1 /* 2 * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. 3 */ 4 /* 5 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 6 * Use is subject to license terms. 7 */ 8 9 #ifndef _KMFTYPES_H 10 #define _KMFTYPES_H 11 12 #pragma ident "%Z%%M% %I% %E% SMI" 13 14 #include <sys/types.h> 15 #include <stdlib.h> 16 #include <strings.h> 17 #include <pthread.h> 18 19 #include <security/cryptoki.h> 20 21 #ifdef __cplusplus 22 extern "C" { 23 #endif 24 25 typedef uint32_t KMF_BOOL; 26 27 #define KMF_FALSE (0) 28 #define KMF_TRUE (1) 29 30 /* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */ 31 typedef struct _kmf_handle *KMF_HANDLE_T; 32 33 /* 34 * KMF_DATA 35 * The KMF_DATA structure is used to associate a length, in bytes, with 36 * an arbitrary block of contiguous memory. 37 */ 38 typedef struct kmf_data 39 { 40 size_t Length; /* in bytes */ 41 uchar_t *Data; 42 } KMF_DATA; 43 44 typedef struct { 45 uchar_t *val; 46 size_t len; 47 } KMF_BIGINT; 48 49 /* 50 * KMF_OID 51 * The object identifier (OID) structure is used to hold a unique identifier for 52 * the atomic data fields and the compound substructure that comprise the fields 53 * of a certificate or CRL. 54 */ 55 typedef KMF_DATA KMF_OID; 56 57 typedef struct kmf_x509_private { 58 int keystore_type; 59 int flags; /* see below */ 60 char *label; 61 #define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */ 62 #define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */ 63 } KMF_X509_PRIVATE, KMF_X509_PRIVATE_PTR; 64 65 /* 66 * KMF_X509_DER_CERT 67 * This structure associates packed DER certificate data. 68 * Also, it contains the private information internal used 69 * by KMF layer. 70 */ 71 typedef struct 72 { 73 KMF_DATA certificate; 74 KMF_X509_PRIVATE kmf_private; 75 } KMF_X509_DER_CERT; 76 77 typedef enum { 78 KMF_KEYSTORE_NSS = 1, 79 KMF_KEYSTORE_OPENSSL = 2, 80 KMF_KEYSTORE_PK11TOKEN = 3, 81 KMF_KEYSTORE_DEFAULT /* based on configuration */ 82 } KMF_KEYSTORE_TYPE; 83 84 #define VALID_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\ 85 (t <= KMF_KEYSTORE_PK11TOKEN)) 86 87 typedef enum { 88 KMF_FORMAT_UNDEF = 0, 89 KMF_FORMAT_ASN1 = 1, /* DER */ 90 KMF_FORMAT_PEM = 2, 91 KMF_FORMAT_PKCS12 = 3, 92 KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */ 93 KMF_FORMAT_PEM_KEYPAIR = 5 94 } KMF_ENCODE_FORMAT; 95 #define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF 96 97 typedef enum { 98 KMF_ALL_CERTS = 0, 99 KMF_NONEXPIRED_CERTS = 1, 100 KMF_EXPIRED_CERTS = 2 101 } KMF_CERT_VALIDITY; 102 103 typedef enum { 104 KMF_KU_SIGN_CERT = 0, 105 KMF_KU_SIGN_DATA = 1, 106 KMF_KU_ENCRYPT_DATA = 2 107 } KMF_KU_PURPOSE; 108 109 110 /* Keystore Configuration */ 111 typedef struct { 112 char *configdir; 113 char *certPrefix; 114 char *keyPrefix; 115 char *secModName; 116 } KMF_NSS_CONFIG; 117 118 typedef struct { 119 char *label; 120 boolean_t readonly; 121 } KMF_PKCS11_CONFIG; 122 123 typedef struct { 124 KMF_KEYSTORE_TYPE kstype; 125 union { 126 KMF_NSS_CONFIG nss_conf; 127 KMF_PKCS11_CONFIG pkcs11_conf; 128 } ks_config_u; 129 } KMF_CONFIG_PARAMS; 130 131 #define nssconfig ks_config_u.nss_conf 132 #define pkcs11config ks_config_u.pkcs11_conf 133 134 /* 135 * Generic credential structure used by other structures below 136 * to convey authentication information to the underlying 137 * mechanisms. 138 */ 139 typedef struct { 140 char *cred; 141 uint32_t credlen; 142 } KMF_CREDENTIAL; 143 144 typedef struct 145 { 146 char *trustflag; 147 char *slotlabel; /* "internal" by default */ 148 int issuerId; 149 int subjectId; 150 char *crlfile; /* for ImportCRL */ 151 boolean_t crl_check; /* for ImportCRL */ 152 153 /* 154 * The following 2 variables are for FindCertInCRL. The caller can 155 * either specify certLabel or provide the entire certificate in 156 * DER format as input. 157 */ 158 char *certLabel; /* for FindCertInCRL */ 159 KMF_DATA *certificate; /* for FindCertInCRL */ 160 161 /* 162 * crl_subjName and crl_issuerName are used as the CRL deletion 163 * criteria. One should be non-NULL and the other one should be NULL. 164 * If crl_subjName is not NULL, then delete CRL by the subject name. 165 * Othewise, delete by the issuer name. 166 */ 167 char *crl_subjName; 168 char *crl_issuerName; 169 } KMF_NSS_PARAMS; 170 171 typedef struct { 172 char *dirpath; 173 char *certfile; 174 char *crlfile; 175 char *keyfile; 176 char *outcrlfile; 177 boolean_t crl_check; /* CRL import check; default is true */ 178 KMF_ENCODE_FORMAT format; /* output file format */ 179 } KMF_OPENSSL_PARAMS; 180 181 typedef struct { 182 boolean_t private; /* for finding CKA_PRIVATE objects */ 183 boolean_t sensitive; 184 boolean_t not_extractable; 185 boolean_t token; /* true == token object, false == session */ 186 } KMF_PKCS11_PARAMS; 187 188 typedef struct { 189 KMF_KEYSTORE_TYPE kstype; 190 char *certLabel; 191 char *issuer; 192 char *subject; 193 char *idstr; 194 KMF_BIGINT *serial; 195 KMF_CERT_VALIDITY find_cert_validity; 196 197 union { 198 KMF_NSS_PARAMS nss_opts; 199 KMF_OPENSSL_PARAMS openssl_opts; 200 KMF_PKCS11_PARAMS pkcs11_opts; 201 } ks_opt_u; 202 } KMF_FINDCERT_PARAMS, KMF_DELETECERT_PARAMS; 203 204 typedef struct { 205 KMF_KEYSTORE_TYPE kstype; 206 KMF_DATA *certificate; 207 KMF_DATA *ocsp_response; 208 209 union { 210 KMF_NSS_PARAMS nss_opts; 211 KMF_OPENSSL_PARAMS openssl_opts; 212 KMF_PKCS11_PARAMS pkcs11_opts; 213 } ks_opt_u; 214 } KMF_VALIDATECERT_PARAMS; 215 216 typedef enum { 217 KMF_KEYALG_NONE = 0, 218 KMF_RSA = 1, 219 KMF_DSA = 2, 220 KMF_AES = 3, 221 KMF_RC4 = 4, 222 KMF_DES = 5, 223 KMF_DES3 = 6 224 }KMF_KEY_ALG; 225 226 typedef enum { 227 KMF_KEYCLASS_NONE = 0, 228 KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */ 229 KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */ 230 KMF_SYMMETRIC = 3 /* symmetric key */ 231 }KMF_KEY_CLASS; 232 233 typedef struct { 234 KMF_KEYSTORE_TYPE kstype; 235 KMF_CREDENTIAL cred; 236 KMF_KEY_CLASS keyclass; 237 KMF_KEY_ALG keytype; 238 KMF_ENCODE_FORMAT format; /* for key */ 239 char *findLabel; 240 char *idstr; 241 union { 242 KMF_NSS_PARAMS nss_opts; 243 KMF_OPENSSL_PARAMS openssl_opts; 244 KMF_PKCS11_PARAMS pkcs11_opts; 245 } ks_opt_u; 246 } KMF_FINDKEY_PARAMS; 247 248 typedef struct { 249 KMF_KEYSTORE_TYPE kstype; /* all */ 250 char *certLabel; 251 252 union { 253 KMF_NSS_PARAMS nss_opts; 254 KMF_OPENSSL_PARAMS openssl_opts; 255 } ks_opt_u; 256 } KMF_STORECERT_PARAMS; 257 258 typedef struct { 259 KMF_KEYSTORE_TYPE kstype; 260 KMF_CREDENTIAL cred; 261 KMF_DATA *certificate; 262 char *label; 263 union { 264 KMF_NSS_PARAMS nss_opts; 265 KMF_OPENSSL_PARAMS openssl_opts; 266 } ks_opt_u; 267 } KMF_STOREKEY_PARAMS; 268 269 typedef struct { 270 KMF_KEYSTORE_TYPE kstype; 271 KMF_CREDENTIAL cred; 272 union { 273 KMF_NSS_PARAMS nss_opts; 274 } ks_opt_u; 275 } KMF_DELETEKEY_PARAMS; 276 277 typedef struct { 278 KMF_KEYSTORE_TYPE kstype; 279 char *certfile; 280 char *certLabel; 281 282 union { 283 KMF_NSS_PARAMS nss_opts; 284 } ks_opt_u; 285 } KMF_IMPORTCERT_PARAMS; 286 287 typedef enum { 288 KMF_CERT = 0, 289 KMF_CSR = 1, 290 KMF_CRL = 2 291 }KMF_OBJECT_TYPE; 292 293 typedef struct { 294 KMF_KEYSTORE_TYPE kstype; 295 KMF_KEY_ALG keytype; 296 uint32_t keylength; 297 char *keylabel; 298 KMF_CREDENTIAL cred; 299 KMF_BIGINT rsa_exponent; 300 union { 301 KMF_NSS_PARAMS nss_opts; 302 KMF_OPENSSL_PARAMS openssl_opts; 303 }ks_opt_u; 304 } KMF_CREATEKEYPAIR_PARAMS; 305 306 typedef struct { 307 KMF_KEYSTORE_TYPE kstype; 308 union { 309 KMF_NSS_PARAMS nss_opts; 310 KMF_OPENSSL_PARAMS openssl_opts; 311 } ks_opt_u; 312 } KMF_IMPORTCRL_PARAMS; 313 314 typedef struct { 315 KMF_KEYSTORE_TYPE kstype; 316 union { 317 KMF_NSS_PARAMS nss_opts; 318 KMF_OPENSSL_PARAMS openssl_opts; 319 } ks_opt_u; 320 } KMF_DELETECRL_PARAMS; 321 322 typedef struct { 323 KMF_KEYSTORE_TYPE kstype; 324 union { 325 KMF_NSS_PARAMS nss_opts; 326 KMF_OPENSSL_PARAMS openssl_opts; 327 } ks_opt_u; 328 } KMF_LISTCRL_PARAMS; 329 330 typedef struct { 331 KMF_KEYSTORE_TYPE kstype; 332 union { 333 KMF_NSS_PARAMS nss_opts; 334 } ks_opt_u; 335 } KMF_FINDCRL_PARAMS; 336 337 typedef struct { 338 KMF_KEYSTORE_TYPE kstype; 339 340 union { 341 KMF_NSS_PARAMS nss_opts; 342 KMF_OPENSSL_PARAMS openssl_opts; 343 } ks_opt_u; 344 } KMF_FINDCERTINCRL_PARAMS; 345 346 typedef struct { 347 char *crl_name; 348 KMF_DATA *tacert; 349 } KMF_VERIFYCRL_PARAMS; 350 351 typedef struct { 352 KMF_KEYSTORE_TYPE kstype; 353 KMF_CREDENTIAL cred; 354 KMF_ENCODE_FORMAT format; /* for key */ 355 char *certLabel; 356 union { 357 KMF_NSS_PARAMS nss_opts; 358 KMF_OPENSSL_PARAMS openssl_opts; 359 }ks_opt_u; 360 } KMF_CRYPTOWITHCERT_PARAMS; 361 362 typedef struct { 363 char *crl_name; 364 } KMF_CHECKCRLDATE_PARAMS; 365 366 typedef struct { 367 CK_SLOT_ID slot; 368 } pk11_setpin_opts; 369 370 typedef struct { 371 KMF_KEYSTORE_TYPE kstype; 372 char *tokenname; 373 KMF_CREDENTIAL cred; /* current token PIN */ 374 union { 375 KMF_NSS_PARAMS nss_opts; 376 pk11_setpin_opts pkcs11_opts; 377 }ks_opt_u; 378 } KMF_SETPIN_PARAMS; 379 380 typedef struct { 381 KMF_BIGINT mod; 382 KMF_BIGINT pubexp; 383 KMF_BIGINT priexp; 384 KMF_BIGINT prime1; 385 KMF_BIGINT prime2; 386 KMF_BIGINT exp1; 387 KMF_BIGINT exp2; 388 KMF_BIGINT coef; 389 } KMF_RAW_RSA_KEY; 390 391 typedef struct { 392 KMF_BIGINT prime; 393 KMF_BIGINT subprime; 394 KMF_BIGINT base; 395 KMF_BIGINT value; 396 } KMF_RAW_DSA_KEY; 397 398 typedef struct { 399 KMF_BIGINT keydata; 400 } KMF_RAW_SYM_KEY; 401 402 typedef struct { 403 KMF_KEY_ALG keytype; 404 union { 405 KMF_RAW_RSA_KEY rsa; 406 KMF_RAW_DSA_KEY dsa; 407 KMF_RAW_SYM_KEY sym; 408 }rawdata; 409 } KMF_RAW_KEY_DATA; 410 411 typedef struct { 412 KMF_KEYSTORE_TYPE kstype; 413 char *certLabel; 414 char *issuer; 415 char *subject; 416 char *idstr; 417 KMF_BIGINT *serial; 418 KMF_CREDENTIAL cred; /* cred for accessing the token */ 419 KMF_CREDENTIAL p12cred; /* cred used for securing the file */ 420 421 union { 422 KMF_NSS_PARAMS nss_opts; 423 KMF_OPENSSL_PARAMS openssl_opts; 424 }ks_opt_u; 425 } KMF_EXPORTP12_PARAMS; 426 427 typedef struct { 428 KMF_KEYSTORE_TYPE kstype; 429 KMF_KEY_ALG keytype; 430 uint32_t keylength; 431 char *keylabel; 432 KMF_CREDENTIAL cred; 433 union { 434 KMF_NSS_PARAMS nss_opts; 435 KMF_OPENSSL_PARAMS openssl_opts; 436 KMF_PKCS11_PARAMS pkcs11_opts; 437 }ks_opt_u; 438 } KMF_CREATESYMKEY_PARAMS; 439 440 /* Data structures for OCSP support */ 441 typedef struct { 442 KMF_DATA *issuer_cert; 443 KMF_DATA *user_cert; 444 } KMF_OCSPREQUEST_PARAMS; 445 446 typedef struct { 447 KMF_DATA *response; 448 KMF_DATA *issuer_cert; 449 KMF_DATA *user_cert; 450 KMF_DATA *signer_cert; /* can be NULL */ 451 boolean_t ignore_response_sign; /* default is FALSE */ 452 uint32_t response_lifetime; /* in seconds */ 453 } KMF_OCSPRESPONSE_PARAMS_INPUT; 454 455 typedef enum { 456 OCSP_GOOD = 0, 457 OCSP_REVOKED = 1, 458 OCSP_UNKNOWN = 2 459 } KMF_OCSP_CERT_STATUS; 460 461 typedef struct { 462 int response_status; 463 int reason; /* if revoked */ 464 KMF_OCSP_CERT_STATUS cert_status; 465 } KMF_OCSPRESPONSE_PARAMS_OUTPUT; 466 467 #define nssparms ks_opt_u.nss_opts 468 #define sslparms ks_opt_u.openssl_opts 469 #define pkcs11parms ks_opt_u.pkcs11_opts 470 471 typedef struct { 472 KMF_KEYSTORE_TYPE kstype; 473 KMF_KEY_ALG keyalg; 474 KMF_KEY_CLASS keyclass; 475 boolean_t israw; 476 char *keylabel; 477 void *keyp; 478 } KMF_KEY_HANDLE; 479 480 typedef struct { 481 KMF_KEYSTORE_TYPE kstype; 482 uint32_t errcode; 483 } KMF_ERROR; 484 485 /* 486 * Typenames to use with subjectAltName 487 */ 488 typedef enum { 489 GENNAME_OTHERNAME = 0x00, 490 GENNAME_RFC822NAME, 491 GENNAME_DNSNAME, 492 GENNAME_X400ADDRESS, 493 GENNAME_DIRECTORYNAME, 494 GENNAME_EDIPARTYNAME, 495 GENNAME_URI, 496 GENNAME_IPADDRESS, 497 GENNAME_REGISTEREDID 498 } KMF_GENERALNAMECHOICES; 499 500 /* 501 * KMF_FIELD 502 * This structure contains the OID/value pair for any item that can be 503 * identified by an OID. 504 */ 505 typedef struct 506 { 507 KMF_OID FieldOid; 508 KMF_DATA FieldValue; 509 } KMF_FIELD; 510 511 typedef enum { 512 KMF_OK = 0x00, 513 KMF_ERR_BAD_PARAMETER = 0x01, 514 KMF_ERR_BAD_KEY_FORMAT = 0x02, 515 KMF_ERR_BAD_ALGORITHM = 0x03, 516 KMF_ERR_MEMORY = 0x04, 517 KMF_ERR_ENCODING = 0x05, 518 KMF_ERR_PLUGIN_INIT = 0x06, 519 KMF_ERR_PLUGIN_NOTFOUND = 0x07, 520 KMF_ERR_INTERNAL = 0x0b, 521 KMF_ERR_BAD_CERT_FORMAT = 0x0c, 522 KMF_ERR_KEYGEN_FAILED = 0x0d, 523 KMF_ERR_UNINITIALIZED = 0x10, 524 KMF_ERR_ISSUER = 0x11, 525 KMF_ERR_NOT_REVOKED = 0x12, 526 KMF_ERR_CERT_NOT_FOUND = 0x13, 527 KMF_ERR_CRL_NOT_FOUND = 0x14, 528 KMF_ERR_RDN_PARSER = 0x15, 529 KMF_ERR_RDN_ATTR = 0x16, 530 KMF_ERR_SLOTNAME = 0x17, 531 KMF_ERR_EMPTY_CRL = 0x18, 532 KMF_ERR_BUFFER_SIZE = 0x19, 533 KMF_ERR_AUTH_FAILED = 0x1a, 534 KMF_ERR_TOKEN_SELECTED = 0x1b, 535 KMF_ERR_NO_TOKEN_SELECTED = 0x1c, 536 KMF_ERR_TOKEN_NOT_PRESENT = 0x1d, 537 KMF_ERR_EXTENSION_NOT_FOUND = 0x1e, 538 KMF_ERR_POLICY_ENGINE = 0x1f, 539 KMF_ERR_POLICY_DB_FORMAT = 0x20, 540 KMF_ERR_POLICY_NOT_FOUND = 0x21, 541 KMF_ERR_POLICY_DB_FILE = 0x22, 542 KMF_ERR_POLICY_NAME = 0x23, 543 KMF_ERR_OCSP_POLICY = 0x24, 544 KMF_ERR_TA_POLICY = 0x25, 545 KMF_ERR_KEY_NOT_FOUND = 0x26, 546 KMF_ERR_OPEN_FILE = 0x27, 547 KMF_ERR_OCSP_BAD_ISSUER = 0x28, 548 KMF_ERR_OCSP_BAD_CERT = 0x29, 549 KMF_ERR_OCSP_CREATE_REQUEST = 0x2a, 550 KMF_ERR_CONNECT_SERVER = 0x2b, 551 KMF_ERR_SEND_REQUEST = 0x2c, 552 KMF_ERR_OCSP_CERTID = 0x2d, 553 KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e, 554 KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f, 555 KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30, 556 KMF_ERR_OCSP_BAD_SIGNER = 0x31, 557 KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32, 558 KMF_ERR_OCSP_UNKNOWN_CERT = 0x33, 559 KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34, 560 KMF_ERR_BAD_HTTP_RESPONSE = 0x35, 561 KMF_ERR_RECV_RESPONSE = 0x36, 562 KMF_ERR_RECV_TIMEOUT = 0x37, 563 KMF_ERR_DUPLICATE_KEYFILE = 0x38, 564 