kmftypes.h revision 3754:79eeec53e95c
1/* 2 * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. 3 */ 4/* 5 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 6 * Use is subject to license terms. 7 */ 8 9#ifndef _KMFTYPES_H 10#define _KMFTYPES_H 11 12#pragma ident "%Z%%M% %I% %E% SMI" 13 14#include <sys/types.h> 15#include <stdlib.h> 16#include <strings.h> 17#include <pthread.h> 18 19#include <security/cryptoki.h> 20 21#ifdef __cplusplus 22extern "C" { 23#endif 24 25typedef uint32_t KMF_BOOL; 26 27#define KMF_FALSE (0) 28#define KMF_TRUE (1) 29 30/* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */ 31typedef struct _kmf_handle *KMF_HANDLE_T; 32 33/* 34 * KMF_DATA 35 * The KMF_DATA structure is used to associate a length, in bytes, with 36 * an arbitrary block of contiguous memory. 37 */ 38typedef struct kmf_data 39{ 40 size_t Length; /* in bytes */ 41 uchar_t *Data; 42} KMF_DATA; 43 44typedef struct { 45 uchar_t *val; 46 size_t len; 47} KMF_BIGINT; 48 49/* 50 * KMF_OID 51 * The object identifier (OID) structure is used to hold a unique identifier for 52 * the atomic data fields and the compound substructure that comprise the fields 53 * of a certificate or CRL. 54 */ 55typedef KMF_DATA KMF_OID; 56 57typedef struct kmf_x509_private { 58 int keystore_type; 59 int flags; /* see below */ 60 char *label; 61#define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */ 62#define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */ 63} KMF_X509_PRIVATE, KMF_X509_PRIVATE_PTR; 64 65/* 66 * KMF_X509_DER_CERT 67 * This structure associates packed DER certificate data. 68 * Also, it contains the private information internal used 69 * by KMF layer. 70 */ 71typedef struct 72{ 73 KMF_DATA certificate; 74 KMF_X509_PRIVATE kmf_private; 75} KMF_X509_DER_CERT; 76 77typedef enum { 78 KMF_KEYSTORE_NSS = 1, 79 KMF_KEYSTORE_OPENSSL = 2, 80 KMF_KEYSTORE_PK11TOKEN = 3, 81 KMF_KEYSTORE_DEFAULT /* based on configuration */ 82} KMF_KEYSTORE_TYPE; 83 84#define VALID_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\ 85 (t <= KMF_KEYSTORE_PK11TOKEN)) 86 87typedef enum { 88 KMF_FORMAT_UNDEF = 0, 89 KMF_FORMAT_ASN1 = 1, /* DER */ 90 KMF_FORMAT_PEM = 2, 91 KMF_FORMAT_PKCS12 = 3, 92 KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */ 93 KMF_FORMAT_PEM_KEYPAIR = 5 94} KMF_ENCODE_FORMAT; 95#define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF 96 97typedef enum { 98 KMF_ALL_CERTS = 0, 99 KMF_NONEXPIRED_CERTS = 1, 100 KMF_EXPIRED_CERTS = 2 101} KMF_CERT_VALIDITY; 102 103typedef enum { 104 KMF_KU_SIGN_CERT = 0, 105 KMF_KU_SIGN_DATA = 1, 106 KMF_KU_ENCRYPT_DATA = 2 107} KMF_KU_PURPOSE; 108 109/* 110 * Algorithms 111 * This type defines a set of constants used to identify cryptographic 112 * algorithms. 113 */ 114typedef enum { 115 KMF_ALGID_NONE = 0, 116 KMF_ALGID_CUSTOM, 117 KMF_ALGID_SHA1, 118 KMF_ALGID_RSA, 119 KMF_ALGID_DSA, 120 KMF_ALGID_MD5WithRSA, 121 KMF_ALGID_MD2WithRSA, 122 KMF_ALGID_SHA1WithRSA, 123 KMF_ALGID_SHA1WithDSA 124} KMF_ALGORITHM_INDEX; 125 126/* Keystore Configuration */ 127typedef struct { 128 char *configdir; 129 char *certPrefix; 130 char *keyPrefix; 131 char *secModName; 132} KMF_NSS_CONFIG; 133 134typedef struct { 135 char *label; 136 boolean_t readonly; 137} KMF_PKCS11_CONFIG; 138 139typedef struct { 140 KMF_KEYSTORE_TYPE kstype; 141 union { 142 KMF_NSS_CONFIG nss_conf; 143 KMF_PKCS11_CONFIG pkcs11_conf; 144 } ks_config_u; 145} KMF_CONFIG_PARAMS; 146 147#define nssconfig ks_config_u.nss_conf 148#define pkcs11config ks_config_u.pkcs11_conf 149 150/* 151 * Generic credential structure used by other structures below 152 * to convey authentication information to the underlying 153 * mechanisms. 154 */ 155typedef struct { 156 char *cred; 157 uint32_t credlen; 158} KMF_CREDENTIAL; 159 160typedef struct 161{ 162 char *trustflag; 163 char *slotlabel; /* "internal" by default */ 164 int issuerId; 165 int subjectId; 166 char *crlfile; /* for ImportCRL */ 167 boolean_t crl_check; /* for ImportCRL */ 168 169 /* 170 * The following 2 variables are for FindCertInCRL. The caller can 171 * either specify certLabel or provide the entire certificate in 172 * DER format as input. 