1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * File: kmftypes.h 23 * 24 * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. 25 * 26 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 27 * Use is subject to license terms. 28 */ 29 30 #ifndef _KMFTYPES_H 31 #define _KMFTYPES_H 32 33 #pragma ident "%Z%%M% %I% %E% SMI" 34 35 #include <sys/types.h> 36 #include <stdlib.h> 37 #include <strings.h> 38 #include <pthread.h> 39 40 #include <security/cryptoki.h> 41 42 #ifdef __cplusplus 43 extern "C" { 44 #endif 45 46 typedef uint32_t KMF_BOOL; 47 48 #define KMF_FALSE (0) 49 #define KMF_TRUE (1) 50 51 /* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */ 52 typedef struct _kmf_handle *KMF_HANDLE_T; 53 54 /* 55 * KMF_DATA 56 * The KMF_DATA structure is used to associate a length, in bytes, with 57 * an arbitrary block of contiguous memory. 58 */ 59 typedef struct kmf_data 60 { 61 size_t Length; /* in bytes */ 62 uchar_t *Data; 63 } KMF_DATA; 64 65 typedef struct { 66 uchar_t *val; 67 size_t len; 68 } KMF_BIGINT; 69 70 /* 71 * KMF_OID 72 * The object identifier (OID) structure is used to hold a unique identifier for 73 * the atomic data fields and the compound substructure that comprise the fields 74 * of a certificate or CRL. 75 */ 76 typedef KMF_DATA KMF_OID; 77 78 typedef struct kmf_x509_private { 79 int keystore_type; 80 int flags; /* see below */ 81 char *label; 82 #define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */ 83 #define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */ 84 } KMF_X509_PRIVATE, KMF_X509_PRIVATE_PTR; 85 86 /* 87 * KMF_X509_DER_CERT 88 * This structure associates packed DER certificate data. 89 * Also, it contains the private information internal used 90 * by KMF layer. 91 */ 92 typedef struct 93 { 94 KMF_DATA certificate; 95 KMF_X509_PRIVATE kmf_private; 96 } KMF_X509_DER_CERT; 97 98 typedef enum { 99 KMF_KEYSTORE_NSS = 1, 100 KMF_KEYSTORE_OPENSSL = 2, 101 KMF_KEYSTORE_PK11TOKEN = 3, 102 KMF_KEYSTORE_DEFAULT /* based on configuration */ 103 } KMF_KEYSTORE_TYPE; 104 105 #define VALID_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\ 106 (t <= KMF_KEYSTORE_PK11TOKEN)) 107 108 typedef enum { 109 KMF_FORMAT_UNDEF = 0, 110 KMF_FORMAT_ASN1 = 1, /* DER */ 111 KMF_FORMAT_PEM = 2, 112 KMF_FORMAT_PKCS12 = 3, 113 KMF_FORMAT_RAWKEY = 4 /* For FindKey operation */ 114 } KMF_ENCODE_FORMAT; 115 116 typedef enum { 117 KMF_ALL_CERTS = 0, 118 KMF_NONEXPIRED_CERTS = 1, 119 KMF_EXPIRED_CERTS = 2 120 } KMF_CERT_VALIDITY; 121 122 typedef enum { 123 KMF_KU_SIGN_CERT = 0, 124 KMF_KU_SIGN_DATA = 1, 125 KMF_KU_ENCRYPT_DATA = 2 126 } KMF_KU_PURPOSE; 127 128 129 /* Keystore Configuration */ 130 typedef struct { 131 char *configdir; 132 char *certPrefix; 133 char *keyPrefix; 134 char *secModName; 135 } KMF_NSS_CONFIG; 136 137 typedef struct { 138 char *label; 139 boolean_t readonly; 140 } KMF_PKCS11_CONFIG; 141 142 typedef struct { 143 KMF_KEYSTORE_TYPE kstype; 144 union { 145 KMF_NSS_CONFIG nss_conf; 146 KMF_PKCS11_CONFIG pkcs11_conf; 147 } ks_config_u; 148 } KMF_CONFIG_PARAMS; 149 150 #define nssconfig ks_config_u.nss_conf 151 #define pkcs11config ks_config_u.pkcs11_conf 152 153 /* 154 * Generic credential structure used by other structures below 155 * to convey authentication information to the underlying 156 * mechanisms. 157 */ 158 typedef struct { 159 char *cred; 160 uint32_t credlen; 161 } KMF_CREDENTIAL; 162 163 typedef struct 164 { 165 char *trustflag; 166 char *slotlabel; /* "internal" by default */ 167 int issuerId; 168 int subjectId; 169 char *crlfile; /* for ImportCRL */ 170 boolean_t crl_check; /* for ImportCRL */ 171 172 /* 173 * crl_subjName and crl_issuerName are used as the CRL deletion 174 * criteria. One should be non-NULL and the other one should be NULL. 175 * If crl_subjName is not NULL, then delete CRL by the subject name. 176 * Othewise, delete by the issuer name. 177 */ 178 char *crl_subjName; 179 char *crl_issuerName; 180 } KMF_NSS_PARAMS; 181 182 typedef struct { 183 char *dirpath; 184 char *certfile; 185 char *crlfile; 186 char *keyfile; 187 char *outcrlfile; 188 boolean_t crl_check; /* CRL import check; default is true */ 189 KMF_ENCODE_FORMAT format; /* output file format */ 190 } KMF_OPENSSL_PARAMS; 191 192 typedef struct { 193 boolean_t private; /* for finding CKA_PRIVATE objects */ 194 boolean_t sensitive; 195 boolean_t not_extractable; 196 } KMF_PKCS11_PARAMS; 197 198 typedef struct { 199 KMF_KEYSTORE_TYPE kstype; 200 char *certLabel; 201 char *issuer; 202 char *subject; 203 char *idstr; 204 KMF_BIGINT *serial; 205 KMF_CERT_VALIDITY find_cert_validity; 