epoc32/include/securitydefs.h
author William Roberts <williamr@symbian.org>
Tue, 16 Mar 2010 16:12:26 +0000
branchSymbian2
changeset 2 2fe1408b6811
parent 0 061f57f2323e
child 4 837f303aceeb
permissions -rw-r--r--
Final list of Symbian^2 public API header files
     1 /*
     2 * Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
     3 * All rights reserved.
     4 * This component and the accompanying materials are made available
     5 * under the terms of the License "Eclipse Public License v1.0"
     6 * which accompanies this distribution, and is available
     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
     8 *
     9 * Initial Contributors:
    10 * Nokia Corporation - initial contribution.
    11 *
    12 * Contributors:
    13 *
    14 * Description: 
    15 * General Security Definitions
    16 *
    17 */
    18 
    19 
    20 
    21 
    22 /**
    23  @file 
    24  @internalAll
    25 */
    26  
    27 #ifndef __SECURITYDEFS_H__
    28 #define __SECURITYDEFS_H__
    29 
    30 #include <e32std.h>
    31 #include <e32base.h>
    32 
    33 /** General Security Definitions */
    34 
    35 // Old keystore interface, deprecated //////////////////////////////////////////
    36 
    37 /**
    38  * What a key can be used for.
    39  * The values this can take are defined in TKeyUsageVals.
    40  *
    41  * @publishedAll
    42  * @deprecated
    43  */
    44 typedef TInt TKeyUsage;
    45 
    46 /**
    47  * What a key can be used for.
    48  *
    49  * These values can be ORed together if a key has several usages. EAllKeyUsages
    50  * is used when searching for all keys, rather than ones with a particular
    51  * usage.  As these can be combined, TKeyUsage is used to store them.
    52  *
    53  * @publishedAll
    54  * @deprecated
    55  */
    56 enum TKeyUsageVals
    57 	{
    58     EDigitalSignature =  0x80000000,
    59     ENonRepudiation =  0x40000000,
    60     EKeyEncipherment =  0x20000000,
    61     EDataEncipherment =  0x10000000,
    62     EKeyAgreement =   0x08000000,
    63     EKeyCertSign =   0x04000000,
    64     ECRLSign =    0x02000000,
    65     EEncipherOnly =   0x01000000,
    66     EDecipherOnly =   0x00800000,
    67     EAllKeyUsages =   -1
    68 	};
    69 
    70 // End of deprecated keystore API //////////////////////////////////////////////
    71 
    72 /**
    73  * What a key can be used for - PKCS#15 scheme.
    74  *
    75  * @publishedAll
    76  * @released
    77  */
    78 enum TKeyUsagePKCS15
    79 	{
    80 	EPKCS15UsageEncrypt				= 0x001,
    81 	EPKCS15UsageDecrypt				= 0x002,
    82 	EPKCS15UsageSign				= 0x004,
    83 	EPKCS15UsageSignRecover			= 0x008,
    84 	EPKCS15UsageWrap				= 0x010,
    85 	EPKCS15UsageUnwrap				= 0x020,	
    86 	EPKCS15UsageVerify				= 0x040,
    87 	EPKCS15UsageVerifyRecover		= 0x080,
    88 	EPKCS15UsageDerive				= 0x100,
    89 	EPKCS15UsageNonRepudiation		= 0x200,
    90 	// Common combinations
    91 	EPKCS15UsageEncryptWrap         = 0x011,
    92 	EPKCS15UsageVerifyVerifyRecover = 0x0C0,
    93 	EPKCS15UsageDecryptUnwrap       = 0x022,
    94 	EPKCS15UsageSignSignRecover     = 0x00C,
    95 	EPKCS15UsageVerifyEncrypt       = 0x0D1,
    96 	EPKCS15UsageSignDecrypt         = 0x02E,
    97 	// For use in filters to return all keys
    98 	EPKCS15UsageAll					= 0xffffffff,
    99 	EPKCS15UsageNone				= 0x00000000
   100 	};
   101 
   102 inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
   103 inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
   104 inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
   105 inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
   106 
   107 /**
   108  * What a key can be used for - X.509 scheme.
   109  *
   110  * @publishedAll
   111  * @released
   112  */
   113 enum TKeyUsageX509
   114 	{
   115 	EX509UsageDigitalSignature		= 0x80000000,
   116 	EX509UsageNonRepudiation		= 0x40000000,
   117 	EX509UsageKeyEncipherment		= 0x20000000,
   118 	EX509UsageDataEncipherment		= 0x10000000,
   119 	EX509UsageKeyAgreement			= 0x08000000,
   120 	EX509UsageKeyCertSign			= 0x04000000,
   121 	EX509UsageCRLSign				= 0x02000000,
   122 	EX509UsageEncipherOnly			= 0x01000000,
   123 	EX509UsageDecipherOnly			= 0x00800000,
   124 	// Values for commonly permitted combinations
   125 	EX509UsageAnySign               = 0x86000000,
   126 	EX509UsageAllEncipher           = 0x30000000,
   127 	EX509UsageAllSignEncipher       = 0xB6000000,
   128 	/// For use in filters to return all keys
   129 	EX509UsageAll					= 0xffffffff,
   130 	EX509UsageNone					= 0x00000000
   131 	};
   132 
   133 inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
   134 inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
   135 inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
   136 inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
   137 
   138 /** 
   139  *
   140  *
   141  * @param aUsage
   142  * @return
   143  */
   144 IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);
   145 
   146 /** 
   147  *
   148  *
   149  * @param aUsage
   150  * @return
   151  */
   152 IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);
   153 
   154 /** 
   155  *
   156  *
   157  * @param aUsage
   158  * @return
   159  */
   160 IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);
   161 
   162 /**
   163  * Supported types of certificate format. Note these must be only 1 byte long as
   164  * the file cert store only seralises them as 1 byte.
   165  * 
   166  * @publishedAll
   167  * @released
   168  */
   169 enum TCertificateFormat
   170 	{
   171     EX509Certificate    = 0x00,
   172     EWTLSCertificate    = 0x01,
   173 	EX968Certificate    = 0x02,
   174 	EUnknownCertificate = 0x0f,
   175 	EX509CertificateUrl = 0x10,
   176 	EWTLSCertificateUrl = 0x11,
   177 	EX968CertificateUrl = 0x12
   178 	};
   179 
   180 /**
   181  * The owner of a certificate.
   182  * 
   183  * @publishedAll
   184  * @released
   185  */
   186 enum TCertificateOwnerType
   187 	{
   188 	ECACertificate,
   189 	EUserCertificate,
   190 	EPeerCertificate
   191 	};
   192 
   193 /** The length of a SHA-1 hash 
   194  * 
   195  * @publishedAll
   196  * @released
   197  */
   198 const TInt KSHA1HashLengthBytes = 20;
   199 
   200 /**
   201  * A SHA-1 hash.
   202  * 
   203  * @publishedAll
   204  * @released
   205  */
   206 typedef  TBuf8<KSHA1HashLengthBytes> TSHA1Hash;
   207 
   208 //const TInt KMD5HashLengthBytes = 16;
   209 //typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;
   210 
   211 /**
   212  * A SHA-1 hash is also used as a key identifier.
   213  * 
   214  * @publishedAll
   215  * @released
   216  */
   217 typedef TSHA1Hash TKeyIdentifier;
   218 
   219 /**
   220  * Errors that can occur when validating a certificate chain.
   221  * 
   222  * Except EValidatedOK, all these are fatal errors unless specified.
   223  *
   224  * @publishedAll
   225  * @released
   226  */
   227 enum TValidationError
   228 	{
   229 	/** Validation OK */
   230 	EValidatedOK,
   231 	/** Certificate chain has no root */
   232 	EChainHasNoRoot,
   233 	/** Invalid signature  */
   234 	ESignatureInvalid,
   235 	/** Date out of range */
   236 	EDateOutOfRange,
   237 	/** Name is excluded */
   238 	ENameIsExcluded,
   239 	/** Name is not permitted */
   240 	ENameNotPermitted,	//subtle difference here!
   241 	/** Not a CA certificate */
   242 	ENotCACert,
   243 	/** Certificate revoked */
   244 	ECertificateRevoked,
   245 	/** Unrecognized critical extension */
   246 	EUnrecognizedCriticalExtension,
   247 	/** No basic constraint in CA certificate */
   248 	ENoBasicConstraintInCACert,
   249 	/** No acceptable policy */
   250 	ENoAcceptablePolicy,
   251 	/** Path too long */
   252 	EPathTooLong,
   253 	/** Negative path length specified */
   254 	ENegativePathLengthSpecified,
   255 	/** Names do not chain */
   256 	ENamesDontChain,
   257 	/** Required policy not found */
   258 	ERequiredPolicyNotFound,
   259 	/** Bad key usage */
   260 	EBadKeyUsage,
   261 	/** 
   262 	 * Root certificate not self-signed.
   263 	 * 
   264 	 * We cannot tell if this is fatal or not, as we lack the context.
   265 	 */
   266 	ERootCertNotSelfSigned,
   267 	/** 
   268 	 * Critical extended key usage
   269 	 * 
   270 	 * We cannot tell if this is fatal or not, as we lack the context.
   271 	 */
   272 	ECriticalExtendedKeyUsage,
   273 	/** 
   274 	 * Critical certificate policies with qualifiers
   275 	 * 
   276 	 * We cannot tell if this is fatal or not, as we lack the context.
   277 	 */
   278 	ECriticalCertPoliciesWithQualifiers,
   279 	/** 
   280 	 * Critical policy mapping
   281 	 * 
   282 	 * We cannot tell if this is fatal or not, as we lack the context.
   283 	 */
   284 	ECriticalPolicyMapping,
   285 	/** 
   286 	 * Critical Device Id
   287 	 * 
   288 	 * We cannot tell if this is fatal or not, as we lack the context.
