1 /* 2 * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. 3 */ 4 /* 5 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 6 * Use is subject to license terms. 7 */ 8 9 #ifndef _KMFTYPES_H 10 #define _KMFTYPES_H 11 12 #include <sys/types.h> 13 #include <stdlib.h> 14 #include <strings.h> 15 #include <pthread.h> 16 17 #include <security/cryptoki.h> 18 19 #ifdef __cplusplus 20 extern "C" { 21 #endif 22 23 typedef uint32_t KMF_BOOL; 24 25 #define KMF_FALSE (0) 26 #define KMF_TRUE (1) 27 28 /* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */ 29 typedef struct _kmf_handle *KMF_HANDLE_T; 30 31 /* 32 * KMF_DATA 33 * The KMF_DATA structure is used to associate a length, in bytes, with 34 * an arbitrary block of contiguous memory. 35 */ 36 typedef struct kmf_data 37 { 38 size_t Length; /* in bytes */ 39 uchar_t *Data; 40 } KMF_DATA; 41 42 typedef struct { 43 uchar_t *val; 44 size_t len; 45 } KMF_BIGINT; 46 47 /* 48 * KMF_OID 49 * The object identifier (OID) structure is used to hold a unique identifier for 50 * the atomic data fields and the compound substructure that comprise the fields 51 * of a certificate or CRL. 52 */ 53 typedef KMF_DATA KMF_OID; 54 55 typedef struct kmf_x509_private { 56 int keystore_type; 57 int flags; /* see below */ 58 char *label; 59 #define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */ 60 #define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */ 61 } KMF_X509_PRIVATE; 62 63 /* 64 * KMF_X509_DER_CERT 65 * This structure associates packed DER certificate data. 66 * Also, it contains the private information internal used 67 * by KMF layer. 68 */ 69 typedef struct 70 { 71 KMF_DATA certificate; 72 KMF_X509_PRIVATE kmf_private; 73 } KMF_X509_DER_CERT; 74 75 typedef int KMF_KEYSTORE_TYPE; 76 #define KMF_KEYSTORE_NSS 1 77 #define KMF_KEYSTORE_OPENSSL 2 78 #define KMF_KEYSTORE_PK11TOKEN 3 79 80 #define VALID_DEFAULT_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\ 81 (t <= KMF_KEYSTORE_PK11TOKEN)) 82 83 typedef enum { 84 KMF_FORMAT_UNDEF = 0, 85 KMF_FORMAT_ASN1 = 1, /* DER */ 86 KMF_FORMAT_PEM = 2, 87 KMF_FORMAT_PKCS12 = 3, 88 KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */ 89 KMF_FORMAT_PEM_KEYPAIR = 5 90 } KMF_ENCODE_FORMAT; 91 92 #define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF 93 94 typedef enum { 95 KMF_ALL_CERTS = 0, 96 KMF_NONEXPIRED_CERTS = 1, 97 KMF_EXPIRED_CERTS = 2 98 } KMF_CERT_VALIDITY; 99 100 101 typedef enum { 102 KMF_ALL_EXTNS = 0, 103 KMF_CRITICAL_EXTNS = 1, 104 KMF_NONCRITICAL_EXTNS = 2 105 } KMF_FLAG_CERT_EXTN; 106 107 108 typedef enum { 109 KMF_KU_SIGN_CERT = 0, 110 KMF_KU_SIGN_DATA = 1, 111 KMF_KU_ENCRYPT_DATA = 2 112 } KMF_KU_PURPOSE; 113 114 /* 115 * Algorithms 116 * This type defines a set of constants used to identify cryptographic 117 * algorithms. 118 */ 119 typedef enum { 120 KMF_ALGID_NONE = 0, 121 KMF_ALGID_CUSTOM, 122 KMF_ALGID_SHA1, 123 KMF_ALGID_RSA, 124 KMF_ALGID_DSA, 125 KMF_ALGID_MD5WithRSA, 126 KMF_ALGID_MD2WithRSA, 127 KMF_ALGID_SHA1WithRSA, 128 KMF_ALGID_SHA1WithDSA 129 } KMF_ALGORITHM_INDEX; 130 131 /* 132 * Generic credential structure used by other structures below 133 * to convey authentication information to the underlying 134 * mechanisms. 135 */ 136 typedef struct { 137 char *cred; 138 uint32_t credlen; 139 } KMF_CREDENTIAL; 140 141 typedef enum { 142 KMF_KEYALG_NONE = 0, 143 KMF_RSA = 1, 144 KMF_DSA = 2, 145 KMF_AES = 3, 146 KMF_RC4 = 4, 147 KMF_DES = 5, 148 KMF_DES3 = 6, 149 KMF_GENERIC_SECRET = 7 150 }KMF_KEY_ALG; 151 152 typedef enum { 153 KMF_KEYCLASS_NONE = 0, 154 KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */ 155 KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */ 156 KMF_SYMMETRIC = 3 /* symmetric key */ 157 }KMF_KEY_CLASS; 158 159 160 typedef enum { 161 KMF_CERT = 0, 162 KMF_CSR = 1, 163 KMF_CRL = 2 164 }KMF_OBJECT_TYPE; 165 166 typedef struct { 167 KMF_BIGINT mod; 168 KMF_BIGINT pubexp; 169 KMF_BIGINT priexp; 170 KMF_BIGINT prime1; 171 KMF_BIGINT prime2; 172 KMF_BIGINT exp1; 173 KMF_BIGINT exp2; 174 KMF_BIGINT coef; 175 } KMF_RAW_RSA_KEY; 176 177 typedef struct { 178 KMF_BIGINT prime; 179 KMF_BIGINT subprime; 180 KMF_BIGINT base; 181 KMF_BIGINT value; 182 KMF_BIGINT pubvalue; 183 } KMF_RAW_DSA_KEY; 184 185 typedef struct { 186 KMF_BIGINT keydata; 