sl@0: /*
sl@0: * Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0: * All rights reserved.
sl@0: * This component and the accompanying materials are made available
sl@0: * under the terms of the License "Eclipse Public License v1.0"
sl@0: * which accompanies this distribution, and is available
sl@0: * at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0: *
sl@0: * Initial Contributors:
sl@0: * Nokia Corporation - initial contribution.
sl@0: *
sl@0: * Contributors:
sl@0: *
sl@0: * Description: 
sl@0: * General Security Definitions
sl@0: *
sl@0: */
sl@0: 
sl@0: 
sl@0: /**
sl@0:  @file 
sl@0:  @publishedAll
sl@0:  @released
sl@0: */
sl@0:  
sl@0: #ifndef __SECURITYDEFS_H__
sl@0: #define __SECURITYDEFS_H__
sl@0: 
sl@0: #include <e32std.h>
sl@0: #include <e32base.h>
sl@0: 
sl@0: #ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
sl@0: #include <securitydefsconst.h>
sl@0: #endif
sl@0: 
sl@0: /** General Security Definitions */
sl@0: 
sl@0: // Old keystore interface, deprecated //////////////////////////////////////////
sl@0: 
sl@0: /**
sl@0:  * What a key can be used for.
sl@0:  * The values this can take are defined in TKeyUsageVals.
sl@0:  *
sl@0:  * @deprecated
sl@0:  */
sl@0: typedef TInt TKeyUsage;
sl@0: 
sl@0: /**
sl@0:  * What a key can be used for.
sl@0:  *
sl@0:  * These values can be ORed together if a key has several usages. EAllKeyUsages
sl@0:  * is used when searching for all keys, rather than ones with a particular
sl@0:  * usage.  As these can be combined, TKeyUsage is used to store them.
sl@0:  *
sl@0:  * @deprecated
sl@0:  */
sl@0: enum TKeyUsageVals
sl@0: 	{
sl@0:     EDigitalSignature =  0x80000000,
sl@0:     ENonRepudiation =  0x40000000,
sl@0:     EKeyEncipherment =  0x20000000,
sl@0:     EDataEncipherment =  0x10000000,
sl@0:     EKeyAgreement =   0x08000000,
sl@0:     EKeyCertSign =   0x04000000,
sl@0:     ECRLSign =    0x02000000,
sl@0:     EEncipherOnly =   0x01000000,
sl@0:     EDecipherOnly =   0x00800000,
sl@0:     EAllKeyUsages =   -1
sl@0: 	};
sl@0: 
sl@0: // End of deprecated keystore API //////////////////////////////////////////////
sl@0: 
sl@0: /**
sl@0:  * What a key can be used for - PKCS#15 scheme.
sl@0:  *
sl@0:  */
sl@0: enum TKeyUsagePKCS15
sl@0: 	{
sl@0: 	EPKCS15UsageEncrypt				= 0x001,
sl@0: 	EPKCS15UsageDecrypt				= 0x002,
sl@0: 	EPKCS15UsageSign				= 0x004,
sl@0: 	EPKCS15UsageSignRecover			= 0x008,
sl@0: 	EPKCS15UsageWrap				= 0x010,
sl@0: 	EPKCS15UsageUnwrap				= 0x020,	
sl@0: 	EPKCS15UsageVerify				= 0x040,
sl@0: 	EPKCS15UsageVerifyRecover		= 0x080,
sl@0: 	EPKCS15UsageDerive				= 0x100,
sl@0: 	EPKCS15UsageNonRepudiation		= 0x200,
sl@0: 	// Common combinations
sl@0: 	EPKCS15UsageEncryptWrap         = 0x011,
sl@0: 	EPKCS15UsageVerifyVerifyRecover = 0x0C0,
sl@0: 	EPKCS15UsageDecryptUnwrap       = 0x022,
sl@0: 	EPKCS15UsageSignSignRecover     = 0x00C,
sl@0: 	EPKCS15UsageVerifyEncrypt       = 0x0D1,
sl@0: 	EPKCS15UsageSignDecrypt         = 0x02E,
sl@0: 	// For use in filters to return all keys
sl@0: 	EPKCS15UsageAll					= 0xffffffff,
sl@0: 	EPKCS15UsageNone				= 0x00000000
sl@0: 	};
sl@0: 
sl@0: inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
sl@0: inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
sl@0: inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
sl@0: inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
sl@0: 
sl@0: /**
sl@0:  * What a key can be used for - X.509 scheme.
sl@0:  *
sl@0:  */
sl@0: enum TKeyUsageX509
sl@0: 	{
sl@0: 	EX509UsageDigitalSignature		= 0x80000000,
sl@0: 	EX509UsageNonRepudiation		= 0x40000000,
sl@0: 	EX509UsageKeyEncipherment		= 0x20000000,
sl@0: 	EX509UsageDataEncipherment		= 0x10000000,
sl@0: 	EX509UsageKeyAgreement			= 0x08000000,
sl@0: 	EX509UsageKeyCertSign			= 0x04000000,
sl@0: 	EX509UsageCRLSign				= 0x02000000,
sl@0: 	EX509UsageEncipherOnly			= 0x01000000,
sl@0: 	EX509UsageDecipherOnly			= 0x00800000,
sl@0: 	// Values for commonly permitted combinations
sl@0: 	EX509UsageAnySign               = 0x86000000,
sl@0: 	EX509UsageAllEncipher           = 0x30000000,
sl@0: 	EX509UsageAllSignEncipher       = 0xB6000000,
sl@0: 	/// For use in filters to return all keys
sl@0: 	EX509UsageAll					= 0xffffffff,
sl@0: 	EX509UsageNone					= 0x00000000
sl@0: 	};
sl@0: 
sl@0: inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
sl@0: inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
sl@0: inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
sl@0: inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
sl@0: 
sl@0: /** 
sl@0:  *
sl@0:  *
sl@0:  * @param aUsage
sl@0:  * @return
sl@0:  */
sl@0: IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);
sl@0: 
sl@0: /** 
sl@0:  *
sl@0:  *
sl@0:  * @param aUsage
sl@0:  * @return
sl@0:  */
sl@0: IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);
sl@0: 
sl@0: /** 
sl@0:  *
sl@0:  *
sl@0:  * @param aUsage
sl@0:  * @return
sl@0:  */
sl@0: IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);
sl@0: 
sl@0: /**
sl@0:  * Supported types of certificate format. Note these must be only 1 byte long as
sl@0:  * the file cert store only seralises them as 1 byte.
sl@0:  * 
sl@0:  */
sl@0: enum TCertificateFormat
sl@0: 	{
sl@0:     EX509Certificate    = 0x00,
sl@0:     EWTLSCertificate    = 0x01,
sl@0: 	EX968Certificate    = 0x02,
sl@0: 	EUnknownCertificate = 0x0f,
sl@0: 	EX509CertificateUrl = 0x10,
sl@0: 	EWTLSCertificateUrl = 0x11,
sl@0: 	EX968CertificateUrl = 0x12
sl@0: 	};
sl@0: 
sl@0: /**
sl@0:  * The owner of a certificate.
sl@0:  * 
sl@0:  */
sl@0: enum TCertificateOwnerType
sl@0: 	{
sl@0: 	ECACertificate,
sl@0: 	EUserCertificate,
sl@0: 	EPeerCertificate
sl@0: 	};
sl@0: 
sl@0: /** The length of a SHA-1 hash 
sl@0:  * 
sl@0:  */
sl@0: const TInt KSHA1HashLengthBytes = 20;
sl@0: 
sl@0: /**
sl@0:  * A SHA-1 hash.
sl@0:  * 
sl@0:  */
sl@0: typedef  TBuf8<KSHA1HashLengthBytes> TSHA1Hash;
sl@0: 
sl@0: //const TInt KMD5HashLengthBytes = 16;
sl@0: //typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;
sl@0: 
sl@0: /**
sl@0:  * A SHA-1 hash is also used as a key identifier.
sl@0:  * 
sl@0:  */
sl@0: typedef TSHA1Hash TKeyIdentifier;
sl@0: 
sl@0: /**
sl@0:  * Errors that can occur when validating a certificate chain.
sl@0:  * 
sl@0:  * Except EValidatedOK, all these are fatal errors unless specified.
sl@0:  *
sl@0:  */
sl@0: enum TValidationError
sl@0: 	{
sl@0: 	/** Validation OK */
sl@0: 	EValidatedOK,
sl@0: 	/** Certificate chain has no root */
sl@0: 	EChainHasNoRoot,
sl@0: 	/** Invalid signature  */
sl@0: 	ESignatureInvalid,
sl@0: 	/** Date out of range */
sl@0: 	EDateOutOfRange,
sl@0: 	/** Name is excluded */
sl@0: 	ENameIsExcluded,
sl@0: 	/** Name is not permitted */
sl@0: 	ENameNotPermitted,	//subtle difference here!
sl@0: 	/** Not a CA certificate */
sl@0: 	ENotCACert,
sl@0: 	/** Certificate revoked */
sl@0: 	ECertificateRevoked,
sl@0: 	/** Unrecognized critical extension */
sl@0: 	EUnrecognizedCriticalExtension,
sl@0: 	/** No basic constraint in CA certificate */
sl@0: 	ENoBasicConstraintInCACert,
sl@0: 	/** No acceptable policy */
sl@0: 	ENoAcceptablePolicy,
sl@0: 	/** Path too long */
sl@0: 	EPathTooLong,
sl@0: 	/** Negative path length specified */
sl@0: 	ENegativePathLengthSpecified,
sl@0: 	/** Names do not chain */
sl@0: 	ENamesDontChain,
sl@0: 	/** Required policy not found */
sl@0: 	ERequiredPolicyNotFound,
sl@0: 	/** Bad key usage */
sl@0: 	EBadKeyUsage,
sl@0: 	/** 
sl@0: 	 * Root certificate not self-signed.
sl@0: 	 * 
sl@0: 	 * We cannot tell if this is fatal or not, as we lack the context.
sl@0: 	 */
sl@0: 	ERootCertNotSelfSigned,
sl@0: 	/** 
sl@0: 	 * Critical extended key usage
sl@0: 	 * 
sl@0: 	 * We cannot tell if this is fatal or not, as we lack the context.
sl@0: 	 */
sl@0: 	ECriticalExtendedKeyUsage,
sl@0: 	/** 
sl@0: 	 * Critical certificate policies with qualifiers
sl@0: 	 * 
sl@0: 	 * We cannot tell if this is fatal or not, as we lack the context.
sl@0: 	 */
sl@0: 	ECriticalCertPoliciesWithQualifiers,
sl@0: 	/** 
sl@0: 	 * Critical policy mapping
sl@0: 	 * 
sl@0: 	 * We cannot tell if this is fatal or not, as we lack the context.
sl@0: 	 */
sl@0: 	ECriticalPolicyMapping,
sl@0: 	/** 
sl@0: 	 * Critical Device Id
sl@0: 	 * 
sl@0: 	 * We cannot tell if this is fatal or not, as we lack the context.
sl@0: 	 */
sl@0: 	ECriticalDeviceId,
sl@0: 	/** 
sl@0: 	 * Critical Sid
sl@0: 	 * 
sl@0: 	 * We cannot tell if this is fatal or not, as we lack the context.
sl@0: 	 */
sl@0: 	ECriticalSid,
sl@0: 	/** 
sl@0: 	 * Critical Vid
sl@0: 	 * 
sl@0: 	 * We cannot tell if this is fatal or not, as we lack the context.
sl@0: 	 */
sl@0: 	ECriticalVid,
sl@0: 	/** 
sl@0: 	 * Critical Capabilities
sl@0: 	 * 
sl@0: 	 * We cannot tell if this is fatal or not, as we lack the context.
sl@0: 	 */
sl@0: 	ECriticalCapabilities
sl@0: 	};
sl@0: 
sl@0: 
sl@0: #include "securitydefs.inl"
sl@0: 
sl@0: #endif