kmftypes.h revision 11973:480f5412d630
1/* 2 * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. 3 */ 4/* 5 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 6 * Use is subject to license terms. 7 */ 8 9#ifndef _KMFTYPES_H 10#define _KMFTYPES_H 11 12#include <sys/types.h> 13#include <stdlib.h> 14#include <strings.h> 15#include <pthread.h> 16 17#include <security/cryptoki.h> 18 19#ifdef __cplusplus 20extern "C" { 21#endif 22 23typedef uint32_t KMF_BOOL; 24 25#define KMF_FALSE (0) 26#define KMF_TRUE (1) 27 28/* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */ 29typedef struct _kmf_handle *KMF_HANDLE_T; 30 31/* 32 * KMF_DATA 33 * The KMF_DATA structure is used to associate a length, in bytes, with 34 * an arbitrary block of contiguous memory. 35 */ 36typedef struct kmf_data 37{ 38 size_t Length; /* in bytes */ 39 uchar_t *Data; 40} KMF_DATA; 41 42typedef struct { 43 uchar_t *val; 44 size_t len; 45} KMF_BIGINT; 46 47/* 48 * KMF_OID 49 * The object identifier (OID) structure is used to hold a unique identifier for 50 * the atomic data fields and the compound substructure that comprise the fields 51 * of a certificate or CRL. 52 */ 53typedef KMF_DATA KMF_OID; 54 55typedef struct kmf_x509_private { 56 int keystore_type; 57 int flags; /* see below */ 58 char *label; 59#define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */ 60#define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */ 61} KMF_X509_PRIVATE; 62 63/* 64 * KMF_X509_DER_CERT 65 * This structure associates packed DER certificate data. 66 * Also, it contains the private information internal used 67 * by KMF layer. 68 */ 69typedef struct 70{ 71 KMF_DATA certificate; 72 KMF_X509_PRIVATE kmf_private; 73} KMF_X509_DER_CERT; 74 75typedef int KMF_KEYSTORE_TYPE; 76#define KMF_KEYSTORE_NSS 1 77#define KMF_KEYSTORE_OPENSSL 2 78#define KMF_KEYSTORE_PK11TOKEN 3 79 80#define VALID_DEFAULT_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\ 81 (t <= KMF_KEYSTORE_PK11TOKEN)) 82 83typedef enum { 84 KMF_FORMAT_UNDEF = 0, 85 KMF_FORMAT_ASN1 = 1, /* DER */ 86 KMF_FORMAT_PEM = 2, 87 KMF_FORMAT_PKCS12 = 3, 88 KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */ 89 KMF_FORMAT_PEM_KEYPAIR = 5 90} KMF_ENCODE_FORMAT; 91 92#define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF 93 94typedef enum { 95 KMF_ALL_CERTS = 0, 96 KMF_NONEXPIRED_CERTS = 1, 97 KMF_EXPIRED_CERTS = 2 98} KMF_CERT_VALIDITY; 99 100 101typedef enum { 102 KMF_ALL_EXTNS = 0, 103 KMF_CRITICAL_EXTNS = 1, 104 KMF_NONCRITICAL_EXTNS = 2 105} KMF_FLAG_CERT_EXTN; 106 107 108typedef enum { 109 KMF_KU_SIGN_CERT = 0, 110 KMF_KU_SIGN_DATA = 1, 111 KMF_KU_ENCRYPT_DATA = 2 112} KMF_KU_PURPOSE; 113 114/* 115 * Algorithms 116 * This type defines a set of constants used to identify cryptographic 117 * algorithms. 118 * 119 * When adding new ALGID, be careful not to rearrange existing 120 * values, doing so can cause problem in the STC test suite. 121 */ 122typedef enum { 123 KMF_ALGID_NONE = 0, 124 KMF_ALGID_CUSTOM, 125 KMF_ALGID_SHA1, 126 KMF_ALGID_RSA, 127 KMF_ALGID_DSA, 128 KMF_ALGID_MD5WithRSA, 129 KMF_ALGID_MD2WithRSA, 130 KMF_ALGID_SHA1WithRSA, 131 KMF_ALGID_SHA1WithDSA, 132 133 KMF_ALGID_ECDSA, 134 135 KMF_ALGID_SHA256WithRSA, 136 KMF_ALGID_SHA384WithRSA, 137 KMF_ALGID_SHA512WithRSA, 138 139 KMF_ALGID_SHA256WithDSA, 140 141 KMF_ALGID_SHA1WithECDSA, 142 KMF_ALGID_SHA256WithECDSA, 143 KMF_ALGID_SHA384WithECDSA, 144 KMF_ALGID_SHA512WithECDSA 145} KMF_ALGORITHM_INDEX; 146 147/* 148 * Generic credential structure used by other structures below 149 * to convey authentication information to the underlying 150 * mechanisms. 151 */ 152typedef struct { 153 char *cred; 154 uint32_t credlen; 155} KMF_CREDENTIAL; 156 157typedef enum { 158 KMF_KEYALG_NONE = 0, 159 KMF_RSA = 1, 160 KMF_DSA = 2, 161 KMF_AES = 3, 162 KMF_RC4 = 4, 163 KMF_DES = 5, 164 KMF_DES3 = 6, 165 KMF_GENERIC_SECRET = 7, 166 KMF_ECDSA = 8 167}KMF_KEY_ALG; 168 169typedef enum { 170 KMF_KEYCLASS_NONE = 0, 171 KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */ 172 KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */ 173 KMF_SYMMETRIC = 3 /* symmetric key */ 174}KMF_KEY_CLASS; 175 176typedef enum { 177 KMF_CERT = 0, 178 KMF_CSR = 1, 179 KMF_CRL = 2 180}KMF_OBJECT_TYPE; 181 182typedef struct { 183 KMF_BIGINT mod; 184 KMF_BIGINT pubexp; 185 KMF_BIGINT priexp; 186 KMF_BIGINT prime1; 187 KMF_BIGINT prime2; 188 KMF_BIGINT exp1; 189 KMF_BIGINT exp2; 190 KMF_BIGINT coef; 191} KMF_RAW_RSA_KEY; 192 193typedef struct { 194 KMF_BIGINT prime; 195 KMF_BIGINT subprime; 196 KMF_BIGINT base; 197 KMF_BIGINT value; 198 KMF_BIGINT pubvalue; 199} KMF_RAW_DSA_KEY; 200 201typedef struct { 202 KMF_BIGINT keydata; 203} KMF_RAW_SYM_KEY; 204 205typedef struct { 206 KMF_BIGINT value; 207 KMF_OID params; 208} KMF_RAW_EC_KEY; 209 210typedef struct { 211 KMF_KEY_ALG keytype; 212 boolean_t sensitive; 213 boolean_t not_extractable; 214 union { 215 KMF_RAW_RSA_KEY rsa; 216 KMF_RAW_DSA_KEY dsa; 217 KMF_RAW_SYM_KEY sym; 218 KMF_RAW_EC_KEY ec; 219 }rawdata; 220 char *label; 221 KMF_DATA id; 222} KMF_RAW_KEY_DATA; 223 224typedef struct { 225 KMF_KEYSTORE_TYPE kstype; 226 KMF_KEY_ALG keyalg; 227 KMF_KEY_CLASS keyclass; 228 boolean_t israw; 229 char *keylabel; 230 void *keyp; 231} KMF_KEY_HANDLE; 232 233typedef struct { 234 KMF_KEYSTORE_TYPE kstype; 235 uint32_t errcode; 236} KMF_ERROR; 237 238/* 239 * Typenames to use with subjectAltName 240 */ 241typedef enum { 242 GENNAME_OTHERNAME = 0x00, 243 GENNAME_RFC822NAME, 244 GENNAME_DNSNAME, 245 GENNAME_X400ADDRESS, 246 GENNAME_DIRECTORYNAME, 247 GENNAME_EDIPARTYNAME, 248 GENNAME_URI, 249 GENNAME_IPADDRESS, 250 GENNAME_REGISTEREDID, 251 GENNAME_KRB5PRINC, 252 GENNAME_SCLOGON_UPN 253} KMF_GENERALNAMECHOICES; 254 255/* 256 * KMF_FIELD 257 * This structure contains the OID/value pair for any item that can be 258 * identified by an OID. 259 */ 260typedef struct 261{ 262 KMF_OID FieldOid; 263 KMF_DATA FieldValue; 264} KMF_FIELD; 265 266typedef enum { 267 KMF_OK = 0x00, 268 KMF_ERR_BAD_PARAMETER = 0x01, 269 KMF_ERR_BAD_KEY_FORMAT = 0x02, 270 KMF_ERR_BAD_ALGORITHM = 0x03, 271 KMF_ERR_MEMORY = 0x04, 272 KMF_ERR_ENCODING = 0x05, 273 KMF_ERR_PLUGIN_INIT = 0x06, 274 KMF_ERR_PLUGIN_NOTFOUND = 0x07, 275 KMF_ERR_INTERNAL = 0x0b, 276 KMF_ERR_BAD_CERT_FORMAT = 0x0c, 277 KMF_ERR_KEYGEN_FAILED = 0x0d, 278 KMF_ERR_UNINITIALIZED = 0x10, 279 KMF_ERR_ISSUER = 0x11, 280 KMF_ERR_NOT_REVOKED = 0x12, 281 KMF_ERR_CERT_NOT_FOUND = 0x13, 282 KMF_ERR_CRL_NOT_FOUND = 0x14, 283 KMF_ERR_RDN_PARSER = 0x15, 284 KMF_ERR_RDN_ATTR = 0x16, 285 KMF_ERR_SLOTNAME = 0x17, 286 KMF_ERR_EMPTY_CRL = 0x18, 287 KMF_ERR_BUFFER_SIZE = 0x19, 288 KMF_ERR_AUTH_FAILED = 0x1a, 289 KMF_ERR_TOKEN_SELECTED = 0x1b, 290 KMF_ERR_NO_TOKEN_SELECTED = 0x1c, 291 KMF_ERR_TOKEN_NOT_PRESENT = 0x1d, 292 KMF_ERR_EXTENSION_NOT_FOUND = 0x1e, 293 KMF_ERR_POLICY_ENGINE = 0x1f, 294 KMF_ERR_POLICY_DB_FORMAT = 0x20, 295 KMF_ERR_POLICY_NOT_FOUND = 0x21, 296 KMF_ERR_POLICY_DB_FILE = 0x22, 297 KMF_ERR_POLICY_NAME = 0x23, 298 KMF_ERR_OCSP_POLICY = 0x24, 299 KMF_ERR_TA_POLICY = 0x25, 300 KMF_ERR_KEY_NOT_FOUND = 0x26, 301 KMF_ERR_OPEN_FILE = 0x27, 302 KMF_ERR_OCSP_BAD_ISSUER = 0x28, 303 KMF_ERR_OCSP_BAD_CERT = 0x29, 304 KMF_ERR_OCSP_CREATE_REQUEST = 0x2a, 305 KMF_ERR_CONNECT_SERVER = 0x2b, 306 KMF_ERR_SEND_REQUEST = 0x2c, 307 KMF_ERR_OCSP_CERTID = 0x2d, 308 KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e, 309 KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f, 310 KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30, 311 KMF_ERR_OCSP_BAD_SIGNER = 0x31, 312 313 KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32, 314 KMF_ERR_OCSP_UNKNOWN_CERT = 0x33, 315 KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34, 316 KMF_ERR_BAD_HTTP_RESPONSE = 0x35, 317 KMF_ERR_RECV_RESPONSE = 0x36, 318 KMF_ERR_RECV_TIMEOUT = 0x37, 319 KMF_ERR_DUPLICATE_KEYFILE = 0x38, 320 KMF_ERR_AMBIGUOUS_PATHNAME = 0x39, 321 KMF_ERR_FUNCTION_NOT_FOUND = 0x3a, 322 KMF_ERR_PKCS12_FORMAT = 0x3b, 323 KMF_ERR_BAD_KEY_TYPE = 0x3c, 324 KMF_ERR_BAD_KEY_CLASS = 0x3d, 325 KMF_ERR_BAD_KEY_SIZE = 0x3e, 326 KMF_ERR_BAD_HEX_STRING = 0x3f, 327 KMF_ERR_KEYUSAGE = 0x40, 328 KMF_ERR_VALIDITY_PERIOD = 0x41, 329 KMF_ERR_OCSP_REVOKED = 0x42, 330 KMF_ERR_CERT_MULTIPLE_FOUND = 0x43, 331 KMF_ERR_WRITE_FILE = 0x44, 332 KMF_ERR_BAD_URI = 0x45, 333 KMF_ERR_BAD_CRLFILE = 0x46, 334 KMF_ERR_BAD_CERTFILE = 0x47, 335 KMF_ERR_GETKEYVALUE_FAILED = 0x48, 336 KMF_ERR_BAD_KEYHANDLE = 0x49, 337 KMF_ERR_BAD_OBJECT_TYPE = 0x4a, 338 KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b, 339 KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c, 340 KMF_ERR_UNINITIALIZED_TOKEN = 0x4d, 341 KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e, 342 KMF_ERR_MISSING_ERRCODE = 0x4f, 343 KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50, 344 KMF_ERR_SENSITIVE_KEY = 0x51, 345 KMF_ERR_UNEXTRACTABLE_KEY = 0x52, 346 KMF_ERR_KEY_MISMATCH = 0x53, 347 KMF_ERR_ATTR_NOT_FOUND = 0x54, 348 KMF_ERR_KMF_CONF = 0x55 