kmftypes.h revision e65e5c2d2f32a99e8c5f740cabae9075dab03ce7
/*
* Copyright (c) 1995-2000 Intel Corporation. All rights reserved.
*/
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _KMFTYPES_H
#define _KMFTYPES_H
#include <stdlib.h>
#include <strings.h>
#include <pthread.h>
#include <security/cryptoki.h>
#ifdef __cplusplus
extern "C" {
#endif
#define KMF_FALSE (0)
#define KMF_TRUE (1)
/* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */
typedef struct _kmf_handle *KMF_HANDLE_T;
/*
* KMF_DATA
* The KMF_DATA structure is used to associate a length, in bytes, with
* an arbitrary block of contiguous memory.
*/
typedef struct kmf_data
{
} KMF_DATA;
typedef struct {
} KMF_BIGINT;
/*
* KMF_OID
* The object identifier (OID) structure is used to hold a unique identifier for
* the atomic data fields and the compound substructure that comprise the fields
* of a certificate or CRL.
*/
typedef struct kmf_x509_private {
int keystore_type;
int flags; /* see below */
char *label;
/*
* KMF_X509_DER_CERT
* This structure associates packed DER certificate data.
* Also, it contains the private information internal used
* by KMF layer.
*/
typedef struct
{
typedef int KMF_KEYSTORE_TYPE;
#define KMF_KEYSTORE_NSS 1
#define KMF_KEYSTORE_OPENSSL 2
#define KMF_KEYSTORE_PK11TOKEN 3
#define VALID_DEFAULT_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\
(t <= KMF_KEYSTORE_PK11TOKEN))
typedef enum {
KMF_FORMAT_UNDEF = 0,
KMF_FORMAT_PEM = 2,
KMF_FORMAT_PKCS12 = 3,
#define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF
typedef enum {
KMF_ALL_CERTS = 0,
KMF_NONEXPIRED_CERTS = 1,
typedef enum {
KMF_ALL_EXTNS = 0,
KMF_CRITICAL_EXTNS = 1,
typedef enum {
KMF_KU_SIGN_CERT = 0,
KMF_KU_SIGN_DATA = 1,
/*
* Algorithms
* This type defines a set of constants used to identify cryptographic
* algorithms.
*
* When adding new ALGID, be careful not to rearrange existing
* values, doing so can cause problem in the STC test suite.
*/
typedef enum {
KMF_ALGID_NONE = 0,
/*
* Generic credential structure used by other structures below
* to convey authentication information to the underlying
* mechanisms.
*/
typedef struct {
char *cred;
typedef enum {
KMF_KEYALG_NONE = 0,
KMF_RSA = 1,
KMF_DSA = 2,
KMF_AES = 3,
KMF_RC4 = 4,
KMF_DES = 5,
KMF_DES3 = 6,
KMF_GENERIC_SECRET = 7,
KMF_ECDSA = 8
typedef enum {
KMF_KEYCLASS_NONE = 0,
typedef enum {
KMF_CERT = 0,
KMF_CSR = 1,
KMF_CRL = 2
typedef struct {
typedef struct {
typedef struct {
typedef struct {
typedef struct {
union {
}rawdata;
char *label;
typedef struct {
char *keylabel;
void *keyp;
typedef struct {
} KMF_ERROR;
/*
* Typenames to use with subjectAltName
*/
typedef enum {
GENNAME_OTHERNAME = 0x00,
/*
* KMF_FIELD
* identified by an OID.
