1 /* 2 * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. 3 */ 4 /* 5 * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. 6 */ 7 8 #ifndef _KMFTYPES_H 9 #define _KMFTYPES_H 10 11 #include <sys/types.h> 12 #include <stdlib.h> 13 #include <strings.h> 14 #include <pthread.h> 15 16 #include <security/cryptoki.h> 17 18 #ifdef __cplusplus 19 extern "C" { 20 #endif 21 22 typedef uint32_t KMF_BOOL; 23 24 #define KMF_FALSE (0) 25 #define KMF_TRUE (1) 26 27 /* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */ 28 typedef struct _kmf_handle *KMF_HANDLE_T; 29 30 /* 31 * KMF_DATA 32 * The KMF_DATA structure is used to associate a length, in bytes, with 33 * an arbitrary block of contiguous memory. 34 */ 35 typedef struct kmf_data 36 { 37 size_t Length; /* in bytes */ 38 uchar_t *Data; 39 } KMF_DATA; 40 41 typedef struct { 42 uchar_t *val; 43 size_t len; 44 } KMF_BIGINT; 45 46 /* 47 * KMF_OID 48 * The object identifier (OID) structure is used to hold a unique identifier for 49 * the atomic data fields and the compound substructure that comprise the fields 50 * of a certificate or CRL. 51 */ 52 typedef KMF_DATA KMF_OID; 53 54 typedef struct kmf_x509_private { 55 int keystore_type; 56 int flags; /* see below */ 57 char *label; 58 #define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */ 59 #define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */ 60 } KMF_X509_PRIVATE; 61 62 /* 63 * KMF_X509_DER_CERT 64 * This structure associates packed DER certificate data. 65 * Also, it contains the private information internal used 66 * by KMF layer. 67 */ 68 typedef struct 69 { 70 KMF_DATA certificate; 71 KMF_X509_PRIVATE kmf_private; 72 } KMF_X509_DER_CERT; 73 74 typedef int KMF_KEYSTORE_TYPE; 75 #define KMF_KEYSTORE_NSS 1 76 #define KMF_KEYSTORE_OPENSSL 2 77 #define KMF_KEYSTORE_PK11TOKEN 3 78 79 #define VALID_DEFAULT_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\ 80 (t <= KMF_KEYSTORE_PK11TOKEN)) 81 82 typedef enum { 83 KMF_FORMAT_UNDEF = 0, 84 KMF_FORMAT_ASN1 = 1, /* DER */ 85 KMF_FORMAT_PEM = 2, 86 KMF_FORMAT_PKCS12 = 3, 87 KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */ 88 KMF_FORMAT_PEM_KEYPAIR = 5 89 } KMF_ENCODE_FORMAT; 90 91 #define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF 92 93 typedef enum { 94 KMF_ALL_CERTS = 0, 95 KMF_NONEXPIRED_CERTS = 1, 96 KMF_EXPIRED_CERTS = 2 97 } KMF_CERT_VALIDITY; 98 99 100 typedef enum { 101 KMF_ALL_EXTNS = 0, 102 KMF_CRITICAL_EXTNS = 1, 103 KMF_NONCRITICAL_EXTNS = 2 104 } KMF_FLAG_CERT_EXTN; 105 106 107 typedef enum { 108 KMF_KU_SIGN_CERT = 0, 109 KMF_KU_SIGN_DATA = 1, 110 KMF_KU_ENCRYPT_DATA = 2 111 } KMF_KU_PURPOSE; 112 113 /* 114 * Algorithms 115 * This type defines a set of constants used to identify cryptographic 116 * algorithms. 117 * 118 * When adding new ALGID, be careful not to rearrange existing 119 * values, doing so can cause problem in the STC test suite. 120 */ 121 typedef enum { 122 KMF_ALGID_NONE = 0, 123 KMF_ALGID_CUSTOM, 124 KMF_ALGID_SHA1, 125 KMF_ALGID_RSA, 126 KMF_ALGID_DSA, 127 KMF_ALGID_MD5WithRSA, 128 KMF_ALGID_MD2WithRSA, 129 KMF_ALGID_SHA1WithRSA, 130 KMF_ALGID_SHA1WithDSA, 131 132 KMF_ALGID_ECDSA, 133 134 KMF_ALGID_SHA256WithRSA, 135 KMF_ALGID_SHA384WithRSA, 136 KMF_ALGID_SHA512WithRSA, 137 138 KMF_ALGID_SHA256WithDSA, 139 140 KMF_ALGID_SHA1WithECDSA, 141 KMF_ALGID_SHA256WithECDSA, 142 KMF_ALGID_SHA384WithECDSA, 143 KMF_ALGID_SHA512WithECDSA 144 } KMF_ALGORITHM_INDEX; 145 146 /* 147 * Generic credential structure used by other structures below 148 * to convey authentication information to the underlying 149 * mechanisms. 150 */ 151 typedef struct { 152 char *cred; 153 uint32_t credlen; 154 } KMF_CREDENTIAL; 155 156 typedef enum { 157 KMF_KEYALG_NONE = 0, 158 KMF_RSA = 1, 159 KMF_DSA = 2, 160 KMF_AES = 3, 161 KMF_RC4 = 4, 162 KMF_DES = 5, 163 KMF_DES3 = 6, 164 KMF_GENERIC_SECRET = 7, 165 KMF_ECDSA = 8 166 }KMF_KEY_ALG; 167 168 typedef enum { 169 KMF_KEYCLASS_NONE = 0, 170 KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */ 171 KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */ 172 KMF_SYMMETRIC = 3 /* symmetric key */ 173 }KMF_KEY_CLASS; 174 175 typedef enum { 176 KMF_CERT = 0, 177 KMF_CSR = 1, 178 KMF_CRL = 2 179 }KMF_OBJECT_TYPE; 180 181 typedef struct { 182 KMF_BIGINT mod; 183 KMF_BIGINT pubexp; 184 KMF_BIGINT priexp; 185 KMF_BIGINT prime1; 186 KMF_BIGINT prime2; 187 KMF_BIGINT exp1; 188 KMF_BIGINT exp2; 189 KMF_BIGINT coef; 190 } KMF_RAW_RSA_KEY; 191 192 typedef struct { 193 KMF_BIGINT prime; 194 KMF_BIGINT subprime; 195 KMF_BIGINT base; 196 KMF_BIGINT value; 197 KMF_BIGINT pubvalue; 