|
1 /* |
|
2 * Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * Contains the implementation of CHardwareKeyStoreClient. In this |
|
16 * class only the newly added APIs for WMDRM have been implemented. |
|
17 * So this is not a full functional crypto token. |
|
18 * |
|
19 */ |
|
20 |
|
21 |
|
22 #include "thwkeystoreclient.h" |
|
23 #include "thwkeystoredefs.h" |
|
24 #include "keys.h" |
|
25 #include <cryptospi/cryptospidef.h> |
|
26 #include "cryptoasymmetriccipherapi.h" |
|
27 #include "cryptosignatureapi.h" |
|
28 #include <s32mem.h> |
|
29 |
|
30 MCTTokenInterface* CHardwareKeyStoreClient::NewKeyStoreInterfaceL(MCTToken& aToken) |
|
31 { |
|
32 // Destroyed by MCTTokenInterface::DoRelease() |
|
33 CHardwareKeyStoreClient* me = new (ELeave) CHardwareKeyStoreClient(aToken); |
|
34 CleanupStack::PushL(me); |
|
35 me->ConstructL(); |
|
36 CleanupStack::Pop(me); |
|
37 return (me); |
|
38 } |
|
39 |
|
40 CHardwareKeyStoreClient::CHardwareKeyStoreClient(MCTToken& aToken) |
|
41 : CActive(EPriorityNormal), |
|
42 // Reference count starts at one as we're always created and returned by a GetInterface() call on the token |
|
43 iRefCount(1), |
|
44 iToken(aToken) |
|
45 { |
|
46 } |
|
47 |
|
48 void CHardwareKeyStoreClient::ConstructL() |
|
49 { |
|
50 CActiveScheduler::Add(this); |
|
51 iCryptoTokenHai = CCryptoTokenHai::NewL(&iToken); |
|
52 } |
|
53 |
|
54 CHardwareKeyStoreClient::~CHardwareKeyStoreClient() |
|
55 { |
|
56 Cancel(); |
|
57 delete iCryptoTokenHai; |
|
58 } |
|
59 |
|
60 MCTToken& CHardwareKeyStoreClient::Token() |
|
61 { |
|
62 return iToken; |
|
63 } |
|
64 |
|
65 void CHardwareKeyStoreClient::AddRef() |
|
66 { |
|
67 ++iRefCount; |
|
68 |
|
69 iToken.AddRef(); |
|
70 } |
|
71 |
|
72 void CHardwareKeyStoreClient::DoRelease() |
|
73 { |
|
74 --iRefCount; |
|
75 |
|
76 ASSERT(iRefCount >= 0); |
|
77 if (iRefCount == 0) |
|
78 { |
|
79 MCTTokenInterface::DoRelease(); |
|
80 } |
|
81 } |
|
82 |
|
83 void CHardwareKeyStoreClient::ReleaseObject(const TCTTokenObjectHandle& /*aHandle*/) |
|
84 { |
|
85 } |
|
86 |
|
87 void CHardwareKeyStoreClient::RunL() |
|
88 { |
|
89 User::LeaveIfError(iStatus.Int()); |
|
90 |
|
91 switch(iState) |
|
92 { |
|
93 case ECreateSigner: |
|
94 { |
|
95 if(iCryptoTokenHai->KeyPresent(iHandle.iObjectId) != KErrNotFound) |
|
96 { |
|
97 CryptoSpi::TKeyProperty keyProperty; |
|
98 keyProperty.iAlgorithmUid = CryptoSpi::KEccSignerUid; |
|
99 |
|
100 CryptoSpi::CCryptoParams* keyParameters = CryptoSpi::CCryptoParams::NewLC(); |
|
101 keyParameters->AddL(iHandle.iObjectId, CryptoSpi::KPassedHandleToKeyUid); |
|
102 CryptoSpi::CKey* newKey = CryptoSpi::CKey::NewL(keyProperty, *keyParameters); |
|
103 CleanupStack::PushL(newKey); |
|
104 |
|
105 CryptoSpi::CSignatureFactory::CreateSignerL( *(iClientBuffer.iSigner), CryptoSpi::KEccSignerUid, |
|
106 *newKey, CryptoSpi::KPaddingModeNoneUid, |
|
107 NULL ); |
|
108 |
|
109 CleanupStack::PopAndDestroy(newKey); |
|
110 CleanupStack::PopAndDestroy(keyParameters); |
|
111 } |
|
112 else |
|
113 { |
|
114 User::Leave(KErrNotFound); |
|
115 } |
|
116 } |
|
117 break; |
|
118 case ECreateAsymmetricCipher: |
|
119 { |
|
120 if(iCryptoTokenHai->KeyPresent(iHandle.iObjectId) != KErrNotFound) |
|
121 { |
|
122 CryptoSpi::TKeyProperty keyProperty; |
|
123 keyProperty.iAlgorithmUid = CryptoSpi::KEccCipherUid; |
|
124 |
|
125 CryptoSpi::CCryptoParams* keyParameters = CryptoSpi::CCryptoParams::NewLC(); |
|
126 keyParameters->AddL(iHandle.iObjectId, CryptoSpi::KPassedHandleToKeyUid); |
|
127 CryptoSpi::CKey* newKey = CryptoSpi::CKey::NewL(keyProperty, *keyParameters); |
|
128 CleanupStack::PushL(newKey); |
|
129 |
|
130 CryptoSpi::CAsymmetricCipherFactory::CreateAsymmetricCipherL( |
|
131 *(iClientBuffer.iAsymmetricCipher), CryptoSpi::KEccCipherUid, |
|
132 *newKey, CryptoSpi::KCryptoModeDecryptUid, |
|
133 CryptoSpi::KPaddingModeNoneUid, NULL); |
|
134 |
|
135 CleanupStack::PopAndDestroy(newKey); |
|
136 CleanupStack::PopAndDestroy(keyParameters); |
|
137 } |
|
138 else |
|
139 { |
|
140 User::Leave(KErrNotFound); |
|
141 } |
|
142 } |
|
143 break; |
|
144 case EDecryptInHardware: |
|
145 { |
|
146 if(iCryptoTokenHai->KeyPresent(iHandle.iObjectId) != KErrNotFound) |
|
147 { |
|
148 iCryptoTokenHai->DecryptL(iHandle.iObjectId, *iPtr, *(iClientBuffer.decryptedText)); |
|
149 } |
|
150 else |
|
151 { |
|
152 User::Leave(KErrNotFound); |
|
153 } |
|
154 } |
|
155 break; |
|
156 case ESignInHardware: |
|
157 { |
|
158 if(iCryptoTokenHai->KeyPresent(iHandle.iObjectId) != KErrNotFound) |
|
159 { |
|
160 HBufC8* signature; |
|
161 iCryptoTokenHai->SignL(iHandle.iObjectId, *iPtr, signature); |
|
162 CleanupStack::PushL(signature); |
|
163 iClientBuffer.iSignature->AddL(signature->Des(), CryptoSpi::KEccKeyTypeUid); |
|
164 CleanupStack::PopAndDestroy(signature); |
|
165 } |
|
166 else |
|
167 { |
|
168 User::Leave(KErrNotFound); |
|
169 } |
|
170 break; |
|
171 } |
|
172 |
|
173 case EExportKey: |
|
174 { |
|
175 if(iCryptoTokenHai->KeyPresent(iHandle.iObjectId) != KErrNotFound) |
|
176 { |
|
177 iCryptoTokenHai->ExportPublicKeyL(iHandle.iObjectId, *iPublicKey); |
|
178 } |
|
179 else |
|
180 { |
|
181 User::Leave(KErrNotFound); |
|
182 } |
|
183 break; |
|
184 } |
|
185 default: |
|
186 User::Leave(KErrArgument); |
|
187 } |
|
188 |
|
189 User::RequestComplete(iClientStatus,KErrNone); |
|
190 } |
|
191 |
|
192 void CHardwareKeyStoreClient::DoCancel() |
|
193 { |
|
194 User::RequestComplete(iClientStatus,KErrCancel); |
|
195 } |
|
196 |
|
197 TInt CHardwareKeyStoreClient::RunError(TInt aError) |
|
198 { |
|
199 User::RequestComplete(iClientStatus, aError); |
|
200 return KErrNone; |
|
201 } |
|
202 |
|
203 /* |
|
204 * MKeystore interfaces |
|
205 */ |
|
206 |
|
207 void CHardwareKeyStoreClient::List( |
|
208 RMPointerArray<CCTKeyInfo>& aKeys, |
|
209 const TCTKeyAttributeFilter& aFilter, |
|
210 TRequestStatus& aStatus) |
|
211 { |
|
212 iClientStatus = &aStatus; |
|
213 *iClientStatus = KRequestPending; |
|
214 TRequestStatus* status = &aStatus; |
|
215 TRAPD(err,iCryptoTokenHai->ListL(aFilter,aKeys)); |
|
216 User::RequestComplete(status, err); |
|
217 } |
|
218 |
|
219 void CHardwareKeyStoreClient::CancelList() |
|
220 { |
|
221 |
|
222 } |
|
223 |
|
224 void CHardwareKeyStoreClient::GetKeyInfo(TCTTokenObjectHandle /*aHandle*/, CCTKeyInfo*& /*aInfo*/, |
|
225 TRequestStatus& aStatus) |
|
226 { |
|
227 TRequestStatus* status = &aStatus; |
|
228 User::RequestComplete(status, KErrNotSupported); |
|
229 } |
|
230 |
|
231 void CHardwareKeyStoreClient::CancelGetKeyInfo() |
|
232 { |
|
233 // synchronous, nothing to do |
|
234 } |
|
235 |
|
236 void CHardwareKeyStoreClient::Open(const TCTTokenObjectHandle& /*aHandle*/, |
|
237 MRSASigner*& /*aSigner*/, |
|
238 TRequestStatus& aStatus) |
|
239 { |
|
240 TRequestStatus* status = &aStatus; |
|
241 User::RequestComplete(status, KErrNotSupported); |
|
242 } |
|
243 |
|
244 void CHardwareKeyStoreClient::Open(const TCTTokenObjectHandle& /*aHandle*/, |
|
245 MCTSigner<CDSASignature*>*& /*aSigner*/, |
|
246 TRequestStatus& aStatus) |
|
247 { |
|
248 TRequestStatus* status = &aStatus; |
|
249 User::RequestComplete(status, KErrNotSupported); |
|
250 } |
|
251 |
|
252 void CHardwareKeyStoreClient::Open(const TCTTokenObjectHandle& /*aHandle*/, |
|
253 MCTDecryptor*& /*aDecryptor*/, |
|
254 TRequestStatus& aStatus) |
|
255 { |
|
256 TRequestStatus* status = &aStatus; |
|
257 User::RequestComplete(status, KErrNotSupported); |
|
258 } |
|
259 |
|
260 void CHardwareKeyStoreClient::Open(const TCTTokenObjectHandle& /*aHandle*/, |
|
261 MCTDH*& /*aDH*/, TRequestStatus& aStatus) |
|
262 { |
|
263 TRequestStatus* status = &aStatus; |
|
264 User::RequestComplete(status, KErrNotSupported); |
|
265 } |
|
266 |
|
267 void CHardwareKeyStoreClient::CancelOpen() |
|
268 { |
|
269 // synchronous, nothing to do |
|
270 } |
|
271 |
|
272 /** Returns the public key in DER-encoded ASN-1 */ |
|
273 void CHardwareKeyStoreClient::ExportPublic(const TCTTokenObjectHandle& aHandle, |
|
274 HBufC8*& aPublicKey, |
|
275 TRequestStatus& aStatus) |
|
276 { |
|
277 //TRequestStatus* status = &aStatus; |
|
278 iClientStatus = &aStatus; |
|
279 |
|
280 iStatus = KRequestPending; |
|
281 *iClientStatus = KRequestPending; |
|
282 iPublicKey = &aPublicKey; |
|
283 iHandle = aHandle; |
|
284 TRequestStatus* status = &iStatus; |
|
285 SetActive(); |
|
286 iState = EExportKey; |
|
287 |
|
288 User::RequestComplete(status, KErrNone); |
|
289 } |
|
290 |
|
291 void CHardwareKeyStoreClient::CancelExportPublic() |
|
292 { |
|
293 // synchronous, nothing to do |
|
294 } |
|
295 |
|
296 // ********************************************************************************* |
|
297 // MCTKeyStoreManager |
|
298 // ********************************************************************************* |
|
299 void CHardwareKeyStoreClient::CreateKey(CCTKeyInfo*& /*aReturnedKey*/, TRequestStatus& aStatus) |
|
300 { |
|
301 TRequestStatus* status = &aStatus; |
|
302 User::RequestComplete(status, KErrNotSupported); |
|
303 } |
|
304 |
|
305 void CHardwareKeyStoreClient::CancelCreateKey() |
|
306 { |
|
307 } |
|
308 |
|
309 /** |
|
310 * This function is not implemented since in the WMDRM case, device |
|
311 * are preprovisioned inside the device. Hence implementing this |
|
312 * function is not required. |
|
313 */ |
|
314 void CHardwareKeyStoreClient::ImportKey(const TDesC8& /*aKey*/, CCTKeyInfo*& /*aReturnedKey*/, TRequestStatus& aStatus) |
|
315 { |
|
316 TRequestStatus* status = &aStatus; |
|
317 User::RequestComplete(status, KErrNotSupported); |
|
318 } |
|
319 |
|
320 void CHardwareKeyStoreClient::CancelImportKey() |
|
321 { |
|
322 } |
|
323 |
|
324 void CHardwareKeyStoreClient::ImportEncryptedKey(const TDesC8& /*aKey*/, CCTKeyInfo*& /*aReturnedKey*/, TRequestStatus& aStatus) |
|
325 { |
|
326 TRequestStatus* status = &aStatus; |
|
327 User::RequestComplete(status, KErrNotSupported); |
|
328 } |
|
329 |
|
330 void CHardwareKeyStoreClient::CancelImportEncryptedKey() |
|
331 { |
|
332 } |
|
333 |
|
334 void CHardwareKeyStoreClient::ExportKey(TCTTokenObjectHandle /*aHandle*/, HBufC8*& /*aKey*/, TRequestStatus& aStatus) |
|
335 { |
|
336 TRequestStatus* status = &aStatus; |
|
337 User::RequestComplete(status, KErrNotSupported); |
|
338 } |
|
339 |
|
340 void CHardwareKeyStoreClient::CancelExportKey() |
|
341 { |
|
342 } |
|
343 |
|
344 void CHardwareKeyStoreClient::ExportEncryptedKey(TCTTokenObjectHandle /*aHandle*/, const CPBEncryptParms& /*aParams*/, HBufC8*& /*aKey*/, TRequestStatus& aStatus) |
|
345 { |
|
346 TRequestStatus* status = &aStatus; |
|
347 User::RequestComplete(status, KErrNotSupported); |
|
348 } |
|
349 |
|
350 void CHardwareKeyStoreClient::CancelExportEncryptedKey() |
|
351 { |
|
352 } |
|
353 |
|
354 void CHardwareKeyStoreClient::DeleteKey(TCTTokenObjectHandle /*aHandle*/, TRequestStatus& aStatus) |
|
355 { |
|
356 TRequestStatus* status = &aStatus; |
|
357 User::RequestComplete(status, KErrNotSupported); |
|
358 } |
|
359 |
|
360 void CHardwareKeyStoreClient::CancelDeleteKey() |
|
361 { |
|
362 // synchronous, nothing to do |
|
363 } |
|
364 |
|
365 void CHardwareKeyStoreClient::SetUsePolicy(TCTTokenObjectHandle /*aHandle*/, |
|
366 const TSecurityPolicy& /*aPolicy*/, |
|
367 TRequestStatus& aStatus) |
|
368 { |
|
369 TRequestStatus* status = &aStatus; |
|
370 User::RequestComplete(status, KErrNotSupported); |
|
371 } |
|
372 |
|
373 void CHardwareKeyStoreClient::CancelSetUsePolicy() |
|
374 { |
|
375 // synchronous, nothing to do |
|
376 } |
|
377 |
|
378 void CHardwareKeyStoreClient::SetManagementPolicy(TCTTokenObjectHandle /*aHandle*/, |
|
379 const TSecurityPolicy& /*aPolicy*/, |
|
380 TRequestStatus& aStatus) |
|
381 { |
|
382 TRequestStatus* status = &aStatus; |
|
383 User::RequestComplete(status, KErrNotSupported); |
|
384 } |
|
385 |
|
386 void CHardwareKeyStoreClient::CancelSetManagementPolicy() |
|
387 { |
|
388 // synchronous, nothing to do |
|
389 } |
|
390 |
|
391 /** |
|
392 * @todo |
|
393 * This interface should return KErrNotSupported but because of the way |
|
394 * it has been implemented in unifiedkeystore this is returning |
|
395 * KErrNone. This should be fixed later. |
|
396 */ |
|
397 void CHardwareKeyStoreClient::SetPassphraseTimeout(TInt /*aTimeout*/, TRequestStatus& aStatus) |
|
398 { |
|
399 TRequestStatus* status = &aStatus; |
|
400 User::RequestComplete(status, KErrNone); |
|
401 } |
|
402 |
|
403 void CHardwareKeyStoreClient::CancelSetPassphraseTimeout() |
|
404 { |
|
405 // No point cancelling, not asynchronous |
|
406 } |
|
407 |
|
408 /** |
|
409 * @todo |
|
410 * This interface should return KErrNotSupported but because of the way |
|
411 * it has been implemented in unifiedkeystore this is returning |
|
412 * KErrNone. This should be fixed later. |
|
413 */ |
|
414 void CHardwareKeyStoreClient::Relock(TRequestStatus& aStatus) |
|
415 { |
|
416 TRequestStatus* status = &aStatus; |
|
417 User::RequestComplete(status, KErrNone); |
|
418 } |
|
419 |
|
420 void CHardwareKeyStoreClient::CancelRelock() |
|
421 { |
|
422 // No point cancelling, not asynchronous |
|
423 } |
|
424 |
|
425 |
|
426 void CHardwareKeyStoreClient::Open( const TCTTokenObjectHandle& aHandle, |
|
427 CryptoSpi::CSigner*& aSigner, |
|
428 TRequestStatus& aStatus ) |
|
429 { |
|
430 iClientStatus = &aStatus; |
|
431 iStatus = KRequestPending; |
|
432 *iClientStatus = KRequestPending; |
|
433 iClientBuffer.iSigner = &aSigner; |
|
434 iHandle = aHandle; |
|
435 TRequestStatus* status = &iStatus; |
|
436 SetActive(); |
|
437 iState = ECreateSigner; |
|
438 User::RequestComplete(status, KErrNone); |
|
439 } |
|
440 |
|
441 void CHardwareKeyStoreClient::Open( const TCTTokenObjectHandle& aHandle, |
|
442 CryptoSpi::CAsymmetricCipher*& aAsymmetricCipher, |
|
443 TRequestStatus& aStatus ) |
|
444 { |
|
445 iClientStatus = &aStatus; |
|
446 iStatus = KRequestPending; |
|
447 *iClientStatus = KRequestPending; |
|
448 iClientBuffer.iAsymmetricCipher = &aAsymmetricCipher; |
|
449 iHandle = aHandle; |
|
450 TRequestStatus* status = &iStatus; |
|
451 SetActive(); |
|
452 iState = ECreateAsymmetricCipher; |
|
453 User::RequestComplete(status, KErrNone); |
|
454 } |
|
455 |
|
456 |
|
457 void CHardwareKeyStoreClient::Decrypt( const TCTTokenObjectHandle& aHandle, |
|
458 const TDesC8& aCiphertext, |
|
459 HBufC8*& aPlaintextPtr, |
|
460 TRequestStatus& aStatus ) |
|
461 { |
|
462 iClientStatus = &aStatus; |
|
463 iStatus = KRequestPending; |
|
464 *iClientStatus = KRequestPending; |
|
465 iHandle = aHandle; |
|
466 iPtr = &aCiphertext; |
|
467 iClientBuffer.decryptedText = &aPlaintextPtr; |
|
468 TRequestStatus* status = &iStatus; |
|
469 SetActive(); |
|
470 iState = EDecryptInHardware; |
|
471 User::RequestComplete(status, KErrNone); |
|
472 } |
|
473 |
|
474 void CHardwareKeyStoreClient::Sign( const TCTTokenObjectHandle& aHandle, |
|
475 const TDesC8& aPlaintext, |
|
476 CryptoSpi::CCryptoParams*& aSignature, |
|
477 TRequestStatus& aStatus ) |
|
478 { |
|
479 iClientStatus = &aStatus; |
|
480 iStatus = KRequestPending; |
|
481 *iClientStatus = KRequestPending; |
|
482 iHandle = aHandle; |
|
483 iPtr = &aPlaintext; |
|
484 iClientBuffer.iSignature = aSignature; |
|
485 TRequestStatus* status = &iStatus; |
|
486 SetActive(); |
|
487 iState = ESignInHardware; |
|
488 User::RequestComplete(status, KErrNone); |
|
489 } |
|
490 |
|
491 |
|
492 void CHardwareKeyStoreClient::ImportKey( TPtr /* aLabel */, |
|
493 TPtr8 /* aPrivateKey */, TPtr8 /* aPublicKey */ , |
|
494 TRequestStatus& aStatus) |
|
495 { |
|
496 TRequestStatus* status = &aStatus; |
|
497 User::RequestComplete(status, KErrNone); |
|
498 } |
|
499 |
|
500 |
|
501 |
|
502 |
|
503 |