1.1 --- a/epoc32/include/securitydefs.h Tue Nov 24 13:55:44 2009 +0000
1.2 +++ b/epoc32/include/securitydefs.h Tue Mar 16 16:12:26 2010 +0000
1.3 @@ -1,1 +1,447 @@
1.4 -securitydefs.h
1.5 +/*
1.6 +* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
1.7 +* All rights reserved.
1.8 +* This component and the accompanying materials are made available
1.9 +* under the terms of the License "Eclipse Public License v1.0"
1.10 +* which accompanies this distribution, and is available
1.11 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.12 +*
1.13 +* Initial Contributors:
1.14 +* Nokia Corporation - initial contribution.
1.15 +*
1.16 +* Contributors:
1.17 +*
1.18 +* Description:
1.19 +* General Security Definitions
1.20 +*
1.21 +*/
1.22 +
1.23 +
1.24 +
1.25 +
1.26 +/**
1.27 + @file
1.28 + @internalAll
1.29 +*/
1.30 +
1.31 +#ifndef __SECURITYDEFS_H__
1.32 +#define __SECURITYDEFS_H__
1.33 +
1.34 +#include <e32std.h>
1.35 +#include <e32base.h>
1.36 +
1.37 +/** General Security Definitions */
1.38 +
1.39 +// Old keystore interface, deprecated //////////////////////////////////////////
1.40 +
1.41 +/**
1.42 + * What a key can be used for.
1.43 + * The values this can take are defined in TKeyUsageVals.
1.44 + *
1.45 + * @publishedAll
1.46 + * @deprecated
1.47 + */
1.48 +typedef TInt TKeyUsage;
1.49 +
1.50 +/**
1.51 + * What a key can be used for.
1.52 + *
1.53 + * These values can be ORed together if a key has several usages. EAllKeyUsages
1.54 + * is used when searching for all keys, rather than ones with a particular
1.55 + * usage. As these can be combined, TKeyUsage is used to store them.
1.56 + *
1.57 + * @publishedAll
1.58 + * @deprecated
1.59 + */
1.60 +enum TKeyUsageVals
1.61 + {
1.62 + EDigitalSignature = 0x80000000,
1.63 + ENonRepudiation = 0x40000000,
1.64 + EKeyEncipherment = 0x20000000,
1.65 + EDataEncipherment = 0x10000000,
1.66 + EKeyAgreement = 0x08000000,
1.67 + EKeyCertSign = 0x04000000,
1.68 + ECRLSign = 0x02000000,
1.69 + EEncipherOnly = 0x01000000,
1.70 + EDecipherOnly = 0x00800000,
1.71 + EAllKeyUsages = -1
1.72 + };
1.73 +
1.74 +// End of deprecated keystore API //////////////////////////////////////////////
1.75 +
1.76 +/**
1.77 + * What a key can be used for - PKCS#15 scheme.
1.78 + *
1.79 + * @publishedAll
1.80 + * @released
1.81 + */
1.82 +enum TKeyUsagePKCS15
1.83 + {
1.84 + EPKCS15UsageEncrypt = 0x001,
1.85 + EPKCS15UsageDecrypt = 0x002,
1.86 + EPKCS15UsageSign = 0x004,
1.87 + EPKCS15UsageSignRecover = 0x008,
1.88 + EPKCS15UsageWrap = 0x010,
1.89 + EPKCS15UsageUnwrap = 0x020,
1.90 + EPKCS15UsageVerify = 0x040,
1.91 + EPKCS15UsageVerifyRecover = 0x080,
1.92 + EPKCS15UsageDerive = 0x100,
1.93 + EPKCS15UsageNonRepudiation = 0x200,
1.94 + // Common combinations
1.95 + EPKCS15UsageEncryptWrap = 0x011,
1.96 + EPKCS15UsageVerifyVerifyRecover = 0x0C0,
1.97 + EPKCS15UsageDecryptUnwrap = 0x022,
1.98 + EPKCS15UsageSignSignRecover = 0x00C,
1.99 + EPKCS15UsageVerifyEncrypt = 0x0D1,
1.100 + EPKCS15UsageSignDecrypt = 0x02E,
1.101 + // For use in filters to return all keys
1.102 + EPKCS15UsageAll = 0xffffffff,
1.103 + EPKCS15UsageNone = 0x00000000
1.104 + };
1.105 +
1.106 +inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
1.107 +inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
1.108 +inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
1.109 +inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
1.110 +
1.111 +/**
1.112 + * What a key can be used for - X.509 scheme.
