cryptlib.pas

cryptlib安全工具包

  CRYPT_SESSINFO_RESPONSE = 6017;  { Cert.response object }
  CRYPT_SESSINFO_CACERTIFICATE = 6018;  { Issuing CA certificate }
  
  { Protocol-specific information }
  CRYPT_SESSINFO_TSP_MSGIMPRINT = 6019;  { TSP message imprint }
  CRYPT_SESSINFO_CMP_REQUESTTYPE = 6020;  { Request type }
  CRYPT_SESSINFO_CMP_PKIBOOT = 6021;  { Enable PKIBoot facility }
  CRYPT_SESSINFO_CMP_PRIVKEYSET = 6022;  { Private-key keyset }
  CRYPT_SESSINFO_SSH_CHANNEL = 6023;  { SSH current channel }
  CRYPT_SESSINFO_SSH_CHANNEL_TYPE = 6024;  { SSH channel type }
  CRYPT_SESSINFO_SSH_CHANNEL_ARG1 = 6025;  { SSH channel argument 1 }
  CRYPT_SESSINFO_SSH_CHANNEL_ARG2 = 6026;  { SSH channel argument 2 }
  CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE = 6027;  { SSH channel active }
  
  { Used internally }
  CRYPT_SESSINFO_LAST = 6028;  CRYPT_USERINFO_FIRST = 7000;  
  
  {********************}
  { User attributes }
  {********************}
  
  { Security-related information }
  CRYPT_USERINFO_PASSWORD = 7001;  { Password }
  
  { User role-related information }
  CRYPT_USERINFO_CAKEY_CERTSIGN = 7002;  { CA cert signing key }
  CRYPT_USERINFO_CAKEY_CRLSIGN = 7003;  { CA CRL signing key }
  CRYPT_USERINFO_CAKEY_RTCSSIGN = 7004;  { CA RTCS signing key }
  CRYPT_USERINFO_CAKEY_OCSPSIGN = 7005;  { CA OCSP signing key }
  
  { Used internally for range checking }
  CRYPT_USERINFO_LAST = 7006;  CRYPT_ATTRIBUTE_LAST = 7006; { = CRYPT_USERINFO_LAST }  
  
  



{****************************************************************************
*                                                                           *
*                       Attribute Subtypes and Related Values               *
*                                                                           *
****************************************************************************}

{  Flags for the X.509 keyUsage extension  }

  CRYPT_KEYUSAGE_NONE = $000;
  CRYPT_KEYUSAGE_DIGITALSIGNATURE = $001;
  CRYPT_KEYUSAGE_NONREPUDIATION = $002;
  CRYPT_KEYUSAGE_KEYENCIPHERMENT = $004;
  CRYPT_KEYUSAGE_DATAENCIPHERMENT = $008;
  CRYPT_KEYUSAGE_KEYAGREEMENT = $010;
  CRYPT_KEYUSAGE_KEYCERTSIGN = $020;
  CRYPT_KEYUSAGE_CRLSIGN = $040;
  CRYPT_KEYUSAGE_ENCIPHERONLY = $080;
  CRYPT_KEYUSAGE_DECIPHERONLY = $100;
  CRYPT_KEYUSAGE_LAST = $200;   {  Last possible value  }

{  X.509 cRLReason and cryptlib cRLExtReason codes  }


  CRYPT_CRLREASON_UNSPECIFIED = 0;
  CRYPT_CRLREASON_KEYCOMPROMISE = 1;
  CRYPT_CRLREASON_CACOMPROMISE = 2;
  CRYPT_CRLREASON_AFFILIATIONCHANGED = 3;
  CRYPT_CRLREASON_SUPERSEDED = 4;
  CRYPT_CRLREASON_CESSATIONOFOPERATION = 5;
  CRYPT_CRLREASON_CERTIFICATEHOLD = 6;
  CRYPT_CRLREASON_REMOVEFROMCRL = 8;
  CRYPT_CRLREASON_PRIVILEGEWITHDRAWN = 9;
  CRYPT_CRLREASON_AACOMPROMISE = 10;
  CRYPT_CRLREASON_LAST = 11;
  { End of standard CRL reasons }
       CRYPT_CRLREASON_NEVERVALID = 20;
  CRYPT_CRLEXTREASON_LAST  = 21;



{  X.509 CRL reason flags.  These identify the same thing as the cRLReason
   codes but allow for multiple reasons to be specified.  Note that these
   don't follow the X.509 naming since in that scheme the enumerated types
   and bitflags have the same names  }

  CRYPT_CRLREASONFLAG_UNUSED = $001;
  CRYPT_CRLREASONFLAG_KEYCOMPROMISE = $002;
  CRYPT_CRLREASONFLAG_CACOMPROMISE = $004;
  CRYPT_CRLREASONFLAG_AFFILIATIONCHANGED = $008;
  CRYPT_CRLREASONFLAG_SUPERSEDED = $010;
  CRYPT_CRLREASONFLAG_CESSATIONOFOPERATION = $020;
  CRYPT_CRLREASONFLAG_CERTIFICATEHOLD = $040;
  CRYPT_CRLREASONFLAG_LAST = $080;   {  Last poss.value  }

{  X.509 CRL holdInstruction codes  }


  CRYPT_HOLDINSTRUCTION_NONE = 0;
  CRYPT_HOLDINSTRUCTION_CALLISSUER = 1;
  CRYPT_HOLDINSTRUCTION_REJECT = 2;
  CRYPT_HOLDINSTRUCTION_PICKUPTOKEN = 3;
  CRYPT_HOLDINSTRUCTION_LAST  = 4;



{  Certificate checking compliance levels  }


  CRYPT_COMPLIANCELEVEL_OBLIVIOUS = 0;
  CRYPT_COMPLIANCELEVEL_REDUCED = 1;
  CRYPT_COMPLIANCELEVEL_STANDARD = 2;
  CRYPT_COMPLIANCELEVEL_PKIX_PARTIAL = 3;
  CRYPT_COMPLIANCELEVEL_PKIX_FULL = 4;
  CRYPT_COMPLIANCELEVEL_LAST  = 5;



{  Flags for the Netscape netscape-cert-type extension  }

  CRYPT_NS_CERTTYPE_SSLCLIENT = $001;
  CRYPT_NS_CERTTYPE_SSLSERVER = $002;
  CRYPT_NS_CERTTYPE_SMIME = $004;
  CRYPT_NS_CERTTYPE_OBJECTSIGNING = $008;
  CRYPT_NS_CERTTYPE_RESERVED = $010;
  CRYPT_NS_CERTTYPE_SSLCA = $020;
  CRYPT_NS_CERTTYPE_SMIMECA = $040;
  CRYPT_NS_CERTTYPE_OBJECTSIGNINGCA = $080;
  CRYPT_NS_CERTTYPE_LAST = $100;   {  Last possible value  }

{  Flags for the SET certificate-type extension  }

  CRYPT_SET_CERTTYPE_CARD = $001;
  CRYPT_SET_CERTTYPE_MER = $002;
  CRYPT_SET_CERTTYPE_PGWY = $004;
  CRYPT_SET_CERTTYPE_CCA = $008;
  CRYPT_SET_CERTTYPE_MCA = $010;
  CRYPT_SET_CERTTYPE_PCA = $020;
  CRYPT_SET_CERTTYPE_GCA = $040;
  CRYPT_SET_CERTTYPE_BCA = $080;
  CRYPT_SET_CERTTYPE_RCA = $100;
  CRYPT_SET_CERTTYPE_ACQ = $200;
  CRYPT_SET_CERTTYPE_LAST = $400;   {  Last possible value  }

{  CMS contentType values  }


type
  CRYPT_CONTENT_TYPE = (   CRYPT_CONTENT_NONE, CRYPT_CONTENT_DATA,
               CRYPT_CONTENT_SIGNEDDATA, CRYPT_CONTENT_ENVELOPEDDATA,
               CRYPT_CONTENT_SIGNEDANDENVELOPEDDATA,
               CRYPT_CONTENT_DIGESTEDDATA, CRYPT_CONTENT_ENCRYPTEDDATA,
               CRYPT_CONTENT_COMPRESSEDDATA, CRYPT_CONTENT_AUTHDATA, 
               CRYPT_CONTENT_AUTHENVDATA, CRYPT_CONTENT_TSTINFO,
               CRYPT_CONTENT_SPCINDIRECTDATACONTEXT,
               CRYPT_CONTENT_RTCSREQUEST, CRYPT_CONTENT_RTCSRESPONSE,
               CRYPT_CONTENT_RTCSRESPONSE_EXT, CRYPT_CONTENT_LAST
             
  );

{  ESS securityClassification codes  }



const
  CRYPT_CLASSIFICATION_UNMARKED = 0;
  CRYPT_CLASSIFICATION_UNCLASSIFIED = 1;
  CRYPT_CLASSIFICATION_RESTRICTED = 2;
  CRYPT_CLASSIFICATION_CONFIDENTIAL = 3;
  CRYPT_CLASSIFICATION_SECRET = 4;
  CRYPT_CLASSIFICATION_TOP_SECRET = 5;
  CRYPT_CLASSIFICATION_LAST = 255 ;



{  RTCS certificate status  }


  CRYPT_CERTSTATUS_VALID = 0;
  CRYPT_CERTSTATUS_NOTVALID = 1;
  CRYPT_CERTSTATUS_NONAUTHORITATIVE = 2;
  CRYPT_CERTSTATUS_UNKNOWN  = 3;



{  OCSP revocation status  }


  CRYPT_OCSPSTATUS_NOTREVOKED = 0;
  CRYPT_OCSPSTATUS_REVOKED = 1;
  CRYPT_OCSPSTATUS_UNKNOWN  = 2;



{  The amount of detail to include in signatures when signing certificate
   objects  }


type
  CRYPT_SIGNATURELEVEL_TYPE = (  
    CRYPT_SIGNATURELEVEL_NONE,      {  Include only signature  }
    CRYPT_SIGNATURELEVEL_SIGNERCERT,{  Include signer cert  }
    CRYPT_SIGNATURELEVEL_ALL,       {  Include all relevant info  }
    CRYPT_SIGNATURELEVEL_LAST       {  Last possible sig.level type  }
    
  );

{  The level of integrity protection to apply to enveloped data.  The 
   default envelope protection for an envelope with keying information 
   applied is encryption, this can be modified to use MAC-only protection
   (with no encryption) or hybrid encryption + authentication  }

  CRYPT_INTEGRITY_TYPE = (  
    CRYPT_INTEGRITY_NONE,           {  No integrity protection  }
    CRYPT_INTEGRITY_MACONLY,        {  MAC only, no encryption  }
    CRYPT_INTEGRITY_FULL            {  Encryption + ingerity protection  }
    
  );

{  The certificate export format type, which defines the format in which a
   certificate object is exported  }

  CRYPT_CERTFORMAT_TYPE = (  
    CRYPT_CERTFORMAT_NONE,          {  No certificate format  }
    CRYPT_CERTFORMAT_CERTIFICATE,   {  DER-encoded certificate  }
    CRYPT_CERTFORMAT_CERTCHAIN,     {  PKCS #7 certificate chain  }
    CRYPT_CERTFORMAT_TEXT_CERTIFICATE,  {  base-64 wrapped cert  }
    CRYPT_CERTFORMAT_TEXT_CERTCHAIN,    {  base-64 wrapped cert chain  }
    CRYPT_CERTFORMAT_XML_CERTIFICATE,   {  XML wrapped cert  }
    CRYPT_CERTFORMAT_XML_CERTCHAIN, {  XML wrapped cert chain  }
    CRYPT_CERTFORMAT_LAST           {  Last possible cert.format type  }
    
  );

{  CMP request types  }

  CRYPT_REQUESTTYPE_TYPE = (  
    CRYPT_REQUESTTYPE_NONE,         {  No request type  }
    CRYPT_REQUESTTYPE_INITIALISATION,   {  Initialisation request  }
    CRYPT_REQUESTTYPE_CERTIFICATE,  {  Certification request  }
    CRYPT_REQUESTTYPE_KEYUPDATE,    {  Key update request  }
    CRYPT_REQUESTTYPE_REVOCATION,   {  Cert revocation request  }
    CRYPT_REQUESTTYPE_PKIBOOT,      {  PKIBoot request  }
    CRYPT_REQUESTTYPE_LAST          {  Last possible request type  }
    
  );

const
  CRYPT_REQUESTTYPE_INITIALIZATION: CRYPT_REQUESTTYPE_TYPE = CRYPT_REQUESTTYPE_INITIALISATION;

{  Key ID types  }


type
  CRYPT_KEYID_TYPE = (  
    CRYPT_KEYID_NONE,               {  No key ID type  }
    CRYPT_KEYID_NAME,               {  Key owner name  }
    CRYPT_KEYID_URI,                {  Key owner URI  } {  Synonym: owner email addr.}
    CRYPT_KEYID_LAST                {  Last possible key ID type  }
    
  );

const
  CRYPT_KEYID_EMAIL: CRYPT_KEYID_TYPE = CRYPT_KEYID_URI;

{  The encryption object types  }


type
  CRYPT_OBJECT_TYPE = (  
    CRYPT_OBJECT_NONE,              {  No object type  }
    CRYPT_OBJECT_ENCRYPTED_KEY,     {  Conventionally encrypted key  }
    CRYPT_OBJECT_PKCENCRYPTED_KEY,  {  PKC-encrypted key  }
    CRYPT_OBJECT_KEYAGREEMENT,      {  Key agreement information  }
    CRYPT_OBJECT_SIGNATURE,         {  Signature  }
    CRYPT_OBJECT_LAST               {  Last possible object type  }
    
  );

{  Object/attribute error type information  }

  CRYPT_ERRTYPE_TYPE = (  
    CRYPT_ERRTYPE_NONE,             {  No error information  }
    CRYPT_ERRTYPE_ATTR_SIZE,        {  Attribute data too small or large  }
    CRYPT_ERRTYPE_ATTR_VALUE,       {  Attribute value is invalid  }
    CRYPT_ERRTYPE_ATTR_ABSENT,      {  Required attribute missing  }
    CRYPT_ERRTYPE_ATTR_PRESENT,     {  Non-allowed attribute present  }
    CRYPT_ERRTYPE_CONSTRAINT,       {  Cert: Constraint violation in object  }
    CRYPT_ERRTYPE_ISSUERCONSTRAINT, {  Cert: Constraint viol.in issuing cert  }
    CRYPT_ERRTYPE_LAST              {  Last possible error info type  }
    
  );

{  Cert store management action type  }

  CRYPT_CERTACTION_TYPE = (  
    CRYPT_CERTACTION_NONE,          {  No cert management action  }
    CRYPT_CERTACTION_CREATE,        {  Create cert store  }
    CRYPT_CERTACTION_CONNECT,       {  Connect to cert store  }
    CRYPT_CERTACTION_DISCONNECT,    {  Disconnect from cert store  }
    CRYPT_CERTACTION_ERROR,         {  Error information  }
    CRYPT_CERTACTION_ADDUSER,       {  Add PKI user  }
    CRYPT_CERTACTION_DELETEUSER,    {  Delete PKI user  }
    CRYPT_CERTACTION_REQUEST_CERT,  {  Cert request  }
    CRYPT_CERTACTION_REQUEST_RENEWAL,{  Cert renewal request  }
    CRYPT_CERTACTION_REQUEST_REVOCATION,{  Cert revocation request  }
    CRYPT_CERTACTION_CERT_CREATION, {  Cert creation  }
    CRYPT_CERTACTION_CERT_CREATION_COMPLETE,{  Confirmation of cert creation  }
    CRYPT_CERTACTION_CERT_CREATION_DROP,    {  Cancellation of cert creation  }
    CRYPT_CERTACTION_CERT_CREATION_REVERSE, {  Cancel of creation w.revocation  }
    CRYPT_CERTACTION_RESTART_CLEANUP, {  Delete reqs after restart  }
    CRYPT_CERTACTION_RESTART_REVOKE_CERT, {  Complete revocation after restart  }
    CRYPT_CERTACTION_ISSUE_CERT,    {  Cert issue  }
    CRYPT_CERTACTION_ISSUE_CRL,     {  CRL issue  }
    CRYPT_CERTACTION_REVOKE_CERT,   {  Cert revocation  }