198 } KMF_RAW_DSA_KEY; 199 200 typedef struct { 201 KMF_BIGINT keydata; 202 } KMF_RAW_SYM_KEY; 203 204 typedef struct { 205 KMF_BIGINT value; 206 KMF_OID params; 207 } KMF_RAW_EC_KEY; 208 209 typedef struct { 210 KMF_KEY_ALG keytype; 211 boolean_t sensitive; 212 boolean_t not_extractable; 213 union { 214 KMF_RAW_RSA_KEY rsa; 215 KMF_RAW_DSA_KEY dsa; 216 KMF_RAW_SYM_KEY sym; 217 KMF_RAW_EC_KEY ec; 218 }rawdata; 219 char *label; 220 KMF_DATA id; 221 } KMF_RAW_KEY_DATA; 222 223 typedef struct { 224 KMF_KEYSTORE_TYPE kstype; 225 KMF_KEY_ALG keyalg; 226 KMF_KEY_CLASS keyclass; 227 boolean_t israw; 228 char *keylabel; 229 void *keyp; 230 } KMF_KEY_HANDLE; 231 232 typedef struct { 233 KMF_KEYSTORE_TYPE kstype; 234 uint32_t errcode; 235 } KMF_ERROR; 236 237 /* 238 * Typenames to use with subjectAltName 239 */ 240 typedef enum { 241 GENNAME_OTHERNAME = 0x00, 242 GENNAME_RFC822NAME, 243 GENNAME_DNSNAME, 244 GENNAME_X400ADDRESS, 245 GENNAME_DIRECTORYNAME, 246 GENNAME_EDIPARTYNAME, 247 GENNAME_URI, 248 GENNAME_IPADDRESS, 249 GENNAME_REGISTEREDID, 250 GENNAME_KRB5PRINC, 251 GENNAME_SCLOGON_UPN 252 } KMF_GENERALNAMECHOICES; 253 254 /* 255 * KMF_FIELD 256 * This structure contains the OID/value pair for any item that can be 257 * identified by an OID. 258 */ 259 typedef struct 260 { 261 KMF_OID FieldOid; 262 KMF_DATA FieldValue; 263 } KMF_FIELD; 264 265 typedef enum { 266 KMF_OK = 0x00, 267 KMF_ERR_BAD_PARAMETER = 0x01, 268 KMF_ERR_BAD_KEY_FORMAT = 0x02, 269 KMF_ERR_BAD_ALGORITHM = 0x03, 270 KMF_ERR_MEMORY = 0x04, 271 KMF_ERR_ENCODING = 0x05, 272 KMF_ERR_PLUGIN_INIT = 0x06, 273 KMF_ERR_PLUGIN_NOTFOUND = 0x07, 274 KMF_ERR_INTERNAL = 0x0b, 275 KMF_ERR_BAD_CERT_FORMAT = 0x0c, 276 KMF_ERR_KEYGEN_FAILED = 0x0d, 277 KMF_ERR_UNINITIALIZED = 0x10, 278 KMF_ERR_ISSUER = 0x11, 279 KMF_ERR_NOT_REVOKED = 0x12, 280 KMF_ERR_CERT_NOT_FOUND = 0x13, 281 KMF_ERR_CRL_NOT_FOUND = 0x14, 282 KMF_ERR_RDN_PARSER = 0x15, 283 KMF_ERR_RDN_ATTR = 0x16, 284 KMF_ERR_SLOTNAME = 0x17, 285 KMF_ERR_EMPTY_CRL = 0x18, 286 KMF_ERR_BUFFER_SIZE = 0x19, 287 KMF_ERR_AUTH_FAILED = 0x1a, 288 KMF_ERR_TOKEN_SELECTED = 0x1b, 289 KMF_ERR_NO_TOKEN_SELECTED = 0x1c, 290 KMF_ERR_TOKEN_NOT_PRESENT = 0x1d, 291 KMF_ERR_EXTENSION_NOT_FOUND = 0x1e, 292 KMF_ERR_POLICY_ENGINE = 0x1f, 293 KMF_ERR_POLICY_DB_FORMAT = 0x20, 294 KMF_ERR_POLICY_NOT_FOUND = 0x21, 295 KMF_ERR_POLICY_DB_FILE = 0x22, 296 KMF_ERR_POLICY_NAME = 0x23, 297 KMF_ERR_OCSP_POLICY = 0x24, 298 KMF_ERR_TA_POLICY = 0x25, 299 KMF_ERR_KEY_NOT_FOUND = 0x26, 300 KMF_ERR_OPEN_FILE = 0x27, 301 KMF_ERR_OCSP_BAD_ISSUER = 0x28, 302 KMF_ERR_OCSP_BAD_CERT = 0x29, 303 KMF_ERR_OCSP_CREATE_REQUEST = 0x2a, 304 KMF_ERR_CONNECT_SERVER = 0x2b, 305 KMF_ERR_SEND_REQUEST = 0x2c, 306 KMF_ERR_OCSP_CERTID = 0x2d, 307 KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e, 308 KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f, 309 KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30, 310 KMF_ERR_OCSP_BAD_SIGNER = 0x31, 311 312 KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32, 313 KMF_ERR_OCSP_UNKNOWN_CERT = 0x33, 314 KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34, 315 KMF_ERR_BAD_HTTP_RESPONSE = 0x35, 316 KMF_ERR_RECV_RESPONSE = 0x36, 317 KMF_ERR_RECV_TIMEOUT = 0x37, 318 KMF_ERR_DUPLICATE_KEYFILE = 0x38, 319 KMF_ERR_AMBIGUOUS_PATHNAME = 0x39, 320 KMF_ERR_FUNCTION_NOT_FOUND = 0x3a, 321 KMF_ERR_PKCS12_FORMAT = 0x3b, 322 KMF_ERR_BAD_KEY_TYPE = 0x3c, 323 KMF_ERR_BAD_KEY_CLASS = 0x3d, 324 KMF_ERR_BAD_KEY_SIZE = 0x3e, 325 KMF_ERR_BAD_HEX_STRING = 0x3f, 326 KMF_ERR_KEYUSAGE = 0x40, 327 KMF_ERR_VALIDITY_PERIOD = 0x41, 328 KMF_ERR_OCSP_REVOKED = 0x42, 329 KMF_ERR_CERT_MULTIPLE_FOUND = 0x43, 330 KMF_ERR_WRITE_FILE = 0x44, 331 KMF_ERR_BAD_URI = 0x45, 332 KMF_ERR_BAD_CRLFILE = 0x46, 333 KMF_ERR_BAD_CERTFILE = 0x47, 334 KMF_ERR_GETKEYVALUE_FAILED = 0x48, 335 KMF_ERR_BAD_KEYHANDLE = 0x49, 336 KMF_ERR_BAD_OBJECT_TYPE = 0x4a, 337 KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b, 338 KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c, 339 KMF_ERR_UNINITIALIZED_TOKEN = 0x4d, 340 KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e, 341 KMF_ERR_MISSING_ERRCODE = 0x4f, 342 KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50, 343 KMF_ERR_SENSITIVE_KEY = 0x51, 344 KMF_ERR_UNEXTRACTABLE_KEY = 0x52, 345 KMF_ERR_KEY_MISMATCH = 0x53, 346 KMF_ERR_ATTR_NOT_FOUND = 0x54, 347 KMF_ERR_KMF_CONF = 0x55, 348 KMF_ERR_NAME_NOT_MATCHED = 0x56, 349 KMF_ERR_MAPPER_OPEN = 0x57, 350 KMF_ERR_MAPPER_NOT_FOUND = 0x58, 351 KMF_ERR_MAPPING_FAILED = 0x59, 352 KMF_ERR_CERT_VALIDATION = 0x60 353 } KMF_RETURN; 354 355 /* Data structures for OCSP support */ 356 typedef enum { 357 OCSP_GOOD = 0, 358 OCSP_REVOKED = 1, 359 OCSP_UNKNOWN = 2 360 } KMF_OCSP_CERT_STATUS; 361 362 typedef enum { 363 OCSP_SUCCESS = 0, 364 OCSP_MALFORMED_REQUEST = 1, 365 OCSP_INTERNAL_ERROR = 2, 366 OCSP_TRYLATER = 3, 367 OCSP_SIGREQUIRED = 4, 368 OCSP_UNAUTHORIZED = 5 369 } KMF_OCSP_RESPONSE_STATUS; 370 371 typedef enum { 372 OCSP_NOSTATUS = -1, 373 OCSP_UNSPECIFIED = 0, 374 OCSP_KEYCOMPROMISE = 1, 375 OCSP_CACOMPROMISE = 2, 376 OCSP_AFFILIATIONCHANGE = 3, 377 OCSP_SUPERCEDED = 4, 378 OCSP_CESSATIONOFOPERATION = 5, 379 OCSP_CERTIFICATEHOLD = 6, 380 OCSP_REMOVEFROMCRL = 7 381 } KMF_OCSP_REVOKED_STATUS; 382 383 typedef enum { 384 KMF_CERT_ISSUER = 1, 385 KMF_CERT_SUBJECT, 386 KMF_CERT_VERSION, 387 KMF_CERT_SERIALNUM, 388 KMF_CERT_NOTBEFORE, 389 KMF_CERT_NOTAFTER, 390 KMF_CERT_PUBKEY_ALG, 391 KMF_CERT_SIGNATURE_ALG, 392 KMF_CERT_EMAIL, 393 KMF_CERT_PUBKEY_DATA, 394 KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD, 395 KMF_X509_EXT_CERT_POLICIES, 396 KMF_X509_EXT_SUBJ_ALTNAME, 397 KMF_X509_EXT_ISSUER_ALTNAME, 398 KMF_X509_EXT_BASIC_CONSTRAINTS, 399 KMF_X509_EXT_NAME_CONSTRAINTS, 400 KMF_X509_EXT_POLICY_CONSTRAINTS, 401 KMF_X509_EXT_EXT_KEY_USAGE, 402 KMF_X509_EXT_INHIBIT_ANY_POLICY, 403 KMF_X509_EXT_AUTH_KEY_ID, 404 KMF_X509_EXT_SUBJ_KEY_ID, 405 KMF_X509_EXT_POLICY_MAPPINGS, 406 KMF_X509_EXT_CRL_DIST_POINTS, 407 KMF_X509_EXT_FRESHEST_CRL, 408 KMF_X509_EXT_KEY_USAGE 409 } KMF_PRINTABLE_ITEM; 410 411 /* 412 * KMF_X509_ALGORITHM_IDENTIFIER 413 * This structure holds an object identifier naming a 414 * cryptographic algorithm and an optional set of 415 * parameters to be used as input to that algorithm. 416 */ 417 typedef struct 418 { 419 KMF_OID algorithm; 420 KMF_DATA parameters; 421 } KMF_X509_ALGORITHM_IDENTIFIER; 422 423 /* 424 * KMF_X509_TYPE_VALUE_PAIR 425 * This structure contain an type-value pair. 426 */ 427 typedef struct 428 { 429 KMF_OID type; 430 uint8_t valueType; /* The Tag to use when BER encoded */ 431 KMF_DATA value; 432 } KMF_X509_TYPE_VALUE_PAIR; 433 434 435 /* 436 * KMF_X509_RDN 437 * This structure contains a Relative Distinguished Name 438 * composed of an ordered set of type-value pairs. 439 */ 440 typedef struct 441 { 442 uint32_t numberOfPairs; 443 KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue; 444 } KMF_X509_RDN; 445 446 /* 447 * KMF_X509_NAME 448 * This structure contains a set of Relative Distinguished Names. 449 */ 450 typedef struct 451 { 452 uint32_t numberOfRDNs; 453 KMF_X509_RDN *RelativeDistinguishedName; 454 } KMF_X509_NAME; 455 456 /* 457 * KMF_X509_SPKI 458 * This structure contains the public key and the 459 * description of the verification algorithm 460 * appropriate for use with this key. 461 */ 462 typedef struct 463 { 464 KMF_X509_ALGORITHM_IDENTIFIER algorithm; 465 KMF_DATA subjectPublicKey; 466 } KMF_X509_SPKI; 467 468 /* 469 * KMF_X509_TIME 470 * Time is represented as a string according to the 471 * definitions of GeneralizedTime and UTCTime 472 * defined in RFC 2459. 473 */ 474 typedef struct 475 { 476 uint8_t timeType; 477 KMF_DATA time; 478 } KMF_X509_TIME; 479 480 /* 481 * KMF_X509_VALIDITY 482 */ 483 typedef struct 484 { 485 KMF_X509_TIME notBefore; 486 KMF_X509_TIME notAfter; 487 } KMF_X509_VALIDITY; 488 489 /* 490 * KMF_X509EXT_BASICCONSTRAINTS 491 */ 492 typedef struct 493 { 494 KMF_BOOL cA; 495 KMF_BOOL pathLenConstraintPresent; 496 uint32_t pathLenConstraint; 497 } KMF_X509EXT_BASICCONSTRAINTS; 498 499 /* 500 * KMF_X509EXT_DATA_FORMAT 501 * This list defines the valid formats for a certificate extension. 502 */ 503 typedef enum 504 { 505 KMF_X509_DATAFORMAT_ENCODED = 0, 506 KMF_X509_DATAFORMAT_PARSED, 507 KMF_X509_DATAFORMAT_PAIR 508 } KMF_X509EXT_DATA_FORMAT; 509 510 511 /* 512 * KMF_X509EXT_TAGandVALUE 513 * This structure contains a BER/DER encoded 514 * extension value and the type of that value. 515 */ 516 typedef struct 517 { 518 uint8_t type; 519 KMF_DATA value; 520 } KMF_X509EXT_TAGandVALUE; 521 522 523 /* 524 * KMF_X509EXT_PAIR 525 * This structure aggregates two extension representations: 526 * a tag and value, and a parsed X509 extension representation. 527 */ 528 typedef struct 529 { 530 KMF_X509EXT_TAGandVALUE tagAndValue; 531 void *parsedValue; 532 } KMF_X509EXT_PAIR; 533 534 /* 535 * KMF_X509_EXTENSION 536 * This structure contains a complete certificate extension. 