199ebb4caSwyllys /* 2*9a767088Shaimay * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. 399ebb4caSwyllys */ 499ebb4caSwyllys /* 571593db2Swyllys * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 699ebb4caSwyllys * Use is subject to license terms. 799ebb4caSwyllys */ 899ebb4caSwyllys 999ebb4caSwyllys #ifndef _KMFTYPES_H 1099ebb4caSwyllys #define _KMFTYPES_H 1199ebb4caSwyllys 1299ebb4caSwyllys #pragma ident "%Z%%M% %I% %E% SMI" 1399ebb4caSwyllys 1499ebb4caSwyllys #include <sys/types.h> 1599ebb4caSwyllys #include <stdlib.h> 1699ebb4caSwyllys #include <strings.h> 1799ebb4caSwyllys #include <pthread.h> 1899ebb4caSwyllys 1999ebb4caSwyllys #include <security/cryptoki.h> 2099ebb4caSwyllys 2199ebb4caSwyllys #ifdef __cplusplus 2299ebb4caSwyllys extern "C" { 2399ebb4caSwyllys #endif 2499ebb4caSwyllys 2599ebb4caSwyllys typedef uint32_t KMF_BOOL; 2699ebb4caSwyllys 2799ebb4caSwyllys #define KMF_FALSE (0) 2899ebb4caSwyllys #define KMF_TRUE (1) 2999ebb4caSwyllys 3099ebb4caSwyllys /* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */ 3199ebb4caSwyllys typedef struct _kmf_handle *KMF_HANDLE_T; 3299ebb4caSwyllys 3399ebb4caSwyllys /* 3499ebb4caSwyllys * KMF_DATA 3599ebb4caSwyllys * The KMF_DATA structure is used to associate a length, in bytes, with 3699ebb4caSwyllys * an arbitrary block of contiguous memory. 3799ebb4caSwyllys */ 3899ebb4caSwyllys typedef struct kmf_data 3999ebb4caSwyllys { 4099ebb4caSwyllys size_t Length; /* in bytes */ 4199ebb4caSwyllys uchar_t *Data; 4299ebb4caSwyllys } KMF_DATA; 4399ebb4caSwyllys 4499ebb4caSwyllys typedef struct { 4599ebb4caSwyllys uchar_t *val; 4699ebb4caSwyllys size_t len; 4799ebb4caSwyllys } KMF_BIGINT; 4899ebb4caSwyllys 4999ebb4caSwyllys /* 5099ebb4caSwyllys * KMF_OID 5199ebb4caSwyllys * The object identifier (OID) structure is used to hold a unique identifier for 5299ebb4caSwyllys * the atomic data fields and the compound substructure that comprise the fields 5399ebb4caSwyllys * of a certificate or CRL. 5499ebb4caSwyllys */ 5599ebb4caSwyllys typedef KMF_DATA KMF_OID; 5699ebb4caSwyllys 5799ebb4caSwyllys typedef struct kmf_x509_private { 5899ebb4caSwyllys int keystore_type; 5999ebb4caSwyllys int flags; /* see below */ 6099ebb4caSwyllys char *label; 6199ebb4caSwyllys #define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */ 6299ebb4caSwyllys #define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */ 6399ebb4caSwyllys } KMF_X509_PRIVATE, KMF_X509_PRIVATE_PTR; 6499ebb4caSwyllys 6599ebb4caSwyllys /* 6699ebb4caSwyllys * KMF_X509_DER_CERT 6799ebb4caSwyllys * This structure associates packed DER certificate data. 6899ebb4caSwyllys * Also, it contains the private information internal used 6999ebb4caSwyllys * by KMF layer. 7099ebb4caSwyllys */ 7199ebb4caSwyllys typedef struct 7299ebb4caSwyllys { 7399ebb4caSwyllys KMF_DATA certificate; 7499ebb4caSwyllys KMF_X509_PRIVATE kmf_private; 7599ebb4caSwyllys } KMF_X509_DER_CERT; 7699ebb4caSwyllys 7799ebb4caSwyllys typedef enum { 7899ebb4caSwyllys KMF_KEYSTORE_NSS = 1, 7999ebb4caSwyllys KMF_KEYSTORE_OPENSSL = 2, 8099ebb4caSwyllys KMF_KEYSTORE_PK11TOKEN = 3, 8199ebb4caSwyllys KMF_KEYSTORE_DEFAULT /* based on configuration */ 8299ebb4caSwyllys } KMF_KEYSTORE_TYPE; 8399ebb4caSwyllys 8499ebb4caSwyllys #define VALID_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\ 8599ebb4caSwyllys (t <= KMF_KEYSTORE_PK11TOKEN)) 8699ebb4caSwyllys 8799ebb4caSwyllys typedef enum { 8899ebb4caSwyllys KMF_FORMAT_UNDEF = 0, 8999ebb4caSwyllys KMF_FORMAT_ASN1 = 1, /* DER */ 9099ebb4caSwyllys KMF_FORMAT_PEM = 2, 9199ebb4caSwyllys KMF_FORMAT_PKCS12 = 3, 9271593db2Swyllys KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */ 9371593db2Swyllys KMF_FORMAT_PEM_KEYPAIR = 5 9499ebb4caSwyllys } KMF_ENCODE_FORMAT; 9571593db2Swyllys #define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF 9699ebb4caSwyllys 9799ebb4caSwyllys typedef enum { 9899ebb4caSwyllys KMF_ALL_CERTS = 0, 9999ebb4caSwyllys KMF_NONEXPIRED_CERTS = 1, 10099ebb4caSwyllys KMF_EXPIRED_CERTS = 2 10199ebb4caSwyllys } KMF_CERT_VALIDITY; 10299ebb4caSwyllys 10399ebb4caSwyllys typedef enum { 10499ebb4caSwyllys KMF_KU_SIGN_CERT = 0, 10599ebb4caSwyllys KMF_KU_SIGN_DATA = 1, 10699ebb4caSwyllys KMF_KU_ENCRYPT_DATA = 2 10799ebb4caSwyllys } KMF_KU_PURPOSE; 10899ebb4caSwyllys 10999ebb4caSwyllys 11099ebb4caSwyllys /* Keystore Configuration */ 11199ebb4caSwyllys typedef struct { 11299ebb4caSwyllys char *configdir; 11399ebb4caSwyllys char *certPrefix; 11499ebb4caSwyllys char *keyPrefix; 11599ebb4caSwyllys char *secModName; 11699ebb4caSwyllys } KMF_NSS_CONFIG; 11799ebb4caSwyllys 11899ebb4caSwyllys typedef struct { 11999ebb4caSwyllys char *label; 12099ebb4caSwyllys boolean_t readonly; 12199ebb4caSwyllys } KMF_PKCS11_CONFIG; 12299ebb4caSwyllys 12399ebb4caSwyllys typedef struct { 12499ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 12599ebb4caSwyllys union { 12699ebb4caSwyllys KMF_NSS_CONFIG nss_conf; 12799ebb4caSwyllys KMF_PKCS11_CONFIG pkcs11_conf; 12899ebb4caSwyllys } ks_config_u; 12999ebb4caSwyllys } KMF_CONFIG_PARAMS; 13099ebb4caSwyllys 13199ebb4caSwyllys #define nssconfig ks_config_u.nss_conf 13299ebb4caSwyllys #define pkcs11config ks_config_u.pkcs11_conf 13399ebb4caSwyllys 13499ebb4caSwyllys /* 13599ebb4caSwyllys * Generic credential structure used by other structures below 13699ebb4caSwyllys * to convey authentication information to the underlying 13799ebb4caSwyllys * mechanisms. 13899ebb4caSwyllys */ 13999ebb4caSwyllys typedef struct { 14099ebb4caSwyllys char *cred; 14199ebb4caSwyllys uint32_t credlen; 14299ebb4caSwyllys } KMF_CREDENTIAL; 14399ebb4caSwyllys 14499ebb4caSwyllys typedef struct 14599ebb4caSwyllys { 14699ebb4caSwyllys char *trustflag; 14799ebb4caSwyllys char *slotlabel; /* "internal" by default */ 14899ebb4caSwyllys int issuerId; 14999ebb4caSwyllys int subjectId; 15099ebb4caSwyllys char *crlfile; /* for ImportCRL */ 15199ebb4caSwyllys boolean_t crl_check; /* for ImportCRL */ 15299ebb4caSwyllys 15399ebb4caSwyllys /* 15499ebb4caSwyllys * crl_subjName and crl_issuerName are used as the CRL deletion 15599ebb4caSwyllys * criteria. One should be non-NULL and the other one should be NULL. 15699ebb4caSwyllys * If crl_subjName is not NULL, then delete CRL by the subject name. 15799ebb4caSwyllys * Othewise, delete by the issuer name. 15899ebb4caSwyllys */ 15999ebb4caSwyllys char *crl_subjName; 16099ebb4caSwyllys char *crl_issuerName; 16199ebb4caSwyllys } KMF_NSS_PARAMS; 16299ebb4caSwyllys 16399ebb4caSwyllys typedef struct { 16499ebb4caSwyllys char *dirpath; 16599ebb4caSwyllys char *certfile; 16699ebb4caSwyllys char *crlfile; 16799ebb4caSwyllys char *keyfile; 16899ebb4caSwyllys char *outcrlfile; 16999ebb4caSwyllys boolean_t crl_check; /* CRL import check; default is true */ 17099ebb4caSwyllys KMF_ENCODE_FORMAT format; /* output file format */ 17199ebb4caSwyllys } KMF_OPENSSL_PARAMS; 17299ebb4caSwyllys 17399ebb4caSwyllys typedef struct { 17499ebb4caSwyllys boolean_t private; /* for finding CKA_PRIVATE objects */ 17599ebb4caSwyllys boolean_t sensitive; 17699ebb4caSwyllys boolean_t not_extractable; 17771593db2Swyllys boolean_t token; /* true == token object, false == session */ 17899ebb4caSwyllys } KMF_PKCS11_PARAMS; 17999ebb4caSwyllys 18099ebb4caSwyllys typedef struct { 18199ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 18299ebb4caSwyllys char *certLabel; 18399ebb4caSwyllys char *issuer; 18499ebb4caSwyllys char *subject; 18599ebb4caSwyllys char *idstr; 18699ebb4caSwyllys KMF_BIGINT *serial; 18799ebb4caSwyllys KMF_CERT_VALIDITY find_cert_validity; 18899ebb4caSwyllys 18999ebb4caSwyllys union { 19099ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 19199ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 19299ebb4caSwyllys KMF_PKCS11_PARAMS pkcs11_opts; 19399ebb4caSwyllys } ks_opt_u; 19499ebb4caSwyllys } KMF_FINDCERT_PARAMS, KMF_DELETECERT_PARAMS; 19599ebb4caSwyllys 19699ebb4caSwyllys typedef struct { 19799ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 19899ebb4caSwyllys char *certLabel; 19999ebb4caSwyllys char *issuer; 20099ebb4caSwyllys char *subject; 20199ebb4caSwyllys char *idstr; 20299ebb4caSwyllys KMF_BIGINT *serial; 20399ebb4caSwyllys KMF_DATA *ocsp_response; 20499ebb4caSwyllys 20599ebb4caSwyllys union { 20699ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 20799ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 20899ebb4caSwyllys KMF_PKCS11_PARAMS pkcs11_opts; 20999ebb4caSwyllys } ks_opt_u; 21099ebb4caSwyllys } KMF_VALIDATECERT_PARAMS; 21199ebb4caSwyllys 21299ebb4caSwyllys typedef enum { 21399ebb4caSwyllys KMF_KEYALG_NONE = 0, 21499ebb4caSwyllys KMF_RSA = 1, 21599ebb4caSwyllys KMF_DSA = 2, 21699ebb4caSwyllys KMF_AES = 3, 21799ebb4caSwyllys KMF_RC4 = 4, 21899ebb4caSwyllys KMF_DES = 5, 21999ebb4caSwyllys KMF_DES3 = 6 22099ebb4caSwyllys }KMF_KEY_ALG; 22199ebb4caSwyllys 22299ebb4caSwyllys typedef enum { 22399ebb4caSwyllys KMF_KEYCLASS_NONE = 0, 22499ebb4caSwyllys KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */ 22599ebb4caSwyllys KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */ 22699ebb4caSwyllys KMF_SYMMETRIC = 3 /* symmetric key */ 22799ebb4caSwyllys }KMF_KEY_CLASS; 22899ebb4caSwyllys 22999ebb4caSwyllys typedef struct { 23099ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 23199ebb4caSwyllys KMF_CREDENTIAL cred; 23299ebb4caSwyllys KMF_KEY_CLASS keyclass; 23399ebb4caSwyllys KMF_KEY_ALG keytype; 23499ebb4caSwyllys KMF_ENCODE_FORMAT format; /* for key */ 23599ebb4caSwyllys char *findLabel; 23699ebb4caSwyllys char *idstr; 23799ebb4caSwyllys union { 23899ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 23999ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 24099ebb4caSwyllys KMF_PKCS11_PARAMS pkcs11_opts; 24199ebb4caSwyllys } ks_opt_u; 24299ebb4caSwyllys } KMF_FINDKEY_PARAMS; 24399ebb4caSwyllys 24499ebb4caSwyllys typedef struct { 24599ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; /* all */ 24699ebb4caSwyllys char *certLabel; 24799ebb4caSwyllys 24899ebb4caSwyllys union { 24999ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 25099ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 25199ebb4caSwyllys } ks_opt_u; 25299ebb4caSwyllys } KMF_STORECERT_PARAMS; 25399ebb4caSwyllys 25499ebb4caSwyllys typedef struct { 25599ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 25699ebb4caSwyllys KMF_CREDENTIAL cred; 25799ebb4caSwyllys KMF_DATA *certificate; 25899ebb4caSwyllys char *label; 25999ebb4caSwyllys union { 26099ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 26199ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 26299ebb4caSwyllys } ks_opt_u; 26399ebb4caSwyllys } KMF_STOREKEY_PARAMS; 26499ebb4caSwyllys 26599ebb4caSwyllys typedef struct { 26699ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 26799ebb4caSwyllys KMF_CREDENTIAL cred; 26899ebb4caSwyllys union { 26999ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 27099ebb4caSwyllys } ks_opt_u; 27199ebb4caSwyllys } KMF_DELETEKEY_PARAMS; 27299ebb4caSwyllys 27399ebb4caSwyllys typedef struct { 27499ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 27599ebb4caSwyllys char *certfile; 27699ebb4caSwyllys char *certLabel; 27799ebb4caSwyllys 27899ebb4caSwyllys union { 27999ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 28099ebb4caSwyllys } ks_opt_u; 28199ebb4caSwyllys } KMF_IMPORTCERT_PARAMS; 28299ebb4caSwyllys 28399ebb4caSwyllys typedef enum { 28499ebb4caSwyllys KMF_CERT = 0, 28599ebb4caSwyllys KMF_CSR = 1, 28699ebb4caSwyllys KMF_CRL = 2 28799ebb4caSwyllys }KMF_OBJECT_TYPE; 28899ebb4caSwyllys 28999ebb4caSwyllys typedef struct { 29099ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 29199ebb4caSwyllys KMF_KEY_ALG keytype; 29299ebb4caSwyllys uint32_t keylength; 29399ebb4caSwyllys char *keylabel; 29499ebb4caSwyllys KMF_CREDENTIAL cred; 29599ebb4caSwyllys KMF_BIGINT rsa_exponent; 29699ebb4caSwyllys union { 29799ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 29899ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 29999ebb4caSwyllys }ks_opt_u; 30099ebb4caSwyllys } KMF_CREATEKEYPAIR_PARAMS; 30199ebb4caSwyllys 30299ebb4caSwyllys typedef struct { 30399ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 30499ebb4caSwyllys union { 30599ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 30699ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 30799ebb4caSwyllys } ks_opt_u; 30899ebb4caSwyllys } KMF_IMPORTCRL_PARAMS; 30999ebb4caSwyllys 31099ebb4caSwyllys typedef struct { 31199ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 31299ebb4caSwyllys union { 31399ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 31499ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 31599ebb4caSwyllys } ks_opt_u; 31699ebb4caSwyllys } KMF_DELETECRL_PARAMS; 31799ebb4caSwyllys 31899ebb4caSwyllys typedef struct { 31999ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 32099ebb4caSwyllys union { 32199ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 32299ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 32399ebb4caSwyllys } ks_opt_u; 32499ebb4caSwyllys } KMF_LISTCRL_PARAMS; 32599ebb4caSwyllys 32699ebb4caSwyllys typedef struct { 32799ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 32899ebb4caSwyllys union { 32999ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 33099ebb4caSwyllys } ks_opt_u; 33199ebb4caSwyllys } KMF_FINDCRL_PARAMS; 33299ebb4caSwyllys 33399ebb4caSwyllys typedef struct { 33499ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 33599ebb4caSwyllys char *certLabel; 33699ebb4caSwyllys 33799ebb4caSwyllys union { 33899ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 33999ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 34099ebb4caSwyllys } ks_opt_u; 34199ebb4caSwyllys } KMF_FINDCERTINCRL_PARAMS; 34299ebb4caSwyllys 34399ebb4caSwyllys typedef struct { 34499ebb4caSwyllys char *crl_name; 34599ebb4caSwyllys KMF_DATA *tacert; 34699ebb4caSwyllys } KMF_VERIFYCRL_PARAMS; 34799ebb4caSwyllys 34899ebb4caSwyllys typedef struct { 34999ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 35099ebb4caSwyllys KMF_CREDENTIAL cred; 35199ebb4caSwyllys KMF_ENCODE_FORMAT format; /* for key */ 35299ebb4caSwyllys char *certLabel; 35399ebb4caSwyllys union { 35499ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 35599ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 35699ebb4caSwyllys }ks_opt_u; 35799ebb4caSwyllys } KMF_CRYPTOWITHCERT_PARAMS; 35899ebb4caSwyllys 35999ebb4caSwyllys typedef struct { 36099ebb4caSwyllys char *crl_name; 36199ebb4caSwyllys } KMF_CHECKCRLDATE_PARAMS; 36299ebb4caSwyllys 