source: Network/synapse/cryptlib.pas

Last change on this file was 300, checked in by chronos, 13 years ago
  • Added: Synapse library with package file. Cryptlib units are not included in package file list.
File size: 79.7 KB
Line 
1unit cryptlib;
2
3interface
4
5{****************************************************************************
6* *
7* Cryptlib external API interface *
8* Copyright Peter Gutmann 1997-2005 *
9* *
10* adapted for Delphi Version 5 (32 bit) and Kylix Version 3 *
11* by W. Gothier *
12****************************************************************************}
13
14
15{------------------------------------------------------------------------------
16
17 This file has been created automatically by a perl script from the file:
18
19 "cryptlib.h" dated Mon Jul 18 02:47:56 2005, filesize = 82445.
20
21 Please check twice that the file matches the version of cryptlib.h
22 in your cryptlib source! If this is not the right version, try to download an
23 update from "http://www.sogot.de/cryptlib/". If the filesize or file creation
24 date do not match, then please do not complain about problems.
25
26 Published by W. Gothier,
27 mailto: cryptlib@gothier.net if you find errors in this file.
28
29-------------------------------------------------------------------------------}
30
31{$A+} {Set Alignment on}
32{$F+} {Force function calls to FAR}
33{$Z+} {Force all enumeration values to Integer size}
34
35const
36 {$IFDEF WIN32}
37 cryptlibname = 'CL32.DLL'; { dynamic linkname for Windows (Delphi) }
38 {$ELSE}
39 cryptlibname = 'libcl.so'; { library name for Unix/Linux (Kylix) }
40 { symbolic link should be used for libcl.so -> libcl.so.3.x.y }
41 {$ENDIF}
42
43
44
45{****************************************************************************
46* *
47* Algorithm and Object Types *
48* *
49****************************************************************************}
50
51{ Algorithm and mode types }
52
53
54type
55 CRYPT_ALGO_TYPE = Integer;
56const
57 { Algorithms }
58 { No encryption }
59 CRYPT_ALGO_NONE = 0; { No encryption }
60
61 { Conventional encryption }
62 CRYPT_ALGO_DES = 1; { DES }
63 CRYPT_ALGO_3DES = 2; { Triple DES }
64 CRYPT_ALGO_IDEA = 3; { IDEA }
65 CRYPT_ALGO_CAST = 4; { CAST-128 }
66 CRYPT_ALGO_RC2 = 5; { RC2 }
67 CRYPT_ALGO_RC4 = 6; { RC4 }
68 CRYPT_ALGO_RC5 = 7; { RC5 }
69 CRYPT_ALGO_AES = 8; { AES }
70 CRYPT_ALGO_BLOWFISH = 9; { Blowfish }
71 CRYPT_ALGO_SKIPJACK = 10; { Skipjack }
72
73 { Public-key encryption }
74 CRYPT_ALGO_DH = 100; { Diffie-Hellman }
75 CRYPT_ALGO_RSA = 101; { RSA }
76 CRYPT_ALGO_DSA = 102; { DSA }
77 CRYPT_ALGO_ELGAMAL = 103; { ElGamal }
78 CRYPT_ALGO_KEA = 104; { KEA }
79
80 { Hash algorithms }
81 CRYPT_ALGO_MD2 = 200; { MD2 }
82 CRYPT_ALGO_MD4 = 201; { MD4 }
83 CRYPT_ALGO_MD5 = 202; { MD5 }
84 CRYPT_ALGO_SHA = 203; { SHA/SHA1 }
85 CRYPT_ALGO_RIPEMD160 = 204; { RIPE-MD 160 }
86 CRYPT_ALGO_SHA2 = 205; { SHA2 (SHA-256/384/512)}
87
88 { MAC's }
89 CRYPT_ALGO_HMAC_MD5 = 300; { HMAC-MD5 }
90 CRYPT_ALGO_HMAC_SHA = 301; { HMAC-SHA }
91 CRYPT_ALGO_HMAC_RIPEMD160 = 302; { HMAC-RIPEMD-160 }
92
93 { Vendors may want to use their own algorithms that aren't part of the
94 general cryptlib suite. The following values are for vendor-defined
95 algorithms, and can be used just like the named algorithm types (it's
96 up to the vendor to keep track of what _VENDOR1 actually corresponds
97 to) }
98
99 CRYPT_ALGO_LAST = 303; { Last possible crypt algo value }
100
101 { In order that we can scan through a range of algorithms with
102 cryptQueryCapability(), we define the following boundary points for
103 each algorithm class }
104 CRYPT_ALGO_FIRST_CONVENTIONAL = 1; { = CRYPT_ALGO_DES }
105 CRYPT_ALGO_LAST_CONVENTIONAL = 99;
106 CRYPT_ALGO_FIRST_PKC = 100; { = CRYPT_ALGO_DH }
107 CRYPT_ALGO_LAST_PKC = 199;
108 CRYPT_ALGO_FIRST_HASH = 200; { = CRYPT_ALGO_MD2 }
109 CRYPT_ALGO_LAST_HASH = 299;
110 CRYPT_ALGO_FIRST_MAC = 300; { = CRYPT_ALGO_HMAC_MD5 }
111 CRYPT_ALGO_LAST_MAC = 399; { End of mac algo.range }
112
113
114
115
116
117type
118 CRYPT_MODE_TYPE = ( { Block cipher modes }
119 CRYPT_MODE_NONE, { No encryption mode }
120 CRYPT_MODE_ECB, { ECB }
121 CRYPT_MODE_CBC, { CBC }
122 CRYPT_MODE_CFB, { CFB }
123 CRYPT_MODE_OFB, { OFB }
124 CRYPT_MODE_LAST { Last possible crypt mode value }
125
126 );
127
128
129{ Keyset subtypes }
130
131 CRYPT_KEYSET_TYPE = ( { Keyset types }
132 CRYPT_KEYSET_NONE, { No keyset type }
133 CRYPT_KEYSET_FILE, { Generic flat file keyset }
134 CRYPT_KEYSET_HTTP, { Web page containing cert/CRL }
135 CRYPT_KEYSET_LDAP, { LDAP directory service }
136 CRYPT_KEYSET_ODBC, { Generic ODBC interface }
137 CRYPT_KEYSET_DATABASE, { Generic RDBMS interface }
138 CRYPT_KEYSET_PLUGIN, { Generic database plugin }
139 CRYPT_KEYSET_ODBC_STORE, { ODBC certificate store }
140 CRYPT_KEYSET_DATABASE_STORE, { Database certificate store }
141 CRYPT_KEYSET_PLUGIN_STORE, { Database plugin certificate store }
142 CRYPT_KEYSET_LAST { Last possible keyset type }
143
144
145 );
146
147{ Device subtypes }
148
149 CRYPT_DEVICE_TYPE = ( { Crypto device types }
150 CRYPT_DEVICE_NONE, { No crypto device }
151 CRYPT_DEVICE_FORTEZZA, { Fortezza card }
152 CRYPT_DEVICE_PKCS11, { PKCS #11 crypto token }
153 CRYPT_DEVICE_CRYPTOAPI, { Microsoft CryptoAPI }
154 CRYPT_DEVICE_LAST { Last possible crypto device type }
155
156 );
157
158{ Certificate subtypes }
159
160 CRYPT_CERTTYPE_TYPE = ( { Certificate object types }
161 CRYPT_CERTTYPE_NONE, { No certificate type }
162 CRYPT_CERTTYPE_CERTIFICATE, { Certificate }
163 CRYPT_CERTTYPE_ATTRIBUTE_CERT, { Attribute certificate }
164 CRYPT_CERTTYPE_CERTCHAIN, { PKCS #7 certificate chain }
165 CRYPT_CERTTYPE_CERTREQUEST, { PKCS #10 certification request }
166 CRYPT_CERTTYPE_REQUEST_CERT, { CRMF certification request }
167 CRYPT_CERTTYPE_REQUEST_REVOCATION, { CRMF revocation request }
168 CRYPT_CERTTYPE_CRL, { CRL }
169 CRYPT_CERTTYPE_CMS_ATTRIBUTES, { CMS attributes }
170 CRYPT_CERTTYPE_RTCS_REQUEST, { RTCS request }
171 CRYPT_CERTTYPE_RTCS_RESPONSE, { RTCS response }
172 CRYPT_CERTTYPE_OCSP_REQUEST, { OCSP request }
173 CRYPT_CERTTYPE_OCSP_RESPONSE, { OCSP response }
174 CRYPT_CERTTYPE_PKIUSER, { PKI user information }
175 CRYPT_CERTTYPE_LAST { Last possible cert.type }
176
177 );
178
179{ Envelope/data format subtypes }
180
181 CRYPT_FORMAT_TYPE = (
182 CRYPT_FORMAT_NONE, { No format type }
183 CRYPT_FORMAT_AUTO, { Deenv, auto-determine type }
184 CRYPT_FORMAT_CRYPTLIB, { cryptlib native format }
185 CRYPT_FORMAT_CMS, { PKCS #7 / CMS / S/MIME fmt.}
186 CRYPT_FORMAT_SMIME, { As CMS with MSG-style behaviour }
187 CRYPT_FORMAT_PGP, { PGP format }
188 CRYPT_FORMAT_LAST { Last possible format type }
189
190 );
191
192const
193 CRYPT_FORMAT_PKCS7: CRYPT_FORMAT_TYPE = CRYPT_FORMAT_CMS;
194
195{ Session subtypes }
196
197
198type
199 CRYPT_SESSION_TYPE = (
200 CRYPT_SESSION_NONE, { No session type }
201 CRYPT_SESSION_SSH, { SSH }
202 CRYPT_SESSION_SSH_SERVER, { SSH server }
203 CRYPT_SESSION_SSL, { SSL/TLS }
204 CRYPT_SESSION_SSL_SERVER, { SSL/TLS server }
205 CRYPT_SESSION_RTCS, { RTCS }
206 CRYPT_SESSION_RTCS_SERVER, { RTCS server }
207 CRYPT_SESSION_OCSP, { OCSP }
208 CRYPT_SESSION_OCSP_SERVER, { OCSP server }
209 CRYPT_SESSION_TSP, { TSP }
210 CRYPT_SESSION_TSP_SERVER, { TSP server }
211 CRYPT_SESSION_CMP, { CMP }
212 CRYPT_SESSION_CMP_SERVER, { CMP server }
213 CRYPT_SESSION_SCEP, { SCEP }
214 CRYPT_SESSION_SCEP_SERVER, { SCEP server }
215 CRYPT_SESSION_CERTSTORE_SERVER, { HTTP cert store interface }
216 CRYPT_SESSION_LAST { Last possible session type }
217
218 );
219
220{ User subtypes }
221
222 CRYPT_USER_TYPE = (
223 CRYPT_USER_NONE, { No user type }
224 CRYPT_USER_NORMAL, { Normal user }
225 CRYPT_USER_SO, { Security officer }
226 CRYPT_USER_CA, { CA user }
227 CRYPT_USER_LAST { Last possible user type }
228
229 );
230
231{****************************************************************************
232* *
233* Attribute Types *
234* *
235****************************************************************************}
236
237{ Attribute types. These are arranged in the following order:
238
239 PROPERTY - Object property
240 ATTRIBUTE - Generic attributes
241 OPTION - Global or object-specific config.option
242 CTXINFO - Context-specific attribute
243 CERTINFO - Certificate-specific attribute
244 KEYINFO - Keyset-specific attribute
245 DEVINFO - Device-specific attribute
246 ENVINFO - Envelope-specific attribute
247 SESSINFO - Session-specific attribute
248 USERINFO - User-specific attribute }
249
250 CRYPT_ATTRIBUTE_TYPE = Integer;
251const
252
253 CRYPT_ATTRIBUTE_NONE = 0; { Non-value }
254
255 { Used internally }
256 CRYPT_PROPERTY_FIRST = 1;
257
258 {*******************}
259 { Object attributes }
260 {*******************}
261
262 { Object properties }
263 CRYPT_PROPERTY_HIGHSECURITY = 2; { Owned+non-forwardcount+locked }
264 CRYPT_PROPERTY_OWNER = 3; { Object owner }
265 CRYPT_PROPERTY_FORWARDCOUNT = 4; { No.of times object can be forwarded }
266 CRYPT_PROPERTY_LOCKED = 5; { Whether properties can be chged/read }
267 CRYPT_PROPERTY_USAGECOUNT = 6; { Usage count before object expires }
268 CRYPT_PROPERTY_NONEXPORTABLE = 7; { Whether key is nonexp.from context }
269
270 { Used internally }
271 CRYPT_PROPERTY_LAST = 8; CRYPT_GENERIC_FIRST = 9;
272
273 { Extended error information }
274 CRYPT_ATTRIBUTE_ERRORTYPE = 10; { Type of last error }
275 CRYPT_ATTRIBUTE_ERRORLOCUS = 11; { Locus of last error }
276 CRYPT_ATTRIBUTE_INT_ERRORCODE = 12; { Low-level software-specific }
277 CRYPT_ATTRIBUTE_INT_ERRORMESSAGE = 13; { error code and message }
278
279 { Generic information }
280 CRYPT_ATTRIBUTE_CURRENT_GROUP = 14; { Cursor mgt: Group in attribute list }
281 CRYPT_ATTRIBUTE_CURRENT = 15; { Cursor mgt: Entry in attribute list }
282 CRYPT_ATTRIBUTE_CURRENT_INSTANCE = 16; { Cursor mgt: Instance in attribute list }