349} KMF_RETURN; 350 351/* Data structures for OCSP support */ 352typedef enum { 353 OCSP_GOOD = 0, 354 OCSP_REVOKED = 1, 355 OCSP_UNKNOWN = 2 356} KMF_OCSP_CERT_STATUS; 357 358typedef enum { 359 OCSP_SUCCESS = 0, 360 OCSP_MALFORMED_REQUEST = 1, 361 OCSP_INTERNAL_ERROR = 2, 362 OCSP_TRYLATER = 3, 363 OCSP_SIGREQUIRED = 4, 364 OCSP_UNAUTHORIZED = 5 365} KMF_OCSP_RESPONSE_STATUS; 366 367typedef enum { 368 OCSP_NOSTATUS = -1, 369 OCSP_UNSPECIFIED = 0, 370 OCSP_KEYCOMPROMISE = 1, 371 OCSP_CACOMPROMISE = 2, 372 OCSP_AFFILIATIONCHANGE = 3, 373 OCSP_SUPERCEDED = 4, 374 OCSP_CESSATIONOFOPERATION = 5, 375 OCSP_CERTIFICATEHOLD = 6, 376 OCSP_REMOVEFROMCRL = 7 377} KMF_OCSP_REVOKED_STATUS; 378 379typedef enum { 380 KMF_CERT_ISSUER = 1, 381 KMF_CERT_SUBJECT, 382 KMF_CERT_VERSION, 383 KMF_CERT_SERIALNUM, 384 KMF_CERT_NOTBEFORE, 385 KMF_CERT_NOTAFTER, 386 KMF_CERT_PUBKEY_ALG, 387 KMF_CERT_SIGNATURE_ALG, 388 KMF_CERT_EMAIL, 389 KMF_CERT_PUBKEY_DATA, 390 KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD, 391 KMF_X509_EXT_CERT_POLICIES, 392 KMF_X509_EXT_SUBJ_ALTNAME, 393 KMF_X509_EXT_ISSUER_ALTNAME, 394 KMF_X509_EXT_BASIC_CONSTRAINTS, 395 KMF_X509_EXT_NAME_CONSTRAINTS, 396 KMF_X509_EXT_POLICY_CONSTRAINTS, 397 KMF_X509_EXT_EXT_KEY_USAGE, 398 KMF_X509_EXT_INHIBIT_ANY_POLICY, 399 KMF_X509_EXT_AUTH_KEY_ID, 400 KMF_X509_EXT_SUBJ_KEY_ID, 401 KMF_X509_EXT_POLICY_MAPPINGS, 402 KMF_X509_EXT_CRL_DIST_POINTS, 403 KMF_X509_EXT_FRESHEST_CRL, 404 KMF_X509_EXT_KEY_USAGE 405} KMF_PRINTABLE_ITEM; 406 407/* 408 * KMF_X509_ALGORITHM_IDENTIFIER 409 * This structure holds an object identifier naming a 410 * cryptographic algorithm and an optional set of 411 * parameters to be used as input to that algorithm. 412 */ 413typedef struct 414{ 415 KMF_OID algorithm; 416 KMF_DATA parameters; 417} KMF_X509_ALGORITHM_IDENTIFIER; 418 419/* 420 * KMF_X509_TYPE_VALUE_PAIR 421 * This structure contain an type-value pair. 422 */ 423typedef struct 424{ 425 KMF_OID type; 426 uint8_t valueType; /* The Tag to use when BER encoded */ 427 KMF_DATA value; 428} KMF_X509_TYPE_VALUE_PAIR; 429 430 431/* 432 * KMF_X509_RDN 433 * This structure contains a Relative Distinguished Name 434 * composed of an ordered set of type-value pairs. 435 */ 436typedef struct 437{ 438 uint32_t numberOfPairs; 439 KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue; 440} KMF_X509_RDN; 441 442/* 443 * KMF_X509_NAME 444 * This structure contains a set of Relative Distinguished Names. 445 */ 446typedef struct 447{ 448 uint32_t numberOfRDNs; 449 KMF_X509_RDN *RelativeDistinguishedName; 450} KMF_X509_NAME; 451 452/* 453 * KMF_X509_SPKI 454 * This structure contains the public key and the 455 * description of the verification algorithm 456 * appropriate for use with this key. 457 */ 458typedef struct 459{ 460 KMF_X509_ALGORITHM_IDENTIFIER algorithm; 461 KMF_DATA subjectPublicKey; 462} KMF_X509_SPKI; 463 464/* 465 * KMF_X509_TIME 466 * Time is represented as a string according to the 467 * definitions of GeneralizedTime and UTCTime 468 * defined in RFC 2459. 469 */ 470typedef struct 471{ 472 uint8_t timeType; 473 KMF_DATA time; 474} KMF_X509_TIME; 475 476/* 477 * KMF_X509_VALIDITY 478 */ 479typedef struct 480{ 481 KMF_X509_TIME notBefore; 482 KMF_X509_TIME notAfter; 483} KMF_X509_VALIDITY; 484 485/* 486 * KMF_X509EXT_BASICCONSTRAINTS 487 */ 488typedef struct 489{ 490 KMF_BOOL cA; 491 KMF_BOOL pathLenConstraintPresent; 492 uint32_t pathLenConstraint; 493} KMF_X509EXT_BASICCONSTRAINTS; 494 495/* 496 * KMF_X509EXT_DATA_FORMAT 497 * This list defines the valid formats for a certificate extension. 498 */ 499typedef enum 500{ 501 KMF_X509_DATAFORMAT_ENCODED = 0, 502 KMF_X509_DATAFORMAT_PARSED, 503 KMF_X509_DATAFORMAT_PAIR 504} KMF_X509EXT_DATA_FORMAT; 505 506 507/* 508 * KMF_X509EXT_TAGandVALUE 509 * This structure contains a BER/DER encoded 510 * extension value and the type of that value. 511 */ 512typedef struct 513{ 514 uint8_t type; 515 KMF_DATA value; 516} KMF_X509EXT_TAGandVALUE; 517 518 519/* 520 * KMF_X509EXT_PAIR 521 * This structure aggregates two extension representations: 522 * a tag and value, and a parsed X509 extension representation. 523 */ 524typedef struct 525{ 526 KMF_X509EXT_TAGandVALUE tagAndValue; 527 void *parsedValue; 528} KMF_X509EXT_PAIR; 529 530/* 531 * KMF_X509_EXTENSION 532 * This structure contains a complete certificate extension. 