diff -r f18401adf8e1 -r 641f389e9157 cryptoservices/certificateandkeymgmt/inc/unifiedkeystore_v2.h --- a/cryptoservices/certificateandkeymgmt/inc/unifiedkeystore_v2.h Thu Aug 19 11:38:48 2010 +0300 +++ b/cryptoservices/certificateandkeymgmt/inc/unifiedkeystore_v2.h Tue Aug 31 17:00:08 2010 +0300 @@ -32,6 +32,14 @@ #include +#ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT +namespace CryptoSpi + { + class CSigner; + class CAsymmetricCipher; + class CCryptoParams; + } +#endif /** * Unified KeyStore panics @@ -128,6 +136,22 @@ TRequestStatus& aStatus); virtual void CancelExportPublic(); +#ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT + virtual void Open(const TCTTokenObjectHandle& aHandle, + CryptoSpi::CSigner*& aSigner, + TRequestStatus& aStatus); + virtual void Open(const TCTTokenObjectHandle& aHandle, + CryptoSpi::CAsymmetricCipher*& asymmetricCipherObj, + TRequestStatus& aStatus); + virtual void Decrypt(const TCTTokenObjectHandle& aHandle, + const TDesC8& aCiphertext, + HBufC8*& aPlaintextPtr, + TRequestStatus& aStatus); + virtual void Sign(const TCTTokenObjectHandle& aHandle, + const TDesC8& aPlaintext, + CryptoSpi::CCryptoParams*& aSignature, + TRequestStatus& aStatus); +#endif public: // For MCTKeyStoreManager except those (CreateKey, ImportKey, ImportEncryptedKey) // that require a caller-specified store @@ -435,6 +459,135 @@ * or equal to the value returned by KeyStoreManagerCount(). */ IMPORT_C MCTKeyStoreManager& KeyStoreManager(TInt aIndex); + +#ifdef SYMBIAN_AUTH_SERVER +public: + /** + * Generates a new key pair. The creation of key is for currently authenticated + * user. If currently there is no authenticated user then authentication of an user + * would be required. + * + * For the software key store, the owner of the new key is set to the + * calling process. Users can subsequently be added by calling SetUsers(). + * + * @param aKeyStoreIndex The index of the key store manager in which to + * create the key. Must be between zero and + * KeyStoreMangerCount() exclusive. + * @param aUsage The key usage flags in the PKCS#15 format. + * @param aSize The size of the key in bits. + * @param aLabel A textual label for the key. + * @param aAlgorithm The type of key. + * @param aAccessType The key access type - a bitfield specifying key + * access requirements. Allowed values are zero, or + * a comination of CCTKeyInfo::EKeyAccess::ESenstive + * and CCTKeyInfo::EKeyAccess::EExtractable + * @param aStartDate The start of the validity period. + * @param aEndDate The end of the validity period. + * @param aAuthenticationString The expression through which a user can be authenticated. + * Currently this should correspond to one of the alias values + * set by the licensee for authentication server configuration. + * @param aFreshness The validity to be considered for an already authenticated + * identity. Specification is in seconds. + * @param aKeyInfoOut A pointer that is set to a newly created key info + * object on successful completion. + * @param aStatus Final status of the operation. + * + * @capability WriteUserData Requires the caller to have WriteUserData capability + * @leave KErrPermissionDenied If the caller does not have WriteUserData capability + * @leave KErrKeyUsage If the key usage flags are not valid or not + * consistent with the key algorithm. + * @leave KErrKeyValidity If the validity start and end dates are specified + * but do not form a valid time period. + * @leave KErrAuthenticationFailure If the user authentication fails. + * @leave ... Any of the system wide error code. + * @panic If aKeyStoreIndex does not specify a valid keystore manager. + */ + + IMPORT_C void CreateKey(TInt aKeyStoreIndex, TKeyUsagePKCS15 aUsage,TUint aSize, + const TDesC& aLabel, CCTKeyInfo::EKeyAlgorithm aAlgorithm, + TInt aAccessType, TTime aStartDate, TTime aEndDate, + const TDesC& aAuthenticationString, TInt aFreshness, + CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus) ; + + /** + * Imports a key pair. The import of key is for currently authenticated + * user. If currently there is no authenticated user then authentication + * of an user would be required. + * + * For the software key store, the owner of the new key is set to the + * calling process. Users can subsequently be added by calling SetUsers(). + * + * The key data should be in PKCS#8 format. Both encrypted and cleartext + * versions are allowed. + * + * @param aKeyStoreIndex The index of the key store manager in which to + * create the key. Must be between zero and + * KeyStoreMangerCount() exclusive. + * @param aKeyData The key data to import, ASN.1 DER encoded PKCS#8. + * @param aUsage The key usage flags in the PKCS#15 format. + * @param aLabel A textual label for the key. + * @param aAccessType The key access type - a bitfield specifying key + * access requirements. Allowed values are zero, or + * a comination of CCTKeyInfo::EKeyAccess::ESenstive + * and CCTKeyInfo::EKeyAccess::EExtractable + * @param aStartDate The start of the validity period. + * @param aEndDate The end of the validity period. + * @param aAuthenticationString The expression through which a user can be authenticated. + * Currently this should correspond to one of the alias values + * set by the licensee for authentication server configuration. + * @param aFreshness The validity to be considered for an already authenticated + * identity. Specification is in seconds. + * @param aKeyInfoOut A pointer that is set to a newly created key info + * object on successful completion. + * @param aStatus Final status of the operation. + * + * @capability WriteUserData Requires the caller to have WriteUserData capability + * @leave KErrPermissionDenied If the caller does not have WriteUserData capability + * @leave KErrKeyUsage If the key usage flags are not valid or not + * consistent with the key algorithm. + * @leave KErrKeyValidity If the validity start and end dates are specified + * but do not form a valid time period. + * @leave KErrArgument If the key data cannot be parsed. + * @panic If aKeyStoreIndex does not specify a valid keystore manager. + */ + + IMPORT_C void ImportKey( TInt aKeyStoreIndex, const TDesC8& aKeyData, + TKeyUsagePKCS15 aUsage, const TDesC& aLabel, + TInt aAccessType, TTime aStartDate, TTime aEndDate, + const TDesC& aAuthenticationString, TInt aFreshness, + CCTKeyInfo*& aKeyInfoOut, TRequestStatus& aStatus); + + /** + * Set the authentication policy for an already existing key in the store. + * + * @param aHandle The handle of the key whose policy is to be changed. + * @param aAuthenticationString The expression associated to this key. + * @param aFreshness The validity associated to this key. + * Specification is in seconds. + * @param aStatus Final status of the operation. + */ + + IMPORT_C void SetAuthenticationPolicy( const TCTTokenObjectHandle aHandle, + const TDesC& aAuthenticationString, + TInt aFreshness, + TRequestStatus& aStatus); + + /** + * Retrieve authentication policy for an already existing key in the store. + * + * @param aHandle The handle of the key whose policy is to be retrieved. + * @param aAuthenticationString The expression associated to this key. The memory would + * be allocated at the server side. + * @param aFreshness The validity associated to this key. + * Specification is in seconds. + * @param aStatus Final status of the operation. + */ + + IMPORT_C void GetAuthenticationPolicy( const TCTTokenObjectHandle aHandle, + HBufC*& aAuthenticationString, + TInt& aFreshness, + TRequestStatus& aStatus); +#endif // SYMBIAN_AUTH_SERVER private: CUnifiedKeyStore(RFs& aFs);