--- a/cryptomgmtlibs/cryptotokenfw/inc/securitydefs.h Tue Jul 21 01:04:32 2009 +0100
+++ b/cryptomgmtlibs/cryptotokenfw/inc/securitydefs.h Thu Sep 10 14:01:51 2009 +0300
@@ -1,447 +1,299 @@
-/*
-* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
-* All rights reserved.
-* This component and the accompanying materials are made available
-* under the terms of the License "Eclipse Public License v1.0"
-* which accompanies this distribution, and is available
-* at the URL "http://www.eclipse.org/legal/epl-v10.html".
-*
-* Initial Contributors:
-* Nokia Corporation - initial contribution.
-*
-* Contributors:
-*
-* Description:
-* General Security Definitions
-*
-*/
-
-
-
-
-/**
- @file
- @internalAll
-*/
-
-#ifndef __SECURITYDEFS_H__
-#define __SECURITYDEFS_H__
-
-#include <e32std.h>
-#include <e32base.h>
-
-/** General Security Definitions */
-
-// Old keystore interface, deprecated //////////////////////////////////////////
-
-/**
- * What a key can be used for.
- * The values this can take are defined in TKeyUsageVals.
- *
- * @publishedAll
- * @deprecated
- */
-typedef TInt TKeyUsage;
-
-/**
- * What a key can be used for.
- *
- * These values can be ORed together if a key has several usages. EAllKeyUsages
- * is used when searching for all keys, rather than ones with a particular
- * usage. As these can be combined, TKeyUsage is used to store them.
- *
- * @publishedAll
- * @deprecated
- */
-enum TKeyUsageVals
- {
- EDigitalSignature = 0x80000000,
- ENonRepudiation = 0x40000000,
- EKeyEncipherment = 0x20000000,
- EDataEncipherment = 0x10000000,
- EKeyAgreement = 0x08000000,
- EKeyCertSign = 0x04000000,
- ECRLSign = 0x02000000,
- EEncipherOnly = 0x01000000,
- EDecipherOnly = 0x00800000,
- EAllKeyUsages = -1
- };
-
-// End of deprecated keystore API //////////////////////////////////////////////
-
-/**
- * What a key can be used for - PKCS#15 scheme.
- *
- * @publishedAll
- * @released
- */
-enum TKeyUsagePKCS15
- {
- EPKCS15UsageEncrypt = 0x001,
- EPKCS15UsageDecrypt = 0x002,
- EPKCS15UsageSign = 0x004,
- EPKCS15UsageSignRecover = 0x008,
- EPKCS15UsageWrap = 0x010,
- EPKCS15UsageUnwrap = 0x020,
- EPKCS15UsageVerify = 0x040,
- EPKCS15UsageVerifyRecover = 0x080,
- EPKCS15UsageDerive = 0x100,
- EPKCS15UsageNonRepudiation = 0x200,
- // Common combinations
- EPKCS15UsageEncryptWrap = 0x011,
- EPKCS15UsageVerifyVerifyRecover = 0x0C0,
- EPKCS15UsageDecryptUnwrap = 0x022,
- EPKCS15UsageSignSignRecover = 0x00C,
- EPKCS15UsageVerifyEncrypt = 0x0D1,
- EPKCS15UsageSignDecrypt = 0x02E,
- // For use in filters to return all keys
- EPKCS15UsageAll = 0xffffffff,
- EPKCS15UsageNone = 0x00000000
- };
-
-inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
-inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
-inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
-inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
-
-/**
- * What a key can be used for - X.509 scheme.
- *
- * @publishedAll
- * @released
- */
-enum TKeyUsageX509
- {
- EX509UsageDigitalSignature = 0x80000000,
- EX509UsageNonRepudiation = 0x40000000,
- EX509UsageKeyEncipherment = 0x20000000,
- EX509UsageDataEncipherment = 0x10000000,
- EX509UsageKeyAgreement = 0x08000000,
- EX509UsageKeyCertSign = 0x04000000,
- EX509UsageCRLSign = 0x02000000,
- EX509UsageEncipherOnly = 0x01000000,
- EX509UsageDecipherOnly = 0x00800000,
- // Values for commonly permitted combinations
- EX509UsageAnySign = 0x86000000,
- EX509UsageAllEncipher = 0x30000000,
- EX509UsageAllSignEncipher = 0xB6000000,
- /// For use in filters to return all keys
- EX509UsageAll = 0xffffffff,
- EX509UsageNone = 0x00000000
- };
-
-inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
-inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
-inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
-inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
-
-/**
- *
- *
- * @param aUsage
- * @return
- */
-IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);
-
-/**
- *
- *
- * @param aUsage
- * @return
- */
-IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);
-
-/**
- *
- *
- * @param aUsage
- * @return
- */
-IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);
-
-/**
- * Supported types of certificate format. Note these must be only 1 byte long as
- * the file cert store only seralises them as 1 byte.
- *
- * @publishedAll
- * @released
- */
-enum TCertificateFormat
- {
- EX509Certificate = 0x00,
- EWTLSCertificate = 0x01,
- EX968Certificate = 0x02,
- EUnknownCertificate = 0x0f,
- EX509CertificateUrl = 0x10,
- EWTLSCertificateUrl = 0x11,
- EX968CertificateUrl = 0x12
- };
-
-/**
- * The owner of a certificate.
- *
- * @publishedAll
- * @released
- */
-enum TCertificateOwnerType
- {
- ECACertificate,
- EUserCertificate,
- EPeerCertificate
- };
-
-/** The length of a SHA-1 hash
- *
- * @publishedAll
- * @released
- */
-const TInt KSHA1HashLengthBytes = 20;
-
-/**
- * A SHA-1 hash.
- *
- * @publishedAll
- * @released
- */
-typedef TBuf8<KSHA1HashLengthBytes> TSHA1Hash;
-
-//const TInt KMD5HashLengthBytes = 16;
-//typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;
-
-/**
- * A SHA-1 hash is also used as a key identifier.
- *
- * @publishedAll
- * @released
- */
-typedef TSHA1Hash TKeyIdentifier;
-
-/**
- * Errors that can occur when validating a certificate chain.
- *
- * Except EValidatedOK, all these are fatal errors unless specified.
- *
- * @publishedAll
- * @released
- */
-enum TValidationError
- {
- /** Validation OK */
- EValidatedOK,
- /** Certificate chain has no root */
- EChainHasNoRoot,
- /** Invalid signature */
- ESignatureInvalid,
- /** Date out of range */
- EDateOutOfRange,
- /** Name is excluded */
- ENameIsExcluded,
- /** Name is not permitted */
- ENameNotPermitted, //subtle difference here!
- /** Not a CA certificate */
- ENotCACert,
- /** Certificate revoked */
- ECertificateRevoked,
- /** Unrecognized critical extension */
- EUnrecognizedCriticalExtension,
- /** No basic constraint in CA certificate */
- ENoBasicConstraintInCACert,
- /** No acceptable policy */
- ENoAcceptablePolicy,
- /** Path too long */
- EPathTooLong,
- /** Negative path length specified */
- ENegativePathLengthSpecified,
- /** Names do not chain */
- ENamesDontChain,
- /** Required policy not found */
- ERequiredPolicyNotFound,
- /** Bad key usage */
- EBadKeyUsage,
- /**
- * Root certificate not self-signed.
- *
- * We cannot tell if this is fatal or not, as we lack the context.
- */
- ERootCertNotSelfSigned,
- /**
- * Critical extended key usage
- *
- * We cannot tell if this is fatal or not, as we lack the context.
- */
- ECriticalExtendedKeyUsage,
- /**
- * Critical certificate policies with qualifiers
- *
- * We cannot tell if this is fatal or not, as we lack the context.
- */
- ECriticalCertPoliciesWithQualifiers,
- /**
- * Critical policy mapping
- *
- * We cannot tell if this is fatal or not, as we lack the context.
- */
- ECriticalPolicyMapping,
- /**
- * Critical Device Id
- *
- * We cannot tell if this is fatal or not, as we lack the context.
- */
- ECriticalDeviceId,
- /**
- * Critical Sid
- *
- * We cannot tell if this is fatal or not, as we lack the context.
- */
- ECriticalSid,
- /**
- * Critical Vid
- *
- * We cannot tell if this is fatal or not, as we lack the context.
- */
- ECriticalVid,
- /**
- * Critical Capabilities
- *
- * We cannot tell if this is fatal or not, as we lack the context.
- */
- ECriticalCapabilities
- };
-
-// Certificate Applicability UIDs
-
-/**
- * This UID is associated with certificates which are trusted for
- * software installation of native applications.
- *
- * @see MCertStore::Applications
- * @see MCTWritableCertStore::SetApplicability
- *
- * @publishedPartner
- * @released
- */
-const TUid KSwiApplicabilityUid = {0x100042AB};
-
-/**
- * This UID is associated with certificates which are trusted for
- * OCSP checks.
- *
- * @see MCertStore::Applications
- * @see MCTWritableCertStore::SetApplicability
- *
- * @publishedPartner
- * @released
- */
-const TUid KSwiOcspApplicabilityUid = {0x1000A8B6};
-
-/**
- * This UID is associated with certificates which are trusted for
- * Java midlet installation.
- *
- * @see MCertStore::Applications
- * @see MCTWritableCertStore::SetApplicability
- *
- * @publishedPartner
- * @released
- */
-const TUid KMidletInstallApplicabilityUid = {0x101F9B28};
-
-/**
- * This UID is associated with certificates which are trusted for
- * SSL/TLS connectivity.
- *
- * @see MCertStore::Applications
- * @see MCTWritableCertStore::SetApplicability
- *
- * @publishedPartner
- * @released
- */
-const TUid KTlsApplicabilityUid = {0x1000183D};
-
-/**
- * This OID is associated with X.509 certificates
- * trusted for TLS WWW server authentication.
- *
- * @publishedPartner
- * @released
- */
-_LIT(KServerAuthOID,"1.3.6.1.5.5.7.3.1");
-
-/**
- * This OID is associated with X.509 certificates
- * trusted for TLS WWW client authentication.
- *
- * @publishedPartner
- * @released
- */
- // SSL Client
- _LIT(KClientAuthOID,"1.3.6.1.5.5.7.3.2");
-
-/**
- * This OID is associated with X.509 certificates
- * trusted for signing of downloadable executable code.
- *
- * @publishedPartner
- * @released
- */
-_LIT(KCodeSigningOID,"1.3.6.1.5.5.7.3.3");
-
-/**
- * This OID is associated with X.509 certificates
- * trusted for email protection .
- *
- * @publishedPartner
- * @released
- */
-_LIT(KEmailProtectionOID,"1.3.6.1.5.5.7.3.4");
-
-/**
- * This OID is associated with X.509 certificates
- * trusted for Ipsec end system.
- *
- * @publishedPartner
- * @released
- */
-_LIT(KIpsecEndSystemOID,"1.3.6.1.5.5.7.3.5");
-
-/**
- * This OID is associated with X.509 certificates
- * trusted for Ipsec tunnel.
- *
- * @publishedPartner
- * @released
- */
-_LIT(KIpsecTunnelOID,"1.3.6.1.5.5.7.3.6");
-
-/**
- * This OID is associated with X.509 certificates
- * trusted for Ipsec user.
- *
- * @publishedPartner
- * @released
- */
-_LIT(KIpsecUserOID, "1.3.6.1.5.5.7.3.7");
-
-/**
- * This OID is associated with X.509 certificates
- * trusted for binding the hash of an object to a time.
- *
- * @publishedPartner
- * @released
- */
-_LIT(KTimeStampingOID,"1.3.6.1.5.5.7.3.8");
-
-/**
- * This OID is associated with X.509 certificates
- * trusted for signing OCSP responses.
- *
- * @publishedPartner
- * @released
- */
-_LIT(KOCSPSigningOID,"1.3.6.1.5.5.7.3.9");
-
-
-
-#include "securitydefs.inl"
-
-#endif
+/*
+* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+* General Security Definitions
+*
+*/
+
+
+/**
+ @file
+ @publishedAll
+ @released
+*/
+
+#ifndef __SECURITYDEFS_H__
+#define __SECURITYDEFS_H__
+
+#include <e32std.h>
+#include <e32base.h>
+
+#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS
+#include <securitydefsconst.h>
+#endif
+
+/** General Security Definitions */
+
+// Old keystore interface, deprecated //////////////////////////////////////////
+
+/**
+ * What a key can be used for.
+ * The values this can take are defined in TKeyUsageVals.
+ *
+ * @deprecated
+ */
+typedef TInt TKeyUsage;
+
+/**
+ * What a key can be used for.
+ *
+ * These values can be ORed together if a key has several usages. EAllKeyUsages
+ * is used when searching for all keys, rather than ones with a particular
+ * usage. As these can be combined, TKeyUsage is used to store them.
+ *
+ * @deprecated
+ */
+enum TKeyUsageVals
+ {
+ EDigitalSignature = 0x80000000,
+ ENonRepudiation = 0x40000000,
+ EKeyEncipherment = 0x20000000,
+ EDataEncipherment = 0x10000000,
+ EKeyAgreement = 0x08000000,
+ EKeyCertSign = 0x04000000,
+ ECRLSign = 0x02000000,
+ EEncipherOnly = 0x01000000,
+ EDecipherOnly = 0x00800000,
+ EAllKeyUsages = -1
+ };
+
+// End of deprecated keystore API //////////////////////////////////////////////
+
+/**
+ * What a key can be used for - PKCS#15 scheme.
+ *
+ */
+enum TKeyUsagePKCS15
+ {
+ EPKCS15UsageEncrypt = 0x001,
+ EPKCS15UsageDecrypt = 0x002,
+ EPKCS15UsageSign = 0x004,
+ EPKCS15UsageSignRecover = 0x008,
+ EPKCS15UsageWrap = 0x010,
+ EPKCS15UsageUnwrap = 0x020,
+ EPKCS15UsageVerify = 0x040,
+ EPKCS15UsageVerifyRecover = 0x080,
+ EPKCS15UsageDerive = 0x100,
+ EPKCS15UsageNonRepudiation = 0x200,
+ // Common combinations
+ EPKCS15UsageEncryptWrap = 0x011,
+ EPKCS15UsageVerifyVerifyRecover = 0x0C0,
+ EPKCS15UsageDecryptUnwrap = 0x022,
+ EPKCS15UsageSignSignRecover = 0x00C,
+ EPKCS15UsageVerifyEncrypt = 0x0D1,
+ EPKCS15UsageSignDecrypt = 0x02E,
+ // For use in filters to return all keys
+ EPKCS15UsageAll = 0xffffffff,
+ EPKCS15UsageNone = 0x00000000
+ };
+
+inline TKeyUsagePKCS15 operator|(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
+inline TKeyUsagePKCS15 operator&(TKeyUsagePKCS15 aLeft, TKeyUsagePKCS15 aRight);
+inline const TKeyUsagePKCS15& operator|=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
+inline const TKeyUsagePKCS15& operator&=(TKeyUsagePKCS15& aLeft, TKeyUsagePKCS15 aRight);
+
+/**
+ * What a key can be used for - X.509 scheme.
+ *
+ */
+enum TKeyUsageX509
+ {
+ EX509UsageDigitalSignature = 0x80000000,
+ EX509UsageNonRepudiation = 0x40000000,
+ EX509UsageKeyEncipherment = 0x20000000,
+ EX509UsageDataEncipherment = 0x10000000,
+ EX509UsageKeyAgreement = 0x08000000,
+ EX509UsageKeyCertSign = 0x04000000,
+ EX509UsageCRLSign = 0x02000000,
+ EX509UsageEncipherOnly = 0x01000000,
+ EX509UsageDecipherOnly = 0x00800000,
+ // Values for commonly permitted combinations
+ EX509UsageAnySign = 0x86000000,
+ EX509UsageAllEncipher = 0x30000000,
+ EX509UsageAllSignEncipher = 0xB6000000,
+ /// For use in filters to return all keys
+ EX509UsageAll = 0xffffffff,
+ EX509UsageNone = 0x00000000
+ };
+
+inline TKeyUsageX509 operator|(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
+inline TKeyUsageX509 operator&(TKeyUsageX509 aLeft, TKeyUsageX509 aRight);
+inline const TKeyUsageX509& operator|=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
+inline const TKeyUsageX509& operator&=(TKeyUsageX509& aLeft, TKeyUsageX509 aRight);
+
+/**
+ *
+ *
+ * @param aUsage
+ * @return
+ */
+IMPORT_C TKeyUsageX509 KeyUsagePKCS15ToX509(TKeyUsagePKCS15 aUsage);
+
+/**
+ *
+ *
+ * @param aUsage
+ * @return
+ */
+IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Private(TKeyUsageX509 aUsage);
+
+/**
+ *
+ *
+ * @param aUsage
+ * @return
+ */
+IMPORT_C TKeyUsagePKCS15 KeyUsageX509ToPKCS15Public(TKeyUsageX509 aUsage);
+
+/**
+ * Supported types of certificate format. Note these must be only 1 byte long as
+ * the file cert store only seralises them as 1 byte.
+ *
+ */
+enum TCertificateFormat
+ {
+ EX509Certificate = 0x00,
+ EWTLSCertificate = 0x01,
+ EX968Certificate = 0x02,
+ EUnknownCertificate = 0x0f,
+ EX509CertificateUrl = 0x10,
+ EWTLSCertificateUrl = 0x11,
+ EX968CertificateUrl = 0x12
+ };
+
+/**
+ * The owner of a certificate.
+ *
+ */
+enum TCertificateOwnerType
+ {
+ ECACertificate,
+ EUserCertificate,
+ EPeerCertificate
+ };
+
+/** The length of a SHA-1 hash
+ *
+ */
+const TInt KSHA1HashLengthBytes = 20;
+
+/**
+ * A SHA-1 hash.
+ *
+ */
+typedef TBuf8<KSHA1HashLengthBytes> TSHA1Hash;
+
+//const TInt KMD5HashLengthBytes = 16;
+//typedef TMD5Hash TBufC8<KMD5HashLengthBytes>;
+
+/**
+ * A SHA-1 hash is also used as a key identifier.
+ *
+ */
+typedef TSHA1Hash TKeyIdentifier;
+
+/**
+ * Errors that can occur when validating a certificate chain.
+ *
+ * Except EValidatedOK, all these are fatal errors unless specified.
+ *
+ */
+enum TValidationError
+ {
+ /** Validation OK */
+ EValidatedOK,
+ /** Certificate chain has no root */
+ EChainHasNoRoot,
+ /** Invalid signature */
+ ESignatureInvalid,
+ /** Date out of range */
+ EDateOutOfRange,
+ /** Name is excluded */
+ ENameIsExcluded,
+ /** Name is not permitted */
+ ENameNotPermitted, //subtle difference here!
+ /** Not a CA certificate */
+ ENotCACert,
+ /** Certificate revoked */
+ ECertificateRevoked,
+ /** Unrecognized critical extension */
+ EUnrecognizedCriticalExtension,
+ /** No basic constraint in CA certificate */
+ ENoBasicConstraintInCACert,
+ /** No acceptable policy */
+ ENoAcceptablePolicy,
+ /** Path too long */
+ EPathTooLong,
+ /** Negative path length specified */
+ ENegativePathLengthSpecified,
+ /** Names do not chain */
+ ENamesDontChain,
+ /** Required policy not found */
+ ERequiredPolicyNotFound,
+ /** Bad key usage */
+ EBadKeyUsage,
+ /**
+ * Root certificate not self-signed.
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ERootCertNotSelfSigned,
+ /**
+ * Critical extended key usage
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalExtendedKeyUsage,
+ /**
+ * Critical certificate policies with qualifiers
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalCertPoliciesWithQualifiers,
+ /**
+ * Critical policy mapping
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalPolicyMapping,
+ /**
+ * Critical Device Id
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalDeviceId,
+ /**
+ * Critical Sid
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalSid,
+ /**
+ * Critical Vid
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalVid,
+ /**
+ * Critical Capabilities
+ *
+ * We cannot tell if this is fatal or not, as we lack the context.
+ */
+ ECriticalCapabilities
+ };
+
+
+#include "securitydefs.inl"
+
+#endif