199ebb4caSwyllys /* 29a767088Shaimay * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. 399ebb4caSwyllys */ 499ebb4caSwyllys /* 5269e59f9SJan Pechanec * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 699ebb4caSwyllys */ 799ebb4caSwyllys 899ebb4caSwyllys #ifndef _KMFTYPES_H 999ebb4caSwyllys #define _KMFTYPES_H 1099ebb4caSwyllys 1199ebb4caSwyllys #include <sys/types.h> 1299ebb4caSwyllys #include <stdlib.h> 1399ebb4caSwyllys #include <strings.h> 1499ebb4caSwyllys #include <pthread.h> 1599ebb4caSwyllys 1699ebb4caSwyllys #include <security/cryptoki.h> 1799ebb4caSwyllys 1899ebb4caSwyllys #ifdef __cplusplus 1999ebb4caSwyllys extern "C" { 2099ebb4caSwyllys #endif 2199ebb4caSwyllys 2299ebb4caSwyllys typedef uint32_t KMF_BOOL; 2399ebb4caSwyllys 2499ebb4caSwyllys #define KMF_FALSE (0) 2599ebb4caSwyllys #define KMF_TRUE (1) 2699ebb4caSwyllys 2799ebb4caSwyllys /* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */ 2899ebb4caSwyllys typedef struct _kmf_handle *KMF_HANDLE_T; 2999ebb4caSwyllys 3099ebb4caSwyllys /* 3199ebb4caSwyllys * KMF_DATA 3299ebb4caSwyllys * The KMF_DATA structure is used to associate a length, in bytes, with 3399ebb4caSwyllys * an arbitrary block of contiguous memory. 3499ebb4caSwyllys */ 3599ebb4caSwyllys typedef struct kmf_data 3699ebb4caSwyllys { 3799ebb4caSwyllys size_t Length; /* in bytes */ 3899ebb4caSwyllys uchar_t *Data; 3999ebb4caSwyllys } KMF_DATA; 4099ebb4caSwyllys 4199ebb4caSwyllys typedef struct { 4299ebb4caSwyllys uchar_t *val; 4399ebb4caSwyllys size_t len; 4499ebb4caSwyllys } KMF_BIGINT; 4599ebb4caSwyllys 4699ebb4caSwyllys /* 4799ebb4caSwyllys * KMF_OID 4899ebb4caSwyllys * The object identifier (OID) structure is used to hold a unique identifier for 4999ebb4caSwyllys * the atomic data fields and the compound substructure that comprise the fields 5099ebb4caSwyllys * of a certificate or CRL. 5199ebb4caSwyllys */ 5299ebb4caSwyllys typedef KMF_DATA KMF_OID; 5399ebb4caSwyllys 5499ebb4caSwyllys typedef struct kmf_x509_private { 5599ebb4caSwyllys int keystore_type; 5699ebb4caSwyllys int flags; /* see below */ 5799ebb4caSwyllys char *label; 5899ebb4caSwyllys #define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */ 5999ebb4caSwyllys #define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */ 6030a5e8faSwyllys } KMF_X509_PRIVATE; 6199ebb4caSwyllys 6299ebb4caSwyllys /* 6399ebb4caSwyllys * KMF_X509_DER_CERT 6499ebb4caSwyllys * This structure associates packed DER certificate data. 6599ebb4caSwyllys * Also, it contains the private information internal used 6699ebb4caSwyllys * by KMF layer. 6799ebb4caSwyllys */ 6899ebb4caSwyllys typedef struct 6999ebb4caSwyllys { 7099ebb4caSwyllys KMF_DATA certificate; 7199ebb4caSwyllys KMF_X509_PRIVATE kmf_private; 7299ebb4caSwyllys } KMF_X509_DER_CERT; 7399ebb4caSwyllys 74431deaa0Shylee typedef int KMF_KEYSTORE_TYPE; 75431deaa0Shylee #define KMF_KEYSTORE_NSS 1 76431deaa0Shylee #define KMF_KEYSTORE_OPENSSL 2 77431deaa0Shylee #define KMF_KEYSTORE_PK11TOKEN 3 7899ebb4caSwyllys 79431deaa0Shylee #define VALID_DEFAULT_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\ 8099ebb4caSwyllys (t <= KMF_KEYSTORE_PK11TOKEN)) 8199ebb4caSwyllys 8299ebb4caSwyllys typedef enum { 8399ebb4caSwyllys KMF_FORMAT_UNDEF = 0, 8499ebb4caSwyllys KMF_FORMAT_ASN1 = 1, /* DER */ 8599ebb4caSwyllys KMF_FORMAT_PEM = 2, 8699ebb4caSwyllys KMF_FORMAT_PKCS12 = 3, 8771593db2Swyllys KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */ 8871593db2Swyllys KMF_FORMAT_PEM_KEYPAIR = 5 8999ebb4caSwyllys } KMF_ENCODE_FORMAT; 9030a5e8faSwyllys 9171593db2Swyllys #define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF 9299ebb4caSwyllys 9399ebb4caSwyllys typedef enum { 9499ebb4caSwyllys KMF_ALL_CERTS = 0, 9599ebb4caSwyllys KMF_NONEXPIRED_CERTS = 1, 9699ebb4caSwyllys KMF_EXPIRED_CERTS = 2 9799ebb4caSwyllys } KMF_CERT_VALIDITY; 9899ebb4caSwyllys 9930a5e8faSwyllys 10030a5e8faSwyllys typedef enum { 10130a5e8faSwyllys KMF_ALL_EXTNS = 0, 10230a5e8faSwyllys KMF_CRITICAL_EXTNS = 1, 10330a5e8faSwyllys KMF_NONCRITICAL_EXTNS = 2 10430a5e8faSwyllys } KMF_FLAG_CERT_EXTN; 10530a5e8faSwyllys 10630a5e8faSwyllys 10799ebb4caSwyllys typedef enum { 10899ebb4caSwyllys KMF_KU_SIGN_CERT = 0, 10999ebb4caSwyllys KMF_KU_SIGN_DATA = 1, 11099ebb4caSwyllys KMF_KU_ENCRYPT_DATA = 2 11199ebb4caSwyllys } KMF_KU_PURPOSE; 11299ebb4caSwyllys 11302744e81Swyllys /* 11402744e81Swyllys * Algorithms 11502744e81Swyllys * This type defines a set of constants used to identify cryptographic 11602744e81Swyllys * algorithms. 117e65e5c2dSWyllys Ingersoll * 118e65e5c2dSWyllys Ingersoll * When adding new ALGID, be careful not to rearrange existing 119e65e5c2dSWyllys Ingersoll * values, doing so can cause problem in the STC test suite. 12002744e81Swyllys */ 12102744e81Swyllys typedef enum { 12202744e81Swyllys KMF_ALGID_NONE = 0, 12302744e81Swyllys KMF_ALGID_CUSTOM, 12402744e81Swyllys KMF_ALGID_SHA1, 12502744e81Swyllys KMF_ALGID_RSA, 12602744e81Swyllys KMF_ALGID_DSA, 12702744e81Swyllys KMF_ALGID_MD5WithRSA, 12802744e81Swyllys KMF_ALGID_MD2WithRSA, 12902744e81Swyllys KMF_ALGID_SHA1WithRSA, 130e65e5c2dSWyllys Ingersoll KMF_ALGID_SHA1WithDSA, 131e65e5c2dSWyllys Ingersoll 132e65e5c2dSWyllys Ingersoll KMF_ALGID_ECDSA, 133e65e5c2dSWyllys Ingersoll 134e65e5c2dSWyllys Ingersoll KMF_ALGID_SHA256WithRSA, 135e65e5c2dSWyllys Ingersoll KMF_ALGID_SHA384WithRSA, 136e65e5c2dSWyllys Ingersoll KMF_ALGID_SHA512WithRSA, 137e65e5c2dSWyllys Ingersoll 138e65e5c2dSWyllys Ingersoll KMF_ALGID_SHA256WithDSA, 139e65e5c2dSWyllys Ingersoll 140e65e5c2dSWyllys Ingersoll KMF_ALGID_SHA1WithECDSA, 141e65e5c2dSWyllys Ingersoll KMF_ALGID_SHA256WithECDSA, 142e65e5c2dSWyllys Ingersoll KMF_ALGID_SHA384WithECDSA, 143e65e5c2dSWyllys Ingersoll KMF_ALGID_SHA512WithECDSA 14402744e81Swyllys } KMF_ALGORITHM_INDEX; 14599ebb4caSwyllys 14699ebb4caSwyllys /* 14799ebb4caSwyllys * Generic credential structure used by other structures below 14899ebb4caSwyllys * to convey authentication information to the underlying 14999ebb4caSwyllys * mechanisms. 15099ebb4caSwyllys */ 15199ebb4caSwyllys typedef struct { 15299ebb4caSwyllys char *cred; 15399ebb4caSwyllys uint32_t credlen; 15499ebb4caSwyllys } KMF_CREDENTIAL; 15599ebb4caSwyllys 15699ebb4caSwyllys typedef enum { 15799ebb4caSwyllys KMF_KEYALG_NONE = 0, 15899ebb4caSwyllys KMF_RSA = 1, 15999ebb4caSwyllys KMF_DSA = 2, 16099ebb4caSwyllys KMF_AES = 3, 16199ebb4caSwyllys KMF_RC4 = 4, 16299ebb4caSwyllys KMF_DES = 5, 163c197cb9dShylee KMF_DES3 = 6, 164e65e5c2dSWyllys Ingersoll KMF_GENERIC_SECRET = 7, 165e65e5c2dSWyllys Ingersoll KMF_ECDSA = 8 16699ebb4caSwyllys }KMF_KEY_ALG; 16799ebb4caSwyllys 16899ebb4caSwyllys typedef enum { 16999ebb4caSwyllys KMF_KEYCLASS_NONE = 0, 17099ebb4caSwyllys KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */ 17199ebb4caSwyllys KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */ 17299ebb4caSwyllys KMF_SYMMETRIC = 3 /* symmetric key */ 17399ebb4caSwyllys }KMF_KEY_CLASS; 17499ebb4caSwyllys 17599ebb4caSwyllys typedef enum { 17699ebb4caSwyllys KMF_CERT = 0, 17799ebb4caSwyllys KMF_CSR = 1, 17899ebb4caSwyllys KMF_CRL = 2 17999ebb4caSwyllys }KMF_OBJECT_TYPE; 18099ebb4caSwyllys 18199ebb4caSwyllys typedef struct { 18299ebb4caSwyllys KMF_BIGINT mod; 18399ebb4caSwyllys KMF_BIGINT pubexp; 18499ebb4caSwyllys KMF_BIGINT priexp; 