1.113 + *
1.114 + * @publishedAll
1.115 + * @released
1.116 + */
1.117 +enum TKeyUsageX509
1.118 + {
1.119 + EX509UsageDigitalSignature = 0x80000000,
1.120 + EX509UsageNonRepudiation = 0x40000000,
1.121 + EX509UsageKeyEncipherment = 0x20000000,
1.122 + EX509UsageDataEncipherment = 0x10000000,
1.123 + EX509UsageKeyAgreement = 0x08000000,
1.124 + EX509UsageKeyCertSign = 0x04000000,
1.125 + EX509UsageCRLSign = 0x02000000,
1.126 + EX509UsageEncipherOnly = 0x01000000,
1.127 + EX509UsageDecipherOnly = 0x00800000,
1.128 + // Values for commonly permitted combinations
1.129 + EX509UsageAnySign = 0x86000000,
1.130 + EX509UsageAllEncipher = 0x30000000,
1.131 + EX509UsageAllSignEncipher = 0xB6000000,
1.132 + /// For use in filters to return all keys
1.133 + EX509UsageAll = 0xffffffff,
1.134 + EX509UsageNone = 0x00000000
1.135 + };
1.136 +
1.137 +inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
1.138 +inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
1.139 +inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
1.140 +inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
1.141 +
1.142 +/**
1.143 + *
1.144 + *
1.145 + * @param aUsage
1.146 + * @return
1.147 + */
1.148 +IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);
1.149 +
1.150 +/**
1.151 + *
1.152 + *
1.153 + * @param aUsage
1.154 + * @return
1.155 + */
1.156 +IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);
1.157 +
1.158 +/**
1.159 + *
1.160 + *
1.161 + * @param aUsage
1.162 + * @return
1.163 + */
1.164 +IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);
1.165 +
1.166 +/**
1.167 + * Supported types of certificate format. Note these must be only 1 byte long as
1.168 + * the file cert store only seralises them as 1 byte.
1.169 + *
1.170 + * @publishedAll
1.171 + * @released
1.172 + */
1.173 +enum TCertificateFormat
1.174 + {
1.175 + EX509Certificate = 0x00,
1.176 + EWTLSCertificate = 0x01,
1.177 + EX968Certificate = 0x02,
1.178 + EUnknownCertificate = 0x0f,
1.179 + EX509CertificateUrl = 0x10,
1.180 + EWTLSCertificateUrl = 0x11,
1.181 + EX968CertificateUrl = 0x12
1.182 + };
1.183 +
1.184 +/**
1.185 + * The owner of a certificate.
1.186 + *
1.187 + * @publishedAll
1.188 + * @released
1.189 + */
1.190 +enum TCertificateOwnerType
1.191 + {
1.192 + ECACertificate,
1.193 + EUserCertificate,
1.194 + EPeerCertificate
1.195 + };
1.196 +
1.197 +/** The length of a SHA-1 hash
1.198 + *
1.199 + * @publishedAll
1.200 + * @released
1.201 + */
1.202 +const TInt KSHA1HashLengthBytes = 20;
1.203 +
1.204 +/**
1.205 + * A SHA-1 hash.
1.206 + *
1.207 + * @publishedAll
1.208 + * @released
1.209 + */
1.210 +typedef TBuf8<KSHA1HashLengthBytes> TSHA1Hash;
1.211 +
1.212 +//const TInt KMD5HashLengthBytes = 16;
1.213 +//typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;
1.214 +
1.215 +/**
1.216 + * A SHA-1 hash is also used as a key identifier.
1.217 + *
1.218 + * @publishedAll
1.219 + * @released
1.220 + */
1.221 +typedef TSHA1Hash TKeyIdentifier;
1.222 +
1.223 +/**
1.224 + * Errors that can occur when validating a certificate chain.
1.225 + *
1.226 + * Except EValidatedOK, all these are fatal errors unless specified.
1.227 + *
1.228 + * @publishedAll
1.229 + * @released
1.230 + */
1.231 +enum TValidationError
1.232 + {
1.233 + /** Validation OK */
1.234 + EValidatedOK,
1.235 + /** Certificate chain has no root */
1.236 + EChainHasNoRoot,
1.237 + /** Invalid signature */
1.238 + ESignatureInvalid,
1.239 + /** Date out of range */
1.240 + EDateOutOfRange,
1.241 + /** Name is excluded */
1.242 + ENameIsExcluded,
1.243 + /** Name is not permitted */
1.244 + ENameNotPermitted, //subtle difference here!
1.245 + /** Not a CA certificate */
1.246 + ENotCACert,
1.247 + /** Certificate revoked */
1.248 + ECertificateRevoked,
1.249 + /** Unrecognized critical extension */
1.250 + EUnrecognizedCriticalExtension,
1.251 + /** No basic constraint in CA certificate */
1.252 + ENoBasicConstraintInCACert,
1.253 + /** No acceptable policy */
1.254 + ENoAcceptablePolicy,
1.255 + /** Path too long */
1.256 + EPathTooLong,
1.257 + /** Negative path length specified */
1.258 + ENegativePathLengthSpecified,
1.259 + /** Names do not chain */
1.260 + ENamesDontChain,
1.261 + /** Required policy not found */
1.262 + ERequiredPolicyNotFound,
1.263 + /** Bad key usage */
1.264 + EBadKeyUsage,
1.265 + /**
1.266 + * Root certificate not self-signed.
1.267 + *
1.268 + * We cannot tell if this is fatal or not, as we lack the context.
1.269 + */
1.270 + ERootCertNotSelfSigned,
1.271 + /**
1.272 + * Critical extended key usage
1.273 + *
1.274 + * We cannot tell if this is fatal or not, as we lack the context.
1.275 + */
1.276 + ECriticalExtendedKeyUsage,
1.277 + /**
1.278 + * Critical certificate policies with qualifiers
1.279 + *
1.280 + * We cannot tell if this is fatal or not, as we lack the context.
1.281 + */
1.282 + ECriticalCertPoliciesWithQualifiers,
1.283 + /**
1.284 + * Critical policy mapping
1.285 + *
1.286 + * We cannot tell if this is fatal or not, as we lack the context.
1.287 + */
1.288 + ECriticalPolicyMapping,
1.289 + /**
1.290 + * Critical Device Id
1.291 + *
1.292 + * We cannot tell if this is fatal or not, as we lack the context.
1.293 + */
1.294 + ECriticalDeviceId,
1.295 + /**
1.296 + * Critical Sid
1.297 + *
1.298 + * We cannot tell if this is fatal or not, as we lack the context.
1.299 + */
1.300 + ECriticalSid,
1.301 + /**
1.302 + * Critical Vid
1.303 + *
1.304 + * We cannot tell if this is fatal or not, as we lack the context.
1.305 + */
1.306 + ECriticalVid,
1.307 + /**
1.308 + * Critical Capabilities
1.309 + *
1.310 + * We cannot tell if this is fatal or not, as we lack the context.
1.311 + */
1.312 + ECriticalCapabilities
1.313 + };
1.314 +
1.315 +// Certificate Applicability UIDs
1.316 +
1.317 +/**
1.318 + * This UID is associated with certificates which are trusted for
1.319 + * software installation of native applications.
1.320 + *
1.321 + * @see MCertStore::Applications
1.322 + * @see MCTWritableCertStore::SetApplicability
1.323 + *
1.324 + * @publishedPartner
1.325 + * @released
1.326 + */
1.327 +const TUid KSwiApplicabilityUid = {0x100042AB};
1.328 +
1.329 +/**
1.330 + * This UID is associated with certificates which are trusted for
1.331 + * OCSP checks.
1.332 + *
1.333 + * @see MCertStore::Applications
1.334 + * @see MCTWritableCertStore::SetApplicability
1.335 + *
1.336 + * @publishedPartner
1.337 + * @released
1.338 + */
1.339 +const TUid KSwiOcspApplicabilityUid = {0x1000A8B6};
1.340 +
1.341 +/**
1.342 + * This UID is associated with certificates which are trusted for
1.343 + * Java midlet installation.
1.344 + *
1.345 + * @see MCertStore::Applications
1.346 + * @see MCTWritableCertStore::SetApplicability
1.347 + *
1.348 + * @publishedPartner
1.349 + * @released
1.350 + */
1.351 +const TUid KMidletInstallApplicabilityUid = {0x101F9B28};
1.352 +
1.353 +/**
1.354 + * This UID is associated with certificates which are trusted for
1.355 + * SSL/TLS connectivity.
1.356 + *
1.357 + * @see MCertStore::Applications
1.358 + * @see MCTWritableCertStore::SetApplicability
1.359 + *
1.360 + * @publishedPartner
1.361 + * @released
1.362 + */
1.363 +const TUid KTlsApplicabilityUid = {0x1000183D};
1.364 +
1.365 +/**
1.366 + * This OID is associated with X.509 certificates
1.367 + * trusted for TLS WWW server authentication.
1.368 + *
1.369 + * @publishedPartner
1.370 + * @released
1.371 + */
1.372 +_LIT(KServerAuthOID,"1.3.6.1.5.5.7.3.1");
1.373 +
1.374 +/**
1.375 + * This OID is associated with X.509 certificates
1.376 + * trusted for TLS WWW client authentication.
1.377 + *
1.378 + * @publishedPartner
1.379 + * @released
1.380 + */
1.381 + // SSL Client
1.382 + _LIT(KClientAuthOID,"1.3.6.1.5.5.7.3.2");
1.383 +
1.384 +/**
1.385 + * This OID is associated with X.509 certificates
1.386 + * trusted for signing of downloadable executable code.
1.387 + *
1.388 + * @publishedPartner
1.389 + * @released
1.390 + */
1.391 +_LIT(KCodeSigningOID,"1.3.6.1.5.5.7.3.3");
1.392 +
1.393 +/**
1.394 + * This OID is associated with X.509 certificates
1.395 + * trusted for email protection .
1.396 + *
1.397 + * @publishedPartner
1.398 + * @released
1.399 + */
1.400 +_LIT(KEmailProtectionOID,"1.3.6.1.5.5.7.3.4");
1.401 +
1.402 +/**
1.403 + * This OID is associated with X.509 certificates
1.404 + * trusted for Ipsec end system.
1.405 + *
1.406 + * @publishedPartner
1.407 + * @released
1.408 + */
1.409 +_LIT(KIpsecEndSystemOID,"1.3.6.1.5.5.7.3.5");
1.410 +
1.411 +/**
1.412 + * This OID is associated with X.509 certificates
1.413 + * trusted for Ipsec tunnel.
1.414 + *
1.415 + * @publishedPartner
1.416 + * @released
1.417 + */
1.418 +_LIT(KIpsecTunnelOID,"1.3.6.1.5.5.7.3.6");
1.419 +
1.420 +/**
1.421 + * This OID is associated with X.509 certificates
1.422 + * trusted for Ipsec user.
1.423 + *
1.424 + * @publishedPartner
1.425 + * @released
1.426 + */
1.427 +_LIT(KIpsecUserOID, "1.3.6.1.5.5.7.3.7");
1.428 +
1.429 +/**
1.430 + * This OID is associated with X.509 certificates
1.431 + * trusted for binding the hash of an object to a time.
1.432 + *
1.433 + * @publishedPartner
1.434 + * @released
1.435 + */
1.436 +_LIT(KTimeStampingOID,"1.3.6.1.5.5.7.3.8");
1.437 +
1.438 +/**
1.439 + * This OID is associated with X.509 certificates
1.440 + * trusted for signing OCSP responses.
1.441 + *
1.442 + * @publishedPartner
1.443 + * @released
1.444 + */
1.445 +_LIT(KOCSPSigningOID,"1.3.6.1.5.5.7.3.9");
1.446 +
1.447 +
1.448 +
1.449 +#include "securitydefs.inl"
1.450 +
1.451 +#endif