199ebb4cwyllys/*
29a76708haimay * Copyright (c) 1995-2000 Intel Corporation. All rights reserved.
399ebb4cwyllys */
499ebb4cwyllys/*
5269e59fJan Pechanec * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
699ebb4cwyllys */
799ebb4cwyllys
899ebb4cwyllys#ifndef _KMFTYPES_H
999ebb4cwyllys#define	_KMFTYPES_H
1099ebb4cwyllys
1199ebb4cwyllys#include <sys/types.h>
1299ebb4cwyllys#include <stdlib.h>
1399ebb4cwyllys#include <strings.h>
1499ebb4cwyllys#include <pthread.h>
1599ebb4cwyllys
1699ebb4cwyllys#include <security/cryptoki.h>
1799ebb4cwyllys
1899ebb4cwyllys#ifdef __cplusplus
1999ebb4cwyllysextern "C" {
2099ebb4cwyllys#endif
2199ebb4cwyllys
2299ebb4cwyllystypedef uint32_t KMF_BOOL;
2399ebb4cwyllys
2499ebb4cwyllys#define	KMF_FALSE (0)
2599ebb4cwyllys#define	KMF_TRUE  (1)
2699ebb4cwyllys
2799ebb4cwyllys/* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */
2899ebb4cwyllystypedef struct _kmf_handle *KMF_HANDLE_T;
2999ebb4cwyllys
3099ebb4cwyllys/*
3199ebb4cwyllys * KMF_DATA
3299ebb4cwyllys * The KMF_DATA structure is used to associate a length, in bytes, with
3399ebb4cwyllys * an arbitrary block of contiguous memory.
3499ebb4cwyllys */
3599ebb4cwyllystypedef struct kmf_data
3699ebb4cwyllys{
3799ebb4cwyllys    size_t	Length; /* in bytes */
3899ebb4cwyllys    uchar_t	*Data;
3999ebb4cwyllys} KMF_DATA;
4099ebb4cwyllys
4199ebb4cwyllystypedef struct {
4299ebb4cwyllys	uchar_t		*val;
4399ebb4cwyllys	size_t		len;
4499ebb4cwyllys} KMF_BIGINT;
4599ebb4cwyllys
4699ebb4cwyllys/*
4799ebb4cwyllys * KMF_OID
4899ebb4cwyllys * The object identifier (OID) structure is used to hold a unique identifier for
4999ebb4cwyllys * the atomic data fields and the compound substructure that comprise the fields
5099ebb4cwyllys * of a certificate or CRL.
5199ebb4cwyllys */
5299ebb4cwyllystypedef KMF_DATA KMF_OID;
5399ebb4cwyllys
5499ebb4cwyllystypedef struct kmf_x509_private {
5599ebb4cwyllys	int	keystore_type;
5699ebb4cwyllys	int	flags;			/* see below */
5799ebb4cwyllys	char	*label;
5899ebb4cwyllys#define	KMF_FLAG_CERT_VALID	1	/* contains valid certificate */
5999ebb4cwyllys#define	KMF_FLAG_CERT_SIGNED	2	/* this is a signed certificate */
6030a5e8fwyllys} KMF_X509_PRIVATE;
6199ebb4cwyllys
6299ebb4cwyllys/*
6399ebb4cwyllys * KMF_X509_DER_CERT
6499ebb4cwyllys * This structure associates packed DER certificate data.
6599ebb4cwyllys * Also, it contains the private information internal used
6699ebb4cwyllys * by KMF layer.
