📄 cryptlib.h
字号:
certificate-bagging schemes such as cert chains and sequences that
can't be exported in this format and therefore aren't visible to the
user, but that need to be distinguished internally. The following
types are only visible internally */
CRYPT_ICERTTYPE_CMS_CERTSET, /* CMS SET OF Certificate = cert chain */
CRYPT_ICERTTYPE_SSL_CERTCHAIN, /* SSL certificate chain = cert chain */
CRYPT_ICERTTYPE_CTL, /* Cert.trust list (data-only cert chain) */
CRYPT_ICERTTYPE_REVINFO, /* Revocation info/single CRL entry */
/* CRYPT_ICERTTYPE_DATAONLY is a special value that doesn't specifically
contain a data format hint but indicates that the certificate should
be instantiated without creating a corresponding context to contain
the associated public key. This value is used by certs associated
with private-key objects and by contained in cert chains for which
only the leaf cert actually needs to have a context instantiated.
Technically this is simply a modifier for CRYPT_CERTTYPE_CERTIFICATE,
but there's no easy way to pass this flag down, so we give it its own
pseudo-type instead */
CRYPT_ICERTTYPE_DATAONLY, /* Data-only cert */
#endif /* _CRYPT_DEFINED */
CRYPT_CERTTYPE_LAST /* Last possible cert.type */
#ifdef _CRYPT_DEFINED
, CRYPT_CERTTYPE_LAST_EXTERNAL = CRYPT_CERTTYPE_PKIUSER + 1
#endif /* _CRYPT_DEFINED */
} CRYPT_CERTTYPE_TYPE;
/* Envelope/data format subtypes */
typedef enum {
CRYPT_FORMAT_NONE, /* No format type */
CRYPT_FORMAT_AUTO, /* Deenv, auto-determine type */
CRYPT_FORMAT_CRYPTLIB, /* cryptlib native format */
CRYPT_FORMAT_CMS, /* PKCS #7 / CMS / S/MIME fmt.*/
CRYPT_FORMAT_PKCS7 = CRYPT_FORMAT_CMS,
CRYPT_FORMAT_SMIME, /* As CMS with MSG-style behaviour */
CRYPT_FORMAT_PGP, /* PGP format */
#ifdef _CRYPT_DEFINED
/* Alongside the usual types we can also wind up with various protocol-
specific format types such as SSL and SSH. The following types are
only visible internally */
CRYPT_IFORMAT_SSL, /* SSL format */
CRYPT_IFORMAT_SSH, /* SSH format */
#endif /* _CRYPT_DEFINED */
CRYPT_FORMAT_LAST /* Last possible format type */
#ifdef _CRYPT_DEFINED
, CRYPT_FORMAT_LAST_EXTERNAL = CRYPT_FORMAT_PGP + 1
#endif /* _CRYPT_DEFINED */
} CRYPT_FORMAT_TYPE;
/* Session subtypes */
typedef enum {
CRYPT_SESSION_NONE, /* No session type */
CRYPT_SESSION_SSH, /* SSH */
CRYPT_SESSION_SSH_SERVER, /* SSH server */
CRYPT_SESSION_SSL, /* SSL/TLS */
CRYPT_SESSION_SSL_SERVER, /* SSL/TLS server */
CRYPT_SESSION_RTCS, /* RTCS */
CRYPT_SESSION_RTCS_SERVER, /* RTCS server */
CRYPT_SESSION_OCSP, /* OCSP */
CRYPT_SESSION_OCSP_SERVER, /* OCSP server */
CRYPT_SESSION_TSP, /* TSP */
CRYPT_SESSION_TSP_SERVER, /* TSP server */
CRYPT_SESSION_CMP, /* CMP */
CRYPT_SESSION_CMP_SERVER, /* CMP server */
CRYPT_SESSION_SCEP, /* SCEP */
CRYPT_SESSION_SCEP_SERVER, /* SCEP server */
CRYPT_SESSION_CERTSTORE_SERVER, /* HTTP cert store interface */
CRYPT_SESSION_LAST /* Last possible session type */
} CRYPT_SESSION_TYPE;
/* User subtypes */
typedef enum {
CRYPT_USER_NONE, /* No user type */
CRYPT_USER_NORMAL, /* Normal user */
CRYPT_USER_SO, /* Security officer */
