/** Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).* All rights reserved.* This component and the accompanying materials are made available* under the terms of the License "Eclipse Public License v1.0"* which accompanies this distribution, and is available* at the URL "http://www.eclipse.org/legal/epl-v10.html".** Initial Contributors:* Nokia Corporation - initial contribution.** Contributors:** Description: * MCTKeystore.h**//** @file @publishedPartner @released*/#ifndef __MCTKEYSTORE_H__#define __MCTKEYSTORE_H__#include <securitydefs.h>#include <mkeystore.h>#include <s32file.h>#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS#include <mctkeystoreuids.h>#endif/** The UID of the filekey store */const TInt KTokenTypeFileKeystore = 0x101F7333;#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS/** The type ID of CCTKeyInfo objects */const TUid KKeyInfoUID = {0x101F5152};const TUid KNonRepudiationSignerUID = {0x101F7A40};const TUid KKeyStoreAuthObjectUID = {0x101FE681};#endifclass MCTAuthenticationObject;/** * Defines the interface for a read-only key store token. * * All the details are defined in MKeyStore as they are shared by the unified * key store. * * The class adds no extra member functions or data. * */class MCTKeyStore : public MCTTokenInterface, public MKeyStore { };/** * Base class for CCTKeyInfo. * */class CKeyInfoBase : protected CBase {public: /** Key algorithms. */ enum EKeyAlgorithm { EInvalidAlgorithm = 0, ERSA = 1, EDSA = 2, EDH = 3,#ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT EECC = 4,#endif }; /** Flags for key access bitfield. */ enum EKeyAccess { EInvalidAccess = 0x00, ESensitive = 0x01, EExtractable = 0x02, EAlwaysSensitive = 0x04, ENeverExtractable = 0x08, ELocal = 0x10 };public: inline TKeyIdentifier ID() const; ///< The ID (SHA-1 hash) of the key inline TKeyUsagePKCS15 Usage() const; ///< The key usage inline TUint Size() const; ///< The size of the key inline const TDesC& Label() const; ///< The key's label. inline const TSecurityPolicy& UsePolicy() const; ///< The security policy for key use inline const TSecurityPolicy& ManagementPolicy() const; ///< The security policy for key management inline EKeyAlgorithm Algorithm() const; ///< The key algorithm /** * The key access type. The return code is bitfield made up of 0 or more * values from EKeyAccess ORed together. */ inline TInt AccessType() const; /** * Returns whether the key is native. * * A native key is one where operations on the key are performed on the same * hardware as the the key is stored. For instance, if a key that is stored * on secure hardware but calculations are carried out on the main * processor, it isn't native. */ inline TBool Native() const; inline TTime StartDate() const; ///< The start time, or TTime(0) if not set inline TTime EndDate() const; ///< The end time, or TTime(0) if not set inline const TDesC8& PKCS8AttributeSet() const; ///< The PKCS#8 attribute set. /** * Externalizes the key data to stream */ IMPORT_C void ExternalizeL(RWriteStream& aStream) const;public: /** * Get the handle of the key. This is a identifier that uniquely identifies * the key within one store, and is used to construct the token handle. */ inline TInt HandleID() const; /** * Set the handle of the key. Called by the token when a key is created. * * @param aHandle The new handle of the key */ inline void SetHandle(TInt aHandle); /** * Called by the token when a key is created, to set the key identifier * (SHA-1 hash) of the new key * * @param aId The newly generated SHA-1 hash */ inline void SetIdentifier(TKeyIdentifier aId); /** * Set the size of a key. */ inline void SetSize(TUint aSize); /** * Set the key algorithm. */ inline void SetAlgorithm(EKeyAlgorithm aAlg);protected: /** * Protected constructor, called by derived classes. */ IMPORT_C CKeyInfoBase(TKeyIdentifier aID, TKeyUsagePKCS15 aUsage, TUint aSize, HBufC* aLabel, TInt aHandle, const TSecurityPolicy& aUsePolicy, const TSecurityPolicy& aManagementPolicy, EKeyAlgorithm aAlgorithm, TInt aAccessType, TBool aNative, TTime aStartDate, TTime aEndDate, HBufC8* aPKCS8AttributeSet); /** * Protected constructor, called by derived classes. */ IMPORT_C CKeyInfoBase(); /** * Second phase constructor. Called by derived classes' NewL methods. */ IMPORT_C void ConstructL(); /** * Second phase constructor. Called by derived classes' NewL methods. */ IMPORT_C void ConstructL(RReadStream& aIn); /** * Destructor is protected so CCTKeyInfo can force users to call Release. */ IMPORT_C ~CKeyInfoBase();private: /** * Internalizes key data from a stream. */ void InternalizeL(RReadStream& aStream);protected: TKeyIdentifier iID; ///< The ID of the key TKeyUsagePKCS15 iUsage; ///< The usage of the key TUint iSize; ///< The size of the key HBufC* iLabel; ///< The identifying label of the key TInt iHandle; ///< The handle of the key TSecurityPolicy iUsePolicy; ///< The secutity policy for key use TSecurityPolicy iManagementPolicy; ///< The secutity policy for key management EKeyAlgorithm iAlgorithm; ///< The key type (RSA, DSA etc) TInt iAccessType; ///< Key sensitivity TBool iNative; ///< Key is native (cryptographic operations are carried out on the store) TTime iStartDate; ///< Key Start Date TTime iEndDate; ///< Key end date HBufC8* iPKCS8AttributeSet; ///< Attributes as a DER-encoded set };/** * Information about a key, as returned by MCTKeyStore::List. * */class CCTKeyInfo : public CKeyInfoBase, public MCTTokenObject {public: /** * * Creates a CCTKeyInfo from constituents. This is called by the unified * key store, and should not be called directly. * * @param aID The SHA1 hash of the key * @param aUsage The usage of the key * @param aSize The size of the key in bytes * @param aProtector A protector object if the key is protected by a PIN. * This may be NULL if the protector is not known. * @param aLabel The label of the key (takes ownership). * @param aToken The token the key is in * @param aHandle The object ID part of the object handle; an * integer that is unique amongst keys in this token. * @param aUsePolicy The security policy for key use * @param aManagementPolicy The security policy for key management * @param aAlgorithm The key algorithm (RSA, DSA or Diffie-Hellman) * @param aAccessType The access type of the key * @param aNative Defines whether the key is native * @param aStartDate The key validity start date * @param aEndDate The key validity end date * @param aPKCS8AttributeSet (optional) The DER encoded PKCS8 attribute set * (takes ownership). * * @leave KErrKeyUsage If the key usage flags are not valid or not * consistent with the key algorithm. * @leave KErrKeyValidity If the validity start and end dates are specified * but do not form a valid time period. */ IMPORT_C static CCTKeyInfo* NewL(TKeyIdentifier aID, TKeyUsagePKCS15 aUsage, TUint aSize, MCTAuthenticationObject* aProtector, HBufC* aLabel, MCTToken& aToken, TInt aHandle, const TSecurityPolicy& aUsePolicy, const TSecurityPolicy& aManagementPolicy, EKeyAlgorithm aAlgorithm, TInt aAccessType, TBool aNative, TTime aStartDate, TTime aEndDate, HBufC8* aPKCS8AttributeSet = NULL); /** * Creates a new KeyInfo from a stream. * * @param aStream The stream to read the key data from * @param aToken The token that the key is in * * @leave KErrKeyUsage If the key usage flags are not valid or not * consistent with the key algorithm. * @leave KErrKeyValidity If the validity start and end dates are specified * but do not form a valid time period. */ IMPORT_C static CCTKeyInfo* NewL(RReadStream& aStream, MCTToken& aToken);public: /** * The PIN (or other authentication object) that protects the key, or NULL * if not set. This object is owned by key store. */ inline MCTAuthenticationObject* Protector() const; /** * Sets the authentication object for this key. The object's Release method * will be called by the destructor, allowing for refence counting of auth * objects to be implemented if desired. */ inline void SetProtector(MCTAuthenticationObject& aProtector); /** The CT handle to this object. */ inline operator TCTTokenObjectHandle() const;public: // from MCTTokenObject /** The label of the key */ virtual const TDesC& Label() const; /** The token the key is in */ virtual MCTToken& Token() const; /** Returns KKeyInfoUID to indicate this is a key info object */ virtual TUid Type() const; /** * A handle for the key. This can be used to identify a key to * another process. */ virtual TCTTokenObjectHandle Handle() const;private: CCTKeyInfo(TKeyIdentifier aID, TKeyUsagePKCS15 aUsage, TUint aSize, MCTAuthenticationObject* aProtector, HBufC* aLabel, MCTToken& aToken, TInt aHandle, const TSecurityPolicy& aUsePolicy, const TSecurityPolicy& aManagementPolicy, EKeyAlgorithm aAlgorithm, TInt aAccessType, TBool aNative, TTime aStartDate, TTime aEndDate, HBufC8* aPKCS8AttributeSet); CCTKeyInfo(MCTToken& aToken); ~CCTKeyInfo();private: /** The token the key is in*/ MCTToken& iToken; /** The protector object of the key. This pointer is not owned by the class */ MCTAuthenticationObject* iProtector;};/** * A filter to specify which keys should be returned from the store by * MCTKeyStore::List. * */struct TCTKeyAttributeFilter { enum TPolicyFilter { EAllKeys, EUsableKeys, EManageableKeys, EUsableOrManageableKeys }; /** Constructor */ IMPORT_C TCTKeyAttributeFilter(); /** * The hash of the key we're looking for. A zero-length descriptor means * 'don't care */ TKeyIdentifier iKeyId; /** * The required usage of the key. A key must match any of the usages * specified. Use EAllUsages to return all usages. */ TKeyUsagePKCS15 iUsage; /** * Filter returned keys by the operations the calling process is allowed to * perform on them (as determined by the security policies set on them). * * The default is EUsableKeys. Note that if this is to set to KAllKeys, all * keys will be returned, including those that are unusable by the calling * process. */ TPolicyFilter iPolicyFilter; /** The algorithm. EInvalidAlgorithm indicates 'don't care */ CCTKeyInfo::EKeyAlgorithm iKeyAlgorithm; };#include "mctkeystore.inl"#endif // __MCTKEYSTORE_H__