206 207 union { 208 KMF_NSS_PARAMS nss_opts; 209 KMF_OPENSSL_PARAMS openssl_opts; 210 KMF_PKCS11_PARAMS pkcs11_opts; 211 } ks_opt_u; 212 } KMF_FINDCERT_PARAMS, KMF_DELETECERT_PARAMS; 213 214 typedef struct { 215 KMF_KEYSTORE_TYPE kstype; 216 char *certLabel; 217 char *issuer; 218 char *subject; 219 char *idstr; 220 KMF_BIGINT *serial; 221 KMF_DATA *ocsp_response; 222 223 union { 224 KMF_NSS_PARAMS nss_opts; 225 KMF_OPENSSL_PARAMS openssl_opts; 226 KMF_PKCS11_PARAMS pkcs11_opts; 227 } ks_opt_u; 228 } KMF_VALIDATECERT_PARAMS; 229 230 typedef enum { 231 KMF_KEYALG_NONE = 0, 232 KMF_RSA = 1, 233 KMF_DSA = 2, 234 KMF_AES = 3, 235 KMF_RC4 = 4, 236 KMF_DES = 5, 237 KMF_DES3 = 6 238 }KMF_KEY_ALG; 239 240 typedef enum { 241 KMF_KEYCLASS_NONE = 0, 242 KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */ 243 KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */ 244 KMF_SYMMETRIC = 3 /* symmetric key */ 245 }KMF_KEY_CLASS; 246 247 typedef struct { 248 KMF_KEYSTORE_TYPE kstype; 249 KMF_CREDENTIAL cred; 250 KMF_KEY_CLASS keyclass; 251 KMF_KEY_ALG keytype; 252 KMF_ENCODE_FORMAT format; /* for key */ 253 char *findLabel; 254 char *idstr; 255 union { 256 KMF_NSS_PARAMS nss_opts; 257 KMF_OPENSSL_PARAMS openssl_opts; 258 KMF_PKCS11_PARAMS pkcs11_opts; 259 } ks_opt_u; 260 } KMF_FINDKEY_PARAMS; 261 262 typedef struct { 263 KMF_KEYSTORE_TYPE kstype; /* all */ 264 char *certLabel; 265 266 union { 267 KMF_NSS_PARAMS nss_opts; 268 KMF_OPENSSL_PARAMS openssl_opts; 269 } ks_opt_u; 270 } KMF_STORECERT_PARAMS; 271 272 typedef struct { 273 KMF_KEYSTORE_TYPE kstype; 274 KMF_CREDENTIAL cred; 275 KMF_DATA *certificate; 276 char *label; 277 union { 278 KMF_NSS_PARAMS nss_opts; 279 KMF_OPENSSL_PARAMS openssl_opts; 280 } ks_opt_u; 281 } KMF_STOREKEY_PARAMS; 282 283 typedef struct { 284 KMF_KEYSTORE_TYPE kstype; 285 KMF_CREDENTIAL cred; 286 union { 287 KMF_NSS_PARAMS nss_opts; 288 } ks_opt_u; 289 } KMF_DELETEKEY_PARAMS; 290 291 typedef struct { 292 KMF_KEYSTORE_TYPE kstype; 293 char *certfile; 294 char *certLabel; 295 296 union { 297 KMF_NSS_PARAMS nss_opts; 298 } ks_opt_u; 299 } KMF_IMPORTCERT_PARAMS; 300 301 typedef enum { 302 KMF_CERT = 0, 303 KMF_CSR = 1, 304 KMF_CRL = 2 305 }KMF_OBJECT_TYPE; 306 307 typedef struct { 308 KMF_KEYSTORE_TYPE kstype; 309 KMF_KEY_ALG keytype; 310 uint32_t keylength; 311 char *keylabel; 312 KMF_CREDENTIAL cred; 313 KMF_BIGINT rsa_exponent; 314 union { 315 KMF_NSS_PARAMS nss_opts; 316 KMF_OPENSSL_PARAMS openssl_opts; 317 }ks_opt_u; 318 } KMF_CREATEKEYPAIR_PARAMS; 319 320 typedef struct { 321 KMF_KEYSTORE_TYPE kstype; 322 union { 323 KMF_NSS_PARAMS nss_opts; 324 KMF_OPENSSL_PARAMS openssl_opts; 325 } ks_opt_u; 326 } KMF_IMPORTCRL_PARAMS; 327 328 typedef struct { 329 KMF_KEYSTORE_TYPE kstype; 330 union { 331 KMF_NSS_PARAMS nss_opts; 332 KMF_OPENSSL_PARAMS openssl_opts; 333 } ks_opt_u; 334 } KMF_DELETECRL_PARAMS; 335 336 typedef struct { 337 KMF_KEYSTORE_TYPE kstype; 338 union { 339 KMF_NSS_PARAMS nss_opts; 340 KMF_OPENSSL_PARAMS openssl_opts; 341 } ks_opt_u; 342 } KMF_LISTCRL_PARAMS; 343 344 typedef struct { 345 KMF_KEYSTORE_TYPE kstype; 346 union { 347 KMF_NSS_PARAMS nss_opts; 348 } ks_opt_u; 349 } KMF_FINDCRL_PARAMS; 350 351 typedef struct { 352 KMF_KEYSTORE_TYPE kstype; 353 char *certLabel; 354 355 union { 356 KMF_NSS_PARAMS nss_opts; 357 KMF_OPENSSL_PARAMS openssl_opts; 358 } ks_opt_u; 359 } KMF_FINDCERTINCRL_PARAMS; 360 361 typedef struct { 362 char *crl_name; 363 KMF_DATA *tacert; 364 } KMF_VERIFYCRL_PARAMS; 365 366 typedef struct { 367 KMF_KEYSTORE_TYPE kstype; 368 KMF_CREDENTIAL cred; 369 KMF_ENCODE_FORMAT format; /* for key */ 370 char *certLabel; 371 union { 372 KMF_NSS_PARAMS nss_opts; 373 KMF_OPENSSL_PARAMS openssl_opts; 374 }ks_opt_u; 375 } KMF_CRYPTOWITHCERT_PARAMS; 376 377 typedef struct { 378 char *crl_name; 379 } KMF_CHECKCRLDATE_PARAMS; 380 381 typedef struct { 382 CK_SLOT_ID slot; 383 } pk11_setpin_opts; 384 385 typedef struct { 386 KMF_KEYSTORE_TYPE kstype; 387 char *tokenname; 388 KMF_CREDENTIAL cred; /* current token PIN */ 389 union { 390 KMF_NSS_PARAMS nss_opts; 391 pk11_setpin_opts pkcs11_opts; 392 }ks_opt_u; 393 } KMF_SETPIN_PARAMS; 394 395 typedef struct { 396 KMF_BIGINT mod; 397 KMF_BIGINT pubexp; 398 KMF_BIGINT priexp; 399 KMF_BIGINT prime1; 400 KMF_BIGINT prime2; 401 KMF_BIGINT exp1; 402 KMF_BIGINT exp2; 403 KMF_BIGINT coef; 404 } KMF_RAW_RSA_KEY; 405 406 typedef struct { 407 KMF_BIGINT prime; 408 KMF_BIGINT subprime; 409 KMF_BIGINT base; 410 KMF_BIGINT value; 411 } KMF_RAW_DSA_KEY; 412 413 typedef struct { 414 KMF_BIGINT keydata; 415 } KMF_RAW_SYM_KEY; 416 417 typedef