9a7670889e9c36ec355371e6b02f2d9084f040dchaimay * Copyright (c) 1995-2000 Intel Corporation. All rights reserved.
269e59f9a28bf47e0f463e64fc5af4a408b73b21Jan Pechanec * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllysextern "C" {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The KMF_DATA structure is used to associate a length, in bytes, with
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * an arbitrary block of contiguous memory.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * The object identifier (OID) structure is used to hold a unique identifier for
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * the atomic data fields and the compound substructure that comprise the fields
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * of a certificate or CRL.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_DER_CERT
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure associates packed DER certificate data.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Also, it contains the private information internal used
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * by KMF layer.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
431deaa01ac039d796fdfaf86b909a75e7d9ac48hylee#define VALID_DEFAULT_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
02744e811b15322c5f109827a116c33bfe3438b5wyllys * Algorithms
02744e811b15322c5f109827a116c33bfe3438b5wyllys * This type defines a set of constants used to identify cryptographic
02744e811b15322c5f109827a116c33bfe3438b5wyllys * algorithms.
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * When adding new ALGID, be careful not to rearrange existing
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * values, doing so can cause problem in the STC test suite.
02744e811b15322c5f109827a116c33bfe3438b5wyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Generic credential structure used by other structures below
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * to convey authentication information to the underlying
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * mechanisms.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersolltypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Typenames to use with subjectAltName
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_FIELD
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains the OID/value pair for any item that can be
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * identified by an OID.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllys/* Data structures for OCSP support */
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_ALGORITHM_IDENTIFIER
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure holds an object identifier naming a
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * cryptographic algorithm and an optional set of
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * parameters to be used as input to that algorithm.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_TYPE_VALUE_PAIR
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contain an type-value pair.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys uint8_t valueType; /* The Tag to use when BER encoded */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_RDN
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains a Relative Distinguished Name
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * composed of an ordered set of type-value pairs.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_NAME
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains a set of Relative Distinguished Names.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_SPKI
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains the public key and the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * description of the verification algorithm
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * appropriate for use with this key.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_TIME
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Time is represented as a string according to the
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * definitions of GeneralizedTime and UTCTime
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * defined in RFC 2459.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_VALIDITY
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509EXT_BASICCONSTRAINTS
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509EXT_DATA_FORMAT
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This list defines the valid formats for a certificate extension.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509EXT_TAGandVALUE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains a BER/DER encoded
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * extension value and the type of that value.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509EXT_PAIR
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure aggregates two extension representations:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * a tag and value, and a parsed X509 extension representation.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_EXTENSION
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains a complete certificate extension.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_EXTENSIONS
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains the set of all certificate
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * extensions contained in a certificate.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_TBS_CERT
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains a complete X.509 certificate.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_SIGNATURE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains a cryptographic digital signature.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509_CERTIFICATE
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure associates a set of decoded certificate
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * values with the signature covering those values.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define CERT_ALG_OID(c) &c->certificate.signature.algorithm
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_TBS_CSR
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains a complete PKCS#10 certificate request
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_CSR_DATA
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * This structure contains a complete PKCS#10 certificate signed request
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509EXT_POLICYQUALIFIERINFO
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509EXT_POLICYQUALIFIERS
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF_X509EXT_POLICYINFO
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * X509 AuthorityInfoAccess extension
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * X509 Crl Distribution Point extension
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef enum {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllystypedef struct {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllystypedef enum {
30a5e8fa1253cb33980ee4514743cf683f584b4ewyllystypedef struct {
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * Definitions for common X.509v3 certificate attribute OIDs
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* From the PKCS Standards */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * From RFC 1274:
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * From PKIX part1
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * { iso(1) identified-organization(3) dod(6) internet(1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * security(5) mechanisms(5) pkix(7) }
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* private certificate extensions, { id-pkix 1 } */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* policy qualifier types {id-pkix 2 } */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* CPS qualifier, { id-qt 1 } */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* user notice qualifier, { id-qt 2 } */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* extended key purpose OIDs {id-pkix 3 } */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* access descriptors {id-pkix 4 } */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* access descriptors */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* cAIssuers */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* end PKIX part1 */
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * From RFC4556 (PKINIT)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * pkinit = { iso(1) identified-organization(3) dod(6) internet(1)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * security(5) kerberosv5(2) pkinit(3) }
d00756ccb34596a328f8a15d1965da5412d366d0wyllys#define OID_KRB5_PKINIT_KPCLIENTAUTH OID_KRB5_PKINIT, 4
d00756ccb34596a328f8a15d1965da5412d366d0wyllys#define OID_KRB5_PKINIT_KPCLIENTAUTH_LENGTH (OID_KRB5_PKINIT_LENGTH + 1)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys#define OID_KRB5_PKINIT_KPKDC_LENGTH (OID_KRB5_PKINIT_LENGTH + 1)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * Microsoft OIDs:
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * id-ms-san-sc-logon-upn =
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * {iso(1) identified-organization(3) dod(6) internet(1) private(4)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * enterprise(1) microsoft(311) 20 2 3}
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * id-ms-kp-sc-logon =
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * {iso(1) identified-organization(3) dod(6) internet(1) private(4)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys * enterprise(1) microsoft(311) 20 2 2}
d00756ccb34596a328f8a15d1965da5412d366d0wyllys#define OID_MS_KP_SC_LOGON_UPN_LENGTH (OID_MS_LENGTH + 3)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys/* From x9.57 */
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1)
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2)
d00756ccb34596a328f8a15d1965da5412d366d0wyllys/* For PKINIT support */
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll/* For ECC support */
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * ANSI X9-62 prime192v1 is same as secp192r1 and
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * ANSI X9-62 prime256v1 is same as secp256r1
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll#define KMFOID_ANSIX962_prime192v1 KMFOID_ECC_secp192r1
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll#define KMFOID_ANSIX962_prime256v1 KMFOID_ECC_secp256r1
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF Certificate validation codes. These may be masked together.
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF Key Usage bitmasks
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys * KMF Extended KeyUsage OID definitions
99ebb4ca412cb0a19d77a3899a87c055b9c30fa8wyllys#endif /* _KMFTYPES_H */