187 } KMF_RAW_SYM_KEY; 188 189 typedef struct { 190 KMF_KEY_ALG keytype; 191 boolean_t sensitive; 192 boolean_t not_extractable; 193 union { 194 KMF_RAW_RSA_KEY rsa; 195 KMF_RAW_DSA_KEY dsa; 196 KMF_RAW_SYM_KEY sym; 197 }rawdata; 198 char *label; 199 KMF_DATA id; 200 } KMF_RAW_KEY_DATA; 201 202 typedef struct { 203 KMF_KEYSTORE_TYPE kstype; 204 KMF_KEY_ALG keyalg; 205 KMF_KEY_CLASS keyclass; 206 boolean_t israw; 207 char *keylabel; 208 void *keyp; 209 } KMF_KEY_HANDLE; 210 211 typedef struct { 212 KMF_KEYSTORE_TYPE kstype; 213 uint32_t errcode; 214 } KMF_ERROR; 215 216 /* 217 * Typenames to use with subjectAltName 218 */ 219 typedef enum { 220 GENNAME_OTHERNAME = 0x00, 221 GENNAME_RFC822NAME, 222 GENNAME_DNSNAME, 223 GENNAME_X400ADDRESS, 224 GENNAME_DIRECTORYNAME, 225 GENNAME_EDIPARTYNAME, 226 GENNAME_URI, 227 GENNAME_IPADDRESS, 228 GENNAME_REGISTEREDID, 229 GENNAME_KRB5PRINC, 230 GENNAME_SCLOGON_UPN 231 } KMF_GENERALNAMECHOICES; 232 233 /* 234 * KMF_FIELD 235 * This structure contains the OID/value pair for any item that can be 236 * identified by an OID. 237 */ 238 typedef struct 239 { 240 KMF_OID FieldOid; 241 KMF_DATA FieldValue; 242 } KMF_FIELD; 243 244 typedef enum { 245 KMF_OK = 0x00, 246 KMF_ERR_BAD_PARAMETER = 0x01, 247 KMF_ERR_BAD_KEY_FORMAT = 0x02, 248 KMF_ERR_BAD_ALGORITHM = 0x03, 249 KMF_ERR_MEMORY = 0x04, 250 KMF_ERR_ENCODING = 0x05, 251 KMF_ERR_PLUGIN_INIT = 0x06, 252 KMF_ERR_PLUGIN_NOTFOUND = 0x07, 253 KMF_ERR_INTERNAL = 0x0b, 254 KMF_ERR_BAD_CERT_FORMAT = 0x0c, 255 KMF_ERR_KEYGEN_FAILED = 0x0d, 256 KMF_ERR_UNINITIALIZED = 0x10, 257 KMF_ERR_ISSUER = 0x11, 258 KMF_ERR_NOT_REVOKED = 0x12, 259 KMF_ERR_CERT_NOT_FOUND = 0x13, 260 KMF_ERR_CRL_NOT_FOUND = 0x14, 261 KMF_ERR_RDN_PARSER = 0x15, 262 KMF_ERR_RDN_ATTR = 0x16, 263 KMF_ERR_SLOTNAME = 0x17, 264 KMF_ERR_EMPTY_CRL = 0x18, 265 KMF_ERR_BUFFER_SIZE = 0x19, 266 KMF_ERR_AUTH_FAILED = 0x1a, 267 KMF_ERR_TOKEN_SELECTED = 0x1b, 268 KMF_ERR_NO_TOKEN_SELECTED = 0x1c, 269 KMF_ERR_TOKEN_NOT_PRESENT = 0x1d, 270 KMF_ERR_EXTENSION_NOT_FOUND = 0x1e, 271 KMF_ERR_POLICY_ENGINE = 0x1f, 272 KMF_ERR_POLICY_DB_FORMAT = 0x20, 273 KMF_ERR_POLICY_NOT_FOUND = 0x21, 274 KMF_ERR_POLICY_DB_FILE = 0x22, 275 KMF_ERR_POLICY_NAME = 0x23, 276 KMF_ERR_OCSP_POLICY = 0x24, 277 KMF_ERR_TA_POLICY = 0x25, 278 KMF_ERR_KEY_NOT_FOUND = 0x26, 279 KMF_ERR_OPEN_FILE = 0x27, 280 KMF_ERR_OCSP_BAD_ISSUER = 0x28, 281 KMF_ERR_OCSP_BAD_CERT = 0x29, 282 KMF_ERR_OCSP_CREATE_REQUEST = 0x2a, 283 KMF_ERR_CONNECT_SERVER = 0x2b, 284 KMF_ERR_SEND_REQUEST = 0x2c, 285 KMF_ERR_OCSP_CERTID = 0x2d, 286 KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e, 287 KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f, 288 KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30, 289 KMF_ERR_OCSP_BAD_SIGNER = 0x31, 290 291 KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32, 292 KMF_ERR_OCSP_UNKNOWN_CERT = 0x33, 293 KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34, 294 KMF_ERR_BAD_HTTP_RESPONSE = 0x35, 295 KMF_ERR_RECV_RESPONSE = 0x36, 296 KMF_ERR_RECV_TIMEOUT = 0x37, 297 KMF_ERR_DUPLICATE_KEYFILE = 0x38, 298 KMF_ERR_AMBIGUOUS_PATHNAME = 0x39, 299 KMF_ERR_FUNCTION_NOT_FOUND = 0x3a, 300 KMF_ERR_PKCS12_FORMAT = 0x3b, 301 KMF_ERR_BAD_KEY_TYPE = 0x3c, 302 KMF_ERR_BAD_KEY_CLASS = 0x3d, 303 KMF_ERR_BAD_KEY_SIZE = 0x3e, 304 KMF_ERR_BAD_HEX_STRING = 0x3f, 305 KMF_ERR_KEYUSAGE = 0x40, 306 KMF_ERR_VALIDITY_PERIOD = 0x41, 307 KMF_ERR_OCSP_REVOKED = 0x42, 308 KMF_ERR_CERT_MULTIPLE_FOUND = 0x43, 309 KMF_ERR_WRITE_FILE = 0x44, 310 KMF_ERR_BAD_URI = 0x45, 311 KMF_ERR_BAD_CRLFILE = 0x46, 312 KMF_ERR_BAD_CERTFILE = 0x47, 313 KMF_ERR_GETKEYVALUE_FAILED = 0x48, 314 KMF_ERR_BAD_KEYHANDLE = 0x49, 315 KMF_ERR_BAD_OBJECT_TYPE = 0x4a, 316 KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b, 317 KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c, 318 KMF_ERR_UNINITIALIZED_TOKEN = 0x4d, 319 KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e, 320 KMF_ERR_MISSING_ERRCODE = 0x4f, 321 KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50, 322 KMF_ERR_SENSITIVE_KEY = 0x51, 323 KMF_ERR_UNEXTRACTABLE_KEY = 0x52, 324 KMF_ERR_KEY_MISMATCH = 0x53, 325 KMF_ERR_ATTR_NOT_FOUND = 0x54, 326 KMF_ERR_KMF_CONF = 0x55 327 } KMF_RETURN; 328 329 /* Data structures for OCSP support */ 330 typedef enum { 331 OCSP_GOOD = 0, 332 OCSP_REVOKED = 1, 333 OCSP_UNKNOWN = 2 334 } KMF_OCSP_CERT_STATUS; 335 336 typedef enum { 337 OCSP_SUCCESS = 0, 338 OCSP_MALFORMED_REQUEST = 1, 339 OCSP_INTERNAL_ERROR = 2, 340 OCSP_TRYLATER = 3, 341 OCSP_SIGREQUIRED = 4, 342 OCSP_UNAUTHORIZED = 5 343 } KMF_OCSP_RESPONSE_STATUS; 344 345 typedef enum { 346 OCSP_NOSTATUS = -1, 347 OCSP_UNSPECIFIED = 0, 348 OCSP_KEYCOMPROMISE = 1, 349 OCSP_CACOMPROMISE = 2, 350 OCSP_AFFILIATIONCHANGE = 3, 351 OCSP_SUPERCEDED = 4, 352 OCSP_CESSATIONOFOPERATION = 5, 353 OCSP_CERTIFICATEHOLD = 6, 354 OCSP_REMOVEFROMCRL = 7 355 } KMF_OCSP_REVOKED_STATUS; 356 357 typedef enum { 358 KMF_ALGCLASS_NONE = 0, 359 KMF_ALGCLASS_CUSTOM, 360 KMF_ALGCLASS_SIGNATURE, 361 KMF_ALGCLASS_SYMMETRIC, 362 KMF_ALGCLASS_DIGEST, 363 KMF_ALGCLASS_RANDOMGEN, 364 KMF_ALGCLASS_UNIQUEGEN, 365 KMF_ALGCLASS_MAC, 366 KMF_ALGCLASS_ASYMMETRIC, 367 KMF_ALGCLASS_KEYGEN, 368 KMF_ALGCLASS_DERIVEKEY 369 } KMF_ALGCLASS; 370 371 typedef enum { 372 KMF_CERT_ISSUER = 1, 373 KMF_CERT_SUBJECT, 374 KMF_CERT_VERSION, 375 KMF_CERT_SERIALNUM, 376 KMF_CERT_NOTBEFORE, 377 KMF_CERT_NOTAFTER, 378 KMF_CERT_PUBKEY_ALG, 379 KMF_CERT_SIGNATURE_ALG, 380 KMF_CERT_EMAIL, 381 KMF_CERT_PUBKEY_DATA, 382 KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD, 383 KMF_X509_EXT_CERT_POLICIES, 384 KMF_X509_EXT_SUBJ_ALTNAME, 385 KMF_X509_EXT_ISSUER_ALTNAME, 386 KMF_X509_EXT_BASIC_CONSTRAINTS, 387 KMF_X509_EXT_NAME_CONSTRAINTS, 388 KMF_X509_EXT_POLICY_CONSTRAINTS, 389 KMF_X509_EXT_EXT_KEY_USAGE, 390 KMF_X509_EXT_INHIBIT_ANY_POLICY, 391 KMF_X509_EXT_AUTH_KEY_ID, 392 KMF_X509_EXT_SUBJ_KEY_ID, 393 KMF_X509_EXT_POLICY_MAPPINGS, 394 KMF_X509_EXT_CRL_DIST_POINTS, 395 KMF_X509_EXT_FRESHEST_CRL, 396 KMF_X509_EXT_KEY_USAGE 397 } KMF_PRINTABLE_ITEM; 398 399 /* 400 * KMF_X509_ALGORITHM_IDENTIFIER 401 * This structure holds an object identifier naming a 402 * cryptographic algorithm and an optional set of 403 * parameters to be used as input to that algorithm. 404 */ 405 typedef struct 406 { 407 KMF_OID algorithm; 408 KMF_DATA parameters; 409 } KMF_X509_ALGORITHM_IDENTIFIER; 410 411 /* 412 * KMF_X509_TYPE_VALUE_PAIR 413 * This structure contain an type-value pair. 414 */ 415 typedef struct 416 { 417 KMF_OID type; 418 uint8_t valueType; /* The Tag to use when BER encoded */ 419 KMF_DATA value; 420 } KMF_X509_TYPE_VALUE_PAIR; 421 422 423 /* 424 * KMF_X509_RDN 425 * This structure contains a Relative Distinguished Name 426 * composed of an ordered set of type-value pairs. 427 */ 428 typedef struct 429 { 430 uint32_t numberOfPairs; 431 KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue; 432 } KMF_X509_RDN; 433 434 /* 435 * KMF_X509_NAME 436 * This structure contains a set of Relative Distinguished Names. 437 */ 438 typedef struct 439 { 440 uint32_t numberOfRDNs; 441 KMF_X509_RDN *RelativeDistinguishedName; 442 } KMF_X509_NAME; 443 444 /* 445 * KMF_X509_SPKI 446 * This structure contains the public key and the 447 * description of the verification algorithm 448 * appropriate for use with this key. 449 */ 450 typedef struct 451 { 452 KMF_X509_ALGORITHM_IDENTIFIER algorithm; 453 KMF_DATA subjectPublicKey; 454 } KMF_X509_SPKI; 455 456 /* 457 * KMF_X509_TIME 458 * Time is represented as a string according to the 459 * definitions of GeneralizedTime and UTCTime 460 * defined in RFC 2459. 461 */ 462 typedef struct 463 { 464 uint8_t timeType; 465 KMF_DATA time; 466 } KMF_X509_TIME; 467 468 /* 469 * KMF_X509_VALIDITY 470 */ 471 typedef struct 472 { 473 KMF_X509_TIME notBefore; 474 KMF_X509_TIME notAfter; 475 } KMF_X509_VALIDITY; 476 477 /* 478 * KMF_X509EXT_BASICCONSTRAINTS 479 */ 480 typedef struct 481 { 482 KMF_BOOL cA; 483 KMF_BOOL pathLenConstraintPresent; 484 uint32_t pathLenConstraint; 485 } KMF_X509EXT_BASICCONSTRAINTS; 486 487 /* 488 * KMF_X509EXT_DATA_FORMAT 489 * This list defines the valid formats for a certificate extension. 490 */ 491 typedef enum 492 { 493 KMF_X509_DATAFORMAT_ENCODED = 0, 494 KMF_X509_DATAFORMAT_PARSED, 495 KMF_X509_DATAFORMAT_PAIR 496 } KMF_X509EXT_DATA_FORMAT; 497 498 499 /* 500 * KMF_X509EXT_TAGandVALUE 501 * This structure contains a BER/DER encoded 502 * extension value and the type of that value. 503 */ 504 typedef struct 505 { 506 uint8_t type; 507 KMF_DATA value; 508 } KMF_X509EXT_TAGandVALUE; 509 510 511 /* 512 * KMF_X509EXT_PAIR 513 * This structure aggregates two extension representations: 514 * a tag and value, and a parsed X509 extension representation. 515 */ 516 typedef struct 517 { 518 KMF_X509EXT_TAGandVALUE tagAndValue; 519 void *parsedValue; 520 } KMF_X509EXT_PAIR; 521 522 /* 523 * KMF_X509_EXTENSION 524 * This structure contains a complete certificate extension. 525 */ 526 typedef struct 527 { 528 KMF_OID extnId; 529 KMF_BOOL critical; 530 KMF_X509EXT_DATA_FORMAT format; 531 union 532 { 533 KMF_X509EXT_TAGandVALUE *tagAndValue; 534 void *parsedValue; 535 KMF_X509EXT_PAIR *valuePair; 536 } value; 537 KMF_DATA BERvalue; 538 } KMF_X509_EXTENSION; 539 540 541 /* 542 * KMF_X509_EXTENSIONS 543 * This structure contains the set of all certificate 544 * extensions contained in a certificate. 545 */ 546 typedef struct 547 { 548 uint32_t numberOfExtensions; 549 KMF_X509_EXTENSION *extensions; 550 } KMF_X509_EXTENSIONS; 551 552 /* 553 * KMF_X509_TBS_CERT 554 * This structure contains a complete X.509 certificate. 555 */ 556 typedef struct 557 { 558 KMF_DATA version; 559 KMF_BIGINT serialNumber; 560 KMF_X509_ALGORITHM_IDENTIFIER signature; 561 KMF_X509_NAME issuer; 562 KMF_X509_VALIDITY validity; 563 KMF_X509_NAME subject; 564 KMF_X509_SPKI subjectPublicKeyInfo; 565 KMF_DATA issuerUniqueIdentifier; 566 KMF_DATA subjectUniqueIdentifier; 567 KMF_X509_EXTENSIONS extensions; 568 } KMF_X509_TBS_CERT; 569 570 /* 571 * KMF_X509_SIGNATURE 572 * This structure contains a cryptographic digital signature. 573 */ 574 typedef struct 575 { 576 KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier; 577 KMF_DATA encrypted; 578 } KMF_X509_SIGNATURE; 579 580 /* 581 * KMF_X509_CERTIFICATE 582 * This structure associates a set of decoded certificate 583 * values with the signature covering those values. 584 */ 585 typedef struct 586 { 587 KMF_X509_TBS_CERT certificate; 588 KMF_X509_SIGNATURE signature; 589 } KMF_X509_CERTIFICATE; 590 591 #define CERT_ALG_OID(c) &c->certificate.signature.algorithm 592 #define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm 593 594 /* 595 * KMF_TBS_CSR 596 * This structure contains a complete PKCS#10 certificate request 597 */ 598 typedef struct 599 { 600 KMF_DATA version; 601 KMF_X509_NAME subject; 602 KMF_X509_SPKI subjectPublicKeyInfo; 603 KMF_X509_EXTENSIONS extensions; 604 } KMF_TBS_CSR; 605 606 /* 607 * KMF_CSR_DATA 608 * This structure contains a complete PKCS#10 certificate signed request 609 */ 610 typedef struct 611 { 612 KMF_TBS_CSR csr; 613 KMF_X509_SIGNATURE signature; 614 } KMF_CSR_DATA; 615 616 /* 617 * KMF_X509EXT_POLICYQUALIFIERINFO 618 */ 619 typedef struct 620 { 621 KMF_OID policyQualifierId; 622 KMF_DATA value; 623 } KMF_X509EXT_POLICYQUALIFIERINFO; 624 625 /* 626 * KMF_X509EXT_POLICYQUALIFIERS 627 */ 628 typedef struct 629 { 630 uint32_t numberOfPolicyQualifiers; 631 KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier; 632 } KMF_X509EXT_POLICYQUALIFIERS; 633 634 /* 635 * KMF_X509EXT_POLICYINFO 636 */ 637 typedef struct 638 { 639 KMF_OID policyIdentifier; 640 KMF_X509EXT_POLICYQUALIFIERS policyQualifiers; 641 } KMF_X509EXT_POLICYINFO; 642 643 typedef struct 644 { 645 uint32_t numberOfPolicyInfo; 646 KMF_X509EXT_POLICYINFO *policyInfo; 647 } KMF_X509EXT_CERT_POLICIES; 648 649 typedef struct 650 { 651 uchar_t critical; 652 uint16_t KeyUsageBits; 653 } KMF_X509EXT_KEY_USAGE; 654 655 typedef struct 656 { 657 uchar_t critical; 658 uint16_t nEKUs; 659 KMF_OID *keyPurposeIdList; 660 } KMF_X509EXT_EKU; 661 662 663 /* 664 * X509 AuthorityInfoAccess extension 665 */ 666 typedef struct 667 { 668 KMF_OID AccessMethod; 669 KMF_DATA AccessLocation; 670 } KMF_X509EXT_ACCESSDESC; 671 672 typedef struct 673 { 674 uint32_t numberOfAccessDescription; 675 KMF_X509EXT_ACCESSDESC *AccessDesc; 676 } KMF_X509EXT_AUTHINFOACCESS; 677 678 679 /* 680 * X509 Crl Distribution Point extension 681 */ 682 typedef struct { 683 KMF_GENERALNAMECHOICES choice; 684 KMF_DATA name; 685 } KMF_GENERALNAME; 686 687 typedef struct { 688 uint32_t number; 689 KMF_GENERALNAME *namelist; 690 } KMF_GENERALNAMES; 691 692 typedef enum { 693 DP_GENERAL_NAME = 1, 694 DP_RELATIVE_NAME = 2 695 } KMF_CRL_DIST_POINT_TYPE; 696 697 