test: epoc32/include/securitydefs.h@837f303aceeb (annotated)

williamr@2	1	/*
williamr@2	2	* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
williamr@2	3	* All rights reserved.
williamr@2	4	* This component and the accompanying materials are made available
williamr@2	5	* under the terms of the License "Eclipse Public License v1.0"
williamr@2	6	* which accompanies this distribution, and is available
williamr@2	7	* at the URL "http://www.eclipse.org/legal/epl-v10.html".
williamr@2	8	*
williamr@2	9	* Initial Contributors:
williamr@2	10	* Nokia Corporation - initial contribution.
williamr@2	11	*
williamr@2	12	* Contributors:
williamr@2	13	*
williamr@2	14	* Description:
williamr@2	15	* General Security Definitions
williamr@2	16	*
williamr@2	17	*/
williamr@2	18
williamr@2	19
williamr@2	20	/**
williamr@2	21	@file
williamr@4	22	@publishedAll
williamr@4	23	@released
williamr@2	24	*/
williamr@2	25
williamr@2	26	#ifndef __SECURITYDEFS_H__
williamr@2	27	#define __SECURITYDEFS_H__
williamr@2	28
williamr@2	29	#include <e32std.h>
williamr@2	30	#include <e32base.h>
williamr@2	31
williamr@4	32	#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
williamr@4	33	#include <securitydefsconst.h>
williamr@4	34	#endif
williamr@4	35
williamr@2	36	/** General Security Definitions */
williamr@2	37
williamr@2	38	// Old keystore interface, deprecated //////////////////////////////////////////
williamr@2	39
williamr@2	40	/**
williamr@2	41	* What a key can be used for.
williamr@2	42	* The values this can take are defined in TKeyUsageVals.
williamr@2	43	*
williamr@2	44	* @deprecated
williamr@2	45	*/
williamr@2	46	typedef TInt TKeyUsage;
williamr@2	47
williamr@2	48	/**
williamr@2	49	* What a key can be used for.
williamr@2	50	*
williamr@2	51	* These values can be ORed together if a key has several usages. EAllKeyUsages
williamr@2	52	* is used when searching for all keys, rather than ones with a particular
williamr@2	53	* usage. As these can be combined, TKeyUsage is used to store them.
williamr@2	54	*
williamr@2	55	* @deprecated
williamr@2	56	*/
williamr@2	57	enum TKeyUsageVals
williamr@2	58	{
williamr@2	59	EDigitalSignature = 0x80000000,
williamr@2	60	ENonRepudiation = 0x40000000,
williamr@2	61	EKeyEncipherment = 0x20000000,
williamr@2	62	EDataEncipherment = 0x10000000,
williamr@2	63	EKeyAgreement = 0x08000000,
williamr@2	64	EKeyCertSign = 0x04000000,
williamr@2	65	ECRLSign = 0x02000000,
williamr@2	66	EEncipherOnly = 0x01000000,
williamr@2	67	EDecipherOnly = 0x00800000,
williamr@2	68	EAllKeyUsages = -1
williamr@2	69	};
williamr@2	70
williamr@2	71	// End of deprecated keystore API //////////////////////////////////////////////
williamr@2	72
williamr@2	73	/**
williamr@2	74	* What a key can be used for - PKCS#15 scheme.
williamr@2	75	*
williamr@2	76	*/
williamr@2	77	enum TKeyUsagePKCS15
williamr@2	78	{
williamr@2	79	EPKCS15UsageEncrypt = 0x001,
williamr@2	80	EPKCS15UsageDecrypt = 0x002,
williamr@2	81	EPKCS15UsageSign = 0x004,
williamr@2	82	EPKCS15UsageSignRecover = 0x008,
williamr@2	83	EPKCS15UsageWrap = 0x010,
williamr@2	84	EPKCS15UsageUnwrap = 0x020,
williamr@2	85	EPKCS15UsageVerify = 0x040,
williamr@2	86	EPKCS15UsageVerifyRecover = 0x080,
williamr@2	87	EPKCS15UsageDerive = 0x100,
williamr@2	88	EPKCS15UsageNonRepudiation = 0x200,
williamr@2	89	// Common combinations
williamr@2	90	EPKCS15UsageEncryptWrap = 0x011,
williamr@2	91	EPKCS15UsageVerifyVerifyRecover = 0x0C0,
williamr@2	92	EPKCS15UsageDecryptUnwrap = 0x022,
williamr@2	93	EPKCS15UsageSignSignRecover = 0x00C,
williamr@2	94	EPKCS15UsageVerifyEncrypt = 0x0D1,
williamr@2	95	EPKCS15UsageSignDecrypt = 0x02E,
williamr@2	96	// For use in filters to return all keys
williamr@2	97	EPKCS15UsageAll = 0xffffffff,
williamr@2	98	EPKCS15UsageNone = 0x00000000
williamr@2	99	};
williamr@2	100
williamr@2	101	inline TKeyUsagePKCS15 operator\|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
williamr@2	102	inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
williamr@2	103	inline const TKeyUsagePKCS15& operator\|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
williamr@2	104	inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
williamr@2	105
williamr@2	106	/**
williamr@2	107	* What a key can be used for - X.509 scheme.