36399ebb4caSwyllys typedef struct { 36499ebb4caSwyllys CK_SLOT_ID slot; 36599ebb4caSwyllys } pk11_setpin_opts; 36699ebb4caSwyllys 36799ebb4caSwyllys typedef struct { 36899ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 36999ebb4caSwyllys char *tokenname; 37099ebb4caSwyllys KMF_CREDENTIAL cred; /* current token PIN */ 37199ebb4caSwyllys union { 37299ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 37399ebb4caSwyllys pk11_setpin_opts pkcs11_opts; 37499ebb4caSwyllys }ks_opt_u; 37599ebb4caSwyllys } KMF_SETPIN_PARAMS; 37699ebb4caSwyllys 37799ebb4caSwyllys typedef struct { 37899ebb4caSwyllys KMF_BIGINT mod; 37999ebb4caSwyllys KMF_BIGINT pubexp; 38099ebb4caSwyllys KMF_BIGINT priexp; 38199ebb4caSwyllys KMF_BIGINT prime1; 38299ebb4caSwyllys KMF_BIGINT prime2; 38399ebb4caSwyllys KMF_BIGINT exp1; 38499ebb4caSwyllys KMF_BIGINT exp2; 38599ebb4caSwyllys KMF_BIGINT coef; 38699ebb4caSwyllys } KMF_RAW_RSA_KEY; 38799ebb4caSwyllys 38899ebb4caSwyllys typedef struct { 38999ebb4caSwyllys KMF_BIGINT prime; 39099ebb4caSwyllys KMF_BIGINT subprime; 39199ebb4caSwyllys KMF_BIGINT base; 39299ebb4caSwyllys KMF_BIGINT value; 39399ebb4caSwyllys } KMF_RAW_DSA_KEY; 39499ebb4caSwyllys 39599ebb4caSwyllys typedef struct { 39699ebb4caSwyllys KMF_BIGINT keydata; 39799ebb4caSwyllys } KMF_RAW_SYM_KEY; 39899ebb4caSwyllys 39999ebb4caSwyllys typedef struct { 40099ebb4caSwyllys KMF_KEY_ALG keytype; 40199ebb4caSwyllys union { 40299ebb4caSwyllys KMF_RAW_RSA_KEY rsa; 40399ebb4caSwyllys KMF_RAW_DSA_KEY dsa; 40499ebb4caSwyllys KMF_RAW_SYM_KEY sym; 40599ebb4caSwyllys }rawdata; 40699ebb4caSwyllys } KMF_RAW_KEY_DATA; 40799ebb4caSwyllys 40899ebb4caSwyllys typedef struct { 40999ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 41099ebb4caSwyllys char *certLabel; 41199ebb4caSwyllys char *issuer; 41299ebb4caSwyllys char *subject; 41399ebb4caSwyllys char *idstr; 41499ebb4caSwyllys KMF_BIGINT *serial; 41599ebb4caSwyllys KMF_CREDENTIAL cred; /* cred for accessing the token */ 41699ebb4caSwyllys KMF_CREDENTIAL p12cred; /* cred used for securing the file */ 41799ebb4caSwyllys 41899ebb4caSwyllys union { 41999ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 42099ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 42199ebb4caSwyllys }ks_opt_u; 42299ebb4caSwyllys } KMF_EXPORTP12_PARAMS; 42399ebb4caSwyllys 42499ebb4caSwyllys typedef struct { 42599ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 42699ebb4caSwyllys KMF_KEY_ALG keytype; 42799ebb4caSwyllys uint32_t keylength; 42899ebb4caSwyllys char *keylabel; 42999ebb4caSwyllys KMF_CREDENTIAL cred; 43099ebb4caSwyllys union { 43199ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 43299ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 43399ebb4caSwyllys KMF_PKCS11_PARAMS pkcs11_opts; 43499ebb4caSwyllys }ks_opt_u; 43599ebb4caSwyllys } KMF_CREATESYMKEY_PARAMS; 43699ebb4caSwyllys 43799ebb4caSwyllys /* Data structures for OCSP support */ 43899ebb4caSwyllys typedef struct { 43999ebb4caSwyllys KMF_DATA *issuer_cert; 44099ebb4caSwyllys KMF_DATA *user_cert; 44199ebb4caSwyllys } KMF_OCSPREQUEST_PARAMS; 44299ebb4caSwyllys 44399ebb4caSwyllys typedef struct { 44499ebb4caSwyllys KMF_DATA *response; 44599ebb4caSwyllys KMF_DATA *issuer_cert; 44699ebb4caSwyllys KMF_DATA *user_cert; 44799ebb4caSwyllys KMF_DATA *signer_cert; /* can be NULL */ 44899ebb4caSwyllys boolean_t ignore_response_sign; /* default is FALSE */ 44999ebb4caSwyllys uint32_t response_lifetime; /* in seconds */ 45099ebb4caSwyllys } KMF_OCSPRESPONSE_PARAMS_INPUT; 45199ebb4caSwyllys 45299ebb4caSwyllys typedef enum { 45399ebb4caSwyllys OCSP_GOOD = 0, 45499ebb4caSwyllys OCSP_REVOKED = 1, 45599ebb4caSwyllys OCSP_UNKNOWN = 2 45699ebb4caSwyllys } KMF_OCSP_CERT_STATUS; 45799ebb4caSwyllys 45899ebb4caSwyllys typedef struct { 45999ebb4caSwyllys int response_status; 46099ebb4caSwyllys int reason; /* if revoked */ 46199ebb4caSwyllys KMF_OCSP_CERT_STATUS cert_status; 46299ebb4caSwyllys } KMF_OCSPRESPONSE_PARAMS_OUTPUT; 46399ebb4caSwyllys 46499ebb4caSwyllys #define nssparms ks_opt_u.nss_opts 46599ebb4caSwyllys #define sslparms ks_opt_u.openssl_opts 46699ebb4caSwyllys #define pkcs11parms ks_opt_u.pkcs11_opts 46799ebb4caSwyllys 46899ebb4caSwyllys typedef struct { 46999ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 47099ebb4caSwyllys KMF_KEY_ALG keyalg; 47199ebb4caSwyllys KMF_KEY_CLASS keyclass; 47299ebb4caSwyllys boolean_t israw; 47399ebb4caSwyllys char *keylabel; 47499ebb4caSwyllys void *keyp; 47599ebb4caSwyllys } KMF_KEY_HANDLE; 47699ebb4caSwyllys 47799ebb4caSwyllys typedef struct { 47899ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 47999ebb4caSwyllys uint32_t errcode; 48099ebb4caSwyllys } KMF_ERROR; 48199ebb4caSwyllys 48299ebb4caSwyllys /* 48399ebb4caSwyllys * Typenames to use with subjectAltName 48499ebb4caSwyllys */ 48599ebb4caSwyllys typedef enum { 48699ebb4caSwyllys GENNAME_OTHERNAME = 0x00, 48799ebb4caSwyllys GENNAME_RFC822NAME, 48899ebb4caSwyllys GENNAME_DNSNAME, 48999ebb4caSwyllys GENNAME_X400ADDRESS, 49099ebb4caSwyllys GENNAME_DIRECTORYNAME, 49199ebb4caSwyllys GENNAME_EDIPARTYNAME, 49299ebb4caSwyllys GENNAME_URI, 49399ebb4caSwyllys GENNAME_IPADDRESS, 49499ebb4caSwyllys GENNAME_REGISTEREDID 49599ebb4caSwyllys } KMF_GENERALNAMECHOICES; 49699ebb4caSwyllys 49799ebb4caSwyllys /* 49899ebb4caSwyllys * KMF_FIELD 49999ebb4caSwyllys * This structure contains the OID/value pair for any item that can be 50099ebb4caSwyllys * identified by an OID. 50199ebb4caSwyllys */ 50299ebb4caSwyllys typedef struct 50399ebb4caSwyllys { 50499ebb4caSwyllys KMF_OID FieldOid; 50599ebb4caSwyllys KMF_DATA FieldValue; 50699ebb4caSwyllys } KMF_FIELD; 50799ebb4caSwyllys 50899ebb4caSwyllys typedef enum { 50999ebb4caSwyllys KMF_OK = 0x00, 51099ebb4caSwyllys KMF_ERR_BAD_PARAMETER = 0x01, 51199ebb4caSwyllys KMF_ERR_BAD_KEY_FORMAT = 0x02, 51299ebb4caSwyllys KMF_ERR_BAD_ALGORITHM = 0x03, 51399ebb4caSwyllys KMF_ERR_MEMORY = 0x04, 51499ebb4caSwyllys KMF_ERR_ENCODING = 0x05, 51599ebb4caSwyllys KMF_ERR_PLUGIN_INIT = 0x06, 51699ebb4caSwyllys KMF_ERR_PLUGIN_NOTFOUND = 0x07, 51799ebb4caSwyllys KMF_ERR_INTERNAL = 0x0b, 51899ebb4caSwyllys KMF_ERR_BAD_CERT_FORMAT = 0x0c, 51999ebb4caSwyllys KMF_ERR_KEYGEN_FAILED = 0x0d, 52099ebb4caSwyllys KMF_ERR_UNINITIALIZED = 0x10, 52199ebb4caSwyllys KMF_ERR_ISSUER = 0x11, 52299ebb4caSwyllys KMF_ERR_NOT_REVOKED = 0x12, 52399ebb4caSwyllys KMF_ERR_CERT_NOT_FOUND = 0x13, 52499ebb4caSwyllys KMF_ERR_CRL_NOT_FOUND = 0x14, 52599ebb4caSwyllys KMF_ERR_RDN_PARSER = 0x15, 52699ebb4caSwyllys KMF_ERR_RDN_ATTR = 0x16, 52799ebb4caSwyllys KMF_ERR_SLOTNAME = 0x17, 52899ebb4caSwyllys KMF_ERR_EMPTY_CRL = 0x18, 52999ebb4caSwyllys KMF_ERR_BUFFER_SIZE = 0x19, 53099ebb4caSwyllys KMF_ERR_AUTH_FAILED = 0x1a, 53199ebb4caSwyllys KMF_ERR_TOKEN_SELECTED = 0x1b, 53299ebb4caSwyllys KMF_ERR_NO_TOKEN_SELECTED = 0x1c, 53399ebb4caSwyllys KMF_ERR_TOKEN_NOT_PRESENT = 0x1d, 53499ebb4caSwyllys KMF_ERR_EXTENSION_NOT_FOUND = 0x1e, 53599ebb4caSwyllys KMF_ERR_POLICY_ENGINE = 0x1f, 53699ebb4caSwyllys KMF_ERR_POLICY_DB_FORMAT = 0x20, 53799ebb4caSwyllys KMF_ERR_POLICY_NOT_FOUND = 0x21, 53899ebb4caSwyllys KMF_ERR_POLICY_DB_FILE = 0x22, 53999ebb4caSwyllys KMF_ERR_POLICY_NAME = 0x23, 54099ebb4caSwyllys KMF_ERR_OCSP_POLICY = 0x24, 54199ebb4caSwyllys