cssmtype.h   [plain text]

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


/*
   File:      cssmtype.h

   Contains:  Common Security Services Manager Common Data Types

   Copyright: (c) 1999-2000 Apple Computer, Inc., all rights reserved.
*/

#ifndef _CSSMTYPE_H_
#define _CSSMTYPE_H_  1

#include <Security/cssmconfig.h>

#ifdef __cplusplus
extern "C" {
#endif

/* Handle types. */

typedef uint32 CSSM_HANDLE, *CSSM_HANDLE_PTR;

typedef uint64 CSSM_LONG_HANDLE, *CSSM_LONG_HANDLE_PTR;

typedef CSSM_HANDLE CSSM_MODULE_HANDLE, *CSSM_MODULE_HANDLE_PTR;

typedef CSSM_LONG_HANDLE CSSM_CC_HANDLE; /* Cryptographic Context Handle */

typedef CSSM_MODULE_HANDLE CSSM_CSP_HANDLE; /* Cryptographic Service Provider Handle */

typedef CSSM_MODULE_HANDLE CSSM_TP_HANDLE; /* Trust Policy Handle */

typedef CSSM_MODULE_HANDLE CSSM_AC_HANDLE; /* Authorization Computation Handle */

typedef CSSM_MODULE_HANDLE CSSM_CL_HANDLE; /* Certificate Library Handle */

typedef CSSM_MODULE_HANDLE CSSM_DL_HANDLE; /* Data Storage Library Handle */

typedef CSSM_MODULE_HANDLE CSSM_DB_HANDLE; /* Data Storage Database Handle */


/* invalid or NULL value for any CSSM_HANDLE type */
enum {
    CSSM_INVALID_HANDLE =				0
};


/* Data Types for Core Services */

typedef sint32 CSSM_BOOL;
enum {
	CSSM_FALSE =						0,
	CSSM_TRUE =							!CSSM_FALSE
};

/* The standard declares this as uint32 but we changed it to sint32 to match OSStatus. */
typedef sint32 CSSM_RETURN;
enum {
	CSSM_OK =							0
};

enum {
	CSSM_MODULE_STRING_SIZE =			64
};
typedef char CSSM_STRING [CSSM_MODULE_STRING_SIZE + 4];

typedef struct cssm_data {
    uint32 Length; /* in bytes */
    uint8 *Data;
} CSSM_DATA, *CSSM_DATA_PTR;

typedef struct cssm_guid {
    uint32 Data1;
    uint16 Data2;
    uint16 Data3;
    uint8 Data4[8];
} CSSM_GUID, *CSSM_GUID_PTR;

typedef uint32 CSSM_BITMASK;
typedef CSSM_BITMASK CSSM_KEY_HIERARCHY;
enum {
	CSSM_KEY_HIERARCHY_NONE =			0,
	CSSM_KEY_HIERARCHY_INTEG =			1,
	CSSM_KEY_HIERARCHY_EXPORT =			2
};

typedef CSSM_BITMASK CSSM_PVC_MODE;
enum {
	CSSM_PVC_NONE =						0,
	CSSM_PVC_APP =						1,
	CSSM_PVC_SP =						2
};

typedef uint32 CSSM_PRIVILEGE_SCOPE;
enum {
	CSSM_PRIVILEGE_SCOPE_NONE =			0,
	CSSM_PRIVILEGE_SCOPE_PROCESS =		1,
	CSSM_PRIVILEGE_SCOPE_THREAD =		2
};

typedef struct cssm_version {
    uint32 Major;
    uint32 Minor;
} CSSM_VERSION, *CSSM_VERSION_PTR;

typedef uint32 CSSM_SERVICE_MASK;
enum {
	CSSM_SERVICE_CSSM =				0x1,
	CSSM_SERVICE_CSP =				0x2,
	CSSM_SERVICE_DL =				0x4,
	CSSM_SERVICE_CL =				0x8,
	CSSM_SERVICE_TP =				0x10,
	CSSM_SERVICE_AC =				0x20,
	CSSM_SERVICE_KR =				0x40
};

typedef CSSM_SERVICE_MASK CSSM_SERVICE_TYPE;

typedef struct cssm_subservice_uid {
    CSSM_GUID Guid;
    CSSM_VERSION Version;
    uint32 SubserviceId;
    CSSM_SERVICE_TYPE SubserviceType;
} CSSM_SUBSERVICE_UID, *CSSM_SUBSERVICE_UID_PTR;

typedef uint32 CSSM_MODULE_EVENT, *CSSM_MODULE_EVENT_PTR;
enum {
    CSSM_NOTIFY_INSERT =				1,
    CSSM_NOTIFY_REMOVE =				2,
    CSSM_NOTIFY_FAULT =					3
};

typedef CSSM_RETURN (CSSMAPI *CSSM_API_ModuleEventHandler)
    (const CSSM_GUID *ModuleGuid,
     void* AppNotifyCallbackCtx,
     uint32 SubserviceId,
     CSSM_SERVICE_TYPE ServiceType,
     CSSM_MODULE_EVENT EventType);

typedef uint32 CSSM_ATTACH_FLAGS;
enum {
	CSSM_ATTACH_READ_ONLY =			0x00000001
};

/* Non-export privilege range: (0x00000000 - 0x7FFFFFFF) */
/* Vendor specific range: (0x80000000 - 0xFFFFFFFF) */
typedef uint64 CSSM_PRIVILEGE;
typedef CSSM_PRIVILEGE CSSM_USEE_TAG;
enum {
	CSSM_USEE_LAST =					0xFF,
	CSSM_USEE_NONE =					0,
	CSSM_USEE_DOMESTIC =				1,
	CSSM_USEE_FINANCIAL =				2,
	CSSM_USEE_KRLE =					3,
	CSSM_USEE_KRENT =					4,
	CSSM_USEE_SSL =						5,
	CSSM_USEE_AUTHENTICATION =			6,
	CSSM_USEE_KEYEXCH =					7,
	CSSM_USEE_MEDICAL =					8,
	CSSM_USEE_INSURANCE =				9,
	CSSM_USEE_WEAK =					10
};

typedef uint32 CSSM_NET_ADDRESS_TYPE;
enum {
    CSSM_ADDR_NONE =					0,
    CSSM_ADDR_CUSTOM =					1,
    CSSM_ADDR_URL =						2, /* char* */
    CSSM_ADDR_SOCKADDR =				3,
    CSSM_ADDR_NAME =					4 /* char* - qualified by access method */
};

typedef struct cssm_net_address {
    CSSM_NET_ADDRESS_TYPE AddressType;
    CSSM_DATA Address;
} CSSM_NET_ADDRESS, *CSSM_NET_ADDRESS_PTR;

typedef uint32 CSSM_NET_PROTOCOL;
enum {
	CSSM_NET_PROTO_NONE =				0,	/* local */
	CSSM_NET_PROTO_CUSTOM =				1,	/* proprietary implementation */
	CSSM_NET_PROTO_UNSPECIFIED =		2,	/* implementation default */
	CSSM_NET_PROTO_LDAP =				3,	/* light weight directory access protocol */
	CSSM_NET_PROTO_LDAPS =				4,	/* ldap/ssl where SSL initiates the connection */
	CSSM_NET_PROTO_LDAPNS =				5,	/* ldap where ldap negotiates an SSL session */
	CSSM_NET_PROTO_X500DAP =			6,	/* x.500 Directory access protocol */
	CSSM_NET_PROTO_FTP =				7,	/* ftp for cert/crl fetch */
	CSSM_NET_PROTO_FTPS =				8,	/* ftp/ssl/tls where SSL/TLS initiates the connection */
	CSSM_NET_PROTO_OCSP =				9,	/* online certificate status protocol */
	CSSM_NET_PROTO_CMP =				10,	/* the cert request protocol in PKIX3 */
	CSSM_NET_PROTO_CMPS =				11	/* The ssl/tls derivative of CMP */
};

typedef CSSM_RETURN (CSSMAPI *CSSM_CALLBACK)
    (CSSM_DATA_PTR OutData, void *CallerCtx);

typedef struct cssm_crypto_data {
    CSSM_DATA Param;
    CSSM_CALLBACK Callback;
    void *CallerCtx;
} CSSM_CRYPTO_DATA, *CSSM_CRYPTO_DATA_PTR;

typedef sint32 CSSM_WORDID_TYPE;
enum {
	CSSM_WORDID__UNK_ =					-1, /* not in dictionary */
	CSSM_WORDID__NLU_ =					0, /* not yet looked up */
	CSSM_WORDID__STAR_ =				1,
	CSSM_WORDID_A =						2,
	CSSM_WORDID_ACL =					3,
	CSSM_WORDID_ALPHA =					4,
	CSSM_WORDID_B =						5,
	CSSM_WORDID_BER =					6,
	CSSM_WORDID_BINARY =				7,
	CSSM_WORDID_BIOMETRIC =				8,
	CSSM_WORDID_C =						9,
	CSSM_WORDID_CANCELED =				10,
	CSSM_WORDID_CERT =					11,
	CSSM_WORDID_COMMENT =				12,
	CSSM_WORDID_CRL =					13,
	CSSM_WORDID_CUSTOM =				14,
	CSSM_WORDID_D =						15,
	CSSM_WORDID_DATE =					16,
	CSSM_WORDID_DB_DELETE =				17,
	CSSM_WORDID_DB_EXEC_STORED_QUERY =	18,
	CSSM_WORDID_DB_INSERT =				19,
	CSSM_WORDID_DB_MODIFY =				20,
	CSSM_WORDID_DB_READ =				21,
	CSSM_WORDID_DBS_CREATE =			22,
	CSSM_WORDID_DBS_DELETE =			23,
	CSSM_WORDID_DECRYPT =				24,
	CSSM_WORDID_DELETE =				25,
	CSSM_WORDID_DELTA_CRL =				26,
	CSSM_WORDID_DER =					27,
	CSSM_WORDID_DERIVE =				28,
	CSSM_WORDID_DISPLAY =				29,
	CSSM_WORDID_DO =					30,
	CSSM_WORDID_DSA =					31,
	CSSM_WORDID_DSA_SHA1 =				32,
	CSSM_WORDID_E =						33,
	CSSM_WORDID_ELGAMAL =				34,
	CSSM_WORDID_ENCRYPT =				35,
	CSSM_WORDID_ENTRY =					36,
	CSSM_WORDID_EXPORT_CLEAR =			37,
	CSSM_WORDID_EXPORT_WRAPPED =		38,
	CSSM_WORDID_G =						39,
	CSSM_WORDID_GE =					40,
	CSSM_WORDID_GENKEY =				41,
	CSSM_WORDID_HASH =					42,
	CSSM_WORDID_HASHED_PASSWORD =		43,
	CSSM_WORDID_HASHED_SUBJECT =		44,
	CSSM_WORDID_HAVAL =					45,
	CSSM_WORDID_IBCHASH =				46,
	CSSM_WORDID_IMPORT_CLEAR =			47,
	CSSM_WORDID_IMPORT_WRAPPED =		48,
	CSSM_WORDID_INTEL =					49,
	CSSM_WORDID_ISSUER =				50,
	CSSM_WORDID_ISSUER_INFO =			51,
	CSSM_WORDID_K_OF_N =				52,
	CSSM_WORDID_KEA =					53,
	CSSM_WORDID_KEYHOLDER =				54,
	CSSM_WORDID_L =						55,
	CSSM_WORDID_LE =					56,
	CSSM_WORDID_LOGIN =					57,
	CSSM_WORDID_LOGIN_NAME =			58,
	CSSM_WORDID_MAC =					59,
	CSSM_WORDID_MD2 =					60,
	CSSM_WORDID_MD2WITHRSA =			61,
	CSSM_WORDID_MD4 =					62,
	CSSM_WORDID_MD5 =					63,
	CSSM_WORDID_MD5WITHRSA =			64,
	CSSM_WORDID_N =						65,
	CSSM_WORDID_NAME =					66,
	CSSM_WORDID_NDR =					67,
	CSSM_WORDID_NHASH =					68,
	CSSM_WORDID_NOT_AFTER =				69,
	CSSM_WORDID_NOT_BEFORE =			70,
	CSSM_WORDID_NULL =					71,
	CSSM_WORDID_NUMERIC =				72,
	CSSM_WORDID_OBJECT_HASH =			73,
	CSSM_WORDID_ONE_TIME =				74,
	CSSM_WORDID_ONLINE =				75,
	CSSM_WORDID_OWNER =					76,
	CSSM_WORDID_P =						77,
	CSSM_WORDID_PAM_NAME =				78,
	CSSM_WORDID_PASSWORD =				79,
	CSSM_WORDID_PGP =					80,
	CSSM_WORDID_PREFIX =				81,
	CSSM_WORDID_PRIVATE_KEY =			82,
	CSSM_WORDID_PROMPTED_BIOMETRIC =	83,
	CSSM_WORDID_PROMPTED_PASSWORD =		84,
	CSSM_WORDID_PROPAGATE =				85,
	CSSM_WORDID_PROTECTED_BIOMETRIC =	86,
	CSSM_WORDID_PROTECTED_PASSWORD =	87,
	CSSM_WORDID_PROTECTED_PIN =			88,
	CSSM_WORDID_PUBLIC_KEY =			89,
	CSSM_WORDID_PUBLIC_KEY_FROM_CERT =	90,
	CSSM_WORDID_Q =						91,
	CSSM_WORDID_RANGE =					92,
	CSSM_WORDID_REVAL =					93,
	CSSM_WORDID_RIPEMAC =				94,
	CSSM_WORDID_RIPEMD =				95,
	CSSM_WORDID_RIPEMD160 =				96,
	CSSM_WORDID_RSA =					97,
	CSSM_WORDID_RSA_ISO9796 =			98,
	CSSM_WORDID_RSA_PKCS =				99,
	CSSM_WORDID_RSA_PKCS_MD5 =			100,
	CSSM_WORDID_RSA_PKCS_SHA1 =			101,
	CSSM_WORDID_RSA_PKCS1 =				102,
	CSSM_WORDID_RSA_PKCS1_MD5 =			103,
	CSSM_WORDID_RSA_PKCS1_SHA1 =		104,
	CSSM_WORDID_RSA_PKCS1_SIG =			105,
	CSSM_WORDID_RSA_RAW =				106,
	CSSM_WORDID_SDSIV1 =				107,
	CSSM_WORDID_SEQUENCE =				108,
	CSSM_WORDID_SET =					109,
	CSSM_WORDID_SEXPR =					110,
	CSSM_WORDID_SHA1 =					111,
	CSSM_WORDID_SHA1WITHDSA =			112,
	CSSM_WORDID_SHA1WITHECDSA =			113,
	CSSM_WORDID_SHA1WITHRSA =			114,
	CSSM_WORDID_SIGN =					115,
	CSSM_WORDID_SIGNATURE =				116,
	CSSM_WORDID_SIGNED_NONCE =			117,
	CSSM_WORDID_SIGNED_SECRET =			118,
	CSSM_WORDID_SPKI =					119,
	CSSM_WORDID_SUBJECT =				120,
	CSSM_WORDID_SUBJECT_INFO =			121,
	CSSM_WORDID_TAG =					122,
	CSSM_WORDID_THRESHOLD =				123,
	CSSM_WORDID_TIME =					124,
	CSSM_WORDID_URI =					125,
	CSSM_WORDID_VERSION =				126,
	CSSM_WORDID_X509_ATTRIBUTE =		127,
	CSSM_WORDID_X509V1 =				128,
	CSSM_WORDID_X509V2 =				129,
	CSSM_WORDID_X509V3 =				130,
	CSSM_WORDID_X9_ATTRIBUTE =			131,
	CSSM_WORDID_VENDOR_START =			0x00010000,
	CSSM_WORDID_VENDOR_END =			0x7FFF0000
};