struct { 418 KMF_KEY_ALG keytype; 419 union { 420 KMF_RAW_RSA_KEY rsa; 421 KMF_RAW_DSA_KEY dsa; 422 KMF_RAW_SYM_KEY sym; 423 }rawdata; 424 } KMF_RAW_KEY_DATA; 425 426 typedef struct { 427 KMF_KEYSTORE_TYPE kstype; 428 char *certLabel; 429 char *issuer; 430 char *subject; 431 char *idstr; 432 KMF_BIGINT *serial; 433 KMF_CREDENTIAL cred; /* cred for accessing the token */ 434 KMF_CREDENTIAL p12cred; /* cred used for securing the file */ 435 436 union { 437 KMF_NSS_PARAMS nss_opts; 438 KMF_OPENSSL_PARAMS openssl_opts; 439 }ks_opt_u; 440 } KMF_EXPORTP12_PARAMS; 441 442 typedef struct { 443 KMF_KEYSTORE_TYPE kstype; 444 KMF_KEY_ALG keytype; 445 uint32_t keylength; 446 char *keylabel; 447 KMF_CREDENTIAL cred; 448 union { 449 KMF_NSS_PARAMS nss_opts; 450 KMF_OPENSSL_PARAMS openssl_opts; 451 KMF_PKCS11_PARAMS pkcs11_opts; 452 }ks_opt_u; 453 } KMF_CREATESYMKEY_PARAMS; 454 455 /* Data structures for OCSP support */ 456 typedef struct { 457 KMF_DATA *issuer_cert; 458 KMF_DATA *user_cert; 459 } KMF_OCSPREQUEST_PARAMS; 460 461 typedef struct { 462 KMF_DATA *response; 463 KMF_DATA *issuer_cert; 464 KMF_DATA *user_cert; 465 KMF_DATA *signer_cert; /* can be NULL */ 466 boolean_t ignore_response_sign; /* default is FALSE */ 467 uint32_t response_lifetime; /* in seconds */ 468 } KMF_OCSPRESPONSE_PARAMS_INPUT; 469 470 typedef enum { 471 OCSP_GOOD = 0, 472 OCSP_REVOKED = 1, 473 OCSP_UNKNOWN = 2 474 } KMF_OCSP_CERT_STATUS; 475 476 typedef struct { 477 int response_status; 478 int reason; /* if revoked */ 479 KMF_OCSP_CERT_STATUS cert_status; 480 } KMF_OCSPRESPONSE_PARAMS_OUTPUT; 481 482 #define nssparms ks_opt_u.nss_opts 483 #define sslparms ks_opt_u.openssl_opts 484 #define pkcs11parms ks_opt_u.pkcs11_opts 485 486 typedef struct { 487 KMF_KEYSTORE_TYPE kstype; 488 KMF_KEY_ALG keyalg; 489 KMF_KEY_CLASS keyclass; 490 boolean_t israw; 491 char *keylabel; 492 void *keyp; 493 } KMF_KEY_HANDLE; 494 495 typedef struct { 496 KMF_KEYSTORE_TYPE kstype; 497 uint32_t errcode; 498 } KMF_ERROR; 499 500 /* 501 * Typenames to use with subjectAltName 502 */ 503 typedef enum { 504 GENNAME_OTHERNAME = 0x00, 505 GENNAME_RFC822NAME, 506 GENNAME_DNSNAME, 507 GENNAME_X400ADDRESS, 508 GENNAME_DIRECTORYNAME, 509 GENNAME_EDIPARTYNAME, 510 GENNAME_URI, 511 GENNAME_IPADDRESS, 512 GENNAME_REGISTEREDID 513 } KMF_GENERALNAMECHOICES; 514 515 /* 516 * KMF_FIELD 517 * This structure contains the OID/value pair for any item that can be 518 * identified by an OID. 519 */ 520 typedef struct 521 { 522 KMF_OID FieldOid; 523 KMF_DATA FieldValue; 524 } KMF_FIELD; 525 526 typedef enum { 527 KMF_OK = 0x00, 528 KMF_ERR_BAD_PARAMETER = 0x01, 529 KMF_ERR_BAD_KEY_FORMAT = 0x02, 530 KMF_ERR_BAD_ALGORITHM = 0x03, 531 KMF_ERR_MEMORY = 0x04, 532 KMF_ERR_ENCODING = 0x05, 533 KMF_ERR_PLUGIN_INIT = 0x06, 534 KMF_ERR_PLUGIN_NOTFOUND = 0x07, 535 KMF_ERR_INTERNAL = 0x0b, 536 KMF_ERR_BAD_CERT_FORMAT = 0x0c, 537 KMF_ERR_KEYGEN_FAILED = 0x0d, 538 KMF_ERR_UNINITIALIZED = 0x10, 539 KMF_ERR_ISSUER = 0x11, 540 KMF_ERR_NOT_REVOKED = 0x12, 541 KMF_ERR_CERT_NOT_FOUND = 0x13, 542 KMF_ERR_CRL_NOT_FOUND = 0x14, 543 KMF_ERR_RDN_PARSER = 0x15, 544 KMF_ERR_RDN_ATTR = 0x16, 545 KMF_ERR_SLOTNAME = 0x17, 546 KMF_ERR_EMPTY_CRL = 0x18, 547 KMF_ERR_BUFFER_SIZE = 0x19, 548 KMF_ERR_AUTH_FAILED = 0x1a, 549 KMF_ERR_TOKEN_SELECTED = 0x1b, 550 KMF_ERR_NO_TOKEN_SELECTED = 0x1c, 551 KMF_ERR_TOKEN_NOT_PRESENT = 0x1d, 552 KMF_ERR_EXTENSION_NOT_FOUND = 0x1e, 553 KMF_ERR_POLICY_ENGINE = 0x1f, 554 KMF_ERR_POLICY_DB_FORMAT = 0x20, 555 KMF_ERR_POLICY_NOT_FOUND = 0x21, 556 KMF_ERR_POLICY_DB_FILE = 0x22, 557 KMF_ERR_POLICY_NAME = 0x23, 558 KMF_ERR_OCSP_POLICY = 0x24, 559 KMF_ERR_TA_POLICY = 0x25, 560 KMF_ERR_KEY_NOT_FOUND = 0x26, 561 KMF_ERR_OPEN_FILE = 0x27, 562 KMF_ERR_OCSP_BAD_ISSUER = 0x28, 563 KMF_ERR_OCSP_BAD_CERT = 0x29, 564 KMF_ERR_OCSP_CREATE_REQUEST = 0x2a, 565 KMF_ERR_CONNECT_SERVER = 0x2b, 566 KMF_ERR_SEND_REQUEST = 0x2c, 567 KMF_ERR_OCSP_CERTID = 0x2d, 568 KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e, 569 KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f, 570 KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30, 571 KMF_ERR_OCSP_BAD_SIGNER = 0x31, 572 KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32, 573 KMF_ERR_OCSP_UNKNOWN_CERT = 0x33, 574 KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34, 575 KMF_ERR_BAD_HTTP_RESPONSE = 0x35, 576 KMF_ERR_RECV_RESPONSE = 0x36, 577 KMF_ERR_RECV_TIMEOUT = 0x37, 578 KMF_ERR_DUPLICATE_KEYFILE = 0x38, 579 KMF_ERR_AMBIGUOUS_PATHNAME = 0x39, 580 KMF_ERR_FUNCTION_NOT_FOUND = 0x3a, 581 KMF_ERR_PKCS12_FORMAT = 0x3b, 582 KMF_ERR_BAD_KEY_TYPE = 0x3c, 583 KMF_ERR_BAD_KEY_CLASS = 0x3d, 584 KMF_ERR_BAD_KEY_SIZE = 0x3e, 585 KMF_ERR_BAD_HEX_STRING = 0x3f, 586 KMF_ERR_KEYUSAGE = 0x40, 587 KMF_ERR_VALIDITY_PERIOD = 0x41, 588 KMF_ERR_OCSP_REVOKED = 0x42, 589 KMF_ERR_CERT_MULTIPLE_FOUND = 0x43, 590 KMF_ERR_WRITE_FILE = 0x44, 591 KMF_ERR_BAD_URI = 0x45, 592 KMF_ERR_BAD_CRLFILE = 0x46, 593 KMF_ERR_BAD_CERTFILE = 0x47, 594 KMF_ERR_GETKEYVALUE_FAILED = 0x48, 595 KMF_ERR_BAD_KEYHANDLE = 0x49, 596 KMF_ERR_BAD_OBJECT_TYPE = 0x4a, 597 KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b, 598 KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c, 599 KMF_ERR_UNINITIALIZED_TOKEN = 0x4d, 600 KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e, 601 KMF_ERR_MISSING_ERRCODE = 0x4f, 602 KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50 603 } KMF_RETURN; 604 605 typedef enum { 606 OCSP_SUCCESS = 0, 607 OCSP_MALFORMED_REQUEST = 1, 608 OCSP_INTERNAL_ERROR = 2, 609 OCSP_TRYLATER = 3, 610 OCSP_SIGREQUIRED = 4, 611 OCSP_UNAUTHORIZED = 5 612 } KMF_OCSP_RESPONSE_STATUS; 613 614 typedef enum { 615 OCSP_NOSTATUS = -1, 616 OCSP_UNSPECIFIED = 0, 617 OCSP_KEYCOMPROMISE = 1, 618 OCSP_CACOMPROMISE = 2, 619 OCSP_AFFILIATIONCHANGE = 3, 620 OCSP_SUPERCEDED = 4, 621 OCSP_CESSATIONOFOPERATION = 5, 622 OCSP_CERTIFICATEHOLD = 6, 623 OCSP_REMOVEFROMCRL = 7 624 } KMF_OCSP_REVOKED_STATUS; 625 626 typedef enum { 627 KMF_ALGCLASS_NONE = 0, 628 KMF_ALGCLASS_CUSTOM, 629 KMF_ALGCLASS_SIGNATURE, 630 KMF_ALGCLASS_SYMMETRIC, 631 KMF_ALGCLASS_DIGEST, 632 KMF_ALGCLASS_RANDOMGEN, 633 KMF_ALGCLASS_UNIQUEGEN, 634 KMF_ALGCLASS_MAC, 635 KMF_ALGCLASS_ASYMMETRIC, 636 KMF_ALGCLASS_KEYGEN, 637 KMF_ALGCLASS_DERIVEKEY 638 } KMF_ALGCLASS; 639 640 /* 641 * Algorithms 642 * This type defines a set of constants used to identify cryptographic 643 * algorithms. 644 */ 645 typedef enum { 646 KMF_ALGID_NONE = 0, 647 KMF_ALGID_CUSTOM, 648 KMF_ALGID_SHA1, 649 KMF_ALGID_RSA, 650 KMF_ALGID_DSA, 651 KMF_ALGID_MD5WithRSA, 652 KMF_ALGID_MD2WithRSA, 653 KMF_ALGID_SHA1WithRSA, 654 KMF_ALGID_SHA1WithDSA 655 } KMF_ALGORITHM_INDEX; 656 657 typedef enum { 658 KMF_CERT_ISSUER = 1, 659 KMF_CERT_SUBJECT, 660 KMF_CERT_VERSION, 661 KMF_CERT_SERIALNUM, 662 KMF_CERT_NOTBEFORE, 663 KMF_CERT_NOTAFTER, 664 KMF_CERT_PUBKEY_ALG, 665 KMF_CERT_SIGNATURE_ALG, 666 KMF_CERT_EMAIL, 667 KMF_CERT_PUBKEY_DATA, 668 KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD, 669 KMF_X509_EXT_CERT_POLICIES, 670 KMF_X509_EXT_SUBJ_ALTNAME, 671 KMF_X509_EXT_ISSUER_ALTNAME, 672 KMF_X509_EXT_BASIC_CONSTRAINTS, 673 KMF_X509_EXT_NAME_CONSTRAINTS, 674 KMF_X509_EXT_POLICY_CONSTRAINTS, 675 KMF_X509_EXT_EXT_KEY_USAGE, 676 KMF_X509_EXT_INHIBIT_ANY_POLICY, 677 KMF_X509_EXT_AUTH_KEY_ID, 678 KMF_X509_EXT_SUBJ_KEY_ID, 679 KMF_X509_EXT_POLICY_MAPPINGS, 680 KMF_X509_EXT_CRL_DIST_POINTS, 681 KMF_X509_EXT_FRESHEST_CRL, 682 KMF_X509_EXT_KEY_USAGE 683 } KMF_PRINTABLE_ITEM; 684 685 /* 686 * KMF_X509_ALGORITHM_IDENTIFIER 687 * This structure holds an object identifier naming a 688 * cryptographic algorithm and an optional set of 689 * parameters to be used as input to that algorithm. 690 */ 691 typedef struct 692 { 693 KMF_OID algorithm; 694 KMF_DATA parameters; 695 } KMF_X509_ALGORITHM_IDENTIFIER; 696 697 /* 698 * KMF_X509_TYPE_VALUE_PAIR 699 * This structure contain an type-value pair. 700 */ 701 typedef struct 702 { 703 KMF_OID type; 704 uint8_t valueType; /* The Tag to use when BER encoded */ 705 KMF_DATA value; 706 } KMF_X509_TYPE_VALUE_PAIR; 707 708 709 /* 710 * KMF_X509_RDN 711 * This structure contains a Relative Distinguished Name 712 * composed of an ordered set of type-value pairs. 713 */ 714 typedef struct 715 { 716 uint32_t numberOfPairs; 717 KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue; 718 } KMF_X509_RDN; 719 720 /* 721 * KMF_X509_NAME 722 * This structure contains a set of Relative Distinguished Names. 723 */ 724 typedef struct 725 { 726 uint32_t numberOfRDNs; 727 KMF_X509_RDN *RelativeDistinguishedName; 728 } KMF_X509_NAME; 729 730 /* 731 * KMF_X509_SPKI 732 * This structure contains the public key and the 733 * description of the verification algorithm 734 * appropriate for use with this key. 735 */ 736 typedef struct 737 { 738 KMF_X509_ALGORITHM_IDENTIFIER algorithm; 739 KMF_DATA subjectPublicKey; 740 } KMF_X509_SPKI; 741 742 /* 743 * KMF_X509_TIME 744 * Time is represented as a string according to the 745 * definitions of GeneralizedTime and UTCTime 746 * defined in RFC 2459. 