199ebb4caSwyllys /* 29a767088Shaimay * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. 399ebb4caSwyllys */ 499ebb4caSwyllys /* 571593db2Swyllys * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 699ebb4caSwyllys * Use is subject to license terms. 799ebb4caSwyllys */ 899ebb4caSwyllys 999ebb4caSwyllys #ifndef _KMFTYPES_H 1099ebb4caSwyllys #define _KMFTYPES_H 1199ebb4caSwyllys 1299ebb4caSwyllys #pragma ident "%Z%%M% %I% %E% SMI" 1399ebb4caSwyllys 1499ebb4caSwyllys #include <sys/types.h> 1599ebb4caSwyllys #include <stdlib.h> 1699ebb4caSwyllys #include <strings.h> 1799ebb4caSwyllys #include <pthread.h> 1899ebb4caSwyllys 1999ebb4caSwyllys #include <security/cryptoki.h> 2099ebb4caSwyllys 2199ebb4caSwyllys #ifdef __cplusplus 2299ebb4caSwyllys extern "C" { 2399ebb4caSwyllys #endif 2499ebb4caSwyllys 2599ebb4caSwyllys typedef uint32_t KMF_BOOL; 2699ebb4caSwyllys 2799ebb4caSwyllys #define KMF_FALSE (0) 2899ebb4caSwyllys #define KMF_TRUE (1) 2999ebb4caSwyllys 3099ebb4caSwyllys /* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */ 3199ebb4caSwyllys typedef struct _kmf_handle *KMF_HANDLE_T; 3299ebb4caSwyllys 3399ebb4caSwyllys /* 3499ebb4caSwyllys * KMF_DATA 3599ebb4caSwyllys * The KMF_DATA structure is used to associate a length, in bytes, with 3699ebb4caSwyllys * an arbitrary block of contiguous memory. 3799ebb4caSwyllys */ 3899ebb4caSwyllys typedef struct kmf_data 3999ebb4caSwyllys { 4099ebb4caSwyllys size_t Length; /* in bytes */ 4199ebb4caSwyllys uchar_t *Data; 4299ebb4caSwyllys } KMF_DATA; 4399ebb4caSwyllys 4499ebb4caSwyllys typedef struct { 4599ebb4caSwyllys uchar_t *val; 4699ebb4caSwyllys size_t len; 4799ebb4caSwyllys } KMF_BIGINT; 4899ebb4caSwyllys 4999ebb4caSwyllys /* 5099ebb4caSwyllys * KMF_OID 5199ebb4caSwyllys * The object identifier (OID) structure is used to hold a unique identifier for 5299ebb4caSwyllys * the atomic data fields and the compound substructure that comprise the fields 5399ebb4caSwyllys * of a certificate or CRL. 5499ebb4caSwyllys */ 5599ebb4caSwyllys typedef KMF_DATA KMF_OID; 5699ebb4caSwyllys 5799ebb4caSwyllys typedef struct kmf_x509_private { 5899ebb4caSwyllys int keystore_type; 5999ebb4caSwyllys int flags; /* see below */ 6099ebb4caSwyllys char *label; 6199ebb4caSwyllys #define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */ 6299ebb4caSwyllys #define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */ 6330a5e8faSwyllys } KMF_X509_PRIVATE; 6499ebb4caSwyllys 6599ebb4caSwyllys /* 6699ebb4caSwyllys * KMF_X509_DER_CERT 6799ebb4caSwyllys * This structure associates packed DER certificate data. 6899ebb4caSwyllys * Also, it contains the private information internal used 6999ebb4caSwyllys * by KMF layer. 7099ebb4caSwyllys */ 7199ebb4caSwyllys typedef struct 7299ebb4caSwyllys { 7399ebb4caSwyllys KMF_DATA certificate; 7499ebb4caSwyllys KMF_X509_PRIVATE kmf_private; 7599ebb4caSwyllys } KMF_X509_DER_CERT; 7699ebb4caSwyllys 7799ebb4caSwyllys typedef enum { 7899ebb4caSwyllys KMF_KEYSTORE_NSS = 1, 7999ebb4caSwyllys KMF_KEYSTORE_OPENSSL = 2, 8099ebb4caSwyllys KMF_KEYSTORE_PK11TOKEN = 3, 8199ebb4caSwyllys KMF_KEYSTORE_DEFAULT /* based on configuration */ 8299ebb4caSwyllys } KMF_KEYSTORE_TYPE; 8399ebb4caSwyllys 8499ebb4caSwyllys #define VALID_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\ 8599ebb4caSwyllys (t <= KMF_KEYSTORE_PK11TOKEN)) 8699ebb4caSwyllys 8799ebb4caSwyllys typedef enum { 8899ebb4caSwyllys KMF_FORMAT_UNDEF = 0, 8999ebb4caSwyllys KMF_FORMAT_ASN1 = 1, /* DER */ 9099ebb4caSwyllys KMF_FORMAT_PEM = 2, 9199ebb4caSwyllys KMF_FORMAT_PKCS12 = 3, 9271593db2Swyllys KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */ 9371593db2Swyllys KMF_FORMAT_PEM_KEYPAIR = 5 9499ebb4caSwyllys } KMF_ENCODE_FORMAT; 9530a5e8faSwyllys 9671593db2Swyllys #define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF 9799ebb4caSwyllys 9899ebb4caSwyllys typedef enum { 9999ebb4caSwyllys KMF_ALL_CERTS = 0, 10099ebb4caSwyllys KMF_NONEXPIRED_CERTS = 1, 10199ebb4caSwyllys KMF_EXPIRED_CERTS = 2 10299ebb4caSwyllys } KMF_CERT_VALIDITY; 10399ebb4caSwyllys 10430a5e8faSwyllys 10530a5e8faSwyllys typedef enum { 10630a5e8faSwyllys KMF_ALL_EXTNS = 0, 10730a5e8faSwyllys KMF_CRITICAL_EXTNS = 1, 10830a5e8faSwyllys KMF_NONCRITICAL_EXTNS = 2 10930a5e8faSwyllys } KMF_FLAG_CERT_EXTN; 11030a5e8faSwyllys 11130a5e8faSwyllys 11299ebb4caSwyllys typedef enum { 11399ebb4caSwyllys KMF_KU_SIGN_CERT = 0, 11499ebb4caSwyllys KMF_KU_SIGN_DATA = 1, 11599ebb4caSwyllys KMF_KU_ENCRYPT_DATA = 2 11699ebb4caSwyllys } KMF_KU_PURPOSE; 11799ebb4caSwyllys 11802744e81Swyllys /* 11902744e81Swyllys * Algorithms 12002744e81Swyllys * This type defines a set of constants used to identify cryptographic 12102744e81Swyllys * algorithms. 12202744e81Swyllys */ 12302744e81Swyllys typedef enum { 12402744e81Swyllys KMF_ALGID_NONE = 0, 12502744e81Swyllys KMF_ALGID_CUSTOM, 12602744e81Swyllys KMF_ALGID_SHA1, 12702744e81Swyllys KMF_ALGID_RSA, 12802744e81Swyllys KMF_ALGID_DSA, 12902744e81Swyllys KMF_ALGID_MD5WithRSA, 13002744e81Swyllys KMF_ALGID_MD2WithRSA, 13102744e81Swyllys KMF_ALGID_SHA1WithRSA, 13202744e81Swyllys KMF_ALGID_SHA1WithDSA 13302744e81Swyllys } KMF_ALGORITHM_INDEX; 13499ebb4caSwyllys 13599ebb4caSwyllys 13699ebb4caSwyllys /* 13799ebb4caSwyllys * Generic credential structure used by other structures below 13899ebb4caSwyllys * to convey authentication information to the underlying 13999ebb4caSwyllys * mechanisms. 14099ebb4caSwyllys */ 14199ebb4caSwyllys typedef struct { 14299ebb4caSwyllys char *cred; 14399ebb4caSwyllys uint32_t credlen; 14499ebb4caSwyllys } KMF_CREDENTIAL; 14599ebb4caSwyllys 14699ebb4caSwyllys typedef enum { 14799ebb4caSwyllys KMF_KEYALG_NONE = 0, 14899ebb4caSwyllys KMF_RSA = 1, 14999ebb4caSwyllys KMF_DSA = 2, 15099ebb4caSwyllys KMF_AES = 3, 15199ebb4caSwyllys KMF_RC4 = 4, 15299ebb4caSwyllys KMF_DES = 5, 153c197cb9dShylee KMF_DES3 = 6, 154c197cb9dShylee KMF_GENERIC_SECRET = 7 15599ebb4caSwyllys }KMF_KEY_ALG; 15699ebb4caSwyllys 15799ebb4caSwyllys typedef enum { 15899ebb4caSwyllys KMF_KEYCLASS_NONE = 0, 15999ebb4caSwyllys KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */ 16099ebb4caSwyllys KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */ 16199ebb4caSwyllys KMF_SYMMETRIC = 3 /* symmetric key */ 16299ebb4caSwyllys }KMF_KEY_CLASS; 16399ebb4caSwyllys 16499ebb4caSwyllys 16599ebb4caSwyllys typedef enum { 16699ebb4caSwyllys KMF_CERT = 0, 16799ebb4caSwyllys KMF_CSR = 1, 16899ebb4caSwyllys KMF_CRL = 2 16999ebb4caSwyllys }KMF_OBJECT_TYPE; 17099ebb4caSwyllys 17199ebb4caSwyllys 17299ebb4caSwyllys typedef struct { 17399ebb4caSwyllys KMF_BIGINT mod; 17499ebb4caSwyllys KMF_BIGINT pubexp; 17599ebb4caSwyllys KMF_BIGINT priexp; 17699ebb4caSwyllys KMF_BIGINT prime1; 17799ebb4caSwyllys KMF_BIGINT prime2; 17899ebb4caSwyllys KMF_BIGINT exp1; 17999ebb4caSwyllys KMF_BIGINT exp2; 18099ebb4caSwyllys KMF_BIGINT coef; 18199ebb4caSwyllys } KMF_RAW_RSA_KEY; 18299ebb4caSwyllys 18399ebb4caSwyllys typedef struct { 18499ebb4caSwyllys KMF_BIGINT prime; 18599ebb4caSwyllys KMF_BIGINT subprime; 