|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-BCDCB147-865F-58B0-816F-5FBF0E7CCDD7" xml:lang="en"><title>CryptoSPI |
|
13 Overview</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
14 <section id="GUID-3DAB2F6F-85F6-4AD9-97D9-90B380F8077D"><title>Introduction</title> <p>CryptoSPI |
|
15 (<filepath>cryptospi.dll</filepath>) is a library introduced in Symbian^3 |
|
16 that manages the selection and loading of cryptographic algorithms. Cryptographic |
|
17 algorithms enable data to be encrypted and decrypted. The services provided |
|
18 by CryptoSPI are used by the following components: Certman (Certificate Management), |
|
19 Software Installation, Secure Communication Protocols (for example, SSL, TLS, |
|
20 IPSEC), and WTLS. </p> <p>CryptoSPI also provides a framework that allows |
|
21 licensees and partners to implement additional cryptographic algorithms as |
|
22 plug-ins to CryptoSPI. </p> <p>The benefits of CryptoSPI are: </p> <ul> |
|
23 <li id="GUID-32F02DC3-54AD-5520-AD1B-E85317BB4AFE"><p>Plug-ins can use cryptographic |
|
24 acceleration hardware, which can improve performance and reduce power consumption. |
|
25 Client applications do not need to know whether an operation is implemented |
|
26 in software or hardware. </p> </li> |
|
27 <li id="GUID-B2880123-00C8-58E7-8475-9B3D68059BF4"><p>Its architecture allows |
|
28 new algorithms or modes of operation to be added by licensees without impacting |
|
29 the existing APIs or client code. </p> </li> |
|
30 <li id="GUID-AC37BE3F-52BE-56E9-9E34-F25277F51434"><p>The legacy cryptography |
|
31 libraries (<filepath>cryptography.dll</filepath>, <filepath>hash.dll</filepath> and <filepath>random.dll</filepath>) |
|
32 have been preserved. Legacy client code can continue to use them without needing |
|
33 modification or re-compilation. This is achieved via an internal BC layer |
|
34 that routes legacy function calls to use the new SPI. </p> </li> |
|
35 <li id="GUID-2085DF2B-E97F-5B4F-B01D-84B76ED5FDE7"><p>CryptoSPI adds support |
|
36 for non-extractable keys, which may be used to protect sensitive or high-value |
|
37 content. </p> </li> |
|
38 <li id="GUID-F27670BD-8CAA-5EEA-9A82-6AB2C8741145"><p>CryptoSPI is more secure |
|
39 against malicious code than the legacy API, because it does not store any |
|
40 data, it has no server component and plugins must be located in ROM, so cannot |
|
41 be replaced or eclipsed. </p> </li> |
|
42 </ul> </section> |
|
43 <section id="GUID-5038F0E4-7FA2-4D9B-8EC0-D6670B4CCFA2"><title>Architectural |
|
44 relationships</title> <p>CryptoSPI was introduced in Symbian^3. Before Symbian^3, |
|
45 cryptographic algorithms, hash algorithms and random number generation were |
|
46 implemented by Symbian in <filepath>cryptography.dll</filepath>, <filepath>hash.dll</filepath> and <filepath>random.dll</filepath>. |
|
47 As shown in the CryptoSPI dependencies diagram, Symbian's legacy implementations |
|
48 and APIs were retained in Symbian^3, so that existing code does not need to |
|
49 be modified or recompiled. </p> <p> <filepath>softwarecrypto.dll</filepath> is |
|
50 a plug-in module implemented by Symbian that provides software-based implementations |
|
51 of all the cryptographic algorithms that were previously implemented by the |
|
52 legacy components (<filepath>cryptography.dll</filepath>, <filepath>hash.dll</filepath> and <filepath>random.dll</filepath>). |
|
53 The legacy APIs have been re-implemented internally to use the new framework |
|
54 via shim classes. <filepath>hardwarecrypto.dll</filepath> is an arbitrary |
|
55 name used in the diagram to represent a licensee-provided plug-in module. |
|
56 The plug-ins and <filepath>cryptospi.dll</filepath> have a dependency on <filepath>cryptography.dll</filepath> because |
|
57 it implements <xref href="GUID-C75726D3-E815-503D-8267-26DA27AD4787.dita">big integers</xref>. </p> <fig id="GUID-81B9B94D-07B8-512F-8553-0C98F557A21A"> |
|
58 <title> CryptoSPI dependencies</title> |
|
59 <image href="GUID-7501D3AC-16FB-58E9-B55C-2598ECCD2FFA_d0e381250_href.png" placement="inline"/> |
|
60 </fig> </section> |
|
61 <section id="GUID-BA9876DF-7166-4336-8BAC-D0B9AB051B47"><title>API summary</title> <p>The <codeph>CryptoSpi</codeph> namespace |
|
62 is defined for all CryptoSPI classes to differentiate them from the legacy |
|
63 APIs with the same names. </p> <p><b>CryptoSPI scope</b> </p> <p>CryptoSPI |
|
64 provides equivalent implementations of all algorithms supported by the legacy |
|
65 APIs, including hashing and random number generation. The following algorithms |
|
66 are implemented by Symbian in <filepath>softwarecrypto.dll</filepath> </p> <p>This |
|
67 section includes summary details of the following: </p> <ul> |
|
68 <li id="GUID-B57702C1-A525-5F77-9BB5-D6CCB4E45929"><p>cryptographic algorithms </p> </li> |
|
69 <li id="GUID-4148CBE5-77D8-5455-9A84-E6B978EF1017"><p>hash algorithms. </p> </li> |
|
70 <li><p>random number generator</p></li> |
|
71 </ul> <p><b>Cryptographic algorithms</b> </p><ul> |
|
72 <li><p><b>Symmetric ciphers</b> - The following symmetric algorithms are supported: </p><table id="GUID-EE0B2BF7-BD22-5A03-B4DB-A82D713BB52F"> |
|
73 <tgroup cols="3"><colspec colname="col0"/><colspec colname="col1"/><colspec colname="col2"/> |
|
74 <thead> |
|
75 <row> |
|
76 <entry>Symmetric algorithm</entry> |
|
77 <entry>Type</entry> |
|
78 <entry>Specified in:</entry> |
|
79 </row> |
|
80 </thead> |
|
81 <tbody> |
|
82 <row> |
|
83 <entry><p>AES (Advanced Encryption Standard) </p> </entry> |
|
84 <entry><p>Block cipher </p> </entry> |
|
85 <entry><p> <xref href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf" scope="external">FIPS-197</xref> </p> </entry> |
|
86 </row> |
|
87 <row> |
|
88 <entry><p>DES (Data Encryption Standard) </p> </entry> |
|
89 <entry><p>Block cipher </p> </entry> |
|
90 <entry><p> <xref href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf" scope="external">FIPS 46-3</xref> </p> </entry> |
|
91 </row> |
|
92 <row> |
|
93 <entry><p>3DES (Triple Data Encryption Standard) </p> </entry> |
|
94 <entry><p>Block cipher </p> </entry> |
|
95 <entry><p> <xref href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf" scope="external">FIPS 46-3</xref> </p> </entry> |
|
96 </row> |
|
97 <row> |
|
98 <entry><p>RC2-128 </p> </entry> |
|
99 <entry><p>Block cipher </p> </entry> |
|
100 <entry><p> <xref href="ftp://ftp.rfc-editor.org/in-notes/rfc2268.txt" scope="external">RFC |
|
101 2268</xref> </p> </entry> |
|
102 </row> |
|
103 <row> |
|
104 <entry><p>ARC4 ('alleged' RC4) </p> </entry> |
|
105 <entry><p>Stream cipher </p> </entry> |
|
106 <entry><p>The internet and a posting to sci.crypt in 1994. </p> </entry> |
|
107 </row> |
|
108 </tbody> |
|
109 </tgroup> |
|
110 </table> <p> <b> Note:</b> Algorithm identifiers for MISTY1, MISTY2 and Kasumi |
|
111 (A5/3) block ciphers are in the cryptography library. These identifiers allow |
|
112 clients of the cryptography library to request implementations of these algorithms |
|
113 from the symmetric cipher factory. Symbian does not provide implementations |
|
114 of these algorithms, so the default behavior is for the factory function to |
|
115 return an error indicating that there is no implementation available. </p> <p><b>Note</b>: |
|
116 Until Symbian^3, the classes implementing the symmetric and asymmetric ciphers |
|
117 were provided in <filepath>cryptography.dll</filepath>. </p></li> |
|
118 <li><p><b>Asymmetric ciphers </b> - The following asymmetric algorithms are |
|
119 supported: </p><table id="GUID-EF226280-A0A6-5CDC-A561-E2CA11D551B0"> |
|
120 <tgroup cols="3"><colspec colname="col0"/><colspec colname="col1"/><colspec colname="col2"/> |
|
121 <thead> |
|
122 <row> |
|
123 <entry>Asymmetric algorithm</entry> |
|
124 <entry>What is's used for</entry> |
|
125 <entry>Specified in:</entry> |
|
126 </row> |
|
127 </thead> |
|
128 <tbody> |
|
129 <row> |
|
130 <entry><p>RSA PKCS#1 v1.5 </p> </entry> |
|
131 <entry><p>Signing data </p> <p>Key pair generation </p> </entry> |
|
132 <entry><p> <xref href="http://www.rsasecurity.com/rsalabs/node.asp?id=2125" scope="external">PKCS#1</xref> v1.5 </p> </entry> |
|
133 </row> |
|
134 <row> |
|
135 <entry><p>DSA </p> </entry> |
|
136 <entry><p>Signing data </p> <p>Key pair generation </p> </entry> |
|
137 <entry><p> <xref href="http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf" scope="external">FIPS 186-2</xref> CR1 </p> </entry> |
|
138 </row> |
|
139 <row> |
|
140 <entry><p>Diffie Hellman </p> </entry> |
|
141 <entry><p>Key agreement </p> <p>Key pair generation </p> </entry> |
|
142 <entry><p> <xref href="http://www.rsasecurity.com/rsalabs/node.asp?id=2126" scope="external">PKCS#3</xref> </p> </entry> |
|
143 </row> |
|
144 </tbody> |
|
145 </tgroup> |
|
146 </table></li> |
|
147 <li><p><b>Hash algorithms</b> - The following hash algorithms are supported:</p><p><table id="GUID-ABBDB728-AC1E-4C93-949C-401938589A22"> |
|
148 <tgroup cols="2"><colspec colname="col1"/><colspec colname="col2"/> |
|
149 <thead> |
|
150 <row> |
|
151 <entry valign="top"><p>Hash algorithms</p></entry> |
|
152 <entry valign="top"><p>Specified in</p></entry> |
|
153 </row> |
|
154 </thead> |
|
155 <tbody> |
|
156 <row> |
|
157 <entry><p>MD2</p></entry> |
|
158 <entry><p><xref href="http://www.ietf.org/rfc/rfc1319.txt" scope="external">RFC |
|
159 1319</xref></p></entry> |
|
160 </row> |
|
161 <row> |
|
162 <entry><p>MD4</p></entry> |
|
163 <entry><p><xref href="http://www.ietf.org/rfc/rfc1320.txt" scope="external">RFC |
|
164 1320</xref></p></entry> |
|
165 </row> |
|
166 <row> |
|
167 <entry><p>MD5</p></entry> |
|
168 <entry><p><xref href="http://www.ietf.org/rfc/rfc1321.txt" scope="external">RFC |
|
169 1321</xref></p></entry> |
|
170 </row> |
|
171 <row> |
|
172 <entry><p>SHA1</p></entry> |
|
173 <entry><p><xref href="http://www.itl.nist.gov/fipspubs/fip180-1.htm" scope="external">FIPS |
|
174 180-1</xref> and <xref href="http://www.ietf.org/rfc/rfc3174.txt" scope="external">RFC |
|
175 3174</xref></p></entry> |
|
176 </row> |
|
177 <row> |
|
178 <entry><p>SHA-224</p></entry> |
|
179 <entry><p><xref href="http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf " scope="external">FIPS 180-2</xref></p></entry> |
|
180 </row> |
|
181 <row> |
|
182 <entry><p>SHA-256</p></entry> |
|
183 <entry><p><xref href="http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf " scope="external">FIPS 180-2</xref></p></entry> |
|
184 </row> |
|
185 <row> |
|
186 <entry><p>SHA-384</p></entry> |
|
187 <entry><p><xref href="http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf " scope="external">FIPS 180-2</xref></p></entry> |
|
188 </row> |
|
189 <row> |
|
190 <entry><p>SHA-512</p></entry> |
|
191 <entry><p><xref href="http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf " scope="external">FIPS 180-2</xref></p></entry> |
|
192 </row> |
|
193 </tbody> |
|
194 </tgroup> |
|
195 </table></p></li> |
|
196 <li><p><b>Hashes in HMAC mode</b></p><ul> |
|
197 <li><p>MD2</p></li> |
|
198 <li><p>MD4</p></li> |
|
199 <li><p>MD5</p></li> |
|
200 <li><p>SHA1</p></li> |
|
201 <li><p>SHA-224</p></li> |
|
202 <li><p>SHA-256</p></li> |
|
203 <li><p>SHA-384</p></li> |
|
204 <li><p>SHA-512</p></li> |
|
205 </ul><p> HMAC mode is specified in <xref href="http://www.ietf.org/rfc/rfc2104.txt" scope="external">RFC 2104</xref></p></li> |
|
206 </ul> <p><b>Instantiating algorithms</b> </p> <p>Clients request cryptographic |
|
207 algorithms using static factory functions. </p> <p>For instance, to create |
|
208 a hash algorithm, use the generic hash factory function <xref href="GUID-D2231146-4F0D-3F70-8249-C166375D78DC.dita#GUID-D2231146-4F0D-3F70-8249-C166375D78DC/GUID-2C0F6052-76A8-3E45-AF72-F567E1161212"><apiname>CryptoSpi::CHashFactory::CreateHashL()</apiname></xref>, |
|
209 specifying the UID of the required algorithm. UIDs are defined in <filepath>cryptospidef.h</filepath>, |
|
210 for instance <codeph>KMd2Uid</codeph>, <codeph>KMd5Uid</codeph>, <codeph>KSha1Uid</codeph>. |
|
211 CryptoSPI uses a <xref href="GUID-BCDCB147-865F-58B0-816F-5FBF0E7CCDD7.dita#GUID-BCDCB147-865F-58B0-816F-5FBF0E7CCDD7/GUID-15969DD8-8F8A-534D-8445-A5CC95112B63">plug-in |
|
212 selector</xref> to search for a plug-in that implements the requested algorithm. |
|
213 When a plug-in is found, CryptoSPI loads it if required, and calls the function |
|
214 defined at the relevant ordinal in the plug-in DLL, in this case <codeph>ECreateHashOrdinal</codeph>, |
|
215 to instantiate a hash object, which is returned to the caller. </p> <p><b>Operation |
|
216 and padding modes</b> </p> <p>CryptoSPI has been designed to be simpler and |
|
217 more compact than the API that it replaces. Rather than defining separate |
|
218 classes to do encryption and decryption, for instance, <codeph>C3DESEncryptor</codeph> and <codeph>C3DESDecryptor</codeph>, |
|
219 CryptoSPI implements a single, generic symmetric cipher class, <codeph>CryptoSpi::CSymmetricCipher</codeph>. |
|
220 The characteristics of the algorithm, for instance whether it does encryption |
|
221 or decryption, the operation mode for block ciphers (<codeph>KOperationModeECB</codeph>, <codeph>KOperationModeCBC</codeph> etc.), |
|
222 and the padding mode (<codeph>KPaddingModeSSLv3</codeph>, <codeph>KPaddingModePKCS7</codeph> etc.) |
|
223 are all passed by the client to the factory function as UIDs — see <xref href="GUID-5463D9D7-2DE0-3DC1-A415-910636125935.dita#GUID-5463D9D7-2DE0-3DC1-A415-910636125935/GUID-43F80501-62A9-3987-B057-852A1E80E483"><apiname>CryptoSpi::CSymmetricCipherFactory::CreateSymmetricCipherL()</apiname></xref>. </p> <p>The client can switch the algorithm between modes by setting a |
|
224 flag, see for example <xref href="GUID-699F30D8-BC52-3F83-9188-8CF86B2B0800.dita#GUID-699F30D8-BC52-3F83-9188-8CF86B2B0800/GUID-121C4AC5-0D1C-33E7-A534-A4A6AA4DF6FD"><apiname>CSymmetricCipherBase::SetCryptoModeL()</apiname></xref>, <xref href="GUID-699F30D8-BC52-3F83-9188-8CF86B2B0800.dita#GUID-699F30D8-BC52-3F83-9188-8CF86B2B0800/GUID-22633D2E-2D3A-3B30-91D2-A5A97C5274BC"><apiname>CSymmetricCipherBase::SetPaddingModeL()</apiname></xref> and <xref href="GUID-699F30D8-BC52-3F83-9188-8CF86B2B0800.dita#GUID-699F30D8-BC52-3F83-9188-8CF86B2B0800/GUID-8D992640-AFCE-3839-AD50-0543AFBE564D"><apiname>CSymmetricCipherBase::SetOperationModeL()</apiname></xref>. </p> <p><ul> |
|
225 <li><p><b>Operation modes </b></p><p>Symbian platform provides default software |
|
226 implementations of the following operation modes: </p><ul> |
|
227 <li id="GUID-A7FBAF70-5202-5958-866F-9BACB7D3E0B3"><p>ECB </p> </li> |
|
228 <li id="GUID-3C51459C-C660-5F38-AD61-3F954DFF3ECF"><p>CBC </p> </li> |
|
229 <li id="GUID-A718E6C7-59D2-5324-8EE3-764E627D7AF4"><p>CTR (counter) </p> </li> |
|
230 </ul><p>They are specified in <xref href="http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf" scope="external">NIST Special Publication 800-38A</xref>. </p></li> |
|
231 <li><p><b>Padding modes </b></p><p>Symbian platform supports the following |
|
232 padding modes: </p><ul> |
|
233 <li id="GUID-8BC577C7-6A7E-5A0F-B8C9-1D7E93CE2E80"><p>SSLv3-style padding </p> </li> |
|
234 <li id="GUID-FA955DDF-CC6C-5CB3-878F-EE319C82EC3F"><p>PKCS#7-style padding </p> </li> |
|
235 <li id="GUID-93D60F44-17F9-54DD-B947-41D63C943B3F"><p>PKCS#1 v1.5 Encryption-style |
|
236 padding </p> </li> |
|
237 <li id="GUID-EF45D638-105A-5DDB-AC22-B37CA5868D97"><p>PKCS#1 v1.5 Signature-style |
|
238 padding </p> </li> |
|
239 </ul></li> |
|
240 </ul> </p> <p><b>Asynchronous operation and cancellation</b> </p> <p>The legacy |
|
241 cryptography library only supports synchronous operations. By enabling cryptographic |
|
242 acceleration hardware, CryptoSPI supports more advanced use cases. In order |
|
243 for users to be able to cancel potentially long-running operations such as |
|
244 the decryption of high-quality audio/visual content, CryptoSPI supports both |
|
245 synchronous and asynchronous interfaces for each cryptographic operation, |
|
246 the latter providing a <codeph>Cancel()</codeph> function. </p> <p><b>Note</b>: |
|
247 Symbian's software plug-in module (<filepath>softwarecrypto.dll</filepath>) |
|
248 only implements the synchronous interfaces. </p> <p><b>Plug-ins</b> </p> <p>A |
|
249 CryptoSPI plugin DLL can implement zero, one or more algorithms, and may provide |
|
250 alternative implementations of the same algorithm. The set of plugin DLLs |
|
251 is defined in a configuration file in ROM (<filepath>Z:\resource\cryptospi\plug-ins.txt</filepath>). |
|
252 CryptoSPI will only load plugins stored in ROM (<filepath>Z:\sys\bin\</filepath>), |
|
253 so plug-in modules cannot be added by third parties after-market. </p> <p> <filepath>cryptospi.dll</filepath> and |
|
254 all plug-ins have <codeph>ALL</codeph> capabilities, which ensures that they |
|
255 can be loaded by client applications with any capabilities. </p> <p>The abstract |
|
256 base class for all cryptographic plug-ins is <xref href="GUID-48BB2346-6840-3A26-B43C-4DF70A322B17.dita#GUID-48BB2346-6840-3A26-B43C-4DF70A322B17/GUID-8390A214-1E1B-3E8F-A6C9-6030D99F532C"><apiname>CryptoSpi::MPlugin()</apiname></xref>. </p> <p>See |
|
257 also: <xref href="GUID-2DA8C6F2-93BD-5D39-9E5A-5FF8B8777CE7.dita">How to create |
|
258 a CryptoSPI plugin</xref>. </p> <p><b>UIDs and plug-in characteristics</b> </p> <p>Plug-ins |
|
259 are identified by three UIDs: </p> <ul> |
|
260 <li id="GUID-3A357C90-9E3B-5620-93E0-CF45ABD57993"><p>the interface supported, |
|
261 for instance hash (<codeph>KHashInterfaceUid</codeph>), </p> </li> |
|
262 <li id="GUID-E2FAF159-EE47-5DE6-AB03-D133D815C690"><p>the algorithm implemented, |
|
263 for instance MD2 (<codeph>KMd2Uid</codeph>), and </p> </li> |
|
264 <li id="GUID-4EB6A03E-F3C5-5577-8C68-4761C25361E8"><p>the unique implementation |
|
265 ID. </p> </li> |
|
266 </ul> <p>These three UIDs are part of the plug-in's <i>characteristics</i>. |
|
267 Plug-in characteristics are defined at compile time as constant data. They |
|
268 describe the type and capabilities of a plug-in implementation. Some characteristics |
|
269 are relevant to all plug-in types, for instance the name and UID of the algorithm |
|
270 implemented, the name of the plug-in vendor and whether the plug-in uses hardware |
|
271 acceleration. These are termed <i>common characteristics</i> and are defined |
|
272 in <xref href="GUID-48BB2346-6840-3A26-B43C-4DF70A322B17.dita#GUID-48BB2346-6840-3A26-B43C-4DF70A322B17/GUID-704C9275-4009-3E20-82F1-FBED2B29976E"><apiname>CryptoSpi::TCommonCharacteristics()</apiname></xref>. Other characteristics |
|
273 are specific to a particular interface type, for instance the modes of operation |
|
274 for a symmetric cipher. These are defined in an interface-specific characteristics |
|
275 class, for instance <xref href="GUID-48BB2346-6840-3A26-B43C-4DF70A322B17.dita#GUID-48BB2346-6840-3A26-B43C-4DF70A322B17/GUID-CC81BF89-1AA4-3779-B7DB-A01C89041965"><apiname>CryptoSpi::TSymmetricCipherCharacteristics()</apiname></xref>, |
|
276 that have a <codeph>TCommonCharacteristics</codeph> data member. Plug-in characteristics |
|
277 can be retrieved using <xref href="GUID-ED01CE2C-30E8-344F-B3C9-895FA576D33F.dita#GUID-ED01CE2C-30E8-344F-B3C9-895FA576D33F/GUID-8D93089E-1F97-376B-8CC0-08E0E34158F4"><apiname>CCryptoBase::GetCharacteristicsL()</apiname></xref>. </p> <p>Plug-ins |
|
278 may optionally also have 'extended' characteristics. These are set at runtime, |
|
279 for instance the number of concurrent operations supported by the plug-in, |
|
280 and can be retrieved using <xref href="GUID-87D367F5-0FD8-3BEE-AFB0-B48706902C99.dita#GUID-87D367F5-0FD8-3BEE-AFB0-B48706902C99/GUID-720996CA-353D-37A2-A40E-3A18EC8EF4EB"><apiname>CryptoSpi::MPlugin::GetExtendedCharacteristicsL()</apiname></xref>. </p> <p id="GUID-15969DD8-8F8A-534D-8445-A5CC95112B63"><b>Selection rules</b> </p><p>Symbian |
|
281 has implemented a plug-in selector, <xref href="GUID-48BB2346-6840-3A26-B43C-4DF70A322B17.dita#GUID-48BB2346-6840-3A26-B43C-4DF70A322B17/GUID-2E6D755A-2170-3A7A-8F89-1748CE1FEBDE"><apiname>CryptoSpi::CLegacySelector()</apiname></xref>, |
|
282 which is used both by the legacy API and by default by CryptoSPI to select |
|
283 algorithms implemented in <filepath>softwarecrypto.dll</filepath>. In other |
|
284 words, by default, CryptoSPI and the legacy API use the same algorithm implementations. |
|
285 The legacy selector works by loading DLLs one by one according to their order |
|
286 in the ROM configuration file until a suitable implementation is found. </p> <p>As |
|
287 an alternative to using the default selector, clients can specify a rule-based |
|
288 selector (<xref href="GUID-48BB2346-6840-3A26-B43C-4DF70A322B17.dita#GUID-48BB2346-6840-3A26-B43C-4DF70A322B17/GUID-DAA57D69-9E75-3333-9227-76D7B0719B7E"><apiname>CryptoSpi::CRuleSelector()</apiname></xref>). This causes CryptoSPI |
|
289 to re-generate the list of plug-ins, according to a set of selection rules. |
|
290 The API is described in <xref href="GUID-5857377F-B90D-5149-9485-5919C12B8F13.dita">How |
|
291 to use a rule-based selector</xref>. </p> <p>In general, it is recommended |
|
292 that applications should not specify selection rules unless it is critical |
|
293 to the operation of the application. The preferred approach is to use the |
|
294 plugin chosen by the default selector, which can be assumed to provide good |
|
295 performance for the most common use cases. </p> </section> |
|
296 </conbody><related-links> |
|
297 <link href="GUID-679390E8-1DE6-55F0-9A0C-60D58956A1E3.dita"><linktext>Hash (message |
|
298 digest) algorithms</linktext></link> |
|
299 <link href="GUID-0CD273A2-434C-52E0-B840-CCF24B2853B8.dita"><linktext>Generating |
|
300 random bytes</linktext></link> |
|
301 <link href="GUID-D2D17EF9-FFC6-5FBD-A992-55746A12B625.dita"><linktext>Basic encryption |
|
302 and decryption using a symmetric cipher</linktext></link> |
|
303 <link href="GUID-38C8F8B0-C259-5B03-A13E-10DBED4071F2.dita"><linktext>Signing and |
|
304 verification</linktext></link> |
|
305 <link href="GUID-5857377F-B90D-5149-9485-5919C12B8F13.dita"><linktext>How to use |
|
306 a rule-based selector</linktext></link> |
|
307 </related-links></concept> |