1 /**************************************************************************** 2 * * 3 * cryptlib Header File * 4 * Copyright Peter Gutmann 1992-2015 * 5 * * 6 ****************************************************************************/ 7 8 #ifndef _CRYPTLIB_DEFINED 9 10 #define _CRYPTLIB_DEFINED 11 12 /* The current cryptlib version: 3.4.3 */ 13 14 #define CRYPTLIB_VERSION 3430 15 16 /* Fixup for Windows support. We need to include windows.h for various types 17 and prototypes needed for DLL's. In addition wincrypt.h defines some 18 values with the same names as cryptlib ones, so we need to check for this 19 and issue a warning not to mix cryptlib with CryptoAPI (that's like taking 20 a bank vault and making one side out of papier mache). 21 22 A second, less likely condition can occur when wincrypt.h is included 23 after cryptlib.h, which shouldn't happen if developers follow the 24 convention of including local headers after system headers, but can occur 25 if they ignore this convention. The NOCRYPT doesn't fix this since 26 wincrypt.h can be pulled in indirectly and unconditionally, for example 27 via winldap.h -> schnlsp.h -> schannel.h -> wincrypt.h. To fix this, we 28 create a redundant define for CRYPT_MODE_ECB which produces a compile 29 error if wincrypt.h is included after cryptlib.h. Since thie will 30 conflict with the enum, we have to place it after the CRYPT_MODE_xxx 31 enums */ 32 33 #if ( defined( _WINDOWS ) || defined( WIN32 ) || defined( _WIN32 ) || \ 34 defined( __WIN32__ ) || defined( _WIN32_WCE ) ) && \ 35 !defined( _SCCTK ) && !defined( _CVI_ ) 36 #ifndef WIN32_LEAN_AND_MEAN 37 #define WIN32_LEAN_AND_MEAN /* Skip RPC, OLE, Multimedia, etc */ 38 #endif /* WIN32_LEAN_AND_MEAN */ 39 #define NOCRYPT /* Disable include of wincrypt.h */ 40 #include <windows.h> 41 42 /* Catch use of CryptoAPI and cryptlib at the same time. wxWidgets 43 includes wincrypt.h by default so we undefine the conflicting values 44 and assume that the warning above will let users know that CryptoAPI 45 use isn't going to work properly, for anything else we require that the 46 user explicitly fix things */ 47 #if defined( CRYPT_MODE_ECB ) 48 #pragma message( "Warning: Both cryptlib.h and wincrypt.h have been included into the same source file." ) 49 #pragma message( " These contain conflicting type names that prevent both from being used simultaneously." ) 50 #ifdef __WXWINDOWS__ 51 #pragma message( " To allow compilation to proceed the wincrypt.h encryption modes have been undefined." ) 52 #undef CRYPT_MODE_ECB 53 #undef CRYPT_MODE_CBC 54 #undef CRYPT_MODE_CFB 55 #undef CRYPT_MODE_GCM 56 #else 57 #pragma message( " To allow compilation to proceed you need to avoid including wincrypt.h in your code." ) 58 #error "cryptlib.h and wincrypt.h can't both be used at the same time due to conflicting type names" 59 #endif /* __WXWINDOWS__ */ 60 #endif /* Clash with wincrypt.h defines */ 61 #endif /* Windows other than a cross-development environment */ 62 63 /* Machine-dependant types to allow use in special library types such as 64 DLL's. Under Win32 and BeOS we need to use the dllimport and dllexport 65 directives for the DLL/shared-lib version so we define the type used for 66 functions depending on whether we're being included via the cryptlib- 67 internal crypt.h or not */ 68 69 #if ( defined( WIN32 ) || defined( _WIN32 ) || defined( __WIN32__ ) || \ 70 defined( _WIN32_WCE ) ) && !( defined( STATIC_LIB ) || defined( _SCCTK ) ) 71 #define C_PTR * /* General pointer */ 72 #if defined( _WIN32_WCE ) 73 /* Rather than relying on _UNICODE being defined (which would cause 74 problems if cryptlib is built with char * but the calling app is built 75 with wchar_t *), we always use the default native char type, which is 76 ASCII (or at least 8-bit) under Win32 and Unicode under WinCE */ 77 #define C_CHR wchar_t 78 #else 79 #define C_CHR char 80 #endif /* WinCE vs. Win32 */ 81 #define C_STR C_CHR * 82 #if defined( __BORLANDC__ ) && ( __BORLANDC__ < 0x500 ) 83 #ifdef _CRYPT_DEFINED 84 #define C_RET int _export _stdcall /* BC++ DLL export ret.val.*/ 85 #else 86 #define C_RET int _import _stdcall /* BC++ DLL import ret.val.*/ 87 #endif /* CRYPT_DEFINED */ 88 #else 89 #ifdef _CRYPT_DEFINED 90 #define C_RET __declspec( dllexport ) int __stdcall /* DLL export ret.val.*/ 91 #else 92 #define C_RET __declspec( dllimport ) int __stdcall /* DLL import ret.val.*/ 93 #endif /* CRYPT_DEFINED */ 94 #endif /* BC++ vs.VC++ DLL functions */ 95 #elif defined( _WINDOWS ) && !defined( STATIC_LIB ) 96 #define C_PTR FAR * /* DLL pointer */ 97 #define C_CHR char 98 #define C_STR C_CHR FAR * /* DLL string pointer */ 99 #define C_RET int FAR PASCAL _export /* DLL return value */ 100 #elif defined( __BEOS__ ) 101 /* #include <BeBuild.h> // _EXPORT/_IMPORT defines */ 102 #define C_PTR * 103 #define C_CHR char 104 #define C_STR C_CHR * 105 #ifdef _STATIC_LINKING 106 #define C_RET int 107 #else 108 #ifdef _CRYPT_DEFINED 109 #define C_RET __declspec( dllexport ) int /* Shared lib export ret.val.*/ 110 #else 111 #define C_RET __declspec( dllimport ) int /* Shared lib import ret.val.*/ 112 #endif /* CRYPT_DEFINED */ 113 #endif /* Static vs. shared lib */ 114 #elif defined( __SYMBIAN32__ ) 115 #ifdef _CRYPT_DEFINED 116 #define C_RET EXPORT_C /* DLL export ret.val.*/ 117 #else 118 #define C_RET IMPORT_C /* DLL import ret.val.*/ 119 #endif /* CRYPT_DEFINED */ 120 #else 121 #define C_PTR * 122 #define C_CHR char 123 #define C_STR C_CHR * 124 #define C_RET int 125 #endif /* Windows vs.everything else function types */ 126 127 /* Symbolic defines to make it clearer how the function parameters behave */ 128 129 #define C_IN const /* Input-only */ 130 #define C_IN_OPT const /* Input-only, may be NULL */ 131 #define C_OUT /* Output-only */ 132 #define C_OUT_OPT /* Output-only, may be NULL */ 133 #define C_INOUT /* Modified in-place */ 134 135 /* Additional defines for compilers that provide extended function and 136 function-parameter checking */ 137 138 #if defined( __GNUC__ ) && ( __GNUC__ >= 4 ) 139 #define C_CHECK_RETVAL __attribute__(( warn_unused_result )) 140 #ifdef _CRYPT_DEFINED 141 #define C_NONNULL_ARG( argIndex ) /* Too dangerous to use inside clib */ 142 #else 143 #define C_NONNULL_ARG( argIndex ) __attribute__(( nonnull argIndex )) 144 #endif /* _CRYPT_DEFINED */ 145 #elif defined( _MSC_VER ) && defined( _PREFAST_ ) 146 #ifdef __ATTR_SAL /* Attribute SAL */ 147 #define C_CHECK_RETVAL _Check_return_ \ 148 _Success_( return == CRYPT_OK ) 149 #define C_NONNULL_ARG( argIndex ) 150 #undef C_IN_OPT 151 #define C_IN_OPT _In_opt_ const 152 #undef C_OUT_OPT 153 #define C_OUT_OPT _Out_opt_ 154 #undef C_INOUT 155 #define C_INOUT _Inout_ 156 #else 157 #define C_CHECK_RETVAL __checkReturn \ 158 __success( result == CRYPT_OK ) \ 159 __range( MAX_ERROR, CRYPT_OK ) 160 #define C_NONNULL_ARG( argIndex ) 161 #undef C_IN_OPT 162 #define C_IN_OPT __in_opt const 163 #undef C_OUT_OPT 164 #define C_OUT_OPT __out_opt 165 #undef C_INOUT 166 #define C_INOUT __inout 167 #endif /* Declspec vs. Attribute SAL */ 168 #else 169 #define C_CHECK_RETVAL 170 #define C_NONNULL_ARG( argIndex ) 171 #endif /* Compiler-specific annotations */ 172 173 #ifdef _CRYPTLIB_DEFINED /* Disable use in non-C versions of header */ 174 175 /* Alongside the externally visible types, cryptlib also has various internal 176 types that are extended forms of the external types that are invisible 177 to the user (e.g. SignedPublicKeyAndChallenge == certRequest). These can 178 only be used internally and are blocked by the security kernel, so they 179 can never be accessed from outside cryptlib (in fact for good measure 180 they're blocked before they even get to the kernel by preliminary range 181 checks in the API wrapper functions). The only reason they're defined 182 here is because it's not possible to extend an enum outside the point 183 where it's originally defined */ 184 185 #endif /* _CRYPTLIB_DEFINED */ 186 187 /**************************************************************************** 188 * * 189 * Algorithm and Object Types * 190 * * 191 ****************************************************************************/ 192 193 /* Algorithm and mode types */ 194 195 typedef enum { /* Algorithms */ 196 /* No encryption */ 197 CRYPT_ALGO_NONE, /* No encryption */ 198 199 /* Conventional encryption */ 200 CRYPT_ALGO_DES, /* DES */ 201 CRYPT_ALGO_3DES, /* Triple DES */ 202 CRYPT_ALGO_IDEA, /* IDEA (only used for PGP 2.x) */ 203 CRYPT_ALGO_CAST, /* CAST-128 (only used for OpenPGP) */ 204 CRYPT_ALGO_RC2, /* RC2 (disabled by default, used for PKCS #12) */ 205 CRYPT_ALGO_RC4, /* RC4 (insecure, deprecated) */ 206 CRYPT_ALGO_RESERVED1, /* Formerly RC5 */ 207 CRYPT_ALGO_AES, /* AES */ 208 CRYPT_ALGO_RESERVED2, /* Formerly Blowfish */ 209 210 /* Public-key encryption */ 211 CRYPT_ALGO_DH = 100, /* Diffie-Hellman */ 212 CRYPT_ALGO_RSA, /* RSA */ 213 CRYPT_ALGO_DSA, /* DSA */ 214 CRYPT_ALGO_ELGAMAL, /* ElGamal */ 215 CRYPT_ALGO_RESERVED3, /* Formerly KEA */ 216 CRYPT_ALGO_ECDSA, /* ECDSA */ 217 CRYPT_ALGO_ECDH, /* ECDH */ 218 219 /* Hash algorithms */ 220 CRYPT_ALGO_RESERVED4 = 200, /* Formerly MD2 */ 221 CRYPT_ALGO_RESERVED5, /* Formerly MD4 */ 222 CRYPT_ALGO_MD5, /* MD5 (only used for TLS 1.0/1.1) */ 223 CRYPT_ALGO_SHA1, /* SHA/SHA1 */ 224 CRYPT_ALGO_RESERVED6, /* Formerly RIPE-MD 160 */ 225 CRYPT_ALGO_SHA2, /* SHA-256 */ 226 CRYPT_ALGO_SHA256 = CRYPT_ALGO_SHA2,/* Alternate name */ 227 CRYPT_ALGO_SHAng, /* Future SHA-nextgen standard */ 228 229 /* MAC's */ 230 CRYPT_ALGO_RESREVED_7 = 300, /* Formerly HMAC-MD5 */ 231 CRYPT_ALGO_HMAC_SHA1, /* HMAC-SHA */ 232 CRYPT_ALGO_RESERVED8, /* Formerly HMAC-RIPEMD-160 */ 233 CRYPT_ALGO_HMAC_SHA2, /* HMAC-SHA2 */ 234 CRYPT_ALGO_HMAC_SHAng, /* HMAC-future-SHA-nextgen */ 235 236 #ifdef _CRYPT_DEFINED 237 /* Alongside the usual types we also need a generic secret-key store 238 for use with mechanisms that convert a single secret value into 239 multiple derived keying values like encryption keys, MAC keys, 240 IVs, and so on. The following algorithm type implements this 241 generic-secret crypto object */ 242 CRYPT_IALGO_GENERIC_SECRET = 1000,/* Generic-secret object */ 243 #endif /* _CRYPT_DEFINED */ 244 245 /* Vendors may want to use their own algorithms that aren't part of the 246 general cryptlib suite. The following values are for vendor-defined 247 algorithms, and can be used just like the named algorithm types (it's 248 up to the vendor to keep track of what _VENDOR1 actually corresponds 249 to) */ 250 #ifdef USE_VENDOR_ALGOS 251 CRYPT_ALGO_VENDOR1 = 10000, CRYPT_ALGO_VENDOR2, CRYPT_ALGO_VENDOR3, 252 #endif /* USE_VENDOR_ALGOS */ 253 254 CRYPT_ALGO_LAST, /* Last possible crypt algo value */ 255 #ifdef _CRYPT_DEFINED 256 CRYPT_ALGO_LAST_EXTERNAL = CRYPT_ALGO_HMAC_SHAng + 1, 257 #endif /* _CRYPT_DEFINED */ 258 259 /* In order that we can scan through a range of algorithms with 260 cryptQueryCapability(), we define the following boundary points for 261 each algorithm class */ 262 CRYPT_ALGO_FIRST_CONVENTIONAL = 1, 263 CRYPT_ALGO_LAST_CONVENTIONAL = 99, 264 CRYPT_ALGO_FIRST_PKC = 100, 265 CRYPT_ALGO_LAST_PKC = 199, 266 CRYPT_ALGO_FIRST_HASH = 200, 267 CRYPT_ALGO_LAST_HASH = 299, 268 CRYPT_ALGO_FIRST_MAC = 300, 269 CRYPT_ALGO_LAST_MAC = 399 270 } CRYPT_ALGO_TYPE; 271 272 typedef enum { /* Block cipher modes */ 273 CRYPT_MODE_NONE, /* No encryption mode */ 274 CRYPT_MODE_ECB, /* ECB */ 275 CRYPT_MODE_CBC, /* CBC */ 276 CRYPT_MODE_CFB, /* CFB */ 277 CRYPT_MODE_GCM, /* GCM */ 278 CRYPT_MODE_LAST /* Last possible crypt mode value */ 279 } CRYPT_MODE_TYPE; 280 281 #if ( defined( _WINDOWS ) || defined( WIN32 ) || defined( _WIN32 ) || \ 282 defined( __WIN32__ ) ) && !defined( _SCCTK ) 283 /* Force an error if wincrypt.h is included after cryptlib.h, see note at 284 the start of the file */ 285 #define CRYPT_MODE_ECB 1 286 #endif /* Windows other than a cross-development environment */ 287 288 /* Keyset subtypes */ 289 290 typedef enum { /* Keyset types */ 291 CRYPT_KEYSET_NONE, /* No keyset type */ 292 CRYPT_KEYSET_FILE, /* Generic flat file keyset */ 293 CRYPT_KEYSET_HTTP, /* Web page containing cert/CRL */ 294 CRYPT_KEYSET_LDAP, /* LDAP directory service */ 295 CRYPT_KEYSET_ODBC, /* Generic ODBC interface */ 296 CRYPT_KEYSET_DATABASE, /* Generic RDBMS interface */ 297 CRYPT_KEYSET_ODBC_STORE, /* ODBC certificate store */ 298 CRYPT_KEYSET_DATABASE_STORE, /* Database certificate store */ 299 CRYPT_KEYSET_LAST /* Last possible keyset type */ 300 301 #ifdef _CRYPT_DEFINED 302 /* Useful defines used internally for range checking */ 303 , CRYPT_FIRST_RDBMS = CRYPT_KEYSET_ODBC, 304 CRYPT_LAST_RDBMS = CRYPT_KEYSET_DATABASE_STORE 305 #endif /* _CRYPT_DEFINED */ 306 } CRYPT_KEYSET_TYPE; 307 308 /* Device subtypes */ 309 310 typedef enum { /* Crypto device types */ 311 CRYPT_DEVICE_NONE, /* No crypto device */ 312 CRYPT_DEVICE_FORTEZZA, /* Fortezza card - Placeholder only */ 313 CRYPT_DEVICE_PKCS11, /* PKCS #11 crypto token */ 