📄 cryptlib.h
字号:
/***********************/
/* Envelope attributes */
/***********************/
/* Pseudo-information on an envelope or meta-information which is used to
control the way that data in an envelope is processed */
CRYPT_ENVINFO_DATASIZE, /* Data size information */
CRYPT_ENVINFO_COMPRESSION, /* Compression information */
CRYPT_ENVINFO_CONTENTTYPE, /* Inner CMS content type */
CRYPT_ENVINFO_DETACHEDSIGNATURE,/* Generate CMS detached signature */
CRYPT_ENVINFO_SIGNATURE_RESULT, /* Signature check result */
CRYPT_ENVINFO_MAC, /* Use MAC instead of encrypting */
CRYPT_ENVINFO_CURRENT_COMPONENT,/* Cursor management: Relative pos.*/
/* Resources required for enveloping/deenveloping */
CRYPT_ENVINFO_PASSWORD, /* User password */
CRYPT_ENVINFO_KEY, /* Conventional encryption key */
CRYPT_ENVINFO_SIGNATURE, /* Signature/signature check key */
CRYPT_ENVINFO_SIGNATURE_EXTRADATA, /* Extra information added to CMS sigs */
CRYPT_ENVINFO_RECIPIENT, /* Recipient email address */
CRYPT_ENVINFO_PUBLICKEY, /* PKC encryption key */
CRYPT_ENVINFO_PRIVATEKEY, /* PKC decryption key */
CRYPT_ENVINFO_PRIVATEKEY_LABEL, /* Label of PKC decryption key */
CRYPT_ENVINFO_ORIGINATOR, /* Originator info/key */
CRYPT_ENVINFO_SESSIONKEY, /* Session key */
CRYPT_ENVINFO_HASH, /* Hash value */
CRYPT_ENVINFO_TIMESTAMP_AUTHORITY, /* Timestamp authority */
/* Keysets used to retrieve keys needed for enveloping/deenveloping */
CRYPT_ENVINFO_KEYSET_SIGCHECK, /* Signature check keyset */
CRYPT_ENVINFO_KEYSET_ENCRYPT, /* PKC encryption keyset */
CRYPT_ENVINFO_KEYSET_DECRYPT, /* PKC decryption keyset */
/* Used internally */
CRYPT_ENVINFO_LAST, CRYPT_SESSINFO_FIRST = 6000,
/**********************/
/* Session attributes */
/**********************/
/* Pseudo-information on a session or meta-information which is used to
control the way that a session is managed */
/* Pseudo-information about the session */
CRYPT_SESSINFO_ACTIVE, /* Whether session is active */
CRYPT_SESSINFO_CONNECTIONACTIVE,/* Whether network connection is active */
/* Security-related information */
CRYPT_SESSINFO_USERNAME, /* User name */
CRYPT_SESSINFO_PASSWORD, /* Password */
CRYPT_SESSINFO_PRIVATEKEY, /* Server/client private key */
CRYPT_SESSINFO_KEYSET, /* Certificate store */
/* Client/server information */
CRYPT_SESSINFO_SERVER_NAME, /* Server name */
CRYPT_SESSINFO_SERVER_PORT, /* Server port number */
CRYPT_SESSINFO_SERVER_FINGERPRINT,/* Server key fingerprint */
CRYPT_SESSINFO_CLIENT_NAME, /* Client name */
CRYPT_SESSINFO_CLIENT_PORT, /* Client port number */
CRYPT_SESSINFO_SESSION, /* Transport mechanism */
CRYPT_SESSINFO_NETWORKSOCKET, /* User-supplied network socket */
/* Generic protocol-related information */
CRYPT_SESSINFO_VERSION, /* Protocol version */
CRYPT_SESSINFO_REQUEST, /* Cert.request object */
