Mercurialtest / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
epoc32/include/securitydefs.h
author William Roberts <williamr@symbian.org>
Tue, 16 Mar 2010 16:12:26 +0000
branchSymbian2
changeset 2 2fe1408b6811
parent 0 061f57f2323e
child 4 837f303aceeb
permissions -rw-r--r--
Final list of Symbian^2 public API header files 
     1 /*

     2 * Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of the License "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description: 

    15 * General Security Definitions

    16 *

    17 */

    18 

    19 

    20 

    21 

    22 /**

    23  @file 

    24  @internalAll

    25 */

    26  

    27 #ifndef __SECURITYDEFS_H__

    28 #define __SECURITYDEFS_H__

    29 

    30 #include <e32std.h>

    31 #include <e32base.h>

    32 

    33 /** General Security Definitions */

    34 

    35 // Old keystore interface, deprecated //////////////////////////////////////////

    36 

    37 /**

    38  * What a key can be used for.

    39  * The values this can take are defined in TKeyUsageVals.

    40  *

    41  * @publishedAll

    42  * @deprecated

    43  */

    44 typedef TInt TKeyUsage;

    45 

    46 /**

    47  * What a key can be used for.

    48  *

    49  * These values can be ORed together if a key has several usages. EAllKeyUsages

    50  * is used when searching for all keys, rather than ones with a particular

    51  * usage.  As these can be combined, TKeyUsage is used to store them.

    52  *

    53  * @publishedAll

    54  * @deprecated

    55  */

    56 enum TKeyUsageVals

    57 	{

    58     EDigitalSignature =  0x80000000,

    59     ENonRepudiation =  0x40000000,

    60     EKeyEncipherment =  0x20000000,

    61     EDataEncipherment =  0x10000000,

    62     EKeyAgreement =   0x08000000,

    63     EKeyCertSign =   0x04000000,

    64     ECRLSign =    0x02000000,

    65     EEncipherOnly =   0x01000000,

    66     EDecipherOnly =   0x00800000,

    67     EAllKeyUsages =   -1

    68 	};

    69 

    70 // End of deprecated keystore API //////////////////////////////////////////////

    71 

    72 /**

    73  * What a key can be used for - PKCS#15 scheme.

    74  *

    75  * @publishedAll

    76  * @released

    77  */

    78 enum TKeyUsagePKCS15

    79 	{

    80 	EPKCS15UsageEncrypt				= 0x001,

    81 	EPKCS15UsageDecrypt				= 0x002,

    82 	EPKCS15UsageSign				= 0x004,

    83 	EPKCS15UsageSignRecover			= 0x008,

    84 	EPKCS15UsageWrap				= 0x010,

    85 	EPKCS15UsageUnwrap				= 0x020,	

    86 	EPKCS15UsageVerify				= 0x040,

    87 	EPKCS15UsageVerifyRecover		= 0x080,

    88 	EPKCS15UsageDerive				= 0x100,

    89 	EPKCS15UsageNonRepudiation		= 0x200,

    90 	// Common combinations

    91 	EPKCS15UsageEncryptWrap         = 0x011,

    92 	EPKCS15UsageVerifyVerifyRecover = 0x0C0,

    93 	EPKCS15UsageDecryptUnwrap       = 0x022,

    94 	EPKCS15UsageSignSignRecover     = 0x00C,

    95 	EPKCS15UsageVerifyEncrypt       = 0x0D1,

    96 	EPKCS15UsageSignDecrypt         = 0x02E,

    97 	// For use in filters to return all keys

    98 	EPKCS15UsageAll					= 0xffffffff,

    99 	EPKCS15UsageNone				= 0x00000000

   100 	};

   101 

   102 inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);

   103 inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);

   104 inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);

   105 inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);

   106 

   107 /**

   108  * What a key can be used for - X.509 scheme.

   109  *

   110  * @publishedAll

   111  * @released

   112  */

   113 enum TKeyUsageX509

   114 	{

   115 	EX509UsageDigitalSignature		= 0x80000000,

   116 	EX509UsageNonRepudiation		= 0x40000000,

   117 	EX509UsageKeyEncipherment		= 0x20000000,

   118 	EX509UsageDataEncipherment		= 0x10000000,

   119 	EX509UsageKeyAgreement			= 0x08000000,

   120 	EX509UsageKeyCertSign			= 0x04000000,

   121 	EX509UsageCRLSign				= 0x02000000,

   122 	EX509UsageEncipherOnly			= 0x01000000,

   123 	EX509UsageDecipherOnly			= 0x00800000,

   124 	// Values for commonly permitted combinations

   125 	EX509UsageAnySign               = 0x86000000,

   126 	EX509UsageAllEncipher           = 0x30000000,

   127 	EX509UsageAllSignEncipher       = 0xB6000000,

   128 	/// For use in filters to return all keys

   129 	EX509UsageAll					= 0xffffffff,

   130 	EX509UsageNone					= 0x00000000

   131 	};

   132 

   133 inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);

   134 inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);

   135 inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);

   136 inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);

   137 

   138 /** 

   139  *

   140  *

   141  * @param aUsage

   142  * @return

   143  */

   144 IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);

   145 

   146 /** 

   147  *

   148  *

   149  * @param aUsage

   150  * @return

   151  */

   152 IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);

   153 

   154 /** 

   155  *

   156  *

   157  * @param aUsage

   158  * @return

   159  */

   160 IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);

   161 

   162 /**

   163  * Supported types of certificate format. Note these must be only 1 byte long as

   164  * the file cert store only seralises them as 1 byte.

   165  * 

   166  * @publishedAll

   167  * @released

   168  */

   169 enum TCertificateFormat

   170 	{

   171     EX509Certificate    = 0x00,

   172     EWTLSCertificate    = 0x01,

   173 	EX968Certificate    = 0x02,

   174 	EUnknownCertificate = 0x0f,

   175 	EX509CertificateUrl = 0x10,

   176 	EWTLSCertificateUrl = 0x11,

   177 	EX968CertificateUrl = 0x12

   178 	};

   179 

   180 /**

   181  * The owner of a certificate.

   182  * 

   183  * @publishedAll

   184  * @released

   185  */

   186 enum TCertificateOwnerType

   187 	{

   188 	ECACertificate,

   189 	EUserCertificate,

   190 	EPeerCertificate

   191 	};

   192 

   193 /** The length of a SHA-1 hash 

   194  * 

   195  * @publishedAll

   196  * @released

   197  */

   198 const TInt KSHA1HashLengthBytes = 20;

   199 

   200 /**

   201  * A SHA-1 hash.

   202  * 

   203  * @publishedAll

   204  * @released

   205  */

   206 typedef  TBuf8<KSHA1HashLengthBytes> TSHA1Hash;

   207 

   208 //const TInt KMD5HashLengthBytes = 16;

   209 //typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;

   210 

   211 /**

   212  * A SHA-1 hash is also used as a key identifier.

   213  * 

   214  * @publishedAll

   215  * @released

   216  */

   217 typedef TSHA1Hash TKeyIdentifier;

   218 

   219 /**

   220  * Errors that can occur when validating a certificate chain.

   221  * 

   222  * Except EValidatedOK, all these are fatal errors unless specified.

   223  *

   224  * @publishedAll

   225  * @released

   226  */

   227 enum TValidationError

   228 	{

   229 	/** Validation OK */

   230 	EValidatedOK,

   231 	/** Certificate chain has no root */

   232 	EChainHasNoRoot,

   233 	/** Invalid signature  */

   234 	ESignatureInvalid,

   235 	/** Date out of range */

   236 	EDateOutOfRange,

   237 	/** Name is excluded */

   238 	ENameIsExcluded,

   239 	/** Name is not permitted */

   240 	ENameNotPermitted,	//subtle difference here!

   241 	/** Not a CA certificate */

   242 	ENotCACert,

   243 	/** Certificate revoked */

   244 	ECertificateRevoked,

   245 	/** Unrecognized critical extension */

   246 	EUnrecognizedCriticalExtension,

   247 	/** No basic constraint in CA certificate */

   248 	ENoBasicConstraintInCACert,

   249 	/** No acceptable policy */

   250 	ENoAcceptablePolicy,

   251 	/** Path too long */

   252 	EPathTooLong,

   253 	/** Negative path length specified */

   254 	ENegativePathLengthSpecified,

   255 	/** Names do not chain */

   256 	ENamesDontChain,

   257 	/** Required policy not found */

   258 	ERequiredPolicyNotFound,

   259 	/** Bad key usage */

   260 	EBadKeyUsage,

   261 	/** 

   262 	 * Root certificate not self-signed.

   263 	 * 

   264 	 * We cannot tell if this is fatal or not, as we lack the context.

   265 	 */

   266 	ERootCertNotSelfSigned,

   267 	/** 

   268 	 * Critical extended key usage

   269 	 * 

   270 	 * We cannot tell if this is fatal or not, as we lack the context.

   271 	 */

   272 	ECriticalExtendedKeyUsage,

   273 	/** 

   274 	 * Critical certificate policies with qualifiers

   275 	 * 

   276 	 * We cannot tell if this is fatal or not, as we lack the context.

   277 	 */

   278 	ECriticalCertPoliciesWithQualifiers,

   279 	/** 

   280 	 * Critical policy mapping

   281 	 * 

   282 	 * We cannot tell if this is fatal or not, as we lack the context.

   283 	 */

   284 	ECriticalPolicyMapping,

   285 	/** 

   286 	 * Critical Device Id

   287 	 * 

   288 	 * We cannot tell if this is fatal or not, as we lack the context.

   289 	 */

   290 	ECriticalDeviceId,

   291 	/** 

   292 	 * Critical Sid

   293 	 * 

   294 	 * We cannot tell if this is fatal or not, as we lack the context.

   295 	 */

   296 	ECriticalSid,

   297 	/** 

   298 	 * Critical Vid

   299 	 * 

   300 	 * We cannot tell if this is fatal or not, as we lack the context.

   301 	 */

   302 	ECriticalVid,

   303 	/** 

   304 	 * Critical Capabilities

   305 	 * 

   306 	 * We cannot tell if this is fatal or not, as we lack the context.

   307 	 */

   308 	ECriticalCapabilities

   309 	};

   310 

   311 // Certificate Applicability UIDs

   312 

   313 /**

   314  * This UID is associated with certificates which are trusted for 

   315  * software installation of native applications. 

   316  *

   317  * @see MCertStore::Applications

   318  * @see MCTWritableCertStore::SetApplicability

   319  *

   320  * @publishedPartner

   321  * @released

   322  */

   323 const TUid KSwiApplicabilityUid = {0x100042AB};

   324 

   325 /**

   326  * This UID is associated with certificates which are trusted for 

   327  * OCSP checks.

   328  *

   329  * @see MCertStore::Applications

   330  * @see MCTWritableCertStore::SetApplicability

   331  *

   332  * @publishedPartner

   333  * @released

   334  */

   335 const TUid KSwiOcspApplicabilityUid = {0x1000A8B6};

   336 

   337 /**

   338  * This UID is associated with certificates which are trusted for 

   339  * Java midlet installation.

   340  *

   341  * @see MCertStore::Applications

   342  * @see MCTWritableCertStore::SetApplicability

   343  *

   344  * @publishedPartner

   345  * @released

   346  */

   347 const TUid KMidletInstallApplicabilityUid = {0x101F9B28};

   348 

   349 /**

   350  * This UID is associated with certificates which are trusted for 

   351  * SSL/TLS connectivity.

   352  *

   353  * @see MCertStore::Applications

   354  * @see MCTWritableCertStore::SetApplicability

   355  *

   356  * @publishedPartner

   357  * @released

   358  */

   359 const TUid KTlsApplicabilityUid = {0x1000183D};

   360 

   361 /**

   362  * This OID is associated with X.509 certificates

   363  * trusted for TLS WWW server authentication.

   364  *

   365  * @publishedPartner

   366  * @released

   367  */

   368 _LIT(KServerAuthOID,"1.3.6.1.5.5.7.3.1");

   369 

   370 /**

   371  * This OID is associated with X.509 certificates

   372  * trusted for TLS WWW client authentication.

   373  *

   374  * @publishedPartner

   375  * @released

   376  */

   377  // SSL Client

   378  _LIT(KClientAuthOID,"1.3.6.1.5.5.7.3.2");

   379 

   380 /**

   381  * This OID is associated with X.509 certificates

   382  * trusted for signing of downloadable executable code.

   383  *

   384  * @publishedPartner

   385  * @released

   386  */

   387 _LIT(KCodeSigningOID,"1.3.6.1.5.5.7.3.3");

   388 

   389 /**

   390  * This OID is associated with X.509 certificates

   391  * trusted for email protection .

   392  *

   393  * @publishedPartner

   394  * @released

   395  */

   396 _LIT(KEmailProtectionOID,"1.3.6.1.5.5.7.3.4");

   397 

   398 /**

   399  * This OID is associated with X.509 certificates

   400  * trusted for Ipsec end system.

   401  *

   402  * @publishedPartner

   403  * @released

   404  */

   405 _LIT(KIpsecEndSystemOID,"1.3.6.1.5.5.7.3.5");

   406 

   407 /**

   408  * This OID is associated with X.509 certificates

   409  * trusted for Ipsec tunnel.

   410  *

   411  * @publishedPartner

   412  * @released

   413  */

   414 _LIT(KIpsecTunnelOID,"1.3.6.1.5.5.7.3.6");

   415 

   416 /**

   417  * This OID is associated with X.509 certificates

   418  * trusted for Ipsec user.

   419  *

   420  * @publishedPartner

   421  * @released

   422  */

   423 _LIT(KIpsecUserOID, "1.3.6.1.5.5.7.3.7");

   424 

   425 /**

   426  * This OID is associated with X.509 certificates

   427  * trusted for binding the hash of an object to a time.

   428  *

   429  * @publishedPartner

   430  * @released

   431  */

   432 _LIT(KTimeStampingOID,"1.3.6.1.5.5.7.3.8");

   433 

   434 /**

   435  * This OID is associated with X.509 certificates

   436  * trusted for signing OCSP responses.

   437  *

   438  * @publishedPartner

   439  * @released

   440  */

   441 _LIT(KOCSPSigningOID,"1.3.6.1.5.5.7.3.9");

   442 

   443 

   444 

   445 #include "securitydefs.inl"

   446 

   447 #endif
test