537 */ 538 typedef struct 539 { 540 KMF_OID extnId; 541 KMF_BOOL critical; 542 KMF_X509EXT_DATA_FORMAT format; 543 union 544 { 545 KMF_X509EXT_TAGandVALUE *tagAndValue; 546 void *parsedValue; 547 KMF_X509EXT_PAIR *valuePair; 548 } value; 549 KMF_DATA BERvalue; 550 } KMF_X509_EXTENSION; 551 552 553 /* 554 * KMF_X509_EXTENSIONS 555 * This structure contains the set of all certificate 556 * extensions contained in a certificate. 557 */ 558 typedef struct 559 { 560 uint32_t numberOfExtensions; 561 KMF_X509_EXTENSION *extensions; 562 } KMF_X509_EXTENSIONS; 563 564 /* 565 * KMF_X509_TBS_CERT 566 * This structure contains a complete X.509 certificate. 567 */ 568 typedef struct 569 { 570 KMF_DATA version; 571 KMF_BIGINT serialNumber; 572 KMF_X509_ALGORITHM_IDENTIFIER signature; 573 KMF_X509_NAME issuer; 574 KMF_X509_VALIDITY validity; 575 KMF_X509_NAME subject; 576 KMF_X509_SPKI subjectPublicKeyInfo; 577 KMF_DATA issuerUniqueIdentifier; 578 KMF_DATA subjectUniqueIdentifier; 579 KMF_X509_EXTENSIONS extensions; 580 } KMF_X509_TBS_CERT; 581 582 /* 583 * KMF_X509_SIGNATURE 584 * This structure contains a cryptographic digital signature. 585 */ 586 typedef struct 587 { 588 KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; 589 KMF_DATA encrypted; 590 } KMF_X509_SIGNATURE; 591 592 /* 593 * KMF_X509_CERTIFICATE 594 * This structure associates a set of decoded certificate 595 * values with the signature covering those values. 596 */ 597 typedef struct 598 { 599 KMF_X509_TBS_CERT certificate; 600 KMF_X509_SIGNATURE signature; 601 } KMF_X509_CERTIFICATE; 602 603 #define CERT_ALG_OID(c) &c->certificate.signature.algorithm 604 #define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm 605 606 /* 607 * KMF_TBS_CSR 608 * This structure contains a complete PKCS#10 certificate request 609 */ 610 typedef struct 611 { 612 KMF_DATA version; 613 KMF_X509_NAME subject; 614 KMF_X509_SPKI subjectPublicKeyInfo; 615 KMF_X509_EXTENSIONS extensions; 616 } KMF_TBS_CSR; 617 618 /* 619 * KMF_CSR_DATA 620 * This structure contains a complete PKCS#10 certificate signed request 621 */ 622 typedef struct 623 { 624 KMF_TBS_CSR csr; 625 KMF_X509_SIGNATURE signature; 626 } KMF_CSR_DATA; 627 628 /* 629 * KMF_X509EXT_POLICYQUALIFIERINFO 630 */ 631 typedef struct 632 { 633 KMF_OID policyQualifierId; 634 KMF_DATA value; 635 } KMF_X509EXT_POLICYQUALIFIERINFO; 636 637 /* 638 * KMF_X509EXT_POLICYQUALIFIERS 639 */ 640 typedef struct 641 { 642 uint32_t numberOfPolicyQualifiers; 643 KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier; 644 } KMF_X509EXT_POLICYQUALIFIERS; 645 646 /* 647 * KMF_X509EXT_POLICYINFO 648 */ 649 typedef struct 650 { 651 KMF_OID policyIdentifier; 652 KMF_X509EXT_POLICYQUALIFIERS policyQualifiers; 653 } KMF_X509EXT_POLICYINFO; 654 655 typedef struct 656 { 657 uint32_t numberOfPolicyInfo; 658 KMF_X509EXT_POLICYINFO *policyInfo; 659 } KMF_X509EXT_CERT_POLICIES; 660 661 typedef struct 662 { 663 uchar_t critical; 664 uint16_t KeyUsageBits; 665 } KMF_X509EXT_KEY_USAGE; 666 667 typedef struct 668 { 669 uchar_t critical; 670 uint16_t nEKUs; 671 KMF_OID *keyPurposeIdList; 672 } KMF_X509EXT_EKU; 673 674 675 /* 676 * X509 AuthorityInfoAccess extension 677 */ 678 typedef struct 679 { 680 KMF_OID AccessMethod; 681 KMF_DATA AccessLocation; 682 } KMF_X509EXT_ACCESSDESC; 683 684 typedef struct 685 { 686 uint32_t numberOfAccessDescription; 687 KMF_X509EXT_ACCESSDESC *AccessDesc; 688 } KMF_X509EXT_AUTHINFOACCESS; 689 690 691 /* 692 * X509 Crl Distribution Point extension 693 */ 694 typedef struct { 695 KMF_GENERALNAMECHOICES choice; 696 KMF_DATA name; 697 } KMF_GENERALNAME; 698 699 typedef struct { 700 uint32_t number; 701 KMF_GENERALNAME *namelist; 702 } KMF_GENERALNAMES; 703 704 typedef enum { 705 DP_GENERAL_NAME = 1, 706 DP_RELATIVE_NAME = 2 707 } KMF_CRL_DIST_POINT_TYPE; 708 709 typedef struct { 710 KMF_CRL_DIST_POINT_TYPE type; 711 union { 712 KMF_GENERALNAMES full_name; 713 KMF_DATA relative_name; 714 } name; 715 KMF_DATA reasons; 716 KMF_GENERALNAMES crl_issuer; 717 } KMF_CRL_DIST_POINT; 718 719 typedef struct { 720 uint32_t number; 721 KMF_CRL_DIST_POINT *dplist; 722 } KMF_X509EXT_CRLDISTPOINTS; 723 724 typedef enum { 725 KMF_DATA_ATTR, 726 KMF_OID_ATTR, 727 KMF_BIGINT_ATTR, 728 KMF_X509_DER_CERT_ATTR, 729 KMF_KEYSTORE_TYPE_ATTR, 730 KMF_ENCODE_FORMAT_ATTR, 731 KMF_CERT_VALIDITY_ATTR, 732 KMF_KU_PURPOSE_ATTR, 733 KMF_ALGORITHM_INDEX_ATTR, 734 KMF_TOKEN_LABEL_ATTR, 735 KMF_READONLY_ATTR, 736 KMF_DIRPATH_ATTR, 737 KMF_CERTPREFIX_ATTR, 738 KMF_KEYPREFIX_ATTR, 739 KMF_SECMODNAME_ATTR, 740 KMF_CREDENTIAL_ATTR, 741 KMF_TRUSTFLAG_ATTR, 742 KMF_CRL_FILENAME_ATTR, 743 KMF_CRL_CHECK_ATTR, 744 KMF_CRL_DATA_ATTR, 745 KMF_CRL_SUBJECT_ATTR, 746 KMF_CRL_ISSUER_ATTR, 747 KMF_CRL_NAMELIST_ATTR, 748 