712 lines
23 KiB
C
712 lines
23 KiB
C
/**
|
|
* This file has no copyright assigned and is placed in the Public Domain.
|
|
* This file is part of the mingw-w64 runtime package.
|
|
* No warranty is given; refer to the file DISCLAIMER.PD within this package.
|
|
*/
|
|
#ifndef __SCHANNEL_H__
|
|
#define __SCHANNEL_H__
|
|
|
|
#include <_mingw_unicode.h>
|
|
#include <wincrypt.h>
|
|
|
|
#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
|
|
#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
|
|
|
|
#define SSL2SP_NAME_A "Microsoft SSL 2.0"
|
|
#define SSL2SP_NAME_W L"Microsoft SSL 2.0"
|
|
|
|
#define SSL3SP_NAME_A "Microsoft SSL 3.0"
|
|
#define SSL3SP_NAME_W L"Microsoft SSL 3.0"
|
|
|
|
#define TLS1SP_NAME_A "Microsoft TLS 1.0"
|
|
#define TLS1SP_NAME_W L"Microsoft TLS 1.0"
|
|
|
|
#define PCT1SP_NAME_A "Microsoft PCT 1.0"
|
|
#define PCT1SP_NAME_W L"Microsoft PCT 1.0"
|
|
|
|
#define SCHANNEL_NAME_A "Schannel"
|
|
#define SCHANNEL_NAME_W L"Schannel"
|
|
|
|
#define DEFAULT_TLS_SSP_NAME_A "Default TLS SSP"
|
|
#define DEFAULT_TLS_SSP_NAME_W L"Default TLS SSP"
|
|
|
|
#define UNISP_NAME __MINGW_NAME_UAW(UNISP_NAME)
|
|
#define PCT1SP_NAME __MINGW_NAME_UAW(PCT1SP_NAME)
|
|
#define SSL2SP_NAME __MINGW_NAME_UAW(SSL2SP_NAME)
|
|
#define SSL3SP_NAME __MINGW_NAME_UAW(SSL3SP_NAME)
|
|
#define TLS1SP_NAME __MINGW_NAME_UAW(TLS1SP_NAME)
|
|
#define SCHANNEL_NAME __MINGW_NAME_UAW(SCHANNEL_NAME)
|
|
#define DEFAULT_TLS_SSP_NAME __MINGW_NAME_UAW(DEFAULT_TLS_SSP_NAME_W)
|
|
|
|
typedef enum _eTlsSignatureAlgorithm {
|
|
TlsSignatureAlgorithm_Anonymous = 0,
|
|
TlsSignatureAlgorithm_Rsa = 1,
|
|
TlsSignatureAlgorithm_Dsa = 2,
|
|
TlsSignatureAlgorithm_Ecdsa = 3
|
|
} eTlsSignatureAlgorithm;
|
|
|
|
typedef enum _eTlsHashAlgorithm {
|
|
TlsHashAlgorithm_None = 0,
|
|
TlsHashAlgorithm_Md5 = 1,
|
|
TlsHashAlgorithm_Sha1 = 2,
|
|
TlsHashAlgorithm_Sha224 = 3,
|
|
TlsHashAlgorithm_Sha256 = 4,
|
|
TlsHashAlgorithm_Sha384 = 5,
|
|
TlsHashAlgorithm_Sha512 = 6
|
|
} eTlsHashAlgorithm;
|
|
|
|
#define UNISP_RPC_ID 14
|
|
|
|
#define SECPKG_ATTR_ISSUER_LIST 0x50
|
|
#define SECPKG_ATTR_REMOTE_CRED 0x51
|
|
#define SECPKG_ATTR_LOCAL_CRED 0x52
|
|
#define SECPKG_ATTR_REMOTE_CERT_CONTEXT 0x53
|
|
#define SECPKG_ATTR_LOCAL_CERT_CONTEXT 0x54
|
|
#define SECPKG_ATTR_ROOT_STORE 0x55
|
|
#define SECPKG_ATTR_SUPPORTED_ALGS 0x56
|
|
#define SECPKG_ATTR_CIPHER_STRENGTHS 0x57
|
|
#define SECPKG_ATTR_SUPPORTED_PROTOCOLS 0x58
|
|
#define SECPKG_ATTR_ISSUER_LIST_EX 0x59
|
|
#define SECPKG_ATTR_CONNECTION_INFO 0x5a
|
|
#define SECPKG_ATTR_EAP_KEY_BLOCK 0x5b
|
|
#define SECPKG_ATTR_MAPPED_CRED_ATTR 0x5c
|
|
#define SECPKG_ATTR_SESSION_INFO 0x5d
|
|
#define SECPKG_ATTR_APP_DATA 0x5e
|
|
#define SECPKG_ATTR_REMOTE_CERTIFICATES 0x5F
|
|
#define SECPKG_ATTR_CLIENT_CERT_POLICY 0x60
|
|
#define SECPKG_ATTR_CC_POLICY_RESULT 0x61
|
|
#define SECPKG_ATTR_USE_NCRYPT 0x62
|
|
#define SECPKG_ATTR_LOCAL_CERT_INFO 0x63
|
|
#define SECPKG_ATTR_CIPHER_INFO 0x64
|
|
#define SECPKG_ATTR_EAP_PRF_INFO 0x65
|
|
#define SECPKG_ATTR_SUPPORTED_SIGNATURES 0x66
|
|
#define SECPKG_ATTR_REMOTE_CERT_CHAIN 0x67
|
|
#define SECPKG_ATTR_UI_INFO 0x68
|
|
#define SECPKG_ATTR_EARLY_START 0x69
|
|
#define SECPKG_ATTR_KEYING_MATERIAL_INFO 0x6a
|
|
#define SECPKG_ATTR_KEYING_MATERIAL 0x6b
|
|
#define SECPKG_ATTR_SRTP_PARAMETERS 0x6c
|
|
#define SECPKG_ATTR_TOKEN_BINDING 0x6d
|
|
#define SECPKG_ATTR_CONNECTION_INFO_EX 0x6e
|
|
#define SECPKG_ATTR_KEYING_MATERIAL_TOKEN_BINDING 0x6f
|
|
#define SECPKG_ATTR_KEYING_MATERIAL_INPROC 0x70
|
|
|
|
typedef struct _SecPkgContext_IssuerListInfo {
|
|
DWORD cbIssuerList;
|
|
PBYTE pIssuerList;
|
|
} SecPkgContext_IssuerListInfo,*PSecPkgContext_IssuerListInfo;
|
|
|
|
typedef struct _SecPkgContext_RemoteCredentialInfo {
|
|
DWORD cbCertificateChain;
|
|
PBYTE pbCertificateChain;
|
|
DWORD cCertificates;
|
|
DWORD fFlags;
|
|
DWORD dwBits;
|
|
} SecPkgContext_RemoteCredentialInfo,*PSecPkgContext_RemoteCredentialInfo;
|
|
|
|
typedef SecPkgContext_RemoteCredentialInfo SecPkgContext_RemoteCredenitalInfo,*PSecPkgContext_RemoteCredenitalInfo;
|
|
|
|
#define RCRED_STATUS_NOCRED 0x00000000
|
|
#define RCRED_CRED_EXISTS 0x00000001
|
|
#define RCRED_STATUS_UNKNOWN_ISSUER 0x00000002
|
|
|
|
typedef struct _SecPkgContext_LocalCredentialInfo {
|
|
DWORD cbCertificateChain;
|
|
PBYTE pbCertificateChain;
|
|
DWORD cCertificates;
|
|
DWORD fFlags;
|
|
DWORD dwBits;
|
|
} SecPkgContext_LocalCredentialInfo,*PSecPkgContext_LocalCredentialInfo;
|
|
|
|
typedef SecPkgContext_LocalCredentialInfo SecPkgContext_LocalCredenitalInfo,*PSecPkgContext_LocalCredenitalInfo;
|
|
|
|