KMF_ERR_TA_POLICY = 0x25, 54299ebb4caSwyllys KMF_ERR_KEY_NOT_FOUND = 0x26, 54399ebb4caSwyllys KMF_ERR_OPEN_FILE = 0x27, 54499ebb4caSwyllys KMF_ERR_OCSP_BAD_ISSUER = 0x28, 54599ebb4caSwyllys KMF_ERR_OCSP_BAD_CERT = 0x29, 54699ebb4caSwyllys KMF_ERR_OCSP_CREATE_REQUEST = 0x2a, 54799ebb4caSwyllys KMF_ERR_CONNECT_SERVER = 0x2b, 54899ebb4caSwyllys KMF_ERR_SEND_REQUEST = 0x2c, 54999ebb4caSwyllys KMF_ERR_OCSP_CERTID = 0x2d, 55099ebb4caSwyllys KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e, 55199ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f, 55299ebb4caSwyllys KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30, 55399ebb4caSwyllys KMF_ERR_OCSP_BAD_SIGNER = 0x31, 55499ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32, 55599ebb4caSwyllys KMF_ERR_OCSP_UNKNOWN_CERT = 0x33, 55699ebb4caSwyllys KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34, 55799ebb4caSwyllys KMF_ERR_BAD_HTTP_RESPONSE = 0x35, 55899ebb4caSwyllys KMF_ERR_RECV_RESPONSE = 0x36, 55999ebb4caSwyllys KMF_ERR_RECV_TIMEOUT = 0x37, 56099ebb4caSwyllys KMF_ERR_DUPLICATE_KEYFILE = 0x38, 56199ebb4caSwyllys KMF_ERR_AMBIGUOUS_PATHNAME = 0x39, 56299ebb4caSwyllys KMF_ERR_FUNCTION_NOT_FOUND = 0x3a, 56399ebb4caSwyllys KMF_ERR_PKCS12_FORMAT = 0x3b, 56499ebb4caSwyllys KMF_ERR_BAD_KEY_TYPE = 0x3c, 56599ebb4caSwyllys KMF_ERR_BAD_KEY_CLASS = 0x3d, 56699ebb4caSwyllys KMF_ERR_BAD_KEY_SIZE = 0x3e, 56799ebb4caSwyllys KMF_ERR_BAD_HEX_STRING = 0x3f, 56899ebb4caSwyllys KMF_ERR_KEYUSAGE = 0x40, 56999ebb4caSwyllys KMF_ERR_VALIDITY_PERIOD = 0x41, 57099ebb4caSwyllys KMF_ERR_OCSP_REVOKED = 0x42, 57199ebb4caSwyllys KMF_ERR_CERT_MULTIPLE_FOUND = 0x43, 57299ebb4caSwyllys KMF_ERR_WRITE_FILE = 0x44, 57399ebb4caSwyllys KMF_ERR_BAD_URI = 0x45, 57499ebb4caSwyllys KMF_ERR_BAD_CRLFILE = 0x46, 57599ebb4caSwyllys KMF_ERR_BAD_CERTFILE = 0x47, 57699ebb4caSwyllys KMF_ERR_GETKEYVALUE_FAILED = 0x48, 57799ebb4caSwyllys KMF_ERR_BAD_KEYHANDLE = 0x49, 57899ebb4caSwyllys KMF_ERR_BAD_OBJECT_TYPE = 0x4a, 57999ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b, 58099ebb4caSwyllys KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c, 58199ebb4caSwyllys KMF_ERR_UNINITIALIZED_TOKEN = 0x4d, 58299ebb4caSwyllys KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e, 58399ebb4caSwyllys KMF_ERR_MISSING_ERRCODE = 0x4f, 58471593db2Swyllys KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50, 58571593db2Swyllys KMF_ERR_SENSITIVE_KEY = 0x51, 58671593db2Swyllys KMF_ERR_UNEXTRACTABLE_KEY = 0x52, 58771593db2Swyllys KMF_ERR_KEY_MISMATCH = 0x53 58899ebb4caSwyllys } KMF_RETURN; 58999ebb4caSwyllys 59099ebb4caSwyllys typedef enum { 59199ebb4caSwyllys OCSP_SUCCESS = 0, 59299ebb4caSwyllys OCSP_MALFORMED_REQUEST = 1, 59399ebb4caSwyllys OCSP_INTERNAL_ERROR = 2, 59499ebb4caSwyllys OCSP_TRYLATER = 3, 59599ebb4caSwyllys OCSP_SIGREQUIRED = 4, 59699ebb4caSwyllys OCSP_UNAUTHORIZED = 5 59799ebb4caSwyllys } KMF_OCSP_RESPONSE_STATUS; 59899ebb4caSwyllys 59999ebb4caSwyllys typedef enum { 60099ebb4caSwyllys OCSP_NOSTATUS = -1, 60199ebb4caSwyllys OCSP_UNSPECIFIED = 0, 60299ebb4caSwyllys OCSP_KEYCOMPROMISE = 1, 60399ebb4caSwyllys OCSP_CACOMPROMISE = 2, 60499ebb4caSwyllys OCSP_AFFILIATIONCHANGE = 3, 60599ebb4caSwyllys OCSP_SUPERCEDED = 4, 60699ebb4caSwyllys OCSP_CESSATIONOFOPERATION = 5, 60799ebb4caSwyllys OCSP_CERTIFICATEHOLD = 6, 60899ebb4caSwyllys OCSP_REMOVEFROMCRL = 7 60999ebb4caSwyllys } KMF_OCSP_REVOKED_STATUS; 61099ebb4caSwyllys 61199ebb4caSwyllys typedef enum { 61299ebb4caSwyllys KMF_ALGCLASS_NONE = 0, 61399ebb4caSwyllys KMF_ALGCLASS_CUSTOM, 61499ebb4caSwyllys KMF_ALGCLASS_SIGNATURE, 61599ebb4caSwyllys KMF_ALGCLASS_SYMMETRIC, 61699ebb4caSwyllys KMF_ALGCLASS_DIGEST, 61799ebb4caSwyllys KMF_ALGCLASS_RANDOMGEN, 61899ebb4caSwyllys KMF_ALGCLASS_UNIQUEGEN, 61999ebb4caSwyllys KMF_ALGCLASS_MAC, 62099ebb4caSwyllys KMF_ALGCLASS_ASYMMETRIC, 62199ebb4caSwyllys KMF_ALGCLASS_KEYGEN, 62299ebb4caSwyllys KMF_ALGCLASS_DERIVEKEY 62399ebb4caSwyllys } KMF_ALGCLASS; 62499ebb4caSwyllys 62599ebb4caSwyllys /* 62699ebb4caSwyllys * Algorithms 62799ebb4caSwyllys * This type defines a set of constants used to identify cryptographic 62899ebb4caSwyllys * algorithms. 62999ebb4caSwyllys */ 63099ebb4caSwyllys typedef enum { 63199ebb4caSwyllys KMF_ALGID_NONE = 0, 63299ebb4caSwyllys KMF_ALGID_CUSTOM, 63399ebb4caSwyllys KMF_ALGID_SHA1, 63499ebb4caSwyllys KMF_ALGID_RSA, 63599ebb4caSwyllys KMF_ALGID_DSA, 63699ebb4caSwyllys KMF_ALGID_MD5WithRSA, 63799ebb4caSwyllys KMF_ALGID_MD2WithRSA, 63899ebb4caSwyllys KMF_ALGID_SHA1WithRSA, 63999ebb4caSwyllys KMF_ALGID_SHA1WithDSA 64099ebb4caSwyllys } KMF_ALGORITHM_INDEX; 64199ebb4caSwyllys 64299ebb4caSwyllys typedef enum { 64399ebb4caSwyllys KMF_CERT_ISSUER = 1, 64499ebb4caSwyllys KMF_CERT_SUBJECT, 64599ebb4caSwyllys KMF_CERT_VERSION, 64699ebb4caSwyllys KMF_CERT_SERIALNUM, 64799ebb4caSwyllys KMF_CERT_NOTBEFORE, 64899ebb4caSwyllys KMF_CERT_NOTAFTER, 64999ebb4caSwyllys KMF_CERT_PUBKEY_ALG, 65099ebb4caSwyllys KMF_CERT_SIGNATURE_ALG, 65199ebb4caSwyllys KMF_CERT_EMAIL, 65299ebb4caSwyllys KMF_CERT_PUBKEY_DATA, 65399ebb4caSwyllys KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD, 65499ebb4caSwyllys KMF_X509_EXT_CERT_POLICIES, 65599ebb4caSwyllys KMF_X509_EXT_SUBJ_ALTNAME, 65699ebb4caSwyllys KMF_X509_EXT_ISSUER_ALTNAME, 65799ebb4caSwyllys KMF_X509_EXT_BASIC_CONSTRAINTS, 65899ebb4caSwyllys KMF_X509_EXT_NAME_CONSTRAINTS, 65999ebb4caSwyllys KMF_X509_EXT_POLICY_CONSTRAINTS, 66099ebb4caSwyllys KMF_X509_EXT_EXT_KEY_USAGE, 66199ebb4caSwyllys KMF_X509_EXT_INHIBIT_ANY_POLICY, 66299ebb4caSwyllys KMF_X509_EXT_AUTH_KEY_ID, 66399ebb4caSwyllys KMF_X509_EXT_SUBJ_KEY_ID, 66499ebb4caSwyllys KMF_X509_EXT_POLICY_MAPPINGS, 66599ebb4caSwyllys KMF_X509_EXT_CRL_DIST_POINTS, 66699ebb4caSwyllys KMF_X509_EXT_FRESHEST_CRL, 66799ebb4caSwyllys KMF_X509_EXT_KEY_USAGE 66899ebb4caSwyllys } KMF_PRINTABLE_ITEM; 66999ebb4caSwyllys 67099ebb4caSwyllys /* 67199ebb4caSwyllys * KMF_X509_ALGORITHM_IDENTIFIER 67299ebb4caSwyllys * This structure holds an object identifier naming a 67399ebb4caSwyllys * cryptographic algorithm and an optional set of 67499ebb4caSwyllys * parameters to be used as input to that algorithm. 67599ebb4caSwyllys */ 67699ebb4caSwyllys typedef struct 67799ebb4caSwyllys { 67899ebb4caSwyllys KMF_OID algorithm; 67999ebb4caSwyllys KMF_DATA parameters; 68099ebb4caSwyllys } KMF_X509_ALGORITHM_IDENTIFIER; 68199ebb4caSwyllys 68299ebb4caSwyllys /* 68399ebb4caSwyllys * KMF_X509_TYPE_VALUE_PAIR 68499ebb4caSwyllys * This structure contain an type-value pair. 68599ebb4caSwyllys */ 68699ebb4caSwyllys typedef struct 68799ebb4caSwyllys { 68899ebb4caSwyllys KMF_OID type; 68999ebb4caSwyllys uint8_t valueType; /* The Tag to use when BER encoded */ 69099ebb4caSwyllys KMF_DATA value; 69199ebb4caSwyllys } KMF_X509_TYPE_VALUE_PAIR; 69299ebb4caSwyllys 69399ebb4caSwyllys 69499ebb4caSwyllys /* 69599ebb4caSwyllys * KMF_X509_RDN 69699ebb4caSwyllys * This structure contains a Relative Distinguished Name 69799ebb4caSwyllys * composed of an ordered set of type-value pairs. 69899ebb4caSwyllys */ 69999ebb4caSwyllys typedef struct 70099ebb4caSwyllys { 70199ebb4caSwyllys uint32_t numberOfPairs; 70299ebb4caSwyllys KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue; 70399ebb4caSwyllys } KMF_X509_RDN; 70499ebb4caSwyllys 70599ebb4caSwyllys /* 70699ebb4caSwyllys * KMF_X509_NAME 70799ebb4caSwyllys * This structure contains a set of Relative Distinguished Names. 70899ebb4caSwyllys */ 70999ebb4caSwyllys typedef struct 71099ebb4caSwyllys { 71199ebb4caSwyllys uint32_t numberOfRDNs; 71299ebb4caSwyllys KMF_X509_RDN *RelativeDistinguishedName; 71399ebb4caSwyllys } KMF_X509_NAME; 71499ebb4caSwyllys 71599ebb4caSwyllys /* 71699ebb4caSwyllys * KMF_X509_SPKI 71799ebb4caSwyllys * This structure contains the public key and the 71899ebb4caSwyllys * description of the verification algorithm 71999ebb4caSwyllys * appropriate for use with this key. 72099ebb4caSwyllys */ 72199ebb4caSwyllys typedef struct 72299ebb4caSwyllys { 72399ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER algorithm; 72499ebb4caSwyllys KMF_DATA subjectPublicKey; 72599ebb4caSwyllys } KMF_X509_SPKI; 72699ebb4caSwyllys 72799ebb4caSwyllys /* 72899ebb4caSwyllys * KMF_X509_TIME 72999ebb4caSwyllys * Time is represented as a string according to the 73099ebb4caSwyllys * definitions of GeneralizedTime and UTCTime 73199ebb4caSwyllys * defined in RFC 2459. 73299ebb4caSwyllys */ 73399ebb4caSwyllys typedef struct 73499ebb4caSwyllys { 73599ebb4caSwyllys uint8_t timeType; 73699ebb4caSwyllys KMF_DATA time; 73799ebb4caSwyllys } KMF_X509_TIME; 73899ebb4caSwyllys 73999ebb4caSwyllys /* 74099ebb4caSwyllys * KMF_X509_VALIDITY 74199ebb4caSwyllys */ 74299ebb4caSwyllys typedef struct 74399ebb4caSwyllys { 74499ebb4caSwyllys KMF_X509_TIME notBefore; 74599ebb4caSwyllys KMF_X509_TIME notAfter; 74699ebb4caSwyllys } KMF_X509_VALIDITY; 74799ebb4caSwyllys 74899ebb4caSwyllys /* 74999ebb4caSwyllys * KMF_X509EXT_BASICCONSTRAINTS 75099ebb4caSwyllys */ 75199ebb4caSwyllys typedef struct 75299ebb4caSwyllys { 75399ebb4caSwyllys KMF_BOOL cA; 75499ebb4caSwyllys KMF_BOOL pathLenConstraintPresent; 75599ebb4caSwyllys uint32_t pathLenConstraint; 75699ebb4caSwyllys } KMF_X509EXT_BASICCONSTRAINTS; 75799ebb4caSwyllys 75899ebb4caSwyllys /* 75999ebb4caSwyllys * KMF_X509EXT_DATA_FORMAT 76099ebb4caSwyllys * This list defines the valid formats for a certificate extension. 76199ebb4caSwyllys */ 76299ebb4caSwyllys typedef enum 76399ebb4caSwyllys { 76499ebb4caSwyllys KMF_X509_DATAFORMAT_ENCODED = 0, 76599ebb4caSwyllys KMF_X509_DATAFORMAT_PARSED, 76699ebb4caSwyllys KMF_X509_DATAFORMAT_PAIR 76799ebb4caSwyllys } KMF_X509EXT_DATA_FORMAT; 76899ebb4caSwyllys 76999ebb4caSwyllys 77099ebb4caSwyllys /* 77199ebb4caSwyllys * KMF_X509EXT_TAGandVALUE 77299ebb4caSwyllys * This structure contains a BER/DER encoded 77399ebb4caSwyllys * extension value and the type of that value. 77499ebb4caSwyllys */ 77599ebb4caSwyllys typedef struct 77699ebb4caSwyllys { 77799ebb4caSwyllys uint8_t type; 77899ebb4caSwyllys KMF_DATA value; 77999ebb4caSwyllys } KMF_X509EXT_TAGandVALUE; 78099ebb4caSwyllys 78199ebb4caSwyllys 78299ebb4caSwyllys /* 78399ebb4caSwyllys * KMF_X509EXT_PAIR 78499ebb4caSwyllys * This structure aggregates two extension representations: 78599ebb4caSwyllys * a tag and value, and a parsed X509 extension representation. 78699ebb4caSwyllys */ 78799ebb4caSwyllys typedef struct 78899ebb4caSwyllys { 78999ebb4caSwyllys KMF_X509EXT_TAGandVALUE tagAndValue; 79099ebb4caSwyllys void *parsedValue; 79199ebb4caSwyllys } KMF_X509EXT_PAIR; 79299ebb4caSwyllys 79399ebb4caSwyllys /* 79499ebb4caSwyllys * KMF_X509_EXTENSION 79599ebb4caSwyllys * This structure contains a complete certificate extension. 79699ebb4caSwyllys */ 79799ebb4caSwyllys typedef struct 79899ebb4caSwyllys { 79999ebb4caSwyllys KMF_OID extnId; 80099ebb4caSwyllys KMF_BOOL critical; 80199ebb4caSwyllys KMF_X509EXT_DATA_FORMAT format; 80299ebb4caSwyllys union 80399ebb4caSwyllys { 80499ebb4caSwyllys KMF_X509EXT_TAGandVALUE *tagAndValue; 80599ebb4caSwyllys void *parsedValue; 80699ebb4caSwyllys KMF_X509EXT_PAIR *valuePair; 80799ebb4caSwyllys } value; 80899ebb4caSwyllys KMF_DATA BERvalue; 80999ebb4caSwyllys } KMF_X509_EXTENSION; 81099ebb4caSwyllys 81199ebb4caSwyllys 81299ebb4caSwyllys /* 81399ebb4caSwyllys * KMF_X509_EXTENSIONS 81499ebb4caSwyllys * This structure contains the set of all certificate 81599ebb4caSwyllys * extensions contained in a certificate. 81699ebb4caSwyllys */ 81799ebb4caSwyllys typedef struct 81899ebb4caSwyllys { 81999ebb4caSwyllys uint32_t numberOfExtensions; 82099ebb4caSwyllys KMF_X509_EXTENSION *extensions; 82199ebb4caSwyllys } KMF_X509_EXTENSIONS; 82299ebb4caSwyllys 82399ebb4caSwyllys /* 82499ebb4caSwyllys * KMF_X509_TBS_CERT 82599ebb4caSwyllys * This structure contains a complete X.509 certificate. 82699ebb4caSwyllys */ 82799ebb4caSwyllys typedef struct 82899ebb4caSwyllys { 82999ebb4caSwyllys KMF_DATA version; 83099ebb4caSwyllys KMF_BIGINT serialNumber; 83199ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER signature; 83299ebb4caSwyllys KMF_X509_NAME issuer; 83399ebb4caSwyllys KMF_X509_VALIDITY validity; 83499ebb4caSwyllys KMF_X509_NAME subject; 83599ebb4caSwyllys KMF_X509_SPKI subjectPublicKeyInfo; 83699ebb4caSwyllys KMF_DATA issuerUniqueIdentifier; 83799ebb4caSwyllys KMF_DATA subjectUniqueIdentifier; 83899ebb4caSwyllys KMF_X509_EXTENSIONS extensions; 83999ebb4caSwyllys } KMF_X509_TBS_CERT; 84099ebb4caSwyllys 84199ebb4caSwyllys /* 84299ebb4caSwyllys * KMF_X509_SIGNATURE 84399ebb4caSwyllys * This structure contains a cryptographic digital signature. 84499ebb4caSwyllys */ 84599ebb4caSwyllys typedef struct 84699ebb4caSwyllys { 84799ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; 84899ebb4caSwyllys KMF_DATA encrypted; 84999ebb4caSwyllys } KMF_X509_SIGNATURE; 85099ebb4caSwyllys 85199ebb4caSwyllys /* 85299ebb4caSwyllys * KMF_X509_CERTIFICATE 85399ebb4caSwyllys * This structure associates a set of decoded certificate 85499ebb4caSwyllys * values with the signature covering those values. 85599ebb4caSwyllys */ 85699ebb4caSwyllys typedef struct 85799ebb4caSwyllys { 85899ebb4caSwyllys KMF_X509_TBS_CERT certificate; 85999ebb4caSwyllys KMF_X509_SIGNATURE signature; 86099ebb4caSwyllys } KMF_X509_CERTIFICATE; 86199ebb4caSwyllys 86299ebb4caSwyllys #define CERT_ALG_OID(c) &c->certificate.signature.algorithm 86399ebb4caSwyllys #define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm 86499ebb4caSwyllys 86599ebb4caSwyllys /* 86699ebb4caSwyllys * KMF_TBS_CSR 86799ebb4caSwyllys * This structure contains a complete PKCS#10 certificate request 86899ebb4caSwyllys */ 86999ebb4caSwyllys typedef struct 87099ebb4caSwyllys { 87199ebb4caSwyllys KMF_DATA version; 87299ebb4caSwyllys KMF_X509_NAME subject; 87399ebb4caSwyllys KMF_X509_SPKI subjectPublicKeyInfo; 87499ebb4caSwyllys KMF_X509_EXTENSIONS extensions; 87599ebb4caSwyllys } KMF_TBS_CSR; 87699ebb4caSwyllys 87799ebb4caSwyllys /* 87899ebb4caSwyllys * KMF_CSR_DATA 87999ebb4caSwyllys * This structure contains a complete PKCS#10 certificate signed request 88099ebb4caSwyllys */ 88199ebb4caSwyllys typedef struct 88299ebb4caSwyllys { 88399ebb4caSwyllys KMF_TBS_CSR csr; 88499ebb4caSwyllys KMF_X509_SIGNATURE signature; 88599ebb4caSwyllys } KMF_CSR_DATA; 88699ebb4caSwyllys 88799ebb4caSwyllys /* 88899ebb4caSwyllys * KMF_X509EXT_POLICYQUALIFIERINFO 88999ebb4caSwyllys */ 89099ebb4caSwyllys typedef struct 89199ebb4caSwyllys { 89299ebb4caSwyllys KMF_OID policyQualifierId; 89399ebb4caSwyllys KMF_DATA value; 89499ebb4caSwyllys } KMF_X509EXT_POLICYQUALIFIERINFO; 89599ebb4caSwyllys 89699ebb4caSwyllys /* 89799ebb4caSwyllys * KMF_X509EXT_POLICYQUALIFIERS 89899ebb4caSwyllys */ 89999ebb4caSwyllys typedef struct 90099ebb4caSwyllys { 90199ebb4caSwyllys uint32_t numberOfPolicyQualifiers; 90299ebb4caSwyllys KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier; 90399ebb4caSwyllys } KMF_X509EXT_POLICYQUALIFIERS; 90499ebb4caSwyllys 90599ebb4caSwyllys /* 90699ebb4caSwyllys * KMF_X509EXT_POLICYINFO 90799ebb4caSwyllys */ 90899ebb4caSwyllys typedef struct 90999ebb4caSwyllys { 91099ebb4caSwyllys KMF_OID policyIdentifier; 91199ebb4caSwyllys KMF_X509EXT_POLICYQUALIFIERS policyQualifiers; 91299ebb4caSwyllys } KMF_X509EXT_POLICYINFO; 91399ebb4caSwyllys 91499ebb4caSwyllys typedef struct 91599ebb4caSwyllys { 91699ebb4caSwyllys uint32_t numberOfPolicyInfo; 91799ebb4caSwyllys KMF_X509EXT_POLICYINFO *policyInfo; 91899ebb4caSwyllys } KMF_X509EXT_CERT_POLICIES; 91999ebb4caSwyllys 92099ebb4caSwyllys typedef struct 92199ebb4caSwyllys { 92299ebb4caSwyllys uchar_t critical; 92399ebb4caSwyllys uint16_t KeyUsageBits; 92499ebb4caSwyllys } KMF_X509EXT_KEY_USAGE; 92599ebb4caSwyllys 92699ebb4caSwyllys typedef struct 92799ebb4caSwyllys { 92899ebb4caSwyllys uchar_t critical; 92999ebb4caSwyllys uint16_t nEKUs; 93099ebb4caSwyllys KMF_OID *keyPurposeIdList; 93199ebb4caSwyllys } KMF_X509EXT_EKU; 93299ebb4caSwyllys 93399ebb4caSwyllys 93499ebb4caSwyllys /* 93599ebb4caSwyllys * X509 AuthorityInfoAccess extension 93699ebb4caSwyllys */ 93799ebb4caSwyllys typedef struct 93899ebb4caSwyllys { 93999ebb4caSwyllys KMF_OID AccessMethod; 94099ebb4caSwyllys KMF_DATA AccessLocation; 94199ebb4caSwyllys } KMF_X509EXT_ACCESSDESC; 94299ebb4caSwyllys 94399ebb4caSwyllys typedef struct 94499ebb4caSwyllys { 94599ebb4caSwyllys uint32_t numberOfAccessDescription; 94699ebb4caSwyllys KMF_X509EXT_ACCESSDESC *AccessDesc; 94799ebb4caSwyllys } KMF_X509EXT_AUTHINFOACCESS; 94899ebb4caSwyllys 94999ebb4caSwyllys 95099ebb4caSwyllys /* 95199ebb4caSwyllys * X509 Crl Distribution Point extension 95299ebb4caSwyllys */ 95399ebb4caSwyllys typedef struct { 95499ebb4caSwyllys KMF_GENERALNAMECHOICES choice; 95599ebb4caSwyllys KMF_DATA name; 95699ebb4caSwyllys } KMF_GENERALNAME; 95799ebb4caSwyllys 95899ebb4caSwyllys typedef struct { 95999ebb4caSwyllys uint32_t number; 96099ebb4caSwyllys KMF_GENERALNAME *namelist; 96199ebb4caSwyllys } KMF_GENERALNAMES; 96299ebb4caSwyllys 96399ebb4caSwyllys typedef enum { 96499ebb4caSwyllys DP_GENERAL_NAME = 1, 96599ebb4caSwyllys DP_RELATIVE_NAME = 2 96699ebb4caSwyllys } KMF_CRL_DIST_POINT_TYPE; 96799ebb4caSwyllys 96899ebb4caSwyllys typedef struct { 96999ebb4caSwyllys KMF_CRL_DIST_POINT_TYPE type; 97099ebb4caSwyllys union { 97199ebb4caSwyllys KMF_GENERALNAMES full_name; 97299ebb4caSwyllys KMF_DATA relative_name; 97399ebb4caSwyllys } name; 97499ebb4caSwyllys KMF_DATA reasons; 97599ebb4caSwyllys KMF_GENERALNAMES crl_issuer; 97699ebb4caSwyllys } KMF_CRL_DIST_POINT; 97799ebb4caSwyllys 97899ebb4caSwyllys typedef struct { 97999ebb4caSwyllys uint32_t number; 98099ebb4caSwyllys KMF_CRL_DIST_POINT *dplist; 98199ebb4caSwyllys } KMF_X509EXT_CRLDISTPOINTS; 98299ebb4caSwyllys 98399ebb4caSwyllys 98499ebb4caSwyllys /* 98599ebb4caSwyllys * Definitions for common X.509v3 certificate attribute OIDs 98699ebb4caSwyllys */ 98799ebb4caSwyllys #define OID_ISO_MEMBER 42 /* Also in PKCS */ 98899ebb4caSwyllys #define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */ 98999ebb4caSwyllys #define OID_CA OID_ISO_MEMBER, 124 99099ebb4caSwyllys 99199ebb4caSwyllys #define OID_ISO_IDENTIFIED_ORG 43 99299ebb4caSwyllys #define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 99399ebb4caSwyllys #define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 99499ebb4caSwyllys #define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 99599ebb4caSwyllys #define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */ 99699ebb4caSwyllys 99799ebb4caSwyllys #define OID_ISO_CCITT_DIR_SERVICE 85 99899ebb4caSwyllys #define OID_ISO_CCITT_COUNTRY 96 99999ebb4caSwyllys #define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72 100099ebb4caSwyllys #define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124 100199ebb4caSwyllys #define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1 100299ebb4caSwyllys #define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2 100399ebb4caSwyllys #define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3 100499ebb4caSwyllys 100599ebb4caSwyllys /* From the PKCS Standards */ 100699ebb4caSwyllys #define OID_ISO_MEMBER_LENGTH 1 100799ebb4caSwyllys #define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2) 100899ebb4caSwyllys 100999ebb4caSwyllys #define OID_RSA OID_US, 134, 247, 13 101099ebb4caSwyllys #define OID_RSA_LENGTH (OID_US_LENGTH + 3) 101199ebb4caSwyllys 101299ebb4caSwyllys #define OID_RSA_HASH OID_RSA, 2 101399ebb4caSwyllys #define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1) 101499ebb4caSwyllys 101599ebb4caSwyllys #define OID_RSA_ENCRYPT OID_RSA, 3 101699ebb4caSwyllys #define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1) 101799ebb4caSwyllys 101899ebb4caSwyllys #define OID_PKCS OID_RSA, 1 101999ebb4caSwyllys #define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1) 102099ebb4caSwyllys 102199ebb4caSwyllys #define OID_PKCS_1 OID_PKCS, 1 102299ebb4caSwyllys #define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1) 102399ebb4caSwyllys 102499ebb4caSwyllys #define OID_PKCS_2 OID_PKCS, 2 102599ebb4caSwyllys #define OID_PKCS_3 OID_PKCS, 3 102699ebb4caSwyllys #define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1) 102799ebb4caSwyllys 102899ebb4caSwyllys #define OID_PKCS_4 OID_PKCS, 4 102999ebb4caSwyllys #define OID_PKCS_5 OID_PKCS, 5 103099ebb4caSwyllys #define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1) 103199ebb4caSwyllys #define OID_PKCS_6 OID_PKCS, 6 103299ebb4caSwyllys #define OID_PKCS_7 OID_PKCS, 7 103399ebb4caSwyllys #define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1) 103499ebb4caSwyllys 103599ebb4caSwyllys #define OID_PKCS_7_Data OID_PKCS_7, 1 103699ebb4caSwyllys #define OID_PKCS_7_SignedData OID_PKCS_7, 2 103799ebb4caSwyllys #define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3 103899ebb4caSwyllys #define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4 103999ebb4caSwyllys #define OID_PKCS_7_DigestedData OID_PKCS_7, 5 104099ebb4caSwyllys #define OID_PKCS_7_EncryptedData OID_PKCS_7, 6 104199ebb4caSwyllys 104299ebb4caSwyllys #define OID_PKCS_8 OID_PKCS, 8 104399ebb4caSwyllys #define OID_PKCS_9 OID_PKCS, 9 104499ebb4caSwyllys #define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1) 104599ebb4caSwyllys 104699ebb4caSwyllys #define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3 104799ebb4caSwyllys #define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4 104899ebb4caSwyllys #define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5 104999ebb4caSwyllys #define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6 105099ebb4caSwyllys #define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14 105199ebb4caSwyllys 105299ebb4caSwyllys #define OID_PKCS_10 OID_PKCS, 10 105399ebb4caSwyllys 105499ebb4caSwyllys #define OID_PKCS_12 OID_PKCS, 12 105599ebb4caSwyllys #define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1) 105699ebb4caSwyllys 105799ebb4caSwyllys #define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1 105899ebb4caSwyllys #define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2 105999ebb4caSwyllys #define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3 106099ebb4caSwyllys #define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4 106199ebb4caSwyllys #define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5 106299ebb4caSwyllys #define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6 106399ebb4caSwyllys 106499ebb4caSwyllys #define OID_BAG_TYPES OID_PKCS_12, 10, 1 106599ebb4caSwyllys #define OID_KeyBag OID_BAG_TYPES, 1 106699ebb4caSwyllys #define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2 106799ebb4caSwyllys #define OID_CertBag OID_BAG_TYPES, 3 106899ebb4caSwyllys #define OID_CrlBag OID_BAG_TYPES, 4 106999ebb4caSwyllys #define OID_SecretBag OID_BAG_TYPES, 5 107099ebb4caSwyllys #define OID_SafeContentsBag OID_BAG_TYPES, 6 107199ebb4caSwyllys 107299ebb4caSwyllys #define OID_ContentInfo OID_PKCS_7, 0, 1 107399ebb4caSwyllys 107499ebb4caSwyllys #define OID_CERT_TYPES OID_PKCS_9, 22 107599ebb4caSwyllys #define OID_x509Certificate OID_CERT_TYPES, 1 107699ebb4caSwyllys #define OID_sdsiCertificate OID_CERT_TYPES, 2 107799ebb4caSwyllys 107899ebb4caSwyllys #define OID_CRL_TYPES OID_PKCS_9, 23 107999ebb4caSwyllys #define OID_x509Crl OID_CRL_TYPES, 1 108099ebb4caSwyllys 108199ebb4caSwyllys #define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */ 108299ebb4caSwyllys #define OID_DS_LENGTH 1 108399ebb4caSwyllys 108499ebb4caSwyllys #define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */ 108599ebb4caSwyllys #define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1) 108699ebb4caSwyllys 108799ebb4caSwyllys #define OID_DSALG OID_DS, 8 /* Also in X.501 */ 108899ebb4caSwyllys #define OID_DSALG_LENGTH (OID_DS_LENGTH + 1) 108999ebb4caSwyllys 109099ebb4caSwyllys #define OID_EXTENSION OID_DS, 29 /* Also in X.501 */ 109199ebb4caSwyllys #define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1) 109299ebb4caSwyllys 109399ebb4caSwyllys /* 109499ebb4caSwyllys * From RFC 1274: 109599ebb4caSwyllys * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) } 109699ebb4caSwyllys */ 109799ebb4caSwyllys #define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 109899ebb4caSwyllys #define OID_PILOT_LENGTH 9 109999ebb4caSwyllys 110099ebb4caSwyllys #define OID_USERID OID_PILOT 1 110199ebb4caSwyllys #define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1) 110299ebb4caSwyllys 110399ebb4caSwyllys /* 110499ebb4caSwyllys * From PKIX part1 110599ebb4caSwyllys * { iso(1) identified-organization(3) dod(6) internet(1) 110699ebb4caSwyllys * security(5) mechanisms(5) pkix(7) } 110799ebb4caSwyllys */ 110899ebb4caSwyllys #define OID_PKIX 43, 6, 1, 5, 5, 7 110999ebb4caSwyllys #define OID_PKIX_LENGTH 6 111099ebb4caSwyllys 111199ebb4caSwyllys /* private certificate extensions, { id-pkix 1 } */ 111299ebb4caSwyllys #define OID_PKIX_PE OID_PKIX, 1 111399ebb4caSwyllys #define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1) 111499ebb4caSwyllys 111599ebb4caSwyllys /* policy qualifier types {id-pkix 2 } */ 111699ebb4caSwyllys #define OID_PKIX_QT OID_PKIX, 2 111799ebb4caSwyllys #define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1) 111899ebb4caSwyllys 111999ebb4caSwyllys /* CPS qualifier, { id-qt 1 } */ 112099ebb4caSwyllys #define OID_PKIX_QT_CPS OID_PKIX_QT, 1 112199ebb4caSwyllys #define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1) 112299ebb4caSwyllys /* user notice qualifier, { id-qt 2 } */ 112399ebb4caSwyllys #define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2 112499ebb4caSwyllys #define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1) 112599ebb4caSwyllys 112699ebb4caSwyllys /* extended key purpose OIDs {id-pkix 3 } */ 112799ebb4caSwyllys #define OID_PKIX_KP OID_PKIX, 3 112899ebb4caSwyllys #define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1) 112999ebb4caSwyllys 113099ebb4caSwyllys /* access descriptors {id-pkix 4 } */ 113199ebb4caSwyllys #define OID_PKIX_AD OID_PKIX, 48 113299ebb4caSwyllys #define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1) 113399ebb4caSwyllys 113499ebb4caSwyllys /* access descriptors */ 113599ebb4caSwyllys /* OCSP */ 113699ebb4caSwyllys #define OID_PKIX_AD_OCSP OID_PKIX_AD, 1 113799ebb4caSwyllys #define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1) 113899ebb4caSwyllys 113999ebb4caSwyllys /* cAIssuers */ 114099ebb4caSwyllys #define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2 114199ebb4caSwyllys #define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1) 114299ebb4caSwyllys 114399ebb4caSwyllys /* end PKIX part1 */ 114499ebb4caSwyllys #define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4 114599ebb4caSwyllys #define OID_APPL_TCP_PROTO_LENGTH 8 114699ebb4caSwyllys 114799ebb4caSwyllys #define OID_DAP OID_DS, 3, 1 114899ebb4caSwyllys #define OID_DAP_LENGTH (OID_DS_LENGTH + 2) 114999ebb4caSwyllys 115099ebb4caSwyllys /* From x9.57 */ 115199ebb4caSwyllys #define OID_OIW_LENGTH 2 115299ebb4caSwyllys 115399ebb4caSwyllys #define OID_OIW_SECSIG OID_OIW, 3 115499ebb4caSwyllys #define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1) 115599ebb4caSwyllys 115699ebb4caSwyllys #define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 115799ebb4caSwyllys #define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1) 115899ebb4caSwyllys 115999ebb4caSwyllys #define OID_OIWDIR OID_OIW, 7, 2 116099ebb4caSwyllys #define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2) 116199ebb4caSwyllys 116299ebb4caSwyllys #define OID_OIWDIR_CRPT OID_OIWDIR, 1 116399ebb4caSwyllys 116499ebb4caSwyllys #define OID_OIWDIR_HASH OID_OIWDIR, 2 116599ebb4caSwyllys #define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1) 116699ebb4caSwyllys 116799ebb4caSwyllys #define OID_OIWDIR_SIGN OID_OIWDIR, 3 116899ebb4caSwyllys #define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1) 116999ebb4caSwyllys 117099ebb4caSwyllys #define OID_X9CM OID_US, 206, 56 117199ebb4caSwyllys #define OID_X9CM_MODULE OID_X9CM, 1 117299ebb4caSwyllys #define OID_X9CM_INSTRUCTION OID_X9CM, 2 117399ebb4caSwyllys #define OID_X9CM_ATTR OID_X9CM, 3 117499ebb4caSwyllys #define OID_X9CM_X9ALGORITHM OID_X9CM, 4 117599ebb4caSwyllys #define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1) 117699ebb4caSwyllys 117799ebb4caSwyllys #define INTEL 96, 134, 72, 1, 134, 248, 77 117899ebb4caSwyllys #define INTEL_LENGTH 7 117999ebb4caSwyllys 118099ebb4caSwyllys #define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 118199ebb4caSwyllys #define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) 118299ebb4caSwyllys 118399ebb4caSwyllys #define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 118499ebb4caSwyllys #define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) 118599ebb4caSwyllys 118699ebb4caSwyllys extern const KMF_OID 118799ebb4caSwyllys KMFOID_AliasedEntryName, 118899ebb4caSwyllys KMFOID_AuthorityRevocationList, 118999ebb4caSwyllys KMFOID_BusinessCategory, 119099ebb4caSwyllys KMFOID_CACertificate, 119199ebb4caSwyllys KMFOID_CertificateRevocationList, 119299ebb4caSwyllys KMFOID_ChallengePassword, 119399ebb4caSwyllys KMFOID_CollectiveFacsimileTelephoneNumber, 119499ebb4caSwyllys KMFOID_CollectiveInternationalISDNNumber, 119599ebb4caSwyllys KMFOID_CollectiveOrganizationName, 119699ebb4caSwyllys KMFOID_CollectiveOrganizationalUnitName, 119799ebb4caSwyllys KMFOID_CollectivePhysicalDeliveryOfficeName, 119899ebb4caSwyllys KMFOID_CollectivePostOfficeBox, 119999ebb4caSwyllys KMFOID_CollectivePostalAddress, 120099ebb4caSwyllys KMFOID_CollectivePostalCode, 120199ebb4caSwyllys KMFOID_CollectiveStateProvinceName, 120299ebb4caSwyllys KMFOID_CollectiveStreetAddress, 120399ebb4caSwyllys KMFOID_CollectiveTelephoneNumber, 120499ebb4caSwyllys KMFOID_CollectiveTelexNumber, 120599ebb4caSwyllys KMFOID_CollectiveTelexTerminalIdentifier, 120699ebb4caSwyllys KMFOID_CommonName, 120799ebb4caSwyllys KMFOID_ContentType, 120899ebb4caSwyllys KMFOID_CounterSignature, 120999ebb4caSwyllys KMFOID_CountryName, 121099ebb4caSwyllys KMFOID_CrossCertificatePair, 121199ebb4caSwyllys KMFOID_DNQualifier, 121299ebb4caSwyllys KMFOID_Description, 121399ebb4caSwyllys KMFOID_DestinationIndicator, 121499ebb4caSwyllys KMFOID_DistinguishedName, 121599ebb4caSwyllys KMFOID_EmailAddress, 121699ebb4caSwyllys KMFOID_EnhancedSearchGuide, 121799ebb4caSwyllys KMFOID_ExtendedCertificateAttributes, 121899ebb4caSwyllys KMFOID_ExtensionRequest, 121999ebb4caSwyllys KMFOID_FacsimileTelephoneNumber, 122099ebb4caSwyllys KMFOID_GenerationQualifier, 122199ebb4caSwyllys KMFOID_GivenName, 122299ebb4caSwyllys KMFOID_HouseIdentifier, 122399ebb4caSwyllys KMFOID_Initials, 122499ebb4caSwyllys KMFOID_InternationalISDNNumber, 122599ebb4caSwyllys KMFOID_KnowledgeInformation, 122699ebb4caSwyllys KMFOID_LocalityName, 122799ebb4caSwyllys KMFOID_Member, 122899ebb4caSwyllys KMFOID_MessageDigest, 122999ebb4caSwyllys KMFOID_Name, 123099ebb4caSwyllys KMFOID_ObjectClass, 123199ebb4caSwyllys KMFOID_OrganizationName, 123299ebb4caSwyllys KMFOID_OrganizationalUnitName, 123399ebb4caSwyllys KMFOID_Owner, 123499ebb4caSwyllys KMFOID_PhysicalDeliveryOfficeName, 123599ebb4caSwyllys KMFOID_PostOfficeBox, 123699ebb4caSwyllys KMFOID_PostalAddress, 123799ebb4caSwyllys KMFOID_PostalCode, 123899ebb4caSwyllys KMFOID_PreferredDeliveryMethod, 123999ebb4caSwyllys KMFOID_PresentationAddress, 124099ebb4caSwyllys KMFOID_ProtocolInformation, 124199ebb4caSwyllys KMFOID_RFC822mailbox, 124299ebb4caSwyllys KMFOID_RegisteredAddress, 124399ebb4caSwyllys KMFOID_RoleOccupant, 124499ebb4caSwyllys KMFOID_SearchGuide, 124599ebb4caSwyllys KMFOID_SeeAlso, 124699ebb4caSwyllys KMFOID_SerialNumber, 124799ebb4caSwyllys KMFOID_SigningTime, 124899ebb4caSwyllys KMFOID_StateProvinceName, 124999ebb4caSwyllys KMFOID_StreetAddress, 125099ebb4caSwyllys KMFOID_SupportedApplicationContext, 125199ebb4caSwyllys KMFOID_Surname, 125299ebb4caSwyllys KMFOID_TelephoneNumber, 125399ebb4caSwyllys KMFOID_TelexNumber, 125499ebb4caSwyllys KMFOID_TelexTerminalIdentifier, 125599ebb4caSwyllys KMFOID_Title, 125699ebb4caSwyllys KMFOID_UniqueIdentifier, 125799ebb4caSwyllys KMFOID_UniqueMember, 125899ebb4caSwyllys KMFOID_UnstructuredAddress, 125999ebb4caSwyllys KMFOID_UnstructuredName, 126099ebb4caSwyllys KMFOID_UserCertificate, 126199ebb4caSwyllys KMFOID_UserPassword, 126299ebb4caSwyllys KMFOID_X_121Address, 126399ebb4caSwyllys KMFOID_domainComponent, 126499ebb4caSwyllys KMFOID_userid; 126599ebb4caSwyllys 126699ebb4caSwyllys extern const KMF_OID 126799ebb4caSwyllys KMFOID_AuthorityKeyID, 126899ebb4caSwyllys KMFOID_AuthorityInfoAccess, 126999ebb4caSwyllys KMFOID_VerisignCertificatePolicy, 127099ebb4caSwyllys KMFOID_KeyUsageRestriction, 127199ebb4caSwyllys KMFOID_SubjectDirectoryAttributes, 127299ebb4caSwyllys KMFOID_SubjectKeyIdentifier, 127399ebb4caSwyllys KMFOID_KeyUsage, 127499ebb4caSwyllys KMFOID_PrivateKeyUsagePeriod, 127599ebb4caSwyllys KMFOID_SubjectAltName, 127699ebb4caSwyllys KMFOID_IssuerAltName, 127799ebb4caSwyllys KMFOID_BasicConstraints, 127899ebb4caSwyllys KMFOID_CrlNumber, 127999ebb4caSwyllys KMFOID_CrlReason, 128099ebb4caSwyllys KMFOID_HoldInstructionCode, 128199ebb4caSwyllys KMFOID_InvalidityDate, 128299ebb4caSwyllys KMFOID_DeltaCrlIndicator, 128399ebb4caSwyllys KMFOID_IssuingDistributionPoints, 128499ebb4caSwyllys KMFOID_NameConstraints, 128599ebb4caSwyllys KMFOID_CrlDistributionPoints, 128699ebb4caSwyllys KMFOID_CertificatePolicies, 128799ebb4caSwyllys KMFOID_PolicyMappings, 128899ebb4caSwyllys KMFOID_PolicyConstraints, 128999ebb4caSwyllys KMFOID_AuthorityKeyIdentifier, 129099ebb4caSwyllys KMFOID_ExtendedKeyUsage, 129199ebb4caSwyllys KMFOID_PkixAdOcsp, 129299ebb4caSwyllys KMFOID_PkixAdCaIssuers, 129399ebb4caSwyllys KMFOID_PKIX_PQ_CPSuri, 129499ebb4caSwyllys KMFOID_PKIX_PQ_Unotice, 129599ebb4caSwyllys KMFOID_PKIX_KP_ServerAuth, 129699ebb4caSwyllys KMFOID_PKIX_KP_ClientAuth, 129799ebb4caSwyllys KMFOID_PKIX_KP_CodeSigning, 129899ebb4caSwyllys KMFOID_PKIX_KP_EmailProtection, 129999ebb4caSwyllys KMFOID_PKIX_KP_IPSecEndSystem, 130099ebb4caSwyllys KMFOID_PKIX_KP_IPSecTunnel, 130199ebb4caSwyllys KMFOID_PKIX_KP_IPSecUser, 130299ebb4caSwyllys KMFOID_PKIX_KP_TimeStamping, 130399ebb4caSwyllys KMFOID_PKIX_KP_OCSPSigning; 130499ebb4caSwyllys 130599ebb4caSwyllys /* 130699ebb4caSwyllys * KMF Certificate validation codes. These may be masked together. 130799ebb4caSwyllys */ 130899ebb4caSwyllys #define KMF_CERT_VALIDATE_OK 0x00 130999ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_TA 0x01 131099ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_USER 0x02 131199ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04 131299ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08 131399ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10 131499ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_TIME 0x20 131599ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_CRL 0x40 131699ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_OCSP 0x80 131799ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_ISSUER 0x100 131899ebb4caSwyllys 131999ebb4caSwyllys /* 132099ebb4caSwyllys * KMF Key Usage bitmasks 132199ebb4caSwyllys */ 132299ebb4caSwyllys #define KMF_digitalSignature 0x8000 132399ebb4caSwyllys #define KMF_nonRepudiation 0x4000 132499ebb4caSwyllys #define KMF_keyEncipherment 0x2000 132599ebb4caSwyllys #define KMF_dataEncipherment 0x1000 132699ebb4caSwyllys #define KMF_keyAgreement 0x0800 132799ebb4caSwyllys #define KMF_keyCertSign 0x0400 132899ebb4caSwyllys #define KMF_cRLSign 0x0200 132999ebb4caSwyllys #define KMF_encipherOnly 0x0100 133099ebb4caSwyllys #define KMF_decipherOnly 0x0080 133199ebb4caSwyllys 133299ebb4caSwyllys #define KMF_KUBITMASK 0xFF80 133399ebb4caSwyllys 133499ebb4caSwyllys /* 133599ebb4caSwyllys * KMF Extended KeyUsage OID definitions 133699ebb4caSwyllys */ 133799ebb4caSwyllys #define KMF_EKU_SERVERAUTH 0x01 133899ebb4caSwyllys #define KMF_EKU_CLIENTAUTH 0x02 133999ebb4caSwyllys #define KMF_EKU_CODESIGNING 0x04 134099ebb4caSwyllys #define KMF_EKU_EMAIL 0x08 134199ebb4caSwyllys #define KMF_EKU_TIMESTAMP 0x10 134299ebb4caSwyllys #define KMF_EKU_OCSPSIGNING 0x20 134399ebb4caSwyllys 134499ebb4caSwyllys 134599ebb4caSwyllys #ifdef __cplusplus 134699ebb4caSwyllys } 134799ebb4caSwyllys #endif 134899ebb4caSwyllys #endif /* _KMFTYPES_H */ 1349