Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: trunk/Packages/synapse/cryptlib.pas

Last change on this file was 84, checked in by chronos, 13 years ago
Stored packages in uncompressed files.
File size: 79.7 KB

Line
1	unit cryptlib;
2
3	interface
4
5	{****************************************************************************
6	* *
7	* Cryptlib external API interface *
8	* Copyright Peter Gutmann 1997-2005 *
9	* *
10	* adapted for Delphi Version 5 (32 bit) and Kylix Version 3 *
11	* by W. Gothier *
12	****************************************************************************}
13
14
15	{------------------------------------------------------------------------------
16
17	This file has been created automatically by a perl script from the file:
18
19	"cryptlib.h" dated Mon Jul 18 02:47:56 2005, filesize = 82445.
20
21	Please check twice that the file matches the version of cryptlib.h
22	in your cryptlib source! If this is not the right version, try to download an
23	update from "http://www.sogot.de/cryptlib/". If the filesize or file creation
24	date do not match, then please do not complain about problems.
25
26	Published by W. Gothier,
27	mailto: cryptlib@gothier.net if you find errors in this file.
28
29	-------------------------------------------------------------------------------}
30
31	{$A+} {Set Alignment on}
32	{$F+} {Force function calls to FAR}
33	{$Z+} {Force all enumeration values to Integer size}
34
35	const
36	{$IFDEF WIN32}
37	cryptlibname = 'CL32.DLL'; { dynamic linkname for Windows (Delphi) }
38	{$ELSE}
39	cryptlibname = 'libcl.so'; { library name for Unix/Linux (Kylix) }
40	{ symbolic link should be used for libcl.so -> libcl.so.3.x.y }
41	{$ENDIF}
42
43
44
45	{****************************************************************************
46	* *
47	* Algorithm and Object Types *
48	* *
49	****************************************************************************}
50
51	{ Algorithm and mode types }
52
53
54	type
55	CRYPT_ALGO_TYPE = Integer;
56	const
57	{ Algorithms }
58	{ No encryption }
59	CRYPT_ALGO_NONE = 0; { No encryption }
60
61	{ Conventional encryption }
62	CRYPT_ALGO_DES = 1; { DES }
63	CRYPT_ALGO_3DES = 2; { Triple DES }
64	CRYPT_ALGO_IDEA = 3; { IDEA }
65	CRYPT_ALGO_CAST = 4; { CAST-128 }
66	CRYPT_ALGO_RC2 = 5; { RC2 }
67	CRYPT_ALGO_RC4 = 6; { RC4 }
68	CRYPT_ALGO_RC5 = 7; { RC5 }
69	CRYPT_ALGO_AES = 8; { AES }
70	CRYPT_ALGO_BLOWFISH = 9; { Blowfish }
71	CRYPT_ALGO_SKIPJACK = 10; { Skipjack }
72
73	{ Public-key encryption }
74	CRYPT_ALGO_DH = 100; { Diffie-Hellman }
75	CRYPT_ALGO_RSA = 101; { RSA }
76	CRYPT_ALGO_DSA = 102; { DSA }
77	CRYPT_ALGO_ELGAMAL = 103; { ElGamal }
78	CRYPT_ALGO_KEA = 104; { KEA }
79
80	{ Hash algorithms }
81	CRYPT_ALGO_MD2 = 200; { MD2 }
82	CRYPT_ALGO_MD4 = 201; { MD4 }
83	CRYPT_ALGO_MD5 = 202; { MD5 }
84	CRYPT_ALGO_SHA = 203; { SHA/SHA1 }
85	CRYPT_ALGO_RIPEMD160 = 204; { RIPE-MD 160 }
86	CRYPT_ALGO_SHA2 = 205; { SHA2 (SHA-256/384/512)}
87
88	{ MAC's }
89	CRYPT_ALGO_HMAC_MD5 = 300; { HMAC-MD5 }
90	CRYPT_ALGO_HMAC_SHA = 301; { HMAC-SHA }
91	CRYPT_ALGO_HMAC_RIPEMD160 = 302; { HMAC-RIPEMD-160 }
92
93	{ Vendors may want to use their own algorithms that aren't part of the
94	general cryptlib suite. The following values are for vendor-defined
95	algorithms, and can be used just like the named algorithm types (it's
96	up to the vendor to keep track of what _VENDOR1 actually corresponds
97	to) }
98
99	CRYPT_ALGO_LAST = 303; { Last possible crypt algo value }
100
101	{ In order that we can scan through a range of algorithms with
102	cryptQueryCapability(), we define the following boundary points for
103	each algorithm class }
104	CRYPT_ALGO_FIRST_CONVENTIONAL = 1; { = CRYPT_ALGO_DES }
105	CRYPT_ALGO_LAST_CONVENTIONAL = 99;
106	CRYPT_ALGO_FIRST_PKC = 100; { = CRYPT_ALGO_DH }
107	CRYPT_ALGO_LAST_PKC = 199;
108	CRYPT_ALGO_FIRST_HASH = 200; { = CRYPT_ALGO_MD2 }
109	CRYPT_ALGO_LAST_HASH = 299;
110	CRYPT_ALGO_FIRST_MAC = 300; { = CRYPT_ALGO_HMAC_MD5 }
111	CRYPT_ALGO_LAST_MAC = 399; { End of mac algo.range }
112
113
114
115
116
117	type
118	CRYPT_MODE_TYPE = ( { Block cipher modes }
119	CRYPT_MODE_NONE, { No encryption mode }
120	CRYPT_MODE_ECB, { ECB }
121	CRYPT_MODE_CBC, { CBC }
122	CRYPT_MODE_CFB, { CFB }
123	CRYPT_MODE_OFB, { OFB }
124	CRYPT_MODE_LAST { Last possible crypt mode value }
125
126	);
127
128
129	{ Keyset subtypes }
130
131	CRYPT_KEYSET_TYPE = ( { Keyset types }
132	CRYPT_KEYSET_NONE, { No keyset type }
133	CRYPT_KEYSET_FILE, { Generic flat file keyset }
134	CRYPT_KEYSET_HTTP, { Web page containing cert/CRL }
135	CRYPT_KEYSET_LDAP, { LDAP directory service }
136	CRYPT_KEYSET_ODBC, { Generic ODBC interface }
137	CRYPT_KEYSET_DATABASE, { Generic RDBMS interface }
138	CRYPT_KEYSET_PLUGIN, { Generic database plugin }
139	CRYPT_KEYSET_ODBC_STORE, { ODBC certificate store }
140	CRYPT_KEYSET_DATABASE_STORE, { Database certificate store }
141	CRYPT_KEYSET_PLUGIN_STORE, { Database plugin certificate store }
142	CRYPT_KEYSET_LAST { Last possible keyset type }
143
144
145	);
146
147	{ Device subtypes }
148
149	CRYPT_DEVICE_TYPE = ( { Crypto device types }
150	CRYPT_DEVICE_NONE, { No crypto device }
151	CRYPT_DEVICE_FORTEZZA, { Fortezza card }
152	CRYPT_DEVICE_PKCS11, { PKCS #11 crypto token }
153	CRYPT_DEVICE_CRYPTOAPI, { Microsoft CryptoAPI }
154	CRYPT_DEVICE_LAST { Last possible crypto device type }
155
156	);
157
158	{ Certificate subtypes }
159
160	CRYPT_CERTTYPE_TYPE = ( { Certificate object types }
161	CRYPT_CERTTYPE_NONE, { No certificate type }
162	CRYPT_CERTTYPE_CERTIFICATE, { Certificate }
163	CRYPT_CERTTYPE_ATTRIBUTE_CERT, { Attribute certificate }
164	CRYPT_CERTTYPE_CERTCHAIN, { PKCS #7 certificate chain }
165	CRYPT_CERTTYPE_CERTREQUEST, { PKCS #10 certification request }
166	CRYPT_CERTTYPE_REQUEST_CERT, { CRMF certification request }
167	CRYPT_CERTTYPE_REQUEST_REVOCATION, { CRMF revocation request }
168	CRYPT_CERTTYPE_CRL, { CRL }
169	CRYPT_CERTTYPE_CMS_ATTRIBUTES, { CMS attributes }
170	CRYPT_CERTTYPE_RTCS_REQUEST, { RTCS request }
171	CRYPT_CERTTYPE_RTCS_RESPONSE, { RTCS response }
172	CRYPT_CERTTYPE_OCSP_REQUEST, { OCSP request }
173	CRYPT_CERTTYPE_OCSP_RESPONSE, { OCSP response }
174	CRYPT_CERTTYPE_PKIUSER, { PKI user information }
175	CRYPT_CERTTYPE_LAST { Last possible cert.type }
176
177	);
178
179	{ Envelope/data format subtypes }
180
181	CRYPT_FORMAT_TYPE = (
182	CRYPT_FORMAT_NONE, { No format type }
183	CRYPT_FORMAT_AUTO, { Deenv, auto-determine type }
184	CRYPT_FORMAT_CRYPTLIB, { cryptlib native format }
185	CRYPT_FORMAT_CMS, { PKCS #7 / CMS / S/MIME fmt.}
186	CRYPT_FORMAT_SMIME, { As CMS with MSG-style behaviour }
187	CRYPT_FORMAT_PGP, { PGP format }
188	CRYPT_FORMAT_LAST { Last possible format type }
189
190	);
191
192	const
193	CRYPT_FORMAT_PKCS7: CRYPT_FORMAT_TYPE = CRYPT_FORMAT_CMS;
194
195	{ Session subtypes }
196
197
198	type
199	CRYPT_SESSION_TYPE = (
200	CRYPT_SESSION_NONE, { No session type }
201	CRYPT_SESSION_SSH, { SSH }
202	CRYPT_SESSION_SSH_SERVER, { SSH server }
203	CRYPT_SESSION_SSL, { SSL/TLS }
204	CRYPT_SESSION_SSL_SERVER, { SSL/TLS server }
205	CRYPT_SESSION_RTCS, { RTCS }
206	CRYPT_SESSION_RTCS_SERVER, { RTCS server }
207	CRYPT_SESSION_OCSP, { OCSP }
208	CRYPT_SESSION_OCSP_SERVER, { OCSP server }
209	CRYPT_SESSION_TSP, { TSP }
210	CRYPT_SESSION_TSP_SERVER, { TSP server }
211	CRYPT_SESSION_CMP, { CMP }
212	CRYPT_SESSION_CMP_SERVER, { CMP server }
213	CRYPT_SESSION_SCEP, { SCEP }
214	CRYPT_SESSION_SCEP_SERVER, { SCEP server }
215	CRYPT_SESSION_CERTSTORE_SERVER, { HTTP cert store interface }
216	CRYPT_SESSION_LAST { Last possible session type }
217
218	);
219
220	{ User subtypes }
221
222	CRYPT_USER_TYPE = (
223	CRYPT_USER_NONE, { No user type }
224	CRYPT_USER_NORMAL, { Normal user }
225	CRYPT_USER_SO, { Security officer }
226	CRYPT_USER_CA, { CA user }
227	CRYPT_USER_LAST { Last possible user type }
228
229	);
230
231	{****************************************************************************
232	* *
233	* Attribute Types *
234	* *
235	****************************************************************************}
236
237	{ Attribute types. These are arranged in the following order:
238
239	PROPERTY - Object property
240	ATTRIBUTE - Generic attributes
241	OPTION - Global or object-specific config.option
242	CTXINFO - Context-specific attribute
243	CERTINFO - Certificate-specific attribute
244	KEYINFO - Keyset-specific attribute
245	DEVINFO - Device-specific attribute
246	ENVINFO - Envelope-specific attribute
247	SESSINFO - Session-specific attribute
248	USERINFO - User-specific attribute }
249
250	CRYPT_ATTRIBUTE_TYPE = Integer;
251	const
252
253	CRYPT_ATTRIBUTE_NONE = 0; { Non-value }
254
255	{ Used internally }
256	CRYPT_PROPERTY_FIRST = 1;
257
258	{*******************}
259	{ Object attributes }
260	{*******************}
261
262	{ Object properties }
263	CRYPT_PROPERTY_HIGHSECURITY = 2; { Owned+non-forwardcount+locked }
264	CRYPT_PROPERTY_OWNER = 3; { Object owner }
265	CRYPT_PROPERTY_FORWARDCOUNT = 4; { No.of times object can be forwarded }
266	CRYPT_PROPERTY_LOCKED = 5; { Whether properties can be chged/read }
267	CRYPT_PROPERTY_USAGECOUNT = 6; { Usage count before object expires }
268	CRYPT_PROPERTY_NONEXPORTABLE = 7; { Whether key is nonexp.from context }
269
270	{ Used internally }
271	CRYPT_PROPERTY_LAST = 8; CRYPT_GENERIC_FIRST = 9;
272
273	{ Extended error information }
274	CRYPT_ATTRIBUTE_ERRORTYPE = 10; { Type of last error }
275	CRYPT_ATTRIBUTE_ERRORLOCUS = 11; { Locus of last error }
276	CRYPT_ATTRIBUTE_INT_ERRORCODE = 12; { Low-level software-specific }
277	CRYPT_ATTRIBUTE_INT_ERRORMESSAGE = 13; { error code and message }
278
279	{ Generic information }
280	CRYPT_ATTRIBUTE_CURRENT_GROUP = 14; { Cursor mgt: Group in attribute list }
281	CRYPT_ATTRIBUTE_CURRENT = 15; { Cursor mgt: Entry in attribute list }
282	CRYPT_ATTRIBUTE_CURRENT_INSTANCE = 16; { Cursor mgt: Instance in attribute list }
283	CRYPT_ATTRIBUTE_BUFFERSIZE = 17; { Internal data buffer size }
284
285	{ User internally }
286	CRYPT_GENERIC_LAST = 18; CRYPT_OPTION_FIRST = 100;
287
288	{**************************}
289	{ Configuration attributes }
290	{**************************}
291
292	{ cryptlib information (read-only) }
293	CRYPT_OPTION_INFO_DESCRIPTION = 101; { Text description }
294	CRYPT_OPTION_INFO_COPYRIGHT = 102; { Copyright notice }
295	CRYPT_OPTION_INFO_MAJORVERSION = 103; { Major release version }
296	CRYPT_OPTION_INFO_MINORVERSION = 104; { Minor release version }
297	CRYPT_OPTION_INFO_STEPPING = 105; { Release stepping }
298
299	{ Encryption options }
300	CRYPT_OPTION_ENCR_ALGO = 106; { Encryption algorithm }
301	CRYPT_OPTION_ENCR_HASH = 107; { Hash algorithm }
302	CRYPT_OPTION_ENCR_MAC = 108; { MAC algorithm }
303
304	{ PKC options }
305	CRYPT_OPTION_PKC_ALGO = 109; { Public-key encryption algorithm }
306	CRYPT_OPTION_PKC_KEYSIZE = 110; { Public-key encryption key size }
307
308	{ Signature options }
309	CRYPT_OPTION_SIG_ALGO = 111; { Signature algorithm }
310	CRYPT_OPTION_SIG_KEYSIZE = 112; { Signature keysize }
311
312	{ Keying options }
313	CRYPT_OPTION_KEYING_ALGO = 113; { Key processing algorithm }
314	CRYPT_OPTION_KEYING_ITERATIONS = 114; { Key processing iterations }
315
316	{ Certificate options }
317	CRYPT_OPTION_CERT_SIGNUNRECOGNISEDATTRIBUTES = 115; { Whether to sign unrecog.attrs }
318	CRYPT_OPTION_CERT_VALIDITY = 116; { Certificate validity period }
319	CRYPT_OPTION_CERT_UPDATEINTERVAL = 117; { CRL update interval }
320	CRYPT_OPTION_CERT_COMPLIANCELEVEL = 118; { PKIX compliance level for cert chks.}
321	CRYPT_OPTION_CERT_REQUIREPOLICY = 119; { Whether explicit policy req'd for certs }
322
323	{ CMS/SMIME options }
324	CRYPT_OPTION_CMS_DEFAULTATTRIBUTES = 120; { Add default CMS attributes }
325	CRYPT_OPTION_SMIME_DEFAULTATTRIBUTES = 120; { = CRYPT_OPTION_CMS_DEFAULTATTRIBUTES }
326
327	{ LDAP keyset options }
328	CRYPT_OPTION_KEYS_LDAP_OBJECTCLASS = 121; { Object class }
329	CRYPT_OPTION_KEYS_LDAP_OBJECTTYPE = 122; { Object type to fetch }
330	CRYPT_OPTION_KEYS_LDAP_FILTER = 123; { Query filter }
331	CRYPT_OPTION_KEYS_LDAP_CACERTNAME = 124; { CA certificate attribute name }
332	CRYPT_OPTION_KEYS_LDAP_CERTNAME = 125; { Certificate attribute name }
333	CRYPT_OPTION_KEYS_LDAP_CRLNAME = 126; { CRL attribute name }
334	CRYPT_OPTION_KEYS_LDAP_EMAILNAME = 127; { Email attribute name }
335
336	{ Crypto device options }
337	CRYPT_OPTION_DEVICE_PKCS11_DVR01 = 128; { Name of first PKCS #11 driver }
338	CRYPT_OPTION_DEVICE_PKCS11_DVR02 = 129; { Name of second PKCS #11 driver }
339	CRYPT_OPTION_DEVICE_PKCS11_DVR03 = 130; { Name of third PKCS #11 driver }
340	CRYPT_OPTION_DEVICE_PKCS11_DVR04 = 131; { Name of fourth PKCS #11 driver }
341	CRYPT_OPTION_DEVICE_PKCS11_DVR05 = 132; { Name of fifth PKCS #11 driver }
342	CRYPT_OPTION_DEVICE_PKCS11_HARDWAREONLY = 133; { Use only hardware mechanisms }
343
344	{ Network access options }
345	CRYPT_OPTION_NET_SOCKS_SERVER = 134; { Socks server name }
346	CRYPT_OPTION_NET_SOCKS_USERNAME = 135; { Socks user name }
347	CRYPT_OPTION_NET_HTTP_PROXY = 136; { Web proxy server }
348	CRYPT_OPTION_NET_CONNECTTIMEOUT = 137; { Timeout for network connection setup }
349	CRYPT_OPTION_NET_READTIMEOUT = 138; { Timeout for network reads }
350	CRYPT_OPTION_NET_WRITETIMEOUT = 139; { Timeout for network writes }
351
352	{ Miscellaneous options }
353	CRYPT_OPTION_MISC_ASYNCINIT = 140; { Whether to init cryptlib async'ly }
354	CRYPT_OPTION_MISC_SIDECHANNELPROTECTION = 141; { Protect against side-channel attacks }
355
356	{ cryptlib state information }
357	CRYPT_OPTION_CONFIGCHANGED = 142; { Whether in-mem.opts match on-disk ones }
358	CRYPT_OPTION_SELFTESTOK = 143; { Whether self-test was completed and OK }
359
360	{ Used internally }
361	CRYPT_OPTION_LAST = 144; CRYPT_CTXINFO_FIRST = 1000;
362
363	{********************}
364	{ Context attributes }
365	{********************}
366
367	{ Algorithm and mode information }
368	CRYPT_CTXINFO_ALGO = 1001; { Algorithm }
369	CRYPT_CTXINFO_MODE = 1002; { Mode }
370	CRYPT_CTXINFO_NAME_ALGO = 1003; { Algorithm name }
371	CRYPT_CTXINFO_NAME_MODE = 1004; { Mode name }
372	CRYPT_CTXINFO_KEYSIZE = 1005; { Key size in bytes }
373	CRYPT_CTXINFO_BLOCKSIZE = 1006; { Block size }
374	CRYPT_CTXINFO_IVSIZE = 1007; { IV size }
375	CRYPT_CTXINFO_KEYING_ALGO = 1008; { Key processing algorithm }
376	CRYPT_CTXINFO_KEYING_ITERATIONS = 1009; { Key processing iterations }
377	CRYPT_CTXINFO_KEYING_SALT = 1010; { Key processing salt }
378	CRYPT_CTXINFO_KEYING_VALUE = 1011; { Value used to derive key }
379
380	{ State information }
381	CRYPT_CTXINFO_KEY = 1012; { Key }
382	CRYPT_CTXINFO_KEY_COMPONENTS = 1013; { Public-key components }
383	CRYPT_CTXINFO_IV = 1014; { IV }
384	CRYPT_CTXINFO_HASHVALUE = 1015; { Hash value }
385
386	{ Misc.information }
387	CRYPT_CTXINFO_LABEL = 1016; { Label for private/secret key }
388
389	{ Used internally }
390	CRYPT_CTXINFO_LAST = 1017; CRYPT_CERTINFO_FIRST = 2000;
391
392	{************************}
393	{ Certificate attributes }
394	{************************}
395
396	{ Because there are so many cert attributes, we break them down into
397	blocks to minimise the number of values that change if a new one is
398	added halfway through }
399
400	{ Pseudo-information on a cert object or meta-information which is used
401	to control the way that a cert object is processed }
402	CRYPT_CERTINFO_SELFSIGNED = 2001; { Cert is self-signed }
403	CRYPT_CERTINFO_IMMUTABLE = 2002; { Cert is signed and immutable }
404	CRYPT_CERTINFO_XYZZY = 2003; { Cert is a magic just-works cert }
405	CRYPT_CERTINFO_CERTTYPE = 2004; { Certificate object type }
406	CRYPT_CERTINFO_FINGERPRINT = 2005; { Certificate fingerprints }
407	CRYPT_CERTINFO_FINGERPRINT_MD5 = 2005; { = CRYPT_CERTINFO_FINGERPRINT }
408	CRYPT_CERTINFO_FINGERPRINT_SHA = 2006;
409	CRYPT_CERTINFO_CURRENT_CERTIFICATE = 2007; { Cursor mgt: Rel.pos in chain/CRL/OCSP }
410	CRYPT_CERTINFO_CURRENT_EXTENSION = 2008; { Cursor mgt: Rel.pos.or abs.extension }
411	CRYPT_CERTINFO_CURRENT_FIELD = 2009; { Cursor mgt: Rel.pos.or abs.field in ext }
412	CRYPT_CERTINFO_CURRENT_COMPONENT = 2010; { Cursor mgt: Rel.pos in multival.field }
413	CRYPT_CERTINFO_TRUSTED_USAGE = 2011; { Usage that cert is trusted for }
414	CRYPT_CERTINFO_TRUSTED_IMPLICIT = 2012; { Whether cert is implicitly trusted }
415	CRYPT_CERTINFO_SIGNATURELEVEL = 2013; { Amount of detail to include in sigs.}
416
417	{ General certificate object information }
418	CRYPT_CERTINFO_VERSION = 2014; { Cert.format version }
419	CRYPT_CERTINFO_SERIALNUMBER = 2015; { Serial number }
420	CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO = 2016; { Public key }
421	CRYPT_CERTINFO_CERTIFICATE = 2017; { User certificate }
422	CRYPT_CERTINFO_USERCERTIFICATE = 2017; { = CRYPT_CERTINFO_CERTIFICATE }
423	CRYPT_CERTINFO_CACERTIFICATE = 2018; { CA certificate }
424	CRYPT_CERTINFO_ISSUERNAME = 2019; { Issuer DN }
425	CRYPT_CERTINFO_VALIDFROM = 2020; { Cert valid-from time }
426	CRYPT_CERTINFO_VALIDTO = 2021; { Cert valid-to time }
427	CRYPT_CERTINFO_SUBJECTNAME = 2022; { Subject DN }
428	CRYPT_CERTINFO_ISSUERUNIQUEID = 2023; { Issuer unique ID }
429	CRYPT_CERTINFO_SUBJECTUNIQUEID = 2024; { Subject unique ID }
430	CRYPT_CERTINFO_CERTREQUEST = 2025; { Cert.request (DN + public key) }
431	CRYPT_CERTINFO_THISUPDATE = 2026; { CRL/OCSP current-update time }
432	CRYPT_CERTINFO_NEXTUPDATE = 2027; { CRL/OCSP next-update time }
433	CRYPT_CERTINFO_REVOCATIONDATE = 2028; { CRL/OCSP cert-revocation time }
434	CRYPT_CERTINFO_REVOCATIONSTATUS = 2029; { OCSP revocation status }
435	CRYPT_CERTINFO_CERTSTATUS = 2030; { RTCS certificate status }
436	CRYPT_CERTINFO_DN = 2031; { Currently selected DN in string form }
437	CRYPT_CERTINFO_PKIUSER_ID = 2032; { PKI user ID }
438	CRYPT_CERTINFO_PKIUSER_ISSUEPASSWORD = 2033; { PKI user issue password }
439	CRYPT_CERTINFO_PKIUSER_REVPASSWORD = 2034; { PKI user revocation password }
440
441	{ X.520 Distinguished Name components. This is a composite field, the
442	DN to be manipulated is selected through the addition of a
443	pseudocomponent, and then one of the following is used to access the
444	DN components directly }
445	CRYPT_CERTINFO_COUNTRYNAME = 2100; { countryName }
446	CRYPT_CERTINFO_STATEORPROVINCENAME = 2101; { stateOrProvinceName }
447	CRYPT_CERTINFO_LOCALITYNAME = 2102; { localityName }
448	CRYPT_CERTINFO_ORGANIZATIONNAME = 2103; { organizationName }
449	CRYPT_CERTINFO_ORGANISATIONNAME = 2103; { = CRYPT_CERTINFO_ORGANIZATIONNAME }
450	CRYPT_CERTINFO_ORGANIZATIONALUNITNAME = 2104; { organizationalUnitName }
451	CRYPT_CERTINFO_ORGANISATIONALUNITNAME = 2104; { = CRYPT_CERTINFO_ORGANIZATIONALUNITNAME }
452	CRYPT_CERTINFO_COMMONNAME = 2105; { commonName }
453
454	{ X.509 General Name components. These are handled in the same way as
455	the DN composite field, with the current GeneralName being selected by
456	a pseudo-component after which the individual components can be
457	modified through one of the following }
458	CRYPT_CERTINFO_OTHERNAME_TYPEID = 2106; { otherName.typeID }
459	CRYPT_CERTINFO_OTHERNAME_VALUE = 2107; { otherName.value }
460	CRYPT_CERTINFO_RFC822NAME = 2108; { rfc822Name }
461	CRYPT_CERTINFO_EMAIL = 2108; { = CRYPT_CERTINFO_RFC822NAME }
462	CRYPT_CERTINFO_DNSNAME = 2109; { dNSName }
463	CRYPT_CERTINFO_DIRECTORYNAME = 2110; { directoryName }
464	CRYPT_CERTINFO_EDIPARTYNAME_NAMEASSIGNER = 2111; { ediPartyName.nameAssigner }
465	CRYPT_CERTINFO_EDIPARTYNAME_PARTYNAME = 2112; { ediPartyName.partyName }
466	CRYPT_CERTINFO_UNIFORMRESOURCEIDENTIFIER = 2113; { uniformResourceIdentifier }
467	CRYPT_CERTINFO_IPADDRESS = 2114; { iPAddress }
468	CRYPT_CERTINFO_REGISTEREDID = 2115; { registeredID }
469
470	{ X.509 certificate extensions. Although it would be nicer to use names
471	that match the extensions more closely (e.g.
