Certificate Components for C
|
| RSA BSAFE Cert-C |
Certificate Components for C |
| Crypto-C 6.2.1 Developer's Guide | ||
| Search |
00001 /* $Id: certext.h,v 1.20 2005/03/08 01:40:13 jmckee Exp $ */ 00002 /* 00003 * Copyright (c) RSA Security Inc., 1999-2003. All rights reserved. 00004 * This work contains proprietary, confidential, and trade secret 00005 * information of RSA Security Inc. Use, disclosure or reproduction 00006 * without the express written authorization of RSA Security Inc. is 00007 * prohibited. 00008 */ 00009 00016 #ifndef HEADER_BSAFE_CERTC_CERTEXT 00017 #define HEADER_BSAFE_CERTC_CERTEXT 1 00018 00019 #include "basetype.h" 00020 #include "certlist.h" 00021 #include "certattr.h" 00022 #include "certname.h" 00023 00024 #ifdef __cplusplus 00025 extern "C" { 00026 #endif 00027 00047 typedef struct TYPED_STRING { 00048 00073 unsigned int type; 00074 00079 ITEM value; 00080 } TYPED_STRING; 00081 00082 00083 /* Extension type handler call-backs */ 00084 00085 /* 00086 * Contains pointers to callback functions for a particular extension type. 00087 * Cert-C provides a default extension handler for each Cert-C-defined 00088 * extension type. However, when overriding a default extension handler or when 00089 * defining a new extension type, it is necessary to provide the callback 00090 * functions. The following table lists the four callback functions to provide 00091 * for each extension type, and the Cert-C functions that call each callback 00092 * function:<br> 00093 * 00094 * <table> 00095 * <tr><td><b>Callback Function</b></td> 00096 * <td><b>Functions that Call the Callback</b></td></tr> 00097 * <tr><td><code>AllocAndCopy</code></td> 00098 * <td>C_AddExtensionValue()</td></tr> 00099 * <tr><td><code>Destructor</code></td> 00100 * <td>C_DeleteExtensionValue()</td></tr> 00101 * <tr><td><code>GetEncodedValue</code></td> 00102 * <td>C_GetEncodedExtensionValue()</td></tr> 00103 * <tr><td><code>SetEncodedValue</code></td> 00104 * <td>C_SetEncodedExtensionValue() 00105 * <br>C_SetExtensionsObjectBER() 00106 * <br>C_SetExtensionBER()</td></tr> 00107 * </table><br> 00108 * 00109 * This structure is used in <code>EXTENSION_TYPE_INFO</code>, and as: 00110 * <ul><li>An input to C_RegisterExtensionType(). 00111 * Use to:<ul> 00112 * <li>Specify a customized extension handler for a Cert-C-defined extension 00113 * type 00114 * <li>Specify an application-defined extension type</ul> 00115 * 00116 * When overriding the default handler or registering a new extension 00117 * type, provide all the callback functions listed in this structure. 00118 * Otherwise, Cert-C returns an error when calling C_RegisterExtensionType().<br> 00119 * <li>An output from C_GetExtensionTypeInfo(). Use to 00120 * obtain the default or registered extension handler for a particular 00121 * extension type. 00122 * <li>An input to C_CreateExtension(). Use to override 00123 * the default or registered extension handler for a particular extension 00124 * type.</ul> 00125 * To override only one callback in a handler, use C_GetExtensionTypeInfo() 00126 * to obtain a copy of the default handler. Overwrite the target callback and 00127 * call C_RegisterExtensionType() to override the default handler. 00128 */ 00129 typedef struct EXTENSION_HANDLER { 00130 /* Allocate and add new value to the value list */ 00131 00132 /* 00133 * Allocates memory for <tt>newValue</tt> and copies the information given in 00134 * <tt>value</tt> to <tt>newValue</tt>. If successful, it returns 00135 * <code>0</code> (zero). If it fails to allocate memory, it returns the 00136 * <code>E_ALLOC</code> error. If the data in <tt>value</tt> is not valid, it 00137 * does not allocate memory and returns the <code>E_DATA</code> error. This 00138 * function is called by C_AddExtensionValue() to add an extension value into 00139 * an existing extension entry. 00140 * <ul> 00141 * <li><tt>newValue</tt> - An output field that contains the new 00142 * copy of <em>value</em> that is returned by the <tt>AllocAndCopy</tt> 00143 * function.</li> 00144 * <li><tt>value</tt> - An input field that contains extension information to 00145 * be duplicated by the <tt>AllocAndCopy</tt> function.