cryptlib.h

cryptlib是功能强大的安全工具集。允许开发人员快速在自己的软件中集成加密和认证服务。

/****************************************************************************
*																			*
*								cryptlib Interface							*
*						Copyright Peter Gutmann 1992-2005					*
*																			*
****************************************************************************/

#ifndef _CRYPTLIB_DEFINED

#define _CRYPTLIB_DEFINED

/* The current cryptlib version: 3.2.2.0 */

#define CRYPTLIB_VERSION	3220

/* Fixup for Windows support.  We need to include windows.h for various types
   and prototypes needed for DLL's.  In addition wincrypt.h defines some
   values with the same names as cryptlib ones, so we need to check for this
   and issue a warning not to mix cryptlib with CryptoAPI (that's like taking
   a bank vault and making one side out of papier mache).

   A second, less likely condition can occur when wincrypt.h is included
   after cryptlib.h, which shouldn't happen if developers follow the
   convention of including local headers after system headers, but can occur
   if they ignore this convention.  The NOCRYPT doesn't fix this since
   wincrypt.h can be pulled in indirectly and unconditionally, for example
   via winldap.h -> schnlsp.h -> schannel.h -> wincrypt.h.  To fix this, we
   create a redundant define for CRYPT_MODE_ECB which produces a compile
   error if wincrypt.h is included after cryptlib.h.  Since thie will
   conflict with the enum, we have to place it after the CRYPT_MODE_xxx
   enums */

#if ( defined( _WINDOWS ) || defined( WIN32 ) || defined( _WIN32 ) || \
	  defined( __WIN32__ ) || defined( _WIN32_WCE ) ) && \
	  !defined( _SCCTK ) && !defined( _CVI_ )
  #define WIN32_LEAN_AND_MEAN	/* Skip RPC, OLE, Multimedia, etc */
  #define NOCRYPT				/* Disable include of wincrypt.h */
  #include <windows.h>

  /* Catch use of CryptoAPI and cryptlib at the same time */
  #if defined( CRYPT_MODE_ECB )
	#error "cryptlib.h and wincrypt.h can't both be used at the same time due to conflicting type names"
  #endif /* Clash with wincrypt.h defines */
#endif /* Windows other than a cross-development environment */

/* Machine-dependant types to allow use in special library types such as
   DLL's.  Under Win32 and BeOS we need to use the dllimport and dllexport
   directives for the DLL/shared-lib version so we define the type used for
   functions depending on whether we're being included via the cryptlib-
   internal crypt.h or not */

#if ( defined( WIN32 ) || defined( _WIN32 ) || defined( __WIN32__ ) || \
	  defined( _WIN32_WCE ) ) && !( defined( STATIC_LIB ) || defined( _SCCTK ) )
  #define C_PTR	*					/* General pointer */
  #if defined( _WIN32_WCE )
	/* Rather than relying on _UNICODE being defined (which would cause
	   problems if cryptlib is built with char * but the calling app is built
	   with wchar_t *), we always use the default native char type, which is
	   ASCII (or at least 8-bit) under Win32 and Unicode under WinCE */
	#define C_CHR wchar_t
  #else
	#define C_CHR char
  #endif /* WinCE vs. Win32 */
  #define C_STR C_CHR *
  #if defined( __BORLANDC__ ) && ( __BORLANDC__ < 0x500 )
	#ifdef _CRYPT_DEFINED
	  #define C_RET	int	_export _stdcall		/* BC++ DLL export ret.val.*/
	#else
	  #define C_RET	int	_import _stdcall		/* BC++ DLL import ret.val.*/
	#endif /* CRYPT_DEFINED */
  #else
	#ifdef _CRYPT_DEFINED
	  #define C_RET	__declspec( dllexport ) int	__stdcall	/* DLL export ret.val.*/
	#else
	  #define C_RET	__declspec( dllimport ) int	__stdcall	/* DLL import ret.val.*/
	#endif /* CRYPT_DEFINED */
  #endif /* BC++ vs.VC++ DLL functions */
#elif defined( _WINDOWS ) && !defined( STATIC_LIB )
  #define C_PTR	FAR *				/* DLL pointer */
  #define C_CHR char
  #define C_STR C_CHR FAR *			/* DLL string pointer */
  #define C_RET	int FAR PASCAL _export	/* DLL return value */
#elif defined( __BEOS__ )
/* #include <BeBuild.h>				// _EXPORT/_IMPORT defines */
  #define C_PTR *
  #define C_CHR char
  #define C_STR C_CHR *
  #ifdef _STATIC_LINKING
	#define C_RET int
  #else
	#ifdef _CRYPT_DEFINED
	  #define C_RET	__declspec( dllexport ) int	/* Shared lib export ret.val.*/
	#else
	  #define C_RET	__declspec( dllimport ) int	/* Shared lib import ret.val.*/
	#endif /* CRYPT_DEFINED */
  #endif /* Static vs. shared lib */
#else
  #define C_PTR	*
  #define C_CHR char
  #define C_STR C_CHR *
  #define C_RET	int
#endif /* Windows vs.everything else function types */