472	CRYPT_CERTINFO_BASICCONSTRAINTS_PATHLENCONSTRAINT), these exceed the
473	32-character ANSI minimum length for unique names, and get really
474	hairy once you get into the weird policy constraints extensions whose
475	names wrap around the screen about three times.
476
477	The following values are defined in OID order, this isn't absolutely
478	necessary but saves an extra layer of processing when encoding them }
479
480	{ 1 2 840 113549 1 9 7 challengePassword. This is here even though it's
481	a CMS attribute because SCEP stuffs it into PKCS #10 requests }
482	CRYPT_CERTINFO_CHALLENGEPASSWORD = 2200;
483
484	{ 1 3 6 1 4 1 3029 3 1 4 cRLExtReason }
485	CRYPT_CERTINFO_CRLEXTREASON = 2201;
486
487	{ 1 3 6 1 4 1 3029 3 1 5 keyFeatures }
488	CRYPT_CERTINFO_KEYFEATURES = 2202;
489
490	{ 1 3 6 1 5 5 7 1 1 authorityInfoAccess }
491	CRYPT_CERTINFO_AUTHORITYINFOACCESS = 2203;
492	CRYPT_CERTINFO_AUTHORITYINFO_RTCS = 2204; { accessDescription.accessLocation }
493	CRYPT_CERTINFO_AUTHORITYINFO_OCSP = 2205; { accessDescription.accessLocation }
494	CRYPT_CERTINFO_AUTHORITYINFO_CAISSUERS = 2206; { accessDescription.accessLocation }
495	CRYPT_CERTINFO_AUTHORITYINFO_CERTSTORE = 2207; { accessDescription.accessLocation }
496	CRYPT_CERTINFO_AUTHORITYINFO_CRLS = 2208; { accessDescription.accessLocation }
497
498	{ 1 3 6 1 5 5 7 1 2 biometricInfo }
499	CRYPT_CERTINFO_BIOMETRICINFO = 2209;
500	CRYPT_CERTINFO_BIOMETRICINFO_TYPE = 2210; { biometricData.typeOfData }
501	CRYPT_CERTINFO_BIOMETRICINFO_HASHALGO = 2211; { biometricData.hashAlgorithm }
502	CRYPT_CERTINFO_BIOMETRICINFO_HASH = 2212; { biometricData.dataHash }
503	CRYPT_CERTINFO_BIOMETRICINFO_URL = 2213; { biometricData.sourceDataUri }
504
505	{ 1 3 6 1 5 5 7 1 3 qcStatements }
506	CRYPT_CERTINFO_QCSTATEMENT = 2214;
507	CRYPT_CERTINFO_QCSTATEMENT_SEMANTICS = 2215;
508	{ qcStatement.statementInfo.semanticsIdentifier }
509	CRYPT_CERTINFO_QCSTATEMENT_REGISTRATIONAUTHORITY = 2216;
510	{ qcStatement.statementInfo.nameRegistrationAuthorities }
511
512	{ 1 3 6 1 5 5 7 48 1 2 ocspNonce }
513	CRYPT_CERTINFO_OCSP_NONCE = 2217; { nonce }
514
515	{ 1 3 6 1 5 5 7 48 1 4 ocspAcceptableResponses }
516	CRYPT_CERTINFO_OCSP_RESPONSE = 2218;
517	CRYPT_CERTINFO_OCSP_RESPONSE_OCSP = 2219; { OCSP standard response }
518
519	{ 1 3 6 1 5 5 7 48 1 5 ocspNoCheck }
520	CRYPT_CERTINFO_OCSP_NOCHECK = 2220;
521
522	{ 1 3 6 1 5 5 7 48 1 6 ocspArchiveCutoff }
523	CRYPT_CERTINFO_OCSP_ARCHIVECUTOFF = 2221;
524
525	{ 1 3 6 1 5 5 7 48 1 11 subjectInfoAccess }
526	CRYPT_CERTINFO_SUBJECTINFOACCESS = 2222;
527	CRYPT_CERTINFO_SUBJECTINFO_CAREPOSITORY = 2223; { accessDescription.accessLocation }
528	CRYPT_CERTINFO_SUBJECTINFO_TIMESTAMPING = 2224; { accessDescription.accessLocation }
529
530	{ 1 3 36 8 3 1 siggDateOfCertGen }
531	CRYPT_CERTINFO_SIGG_DATEOFCERTGEN = 2225;
532
533	{ 1 3 36 8 3 2 siggProcuration }
534	CRYPT_CERTINFO_SIGG_PROCURATION = 2226;
535	CRYPT_CERTINFO_SIGG_PROCURE_COUNTRY = 2227; { country }
536	CRYPT_CERTINFO_SIGG_PROCURE_TYPEOFSUBSTITUTION = 2228; { typeOfSubstitution }
537	CRYPT_CERTINFO_SIGG_PROCURE_SIGNINGFOR = 2229; { signingFor.thirdPerson }
538
539	{ 1 3 36 8 3 4 siggMonetaryLimit }
540	CRYPT_CERTINFO_SIGG_MONETARYLIMIT = 2230;
541	CRYPT_CERTINFO_SIGG_MONETARY_CURRENCY = 2231; { currency }
542	CRYPT_CERTINFO_SIGG_MONETARY_AMOUNT = 2232; { amount }
543	CRYPT_CERTINFO_SIGG_MONETARY_EXPONENT = 2233; { exponent }
544
545	{ 1 3 36 8 3 8 siggRestriction }
546	CRYPT_CERTINFO_SIGG_RESTRICTION = 2234;
547
548	{ 1 3 101 1 4 1 strongExtranet }
549	CRYPT_CERTINFO_STRONGEXTRANET = 2235;
550	CRYPT_CERTINFO_STRONGEXTRANET_ZONE = 2236; { sxNetIDList.sxNetID.zone }
551	CRYPT_CERTINFO_STRONGEXTRANET_ID = 2237; { sxNetIDList.sxNetID.id }
552
553	{ 2 5 29 9 subjectDirectoryAttributes }
554	CRYPT_CERTINFO_SUBJECTDIRECTORYATTRIBUTES = 2238;
555	CRYPT_CERTINFO_SUBJECTDIR_TYPE = 2239; { attribute.type }
556	CRYPT_CERTINFO_SUBJECTDIR_VALUES = 2240; { attribute.values }
557
558	{ 2 5 29 14 subjectKeyIdentifier }
559	CRYPT_CERTINFO_SUBJECTKEYIDENTIFIER = 2241;
560
561	{ 2 5 29 15 keyUsage }
562	CRYPT_CERTINFO_KEYUSAGE = 2242;
563
564	{ 2 5 29 16 privateKeyUsagePeriod }
565	CRYPT_CERTINFO_PRIVATEKEYUSAGEPERIOD = 2243;
566	CRYPT_CERTINFO_PRIVATEKEY_NOTBEFORE = 2244; { notBefore }
567	CRYPT_CERTINFO_PRIVATEKEY_NOTAFTER = 2245; { notAfter }
568
569	{ 2 5 29 17 subjectAltName }
570	CRYPT_CERTINFO_SUBJECTALTNAME = 2246;
571
572	{ 2 5 29 18 issuerAltName }
573	CRYPT_CERTINFO_ISSUERALTNAME = 2247;
574
575	{ 2 5 29 19 basicConstraints }
576	CRYPT_CERTINFO_BASICCONSTRAINTS = 2248;
577	CRYPT_CERTINFO_CA = 2249; { cA }
578	CRYPT_CERTINFO_AUTHORITY = 2249; { = CRYPT_CERTINFO_CA }
579	CRYPT_CERTINFO_PATHLENCONSTRAINT = 2250; { pathLenConstraint }
580
581	{ 2 5 29 20 cRLNumber }
582	CRYPT_CERTINFO_CRLNUMBER = 2251;
583
584	{ 2 5 29 21 cRLReason }
585	CRYPT_CERTINFO_CRLREASON = 2252;
586
587	{ 2 5 29 23 holdInstructionCode }
588	CRYPT_CERTINFO_HOLDINSTRUCTIONCODE = 2253;
589
590	{ 2 5 29 24 invalidityDate }
591	CRYPT_CERTINFO_INVALIDITYDATE = 2254;
592
593	{ 2 5 29 27 deltaCRLIndicator }
594	CRYPT_CERTINFO_DELTACRLINDICATOR = 2255;
595
596	{ 2 5 29 28 issuingDistributionPoint }
597	CRYPT_CERTINFO_ISSUINGDISTRIBUTIONPOINT = 2256;
598	CRYPT_CERTINFO_ISSUINGDIST_FULLNAME = 2257; { distributionPointName.fullName }
599	CRYPT_CERTINFO_ISSUINGDIST_USERCERTSONLY = 2258; { onlyContainsUserCerts }
600	CRYPT_CERTINFO_ISSUINGDIST_CACERTSONLY = 2259; { onlyContainsCACerts }
601	CRYPT_CERTINFO_ISSUINGDIST_SOMEREASONSONLY = 2260; { onlySomeReasons }
602	CRYPT_CERTINFO_ISSUINGDIST_INDIRECTCRL = 2261; { indirectCRL }
603
604	{ 2 5 29 29 certificateIssuer }
605	CRYPT_CERTINFO_CERTIFICATEISSUER = 2262;
606
607	{ 2 5 29 30 nameConstraints }
608	CRYPT_CERTINFO_NAMECONSTRAINTS = 2263;
609	CRYPT_CERTINFO_PERMITTEDSUBTREES = 2264; { permittedSubtrees }
610	CRYPT_CERTINFO_EXCLUDEDSUBTREES = 2265; { excludedSubtrees }
611
612	{ 2 5 29 31 cRLDistributionPoint }
613	CRYPT_CERTINFO_CRLDISTRIBUTIONPOINT = 2266;
614	CRYPT_CERTINFO_CRLDIST_FULLNAME = 2267; { distributionPointName.fullName }
615	CRYPT_CERTINFO_CRLDIST_REASONS = 2268; { reasons }
616	CRYPT_CERTINFO_CRLDIST_CRLISSUER = 2269; { cRLIssuer }
617
618	{ 2 5 29 32 certificatePolicies }
619	CRYPT_CERTINFO_CERTIFICATEPOLICIES = 2270;
620	CRYPT_CERTINFO_CERTPOLICYID = 2271; { policyInformation.policyIdentifier }
621	CRYPT_CERTINFO_CERTPOLICY_CPSURI = 2272;
622	{ policyInformation.policyQualifiers.qualifier.cPSuri }
623	CRYPT_CERTINFO_CERTPOLICY_ORGANIZATION = 2273;
624	{ policyInformation.policyQualifiers.qualifier.userNotice.noticeRef.organization }
625	CRYPT_CERTINFO_CERTPOLICY_NOTICENUMBERS = 2274;
626	{ policyInformation.policyQualifiers.qualifier.userNotice.noticeRef.noticeNumbers }
627	CRYPT_CERTINFO_CERTPOLICY_EXPLICITTEXT = 2275;
628	{ policyInformation.policyQualifiers.qualifier.userNotice.explicitText }
629
630	{ 2 5 29 33 policyMappings }
631	CRYPT_CERTINFO_POLICYMAPPINGS = 2276;
632	CRYPT_CERTINFO_ISSUERDOMAINPOLICY = 2277; { policyMappings.issuerDomainPolicy }
633	CRYPT_CERTINFO_SUBJECTDOMAINPOLICY = 2278; { policyMappings.subjectDomainPolicy }
634
635	{ 2 5 29 35 authorityKeyIdentifier }
636	CRYPT_CERTINFO_AUTHORITYKEYIDENTIFIER = 2279;
637	CRYPT_CERTINFO_AUTHORITY_KEYIDENTIFIER = 2280; { keyIdentifier }
638	CRYPT_CERTINFO_AUTHORITY_CERTISSUER = 2281; { authorityCertIssuer }
639	CRYPT_CERTINFO_AUTHORITY_CERTSERIALNUMBER = 2282; { authorityCertSerialNumber }
640
641	{ 2 5 29 36 policyConstraints }
642	CRYPT_CERTINFO_POLICYCONSTRAINTS = 2283;
643	CRYPT_CERTINFO_REQUIREEXPLICITPOLICY = 2284; { policyConstraints.requireExplicitPolicy }
644	CRYPT_CERTINFO_INHIBITPOLICYMAPPING = 2285; { policyConstraints.inhibitPolicyMapping }
645
646	{ 2 5 29 37 extKeyUsage }
647	CRYPT_CERTINFO_EXTKEYUSAGE = 2286;
648	CRYPT_CERTINFO_EXTKEY_MS_INDIVIDUALCODESIGNING = 2287; { individualCodeSigning }
649	CRYPT_CERTINFO_EXTKEY_MS_COMMERCIALCODESIGNING = 2288; { commercialCodeSigning }
650	CRYPT_CERTINFO_EXTKEY_MS_CERTTRUSTLISTSIGNING = 2289; { certTrustListSigning }
651	CRYPT_CERTINFO_EXTKEY_MS_TIMESTAMPSIGNING = 2290; { timeStampSigning }
652	CRYPT_CERTINFO_EXTKEY_MS_SERVERGATEDCRYPTO = 2291; { serverGatedCrypto }
653	CRYPT_CERTINFO_EXTKEY_MS_ENCRYPTEDFILESYSTEM = 2292; { encrypedFileSystem }
654	CRYPT_CERTINFO_EXTKEY_SERVERAUTH = 2293; { serverAuth }
655	CRYPT_CERTINFO_EXTKEY_CLIENTAUTH = 2294; { clientAuth }
656	CRYPT_CERTINFO_EXTKEY_CODESIGNING = 2295; { codeSigning }
657	CRYPT_CERTINFO_EXTKEY_EMAILPROTECTION = 2296; { emailProtection }
658	CRYPT_CERTINFO_EXTKEY_IPSECENDSYSTEM = 2297; { ipsecEndSystem }
659	CRYPT_CERTINFO_EXTKEY_IPSECTUNNEL = 2298; { ipsecTunnel }
660	CRYPT_CERTINFO_EXTKEY_IPSECUSER = 2299; { ipsecUser }
661	CRYPT_CERTINFO_EXTKEY_TIMESTAMPING = 2300; { timeStamping }
662	CRYPT_CERTINFO_EXTKEY_OCSPSIGNING = 2301; { ocspSigning }
663	CRYPT_CERTINFO_EXTKEY_DIRECTORYSERVICE = 2302; { directoryService }
664	CRYPT_CERTINFO_EXTKEY_ANYKEYUSAGE = 2303; { anyExtendedKeyUsage }
665	CRYPT_CERTINFO_EXTKEY_NS_SERVERGATEDCRYPTO = 2304; { serverGatedCrypto }
666	CRYPT_CERTINFO_EXTKEY_VS_SERVERGATEDCRYPTO_CA = 2305; { serverGatedCrypto CA }
667
668	{ 2 5 29 46 freshestCRL }
669	CRYPT_CERTINFO_FRESHESTCRL = 2306;
670	CRYPT_CERTINFO_FRESHESTCRL_FULLNAME = 2307; { distributionPointName.fullName }
671	CRYPT_CERTINFO_FRESHESTCRL_REASONS = 2308; { reasons }
672	CRYPT_CERTINFO_FRESHESTCRL_CRLISSUER = 2309; { cRLIssuer }
673
674	{ 2 5 29 54 inhibitAnyPolicy }
675	CRYPT_CERTINFO_INHIBITANYPOLICY = 2310;
676
677	{ 2 16 840 1 113730 1 x Netscape extensions }
678	CRYPT_CERTINFO_NS_CERTTYPE = 2311; { netscape-cert-type }
679	CRYPT_CERTINFO_NS_BASEURL = 2312; { netscape-base-url }
680	CRYPT_CERTINFO_NS_REVOCATIONURL = 2313; { netscape-revocation-url }
681	CRYPT_CERTINFO_NS_CAREVOCATIONURL = 2314; { netscape-ca-revocation-url }