747 */ 748 typedef struct 749 { 750 uint8_t timeType; 751 KMF_DATA time; 752 } KMF_X509_TIME; 753 754 /* 755 * KMF_X509_VALIDITY 756 */ 757 typedef struct 758 { 759 KMF_X509_TIME notBefore; 760 KMF_X509_TIME notAfter; 761 } KMF_X509_VALIDITY; 762 763 /* 764 * KMF_X509EXT_BASICCONSTRAINTS 765 */ 766 typedef struct 767 { 768 KMF_BOOL cA; 769 KMF_BOOL pathLenConstraintPresent; 770 uint32_t pathLenConstraint; 771 } KMF_X509EXT_BASICCONSTRAINTS; 772 773 /* 774 * KMF_X509EXT_DATA_FORMAT 775 * This list defines the valid formats for a certificate extension. 776 */ 777 typedef enum 778 { 779 KMF_X509_DATAFORMAT_ENCODED = 0, 780 KMF_X509_DATAFORMAT_PARSED, 781 KMF_X509_DATAFORMAT_PAIR 782 } KMF_X509EXT_DATA_FORMAT; 783 784 785 /* 786 * KMF_X509EXT_TAGandVALUE 787 * This structure contains a BER/DER encoded 788 * extension value and the type of that value. 789 */ 790 typedef struct 791 { 792 uint8_t type; 793 KMF_DATA value; 794 } KMF_X509EXT_TAGandVALUE; 795 796 797 /* 798 * KMF_X509EXT_PAIR 799 * This structure aggregates two extension representations: 800 * a tag and value, and a parsed X509 extension representation. 801 */ 802 typedef struct 803 { 804 KMF_X509EXT_TAGandVALUE tagAndValue; 805 void *parsedValue; 806 } KMF_X509EXT_PAIR; 807 808 /* 809 * KMF_X509_EXTENSION 810 * This structure contains a complete certificate extension. 811 */ 812 typedef struct 813 { 814 KMF_OID extnId; 815 KMF_BOOL critical; 816 KMF_X509EXT_DATA_FORMAT format; 817 union 818 { 819 KMF_X509EXT_TAGandVALUE *tagAndValue; 820 void *parsedValue; 821 KMF_X509EXT_PAIR *valuePair; 822 } value; 823 KMF_DATA BERvalue; 824 } KMF_X509_EXTENSION; 825 826 827 /* 828 * KMF_X509_EXTENSIONS 829 * This structure contains the set of all certificate 830 * extensions contained in a certificate. 831 */ 832 typedef struct 833 { 834 uint32_t numberOfExtensions; 835 KMF_X509_EXTENSION *extensions; 836 } KMF_X509_EXTENSIONS; 837 838 /* 839 * KMF_X509_TBS_CERT 840 * This structure contains a complete X.509 certificate. 841 */ 842 typedef struct 843 { 844 KMF_DATA version; 845 KMF_BIGINT serialNumber; 846 KMF_X509_ALGORITHM_IDENTIFIER signature; 847 KMF_X509_NAME issuer; 848 KMF_X509_VALIDITY validity; 849 KMF_X509_NAME subject; 850 KMF_X509_SPKI subjectPublicKeyInfo; 851 KMF_DATA issuerUniqueIdentifier; 852 KMF_DATA subjectUniqueIdentifier; 853 KMF_X509_EXTENSIONS extensions; 854 } KMF_X509_TBS_CERT; 855 856 /* 857 * KMF_X509_SIGNATURE 858 * This structure contains a cryptographic digital signature. 859 */ 860 typedef struct 861 { 862 KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; 863 KMF_DATA encrypted; 864 } KMF_X509_SIGNATURE; 865 866 /* 867 * KMF_X509_CERTIFICATE 868 * This structure associates a set of decoded certificate 869 * values with the signature covering those values. 870 */ 871 typedef struct 872 { 873 KMF_X509_TBS_CERT certificate; 874 KMF_X509_SIGNATURE signature; 875 } KMF_X509_CERTIFICATE; 876 877 #define CERT_ALG_OID(c) &c->certificate.signature.algorithm 878 #define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm 879 880 /* 881 * KMF_TBS_CSR 882 * This structure contains a complete PKCS#10 certificate request 883 */ 884 typedef struct 885 { 886 KMF_DATA version; 887 KMF_X509_NAME subject; 888 KMF_X509_SPKI subjectPublicKeyInfo; 889 KMF_X509_EXTENSIONS extensions; 890 } KMF_TBS_CSR; 891 892 /* 893 * KMF_CSR_DATA 894 * This structure contains a complete PKCS#10 certificate signed request 895 */ 896 typedef struct 897 { 898 KMF_TBS_CSR csr; 899 KMF_X509_SIGNATURE signature; 900 } KMF_CSR_DATA; 901 902 /* 903 * KMF_X509EXT_POLICYQUALIFIERINFO 904 */ 905 typedef struct 906 { 907 KMF_OID policyQualifierId; 908 KMF_DATA value; 909 } KMF_X509EXT_POLICYQUALIFIERINFO; 910 911 /* 912 * KMF_X509EXT_POLICYQUALIFIERS 913 */ 914 typedef struct 915 { 916 uint32_t numberOfPolicyQualifiers; 917 KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier; 918 } KMF_X509EXT_POLICYQUALIFIERS; 919 920 /* 921 * KMF_X509EXT_POLICYINFO 922 */ 923 typedef struct 924 { 925 KMF_OID policyIdentifier; 926 KMF_X509EXT_POLICYQUALIFIERS policyQualifiers; 927 } KMF_X509EXT_POLICYINFO; 928 929 typedef struct 930 { 931 uint32_t numberOfPolicyInfo; 932 KMF_X509EXT_POLICYINFO *policyInfo; 933 } KMF_X509EXT_CERT_POLICIES; 934 935 typedef struct 936 { 937 uchar_t critical; 938 uint16_t KeyUsageBits; 939 } KMF_X509EXT_KEY_USAGE; 940 941 typedef struct 942 { 943 uchar_t critical; 944 uint16_t nEKUs; 945 KMF_OID *keyPurposeIdList; 946 } KMF_X509EXT_EKU; 947 948 949 /* 950 * X509 AuthorityInfoAccess extension 951 */ 952 typedef struct 953 { 954 KMF_OID AccessMethod; 955 KMF_DATA AccessLocation; 956 } KMF_X509EXT_ACCESSDESC; 957 958 typedef struct 959 { 960 uint32_t numberOfAccessDescription; 961 KMF_X509EXT_ACCESSDESC *AccessDesc; 962 } KMF_X509EXT_AUTHINFOACCESS; 963 964 965 /* 966 * X509 Crl Distribution Point extension 967 */ 968 typedef struct { 969 KMF_GENERALNAMECHOICES choice; 970 KMF_DATA name; 971 } KMF_GENERALNAME; 972 973 typedef struct { 974 uint32_t number; 975 KMF_GENERALNAME *namelist; 976 } KMF_GENERALNAMES; 977 978 typedef enum { 979 DP_GENERAL_NAME = 1, 980 DP_RELATIVE_NAME = 2 981 } KMF_CRL_DIST_POINT_TYPE; 982 983 typedef struct { 984 KMF_CRL_DIST_POINT_TYPE type; 985 union { 986 KMF_GENERALNAMES full_name; 987 KMF_DATA relative_name; 988 } name; 989 KMF_DATA reasons; 990 KMF_GENERALNAMES crl_issuer; 991 } KMF_CRL_DIST_POINT; 992 993 typedef struct { 994 uint32_t number; 995 KMF_CRL_DIST_POINT *dplist; 996 } KMF_X509EXT_CRLDISTPOINTS; 997 998 999 /* 1000 * Definitions for common X.509v3 certificate attribute OIDs 1001 */ 1002 #define OID_ISO_MEMBER 42 /* Also in PKCS */ 1003 #define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */ 1004 #define OID_CA OID_ISO_MEMBER, 124 1005 1006 #define OID_ISO_IDENTIFIED_ORG 43 1007 #define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 1008 #define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 1009 #define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 1010 #define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */ 1011 1012 #define OID_ISO_CCITT_DIR_SERVICE 85 1013 #define OID_ISO_CCITT_COUNTRY 96 1014 #define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72 1015 #define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124 1016 #define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1 1017 #define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2 1018 #define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3 1019 1020 /* From the PKCS Standards */ 1021 #define OID_ISO_MEMBER_LENGTH 1 1022 #define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2) 1023 1024 #define OID_RSA OID_US, 134, 247, 13 1025 #define OID_RSA_LENGTH (OID_US_LENGTH + 3) 1026 1027 #define OID_RSA_HASH OID_RSA, 2 1028 #define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1) 1029 1030 #define OID_RSA_ENCRYPT OID_RSA, 3 1031 #define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1) 1032 1033 #define OID_PKCS OID_RSA, 1 1034 #define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1) 1035 1036 #define OID_PKCS_1 OID_PKCS, 1 1037 #define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1) 1038 1039 #define OID_PKCS_2 OID_PKCS, 2 1040 #define OID_PKCS_3 OID_PKCS, 3 1041 #define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1) 1042 1043 #define OID_PKCS_4 OID_PKCS, 4 1044 #define OID_PKCS_5 OID_PKCS, 5 1045 #define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1) 1046 #define OID_PKCS_6 OID_PKCS, 6 1047 #define OID_PKCS_7 OID_PKCS, 7 1048 #define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1) 1049 1050 #define OID_PKCS_7_Data OID_PKCS_7, 1 1051 #define OID_PKCS_7_SignedData OID_PKCS_7, 2 1052 #define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3 1053 #define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4 1054 #define OID_PKCS_7_DigestedData OID_PKCS_7, 5 1055 #define OID_PKCS_7_EncryptedData OID_PKCS_7, 6 1056 1057 #define OID_PKCS_8 OID_PKCS, 8 1058 #define OID_PKCS_9 OID_PKCS, 9 1059 #define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1) 1060 1061 #define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3 1062 #define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4 1063 #define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5 1064 #define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6 1065 #define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14 1066 1067 #define OID_PKCS_10 OID_PKCS, 10 1068 1069 #define OID_PKCS_12 OID_PKCS, 12 1070 #define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1) 1071 1072 #define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1 1073 #define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2 1074 #define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3 1075 #define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4 1076 #define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5 1077 #define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6 1078 1079 #define OID_BAG_TYPES OID_PKCS_12, 10, 1 1080 #define OID_KeyBag OID_BAG_TYPES, 1 1081 #define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2 1082 #define OID_CertBag OID_BAG_TYPES, 3 1083 #define OID_CrlBag OID_BAG_TYPES, 4 1084 #define OID_SecretBag OID_BAG_TYPES, 5 1085 #define OID_SafeContentsBag OID_BAG_TYPES, 6 1086 1087 #define OID_ContentInfo