/* Symbolic defines to make it clearer how the function parameters behave */

#define C_IN	const				/* Input-only */
#define C_OUT						/* Output-only */
#define C_INOUT						/* Modified in-place */

#ifdef _CRYPTLIB_DEFINED			/* Disable use in non-C versions of header */

/* Alongside the externally visible types, cryptlib also has various internal
   types that are extended forms of the external types that are invisible
   to the user (e.g. SignedPublicKeyAndChallenge == certRequest).  These can
   only be used internally and are blocked by the security kernel, so they
   can never be accessed from outside cryptlib (in fact for good measure
   they're blocked before they even get to the kernel by preliminary range
   checks in the API wrapper functions).  The only reason they're defined
   here is because it's not possible to extend an enum outside the point
   where it's originally defined */

#endif /* _CRYPTLIB_DEFINED */

/****************************************************************************
*																			*
*							Algorithm and Object Types						*
*																			*
****************************************************************************/

/* Algorithm and mode types */

typedef enum {						/* Algorithms */
	/* No encryption */
	CRYPT_ALGO_NONE,				/* No encryption */

	/* Conventional encryption */
	CRYPT_ALGO_DES,					/* DES */
	CRYPT_ALGO_3DES,				/* Triple DES */
	CRYPT_ALGO_IDEA,				/* IDEA */
	CRYPT_ALGO_CAST,				/* CAST-128 */
	CRYPT_ALGO_RC2,					/* RC2 */
	CRYPT_ALGO_RC4,					/* RC4 */
	CRYPT_ALGO_RC5,					/* RC5 */
	CRYPT_ALGO_AES,					/* AES */
	CRYPT_ALGO_BLOWFISH,			/* Blowfish */
	CRYPT_ALGO_SKIPJACK,			/* Skipjack */

	/* Public-key encryption */
	CRYPT_ALGO_DH = 100,			/* Diffie-Hellman */
	CRYPT_ALGO_RSA,					/* RSA */
	CRYPT_ALGO_DSA,					/* DSA */
	CRYPT_ALGO_ELGAMAL,				/* ElGamal */
	CRYPT_ALGO_KEA,					/* KEA */

	/* Hash algorithms */
	CRYPT_ALGO_MD2 = 200,			/* MD2 */
	CRYPT_ALGO_MD4,					/* MD4 */
	CRYPT_ALGO_MD5,					/* MD5 */
	CRYPT_ALGO_SHA,					/* SHA/SHA1 */
	CRYPT_ALGO_RIPEMD160,			/* RIPE-MD 160 */
	CRYPT_ALGO_SHA2,				/* SHA2 (SHA-256/384/512)*/

	/* MAC's */
	CRYPT_ALGO_HMAC_MD5 = 300,		/* HMAC-MD5 */
	CRYPT_ALGO_HMAC_SHA,			/* HMAC-SHA */
	CRYPT_ALGO_HMAC_RIPEMD160,		/* HMAC-RIPEMD-160 */