CRYPT_SESSINFO_RESPONSE, /* Cert.response object */
CRYPT_SESSINFO_CACERTIFICATE, /* Issuing CA certificate */
/* Protocol-specific information */
CRYPT_SESSINFO_TSP_MSGIMPRINT, /* TSP message imprint */
CRYPT_SESSINFO_CMP_REQUESTTYPE, /* Request type */
CRYPT_SESSINFO_CMP_PKIBOOT, /* Enable PKIBoot facility */
CRYPT_SESSINFO_CMP_PRIVKEYSET, /* Private-key keyset */
CRYPT_SESSINFO_SSH_SUBSYSTEM, /* SSH subsystem */
CRYPT_SESSINFO_SSH_PORTFORWARD, /* SSH port forwarding */
/* Used internally */
CRYPT_SESSINFO_LAST, CRYPT_USERINFO_FIRST = 7000,
/**********************/
/* User attributes */
/**********************/
/* Security-related information */
CRYPT_USERINFO_PASSWORD, /* Password */
/* User role-related information */
CRYPT_USERINFO_CAKEY_CERTSIGN, /* CA cert signing key */
CRYPT_USERINFO_CAKEY_CRLSIGN, /* CA CRL signing key */
CRYPT_USERINFO_CAKEY_RTCSSIGN, /* CA RTCS signing key */
CRYPT_USERINFO_CAKEY_OCSPSIGN, /* CA OCSP signing key */
/* Used internally for range checking */
CRYPT_USERINFO_LAST, CRYPT_ATTRIBUTE_LAST = CRYPT_USERINFO_LAST
#ifdef _CRYPT_DEFINED
/***********************/
/* Internal attributes */
/***********************/
/* The following attributes are only visible internally and are protected
from any external access by the kernel (and for good measure by checks
in other places as well). The two attributes CRYPT_IATTRIBUTE_KEY_SPKI
and CRYPT_IATTRIBUTE_SPKI are actually the same thing, the difference
is that the former is write-only for contexts and the latter is read-
only for certificates (the former is used when loading a context from
a key contained in a device, where the actual key components aren't
directly available in the context but may be needed in the future for
things like cert requests). Because a single object can act as both a
context and a cert, having two explicitly different attribute names
makes things less confusing. In addition, some public-key attributes
have _PARTIAL variants that load the public-key components but don't
initialise the key/move the context into the high state. This is
used for formats in which public and private-key components are loaded
separately */
, CRYPT_IATTRIBUTE_FIRST = 8000,
CRYPT_IATTRIBUTE_TYPE, /* Object type */
CRYPT_IATTRIBUTE_SUBTYPE, /* Object subtype */
CRYPT_IATTRIBUTE_STATUS, /* Object status */
CRYPT_IATTRIBUTE_INTERNAL, /* Object internal flag */
CRYPT_IATTRIBUTE_ACTIONPERMS, /* Object action permissions */
CRYPT_IATTRIBUTE_LOCKED, /* Object locked for exclusive use */
CRYPT_IATTRIBUTE_INITIALISED, /* Object inited (in high state) */
CRYPT_IATTRIBUTE_KEYSIZE, /* Ctx: Key size (written to non-native ctxs) */
CRYPT_IATTRIBUTE_KEYFEATURES, /* Ctx: Key feature info */
CRYPT_IATTRIBUTE_KEYID, /* Ctx: Key ID */
CRYPT_IATTRIBUTE_KEYID_PGP, /* Ctx: PGP key ID */