typedef struct { 698 KMF_CRL_DIST_POINT_TYPE type; 699 union { 700 KMF_GENERALNAMES full_name; 701 KMF_DATA relative_name; 702 } name; 703 KMF_DATA reasons; 704 KMF_GENERALNAMES crl_issuer; 705 } KMF_CRL_DIST_POINT; 706 707 typedef struct { 708 uint32_t number; 709 KMF_CRL_DIST_POINT *dplist; 710 } KMF_X509EXT_CRLDISTPOINTS; 711 712 typedef enum { 713 KMF_DATA_ATTR, 714 KMF_OID_ATTR, 715 KMF_BIGINT_ATTR, 716 KMF_X509_DER_CERT_ATTR, 717 KMF_KEYSTORE_TYPE_ATTR, 718 KMF_ENCODE_FORMAT_ATTR, 719 KMF_CERT_VALIDITY_ATTR, 720 KMF_KU_PURPOSE_ATTR, 721 KMF_ALGORITHM_INDEX_ATTR, 722 KMF_TOKEN_LABEL_ATTR, 723 KMF_READONLY_ATTR, 724 KMF_DIRPATH_ATTR, 725 KMF_CERTPREFIX_ATTR, 726 KMF_KEYPREFIX_ATTR, 727 KMF_SECMODNAME_ATTR, 728 KMF_CREDENTIAL_ATTR, 729 KMF_TRUSTFLAG_ATTR, 730 KMF_CRL_FILENAME_ATTR, 731 KMF_CRL_CHECK_ATTR, 732 KMF_CRL_DATA_ATTR, 733 KMF_CRL_SUBJECT_ATTR, 734 KMF_CRL_ISSUER_ATTR, 735 KMF_CRL_NAMELIST_ATTR, 736 KMF_CRL_COUNT_ATTR, 737 KMF_CRL_OUTFILE_ATTR, 738 KMF_CERT_LABEL_ATTR, 739 KMF_SUBJECT_NAME_ATTR, 740 KMF_ISSUER_NAME_ATTR, 741 KMF_CERT_FILENAME_ATTR, 742 KMF_KEY_FILENAME_ATTR, 743 KMF_OUTPUT_FILENAME_ATTR, 744 KMF_IDSTR_ATTR, 745 KMF_CERT_DATA_ATTR, 746 KMF_OCSP_RESPONSE_DATA_ATTR, 747 KMF_OCSP_RESPONSE_STATUS_ATTR, 748 KMF_OCSP_RESPONSE_REASON_ATTR, 749 KMF_OCSP_RESPONSE_CERT_STATUS_ATTR, 750 KMF_OCSP_REQUEST_FILENAME_ATTR, 751 KMF_KEYALG_ATTR, 752 KMF_KEYCLASS_ATTR, 753 KMF_KEYLABEL_ATTR, 754 KMF_KEYLENGTH_ATTR, 755 KMF_RSAEXP_ATTR, 756 KMF_TACERT_DATA_ATTR, 757 KMF_SLOT_ID_ATTR, 758 KMF_PK12CRED_ATTR, 759 KMF_ISSUER_CERT_DATA_ATTR, 760 KMF_USER_CERT_DATA_ATTR, 761 KMF_SIGNER_CERT_DATA_ATTR, 762 KMF_IGNORE_RESPONSE_SIGN_ATTR, 763 KMF_RESPONSE_LIFETIME_ATTR, 764 KMF_KEY_HANDLE_ATTR, 765 KMF_PRIVKEY_HANDLE_ATTR, 766 KMF_PUBKEY_HANDLE_ATTR, 767 KMF_ERROR_ATTR, 768 KMF_X509_NAME_ATTR, 769 KMF_X509_SPKI_ATTR, 770 KMF_X509_CERTIFICATE_ATTR, 771 KMF_RAW_KEY_ATTR, 772 KMF_CSR_DATA_ATTR, 773 KMF_GENERALNAMECHOICES_ATTR, 774 KMF_STOREKEY_BOOL_ATTR, 775 KMF_SENSITIVE_BOOL_ATTR, 776 KMF_NON_EXTRACTABLE_BOOL_ATTR, 777 KMF_TOKEN_BOOL_ATTR, 778 KMF_PRIVATE_BOOL_ATTR, 779 KMF_NEWPIN_ATTR, 780 KMF_IN_SIGN_ATTR, 781 KMF_OUT_DATA_ATTR, 782 KMF_COUNT_ATTR, 783 KMF_DESTROY_BOOL_ATTR, 784 KMF_TBS_CERT_DATA_ATTR, 785 KMF_PLAINTEXT_DATA_ATTR, 786 KMF_CIPHERTEXT_DATA_ATTR, 787 KMF_VALIDATE_RESULT_ATTR, 788 KMF_KEY_DATA_ATTR, 789 KMF_PK11_USER_TYPE_ATTR 790 } KMF_ATTR_TYPE; 791 792 typedef struct { 793 KMF_ATTR_TYPE type; 794 void *pValue; 795 uint32_t valueLen; 796 } KMF_ATTRIBUTE; 797 798 /* 799 * Definitions for common X.509v3 certificate attribute OIDs 800 */ 801 #define OID_ISO_MEMBER 42 /* Also in PKCS */ 802 #define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */ 803 #define OID_CA OID_ISO_MEMBER, 124 804 805 #define OID_ISO_IDENTIFIED_ORG 43 806 #define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 807 #define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 808 #define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 809 #define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */ 810 811 #define OID_ISO_CCITT_DIR_SERVICE 85 812 #define OID_ISO_CCITT_COUNTRY 96 813 #define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72 814 #define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124 815 #define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1 816 #define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2 817 #define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3 818 819 /* From the PKCS Standards */ 820 #define OID_ISO_MEMBER_LENGTH 1 821 #define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2) 822 823 #define OID_RSA OID_US, 134, 247, 13 824 #define OID_RSA_LENGTH (OID_US_LENGTH + 3) 825 826 #define OID_RSA_HASH OID_RSA, 2 827 #define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1) 828 829 #define OID_RSA_ENCRYPT OID_RSA, 3 830 #define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1) 831 832 #define OID_PKCS OID_RSA, 1 833 #define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1) 834 835 #define OID_PKCS_1 OID_PKCS, 1 836 #define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1) 837 838 #define OID_PKCS_2 OID_PKCS, 2 839 #define OID_PKCS_3 OID_PKCS, 3 840 #define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1) 841 842 #define OID_PKCS_4 OID_PKCS, 4 843 #define OID_PKCS_5 OID_PKCS, 5 844 #define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1) 845 #define OID_PKCS_6 OID_PKCS, 6 846 #define OID_PKCS_7 OID_PKCS, 7 847 #define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1) 848 849 #define OID_PKCS_7_Data OID_PKCS_7, 1 850 #define OID_PKCS_7_SignedData OID_PKCS_7, 2 851 #define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3 852 #define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4 853 #define OID_PKCS_7_DigestedData OID_PKCS_7, 5 854 #define OID_PKCS_7_EncryptedData OID_PKCS_7, 6 855 856 #define OID_PKCS_8 OID_PKCS, 8 857 #define OID_PKCS_9 OID_PKCS, 9 858 #define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1) 859 860 #define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3 861 #define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4 862 #define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5 863 #define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6 864 #define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14 865 866 #define OID_PKCS_10 OID_PKCS, 10 867 868 #define OID_PKCS_12 OID_PKCS, 12 869 #define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1) 870 871 #define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1 872 #define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2 873 #define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3 874 #define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4 875 #define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5 876 #define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6 877 878 #define OID_BAG_TYPES OID_PKCS_12, 10, 1 879 #define OID_KeyBag OID_BAG_TYPES, 1 880 #define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2 881 #define OID_CertBag OID_BAG_TYPES, 3 882 #define OID_CrlBag OID_BAG_TYPES, 4 883 #define OID_SecretBag OID_BAG_TYPES, 5 884 #define OID_SafeContentsBag OID_BAG_TYPES, 6 885 886 #define OID_ContentInfo OID_PKCS_7, 0, 1 887 888 #define OID_CERT_TYPES OID_PKCS_9, 22 889 #define OID_x509Certificate OID_CERT_TYPES, 1 890 #define OID_sdsiCertificate OID_CERT_TYPES, 2 891 892 #define OID_CRL_TYPES OID_PKCS_9, 23 893 #define OID_x509Crl OID_CRL_TYPES, 1 894 895 #define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */ 896 #define OID_DS_LENGTH 1 897 898 #define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */ 899 #define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1) 900 901 #define OID_DSALG OID_DS, 8 /* Also in X.501 */ 902 #define OID_DSALG_LENGTH (OID_DS_LENGTH + 1) 903 904 #define OID_EXTENSION OID_DS, 29 /* Also in X.501 */ 905 #define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1) 906 907 /* 908 * From RFC 1274: 909 * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) } 910 */ 911 #define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 912 #define OID_PILOT_LENGTH 9 913 914 #define OID_USERID OID_PILOT 1 915 #define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1) 916 917 /* 918 * From PKIX part1 919 * { iso(1) identified-organization(3) dod(6) internet(1) 920 * security(5) mechanisms(5) pkix(7) } 921 */ 922 #define OID_PKIX 43, 6, 1, 5, 5, 7 923 #define OID_PKIX_LENGTH 6 924 925 /* private certificate extensions, { id-pkix 1 } */ 926 #define OID_PKIX_PE OID_PKIX, 1 927 #define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1) 928 929 /* policy qualifier types {id-pkix 2 } */ 930 #define OID_PKIX_QT OID_PKIX, 2 931 #define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1) 932 933 /* CPS qualifier, { id-qt 1 } */ 934 #define OID_PKIX_QT_CPS OID_PKIX_QT, 1 935 #define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1) 936 /* user notice qualifier, { id-qt 2 } */ 937 #define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2 938 #define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1) 939 940 /* extended key purpose OIDs {id-pkix 3 } */ 941 #define OID_PKIX_KP OID_PKIX, 3 942 #define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1) 943 944 /* access descriptors {id-pkix 4 } */ 945 #define OID_PKIX_AD OID_PKIX, 48 946 #define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1) 947 948 /* access descriptors */ 949 /* OCSP */ 950 #define OID_PKIX_AD_OCSP OID_PKIX_AD, 1 951 #define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1) 952 953 /* cAIssuers */ 954 #define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2 955 #define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1) 956 957 /* end PKIX part1 */ 958 959 /* 960 * From RFC4556 (PKINIT) 961 * 962 * pkinit = { iso(1) identified-organization(3) dod(6) internet(1) 963 * security(5) kerberosv5(2) pkinit(3) } 964 */ 965 #define OID_KRB5_PKINIT 43, 6, 1, 5, 2, 3 966 #define OID_KRB5_PKINIT_LENGTH 6 967 968 #define OID_KRB5_PKINIT_KPCLIENTAUTH OID_KRB5_PKINIT, 4 969 #define OID_KRB5_PKINIT_KPCLIENTAUTH_LENGTH (OID_KRB5_PKINIT_LENGTH + 1) 970 971 #define OID_KRB5_PKINIT_KPKDC OID_KRB5_PKINIT, 5 972 #define OID_KRB5_PKINIT_KPKDC_LENGTH (OID_KRB5_PKINIT_LENGTH + 1) 973 974 #define OID_KRB5_SAN 43, 6, 1, 5, 2, 2 975 #define OID_KRB5_SAN_LENGTH 6 976 977 /* 978 * Microsoft OIDs: 979 * id-ms-san-sc-logon-upn = 980 * {iso(1) identified-organization(3) dod(6) internet(1) private(4) 981 * enterprise(1) microsoft(311) 20 2 3} 982 * 983 * id-ms-kp-sc-logon = 984 * {iso(1) identified-organization(3) dod(6) internet(1) private(4) 985 * enterprise(1) microsoft(311) 20 2 2} 986 */ 987 #define OID_MS 43, 6, 1, 4, 1, 130, 55 988 #define OID_MS_LENGTH 7 989 #define OID_MS_KP_SC_LOGON OID_MS, 20, 2, 2 990 #define OID_MS_KP_SC_LOGON_LENGTH (OID_MS_LENGTH + 3) 991 992 #define OID_MS_KP_SC_LOGON_UPN OID_MS, 20, 2, 3 993 #define OID_MS_KP_SC_LOGON_UPN_LENGTH (OID_MS_LENGTH + 3) 994 995 #define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4 996 #define OID_APPL_TCP_PROTO_LENGTH 8 997 998 #define OID_DAP OID_DS, 3, 1 999 #define OID_DAP_LENGTH (OID_DS_LENGTH + 2) 1000 1001 /* From x9.57 */ 1002 #define OID_OIW_LENGTH 2 1003 1004 #define OID_OIW_SECSIG OID_OIW, 3 1005 #define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1) 1006 1007 #define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 1008 #define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1) 1009 1010 #define OID_OIWDIR OID_OIW, 7, 2 1011 #define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2) 1012 1013 #define OID_OIWDIR_CRPT OID_OIWDIR, 1 1014 1015 #define OID_OIWDIR_HASH OID_OIWDIR, 2 1016 #define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1) 1017 1018 #define OID_OIWDIR_SIGN OID_OIWDIR, 3 1019 #define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1) 1020 1021 #define OID_X9CM OID_US, 206, 56 1022 #define OID_X9CM_MODULE OID_X9CM, 1 1023 #define OID_X9CM_INSTRUCTION OID_X9CM, 2 1024 #define OID_X9CM_ATTR OID_X9CM, 3 1025 #define OID_X9CM_X9ALGORITHM OID_X9CM, 4 1026 #define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1) 1027 1028 #define INTEL 96, 134, 72, 1, 134, 248, 77 1029 #define INTEL_LENGTH 7 1030 1031 #define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 1032 #define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) 1033 1034 #define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 1035 #define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) 1036 1037 extern const KMF_OID 1038 KMFOID_AliasedEntryName, 1039 KMFOID_AuthorityRevocationList, 1040 KMFOID_BusinessCategory, 1041 KMFOID_CACertificate, 1042 KMFOID_CertificateRevocationList, 1043 KMFOID_ChallengePassword, 1044 KMFOID_CollectiveFacsimileTelephoneNumber, 1045 KMFOID_CollectiveInternationalISDNNumber, 1046 KMFOID_CollectiveOrganizationName, 1047 KMFOID_CollectiveOrganizationalUnitName, 1048 KMFOID_CollectivePhysicalDeliveryOfficeName, 1049 KMFOID_CollectivePostOfficeBox, 1050 KMFOID_CollectivePostalAddress, 1051 KMFOID_CollectivePostalCode, 1052 KMFOID_CollectiveStateProvinceName, 1053 KMFOID_CollectiveStreetAddress, 1054 KMFOID_CollectiveTelephoneNumber, 1055 KMFOID_CollectiveTelexNumber, 1056 KMFOID_CollectiveTelexTerminalIdentifier, 1057 KMFOID_CommonName, 1058 KMFOID_ContentType, 1059 KMFOID_CounterSignature, 1060 KMFOID_CountryName, 1061 KMFOID_CrossCertificatePair, 1062 KMFOID_DNQualifier, 1063 KMFOID_Description, 1064 KMFOID_DestinationIndicator, 1065 KMFOID_DistinguishedName, 1066 KMFOID_EmailAddress, 1067 KMFOID_EnhancedSearchGuide, 1068 KMFOID_ExtendedCertificateAttributes, 1069 KMFOID_ExtensionRequest, 1070 KMFOID_FacsimileTelephoneNumber, 1071 KMFOID_GenerationQualifier, 