283 CRYPT_ATTRIBUTE_BUFFERSIZE = 17; { Internal data buffer size }
284
285 { User internally }
286 CRYPT_GENERIC_LAST = 18; CRYPT_OPTION_FIRST = 100;
287
288 {**************************}
289 { Configuration attributes }
290 {**************************}
291
292 { cryptlib information (read-only) }
293 CRYPT_OPTION_INFO_DESCRIPTION = 101; { Text description }
294 CRYPT_OPTION_INFO_COPYRIGHT = 102; { Copyright notice }
295 CRYPT_OPTION_INFO_MAJORVERSION = 103; { Major release version }
296 CRYPT_OPTION_INFO_MINORVERSION = 104; { Minor release version }
297 CRYPT_OPTION_INFO_STEPPING = 105; { Release stepping }
298
299 { Encryption options }
300 CRYPT_OPTION_ENCR_ALGO = 106; { Encryption algorithm }
301 CRYPT_OPTION_ENCR_HASH = 107; { Hash algorithm }
302 CRYPT_OPTION_ENCR_MAC = 108; { MAC algorithm }
303
304 { PKC options }
305 CRYPT_OPTION_PKC_ALGO = 109; { Public-key encryption algorithm }
306 CRYPT_OPTION_PKC_KEYSIZE = 110; { Public-key encryption key size }
307
308 { Signature options }
309 CRYPT_OPTION_SIG_ALGO = 111; { Signature algorithm }
310 CRYPT_OPTION_SIG_KEYSIZE = 112; { Signature keysize }
311
312 { Keying options }
313 CRYPT_OPTION_KEYING_ALGO = 113; { Key processing algorithm }
314 CRYPT_OPTION_KEYING_ITERATIONS = 114; { Key processing iterations }
315
316 { Certificate options }
317 CRYPT_OPTION_CERT_SIGNUNRECOGNISEDATTRIBUTES = 115; { Whether to sign unrecog.attrs }
318 CRYPT_OPTION_CERT_VALIDITY = 116; { Certificate validity period }
319 CRYPT_OPTION_CERT_UPDATEINTERVAL = 117; { CRL update interval }
320 CRYPT_OPTION_CERT_COMPLIANCELEVEL = 118; { PKIX compliance level for cert chks.}
321 CRYPT_OPTION_CERT_REQUIREPOLICY = 119; { Whether explicit policy req'd for certs }
322
323 { CMS/SMIME options }
324 CRYPT_OPTION_CMS_DEFAULTATTRIBUTES = 120; { Add default CMS attributes }
325 CRYPT_OPTION_SMIME_DEFAULTATTRIBUTES = 120; { = CRYPT_OPTION_CMS_DEFAULTATTRIBUTES }
326
327 { LDAP keyset options }
328 CRYPT_OPTION_KEYS_LDAP_OBJECTCLASS = 121; { Object class }
329 CRYPT_OPTION_KEYS_LDAP_OBJECTTYPE = 122; { Object type to fetch }
330 CRYPT_OPTION_KEYS_LDAP_FILTER = 123; { Query filter }
331 CRYPT_OPTION_KEYS_LDAP_CACERTNAME = 124; { CA certificate attribute name }
332 CRYPT_OPTION_KEYS_LDAP_CERTNAME = 125; { Certificate attribute name }
333 CRYPT_OPTION_KEYS_LDAP_CRLNAME = 126; { CRL attribute name }
334 CRYPT_OPTION_KEYS_LDAP_EMAILNAME = 127; { Email attribute name }
335
336 { Crypto device options }
337 CRYPT_OPTION_DEVICE_PKCS11_DVR01 = 128; { Name of first PKCS #11 driver }
338 CRYPT_OPTION_DEVICE_PKCS11_DVR02 = 129; { Name of second PKCS #11 driver }
339 CRYPT_OPTION_DEVICE_PKCS11_DVR03 = 130; { Name of third PKCS #11 driver }
340 CRYPT_OPTION_DEVICE_PKCS11_DVR04 = 131; { Name of fourth PKCS #11 driver }
341 CRYPT_OPTION_DEVICE_PKCS11_DVR05 = 132; { Name of fifth PKCS #11 driver }
342 CRYPT_OPTION_DEVICE_PKCS11_HARDWAREONLY = 133; { Use only hardware mechanisms }
343
344 { Network access options }
345 CRYPT_OPTION_NET_SOCKS_SERVER = 134; { Socks server name }
346 CRYPT_OPTION_NET_SOCKS_USERNAME = 135; { Socks user name }
347 CRYPT_OPTION_NET_HTTP_PROXY = 136; { Web proxy server }
348 CRYPT_OPTION_NET_CONNECTTIMEOUT = 137; { Timeout for network connection setup }
349 CRYPT_OPTION_NET_READTIMEOUT = 138; { Timeout for network reads }
350 CRYPT_OPTION_NET_WRITETIMEOUT = 139; { Timeout for network writes }
351
352 { Miscellaneous options }
353 CRYPT_OPTION_MISC_ASYNCINIT = 140; { Whether to init cryptlib async'ly }
354 CRYPT_OPTION_MISC_SIDECHANNELPROTECTION = 141; { Protect against side-channel attacks }
355
356 { cryptlib state information }
357 CRYPT_OPTION_CONFIGCHANGED = 142; { Whether in-mem.opts match on-disk ones }
358 CRYPT_OPTION_SELFTESTOK = 143; { Whether self-test was completed and OK }
359
360 { Used internally }
361 CRYPT_OPTION_LAST = 144; CRYPT_CTXINFO_FIRST = 1000;
362
363 {********************}
364 { Context attributes }
365 {********************}
366
367 { Algorithm and mode information }
368 CRYPT_CTXINFO_ALGO = 1001; { Algorithm }
369 CRYPT_CTXINFO_MODE = 1002; { Mode }
370 CRYPT_CTXINFO_NAME_ALGO = 1003; { Algorithm name }
371 CRYPT_CTXINFO_NAME_MODE = 1004; { Mode name }
372 CRYPT_CTXINFO_KEYSIZE = 1005; { Key size in bytes }
373 CRYPT_CTXINFO_BLOCKSIZE = 1006; { Block size }
374 CRYPT_CTXINFO_IVSIZE = 1007; { IV size }
375 CRYPT_CTXINFO_KEYING_ALGO = 1008; { Key processing algorithm }
376 CRYPT_CTXINFO_KEYING_ITERATIONS = 1009; { Key processing iterations }
377 CRYPT_CTXINFO_KEYING_SALT = 1010; { Key processing salt }
378 CRYPT_CTXINFO_KEYING_VALUE = 1011; { Value used to derive key }
379
380 { State information }
381 CRYPT_CTXINFO_KEY = 1012; { Key }
382 CRYPT_CTXINFO_KEY_COMPONENTS = 1013; { Public-key components }
383 CRYPT_CTXINFO_IV = 1014; { IV }
384 CRYPT_CTXINFO_HASHVALUE = 1015; { Hash value }
385
386 { Misc.information }
387 CRYPT_CTXINFO_LABEL = 1016; { Label for private/secret key }
388
389 { Used internally }
390 CRYPT_CTXINFO_LAST = 1017; CRYPT_CERTINFO_FIRST = 2000;
391
392 {************************}
393 { Certificate attributes }
394 {************************}
395
396 { Because there are so many cert attributes, we break them down into
397 blocks to minimise the number of values that change if a new one is
398 added halfway through }
399
400 { Pseudo-information on a cert object or meta-information which is used
401 to control the way that a cert object is processed }
402 CRYPT_CERTINFO_SELFSIGNED = 2001; { Cert is self-signed }
403 CRYPT_CERTINFO_IMMUTABLE = 2002; { Cert is signed and immutable }
404 CRYPT_CERTINFO_XYZZY = 2003; { Cert is a magic just-works cert }
405 CRYPT_CERTINFO_CERTTYPE = 2004; { Certificate object type }
406 CRYPT_CERTINFO_FINGERPRINT = 2005; { Certificate fingerprints }
407 CRYPT_CERTINFO_FINGERPRINT_MD5 = 2005; { = CRYPT_CERTINFO_FINGERPRINT }
408 CRYPT_CERTINFO_FINGERPRINT_SHA = 2006;
409 CRYPT_CERTINFO_CURRENT_CERTIFICATE = 2007; { Cursor mgt: Rel.pos in chain/CRL/OCSP }
410 CRYPT_CERTINFO_CURRENT_EXTENSION = 2008; { Cursor mgt: Rel.pos.or abs.extension }
411 CRYPT_CERTINFO_CURRENT_FIELD = 2009; { Cursor mgt: Rel.pos.or abs.field in ext }
412 CRYPT_CERTINFO_CURRENT_COMPONENT = 2010; { Cursor mgt: Rel.pos in multival.field }
413 CRYPT_CERTINFO_TRUSTED_USAGE = 2011; { Usage that cert is trusted for }
414 CRYPT_CERTINFO_TRUSTED_IMPLICIT = 2012; { Whether cert is implicitly trusted }
415 CRYPT_CERTINFO_SIGNATURELEVEL = 2013; { Amount of detail to include in sigs.}
416
417 { General certificate object information }
418 CRYPT_CERTINFO_VERSION = 2014; { Cert.format version }
419 CRYPT_CERTINFO_SERIALNUMBER = 2015; { Serial number }
420 CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO = 2016; { Public key }
421 CRYPT_CERTINFO_CERTIFICATE = 2017; { User certificate }
422 CRYPT_CERTINFO_USERCERTIFICATE = 2017; { = CRYPT_CERTINFO_CERTIFICATE }
423 CRYPT_CERTINFO_CACERTIFICATE = 2018; { CA certificate }
424 CRYPT_CERTINFO_ISSUERNAME = 2019; { Issuer DN }
425 CRYPT_CERTINFO_VALIDFROM = 2020; { Cert valid-from time }
426 CRYPT_CERTINFO_VALIDTO = 2021; { Cert valid-to time }
427 CRYPT_CERTINFO_SUBJECTNAME = 2022; { Subject DN }
428 CRYPT_CERTINFO_ISSUERUNIQUEID = 2023; { Issuer unique ID }
429 CRYPT_CERTINFO_SUBJECTUNIQUEID = 2024; { Subject unique ID }
430 CRYPT_CERTINFO_CERTREQUEST = 2025; { Cert.request (DN + public key) }
431 CRYPT_CERTINFO_THISUPDATE = 2026; { CRL/OCSP current-update time }
432 CRYPT_CERTINFO_NEXTUPDATE = 2027; { CRL/OCSP next-update time }
433 CRYPT_CERTINFO_REVOCATIONDATE = 2028; { CRL/OCSP cert-revocation time }
434 CRYPT_CERTINFO_REVOCATIONSTATUS = 2029; { OCSP revocation status }
435 CRYPT_CERTINFO_CERTSTATUS = 2030; { RTCS certificate status }
436 CRYPT_CERTINFO_DN = 2031; { Currently selected DN in string form }
437 CRYPT_CERTINFO_PKIUSER_ID = 2032; { PKI user ID }
438 CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD = 2033; { PKI user issue password }
439 CRYPT_CERTINFO_PKIUSER_REVPASSWORD = 2034; { PKI user revocation password }
440
441 { X.520 Distinguished Name components. This is a composite field, the
442 DN to be manipulated is selected through the addition of a
443 pseudocomponent, and then one of the following is used to access the
444 DN components directly }
445 CRYPT_CERTINFO_COUNTRYNAME = 2100; { countryName }
446 CRYPT_CERTINFO_STATEORPROVINCENAME = 2101; { stateOrProvinceName }
447 CRYPT_CERTINFO_LOCALITYNAME = 2102; { localityName }
448 CRYPT_CERTINFO_ORGANIZATIONNAME = 2103; { organizationName }
449 CRYPT_CERTINFO_ORGANISATIONNAME = 2103; { = CRYPT_CERTINFO_ORGANIZATIONNAME }
450 CRYPT_CERTINFO_ORGANIZATIONALUNITNAME = 2104; { organizationalUnitName }
451 CRYPT_CERTINFO_ORGANISATIONALUNITNAME = 2104; { = CRYPT_CERTINFO_ORGANIZATIONALUNITNAME }
452 CRYPT_CERTINFO_COMMONNAME = 2105; { commonName }
453
454 { X.509 General Name components. These are handled in the same way as
455 the DN composite field, with the current GeneralName being selected by
456 a pseudo-component after which the individual components can be
457 modified through one of the following }
458 CRYPT_CERTINFO_OTHERNAME_TYPEID = 2106; { otherName.typeID }
459 CRYPT_CERTINFO_OTHERNAME_VALUE = 2107; { otherName.value }
460 CRYPT_CERTINFO_RFC822NAME = 2108; { rfc822Name }
461 CRYPT_CERTINFO_EMAIL = 2108; { = CRYPT_CERTINFO_RFC822NAME }
462 CRYPT_CERTINFO_DNSNAME = 2109; { dNSName }
463 CRYPT_CERTINFO_DIRECTORYNAME = 2110; { directoryName }
464 CRYPT_CERTINFO_EDIPARTYNAME_NAMEASSIGNER = 2111; { ediPartyName.nameAssigner }
465 CRYPT_CERTINFO_EDIPARTYNAME_PARTYNAME = 2112; { ediPartyName.partyName }
466 CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER = 2113; { uniformResourceIdentifier }
467 CRYPT_CERTINFO_IPADDRESS = 2114; { iPAddress }
468 CRYPT_CERTINFO_REGISTEREDID = 2115; { registeredID }
469
470 { X.509 certificate extensions. Although it would be nicer to use names
471 that match the extensions more closely (e.g.