CRYPT_IATTRIBUTE_KEYID_OPENPGP, /* Ctx: OpenPGP key ID */
CRYPT_IATTRIBUTE_KEY_KEADOMAINPARAMS,/* Ctx: Key agreement domain parameters */
CRYPT_IATTRIBUTE_KEY_KEAPUBLICVALUE,/* Ctx: Key agreement public value */
CRYPT_IATTRIBUTE_KEY_SPKI, /* Ctx: SubjectPublicKeyInfo */
CRYPT_IATTRIBUTE_KEY_PGP, /* Ctx: PGP-format public key */
CRYPT_IATTRIBUTE_KEY_SSH1, /* Ctx: SSHv1-format public key */
CRYPT_IATTRIBUTE_KEY_SSH2, /* Ctx: SSHv2-format public key */
CRYPT_IATTRIBUTE_KEY_SPKI_PARTIAL,/* Ctx: SubjectPublicKeyInfo w/o trigger */
CRYPT_IATTRIBUTE_KEY_PGP_PARTIAL,/* Ctx: PGP public key w/o trigger */
CRYPT_IATTRIBUTE_PGPVALIDITY, /* Ctx: PGP key validity */
CRYPT_IATTRIBUTE_DEVICEOBJECT, /* Ctx: Device object handle */
CRYPT_IATTRIBUTE_CRLENTRY, /* Cert: Individual entry from CRL */
CRYPT_IATTRIBUTE_SUBJECT, /* Cert: SubjectName */
CRYPT_IATTRIBUTE_ISSUER, /* Cert: IssuerName */
CRYPT_IATTRIBUTE_ISSUERANDSERIALNUMBER, /* Cert: IssuerAndSerial */
CRYPT_IATTRIBUTE_SPKI, /* Cert: Encoded SubjectPublicKeyInfo */
CRYPT_IATTRIBUTE_CERTCOLLECTION,/* Cert: Certs added to cert chain */
CRYPT_IATTRIBUTE_RESPONDERURL, /* Cert: RTCS/OCSP responder name */
CRYPT_IATTRIBUTE_RTCSREQUEST, /* Cert: RTCS req.info added to RTCS resp.*/
CRYPT_IATTRIBUTE_OCSPREQUEST, /* Cert: OCSP req.info added to OCSP resp.*/
CRYPT_IATTRIBUTE_REVREQUEST, /* Cert: CRMF rev.request added to CRL */
CRYPT_IATTRIBUTE_PKIUSERINFO, /* Cert: Additional user info added to cert.req.*/
CRYPT_IATTRIBUTE_AUTHCERTID, /* Cert: Authorising cert ID for a cert/rev.req.*/
CRYPT_IATTRIBUTE_ESSCERTID, /* Cert: ESSCertID */
CRYPT_IATTRIBUTE_ENTROPY, /* Dev: Polled entropy data */
CRYPT_IATTRIBUTE_ENTROPY_QUALITY,/* Dev: Quality of entropy data */
CRYPT_IATTRIBUTE_RANDOM_LOPICKET,/* Dev: Low picket for random data attrs.*/
CRYPT_IATTRIBUTE_RANDOM, /* Dev: Random data */
CRYPT_IATTRIBUTE_RANDOM_NZ, /* Dev: Nonzero random data */
CRYPT_IATTRIBUTE_RANDOM_HIPICKET,/* Dev: High picket for random data attrs.*/
CRYPT_IATTRIBUTE_RANDOM_NONCE, /* Dev: Basic nonce */
CRYPT_IATTRIBUTE_SELFTEST, /* Dev: Perform self-test */
CRYPT_IATTRIBUTE_TIME, /* Dev: Reliable (hardware-based) time value */
CRYPT_IATTRIBUTE_INCLUDESIGCERT,/* Env: Whether to include signing cert(s) */
CRYPT_IATTRIBUTE_ATTRONLY, /* Env: Signed data contains only CMS attrs.*/
CRYPT_IATTRIBUTE_CONFIGDATA, /* Keyset: Config information */
CRYPT_IATTRIBUTE_USERINDEX, /* Keyset: Index of users */
CRYPT_IATTRIBUTE_USERID, /* Keyset: User ID */
CRYPT_IATTRIBUTE_USERINFO, /* Keyset: User information */
CRYPT_IATTRIBUTE_TRUSTEDCERT, /* Keyset: First trusted cert */
CRYPT_IATTRIBUTE_TRUSTEDCERT_NEXT, /* Keyset: Successive trusted certs */
CRYPT_IATTRIBUTE_ENC_TIMESTAMP, /* Session: Encoded TSA timestamp */
CRYPT_IATTRUBUTE_CERTKEYSET, /* User: Keyset to send trusted certs to */
CRYPT_IATTRIBUTE_CTL, /* User: Cert.trust list */
CRYPT_IATTRIBUTE_CERT_TRUSTED, /* User: Set trusted cert */
CRYPT_IATTRIBUTE_CERT_UNTRUSTED,/* User: Unset trusted cert */
CRYPT_IATTRIBUTE_CERT_CHECKTRUST,/* User: Check trust status of cert */
CRYPT_IATTRIBUTE_CERT_TRUSTEDISSUER,/* User: Get trusted issuer of cert */
CRYPT_IATTRIBUTE_LAST,
/* Subrange values used internally for range checking */
CRYPT_CERTINFO_FIRST_CERTINFO = CRYPT_CERTINFO_FIRST + 1,
CRYPT_CERTINFO_LAST_CERTINFO = CRYPT_CERTINFO_PKIUSER_REVPASSWORD,
CRYPT_CERTINFO_FIRST_PSEUDOINFO = CRYPT_CERTINFO_SELFSIGNED,
CRYPT_CERTINFO_LAST_PSEUDOINFO = CRYPT_CERTINFO_SIGNATURELEVEL,
CRYPT_CERTINFO_FIRST_NAME = CRYPT_CERTINFO_COUNTRYNAME,
CRYPT_CERTINFO_LAST_NAME = CRYPT_CERTINFO_REGISTEREDID,
CRYPT_CERTINFO_FIRST_DN = CRYPT_CERTINFO_COUNTRYNAME,
CRYPT_CERTINFO_LAST_DN = CRYPT_CERTINFO_COMMONNAME,
CRYPT_CERTINFO_FIRST_GENERALNAME = CRYPT_CERTINFO_OTHERNAME_TYPEID,
CRYPT_CERTINFO_LAST_GENERALNAME = CRYPT_CERTINFO_REGISTEREDID,
CRYPT_CERTINFO_FIRST_EXTENSION = CRYPT_CERTINFO_CHALLENGEPASSWORD,
CRYPT_CERTINFO_LAST_EXTENSION = CRYPT_CERTINFO_SET_TUNNELINGALGID,
CRYPT_CERTINFO_FIRST_CMS = CRYPT_CERTINFO_CMS_CONTENTTYPE,
CRYPT_CERTINFO_LAST_CMS = CRYPT_CERTINFO_LAST - 1,
CRYPT_SESSINFO_FIRST_SPECIFIC = CRYPT_SESSINFO_REQUEST,
CRYPT_SESSINFO_LAST_SPECIFIC = CRYPT_SESSINFO_SSH_PORTFORWARD
#endif /* _CRYPT_DEFINED */
} CRYPT_ATTRIBUTE_TYPE;
/****************************************************************************
* *
* Attribute Subtypes and Related Values *
* *
****************************************************************************/
/* Flags for the X.509 keyUsage extension */
#define CRYPT_KEYUSAGE_NONE 0x000
#define CRYPT_KEYUSAGE_DIGITALSIGNATURE 0x001
#define CRYPT_KEYUSAGE_NONREPUDIATION 0x002
#define CRYPT_KEYUSAGE_KEYENCIPHERMENT 0x004
#define CRYPT_KEYUSAGE_DATAENCIPHERMENT 0x008
#define CRYPT_KEYUSAGE_KEYAGREEMENT 0x010
#define CRYPT_KEYUSAGE_KEYCERTSIGN 0x020
#define CRYPT_KEYUSAGE_CRLSIGN 0x040
#define CRYPT_KEYUSAGE_ENCIPHERONLY 0x080
#define CRYPT_KEYUSAGE_DECIPHERONLY 0x100
#define CRYPT_KEYUSAGE_LAST 0x200 /* Last possible value */
/* X.509 cRLReason and cryptlib cRLExtReason codes */
enum { CRYPT_CRLREASON_UNSPECIFIED, CRYPT_CRLREASON_KEYCOMPROMISE,
CRYPT_CRLREASON_CACOMPROMISE, CRYPT_CRLREASON_AFFILIATIONCHANGED,
CRYPT_CRLREASON_SUPERSEDED, CRYPT_CRLREASON_CESSATIONOFOPERATION,
CRYPT_CRLREASON_CERTIFICATEHOLD, CRYPT_CRLREASON_REMOVEFROMCRL = 8,
CRYPT_CRLREASON_LAST, /* End of standard CRL reasons */
CRYPT_CRLREASON_NEVERVALID = 10, CRYPT_CRLEXTREASON_LAST };
/* X.509 CRL reason flags. These identify the same thing as the cRLReason
codes but allow for multiple reasons to be specified. Note that these
don't follow the X.509 naming since in that scheme the enumerated types
and bitflags have the same names */
#define CRYPT_CRLREASONFLAG_UNUSED 0x001
#define CRYPT_CRLREASONFLAG_KEYCOMPROMISE 0x002
#define CRYPT_CRLREASONFLAG_CACOMPROMISE 0x004
#define CRYPT_CRLREASONFLAG_AFFILIATIONCHANGED 0x008
#define CRYPT_CRLREASONFLAG_SUPERSEDED 0x010
#define CRYPT_CRLREASONFLAG_CESSATIONOFOPERATION 0x020
#define CRYPT_CRLREASONFLAG_CERTIFICATEHOLD 0x040
#define CRYPT_CRLREASONFLAG_LAST 0x080 /* Last poss.value */
/* X.509 CRL holdInstruction codes */
enum { CRYPT_HOLDINSTRUCTION_NONE, CRYPT_HOLDINSTRUCTION_CALLISSUER,
CRYPT_HOLDINSTRUCTION_REJECT, CRYPT_HOLDINSTRUCTION_PICKUPTOKEN,
CRYPT_HOLDINSTRUCTION_LAST };
/* Certificate checking compliance levels */
enum { CRYPT_COMPLIANCELEVEL_OBLIVIOUS, CRYPT_COMPLIANCELEVEL_REDUCED,
CRYPT_COMPLIANCELEVEL_STANDARD, CRYPT_COMPLIANCELEVEL_PKIX_PARTIAL,
CRYPT_COMPLIANCELEVEL_PKIX_FULL, CRYPT_COMPLIANCELEVEL_LAST };
/* Flags for the Netscape netscape-cert-type extension */
#define CRYPT_NS_CERTTYPE_SSLCLIENT 0x001
#define CRYPT_NS_CERTTYPE_SSLSERVER 0x002
#define CRYPT_NS_CERTTYPE_SMIME 0x004
#define CRYPT_NS_CERTTYPE_OBJECTSIGNING 0x008
#define CRYPT_NS_CERTTYPE_RESERVED 0x010
#define CRYPT_NS_CERTTYPE_SSLCA 0x020
#define CRYPT_NS_CERTTYPE_SMIMECA 0x040
#define CRYPT_NS_CERTTYPE_OBJECTSIGNINGCA 0x080
#define CRYPT_NS_CERTTYPE_LAST 0x100 /* Last possible value */
/* Flags for the SET certificate-type extension */
#define CRYPT_SET_CERTTYPE_CARD 0x001
#define CRYPT_SET_CERTTYPE_MER 0x002
#define CRYPT_SET_CERTTYPE_PGWY 0x004
#define CRYPT_SET_CERTTYPE_CCA 0x008
#define CRYPT_SET_CERTTYPE_MCA 0x010
#define CRYPT_SET_CERTTYPE_PCA 0x020
#define CRYPT_SET_CERTTYPE_GCA 0x040
#define CRYPT_SET_CERTTYPE_BCA 0x080
#define CRYPT_SET_CERTTYPE_RCA 0x100
#define CRYPT_SET_CERTTYPE_ACQ 0x200
#define CRYPT_SET_CERTTYPE_LAST 0x400 /* Last possible value */
/* CMS contentType values */
typedef enum { CRYPT_CONTENT_NONE, CRYPT_CONTENT_DATA,
CRYPT_CONTENT_SIGNEDDATA, CRYPT_CONTENT_ENVELOPEDDATA,
CRYPT_CONTENT_SIGNEDANDENVELOPEDDATA,
CRYPT_CONTENT_DIGESTEDDATA, CRYPT_CONTENT_ENCRYPTEDDATA,
CRYPT_CONTENT_COMPRESSEDDATA, CRYPT_CONTENT_TSTINFO,
CRYPT_CONTENT_SPCINDIRECTDATACONTEXT,
CRYPT_CONTENT_RTCSREQUEST, CRYPT_CONTENT_RTCSRESPONSE,
CRYPT_CONTENT_RTCSRESPONSE_EXT, CRYPT_CONTENT_LAST
} CRYPT_CONTENT_TYPE;
/* ESS securityClassification codes */
enum { CRYPT_CLASSIFICATION_UNMARKED, CRYPT_CLASSIFICATION_UNCLASSIFIED,
CRYPT_CLASSIFICATION_RESTRICTED, CRYPT_CLASSIFICATION_CONFIDENTIAL,
CRYPT_CLASSIFICATION_SECRET, CRYPT_CLASSIFICATION_TOP_SECRET,
CRYPT_CLASSIFICATION_LAST = 255 };
/* RTCS certificate status */
enum { CRYPT_CERTSTATUS_VALID, CRYPT_CERTSTATUS_NOTVALID,
CRYPT_CERTSTATUS_NONAUTHORITATIVE, CRYPT_CERTSTATUS_UNKNOWN };
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -