epoc32/include/securitydefs.h
author William Roberts <williamr@symbian.org>
Wed, 31 Mar 2010 12:33:34 +0100 (2010-03-31)
branchSymbian3
changeset 4 837f303aceeb
parent 2 2fe1408b6811
permissions -rw-r--r--
Current Symbian^3 public API header files (from PDK 3.0.h)
This is the epoc32/include tree with the "platform" subtrees removed, and
all but a selected few mbg and rsg files removed.
williamr@2
     1
/*
williamr@2
     2
* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
williamr@2
     3
* All rights reserved.
williamr@2
     4
* This component and the accompanying materials are made available
williamr@2
     5
* under the terms of the License "Eclipse Public License v1.0"
williamr@2
     6
* which accompanies this distribution, and is available
williamr@2
     7
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
williamr@2
     8
*
williamr@2
     9
* Initial Contributors:
williamr@2
    10
* Nokia Corporation - initial contribution.
williamr@2
    11
*
williamr@2
    12
* Contributors:
williamr@2
    13
*
williamr@2
    14
* Description: 
williamr@2
    15
* General Security Definitions
williamr@2
    16
*
williamr@2
    17
*/
williamr@2
    18
williamr@2
    19
williamr@2
    20
/**
williamr@2
    21
 @file 
williamr@4
    22
 @publishedAll
williamr@4
    23
 @released
williamr@2
    24
*/
williamr@2
    25
 
williamr@2
    26
#ifndef __SECURITYDEFS_H__
williamr@2
    27
#define __SECURITYDEFS_H__
williamr@2
    28
williamr@2
    29
#include <e32std.h>
williamr@2
    30
#include <e32base.h>
williamr@2
    31
williamr@4
    32
#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
williamr@4
    33
#include <securitydefsconst.h>
williamr@4
    34
#endif
williamr@4
    35
williamr@2
    36
/** General Security Definitions */
williamr@2
    37
williamr@2
    38
// Old keystore interface, deprecated //////////////////////////////////////////
williamr@2
    39
williamr@2
    40
/**
williamr@2
    41
 * What a key can be used for.
williamr@2
    42
 * The values this can take are defined in TKeyUsageVals.
williamr@2
    43
 *
williamr@2
    44
 * @deprecated
williamr@2
    45
 */
williamr@2
    46
typedef TInt TKeyUsage;
williamr@2
    47
williamr@2
    48
/**
williamr@2
    49
 * What a key can be used for.
williamr@2
    50
 *
williamr@2
    51
 * These values can be ORed together if a key has several usages. EAllKeyUsages
williamr@2
    52
 * is used when searching for all keys, rather than ones with a particular
williamr@2
    53
 * usage.  As these can be combined, TKeyUsage is used to store them.
williamr@2
    54
 *
williamr@2
    55
 * @deprecated
williamr@2
    56
 */
williamr@2
    57
enum TKeyUsageVals
williamr@2
    58
	{
williamr@2
    59
    EDigitalSignature =  0x80000000,
williamr@2
    60
    ENonRepudiation =  0x40000000,
williamr@2
    61
    EKeyEncipherment =  0x20000000,
williamr@2
    62
    EDataEncipherment =  0x10000000,
williamr@2
    63
    EKeyAgreement =   0x08000000,
williamr@2
    64
    EKeyCertSign =   0x04000000,
williamr@2
    65
    ECRLSign =    0x02000000,
williamr@2
    66
    EEncipherOnly =   0x01000000,
williamr@2
    67
    EDecipherOnly =   0x00800000,
williamr@2
    68
    EAllKeyUsages =   -1
williamr@2
    69
	};
williamr@2
    70
williamr@2
    71
// End of deprecated keystore API //////////////////////////////////////////////
williamr@2
    72
williamr@2
    73
/**
williamr@2
    74
 * What a key can be used for - PKCS#15 scheme.
williamr@2
    75
 *
williamr@2
    76
 */
williamr@2
    77
enum TKeyUsagePKCS15
williamr@2
    78
	{
williamr@2
    79
	EPKCS15UsageEncrypt				= 0x001,
williamr@2
    80
	EPKCS15UsageDecrypt				= 0x002,
williamr@2
    81
	EPKCS15UsageSign				= 0x004,
williamr@2
    82
	EPKCS15UsageSignRecover			= 0x008,
williamr@2
    83
	EPKCS15UsageWrap				= 0x010,
williamr@2
    84
	EPKCS15UsageUnwrap				= 0x020,	
williamr@2
    85
	EPKCS15UsageVerify				= 0x040,
williamr@2
    86
	EPKCS15UsageVerifyRecover		= 0x080,
williamr@2
    87
	EPKCS15UsageDerive				= 0x100,
williamr@2
    88
	EPKCS15UsageNonRepudiation		= 0x200,
williamr@2
    89
	// Common combinations
williamr@2
    90
	EPKCS15UsageEncryptWrap         = 0x011,
williamr@2
    91
	EPKCS15UsageVerifyVerifyRecover = 0x0C0,
williamr@2
    92
	EPKCS15UsageDecryptUnwrap       = 0x022,
williamr@2
    93
	EPKCS15UsageSignSignRecover     = 0x00C,
williamr@2
    94
	EPKCS15UsageVerifyEncrypt       = 0x0D1,
williamr@2
    95
	EPKCS15UsageSignDecrypt         = 0x02E,
williamr@2
    96
	// For use in filters to return all keys
williamr@2
    97
	EPKCS15UsageAll					= 0xffffffff,
williamr@2
    98
	EPKCS15UsageNone				= 0x00000000
williamr@2
    99
	};
williamr@2
   100
williamr@2
   101
inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
williamr@2
   102
inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
williamr@2
   103
inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
williamr@2
   104
inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
williamr@2
   105
williamr@2
   106
/**
williamr@2
   107
 * What a key can be used for - X.509 scheme.