682	CRYPT_CERTINFO_NS_CERTRENEWALURL = 2315; { netscape-cert-renewal-url }
683	CRYPT_CERTINFO_NS_CAPOLICYURL = 2316; { netscape-ca-policy-url }
684	CRYPT_CERTINFO_NS_SSLSERVERNAME = 2317; { netscape-ssl-server-name }
685	CRYPT_CERTINFO_NS_COMMENT = 2318; { netscape-comment }
686
687	{ 2 23 42 7 0 SET hashedRootKey }
688	CRYPT_CERTINFO_SET_HASHEDROOTKEY = 2319;
689	CRYPT_CERTINFO_SET_ROOTKEYTHUMBPRINT = 2320; { rootKeyThumbPrint }
690
691	{ 2 23 42 7 1 SET certificateType }
692	CRYPT_CERTINFO_SET_CERTIFICATETYPE = 2321;
693
694	{ 2 23 42 7 2 SET merchantData }
695	CRYPT_CERTINFO_SET_MERCHANTDATA = 2322;
696	CRYPT_CERTINFO_SET_MERID = 2323; { merID }
697	CRYPT_CERTINFO_SET_MERACQUIRERBIN = 2324; { merAcquirerBIN }
698	CRYPT_CERTINFO_SET_MERCHANTLANGUAGE = 2325; { merNames.language }
699	CRYPT_CERTINFO_SET_MERCHANTNAME = 2326; { merNames.name }
700	CRYPT_CERTINFO_SET_MERCHANTCITY = 2327; { merNames.city }
701	CRYPT_CERTINFO_SET_MERCHANTSTATEPROVINCE = 2328; { merNames.stateProvince }
702	CRYPT_CERTINFO_SET_MERCHANTPOSTALCODE = 2329; { merNames.postalCode }
703	CRYPT_CERTINFO_SET_MERCHANTCOUNTRYNAME = 2330; { merNames.countryName }
704	CRYPT_CERTINFO_SET_MERCOUNTRY = 2331; { merCountry }
705	CRYPT_CERTINFO_SET_MERAUTHFLAG = 2332; { merAuthFlag }
706
707	{ 2 23 42 7 3 SET certCardRequired }
708	CRYPT_CERTINFO_SET_CERTCARDREQUIRED = 2333;
709
710	{ 2 23 42 7 4 SET tunneling }
711	CRYPT_CERTINFO_SET_TUNNELING = 2334;
712	CRYPT_CERTINFO_SET_TUNNELLING = 2334; { = CRYPT_CERTINFO_SET_TUNNELING }
713	CRYPT_CERTINFO_SET_TUNNELINGFLAG = 2335; { tunneling }
714	CRYPT_CERTINFO_SET_TUNNELLINGFLAG = 2335; { = CRYPT_CERTINFO_SET_TUNNELINGFLAG }
715	CRYPT_CERTINFO_SET_TUNNELINGALGID = 2336; { tunnelingAlgID }
716	CRYPT_CERTINFO_SET_TUNNELLINGALGID = 2336; { = CRYPT_CERTINFO_SET_TUNNELINGALGID }
717
718	{ S/MIME attributes }
719
720	{ 1 2 840 113549 1 9 3 contentType }
721	CRYPT_CERTINFO_CMS_CONTENTTYPE = 2500;
722
723	{ 1 2 840 113549 1 9 4 messageDigest }
724	CRYPT_CERTINFO_CMS_MESSAGEDIGEST = 2501;
725
726	{ 1 2 840 113549 1 9 5 signingTime }
727	CRYPT_CERTINFO_CMS_SIGNINGTIME = 2502;
728
729	{ 1 2 840 113549 1 9 6 counterSignature }
730	CRYPT_CERTINFO_CMS_COUNTERSIGNATURE = 2503; { counterSignature }
731
732	{ 1 2 840 113549 1 9 13 signingDescription }
733	CRYPT_CERTINFO_CMS_SIGNINGDESCRIPTION = 2504;
734
735	{ 1 2 840 113549 1 9 15 sMIMECapabilities }
736	CRYPT_CERTINFO_CMS_SMIMECAPABILITIES = 2505;
737	CRYPT_CERTINFO_CMS_SMIMECAP_3DES = 2506; { 3DES encryption }
738	CRYPT_CERTINFO_CMS_SMIMECAP_AES = 2507; { AES encryption }
739	CRYPT_CERTINFO_CMS_SMIMECAP_CAST128 = 2508; { CAST-128 encryption }
740	CRYPT_CERTINFO_CMS_SMIMECAP_IDEA = 2509; { IDEA encryption }
741	CRYPT_CERTINFO_CMS_SMIMECAP_RC2 = 2510; { RC2 encryption (w.128 key) }
742	CRYPT_CERTINFO_CMS_SMIMECAP_RC5 = 2511; { RC5 encryption (w.128 key) }
743	CRYPT_CERTINFO_CMS_SMIMECAP_SKIPJACK = 2512; { Skipjack encryption }
744	CRYPT_CERTINFO_CMS_SMIMECAP_DES = 2513; { DES encryption }
745	CRYPT_CERTINFO_CMS_SMIMECAP_PREFERSIGNEDDATA = 2514; { preferSignedData }
746	CRYPT_CERTINFO_CMS_SMIMECAP_CANNOTDECRYPTANY = 2515; { canNotDecryptAny }
747
748	{ 1 2 840 113549 1 9 16 2 1 receiptRequest }
749	CRYPT_CERTINFO_CMS_RECEIPTREQUEST = 2516;
750	CRYPT_CERTINFO_CMS_RECEIPT_CONTENTIDENTIFIER = 2517; { contentIdentifier }
751	CRYPT_CERTINFO_CMS_RECEIPT_FROM = 2518; { receiptsFrom }
752	CRYPT_CERTINFO_CMS_RECEIPT_TO = 2519; { receiptsTo }
753
754	{ 1 2 840 113549 1 9 16 2 2 essSecurityLabel }
755	CRYPT_CERTINFO_CMS_SECURITYLABEL = 2520;
756	CRYPT_CERTINFO_CMS_SECLABEL_CLASSIFICATION = 2521; { securityClassification }
757	CRYPT_CERTINFO_CMS_SECLABEL_POLICY = 2522; { securityPolicyIdentifier }
758	CRYPT_CERTINFO_CMS_SECLABEL_PRIVACYMARK = 2523; { privacyMark }
759	CRYPT_CERTINFO_CMS_SECLABEL_CATTYPE = 2524; { securityCategories.securityCategory.type }
760	CRYPT_CERTINFO_CMS_SECLABEL_CATVALUE = 2525; { securityCategories.securityCategory.value }
761
762	{ 1 2 840 113549 1 9 16 2 3 mlExpansionHistory }
763	CRYPT_CERTINFO_CMS_MLEXPANSIONHISTORY = 2526;
764	CRYPT_CERTINFO_CMS_MLEXP_ENTITYIDENTIFIER = 2527; { mlData.mailListIdentifier.issuerAndSerialNumber }
765	CRYPT_CERTINFO_CMS_MLEXP_TIME = 2528; { mlData.expansionTime }
766	CRYPT_CERTINFO_CMS_MLEXP_NONE = 2529; { mlData.mlReceiptPolicy.none }
767	CRYPT_CERTINFO_CMS_MLEXP_INSTEADOF = 2530; { mlData.mlReceiptPolicy.insteadOf.generalNames.generalName }
768	CRYPT_CERTINFO_CMS_MLEXP_INADDITIONTO = 2531; { mlData.mlReceiptPolicy.inAdditionTo.generalNames.generalName }
769
770	{ 1 2 840 113549 1 9 16 2 4 contentHints }
771	CRYPT_CERTINFO_CMS_CONTENTHINTS = 2532;
772	CRYPT_CERTINFO_CMS_CONTENTHINT_DESCRIPTION = 2533; { contentDescription }
773	CRYPT_CERTINFO_CMS_CONTENTHINT_TYPE = 2534; { contentType }
774
775	{ 1 2 840 113549 1 9 16 2 9 equivalentLabels }
776	CRYPT_CERTINFO_CMS_EQUIVALENTLABEL = 2535;
777	CRYPT_CERTINFO_CMS_EQVLABEL_POLICY = 2536; { securityPolicyIdentifier }
778	CRYPT_CERTINFO_CMS_EQVLABEL_CLASSIFICATION = 2537; { securityClassification }
779	CRYPT_CERTINFO_CMS_EQVLABEL_PRIVACYMARK = 2538; { privacyMark }
780	CRYPT_CERTINFO_CMS_EQVLABEL_CATTYPE = 2539; { securityCategories.securityCategory.type }
781	CRYPT_CERTINFO_CMS_EQVLABEL_CATVALUE = 2540; { securityCategories.securityCategory.value }
782
783	{ 1 2 840 113549 1 9 16 2 12 signingCertificate }
784	CRYPT_CERTINFO_CMS_SIGNINGCERTIFICATE = 2541;
785	CRYPT_CERTINFO_CMS_SIGNINGCERT_ESSCERTID = 2542; { certs.essCertID }
786	CRYPT_CERTINFO_CMS_SIGNINGCERT_POLICIES = 2543; { policies.policyInformation.policyIdentifier }
787
788	{ 1 2 840 113549 1 9 16 2 15 signaturePolicyID }
789	CRYPT_CERTINFO_CMS_SIGNATUREPOLICYID = 2544;
790	CRYPT_CERTINFO_CMS_SIGPOLICYID = 2545; { sigPolicyID }
791	CRYPT_CERTINFO_CMS_SIGPOLICYHASH = 2546; { sigPolicyHash }
792	CRYPT_CERTINFO_CMS_SIGPOLICY_CPSURI = 2547; { sigPolicyQualifiers.sigPolicyQualifier.cPSuri }
793	CRYPT_CERTINFO_CMS_SIGPOLICY_ORGANIZATION = 2548;
794	{ sigPolicyQualifiers.sigPolicyQualifier.userNotice.noticeRef.organization }
795	CRYPT_CERTINFO_CMS_SIGPOLICY_NOTICENUMBERS = 2549;
796	{ sigPolicyQualifiers.sigPolicyQualifier.userNotice.noticeRef.noticeNumbers }
797	CRYPT_CERTINFO_CMS_SIGPOLICY_EXPLICITTEXT = 2550;
798	{ sigPolicyQualifiers.sigPolicyQualifier.userNotice.explicitText }
799
800	{ 1 2 840 113549 1 9 16 9 signatureTypeIdentifier }
801	CRYPT_CERTINFO_CMS_SIGTYPEIDENTIFIER = 2551;
802	CRYPT_CERTINFO_CMS_SIGTYPEID_ORIGINATORSIG = 2552; { originatorSig }
803	CRYPT_CERTINFO_CMS_SIGTYPEID_DOMAINSIG = 2553; { domainSig }
804	CRYPT_CERTINFO_CMS_SIGTYPEID_ADDITIONALATTRIBUTES = 2554; { additionalAttributesSig }
805	CRYPT_CERTINFO_CMS_SIGTYPEID_REVIEWSIG = 2555; { reviewSig }
806
807	{ 1 2 840 113549 1 9 25 3 randomNonce }
808	CRYPT_CERTINFO_CMS_NONCE = 2556; { randomNonce }
809
810	{ SCEP attributes:
811	2 16 840 1 113733 1 9 2 messageType
812	2 16 840 1 113733 1 9 3 pkiStatus
813	2 16 840 1 113733 1 9 4 failInfo
814	2 16 840 1 113733 1 9 5 senderNonce
815	2 16 840 1 113733 1 9 6 recipientNonce
816	2 16 840 1 113733 1 9 7 transID }
817	CRYPT_CERTINFO_SCEP_MESSAGETYPE = 2557; { messageType }
818	CRYPT_CERTINFO_SCEP_PKISTATUS = 2558; { pkiStatus }
819	CRYPT_CERTINFO_SCEP_FAILINFO = 2559; { failInfo }
820	CRYPT_CERTINFO_SCEP_SENDERNONCE = 2560; { senderNonce }
821	CRYPT_CERTINFO_SCEP_RECIPIENTNONCE = 2561; { recipientNonce }
822	CRYPT_CERTINFO_SCEP_TRANSACTIONID = 2562; { transID }
823
824	{ 1 3 6 1 4 1 311 2 1 10 spcAgencyInfo }
825	CRYPT_CERTINFO_CMS_SPCAGENCYINFO = 2563;
826	CRYPT_CERTINFO_CMS_SPCAGENCYURL = 2564; { spcAgencyInfo.url }
827
828	{ 1 3 6 1 4 1 311 2 1 11 spcStatementType }
829	CRYPT_CERTINFO_CMS_SPCSTATEMENTTYPE = 2565;
830	CRYPT_CERTINFO_CMS_SPCSTMT_INDIVIDUALCODESIGNING = 2566; { individualCodeSigning }
831	CRYPT_CERTINFO_CMS_SPCSTMT_COMMERCIALCODESIGNING = 2567; { commercialCodeSigning }
832
833	{ 1 3 6 1 4 1 311 2 1 12 spcOpusInfo }
834	CRYPT_CERTINFO_CMS_SPCOPUSINFO = 2568;
835	CRYPT_CERTINFO_CMS_SPCOPUSINFO_NAME = 2569; { spcOpusInfo.name }
836	CRYPT_CERTINFO_CMS_SPCOPUSINFO_URL = 2570; { spcOpusInfo.url }
837
838	{ Used internally }
839	CRYPT_CERTINFO_LAST = 2571; CRYPT_KEYINFO_FIRST = 3000;
840
841	{*******************}
842	{ Keyset attributes }
843	{*******************}
844
845	CRYPT_KEYINFO_QUERY = 3001; { Keyset query }
846	CRYPT_KEYINFO_QUERY_REQUESTS = 3002; { Query of requests in cert store }
847
848	{ Used internally }
849	CRYPT_KEYINFO_LAST = 3003; CRYPT_DEVINFO_FIRST = 4000;
850
851	{*******************}
852	{ Device attributes }
853	{*******************}
854
855	CRYPT_DEVINFO_INITIALISE = 4001; { Initialise device for use }
856	CRYPT_DEVINFO_INITIALIZE = 4001; { = CRYPT_DEVINFO_INITIALISE }
857	CRYPT_DEVINFO_AUTHENT_USER = 4002; { Authenticate user to device }
858	CRYPT_DEVINFO_AUTHENT_SUPERVISOR = 4003; { Authenticate supervisor to dev.}
859	CRYPT_DEVINFO_SET_AUTHENT_USER = 4004; { Set user authent.value }
860	CRYPT_DEVINFO_SET_AUTHENT_SUPERVISOR = 4005; { Set supervisor auth.val.}
861	CRYPT_DEVINFO_ZEROISE = 4006; { Zeroise device }
862	CRYPT_DEVINFO_ZEROIZE = 4006; { = CRYPT_DEVINFO_ZEROISE }
863	CRYPT_DEVINFO_LOGGEDIN = 4007; { Whether user is logged in }
864	CRYPT_DEVINFO_LABEL = 4008; { Device/token label }
865
866	{ Used internally }
867	CRYPT_DEVINFO_LAST = 4009; CRYPT_ENVINFO_FIRST = 5000;
868
869	{*********************}
870	{ Envelope attributes }
871	{*********************}
872
873	{ Pseudo-information on an envelope or meta-information which is used to
874	control the way that data in an envelope is processed }
875	CRYPT_ENVINFO_DATASIZE = 5001; { Data size information }
876	CRYPT_ENVINFO_COMPRESSION = 5002; { Compression information }
877	CRYPT_ENVINFO_CONTENTTYPE = 5003; { Inner CMS content type }
878	CRYPT_ENVINFO_DETACHEDSIGNATURE = 5004; { Generate CMS detached signature }