</li> 00146 * </ul> 00147 */ 00148 int (*AllocAndCopy) ( 00149 POINTER *newValue, /* (out) new copy of value */ 00150 POINTER value); /* value to be copied */ 00151 00152 /* 00153 * De-allocates the value that was allocated by <tt>AllocAndCopy</tt>, freeing 00154 * all associated memory. If the value is <code>(POINTER)NULL_PTR</code>, then 00155 * <tt>Destructor</tt> performs no operation. The <tt>Destructor</tt> function 00156 * is called by C_DeleteExtensionValue() to delete an extension value from an 00157 * extension entry. 00158 */ 00159 VALUE_DESTRUCTOR Destructor; 00160 00161 /* 00162 * Called by C_GetEncodedExtensionValue() to encode the extension entry's value 00163 * list. <tt>GetEncodedValue</tt> calls C_GetListObjectCount() and 00164 * C_GetListObjectEntry() to extract the extension value(s) to encode from the 00165 * <tt>valueList</tt>. <tt>GetEncodedValue</tt> allocates a block of memory to 00166 * store the encoded value and saves a pointer to this block in <tt>der</tt> 00167 * and its length in <tt>derLen</tt>. <tt>GetEncodedValue</tt> encodes all the 00168 * value(s) in the <tt>valueList</tt>. If <tt>GetEncodedValue</tt> is 00169 * successful, it returns <code>0</code> (zero). If it fails, it returns a 00170 * non-zero value.<br> 00171 * 00172 * C_GetEncodedExtensionValue() saves the <tt>der</tt> value in the extension 00173 * entry. The <tt>der</tt> value is destroyed when you modify or destroy the 00174 * extension entry that owns the <tt>valueList</tt>. 00175 * <ul> 00176 * <li><tt>valueList</tt> - An input field containing the list of extension 00177 * values that are to be encoded by the <tt>GetEncodedValue</tt> function.</li> 00178 * <li><tt>der</tt> - An output field that the tt>GetEncodedValue</tt> function 00179 * uses to store the encoded extension values.</li> 00180 * <li><tt>derLen</tt> - An output field that contains the length of the 00181 * encoded extension values.</li> 00182 * </ul> 00183 */ 00184 int (*GetEncodedValue) ( 00185 LIST_OBJ valueList, /* values to be encoded */ 00186 unsigned char **der, /* (out) encoded values */ 00187 unsigned int *derLen); /* (out) length of encoded values */ 00188 00189 /* 00190 * Decodes the extension value given in <tt>ber</tt> and <tt>berLen</tt> into a 00191 * C data structure representation of the value(s). The Cert-C function passes 00192 * a <tt>listEntryHandler</tt> to <tt>SetEncodedValue</tt>. The list handler 00193 * includes its own <tt>AllocAndCopy</tt> and <tt>Destructor</tt> callbacks 00194 * that recognize the data structure for the decoded value of this extension 00195 * type. <tt>SetEncodedValue</tt> calls C_AddListObjectEntry() to add the C 00196 * data structure representation of the value(s) to the <tt>valueList</tt>. 00197 * These new value entries can be destroyed by C_DeleteExtensionValue() or 00198 * C_DestroyExtensionsObject(). The Cert-C function that calls this function 00199 * creates <tt>valueList</tt>. It is destroyed when the extension that owns the 00200 * <tt>valueList</tt> is destroyed. This function is called by 00201 * C_SetExtensionsObjectBER(), C_SetExtensionBER(), and 00202 * C_SetEncodedExtensionValue(). 00203 * <ul> 00204 * <li><tt>valueList</tt> - An input field containing the list of extension 00205 * values to be decoded by the <tt>SetEncodedValue</tt> function. The Cert-C 00206 * function that calls this function creates <tt>valueList</tt>; it is 00207 * destroyed when the extension that owns the <tt>valueList</tt> is destroyed. 00208 * </li> 00209 * <li><tt>ber</tt> - An input field used to store the value to decode.</li> 00210 * <li><tt>berLen</tt> - An input field used to store the length of the values 00211 * to decode.</li> 00212 * <li><tt>listEntryHandler</tt> - An input/output field that points to a 00213 * <code>LIST_OBJ_ENTRY_HANDLER</code> structure. The application can use this 00214 * to insert application-defined extension values into the 00215 * <tt>valueList</tt>.</li> 00216 * </ul> 00217 */ 00218 int (*SetEncodedValue) ( 00219 LIST_OBJ valueList, /* decoded value(s) */ 00220 unsigned char *ber, /* value(s) to be decoded */ 00221 unsigned int berLen, /* length of value(s) to be decoded */ 00222 LIST_OBJ_ENTRY_HANDLER 00223 *listEntryHandler); /* list entry handler */ 00224 } EXTENSION_HANDLER; 00225 00226 #define ALLOW_OVERRIDE_CRITICALITY 1 00227 00228 /* Type(s) of extensionsObject to which an extension may belong */ 00229 #define CERT_EXTENSIONS_OBJ 0x01 00230 #define CRL_EXTENSIONS_OBJ 0x02 00231 #define CRL_ENTRY_EXTENSIONS_OBJ 0x04 00232 #define OCSP_REQUEST_EXTENSIONS_OBJ 0x08 00233 #define OCSP_SINGLE_EXTENSIONS_OBJ 0x10 00234 #define _EXTENSIONS_OBJ_TYPE_MASK 0x1f /* the union of all bits above (not 00235 needed for application use) */ 00236 00243 typedef struct EXTENSION_TYPE_INFO { 00244 00248 ITEM type; 00249 00263 unsigned int criticality; 00264 00281 unsigned int overrideCriticality; 00282 00298 unsigned int overrideHandler; 00299 00321 UINT2 authenObjects; 00322 00329 unsigned int uniqueValue; 00330 00339 EXTENSION_HANDLER handler; 00340 } EXTENSION_TYPE_INFO; 00341 00346 typedef struct EXTENSION_INFO { 00347 00352 unsigned char *type; 00353 00358 unsigned int typeLen; 00359 00373 unsigned int criticalFlag; 00374 00385 unsigned int valueCount; 00386 00390 POINTER reserved; 00391 } EXTENSION_INFO; 00392 00393 /* Supported X.509 v3 CRL Extension types */ 00394 extern unsigned char ET_CRL_NUMBER[]; 00395 extern unsigned char ET_DELTA_CRL_INDICATOR[]; 00396 extern unsigned char ET_ISSUING_DISTRIBUTION_POINTS[]; 00397 00398 /* Supported x.509 v3 CRL Entry Extension types */ 00399 extern unsigned char ET_REASON_CODE[]; 00400 extern unsigned char ET_INSTRUCTION_CODE[]; 00401 extern unsigned char ET_INVALID_DATE[]; 00402 extern unsigned char ET_CERT_ISSUER[]; 00403 00404 /* Supported X.509 v3 Certificate Extension types */ 00405 extern unsigned char ET_AUTHORITY_KEY_ID[]; 00406 extern unsigned char ET_CERT_POLICIES[]; 00407 extern unsigned char ET_ISSUER_ALTNAME[]; 00408 extern unsigned char ET_SUBJECT_ALTNAME[]; 00409 extern unsigned char ET_BASIC_CONSTRAINTS[]; 00410 extern unsigned char ET_POLICY_CONSTRAINTS_36[]; 00411 extern unsigned char ET_SUBJECT_DIR_ATTRIB[]; 00412 extern unsigned char ET_SUBJECT_KEY_ID[]; 00413 extern unsigned char ET_KEY_USAGE[]; 00414 extern unsigned char ET_INHIBIT_ANYPOLICY[]; 00415 extern unsigned char ET_POLICY_MAPPINGS[]; 00416 extern unsigned char ET_PRIVATE_KEY_USAGE_PERIOD[]; 00417 extern unsigned char ET_NAME_CONSTRAINTS[]; 00418 extern unsigned char ET_EXTENDED_KEY_USAGE[]; 00419 extern unsigned char ET_CRL_DISTRIBUTION_POINTS[]; 00420 extern unsigned char ET_AUTHORITY_INFO_ACCESS[]; 00421 00422 /* Supported OCSP Request Extension types 00423 * (requestExtensions only) */ 00424 extern unsigned char ET_OCSP_NONCE[]; 00425 extern unsigned char ET_OCSP_RESPONSE[]; 00426 00427 /* OCSP Response Extension types */ 00428 extern unsigned char ET_OCSP_CRL_REFERENCES[]; 00429 extern unsigned char ET_OCSP_ARCHIVE_CUTOFF[]; 00430 extern unsigned char ET_OCSP_NOCHECK[]; 00431 00432 /* Supported X.509 v3 Extension type lengths 00433 */ 00434 #define ET_AUTHORITY_KEY_ID_LEN 3 00435 #define ET_BASIC_CONSTRAINTS_LEN 3 00436 #define ET_CERT_POLICIES_LEN 3 00437 #define ET_CRL_NUMBER_LEN 3 00438 #define ET_DELTA_CRL_INDICATOR_LEN 3 00439 #define ET_INSTRUCTION_CODE_LEN 3 00440 #define ET_INVALID_DATE_LEN 3 00441 #define ET_ISSUER_ALTNAME_LEN 3 00442 #define ET_REASON_CODE_LEN 3 00443 #define ET_SUBJECT_ALTNAME_LEN 3 00444 #define ET_POLICY_CONSTRAINTS_36_LEN 3 00445 #define ET_SUBJECT_DIR_ATTRIB_LEN 3 00446 #define ET_SUBJECT_KEY_ID_LEN 3 00447 #define ET_KEY_USAGE_LEN 3 00448 #define ET_INHIBIT_ANYPOLICY_LEN 3 00449 #define ET_PRIVATE_KEY_USAGE_PERIOD_LEN 3 00450 #define ET_POLICY_MAPPINGS_LEN 3 00451 #define ET_NAME_CONSTRAINTS_LEN 3 00452 #define ET_EXTENDED_KEY_USAGE_LEN 3 00453 #define ET_ISSUING_DISTRIBUTION_POINTS_LEN 3 00454 #define ET_CERT_ISSUER_LEN 3 00455 #define ET_CRL_DISTRIBUTION_POINTS_LEN 3 00456 #define ET_AUTHORITY_INFO_ACCESS_LEN 8 00457 00458 #define ET_OCSP_NONCE_LEN 9 00459 #define ET_OCSP_RESPONSE_LEN 9 00460 #define ET_OCSP_CRL_REFERENCES_LEN 9 00461 #define ET_OCSP_ARCHIVE_CUTOFF_LEN 9 00462 #define ET_OCSP_NOCHECK_LEN 9 00463 00464 /* Default Unknown Extension Type */ 00465 extern unsigned char ET_UNKNOWN_TYPE[]; 00466 00467 /* Default Unknown Extension Type Length */ 00468 #define ET_UNKNOWN_TYPE_LEN 12 00469 00470 00471 /* Extension Criticality flags */ 00472 #define NON_CRITICAL 0 /* extension is not critical */ 00473 #define CRITICAL 1 /* extension is critical */ 00474 00475 #define ALLOW_OVERRIDE_HANDLER 1 /* allow overriding of the extension */ 00476 00536 typedef UINT4 KEY_USAGE; 00537 00538 00539 /* Subject Key Identifier extension value type. 00540 The subjectKeyIdentifier extension is an object identifier. 00541 */ 00542 00573 typedef ITEM SUBJECT_KEY_ID; 00574 00575 00576 /* Subject Directory Attributes extension value type. 00577 The subjectDirectoryAttributes extension is an ATTRIBUTES_OBJ. 00578 */ 00579 00596 typedef ATTRIBUTES_OBJ SUBJECT_DIR_ATTRIB; 00597 00598 00599 /* Supported standard extension value data types */ 00600 00601 /* Certificate Extension value data type */ 00602 00603 /* Alternate name for the certificate and crl extensions */ 00604 #define CN_OTHER_NAME 0 00605 #define CN_RFC822_NAME 1 00606 #define CN_DNS_NAME 2 00607 #define CN_X400_ADDRESS 3 00608 #define CN_DIRECTORY_NAME 4 00609 #define CN_EDI_PARTY_NAME 5 00610 #define CN_RESOURCE_LOCATOR 6 00611 #define CN_IP_ADDRESS 7 00612 #define CN_REGISTERED_ID 8 00613 00614 /* alternateName data structures. Used as extension value for 00615 issuerAlternateName and subjectAlternateName extensions. */ 00616 00623 typedef struct OTHER_NAME { 00624 00629 ITEM typeId; 00630 00635 ITEM value; 00636 } OTHER_NAME; 00637 00645 typedef struct EDI_PARTY_NAME { 00646 00651 TYPED_STRING nameAssigner; 00652 00657 TYPED_STRING partyName; 00658 } EDI_PARTY_NAME; 00659 00660 /* X.400 OR_ADDRESS data structures for use in ALTERNATE_NAME */ 00661 00662 /* Upper bound buffer size limitation */ 00663 #define UB_CommonNameLength 64 00664 #define UB_CountryNameNumericLength 3 00665 #define UB_CountryNameAlphaLength 2 00666 #define UB_DomainNameLength 16 00667 #define UB_x121AddressLength 16 00668 #define UB_TerminalIdLength 24 00669 #define UB_OrganizationNameLength 64 00670 #define UB_NumericUserIdLength 32 00671 #define UB_SurNameLength 40 00672 #define UB_GivenNameLength 16 00673 #define UB_InitialsLength 5 00674 #define UB_GenerationQualifierLength 3 00675 #define UB_OrganizationalUnits 4 00676 #define UB_OrganizationalUnitNameLength 32 00677 #define UB_DefinedAttributes 4 00678 #define UB_DefinedAttributeTypeLength 8 00679 #define UB_DefinedAttributeValueLength 128 00680 #define UB_ExtensionAttributes 256 00681 #define UB_pdsNameLength 16 00682 #define UB_postalCodeLength 16 00683 #define UB_pdsParameterLength 30 00684 #define UB_pdsPhysicalAddressLines 6 00685 #define UB_unformattedAddressLength 180 00686 #define UB_e1634NumberLength 15 00687 #define UB_e1634SubAddressLength 40 00688 00699 typedef struct PERSONAL_NAME { 00700 00707 ITEM surname; 00708 00716 ITEM givenName; 00717 00725 ITEM initials; 00726 00734 ITEM generationQualifier; 00735 } PERSONAL_NAME; 00736 00753 typedef struct ORG_UNIT_NAMES { 00754 00760 unsigned int orgUnitNamesCount; 00761 00768 ITEM *orgUnitName; 00769 } ORG_UNIT_NAMES; 00770 00771 #define SA_COUNTRY_NAME_VALID 0x00000001 00772 #define SA_ADMIN_DOMAIN_NAME_VALID 0x00000002 00773 #define SA_NETWORK_ADDRESS_VALID 0x00000004 00774 #define SA_TERMINAL_ID_VALID 0x00000008 00775 #define SA_PRIVATE_DOMAIN_VALID 0x00000010 00776 #define SA_ORGANIZATION_NAME_VALID 0x00000020 00777 #define SA_NUMERIC_USER_ID_VALID 0x00000040 00778 #define SA_PERSON_NAME_VALID 0x00000080 00779 #define SA_ORG_UNIT_NAMES_VALID 0x00000100 00780 00786 typedef struct STANDARD_ATTRIBUTES { 00787 00824 UINT4 validFields; 00825 00834 TYPED_STRING countryName; 00835 00843 TYPED_STRING administrationDomainName; 00844 00851 ITEM networkAddress; 00852 00859 ITEM terminalId; 00860 00868 TYPED_STRING privateDomainName; 00869 00876 ITEM organizationName; 00877 00884 ITEM numericUserId; 00885 00891 PERSONAL_NAME personalName; 00892 00898 ORG_UNIT_NAMES orgUnitNames; 00899 } STANDARD_ATTRIBUTES; 00900 00909 typedef struct DEFINED_ATTRIBUTE { 00910 00932 ITEM type; 00933 00940 ITEM value; 00941 } DEFINED_ATTRIBUTE; 00942 00953 typedef struct DEFINED_ATTRIBUTES { 00954 00960 unsigned int definedAttributesCount; 00961 00966 DEFINED_ATTRIBUTE *definedAttribute; 00967 } DEFINED_ATTRIBUTES; 00968 00969 /* Extension value structures for ENTENSION_ATTRIBUTE value */ 00970 00981 #define TELETEX_PERSONAL_NAME PERSONAL_NAME 00982 00995 #define TELETEX_DOMAIN_DEFINED_ATTRS DEFINED_ATTRIBUTES 00996 01006 typedef struct PDS_PARAMETER { 01007 01012 ITEM printableString; 01013 01018 ITEM teletexString; 01019 } PDS_PARAMETER; 01020 01031 typedef struct UNFORMATTED_POSTAL_ADDR { 01032 01038 unsigned int printableAddrCount; 01039 01045 ITEM *printableAddr; 01046 01051 ITEM teletexString; 01052 } UNFORMATTED_POSTAL_ADDR; 01053 01054 01055 #define ENA_PRESENTATION 1 01056 #define ENA_E163_4 2 01057 01067 typedef struct E163_4_ADDR { 01068 01074 ITEM number; 01075 01081 ITEM subAddress; 01082 } E163_4_ADDR; 01083 01093 typedef struct PRESENTATION_ADDR { 01094 01095 01100 ITEM pSelector; 01101 01106 ITEM sSelector; 01107 01112 ITEM tSelector; 01113 01118 unsigned int nAddressCount; 01119 01124 ITEM * nAddress; 01125 } PRESENTATION_ADDR; 01126 01142 typedef struct EXTENDED_NETWORK_ADDR { 01143 01162 unsigned int type; 01163 union { 01164 E163_4_ADDR e1634Addr; 01165 PRESENTATION_ADDR presentationAddr; 01166 01177 } addr; 01178 } EXTENDED_NETWORK_ADDR; 01179 01180 /* defined integer values for EA_TERMINAL_TYPE */ 01181 #define EA_TT_TELEX 3 01182 #define EA_TT_TELETEX 4 01183 #define EA_TT_G3_FACSIMILE 5 01184 #define EA_TT_G4_FACSIMILE 6 01185 #define EA_TT_IA5_TERMINAL 7 01186 #define EA_TT_VIDEOTEX 8 01187 01188 /* ENTENSION_ATTRIBUTE type values */ 01189 #define EA_COMMON_NAME 1 /* ITEM - Printable string */ 01190 #define EA_TELETEX_COMMON_NAME 2 /* ITEM - Teletex/T61 string */ 01191 #define EA_TELETEX_ORG_NAME 3 /* ITEM - Teletex/T61 string */ 01192 #define EA_TELETEX_PERSONAL_NAME 4 /* TELETEX_PERSONAL_NAME */ 01193 #define EA_TELETEX_ORG_UNIT_NAME 5 /* ORG_UNIT_NAMES */ 01194 #define EA_TELETEX_DOMAIN_DEFINED_ATTRS 6 /* TELETEX_DOMAIN_DEFINED_ATTRS */ 01195 #define EA_PDS_NAME 7 /* ITEM - Printable string */ 01196 #define EA_PHYSICAL_DELIVERY_COUNTRY_NAME 8 /* TYPED_STRING - either printable 01197 string or numeric string */ 01198 #define EA_POSTAL_CODE 9 /* TYPED_STRING - either printable 01199 string or numeric string */ 01200 #define EA_PHYSICAL_DELIVERY_OFFICE_NAME 10 /* PDS_PARAMETER */ 01201 #define EA_PHYSICAL_DELIVERY_OFFICE_NUMBER 11 /* PDS_PARAMETER */ 01202 #define EA_EXTENSION_OR_ADDR_COMPONENTS 12 /* PDS_PARAMETER */ 01203 #define EA_PHYSICAL_DELIVERY_PERSONAL_NAME 13 /* PDS_PARAMETER */ 01204 #define EA_PHYSICAL_DELIVERY_ORG_NAME 14 /* PDS_PARAMETER */ 01205 #define EA_PHYSICAL_DELIVERY_ADDR_COMPONENTS 15 /* PDS_PARAMETER */ 01206 #define EA_UNFORMATTED_POSTAL_ADDR 16 /* UNFORMATTED_POSTAL_ADDR */ 01207 #define EA_STREET_ADDR 17 /* PDS_PARAMETER */ 01208 #define EA_PO_BOX 18 /* PDS_PARAMETER */ 01209 #define EA_POSTE_RESTANTE_ADDR 19 /* PDS_PARAMETER */ 01210 #define EA_UNIQUE_POSTAL_NAME 20 /* PDS_PARAMETER */ 01211 #define EA_LOCAL_POSTAL_ATTRS 21 /* PDS_PARAMETER */ 01212 #define EA_EXTENDED_NETWORK_ADDR 22 /* EXTENDED_NETWORK_ADDR */ 01213 #define EA_TERMINAL_TYPE 23 /* Integer */ 01214 01219 typedef struct EXTENSION_ATTRIBUTE { 01220 01309 unsigned int type; 01310 01316 POINTER value; 01317 } EXTENSION_ATTRIBUTE; 01318 01324 typedef struct EXTENSION_ATTRIBUTES { 01325 01331 unsigned int extensionAttributesCount; 01332 01337 EXTENSION_ATTRIBUTE *extensionAttribute; 01338 } EXTENSION_ATTRIBUTES; 01339 01346 typedef struct OR_ADDRESS { 01347 01352 STANDARD_ATTRIBUTES standardAttributes; 01353 01358 DEFINED_ATTRIBUTES definedAttributes; 01359 01364 EXTENSION_ATTRIBUTES extensionAttributes; 01365 } OR_ADDRESS; 01366 01389 typedef struct ALTERNATE_NAME { 01390 01427 unsigned int altNameType; 01428 01469 union { 01470 OTHER_NAME otherName; 01471 ITEM rfc822Name; 01472 ITEM dNSName; 01473 OR_ADDRESS x400Address; 01474 NAME_OBJ directoryName; 01475 EDI_PARTY_NAME ediPartyName; 01476 ITEM resourceLocator; 01477 ITEM ipAddress; 01478 ITEM registeredID; 01479 } altName; 01480 } ALTERNATE_NAME; 01481 01495 typedef ALTERNATE_NAME GENERAL_NAME; 01496 01514 typedef ALTERNATE_NAME ISSUER_ALTNAME; 01515 01516 /* Subject Alt Name extension value type 01517 */ 01518 01541 typedef ALTERNATE_NAME SUBJECT_ALTNAME; 01542 01558 typedef struct AUTHORITY_KEY_ID { 01559 01567 ITEM keyIdentifier; 01576 ITEM serialNumber; 01577 01583 unsigned int issuerNameCount; 01584 01594 ALTERNATE_NAME *issuerNames; 01595 } AUTHORITY_KEY_ID; 01596 01597 /* basicConstraint extension flags */ 01598 #define SUBJECT_TYPE_END_ENTITY 0 /* subject is an end user */ 01599 #define SUBJECT_TYPE_CA 1 /* subject may act as a CA */ 01600 #define UNLIMITED_PATH_LEN -1 /* certificate path length is unlimited */ 01601 #define NOT_IN_USE -2 /* field is not used and should be ignored */ 01602 01603 01614 typedef struct BASIC_CONSTRAINTS { 01615 01631 unsigned int subjectType; 01632 01663 int pathLenConstraint; 01664 } BASIC_CONSTRAINTS; 01665 01666 01675 typedef struct PRIVATE_KEY_USAGE_PERIOD { 01676 01682 GENERALIZED_TIME start; 01683 01690 GENERALIZED_TIME end; 01691 } PRIVATE_KEY_USAGE_PERIOD; 01692 01693 01694 /* Well known policy identifier values 01695 */ 01696 extern unsigned char CERT_POLICY_ANYPOLICY[]; 01697 01698 #define CERT_POLICY_ANYPOLICY_LEN 4 01699 01700 01704 typedef struct QualifierInfo{ 01705 01710 ITEM qualifierID; 01711 01725 ITEM qualifier; 01726 }QualifierInfo; 01727 01738 typedef struct POLICY_INFO { 01739 01744 ITEM policyID; 01745 01750 unsigned int qualifierInfoCount; 01751 01758 QualifierInfo *qualifierInfo; 01759 } POLICY_INFO; 01760 01761 01762 /* policyConstraints extension. This extension uses OID {id-ce 36} 01763 and replaces the deprecated Policy Constraints extension which used 01764 the OID {id-ce 34}.*/ 01773 typedef struct POLICY_CONSTRAINTS_36 { 01774 01780 int requireExplicitPolicy; 01781 01787 int inhibitPolicyMapping; 01788 } POLICY_CONSTRAINTS_36; 01789 01790 /* extended Key purpose OID*/ 01791 extern unsigned char KP_SERVERAUTH[]; 01792 extern unsigned char KP_CLIENTAUTH[]; 01793 extern unsigned char KP_CODESIGNING[]; 01794 extern unsigned char KP_EMAILPROTECTION[]; 01795 extern unsigned char KP_IPSECENDSYSTEM[]; 01796 extern unsigned char KP_IPSECTUNNEL[]; 01797 extern unsigned char KP_IPSECUSER[]; 01798 extern unsigned char KP_TIMESTAMPING[]; 01799 extern unsigned char KP_OCSPSIGNING[]; 01800 01801 /* extended Key purpose OID lengths */ 01802 #define KP_SERVERAUTH_LEN 8 01803 #define KP_CLIENTAUTH_LEN 8 01804 #define KP_CODESIGNING_LEN 8 01805 #define KP_EMAILPROTECTION_LEN 8 01806 #define KP_IPSECENDSYSTEM_LEN 8 01807 #define KP_IPSECTUNNEL_LEN 8 01808 #define KP_IPSECUSER_LEN 8 01809 #define KP_TIMESTAMPING_LEN 8 01810 #define KP_OCSPSIGNING_LEN 8 01811 01823 typedef struct EXTENDED_KEY_USAGE { 01824 01854 ITEM keyUsagePurpose; 01855 } EXTENDED_KEY_USAGE; 01856 01861 typedef struct GENERAL_SUBTREE { 01862 01868 ALTERNATE_NAME base; 01869 01882 int minimum; 01883 01899 int maximum; 01900 } GENERAL_SUBTREE; 01901 01916 typedef struct NAME_CONSTRAINTS { 01917 01922 unsigned int permittedSubtreeCount; 01923 01931 GENERAL_SUBTREE *permittedSubtrees; 01932 01937 unsigned int excludedSubtreeCount; 01938 01946 GENERAL_SUBTREE *excludedSubtrees; 01947 } NAME_CONSTRAINTS; 01948 01960 typedef struct POLICY_MAPPING { 01961 01966 ITEM issuerDomainPolicy; 01967 01972 ITEM subjectDomainPolicy; 01973 } POLICY_MAPPING; 01974 01975 /* CRL Distribution Points - Certificate Extension 01976 The CRL distribution points extension identifies how CRL 01977 information is obtained. This certificate extension 01978 can have multiple values at any instance. 01979 */ 01980 #define DPN_FULL_NAME 0 01981 #define DPN_RELATIVE_NAME 1 01982 01989 typedef struct GENERAL_NAMES { 01990 01995 unsigned int nameCount; 01996 02000 GENERAL_NAME *names; 02001 } GENERAL_NAMES; 02002 02022 typedef struct DIST_POINT_NAME { 02023 02039 unsigned int nameType; 02040 union { 02041 GENERAL_NAMES fullNames; 02042 NAME_OBJ nameRelativeToCRLIssuer; 02043 02056 } name; 02057 } DIST_POINT_NAME; 02058 02069 typedef struct DISTRIBUTION_POINT { 02070 02076 DIST_POINT_NAME *distPointName; 02077 02108 UINT4 reasons; 02109 02117 GENERAL_NAMES *cRLIssuers; 02118 } DISTRIBUTION_POINT; 02119 02120 /* DistributionPoint and IssuingDistributionPoint reasons values */ 02121 #define DPR_NO_REASONS 0x00000000 02122 #define DPR_UNUSED 0x00000040 02123 #define DPR_KEY_COMPROMISE 0x00000020 02124 #define DPR_CA_COMPROMISE 0x00000010 02125 #define DPR_AFFILIATION_CHANGED 0x00000008 02126 #define DPR_SUPERSEDED 0x00000004 02127 #define DPR_CESSATION_OF_OPERATION 0x00000002 02128 #define DPR_CERTIFICATE_HOLD 0x00000001 02129 02130 /* Issuing Distribute Point - CRL extension */ 02131 #define IDP_VALUE_FALSE 0 02132 #define IDP_VALUE_TRUE 1 02133 02142 typedef struct ISSUING_DISTRIBUTION_POINT { 02143 02148 DIST_POINT_NAME *distributionPoint; 02149 02166 int userCerts; 02167 02184 int CACerts; 02185 02216 UINT4 reasons; 02217 02239 int indirectCRL; 02240 } ISSUING_DISTRIBUTION_POINT; 02241 02266 typedef GENERAL_NAME CERT_ISSUER ; 02267 02268 /* AIA access method OIDs and lengths */ 02269 extern unsigned char AIA_CAISSUERS[]; 02270 extern unsigned char AIA_OCSP[]; 02271 #define AIA_CAISSUERS_LEN 8 02272 #define AIA_OCSP_LEN 8 02273 02288 typedef struct AIA_DESCRIPTION { 02289 02305 ITEM accessMethod; 02310 GENERAL_NAME accessLocation; 02311 } AIA_DESCRIPTION; 02312 02368 typedef unsigned int REASON_CODE; 02369 02370 /* CRL Reason Extensions values */ 02371 #define CR_UNSPECIFIED 0 02372 #define CR_KEY_COMPROMISE 1 02373 #define CR_CA_COMPROMISE 2 02374 #define CR_AFFILIATION_CHANGED 3 02375 #define CR_SUPERSEDED 4 02376 #define CR_CESSATION_OF_OPERATION 5 02377 #define CR_CERTIFICATE_HOLD 6 02378 #define CR_REMOVE_FROM_CRL 8 02379 #define CR_PRIVILEGE_WITHDRAWN 9 02380 #define CR_AA_COMPROMISE 10 02381 02382 #define CR_LAST CR_AA_COMPROMISE 02383 02387 typedef struct OCSP_ACCEPTABLE_RESPONSES { 02388 02392 unsigned int numTypes; 02393 02400 ITEM *type; 02401 } OCSP_ACCEPTABLE_RESPONSES; 02402 02403 /* Supported OCSP response types are NOT defined here */ 02404 02411 typedef enum { 02412 OCSP_CRLREF_TYPE_UNSPECIFIED=0, 02413 OCSP_CRLREF_TYPE_URL =1, 02414 OCSP_CRLREF_TYPE_NUMBER =2, 02415 OCSP_CRLREF_TYPE_TIME =3 02416 } OCSP_CRLREF_TYPE; 02417 02435 typedef struct { 02436 02454 OCSP_CRLREF_TYPE type; 02455 02470 union { 02471 ITEM url; 02472 ITEM number; 02473 GENERALIZED_TIME time; 02474 } info; 02475 } OCSP_CRL_REFERENCE; 02476 02497 typedef GENERALIZED_TIME ARCHIVE_CUTOFF; 02498 02523 typedef ITEM INSTRUCTION_CODE; 02524 02543 typedef GENERALIZED_TIME INVALID_DATE; 02544 02545 int C_GetExtensionTypeInfo ( 02546 CERTC_CTX ctx, /* Cert-C context */ 02547 unsigned char *type, /* extension OID */ 02548 unsigned int typeLen, /* extension OID length */ 02549 EXTENSION_TYPE_INFO *info); /* extension definition */ 02550 02551 int C_RegisterExtensionType ( 02552 CERTC_CTX ctx, /* Cert-C context */ 02553 EXTENSION_TYPE_INFO *info); /* extension definition */ 02554 02555 int C_UnregisterExtensionType ( 02556 CERTC_CTX ctx, /* Cert-C context */ 02557 unsigned char *type, /* extension OID */ 02558 unsigned int typeLen); /* extension OID length */ 02559 02560 int C_CreateExtensionsObject ( 02561 EXTENSIONS_OBJ *extensionsObject, /* extensions object */ 02562 unsigned int extensionsObjectType, /* extensions object type */ 02563 CERTC_CTX ctx); /* Cert-C context */ 02564 02565 void C_DestroyExtensionsObject ( 02566 EXTENSIONS_OBJ *extensionsObject); /* extensions object */ 02567 02568 int C_FindExtensionByType ( 02569 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02570 unsigned char *type, /* extension OID */ 02571 unsigned int typeLen, /* extension OID length */ 02572 unsigned int *index); /* index of extension entry */ 02573 02574 int C_GetExtensionTypeByIndex ( 02575 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02576 unsigned char **type, /* extension OID */ 02577 unsigned int *typeLen, /* extension OID length */ 02578 unsigned int index); /* index of extension entry */ 02579 02580 int C_GetExtensionCount ( 02581 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02582 unsigned int *count); /* extension entry count */ 02583 02584 void C_ResetExtensionsObject ( 02585 EXTENSIONS_OBJ extensionsObject); /* extensions object */ 02586 02587 int C_GetExtensionsObjectDER ( 02588 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02589 unsigned char **der, /* DER encoded extension */ 02590 unsigned int *derLen); /* length of DER encoding */ 02591 02592 int C_SetExtensionsObjectBER ( 02593 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02594 unsigned char *ber, /* BER encoded extension */ 02595 unsigned int berLen); /* length of BER encoding */ 02596 02597 int C_GetExtensionsInAttributesObj ( 02598 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02599 ATTRIBUTES_OBJ attributesObject); /* attributes object */ 02600 02601 int C_GetAttributeInExtensionsObj ( 02602 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02603 ATTRIBUTES_OBJ attributesObject); /* attributes object */ 02604 02605 /* Extension entry routines */ 02606 02607 int C_CreateExtension ( 02608 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02609 unsigned char *type, /* extension OID */ 02610 unsigned int typeLen, /* extension OID Length */ 02611 unsigned int *index, /* new extension index */ 02612 int criticality, /* new extension criticality */ 02613 EXTENSION_HANDLER *newHandler); /* extension handler */ 02614 02615 int C_SetExtensionBER ( 02616 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02617 unsigned int *index, /* index of extension entry */ 02618 unsigned char *ber, /* BER encoded extension */ 02619 unsigned int berLen); /* length of BER encoding */ 02620 02621 int C_GetExtensionValue ( 02622 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02623 unsigned int extenIndex, /* index of extension entry */ 02624 unsigned int valueIndex, /* index of extension's value */ 02625 POINTER *value); /* extension's value */ 02626 02627 /* Extension value routines */ 02628 02629 int C_DestroyExtension ( 02630 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02631 unsigned int index); /* index of extension entry */ 02632 02633 int C_GetExtensionInfo ( 02634 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02635 unsigned int index, /* index of extension */ 02636 EXTENSION_INFO *extensionInfo); /* extension information */ 02637 02638 int C_AddExtensionValue ( 02639 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02640 unsigned int index, /* extension's index */ 02641 POINTER value, /* extension's value */ 02642 unsigned int *valueIndex); /* new extension value's index */ 02643 02644 int C_DeleteExtensionValue ( 02645 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02646 unsigned int index, /* index of extension entry */ 02647 unsigned int valueIndex); /* indext of extension's value */ 02648 02649 int C_GetExtensionDER ( 02650 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02651 unsigned int index, /* index of extension entry */ 02652 unsigned char **valueDER, /* DER encoded extension entry */ 02653 unsigned int *valueDERLen); /* length of DER encoding */ 02654 02655 int C_GetEncodedExtensionValue ( 02656 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02657 unsigned int index, /* index of extension entry */ 02658 unsigned char **encodedValue, /* encoded enxtension value */ 02659 unsigned int *encodedValueLen); /* encoded enxtension value length */ 02660 02661 int C_SetEncodedExtensionValue ( 02662 EXTENSIONS_OBJ extensionsObject, /* extensions object */ 02663 unsigned int index, /* index of extension entry */ 02664 unsigned char *encodedValue, /* encoded enxtension value */ 02665 unsigned int encodedValueLen); /* encoded enxtension value length */ 02666 02667 int C_CompareExtension ( 02668 EXTENSIONS_OBJ extensionsObject1, /* 1st extensions object */ 02669 unsigned int extensionIndex1, /* index of 1st extension entry */ 02670 EXTENSIONS_OBJ extensionsObject2, /* 2nd extensions object */ 02671 unsigned int extensionIndex2); /* index of 2nd extension entry */ 02672 02673 int C_CompareExtensions ( 02674 EXTENSIONS_OBJ extensionsObject1, /* 1st extensions object */ 02675 EXTENSIONS_OBJ extensionsObject2); /* 2nd extensions object */ 02676 02677 #ifdef __cplusplus 02678 } 02679 #endif 02680 02681 #endif /* HEADER_BSAFE_CERTC_CERTEXT */