--- a/cryptomgmtlibs/cryptotokenfw/inc_interfaces/MCTKeyStore_v2.h Tue Jul 21 01:04:32 2009 +0100
+++ b/cryptomgmtlibs/cryptotokenfw/inc_interfaces/MCTKeyStore_v2.h Thu Sep 10 14:01:51 2009 +0300
@@ -1,411 +1,402 @@
-/*
-* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
-* All rights reserved.
-* This component and the accompanying materials are made available
-* under the terms of the License "Eclipse Public License v1.0"
-* which accompanies this distribution, and is available
-* at the URL "http://www.eclipse.org/legal/epl-v10.html".
-*
-* Initial Contributors:
-* Nokia Corporation - initial contribution.
-*
-* Contributors:
-*
-* Description:
-* MCTKeystore.h
-*
-*/
-
-
-
-
-/**
- @file
- @internalTechnology
-*/
-
-#ifndef __MCTKEYSTORE_H__
-#define __MCTKEYSTORE_H__
-
-#include <securitydefs.h>
-#include <mkeystore.h>
-#include <s32file.h>
-
-class MCTAuthenticationObject;
-
-/** The UID of the filekey store */
-const TInt KTokenTypeFileKeystore = 0x101F7333;
-
-/** The UID of a key store interface */
-const TInt KInterfaceKeyStore = 0x101F7334;
-
-/** The type ID of CCTKeyInfo objects */
-const TUid KKeyInfoUID = {0x101F5152};
-const TUid KRSARepudiableSignerUID = {0x101F7A3C};
-const TUid KDSARepudiableSignerUID = {0x101F7A3D};
-const TUid KPrivateDecryptorUID = {0x101F7A3E};
-const TUid KKeyAgreementUID = {0x101F7A3F};
-const TUid KNonRepudiationSignerUID = {0x101F7A40};
-const TUid KKeyStoreAuthObjectUID = {0x101FE681};
-
-/**
- * Defines the interface for a read-only key store token.
- *
- * All the details are defined in MKeyStore as they are shared by the unified
- * key store.
- *
- * The class adds no extra member functions or data.
- *
- * @publishedPartner
- * @released
- */
-class MCTKeyStore : public MCTTokenInterface, public MKeyStore
- {
- };
-
-/**
- * Base class for CCTKeyInfo.
- *
- * @publishedPartner
- * @released
- */
-class CKeyInfoBase : protected CBase
- {
-public:
-
- /** Key algorithms. */
- enum EKeyAlgorithm
- {
- EInvalidAlgorithm = 0,
- ERSA = 1,
- EDSA = 2,
- EDH = 3
- };
-
- /** Flags for key access bitfield. */
- enum EKeyAccess
- {
- EInvalidAccess = 0x00,
- ESensitive = 0x01,
- EExtractable = 0x02,
- EAlwaysSensitive = 0x04,
- ENeverExtractable = 0x08,
- ELocal = 0x10
- };
-
-public:
-
- inline TKeyIdentifier ID() const; ///< The ID (SHA-1 hash) of the key
- inline TKeyUsagePKCS15 Usage() const; ///< The key usage
- inline TUint Size() const; ///< The size of the key
- inline const TDesC& Label() const; ///< The key's label.
- inline const TSecurityPolicy& UsePolicy() const; ///< The security policy for key use
- inline const TSecurityPolicy& ManagementPolicy() const; ///< The security policy for key management
- inline EKeyAlgorithm Algorithm() const; ///< The key algorithm
-
- /**
- * The key access type. The return code is bitfield made up of 0 or more
- * values from EKeyAccess ORed together.
- */
- inline TInt AccessType() const;
-
- /**
- * Returns whether the key is native.
- *
- * A native key is one where operations on the key are performed on the same
- * hardware as the the key is stored. For instance, if a key that is stored
- * on secure hardware but calculations are carried out on the main
- * processor, it isn't native.
- */
- inline TBool Native() const;
-
- inline TTime StartDate() const; ///< The start time, or TTime(0) if not set
- inline TTime EndDate() const; ///< The end time, or TTime(0) if not set
- inline const TDesC8& PKCS8AttributeSet() const; ///< The PKCS#8 attribute set.
-
- /**
- * Externalizes the key data to stream
- */
- IMPORT_C void ExternalizeL(RWriteStream& aStream) const;
-
-public:
-
- /**
- * Get the handle of the key. This is a identifier that uniquely identifies
- * the key within one store, and is used to construct the token handle.
- */
- inline TInt HandleID() const;
-
- /**
- * Set the handle of the key. Called by the token when a key is created.
- *
- * @param aHandle The new handle of the key
- */
- inline void SetHandle(TInt aHandle);
-
- /**
- * Called by the token when a key is created, to set the key identifier
- * (SHA-1 hash) of the new key
- *
- * @param aId The newly generated SHA-1 hash
- */
- inline void SetIdentifier(TKeyIdentifier aId);
-
- /**
- * Set the size of a key.
- */
- inline void SetSize(TUint aSize);
-
- /**
- * Set the key algorithm.
- */
- inline void SetAlgorithm(EKeyAlgorithm aAlg);
-
-protected:
-
- /**
- * Protected constructor, called by derived classes.
- */
- IMPORT_C CKeyInfoBase(TKeyIdentifier aID,
- TKeyUsagePKCS15 aUsage,
- TUint aSize,
- HBufC* aLabel,
- TInt aHandle,
- const TSecurityPolicy& aUsePolicy,
- const TSecurityPolicy& aManagementPolicy,
- EKeyAlgorithm aAlgorithm,
- TInt aAccessType,
- TBool aNative,
- TTime aStartDate,
- TTime aEndDate,
- HBufC8* aPKCS8AttributeSet);
-
- /**
- * Protected constructor, called by derived classes.
- */
- IMPORT_C CKeyInfoBase();
-
- /**
- * Second phase constructor. Called by derived classes' NewL methods.
- */
- IMPORT_C void ConstructL();
-
- /**
- * Second phase constructor. Called by derived classes' NewL methods.
- */
- IMPORT_C void ConstructL(RReadStream& aIn);
-
- /**
- * Destructor is protected so CCTKeyInfo can force users to call Release.
- */
- IMPORT_C ~CKeyInfoBase();
-
-private:
-
- /**
- * Internalizes key data from a stream.
- */
- void InternalizeL(RReadStream& aStream);
-
-protected:
- TKeyIdentifier iID; ///< The ID of the key
- TKeyUsagePKCS15 iUsage; ///< The usage of the key
- TUint iSize; ///< The size of the key
- HBufC* iLabel; ///< The identifying label of the key
- TInt iHandle; ///< The handle of the key
- TSecurityPolicy iUsePolicy; ///< The secutity policy for key use
- TSecurityPolicy iManagementPolicy; ///< The secutity policy for key management
- EKeyAlgorithm iAlgorithm; ///< The key type (RSA, DSA etc)
- TInt iAccessType; ///< Key sensitivity
- TBool iNative; ///< Key is native (cryptographic operations are carried out on the store)
- TTime iStartDate; ///< Key Start Date
- TTime iEndDate; ///< Key end date
- HBufC8* iPKCS8AttributeSet; ///< Attributes as a DER-encoded set
- };
-
-/**
- * Information about a key, as returned by MCTKeyStore::List.
- *
- * @publishedPartner
- * @released
- */
-class CCTKeyInfo : public CKeyInfoBase, public MCTTokenObject
- {
-public:
-
- /**
- * @internalTechnology
- *
- * Creates a CCTKeyInfo from constituents. This is called by the unified
- * key store, and should not be called directly.
- *
- * @param aID The SHA1 hash of the key
- * @param aUsage The usage of the key
- * @param aSize The size of the key in bytes
- * @param aProtector A protector object if the key is protected by a PIN.
- * This may be NULL if the protector is not known.
- * @param aLabel The label of the key (takes ownership).
- * @param aToken The token the key is in
- * @param aHandle The object ID part of the object handle; an
- * integer that is unique amongst keys in this token.
- * @param aUsePolicy The security policy for key use
- * @param aManagementPolicy The security policy for key management
- * @param aAlgorithm The key algorithm (RSA, DSA or Diffie-Hellman)
- * @param aAccessType The access type of the key
- * @param aNative Defines whether the key is native
- * @param aStartDate The key validity start date
- * @param aEndDate The key validity end date
- * @param aPKCS8AttributeSet (optional) The DER encoded PKCS8 attribute set
- * (takes ownership).
- *
- * @leave KErrKeyUsage If the key usage flags are not valid or not
- * consistent with the key algorithm.
- * @leave KErrKeyValidity If the validity start and end dates are specified
- * but do not form a valid time period.
- */
- IMPORT_C static CCTKeyInfo* NewL(TKeyIdentifier aID,
- TKeyUsagePKCS15 aUsage,
- TUint aSize,
- MCTAuthenticationObject* aProtector,
- HBufC* aLabel,
- MCTToken& aToken,
- TInt aHandle,
- const TSecurityPolicy& aUsePolicy,
- const TSecurityPolicy& aManagementPolicy,
- EKeyAlgorithm aAlgorithm,
- TInt aAccessType,
- TBool aNative,
- TTime aStartDate,
- TTime aEndDate,
- HBufC8* aPKCS8AttributeSet = NULL);
-
- /**
- * Creates a new KeyInfo from a stream.
- *
- * @param aStream The stream to read the key data from
- * @param aToken The token that the key is in
- *
- * @leave KErrKeyUsage If the key usage flags are not valid or not
- * consistent with the key algorithm.
- * @leave KErrKeyValidity If the validity start and end dates are specified
- * but do not form a valid time period.
- */
- IMPORT_C static CCTKeyInfo* NewL(RReadStream& aStream, MCTToken& aToken);
-
-public:
-
- /**
- * The PIN (or other authentication object) that protects the key, or NULL
- * if not set. This object is owned by key store.
- */
- inline MCTAuthenticationObject* Protector() const;
-
- /**
- * Sets the authentication object for this key. The object's Release method
- * will be called by the destructor, allowing for refence counting of auth
- * objects to be implemented if desired.
- */
- inline void SetProtector(MCTAuthenticationObject& aProtector);
-
- /** The CT handle to this object. */
- inline operator TCTTokenObjectHandle() const;
-
-public:
-
- // from MCTTokenObject
-
- /** The label of the key */
- virtual const TDesC& Label() const;
-
- /** The token the key is in */
- virtual MCTToken& Token() const;
-
- /** Returns KKeyInfoUID to indicate this is a key info object */
- virtual TUid Type() const;
-
- /**
- * A handle for the key. This can be used to identify a key to
- * another process.
- */
- virtual TCTTokenObjectHandle Handle() const;
-
-private:
-
- CCTKeyInfo(TKeyIdentifier aID,
- TKeyUsagePKCS15 aUsage,
- TUint aSize,
- MCTAuthenticationObject* aProtector,
- HBufC* aLabel,
- MCTToken& aToken,
- TInt aHandle,
- const TSecurityPolicy& aUsePolicy,
- const TSecurityPolicy& aManagementPolicy,
- EKeyAlgorithm aAlgorithm,
- TInt aAccessType,
- TBool aNative,
- TTime aStartDate,
- TTime aEndDate,
- HBufC8* aPKCS8AttributeSet);
-
- CCTKeyInfo(MCTToken& aToken);
-
- ~CCTKeyInfo();
-
-private:
-
- /** The token the key is in*/
- MCTToken& iToken;
-
- /** The protector object of the key. This pointer is not owned by the class */
- MCTAuthenticationObject* iProtector;
-};
-
-/**
- * A filter to specify which keys should be returned from the store by
- * MCTKeyStore::List.
- *
- * @publishedPartner
- * @released
- */
-struct TCTKeyAttributeFilter
- {
- enum TPolicyFilter
- {
- EAllKeys,
- EUsableKeys,
- EManageableKeys,
- EUsableOrManageableKeys
- };
-
- /** Constructor */
- IMPORT_C TCTKeyAttributeFilter();
-
- /**
- * The hash of the key we're looking for. A zero-length descriptor means
- * 'don't care
- */
- TKeyIdentifier iKeyId;
-
- /**
- * The required usage of the key. A key must match any of the usages
- * specified. Use EAllUsages to return all usages.
- */
- TKeyUsagePKCS15 iUsage;
-
- /**
- * Filter returned keys by the operations the calling process is allowed to
- * perform on them (as determined by the security policies set on them).
- *
- * The default is EUsableKeys. Note that if this is to set to KAllKeys, all
- * keys will be returned, including those that are unusable by the calling
- * process.
- */
- TPolicyFilter iPolicyFilter;
-
- /** The algorithm. EInvalidAlgorithm indicates 'don't care */
- CCTKeyInfo::EKeyAlgorithm iKeyAlgorithm;
- };
-
-#include "mctkeystore.inl"
-
-#endif // __MCTKEYSTORE_H__
+/*
+* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+* MCTKeystore.h
+*
+*/
+
+
+/**
+ @file
+ @publishedPartner
+ @released
+*/
+
+#ifndef __MCTKEYSTORE_H__
+#define __MCTKEYSTORE_H__
+
+#include <securitydefs.h>
+#include <mkeystore.h>
+#include <s32file.h>
+
+#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
+#include <mctkeystoreuids.h>
+#endif
+
+/** The UID of the filekey store */
+const TInt KTokenTypeFileKeystore = 0x101F7333;
+
+#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
+
+/** The type ID of CCTKeyInfo objects */
+const TUid KKeyInfoUID = {0x101F5152};
+const TUid KNonRepudiationSignerUID = {0x101F7A40};
+const TUid KKeyStoreAuthObjectUID = {0x101FE681};
+
+#endif
+
+class MCTAuthenticationObject;
+
+/**
+ * Defines the interface for a read-only key store token.
+ *
+ * All the details are defined in MKeyStore as they are shared by the unified
+ * key store.
+ *
+ * The class adds no extra member functions or data.
+ *
+ */
+class MCTKeyStore : public MCTTokenInterface, public MKeyStore
+ {
+ };
+
+/**
+ * Base class for CCTKeyInfo.
+ *
+ */
+class CKeyInfoBase : protected CBase
+ {
+public:
+
+ /** Key algorithms. */
+ enum EKeyAlgorithm
+ {
+ EInvalidAlgorithm = 0,
+ ERSA = 1,
+ EDSA = 2,
+ EDH = 3
+ };
+
+ /** Flags for key access bitfield. */
+ enum EKeyAccess
+ {
+ EInvalidAccess = 0x00,
+ ESensitive = 0x01,
+ EExtractable = 0x02,
+ EAlwaysSensitive = 0x04,
+ ENeverExtractable = 0x08,
+ ELocal = 0x10
+ };
+
+public:
+
+ inline TKeyIdentifier ID() const; ///< The ID (SHA-1 hash) of the key
+ inline TKeyUsagePKCS15 Usage() const; ///< The key usage
+ inline TUint Size() const; ///< The size of the key
+ inline const TDesC& Label() const; ///< The key's label.
+ inline const TSecurityPolicy& UsePolicy() const; ///< The security policy for key use
+ inline const TSecurityPolicy& ManagementPolicy() const; ///< The security policy for key management
+ inline EKeyAlgorithm Algorithm() const; ///< The key algorithm
+
+ /**
+ * The key access type. The return code is bitfield made up of 0 or more
+ * values from EKeyAccess ORed together.
+ */
+ inline TInt AccessType() const;
+
+ /**
+ * Returns whether the key is native.
+ *
+ * A native key is one where operations on the key are performed on the same
+ * hardware as the the key is stored. For instance, if a key that is stored
+ * on secure hardware but calculations are carried out on the main
+ * processor, it isn't native.
+ */
+ inline TBool Native() const;
+
+ inline TTime StartDate() const; ///< The start time, or TTime(0) if not set
+ inline TTime EndDate() const; ///< The end time, or TTime(0) if not set
+ inline const TDesC8& PKCS8AttributeSet() const; ///< The PKCS#8 attribute set.
+
+ /**
+ * Externalizes the key data to stream
+ */
+ IMPORT_C void ExternalizeL(RWriteStream& aStream) const;
+
+public:
+
+ /**
+ * Get the handle of the key. This is a identifier that uniquely identifies
+ * the key within one store, and is used to construct the token handle.
+ */
+ inline TInt HandleID() const;
+
+ /**
+ * Set the handle of the key. Called by the token when a key is created.
+ *
+ * @param aHandle The new handle of the key
+ */
+ inline void SetHandle(TInt aHandle);
+
+ /**
+ * Called by the token when a key is created, to set the key identifier
+ * (SHA-1 hash) of the new key
+ *
+ * @param aId The newly generated SHA-1 hash
+ */
+ inline void SetIdentifier(TKeyIdentifier aId);
+
+ /**
+ * Set the size of a key.
+ */
+ inline void SetSize(TUint aSize);
+
+ /**
+ * Set the key algorithm.
+ */
+ inline void SetAlgorithm(EKeyAlgorithm aAlg);
+
+protected:
+
+ /**
+ * Protected constructor, called by derived classes.
+ */
+ IMPORT_C CKeyInfoBase(TKeyIdentifier aID,
+ TKeyUsagePKCS15 aUsage,
+ TUint aSize,
+ HBufC* aLabel,
+ TInt aHandle,
+ const TSecurityPolicy& aUsePolicy,
+ const TSecurityPolicy& aManagementPolicy,
+ EKeyAlgorithm aAlgorithm,
+ TInt aAccessType,
+ TBool aNative,
+ TTime aStartDate,
+ TTime aEndDate,
+ HBufC8* aPKCS8AttributeSet);
+
+ /**
+ * Protected constructor, called by derived classes.
+ */
+ IMPORT_C CKeyInfoBase();
+
+ /**
+ * Second phase constructor. Called by derived classes' NewL methods.
+ */
+ IMPORT_C void ConstructL();
+
+ /**
+ * Second phase constructor. Called by derived classes' NewL methods.
+ */
+ IMPORT_C void ConstructL(RReadStream& aIn);
+
+ /**
+ * Destructor is protected so CCTKeyInfo can force users to call Release.
+ */
+ IMPORT_C ~CKeyInfoBase();
+
+private:
+
+ /**
+ * Internalizes key data from a stream.
+ */
+ void InternalizeL(RReadStream& aStream);
+
+protected:
+ TKeyIdentifier iID; ///< The ID of the key
+ TKeyUsagePKCS15 iUsage; ///< The usage of the key
+ TUint iSize; ///< The size of the key
+ HBufC* iLabel; ///< The identifying label of the key
+ TInt iHandle; ///< The handle of the key
+ TSecurityPolicy iUsePolicy; ///< The secutity policy for key use
+ TSecurityPolicy iManagementPolicy; ///< The secutity policy for key management
+ EKeyAlgorithm iAlgorithm; ///< The key type (RSA, DSA etc)
+ TInt iAccessType; ///< Key sensitivity
+ TBool iNative; ///< Key is native (cryptographic operations are carried out on the store)
+ TTime iStartDate; ///< Key Start Date
+ TTime iEndDate; ///< Key end date
+ HBufC8* iPKCS8AttributeSet; ///< Attributes as a DER-encoded set
+ };
+
+/**
+ * Information about a key, as returned by MCTKeyStore::List.
+ *
+ */
+class CCTKeyInfo : public CKeyInfoBase, public MCTTokenObject
+ {
+public:
+
+ /**
+ *
+ * Creates a CCTKeyInfo from constituents. This is called by the unified
+ * key store, and should not be called directly.
+ *
+ * @param aID The SHA1 hash of the key
+ * @param aUsage The usage of the key
+ * @param aSize The size of the key in bytes
+ * @param aProtector A protector object if the key is protected by a PIN.
+ * This may be NULL if the protector is not known.
+ * @param aLabel The label of the key (takes ownership).
+ * @param aToken The token the key is in
+ * @param aHandle The object ID part of the object handle; an
+ * integer that is unique amongst keys in this token.
+ * @param aUsePolicy The security policy for key use
+ * @param aManagementPolicy The security policy for key management
+ * @param aAlgorithm The key algorithm (RSA, DSA or Diffie-Hellman)
+ * @param aAccessType The access type of the key
+ * @param aNative Defines whether the key is native
+ * @param aStartDate The key validity start date
+ * @param aEndDate The key validity end date
+ * @param aPKCS8AttributeSet (optional) The DER encoded PKCS8 attribute set
+ * (takes ownership).
+ *
+ * @leave KErrKeyUsage If the key usage flags are not valid or not
+ * consistent with the key algorithm.
+ * @leave KErrKeyValidity If the validity start and end dates are specified
+ * but do not form a valid time period.
+ */
+ IMPORT_C static CCTKeyInfo* NewL(TKeyIdentifier aID,
+ TKeyUsagePKCS15 aUsage,
+ TUint aSize,
+ MCTAuthenticationObject* aProtector,
+ HBufC* aLabel,
+ MCTToken& aToken,
+ TInt aHandle,
+ const TSecurityPolicy& aUsePolicy,
+ const TSecurityPolicy& aManagementPolicy,
+ EKeyAlgorithm aAlgorithm,
+ TInt aAccessType,
+ TBool aNative,
+ TTime aStartDate,
+ TTime aEndDate,
+ HBufC8* aPKCS8AttributeSet = NULL);
+
+ /**
+ * Creates a new KeyInfo from a stream.
+ *
+ * @param aStream The stream to read the key data from
+ * @param aToken The token that the key is in
+ *
+ * @leave KErrKeyUsage If the key usage flags are not valid or not
+ * consistent with the key algorithm.
+ * @leave KErrKeyValidity If the validity start and end dates are specified
+ * but do not form a valid time period.
+ */
+ IMPORT_C static CCTKeyInfo* NewL(RReadStream& aStream, MCTToken& aToken);
+
+public:
+
+ /**
+ * The PIN (or other authentication object) that protects the key, or NULL
+ * if not set. This object is owned by key store.
+ */
+ inline MCTAuthenticationObject* Protector() const;
+
+ /**
+ * Sets the authentication object for this key. The object's Release method
+ * will be called by the destructor, allowing for refence counting of auth
+ * objects to be implemented if desired.
+ */
+ inline void SetProtector(MCTAuthenticationObject& aProtector);
+
+ /** The CT handle to this object. */
+ inline operator TCTTokenObjectHandle() const;
+
+public:
+
+ // from MCTTokenObject
+
+ /** The label of the key */
+ virtual const TDesC& Label() const;
+
+ /** The token the key is in */
+ virtual MCTToken& Token() const;
+
+ /** Returns KKeyInfoUID to indicate this is a key info object */
+ virtual TUid Type() const;
+
+ /**
+ * A handle for the key. This can be used to identify a key to
+ * another process.
+ */
+ virtual TCTTokenObjectHandle Handle() const;
+
+private:
+
+ CCTKeyInfo(TKeyIdentifier aID,
+ TKeyUsagePKCS15 aUsage,
+ TUint aSize,
+ MCTAuthenticationObject* aProtector,
+ HBufC* aLabel,
+ MCTToken& aToken,
+ TInt aHandle,
+ const TSecurityPolicy& aUsePolicy,
+ const TSecurityPolicy& aManagementPolicy,
+ EKeyAlgorithm aAlgorithm,
+ TInt aAccessType,
+ TBool aNative,
+ TTime aStartDate,
+ TTime aEndDate,
+ HBufC8* aPKCS8AttributeSet);
+
+ CCTKeyInfo(MCTToken& aToken);
+
+ ~CCTKeyInfo();
+
+private:
+
+ /** The token the key is in*/
+ MCTToken& iToken;
+
+ /** The protector object of the key. This pointer is not owned by the class */
+ MCTAuthenticationObject* iProtector;
+};
+
+/**
+ * A filter to specify which keys should be returned from the store by
+ * MCTKeyStore::List.
+ *
+ */
+struct TCTKeyAttributeFilter
+ {
+ enum TPolicyFilter
+ {
+ EAllKeys,
+ EUsableKeys,
+ EManageableKeys,
+ EUsableOrManageableKeys
+ };
+
+ /** Constructor */
+ IMPORT_C TCTKeyAttributeFilter();
+
+ /**
+ * The hash of the key we're looking for. A zero-length descriptor means
+ * 'don't care
+ */
+ TKeyIdentifier iKeyId;
+
+ /**
+ * The required usage of the key. A key must match any of the usages
+ * specified. Use EAllUsages to return all usages.
+ */
+ TKeyUsagePKCS15 iUsage;
+
+ /**
+ * Filter returned keys by the operations the calling process is allowed to
+ * perform on them (as determined by the security policies set on them).
+ *
+ * The default is EUsableKeys. Note that if this is to set to KAllKeys, all
+ * keys will be returned, including those that are unusable by the calling
+ * process.
+ */
+ TPolicyFilter iPolicyFilter;
+
+ /** The algorithm. EInvalidAlgorithm indicates 'don't care */
+ CCTKeyInfo::EKeyAlgorithm iKeyAlgorithm;
+ };
+
+#include "mctkeystore.inl"
+
+#endif // __MCTKEYSTORE_H__