KMF_ERR_AMBIGUOUS_PATHNAME = 0x39, 565 KMF_ERR_FUNCTION_NOT_FOUND = 0x3a, 566 KMF_ERR_PKCS12_FORMAT = 0x3b, 567 KMF_ERR_BAD_KEY_TYPE = 0x3c, 568 KMF_ERR_BAD_KEY_CLASS = 0x3d, 569 KMF_ERR_BAD_KEY_SIZE = 0x3e, 570 KMF_ERR_BAD_HEX_STRING = 0x3f, 571 KMF_ERR_KEYUSAGE = 0x40, 572 KMF_ERR_VALIDITY_PERIOD = 0x41, 573 KMF_ERR_OCSP_REVOKED = 0x42, 574 KMF_ERR_CERT_MULTIPLE_FOUND = 0x43, 575 KMF_ERR_WRITE_FILE = 0x44, 576 KMF_ERR_BAD_URI = 0x45, 577 KMF_ERR_BAD_CRLFILE = 0x46, 578 KMF_ERR_BAD_CERTFILE = 0x47, 579 KMF_ERR_GETKEYVALUE_FAILED = 0x48, 580 KMF_ERR_BAD_KEYHANDLE = 0x49, 581 KMF_ERR_BAD_OBJECT_TYPE = 0x4a, 582 KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b, 583 KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c, 584 KMF_ERR_UNINITIALIZED_TOKEN = 0x4d, 585 KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e, 586 KMF_ERR_MISSING_ERRCODE = 0x4f, 587 KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50, 588 KMF_ERR_SENSITIVE_KEY = 0x51, 589 KMF_ERR_UNEXTRACTABLE_KEY = 0x52, 590 KMF_ERR_KEY_MISMATCH = 0x53 591 } KMF_RETURN; 592 593 typedef enum { 594 OCSP_SUCCESS = 0, 595 OCSP_MALFORMED_REQUEST = 1, 596 OCSP_INTERNAL_ERROR = 2, 597 OCSP_TRYLATER = 3, 598 OCSP_SIGREQUIRED = 4, 599 OCSP_UNAUTHORIZED = 5 600 } KMF_OCSP_RESPONSE_STATUS; 601 602 typedef enum { 603 OCSP_NOSTATUS = -1, 604 OCSP_UNSPECIFIED = 0, 605 OCSP_KEYCOMPROMISE = 1, 606 OCSP_CACOMPROMISE = 2, 607 OCSP_AFFILIATIONCHANGE = 3, 608 OCSP_SUPERCEDED = 4, 609 OCSP_CESSATIONOFOPERATION = 5, 610 OCSP_CERTIFICATEHOLD = 6, 611 OCSP_REMOVEFROMCRL = 7 612 } KMF_OCSP_REVOKED_STATUS; 613 614 typedef enum { 615 KMF_ALGCLASS_NONE = 0, 616 KMF_ALGCLASS_CUSTOM, 617 KMF_ALGCLASS_SIGNATURE, 618 KMF_ALGCLASS_SYMMETRIC, 619 KMF_ALGCLASS_DIGEST, 620 KMF_ALGCLASS_RANDOMGEN, 621 KMF_ALGCLASS_UNIQUEGEN, 622 KMF_ALGCLASS_MAC, 623 KMF_ALGCLASS_ASYMMETRIC, 624 KMF_ALGCLASS_KEYGEN, 625 KMF_ALGCLASS_DERIVEKEY 626 } KMF_ALGCLASS; 627 628 /* 629 * Algorithms 630 * This type defines a set of constants used to identify cryptographic 631 * algorithms. 632 */ 633 typedef enum { 634 KMF_ALGID_NONE = 0, 635 KMF_ALGID_CUSTOM, 636 KMF_ALGID_SHA1, 637 KMF_ALGID_RSA, 638 KMF_ALGID_DSA, 639 KMF_ALGID_MD5WithRSA, 640 KMF_ALGID_MD2WithRSA, 641 KMF_ALGID_SHA1WithRSA, 642 KMF_ALGID_SHA1WithDSA 643 } KMF_ALGORITHM_INDEX; 644 645 typedef enum { 646 KMF_CERT_ISSUER = 1, 647 KMF_CERT_SUBJECT, 648 KMF_CERT_VERSION, 649 KMF_CERT_SERIALNUM, 650 KMF_CERT_NOTBEFORE, 651 KMF_CERT_NOTAFTER, 652 KMF_CERT_PUBKEY_ALG, 653 KMF_CERT_SIGNATURE_ALG, 654 KMF_CERT_EMAIL, 655 KMF_CERT_PUBKEY_DATA, 656 KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD, 657 KMF_X509_EXT_CERT_POLICIES, 658 KMF_X509_EXT_SUBJ_ALTNAME, 659 KMF_X509_EXT_ISSUER_ALTNAME, 660 KMF_X509_EXT_BASIC_CONSTRAINTS, 661 KMF_X509_EXT_NAME_CONSTRAINTS, 662 KMF_X509_EXT_POLICY_CONSTRAINTS, 663 KMF_X509_EXT_EXT_KEY_USAGE, 664 KMF_X509_EXT_INHIBIT_ANY_POLICY, 665 KMF_X509_EXT_AUTH_KEY_ID, 666 KMF_X509_EXT_SUBJ_KEY_ID, 667 KMF_X509_EXT_POLICY_MAPPINGS, 668 KMF_X509_EXT_CRL_DIST_POINTS, 669 KMF_X509_EXT_FRESHEST_CRL, 670 KMF_X509_EXT_KEY_USAGE 671 } KMF_PRINTABLE_ITEM; 672 673 /* 674 * KMF_X509_ALGORITHM_IDENTIFIER 675 * This structure holds an object identifier naming a 676 * cryptographic algorithm and an optional set of 677 * parameters to be used as input to that algorithm. 678 */ 679 typedef struct 680 { 681 KMF_OID algorithm; 682 KMF_DATA parameters; 683 } KMF_X509_ALGORITHM_IDENTIFIER; 684 685 /* 686 * KMF_X509_TYPE_VALUE_PAIR 687 * This structure contain an type-value pair. 688 */ 689 typedef struct 690 { 691 KMF_OID type; 692 uint8_t valueType; /* The Tag to use when BER encoded */ 693 KMF_DATA value; 694 } KMF_X509_TYPE_VALUE_PAIR; 695 696 697 /* 698 * KMF_X509_RDN 699 * This structure contains a Relative Distinguished Name 700 * composed of an ordered set of type-value pairs. 701 */ 702 typedef struct 703 { 704 uint32_t numberOfPairs; 705 KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue; 706 } KMF_X509_RDN; 707 708 /* 709 * KMF_X509_NAME 710 * This structure contains a set of Relative Distinguished Names. 711 */ 712 typedef struct 713 { 714 uint32_t numberOfRDNs; 715 KMF_X509_RDN *RelativeDistinguishedName; 716 } KMF_X509_NAME; 717 718 /* 719 * KMF_X509_SPKI 720 * This structure contains the public key and the 721 * description of the verification algorithm 722 * appropriate for use with this key. 723 */ 724 typedef struct 725 { 726 KMF_X509_ALGORITHM_IDENTIFIER algorithm; 727 KMF_DATA subjectPublicKey; 728 } KMF_X509_SPKI; 729 730 /* 731 * KMF_X509_TIME 732 * Time is represented as a string according to the 733 * definitions of GeneralizedTime and UTCTime 734 * defined in RFC 2459. 