879	CRYPT_ENVINFO_SIGNATURE_RESULT = 5005; { Signature check result }
880	CRYPT_ENVINFO_MAC = 5006; { Use MAC instead of encrypting }
881
882	{ Resources required for enveloping/deenveloping }
883	CRYPT_ENVINFO_PASSWORD = 5007; { User password }
884	CRYPT_ENVINFO_KEY = 5008; { Conventional encryption key }
885	CRYPT_ENVINFO_SIGNATURE = 5009; { Signature/signature check key }
886	CRYPT_ENVINFO_SIGNATURE_EXTRADATA = 5010; { Extra information added to CMS sigs }
887	CRYPT_ENVINFO_RECIPIENT = 5011; { Recipient email address }
888	CRYPT_ENVINFO_PUBLICKEY = 5012; { PKC encryption key }
889	CRYPT_ENVINFO_PRIVATEKEY = 5013; { PKC decryption key }
890	CRYPT_ENVINFO_PRIVATEKEY_LABEL = 5014; { Label of PKC decryption key }
891	CRYPT_ENVINFO_ORIGINATOR = 5015; { Originator info/key }
892	CRYPT_ENVINFO_SESSIONKEY = 5016; { Session key }
893	CRYPT_ENVINFO_HASH = 5017; { Hash value }
894	CRYPT_ENVINFO_TIMESTAMP = 5018; { Timestamp information }
895
896	{ Keysets used to retrieve keys needed for enveloping/deenveloping }
897	CRYPT_ENVINFO_KEYSET_SIGCHECK = 5019; { Signature check keyset }
898	CRYPT_ENVINFO_KEYSET_ENCRYPT = 5020; { PKC encryption keyset }
899	CRYPT_ENVINFO_KEYSET_DECRYPT = 5021; { PKC decryption keyset }
900
901	{ Used internally }
902	CRYPT_ENVINFO_LAST = 5022; CRYPT_SESSINFO_FIRST = 6000;
903
904	{********************}
905	{ Session attributes }
906	{********************}
907
908	{ Pseudo-information on a session or meta-information which is used to
909	control the way that a session is managed }
910
911	{ Pseudo-information about the session }
912	CRYPT_SESSINFO_ACTIVE = 6001; { Whether session is active }
913	CRYPT_SESSINFO_CONNECTIONACTIVE = 6002; { Whether network connection is active }
914
915	{ Security-related information }
916	CRYPT_SESSINFO_USERNAME = 6003; { User name }
917	CRYPT_SESSINFO_PASSWORD = 6004; { Password }
918	CRYPT_SESSINFO_PRIVATEKEY = 6005; { Server/client private key }
919	CRYPT_SESSINFO_KEYSET = 6006; { Certificate store }
920	CRYPT_SESSINFO_AUTHRESPONSE = 6007; { Session authorisation OK }
921
922	{ Client/server information }
923	CRYPT_SESSINFO_SERVER_NAME = 6008; { Server name }
924	CRYPT_SESSINFO_SERVER_PORT = 6009; { Server port number }
925	CRYPT_SESSINFO_SERVER_FINGERPRINT = 6010; { Server key fingerprint }
926	CRYPT_SESSINFO_CLIENT_NAME = 6011; { Client name }
927	CRYPT_SESSINFO_CLIENT_PORT = 6012; { Client port number }
928	CRYPT_SESSINFO_SESSION = 6013; { Transport mechanism }
929	CRYPT_SESSINFO_NETWORKSOCKET = 6014; { User-supplied network socket }
930
931	{ Generic protocol-related information }
932	CRYPT_SESSINFO_VERSION = 6015; { Protocol version }
933	CRYPT_SESSINFO_REQUEST = 6016; { Cert.request object }
934	CRYPT_SESSINFO_RESPONSE = 6017; { Cert.response object }
935	CRYPT_SESSINFO_CACERTIFICATE = 6018; { Issuing CA certificate }
936
937	{ Protocol-specific information }
938	CRYPT_SESSINFO_TSP_MSGIMPRINT = 6019; { TSP message imprint }
939	CRYPT_SESSINFO_CMP_REQUESTTYPE = 6020; { Request type }
940	CRYPT_SESSINFO_CMP_PKIBOOT = 6021; { Enable PKIBoot facility }
941	CRYPT_SESSINFO_CMP_PRIVKEYSET = 6022; { Private-key keyset }
942	CRYPT_SESSINFO_SSH_CHANNEL = 6023; { SSH current channel }
943	CRYPT_SESSINFO_SSH_CHANNEL_TYPE = 6024; { SSH channel type }
944	CRYPT_SESSINFO_SSH_CHANNEL_ARG1 = 6025; { SSH channel argument 1 }
945	CRYPT_SESSINFO_SSH_CHANNEL_ARG2 = 6026; { SSH channel argument 2 }
946	CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE = 6027; { SSH channel active }
947
948	{ Used internally }
949	CRYPT_SESSINFO_LAST = 6028; CRYPT_USERINFO_FIRST = 7000;
950
951	{********************}
952	{ User attributes }
953	{********************}
954
955	{ Security-related information }
956	CRYPT_USERINFO_PASSWORD = 7001; { Password }
957
958	{ User role-related information }
959	CRYPT_USERINFO_CAKEY_CERTSIGN = 7002; { CA cert signing key }
960	CRYPT_USERINFO_CAKEY_CRLSIGN = 7003; { CA CRL signing key }
961	CRYPT_USERINFO_CAKEY_RTCSSIGN = 7004; { CA RTCS signing key }
962	CRYPT_USERINFO_CAKEY_OCSPSIGN = 7005; { CA OCSP signing key }
963
964	{ Used internally for range checking }
965	CRYPT_USERINFO_LAST = 7006; CRYPT_ATTRIBUTE_LAST = 7006; { = CRYPT_USERINFO_LAST }
966
967
968
969
970
971	{****************************************************************************
972	* *
973	* Attribute Subtypes and Related Values *
974	* *
975	****************************************************************************}
976
977	{ Flags for the X.509 keyUsage extension }
978
979	CRYPT_KEYUSAGE_NONE = $000;
980	CRYPT_KEYUSAGE_DIGITALSIGNATURE = $001;
981	CRYPT_KEYUSAGE_NONREPUDIATION = $002;
982	CRYPT_KEYUSAGE_KEYENCIPHERMENT = $004;
983	CRYPT_KEYUSAGE_DATAENCIPHERMENT = $008;
984	CRYPT_KEYUSAGE_KEYAGREEMENT = $010;
985	CRYPT_KEYUSAGE_KEYCERTSIGN = $020;
986	CRYPT_KEYUSAGE_CRLSIGN = $040;
987	CRYPT_KEYUSAGE_ENCIPHERONLY = $080;
988	CRYPT_KEYUSAGE_DECIPHERONLY = $100;
989	CRYPT_KEYUSAGE_LAST = $200; { Last possible value }
990
991	{ X.509 cRLReason and cryptlib cRLExtReason codes }
992
993
994	CRYPT_CRLREASON_UNSPECIFIED = 0;
995	CRYPT_CRLREASON_KEYCOMPROMISE = 1;
996	CRYPT_CRLREASON_CACOMPROMISE = 2;
997	CRYPT_CRLREASON_AFFILIATIONCHANGED = 3;
998	CRYPT_CRLREASON_SUPERSEDED = 4;
999	CRYPT_CRLREASON_CESSATIONOFOPERATION = 5;
1000	CRYPT_CRLREASON_CERTIFICATEHOLD = 6;
1001	CRYPT_CRLREASON_REMOVEFROMCRL = 8;
1002	CRYPT_CRLREASON_PRIVILEGEWITHDRAWN = 9;
1003	CRYPT_CRLREASON_AACOMPROMISE = 10;
1004	CRYPT_CRLREASON_LAST = 11;
1005	{ End of standard CRL reasons }
1006	CRYPT_CRLREASON_NEVERVALID = 20;
1007	CRYPT_CRLEXTREASON_LAST = 21;
1008
1009
1010
1011	{ X.509 CRL reason flags. These identify the same thing as the cRLReason
1012	codes but allow for multiple reasons to be specified. Note that these
1013	don't follow the X.509 naming since in that scheme the enumerated types
1014	and bitflags have the same names }
1015
1016	CRYPT_CRLREASONFLAG_UNUSED = $001;
1017	CRYPT_CRLREASONFLAG_KEYCOMPROMISE = $002;
1018	CRYPT_CRLREASONFLAG_CACOMPROMISE = $004;
1019	CRYPT_CRLREASONFLAG_AFFILIATIONCHANGED = $008;
1020	CRYPT_CRLREASONFLAG_SUPERSEDED = $010;
1021	CRYPT_CRLREASONFLAG_CESSATIONOFOPERATION = $020;
1022	CRYPT_CRLREASONFLAG_CERTIFICATEHOLD = $040;
1023	CRYPT_CRLREASONFLAG_LAST = $080; { Last poss.value }
1024
1025	{ X.509 CRL holdInstruction codes }
1026
1027
1028	CRYPT_HOLDINSTRUCTION_NONE = 0;
1029	CRYPT_HOLDINSTRUCTION_CALLISSUER = 1;
1030	CRYPT_HOLDINSTRUCTION_REJECT = 2;
1031	CRYPT_HOLDINSTRUCTION_PICKUPTOKEN = 3;
1032	CRYPT_HOLDINSTRUCTION_LAST = 4;
1033
1034
1035
1036	{ Certificate checking compliance levels }
1037
1038
1039	CRYPT_COMPLIANCELEVEL_OBLIVIOUS = 0;
1040	CRYPT_COMPLIANCELEVEL_REDUCED = 1;
1041	CRYPT_COMPLIANCELEVEL_STANDARD = 2;
1042	CRYPT_COMPLIANCELEVEL_PKIX_PARTIAL = 3;
1043	CRYPT_COMPLIANCELEVEL_PKIX_FULL = 4;
1044	CRYPT_COMPLIANCELEVEL_LAST = 5;
1045
1046
1047
1048	{ Flags for the Netscape netscape-cert-type extension }
1049
1050	CRYPT_NS_CERTTYPE_SSLCLIENT = $001;
1051	CRYPT_NS_CERTTYPE_SSLSERVER = $002;
1052	CRYPT_NS_CERTTYPE_SMIME = $004;
1053	CRYPT_NS_CERTTYPE_OBJECTSIGNING = $008;
1054	CRYPT_NS_CERTTYPE_RESERVED = $010;
1055	CRYPT_NS_CERTTYPE_SSLCA = $020;
1056	CRYPT_NS_CERTTYPE_SMIMECA = $040;
1057	CRYPT_NS_CERTTYPE_OBJECTSIGNINGCA = $080;
1058	CRYPT_NS_CERTTYPE_LAST = $100; { Last possible value }
1059
1060	{ Flags for the SET certificate-type extension }
1061
1062	CRYPT_SET_CERTTYPE_CARD = $001;
1063	CRYPT_SET_CERTTYPE_MER = $002;
1064	CRYPT_SET_CERTTYPE_PGWY = $004;
1065	CRYPT_SET_CERTTYPE_CCA = $008;
1066	CRYPT_SET_CERTTYPE_MCA = $010;
1067	CRYPT_SET_CERTTYPE_PCA = $020;
1068	CRYPT_SET_CERTTYPE_GCA = $040;
1069	CRYPT_SET_CERTTYPE_BCA = $080;
1070	CRYPT_SET_CERTTYPE_RCA = $100;
1071	CRYPT_SET_CERTTYPE_ACQ = $200;
1072	CRYPT_SET_CERTTYPE_LAST = $400; { Last possible value }
1073
1074	{ CMS contentType values }
1075
1076
1077	type
1078	CRYPT_CONTENT_TYPE = ( CRYPT_CONTENT_NONE, CRYPT_CONTENT_DATA,
1079	CRYPT_CONTENT_SIGNEDDATA, CRYPT_CONTENT_ENVELOPEDDATA,
1080	CRYPT_CONTENT_SIGNEDANDENVELOPEDDATA,
1081	CRYPT_CONTENT_DIGESTEDDATA, CRYPT_CONTENT_ENCRYPTEDDATA,
1082	CRYPT_CONTENT_COMPRESSEDDATA, CRYPT_CONTENT_TSTINFO,
1083	CRYPT_CONTENT_SPCINDIRECTDATACONTEXT,
1084	CRYPT_CONTENT_RTCSREQUEST, CRYPT_CONTENT_RTCSRESPONSE,
1085	CRYPT_CONTENT_RTCSRESPONSE_EXT, CRYPT_CONTENT_LAST
1086
1087	);
1088
1089	{ ESS securityClassification codes }
1090
1091
1092
1093	const
1094	CRYPT_CLASSIFICATION_UNMARKED = 0;
1095	CRYPT_CLASSIFICATION_UNCLASSIFIED = 1;
1096	CRYPT_CLASSIFICATION_RESTRICTED = 2;
1097	CRYPT_CLASSIFICATION_CONFIDENTIAL = 3;
1098	CRYPT_CLASSIFICATION_SECRET = 4;
1099	CRYPT_CLASSIFICATION_TOP_SECRET = 5;
1100	CRYPT_CLASSIFICATION_LAST = 255 ;
1101
1102
1103
1104	{ RTCS certificate status }
1105
1106
1107	CRYPT_CERTSTATUS_VALID = 0;
1108	CRYPT_CERTSTATUS_NOTVALID = 1;
1109	CRYPT_CERTSTATUS_NONAUTHORITATIVE = 2;
1110	CRYPT_CERTSTATUS_UNKNOWN = 3;
1111
1112
1113
1114	{ OCSP revocation status }
1115
1116
1117	CRYPT_OCSPSTATUS_NOTREVOKED = 0;
1118	CRYPT_OCSPSTATUS_REVOKED = 1;
1119	CRYPT_OCSPSTATUS_UNKNOWN = 2;
1120
1121
1122
1123	{ The amount of detail to include in signatures when signing certificate
1124	objects }
1125
1126
1127	type
1128	CRYPT_SIGNATURELEVEL_TYPE = (
1129	CRYPT_SIGNATURELEVEL_NONE, { Include only signature }
1130	CRYPT_SIGNATURELEVEL_SIGNERCERT,{ Include signer cert }
1131	CRYPT_SIGNATURELEVEL_ALL, { Include all relevant info }
1132	CRYPT_SIGNATURELEVEL_LAST { Last possible sig.level type }
1133
1134	);
1135
1136	{ The certificate export format type, which defines the format in which a
1137	certificate object is exported }
1138
1139	CRYPT_CERTFORMAT_TYPE = (
1140	CRYPT_CERTFORMAT_NONE, { No certificate format }
1141	CRYPT_CERTFORMAT_CERTIFICATE, { DER-encoded certificate }
1142	CRYPT_CERTFORMAT_CERTCHAIN, { PKCS #7 certificate chain }