533 */ 534typedef struct 535{ 536 KMF_OID extnId; 537 KMF_BOOL critical; 538 KMF_X509EXT_DATA_FORMAT format; 539 union 540 { 541 KMF_X509EXT_TAGandVALUE *tagAndValue; 542 void *parsedValue; 543 KMF_X509EXT_PAIR *valuePair; 544 } value; 545 KMF_DATA BERvalue; 546} KMF_X509_EXTENSION; 547 548 549/* 550 * KMF_X509_EXTENSIONS 551 * This structure contains the set of all certificate 552 * extensions contained in a certificate. 553 */ 554typedef struct 555{ 556 uint32_t numberOfExtensions; 557 KMF_X509_EXTENSION *extensions; 558} KMF_X509_EXTENSIONS; 559 560/* 561 * KMF_X509_TBS_CERT 562 * This structure contains a complete X.509 certificate. 563 */ 564typedef struct 565{ 566 KMF_DATA version; 567 KMF_BIGINT serialNumber; 568 KMF_X509_ALGORITHM_IDENTIFIER signature; 569 KMF_X509_NAME issuer; 570 KMF_X509_VALIDITY validity; 571 KMF_X509_NAME subject; 572 KMF_X509_SPKI subjectPublicKeyInfo; 573 KMF_DATA issuerUniqueIdentifier; 574 KMF_DATA subjectUniqueIdentifier; 575 KMF_X509_EXTENSIONS extensions; 576} KMF_X509_TBS_CERT; 577 578/* 579 * KMF_X509_SIGNATURE 580 * This structure contains a cryptographic digital signature. 581 */ 582typedef struct 583{ 584 KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; 585 KMF_DATA encrypted; 586} KMF_X509_SIGNATURE; 587 588/* 589 * KMF_X509_CERTIFICATE 590 * This structure associates a set of decoded certificate 591 * values with the signature covering those values. 592 */ 593typedef struct 594{ 595 KMF_X509_TBS_CERT certificate; 596 KMF_X509_SIGNATURE signature; 597} KMF_X509_CERTIFICATE; 598 599#define CERT_ALG_OID(c) &c->certificate.signature.algorithm 600#define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm 601 602/* 603 * KMF_TBS_CSR 604 * This structure contains a complete PKCS#10 certificate request 605 */ 606typedef struct 607{ 608 KMF_DATA version; 609 KMF_X509_NAME subject; 610 KMF_X509_SPKI subjectPublicKeyInfo; 611 KMF_X509_EXTENSIONS extensions; 612} KMF_TBS_CSR; 613 614/* 615 * KMF_CSR_DATA 616 * This structure contains a complete PKCS#10 certificate signed request 617 */ 618typedef struct 619{ 620 KMF_TBS_CSR csr; 621 KMF_X509_SIGNATURE signature; 622} KMF_CSR_DATA; 623 624/* 625 * KMF_X509EXT_POLICYQUALIFIERINFO 626 */ 627typedef struct 628{ 629 KMF_OID policyQualifierId; 630 KMF_DATA value; 631} KMF_X509EXT_POLICYQUALIFIERINFO; 632 633/* 634 * KMF_X509EXT_POLICYQUALIFIERS 635 */ 636typedef struct 637{ 638 uint32_t numberOfPolicyQualifiers; 639 KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier; 640} KMF_X509EXT_POLICYQUALIFIERS; 641 642/* 643 * KMF_X509EXT_POLICYINFO 644 */ 645typedef struct 646{ 647 KMF_OID policyIdentifier; 648 KMF_X509EXT_POLICYQUALIFIERS policyQualifiers; 649} KMF_X509EXT_POLICYINFO; 650 651typedef struct 652{ 653 uint32_t numberOfPolicyInfo; 654 KMF_X509EXT_POLICYINFO *policyInfo; 655} KMF_X509EXT_CERT_POLICIES; 656 657typedef struct 658{ 659 uchar_t critical; 660 uint16_t KeyUsageBits; 661} KMF_X509EXT_KEY_USAGE; 662 663typedef struct 664{ 665 uchar_t critical; 666 uint16_t nEKUs; 667 KMF_OID *keyPurposeIdList; 668} KMF_X509EXT_EKU; 669 670 671/* 672 * X509 AuthorityInfoAccess extension 673 */ 674typedef struct 675{ 676 KMF_OID AccessMethod; 677 KMF_DATA AccessLocation; 678} KMF_X509EXT_ACCESSDESC; 679 680typedef struct 681{ 682 uint32_t numberOfAccessDescription; 683 KMF_X509EXT_ACCESSDESC *AccessDesc; 684} KMF_X509EXT_AUTHINFOACCESS; 685 686 687/* 688 * X509 Crl Distribution Point extension 689 */ 690typedef struct { 691 KMF_GENERALNAMECHOICES choice; 692 KMF_DATA name; 693} KMF_GENERALNAME; 694 695typedef struct { 696 uint32_t number; 697 KMF_GENERALNAME *namelist; 698} KMF_GENERALNAMES; 699 700typedef enum { 701 DP_GENERAL_NAME = 1, 702 DP_RELATIVE_NAME = 2 703} KMF_CRL_DIST_POINT_TYPE; 704 705typedef struct { 706 KMF_CRL_DIST_POINT_TYPE type; 707 union { 708 KMF_GENERALNAMES full_name; 709 KMF_DATA relative_name; 710 } name; 711 KMF_DATA reasons; 712 KMF_GENERALNAMES crl_issuer; 713} KMF_CRL_DIST_POINT; 714 715typedef struct { 716 uint32_t number; 717 KMF_CRL_DIST_POINT *dplist; 718} KMF_X509EXT_CRLDISTPOINTS; 719 720typedef enum { 721 KMF_DATA_ATTR, 722 KMF_OID_ATTR, 723 KMF_BIGINT_ATTR, 724 KMF_X509_DER_CERT_ATTR, 725 KMF_KEYSTORE_TYPE_ATTR, 726 KMF_ENCODE_FORMAT_ATTR, 727 KMF_CERT_VALIDITY_ATTR, 728 KMF_KU_PURPOSE_ATTR, 729 KMF_ALGORITHM_INDEX_ATTR, 730 KMF_TOKEN_LABEL_ATTR, 731 KMF_READONLY_ATTR, 732 KMF_DIRPATH_ATTR, 733 KMF_CERTPREFIX_ATTR, 734 KMF_KEYPREFIX_ATTR, 735 KMF_SECMODNAME_ATTR, 736 KMF_CREDENTIAL_ATTR, 737 KMF_TRUSTFLAG_ATTR, 738 KMF_CRL_FILENAME_ATTR, 739 KMF_CRL_CHECK_ATTR, 740 KMF_CRL_DATA_ATTR, 741 KMF_CRL_SUBJECT_ATTR, 742 KMF_CRL_ISSUER_ATTR, 743 KMF_CRL_NAMELIST_ATTR, 744 KMF_CRL_COUNT_ATTR, 745 KMF_CRL_OUTFILE_ATTR, 746 KMF_CERT_LABEL_ATTR, 747 KMF_SUBJECT_NAME_ATTR, 748 KMF_ISSUER_NAME_ATTR, 749 KMF_CERT_FILENAME_ATTR, 750 KMF_KEY_FILENAME_ATTR, 751 KMF_OUTPUT_FILENAME_ATTR, 752 KMF_IDSTR_ATTR, 753 KMF_CERT_DATA_ATTR, 754 KMF_OCSP_RESPONSE_DATA_ATTR, 755 KMF_OCSP_RESPONSE_STATUS_ATTR, 756 KMF_OCSP_RESPONSE_REASON_ATTR, 757 KMF_OCSP_RESPONSE_CERT_STATUS_ATTR, 758 KMF_OCSP_REQUEST_FILENAME_ATTR, 759 KMF_KEYALG_ATTR, 760 KMF_KEYCLASS_ATTR, 761 KMF_KEYLABEL_ATTR, 762 KMF_KEYLENGTH_ATTR, 763 KMF_RSAEXP_ATTR, 764 KMF_TACERT_DATA_ATTR, 765 KMF_SLOT_ID_ATTR, 766 KMF_PK12CRED_ATTR, 767 KMF_ISSUER_CERT_DATA_ATTR, 768 KMF_USER_CERT_DATA_ATTR, 769 KMF_SIGNER_CERT_DATA_ATTR, 770 KMF_IGNORE_RESPONSE_SIGN_ATTR, 771 KMF_RESPONSE_LIFETIME_ATTR, 772 KMF_KEY_HANDLE_ATTR, 773 KMF_PRIVKEY_HANDLE_ATTR, 774 KMF_PUBKEY_HANDLE_ATTR, 775 KMF_ERROR_ATTR, 776 KMF_X509_NAME_ATTR, 777 KMF_X509_SPKI_ATTR, 778 KMF_X509_CERTIFICATE_ATTR, 779 KMF_RAW_KEY_ATTR, 780 KMF_CSR_DATA_ATTR, 781 KMF_GENERALNAMECHOICES_ATTR, 782 KMF_STOREKEY_BOOL_ATTR, 783 KMF_SENSITIVE_BOOL_ATTR, 784 KMF_NON_EXTRACTABLE_BOOL_ATTR, 785 KMF_TOKEN_BOOL_ATTR, 786 KMF_PRIVATE_BOOL_ATTR, 787 KMF_NEWPIN_ATTR, 788 KMF_IN_SIGN_ATTR, 789 KMF_OUT_DATA_ATTR, 790 KMF_COUNT_ATTR, 791 KMF_DESTROY_BOOL_ATTR, 792 KMF_TBS_CERT_DATA_ATTR, 793 KMF_PLAINTEXT_DATA_ATTR, 794 KMF_CIPHERTEXT_DATA_ATTR, 795 KMF_VALIDATE_RESULT_ATTR, 796 KMF_KEY_DATA_ATTR, 797 KMF_PK11_USER_TYPE_ATTR, 798 KMF_ECC_CURVE_OID_ATTR 799} KMF_ATTR_TYPE; 800 801typedef struct { 802 KMF_ATTR_TYPE type; 803 void *pValue; 804 uint32_t valueLen; 805} KMF_ATTRIBUTE; 806 807/* 808 * Definitions for common X.509v3 certificate attribute OIDs 809 */ 810#define OID_ISO_MEMBER 42 /* Also in PKCS */ 811#define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */ 812#define OID_CA OID_ISO_MEMBER, 124 813 814#define OID_ISO_IDENTIFIED_ORG 43 815#define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 816#define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 817#define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 818#define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */ 819 820#define OID_ISO_CCITT_DIR_SERVICE 85 821#define OID_ISO_CCITT_COUNTRY 96 822#define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72 823#define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124 824#define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1 825#define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2 826#define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3 827 828/* From the PKCS Standards */ 829#define OID_ISO_MEMBER_LENGTH 1 830#define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2) 831 832#define OID_RSA OID_US, 134, 247, 13 833#define OID_RSA_LENGTH (OID_US_LENGTH + 3) 834 835#define OID_RSA_HASH OID_RSA, 2 836#define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1) 837 838#define OID_RSA_ENCRYPT OID_RSA, 3 839#define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1) 840 841#define OID_PKCS OID_RSA, 1 842#define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1) 843 844#define OID_PKCS_1 OID_PKCS, 1 845#define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1) 846 847#define OID_PKCS_2 OID_PKCS, 2 848#define OID_PKCS_3 OID_PKCS, 3 849#define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1) 850 851#define OID_PKCS_4 OID_PKCS, 4 852#define OID_PKCS_5 OID_PKCS, 5 853#define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1) 854#define OID_PKCS_6 OID_PKCS, 6 855#define OID_PKCS_7 OID_PKCS, 7 856#define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1) 857 858#define OID_PKCS_7_Data OID_PKCS_7, 1 859#define OID_PKCS_7_SignedData OID_PKCS_7, 2 860#define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3 861#define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4 862#define OID_PKCS_7_DigestedData OID_PKCS_7, 5 863#define OID_PKCS_7_EncryptedData OID_PKCS_7, 6 864 865#define OID_PKCS_8 OID_PKCS, 8 866#define OID_PKCS_9 OID_PKCS, 9 867#define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1) 868 869#define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3 870#define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4 871#define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5 872#define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6 873#define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14 