472 CRYPT_CERTINFO_BASICCONSTRAINTS_PATHLENCONSTRAINT), these exceed the
473 32-character ANSI minimum length for unique names, and get really
474 hairy once you get into the weird policy constraints extensions whose
475 names wrap around the screen about three times.
476
477 The following values are defined in OID order, this isn't absolutely
478 necessary but saves an extra layer of processing when encoding them }
479
480 { 1 2 840 113549 1 9 7 challengePassword. This is here even though it's
481 a CMS attribute because SCEP stuffs it into PKCS #10 requests }
482 CRYPT_CERTINFO_CHALLENGEPASSWORD = 2200;
483
484 { 1 3 6 1 4 1 3029 3 1 4 cRLExtReason }
485 CRYPT_CERTINFO_CRLEXTREASON = 2201;
486
487 { 1 3 6 1 4 1 3029 3 1 5 keyFeatures }
488 CRYPT_CERTINFO_KEYFEATURES = 2202;
489
490 { 1 3 6 1 5 5 7 1 1 authorityInfoAccess }
491 CRYPT_CERTINFO_AUTHORITYINFOACCESS = 2203;
492 CRYPT_CERTINFO_AUTHORITYINFO_RTCS = 2204; { accessDescription.accessLocation }
493 CRYPT_CERTINFO_AUTHORITYINFO_OCSP = 2205; { accessDescription.accessLocation }
494 CRYPT_CERTINFO_AUTHORITYINFO_CAISSUERS = 2206; { accessDescription.accessLocation }
495 CRYPT_CERTINFO_AUTHORITYINFO_CERTSTORE = 2207; { accessDescription.accessLocation }
496 CRYPT_CERTINFO_AUTHORITYINFO_CRLS = 2208; { accessDescription.accessLocation }
497
498 { 1 3 6 1 5 5 7 1 2 biometricInfo }
499 CRYPT_CERTINFO_BIOMETRICINFO = 2209;
500 CRYPT_CERTINFO_BIOMETRICINFO_TYPE = 2210; { biometricData.typeOfData }
501 CRYPT_CERTINFO_BIOMETRICINFO_HASHALGO = 2211; { biometricData.hashAlgorithm }
502 CRYPT_CERTINFO_BIOMETRICINFO_HASH = 2212; { biometricData.dataHash }
503 CRYPT_CERTINFO_BIOMETRICINFO_URL = 2213; { biometricData.sourceDataUri }
504
505 { 1 3 6 1 5 5 7 1 3 qcStatements }
506 CRYPT_CERTINFO_QCSTATEMENT = 2214;
507 CRYPT_CERTINFO_QCSTATEMENT_SEMANTICS = 2215;
508 { qcStatement.statementInfo.semanticsIdentifier }
509 CRYPT_CERTINFO_QCSTATEMENT_REGISTRATIONAUTHORITY = 2216;
510 { qcStatement.statementInfo.nameRegistrationAuthorities }
511
512 { 1 3 6 1 5 5 7 48 1 2 ocspNonce }
513 CRYPT_CERTINFO_OCSP_NONCE = 2217; { nonce }
514
515 { 1 3 6 1 5 5 7 48 1 4 ocspAcceptableResponses }
516 CRYPT_CERTINFO_OCSP_RESPONSE = 2218;
517 CRYPT_CERTINFO_OCSP_RESPONSE_OCSP = 2219; { OCSP standard response }
518
519 { 1 3 6 1 5 5 7 48 1 5 ocspNoCheck }
520 CRYPT_CERTINFO_OCSP_NOCHECK = 2220;
521
522 { 1 3 6 1 5 5 7 48 1 6 ocspArchiveCutoff }
523 CRYPT_CERTINFO_OCSP_ARCHIVECUTOFF = 2221;
524
525 { 1 3 6 1 5 5 7 48 1 11 subjectInfoAccess }
526 CRYPT_CERTINFO_SUBJECTINFOACCESS = 2222;
527 CRYPT_CERTINFO_SUBJECTINFO_CAREPOSITORY = 2223; { accessDescription.accessLocation }
528 CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING = 2224; { accessDescription.accessLocation }
529
530 { 1 3 36 8 3 1 siggDateOfCertGen }
531 CRYPT_CERTINFO_SIGG_DATEOFCERTGEN = 2225;
532
533 { 1 3 36 8 3 2 siggProcuration }
534 CRYPT_CERTINFO_SIGG_PROCURATION = 2226;
535 CRYPT_CERTINFO_SIGG_PROCURE_COUNTRY = 2227; { country }
536 CRYPT_CERTINFO_SIGG_PROCURE_TYPEOFSUBSTITUTION = 2228; { typeOfSubstitution }
537 CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR = 2229; { signingFor.thirdPerson }
538
539 { 1 3 36 8 3 4 siggMonetaryLimit }
540 CRYPT_CERTINFO_SIGG_MONETARYLIMIT = 2230;
541 CRYPT_CERTINFO_SIGG_MONETARY_CURRENCY = 2231; { currency }
542 CRYPT_CERTINFO_SIGG_MONETARY_AMOUNT = 2232; { amount }
543 CRYPT_CERTINFO_SIGG_MONETARY_EXPONENT = 2233; { exponent }
544
545 { 1 3 36 8 3 8 siggRestriction }
546 CRYPT_CERTINFO_SIGG_RESTRICTION = 2234;
547
548 { 1 3 101 1 4 1 strongExtranet }
549 CRYPT_CERTINFO_STRONGEXTRANET = 2235;
550 CRYPT_CERTINFO_STRONGEXTRANET_ZONE = 2236; { sxNetIDList.sxNetID.zone }
551 CRYPT_CERTINFO_STRONGEXTRANET_ID = 2237; { sxNetIDList.sxNetID.id }
552
553 { 2 5 29 9 subjectDirectoryAttributes }
554 CRYPT_CERTINFO_SUBJECTDIRECTORYATTRIBUTES = 2238;
555 CRYPT_CERTINFO_SUBJECTDIR_TYPE = 2239; { attribute.type }
556 CRYPT_CERTINFO_SUBJECTDIR_VALUES = 2240; { attribute.values }
557
558 { 2 5 29 14 subjectKeyIdentifier }
559 CRYPT_CERTINFO_SUBJECTKEYIDENTIFIER = 2241;
560
561 { 2 5 29 15 keyUsage }
562 CRYPT_CERTINFO_KEYUSAGE = 2242;
563
564 { 2 5 29 16 privateKeyUsagePeriod }
565 CRYPT_CERTINFO_PRIVATEKEYUSAGEPERIOD = 2243;
566 CRYPT_CERTINFO_PRIVATEKEY_NOTBEFORE = 2244; { notBefore }
567 CRYPT_CERTINFO_PRIVATEKEY_NOTAFTER = 2245; { notAfter }
568
569 { 2 5 29 17 subjectAltName }
570 CRYPT_CERTINFO_SUBJECTALTNAME = 2246;
571
572 { 2 5 29 18 issuerAltName }
573 CRYPT_CERTINFO_ISSUERALTNAME = 2247;
574
575 { 2 5 29 19 basicConstraints }
576 CRYPT_CERTINFO_BASICCONSTRAINTS = 2248;
577 CRYPT_CERTINFO_CA = 2249; { cA }
578 CRYPT_CERTINFO_AUTHORITY = 2249; { = CRYPT_CERTINFO_CA }
579 CRYPT_CERTINFO_PATHLENCONSTRAINT = 2250; { pathLenConstraint }
580
581 { 2 5 29 20 cRLNumber }
582 CRYPT_CERTINFO_CRLNUMBER = 2251;
583
584 { 2 5 29 21 cRLReason }
585 CRYPT_CERTINFO_CRLREASON = 2252;
586
587 { 2 5 29 23 holdInstructionCode }
588 CRYPT_CERTINFO_HOLDINSTRUCTIONCODE = 2253;
589
590 { 2 5 29 24 invalidityDate }
591 CRYPT_CERTINFO_INVALIDITYDATE = 2254;
592
593 { 2 5 29 27 deltaCRLIndicator }
594 CRYPT_CERTINFO_DELTACRLINDICATOR = 2255;
595
596 { 2 5 29 28 issuingDistributionPoint }
597 CRYPT_CERTINFO_ISSUINGDISTRIBUTIONPOINT = 2256;
598 CRYPT_CERTINFO_ISSUINGDIST_FULLNAME = 2257; { distributionPointName.fullName }
599 CRYPT_CERTINFO_ISSUINGDIST_USERCERTSONLY = 2258; { onlyContainsUserCerts }
600 CRYPT_CERTINFO_ISSUINGDIST_CACERTSONLY = 2259; { onlyContainsCACerts }
601 CRYPT_CERTINFO_ISSUINGDIST_SOMEREASONSONLY = 2260; { onlySomeReasons }
602 CRYPT_CERTINFO_ISSUINGDIST_INDIRECTCRL = 2261; { indirectCRL }
603
604 { 2 5 29 29 certificateIssuer }
605 CRYPT_CERTINFO_CERTIFICATEISSUER = 2262;
606
607 { 2 5 29 30 nameConstraints }
608 CRYPT_CERTINFO_NAMECONSTRAINTS = 2263;
609 CRYPT_CERTINFO_PERMITTEDSUBTREES = 2264; { permittedSubtrees }
610 CRYPT_CERTINFO_EXCLUDEDSUBTREES = 2265; { excludedSubtrees }
611
612 { 2 5 29 31 cRLDistributionPoint }
613 CRYPT_CERTINFO_CRLDISTRIBUTIONPOINT = 2266;
614 CRYPT_CERTINFO_CRLDIST_FULLNAME = 2267; { distributionPointName.fullName }
615 CRYPT_CERTINFO_CRLDIST_REASONS = 2268; { reasons }
616 CRYPT_CERTINFO_CRLDIST_CRLISSUER = 2269; { cRLIssuer }
617
618 { 2 5 29 32 certificatePolicies }
619 CRYPT_CERTINFO_CERTIFICATEPOLICIES = 2270;
620 CRYPT_CERTINFO_CERTPOLICYID = 2271; { policyInformation.policyIdentifier }
621 CRYPT_CERTINFO_CERTPOLICY_CPSURI = 2272;
622 { policyInformation.policyQualifiers.qualifier.cPSuri }
623 CRYPT_CERTINFO_CERTPOLICY_ORGANIZATION = 2273;
624 { policyInformation.policyQualifiers.qualifier.userNotice.noticeRef.organization }
625 CRYPT_CERTINFO_CERTPOLICY_NOTICENUMBERS = 2274;
626 { policyInformation.policyQualifiers.qualifier.userNotice.noticeRef.noticeNumbers }
627 CRYPT_CERTINFO_CERTPOLICY_EXPLICITTEXT = 2275;
628 { policyInformation.policyQualifiers.qualifier.userNotice.explicitText }
629
630 { 2 5 29 33 policyMappings }
631 CRYPT_CERTINFO_POLICYMAPPINGS = 2276;
632 CRYPT_CERTINFO_ISSUERDOMAINPOLICY = 2277; { policyMappings.issuerDomainPolicy }
633 CRYPT_CERTINFO_SUBJECTDOMAINPOLICY = 2278; { policyMappings.subjectDomainPolicy }
634
635 { 2 5 29 35 authorityKeyIdentifier }
636 CRYPT_CERTINFO_AUTHORITYKEYIDENTIFIER = 2279;
637 CRYPT_CERTINFO_AUTHORITY_KEYIDENTIFIER = 2280; { keyIdentifier }
638 CRYPT_CERTINFO_AUTHORITY_CERTISSUER = 2281; { authorityCertIssuer }
639 CRYPT_CERTINFO_AUTHORITY_CERTSERIALNUMBER = 2282; { authorityCertSerialNumber }
640
641 { 2 5 29 36 policyConstraints }
642 CRYPT_CERTINFO_POLICYCONSTRAINTS = 2283;
643 CRYPT_CERTINFO_REQUIREEXPLICITPOLICY = 2284; { policyConstraints.requireExplicitPolicy }
644 CRYPT_CERTINFO_INHIBITPOLICYMAPPING = 2285; { policyConstraints.inhibitPolicyMapping }
645
646 { 2 5 29 37 extKeyUsage }
647 CRYPT_CERTINFO_EXTKEYUSAGE = 2286;
648 CRYPT_CERTINFO_EXTKEY_MS_INDIVIDUALCODESIGNING = 2287; { individualCodeSigning }
649 CRYPT_CERTINFO_EXTKEY_MS_COMMERCIALCODESIGNING = 2288; { commercialCodeSigning }
650 CRYPT_CERTINFO_EXTKEY_MS_CERTTRUSTLISTSIGNING = 2289; { certTrustListSigning }
651 CRYPT_CERTINFO_EXTKEY_MS_TIMESTAMPSIGNING = 2290; { timeStampSigning }
652 CRYPT_CERTINFO_EXTKEY_MS_SERVERGATEDCRYPTO = 2291; { serverGatedCrypto }
653 CRYPT_CERTINFO_EXTKEY_MS_ENCRYPTEDFILESYSTEM = 2292; { encrypedFileSystem }
654 CRYPT_CERTINFO_EXTKEY_SERVERAUTH = 2293; { serverAuth }
655 CRYPT_CERTINFO_EXTKEY_CLIENTAUTH = 2294; { clientAuth }
656 CRYPT_CERTINFO_EXTKEY_CODESIGNING = 2295; { codeSigning }
657 CRYPT_CERTINFO_EXTKEY_EMAILPROTECTION = 2296; { emailProtection }
658 CRYPT_CERTINFO_EXTKEY_IPSECENDSYSTEM = 2297; { ipsecEndSystem }
659 CRYPT_CERTINFO_EXTKEY_IPSECTUNNEL = 2298; { ipsecTunnel }
660 CRYPT_CERTINFO_EXTKEY_IPSECUSER = 2299; { ipsecUser }
661 CRYPT_CERTINFO_EXTKEY_TIMESTAMPING = 2300; { timeStamping }
662 CRYPT_CERTINFO_EXTKEY_OCSPSIGNING = 2301; { ocspSigning }
663 CRYPT_CERTINFO_EXTKEY_DIRECTORYSERVICE = 2302; { directoryService }
664 CRYPT_CERTINFO_EXTKEY_ANYKEYUSAGE = 2303; { anyExtendedKeyUsage }
665 CRYPT_CERTINFO_EXTKEY_NS_SERVERGATEDCRYPTO = 2304; { serverGatedCrypto }
666 CRYPT_CERTINFO_EXTKEY_VS_SERVERGATEDCRYPTO_CA = 2305; { serverGatedCrypto CA }
667
668 { 2 5 29 46 freshestCRL }
669 CRYPT_CERTINFO_FRESHESTCRL = 2306;
670 CRYPT_CERTINFO_FRESHESTCRL_FULLNAME = 2307; { distributionPointName.fullName }
671 CRYPT_CERTINFO_FRESHESTCRL_REASONS = 2308; { reasons }
672 CRYPT_CERTINFO_FRESHESTCRL_CRLISSUER = 2309; { cRLIssuer }
673
674 { 2 5 29 54 inhibitAnyPolicy }
675 CRYPT_CERTINFO_INHIBITANYPOLICY = 2310;
676
677 { 2 16 840 1 113730 1 x Netscape extensions }
678 CRYPT_CERTINFO_NS_CERTTYPE = 2311; { netscape-cert-type }
679 CRYPT_CERTINFO_NS_BASEURL = 2312; { netscape-base-url }
680 CRYPT_CERTINFO_NS_REVOCATIONURL = 2313; { netscape-revocation-url }