   289 	 */
   290 	ECriticalDeviceId,
   291 	/** 
   292 	 * Critical Sid
   293 	 * 
   294 	 * We cannot tell if this is fatal or not, as we lack the context.
   295 	 */
   296 	ECriticalSid,
   297 	/** 
   298 	 * Critical Vid
   299 	 * 
   300 	 * We cannot tell if this is fatal or not, as we lack the context.
   301 	 */
   302 	ECriticalVid,
   303 	/** 
   304 	 * Critical Capabilities
   305 	 * 
   306 	 * We cannot tell if this is fatal or not, as we lack the context.
   307 	 */
   308 	ECriticalCapabilities
   309 	};
   310 
   311 // Certificate Applicability UIDs
   312 
   313 /**
   314  * This UID is associated with certificates which are trusted for 
   315  * software installation of native applications. 
   316  *
   317  * @see MCertStore::Applications
   318  * @see MCTWritableCertStore::SetApplicability
   319  *
   320  * @publishedPartner
   321  * @released
   322  */
   323 const TUid KSwiApplicabilityUid = {0x100042AB};
   324 
   325 /**
   326  * This UID is associated with certificates which are trusted for 
   327  * OCSP checks.
   328  *
   329  * @see MCertStore::Applications
   330  * @see MCTWritableCertStore::SetApplicability
   331  *
   332  * @publishedPartner
   333  * @released
   334  */
   335 const TUid KSwiOcspApplicabilityUid = {0x1000A8B6};
   336 
   337 /**
   338  * This UID is associated with certificates which are trusted for 
   339  * Java midlet installation.
   340  *
   341  * @see MCertStore::Applications
   342  * @see MCTWritableCertStore::SetApplicability
   343  *
   344  * @publishedPartner
   345  * @released
   346  */
   347 const TUid KMidletInstallApplicabilityUid = {0x101F9B28};
   348 
   349 /**
   350  * This UID is associated with certificates which are trusted for 
   351  * SSL/TLS connectivity.
   352  *
   353  * @see MCertStore::Applications
   354  * @see MCTWritableCertStore::SetApplicability
   355  *
   356  * @publishedPartner
   357  * @released
   358  */
   359 const TUid KTlsApplicabilityUid = {0x1000183D};
   360 
   361 /**
   362  * This OID is associated with X.509 certificates
   363  * trusted for TLS WWW server authentication.
   364  *
   365  * @publishedPartner
   366  * @released
   367  */
   368 _LIT(KServerAuthOID,"1.3.6.1.5.5.7.3.1");
   369 
   370 /**
   371  * This OID is associated with X.509 certificates
   372  * trusted for TLS WWW client authentication.
   373  *
   374  * @publishedPartner
   375  * @released
   376  */
   377  // SSL Client
   378  _LIT(KClientAuthOID,"1.3.6.1.5.5.7.3.2");
   379 
   380 /**
   381  * This OID is associated with X.509 certificates
   382  * trusted for signing of downloadable executable code.
   383  *
   384  * @publishedPartner
   385  * @released
   386  */
   387 _LIT(KCodeSigningOID,"1.3.6.1.5.5.7.3.3");
   388 
   389 /**
   390  * This OID is associated with X.509 certificates
   391  * trusted for email protection .
   392  *
   393  * @publishedPartner
   394  * @released
   395  */
   396 _LIT(KEmailProtectionOID,"1.3.6.1.5.5.7.3.4");
   397 
   398 /**
   399  * This OID is associated with X.509 certificates
   400  * trusted for Ipsec end system.
   401  *
   402  * @publishedPartner
   403  * @released
   404  */
   405 _LIT(KIpsecEndSystemOID,"1.3.6.1.5.5.7.3.5");
   406 
   407 /**
   408  * This OID is associated with X.509 certificates
   409  * trusted for Ipsec tunnel.
   410  *
   411  * @publishedPartner
   412  * @released
   413  */
   414 _LIT(KIpsecTunnelOID,"1.3.6.1.5.5.7.3.6");
   415 
   416 /**
   417  * This OID is associated with X.509 certificates
   418  * trusted for Ipsec user.
   419  *
   420  * @publishedPartner
   421  * @released
   422  */
   423 _LIT(KIpsecUserOID, "1.3.6.1.5.5.7.3.7");
   424 
   425 /**
   426  * This OID is associated with X.509 certificates
   427  * trusted for binding the hash of an object to a time.
   428  *
   429  * @publishedPartner
   430  * @released
   431  */
   432 _LIT(KTimeStampingOID,"1.3.6.1.5.5.7.3.8");
   433 
   434 /**
   435  * This OID is associated with X.509 certificates
   436  * trusted for signing OCSP responses.
   437  *
   438  * @publishedPartner
   439  * @released
   440  */
   441 _LIT(KOCSPSigningOID,"1.3.6.1.5.5.7.3.9");
   442 
   443 
   444 
   445 #include "securitydefs.inl"
   446 
   447 #endif