314 CRYPT_DEVICE_CRYPTOAPI, /* Microsoft CryptoAPI */ 315 CRYPT_DEVICE_HARDWARE, /* Generic crypo HW plugin */ 316 CRYPT_DEVICE_LAST /* Last possible crypto device type */ 317 } CRYPT_DEVICE_TYPE; 318 319 /* Certificate subtypes */ 320 321 typedef enum { /* Certificate object types */ 322 CRYPT_CERTTYPE_NONE, /* No certificate type */ 323 CRYPT_CERTTYPE_CERTIFICATE, /* Certificate */ 324 CRYPT_CERTTYPE_ATTRIBUTE_CERT, /* Attribute certificate */ 325 CRYPT_CERTTYPE_CERTCHAIN, /* PKCS #7 certificate chain */ 326 CRYPT_CERTTYPE_CERTREQUEST, /* PKCS #10 certification request */ 327 CRYPT_CERTTYPE_REQUEST_CERT, /* CRMF certification request */ 328 CRYPT_CERTTYPE_REQUEST_REVOCATION, /* CRMF revocation request */ 329 CRYPT_CERTTYPE_CRL, /* CRL */ 330 CRYPT_CERTTYPE_CMS_ATTRIBUTES, /* CMS attributes */ 331 CRYPT_CERTTYPE_RTCS_REQUEST, /* RTCS request */ 332 CRYPT_CERTTYPE_RTCS_RESPONSE, /* RTCS response */ 333 CRYPT_CERTTYPE_OCSP_REQUEST, /* OCSP request */ 334 CRYPT_CERTTYPE_OCSP_RESPONSE, /* OCSP response */ 335 CRYPT_CERTTYPE_PKIUSER, /* PKI user information */ 336 #ifdef _CRYPT_DEFINED 337 /* Alongside the usual types we can also wind up with various 338 certificate-bagging schemes such as cert chains and sequences that 339 can't be exported in this format and therefore aren't visible to the 340 user, but that need to be distinguished internally. The following 341 types are only visible internally */ 342 CRYPT_ICERTTYPE_CMS_CERTSET, /* CMS SET OF Certificate = cert chain */ 343 CRYPT_ICERTTYPE_SSL_CERTCHAIN, /* SSL certificate chain = cert chain */ 344 CRYPT_ICERTTYPE_REVINFO, /* Revocation info/single CRL entry */ 345 #endif /* _CRYPT_DEFINED */ 346 CRYPT_CERTTYPE_LAST /* Last possible cert.type */ 347 #ifdef _CRYPT_DEFINED 348 , CRYPT_CERTTYPE_LAST_EXTERNAL = CRYPT_CERTTYPE_PKIUSER + 1 349 #endif /* _CRYPT_DEFINED */ 350 } CRYPT_CERTTYPE_TYPE; 351 352 /* Envelope/data format subtypes */ 353 354 typedef enum { 355 CRYPT_FORMAT_NONE, /* No format type */ 356 CRYPT_FORMAT_AUTO, /* Deenv, auto-determine type */ 357 CRYPT_FORMAT_CRYPTLIB, /* cryptlib native format */ 358 CRYPT_FORMAT_CMS, /* PKCS #7 / CMS / S/MIME fmt.*/ 359 CRYPT_FORMAT_PKCS7 = CRYPT_FORMAT_CMS, 360 CRYPT_FORMAT_SMIME, /* As CMS with MSG-style behaviour */ 361 CRYPT_FORMAT_PGP, /* PGP format */ 362 #ifdef _CRYPT_DEFINED 363 /* Alongside the usual types we can also wind up with various protocol- 364 specific format types such as SSL and SSH. The following types are 365 only visible internally */ 366 CRYPT_IFORMAT_SSL, /* SSL/TLS format */ 367 CRYPT_IFORMAT_TLS12, /* TLS 1.2 format */ 368 CRYPT_IFORMAT_SSH, /* SSH format */ 369 #endif /* _CRYPT_DEFINED */ 370 CRYPT_FORMAT_LAST /* Last possible format type */ 371 #ifdef _CRYPT_DEFINED 372 , CRYPT_FORMAT_LAST_EXTERNAL = CRYPT_FORMAT_PGP + 1 373 #endif /* _CRYPT_DEFINED */ 374 } CRYPT_FORMAT_TYPE; 375 376 /* Session subtypes */ 377 378 typedef enum { 379 CRYPT_SESSION_NONE, /* No session type */ 380 CRYPT_SESSION_SSH, /* SSH */ 381 CRYPT_SESSION_SSH_SERVER, /* SSH server */ 382 CRYPT_SESSION_SSL, /* SSL/TLS */ 383 CRYPT_SESSION_TLS = CRYPT_SESSION_SSL, 384 CRYPT_SESSION_SSL_SERVER, /* SSL/TLS server */ 385 CRYPT_SESSION_TLS_SERVER = CRYPT_SESSION_SSL_SERVER, 386 CRYPT_SESSION_RTCS, /* RTCS */ 387 CRYPT_SESSION_RTCS_SERVER, /* RTCS server */ 388 CRYPT_SESSION_OCSP, /* OCSP */ 389 CRYPT_SESSION_OCSP_SERVER, /* OCSP server */ 390 CRYPT_SESSION_TSP, /* TSP */ 391 CRYPT_SESSION_TSP_SERVER, /* TSP server */ 392 CRYPT_SESSION_CMP, /* CMP */ 393 CRYPT_SESSION_CMP_SERVER, /* CMP server */ 394 CRYPT_SESSION_SCEP, /* SCEP */ 395 CRYPT_SESSION_SCEP_SERVER, /* SCEP server */ 396 CRYPT_SESSION_CERTSTORE_SERVER, /* HTTP cert store interface */ 397 CRYPT_SESSION_LAST /* Last possible session type */ 398 } CRYPT_SESSION_TYPE; 399 400 /* User subtypes */ 401 402 typedef enum { 403 CRYPT_USER_NONE, /* No user type */ 404 CRYPT_USER_NORMAL, /* Normal user */ 405 CRYPT_USER_SO, /* Security officer */ 406 CRYPT_USER_CA, /* CA user */ 407 CRYPT_USER_LAST /* Last possible user type */ 408 } CRYPT_USER_TYPE; 409 410 /**************************************************************************** 411 * * 412 * Attribute Types * 413 * * 414 ****************************************************************************/ 415 416 /* Attribute types. These are arranged in the following order: 417 418 PROPERTY - Object property 419 ATTRIBUTE - Generic attributes 420 OPTION - Global or object-specific config.option 421 CTXINFO - Context-specific attribute 422 CERTINFO - Certificate-specific attribute 423 KEYINFO - Keyset-specific attribute 424 DEVINFO - Device-specific attribute 425 ENVINFO - Envelope-specific attribute 426 SESSINFO - Session-specific attribute 427 USERINFO - User-specific attribute */ 428 429 typedef enum { 430 CRYPT_ATTRIBUTE_NONE, /* Non-value */ 431 432 /* Used internally */ 433 CRYPT_PROPERTY_FIRST, 434 435 /*********************/ 436 /* Object attributes */ 437 /*********************/ 438 439 /* Object properties */ 440 CRYPT_PROPERTY_HIGHSECURITY, /* Owned+non-forwardcount+locked */ 441 CRYPT_PROPERTY_OWNER, /* Object owner */ 442 CRYPT_PROPERTY_FORWARDCOUNT, /* No.of times object can be forwarded */ 443 CRYPT_PROPERTY_LOCKED, /* Whether properties can be chged/read */ 444 CRYPT_PROPERTY_USAGECOUNT, /* Usage count before object expires */ 445 CRYPT_PROPERTY_NONEXPORTABLE, /* Whether key is nonexp.from context */ 446 447 /* Used internally */ 448 CRYPT_PROPERTY_LAST, CRYPT_GENERIC_FIRST, 449 450 /* Extended error information */ 451 CRYPT_ATTRIBUTE_ERRORTYPE, /* Type of last error */ 452 CRYPT_ATTRIBUTE_ERRORLOCUS, /* Locus of last error */ 453 CRYPT_ATTRIBUTE_ERRORMESSAGE, /* Detailed error description */ 454 455 /* Generic information */ 456 CRYPT_ATTRIBUTE_CURRENT_GROUP, /* Cursor mgt: Group in attribute list */ 457 CRYPT_ATTRIBUTE_CURRENT, /* Cursor mgt: Entry in attribute list */ 458 CRYPT_ATTRIBUTE_CURRENT_INSTANCE, /* Cursor mgt: Instance in attribute list */ 459 CRYPT_ATTRIBUTE_BUFFERSIZE, /* Internal data buffer size */ 460 461 /* Used internally */ 462 CRYPT_GENERIC_LAST, CRYPT_OPTION_FIRST = 100, 463 464 /****************************/ 465 /* Configuration attributes */ 466 /****************************/ 467 468 /* cryptlib information (read-only) */ 469 CRYPT_OPTION_INFO_DESCRIPTION, /* Text description */ 470 CRYPT_OPTION_INFO_COPYRIGHT, /* Copyright notice */ 471 CRYPT_OPTION_INFO_MAJORVERSION, /* Major release version */ 472 CRYPT_OPTION_INFO_MINORVERSION, /* Minor release version */ 473 CRYPT_OPTION_INFO_STEPPING, /* Release stepping */ 474 475 /* Encryption options */ 476 CRYPT_OPTION_ENCR_ALGO, /* Encryption algorithm */ 477 CRYPT_OPTION_ENCR_HASH, /* Hash algorithm */ 478 CRYPT_OPTION_ENCR_MAC, /* MAC algorithm */ 479 480 /* PKC options */ 481 CRYPT_OPTION_PKC_ALGO, /* Public-key encryption algorithm */ 482 CRYPT_OPTION_PKC_KEYSIZE, /* Public-key encryption key size */ 483 484 /* Signature options */ 485 CRYPT_OPTION_SIG_ALGO, /* Signature algorithm */ 486 CRYPT_OPTION_SIG_KEYSIZE, /* Signature keysize */ 487 488 /* Keying options */ 489 CRYPT_OPTION_KEYING_ALGO, /* Key processing algorithm */ 490 CRYPT_OPTION_KEYING_ITERATIONS, /* Key processing iterations */ 491 492 /* Certificate options */ 493 CRYPT_OPTION_CERT_SIGNUNRECOGNISEDATTRIBUTES, /* Whether to sign unrecog.attrs */ 494 CRYPT_OPTION_CERT_VALIDITY, /* Certificate validity period */ 495 CRYPT_OPTION_CERT_UPDATEINTERVAL, /* CRL update interval */ 496 CRYPT_OPTION_CERT_COMPLIANCELEVEL, /* PKIX compliance level for cert chks.*/ 497 CRYPT_OPTION_CERT_REQUIREPOLICY, /* Whether explicit policy req'd for certs */ 498 499 /* CMS/SMIME options */ 500 CRYPT_OPTION_CMS_DEFAULTATTRIBUTES, /* Add default CMS attributes */ 501 CRYPT_OPTION_SMIME_DEFAULTATTRIBUTES = CRYPT_OPTION_CMS_DEFAULTATTRIBUTES, 502 503 /* LDAP keyset options */ 504 CRYPT_OPTION_KEYS_LDAP_OBJECTCLASS, /* Object class */ 505 CRYPT_OPTION_KEYS_LDAP_OBJECTTYPE, /* Object type to fetch */ 506 CRYPT_OPTION_KEYS_LDAP_FILTER, /* Query filter */ 507 CRYPT_OPTION_KEYS_LDAP_CACERTNAME, /* CA certificate attribute name */ 508 CRYPT_OPTION_KEYS_LDAP_CERTNAME, /* Certificate attribute name */ 509 CRYPT_OPTION_KEYS_LDAP_CRLNAME, /* CRL attribute name */ 510 CRYPT_OPTION_KEYS_LDAP_EMAILNAME, /* Email attribute name */ 511 512 /* Crypto device options */ 513 CRYPT_OPTION_DEVICE_PKCS11_DVR01, /* Name of first PKCS #11 driver */ 514 CRYPT_OPTION_DEVICE_PKCS11_DVR02, /* Name of second PKCS #11 driver */ 515 CRYPT_OPTION_DEVICE_PKCS11_DVR03, /* Name of third PKCS #11 driver */ 516 CRYPT_OPTION_DEVICE_PKCS11_DVR04, /* Name of fourth PKCS #11 driver */ 517 CRYPT_OPTION_DEVICE_PKCS11_DVR05, /* Name of fifth PKCS #11 driver */ 518 CRYPT_OPTION_DEVICE_PKCS11_HARDWAREONLY,/* Use only hardware mechanisms */ 519 520 /* Network access options */ 521 CRYPT_OPTION_NET_SOCKS_SERVER, /* Socks server name */ 522 CRYPT_OPTION_NET_SOCKS_USERNAME, /* Socks user name */ 523 CRYPT_OPTION_NET_HTTP_PROXY, /* Web proxy server */ 524 CRYPT_OPTION_NET_CONNECTTIMEOUT, /* Timeout for network connection setup */ 525 CRYPT_OPTION_NET_READTIMEOUT, /* Timeout for network reads */ 526 CRYPT_OPTION_NET_WRITETIMEOUT, /* Timeout for network writes */ 527 528 /* Miscellaneous options */ 529 CRYPT_OPTION_MISC_ASYNCINIT, /* Whether to init cryptlib async'ly */ 530 CRYPT_OPTION_MISC_SIDECHANNELPROTECTION, /* Protect against side-channel attacks */ 531 532 /* cryptlib state information */ 533 CRYPT_OPTION_CONFIGCHANGED, /* Whether in-mem.opts match on-disk ones */ 534 CRYPT_OPTION_SELFTESTOK, /* Whether self-test was completed and OK */ 535 536 /* Used internally */ 537 CRYPT_OPTION_LAST, CRYPT_CTXINFO_FIRST = 1000, 538 539 /**********************/ 540 /* Context attributes */ 541 /**********************/ 542 543 /* Algorithm and mode information */ 544 CRYPT_CTXINFO_ALGO, /* Algorithm */ 545 CRYPT_CTXINFO_MODE, /* Mode */ 546 CRYPT_CTXINFO_NAME_ALGO, /* Algorithm name */ 547 CRYPT_CTXINFO_NAME_MODE, /* Mode name */ 548 CRYPT_CTXINFO_KEYSIZE, /* Key size in bytes */ 549 CRYPT_CTXINFO_BLOCKSIZE, /* Block size */ 550 CRYPT_CTXINFO_IVSIZE, /* IV size */ 551 CRYPT_CTXINFO_KEYING_ALGO, /* Key processing algorithm */ 552 CRYPT_CTXINFO_KEYING_ITERATIONS,/* Key processing iterations */ 553 CRYPT_CTXINFO_KEYING_SALT, /* Key processing salt */ 554 CRYPT_CTXINFO_KEYING_VALUE, /* Value used to derive key */ 555 556 /* State information */ 557 CRYPT_CTXINFO_KEY, /* Key */ 558 CRYPT_CTXINFO_KEY_COMPONENTS, /* Public-key components */ 559 CRYPT_CTXINFO_IV, /* IV */ 560 CRYPT_CTXINFO_HASHVALUE, /* Hash value */ 561 562 /* Misc.information */ 563 CRYPT_CTXINFO_LABEL, /* Label for private/secret key */ 564 CRYPT_CTXINFO_PERSISTENT, /* Obj.is backed by device or keyset */ 565 566 /* Used internally */ 567 CRYPT_CTXINFO_LAST, CRYPT_CERTINFO_FIRST = 2000, 568 569 /**************************/ 570 /* Certificate attributes */ 571 /**************************/ 572 573 /* Because there are so many cert attributes, we break them down into 574 blocks to minimise the number of values that change if a new one is 575 added halfway through */ 576 577 /* Pseudo-information on a cert object or meta-information which is used 578 to control the way that a cert object is processed */ 579 CRYPT_CERTINFO_SELFSIGNED, /* Cert is self-signed */ 580 CRYPT_CERTINFO_IMMUTABLE, /* Cert is signed and immutable */ 581 CRYPT_CERTINFO_XYZZY, /* Cert is a magic just-works cert */ 582 CRYPT_CERTINFO_CERTTYPE, /* Certificate object type */ 583 CRYPT_CERTINFO_FINGERPRINT_SHA1,/* Certificate fingerprints */ 584 CRYPT_CERTINFO_FINGERPRINT_SHA2, 585 CRYPT_CERTINFO_FINGERPRINT_SHAng, 586 CRYPT_CERTINFO_CURRENT_CERTIFICATE,/* Cursor mgt: Rel.pos in chain/CRL/OCSP */ 587 CRYPT_CERTINFO_TRUSTED_USAGE, /* Usage that cert is trusted for */ 588 CRYPT_CERTINFO_TRUSTED_IMPLICIT,/* Whether cert is implicitly trusted */ 589 CRYPT_CERTINFO_SIGNATURELEVEL, /* Amount of detail to include in sigs.