perlcryptlib.ph

cryptlib安全工具包

	# LDAP keyset options
	sub CRYPT_OPTION_KEYS_LDAP_OBJECTCLASS { 121 }	# Object class
	sub CRYPT_OPTION_KEYS_LDAP_OBJECTTYPE { 122 }	# Object type to fetch
	sub CRYPT_OPTION_KEYS_LDAP_FILTER { 123 }	# Query filter
	sub CRYPT_OPTION_KEYS_LDAP_CACERTNAME { 124 }	# CA certificate attribute name
	sub CRYPT_OPTION_KEYS_LDAP_CERTNAME { 125 }	# Certificate attribute name
	sub CRYPT_OPTION_KEYS_LDAP_CRLNAME { 126 }	# CRL attribute name
	sub CRYPT_OPTION_KEYS_LDAP_EMAILNAME { 127 }	# Email attribute name

	# Crypto device options
	sub CRYPT_OPTION_DEVICE_PKCS11_DVR01 { 128 }	# Name of first PKCS #11 driver
	sub CRYPT_OPTION_DEVICE_PKCS11_DVR02 { 129 }	# Name of second PKCS #11 driver
	sub CRYPT_OPTION_DEVICE_PKCS11_DVR03 { 130 }	# Name of third PKCS #11 driver
	sub CRYPT_OPTION_DEVICE_PKCS11_DVR04 { 131 }	# Name of fourth PKCS #11 driver
	sub CRYPT_OPTION_DEVICE_PKCS11_DVR05 { 132 }	# Name of fifth PKCS #11 driver
	sub CRYPT_OPTION_DEVICE_PKCS11_HARDWAREONLY { 133 }	# Use only hardware mechanisms

	# Network access options
	sub CRYPT_OPTION_NET_SOCKS_SERVER { 134 }	# Socks server name
	sub CRYPT_OPTION_NET_SOCKS_USERNAME { 135 }	# Socks user name
	sub CRYPT_OPTION_NET_HTTP_PROXY { 136 }	# Web proxy server
	sub CRYPT_OPTION_NET_CONNECTTIMEOUT { 137 }	# Timeout for network connection setup
	sub CRYPT_OPTION_NET_READTIMEOUT { 138 }	# Timeout for network reads
	sub CRYPT_OPTION_NET_WRITETIMEOUT { 139 }	# Timeout for network writes

	# Miscellaneous options
	sub CRYPT_OPTION_MISC_ASYNCINIT { 140 }	# Whether to init cryptlib async'ly
	sub CRYPT_OPTION_MISC_SIDECHANNELPROTECTION { 141 }	# Protect against side-channel attacks

	# cryptlib state information
	sub CRYPT_OPTION_CONFIGCHANGED { 142 }	# Whether in-mem.opts match on-disk ones
	sub CRYPT_OPTION_SELFTESTOK { 143 }	# Whether self-test was completed and OK

	# Used internally
	sub CRYPT_OPTION_LAST { 1000 }
	sub CRYPT_CTXINFO_FIRST { 1000 }

	# ********************
	# Context attributes
	# ********************

	# Algorithm and mode information
	sub CRYPT_CTXINFO_ALGO { 1001 }	# Algorithm
	sub CRYPT_CTXINFO_MODE { 1002 }	# Mode
	sub CRYPT_CTXINFO_NAME_ALGO { 1003 }	# Algorithm name
	sub CRYPT_CTXINFO_NAME_MODE { 1004 }	# Mode name
	sub CRYPT_CTXINFO_KEYSIZE { 1005 }	# Key size in bytes
	sub CRYPT_CTXINFO_BLOCKSIZE { 1006 }	# Block size
	sub CRYPT_CTXINFO_IVSIZE { 1007 }	# IV size
	sub CRYPT_CTXINFO_KEYING_ALGO { 1008 }	# Key processing algorithm
	sub CRYPT_CTXINFO_KEYING_ITERATIONS { 1009 }	# Key processing iterations
	sub CRYPT_CTXINFO_KEYING_SALT { 1010 }	# Key processing salt
	sub CRYPT_CTXINFO_KEYING_VALUE { 1011 }	# Value used to derive key