874 875#define OID_PKCS_10 OID_PKCS, 10 876 877#define OID_PKCS_12 OID_PKCS, 12 878#define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1) 879 880#define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1 881#define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2 882#define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3 883#define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4 884#define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5 885#define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6 886 887#define OID_BAG_TYPES OID_PKCS_12, 10, 1 888#define OID_KeyBag OID_BAG_TYPES, 1 889#define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2 890#define OID_CertBag OID_BAG_TYPES, 3 891#define OID_CrlBag OID_BAG_TYPES, 4 892#define OID_SecretBag OID_BAG_TYPES, 5 893#define OID_SafeContentsBag OID_BAG_TYPES, 6 894 895#define OID_ContentInfo OID_PKCS_7, 0, 1 896 897#define OID_CERT_TYPES OID_PKCS_9, 22 898#define OID_x509Certificate OID_CERT_TYPES, 1 899#define OID_sdsiCertificate OID_CERT_TYPES, 2 900 901#define OID_CRL_TYPES OID_PKCS_9, 23 902#define OID_x509Crl OID_CRL_TYPES, 1 903 904#define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */ 905#define OID_DS_LENGTH 1 906 907#define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */ 908#define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1) 909 910#define OID_DSALG OID_DS, 8 /* Also in X.501 */ 911#define OID_DSALG_LENGTH (OID_DS_LENGTH + 1) 912 913#define OID_EXTENSION OID_DS, 29 /* Also in X.501 */ 914#define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1) 915 916/* 917 * From RFC 1274: 918 * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) } 919 */ 920#define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 921#define OID_PILOT_LENGTH 9 922 923#define OID_USERID OID_PILOT 1 924#define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1) 925 926/* 927 * From PKIX part1 928 * { iso(1) identified-organization(3) dod(6) internet(1) 929 * security(5) mechanisms(5) pkix(7) } 930 */ 931#define OID_PKIX 43, 6, 1, 5, 5, 7 932#define OID_PKIX_LENGTH 6 933 934/* private certificate extensions, { id-pkix 1 } */ 935#define OID_PKIX_PE OID_PKIX, 1 936#define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1) 937 938/* policy qualifier types {id-pkix 2 } */ 939#define OID_PKIX_QT OID_PKIX, 2 940#define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1) 941 942/* CPS qualifier, { id-qt 1 } */ 943#define OID_PKIX_QT_CPS OID_PKIX_QT, 1 944#define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1) 945/* user notice qualifier, { id-qt 2 } */ 946#define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2 947#define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1) 948 949/* extended key purpose OIDs {id-pkix 3 } */ 950#define OID_PKIX_KP OID_PKIX, 3 951#define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1) 952 953/* access descriptors {id-pkix 4 } */ 954#define OID_PKIX_AD OID_PKIX, 48 955#define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1) 956 957/* access descriptors */ 958/* OCSP */ 959#define OID_PKIX_AD_OCSP OID_PKIX_AD, 1 960#define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1) 961 962/* cAIssuers */ 963#define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2 964#define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1) 965 966/* end PKIX part1 */ 967 968/* 969 * From RFC4556 (PKINIT) 970 * 971 * pkinit = { iso(1) identified-organization(3) dod(6) internet(1) 972 * security(5) kerberosv5(2) pkinit(3) } 973 */ 974#define OID_KRB5_PKINIT 43, 6, 1, 5, 2, 3 975#define OID_KRB5_PKINIT_LENGTH 6 976 977#define OID_KRB5_PKINIT_KPCLIENTAUTH OID_KRB5_PKINIT, 4 978#define OID_KRB5_PKINIT_KPCLIENTAUTH_LENGTH (OID_KRB5_PKINIT_LENGTH + 1) 979 980#define OID_KRB5_PKINIT_KPKDC OID_KRB5_PKINIT, 5 981#define OID_KRB5_PKINIT_KPKDC_LENGTH (OID_KRB5_PKINIT_LENGTH + 1) 982 983#define OID_KRB5_SAN 43, 6, 1, 5, 2, 2 984#define OID_KRB5_SAN_LENGTH 6 985 986/* 987 * Microsoft OIDs: 988 * id-ms-san-sc-logon-upn = 989 * {iso(1) identified-organization(3) dod(6) internet(1) private(4) 990 * enterprise(1) microsoft(311) 20 2 3} 991 * 992 * id-ms-kp-sc-logon = 993 * {iso(1) identified-organization(3) dod(6) internet(1) private(4) 994 * enterprise(1) microsoft(311) 20 2 2} 995 */ 996#define OID_MS 43, 6, 1, 4, 1, 130, 55 997#define OID_MS_LENGTH 7 998#define OID_MS_KP_SC_LOGON OID_MS, 20, 2, 2 999#define OID_MS_KP_SC_LOGON_LENGTH (OID_MS_LENGTH + 3) 1000 1001#define OID_MS_KP_SC_LOGON_UPN OID_MS, 20, 2, 3 1002#define OID_MS_KP_SC_LOGON_UPN_LENGTH (OID_MS_LENGTH + 3) 1003 1004#define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4 1005#define OID_APPL_TCP_PROTO_LENGTH 8 1006 1007#define OID_DAP OID_DS, 3, 1 1008#define OID_DAP_LENGTH (OID_DS_LENGTH + 2) 1009 1010/* From x9.57 */ 1011#define OID_OIW_LENGTH 2 1012 1013#define OID_OIW_SECSIG OID_OIW, 3 1014#define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1) 1015 1016#define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 1017#define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1) 1018 1019#define OID_OIWDIR OID_OIW, 7, 2 1020#define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2) 1021 1022#define OID_OIWDIR_CRPT OID_OIWDIR, 1 1023 1024#define OID_OIWDIR_HASH OID_OIWDIR, 2 1025#define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1) 1026 1027#define OID_OIWDIR_SIGN OID_OIWDIR, 3 1028#define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1) 1029 1030#define OID_X9CM OID_US, 206, 56 1031#define OID_X9CM_MODULE OID_X9CM, 1 1032#define OID_X9CM_INSTRUCTION OID_X9CM, 2 1033#define OID_X9CM_ATTR OID_X9CM, 3 1034#define OID_X9CM_X9ALGORITHM OID_X9CM, 4 1035#define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1) 1036 1037#define INTEL 96, 134, 72, 1, 134, 248, 77 1038#define INTEL_LENGTH 7 1039 1040#define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 1041#define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) 1042 1043#define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 1044#define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) 1045 1046extern const KMF_OID 1047KMFOID_AliasedEntryName, 1048KMFOID_AuthorityRevocationList, 1049KMFOID_BusinessCategory, 1050KMFOID_CACertificate, 1051KMFOID_CertificateRevocationList, 1052KMFOID_ChallengePassword, 1053KMFOID_CollectiveFacsimileTelephoneNumber, 1054KMFOID_CollectiveInternationalISDNNumber, 1055KMFOID_CollectiveOrganizationName, 1056KMFOID_CollectiveOrganizationalUnitName, 1057KMFOID_CollectivePhysicalDeliveryOfficeName, 1058KMFOID_CollectivePostOfficeBox, 1059KMFOID_CollectivePostalAddress, 1060KMFOID_CollectivePostalCode, 1061KMFOID_CollectiveStateProvinceName, 1062KMFOID_CollectiveStreetAddress, 1063KMFOID_CollectiveTelephoneNumber, 1064KMFOID_CollectiveTelexNumber, 1065KMFOID_CollectiveTelexTerminalIdentifier, 1066KMFOID_CommonName, 1067KMFOID_ContentType, 1068KMFOID_CounterSignature, 1069KMFOID_CountryName, 1070KMFOID_CrossCertificatePair, 1071KMFOID_DNQualifier, 1072KMFOID_Description, 1073KMFOID_DestinationIndicator, 1074KMFOID_DistinguishedName, 1075KMFOID_EmailAddress, 1076KMFOID_EnhancedSearchGuide, 1077KMFOID_ExtendedCertificateAttributes, 1078KMFOID_ExtensionRequest, 1079KMFOID_FacsimileTelephoneNumber, 1080KMFOID_GenerationQualifier, 1081KMFOID_GivenName, 1082KMFOID_HouseIdentifier, 1083KMFOID_Initials, 1084KMFOID_InternationalISDNNumber, 1085KMFOID_KnowledgeInformation, 1086KMFOID_LocalityName, 1087KMFOID_Member, 1088KMFOID_MessageDigest, 1089KMFOID_Name, 1090KMFOID_ObjectClass, 1091KMFOID_OrganizationName, 1092KMFOID_OrganizationalUnitName, 1093KMFOID_Owner, 1094KMFOID_PhysicalDeliveryOfficeName, 1095KMFOID_PostOfficeBox, 1096KMFOID_PostalAddress, 1097KMFOID_PostalCode, 1098KMFOID_PreferredDeliveryMethod, 1099KMFOID_PresentationAddress, 1100KMFOID_ProtocolInformation, 1101KMFOID_RFC822mailbox, 1102KMFOID_RegisteredAddress, 1103KMFOID_RoleOccupant, 1104KMFOID_SearchGuide, 1105KMFOID_SeeAlso, 1106KMFOID_SerialNumber, 1107KMFOID_SigningTime, 1108KMFOID_StateProvinceName, 1109KMFOID_StreetAddress, 1110KMFOID_SupportedApplicationContext, 1111KMFOID_Surname, 1112KMFOID_TelephoneNumber, 1113KMFOID_TelexNumber, 1114KMFOID_TelexTerminalIdentifier, 1115KMFOID_Title, 1116KMFOID_UniqueIdentifier, 1117KMFOID_UniqueMember, 1118KMFOID_UnstructuredAddress, 1119KMFOID_UnstructuredName, 1120KMFOID_UserCertificate, 1121KMFOID_UserPassword, 1122KMFOID_X_121Address, 1123KMFOID_domainComponent, 1124KMFOID_userid; 1125 1126extern const KMF_OID 1127KMFOID_AuthorityKeyID, 1128KMFOID_AuthorityInfoAccess, 1129KMFOID_VerisignCertificatePolicy, 1130KMFOID_KeyUsageRestriction, 1131KMFOID_SubjectDirectoryAttributes, 1132KMFOID_SubjectKeyIdentifier, 1133KMFOID_KeyUsage, 1134KMFOID_PrivateKeyUsagePeriod, 1135KMFOID_SubjectAltName, 1136KMFOID_IssuerAltName, 1137KMFOID_BasicConstraints, 1138KMFOID_CrlNumber, 1139KMFOID_CrlReason, 1140KMFOID_HoldInstructionCode, 1141KMFOID_InvalidityDate, 1142KMFOID_DeltaCrlIndicator, 1143KMFOID_IssuingDistributionPoints, 1144KMFOID_NameConstraints, 1145KMFOID_CrlDistributionPoints, 1146KMFOID_CertificatePolicies, 1147KMFOID_PolicyMappings, 1148KMFOID_PolicyConstraints, 1149KMFOID_AuthorityKeyIdentifier, 1150KMFOID_ExtendedKeyUsage, 1151KMFOID_PkixAdOcsp, 1152KMFOID_PkixAdCaIssuers, 1153KMFOID_PKIX_PQ_CPSuri, 1154KMFOID_PKIX_PQ_Unotice, 1155KMFOID_PKIX_KP_ServerAuth, 1156KMFOID_PKIX_KP_ClientAuth, 1157KMFOID_PKIX_KP_CodeSigning, 1158KMFOID_PKIX_KP_EmailProtection, 1159KMFOID_PKIX_KP_IPSecEndSystem, 1160KMFOID_PKIX_KP_IPSecTunnel, 1161KMFOID_PKIX_KP_IPSecUser, 1162KMFOID_PKIX_KP_TimeStamping, 1163KMFOID_PKIX_KP_OCSPSigning, 1164KMFOID_SHA1, 1165KMFOID_RSA, 1166KMFOID_DSA, 1167KMFOID_MD5, 1168KMFOID_MD5WithRSA, 1169KMFOID_MD2WithRSA, 1170KMFOID_SHA1WithRSA, 1171KMFOID_SHA256WithRSA, 1172KMFOID_SHA384WithRSA, 1173KMFOID_SHA512WithRSA, 1174KMFOID_SHA1WithDSA, 1175KMFOID_X9CM_DSA, 1176KMFOID_X9CM_DSAWithSHA1; 1177 1178/* For PKINIT support */ 1179extern const KMF_OID 1180KMFOID_PKINIT_san, 1181KMFOID_PKINIT_ClientAuth, 1182KMFOID_PKINIT_Kdc, 1183KMFOID_MS_KP_SCLogon, 1184KMFOID_MS_KP_SCLogon_UPN; 1185 1186/* For ECC support */ 1187extern const KMF_OID 1188KMFOID_EC_PUBLIC_KEY, 1189KMFOID_SHA1WithECDSA, 1190KMFOID_SHA224WithECDSA, 1191KMFOID_SHA256WithECDSA, 1192KMFOID_SHA384WithECDSA, 1193KMFOID_SHA512WithECDSA, 1194KMFOID_SHA224WithDSA, 1195KMFOID_SHA256WithDSA, 1196KMFOID_SHA224, 1197KMFOID_SHA256, 1198KMFOID_SHA384, 1199KMFOID_SHA512, 1200KMFOID_ECC_secp112r1, 1201KMFOID_ECC_secp112r2, 1202KMFOID_ECC_secp128r1, 1203KMFOID_ECC_secp128r2, 1204KMFOID_ECC_secp160k1, 1205KMFOID_ECC_secp160r1, 1206KMFOID_ECC_secp160r2, 1207KMFOID_ECC_secp192k1, 1208KMFOID_ECC_secp224k1, 1209KMFOID_ECC_secp224r1, 1210KMFOID_ECC_secp256k1, 1211KMFOID_ECC_secp384r1, 1212KMFOID_ECC_secp521r1, 1213KMFOID_ECC_sect113r1, 1214KMFOID_ECC_sect113r2, 1215KMFOID_ECC_sect131r1, 1216KMFOID_ECC_sect131r2, 1217KMFOID_ECC_sect163k1, 1218KMFOID_ECC_sect163r1, 1219KMFOID_ECC_sect163r2, 1220KMFOID_ECC_sect193r1, 1221KMFOID_ECC_sect193r2, 1222KMFOID_ECC_sect233k1, 1223KMFOID_ECC_sect233r1, 1224KMFOID_ECC_sect239k1, 1225KMFOID_ECC_sect283k1, 1226KMFOID_ECC_sect283r1, 1227KMFOID_ECC_sect409k1, 1228KMFOID_ECC_sect409r1, 1229KMFOID_ECC_sect571k1, 1230KMFOID_ECC_sect571r1, 1231KMFOID_ECC_c2pnb163v1, 1232KMFOID_ECC_c2pnb163v2, 1233KMFOID_ECC_c2pnb163v3, 1234KMFOID_ECC_c2pnb176v1, 1235KMFOID_ECC_c2tnb191v1, 1236KMFOID_ECC_c2tnb191v2, 1237KMFOID_ECC_c2tnb191v3, 1238KMFOID_ECC_c2pnb208w1, 1239KMFOID_ECC_c2tnb239v1, 1240KMFOID_ECC_c2tnb239v2, 1241KMFOID_ECC_c2tnb239v3, 1242KMFOID_ECC_c2pnb272w1, 1243KMFOID_ECC_c2pnb304w1, 1244KMFOID_ECC_c2tnb359v1, 1245KMFOID_ECC_c2pnb368w1, 1246KMFOID_ECC_c2tnb431r1, 1247KMFOID_ECC_prime192v2, 1248KMFOID_ECC_prime192v3, 1249KMFOID_ECC_secp192r1, 1250KMFOID_ECC_secp256r1; 1251 1252/* 1253 * ANSI X9-62 prime192v1 is same as secp192r1 and 1254 * ANSI X9-62 prime256v1 is same as secp256r1 1255 */ 1256#define KMFOID_ANSIX962_prime192v1 KMFOID_ECC_secp192r1 1257#define KMFOID_ANSIX962_prime256v1 KMFOID_ECC_secp256r1 1258 1259/* 1260 * KMF Certificate validation codes. These may be masked together. 1261 */ 1262#define KMF_CERT_VALIDATE_OK 0x00 1263#define KMF_CERT_VALIDATE_ERR_TA 0x01 1264#define KMF_CERT_VALIDATE_ERR_USER 0x02 1265#define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04 1266#define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08 1267#define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10 1268#define KMF_CERT_VALIDATE_ERR_TIME 0x20 1269#define KMF_CERT_VALIDATE_ERR_CRL 0x40 1270#define KMF_CERT_VALIDATE_ERR_OCSP 0x80 1271#define KMF_CERT_VALIDATE_ERR_ISSUER 0x100 1272 1273/* 1274 * KMF Key Usage bitmasks 1275 */ 1276#define KMF_digitalSignature 0x8000 1277#define KMF_nonRepudiation 0x4000 1278#define KMF_keyEncipherment 0x2000 1279#define KMF_dataEncipherment 0x1000 1280#define KMF_keyAgreement 0x0800 1281#define KMF_keyCertSign 0x0400 1282#define KMF_cRLSign 0x0200 1283#define KMF_encipherOnly 0x0100 1284#define KMF_decipherOnly 0x0080 1285 1286#define KMF_KUBITMASK 0xFF80 1287 1288/* 1289 * KMF Extended KeyUsage OID definitions 1290 */ 1291#define KMF_EKU_SERVERAUTH 0x01 1292#define KMF_EKU_CLIENTAUTH 0x02 1293#define KMF_EKU_CODESIGNING 0x04 1294#define KMF_EKU_EMAIL 0x08 1295#define KMF_EKU_TIMESTAMP 0x10 1296#define KMF_EKU_OCSPSIGNING 0x20 1297 1298#ifdef __cplusplus 1299} 1300#endif 1301#endif /* _KMFTYPES_H */ 1302