735 */ 736 typedef struct 737 { 738 uint8_t timeType; 739 KMF_DATA time; 740 } KMF_X509_TIME; 741 742 /* 743 * KMF_X509_VALIDITY 744 */ 745 typedef struct 746 { 747 KMF_X509_TIME notBefore; 748 KMF_X509_TIME notAfter; 749 } KMF_X509_VALIDITY; 750 751 /* 752 * KMF_X509EXT_BASICCONSTRAINTS 753 */ 754 typedef struct 755 { 756 KMF_BOOL cA; 757 KMF_BOOL pathLenConstraintPresent; 758 uint32_t pathLenConstraint; 759 } KMF_X509EXT_BASICCONSTRAINTS; 760 761 /* 762 * KMF_X509EXT_DATA_FORMAT 763 * This list defines the valid formats for a certificate extension. 764 */ 765 typedef enum 766 { 767 KMF_X509_DATAFORMAT_ENCODED = 0, 768 KMF_X509_DATAFORMAT_PARSED, 769 KMF_X509_DATAFORMAT_PAIR 770 } KMF_X509EXT_DATA_FORMAT; 771 772 773 /* 774 * KMF_X509EXT_TAGandVALUE 775 * This structure contains a BER/DER encoded 776 * extension value and the type of that value. 777 */ 778 typedef struct 779 { 780 uint8_t type; 781 KMF_DATA value; 782 } KMF_X509EXT_TAGandVALUE; 783 784 785 /* 786 * KMF_X509EXT_PAIR 787 * This structure aggregates two extension representations: 788 * a tag and value, and a parsed X509 extension representation. 789 */ 790 typedef struct 791 { 792 KMF_X509EXT_TAGandVALUE tagAndValue; 793 void *parsedValue; 794 } KMF_X509EXT_PAIR; 795 796 /* 797 * KMF_X509_EXTENSION 798 * This structure contains a complete certificate extension. 799 */ 800 typedef struct 801 { 802 KMF_OID extnId; 803 KMF_BOOL critical; 804 KMF_X509EXT_DATA_FORMAT format; 805 union 806 { 807 KMF_X509EXT_TAGandVALUE *tagAndValue; 808 void *parsedValue; 809 KMF_X509EXT_PAIR *valuePair; 810 } value; 811 KMF_DATA BERvalue; 812 } KMF_X509_EXTENSION; 813 814 815 /* 816 * KMF_X509_EXTENSIONS 817 * This structure contains the set of all certificate 818 * extensions contained in a certificate. 819 */ 820 typedef struct 821 { 822 uint32_t numberOfExtensions; 823 KMF_X509_EXTENSION *extensions; 824 } KMF_X509_EXTENSIONS; 825 826 /* 827 * KMF_X509_TBS_CERT 828 * This structure contains a complete X.509 certificate. 829 */ 830 typedef struct 831 { 832 KMF_DATA version; 833 KMF_BIGINT serialNumber; 834 KMF_X509_ALGORITHM_IDENTIFIER signature; 835 KMF_X509_NAME issuer; 836 KMF_X509_VALIDITY validity; 837 KMF_X509_NAME subject; 838 KMF_X509_SPKI subjectPublicKeyInfo; 839 KMF_DATA issuerUniqueIdentifier; 840 KMF_DATA subjectUniqueIdentifier; 841 KMF_X509_EXTENSIONS extensions; 842 } KMF_X509_TBS_CERT; 843 844 /* 845 * KMF_X509_SIGNATURE 846 * This structure contains a cryptographic digital signature. 847 */ 848 typedef struct 849 { 850 KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; 851 KMF_DATA encrypted; 852 } KMF_X509_SIGNATURE; 853 854 /* 855 * KMF_X509_CERTIFICATE 856 * This structure associates a set of decoded certificate 857 * values with the signature covering those values. 858 */ 859 typedef struct 860 { 861 KMF_X509_TBS_CERT certificate; 862 KMF_X509_SIGNATURE signature; 863 } KMF_X509_CERTIFICATE; 864 865 #define CERT_ALG_OID(c) &c->certificate.signature.algorithm 866 #define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm 867 868 /* 869 * KMF_TBS_CSR 870 * This structure contains a complete PKCS#10 certificate request 871 */ 872 typedef struct 873 { 874 KMF_DATA version; 875 KMF_X509_NAME subject; 876 KMF_X509_SPKI subjectPublicKeyInfo; 877 KMF_X509_EXTENSIONS extensions; 878 } KMF_TBS_CSR; 879 880 /* 881 * KMF_CSR_DATA 882 * This structure contains a complete PKCS#10 certificate signed request 883 */ 884 typedef struct 885 { 886 KMF_TBS_CSR csr; 887 KMF_X509_SIGNATURE signature; 888 } KMF_CSR_DATA; 889 890 /* 891 * KMF_X509EXT_POLICYQUALIFIERINFO 892 */ 893 typedef struct 894 { 895 KMF_OID policyQualifierId; 896 KMF_DATA value; 897 } KMF_X509EXT_POLICYQUALIFIERINFO; 898 899 /* 900 * KMF_X509EXT_POLICYQUALIFIERS 901 */ 902 typedef struct 903 { 904 uint32_t numberOfPolicyQualifiers; 905 KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier; 906 } KMF_X509EXT_POLICYQUALIFIERS; 907 908 /* 909 * KMF_X509EXT_POLICYINFO 910 */ 911 typedef struct 912 { 913 KMF_OID policyIdentifier; 914 KMF_X509EXT_POLICYQUALIFIERS policyQualifiers; 915 } KMF_X509EXT_POLICYINFO; 916 917 typedef struct 918 { 919 uint32_t numberOfPolicyInfo; 920 KMF_X509EXT_POLICYINFO *policyInfo; 921 } KMF_X509EXT_CERT_POLICIES; 922 923 typedef struct 924 { 925 uchar_t critical; 926 uint16_t KeyUsageBits; 927 } KMF_X509EXT_KEY_USAGE; 928 929 typedef struct 930 { 931 uchar_t critical; 932 uint16_t nEKUs; 933 KMF_OID *keyPurposeIdList; 934 } KMF_X509EXT_EKU; 935 936 937 /* 938 * X509 AuthorityInfoAccess extension 939 */ 940 typedef struct 941 { 942 KMF_OID AccessMethod; 943 KMF_DATA AccessLocation; 944 } KMF_X509EXT_ACCESSDESC; 945 946 typedef struct 947 { 948 uint32_t numberOfAccessDescription; 949 KMF_X509EXT_ACCESSDESC *AccessDesc; 950 } KMF_X509EXT_AUTHINFOACCESS; 951 952 953 /* 954 * X509 Crl Distribution Point extension 955 */ 956 typedef struct { 957 KMF_GENERALNAMECHOICES choice; 958 KMF_DATA name; 959 } KMF_GENERALNAME; 960 961 typedef struct { 962 uint32_t number; 963 KMF_GENERALNAME *namelist; 964 } KMF_GENERALNAMES; 965 966 typedef enum { 967 DP_GENERAL_NAME = 1, 968 DP_RELATIVE_NAME = 2 969 } KMF_CRL_DIST_POINT_TYPE; 970 971 typedef struct { 972 KMF_CRL_DIST_POINT_TYPE type; 973 union { 974 KMF_GENERALNAMES full_name; 975 KMF_DATA relative_name; 976 } name; 977 KMF_DATA reasons; 978 KMF_GENERALNAMES crl_issuer; 979 } KMF_CRL_DIST_POINT; 980 981 typedef struct { 982 uint32_t number; 983 KMF_CRL_DIST_POINT *dplist; 984 } KMF_X509EXT_CRLDISTPOINTS; 985 986 987 /* 988 * Definitions for common X.509v3 certificate attribute OIDs 989 */ 990 #define OID_ISO_MEMBER 42 /* Also in PKCS */ 991 #define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */ 992 #define OID_CA OID_ISO_MEMBER, 124 993 994 #define OID_ISO_IDENTIFIED_ORG 43 995 #define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 996 #define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 997 #define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 998 #define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */ 999 1000 #define OID_ISO_CCITT_DIR_SERVICE 85 1001 #define OID_ISO_CCITT_COUNTRY 96 1002 #define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72 1003 #define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124 1004 #define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1 1005 #define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2 1006 #define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3 1007 1008 /* From the PKCS Standards */ 1009 #define OID_ISO_MEMBER_LENGTH 1 1010 #define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2) 1011 1012 #define OID_RSA OID_US, 134, 247, 13 1013 #define OID_RSA_LENGTH (OID_US_LENGTH + 3) 1014 1015 #define OID_RSA_HASH OID_RSA, 2 1016 #define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1) 1017 1018 #define OID_RSA_ENCRYPT OID_RSA, 3 1019 #define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1) 1020 1021 #define OID_PKCS OID_RSA, 1 1022 #define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1) 1023 1024 #define OID_PKCS_1 OID_PKCS, 1 1025 #define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1) 1026 1027 #define OID_PKCS_2 OID_PKCS, 2 1028 #define OID_PKCS_3 OID_PKCS, 3 1029 #define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1) 1030 1031 #define OID_PKCS_4 OID_PKCS, 4 1032 #define OID_PKCS_5 OID_PKCS, 5 1033 #define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1) 1034 #define OID_PKCS_6 OID_PKCS, 6 1035 #define OID_PKCS_7 OID_PKCS, 7 1036 #define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1) 1037 1038 #define OID_PKCS_7_Data OID_PKCS_7, 1 1039 #define OID_PKCS_7_SignedData OID_PKCS_7, 2 1040 #define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3 1041 #define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4 1042 #define OID_PKCS_7_DigestedData OID_PKCS_7, 5 1043 #define OID_PKCS_7_EncryptedData OID_PKCS_7, 6 1044 1045 #define OID_PKCS_8 OID_PKCS, 8 1046 #define OID_PKCS_9 OID_PKCS, 9 1047 #define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1) 1048 1049 #define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3 1050 #define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4 1051 #define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5 1052 #define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6 1053 #define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14 1054 1055 #define OID_PKCS_10 OID_PKCS, 10 1056 1057 #define OID_PKCS_12 OID_PKCS, 12 1058 #define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1) 1059 1060 #define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1 1061 #define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2 1062 #define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3 1063 #define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4 1064 #define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5 1065 #define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6 1066 1067 #define OID_BAG_TYPES OID_PKCS_12, 10, 1 1068 #define OID_KeyBag OID_BAG_TYPES, 1 1069 #define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2 1070 #define OID_CertBag OID_BAG_TYPES, 3 1071 #define OID_CrlBag OID_BAG_TYPES, 4 1072 #define OID_SecretBag OID_BAG_TYPES, 