1 /* 2 * Copyright (c) 2015-2016,2019-2020 Yubico AB 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are 7 * met: 8 * 9 * * Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 12 * * Redistributions in binary form must reproduce the above 13 * copyright notice, this list of conditions and the following 14 * disclaimer in the documentation and/or other materials provided 15 * with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * 29 */ 30 31 #ifndef OBJ_TYPES_H 32 #define OBJ_TYPES_H 33 34 #include "pkcs11y.h" 35 36 // TODO: this is mostly from OpenSC, how to give credit? 37 typedef enum { 38 PIV_DATA_OBJ_X509_PIV_AUTH, // PIV authentication 39 PIV_DATA_OBJ_X509_DS, // Digital signature 40 PIV_DATA_OBJ_X509_KM, // Key management 41 PIV_DATA_OBJ_X509_CARD_AUTH, // Card authentication 42 PIV_DATA_OBJ_X509_RETIRED1, // Retired key 1 43 PIV_DATA_OBJ_X509_RETIRED2, // Retired key 2 44 PIV_DATA_OBJ_X509_RETIRED3, // Retired key 3 45 PIV_DATA_OBJ_X509_RETIRED4, // Retired key 4 46 PIV_DATA_OBJ_X509_RETIRED5, // Retired key 5 47 PIV_DATA_OBJ_X509_RETIRED6, // Retired key 6 48 PIV_DATA_OBJ_X509_RETIRED7, // Retired key 7 49 PIV_DATA_OBJ_X509_RETIRED8, // Retired key 8 50 PIV_DATA_OBJ_X509_RETIRED9, // Retired key 9 51 PIV_DATA_OBJ_X509_RETIRED10, // Retired key 10 52 PIV_DATA_OBJ_X509_RETIRED11, // Retired key 11 53 PIV_DATA_OBJ_X509_RETIRED12, // Retired key 12 54 PIV_DATA_OBJ_X509_RETIRED13, // Retired key 13 55 PIV_DATA_OBJ_X509_RETIRED14, // Retired key 14 56 PIV_DATA_OBJ_X509_RETIRED15, // Retired key 15 57 PIV_DATA_OBJ_X509_RETIRED16, // Retired key 16 58 PIV_DATA_OBJ_X509_RETIRED17, // Retired key 17 59 PIV_DATA_OBJ_X509_RETIRED18, // Retired key 18 60 PIV_DATA_OBJ_X509_RETIRED19, // Retired key 19 61 PIV_DATA_OBJ_X509_RETIRED20, // Retired key 20 62 PIV_DATA_OBJ_X509_ATTESTATION, // Attestation key 63 PIV_DATA_OBJ_CCC, // Card capability container 64 PIV_DATA_OBJ_CHUI, // Cardholder unique id 65 PIV_DATA_OBJ_CHF, // Cardholder fingerprints 66 PIV_DATA_OBJ_SEC_OBJ, // Security object 67 PIV_DATA_OBJ_CHFI, // Cardholder facial images 68 PIV_DATA_OBJ_PI, // Cardholder printed information 69 PIV_DATA_OBJ_DISCOVERY, // Discovery object 70 PIV_DATA_OBJ_HISTORY, // History object 71 PIV_DATA_OBJ_IRIS_IMAGE, // Cardholder iris images 72 PIV_DATA_OBJ_BITGT, // Biometric information templates group template 73 PIV_DATA_OBJ_SM_SIGNER, // Secure messaging signer 74 PIV_DATA_OBJ_PC_REF_DATA, // Pairing code reference data 75 76 PIV_CERT_OBJ_X509_PIV_AUTH, // Certificate for PIV authentication 77 PIV_CERT_OBJ_X509_DS, // Certificate for digital signature 78 PIV_CERT_OBJ_X509_KM, // Certificate for key management 79 PIV_CERT_OBJ_X509_CARD_AUTH, // Certificate for card authentication 80 PIV_CERT_OBJ_X509_RETIRED1, // Certificate for retired key 1 81 PIV_CERT_OBJ_X509_RETIRED2, // Certificate for retired key 2 82 PIV_CERT_OBJ_X509_RETIRED3, // Certificate for retired key 3 83 PIV_CERT_OBJ_X509_RETIRED4, // Certificate for retired key 4 84 PIV_CERT_OBJ_X509_RETIRED5, // Certificate for retired key 5 85 PIV_CERT_OBJ_X509_RETIRED6, // Certificate for retired key 6 86 PIV_CERT_OBJ_X509_RETIRED7, // Certificate for retired key 7 87 PIV_CERT_OBJ_X509_RETIRED8, // Certificate for retired key 8 88 PIV_CERT_OBJ_X509_RETIRED9, // Certificate for retired key 9 89 PIV_CERT_OBJ_X509_RETIRED10, // Certificate for retired key 10 90 PIV_CERT_OBJ_X509_RETIRED11, // Certificate for retired key 11 91 PIV_CERT_OBJ_X509_RETIRED12, // Certificate for retired key 12 92 PIV_CERT_OBJ_X509_RETIRED13, // Certificate for retired key 13 93 PIV_CERT_OBJ_X509_RETIRED14, // Certificate for retired key 14 94 PIV_CERT_OBJ_X509_RETIRED15, // Certificate for retired key 15 95 PIV_CERT_OBJ_X509_RETIRED16, // Certificate for retired key 16 96 PIV_CERT_OBJ_X509_RETIRED17, // Certificate for retired key 17 97 PIV_CERT_OBJ_X509_RETIRED18, // Certificate for retired key 18 98 PIV_CERT_OBJ_X509_RETIRED19, // Certificate for retired key 19 99 PIV_CERT_OBJ_X509_RETIRED20, // Certificate for retired key 20 100 PIV_CERT_OBJ_X509_ATTESTATION, // Certificate for attestation 101 102 PIV_CERT_OBJ_X509_ATTESTATION_PIV_AUTH, // Attestation certificate for PIV_AUTH 103 PIV_CERT_OBJ_X509_ATTESTATION_DS, // Attestation certificate for DS 104 PIV_CERT_OBJ_X509_ATTESTATION_KM, // Attestation certificate for KM 105 PIV_CERT_OBJ_X509_ATTESTATION_CARD_AUTH, // Attestation certificate for CARD_AUTH 106 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED1, // Attestation certificate for RETIRED1 107 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED2, // Attestation certificate for RETIRED2 108 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED3, // Attestation certificate for RETIRED3 109 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED4, // Attestation certificate for RETIRED4 110 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED5, // Attestation certificate for RETIRED5 111 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED6, // Attestation certificate for RETIRED6 112 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED7, // Attestation certificate for RETIRED7 113 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED8, // Attestation certificate for RETIRED8 114 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED9, // Attestation certificate for RETIRED9 115 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED10, // Attestation certificate for RETIRED10 116 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED11, // Attestation certificate for RETIRED11 117 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED12, // Attestation certificate for RETIRED12 118 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED13, // Attestation certificate for RETIRED13 119 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED14, // Attestation certificate for RETIRED14 120 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED15, // Attestation certificate for RETIRED15 121 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED16, // Attestation certificate for RETIRED16 122 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED17, // Attestation certificate for RETIRED17 123 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED18, // Attestation certificate for RETIRED18 124 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED19, // Attestation certificate for RETIRED19 125 PIV_CERT_OBJ_X509_ATTESTATION_RETIRED20, // Attestation certificate for RETIRED20 126 127 PIV_PVTK_OBJ_PIV_AUTH, // Private key for PIV authentication 128 PIV_PVTK_OBJ_DS, // Private key for digital signature 129 PIV_PVTK_OBJ_KM, // Private key for key management 130 PIV_PVTK_OBJ_CARD_AUTH, // Private key for card authentication 131 PIV_PVTK_OBJ_RETIRED1, // Private key for retired key 1 132 PIV_PVTK_OBJ_RETIRED2, // Private key for retired key 2 133 PIV_PVTK_OBJ_RETIRED3, // Private key for retired key 3 134 PIV_PVTK_OBJ_RETIRED4, // Private key for retired key 4 135 PIV_PVTK_OBJ_RETIRED5, // Private key for retired key 5 136 PIV_PVTK_OBJ_RETIRED6, // Private key for retired key 6 137 PIV_PVTK_OBJ_RETIRED7, // Private key for retired key 7 138 PIV_PVTK_OBJ_RETIRED8, // Private key for retired key 8 139 PIV_PVTK_OBJ_RETIRED9, // Private key for retired key 9 140 PIV_PVTK_OBJ_RETIRED10, // Private key for retired key 10 141 PIV_PVTK_OBJ_RETIRED11, // Private key for retired key 11 142 PIV_PVTK_OBJ_RETIRED12, // Private key for retired key 12 143 PIV_PVTK_OBJ_RETIRED13, // Private key for retired key 13 144 PIV_PVTK_OBJ_RETIRED14, // Private key for retired key 14 145 PIV_PVTK_OBJ_RETIRED15, // Private key for retired key 15 146 PIV_PVTK_OBJ_RETIRED16, // Private key for retired key 16 147 PIV_PVTK_OBJ_RETIRED17, // Private key for retired key 17 148 PIV_PVTK_OBJ_RETIRED18, // Private key for retired key 18 149 PIV_PVTK_OBJ_RETIRED19, // Private key for retired key 19 150 PIV_PVTK_OBJ_RETIRED20, // Private key for retired key 20 151 PIV_PVTK_OBJ_ATTESTATION, // Private key for Attestation 152 153 PIV_PUBK_OBJ_PIV_AUTH, // Public key for PIV authentication 154 PIV_PUBK_OBJ_DS, // Public key for digital signature 155 PIV_PUBK_OBJ_KM, // Public key for key management 156 PIV_PUBK_OBJ_CARD_AUTH, // Public key for card authentication 157 PIV_PUBK_OBJ_RETIRED1, // Public key for retired key 1 158 PIV_PUBK_OBJ_RETIRED2, // Public key for retired key 2 159 PIV_PUBK_OBJ_RETIRED3, // Public key for retired key 3 160 PIV_PUBK_OBJ_RETIRED4, // Public key for retired key 4 161 PIV_PUBK_OBJ_RETIRED5, // Public key for retired key 5 162 PIV_PUBK_OBJ_RETIRED6, // Public key for retired key 6 163 PIV_PUBK_OBJ_RETIRED7, // Public key for retired key 7 164 PIV_PUBK_OBJ_RETIRED8, // Public key for retired key 8 165 PIV_PUBK_OBJ_RETIRED9, // Public key for retired key 9 166 PIV_PUBK_OBJ_RETIRED10, // Public key for retired key 10 167 PIV_PUBK_OBJ_RETIRED11, // Public key for retired key 11 168 PIV_PUBK_OBJ_RETIRED12, // Public key for retired key 12 169 PIV_PUBK_OBJ_RETIRED13, // Public key for retired key 13 170 PIV_PUBK_OBJ_RETIRED14, // Public key for retired key 14 171 PIV_PUBK_OBJ_RETIRED15, // Public key for retired key 15 172 PIV_PUBK_OBJ_RETIRED16, // Public key for retired key 16 173 PIV_PUBK_OBJ_RETIRED17, // Public key for retired key 17 174 PIV_PUBK_OBJ_RETIRED18, // Public key for retired key 18 175 PIV_PUBK_OBJ_RETIRED19, // Public key for retired key 19 176 PIV_PUBK_OBJ_RETIRED20, // Public key for retired key 20 177 PIV_PUBK_OBJ_ATTESTATION, // Public key for Attestation 178 PIV_SECRET_OBJ, 179 180 PIV_OBJ_COUNT, 181 PIV_INVALID_OBJ = -1 182 } piv_obj_id_t; 183 184 typedef struct { 185 CK_ULONG len; 186 const char *data; 187 } piv_data_obj_t; 188 189 typedef struct { // TODO: enough to use the public key for the parameters? 190 CK_BBOOL decrypt; 191 CK_BBOOL sign; 192 CK_BBOOL unwrap; 193 CK_BBOOL derive; 194 CK_BBOOL always_auth; 195 } piv_pvtk_obj_t; 196 197 typedef struct { 198 CK_BBOOL encrypt; 199 CK_BBOOL verify; 200 CK_BBOOL wrap; 201 CK_BBOOL derive; 202 } piv_pubk_obj_t; 203 204 typedef struct { 205 CK_MECHANISM_TYPE type; 206 CK_MECHANISM_INFO info; 207 } token_mechanism; 208 209 #endif 210