	# State information
	sub CRYPT_CTXINFO_KEY { 1012 }	# Key
	sub CRYPT_CTXINFO_KEY_COMPONENTS { 1013 }	# Public-key components
	sub CRYPT_CTXINFO_IV { 1014 }	# IV
	sub CRYPT_CTXINFO_HASHVALUE { 1015 }	# Hash value

	# Misc.information
	sub CRYPT_CTXINFO_LABEL { 1016 }	# Label for private/secret key
	sub CRYPT_CTXINFO_PERSISTENT { 1017 }	# Obj.is backed by device or keyset

	# Used internally
	sub CRYPT_CTXINFO_LAST { 2000 }
	sub CRYPT_CERTINFO_FIRST { 2000 }

	# ************************
	# Certificate attributes
	# ************************

	# Because there are so many cert attributes, we break them down into
	# blocks to minimise the number of values that change if a new one is
	# added halfway through

	# Pseudo-information on a cert object or meta-information which is used
	# to control the way that a cert object is processed
	sub CRYPT_CERTINFO_SELFSIGNED { 2001 }	# Cert is self-signed
	sub CRYPT_CERTINFO_IMMUTABLE { 2002 }	# Cert is signed and immutable
	sub CRYPT_CERTINFO_XYZZY { 2003 }	# Cert is a magic just-works cert
	sub CRYPT_CERTINFO_CERTTYPE { 2004 }	# Certificate object type
	sub CRYPT_CERTINFO_FINGERPRINT { 2005 }	# Certificate fingerprints
	sub CRYPT_CERTINFO_FINGERPRINT_MD5 { CRYPT_CERTINFO_FINGERPRINT }
	sub CRYPT_CERTINFO_FINGERPRINT_SHA { 2006 }
	sub CRYPT_CERTINFO_CURRENT_CERTIFICATE { 2007 }	# Cursor mgt: Rel.pos in chain/CRL/OCSP
	sub CRYPT_CERTINFO_TRUSTED_USAGE { 2008 }	# Usage that cert is trusted for
	sub CRYPT_CERTINFO_TRUSTED_IMPLICIT { 2009 }	# Whether cert is implicitly trusted
	sub CRYPT_CERTINFO_SIGNATURELEVEL { 2010 }	# Amount of detail to include in sigs.

	# General certificate object information
	sub CRYPT_CERTINFO_VERSION { 2011 }	# Cert.format version
	sub CRYPT_CERTINFO_SERIALNUMBER { 2012 }	# Serial number
	sub CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO { 2013 }	# Public key
	sub CRYPT_CERTINFO_CERTIFICATE { 2014 }	# User certificate
	sub CRYPT_CERTINFO_USERCERTIFICATE { CRYPT_CERTINFO_CERTIFICATE }
	sub CRYPT_CERTINFO_CACERTIFICATE { 2015 }	# CA certificate
	sub CRYPT_CERTINFO_ISSUERNAME { 2016 }	# Issuer DN
	sub CRYPT_CERTINFO_VALIDFROM { 2017 }	# Cert valid-from time
	sub CRYPT_CERTINFO_VALIDTO { 2018 }	# Cert valid-to time
	sub CRYPT_CERTINFO_SUBJECTNAME { 2019 }	# Subject DN
	sub CRYPT_CERTINFO_ISSUERUNIQUEID { 2020 }	# Issuer unique ID
	sub CRYPT_CERTINFO_SUBJECTUNIQUEID { 2021 }	# Subject unique ID
	sub CRYPT_CERTINFO_CERTREQUEST { 2022 }	# Cert.request (DN + public key)
	sub CRYPT_CERTINFO_THISUPDATE { 2023 }	# CRL/OCSP current-update time
	sub CRYPT_CERTINFO_NEXTUPDATE { 2024 }	# CRL/OCSP next-update time
	sub CRYPT_CERTINFO_REVOCATIONDATE { 2025 }	# CRL/OCSP cert-revocation time
	sub CRYPT_CERTINFO_REVOCATIONSTATUS { 2026 }	# OCSP revocation status
	sub CRYPT_CERTINFO_CERTSTATUS { 2027 }	# RTCS certificate status
	sub CRYPT_CERTINFO_DN { 2028 }	# Currently selected DN in string form
	sub CRYPT_CERTINFO_PKIUSER_ID { 2029 }	# PKI user ID
	sub CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD { 2030 }	# PKI user issue password
	sub CRYPT_CERTINFO_PKIUSER_REVPASSWORD { 2031 }	# PKI user revocation password

	# X.520 Distinguished Name components.  This is a composite field, the
	# DN to be manipulated is selected through the addition of a
	# pseudocomponent, and then one of the following is used to access the
	# DN components directly
	sub CRYPT_CERTINFO_COUNTRYNAME { CRYPT_CERTINFO_FIRST + 100 }	# countryName
	sub CRYPT_CERTINFO_STATEORPROVINCENAME { 2032 }	# stateOrProvinceName
	sub CRYPT_CERTINFO_LOCALITYNAME { 2033 }	# localityName
	sub CRYPT_CERTINFO_ORGANIZATIONNAME { 2034 }	# organizationName
	sub CRYPT_CERTINFO_ORGANISATIONNAME { CRYPT_CERTINFO_ORGANIZATIONNAME }
	sub CRYPT_CERTINFO_ORGANIZATIONALUNITNAME { 2035 }	# organizationalUnitName
	sub CRYPT_CERTINFO_ORGANISATIONALUNITNAME { CRYPT_CERTINFO_ORGANIZATIONALUNITNAME }
	sub CRYPT_CERTINFO_COMMONNAME { 2036 }	# commonName

	# X.509 General Name components.  These are handled in the same way as
	# the DN composite field, with the current GeneralName being selected by
	# a pseudo-component after which the individual components can be
	# modified through one of the following
	sub CRYPT_CERTINFO_OTHERNAME_TYPEID { 2037 }	# otherName.typeID
	sub CRYPT_CERTINFO_OTHERNAME_VALUE { 2038 }	# otherName.value
	sub CRYPT_CERTINFO_RFC822NAME { 2039 }	# rfc822Name
	sub CRYPT_CERTINFO_EMAIL { CRYPT_CERTINFO_RFC822NAME }
	sub CRYPT_CERTINFO_DNSNAME { 2040 }	# dNSName
	sub CRYPT_CERTINFO_DIRECTORYNAME { 2041 }	# directoryName
	sub CRYPT_CERTINFO_EDIPARTYNAME_NAMEASSIGNER { 2042 }	# ediPartyName.nameAssigner
	sub CRYPT_CERTINFO_EDIPARTYNAME_PARTYNAME { 2043 }	# ediPartyName.partyName
	sub CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER { 2044 }	# uniformResourceIdentifier
	sub CRYPT_CERTINFO_IPADDRESS { 2045 }	# iPAddress
	sub CRYPT_CERTINFO_REGISTEREDID { 2046 }	# registeredID

	# X.509 certificate extensions.  Although it would be nicer to use names
	# that match the extensions more closely (e.g.
	# CRYPT_CERTINFO_BASICCONSTRAINTS_PATHLENCONSTRAINT), these exceed the
	# 32-character ANSI minimum length for unique names, and get really
	# hairy once you get into the weird policy constraints extensions whose
	# names wrap around the screen about three times.