#define LCRED_STATUS_NOCRED 0x00000000
|
|
#define LCRED_CRED_EXISTS 0x00000001
|
|
#define LCRED_STATUS_UNKNOWN_ISSUER 0x00000002
|
|
|
|
typedef unsigned int ALG_ID;
|
|
|
|
typedef struct _SecPkgCred_SupportedAlgs {
|
|
DWORD cSupportedAlgs;
|
|
ALG_ID *palgSupportedAlgs;
|
|
} SecPkgCred_SupportedAlgs,*PSecPkgCred_SupportedAlgs;
|
|
|
|
typedef struct _SecPkgCred_CipherStrengths {
|
|
DWORD dwMinimumCipherStrength;
|
|
DWORD dwMaximumCipherStrength;
|
|
} SecPkgCred_CipherStrengths,*PSecPkgCred_CipherStrengths;
|
|
|
|
typedef struct _SecPkgCred_SupportedProtocols {
|
|
DWORD grbitProtocol;
|
|
} SecPkgCred_SupportedProtocols,*PSecPkgCred_SupportedProtocols;
|
|
|
|
typedef struct _SecPkgCred_ClientCertPolicy {
|
|
DWORD dwFlags;
|
|
GUID guidPolicyId;
|
|
DWORD dwCertFlags;
|
|
DWORD dwUrlRetrievalTimeout;
|
|
WINBOOL fCheckRevocationFreshnessTime;
|
|
DWORD dwRevocationFreshnessTime;
|
|
WINBOOL fOmitUsageCheck;
|
|
LPWSTR pwszSslCtlStoreName;
|
|
LPWSTR pwszSslCtlIdentifier;
|
|
} SecPkgCred_ClientCertPolicy, *PSecPkgCred_ClientCertPolicy;
|
|
|
|
typedef struct _SecPkgContext_ClientCertPolicyResult {
|
|
HRESULT dwPolicyResult;
|
|
GUID guidPolicyId;
|
|
} SecPkgContext_ClientCertPolicyResult, *PSecPkgContext_ClientCertPolicyResult;
|
|
|
|
typedef struct _SecPkgContext_IssuerListInfoEx {
|
|
PCERT_NAME_BLOB aIssuers;
|
|
DWORD cIssuers;
|
|
} SecPkgContext_IssuerListInfoEx,*PSecPkgContext_IssuerListInfoEx;
|
|
|
|
typedef struct _SecPkgContext_ConnectionInfo {
|
|
DWORD dwProtocol;
|
|
ALG_ID aiCipher;
|
|
DWORD dwCipherStrength;
|
|
ALG_ID aiHash;
|
|
DWORD dwHashStrength;
|
|
ALG_ID aiExch;
|
|
DWORD dwExchStrength;
|
|
} SecPkgContext_ConnectionInfo,*PSecPkgContext_ConnectionInfo;
|
|
|
|
#define SZ_ALG_MAX_SIZE 64
|
|
|
|
#define SECPKGCONTEXT_CONNECTION_INFO_EX_V1 1
|
|
|
|
typedef struct _SecPkgContext_ConnectionInfoEx {
|
|
DWORD dwVersion;
|
|
DWORD dwProtocol;
|
|
WCHAR szCipher[SZ_ALG_MAX_SIZE];
|
|
DWORD dwCipherStrength;
|
|
WCHAR szHash[SZ_ALG_MAX_SIZE];
|
|
DWORD dwHashStrength;
|
|
WCHAR szExchange[SZ_ALG_MAX_SIZE];
|
|
DWORD dwExchStrength;
|
|
} SecPkgContext_ConnectionInfoEx, *PSecPkgContext_ConnectionInfoEx;
|
|
|
|
#define SECPKGCONTEXT_CIPHERINFO_V1 1
|
|
|
|
typedef struct _SecPkgContext_CipherInfo {
|
|
DWORD dwVersion;
|
|
DWORD dwProtocol;
|
|
