test: epoc32/include/securitydefs.h@837f303aceeb

     1 /*

     2 * Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of the License "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description:

    15 * General Security Definitions

    16 *

    17 */

    20 /**

    21  @file

    22  @publishedAll

    23  @released

    24 */

    26 #ifndef __SECURITYDEFS_H__

    27 #define __SECURITYDEFS_H__

    29 #include <e32std.h>

    30 #include <e32base.h>

    32 #ifndef SYMBIAN_ENABLE_SPLIT_HEADERS

    33 #include <securitydefsconst.h>

    34 #endif

    36 /** General Security Definitions */

    38 // Old keystore interface, deprecated //////////////////////////////////////////

    40 /**

    41  * What a key can be used for.

    42  * The values this can take are defined in TKeyUsageVals.

    43  *

    44  * @deprecated

    45  */

    46 typedef TInt TKeyUsage;

    48 /**

    49  * What a key can be used for.

    50  *

    51  * These values can be ORed together if a key has several usages. EAllKeyUsages

    52  * is used when searching for all keys, rather than ones with a particular

    53  * usage.  As these can be combined, TKeyUsage is used to store them.

    54  *

    55  * @deprecated

    56  */

    57 enum TKeyUsageVals

    58 	{

    59     EDigitalSignature =  0x80000000,

    60     ENonRepudiation =  0x40000000,

    61     EKeyEncipherment =  0x20000000,

    62     EDataEncipherment =  0x10000000,

    63     EKeyAgreement =   0x08000000,

    64     EKeyCertSign =   0x04000000,

    65     ECRLSign =    0x02000000,

    66     EEncipherOnly =   0x01000000,

    67     EDecipherOnly =   0x00800000,

    68     EAllKeyUsages =   -1

    69 	};

    71 // End of deprecated keystore API //////////////////////////////////////////////

    73 /**

    74  * What a key can be used for - PKCS#15 scheme.

    75  *

    76  */

    77 enum TKeyUsagePKCS15

    78 	{

    79 	EPKCS15UsageEncrypt				= 0x001,

    80 	EPKCS15UsageDecrypt				= 0x002,

    81 	EPKCS15UsageSign				= 0x004,

    82 	EPKCS15UsageSignRecover			= 0x008,

    83 	EPKCS15UsageWrap				= 0x010,

    84 	EPKCS15UsageUnwrap				= 0x020,

    85 	EPKCS15UsageVerify				= 0x040,

    86 	EPKCS15UsageVerifyRecover		= 0x080,

    87 	EPKCS15UsageDerive				= 0x100,

    88 	EPKCS15UsageNonRepudiation		= 0x200,

    89 	// Common combinations

    90 	EPKCS15UsageEncryptWrap         = 0x011,

    91 	EPKCS15UsageVerifyVerifyRecover = 0x0C0,

    92 	EPKCS15UsageDecryptUnwrap       = 0x022,

    93 	EPKCS15UsageSignSignRecover     = 0x00C,

    94 	EPKCS15UsageVerifyEncrypt       = 0x0D1,

    95 	EPKCS15UsageSignDecrypt         = 0x02E,

    96 	// For use in filters to return all keys

    97 	EPKCS15UsageAll					= 0xffffffff,

    98 	EPKCS15UsageNone				= 0x00000000

    99 	};

   101 inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);

   102 inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);

   103 inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);

   104 inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);

   106 /**

   107  * What a key can be used for - X.509 scheme.

   108  *

   109  */

   110 enum TKeyUsageX509

   111 	{

   112 	EX509UsageDigitalSignature		= 0x80000000,

   113 	EX509UsageNonRepudiation		= 0x40000000,

   114 	EX509UsageKeyEncipherment		= 0x20000000,

   115 	EX509UsageDataEncipherment		= 0x10000000,

   116 	EX509UsageKeyAgreement			= 0x08000000,

   117 	EX509UsageKeyCertSign			= 0x04000000,

   118 	EX509UsageCRLSign				= 0x02000000,

   119 	EX509UsageEncipherOnly			= 0x01000000,

   120 	EX509UsageDecipherOnly			= 0x00800000,

   121 	// Values for commonly permitted combinations

   122 	EX509UsageAnySign               = 0x86000000,

   123 	EX509UsageAllEncipher           = 0x30000000,

   124 	EX509UsageAllSignEncipher       = 0xB6000000,

   125 	/// For use in filters to return all keys

   126 	EX509UsageAll					= 0xffffffff,

   127 	EX509UsageNone					= 0x00000000

   128 	};

   130 inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);

   131 inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);

   132 inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);

   133 inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);

   135 /**

   136  *

   137  *

   138  * @param aUsage

   139  * @return

   140  */

   141 IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);

   143 /**

   144  *

   145  *

   146  * @param aUsage

   147  * @return

   148  */

   149 IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);

   151 /**

   152  *

   153  *

   154  * @param aUsage

   155  * @return

   156  */

   157 IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);

   159 /**

   160  * Supported types of certificate format. Note these must be only 1 byte long as

   161  * the file cert store only seralises them as 1 byte.

   162  *

   163  */

   164 enum TCertificateFormat

   165 	{

   166     EX509Certificate    = 0x00,

   167     EWTLSCertificate    = 0x01,

   168 	EX968Certificate    = 0x02,

   169 	EUnknownCertificate = 0x0f,

   170 	EX509CertificateUrl = 0x10,

   171 	EWTLSCertificateUrl = 0x11,

   172 	EX968CertificateUrl = 0x12

   173 	};

   175 /**

   176  * The owner of a certificate.

   177  *

   178  */

   179 enum TCertificateOwnerType

   180 	{

   181 	ECACertificate,

   182 	EUserCertificate,

   183 	EPeerCertificate

   184 	};

   186 /** The length of a SHA-1 hash

   187  *

   188  */

   189 const TInt KSHA1HashLengthBytes = 20;

   191 /**

   192  * A SHA-1 hash.

   193  *

   194  */

   195 typedef  TBuf8<KSHA1HashLengthBytes> TSHA1Hash;

   197 //const TInt KMD5HashLengthBytes = 16;

   198 //typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;

   200 /**

   201  * A SHA-1 hash is also used as a key identifier.

   202  *

   203  */

   204 typedef TSHA1Hash TKeyIdentifier;

   206 /**

   207  * Errors that can occur when validating a certificate chain.

   208  *

   209  * Except EValidatedOK, all these are fatal errors unless specified.

   210  *

   211  */

   212 enum TValidationError

   213 	{

   214 	/** Validation OK */

   215 	EValidatedOK,

   216 	/** Certificate chain has no root */

   217 	EChainHasNoRoot,

   218 	/** Invalid signature  */

   219 	ESignatureInvalid,

   220 	/** Date out of range */

   221 	EDateOutOfRange,

   222 	/** Name is excluded */

   223 	ENameIsExcluded,

   224 	/** Name is not permitted */

   225 	ENameNotPermitted,	//subtle difference here!

   226 	/** Not a CA certificate */

   227 	ENotCACert,

   228 	/** Certificate revoked */

   229 	ECertificateRevoked,

   230 	/** Unrecognized critical extension */

   231 	EUnrecognizedCriticalExtension,

   232 	/** No basic constraint in CA certificate */

   233 	ENoBasicConstraintInCACert,

   234 	/** No acceptable policy */

   235 	ENoAcceptablePolicy,

   236 	/** Path too long */

   237 	EPathTooLong,

   238 	/** Negative path length specified */

   239 	ENegativePathLengthSpecified,

   240 	/** Names do not chain */

   241 	ENamesDontChain,

   242 	/** Required policy not found */

   243 	ERequiredPolicyNotFound,

   244 	/** Bad key usage */

   245 	EBadKeyUsage,

   246 	/**

   247 	 * Root certificate not self-signed.

   248 	 *

   249 	 * We cannot tell if this is fatal or not, as we lack the context.

   250 	 */

   251 	ERootCertNotSelfSigned,

   252 	/**

   253 	 * Critical extended key usage

   254 	 *

   255 	 * We cannot tell if this is fatal or not, as we lack the context.

   256 	 */

   257 	ECriticalExtendedKeyUsage,

   258 	/**

   259 	 * Critical certificate policies with qualifiers

   260 	 *

   261 	 * We cannot tell if this is fatal or not, as we lack the context.

   262 	 */

   263 	ECriticalCertPoliciesWithQualifiers,

   264 	/**

   265 	 * Critical policy mapping

   266 	 *

   267 	 * We cannot tell if this is fatal or not, as we lack the context.

   268 	 */

   269 	ECriticalPolicyMapping,

   270 	/**

   271 	 * Critical Device Id

   272 	 *

   273 	 * We cannot tell if this is fatal or not, as we lack the context.

   274 	 */

   275 	ECriticalDeviceId,

   276 	/**

   277 	 * Critical Sid

   278 	 *

   279 	 * We cannot tell if this is fatal or not, as we lack the context.

   280 	 */

   281 	ECriticalSid,

   282 	/**

   283 	 * Critical Vid

   284 	 *

   285 	 * We cannot tell if this is fatal or not, as we lack the context.

   286 	 */

   287 	ECriticalVid,

   288 	/**

   289 	 * Critical Capabilities

   290 	 *

   291 	 * We cannot tell if this is fatal or not, as we lack the context.

   292 	 */

   293 	ECriticalCapabilities

   294 	};

   297 #include "securitydefs.inl"

   299 #endif

author	William Roberts <williamr@symbian.org>
	Wed, 31 Mar 2010 12:33:34 +0100
branch	Symbian3
changeset 4	837f303aceeb
parent 2	2fe1408b6811
permissions	-rw-r--r--