18699ebb4caSwyllys KMF_BIGINT base; 18799ebb4caSwyllys KMF_BIGINT value; 18830a5e8faSwyllys KMF_BIGINT pubvalue; 18999ebb4caSwyllys } KMF_RAW_DSA_KEY; 19099ebb4caSwyllys 19199ebb4caSwyllys typedef struct { 19299ebb4caSwyllys KMF_BIGINT keydata; 19399ebb4caSwyllys } KMF_RAW_SYM_KEY; 19499ebb4caSwyllys 19599ebb4caSwyllys typedef struct { 19630a5e8faSwyllys KMF_KEY_ALG keytype; 19730a5e8faSwyllys boolean_t sensitive; 19830a5e8faSwyllys boolean_t not_extractable; 19999ebb4caSwyllys union { 20099ebb4caSwyllys KMF_RAW_RSA_KEY rsa; 20199ebb4caSwyllys KMF_RAW_DSA_KEY dsa; 20299ebb4caSwyllys KMF_RAW_SYM_KEY sym; 20399ebb4caSwyllys }rawdata; 204*5b3e1433Swyllys char *label; 205*5b3e1433Swyllys KMF_DATA id; 20699ebb4caSwyllys } KMF_RAW_KEY_DATA; 20799ebb4caSwyllys 20899ebb4caSwyllys typedef struct { 20999ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 21099ebb4caSwyllys KMF_KEY_ALG keyalg; 21199ebb4caSwyllys KMF_KEY_CLASS keyclass; 21299ebb4caSwyllys boolean_t israw; 21399ebb4caSwyllys char *keylabel; 21499ebb4caSwyllys void *keyp; 21599ebb4caSwyllys } KMF_KEY_HANDLE; 21699ebb4caSwyllys 21799ebb4caSwyllys typedef struct { 21899ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 21999ebb4caSwyllys uint32_t errcode; 22099ebb4caSwyllys } KMF_ERROR; 22199ebb4caSwyllys 22299ebb4caSwyllys /* 22399ebb4caSwyllys * Typenames to use with subjectAltName 22499ebb4caSwyllys */ 22599ebb4caSwyllys typedef enum { 22699ebb4caSwyllys GENNAME_OTHERNAME = 0x00, 22799ebb4caSwyllys GENNAME_RFC822NAME, 22899ebb4caSwyllys GENNAME_DNSNAME, 22999ebb4caSwyllys GENNAME_X400ADDRESS, 23099ebb4caSwyllys GENNAME_DIRECTORYNAME, 23199ebb4caSwyllys GENNAME_EDIPARTYNAME, 23299ebb4caSwyllys GENNAME_URI, 23399ebb4caSwyllys GENNAME_IPADDRESS, 23499ebb4caSwyllys GENNAME_REGISTEREDID 23599ebb4caSwyllys } KMF_GENERALNAMECHOICES; 23699ebb4caSwyllys 23799ebb4caSwyllys /* 23899ebb4caSwyllys * KMF_FIELD 23999ebb4caSwyllys * This structure contains the OID/value pair for any item that can be 24099ebb4caSwyllys * identified by an OID. 24199ebb4caSwyllys */ 24299ebb4caSwyllys typedef struct 24399ebb4caSwyllys { 24499ebb4caSwyllys KMF_OID FieldOid; 24599ebb4caSwyllys KMF_DATA FieldValue; 24699ebb4caSwyllys } KMF_FIELD; 24799ebb4caSwyllys 24899ebb4caSwyllys typedef enum { 24999ebb4caSwyllys KMF_OK = 0x00, 25099ebb4caSwyllys KMF_ERR_BAD_PARAMETER = 0x01, 25199ebb4caSwyllys KMF_ERR_BAD_KEY_FORMAT = 0x02, 25299ebb4caSwyllys KMF_ERR_BAD_ALGORITHM = 0x03, 25399ebb4caSwyllys KMF_ERR_MEMORY = 0x04, 25499ebb4caSwyllys KMF_ERR_ENCODING = 0x05, 25599ebb4caSwyllys KMF_ERR_PLUGIN_INIT = 0x06, 25699ebb4caSwyllys KMF_ERR_PLUGIN_NOTFOUND = 0x07, 25799ebb4caSwyllys KMF_ERR_INTERNAL = 0x0b, 25899ebb4caSwyllys KMF_ERR_BAD_CERT_FORMAT = 0x0c, 25999ebb4caSwyllys KMF_ERR_KEYGEN_FAILED = 0x0d, 26099ebb4caSwyllys KMF_ERR_UNINITIALIZED = 0x10, 26199ebb4caSwyllys KMF_ERR_ISSUER = 0x11, 26299ebb4caSwyllys KMF_ERR_NOT_REVOKED = 0x12, 26399ebb4caSwyllys KMF_ERR_CERT_NOT_FOUND = 0x13, 26499ebb4caSwyllys KMF_ERR_CRL_NOT_FOUND = 0x14, 26599ebb4caSwyllys KMF_ERR_RDN_PARSER = 0x15, 26699ebb4caSwyllys KMF_ERR_RDN_ATTR = 0x16, 26799ebb4caSwyllys KMF_ERR_SLOTNAME = 0x17, 26899ebb4caSwyllys KMF_ERR_EMPTY_CRL = 0x18, 26999ebb4caSwyllys KMF_ERR_BUFFER_SIZE = 0x19, 27099ebb4caSwyllys KMF_ERR_AUTH_FAILED = 0x1a, 27199ebb4caSwyllys KMF_ERR_TOKEN_SELECTED = 0x1b, 27299ebb4caSwyllys KMF_ERR_NO_TOKEN_SELECTED = 0x1c, 27399ebb4caSwyllys KMF_ERR_TOKEN_NOT_PRESENT = 0x1d, 27499ebb4caSwyllys KMF_ERR_EXTENSION_NOT_FOUND = 0x1e, 27599ebb4caSwyllys KMF_ERR_POLICY_ENGINE = 0x1f, 27699ebb4caSwyllys KMF_ERR_POLICY_DB_FORMAT = 0x20, 27799ebb4caSwyllys KMF_ERR_POLICY_NOT_FOUND = 0x21, 27899ebb4caSwyllys KMF_ERR_POLICY_DB_FILE = 0x22, 27999ebb4caSwyllys KMF_ERR_POLICY_NAME = 0x23, 28099ebb4caSwyllys KMF_ERR_OCSP_POLICY = 0x24, 28199ebb4caSwyllys KMF_ERR_TA_POLICY = 0x25, 28299ebb4caSwyllys KMF_ERR_KEY_NOT_FOUND = 0x26, 28399ebb4caSwyllys KMF_ERR_OPEN_FILE = 0x27, 28499ebb4caSwyllys KMF_ERR_OCSP_BAD_ISSUER = 0x28, 28599ebb4caSwyllys KMF_ERR_OCSP_BAD_CERT = 0x29, 28699ebb4caSwyllys KMF_ERR_OCSP_CREATE_REQUEST = 0x2a, 28799ebb4caSwyllys KMF_ERR_CONNECT_SERVER = 0x2b, 28899ebb4caSwyllys KMF_ERR_SEND_REQUEST = 0x2c, 28999ebb4caSwyllys KMF_ERR_OCSP_CERTID = 0x2d, 29099ebb4caSwyllys KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e, 29199ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f, 29299ebb4caSwyllys KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30, 29399ebb4caSwyllys KMF_ERR_OCSP_BAD_SIGNER = 0x31, 29499ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32, 29599ebb4caSwyllys KMF_ERR_OCSP_UNKNOWN_CERT = 0x33, 29699ebb4caSwyllys KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34, 29799ebb4caSwyllys KMF_ERR_BAD_HTTP_RESPONSE = 0x35, 29899ebb4caSwyllys KMF_ERR_RECV_RESPONSE = 0x36, 29999ebb4caSwyllys KMF_ERR_RECV_TIMEOUT = 0x37, 30099ebb4caSwyllys KMF_ERR_DUPLICATE_KEYFILE = 0x38, 30199ebb4caSwyllys KMF_ERR_AMBIGUOUS_PATHNAME = 0x39, 30299ebb4caSwyllys KMF_ERR_FUNCTION_NOT_FOUND = 0x3a, 30399ebb4caSwyllys KMF_ERR_PKCS12_FORMAT = 0x3b, 30499ebb4caSwyllys KMF_ERR_BAD_KEY_TYPE = 0x3c, 30599ebb4caSwyllys KMF_ERR_BAD_KEY_CLASS = 0x3d, 30699ebb4caSwyllys KMF_ERR_BAD_KEY_SIZE = 0x3e, 30799ebb4caSwyllys KMF_ERR_BAD_HEX_STRING = 0x3f, 30899ebb4caSwyllys KMF_ERR_KEYUSAGE = 0x40, 30999ebb4caSwyllys KMF_ERR_VALIDITY_PERIOD = 0x41, 31099ebb4caSwyllys KMF_ERR_OCSP_REVOKED = 0x42, 31199ebb4caSwyllys KMF_ERR_CERT_MULTIPLE_FOUND = 0x43, 31299ebb4caSwyllys KMF_ERR_WRITE_FILE = 0x44, 31399ebb4caSwyllys KMF_ERR_BAD_URI = 0x45, 31499ebb4caSwyllys KMF_ERR_BAD_CRLFILE = 0x46, 31599ebb4caSwyllys KMF_ERR_BAD_CERTFILE = 0x47, 31699ebb4caSwyllys KMF_ERR_GETKEYVALUE_FAILED = 0x48, 31799ebb4caSwyllys KMF_ERR_BAD_KEYHANDLE = 0x49, 31899ebb4caSwyllys KMF_ERR_BAD_OBJECT_TYPE = 0x4a, 31999ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b, 32099ebb4caSwyllys KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c, 32199ebb4caSwyllys KMF_ERR_UNINITIALIZED_TOKEN = 0x4d, 32299ebb4caSwyllys KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e, 32399ebb4caSwyllys KMF_ERR_MISSING_ERRCODE = 0x4f, 32471593db2Swyllys KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50, 32571593db2Swyllys KMF_ERR_SENSITIVE_KEY = 0x51, 32671593db2Swyllys KMF_ERR_UNEXTRACTABLE_KEY = 0x52, 32730a5e8faSwyllys KMF_ERR_KEY_MISMATCH = 0x53, 32830a5e8faSwyllys KMF_ERR_ATTR_NOT_FOUND = 0x54 32999ebb4caSwyllys } KMF_RETURN; 33099ebb4caSwyllys 33130a5e8faSwyllys /* Data structures for OCSP support */ 33230a5e8faSwyllys typedef enum { 33330a5e8faSwyllys OCSP_GOOD = 0, 33430a5e8faSwyllys OCSP_REVOKED = 1, 33530a5e8faSwyllys OCSP_UNKNOWN = 2 33630a5e8faSwyllys } KMF_OCSP_CERT_STATUS; 33730a5e8faSwyllys 33899ebb4caSwyllys typedef enum { 33999ebb4caSwyllys OCSP_SUCCESS = 0, 34099ebb4caSwyllys OCSP_MALFORMED_REQUEST = 1, 34199ebb4caSwyllys OCSP_INTERNAL_ERROR = 2, 34299ebb4caSwyllys OCSP_TRYLATER = 3, 34399ebb4caSwyllys OCSP_SIGREQUIRED = 4, 34499ebb4caSwyllys OCSP_UNAUTHORIZED = 5 34599ebb4caSwyllys } KMF_OCSP_RESPONSE_STATUS; 34699ebb4caSwyllys 34799ebb4caSwyllys typedef enum { 34899ebb4caSwyllys OCSP_NOSTATUS = -1, 34999ebb4caSwyllys OCSP_UNSPECIFIED = 0, 35099ebb4caSwyllys OCSP_KEYCOMPROMISE = 1, 35199ebb4caSwyllys OCSP_CACOMPROMISE = 2, 35299ebb4caSwyllys OCSP_AFFILIATIONCHANGE = 3, 35399ebb4caSwyllys OCSP_SUPERCEDED = 4, 35499ebb4caSwyllys OCSP_CESSATIONOFOPERATION = 5, 35599ebb4caSwyllys OCSP_CERTIFICATEHOLD = 6, 35699ebb4caSwyllys OCSP_REMOVEFROMCRL = 7 35799ebb4caSwyllys } KMF_OCSP_REVOKED_STATUS; 35899ebb4caSwyllys 35999ebb4caSwyllys typedef enum { 36099ebb4caSwyllys KMF_ALGCLASS_NONE = 0, 36199ebb4caSwyllys KMF_ALGCLASS_CUSTOM, 36299ebb4caSwyllys KMF_ALGCLASS_SIGNATURE, 36399ebb4caSwyllys KMF_ALGCLASS_SYMMETRIC, 36499ebb4caSwyllys KMF_ALGCLASS_DIGEST, 36599ebb4caSwyllys KMF_ALGCLASS_RANDOMGEN, 36699ebb4caSwyllys KMF_ALGCLASS_UNIQUEGEN, 36799ebb4caSwyllys KMF_ALGCLASS_MAC, 36899ebb4caSwyllys KMF_ALGCLASS_ASYMMETRIC, 36999ebb4caSwyllys KMF_ALGCLASS_KEYGEN, 37099ebb4caSwyllys KMF_ALGCLASS_DERIVEKEY 37199ebb4caSwyllys } KMF_ALGCLASS; 37299ebb4caSwyllys 37399ebb4caSwyllys typedef enum { 37499ebb4caSwyllys KMF_CERT_ISSUER = 1, 37599ebb4caSwyllys KMF_CERT_SUBJECT, 37699ebb4caSwyllys KMF_CERT_VERSION, 37799ebb4caSwyllys KMF_CERT_SERIALNUM, 37899ebb4caSwyllys KMF_CERT_NOTBEFORE, 37999ebb4caSwyllys KMF_CERT_NOTAFTER, 38099ebb4caSwyllys KMF_CERT_PUBKEY_ALG, 38199ebb4caSwyllys KMF_CERT_SIGNATURE_ALG, 38299ebb4caSwyllys KMF_CERT_EMAIL, 38399ebb4caSwyllys KMF_CERT_PUBKEY_DATA, 38499ebb4caSwyllys KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD, 38599ebb4caSwyllys KMF_X509_EXT_CERT_POLICIES, 38699ebb4caSwyllys KMF_X509_EXT_SUBJ_ALTNAME, 38799ebb4caSwyllys KMF_X509_EXT_ISSUER_ALTNAME, 38899ebb4caSwyllys KMF_X509_EXT_BASIC_CONSTRAINTS, 38999ebb4caSwyllys KMF_X509_EXT_NAME_CONSTRAINTS, 39099ebb4caSwyllys KMF_X509_EXT_POLICY_CONSTRAINTS, 39199ebb4caSwyllys KMF_X509_EXT_EXT_KEY_USAGE, 39299ebb4caSwyllys KMF_X509_EXT_INHIBIT_ANY_POLICY, 39399ebb4caSwyllys KMF_X509_EXT_AUTH_KEY_ID, 39499ebb4caSwyllys KMF_X509_EXT_SUBJ_KEY_ID, 39599ebb4caSwyllys KMF_X509_EXT_POLICY_MAPPINGS, 39699ebb4caSwyllys KMF_X509_EXT_CRL_DIST_POINTS, 39799ebb4caSwyllys KMF_X509_EXT_FRESHEST_CRL, 39899ebb4caSwyllys KMF_X509_EXT_KEY_USAGE 39999ebb4caSwyllys } KMF_PRINTABLE_ITEM; 40099ebb4caSwyllys 40199ebb4caSwyllys /* 40299ebb4caSwyllys * KMF_X509_ALGORITHM_IDENTIFIER 40399ebb4caSwyllys * This structure holds an object identifier naming a 40499ebb4caSwyllys * cryptographic algorithm and an optional set of 40599ebb4caSwyllys * parameters to be used as input to that algorithm. 40699ebb4caSwyllys */ 40799ebb4caSwyllys typedef struct 40899ebb4caSwyllys { 40999ebb4caSwyllys KMF_OID algorithm; 41099ebb4caSwyllys KMF_DATA parameters; 41199ebb4caSwyllys } KMF_X509_ALGORITHM_IDENTIFIER; 41299ebb4caSwyllys 41399ebb4caSwyllys /* 41499ebb4caSwyllys * KMF_X509_TYPE_VALUE_PAIR 41599ebb4caSwyllys * This structure contain an type-value pair. 41699ebb4caSwyllys */ 41799ebb4caSwyllys typedef struct 41899ebb4caSwyllys { 41999ebb4caSwyllys KMF_OID type; 42099ebb4caSwyllys uint8_t valueType; /* The Tag to use when BER encoded */ 42199ebb4caSwyllys KMF_DATA value; 42299ebb4caSwyllys } KMF_X509_TYPE_VALUE_PAIR; 42399ebb4caSwyllys 42499ebb4caSwyllys 42599ebb4caSwyllys /* 42699ebb4caSwyllys * KMF_X509_RDN 42799ebb4caSwyllys * This structure contains a Relative Distinguished Name 42899ebb4caSwyllys * composed of an ordered set of type-value pairs. 42999ebb4caSwyllys */ 43099ebb4caSwyllys typedef struct 43199ebb4caSwyllys { 43299ebb4caSwyllys uint32_t numberOfPairs; 43399ebb4caSwyllys KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue; 43499ebb4caSwyllys } KMF_X509_RDN; 43599ebb4caSwyllys 43699ebb4caSwyllys /* 43799ebb4caSwyllys * KMF_X509_NAME 43899ebb4caSwyllys * This structure contains a set of Relative Distinguished Names. 43999ebb4caSwyllys */ 44099ebb4caSwyllys typedef struct 44199ebb4caSwyllys { 44299ebb4caSwyllys uint32_t numberOfRDNs; 44399ebb4caSwyllys KMF_X509_RDN *RelativeDistinguishedName; 44499ebb4caSwyllys } KMF_X509_NAME; 44599ebb4caSwyllys 44699ebb4caSwyllys /* 44799ebb4caSwyllys * KMF_X509_SPKI 44899ebb4caSwyllys * This structure contains the public key and the 44999ebb4caSwyllys * description of the verification algorithm 45099ebb4caSwyllys * appropriate for use with this key. 45199ebb4caSwyllys */ 45299ebb4caSwyllys typedef struct 45399ebb4caSwyllys { 45499ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER algorithm; 45599ebb4caSwyllys KMF_DATA subjectPublicKey; 45699ebb4caSwyllys } KMF_X509_SPKI; 45799ebb4caSwyllys 45899ebb4caSwyllys /* 45999ebb4caSwyllys * KMF_X509_TIME 46099ebb4caSwyllys * Time is represented as a string according to the 46199ebb4caSwyllys * definitions of GeneralizedTime and UTCTime 46299ebb4caSwyllys * defined in RFC 2459. 46399ebb4caSwyllys */ 46499ebb4caSwyllys typedef struct 46599ebb4caSwyllys { 46699ebb4caSwyllys uint8_t timeType; 46799ebb4caSwyllys KMF_DATA time; 46899ebb4caSwyllys } KMF_X509_TIME; 46999ebb4caSwyllys 47099ebb4caSwyllys /* 47199ebb4caSwyllys * KMF_X509_VALIDITY 47299ebb4caSwyllys */ 47399ebb4caSwyllys typedef struct 47499ebb4caSwyllys { 47599ebb4caSwyllys KMF_X509_TIME notBefore; 47699ebb4caSwyllys KMF_X509_TIME notAfter; 47799ebb4caSwyllys } KMF_X509_VALIDITY; 47899ebb4caSwyllys 47999ebb4caSwyllys /* 48099ebb4caSwyllys * KMF_X509EXT_BASICCONSTRAINTS 48199ebb4caSwyllys */ 48299ebb4caSwyllys typedef struct 48399ebb4caSwyllys { 48499ebb4caSwyllys KMF_BOOL cA; 48599ebb4caSwyllys KMF_BOOL pathLenConstraintPresent; 48699ebb4caSwyllys uint32_t pathLenConstraint; 48799ebb4caSwyllys } KMF_X509EXT_BASICCONSTRAINTS; 48899ebb4caSwyllys 48999ebb4caSwyllys /* 49099ebb4caSwyllys * KMF_X509EXT_DATA_FORMAT 49199ebb4caSwyllys * This list defines the valid formats for a certificate extension. 49299ebb4caSwyllys */ 49399ebb4caSwyllys typedef enum 49499ebb4caSwyllys { 49599ebb4caSwyllys KMF_X509_DATAFORMAT_ENCODED = 0, 49699ebb4caSwyllys KMF_X509_DATAFORMAT_PARSED, 49799ebb4caSwyllys KMF_X509_DATAFORMAT_PAIR 49899ebb4caSwyllys } KMF_X509EXT_DATA_FORMAT; 49999ebb4caSwyllys 50099ebb4caSwyllys 50199ebb4caSwyllys /* 50299ebb4caSwyllys * KMF_X509EXT_TAGandVALUE 50399ebb4caSwyllys * This structure contains a BER/DER encoded 50499ebb4caSwyllys * extension value and the type of that value. 50599ebb4caSwyllys */ 50699ebb4caSwyllys typedef struct 50799ebb4caSwyllys { 50899ebb4caSwyllys uint8_t type; 50999ebb4caSwyllys KMF_DATA value; 51099ebb4caSwyllys } KMF_X509EXT_TAGandVALUE; 51199ebb4caSwyllys 51299ebb4caSwyllys 51399ebb4caSwyllys /* 51499ebb4caSwyllys * KMF_X509EXT_PAIR 51599ebb4caSwyllys * This structure aggregates two extension representations: 51699ebb4caSwyllys * a tag and value, and a parsed X509 extension representation. 51799ebb4caSwyllys */ 51899ebb4caSwyllys typedef struct 51999ebb4caSwyllys { 52099ebb4caSwyllys KMF_X509EXT_TAGandVALUE tagAndValue; 52199ebb4caSwyllys void *parsedValue; 52299ebb4caSwyllys } KMF_X509EXT_PAIR; 52399ebb4caSwyllys 52499ebb4caSwyllys /* 52599ebb4caSwyllys * KMF_X509_EXTENSION 52699ebb4caSwyllys * This structure contains a complete certificate extension. 