--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/cryptomgmtlibs/cryptotokenfw/inc/securitydefs.h Wed Jul 08 11:25:26 2009 +0100
@@ -0,0 +1,447 @@
+/*
+* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+* General Security Definitions
+*
+*/
+
+
+
+
+/**
+ @file
+ @internalAll
+*/
+
+#ifndef __SECURITYDEFS_H__
+#define __SECURITYDEFS_H__
+
+#include <e32std.h>
+#include <e32base.h>
+
+/** General Security Definitions */
+
+// Old keystore interface, deprecated //////////////////////////////////////////
+
+/**
+ * What a key can be used for.
+ * The values this can take are defined in TKeyUsageVals.
+ *
+ * @publishedAll
+ * @deprecated
+ */
+typedef TInt TKeyUsage;
+
+/**
+ * What a key can be used for.
+ *
+ * These values can be ORed together if a key has several usages. EAllKeyUsages
+ * is used when searching for all keys, rather than ones with a particular
+ * usage. As these can be combined, TKeyUsage is used to store them.
+ *
+ * @publishedAll
+ * @deprecated
+ */
+enum TKeyUsageVals
+ {
+ EDigitalSignature = 0x80000000,
+ ENonRepudiation = 0x40000000,
+ EKeyEncipherment = 0x20000000,
+ EDataEncipherment = 0x10000000,
+ EKeyAgreement = 0x08000000,
+ EKeyCertSign = 0x04000000,
+ ECRLSign = 0x02000000,
+ EEncipherOnly = 0x01000000,
+ EDecipherOnly = 0x00800000,
+ EAllKeyUsages = -1
+ };
+
+// End of deprecated keystore API //////////////////////////////////////////////
+
+/**
+ * What a key can be used for - PKCS#15 scheme.
+ *
+ * @publishedAll
+ * @released
+ */
+enum TKeyUsagePKCS15
+ {
+ EPKCS15UsageEncrypt = 0x001,
+ EPKCS15UsageDecrypt = 0x002,
+ EPKCS15UsageSign = 0x004,
+ EPKCS15UsageSignRecover = 0x008,
+ EPKCS15UsageWrap = 0x010,
+ EPKCS15UsageUnwrap = 0x020,
+ EPKCS15UsageVerify = 0x040,
+ EPKCS15UsageVerifyRecover = 0x080,
+ EPKCS15UsageDerive = 0x100,
+ EPKCS15UsageNonRepudiation = 0x200,
+ // Common combinations
+ EPKCS15UsageEncryptWrap = 0x011,
+ EPKCS15UsageVerifyVerifyRecover = 0x0C0,
+ EPKCS15UsageDecryptUnwrap = 0x022,
+ EPKCS15UsageSignSignRecover = 0x00C,
+ EPKCS15UsageVerifyEncrypt = 0x0D1,
+ EPKCS15UsageSignDecrypt = 0x02E,
+ // For use in filters to return all keys
+ EPKCS15UsageAll = 0xffffffff,
+ EPKCS15UsageNone = 0x00000000
+ };
+
+inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
+inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
+inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
+inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
+
+/**
+ * What a key can be used for - X.509 scheme.
+ *
+ * @publishedAll
+ * @released
+ */
+enum TKeyUsageX509
+ {
+ EX509UsageDigitalSignature = 0x80000000,
+ EX509UsageNonRepudiation = 0x40000000,
+ EX509UsageKeyEncipherment = 0x20000000,
+ EX509UsageDataEncipherment = 0x10000000,
+ EX509UsageKeyAgreement = 0x08000000,
+ EX509UsageKeyCertSign = 0x04000000,
+ EX509UsageCRLSign = 0x02000000,
+ EX509UsageEncipherOnly = 0x01000000,
+ EX509UsageDecipherOnly = 0x00800000,
+ // Values for commonly permitted combinations
+ EX509UsageAnySign = 0x86000000,
+ EX509UsageAllEncipher = 0x30000000,
+ EX509UsageAllSignEncipher = 0xB6000000,
+ /// For use in filters to return all keys
+ EX509UsageAll = 0xffffffff,
+ EX509UsageNone = 0x00000000
+ };
+
+inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
+inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
+inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
+inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
+
+/**
+ *
+ *
+ * @param aUsage
+ * @return
+ */
+IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);
+
+/**
+ *
+ *
+ * @param aUsage
+ * @return
+ */
+IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);
+
+/**
+ *
+ *
+ * @param aUsage
+ * @return
+ */
+IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);
+
+/**
+ * Supported types of certificate format. Note these must be only 1 byte long as
+ * the file cert store only seralises them as 1 byte.
+ *
+ * @publishedAll
+ * @released
+ */
+enum TCertificateFormat
+ {
+ EX509Certificate = 0x00,
+ EWTLSCertificate = 0x01,
+ EX968Certificate = 0x02,
+ EUnknownCertificate = 0x0f,
+ EX509CertificateUrl = 0x10,
+ EWTLSCertificateUrl = 0x11,
+ EX968CertificateUrl = 0x12
+ };
+
+/**
+ * The owner of a certificate.
+ *
+ * @publishedAll
+ * @released
+ */
+enum TCertificateOwnerType
+ {
+ ECACertificate,
+ EUserCertificate,
+ EPeerCertificate
+ };
+
+/** The length of a SHA-1 hash
+ *
+ * @publishedAll
+ * @released
+ */
+const TInt KSHA1HashLengthBytes = 20;
+
+/**
+ * A SHA-1 hash.
+ *
+ * @publishedAll
+ * @released
+ */
+typedef TBuf8<KSHA1HashLengthBytes> TSHA1Hash;
+
+//const TInt KMD5HashLengthBytes = 16;
+//typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;
+
+/**
+ * A SHA-1 hash is also used as a key identifier.
+ *
+ * @publishedAll
+ * @released
+ */
+typedef TSHA1Hash TKeyIdentifier;
+
+/**
+ * Errors that can occur when validating a certificate chain.
+ *
+ * Except EValidatedOK, all these are fatal errors unless specified.
+ *
+ * @publishedAll
+ * @released
+ */
+enum TValidationError
+ {
+ /** Validation OK */
+ EValidatedOK,
+ /** Certificate chain has no root */
+ EChainHasNoRoot,
+ /** Invalid signature */
+ ESignatureInvalid,
+ /** Date out of range */
+ EDateOutOfRange,
+ /** Name is excluded */
+ ENameIsExcluded,
+ /** Name is not permitted */
+ ENameNotPermitted, //subtle difference here!
+ /** Not a CA certificate */
+ ENotCACert,
+ /** Certificate revoked */
+ ECertificateRevoked,
+ /** Unrecognized critical extension */
+ EUnrecognizedCriticalExtension,
+ /** No basic constraint in CA certificate */
+ ENoBasicConstraintInCACert,
+ /** No acceptable policy */
+ ENoAcceptablePolicy,
+ /** Path too long */
+ EPathTooLong,
+ /** Negative path length specified */
+ ENegativePathLengthSpecified,
+ /** Names do not chain */
+ ENamesDontChain,
+ /** Required policy not found */
+ ERequiredPolicyNotFound,
+ /** Bad key usage */
+ EBadKeyUsage,
+ /**
+ * Root certificate not self-signed.
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ERootCertNotSelfSigned,
+ /**
+ * Critical extended key usage
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalExtendedKeyUsage,
+ /**
+ * Critical certificate policies with qualifiers
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalCertPoliciesWithQualifiers,
+ /**
+ * Critical policy mapping
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalPolicyMapping,
+ /**
+ * Critical Device Id
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalDeviceId,
+ /**
+ * Critical Sid
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalSid,
+ /**
+ * Critical Vid
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalVid,
+ /**
+ * Critical Capabilities
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalCapabilities
+ };
+
+// Certificate Applicability UIDs
+
+/**
+ * This UID is associated with certificates which are trusted for
+ * software installation of native applications.
+ *
+ * @see MCertStore::Applications
+ * @see MCTWritableCertStore::SetApplicability
+ *
+ * @publishedPartner
+ * @released
+ */
+const TUid KSwiApplicabilityUid = {0x100042AB};
+
+/**
+ * This UID is associated with certificates which are trusted for
+ * OCSP checks.
+ *
+ * @see MCertStore::Applications
+ * @see MCTWritableCertStore::SetApplicability
+ *
+ * @publishedPartner
+ * @released
+ */
+const TUid KSwiOcspApplicabilityUid = {0x1000A8B6};
+
+/**
+ * This UID is associated with certificates which are trusted for
+ * Java midlet installation.
+ *
+ * @see MCertStore::Applications
+ * @see MCTWritableCertStore::SetApplicability
+ *
+ * @publishedPartner
+ * @released
+ */
+const TUid KMidletInstallApplicabilityUid = {0x101F9B28};
+
+/**
+ * This UID is associated with certificates which are trusted for
+ * SSL/TLS connectivity.
+ *
+ * @see MCertStore::Applications
+ * @see MCTWritableCertStore::SetApplicability
+ *
+ * @publishedPartner
+ * @released
+ */
+const TUid KTlsApplicabilityUid = {0x1000183D};
+
+/**
+ * This OID is associated with X.509 certificates
+ * trusted for TLS WWW server authentication.
+ *
+ * @publishedPartner
+ * @released
+ */
+_LIT(KServerAuthOID,"1.3.6.1.5.5.7.3.1");
+
+/**
+ * This OID is associated with X.509 certificates
+ * trusted for TLS WWW client authentication.
+ *
+ * @publishedPartner
+ * @released
+ */
+ // SSL Client
+ _LIT(KClientAuthOID,"1.3.6.1.5.5.7.3.2");
+
+/**
+ * This OID is associated with X.509 certificates
+ * trusted for signing of downloadable executable code.
+ *
+ * @publishedPartner
+ * @released
+ */
+_LIT(KCodeSigningOID,"1.3.6.1.5.5.7.3.3");
+
+/**
+ * This OID is associated with X.509 certificates
+ * trusted for email protection .
+ *
+ * @publishedPartner
+ * @released
+ */
+_LIT(KEmailProtectionOID,"1.3.6.1.5.5.7.3.4");
+
+/**
+ * This OID is associated with X.509 certificates
+ * trusted for Ipsec end system.
+ *
+ * @publishedPartner
+ * @released
+ */
+_LIT(KIpsecEndSystemOID,"1.3.6.1.5.5.7.3.5");
+
+/**
+ * This OID is associated with X.509 certificates
+ * trusted for Ipsec tunnel.
+ *
+ * @publishedPartner
+ * @released
+ */
+_LIT(KIpsecTunnelOID,"1.3.6.1.5.5.7.3.6");
+
+/**
+ * This OID is associated with X.509 certificates
+ * trusted for Ipsec user.
+ *
+ * @publishedPartner
+ * @released
+ */
+_LIT(KIpsecUserOID, "1.3.6.1.5.5.7.3.7");
+
+/**
+ * This OID is associated with X.509 certificates
+ * trusted for binding the hash of an object to a time.
+ *
+ * @publishedPartner
+ * @released
+ */
+_LIT(KTimeStampingOID,"1.3.6.1.5.5.7.3.8");
+
+/**
+ * This OID is associated with X.509 certificates
+ * trusted for signing OCSP responses.
+ *
+ * @publishedPartner
+ * @released
+ */
+_LIT(KOCSPSigningOID,"1.3.6.1.5.5.7.3.9");
+
+
+
+#include "securitydefs.inl"
+
+#endif