OID_PKCS_7, 0, 1 1088 1089 #define OID_CERT_TYPES OID_PKCS_9, 22 1090 #define OID_x509Certificate OID_CERT_TYPES, 1 1091 #define OID_sdsiCertificate OID_CERT_TYPES, 2 1092 1093 #define OID_CRL_TYPES OID_PKCS_9, 23 1094 #define OID_x509Crl OID_CRL_TYPES, 1 1095 1096 #define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */ 1097 #define OID_DS_LENGTH 1 1098 1099 #define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */ 1100 #define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1) 1101 1102 #define OID_DSALG OID_DS, 8 /* Also in X.501 */ 1103 #define OID_DSALG_LENGTH (OID_DS_LENGTH + 1) 1104 1105 #define OID_EXTENSION OID_DS, 29 /* Also in X.501 */ 1106 #define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1) 1107 1108 /* 1109 * From RFC 1274: 1110 * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) } 1111 */ 1112 #define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 1113 #define OID_PILOT_LENGTH 9 1114 1115 #define OID_USERID OID_PILOT 1 1116 #define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1) 1117 1118 /* 1119 * From PKIX part1 1120 * { iso(1) identified-organization(3) dod(6) internet(1) 1121 * security(5) mechanisms(5) pkix(7) } 1122 */ 1123 #define OID_PKIX 43, 6, 1, 5, 5, 7 1124 #define OID_PKIX_LENGTH 6 1125 1126 /* private certificate extensions, { id-pkix 1 } */ 1127 #define OID_PKIX_PE OID_PKIX, 1 1128 #define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1) 1129 1130 /* policy qualifier types {id-pkix 2 } */ 1131 #define OID_PKIX_QT OID_PKIX, 2 1132 #define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1) 1133 1134 /* CPS qualifier, { id-qt 1 } */ 1135 #define OID_PKIX_QT_CPS OID_PKIX_QT, 1 1136 #define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1) 1137 /* user notice qualifier, { id-qt 2 } */ 1138 #define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2 1139 #define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1) 1140 1141 /* extended key purpose OIDs {id-pkix 3 } */ 1142 #define OID_PKIX_KP OID_PKIX, 3 1143 #define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1) 1144 1145 /* access descriptors {id-pkix 4 } */ 1146 #define OID_PKIX_AD OID_PKIX, 48 1147 #define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1) 1148 1149 /* access descriptors */ 1150 /* OCSP */ 1151 #define OID_PKIX_AD_OCSP OID_PKIX_AD, 1 1152 #define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1) 1153 1154 /* cAIssuers */ 1155 #define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2 1156 #define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1) 1157 1158 /* end PKIX part1 */ 1159 #define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4 1160 #define OID_APPL_TCP_PROTO_LENGTH 8 1161 1162 #define OID_DAP OID_DS, 3, 1 1163 #define OID_DAP_LENGTH (OID_DS_LENGTH + 2) 1164 1165 /* From x9.57 */ 1166 #define OID_OIW_LENGTH 2 1167 1168 #define OID_OIW_SECSIG OID_OIW, 3 1169 #define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1) 1170 1171 #define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 1172 #define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1) 1173 1174 #define OID_OIWDIR OID_OIW, 7, 2 1175 #define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2) 1176 1177 #define OID_OIWDIR_CRPT OID_OIWDIR, 1 1178 1179 #define OID_OIWDIR_HASH OID_OIWDIR, 2 1180 #define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1) 1181 1182 #define OID_OIWDIR_SIGN OID_OIWDIR, 3 1183 #define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1) 1184 1185 #define OID_X9CM OID_US, 206, 56 1186 #define OID_X9CM_MODULE OID_X9CM, 1 1187 #define OID_X9CM_INSTRUCTION OID_X9CM, 2 1188 #define OID_X9CM_ATTR OID_X9CM, 3 1189 #define OID_X9CM_X9ALGORITHM OID_X9CM, 4 1190 #define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1) 1191 1192 #define INTEL 96, 134, 72, 1, 134, 248, 77 1193 #define INTEL_LENGTH 7 1194 1195 #define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 1196 #define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) 1197 1198 #define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 1199 #define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) 1200 1201 extern const KMF_OID 1202 KMFOID_AliasedEntryName, 1203 KMFOID_AuthorityRevocationList, 1204 KMFOID_BusinessCategory, 1205 KMFOID_CACertificate, 1206 KMFOID_CertificateRevocationList, 1207 KMFOID_ChallengePassword, 1208 KMFOID_CollectiveFacsimileTelephoneNumber, 1209 KMFOID_CollectiveInternationalISDNNumber, 1210 KMFOID_CollectiveOrganizationName, 1211 KMFOID_CollectiveOrganizationalUnitName, 1212 KMFOID_CollectivePhysicalDeliveryOfficeName, 