	# The following values are defined in OID order, this isn't absolutely
	# necessary but saves an extra layer of processing when encoding them

	# 1 2 840 113549 1 9 7 challengePassword.  This is here even though it's
	# a CMS attribute because SCEP stuffs it into PKCS #10 requests
	sub CRYPT_CERTINFO_CHALLENGEPASSWORD { CRYPT_CERTINFO_FIRST + 200 }

	# 1 3 6 1 4 1 3029 3 1 4 cRLExtReason
	sub CRYPT_CERTINFO_CRLEXTREASON { 2047 }

	# 1 3 6 1 4 1 3029 3 1 5 keyFeatures
	sub CRYPT_CERTINFO_KEYFEATURES { 2048 }

	# 1 3 6 1 5 5 7 1 1 authorityInfoAccess
	sub CRYPT_CERTINFO_AUTHORITYINFOACCESS { 2049 }
	sub CRYPT_CERTINFO_AUTHORITYINFO_RTCS { 2050 }	# accessDescription.accessLocation
	sub CRYPT_CERTINFO_AUTHORITYINFO_OCSP { 2051 }	# accessDescription.accessLocation
	sub CRYPT_CERTINFO_AUTHORITYINFO_CAISSUERS { 2052 }	# accessDescription.accessLocation
	sub CRYPT_CERTINFO_AUTHORITYINFO_CERTSTORE { 2053 }	# accessDescription.accessLocation
	sub CRYPT_CERTINFO_AUTHORITYINFO_CRLS { 2054 }	# accessDescription.accessLocation

	# 1 3 6 1 5 5 7 1 2 biometricInfo
	sub CRYPT_CERTINFO_BIOMETRICINFO { 2055 }
	sub CRYPT_CERTINFO_BIOMETRICINFO_TYPE { 2056 }	# biometricData.typeOfData
	sub CRYPT_CERTINFO_BIOMETRICINFO_HASHALGO { 2057 }	# biometricData.hashAlgorithm
	sub CRYPT_CERTINFO_BIOMETRICINFO_HASH { 2058 }	# biometricData.dataHash
	sub CRYPT_CERTINFO_BIOMETRICINFO_URL { 2059 }	# biometricData.sourceDataUri

	# 1 3 6 1 5 5 7 1 3 qcStatements
	sub CRYPT_CERTINFO_QCSTATEMENT { 2060 }
	sub CRYPT_CERTINFO_QCSTATEMENT_SEMANTICS { 2061 }
	# qcStatement.statementInfo.semanticsIdentifier
	sub CRYPT_CERTINFO_QCSTATEMENT_REGISTRATIONAUTHORITY { 2062 }
	# qcStatement.statementInfo.nameRegistrationAuthorities

	# 1 3 6 1 5 5 7 48 1 2 ocspNonce
	sub CRYPT_CERTINFO_OCSP_NONCE { 2063 }	# nonce

	# 1 3 6 1 5 5 7 48 1 4 ocspAcceptableResponses
	sub CRYPT_CERTINFO_OCSP_RESPONSE { 2064 }
	sub CRYPT_CERTINFO_OCSP_RESPONSE_OCSP { 2065 }	# OCSP standard response

	# 1 3 6 1 5 5 7 48 1 5 ocspNoCheck
	sub CRYPT_CERTINFO_OCSP_NOCHECK { 2066 }

	# 1 3 6 1 5 5 7 48 1 6 ocspArchiveCutoff
	sub CRYPT_CERTINFO_OCSP_ARCHIVECUTOFF { 2067 }

	# 1 3 6 1 5 5 7 48 1 11 subjectInfoAccess
	sub CRYPT_CERTINFO_SUBJECTINFOACCESS { 2068 }
	sub CRYPT_CERTINFO_SUBJECTINFO_CAREPOSITORY { 2069 }	# accessDescription.accessLocation
	sub CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING { 2070 }	# accessDescription.accessLocation

	# 1 3 36 8 3 1 siggDateOfCertGen
	sub CRYPT_CERTINFO_SIGG_DATEOFCERTGEN { 2071 }

	# 1 3 36 8 3 2 siggProcuration
	sub CRYPT_CERTINFO_SIGG_PROCURATION { 2072 }
	sub CRYPT_CERTINFO_SIGG_PROCURE_COUNTRY { 2073 }	# country
	sub CRYPT_CERTINFO_SIGG_PROCURE_TYPEOFSUBSTITUTION { 2074 }	# typeOfSubstitution
	sub CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR { 2075 }	# signingFor.thirdPerson

	# 1 3 36 8 3 4 siggMonetaryLimit
	sub CRYPT_CERTINFO_SIGG_MONETARYLIMIT { 2076 }
	sub CRYPT_CERTINFO_SIGG_MONETARY_CURRENCY { 2077 }	# currency
	sub CRYPT_CERTINFO_SIGG_MONETARY_AMOUNT { 2078 }	# amount
	sub CRYPT_CERTINFO_SIGG_MONETARY_EXPONENT { 2079 }	# exponent

	# 1 3 36 8 3 8 siggRestriction
	sub CRYPT_CERTINFO_SIGG_RESTRICTION { 2080 }

	# 1 3 101 1 4 1 strongExtranet
	sub CRYPT_CERTINFO_STRONGEXTRANET { 2081 }
	sub CRYPT_CERTINFO_STRONGEXTRANET_ZONE { 2082 }	# sxNetIDList.sxNetID.zone
	sub CRYPT_CERTINFO_STRONGEXTRANET_ID { 2083 }	# sxNetIDList.sxNetID.id

	# 2 5 29 9 subjectDirectoryAttributes
	sub CRYPT_CERTINFO_SUBJECTDIRECTORYATTRIBUTES { 2084 }
	sub CRYPT_CERTINFO_SUBJECTDIR_TYPE { 2085 }	# attribute.type
	sub CRYPT_CERTINFO_SUBJECTDIR_VALUES { 2086 }	# attribute.values

	# 2 5 29 14 subjectKeyIdentifier
	sub CRYPT_CERTINFO_SUBJECTKEYIDENTIFIER { 2087 }

	# 2 5 29 15 keyUsage
	sub CRYPT_CERTINFO_KEYUSAGE { 2088 }

	# 2 5 29 16 privateKeyUsagePeriod
	sub CRYPT_CERTINFO_PRIVATEKEYUSAGEPERIOD { 2089 }
	sub CRYPT_CERTINFO_PRIVATEKEY_NOTBEFORE { 2090 }	# notBefore
	sub CRYPT_CERTINFO_PRIVATEKEY_NOTAFTER { 2091 }	# notAfter

	# 2 5 29 17 subjectAltName
	sub CRYPT_CERTINFO_SUBJECTALTNAME { 2092 }

	# 2 5 29 18 issuerAltName
	sub CRYPT_CERTINFO_ISSUERALTNAME { 2093 }

	# 2 5 29 19 basicConstraints
	sub CRYPT_CERTINFO_BASICCONSTRAINTS { 2094 }
	sub CRYPT_CERTINFO_CA { 2095 }	# cA
	sub CRYPT_CERTINFO_AUTHORITY { CRYPT_CERTINFO_CA }
	sub CRYPT_CERTINFO_PATHLENCONSTRAINT { 2096 }	# pathLenConstraint

	# 2 5 29 20 cRLNumber
	sub CRYPT_CERTINFO_CRLNUMBER { 2097 }

	# 2 5 29 21 cRLReason
	sub CRYPT_CERTINFO_CRLREASON { 2098 }

	# 2 5 29 23 holdInstructionCode
	sub CRYPT_CERTINFO_HOLDINSTRUCTIONCODE { 2099 }

	# 2 5 29 24 invalidityDate
	sub CRYPT_CERTINFO_INVALIDITYDATE { 2100 }

	# 2 5 29 27 deltaCRLIndicator
	sub CRYPT_CERTINFO_DELTACRLINDICATOR { 2101 }

	# 2 5 29 28 issuingDistributionPoint
	sub CRYPT_CERTINFO_ISSUINGDISTRIBUTIONPOINT { 2102 }
	sub CRYPT_CERTINFO_ISSUINGDIST_FULLNAME { 2103 }	# distributionPointName.fullName
	sub CRYPT_CERTINFO_ISSUINGDIST_USERCERTSONLY { 2104 }	# onlyContainsUserCerts
	sub CRYPT_CERTINFO_ISSUINGDIST_CACERTSONLY { 2105 }	# onlyContainsCACerts
	sub CRYPT_CERTINFO_ISSUINGDIST_SOMEREASONSONLY { 2106 }	# onlySomeReasons
	sub CRYPT_CERTINFO_ISSUINGDIST_INDIRECTCRL { 2107 }	# indirectCRL

	# 2 5 29 29 certificateIssuer
	sub CRYPT_CERTINFO_CERTIFICATEISSUER { 2108 }

	# 2 5 29 30 nameConstraints
	sub CRYPT_CERTINFO_NAMECONSTRAINTS { 2109 }
	sub CRYPT_CERTINFO_PERMITTEDSUBTREES { 2110 }	# permittedSubtrees
	sub CRYPT_CERTINFO_EXCLUDEDSUBTREES { 2111 }	# excludedSubtrees

	# 2 5 29 31 cRLDistributionPoint
	sub CRYPT_CERTINFO_CRLDISTRIBUTIONPOINT { 2112 }
	sub CRYPT_CERTINFO_CRLDIST_FULLNAME { 2113 }	# distributionPointName.fullName
	sub CRYPT_CERTINFO_CRLDIST_REASONS { 2114 }	# reasons
	sub CRYPT_CERTINFO_CRLDIST_CRLISSUER { 2115 }	# cRLIssuer

	# 2 5 29 32 certificatePolicies
	sub CRYPT_CERTINFO_CERTIFICATEPOLICIES { 2116 }
	sub CRYPT_CERTINFO_CERTPOLICYID { 2117 }	# policyInformation.policyIdentifier
	sub CRYPT_CERTINFO_CERTPOLICY_CPSURI { 2118 }
	# policyInformation.policyQualifiers.qualifier.cPSuri
	sub CRYPT_CERTINFO_CERTPOLICY_ORGANIZATION { 2119 }
	# policyInformation.policyQualifiers.qualifier.userNotice.noticeRef.organization
	sub CRYPT_CERTINFO_CERTPOLICY_NOTICENUMBERS { 2120 }
	# policyInformation.policyQualifiers.qualifier.userNotice.noticeRef.noticeNumbers
	sub CRYPT_CERTINFO_CERTPOLICY_EXPLICITTEXT { 2121 }
	# policyInformation.policyQualifiers.qualifier.userNotice.explicitText

	# 2 5 29 33 policyMappings
	sub CRYPT_CERTINFO_POLICYMAPPINGS { 2122 }
	sub CRYPT_CERTINFO_ISSUERDOMAINPOLICY { 2123 }	# policyMappings.issuerDomainPolicy
	sub CRYPT_CERTINFO_SUBJECTDOMAINPOLICY { 2124 }	# policyMappings.subjectDomainPolicy

	# 2 5 29 35 authorityKeyIdentifier
	sub CRYPT_CERTINFO_AUTHORITYKEYIDENTIFIER { 2125 }
	sub CRYPT_CERTINFO_AUTHORITY_KEYIDENTIFIER { 2126 }	# keyIdentifier
	sub CRYPT_CERTINFO_AUTHORITY_CERTISSUER { 2127 }	# authorityCertIssuer
	sub CRYPT_CERTINFO_AUTHORITY_CERTSERIALNUMBER { 2128 }	# authorityCertSerialNumber

	# 2 5 29 36 policyConstraints
	sub CRYPT_CERTINFO_POLICYCONSTRAINTS { 2129 }
	sub CRYPT_CERTINFO_REQUIREEXPLICITPOLICY { 2130 }	# policyConstraints.requireExplicitPolicy
	sub CRYPT_CERTINFO_INHIBITPOLICYMAPPING { 2131 }	# policyConstraints.inhibitPolicyMapping