RequestComplete(iClientStatus, KErrCancel);
iState = EIdle;
}
void CPKCS10Request::RunL()
{
User::LeaveIfError(iStatus.Int());
switch (iState)
{
case EInitialize:
// Get keystore interface
if (iKeyStore)
{
iKeyStore->Release();
iKeyStore = NULL;
}
iKeyInfo->Token().GetInterface(TUid::Uid(KInterfaceKeyStore),
*reinterpret_cast<MCTTokenInterface**>(&iKeyStore),
iStatus);
iState = EGetKeyStore;
SetActive();
break;
case EGetKeyStore:
// Fetch the public key
delete iExportedKey;
iKeyStore->ExportPublic(*iKeyInfo, iExportedKey, iStatus);
iState = EGetPublicKey;
SetActive();
break;
case EGetPublicKey:
// Create key helper object
delete iKeyHelper;
iKeyHelper = CPKCS10KeyHelper::CreateKeyHelperL(*iKeyStore, *iKeyInfo, *iExportedKey, iDigestId);
EncodeTBSDataL();
// Open signing object
iKeyHelper->OpenSigner(iStatus);
iState = EOpenSigner;
SetActive();
break;
case EOpenSigner:
// Create digest
{
CMessageDigest* digest = NULL;
switch (iDigestId)
{
case EMD2:
digest = CMD2::NewL();
break;
case EMD5:
digest = CMD5::NewL();
break;
case ESHA1:
digest = CSHA1::NewL();
break;
default:
User::Invariant();
}
CleanupStack::PushL(digest);
// Hash data and sign
digest->Update(*iTBSData);
iKeyHelper->SignDigestL(digest->Final(), iStatus);
CleanupStack::PopAndDestroy(digest); // keystore copies data to be signed
iState = ESign;
SetActive();
}
break;
case ESign:
CreateFinalEncodingL();
Reset();
break;
default:
User::Invariant();
}
}
CASN1EncBase* CPKCS10Request::MakeAttrEncLC()
{
if (iAttributes)
{
CASN1EncBase* result = iAttributes->TakeEncodingLC();
delete iAttributes;
iAttributes = NULL;
return result;
}
else
{
CASN1EncSequence* contextSpecific = CASN1EncSequence::NewLC();
contextSpecific->SetTag(0);
return contextSpecific;
}
}
CASN1EncSequence* CPKCS10Request::MakeCertRequestInfoEncLC()
{
// Top-level sequence contains distinguished name and other
// stuff. This is what gets signed with the entity's private key.
CASN1EncSequence* certRequestInfo = CASN1EncSequence::NewLC();
// Encode version number, which is 0.
CASN1EncInt* version = CASN1EncInt::NewLC(0);
certRequestInfo->AddAndPopChildL(version);
// Encode distinguished name.
CASN1EncBase* distinguishedName = iDN->EncodeASN1LC();
certRequestInfo->AddAndPopChildL(distinguishedName);
// Encode SubjectPublicKeyInfo.
CASN1EncBase* subjectPubKeyInfo = iKeyHelper->EncodeKeyLC();
certRequestInfo->AddAndPopChildL(subjectPubKeyInfo);
// Encode attributes, if any.
CASN1EncBase* attr = MakeAttrEncLC();
certRequestInfo->AddAndPopChildL(attr);
return certRequestInfo;
}
void CPKCS10Request::EncodeTBSDataL()
{
// The data we provide for signing is the certRequestInfo object.
CASN1EncBase* certRequestInfo = MakeCertRequestInfoEncLC();
// Write DER of it to the buffer.
delete iTBSData;
iTBSData = HBufC8::NewMaxL(certRequestInfo->LengthDER());
TPtr8 dataPtr = iTBSData->Des();
TUint pos = 0;
certRequestInfo->WriteDERL(dataPtr, pos);
CleanupStack::PopAndDestroy(certRequestInfo);
}
void CPKCS10Request::CreateFinalEncodingL()
{
// the root sequence contains all other components of a X509 signed object
CASN1EncSequence* root = CASN1EncSequence::NewLC();
// wrap data to be signed in a sequence and add it to the root
CASN1EncEncoding* encenc = CASN1EncEncoding::NewLC(*iTBSData);
root->AddAndPopChildL(encenc);
// encode signature algorithm and parameters and add them to the root
CASN1EncSequence* sigalg = iKeyHelper->EncodeSignatureAlgorithmLC();
root->AddAndPopChildL(sigalg);
// Create ASN.1 bit string from the signature
CASN1EncBitString* encSig = iKeyHelper->EncodeSignatureLC();
root->AddAndPopChildL(encSig);
// encode the object in a DER encoding
HBufC8* der = HBufC8::NewMaxLC(root->LengthDER());
TPtr8 pder(der->Des());
TUint pos = 0;
root->WriteDERL(pder, pos);
CleanupStack::Pop(der);
CleanupStack::PopAndDestroy(root);
*iResult = der;
User::RequestComplete(iClientStatus, KErrNone);
}