5 1073 #define OID_SafeContentsBag OID_BAG_TYPES, 6 1074 1075 #define OID_ContentInfo OID_PKCS_7, 0, 1 1076 1077 #define OID_CERT_TYPES OID_PKCS_9, 22 1078 #define OID_x509Certificate OID_CERT_TYPES, 1 1079 #define OID_sdsiCertificate OID_CERT_TYPES, 2 1080 1081 #define OID_CRL_TYPES OID_PKCS_9, 23 1082 #define OID_x509Crl OID_CRL_TYPES, 1 1083 1084 #define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */ 1085 #define OID_DS_LENGTH 1 1086 1087 #define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */ 1088 #define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1) 1089 1090 #define OID_DSALG OID_DS, 8 /* Also in X.501 */ 1091 #define OID_DSALG_LENGTH (OID_DS_LENGTH + 1) 1092 1093 #define OID_EXTENSION OID_DS, 29 /* Also in X.501 */ 1094 #define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1) 1095 1096 /* 1097 * From RFC 1274: 1098 * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) } 1099 */ 1100 #define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 1101 #define OID_PILOT_LENGTH 9 1102 1103 #define OID_USERID OID_PILOT 1 1104 #define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1) 1105 1106 /* 1107 * From PKIX part1 1108 * { iso(1) identified-organization(3) dod(6) internet(1) 1109 * security(5) mechanisms(5) pkix(7) } 1110 */ 1111 #define OID_PKIX 43, 6, 1, 5, 5, 7 1112 #define OID_PKIX_LENGTH 6 1113 1114 /* private certificate extensions, { id-pkix 1 } */ 1115 #define OID_PKIX_PE OID_PKIX, 1 1116 #define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1) 1117 1118 /* policy qualifier types {id-pkix 2 } */ 1119 #define OID_PKIX_QT OID_PKIX, 2 1120 #define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1) 1121 1122 /* CPS qualifier, { id-qt 1 } */ 1123 #define OID_PKIX_QT_CPS OID_PKIX_QT, 1 1124 #define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1) 1125 /* user notice qualifier, { id-qt 2 } */ 1126 #define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2 1127 #define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1) 1128 1129 /* extended key purpose OIDs {id-pkix 3 } */ 1130 #define OID_PKIX_KP OID_PKIX, 3 1131 #define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1) 1132 1133 /* access descriptors {id-pkix 4 } */ 1134 #define OID_PKIX_AD OID_PKIX, 48 1135 #define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1) 1136 1137 /* access descriptors */ 1138 /* OCSP */ 1139 #define OID_PKIX_AD_OCSP OID_PKIX_AD, 1 1140 #define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1) 1141 1142 /* cAIssuers */ 1143 #define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2 1144 #define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1) 1145 1146 /* end PKIX part1 */ 1147 #define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4 1148 #define OID_APPL_TCP_PROTO_LENGTH 8 1149 1150 #define OID_DAP OID_DS, 3, 1 1151 #define OID_DAP_LENGTH (OID_DS_LENGTH + 2) 1152 1153 /* From x9.57 */ 1154 #define OID_OIW_LENGTH 2 1155 1156 #define OID_OIW_SECSIG OID_OIW, 3 1157 #define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1) 1158 1159 #define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 1160 #define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1) 1161 1162 #define OID_OIWDIR OID_OIW, 7, 2 1163 #define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2) 1164 1165 #define OID_OIWDIR_CRPT OID_OIWDIR, 1 1166 1167 #define OID_OIWDIR_HASH OID_OIWDIR, 2 1168 #define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1) 1169 1170 #define OID_OIWDIR_SIGN OID_OIWDIR, 3 1171 #define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1) 1172 1173 #define OID_X9CM OID_US, 206, 56 1174 #define OID_X9CM_MODULE OID_X9CM, 1 1175 #define OID_X9CM_INSTRUCTION OID_X9CM, 2 1176 #define OID_X9CM_ATTR OID_X9CM, 3 1177 #define OID_X9CM_X9ALGORITHM OID_X9CM, 4 1178 #define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1) 1179 1180 #define INTEL 96, 134, 72, 1, 134, 248, 77 1181 #define INTEL_LENGTH 7 1182 1183 #define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 1184 #define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) 1185 1186 #define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 1187 #define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) 1188 1189 extern const KMF_OID 1190 KMFOID_AliasedEntryName, 1191 KMFOID_AuthorityRevocationList, 1192 KMFOID_BusinessCategory, 1193 KMFOID_CACertificate, 1194 KMFOID_CertificateRevocationList, 1195 KMFOID_ChallengePassword, 1196 KMFOID_CollectiveFacsimileTelephoneNumber, 1197 KMFOID_CollectiveInternationalISDNNumber, 1198 KMFOID_CollectiveOrganizationName, 1199 KMFOID_CollectiveOrganizationalUnitName, 1200 