6799ebb4cwyllys */
6899ebb4cwyllystypedef struct
6999ebb4cwyllys{
7099ebb4cwyllys	KMF_DATA		certificate;
7199ebb4cwyllys	KMF_X509_PRIVATE	kmf_private;
7299ebb4cwyllys} KMF_X509_DER_CERT;
7399ebb4cwyllys
74431deaahyleetypedef int KMF_KEYSTORE_TYPE;
75431deaahylee#define	KMF_KEYSTORE_NSS	1
76431deaahylee#define	KMF_KEYSTORE_OPENSSL	2
77431deaahylee#define	KMF_KEYSTORE_PK11TOKEN	3
7899ebb4cwyllys
79431deaahylee#define	VALID_DEFAULT_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\
8099ebb4cwyllys	(t <= KMF_KEYSTORE_PK11TOKEN))
8199ebb4cwyllys
8299ebb4cwyllystypedef enum {
8399ebb4cwyllys	KMF_FORMAT_UNDEF =	0,
8499ebb4cwyllys	KMF_FORMAT_ASN1 =	1,	/* DER */
8599ebb4cwyllys	KMF_FORMAT_PEM =	2,
8699ebb4cwyllys	KMF_FORMAT_PKCS12 =	3,
8771593dbwyllys	KMF_FORMAT_RAWKEY =	4,	/* For FindKey operation */
8871593dbwyllys	KMF_FORMAT_PEM_KEYPAIR = 5
8999ebb4cwyllys} KMF_ENCODE_FORMAT;
9030a5e8fwyllys
9171593dbwyllys#define	KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF
9299ebb4cwyllys
9399ebb4cwyllystypedef enum {
9499ebb4cwyllys	KMF_ALL_CERTS =		0,
9599ebb4cwyllys	KMF_NONEXPIRED_CERTS =	1,
9699ebb4cwyllys	KMF_EXPIRED_CERTS =	2
9799ebb4cwyllys} KMF_CERT_VALIDITY;
9899ebb4cwyllys
9930a5e8fwyllys
10030a5e8fwyllystypedef enum {
10130a5e8fwyllys	KMF_ALL_EXTNS =		0,
10230a5e8fwyllys	KMF_CRITICAL_EXTNS = 	1,
10330a5e8fwyllys	KMF_NONCRITICAL_EXTNS =	2
10430a5e8fwyllys} KMF_FLAG_CERT_EXTN;
10530a5e8fwyllys
10630a5e8fwyllys
10799ebb4cwyllystypedef enum {
10899ebb4cwyllys	KMF_KU_SIGN_CERT	= 0,
10999ebb4cwyllys	KMF_KU_SIGN_DATA	= 1,
11099ebb4cwyllys	KMF_KU_ENCRYPT_DATA	= 2
11199ebb4cwyllys} KMF_KU_PURPOSE;
11299ebb4cwyllys
11302744e8wyllys/*
11402744e8wyllys * Algorithms
11502744e8wyllys * This type defines a set of constants used to identify cryptographic
11602744e8wyllys * algorithms.
117e65e5c2Wyllys Ingersoll *
118e65e5c2Wyllys Ingersoll * When adding new ALGID, be careful not to rearrange existing
119e65e5c2Wyllys Ingersoll * values, doing so can cause problem in the STC test suite.
12002744e8wyllys */
12102744e8wyllystypedef enum {
12202744e8wyllys	KMF_ALGID_NONE	= 0,
12302744e8wyllys	KMF_ALGID_CUSTOM,
12402744e8wyllys	KMF_ALGID_SHA1,
12502744e8wyllys	KMF_ALGID_RSA,
12602744e8wyllys	KMF_ALGID_DSA,
12702744e8wyllys	KMF_ALGID_MD5WithRSA,
12802744e8wyllys	KMF_ALGID_MD2WithRSA,
12902744e8wyllys	KMF_ALGID_SHA1WithRSA,
130e65e5c2Wyllys Ingersoll	KMF_ALGID_SHA1WithDSA,
131e65e5c2Wyllys Ingersoll
132e65e5c2Wyllys Ingersoll	KMF_ALGID_ECDSA,
133e65e5c2Wyllys Ingersoll
134e65e5c2Wyllys Ingersoll	KMF_ALGID_SHA256WithRSA,
135e65e5c2Wyllys Ingersoll	KMF_ALGID_SHA384WithRSA,
136e65e5c2Wyllys Ingersoll	KMF_ALGID_SHA512WithRSA,
137e65e5c2Wyllys Ingersoll
138e65e5c2Wyllys Ingersoll	KMF_ALGID_SHA256WithDSA,
139e65e5c2Wyllys Ingersoll
140e65e5c2Wyllys Ingersoll	KMF_ALGID_SHA1WithECDSA,
141e65e5c2Wyllys Ingersoll	KMF_ALGID_SHA256WithECDSA,
142e65e5c2Wyllys Ingersoll	KMF_ALGID_SHA384WithECDSA,
143e65e5c2Wyllys Ingersoll	KMF_ALGID_SHA512WithECDSA
14402744e8wyllys} KMF_ALGORITHM_INDEX;
14599ebb4cwyllys
14699ebb4cwyllys/*
14799ebb4cwyllys * Generic credential structure used by other structures below
14899ebb4cwyllys * to convey authentication information to the underlying
14999ebb4cwyllys * mechanisms.