681 CRYPT_CERTINFO_NS_CAREVOCATIONURL = 2314; { netscape-ca-revocation-url }
682 CRYPT_CERTINFO_NS_CERTRENEWALURL = 2315; { netscape-cert-renewal-url }
683 CRYPT_CERTINFO_NS_CAPOLICYURL = 2316; { netscape-ca-policy-url }
684 CRYPT_CERTINFO_NS_SSLSERVERNAME = 2317; { netscape-ssl-server-name }
685 CRYPT_CERTINFO_NS_COMMENT = 2318; { netscape-comment }
686
687 { 2 23 42 7 0 SET hashedRootKey }
688 CRYPT_CERTINFO_SET_HASHEDROOTKEY = 2319;
689 CRYPT_CERTINFO_SET_ROOTKEYTHUMBPRINT = 2320; { rootKeyThumbPrint }
690
691 { 2 23 42 7 1 SET certificateType }
692 CRYPT_CERTINFO_SET_CERTIFICATETYPE = 2321;
693
694 { 2 23 42 7 2 SET merchantData }
695 CRYPT_CERTINFO_SET_MERCHANTDATA = 2322;
696 CRYPT_CERTINFO_SET_MERID = 2323; { merID }
697 CRYPT_CERTINFO_SET_MERACQUIRERBIN = 2324; { merAcquirerBIN }
698 CRYPT_CERTINFO_SET_MERCHANTLANGUAGE = 2325; { merNames.language }
699 CRYPT_CERTINFO_SET_MERCHANTNAME = 2326; { merNames.name }
700 CRYPT_CERTINFO_SET_MERCHANTCITY = 2327; { merNames.city }
701 CRYPT_CERTINFO_SET_MERCHANTSTATEPROVINCE = 2328; { merNames.stateProvince }
702 CRYPT_CERTINFO_SET_MERCHANTPOSTALCODE = 2329; { merNames.postalCode }
703 CRYPT_CERTINFO_SET_MERCHANTCOUNTRYNAME = 2330; { merNames.countryName }
704 CRYPT_CERTINFO_SET_MERCOUNTRY = 2331; { merCountry }
705 CRYPT_CERTINFO_SET_MERAUTHFLAG = 2332; { merAuthFlag }
706
707 { 2 23 42 7 3 SET certCardRequired }
708 CRYPT_CERTINFO_SET_CERTCARDREQUIRED = 2333;
709
710 { 2 23 42 7 4 SET tunneling }
711 CRYPT_CERTINFO_SET_TUNNELING = 2334;
712 CRYPT_CERTINFO_SET_TUNNELLING = 2334; { = CRYPT_CERTINFO_SET_TUNNELING }
713 CRYPT_CERTINFO_SET_TUNNELINGFLAG = 2335; { tunneling }
714 CRYPT_CERTINFO_SET_TUNNELLINGFLAG = 2335; { = CRYPT_CERTINFO_SET_TUNNELINGFLAG }
715 CRYPT_CERTINFO_SET_TUNNELINGALGID = 2336; { tunnelingAlgID }
716 CRYPT_CERTINFO_SET_TUNNELLINGALGID = 2336; { = CRYPT_CERTINFO_SET_TUNNELINGALGID }
717
718 { S/MIME attributes }
719
720 { 1 2 840 113549 1 9 3 contentType }
721 CRYPT_CERTINFO_CMS_CONTENTTYPE = 2500;
722
723 { 1 2 840 113549 1 9 4 messageDigest }
724 CRYPT_CERTINFO_CMS_MESSAGEDIGEST = 2501;
725
726 { 1 2 840 113549 1 9 5 signingTime }
727 CRYPT_CERTINFO_CMS_SIGNINGTIME = 2502;
728
729 { 1 2 840 113549 1 9 6 counterSignature }
730 CRYPT_CERTINFO_CMS_COUNTERSIGNATURE = 2503; { counterSignature }
731
732 { 1 2 840 113549 1 9 13 signingDescription }
733 CRYPT_CERTINFO_CMS_SIGNINGDESCRIPTION = 2504;
734
735 { 1 2 840 113549 1 9 15 sMIMECapabilities }
736 CRYPT_CERTINFO_CMS_SMIMECAPABILITIES = 2505;
737 CRYPT_CERTINFO_CMS_SMIMECAP_3DES = 2506; { 3DES encryption }
738 CRYPT_CERTINFO_CMS_SMIMECAP_AES = 2507; { AES encryption }
739 CRYPT_CERTINFO_CMS_SMIMECAP_CAST128 = 2508; { CAST-128 encryption }
740 CRYPT_CERTINFO_CMS_SMIMECAP_IDEA = 2509; { IDEA encryption }
741 CRYPT_CERTINFO_CMS_SMIMECAP_RC2 = 2510; { RC2 encryption (w.128 key) }
742 CRYPT_CERTINFO_CMS_SMIMECAP_RC5 = 2511; { RC5 encryption (w.128 key) }
743 CRYPT_CERTINFO_CMS_SMIMECAP_SKIPJACK = 2512; { Skipjack encryption }
744 CRYPT_CERTINFO_CMS_SMIMECAP_DES = 2513; { DES encryption }
745 CRYPT_CERTINFO_CMS_SMIMECAP_PREFERSIGNEDDATA = 2514; { preferSignedData }
746 CRYPT_CERTINFO_CMS_SMIMECAP_CANNOTDECRYPTANY = 2515; { canNotDecryptAny }
747
748 { 1 2 840 113549 1 9 16 2 1 receiptRequest }
749 CRYPT_CERTINFO_CMS_RECEIPTREQUEST = 2516;
750 CRYPT_CERTINFO_CMS_RECEIPT_CONTENTIDENTIFIER = 2517; { contentIdentifier }
751 CRYPT_CERTINFO_CMS_RECEIPT_FROM = 2518; { receiptsFrom }
752 CRYPT_CERTINFO_CMS_RECEIPT_TO = 2519; { receiptsTo }
753
754 { 1 2 840 113549 1 9 16 2 2 essSecurityLabel }
755 CRYPT_CERTINFO_CMS_SECURITYLABEL = 2520;
756 CRYPT_CERTINFO_CMS_SECLABEL_CLASSIFICATION = 2521; { securityClassification }
757 CRYPT_CERTINFO_CMS_SECLABEL_POLICY = 2522; { securityPolicyIdentifier }
758 CRYPT_CERTINFO_CMS_SECLABEL_PRIVACYMARK = 2523; { privacyMark }
759 CRYPT_CERTINFO_CMS_SECLABEL_CATTYPE = 2524; { securityCategories.securityCategory.type }
760 CRYPT_CERTINFO_CMS_SECLABEL_CATVALUE = 2525; { securityCategories.securityCategory.value }
761
762 { 1 2 840 113549 1 9 16 2 3 mlExpansionHistory }
763 CRYPT_CERTINFO_CMS_MLEXPANSIONHISTORY = 2526;
764 CRYPT_CERTINFO_CMS_MLEXP_ENTITYIDENTIFIER = 2527; { mlData.mailListIdentifier.issuerAndSerialNumber }
765 CRYPT_CERTINFO_CMS_MLEXP_TIME = 2528; { mlData.expansionTime }
766 CRYPT_CERTINFO_CMS_MLEXP_NONE = 2529; { mlData.mlReceiptPolicy.none }
767 CRYPT_CERTINFO_CMS_MLEXP_INSTEADOF = 2530; { mlData.mlReceiptPolicy.insteadOf.generalNames.generalName }
768 CRYPT_CERTINFO_CMS_MLEXP_INADDITIONTO = 2531; { mlData.mlReceiptPolicy.inAdditionTo.generalNames.generalName }
769
770 { 1 2 840 113549 1 9 16 2 4 contentHints }
771 CRYPT_CERTINFO_CMS_CONTENTHINTS = 2532;
772 CRYPT_CERTINFO_CMS_CONTENTHINT_DESCRIPTION = 2533; { contentDescription }
773 CRYPT_CERTINFO_CMS_CONTENTHINT_TYPE = 2534; { contentType }
774
775 { 1 2 840 113549 1 9 16 2 9 equivalentLabels }
776 CRYPT_CERTINFO_CMS_EQUIVALENTLABEL = 2535;
777 CRYPT_CERTINFO_CMS_EQVLABEL_POLICY = 2536; { securityPolicyIdentifier }
778 CRYPT_CERTINFO_CMS_EQVLABEL_CLASSIFICATION = 2537; { securityClassification }
779 CRYPT_CERTINFO_CMS_EQVLABEL_PRIVACYMARK = 2538; { privacyMark }
780 CRYPT_CERTINFO_CMS_EQVLABEL_CATTYPE = 2539; { securityCategories.securityCategory.type }
781 CRYPT_CERTINFO_CMS_EQVLABEL_CATVALUE = 2540; { securityCategories.securityCategory.value }
782
783 { 1 2 840 113549 1 9 16 2 12 signingCertificate }
784 CRYPT_CERTINFO_CMS_SIGNINGCERTIFICATE = 2541;
785 CRYPT_CERTINFO_CMS_SIGNINGCERT_ESSCERTID = 2542; { certs.essCertID }
786 CRYPT_CERTINFO_CMS_SIGNINGCERT_POLICIES = 2543; { policies.policyInformation.policyIdentifier }
787
788 { 1 2 840 113549 1 9 16 2 15 signaturePolicyID }
789 CRYPT_CERTINFO_CMS_SIGNATUREPOLICYID = 2544;
790 CRYPT_CERTINFO_CMS_SIGPOLICYID = 2545; { sigPolicyID }
791 CRYPT_CERTINFO_CMS_SIGPOLICYHASH = 2546; { sigPolicyHash }
792 CRYPT_CERTINFO_CMS_SIGPOLICY_CPSURI = 2547; { sigPolicyQualifiers.sigPolicyQualifier.cPSuri }
793 CRYPT_CERTINFO_CMS_SIGPOLICY_ORGANIZATION = 2548;
794 { sigPolicyQualifiers.sigPolicyQualifier.userNotice.noticeRef.organization }
795 CRYPT_CERTINFO_CMS_SIGPOLICY_NOTICENUMBERS = 2549;
796 { sigPolicyQualifiers.sigPolicyQualifier.userNotice.noticeRef.noticeNumbers }
797 CRYPT_CERTINFO_CMS_SIGPOLICY_EXPLICITTEXT = 2550;
798 { sigPolicyQualifiers.sigPolicyQualifier.userNotice.explicitText }
799
800 { 1 2 840 113549 1 9 16 9 signatureTypeIdentifier }
801 CRYPT_CERTINFO_CMS_SIGTYPEIDENTIFIER = 2551;
802 CRYPT_CERTINFO_CMS_SIGTYPEID_ORIGINATORSIG = 2552; { originatorSig }
803 CRYPT_CERTINFO_CMS_SIGTYPEID_DOMAINSIG = 2553; { domainSig }
804 CRYPT_CERTINFO_CMS_SIGTYPEID_ADDITIONALATTRIBUTES = 2554; { additionalAttributesSig }
805 CRYPT_CERTINFO_CMS_SIGTYPEID_REVIEWSIG = 2555; { reviewSig }
806
807 { 1 2 840 113549 1 9 25 3 randomNonce }
808 CRYPT_CERTINFO_CMS_NONCE = 2556; { randomNonce }
809
810 { SCEP attributes:
811 2 16 840 1 113733 1 9 2 messageType
812 2 16 840 1 113733 1 9 3 pkiStatus
813 2 16 840 1 113733 1 9 4 failInfo
814 2 16 840 1 113733 1 9 5 senderNonce
815 2 16 840 1 113733 1 9 6 recipientNonce
816 2 16 840 1 113733 1 9 7 transID }
817 CRYPT_CERTINFO_SCEP_MESSAGETYPE = 2557; { messageType }
818 CRYPT_CERTINFO_SCEP_PKISTATUS = 2558; { pkiStatus }
819 CRYPT_CERTINFO_SCEP_FAILINFO = 2559; { failInfo }
820 CRYPT_CERTINFO_SCEP_SENDERNONCE = 2560; { senderNonce }
821 CRYPT_CERTINFO_SCEP_RECIPIENTNONCE = 2561; { recipientNonce }
822 CRYPT_CERTINFO_SCEP_TRANSACTIONID = 2562; { transID }
823
824 { 1 3 6 1 4 1 311 2 1 10 spcAgencyInfo }
825 CRYPT_CERTINFO_CMS_SPCAGENCYINFO = 2563;
826 CRYPT_CERTINFO_CMS_SPCAGENCYURL = 2564; { spcAgencyInfo.url }
827
828 { 1 3 6 1 4 1 311 2 1 11 spcStatementType }
829 CRYPT_CERTINFO_CMS_SPCSTATEMENTTYPE = 2565;
830 CRYPT_CERTINFO_CMS_SPCSTMT_INDIVIDUALCODESIGNING = 2566; { individualCodeSigning }
831 CRYPT_CERTINFO_CMS_SPCSTMT_COMMERCIALCODESIGNING = 2567; { commercialCodeSigning }
832
833 { 1 3 6 1 4 1 311 2 1 12 spcOpusInfo }
834 CRYPT_CERTINFO_CMS_SPCOPUSINFO = 2568;
835 CRYPT_CERTINFO_CMS_SPCOPUSINFO_NAME = 2569; { spcOpusInfo.name }
836 CRYPT_CERTINFO_CMS_SPCOPUSINFO_URL = 2570; { spcOpusInfo.url }
837
838 { Used internally }
839 CRYPT_CERTINFO_LAST = 2571; CRYPT_KEYINFO_FIRST = 3000;
840
841 {*******************}
842 { Keyset attributes }
843 {*******************}
844
845 CRYPT_KEYINFO_QUERY = 3001; { Keyset query }
846 CRYPT_KEYINFO_QUERY_REQUESTS = 3002; { Query of requests in cert store }
847
848 { Used internally }
849 CRYPT_KEYINFO_LAST = 3003; CRYPT_DEVINFO_FIRST = 4000;
850
851 {*******************}
852 { Device attributes }
853 {*******************}
854
855 CRYPT_DEVINFO_INITIALISE = 4001; { Initialise device for use }
856 CRYPT_DEVINFO_INITIALIZE = 4001; { = CRYPT_DEVINFO_INITIALISE }
857 CRYPT_DEVINFO_AUTHENT_USER = 4002; { Authenticate user to device }
858 CRYPT_DEVINFO_AUTHENT_SUPERVISOR = 4003; { Authenticate supervisor to dev.}
859 CRYPT_DEVINFO_SET_AUTHENT_USER = 4004; { Set user authent.value }
860 CRYPT_DEVINFO_SET_AUTHENT_SUPERVISOR = 4005; { Set supervisor auth.val.}
861 CRYPT_DEVINFO_ZEROISE = 4006; { Zeroise device }
862 CRYPT_DEVINFO_ZEROIZE = 4006; { = CRYPT_DEVINFO_ZEROISE }
863 CRYPT_DEVINFO_LOGGEDIN = 4007; { Whether user is logged in }
864 CRYPT_DEVINFO_LABEL = 4008; { Device/token label }
865
866 { Used internally }
867 CRYPT_DEVINFO_LAST = 4009; CRYPT_ENVINFO_FIRST = 5000;
868
869 {*********************}
870 { Envelope attributes }
871 {*********************}
872
873 { Pseudo-information on an envelope or meta-information which is used to
874 control the way that data in an envelope is processed }
875 CRYPT_ENVINFO_DATASIZE = 5001; { Data size information }
876 CRYPT_ENVINFO_COMPRESSION = 5002; { Compression information }