18599ebb4caSwyllys KMF_BIGINT prime1; 18699ebb4caSwyllys KMF_BIGINT prime2; 18799ebb4caSwyllys KMF_BIGINT exp1; 18899ebb4caSwyllys KMF_BIGINT exp2; 18999ebb4caSwyllys KMF_BIGINT coef; 19099ebb4caSwyllys } KMF_RAW_RSA_KEY; 19199ebb4caSwyllys 19299ebb4caSwyllys typedef struct { 19399ebb4caSwyllys KMF_BIGINT prime; 19499ebb4caSwyllys KMF_BIGINT subprime; 19599ebb4caSwyllys KMF_BIGINT base; 19699ebb4caSwyllys KMF_BIGINT value; 19730a5e8faSwyllys KMF_BIGINT pubvalue; 19899ebb4caSwyllys } KMF_RAW_DSA_KEY; 19999ebb4caSwyllys 20099ebb4caSwyllys typedef struct { 20199ebb4caSwyllys KMF_BIGINT keydata; 20299ebb4caSwyllys } KMF_RAW_SYM_KEY; 20399ebb4caSwyllys 204e65e5c2dSWyllys Ingersoll typedef struct { 205e65e5c2dSWyllys Ingersoll KMF_BIGINT value; 206e65e5c2dSWyllys Ingersoll KMF_OID params; 207e65e5c2dSWyllys Ingersoll } KMF_RAW_EC_KEY; 208e65e5c2dSWyllys Ingersoll 20999ebb4caSwyllys typedef struct { 21030a5e8faSwyllys KMF_KEY_ALG keytype; 21130a5e8faSwyllys boolean_t sensitive; 21230a5e8faSwyllys boolean_t not_extractable; 21399ebb4caSwyllys union { 21499ebb4caSwyllys KMF_RAW_RSA_KEY rsa; 21599ebb4caSwyllys KMF_RAW_DSA_KEY dsa; 21699ebb4caSwyllys KMF_RAW_SYM_KEY sym; 217e65e5c2dSWyllys Ingersoll KMF_RAW_EC_KEY ec; 21899ebb4caSwyllys }rawdata; 2195b3e1433Swyllys char *label; 2205b3e1433Swyllys KMF_DATA id; 22199ebb4caSwyllys } KMF_RAW_KEY_DATA; 22299ebb4caSwyllys 22399ebb4caSwyllys typedef struct { 22499ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 22599ebb4caSwyllys KMF_KEY_ALG keyalg; 22699ebb4caSwyllys KMF_KEY_CLASS keyclass; 22799ebb4caSwyllys boolean_t israw; 22899ebb4caSwyllys char *keylabel; 22999ebb4caSwyllys void *keyp; 23099ebb4caSwyllys } KMF_KEY_HANDLE; 23199ebb4caSwyllys 23299ebb4caSwyllys typedef struct { 23399ebb4caSwyllys KMF_KEYSTORE_TYPE kstype; 23499ebb4caSwyllys uint32_t errcode; 23599ebb4caSwyllys } KMF_ERROR; 23699ebb4caSwyllys 23799ebb4caSwyllys /* 23899ebb4caSwyllys * Typenames to use with subjectAltName 23999ebb4caSwyllys */ 24099ebb4caSwyllys typedef enum { 24199ebb4caSwyllys GENNAME_OTHERNAME = 0x00, 24299ebb4caSwyllys GENNAME_RFC822NAME, 24399ebb4caSwyllys GENNAME_DNSNAME, 24499ebb4caSwyllys GENNAME_X400ADDRESS, 24599ebb4caSwyllys GENNAME_DIRECTORYNAME, 24699ebb4caSwyllys GENNAME_EDIPARTYNAME, 24799ebb4caSwyllys GENNAME_URI, 24899ebb4caSwyllys GENNAME_IPADDRESS, 249d00756ccSwyllys GENNAME_REGISTEREDID, 250d00756ccSwyllys GENNAME_KRB5PRINC, 251d00756ccSwyllys GENNAME_SCLOGON_UPN 25299ebb4caSwyllys } KMF_GENERALNAMECHOICES; 25399ebb4caSwyllys 25499ebb4caSwyllys /* 25599ebb4caSwyllys * KMF_FIELD 25699ebb4caSwyllys * This structure contains the OID/value pair for any item that can be 25799ebb4caSwyllys * identified by an OID. 25899ebb4caSwyllys */ 25999ebb4caSwyllys typedef struct 26099ebb4caSwyllys { 26199ebb4caSwyllys KMF_OID FieldOid; 26299ebb4caSwyllys KMF_DATA FieldValue; 26399ebb4caSwyllys } KMF_FIELD; 26499ebb4caSwyllys 26599ebb4caSwyllys typedef enum { 26699ebb4caSwyllys KMF_OK = 0x00, 26799ebb4caSwyllys KMF_ERR_BAD_PARAMETER = 0x01, 26899ebb4caSwyllys KMF_ERR_BAD_KEY_FORMAT = 0x02, 26999ebb4caSwyllys KMF_ERR_BAD_ALGORITHM = 0x03, 27099ebb4caSwyllys KMF_ERR_MEMORY = 0x04, 27199ebb4caSwyllys KMF_ERR_ENCODING = 0x05, 27299ebb4caSwyllys KMF_ERR_PLUGIN_INIT = 0x06, 27399ebb4caSwyllys KMF_ERR_PLUGIN_NOTFOUND = 0x07, 27499ebb4caSwyllys KMF_ERR_INTERNAL = 0x0b, 27599ebb4caSwyllys KMF_ERR_BAD_CERT_FORMAT = 0x0c, 27699ebb4caSwyllys KMF_ERR_KEYGEN_FAILED = 0x0d, 27799ebb4caSwyllys KMF_ERR_UNINITIALIZED = 0x10, 27899ebb4caSwyllys KMF_ERR_ISSUER = 0x11, 27999ebb4caSwyllys KMF_ERR_NOT_REVOKED = 0x12, 28099ebb4caSwyllys KMF_ERR_CERT_NOT_FOUND = 0x13, 28199ebb4caSwyllys KMF_ERR_CRL_NOT_FOUND = 0x14, 28299ebb4caSwyllys KMF_ERR_RDN_PARSER = 0x15, 28399ebb4caSwyllys KMF_ERR_RDN_ATTR = 0x16, 28499ebb4caSwyllys KMF_ERR_SLOTNAME = 0x17, 28599ebb4caSwyllys KMF_ERR_EMPTY_CRL = 0x18, 28699ebb4caSwyllys KMF_ERR_BUFFER_SIZE = 0x19, 28799ebb4caSwyllys KMF_ERR_AUTH_FAILED = 0x1a, 28899ebb4caSwyllys KMF_ERR_TOKEN_SELECTED = 0x1b, 28999ebb4caSwyllys KMF_ERR_NO_TOKEN_SELECTED = 0x1c, 29099ebb4caSwyllys KMF_ERR_TOKEN_NOT_PRESENT = 0x1d, 29199ebb4caSwyllys KMF_ERR_EXTENSION_NOT_FOUND = 0x1e, 29299ebb4caSwyllys KMF_ERR_POLICY_ENGINE = 0x1f, 29399ebb4caSwyllys KMF_ERR_POLICY_DB_FORMAT = 0x20, 29499ebb4caSwyllys KMF_ERR_POLICY_NOT_FOUND = 0x21, 29599ebb4caSwyllys KMF_ERR_POLICY_DB_FILE = 0x22, 29699ebb4caSwyllys KMF_ERR_POLICY_NAME = 0x23, 29799ebb4caSwyllys KMF_ERR_OCSP_POLICY = 0x24, 29899ebb4caSwyllys KMF_ERR_TA_POLICY = 0x25, 29999ebb4caSwyllys KMF_ERR_KEY_NOT_FOUND = 0x26, 30099ebb4caSwyllys KMF_ERR_OPEN_FILE = 0x27, 30199ebb4caSwyllys KMF_ERR_OCSP_BAD_ISSUER = 0x28, 30299ebb4caSwyllys KMF_ERR_OCSP_BAD_CERT = 0x29, 30399ebb4caSwyllys KMF_ERR_OCSP_CREATE_REQUEST = 0x2a, 30499ebb4caSwyllys KMF_ERR_CONNECT_SERVER = 0x2b, 30599ebb4caSwyllys KMF_ERR_SEND_REQUEST = 0x2c, 30699ebb4caSwyllys KMF_ERR_OCSP_CERTID = 0x2d, 30799ebb4caSwyllys KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e, 30899ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f, 30999ebb4caSwyllys KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30, 31099ebb4caSwyllys KMF_ERR_OCSP_BAD_SIGNER = 0x31, 311431deaa0Shylee 31299ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32, 31399ebb4caSwyllys KMF_ERR_OCSP_UNKNOWN_CERT = 0x33, 31499ebb4caSwyllys KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34, 31599ebb4caSwyllys KMF_ERR_BAD_HTTP_RESPONSE = 0x35, 31699ebb4caSwyllys KMF_ERR_RECV_RESPONSE = 0x36, 31799ebb4caSwyllys KMF_ERR_RECV_TIMEOUT = 0x37, 31899ebb4caSwyllys KMF_ERR_DUPLICATE_KEYFILE = 0x38, 31999ebb4caSwyllys KMF_ERR_AMBIGUOUS_PATHNAME = 0x39, 32099ebb4caSwyllys KMF_ERR_FUNCTION_NOT_FOUND = 0x3a, 32199ebb4caSwyllys KMF_ERR_PKCS12_FORMAT = 0x3b, 32299ebb4caSwyllys KMF_ERR_BAD_KEY_TYPE = 0x3c, 32399ebb4caSwyllys KMF_ERR_BAD_KEY_CLASS = 0x3d, 32499ebb4caSwyllys KMF_ERR_BAD_KEY_SIZE = 0x3e, 32599ebb4caSwyllys KMF_ERR_BAD_HEX_STRING = 0x3f, 32699ebb4caSwyllys KMF_ERR_KEYUSAGE = 0x40, 32799ebb4caSwyllys KMF_ERR_VALIDITY_PERIOD = 0x41, 32899ebb4caSwyllys KMF_ERR_OCSP_REVOKED = 0x42, 32999ebb4caSwyllys KMF_ERR_CERT_MULTIPLE_FOUND = 0x43, 33099ebb4caSwyllys KMF_ERR_WRITE_FILE = 0x44, 33199ebb4caSwyllys KMF_ERR_BAD_URI = 0x45, 33299ebb4caSwyllys KMF_ERR_BAD_CRLFILE = 0x46, 33399ebb4caSwyllys KMF_ERR_BAD_CERTFILE = 0x47, 33499ebb4caSwyllys KMF_ERR_GETKEYVALUE_FAILED = 0x48, 33599ebb4caSwyllys KMF_ERR_BAD_KEYHANDLE = 0x49, 33699ebb4caSwyllys KMF_ERR_BAD_OBJECT_TYPE = 0x4a, 33799ebb4caSwyllys KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b, 33899ebb4caSwyllys KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c, 33999ebb4caSwyllys KMF_ERR_UNINITIALIZED_TOKEN = 0x4d, 34099ebb4caSwyllys KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e, 34199ebb4caSwyllys KMF_ERR_MISSING_ERRCODE = 0x4f, 34271593db2Swyllys KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50, 34371593db2Swyllys KMF_ERR_SENSITIVE_KEY = 0x51, 34471593db2Swyllys KMF_ERR_UNEXTRACTABLE_KEY = 0x52, 34530a5e8faSwyllys KMF_ERR_KEY_MISMATCH = 0x53, 346431deaa0Shylee KMF_ERR_ATTR_NOT_FOUND = 0x54, 347269e59f9SJan Pechanec KMF_ERR_KMF_CONF = 0x55, 348269e59f9SJan Pechanec KMF_ERR_NAME_NOT_MATCHED = 0x56, 349269e59f9SJan Pechanec KMF_ERR_MAPPER_OPEN = 0x57, 