1072 KMFOID_GivenName, 1073 KMFOID_HouseIdentifier, 1074 KMFOID_Initials, 1075 KMFOID_InternationalISDNNumber, 1076 KMFOID_KnowledgeInformation, 1077 KMFOID_LocalityName, 1078 KMFOID_Member, 1079 KMFOID_MessageDigest, 1080 KMFOID_Name, 1081 KMFOID_ObjectClass, 1082 KMFOID_OrganizationName, 1083 KMFOID_OrganizationalUnitName, 1084 KMFOID_Owner, 1085 KMFOID_PhysicalDeliveryOfficeName, 1086 KMFOID_PostOfficeBox, 1087 KMFOID_PostalAddress, 1088 KMFOID_PostalCode, 1089 KMFOID_PreferredDeliveryMethod, 1090 KMFOID_PresentationAddress, 1091 KMFOID_ProtocolInformation, 1092 KMFOID_RFC822mailbox, 1093 KMFOID_RegisteredAddress, 1094 KMFOID_RoleOccupant, 1095 KMFOID_SearchGuide, 1096 KMFOID_SeeAlso, 1097 KMFOID_SerialNumber, 1098 KMFOID_SigningTime, 1099 KMFOID_StateProvinceName, 1100 KMFOID_StreetAddress, 1101 KMFOID_SupportedApplicationContext, 1102 KMFOID_Surname, 1103 KMFOID_TelephoneNumber, 1104 KMFOID_TelexNumber, 1105 KMFOID_TelexTerminalIdentifier, 1106 KMFOID_Title, 1107 KMFOID_UniqueIdentifier, 1108 KMFOID_UniqueMember, 1109 KMFOID_UnstructuredAddress, 1110 KMFOID_UnstructuredName, 1111 KMFOID_UserCertificate, 1112 KMFOID_UserPassword, 1113 KMFOID_X_121Address, 1114 KMFOID_domainComponent, 1115 KMFOID_userid; 1116 1117 extern const KMF_OID 1118 KMFOID_AuthorityKeyID, 1119 KMFOID_AuthorityInfoAccess, 1120 KMFOID_VerisignCertificatePolicy, 1121 KMFOID_KeyUsageRestriction, 1122 KMFOID_SubjectDirectoryAttributes, 1123 KMFOID_SubjectKeyIdentifier, 1124 KMFOID_KeyUsage, 1125 KMFOID_PrivateKeyUsagePeriod, 1126 KMFOID_SubjectAltName, 1127 KMFOID_IssuerAltName, 1128 KMFOID_BasicConstraints, 1129 KMFOID_CrlNumber, 1130 KMFOID_CrlReason, 1131 KMFOID_HoldInstructionCode, 1132 KMFOID_InvalidityDate, 1133 KMFOID_DeltaCrlIndicator, 1134 KMFOID_IssuingDistributionPoints, 1135 KMFOID_NameConstraints, 1136 KMFOID_CrlDistributionPoints, 1137 KMFOID_CertificatePolicies, 1138 KMFOID_PolicyMappings, 1139 KMFOID_PolicyConstraints, 1140 KMFOID_AuthorityKeyIdentifier, 1141 KMFOID_ExtendedKeyUsage, 1142 KMFOID_PkixAdOcsp, 1143 KMFOID_PkixAdCaIssuers, 1144 KMFOID_PKIX_PQ_CPSuri, 1145 KMFOID_PKIX_PQ_Unotice, 1146 KMFOID_PKIX_KP_ServerAuth, 1147 KMFOID_PKIX_KP_ClientAuth, 1148 KMFOID_PKIX_KP_CodeSigning, 1149 KMFOID_PKIX_KP_EmailProtection, 1150 KMFOID_PKIX_KP_IPSecEndSystem, 1151 KMFOID_PKIX_KP_IPSecTunnel, 1152 KMFOID_PKIX_KP_IPSecUser, 1153 KMFOID_PKIX_KP_TimeStamping, 1154 KMFOID_PKIX_KP_OCSPSigning, 1155 KMFOID_SHA1, 1156 KMFOID_RSA, 1157 KMFOID_DSA, 1158 KMFOID_MD5WithRSA, 1159 KMFOID_MD2WithRSA, 1160 KMFOID_SHA1WithRSA, 1161 KMFOID_SHA1WithDSA, 1162 KMFOID_OIW_DSAWithSHA1, 1163 KMFOID_X9CM_DSA, 1164 KMFOID_X9CM_DSAWithSHA1; 1165 1166 /* For PKINIT support */ 1167 extern const KMF_OID 1168 KMFOID_PKINIT_san, 1169 KMFOID_PKINIT_ClientAuth, 1170 KMFOID_PKINIT_Kdc, 1171 KMFOID_MS_KP_SCLogon, 1172 KMFOID_MS_KP_SCLogon_UPN; 1173 1174 /* 1175 * KMF Certificate validation codes. These may be masked together. 1176 */ 1177 #define KMF_CERT_VALIDATE_OK 0x00 1178 #define KMF_CERT_VALIDATE_ERR_TA 0x01 1179 #define KMF_CERT_VALIDATE_ERR_USER 0x02 1180 #define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04 1181 #define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08 1182 #define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10 1183 #define KMF_CERT_VALIDATE_ERR_TIME 0x20 1184 #define KMF_CERT_VALIDATE_ERR_CRL 0x40 1185 #define KMF_CERT_VALIDATE_ERR_OCSP 0x80 1186 #define KMF_CERT_VALIDATE_ERR_ISSUER 0x100 1187 1188 /* 1189 * KMF Key Usage bitmasks 1190 */ 1191 #define KMF_digitalSignature 0x8000 1192 #define KMF_nonRepudiation 0x4000 1193 #define KMF_keyEncipherment 0x2000 1194 #define KMF_dataEncipherment 0x1000 1195 #define KMF_keyAgreement 0x0800 1196 #define KMF_keyCertSign 0x0400 1197 #define KMF_cRLSign 0x0200 1198 #define KMF_encipherOnly 0x0100 1199 #define KMF_decipherOnly 0x0080 1200 1201 #define KMF_KUBITMASK 0xFF80 1202 1203 /* 1204 * KMF Extended KeyUsage OID definitions 1205 */ 1206 #define KMF_EKU_SERVERAUTH 0x01 1207 #define KMF_EKU_CLIENTAUTH 0x02 1208 #define KMF_EKU_CODESIGNING 0x04 1209 #define KMF_EKU_EMAIL 0x08 1210 #define KMF_EKU_TIMESTAMP 0x10 1211 #define KMF_EKU_OCSPSIGNING 0x20 1212 1213 #ifdef __cplusplus 1214 } 1215 #endif 1216 #endif /* _KMFTYPES_H */ 1217