DWORD dwCipherSuite;
|
|
DWORD dwBaseCipherSuite;
|
|
WCHAR szCipherSuite[SZ_ALG_MAX_SIZE];
|
|
WCHAR szCipher[SZ_ALG_MAX_SIZE];
|
|
DWORD dwCipherLen;
|
|
DWORD dwCipherBlockLen;
|
|
WCHAR szHash[SZ_ALG_MAX_SIZE];
|
|
DWORD dwHashLen;
|
|
WCHAR szExchange[SZ_ALG_MAX_SIZE];
|
|
DWORD dwMinExchangeLen;
|
|
DWORD dwMaxExchangeLen;
|
|
WCHAR szCertificate[SZ_ALG_MAX_SIZE];
|
|
DWORD dwKeyType;
|
|
} SecPkgContext_CipherInfo, *PSecPkgContext_CipherInfo;
|
|
|
|
typedef struct _SecPkgContext_EapKeyBlock {
|
|
BYTE rgbKeys[128];
|
|
BYTE rgbIVs[64];
|
|
} SecPkgContext_EapKeyBlock,*PSecPkgContext_EapKeyBlock;
|
|
|
|
typedef struct _SecPkgContext_MappedCredAttr {
|
|
DWORD dwAttribute;
|
|
PVOID pvBuffer;
|
|
} SecPkgContext_MappedCredAttr,*PSecPkgContext_MappedCredAttr;
|
|
|
|
#define SSL_SESSION_RECONNECT 1
|
|
|
|
typedef struct _SecPkgContext_SessionInfo {
|
|
DWORD dwFlags;
|
|
DWORD cbSessionId;
|
|
BYTE rgbSessionId[32];
|
|
} SecPkgContext_SessionInfo,*PSecPkgContext_SessionInfo;
|
|
|
|
typedef struct _SecPkgContext_SessionAppData {
|
|
DWORD dwFlags;
|
|
DWORD cbAppData;
|
|
PBYTE pbAppData;
|
|
} SecPkgContext_SessionAppData,*PSecPkgContext_SessionAppData;
|
|
|
|
typedef struct _SecPkgContext_EapPrfInfo {
|
|
DWORD dwVersion;
|
|
DWORD cbPrfData;
|
|
PBYTE pbPrfData;
|
|
} SecPkgContext_EapPrfInfo, *PSecPkgContext_EapPrfInfo;
|
|
|
|
typedef struct _SecPkgContext_SupportedSignatures {
|
|
WORD cSignatureAndHashAlgorithms;
|
|
WORD *pSignatureAndHashAlgorithms;
|
|
} SecPkgContext_SupportedSignatures, *PSecPkgContext_SupportedSignatures;
|
|
|
|
typedef struct _SecPkgContext_Certificates {
|
|
DWORD cCertificates;
|
|
DWORD cbCertificateChain;
|
|
PBYTE pbCertificateChain;
|
|
} SecPkgContext_Certificates, *PSecPkgContext_Certificates;
|
|
|
|
typedef struct _SecPkgContext_CertInfo {
|
|
DWORD dwVersion;
|
|
DWORD cbSubjectName;
|
|
LPWSTR pwszSubjectName;
|
|
DWORD cbIssuerName;
|
|
LPWSTR pwszIssuerName;
|
|
DWORD dwKeySize;
|
|
} SecPkgContext_CertInfo, *PSecPkgContext_CertInfo;
|
|
|
|
#define KERN_CONTEXT_CERT_INFO_V1 0x00000000
|
|
|
|
typedef struct _SecPkgContext_UiInfo {
|
|
HWND hParentWindow;
|
|
} SecPkgContext_UiInfo, *PSecPkgContext_UiInfo;
|
|
|
|
typedef struct _SecPkgContext_EarlyStart {
|
|
DWORD dwEarlyStartFlags;
|
|
} SecPkgContext_EarlyStart, *PSecPkgContext_EarlyStart;
|
|
|
|
#define ENABLE_TLS_CLIENT_EARLY_START 0x00000001
|
|
|
|
typedef struct _SecPkgContext_KeyingMaterialInfo {
|
|
WORD cbLabel;
|
|
LPSTR pszLabel;
|
|
WORD cbContextValue;
|
|
PBYTE pbContextValue;
|
|
DWORD cbKeyingMaterial;
|
|
} SecPkgContext_KeyingMaterialInfo, *PSecPkgContext_KeyingMaterialInfo;
|
|
|
|
typedef struct _SecPkgContext_KeyingMaterial {
|
|
DWORD cbKeyingMaterial;
|
|
PBYTE pbKeyingMaterial;
|
|
} SecPkgContext_KeyingMaterial, *PSecPkgContext_KeyingMaterial;
|
|
|
|
typedef struct _SecPkgContext_KeyingMaterial_Inproc {
|
|
WORD cbLabel;
|
|
LPSTR pszLabel;
|
|
WORD cbContextValue;
|
|
PBYTE pbContextValue;
|
|
DWORD cbKeyingMaterial;
|
|
PBYTE pbKeyingMaterial;
|
|
} SecPkgContext_KeyingMaterial_Inproc, *PSecPkgContext_KeyingMaterial_Inproc;
|
|
|
|
typedef struct _SecPkgContext_SrtpParameters {
|
|
WORD ProtectionProfile;
|
|
BYTE MasterKeyIdentifierSize;
|
|
PBYTE MasterKeyIdentifier;
|
|
} SecPkgContext_SrtpParameters, *PSecPkgContext_SrtpParameters;
|
|
|
|
typedef struct _SecPkgContext_TokenBinding {
|
|
BYTE MajorVersion;
|
|
BYTE MinorVersion;
|
|
WORD KeyParametersSize;
|
|
PBYTE KeyParameters;
|
|
} SecPkgContext_TokenBinding, *PSecPkgContext_TokenBinding;
|
|
|
|
#define SCH_CRED_V1 0x00000001
|
|
#define SCH_CRED_V2 0x00000002
|
|
#define SCH_CRED_VERSION 0x00000002
|
|
#define SCH_CRED_V3 0x00000003
|
|
#define SCHANNEL_CRED_VERSION 0x00000004
|
|
#define SCH_CREDENTIALS_VERSION 0x00000005
|
|
|
|
struct _HMAPPER;
|
|
|
|
typedef struct _SCHANNEL_CRED {
|
|
DWORD dwVersion;
|
|
DWORD cCreds;
|
|
PCCERT_CONTEXT *paCred;
|
|
HCERTSTORE hRootStore;
|
|
DWORD cMappers;
|
|
struct _HMAPPER **aphMappers;
|
|
DWORD cSupportedAlgs;
|
|
ALG_ID *palgSupportedAlgs;
|
|
DWORD grbitEnabledProtocols;
|
|
DWORD dwMinimumCipherStrength;
|
|
DWORD dwMaximumCipherStrength;
|
|
DWORD dwSessionLifespan;
|
|
DWORD dwFlags;
|
|
DWORD dwCredFormat;
|
|
} SCHANNEL_CRED,*PSCHANNEL_CRED;
|
|
|
|
#ifdef SCHANNEL_USE_BLACKLISTS
|
|
|
|
typedef enum _eTlsAlgorithmUsage {
|
|
TlsParametersCngAlgUsageKeyExchange,
|
|
TlsParametersCngAlgUsageSignature,
|
|
TlsParametersCngAlgUsageCipher,
|
|
TlsParametersCngAlgUsageDigest,
|
|
TlsParametersCngAlgUsageCertSig
|
|
} eTlsAlgorithmUsage;
|
|
|
|
typedef struct _CRYPTO_SETTINGS {
|
|
eTlsAlgorithmUsage eAlgorithmUsage;