KMFOID_CollectivePhysicalDeliveryOfficeName, 1201 KMFOID_CollectivePostOfficeBox, 1202 KMFOID_CollectivePostalAddress, 1203 KMFOID_CollectivePostalCode, 1204 KMFOID_CollectiveStateProvinceName, 1205 KMFOID_CollectiveStreetAddress, 1206 KMFOID_CollectiveTelephoneNumber, 1207 KMFOID_CollectiveTelexNumber, 1208 KMFOID_CollectiveTelexTerminalIdentifier, 1209 KMFOID_CommonName, 1210 KMFOID_ContentType, 1211 KMFOID_CounterSignature, 1212 KMFOID_CountryName, 1213 KMFOID_CrossCertificatePair, 1214 KMFOID_DNQualifier, 1215 KMFOID_Description, 1216 KMFOID_DestinationIndicator, 1217 KMFOID_DistinguishedName, 1218 KMFOID_EmailAddress, 1219 KMFOID_EnhancedSearchGuide, 1220 KMFOID_ExtendedCertificateAttributes, 1221 KMFOID_ExtensionRequest, 1222 KMFOID_FacsimileTelephoneNumber, 1223 KMFOID_GenerationQualifier, 1224 KMFOID_GivenName, 1225 KMFOID_HouseIdentifier, 1226 KMFOID_Initials, 1227 KMFOID_InternationalISDNNumber, 1228 KMFOID_KnowledgeInformation, 1229 KMFOID_LocalityName, 1230 KMFOID_Member, 1231 KMFOID_MessageDigest, 1232 KMFOID_Name, 1233 KMFOID_ObjectClass, 1234 KMFOID_OrganizationName, 1235 KMFOID_OrganizationalUnitName, 1236 KMFOID_Owner, 1237 KMFOID_PhysicalDeliveryOfficeName, 1238 KMFOID_PostOfficeBox, 1239 KMFOID_PostalAddress, 1240 KMFOID_PostalCode, 1241 KMFOID_PreferredDeliveryMethod, 1242 KMFOID_PresentationAddress, 1243 KMFOID_ProtocolInformation, 1244 KMFOID_RFC822mailbox, 1245 KMFOID_RegisteredAddress, 1246 KMFOID_RoleOccupant, 1247 KMFOID_SearchGuide, 1248 KMFOID_SeeAlso, 1249 KMFOID_SerialNumber, 1250 KMFOID_SigningTime, 1251 KMFOID_StateProvinceName, 1252 KMFOID_StreetAddress, 1253 KMFOID_SupportedApplicationContext, 1254 KMFOID_Surname, 1255 KMFOID_TelephoneNumber, 1256 KMFOID_TelexNumber, 1257 KMFOID_TelexTerminalIdentifier, 1258 KMFOID_Title, 1259 KMFOID_UniqueIdentifier, 1260 KMFOID_UniqueMember, 1261 KMFOID_UnstructuredAddress, 1262 KMFOID_UnstructuredName, 1263 KMFOID_UserCertificate, 1264 KMFOID_UserPassword, 1265 KMFOID_X_121Address, 1266 KMFOID_domainComponent, 1267 KMFOID_userid; 1268 1269 extern const KMF_OID 1270 KMFOID_AuthorityKeyID, 1271 KMFOID_AuthorityInfoAccess, 1272 KMFOID_VerisignCertificatePolicy, 1273 KMFOID_KeyUsageRestriction, 1274 KMFOID_SubjectDirectoryAttributes, 1275 KMFOID_SubjectKeyIdentifier, 1276 KMFOID_KeyUsage, 1277 KMFOID_PrivateKeyUsagePeriod, 1278 KMFOID_SubjectAltName, 1279 KMFOID_IssuerAltName, 1280 KMFOID_BasicConstraints, 1281 KMFOID_CrlNumber, 1282 KMFOID_CrlReason, 1283 KMFOID_HoldInstructionCode, 1284 KMFOID_InvalidityDate, 1285 KMFOID_DeltaCrlIndicator, 1286 KMFOID_IssuingDistributionPoints, 1287 KMFOID_NameConstraints, 1288 KMFOID_CrlDistributionPoints, 1289 KMFOID_CertificatePolicies, 1290 KMFOID_PolicyMappings, 1291 KMFOID_PolicyConstraints, 1292 KMFOID_AuthorityKeyIdentifier, 1293 KMFOID_ExtendedKeyUsage, 1294 KMFOID_PkixAdOcsp, 1295 KMFOID_PkixAdCaIssuers, 1296 KMFOID_PKIX_PQ_CPSuri, 1297 KMFOID_PKIX_PQ_Unotice, 1298 KMFOID_PKIX_KP_ServerAuth, 1299 KMFOID_PKIX_KP_ClientAuth, 1300 KMFOID_PKIX_KP_CodeSigning, 1301 KMFOID_PKIX_KP_EmailProtection, 1302 KMFOID_PKIX_KP_IPSecEndSystem, 1303 KMFOID_PKIX_KP_IPSecTunnel, 1304 KMFOID_PKIX_KP_IPSecUser, 1305 KMFOID_PKIX_KP_TimeStamping, 1306 KMFOID_PKIX_KP_OCSPSigning; 1307 1308 /* 1309 * KMF Certificate validation codes. These may be masked together. 1310 */ 1311 #define KMF_CERT_VALIDATE_OK 0x00 1312 #define KMF_CERT_VALIDATE_ERR_TA 0x01 1313 #define KMF_CERT_VALIDATE_ERR_USER 0x02 1314 #define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04 1315 #define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08 1316 #define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10 1317 #define KMF_CERT_VALIDATE_ERR_TIME 0x20 1318 #define KMF_CERT_VALIDATE_ERR_CRL 0x40 1319 #define KMF_CERT_VALIDATE_ERR_OCSP 0x80 1320 #define KMF_CERT_VALIDATE_ERR_ISSUER 0x100 1321 1322 /* 1323 * KMF Key Usage bitmasks 1324 */ 1325 #define KMF_digitalSignature 0x8000 1326 #define KMF_nonRepudiation 0x4000 1327 #define KMF_keyEncipherment 0x2000 1328 #define KMF_dataEncipherment 0x1000 1329 #define KMF_keyAgreement 0x0800 1330 #define KMF_keyCertSign 0x0400 1331 #define KMF_cRLSign 0x0200 1332 #define KMF_encipherOnly 0x0100 1333 #define KMF_decipherOnly 0x0080 1334 1335 #define KMF_KUBITMASK 0xFF80 1336 1337 /* 1338 * KMF Extended KeyUsage OID definitions 1339 */ 1340 #define KMF_EKU_SERVERAUTH 0x01 1341 #define KMF_EKU_CLIENTAUTH 0x02 1342 #define KMF_EKU_CODESIGNING 0x04 1343 #define KMF_EKU_EMAIL 0x08 1344 #define KMF_EKU_TIMESTAMP 0x10 1345 #define KMF_EKU_OCSPSIGNING 0x20 1346 1347 1348 #ifdef __cplusplus 1349 } 1350 #endif 1351 #endif /* _KMFTYPES_H */ 1352