2N/A/*
2N/A * Copyright (c) 1995-2000 Intel Corporation. All rights reserved.
2N/A */
2N/A/*
2N/A * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A#ifndef _KMFTYPES_H
2N/A#define _KMFTYPES_H
2N/A
2N/A#include <sys/types.h>
2N/A#include <stdlib.h>
2N/A#include <strings.h>
2N/A#include <pthread.h>
2N/A
2N/A#include <security/cryptoki.h>
2N/A
2N/A#ifdef __cplusplus
2N/Aextern "C" {
2N/A#endif
2N/A
2N/Atypedef uint32_t KMF_BOOL;
2N/A
2N/A#define KMF_FALSE (0)
2N/A#define KMF_TRUE (1)
2N/A
2N/A/* KMF_HANDLE_T is a pointer to an incomplete C struct for type safety. */
2N/Atypedef struct _kmf_handle *KMF_HANDLE_T;
2N/A
2N/A/*
2N/A * KMF_DATA
2N/A * The KMF_DATA structure is used to associate a length, in bytes, with
2N/A * an arbitrary block of contiguous memory.
2N/A */
2N/Atypedef struct kmf_data
2N/A{
2N/A size_t Length; /* in bytes */
2N/A uchar_t *Data;
2N/A} KMF_DATA;
2N/A
2N/Atypedef struct {
2N/A uchar_t *val;
2N/A size_t len;
2N/A} KMF_BIGINT;
2N/A
2N/A/*
2N/A * KMF_OID
2N/A * The object identifier (OID) structure is used to hold a unique identifier for
2N/A * the atomic data fields and the compound substructure that comprise the fields
2N/A * of a certificate or CRL.
2N/A */
2N/Atypedef KMF_DATA KMF_OID;
2N/A
2N/Atypedef struct kmf_x509_private {
2N/A int keystore_type;
2N/A int flags; /* see below */
2N/A char *label;
2N/A#define KMF_FLAG_CERT_VALID 1 /* contains valid certificate */
2N/A#define KMF_FLAG_CERT_SIGNED 2 /* this is a signed certificate */
2N/A} KMF_X509_PRIVATE;
2N/A
2N/A/*
2N/A * KMF_X509_DER_CERT
2N/A * This structure associates packed DER certificate data.
2N/A * Also, it contains the private information internal used
2N/A * by KMF layer.
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_DATA certificate;
2N/A KMF_X509_PRIVATE kmf_private;
2N/A} KMF_X509_DER_CERT;
2N/A
2N/Atypedef int KMF_KEYSTORE_TYPE;
2N/A#define KMF_KEYSTORE_NSS 1
2N/A#define KMF_KEYSTORE_OPENSSL 2
2N/A#define KMF_KEYSTORE_PK11TOKEN 3
2N/A
2N/A#define VALID_DEFAULT_KEYSTORE_TYPE(t) ((t >= KMF_KEYSTORE_NSS) &&\
2N/A (t <= KMF_KEYSTORE_PK11TOKEN))
2N/A
2N/Atypedef enum {
2N/A KMF_FORMAT_UNDEF = 0,
2N/A KMF_FORMAT_ASN1 = 1, /* DER */
2N/A KMF_FORMAT_PEM = 2,
2N/A KMF_FORMAT_PKCS12 = 3,
2N/A KMF_FORMAT_RAWKEY = 4, /* For FindKey operation */
2N/A KMF_FORMAT_PEM_KEYPAIR = 5
2N/A} KMF_ENCODE_FORMAT;
2N/A
2N/A#define KMF_FORMAT_NATIVE KMF_FORMAT_UNDEF
2N/A
2N/Atypedef enum {
2N/A KMF_ALL_CERTS = 0,
2N/A KMF_NONEXPIRED_CERTS = 1,
2N/A KMF_EXPIRED_CERTS = 2
2N/A} KMF_CERT_VALIDITY;
2N/A
2N/A
2N/Atypedef enum {
2N/A KMF_ALL_EXTNS = 0,
2N/A KMF_CRITICAL_EXTNS = 1,
2N/A KMF_NONCRITICAL_EXTNS = 2
2N/A} KMF_FLAG_CERT_EXTN;
2N/A
2N/A
2N/Atypedef enum {
2N/A KMF_KU_SIGN_CERT = 0,
2N/A KMF_KU_SIGN_DATA = 1,
2N/A KMF_KU_ENCRYPT_DATA = 2
2N/A} KMF_KU_PURPOSE;
2N/A
2N/A/*
2N/A * Algorithms
2N/A * This type defines a set of constants used to identify cryptographic
2N/A * algorithms.
2N/A *
2N/A * When adding new ALGID, be careful not to rearrange existing
2N/A * values, doing so can cause problem in the STC test suite.
2N/A */
2N/Atypedef enum {
2N/A KMF_ALGID_NONE = 0,
2N/A KMF_ALGID_CUSTOM,
2N/A KMF_ALGID_SHA1,
2N/A KMF_ALGID_RSA,
2N/A KMF_ALGID_DSA,
2N/A KMF_ALGID_MD5WithRSA,
2N/A KMF_ALGID_MD2WithRSA,
2N/A KMF_ALGID_SHA1WithRSA,
2N/A KMF_ALGID_SHA1WithDSA,
2N/A
2N/A KMF_ALGID_ECDSA,
2N/A
2N/A KMF_ALGID_SHA256WithRSA,
2N/A KMF_ALGID_SHA384WithRSA,
2N/A KMF_ALGID_SHA512WithRSA,
2N/A
2N/A KMF_ALGID_SHA256WithDSA,
2N/A
2N/A KMF_ALGID_SHA1WithECDSA,
2N/A KMF_ALGID_SHA256WithECDSA,
2N/A KMF_ALGID_SHA384WithECDSA,
2N/A KMF_ALGID_SHA512WithECDSA
2N/A} KMF_ALGORITHM_INDEX;
2N/A
2N/A/*
2N/A * Generic credential structure used by other structures below
2N/A * to convey authentication information to the underlying
2N/A * mechanisms.
2N/A */
2N/Atypedef struct {
2N/A char *cred;
2N/A uint32_t credlen;
2N/A} KMF_CREDENTIAL;
2N/A
2N/Atypedef enum {
2N/A KMF_KEYALG_NONE = 0,
2N/A KMF_RSA = 1,
2N/A KMF_DSA = 2,
2N/A KMF_AES = 3,
2N/A KMF_RC4 = 4,
2N/A KMF_DES = 5,
2N/A KMF_DES3 = 6,
2N/A KMF_GENERIC_SECRET = 7,
2N/A KMF_ECDSA = 8
2N/A}KMF_KEY_ALG;
2N/A
2N/Atypedef enum {
2N/A KMF_KEYCLASS_NONE = 0,
2N/A KMF_ASYM_PUB = 1, /* public key of an asymmetric keypair */
2N/A KMF_ASYM_PRI = 2, /* private key of an asymmetric keypair */
2N/A KMF_SYMMETRIC = 3 /* symmetric key */
2N/A}KMF_KEY_CLASS;
2N/A
2N/Atypedef enum {
2N/A KMF_CERT = 0,
2N/A KMF_CSR = 1,
2N/A KMF_CRL = 2
2N/A}KMF_OBJECT_TYPE;
2N/A
2N/Atypedef struct {
2N/A KMF_BIGINT mod;
2N/A KMF_BIGINT pubexp;
2N/A KMF_BIGINT priexp;
2N/A KMF_BIGINT prime1;
2N/A KMF_BIGINT prime2;
2N/A KMF_BIGINT exp1;
2N/A KMF_BIGINT exp2;
2N/A KMF_BIGINT coef;
2N/A} KMF_RAW_RSA_KEY;
2N/A
2N/Atypedef struct {
2N/A KMF_BIGINT prime;
2N/A KMF_BIGINT subprime;
2N/A KMF_BIGINT base;
2N/A KMF_BIGINT value;
2N/A KMF_BIGINT pubvalue;
2N/A} KMF_RAW_DSA_KEY;
2N/A
2N/Atypedef struct {
2N/A KMF_BIGINT keydata;
2N/A} KMF_RAW_SYM_KEY;
2N/A
2N/Atypedef struct {
2N/A KMF_BIGINT value;
2N/A KMF_OID params;
2N/A} KMF_RAW_EC_KEY;
2N/A
2N/Atypedef struct {
2N/A KMF_KEY_ALG keytype;
2N/A boolean_t sensitive;
2N/A boolean_t not_extractable;
2N/A union {
2N/A KMF_RAW_RSA_KEY rsa;
2N/A KMF_RAW_DSA_KEY dsa;
2N/A KMF_RAW_SYM_KEY sym;
2N/A KMF_RAW_EC_KEY ec;
2N/A }rawdata;
2N/A char *label;
2N/A KMF_DATA id;
2N/A} KMF_RAW_KEY_DATA;
2N/A
2N/Atypedef struct {
2N/A KMF_KEYSTORE_TYPE kstype;
2N/A KMF_KEY_ALG keyalg;
2N/A KMF_KEY_CLASS keyclass;
2N/A boolean_t israw;
2N/A char *keylabel;
2N/A void *keyp;
2N/A} KMF_KEY_HANDLE;
2N/A
2N/Atypedef struct {
2N/A KMF_KEYSTORE_TYPE kstype;
2N/A uint32_t errcode;
2N/A} KMF_ERROR;
2N/A
2N/A/*
2N/A * Typenames to use with subjectAltName
2N/A */
2N/Atypedef enum {
2N/A GENNAME_OTHERNAME = 0x00,
2N/A GENNAME_RFC822NAME,
2N/A GENNAME_DNSNAME,
2N/A GENNAME_X400ADDRESS,
2N/A GENNAME_DIRECTORYNAME,
2N/A GENNAME_EDIPARTYNAME,
2N/A GENNAME_URI,
2N/A GENNAME_IPADDRESS,
2N/A GENNAME_REGISTEREDID,
2N/A GENNAME_KRB5PRINC,
2N/A GENNAME_SCLOGON_UPN
2N/A} KMF_GENERALNAMECHOICES;
2N/A
2N/A/*
2N/A * KMF_FIELD
2N/A * This structure contains the OID/value pair for any item that can be
2N/A * identified by an OID.
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_OID FieldOid;
2N/A KMF_DATA FieldValue;
2N/A} KMF_FIELD;
2N/A
2N/Atypedef enum {
2N/A KMF_OK = 0x00,
2N/A KMF_ERR_BAD_PARAMETER = 0x01,
2N/A KMF_ERR_BAD_KEY_FORMAT = 0x02,
2N/A KMF_ERR_BAD_ALGORITHM = 0x03,
2N/A KMF_ERR_MEMORY = 0x04,
2N/A KMF_ERR_ENCODING = 0x05,
2N/A KMF_ERR_PLUGIN_INIT = 0x06,
2N/A KMF_ERR_PLUGIN_NOTFOUND = 0x07,
2N/A KMF_ERR_INTERNAL = 0x0b,
2N/A KMF_ERR_BAD_CERT_FORMAT = 0x0c,
2N/A KMF_ERR_KEYGEN_FAILED = 0x0d,
2N/A KMF_ERR_UNINITIALIZED = 0x10,
2N/A KMF_ERR_ISSUER = 0x11,
2N/A KMF_ERR_NOT_REVOKED = 0x12,
2N/A KMF_ERR_CERT_NOT_FOUND = 0x13,
2N/A KMF_ERR_CRL_NOT_FOUND = 0x14,
2N/A KMF_ERR_RDN_PARSER = 0x15,
2N/A KMF_ERR_RDN_ATTR = 0x16,
2N/A KMF_ERR_SLOTNAME = 0x17,
2N/A KMF_ERR_EMPTY_CRL = 0x18,
2N/A KMF_ERR_BUFFER_SIZE = 0x19,
2N/A KMF_ERR_AUTH_FAILED = 0x1a,
2N/A KMF_ERR_TOKEN_SELECTED = 0x1b,
2N/A KMF_ERR_NO_TOKEN_SELECTED = 0x1c,
2N/A KMF_ERR_TOKEN_NOT_PRESENT = 0x1d,
2N/A KMF_ERR_EXTENSION_NOT_FOUND = 0x1e,
2N/A KMF_ERR_POLICY_ENGINE = 0x1f,
2N/A KMF_ERR_POLICY_DB_FORMAT = 0x20,
2N/A KMF_ERR_POLICY_NOT_FOUND = 0x21,
2N/A KMF_ERR_POLICY_DB_FILE = 0x22,
2N/A KMF_ERR_POLICY_NAME = 0x23,
2N/A KMF_ERR_OCSP_POLICY = 0x24,
2N/A KMF_ERR_TA_POLICY = 0x25,
2N/A KMF_ERR_KEY_NOT_FOUND = 0x26,
2N/A KMF_ERR_OPEN_FILE = 0x27,
2N/A KMF_ERR_OCSP_BAD_ISSUER = 0x28,
2N/A KMF_ERR_OCSP_BAD_CERT = 0x29,
2N/A KMF_ERR_OCSP_CREATE_REQUEST = 0x2a,
2N/A KMF_ERR_CONNECT_SERVER = 0x2b,
2N/A KMF_ERR_SEND_REQUEST = 0x2c,
2N/A KMF_ERR_OCSP_CERTID = 0x2d,
2N/A KMF_ERR_OCSP_MALFORMED_RESPONSE = 0x2e,
2N/A KMF_ERR_OCSP_RESPONSE_STATUS = 0x2f,
2N/A KMF_ERR_OCSP_NO_BASIC_RESPONSE = 0x30,
2N/A KMF_ERR_OCSP_BAD_SIGNER = 0x31,
2N/A
2N/A KMF_ERR_OCSP_RESPONSE_SIGNATURE = 0x32,
2N/A KMF_ERR_OCSP_UNKNOWN_CERT = 0x33,
2N/A KMF_ERR_OCSP_STATUS_TIME_INVALID = 0x34,
2N/A KMF_ERR_BAD_HTTP_RESPONSE = 0x35,
2N/A KMF_ERR_RECV_RESPONSE = 0x36,
2N/A KMF_ERR_RECV_TIMEOUT = 0x37,
2N/A KMF_ERR_DUPLICATE_KEYFILE = 0x38,
2N/A KMF_ERR_AMBIGUOUS_PATHNAME = 0x39,
2N/A KMF_ERR_FUNCTION_NOT_FOUND = 0x3a,
2N/A KMF_ERR_PKCS12_FORMAT = 0x3b,
2N/A KMF_ERR_BAD_KEY_TYPE = 0x3c,
2N/A KMF_ERR_BAD_KEY_CLASS = 0x3d,
2N/A KMF_ERR_BAD_KEY_SIZE = 0x3e,
2N/A KMF_ERR_BAD_HEX_STRING = 0x3f,
2N/A KMF_ERR_KEYUSAGE = 0x40,
2N/A KMF_ERR_VALIDITY_PERIOD = 0x41,
2N/A KMF_ERR_OCSP_REVOKED = 0x42,
2N/A KMF_ERR_CERT_MULTIPLE_FOUND = 0x43,
2N/A KMF_ERR_WRITE_FILE = 0x44,
2N/A KMF_ERR_BAD_URI = 0x45,
2N/A KMF_ERR_BAD_CRLFILE = 0x46,
2N/A KMF_ERR_BAD_CERTFILE = 0x47,
2N/A KMF_ERR_GETKEYVALUE_FAILED = 0x48,
2N/A KMF_ERR_BAD_KEYHANDLE = 0x49,
2N/A KMF_ERR_BAD_OBJECT_TYPE = 0x4a,
2N/A KMF_ERR_OCSP_RESPONSE_LIFETIME = 0x4b,
2N/A KMF_ERR_UNKNOWN_CSR_ATTRIBUTE = 0x4c,
2N/A KMF_ERR_UNINITIALIZED_TOKEN = 0x4d,
2N/A KMF_ERR_INCOMPLETE_TBS_CERT = 0x4e,
2N/A KMF_ERR_MISSING_ERRCODE = 0x4f,
2N/A KMF_KEYSTORE_ALREADY_INITIALIZED = 0x50,
2N/A KMF_ERR_SENSITIVE_KEY = 0x51,
2N/A KMF_ERR_UNEXTRACTABLE_KEY = 0x52,
2N/A KMF_ERR_KEY_MISMATCH = 0x53,
2N/A KMF_ERR_ATTR_NOT_FOUND = 0x54,
2N/A KMF_ERR_KMF_CONF = 0x55,
2N/A KMF_ERR_NAME_NOT_MATCHED = 0x56,
2N/A KMF_ERR_MAPPER_OPEN = 0x57,
2N/A KMF_ERR_MAPPER_NOT_FOUND = 0x58,
2N/A KMF_ERR_MAPPING_FAILED = 0x59,
2N/A KMF_ERR_CERT_VALIDATION = 0x60
2N/A} KMF_RETURN;
2N/A
2N/A/* Data structures for OCSP support */
2N/Atypedef enum {
2N/A OCSP_GOOD = 0,
2N/A OCSP_REVOKED = 1,
2N/A OCSP_UNKNOWN = 2
2N/A} KMF_OCSP_CERT_STATUS;
2N/A
2N/Atypedef enum {
2N/A OCSP_SUCCESS = 0,
2N/A OCSP_MALFORMED_REQUEST = 1,
2N/A OCSP_INTERNAL_ERROR = 2,
2N/A OCSP_TRYLATER = 3,
2N/A OCSP_SIGREQUIRED = 4,
2N/A OCSP_UNAUTHORIZED = 5
2N/A} KMF_OCSP_RESPONSE_STATUS;
2N/A
2N/Atypedef enum {
2N/A OCSP_NOSTATUS = -1,
2N/A OCSP_UNSPECIFIED = 0,
2N/A OCSP_KEYCOMPROMISE = 1,
2N/A OCSP_CACOMPROMISE = 2,
2N/A OCSP_AFFILIATIONCHANGE = 3,
2N/A OCSP_SUPERCEDED = 4,
2N/A OCSP_CESSATIONOFOPERATION = 5,
2N/A OCSP_CERTIFICATEHOLD = 6,
2N/A OCSP_REMOVEFROMCRL = 7
2N/A} KMF_OCSP_REVOKED_STATUS;
2N/A
2N/Atypedef enum {
2N/A KMF_CERT_ISSUER = 1,
2N/A KMF_CERT_SUBJECT,
2N/A KMF_CERT_VERSION,
2N/A KMF_CERT_SERIALNUM,
2N/A KMF_CERT_NOTBEFORE,
2N/A KMF_CERT_NOTAFTER,
2N/A KMF_CERT_PUBKEY_ALG,
2N/A KMF_CERT_SIGNATURE_ALG,
2N/A KMF_CERT_EMAIL,
2N/A KMF_CERT_PUBKEY_DATA,
2N/A KMF_X509_EXT_PRIV_KEY_USAGE_PERIOD,
2N/A KMF_X509_EXT_CERT_POLICIES,
2N/A KMF_X509_EXT_SUBJ_ALTNAME,
2N/A KMF_X509_EXT_ISSUER_ALTNAME,
2N/A KMF_X509_EXT_BASIC_CONSTRAINTS,
2N/A KMF_X509_EXT_NAME_CONSTRAINTS,
2N/A KMF_X509_EXT_POLICY_CONSTRAINTS,
2N/A KMF_X509_EXT_EXT_KEY_USAGE,
2N/A KMF_X509_EXT_INHIBIT_ANY_POLICY,
2N/A KMF_X509_EXT_AUTH_KEY_ID,
2N/A KMF_X509_EXT_SUBJ_KEY_ID,
2N/A KMF_X509_EXT_POLICY_MAPPINGS,
2N/A KMF_X509_EXT_CRL_DIST_POINTS,
2N/A KMF_X509_EXT_FRESHEST_CRL,
2N/A KMF_X509_EXT_KEY_USAGE
2N/A} KMF_PRINTABLE_ITEM;
2N/A
2N/A/*
2N/A * KMF_X509_ALGORITHM_IDENTIFIER
2N/A * This structure holds an object identifier naming a
2N/A * cryptographic algorithm and an optional set of
2N/A * parameters to be used as input to that algorithm.
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_OID algorithm;
2N/A KMF_DATA parameters;
2N/A} KMF_X509_ALGORITHM_IDENTIFIER;
2N/A
2N/A/*
2N/A * KMF_X509_TYPE_VALUE_PAIR
2N/A * This structure contain an type-value pair.
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_OID type;
2N/A uint8_t valueType; /* The Tag to use when BER encoded */
2N/A KMF_DATA value;
2N/A} KMF_X509_TYPE_VALUE_PAIR;
2N/A
2N/A
2N/A/*
2N/A * KMF_X509_RDN
2N/A * This structure contains a Relative Distinguished Name
2N/A * composed of an ordered set of type-value pairs.
2N/A */
2N/Atypedef struct
2N/A{
2N/A uint32_t numberOfPairs;
2N/A KMF_X509_TYPE_VALUE_PAIR *AttributeTypeAndValue;
2N/A} KMF_X509_RDN;
2N/A
2N/A/*
2N/A * KMF_X509_NAME
2N/A * This structure contains a set of Relative Distinguished Names.
2N/A */
2N/Atypedef struct
2N/A{
2N/A uint32_t numberOfRDNs;
2N/A KMF_X509_RDN *RelativeDistinguishedName;
2N/A} KMF_X509_NAME;
2N/A
2N/A/*
2N/A * KMF_X509_SPKI
2N/A * This structure contains the public key and the
2N/A * description of the verification algorithm
2N/A * appropriate for use with this key.
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_X509_ALGORITHM_IDENTIFIER algorithm;
2N/A KMF_DATA subjectPublicKey;
2N/A} KMF_X509_SPKI;
2N/A
2N/A/*
2N/A * KMF_X509_TIME
2N/A * Time is represented as a string according to the
2N/A * definitions of GeneralizedTime and UTCTime
2N/A * defined in RFC 2459.
2N/A */
2N/Atypedef struct
2N/A{
2N/A uint8_t timeType;
2N/A KMF_DATA time;
2N/A} KMF_X509_TIME;
2N/A
2N/A/*
2N/A * KMF_X509_VALIDITY
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_X509_TIME notBefore;
2N/A KMF_X509_TIME notAfter;
2N/A} KMF_X509_VALIDITY;
2N/A
2N/A/*
2N/A * KMF_X509EXT_BASICCONSTRAINTS
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_BOOL cA;
2N/A KMF_BOOL pathLenConstraintPresent;
2N/A uint32_t pathLenConstraint;
2N/A} KMF_X509EXT_BASICCONSTRAINTS;
2N/A
2N/A/*
2N/A * KMF_X509EXT_DATA_FORMAT
2N/A * This list defines the valid formats for a certificate extension.
2N/A */
2N/Atypedef enum
2N/A{
2N/A KMF_X509_DATAFORMAT_ENCODED = 0,
2N/A KMF_X509_DATAFORMAT_PARSED,
2N/A KMF_X509_DATAFORMAT_PAIR
2N/A} KMF_X509EXT_DATA_FORMAT;
2N/A
2N/A
2N/A/*
2N/A * KMF_X509EXT_TAGandVALUE
2N/A * This structure contains a BER/DER encoded
2N/A * extension value and the type of that value.
2N/A */
2N/Atypedef struct
2N/A{
2N/A uint8_t type;
2N/A KMF_DATA value;
2N/A} KMF_X509EXT_TAGandVALUE;
2N/A
2N/A
2N/A/*
2N/A * KMF_X509EXT_PAIR
2N/A * This structure aggregates two extension representations:
2N/A * a tag and value, and a parsed X509 extension representation.
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_X509EXT_TAGandVALUE tagAndValue;
2N/A void *parsedValue;
2N/A} KMF_X509EXT_PAIR;
2N/A
2N/A/*
2N/A * KMF_X509_EXTENSION
2N/A * This structure contains a complete certificate extension.
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_OID extnId;
2N/A KMF_BOOL critical;
2N/A KMF_X509EXT_DATA_FORMAT format;
2N/A union
2N/A {
2N/A KMF_X509EXT_TAGandVALUE *tagAndValue;
2N/A void *parsedValue;
2N/A KMF_X509EXT_PAIR *valuePair;
2N/A } value;
2N/A KMF_DATA BERvalue;
2N/A} KMF_X509_EXTENSION;
2N/A
2N/A
2N/A/*
2N/A * KMF_X509_EXTENSIONS
2N/A * This structure contains the set of all certificate
2N/A * extensions contained in a certificate.
2N/A */
2N/Atypedef struct
2N/A{
2N/A uint32_t numberOfExtensions;
2N/A KMF_X509_EXTENSION *extensions;
2N/A} KMF_X509_EXTENSIONS;
2N/A
2N/A/*
2N/A * KMF_X509_TBS_CERT
2N/A * This structure contains a complete X.509 certificate.
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_DATA version;
2N/A KMF_BIGINT serialNumber;
2N/A KMF_X509_ALGORITHM_IDENTIFIER signature;
2N/A KMF_X509_NAME issuer;
2N/A KMF_X509_VALIDITY validity;
2N/A KMF_X509_NAME subject;
2N/A KMF_X509_SPKI subjectPublicKeyInfo;
2N/A KMF_DATA issuerUniqueIdentifier;
2N/A KMF_DATA subjectUniqueIdentifier;
2N/A KMF_X509_EXTENSIONS extensions;
2N/A} KMF_X509_TBS_CERT;
2N/A
2N/A/*
2N/A * KMF_X509_SIGNATURE
2N/A * This structure contains a cryptographic digital signature.
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_X509_ALGORITHM_IDENTIFIER algorithmIdentifier;
2N/A KMF_DATA encrypted;
2N/A} KMF_X509_SIGNATURE;
2N/A
2N/A/*
2N/A * KMF_X509_CERTIFICATE
2N/A * This structure associates a set of decoded certificate
2N/A * values with the signature covering those values.
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_X509_TBS_CERT certificate;
2N/A KMF_X509_SIGNATURE signature;
2N/A} KMF_X509_CERTIFICATE;
2N/A
2N/A#define CERT_ALG_OID(c) &c->certificate.signature.algorithm
2N/A#define CERT_SIG_OID(c) &c->signature.algorithmIdentifier.algorithm
2N/A
2N/A/*
2N/A * KMF_TBS_CSR
2N/A * This structure contains a complete PKCS#10 certificate request
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_DATA version;
2N/A KMF_X509_NAME subject;
2N/A KMF_X509_SPKI subjectPublicKeyInfo;
2N/A KMF_X509_EXTENSIONS extensions;
2N/A} KMF_TBS_CSR;
2N/A
2N/A/*
2N/A * KMF_CSR_DATA
2N/A * This structure contains a complete PKCS#10 certificate signed request
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_TBS_CSR csr;
2N/A KMF_X509_SIGNATURE signature;
2N/A} KMF_CSR_DATA;
2N/A
2N/A/*
2N/A * KMF_X509EXT_POLICYQUALIFIERINFO
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_OID policyQualifierId;
2N/A KMF_DATA value;
2N/A} KMF_X509EXT_POLICYQUALIFIERINFO;
2N/A
2N/A/*
2N/A * KMF_X509EXT_POLICYQUALIFIERS
2N/A */
2N/Atypedef struct
2N/A{
2N/A uint32_t numberOfPolicyQualifiers;
2N/A KMF_X509EXT_POLICYQUALIFIERINFO *policyQualifier;
2N/A} KMF_X509EXT_POLICYQUALIFIERS;
2N/A
2N/A/*
2N/A * KMF_X509EXT_POLICYINFO
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_OID policyIdentifier;
2N/A KMF_X509EXT_POLICYQUALIFIERS policyQualifiers;
2N/A} KMF_X509EXT_POLICYINFO;
2N/A
2N/Atypedef struct
2N/A{
2N/A uint32_t numberOfPolicyInfo;
2N/A KMF_X509EXT_POLICYINFO *policyInfo;
2N/A} KMF_X509EXT_CERT_POLICIES;
2N/A
2N/Atypedef struct
2N/A{
2N/A uchar_t critical;
2N/A uint16_t KeyUsageBits;
2N/A} KMF_X509EXT_KEY_USAGE;
2N/A
2N/Atypedef struct
2N/A{
2N/A uchar_t critical;
2N/A uint16_t nEKUs;
2N/A KMF_OID *keyPurposeIdList;
2N/A} KMF_X509EXT_EKU;
2N/A
2N/A
2N/A/*
2N/A * X509 AuthorityInfoAccess extension
2N/A */
2N/Atypedef struct
2N/A{
2N/A KMF_OID AccessMethod;
2N/A KMF_DATA AccessLocation;
2N/A} KMF_X509EXT_ACCESSDESC;
2N/A
2N/Atypedef struct
2N/A{
2N/A uint32_t numberOfAccessDescription;
2N/A KMF_X509EXT_ACCESSDESC *AccessDesc;
2N/A} KMF_X509EXT_AUTHINFOACCESS;
2N/A
2N/A
2N/A/*
2N/A * X509 Crl Distribution Point extension
2N/A */
2N/Atypedef struct {
2N/A KMF_GENERALNAMECHOICES choice;
2N/A KMF_DATA name;
2N/A} KMF_GENERALNAME;
2N/A
2N/Atypedef struct {
2N/A uint32_t number;
2N/A KMF_GENERALNAME *namelist;
2N/A} KMF_GENERALNAMES;
2N/A
2N/Atypedef enum {
2N/A DP_GENERAL_NAME = 1,
2N/A DP_RELATIVE_NAME = 2
2N/A} KMF_CRL_DIST_POINT_TYPE;
2N/A
2N/Atypedef struct {
2N/A KMF_CRL_DIST_POINT_TYPE type;
2N/A union {
2N/A KMF_GENERALNAMES full_name;
2N/A KMF_DATA relative_name;
2N/A } name;
2N/A KMF_DATA reasons;
2N/A KMF_GENERALNAMES crl_issuer;
2N/A} KMF_CRL_DIST_POINT;
2N/A
2N/Atypedef struct {
2N/A uint32_t number;
2N/A KMF_CRL_DIST_POINT *dplist;
2N/A} KMF_X509EXT_CRLDISTPOINTS;
2N/A
2N/Atypedef enum {
2N/A KMF_DATA_ATTR,
2N/A KMF_OID_ATTR,
2N/A KMF_BIGINT_ATTR,
2N/A KMF_X509_DER_CERT_ATTR,
2N/A KMF_KEYSTORE_TYPE_ATTR,
2N/A KMF_ENCODE_FORMAT_ATTR,
2N/A KMF_CERT_VALIDITY_ATTR,
2N/A KMF_KU_PURPOSE_ATTR,
2N/A KMF_ALGORITHM_INDEX_ATTR,
2N/A KMF_TOKEN_LABEL_ATTR,
2N/A KMF_READONLY_ATTR,
2N/A KMF_DIRPATH_ATTR,
2N/A KMF_CERTPREFIX_ATTR,
2N/A KMF_KEYPREFIX_ATTR,
2N/A KMF_SECMODNAME_ATTR,
2N/A KMF_CREDENTIAL_ATTR,
2N/A KMF_TRUSTFLAG_ATTR,
2N/A KMF_CRL_FILENAME_ATTR,
2N/A KMF_CRL_CHECK_ATTR,
2N/A KMF_CRL_DATA_ATTR,
2N/A KMF_CRL_SUBJECT_ATTR,
2N/A KMF_CRL_ISSUER_ATTR,
2N/A KMF_CRL_NAMELIST_ATTR,
2N/A KMF_CRL_COUNT_ATTR,
2N/A KMF_CRL_OUTFILE_ATTR,
2N/A KMF_CERT_LABEL_ATTR,
2N/A KMF_SUBJECT_NAME_ATTR,
2N/A KMF_ISSUER_NAME_ATTR,
2N/A KMF_CERT_FILENAME_ATTR,
2N/A KMF_KEY_FILENAME_ATTR,
2N/A KMF_OUTPUT_FILENAME_ATTR,
2N/A KMF_IDSTR_ATTR,
2N/A KMF_CERT_DATA_ATTR,
2N/A KMF_OCSP_RESPONSE_DATA_ATTR,
2N/A KMF_OCSP_RESPONSE_STATUS_ATTR,
2N/A KMF_OCSP_RESPONSE_REASON_ATTR,
2N/A KMF_OCSP_RESPONSE_CERT_STATUS_ATTR,
2N/A KMF_OCSP_REQUEST_FILENAME_ATTR,
2N/A KMF_KEYALG_ATTR,
2N/A KMF_KEYCLASS_ATTR,
2N/A KMF_KEYLABEL_ATTR,
2N/A KMF_KEYLENGTH_ATTR,
2N/A KMF_RSAEXP_ATTR,
2N/A KMF_TACERT_DATA_ATTR,
2N/A KMF_SLOT_ID_ATTR,
2N/A KMF_PK12CRED_ATTR,
2N/A KMF_ISSUER_CERT_DATA_ATTR,
2N/A KMF_USER_CERT_DATA_ATTR,
2N/A KMF_SIGNER_CERT_DATA_ATTR,
2N/A KMF_IGNORE_RESPONSE_SIGN_ATTR,
2N/A KMF_RESPONSE_LIFETIME_ATTR,
2N/A KMF_KEY_HANDLE_ATTR,
2N/A KMF_PRIVKEY_HANDLE_ATTR,
2N/A KMF_PUBKEY_HANDLE_ATTR,
2N/A KMF_ERROR_ATTR,
2N/A KMF_X509_NAME_ATTR,
2N/A KMF_X509_SPKI_ATTR,
2N/A KMF_X509_CERTIFICATE_ATTR,
2N/A KMF_RAW_KEY_ATTR,
2N/A KMF_CSR_DATA_ATTR,
2N/A KMF_GENERALNAMECHOICES_ATTR,
2N/A KMF_STOREKEY_BOOL_ATTR,
2N/A KMF_SENSITIVE_BOOL_ATTR,
2N/A KMF_NON_EXTRACTABLE_BOOL_ATTR,
2N/A KMF_TOKEN_BOOL_ATTR,
2N/A KMF_PRIVATE_BOOL_ATTR,
2N/A KMF_NEWPIN_ATTR,
2N/A KMF_IN_SIGN_ATTR,
2N/A KMF_OUT_DATA_ATTR,
2N/A KMF_COUNT_ATTR,
2N/A KMF_DESTROY_BOOL_ATTR,
2N/A KMF_TBS_CERT_DATA_ATTR,
2N/A KMF_PLAINTEXT_DATA_ATTR,
2N/A KMF_CIPHERTEXT_DATA_ATTR,
2N/A KMF_VALIDATE_RESULT_ATTR,
2N/A KMF_KEY_DATA_ATTR,
2N/A KMF_PK11_USER_TYPE_ATTR,
2N/A KMF_ECC_CURVE_OID_ATTR,
2N/A KMF_MAPPER_NAME_ATTR,
2N/A KMF_MAPPER_PATH_ATTR,
2N/A KMF_MAPPER_OPTIONS_ATTR
2N/A} KMF_ATTR_TYPE;
2N/A
2N/Atypedef struct {
2N/A KMF_ATTR_TYPE type;
2N/A void *pValue;
2N/A uint32_t valueLen;
2N/A} KMF_ATTRIBUTE;
2N/A
2N/A/*
2N/A * Definitions for common X.509v3 certificate attribute OIDs
2N/A */
2N/A#define OID_ISO_MEMBER 42 /* Also in PKCS */
2N/A#define OID_US OID_ISO_MEMBER, 134, 72 /* Also in PKCS */
2N/A#define OID_CA OID_ISO_MEMBER, 124
2N/A
2N/A#define OID_ISO_IDENTIFIED_ORG 43
2N/A#define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4
2N/A#define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5
2N/A#define OID_DOD OID_ISO_IDENTIFIED_ORG, 6
2N/A#define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 /* Also in x9.57 */
2N/A
2N/A#define OID_ISO_CCITT_DIR_SERVICE 85
2N/A#define OID_ISO_CCITT_COUNTRY 96
2N/A#define OID_COUNTRY_US OID_ISO_CCITT_COUNTRY, 134, 72
2N/A#define OID_COUNTRY_CA OID_ISO_CCITT_COUNTRY, 124
2N/A#define OID_COUNTRY_US_ORG OID_COUNTRY_US, 1
2N/A#define OID_COUNTRY_US_MHS_MD OID_COUNTRY_US, 2
2N/A#define OID_COUNTRY_US_STATE OID_COUNTRY_US, 3
2N/A
2N/A/* From the PKCS Standards */
2N/A#define OID_ISO_MEMBER_LENGTH 1
2N/A#define OID_US_LENGTH (OID_ISO_MEMBER_LENGTH + 2)
2N/A
2N/A#define OID_RSA OID_US, 134, 247, 13
2N/A#define OID_RSA_LENGTH (OID_US_LENGTH + 3)
2N/A
2N/A#define OID_RSA_HASH OID_RSA, 2
2N/A#define OID_RSA_HASH_LENGTH (OID_RSA_LENGTH + 1)
2N/A
2N/A#define OID_RSA_ENCRYPT OID_RSA, 3
2N/A#define OID_RSA_ENCRYPT_LENGTH (OID_RSA_LENGTH + 1)
2N/A
2N/A#define OID_PKCS OID_RSA, 1
2N/A#define OID_PKCS_LENGTH (OID_RSA_LENGTH + 1)
2N/A
2N/A#define OID_PKCS_1 OID_PKCS, 1
2N/A#define OID_PKCS_1_LENGTH (OID_PKCS_LENGTH + 1)
2N/A
2N/A#define OID_PKCS_2 OID_PKCS, 2
2N/A#define OID_PKCS_3 OID_PKCS, 3
2N/A#define OID_PKCS_3_LENGTH (OID_PKCS_LENGTH + 1)
2N/A
2N/A#define OID_PKCS_4 OID_PKCS, 4
2N/A#define OID_PKCS_5 OID_PKCS, 5
2N/A#define OID_PKCS_5_LENGTH (OID_PKCS_LENGTH + 1)
2N/A#define OID_PKCS_6 OID_PKCS, 6
2N/A#define OID_PKCS_7 OID_PKCS, 7
2N/A#define OID_PKCS_7_LENGTH (OID_PKCS_LENGTH + 1)
2N/A
2N/A#define OID_PKCS_7_Data OID_PKCS_7, 1
2N/A#define OID_PKCS_7_SignedData OID_PKCS_7, 2