KMF_CRL_COUNT_ATTR, 749 KMF_CRL_OUTFILE_ATTR, 750 KMF_CERT_LABEL_ATTR, 751 KMF_SUBJECT_NAME_ATTR, 752 KMF_ISSUER_NAME_ATTR, 753 KMF_CERT_FILENAME_ATTR, 754 KMF_KEY_FILENAME_ATTR, 755 KMF_OUTPUT_FILENAME_ATTR, 756 KMF_IDSTR_ATTR, 757 KMF_CERT_DATA_ATTR, 758 KMF_OCSP_RESPONSE_DATA_ATTR, 759 KMF_OCSP_RESPONSE_STATUS_ATTR, 760 KMF_OCSP_RESPONSE_REASON_ATTR, 761 KMF_OCSP_RESPONSE_CERT_STATUS_ATTR, 762 KMF_OCSP_REQUEST_FILENAME_ATTR, 763 KMF_KEYALG_ATTR, 764 KMF_KEYCLASS_ATTR, 765 KMF_KEYLABEL_ATTR, 766 KMF_KEYLENGTH_ATTR, 767 KMF_RSAEXP_ATTR, 768 KMF_TACERT_DATA_ATTR, 769 KMF_SLOT_ID_ATTR, 770 KMF_PK12CRED_ATTR, 771 KMF_ISSUER_CERT_DATA_ATTR, 772 KMF_USER_CERT_DATA_ATTR, 773 KMF_SIGNER_CERT_DATA_ATTR, 774 KMF_IGNORE_RESPONSE_SIGN_ATTR, 775 KMF_RESPONSE_LIFETIME_ATTR, 776 KMF_KEY_HANDLE_ATTR, 777 KMF_PRIVKEY_HANDLE_ATTR, 778 KMF_PUBKEY_HANDLE_ATTR, 779 KMF_ERROR_ATTR, 780 KMF_X509_NAME_ATTR, 781 KMF_X509_SPKI_ATTR, 782 KMF_X509_CERTIFICATE_ATTR, 783 KMF_RAW_KEY_ATTR, 784 KMF_CSR_DATA_ATTR, 785 KMF_GENERALNAMECHOICES_ATTR, 786 KMF_STOREKEY_BOOL_ATTR, 787 KMF_SENSITIVE_BOOL_ATTR, 788 KMF_NON_EXTRACTABLE_BOOL_ATTR, 789 KMF_TOKEN_BOOL_ATTR, 790 KMF_PRIVATE_BOOL_ATTR, 791 KMF_NEWPIN_ATTR, 792 KMF_IN_SIGN_ATTR, 793 KMF_OUT_DATA_ATTR, 794 KMF_COUNT_ATTR, 795 KMF_DESTROY_BOOL_ATTR, 796 KMF_TBS_CERT_DATA_ATTR, 797 KMF_PLAINTEXT_DATA_ATTR, 798 KMF_CIPHERTEXT_DATA_ATTR, 799 KMF_VALIDATE_RESULT_ATTR, 800 KMF_KEY_DATA_ATTR, 801 KMF_PK11_USER_TYPE_ATTR, 802 KMF_ECC_CURVE_OID_ATTR, 803 KMF_MAPPER_NAME_ATTR, 804 KMF_MAPPER_PATH_ATTR, 805 KMF_MAPPER_OPTIONS_ATTR 806 } KMF_ATTR_TYPE; 807 808 typedef struct { 809 KMF_ATTR_TYPE type; 810 void *pValue; 811 uint32_t valueLen; 812 } KMF_ATTRIBUTE; 813 814 /* 815 * Definitions for common X.509v3 certificate attribute OIDs 816 */ 817 #define OID_ISO_MEMBER 42 /* Also in PKCS */ 818 #define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */ 819 #define OID_CA OID_ISO_MEMBER, 124 820 821 #define OID_ISO_IDENTIFIED_ORG 43 822 #define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 823 #define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 824 #define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 825 #define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */ 826 827 #define OID_ISO_CCITT_DIR_SERVICE 85 828 #define OID_ISO_CCITT_COUNTRY 96 829 #define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72 830 #define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124 831 #define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1 832 #define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2 833 #define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3 834 835 /* From the PKCS Standards */ 836 #define OID_ISO_MEMBER_LENGTH 1 837 #define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2) 838 839 #define OID_RSA OID_US, 134, 247, 13 840 #define OID_RSA_LENGTH (OID_US_LENGTH + 3) 841 842 #define OID_RSA_HASH OID_RSA, 2 843 #define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1) 844 845 #define OID_RSA_ENCRYPT OID_RSA, 3 846 #define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1) 847 848 #define OID_PKCS OID_RSA, 1 849 #define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1) 850 851 #define OID_PKCS_1 OID_PKCS, 1 852 #define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1) 853 854 #define OID_PKCS_2 OID_PKCS, 2 855 #define OID_PKCS_3 OID_PKCS, 3 856 #define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1) 857 858 #define OID_PKCS_4 OID_PKCS, 4 859 #define OID_PKCS_5 OID_PKCS, 5 860 #define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1) 861 #define OID_PKCS_6 OID_PKCS, 6 862 #define OID_PKCS_7 OID_PKCS, 7 863 #define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1) 864 865 #define OID_PKCS_7_Data OID_PKCS_7, 1 866 #define OID_PKCS_7_SignedData OID_PKCS_7, 2 867 #define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3 868 #define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4 869 #define OID_PKCS_7_DigestedData OID_PKCS_7, 5 870 #define OID_PKCS_7_EncryptedData OID_PKCS_7, 6 871 872 #define OID_PKCS_8 OID_PKCS, 8 873 #define OID_PKCS_9 OID_PKCS, 9 874 #define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1) 875 876 #define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3 877 #define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4 878 #define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5 879 #define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6 880 #define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14 881 882 #define OID_PKCS_10 OID_PKCS, 10 883 884 #define OID_PKCS_12 OID_PKCS, 12 885 #define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1) 886 887 #define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1 888 #define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2 889 #define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3 890 #define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4 891 #define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5 892 #define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6 893 894 #define OID_BAG_TYPES OID_PKCS_12, 10, 1 895 #define OID_KeyBag OID_BAG_TYPES, 1 896 #define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2 897 #define OID_CertBag OID_BAG_TYPES, 3 898 #define OID_CrlBag OID_BAG_TYPES, 4 899 #define OID_SecretBag OID_BAG_TYPES, 5 900 #define OID_SafeContentsBag OID_BAG_TYPES, 6 901 902 #define OID_ContentInfo OID_PKCS_7, 0, 1 903 904 #define OID_CERT_TYPES OID_PKCS_9, 22 905 #define OID_x509Certificate OID_CERT_TYPES, 1 906 #define OID_sdsiCertificate OID_CERT_TYPES, 2 907 908 #define OID_CRL_TYPES OID_PKCS_9, 23 909 #define OID_x509Crl OID_CRL_TYPES, 1 910 911 #define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */ 912 #define OID_DS_LENGTH 1 913 914 #define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */ 915 #define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1) 916 917 #define OID_DSALG OID_DS, 8 /* Also in X.501 */ 918 #define OID_DSALG_LENGTH (OID_DS_LENGTH + 1) 919 920 #define OID_EXTENSION OID_DS, 29 /* Also in X.501 */ 921 #define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1) 922 923 /* 924 * From RFC 1274: 925 * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) } 926 */ 927 #define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 928 #define OID_PILOT_LENGTH 9 929 930 #define OID_USERID OID_PILOT 1 931 #define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1) 932 933 /* 934 * From PKIX part1 935 * { iso(1) identified-organization(3) dod(6) internet(1) 936 * security(5) mechanisms(5) pkix(7) } 937 */ 938 #define OID_PKIX 43, 6, 1, 5, 5, 7 939 #define OID_PKIX_LENGTH 6 940 941 /* private certificate extensions, { id-pkix 1 } */ 942 #define OID_PKIX_PE OID_PKIX, 1 943 #define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1) 944 945 /* policy qualifier types {id-pkix 2 } */ 946 #define OID_PKIX_QT OID_PKIX, 2 947 #define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1) 948 949 /* CPS qualifier, { id-qt 1 } */ 950 #define OID_PKIX_QT_CPS OID_PKIX_QT, 1 951 #define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1) 952 /* user notice qualifier, { id-qt 2 } */ 953 #define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2 954 #define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1) 955 956 /* extended key purpose OIDs {id-pkix 3 } */ 957 #define OID_PKIX_KP OID_PKIX, 3 958 #define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1) 959 960 /* access descriptors {id-pkix 4 } */ 961 #define OID_PKIX_AD OID_PKIX, 48 962 #define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1) 963 964 /* access descriptors */ 965 /* OCSP */ 966 #define OID_PKIX_AD_OCSP OID_PKIX_AD, 1 967 #define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1) 968 969 /* cAIssuers */ 970 #define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2 971 #define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1) 972 973 /* end PKIX part1 */ 974 975 /* 976 * From RFC4556 (PKINIT) 977 * 978 * pkinit = { iso(1) identified-organization(3) dod(6) internet(1) 979 * security(5) kerberosv5(2) pkinit(3) } 980 */ 981 #define OID_KRB5_PKINIT 43, 6, 1, 5, 2, 3 982 #define OID_KRB5_PKINIT_LENGTH 6 983 984 #define OID_KRB5_PKINIT_KPCLIENTAUTH OID_KRB5_PKINIT, 4 985 #define OID_KRB5_PKINIT_KPCLIENTAUTH_LENGTH (OID_KRB5_PKINIT_LENGTH + 1) 986 987 #define OID_KRB5_PKINIT_KPKDC OID_KRB5_PKINIT, 5 988 #define OID_KRB5_PKINIT_KPKDC_LENGTH (OID_KRB5_PKINIT_LENGTH + 1) 989 990 #define OID_KRB5_SAN 43, 6, 1, 5, 2, 2 991 #define OID_KRB5_SAN_LENGTH 6 992 993 /* 994 * Microsoft OIDs: 995 * id-ms-san-sc-logon-upn = 996 * {iso(1) identified-organization(3) dod(6) internet(1) private(4) 997 * enterprise(1) microsoft(311) 20 2 3} 998 * 999 * id-ms-kp-sc-logon = 1000 * {iso(1) identified-organization(3) dod(6) internet(1) private(4) 1001 * enterprise(1) microsoft(311) 20 2 2} 1002 */ 1003 #define OID_MS 43, 6, 1, 4, 1, 130, 55 1004 #define OID_MS_LENGTH 7 1005 #define OID_MS_KP_SC_LOGON OID_MS, 20, 2, 2 1006 #define OID_MS_KP_SC_LOGON_LENGTH (OID_MS_LENGTH + 3) 1007 1008 #define OID_MS_KP_SC_LOGON_UPN OID_MS, 20, 2, 3 1009 #define OID_MS_KP_SC_LOGON_UPN_LENGTH (OID_MS_LENGTH + 3) 1010 1011 #define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4 1012 #define OID_APPL_TCP_PROTO_LENGTH 8 1013 1014 #define OID_DAP OID_DS, 3, 1 1015 #define OID_DAP_LENGTH (OID_DS_LENGTH + 2) 1016 1017 /* From x9.57 */ 1018 #define OID_OIW_LENGTH 2 1019 1020 #define OID_OIW_SECSIG OID_OIW, 3 1021 #define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1) 1022 1023 #define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 1024 #define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1) 1025 1026 #define OID_OIWDIR OID_OIW, 7, 2 1027 #define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2) 1028 1029 #define OID_OIWDIR_CRPT OID_OIWDIR, 1 1030 1031 #define OID_OIWDIR_HASH OID_OIWDIR, 2 1032 #define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1) 1033 1034 #define OID_OIWDIR_SIGN OID_OIWDIR, 3 1035 #define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1) 1036 1037 #define OID_X9CM OID_US, 206, 56 1038 #define OID_X9CM_MODULE OID_X9CM, 1 1039 #define OID_X9CM_INSTRUCTION OID_X9CM, 2 1040 #define OID_X9CM_ATTR OID_X9CM, 3 1041 #define OID_X9CM_X9ALGORITHM OID_X9CM, 4 1042 #define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1) 1043 1044 #define INTEL 96, 134, 72, 1, 134, 248, 77 1045 #define INTEL_LENGTH 7 1046 1047 #define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 1048 #define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) 1049 1050 #define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 1051 #define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) 1052 1053 extern const KMF_OID 1054 KMFOID_AliasedEntryName, 1055 KMFOID_AuthorityRevocationList, 1056 KMFOID_BusinessCategory, 1057 KMFOID_CACertificate, 1058 KMFOID_CertificateRevocationList, 1059 KMFOID_ChallengePassword, 1060 KMFOID_CollectiveFacsimileTelephoneNumber, 1061 KMFOID_CollectiveInternationalISDNNumber, 1062 KMFOID_CollectiveOrganizationName, 1063 KMFOID_CollectiveOrganizationalUnitName, 1064 KMFOID_CollectivePhysicalDeliveryOfficeName, 1065 KMFOID_CollectivePostOfficeBox, 1066 KMFOID_CollectivePostalAddress, 1067 KMFOID_CollectivePostalCode, 1068 KMFOID_CollectiveStateProvinceName, 1069 KMFOID_CollectiveStreetAddress, 1070 KMFOID_CollectiveTelephoneNumber, 1071 KMFOID_CollectiveTelexNumber, 1072 KMFOID_CollectiveTelexTerminalIdentifier, 1073 KMFOID_CommonName, 1074 KMFOID_ContentType, 1075 KMFOID_CounterSignature, 1076 KMFOID_CountryName, 1077 KMFOID_CrossCertificatePair, 1078 KMFOID_DNQualifier, 1079 KMFOID_Description, 1080 KMFOID_DestinationIndicator, 1081 KMFOID_DistinguishedName, 1082 KMFOID_EmailAddress, 1083 KMFOID_EnhancedSearchGuide, 1084 KMFOID_ExtendedCertificateAttributes, 1085 KMFOID_ExtensionRequest, 1086 KMFOID_FacsimileTelephoneNumber, 1087 KMFOID_GenerationQualifier, 1088 KMFOID_GivenName, 1089 KMFOID_HouseIdentifier, 1090 KMFOID_Initials, 1091 KMFOID_InternationalISDNNumber, 1092 KMFOID_KnowledgeInformation, 1093 KMFOID_LocalityName, 1094 KMFOID_Member, 1095 KMFOID_MessageDigest, 1096 KMFOID_Name, 1097 KMFOID_ObjectClass, 1098 KMFOID_OrganizationName, 1099 KMFOID_OrganizationalUnitName, 1100 KMFOID_Owner, 1101 KMFOID_PhysicalDeliveryOfficeName, 1102 KMFOID_PostOfficeBox, 1103 KMFOID_PostalAddress, 1104 KMFOID_PostalCode, 1105 KMFOID_PreferredDeliveryMethod, 1106 KMFOID_PresentationAddress, 1107 KMFOID_ProtocolInformation, 1108 KMFOID_RFC822mailbox, 1109 KMFOID_RegisteredAddress, 1110 KMFOID_RoleOccupant, 1111 KMFOID_SearchGuide, 1112 KMFOID_SeeAlso, 1113 KMFOID_SerialNumber, 1114 KMFOID_SigningTime, 1115 KMFOID_StateProvinceName, 1116 KMFOID_StreetAddress, 1117 KMFOID_SupportedApplicationContext, 1118 KMFOID_Surname, 1119 KMFOID_TelephoneNumber, 1120 KMFOID_TelexNumber, 1121 KMFOID_TelexTerminalIdentifier, 1122 KMFOID_Title, 1123 KMFOID_UniqueIdentifier, 1124 KMFOID_UniqueMember, 1125 KMFOID_UnstructuredAddress, 1126 KMFOID_UnstructuredName, 1127 KMFOID_UserCertificate, 1128 KMFOID_UserPassword, 1129 KMFOID_X_121Address, 1130 KMFOID_domainComponent, 1131 KMFOID_userid; 1132 1133 extern const KMF_OID 1134 KMFOID_AuthorityKeyID, 1135 KMFOID_AuthorityInfoAccess, 1136 KMFOID_VerisignCertificatePolicy, 1137 KMFOID_KeyUsageRestriction, 1138 KMFOID_SubjectDirectoryAttributes, 1139 KMFOID_SubjectKeyIdentifier, 1140 KMFOID_KeyUsage, 1141 KMFOID_PrivateKeyUsagePeriod, 1142 KMFOID_SubjectAltName, 1143 KMFOID_IssuerAltName, 1144 KMFOID_BasicConstraints, 1145 KMFOID_CrlNumber, 1146 KMFOID_CrlReason, 1147 KMFOID_HoldInstructionCode, 1148 KMFOID_InvalidityDate, 1149 KMFOID_DeltaCrlIndicator, 1150 KMFOID_IssuingDistributionPoints, 1151 KMFOID_NameConstraints, 1152 KMFOID_CrlDistributionPoints, 1153 KMFOID_CertificatePolicies, 1154 KMFOID_PolicyMappings, 1155 KMFOID_PolicyConstraints, 1156 KMFOID_AuthorityKeyIdentifier, 1157 KMFOID_ExtendedKeyUsage, 1158 KMFOID_PkixAdOcsp, 1159 KMFOID_PkixAdCaIssuers, 1160 KMFOID_PKIX_PQ_CPSuri, 1161 KMFOID_PKIX_PQ_Unotice, 1162 KMFOID_PKIX_KP_ServerAuth, 1163 KMFOID_PKIX_KP_ClientAuth, 1164 KMFOID_PKIX_KP_CodeSigning, 1165 KMFOID_PKIX_KP_EmailProtection, 1166 KMFOID_PKIX_KP_IPSecEndSystem, 1167 KMFOID_PKIX_KP_IPSecTunnel, 1168 KMFOID_PKIX_KP_IPSecUser, 1169 KMFOID_PKIX_KP_TimeStamping, 1170 KMFOID_PKIX_KP_OCSPSigning, 1171 KMFOID_SHA1, 1172 KMFOID_RSA, 1173 KMFOID_DSA, 1174 KMFOID_MD5, 1175 KMFOID_MD5WithRSA, 1176 KMFOID_MD2WithRSA, 1177 KMFOID_SHA1WithRSA, 1178 KMFOID_SHA256WithRSA, 1179 KMFOID_SHA384WithRSA, 1180 KMFOID_SHA512WithRSA, 1181 KMFOID_SHA1WithDSA, 1182 KMFOID_X9CM_DSA, 1183 KMFOID_X9CM_DSAWithSHA1; 1184 1185 /* For PKINIT support */ 1186 extern const KMF_OID 1187 KMFOID_PKINIT_san, 1188 KMFOID_PKINIT_ClientAuth, 1189 KMFOID_PKINIT_Kdc, 1190 KMFOID_MS_KP_SCLogon, 1191 KMFOID_MS_KP_SCLogon_UPN; 1192 1193 /* For ECC support */ 1194 extern const KMF_OID 1195 KMFOID_EC_PUBLIC_KEY, 1196 KMFOID_SHA1WithECDSA, 1197 KMFOID_SHA224WithECDSA, 1198 KMFOID_SHA256WithECDSA, 1199 KMFOID_SHA384WithECDSA, 1200 KMFOID_SHA512WithECDSA, 1201 KMFOID_SHA224WithDSA, 1202 KMFOID_SHA256WithDSA, 1203 KMFOID_SHA224, 1204 KMFOID_SHA256, 1205 KMFOID_SHA384, 1206 KMFOID_SHA512, 1207 KMFOID_ECC_secp112r1, 1208 KMFOID_ECC_secp112r2, 1209 KMFOID_ECC_secp128r1, 1210 KMFOID_ECC_secp128r2, 1211 KMFOID_ECC_secp160k1, 1212 KMFOID_ECC_secp160r1, 1213 KMFOID_ECC_secp160r2, 1214 KMFOID_ECC_secp192k1, 1215 KMFOID_ECC_secp224k1, 1216 KMFOID_ECC_secp224r1, 1217 KMFOID_ECC_secp256k1, 1218 KMFOID_ECC_secp384r1, 1219 KMFOID_ECC_secp521r1, 1220 KMFOID_ECC_sect113r1, 1221 KMFOID_ECC_sect113r2, 1222 KMFOID_ECC_sect131r1, 1223 KMFOID_ECC_sect131r2, 1224 KMFOID_ECC_sect163k1, 1225 KMFOID_ECC_sect163r1, 1226 KMFOID_ECC_sect163r2, 1227 KMFOID_ECC_sect193r1, 1228 KMFOID_ECC_sect193r2, 1229 KMFOID_ECC_sect233k1, 1230 KMFOID_ECC_sect233r1, 1231 KMFOID_ECC_sect239k1, 1232 KMFOID_ECC_sect283k1, 1233 KMFOID_ECC_sect283r1, 1234 KMFOID_ECC_sect409k1, 1235 KMFOID_ECC_sect409r1, 1236 KMFOID_ECC_sect571k1, 1237 KMFOID_ECC_sect571r1, 1238 KMFOID_ECC_c2pnb163v1, 1239 KMFOID_ECC_c2pnb163v2, 1240 KMFOID_ECC_c2pnb163v3, 1241 KMFOID_ECC_c2pnb176v1, 1242 KMFOID_ECC_c2tnb191v1, 1243 KMFOID_ECC_c2tnb191v2, 1244 KMFOID_ECC_c2tnb191v3, 1245 KMFOID_ECC_c2pnb208w1, 1246 KMFOID_ECC_c2tnb239v1, 1247 KMFOID_ECC_c2tnb239v2, 1248 KMFOID_ECC_c2tnb239v3, 1249 KMFOID_ECC_c2pnb272w1, 1250 KMFOID_ECC_c2pnb304w1, 1251 KMFOID_ECC_c2tnb359v1, 1252 KMFOID_ECC_c2pnb368w1, 1253 KMFOID_ECC_c2tnb431r1, 1254 KMFOID_ECC_prime192v2, 1255 KMFOID_ECC_prime192v3, 1256 KMFOID_ECC_secp192r1, 1257 KMFOID_ECC_secp256r1; 1258 1259 /* 1260 * ANSI X9-62 prime192v1 is same as secp192r1 and 1261 * ANSI X9-62 prime256v1 is same as secp256r1 1262 */ 1263 #define KMFOID_ANSIX962_prime192v1 KMFOID_ECC_secp192r1 1264 #define KMFOID_ANSIX962_prime256v1 KMFOID_ECC_secp256r1 1265 1266 /* 1267 * KMF Certificate validation codes. These may be masked together. 1268 */ 1269 #define KMF_CERT_VALIDATE_OK 0x00 1270 #define KMF_CERT_VALIDATE_ERR_TA 0x01 1271 #define KMF_CERT_VALIDATE_ERR_USER 0x02 1272 #define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04 1273 #define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08 1274 #define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10 1275 #define KMF_CERT_VALIDATE_ERR_TIME 0x20 1276 #define KMF_CERT_VALIDATE_ERR_CRL 0x40 1277 #define KMF_CERT_VALIDATE_ERR_OCSP 0x80 1278 #define KMF_CERT_VALIDATE_ERR_ISSUER 0x100 1279 1280 /* 1281 * KMF Key Usage bitmasks 1282 */ 1283 #define KMF_digitalSignature 0x8000 1284 #define KMF_nonRepudiation 0x4000 1285 #define KMF_keyEncipherment 0x2000 1286 #define KMF_dataEncipherment 0x1000 1287 #define KMF_keyAgreement 0x0800 1288 #define KMF_keyCertSign 0x0400 1289 #define KMF_cRLSign 0x0200 1290 #define KMF_encipherOnly 0x0100 1291 #define KMF_decipherOnly 0x0080 1292 1293 #define KMF_KUBITMASK 0xFF80 1294 1295 /* 1296 * KMF Extended KeyUsage OID definitions 1297 */ 1298 #define KMF_EKU_SERVERAUTH 0x01 1299 #define KMF_EKU_CLIENTAUTH 0x02 1300 #define KMF_EKU_CODESIGNING 0x04 1301 #define KMF_EKU_EMAIL 0x08 1302 #define KMF_EKU_TIMESTAMP 0x10 1303 #define KMF_EKU_OCSPSIGNING 0x20 1304 1305 #ifdef __cplusplus 1306 } 1307 #endif 1308 #endif /* _KMFTYPES_H */ 1309