877 CRYPT_ENVINFO_CONTENTTYPE = 5003; { Inner CMS content type }
878 CRYPT_ENVINFO_DETACHEDSIGNATURE = 5004; { Generate CMS detached signature }
879 CRYPT_ENVINFO_SIGNATURE_RESULT = 5005; { Signature check result }
880 CRYPT_ENVINFO_MAC = 5006; { Use MAC instead of encrypting }
881
882 { Resources required for enveloping/deenveloping }
883 CRYPT_ENVINFO_PASSWORD = 5007; { User password }
884 CRYPT_ENVINFO_KEY = 5008; { Conventional encryption key }
885 CRYPT_ENVINFO_SIGNATURE = 5009; { Signature/signature check key }
886 CRYPT_ENVINFO_SIGNATURE_EXTRADATA = 5010; { Extra information added to CMS sigs }
887 CRYPT_ENVINFO_RECIPIENT = 5011; { Recipient email address }
888 CRYPT_ENVINFO_PUBLICKEY = 5012; { PKC encryption key }
889 CRYPT_ENVINFO_PRIVATEKEY = 5013; { PKC decryption key }
890 CRYPT_ENVINFO_PRIVATEKEY_LABEL = 5014; { Label of PKC decryption key }
891 CRYPT_ENVINFO_ORIGINATOR = 5015; { Originator info/key }
892 CRYPT_ENVINFO_SESSIONKEY = 5016; { Session key }
893 CRYPT_ENVINFO_HASH = 5017; { Hash value }
894 CRYPT_ENVINFO_TIMESTAMP = 5018; { Timestamp information }
895
896 { Keysets used to retrieve keys needed for enveloping/deenveloping }
897 CRYPT_ENVINFO_KEYSET_SIGCHECK = 5019; { Signature check keyset }
898 CRYPT_ENVINFO_KEYSET_ENCRYPT = 5020; { PKC encryption keyset }
899 CRYPT_ENVINFO_KEYSET_DECRYPT = 5021; { PKC decryption keyset }
900
901 { Used internally }
902 CRYPT_ENVINFO_LAST = 5022; CRYPT_SESSINFO_FIRST = 6000;
903
904 {********************}
905 { Session attributes }
906 {********************}
907
908 { Pseudo-information on a session or meta-information which is used to
909 control the way that a session is managed }
910
911 { Pseudo-information about the session }
912 CRYPT_SESSINFO_ACTIVE = 6001; { Whether session is active }
913 CRYPT_SESSINFO_CONNECTIONACTIVE = 6002; { Whether network connection is active }
914
915 { Security-related information }
916 CRYPT_SESSINFO_USERNAME = 6003; { User name }
917 CRYPT_SESSINFO_PASSWORD = 6004; { Password }
918 CRYPT_SESSINFO_PRIVATEKEY = 6005; { Server/client private key }
919 CRYPT_SESSINFO_KEYSET = 6006; { Certificate store }
920 CRYPT_SESSINFO_AUTHRESPONSE = 6007; { Session authorisation OK }
921
922 { Client/server information }
923 CRYPT_SESSINFO_SERVER_NAME = 6008; { Server name }
924 CRYPT_SESSINFO_SERVER_PORT = 6009; { Server port number }
925 CRYPT_SESSINFO_SERVER_FINGERPRINT = 6010; { Server key fingerprint }
926 CRYPT_SESSINFO_CLIENT_NAME = 6011; { Client name }
927 CRYPT_SESSINFO_CLIENT_PORT = 6012; { Client port number }
928 CRYPT_SESSINFO_SESSION = 6013; { Transport mechanism }
929 CRYPT_SESSINFO_NETWORKSOCKET = 6014; { User-supplied network socket }
930
931 { Generic protocol-related information }
932 CRYPT_SESSINFO_VERSION = 6015; { Protocol version }
933 CRYPT_SESSINFO_REQUEST = 6016; { Cert.request object }
934 CRYPT_SESSINFO_RESPONSE = 6017; { Cert.response object }
935 CRYPT_SESSINFO_CACERTIFICATE = 6018; { Issuing CA certificate }
936
937 { Protocol-specific information }
938 CRYPT_SESSINFO_TSP_MSGIMPRINT = 6019; { TSP message imprint }
939 CRYPT_SESSINFO_CMP_REQUESTTYPE = 6020; { Request type }
940 CRYPT_SESSINFO_CMP_PKIBOOT = 6021; { Enable PKIBoot facility }
941 CRYPT_SESSINFO_CMP_PRIVKEYSET = 6022; { Private-key keyset }
942 CRYPT_SESSINFO_SSH_CHANNEL = 6023; { SSH current channel }
943 CRYPT_SESSINFO_SSH_CHANNEL_TYPE = 6024; { SSH channel type }
944 CRYPT_SESSINFO_SSH_CHANNEL_ARG1 = 6025; { SSH channel argument 1 }
945 CRYPT_SESSINFO_SSH_CHANNEL_ARG2 = 6026; { SSH channel argument 2 }
946 CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE = 6027; { SSH channel active }
947
948 { Used internally }
949 CRYPT_SESSINFO_LAST = 6028; CRYPT_USERINFO_FIRST = 7000;
950
951 {********************}
952 { User attributes }
953 {********************}
954
955 { Security-related information }
956 CRYPT_USERINFO_PASSWORD = 7001; { Password }
957
958 { User role-related information }
959 CRYPT_USERINFO_CAKEY_CERTSIGN = 7002; { CA cert signing key }
960 CRYPT_USERINFO_CAKEY_CRLSIGN = 7003; { CA CRL signing key }
961 CRYPT_USERINFO_CAKEY_RTCSSIGN = 7004; { CA RTCS signing key }
962 CRYPT_USERINFO_CAKEY_OCSPSIGN = 7005; { CA OCSP signing key }
963
964 { Used internally for range checking }
965 CRYPT_USERINFO_LAST = 7006; CRYPT_ATTRIBUTE_LAST = 7006; { = CRYPT_USERINFO_LAST }
966
967
968
969
970
971{****************************************************************************
972* *
973* Attribute Subtypes and Related Values *
974* *
975****************************************************************************}
976
977{ Flags for the X.509 keyUsage extension }
978
979 CRYPT_KEYUSAGE_NONE = $000;
980 CRYPT_KEYUSAGE_DIGITALSIGNATURE = $001;
981 CRYPT_KEYUSAGE_NONREPUDIATION = $002;
982 CRYPT_KEYUSAGE_KEYENCIPHERMENT = $004;
983 CRYPT_KEYUSAGE_DATAENCIPHERMENT = $008;
984 CRYPT_KEYUSAGE_KEYAGREEMENT = $010;
985 CRYPT_KEYUSAGE_KEYCERTSIGN = $020;
986 CRYPT_KEYUSAGE_CRLSIGN = $040;
987 CRYPT_KEYUSAGE_ENCIPHERONLY = $080;
988 CRYPT_KEYUSAGE_DECIPHERONLY = $100;
989 CRYPT_KEYUSAGE_LAST = $200; { Last possible value }
990
991{ X.509 cRLReason and cryptlib cRLExtReason codes }
992
993
994 CRYPT_CRLREASON_UNSPECIFIED = 0;
995 CRYPT_CRLREASON_KEYCOMPROMISE = 1;
996 CRYPT_CRLREASON_CACOMPROMISE = 2;
997 CRYPT_CRLREASON_AFFILIATIONCHANGED = 3;
998 CRYPT_CRLREASON_SUPERSEDED = 4;
999 CRYPT_CRLREASON_CESSATIONOFOPERATION = 5;
1000 CRYPT_CRLREASON_CERTIFICATEHOLD = 6;
1001 CRYPT_CRLREASON_REMOVEFROMCRL = 8;
1002 CRYPT_CRLREASON_PRIVILEGEWITHDRAWN = 9;
1003 CRYPT_CRLREASON_AACOMPROMISE = 10;
1004 CRYPT_CRLREASON_LAST = 11;
1005 { End of standard CRL reasons }
1006 CRYPT_CRLREASON_NEVERVALID = 20;
1007 CRYPT_CRLEXTREASON_LAST = 21;
1008
1009
1010
1011{ X.509 CRL reason flags. These identify the same thing as the cRLReason
1012 codes but allow for multiple reasons to be specified. Note that these
1013 don't follow the X.509 naming since in that scheme the enumerated types
1014 and bitflags have the same names }
1015
1016 CRYPT_CRLREASONFLAG_UNUSED = $001;
1017 CRYPT_CRLREASONFLAG_KEYCOMPROMISE = $002;
1018 CRYPT_CRLREASONFLAG_CACOMPROMISE = $004;
1019 CRYPT_CRLREASONFLAG_AFFILIATIONCHANGED = $008;
1020 CRYPT_CRLREASONFLAG_SUPERSEDED = $010;
1021 CRYPT_CRLREASONFLAG_CESSATIONOFOPERATION = $020;
1022 CRYPT_CRLREASONFLAG_CERTIFICATEHOLD = $040;
1023 CRYPT_CRLREASONFLAG_LAST = $080; { Last poss.value }
1024
1025{ X.509 CRL holdInstruction codes }
1026
1027
1028 CRYPT_HOLDINSTRUCTION_NONE = 0;
1029 CRYPT_HOLDINSTRUCTION_CALLISSUER = 1;
1030 CRYPT_HOLDINSTRUCTION_REJECT = 2;
1031 CRYPT_HOLDINSTRUCTION_PICKUPTOKEN = 3;
1032 CRYPT_HOLDINSTRUCTION_LAST = 4;
1033
1034
1035
1036{ Certificate checking compliance levels }
1037
1038
1039 CRYPT_COMPLIANCELEVEL_OBLIVIOUS = 0;
1040 CRYPT_COMPLIANCELEVEL_REDUCED = 1;
1041 CRYPT_COMPLIANCELEVEL_STANDARD = 2;
1042 CRYPT_COMPLIANCELEVEL_PKIX_PARTIAL = 3;
1043 CRYPT_COMPLIANCELEVEL_PKIX_FULL = 4;
1044 CRYPT_COMPLIANCELEVEL_LAST = 5;
1045
1046
1047
1048{ Flags for the Netscape netscape-cert-type extension }
1049
1050 CRYPT_NS_CERTTYPE_SSLCLIENT = $001;
1051 CRYPT_NS_CERTTYPE_SSLSERVER = $002;
1052 CRYPT_NS_CERTTYPE_SMIME = $004;
1053 CRYPT_NS_CERTTYPE_OBJECTSIGNING = $008;
1054 CRYPT_NS_CERTTYPE_RESERVED = $010;
1055 CRYPT_NS_CERTTYPE_SSLCA = $020;
1056 CRYPT_NS_CERTTYPE_SMIMECA = $040;
1057 CRYPT_NS_CERTTYPE_OBJECTSIGNINGCA = $080;
1058 CRYPT_NS_CERTTYPE_LAST = $100; { Last possible value }
1059
1060{ Flags for the SET certificate-type extension }
1061
1062 CRYPT_SET_CERTTYPE_CARD = $001;
1063 CRYPT_SET_CERTTYPE_MER = $002;
1064 CRYPT_SET_CERTTYPE_PGWY = $004;
1065 CRYPT_SET_CERTTYPE_CCA = $008;
1066 CRYPT_SET_CERTTYPE_MCA = $010;
1067 CRYPT_SET_CERTTYPE_PCA = $020;
1068 CRYPT_SET_CERTTYPE_GCA = $040;
1069 CRYPT_SET_CERTTYPE_BCA = $080;
1070 CRYPT_SET_CERTTYPE_RCA = $100;
1071 CRYPT_SET_CERTTYPE_ACQ = $200;
1072 CRYPT_SET_CERTTYPE_LAST = $400; { Last possible value }
1073
1074{ CMS contentType values }
1075
1076
1077type
1078 CRYPT_CONTENT_TYPE = ( CRYPT_CONTENT_NONE, CRYPT_CONTENT_DATA,
1079 CRYPT_CONTENT_SIGNEDDATA, CRYPT_CONTENT_ENVELOPEDDATA,
1080 CRYPT_CONTENT_SIGNEDANDENVELOPEDDATA,
1081 CRYPT_CONTENT_DIGESTEDDATA, CRYPT_CONTENT_ENCRYPTEDDATA,
1082 CRYPT_CONTENT_COMPRESSEDDATA, CRYPT_CONTENT_TSTINFO,
1083 CRYPT_CONTENT_SPCINDIRECTDATACONTEXT,
1084 CRYPT_CONTENT_RTCSREQUEST, CRYPT_CONTENT_RTCSRESPONSE,
1085 CRYPT_CONTENT_RTCSRESPONSE_EXT, CRYPT_CONTENT_LAST
1086
1087 );
1088
1089{ ESS securityClassification codes }
1090
1091
1092
1093const
1094 CRYPT_CLASSIFICATION_UNMARKED = 0;
1095 CRYPT_CLASSIFICATION_UNCLASSIFIED = 1;
1096 CRYPT_CLASSIFICATION_RESTRICTED = 2;
1097 CRYPT_CLASSIFICATION_CONFIDENTIAL = 3;
1098 CRYPT_CLASSIFICATION_SECRET = 4;
1099 CRYPT_CLASSIFICATION_TOP_SECRET = 5;
1100 CRYPT_CLASSIFICATION_LAST = 255 ;
1101
1102
1103
1104{ RTCS certificate status }
1105
1106
1107 CRYPT_CERTSTATUS_VALID = 0;
1108 CRYPT_CERTSTATUS_NOTVALID = 1;
1109 CRYPT_CERTSTATUS_NONAUTHORITATIVE = 2;
1110 CRYPT_CERTSTATUS_UNKNOWN = 3;
1111
1112
1113
1114{ OCSP revocation status }
1115
1116
1117 CRYPT_OCSPSTATUS_NOTREVOKED = 0;
1118 CRYPT_OCSPSTATUS_REVOKED = 1;
1119 CRYPT_OCSPSTATUS_UNKNOWN = 2;
1120
1121
1122
1123{ The amount of detail to include in signatures when signing certificate
1124 objects }
1125
1126
1127type
1128 CRYPT_SIGNATURELEVEL_TYPE = (
1129 CRYPT_SIGNATURELEVEL_NONE, { Include only signature }
1130 CRYPT_SIGNATURELEVEL_SIGNERCERT,{ Include signer cert }
1131 CRYPT_SIGNATURELEVEL_ALL, { Include all relevant info }
1132 CRYPT_SIGNATURELEVEL_LAST { Last possible sig.level type }
1133
1134 );
1135
1136{ The certificate export format type, which defines the format in which a
1137 certificate object is exported }
1138
1139 CRYPT_CERTFORMAT_TYPE = (
1140 CRYPT_CERTFORMAT_NONE, { No certificate format }
1141 CRYPT_CERTFORMAT_CERTIFICATE, { DER-encoded certificate }
1142 CRYPT_CERTFORMAT_CERTCHAIN, { PKCS #7 certificate chain }
1143 CRYPT_CERTFORMAT_TEXT_CERTIFICATE, { base-64 wrapped cert }
1144 CRYPT_CERTFORMAT_TEXT_CERTCHAIN, { base-64 wrapped cert chain }
1145 CRYPT_CERTFORMAT_XML_CERTIFICATE, { XML wrapped cert }
1146 CRYPT_CERTFORMAT_XML_CERTCHAIN, { XML wrapped cert chain }
1147 CRYPT_CERTFORMAT_LAST { Last possible cert.format type }
1148
1149 );
1150
1151{ CMP request types }
1152
1153 CRYPT_REQUESTTYPE_TYPE = (
1154 CRYPT_REQUESTTYPE_NONE, { No request type }
1155 CRYPT_REQUESTTYPE_INITIALISATION, { Initialisation request }
1156 CRYPT_REQUESTTYPE_CERTIFICATE, { Certification request }
1157 CRYPT_REQUESTTYPE_KEYUPDATE, { Key update request }
1158 CRYPT_REQUESTTYPE_REVOCATION, { Cert revocation request }
1159 CRYPT_REQUESTTYPE_PKIBOOT, { PKIBoot request }
1160 CRYPT_REQUESTTYPE_LAST { Last possible request type }
1161
1162 );
1163
1164const
1165 CRYPT_REQUESTTYPE_INITIALIZATION: CRYPT_REQUESTTYPE_TYPE = CRYPT_REQUESTTYPE_INITIALISATION;
1166
1167{ Key ID types }
1168
1169
1170type
1171 CRYPT_KEYID_TYPE = (
1172 CRYPT_KEYID_NONE, { No key ID type }
1173 CRYPT_KEYID_NAME, { Key owner name }
1174 CRYPT_KEYID_URI, { Key owner URI } { Synonym: owner email addr.}
1175 CRYPT_KEYID_LAST { Last possible key ID type }
1176
1177 );
1178
1179const
1180 CRYPT_KEYID_EMAIL: CRYPT_KEYID_TYPE = CRYPT_KEYID_URI;
1181
1182{ The encryption object types }
1183
1184
1185type
1186 CRYPT_OBJECT_TYPE = (
1187 CRYPT_OBJECT_NONE, { No object type }
1188 CRYPT_OBJECT_ENCRYPTED_KEY, { Conventionally encrypted key }
1189 CRYPT_OBJECT_PKCENCRYPTED_KEY, { PKC-encrypted key }
1190 CRYPT_OBJECT_KEYAGREEMENT, { Key agreement information }
1191 CRYPT_OBJECT_SIGNATURE, { Signature }
1192 CRYPT_OBJECT_LAST { Last possible object type }
1193
1194 );
1195
1196{ Object/attribute error type information }
1197
1198 CRYPT_ERRTYPE_TYPE = (
1199 CRYPT_ERRTYPE_NONE, { No error information }
1200 CRYPT_ERRTYPE_ATTR_SIZE, { Attribute data too small or large }
1201 CRYPT_ERRTYPE_ATTR_VALUE, { Attribute value is invalid }
1202 CRYPT_ERRTYPE_ATTR_ABSENT, { Required attribute missing }
1203 CRYPT_ERRTYPE_ATTR_PRESENT, { Non-allowed attribute present }
1204 CRYPT_ERRTYPE_CONSTRAINT, { Cert: Constraint violation in object }
1205 CRYPT_ERRTYPE_ISSUERCONSTRAINT, { Cert: Constraint viol.in issuing cert }
1206 CRYPT_ERRTYPE_LAST { Last possible error info type }
1207
1208 );
1209
1210{ Cert store management action type }
1211
1212 CRYPT_CERTACTION_TYPE = (
1213 CRYPT_CERTACTION_NONE, { No cert management action }
1214 CRYPT_CERTACTION_CREATE, { Create cert store }
1215 CRYPT_CERTACTION_CONNECT, { Connect to cert store }
1216 CRYPT_CERTACTION_DISCONNECT, { Disconnect from cert store }
1217 CRYPT_CERTACTION_ERROR, { Error information }
1218 CRYPT_CERTACTION_ADDUSER, { Add PKI user }
1219 CRYPT_CERTACTION_DELETEUSER, { Delete PKI user }
1220 CRYPT_CERTACTION_REQUEST_CERT, { Cert request }
1221 CRYPT_CERTACTION_REQUEST_RENEWAL,{ Cert renewal request }
1222 CRYPT_CERTACTION_REQUEST_REVOCATION,{ Cert revocation request }
1223 CRYPT_CERTACTION_CERT_CREATION, { Cert creation }
1224 CRYPT_CERTACTION_CERT_CREATION_COMPLETE,{ Confirmation of cert creation }
1225 CRYPT_CERTACTION_CERT_CREATION_DROP, { Cancellation of cert creation }
1226 CRYPT_CERTACTION_CERT_CREATION_REVERSE, { Cancel of creation w.revocation }
1227 CRYPT_CERTACTION_RESTART_CLEANUP, { Delete reqs after restart }
1228 CRYPT_CERTACTION_RESTART_REVOKE_CERT, { Complete revocation after restart }
1229 CRYPT_CERTACTION_ISSUE_CERT, { Cert issue }
1230 CRYPT_CERTACTION_ISSUE_CRL, { CRL issue }
1231 CRYPT_CERTACTION_REVOKE_CERT, { Cert revocation }
1232 CRYPT_CERTACTION_EXPIRE_CERT, { Cert expiry }
1233 CRYPT_CERTACTION_CLEANUP, { Clean up on restart }
1234 CRYPT_CERTACTION_LAST { Last possible cert store log action }
1235
1236 );
1237
1238{****************************************************************************
1239* *
1240* General Constants *
1241* *
1242****************************************************************************}
1243
1244{ The maximum user key size - 2048 bits }
1245
1246
1247const
1248 CRYPT_MAX_KEYSIZE = 256;
1249
1250{ The maximum IV size - 256 bits }
1251
1252 CRYPT_MAX_IVSIZE = 32;
1253
1254{ The maximum public-key component size - 4096 bits }
1255
1256 CRYPT_MAX_PKCSIZE = 512;
1257
1258{ The maximum hash size - 256 bits }
1259
1260 CRYPT_MAX_HASHSIZE = 32;
1261
1262{ The maximum size of a text string (e.g.key owner name) }
1263
1264 CRYPT_MAX_TEXTSIZE = 64;
1265
1266{ A magic value indicating that the default setting for this parameter
1267 should be used }
1268
1269 CRYPT_USE_DEFAULT = -10;
1270
1271{ A magic value for unused parameters }
1272
1273 CRYPT_UNUSED = -11;
1274
1275{ Whether the PKC key is a public or private key }
1276
1277 CRYPT_KEYTYPE_PRIVATE = 0;
1278 CRYPT_KEYTYPE_PUBLIC = 1;
1279
1280{ The type of information polling to perform to get random seed information }
1281
1282 CRYPT_RANDOM_FASTPOLL = -10;
1283 CRYPT_RANDOM_SLOWPOLL = -11;
1284
1285{ Cursor positioning codes for certificate/CRL extensions }
1286
1287 CRYPT_CURSOR_FIRST = -20;
1288 CRYPT_CURSOR_PREVIOUS = -21;
1289 CRYPT_CURSOR_NEXT = -22;
1290 CRYPT_CURSOR_LAST = -23;
1291
1292{ Keyset open options }
1293
1294
1295type
1296 CRYPT_KEYOPT_TYPE = (
1297 CRYPT_KEYOPT_NONE, { No options }
1298 CRYPT_KEYOPT_READONLY, { Open keyset in read-only mode }
1299 CRYPT_KEYOPT_CREATE, { Create a new keyset }
1300 CRYPT_KEYOPT_LAST { Last possible key option type }
1301
1302 );
1303
1304{ The various cryptlib objects - these are just integer handles }
1305
1306 CRYPT_CERTIFICATE = Integer;
1307 CRYPT_CONTEXT = Integer;
1308 CRYPT_DEVICE = Integer;
1309 CRYPT_ENVELOPE = Integer;
1310 CRYPT_KEYSET = Integer;
1311 CRYPT_SESSION = Integer;
1312 CRYPT_USER = Integer;
1313
1314{ Sometimes we don't know the exact type of a cryptlib object, so we use a
1315 generic handle type to identify it }
1316
1317 CRYPT_HANDLE = Integer;
1318
1319{****************************************************************************
1320* *
1321* Encryption Data Structures *
1322* *
1323****************************************************************************}
1324
1325{ Results returned from the capability query }
1326
1327 CRYPT_QUERY_INFO = record
1328 { Algorithm information }
1329 algoName: array[0 .. CRYPT_MAX_TEXTSIZE-1] of char;{ Algorithm name }
1330 blockSize: Integer; { Block size of the algorithm }
1331 minKeySize: Integer; { Minimum key size in bytes }
1332 keySize: Integer; { Recommended key size in bytes }
1333 maxKeySize: Integer; { Maximum key size in bytes }
1334
1335
1336 end;
1337
1338{ Results returned from the encoded object query. These provide
1339 information on the objects created by cryptExportKey()/
1340 cryptCreateSignature() }
1341
1342 CRYPT_OBJECT_INFO = record
1343 { The object type }
1344 objectType: CRYPT_OBJECT_TYPE;
1345
1346 { The encryption algorithm and mode }
1347 cryptAlgo: CRYPT_ALGO_TYPE;
1348 cryptMode: CRYPT_MODE_TYPE;
1349
1350 { The hash algorithm for Signature objects }
1351 hashAlgo: CRYPT_ALGO_TYPE;
1352
1353 { The salt for derived keys }
1354 salt: array[0 .. CRYPT_MAX_HASHSIZE-1] of byte;
1355 saltSize: Integer;
1356
1357
1358 end;
1359
1360{ Key information for the public-key encryption algorithms. These fields
1361 are not accessed directly, but can be manipulated with the init/set/
1362 destroyComponents() macros }
1363
1364 CRYPT_PKCINFO_RSA = record
1365 { Status information }
1366 isPublicKey: Integer; { Whether this is a public or private key }
1367
1368 { Public components }
1369 n: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Modulus }
1370 nLen: Integer; { Length of modulus in bits }
1371 e: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Public exponent }
1372 eLen: Integer; { Length of public exponent in bits }
1373
1374 { Private components }
1375 d: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Private exponent }
1376 dLen: Integer; { Length of private exponent in bits }
1377 p: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Prime factor 1 }
1378 pLen: Integer; { Length of prime factor 1 in bits }
1379 q: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Prime factor 2 }
1380 qLen: Integer; { Length of prime factor 2 in bits }
1381 u: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Mult.inverse of q, mod p }
1382 uLen: Integer; { Length of private exponent in bits }
1383 e1: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Private exponent 1 (PKCS) }
1384 e1Len: Integer; { Length of private exponent in bits }
1385 e2: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Private exponent 2 (PKCS) }
1386 e2Len: Integer; { Length of private exponent in bits }
1387
1388
1389 end;
1390
1391 CRYPT_PKCINFO_DLP = record
1392 { Status information }
1393 isPublicKey: Integer; { Whether this is a public or private key }
1394
1395 { Public components }
1396 p: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Prime modulus }
1397 pLen: Integer; { Length of prime modulus in bits }
1398 q: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Prime divisor }
1399 qLen: Integer; { Length of prime divisor in bits }
1400 g: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { h^( ( p - 1 ) / q ) mod p }
1401 gLen: Integer; { Length of g in bits }
1402 y: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Public random integer }
1403 yLen: Integer; { Length of public integer in bits }
1404
1405 { Private components }
1406 x: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Private random integer }
1407 xLen: Integer; { Length of private integer in bits }
1408
1409
1410 end;
1411
1412{ Macros to initialise and destroy the structure that stores the components
1413 of a public key }
1414{ C-macro not translated to Delphi code:
1415 #define cryptInitComponents( componentInfo, componentKeyType )
1416 < memset( ( componentInfo ), 0, sizeof( *componentInfo ) );
1417 ( componentInfo )->isPublicKey = ( ( componentKeyType ) ? 1 : 0 ); > }
1418
1419{ C-macro not translated to Delphi code:
1420 #define cryptDestroyComponents( componentInfo )
1421 memset( ( componentInfo ), 0, sizeof( *componentInfo ) ) }
1422
1423{ Macros to set a component of a public key }
1424
1425{ C-macro not translated to Delphi code:
1426 #define cryptSetComponent( destination, source, length )
1427 < memcpy( ( destination ), ( source ), ( ( length ) + 7 ) >> 3 );
1428 ( destination##Len ) = length; > }
1429
1430{****************************************************************************
1431* *
1432* Status Codes *
1433* *
1434****************************************************************************}
1435
1436{ No error in function call }
1437
1438
1439const
1440 CRYPT_OK = 0; { No error }
1441
1442{ Error in parameters passed to function }
1443
1444 CRYPT_ERROR_PARAM1 = -1; { Bad argument, parameter 1 }
1445 CRYPT_ERROR_PARAM2 = -2; { Bad argument, parameter 2 }
1446 CRYPT_ERROR_PARAM3 = -3; { Bad argument, parameter 3 }
1447 CRYPT_ERROR_PARAM4 = -4; { Bad argument, parameter 4 }
1448 CRYPT_ERROR_PARAM5 = -5; { Bad argument, parameter 5 }
1449 CRYPT_ERROR_PARAM6 = -6; { Bad argument, parameter 6 }
1450 CRYPT_ERROR_PARAM7 = -7; { Bad argument, parameter 7 }
1451
1452{ Errors due to insufficient resources }
1453
1454 CRYPT_ERROR_MEMORY = -10; { Out of memory }
1455 CRYPT_ERROR_NOTINITED = -11; { Data has not been initialised }
1456 CRYPT_ERROR_INITED = -12; { Data has already been init'd }
1457 CRYPT_ERROR_NOSECURE = -13; { Opn.not avail.at requested sec.level }
1458 CRYPT_ERROR_RANDOM = -14; { No reliable random data available }
1459 CRYPT_ERROR_FAILED = -15; { Operation failed }
1460
1461{ Security violations }
1462
1463 CRYPT_ERROR_NOTAVAIL = -20; { This type of opn.not available }
1464 CRYPT_ERROR_PERMISSION = -21; { No permiss.to perform this operation }
1465 CRYPT_ERROR_WRONGKEY = -22; { Incorrect key used to decrypt data }
1466 CRYPT_ERROR_INCOMPLETE = -23; { Operation incomplete/still in progress }
1467 CRYPT_ERROR_COMPLETE = -24; { Operation complete/can't continue }
1468 CRYPT_ERROR_TIMEOUT = -25; { Operation timed out before completion }
1469 CRYPT_ERROR_INVALID = -26; { Invalid/inconsistent information }
1470 CRYPT_ERROR_SIGNALLED = -27; { Resource destroyed by extnl.event }
1471
1472{ High-level function errors }
1473
1474 CRYPT_ERROR_OVERFLOW = -30; { Resources/space exhausted }
1475 CRYPT_ERROR_UNDERFLOW = -31; { Not enough data available }
1476 CRYPT_ERROR_BADDATA = -32; { Bad/unrecognised data format }
1477 CRYPT_ERROR_SIGNATURE = -33; { Signature/integrity check failed }
1478
1479{ Data access function errors }
1480
1481 CRYPT_ERROR_OPEN = -40; { Cannot open object }
1482 CRYPT_ERROR_READ = -41; { Cannot read item from object }
1483 CRYPT_ERROR_WRITE = -42; { Cannot write item to object }
1484 CRYPT_ERROR_NOTFOUND = -43; { Requested item not found in object }
1485 CRYPT_ERROR_DUPLICATE = -44; { Item already present in object }
1486
1487{ Data enveloping errors }
1488
1489 CRYPT_ENVELOPE_RESOURCE = -50; { Need resource to proceed }
1490
1491{ Macros to examine return values }
1492
1493{ C-macro not translated to Delphi code:
1494 #define cryptStatusError( status ) ( ( status ) < CRYPT_OK ) }
1495{ C-macro not translated to Delphi code:
1496 #define cryptStatusOK( status ) ( ( status ) == CRYPT_OK ) }
1497
1498{****************************************************************************
1499* *
1500* General Functions *
1501* *
1502****************************************************************************}
1503
1504{ The following is necessary to stop C++ name mangling }
1505
1506
1507{ Initialise and shut down cryptlib }
1508
1509function cryptInit: Integer;
1510{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1511
1512
1513function cryptEnd: Integer;
1514{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1515
1516
1517
1518{ Query cryptlibs capabilities }
1519
1520function cryptQueryCapability( const cryptAlgo: CRYPT_ALGO_TYPE;
1521 var cryptQueryInfo: CRYPT_QUERY_INFO ): Integer;
1522{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1523
1524
1525{ Create and destroy an encryption context }
1526
1527function cryptCreateContext( var cryptContext: CRYPT_CONTEXT;
1528 const cryptUser: CRYPT_USER;
1529 const cryptAlgo: CRYPT_ALGO_TYPE ): Integer;
1530{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1531
1532function cryptDestroyContext( const cryptContext: CRYPT_CONTEXT ): Integer;
1533{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1534
1535
1536{ Generic "destroy an object" function }
1537
1538function cryptDestroyObject( const cryptObject: CRYPT_HANDLE ): Integer;
1539{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1540
1541
1542{ Generate a key into a context }
1543
1544function cryptGenerateKey( const cryptContext: CRYPT_CONTEXT ): Integer;
1545{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1546
1547function cryptGenerateKeyAsync( const cryptContext: CRYPT_CONTEXT ): Integer;
1548{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1549
1550function cryptAsyncQuery( const cryptObject: CRYPT_HANDLE ): Integer;
1551{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1552
1553function cryptAsyncCancel( const cryptObject: CRYPT_HANDLE ): Integer;
1554{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1555
1556
1557{ Encrypt/decrypt/hash a block of memory }
1558
1559function cryptEncrypt( const cryptContext: CRYPT_CONTEXT;
1560 buffer: Pointer;
1561 const length: Integer ): Integer;
1562{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1563
1564function cryptDecrypt( const cryptContext: CRYPT_CONTEXT;
1565 buffer: Pointer;
1566 const length: Integer ): Integer;
1567{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1568
1569
1570{ Get/set/delete attribute functions }
1571
1572function cryptSetAttribute( const cryptHandle: CRYPT_HANDLE;
1573 const attributeType: CRYPT_ATTRIBUTE_TYPE;
1574 const value: Integer ): Integer;
1575{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1576
1577function cryptSetAttributeString( const cryptHandle: CRYPT_HANDLE;
1578 const attributeType: CRYPT_ATTRIBUTE_TYPE;
1579 const value: Pointer;
1580 const valueLength: Integer ): Integer;
1581{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1582
1583function cryptGetAttribute( const cryptHandle: CRYPT_HANDLE;
1584 const attributeType: CRYPT_ATTRIBUTE_TYPE;
1585 var value: Integer ): Integer;
1586{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1587
1588function cryptGetAttributeString( const cryptHandle: CRYPT_HANDLE;
1589 const attributeType: CRYPT_ATTRIBUTE_TYPE;
1590 value: Pointer;
1591 var valueLength: Integer ): Integer;
1592{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1593
1594function cryptDeleteAttribute( const cryptHandle: CRYPT_HANDLE;
1595 const attributeType: CRYPT_ATTRIBUTE_TYPE ): Integer;
1596{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1597
1598
1599{ Oddball functions: Add random data to the pool, query an encoded signature
1600 or key data. These are due to be replaced once a suitable alternative can
1601 be found }
1602
1603function cryptAddRandom( const randomData: Pointer;
1604 const randomDataLength: Integer ): Integer;
1605{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1606
1607function cryptQueryObject( const objectData: Pointer;
1608 const objectDataLength: Integer;
1609 var cryptObjectInfo: CRYPT_OBJECT_INFO ): Integer;
1610{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1611
1612
1613{****************************************************************************
1614* *
1615* Mid-level Encryption Functions *
1616* *
1617****************************************************************************}
1618
1619{ Export and import an encrypted session key }
1620
1621function cryptExportKey( encryptedKey: Pointer;
1622 const encryptedKeyMaxLength: Integer;
1623 var encryptedKeyLength: Integer;
1624 const exportKey: CRYPT_HANDLE;
1625 const sessionKeyContext: CRYPT_CONTEXT ): Integer;
1626{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1627
1628function cryptExportKeyEx( encryptedKey: Pointer;
1629 const encryptedKeyMaxLength: Integer;
1630 var encryptedKeyLength: Integer;
1631 const formatType: CRYPT_FORMAT_TYPE;
1632 const exportKey: CRYPT_HANDLE;
1633 const sessionKeyContext: CRYPT_CONTEXT ): Integer;
1634{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1635
1636function cryptImportKey( const encryptedKey: Pointer;
1637 const encryptedKeyLength: Integer;
1638 const importKey: CRYPT_CONTEXT;
1639 const sessionKeyContext: CRYPT_CONTEXT ): Integer;
1640{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1641
1642function cryptImportKeyEx( const encryptedKey: Pointer;
1643 const encryptedKeyLength: Integer;
1644 const importKey: CRYPT_CONTEXT;
1645 const sessionKeyContext: CRYPT_CONTEXT;
1646 var returnedContext: CRYPT_CONTEXT ): Integer;
1647{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1648
1649
1650{ Create and check a digital signature }
1651
1652function cryptCreateSignature( signature: Pointer;
1653 const signatureMaxLength: Integer;
1654 var signatureLength: Integer;
1655 const signContext: CRYPT_CONTEXT;
1656 const hashContext: CRYPT_CONTEXT ): Integer;
1657{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1658
1659function cryptCreateSignatureEx( signature: Pointer;
1660 const signatureMaxLength: Integer;
1661 var signatureLength: Integer;
1662 const formatType: CRYPT_FORMAT_TYPE;
1663 const signContext: CRYPT_CONTEXT;
1664 const hashContext: CRYPT_CONTEXT;
1665 const extraData: CRYPT_CERTIFICATE ): Integer;
1666{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1667
1668function cryptCheckSignature( const signature: Pointer;
1669 const signatureLength: Integer;
1670 const sigCheckKey: CRYPT_HANDLE;
1671 const hashContext: CRYPT_CONTEXT ): Integer;
1672{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1673
1674function cryptCheckSignatureEx( const signature: Pointer;
1675 const signatureLength: Integer;
1676 const sigCheckKey: CRYPT_HANDLE;
1677 const hashContext: CRYPT_CONTEXT;
1678 var extraData: CRYPT_HANDLE ): Integer;
1679{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1680
1681
1682{****************************************************************************
1683* *
1684* Keyset Functions *
1685* *
1686****************************************************************************}
1687
1688{ Open and close a keyset }
1689
1690function cryptKeysetOpen( var keyset: CRYPT_KEYSET;
1691 const cryptUser: CRYPT_USER;
1692 const keysetType: CRYPT_KEYSET_TYPE;
1693 const name: PChar;
1694 const options: CRYPT_KEYOPT_TYPE ): Integer;
1695{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1696
1697function cryptKeysetClose( const keyset: CRYPT_KEYSET ): Integer;
1698{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1699
1700
1701{ Get a key from a keyset }
1702
1703function cryptGetPublicKey( const keyset: CRYPT_KEYSET;
1704 var cryptContext: CRYPT_CONTEXT;
1705 const keyIDtype: CRYPT_KEYID_TYPE;
1706 const keyID: PChar ): Integer;
1707{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1708
1709function cryptGetPrivateKey( const keyset: CRYPT_KEYSET;
1710 var cryptContext: CRYPT_CONTEXT;
1711 const keyIDtype: CRYPT_KEYID_TYPE;
1712 const keyID: PChar;
1713 const password: PChar ): Integer;
1714{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1715
1716
1717{ Add/delete a key to/from a keyset }
1718
1719function cryptAddPublicKey( const keyset: CRYPT_KEYSET;
1720 const certificate: CRYPT_CERTIFICATE ): Integer;
1721{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1722
1723function cryptAddPrivateKey( const keyset: CRYPT_KEYSET;
1724 const cryptKey: CRYPT_HANDLE;
1725 const password: PChar ): Integer;
1726{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1727
1728function cryptDeleteKey( const keyset: CRYPT_KEYSET;
1729 const keyIDtype: CRYPT_KEYID_TYPE;
1730 const keyID: PChar ): Integer;
1731{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1732
1733
1734{****************************************************************************
1735* *
1736* Certificate Functions *
1737* *
1738****************************************************************************}
1739
1740{ Create/destroy a certificate }
1741
1742function cryptCreateCert( var certificate: CRYPT_CERTIFICATE;
1743 const cryptUser: CRYPT_USER;
1744 const certType: CRYPT_CERTTYPE_TYPE ): Integer;
1745{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1746
1747function cryptDestroyCert( const certificate: CRYPT_CERTIFICATE ): Integer;
1748{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1749
1750
1751{ Get/add/delete certificate extensions. These are direct data insertion
1752 functions whose use is discouraged, so they fix the string at char *
1753 rather than C_STR }
1754
1755function cryptGetCertExtension( const certificate: CRYPT_CERTIFICATE;
1756 const oid: PChar;
1757 var criticalFlag: Integer;
1758 extension: Pointer;
1759 const extensionMaxLength: Integer;
1760 var extensionLength: Integer ): Integer;
1761{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1762
1763function cryptAddCertExtension( const certificate: CRYPT_CERTIFICATE;
1764 const oid: PChar;
1765 const criticalFlag: Integer;
1766 const extension: Pointer;
1767 const extensionLength: Integer ): Integer;
1768{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1769
1770function cryptDeleteCertExtension( const certificate: CRYPT_CERTIFICATE;
1771 const oid: PChar ): Integer;
1772{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1773
1774
1775{ Sign/sig.check a certificate/certification request }
1776
1777function cryptSignCert( const certificate: CRYPT_CERTIFICATE;
1778 const signContext: CRYPT_CONTEXT ): Integer;
1779{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1780
1781function cryptCheckCert( const certificate: CRYPT_CERTIFICATE;
1782 const sigCheckKey: CRYPT_HANDLE ): Integer;
1783{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1784
1785
1786{ Import/export a certificate/certification request }
1787
1788function cryptImportCert( const certObject: Pointer;
1789 const certObjectLength: Integer;
1790 const cryptUser: CRYPT_USER;
1791 var certificate: CRYPT_CERTIFICATE ): Integer;
1792{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1793
1794function cryptExportCert( certObject: Pointer;
1795 const certObjectMaxLength: Integer;
1796 var certObjectLength: Integer;
1797 const certFormatType: CRYPT_CERTFORMAT_TYPE;
1798 const certificate: CRYPT_CERTIFICATE ): Integer;
1799{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1800
1801
1802{ CA management functions }
1803
1804function cryptCAAddItem( const keyset: CRYPT_KEYSET;
1805 const certificate: CRYPT_CERTIFICATE ): Integer;
1806{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1807
1808function cryptCAGetItem( const keyset: CRYPT_KEYSET;
1809 var certificate: CRYPT_CERTIFICATE;
1810 const certType: CRYPT_CERTTYPE_TYPE;
1811 const keyIDtype: CRYPT_KEYID_TYPE;
1812 const keyID: PChar ): Integer;
1813{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1814
1815function cryptCADeleteItem( const keyset: CRYPT_KEYSET;
1816 const certType: CRYPT_CERTTYPE_TYPE;
1817 const keyIDtype: CRYPT_KEYID_TYPE;
1818 const keyID: PChar ): Integer;
1819{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1820
1821function cryptCACertManagement( var certificate: CRYPT_CERTIFICATE;
1822 const action: CRYPT_CERTACTION_TYPE;
1823 const keyset: CRYPT_KEYSET;
1824 const caKey: CRYPT_CONTEXT;
1825 const certRequest: CRYPT_CERTIFICATE ): Integer;
1826{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1827
1828
1829{****************************************************************************
1830* *
1831* Envelope and Session Functions *
1832* *
1833****************************************************************************}
1834
1835{ Create/destroy an envelope }
1836
1837function cryptCreateEnvelope( var envelope: CRYPT_ENVELOPE;
1838 const cryptUser: CRYPT_USER;
1839 const formatType: CRYPT_FORMAT_TYPE ): Integer;
1840{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1841
1842function cryptDestroyEnvelope( const envelope: CRYPT_ENVELOPE ): Integer;
1843{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1844
1845
1846{ Create/destroy a session }
1847
1848function cryptCreateSession( var session: CRYPT_SESSION;
1849 const cryptUser: CRYPT_USER;
1850 const formatType: CRYPT_SESSION_TYPE ): Integer;
1851{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1852
1853function cryptDestroySession( const session: CRYPT_SESSION ): Integer;
1854{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1855
1856
1857{ Add/remove data to/from and envelope or session }
1858
1859function cryptPushData( const envelope: CRYPT_HANDLE;
1860 const buffer: Pointer;
1861 const length: Integer;
1862 var bytesCopied: Integer ): Integer;
1863{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1864
1865function cryptFlushData( const envelope: CRYPT_HANDLE ): Integer;
1866{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1867
1868function cryptPopData( const envelope: CRYPT_HANDLE;
1869 buffer: Pointer;
1870 const length: Integer;
1871 var bytesCopied: Integer ): Integer;
1872{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1873
1874
1875{****************************************************************************
1876* *
1877* Device Functions *
1878* *
1879****************************************************************************}
1880
1881{ Open and close a device }
1882
1883function cryptDeviceOpen( var device: CRYPT_DEVICE;
1884 const cryptUser: CRYPT_USER;
1885 const deviceType: CRYPT_DEVICE_TYPE;
1886 const name: PChar ): Integer;
1887{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1888
1889function cryptDeviceClose( const device: CRYPT_DEVICE ): Integer;
1890{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1891
1892
1893{ Query a devices capabilities }
1894
1895function cryptDeviceQueryCapability( const device: CRYPT_DEVICE;
1896 const cryptAlgo: CRYPT_ALGO_TYPE;
1897 var cryptQueryInfo: CRYPT_QUERY_INFO ): Integer;
1898{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1899
1900
1901{ Create an encryption context via the device }
1902
1903function cryptDeviceCreateContext( const device: CRYPT_DEVICE;
1904 var cryptContext: CRYPT_CONTEXT;
1905 const cryptAlgo: CRYPT_ALGO_TYPE ): Integer;
1906{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1907
1908
1909{****************************************************************************
1910* *
1911* User Management Functions *
1912* *
1913****************************************************************************}
1914
1915{ Log on and off (create/destroy a user object) }
1916
1917function cryptLogin( var user: CRYPT_USER;
1918 const name: PChar;
1919 const password: PChar ): Integer;
1920{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1921
1922function cryptLogout( const user: CRYPT_USER ): Integer;
1923{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1924
1925
1926
1927
1928
1929implementation
1930
1931{ no implementation code now }
1932
1933end.
Note: See TracBrowser for help on using the repository browser.