350269e59f9SJan Pechanec KMF_ERR_MAPPER_NOT_FOUND = 0x58, 351*fc2613b0SWyllys Ingersoll KMF_ERR_MAPPING_FAILED = 0x59, 352*fc2613b0SWyllys Ingersoll KMF_ERR_CERT_VALIDATION = 0x60 35399ebb4caSwyllys } KMF_RETURN; 35499ebb4caSwyllys 35530a5e8faSwyllys /* Data structures for OCSP support */ 35630a5e8faSwyllys typedef enum { 35730a5e8faSwyllys OCSP_GOOD = 0, 35830a5e8faSwyllys OCSP_REVOKED = 1, 35930a5e8faSwyllys OCSP_UNKNOWN = 2 36030a5e8faSwyllys } KMF_OCSP_CERT_STATUS; 36130a5e8faSwyllys 36299ebb4caSwyllys typedef enum { 36399ebb4caSwyllys OCSP_SUCCESS = 0, 36499ebb4caSwyllys OCSP_MALFORMED_REQUEST = 1, 36599ebb4caSwyllys OCSP_INTERNAL_ERROR = 2, 36699ebb4caSwyllys OCSP_TRYLATER = 3, 36799ebb4caSwyllys OCSP_SIGREQUIRED = 4, 36899ebb4caSwyllys OCSP_UNAUTHORIZED = 5 36999ebb4caSwyllys } KMF_OCSP_RESPONSE_STATUS; 37099ebb4caSwyllys 37199ebb4caSwyllys typedef enum { 37299ebb4caSwyllys OCSP_NOSTATUS = -1, 37399ebb4caSwyllys OCSP_UNSPECIFIED = 0, 37499ebb4caSwyllys OCSP_KEYCOMPROMISE = 1, 37599ebb4caSwyllys OCSP_CACOMPROMISE = 2, 37699ebb4caSwyllys OCSP_AFFILIATIONCHANGE = 3, 37799ebb4caSwyllys OCSP_SUPERCEDED = 4, 37899ebb4caSwyllys OCSP_CESSATIONOFOPERATION = 5, 37999ebb4caSwyllys OCSP_CERTIFICATEHOLD = 6, 38099ebb4caSwyllys OCSP_REMOVEFROMCRL = 7 38199ebb4caSwyllys } KMF_OCSP_REVOKED_STATUS; 38299ebb4caSwyllys 38399ebb4caSwyllys typedef enum { 38499ebb4caSwyllys KMF_CERT_ISSUER = 1, 38599ebb4caSwyllys KMF_CERT_SUBJECT, 38699ebb4caSwyllys KMF_CERT_VERSION, 38799ebb4caSwyllys KMF_CERT_SERIALNUM, 38899ebb4caSwyllys KMF_CERT_NOTBEFORE, 38999ebb4caSwyllys KMF_CERT_NOTAFTER, 39099ebb4caSwyllys KMF_CERT_PUBKEY_ALG, 39199ebb4caSwyllys KMF_CERT_SIGNATURE_ALG, 39299ebb4caSwyllys KMF_CERT_EMAIL, 39399ebb4caSwyllys KMF_CERT_PUBKEY_DATA, 39499ebb4caSwyllys KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD, 39599ebb4caSwyllys KMF_X509_EXT_CERT_POLICIES, 39699ebb4caSwyllys KMF_X509_EXT_SUBJ_ALTNAME, 39799ebb4caSwyllys KMF_X509_EXT_ISSUER_ALTNAME, 39899ebb4caSwyllys KMF_X509_EXT_BASIC_CONSTRAINTS, 39999ebb4caSwyllys KMF_X509_EXT_NAME_CONSTRAINTS, 40099ebb4caSwyllys KMF_X509_EXT_POLICY_CONSTRAINTS, 40199ebb4caSwyllys KMF_X509_EXT_EXT_KEY_USAGE, 40299ebb4caSwyllys KMF_X509_EXT_INHIBIT_ANY_POLICY, 40399ebb4caSwyllys KMF_X509_EXT_AUTH_KEY_ID, 40499ebb4caSwyllys KMF_X509_EXT_SUBJ_KEY_ID, 40599ebb4caSwyllys KMF_X509_EXT_POLICY_MAPPINGS, 40699ebb4caSwyllys KMF_X509_EXT_CRL_DIST_POINTS, 40799ebb4caSwyllys KMF_X509_EXT_FRESHEST_CRL, 40899ebb4caSwyllys KMF_X509_EXT_KEY_USAGE 40999ebb4caSwyllys } KMF_PRINTABLE_ITEM; 41099ebb4caSwyllys 41199ebb4caSwyllys /* 41299ebb4caSwyllys * KMF_X509_ALGORITHM_IDENTIFIER 41399ebb4caSwyllys * This structure holds an object identifier naming a 41499ebb4caSwyllys * cryptographic algorithm and an optional set of 41599ebb4caSwyllys * parameters to be used as input to that algorithm. 41699ebb4caSwyllys */ 41799ebb4caSwyllys typedef struct 41899ebb4caSwyllys { 41999ebb4caSwyllys KMF_OID algorithm; 42099ebb4caSwyllys KMF_DATA parameters; 42199ebb4caSwyllys } KMF_X509_ALGORITHM_IDENTIFIER; 42299ebb4caSwyllys 42399ebb4caSwyllys /* 42499ebb4caSwyllys * KMF_X509_TYPE_VALUE_PAIR 42599ebb4caSwyllys * This structure contain an type-value pair. 42699ebb4caSwyllys */ 42799ebb4caSwyllys typedef struct 42899ebb4caSwyllys { 42999ebb4caSwyllys KMF_OID type; 43099ebb4caSwyllys uint8_t valueType; /* The Tag to use when BER encoded */ 43199ebb4caSwyllys KMF_DATA value; 43299ebb4caSwyllys } KMF_X509_TYPE_VALUE_PAIR; 43399ebb4caSwyllys 43499ebb4caSwyllys 43599ebb4caSwyllys /* 43699ebb4caSwyllys * KMF_X509_RDN 43799ebb4caSwyllys * This structure contains a Relative Distinguished Name 43899ebb4caSwyllys * composed of an ordered set of type-value pairs. 43999ebb4caSwyllys */ 44099ebb4caSwyllys typedef struct 44199ebb4caSwyllys { 44299ebb4caSwyllys uint32_t numberOfPairs; 44399ebb4caSwyllys KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue; 44499ebb4caSwyllys } KMF_X509_RDN; 44599ebb4caSwyllys 44699ebb4caSwyllys /* 44799ebb4caSwyllys * KMF_X509_NAME 44899ebb4caSwyllys * This structure contains a set of Relative Distinguished Names. 44999ebb4caSwyllys */ 45099ebb4caSwyllys typedef struct 45199ebb4caSwyllys { 45299ebb4caSwyllys uint32_t numberOfRDNs; 45399ebb4caSwyllys KMF_X509_RDN *RelativeDistinguishedName; 45499ebb4caSwyllys } KMF_X509_NAME; 45599ebb4caSwyllys 45699ebb4caSwyllys /* 45799ebb4caSwyllys * KMF_X509_SPKI 45899ebb4caSwyllys * This structure contains the public key and the 45999ebb4caSwyllys * description of the verification algorithm 46099ebb4caSwyllys * appropriate for use with this key. 46199ebb4caSwyllys */ 46299ebb4caSwyllys typedef struct 46399ebb4caSwyllys { 46499ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER algorithm; 46599ebb4caSwyllys KMF_DATA subjectPublicKey; 46699ebb4caSwyllys } KMF_X509_SPKI; 46799ebb4caSwyllys 46899ebb4caSwyllys /* 46999ebb4caSwyllys * KMF_X509_TIME 47099ebb4caSwyllys * Time is represented as a string according to the 47199ebb4caSwyllys * definitions of GeneralizedTime and UTCTime 47299ebb4caSwyllys * defined in RFC 2459. 47399ebb4caSwyllys */ 47499ebb4caSwyllys typedef struct 47599ebb4caSwyllys { 47699ebb4caSwyllys uint8_t timeType; 47799ebb4caSwyllys KMF_DATA time; 47899ebb4caSwyllys } KMF_X509_TIME; 47999ebb4caSwyllys 48099ebb4caSwyllys /* 48199ebb4caSwyllys * KMF_X509_VALIDITY 48299ebb4caSwyllys */ 48399ebb4caSwyllys typedef struct 48499ebb4caSwyllys { 48599ebb4caSwyllys KMF_X509_TIME notBefore; 48699ebb4caSwyllys KMF_X509_TIME notAfter; 48799ebb4caSwyllys } KMF_X509_VALIDITY; 48899ebb4caSwyllys 48999ebb4caSwyllys /* 49099ebb4caSwyllys * KMF_X509EXT_BASICCONSTRAINTS 49199ebb4caSwyllys */ 49299ebb4caSwyllys typedef struct 49399ebb4caSwyllys { 49499ebb4caSwyllys KMF_BOOL cA; 49599ebb4caSwyllys KMF_BOOL pathLenConstraintPresent; 49699ebb4caSwyllys uint32_t pathLenConstraint; 49799ebb4caSwyllys } KMF_X509EXT_BASICCONSTRAINTS; 49899ebb4caSwyllys 49999ebb4caSwyllys /* 50099ebb4caSwyllys * KMF_X509EXT_DATA_FORMAT 50199ebb4caSwyllys * This list defines the valid formats for a certificate extension. 50299ebb4caSwyllys */ 50399ebb4caSwyllys typedef enum 50499ebb4caSwyllys { 50599ebb4caSwyllys KMF_X509_DATAFORMAT_ENCODED = 0, 50699ebb4caSwyllys KMF_X509_DATAFORMAT_PARSED, 50799ebb4caSwyllys KMF_X509_DATAFORMAT_PAIR 50899ebb4caSwyllys } KMF_X509EXT_DATA_FORMAT; 50999ebb4caSwyllys 51099ebb4caSwyllys 51199ebb4caSwyllys /* 51299ebb4caSwyllys * KMF_X509EXT_TAGandVALUE 51399ebb4caSwyllys * This structure contains a BER/DER encoded 51499ebb4caSwyllys * extension value and the type of that value. 51599ebb4caSwyllys */ 51699ebb4caSwyllys typedef struct 51799ebb4caSwyllys { 51899ebb4caSwyllys uint8_t type; 51999ebb4caSwyllys KMF_DATA value; 52099ebb4caSwyllys } KMF_X509EXT_TAGandVALUE; 52199ebb4caSwyllys 52299ebb4caSwyllys 52399ebb4caSwyllys /* 52499ebb4caSwyllys * KMF_X509EXT_PAIR 52599ebb4caSwyllys * This structure aggregates two extension representations: 52699ebb4caSwyllys * a tag and value, and a parsed X509 extension representation. 52799ebb4caSwyllys */ 52899ebb4caSwyllys typedef struct 52999ebb4caSwyllys { 53099ebb4caSwyllys KMF_X509EXT_TAGandVALUE tagAndValue; 53199ebb4caSwyllys void *parsedValue; 53299ebb4caSwyllys } KMF_X509EXT_PAIR; 53399ebb4caSwyllys 53499ebb4caSwyllys /* 53599ebb4caSwyllys * KMF_X509_EXTENSION 53699ebb4caSwyllys * This structure contains a complete certificate extension. 53799ebb4caSwyllys */ 53899ebb4caSwyllys typedef struct 53999ebb4caSwyllys { 54099ebb4caSwyllys KMF_OID extnId; 54199ebb4caSwyllys KMF_BOOL critical; 54299ebb4caSwyllys KMF_X509EXT_DATA_FORMAT format; 54399ebb4caSwyllys union 54499ebb4caSwyllys { 54599ebb4caSwyllys KMF_X509EXT_TAGandVALUE *tagAndValue; 54699ebb4caSwyllys void *parsedValue; 54799ebb4caSwyllys KMF_X509EXT_PAIR *valuePair; 54899ebb4caSwyllys } value; 54999ebb4caSwyllys KMF_DATA BERvalue; 55099ebb4caSwyllys } KMF_X509_EXTENSION; 55199ebb4caSwyllys 55299ebb4caSwyllys 55399ebb4caSwyllys /* 55499ebb4caSwyllys * KMF_X509_EXTENSIONS 55599ebb4caSwyllys * This structure contains the set of all certificate 55699ebb4caSwyllys * extensions contained in a certificate. 55799ebb4caSwyllys */ 55899ebb4caSwyllys typedef struct 55999ebb4caSwyllys { 56099ebb4caSwyllys uint32_t numberOfExtensions; 56199ebb4caSwyllys KMF_X509_EXTENSION *extensions; 56299ebb4caSwyllys } KMF_X509_EXTENSIONS; 56399ebb4caSwyllys 56499ebb4caSwyllys /* 56599ebb4caSwyllys * KMF_X509_TBS_CERT 56699ebb4caSwyllys * This structure contains a complete X.509 certificate. 56799ebb4caSwyllys */ 56899ebb4caSwyllys typedef struct 56999ebb4caSwyllys { 57099ebb4caSwyllys KMF_DATA version; 57199ebb4caSwyllys KMF_BIGINT serialNumber; 57299ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER signature; 57399ebb4caSwyllys KMF_X509_NAME issuer; 57499ebb4caSwyllys KMF_X509_VALIDITY validity; 57599ebb4caSwyllys KMF_X509_NAME subject; 57699ebb4caSwyllys KMF_X509_SPKI subjectPublicKeyInfo; 57799ebb4caSwyllys KMF_DATA issuerUniqueIdentifier; 57899ebb4caSwyllys KMF_DATA subjectUniqueIdentifier; 57999ebb4caSwyllys KMF_X509_EXTENSIONS extensions; 58099ebb4caSwyllys } KMF_X509_TBS_CERT; 58199ebb4caSwyllys 58299ebb4caSwyllys /* 58399ebb4caSwyllys * KMF_X509_SIGNATURE 58499ebb4caSwyllys * This structure contains a cryptographic digital signature. 58599ebb4caSwyllys */ 58699ebb4caSwyllys typedef struct 58799ebb4caSwyllys { 58899ebb4caSwyllys KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; 58999ebb4caSwyllys KMF_DATA encrypted; 59099ebb4caSwyllys } KMF_X509_SIGNATURE; 59199ebb4caSwyllys 59299ebb4caSwyllys /* 59399ebb4caSwyllys * KMF_X509_CERTIFICATE 59499ebb4caSwyllys * This structure associates a set of decoded certificate 59599ebb4caSwyllys * values with the signature covering those values. 59699ebb4caSwyllys */ 59799ebb4caSwyllys typedef struct 59899ebb4caSwyllys { 59999ebb4caSwyllys KMF_X509_TBS_CERT certificate; 60099ebb4caSwyllys KMF_X509_SIGNATURE signature; 60199ebb4caSwyllys } KMF_X509_CERTIFICATE; 60299ebb4caSwyllys 60399ebb4caSwyllys #define CERT_ALG_OID(c) &c->certificate.signature.algorithm 60499ebb4caSwyllys #define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm 60599ebb4caSwyllys 60699ebb4caSwyllys /* 60799ebb4caSwyllys * KMF_TBS_CSR 60899ebb4caSwyllys * This structure contains a complete PKCS#10 certificate request 60999ebb4caSwyllys */ 61099ebb4caSwyllys typedef struct 61199ebb4caSwyllys { 61299ebb4caSwyllys KMF_DATA version; 61399ebb4caSwyllys KMF_X509_NAME subject; 61499ebb4caSwyllys KMF_X509_SPKI subjectPublicKeyInfo; 61599ebb4caSwyllys KMF_X509_EXTENSIONS extensions; 61699ebb4caSwyllys } KMF_TBS_CSR; 61799ebb4caSwyllys 61899ebb4caSwyllys /* 61999ebb4caSwyllys * KMF_CSR_DATA 62099ebb4caSwyllys * This structure contains a complete PKCS#10 certificate signed request 62199ebb4caSwyllys */ 62299ebb4caSwyllys typedef struct 62399ebb4caSwyllys { 62499ebb4caSwyllys KMF_TBS_CSR csr; 62599ebb4caSwyllys KMF_X509_SIGNATURE signature; 62699ebb4caSwyllys } KMF_CSR_DATA; 62799ebb4caSwyllys 62899ebb4caSwyllys /* 62999ebb4caSwyllys * KMF_X509EXT_POLICYQUALIFIERINFO 63099ebb4caSwyllys */ 63199ebb4caSwyllys typedef struct 63299ebb4caSwyllys { 63399ebb4caSwyllys KMF_OID policyQualifierId; 63499ebb4caSwyllys KMF_DATA value; 63599ebb4caSwyllys } KMF_X509EXT_POLICYQUALIFIERINFO; 63699ebb4caSwyllys 63799ebb4caSwyllys /* 63899ebb4caSwyllys * KMF_X509EXT_POLICYQUALIFIERS 63999ebb4caSwyllys */ 64099ebb4caSwyllys typedef struct 64199ebb4caSwyllys { 64299ebb4caSwyllys uint32_t numberOfPolicyQualifiers; 64399ebb4caSwyllys KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier; 64499ebb4caSwyllys } KMF_X509EXT_POLICYQUALIFIERS; 64599ebb4caSwyllys 64699ebb4caSwyllys /* 64799ebb4caSwyllys * KMF_X509EXT_POLICYINFO 64899ebb4caSwyllys */ 64999ebb4caSwyllys typedef struct 65099ebb4caSwyllys { 65199ebb4caSwyllys KMF_OID policyIdentifier; 65299ebb4caSwyllys KMF_X509EXT_POLICYQUALIFIERS policyQualifiers; 65399ebb4caSwyllys } KMF_X509EXT_POLICYINFO; 65499ebb4caSwyllys 65599ebb4caSwyllys typedef struct 65699ebb4caSwyllys { 65799ebb4caSwyllys uint32_t numberOfPolicyInfo; 65899ebb4caSwyllys KMF_X509EXT_POLICYINFO *policyInfo; 65999ebb4caSwyllys } KMF_X509EXT_CERT_POLICIES; 66099ebb4caSwyllys 66199ebb4caSwyllys typedef struct 66299ebb4caSwyllys { 66399ebb4caSwyllys uchar_t critical; 66499ebb4caSwyllys uint16_t KeyUsageBits; 66599ebb4caSwyllys } KMF_X509EXT_KEY_USAGE; 66699ebb4caSwyllys 66799ebb4caSwyllys typedef struct 66899ebb4caSwyllys { 66999ebb4caSwyllys uchar_t critical; 67099ebb4caSwyllys uint16_t nEKUs; 67199ebb4caSwyllys KMF_OID *keyPurposeIdList; 67299ebb4caSwyllys } KMF_X509EXT_EKU; 67399ebb4caSwyllys 67499ebb4caSwyllys 67599ebb4caSwyllys /* 67699ebb4caSwyllys * X509 AuthorityInfoAccess extension 67799ebb4caSwyllys */ 67899ebb4caSwyllys typedef struct 67999ebb4caSwyllys { 68099ebb4caSwyllys KMF_OID AccessMethod; 68199ebb4caSwyllys KMF_DATA AccessLocation; 68299ebb4caSwyllys } KMF_X509EXT_ACCESSDESC; 68399ebb4caSwyllys 68499ebb4caSwyllys typedef struct 68599ebb4caSwyllys { 68699ebb4caSwyllys uint32_t numberOfAccessDescription; 68799ebb4caSwyllys KMF_X509EXT_ACCESSDESC *AccessDesc; 68899ebb4caSwyllys } KMF_X509EXT_AUTHINFOACCESS; 68999ebb4caSwyllys 69099ebb4caSwyllys 69199ebb4caSwyllys /* 69299ebb4caSwyllys * X509 Crl Distribution Point extension 69399ebb4caSwyllys */ 69499ebb4caSwyllys typedef struct { 69599ebb4caSwyllys KMF_GENERALNAMECHOICES choice; 69699ebb4caSwyllys KMF_DATA name; 69799ebb4caSwyllys } KMF_GENERALNAME; 69899ebb4caSwyllys 69999ebb4caSwyllys typedef struct { 70099ebb4caSwyllys uint32_t number; 70199ebb4caSwyllys KMF_GENERALNAME *namelist; 70299ebb4caSwyllys } KMF_GENERALNAMES; 70399ebb4caSwyllys 70499ebb4caSwyllys typedef enum { 70599ebb4caSwyllys DP_GENERAL_NAME = 1, 70699ebb4caSwyllys DP_RELATIVE_NAME = 2 70799ebb4caSwyllys } KMF_CRL_DIST_POINT_TYPE; 70899ebb4caSwyllys 70999ebb4caSwyllys typedef struct { 71099ebb4caSwyllys KMF_CRL_DIST_POINT_TYPE type; 71199ebb4caSwyllys union { 71299ebb4caSwyllys KMF_GENERALNAMES full_name; 71399ebb4caSwyllys KMF_DATA relative_name; 71499ebb4caSwyllys } name; 71599ebb4caSwyllys KMF_DATA reasons; 71699ebb4caSwyllys KMF_GENERALNAMES crl_issuer; 71799ebb4caSwyllys } KMF_CRL_DIST_POINT; 71899ebb4caSwyllys 71999ebb4caSwyllys typedef struct { 72099ebb4caSwyllys uint32_t number; 72199ebb4caSwyllys KMF_CRL_DIST_POINT *dplist; 72299ebb4caSwyllys } KMF_X509EXT_CRLDISTPOINTS; 72399ebb4caSwyllys 72430a5e8faSwyllys typedef enum { 72530a5e8faSwyllys KMF_DATA_ATTR, 72630a5e8faSwyllys KMF_OID_ATTR, 72730a5e8faSwyllys KMF_BIGINT_ATTR, 72830a5e8faSwyllys KMF_X509_DER_CERT_ATTR, 72930a5e8faSwyllys KMF_KEYSTORE_TYPE_ATTR, 73030a5e8faSwyllys KMF_ENCODE_FORMAT_ATTR, 73130a5e8faSwyllys KMF_CERT_VALIDITY_ATTR, 73230a5e8faSwyllys KMF_KU_PURPOSE_ATTR, 73330a5e8faSwyllys KMF_ALGORITHM_INDEX_ATTR, 73430a5e8faSwyllys KMF_TOKEN_LABEL_ATTR, 73530a5e8faSwyllys KMF_READONLY_ATTR, 73630a5e8faSwyllys KMF_DIRPATH_ATTR, 73730a5e8faSwyllys KMF_CERTPREFIX_ATTR, 73830a5e8faSwyllys KMF_KEYPREFIX_ATTR, 73930a5e8faSwyllys KMF_SECMODNAME_ATTR, 74030a5e8faSwyllys KMF_CREDENTIAL_ATTR, 74130a5e8faSwyllys KMF_TRUSTFLAG_ATTR, 74230a5e8faSwyllys KMF_CRL_FILENAME_ATTR, 74330a5e8faSwyllys KMF_CRL_CHECK_ATTR, 74430a5e8faSwyllys KMF_CRL_DATA_ATTR, 74530a5e8faSwyllys KMF_CRL_SUBJECT_ATTR, 74630a5e8faSwyllys KMF_CRL_ISSUER_ATTR, 74730a5e8faSwyllys KMF_CRL_NAMELIST_ATTR, 74830a5e8faSwyllys KMF_CRL_COUNT_ATTR, 74930a5e8faSwyllys KMF_CRL_OUTFILE_ATTR, 75030a5e8faSwyllys KMF_CERT_LABEL_ATTR, 75130a5e8faSwyllys KMF_SUBJECT_NAME_ATTR, 75230a5e8faSwyllys KMF_ISSUER_NAME_ATTR, 75330a5e8faSwyllys KMF_CERT_FILENAME_ATTR, 75430a5e8faSwyllys KMF_KEY_FILENAME_ATTR, 75530a5e8faSwyllys KMF_OUTPUT_FILENAME_ATTR, 75630a5e8faSwyllys KMF_IDSTR_ATTR, 75730a5e8faSwyllys KMF_CERT_DATA_ATTR, 75830a5e8faSwyllys KMF_OCSP_RESPONSE_DATA_ATTR, 75930a5e8faSwyllys KMF_OCSP_RESPONSE_STATUS_ATTR, 76030a5e8faSwyllys KMF_OCSP_RESPONSE_REASON_ATTR, 76130a5e8faSwyllys KMF_OCSP_RESPONSE_CERT_STATUS_ATTR, 76230a5e8faSwyllys KMF_OCSP_REQUEST_FILENAME_ATTR, 76330a5e8faSwyllys KMF_KEYALG_ATTR, 76430a5e8faSwyllys KMF_KEYCLASS_ATTR, 76530a5e8faSwyllys KMF_KEYLABEL_ATTR, 76630a5e8faSwyllys KMF_KEYLENGTH_ATTR, 76730a5e8faSwyllys KMF_RSAEXP_ATTR, 76830a5e8faSwyllys KMF_TACERT_DATA_ATTR, 76930a5e8faSwyllys KMF_SLOT_ID_ATTR, 77030a5e8faSwyllys KMF_PK12CRED_ATTR, 77130a5e8faSwyllys KMF_ISSUER_CERT_DATA_ATTR, 77230a5e8faSwyllys KMF_USER_CERT_DATA_ATTR, 77330a5e8faSwyllys KMF_SIGNER_CERT_DATA_ATTR, 77430a5e8faSwyllys KMF_IGNORE_RESPONSE_SIGN_ATTR, 77530a5e8faSwyllys KMF_RESPONSE_LIFETIME_ATTR, 77630a5e8faSwyllys KMF_KEY_HANDLE_ATTR, 77730a5e8faSwyllys KMF_PRIVKEY_HANDLE_ATTR, 77830a5e8faSwyllys KMF_PUBKEY_HANDLE_ATTR, 77930a5e8faSwyllys KMF_ERROR_ATTR, 78030a5e8faSwyllys KMF_X509_NAME_ATTR, 78130a5e8faSwyllys KMF_X509_SPKI_ATTR, 78230a5e8faSwyllys KMF_X509_CERTIFICATE_ATTR, 78330a5e8faSwyllys KMF_RAW_KEY_ATTR, 78430a5e8faSwyllys KMF_CSR_DATA_ATTR, 78530a5e8faSwyllys KMF_GENERALNAMECHOICES_ATTR, 78630a5e8faSwyllys KMF_STOREKEY_BOOL_ATTR, 78730a5e8faSwyllys KMF_SENSITIVE_BOOL_ATTR, 78830a5e8faSwyllys KMF_NON_EXTRACTABLE_BOOL_ATTR, 78930a5e8faSwyllys KMF_TOKEN_BOOL_ATTR, 79030a5e8faSwyllys KMF_PRIVATE_BOOL_ATTR, 79130a5e8faSwyllys KMF_NEWPIN_ATTR, 79230a5e8faSwyllys KMF_IN_SIGN_ATTR, 79330a5e8faSwyllys KMF_OUT_DATA_ATTR, 79430a5e8faSwyllys KMF_COUNT_ATTR, 79530a5e8faSwyllys KMF_DESTROY_BOOL_ATTR, 79630a5e8faSwyllys KMF_TBS_CERT_DATA_ATTR, 79730a5e8faSwyllys KMF_PLAINTEXT_DATA_ATTR, 79830a5e8faSwyllys KMF_CIPHERTEXT_DATA_ATTR, 79930a5e8faSwyllys KMF_VALIDATE_RESULT_ATTR, 80047e946e7SWyllys Ingersoll KMF_KEY_DATA_ATTR, 801e65e5c2dSWyllys Ingersoll KMF_PK11_USER_TYPE_ATTR, 802269e59f9SJan Pechanec KMF_ECC_CURVE_OID_ATTR, 803269e59f9SJan Pechanec KMF_MAPPER_NAME_ATTR, 804269e59f9SJan Pechanec KMF_MAPPER_PATH_ATTR, 805269e59f9SJan Pechanec KMF_MAPPER_OPTIONS_ATTR 80630a5e8faSwyllys } KMF_ATTR_TYPE; 80730a5e8faSwyllys 80830a5e8faSwyllys typedef struct { 80930a5e8faSwyllys KMF_ATTR_TYPE type; 81030a5e8faSwyllys void *pValue; 81130a5e8faSwyllys uint32_t valueLen; 81230a5e8faSwyllys } KMF_ATTRIBUTE; 81399ebb4caSwyllys 81499ebb4caSwyllys /* 81599ebb4caSwyllys * Definitions for common X.509v3 certificate attribute OIDs 81699ebb4caSwyllys */ 81799ebb4caSwyllys #define OID_ISO_MEMBER 42 /* Also in PKCS */ 81899ebb4caSwyllys #define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */ 81999ebb4caSwyllys #define OID_CA OID_ISO_MEMBER, 124 82099ebb4caSwyllys 82199ebb4caSwyllys #define OID_ISO_IDENTIFIED_ORG 43 82299ebb4caSwyllys #define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 82399ebb4caSwyllys #define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 82499ebb4caSwyllys #define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 82599ebb4caSwyllys #define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */ 82699ebb4caSwyllys 82799ebb4caSwyllys #define OID_ISO_CCITT_DIR_SERVICE 85 82899ebb4caSwyllys #define OID_ISO_CCITT_COUNTRY 96 82999ebb4caSwyllys #define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72 83099ebb4caSwyllys #define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124 83199ebb4caSwyllys #define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1 83299ebb4caSwyllys #define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2 83399ebb4caSwyllys #define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3 83499ebb4caSwyllys 83599ebb4caSwyllys /* From the PKCS Standards */ 83699ebb4caSwyllys #define OID_ISO_MEMBER_LENGTH 1 83799ebb4caSwyllys #define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2) 83899ebb4caSwyllys 83999ebb4caSwyllys #define OID_RSA OID_US, 134, 247, 13 84099ebb4caSwyllys #define OID_RSA_LENGTH (OID_US_LENGTH + 3) 84199ebb4caSwyllys 84299ebb4caSwyllys #define OID_RSA_HASH OID_RSA, 2 84399ebb4caSwyllys #define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1) 84499ebb4caSwyllys 84599ebb4caSwyllys #define OID_RSA_ENCRYPT OID_RSA, 3 84699ebb4caSwyllys #define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1) 84799ebb4caSwyllys 84899ebb4caSwyllys #define OID_PKCS OID_RSA, 1 84999ebb4caSwyllys #define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1) 85099ebb4caSwyllys 85199ebb4caSwyllys #define OID_PKCS_1 OID_PKCS, 1 85299ebb4caSwyllys #define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1) 85399ebb4caSwyllys 85499ebb4caSwyllys #define OID_PKCS_2 OID_PKCS, 2 85599ebb4caSwyllys #define OID_PKCS_3 OID_PKCS, 3 85699ebb4caSwyllys #define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1) 85799ebb4caSwyllys 85899ebb4caSwyllys #define OID_PKCS_4 OID_PKCS, 4 85999ebb4caSwyllys #define OID_PKCS_5 OID_PKCS, 5 86099ebb4caSwyllys #define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1) 86199ebb4caSwyllys #define OID_PKCS_6 OID_PKCS, 6 86299ebb4caSwyllys #define OID_PKCS_7 OID_PKCS, 7 86399ebb4caSwyllys #define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1) 86499ebb4caSwyllys 86599ebb4caSwyllys #define OID_PKCS_7_Data OID_PKCS_7, 1 86699ebb4caSwyllys #define OID_PKCS_7_SignedData OID_PKCS_7, 2 86799ebb4caSwyllys #define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3 86899ebb4caSwyllys #define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4 86999ebb4caSwyllys #define OID_PKCS_7_DigestedData OID_PKCS_7, 5 87099ebb4caSwyllys #define OID_PKCS_7_EncryptedData OID_PKCS_7, 6 87199ebb4caSwyllys 87299ebb4caSwyllys #define OID_PKCS_8 OID_PKCS, 8 87399ebb4caSwyllys #define OID_PKCS_9 OID_PKCS, 9 87499ebb4caSwyllys #define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1) 87599ebb4caSwyllys 87699ebb4caSwyllys #define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3 87799ebb4caSwyllys #define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4 87899ebb4caSwyllys #define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5 87999ebb4caSwyllys #define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6 88099ebb4caSwyllys #define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14 88199ebb4caSwyllys 88299ebb4caSwyllys #define OID_PKCS_10 OID_PKCS, 10 88399ebb4caSwyllys 88499ebb4caSwyllys #define OID_PKCS_12 OID_PKCS, 12 88599ebb4caSwyllys #define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1) 88699ebb4caSwyllys 88799ebb4caSwyllys #define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1 88899ebb4caSwyllys #define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2 88999ebb4caSwyllys #define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3 89099ebb4caSwyllys #define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4 89199ebb4caSwyllys #define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5 89299ebb4caSwyllys #define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6 89399ebb4caSwyllys 89499ebb4caSwyllys #define OID_BAG_TYPES OID_PKCS_12, 10, 1 89599ebb4caSwyllys #define OID_KeyBag OID_BAG_TYPES, 1 89699ebb4caSwyllys #define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2 89799ebb4caSwyllys #define OID_CertBag OID_BAG_TYPES, 3 89899ebb4caSwyllys #define OID_CrlBag OID_BAG_TYPES, 4 89999ebb4caSwyllys #define OID_SecretBag OID_BAG_TYPES, 5 90099ebb4caSwyllys #define OID_SafeContentsBag OID_BAG_TYPES, 6 90199ebb4caSwyllys 90299ebb4caSwyllys #define OID_ContentInfo OID_PKCS_7, 0, 1 90399ebb4caSwyllys 90499ebb4caSwyllys #define OID_CERT_TYPES OID_PKCS_9, 22 90599ebb4caSwyllys #define OID_x509Certificate OID_CERT_TYPES, 1 90699ebb4caSwyllys #define OID_sdsiCertificate OID_CERT_TYPES, 2 90799ebb4caSwyllys 90899ebb4caSwyllys #define OID_CRL_TYPES OID_PKCS_9, 23 90999ebb4caSwyllys #define OID_x509Crl OID_CRL_TYPES, 1 91099ebb4caSwyllys 91199ebb4caSwyllys #define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */ 91299ebb4caSwyllys #define OID_DS_LENGTH 1 91399ebb4caSwyllys 91499ebb4caSwyllys #define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */ 91599ebb4caSwyllys #define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1) 91699ebb4caSwyllys 91799ebb4caSwyllys #define OID_DSALG OID_DS, 8 /* Also in X.501 */ 91899ebb4caSwyllys #define OID_DSALG_LENGTH (OID_DS_LENGTH + 1) 91999ebb4caSwyllys 92099ebb4caSwyllys #define OID_EXTENSION OID_DS, 29 /* Also in X.501 */ 92199ebb4caSwyllys #define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1) 92299ebb4caSwyllys 92399ebb4caSwyllys /* 92499ebb4caSwyllys * From RFC 1274: 92599ebb4caSwyllys * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) } 92699ebb4caSwyllys */ 92799ebb4caSwyllys #define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 92899ebb4caSwyllys #define OID_PILOT_LENGTH 9 92999ebb4caSwyllys 93099ebb4caSwyllys #define OID_USERID OID_PILOT 1 93199ebb4caSwyllys #define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1) 93299ebb4caSwyllys 93399ebb4caSwyllys /* 93499ebb4caSwyllys * From PKIX part1 93599ebb4caSwyllys * { iso(1) identified-organization(3) dod(6) internet(1) 93699ebb4caSwyllys * security(5) mechanisms(5) pkix(7) } 93799ebb4caSwyllys */ 93899ebb4caSwyllys #define OID_PKIX 43, 6, 1, 5, 5, 7 93999ebb4caSwyllys #define OID_PKIX_LENGTH 6 94099ebb4caSwyllys 94199ebb4caSwyllys /* private certificate extensions, { id-pkix 1 } */ 94299ebb4caSwyllys #define OID_PKIX_PE OID_PKIX, 1 94399ebb4caSwyllys #define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1) 94499ebb4caSwyllys 94599ebb4caSwyllys /* policy qualifier types {id-pkix 2 } */ 94699ebb4caSwyllys #define OID_PKIX_QT OID_PKIX, 2 94799ebb4caSwyllys #define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1) 94899ebb4caSwyllys 94999ebb4caSwyllys /* CPS qualifier, { id-qt 1 } */ 95099ebb4caSwyllys #define OID_PKIX_QT_CPS OID_PKIX_QT, 1 95199ebb4caSwyllys #define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1) 95299ebb4caSwyllys /* user notice qualifier, { id-qt 2 } */ 95399ebb4caSwyllys #define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2 95499ebb4caSwyllys #define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1) 95599ebb4caSwyllys 95699ebb4caSwyllys /* extended key purpose OIDs {id-pkix 3 } */ 95799ebb4caSwyllys #define OID_PKIX_KP OID_PKIX, 3 95899ebb4caSwyllys #define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1) 95999ebb4caSwyllys 96099ebb4caSwyllys /* access descriptors {id-pkix 4 } */ 96199ebb4caSwyllys #define OID_PKIX_AD OID_PKIX, 48 96299ebb4caSwyllys #define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1) 96399ebb4caSwyllys 96499ebb4caSwyllys /* access descriptors */ 96599ebb4caSwyllys /* OCSP */ 96699ebb4caSwyllys #define OID_PKIX_AD_OCSP OID_PKIX_AD, 1 96799ebb4caSwyllys #define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1) 96899ebb4caSwyllys 96999ebb4caSwyllys /* cAIssuers */ 97099ebb4caSwyllys #define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2 97199ebb4caSwyllys #define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1) 97299ebb4caSwyllys 97399ebb4caSwyllys /* end PKIX part1 */ 974d00756ccSwyllys 975d00756ccSwyllys /* 976d00756ccSwyllys * From RFC4556 (PKINIT) 977d00756ccSwyllys * 978d00756ccSwyllys * pkinit = { iso(1) identified-organization(3) dod(6) internet(1) 979d00756ccSwyllys * security(5) kerberosv5(2) pkinit(3) } 980d00756ccSwyllys */ 981d00756ccSwyllys #define OID_KRB5_PKINIT 43, 6, 1, 5, 2, 3 982d00756ccSwyllys #define OID_KRB5_PKINIT_LENGTH 6 983d00756ccSwyllys 984d00756ccSwyllys #define OID_KRB5_PKINIT_KPCLIENTAUTH OID_KRB5_PKINIT, 4 985d00756ccSwyllys #define OID_KRB5_PKINIT_KPCLIENTAUTH_LENGTH (OID_KRB5_PKINIT_LENGTH + 1) 986d00756ccSwyllys 987d00756ccSwyllys #define OID_KRB5_PKINIT_KPKDC OID_KRB5_PKINIT, 5 988d00756ccSwyllys #define OID_KRB5_PKINIT_KPKDC_LENGTH (OID_KRB5_PKINIT_LENGTH + 1) 989d00756ccSwyllys 990d00756ccSwyllys #define OID_KRB5_SAN 43, 6, 1, 5, 2, 2 991d00756ccSwyllys #define OID_KRB5_SAN_LENGTH 6 992d00756ccSwyllys 993d00756ccSwyllys /* 994d00756ccSwyllys * Microsoft OIDs: 995d00756ccSwyllys * id-ms-san-sc-logon-upn = 996d00756ccSwyllys * {iso(1) identified-organization(3) dod(6) internet(1) private(4) 997d00756ccSwyllys * enterprise(1) microsoft(311) 20 2 3} 998d00756ccSwyllys * 999d00756ccSwyllys * id-ms-kp-sc-logon = 1000d00756ccSwyllys * {iso(1) identified-organization(3) dod(6) internet(1) private(4) 1001d00756ccSwyllys * enterprise(1) microsoft(311) 20 2 2} 1002d00756ccSwyllys */ 1003d00756ccSwyllys #define OID_MS 43, 6, 1, 4, 1, 130, 55 1004d00756ccSwyllys #define OID_MS_LENGTH 7 1005d00756ccSwyllys #define OID_MS_KP_SC_LOGON OID_MS, 20, 2, 2 1006d00756ccSwyllys #define OID_MS_KP_SC_LOGON_LENGTH (OID_MS_LENGTH + 3) 1007d00756ccSwyllys 1008d00756ccSwyllys #define OID_MS_KP_SC_LOGON_UPN OID_MS, 20, 2, 3 1009d00756ccSwyllys #define OID_MS_KP_SC_LOGON_UPN_LENGTH (OID_MS_LENGTH + 3) 1010d00756ccSwyllys 1011d00756ccSwyllys #define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4 1012d00756ccSwyllys #define OID_APPL_TCP_PROTO_LENGTH 8 101399ebb4caSwyllys 101499ebb4caSwyllys #define OID_DAP OID_DS, 3, 1 101599ebb4caSwyllys #define OID_DAP_LENGTH (OID_DS_LENGTH + 2) 101699ebb4caSwyllys 101799ebb4caSwyllys /* From x9.57 */ 101899ebb4caSwyllys #define OID_OIW_LENGTH 2 101999ebb4caSwyllys 102099ebb4caSwyllys #define OID_OIW_SECSIG OID_OIW, 3 102199ebb4caSwyllys #define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1) 102299ebb4caSwyllys 102399ebb4caSwyllys #define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 102499ebb4caSwyllys #define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1) 102599ebb4caSwyllys 102699ebb4caSwyllys #define OID_OIWDIR OID_OIW, 7, 2 102799ebb4caSwyllys #define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2) 102899ebb4caSwyllys 102999ebb4caSwyllys #define OID_OIWDIR_CRPT OID_OIWDIR, 1 103099ebb4caSwyllys 103199ebb4caSwyllys #define OID_OIWDIR_HASH OID_OIWDIR, 2 103299ebb4caSwyllys #define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1) 103399ebb4caSwyllys 103499ebb4caSwyllys #define OID_OIWDIR_SIGN OID_OIWDIR, 3 103599ebb4caSwyllys #define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1) 103699ebb4caSwyllys 103799ebb4caSwyllys #define OID_X9CM OID_US, 206, 56 103899ebb4caSwyllys #define OID_X9CM_MODULE OID_X9CM, 1 103999ebb4caSwyllys #define OID_X9CM_INSTRUCTION OID_X9CM, 2 104099ebb4caSwyllys #define OID_X9CM_ATTR OID_X9CM, 3 104199ebb4caSwyllys #define OID_X9CM_X9ALGORITHM OID_X9CM, 4 104299ebb4caSwyllys #define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1) 104399ebb4caSwyllys 104499ebb4caSwyllys #define INTEL 96, 134, 72, 1, 134, 248, 77 104599ebb4caSwyllys #define INTEL_LENGTH 7 104699ebb4caSwyllys 104799ebb4caSwyllys #define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 104899ebb4caSwyllys #define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) 104999ebb4caSwyllys 105099ebb4caSwyllys #define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 105199ebb4caSwyllys #define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) 105299ebb4caSwyllys 105399ebb4caSwyllys extern const KMF_OID 105499ebb4caSwyllys KMFOID_AliasedEntryName, 105599ebb4caSwyllys KMFOID_AuthorityRevocationList, 105699ebb4caSwyllys KMFOID_BusinessCategory, 105799ebb4caSwyllys KMFOID_CACertificate, 105899ebb4caSwyllys KMFOID_CertificateRevocationList, 105999ebb4caSwyllys KMFOID_ChallengePassword, 106099ebb4caSwyllys KMFOID_CollectiveFacsimileTelephoneNumber, 106199ebb4caSwyllys KMFOID_CollectiveInternationalISDNNumber, 106299ebb4caSwyllys KMFOID_CollectiveOrganizationName, 106399ebb4caSwyllys KMFOID_CollectiveOrganizationalUnitName, 106499ebb4caSwyllys KMFOID_CollectivePhysicalDeliveryOfficeName, 106599ebb4caSwyllys KMFOID_CollectivePostOfficeBox, 106699ebb4caSwyllys KMFOID_CollectivePostalAddress, 106799ebb4caSwyllys KMFOID_CollectivePostalCode, 106899ebb4caSwyllys KMFOID_CollectiveStateProvinceName, 106999ebb4caSwyllys KMFOID_CollectiveStreetAddress, 107099ebb4caSwyllys KMFOID_CollectiveTelephoneNumber, 107199ebb4caSwyllys KMFOID_CollectiveTelexNumber, 107299ebb4caSwyllys KMFOID_CollectiveTelexTerminalIdentifier, 107399ebb4caSwyllys KMFOID_CommonName, 107499ebb4caSwyllys KMFOID_ContentType, 107599ebb4caSwyllys KMFOID_CounterSignature, 107699ebb4caSwyllys KMFOID_CountryName, 107799ebb4caSwyllys KMFOID_CrossCertificatePair, 107899ebb4caSwyllys KMFOID_DNQualifier, 107999ebb4caSwyllys KMFOID_Description, 108099ebb4caSwyllys KMFOID_DestinationIndicator, 108199ebb4caSwyllys KMFOID_DistinguishedName, 108299ebb4caSwyllys KMFOID_EmailAddress, 108399ebb4caSwyllys KMFOID_EnhancedSearchGuide, 108499ebb4caSwyllys KMFOID_ExtendedCertificateAttributes, 108599ebb4caSwyllys KMFOID_ExtensionRequest, 108699ebb4caSwyllys KMFOID_FacsimileTelephoneNumber, 108799ebb4caSwyllys KMFOID_GenerationQualifier, 108899ebb4caSwyllys KMFOID_GivenName, 108999ebb4caSwyllys KMFOID_HouseIdentifier, 109099ebb4caSwyllys KMFOID_Initials, 109199ebb4caSwyllys KMFOID_InternationalISDNNumber, 109299ebb4caSwyllys KMFOID_KnowledgeInformation, 109399ebb4caSwyllys KMFOID_LocalityName, 109499ebb4caSwyllys KMFOID_Member, 109599ebb4caSwyllys KMFOID_MessageDigest, 109699ebb4caSwyllys KMFOID_Name, 109799ebb4caSwyllys KMFOID_ObjectClass, 109899ebb4caSwyllys KMFOID_OrganizationName, 109999ebb4caSwyllys KMFOID_OrganizationalUnitName, 110099ebb4caSwyllys KMFOID_Owner, 110199ebb4caSwyllys KMFOID_PhysicalDeliveryOfficeName, 110299ebb4caSwyllys KMFOID_PostOfficeBox, 110399ebb4caSwyllys KMFOID_PostalAddress, 110499ebb4caSwyllys KMFOID_PostalCode, 110599ebb4caSwyllys KMFOID_PreferredDeliveryMethod, 110699ebb4caSwyllys KMFOID_PresentationAddress, 110799ebb4caSwyllys KMFOID_ProtocolInformation, 110899ebb4caSwyllys KMFOID_RFC822mailbox, 110999ebb4caSwyllys KMFOID_RegisteredAddress, 111099ebb4caSwyllys KMFOID_RoleOccupant, 111199ebb4caSwyllys KMFOID_SearchGuide, 111299ebb4caSwyllys KMFOID_SeeAlso, 111399ebb4caSwyllys KMFOID_SerialNumber, 111499ebb4caSwyllys KMFOID_SigningTime, 111599ebb4caSwyllys KMFOID_StateProvinceName, 111699ebb4caSwyllys KMFOID_StreetAddress, 111799ebb4caSwyllys KMFOID_SupportedApplicationContext, 111899ebb4caSwyllys KMFOID_Surname, 111999ebb4caSwyllys KMFOID_TelephoneNumber, 112099ebb4caSwyllys KMFOID_TelexNumber, 112199ebb4caSwyllys KMFOID_TelexTerminalIdentifier, 112299ebb4caSwyllys KMFOID_Title, 112399ebb4caSwyllys KMFOID_UniqueIdentifier, 112499ebb4caSwyllys KMFOID_UniqueMember, 112599ebb4caSwyllys KMFOID_UnstructuredAddress, 112699ebb4caSwyllys KMFOID_UnstructuredName, 112799ebb4caSwyllys KMFOID_UserCertificate, 112899ebb4caSwyllys KMFOID_UserPassword, 112999ebb4caSwyllys KMFOID_X_121Address, 113099ebb4caSwyllys KMFOID_domainComponent, 113199ebb4caSwyllys KMFOID_userid; 113299ebb4caSwyllys 113399ebb4caSwyllys extern const KMF_OID 113499ebb4caSwyllys KMFOID_AuthorityKeyID, 113599ebb4caSwyllys KMFOID_AuthorityInfoAccess, 113699ebb4caSwyllys KMFOID_VerisignCertificatePolicy, 113799ebb4caSwyllys KMFOID_KeyUsageRestriction, 113899ebb4caSwyllys KMFOID_SubjectDirectoryAttributes, 113999ebb4caSwyllys KMFOID_SubjectKeyIdentifier, 114099ebb4caSwyllys KMFOID_KeyUsage, 114199ebb4caSwyllys KMFOID_PrivateKeyUsagePeriod, 114299ebb4caSwyllys KMFOID_SubjectAltName, 114399ebb4caSwyllys KMFOID_IssuerAltName, 114499ebb4caSwyllys KMFOID_BasicConstraints, 114599ebb4caSwyllys KMFOID_CrlNumber, 114699ebb4caSwyllys KMFOID_CrlReason, 114799ebb4caSwyllys KMFOID_HoldInstructionCode, 114899ebb4caSwyllys KMFOID_InvalidityDate, 114999ebb4caSwyllys KMFOID_DeltaCrlIndicator, 115099ebb4caSwyllys KMFOID_IssuingDistributionPoints, 115199ebb4caSwyllys KMFOID_NameConstraints, 115299ebb4caSwyllys KMFOID_CrlDistributionPoints, 115399ebb4caSwyllys KMFOID_CertificatePolicies, 115499ebb4caSwyllys KMFOID_PolicyMappings, 115599ebb4caSwyllys KMFOID_PolicyConstraints, 115699ebb4caSwyllys KMFOID_AuthorityKeyIdentifier, 115799ebb4caSwyllys KMFOID_ExtendedKeyUsage, 115899ebb4caSwyllys KMFOID_PkixAdOcsp, 115999ebb4caSwyllys KMFOID_PkixAdCaIssuers, 116099ebb4caSwyllys KMFOID_PKIX_PQ_CPSuri, 116199ebb4caSwyllys KMFOID_PKIX_PQ_Unotice, 116299ebb4caSwyllys KMFOID_PKIX_KP_ServerAuth, 116399ebb4caSwyllys KMFOID_PKIX_KP_ClientAuth, 116499ebb4caSwyllys KMFOID_PKIX_KP_CodeSigning, 116599ebb4caSwyllys KMFOID_PKIX_KP_EmailProtection, 116699ebb4caSwyllys KMFOID_PKIX_KP_IPSecEndSystem, 116799ebb4caSwyllys KMFOID_PKIX_KP_IPSecTunnel, 116899ebb4caSwyllys KMFOID_PKIX_KP_IPSecUser, 116999ebb4caSwyllys KMFOID_PKIX_KP_TimeStamping, 117002744e81Swyllys KMFOID_PKIX_KP_OCSPSigning, 117102744e81Swyllys KMFOID_SHA1, 117202744e81Swyllys KMFOID_RSA, 117302744e81Swyllys KMFOID_DSA, 1174e65e5c2dSWyllys Ingersoll KMFOID_MD5, 117502744e81Swyllys KMFOID_MD5WithRSA, 117602744e81Swyllys KMFOID_MD2WithRSA, 117702744e81Swyllys KMFOID_SHA1WithRSA, 1178e65e5c2dSWyllys Ingersoll KMFOID_SHA256WithRSA, 1179e65e5c2dSWyllys Ingersoll KMFOID_SHA384WithRSA, 1180e65e5c2dSWyllys Ingersoll KMFOID_SHA512WithRSA, 118102744e81Swyllys KMFOID_SHA1WithDSA, 118202744e81Swyllys KMFOID_X9CM_DSA, 118302744e81Swyllys KMFOID_X9CM_DSAWithSHA1; 118499ebb4caSwyllys 1185d00756ccSwyllys /* For PKINIT support */ 1186d00756ccSwyllys extern const KMF_OID 1187d00756ccSwyllys KMFOID_PKINIT_san, 1188d00756ccSwyllys KMFOID_PKINIT_ClientAuth, 1189d00756ccSwyllys KMFOID_PKINIT_Kdc, 1190d00756ccSwyllys KMFOID_MS_KP_SCLogon, 1191d00756ccSwyllys KMFOID_MS_KP_SCLogon_UPN; 1192d00756ccSwyllys 1193e65e5c2dSWyllys Ingersoll /* For ECC support */ 1194e65e5c2dSWyllys Ingersoll extern const KMF_OID 1195e65e5c2dSWyllys Ingersoll KMFOID_EC_PUBLIC_KEY, 1196e65e5c2dSWyllys Ingersoll KMFOID_SHA1WithECDSA, 1197e65e5c2dSWyllys Ingersoll KMFOID_SHA224WithECDSA, 1198e65e5c2dSWyllys Ingersoll KMFOID_SHA256WithECDSA, 1199e65e5c2dSWyllys Ingersoll KMFOID_SHA384WithECDSA, 1200e65e5c2dSWyllys Ingersoll KMFOID_SHA512WithECDSA, 1201e65e5c2dSWyllys Ingersoll KMFOID_SHA224WithDSA, 1202e65e5c2dSWyllys Ingersoll KMFOID_SHA256WithDSA, 1203e65e5c2dSWyllys Ingersoll KMFOID_SHA224, 1204e65e5c2dSWyllys Ingersoll KMFOID_SHA256, 1205e65e5c2dSWyllys Ingersoll KMFOID_SHA384, 1206e65e5c2dSWyllys Ingersoll KMFOID_SHA512, 1207e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp112r1, 1208e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp112r2, 1209e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp128r1, 1210e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp128r2, 1211e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp160k1, 1212e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp160r1, 1213e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp160r2, 1214e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp192k1, 1215e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp224k1, 1216e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp224r1, 1217e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp256k1, 1218e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp384r1, 1219e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp521r1, 1220e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect113r1, 1221e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect113r2, 1222e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect131r1, 1223e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect131r2, 1224e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect163k1, 1225e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect163r1, 1226e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect163r2, 1227e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect193r1, 1228e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect193r2, 1229e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect233k1, 1230e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect233r1, 1231e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect239k1, 1232e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect283k1, 1233e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect283r1, 1234e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect409k1, 1235e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect409r1, 1236e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect571k1, 1237e65e5c2dSWyllys Ingersoll KMFOID_ECC_sect571r1, 1238e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2pnb163v1, 1239e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2pnb163v2, 1240e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2pnb163v3, 1241e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2pnb176v1, 1242e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2tnb191v1, 1243e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2tnb191v2, 1244e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2tnb191v3, 1245e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2pnb208w1, 1246e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2tnb239v1, 1247e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2tnb239v2, 1248e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2tnb239v3, 1249e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2pnb272w1, 1250e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2pnb304w1, 1251e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2tnb359v1, 1252e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2pnb368w1, 1253e65e5c2dSWyllys Ingersoll KMFOID_ECC_c2tnb431r1, 1254e65e5c2dSWyllys Ingersoll KMFOID_ECC_prime192v2, 1255e65e5c2dSWyllys Ingersoll KMFOID_ECC_prime192v3, 1256e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp192r1, 1257e65e5c2dSWyllys Ingersoll KMFOID_ECC_secp256r1; 1258e65e5c2dSWyllys Ingersoll 1259e65e5c2dSWyllys Ingersoll /* 1260e65e5c2dSWyllys Ingersoll * ANSI X9-62 prime192v1 is same as secp192r1 and 1261e65e5c2dSWyllys Ingersoll * ANSI X9-62 prime256v1 is same as secp256r1 1262e65e5c2dSWyllys Ingersoll */ 1263e65e5c2dSWyllys Ingersoll #define KMFOID_ANSIX962_prime192v1 KMFOID_ECC_secp192r1 1264e65e5c2dSWyllys Ingersoll #define KMFOID_ANSIX962_prime256v1 KMFOID_ECC_secp256r1 1265e65e5c2dSWyllys Ingersoll 126699ebb4caSwyllys /* 126799ebb4caSwyllys * KMF Certificate validation codes. These may be masked together. 126899ebb4caSwyllys */ 126999ebb4caSwyllys #define KMF_CERT_VALIDATE_OK 0x00 127099ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_TA 0x01 127199ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_USER 0x02 127299ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04 127399ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08 127499ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10 127599ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_TIME 0x20 127699ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_CRL 0x40 127799ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_OCSP 0x80 127899ebb4caSwyllys #define KMF_CERT_VALIDATE_ERR_ISSUER 0x100 127999ebb4caSwyllys 128099ebb4caSwyllys /* 128199ebb4caSwyllys * KMF Key Usage bitmasks 128299ebb4caSwyllys */ 128399ebb4caSwyllys #define KMF_digitalSignature 0x8000 128499ebb4caSwyllys #define KMF_nonRepudiation 0x4000 128599ebb4caSwyllys #define KMF_keyEncipherment 0x2000 128699ebb4caSwyllys #define KMF_dataEncipherment 0x1000 128799ebb4caSwyllys #define KMF_keyAgreement 0x0800 128899ebb4caSwyllys #define KMF_keyCertSign 0x0400 128999ebb4caSwyllys #define KMF_cRLSign 0x0200 129099ebb4caSwyllys #define KMF_encipherOnly 0x0100 129199ebb4caSwyllys #define KMF_decipherOnly 0x0080 129299ebb4caSwyllys 129399ebb4caSwyllys #define KMF_KUBITMASK 0xFF80 129499ebb4caSwyllys 129599ebb4caSwyllys /* 129699ebb4caSwyllys * KMF Extended KeyUsage OID definitions 129799ebb4caSwyllys */ 129899ebb4caSwyllys #define KMF_EKU_SERVERAUTH 0x01 129999ebb4caSwyllys #define KMF_EKU_CLIENTAUTH 0x02 130099ebb4caSwyllys #define KMF_EKU_CODESIGNING 0x04 130199ebb4caSwyllys #define KMF_EKU_EMAIL 0x08 130299ebb4caSwyllys #define KMF_EKU_TIMESTAMP 0x10 130399ebb4caSwyllys #define KMF_EKU_OCSPSIGNING 0x20 130499ebb4caSwyllys 130599ebb4caSwyllys #ifdef __cplusplus 130699ebb4caSwyllys } 130799ebb4caSwyllys #endif 130899ebb4caSwyllys #endif /* _KMFTYPES_H */ 1309