199ebb4caSwyllys /* 29a767088Shaimay * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. 399ebb4caSwyllys */ 499ebb4caSwyllys /* 571593db2Swyllys * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 699ebb4caSwyllys * Use is subject to license terms. 799ebb4caSwyllys */ 899ebb4caSwyllys 999ebb4caSwyllys #ifndef _KMFTYPES_H 1099ebb4caSwyllys #define _KMFTYPES_H 1199ebb4caSwyllys 1299ebb4caSwyllys #pragma ident "%Z%%M% %I% %E% SMI" 1399ebb4caSwyllys 1499ebb4caSwyllys #include <sys/types.h> 1599ebb4caSwyllys #include <stdlib.h> 1699ebb4caSwyllys #include <strings.h> 1799ebb4caSwyllys #include <pthread.h> 1899ebb4caSwyllys 1999ebb4caSwyllys #include <security/cryptoki.h> 2099ebb4caSwyllys 2199ebb4caSwyllys #ifdef __cplusplus 2299ebb4caSwyllys extern "C" { 2399ebb4caSwyllys #endif 2499ebb4caSwyllys 2599ebb4caSwyllys typedef uint32_t KMF_BOOL; 2699ebb4caSwyllys 2799ebb4caSwyllys #define KMF_FALSE (0) 2899ebb4caSwyllys #define KMF_TRUE (1) 2999ebb4caSwyllys 3099ebb4caSwyllys /* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */ 3199ebb4caSwyllys typedef struct _kmf_handle *KMF_HANDLE_T; 3299ebb4caSwyllys 3399ebb4caSwyllys /* 3499ebb4caSwyllys * KMF_DATA 3599ebb4caSwyllys * The KMF_DATA structure is used to associate a length, in bytes, with 3699ebb4caSwyllys * an arbitrary block of contiguous memory. 3799ebb4caSwyllys */ 3899ebb4caSwyllys typedef struct kmf_data 3999ebb4caSwyllys { 4099ebb4caSwyllys size_t Length; /* in bytes */ 4199ebb4caSwyllys uchar_t *Data; 4299ebb4caSwyllys } KMF_DATA; 4399ebb4caSwyllys 4499ebb4caSwyllys typedef struct { 4599ebb4caSwyllys uchar_t *val; 4699ebb4caSwyllys size_t len; 4799ebb4caSwyllys } KMF_BIGINT; 4899ebb4caSwyllys 4999ebb4caSwyllys /* 5099ebb4caSwyllys * KMF_OID 5199ebb4caSwyllys * The object identifier (OID) structure is used to hold a unique identifier for 5299ebb4caSwyllys * the atomic data fields and the compound substructure that comprise the fields 5399ebb4caSwyllys * of a certificate or CRL. 5499ebb4caSwyllys */ 5599ebb4caSwyllys typedef KMF_DATA KMF_OID; 5699ebb4caSwyllys 5799ebb4caSwyllys typedef struct kmf_x509_private { 5899ebb4caSwyllys int keystore_type; 5999ebb4caSwyllys int flags; /* see below */ 6099ebb4caSwyllys char *label; 6199ebb4caSwyllys #define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */ 6299ebb4caSwyllys #define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */ 6399ebb4caSwyllys } KMF_X509_PRIVATE, KMF_X509_PRIVATE_PTR; 6499ebb4caSwyllys 6599ebb4caSwyllys /* 6699ebb4caSwyllys * KMF_X509_DER_CERT 6799ebb4caSwyllys * This structure associates packed DER certificate data. 6899ebb4caSwyllys * Also, it contains the private information internal used 6999ebb4caSwyllys * by KMF layer. 7099ebb4caSwyllys */ 7199ebb4caSwyllys typedef struct 7299ebb4caSwyllys { 7399ebb4caSwyllys KMF_DATA certificate; 7499ebb4caSwyllys KMF_X509_PRIVATE kmf_private; 7599ebb4caSwyllys } KMF_X509_DER_CERT; 7699ebb4caSwyllys 7799ebb4caSwyllys typedef enum { 7899ebb4caSwyllys KMF_KEYSTORE_NSS = 1, 7999ebb4caSwyllys KMF_KEYSTORE_OPENSSL = 2, 8099ebb4caSwyllys KMF_KEYSTORE_PK11TOKEN = 3, 8199ebb4caSwyllys KMF_KEYSTORE_DEFAULT /* based on configuration */ 8299ebb4caSwyllys } KMF_KEYSTORE_TYPE; 8399ebb4caSwyllys 8499ebb4caSwyllys #define VALID_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\ 8599ebb4caSwyllys (t <= KMF_KEYSTORE_PK11TOKEN)) 8699ebb4caSwyllys 8799ebb4caSwyllys typedef enum { 8899ebb4caSwyllys KMF_FORMAT_UNDEF = 0, 8999ebb4caSwyllys KMF_FORMAT_ASN1 = 1, /* DER */ 9099ebb4caSwyllys KMF_FORMAT_PEM = 2, 9199ebb4caSwyllys KMF_FORMAT_PKCS12 = 3, 9271593db2Swyllys KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */ 9371593db2Swyllys KMF_FORMAT_PEM_KEYPAIR = 5 9499ebb4caSwyllys } KMF_ENCODE_FORMAT; 9571593db2Swyllys #define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF 9699ebb4caSwyllys 9799ebb4caSwyllys typedef enum { 9899ebb4caSwyllys KMF_ALL_CERTS = 0, 9999ebb4caSwyllys KMF_NONEXPIRED_CERTS = 1, 10099ebb4caSwyllys KMF_EXPIRED_CERTS = 2 10199ebb4caSwyllys } KMF_CERT_VALIDITY; 10299ebb4caSwyllys 10399ebb4caSwyllys typedef enum { 10499ebb4caSwyllys KMF_KU_SIGN_CERT = 0, 10599ebb4caSwyllys KMF_KU_SIGN_DATA = 1, 10699ebb4caSwyllys KMF_KU_ENCRYPT_DATA = 2 10799ebb4caSwyllys } KMF_KU_PURPOSE; 10899ebb4caSwyllys 10902744e81Swyllys /* 11002744e81Swyllys * Algorithms 11102744e81Swyllys * This type defines a set of constants used to identify cryptographic 11202744e81Swyllys * algorithms. 11302744e81Swyllys */ 11402744e81Swyllys typedef enum { 11502744e81Swyllys KMF_ALGID_NONE = 0, 11602744e81Swyllys KMF_ALGID_CUSTOM, 11702744e81Swyllys KMF_ALGID_SHA1, 11802744e81Swyllys KMF_ALGID_RSA, 11902744e81Swyllys KMF_ALGID_DSA, 12002744e81Swyllys KMF_ALGID_MD5WithRSA, 12102744e81Swyllys KMF_ALGID_MD2WithRSA, 12202744e81Swyllys KMF_ALGID_SHA1WithRSA, 12302744e81Swyllys KMF_ALGID_SHA1WithDSA 12402744e81Swyllys } KMF_ALGORITHM_INDEX; 12599ebb4caSwyllys 12699ebb4caSwyllys /* Keystore Configuration */ 12799ebb4caSwyllys typedef struct { 12899ebb4caSwyllys char *configdir; 12999ebb4caSwyllys char *certPrefix; 13099ebb4caSwyllys char *keyPrefix; 13199ebb4caSwyllys char *secModName; 13299ebb4caSwyllys } KMF_NSS_CONFIG; 13399ebb4caSwyllys 13499ebb4caSwyllys typedef struct { 13599ebb4caSwyllys char *label; 13699ebb4caSwyllys boolean_t readonly; 13799ebb4caSwyllys } KMF_PKCS11_CONFIG; 13899ebb4caSwyllys 13999ebb4caSwyllys typedef struct { 14099ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 14199ebb4caSwyllys union { 14299ebb4caSwyllys KMF_NSS_CONFIG nss_conf; 14399ebb4caSwyllys KMF_PKCS11_CONFIG pkcs11_conf; 14499ebb4caSwyllys } ks_config_u; 14599ebb4caSwyllys } KMF_CONFIG_PARAMS; 14699ebb4caSwyllys 14799ebb4caSwyllys #define nssconfig ks_config_u.nss_conf 14899ebb4caSwyllys #define pkcs11config ks_config_u.pkcs11_conf 14999ebb4caSwyllys 15099ebb4caSwyllys /* 15199ebb4caSwyllys * Generic credential structure used by other structures below 15299ebb4caSwyllys * to convey authentication information to the underlying 15399ebb4caSwyllys * mechanisms. 15499ebb4caSwyllys */ 15599ebb4caSwyllys typedef struct { 15699ebb4caSwyllys char *cred; 15799ebb4caSwyllys uint32_t credlen; 15899ebb4caSwyllys } KMF_CREDENTIAL; 15999ebb4caSwyllys 16099ebb4caSwyllys typedef struct 16199ebb4caSwyllys { 16299ebb4caSwyllys char *trustflag; 16399ebb4caSwyllys char *slotlabel; /* "internal" by default */ 16499ebb4caSwyllys int issuerId; 16599ebb4caSwyllys int subjectId; 16699ebb4caSwyllys char *crlfile; /* for ImportCRL */ 16799ebb4caSwyllys boolean_t crl_check; /* for ImportCRL */ 16899ebb4caSwyllys 1695363b112Shylee /* 1705363b112Shylee * The following 2 variables are for FindCertInCRL. The caller can 1715363b112Shylee * either specify certLabel or provide the entire certificate in 1725363b112Shylee * DER format as input. 1735363b112Shylee */ 1745363b112Shylee char *certLabel; /* for FindCertInCRL */ 1755363b112Shylee KMF_DATA *certificate; /* for FindCertInCRL */ 1765363b112Shylee 17799ebb4caSwyllys /* 17899ebb4caSwyllys * crl_subjName and crl_issuerName are used as the CRL deletion 17999ebb4caSwyllys * criteria. One should be non-NULL and the other one should be NULL. 18099ebb4caSwyllys * If crl_subjName is not NULL, then delete CRL by the subject name. 18199ebb4caSwyllys * Othewise, delete by the issuer name. 18299ebb4caSwyllys */ 18399ebb4caSwyllys char *crl_subjName; 18499ebb4caSwyllys char *crl_issuerName; 18599ebb4caSwyllys } KMF_NSS_PARAMS; 18699ebb4caSwyllys 18799ebb4caSwyllys typedef struct { 18899ebb4caSwyllys char *dirpath; 18999ebb4caSwyllys char *certfile; 19099ebb4caSwyllys char *crlfile; 19199ebb4caSwyllys char *keyfile; 19299ebb4caSwyllys char *outcrlfile; 19399ebb4caSwyllys boolean_t crl_check; /* CRL import check; default is true */ 19499ebb4caSwyllys KMF_ENCODE_FORMAT format; /* output file format */ 19599ebb4caSwyllys } KMF_OPENSSL_PARAMS; 19699ebb4caSwyllys 19799ebb4caSwyllys typedef struct { 19899ebb4caSwyllys boolean_t private; /* for finding CKA_PRIVATE objects */ 19999ebb4caSwyllys boolean_t sensitive; 20099ebb4caSwyllys boolean_t not_extractable; 20171593db2Swyllys boolean_t token; /* true == token object, false == session */ 20299ebb4caSwyllys } KMF_PKCS11_PARAMS; 20399ebb4caSwyllys 20499ebb4caSwyllys typedef struct { 20599ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 20699ebb4caSwyllys char *certLabel; 20799ebb4caSwyllys char *issuer; 20899ebb4caSwyllys char *subject; 20999ebb4caSwyllys char *idstr; 21099ebb4caSwyllys KMF_BIGINT *serial; 21199ebb4caSwyllys KMF_CERT_VALIDITY find_cert_validity; 21299ebb4caSwyllys 21399ebb4caSwyllys union { 21499ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 21599ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 21699ebb4caSwyllys KMF_PKCS11_PARAMS pkcs11_opts; 21799ebb4caSwyllys } ks_opt_u; 21899ebb4caSwyllys } KMF_FINDCERT_PARAMS, KMF_DELETECERT_PARAMS; 21999ebb4caSwyllys 22099ebb4caSwyllys typedef struct { 22199ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 2225363b112Shylee KMF_DATA *certificate; 22399ebb4caSwyllys KMF_DATA *ocsp_response; 22499ebb4caSwyllys 22599ebb4caSwyllys union { 22699ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 22799ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 22899ebb4caSwyllys KMF_PKCS11_PARAMS pkcs11_opts; 22999ebb4caSwyllys } ks_opt_u; 23099ebb4caSwyllys } KMF_VALIDATECERT_PARAMS; 23199ebb4caSwyllys 23299ebb4caSwyllys typedef enum { 23399ebb4caSwyllys KMF_KEYALG_NONE = 0, 23499ebb4caSwyllys KMF_RSA = 1, 23599ebb4caSwyllys KMF_DSA = 2, 23699ebb4caSwyllys KMF_AES = 3, 23799ebb4caSwyllys KMF_RC4 = 4, 23899ebb4caSwyllys KMF_DES = 5, 239*c197cb9dShylee KMF_DES3 = 6, 240*c197cb9dShylee KMF_GENERIC_SECRET = 7 24199ebb4caSwyllys }KMF_KEY_ALG; 24299ebb4caSwyllys 24399ebb4caSwyllys typedef enum { 24499ebb4caSwyllys KMF_KEYCLASS_NONE = 0, 24599ebb4caSwyllys KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */ 24699ebb4caSwyllys KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */ 24799ebb4caSwyllys KMF_SYMMETRIC = 3 /* symmetric key */ 24899ebb4caSwyllys }KMF_KEY_CLASS; 24999ebb4caSwyllys 25099ebb4caSwyllys typedef struct { 25199ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 25299ebb4caSwyllys KMF_CREDENTIAL cred; 25399ebb4caSwyllys KMF_KEY_CLASS keyclass; 25499ebb4caSwyllys KMF_KEY_ALG keytype; 25599ebb4caSwyllys KMF_ENCODE_FORMAT format; /* for key */ 25699ebb4caSwyllys char *findLabel; 25799ebb4caSwyllys char *idstr; 25899ebb4caSwyllys union { 25999ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 26099ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 26199ebb4caSwyllys KMF_PKCS11_PARAMS pkcs11_opts; 26299ebb4caSwyllys } ks_opt_u; 26399ebb4caSwyllys } KMF_FINDKEY_PARAMS; 26499ebb4caSwyllys 26599ebb4caSwyllys typedef struct { 26699ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; /* all */ 26799ebb4caSwyllys char *certLabel; 26899ebb4caSwyllys 26999ebb4caSwyllys union { 27099ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 27199ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 27299ebb4caSwyllys } ks_opt_u; 27399ebb4caSwyllys } KMF_STORECERT_PARAMS; 27499ebb4caSwyllys 27599ebb4caSwyllys typedef struct { 27699ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 27799ebb4caSwyllys KMF_CREDENTIAL cred; 27899ebb4caSwyllys KMF_DATA *certificate; 27999ebb4caSwyllys char *label; 28099ebb4caSwyllys union { 28199ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 28299ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 28399ebb4caSwyllys } ks_opt_u; 28499ebb4caSwyllys } KMF_STOREKEY_PARAMS; 28599ebb4caSwyllys 28699ebb4caSwyllys typedef struct { 28799ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 28899ebb4caSwyllys KMF_CREDENTIAL cred; 28999ebb4caSwyllys union { 29099ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 29199ebb4caSwyllys } ks_opt_u; 29299ebb4caSwyllys } KMF_DELETEKEY_PARAMS; 29399ebb4caSwyllys 29499ebb4caSwyllys typedef struct { 29599ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 29699ebb4caSwyllys char *certfile; 29799ebb4caSwyllys char *certLabel; 29899ebb4caSwyllys 29999ebb4caSwyllys union { 30099ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 30199ebb4caSwyllys } ks_opt_u; 30299ebb4caSwyllys } KMF_IMPORTCERT_PARAMS; 30399ebb4caSwyllys 30499ebb4caSwyllys typedef enum { 30599ebb4caSwyllys KMF_CERT = 0, 30699ebb4caSwyllys KMF_CSR = 1, 30799ebb4caSwyllys KMF_CRL = 2 30899ebb4caSwyllys }KMF_OBJECT_TYPE; 30999ebb4caSwyllys 31099ebb4caSwyllys typedef struct { 31199ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 31299ebb4caSwyllys KMF_KEY_ALG keytype; 31399ebb4caSwyllys uint32_t keylength; 31499ebb4caSwyllys char *keylabel; 31599ebb4caSwyllys KMF_CREDENTIAL cred; 31699ebb4caSwyllys KMF_BIGINT rsa_exponent; 31799ebb4caSwyllys union { 31899ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 31999ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 32099ebb4caSwyllys }ks_opt_u; 32199ebb4caSwyllys } KMF_CREATEKEYPAIR_PARAMS; 32299ebb4caSwyllys 32399ebb4caSwyllys typedef struct { 32499ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 32599ebb4caSwyllys union { 32699ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 32799ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 32899ebb4caSwyllys } ks_opt_u; 32999ebb4caSwyllys } KMF_IMPORTCRL_PARAMS; 33099ebb4caSwyllys 33199ebb4caSwyllys typedef struct { 33299ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 33399ebb4caSwyllys union { 33499ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 33599ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 33699ebb4caSwyllys } ks_opt_u; 33799ebb4caSwyllys } KMF_DELETECRL_PARAMS; 33899ebb4caSwyllys 33999ebb4caSwyllys typedef struct { 34099ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 34199ebb4caSwyllys union { 34299ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 34399ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 34499ebb4caSwyllys } ks_opt_u; 34599ebb4caSwyllys } KMF_LISTCRL_PARAMS; 34699ebb4caSwyllys 34799ebb4caSwyllys typedef struct { 34899ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 34999ebb4caSwyllys union { 35099ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 35199ebb4caSwyllys } ks_opt_u; 35299ebb4caSwyllys } KMF_FINDCRL_PARAMS; 35399ebb4caSwyllys 35499ebb4caSwyllys typedef struct { 35599ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 35699ebb4caSwyllys 35799ebb4caSwyllys union { 35899ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 35999ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 36099ebb4caSwyllys } ks_opt_u; 36199ebb4caSwyllys } KMF_FINDCERTINCRL_PARAMS; 36299ebb4caSwyllys 36399ebb4caSwyllys typedef struct { 36499ebb4caSwyllys char *crl_name; 36599ebb4caSwyllys KMF_DATA *tacert; 36699ebb4caSwyllys } KMF_VERIFYCRL_PARAMS; 36799ebb4caSwyllys 36899ebb4caSwyllys typedef struct { 36999ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 37099ebb4caSwyllys KMF_CREDENTIAL cred; 37199ebb4caSwyllys KMF_ENCODE_FORMAT format; /* for key */ 37299ebb4caSwyllys char *certLabel; 37302744e81Swyllys KMF_ALGORITHM_INDEX algid; 37499ebb4caSwyllys union { 37599ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 37699ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 37799ebb4caSwyllys }ks_opt_u; 37899ebb4caSwyllys } KMF_CRYPTOWITHCERT_PARAMS; 37999ebb4caSwyllys 38099ebb4caSwyllys typedef struct { 38199ebb4caSwyllys char *crl_name; 38299ebb4caSwyllys } KMF_CHECKCRLDATE_PARAMS; 38399ebb4caSwyllys 38499ebb4caSwyllys typedef struct { 38599ebb4caSwyllys CK_SLOT_ID slot; 38699ebb4caSwyllys } pk11_setpin_opts; 38799ebb4caSwyllys 38899ebb4caSwyllys typedef struct { 38999ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 39099ebb4caSwyllys char *tokenname; 39199ebb4caSwyllys KMF_CREDENTIAL cred; /* current token PIN */ 39299ebb4caSwyllys union { 39399ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 39499ebb4caSwyllys pk11_setpin_opts pkcs11_opts; 39599ebb4caSwyllys }ks_opt_u; 39699ebb4caSwyllys } KMF_SETPIN_PARAMS; 39799ebb4caSwyllys 39899ebb4caSwyllys typedef struct { 39999ebb4caSwyllys KMF_BIGINT mod; 40099ebb4caSwyllys KMF_BIGINT pubexp; 40199ebb4caSwyllys KMF_BIGINT priexp; 40299ebb4caSwyllys KMF_BIGINT prime1; 40399ebb4caSwyllys KMF_BIGINT prime2; 40499ebb4caSwyllys KMF_BIGINT exp1; 40599ebb4caSwyllys KMF_BIGINT exp2; 40699ebb4caSwyllys KMF_BIGINT coef; 40799ebb4caSwyllys } KMF_RAW_RSA_KEY; 40899ebb4caSwyllys 40999ebb4caSwyllys typedef struct { 41099ebb4caSwyllys KMF_BIGINT prime; 41199ebb4caSwyllys KMF_BIGINT subprime; 41299ebb4caSwyllys KMF_BIGINT base; 41399ebb4caSwyllys KMF_BIGINT value; 41499ebb4caSwyllys } KMF_RAW_DSA_KEY; 41599ebb4caSwyllys 41699ebb4caSwyllys typedef struct { 41799ebb4caSwyllys KMF_BIGINT keydata; 41899ebb4caSwyllys } KMF_RAW_SYM_KEY; 41999ebb4caSwyllys 42099ebb4caSwyllys typedef struct { 42199ebb4caSwyllys KMF_KEY_ALG keytype; 42299ebb4caSwyllys union { 42399ebb4caSwyllys KMF_RAW_RSA_KEY rsa; 42499ebb4caSwyllys KMF_RAW_DSA_KEY dsa; 42599ebb4caSwyllys KMF_RAW_SYM_KEY sym; 42699ebb4caSwyllys }rawdata; 42799ebb4caSwyllys } KMF_RAW_KEY_DATA; 42899ebb4caSwyllys 42999ebb4caSwyllys typedef struct { 43099ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 43199ebb4caSwyllys char *certLabel; 43299ebb4caSwyllys char *issuer; 43399ebb4caSwyllys char *subject; 43499ebb4caSwyllys char *idstr; 43599ebb4caSwyllys KMF_BIGINT *serial; 43699ebb4caSwyllys KMF_CREDENTIAL cred; /* cred for accessing the token */ 43799ebb4caSwyllys KMF_CREDENTIAL p12cred; /* cred used for securing the file */ 43899ebb4caSwyllys 43999ebb4caSwyllys union { 44099ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 44199ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 44299ebb4caSwyllys }ks_opt_u; 44399ebb4caSwyllys } KMF_EXPORTP12_PARAMS; 44499ebb4caSwyllys 44599ebb4caSwyllys typedef struct { 44699ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 44799ebb4caSwyllys KMF_KEY_ALG keytype; 44899ebb4caSwyllys uint32_t keylength; 44999ebb4caSwyllys char *keylabel; 45099ebb4caSwyllys KMF_CREDENTIAL cred; 45199ebb4caSwyllys union { 45299ebb4caSwyllys KMF_NSS_PARAMS nss_opts; 45399ebb4caSwyllys KMF_OPENSSL_PARAMS openssl_opts; 45499ebb4caSwyllys KMF_PKCS11_PARAMS pkcs11_opts; 45599ebb4caSwyllys }ks_opt_u; 45699ebb4caSwyllys } KMF_CREATESYMKEY_PARAMS; 45799ebb4caSwyllys 45899ebb4caSwyllys /* Data structures for OCSP support */ 45999ebb4caSwyllys typedef struct { 46099ebb4caSwyllys KMF_DATA *issuer_cert; 46199ebb4caSwyllys KMF_DATA *user_cert; 46299ebb4caSwyllys } KMF_OCSPREQUEST_PARAMS; 46399ebb4caSwyllys 46499ebb4caSwyllys typedef struct { 46599ebb4caSwyllys KMF_DATA *response; 46699ebb4caSwyllys KMF_DATA *issuer_cert; 46799ebb4caSwyllys KMF_DATA *user_cert; 46899ebb4caSwyllys KMF_DATA *signer_cert; /* can be NULL */ 46999ebb4caSwyllys boolean_t ignore_response_sign; /* default is FALSE */ 47099ebb4caSwyllys uint32_t response_lifetime; /* in seconds */ 47199ebb4caSwyllys } KMF_OCSPRESPONSE_PARAMS_INPUT; 47299ebb4caSwyllys 47399ebb4caSwyllys typedef enum { 47499ebb4caSwyllys OCSP_GOOD = 0, 47599ebb4caSwyllys OCSP_REVOKED = 1, 47699ebb4caSwyllys OCSP_UNKNOWN = 2 47799ebb4caSwyllys } KMF_OCSP_CERT_STATUS; 47899ebb4caSwyllys 47999ebb4caSwyllys typedef struct { 48099ebb4caSwyllys int response_status; 48199ebb4caSwyllys int reason; /* if revoked */ 48299ebb4caSwyllys KMF_OCSP_CERT_STATUS cert_status; 48399ebb4caSwyllys } KMF_OCSPRESPONSE_PARAMS_OUTPUT; 48499ebb4caSwyllys 48599ebb4caSwyllys #define nssparms ks_opt_u.nss_opts 48699ebb4caSwyllys #define sslparms ks_opt_u.openssl_opts 48799ebb4caSwyllys #define pkcs11parms ks_opt_u.pkcs11_opts 48899ebb4caSwyllys 48999ebb4caSwyllys typedef struct { 49099ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 49199ebb4caSwyllys KMF_KEY_ALG keyalg; 49299ebb4caSwyllys KMF_KEY_CLASS keyclass; 49399ebb4caSwyllys boolean_t israw; 49499ebb4caSwyllys char *keylabel; 49599ebb4caSwyllys void *keyp; 49699ebb4caSwyllys } KMF_KEY_HANDLE; 49799ebb4caSwyllys 49899ebb4caSwyllys typedef struct { 49999ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 50099ebb4caSwyllys uint32_t errcode; 50199ebb4caSwyllys } KMF_ERROR; 50299ebb4caSwyllys 50399ebb4caSwyllys /* 50499ebb4caSwyllys * Typenames to use with subjectAltName 50599ebb4caSwyllys */ 50699ebb4caSwyllys typedef enum { 50799ebb4caSwyllys GENNAME_OTHERNAME = 0x00, 50899ebb4caSwyllys GENNAME_RFC822NAME, 50999ebb4caSwyllys GENNAME_DNSNAME, 51099ebb4caSwyllys GENNAME_X400ADDRESS, 51199ebb4caSwyllys GENNAME_DIRECTORYNAME, 51299ebb4caSwyllys GENNAME_EDIPARTYNAME, 51399ebb4caSwyllys GENNAME_URI, 51499ebb4caSwyllys GENNAME_IPADDRESS, 51599ebb4caSwyllys GENNAME_REGISTEREDID 51699ebb4caSwyllys } KMF_GENERALNAMECHOICES; 51799ebb4caSwyllys 51899ebb4caSwyllys /* 51999ebb4caSwyllys * KMF_FIELD 52099ebb4caSwyllys * This structure contains the OID/value pair for any item that can be 52199ebb4caSwyllys * identified by an OID. 52299ebb4caSwyllys */ 52399ebb4caSwyllys typedef struct 52499ebb4caSwyllys { 52599ebb4caSwyllys KMF_OID FieldOid; 52699ebb4caSwyllys KMF_DATA FieldValue; 52799ebb4caSwyllys } KMF_FIELD; 52899ebb4caSwyllys 52999ebb4caSwyllys typedef enum { 53099ebb4caSwyllys KMF_OK = 0x00, 53199ebb4caSwyllys KMF_ERR_BAD_PARAMETER = 0x01, 53299ebb4caSwyllys KMF_ERR_BAD_KEY_FORMAT = 0x02, 53399ebb4caSwyllys KMF_ERR_BAD_ALGORITHM = 0x03, 53499ebb4caSwyllys KMF_ERR_MEMORY = 0x04, 53599ebb4caSwyllys KMF_ERR_ENCODING = 0x05, 53699ebb4caSwyllys KMF_ERR_PLUGIN_INIT = 0x06, 53799ebb4caSwyllys KMF_ERR_PLUGIN_NOTFOUND = 0x07, 53899ebb4caSwyllys KMF_ERR_INTERNAL = 0x0b, 53999ebb4caSwyllys KMF_ERR_BAD_CERT_FORMAT = 0x0c, 54099ebb4caSwyllys KMF_ERR_KEYGEN_FAILED = 0x0d, 54199ebb4caSwyllys KMF_ERR_UNINITIALIZED = 0x10, 54299ebb4caSwyllys KMF_ERR_ISSUER = 0x11, 54399ebb4caSwyllys KMF_ERR_NOT_REVOKED = 0x12, 54499ebb4caSwyllys KMF_ERR_CERT_NOT_FOUND = 0x13, 54599ebb4caSwyllys KMF_ERR_CRL_NOT_FOUND = 0x14, 54699ebb4caSwyllys KMF_ERR_RDN_PARSER = 0x15, 54799ebb4caSwyllys KMF_ERR_RDN_ATTR = 0x16, 54899ebb4caSwyllys KMF_ERR_SLOTNAME = 0x17, 54999ebb4caSwyllys KMF_ERR_EMPTY_CRL = 0x18, 55099ebb4caSwyllys KMF_ERR_BUFFER_SIZE = 0x19, 55199ebb4caSwyllys KMF_ERR_AUTH_FAILED = 0x1a, 55299ebb4caSwyllys KMF_ERR_TOKEN_SELECTED = 0x1b, 55399ebb4caSwyllys KMF_ERR_NO_TOKEN_SELECTED = 0x1c, 55499ebb4caSwyllys KMF_ERR_TOKEN_NOT_PRESENT = 0x1d, 55599ebb4caSwyllys KMF_ERR_EXTENSION_NOT_FOUND = 0x1e, 55699ebb4caSwyllys KMF_ERR_POLICY_ENGINE = 0x1f, 55799ebb4caSwyllys KMF_ERR_POLICY_DB_FORMAT = 0x20, 55899ebb4caSwyllys KMF_ERR_POLICY_NOT_FOUND = 0x21, 55999ebb4caSwyllys KMF_ERR_POLICY_DB_FILE = 0x22, 56099ebb4caSwyllys KMF_ERR_POLICY_NAME = 0x23, 56199ebb4caSwyllys KMF_ERR_OCSP_POLICY = 0x24, 56299ebb4caSwyllys KMF_ERR_TA_POLICY = 0x25, 56399ebb4caSwyllys KMF_ERR_KEY_NOT_FOUND = 0x26, 56499ebb4caSwyllys KMF_ERR_OPEN_FILE = 0x27, 56599ebb4caSwyllys KMF_ERR_OCSP_BAD_ISSUER = 0x28, 56699ebb4caSwyllys KMF_ERR_OCSP_BAD_CERT = 0x29, 56799ebb4caSwyllys KMF_ERR_OCSP_CREATE_REQUEST = 0x2a, 56899ebb4caSwyllys KMF_ERR_CONNECT_SERVER = 0x2b, 56999ebb4caSwyllys KMF_ERR_SEND_REQUEST = 0x2c, 57099ebb4caSwyllys KMF_ERR_OCSP_CERTID = 0x2d, 57199ebb4caSwyllys KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e, 57299ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f, 57399ebb4caSwyllys KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30, 57499ebb4caSwyllys KMF_ERR_OCSP_BAD_SIGNER = 0x31, 57599ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32, 57699ebb4caSwyllys KMF_ERR_OCSP_UNKNOWN_CERT = 0x33, 57799ebb4caSwyllys KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34, 57899ebb4caSwyllys KMF_ERR_BAD_HTTP_RESPONSE = 0x35, 57999ebb4caSwyllys KMF_ERR_RECV_RESPONSE = 0x36, 58099ebb4caSwyllys KMF_ERR_RECV_TIMEOUT = 0x37, 58199ebb4caSwyllys KMF_ERR_DUPLICATE_KEYFILE = 0x38, 58299ebb4caSwyllys KMF_ERR_AMBIGUOUS_PATHNAME = 0x39, 58399ebb4caSwyllys KMF_ERR_FUNCTION_NOT_FOUND = 0x3a, 58499ebb4caSwyllys KMF_ERR_PKCS12_FORMAT = 0x3b, 58599ebb4caSwyllys KMF_ERR_BAD_KEY_TYPE = 0x3c, 58699ebb4caSwyllys KMF_ERR_BAD_KEY_CLASS = 0x3d, 58799ebb4caSwyllys KMF_ERR_BAD_KEY_SIZE = 0x3e, 58899ebb4caSwyllys KMF_ERR_BAD_HEX_STRING = 0x3f, 58999ebb4caSwyllys KMF_ERR_KEYUSAGE = 0x40, 59099ebb4caSwyllys KMF_ERR_VALIDITY_PERIOD = 0x41, 59199ebb4caSwyllys KMF_ERR_OCSP_REVOKED = 0x42, 59299ebb4caSwyllys KMF_ERR_CERT_MULTIPLE_FOUND = 0x43, 59399ebb4caSwyllys KMF_ERR_WRITE_FILE = 0x44, 59499ebb4caSwyllys KMF_ERR_BAD_URI = 0x45, 59599ebb4caSwyllys KMF_ERR_BAD_CRLFILE = 0x46, 59699ebb4caSwyllys KMF_ERR_BAD_CERTFILE = 0x47, 59799ebb4caSwyllys KMF_ERR_GETKEYVALUE_FAILED = 0x48, 59899ebb4caSwyllys KMF_ERR_BAD_KEYHANDLE = 0x49, 59999ebb4caSwyllys KMF_ERR_BAD_OBJECT_TYPE = 0x4a, 60099ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b, 60199ebb4caSwyllys KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c, 60299ebb4caSwyllys KMF_ERR_UNINITIALIZED_TOKEN = 0x4d, 60399ebb4caSwyllys KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e, 60499ebb4caSwyllys KMF_ERR_MISSING_ERRCODE = 0x4f, 60571593db2Swyllys KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50, 60671593db2Swyllys KMF_ERR_SENSITIVE_KEY = 0x51, 60771593db2Swyllys KMF_ERR_UNEXTRACTABLE_KEY = 0x52, 60871593db2Swyllys KMF_ERR_KEY_MISMATCH = 0x53 60999ebb4caSwyllys } KMF_RETURN; 61099ebb4caSwyllys 61199ebb4caSwyllys typedef enum { 61299ebb4caSwyllys OCSP_SUCCESS = 0, 61399ebb4caSwyllys OCSP_MALFORMED_REQUEST = 1, 61499ebb4caSwyllys OCSP_INTERNAL_ERROR = 2, 61599ebb4caSwyllys OCSP_TRYLATER = 3, 61699ebb4caSwyllys OCSP_SIGREQUIRED = 4, 61799ebb4caSwyllys OCSP_UNAUTHORIZED = 5 61899ebb4caSwyllys } KMF_OCSP_RESPONSE_STATUS; 61999ebb4caSwyllys 62099ebb4caSwyllys typedef enum { 62199ebb4caSwyllys OCSP_NOSTATUS = -1, 62299ebb4caSwyllys OCSP_UNSPECIFIED = 0, 62399ebb4caSwyllys OCSP_KEYCOMPROMISE = 1, 62499ebb4caSwyllys OCSP_CACOMPROMISE = 2, 62599ebb4caSwyllys OCSP_AFFILIATIONCHANGE = 3, 62699ebb4caSwyllys OCSP_SUPERCEDED = 4, 62799ebb4caSwyllys OCSP_CESSATIONOFOPERATION = 5, 62899ebb4caSwyllys OCSP_CERTIFICATEHOLD = 6, 62999ebb4caSwyllys OCSP_REMOVEFROMCRL = 7 63099ebb4caSwyllys } KMF_OCSP_REVOKED_STATUS; 63199ebb4caSwyllys 63299ebb4caSwyllys typedef enum { 63399ebb4caSwyllys KMF_ALGCLASS_NONE = 0, 63499ebb4caSwyllys KMF_ALGCLASS_CUSTOM, 63599ebb4caSwyllys KMF_ALGCLASS_SIGNATURE, 63699ebb4caSwyllys KMF_ALGCLASS_SYMMETRIC, 63799ebb4caSwyllys KMF_ALGCLASS_DIGEST, 63899ebb4caSwyllys KMF_ALGCLASS_RANDOMGEN, 63999ebb4caSwyllys KMF_ALGCLASS_UNIQUEGEN, 64099ebb4caSwyllys KMF_ALGCLASS_MAC, 64199ebb4caSwyllys KMF_ALGCLASS_ASYMMETRIC, 64299ebb4caSwyllys KMF_ALGCLASS_KEYGEN, 64399ebb4caSwyllys KMF_ALGCLASS_DERIVEKEY 64499ebb4caSwyllys } KMF_ALGCLASS; 64599ebb4caSwyllys 64699ebb4caSwyllys typedef enum { 64799ebb4caSwyllys KMF_CERT_ISSUER = 1, 64899ebb4caSwyllys KMF_CERT_SUBJECT, 64999ebb4caSwyllys KMF_CERT_VERSION, 65099ebb4caSwyllys KMF_CERT_SERIALNUM, 65199ebb4caSwyllys KMF_CERT_NOTBEFORE, 65299ebb4caSwyllys KMF_CERT_NOTAFTER, 65399ebb4caSwyllys KMF_CERT_PUBKEY_ALG, 65499ebb4caSwyllys KMF_CERT_SIGNATURE_ALG, 65599ebb4caSwyllys KMF_CERT_EMAIL, 65699ebb4caSwyllys KMF_CERT_PUBKEY_DATA, 65799ebb4caSwyllys KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD, 65899ebb4caSwyllys KMF_X509_EXT_CERT_POLICIES, 65999ebb4caSwyllys KMF_X509_EXT_SUBJ_ALTNAME, 66099ebb4caSwyllys KMF_X509_EXT_ISSUER_ALTNAME, 66199ebb4caSwyllys KMF_X509_EXT_BASIC_CONSTRAINTS, 66299ebb4caSwyllys KMF_X509_EXT_NAME_CONSTRAINTS, 66399ebb4caSwyllys KMF_X509_EXT_POLICY_CONSTRAINTS, 66499ebb4caSwyllys KMF_X509_EXT_EXT_KEY_USAGE, 66599ebb4caSwyllys KMF_X509_EXT_INHIBIT_ANY_POLICY, 66699ebb4caSwyllys KMF_X509_EXT_AUTH_KEY_ID, 66799ebb4caSwyllys KMF_X509_EXT_SUBJ_KEY_ID, 66899ebb4caSwyllys KMF_X509_EXT_POLICY_MAPPINGS, 66999ebb4caSwyllys KMF_X509_EXT_CRL_DIST_POINTS, 67099ebb4caSwyllys KMF_X509_EXT_FRESHEST_CRL, 67199ebb4caSwyllys KMF_X509_EXT_KEY_USAGE 67299ebb4caSwyllys } KMF_PRINTABLE_ITEM; 67399ebb4caSwyllys 67499ebb4caSwyllys /* 67599ebb4caSwyllys * KMF_X509_ALGORITHM_IDENTIFIER 67699ebb4caSwyllys * This structure holds an object identifier naming a 67799ebb4caSwyllys * cryptographic algorithm and an optional set of 67899ebb4caSwyllys * parameters to be used as input to that algorithm. 67999ebb4caSwyllys */ 68099ebb4caSwyllys typedef struct 68199ebb4caSwyllys { 68299ebb4caSwyllys KMF_OID algorithm; 68399ebb4caSwyllys KMF_DATA parameters; 68499ebb4caSwyllys } KMF_X509_ALGORITHM_IDENTIFIER; 68599ebb4caSwyllys 68699ebb4caSwyllys /* 68799ebb4caSwyllys * KMF_X509_TYPE_VALUE_PAIR 68899ebb4caSwyllys * This structure contain an type-value pair. 68999ebb4caSwyllys */ 69099ebb4caSwyllys typedef struct 69199ebb4caSwyllys { 69299ebb4caSwyllys KMF_OID type; 69399ebb4caSwyllys uint8_t valueType; /* The Tag to use when BER encoded */ 69499ebb4caSwyllys KMF_DATA value; 69599ebb4caSwyllys } KMF_X509_TYPE_VALUE_PAIR; 69699ebb4caSwyllys 69799ebb4caSwyllys 69899ebb4caSwyllys /* 69999ebb4caSwyllys * KMF_X509_RDN 70099ebb4caSwyllys * This structure contains a Relative Distinguished Name 70199ebb4caSwyllys * composed of an ordered set of type-value pairs. 70299ebb4caSwyllys */ 70399ebb4caSwyllys typedef struct 70499ebb4caSwyllys { 70599ebb4caSwyllys uint32_t numberOfPairs; 70699ebb4caSwyllys KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue; 70799ebb4caSwyllys } KMF_X509_RDN; 70899ebb4caSwyllys 70999ebb4caSwyllys /* 71099ebb4caSwyllys * KMF_X509_NAME 71199ebb4caSwyllys * This structure contains a set of Relative Distinguished Names. 71299ebb4caSwyllys */ 71399ebb4caSwyllys typedef struct 71499ebb4caSwyllys { 71599ebb4caSwyllys uint32_t numberOfRDNs; 71699ebb4caSwyllys KMF_X509_RDN *RelativeDistinguishedName; 71799ebb4caSwyllys } KMF_X509_NAME; 71899ebb4caSwyllys 71999ebb4caSwyllys /* 72099ebb4caSwyllys * KMF_X509_SPKI 72199ebb4caSwyllys * This structure contains the public key and the 72299ebb4caSwyllys * description of the verification algorithm 72399ebb4caSwyllys * appropriate for use with this key. 72499ebb4caSwyllys */ 72599ebb4caSwyllys typedef struct 72699ebb4caSwyllys { 72799ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER algorithm; 72899ebb4caSwyllys KMF_DATA subjectPublicKey; 72999ebb4caSwyllys } KMF_X509_SPKI; 73099ebb4caSwyllys 73199ebb4caSwyllys /* 73299ebb4caSwyllys * KMF_X509_TIME 73399ebb4caSwyllys * Time is represented as a string according to the 73499ebb4caSwyllys * definitions of GeneralizedTime and UTCTime 73599ebb4caSwyllys * defined in RFC 2459. 73699ebb4caSwyllys */ 73799ebb4caSwyllys typedef struct 73899ebb4caSwyllys { 73999ebb4caSwyllys uint8_t timeType; 74099ebb4caSwyllys KMF_DATA time; 74199ebb4caSwyllys } KMF_X509_TIME; 74299ebb4caSwyllys 74399ebb4caSwyllys /* 74499ebb4caSwyllys * KMF_X509_VALIDITY 74599ebb4caSwyllys */ 74699ebb4caSwyllys typedef struct 74799ebb4caSwyllys { 74899ebb4caSwyllys KMF_X509_TIME notBefore; 74999ebb4caSwyllys KMF_X509_TIME notAfter; 75099ebb4caSwyllys } KMF_X509_VALIDITY; 75199ebb4caSwyllys 75299ebb4caSwyllys /* 75399ebb4caSwyllys * KMF_X509EXT_BASICCONSTRAINTS 75499ebb4caSwyllys */ 75599ebb4caSwyllys typedef struct 75699ebb4caSwyllys { 75799ebb4caSwyllys KMF_BOOL cA; 75899ebb4caSwyllys KMF_BOOL pathLenConstraintPresent; 75999ebb4caSwyllys uint32_t pathLenConstraint; 76099ebb4caSwyllys } KMF_X509EXT_BASICCONSTRAINTS; 76199ebb4caSwyllys 76299ebb4caSwyllys /* 76399ebb4caSwyllys * KMF_X509EXT_DATA_FORMAT 76499ebb4caSwyllys * This list defines the valid formats for a certificate extension. 76599ebb4caSwyllys */ 76699ebb4caSwyllys typedef enum 76799ebb4caSwyllys { 76899ebb4caSwyllys KMF_X509_DATAFORMAT_ENCODED = 0, 76999ebb4caSwyllys KMF_X509_DATAFORMAT_PARSED, 77099ebb4caSwyllys KMF_X509_DATAFORMAT_PAIR 77199ebb4caSwyllys } KMF_X509EXT_DATA_FORMAT; 77299ebb4caSwyllys 77399ebb4caSwyllys 77499ebb4caSwyllys /* 77599ebb4caSwyllys * KMF_X509EXT_TAGandVALUE 77699ebb4caSwyllys * This structure contains a BER/DER encoded 77799ebb4caSwyllys * extension value and the type of that value. 77899ebb4caSwyllys */ 77999ebb4caSwyllys typedef struct 78099ebb4caSwyllys { 78199ebb4caSwyllys uint8_t type; 78299ebb4caSwyllys KMF_DATA value; 78399ebb4caSwyllys } KMF_X509EXT_TAGandVALUE; 78499ebb4caSwyllys 78599ebb4caSwyllys 78699ebb4caSwyllys /* 78799ebb4caSwyllys * KMF_X509EXT_PAIR 78899ebb4caSwyllys * This structure aggregates two extension representations: 78999ebb4caSwyllys * a tag and value, and a parsed X509 extension representation. 79099ebb4caSwyllys */ 79199ebb4caSwyllys typedef struct 79299ebb4caSwyllys { 79399ebb4caSwyllys KMF_X509EXT_TAGandVALUE tagAndValue; 79499ebb4caSwyllys void *parsedValue; 79599ebb4caSwyllys } KMF_X509EXT_PAIR; 79699ebb4caSwyllys 79799ebb4caSwyllys /* 79899ebb4caSwyllys * KMF_X509_EXTENSION 79999ebb4caSwyllys * This structure contains a complete certificate extension. 80099ebb4caSwyllys */ 80199ebb4caSwyllys typedef struct 80299ebb4caSwyllys { 80399ebb4caSwyllys KMF_OID extnId; 80499ebb4caSwyllys KMF_BOOL critical; 80599ebb4caSwyllys KMF_X509EXT_DATA_FORMAT format; 80699ebb4caSwyllys union 80799ebb4caSwyllys { 80899ebb4caSwyllys KMF_X509EXT_TAGandVALUE *tagAndValue; 80999ebb4caSwyllys void *parsedValue; 81099ebb4caSwyllys KMF_X509EXT_PAIR *valuePair; 81199ebb4caSwyllys } value; 81299ebb4caSwyllys KMF_DATA BERvalue; 81399ebb4caSwyllys } KMF_X509_EXTENSION; 81499ebb4caSwyllys 81599ebb4caSwyllys 81699ebb4caSwyllys /* 81799ebb4caSwyllys * KMF_X509_EXTENSIONS 81899ebb4caSwyllys * This structure contains the set of all certificate 81999ebb4caSwyllys * extensions contained in a certificate. 82099ebb4caSwyllys */ 82199ebb4caSwyllys typedef struct 82299ebb4caSwyllys { 82399ebb4caSwyllys uint32_t numberOfExtensions; 82499ebb4caSwyllys KMF_X509_EXTENSION *extensions; 82599ebb4caSwyllys } KMF_X509_EXTENSIONS; 82699ebb4caSwyllys 82799ebb4caSwyllys /* 82899ebb4caSwyllys * KMF_X509_TBS_CERT 82999ebb4caSwyllys * This structure contains a complete X.509 certificate. 83099ebb4caSwyllys */ 83199ebb4caSwyllys typedef struct 83299ebb4caSwyllys { 83399ebb4caSwyllys KMF_DATA version; 83499ebb4caSwyllys KMF_BIGINT serialNumber; 83599ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER signature; 83699ebb4caSwyllys KMF_X509_NAME issuer; 83799ebb4caSwyllys KMF_X509_VALIDITY validity; 83899ebb4caSwyllys KMF_X509_NAME subject; 83999ebb4caSwyllys KMF_X509_SPKI subjectPublicKeyInfo; 84099ebb4caSwyllys KMF_DATA issuerUniqueIdentifier; 84199ebb4caSwyllys KMF_DATA subjectUniqueIdentifier; 84299ebb4caSwyllys KMF_X509_EXTENSIONS extensions; 84399ebb4caSwyllys } KMF_X509_TBS_CERT; 84499ebb4caSwyllys 84599ebb4caSwyllys /* 84699ebb4caSwyllys * KMF_X509_SIGNATURE 84799ebb4caSwyllys * This structure contains a cryptographic digital signature. 84899ebb4caSwyllys */ 84999ebb4caSwyllys typedef struct 85099ebb4caSwyllys { 85199ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; 85299ebb4caSwyllys KMF_DATA encrypted; 85399ebb4caSwyllys } KMF_X509_SIGNATURE; 85499ebb4caSwyllys 85599ebb4caSwyllys /* 85699ebb4caSwyllys * KMF_X509_CERTIFICATE 85799ebb4caSwyllys * This structure associates a set of decoded certificate 85899ebb4caSwyllys * values with the signature covering those values. 85999ebb4caSwyllys */ 86099ebb4caSwyllys typedef struct 86199ebb4caSwyllys { 86299ebb4caSwyllys KMF_X509_TBS_CERT certificate; 86399ebb4caSwyllys KMF_X509_SIGNATURE signature; 86499ebb4caSwyllys } KMF_X509_CERTIFICATE; 86599ebb4caSwyllys 86699ebb4caSwyllys #define CERT_ALG_OID(c) &c->certificate.signature.algorithm 86799ebb4caSwyllys #define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm 86899ebb4caSwyllys 86999ebb4caSwyllys /* 87099ebb4caSwyllys * KMF_TBS_CSR 87199ebb4caSwyllys * This structure contains a complete PKCS#10 certificate request 87299ebb4caSwyllys */ 87399ebb4caSwyllys typedef struct 87499ebb4caSwyllys { 87599ebb4caSwyllys KMF_DATA version; 87699ebb4caSwyllys KMF_X509_NAME subject; 87799ebb4caSwyllys KMF_X509_SPKI subjectPublicKeyInfo; 87899ebb4caSwyllys KMF_X509_EXTENSIONS extensions; 87999ebb4caSwyllys } KMF_TBS_CSR; 88099ebb4caSwyllys 88199ebb4caSwyllys /* 88299ebb4caSwyllys * KMF_CSR_DATA 88399ebb4caSwyllys * This structure contains a complete PKCS#10 certificate signed request 88499ebb4caSwyllys */ 88599ebb4caSwyllys typedef struct 88699ebb4caSwyllys { 88799ebb4caSwyllys KMF_TBS_CSR csr; 88899ebb4caSwyllys KMF_X509_SIGNATURE signature; 88999ebb4caSwyllys } KMF_CSR_DATA; 89099ebb4caSwyllys 89199ebb4caSwyllys /* 89299ebb4caSwyllys * KMF_X509EXT_POLICYQUALIFIERINFO 89399ebb4caSwyllys */ 89499ebb4caSwyllys typedef struct 89599ebb4caSwyllys { 89699ebb4caSwyllys KMF_OID policyQualifierId; 89799ebb4caSwyllys KMF_DATA value; 89899ebb4caSwyllys } KMF_X509EXT_POLICYQUALIFIERINFO; 89999ebb4caSwyllys 90099ebb4caSwyllys /* 90199ebb4caSwyllys * KMF_X509EXT_POLICYQUALIFIERS 90299ebb4caSwyllys */ 90399ebb4caSwyllys typedef struct 90499ebb4caSwyllys { 90599ebb4caSwyllys uint32_t numberOfPolicyQualifiers; 90699ebb4caSwyllys KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier; 90799ebb4caSwyllys } KMF_X509EXT_POLICYQUALIFIERS; 90899ebb4caSwyllys 90999ebb4caSwyllys /* 91099ebb4caSwyllys * KMF_X509EXT_POLICYINFO 91199ebb4caSwyllys */ 91299ebb4caSwyllys typedef struct 91399ebb4caSwyllys { 91499ebb4caSwyllys KMF_OID policyIdentifier; 91599ebb4caSwyllys KMF_X509EXT_POLICYQUALIFIERS policyQualifiers; 91699ebb4caSwyllys } KMF_X509EXT_POLICYINFO; 91799ebb4caSwyllys 91899ebb4caSwyllys typedef struct 91999ebb4caSwyllys { 92099ebb4caSwyllys uint32_t numberOfPolicyInfo; 92199ebb4caSwyllys KMF_X509EXT_POLICYINFO *policyInfo; 92299ebb4caSwyllys } KMF_X509EXT_CERT_POLICIES; 92399ebb4caSwyllys 92499ebb4caSwyllys typedef struct 92599ebb4caSwyllys { 92699ebb4caSwyllys uchar_t critical; 92799ebb4caSwyllys uint16_t KeyUsageBits; 92899ebb4caSwyllys } KMF_X509EXT_KEY_USAGE; 92999ebb4caSwyllys 93099ebb4caSwyllys typedef struct 93199ebb4caSwyllys { 93299ebb4caSwyllys uchar_t critical; 93399ebb4caSwyllys uint16_t nEKUs; 93499ebb4caSwyllys KMF_OID *keyPurposeIdList; 93599ebb4caSwyllys } KMF_X509EXT_EKU; 93699ebb4caSwyllys 93799ebb4caSwyllys 93899ebb4caSwyllys /* 93999ebb4caSwyllys * X509 AuthorityInfoAccess extension 94099ebb4caSwyllys */ 94199ebb4caSwyllys typedef struct 94299ebb4caSwyllys { 94399ebb4caSwyllys KMF_OID AccessMethod; 94499ebb4caSwyllys KMF_DATA AccessLocation; 94599ebb4caSwyllys } KMF_X509EXT_ACCESSDESC; 94699ebb4caSwyllys 94799ebb4caSwyllys typedef struct 94899ebb4caSwyllys { 94999ebb4caSwyllys uint32_t numberOfAccessDescription; 95099ebb4caSwyllys KMF_X509EXT_ACCESSDESC *AccessDesc; 95199ebb4caSwyllys } KMF_X509EXT_AUTHINFOACCESS; 95299ebb4caSwyllys 95399ebb4caSwyllys 95499ebb4caSwyllys /* 95599ebb4caSwyllys * X509 Crl Distribution Point extension 95699ebb4caSwyllys */ 95799ebb4caSwyllys typedef struct { 95899ebb4caSwyllys KMF_GENERALNAMECHOICES choice; 95999ebb4caSwyllys KMF_DATA name; 96099ebb4caSwyllys } KMF_GENERALNAME; 96199ebb4caSwyllys 96299ebb4caSwyllys typedef struct { 96399ebb4caSwyllys uint32_t number; 96499ebb4caSwyllys KMF_GENERALNAME *namelist; 96599ebb4caSwyllys } KMF_GENERALNAMES; 96699ebb4caSwyllys 96799ebb4caSwyllys typedef enum { 96899ebb4caSwyllys DP_GENERAL_NAME = 1, 96999ebb4caSwyllys DP_RELATIVE_NAME = 2 97099ebb4caSwyllys } KMF_CRL_DIST_POINT_TYPE; 97199ebb4caSwyllys 97299ebb4caSwyllys typedef struct { 97399ebb4caSwyllys KMF_CRL_DIST_POINT_TYPE type; 97499ebb4caSwyllys union { 97599ebb4caSwyllys KMF_GENERALNAMES full_name; 97699ebb4caSwyllys KMF_DATA relative_name; 97799ebb4caSwyllys } name; 97899ebb4caSwyllys KMF_DATA reasons; 97999ebb4caSwyllys KMF_GENERALNAMES crl_issuer; 98099ebb4caSwyllys } KMF_CRL_DIST_POINT; 98199ebb4caSwyllys 98299ebb4caSwyllys typedef struct { 98399ebb4caSwyllys uint32_t number; 98499ebb4caSwyllys KMF_CRL_DIST_POINT *dplist; 98599ebb4caSwyllys } KMF_X509EXT_CRLDISTPOINTS; 98699ebb4caSwyllys 98799ebb4caSwyllys 98899ebb4caSwyllys /* 98999ebb4caSwyllys * Definitions for common X.509v3 certificate attribute OIDs 99099ebb4caSwyllys */ 99199ebb4caSwyllys #define OID_ISO_MEMBER 42 /* Also in PKCS */ 99299ebb4caSwyllys #define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */ 99399ebb4caSwyllys #define OID_CA OID_ISO_MEMBER, 124 99499ebb4caSwyllys 99599ebb4caSwyllys #define OID_ISO_IDENTIFIED_ORG 43 99699ebb4caSwyllys #define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 99799ebb4caSwyllys #define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 99899ebb4caSwyllys #define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 99999ebb4caSwyllys #define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */ 100099ebb4caSwyllys 100199ebb4caSwyllys #define OID_ISO_CCITT_DIR_SERVICE 85 100299ebb4caSwyllys #define OID_ISO_CCITT_COUNTRY 96 100399ebb4caSwyllys #define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72 100499ebb4caSwyllys #define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124 100599ebb4caSwyllys #define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1 100699ebb4caSwyllys #define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2 100799ebb4caSwyllys #define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3 100899ebb4caSwyllys 100999ebb4caSwyllys /* From the PKCS Standards */ 101099ebb4caSwyllys #define OID_ISO_MEMBER_LENGTH 1 101199ebb4caSwyllys #define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2) 101299ebb4caSwyllys 101399ebb4caSwyllys #define OID_RSA OID_US, 134, 247, 13 101499ebb4caSwyllys #define OID_RSA_LENGTH (OID_US_LENGTH + 3) 101599ebb4caSwyllys 101699ebb4caSwyllys #define OID_RSA_HASH OID_RSA, 2 101799ebb4caSwyllys #define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1) 101899ebb4caSwyllys 101999ebb4caSwyllys #define OID_RSA_ENCRYPT OID_RSA, 3 102099ebb4caSwyllys #define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1) 102199ebb4caSwyllys 102299ebb4caSwyllys #define OID_PKCS OID_RSA, 1 102399ebb4caSwyllys #define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1) 102499ebb4caSwyllys 102599ebb4caSwyllys #define OID_PKCS_1 OID_PKCS, 1 102699ebb4caSwyllys #define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1) 102799ebb4caSwyllys 102899ebb4caSwyllys #define OID_PKCS_2 OID_PKCS, 2 102999ebb4caSwyllys #define OID_PKCS_3 OID_PKCS, 3 103099ebb4caSwyllys #define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1) 103199ebb4caSwyllys 103299ebb4caSwyllys #define OID_PKCS_4 OID_PKCS, 4 103399ebb4caSwyllys #define OID_PKCS_5 OID_PKCS, 5 103499ebb4caSwyllys #define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1) 103599ebb4caSwyllys #define OID_PKCS_6 OID_PKCS, 6 103699ebb4caSwyllys #define OID_PKCS_7 OID_PKCS, 7 103799ebb4caSwyllys #define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1) 103899ebb4caSwyllys 103999ebb4caSwyllys #define OID_PKCS_7_Data OID_PKCS_7, 1 104099ebb4caSwyllys #define OID_PKCS_7_SignedData OID_PKCS_7, 2 104199ebb4caSwyllys #define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3 104299ebb4caSwyllys #define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4 104399ebb4caSwyllys #define OID_PKCS_7_DigestedData OID_PKCS_7, 5 104499ebb4caSwyllys #define OID_PKCS_7_EncryptedData OID_PKCS_7, 6 104599ebb4caSwyllys 104699ebb4caSwyllys #define OID_PKCS_8 OID_PKCS, 8 104799ebb4caSwyllys #define OID_PKCS_9 OID_PKCS, 9 104899ebb4caSwyllys #define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1) 104999ebb4caSwyllys 105099ebb4caSwyllys #define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3 105199ebb4caSwyllys #define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4 105299ebb4caSwyllys #define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5 105399ebb4caSwyllys #define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6 105499ebb4caSwyllys #define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14 105599ebb4caSwyllys 105699ebb4caSwyllys #define OID_PKCS_10 OID_PKCS, 10 105799ebb4caSwyllys 105899ebb4caSwyllys #define OID_PKCS_12 OID_PKCS, 12 105999ebb4caSwyllys #define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1) 106099ebb4caSwyllys 106199ebb4caSwyllys #define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1 106299ebb4caSwyllys #define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2 106399ebb4caSwyllys #define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3 106499ebb4caSwyllys #define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4 106599ebb4caSwyllys #define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5 106699ebb4caSwyllys #define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6 106799ebb4caSwyllys 106899ebb4caSwyllys #define OID_BAG_TYPES OID_PKCS_12, 10, 1 106999ebb4caSwyllys #define OID_KeyBag OID_BAG_TYPES, 1 107099ebb4caSwyllys #define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2 107199ebb4caSwyllys #define OID_CertBag OID_BAG_TYPES, 3 107299ebb4caSwyllys #define OID_CrlBag OID_BAG_TYPES, 4 107399ebb4caSwyllys #define OID_SecretBag OID_BAG_TYPES, 5 107499ebb4caSwyllys #define OID_SafeContentsBag OID_BAG_TYPES, 6 107599ebb4caSwyllys 107699ebb4caSwyllys #define OID_ContentInfo OID_PKCS_7, 0, 1 107799ebb4caSwyllys 107899ebb4caSwyllys #define OID_CERT_TYPES OID_PKCS_9, 22 107999ebb4caSwyllys #define OID_x509Certificate OID_CERT_TYPES, 1 108099ebb4caSwyllys #define OID_sdsiCertificate OID_CERT_TYPES, 2 108199ebb4caSwyllys 108299ebb4caSwyllys #define OID_CRL_TYPES OID_PKCS_9, 23 108399ebb4caSwyllys #define OID_x509Crl OID_CRL_TYPES, 1 108499ebb4caSwyllys 108599ebb4caSwyllys #define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */ 108699ebb4caSwyllys #define OID_DS_LENGTH 1 108799ebb4caSwyllys 108899ebb4caSwyllys #define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */ 108999ebb4caSwyllys #define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1) 109099ebb4caSwyllys 109199ebb4caSwyllys #define OID_DSALG OID_DS, 8 /* Also in X.501 */ 109299ebb4caSwyllys #define OID_DSALG_LENGTH (OID_DS_LENGTH + 1) 109399ebb4caSwyllys 109499ebb4caSwyllys #define OID_EXTENSION OID_DS, 29 /* Also in X.501 */ 109599ebb4caSwyllys #define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1) 109699ebb4caSwyllys 109799ebb4caSwyllys /* 109899ebb4caSwyllys * From RFC 1274: 109999ebb4caSwyllys * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) } 110099ebb4caSwyllys */ 110199ebb4caSwyllys #define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 110299ebb4caSwyllys #define OID_PILOT_LENGTH 9 110399ebb4caSwyllys 110499ebb4caSwyllys #define OID_USERID OID_PILOT 1 110599ebb4caSwyllys #define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1) 110699ebb4caSwyllys 110799ebb4caSwyllys /* 110899ebb4caSwyllys * From PKIX part1 110999ebb4caSwyllys * { iso(1) identified-organization(3) dod(6) internet(1) 111099ebb4caSwyllys * security(5) mechanisms(5) pkix(7) } 111199ebb4caSwyllys */ 111299ebb4caSwyllys #define OID_PKIX 43, 6, 1, 5, 5, 7 111399ebb4caSwyllys #define OID_PKIX_LENGTH 6 111499ebb4caSwyllys 111599ebb4caSwyllys /* private certificate extensions, { id-pkix 1 } */ 111699ebb4caSwyllys #define OID_PKIX_PE OID_PKIX, 1 111799ebb4caSwyllys #define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1) 111899ebb4caSwyllys 111999ebb4caSwyllys /* policy qualifier types {id-pkix 2 } */ 112099ebb4caSwyllys #define OID_PKIX_QT OID_PKIX, 2 112199ebb4caSwyllys #define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1) 112299ebb4caSwyllys 112399ebb4caSwyllys /* CPS qualifier, { id-qt 1 } */ 112499ebb4caSwyllys #define OID_PKIX_QT_CPS OID_PKIX_QT, 1 112599ebb4caSwyllys #define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1) 112699ebb4caSwyllys /* user notice qualifier, { id-qt 2 } */ 112799ebb4caSwyllys #define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2 112899ebb4caSwyllys #define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1) 112999ebb4caSwyllys 113099ebb4caSwyllys /* extended key purpose OIDs {id-pkix 3 } */ 113199ebb4caSwyllys #define OID_PKIX_KP OID_PKIX, 3 113299ebb4caSwyllys #define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1) 113399ebb4caSwyllys 113499ebb4caSwyllys /* access descriptors {id-pkix 4 } */ 113599ebb4caSwyllys #define OID_PKIX_AD OID_PKIX, 48 113699ebb4caSwyllys #define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1) 113799ebb4caSwyllys 113899ebb4caSwyllys /* access descriptors */ 113999ebb4caSwyllys /* OCSP */ 114099ebb4caSwyllys #define OID_PKIX_AD_OCSP OID_PKIX_AD, 1 114199ebb4caSwyllys #define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1) 114299ebb4caSwyllys 114399ebb4caSwyllys /* cAIssuers */ 114499ebb4caSwyllys #define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2 114599ebb4caSwyllys #define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1) 114699ebb4caSwyllys 114799ebb4caSwyllys /* end PKIX part1 */ 114899ebb4caSwyllys #define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4 114999ebb4caSwyllys #define OID_APPL_TCP_PROTO_LENGTH 8 115099ebb4caSwyllys 115199ebb4caSwyllys #define OID_DAP OID_DS, 3, 1 115299ebb4caSwyllys #define OID_DAP_LENGTH (OID_DS_LENGTH + 2) 115399ebb4caSwyllys 115499ebb4caSwyllys /* From x9.57 */ 115599ebb4caSwyllys #define OID_OIW_LENGTH 2 115699ebb4caSwyllys 115799ebb4caSwyllys #define OID_OIW_SECSIG OID_OIW, 3 115899ebb4caSwyllys #define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1) 115999ebb4caSwyllys 116099ebb4caSwyllys #define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 116199ebb4caSwyllys #define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1) 116299ebb4caSwyllys 116399ebb4caSwyllys #define OID_OIWDIR OID_OIW, 7, 2 116499ebb4caSwyllys #define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2) 116599ebb4caSwyllys 116699ebb4caSwyllys #define OID_OIWDIR_CRPT OID_OIWDIR, 1 116799ebb4caSwyllys 116899ebb4caSwyllys #define OID_OIWDIR_HASH OID_OIWDIR, 2 116999ebb4caSwyllys #define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1) 117099ebb4caSwyllys 117199ebb4caSwyllys #define OID_OIWDIR_SIGN OID_OIWDIR, 3 117299ebb4caSwyllys #define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1) 117399ebb4caSwyllys 117499ebb4caSwyllys #define OID_X9CM OID_US, 206, 56 117599ebb4caSwyllys #define OID_X9CM_MODULE OID_X9CM, 1 117699ebb4caSwyllys #define OID_X9CM_INSTRUCTION OID_X9CM, 2 117799ebb4caSwyllys #define OID_X9CM_ATTR OID_X9CM, 3 117899ebb4caSwyllys #define OID_X9CM_X9ALGORITHM OID_X9CM, 4 117999ebb4caSwyllys #define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1) 118099ebb4caSwyllys 118199ebb4caSwyllys #define INTEL 96, 134, 72, 1, 134, 248, 77 118299ebb4caSwyllys #define INTEL_LENGTH 7 118399ebb4caSwyllys 118499ebb4caSwyllys #define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 118599ebb4caSwyllys #define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) 118699ebb4caSwyllys 118799ebb4caSwyllys #define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 118899ebb4caSwyllys #define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) 118999ebb4caSwyllys 119099ebb4caSwyllys extern const KMF_OID 119199ebb4caSwyllys KMFOID_AliasedEntryName, 119299ebb4caSwyllys KMFOID_AuthorityRevocationList, 119399ebb4caSwyllys KMFOID_BusinessCategory, 119499ebb4caSwyllys KMFOID_CACertificate, 119599ebb4caSwyllys KMFOID_CertificateRevocationList, 119699ebb4caSwyllys KMFOID_ChallengePassword, 119799ebb4caSwyllys KMFOID_CollectiveFacsimileTelephoneNumber, 119899ebb4caSwyllys KMFOID_CollectiveInternationalISDNNumber, 119999ebb4caSwyllys KMFOID_CollectiveOrganizationName, 120099ebb4caSwyllys KMFOID_CollectiveOrganizationalUnitName, 120199ebb4caSwyllys KMFOID_CollectivePhysicalDeliveryOfficeName, 120299ebb4caSwyllys KMFOID_CollectivePostOfficeBox, 120399ebb4caSwyllys KMFOID_CollectivePostalAddress, 120499ebb4caSwyllys KMFOID_CollectivePostalCode, 120599ebb4caSwyllys KMFOID_CollectiveStateProvinceName, 120699ebb4caSwyllys KMFOID_CollectiveStreetAddress, 120799ebb4caSwyllys KMFOID_CollectiveTelephoneNumber, 120899ebb4caSwyllys KMFOID_CollectiveTelexNumber, 120999ebb4caSwyllys KMFOID_CollectiveTelexTerminalIdentifier, 121099ebb4caSwyllys KMFOID_CommonName, 121199ebb4caSwyllys KMFOID_ContentType, 121299ebb4caSwyllys KMFOID_CounterSignature, 121399ebb4caSwyllys KMFOID_CountryName, 121499ebb4caSwyllys KMFOID_CrossCertificatePair, 121599ebb4caSwyllys KMFOID_DNQualifier, 121699ebb4caSwyllys KMFOID_Description, 121799ebb4caSwyllys KMFOID_DestinationIndicator, 121899ebb4caSwyllys KMFOID_DistinguishedName, 121999ebb4caSwyllys KMFOID_EmailAddress, 122099ebb4caSwyllys KMFOID_EnhancedSearchGuide, 122199ebb4caSwyllys KMFOID_ExtendedCertificateAttributes, 122299ebb4caSwyllys KMFOID_ExtensionRequest, 122399ebb4caSwyllys KMFOID_FacsimileTelephoneNumber, 122499ebb4caSwyllys KMFOID_GenerationQualifier, 122599ebb4caSwyllys KMFOID_GivenName, 122699ebb4caSwyllys KMFOID_HouseIdentifier, 122799ebb4caSwyllys KMFOID_Initials, 122899ebb4caSwyllys KMFOID_InternationalISDNNumber, 122999ebb4caSwyllys KMFOID_KnowledgeInformation, 123099ebb4caSwyllys KMFOID_LocalityName, 123199ebb4caSwyllys KMFOID_Member, 123299ebb4caSwyllys KMFOID_MessageDigest, 123399ebb4caSwyllys KMFOID_Name, 123499ebb4caSwyllys KMFOID_ObjectClass, 123599ebb4caSwyllys KMFOID_OrganizationName, 123699ebb4caSwyllys KMFOID_OrganizationalUnitName, 123799ebb4caSwyllys KMFOID_Owner, 123899ebb4caSwyllys KMFOID_PhysicalDeliveryOfficeName, 123999ebb4caSwyllys KMFOID_PostOfficeBox, 124099ebb4caSwyllys KMFOID_PostalAddress, 124199ebb4caSwyllys KMFOID_PostalCode, 124299ebb4caSwyllys KMFOID_PreferredDeliveryMethod, 124399ebb4caSwyllys KMFOID_PresentationAddress, 124499ebb4caSwyllys KMFOID_ProtocolInformation, 124599ebb4caSwyllys KMFOID_RFC822mailbox, 124699ebb4caSwyllys KMFOID_RegisteredAddress, 124799ebb4caSwyllys KMFOID_RoleOccupant, 124899ebb4caSwyllys KMFOID_SearchGuide, 124999ebb4caSwyllys KMFOID_SeeAlso, 125099ebb4caSwyllys KMFOID_SerialNumber, 125199ebb4caSwyllys KMFOID_SigningTime, 125299ebb4caSwyllys KMFOID_StateProvinceName, 125399ebb4caSwyllys KMFOID_StreetAddress, 125499ebb4caSwyllys KMFOID_SupportedApplicationContext, 125599ebb4caSwyllys KMFOID_Surname, 125699ebb4caSwyllys KMFOID_TelephoneNumber, 125799ebb4caSwyllys KMFOID_TelexNumber, 125899ebb4caSwyllys KMFOID_TelexTerminalIdentifier, 125999ebb4caSwyllys KMFOID_Title, 126099ebb4caSwyllys KMFOID_UniqueIdentifier, 126199ebb4caSwyllys KMFOID_UniqueMember, 126299ebb4caSwyllys KMFOID_UnstructuredAddress, 126399ebb4caSwyllys KMFOID_UnstructuredName, 126499ebb4caSwyllys KMFOID_UserCertificate, 126599ebb4caSwyllys KMFOID_UserPassword, 126699ebb4caSwyllys KMFOID_X_121Address, 126799ebb4caSwyllys KMFOID_domainComponent, 126899ebb4caSwyllys KMFOID_userid; 126999ebb4caSwyllys 127099ebb4caSwyllys extern const KMF_OID 127199ebb4caSwyllys KMFOID_AuthorityKeyID, 127299ebb4caSwyllys KMFOID_AuthorityInfoAccess, 127399ebb4caSwyllys KMFOID_VerisignCertificatePolicy, 127499ebb4caSwyllys KMFOID_KeyUsageRestriction, 127599ebb4caSwyllys KMFOID_SubjectDirectoryAttributes, 127699ebb4caSwyllys KMFOID_SubjectKeyIdentifier, 127799ebb4caSwyllys KMFOID_KeyUsage, 127899ebb4caSwyllys KMFOID_PrivateKeyUsagePeriod, 127999ebb4caSwyllys KMFOID_SubjectAltName, 128099ebb4caSwyllys KMFOID_IssuerAltName, 128199ebb4caSwyllys KMFOID_BasicConstraints, 128299ebb4caSwyllys KMFOID_CrlNumber, 128399ebb4caSwyllys KMFOID_CrlReason, 128499ebb4caSwyllys KMFOID_HoldInstructionCode, 128599ebb4caSwyllys KMFOID_InvalidityDate, 128699ebb4caSwyllys KMFOID_DeltaCrlIndicator, 128799ebb4caSwyllys KMFOID_IssuingDistributionPoints, 128899ebb4caSwyllys KMFOID_NameConstraints, 128999ebb4caSwyllys KMFOID_CrlDistributionPoints, 129099ebb4caSwyllys KMFOID_CertificatePolicies, 129199ebb4caSwyllys KMFOID_PolicyMappings, 129299ebb4caSwyllys KMFOID_PolicyConstraints, 129399ebb4caSwyllys KMFOID_AuthorityKeyIdentifier, 129499ebb4caSwyllys KMFOID_ExtendedKeyUsage, 129599ebb4caSwyllys KMFOID_PkixAdOcsp, 129699ebb4caSwyllys KMFOID_PkixAdCaIssuers, 129799ebb4caSwyllys KMFOID_PKIX_PQ_CPSuri, 129899ebb4caSwyllys KMFOID_PKIX_PQ_Unotice, 129999ebb4caSwyllys KMFOID_PKIX_KP_ServerAuth, 130099ebb4caSwyllys KMFOID_PKIX_KP_ClientAuth, 130199ebb4caSwyllys KMFOID_PKIX_KP_CodeSigning, 130299ebb4caSwyllys KMFOID_PKIX_KP_EmailProtection, 130399ebb4caSwyllys KMFOID_PKIX_KP_IPSecEndSystem, 130499ebb4caSwyllys KMFOID_PKIX_KP_IPSecTunnel, 130599ebb4caSwyllys KMFOID_PKIX_KP_IPSecUser, 130699ebb4caSwyllys KMFOID_PKIX_KP_TimeStamping, 130702744e81Swyllys KMFOID_PKIX_KP_OCSPSigning, 130802744e81Swyllys KMFOID_SHA1, 130902744e81Swyllys KMFOID_RSA, 131002744e81Swyllys KMFOID_DSA, 131102744e81Swyllys KMFOID_MD5WithRSA, 131202744e81Swyllys KMFOID_MD2WithRSA, 131302744e81Swyllys KMFOID_SHA1WithRSA, 131402744e81Swyllys KMFOID_SHA1WithDSA, 131502744e81Swyllys KMFOID_OIW_DSAWithSHA1, 131602744e81Swyllys KMFOID_X9CM_DSA, 131702744e81Swyllys KMFOID_X9CM_DSAWithSHA1; 131899ebb4caSwyllys 131999ebb4caSwyllys /* 132099ebb4caSwyllys * KMF Certificate validation codes. These may be masked together. 132199ebb4caSwyllys */ 132299ebb4caSwyllys #define KMF_CERT_VALIDATE_OK 0x00 132399ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_TA 0x01 132499ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_USER 0x02 132599ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04 132699ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08 132799ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10 132899ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_TIME 0x20 132999ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_CRL 0x40 133099ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_OCSP 0x80 133199ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_ISSUER 0x100 133299ebb4caSwyllys 133399ebb4caSwyllys /* 133499ebb4caSwyllys * KMF Key Usage bitmasks 133599ebb4caSwyllys */ 133699ebb4caSwyllys #define KMF_digitalSignature 0x8000 133799ebb4caSwyllys #define KMF_nonRepudiation 0x4000 133899ebb4caSwyllys #define KMF_keyEncipherment 0x2000 133999ebb4caSwyllys #define KMF_dataEncipherment 0x1000 134099ebb4caSwyllys #define KMF_keyAgreement 0x0800 134199ebb4caSwyllys #define KMF_keyCertSign 0x0400 134299ebb4caSwyllys #define KMF_cRLSign 0x0200 134399ebb4caSwyllys #define KMF_encipherOnly 0x0100 134499ebb4caSwyllys #define KMF_decipherOnly 0x0080 134599ebb4caSwyllys 134699ebb4caSwyllys #define KMF_KUBITMASK 0xFF80 134799ebb4caSwyllys 134899ebb4caSwyllys /* 134999ebb4caSwyllys * KMF Extended KeyUsage OID definitions 135099ebb4caSwyllys */ 135199ebb4caSwyllys #define KMF_EKU_SERVERAUTH 0x01 135299ebb4caSwyllys #define KMF_EKU_CLIENTAUTH 0x02 135399ebb4caSwyllys #define KMF_EKU_CODESIGNING 0x04 135499ebb4caSwyllys #define KMF_EKU_EMAIL 0x08 135599ebb4caSwyllys #define KMF_EKU_TIMESTAMP 0x10 135699ebb4caSwyllys #define KMF_EKU_OCSPSIGNING 0x20 135799ebb4caSwyllys 135899ebb4caSwyllys 135999ebb4caSwyllys #ifdef __cplusplus 136099ebb4caSwyllys } 136199ebb4caSwyllys #endif 136299ebb4caSwyllys #endif /* _KMFTYPES_H */ 1363