15099ebb4cwyllys */
15199ebb4cwyllystypedef struct {
15299ebb4cwyllys	char *cred;
15399ebb4cwyllys	uint32_t credlen;
15499ebb4cwyllys} KMF_CREDENTIAL;
15599ebb4cwyllys
15699ebb4cwyllystypedef enum {
15799ebb4cwyllys	KMF_KEYALG_NONE = 0,
15899ebb4cwyllys	KMF_RSA = 1,
15999ebb4cwyllys	KMF_DSA = 2,
16099ebb4cwyllys	KMF_AES = 3,
16199ebb4cwyllys	KMF_RC4 = 4,
16299ebb4cwyllys	KMF_DES = 5,
163c197cb9hylee	KMF_DES3 = 6,
164e65e5c2Wyllys Ingersoll	KMF_GENERIC_SECRET = 7,
165e65e5c2Wyllys Ingersoll	KMF_ECDSA = 8
16699ebb4cwyllys}KMF_KEY_ALG;
16799ebb4cwyllys
16899ebb4cwyllystypedef enum {
16999ebb4cwyllys	KMF_KEYCLASS_NONE = 0,
17099ebb4cwyllys	KMF_ASYM_PUB = 1,	/* public key of an asymmetric keypair */
17199ebb4cwyllys	KMF_ASYM_PRI = 2,	/* private key of an asymmetric keypair */
17299ebb4cwyllys	KMF_SYMMETRIC = 3	/* symmetric key */
17399ebb4cwyllys}KMF_KEY_CLASS;
17499ebb4cwyllys
17599ebb4cwyllystypedef enum {
17699ebb4cwyllys	KMF_CERT = 0,
17799ebb4cwyllys	KMF_CSR = 1,
17899ebb4cwyllys	KMF_CRL = 2
17999ebb4cwyllys}KMF_OBJECT_TYPE;
18099ebb4cwyllys
18199ebb4cwyllystypedef struct {
18299ebb4cwyllys	KMF_BIGINT	mod;
18399ebb4cwyllys	KMF_BIGINT	pubexp;
18499ebb4cwyllys	KMF_BIGINT	priexp;
18599ebb4cwyllys	KMF_BIGINT	prime1;
18699ebb4cwyllys	KMF_BIGINT	prime2;
18799ebb4cwyllys	KMF_BIGINT	exp1;
18899ebb4cwyllys	KMF_BIGINT	exp2;
18999ebb4cwyllys	KMF_BIGINT	coef;
19099ebb4cwyllys} KMF_RAW_RSA_KEY;
19199ebb4cwyllys
19299ebb4cwyllystypedef struct {
19399ebb4cwyllys	KMF_BIGINT	prime;
19499ebb4cwyllys	KMF_BIGINT	subprime;
19599ebb4cwyllys	KMF_BIGINT	base;
19699ebb4cwyllys	KMF_BIGINT	value;
19730a5e8fwyllys	KMF_BIGINT	pubvalue;
19899ebb4cwyllys} KMF_RAW_DSA_KEY;
19999ebb4cwyllys
20099ebb4cwyllystypedef struct {
20199ebb4cwyllys	KMF_BIGINT	keydata;
20299ebb4cwyllys} KMF_RAW_SYM_KEY;
20399ebb4cwyllys
20499ebb4cwyllystypedef struct {
205e65e5c2Wyllys Ingersoll	KMF_BIGINT	value;
206e65e5c2Wyllys Ingersoll	KMF_OID		params;
207e65e5c2Wyllys Ingersoll} KMF_RAW_EC_KEY;
208e65e5c2Wyllys Ingersoll
209e65e5c2Wyllys Ingersolltypedef struct {
21030a5e8fwyllys	KMF_KEY_ALG	keytype;
21130a5e8fwyllys	boolean_t	sensitive;
21230a5e8fwyllys	boolean_t	not_extractable;
21399ebb4cwyllys	union {
21499ebb4cwyllys		KMF_RAW_RSA_KEY	rsa;
21599ebb4cwyllys		KMF_RAW_DSA_KEY	dsa;
21699ebb4cwyllys		KMF_RAW_SYM_KEY	sym;
217e65e5c2Wyllys Ingersoll		KMF_RAW_EC_KEY  ec;
21899ebb4cwyllys	}rawdata;
2195b3e143wyllys	char *label;
2205b3e143wyllys	KMF_DATA id;
22199ebb4cwyllys} KMF_RAW_KEY_DATA;
22299ebb4cwyllys
22399ebb4cwyllystypedef struct {
22499ebb4cwyllys	KMF_KEYSTORE_TYPE	kstype;
22599ebb4cwyllys	KMF_KEY_ALG		keyalg;
22699ebb4cwyllys	KMF_KEY_CLASS		keyclass;
22799ebb4cwyllys	boolean_t		israw;
22899ebb4cwyllys	char			*keylabel;
22999ebb4cwyllys	void			*keyp;
23099ebb4cwyllys} KMF_KEY_HANDLE;
23199ebb4cwyllys
23299ebb4cwyllystypedef struct {
23399ebb4cwyllys	KMF_KEYSTORE_TYPE	kstype;
23499ebb4cwyllys	uint32_t		errcode;
23599ebb4cwyllys} KMF_ERROR;
23699ebb4cwyllys
23799ebb4cwyllys/*
23899ebb4cwyllys * Typenames to use with subjectAltName
23999ebb4cwyllys */
24099ebb4cwyllystypedef enum {
24199ebb4cwyllys	GENNAME_OTHERNAME	= 0x00,
24299ebb4cwyllys	GENNAME_RFC822NAME,
24399ebb4cwyllys	GENNAME_DNSNAME,
24499ebb4cwyllys	GENNAME_X400ADDRESS,
24599ebb4cwyllys	GENNAME_DIRECTORYNAME,
24699ebb4cwyllys	GENNAME_EDIPARTYNAME,
24799ebb4cwyllys	GENNAME_URI,
24899ebb4cwyllys	GENNAME_IPADDRESS,
249d00756cwyllys	GENNAME_REGISTEREDID,
250d00756cwyllys	GENNAME_KRB5PRINC,
251d00756cwyllys	GENNAME_SCLOGON_UPN
25299ebb4cwyllys} KMF_GENERALNAMECHOICES;
25399ebb4cwyllys
25499ebb4cwyllys/*
25599ebb4cwyllys * KMF_FIELD
25699ebb4cwyllys * This structure contains the OID/value pair for any item that can be
25799ebb4cwyllys * identified by an OID.
25899ebb4cwyllys */
25999ebb4cwyllystypedef struct
26099ebb4cwyllys{
26199ebb4cwyllys	KMF_OID		FieldOid;
26299ebb4cwyllys	KMF_DATA	FieldValue;
26399ebb4cwyllys} KMF_FIELD;
26499ebb4cwyllys
26599ebb4cwyllystypedef enum {
26699ebb4cwyllys	KMF_OK			= 0x00,
26799ebb4cwyllys	KMF_ERR_BAD_PARAMETER	= 0x01,
26899ebb4cwyllys	KMF_ERR_BAD_KEY_FORMAT	= 0x02,
26999ebb4cwyllys	KMF_ERR_BAD_ALGORITHM	= 0x03,
27099ebb4cwyllys	KMF_ERR_MEMORY		= 0x04,
27199ebb4cwyllys	KMF_ERR_ENCODING	= 0x05,
27299ebb4cwyllys	KMF_ERR_PLUGIN_INIT	= 0x06,
27399ebb4cwyllys	KMF_ERR_PLUGIN_NOTFOUND	= 0x07,
27499ebb4cwyllys	KMF_ERR_INTERNAL	= 0x0b,
27599ebb4cwyllys	KMF_ERR_BAD_CERT_FORMAT	= 0x0c,
27699ebb4cwyllys	KMF_ERR_KEYGEN_FAILED	= 0x0d,
27799ebb4cwyllys	KMF_ERR_UNINITIALIZED	= 0x10,
27899ebb4cwyllys	KMF_ERR_ISSUER		= 0x11,
27999ebb4cwyllys	KMF_ERR_NOT_REVOKED	= 0x12,
28099ebb4cwyllys	KMF_ERR_CERT_NOT_FOUND	= 0x13,
28199ebb4cwyllys	KMF_ERR_CRL_NOT_FOUND	= 0x14,
28299ebb4cwyllys	KMF_ERR_RDN_PARSER	= 0x15,
28399ebb4cwyllys	KMF_ERR_RDN_ATTR	= 0x16,
28499ebb4cwyllys	KMF_ERR_SLOTNAME	= 0x17,
28599ebb4cwyllys	KMF_ERR_EMPTY_CRL	= 0x18,
28699ebb4cwyllys	KMF_ERR_BUFFER_SIZE	= 0x19,
28799ebb4cwyllys	KMF_ERR_AUTH_FAILED	= 0x1a,
28899ebb4cwyllys	KMF_ERR_TOKEN_SELECTED	= 0x1b,
28999ebb4cwyllys	KMF_ERR_NO_TOKEN_SELECTED	= 0x1c,
29099ebb4cwyllys	KMF_ERR_TOKEN_NOT_PRESENT	= 0x1d,
29199ebb4cwyllys	KMF_ERR_EXTENSION_NOT_FOUND	= 0x1e,
29299ebb4cwyllys	KMF_ERR_POLICY_ENGINE		= 0x1f,
29399ebb4cwyllys	KMF_ERR_POLICY_DB_FORMAT	= 0x20,
29499ebb4cwyllys	KMF_ERR_POLICY_NOT_FOUND	= 0x21,
29599ebb4cwyllys	KMF_ERR_POLICY_DB_FILE		= 0x22,
29699ebb4cwyllys	KMF_ERR_POLICY_NAME		= 0x23,
29799ebb4cwyllys	KMF_ERR_OCSP_POLICY		= 0x24,
29899ebb4cwyllys	KMF_ERR_TA_POLICY		= 0x25,
29999ebb4cwyllys	KMF_ERR_KEY_NOT_FOUND		= 0x26,
30099ebb4cwyllys	KMF_ERR_OPEN_FILE		= 0x27,
30199ebb4cwyllys	KMF_ERR_OCSP_BAD_ISSUER		= 0x28,
30299ebb4cwyllys	KMF_ERR_OCSP_BAD_CERT		= 0x29,
30399ebb4cwyllys	KMF_ERR_OCSP_CREATE_REQUEST	= 0x2a,
30499ebb4cwyllys	KMF_ERR_CONNECT_SERVER		= 0x2b,
30599ebb4cwyllys	KMF_ERR_SEND_REQUEST		= 0x2c,
30699ebb4cwyllys	KMF_ERR_OCSP_CERTID		= 0x2d,
30799ebb4cwyllys	KMF_ERR_OCSP_MALFORMED_RESPONSE	= 0x2e,
30899ebb4cwyllys	KMF_ERR_OCSP_RESPONSE_STATUS	= 0x2f,
30999ebb4cwyllys	KMF_ERR_OCSP_NO_BASIC_RESPONSE	= 0x30,
31099ebb4cwyllys	KMF_ERR_OCSP_BAD_SIGNER		= 0x31,
311431deaahylee
31299ebb4cwyllys	KMF_ERR_OCSP_RESPONSE_SIGNATURE	= 0x32,
31399ebb4cwyllys	KMF_ERR_OCSP_UNKNOWN_CERT	= 0x33,
31499ebb4cwyllys	KMF_ERR_OCSP_STATUS_TIME_INVALID	= 0x34,
31599ebb4cwyllys	KMF_ERR_BAD_HTTP_RESPONSE	= 0x35,
31699ebb4cwyllys	KMF_ERR_RECV_RESPONSE		= 0x36,
31799ebb4cwyllys	KMF_ERR_RECV_TIMEOUT		= 0x37,
31899ebb4cwyllys	KMF_ERR_DUPLICATE_KEYFILE	= 0x38,
31999ebb4cwyllys	KMF_ERR_AMBIGUOUS_PATHNAME	= 0x39,
32099ebb4cwyllys	KMF_ERR_FUNCTION_NOT_FOUND	= 0x3a,
32199ebb4cwyllys	KMF_ERR_PKCS12_FORMAT		= 0x3b,
32299ebb4cwyllys	KMF_ERR_BAD_KEY_TYPE		= 0x3c,
32399ebb4cwyllys	KMF_ERR_BAD_KEY_CLASS		= 0x3d,
32499ebb4cwyllys	KMF_ERR_BAD_KEY_SIZE		= 0x3e,
32599ebb4cwyllys	KMF_ERR_BAD_HEX_STRING		= 0x3f,
32699ebb4cwyllys	KMF_ERR_KEYUSAGE		= 0x40,
32799ebb4cwyllys	KMF_ERR_VALIDITY_PERIOD		= 0x41,
32899ebb4cwyllys	KMF_ERR_OCSP_REVOKED		= 0x42,
32999ebb4cwyllys	KMF_ERR_CERT_MULTIPLE_FOUND	= 0x43,
33099ebb4cwyllys	KMF_ERR_WRITE_FILE		= 0x44,
33199ebb4cwyllys	KMF_ERR_BAD_URI			= 0x45,
33299ebb4cwyllys	KMF_ERR_BAD_CRLFILE		= 0x46,
33399ebb4cwyllys	KMF_ERR_BAD_CERTFILE		= 0x47,
33499ebb4cwyllys	KMF_ERR_GETKEYVALUE_FAILED	= 0x48,
33599ebb4cwyllys	KMF_ERR_BAD_KEYHANDLE		= 0x49,
33699ebb4cwyllys	KMF_ERR_BAD_OBJECT_TYPE		= 0x4a,
33799ebb4cwyllys	KMF_ERR_OCSP_RESPONSE_LIFETIME	= 0x4b,
33899ebb4cwyllys	KMF_ERR_UNKNOWN_CSR_ATTRIBUTE	= 0x4c,
33999ebb4cwyllys	KMF_ERR_UNINITIALIZED_TOKEN	= 0x4d,
34099ebb4cwyllys	KMF_ERR_INCOMPLETE_TBS_CERT	= 0x4e,
34199ebb4cwyllys	KMF_ERR_MISSING_ERRCODE		= 0x4f,
34271593dbwyllys	KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50,
34371593dbwyllys	KMF_ERR_SENSITIVE_KEY		= 0x51,
34471593dbwyllys	KMF_ERR_UNEXTRACTABLE_KEY	= 0x52,
34530a5e8fwyllys	KMF_ERR_KEY_MISMATCH		= 0x53,
346431deaahylee	KMF_ERR_ATTR_NOT_FOUND		= 0x54,
347269e59fJan Pechanec	KMF_ERR_KMF_CONF		= 0x55,
348269e59fJan Pechanec	KMF_ERR_NAME_NOT_MATCHED	= 0x56,
349269e59fJan Pechanec	KMF_ERR_MAPPER_OPEN		= 0x57,
350269e59fJan Pechanec	KMF_ERR_MAPPER_NOT_FOUND	= 0x58,
351fc2613bWyllys Ingersoll	KMF_ERR_MAPPING_FAILED		= 0x59,
352fc2613bWyllys Ingersoll	KMF_ERR_CERT_VALIDATION		= 0x60
35399ebb4cwyllys} KMF_RETURN;
35499ebb4cwyllys
35530a5e8fwyllys/* Data structures for OCSP support */
35630a5e8fwyllystypedef enum {
35730a5e8fwyllys	OCSP_GOOD	= 0,
35830a5e8fwyllys	OCSP_REVOKED	= 1,
35930a5e8fwyllys	OCSP_UNKNOWN	= 2
36030a5e8fwyllys} KMF_OCSP_CERT_STATUS;
36130a5e8fwyllys
36299ebb4cwyllystypedef enum {
36399ebb4cwyllys	OCSP_SUCCESS 		= 0,
36499ebb4cwyllys	OCSP_MALFORMED_REQUEST	= 1,
36599ebb4cwyllys	OCSP_INTERNAL_ERROR	= 2,
36699ebb4cwyllys	OCSP_TRYLATER		= 3,
36799ebb4cwyllys	OCSP_SIGREQUIRED	= 4,
36899ebb4cwyllys	OCSP_UNAUTHORIZED	= 5
36999ebb4cwyllys} KMF_OCSP_RESPONSE_STATUS;
37099ebb4cwyllys
37199ebb4cwyllystypedef enum {
37299ebb4cwyllys	OCSP_NOSTATUS		= -1,
37399ebb4cwyllys	OCSP_UNSPECIFIED	= 0,
37499ebb4cwyllys	OCSP_KEYCOMPROMISE	= 1,
37599ebb4cwyllys	OCSP_CACOMPROMISE	= 2,
37699ebb4cwyllys	OCSP_AFFILIATIONCHANGE	= 3,
37799ebb4cwyllys	OCSP_SUPERCEDED		= 4,
37899ebb4cwyllys	OCSP_CESSATIONOFOPERATION = 5,
37999ebb4cwyllys	OCSP_CERTIFICATEHOLD	= 6,
38099ebb4cwyllys	OCSP_REMOVEFROMCRL	= 7
38199ebb4cwyllys} KMF_OCSP_REVOKED_STATUS;
38299ebb4cwyllys
38399ebb4cwyllystypedef enum {
38499ebb4cwyllys	KMF_CERT_ISSUER		= 1,
38599ebb4cwyllys	KMF_CERT_SUBJECT,
38699ebb4cwyllys	KMF_CERT_VERSION,
38799ebb4cwyllys	KMF_CERT_SERIALNUM,
38899ebb4cwyllys	KMF_CERT_NOTBEFORE,
38999ebb4cwyllys	KMF_CERT_NOTAFTER,
39099ebb4cwyllys	KMF_CERT_PUBKEY_ALG,
39199ebb4cwyllys	KMF_CERT_SIGNATURE_ALG,
39299ebb4cwyllys	KMF_CERT_EMAIL,
39399ebb4cwyllys	KMF_CERT_PUBKEY_DATA,
39499ebb4cwyllys	KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD,
39599ebb4cwyllys	KMF_X509_EXT_CERT_POLICIES,
39699ebb4cwyllys	KMF_X509_EXT_SUBJ_ALTNAME,
39799ebb4cwyllys	KMF_X509_EXT_ISSUER_ALTNAME,
39899ebb4cwyllys	KMF_X509_EXT_BASIC_CONSTRAINTS,
39999ebb4cwyllys	KMF_X509_EXT_NAME_CONSTRAINTS,
40099ebb4cwyllys	KMF_X509_EXT_POLICY_CONSTRAINTS,
40199ebb4cwyllys	KMF_X509_EXT_EXT_KEY_USAGE,
40299ebb4cwyllys	KMF_X509_EXT_INHIBIT_ANY_POLICY,
40399ebb4cwyllys	KMF_X509_EXT_AUTH_KEY_ID,
40499ebb4cwyllys	KMF_X509_EXT_SUBJ_KEY_ID,
40599ebb4cwyllys	KMF_X509_EXT_POLICY_MAPPINGS,
40699ebb4cwyllys	KMF_X509_EXT_CRL_DIST_POINTS,
40799ebb4cwyllys	KMF_X509_EXT_FRESHEST_CRL,
40899ebb4cwyllys	KMF_X509_EXT_KEY_USAGE
40999ebb4cwyllys} KMF_PRINTABLE_ITEM;
41099ebb4cwyllys
41199ebb4cwyllys/*
41299ebb4cwyllys * KMF_X509_ALGORITHM_IDENTIFIER
41399ebb4cwyllys * This structure holds an object identifier naming a
41499ebb4cwyllys * cryptographic algorithm and an optional set of
41599ebb4cwyllys * parameters to be used as input to that algorithm.
41699ebb4cwyllys */
41799ebb4cwyllystypedef struct
41899ebb4cwyllys{
41999ebb4cwyllys	KMF_OID algorithm;
42099ebb4cwyllys	KMF_DATA parameters;
42199ebb4cwyllys} KMF_X509_ALGORITHM_IDENTIFIER;
42299ebb4cwyllys
42399ebb4cwyllys/*
42499ebb4cwyllys * KMF_X509_TYPE_VALUE_PAIR
42599ebb4cwyllys * This structure contain an type-value pair.
42699ebb4cwyllys */
42799ebb4cwyllystypedef struct
42899ebb4cwyllys{
42999ebb4cwyllys	KMF_OID type;
43099ebb4cwyllys	uint8_t valueType; /* The Tag to use when BER encoded */
43199ebb4cwyllys	KMF_DATA value;
43299ebb4cwyllys} KMF_X509_TYPE_VALUE_PAIR;
43399ebb4cwyllys
43499ebb4cwyllys
43599ebb4cwyllys/*
43699ebb4cwyllys * KMF_X509_RDN
43799ebb4cwyllys * This structure contains a Relative Distinguished Name
43899ebb4cwyllys * composed of an ordered set of type-value pairs.
43999ebb4cwyllys */
44099ebb4cwyllystypedef struct
44199ebb4cwyllys{
44299ebb4cwyllys	uint32_t			numberOfPairs;
44399ebb4cwyllys	KMF_X509_TYPE_VALUE_PAIR	*AttributeTypeAndValue;
44499ebb4cwyllys} KMF_X509_RDN;
44599ebb4cwyllys
44699ebb4cwyllys/*
44799ebb4cwyllys * KMF_X509_NAME
44899ebb4cwyllys * This structure contains a set of Relative Distinguished Names.
44999ebb4cwyllys */
45099ebb4cwyllystypedef struct
45199ebb4cwyllys{
45299ebb4cwyllys	uint32_t numberOfRDNs;
45399ebb4cwyllys	KMF_X509_RDN	*RelativeDistinguishedName;
45499ebb4cwyllys} KMF_X509_NAME;
45599ebb4cwyllys
45699ebb4cwyllys/*
45799ebb4cwyllys * KMF_X509_SPKI
45899ebb4cwyllys * This structure contains the public key and the
45999ebb4cwyllys * description of the verification algorithm
46099ebb4cwyllys * appropriate for use with this key.
46199ebb4cwyllys */
46299ebb4cwyllystypedef struct
46399ebb4cwyllys{
46499ebb4cwyllys	KMF_X509_ALGORITHM_IDENTIFIER algorithm;
46599ebb4cwyllys	KMF_DATA subjectPublicKey;
46699ebb4cwyllys} KMF_X509_SPKI;
46799ebb4cwyllys
46899ebb4cwyllys/*
46999ebb4cwyllys * KMF_X509_TIME
47099ebb4cwyllys * Time is represented as a string according to the
47199ebb4cwyllys * definitions of GeneralizedTime and UTCTime
47299ebb4cwyllys * defined in RFC 2459.
