williamr@2: /* williamr@2: * Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies). williamr@2: * All rights reserved. williamr@2: * This component and the accompanying materials are made available williamr@2: * under the terms of the License "Eclipse Public License v1.0" williamr@2: * which accompanies this distribution, and is available williamr@2: * at the URL "http://www.eclipse.org/legal/epl-v10.html". williamr@2: * williamr@2: * Initial Contributors: williamr@2: * Nokia Corporation - initial contribution. williamr@2: * williamr@2: * Contributors: williamr@2: * williamr@2: * Description: williamr@2: * General Security Definitions williamr@2: * williamr@2: */ williamr@2: williamr@2: williamr@2: /** williamr@2: @file williamr@4: @publishedAll williamr@4: @released williamr@2: */ williamr@2: williamr@2: #ifndef __SECURITYDEFS_H__ williamr@2: #define __SECURITYDEFS_H__ williamr@2: williamr@2: #include williamr@2: #include williamr@2: williamr@4: #ifndef SYMBIAN_ENABLE_SPLIT_HEADERS williamr@4: #include williamr@4: #endif williamr@4: williamr@2: /** General Security Definitions */ williamr@2: williamr@2: // Old keystore interface, deprecated ////////////////////////////////////////// williamr@2: williamr@2: /** williamr@2: * What a key can be used for. williamr@2: * The values this can take are defined in TKeyUsageVals. williamr@2: * williamr@2: * @deprecated williamr@2: */ williamr@2: typedef TInt TKeyUsage; williamr@2: williamr@2: /** williamr@2: * What a key can be used for. williamr@2: * williamr@2: * These values can be ORed together if a key has several usages. EAllKeyUsages williamr@2: * is used when searching for all keys, rather than ones with a particular williamr@2: * usage. As these can be combined, TKeyUsage is used to store them. williamr@2: * williamr@2: * @deprecated williamr@2: */ williamr@2: enum TKeyUsageVals williamr@2: { williamr@2: EDigitalSignature = 0x80000000, williamr@2: ENonRepudiation = 0x40000000, williamr@2: EKeyEncipherment = 0x20000000, williamr@2: EDataEncipherment = 0x10000000, williamr@2: EKeyAgreement = 0x08000000, williamr@2: EKeyCertSign = 0x04000000, williamr@2: ECRLSign = 0x02000000, williamr@2: EEncipherOnly = 0x01000000, williamr@2: EDecipherOnly = 0x00800000, williamr@2: EAllKeyUsages = -1 williamr@2: }; williamr@2: williamr@2: // End of deprecated keystore API ////////////////////////////////////////////// williamr@2: williamr@2: /** williamr@2: * What a key can be used for - PKCS#15 scheme. williamr@2: * williamr@2: */ williamr@2: enum TKeyUsagePKCS15 williamr@2: { williamr@2: EPKCS15UsageEncrypt = 0x001, williamr@2: EPKCS15UsageDecrypt = 0x002, williamr@2: EPKCS15UsageSign = 0x004, williamr@2: EPKCS15UsageSignRecover = 0x008, williamr@2: EPKCS15UsageWrap = 0x010, williamr@2: EPKCS15UsageUnwrap = 0x020, williamr@2: EPKCS15UsageVerify = 0x040, williamr@2: EPKCS15UsageVerifyRecover = 0x080, williamr@2: EPKCS15UsageDerive = 0x100, williamr@2: EPKCS15UsageNonRepudiation = 0x200, williamr@2: // Common combinations williamr@2: EPKCS15UsageEncryptWrap = 0x011, williamr@2: EPKCS15UsageVerifyVerifyRecover = 0x0C0, williamr@2: EPKCS15UsageDecryptUnwrap = 0x022, williamr@2: EPKCS15UsageSignSignRecover = 0x00C, williamr@2: EPKCS15UsageVerifyEncrypt = 0x0D1, williamr@2: EPKCS15UsageSignDecrypt = 0x02E, williamr@2: // For use in filters to return all keys williamr@2: EPKCS15UsageAll = 0xffffffff, williamr@2: EPKCS15UsageNone = 0x00000000 williamr@2: }; williamr@2: williamr@2: inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight); williamr@2: inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight); williamr@2: inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight); williamr@2: inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight); williamr@2: williamr@2: /** williamr@2: * What a key can be used for - X.509 scheme. williamr@2: * williamr@2: */ williamr@2: enum TKeyUsageX509 williamr@2: { williamr@2: EX509UsageDigitalSignature = 0x80000000, williamr@2: EX509UsageNonRepudiation = 0x40000000, williamr@2: EX509UsageKeyEncipherment = 0x20000000, williamr@2: EX509UsageDataEncipherment = 0x10000000, williamr@2: EX509UsageKeyAgreement = 0x08000000, williamr@2: EX509UsageKeyCertSign = 0x04000000, williamr@2: EX509UsageCRLSign = 0x02000000, williamr@2: EX509UsageEncipherOnly = 0x01000000, williamr@2: EX509UsageDecipherOnly = 0x00800000, williamr@2: // Values for commonly permitted combinations williamr@2: EX509UsageAnySign = 0x86000000, williamr@2: EX509UsageAllEncipher = 0x30000000, williamr@2: EX509UsageAllSignEncipher = 0xB6000000, williamr@2: /// For use in filters to return all keys williamr@2: EX509UsageAll = 0xffffffff, williamr@2: EX509UsageNone = 0x00000000 williamr@2: }; williamr@2: williamr@2: inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight); williamr@2: inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight); williamr@2: inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight); williamr@2: inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight); williamr@2: williamr@2: /** williamr@2: * williamr@2: * williamr@2: * @param aUsage williamr@2: * @return williamr@2: */ williamr@2: IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage); williamr@2: williamr@2: /** williamr@2: * williamr@2: * williamr@2: * @param aUsage williamr@2: * @return williamr@2: */ williamr@2: IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage); williamr@2: williamr@2: /** williamr@2: * williamr@2: * williamr@2: * @param aUsage williamr@2: * @return williamr@2: */ williamr@2: IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage); williamr@2: williamr@2: /** williamr@2: * Supported types of certificate format. Note these must be only 1 byte long as williamr@2: * the file cert store only seralises them as 1 byte. williamr@2: * williamr@2: */ williamr@2: enum TCertificateFormat williamr@2: { williamr@2: EX509Certificate = 0x00, williamr@2: EWTLSCertificate = 0x01, williamr@2: EX968Certificate = 0x02, williamr@2: EUnknownCertificate = 0x0f, williamr@2: EX509CertificateUrl = 0x10, williamr@2: EWTLSCertificateUrl = 0x11, williamr@2: EX968CertificateUrl = 0x12 williamr@2: }; williamr@2: williamr@2: /** williamr@2: * The owner of a certificate. williamr@2: * williamr@2: */ williamr@2: enum TCertificateOwnerType williamr@2: { williamr@2: ECACertificate, williamr@2: EUserCertificate, williamr@2: EPeerCertificate williamr@2: }; williamr@2: williamr@2: /** The length of a SHA-1 hash williamr@2: * williamr@2: */ williamr@2: const TInt KSHA1HashLengthBytes = 20; williamr@2: williamr@2: /** williamr@2: * A SHA-1 hash. williamr@2: * williamr@2: */ williamr@2: typedef TBuf8 TSHA1Hash; williamr@2: williamr@2: //const TInt KMD5HashLengthBytes = 16; williamr@2: //typedef TMD5Hash TBufC8; williamr@2: williamr@2: /** williamr@2: * A SHA-1 hash is also used as a key identifier. williamr@2: * williamr@2: */ williamr@2: typedef TSHA1Hash TKeyIdentifier; williamr@2: williamr@2: /** williamr@2: * Errors that can occur when validating a certificate chain. williamr@2: * williamr@2: * Except EValidatedOK, all these are fatal errors unless specified. williamr@2: * williamr@2: */ williamr@2: enum TValidationError williamr@2: { williamr@2: /** Validation OK */ williamr@2: EValidatedOK, williamr@2: /** Certificate chain has no root */ williamr@2: EChainHasNoRoot, williamr@2: /** Invalid signature */ williamr@2: ESignatureInvalid, williamr@2: /** Date out of range */ williamr@2: EDateOutOfRange, williamr@2: /** Name is excluded */ williamr@2: ENameIsExcluded, williamr@2: /** Name is not permitted */ williamr@2: ENameNotPermitted, //subtle difference here! williamr@2: /** Not a CA certificate */ williamr@2: ENotCACert, williamr@2: /** Certificate revoked */ williamr@2: ECertificateRevoked, williamr@2: /** Unrecognized critical extension */ williamr@2: EUnrecognizedCriticalExtension, williamr@2: /** No basic constraint in CA certificate */ williamr@2: ENoBasicConstraintInCACert, williamr@2: /** No acceptable policy */ williamr@2: ENoAcceptablePolicy, williamr@2: /** Path too long */ williamr@2: EPathTooLong, williamr@2: /** Negative path length specified */ williamr@2: ENegativePathLengthSpecified, williamr@2: /** Names do not chain */ williamr@2: ENamesDontChain, williamr@2: /** Required policy not found */ williamr@2: ERequiredPolicyNotFound, williamr@2: /** Bad key usage */ williamr@2: EBadKeyUsage, williamr@2: /** williamr@2: * Root certificate not self-signed. williamr@2: * williamr@2: * We cannot tell if this is fatal or not, as we lack the context. williamr@2: */ williamr@2: ERootCertNotSelfSigned, williamr@2: /** williamr@2: * Critical extended key usage williamr@2: * williamr@2: * We cannot tell if this is fatal or not, as we lack the context. williamr@2: */ williamr@2: ECriticalExtendedKeyUsage, williamr@2: /** williamr@2: * Critical certificate policies with qualifiers williamr@2: * williamr@2: * We cannot tell if this is fatal or not, as we lack the context. williamr@2: */ williamr@2: ECriticalCertPoliciesWithQualifiers, williamr@2: /** williamr@2: * Critical policy mapping williamr@2: * williamr@2: * We cannot tell if this is fatal or not, as we lack the context. williamr@2: */ williamr@2: ECriticalPolicyMapping, williamr@2: /** williamr@2: * Critical Device Id williamr@2: * williamr@2: * We cannot tell if this is fatal or not, as we lack the context. williamr@2: */ williamr@2: ECriticalDeviceId, williamr@2: /** williamr@2: * Critical Sid williamr@2: * williamr@2: * We cannot tell if this is fatal or not, as we lack the context. williamr@2: */ williamr@2: ECriticalSid, williamr@2: /** williamr@2: * Critical Vid williamr@2: * williamr@2: * We cannot tell if this is fatal or not, as we lack the context. williamr@2: */ williamr@2: ECriticalVid, williamr@2: /** williamr@2: * Critical Capabilities williamr@2: * williamr@2: * We cannot tell if this is fatal or not, as we lack the context. williamr@2: */ williamr@2: ECriticalCapabilities williamr@2: }; williamr@2: williamr@2: williamr@2: #include "securitydefs.inl" williamr@2: williamr@2: #endif