diff -r afc583cfa176 -r da2ae96f639b cryptomgmtlibs/cryptotokenfw/inc_interfaces/mkeystore_v2.h
--- a/cryptomgmtlibs/cryptotokenfw/inc_interfaces/mkeystore_v2.h	Fri Oct 02 13:15:59 2009 +0300
+++ b/cryptomgmtlibs/cryptotokenfw/inc_interfaces/mkeystore_v2.h	Mon Oct 12 10:17:04 2009 +0300
@@ -37,6 +37,15 @@
 class CCTKeyInfo;
 struct TCTKeyAttributeFilter;
 
+#ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT
+namespace CryptoSpi
+    {
+    class CSigner;
+    class CAsymmetricCipher;
+    class CCryptoParams;
+    }
+#endif /* SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT */
+
 /**
  * A template for signer objects.  It isn't possible to use a base class as the
  * signature objects created are not related.
@@ -382,6 +391,163 @@
 	/** Cancels an ongoing ExportPublic() operation */
 	virtual void CancelExportPublic() = 0;
 
+#ifdef SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT
+    /**
+     * Opens a key for signing. This function returns a CryptoSPI
+     * signer object. SignL() method should be invoked on this object
+     * to perform the signing operation.
+     *
+     * @param aHandle The handle of the key to be opened.
+     * @param aSigner The returned CryptoSPI signer object.
+     * @param aStatus Returns the status of asynchronous operation, 
+     * possible values of which are given below:-
+     * KErrNone if successful, otherwise a system wide error 
+     * code (in such a case signer object is not allocated). The 
+     * most likely error codes are:-
+     * - KErrNotSupported Default value, used if licensee does not
+     * provide an implementation.
+     * - KErrPermissionDenied If the caller does not conform to
+     * the key use security policy.
+     * - KErrNotFound If the key the handle referes to does not
+     * exist.
+     * - KErrKeyUsage If the key doesn't have sign usage.
+     * - KErrKeyValidity If the key is not currently valid.
+     * - KErrKeySize If the key length is too small.
+     * - KErrKeyAccess If an invalid combination of key access
+     * flags were specified.
+     * 
+     * @capability Requires the caller to have the capabilities
+     * specified in the key use security policy.
+     */
+	virtual void Open(const TCTTokenObjectHandle& /*aHandle*/,
+	                  CryptoSpi::CSigner*& /*aSigner*/,
+	                  TRequestStatus& aStatus)
+		{
+		TRequestStatus* status = &aStatus;
+		User::RequestComplete(status,KErrNotSupported);
+		}
+
+    /**
+     * Opens a key for decryption. This function returns a CryptoSPI
+     * signer object. ProcessL() method should be invoked on this object
+     * to perform the decryption operation.
+     *
+     * @param aHandle The handle of the key to be opened.
+     * @param aAsymmetricCipher The returned CryptoSPI cipher object.
+     * @param aStatus Returns the status of asynchronous operation,
+     * possible values of which are given below:-
+     * KErrNone if successful, otherwise a system wide error 
+     * code (in such a case cipher object is not allocated). The 
+     * most likely error codes are:-
+     * - KErrNotSupported Default value, used if licensee does not
+     * provide an implementation.
+     * - KErrPermissionDenied If the caller does not conform to
+     * the key use security policy.
+     * - KErrNotFound If the key the handle referes to does not
+     * exist.
+     * - KErrKeyUsage If the key doesn't have sign usage.
+     * - KErrKeyValidity If the key is not currently valid.
+     * - KErrKeySize If the key length is too small.
+     * - KErrKeyAccess If an invalid combination of key access
+     * flags were specified.
+     *
+     * @capability Requires the caller to have the capabilities
+     * specified in the key use security policy.
+     */
+	virtual void Open(const TCTTokenObjectHandle& /*aHandle*/,
+	                  CryptoSpi::CAsymmetricCipher*& /*aAsymmetricCipher*/,
+	                  TRequestStatus& aStatus)
+		{
+		TRequestStatus* status = &aStatus;
+		User::RequestComplete(status,KErrNotSupported);
+		}
+
+	/**
+	 * This function takes a token handle and encrypted text as input
+	 * and stores the decrypted text as one of the output parameters.