1143	CRYPT_CERTFORMAT_TEXT_CERTIFICATE, { base-64 wrapped cert }
1144	CRYPT_CERTFORMAT_TEXT_CERTCHAIN, { base-64 wrapped cert chain }
1145	CRYPT_CERTFORMAT_XML_CERTIFICATE, { XML wrapped cert }
1146	CRYPT_CERTFORMAT_XML_CERTCHAIN, { XML wrapped cert chain }
1147	CRYPT_CERTFORMAT_LAST { Last possible cert.format type }
1148
1149	);
1150
1151	{ CMP request types }
1152
1153	CRYPT_REQUESTTYPE_TYPE = (
1154	CRYPT_REQUESTTYPE_NONE, { No request type }
1155	CRYPT_REQUESTTYPE_INITIALISATION, { Initialisation request }
1156	CRYPT_REQUESTTYPE_CERTIFICATE, { Certification request }
1157	CRYPT_REQUESTTYPE_KEYUPDATE, { Key update request }
1158	CRYPT_REQUESTTYPE_REVOCATION, { Cert revocation request }
1159	CRYPT_REQUESTTYPE_PKIBOOT, { PKIBoot request }
1160	CRYPT_REQUESTTYPE_LAST { Last possible request type }
1161
1162	);
1163
1164	const
1165	CRYPT_REQUESTTYPE_INITIALIZATION: CRYPT_REQUESTTYPE_TYPE = CRYPT_REQUESTTYPE_INITIALISATION;
1166
1167	{ Key ID types }
1168
1169
1170	type
1171	CRYPT_KEYID_TYPE = (
1172	CRYPT_KEYID_NONE, { No key ID type }
1173	CRYPT_KEYID_NAME, { Key owner name }
1174	CRYPT_KEYID_URI, { Key owner URI } { Synonym: owner email addr.}
1175	CRYPT_KEYID_LAST { Last possible key ID type }
1176
1177	);
1178
1179	const
1180	CRYPT_KEYID_EMAIL: CRYPT_KEYID_TYPE = CRYPT_KEYID_URI;
1181
1182	{ The encryption object types }
1183
1184
1185	type
1186	CRYPT_OBJECT_TYPE = (
1187	CRYPT_OBJECT_NONE, { No object type }
1188	CRYPT_OBJECT_ENCRYPTED_KEY, { Conventionally encrypted key }
1189	CRYPT_OBJECT_PKCENCRYPTED_KEY, { PKC-encrypted key }
1190	CRYPT_OBJECT_KEYAGREEMENT, { Key agreement information }
1191	CRYPT_OBJECT_SIGNATURE, { Signature }
1192	CRYPT_OBJECT_LAST { Last possible object type }
1193
1194	);
1195
1196	{ Object/attribute error type information }
1197
1198	CRYPT_ERRTYPE_TYPE = (
1199	CRYPT_ERRTYPE_NONE, { No error information }
1200	CRYPT_ERRTYPE_ATTR_SIZE, { Attribute data too small or large }
1201	CRYPT_ERRTYPE_ATTR_VALUE, { Attribute value is invalid }
1202	CRYPT_ERRTYPE_ATTR_ABSENT, { Required attribute missing }
1203	CRYPT_ERRTYPE_ATTR_PRESENT, { Non-allowed attribute present }
1204	CRYPT_ERRTYPE_CONSTRAINT, { Cert: Constraint violation in object }
1205	CRYPT_ERRTYPE_ISSUERCONSTRAINT, { Cert: Constraint viol.in issuing cert }
1206	CRYPT_ERRTYPE_LAST { Last possible error info type }
1207
1208	);
1209
1210	{ Cert store management action type }
1211
1212	CRYPT_CERTACTION_TYPE = (
1213	CRYPT_CERTACTION_NONE, { No cert management action }
1214	CRYPT_CERTACTION_CREATE, { Create cert store }
1215	CRYPT_CERTACTION_CONNECT, { Connect to cert store }
1216	CRYPT_CERTACTION_DISCONNECT, { Disconnect from cert store }
1217	CRYPT_CERTACTION_ERROR, { Error information }
1218	CRYPT_CERTACTION_ADDUSER, { Add PKI user }
1219	CRYPT_CERTACTION_DELETEUSER, { Delete PKI user }
1220	CRYPT_CERTACTION_REQUEST_CERT, { Cert request }
1221	CRYPT_CERTACTION_REQUEST_RENEWAL,{ Cert renewal request }
1222	CRYPT_CERTACTION_REQUEST_REVOCATION,{ Cert revocation request }
1223	CRYPT_CERTACTION_CERT_CREATION, { Cert creation }
1224	CRYPT_CERTACTION_CERT_CREATION_COMPLETE,{ Confirmation of cert creation }
1225	CRYPT_CERTACTION_CERT_CREATION_DROP, { Cancellation of cert creation }
1226	CRYPT_CERTACTION_CERT_CREATION_REVERSE, { Cancel of creation w.revocation }
1227	CRYPT_CERTACTION_RESTART_CLEANUP, { Delete reqs after restart }
1228	CRYPT_CERTACTION_RESTART_REVOKE_CERT, { Complete revocation after restart }
1229	CRYPT_CERTACTION_ISSUE_CERT, { Cert issue }
1230	CRYPT_CERTACTION_ISSUE_CRL, { CRL issue }
1231	CRYPT_CERTACTION_REVOKE_CERT, { Cert revocation }
1232	CRYPT_CERTACTION_EXPIRE_CERT, { Cert expiry }
1233	CRYPT_CERTACTION_CLEANUP, { Clean up on restart }
1234	CRYPT_CERTACTION_LAST { Last possible cert store log action }
1235
1236	);
1237
1238	{****************************************************************************
1239	* *
1240	* General Constants *
1241	* *
1242	****************************************************************************}
1243
1244	{ The maximum user key size - 2048 bits }
1245
1246
1247	const
1248	CRYPT_MAX_KEYSIZE = 256;
1249
1250	{ The maximum IV size - 256 bits }
1251
1252	CRYPT_MAX_IVSIZE = 32;
1253
1254	{ The maximum public-key component size - 4096 bits }
1255
1256	CRYPT_MAX_PKCSIZE = 512;
1257
1258	{ The maximum hash size - 256 bits }
1259
1260	CRYPT_MAX_HASHSIZE = 32;
1261
1262	{ The maximum size of a text string (e.g.key owner name) }
1263
1264	CRYPT_MAX_TEXTSIZE = 64;
1265
1266	{ A magic value indicating that the default setting for this parameter
1267	should be used }
1268
1269	CRYPT_USE_DEFAULT = -10;
1270
1271	{ A magic value for unused parameters }
1272
1273	CRYPT_UNUSED = -11;
1274
1275	{ Whether the PKC key is a public or private key }
1276
1277	CRYPT_KEYTYPE_PRIVATE = 0;
1278	CRYPT_KEYTYPE_PUBLIC = 1;
1279
1280	{ The type of information polling to perform to get random seed information }
1281
1282	CRYPT_RANDOM_FASTPOLL = -10;
1283	CRYPT_RANDOM_SLOWPOLL = -11;
1284
1285	{ Cursor positioning codes for certificate/CRL extensions }
1286
1287	CRYPT_CURSOR_FIRST = -20;
1288	CRYPT_CURSOR_PREVIOUS = -21;
1289	CRYPT_CURSOR_NEXT = -22;
1290	CRYPT_CURSOR_LAST = -23;
1291
1292	{ Keyset open options }
1293
1294
1295	type
1296	CRYPT_KEYOPT_TYPE = (
1297	CRYPT_KEYOPT_NONE, { No options }
1298	CRYPT_KEYOPT_READONLY, { Open keyset in read-only mode }
1299	CRYPT_KEYOPT_CREATE, { Create a new keyset }
1300	CRYPT_KEYOPT_LAST { Last possible key option type }
1301
1302	);
1303
1304	{ The various cryptlib objects - these are just integer handles }
1305
1306	CRYPT_CERTIFICATE = Integer;
1307	CRYPT_CONTEXT = Integer;
1308	CRYPT_DEVICE = Integer;
1309	CRYPT_ENVELOPE = Integer;
1310	CRYPT_KEYSET = Integer;
1311	CRYPT_SESSION = Integer;
1312	CRYPT_USER = Integer;
1313
1314	{ Sometimes we don't know the exact type of a cryptlib object, so we use a
1315	generic handle type to identify it }
1316
1317	CRYPT_HANDLE = Integer;
1318
1319	{****************************************************************************
1320	* *
1321	* Encryption Data Structures *
1322	* *
1323	****************************************************************************}
1324
1325	{ Results returned from the capability query }
1326
1327	CRYPT_QUERY_INFO = record
1328	{ Algorithm information }
1329	algoName: array[0 .. CRYPT_MAX_TEXTSIZE-1] of char;{ Algorithm name }
1330	blockSize: Integer; { Block size of the algorithm }
1331	minKeySize: Integer; { Minimum key size in bytes }
1332	keySize: Integer; { Recommended key size in bytes }
1333	maxKeySize: Integer; { Maximum key size in bytes }
1334
1335
1336	end;
1337
1338	{ Results returned from the encoded object query. These provide
1339	information on the objects created by cryptExportKey()/
1340	cryptCreateSignature() }
1341
1342	CRYPT_OBJECT_INFO = record
1343	{ The object type }
1344	objectType: CRYPT_OBJECT_TYPE;
1345
1346	{ The encryption algorithm and mode }
1347	cryptAlgo: CRYPT_ALGO_TYPE;
1348	cryptMode: CRYPT_MODE_TYPE;
1349
1350	{ The hash algorithm for Signature objects }
1351	hashAlgo: CRYPT_ALGO_TYPE;
1352
1353	{ The salt for derived keys }
1354	salt: array[0 .. CRYPT_MAX_HASHSIZE-1] of byte;
1355	saltSize: Integer;
1356
1357
1358	end;
1359
1360	{ Key information for the public-key encryption algorithms. These fields
1361	are not accessed directly, but can be manipulated with the init/set/
1362	destroyComponents() macros }
1363
1364	CRYPT_PKCINFO_RSA = record
1365	{ Status information }
1366	isPublicKey: Integer; { Whether this is a public or private key }
1367
1368	{ Public components }
1369	n: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Modulus }
1370	nLen: Integer; { Length of modulus in bits }
1371	e: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Public exponent }
1372	eLen: Integer; { Length of public exponent in bits }
1373
1374	{ Private components }
1375	d: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Private exponent }
1376	dLen: Integer; { Length of private exponent in bits }
1377	p: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Prime factor 1 }
1378	pLen: Integer; { Length of prime factor 1 in bits }
1379	q: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Prime factor 2 }
1380	qLen: Integer; { Length of prime factor 2 in bits }
1381	u: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Mult.inverse of q, mod p }
1382	uLen: Integer; { Length of private exponent in bits }
1383	e1: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Private exponent 1 (PKCS) }
1384	e1Len: Integer; { Length of private exponent in bits }
1385	e2: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Private exponent 2 (PKCS) }
1386	e2Len: Integer; { Length of private exponent in bits }
1387
1388
1389	end;
1390
1391	CRYPT_PKCINFO_DLP = record
1392	{ Status information }
1393	isPublicKey: Integer; { Whether this is a public or private key }
1394
1395	{ Public components }
1396	p: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Prime modulus }
1397	pLen: Integer; { Length of prime modulus in bits }
1398	q: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Prime divisor }
1399	qLen: Integer; { Length of prime divisor in bits }
1400	g: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { h^( ( p - 1 ) / q ) mod p }
1401	gLen: Integer; { Length of g in bits }
1402	y: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Public random integer }
1403	yLen: Integer; { Length of public integer in bits }
1404
1405	{ Private components }
1406	x: array[0 .. CRYPT_MAX_PKCSIZE-1] of byte; { Private random integer }
1407	xLen: Integer; { Length of private integer in bits }
1408
1409
1410	end;
1411
1412	{ Macros to initialise and destroy the structure that stores the components
1413	of a public key }
1414	{ C-macro not translated to Delphi code:
1415	#define cryptInitComponents( componentInfo, componentKeyType )
1416	< memset( ( componentInfo ), 0, sizeof( *componentInfo ) );
1417	( componentInfo )->isPublicKey = ( ( componentKeyType ) ? 1 : 0 ); > }
1418
1419	{ C-macro not translated to Delphi code:
1420	#define cryptDestroyComponents( componentInfo )
1421	memset( ( componentInfo ), 0, sizeof( *componentInfo ) ) }
1422
1423	{ Macros to set a component of a public key }
1424
1425	{ C-macro not translated to Delphi code:
1426	#define cryptSetComponent( destination, source, length )
1427	< memcpy( ( destination ), ( source ), ( ( length ) + 7 ) >> 3 );
1428	( destination##Len ) = length; > }
1429
1430	{****************************************************************************
1431	* *
1432	* Status Codes *
1433	* *
1434	****************************************************************************}
1435
1436	{ No error in function call }
1437
1438
1439	const
1440	CRYPT_OK = 0; { No error }
1441
1442	{ Error in parameters passed to function }
1443
1444	CRYPT_ERROR_PARAM1 = -1; { Bad argument, parameter 1 }
1445	CRYPT_ERROR_PARAM2 = -2; { Bad argument, parameter 2 }
1446	CRYPT_ERROR_PARAM3 = -3; { Bad argument, parameter 3 }
1447	CRYPT_ERROR_PARAM4 = -4; { Bad argument, parameter 4 }
1448	CRYPT_ERROR_PARAM5 = -5; { Bad argument, parameter 5 }
1449	CRYPT_ERROR_PARAM6 = -6; { Bad argument, parameter 6 }
1450	CRYPT_ERROR_PARAM7 = -7; { Bad argument, parameter 7 }
1451
1452	{ Errors due to insufficient resources }
1453
1454	CRYPT_ERROR_MEMORY = -10; { Out of memory }
1455	CRYPT_ERROR_NOTINITED = -11; { Data has not been initialised }
1456	CRYPT_ERROR_INITED = -12; { Data has already been init'd }
1457	CRYPT_ERROR_NOSECURE = -13; { Opn.not avail.at requested sec.level }
1458	CRYPT_ERROR_RANDOM = -14; { No reliable random data available }
1459	CRYPT_ERROR_FAILED = -15; { Operation failed }
1460
1461	{ Security violations }
1462
1463	CRYPT_ERROR_NOTAVAIL = -20; { This type of opn.not available }
1464	CRYPT_ERROR_PERMISSION = -21; { No permiss.to perform this operation }
1465	CRYPT_ERROR_WRONGKEY = -22; { Incorrect key used to decrypt data }
1466	CRYPT_ERROR_INCOMPLETE = -23; { Operation incomplete/still in progress }
1467	CRYPT_ERROR_COMPLETE = -24; { Operation complete/can't continue }
1468	CRYPT_ERROR_TIMEOUT = -25; { Operation timed out before completion }
1469	CRYPT_ERROR_INVALID = -26; { Invalid/inconsistent information }
1470	CRYPT_ERROR_SIGNALLED = -27; { Resource destroyed by extnl.event }
1471
1472	{ High-level function errors }
1473
1474	CRYPT_ERROR_OVERFLOW = -30; { Resources/space exhausted }
1475	CRYPT_ERROR_UNDERFLOW = -31; { Not enough data available }
1476	CRYPT_ERROR_BADDATA = -32; { Bad/unrecognised data format }
1477	CRYPT_ERROR_SIGNATURE = -33; { Signature/integrity check failed }
1478
1479	{ Data access function errors }
1480
1481	CRYPT_ERROR_OPEN = -40; { Cannot open object }
1482	CRYPT_ERROR_READ = -41; { Cannot read item from object }
1483	CRYPT_ERROR_WRITE = -42; { Cannot write item to object }
1484	CRYPT_ERROR_NOTFOUND = -43; { Requested item not found in object }
1485	CRYPT_ERROR_DUPLICATE = -44; { Item already present in object }
1486
1487	{ Data enveloping errors }
1488
1489	CRYPT_ENVELOPE_RESOURCE = -50; { Need resource to proceed }
1490
1491	{ Macros to examine return values }
1492
1493	{ C-macro not translated to Delphi code:
1494	#define cryptStatusError( status ) ( ( status ) < CRYPT_OK ) }
1495	{ C-macro not translated to Delphi code:
1496	#define cryptStatusOK( status ) ( ( status ) == CRYPT_OK ) }
1497
1498	{****************************************************************************
1499	* *
1500	* General Functions *
1501	* *
1502	****************************************************************************}
1503
1504	{ The following is necessary to stop C++ name mangling }
1505
1506
1507	{ Initialise and shut down cryptlib }
1508
1509	function cryptInit: Integer;
1510	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1511
1512
1513	function cryptEnd: Integer;
1514	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1515
1516
1517
1518	{ Query cryptlibs capabilities }
1519
1520	function cryptQueryCapability( const cryptAlgo: CRYPT_ALGO_TYPE;
1521	var cryptQueryInfo: CRYPT_QUERY_INFO ): Integer;
1522	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1523
1524
1525	{ Create and destroy an encryption context }
1526
1527	function cryptCreateContext( var cryptContext: CRYPT_CONTEXT;
1528	const cryptUser: CRYPT_USER;
1529	const cryptAlgo: CRYPT_ALGO_TYPE ): Integer;
1530	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1531
1532	function cryptDestroyContext( const cryptContext: CRYPT_CONTEXT ): Integer;
1533	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1534
1535
1536	{ Generic "destroy an object" function }
1537
1538	function cryptDestroyObject( const cryptObject: CRYPT_HANDLE ): Integer;
1539	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1540
1541
1542	{ Generate a key into a context }
1543
1544	function cryptGenerateKey( const cryptContext: CRYPT_CONTEXT ): Integer;
1545	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1546
1547	function cryptGenerateKeyAsync( const cryptContext: CRYPT_CONTEXT ): Integer;
1548	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1549
1550	function cryptAsyncQuery( const cryptObject: CRYPT_HANDLE ): Integer;
1551	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1552
1553	function cryptAsyncCancel( const cryptObject: CRYPT_HANDLE ): Integer;
1554	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1555
1556
1557	{ Encrypt/decrypt/hash a block of memory }
1558
1559	function cryptEncrypt( const cryptContext: CRYPT_CONTEXT;
1560	buffer: Pointer;
1561	const length: Integer ): Integer;
1562	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1563
1564	function cryptDecrypt( const cryptContext: CRYPT_CONTEXT;
1565	buffer: Pointer;
1566	const length: Integer ): Integer;
1567	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1568
1569
1570	{ Get/set/delete attribute functions }
1571
1572	function cryptSetAttribute( const cryptHandle: CRYPT_HANDLE;
1573	const attributeType: CRYPT_ATTRIBUTE_TYPE;
1574	const value: Integer ): Integer;
1575	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1576
1577	function cryptSetAttributeString( const cryptHandle: CRYPT_HANDLE;
1578	const attributeType: CRYPT_ATTRIBUTE_TYPE;
1579	const value: Pointer;
1580	const valueLength: Integer ): Integer;
1581	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1582
1583	function cryptGetAttribute( const cryptHandle: CRYPT_HANDLE;
1584	const attributeType: CRYPT_ATTRIBUTE_TYPE;
1585	var value: Integer ): Integer;
1586	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1587
1588	function cryptGetAttributeString( const cryptHandle: CRYPT_HANDLE;
1589	const attributeType: CRYPT_ATTRIBUTE_TYPE;
1590	value: Pointer;
1591	var valueLength: Integer ): Integer;
1592	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1593
1594	function cryptDeleteAttribute( const cryptHandle: CRYPT_HANDLE;
1595	const attributeType: CRYPT_ATTRIBUTE_TYPE ): Integer;
1596	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1597
1598
1599	{ Oddball functions: Add random data to the pool, query an encoded signature
1600	or key data. These are due to be replaced once a suitable alternative can
1601	be found }
1602
1603	function cryptAddRandom( const randomData: Pointer;
1604	const randomDataLength: Integer ): Integer;
1605	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1606
1607	function cryptQueryObject( const objectData: Pointer;
1608	const objectDataLength: Integer;
1609	var cryptObjectInfo: CRYPT_OBJECT_INFO ): Integer;
1610	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1611
1612
1613	{****************************************************************************
1614	* *
1615	* Mid-level Encryption Functions *
1616	* *
1617	****************************************************************************}
1618
1619	{ Export and import an encrypted session key }
1620
1621	function cryptExportKey( encryptedKey: Pointer;
1622	const encryptedKeyMaxLength: Integer;
1623	var encryptedKeyLength: Integer;
1624	const exportKey: CRYPT_HANDLE;
1625	const sessionKeyContext: CRYPT_CONTEXT ): Integer;
1626	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1627
1628	function cryptExportKeyEx( encryptedKey: Pointer;
1629	const encryptedKeyMaxLength: Integer;
1630	var encryptedKeyLength: Integer;
1631	const formatType: CRYPT_FORMAT_TYPE;
1632	const exportKey: CRYPT_HANDLE;
1633	const sessionKeyContext: CRYPT_CONTEXT ): Integer;
1634	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1635
1636	function cryptImportKey( const encryptedKey: Pointer;
1637	const encryptedKeyLength: Integer;
1638	const importKey: CRYPT_CONTEXT;
1639	const sessionKeyContext: CRYPT_CONTEXT ): Integer;
1640	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1641
1642	function cryptImportKeyEx( const encryptedKey: Pointer;
1643	const encryptedKeyLength: Integer;
1644	const importKey: CRYPT_CONTEXT;
1645	const sessionKeyContext: CRYPT_CONTEXT;
1646	var returnedContext: CRYPT_CONTEXT ): Integer;
1647	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1648
1649
1650	{ Create and check a digital signature }
1651
1652	function cryptCreateSignature( signature: Pointer;
1653	const signatureMaxLength: Integer;
1654	var signatureLength: Integer;
1655	const signContext: CRYPT_CONTEXT;
1656	const hashContext: CRYPT_CONTEXT ): Integer;
1657	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1658
1659	function cryptCreateSignatureEx( signature: Pointer;
1660	const signatureMaxLength: Integer;
1661	var signatureLength: Integer;
1662	const formatType: CRYPT_FORMAT_TYPE;
1663	const signContext: CRYPT_CONTEXT;
1664	const hashContext: CRYPT_CONTEXT;
1665	const extraData: CRYPT_CERTIFICATE ): Integer;
1666	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1667
1668	function cryptCheckSignature( const signature: Pointer;
1669	const signatureLength: Integer;
1670	const sigCheckKey: CRYPT_HANDLE;
1671	const hashContext: CRYPT_CONTEXT ): Integer;
1672	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1673
1674	function cryptCheckSignatureEx( const signature: Pointer;
1675	const signatureLength: Integer;
1676	const sigCheckKey: CRYPT_HANDLE;
1677	const hashContext: CRYPT_CONTEXT;
1678	var extraData: CRYPT_HANDLE ): Integer;
1679	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1680
1681
1682	{****************************************************************************
1683	* *
1684	* Keyset Functions *
1685	* *
1686	****************************************************************************}
1687
1688	{ Open and close a keyset }
1689
1690	function cryptKeysetOpen( var keyset: CRYPT_KEYSET;
1691	const cryptUser: CRYPT_USER;
1692	const keysetType: CRYPT_KEYSET_TYPE;
1693	const name: PChar;
1694	const options: CRYPT_KEYOPT_TYPE ): Integer;
1695	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1696
1697	function cryptKeysetClose( const keyset: CRYPT_KEYSET ): Integer;
1698	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1699
1700
1701	{ Get a key from a keyset }
1702
1703	function cryptGetPublicKey( const keyset: CRYPT_KEYSET;
1704	var cryptContext: CRYPT_CONTEXT;
1705	const keyIDtype: CRYPT_KEYID_TYPE;
1706	const keyID: PChar ): Integer;
1707	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1708
1709	function cryptGetPrivateKey( const keyset: CRYPT_KEYSET;
1710	var cryptContext: CRYPT_CONTEXT;
1711	const keyIDtype: CRYPT_KEYID_TYPE;
1712	const keyID: PChar;
1713	const password: PChar ): Integer;
1714	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1715
1716
1717	{ Add/delete a key to/from a keyset }
1718
1719	function cryptAddPublicKey( const keyset: CRYPT_KEYSET;
1720	const certificate: CRYPT_CERTIFICATE ): Integer;
1721	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1722
1723	function cryptAddPrivateKey( const keyset: CRYPT_KEYSET;
1724	const cryptKey: CRYPT_HANDLE;
1725	const password: PChar ): Integer;
1726	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1727
1728	function cryptDeleteKey( const keyset: CRYPT_KEYSET;
1729	const keyIDtype: CRYPT_KEYID_TYPE;
1730	const keyID: PChar ): Integer;
1731	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1732
1733
1734	{****************************************************************************
1735	* *
1736	* Certificate Functions *
1737	* *
1738	****************************************************************************}
1739
1740	{ Create/destroy a certificate }
1741
1742	function cryptCreateCert( var certificate: CRYPT_CERTIFICATE;
1743	const cryptUser: CRYPT_USER;
1744	const certType: CRYPT_CERTTYPE_TYPE ): Integer;
1745	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1746
1747	function cryptDestroyCert( const certificate: CRYPT_CERTIFICATE ): Integer;
1748	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1749
1750
1751	{ Get/add/delete certificate extensions. These are direct data insertion
1752	functions whose use is discouraged, so they fix the string at char *
1753	rather than C_STR }
1754
1755	function cryptGetCertExtension( const certificate: CRYPT_CERTIFICATE;
1756	const oid: PChar;
1757	var criticalFlag: Integer;
1758	extension: Pointer;
1759	const extensionMaxLength: Integer;
1760	var extensionLength: Integer ): Integer;
1761	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1762
1763	function cryptAddCertExtension( const certificate: CRYPT_CERTIFICATE;
1764	const oid: PChar;
1765	const criticalFlag: Integer;
1766	const extension: Pointer;
1767	const extensionLength: Integer ): Integer;
1768	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1769
1770	function cryptDeleteCertExtension( const certificate: CRYPT_CERTIFICATE;
1771	const oid: PChar ): Integer;
1772	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1773
1774
1775	{ Sign/sig.check a certificate/certification request }
1776
1777	function cryptSignCert( const certificate: CRYPT_CERTIFICATE;
1778	const signContext: CRYPT_CONTEXT ): Integer;
1779	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1780
1781	function cryptCheckCert( const certificate: CRYPT_CERTIFICATE;
1782	const sigCheckKey: CRYPT_HANDLE ): Integer;
1783	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1784
1785
1786	{ Import/export a certificate/certification request }
1787
1788	function cryptImportCert( const certObject: Pointer;
1789	const certObjectLength: Integer;
1790	const cryptUser: CRYPT_USER;
1791	var certificate: CRYPT_CERTIFICATE ): Integer;
1792	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1793
1794	function cryptExportCert( certObject: Pointer;
1795	const certObjectMaxLength: Integer;
1796	var certObjectLength: Integer;
1797	const certFormatType: CRYPT_CERTFORMAT_TYPE;
1798	const certificate: CRYPT_CERTIFICATE ): Integer;
1799	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1800
1801
1802	{ CA management functions }
1803
1804	function cryptCAAddItem( const keyset: CRYPT_KEYSET;
1805	const certificate: CRYPT_CERTIFICATE ): Integer;
1806	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1807
1808	function cryptCAGetItem( const keyset: CRYPT_KEYSET;
1809	var certificate: CRYPT_CERTIFICATE;
1810	const certType: CRYPT_CERTTYPE_TYPE;
1811	const keyIDtype: CRYPT_KEYID_TYPE;
1812	const keyID: PChar ): Integer;
1813	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1814
1815	function cryptCADeleteItem( const keyset: CRYPT_KEYSET;
1816	const certType: CRYPT_CERTTYPE_TYPE;
1817	const keyIDtype: CRYPT_KEYID_TYPE;
1818	const keyID: PChar ): Integer;
1819	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1820
1821	function cryptCACertManagement( var certificate: CRYPT_CERTIFICATE;
1822	const action: CRYPT_CERTACTION_TYPE;
1823	const keyset: CRYPT_KEYSET;
1824	const caKey: CRYPT_CONTEXT;
1825	const certRequest: CRYPT_CERTIFICATE ): Integer;
1826	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1827
1828
1829	{****************************************************************************
1830	* *
1831	* Envelope and Session Functions *
1832	* *
1833	****************************************************************************}
1834
1835	{ Create/destroy an envelope }
1836
1837	function cryptCreateEnvelope( var envelope: CRYPT_ENVELOPE;
1838	const cryptUser: CRYPT_USER;
1839	const formatType: CRYPT_FORMAT_TYPE ): Integer;
1840	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1841
1842	function cryptDestroyEnvelope( const envelope: CRYPT_ENVELOPE ): Integer;
1843	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1844
1845
1846	{ Create/destroy a session }
1847
1848	function cryptCreateSession( var session: CRYPT_SESSION;
1849	const cryptUser: CRYPT_USER;
1850	const formatType: CRYPT_SESSION_TYPE ): Integer;
1851	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1852
1853	function cryptDestroySession( const session: CRYPT_SESSION ): Integer;
1854	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1855
1856
1857	{ Add/remove data to/from and envelope or session }
1858
1859	function cryptPushData( const envelope: CRYPT_HANDLE;
1860	const buffer: Pointer;
1861	const length: Integer;
1862	var bytesCopied: Integer ): Integer;
1863	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1864
1865	function cryptFlushData( const envelope: CRYPT_HANDLE ): Integer;
1866	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1867
1868	function cryptPopData( const envelope: CRYPT_HANDLE;
1869	buffer: Pointer;
1870	const length: Integer;
1871	var bytesCopied: Integer ): Integer;
1872	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1873
1874
1875	{****************************************************************************
1876	* *
1877	* Device Functions *
1878	* *
1879	****************************************************************************}
1880
1881	{ Open and close a device }
1882
1883	function cryptDeviceOpen( var device: CRYPT_DEVICE;
1884	const cryptUser: CRYPT_USER;
1885	const deviceType: CRYPT_DEVICE_TYPE;
1886	const name: PChar ): Integer;
1887	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1888
1889	function cryptDeviceClose( const device: CRYPT_DEVICE ): Integer;
1890	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1891
1892
1893	{ Query a devices capabilities }
1894
1895	function cryptDeviceQueryCapability( const device: CRYPT_DEVICE;
1896	const cryptAlgo: CRYPT_ALGO_TYPE;
1897	var cryptQueryInfo: CRYPT_QUERY_INFO ): Integer;
1898	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1899
1900
1901	{ Create an encryption context via the device }
1902
1903	function cryptDeviceCreateContext( const device: CRYPT_DEVICE;
1904	var cryptContext: CRYPT_CONTEXT;
1905	const cryptAlgo: CRYPT_ALGO_TYPE ): Integer;
1906	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1907
1908
1909	{****************************************************************************
1910	* *
1911	* User Management Functions *
1912	* *
1913	****************************************************************************}
1914
1915	{ Log on and off (create/destroy a user object) }
1916
1917	function cryptLogin( var user: CRYPT_USER;
1918	const name: PChar;
1919	const password: PChar ): Integer;
1920	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1921
1922	function cryptLogout( const user: CRYPT_USER ): Integer;
1923	{$IFDEF WIN32} stdcall; {$ELSE} cdecl; {$ENDIF} external cryptlibname;
1924
1925
1926
1927
1928
1929	implementation
1930
1931	{ no implementation code now }
1932
1933	end.

Note: See TracBrowser for help on using the repository browser.

Download in other formats: