|
sl@0
|
1 |
/*
|
|
sl@0
|
2 |
* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
|
|
sl@0
|
3 |
* All rights reserved.
|
|
sl@0
|
4 |
* This component and the accompanying materials are made available
|
|
sl@0
|
5 |
* under the terms of the License "Eclipse Public License v1.0"
|
|
sl@0
|
6 |
* which accompanies this distribution, and is available
|
|
sl@0
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
|
sl@0
|
8 |
*
|
|
sl@0
|
9 |
* Initial Contributors:
|
|
sl@0
|
10 |
* Nokia Corporation - initial contribution.
|
|
sl@0
|
11 |
*
|
|
sl@0
|
12 |
* Contributors:
|
|
sl@0
|
13 |
*
|
|
sl@0
|
14 |
* Description:
|
|
sl@0
|
15 |
* General Security Definitions
|
|
sl@0
|
16 |
*
|
|
sl@0
|
17 |
*/
|
|
sl@0
|
18 |
|
|
sl@0
|
19 |
|
|
sl@0
|
20 |
/**
|
|
sl@0
|
21 |
@file
|
|
sl@0
|
22 |
@publishedAll
|
|
sl@0
|
23 |
@released
|
|
sl@0
|
24 |
*/
|
|
sl@0
|
25 |
|
|
sl@0
|
26 |
#ifndef __SECURITYDEFS_H__
|
|
sl@0
|
27 |
#define __SECURITYDEFS_H__
|
|
sl@0
|
28 |
|
|
sl@0
|
29 |
#include <e32std.h>
|
|
sl@0
|
30 |
#include <e32base.h>
|
|
sl@0
|
31 |
|
|
sl@0
|
32 |
#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
|
|
sl@0
|
33 |
#include <securitydefsconst.h>
|
|
sl@0
|
34 |
#endif
|
|
sl@0
|
35 |
|
|
sl@0
|
36 |
/** General Security Definitions */
|
|
sl@0
|
37 |
|
|
sl@0
|
38 |
// Old keystore interface, deprecated //////////////////////////////////////////
|
|
sl@0
|
39 |
|
|
sl@0
|
40 |
/**
|
|
sl@0
|
41 |
* What a key can be used for.
|
|
sl@0
|
42 |
* The values this can take are defined in TKeyUsageVals.
|
|
sl@0
|
43 |
*
|
|
sl@0
|
44 |
* @deprecated
|
|
sl@0
|
45 |
*/
|
|
sl@0
|
46 |
typedef TInt TKeyUsage;
|
|
sl@0
|
47 |
|
|
sl@0
|
48 |
/**
|
|
sl@0
|
49 |
* What a key can be used for.
|
|
sl@0
|
50 |
*
|
|
sl@0
|
51 |
* These values can be ORed together if a key has several usages. EAllKeyUsages
|
|
sl@0
|
52 |
* is used when searching for all keys, rather than ones with a particular
|
|
sl@0
|
53 |
* usage. As these can be combined, TKeyUsage is used to store them.
|
|
sl@0
|
54 |
*
|
|
sl@0
|
55 |
* @deprecated
|
|
sl@0
|
56 |
*/
|
|
sl@0
|
57 |
enum TKeyUsageVals
|
|
sl@0
|
58 |
{
|
|
sl@0
|
59 |
EDigitalSignature = 0x80000000,
|
|
sl@0
|
60 |
ENonRepudiation = 0x40000000,
|
|
sl@0
|
61 |
EKeyEncipherment = 0x20000000,
|
|
sl@0
|
62 |
EDataEncipherment = 0x10000000,
|
|
sl@0
|
63 |
EKeyAgreement = 0x08000000,
|
|
sl@0
|
64 |
EKeyCertSign = 0x04000000,
|
|
sl@0
|
65 |
ECRLSign = 0x02000000,
|
|
sl@0
|
66 |
EEncipherOnly = 0x01000000,
|
|
sl@0
|
67 |
EDecipherOnly = 0x00800000,
|
|
sl@0
|
68 |
EAllKeyUsages = -1
|
|
sl@0
|
69 |
};
|
|
sl@0
|
70 |
|
|
sl@0
|
71 |
// End of deprecated keystore API //////////////////////////////////////////////
|
|
sl@0
|
72 |
|
|
sl@0
|
73 |
/**
|
|
sl@0
|
74 |
* What a key can be used for - PKCS#15 scheme.
|
|
sl@0
|
75 |
*
|
|
sl@0
|
76 |
*/
|
|
sl@0
|
77 |
enum TKeyUsagePKCS15
|
|
sl@0
|
78 |
{
|
|
sl@0
|
79 |
EPKCS15UsageEncrypt = 0x001,
|
|
sl@0
|
80 |
EPKCS15UsageDecrypt = 0x002,
|
|
sl@0
|
81 |
EPKCS15UsageSign = 0x004,
|
|
sl@0
|
82 |
EPKCS15UsageSignRecover = 0x008,
|
|
sl@0
|
83 |
EPKCS15UsageWrap = 0x010,
|
|
sl@0
|
84 |
EPKCS15UsageUnwrap = 0x020,
|
|
sl@0
|
85 |
EPKCS15UsageVerify = 0x040,
|
|
sl@0
|
86 |
EPKCS15UsageVerifyRecover = 0x080,
|
|
sl@0
|
87 |
EPKCS15UsageDerive = 0x100,
|
|
sl@0
|
88 |
EPKCS15UsageNonRepudiation = 0x200,
|
|
sl@0
|
89 |
// Common combinations
|
|
sl@0
|
90 |
EPKCS15UsageEncryptWrap = 0x011,
|
|
sl@0
|
91 |
EPKCS15UsageVerifyVerifyRecover = 0x0C0,
|
|
sl@0
|
92 |
EPKCS15UsageDecryptUnwrap = 0x022,
|
|
sl@0
|
93 |
EPKCS15UsageSignSignRecover = 0x00C,
|
|
sl@0
|
94 |
EPKCS15UsageVerifyEncrypt = 0x0D1,
|
|
sl@0
|
95 |
EPKCS15UsageSignDecrypt = 0x02E,
|
|
sl@0
|
96 |
// For use in filters to return all keys
|
|
sl@0
|
97 |
EPKCS15UsageAll = 0xffffffff,
|
|
sl@0
|
98 |
EPKCS15UsageNone = 0x00000000
|
|
sl@0
|
99 |
};
|
|
sl@0
|
100 |
|
|
sl@0
|
101 |
inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
|
|
sl@0
|
102 |
inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
|
|
sl@0
|
103 |
inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
|
|
sl@0
|
104 |
inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
|
|
sl@0
|
105 |
|
|
sl@0
|
106 |
/**
|
|
sl@0
|
107 |
* What a key can be used for - X.509 scheme.
|
|
sl@0
|
108 |
*
|
|
sl@0
|
109 |
*/
|
|
sl@0
|
110 |
enum TKeyUsageX509
|
|
sl@0
|
111 |
{
|
|
sl@0
|
112 |
EX509UsageDigitalSignature = 0x80000000,
|
|
sl@0
|
113 |
EX509UsageNonRepudiation = 0x40000000,
|
|
sl@0
|
114 |
EX509UsageKeyEncipherment = 0x20000000,
|
|
sl@0
|
115 |
EX509UsageDataEncipherment = 0x10000000,
|
|
sl@0
|
116 |
EX509UsageKeyAgreement = 0x08000000,
|
|
sl@0
|
117 |
EX509UsageKeyCertSign = 0x04000000,
|
|
sl@0
|
118 |
EX509UsageCRLSign = 0x02000000,
|
|
sl@0
|
119 |
EX509UsageEncipherOnly = 0x01000000,
|
|
sl@0
|
120 |
EX509UsageDecipherOnly = 0x00800000,
|
|
sl@0
|
121 |
// Values for commonly permitted combinations
|
|
sl@0
|
122 |
EX509UsageAnySign = 0x86000000,
|
|
sl@0
|
123 |
EX509UsageAllEncipher = 0x30000000,
|
|
sl@0
|
124 |
EX509UsageAllSignEncipher = 0xB6000000,
|
|
sl@0
|
125 |
/// For use in filters to return all keys
|
|
sl@0
|
126 |
EX509UsageAll = 0xffffffff,
|
|
sl@0
|
127 |
EX509UsageNone = 0x00000000
|
|
sl@0
|
128 |
};
|
|
sl@0
|
129 |
|
|
sl@0
|
130 |
inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
|
|
sl@0
|
131 |
inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
|
|
sl@0
|
132 |
inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
|
|
sl@0
|
133 |
inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
|
|
sl@0
|
134 |
|
|
sl@0
|
135 |
/**
|
|
sl@0
|
136 |
*
|
|
sl@0
|
137 |
*
|
|
sl@0
|
138 |
* @param aUsage
|
|
sl@0
|
139 |
* @return
|
|
sl@0
|
140 |
*/
|
|
sl@0
|
141 |
IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);
|
|
sl@0
|
142 |
|
|
sl@0
|
143 |
/**
|
|
sl@0
|
144 |
*
|
|
sl@0
|
145 |
*
|
|
sl@0
|
146 |
* @param aUsage
|
|
sl@0
|
147 |
* @return
|
|
sl@0
|
148 |
*/
|
|
sl@0
|
149 |
IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);
|
|
sl@0
|
150 |
|
|
sl@0
|
151 |
/**
|
|
sl@0
|
152 |
*
|
|
sl@0
|
153 |
*
|
|
sl@0
|
154 |
* @param aUsage
|
|
sl@0
|
155 |
* @return
|
|
sl@0
|
156 |
*/
|
|
sl@0
|
157 |
IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);
|
|
sl@0
|
158 |
|
|
sl@0
|
159 |
/**
|
|
sl@0
|
160 |
* Supported types of certificate format. Note these must be only 1 byte long as
|
|
sl@0
|
161 |
* the file cert store only seralises them as 1 byte.
|
|
sl@0
|
162 |
*
|
|
sl@0
|
163 |
*/
|
|
sl@0
|
164 |
enum TCertificateFormat
|
|
sl@0
|
165 |
{
|
|
sl@0
|
166 |
EX509Certificate = 0x00,
|
|
sl@0
|
167 |
EWTLSCertificate = 0x01,
|
|
sl@0
|
168 |
EX968Certificate = 0x02,
|
|
sl@0
|
169 |
EUnknownCertificate = 0x0f,
|
|
sl@0
|
170 |
EX509CertificateUrl = 0x10,
|
|
sl@0
|
171 |
EWTLSCertificateUrl = 0x11,
|
|
sl@0
|
172 |
EX968CertificateUrl = 0x12
|
|
sl@0
|
173 |
};
|
|
sl@0
|
174 |
|
|
sl@0
|
175 |
/**
|
|
sl@0
|
176 |
* The owner of a certificate.
|
|
sl@0
|
177 |
*
|
|
sl@0
|
178 |
*/
|
|
sl@0
|
179 |
enum TCertificateOwnerType
|
|
sl@0
|
180 |
{
|
|
sl@0
|
181 |
ECACertificate,
|
|
sl@0
|
182 |
EUserCertificate,
|
|
sl@0
|
183 |
EPeerCertificate
|
|
sl@0
|
184 |
};
|
|
sl@0
|
185 |
|
|
sl@0
|
186 |
/** The length of a SHA-1 hash
|
|
sl@0
|
187 |
*
|
|
sl@0
|
188 |
*/
|
|
sl@0
|
189 |
const TInt KSHA1HashLengthBytes = 20;
|
|
sl@0
|
190 |
|
|
sl@0
|
191 |
/**
|
|
sl@0
|
192 |
* A SHA-1 hash.
|
|
sl@0
|
193 |
*
|
|
sl@0
|
194 |
*/
|
|
sl@0
|
195 |
typedef TBuf8<KSHA1HashLengthBytes> TSHA1Hash;
|
|
sl@0
|
196 |
|
|
sl@0
|
197 |
//const TInt KMD5HashLengthBytes = 16;
|
|
sl@0
|
198 |
//typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;
|
|
sl@0
|
199 |
|
|
sl@0
|
200 |
/**
|
|
sl@0
|
201 |
* A SHA-1 hash is also used as a key identifier.
|
|
sl@0
|
202 |
*
|
|
sl@0
|
203 |
*/
|
|
sl@0
|
204 |
typedef TSHA1Hash TKeyIdentifier;
|
|
sl@0
|
205 |
|
|
sl@0
|
206 |
/**
|
|
sl@0
|
207 |
* Errors that can occur when validating a certificate chain.
|
|
sl@0
|
208 |
*
|
|
sl@0
|
209 |
* Except EValidatedOK, all these are fatal errors unless specified.
|
|
sl@0
|
210 |
*
|
|
sl@0
|
211 |
*/
|
|
sl@0
|
212 |
enum TValidationError
|
|
sl@0
|
213 |
{
|
|
sl@0
|
214 |
/** Validation OK */
|
|
sl@0
|
215 |
EValidatedOK,
|
|
sl@0
|
216 |
/** Certificate chain has no root */
|
|
sl@0
|
217 |
EChainHasNoRoot,
|
|
sl@0
|
218 |
/** Invalid signature */
|
|
sl@0
|
219 |
ESignatureInvalid,
|
|
sl@0
|
220 |
/** Date out of range */
|
|
sl@0
|
221 |
EDateOutOfRange,
|
|
sl@0
|
222 |
/** Name is excluded */
|
|
sl@0
|
223 |
ENameIsExcluded,
|
|
sl@0
|
224 |
/** Name is not permitted */
|
|
sl@0
|
225 |
ENameNotPermitted, //subtle difference here!
|
|
sl@0
|
226 |
/** Not a CA certificate */
|
|
sl@0
|
227 |
ENotCACert,
|
|
sl@0
|
228 |
/** Certificate revoked */
|
|
sl@0
|
229 |
ECertificateRevoked,
|
|
sl@0
|
230 |
/** Unrecognized critical extension */
|
|
sl@0
|
231 |
EUnrecognizedCriticalExtension,
|
|
sl@0
|
232 |
/** No basic constraint in CA certificate */
|
|
sl@0
|
233 |
ENoBasicConstraintInCACert,
|
|
sl@0
|
234 |
/** No acceptable policy */
|
|
sl@0
|
235 |
ENoAcceptablePolicy,
|
|
sl@0
|
236 |
/** Path too long */
|
|
sl@0
|
237 |
EPathTooLong,
|
|
sl@0
|
238 |
/** Negative path length specified */
|
|
sl@0
|
239 |
ENegativePathLengthSpecified,
|
|
sl@0
|
240 |
/** Names do not chain */
|
|
sl@0
|
241 |
ENamesDontChain,
|
|
sl@0
|
242 |
/** Required policy not found */
|
|
sl@0
|
243 |
ERequiredPolicyNotFound,
|
|
sl@0
|
244 |
/** Bad key usage */
|
|
sl@0
|
245 |
EBadKeyUsage,
|
|
sl@0
|
246 |
/**
|
|
sl@0
|
247 |
* Root certificate not self-signed.
|
|
sl@0
|
248 |
*
|
|
sl@0
|
249 |
* We cannot tell if this is fatal or not, as we lack the context.
|
|
sl@0
|
250 |
*/
|
|
sl@0
|
251 |
ERootCertNotSelfSigned,
|
|
sl@0
|
252 |
/**
|
|
sl@0
|
253 |
* Critical extended key usage
|
|
sl@0
|
254 |
*
|
|
sl@0
|
255 |
* We cannot tell if this is fatal or not, as we lack the context.
|
|
sl@0
|
256 |
*/
|
|
sl@0
|
257 |
ECriticalExtendedKeyUsage,
|
|
sl@0
|
258 |
/**
|
|
sl@0
|
259 |
* Critical certificate policies with qualifiers
|
|
sl@0
|
260 |
*
|
|
sl@0
|
261 |
* We cannot tell if this is fatal or not, as we lack the context.
|
|
sl@0
|
262 |
*/
|
|
sl@0
|
263 |
ECriticalCertPoliciesWithQualifiers,
|
|
sl@0
|
264 |
/**
|
|
sl@0
|
265 |
* Critical policy mapping
|
|
sl@0
|
266 |
*
|
|
sl@0
|
267 |
* We cannot tell if this is fatal or not, as we lack the context.
|
|
sl@0
|
268 |
*/
|
|
sl@0
|
269 |
ECriticalPolicyMapping,
|
|
sl@0
|
270 |
/**
|
|
sl@0
|
271 |
* Critical Device Id
|
|
sl@0
|
272 |
*
|
|
sl@0
|
273 |
* We cannot tell if this is fatal or not, as we lack the context.
|
|
sl@0
|
274 |
*/
|
|
sl@0
|
275 |
ECriticalDeviceId,
|
|
sl@0
|
276 |
/**
|
|
sl@0
|
277 |
* Critical Sid
|
|
sl@0
|
278 |
*
|
|
sl@0
|
279 |
* We cannot tell if this is fatal or not, as we lack the context.
|
|
sl@0
|
280 |
*/
|
|
sl@0
|
281 |
ECriticalSid,
|
|
sl@0
|
282 |
/**
|
|
sl@0
|
283 |
* Critical Vid
|
|
sl@0
|
284 |
*
|
|
sl@0
|
285 |
* We cannot tell if this is fatal or not, as we lack the context.
|
|
sl@0
|
286 |
*/
|
|
sl@0
|
287 |
ECriticalVid,
|
|
sl@0
|
288 |
/**
|
|
sl@0
|
289 |
* Critical Capabilities
|
|
sl@0
|
290 |
*
|
|
sl@0
|
291 |
* We cannot tell if this is fatal or not, as we lack the context.
|
|
sl@0
|
292 |
*/
|
|
sl@0
|
293 |
ECriticalCapabilities
|
|
sl@0
|
294 |
};
|
|
sl@0
|
295 |
|
|
sl@0
|
296 |
|
|
sl@0
|
297 |
#include "securitydefs.inl"
|
|
sl@0
|
298 |
|
|
sl@0
|
299 |
#endif
|