williamr@2	108	*
williamr@2	109	*/
williamr@2	110	enum TKeyUsageX509
williamr@2	111	{
williamr@2	112	EX509UsageDigitalSignature = 0x80000000,
williamr@2	113	EX509UsageNonRepudiation = 0x40000000,
williamr@2	114	EX509UsageKeyEncipherment = 0x20000000,
williamr@2	115	EX509UsageDataEncipherment = 0x10000000,
williamr@2	116	EX509UsageKeyAgreement = 0x08000000,
williamr@2	117	EX509UsageKeyCertSign = 0x04000000,
williamr@2	118	EX509UsageCRLSign = 0x02000000,
williamr@2	119	EX509UsageEncipherOnly = 0x01000000,
williamr@2	120	EX509UsageDecipherOnly = 0x00800000,
williamr@2	121	// Values for commonly permitted combinations
williamr@2	122	EX509UsageAnySign = 0x86000000,
williamr@2	123	EX509UsageAllEncipher = 0x30000000,
williamr@2	124	EX509UsageAllSignEncipher = 0xB6000000,
williamr@2	125	/// For use in filters to return all keys
williamr@2	126	EX509UsageAll = 0xffffffff,
williamr@2	127	EX509UsageNone = 0x00000000
williamr@2	128	};
williamr@2	129
williamr@2	130	inline TKeyUsageX509 operator\|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
williamr@2	131	inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
williamr@2	132	inline const TKeyUsageX509& operator\|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
williamr@2	133	inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
williamr@2	134
williamr@2	135	/**
williamr@2	136	*
williamr@2	137	*
williamr@2	138	* @param aUsage
williamr@2	139	* @return
williamr@2	140	*/
williamr@2	141	IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);
williamr@2	142
williamr@2	143	/**
williamr@2	144	*
williamr@2	145	*
williamr@2	146	* @param aUsage
williamr@2	147	* @return
williamr@2	148	*/
williamr@2	149	IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);
williamr@2	150
williamr@2	151	/**
williamr@2	152	*
williamr@2	153	*
williamr@2	154	* @param aUsage
williamr@2	155	* @return
williamr@2	156	*/
williamr@2	157	IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);
williamr@2	158
williamr@2	159	/**
williamr@2	160	* Supported types of certificate format. Note these must be only 1 byte long as
williamr@2	161	* the file cert store only seralises them as 1 byte.
williamr@2	162	*
williamr@2	163	*/
williamr@2	164	enum TCertificateFormat
williamr@2	165	{
williamr@2	166	EX509Certificate = 0x00,
williamr@2	167	EWTLSCertificate = 0x01,
williamr@2	168	EX968Certificate = 0x02,
williamr@2	169	EUnknownCertificate = 0x0f,
williamr@2	170	EX509CertificateUrl = 0x10,
williamr@2	171	EWTLSCertificateUrl = 0x11,
williamr@2	172	EX968CertificateUrl = 0x12
williamr@2	173	};
williamr@2	174
williamr@2	175	/**
williamr@2	176	* The owner of a certificate.
williamr@2	177	*
williamr@2	178	*/
williamr@2	179	enum TCertificateOwnerType
williamr@2	180	{
williamr@2	181	ECACertificate,
williamr@2	182	EUserCertificate,
williamr@2	183	EPeerCertificate
williamr@2	184	};
williamr@2	185
williamr@2	186	/** The length of a SHA-1 hash
williamr@2	187	*
williamr@2	188	*/
williamr@2	189	const TInt KSHA1HashLengthBytes = 20;
williamr@2	190
williamr@2	191	/**
williamr@2	192	* A SHA-1 hash.
williamr@2	193	*
williamr@2	194	*/
williamr@2	195	typedef TBuf8<KSHA1HashLengthBytes> TSHA1Hash;
williamr@2	196
williamr@2	197	//const TInt KMD5HashLengthBytes = 16;
williamr@2	198	//typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;
williamr@2	199
williamr@2	200	/**
williamr@2	201	* A SHA-1 hash is also used as a key identifier.