+	 * This API would should be used by the licensees who want to perform
+	 * decryption operation inside the hardware without using CryptoSPI.
+	 *
+	 * @param aHandle The handle of the key to be used for decryption.
+     * @param aCiphertext Contains the encrypted text which has to be
+     * decrypted.
+     * @param aPlaintextPtr This contains the decrypted text. Caller
+     * should take responsibility of this pointer. Derived classes 
+     * should never take ownership of the passed pointer.
+     * @param aStatus Returns the status of asynchronous operation,
+     * possible values are given below:-
+     * KErrNone if successful, otherwise a system wide error 
+     * code (in such a case aPlaintextPtr is not allocated). The 
+     * most likely error codes are:-
+     * - KErrNotSupported Default value, used if licensee does not
+     * provide an implementation.
+     * - KErrPermissionDenied If the caller does not conform to
+     * the key use security policy.
+     * - KErrNotFound If the key the handle referes to does not
+     * exist.
+     * - KErrKeyUsage If the key doesn't have sign usage.
+     * - KErrKeyValidity If the key is not currently valid.
+     * - KErrKeySize If the key length is too small.
+     * - KErrKeyAccess If an invalid combination of key access
+     * flags were specified.
+     * 
+     * @capability Requires the caller to have the capabilities
+     * specified in the key use security policy.
+     */
+	virtual void Decrypt(const TCTTokenObjectHandle& /*aHandle*/,
+                         const TDesC8& /*aCiphertext*/,
+	                     HBufC8*& /*aPlaintextPtr*/,
+	                     TRequestStatus& aStatus)
+		{
+		TRequestStatus* status = &aStatus;
+		User::RequestComplete(status,KErrNotSupported);
+		}
+
+	/**
+	 * This function takes a token handle and plain text as input and
+	 * returns the signature as one of the output parameters. This API
+	 * would enable the licensees to sign a text by just having a handle
+	 * to key. The key can be stored in the hardware and does not come
+	 * out at all. This API should be used by the licensees who want to
+	 * perform signing operation inside the hardware without using
+	 * CryptoSPI.
+	 *
+	 * @param aHandle The handle of the key to be used for decryption.
+	 * @param aPlainText Text which has to be signed.
+	 * @param aSignature The cryptoSPI signature. Caller
+	 * should take responsibility of this pointer. Derived classes 
+     * should never take ownership of the passed pointer.
+	 * @param aStatus Returns the status of asynchronous operation,
+	 * possible values are:-
+	 * KErrNone if successful, otherwise a system wide error 
+     * code (in such a case aSignature is not allocated). The 
+     * most likely error codes are:-
+     * - KErrNotSupported Default value, used if licensee does not
+     * provide an implementation.
+     * - KErrPermissionDenied If the caller does not conform to
+     * the key use security policy.
+     * - KErrNotFound If the key the handle referes to does not
+     * exist.
+     * - KErrKeyUsage If the key doesn't have sign usage.
+     * - KErrKeyValidity If the key is not currently valid.
+     * - KErrKeySize If the key length is too small.
+     * - KErrKeyAccess If an invalid combination of key access
+     * flags were specified.
+     * 
+	 * @capability Requires the caller to have the capabilities
+	 * specified in the key use security policy.
+	 */
+	virtual void Sign(	const TCTTokenObjectHandle& /*aHandle*/,
+                        const TDesC8& /*aPlainText*/,
+	                    CryptoSpi::CCryptoParams*& /*aSignature*/,
+	                    TRequestStatus& aStatus)
+		{
+		TRequestStatus* status = &aStatus;
+		User::RequestComplete(status,KErrNotSupported);
+		}
+	
+#endif /* SYMBIAN_ENABLE_SDP_WMDRM_SUPPORT */
+
 	};