*/ 590 591 /* General certificate object information */ 592 CRYPT_CERTINFO_VERSION, /* Cert.format version */ 593 CRYPT_CERTINFO_SERIALNUMBER, /* Serial number */ 594 CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, /* Public key */ 595 CRYPT_CERTINFO_CERTIFICATE, /* User certificate */ 596 CRYPT_CERTINFO_USERCERTIFICATE = CRYPT_CERTINFO_CERTIFICATE, 597 CRYPT_CERTINFO_CACERTIFICATE, /* CA certificate */ 598 CRYPT_CERTINFO_ISSUERNAME, /* Issuer DN */ 599 CRYPT_CERTINFO_VALIDFROM, /* Cert valid-from time */ 600 CRYPT_CERTINFO_VALIDTO, /* Cert valid-to time */ 601 CRYPT_CERTINFO_SUBJECTNAME, /* Subject DN */ 602 CRYPT_CERTINFO_ISSUERUNIQUEID, /* Issuer unique ID */ 603 CRYPT_CERTINFO_SUBJECTUNIQUEID, /* Subject unique ID */ 604 CRYPT_CERTINFO_CERTREQUEST, /* Cert.request (DN + public key) */ 605 CRYPT_CERTINFO_THISUPDATE, /* CRL/OCSP current-update time */ 606 CRYPT_CERTINFO_NEXTUPDATE, /* CRL/OCSP next-update time */ 607 CRYPT_CERTINFO_REVOCATIONDATE, /* CRL/OCSP cert-revocation time */ 608 CRYPT_CERTINFO_REVOCATIONSTATUS,/* OCSP revocation status */ 609 CRYPT_CERTINFO_CERTSTATUS, /* RTCS certificate status */ 610 CRYPT_CERTINFO_DN, /* Currently selected DN in string form */ 611 CRYPT_CERTINFO_PKIUSER_ID, /* PKI user ID */ 612 CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD, /* PKI user issue password */ 613 CRYPT_CERTINFO_PKIUSER_REVPASSWORD, /* PKI user revocation password */ 614 CRYPT_CERTINFO_PKIUSER_RA, /* PKI user is an RA */ 615 616 /* X.520 Distinguished Name components. This is a composite field, the 617 DN to be manipulated is selected through the addition of a 618 pseudocomponent, and then one of the following is used to access the 619 DN components directly */ 620 CRYPT_CERTINFO_COUNTRYNAME = CRYPT_CERTINFO_FIRST + 100, /* countryName */ 621 CRYPT_CERTINFO_STATEORPROVINCENAME, /* stateOrProvinceName */ 622 CRYPT_CERTINFO_LOCALITYNAME, /* localityName */ 623 CRYPT_CERTINFO_ORGANIZATIONNAME, /* organizationName */ 624 CRYPT_CERTINFO_ORGANISATIONNAME = CRYPT_CERTINFO_ORGANIZATIONNAME, 625 CRYPT_CERTINFO_ORGANIZATIONALUNITNAME, /* organizationalUnitName */ 626 CRYPT_CERTINFO_ORGANISATIONALUNITNAME = CRYPT_CERTINFO_ORGANIZATIONALUNITNAME, 627 CRYPT_CERTINFO_COMMONNAME, /* commonName */ 628 629 /* X.509 General Name components. These are handled in the same way as 630 the DN composite field, with the current GeneralName being selected by 631 a pseudo-component after which the individual components can be 632 modified through one of the following */ 633 CRYPT_CERTINFO_OTHERNAME_TYPEID, /* otherName.typeID */ 634 CRYPT_CERTINFO_OTHERNAME_VALUE, /* otherName.value */ 635 CRYPT_CERTINFO_RFC822NAME, /* rfc822Name */ 636 CRYPT_CERTINFO_EMAIL = CRYPT_CERTINFO_RFC822NAME, 637 CRYPT_CERTINFO_DNSNAME, /* dNSName */ 638 #if 0 /* Not supported, these are never used in practice and have an 639 insane internal structure */ 640 CRYPT_CERTINFO_X400ADDRESS, /* x400Address */ 641 #endif /* 0 */ 642 CRYPT_CERTINFO_DIRECTORYNAME, /* directoryName */ 643 CRYPT_CERTINFO_EDIPARTYNAME_NAMEASSIGNER, /* ediPartyName.nameAssigner */ 644 CRYPT_CERTINFO_EDIPARTYNAME_PARTYNAME, /* ediPartyName.partyName */ 645 CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER, /* uniformResourceIdentifier */ 646 CRYPT_CERTINFO_URL = CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER, 647 CRYPT_CERTINFO_IPADDRESS, /* iPAddress */ 648 CRYPT_CERTINFO_REGISTEREDID, /* registeredID */ 649 650 /* X.509 certificate extensions. Although it would be nicer to use names 651 that match the extensions more closely (e.g. 652 CRYPT_CERTINFO_BASICCONSTRAINTS_PATHLENCONSTRAINT), these exceed the 653 32-character ANSI minimum length for unique names, and get really 654 hairy once you get into the weird policy constraints extensions whose 655 names wrap around the screen about three times. 656 657 The following values are defined in OID order, this isn't absolutely 658 necessary but saves an extra layer of processing when encoding them */ 659 660 /* 1 2 840 113549 1 9 7 challengePassword. This is here even though it's 661 a CMS attribute because SCEP stuffs it into PKCS #10 requests */ 662 CRYPT_CERTINFO_CHALLENGEPASSWORD = CRYPT_CERTINFO_FIRST + 200, 663 664 /* 1 3 6 1 4 1 3029 3 1 4 cRLExtReason */ 665 CRYPT_CERTINFO_CRLEXTREASON, 666 667 /* 1 3 6 1 4 1 3029 3 1 5 keyFeatures */ 668 CRYPT_CERTINFO_KEYFEATURES, 669 670 /* 1 3 6 1 5 5 7 1 1 authorityInfoAccess */ 671 CRYPT_CERTINFO_AUTHORITYINFOACCESS, 672 CRYPT_CERTINFO_AUTHORITYINFO_RTCS, /* accessDescription.accessLocation */ 673 CRYPT_CERTINFO_AUTHORITYINFO_OCSP, /* accessDescription.accessLocation */ 674 CRYPT_CERTINFO_AUTHORITYINFO_CAISSUERS, /* accessDescription.accessLocation */ 675 CRYPT_CERTINFO_AUTHORITYINFO_CERTSTORE, /* accessDescription.accessLocation */ 676 CRYPT_CERTINFO_AUTHORITYINFO_CRLS, /* accessDescription.accessLocation */ 677 678 /* 1 3 6 1 5 5 7 1 2 biometricInfo */ 679 CRYPT_CERTINFO_BIOMETRICINFO, 680 CRYPT_CERTINFO_BIOMETRICINFO_TYPE, /* biometricData.typeOfData */ 681 CRYPT_CERTINFO_BIOMETRICINFO_HASHALGO, /* biometricData.hashAlgorithm */ 682 CRYPT_CERTINFO_BIOMETRICINFO_HASH, /* biometricData.dataHash */ 683 CRYPT_CERTINFO_BIOMETRICINFO_URL, /* biometricData.sourceDataUri */ 684 685 /* 1 3 6 1 5 5 7 1 3 qcStatements */ 686 CRYPT_CERTINFO_QCSTATEMENT, 687 CRYPT_CERTINFO_QCSTATEMENT_SEMANTICS, 688 /* qcStatement.statementInfo.semanticsIdentifier */ 689 CRYPT_CERTINFO_QCSTATEMENT_REGISTRATIONAUTHORITY, 690 /* qcStatement.statementInfo.nameRegistrationAuthorities */ 691 692 /* 1 3 6 1 5 5 7 1 7 ipAddrBlocks */ 693 CRYPT_CERTINFO_IPADDRESSBLOCKS, 694 CRYPT_CERTINFO_IPADDRESSBLOCKS_ADDRESSFAMILY, /* addressFamily */ 695 /* CRYPT_CERTINFO_IPADDRESSBLOCKS_INHERIT, // ipAddress.inherit */ 696 CRYPT_CERTINFO_IPADDRESSBLOCKS_PREFIX, /* ipAddress.addressPrefix */ 697 CRYPT_CERTINFO_IPADDRESSBLOCKS_MIN, /* ipAddress.addressRangeMin */ 698 CRYPT_CERTINFO_IPADDRESSBLOCKS_MAX, /* ipAddress.addressRangeMax */ 699 700 /* 1 3 6 1 5 5 7 1 8 autonomousSysIds */ 701 CRYPT_CERTINFO_AUTONOMOUSSYSIDS, 702 /* CRYPT_CERTINFO_AUTONOMOUSSYSIDS_ASNUM_INHERIT,// asNum.inherit */ 703 CRYPT_CERTINFO_AUTONOMOUSSYSIDS_ASNUM_ID, /* asNum.id */ 704 CRYPT_CERTINFO_AUTONOMOUSSYSIDS_ASNUM_MIN, /* asNum.min */ 705 CRYPT_CERTINFO_AUTONOMOUSSYSIDS_ASNUM_MAX, /* asNum.max */ 706 707 /* 1 3 6 1 5 5 7 48 1 2 ocspNonce */ 708 CRYPT_CERTINFO_OCSP_NONCE, /* nonce */ 709 710 /* 1 3 6 1 5 5 7 48 1 4 ocspAcceptableResponses */ 711 CRYPT_CERTINFO_OCSP_RESPONSE, 712 CRYPT_CERTINFO_OCSP_RESPONSE_OCSP, /* OCSP standard response */ 713 714 /* 1 3 6 1 5 5 7 48 1 5 ocspNoCheck */ 715 CRYPT_CERTINFO_OCSP_NOCHECK, 716 717 /* 1 3 6 1 5 5 7 48 1 6 ocspArchiveCutoff */ 718 CRYPT_CERTINFO_OCSP_ARCHIVECUTOFF, 719 720 /* 1 3 6 1 5 5 7 48 1 11 subjectInfoAccess */ 721 CRYPT_CERTINFO_SUBJECTINFOACCESS, 722 CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING,/* accessDescription.accessLocation */ 723 CRYPT_CERTINFO_SUBJECTINFO_CAREPOSITORY,/* accessDescription.accessLocation */ 724 CRYPT_CERTINFO_SUBJECTINFO_SIGNEDOBJECTREPOSITORY,/* accessDescription.accessLocation */ 725 CRYPT_CERTINFO_SUBJECTINFO_RPKIMANIFEST,/* accessDescription.accessLocation */ 726 CRYPT_CERTINFO_SUBJECTINFO_SIGNEDOBJECT,/* accessDescription.accessLocation */ 727 728 /* 1 3 36 8 3 1 siggDateOfCertGen */ 729 CRYPT_CERTINFO_SIGG_DATEOFCERTGEN, 730 731 /* 1 3 36 8 3 2 siggProcuration */ 732 CRYPT_CERTINFO_SIGG_PROCURATION, 733 CRYPT_CERTINFO_SIGG_PROCURE_COUNTRY, /* country */ 734 CRYPT_CERTINFO_SIGG_PROCURE_TYPEOFSUBSTITUTION, /* typeOfSubstitution */ 735 CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR, /* signingFor.thirdPerson */ 736 737 /* 1 3 36 8 3 3 siggAdmissions */ 738 CRYPT_CERTINFO_SIGG_ADMISSIONS, 739 CRYPT_CERTINFO_SIGG_ADMISSIONS_AUTHORITY, /* authority */ 740 CRYPT_CERTINFO_SIGG_ADMISSIONS_NAMINGAUTHID, /* namingAuth.iD */ 741 CRYPT_CERTINFO_SIGG_ADMISSIONS_NAMINGAUTHURL, /* namingAuth.uRL */ 742 CRYPT_CERTINFO_SIGG_ADMISSIONS_NAMINGAUTHTEXT, /* namingAuth.text */ 743 CRYPT_CERTINFO_SIGG_ADMISSIONS_PROFESSIONITEM, /* professionItem */ 744 CRYPT_CERTINFO_SIGG_ADMISSIONS_PROFESSIONOID, /* professionOID */ 745 CRYPT_CERTINFO_SIGG_ADMISSIONS_REGISTRATIONNUMBER, /* registrationNumber */ 746 747 /* 1 3 36 8 3 4 siggMonetaryLimit */ 748 CRYPT_CERTINFO_SIGG_MONETARYLIMIT, 749 CRYPT_CERTINFO_SIGG_MONETARY_CURRENCY, /* currency */ 750 CRYPT_CERTINFO_SIGG_MONETARY_AMOUNT, /* amount */ 751 CRYPT_CERTINFO_SIGG_MONETARY_EXPONENT, /* exponent */ 752 753 /* 1 3 36 8 3 5 siggDeclarationOfMajority */ 754 CRYPT_CERTINFO_SIGG_DECLARATIONOFMAJORITY, 755 CRYPT_CERTINFO_SIGG_DECLARATIONOFMAJORITY_COUNTRY, /* fullAgeAtCountry */ 756 757 /* 1 3 36 8 3 8 siggRestriction */ 758 CRYPT_CERTINFO_SIGG_RESTRICTION, 759 760 /* 1 3 36 8 3 13 siggCertHash */ 761 CRYPT_CERTINFO_SIGG_CERTHASH, 762 763 /* 1 3 36 8 3 15 siggAdditionalInformation */ 764 CRYPT_CERTINFO_SIGG_ADDITIONALINFORMATION, 765 766 /* 1 3 101 1 4 1 strongExtranet */ 767 CRYPT_CERTINFO_STRONGEXTRANET, 768 CRYPT_CERTINFO_STRONGEXTRANET_ZONE, /* sxNetIDList.sxNetID.zone */ 769 CRYPT_CERTINFO_STRONGEXTRANET_ID, /* sxNetIDList.sxNetID.id */ 770 771 /* 2 5 29 9 subjectDirectoryAttributes */ 772 CRYPT_CERTINFO_SUBJECTDIRECTORYATTRIBUTES, 773 CRYPT_CERTINFO_SUBJECTDIR_TYPE, /* attribute.type */ 774 CRYPT_CERTINFO_SUBJECTDIR_VALUES, /* attribute.values */ 775 776 /* 2 5 29 14 subjectKeyIdentifier */ 777 CRYPT_CERTINFO_SUBJECTKEYIDENTIFIER, 778 779 /* 2 5 29 15 keyUsage */ 780 CRYPT_CERTINFO_KEYUSAGE, 781 782 /* 2 5 29 16 privateKeyUsagePeriod */ 783 CRYPT_CERTINFO_PRIVATEKEYUSAGEPERIOD, 784 CRYPT_CERTINFO_PRIVATEKEY_NOTBEFORE, /* notBefore */ 785 CRYPT_CERTINFO_PRIVATEKEY_NOTAFTER, /* notAfter */ 786 787 /* 2 5 29 17 subjectAltName */ 788 CRYPT_CERTINFO_SUBJECTALTNAME, 789 790 /* 2 5 29 18 issuerAltName */ 791 CRYPT_CERTINFO_ISSUERALTNAME, 792 793 /* 2 5 29 19 basicConstraints */ 794 CRYPT_CERTINFO_BASICCONSTRAINTS, 795 CRYPT_CERTINFO_CA, /* cA */ 796 CRYPT_CERTINFO_AUTHORITY = CRYPT_CERTINFO_CA, 797 CRYPT_CERTINFO_PATHLENCONSTRAINT, /* pathLenConstraint */ 798 799 /* 2 5 29 20 cRLNumber */ 800 CRYPT_CERTINFO_CRLNUMBER, 801 802 /* 2 5 29 21 cRLReason */ 803 CRYPT_CERTINFO_CRLREASON, 804 805 /* 2 5 29 23 holdInstructionCode */ 806 CRYPT_CERTINFO_HOLDINSTRUCTIONCODE, 807 808 /* 2 5 29 24 invalidityDate */ 809 CRYPT_CERTINFO_INVALIDITYDATE, 810 811 /* 2 5 29 27 deltaCRLIndicator */ 812 CRYPT_CERTINFO_DELTACRLINDICATOR, 813 814 /* 2 5 29 28 issuingDistributionPoint */ 815 CRYPT_CERTINFO_ISSUINGDISTRIBUTIONPOINT, 816 CRYPT_CERTINFO_ISSUINGDIST_FULLNAME, /* distributionPointName.fullName */ 817 CRYPT_CERTINFO_ISSUINGDIST_USERCERTSONLY, /* onlyContainsUserCerts */ 818 CRYPT_CERTINFO_ISSUINGDIST_CACERTSONLY, /* onlyContainsCACerts */ 819 CRYPT_CERTINFO_ISSUINGDIST_SOMEREASONSONLY, /* onlySomeReasons */ 820 CRYPT_CERTINFO_ISSUINGDIST_INDIRECTCRL, /* indirectCRL */ 821 822 /* 2 5 29 29 certificateIssuer */ 823 CRYPT_CERTINFO_CERTIFICATEISSUER, 824 825 /* 2 5 29 30 nameConstraints */ 826 CRYPT_CERTINFO_NAMECONSTRAINTS, 827 CRYPT_CERTINFO_PERMITTEDSUBTREES, /* permittedSubtrees */ 828 CRYPT_CERTINFO_EXCLUDEDSUBTREES, /* excludedSubtrees */ 829 830 /* 2 5 29 31 cRLDistributionPoint */ 831 CRYPT_CERTINFO_CRLDISTRIBUTIONPOINT, 832 CRYPT_CERTINFO_CRLDIST_FULLNAME, /* distributionPointName.fullName */ 833 CRYPT_CERTINFO_CRLDIST_REASONS, /* reasons */ 834 CRYPT_CERTINFO_CRLDIST_CRLISSUER, /* cRLIssuer */ 835 836 /* 2 5 29 32 certificatePolicies */ 837 CRYPT_CERTINFO_CERTIFICATEPOLICIES, 838 CRYPT_CERTINFO_CERTPOLICYID, /* policyInformation.policyIdentifier */ 839 CRYPT_CERTINFO_CERTPOLICY_CPSURI, 840 /* policyInformation.policyQualifiers.qualifier.cPSuri */ 841 CRYPT_CERTINFO_CERTPOLICY_ORGANIZATION, 842 /* policyInformation.policyQualifiers.qualifier.userNotice.noticeRef.organization */ 843 CRYPT_CERTINFO_CERTPOLICY_NOTICENUMBERS, 844 /* policyInformation.policyQualifiers.qualifier.userNotice.noticeRef.noticeNumbers */ 845 CRYPT_CERTINFO_CERTPOLICY_EXPLICITTEXT, 846 /* policyInformation.policyQualifiers.qualifier.userNotice.explicitText */ 847 848 /* 2 5 29 33 policyMappings */ 849 CRYPT_CERTINFO_POLICYMAPPINGS, 850 CRYPT_CERTINFO_ISSUERDOMAINPOLICY, /* policyMappings.issuerDomainPolicy */ 851 CRYPT_CERTINFO_SUBJECTDOMAINPOLICY, /* policyMappings.subjectDomainPolicy */ 852 853 /* 2 5 29 35 authorityKeyIdentifier */ 854 CRYPT_CERTINFO_AUTHORITYKEYIDENTIFIER, 855 CRYPT_CERTINFO_AUTHORITY_KEYIDENTIFIER, /* keyIdentifier */ 856 CRYPT_CERTINFO_AUTHORITY_CERTISSUER, /* authorityCertIssuer */ 857 CRYPT_CERTINFO_AUTHORITY_CERTSERIALNUMBER, /* authorityCertSerialNumber */ 858 859 /* 2 5 29 36 policyConstraints */ 860 CRYPT_CERTINFO_POLICYCONSTRAINTS, 861 CRYPT_CERTINFO_REQUIREEXPLICITPOLICY, /* policyConstraints.requireExplicitPolicy */ 862 CRYPT_CERTINFO_INHIBITPOLICYMAPPING, /* policyConstraints.inhibitPolicyMapping */ 863 864 /* 2 5 29 37 extKeyUsage */ 865 CRYPT_CERTINFO_EXTKEYUSAGE, 866 CRYPT_CERTINFO_EXTKEY_MS_INDIVIDUALCODESIGNING, /* individualCodeSigning */ 867 CRYPT_CERTINFO_EXTKEY_MS_COMMERCIALCODESIGNING, /* commercialCodeSigning */ 868 CRYPT_CERTINFO_EXTKEY_MS_CERTTRUSTLISTSIGNING, /* certTrustListSigning */ 869 CRYPT_CERTINFO_EXTKEY_MS_TIMESTAMPSIGNING, /* timeStampSigning */ 870 CRYPT_CERTINFO_EXTKEY_MS_SERVERGATEDCRYPTO, /* serverGatedCrypto */ 871 CRYPT_CERTINFO_EXTKEY_MS_ENCRYPTEDFILESYSTEM, /* encrypedFileSystem */ 872 CRYPT_CERTINFO_EXTKEY_SERVERAUTH, /* serverAuth */ 873 CRYPT_CERTINFO_EXTKEY_CLIENTAUTH, /* clientAuth */ 874 CRYPT_CERTINFO_EXTKEY_CODESIGNING, /* codeSigning */ 875 CRYPT_CERTINFO_EXTKEY_EMAILPROTECTION, /* emailProtection */ 876 CRYPT_CERTINFO_EXTKEY_IPSECENDSYSTEM, /* ipsecEndSystem */ 877 CRYPT_CERTINFO_EXTKEY_IPSECTUNNEL, /* ipsecTunnel */ 878 CRYPT_CERTINFO_EXTKEY_IPSECUSER, /* ipsecUser */ 879 CRYPT_CERTINFO_EXTKEY_TIMESTAMPING, /* timeStamping */ 880 CRYPT_CERTINFO_EXTKEY_OCSPSIGNING, /* ocspSigning */ 881 CRYPT_CERTINFO_EXTKEY_DIRECTORYSERVICE, /* directoryService */ 882 CRYPT_CERTINFO_EXTKEY_ANYKEYUSAGE, /* anyExtendedKeyUsage */ 883 CRYPT_CERTINFO_EXTKEY_NS_SERVERGATEDCRYPTO, /* serverGatedCrypto */ 884 CRYPT_CERTINFO_EXTKEY_VS_SERVERGATEDCRYPTO_CA, /* serverGatedCrypto CA */ 885 886 /* 2 5 29 40 crlStreamIdentifier */ 887 CRYPT_CERTINFO_CRLSTREAMIDENTIFIER, 888 889 /* 2 5 29 46 freshestCRL */ 890 CRYPT_CERTINFO_FRESHESTCRL, 891 CRYPT_CERTINFO_FRESHESTCRL_FULLNAME, /* distributionPointName.fullName */ 892 CRYPT_CERTINFO_FRESHESTCRL_REASONS, /* reasons */ 893 CRYPT_CERTINFO_FRESHESTCRL_CRLISSUER, /* cRLIssuer */ 894 895 /* 2 5 29 47 orderedList */ 896 CRYPT_CERTINFO_ORDEREDLIST, 897 898 /* 2 5 29 51 baseUpdateTime */ 899 CRYPT_CERTINFO_BASEUPDATETIME, 900 901 /* 2 5 29 53 deltaInfo */ 902 CRYPT_CERTINFO_DELTAINFO, 903 CRYPT_CERTINFO_DELTAINFO_LOCATION, /* deltaLocation */ 904 CRYPT_CERTINFO_DELTAINFO_NEXTDELTA, /* nextDelta */ 905 906 /* 2 5 29 54 inhibitAnyPolicy */ 907 CRYPT_CERTINFO_INHIBITANYPOLICY, 908 909 /* 2 5 29 58 toBeRevoked */ 910 CRYPT_CERTINFO_TOBEREVOKED, 911 CRYPT_CERTINFO_TOBEREVOKED_CERTISSUER, /* certificateIssuer */ 912 CRYPT_CERTINFO_TOBEREVOKED_REASONCODE, /* reasonCode */ 913 CRYPT_CERTINFO_TOBEREVOKED_REVOCATIONTIME, /* revocationTime */ 914 CRYPT_CERTINFO_TOBEREVOKED_CERTSERIALNUMBER,/* certSerialNumber */ 915 916 /* 2 5 29 59 revokedGroups */ 917 CRYPT_CERTINFO_REVOKEDGROUPS, 918 CRYPT_CERTINFO_REVOKEDGROUPS_CERTISSUER,/* certificateIssuer */ 919 CRYPT_CERTINFO_REVOKEDGROUPS_REASONCODE,/* reasonCode */ 920 CRYPT_CERTINFO_REVOKEDGROUPS_INVALIDITYDATE,/* invalidityDate */ 921 CRYPT_CERTINFO_REVOKEDGROUPS_STARTINGNUMBER,/* startingNumber */ 922 CRYPT_CERTINFO_REVOKEDGROUPS_ENDINGNUMBER, /* endingNumber */ 923 924 /* 2 5 29 60 expiredCertsOnCRL */ 925 CRYPT_CERTINFO_EXPIREDCERTSONCRL, 926 927 /* 2 5 29 63 aaIssuingDistributionPoint */ 928 CRYPT_CERTINFO_AAISSUINGDISTRIBUTIONPOINT, 929 CRYPT_CERTINFO_AAISSUINGDIST_FULLNAME, /* distributionPointName.fullName */ 930 CRYPT_CERTINFO_AAISSUINGDIST_SOMEREASONSONLY,/* onlySomeReasons */ 931 CRYPT_CERTINFO_AAISSUINGDIST_INDIRECTCRL, /* indirectCRL */ 932 CRYPT_CERTINFO_AAISSUINGDIST_USERATTRCERTS, /* containsUserAttributeCerts */ 933 CRYPT_CERTINFO_AAISSUINGDIST_AACERTS, /* containsAACerts */ 934 CRYPT_CERTINFO_AAISSUINGDIST_SOACERTS, /* containsSOAPublicKeyCerts */ 935 936 /* 2 16 840 1 113730 1 x Netscape extensions */ 937 CRYPT_CERTINFO_NS_CERTTYPE, /* netscape-cert-type */ 938 CRYPT_CERTINFO_NS_BASEURL, /* netscape-base-url */ 939 CRYPT_CERTINFO_NS_REVOCATIONURL, /* netscape-revocation-url */ 940 CRYPT_CERTINFO_NS_CAREVOCATIONURL, /* netscape-ca-revocation-url */ 941 CRYPT_CERTINFO_NS_CERTRENEWALURL, /* netscape-cert-renewal-url */ 942 CRYPT_CERTINFO_NS_CAPOLICYURL, /* netscape-ca-policy-url */ 943 CRYPT_CERTINFO_NS_SSLSERVERNAME, /* netscape-ssl-server-name */ 944 CRYPT_CERTINFO_NS_COMMENT, /* netscape-comment */ 945 946 /* 2 23 42 7 0 SET hashedRootKey */ 947 CRYPT_CERTINFO_SET_HASHEDROOTKEY, 948 CRYPT_CERTINFO_SET_ROOTKEYTHUMBPRINT, /* rootKeyThumbPrint */ 949 950 /* 2 23 42 7 1 SET certificateType */ 951 CRYPT_CERTINFO_SET_CERTIFICATETYPE, 952 953 /* 2 23 42 7 2 SET merchantData */ 954 CRYPT_CERTINFO_SET_MERCHANTDATA, 955 CRYPT_CERTINFO_SET_MERID, /* merID */ 956 CRYPT_CERTINFO_SET_MERACQUIRERBIN, /* merAcquirerBIN */ 957 CRYPT_CERTINFO_SET_MERCHANTLANGUAGE, /* merNames.language */ 958 CRYPT_CERTINFO_SET_MERCHANTNAME, /* merNames.name */ 959 CRYPT_CERTINFO_SET_MERCHANTCITY, /* merNames.city */ 960 CRYPT_CERTINFO_SET_MERCHANTSTATEPROVINCE,/* merNames.stateProvince */ 961 CRYPT_CERTINFO_SET_MERCHANTPOSTALCODE, /* merNames.postalCode */ 962 CRYPT_CERTINFO_SET_MERCHANTCOUNTRYNAME, /* merNames.countryName */ 963 CRYPT_CERTINFO_SET_MERCOUNTRY, /* merCountry */ 964 CRYPT_CERTINFO_SET_MERAUTHFLAG, /* merAuthFlag */ 965 966 /* 2 23 42 7 3 SET certCardRequired */ 967 CRYPT_CERTINFO_SET_CERTCARDREQUIRED, 968 969 /* 2 23 42 7 4 SET tunneling */ 970 CRYPT_CERTINFO_SET_TUNNELING, 971 CRYPT_CERTINFO_SET_TUNNELLING = CRYPT_CERTINFO_SET_TUNNELING, 972 CRYPT_CERTINFO_SET_TUNNELINGFLAG, /* tunneling */ 973 CRYPT_CERTINFO_SET_TUNNELLINGFLAG = CRYPT_CERTINFO_SET_TUNNELINGFLAG, 974 CRYPT_CERTINFO_SET_TUNNELINGALGID, /* tunnelingAlgID */ 975 CRYPT_CERTINFO_SET_TUNNELLINGALGID = CRYPT_CERTINFO_SET_TUNNELINGALGID, 976 977 /* S/MIME attributes */ 978 979 /* 1 2 840 113549 1 9 3 contentType */ 980 CRYPT_CERTINFO_CMS_CONTENTTYPE = CRYPT_CERTINFO_FIRST + 500, 981 982 /* 1 2 840 113549 1 9 4 messageDigest */ 983 CRYPT_CERTINFO_CMS_MESSAGEDIGEST, 984 985 /* 1 2 840 113549 1 9 5 signingTime */ 986 CRYPT_CERTINFO_CMS_SIGNINGTIME, 987 988 /* 1 2 840 113549 1 9 6 counterSignature */ 989 CRYPT_CERTINFO_CMS_COUNTERSIGNATURE, /* counterSignature */ 990 991 /* 1 2 840 113549 1 9 13 signingDescription */ 992 CRYPT_CERTINFO_CMS_SIGNINGDESCRIPTION, 993 994 /* 1 2 840 113549 1 9 15 sMIMECapabilities */ 995 CRYPT_CERTINFO_CMS_SMIMECAPABILITIES, 996 CRYPT_CERTINFO_CMS_SMIMECAP_3DES, /* 3DES encryption */ 997 CRYPT_CERTINFO_CMS_SMIMECAP_AES, /* AES encryption */ 998 CRYPT_CERTINFO_CMS_SMIMECAP_CAST128, /* CAST-128 encryption */ 999 CRYPT_CERTINFO_CMS_SMIMECAP_SHAng, /* SHA2-ng hash */ 1000 CRYPT_CERTINFO_CMS_SMIMECAP_SHA2, /* SHA2-256 hash */ 1001 CRYPT_CERTINFO_CMS_SMIMECAP_SHA1, /* SHA1 hash */ 1002 CRYPT_CERTINFO_CMS_SMIMECAP_HMAC_SHAng, /* HMAC-SHA2-ng MAC */ 1003 CRYPT_CERTINFO_CMS_SMIMECAP_HMAC_SHA2, /* HMAC-SHA2-256 MAC */ 1004 CRYPT_CERTINFO_CMS_SMIMECAP_HMAC_SHA1, /* HMAC-SHA1 MAC */ 1005 CRYPT_CERTINFO_CMS_SMIMECAP_AUTHENC256, /* AuthEnc w.256-bit key */ 1006 CRYPT_CERTINFO_CMS_SMIMECAP_AUTHENC128, /* AuthEnc w.128-bit key */ 1007 CRYPT_CERTINFO_CMS_SMIMECAP_RSA_SHAng, /* RSA with SHA-ng signing */ 1008 CRYPT_CERTINFO_CMS_SMIMECAP_RSA_SHA2, /* RSA with SHA2-256 signing */ 1009 CRYPT_CERTINFO_CMS_SMIMECAP_RSA_SHA1, /* RSA with SHA1 signing */ 1010 CRYPT_CERTINFO_CMS_SMIMECAP_DSA_SHA1, /* DSA with SHA-1 signing */ 1011 CRYPT_CERTINFO_CMS_SMIMECAP_ECDSA_SHAng,/* ECDSA with SHA-ng signing */ 1012 CRYPT_CERTINFO_CMS_SMIMECAP_ECDSA_SHA2, /* ECDSA with SHA2-256 signing */ 1013 CRYPT_CERTINFO_CMS_SMIMECAP_ECDSA_SHA1, /* ECDSA with SHA-1 signing */ 1014 CRYPT_CERTINFO_CMS_SMIMECAP_PREFERSIGNEDDATA, /* preferSignedData */ 1015 CRYPT_CERTINFO_CMS_SMIMECAP_CANNOTDECRYPTANY, /* canNotDecryptAny */ 1016 CRYPT_CERTINFO_CMS_SMIMECAP_PREFERBINARYINSIDE, /* preferBinaryInside */ 1017 1018 /* 1 2 840 113549 1 9 16 2 1 receiptRequest */ 1019 CRYPT_CERTINFO_CMS_RECEIPTREQUEST, 1020 CRYPT_CERTINFO_CMS_RECEIPT_CONTENTIDENTIFIER, /* contentIdentifier */ 1021 CRYPT_CERTINFO_CMS_RECEIPT_FROM, /* receiptsFrom */ 1022 CRYPT_CERTINFO_CMS_RECEIPT_TO, /* receiptsTo */ 1023 1024 /* 1 2 840 113549 1 9 16 2 2 essSecurityLabel */ 1025 CRYPT_CERTINFO_CMS_SECURITYLABEL, 1026 CRYPT_CERTINFO_CMS_SECLABEL_POLICY, /* securityPolicyIdentifier */ 1027 CRYPT_CERTINFO_CMS_SECLABEL_CLASSIFICATION, /* securityClassification */ 1028 CRYPT_CERTINFO_CMS_SECLABEL_PRIVACYMARK,/* privacyMark */ 1029 CRYPT_CERTINFO_CMS_SECLABEL_CATTYPE, /* securityCategories.securityCategory.type */ 1030 CRYPT_CERTINFO_CMS_SECLABEL_CATVALUE, /* securityCategories.securityCategory.value */ 1031 1032 /* 1 2 840 113549 1 9 16 2 3 mlExpansionHistory */ 1033 CRYPT_CERTINFO_CMS_MLEXPANSIONHISTORY, 1034 CRYPT_CERTINFO_CMS_MLEXP_ENTITYIDENTIFIER, /* mlData.mailListIdentifier.issuerAndSerialNumber */ 1035 CRYPT_CERTINFO_CMS_MLEXP_TIME, /* mlData.expansionTime */ 1036 CRYPT_CERTINFO_CMS_MLEXP_NONE, /* mlData.mlReceiptPolicy.none */ 1037 CRYPT_CERTINFO_CMS_MLEXP_INSTEADOF, /* mlData.mlReceiptPolicy.insteadOf.generalNames.generalName */ 1038 CRYPT_CERTINFO_CMS_MLEXP_INADDITIONTO, /* mlData.mlReceiptPolicy.inAdditionTo.generalNames.generalName */ 1039 1040 /* 1 2 840 113549 1 9 16 2 4 contentHints */ 1041 CRYPT_CERTINFO_CMS_CONTENTHINTS, 1042 CRYPT_CERTINFO_CMS_CONTENTHINT_DESCRIPTION, /* contentDescription */ 1043 CRYPT_CERTINFO_CMS_CONTENTHINT_TYPE, /* contentType */ 1044 1045 /* 1 2 840 113549 1 9 16 2 9 equivalentLabels */ 1046 CRYPT_CERTINFO_CMS_EQUIVALENTLABEL, 1047 CRYPT_CERTINFO_CMS_EQVLABEL_POLICY, /* securityPolicyIdentifier */ 1048 CRYPT_CERTINFO_CMS_EQVLABEL_CLASSIFICATION, /* securityClassification */ 1049 CRYPT_CERTINFO_CMS_EQVLABEL_PRIVACYMARK,/* privacyMark */ 1050 CRYPT_CERTINFO_CMS_EQVLABEL_CATTYPE, /* securityCategories.securityCategory.type */ 1051 CRYPT_CERTINFO_CMS_EQVLABEL_CATVALUE, /* securityCategories.securityCategory.value */ 1052 1053 /* 1 2 840 113549 1 9 16 2 12 signingCertificate */ 1054 CRYPT_CERTINFO_CMS_SIGNINGCERTIFICATE, 1055 CRYPT_CERTINFO_CMS_SIGNINGCERT_ESSCERTID, /* certs.essCertID */ 1056 CRYPT_CERTINFO_CMS_SIGNINGCERT_POLICIES,/* policies.policyInformation.policyIdentifier */ 1057 1058 /* 1 2 840 113549 1 9 16 2 47 signingCertificateV2 */ 1059 CRYPT_CERTINFO_CMS_SIGNINGCERTIFICATEV2, 1060 CRYPT_CERTINFO_CMS_SIGNINGCERTV2_ESSCERTIDV2, /* certs.essCertID */ 1061 CRYPT_CERTINFO_CMS_SIGNINGCERTV2_POLICIES,/* policies.policyInformation.policyIdentifier */ 1062 1063 /* 1 2 840 113549 1 9 16 2 15 signaturePolicyID */ 1064 CRYPT_CERTINFO_CMS_SIGNATUREPOLICYID, 1065 CRYPT_CERTINFO_CMS_SIGPOLICYID, /* sigPolicyID */ 1066 CRYPT_CERTINFO_CMS_SIGPOLICYHASH, /* sigPolicyHash */ 1067 CRYPT_CERTINFO_CMS_SIGPOLICY_CPSURI, /* sigPolicyQualifiers.sigPolicyQualifier.cPSuri */ 1068 CRYPT_CERTINFO_CMS_SIGPOLICY_ORGANIZATION, 1069 /* sigPolicyQualifiers.sigPolicyQualifier.userNotice.noticeRef.organization */ 1070 CRYPT_CERTINFO_CMS_SIGPOLICY_NOTICENUMBERS, 1071 /* sigPolicyQualifiers.sigPolicyQualifier.userNotice.noticeRef.noticeNumbers */ 1072 CRYPT_CERTINFO_CMS_SIGPOLICY_EXPLICITTEXT, 1073 /* sigPolicyQualifiers.sigPolicyQualifier.userNotice.explicitText */ 1074 1075 /* 1 2 840 113549 1 9 16 9 signatureTypeIdentifier */ 1076 CRYPT_CERTINFO_CMS_SIGTYPEIDENTIFIER, 1077 CRYPT_CERTINFO_CMS_SIGTYPEID_ORIGINATORSIG, /* originatorSig */ 1078 CRYPT_CERTINFO_CMS_SIGTYPEID_DOMAINSIG, /* domainSig */ 1079 CRYPT_CERTINFO_CMS_SIGTYPEID_ADDITIONALATTRIBUTES, /* additionalAttributesSig */ 1080 CRYPT_CERTINFO_CMS_SIGTYPEID_REVIEWSIG, /* reviewSig */ 1081 1082 /* 1 2 840 113549 1 9 25 3 randomNonce */ 1083 CRYPT_CERTINFO_CMS_NONCE, /* randomNonce */ 1084 1085 /* SCEP attributes: 1086 2 16 840 1 113733 1 9 2 messageType 1087 2 16 840 1 113733 1 9 3 pkiStatus 1088 2 16 840 1 113733 1 9 4 failInfo 1089 2 16 840 1 113733 1 9 5 senderNonce 1090 2 16 840 1 113733 1 9 6 recipientNonce 1091 2 16 840 1 113733 1 9 7 transID */ 1092 CRYPT_CERTINFO_SCEP_MESSAGETYPE, /* messageType */ 1093 CRYPT_CERTINFO_SCEP_PKISTATUS, /* pkiStatus */ 1094 CRYPT_CERTINFO_SCEP_FAILINFO, /* failInfo */ 1095 CRYPT_CERTINFO_SCEP_SENDERNONCE, /* senderNonce */ 1096 CRYPT_CERTINFO_SCEP_RECIPIENTNONCE, /* recipientNonce */ 1097 CRYPT_CERTINFO_SCEP_TRANSACTIONID, /* transID */ 1098 1099 /* 1 3 6 1 4 1 311 2 1 10 spcAgencyInfo */ 1100 CRYPT_CERTINFO_CMS_SPCAGENCYINFO, 1101 CRYPT_CERTINFO_CMS_SPCAGENCYURL, /* spcAgencyInfo.url */ 1102 1103 /* 1 3 6 1 4 1 311 2 1 11 spcStatementType */ 1104 CRYPT_CERTINFO_CMS_SPCSTATEMENTTYPE, 1105 CRYPT_CERTINFO_CMS_SPCSTMT_INDIVIDUALCODESIGNING, /* individualCodeSigning */ 1106 CRYPT_CERTINFO_CMS_SPCSTMT_COMMERCIALCODESIGNING, /* commercialCodeSigning */ 1107 1108 /* 1 3 6 1 4 1 311 2 1 12 spcOpusInfo */ 1109 CRYPT_CERTINFO_CMS_SPCOPUSINFO, 1110 CRYPT_CERTINFO_CMS_SPCOPUSINFO_NAME, /* spcOpusInfo.name */ 1111 CRYPT_CERTINFO_CMS_SPCOPUSINFO_URL, /* spcOpusInfo.url */ 1112 1113 /* Used internally */ 1114 CRYPT_CERTINFO_LAST, CRYPT_KEYINFO_FIRST = 3000, 1115 1116 /*********************/ 1117 /* Keyset attributes */ 1118 /*********************/ 1119 1120 CRYPT_KEYINFO_QUERY, /* Keyset query */ 1121 CRYPT_KEYINFO_QUERY_REQUESTS, /* Query of requests in cert store */ 1122 1123 /* Used internally */ 1124 CRYPT_KEYINFO_LAST, CRYPT_DEVINFO_FIRST = 4000, 1125 1126 /*********************/ 1127 /* Device attributes */ 1128 /*********************/ 1129 1130 CRYPT_DEVINFO_INITIALISE, /* Initialise device for use */ 1131 CRYPT_DEVINFO_INITIALIZE = CRYPT_DEVINFO_INITIALISE, 1132 CRYPT_DEVINFO_AUTHENT_USER, /* Authenticate user to device */ 1133 CRYPT_DEVINFO_AUTHENT_SUPERVISOR, /* Authenticate supervisor to dev.*/ 1134 CRYPT_DEVINFO_SET_AUTHENT_USER, /* Set user authent.value */ 1135 CRYPT_DEVINFO_SET_AUTHENT_SUPERVISOR, /* Set supervisor auth.val.*/ 1136 CRYPT_DEVINFO_ZEROISE, /* Zeroise device */ 1137 CRYPT_DEVINFO_ZEROIZE = CRYPT_DEVINFO_ZEROISE, 1138 CRYPT_DEVINFO_LOGGEDIN, /* Whether user is logged in */ 1139 CRYPT_DEVINFO_LABEL, /* Device/token label */ 1140 1141 /* Used internally */ 1142 CRYPT_DEVINFO_LAST, CRYPT_ENVINFO_FIRST = 5000, 1143 1144 /***********************/ 1145 /* Envelope attributes */ 1146 /***********************/ 1147 1148 /* Pseudo-information on an envelope or meta-information which is used to 1149 control the way that data in an envelope is processed */ 1150 CRYPT_ENVINFO_DATASIZE, /* Data size information */ 1151 CRYPT_ENVINFO_COMPRESSION, /* Compression information */ 1152 CRYPT_ENVINFO_CONTENTTYPE, /* Inner CMS content type */ 1153 CRYPT_ENVINFO_DETACHEDSIGNATURE,/* Detached signature */ 1154 CRYPT_ENVINFO_SIGNATURE_RESULT, /* Signature check result */ 1155 CRYPT_ENVINFO_INTEGRITY, /* Integrity-protection level */ 1156 1157 /* Resources required for enveloping/deenveloping */ 1158 CRYPT_ENVINFO_PASSWORD, /* User password */ 1159 CRYPT_ENVINFO_KEY, /* Conventional encryption key */ 1160 CRYPT_ENVINFO_SIGNATURE, /* Signature/signature check key */ 1161 CRYPT_ENVINFO_SIGNATURE_EXTRADATA, /* Extra information added to CMS sigs */ 1162 CRYPT_ENVINFO_RECIPIENT, /* Recipient email address */ 1163 CRYPT_ENVINFO_PUBLICKEY, /* PKC encryption key */ 1164 CRYPT_ENVINFO_PRIVATEKEY, /* PKC decryption key */ 1165 CRYPT_ENVINFO_PRIVATEKEY_LABEL, /* Label of PKC decryption key */ 1166 CRYPT_ENVINFO_ORIGINATOR, /* Originator info/key */ 1167 CRYPT_ENVINFO_SESSIONKEY, /* Session key */ 1168 CRYPT_ENVINFO_HASH, /* Hash value */ 1169 CRYPT_ENVINFO_TIMESTAMP, /* Timestamp information */ 1170 1171 /* Keysets used to retrieve keys needed for enveloping/deenveloping */ 1172 CRYPT_ENVINFO_KEYSET_SIGCHECK, /* Signature check keyset */ 1173 CRYPT_ENVINFO_KEYSET_ENCRYPT, /* PKC encryption keyset */ 1174 CRYPT_ENVINFO_KEYSET_DECRYPT, /* PKC decryption keyset */ 1175 1176 /* Used internally */ 1177 CRYPT_ENVINFO_LAST, CRYPT_SESSINFO_FIRST = 6000, 1178 1179 /**********************/ 1180 /* Session attributes */ 1181 /**********************/ 1182 1183 /* Pseudo-information about the session */ 1184 CRYPT_SESSINFO_ACTIVE, /* Whether session is active */ 1185 CRYPT_SESSINFO_CONNECTIONACTIVE,/* Whether network connection is active */ 1186 1187 /* Security-related information */ 1188 CRYPT_SESSINFO_USERNAME, /* User name */ 1189 CRYPT_SESSINFO_PASSWORD, /* Password */ 1190 CRYPT_SESSINFO_PRIVATEKEY, /* Server/client private key */ 1191 CRYPT_SESSINFO_KEYSET, /* Certificate store */ 1192 CRYPT_SESSINFO_AUTHRESPONSE, /* Session authorisation OK */ 1193 1194 /* Client/server information */ 1195 CRYPT_SESSINFO_SERVER_NAME, /* Server name */ 1196 CRYPT_SESSINFO_SERVER_PORT, /* Server port number */ 1197 CRYPT_SESSINFO_SERVER_FINGERPRINT_SHA1,/* Server key fingerprint */ 1198 CRYPT_SESSINFO_CLIENT_NAME, /* Client name */ 1199 CRYPT_SESSINFO_CLIENT_PORT, /* Client port number */ 1200 CRYPT_SESSINFO_SESSION, /* Transport mechanism */ 1201 CRYPT_SESSINFO_NETWORKSOCKET, /* User-supplied network socket */ 1202 1203 /* Generic protocol-related information */ 1204 CRYPT_SESSINFO_VERSION, /* Protocol version */ 1205 CRYPT_SESSINFO_REQUEST, /* Cert.request object */ 1206 CRYPT_SESSINFO_RESPONSE, /* Cert.response object */ 1207 CRYPT_SESSINFO_CACERTIFICATE, /* Issuing CA certificate */ 1208 1209 /* Protocol-specific information */ 1210 CRYPT_SESSINFO_CMP_REQUESTTYPE, /* Request type */ 1211 CRYPT_SESSINFO_CMP_PRIVKEYSET, /* Private-key keyset */ 1212 CRYPT_SESSINFO_SSH_CHANNEL, /* SSH current channel */ 1213 CRYPT_SESSINFO_SSH_CHANNEL_TYPE,/* SSH channel type */ 1214 CRYPT_SESSINFO_SSH_CHANNEL_ARG1,/* SSH channel argument 1 */ 1215 CRYPT_SESSINFO_SSH_CHANNEL_ARG2,/* SSH channel argument 2 */ 1216 CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE,/* SSH channel active */ 1217 CRYPT_SESSINFO_SSL_OPTIONS, /* SSL/TLS protocol options */ 1218 CRYPT_SESSINFO_TSP_MSGIMPRINT, /* TSP message imprint */ 1219 1220 /* Used internally */ 1221 CRYPT_SESSINFO_LAST, CRYPT_USERINFO_FIRST = 7000, 1222 1223 /**********************/ 1224 /* User attributes */ 1225 /**********************/ 1226 1227 /* Security-related information */ 1228 CRYPT_USERINFO_PASSWORD, /* Password */ 1229 1230 /* User role-related information */ 1231 CRYPT_USERINFO_CAKEY_CERTSIGN, /* CA cert signing key */ 1232 CRYPT_USERINFO_CAKEY_CRLSIGN, /* CA CRL signing key */ 1233 CRYPT_USERINFO_CAKEY_RTCSSIGN, /* CA RTCS signing key */ 1234 CRYPT_USERINFO_CAKEY_OCSPSIGN, /* CA OCSP signing key */ 1235 1236 /* Used internally for range checking */ 1237 CRYPT_USERINFO_LAST, CRYPT_ATTRIBUTE_LAST = CRYPT_USERINFO_LAST 1238 1239 #ifdef _CRYPT_DEFINED 1240 /***********************/ 1241 /* Internal attributes */ 1242 /***********************/ 1243 1244 /* The following attributes are only visible internally and are protected 1245 from any external access by the kernel (and for good measure by checks 1246 in other places as well). The two attributes CRYPT_IATTRIBUTE_KEY_SPKI 1247 and CRYPT_IATTRIBUTE_SPKI are actually the same thing, the difference 1248 is that the former is write-only for contexts and the latter is read- 1249 only for certificates (the former is used when loading a context from 1250 a key contained in a device, where the actual key components aren't 1251 directly available in the context but may be needed in the future for 1252 things like cert requests). Because a single object can act as both a 1253 context and a cert, having two explicitly different attribute names 1254 makes things less confusing. In addition, some public-key attributes 1255 have _PARTIAL variants that load the public-key components but don't 1256 initialise the key/move the context into the high state. This is 1257 used for formats in which public and private-key components are loaded 1258 separately */ 1259 , CRYPT_IATTRIBUTE_FIRST = 8000, 1260 CRYPT_IATTRIBUTE_TYPE, /* Object type */ 1261 CRYPT_IATTRIBUTE_SUBTYPE, /* Object subtype */ 1262 CRYPT_IATTRIBUTE_STATUS, /* Object status */ 1263 CRYPT_IATTRIBUTE_INTERNAL, /* Object internal flag */ 1264 CRYPT_IATTRIBUTE_ACTIONPERMS, /* Object action permissions */ 1265 CRYPT_IATTRIBUTE_LOCKED, /* Object locked for exclusive use */ 1266 CRYPT_IATTRIBUTE_INITIALISED, /* Object inited (in high state) */ 1267 1268 /* Context internal attributes */ 1269 CRYPT_IATTRIBUTE_KEYSIZE, /* Key size (written to non-native ctxs) */ 1270 CRYPT_IATTRIBUTE_KEYFEATURES, /* Key feature info */ 1271 CRYPT_IATTRIBUTE_KEYID, /* Key ID */ 1272 CRYPT_IATTRIBUTE_KEYID_PGP2, /* PGP 2 key ID */ 1273 CRYPT_IATTRIBUTE_KEYID_OPENPGP, /* OpenPGP key ID */ 1274 CRYPT_IATTRIBUTE_KEY_SPKI, /* SubjectPublicKeyInfo */ 1275 CRYPT_IATTRIBUTE_KEY_PGP, /* PGP-format public key */ 1276 CRYPT_IATTRIBUTE_KEY_SSH, /* SSHv2-format public key */ 1277 CRYPT_IATTRIBUTE_KEY_SSL, /* SSL-format public key */ 1278 CRYPT_IATTRIBUTE_KEY_SPKI_PARTIAL,/* SubjectPublicKeyInfo w/o trigger */ 1279 CRYPT_IATTRIBUTE_KEY_PGP_PARTIAL,/* PGP public key w/o trigger */ 1280 CRYPT_IATTRIBUTE_KEY_DLPPARAM, /* DLP domain parameters */ 1281 CRYPT_IATTRIBUTE_KEY_ECCPARAM, /* ECC domain parameters */ 1282 CRYPT_IATTRIBUTE_PGPVALIDITY, /* PGP key validity */ 1283 CRYPT_IATTRIBUTE_DEVICEOBJECT, /* Device object handle */ 1284 CRYPT_IATTRIBUTE_DEVICESTORAGEID,/* Storage ID for data in device */ 1285 CRYPT_IATTRIBUTE_EXISTINGLABEL, /* Existing label for object in device */ 1286 CRYPT_IATTRIBUTE_KDFPARAMS, /* Opt.KDF params for generic-secret */ 1287 CRYPT_IATTRIBUTE_ENCPARAMS, /* Encryption params for generic-secret */ 1288 CRYPT_IATTRIBUTE_MACPARAMS, /* MAC params for generic-secret */ 1289 CRYPT_IATTRIBUTE_AAD, /* AAD for authenticated-encr.modes */ 1290 CRYPT_IATTRIBUTE_ICV, /* ICV for authenticated-encr.modes */ 1291 1292 /* Certificate internal attributes */ 1293 CRYPT_IATTRIBUTE_SUBJECT, /* SubjectName */ 1294 CRYPT_IATTRIBUTE_ISSUER, /* IssuerName */ 1295 CRYPT_IATTRIBUTE_ISSUERANDSERIALNUMBER, /* IssuerAndSerial */ 1296 CRYPT_IATTRIBUTE_HOLDERNAME, /* Best approximation to cert.owner name */ 1297 CRYPT_IATTRIBUTE_HOLDERURI, /* Best approximation to cert.owner URI */ 1298 CRYPT_IATTRIBUTE_SPKI, /* Encoded SubjectPublicKeyInfo */ 1299 CRYPT_IATTRIBUTE_CERTKEYALGO, /* PKC algo.used for certificate */ 1300 CRYPT_IATTRIBUTE_CERTHASHALGO, /* Hash algo.used for certificate */ 1301 CRYPT_IATTRIBUTE_CERTCOLLECTION,/* Certs added to cert chain */ 1302 CRYPT_IATTRIBUTE_CRLENTRY, /* Individual entry from CRL */ 1303 CRYPT_IATTRIBUTE_RESPONDERURL, /* RTCS/OCSP responder name */ 1304 CRYPT_IATTRIBUTE_RTCSREQUEST, /* RTCS req.info added to RTCS resp.*/ 1305 CRYPT_IATTRIBUTE_OCSPREQUEST, /* OCSP req.info added to OCSP resp.*/ 1306 CRYPT_IATTRIBUTE_REVREQUEST, /* CRMF rev.request added to CRL */ 1307 CRYPT_IATTRIBUTE_PKIUSERINFO, /* Additional user info added to cert.req.*/ 1308 CRYPT_IATTRIBUTE_BLOCKEDATTRS, /* Template of disallowed attrs.in cert */ 1309 CRYPT_IATTRIBUTE_REQFROMRA, /* Cert request came from RA */ 1310 CRYPT_IATTRIBUTE_AUTHCERTID, /* Authorising cert ID for a cert/rev.req.*/ 1311 CRYPT_IATTRIBUTE_ESSCERTID, /* ESSCertID */ 1312 CRYPT_IATTRIBUTE_CERTCOPY, /* Copy of cert object */ 1313 CRYPT_IATTRIBUTE_CERTCOPY_DATAONLY, /* Copy of cert object as data-only cert */ 1314 1315 /* Device internal attributes */ 1316 CRYPT_IATTRIBUTE_ENTROPY, /* Polled entropy data */ 1317 CRYPT_IATTRIBUTE_ENTROPY_QUALITY,/* Quality of entropy data */ 1318 CRYPT_IATTRIBUTE_RANDOM_POLL, /* Slow/fast entropy poll */ 1319 CRYPT_IATTRIBUTE_RANDOM_LOPICKET,/* Low picket for random data attrs.*/ 1320 CRYPT_IATTRIBUTE_RANDOM, /* Random data */ 1321 CRYPT_IATTRIBUTE_RANDOM_NZ, /* Nonzero random data */ 1322 CRYPT_IATTRIBUTE_RANDOM_HIPICKET,/* High picket for random data attrs.*/ 1323 CRYPT_IATTRIBUTE_RANDOM_NONCE, /* Basic nonce */ 1324 CRYPT_IATTRIBUTE_TIME, /* Reliable (hardware-based) time value */ 1325 1326 /* Envelope internal attributes */ 1327 CRYPT_IATTRIBUTE_INCLUDESIGCERT,/* Whether to include signing cert(s) */ 1328 CRYPT_IATTRIBUTE_ATTRONLY, /* Signed data contains only CMS attrs.*/ 1329 1330 /* Keyset internal attributes */ 1331 CRYPT_IATTRIBUTE_CONFIGDATA, /* Config information */ 1332 CRYPT_IATTRIBUTE_USERINDEX, /* Index of users */ 1333 CRYPT_IATTRIBUTE_USERID, /* User ID */ 1334 CRYPT_IATTRIBUTE_USERINFO, /* User information */ 1335 CRYPT_IATTRIBUTE_TRUSTEDCERT, /* First trusted cert */ 1336 CRYPT_IATTRIBUTE_TRUSTEDCERT_NEXT, /* Successive trusted certs */ 1337 CRYPT_IATTRIBUTE_HWSTORAGE, /* Associated device for priv.key data */ 1338 1339 /* Session internal attributes */ 1340 CRYPT_IATTRIBUTE_ENC_TIMESTAMP, /* Encoded TSA timestamp */ 1341 1342 /* User internal attributes */ 1343 CRYPT_IATTRUBUTE_CERTKEYSET, /* Keyset to send trusted certs to */ 1344 CRYPT_IATTRIBUTE_CTL, /* Cert.trust list */ 1345 CRYPT_IATTRIBUTE_LAST, 1346 1347 /* Subrange values used internally for range checking */ 1348 CRYPT_CERTINFO_FIRST_CERTINFO = CRYPT_CERTINFO_FIRST + 1, 1349 CRYPT_CERTINFO_LAST_CERTINFO = CRYPT_CERTINFO_PKIUSER_RA, 1350 CRYPT_CERTINFO_FIRST_PSEUDOINFO = CRYPT_CERTINFO_SELFSIGNED, 1351 CRYPT_CERTINFO_LAST_PSEUDOINFO = CRYPT_CERTINFO_SIGNATURELEVEL, 1352 CRYPT_CERTINFO_FIRST_NAME = CRYPT_CERTINFO_COUNTRYNAME, 1353 CRYPT_CERTINFO_LAST_NAME = CRYPT_CERTINFO_REGISTEREDID, 1354 CRYPT_CERTINFO_FIRST_DN = CRYPT_CERTINFO_COUNTRYNAME, 1355 CRYPT_CERTINFO_LAST_DN = CRYPT_CERTINFO_COMMONNAME, 1356 CRYPT_CERTINFO_FIRST_GENERALNAME = CRYPT_CERTINFO_OTHERNAME_TYPEID, 1357 CRYPT_CERTINFO_LAST_GENERALNAME = CRYPT_CERTINFO_REGISTEREDID, 1358 CRYPT_CERTINFO_FIRST_EXTENSION = CRYPT_CERTINFO_CHALLENGEPASSWORD, 1359 CRYPT_CERTINFO_LAST_EXTENSION = CRYPT_CERTINFO_SET_TUNNELINGALGID, 1360 CRYPT_CERTINFO_FIRST_CMS = CRYPT_CERTINFO_CMS_CONTENTTYPE, 1361 CRYPT_CERTINFO_LAST_CMS = CRYPT_CERTINFO_LAST - 1, 1362 CRYPT_SESSINFO_FIRST_SPECIFIC = CRYPT_SESSINFO_REQUEST, 1363 CRYPT_SESSINFO_LAST_SPECIFIC = CRYPT_SESSINFO_TSP_MSGIMPRINT 1364 1365 /* Point at which private-use values start. Attribute values sometimes 1366 need to be extended with additional pseudo-values in object-specific 1367 cases, for example the certificate-management code extends the 1368 explicit certificate attributes with additional implicit values used 1369 internally to handle certificates. In order to allow for these 1370 additional values we place them beyond the private-use value below */ 1371 , CRYPT_XATTRIBUTE_PRIVATE = 10000 1372 1373 /* Pseudo-value to make attributes have the same size as integers on 1374 compilers that use variable-size enums. This is required in order 1375 to make kernel ACL management easier, see the comments with the 1376 pseudo-ACLs in acl.h for details */ 1377 , CRYPT_XATTRIBUTE_MAX = INT_MAX - 100 1378 #endif /* _CRYPT_DEFINED */ 1379 } CRYPT_ATTRIBUTE_TYPE; 1380 1381 /**************************************************************************** 1382 * * 1383 * Attribute Subtypes and Related Values * 1384 * * 1385 ****************************************************************************/ 1386 1387 /* Flags for the X.509 keyUsage extension */ 1388 1389 #define CRYPT_KEYUSAGE_NONE 0x000 1390 #define CRYPT_KEYUSAGE_DIGITALSIGNATURE 0x001 1391 #define CRYPT_KEYUSAGE_NONREPUDIATION 0x002 1392 #define CRYPT_KEYUSAGE_KEYENCIPHERMENT 0x004 1393 #define CRYPT_KEYUSAGE_DATAENCIPHERMENT 0x008 1394 #define CRYPT_KEYUSAGE_KEYAGREEMENT 0x010 1395 #define CRYPT_KEYUSAGE_KEYCERTSIGN 0x020 1396 #define CRYPT_KEYUSAGE_CRLSIGN 0x040 1397 #define CRYPT_KEYUSAGE_ENCIPHERONLY 0x080 1398 #define CRYPT_KEYUSAGE_DECIPHERONLY 0x100 1399 #define CRYPT_KEYUSAGE_LAST 0x200 /* Last possible value */ 1400 #ifdef _CRYPT_DEFINED 1401 #define CRYPT_KEYUSAGE_FLAG_NONE 0x000 /* Defines for range checking */ 1402 #define CRYPT_KEYUSAGE_FLAG_MAX 0x1FF 1403 #endif /* _CRYPT_DEFINED */ 1404 1405 /* X.509 cRLReason and cryptlib cRLExtReason codes */ 1406 1407 enum { CRYPT_CRLREASON_UNSPECIFIED, CRYPT_CRLREASON_KEYCOMPROMISE, 1408 CRYPT_CRLREASON_CACOMPROMISE, CRYPT_CRLREASON_AFFILIATIONCHANGED, 1409 CRYPT_CRLREASON_SUPERSEDED, CRYPT_CRLREASON_CESSATIONOFOPERATION, 1410 CRYPT_CRLREASON_CERTIFICATEHOLD, CRYPT_CRLREASON_REMOVEFROMCRL = 8, 1411 CRYPT_CRLREASON_PRIVILEGEWITHDRAWN, CRYPT_CRLREASON_AACOMPROMISE, 1412 CRYPT_CRLREASON_LAST, /* End of standard CRL reasons */ 1413 CRYPT_CRLREASON_NEVERVALID = 20, CRYPT_CRLEXTREASON_LAST }; 1414 1415 /* X.509 CRL reason flags. These identify the same thing as the cRLReason 1416 codes but allow for multiple reasons to be specified. Note that these 1417 don't follow the X.509 naming since in that scheme the enumerated types 1418 and bitflags have the same names */ 1419 1420 #define CRYPT_CRLREASONFLAG_UNUSED 0x001 1421 #define CRYPT_CRLREASONFLAG_KEYCOMPROMISE 0x002 1422 #define CRYPT_CRLREASONFLAG_CACOMPROMISE 0x004 1423 #define CRYPT_CRLREASONFLAG_AFFILIATIONCHANGED 0x008 1424 #define CRYPT_CRLREASONFLAG_SUPERSEDED 0x010 1425 #define CRYPT_CRLREASONFLAG_CESSATIONOFOPERATION 0x020 1426 #define CRYPT_CRLREASONFLAG_CERTIFICATEHOLD 0x040 1427 #define CRYPT_CRLREASONFLAG_LAST 0x080 /* Last poss.value */ 1428 1429 /* X.509 CRL holdInstruction codes */ 1430 1431 enum { CRYPT_HOLDINSTRUCTION_NONE, CRYPT_HOLDINSTRUCTION_CALLISSUER, 1432 CRYPT_HOLDINSTRUCTION_REJECT, CRYPT_HOLDINSTRUCTION_PICKUPTOKEN, 1433 CRYPT_HOLDINSTRUCTION_LAST }; 1434 1435 /* Certificate checking compliance levels */ 1436 1437 enum { CRYPT_COMPLIANCELEVEL_OBLIVIOUS, CRYPT_COMPLIANCELEVEL_REDUCED, 1438 CRYPT_COMPLIANCELEVEL_STANDARD, CRYPT_COMPLIANCELEVEL_PKIX_PARTIAL, 1439 CRYPT_COMPLIANCELEVEL_PKIX_FULL, CRYPT_COMPLIANCELEVEL_LAST }; 1440 1441 /* Flags for the Netscape netscape-cert-type extension */ 1442 1443 #define CRYPT_NS_CERTTYPE_SSLCLIENT 0x001 1444 #define CRYPT_NS_CERTTYPE_SSLSERVER 0x002 1445 #define CRYPT_NS_CERTTYPE_SMIME 0x004 1446 #define CRYPT_NS_CERTTYPE_OBJECTSIGNING 0x008 1447 #define CRYPT_NS_CERTTYPE_RESERVED 0x010 1448 #define CRYPT_NS_CERTTYPE_SSLCA 0x020 1449 #define CRYPT_NS_CERTTYPE_SMIMECA 0x040 1450 #define CRYPT_NS_CERTTYPE_OBJECTSIGNINGCA 0x080 1451 #define CRYPT_NS_CERTTYPE_LAST 0x100 /* Last possible value */ 1452 1453 /* Flags for the SET certificate-type extension */ 1454 1455 #define CRYPT_SET_CERTTYPE_CARD 0x001 1456 #define CRYPT_SET_CERTTYPE_MER 0x002 1457 #define CRYPT_SET_CERTTYPE_PGWY 0x004 1458 #define CRYPT_SET_CERTTYPE_CCA 0x008 1459 #define CRYPT_SET_CERTTYPE_MCA 0x010 1460 #define CRYPT_SET_CERTTYPE_PCA 0x020 1461 #define CRYPT_SET_CERTTYPE_GCA 0x040 1462 #define CRYPT_SET_CERTTYPE_BCA 0x080 1463 #define CRYPT_SET_CERTTYPE_RCA 0x100 1464 #define CRYPT_SET_CERTTYPE_ACQ 0x200 1465 #define CRYPT_SET_CERTTYPE_LAST 0x400 /* Last possible value */ 1466 1467 /* CMS contentType values */ 1468 1469 typedef enum { CRYPT_CONTENT_NONE, CRYPT_CONTENT_DATA, 1470 CRYPT_CONTENT_SIGNEDDATA, CRYPT_CONTENT_ENVELOPEDDATA, 1471 CRYPT_CONTENT_SIGNEDANDENVELOPEDDATA, 1472 CRYPT_CONTENT_DIGESTEDDATA, CRYPT_CONTENT_ENCRYPTEDDATA, 1473 CRYPT_CONTENT_COMPRESSEDDATA, CRYPT_CONTENT_AUTHDATA, 1474 CRYPT_CONTENT_AUTHENVDATA, CRYPT_CONTENT_TSTINFO, 1475 CRYPT_CONTENT_SPCINDIRECTDATACONTEXT, 1476 CRYPT_CONTENT_RTCSREQUEST, CRYPT_CONTENT_RTCSRESPONSE, 1477 CRYPT_CONTENT_RTCSRESPONSE_EXT, CRYPT_CONTENT_MRTD, 1478 CRYPT_CONTENT_LAST 1479 } CRYPT_CONTENT_TYPE; 1480 1481 /* ESS securityClassification codes */ 1482 1483 enum { CRYPT_CLASSIFICATION_UNMARKED, CRYPT_CLASSIFICATION_UNCLASSIFIED, 1484 CRYPT_CLASSIFICATION_RESTRICTED, CRYPT_CLASSIFICATION_CONFIDENTIAL, 1485 CRYPT_CLASSIFICATION_SECRET, CRYPT_CLASSIFICATION_TOP_SECRET, 1486 CRYPT_CLASSIFICATION_LAST = 255 }; 1487 1488 /* RTCS certificate status */ 1489 1490 enum { CRYPT_CERTSTATUS_VALID, CRYPT_CERTSTATUS_NOTVALID, 1491 CRYPT_CERTSTATUS_NONAUTHORITATIVE, CRYPT_CERTSTATUS_UNKNOWN }; 1492 1493 /* OCSP revocation status */ 1494 1495 enum { CRYPT_OCSPSTATUS_NOTREVOKED, CRYPT_OCSPSTATUS_REVOKED, 1496 CRYPT_OCSPSTATUS_UNKNOWN }; 1497 1498 /* The amount of detail to include in signatures when signing certificate 1499 objects */ 1500 1501 typedef enum { 1502 CRYPT_SIGNATURELEVEL_NONE, /* Include only signature */ 1503 CRYPT_SIGNATURELEVEL_SIGNERCERT,/* Include signer cert */ 1504 CRYPT_SIGNATURELEVEL_ALL, /* Include all relevant info */ 1505 CRYPT_SIGNATURELEVEL_LAST /* Last possible sig.level type */ 1506 } CRYPT_SIGNATURELEVEL_TYPE; 1507 1508 /* The level of integrity protection to apply to enveloped data. The 1509 default envelope protection for an envelope with keying information 1510 applied is encryption, this can be modified to use MAC-only protection 1511 (with no encryption) or hybrid encryption + authentication */ 1512 1513 typedef enum { 1514 CRYPT_INTEGRITY_NONE, /* No integrity protection */ 1515 CRYPT_INTEGRITY_MACONLY, /* MAC only, no encryption */ 1516 CRYPT_INTEGRITY_FULL /* Encryption + ingerity protection */ 1517 } CRYPT_INTEGRITY_TYPE; 1518 1519 /* The certificate export format type, which defines the format in which a 1520 certificate object is exported */ 1521 1522 typedef enum { 1523 CRYPT_CERTFORMAT_NONE, /* No certificate format */ 1524 CRYPT_CERTFORMAT_CERTIFICATE, /* DER-encoded certificate */ 1525 CRYPT_CERTFORMAT_CERTCHAIN, /* PKCS #7 certificate chain */ 1526 CRYPT_CERTFORMAT_TEXT_CERTIFICATE, /* base-64 wrapped cert */ 1527 CRYPT_CERTFORMAT_TEXT_CERTCHAIN, /* base-64 wrapped cert chain */ 1528 CRYPT_CERTFORMAT_XML_CERTIFICATE, /* XML wrapped cert */ 1529 CRYPT_CERTFORMAT_XML_CERTCHAIN, /* XML wrapped cert chain */ 1530 #ifdef _CRYPT_DEFINED 1531 CRYPT_ICERTFORMAT_CERTSET, /* SET OF Certificate */ 1532 CRYPT_ICERTFORMAT_CERTSEQUENCE, /* SEQUENCE OF Certificate */ 1533 CRYPT_ICERTFORMAT_SSL_CERTCHAIN,/* SSL certificate chain */ 1534 CRYPT_ICERTFORMAT_DATA, /* Non-signed object data */ 1535 CRYPT_ICERTFORMAT_SMIME_CERTIFICATE,/* S/MIME cert.request or cert chain */ 1536 /* Used as an internal format specifier when the format is 1537 autodetected to tell the base64 decoding code to strip MIME 1538 headers before the base64 data */ 1539 #endif /* _CRYPT_DEFINED */ 1540 CRYPT_CERTFORMAT_LAST /* Last possible cert.format type */ 1541 #ifdef _CRYPT_DEFINED 1542 , CRYPT_CERTFORMAT_LAST_EXTERNAL = CRYPT_CERTFORMAT_XML_CERTCHAIN + 1 1543 #endif /* _CRYPT_DEFINED */ 1544 } CRYPT_CERTFORMAT_TYPE; 1545 1546 /* CMP request types */ 1547 1548 typedef enum { 1549 CRYPT_REQUESTTYPE_NONE, /* No request type */ 1550 CRYPT_REQUESTTYPE_INITIALISATION, /* Initialisation request */ 1551 CRYPT_REQUESTTYPE_INITIALIZATION = CRYPT_REQUESTTYPE_INITIALISATION, 1552 CRYPT_REQUESTTYPE_CERTIFICATE, /* Certification request */ 1553 CRYPT_REQUESTTYPE_KEYUPDATE, /* Key update request */ 1554 CRYPT_REQUESTTYPE_REVOCATION, /* Cert revocation request */ 1555 CRYPT_REQUESTTYPE_PKIBOOT, /* PKIBoot request */ 1556 CRYPT_REQUESTTYPE_LAST /* Last possible request type */ 1557 } CRYPT_REQUESTTYPE_TYPE; 1558 1559 /* Key ID types */ 1560 1561 typedef enum { 1562 CRYPT_KEYID_NONE, /* No key ID type */ 1563 CRYPT_KEYID_NAME, /* Key owner name */ 1564 CRYPT_KEYID_URI, /* Key owner URI */ 1565 CRYPT_KEYID_EMAIL = CRYPT_KEYID_URI, /* Synonym: owner email addr.*/ 1566 #ifdef _CRYPT_DEFINED 1567 /* Internal key ID types */ 1568 CRYPT_IKEYID_KEYID, /* SubjectKeyIdentifier/internal ID */ 1569 CRYPT_IKEYID_PGPKEYID, /* PGP/OpenPGP key ID */ 1570 CRYPT_IKEYID_CERTID, /* Certificate hash */ 1571 CRYPT_IKEYID_SUBJECTID, /* Hashed subjectName */ 1572 CRYPT_IKEYID_ISSUERID, /* Hashed issuerAndSerialNumber */ 1573 CRYPT_IKEYID_ISSUERANDSERIALNUMBER, /* issuerAndSerialNumber */ 1574 #endif /* _CRYPT_DEFINED */ 1575 CRYPT_KEYID_LAST /* Last possible key ID type */ 1576 #ifdef _CRYPT_DEFINED 1577 , CRYPT_KEYID_LAST_EXTERNAL = CRYPT_KEYID_URI + 1/* Last external key ID */ 1578 #endif /* _CRYPT_DEFINED */ 1579 } CRYPT_KEYID_TYPE; 1580 1581 /* The encryption object types */ 1582 1583 typedef enum { 1584 CRYPT_OBJECT_NONE, /* No object type */ 1585 CRYPT_OBJECT_ENCRYPTED_KEY, /* Conventionally encrypted key */ 1586 CRYPT_OBJECT_PKCENCRYPTED_KEY, /* PKC-encrypted key */ 1587 CRYPT_OBJECT_KEYAGREEMENT, /* Key agreement information */ 1588 CRYPT_OBJECT_SIGNATURE, /* Signature */ 1589 CRYPT_OBJECT_LAST /* Last possible object type */ 1590 } CRYPT_OBJECT_TYPE; 1591 1592 /* Object/attribute error type information */ 1593 1594 typedef enum { 1595 CRYPT_ERRTYPE_NONE, /* No error information */ 1596 CRYPT_ERRTYPE_ATTR_SIZE, /* Attribute data too small or large */ 1597 CRYPT_ERRTYPE_ATTR_VALUE, /* Attribute value is invalid */ 1598 CRYPT_ERRTYPE_ATTR_ABSENT, /* Required attribute missing */ 1599 CRYPT_ERRTYPE_ATTR_PRESENT, /* Non-allowed attribute present */ 1600 CRYPT_ERRTYPE_CONSTRAINT, /* Cert: Constraint violation in object */ 1601 CRYPT_ERRTYPE_ISSUERCONSTRAINT, /* Cert: Constraint viol.in issuing cert */ 1602 CRYPT_ERRTYPE_LAST /* Last possible error info type */ 1603 } CRYPT_ERRTYPE_TYPE; 1604 1605 /* Cert store management action type */ 1606 1607 typedef enum { 1608 CRYPT_CERTACTION_NONE, /* No cert management action */ 1609 CRYPT_CERTACTION_CREATE, /* Create cert store */ 1610 CRYPT_CERTACTION_CONNECT, /* Connect to cert store */ 1611 CRYPT_CERTACTION_DISCONNECT, /* Disconnect from cert store */ 1612 CRYPT_CERTACTION_ERROR, /* Error information */ 1613 CRYPT_CERTACTION_ADDUSER, /* Add PKI user */ 1614 CRYPT_CERTACTION_DELETEUSER, /* Delete PKI user */ 1615 CRYPT_CERTACTION_REQUEST_CERT, /* Cert request */ 1616 CRYPT_CERTACTION_REQUEST_RENEWAL,/* Cert renewal request */ 1617 CRYPT_CERTACTION_REQUEST_REVOCATION,/* Cert revocation request */ 1618 CRYPT_CERTACTION_CERT_CREATION, /* Cert creation */ 1619 CRYPT_CERTACTION_CERT_CREATION_COMPLETE,/* Confirmation of cert creation */ 1620 CRYPT_CERTACTION_CERT_CREATION_DROP, /* Cancellation of cert creation */ 1621 CRYPT_CERTACTION_CERT_CREATION_REVERSE, /* Cancel of creation w.revocation */ 1622 CRYPT_CERTACTION_RESTART_CLEANUP, /* Delete reqs after restart */ 1623 CRYPT_CERTACTION_RESTART_REVOKE_CERT, /* Complete revocation after restart */ 1624 CRYPT_CERTACTION_ISSUE_CERT, /* Cert issue */ 1625 CRYPT_CERTACTION_ISSUE_CRL, /* CRL issue */ 1626 CRYPT_CERTACTION_REVOKE_CERT, /* Cert revocation */ 1627 CRYPT_CERTACTION_EXPIRE_CERT, /* Cert expiry */ 1628 CRYPT_CERTACTION_CLEANUP, /* Clean up on restart */ 1629 CRYPT_CERTACTION_LAST /* Last possible cert store log action */ 1630 #ifdef _CRYPT_DEFINED 1631 /* User-settable action types for cert mgmt.actions */ 1632 , CRYPT_CERTACTION_FIRST_USER = CRYPT_CERTACTION_ISSUE_CERT, 1633 CRYPT_CERTACTION_LAST_USER = CRYPT_CERTACTION_CLEANUP 1634 #endif /* _CRYPT_DEFINED */ 1635 } CRYPT_CERTACTION_TYPE; 1636 1637 /* SSL/TLS protocol options. CRYPT_SSLOPTION_MINVER_SSLV3 is the same as 1638 CRYPT_SSLOPTION_NONE since this is the baseline, although it's generally 1639 never encountered since SSLv3 is disabled */ 1640 1641 #define CRYPT_SSLOPTION_NONE 0x000 1642 #define CRYPT_SSLOPTION_MINVER_SSLV3 0x000 /* Min.protocol version */ 1643 #define CRYPT_SSLOPTION_MINVER_TLS10 0x001 1644 #define CRYPT_SSLOPTION_MINVER_TLS11 0x002 1645 #define CRYPT_SSLOPTION_MINVER_TLS12 0x003 1646 #define CRYPT_SSLOPTION_MINVER_TLS13 0x004 1647 #define CRYPT_SSLOPTION_MANUAL_CERTCHECK 0x008 /* Require manual cert.verif.