williamr@2
   108
 *
williamr@2
   109
 */
williamr@2
   110
enum TKeyUsageX509
williamr@2
   111
	{
williamr@2
   112
	EX509UsageDigitalSignature		= 0x80000000,
williamr@2
   113
	EX509UsageNonRepudiation		= 0x40000000,
williamr@2
   114
	EX509UsageKeyEncipherment		= 0x20000000,
williamr@2
   115
	EX509UsageDataEncipherment		= 0x10000000,
williamr@2
   116
	EX509UsageKeyAgreement			= 0x08000000,
williamr@2
   117
	EX509UsageKeyCertSign			= 0x04000000,
williamr@2
   118
	EX509UsageCRLSign				= 0x02000000,
williamr@2
   119
	EX509UsageEncipherOnly			= 0x01000000,
williamr@2
   120
	EX509UsageDecipherOnly			= 0x00800000,
williamr@2
   121
	// Values for commonly permitted combinations
williamr@2
   122
	EX509UsageAnySign               = 0x86000000,
williamr@2
   123
	EX509UsageAllEncipher           = 0x30000000,
williamr@2
   124
	EX509UsageAllSignEncipher       = 0xB6000000,
williamr@2
   125
	/// For use in filters to return all keys
williamr@2
   126
	EX509UsageAll					= 0xffffffff,
williamr@2
   127
	EX509UsageNone					= 0x00000000
williamr@2
   128
	};
williamr@2
   129
williamr@2
   130
inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
williamr@2
   131
inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
williamr@2
   132
inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
williamr@2
   133
inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
williamr@2
   134
williamr@2
   135
/** 
williamr@2
   136
 *
williamr@2
   137
 *
williamr@2
   138
 * @param aUsage
williamr@2
   139
 * @return
williamr@2
   140
 */
williamr@2
   141
IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);
williamr@2
   142
williamr@2
   143
/** 
williamr@2
   144
 *
williamr@2
   145
 *
williamr@2
   146
 * @param aUsage
williamr@2
   147
 * @return
williamr@2
   148
 */
williamr@2
   149
IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);
williamr@2
   150
williamr@2
   151
/** 
williamr@2
   152
 *
williamr@2
   153
 *
williamr@2
   154
 * @param aUsage
williamr@2
   155
 * @return
williamr@2
   156
 */
williamr@2
   157
IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);
williamr@2
   158
williamr@2
   159
/**
williamr@2
   160
 * Supported types of certificate format. Note these must be only 1 byte long as
williamr@2
   161
 * the file cert store only seralises them as 1 byte.
williamr@2
   162
 * 
williamr@2
   163
 */
williamr@2
   164
enum TCertificateFormat
williamr@2
   165
	{
williamr@2
   166
    EX509Certificate    = 0x00,
williamr@2
   167
    EWTLSCertificate    = 0x01,
williamr@2
   168
	EX968Certificate    = 0x02,
williamr@2
   169
	EUnknownCertificate = 0x0f,
williamr@2
   170
	EX509CertificateUrl = 0x10,
williamr@2
   171
	EWTLSCertificateUrl = 0x11,
williamr@2
   172
	EX968CertificateUrl = 0x12
williamr@2
   173
	};
williamr@2
   174
williamr@2
   175
/**
williamr@2
   176
 * The owner of a certificate.
williamr@2
   177
 * 
williamr@2
   178
 */
williamr@2
   179
enum TCertificateOwnerType
williamr@2
   180
	{
williamr@2
   181
	ECACertificate,
williamr@2
   182
	EUserCertificate,
williamr@2
   183
	EPeerCertificate
williamr@2
   184
	};
williamr@2
   185
williamr@2
   186
/** The length of a SHA-1 hash 
williamr@2
   187
 * 
williamr@2
   188
 */
williamr@2
   189
const TInt KSHA1HashLengthBytes = 20;
williamr@2
   190
williamr@2
   191
/**
williamr@2
   192
 * A SHA-1 hash.
williamr@2
   193
 * 
williamr@2
   194
 */
williamr@2
   195
typedef  TBuf8<KSHA1HashLengthBytes> TSHA1Hash;
williamr@2
   196
williamr@2
   197
//const TInt KMD5HashLengthBytes = 16;
williamr@2
   198
//typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;
williamr@2
   199
williamr@2
   200
/**
williamr@2
   201
 * A SHA-1 hash is also used as a key identifier.
williamr@2
   202
 * 
williamr@2
   203
 */
williamr@2
   204
typedef TSHA1Hash TKeyIdentifier;
williamr@2
   205
williamr@2
   206
/**
williamr@2
   207
 * Errors that can occur when validating a certificate chain.
williamr@2
   208
 * 
williamr@2
   209
 * Except EValidatedOK, all these are fatal errors unless specified.
williamr@2
   210
 *
williamr@2
   211
 */
williamr@2
   212
enum TValidationError
williamr@2
   213
	{
williamr@2
   214
	/** Validation OK */
williamr@2
   215
	EValidatedOK,
williamr@2
   216
	/** Certificate chain has no root */
williamr@2
   217
	EChainHasNoRoot,
williamr@2
   218
	/** Invalid signature  */
williamr@2
   219
	ESignatureInvalid,
williamr@2
   220
	/** Date out of range */
williamr@2
   221
	EDateOutOfRange,
williamr@2
   222
	/** Name is excluded */
williamr@2
   223
	ENameIsExcluded,
williamr@2
   224
	/** Name is not permitted */
williamr@2
   225
	ENameNotPermitted,	//subtle difference here!
williamr@2
   226
	/** Not a CA certificate */
williamr@2
   227
	ENotCACert,
williamr@2
   228
	/** Certificate revoked */
williamr@2
   229
	ECertificateRevoked,
williamr@2
   230
	/** Unrecognized critical extension */
williamr@2
   231
	EUnrecognizedCriticalExtension,
williamr@2
   232
	/** No basic constraint in CA certificate */
williamr@2
   233
	ENoBasicConstraintInCACert,
williamr@2
   234
	/** No acceptable policy */
williamr@2
   235
	ENoAcceptablePolicy,
williamr@2
   236
	/** Path too long */
williamr@2
   237
	EPathTooLong,
williamr@2
   238
	/** Negative path length specified */
williamr@2
   239
	ENegativePathLengthSpecified,
williamr@2
   240
	/** Names do not chain */
williamr@2
   241
	ENamesDontChain,
williamr@2
   242
	/** Required policy not found */
williamr@2
   243
	ERequiredPolicyNotFound,
williamr@2
   244
	/** Bad key usage */
williamr@2
   245
	EBadKeyUsage,
williamr@2
   246
	/** 
williamr@2
   247
	 * Root certificate not self-signed.
williamr@2
   248
	 * 
williamr@2
   249
	 * We cannot tell if this is fatal or not, as we lack the context.
williamr@2
   250
	 */
williamr@2
   251
	ERootCertNotSelfSigned,
williamr@2
   252
	/** 
williamr@2
   253
	 * Critical extended key usage
williamr@2
   254
	 * 
williamr@2
   255
	 * We cannot tell if this is fatal or not, as we lack the context.
williamr@2
   256
	 */
williamr@2
   257
	ECriticalExtendedKeyUsage,
williamr@2
   258
	/** 
williamr@2
   259
	 * Critical certificate policies with qualifiers
williamr@2
   260
	 * 
williamr@2
   261
	 * We cannot tell if this is fatal or not, as we lack the context.
williamr@2
   262
	 */
williamr@2
   263
	ECriticalCertPoliciesWithQualifiers,
williamr@2
   264
	/** 
williamr@2
   265
	 * Critical policy mapping
williamr@2
   266
	 * 
williamr@2
   267
	 * We cannot tell if this is fatal or not, as we lack the context.
williamr@2
   268
	 */
williamr@2
   269
	ECriticalPolicyMapping,
williamr@2
   270
	/** 
williamr@2
   271
	 * Critical Device Id
williamr@2
   272
	 * 
williamr@2
   273
	 * We cannot tell if this is fatal or not, as we lack the context.
williamr@2
   274
	 */
williamr@2
   275
	ECriticalDeviceId,
williamr@2
   276
	/** 
williamr@2
   277
	 * Critical Sid
williamr@2
   278
	 * 
williamr@2
   279
	 * We cannot tell if this is fatal or not, as we lack the context.
williamr@2
   280
	 */
williamr@2
   281
	ECriticalSid,
williamr@2
   282
	/** 
williamr@2
   283
	 * Critical Vid
williamr@2
   284
	 * 
williamr@2
   285
	 * We cannot tell if this is fatal or not, as we lack the context.
williamr@2
   286
	 */
williamr@2
   287
	ECriticalVid,
williamr@2
   288
	/** 
williamr@2
   289
	 * Critical Capabilities
williamr@2
   290
	 * 
williamr@2
   291
	 * We cannot tell if this is fatal or not, as we lack the context.
williamr@2
   292
	 */
williamr@2
   293
	ECriticalCapabilities
williamr@2
   294
	};
williamr@2
   295
williamr@2
   296
williamr@2
   297
#include "securitydefs.inl"
williamr@2
   298
williamr@2
   299
#endif