typedef uint32 CSSM_LIST_ELEMENT_TYPE, *CSSM_LIST_ELEMENT_TYPE_PTR;
enum {
	CSSM_LIST_ELEMENT_DATUM =			0x00,
	CSSM_LIST_ELEMENT_SUBLIST =			0x01,
	CSSM_LIST_ELEMENT_WORDID =			0x02
};

typedef uint32 CSSM_LIST_TYPE, *CSSM_LIST_TYPE_PTR;
enum {
	CSSM_LIST_TYPE_UNKNOWN =			0,
	CSSM_LIST_TYPE_CUSTOM =				1,
	CSSM_LIST_TYPE_SEXPR =				2
};

typedef struct cssm_list_element *CSSM_LIST_ELEMENT_PTR;

typedef struct cssm_list {
    CSSM_LIST_TYPE ListType;	/* type of this list */
    CSSM_LIST_ELEMENT_PTR Head;	/* head of the list */
    CSSM_LIST_ELEMENT_PTR Tail;	/* tail of the list */
} CSSM_LIST, *CSSM_LIST_PTR;

typedef struct cssm_list_element {
    struct cssm_list_element *NextElement;	/* next list element */
	CSSM_WORDID_TYPE WordID;	/* integer identifier associated */
								/* with a Word value */
    CSSM_LIST_ELEMENT_TYPE ElementType;
    union {
        CSSM_LIST Sublist;		/* sublist */
        CSSM_DATA Word;		/* a byte-string */
    } Element;
} CSSM_LIST_ELEMENT;

typedef struct {				/* 5-tuple definition */
	CSSM_LIST Issuer;			/* issuer, or empty if ACL */
	CSSM_LIST Subject;			/* subject */
	CSSM_BOOL Delegate;			/* permission to delegate */
	CSSM_LIST AuthorizationTag;	/* authorization field */
	CSSM_LIST ValidityPeriod;	/* validity information (dates) */
} CSSM_TUPLE, *CSSM_TUPLE_PTR;

typedef struct cssm_tuplegroup {
    uint32 NumberOfTuples;
    CSSM_TUPLE_PTR Tuples;
} CSSM_TUPLEGROUP, *CSSM_TUPLEGROUP_PTR;

typedef CSSM_WORDID_TYPE CSSM_SAMPLE_TYPE;
enum {
	CSSM_SAMPLE_TYPE_PASSWORD =				CSSM_WORDID_PASSWORD,
	CSSM_SAMPLE_TYPE_HASHED_PASSWORD =		CSSM_WORDID_HASHED_PASSWORD,
	CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD =	CSSM_WORDID_PROTECTED_PASSWORD,
	CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD =	CSSM_WORDID_PROMPTED_PASSWORD,
	CSSM_SAMPLE_TYPE_SIGNED_NONCE =			CSSM_WORDID_SIGNED_NONCE,
	CSSM_SAMPLE_TYPE_SIGNED_SECRET =		CSSM_WORDID_SIGNED_SECRET,
	CSSM_SAMPLE_TYPE_BIOMETRIC =			CSSM_WORDID_BIOMETRIC,
	CSSM_SAMPLE_TYPE_PROTECTED_BIOMETRIC =	CSSM_WORDID_PROTECTED_BIOMETRIC,
	CSSM_SAMPLE_TYPE_PROMPTED_BIOMETRIC =	CSSM_WORDID_PROMPTED_BIOMETRIC,
	CSSM_SAMPLE_TYPE_THRESHOLD =			CSSM_WORDID_THRESHOLD
};

typedef struct cssm_sample {
    CSSM_LIST TypedSample;
    const CSSM_SUBSERVICE_UID *Verifier;
} CSSM_SAMPLE, *CSSM_SAMPLE_PTR;

typedef struct cssm_samplegroup {
    uint32 NumberOfSamples;
    const CSSM_SAMPLE *Samples;
} CSSM_SAMPLEGROUP, *CSSM_SAMPLEGROUP_PTR;

typedef void *(CSSMAPI *CSSM_MALLOC)
    (uint32 size,
     void *allocref);

typedef void (CSSMAPI *CSSM_FREE)
    (void *memblock,
     void *allocref);

typedef void *(CSSMAPI *CSSM_REALLOC)
    (void *memblock,
     uint32 size,
     void *allocref);

typedef void *(CSSMAPI *CSSM_CALLOC)
    (uint32 num,
     uint32 size,
     void *allocref);

typedef struct cssm_memory_funcs {
    CSSM_MALLOC malloc_func;
    CSSM_FREE free_func;
    CSSM_REALLOC realloc_func;
    CSSM_CALLOC calloc_func;
    void *AllocRef;
} CSSM_MEMORY_FUNCS, *CSSM_MEMORY_FUNCS_PTR;

typedef CSSM_MEMORY_FUNCS CSSM_API_MEMORY_FUNCS;
typedef CSSM_API_MEMORY_FUNCS *CSSM_API_MEMORY_FUNCS_PTR;

typedef CSSM_RETURN (CSSMAPI * CSSM_CHALLENGE_CALLBACK)
    (const CSSM_LIST *Challenge,
     CSSM_SAMPLEGROUP_PTR Response,
     void *CallerCtx,
     const CSSM_MEMORY_FUNCS *MemFuncs);

typedef uint32 CSSM_CERT_TYPE, *CSSM_CERT_TYPE_PTR;
enum {
    CSSM_CERT_UNKNOWN =					0x00,
    CSSM_CERT_X_509v1 =					0x01,
    CSSM_CERT_X_509v2 =					0x02,
    CSSM_CERT_X_509v3 =					0x03,
    CSSM_CERT_PGP =						0x04,
    CSSM_CERT_SPKI =					0x05,
    CSSM_CERT_SDSIv1 =					0x06,
    CSSM_CERT_Intel =					0x08,
    CSSM_CERT_X_509_ATTRIBUTE =			0x09, /* X.509 attribute cert */
    CSSM_CERT_X9_ATTRIBUTE =			0x0A, /* X9 attribute cert */
    CSSM_CERT_TUPLE =					0x0B,
    CSSM_CERT_ACL_ENTRY =				0x0C,
    CSSM_CERT_MULTIPLE =				0x7FFE,
    CSSM_CERT_LAST =					0x7FFF,
	/* Applications wishing to define their own custom certificate
	   type should define and publicly document a uint32 value greater
	   than the CSSM_CL_CUSTOM_CERT_TYPE */
	CSSM_CL_CUSTOM_CERT_TYPE =			0x08000
};

typedef uint32 CSSM_CERT_ENCODING, *CSSM_CERT_ENCODING_PTR;
enum {
    CSSM_CERT_ENCODING_UNKNOWN =		0x00,
    CSSM_CERT_ENCODING_CUSTOM =			0x01,
    CSSM_CERT_ENCODING_BER =			0x02,
    CSSM_CERT_ENCODING_DER =			0x03,
    CSSM_CERT_ENCODING_NDR =			0x04,
    CSSM_CERT_ENCODING_SEXPR =			0x05,
    CSSM_CERT_ENCODING_PGP =			0x06,
    CSSM_CERT_ENCODING_MULTIPLE =		0x7FFE,
    CSSM_CERT_ENCODING_LAST =			0x7FFF,
	/* Applications wishing to define their own custom certificate
	   encoding should create a uint32 value greater than the
	   CSSM_CL_CUSTOM_CERT_ENCODING */
	CSSM_CL_CUSTOM_CERT_ENCODING =		0x8000
};

typedef struct cssm_encoded_cert {
    CSSM_CERT_TYPE CertType;			/* type of certificate */
    CSSM_CERT_ENCODING CertEncoding;	/* encoding for this packed cert */
    CSSM_DATA CertBlob;					/* packed cert */
} CSSM_ENCODED_CERT, *CSSM_ENCODED_CERT_PTR;

typedef uint32 CSSM_CERT_PARSE_FORMAT, *CSSM_CERT_PARSE_FORMAT_PTR;
enum {
	CSSM_CERT_PARSE_FORMAT_NONE =			0x00,
	CSSM_CERT_PARSE_FORMAT_CUSTOM =			0x01, /* void* */
	CSSM_CERT_PARSE_FORMAT_SEXPR =			0x02, /* CSSM_LIST */
	CSSM_CERT_PARSE_FORMAT_COMPLEX =		0x03, /* void* */
	CSSM_CERT_PARSE_FORMAT_OID_NAMED =		0x04, /* CSSM_FIELDGROUP */
	CSSM_CERT_PARSE_FORMAT_TUPLE =			0x05, /* CSSM_TUPLE */
	CSSM_CERT_PARSE_FORMAT_MULTIPLE =		0x7FFE,
/* multiple forms, each cert carries a
   parse format indicator */
	CSSM_CERT_PARSE_FORMAT_LAST =			0x7FFF,
/* Applications wishing to define their
   own custom parse format should create
   a * uint32 value greater than the
   CSSM_CL_CUSTOM_CERT_PARSE_FORMAT */
	CSSM_CL_CUSTOM_CERT_PARSE_FORMAT =		0x8000
};

typedef struct cssm_parsed_cert {
    CSSM_CERT_TYPE CertType; /* certificate type */
    CSSM_CERT_PARSE_FORMAT ParsedCertFormat;
    /* struct of ParsedCert */
    void *ParsedCert; /* parsed cert (to be typecast) */
} CSSM_PARSED_CERT, *CSSM_PARSED_CERT_PTR;

typedef struct cssm_cert_pair {
    CSSM_ENCODED_CERT EncodedCert; /* an encoded certificate blob */
    CSSM_PARSED_CERT ParsedCert; /* equivalent parsed certificate */
} CSSM_CERT_PAIR, *CSSM_CERT_PAIR_PTR;

typedef uint32 CSSM_CERTGROUP_TYPE, *CSSM_CERTGROUP_TYPE_PTR;
enum {
	CSSM_CERTGROUP_DATA =				0x00,
	CSSM_CERTGROUP_ENCODED_CERT =		0x01,
	CSSM_CERTGROUP_PARSED_CERT =		0x02,
	CSSM_CERTGROUP_CERT_PAIR =			0x03
};

typedef struct cssm_certgroup {
    CSSM_CERT_TYPE CertType;
    CSSM_CERT_ENCODING CertEncoding;
    uint32 NumCerts; /* # of certificates in this list */
    union {
        CSSM_DATA_PTR CertList; /* legacy list of single type certificate blobs */
        CSSM_ENCODED_CERT_PTR EncodedCertList;
        /* list of multi-type certificate blobs */
        CSSM_PARSED_CERT_PTR ParsedCertList;
        /* list of multi-type parsed certs */
        CSSM_CERT_PAIR_PTR PairCertList;
        /*list of single or multi-type certs with two representations: blob and parsed */
    } GroupList;
    CSSM_CERTGROUP_TYPE CertGroupType;
    /* type of structure in the GroupList */
    void *Reserved; /* reserved for implementation dependent use */
} CSSM_CERTGROUP, *CSSM_CERTGROUP_PTR;

typedef struct cssm_base_certs {
    CSSM_TP_HANDLE TPHandle;
    CSSM_CL_HANDLE CLHandle;
    CSSM_CERTGROUP Certs;
} CSSM_BASE_CERTS, *CSSM_BASE_CERTS_PTR;

typedef struct cssm_access_credentials {
    CSSM_STRING EntryTag;
    CSSM_BASE_CERTS BaseCerts;
    CSSM_SAMPLEGROUP Samples;
    CSSM_CHALLENGE_CALLBACK Callback;
    void *CallerCtx;
} CSSM_ACCESS_CREDENTIALS, *CSSM_ACCESS_CREDENTIALS_PTR;

typedef sint32 CSSM_ACL_SUBJECT_TYPE;
enum {
	CSSM_ACL_SUBJECT_TYPE_ANY =					CSSM_WORDID__STAR_,
	CSSM_ACL_SUBJECT_TYPE_THRESHOLD =			CSSM_WORDID_THRESHOLD,
	CSSM_ACL_SUBJECT_TYPE_PASSWORD =			CSSM_WORDID_PASSWORD,
	CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD =	CSSM_WORDID_PROTECTED_PASSWORD,
	CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD =	CSSM_WORDID_PROMPTED_PASSWORD,
	CSSM_ACL_SUBJECT_TYPE_PUBLIC_KEY =			CSSM_WORDID_PUBLIC_KEY,
	CSSM_ACL_SUBJECT_TYPE_HASHED_SUBJECT =		CSSM_WORDID_HASHED_SUBJECT,
	CSSM_ACL_SUBJECT_TYPE_BIOMETRIC =			CSSM_WORDID_BIOMETRIC,
	CSSM_ACL_SUBJECT_TYPE_PROTECTED_BIOMETRIC =	CSSM_WORDID_PROTECTED_BIOMETRIC,
	CSSM_ACL_SUBJECT_TYPE_PROMPTED_BIOMETRIC =	CSSM_WORDID_PROMPTED_BIOMETRIC,
	CSSM_ACL_SUBJECT_TYPE_LOGIN_NAME =			CSSM_WORDID_LOGIN_NAME,
	CSSM_ACL_SUBJECT_TYPE_EXT_PAM_NAME =		CSSM_WORDID_PAM_NAME
};

/* Authorization tag type */
typedef sint32 CSSM_ACL_AUTHORIZATION_TAG;
enum {
	/* All vendor specific constants must be in the number range
	   starting at CSSM_ACL_AUTHORIZATION_TAG_VENDOR_DEFINED_START */
	CSSM_ACL_AUTHORIZATION_TAG_VENDOR_DEFINED_START =	0x00010000,
	/* No restrictions. Permission to perform all operations on
	   the resource or available to an ACL owner.  */
	CSSM_ACL_AUTHORIZATION_ANY =						CSSM_WORDID__STAR_,
	/* Defined authorization tag values for CSPs */
	CSSM_ACL_AUTHORIZATION_LOGIN =						CSSM_WORDID_LOGIN,
	CSSM_ACL_AUTHORIZATION_GENKEY =						CSSM_WORDID_GENKEY,
	CSSM_ACL_AUTHORIZATION_DELETE =						CSSM_WORDID_DELETE,
	CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED =				CSSM_WORDID_EXPORT_WRAPPED,
	CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR =				CSSM_WORDID_EXPORT_CLEAR,
	CSSM_ACL_AUTHORIZATION_IMPORT_WRAPPED =				CSSM_WORDID_IMPORT_WRAPPED,
	CSSM_ACL_AUTHORIZATION_IMPORT_CLEAR =				CSSM_WORDID_IMPORT_CLEAR,
	CSSM_ACL_AUTHORIZATION_SIGN =						CSSM_WORDID_SIGN,
	CSSM_ACL_AUTHORIZATION_ENCRYPT =					CSSM_WORDID_ENCRYPT,
	CSSM_ACL_AUTHORIZATION_DECRYPT =					CSSM_WORDID_DECRYPT,
	CSSM_ACL_AUTHORIZATION_MAC =						CSSM_WORDID_MAC,
	CSSM_ACL_AUTHORIZATION_DERIVE =						CSSM_WORDID_DERIVE,
	/* Defined authorization tag values for DLs */
	CSSM_ACL_AUTHORIZATION_DBS_CREATE =					CSSM_WORDID_DBS_CREATE,
	CSSM_ACL_AUTHORIZATION_DBS_DELETE =					CSSM_WORDID_DBS_DELETE,
	CSSM_ACL_AUTHORIZATION_DB_READ =					CSSM_WORDID_DB_READ,
	CSSM_ACL_AUTHORIZATION_DB_INSERT =					CSSM_WORDID_DB_INSERT,
	CSSM_ACL_AUTHORIZATION_DB_MODIFY =					CSSM_WORDID_DB_MODIFY,
	CSSM_ACL_AUTHORIZATION_DB_DELETE =					CSSM_WORDID_DB_DELETE
};

typedef struct cssm_authorizationgroup {
    uint32 NumberOfAuthTags;
    CSSM_ACL_AUTHORIZATION_TAG *AuthTags;
} CSSM_AUTHORIZATIONGROUP, *CSSM_AUTHORIZATIONGROUP_PTR;

typedef struct cssm_acl_validity_period {
    CSSM_DATA StartDate;
    CSSM_DATA EndDate;
} CSSM_ACL_VALIDITY_PERIOD, *CSSM_ACL_VALIDITY_PERIOD_PTR;

typedef struct cssm_acl_entry_prototype {
    CSSM_LIST TypedSubject;
    CSSM_BOOL Delegate;
    CSSM_AUTHORIZATIONGROUP Authorization;
    CSSM_ACL_VALIDITY_PERIOD TimeRange;
    CSSM_STRING EntryTag;
} CSSM_ACL_ENTRY_PROTOTYPE, *CSSM_ACL_ENTRY_PROTOTYPE_PTR;

typedef struct cssm_acl_owner_prototype {
    CSSM_LIST TypedSubject;
    CSSM_BOOL Delegate;
} CSSM_ACL_OWNER_PROTOTYPE, *CSSM_ACL_OWNER_PROTOTYPE_PTR;

typedef CSSM_RETURN (CSSMAPI * CSSM_ACL_SUBJECT_CALLBACK)
    (const CSSM_LIST *SubjectRequest,
     CSSM_LIST_PTR SubjectResponse,
     void *CallerContext,
     const CSSM_MEMORY_FUNCS *MemFuncs);

typedef struct cssm_acl_entry_input {
    CSSM_ACL_ENTRY_PROTOTYPE Prototype;
    CSSM_ACL_SUBJECT_CALLBACK Callback;
    void *CallerContext;
} CSSM_ACL_ENTRY_INPUT, *CSSM_ACL_ENTRY_INPUT_PTR;

typedef struct cssm_resource_control_context {
    CSSM_ACCESS_CREDENTIALS_PTR AccessCred;
    CSSM_ACL_ENTRY_INPUT InitialAclEntry;
} CSSM_RESOURCE_CONTROL_CONTEXT, *CSSM_RESOURCE_CONTROL_CONTEXT_PTR;

typedef CSSM_HANDLE CSSM_ACL_HANDLE;

typedef struct cssm_acl_entry_info {
    CSSM_ACL_ENTRY_PROTOTYPE EntryPublicInfo;
    CSSM_ACL_HANDLE EntryHandle;
} CSSM_ACL_ENTRY_INFO, *CSSM_ACL_ENTRY_INFO_PTR;

typedef uint32 CSSM_ACL_EDIT_MODE;
enum {
	CSSM_ACL_EDIT_MODE_ADD =			1,
	CSSM_ACL_EDIT_MODE_DELETE =			2,
	CSSM_ACL_EDIT_MODE_REPLACE =		3
};

typedef struct cssm_acl_edit {
    CSSM_ACL_EDIT_MODE EditMode;
    CSSM_ACL_HANDLE OldEntryHandle;
    const CSSM_ACL_ENTRY_INPUT *NewEntry;
} CSSM_ACL_EDIT, *CSSM_ACL_EDIT_PTR;

#if defined(WIN32)
typedef FARPROC CSSM_PROC_ADDR;
#else
typedef void (CSSMAPI *CSSM_PROC_ADDR) ();
#endif
typedef CSSM_PROC_ADDR *CSSM_PROC_ADDR_PTR;

typedef struct cssm_func_name_addr {
    CSSM_STRING Name;
    CSSM_PROC_ADDR Address;
} CSSM_FUNC_NAME_ADDR, *CSSM_FUNC_NAME_ADDR_PTR;


/* Data Types for Cryptographic Services  */

typedef struct cssm_date {
    uint8 Year[4];
    uint8 Month[2];
    uint8 Day[2];
} CSSM_DATE, *CSSM_DATE_PTR;

typedef struct cssm_range {
    uint32 Min; /* inclusive minimum value */
    uint32 Max; /* inclusive maximum value */
} CSSM_RANGE, *CSSM_RANGE_PTR;

typedef struct cssm_query_size_data {
    uint32 SizeInputBlock; /* size of input data block */
    uint32 SizeOutputBlock; /* size of resulting output data block */
} CSSM_QUERY_SIZE_DATA, *CSSM_QUERY_SIZE_DATA_PTR;

typedef uint32 CSSM_HEADERVERSION;
enum {
	CSSM_KEYHEADER_VERSION =		2
};

typedef struct cssm_key_size {
    uint32 LogicalKeySizeInBits; /* Logical key size in bits */
    uint32 EffectiveKeySizeInBits; /* Effective key size in bits */
} CSSM_KEY_SIZE, *CSSM_KEY_SIZE_PTR;

typedef uint32 CSSM_KEYBLOB_TYPE;
enum {
	CSSM_KEYBLOB_RAW =				0, /* The blob is a clear, raw key */
	CSSM_KEYBLOB_REFERENCE =		2, /* The blob is a reference to a key */
	CSSM_KEYBLOB_WRAPPED =			3, /* The blob is a wrapped RAW key */
	CSSM_KEYBLOB_OTHER =			0xFFFFFFFF
};

typedef uint32 CSSM_KEYBLOB_FORMAT;
enum {
	/* Raw Format */
	CSSM_KEYBLOB_RAW_FORMAT_NONE =			0,
	/* No further conversion need to be done */
	CSSM_KEYBLOB_RAW_FORMAT_PKCS1 =			1, /* RSA PKCS1 V1.5 */
	CSSM_KEYBLOB_RAW_FORMAT_PKCS3 =			2, /* RSA PKCS3 V1.5 */
	CSSM_KEYBLOB_RAW_FORMAT_MSCAPI =		3, /* Microsoft CAPI V2.0 */
	CSSM_KEYBLOB_RAW_FORMAT_PGP =			4, /* PGP V */
	CSSM_KEYBLOB_RAW_FORMAT_FIPS186 =		5, /* US Gov. FIPS 186 - DSS V */
	CSSM_KEYBLOB_RAW_FORMAT_BSAFE =			6, /* RSA Bsafe V3.0 */
	CSSM_KEYBLOB_RAW_FORMAT_CCA =			9, /* CCA clear public key blob */
	CSSM_KEYBLOB_RAW_FORMAT_PKCS8 =			10, /* RSA PKCS8 V1.2 */
	CSSM_KEYBLOB_RAW_FORMAT_SPKI =			11, /* SPKI Specification */
	CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING =	12,
	CSSM_KEYBLOB_RAW_FORMAT_OTHER =			0xFFFFFFFF /* Other, CSP defined */
};
enum {
	/* Wrapped Format */
	CSSM_KEYBLOB_WRAPPED_FORMAT_NONE =		0,
	/* No further conversion need to be done */
	CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8 =		1, /* RSA PKCS8 V1.2 */
	CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7 =		2,
	CSSM_KEYBLOB_WRAPPED_FORMAT_MSCAPI =	3,
	CSSM_KEYBLOB_WRAPPED_FORMAT_OTHER =		0xFFFFFFFF /* Other, CSP defined */
};
enum {
	/* Reference Format */
	CSSM_KEYBLOB_REF_FORMAT_INTEGER =		0,	/* Reference is a number or handle */
	CSSM_KEYBLOB_REF_FORMAT_STRING =		1,	/* Reference is a string or label */
	CSSM_KEYBLOB_REF_FORMAT_SPKI =			2,	/* Reference is an SPKI S-expression */
												/* to be evaluated to locate the key */
	CSSM_KEYBLOB_REF_FORMAT_OTHER =			0xFFFFFFFF	/* Other, CSP defined */
};

typedef uint32 CSSM_KEYCLASS;
enum {
	CSSM_KEYCLASS_PUBLIC_KEY =		0, /* Key is public key */
	CSSM_KEYCLASS_PRIVATE_KEY =		1, /* Key is private key */
	CSSM_KEYCLASS_SESSION_KEY =		2, /* Key is session or symmetric key */
	CSSM_KEYCLASS_SECRET_PART =		3, /* Key is part of secret key */
	CSSM_KEYCLASS_OTHER =			0xFFFFFFFF /* Other */
};

typedef uint32 CSSM_KEYATTR_FLAGS;
enum {
	/* Valid only during call to an API. Will never be valid when set in a key header */
	CSSM_KEYATTR_RETURN_DEFAULT =		0x00000000,
	CSSM_KEYATTR_RETURN_DATA =			0x10000000,
	CSSM_KEYATTR_RETURN_REF =			0x20000000,
	CSSM_KEYATTR_RETURN_NONE =			0x40000000,
	/* Valid during an API call and in a key header */
	CSSM_KEYATTR_PERMANENT =			0x00000001,
	CSSM_KEYATTR_PRIVATE =				0x00000002,
	CSSM_KEYATTR_MODIFIABLE =			0x00000004,
	CSSM_KEYATTR_SENSITIVE =			0x00000008,
	CSSM_KEYATTR_EXTRACTABLE =			0x00000020,
	/* Valid only in a key header generated by a CSP, not valid during an API call */
	CSSM_KEYATTR_ALWAYS_SENSITIVE =		0x00000010,
	CSSM_KEYATTR_NEVER_EXTRACTABLE =	0x00000040
};

typedef uint32 CSSM_KEYUSE;
enum {
	CSSM_KEYUSE_ANY =					0x80000000,
	CSSM_KEYUSE_ENCRYPT =				0x00000001,
	CSSM_KEYUSE_DECRYPT =				0x00000002,
	CSSM_KEYUSE_SIGN =					0x00000004,
	CSSM_KEYUSE_VERIFY =				0x00000008,
	CSSM_KEYUSE_SIGN_RECOVER =			0x00000010,
	CSSM_KEYUSE_VERIFY_RECOVER =		0x00000020,
	CSSM_KEYUSE_WRAP =					0x00000040,
	CSSM_KEYUSE_UNWRAP =				0x00000080,
	CSSM_KEYUSE_DERIVE =				0x00000100
};

typedef uint32 CSSM_ALGORITHMS;
enum {
	CSSM_ALGID_NONE =					0,
	CSSM_ALGID_CUSTOM =					CSSM_ALGID_NONE + 1,
	CSSM_ALGID_DH =						CSSM_ALGID_NONE + 2,
	CSSM_ALGID_PH =						CSSM_ALGID_NONE + 3,
	CSSM_ALGID_KEA =					CSSM_ALGID_NONE + 4,
	CSSM_ALGID_MD2 =					CSSM_ALGID_NONE + 5,
	CSSM_ALGID_MD4 =					CSSM_ALGID_NONE + 6,
	CSSM_ALGID_MD5 =					CSSM_ALGID_NONE + 7,
	CSSM_ALGID_SHA1 =					CSSM_ALGID_NONE + 8,
	CSSM_ALGID_NHASH =					CSSM_ALGID_NONE + 9,
	CSSM_ALGID_HAVAL =					CSSM_ALGID_NONE + 10,
	CSSM_ALGID_RIPEMD =					CSSM_ALGID_NONE + 11,
	CSSM_ALGID_IBCHASH =				CSSM_ALGID_NONE + 12,
	CSSM_ALGID_RIPEMAC =				CSSM_ALGID_NONE + 13,
	CSSM_ALGID_DES =					CSSM_ALGID_NONE + 14,
	CSSM_ALGID_DESX =					CSSM_ALGID_NONE + 15,
	CSSM_ALGID_RDES =					CSSM_ALGID_NONE + 16,
	CSSM_ALGID_3DES_3KEY_EDE =			CSSM_ALGID_NONE + 17,
	CSSM_ALGID_3DES_2KEY_EDE =			CSSM_ALGID_NONE + 18,
	CSSM_ALGID_3DES_1KEY_EEE =			CSSM_ALGID_NONE + 19,
	CSSM_ALGID_3DES_3KEY =           	CSSM_ALGID_3DES_3KEY_EDE,
	CSSM_ALGID_3DES_3KEY_EEE =       	CSSM_ALGID_NONE + 20,
	CSSM_ALGID_3DES_2KEY =           	CSSM_ALGID_3DES_2KEY_EDE,
	CSSM_ALGID_3DES_2KEY_EEE =       	CSSM_ALGID_NONE + 21,
	CSSM_ALGID_3DES_1KEY =				CSSM_ALGID_3DES_3KEY_EEE,
	CSSM_ALGID_IDEA =					CSSM_ALGID_NONE + 22,
	CSSM_ALGID_RC2 =					CSSM_ALGID_NONE + 23,
	CSSM_ALGID_RC5 =					CSSM_ALGID_NONE + 24,
	CSSM_ALGID_RC4 =					CSSM_ALGID_NONE + 25,
	CSSM_ALGID_SEAL =					CSSM_ALGID_NONE + 26,
	CSSM_ALGID_CAST =					CSSM_ALGID_NONE + 27,
	CSSM_ALGID_BLOWFISH =				CSSM_ALGID_NONE + 28,
	CSSM_ALGID_SKIPJACK =				CSSM_ALGID_NONE + 29,
	CSSM_ALGID_LUCIFER =				CSSM_ALGID_NONE + 30,
	CSSM_ALGID_MADRYGA =				CSSM_ALGID_NONE + 31,
	CSSM_ALGID_FEAL =					CSSM_ALGID_NONE + 32,
	CSSM_ALGID_REDOC =					CSSM_ALGID_NONE + 33,
	CSSM_ALGID_REDOC3 =					CSSM_ALGID_NONE + 34,
	CSSM_ALGID_LOKI =					CSSM_ALGID_NONE + 35,
	CSSM_ALGID_KHUFU =					CSSM_ALGID_NONE + 36,
	CSSM_ALGID_KHAFRE =					CSSM_ALGID_NONE + 37,
	CSSM_ALGID_MMB =					CSSM_ALGID_NONE + 38,
	CSSM_ALGID_GOST =					CSSM_ALGID_NONE + 39,
	CSSM_ALGID_SAFER =					CSSM_ALGID_NONE + 40,
	CSSM_ALGID_CRAB =					CSSM_ALGID_NONE + 41,
	CSSM_ALGID_RSA =					CSSM_ALGID_NONE + 42,
	CSSM_ALGID_DSA =					CSSM_ALGID_NONE + 43,
	CSSM_ALGID_MD5WithRSA =				CSSM_ALGID_NONE + 44,
	CSSM_ALGID_MD2WithRSA =				CSSM_ALGID_NONE + 45,
	CSSM_ALGID_ElGamal =				CSSM_ALGID_NONE + 46,
	CSSM_ALGID_MD2Random =				CSSM_ALGID_NONE + 47,
	CSSM_ALGID_MD5Random =				CSSM_ALGID_NONE + 48,
	CSSM_ALGID_SHARandom =				CSSM_ALGID_NONE + 49,
	CSSM_ALGID_DESRandom =				CSSM_ALGID_NONE + 50,
	CSSM_ALGID_SHA1WithRSA =			CSSM_ALGID_NONE + 51,
	CSSM_ALGID_CDMF =					CSSM_ALGID_NONE + 52,
	CSSM_ALGID_CAST3 =					CSSM_ALGID_NONE + 53,
	CSSM_ALGID_CAST5 =					CSSM_ALGID_NONE + 54,
	CSSM_ALGID_GenericSecret =			CSSM_ALGID_NONE + 55,
	CSSM_ALGID_ConcatBaseAndKey =		CSSM_ALGID_NONE + 56,
	CSSM_ALGID_ConcatKeyAndBase =		CSSM_ALGID_NONE + 57,
	CSSM_ALGID_ConcatBaseAndData =		CSSM_ALGID_NONE + 58,
	CSSM_ALGID_ConcatDataAndBase =		CSSM_ALGID_NONE + 59,
	CSSM_ALGID_XORBaseAndData =			CSSM_ALGID_NONE + 60,
	CSSM_ALGID_ExtractFromKey =			CSSM_ALGID_NONE + 61,
	CSSM_ALGID_SSL3PreMasterGen =		CSSM_ALGID_NONE + 62,
	CSSM_ALGID_SSL3MasterDerive =		CSSM_ALGID_NONE + 63,
	CSSM_ALGID_SSL3KeyAndMacDerive =	CSSM_ALGID_NONE + 64,
	CSSM_ALGID_SSL3MD5_MAC =			CSSM_ALGID_NONE + 65,
	CSSM_ALGID_SSL3SHA1_MAC =			CSSM_ALGID_NONE + 66,
	CSSM_ALGID_PKCS5_PBKDF1_MD5 =		CSSM_ALGID_NONE + 67,
	CSSM_ALGID_PKCS5_PBKDF1_MD2 =		CSSM_ALGID_NONE + 68,
	CSSM_ALGID_PKCS5_PBKDF1_SHA1 =		CSSM_ALGID_NONE + 69,
	CSSM_ALGID_WrapLynks =				CSSM_ALGID_NONE + 70,
	CSSM_ALGID_WrapSET_OAEP =			CSSM_ALGID_NONE + 71,
	CSSM_ALGID_BATON =					CSSM_ALGID_NONE + 72,
	CSSM_ALGID_ECDSA =					CSSM_ALGID_NONE + 73,
	CSSM_ALGID_MAYFLY =					CSSM_ALGID_NONE + 74,
	CSSM_ALGID_JUNIPER =				CSSM_ALGID_NONE + 75,
	CSSM_ALGID_FASTHASH =				CSSM_ALGID_NONE + 76,
	CSSM_ALGID_3DES =					CSSM_ALGID_NONE + 77,
	CSSM_ALGID_SSL3MD5 =				CSSM_ALGID_NONE + 78,
	CSSM_ALGID_SSL3SHA1 =				CSSM_ALGID_NONE + 79,
	CSSM_ALGID_FortezzaTimestamp =		CSSM_ALGID_NONE + 80,
	CSSM_ALGID_SHA1WithDSA =			CSSM_ALGID_NONE + 81,
	CSSM_ALGID_SHA1WithECDSA =			CSSM_ALGID_NONE + 82,
	CSSM_ALGID_DSA_BSAFE =				CSSM_ALGID_NONE + 83,
	CSSM_ALGID_ECDH =					CSSM_ALGID_NONE + 84,
	CSSM_ALGID_ECMQV =					CSSM_ALGID_NONE + 85,
	CSSM_ALGID_PKCS12_SHA1_PBE =		CSSM_ALGID_NONE + 86,
	CSSM_ALGID_ECNRA =					CSSM_ALGID_NONE + 87,
	CSSM_ALGID_SHA1WithECNRA =			CSSM_ALGID_NONE + 88,
	CSSM_ALGID_ECES =					CSSM_ALGID_NONE + 89,
	CSSM_ALGID_ECAES =					CSSM_ALGID_NONE + 90,
	CSSM_ALGID_SHA1HMAC =				CSSM_ALGID_NONE + 91,
	CSSM_ALGID_FIPS186Random =			CSSM_ALGID_NONE + 92,
	CSSM_ALGID_ECC =					CSSM_ALGID_NONE + 93,
	CSSM_ALGID_MQV =					CSSM_ALGID_NONE + 94,
	CSSM_ALGID_NRA =					CSSM_ALGID_NONE + 95,
	CSSM_ALGID_IntelPlatformRandom =	CSSM_ALGID_NONE + 96,
	CSSM_ALGID_UTC =					CSSM_ALGID_NONE + 97,
	CSSM_ALGID_HAVAL3 =					CSSM_ALGID_NONE + 98,
	CSSM_ALGID_HAVAL4 =					CSSM_ALGID_NONE + 99,
	CSSM_ALGID_HAVAL5 =					CSSM_ALGID_NONE + 100,
	CSSM_ALGID_TIGER =					CSSM_ALGID_NONE + 101,
	CSSM_ALGID_MD5HMAC =				CSSM_ALGID_NONE + 102,
	CSSM_ALGID_PKCS5_PBKDF2 = 			CSSM_ALGID_NONE + 103,
	CSSM_ALGID_RUNNING_COUNTER =		CSSM_ALGID_NONE + 104,
	CSSM_ALGID_LAST =					CSSM_ALGID_NONE + 0x7FFFFFFF,
/* All algorithms IDs that are vendor specific, and not
   part of the CSSM specification should be defined relative
   to CSSM_ALGID_VENDOR_DEFINED. */
	CSSM_ALGID_VENDOR_DEFINED =			CSSM_ALGID_NONE + 0x80000000
};

typedef uint32 CSSM_ENCRYPT_MODE;
enum {
	CSSM_ALGMODE_NONE =					0,
	CSSM_ALGMODE_CUSTOM =				CSSM_ALGMODE_NONE + 1,
	CSSM_ALGMODE_ECB =					CSSM_ALGMODE_NONE + 2,
	CSSM_ALGMODE_ECBPad =				CSSM_ALGMODE_NONE + 3,
	CSSM_ALGMODE_CBC =					CSSM_ALGMODE_NONE + 4,
	CSSM_ALGMODE_CBC_IV8 =				CSSM_ALGMODE_NONE + 5,
	CSSM_ALGMODE_CBCPadIV8 =			CSSM_ALGMODE_NONE + 6,
	CSSM_ALGMODE_CFB =					CSSM_ALGMODE_NONE + 7,
	CSSM_ALGMODE_CFB_IV8 =				CSSM_ALGMODE_NONE + 8,
	CSSM_ALGMODE_CFBPadIV8 =			CSSM_ALGMODE_NONE + 9,
	CSSM_ALGMODE_OFB =					CSSM_ALGMODE_NONE + 10,
	CSSM_ALGMODE_OFB_IV8 =				CSSM_ALGMODE_NONE + 11,
	CSSM_ALGMODE_OFBPadIV8 =			CSSM_ALGMODE_NONE + 12,
	CSSM_ALGMODE_COUNTER =				CSSM_ALGMODE_NONE + 13,
	CSSM_ALGMODE_BC =					CSSM_ALGMODE_NONE + 14,
	CSSM_ALGMODE_PCBC =					CSSM_ALGMODE_NONE + 15,
	CSSM_ALGMODE_CBCC =					CSSM_ALGMODE_NONE + 16,
	CSSM_ALGMODE_OFBNLF =				CSSM_ALGMODE_NONE + 17,
	CSSM_ALGMODE_PBC =					CSSM_ALGMODE_NONE + 18,
	CSSM_ALGMODE_PFB =					CSSM_ALGMODE_NONE + 19,
	CSSM_ALGMODE_CBCPD =				CSSM_ALGMODE_NONE + 20,
	CSSM_ALGMODE_PUBLIC_KEY =			CSSM_ALGMODE_NONE + 21,
	CSSM_ALGMODE_PRIVATE_KEY =			CSSM_ALGMODE_NONE + 22,
	CSSM_ALGMODE_SHUFFLE =				CSSM_ALGMODE_NONE + 23,
	CSSM_ALGMODE_ECB64 =				CSSM_ALGMODE_NONE + 24,
	CSSM_ALGMODE_CBC64 =				CSSM_ALGMODE_NONE + 25,
	CSSM_ALGMODE_OFB64 =				CSSM_ALGMODE_NONE + 26,
	CSSM_ALGMODE_CFB32 =				CSSM_ALGMODE_NONE + 28,
	CSSM_ALGMODE_CFB16 =				CSSM_ALGMODE_NONE + 29,
	CSSM_ALGMODE_CFB8 =					CSSM_ALGMODE_NONE + 30,
	CSSM_ALGMODE_WRAP =					CSSM_ALGMODE_NONE + 31,
	CSSM_ALGMODE_PRIVATE_WRAP =			CSSM_ALGMODE_NONE + 32,
	CSSM_ALGMODE_RELAYX =				CSSM_ALGMODE_NONE + 33,
	CSSM_ALGMODE_ECB128 =				CSSM_ALGMODE_NONE + 34,
	CSSM_ALGMODE_ECB96 =				CSSM_ALGMODE_NONE + 35,
	CSSM_ALGMODE_CBC128 =				CSSM_ALGMODE_NONE + 36,
	CSSM_ALGMODE_OAEP_HASH =			CSSM_ALGMODE_NONE + 37,
	CSSM_ALGMODE_PKCS1_EME_V15 =  		CSSM_ALGMODE_NONE + 38,
	CSSM_ALGMODE_PKCS1_EME_OAEP = 		CSSM_ALGMODE_NONE + 39,
	CSSM_ALGMODE_PKCS1_EMSA_V15 = 		CSSM_ALGMODE_NONE + 40,
	CSSM_ALGMODE_ISO_9796 =       		CSSM_ALGMODE_NONE + 41,
	CSSM_ALGMODE_X9_31 =           		CSSM_ALGMODE_NONE + 42,
	CSSM_ALGMODE_LAST =            		CSSM_ALGMODE_NONE + 0x7FFFFFFF,
/* All algorithms modes that are vendor specific, and
   not part of the CSSM specification should be defined
   relative to CSSM_ALGMODE_VENDOR_DEFINED. */
	CSSM_ALGMODE_VENDOR_DEFINED =		CSSM_ALGMODE_NONE + 0x80000000
};

typedef struct cssm_keyheader {
    CSSM_HEADERVERSION HeaderVersion; /* Key header version */
    CSSM_GUID CspId; /* GUID of CSP generating the key */
    CSSM_KEYBLOB_TYPE BlobType; /* See BlobType enum */
    CSSM_KEYBLOB_FORMAT Format; /* Raw or Reference format */
    CSSM_ALGORITHMS AlgorithmId; /* Algorithm ID of key */
    CSSM_KEYCLASS KeyClass; /* Public/Private/Secret, etc. */
    uint32 LogicalKeySizeInBits; /* Logical key size in bits */
    CSSM_KEYATTR_FLAGS KeyAttr; /* Attribute flags */
    CSSM_KEYUSE KeyUsage; /* Key use flags */
    CSSM_DATE StartDate; /* Effective date of key */
    CSSM_DATE EndDate; /* Expiration date of key */
    CSSM_ALGORITHMS WrapAlgorithmId; /* == CSSM_ALGID_NONE if clear key */
    CSSM_ENCRYPT_MODE WrapMode; /* if alg supports multiple wrapping modes */
    uint32 Reserved;
} CSSM_KEYHEADER, *CSSM_KEYHEADER_PTR;

typedef struct cssm_key {
    CSSM_KEYHEADER KeyHeader; /* Fixed length key header */
    CSSM_DATA KeyData; /* Variable length key data */
} CSSM_KEY, *CSSM_KEY_PTR;

typedef CSSM_KEY CSSM_WRAP_KEY, *CSSM_WRAP_KEY_PTR;

typedef uint32 CSSM_CSPTYPE;
enum {
    CSSM_CSP_SOFTWARE =					1,
    CSSM_CSP_HARDWARE =					CSSM_CSP_SOFTWARE + 1,
    CSSM_CSP_HYBRID =					CSSM_CSP_SOFTWARE + 2
};

/* From DL. */
typedef struct cssm_dl_db_handle {
    CSSM_DL_HANDLE DLHandle;
    CSSM_DB_HANDLE DBHandle;
} CSSM_DL_DB_HANDLE, *CSSM_DL_DB_HANDLE_PTR;

typedef uint32 CSSM_CONTEXT_TYPE;
enum {
	CSSM_ALGCLASS_NONE =				0,
	CSSM_ALGCLASS_CUSTOM =				CSSM_ALGCLASS_NONE + 1,
	CSSM_ALGCLASS_SIGNATURE =			CSSM_ALGCLASS_NONE + 2,
	CSSM_ALGCLASS_SYMMETRIC =			CSSM_ALGCLASS_NONE + 3,
	CSSM_ALGCLASS_DIGEST =				CSSM_ALGCLASS_NONE + 4,
	CSSM_ALGCLASS_RANDOMGEN =			CSSM_ALGCLASS_NONE + 5,
	CSSM_ALGCLASS_UNIQUEGEN =			CSSM_ALGCLASS_NONE + 6,
	CSSM_ALGCLASS_MAC =					CSSM_ALGCLASS_NONE + 7,
	CSSM_ALGCLASS_ASYMMETRIC =			CSSM_ALGCLASS_NONE + 8,
	CSSM_ALGCLASS_KEYGEN =				CSSM_ALGCLASS_NONE + 9,
	CSSM_ALGCLASS_DERIVEKEY =			CSSM_ALGCLASS_NONE + 10
};

/* Attribute data type tags */
enum {
	CSSM_ATTRIBUTE_DATA_NONE =					0x00000000,
	CSSM_ATTRIBUTE_DATA_UINT32 =				0x10000000,
	CSSM_ATTRIBUTE_DATA_CSSM_DATA =				0x20000000,
	CSSM_ATTRIBUTE_DATA_CRYPTO_DATA =			0x30000000,
	CSSM_ATTRIBUTE_DATA_KEY =					0x40000000,
	CSSM_ATTRIBUTE_DATA_STRING =				0x50000000,
	CSSM_ATTRIBUTE_DATA_DATE =					0x60000000,
	CSSM_ATTRIBUTE_DATA_RANGE =					0x70000000,
	CSSM_ATTRIBUTE_DATA_ACCESS_CREDENTIALS =	0x80000000,
	CSSM_ATTRIBUTE_DATA_VERSION =				0x01000000,
	CSSM_ATTRIBUTE_DATA_DL_DB_HANDLE =			0x02000000,
	CSSM_ATTRIBUTE_DATA_KR_PROFILE =			0x03000000,
	CSSM_ATTRIBUTE_TYPE_MASK =					0xFF000000
};

typedef uint32 CSSM_ATTRIBUTE_TYPE;
enum {
    CSSM_ATTRIBUTE_NONE =				0,
    CSSM_ATTRIBUTE_CUSTOM =				CSSM_ATTRIBUTE_DATA_CSSM_DATA			| 1,
    CSSM_ATTRIBUTE_DESCRIPTION =		CSSM_ATTRIBUTE_DATA_STRING				| 2,
    CSSM_ATTRIBUTE_KEY =				CSSM_ATTRIBUTE_DATA_KEY					| 3,
    CSSM_ATTRIBUTE_INIT_VECTOR =		CSSM_ATTRIBUTE_DATA_CSSM_DATA			| 4,
    CSSM_ATTRIBUTE_SALT =				CSSM_ATTRIBUTE_DATA_CSSM_DATA			| 5,
    CSSM_ATTRIBUTE_PADDING =			CSSM_ATTRIBUTE_DATA_UINT32				| 6,
    CSSM_ATTRIBUTE_RANDOM =				CSSM_ATTRIBUTE_DATA_CSSM_DATA			| 7,
    CSSM_ATTRIBUTE_SEED =				CSSM_ATTRIBUTE_DATA_CRYPTO_DATA			| 8,
    CSSM_ATTRIBUTE_PASSPHRASE =			CSSM_ATTRIBUTE_DATA_CRYPTO_DATA			| 9,
    CSSM_ATTRIBUTE_KEY_LENGTH =			CSSM_ATTRIBUTE_DATA_UINT32				| 10,
    CSSM_ATTRIBUTE_KEY_LENGTH_RANGE =	CSSM_ATTRIBUTE_DATA_RANGE				| 11,
    CSSM_ATTRIBUTE_BLOCK_SIZE =			CSSM_ATTRIBUTE_DATA_UINT32				| 12,
    CSSM_ATTRIBUTE_OUTPUT_SIZE =		CSSM_ATTRIBUTE_DATA_UINT32				| 13,
    CSSM_ATTRIBUTE_ROUNDS =				CSSM_ATTRIBUTE_DATA_UINT32				| 14,
    CSSM_ATTRIBUTE_IV_SIZE =			CSSM_ATTRIBUTE_DATA_UINT32				| 15,
    CSSM_ATTRIBUTE_ALG_PARAMS =			CSSM_ATTRIBUTE_DATA_CSSM_DATA			| 16,
    CSSM_ATTRIBUTE_LABEL =				CSSM_ATTRIBUTE_DATA_CSSM_DATA			| 17,
    CSSM_ATTRIBUTE_KEY_TYPE =			CSSM_ATTRIBUTE_DATA_UINT32				| 18,
    CSSM_ATTRIBUTE_MODE =				CSSM_ATTRIBUTE_DATA_UINT32				| 19,
    CSSM_ATTRIBUTE_EFFECTIVE_BITS =		CSSM_ATTRIBUTE_DATA_UINT32				| 20,
    CSSM_ATTRIBUTE_START_DATE =			CSSM_ATTRIBUTE_DATA_DATE				| 21,
    CSSM_ATTRIBUTE_END_DATE =			CSSM_ATTRIBUTE_DATA_DATE				| 22,
    CSSM_ATTRIBUTE_KEYUSAGE =			CSSM_ATTRIBUTE_DATA_UINT32				| 23,
    CSSM_ATTRIBUTE_KEYATTR =			CSSM_ATTRIBUTE_DATA_UINT32				| 24,
    CSSM_ATTRIBUTE_VERSION =			CSSM_ATTRIBUTE_DATA_VERSION				| 25,
    CSSM_ATTRIBUTE_PRIME =				CSSM_ATTRIBUTE_DATA_CSSM_DATA			| 26,
    CSSM_ATTRIBUTE_BASE =				CSSM_ATTRIBUTE_DATA_CSSM_DATA			| 27,
    CSSM_ATTRIBUTE_SUBPRIME =			CSSM_ATTRIBUTE_DATA_CSSM_DATA			| 28,
    CSSM_ATTRIBUTE_ALG_ID =				CSSM_ATTRIBUTE_DATA_UINT32				| 29,
    CSSM_ATTRIBUTE_ITERATION_COUNT =	CSSM_ATTRIBUTE_DATA_UINT32				| 30,
    CSSM_ATTRIBUTE_ROUNDS_RANGE =		CSSM_ATTRIBUTE_DATA_RANGE				| 31,
	CSSM_ATTRIBUTE_KRPROFILE_LOCAL  =	CSSM_ATTRIBUTE_DATA_KR_PROFILE			| 32,
	CSSM_ATTRIBUTE_KRPROFILE_REMOTE =	CSSM_ATTRIBUTE_DATA_KR_PROFILE			| 33,
    CSSM_ATTRIBUTE_CSP_HANDLE =			CSSM_ATTRIBUTE_DATA_UINT32				| 34,
    CSSM_ATTRIBUTE_DL_DB_HANDLE =		CSSM_ATTRIBUTE_DATA_DL_DB_HANDLE		| 35,
    CSSM_ATTRIBUTE_ACCESS_CREDENTIALS =	CSSM_ATTRIBUTE_DATA_ACCESS_CREDENTIALS	| 36,
    CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT =	CSSM_ATTRIBUTE_DATA_UINT32				| 37,
    CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT =	CSSM_ATTRIBUTE_DATA_UINT32				| 38,
    CSSM_ATTRIBUTE_SYMMETRIC_KEY_FORMAT=CSSM_ATTRIBUTE_DATA_UINT32				| 39,
    CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT =	CSSM_ATTRIBUTE_DATA_UINT32				| 40
};

typedef uint32 CSSM_PADDING;
enum {
	CSSM_PADDING_NONE =					0,
	CSSM_PADDING_CUSTOM =				CSSM_PADDING_NONE + 1,
	CSSM_PADDING_ZERO =					CSSM_PADDING_NONE + 2,
	CSSM_PADDING_ONE =					CSSM_PADDING_NONE + 3,
	CSSM_PADDING_ALTERNATE =			CSSM_PADDING_NONE + 4,
	CSSM_PADDING_FF =					CSSM_PADDING_NONE + 5,
	CSSM_PADDING_PKCS5 =				CSSM_PADDING_NONE + 6,
	CSSM_PADDING_PKCS7 =				CSSM_PADDING_NONE + 7,
	CSSM_PADDING_CIPHERSTEALING =		CSSM_PADDING_NONE + 8,
	CSSM_PADDING_RANDOM =				CSSM_PADDING_NONE + 9,
	CSSM_PADDING_PKCS1 =				CSSM_PADDING_NONE + 10,
/* All padding types that are vendor specific, and not
   part of the CSSM specification should be defined
   relative to CSSM_PADDING_VENDOR_DEFINED. */
	CSSM_PADDING_VENDOR_DEFINED =		CSSM_PADDING_NONE + 0x80000000
};

typedef CSSM_ALGORITHMS CSSM_KEY_TYPE;

typedef struct cssm_context_attribute {
    CSSM_ATTRIBUTE_TYPE AttributeType;
    uint32 AttributeLength;
    union cssm_context_attribute_value {
        char *String;
        uint32 Uint32;
        CSSM_ACCESS_CREDENTIALS_PTR AccessCredentials;
        CSSM_KEY_PTR Key;
        CSSM_DATA_PTR Data;
        CSSM_PADDING Padding;
        CSSM_DATE_PTR Date;
        CSSM_RANGE_PTR Range;
        CSSM_CRYPTO_DATA_PTR CryptoData;
        CSSM_VERSION_PTR Version;
        CSSM_DL_DB_HANDLE_PTR DLDbHandle;
        struct cssm_kr_profile *KRProfile;
    } Attribute;
} CSSM_CONTEXT_ATTRIBUTE, *CSSM_CONTEXT_ATTRIBUTE_PTR;

typedef struct cssm_context {
    CSSM_CONTEXT_TYPE ContextType;
    CSSM_ALGORITHMS AlgorithmType;
    uint32 NumberOfAttributes;
    CSSM_CONTEXT_ATTRIBUTE_PTR ContextAttributes;
    CSSM_CSP_HANDLE CSPHandle;
	CSSM_BOOL Privileged;
	uint32 /*CSSM_KR_POLICY_FLAGS*/ EncryptionProhibited;
	uint32 WorkFactor;
	uint32 Reserved;	/* reserved for future use */
} CSSM_CONTEXT, *CSSM_CONTEXT_PTR;

typedef uint32 CSSM_SC_FLAGS;
enum {
	CSSM_CSP_TOK_RNG =				0x00000001,
	CSSM_CSP_TOK_CLOCK_EXISTS =		0x00000040
};

typedef uint32 CSSM_CSP_READER_FLAGS;
enum {
	CSSM_CSP_RDR_TOKENPRESENT =			0x00000001,
	/* Token is present in reader/slot */
	CSSM_CSP_RDR_EXISTS =				0x00000002,
	/* Device is a reader with a
	   removable token */
	CSSM_CSP_RDR_HW =					0x00000004
	/* Slot is a hardware slot */
};

typedef uint32 CSSM_CSP_FLAGS;
enum {
	CSSM_CSP_TOK_WRITE_PROTECTED =			0x00000002,
	CSSM_CSP_TOK_LOGIN_REQUIRED =			0x00000004,
	CSSM_CSP_TOK_USER_PIN_INITIALIZED =		0x00000008,
	CSSM_CSP_TOK_PROT_AUTHENTICATION =		0x00000100,
	CSSM_CSP_TOK_USER_PIN_EXPIRED =			0x00100000,
	CSSM_CSP_TOK_SESSION_KEY_PASSWORD =		0x00200000,
	CSSM_CSP_TOK_PRIVATE_KEY_PASSWORD =		0x00400000,
	CSSM_CSP_STORES_PRIVATE_KEYS =			0x01000000,
	CSSM_CSP_STORES_PUBLIC_KEYS =			0x02000000,
	CSSM_CSP_STORES_SESSION_KEYS =			0x04000000,
	CSSM_CSP_STORES_CERTIFICATES =			0x08000000,
	CSSM_CSP_STORES_GENERIC =				0x10000000
};

typedef uint32 CSSM_PKCS_OAEP_MGF;
enum {
	CSSM_PKCS_OAEP_MGF_NONE =				0,
	CSSM_PKCS_OAEP_MGF1_SHA1 =				CSSM_PKCS_OAEP_MGF_NONE + 1,
	CSSM_PKCS_OAEP_MGF1_MD5 =				CSSM_PKCS_OAEP_MGF_NONE + 2
};

typedef uint32 CSSM_PKCS_OAEP_PSOURCE;
enum {
	CSSM_PKCS_OAEP_PSOURCE_NONE =			0,
	CSSM_PKCS_OAEP_PSOURCE_Pspecified =		CSSM_PKCS_OAEP_PSOURCE_NONE + 1
};

typedef struct cssm_pkcs1_oaep_params {
    uint32 HashAlgorithm;
    CSSM_DATA HashParams;
    CSSM_PKCS_OAEP_MGF MGF;
    CSSM_DATA MGFParams;
    CSSM_PKCS_OAEP_PSOURCE PSource;
    CSSM_DATA PSourceParams;
} CSSM_PKCS1_OAEP_PARAMS, *CSSM_PKCS1_OAEP_PARAMS_PTR;

typedef struct cssm_csp_operational_statistics {
    CSSM_BOOL UserAuthenticated;
    /* CSSM_TRUE if the user is logged in to the token, CSSM_FALSE otherwise. */
    CSSM_CSP_FLAGS DeviceFlags;
    uint32 TokenMaxSessionCount; /* Exported by Cryptoki modules. */
    uint32 TokenOpenedSessionCount;
    uint32 TokenMaxRWSessionCount;
    uint32 TokenOpenedRWSessionCount;
    uint32 TokenTotalPublicMem; /* Storage space statistics. */
    uint32 TokenFreePublicMem;
    uint32 TokenTotalPrivateMem;
    uint32 TokenFreePrivateMem;
} CSSM_CSP_OPERATIONAL_STATISTICS, *CSSM_CSP_OPERATIONAL_STATISTICS_PTR;

/* Indicates that the statistical value can not be revealed or is not
   relevant for a CSP */
enum {
	CSSM_VALUE_NOT_AVAILABLE =		(uint32)(~0)
};

typedef struct cssm_pkcs5_pbkdf1_params {
    CSSM_DATA Passphrase;
    CSSM_DATA InitVector;
} CSSM_PKCS5_PBKDF1_PARAMS, *CSSM_PKCS5_PBKDF1_PARAMS_PTR;

typedef uint32 CSSM_PKCS5_PBKDF2_PRF;
enum {
	CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1 =	0
};

typedef struct cssm_pkcs5_pbkdf2_params {
	CSSM_DATA Passphrase;
	CSSM_PKCS5_PBKDF2_PRF PseudoRandomFunction;
} CSSM_PKCS5_PBKDF2_PARAMS, *CSSM_PKCS5_PBKDF2_PARAMS_PTR;

typedef struct cssm_kea_derive_params {
    CSSM_DATA Rb;
    CSSM_DATA Yb;
} CSSM_KEA_DERIVE_PARAMS, *CSSM_KEA_DERIVE_PARAMS_PTR;


/* Data Types for Trust Policy Services  */

typedef struct cssm_tp_authority_id {
    CSSM_DATA *AuthorityCert;
    CSSM_NET_ADDRESS_PTR AuthorityLocation;
} CSSM_TP_AUTHORITY_ID, *CSSM_TP_AUTHORITY_ID_PTR;

typedef uint32 CSSM_TP_AUTHORITY_REQUEST_TYPE, *CSSM_TP_AUTHORITY_REQUEST_TYPE_PTR;
enum {
	CSSM_TP_AUTHORITY_REQUEST_CERTISSUE =		0x01,
	CSSM_TP_AUTHORITY_REQUEST_CERTREVOKE =		0x02,
	CSSM_TP_AUTHORITY_REQUEST_CERTSUSPEND =		0x03,
	CSSM_TP_AUTHORITY_REQUEST_CERTRESUME =		0x04,
	CSSM_TP_AUTHORITY_REQUEST_CERTVERIFY =		0x05,
	CSSM_TP_AUTHORITY_REQUEST_CERTNOTARIZE =	0x06,
	CSSM_TP_AUTHORITY_REQUEST_CERTUSERECOVER =	0x07,
	CSSM_TP_AUTHORITY_REQUEST_CRLISSUE =		0x100
};

typedef CSSM_RETURN (CSSMAPI * CSSM_TP_VERIFICATION_RESULTS_CALLBACK)
	(CSSM_MODULE_HANDLE ModuleHandle,
	 void *CallerCtx,
	 CSSM_DATA_PTR VerifiedCert);

/* From CL */
typedef CSSM_DATA CSSM_OID, *CSSM_OID_PTR;

typedef struct cssm_field {
    CSSM_OID FieldOid;
    CSSM_DATA FieldValue;
} CSSM_FIELD, *CSSM_FIELD_PTR;

/* TP Again. */
typedef struct cssm_tp_policyinfo {
    uint32 NumberOfPolicyIds;
    CSSM_FIELD_PTR PolicyIds;
    void *PolicyControl;
} CSSM_TP_POLICYINFO, *CSSM_TP_POLICYINFO_PTR;

typedef uint32 CSSM_TP_SERVICES;
enum {
	/* bit masks for additional Authority services available through TP */
	CSSM_TP_KEY_ARCHIVE =				0x0001, /* archive cert & keys */
	CSSM_TP_CERT_PUBLISH =				0x0002, /* register cert in directory */
	CSSM_TP_CERT_NOTIFY_RENEW =			0x0004, /* notify at renewal time */
	CSSM_TP_CERT_DIR_UPDATE =			0x0008, /* update cert registry entry */
	CSSM_TP_CRL_DISTRIBUTE =			0x0010 /* push CRL to everyone */
};

typedef uint32 CSSM_TP_ACTION;
enum {
	CSSM_TP_ACTION_DEFAULT =			0
};

typedef uint32 CSSM_TP_STOP_ON;
enum {
    CSSM_TP_STOP_ON_POLICY =			0, /* use the pre-defined stopping criteria */
    CSSM_TP_STOP_ON_NONE =				1, /* evaluate all condition whether TRUE or FALSE */
    CSSM_TP_STOP_ON_FIRST_PASS =		2, /* stop evaluation at first TRUE */
    CSSM_TP_STOP_ON_FIRST_FAIL =		3 /* stop evaluation at first FALSE */
};

typedef char *CSSM_TIMESTRING;

/* From DL. */
typedef struct cssm_dl_db_list {
    uint32 NumHandles;
    CSSM_DL_DB_HANDLE_PTR DLDBHandle;
} CSSM_DL_DB_LIST, *CSSM_DL_DB_LIST_PTR;

/* TP Again. */
typedef struct cssm_tp_callerauth_context {
    CSSM_TP_POLICYINFO Policy;
    CSSM_TIMESTRING VerifyTime;
    CSSM_TP_STOP_ON VerificationAbortOn;
    CSSM_TP_VERIFICATION_RESULTS_CALLBACK CallbackWithVerifiedCert;
    uint32 NumberOfAnchorCerts;
    CSSM_DATA_PTR AnchorCerts;
    CSSM_DL_DB_LIST_PTR DBList;
    CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials;
} CSSM_TP_CALLERAUTH_CONTEXT, *CSSM_TP_CALLERAUTH_CONTEXT_PTR;

typedef uint32 CSSM_CRL_PARSE_FORMAT, * CSSM_CRL_PARSE_FORMAT_PTR;
enum {
	CSSM_CRL_PARSE_FORMAT_NONE =		0x00,
	CSSM_CRL_PARSE_FORMAT_CUSTOM =		0x01,
	CSSM_CRL_PARSE_FORMAT_SEXPR =		0x02,
	CSSM_CRL_PARSE_FORMAT_COMPLEX =		0x03,
	CSSM_CRL_PARSE_FORMAT_OID_NAMED =	0x04,
	CSSM_CRL_PARSE_FORMAT_TUPLE =		0x05,
	CSSM_CRL_PARSE_FORMAT_MULTIPLE =	0x7FFE,
	CSSM_CRL_PARSE_FORMAT_LAST =		0x7FFF,
	/* Applications wishing to define their own custom parse
	   format should create a uint32 value greater than the
	   CSSM_CL_CUSTOM_CRL_PARSE_FORMAT */
	CSSM_CL_CUSTOM_CRL_PARSE_FORMAT =	0x8000
};

/* From CL. */
typedef uint32 CSSM_CRL_TYPE, *CSSM_CRL_TYPE_PTR;
enum {
    CSSM_CRL_TYPE_UNKNOWN =				0x00,
    CSSM_CRL_TYPE_X_509v1 =				0x01,
    CSSM_CRL_TYPE_X_509v2 =				0x02,
    CSSM_CRL_TYPE_SPKI =				0x03,
    CSSM_CRL_TYPE_MULTIPLE =			0x7FFE
};

typedef uint32 CSSM_CRL_ENCODING, *CSSM_CRL_ENCODING_PTR;
enum {
    CSSM_CRL_ENCODING_UNKNOWN =			0x00,
    CSSM_CRL_ENCODING_CUSTOM =			0x01,
    CSSM_CRL_ENCODING_BER =				0x02,
    CSSM_CRL_ENCODING_DER =				0x03,
    CSSM_CRL_ENCODING_BLOOM =			0x04,
    CSSM_CRL_ENCODING_SEXPR =			0x05,
    CSSM_CRL_ENCODING_MULTIPLE =		0x7FFE
};

typedef struct cssm_encoded_crl {
    CSSM_CRL_TYPE CrlType; /* type of CRL */
    CSSM_CRL_ENCODING CrlEncoding; /* encoding for this packed CRL */
    CSSM_DATA CrlBlob; /* packed CRL */
} CSSM_ENCODED_CRL, *CSSM_ENCODED_CRL_PTR;

/* TP Again. */
typedef struct cssm_parsed_crl {
    CSSM_CRL_TYPE CrlType; /* CRL type */
    CSSM_CRL_PARSE_FORMAT ParsedCrlFormat;
    /* struct of ParsedCrl */
    void *ParsedCrl; /* parsed CRL (to be typecast) */
} CSSM_PARSED_CRL, *CSSM_PARSED_CRL_PTR;

typedef struct cssm_crl_pair {
    CSSM_ENCODED_CRL EncodedCrl; /* an encoded CRL blob */
    CSSM_PARSED_CRL ParsedCrl; /* equivalent parsed CRL */
} CSSM_CRL_PAIR, *CSSM_CRL_PAIR_PTR;

typedef uint32 CSSM_CRLGROUP_TYPE, * CSSM_CRLGROUP_TYPE_PTR;
enum {
	CSSM_CRLGROUP_DATA =			0x00,
	CSSM_CRLGROUP_ENCODED_CRL =		0x01,
	CSSM_CRLGROUP_PARSED_CRL =		0x02,
	CSSM_CRLGROUP_CRL_PAIR =		0x03
};

typedef struct cssm_crlgroup {
    CSSM_CRL_TYPE CrlType;
    CSSM_CRL_ENCODING CrlEncoding;
    uint32 NumberOfCrls;
    union {
        CSSM_DATA_PTR CrlList;					/* CRL blob */
        CSSM_ENCODED_CRL_PTR EncodedCrlList;	/* CRL blob w/ separate type */
        CSSM_PARSED_CRL_PTR ParsedCrlList;		/* bushy, parsed CRL */
        CSSM_CRL_PAIR_PTR PairCrlList;
    } GroupCrlList;
    CSSM_CRLGROUP_TYPE CrlGroupType;
} CSSM_CRLGROUP, *CSSM_CRLGROUP_PTR;

typedef struct cssm_fieldgroup {
    int NumberOfFields;		/* number of fields in the array */
    CSSM_FIELD_PTR Fields;	/* array of fields */
} CSSM_FIELDGROUP, *CSSM_FIELDGROUP_PTR;

typedef uint32 CSSM_EVIDENCE_FORM;
enum {
	CSSM_EVIDENCE_FORM_UNSPECIFIC =		0x0,
	CSSM_EVIDENCE_FORM_CERT =			0x1,
	CSSM_EVIDENCE_FORM_CRL =			0x2,
	CSSM_EVIDENCE_FORM_CERT_ID =		0x3,
	CSSM_EVIDENCE_FORM_CRL_ID =			0x4,
	CSSM_EVIDENCE_FORM_VERIFIER_TIME =	0x5,
	CSSM_EVIDENCE_FORM_CRL_THISTIME =	0x6,
	CSSM_EVIDENCE_FORM_CRL_NEXTTIME =	0x7,
	CSSM_EVIDENCE_FORM_POLICYINFO =		0x8,
	CSSM_EVIDENCE_FORM_TUPLEGROUP =		0x9
};

typedef struct cssm_evidence {
    CSSM_EVIDENCE_FORM EvidenceForm;
    void *Evidence; /* Evidence content */
} CSSM_EVIDENCE, *CSSM_EVIDENCE_PTR;

typedef struct cssm_tp_verify_context {
    CSSM_TP_ACTION Action;
    CSSM_DATA ActionData;
    CSSM_CRLGROUP Crls;
    CSSM_TP_CALLERAUTH_CONTEXT_PTR Cred;
} CSSM_TP_VERIFY_CONTEXT, *CSSM_TP_VERIFY_CONTEXT_PTR;

typedef struct cssm_tp_verify_context_result {
    uint32 NumberOfEvidences;
    CSSM_EVIDENCE_PTR Evidence;
} CSSM_TP_VERIFY_CONTEXT_RESULT, *CSSM_TP_VERIFY_CONTEXT_RESULT_PTR;

typedef struct cssm_tp_request_set {
    uint32 NumberOfRequests;
    void *Requests;
} CSSM_TP_REQUEST_SET, *CSSM_TP_REQUEST_SET_PTR;

typedef struct cssm_tp_result_set {
    uint32 NumberOfResults;
    void *Results;
} CSSM_TP_RESULT_SET, *CSSM_TP_RESULT_SET_PTR;

typedef uint32 CSSM_TP_CONFIRM_STATUS, *CSSM_TP_CONFIRM_STATUS_PTR;
enum {
	CSSM_TP_CONFIRM_STATUS_UNKNOWN =	0x0,
	/* indeterminate */
	CSSM_TP_CONFIRM_ACCEPT =			0x1,
	/* accept results of executing a
	   submit-retrieve function pair */
	CSSM_TP_CONFIRM_REJECT =			0x2
	/* reject results of executing a
	   submit-retrieve function pair */
};

typedef struct cssm_tp_confirm_response {
    uint32 NumberOfResponses;
    CSSM_TP_CONFIRM_STATUS_PTR Responses;
} CSSM_TP_CONFIRM_RESPONSE, *CSSM_TP_CONFIRM_RESPONSE_PTR;

enum {
	CSSM_ESTIMATED_TIME_UNKNOWN =		-1
};

enum {
	CSSM_ELAPSED_TIME_UNKNOWN =			-1,
	CSSM_ELAPSED_TIME_COMPLETE =		-2
};

typedef struct cssm_tp_certissue_input {
    CSSM_SUBSERVICE_UID CSPSubserviceUid;
    CSSM_CL_HANDLE CLHandle;
    uint32 NumberOfTemplateFields;
    CSSM_FIELD_PTR SubjectCertFields;
    CSSM_TP_SERVICES MoreServiceRequests;
    uint32 NumberOfServiceControls;
    CSSM_FIELD_PTR ServiceControls;
    CSSM_ACCESS_CREDENTIALS_PTR UserCredentials;
} CSSM_TP_CERTISSUE_INPUT, *CSSM_TP_CERTISSUE_INPUT_PTR;

typedef uint32 CSSM_TP_CERTISSUE_STATUS;
enum {
	CSSM_TP_CERTISSUE_STATUS_UNKNOWN =		0x0,
	/* indeterminate */
	CSSM_TP_CERTISSUE_OK =					0x1,
	/* cert issued as requested */
	CSSM_TP_CERTISSUE_OKWITHCERTMODS =		0x2,
	/* cert issued but cert contents were
	   updated by the issuing authority */
	CSSM_TP_CERTISSUE_OKWITHSERVICEMODS =	0x3,
	/* cert issued but some requested backend
	   services were not performed by the
	   issuing authority */
	CSSM_TP_CERTISSUE_REJECTED =			0x4,
	/* cert was not issued due to some error
	   condition */
	CSSM_TP_CERTISSUE_NOT_AUTHORIZED =		0x5,
	/* cert was not issued, the request was
	   not authorized */
	CSSM_TP_CERTISSUE_WILL_BE_REVOKED =		0x6
	/* cert was issued, but TP has initiated
	   a revocation of the certificate */
};

typedef struct cssm_tp_certissue_output {
    CSSM_TP_CERTISSUE_STATUS IssueStatus;
    CSSM_CERTGROUP_PTR CertGroup;
    CSSM_TP_SERVICES PerformedServiceRequests;
} CSSM_TP_CERTISSUE_OUTPUT, *CSSM_TP_CERTISSUE_OUTPUT_PTR;

typedef uint32 CSSM_TP_CERTCHANGE_ACTION;
enum {
	CSSM_TP_CERTCHANGE_NONE =			0x0, /* no change */
	CSSM_TP_CERTCHANGE_REVOKE =			0x1, /* Revoke the certificate */
/* This action type indicates a request to revoke a single
   certificate. Notice of the revocation operation remains
   in affect until the certificate itself expires. Revocation
   should be used to permanently remove a certificate from use. */
	CSSM_TP_CERTCHANGE_HOLD =			0x2, /* Hold/suspend the certificate */
/* This action type indicates a request to suspend a
   single certificate. A suspension operation implies
   that the requester intends, at some time in the future,
   to request that the certificate be released from hold,
   making it available for use again. Placing a hold on
   a certificate does not obligate the requester to
   request a release. In practice, a certificate may
   remain on hold until the certificate itself expires.
   Revocation should be used to permanently remove a
   certificate from use. */
	CSSM_TP_CERTCHANGE_RELEASE =		0x3 /* Release the held certificate */
/* This action type indicates a request to release a
   single certificate currently on hold. A release
   operation makes a certificate available for use again.
   Revocation should be used to permanently remove a
   certificate from use. */
};

typedef uint32 CSSM_TP_CERTCHANGE_REASON;
enum {
	CSSM_TP_CERTCHANGE_REASON_UNKNOWN =					0x0,
	/* unspecified */
	CSSM_TP_CERTCHANGE_REASON_KEYCOMPROMISE =			0x1,
	/* Subject key believed to be compromised */
	CSSM_TP_CERTCHANGE_REASON_CACOMPROMISE =			0x2,
	/* CA’s key believed to be compromised */
	CSSM_TP_CERTCHANGE_REASON_CEASEOPERATION =			0x3,
	/* certificate holder ceases operation under
	   the jurisdiction of this certificate */
	CSSM_TP_CERTCHANGE_REASON_AFFILIATIONCHANGE =		0x4,
	/* certificate holder has moved from this
	   jurisdiction */
	CSSM_TP_CERTCHANGE_REASON_SUPERCEDED =				0x5,
	/* certificate holder as issued a new, superceding
	   certificate */
	CSSM_TP_CERTCHANGE_REASON_SUSPECTEDCOMPROMISE =		0x6,
	/* certificate could be compromised */
	CSSM_TP_CERTCHANGE_REASON_HOLDRELEASE =				0x7
	/* certificate holder resumes operation under the
	   jurisdiction of this certificate */
};

typedef struct cssm_tp_certchange_input {
    CSSM_TP_CERTCHANGE_ACTION Action;
    CSSM_TP_CERTCHANGE_REASON Reason;
    CSSM_CL_HANDLE CLHandle;
    CSSM_DATA_PTR Cert;
    CSSM_FIELD_PTR ChangeInfo;
    CSSM_TIMESTRING StartTime;
    CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials;
} CSSM_TP_CERTCHANGE_INPUT, *CSSM_TP_CERTCHANGE_INPUT_PTR;

typedef uint32 CSSM_TP_CERTCHANGE_STATUS;
enum {
	CSSM_TP_CERTCHANGE_STATUS_UNKNOWN =		0x0,
	/* indeterminate */
	CSSM_TP_CERTCHANGE_OK =					0x1,
	/* cert state was successfully changed
	   beginning at the specified time */
	CSSM_TP_CERTCHANGE_OKWITHNEWTIME =		0x2,
	/* cert state was successfully changed,
	   at a modified effective time */
	CSSM_TP_CERTCHANGE_WRONGCA =			0x3,
	/* cert state was not changed, the
	   selected CA is not authorized to
	   change the cert state */
	CSSM_TP_CERTCHANGE_REJECTED =			0x4,
	/* cert state was not changed due to some
	   error condition */
	CSSM_TP_CERTCHANGE_NOT_AUTHORIZED =		0x5
	/* cert state was not changed, the
	   requester is not authorized to change
	   the cert state */
};

typedef struct cssm_tp_certchange_output {
    CSSM_TP_CERTCHANGE_STATUS ActionStatus;
    CSSM_FIELD RevokeInfo;
} CSSM_TP_CERTCHANGE_OUTPUT, *CSSM_TP_CERTCHANGE_OUTPUT_PTR;

typedef struct cssm_tp_certverify_input {
    CSSM_CL_HANDLE CLHandle;
    CSSM_DATA_PTR Cert;
    CSSM_TP_VERIFY_CONTEXT_PTR VerifyContext;
} CSSM_TP_CERTVERIFY_INPUT, *CSSM_TP_CERTVERIFY_INPUT_PTR;

typedef uint32 CSSM_TP_CERTVERIFY_STATUS;
enum {
	CSSM_TP_CERTVERIFY_UNKNOWN =					0x0,
	CSSM_TP_CERTVERIFY_VALID =						0x1,
	CSSM_TP_CERTVERIFY_INVALID =					0x2,
	CSSM_TP_CERTVERIFY_REVOKED =					0x3,
	CSSM_TP_CERTVERIFY_SUSPENDED =					0x4,
	CSSM_TP_CERTVERIFY_EXPIRED =					0x5,
	CSSM_TP_CERTVERIFY_NOT_VALID_YET =				0x6,
	CSSM_TP_CERTVERIFY_INVALID_AUTHORITY =			0x7,
	CSSM_TP_CERTVERIFY_INVALID_SIGNATURE =			0x8,
	CSSM_TP_CERTVERIFY_INVALID_CERT_VALUE =			0x9,
	CSSM_TP_CERTVERIFY_INVALID_CERTGROUP =			0xA,
	CSSM_TP_CERTVERIFY_INVALID_POLICY =				0xB,
	CSSM_TP_CERTVERIFY_INVALID_POLICY_IDS =			0xC,
	CSSM_TP_CERTVERIFY_INVALID_BASIC_CONSTRAINTS =	0xD,
	CSSM_TP_CERTVERIFY_INVALID_CRL_DIST_PT =		0xE,
	CSSM_TP_CERTVERIFY_INVALID_NAME_TREE =			0xF,
	CSSM_TP_CERTVERIFY_UNKNOWN_CRITICAL_EXT =		0x10
};

typedef struct cssm_tp_certverify_output {
    CSSM_TP_CERTVERIFY_STATUS VerifyStatus;
    uint32 NumberOfEvidence;
    CSSM_EVIDENCE_PTR Evidence;
} CSSM_TP_CERTVERIFY_OUTPUT, *CSSM_TP_CERTVERIFY_OUTPUT_PTR;

typedef struct cssm_tp_certnotarize_input {
    CSSM_CL_HANDLE CLHandle;
    uint32 NumberOfFields;
    CSSM_FIELD_PTR MoreFields;
    CSSM_FIELD_PTR SignScope;
    uint32 ScopeSize;
    CSSM_TP_SERVICES MoreServiceRequests;
    uint32 NumberOfServiceControls;
    CSSM_FIELD_PTR ServiceControls;
    CSSM_ACCESS_CREDENTIALS_PTR UserCredentials;
} CSSM_TP_CERTNOTARIZE_INPUT, *CSSM_TP_CERTNOTARIZE_INPUT_PTR;

typedef uint32 CSSM_TP_CERTNOTARIZE_STATUS;
enum {
	CSSM_TP_CERTNOTARIZE_STATUS_UNKNOWN =		0x0,
	/* indeterminate */
	CSSM_TP_CERTNOTARIZE_OK =					0x1,
	/* cert fields were added and the result was
	   notarized as requested */
	CSSM_TP_CERTNOTARIZE_OKWITHOUTFIELDS = 		0x2,
	/* non-conflicting cert fields were added,
	   conflicting cert fields were ignored,
	   and the result was notarized as requested */
	CSSM_TP_CERTNOTARIZE_OKWITHSERVICEMODS =	0x3,
	/* cert fields were added and the result was
	   notarized as requested, but some requested
	   backend services were not performed by the
	   notary */
	CSSM_TP_CERTNOTARIZE_REJECTED = 			0x4,
	/* cert was not notarized due to some error
	   condition */
	CSSM_TP_CERTNOTARIZE_NOT_AUTHORIZED =		0x5
	/* cert was not notarized, the request was
	   not authorized */
};

typedef struct cssm_tp_certnotarize_output {
    CSSM_TP_CERTNOTARIZE_STATUS NotarizeStatus;
    CSSM_CERTGROUP_PTR NotarizedCertGroup;
    CSSM_TP_SERVICES PerformedServiceRequests;
} CSSM_TP_CERTNOTARIZE_OUTPUT, *CSSM_TP_CERTNOTARIZE_OUTPUT_PTR;

typedef struct cssm_tp_certreclaim_input {
    CSSM_CL_HANDLE CLHandle;
    uint32 NumberOfSelectionFields;
    CSSM_FIELD_PTR SelectionFields;
    CSSM_ACCESS_CREDENTIALS_PTR UserCredentials;
} CSSM_TP_CERTRECLAIM_INPUT, *CSSM_TP_CERTRECLAIM_INPUT_PTR;

typedef uint32 CSSM_TP_CERTRECLAIM_STATUS;
enum {
	CSSM_TP_CERTRECLAIM_STATUS_UNKNOWN = 	0x0,
	/* indeterminate */
	CSSM_TP_CERTRECLAIM_OK =				0x1,
	/* a set of one or more certificates were
	   returned by the CA for local recovery
	   of the associated private key */
	CSSM_TP_CERTRECLAIM_NOMATCH =			0x2,
	/* no certificates owned by the requester
	   were found matching the specified
	   selection fields */
	CSSM_TP_CERTRECLAIM_REJECTED =			0x3,
	/* certificate reclamation failed due
	   to some error condition */
	CSSM_TP_CERTRECLAIM_NOT_AUTHORIZED =	0x4
	/* certificate reclamation was not
	   performed, the request was not
	   authorized */
};

typedef struct cssm_tp_certreclaim_output {
    CSSM_TP_CERTRECLAIM_STATUS ReclaimStatus;
    CSSM_CERTGROUP_PTR ReclaimedCertGroup;
    CSSM_LONG_HANDLE KeyCacheHandle;
} CSSM_TP_CERTRECLAIM_OUTPUT, *CSSM_TP_CERTRECLAIM_OUTPUT_PTR;

typedef struct cssm_tp_crlissue_input {
    CSSM_CL_HANDLE CLHandle;
    uint32 CrlIdentifier;
    CSSM_TIMESTRING CrlThisTime;
    CSSM_FIELD_PTR PolicyIdentifier;
    CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials;
} CSSM_TP_CRLISSUE_INPUT, *CSSM_TP_CRLISSUE_INPUT_PTR;

typedef uint32 CSSM_TP_CRLISSUE_STATUS;
enum {
	CSSM_TP_CRLISSUE_STATUS_UNKNOWN =		0x0,
	/* indeterminate */
	CSSM_TP_CRLISSUE_OK =					0x1,
	/* a copy of the most current CRL was
	   issued as requested and the time for
	   issuing the next CRL is also returned */
	CSSM_TP_CRLISSUE_NOT_CURRENT =			0x2,
	/* either no CRL has been issued since
	   the CRL identified in the request, or
	   it is not time to issue an updated CRL.
	   no CRL has been returned, but the time
	   for issuing the next CRL is included
	   in the results */
	CSSM_TP_CRLISSUE_INVALID_DOMAIN =		0x3,
	/* CRL domain was not recognized or was
	   outside the CA jurisdiction, no CRL or
	   time for the next CRL has been
	   returned. */
	CSSM_TP_CRLISSUE_UNKNOWN_IDENTIFIER =	0x4,
	/* unrecognized CRL identifier, no CRL or
	   time for the next CRL has been
	   returned. */
	CSSM_TP_CRLISSUE_REJECTED =				0x5,
	/* CRL was not issued due to some error
	   condition, no CRL or time for the next
	   CRL has been returned. */
	CSSM_TP_CRLISSUE_NOT_AUTHORIZED =		0x6
	/* CRL was not issued, the request was
	   not authorized, no CRL or time for the
	   next CRL has been returned. */
};

typedef struct cssm_tp_crlissue_output {
    CSSM_TP_CRLISSUE_STATUS IssueStatus;
    CSSM_ENCODED_CRL_PTR Crl;
    CSSM_TIMESTRING CrlNextTime;
} CSSM_TP_CRLISSUE_OUTPUT, *CSSM_TP_CRLISSUE_OUTPUT_PTR;

typedef uint32 CSSM_TP_FORM_TYPE;
enum {
	CSSM_TP_FORM_TYPE_GENERIC =				0x0,
	CSSM_TP_FORM_TYPE_REGISTRATION =		0x1
};

/* Data Types for Certificate Library Services  */

typedef uint32 CSSM_CL_TEMPLATE_TYPE;
enum {
	CSSM_CL_TEMPLATE_INTERMEDIATE_CERT =	1,
	/* for X509 certificates, a fully-formed
	   encoded certificate with empty signature field */
	CSSM_CL_TEMPLATE_PKIX_CERTTEMPLATE =	2
	/* as defined in RFC2511, section 5 CertTemplate */
};

typedef uint32 CSSM_CERT_BUNDLE_TYPE;
enum {
    CSSM_CERT_BUNDLE_UNKNOWN =						0x00,
    CSSM_CERT_BUNDLE_CUSTOM =						0x01,
    CSSM_CERT_BUNDLE_PKCS7_SIGNED_DATA =			0x02,
    CSSM_CERT_BUNDLE_PKCS7_SIGNED_ENVELOPED_DATA =	0x03,
    CSSM_CERT_BUNDLE_PKCS12 =						0x04,
    CSSM_CERT_BUNDLE_PFX =							0x05,
    CSSM_CERT_BUNDLE_SPKI_SEQUENCE =				0x06,
    CSSM_CERT_BUNDLE_PGP_KEYRING =					0x07,
    CSSM_CERT_BUNDLE_LAST =							0x7FFF,
	/* Applications wishing to define their own custom certificate
	   bundle type should define and publicly document a uint32
	   value greater than CSSM_CL_CUSTOM_CERT_BUNDLE_TYPE */
	CSSM_CL_CUSTOM_CERT_BUNDLE_TYPE =				0x8000
};

typedef uint32 CSSM_CERT_BUNDLE_ENCODING;
enum {
    CSSM_CERT_BUNDLE_ENCODING_UNKNOWN =			0x00,
    CSSM_CERT_BUNDLE_ENCODING_CUSTOM =			0x01,
    CSSM_CERT_BUNDLE_ENCODING_BER =				0x02,
    CSSM_CERT_BUNDLE_ENCODING_DER =				0x03,
    CSSM_CERT_BUNDLE_ENCODING_SEXPR =			0x04,
    CSSM_CERT_BUNDLE_ENCODING_PGP =				0x05
};

typedef struct cssm_cert_bundle_header {
    CSSM_CERT_BUNDLE_TYPE BundleType;
    CSSM_CERT_BUNDLE_ENCODING BundleEncoding;
} CSSM_CERT_BUNDLE_HEADER, *CSSM_CERT_BUNDLE_HEADER_PTR;

typedef struct cssm_cert_bundle {
    CSSM_CERT_BUNDLE_HEADER BundleHeader;
    CSSM_DATA Bundle;
} CSSM_CERT_BUNDLE, *CSSM_CERT_BUNDLE_PTR;

enum {
	CSSM_FIELDVALUE_COMPLEX_DATA_TYPE =			0xFFFFFFFF
};

/* Data Types for Data Storage Library Services  */

typedef uint32 CSSM_DB_ATTRIBUTE_NAME_FORMAT, *CSSM_DB_ATTRIBUTE_NAME_FORMAT_PTR;
enum {
    CSSM_DB_ATTRIBUTE_NAME_AS_STRING =			0,
    CSSM_DB_ATTRIBUTE_NAME_AS_OID =				1,
	CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER =			2
};

typedef uint32 CSSM_DB_ATTRIBUTE_FORMAT, *CSSM_DB_ATTRIBUTE_FORMAT_PTR;
enum {
    CSSM_DB_ATTRIBUTE_FORMAT_STRING =			0,
    CSSM_DB_ATTRIBUTE_FORMAT_SINT32 =			1,
    CSSM_DB_ATTRIBUTE_FORMAT_UINT32 =			2,
    CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM =			3,
    CSSM_DB_ATTRIBUTE_FORMAT_REAL =				4,
    CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE =		5,
    CSSM_DB_ATTRIBUTE_FORMAT_BLOB =				6,
    CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32 =		7,
    CSSM_DB_ATTRIBUTE_FORMAT_COMPLEX =			8
};

typedef struct cssm_db_attribute_info {
    CSSM_DB_ATTRIBUTE_NAME_FORMAT AttributeNameFormat;
    union cssm_db_attribute_label {
        char *AttributeName;		/* e.g., "record label" */
        CSSM_OID AttributeOID;		/* e.g., CSSMOID_RECORDLABEL */
        uint32 AttributeID;			/* e.g., FOUR_CHAR_CODE('recl') */
    } Label;
    CSSM_DB_ATTRIBUTE_FORMAT AttributeFormat;
} CSSM_DB_ATTRIBUTE_INFO, *CSSM_DB_ATTRIBUTE_INFO_PTR;

typedef struct cssm_db_attribute_data {
    CSSM_DB_ATTRIBUTE_INFO Info;
    uint32 NumberOfValues;
    CSSM_DATA_PTR Value;
} CSSM_DB_ATTRIBUTE_DATA, *CSSM_DB_ATTRIBUTE_DATA_PTR;

typedef uint32 CSSM_DB_RECORDTYPE;
enum {
	/* Schema Management Name Space Range Definition*/
	CSSM_DB_RECORDTYPE_SCHEMA_START =			0x00000000,
	CSSM_DB_RECORDTYPE_SCHEMA_END =				CSSM_DB_RECORDTYPE_SCHEMA_START + 4,
	/* Open Group Application Name Space Range Definition*/
	CSSM_DB_RECORDTYPE_OPEN_GROUP_START =		0x0000000A,
	CSSM_DB_RECORDTYPE_OPEN_GROUP_END =			CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 8,
	/* Industry At Large Application Name Space Range Definition */
	CSSM_DB_RECORDTYPE_APP_DEFINED_START =		0x80000000,
	CSSM_DB_RECORDTYPE_APP_DEFINED_END =		0xffffffff,
	/* Record Types defined in the Schema Management Name Space */
	CSSM_DL_DB_SCHEMA_INFO =					CSSM_DB_RECORDTYPE_SCHEMA_START + 0,
	CSSM_DL_DB_SCHEMA_INDEXES =					CSSM_DB_RECORDTYPE_SCHEMA_START + 1,
	CSSM_DL_DB_SCHEMA_ATTRIBUTES =				CSSM_DB_RECORDTYPE_SCHEMA_START + 2,
	CSSM_DL_DB_SCHEMA_PARSING_MODULE =			CSSM_DB_RECORDTYPE_SCHEMA_START + 3,
	/* Record Types defined in the Open Group Application Name Space */
	CSSM_DL_DB_RECORD_ANY =						CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 0,
	CSSM_DL_DB_RECORD_CERT =					CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 1,
	CSSM_DL_DB_RECORD_CRL =						CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 2,
	CSSM_DL_DB_RECORD_POLICY =					CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 3,
	CSSM_DL_DB_RECORD_GENERIC =					CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 4,
	CSSM_DL_DB_RECORD_PUBLIC_KEY =				CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 5,
	CSSM_DL_DB_RECORD_PRIVATE_KEY =				CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 6,
	CSSM_DL_DB_RECORD_SYMMETRIC_KEY =			CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 7,
	CSSM_DL_DB_RECORD_ALL_KEYS =				CSSM_DB_RECORDTYPE_OPEN_GROUP_START + 8
};

enum {
	CSSM_DB_CERT_USE_TRUSTED =			0x00000001,	/* application-defined as trusted */
	CSSM_DB_CERT_USE_SYSTEM =			0x00000002,	/* the CSSM system cert */
	CSSM_DB_CERT_USE_OWNER =			0x00000004,	/* private key owned by system user*/
	CSSM_DB_CERT_USE_REVOKED =			0x00000008,	/* revoked cert -15913 used w CRL APIs */
	CSSM_DB_CERT_USE_SIGNING =			0x00000010,	/* use cert for signing only */
	CSSM_DB_CERT_USE_PRIVACY =			0x00000020	/* use cert for confidentiality only */
};

typedef struct cssm_db_record_attribute_info {
    CSSM_DB_RECORDTYPE DataRecordType;
    uint32 NumberOfAttributes;
    CSSM_DB_ATTRIBUTE_INFO_PTR AttributeInfo;
} CSSM_DB_RECORD_ATTRIBUTE_INFO, *CSSM_DB_RECORD_ATTRIBUTE_INFO_PTR;

typedef struct cssm_db_record_attribute_data {
    CSSM_DB_RECORDTYPE DataRecordType;
    uint32 SemanticInformation;
    uint32 NumberOfAttributes;
    CSSM_DB_ATTRIBUTE_DATA_PTR AttributeData;
} CSSM_DB_RECORD_ATTRIBUTE_DATA, *CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR;

typedef struct cssm_db_parsing_module_info {
    CSSM_DB_RECORDTYPE RecordType;
    CSSM_SUBSERVICE_UID ModuleSubserviceUid;
} CSSM_DB_PARSING_MODULE_INFO, *CSSM_DB_PARSING_MODULE_INFO_PTR;

typedef uint32 CSSM_DB_INDEX_TYPE;
enum {
    CSSM_DB_INDEX_UNIQUE =				0,
    CSSM_DB_INDEX_NONUNIQUE =			1
};

typedef uint32 CSSM_DB_INDEXED_DATA_LOCATION;
enum {
    CSSM_DB_INDEX_ON_UNKNOWN =			0,
    CSSM_DB_INDEX_ON_ATTRIBUTE =		1,
    CSSM_DB_INDEX_ON_RECORD =			2
};

typedef struct cssm_db_index_info {
    CSSM_DB_INDEX_TYPE IndexType;
    CSSM_DB_INDEXED_DATA_LOCATION IndexedDataLocation;
    CSSM_DB_ATTRIBUTE_INFO Info;
} CSSM_DB_INDEX_INFO, *CSSM_DB_INDEX_INFO_PTR;

typedef struct cssm_db_unique_record {
    CSSM_DB_INDEX_INFO RecordLocator;
    CSSM_DATA RecordIdentifier;
} CSSM_DB_UNIQUE_RECORD, *CSSM_DB_UNIQUE_RECORD_PTR;

typedef struct cssm_db_record_index_info {
    CSSM_DB_RECORDTYPE DataRecordType;
    uint32 NumberOfIndexes;
    CSSM_DB_INDEX_INFO_PTR IndexInfo;
} CSSM_DB_RECORD_INDEX_INFO, *CSSM_DB_RECORD_INDEX_INFO_PTR;

typedef uint32 CSSM_DB_ACCESS_TYPE, *CSSM_DB_ACCESS_TYPE_PTR;
enum {
	CSSM_DB_ACCESS_READ =				0x00001,
	CSSM_DB_ACCESS_WRITE =				0x00002,
	CSSM_DB_ACCESS_PRIVILEGED =			0x00004 /* versus user mode */
};

typedef uint32 CSSM_DB_MODIFY_MODE;
enum {
	CSSM_DB_MODIFY_ATTRIBUTE_NONE =		0,
	CSSM_DB_MODIFY_ATTRIBUTE_ADD =		CSSM_DB_MODIFY_ATTRIBUTE_NONE + 1,
	CSSM_DB_MODIFY_ATTRIBUTE_DELETE =	CSSM_DB_MODIFY_ATTRIBUTE_NONE + 2,
	CSSM_DB_MODIFY_ATTRIBUTE_REPLACE =	CSSM_DB_MODIFY_ATTRIBUTE_NONE + 3
};

typedef struct cssm_dbinfo {
    /* meta information about each record type stored in this
    data store including meta information about record
    attributes and indexes */
    uint32 NumberOfRecordTypes;
    CSSM_DB_PARSING_MODULE_INFO_PTR DefaultParsingModules;
    CSSM_DB_RECORD_ATTRIBUTE_INFO_PTR RecordAttributeNames;
    CSSM_DB_RECORD_INDEX_INFO_PTR RecordIndexes;
    /* access restrictions for opening this data store */
    CSSM_BOOL IsLocal;
    char *AccessPath; /* URL, dir path, etc. */
    void *Reserved;
} CSSM_DBINFO, *CSSM_DBINFO_PTR;

typedef uint32 CSSM_DB_OPERATOR, *CSSM_DB_OPERATOR_PTR;
enum {
    CSSM_DB_EQUAL =							0,
    CSSM_DB_NOT_EQUAL =						1,
    CSSM_DB_LESS_THAN =						2,
    CSSM_DB_GREATER_THAN =					3,
    CSSM_DB_CONTAINS =						4,
    CSSM_DB_CONTAINS_INITIAL_SUBSTRING =	5,
    CSSM_DB_CONTAINS_FINAL_SUBSTRING =		6
};

typedef uint32 CSSM_DB_CONJUNCTIVE, *CSSM_DB_CONJUNCTIVE_PTR;
enum {
    CSSM_DB_NONE =						0,
    CSSM_DB_AND =						1,
    CSSM_DB_OR =						2
};

typedef struct cssm_selection_predicate {
    CSSM_DB_OPERATOR DbOperator;
    CSSM_DB_ATTRIBUTE_DATA Attribute;
} CSSM_SELECTION_PREDICATE, *CSSM_SELECTION_PREDICATE_PTR;

enum {
	CSSM_QUERY_TIMELIMIT_NONE =			0
};

enum {
	CSSM_QUERY_SIZELIMIT_NONE =			0
};

typedef struct cssm_query_limits {
    uint32 TimeLimit; /* in seconds */
    uint32 SizeLimit; /* max. number of records to return */
} CSSM_QUERY_LIMITS, *CSSM_QUERY_LIMITS_PTR;

typedef uint32 CSSM_QUERY_FLAGS;
enum {
	CSSM_QUERY_RETURN_DATA =			0x01
};

typedef struct cssm_query {
    CSSM_DB_RECORDTYPE RecordType;
    CSSM_DB_CONJUNCTIVE Conjunctive;
    uint32 NumSelectionPredicates;
    CSSM_SELECTION_PREDICATE_PTR SelectionPredicate;
    CSSM_QUERY_LIMITS QueryLimits;
    CSSM_QUERY_FLAGS QueryFlags;
} CSSM_QUERY, *CSSM_QUERY_PTR;

typedef uint32 CSSM_DLTYPE, *CSSM_DLTYPE_PTR;
enum {
    CSSM_DL_UNKNOWN =					0,
    CSSM_DL_CUSTOM =					1,
    CSSM_DL_LDAP =						2,
    CSSM_DL_ODBC =						3,
    CSSM_DL_PKCS11 =					4,
    CSSM_DL_FFS =						5, /* flat file system */
    CSSM_DL_MEMORY =					6,
    CSSM_DL_REMOTEDIR =					7
};

typedef void *CSSM_DL_CUSTOM_ATTRIBUTES;
typedef void *CSSM_DL_LDAP_ATTRIBUTES;
typedef void *CSSM_DL_ODBC_ATTRIBUTES;
typedef void *CSSM_DL_FFS_ATTRIBUTES;

typedef struct cssm_dl_pkcs11_attributes {
    uint32 DeviceAccessFlags;
} *CSSM_DL_PKCS11_ATTRIBUTE, *CSSM_DL_PKCS11_ATTRIBUTE_PTR;

enum {
	CSSM_DB_DATASTORES_UNKNOWN =		0xFFFFFFFF
};

typedef struct cssm_name_list {
    uint32 NumStrings;
    char **String;
} CSSM_NAME_LIST, *CSSM_NAME_LIST_PTR;

typedef uint32 CSSM_DB_RETRIEVAL_MODES;
enum {
	CSSM_DB_TRANSACTIONAL_MODE =		0,
	CSSM_DB_FILESYSTEMSCAN_MODE =		1
};

typedef struct cssm_db_schema_attribute_info {
    uint32 AttributeId;
    char *AttributeName;
    CSSM_OID AttributeNameID;
    CSSM_DB_ATTRIBUTE_FORMAT DataType;
} CSSM_DB_SCHEMA_ATTRIBUTE_INFO, *CSSM_DB_SCHEMA_ATTRIBUTE_INFO_PTR;

typedef struct cssm_db_schema_index_info {
    uint32 AttributeId;
    uint32 IndexId;
    CSSM_DB_INDEX_TYPE IndexType;
    CSSM_DB_INDEXED_DATA_LOCATION IndexedDataLocation;
} CSSM_DB_SCHEMA_INDEX_INFO, *CSSM_DB_SCHEMA_INDEX_INFO_PTR;

#ifdef __cplusplus
}
#endif

#endif /* _CSSMTYPE_H_ */