52799ebb4caSwyllys */ 52899ebb4caSwyllys typedef struct 52999ebb4caSwyllys { 53099ebb4caSwyllys KMF_OID extnId; 53199ebb4caSwyllys KMF_BOOL critical; 53299ebb4caSwyllys KMF_X509EXT_DATA_FORMAT format; 53399ebb4caSwyllys union 53499ebb4caSwyllys { 53599ebb4caSwyllys KMF_X509EXT_TAGandVALUE *tagAndValue; 53699ebb4caSwyllys void *parsedValue; 53799ebb4caSwyllys KMF_X509EXT_PAIR *valuePair; 53899ebb4caSwyllys } value; 53999ebb4caSwyllys KMF_DATA BERvalue; 54099ebb4caSwyllys } KMF_X509_EXTENSION; 54199ebb4caSwyllys 54299ebb4caSwyllys 54399ebb4caSwyllys /* 54499ebb4caSwyllys * KMF_X509_EXTENSIONS 54599ebb4caSwyllys * This structure contains the set of all certificate 54699ebb4caSwyllys * extensions contained in a certificate. 54799ebb4caSwyllys */ 54899ebb4caSwyllys typedef struct 54999ebb4caSwyllys { 55099ebb4caSwyllys uint32_t numberOfExtensions; 55199ebb4caSwyllys KMF_X509_EXTENSION *extensions; 55299ebb4caSwyllys } KMF_X509_EXTENSIONS; 55399ebb4caSwyllys 55499ebb4caSwyllys /* 55599ebb4caSwyllys * KMF_X509_TBS_CERT 55699ebb4caSwyllys * This structure contains a complete X.509 certificate. 55799ebb4caSwyllys */ 55899ebb4caSwyllys typedef struct 55999ebb4caSwyllys { 56099ebb4caSwyllys KMF_DATA version; 56199ebb4caSwyllys KMF_BIGINT serialNumber; 56299ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER signature; 56399ebb4caSwyllys KMF_X509_NAME issuer; 56499ebb4caSwyllys KMF_X509_VALIDITY validity; 56599ebb4caSwyllys KMF_X509_NAME subject; 56699ebb4caSwyllys KMF_X509_SPKI subjectPublicKeyInfo; 56799ebb4caSwyllys KMF_DATA issuerUniqueIdentifier; 56899ebb4caSwyllys KMF_DATA subjectUniqueIdentifier; 56999ebb4caSwyllys KMF_X509_EXTENSIONS extensions; 57099ebb4caSwyllys } KMF_X509_TBS_CERT; 57199ebb4caSwyllys 57299ebb4caSwyllys /* 57399ebb4caSwyllys * KMF_X509_SIGNATURE 57499ebb4caSwyllys * This structure contains a cryptographic digital signature. 57599ebb4caSwyllys */ 57699ebb4caSwyllys typedef struct 57799ebb4caSwyllys { 57899ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; 57999ebb4caSwyllys KMF_DATA encrypted; 58099ebb4caSwyllys } KMF_X509_SIGNATURE; 58199ebb4caSwyllys 58299ebb4caSwyllys /* 58399ebb4caSwyllys * KMF_X509_CERTIFICATE 58499ebb4caSwyllys * This structure associates a set of decoded certificate 58599ebb4caSwyllys * values with the signature covering those values. 58699ebb4caSwyllys */ 58799ebb4caSwyllys typedef struct 58899ebb4caSwyllys { 58999ebb4caSwyllys KMF_X509_TBS_CERT certificate; 59099ebb4caSwyllys KMF_X509_SIGNATURE signature; 59199ebb4caSwyllys } KMF_X509_CERTIFICATE; 59299ebb4caSwyllys 59399ebb4caSwyllys #define CERT_ALG_OID(c) &c->certificate.signature.algorithm 59499ebb4caSwyllys #define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm 59599ebb4caSwyllys 59699ebb4caSwyllys /* 59799ebb4caSwyllys * KMF_TBS_CSR 59899ebb4caSwyllys * This structure contains a complete PKCS#10 certificate request 59999ebb4caSwyllys */ 60099ebb4caSwyllys typedef struct 60199ebb4caSwyllys { 60299ebb4caSwyllys KMF_DATA version; 60399ebb4caSwyllys KMF_X509_NAME subject; 60499ebb4caSwyllys KMF_X509_SPKI subjectPublicKeyInfo; 60599ebb4caSwyllys KMF_X509_EXTENSIONS extensions; 60699ebb4caSwyllys } KMF_TBS_CSR; 60799ebb4caSwyllys 60899ebb4caSwyllys /* 60999ebb4caSwyllys * KMF_CSR_DATA 61099ebb4caSwyllys * This structure contains a complete PKCS#10 certificate signed request 61199ebb4caSwyllys */ 61299ebb4caSwyllys typedef struct 61399ebb4caSwyllys { 61499ebb4caSwyllys KMF_TBS_CSR csr; 61599ebb4caSwyllys KMF_X509_SIGNATURE signature; 61699ebb4caSwyllys } KMF_CSR_DATA; 61799ebb4caSwyllys 61899ebb4caSwyllys /* 61999ebb4caSwyllys * KMF_X509EXT_POLICYQUALIFIERINFO 62099ebb4caSwyllys */ 62199ebb4caSwyllys typedef struct 62299ebb4caSwyllys { 62399ebb4caSwyllys KMF_OID policyQualifierId; 62499ebb4caSwyllys KMF_DATA value; 62599ebb4caSwyllys } KMF_X509EXT_POLICYQUALIFIERINFO; 62699ebb4caSwyllys 62799ebb4caSwyllys /* 62899ebb4caSwyllys * KMF_X509EXT_POLICYQUALIFIERS 62999ebb4caSwyllys */ 63099ebb4caSwyllys typedef struct 63199ebb4caSwyllys { 63299ebb4caSwyllys uint32_t numberOfPolicyQualifiers; 63399ebb4caSwyllys KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier; 63499ebb4caSwyllys } KMF_X509EXT_POLICYQUALIFIERS; 63599ebb4caSwyllys 63699ebb4caSwyllys /* 63799ebb4caSwyllys * KMF_X509EXT_POLICYINFO 63899ebb4caSwyllys */ 63999ebb4caSwyllys typedef struct 64099ebb4caSwyllys { 64199ebb4caSwyllys KMF_OID policyIdentifier; 64299ebb4caSwyllys KMF_X509EXT_POLICYQUALIFIERS policyQualifiers; 64399ebb4caSwyllys } KMF_X509EXT_POLICYINFO; 64499ebb4caSwyllys 64599ebb4caSwyllys typedef struct 64699ebb4caSwyllys { 64799ebb4caSwyllys uint32_t numberOfPolicyInfo; 64899ebb4caSwyllys KMF_X509EXT_POLICYINFO *policyInfo; 64999ebb4caSwyllys } KMF_X509EXT_CERT_POLICIES; 65099ebb4caSwyllys 65199ebb4caSwyllys typedef struct 65299ebb4caSwyllys { 65399ebb4caSwyllys uchar_t critical; 65499ebb4caSwyllys uint16_t KeyUsageBits; 65599ebb4caSwyllys } KMF_X509EXT_KEY_USAGE; 65699ebb4caSwyllys 65799ebb4caSwyllys typedef struct 65899ebb4caSwyllys { 65999ebb4caSwyllys uchar_t critical; 66099ebb4caSwyllys uint16_t nEKUs; 66199ebb4caSwyllys KMF_OID *keyPurposeIdList; 66299ebb4caSwyllys } KMF_X509EXT_EKU; 66399ebb4caSwyllys 66499ebb4caSwyllys 66599ebb4caSwyllys /* 66699ebb4caSwyllys * X509 AuthorityInfoAccess extension 66799ebb4caSwyllys */ 66899ebb4caSwyllys typedef struct 66999ebb4caSwyllys { 67099ebb4caSwyllys KMF_OID AccessMethod; 67199ebb4caSwyllys KMF_DATA AccessLocation; 67299ebb4caSwyllys } KMF_X509EXT_ACCESSDESC; 67399ebb4caSwyllys 67499ebb4caSwyllys typedef struct 67599ebb4caSwyllys { 67699ebb4caSwyllys uint32_t numberOfAccessDescription; 67799ebb4caSwyllys KMF_X509EXT_ACCESSDESC *AccessDesc; 67899ebb4caSwyllys } KMF_X509EXT_AUTHINFOACCESS; 67999ebb4caSwyllys 68099ebb4caSwyllys 68199ebb4caSwyllys /* 68299ebb4caSwyllys * X509 Crl Distribution Point extension 68399ebb4caSwyllys */ 68499ebb4caSwyllys typedef struct { 68599ebb4caSwyllys KMF_GENERALNAMECHOICES choice; 68699ebb4caSwyllys KMF_DATA name; 68799ebb4caSwyllys } KMF_GENERALNAME; 68899ebb4caSwyllys 68999ebb4caSwyllys typedef struct { 69099ebb4caSwyllys uint32_t number; 69199ebb4caSwyllys KMF_GENERALNAME *namelist; 69299ebb4caSwyllys } KMF_GENERALNAMES; 69399ebb4caSwyllys 69499ebb4caSwyllys typedef enum { 69599ebb4caSwyllys DP_GENERAL_NAME = 1, 69699ebb4caSwyllys DP_RELATIVE_NAME = 2 69799ebb4caSwyllys } KMF_CRL_DIST_POINT_TYPE; 69899ebb4caSwyllys 69999ebb4caSwyllys typedef struct { 70099ebb4caSwyllys KMF_CRL_DIST_POINT_TYPE type; 70199ebb4caSwyllys union { 70299ebb4caSwyllys KMF_GENERALNAMES full_name; 70399ebb4caSwyllys KMF_DATA relative_name; 70499ebb4caSwyllys } name; 70599ebb4caSwyllys KMF_DATA reasons; 70699ebb4caSwyllys KMF_GENERALNAMES crl_issuer; 70799ebb4caSwyllys } KMF_CRL_DIST_POINT; 70899ebb4caSwyllys 70999ebb4caSwyllys typedef struct { 71099ebb4caSwyllys uint32_t number; 71199ebb4caSwyllys KMF_CRL_DIST_POINT *dplist; 71299ebb4caSwyllys } KMF_X509EXT_CRLDISTPOINTS; 71399ebb4caSwyllys 71430a5e8faSwyllys typedef enum { 71530a5e8faSwyllys KMF_DATA_ATTR, 71630a5e8faSwyllys KMF_OID_ATTR, 71730a5e8faSwyllys KMF_BIGINT_ATTR, 71830a5e8faSwyllys KMF_X509_DER_CERT_ATTR, 71930a5e8faSwyllys KMF_KEYSTORE_TYPE_ATTR, 72030a5e8faSwyllys KMF_ENCODE_FORMAT_ATTR, 72130a5e8faSwyllys KMF_CERT_VALIDITY_ATTR, 72230a5e8faSwyllys KMF_KU_PURPOSE_ATTR, 72330a5e8faSwyllys KMF_ALGORITHM_INDEX_ATTR, 72430a5e8faSwyllys KMF_TOKEN_LABEL_ATTR, 72530a5e8faSwyllys KMF_READONLY_ATTR, 72630a5e8faSwyllys KMF_DIRPATH_ATTR, 72730a5e8faSwyllys KMF_CERTPREFIX_ATTR, 72830a5e8faSwyllys KMF_KEYPREFIX_ATTR, 72930a5e8faSwyllys KMF_SECMODNAME_ATTR, 73030a5e8faSwyllys KMF_CREDENTIAL_ATTR, 73130a5e8faSwyllys KMF_TRUSTFLAG_ATTR, 73230a5e8faSwyllys KMF_CRL_FILENAME_ATTR, 73330a5e8faSwyllys KMF_CRL_CHECK_ATTR, 73430a5e8faSwyllys KMF_CRL_DATA_ATTR, 73530a5e8faSwyllys KMF_CRL_SUBJECT_ATTR, 73630a5e8faSwyllys KMF_CRL_ISSUER_ATTR, 73730a5e8faSwyllys KMF_CRL_NAMELIST_ATTR, 73830a5e8faSwyllys KMF_CRL_COUNT_ATTR, 73930a5e8faSwyllys KMF_CRL_OUTFILE_ATTR, 74030a5e8faSwyllys KMF_CERT_LABEL_ATTR, 74130a5e8faSwyllys KMF_SUBJECT_NAME_ATTR, 74230a5e8faSwyllys KMF_ISSUER_NAME_ATTR, 74330a5e8faSwyllys KMF_CERT_FILENAME_ATTR, 74430a5e8faSwyllys KMF_KEY_FILENAME_ATTR, 74530a5e8faSwyllys KMF_OUTPUT_FILENAME_ATTR, 74630a5e8faSwyllys KMF_IDSTR_ATTR, 74730a5e8faSwyllys KMF_CERT_DATA_ATTR, 74830a5e8faSwyllys KMF_OCSP_RESPONSE_DATA_ATTR, 74930a5e8faSwyllys KMF_OCSP_RESPONSE_STATUS_ATTR, 75030a5e8faSwyllys KMF_OCSP_RESPONSE_REASON_ATTR, 75130a5e8faSwyllys KMF_OCSP_RESPONSE_CERT_STATUS_ATTR, 75230a5e8faSwyllys KMF_OCSP_REQUEST_FILENAME_ATTR, 75330a5e8faSwyllys KMF_KEYALG_ATTR, 75430a5e8faSwyllys KMF_KEYCLASS_ATTR, 75530a5e8faSwyllys KMF_KEYLABEL_ATTR, 75630a5e8faSwyllys KMF_KEYLENGTH_ATTR, 75730a5e8faSwyllys KMF_RSAEXP_ATTR, 75830a5e8faSwyllys KMF_TACERT_DATA_ATTR, 75930a5e8faSwyllys KMF_SLOT_ID_ATTR, 76030a5e8faSwyllys KMF_PK12CRED_ATTR, 76130a5e8faSwyllys KMF_ISSUER_CERT_DATA_ATTR, 76230a5e8faSwyllys KMF_USER_CERT_DATA_ATTR, 76330a5e8faSwyllys KMF_SIGNER_CERT_DATA_ATTR, 76430a5e8faSwyllys KMF_IGNORE_RESPONSE_SIGN_ATTR, 76530a5e8faSwyllys KMF_RESPONSE_LIFETIME_ATTR, 76630a5e8faSwyllys KMF_KEY_HANDLE_ATTR, 76730a5e8faSwyllys KMF_PRIVKEY_HANDLE_ATTR, 76830a5e8faSwyllys KMF_PUBKEY_HANDLE_ATTR, 76930a5e8faSwyllys KMF_ERROR_ATTR, 77030a5e8faSwyllys KMF_X509_NAME_ATTR, 77130a5e8faSwyllys KMF_X509_SPKI_ATTR, 77230a5e8faSwyllys KMF_X509_CERTIFICATE_ATTR, 77330a5e8faSwyllys KMF_RAW_KEY_ATTR, 77430a5e8faSwyllys KMF_CSR_DATA_ATTR, 77530a5e8faSwyllys KMF_GENERALNAMECHOICES_ATTR, 77630a5e8faSwyllys KMF_STOREKEY_BOOL_ATTR, 77730a5e8faSwyllys KMF_SENSITIVE_BOOL_ATTR, 77830a5e8faSwyllys KMF_NON_EXTRACTABLE_BOOL_ATTR, 77930a5e8faSwyllys KMF_TOKEN_BOOL_ATTR, 78030a5e8faSwyllys KMF_PRIVATE_BOOL_ATTR, 78130a5e8faSwyllys KMF_NEWPIN_ATTR, 78230a5e8faSwyllys KMF_IN_SIGN_ATTR, 78330a5e8faSwyllys KMF_OUT_DATA_ATTR, 78430a5e8faSwyllys KMF_COUNT_ATTR, 78530a5e8faSwyllys KMF_DESTROY_BOOL_ATTR, 78630a5e8faSwyllys KMF_TBS_CERT_DATA_ATTR, 78730a5e8faSwyllys KMF_PLAINTEXT_DATA_ATTR, 78830a5e8faSwyllys KMF_CIPHERTEXT_DATA_ATTR, 78930a5e8faSwyllys KMF_VALIDATE_RESULT_ATTR, 79030a5e8faSwyllys KMF_KEY_DATA_ATTR 79130a5e8faSwyllys } KMF_ATTR_TYPE; 79230a5e8faSwyllys 79330a5e8faSwyllys typedef struct { 79430a5e8faSwyllys KMF_ATTR_TYPE type; 79530a5e8faSwyllys void *pValue; 79630a5e8faSwyllys uint32_t valueLen; 79730a5e8faSwyllys } KMF_ATTRIBUTE; 79899ebb4caSwyllys 79999ebb4caSwyllys /* 80099ebb4caSwyllys * Definitions for common X.509v3 certificate attribute OIDs 80199ebb4caSwyllys */ 80299ebb4caSwyllys #define OID_ISO_MEMBER 42 /* Also in PKCS */ 80399ebb4caSwyllys #define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */ 80499ebb4caSwyllys #define OID_CA OID_ISO_MEMBER, 124 80599ebb4caSwyllys 80699ebb4caSwyllys #define OID_ISO_IDENTIFIED_ORG 43 80799ebb4caSwyllys #define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 80899ebb4caSwyllys #define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 80999ebb4caSwyllys #define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 81099ebb4caSwyllys #define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */ 81199ebb4caSwyllys 81299ebb4caSwyllys #define OID_ISO_CCITT_DIR_SERVICE 85 81399ebb4caSwyllys #define OID_ISO_CCITT_COUNTRY 96 81499ebb4caSwyllys #define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72 81599ebb4caSwyllys #define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124 81699ebb4caSwyllys #define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1 81799ebb4caSwyllys #define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2 81899ebb4caSwyllys #define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3 81999ebb4caSwyllys 82099ebb4caSwyllys /* From the PKCS Standards */ 82199ebb4caSwyllys #define OID_ISO_MEMBER_LENGTH 1 82299ebb4caSwyllys #define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2) 82399ebb4caSwyllys 82499ebb4caSwyllys #define OID_RSA OID_US, 134, 247, 13 82599ebb4caSwyllys #define OID_RSA_LENGTH (OID_US_LENGTH + 3) 82699ebb4caSwyllys 82799ebb4caSwyllys #define OID_RSA_HASH OID_RSA, 2 82899ebb4caSwyllys #define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1) 82999ebb4caSwyllys 83099ebb4caSwyllys #define OID_RSA_ENCRYPT OID_RSA, 3 83199ebb4caSwyllys #define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1) 83299ebb4caSwyllys 83399ebb4caSwyllys #define OID_PKCS OID_RSA, 1 83499ebb4caSwyllys #define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1) 83599ebb4caSwyllys 83699ebb4caSwyllys #define OID_PKCS_1 OID_PKCS, 1 83799ebb4caSwyllys #define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1) 83899ebb4caSwyllys 83999ebb4caSwyllys #define OID_PKCS_2 OID_PKCS, 2 84099ebb4caSwyllys #define OID_PKCS_3 OID_PKCS, 3 84199ebb4caSwyllys #define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1) 84299ebb4caSwyllys 84399ebb4caSwyllys #define OID_PKCS_4 OID_PKCS, 4 84499ebb4caSwyllys #define OID_PKCS_5 OID_PKCS, 5 84599ebb4caSwyllys #define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1) 84699ebb4caSwyllys #define OID_PKCS_6 OID_PKCS, 6 84799ebb4caSwyllys #define OID_PKCS_7 OID_PKCS, 7 84899ebb4caSwyllys #define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1) 84999ebb4caSwyllys 85099ebb4caSwyllys #define OID_PKCS_7_Data OID_PKCS_7, 1 85199ebb4caSwyllys #define OID_PKCS_7_SignedData OID_PKCS_7, 2 85299ebb4caSwyllys #define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3 85399ebb4caSwyllys #define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4 85499ebb4caSwyllys #define OID_PKCS_7_DigestedData OID_PKCS_7, 5 85599ebb4caSwyllys #define OID_PKCS_7_EncryptedData OID_PKCS_7, 6 85699ebb4caSwyllys 85799ebb4caSwyllys #define OID_PKCS_8 OID_PKCS, 8 85899ebb4caSwyllys #define OID_PKCS_9 OID_PKCS, 9 85999ebb4caSwyllys #define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1) 86099ebb4caSwyllys 86199ebb4caSwyllys #define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3 86299ebb4caSwyllys #define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4 86399ebb4caSwyllys #define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5 86499ebb4caSwyllys #define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6 86599ebb4caSwyllys #define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14 86699ebb4caSwyllys 86799ebb4caSwyllys #define OID_PKCS_10 OID_PKCS, 10 86899ebb4caSwyllys 86999ebb4caSwyllys #define OID_PKCS_12 OID_PKCS, 12 87099ebb4caSwyllys #define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1) 87199ebb4caSwyllys 87299ebb4caSwyllys #define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1 87399ebb4caSwyllys #define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2 87499ebb4caSwyllys #define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3 87599ebb4caSwyllys #define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4 87699ebb4caSwyllys #define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5 87799ebb4caSwyllys #define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6 87899ebb4caSwyllys 87999ebb4caSwyllys #define OID_BAG_TYPES OID_PKCS_12, 10, 1 88099ebb4caSwyllys #define OID_KeyBag OID_BAG_TYPES, 1 88199ebb4caSwyllys #define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2 88299ebb4caSwyllys #define OID_CertBag OID_BAG_TYPES, 3 88399ebb4caSwyllys #define OID_CrlBag OID_BAG_TYPES, 4 88499ebb4caSwyllys #define OID_SecretBag OID_BAG_TYPES, 5 88599ebb4caSwyllys #define OID_SafeContentsBag OID_BAG_TYPES, 6 88699ebb4caSwyllys 88799ebb4caSwyllys #define OID_ContentInfo OID_PKCS_7, 0, 1 88899ebb4caSwyllys 88999ebb4caSwyllys #define OID_CERT_TYPES OID_PKCS_9, 22 89099ebb4caSwyllys #define OID_x509Certificate OID_CERT_TYPES, 1 89199ebb4caSwyllys #define OID_sdsiCertificate OID_CERT_TYPES, 2 89299ebb4caSwyllys 89399ebb4caSwyllys #define OID_CRL_TYPES OID_PKCS_9, 23 89499ebb4caSwyllys #define OID_x509Crl OID_CRL_TYPES, 1 89599ebb4caSwyllys 89699ebb4caSwyllys #define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */ 89799ebb4caSwyllys #define OID_DS_LENGTH 1 89899ebb4caSwyllys 89999ebb4caSwyllys #define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */ 90099ebb4caSwyllys #define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1) 90199ebb4caSwyllys 90299ebb4caSwyllys #define OID_DSALG OID_DS, 8 /* Also in X.501 */ 90399ebb4caSwyllys #define OID_DSALG_LENGTH (OID_DS_LENGTH + 1) 90499ebb4caSwyllys 90599ebb4caSwyllys #define OID_EXTENSION OID_DS, 29 /* Also in X.501 */ 90699ebb4caSwyllys #define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1) 90799ebb4caSwyllys 90899ebb4caSwyllys /* 90999ebb4caSwyllys * From RFC 1274: 91099ebb4caSwyllys * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) } 91199ebb4caSwyllys */ 91299ebb4caSwyllys #define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 91399ebb4caSwyllys #define OID_PILOT_LENGTH 9 91499ebb4caSwyllys 91599ebb4caSwyllys #define OID_USERID OID_PILOT 1 91699ebb4caSwyllys #define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1) 91799ebb4caSwyllys 91899ebb4caSwyllys /* 91999ebb4caSwyllys * From PKIX part1 92099ebb4caSwyllys * { iso(1) identified-organization(3) dod(6) internet(1) 92199ebb4caSwyllys * security(5) mechanisms(5) pkix(7) } 92299ebb4caSwyllys */ 92399ebb4caSwyllys #define OID_PKIX 43, 6, 1, 5, 5, 7 92499ebb4caSwyllys #define OID_PKIX_LENGTH 6 92599ebb4caSwyllys 92699ebb4caSwyllys /* private certificate extensions, { id-pkix 1 } */ 92799ebb4caSwyllys #define OID_PKIX_PE OID_PKIX, 1 92899ebb4caSwyllys #define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1) 92999ebb4caSwyllys 93099ebb4caSwyllys /* policy qualifier types {id-pkix 2 } */ 93199ebb4caSwyllys #define OID_PKIX_QT OID_PKIX, 2 93299ebb4caSwyllys #define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1) 93399ebb4caSwyllys 93499ebb4caSwyllys /* CPS qualifier, { id-qt 1 } */ 93599ebb4caSwyllys #define OID_PKIX_QT_CPS OID_PKIX_QT, 1 93699ebb4caSwyllys #define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1) 93799ebb4caSwyllys /* user notice qualifier, { id-qt 2 } */ 93899ebb4caSwyllys #define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2 93999ebb4caSwyllys #define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1) 94099ebb4caSwyllys 94199ebb4caSwyllys /* extended key purpose OIDs {id-pkix 3 } */ 94299ebb4caSwyllys #define OID_PKIX_KP OID_PKIX, 3 94399ebb4caSwyllys #define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1) 94499ebb4caSwyllys 94599ebb4caSwyllys /* access descriptors {id-pkix 4 } */ 94699ebb4caSwyllys #define OID_PKIX_AD OID_PKIX, 48 94799ebb4caSwyllys #define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1) 94899ebb4caSwyllys 94999ebb4caSwyllys /* access descriptors */ 95099ebb4caSwyllys /* OCSP */ 95199ebb4caSwyllys #define OID_PKIX_AD_OCSP OID_PKIX_AD, 1 95299ebb4caSwyllys #define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1) 95399ebb4caSwyllys 95499ebb4caSwyllys /* cAIssuers */ 95599ebb4caSwyllys #define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2 95699ebb4caSwyllys #define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1) 95799ebb4caSwyllys 95899ebb4caSwyllys /* end PKIX part1 */ 95999ebb4caSwyllys #define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4 96099ebb4caSwyllys #define OID_APPL_TCP_PROTO_LENGTH 8 96199ebb4caSwyllys 96299ebb4caSwyllys #define OID_DAP OID_DS, 3, 1 96399ebb4caSwyllys #define OID_DAP_LENGTH (OID_DS_LENGTH + 2) 96499ebb4caSwyllys 96599ebb4caSwyllys /* From x9.57 */ 96699ebb4caSwyllys #define OID_OIW_LENGTH 2 96799ebb4caSwyllys 96899ebb4caSwyllys #define OID_OIW_SECSIG OID_OIW, 3 96999ebb4caSwyllys #define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1) 97099ebb4caSwyllys 97199ebb4caSwyllys #define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 97299ebb4caSwyllys #define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1) 97399ebb4caSwyllys 97499ebb4caSwyllys #define OID_OIWDIR OID_OIW, 7, 2 97599ebb4caSwyllys #define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2) 97699ebb4caSwyllys 97799ebb4caSwyllys #define OID_OIWDIR_CRPT OID_OIWDIR, 1 97899ebb4caSwyllys 97999ebb4caSwyllys #define OID_OIWDIR_HASH OID_OIWDIR, 2 98099ebb4caSwyllys #define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1) 98199ebb4caSwyllys 98299ebb4caSwyllys #define OID_OIWDIR_SIGN OID_OIWDIR, 3 98399ebb4caSwyllys #define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1) 98499ebb4caSwyllys 98599ebb4caSwyllys #define OID_X9CM OID_US, 206, 56 98699ebb4caSwyllys #define OID_X9CM_MODULE OID_X9CM, 1 98799ebb4caSwyllys #define OID_X9CM_INSTRUCTION OID_X9CM, 2 98899ebb4caSwyllys #define OID_X9CM_ATTR OID_X9CM, 3 98999ebb4caSwyllys #define OID_X9CM_X9ALGORITHM OID_X9CM, 4 99099ebb4caSwyllys #define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1) 99199ebb4caSwyllys 99299ebb4caSwyllys #define INTEL 96, 134, 72, 1, 134, 248, 77 99399ebb4caSwyllys #define INTEL_LENGTH 7 99499ebb4caSwyllys 99599ebb4caSwyllys #define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 99699ebb4caSwyllys #define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) 99799ebb4caSwyllys 99899ebb4caSwyllys #define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 99999ebb4caSwyllys #define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) 100099ebb4caSwyllys 100199ebb4caSwyllys extern const KMF_OID 100299ebb4caSwyllys KMFOID_AliasedEntryName, 100399ebb4caSwyllys KMFOID_AuthorityRevocationList, 100499ebb4caSwyllys KMFOID_BusinessCategory, 100599ebb4caSwyllys KMFOID_CACertificate, 100699ebb4caSwyllys KMFOID_CertificateRevocationList, 100799ebb4caSwyllys KMFOID_ChallengePassword, 100899ebb4caSwyllys KMFOID_CollectiveFacsimileTelephoneNumber, 100999ebb4caSwyllys KMFOID_CollectiveInternationalISDNNumber, 101099ebb4caSwyllys KMFOID_CollectiveOrganizationName, 101199ebb4caSwyllys KMFOID_CollectiveOrganizationalUnitName, 101299ebb4caSwyllys KMFOID_CollectivePhysicalDeliveryOfficeName, 101399ebb4caSwyllys KMFOID_CollectivePostOfficeBox, 101499ebb4caSwyllys KMFOID_CollectivePostalAddress, 101599ebb4caSwyllys KMFOID_CollectivePostalCode, 101699ebb4caSwyllys KMFOID_CollectiveStateProvinceName, 101799ebb4caSwyllys KMFOID_CollectiveStreetAddress, 101899ebb4caSwyllys KMFOID_CollectiveTelephoneNumber, 101999ebb4caSwyllys KMFOID_CollectiveTelexNumber, 102099ebb4caSwyllys KMFOID_CollectiveTelexTerminalIdentifier, 102199ebb4caSwyllys KMFOID_CommonName, 102299ebb4caSwyllys KMFOID_ContentType, 102399ebb4caSwyllys KMFOID_CounterSignature, 102499ebb4caSwyllys KMFOID_CountryName, 102599ebb4caSwyllys KMFOID_CrossCertificatePair, 102699ebb4caSwyllys KMFOID_DNQualifier, 102799ebb4caSwyllys KMFOID_Description, 102899ebb4caSwyllys KMFOID_DestinationIndicator, 102999ebb4caSwyllys KMFOID_DistinguishedName, 103099ebb4caSwyllys KMFOID_EmailAddress, 103199ebb4caSwyllys KMFOID_EnhancedSearchGuide, 103299ebb4caSwyllys KMFOID_ExtendedCertificateAttributes, 103399ebb4caSwyllys KMFOID_ExtensionRequest, 103499ebb4caSwyllys KMFOID_FacsimileTelephoneNumber, 103599ebb4caSwyllys KMFOID_GenerationQualifier, 103699ebb4caSwyllys KMFOID_GivenName, 103799ebb4caSwyllys KMFOID_HouseIdentifier, 103899ebb4caSwyllys KMFOID_Initials, 103999ebb4caSwyllys KMFOID_InternationalISDNNumber, 104099ebb4caSwyllys KMFOID_KnowledgeInformation, 104199ebb4caSwyllys KMFOID_LocalityName, 104299ebb4caSwyllys KMFOID_Member, 104399ebb4caSwyllys KMFOID_MessageDigest, 104499ebb4caSwyllys KMFOID_Name, 104599ebb4caSwyllys KMFOID_ObjectClass, 104699ebb4caSwyllys KMFOID_OrganizationName, 104799ebb4caSwyllys KMFOID_OrganizationalUnitName, 104899ebb4caSwyllys KMFOID_Owner, 104999ebb4caSwyllys KMFOID_PhysicalDeliveryOfficeName, 105099ebb4caSwyllys KMFOID_PostOfficeBox, 105199ebb4caSwyllys KMFOID_PostalAddress, 105299ebb4caSwyllys KMFOID_PostalCode, 105399ebb4caSwyllys KMFOID_PreferredDeliveryMethod, 105499ebb4caSwyllys KMFOID_PresentationAddress, 105599ebb4caSwyllys KMFOID_ProtocolInformation, 105699ebb4caSwyllys KMFOID_RFC822mailbox, 105799ebb4caSwyllys KMFOID_RegisteredAddress, 105899ebb4caSwyllys KMFOID_RoleOccupant, 105999ebb4caSwyllys KMFOID_SearchGuide, 106099ebb4caSwyllys KMFOID_SeeAlso, 106199ebb4caSwyllys KMFOID_SerialNumber, 106299ebb4caSwyllys KMFOID_SigningTime, 106399ebb4caSwyllys KMFOID_StateProvinceName, 106499ebb4caSwyllys KMFOID_StreetAddress, 106599ebb4caSwyllys KMFOID_SupportedApplicationContext, 106699ebb4caSwyllys KMFOID_Surname, 106799ebb4caSwyllys KMFOID_TelephoneNumber, 106899ebb4caSwyllys KMFOID_TelexNumber, 106999ebb4caSwyllys KMFOID_TelexTerminalIdentifier, 107099ebb4caSwyllys KMFOID_Title, 107199ebb4caSwyllys KMFOID_UniqueIdentifier, 107299ebb4caSwyllys KMFOID_UniqueMember, 107399ebb4caSwyllys KMFOID_UnstructuredAddress, 107499ebb4caSwyllys KMFOID_UnstructuredName, 107599ebb4caSwyllys KMFOID_UserCertificate, 107699ebb4caSwyllys KMFOID_UserPassword, 107799ebb4caSwyllys KMFOID_X_121Address, 107899ebb4caSwyllys KMFOID_domainComponent, 107999ebb4caSwyllys KMFOID_userid; 108099ebb4caSwyllys 108199ebb4caSwyllys extern const KMF_OID 108299ebb4caSwyllys KMFOID_AuthorityKeyID, 108399ebb4caSwyllys KMFOID_AuthorityInfoAccess, 108499ebb4caSwyllys KMFOID_VerisignCertificatePolicy, 108599ebb4caSwyllys KMFOID_KeyUsageRestriction, 108699ebb4caSwyllys KMFOID_SubjectDirectoryAttributes, 108799ebb4caSwyllys KMFOID_SubjectKeyIdentifier, 108899ebb4caSwyllys KMFOID_KeyUsage, 108999ebb4caSwyllys KMFOID_PrivateKeyUsagePeriod, 109099ebb4caSwyllys KMFOID_SubjectAltName, 109199ebb4caSwyllys KMFOID_IssuerAltName, 109299ebb4caSwyllys KMFOID_BasicConstraints, 109399ebb4caSwyllys KMFOID_CrlNumber, 109499ebb4caSwyllys KMFOID_CrlReason, 109599ebb4caSwyllys KMFOID_HoldInstructionCode, 109699ebb4caSwyllys KMFOID_InvalidityDate, 109799ebb4caSwyllys KMFOID_DeltaCrlIndicator, 109899ebb4caSwyllys KMFOID_IssuingDistributionPoints, 109999ebb4caSwyllys KMFOID_NameConstraints, 110099ebb4caSwyllys KMFOID_CrlDistributionPoints, 110199ebb4caSwyllys KMFOID_CertificatePolicies, 110299ebb4caSwyllys KMFOID_PolicyMappings, 110399ebb4caSwyllys KMFOID_PolicyConstraints, 110499ebb4caSwyllys KMFOID_AuthorityKeyIdentifier, 110599ebb4caSwyllys KMFOID_ExtendedKeyUsage, 110699ebb4caSwyllys KMFOID_PkixAdOcsp, 110799ebb4caSwyllys KMFOID_PkixAdCaIssuers, 110899ebb4caSwyllys KMFOID_PKIX_PQ_CPSuri, 110999ebb4caSwyllys KMFOID_PKIX_PQ_Unotice, 111099ebb4caSwyllys KMFOID_PKIX_KP_ServerAuth, 111199ebb4caSwyllys KMFOID_PKIX_KP_ClientAuth, 111299ebb4caSwyllys KMFOID_PKIX_KP_CodeSigning, 111399ebb4caSwyllys KMFOID_PKIX_KP_EmailProtection, 111499ebb4caSwyllys KMFOID_PKIX_KP_IPSecEndSystem, 111599ebb4caSwyllys KMFOID_PKIX_KP_IPSecTunnel, 111699ebb4caSwyllys KMFOID_PKIX_KP_IPSecUser, 111799ebb4caSwyllys KMFOID_PKIX_KP_TimeStamping, 111802744e81Swyllys KMFOID_PKIX_KP_OCSPSigning, 111902744e81Swyllys KMFOID_SHA1, 112002744e81Swyllys KMFOID_RSA, 112102744e81Swyllys KMFOID_DSA, 112202744e81Swyllys KMFOID_MD5WithRSA, 112302744e81Swyllys KMFOID_MD2WithRSA, 112402744e81Swyllys KMFOID_SHA1WithRSA, 112502744e81Swyllys KMFOID_SHA1WithDSA, 112602744e81Swyllys KMFOID_OIW_DSAWithSHA1, 112702744e81Swyllys KMFOID_X9CM_DSA, 112802744e81Swyllys KMFOID_X9CM_DSAWithSHA1; 112999ebb4caSwyllys 113099ebb4caSwyllys /* 113199ebb4caSwyllys * KMF Certificate validation codes. These may be masked together. 113299ebb4caSwyllys */ 113399ebb4caSwyllys #define KMF_CERT_VALIDATE_OK 0x00 113499ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_TA 0x01 113599ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_USER 0x02 113699ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04 113799ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08 113899ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10 113999ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_TIME 0x20 114099ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_CRL 0x40 114199ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_OCSP 0x80 114299ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_ISSUER 0x100 114399ebb4caSwyllys 114499ebb4caSwyllys /* 114599ebb4caSwyllys * KMF Key Usage bitmasks 114699ebb4caSwyllys */ 114799ebb4caSwyllys #define KMF_digitalSignature 0x8000 114899ebb4caSwyllys #define KMF_nonRepudiation 0x4000 114999ebb4caSwyllys #define KMF_keyEncipherment 0x2000 115099ebb4caSwyllys #define KMF_dataEncipherment 0x1000 115199ebb4caSwyllys #define KMF_keyAgreement 0x0800 115299ebb4caSwyllys #define KMF_keyCertSign 0x0400 115399ebb4caSwyllys #define KMF_cRLSign 0x0200 115499ebb4caSwyllys #define KMF_encipherOnly 0x0100 115599ebb4caSwyllys #define KMF_decipherOnly 0x0080 115699ebb4caSwyllys 115799ebb4caSwyllys #define KMF_KUBITMASK 0xFF80 115899ebb4caSwyllys 115999ebb4caSwyllys /* 116099ebb4caSwyllys * KMF Extended KeyUsage OID definitions 116199ebb4caSwyllys */ 116299ebb4caSwyllys #define KMF_EKU_SERVERAUTH 0x01 116399ebb4caSwyllys #define KMF_EKU_CLIENTAUTH 0x02 116499ebb4caSwyllys #define KMF_EKU_CODESIGNING 0x04 116599ebb4caSwyllys #define KMF_EKU_EMAIL 0x08 116699ebb4caSwyllys #define KMF_EKU_TIMESTAMP 0x10 116799ebb4caSwyllys #define KMF_EKU_OCSPSIGNING 0x20 116899ebb4caSwyllys 116999ebb4caSwyllys 117030a5e8faSwyllys /* 117130a5e8faSwyllys * Legacy support only - do not use these data structures - they can be 117230a5e8faSwyllys * removed at any time. 117330a5e8faSwyllys */ 117430a5e8faSwyllys 117530a5e8faSwyllys /* Keystore Configuration */ 117630a5e8faSwyllys typedef struct { 117730a5e8faSwyllys char *configdir; 117830a5e8faSwyllys char *certPrefix; 117930a5e8faSwyllys char *keyPrefix; 118030a5e8faSwyllys char *secModName; 118130a5e8faSwyllys } KMF_NSS_CONFIG; 118230a5e8faSwyllys 118330a5e8faSwyllys typedef struct { 118430a5e8faSwyllys char *label; 118530a5e8faSwyllys boolean_t readonly; 118630a5e8faSwyllys } KMF_PKCS11_CONFIG; 118730a5e8faSwyllys 118830a5e8faSwyllys typedef struct { 118930a5e8faSwyllys KMF_KEYSTORE_TYPE kstype; 119030a5e8faSwyllys union { 119130a5e8faSwyllys KMF_NSS_CONFIG nss_conf; 119230a5e8faSwyllys KMF_PKCS11_CONFIG pkcs11_conf; 119330a5e8faSwyllys } ks_config_u; 119430a5e8faSwyllys } KMF_CONFIG_PARAMS; 119530a5e8faSwyllys 119630a5e8faSwyllys #define nssconfig ks_config_u.nss_conf 119730a5e8faSwyllys #define pkcs11config ks_config_u.pkcs11_conf 119830a5e8faSwyllys 119930a5e8faSwyllys 120030a5e8faSwyllys typedef struct 120130a5e8faSwyllys { 120230a5e8faSwyllys char *trustflag; 120330a5e8faSwyllys char *slotlabel; /* "internal" by default */ 120430a5e8faSwyllys int issuerId; 120530a5e8faSwyllys int subjectId; 120630a5e8faSwyllys char *crlfile; /* for ImportCRL */ 120730a5e8faSwyllys boolean_t crl_check; /* for ImportCRL */ 120830a5e8faSwyllys 120930a5e8faSwyllys /* 121030a5e8faSwyllys * The following 2 variables are for FindCertInCRL. The caller can 121130a5e8faSwyllys * either specify certLabel or provide the entire certificate in 121230a5e8faSwyllys * DER format as input. 121330a5e8faSwyllys */ 121430a5e8faSwyllys char *certLabel; /* for FindCertInCRL */ 121530a5e8faSwyllys KMF_DATA *certificate; /* for FindCertInCRL */ 121630a5e8faSwyllys 121730a5e8faSwyllys /* 121830a5e8faSwyllys * crl_subjName and crl_issuerName are used as the CRL deletion 121930a5e8faSwyllys * criteria. One should be non-NULL and the other one should be NULL. 122030a5e8faSwyllys * If crl_subjName is not NULL, then delete CRL by the subject name. 122130a5e8faSwyllys * Othewise, delete by the issuer name. 122230a5e8faSwyllys */ 122330a5e8faSwyllys char *crl_subjName; 122430a5e8faSwyllys char *crl_issuerName; 122530a5e8faSwyllys } KMF_NSS_PARAMS; 122630a5e8faSwyllys 122730a5e8faSwyllys typedef struct { 122830a5e8faSwyllys char *dirpath; 122930a5e8faSwyllys char *certfile; 123030a5e8faSwyllys char *crlfile; 123130a5e8faSwyllys char *keyfile; 123230a5e8faSwyllys char *outcrlfile; 123330a5e8faSwyllys boolean_t crl_check; /* CRL import check; default is true */ 123430a5e8faSwyllys KMF_ENCODE_FORMAT format; /* output file format */ 123530a5e8faSwyllys } KMF_OPENSSL_PARAMS; 123630a5e8faSwyllys 123730a5e8faSwyllys typedef struct { 123830a5e8faSwyllys boolean_t private; /* for finding CKA_PRIVATE objects */ 123930a5e8faSwyllys boolean_t sensitive; 124030a5e8faSwyllys boolean_t not_extractable; 124130a5e8faSwyllys boolean_t token; /* true == token object, false == session */ 124230a5e8faSwyllys } KMF_PKCS11_PARAMS; 124330a5e8faSwyllys 124430a5e8faSwyllys typedef struct { 124530a5e8faSwyllys KMF_KEYSTORE_TYPE kstype; 124630a5e8faSwyllys char *certLabel; 124730a5e8faSwyllys char *issuer; 124830a5e8faSwyllys char *subject; 124930a5e8faSwyllys char *idstr; 125030a5e8faSwyllys KMF_BIGINT *serial; 125130a5e8faSwyllys KMF_CERT_VALIDITY find_cert_validity; 125230a5e8faSwyllys 125330a5e8faSwyllys union { 125430a5e8faSwyllys KMF_NSS_PARAMS nss_opts; 125530a5e8faSwyllys KMF_OPENSSL_PARAMS openssl_opts; 125630a5e8faSwyllys KMF_PKCS11_PARAMS pkcs11_opts; 125730a5e8faSwyllys } ks_opt_u; 125830a5e8faSwyllys } KMF_FINDCERT_PARAMS, KMF_DELETECERT_PARAMS; 125930a5e8faSwyllys 126030a5e8faSwyllys typedef struct { 126130a5e8faSwyllys KMF_KEYSTORE_TYPE kstype; 126230a5e8faSwyllys KMF_CREDENTIAL cred; 126330a5e8faSwyllys KMF_KEY_CLASS keyclass; 126430a5e8faSwyllys KMF_KEY_ALG keytype; 126530a5e8faSwyllys KMF_ENCODE_FORMAT format; /* for key */ 126630a5e8faSwyllys char *findLabel; 126730a5e8faSwyllys char *idstr; 126830a5e8faSwyllys union { 126930a5e8faSwyllys KMF_NSS_PARAMS nss_opts; 127030a5e8faSwyllys KMF_OPENSSL_PARAMS openssl_opts; 127130a5e8faSwyllys KMF_PKCS11_PARAMS pkcs11_opts; 127230a5e8faSwyllys } ks_opt_u; 127330a5e8faSwyllys } KMF_FINDKEY_PARAMS; 127430a5e8faSwyllys 127530a5e8faSwyllys typedef struct { 127630a5e8faSwyllys KMF_KEYSTORE_TYPE kstype; 127730a5e8faSwyllys KMF_KEY_ALG keytype; 127830a5e8faSwyllys uint32_t keylength; 127930a5e8faSwyllys char *keylabel; 128030a5e8faSwyllys KMF_CREDENTIAL cred; 128130a5e8faSwyllys KMF_BIGINT rsa_exponent; 128230a5e8faSwyllys union { 128330a5e8faSwyllys KMF_NSS_PARAMS nss_opts; 128430a5e8faSwyllys KMF_OPENSSL_PARAMS openssl_opts; 128530a5e8faSwyllys }ks_opt_u; 128630a5e8faSwyllys } KMF_CREATEKEYPAIR_PARAMS; 128730a5e8faSwyllys 128830a5e8faSwyllys 128930a5e8faSwyllys typedef struct { 129030a5e8faSwyllys KMF_KEYSTORE_TYPE kstype; 129130a5e8faSwyllys KMF_CREDENTIAL cred; 129230a5e8faSwyllys KMF_ENCODE_FORMAT format; /* for key */ 129330a5e8faSwyllys char *certLabel; 129430a5e8faSwyllys KMF_ALGORITHM_INDEX algid; 129530a5e8faSwyllys union { 129630a5e8faSwyllys KMF_NSS_PARAMS nss_opts; 129730a5e8faSwyllys KMF_OPENSSL_PARAMS openssl_opts; 129830a5e8faSwyllys }ks_opt_u; 129930a5e8faSwyllys } KMF_CRYPTOWITHCERT_PARAMS; 130030a5e8faSwyllys 130130a5e8faSwyllys typedef struct { 130230a5e8faSwyllys char *crl_name; 130330a5e8faSwyllys } KMF_CHECKCRLDATE_PARAMS; 130430a5e8faSwyllys 130530a5e8faSwyllys #define nssparms ks_opt_u.nss_opts 130630a5e8faSwyllys #define sslparms ks_opt_u.openssl_opts 130730a5e8faSwyllys #define pkcs11parms ks_opt_u.pkcs11_opts 130830a5e8faSwyllys 130999ebb4caSwyllys #ifdef __cplusplus 131099ebb4caSwyllys } 131199ebb4caSwyllys #endif 131299ebb4caSwyllys #endif /* _KMFTYPES_H */ 1313