1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptomgmtlibs/cryptotokenfw/inc/securitydefs.h Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,299 @@
1.4 +/*
1.5 +* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +* General Security Definitions
1.19 +*
1.20 +*/
1.21 +
1.22 +
1.23 +/**
1.24 + @file
1.25 + @publishedAll
1.26 + @released
1.27 +*/
1.28 +
1.29 +#ifndef __SECURITYDEFS_H__
1.30 +#define __SECURITYDEFS_H__
1.31 +
1.32 +#include <e32std.h>
1.33 +#include <e32base.h>
1.34 +
1.35 +#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
1.36 +#include <securitydefsconst.h>
1.37 +#endif
1.38 +
1.39 +/** General Security Definitions */
1.40 +
1.41 +// Old keystore interface, deprecated //////////////////////////////////////////
1.42 +
1.43 +/**
1.44 + * What a key can be used for.
1.45 + * The values this can take are defined in TKeyUsageVals.
1.46 + *
1.47 + * @deprecated
1.48 + */
1.49 +typedef TInt TKeyUsage;
1.50 +
1.51 +/**
1.52 + * What a key can be used for.
1.53 + *
1.54 + * These values can be ORed together if a key has several usages. EAllKeyUsages
1.55 + * is used when searching for all keys, rather than ones with a particular
1.56 + * usage. As these can be combined, TKeyUsage is used to store them.
1.57 + *
1.58 + * @deprecated
1.59 + */
1.60 +enum TKeyUsageVals
1.61 + {
1.62 + EDigitalSignature = 0x80000000,
1.63 + ENonRepudiation = 0x40000000,
1.64 + EKeyEncipherment = 0x20000000,
1.65 + EDataEncipherment = 0x10000000,
1.66 + EKeyAgreement = 0x08000000,
1.67 + EKeyCertSign = 0x04000000,
1.68 + ECRLSign = 0x02000000,
1.69 + EEncipherOnly = 0x01000000,
1.70 + EDecipherOnly = 0x00800000,
1.71 + EAllKeyUsages = -1
1.72 + };
1.73 +
1.74 +// End of deprecated keystore API //////////////////////////////////////////////
1.75 +
1.76 +/**
1.77 + * What a key can be used for - PKCS#15 scheme.
1.78 + *
1.79 + */
1.80 +enum TKeyUsagePKCS15
1.81 + {
1.82 + EPKCS15UsageEncrypt = 0x001,
1.83 + EPKCS15UsageDecrypt = 0x002,
1.84 + EPKCS15UsageSign = 0x004,
1.85 + EPKCS15UsageSignRecover = 0x008,
1.86 + EPKCS15UsageWrap = 0x010,
1.87 + EPKCS15UsageUnwrap = 0x020,
1.88 + EPKCS15UsageVerify = 0x040,
1.89 + EPKCS15UsageVerifyRecover = 0x080,
1.90 + EPKCS15UsageDerive = 0x100,
1.91 + EPKCS15UsageNonRepudiation = 0x200,
1.92 + // Common combinations
1.93 + EPKCS15UsageEncryptWrap = 0x011,
1.94 + EPKCS15UsageVerifyVerifyRecover = 0x0C0,
1.95 + EPKCS15UsageDecryptUnwrap = 0x022,
1.96 + EPKCS15UsageSignSignRecover = 0x00C,
1.97 + EPKCS15UsageVerifyEncrypt = 0x0D1,
1.98 + EPKCS15UsageSignDecrypt = 0x02E,
1.99 + // For use in filters to return all keys
1.100 + EPKCS15UsageAll = 0xffffffff,
1.101 + EPKCS15UsageNone = 0x00000000
1.102 + };
1.103 +
1.104 +inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
1.105 +inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
1.106 +inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
1.107 +inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
1.108 +
1.109 +/**
1.110 + * What a key can be used for - X.509 scheme.
1.111 + *
1.112 + */
1.113 +enum TKeyUsageX509
1.114 + {
1.115 + EX509UsageDigitalSignature = 0x80000000,
1.116 + EX509UsageNonRepudiation = 0x40000000,
1.117 + EX509UsageKeyEncipherment = 0x20000000,
1.118 + EX509UsageDataEncipherment = 0x10000000,
1.119 + EX509UsageKeyAgreement = 0x08000000,
1.120 + EX509UsageKeyCertSign = 0x04000000,
1.121 + EX509UsageCRLSign = 0x02000000,
1.122 + EX509UsageEncipherOnly = 0x01000000,
1.123 + EX509UsageDecipherOnly = 0x00800000,
1.124 + // Values for commonly permitted combinations
1.125 + EX509UsageAnySign = 0x86000000,
1.126 + EX509UsageAllEncipher = 0x30000000,
1.127 + EX509UsageAllSignEncipher = 0xB6000000,
1.128 + /// For use in filters to return all keys
1.129 + EX509UsageAll = 0xffffffff,
1.130 + EX509UsageNone = 0x00000000
1.131 + };
1.132 +
1.133 +inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
1.134 +inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
1.135 +inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
1.136 +inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
1.137 +
1.138 +/**
1.139 + *
1.140 + *
1.141 + * @param aUsage
1.142 + * @return
1.143 + */
1.144 +IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);
1.145 +
1.146 +/**
1.147 + *
1.148 + *
1.149 + * @param aUsage
1.150 + * @return
1.151 + */
1.152 +IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);
1.153 +
1.154 +/**
1.155 + *
1.156 + *
1.157 + * @param aUsage
1.158 + * @return
1.159 + */
1.160 +IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);
1.161 +
1.162 +/**
1.163 + * Supported types of certificate format. Note these must be only 1 byte long as
1.164 + * the file cert store only seralises them as 1 byte.
1.165 + *
1.166 + */
1.167 +enum TCertificateFormat
1.168 + {
1.169 + EX509Certificate = 0x00,
1.170 + EWTLSCertificate = 0x01,
1.171 + EX968Certificate = 0x02,
1.172 + EUnknownCertificate = 0x0f,
1.173 + EX509CertificateUrl = 0x10,
1.174 + EWTLSCertificateUrl = 0x11,
1.175 + EX968CertificateUrl = 0x12
1.176 + };
1.177 +
1.178 +/**
1.179 + * The owner of a certificate.
1.180 + *
1.181 + */
1.182 +enum TCertificateOwnerType
1.183 + {
1.184 + ECACertificate,
1.185 + EUserCertificate,
1.186 + EPeerCertificate
1.187 + };
1.188 +
1.189 +/** The length of a SHA-1 hash
1.190 + *
1.191 + */
1.192 +const TInt KSHA1HashLengthBytes = 20;
1.193 +
1.194 +/**
1.195 + * A SHA-1 hash.
1.196 + *
1.197 + */
1.198 +typedef TBuf8<KSHA1HashLengthBytes> TSHA1Hash;
1.199 +
1.200 +//const TInt KMD5HashLengthBytes = 16;
1.201 +//typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;
1.202 +
1.203 +/**
1.204 + * A SHA-1 hash is also used as a key identifier.
1.205 + *
1.206 + */
1.207 +typedef TSHA1Hash TKeyIdentifier;
1.208 +
1.209 +/**
1.210 + * Errors that can occur when validating a certificate chain.
1.211 + *
1.212 + * Except EValidatedOK, all these are fatal errors unless specified.
1.213 + *
1.214 + */
1.215 +enum TValidationError
1.216 + {
1.217 + /** Validation OK */
1.218 + EValidatedOK,
1.219 + /** Certificate chain has no root */
1.220 + EChainHasNoRoot,
1.221 + /** Invalid signature */
1.222 + ESignatureInvalid,
1.223 + /** Date out of range */
1.224 + EDateOutOfRange,
1.225 + /** Name is excluded */
1.226 + ENameIsExcluded,
1.227 + /** Name is not permitted */
1.228 + ENameNotPermitted, //subtle difference here!
1.229 + /** Not a CA certificate */
1.230 + ENotCACert,
1.231 + /** Certificate revoked */
1.232 + ECertificateRevoked,
1.233 + /** Unrecognized critical extension */
1.234 + EUnrecognizedCriticalExtension,
1.235 + /** No basic constraint in CA certificate */
1.236 + ENoBasicConstraintInCACert,
1.237 + /** No acceptable policy */
1.238 + ENoAcceptablePolicy,
1.239 + /** Path too long */
1.240 + EPathTooLong,
1.241 + /** Negative path length specified */
1.242 + ENegativePathLengthSpecified,
1.243 + /** Names do not chain */
1.244 + ENamesDontChain,
1.245 + /** Required policy not found */
1.246 + ERequiredPolicyNotFound,
1.247 + /** Bad key usage */
1.248 + EBadKeyUsage,
1.249 + /**
1.250 + * Root certificate not self-signed.
1.251 + *
1.252 + * We cannot tell if this is fatal or not, as we lack the context.
1.253 + */
1.254 + ERootCertNotSelfSigned,
1.255 + /**
1.256 + * Critical extended key usage
1.257 + *
1.258 + * We cannot tell if this is fatal or not, as we lack the context.
1.259 + */
1.260 + ECriticalExtendedKeyUsage,
1.261 + /**
1.262 + * Critical certificate policies with qualifiers
1.263 + *
1.264 + * We cannot tell if this is fatal or not, as we lack the context.
1.265 + */
1.266 + ECriticalCertPoliciesWithQualifiers,
1.267 + /**
1.268 + * Critical policy mapping
1.269 + *
1.270 + * We cannot tell if this is fatal or not, as we lack the context.
1.271 + */
1.272 + ECriticalPolicyMapping,
1.273 + /**
1.274 + * Critical Device Id
1.275 + *
1.276 + * We cannot tell if this is fatal or not, as we lack the context.
1.277 + */
1.278 + ECriticalDeviceId,
1.279 + /**
1.280 + * Critical Sid
1.281 + *
1.282 + * We cannot tell if this is fatal or not, as we lack the context.
1.283 + */
1.284 + ECriticalSid,
1.285 + /**
1.286 + * Critical Vid
1.287 + *
1.288 + * We cannot tell if this is fatal or not, as we lack the context.
1.289 + */
1.290 + ECriticalVid,
1.291 + /**
1.292 + * Critical Capabilities
1.293 + *
1.294 + * We cannot tell if this is fatal or not, as we lack the context.
1.295 + */
1.296 + ECriticalCapabilities
1.297 + };
1.298 +
1.299 +
1.300 +#include "securitydefs.inl"
1.301 +
1.302 +#endif