*/
typedef struct
{
} KMF_FIELD;
typedef enum {
KMF_OK = 0x00,
KMF_ERR_BAD_PARAMETER = 0x01,
KMF_ERR_BAD_KEY_FORMAT = 0x02,
KMF_ERR_BAD_ALGORITHM = 0x03,
KMF_ERR_MEMORY = 0x04,
KMF_ERR_ENCODING = 0x05,
KMF_ERR_PLUGIN_INIT = 0x06,
KMF_ERR_PLUGIN_NOTFOUND = 0x07,
KMF_ERR_INTERNAL = 0x0b,
KMF_ERR_BAD_CERT_FORMAT = 0x0c,
KMF_ERR_KEYGEN_FAILED = 0x0d,
KMF_ERR_UNINITIALIZED = 0x10,
KMF_ERR_ISSUER = 0x11,
KMF_ERR_NOT_REVOKED = 0x12,
KMF_ERR_CERT_NOT_FOUND = 0x13,
KMF_ERR_CRL_NOT_FOUND = 0x14,
KMF_ERR_RDN_PARSER = 0x15,
KMF_ERR_RDN_ATTR = 0x16,
KMF_ERR_SLOTNAME = 0x17,
KMF_ERR_EMPTY_CRL = 0x18,
KMF_ERR_BUFFER_SIZE = 0x19,
KMF_ERR_AUTH_FAILED = 0x1a,
KMF_ERR_TOKEN_SELECTED = 0x1b,
KMF_ERR_NO_TOKEN_SELECTED = 0x1c,
KMF_ERR_TOKEN_NOT_PRESENT = 0x1d,
KMF_ERR_EXTENSION_NOT_FOUND = 0x1e,
KMF_ERR_POLICY_ENGINE = 0x1f,
KMF_ERR_POLICY_DB_FORMAT = 0x20,
KMF_ERR_POLICY_NOT_FOUND = 0x21,
KMF_ERR_POLICY_DB_FILE = 0x22,
KMF_ERR_POLICY_NAME = 0x23,
KMF_ERR_OCSP_POLICY = 0x24,
KMF_ERR_TA_POLICY = 0x25,
KMF_ERR_KEY_NOT_FOUND = 0x26,
KMF_ERR_OPEN_FILE = 0x27,
KMF_ERR_OCSP_BAD_ISSUER = 0x28,
KMF_ERR_OCSP_BAD_CERT = 0x29,
KMF_ERR_OCSP_CREATE_REQUEST = 0x2a,
KMF_ERR_CONNECT_SERVER = 0x2b,
KMF_ERR_SEND_REQUEST = 0x2c,
KMF_ERR_OCSP_CERTID = 0x2d,
KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e,
KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f,
KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30,
KMF_ERR_OCSP_BAD_SIGNER = 0x31,
KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32,
KMF_ERR_OCSP_UNKNOWN_CERT = 0x33,
KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34,
KMF_ERR_BAD_HTTP_RESPONSE = 0x35,
KMF_ERR_RECV_RESPONSE = 0x36,
KMF_ERR_RECV_TIMEOUT = 0x37,
KMF_ERR_DUPLICATE_KEYFILE = 0x38,
KMF_ERR_AMBIGUOUS_PATHNAME = 0x39,
KMF_ERR_FUNCTION_NOT_FOUND = 0x3a,
KMF_ERR_PKCS12_FORMAT = 0x3b,
KMF_ERR_BAD_KEY_TYPE = 0x3c,
KMF_ERR_BAD_KEY_CLASS = 0x3d,
KMF_ERR_BAD_KEY_SIZE = 0x3e,
KMF_ERR_BAD_HEX_STRING = 0x3f,
KMF_ERR_KEYUSAGE = 0x40,
KMF_ERR_VALIDITY_PERIOD = 0x41,
KMF_ERR_OCSP_REVOKED = 0x42,
KMF_ERR_CERT_MULTIPLE_FOUND = 0x43,
KMF_ERR_WRITE_FILE = 0x44,
KMF_ERR_BAD_URI = 0x45,
KMF_ERR_BAD_CRLFILE = 0x46,
KMF_ERR_BAD_CERTFILE = 0x47,
KMF_ERR_GETKEYVALUE_FAILED = 0x48,
KMF_ERR_BAD_KEYHANDLE = 0x49,
KMF_ERR_BAD_OBJECT_TYPE = 0x4a,
KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b,
KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c,
KMF_ERR_UNINITIALIZED_TOKEN = 0x4d,
KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e,
KMF_ERR_MISSING_ERRCODE = 0x4f,
KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50,
KMF_ERR_SENSITIVE_KEY = 0x51,
KMF_ERR_UNEXTRACTABLE_KEY = 0x52,
KMF_ERR_KEY_MISMATCH = 0x53,
KMF_ERR_ATTR_NOT_FOUND = 0x54,
KMF_ERR_KMF_CONF = 0x55
} KMF_RETURN;
/* Data structures for OCSP support */
typedef enum {
OCSP_GOOD = 0,
OCSP_REVOKED = 1,
OCSP_UNKNOWN = 2
typedef enum {
OCSP_SUCCESS = 0,
OCSP_INTERNAL_ERROR = 2,
OCSP_TRYLATER = 3,
OCSP_SIGREQUIRED = 4,
typedef enum {
OCSP_NOSTATUS = -1,
OCSP_UNSPECIFIED = 0,
OCSP_KEYCOMPROMISE = 1,
OCSP_CACOMPROMISE = 2,
OCSP_SUPERCEDED = 4,
OCSP_CERTIFICATEHOLD = 6,
typedef enum {
KMF_CERT_ISSUER = 1,
/*
* KMF_X509_ALGORITHM_IDENTIFIER
* This structure holds an object identifier naming a
* cryptographic algorithm and an optional set of
* parameters to be used as input to that algorithm.
*/
typedef struct
{
/*
* KMF_X509_TYPE_VALUE_PAIR
* This structure contain an type-value pair.
*/
typedef struct
{
/*
* KMF_X509_RDN
* This structure contains a Relative Distinguished Name
* composed of an ordered set of type-value pairs.
*/
typedef struct
{
} KMF_X509_RDN;
/*
* KMF_X509_NAME
* This structure contains a set of Relative Distinguished Names.
*/
typedef struct
{
/*
* KMF_X509_SPKI
* This structure contains the public key and the
* description of the verification algorithm
* appropriate for use with this key.
*/
typedef struct
{
/*
* KMF_X509_TIME
* Time is represented as a string according to the
* definitions of GeneralizedTime and UTCTime
* defined in RFC 2459.
*/
typedef struct
{
/*
* KMF_X509_VALIDITY
*/
typedef struct
{
/*
* KMF_X509EXT_BASICCONSTRAINTS
*/
typedef struct
{
/*
* KMF_X509EXT_DATA_FORMAT
* This list defines the valid formats for a certificate extension.
*/
typedef enum
{
/*
* KMF_X509EXT_TAGandVALUE
* extension value and the type of that value.
*/
typedef struct
{
/*
* KMF_X509EXT_PAIR
* This structure aggregates two extension representations:
* a tag and value, and a parsed X509 extension representation.
*/
typedef struct
{
void *parsedValue;
/*
* KMF_X509_EXTENSION
* This structure contains a complete certificate extension.
*/
typedef struct
{
union
{
void *parsedValue;
} value;
/*
* KMF_X509_EXTENSIONS
* This structure contains the set of all certificate
* extensions contained in a certificate.
*/
typedef struct
{
/*
* KMF_X509_TBS_CERT
* This structure contains a complete X.509 certificate.
*/
typedef struct
{
/*
* KMF_X509_SIGNATURE
* This structure contains a cryptographic digital signature.
*/
typedef struct
{
/*
* KMF_X509_CERTIFICATE
* This structure associates a set of decoded certificate
* values with the signature covering those values.
*/
typedef struct
{
/*
* KMF_TBS_CSR
* This structure contains a complete PKCS#10 certificate request
*/
typedef struct
{
} KMF_TBS_CSR;
/*
* KMF_CSR_DATA
* This structure contains a complete PKCS#10 certificate signed request
*/
typedef struct
{
} KMF_CSR_DATA;
/*
* KMF_X509EXT_POLICYQUALIFIERINFO
*/
typedef struct
{
/*
* KMF_X509EXT_POLICYQUALIFIERS
*/
typedef struct
{
/*
* KMF_X509EXT_POLICYINFO
*/
typedef struct
{
typedef struct
{
typedef struct
{
typedef struct
{
/*
* X509 AuthorityInfoAccess extension
*/
typedef struct
{
typedef struct
{
/*
* X509 Crl Distribution Point extension
*/
typedef struct {
typedef struct {
typedef enum {
DP_GENERAL_NAME = 1,
DP_RELATIVE_NAME = 2
typedef struct {
union {
} name;
typedef struct {
typedef enum {
typedef struct {
void *pValue;
/*
* Definitions for common X.509v3 certificate attribute OIDs
*/
#define OID_ISO_IDENTIFIED_ORG 43
#define OID_ISO_CCITT_DIR_SERVICE 85
#define OID_ISO_CCITT_COUNTRY 96
/* From the PKCS Standards */
#define OID_ISO_MEMBER_LENGTH 1
#define OID_DS_LENGTH 1
/*
* From RFC 1274:
* {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) }
*/
#define OID_PILOT_LENGTH 9
/*
* From PKIX part1
* { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) }
*/
#define OID_PKIX_LENGTH 6
/* private certificate extensions, { id-pkix 1 } */
/* policy qualifier types {id-pkix 2 } */
/* CPS qualifier, { id-qt 1 } */
/* user notice qualifier, { id-qt 2 } */
/* extended key purpose OIDs {id-pkix 3 } */
/* access descriptors {id-pkix 4 } */
/* access descriptors */
/* OCSP */
/* cAIssuers */
/* end PKIX part1 */
/*
* From RFC4556 (PKINIT)
*
* pkinit = { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) kerberosv5(2) pkinit(3) }
*/
#define OID_KRB5_PKINIT_LENGTH 6
#define OID_KRB5_SAN_LENGTH 6
/*
* Microsoft OIDs:
* id-ms-san-sc-logon-upn =
* {iso(1) identified-organization(3) dod(6) internet(1) private(4)
* enterprise(1) microsoft(311) 20 2 3}
*
* id-ms-kp-sc-logon =
* {iso(1) identified-organization(3) dod(6) internet(1) private(4)
* enterprise(1) microsoft(311) 20 2 2}
*/
#define OID_MS_LENGTH 7
#define OID_APPL_TCP_PROTO_LENGTH 8
/* From x9.57 */
#define OID_OIW_LENGTH 2
#define INTEL_LENGTH 7
extern const KMF_OID
extern const KMF_OID
/* For PKINIT support */
extern const KMF_OID
/* For ECC support */
extern const KMF_OID
/*
* ANSI X9-62 prime192v1 is same as secp192r1 and
* ANSI X9-62 prime256v1 is same as secp256r1
*/
/*
* KMF Certificate validation codes. These may be masked together.
*/
#define KMF_CERT_VALIDATE_OK 0x00
#define KMF_CERT_VALIDATE_ERR_TA 0x01
#define KMF_CERT_VALIDATE_ERR_USER 0x02
#define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04
#define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08
#define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10
#define KMF_CERT_VALIDATE_ERR_TIME 0x20
#define KMF_CERT_VALIDATE_ERR_CRL 0x40
#define KMF_CERT_VALIDATE_ERR_OCSP 0x80
#define KMF_CERT_VALIDATE_ERR_ISSUER 0x100
/*
* KMF Key Usage bitmasks
*/
#define KMF_digitalSignature 0x8000
#define KMF_nonRepudiation 0x4000
#define KMF_keyEncipherment 0x2000
#define KMF_dataEncipherment 0x1000
#define KMF_keyAgreement 0x0800
#define KMF_keyCertSign 0x0400
#define KMF_cRLSign 0x0200
#define KMF_encipherOnly 0x0100
#define KMF_decipherOnly 0x0080
#define KMF_KUBITMASK 0xFF80
/*
* KMF Extended KeyUsage OID definitions
*/
#define KMF_EKU_SERVERAUTH 0x01
#define KMF_EKU_CLIENTAUTH 0x02
#define KMF_EKU_CODESIGNING 0x04
#define KMF_EKU_EMAIL 0x08
#define KMF_EKU_TIMESTAMP 0x10
#define KMF_EKU_OCSPSIGNING 0x20
#ifdef __cplusplus
}
#endif
#endif /* _KMFTYPES_H */