1213 KMFOID_CollectivePostOfficeBox, 1214 KMFOID_CollectivePostalAddress, 1215 KMFOID_CollectivePostalCode, 1216 KMFOID_CollectiveStateProvinceName, 1217 KMFOID_CollectiveStreetAddress, 1218 KMFOID_CollectiveTelephoneNumber, 1219 KMFOID_CollectiveTelexNumber, 1220 KMFOID_CollectiveTelexTerminalIdentifier, 1221 KMFOID_CommonName, 1222 KMFOID_ContentType, 1223 KMFOID_CounterSignature, 1224 KMFOID_CountryName, 1225 KMFOID_CrossCertificatePair, 1226 KMFOID_DNQualifier, 1227 KMFOID_Description, 1228 KMFOID_DestinationIndicator, 1229 KMFOID_DistinguishedName, 1230 KMFOID_EmailAddress, 1231 KMFOID_EnhancedSearchGuide, 1232 KMFOID_ExtendedCertificateAttributes, 1233 KMFOID_ExtensionRequest, 1234 KMFOID_FacsimileTelephoneNumber, 1235 KMFOID_GenerationQualifier, 1236 KMFOID_GivenName, 1237 KMFOID_HouseIdentifier, 1238 KMFOID_Initials, 1239 KMFOID_InternationalISDNNumber, 1240 KMFOID_KnowledgeInformation, 1241 KMFOID_LocalityName, 1242 KMFOID_Member, 1243 KMFOID_MessageDigest, 1244 KMFOID_Name, 1245 KMFOID_ObjectClass, 1246 KMFOID_OrganizationName, 1247 KMFOID_OrganizationalUnitName, 1248 KMFOID_Owner, 1249 KMFOID_PhysicalDeliveryOfficeName, 1250 KMFOID_PostOfficeBox, 1251 KMFOID_PostalAddress, 1252 KMFOID_PostalCode, 1253 KMFOID_PreferredDeliveryMethod, 1254 KMFOID_PresentationAddress, 1255 KMFOID_ProtocolInformation, 1256 KMFOID_RFC822mailbox, 1257 KMFOID_RegisteredAddress, 1258 KMFOID_RoleOccupant, 1259 KMFOID_SearchGuide, 1260 KMFOID_SeeAlso, 1261 KMFOID_SerialNumber, 1262 KMFOID_SigningTime, 1263 KMFOID_StateProvinceName, 1264 KMFOID_StreetAddress, 1265 KMFOID_SupportedApplicationContext, 1266 KMFOID_Surname, 1267 KMFOID_TelephoneNumber, 1268 KMFOID_TelexNumber, 1269 KMFOID_TelexTerminalIdentifier, 1270 KMFOID_Title, 1271 KMFOID_UniqueIdentifier, 1272 KMFOID_UniqueMember, 1273 KMFOID_UnstructuredAddress, 1274 KMFOID_UnstructuredName, 1275 KMFOID_UserCertificate, 1276 KMFOID_UserPassword, 1277 KMFOID_X_121Address, 1278 KMFOID_domainComponent, 1279 KMFOID_userid; 1280 1281 extern const KMF_OID 1282 KMFOID_AuthorityKeyID, 1283 KMFOID_AuthorityInfoAccess, 1284 KMFOID_VerisignCertificatePolicy, 1285 KMFOID_KeyUsageRestriction, 1286 KMFOID_SubjectDirectoryAttributes, 1287 KMFOID_SubjectKeyIdentifier, 1288 KMFOID_KeyUsage, 1289 KMFOID_PrivateKeyUsagePeriod, 1290 KMFOID_SubjectAltName, 1291 KMFOID_IssuerAltName, 1292 KMFOID_BasicConstraints, 1293 KMFOID_CrlNumber, 1294 KMFOID_CrlReason, 1295 KMFOID_HoldInstructionCode, 1296 KMFOID_InvalidityDate, 1297 KMFOID_DeltaCrlIndicator, 1298 KMFOID_IssuingDistributionPoints, 1299 KMFOID_NameConstraints, 1300 KMFOID_CrlDistributionPoints, 1301 KMFOID_CertificatePolicies, 1302 KMFOID_PolicyMappings, 1303 KMFOID_PolicyConstraints, 1304 KMFOID_AuthorityKeyIdentifier, 1305 KMFOID_ExtendedKeyUsage, 1306 KMFOID_PkixAdOcsp, 1307 KMFOID_PkixAdCaIssuers, 1308 KMFOID_PKIX_PQ_CPSuri, 1309 KMFOID_PKIX_PQ_Unotice, 1310 KMFOID_PKIX_KP_ServerAuth, 1311 KMFOID_PKIX_KP_ClientAuth, 1312 KMFOID_PKIX_KP_CodeSigning, 1313 KMFOID_PKIX_KP_EmailProtection, 1314 KMFOID_PKIX_KP_IPSecEndSystem, 1315 KMFOID_PKIX_KP_IPSecTunnel, 1316 KMFOID_PKIX_KP_IPSecUser, 1317 KMFOID_PKIX_KP_TimeStamping, 1318 KMFOID_PKIX_KP_OCSPSigning; 1319 1320 /* 1321 * KMF Certificate validation codes. These may be masked together. 1322 */ 1323 #define KMF_CERT_VALIDATE_OK 0x00 1324 #define KMF_CERT_VALIDATE_ERR_TA 0x01 1325 #define KMF_CERT_VALIDATE_ERR_USER 0x02 1326 #define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04 1327 #define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08 1328 #define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10 1329 #define KMF_CERT_VALIDATE_ERR_TIME 0x20 1330 #define KMF_CERT_VALIDATE_ERR_CRL 0x40 1331 #define KMF_CERT_VALIDATE_ERR_OCSP 0x80 1332 #define KMF_CERT_VALIDATE_ERR_ISSUER 0x100 1333 1334 /* 1335 * KMF Key Usage bitmasks 1336 */ 1337 #define KMF_digitalSignature 0x8000 1338 #define KMF_nonRepudiation 0x4000 1339 #define KMF_keyEncipherment 0x2000 1340 #define KMF_dataEncipherment 0x1000 1341 #define KMF_keyAgreement 0x0800 1342 #define KMF_keyCertSign 0x0400 1343 #define KMF_cRLSign 0x0200 1344 #define KMF_encipherOnly 0x0100 1345 #define KMF_decipherOnly 0x0080 1346 1347 #define KMF_KUBITMASK 0xFF80 1348 1349 /* 1350 * KMF Extended KeyUsage OID definitions 1351 */ 1352 #define KMF_EKU_SERVERAUTH 0x01 1353 #define KMF_EKU_CLIENTAUTH 0x02 1354 #define KMF_EKU_CODESIGNING 0x04 1355 #define KMF_EKU_EMAIL 0x08 1356 #define KMF_EKU_TIMESTAMP 0x10 1357 #define KMF_EKU_OCSPSIGNING 0x20 1358 1359 1360 #ifdef __cplusplus 1361 } 1362 #endif 1363 #endif /* _KMFTYPES_H */ 1364