CRYPT_USER_CA, /* CA user */
CRYPT_USER_LAST /* Last possible user type */
} CRYPT_USER_TYPE;
/****************************************************************************
* *
* Attribute Types *
* *
****************************************************************************/
/* Attribute types. These are arranged in the following order:
PROPERTY - Object property
ATTRIBUTE - Generic attributes
OPTION - Global or object-specific config.option
CTXINFO - Context-specific attribute
CERTINFO - Certificate-specific attribute
KEYINFO - Keyset-specific attribute
DEVINFO - Device-specific attribute
ENVINFO - Envelope-specific attribute
SESSINFO - Session-specific attribute
USERINFO - User-specific attribute */
typedef enum {
CRYPT_ATTRIBUTE_NONE, /* Non-value */
/* Used internally */
CRYPT_PROPERTY_FIRST,
/*********************/
/* Object attributes */
/*********************/
/* Object properties */
CRYPT_PROPERTY_HIGHSECURITY, /* Owned+non-forwardcount+locked */
CRYPT_PROPERTY_OWNER, /* Object owner */
CRYPT_PROPERTY_FORWARDCOUNT, /* No.of times object can be forwarded */
CRYPT_PROPERTY_LOCKED, /* Whether properties can be chged/read */
CRYPT_PROPERTY_USAGECOUNT, /* Usage count before object expires */
CRYPT_PROPERTY_NONEXPORTABLE, /* Whether key is nonexp.from context */
/* Used internally */
CRYPT_PROPERTY_LAST, CRYPT_GENERIC_FIRST,
/* Extended error information */
CRYPT_ATTRIBUTE_ERRORTYPE, /* Type of last error */
CRYPT_ATTRIBUTE_ERRORLOCUS, /* Locus of last error */
CRYPT_ATTRIBUTE_INT_ERRORCODE, /* Low-level software-specific */
CRYPT_ATTRIBUTE_INT_ERRORMESSAGE, /* error code and message */
/* Generic information */
CRYPT_ATTRIBUTE_CURRENT_GROUP, /* Cursor mgt: Group in attribute list */
CRYPT_ATTRIBUTE_CURRENT, /* Cursor mgt: Entry in attribute list */
CRYPT_ATTRIBUTE_CURRENT_INSTANCE, /* Cursor mgt: Instance in attribute list */
CRYPT_ATTRIBUTE_BUFFERSIZE, /* Internal data buffer size */
/* User internally */
CRYPT_GENERIC_LAST, CRYPT_OPTION_FIRST = 100,
/****************************/
/* Configuration attributes */
/****************************/
/* cryptlib information (read-only) */
CRYPT_OPTION_INFO_DESCRIPTION, /* Text description */
CRYPT_OPTION_INFO_COPYRIGHT, /* Copyright notice */
CRYPT_OPTION_INFO_MAJORVERSION, /* Major release version */
CRYPT_OPTION_INFO_MINORVERSION, /* Minor release version */
CRYPT_OPTION_INFO_STEPPING, /* Release stepping */
/* Encryption options */
CRYPT_OPTION_ENCR_ALGO, /* Encryption algorithm */
CRYPT_OPTION_ENCR_HASH, /* Hash algorithm */
CRYPT_OPTION_ENCR_MAC, /* MAC algorithm */
/* PKC options */
CRYPT_OPTION_PKC_ALGO, /* Public-key encryption algorithm */
CRYPT_OPTION_PKC_KEYSIZE, /* Public-key encryption key size */
/* Signature options */
CRYPT_OPTION_SIG_ALGO, /* Signature algorithm */
CRYPT_OPTION_SIG_KEYSIZE, /* Signature keysize */
/* Keying options */
CRYPT_OPTION_KEYING_ALGO, /* Key processing algorithm */
CRYPT_OPTION_KEYING_ITERATIONS, /* Key processing iterations */
/* Certificate options */
CRYPT_OPTION_CERT_SIGNUNRECOGNISEDATTRIBUTES, /* Whether to sign unrecog.attrs */
CRYPT_OPTION_CERT_VALIDITY, /* Certificate validity period */
CRYPT_OPTION_CERT_UPDATEINTERVAL, /* CRL update interval */
CRYPT_OPTION_CERT_COMPLIANCELEVEL, /* PKIX compliance level for cert chks.*/
CRYPT_OPTION_CERT_REQUIREPOLICY, /* Whether explicit policy req'd for certs */
/* CMS/SMIME options */
CRYPT_OPTION_CMS_DEFAULTATTRIBUTES, /* Add default CMS attributes */
CRYPT_OPTION_SMIME_DEFAULTATTRIBUTES = CRYPT_OPTION_CMS_DEFAULTATTRIBUTES,
/* LDAP keyset options */
CRYPT_OPTION_KEYS_LDAP_OBJECTCLASS, /* Object class */
CRYPT_OPTION_KEYS_LDAP_OBJECTTYPE, /* Object type to fetch */
CRYPT_OPTION_KEYS_LDAP_FILTER, /* Query filter */
CRYPT_OPTION_KEYS_LDAP_CACERTNAME, /* CA certificate attribute name */
CRYPT_OPTION_KEYS_LDAP_CERTNAME, /* Certificate attribute name */
CRYPT_OPTION_KEYS_LDAP_CRLNAME, /* CRL attribute name */
CRYPT_OPTION_KEYS_LDAP_EMAILNAME, /* Email attribute name */
/* Crypto device options */
CRYPT_OPTION_DEVICE_PKCS11_DVR01, /* Name of first PKCS #11 driver */
CRYPT_OPTION_DEVICE_PKCS11_DVR02, /* Name of second PKCS #11 driver */
CRYPT_OPTION_DEVICE_PKCS11_DVR03, /* Name of third PKCS #11 driver */
CRYPT_OPTION_DEVICE_PKCS11_DVR04, /* Name of fourth PKCS #11 driver */
CRYPT_OPTION_DEVICE_PKCS11_DVR05, /* Name of fifth PKCS #11 driver */
CRYPT_OPTION_DEVICE_PKCS11_HARDWAREONLY,/* Use only hardware mechanisms */
/* Network access options */
CRYPT_OPTION_NET_SOCKS_SERVER, /* Socks server name */
CRYPT_OPTION_NET_SOCKS_USERNAME, /* Socks user name */
CRYPT_OPTION_NET_HTTP_PROXY, /* Web proxy server */
CRYPT_OPTION_NET_CONNECTTIMEOUT, /* Timeout for network connection setup */
CRYPT_OPTION_NET_READTIMEOUT, /* Timeout for network reads */
CRYPT_OPTION_NET_WRITETIMEOUT, /* Timeout for network writes */
/* Miscellaneous options */
CRYPT_OPTION_MISC_ASYNCINIT, /* Whether to init cryptlib async'ly */
CRYPT_OPTION_MISC_SIDECHANNELPROTECTION, /* Protect against side-channel attacks */
/* cryptlib state information */
CRYPT_OPTION_CONFIGCHANGED, /* Whether in-mem.opts match on-disk ones */
CRYPT_OPTION_SELFTESTOK, /* Whether self-test was completed and OK */
/* Used internally */
CRYPT_OPTION_LAST, CRYPT_CTXINFO_FIRST = 1000,
/**********************/
/* Context attributes */
/**********************/
/* Algorithm and mode information */
CRYPT_CTXINFO_ALGO, /* Algorithm */
CRYPT_CTXINFO_MODE, /* Mode */
CRYPT_CTXINFO_NAME_ALGO, /* Algorithm name */
CRYPT_CTXINFO_NAME_MODE, /* Mode name */
CRYPT_CTXINFO_KEYSIZE, /* Key size in bytes */
CRYPT_CTXINFO_BLOCKSIZE, /* Block size */
CRYPT_CTXINFO_IVSIZE, /* IV size */
CRYPT_CTXINFO_KEYING_ALGO, /* Key processing algorithm */
CRYPT_CTXINFO_KEYING_ITERATIONS,/* Key processing iterations */
CRYPT_CTXINFO_KEYING_SALT, /* Key processing salt */
CRYPT_CTXINFO_KEYING_VALUE, /* Value used to derive key */
/* State information */
CRYPT_CTXINFO_KEY, /* Key */
CRYPT_CTXINFO_KEY_COMPONENTS, /* Public-key components */
CRYPT_CTXINFO_IV, /* IV */
CRYPT_CTXINFO_HASHVALUE, /* Hash value */
/* Misc.information */
CRYPT_CTXINFO_LABEL, /* Label for private/secret key */
CRYPT_CTXINFO_PERSISTENT, /* Obj.is backed by device or keyset */
/* Used internally */
CRYPT_CTXINFO_LAST, CRYPT_CERTINFO_FIRST = 2000,
/**************************/
/* Certificate attributes */
/**************************/
/* Because there are so many cert attributes, we break them down into
blocks to minimise the number of values that change if a new one is
added halfway through */
/* Pseudo-information on a cert object or meta-information which is used
to control the way that a cert object is processed */
CRYPT_CERTINFO_SELFSIGNED, /* Cert is self-signed */
CRYPT_CERTINFO_IMMUTABLE, /* Cert is signed and immutable */
CRYPT_CERTINFO_XYZZY, /* Cert is a magic just-works cert */
CRYPT_CERTINFO_CERTTYPE, /* Certificate object type */
CRYPT_CERTINFO_FINGERPRINT, /* Certificate fingerprints */
CRYPT_CERTINFO_FINGERPRINT_MD5 = CRYPT_CERTINFO_FINGERPRINT,
CRYPT_CERTINFO_FINGERPRINT_SHA,
CRYPT_CERTINFO_CURRENT_CERTIFICATE,/* Cursor mgt: Rel.pos in chain/CRL/OCSP */
CRYPT_CERTINFO_TRUSTED_USAGE, /* Usage that cert is trusted for */
CRYPT_CERTINFO_TRUSTED_IMPLICIT,/* Whether cert is implicitly trusted */
CRYPT_CERTINFO_SIGNATURELEVEL, /* Amount of detail to include in sigs.*/
/* General certificate object information */
CRYPT_CERTINFO_VERSION, /* Cert.format version */
CRYPT_CERTINFO_SERIALNUMBER, /* Serial number */
CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, /* Public key */
CRYPT_CERTINFO_CERTIFICATE, /* User certificate */
CRYPT_CERTINFO_USERCERTIFICATE = CRYPT_CERTINFO_CERTIFICATE,
CRYPT_CERTINFO_CACERTIFICATE, /* CA certificate */
CRYPT_CERTINFO_ISSUERNAME, /* Issuer DN */
CRYPT_CERTINFO_VALIDFROM, /* Cert valid-from time */
CRYPT_CERTINFO_VALIDTO, /* Cert valid-to time */
CRYPT_CERTINFO_SUBJECTNAME, /* Subject DN */
CRYPT_CERTINFO_ISSUERUNIQUEID, /* Issuer unique ID */
CRYPT_CERTINFO_SUBJECTUNIQUEID, /* Subject unique ID */
CRYPT_CERTINFO_CERTREQUEST, /* Cert.request (DN + public key) */
CRYPT_CERTINFO_THISUPDATE, /* CRL/OCSP current-update time */
CRYPT_CERTINFO_NEXTUPDATE, /* CRL/OCSP next-update time */
CRYPT_CERTINFO_REVOCATIONDATE, /* CRL/OCSP cert-revocation time */
CRYPT_CERTINFO_REVOCATIONSTATUS,/* OCSP revocation status */
CRYPT_CERTINFO_CERTSTATUS, /* RTCS certificate status */
CRYPT_CERTINFO_DN, /* Currently selected DN in string form */
CRYPT_CERTINFO_PKIUSER_ID, /* PKI user ID */
CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD, /* PKI user issue password */
CRYPT_CERTINFO_PKIUSER_REVPASSWORD, /* PKI user revocation password */
/* X.520 Distinguished Name components. This is a composite field, the
DN to be manipulated is selected through the addition of a
pseudocomponent, and then one of the following is used to access the
DN components directly */
CRYPT_CERTINFO_COUNTRYNAME = CRYPT_CERTINFO_FIRST + 100, /* countryName */
CRYPT_CERTINFO_STATEORPROVINCENAME, /* stateOrProvinceName */
CRYPT_CERTINFO_LOCALITYNAME, /* localityName */
CRYPT_CERTINFO_ORGANIZATIONNAME, /* organizationName */
CRYPT_CERTINFO_ORGANISATIONNAME = CRYPT_CERTINFO_ORGANIZATIONNAME,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -