perlcryptlib.ph

cryptlib安全工具包

	sub CRYPT_USERINFO_CAKEY_RTCSSIGN { 7004 }	# CA RTCS signing key
	sub CRYPT_USERINFO_CAKEY_OCSPSIGN { 7005 }	# CA OCSP signing key

	# Used internally for range checking
	sub CRYPT_USERINFO_LAST { CRYPT_USERINFO_LAST }
	sub CRYPT_ATTRIBUTE_LAST { CRYPT_USERINFO_LAST }



##### END ENUM CRYPT_ATTRIBUTE_TYPE

#****************************************************************************
#*                                                                           *
#*                       Attribute Subtypes and Related Values               *
#*                                                                           *
#****************************************************************************

# Flags for the X.509 keyUsage extension 

	sub CRYPT_KEYUSAGE_NONE { 0x000 }
	sub CRYPT_KEYUSAGE_DIGITALSIGNATURE { 0x001 }
	sub CRYPT_KEYUSAGE_NONREPUDIATION { 0x002 }
	sub CRYPT_KEYUSAGE_KEYENCIPHERMENT { 0x004 }
	sub CRYPT_KEYUSAGE_DATAENCIPHERMENT { 0x008 }
	sub CRYPT_KEYUSAGE_KEYAGREEMENT { 0x010 }
	sub CRYPT_KEYUSAGE_KEYCERTSIGN { 0x020 }
	sub CRYPT_KEYUSAGE_CRLSIGN { 0x040 }
	sub CRYPT_KEYUSAGE_ENCIPHERONLY { 0x080 }
	sub CRYPT_KEYUSAGE_DECIPHERONLY { 0x100 }
	sub CRYPT_KEYUSAGE_LAST { 0x200 }   # Last possible value 

# X.509 cRLReason and cryptlib cRLExtReason codes 

  sub CRYPT_CRLREASON_UNSPECIFIED { 0 }
  sub CRYPT_CRLREASON_KEYCOMPROMISE { 1 }
  sub CRYPT_CRLREASON_CACOMPROMISE { 2 }
  sub CRYPT_CRLREASON_AFFILIATIONCHANGED { 3 }
  sub CRYPT_CRLREASON_SUPERSEDED { 4 }
  sub CRYPT_CRLREASON_CESSATIONOFOPERATION { 5 }
  sub CRYPT_CRLREASON_CERTIFICATEHOLD { 6 }
  sub CRYPT_CRLREASON_REMOVEFROMCRL { 8 }
  sub CRYPT_CRLREASON_PRIVILEGEWITHDRAWN { 9 }
  sub CRYPT_CRLREASON_AACOMPROMISE { 10 }
  sub CRYPT_CRLREASON_LAST { 11 }
  sub CRYPT_CRLREASON_NEVERVALID { 20 }
  sub CRYPT_CRLEXTREASON_LAST  { 21 }


#  X.509 CRL reason flags.  These identify the same thing as the cRLReason
#  codes but allow for multiple reasons to be specified.  Note that these
#  don't follow the X.509 naming since in that scheme the enumerated types
#  and bitflags have the same names 

	sub CRYPT_CRLREASONFLAG_UNUSED { 0x001 }
	sub CRYPT_CRLREASONFLAG_KEYCOMPROMISE { 0x002 }
	sub CRYPT_CRLREASONFLAG_CACOMPROMISE { 0x004 }
	sub CRYPT_CRLREASONFLAG_AFFILIATIONCHANGED { 0x008 }
	sub CRYPT_CRLREASONFLAG_SUPERSEDED { 0x010 }
	sub CRYPT_CRLREASONFLAG_CESSATIONOFOPERATION { 0x020 }
	sub CRYPT_CRLREASONFLAG_CERTIFICATEHOLD { 0x040 }
	sub CRYPT_CRLREASONFLAG_LAST { 0x080 }   # Last poss.value 

# X.509 CRL holdInstruction codes 

  sub CRYPT_HOLDINSTRUCTION_NONE { 0 }
  sub CRYPT_HOLDINSTRUCTION_CALLISSUER { 1 }
  sub CRYPT_HOLDINSTRUCTION_REJECT { 2 }
  sub CRYPT_HOLDINSTRUCTION_PICKUPTOKEN { 3 }
  sub CRYPT_HOLDINSTRUCTION_LAST  { 4 }


# Certificate checking compliance levels 

  sub CRYPT_COMPLIANCELEVEL_OBLIVIOUS { 0 }
  sub CRYPT_COMPLIANCELEVEL_REDUCED { 1 }
  sub CRYPT_COMPLIANCELEVEL_STANDARD { 2 }
  sub CRYPT_COMPLIANCELEVEL_PKIX_PARTIAL { 3 }
  sub CRYPT_COMPLIANCELEVEL_PKIX_FULL { 4 }
  sub CRYPT_COMPLIANCELEVEL_LAST  { 5 }


# Flags for the Netscape netscape-cert-type extension 

	sub CRYPT_NS_CERTTYPE_SSLCLIENT { 0x001 }
	sub CRYPT_NS_CERTTYPE_SSLSERVER { 0x002 }
	sub CRYPT_NS_CERTTYPE_SMIME { 0x004 }
	sub CRYPT_NS_CERTTYPE_OBJECTSIGNING { 0x008 }
	sub CRYPT_NS_CERTTYPE_RESERVED { 0x010 }
	sub CRYPT_NS_CERTTYPE_SSLCA { 0x020 }
	sub CRYPT_NS_CERTTYPE_SMIMECA { 0x040 }
	sub CRYPT_NS_CERTTYPE_OBJECTSIGNINGCA { 0x080 }
	sub CRYPT_NS_CERTTYPE_LAST { 0x100 }   # Last possible value 

# Flags for the SET certificate-type extension 

	sub CRYPT_SET_CERTTYPE_CARD { 0x001 }
	sub CRYPT_SET_CERTTYPE_MER { 0x002 }
	sub CRYPT_SET_CERTTYPE_PGWY { 0x004 }
	sub CRYPT_SET_CERTTYPE_CCA { 0x008 }
	sub CRYPT_SET_CERTTYPE_MCA { 0x010 }
	sub CRYPT_SET_CERTTYPE_PCA { 0x020 }
	sub CRYPT_SET_CERTTYPE_GCA { 0x040 }
	sub CRYPT_SET_CERTTYPE_BCA { 0x080 }
	sub CRYPT_SET_CERTTYPE_RCA { 0x100 }
	sub CRYPT_SET_CERTTYPE_ACQ { 0x200 }
	sub CRYPT_SET_CERTTYPE_LAST { 0x400 }   # Last possible value 

# CMS contentType values 

##### BEGIN ENUM CRYPT_CONTENT_TYPE
	sub CRYPT_CONTENT_NONE { 0 }
	sub CRYPT_CONTENT_DATA { 0 }
	sub CRYPT_CONTENT_SIGNEDDATA { 1 }
	sub CRYPT_CONTENT_ENVELOPEDDATA { 1 }
	sub CRYPT_CONTENT_SIGNEDANDENVELOPEDDATA { 2 }
	sub CRYPT_CONTENT_DIGESTEDDATA { 3 }
	sub CRYPT_CONTENT_ENCRYPTEDDATA { 3 }
	sub CRYPT_CONTENT_COMPRESSEDDATA { 4 }
	sub CRYPT_CONTENT_AUTHDATA { 4 }
	sub CRYPT_CONTENT_AUTHENVDATA { 5 }
	sub CRYPT_CONTENT_TSTINFO { 5 }
	sub CRYPT_CONTENT_SPCINDIRECTDATACONTEXT { 6 }
	sub CRYPT_CONTENT_RTCSREQUEST { 7 }
	sub CRYPT_CONTENT_RTCSRESPONSE { 7 }
	sub CRYPT_CONTENT_RTCSRESPONSE_EXT { 8 }
	sub CRYPT_CONTENT_LAST { 8 }


##### END ENUM CRYPT_CONTENT_TYPE

# ESS securityClassification codes 

  sub CRYPT_CLASSIFICATION_UNMARKED { 0 }
  sub CRYPT_CLASSIFICATION_UNCLASSIFIED { 1 }
  sub CRYPT_CLASSIFICATION_RESTRICTED { 2 }
  sub CRYPT_CLASSIFICATION_CONFIDENTIAL { 3 }
  sub CRYPT_CLASSIFICATION_SECRET { 4 }
  sub CRYPT_CLASSIFICATION_TOP_SECRET { 5 }
  sub CRYPT_CLASSIFICATION_LAST { 255 }


# RTCS certificate status 

  sub CRYPT_CERTSTATUS_VALID { 0 }
  sub CRYPT_CERTSTATUS_NOTVALID { 1 }
  sub CRYPT_CERTSTATUS_NONAUTHORITATIVE { 2 }
  sub CRYPT_CERTSTATUS_UNKNOWN  { 3 }


# OCSP revocation status 

  sub CRYPT_OCSPSTATUS_NOTREVOKED { 0 }
  sub CRYPT_OCSPSTATUS_REVOKED { 1 }
  sub CRYPT_OCSPSTATUS_UNKNOWN  { 2 }


#  The amount of detail to include in signatures when signing certificate
#  objects 

##### BEGIN ENUM CRYPT_SIGNATURELEVEL_TYPE

	sub CRYPT_SIGNATURELEVEL_NONE { 0 }	# Include only signature
	sub CRYPT_SIGNATURELEVEL_SIGNERCERT { 1 }	# Include signer cert
	sub CRYPT_SIGNATURELEVEL_ALL { 2 }	# Include all relevant info
	sub CRYPT_SIGNATURELEVEL_LAST { 3 }	# Last possible sig.level type


##### END ENUM CRYPT_SIGNATURELEVEL_TYPE

#  The level of integrity protection to apply to enveloped data.  The 
#  default envelope protection for an envelope with keying information 
#  applied is encryption, this can be modified to use MAC-only protection
#  (with no encryption) or hybrid encryption + authentication 

##### BEGIN ENUM CRYPT_INTEGRITY_TYPE

	sub CRYPT_INTEGRITY_NONE { 0 }	# No integrity protection
	sub CRYPT_INTEGRITY_MACONLY { 1 }	# MAC only, no encryption
	sub CRYPT_INTEGRITY_FULL { 2 }	# Encryption + ingerity protection


##### END ENUM CRYPT_INTEGRITY_TYPE

#  The certificate export format type, which defines the format in which a
#  certificate object is exported 

##### BEGIN ENUM CRYPT_CERTFORMAT_TYPE

	sub CRYPT_CERTFORMAT_NONE { 0 }	# No certificate format
	sub CRYPT_CERTFORMAT_CERTIFICATE { 1 }	# DER-encoded certificate
	sub CRYPT_CERTFORMAT_CERTCHAIN { 2 }	# PKCS #7 certificate chain
	sub CRYPT_CERTFORMAT_TEXT_CERTIFICATE { 3 }	# base-64 wrapped cert
	sub CRYPT_CERTFORMAT_TEXT_CERTCHAIN { 4 }	# base-64 wrapped cert chain
	sub CRYPT_CERTFORMAT_XML_CERTIFICATE { 5 }	# XML wrapped cert
	sub CRYPT_CERTFORMAT_XML_CERTCHAIN { 6 }	# XML wrapped cert chain
	sub CRYPT_CERTFORMAT_LAST { 7 }	# Last possible cert.format type


##### END ENUM CRYPT_CERTFORMAT_TYPE

# CMP request types 

##### BEGIN ENUM CRYPT_REQUESTTYPE_TYPE

	sub CRYPT_REQUESTTYPE_NONE { 0 }	# No request type
	sub CRYPT_REQUESTTYPE_INITIALISATION { 1 }	# Initialisation request
	sub CRYPT_REQUESTTYPE_INITIALIZATION { CRYPT_REQUESTTYPE_INITIALISATION }
	sub CRYPT_REQUESTTYPE_CERTIFICATE { 2 }	# Certification request
	sub CRYPT_REQUESTTYPE_KEYUPDATE { 3 }	# Key update request
	sub CRYPT_REQUESTTYPE_REVOCATION { 4 }	# Cert revocation request
	sub CRYPT_REQUESTTYPE_PKIBOOT { 5 }	# PKIBoot request
	sub CRYPT_REQUESTTYPE_LAST { 6 }	# Last possible request type


##### END ENUM CRYPT_REQUESTTYPE_TYPE

# Key ID types 

##### BEGIN ENUM CRYPT_KEYID_TYPE

	sub CRYPT_KEYID_NONE { 0 }	# No key ID type
	sub CRYPT_KEYID_NAME { 1 }	# Key owner name
	sub CRYPT_KEYID_URI { 2 }	# Key owner URI
	sub CRYPT_KEYID_EMAIL { CRYPT_KEYID_URI }	# Synonym: owner email addr.
	sub CRYPT_KEYID_LAST { 3 }	# Last possible key ID type


##### END ENUM CRYPT_KEYID_TYPE

# The encryption object types 

##### BEGIN ENUM CRYPT_OBJECT_TYPE

	sub CRYPT_OBJECT_NONE { 0 }	# No object type
	sub CRYPT_OBJECT_ENCRYPTED_KEY { 1 }	# Conventionally encrypted key
	sub CRYPT_OBJECT_PKCENCRYPTED_KEY { 2 }	# PKC-encrypted key
	sub CRYPT_OBJECT_KEYAGREEMENT { 3 }	# Key agreement information
	sub CRYPT_OBJECT_SIGNATURE { 4 }	# Signature
	sub CRYPT_OBJECT_LAST { 5 }	# Last possible object type


##### END ENUM CRYPT_OBJECT_TYPE

# Object/attribute error type information 

##### BEGIN ENUM CRYPT_ERRTYPE_TYPE

	sub CRYPT_ERRTYPE_NONE { 0 }	# No error information
	sub CRYPT_ERRTYPE_ATTR_SIZE { 1 }	# Attribute data too small or large
	sub CRYPT_ERRTYPE_ATTR_VALUE { 2 }	# Attribute value is invalid
	sub CRYPT_ERRTYPE_ATTR_ABSENT { 3 }	# Required attribute missing
	sub CRYPT_ERRTYPE_ATTR_PRESENT { 4 }	# Non-allowed attribute present
	sub CRYPT_ERRTYPE_CONSTRAINT { 5 }	# Cert: Constraint violation in object
	sub CRYPT_ERRTYPE_ISSUERCONSTRAINT { 6 }	# Cert: Constraint viol.in issuing cert
	sub CRYPT_ERRTYPE_LAST { 7 }	# Last possible error info type


##### END ENUM CRYPT_ERRTYPE_TYPE

# Cert store management action type 

##### BEGIN ENUM CRYPT_CERTACTION_TYPE

	sub CRYPT_CERTACTION_NONE { 0 }	# No cert management action
	sub CRYPT_CERTACTION_CREATE { 1 }	# Create cert store
	sub CRYPT_CERTACTION_CONNECT { 2 }	# Connect to cert store
	sub CRYPT_CERTACTION_DISCONNECT { 3 }	# Disconnect from cert store
	sub CRYPT_CERTACTION_ERROR { 4 }	# Error information
	sub CRYPT_CERTACTION_ADDUSER { 5 }	# Add PKI user
	sub CRYPT_CERTACTION_DELETEUSER { 6 }	# Delete PKI user
	sub CRYPT_CERTACTION_REQUEST_CERT { 7 }	# Cert request
	sub CRYPT_CERTACTION_REQUEST_RENEWAL { 8 }	# Cert renewal request
	sub CRYPT_CERTACTION_REQUEST_REVOCATION { 9 }	# Cert revocation request
	sub CRYPT_CERTACTION_CERT_CREATION { 10 }	# Cert creation
	sub CRYPT_CERTACTION_CERT_CREATION_COMPLETE { 11 }	# Confirmation of cert creation
	sub CRYPT_CERTACTION_CERT_CREATION_DROP { 12 }	# Cancellation of cert creation
	sub CRYPT_CERTACTION_CERT_CREATION_REVERSE { 13 }	# Cancel of creation w.revocation
	sub CRYPT_CERTACTION_RESTART_CLEANUP { 14 }	# Delete reqs after restart
	sub CRYPT_CERTACTION_RESTART_REVOKE_CERT { 15 }	# Complete revocation after restart
	sub CRYPT_CERTACTION_ISSUE_CERT { 16 }	# Cert issue
	sub CRYPT_CERTACTION_ISSUE_CRL { 17 }	# CRL issue
	sub CRYPT_CERTACTION_REVOKE_CERT { 18 }	# Cert revocation
	sub CRYPT_CERTACTION_EXPIRE_CERT { 19 }	# Cert expiry
	sub CRYPT_CERTACTION_CLEANUP { 20 }	# Clean up on restart
	sub CRYPT_CERTACTION_LAST { 21 }	# Last possible cert store log action


##### END ENUM CRYPT_CERTACTION_TYPE

#****************************************************************************
#*                                                                           *
#*                               General Constants                           *
#*                                                                           *
#****************************************************************************

# The maximum user key size - 2048 bits 

	sub CRYPT_MAX_KEYSIZE { 256 }

# The maximum IV size - 256 bits 

	sub CRYPT_MAX_IVSIZE { 32 }

#  The maximum public-key component size - 4096 bits, and maximum component
#  size for ECCs - 256 bits 

	sub CRYPT_MAX_PKCSIZE { 512 }
	sub CRYPT_MAX_PKCSIZE_ECC { 32 }

# The maximum hash size - 256 bits 

	sub CRYPT_MAX_HASHSIZE { 32 }

# The maximum size of a text string (e.g.key owner name) 

	sub CRYPT_MAX_TEXTSIZE { 64 }

#  A magic value indicating that the default setting for this parameter