X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b1ab9ed8d0e0f1c3b66d7daa8fd5564444c56195..e3d3b979fd185d8303f28a937baa53a187fb8c7d:/libsecurity_cssm/lib/cssmapple.h?ds=sidebyside diff --git a/libsecurity_cssm/lib/cssmapple.h b/libsecurity_cssm/lib/cssmapple.h index 4a1e954d..d31eb406 100644 --- a/libsecurity_cssm/lib/cssmapple.h +++ b/libsecurity_cssm/lib/cssmapple.h @@ -1,15 +1,15 @@ /* - * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved. - * + * Copyright (c) 2000-2013 Apple Inc. All Rights Reserved. + * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,7 +17,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ * * cssmapple.h -- CSSM features specific to Apple's Implementation @@ -120,7 +120,7 @@ enum enum { CSSM_ACL_AUTHORIZATION_CHANGE_ACL = CSSM_ACL_AUTHORIZATION_TAG_VENDOR_DEFINED_START, CSSM_ACL_AUTHORIZATION_CHANGE_OWNER, - + // the "pre-auth" tags form a contiguous range of (up to) 64K pre-authorizations CSSM_ACL_AUTHORIZATION_PREAUTH_BASE = CSSM_ACL_AUTHORIZATION_TAG_VENDOR_DEFINED_START + 0x1000000, @@ -190,7 +190,7 @@ enum { /* preauth tracking state */ CSSM_ACL_PREAUTH_TRACKING_COUNT_MASK = 0xff, /* mask for count status */ CSSM_ACL_PREAUTH_TRACKING_BLOCKED = 0, /* retries exhausted; the slot is blocked */ /* 0 .. 255 is a count of (re)tries remaining */ - + /* bits or'ed into any count given */ CSSM_ACL_PREAUTH_TRACKING_UNKNOWN = 0x40000000, /* status of slot is unknown (ignore count) */ CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED = 0x80000000 /* the slot is currently authorized (or'ed in) */ @@ -208,7 +208,7 @@ enum { CSSM_ALGID_APPLE_YARROW = CSSM_ALGID_VENDOR_DEFINED, CSSM_ALGID_AES, /* RijnDael */ - CSSM_ALGID_FEE, /* FEE Key Generation */ + CSSM_ALGID_FEE, /* FEE Key Generation */ CSSM_ALGID_FEE_MD5, /* FEE/ElGamal signature w/ MD5 hash */ CSSM_ALGID_FEE_SHA1, /* FEE/ElGamal signature w/ SHA1 hash */ CSSM_ALGID_FEED, /* 1:1 FEE asymmetric encryption */ @@ -255,7 +255,7 @@ enum { /* X509 SubjectPublicKeyInfo */ CSSM_KEYBLOB_RAW_FORMAT_X509 = CSSM_KEYBLOB_RAW_FORMAT_VENDOR_DEFINED, /* OpenSSH v1 */ - CSSM_KEYBLOB_RAW_FORMAT_OPENSSH, + CSSM_KEYBLOB_RAW_FORMAT_OPENSSH, /* openssl-style DSA private key */ CSSM_KEYBLOB_RAW_FORMAT_OPENSSL, /* OpenSSH v2 */ @@ -266,7 +266,7 @@ enum { enum { CSSM_CUSTOM_COMMON_ERROR_EXTENT = 0x00e0, - + CSSM_ERRCODE_NO_USER_INTERACTION = 0x00e0, CSSM_ERRCODE_USER_CANCELED = 0x00e1, CSSM_ERRCODE_SERVICE_NOT_AVAILABLE = 0x00e2, @@ -283,7 +283,7 @@ enum { CSSMERR_CL_NO_USER_INTERACTION = CSSM_CL_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION, CSSMERR_DL_NO_USER_INTERACTION = CSSM_DL_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION, CSSMERR_TP_NO_USER_INTERACTION = CSSM_TP_BASE_ERROR + CSSM_ERRCODE_NO_USER_INTERACTION, - + CSSMERR_CSSM_USER_CANCELED = CSSM_CSSM_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED, CSSMERR_AC_USER_CANCELED = CSSM_AC_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED, CSSMERR_CSP_USER_CANCELED = CSSM_CSP_BASE_ERROR + CSSM_ERRCODE_USER_CANCELED, @@ -331,18 +331,18 @@ enum { enum { CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT = CSSM_CSP_PRIVATE_ERROR + 0, /* - * An attempt was made to use a public key which is incomplete due to + * An attempt was made to use a public key which is incomplete due to * the lack of algorithm-specific parameters. */ CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE = CSSM_CSP_PRIVATE_ERROR + 1, - + /* a code signature match failed */ CSSMERR_CSP_APPLE_SIGNATURE_MISMATCH = CSSM_CSP_PRIVATE_ERROR + 2, - + /* Key StartDate/EndDate invalid */ CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE = CSSM_CSP_PRIVATE_ERROR + 3, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE = CSSM_CSP_PRIVATE_ERROR + 4, - + /* Keychain Syncing error codes */ CSSMERR_CSPDL_APPLE_DL_CONVERSION_ERROR = CSSM_CSP_PRIVATE_ERROR + 5, @@ -372,10 +372,10 @@ enum { // The input parameter is a CSSM_BOOL, where TRUE turns autocommit on // and FALSE turns it off. CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT, - + // Commit any pending changes to the database. CSSM_APPLEFILEDL_COMMIT, - + // Rollback and discard any pending changes to the database. CSSM_APPLEFILEDL_ROLLBACK }; @@ -393,27 +393,27 @@ enum was neither NULL nor a pointer to a valid CSSM_APPLEDL_OPEN_PARAMETERS structure. */ CSSMERR_APPLEDL_INVALID_OPEN_PARAMETERS = CSSM_DL_PRIVATE_ERROR + 0, - + /* an operation failed because the disk was full */ CSSMERR_APPLEDL_DISK_FULL = CSSM_DL_PRIVATE_ERROR + 1, - + /* an operation failed because a disk quota was exceeded */ CSSMERR_APPLEDL_QUOTA_EXCEEDED = CSSM_DL_PRIVATE_ERROR + 2, - + /* an operation failed because a file was too large */ CSSMERR_APPLEDL_FILE_TOO_BIG = CSSM_DL_PRIVATE_ERROR + 3, - + /* a keychain database's internal information ("blob") is invalid */ CSSMERR_APPLEDL_INVALID_DATABASE_BLOB = CSSM_DL_PRIVATE_ERROR + 4, CSSMERR_APPLEDL_INVALID_KEY_BLOB = CSSM_DL_PRIVATE_ERROR + 5, - + /* the internal data format version for a database's internal information ("blob") is invalid */ CSSMERR_APPLEDL_INCOMPATIBLE_DATABASE_BLOB = CSSM_DL_PRIVATE_ERROR + 6, - CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB = CSSM_DL_PRIVATE_ERROR + 7, + CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB = CSSM_DL_PRIVATE_ERROR + 7, }; /* Apple X509TP private error codes. */ -enum +enum { /* Host name mismatch */ CSSMERR_APPLETP_HOSTNAME_MISMATCH = CSSM_TP_PRIVATE_ERROR + 0, @@ -472,7 +472,7 @@ enum /* S/MIME, leaf with empty subject name and no email addrs * in SubjectAltName */ CSSMERR_APPLETP_SMIME_NO_EMAIL_ADDRS = CSSM_TP_PRIVATE_ERROR + 28, - /* S/MIME, leaf with empty subject name, SubjectAltName + /* S/MIME, leaf with empty subject name, SubjectAltName * not critical */ CSSMERR_APPLETP_SMIME_SUBJ_ALT_NAME_NOT_CRIT = CSSM_TP_PRIVATE_ERROR + 29, /* Appropriate SSL ExtendedKeyUsage not found */ @@ -521,22 +521,24 @@ enum CSSMERR_APPLETP_CODE_SIGN_DEVELOPMENT = CSSM_TP_PRIVATE_ERROR + 51, /* Illegal cert chain length for Resource Signing */ CSSMERR_APPLETP_RS_BAD_CERT_CHAIN_LENGTH = CSSM_TP_PRIVATE_ERROR + 52, - /* bad extended key usage for Resource Signing */ + /* Bad extended key usage for Resource Signing */ CSSMERR_APPLETP_RS_BAD_EXTENDED_KEY_USAGE = CSSM_TP_PRIVATE_ERROR + 53, /* Trust Setting: deny */ CSSMERR_APPLETP_TRUST_SETTING_DENY = CSSM_TP_PRIVATE_ERROR + 54, - /* invalid empty SubjectName */ + /* Invalid empty SubjectName */ CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT = CSSM_TP_PRIVATE_ERROR + 55, - /* unknown critical Qualified Cert Statement ID */ + /* Unknown critical Qualified Cert Statement ID */ CSSMERR_APPLETP_UNKNOWN_QUAL_CERT_STATEMENT = CSSM_TP_PRIVATE_ERROR + 56, /* Missing required extension */ CSSMERR_APPLETP_MISSING_REQUIRED_EXTENSION = CSSM_TP_PRIVATE_ERROR + 57, /* Extended key usage not marked critical */ - CSSMERR_APPLETP_EXT_KEYUSAGE_NOT_CRITICAL = CSSM_TP_PRIVATE_ERROR + 58 + CSSMERR_APPLETP_EXT_KEYUSAGE_NOT_CRITICAL = CSSM_TP_PRIVATE_ERROR + 58, + /* Required name or identifier not present */ + CSSMERR_APPLETP_IDENTIFIER_MISSING = CSSM_TP_PRIVATE_ERROR + 59 }; /* Apple .mac TP private error codes. */ -enum +enum { /* cert request queued */ CSSMERR_APPLE_DOTMAC_REQ_QUEUED = CSSM_TP_PRIVATE_ERROR + 100, @@ -663,13 +665,13 @@ enum The OutputParams argument is ignored. The SecurityServer might put up UI (though the SecurityAgent) when this function is called. */ CSSM_APPLECSPDL_DB_CHANGE_PASSWORD =5, - + /* Return the SecurityServer database handle for the database specified by the DLDBHandle */ CSSM_APPLECSPDL_DB_GET_HANDLE = 6, - + /* Given a CSSM_KEY for the CSPDL, return the SecurityServer key handle */ CSSM_APPLESCPDL_CSP_GET_KEYHANDLE = 7, - + CSSM_APPLE_PRIVATE_CSPDL_CODE_8 = 8, CSSM_APPLE_PRIVATE_CSPDL_CODE_9 = 9, CSSM_APPLE_PRIVATE_CSPDL_CODE_10 = 10, @@ -679,13 +681,15 @@ enum CSSM_APPLE_PRIVATE_CSPDL_CODE_14 = 14, CSSM_APPLE_PRIVATE_CSPDL_CODE_15 = 15, CSSM_APPLE_PRIVATE_CSPDL_CODE_16 = 16, - - /* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the - * associated key blob. + CSSM_APPLE_PRIVATE_CSPDL_CODE_17 = 17, + CSSM_APPLE_PRIVATE_CSPDL_CODE_18 = 18, + + /* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the + * associated key blob. * Key is specified in CSSM_CSP_CreatePassThroughContext. * Hash is allocated bythe CSP, in the App's memory, and returned * in *outData. */ - CSSM_APPLECSP_KEYDIGEST = 0x100 + CSSM_APPLECSP_KEYDIGEST = 0x100 }; @@ -712,7 +716,7 @@ typedef struct cssm_applecspdl_db_change_password_parameters /* Custom wrapped key formats */ enum { CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM = 100, - CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSL, // traditional openssl + CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSL, // traditional openssl CSSM_KEYBLOB_WRAPPED_FORMAT_OPENSSH1 // OpenSSH v1 }; @@ -724,61 +728,61 @@ enum { }; enum { - /* + /* * Public Key attribute for use with CSSM_ALGID_FEED. */ - CSSM_ATTRIBUTE_PUBLIC_KEY = + CSSM_ATTRIBUTE_PUBLIC_KEY = (CSSM_ATTRIBUTE_DATA_KEY | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 0)), - + /* * FEE key attributes. * See CSSM_FEE_PRIME_TYPE_xxx, CSSM_FEE_CURVE_TYPE_xxx enums, below. */ - CSSM_ATTRIBUTE_FEE_PRIME_TYPE = + CSSM_ATTRIBUTE_FEE_PRIME_TYPE = (CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 1)), - CSSM_ATTRIBUTE_FEE_CURVE_TYPE = + CSSM_ATTRIBUTE_FEE_CURVE_TYPE = (CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 2)), - + /* * Apple Secure Compression (ComCryption) optimization. * See CSSM_ASC_OPTIMIZE_xxx, enums, below. */ - CSSM_ATTRIBUTE_ASC_OPTIMIZATION = + CSSM_ATTRIBUTE_ASC_OPTIMIZATION = (CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 3)), - + /* * RSA blinding. Value is integer, nonzero (blinding on) or zero. */ - CSSM_ATTRIBUTE_RSA_BLINDING = + CSSM_ATTRIBUTE_RSA_BLINDING = (CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 4)), - + /* * Additional public key from which to obtain algorithm-specific * parameters. */ - CSSM_ATTRIBUTE_PARAM_KEY = + CSSM_ATTRIBUTE_PARAM_KEY = (CSSM_ATTRIBUTE_DATA_KEY | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 5)), - + /* * Prompt string for CSSM_ALGID_SECURE_PASSPHRASE key acquisition. - * Data is a UTF8-encoded external representation of a CFString. + * Data is a UTF8-encoded external representation of a CFString. */ - CSSM_ATTRIBUTE_PROMPT = + CSSM_ATTRIBUTE_PROMPT = (CSSM_ATTRIBUTE_DATA_CSSM_DATA | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 6)), /* * Alert panel title for CSSM_ALGID_SECURE_PASSPHRASE key acquisition. - * Data is a UTF8-encoded external representation of a CFString. + * Data is a UTF8-encoded external representation of a CFString. */ - CSSM_ATTRIBUTE_ALERT_TITLE = + CSSM_ATTRIBUTE_ALERT_TITLE = (CSSM_ATTRIBUTE_DATA_CSSM_DATA | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 7)), /* - * Boolean to specify whether secure passphrase is being used to encrypt or to - * recover data. In the former case the user will be prompted to enter the + * Boolean to specify whether secure passphrase is being used to encrypt or to + * recover data. In the former case the user will be prompted to enter the * passphrase twice. Value is integer, nonzero (verify passphrase) or zero. */ - CSSM_ATTRIBUTE_VERIFY_PASSPHRASE = + CSSM_ATTRIBUTE_VERIFY_PASSPHRASE = (CSSM_ATTRIBUTE_DATA_UINT32 | (CSSM_ATTRIBUTE_VENDOR_DEFINED + 8)) }; @@ -826,7 +830,7 @@ enum { * still valid) due to the lack of algorithm-specific parameters. */ CSSM_KEYATTR_PARTIAL = 0x00010000, - + /* * When set, public keys are stored encrypted. Default is to store * public keys in the clear. AppleCSPDL only. @@ -842,32 +846,32 @@ typedef struct { const CSSM_OID *oid; } CSSM_APPLE_TP_NAME_OID; -/* +/* * Certificate request passed to CSSM_TP_SubmitCredRequest() in the * CSSM_TP_AUTHORITY_REQUEST_TYPE.Requests field. Used for requesting * both locally-generated certs (CSSMOID_APPLE_TP_LOCAL_CERT_GEN) and - * cert signing requests (CSSMOID_APPLE_TP_CSR_GEN). + * cert signing requests (CSSMOID_APPLE_TP_CSR_GEN). */ typedef struct { CSSM_CSP_HANDLE cspHand; // sign with this CSP CSSM_CL_HANDLE clHand; // and this CL uint32 serialNumber; uint32 numSubjectNames;// size subjectNames[] - CSSM_APPLE_TP_NAME_OID *subjectNames; - + CSSM_APPLE_TP_NAME_OID *subjectNames; + /* * Issuer name can be expressed in the simplified CSSM_APPLE_TP_NAME_OID - * array, as is the subject name, or as an CSSM_X509_NAME, which is - * typically obtained from a signing cert. - * Exactly one of {issuerNames, issuerNameX509} must be non-NULL. + * array, as is the subject name, or as an CSSM_X509_NAME, which is + * typically obtained from a signing cert. + * Exactly one of {issuerNames, issuerNameX509} must be non-NULL. */ uint32 numIssuerNames; // size issuerNames[] - CSSM_APPLE_TP_NAME_OID *issuerNames; // optional; NULL implies root + CSSM_APPLE_TP_NAME_OID *issuerNames; // optional; NULL implies root // (signer == subject) - CSSM_X509_NAME_PTR issuerNameX509; + CSSM_X509_NAME_PTR issuerNameX509; const CSSM_KEY *certPublicKey; const CSSM_KEY *issuerPrivateKey; - + /* Unfortunately there is no practical way to map any algorithm * to its appropriate OID, and we need both.... */ CSSM_ALGORITHMS signatureAlg; // e.g., CSSM_ALGID_SHA1WithRSA @@ -876,16 +880,16 @@ typedef struct { uint32 notAfter; uint32 numExtensions; CE_DataAndType *extensions; // optional - - /* + + /* * Optional challenge string for CSSMOID_APPLE_TP_CSR_GEN. */ const char *challengeString; } CSSM_APPLE_TP_CERT_REQUEST; -/* - * Options for X509TP's CSSM_TP_CertGroupVerify for policy CSSMOID_APPLE_TP_SSL. - * A pointer to, and length of, one of these is optionally placed in +/* + * Options for X509TP's CSSM_TP_CertGroupVerify for policy CSSMOID_APPLE_TP_SSL. + * A pointer to, and length of, one of these is optionally placed in * CSSM_TP_VERIFY_CONTEXT.Cred->Policy.PolicyIds[n].FieldValue. */ #define CSSM_APPLE_TP_SSL_OPTS_VERSION 1 @@ -900,23 +904,23 @@ typedef struct { typedef struct { uint32 Version; // CSSM_APPLE_TP_SSL_OPTS_VERSION - /* - * The domain name of the server (e.g., "store.apple.com".) In the - * SSL and TLS protocols, this must match the common name of the + /* + * The domain name of the server (e.g., "store.apple.com".) In the + * SSL and TLS protocols, this must match the common name of the * subject cert. Expressed as a C string, optionally NULL terminated * if it is NULL terminated, the length field should include the NULL). */ uint32 ServerNameLen; const char *ServerName; // optional - + /* new fields for struct version 1 */ uint32 Flags; } CSSM_APPLE_TP_SSL_OPTIONS; -/* - * Options for X509TP's CSSM_TP_CertGroupVerify for policy - * CSSMOID_APPLE_TP_REVOCATION_CRL. A pointer to, and length of, one - * of these is optionally placed in +/* + * Options for X509TP's CSSM_TP_CertGroupVerify for policy + * CSSMOID_APPLE_TP_REVOCATION_CRL. A pointer to, and length of, one + * of these is optionally placed in * CSSM_TP_VERIFY_CONTEXT.Cred->Policy.PolicyIds[n].FieldValue. */ #define CSSM_APPLE_TP_CRL_OPTS_VERSION 0 @@ -924,7 +928,7 @@ typedef struct { typedef uint32 CSSM_APPLE_TP_CRL_OPT_FLAGS; enum { // require CRL verification for each cert; default is "try" - CSSM_TP_ACTION_REQUIRE_CRL_PER_CERT = 0x00000001, + CSSM_TP_ACTION_REQUIRE_CRL_PER_CERT = 0x00000001, // enable fetch from network CSSM_TP_ACTION_FETCH_CRL_FROM_NET = 0x00000002, // if set and positive OCSP verify for given cert, no further revocation @@ -937,33 +941,33 @@ enum { typedef struct { uint32 Version; // CSSM_APPLE_TP_CRL_OPTS_VERSION CSSM_APPLE_TP_CRL_OPT_FLAGS CrlFlags; - + /* * When non-NULL, store CRLs fetched from net here. - * This is most likely a pointer to one of the + * This is most likely a pointer to one of the * CSSM_TP_CALLERAUTH_CONTEXT.DBList entries but that * is not a strict requirement. */ CSSM_DL_DB_HANDLE_PTR crlStore; } CSSM_APPLE_TP_CRL_OPTIONS; -/* - * Options for X509TP's CSSM_TP_CertGroupVerify for policy - * CSSMOID_APPLE_TP_SMIME. A pointer to, and length of, one - * of these is optionally placed in +/* + * Options for X509TP's CSSM_TP_CertGroupVerify for policy + * CSSMOID_APPLE_TP_SMIME. A pointer to, and length of, one + * of these is optionally placed in * CSSM_TP_VERIFY_CONTEXT.Cred->Policy.PolicyIds[n].FieldValue. */ #define CSSM_APPLE_TP_SMIME_OPTS_VERSION 0 typedef struct { uint32 Version; // CSSM_APPLE_TP_SMIME_OPTS_VERSION - /* + /* * Intended usage of the leaf cert. The cert's KeyUsage extension, * if present, must be a superset of this. */ CE_KeyUsage IntendedUsage; - - /* + + /* * The email address of the sender. If there is an email address * in the sender's cert, that email address must match this one. * Both (email address in the cert, and this one) are optional. @@ -977,18 +981,18 @@ typedef struct { /* * Optional ActionData for all X509TP CertGroupVerify policies. - * A pointer to, and length of, one of these is optionally placed in + * A pointer to, and length of, one of these is optionally placed in * CSSM_TP_VERIFY_CONTEXT.ActionData. */ typedef uint32 CSSM_APPLE_TP_ACTION_FLAGS; enum { CSSM_TP_ACTION_ALLOW_EXPIRED = 0x00000001, // allow expired certs - CSSM_TP_ACTION_LEAF_IS_CA = 0x00000002, // first cert is a CA + CSSM_TP_ACTION_LEAF_IS_CA = 0x00000002, // first cert is a CA CSSM_TP_ACTION_FETCH_CERT_FROM_NET = 0x00000004, // enable net fetch of CA cert CSSM_TP_ACTION_ALLOW_EXPIRED_ROOT = 0x00000008, // allow expired roots CSSM_TP_ACTION_REQUIRE_REV_PER_CERT = 0x00000010, // require positive revocation // check per cert - CSSM_TP_ACTION_TRUST_SETTINGS = 0x00000020, // use TrustSettings instead of + CSSM_TP_ACTION_TRUST_SETTINGS = 0x00000020, // use TrustSettings instead of // anchors CSSM_TP_ACTION_IMPLICIT_ANCHORS = 0x00000040 // properly self-signed certs are // treated as anchors implicitly @@ -1002,13 +1006,13 @@ typedef struct { /* * Per-cert evidence returned from CSSM_TP_CertGroupVerify. - * An array of these is presented in CSSM_TP_VERIFY_CONTEXT_RESULT.Evidence[2]. + * An array of these is presented in CSSM_TP_VERIFY_CONTEXT_RESULT.Evidence[2]. * Same number of these as in the cert group in Evidence[1]. */ - + /* First, an array of bits indicating various status of the cert. */ typedef uint32 CSSM_TP_APPLE_CERT_STATUS; -enum +enum { CSSM_CERT_STATUS_EXPIRED = 0x00000001, CSSM_CERT_STATUS_NOT_VALID_YET = 0x00000002, @@ -1034,21 +1038,21 @@ typedef struct { CSSM_TP_APPLE_CERT_STATUS StatusBits; uint32 NumStatusCodes; CSSM_RETURN *StatusCodes; - + /* index into raw cert group or AnchorCerts depending on IS_IN_ANCHORS */ - uint32 Index; - + uint32 Index; + /* nonzero if cert came from a DLDB */ CSSM_DL_DB_HANDLE DlDbHandle; CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord; } CSSM_TP_APPLE_EVIDENCE_INFO; /* - * CSSM_TP_VERIFY_CONTEXT_RESULT.Evidence[0], basically defines which version/flavor + * CSSM_TP_VERIFY_CONTEXT_RESULT.Evidence[0], basically defines which version/flavor * of remaining evidence is. */ #define CSSM_TP_APPLE_EVIDENCE_VERSION 0 -typedef struct +typedef struct { uint32 Version; } CSSM_TP_APPLE_EVIDENCE_HEADER; @@ -1068,7 +1072,7 @@ typedef struct */ #define CSSM_EVIDENCE_FORM_APPLE_CUSTOM 0x80000000 -enum +enum { CSSM_EVIDENCE_FORM_APPLE_HEADER = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 0, CSSM_EVIDENCE_FORM_APPLE_CERTGROUP = CSSM_EVIDENCE_FORM_APPLE_CUSTOM + 1, @@ -1077,13 +1081,13 @@ enum /* AppleX509CL extensions: passthrough ids */ enum { - /* + /* * Obtain a signed Certificate Signing Request. * Input = CSSM_APPLE_CL_CSR_REQUEST * Output = allocated CSSM_DATA which points to a DER-encoded CSR. */ CSSM_APPLEX509CL_OBTAIN_CSR, - + /* * Perform signature verify of a CSR. * Input: CSSM_DATA referring to a DER-encoded CSR. @@ -1094,13 +1098,13 @@ enum { }; /* - * Used in CL's CSSM_APPLEX509_OBTAIN_CSR Passthrough. This is the - * input; the output is a CSSM_DATA * containing the signed and + * Used in CL's CSSM_APPLEX509_OBTAIN_CSR Passthrough. This is the + * input; the output is a CSSM_DATA * containing the signed and * DER-encoded CSR. */ typedef struct { - CSSM_X509_NAME_PTR subjectNameX509; - + CSSM_X509_NAME_PTR subjectNameX509; + /* Unfortunately there is no practical way to map any algorithm * to its appropriate OID, and we need both.... */ CSSM_ALGORITHMS signatureAlg; // e.g., CSSM_ALGID_SHA1WithRSA @@ -1109,15 +1113,15 @@ typedef struct { CSSM_CSP_HANDLE cspHand; // sign with this CSP const CSSM_KEY *subjectPublicKey; const CSSM_KEY *subjectPrivateKey; - - /* + + /* * Optional challenge string. */ const char *challengeString; } CSSM_APPLE_CL_CSR_REQUEST; /* - * When a CRL with no NextUpdate field is encountered, we use this time + * When a CRL with no NextUpdate field is encountered, we use this time * as the NextUpdate attribute when storing in a DB. It represents the * virtual end of time in CSSM_TIMESTRING form. */