	/* Vendors may want to use their own algorithms that aren't part of the
	   general cryptlib suite.  The following values are for vendor-defined
	   algorithms, and can be used just like the named algorithm types (it's
	   up to the vendor to keep track of what _VENDOR1 actually corresponds
	   to) */
#ifdef USE_VENDOR_ALGOS
	CRYPT_ALGO_VENDOR1 = 10000, CRYPT_ALGO_VENDOR2, CRYPT_ALGO_VENDOR3,
#endif /* USE_VENDOR_ALGOS */

	CRYPT_ALGO_LAST,				/* Last possible crypt algo value */

	/* In order that we can scan through a range of algorithms with
	   cryptQueryCapability(), we define the following boundary points for
	   each algorithm class */
	CRYPT_ALGO_FIRST_CONVENTIONAL = CRYPT_ALGO_DES,
	CRYPT_ALGO_LAST_CONVENTIONAL = CRYPT_ALGO_DH - 1,
	CRYPT_ALGO_FIRST_PKC = CRYPT_ALGO_DH,
	CRYPT_ALGO_LAST_PKC = CRYPT_ALGO_MD2 - 1,
	CRYPT_ALGO_FIRST_HASH = CRYPT_ALGO_MD2,
	CRYPT_ALGO_LAST_HASH = CRYPT_ALGO_HMAC_MD5 - 1,
	CRYPT_ALGO_FIRST_MAC = CRYPT_ALGO_HMAC_MD5,
	CRYPT_ALGO_LAST_MAC = CRYPT_ALGO_HMAC_MD5 + 99	/* End of mac algo.range */
	} CRYPT_ALGO_TYPE;

typedef enum {						/* Block cipher modes */
	CRYPT_MODE_NONE,				/* No encryption mode */
	CRYPT_MODE_ECB,					/* ECB */
	CRYPT_MODE_CBC,					/* CBC */
	CRYPT_MODE_CFB,					/* CFB */
	CRYPT_MODE_OFB,					/* OFB */
	CRYPT_MODE_LAST					/* Last possible crypt mode value */
	} CRYPT_MODE_TYPE;

#if ( defined( _WINDOWS ) || defined( WIN32 ) || defined( _WIN32 ) || \
	  defined( __WIN32__ ) ) && !defined( _SCCTK )
  /* Force an error if wincrypt.h is included after cryptlib.h, see note at
     the start of the file */
  #define CRYPT_MODE_ECB	1
#endif /* Windows other than a cross-development environment */

/* Keyset subtypes */

typedef enum {						/* Keyset types */
	CRYPT_KEYSET_NONE,				/* No keyset type */
	CRYPT_KEYSET_FILE,				/* Generic flat file keyset */
	CRYPT_KEYSET_HTTP,				/* Web page containing cert/CRL */
	CRYPT_KEYSET_LDAP,				/* LDAP directory service */
	CRYPT_KEYSET_ODBC,				/* Generic ODBC interface */
	CRYPT_KEYSET_DATABASE,			/* Generic RDBMS interface */
	CRYPT_KEYSET_PLUGIN,			/* Generic database plugin */
	CRYPT_KEYSET_ODBC_STORE,		/* ODBC certificate store */
	CRYPT_KEYSET_DATABASE_STORE,	/* Database certificate store */
	CRYPT_KEYSET_PLUGIN_STORE,		/* Database plugin certificate store */
	CRYPT_KEYSET_LAST				/* Last possible keyset type */

#ifdef _CRYPT_DEFINED
	/* Useful defines used internally for range checking */
	, CRYPT_FIRST_RDBMS = CRYPT_KEYSET_ODBC,
	CRYPT_LAST_RDBMS = CRYPT_KEYSET_PLUGIN_STORE
#endif /* _CRYPT_DEFINED */
	} CRYPT_KEYSET_TYPE;

/* Device subtypes */

typedef enum {						/* Crypto device types */
	CRYPT_DEVICE_NONE,				/* No crypto device */
	CRYPT_DEVICE_FORTEZZA,			/* Fortezza card */
	CRYPT_DEVICE_PKCS11,			/* PKCS #11 crypto token */
	CRYPT_DEVICE_CRYPTOAPI,			/* Microsoft CryptoAPI */
	CRYPT_DEVICE_LAST				/* Last possible crypto device type */
	} CRYPT_DEVICE_TYPE;

/* Certificate subtypes */

typedef enum {						/* Certificate object types */
	CRYPT_CERTTYPE_NONE,			/* No certificate type */
	CRYPT_CERTTYPE_CERTIFICATE,		/* Certificate */
	CRYPT_CERTTYPE_ATTRIBUTE_CERT,	/* Attribute certificate */
	CRYPT_CERTTYPE_CERTCHAIN,		/* PKCS #7 certificate chain */
	CRYPT_CERTTYPE_CERTREQUEST,		/* PKCS #10 certification request */
	CRYPT_CERTTYPE_REQUEST_CERT,	/* CRMF certification request */
	CRYPT_CERTTYPE_REQUEST_REVOCATION,	/* CRMF revocation request */
	CRYPT_CERTTYPE_CRL,				/* CRL */
	CRYPT_CERTTYPE_CMS_ATTRIBUTES,	/* CMS attributes */
	CRYPT_CERTTYPE_RTCS_REQUEST,	/* RTCS request */
	CRYPT_CERTTYPE_RTCS_RESPONSE,	/* RTCS response */
	CRYPT_CERTTYPE_OCSP_REQUEST,	/* OCSP request */
	CRYPT_CERTTYPE_OCSP_RESPONSE,	/* OCSP response */
	CRYPT_CERTTYPE_PKIUSER,			/* PKI user information */
#ifdef _CRYPT_DEFINED
	/* Alongside the usual types we can also wind up with various
	   certificate-bagging schemes such as cert chains and sequences that
	   can't be exported in this format and therefore aren't visible to the
	   user, but that need to be distinguished internally.  The following
	   types are only visible internally */
	CRYPT_ICERTTYPE_CMS_CERTSET,	/* CMS SET OF Certificate = cert chain */
	CRYPT_ICERTTYPE_SSL_CERTCHAIN,	/* SSL certificate chain = cert chain */
#endif /* _CRYPT_DEFINED */
	CRYPT_CERTTYPE_LAST				/* Last possible cert.type */
#ifdef _CRYPT_DEFINED
	, CRYPT_CERTTYPE_LAST_EXTERNAL = CRYPT_CERTTYPE_PKIUSER + 1
#endif /* _CRYPT_DEFINED */
	} CRYPT_CERTTYPE_TYPE;

/* Envelope/data format subtypes */

typedef enum {
	CRYPT_FORMAT_NONE,				/* No format type */
	CRYPT_FORMAT_AUTO,				/* Deenv, auto-determine type */
	CRYPT_FORMAT_CRYPTLIB,			/* cryptlib native format */
	CRYPT_FORMAT_CMS,				/* PKCS #7 / CMS / S/MIME fmt.*/
		CRYPT_FORMAT_PKCS7 = CRYPT_FORMAT_CMS,
	CRYPT_FORMAT_SMIME,				/* As CMS with MSG-style behaviour */
	CRYPT_FORMAT_PGP,				/* PGP format */
#ifdef _CRYPT_DEFINED
	/* Alongside the usual types we can also wind up with various protocol-
	   specific format types such as SSL and SSH.  The following types are
	   only visible internally */
	CRYPT_IFORMAT_SSL,				/* SSL format */
	CRYPT_IFORMAT_SSH,				/* SSH format */
#endif /* _CRYPT_DEFINED */
	CRYPT_FORMAT_LAST				/* Last possible format type */
#ifdef _CRYPT_DEFINED
	, CRYPT_FORMAT_LAST_EXTERNAL = CRYPT_FORMAT_PGP + 1
#endif /* _CRYPT_DEFINED */
	} CRYPT_FORMAT_TYPE;

/* Session subtypes */

typedef enum {
	CRYPT_SESSION_NONE,				/* No session type */
	CRYPT_SESSION_SSH,				/* SSH */