2N/A#define OID_PKCS_7_EnvelopedData OID_PKCS_7, 3
2N/A#define OID_PKCS_7_SignedAndEnvelopedData OID_PKCS_7, 4
2N/A#define OID_PKCS_7_DigestedData OID_PKCS_7, 5
2N/A#define OID_PKCS_7_EncryptedData OID_PKCS_7, 6
2N/A
2N/A#define OID_PKCS_8 OID_PKCS, 8
2N/A#define OID_PKCS_9 OID_PKCS, 9
2N/A#define OID_PKCS_9_LENGTH (OID_PKCS_LENGTH + 1)
2N/A
2N/A#define OID_PKCS_9_CONTENT_TYPE OID_PKCS_9, 3
2N/A#define OID_PKCS_9_MESSAGE_DIGEST OID_PKCS_9, 4
2N/A#define OID_PKCS_9_SIGNING_TIME OID_PKCS_9, 5
2N/A#define OID_PKCS_9_COUNTER_SIGNATURE OID_PKCS_9, 6
2N/A#define OID_PKCS_9_EXTENSION_REQUEST OID_PKCS_9, 14
2N/A
2N/A#define OID_PKCS_10 OID_PKCS, 10
2N/A
2N/A#define OID_PKCS_12 OID_PKCS, 12
2N/A#define OID_PKCS_12_LENGTH (OID_PKCS_LENGTH + 1)
2N/A
2N/A#define PBEWithSHAAnd128BitRC4 OID_PKCS_12, 1, 1
2N/A#define PBEWithSHAAnd40BitRC4 OID_PKCS_12, 1, 2
2N/A#define PBEWithSHAAnd3KeyTripleDES_CBC OID_PKCS_12, 1, 3
2N/A#define PBEWithSHAAnd2KeyTripleDES_CBC OID_PKCS_12, 1, 4
2N/A#define PBEWithSHAAnd128BitRC2_CBC OID_PKCS_12, 1, 5
2N/A#define PBEWithSHAAnd40BitRC2_CBC OID_PKCS_12, 1, 6
2N/A
2N/A#define OID_BAG_TYPES OID_PKCS_12, 10, 1
2N/A#define OID_KeyBag OID_BAG_TYPES, 1
2N/A#define OID_PKCS8ShroudedKeyBag OID_BAG_TYPES, 2
2N/A#define OID_CertBag OID_BAG_TYPES, 3
2N/A#define OID_CrlBag OID_BAG_TYPES, 4
2N/A#define OID_SecretBag OID_BAG_TYPES, 5
2N/A#define OID_SafeContentsBag OID_BAG_TYPES, 6
2N/A
2N/A#define OID_ContentInfo OID_PKCS_7, 0, 1
2N/A
2N/A#define OID_CERT_TYPES OID_PKCS_9, 22
2N/A#define OID_x509Certificate OID_CERT_TYPES, 1
2N/A#define OID_sdsiCertificate OID_CERT_TYPES, 2
2N/A
2N/A#define OID_CRL_TYPES OID_PKCS_9, 23
2N/A#define OID_x509Crl OID_CRL_TYPES, 1
2N/A
2N/A#define OID_DS OID_ISO_CCITT_DIR_SERVICE /* Also in X.501 */
2N/A#define OID_DS_LENGTH 1
2N/A
2N/A#define OID_ATTR_TYPE OID_DS, 4 /* Also in X.501 */
2N/A#define OID_ATTR_TYPE_LENGTH (OID_DS_LENGTH + 1)
2N/A
2N/A#define OID_DSALG OID_DS, 8 /* Also in X.501 */
2N/A#define OID_DSALG_LENGTH (OID_DS_LENGTH + 1)
2N/A
2N/A#define OID_EXTENSION OID_DS, 29 /* Also in X.501 */
2N/A#define OID_EXTENSION_LENGTH (OID_DS_LENGTH + 1)
2N/A
2N/A/*
2N/A * From RFC 1274:
2N/A * {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) }
2N/A */
2N/A#define OID_PILOT 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
2N/A#define OID_PILOT_LENGTH 9
2N/A
2N/A#define OID_USERID OID_PILOT 1
2N/A#define OID_USERID_LENGTH (OID_PILOT_LENGTH + 1)
2N/A
2N/A/*
2N/A * From PKIX part1
2N/A * { iso(1) identified-organization(3) dod(6) internet(1)
2N/A * security(5) mechanisms(5) pkix(7) }
2N/A */
2N/A#define OID_PKIX 43, 6, 1, 5, 5, 7
2N/A#define OID_PKIX_LENGTH 6
2N/A
2N/A/* private certificate extensions, { id-pkix 1 } */
2N/A#define OID_PKIX_PE OID_PKIX, 1
2N/A#define OID_PKIX_PE_LENGTH (OID_PKIX_LENGTH + 1)
2N/A
2N/A/* policy qualifier types {id-pkix 2 } */
2N/A#define OID_PKIX_QT OID_PKIX, 2
2N/A#define OID_PKIX_QT_LENGTH (OID_PKIX_LENGTH + 1)
2N/A
2N/A/* CPS qualifier, { id-qt 1 } */
2N/A#define OID_PKIX_QT_CPS OID_PKIX_QT, 1
2N/A#define OID_PKIX_QT_CPS_LENGTH (OID_PKIX_QT_LENGTH + 1)
2N/A/* user notice qualifier, { id-qt 2 } */
2N/A#define OID_PKIX_QT_UNOTICE OID_PKIX_QT, 2
2N/A#define OID_PKIX_QT_UNOTICE_LENGTH (OID_PKIX_QT_LENGTH + 1)
2N/A
2N/A/* extended key purpose OIDs {id-pkix 3 } */
2N/A#define OID_PKIX_KP OID_PKIX, 3
2N/A#define OID_PKIX_KP_LENGTH (OID_PKIX_LENGTH + 1)
2N/A
2N/A/* access descriptors {id-pkix 4 } */
2N/A#define OID_PKIX_AD OID_PKIX, 48
2N/A#define OID_PKIX_AD_LENGTH (OID_PKIX_LENGTH + 1)
2N/A
2N/A/* access descriptors */
2N/A/* OCSP */
2N/A#define OID_PKIX_AD_OCSP OID_PKIX_AD, 1
2N/A#define OID_PKIX_AD_OCSP_LENGTH (OID_PKIX_AD_LENGTH + 1)
2N/A
2N/A/* cAIssuers */
2N/A#define OID_PKIX_AD_CAISSUERS OID_PKIX_AD, 2
2N/A#define OID_PKIX_AD_CAISSUERS_LENGTH (OID_PKIX_AD_LENGTH + 1)
2N/A
2N/A/* end PKIX part1 */
2N/A
2N/A/*
2N/A * From RFC4556 (PKINIT)
2N/A *
2N/A * pkinit = { iso(1) identified-organization(3) dod(6) internet(1)
2N/A * security(5) kerberosv5(2) pkinit(3) }
2N/A */
2N/A#define OID_KRB5_PKINIT 43, 6, 1, 5, 2, 3
2N/A#define OID_KRB5_PKINIT_LENGTH 6
2N/A
2N/A#define OID_KRB5_PKINIT_KPCLIENTAUTH OID_KRB5_PKINIT, 4
2N/A#define OID_KRB5_PKINIT_KPCLIENTAUTH_LENGTH (OID_KRB5_PKINIT_LENGTH + 1)
2N/A
2N/A#define OID_KRB5_PKINIT_KPKDC OID_KRB5_PKINIT, 5
2N/A#define OID_KRB5_PKINIT_KPKDC_LENGTH (OID_KRB5_PKINIT_LENGTH + 1)
2N/A
2N/A#define OID_KRB5_SAN 43, 6, 1, 5, 2, 2
2N/A#define OID_KRB5_SAN_LENGTH 6
2N/A
2N/A/*
2N/A * Microsoft OIDs:
2N/A * id-ms-san-sc-logon-upn =
2N/A * {iso(1) identified-organization(3) dod(6) internet(1) private(4)
2N/A * enterprise(1) microsoft(311) 20 2 3}
2N/A *
2N/A * id-ms-kp-sc-logon =
2N/A * {iso(1) identified-organization(3) dod(6) internet(1) private(4)
2N/A * enterprise(1) microsoft(311) 20 2 2}
2N/A */
2N/A#define OID_MS 43, 6, 1, 4, 1, 130, 55
2N/A#define OID_MS_LENGTH 7
2N/A#define OID_MS_KP_SC_LOGON OID_MS, 20, 2, 2
2N/A#define OID_MS_KP_SC_LOGON_LENGTH (OID_MS_LENGTH + 3)
2N/A
2N/A#define OID_MS_KP_SC_LOGON_UPN OID_MS, 20, 2, 3
2N/A#define OID_MS_KP_SC_LOGON_UPN_LENGTH (OID_MS_LENGTH + 3)
2N/A
2N/A#define OID_APPL_TCP_PROTO 43, 6, 1, 2, 1, 27, 4
2N/A#define OID_APPL_TCP_PROTO_LENGTH 8
2N/A
2N/A#define OID_DAP OID_DS, 3, 1
2N/A#define OID_DAP_LENGTH (OID_DS_LENGTH + 2)
2N/A
2N/A/* From x9.57 */
2N/A#define OID_OIW_LENGTH 2
2N/A
2N/A#define OID_OIW_SECSIG OID_OIW, 3
2N/A#define OID_OIW_SECSIG_LENGTH (OID_OIW_LENGTH + 1)
2N/A
2N/A#define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2
2N/A#define OID_OIW_ALGORITHM_LENGTH (OID_OIW_SECSIG_LENGTH + 1)
2N/A
2N/A#define OID_OIWDIR OID_OIW, 7, 2
2N/A#define OID_OIWDIR_LENGTH (OID_OIW_LENGTH + 2)
2N/A
2N/A#define OID_OIWDIR_CRPT OID_OIWDIR, 1
2N/A
2N/A#define OID_OIWDIR_HASH OID_OIWDIR, 2
2N/A#define OID_OIWDIR_HASH_LENGTH (OID_OIWDIR_LENGTH + 1)
2N/A
2N/A#define OID_OIWDIR_SIGN OID_OIWDIR, 3
2N/A#define OID_OIWDIR_SIGN_LENGTH (OID_OIWDIR_LENGTH + 1)
2N/A
2N/A#define OID_X9CM OID_US, 206, 56
2N/A#define OID_X9CM_MODULE OID_X9CM, 1
2N/A#define OID_X9CM_INSTRUCTION OID_X9CM, 2
2N/A#define OID_X9CM_ATTR OID_X9CM, 3
2N/A#define OID_X9CM_X9ALGORITHM OID_X9CM, 4
2N/A#define OID_X9CM_X9ALGORITHM_LENGTH ((OID_US_LENGTH) + 2 + 1)
2N/A
2N/A#define INTEL 96, 134, 72, 1, 134, 248, 77
2N/A#define INTEL_LENGTH 7
2N/A
2N/A#define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1
2N/A#define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1)
2N/A
2N/A#define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5
2N/A#define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2)
2N/A
2N/Aextern const KMF_OID
2N/AKMFOID_AliasedEntryName,
2N/AKMFOID_AuthorityRevocationList,
2N/AKMFOID_BusinessCategory,
2N/AKMFOID_CACertificate,
2N/AKMFOID_CertificateRevocationList,
2N/AKMFOID_ChallengePassword,
2N/AKMFOID_CollectiveFacsimileTelephoneNumber,
2N/AKMFOID_CollectiveInternationalISDNNumber,
2N/AKMFOID_CollectiveOrganizationName,
2N/AKMFOID_CollectiveOrganizationalUnitName,
2N/AKMFOID_CollectivePhysicalDeliveryOfficeName,
2N/AKMFOID_CollectivePostOfficeBox,
2N/AKMFOID_CollectivePostalAddress,
2N/AKMFOID_CollectivePostalCode,
2N/AKMFOID_CollectiveStateProvinceName,
2N/AKMFOID_CollectiveStreetAddress,
2N/AKMFOID_CollectiveTelephoneNumber,
2N/AKMFOID_CollectiveTelexNumber,
2N/AKMFOID_CollectiveTelexTerminalIdentifier,
2N/AKMFOID_CommonName,
2N/AKMFOID_ContentType,
2N/AKMFOID_CounterSignature,
2N/AKMFOID_CountryName,
2N/AKMFOID_CrossCertificatePair,
2N/AKMFOID_DNQualifier,
2N/AKMFOID_Description,
2N/AKMFOID_DestinationIndicator,
2N/AKMFOID_DistinguishedName,
2N/AKMFOID_EmailAddress,
2N/AKMFOID_EnhancedSearchGuide,
2N/AKMFOID_ExtendedCertificateAttributes,
2N/AKMFOID_ExtensionRequest,
2N/AKMFOID_FacsimileTelephoneNumber,
2N/AKMFOID_GenerationQualifier,
2N/AKMFOID_GivenName,
2N/AKMFOID_HouseIdentifier,
2N/AKMFOID_Initials,
2N/AKMFOID_InternationalISDNNumber,
2N/AKMFOID_KnowledgeInformation,
2N/AKMFOID_LocalityName,
2N/AKMFOID_Member,
2N/AKMFOID_MessageDigest,
2N/AKMFOID_Name,
2N/AKMFOID_ObjectClass,
2N/AKMFOID_OrganizationName,
2N/AKMFOID_OrganizationalUnitName,
2N/AKMFOID_Owner,
2N/AKMFOID_PhysicalDeliveryOfficeName,
2N/AKMFOID_PostOfficeBox,
2N/AKMFOID_PostalAddress,
2N/AKMFOID_PostalCode,
2N/AKMFOID_PreferredDeliveryMethod,
2N/AKMFOID_PresentationAddress,
2N/AKMFOID_ProtocolInformation,
2N/AKMFOID_RFC822mailbox,
2N/AKMFOID_RegisteredAddress,
2N/AKMFOID_RoleOccupant,
2N/AKMFOID_SearchGuide,
2N/AKMFOID_SeeAlso,
2N/AKMFOID_SerialNumber,
2N/AKMFOID_SigningTime,
2N/AKMFOID_StateProvinceName,
2N/AKMFOID_StreetAddress,
2N/AKMFOID_SupportedApplicationContext,
2N/AKMFOID_Surname,
2N/AKMFOID_TelephoneNumber,
2N/AKMFOID_TelexNumber,
2N/AKMFOID_TelexTerminalIdentifier,
2N/AKMFOID_Title,
2N/AKMFOID_UniqueIdentifier,
2N/AKMFOID_UniqueMember,
2N/AKMFOID_UnstructuredAddress,
2N/AKMFOID_UnstructuredName,
2N/AKMFOID_UserCertificate,
2N/AKMFOID_UserPassword,
2N/AKMFOID_X_121Address,
2N/AKMFOID_domainComponent,
2N/AKMFOID_userid;
2N/A
2N/Aextern const KMF_OID
2N/AKMFOID_AuthorityKeyID,
2N/AKMFOID_AuthorityInfoAccess,
2N/AKMFOID_VerisignCertificatePolicy,
2N/AKMFOID_KeyUsageRestriction,
2N/AKMFOID_SubjectDirectoryAttributes,
2N/AKMFOID_SubjectKeyIdentifier,
2N/AKMFOID_KeyUsage,
2N/AKMFOID_PrivateKeyUsagePeriod,
2N/AKMFOID_SubjectAltName,
2N/AKMFOID_IssuerAltName,
2N/AKMFOID_BasicConstraints,
2N/AKMFOID_CrlNumber,
2N/AKMFOID_CrlReason,
2N/AKMFOID_HoldInstructionCode,
2N/AKMFOID_InvalidityDate,
2N/AKMFOID_DeltaCrlIndicator,
2N/AKMFOID_IssuingDistributionPoints,
2N/AKMFOID_NameConstraints,
2N/AKMFOID_CrlDistributionPoints,
2N/AKMFOID_CertificatePolicies,
2N/AKMFOID_PolicyMappings,
2N/AKMFOID_PolicyConstraints,
2N/AKMFOID_AuthorityKeyIdentifier,
2N/AKMFOID_ExtendedKeyUsage,
2N/AKMFOID_PkixAdOcsp,
2N/AKMFOID_PkixAdCaIssuers,
2N/AKMFOID_PKIX_PQ_CPSuri,
2N/AKMFOID_PKIX_PQ_Unotice,
2N/AKMFOID_PKIX_KP_ServerAuth,
2N/AKMFOID_PKIX_KP_ClientAuth,
2N/AKMFOID_PKIX_KP_CodeSigning,
2N/AKMFOID_PKIX_KP_EmailProtection,
2N/AKMFOID_PKIX_KP_IPSecEndSystem,
2N/AKMFOID_PKIX_KP_IPSecTunnel,
2N/AKMFOID_PKIX_KP_IPSecUser,
2N/AKMFOID_PKIX_KP_TimeStamping,
2N/AKMFOID_PKIX_KP_OCSPSigning,
2N/AKMFOID_SHA1,
2N/AKMFOID_RSA,
2N/AKMFOID_DSA,
2N/AKMFOID_MD5,
2N/AKMFOID_MD5WithRSA,
2N/AKMFOID_MD2WithRSA,
2N/AKMFOID_SHA1WithRSA,
2N/AKMFOID_SHA256WithRSA,
2N/AKMFOID_SHA384WithRSA,
2N/AKMFOID_SHA512WithRSA,
2N/AKMFOID_SHA1WithDSA,
2N/AKMFOID_X9CM_DSA,
2N/AKMFOID_X9CM_DSAWithSHA1;
2N/A
2N/A/* For PKINIT support */
2N/Aextern const KMF_OID
2N/AKMFOID_PKINIT_san,
2N/AKMFOID_PKINIT_ClientAuth,
2N/AKMFOID_PKINIT_Kdc,
2N/AKMFOID_MS_KP_SCLogon,
2N/AKMFOID_MS_KP_SCLogon_UPN;
2N/A
2N/A/* For ECC support */
2N/Aextern const KMF_OID
2N/AKMFOID_EC_PUBLIC_KEY,
2N/AKMFOID_SHA1WithECDSA,
2N/AKMFOID_SHA224WithECDSA,
2N/AKMFOID_SHA256WithECDSA,
2N/AKMFOID_SHA384WithECDSA,
2N/AKMFOID_SHA512WithECDSA,
2N/AKMFOID_SHA224WithDSA,
2N/AKMFOID_SHA256WithDSA,
2N/AKMFOID_SHA224,
2N/AKMFOID_SHA256,
2N/AKMFOID_SHA384,
2N/AKMFOID_SHA512,
2N/AKMFOID_ECC_secp112r1,
2N/AKMFOID_ECC_secp112r2,
2N/AKMFOID_ECC_secp128r1,
2N/AKMFOID_ECC_secp128r2,
2N/AKMFOID_ECC_secp160k1,
2N/AKMFOID_ECC_secp160r1,
2N/AKMFOID_ECC_secp160r2,
2N/AKMFOID_ECC_secp192k1,
2N/AKMFOID_ECC_secp224k1,
2N/AKMFOID_ECC_secp224r1,
2N/AKMFOID_ECC_secp256k1,
2N/AKMFOID_ECC_secp384r1,
2N/AKMFOID_ECC_secp521r1,
2N/AKMFOID_ECC_sect113r1,
2N/AKMFOID_ECC_sect113r2,
2N/AKMFOID_ECC_sect131r1,
2N/AKMFOID_ECC_sect131r2,
2N/AKMFOID_ECC_sect163k1,
2N/AKMFOID_ECC_sect163r1,
2N/AKMFOID_ECC_sect163r2,
2N/AKMFOID_ECC_sect193r1,
2N/AKMFOID_ECC_sect193r2,
2N/AKMFOID_ECC_sect233k1,
2N/AKMFOID_ECC_sect233r1,
2N/AKMFOID_ECC_sect239k1,
2N/AKMFOID_ECC_sect283k1,
2N/AKMFOID_ECC_sect283r1,
2N/AKMFOID_ECC_sect409k1,
2N/AKMFOID_ECC_sect409r1,
2N/AKMFOID_ECC_sect571k1,
2N/AKMFOID_ECC_sect571r1,
2N/AKMFOID_ECC_c2pnb163v1,
2N/AKMFOID_ECC_c2pnb163v2,
2N/AKMFOID_ECC_c2pnb163v3,
2N/AKMFOID_ECC_c2pnb176v1,
2N/AKMFOID_ECC_c2tnb191v1,
2N/AKMFOID_ECC_c2tnb191v2,
2N/AKMFOID_ECC_c2tnb191v3,
2N/AKMFOID_ECC_c2pnb208w1,
2N/AKMFOID_ECC_c2tnb239v1,
2N/AKMFOID_ECC_c2tnb239v2,
2N/AKMFOID_ECC_c2tnb239v3,
2N/AKMFOID_ECC_c2pnb272w1,
2N/AKMFOID_ECC_c2pnb304w1,
2N/AKMFOID_ECC_c2tnb359v1,
2N/AKMFOID_ECC_c2pnb368w1,
2N/AKMFOID_ECC_c2tnb431r1,
2N/AKMFOID_ECC_prime192v2,
2N/AKMFOID_ECC_prime192v3,
2N/AKMFOID_ECC_secp192r1,
2N/AKMFOID_ECC_secp256r1;
2N/A
2N/A/*
2N/A * ANSI X9-62 prime192v1 is same as secp192r1 and
2N/A * ANSI X9-62 prime256v1 is same as secp256r1
2N/A */
2N/A#define KMFOID_ANSIX962_prime192v1 KMFOID_ECC_secp192r1
2N/A#define KMFOID_ANSIX962_prime256v1 KMFOID_ECC_secp256r1
2N/A
2N/A/*
2N/A * KMF Certificate validation codes. These may be masked together.
2N/A */
2N/A#define KMF_CERT_VALIDATE_OK 0x00
2N/A#define KMF_CERT_VALIDATE_ERR_TA 0x01
2N/A#define KMF_CERT_VALIDATE_ERR_USER 0x02
2N/A#define KMF_CERT_VALIDATE_ERR_SIGNATURE 0x04
2N/A#define KMF_CERT_VALIDATE_ERR_KEYUSAGE 0x08
2N/A#define KMF_CERT_VALIDATE_ERR_EXT_KEYUSAGE 0x10
2N/A#define KMF_CERT_VALIDATE_ERR_TIME 0x20
2N/A#define KMF_CERT_VALIDATE_ERR_CRL 0x40
2N/A#define KMF_CERT_VALIDATE_ERR_OCSP 0x80
2N/A#define KMF_CERT_VALIDATE_ERR_ISSUER 0x100
2N/A
2N/A/*
2N/A * KMF Key Usage bitmasks
2N/A */
2N/A#define KMF_digitalSignature 0x8000
2N/A#define KMF_nonRepudiation 0x4000
2N/A#define KMF_keyEncipherment 0x2000
2N/A#define KMF_dataEncipherment 0x1000
2N/A#define KMF_keyAgreement 0x0800
2N/A#define KMF_keyCertSign 0x0400
2N/A#define KMF_cRLSign 0x0200
2N/A#define KMF_encipherOnly 0x0100
2N/A#define KMF_decipherOnly 0x0080
2N/A
2N/A#define KMF_KUBITMASK 0xFF80
2N/A
2N/A/*
2N/A * KMF Extended KeyUsage OID definitions
2N/A */
2N/A#define KMF_EKU_SERVERAUTH 0x01
2N/A#define KMF_EKU_CLIENTAUTH 0x02
2N/A#define KMF_EKU_CODESIGNING 0x04
2N/A#define KMF_EKU_EMAIL 0x08
2N/A#define KMF_EKU_TIMESTAMP 0x10
2N/A#define KMF_EKU_OCSPSIGNING 0x20
2N/A
2N/A#ifdef __cplusplus
2N/A}
2N/A#endif
2N/A#endif /* _KMFTYPES_H */