*/ 1648 #define CRYPT_SSLOPTION_DISABLE_NAMEVERIFY 0x010 /* Disable cert hostname check */ 1649 #define CRYPT_SSLOPTION_DISABLE_CERTVERIFY 0x020 /* Disable certificate check */ 1650 #define CRYPT_SSLOPTION_SUITEB_128 0x100 /* SuiteB security levels (may */ 1651 #define CRYPT_SSLOPTION_SUITEB_256 0x200 /* vanish in future releases) */ 1652 #ifdef _CRYPT_DEFINED 1653 #define CRYPT_SSLOPTION_MAX 0x7F /* Defines for range checking */ 1654 #endif /* _CRYPT_DEFINED */ 1655 1656 /**************************************************************************** 1657 * * 1658 * General Constants * 1659 * * 1660 ****************************************************************************/ 1661 1662 /* The maximum user key size - 2048 bits */ 1663 1664 #define CRYPT_MAX_KEYSIZE 256 1665 1666 /* The maximum IV/cipher block size - 256 bits */ 1667 1668 #define CRYPT_MAX_IVSIZE 32 1669 1670 /* The maximum public-key component size - 4096 bits, and maximum component 1671 size for ECCs - 576 bits (to handle the P521 curve) */ 1672 1673 #define CRYPT_MAX_PKCSIZE 512 1674 #define CRYPT_MAX_PKCSIZE_ECC 72 1675 1676 /* The maximum hash size - 512 bits. Before 3.4 this was 256 bits, in the 1677 3.4 release it was increased to 512 bits to accommodate SHA-3 */ 1678 1679 #define CRYPT_MAX_HASHSIZE 64 1680 1681 /* The maximum size of a text string (e.g.key owner name) */ 1682 1683 #define CRYPT_MAX_TEXTSIZE 64 1684 1685 /* A magic value indicating that the default setting for this parameter 1686 should be used. The parentheses are to catch potential erroneous use 1687 in an expression */ 1688 1689 #define CRYPT_USE_DEFAULT ( -100 ) 1690 1691 /* A magic value for unused parameters */ 1692 1693 #define CRYPT_UNUSED ( -101 ) 1694 1695 /* Cursor positioning codes for certificate/CRL extensions. The parentheses 1696 are to catch potential erroneous use in an expression */ 1697 1698 #define CRYPT_CURSOR_FIRST ( -200 ) 1699 #define CRYPT_CURSOR_PREVIOUS ( -201 ) 1700 #define CRYPT_CURSOR_NEXT ( -202 ) 1701 #define CRYPT_CURSOR_LAST ( -203 ) 1702 1703 /* The type of information polling to perform to get random seed 1704 information. These values have to be negative because they're used 1705 as magic length values for cryptAddRandom(). The parentheses are to 1706 catch potential erroneous use in an expression */ 1707 1708 #define CRYPT_RANDOM_FASTPOLL ( -300 ) 1709 #define CRYPT_RANDOM_SLOWPOLL ( -301 ) 1710 1711 /* Whether the PKC key is a public or private key */ 1712 1713 #define CRYPT_KEYTYPE_PRIVATE 0 1714 #define CRYPT_KEYTYPE_PUBLIC 1 1715 1716 /* Keyset open options */ 1717 1718 typedef enum { 1719 CRYPT_KEYOPT_NONE, /* No options */ 1720 CRYPT_KEYOPT_READONLY, /* Open keyset in read-only mode */ 1721 CRYPT_KEYOPT_CREATE, /* Create a new keyset */ 1722 #ifdef _CRYPT_DEFINED 1723 /* Internal keyset options */ 1724 CRYPT_IKEYOPT_EXCLUSIVEACCESS, /* As _NONE but open for exclusive access */ 1725 #endif /* _CRYPT_DEFINED */ 1726 CRYPT_KEYOPT_LAST /* Last possible key option type */ 1727 #ifdef _CRYPT_DEFINED 1728 , CRYPT_KEYOPT_LAST_EXTERNAL = CRYPT_KEYOPT_CREATE + 1 1729 /* Last external keyset option */ 1730 #endif /* _CRYPT_DEFINED */ 1731 } CRYPT_KEYOPT_TYPE; 1732 1733 /* The various cryptlib objects - these are just integer handles */ 1734 1735 typedef int CRYPT_CERTIFICATE; 1736 typedef int CRYPT_CONTEXT; 1737 typedef int CRYPT_DEVICE; 1738 typedef int CRYPT_ENVELOPE; 1739 typedef int CRYPT_KEYSET; 1740 typedef int CRYPT_SESSION; 1741 typedef int CRYPT_USER; 1742 1743 /* Sometimes we don't know the exact type of a cryptlib object, so we use a 1744 generic handle type to identify it */ 1745 1746 typedef int CRYPT_HANDLE; 1747 1748 /**************************************************************************** 1749 * * 1750 * Encryption Data Structures * 1751 * * 1752 ****************************************************************************/ 1753 1754 /* Results returned from the capability query */ 1755 1756 typedef struct { 1757 /* Algorithm information */ 1758 C_CHR algoName[ CRYPT_MAX_TEXTSIZE ];/* Algorithm name */ 1759 int blockSize; /* Block size of the algorithm */ 1760 int minKeySize; /* Minimum key size in bytes */ 1761 int keySize; /* Recommended key size in bytes */ 1762 int maxKeySize; /* Maximum key size in bytes */ 1763 } CRYPT_QUERY_INFO; 1764 1765 /* Results returned from the encoded object query. These provide 1766 information on the objects created by cryptExportKey()/ 1767 cryptCreateSignature() */ 1768 1769 typedef struct { 1770 /* The object type */ 1771 CRYPT_OBJECT_TYPE objectType; 1772 1773 /* The encryption algorithm and mode */ 1774 CRYPT_ALGO_TYPE cryptAlgo; 1775 CRYPT_MODE_TYPE cryptMode; 1776 1777 /* The hash algorithm for Signature objects */ 1778 CRYPT_ALGO_TYPE hashAlgo; 1779 1780 /* The salt for derived keys */ 1781 unsigned char salt[ CRYPT_MAX_HASHSIZE ]; 1782 int saltSize; 1783 } CRYPT_OBJECT_INFO; 1784 1785 /* Key information for the public-key encryption algorithms. These fields 1786 are not accessed directly, but can be manipulated with the init/set/ 1787 destroyComponents() macros */ 1788 1789 typedef struct { 1790 /* Status information */ 1791 int isPublicKey; /* Whether this is a public or private key */ 1792 1793 /* Public components */ 1794 unsigned char n[ CRYPT_MAX_PKCSIZE ]; /* Modulus */ 1795 int nLen; /* Length of modulus in bits */ 1796 unsigned char e[ CRYPT_MAX_PKCSIZE ]; /* Public exponent */ 1797 int eLen; /* Length of public exponent in bits */ 1798 1799 /* Private components */ 1800 unsigned char d[ CRYPT_MAX_PKCSIZE ]; /* Private exponent */ 1801 int dLen; /* Length of private exponent in bits */ 1802 unsigned char p[ CRYPT_MAX_PKCSIZE ]; /* Prime factor 1 */ 1803 int pLen; /* Length of prime factor 1 in bits */ 1804 unsigned char q[ CRYPT_MAX_PKCSIZE ]; /* Prime factor 2 */ 1805 int qLen; /* Length of prime factor 2 in bits */ 1806 unsigned char u[ CRYPT_MAX_PKCSIZE ]; /* Mult.inverse of q, mod p */ 1807 int uLen; /* Length of private exponent in bits */ 1808 unsigned char e1[ CRYPT_MAX_PKCSIZE ]; /* Private exponent 1 (PKCS) */ 1809 int e1Len; /* Length of private exponent in bits */ 1810 unsigned char e2[ CRYPT_MAX_PKCSIZE ]; /* Private exponent 2 (PKCS) */ 1811 int e2Len; /* Length of private exponent in bits */ 1812 } CRYPT_PKCINFO_RSA; 1813 1814 typedef struct { 1815 /* Status information */ 1816 int isPublicKey; /* Whether this is a public or private key */ 1817 1818 /* Public components */ 1819 unsigned char p[ CRYPT_MAX_PKCSIZE ]; /* Prime modulus */ 1820 int pLen; /* Length of prime modulus in bits */ 1821 unsigned char q[ CRYPT_MAX_PKCSIZE ]; /* Prime divisor */ 1822 int qLen; /* Length of prime divisor in bits */ 1823 unsigned char g[ CRYPT_MAX_PKCSIZE ]; /* h^( ( p - 1 ) / q ) mod p */ 1824 int gLen; /* Length of g in bits */ 1825 unsigned char y[ CRYPT_MAX_PKCSIZE ]; /* Public random integer */ 1826 int yLen; /* Length of public integer in bits */ 1827 1828 /* Private components */ 1829 unsigned char x[ CRYPT_MAX_PKCSIZE ]; /* Private random integer */ 1830 int xLen; /* Length of private integer in bits */ 1831 } CRYPT_PKCINFO_DLP; 1832 1833 typedef enum { 1834 /* Named ECC curves. Since these need to be mapped to all manner of 1835 protocol- and mechanism-specific identifiers, when updating this list 1836 grep for occurrences of the string "P256" (the most common one) and 1837 check whether any related mapping tables need to be updated */ 1838 CRYPT_ECCCURVE_NONE, /* No ECC curve type */ 1839 CRYPT_ECCCURVE_P256, /* NIST P256/X9.62 P256v1/SECG p256r1 curve */ 1840 CRYPT_ECCCURVE_P384, /* NIST P384, SECG p384r1 curve */ 1841 CRYPT_ECCCURVE_P521, /* NIST P521, SECG p521r1 */ 1842 CRYPT_ECCCURVE_BRAINPOOL_P256, /* Brainpool p256r1 */ 1843 CRYPT_ECCCURVE_BRAINPOOL_P384, /* Brainpool p384r1 */ 1844 CRYPT_ECCCURVE_BRAINPOOL_P512, /* Brainpool p512r1 */ 1845 CRYPT_ECCCURVE_LAST /* Last valid ECC curve type */ 1846 } CRYPT_ECCCURVE_TYPE; 1847 1848 typedef struct { 1849 /* Status information */ 1850 int isPublicKey; /* Whether this is a public or private key */ 1851 1852 /* Curve domain parameters. Either the curveType or the explicit domain 1853 parameters must be provided */ 1854 CRYPT_ECCCURVE_TYPE curveType; /* Named curve */ 1855 unsigned char p[ CRYPT_MAX_PKCSIZE_ECC ];/* Prime defining Fq */ 1856 int pLen; /* Length of prime in bits */ 1857 unsigned char a[ CRYPT_MAX_PKCSIZE_ECC ];/* Element in Fq defining curve */ 1858 int aLen; /* Length of element a in bits */ 1859 unsigned char b[ CRYPT_MAX_PKCSIZE_ECC ];/* Element in Fq defining curve */ 1860 int bLen; /* Length of element b in bits */ 1861 unsigned char gx[ CRYPT_MAX_PKCSIZE_ECC ];/* Element in Fq defining point */ 1862 int gxLen; /* Length of element gx in bits */ 1863 unsigned char gy[ CRYPT_MAX_PKCSIZE_ECC ];/* Element in Fq defining point */ 1864 int gyLen; /* Length of element gy in bits */ 1865 unsigned char n[ CRYPT_MAX_PKCSIZE_ECC ];/* Order of point */ 1866 int nLen; /* Length of order in bits */ 1867 unsigned char h[ CRYPT_MAX_PKCSIZE_ECC ];/* Optional cofactor */ 1868 int hLen; /* Length of cofactor in bits */ 1869 1870 /* Public components */ 1871 unsigned char qx[ CRYPT_MAX_PKCSIZE_ECC ];/* Point Q on the curve */ 1872 int qxLen; /* Length of point xq in bits */ 1873 unsigned char qy[ CRYPT_MAX_PKCSIZE_ECC ];/* Point Q on the curve */ 1874 int qyLen; /* Length of point xy in bits */ 1875 1876 /* Private components */ 1877 unsigned char d[ CRYPT_MAX_PKCSIZE_ECC ];/* Private random integer */ 1878 int dLen; /* Length of integer in bits */ 1879 } CRYPT_PKCINFO_ECC; 1880 1881 /* Macros to initialise and destroy the structure that stores the components 1882 of a public key */ 1883 1884 #define cryptInitComponents( componentInfo, componentKeyType ) \ 1885 { memset( ( componentInfo ), 0, sizeof( *componentInfo ) ); \ 1886 ( componentInfo )->isPublicKey = ( ( componentKeyType ) ? 1 : 0 ); } 1887 1888 #define cryptDestroyComponents( componentInfo ) \ 1889 memset( ( componentInfo ), 0, sizeof( *componentInfo ) ) 1890 1891 /* Macros to set a component of a public key */ 1892 1893 #define cryptSetComponent( destination, source, length ) \ 1894 { memcpy( ( destination ), ( source ), ( ( length ) + 7 ) >> 3 ); \ 1895 ( destination##Len ) = length; } 1896 1897 /**************************************************************************** 1898 * * 1899 * Status Codes * 1900 * * 1901 ****************************************************************************/ 1902 1903 /* No error in function call */ 1904 1905 #define CRYPT_OK 0 /* No error */ 1906 1907 /* Error in parameters passed to function. The parentheses are to catch 1908 potential erroneous use in an expression */ 1909 1910 #define CRYPT_ERROR_PARAM1 ( -1 ) /* Bad argument, parameter 1 */ 1911 #define CRYPT_ERROR_PARAM2 ( -2 ) /* Bad argument, parameter 2 */ 1912 #define CRYPT_ERROR_PARAM3 ( -3 ) /* Bad argument, parameter 3 */ 1913 #define CRYPT_ERROR_PARAM4 ( -4 ) /* Bad argument, parameter 4 */ 1914 #define CRYPT_ERROR_PARAM5 ( -5 ) /* Bad argument, parameter 5 */ 1915 #define CRYPT_ERROR_PARAM6 ( -6 ) /* Bad argument, parameter 6 */ 1916 #define CRYPT_ERROR_PARAM7 ( -7 ) /* Bad argument, parameter 7 */ 1917 1918 /* Errors due to insufficient resources */ 1919 1920 #define CRYPT_ERROR_MEMORY ( -10 ) /* Out of memory */ 1921 #define CRYPT_ERROR_NOTINITED ( -11 ) /* Data has not been initialised */ 1922 #define CRYPT_ERROR_INITED ( -12 ) /* Data has already been init'd */ 1923 #define CRYPT_ERROR_NOSECURE ( -13 ) /* Opn.not avail.at requested sec.level */ 1924 #define CRYPT_ERROR_RANDOM ( -14 ) /* No reliable random data available */ 1925 #define CRYPT_ERROR_FAILED ( -15 ) /* Operation failed */ 1926 #define CRYPT_ERROR_INTERNAL ( -16 ) /* Internal consistency check failed */ 1927 1928 /* Security violations */ 1929 1930 #define CRYPT_ERROR_NOTAVAIL ( -20 ) /* This type of opn.not available */ 1931 #define CRYPT_ERROR_PERMISSION ( -21 ) /* No permiss.to perform this operation */ 1932 #define CRYPT_ERROR_WRONGKEY ( -22 ) /* Incorrect key used to decrypt data */ 1933 #define CRYPT_ERROR_INCOMPLETE ( -23 ) /* Operation incomplete/still in progress */ 1934 #define CRYPT_ERROR_COMPLETE ( -24 ) /* Operation complete/can't continue */ 1935 #define CRYPT_ERROR_TIMEOUT ( -25 ) /* Operation timed out before completion */ 1936 #define CRYPT_ERROR_INVALID ( -26 ) /* Invalid/inconsistent information */ 1937 #define CRYPT_ERROR_SIGNALLED ( -27 ) /* Resource destroyed by extnl.event */ 1938 1939 /* High-level function errors */ 1940 1941 #define CRYPT_ERROR_OVERFLOW ( -30 ) /* Resources/space exhausted */ 1942 #define CRYPT_ERROR_UNDERFLOW ( -31 ) /* Not enough data available */ 1943 #define CRYPT_ERROR_BADDATA ( -32 ) /* Bad/unrecognised data format */ 1944 #define CRYPT_ERROR_SIGNATURE ( -33 ) /* Signature/integrity check failed */ 1945 1946 /* Data access function errors */ 1947 1948 #define CRYPT_ERROR_OPEN ( -40 ) /* Cannot open object */ 1949 #define CRYPT_ERROR_READ ( -41 ) /* Cannot read item from object */ 1950 #define CRYPT_ERROR_WRITE ( -42 ) /* Cannot write item to object */ 1951 #define CRYPT_ERROR_NOTFOUND ( -43 ) /* Requested item not found in object */ 1952 #define CRYPT_ERROR_DUPLICATE ( -44 ) /* Item already present in object */ 1953 1954 /* Data enveloping errors */ 1955 1956 #define CRYPT_ENVELOPE_RESOURCE ( -50 ) /* Need resource to proceed */ 1957 1958 /* Macros to examine return values */ 1959 1960 #define cryptStatusError( status ) ( ( status ) < CRYPT_OK ) 1961 #define cryptStatusOK( status ) ( ( status ) == CRYPT_OK ) 1962 1963 /**************************************************************************** 1964 * * 1965 * General Functions * 1966 * * 1967 ****************************************************************************/ 1968 1969 /* The following is necessary to stop C++ name mangling */ 1970 1971 #ifdef __cplusplus 1972 extern "C" { 1973 #endif /* __cplusplus */ 1974 1975 /* Initialise and shut down cryptlib */ 1976 1977 C_CHECK_RETVAL \ 1978 C_RET cryptInit( void ); 1979 C_RET cryptEnd( void ); 1980 1981 /* Query cryptlibs capabilities */ 1982 1983 C_CHECK_RETVAL \ 1984 C_RET cryptQueryCapability( C_IN CRYPT_ALGO_TYPE cryptAlgo, 1985 C_OUT_OPT CRYPT_QUERY_INFO C_PTR cryptQueryInfo ); 1986 1987 /* Create and destroy an encryption context */ 1988 1989 C_CHECK_RETVAL C_NONNULL_ARG( ( 1 ) ) \ 1990 C_RET cryptCreateContext( C_OUT CRYPT_CONTEXT C_PTR cryptContext, 1991 C_IN CRYPT_USER cryptUser, 1992 C_IN CRYPT_ALGO_TYPE cryptAlgo ); 1993 C_RET cryptDestroyContext( C_IN CRYPT_CONTEXT cryptContext ); 1994 1995 /* Generic "destroy an object" function */ 1996 1997 C_RET cryptDestroyObject( C_IN CRYPT_HANDLE cryptObject ); 1998 1999 /* Generate a key into a context */ 2000 2001 C_CHECK_RETVAL \ 2002 C_RET cryptGenerateKey( C_IN CRYPT_CONTEXT cryptContext ); 2003 2004 /* Encrypt/decrypt/hash a block of memory */ 2005 2006 C_NONNULL_ARG( ( 2 ) ) \ 2007 C_RET cryptEncrypt( C_IN CRYPT_CONTEXT cryptContext, C_INOUT void C_PTR buffer, 2008 C_IN int length ); 2009 C_NONNULL_ARG( ( 2 ) ) \ 2010 C_RET cryptDecrypt( C_IN CRYPT_CONTEXT cryptContext, C_INOUT void C_PTR buffer, 2011 C_IN int length ); 2012 2013 /* Get/set/delete attribute functions */ 2014 2015 C_RET cryptSetAttribute( C_IN CRYPT_HANDLE cryptHandle, 2016 C_IN CRYPT_ATTRIBUTE_TYPE attributeType, 2017 C_IN int value ); 2018 C_NONNULL_ARG( ( 3 ) ) \ 2019 C_RET cryptSetAttributeString( C_IN CRYPT_HANDLE cryptHandle, 2020 C_IN CRYPT_ATTRIBUTE_TYPE attributeType, 2021 C_IN void C_PTR value, C_IN int valueLength ); 2022 C_CHECK_RETVAL C_NONNULL_ARG( ( 3 ) ) \ 2023 C_RET cryptGetAttribute( C_IN CRYPT_HANDLE cryptHandle, 2024 C_IN CRYPT_ATTRIBUTE_TYPE attributeType, 2025 C_OUT int C_PTR value ); 2026 C_CHECK_RETVAL C_NONNULL_ARG( ( 4 ) ) \ 2027 C_RET cryptGetAttributeString( C_IN CRYPT_HANDLE cryptHandle, 2028 C_IN CRYPT_ATTRIBUTE_TYPE attributeType, 2029 C_OUT_OPT void C_PTR value, 2030 C_OUT int C_PTR valueLength ); 2031 C_RET cryptDeleteAttribute( C_IN CRYPT_HANDLE cryptHandle, 2032 C_IN CRYPT_ATTRIBUTE_TYPE attributeType ); 2033 2034 /* Oddball functions: Add random data to the pool, query an encoded signature 2035 or key data. These are due to be replaced once a suitable alternative can 2036 be found */ 2037 2038 C_RET cryptAddRandom( C_IN void C_PTR randomData, C_IN int randomDataLength ); 2039 C_CHECK_RETVAL C_NONNULL_ARG( ( 1, 3 ) ) \ 2040 C_RET cryptQueryObject( C_IN void C_PTR objectData, 2041 C_IN int objectDataLength, 2042 C_OUT CRYPT_OBJECT_INFO C_PTR cryptObjectInfo ); 2043 2044 /**************************************************************************** 2045 * * 2046 * Mid-level Encryption Functions * 2047 * * 2048 ****************************************************************************/ 2049 2050 /* Export and import an encrypted session key */ 2051 2052 C_CHECK_RETVAL C_NONNULL_ARG( ( 3 ) ) \ 2053 C_RET cryptExportKey( C_OUT_OPT void C_PTR encryptedKey, 2054 C_IN int encryptedKeyMaxLength, 2055 C_OUT int C_PTR encryptedKeyLength, 2056 C_IN CRYPT_HANDLE exportKey, 2057 C_IN CRYPT_CONTEXT sessionKeyContext ); 2058 C_CHECK_RETVAL C_NONNULL_ARG( ( 3 ) ) \ 2059 C_RET cryptExportKeyEx( C_OUT_OPT void C_PTR encryptedKey, 2060 C_IN int encryptedKeyMaxLength, 2061 C_OUT int C_PTR encryptedKeyLength, 2062 C_IN CRYPT_FORMAT_TYPE formatType, 2063 C_IN CRYPT_HANDLE exportKey, 2064 C_IN CRYPT_CONTEXT sessionKeyContext ); 2065 C_CHECK_RETVAL C_NONNULL_ARG( ( 1 ) ) \ 2066 C_RET cryptImportKey( C_IN void C_PTR encryptedKey, 2067 C_IN int encryptedKeyLength, 2068 C_IN CRYPT_CONTEXT importKey, 2069 C_IN CRYPT_CONTEXT sessionKeyContext ); 2070 C_CHECK_RETVAL C_NONNULL_ARG( ( 1 ) ) \ 2071 C_RET cryptImportKeyEx( C_IN void C_PTR encryptedKey, 2072 C_IN int encryptedKeyLength, 2073 C_IN CRYPT_CONTEXT importKey, 2074 C_IN CRYPT_CONTEXT sessionKeyContext, 2075 C_OUT_OPT CRYPT_CONTEXT C_PTR returnedContext ); 2076 2077 /* Create and check a digital signature */ 2078 2079 C_CHECK_RETVAL C_NONNULL_ARG( ( 3 ) ) \ 2080 C_RET cryptCreateSignature( C_OUT_OPT void C_PTR signature, 2081 C_IN int signatureMaxLength, 2082 C_OUT int C_PTR signatureLength, 2083 C_IN CRYPT_CONTEXT signContext, 2084 C_IN CRYPT_CONTEXT hashContext ); 2085 C_CHECK_RETVAL C_NONNULL_ARG( ( 3 ) ) \ 2086 C_RET cryptCreateSignatureEx( C_OUT_OPT void C_PTR signature, 2087 C_IN int signatureMaxLength, 2088 C_OUT int C_PTR signatureLength, 2089 C_IN CRYPT_FORMAT_TYPE formatType, 2090 C_IN CRYPT_CONTEXT signContext, 2091 C_IN CRYPT_CONTEXT hashContext, 2092 C_IN CRYPT_CERTIFICATE extraData ); 2093 C_CHECK_RETVAL C_NONNULL_ARG( ( 1 ) ) \ 2094 C_RET cryptCheckSignature( C_IN void C_PTR signature, 2095 C_IN int signatureLength, 2096 C_IN CRYPT_HANDLE sigCheckKey, 2097 C_IN CRYPT_CONTEXT hashContext ); 2098 C_CHECK_RETVAL C_NONNULL_ARG( ( 1 ) ) \ 2099 C_RET cryptCheckSignatureEx( C_IN void C_PTR signature, 2100 C_IN int signatureLength, 2101 C_IN CRYPT_HANDLE sigCheckKey, 2102 C_IN CRYPT_CONTEXT hashContext, 2103 C_OUT_OPT CRYPT_HANDLE C_PTR extraData ); 2104 2105 /**************************************************************************** 2106 * * 2107 * Keyset Functions * 2108 * * 2109 ****************************************************************************/ 2110 2111 /* Open and close a keyset */ 2112 2113 C_CHECK_RETVAL C_NONNULL_ARG( ( 1, 4 ) ) \ 2114 C_RET cryptKeysetOpen( C_OUT CRYPT_KEYSET C_PTR keyset, 2115 C_IN CRYPT_USER cryptUser, 2116 C_IN CRYPT_KEYSET_TYPE keysetType, 2117 C_IN C_STR name, C_IN CRYPT_KEYOPT_TYPE options ); 2118 C_RET cryptKeysetClose( C_IN CRYPT_KEYSET keyset ); 2119 2120 /* Get a key from a keyset or device */ 2121 2122 C_CHECK_RETVAL C_NONNULL_ARG( ( 2 ) ) \ 2123 C_RET cryptGetPublicKey( C_IN CRYPT_KEYSET keyset, 2124 C_OUT CRYPT_CONTEXT C_PTR cryptContext, 2125 C_IN CRYPT_KEYID_TYPE keyIDtype, 2126 C_IN_OPT C_STR keyID ); 2127 C_CHECK_RETVAL C_NONNULL_ARG( ( 2, 4 ) ) \ 2128 C_RET cryptGetPrivateKey( C_IN CRYPT_KEYSET keyset, 2129 C_OUT CRYPT_CONTEXT C_PTR cryptContext, 2130 C_IN CRYPT_KEYID_TYPE keyIDtype, 2131 C_IN C_STR keyID, C_IN_OPT C_STR password ); 2132 C_CHECK_RETVAL C_NONNULL_ARG( ( 2, 4 ) ) \ 2133 C_RET cryptGetKey( C_IN CRYPT_KEYSET keyset, 2134 C_OUT CRYPT_CONTEXT C_PTR cryptContext, 2135 C_IN CRYPT_KEYID_TYPE keyIDtype, C_IN C_STR keyID, 2136 C_IN_OPT C_STR password ); 2137 2138 /* Add/delete a key to/from a keyset or device */ 2139 2140 C_CHECK_RETVAL \ 2141 C_RET cryptAddPublicKey( C_IN CRYPT_KEYSET keyset, 2142 C_IN CRYPT_CERTIFICATE certificate ); 2143 C_CHECK_RETVAL C_NONNULL_ARG( ( 3 ) ) \ 2144 C_RET cryptAddPrivateKey( C_IN CRYPT_KEYSET keyset, 2145 C_IN CRYPT_HANDLE cryptKey, 2146 C_IN C_STR password ); 2147 C_NONNULL_ARG( ( 3 ) ) \ 2148 C_RET cryptDeleteKey( C_IN CRYPT_KEYSET keyset, 2149 C_IN CRYPT_KEYID_TYPE keyIDtype, 2150 C_IN C_STR keyID ); 2151 2152 /**************************************************************************** 2153 * * 2154 * Certificate Functions * 2155 * * 2156 ****************************************************************************/ 2157 2158 /* Create/destroy a certificate */ 2159 2160 C_CHECK_RETVAL C_NONNULL_ARG( ( 1 ) ) \ 2161 C_RET cryptCreateCert( C_OUT CRYPT_CERTIFICATE C_PTR certificate, 2162 C_IN CRYPT_USER cryptUser, 2163 C_IN CRYPT_CERTTYPE_TYPE certType ); 2164 C_RET cryptDestroyCert( C_IN CRYPT_CERTIFICATE certificate ); 2165 2166 /* Get/add/delete certificate extensions. These are direct data insertion 2167 functions whose use is discouraged, so they fix the string at char * 2168 rather than C_STR */ 2169 2170 C_CHECK_RETVAL C_NONNULL_ARG( ( 2, 3, 6 ) ) \ 2171 C_RET cryptGetCertExtension( C_IN CRYPT_CERTIFICATE certificate, 2172 C_IN char C_PTR oid, 2173 C_OUT int C_PTR criticalFlag, 2174 C_OUT_OPT void C_PTR extension, 2175 C_IN int extensionMaxLength, 2176 C_OUT int C_PTR extensionLength ); 2177 C_CHECK_RETVAL C_NONNULL_ARG( ( 2, 4 ) ) \ 2178 C_RET cryptAddCertExtension( C_IN CRYPT_CERTIFICATE certificate, 2179 C_IN char C_PTR oid, C_IN int criticalFlag, 2180 C_IN void C_PTR extension, 2181 C_IN int extensionLength ); 2182 C_NONNULL_ARG( ( 2 ) ) \ 2183 C_RET cryptDeleteCertExtension( C_IN CRYPT_CERTIFICATE certificate, 2184 C_IN char C_PTR oid ); 2185 2186 /* Sign/sig.check a certificate/certification request */ 2187 2188 C_CHECK_RETVAL \ 2189 C_RET cryptSignCert( C_IN CRYPT_CERTIFICATE certificate, 2190 C_IN CRYPT_CONTEXT signContext ); 2191 C_CHECK_RETVAL \ 2192 C_RET cryptCheckCert( C_IN CRYPT_CERTIFICATE certificate, 2193 C_IN CRYPT_HANDLE sigCheckKey ); 2194 2195 /* Import/export a certificate/certification request */ 2196 2197 C_CHECK_RETVAL C_NONNULL_ARG( ( 1, 4 ) ) \ 2198 C_RET cryptImportCert( C_IN void C_PTR certObject, 2199 C_IN int certObjectLength, 2200 C_IN CRYPT_USER cryptUser, 2201 C_OUT CRYPT_CERTIFICATE C_PTR certificate ); 2202 C_CHECK_RETVAL \ 2203 C_RET cryptExportCert( C_OUT_OPT void C_PTR certObject, 2204 C_IN int certObjectMaxLength, 2205 C_OUT int C_PTR certObjectLength, 2206 C_IN CRYPT_CERTFORMAT_TYPE certFormatType, 2207 C_IN CRYPT_CERTIFICATE certificate ); 2208 2209 /* CA management functions */ 2210 2211 C_CHECK_RETVAL \ 2212 C_RET cryptCAAddItem( C_IN CRYPT_KEYSET keyset, 2213 C_IN CRYPT_CERTIFICATE certificate ); 2214 C_CHECK_RETVAL C_NONNULL_ARG( ( 2 ) ) \ 2215 C_RET cryptCAGetItem( C_IN CRYPT_KEYSET keyset, 2216 C_OUT CRYPT_CERTIFICATE C_PTR certificate, 2217 C_IN CRYPT_CERTTYPE_TYPE certType, 2218 C_IN CRYPT_KEYID_TYPE keyIDtype, 2219 C_IN_OPT C_STR keyID ); 2220 C_NONNULL_ARG( ( 4 ) ) \ 2221 C_RET cryptCADeleteItem( C_IN CRYPT_KEYSET keyset, 2222 C_IN CRYPT_CERTTYPE_TYPE certType, 2223 C_IN CRYPT_KEYID_TYPE keyIDtype, 2224 C_IN C_STR keyID ); 2225 C_CHECK_RETVAL \ 2226 C_RET cryptCACertManagement( C_OUT_OPT CRYPT_CERTIFICATE C_PTR certificate, 2227 C_IN CRYPT_CERTACTION_TYPE action, 2228 C_IN CRYPT_KEYSET keyset, 2229 C_IN CRYPT_CONTEXT caKey, 2230 C_IN CRYPT_CERTIFICATE certRequest ); 2231 2232 /**************************************************************************** 2233 * * 2234 * Envelope and Session Functions * 2235 * * 2236 ****************************************************************************/ 2237 2238 /* Create/destroy an envelope */ 2239 2240 C_CHECK_RETVAL C_NONNULL_ARG( ( 1 ) ) \ 2241 C_RET cryptCreateEnvelope( C_OUT CRYPT_ENVELOPE C_PTR envelope, 2242 C_IN CRYPT_USER cryptUser, 2243 C_IN CRYPT_FORMAT_TYPE formatType ); 2244 C_RET cryptDestroyEnvelope( C_IN CRYPT_ENVELOPE envelope ); 2245 2246 /* Create/destroy a session */ 2247 2248 C_CHECK_RETVAL C_NONNULL_ARG( ( 1 ) ) \ 2249 C_RET cryptCreateSession( C_OUT CRYPT_SESSION C_PTR session, 2250 C_IN CRYPT_USER cryptUser, 2251 C_IN CRYPT_SESSION_TYPE formatType ); 2252 C_RET cryptDestroySession( C_IN CRYPT_SESSION session ); 2253 2254 /* Add/remove data to/from and envelope or session */ 2255 2256 C_CHECK_RETVAL C_NONNULL_ARG( ( 2, 4 ) ) \ 2257 C_RET cryptPushData( C_IN CRYPT_HANDLE envelope, C_IN void C_PTR buffer, 2258 C_IN int length, C_OUT int C_PTR bytesCopied ); 2259 C_CHECK_RETVAL \ 2260 C_RET cryptFlushData( C_IN CRYPT_HANDLE envelope ); 2261 C_CHECK_RETVAL C_NONNULL_ARG( ( 2, 4 ) ) \ 2262 C_RET cryptPopData( C_IN CRYPT_HANDLE envelope, C_OUT void C_PTR buffer, 2263 C_IN int length, C_OUT int C_PTR bytesCopied ); 2264 2265 /**************************************************************************** 2266 * * 2267 * Device Functions * 2268 * * 2269 ****************************************************************************/ 2270 2271 /* Open and close a device */ 2272 2273 C_CHECK_RETVAL C_NONNULL_ARG( ( 1 ) ) \ 2274 C_RET cryptDeviceOpen( C_OUT CRYPT_DEVICE C_PTR device, 2275 C_IN CRYPT_USER cryptUser, 2276 C_IN CRYPT_DEVICE_TYPE deviceType, 2277 C_IN_OPT C_STR name ); 2278 C_RET cryptDeviceClose( C_IN CRYPT_DEVICE device ); 2279 2280 /* Query a devices capabilities */ 2281 2282 C_CHECK_RETVAL \ 2283 C_RET cryptDeviceQueryCapability( C_IN CRYPT_DEVICE device, 2284 C_IN CRYPT_ALGO_TYPE cryptAlgo, 2285 C_OUT_OPT CRYPT_QUERY_INFO C_PTR cryptQueryInfo ); 2286 2287 /* Create an encryption context via the device */ 2288 2289 C_CHECK_RETVAL C_NONNULL_ARG( ( 2 ) ) \ 2290 C_RET cryptDeviceCreateContext( C_IN CRYPT_DEVICE device, 2291 C_OUT CRYPT_CONTEXT C_PTR cryptContext, 2292 C_IN CRYPT_ALGO_TYPE cryptAlgo ); 2293 2294 /**************************************************************************** 2295 * * 2296 * User Management Functions * 2297 * * 2298 ****************************************************************************/ 2299 2300 /* Log on and off (create/destroy a user object) */ 2301 2302 C_CHECK_RETVAL C_NONNULL_ARG( ( 1, 2, 3 ) ) \ 2303 C_RET cryptLogin( C_OUT CRYPT_USER C_PTR user, 2304 C_IN C_STR name, C_IN C_STR password ); 2305 C_RET cryptLogout( C_IN CRYPT_USER user ); 2306 2307 /**************************************************************************** 2308 * * 2309 * User Interface Functions * 2310 * * 2311 ****************************************************************************/ 2312 2313 #if ( defined( WIN32 ) || defined( _WIN32 ) || defined( __WIN32__ ) ) && \ 2314 !( defined( _SCCTK ) || defined( _CVI_ ) ) 2315 2316 /* User interface functions, only available under Win32 */ 2317 2318 C_CHECK_RETVAL C_NONNULL_ARG( ( 2, 4, 5 ) ) \ 2319 C_RET cryptUIGenerateKey( C_IN CRYPT_DEVICE cryptDevice, 2320 C_OUT CRYPT_CONTEXT C_PTR cryptContext, 2321 C_IN CRYPT_CERTIFICATE cryptCert, 2322 C_OUT char C_PTR password, C_IN HWND hWnd ); 2323 C_NONNULL_ARG( ( 2 ) ) \ 2324 C_RET cryptUIDisplayCert( C_IN CRYPT_CERTIFICATE cryptCert, 2325 C_IN HWND hWnd ); 2326 2327 #endif /* Win32 */ 2328 2329 #ifdef __cplusplus 2330 } 2331 #endif /* __cplusplus */ 2332 2333 #endif /* _CRYPTLIB_DEFINED */ 2334