173 */ 174 char *certLabel; /* for FindCertInCRL */ 175 KMF_DATA *certificate; /* for FindCertInCRL */ 176 177 /* 178 * crl_subjName and crl_issuerName are used as the CRL deletion 179 * criteria. One should be non-NULL and the other one should be NULL. 180 * If crl_subjName is not NULL, then delete CRL by the subject name. 181 * Othewise, delete by the issuer name. 182 */ 183 char *crl_subjName; 184 char *crl_issuerName; 185} KMF_NSS_PARAMS; 186 187typedef struct { 188 char *dirpath; 189 char *certfile; 190 char *crlfile; 191 char *keyfile; 192 char *outcrlfile; 193 boolean_t crl_check; /* CRL import check; default is true */ 194 KMF_ENCODE_FORMAT format; /* output file format */ 195} KMF_OPENSSL_PARAMS; 196 197typedef struct { 198 boolean_t private; /* for finding CKA_PRIVATE objects */ 199 boolean_t sensitive; 200 boolean_t not_extractable; 201 boolean_t token; /* true == token object, false == session */ 202} KMF_PKCS11_PARAMS; 203 204typedef struct { 205 KMF_KEYSTORE_TYPE kstype; 206 char *certLabel; 207 char *issuer; 208 char *subject; 209 char *idstr; 210 KMF_BIGINT *serial; 211 KMF_CERT_VALIDITY find_cert_validity; 212 213 union { 214 KMF_NSS_PARAMS nss_opts; 215 KMF_OPENSSL_PARAMS openssl_opts; 216 KMF_PKCS11_PARAMS pkcs11_opts; 217 } ks_opt_u; 218} KMF_FINDCERT_PARAMS, KMF_DELETECERT_PARAMS; 219 220typedef struct { 221 KMF_KEYSTORE_TYPE kstype; 222 KMF_DATA *certificate; 223 KMF_BIGINT *serial; 224 KMF_DATA *ocsp_response; 225 226 union { 227 KMF_NSS_PARAMS nss_opts; 228 KMF_OPENSSL_PARAMS openssl_opts; 229 KMF_PKCS11_PARAMS pkcs11_opts; 230 } ks_opt_u; 231} KMF_VALIDATECERT_PARAMS; 232 233typedef enum { 234 KMF_KEYALG_NONE = 0, 235 KMF_RSA = 1, 236 KMF_DSA = 2, 237 KMF_AES = 3, 238 KMF_RC4 = 4, 239 KMF_DES = 5, 240 KMF_DES3 = 6 241}KMF_KEY_ALG; 242 243typedef enum { 244 KMF_KEYCLASS_NONE = 0, 245 KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */ 246 KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */ 247 KMF_SYMMETRIC = 3 /* symmetric key */ 248}KMF_KEY_CLASS; 249 250typedef struct { 251 KMF_KEYSTORE_TYPE kstype; 252 KMF_CREDENTIAL cred; 253 KMF_KEY_CLASS keyclass; 254 KMF_KEY_ALG keytype; 255 KMF_ENCODE_FORMAT format; /* for key */ 256 char *findLabel; 257 char *idstr; 258 union { 259 KMF_NSS_PARAMS nss_opts; 260 KMF_OPENSSL_PARAMS openssl_opts; 261 KMF_PKCS11_PARAMS pkcs11_opts; 262 } ks_opt_u; 263} KMF_FINDKEY_PARAMS; 264 265typedef struct { 266 KMF_KEYSTORE_TYPE kstype; /* all */ 267 char *certLabel; 268 269 union { 270 KMF_NSS_PARAMS nss_opts; 271 KMF_OPENSSL_PARAMS openssl_opts; 272 } ks_opt_u; 273} KMF_STORECERT_PARAMS; 274 275typedef struct { 276 KMF_KEYSTORE_TYPE kstype; 277 KMF_CREDENTIAL cred; 278 KMF_DATA *certificate; 279 char *label; 280 union { 281 KMF_NSS_PARAMS nss_opts; 282 KMF_OPENSSL_PARAMS openssl_opts; 283 } ks_opt_u; 284} KMF_STOREKEY_PARAMS; 285 286typedef struct { 287 KMF_KEYSTORE_TYPE kstype; 288 KMF_CREDENTIAL cred; 289 union { 290 KMF_NSS_PARAMS nss_opts; 291 } ks_opt_u; 292} KMF_DELETEKEY_PARAMS; 293 294typedef struct { 295 KMF_KEYSTORE_TYPE kstype; 296 char *certfile; 297 char *certLabel; 298 299 union { 300 KMF_NSS_PARAMS nss_opts; 301 } ks_opt_u; 302} KMF_IMPORTCERT_PARAMS; 303 304typedef enum { 305 KMF_CERT = 0, 306 KMF_CSR = 1, 307 KMF_CRL = 2 308}KMF_OBJECT_TYPE; 309 310typedef struct { 311 KMF_KEYSTORE_TYPE kstype; 312 KMF_KEY_ALG keytype; 313 uint32_t keylength; 314 char *keylabel; 315 KMF_CREDENTIAL cred; 316 KMF_BIGINT rsa_exponent; 317 union { 318 KMF_NSS_PARAMS nss_opts; 319 KMF_OPENSSL_PARAMS openssl_opts; 320 }ks_opt_u; 321} KMF_CREATEKEYPAIR_PARAMS; 322 323typedef struct { 324 KMF_KEYSTORE_TYPE kstype; 325 union { 326 KMF_NSS_PARAMS nss_opts; 327 KMF_OPENSSL_PARAMS openssl_opts; 328 } ks_opt_u; 329} KMF_IMPORTCRL_PARAMS; 330 331typedef struct { 332 KMF_KEYSTORE_TYPE kstype; 333 union { 334 KMF_NSS_PARAMS nss_opts; 335 KMF_OPENSSL_PARAMS openssl_opts; 336 } ks_opt_u; 337} KMF_DELETECRL_PARAMS; 338 339typedef struct { 340 KMF_KEYSTORE_TYPE kstype; 341 union { 342 KMF_NSS_PARAMS nss_opts; 343 KMF_OPENSSL_PARAMS openssl_opts; 344 } ks_opt_u; 345} KMF_LISTCRL_PARAMS; 346 347typedef struct { 348 KMF_KEYSTORE_TYPE kstype; 349 union { 350 KMF_NSS_PARAMS nss_opts; 351 } ks_opt_u; 352} KMF_FINDCRL_PARAMS; 353 354typedef struct { 355 KMF_KEYSTORE_TYPE kstype; 356 357 union { 358 KMF_NSS_PARAMS nss_opts; 359 KMF_OPENSSL_PARAMS openssl_opts; 360 } ks_opt_u; 361} KMF_FINDCERTINCRL_PARAMS; 362 363typedef struct { 364 char *crl_name; 365 KMF_DATA *tacert; 366} KMF_VERIFYCRL_PARAMS; 367 368typedef struct { 369 KMF_KEYSTORE_TYPE kstype; 370 KMF_CREDENTIAL cred; 371 KMF_ENCODE_FORMAT format; /* for key */ 372 char *certLabel; 373 KMF_ALGORITHM_INDEX algid; 374 union { 375 KMF_NSS_PARAMS nss_opts; 376 KMF_OPENSSL_PARAMS openssl_opts; 377 }ks_opt_u; 378} KMF_CRYPTOWITHCERT_PARAMS; 379 380typedef struct { 381 char *crl_name; 382} KMF_CHECKCRLDATE_PARAMS; 383 384typedef struct { 385 CK_SLOT_ID slot; 386} pk11_setpin_opts; 387 388typedef struct { 389 KMF_KEYSTORE_TYPE kstype; 390 char *tokenname; 391 KMF_CREDENTIAL cred; /* current token PIN */ 392 union { 393 KMF_NSS_PARAMS nss_opts; 394 pk11_setpin_opts pkcs11_opts; 395 }ks_opt_u; 396} KMF_SETPIN_PARAMS; 397 398typedef struct { 399 KMF_BIGINT mod; 400 KMF_BIGINT pubexp; 401 KMF_BIGINT priexp; 402 KMF_BIGINT prime1; 403 KMF_BIGINT prime2; 404 KMF_BIGINT exp1; 405 KMF_BIGINT exp2; 406 KMF_BIGINT coef; 407} KMF_RAW_RSA_KEY; 408 409typedef struct { 410 KMF_BIGINT prime; 411 KMF_BIGINT subprime; 412 KMF_BIGINT base; 413 KMF_BIGINT value; 414} KMF_RAW_DSA_KEY; 415 416typedef struct { 417 KMF_BIGINT keydata; 418} KMF_RAW_SYM_KEY; 419 420typedef struct { 421 KMF_KEY_ALG keytype; 422 union { 423 KMF_RAW_RSA_KEY rsa; 424 KMF_RAW_DSA_KEY dsa; 425 KMF_RAW_SYM_KEY sym; 426 }rawdata; 427} KMF_RAW_KEY_DATA; 428 429typedef struct { 430 KMF_KEYSTORE_TYPE kstype; 431 char *certLabel; 432 char *issuer; 433 char *subject; 434 char *idstr; 435 KMF_BIGINT *serial; 436 KMF_CREDENTIAL cred; /* cred for accessing the token */ 437 KMF_CREDENTIAL p12cred; /* cred used for securing the file */ 438 439 union { 440 KMF_NSS_PARAMS nss_opts; 441 KMF_OPENSSL_PARAMS openssl_opts; 442 }ks_opt_u; 443} KMF_EXPORTP12_PARAMS; 444 445typedef struct { 446 KMF_KEYSTORE_TYPE kstype; 447 KMF_KEY_ALG keytype; 448 uint32_t keylength; 449 char *keylabel; 450 KMF_CREDENTIAL cred; 451 union { 452 KMF_NSS_PARAMS nss_opts; 453 KMF_OPENSSL_PARAMS openssl_opts; 454 KMF_PKCS11_PARAMS pkcs11_opts; 455 }ks_opt_u; 456} KMF_CREATESYMKEY_PARAMS; 457 458/* Data structures for OCSP support */ 459typedef struct { 460 KMF_DATA *issuer_cert; 461 KMF_DATA *user_cert; 462} KMF_OCSPREQUEST_PARAMS; 463 464typedef struct { 465 KMF_DATA *response; 466 KMF_DATA *issuer_cert; 467 KMF_DATA *user_cert; 468 KMF_DATA *signer_cert; /* can be NULL */ 469 boolean_t ignore_response_sign; /* default is FALSE */ 470 uint32_t response_lifetime; /* in seconds */ 471} KMF_OCSPRESPONSE_PARAMS_INPUT; 472 473typedef enum { 474 OCSP_GOOD = 0, 475 OCSP_REVOKED = 1, 476 OCSP_UNKNOWN = 2 477} KMF_OCSP_CERT_STATUS; 478 479typedef struct { 480 int response_status; 481 int reason; /* if revoked */ 482 KMF_OCSP_CERT_STATUS cert_status; 483} KMF_OCSPRESPONSE_PARAMS_OUTPUT; 484 485#define nssparms ks_opt_u.nss_opts 486#define sslparms ks_opt_u.openssl_opts 487#define pkcs11parms ks_opt_u.pkcs11_opts 488 489typedef struct { 490 KMF_KEYSTORE_TYPE kstype; 491 KMF_KEY_ALG keyalg; 492 KMF_KEY_CLASS keyclass; 493 boolean_t israw; 494 char *keylabel; 495 void *keyp; 496} KMF_KEY_HANDLE; 497 498typedef struct { 499 KMF_KEYSTORE_TYPE kstype; 500 uint32_t errcode; 501} KMF_ERROR; 502 503/* 504 * Typenames to use with subjectAltName 505 */ 506typedef enum { 507 GENNAME_OTHERNAME = 0x00, 508 GENNAME_RFC822NAME, 509 GENNAME_DNSNAME, 510 GENNAME_X400ADDRESS, 511 GENNAME_DIRECTORYNAME, 512 GENNAME_EDIPARTYNAME, 513 GENNAME_URI, 514 GENNAME_IPADDRESS, 515 GENNAME_REGISTEREDID 516} KMF_GENERALNAMECHOICES; 517 518/* 519 * KMF_FIELD 520 * This structure contains the OID/value pair for any item that can be 521 * identified by an OID. 522 */ 523typedef struct 524{ 525 KMF_OID FieldOid; 526 KMF_DATA FieldValue; 527} KMF_FIELD; 528 529typedef enum { 530 KMF_OK = 0x00, 531 KMF_ERR_BAD_PARAMETER = 0x01, 532 KMF_ERR_BAD_KEY_FORMAT = 0x02, 533 KMF_ERR_BAD_ALGORITHM = 0x03, 534 KMF_ERR_MEMORY = 0x04, 535 KMF_ERR_ENCODING = 0x05, 536 KMF_ERR_PLUGIN_INIT = 0x06, 537 KMF_ERR_PLUGIN_NOTFOUND = 0x07, 538 KMF_ERR_INTERNAL = 0x0b, 539 KMF_ERR_BAD_CERT_FORMAT = 0x0c, 540 KMF_ERR_KEYGEN_FAILED = 0x0d, 541 KMF_ERR_UNINITIALIZED = 0x10, 542 KMF_ERR_ISSUER = 0x11, 543 KMF_ERR_NOT_REVOKED = 0x12, 544 KMF_ERR_CERT_NOT_FOUND = 0x13, 545 KMF_ERR_CRL_NOT_FOUND = 0x14, 546 KMF_ERR_RDN_PARSER = 0x15, 547 KMF_ERR_RDN_ATTR = 0x16, 548 KMF_ERR_SLOTNAME = 0x17, 549 KMF_ERR_EMPTY_CRL = 0x18, 550 KMF_ERR_BUFFER_SIZE = 0x19, 551 KMF_ERR_AUTH_FAILED = 0x1a, 552 KMF_ERR_TOKEN_SELECTED = 0x1b, 553 KMF_ERR_NO_TOKEN_SELECTED = 0x1c, 554 KMF_ERR_TOKEN_NOT_PRESENT = 0x1d, 555 KMF_ERR_EXTENSION_NOT_FOUND = 0x1e, 556 KMF_ERR_POLICY_ENGINE = 0x1f, 557 KMF_ERR_POLICY_DB_FORMAT = 0x20, 558 KMF_ERR_POLICY_NOT_FOUND = 0x21, 559 KMF_ERR_POLICY_DB_FILE = 0x22, 560 KMF_ERR_POLICY_NAME = 0x23, 561 KMF_ERR_OCSP_POLICY = 0x24, 562 KMF_ERR_TA_POLICY = 0x25, 563 KMF_ERR_KEY_NOT_FOUND = 0x26, 564 KMF_ERR_OPEN_FILE = 0x27, 565 KMF_ERR_OCSP_BAD_ISSUER = 0x28, 566 KMF_ERR_OCSP_BAD_CERT = 0x29, 567 KMF_ERR_OCSP_CREATE_REQUEST = 0x2a, 568 KMF_ERR_CONNECT_SERVER = 0x2b, 569 KMF_ERR_SEND_REQUEST = 0x2c, 570 KMF_ERR_OCSP_CERTID = 0x2d, 571 KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e, 572 KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f, 573 KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30, 574 KMF_ERR_OCSP_BAD_SIGNER = 0x31, 575 KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32, 576 KMF_ERR_OCSP_UNKNOWN_CERT = 0x33, 577 KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34, 578 KMF_ERR_BAD_HTTP_RESPONSE = 0x35, 579 KMF_ERR_RECV_RESPONSE = 0x36, 580 KMF_ERR_RECV_TIMEOUT = 0x37, 581 KMF_ERR_DUPLICATE_KEYFILE = 0x38, 582 KMF_ERR_AMBIGUOUS_PATHNAME = 0x39, 583 KMF_ERR_FUNCTION_NOT_FOUND = 0x3a, 584 KMF_ERR_PKCS12_FORMAT = 0x3b, 585 KMF_ERR_BAD_KEY_TYPE = 0x3c, 586 KMF_ERR_BAD_KEY_CLASS = 0x3d, 587 KMF_ERR_BAD_KEY_SIZE = 0x3e, 588 KMF_ERR_BAD_HEX_STRING = 0x3f, 589 KMF_ERR_KEYUSAGE = 0x40, 590 KMF_ERR_VALIDITY_PERIOD = 0x41, 591 KMF_ERR_OCSP_REVOKED = 0x42, 592 KMF_ERR_CERT_MULTIPLE_FOUND = 0x43, 593 KMF_ERR_WRITE_FILE = 0x44, 594 KMF_ERR_BAD_URI = 0x45, 595 KMF_ERR_BAD_CRLFILE = 0x46, 596 KMF_ERR_BAD_CERTFILE = 0x47, 597 KMF_ERR_GETKEYVALUE_FAILED = 0x48, 598 KMF_ERR_BAD_KEYHANDLE = 0x49, 599 KMF_ERR_BAD_OBJECT_TYPE = 0x4a, 600 KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b, 601 KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c, 602 KMF_ERR_UNINITIALIZED_TOKEN = 0x4d, 603 KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e, 604 KMF_ERR_MISSING_ERRCODE = 0x4f, 605 KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50, 606 KMF_ERR_SENSITIVE_KEY = 0x51, 607 KMF_ERR_UNEXTRACTABLE_KEY = 0x52, 608 KMF_ERR_KEY_MISMATCH = 0x53 609} KMF_RETURN; 610 611typedef enum { 612 OCSP_SUCCESS = 0, 613 OCSP_MALFORMED_REQUEST = 1, 614 OCSP_INTERNAL_ERROR = 2, 615 OCSP_TRYLATER = 3, 616 OCSP_SIGREQUIRED = 4, 617 OCSP_UNAUTHORIZED = 5 618} KMF_OCSP_RESPONSE_STATUS; 619 620typedef enum { 621 OCSP_NOSTATUS = -1, 622 OCSP_UNSPECIFIED = 0, 623 OCSP_KEYCOMPROMISE = 1, 624 OCSP_CACOMPROMISE = 2, 625 OCSP_AFFILIATIONCHANGE = 3, 626 OCSP_SUPERCEDED = 4, 627 OCSP_CESSATIONOFOPERATION = 5, 628 OCSP_CERTIFICATEHOLD = 6, 629 OCSP_REMOVEFROMCRL = 7 630} KMF_OCSP_REVOKED_STATUS; 631 632typedef enum { 633 KMF_ALGCLASS_NONE = 0, 634 KMF_ALGCLASS_CUSTOM, 635 KMF_ALGCLASS_SIGNATURE, 636 KMF_ALGCLASS_SYMMETRIC, 637 KMF_ALGCLASS_DIGEST, 638 KMF_ALGCLASS_RANDOMGEN, 639 KMF_ALGCLASS_UNIQUEGEN, 640 KMF_ALGCLASS_MAC, 641 KMF_ALGCLASS_ASYMMETRIC, 642 KMF_ALGCLASS_KEYGEN, 643 KMF_ALGCLASS_DERIVEKEY 644} KMF_ALGCLASS; 645 646typedef enum { 647 KMF_CERT_ISSUER = 1, 648 KMF_CERT_SUBJECT, 649 KMF_CERT_VERSION, 650 KMF_CERT_SERIALNUM, 651 KMF_CERT_NOTBEFORE, 652 KMF_CERT_NOTAFTER, 653 KMF_CERT_PUBKEY_ALG, 654 KMF_CERT_SIGNATURE_ALG, 655 KMF_CERT_EMAIL, 656 KMF_CERT_PUBKEY_DATA, 657 KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD, 658 KMF_X509_EXT_CERT_POLICIES, 659 KMF_X509_EXT_SUBJ_ALTNAME, 660 KMF_X509_EXT_ISSUER_ALTNAME, 661 KMF_X509_EXT_BASIC_CONSTRAINTS, 662 KMF_X509_EXT_NAME_CONSTRAINTS, 663 KMF_X509_EXT_POLICY_CONSTRAINTS, 664 KMF_X509_EXT_EXT_KEY_USAGE, 665 KMF_X509_EXT_INHIBIT_ANY_POLICY, 666 KMF_X509_EXT_AUTH_KEY_ID, 667 KMF_X509_EXT_SUBJ_KEY_ID, 668 KMF_X509_EXT_POLICY_MAPPINGS, 669 KMF_X509_EXT_CRL_DIST_POINTS, 670 KMF_X509_EXT_FRESHEST_CRL, 671 KMF_X509_EXT_KEY_USAGE 672} KMF_PRINTABLE_ITEM; 673 674/* 675 * KMF_X509_ALGORITHM_IDENTIFIER 676 * This structure holds an object identifier naming a 677 * cryptographic algorithm and an optional set of 678 * parameters to be used as input to that algorithm. 679 */ 680typedef struct 681{ 682 KMF_OID algorithm; 683 KMF_DATA parameters; 684} KMF_X509_ALGORITHM_IDENTIFIER; 685 686/* 687 * KMF_X509_TYPE_VALUE_PAIR 688 * This structure contain an type-value pair. 689 */ 690typedef struct 691{ 692 KMF_OID type; 693 uint8_t valueType; /* The Tag to use when BER encoded */ 694 KMF_DATA value; 695} KMF_X509_TYPE_VALUE_PAIR; 696 697 698/* 699 * KMF_X509_RDN 700 * This structure contains a Relative Distinguished Name 701 * composed of an ordered set of type-value pairs. 702 */ 703typedef struct 704{ 705 uint32_t numberOfPairs; 706 KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue; 707} KMF_X509_RDN; 708 709/* 710 * KMF_X509_NAME 711 * This structure contains a set of Relative Distinguished Names. 712 */ 713typedef struct 714{ 715 uint32_t numberOfRDNs; 716 KMF_X509_RDN *RelativeDistinguishedName; 717} KMF_X509_NAME; 718 719/* 720 * KMF_X509_SPKI 721 * This structure contains the public key and the 722 * description of the verification algorithm 723 * appropriate for use with this key. 724 */ 725typedef struct 726{ 727 KMF_X509_ALGORITHM_IDENTIFIER algorithm; 728 KMF_DATA subjectPublicKey; 729} KMF_X509_SPKI; 730 731/* 732 * KMF_X509_TIME 733 * Time is represented as a string according to the 734 * definitions of GeneralizedTime and UTCTime 735 * defined in RFC 2459. 736 */ 737typedef struct 738{ 739 uint8_t timeType; 740 KMF_DATA time; 741} KMF_X509_TIME; 742 743/* 744 * KMF_X509_VALIDITY 745 */ 746typedef struct 747{ 748 KMF_X509_TIME notBefore; 749 KMF_X509_TIME notAfter; 750} KMF_X509_VALIDITY; 751 752/* 753 * KMF_X509EXT_BASICCONSTRAINTS 754 */ 755typedef struct 756{ 757 KMF_BOOL cA; 758 KMF_BOOL pathLenConstraintPresent; 759 uint32_t pathLenConstraint; 760} KMF_X509EXT_BASICCONSTRAINTS; 761 762/* 763 * KMF_X509EXT_DATA_FORMAT 764 * This list defines the valid formats for a certificate extension. 765 */ 766typedef enum 767{ 768 KMF_X509_DATAFORMAT_ENCODED = 0, 769 KMF_X509_DATAFORMAT_PARSED, 770 KMF_X509_DATAFORMAT_PAIR 771} KMF_X509EXT_DATA_FORMAT; 772 773 774/* 775 * KMF_X509EXT_TAGandVALUE 776 * This structure contains a BER/DER encoded 777 * extension value and the type of that value. 778 */ 779typedef struct 780{ 781 uint8_t type; 782 KMF_DATA value; 783} KMF_X509EXT_TAGandVALUE; 784 785 786/* 787 * KMF_X509EXT_PAIR 788 * This structure aggregates two extension representations: 789 * a tag and value, and a parsed X509 extension representation. 790 */ 791typedef struct 792{ 793 KMF_X509EXT_TAGandVALUE tagAndValue; 794 void *parsedValue; 795} KMF_X509EXT_PAIR; 796 797/* 798 * KMF_X509_EXTENSION 799 * This structure contains a complete certificate extension. 800 */ 801typedef struct 802{ 803 KMF_OID extnId; 804 KMF_BOOL critical; 805 KMF_X509EXT_DATA_FORMAT format; 806 union 807 { 808 KMF_X509EXT_TAGandVALUE *tagAndValue; 809 void *parsedValue; 810 KMF_X509EXT_PAIR *valuePair; 811 } value; 812 KMF_DATA BERvalue; 813} KMF_X509_EXTENSION; 814 815 816/* 817 * KMF_X509_EXTENSIONS 818 * This structure contains the set of all certificate 819 * extensions contained in a certificate. 820 */ 821typedef struct 822{ 823 uint32_t numberOfExtensions; 824 KMF_X509_EXTENSION *extensions; 825} KMF_X509_EXTENSIONS; 826 827/* 828 * KMF_X509_TBS_CERT 829 * This structure contains a complete X.509 certificate. 830 */ 831typedef struct 832{ 833 KMF_DATA version; 834 KMF_BIGINT serialNumber; 835 KMF_X509_ALGORITHM_IDENTIFIER signature; 836 KMF_X509_NAME issuer; 837 KMF_X509_VALIDITY validity; 838 KMF_X509_NAME subject; 839 KMF_X509_SPKI subjectPublicKeyInfo; 840 KMF_DATA issuerUniqueIdentifier; 841 KMF_DATA subjectUniqueIdentifier; 842 KMF_X509_EXTENSIONS extensions; 843} KMF_X509_TBS_CERT; 844 845/* 846 * KMF_X509_SIGNATURE 847 * This structure contains a cryptographic digital signature. 848 */ 849typedef struct 850{ 851 KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; 852 KMF_DATA encrypted; 853} KMF_X509_SIGNATURE; 854 855/* 856 * KMF_X509_CERTIFICATE 857 * This structure associates a set of decoded certificate 858 * values with the signature covering those values. 859 */ 860typedef struct 861{ 862 KMF_X509_TBS_CERT certificate; 863 KMF_X509_SIGNATURE signature; 864} KMF_X509_CERTIFICATE; 865 866#define CERT_ALG_OID(c) &c->certificate.signature.algorithm 867#define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm 868 869/* 870 * KMF_TBS_CSR 871 * This structure contains a complete PKCS#10 certificate request 872 */ 873typedef struct 874{ 875 KMF_DATA version; 876 KMF_X509_NAME subject; 877 KMF_X509_SPKI subjectPublicKeyInfo; 878 KMF_X509_EXTENSIONS extensions; 879} KMF_TBS_CSR; 880 881/* 882 * KMF_CSR_DATA 883 * This structure contains a complete PKCS#10 certificate signed request 884 */ 885typedef struct 886{ 887 KMF_TBS_CSR csr; 888 KMF_X509_SIGNATURE signature; 889} KMF_CSR_DATA; 890 891/* 892 * KMF_X509EXT_POLICYQUALIFIERINFO 893 */ 894typedef struct 895{ 896 KMF_OID policyQualifierId; 897 KMF_DATA value; 898} KMF_X509EXT_POLICYQUALIFIERINFO; 899 900/* 901 * KMF_X509EXT_POLICYQUALIFIERS 902 */ 903typedef struct 904{ 905 uint32_t numberOfPolicyQualifiers; 906 KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier; 907} KMF_X509EXT_POLICYQUALIFIERS; 908 909/* 910 * KMF_X509EXT_POLICYINFO 911 */ 912typedef struct 913{ 914 KMF_OID policyIdentifier; 915 KMF_X509EXT_POLICYQUALIFIERS policyQualifiers; 916} KMF_X509EXT_POLICYINFO; 917 918typedef struct 919{ 920 uint32_t numberOfPolicyInfo; 921 KMF_X509EXT_POLICYINFO *policyInfo; 922} KMF_X509EXT_CERT_POLICIES; 923 924typedef struct 925{ 926 uchar_t critical; 927 uint16_t KeyUsageBits; 928} KMF_X509EXT_KEY_USAGE; 929 930typedef struct 931{ 932 uchar_t critical; 933 uint16_t nEKUs; 934 KMF_OID *keyPurposeIdList; 935} KMF_X509EXT_EKU; 936 937 938/* 939 * X509 AuthorityInfoAccess extension 940 */ 941typedef struct 942{ 943 KMF_OID AccessMethod; 944 KMF_DATA AccessLocation; 945} KMF_X509EXT_ACCESSDESC; 946 947typedef struct 948{ 949 uint32_t numberOfAccessDescription; 950 KMF_X509EXT_ACCESSDESC *AccessDesc; 951} KMF_X509EXT_AUTHINFOACCESS; 952 953 954/* 955 * X509 Crl Distribution Point extension 956 */ 957typedef struct { 958 KMF_GENERALNAMECHOICES choice; 959 KMF_DATA name; 960} KMF_GENERALNAME; 961 962typedef struct { 963 uint32_t number; 964 KMF_GENERALNAME *namelist; 965} KMF_GENERALNAMES; 966 967typedef enum { 968 DP_GENERAL_NAME = 1, 969 DP_RELATIVE_NAME = 2 970} KMF_CRL_DIST_POINT_TYPE; 971 972typedef struct { 973 KMF_CRL_DIST_POINT_TYPE type; 974 union { 975 KMF_GENERALNAMES full_name; 976 KMF_DATA relative_name; 977 } name; 978 KMF_DATA reasons; 979 KMF_GENERALNAMES crl_issuer; 980} KMF_CRL_DIST_POINT; 981 982typedef struct { 983 uint32_t number; 984 KMF_CRL_DIST_POINT *dplist; 985} KMF_X509EXT_CRLDISTPOINTS; 986 987 988/* 989 * Definitions for common X.509v3 certificate attribute OIDs 990 */ 991#define OID_ISO_MEMBER 42 /* Also in PKCS */ 992#define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */ 993#define OID_CA OID_ISO_MEMBER, 124 994 995#define OID_ISO_IDENTIFIED_ORG 43 996#define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 997#define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 998#define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 999#define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */ 1000 1001#define OID_ISO_CCITT_DIR_SERVICE 85 1002#define OID_ISO_CCITT_COUNTRY 96 1003#define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72 1004#define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124 1005#define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1 1006#define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2 1007#define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3 1008 1009/* From the PKCS Standards */ 1010#define OID_ISO_MEMBER_LENGTH 1 1011#define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2) 1012 1013#define OID_RSA OID_US, 134, 247, 13 1014#define OID_RSA_LENGTH (OID_US_LENGTH + 3) 1015 1016#define OID_RSA_HASH OID_RSA, 2 1017#define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1) 1018 1019#define OID_RSA_ENCRYPT OID_RSA, 3 1020#define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1) 1021 1022#define OID_PKCS OID_RSA, 1 1023#define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1) 1024 1025#define OID_PKCS_1 OID_PKCS, 1 1026#define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1) 1027 1028#define OID_PKCS_2 OID_PKCS, 2 1029#define OID_PKCS_3 OID_PKCS, 3 1030#define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1) 1031 1032#define OID_PKCS_4 OID_PKCS, 4 1033#define OID_PKCS_5 OID_PKCS, 5 1034#define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1) 1035#define OID_PKCS_6 OID_PKCS, 6 1036#define OID_PKCS_7 OID_PKCS, 7 1037#define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1) 1038 1039#define OID_PKCS_7_Data OID_PKCS_7, 1 1040#define OID_PKCS_7_SignedData OID_PKCS_7, 2 1041#define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3 1042#define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4 1043#define OID_PKCS_7_DigestedData OID_PKCS_7, 5 1044#define OID_PKCS_7_EncryptedData OID_PKCS_7, 6 1045 1046#define OID_PKCS_8 OID_PKCS, 8 1047#define OID_PKCS_9 OID_PKCS, 9 1048#define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1) 1049 1050#define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3 1051#define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4 1052#define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5 1053#define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6 1054#define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14 1055 1056#define OID_PKCS_10 OID_PKCS, 10 1057 1058#define OID_PKCS_12 OID_PKCS, 12 1059#define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1) 1060 1061#define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1 1062#define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2 1063#define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3 1064#define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4 1065#define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5 1066#define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6 1067 1068#define OID_BAG_TYPES OID_PKCS_12, 10, 1 1069#define OID_KeyBag OID_BAG_TYPES, 1 1070#define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2 1071#define OID_CertBag OID_BAG_TYPES, 3 1072#define OID_CrlBag OID_BAG_TYPES, 4 1073#define OID_SecretBag OID_BAG_TYPES, 5 1074#define OID_SafeContentsBag OID_BAG_TYPES, 6 1075 1076#define OID_ContentInfo OID_PKCS_7, 0, 1 1077 1078#define OID_CERT_TYPES OID_PKCS_9, 22 1079#define OID_x509Certificate OID_CERT_TYPES, 1 1080#define OID_sdsiCertificate OID_CERT_TYPES, 2 1081 1082#define OID_CRL_TYPES OID_PKCS_9, 23 1083#define OID_x509Crl OID_CRL_TYPES, 1 1084 1085#define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */ 1086#define OID_DS_LENGTH 1 1087 1088#define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */ 1089#define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1) 1090 1091#define OID_DSALG OID_DS, 8 /* Also in X.501 */ 1092#define OID_DSALG_LENGTH (OID_DS_LENGTH + 1) 1093 1094#define OID_EXTENSION OID_DS, 29 /* Also in X.501 */ 1095#define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1) 1096 1097/* 1098 * From RFC 1274: 1099 * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) } 1100 */ 1101#define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 1102#define OID_PILOT_LENGTH 9 1103 1104#define OID_USERID OID_PILOT 1 1105#define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1) 1106 1107/* 1108 * From PKIX part1 1109 * { iso(1) identified-organization(3) dod(6) internet(1) 1110 * security(5) mechanisms(5) pkix(7) } 1111 */ 1112#define OID_PKIX 43, 6, 1, 5, 5, 7 1113#define OID_PKIX_LENGTH 6 1114 1115/* private certificate extensions, { id-pkix 1 } */ 1116#define OID_PKIX_PE OID_PKIX, 1 1117#define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1) 1118 1119/* policy qualifier types {id-pkix 2 } */ 1120#define OID_PKIX_QT OID_PKIX, 2 1121#define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1) 1122 1123/* CPS qualifier, { id-qt 1 } */ 1124#define OID_PKIX_QT_CPS OID_PKIX_QT, 1 1125#define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1) 1126/* user notice qualifier, { id-qt 2 } */ 1127#define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2 1128#define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1) 1129 1130/* extended key purpose OIDs {id-pkix 3 } */ 1131#define OID_PKIX_KP OID_PKIX, 3 1132#define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1) 1133 1134/* access descriptors {id-pkix 4 } */ 1135#define OID_PKIX_AD OID_PKIX, 48 1136#define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1) 1137 1138/* access descriptors */ 1139/* OCSP */ 1140#define OID_PKIX_AD_OCSP OID_PKIX_AD, 1 1141#define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1) 1142 1143/* cAIssuers */ 1144#define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2 1145#define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1) 1146 1147/* end PKIX part1 */ 1148#define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4 1149#define OID_APPL_TCP_PROTO_LENGTH 8 1150 1151#define OID_DAP OID_DS, 3, 1 1152#define OID_DAP_LENGTH (OID_DS_LENGTH + 2) 1153 1154/* From x9.57 */ 1155#define OID_OIW_LENGTH 2 1156 1157#define OID_OIW_SECSIG OID_OIW, 3 1158#define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1) 1159 1160#define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 1161#define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1) 1162 1163#define OID_OIWDIR OID_OIW, 7, 2 1164#define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2) 1165 1166#define OID_OIWDIR_CRPT OID_OIWDIR, 1 1167 1168#define OID_OIWDIR_HASH OID_OIWDIR, 2 1169#define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1) 1170 1171#define OID_OIWDIR_SIGN OID_OIWDIR, 3 1172#define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1) 1173 1174#define OID_X9CM OID_US, 206, 56 1175#define OID_X9CM_MODULE OID_X9CM, 1 1176#define OID_X9CM_INSTRUCTION OID_X9CM, 2 1177#define OID_X9CM_ATTR OID_X9CM, 3 1178#define OID_X9CM_X9ALGORITHM OID_X9CM, 4 1179#define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1) 1180 1181#define INTEL 96, 134, 72, 1, 134, 248, 77 1182#define INTEL_LENGTH 7 1183 1184#define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 1185#define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) 1186 1187#define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 1188#define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) 1189 1190extern const KMF_OID 1191KMFOID_AliasedEntryName, 1192KMFOID_AuthorityRevocationList, 1193KMFOID_BusinessCategory, 1194KMFOID_CACertificate, 1195KMFOID_CertificateRevocationList, 1196KMFOID_ChallengePassword, 1197KMFOID_CollectiveFacsimileTelephoneNumber, 1198KMFOID_CollectiveInternationalISDNNumber, 1199KMFOID_CollectiveOrganizationName, 1200KMFOID_CollectiveOrganizationalUnitName, 1201KMFOID_CollectivePhysicalDeliveryOfficeName, 1202KMFOID_CollectivePostOfficeBox, 1203KMFOID_CollectivePostalAddress, 1204KMFOID_CollectivePostalCode, 1205KMFOID_CollectiveStateProvinceName, 1206KMFOID_CollectiveStreetAddress, 1207KMFOID_CollectiveTelephoneNumber, 1208KMFOID_CollectiveTelexNumber, 1209KMFOID_CollectiveTelexTerminalIdentifier, 1210KMFOID_CommonName, 1211KMFOID_ContentType, 1212KMFOID_CounterSignature, 1213KMFOID_CountryName, 1214KMFOID_CrossCertificatePair, 1215KMFOID_DNQualifier, 1216KMFOID_Description, 1217KMFOID_DestinationIndicator, 1218KMFOID_DistinguishedName, 1219KMFOID_EmailAddress, 1220KMFOID_EnhancedSearchGuide, 1221KMFOID_ExtendedCertificateAttributes, 1222KMFOID_ExtensionRequest, 1223KMFOID_FacsimileTelephoneNumber, 1224KMFOID_GenerationQualifier, 1225KMFOID_GivenName, 1226KMFOID_HouseIdentifier, 1227KMFOID_Initials, 1228KMFOID_InternationalISDNNumber, 1229KMFOID_KnowledgeInformation, 1230KMFOID_LocalityName, 1231KMFOID_Member, 1232KMFOID_MessageDigest, 1233KMFOID_Name, 1234KMFOID_ObjectClass, 1235KMFOID_OrganizationName, 1236KMFOID_OrganizationalUnitName, 1237KMFOID_Owner, 1238KMFOID_PhysicalDeliveryOfficeName, 1239KMFOID_PostOfficeBox, 1240KMFOID_PostalAddress, 1241KMFOID_PostalCode, 1242KMFOID_PreferredDeliveryMethod, 1243KMFOID_PresentationAddress, 1244KMFOID_ProtocolInformation, 1245KMFOID_RFC822mailbox, 1246KMFOID_RegisteredAddress, 1247KMFOID_RoleOccupant, 1248KMFOID_SearchGuide, 1249KMFOID_SeeAlso, 1250KMFOID_SerialNumber, 1251KMFOID_SigningTime, 1252KMFOID_StateProvinceName, 1253KMFOID_StreetAddress, 1254KMFOID_SupportedApplicationContext, 1255KMFOID_Surname, 1256KMFOID_TelephoneNumber, 1257KMFOID_TelexNumber, 1258KMFOID_TelexTerminalIdentifier, 1259KMFOID_Title, 1260KMFOID_UniqueIdentifier, 1261KMFOID_UniqueMember, 1262KMFOID_UnstructuredAddress, 1263KMFOID_UnstructuredName, 1264KMFOID_UserCertificate, 1265KMFOID_UserPassword, 1266KMFOID_X_121Address, 1267KMFOID_domainComponent, 1268KMFOID_userid; 1269 1270extern const KMF_OID 1271KMFOID_AuthorityKeyID, 1272KMFOID_AuthorityInfoAccess, 1273KMFOID_VerisignCertificatePolicy, 1274KMFOID_KeyUsageRestriction, 1275KMFOID_SubjectDirectoryAttributes, 1276KMFOID_SubjectKeyIdentifier, 1277KMFOID_KeyUsage, 1278KMFOID_PrivateKeyUsagePeriod, 1279KMFOID_SubjectAltName, 1280KMFOID_IssuerAltName, 1281KMFOID_BasicConstraints, 1282KMFOID_CrlNumber, 1283KMFOID_CrlReason, 1284KMFOID_HoldInstructionCode, 1285KMFOID_InvalidityDate, 1286KMFOID_DeltaCrlIndicator, 1287KMFOID_IssuingDistributionPoints, 1288KMFOID_NameConstraints, 1289KMFOID_CrlDistributionPoints, 1290KMFOID_CertificatePolicies, 1291KMFOID_PolicyMappings, 1292KMFOID_PolicyConstraints, 1293KMFOID_AuthorityKeyIdentifier, 1294KMFOID_ExtendedKeyUsage, 1295KMFOID_PkixAdOcsp, 1296KMFOID_PkixAdCaIssuers, 1297KMFOID_PKIX_PQ_CPSuri, 1298KMFOID_PKIX_PQ_Unotice, 1299KMFOID_PKIX_KP_ServerAuth, 1300KMFOID_PKIX_KP_ClientAuth, 1301KMFOID_PKIX_KP_CodeSigning, 1302KMFOID_PKIX_KP_EmailProtection, 1303KMFOID_PKIX_KP_IPSecEndSystem, 1304KMFOID_PKIX_KP_IPSecTunnel, 1305KMFOID_PKIX_KP_IPSecUser, 1306KMFOID_PKIX_KP_TimeStamping, 1307KMFOID_PKIX_KP_OCSPSigning, 1308KMFOID_SHA1, 1309KMFOID_RSA, 1310KMFOID_DSA, 1311KMFOID_MD5WithRSA, 1312KMFOID_MD2WithRSA, 1313KMFOID_SHA1WithRSA, 1314KMFOID_SHA1WithDSA, 1315KMFOID_OIW_DSAWithSHA1, 1316KMFOID_X9CM_DSA, 1317KMFOID_X9CM_DSAWithSHA1; 1318 1319/* 1320 * KMF Certificate validation codes. These may be masked together. 1321 */ 1322#define KMF_CERT_VALIDATE_OK 0x00 1323#define KMF_CERT_VALIDATE_ERR_TA 0x01 1324#define KMF_CERT_VALIDATE_ERR_USER 0x02 1325#define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04 1326#define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08 1327#define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10 1328#define KMF_CERT_VALIDATE_ERR_TIME 0x20 1329#define KMF_CERT_VALIDATE_ERR_CRL 0x40 1330#define KMF_CERT_VALIDATE_ERR_OCSP 0x80 1331#define KMF_CERT_VALIDATE_ERR_ISSUER 0x100 1332 1333/* 1334 * KMF Key Usage bitmasks 1335 */ 1336#define KMF_digitalSignature 0x8000 1337#define KMF_nonRepudiation 0x4000 1338#define KMF_keyEncipherment 0x2000 1339#define KMF_dataEncipherment 0x1000 1340#define KMF_keyAgreement 0x0800 1341#define KMF_keyCertSign 0x0400 1342#define KMF_cRLSign 0x0200 1343#define KMF_encipherOnly 0x0100 1344#define KMF_decipherOnly 0x0080 1345 1346#define KMF_KUBITMASK 0xFF80 1347 1348/* 1349 * KMF Extended KeyUsage OID definitions 1350 */ 1351#define KMF_EKU_SERVERAUTH 0x01 1352#define KMF_EKU_CLIENTAUTH 0x02 1353#define KMF_EKU_CODESIGNING 0x04 1354#define KMF_EKU_EMAIL 0x08 1355#define KMF_EKU_TIMESTAMP 0x10 1356#define KMF_EKU_OCSPSIGNING 0x20 1357 1358 1359#ifdef __cplusplus 1360} 1361#endif 1362#endif /* _KMFTYPES_H */ 1363