williamr@2	202	*
williamr@2	203	*/
williamr@2	204	typedef TSHA1Hash TKeyIdentifier;
williamr@2	205
williamr@2	206	/**
williamr@2	207	* Errors that can occur when validating a certificate chain.
williamr@2	208	*
williamr@2	209	* Except EValidatedOK, all these are fatal errors unless specified.
williamr@2	210	*
williamr@2	211	*/
williamr@2	212	enum TValidationError
williamr@2	213	{
williamr@2	214	/** Validation OK */
williamr@2	215	EValidatedOK,
williamr@2	216	/** Certificate chain has no root */
williamr@2	217	EChainHasNoRoot,
williamr@2	218	/** Invalid signature */
williamr@2	219	ESignatureInvalid,
williamr@2	220	/** Date out of range */
williamr@2	221	EDateOutOfRange,
williamr@2	222	/** Name is excluded */
williamr@2	223	ENameIsExcluded,
williamr@2	224	/** Name is not permitted */
williamr@2	225	ENameNotPermitted, //subtle difference here!
williamr@2	226	/** Not a CA certificate */
williamr@2	227	ENotCACert,
williamr@2	228	/** Certificate revoked */
williamr@2	229	ECertificateRevoked,
williamr@2	230	/** Unrecognized critical extension */
williamr@2	231	EUnrecognizedCriticalExtension,
williamr@2	232	/** No basic constraint in CA certificate */
williamr@2	233	ENoBasicConstraintInCACert,
williamr@2	234	/** No acceptable policy */
williamr@2	235	ENoAcceptablePolicy,
williamr@2	236	/** Path too long */
williamr@2	237	EPathTooLong,
williamr@2	238	/** Negative path length specified */
williamr@2	239	ENegativePathLengthSpecified,
williamr@2	240	/** Names do not chain */
williamr@2	241	ENamesDontChain,
williamr@2	242	/** Required policy not found */
williamr@2	243	ERequiredPolicyNotFound,
williamr@2	244	/** Bad key usage */
williamr@2	245	EBadKeyUsage,
williamr@2	246	/**
williamr@2	247	* Root certificate not self-signed.
williamr@2	248	*
williamr@2	249	* We cannot tell if this is fatal or not, as we lack the context.
williamr@2	250	*/
williamr@2	251	ERootCertNotSelfSigned,
williamr@2	252	/**
williamr@2	253	* Critical extended key usage
williamr@2	254	*
williamr@2	255	* We cannot tell if this is fatal or not, as we lack the context.
williamr@2	256	*/
williamr@2	257	ECriticalExtendedKeyUsage,
williamr@2	258	/**
williamr@2	259	* Critical certificate policies with qualifiers
williamr@2	260	*
williamr@2	261	* We cannot tell if this is fatal or not, as we lack the context.
williamr@2	262	*/
williamr@2	263	ECriticalCertPoliciesWithQualifiers,
williamr@2	264	/**
williamr@2	265	* Critical policy mapping
williamr@2	266	*
williamr@2	267	* We cannot tell if this is fatal or not, as we lack the context.
williamr@2	268	*/
williamr@2	269	ECriticalPolicyMapping,
williamr@2	270	/**
williamr@2	271	* Critical Device Id
williamr@2	272	*
williamr@2	273	* We cannot tell if this is fatal or not, as we lack the context.
williamr@2	274	*/
williamr@2	275	ECriticalDeviceId,
williamr@2	276	/**
williamr@2	277	* Critical Sid
williamr@2	278	*
williamr@2	279	* We cannot tell if this is fatal or not, as we lack the context.
williamr@2	280	*/
williamr@2	281	ECriticalSid,
williamr@2	282	/**
williamr@2	283	* Critical Vid
williamr@2	284	*
williamr@2	285	* We cannot tell if this is fatal or not, as we lack the context.
williamr@2	286	*/
williamr@2	287	ECriticalVid,
williamr@2	288	/**
williamr@2	289	* Critical Capabilities
williamr@2	290	*
williamr@2	291	* We cannot tell if this is fatal or not, as we lack the context.
williamr@2	292	*/
williamr@2	293	ECriticalCapabilities
williamr@2	294	};
williamr@2	295
williamr@2	296
williamr@2	297	#include "securitydefs.inl"
williamr@2	298
williamr@2	299	#endif

author	William Roberts <williamr@symbian.org>
	Wed, 31 Mar 2010 12:33:34 +0100
branch	Symbian3
changeset 4	837f303aceeb
parent 2	2fe1408b6811
permissions	-rw-r--r--