47399ebb4cwyllys */
47499ebb4cwyllystypedef struct
47599ebb4cwyllys{
47699ebb4cwyllys	uint8_t timeType;
47799ebb4cwyllys	KMF_DATA time;
47899ebb4cwyllys} KMF_X509_TIME;
47999ebb4cwyllys
48099ebb4cwyllys/*
48199ebb4cwyllys * KMF_X509_VALIDITY
48299ebb4cwyllys */
48399ebb4cwyllystypedef struct
48499ebb4cwyllys{
48599ebb4cwyllys	KMF_X509_TIME notBefore;
48699ebb4cwyllys	KMF_X509_TIME notAfter;
48799ebb4cwyllys} KMF_X509_VALIDITY;
48899ebb4cwyllys
48999ebb4cwyllys/*
49099ebb4cwyllys *   KMF_X509EXT_BASICCONSTRAINTS
49199ebb4cwyllys */
49299ebb4cwyllystypedef struct
49399ebb4cwyllys{
49499ebb4cwyllys	KMF_BOOL cA;
49599ebb4cwyllys	KMF_BOOL pathLenConstraintPresent;
49699ebb4cwyllys	uint32_t pathLenConstraint;
49799ebb4cwyllys} KMF_X509EXT_BASICCONSTRAINTS;
49899ebb4cwyllys
49999ebb4cwyllys/*
50099ebb4cwyllys * KMF_X509EXT_DATA_FORMAT
50199ebb4cwyllys * This list defines the valid formats for a certificate extension.
50299ebb4cwyllys */
50399ebb4cwyllystypedef enum
50499ebb4cwyllys{
50599ebb4cwyllys	KMF_X509_DATAFORMAT_ENCODED = 0,
50699ebb4cwyllys	KMF_X509_DATAFORMAT_PARSED,
50799ebb4cwyllys	KMF_X509_DATAFORMAT_PAIR
50899ebb4cwyllys} KMF_X509EXT_DATA_FORMAT;
50999ebb4cwyllys
51099ebb4cwyllys
51199ebb4cwyllys/*
51299ebb4cwyllys * KMF_X509EXT_TAGandVALUE
51399ebb4cwyllys * This structure contains a BER/DER encoded
51499ebb4cwyllys * extension value and the type of that value.
51599ebb4cwyllys */
51699ebb4cwyllystypedef struct
51799ebb4cwyllys{
51899ebb4cwyllys	uint8_t type;
51999ebb4cwyllys	KMF_DATA value;
52099ebb4cwyllys} KMF_X509EXT_TAGandVALUE;
52199ebb4cwyllys
52299ebb4cwyllys
52399ebb4cwyllys/*
52499ebb4cwyllys * KMF_X509EXT_PAIR
52599ebb4cwyllys * This structure aggregates two extension representations:
52699ebb4cwyllys * a tag and value, and a parsed X509 extension representation.
52799ebb4cwyllys */
52899ebb4cwyllystypedef struct
52999ebb4cwyllys{
53099ebb4cwyllys	KMF_X509EXT_TAGandVALUE tagAndValue;
53199ebb4cwyllys	void *parsedValue;
53299ebb4cwyllys} KMF_X509EXT_PAIR;
53399ebb4cwyllys
53499ebb4cwyllys/*
53599ebb4cwyllys * KMF_X509_EXTENSION
53699ebb4cwyllys * This structure contains a complete certificate extension.
53799ebb4cwyllys */
53899ebb4cwyllystypedef struct
53999ebb4cwyllys{
54099ebb4cwyllys	KMF_OID extnId;
54199ebb4cwyllys	KMF_BOOL critical;
54299ebb4cwyllys	KMF_X509EXT_DATA_FORMAT format;
54399ebb4cwyllys	union
54499ebb4cwyllys	{
54599ebb4cwyllys		KMF_X509EXT_TAGandVALUE *tagAndValue;
54699ebb4cwyllys		void *parsedValue;
54799ebb4cwyllys		KMF_X509EXT_PAIR *valuePair;
54899ebb4cwyllys	} value;
54999ebb4cwyllys	KMF_DATA BERvalue;
55099ebb4cwyllys} KMF_X509_EXTENSION;
55199ebb4cwyllys
55299ebb4cwyllys
55399ebb4cwyllys/*
55499ebb4cwyllys * KMF_X509_EXTENSIONS
55599ebb4cwyllys * This structure contains the set of all certificate
55699ebb4cwyllys * extensions contained in a certificate.
55799ebb4cwyllys */
55899ebb4cwyllystypedef struct
559