|
|
UNICODE_STRING strCngAlgId;
|
|
DWORD cChainingModes;
|
|
PUNICODE_STRING rgstrChainingModes;
|
|
DWORD dwMinBitLength;
|
|
DWORD dwMaxBitLength;
|
|
} CRYPTO_SETTINGS, *PCRYPTO_SETTINGS;
|
|
|
|
typedef struct _TLS_PARAMETERS {
|
|
DWORD cAlpnIds;
|
|
PUNICODE_STRING rgstrAlpnIds;
|
|
DWORD grbitDisabledProtocols;
|
|
DWORD cDisabledCrypto;
|
|
PCRYPTO_SETTINGS pDisabledCrypto;
|
|
DWORD dwFlags;
|
|
} TLS_PARAMETERS, *PTLS_PARAMETERS;
|
|
|
|
#define TLS_PARAMS_OPTIONAL 0x00000001
|
|
|
|
typedef struct _SCH_CREDENTIALS {
|
|
DWORD dwVersion;
|
|
DWORD dwCredFormat;
|
|
DWORD cCreds;
|
|
PCCERT_CONTEXT *paCred;
|
|
HCERTSTORE hRootStore;
|
|
DWORD cMappers;
|
|
struct _HMAPPER **aphMappers;
|
|
DWORD dwSessionLifespan;
|
|
DWORD dwFlags;
|
|
DWORD cTlsParameters;
|
|
PTLS_PARAMETERS pTlsParameters;
|
|
} SCH_CREDENTIALS, *PSCH_CREDENTIALS;
|
|
|
|
#define SCH_CRED_MAX_SUPPORTED_PARAMETERS 16
|
|
#define SCH_CRED_MAX_SUPPORTED_ALPN_IDS 16
|
|
#define SCH_CRED_MAX_SUPPORTED_CRYPTO_SETTINGS 16
|
|
#define SCH_CRED_MAX_SUPPORTED_CHAINING_MODES 16
|
|
|
|
#endif /* SCHANNEL_USE_BLACKLISTS */
|
|
|
|
typedef struct _SEND_GENERIC_TLS_EXTENSION {
|
|
WORD ExtensionType;
|
|
WORD HandshakeType;
|
|
DWORD Flags;
|
|
WORD BufferSize;
|
|
UCHAR Buffer[ANYSIZE_ARRAY];
|
|
} SEND_GENERIC_TLS_EXTENSION, *PSEND_GENERIC_TLS_EXTENSION;
|
|
|
|
typedef struct _TLS_EXTENSION_SUBSCRIPTION {
|
|
WORD ExtensionType;
|
|
WORD HandshakeType;
|
|
} TLS_EXTENSION_SUBSCRIPTION, *PTLS_EXTENSION_SUBSCRIPTION;
|
|
|
|
typedef struct _SUBSCRIBE_GENERIC_TLS_EXTENSION {
|
|
DWORD Flags;
|
|
DWORD SubscriptionsCount;
|
|
TLS_EXTENSION_SUBSCRIPTION Subscriptions[ANYSIZE_ARRAY];
|
|
} SUBSCRIBE_GENERIC_TLS_EXTENSION, *PSUBSCRIBE_GENERIC_TLS_EXTENSION;
|
|
|
|
#define SCH_MAX_EXT_SUBSCRIPTIONS 2
|
|
|
|
#define SCH_CRED_FORMAT_CERT_CONTEXT 0x00000000
|
|
#define SCH_CRED_FORMAT_CERT_HASH 0x00000001
|
|
#define SCH_CRED_FORMAT_CERT_HASH_STORE 0x00000002
|
|
|
|
#define SCH_CRED_MAX_STORE_NAME_SIZE 128
|
|
#define SCH_CRED_MAX_SUPPORTED_ALGS 256
|
|
#define SCH_CRED_MAX_SUPPORTED_CERTS 100
|
|
|
|
typedef struct _SCHANNEL_CERT_HASH {
|
|
DWORD dwLength;
|
|
DWORD dwFlags;
|
|
HCRYPTPROV hProv;
|
|
BYTE ShaHash[20];
|
|
} SCHANNEL_CERT_HASH,*PSCHANNEL_CERT_HASH;
|
|
|
|
typedef struct _SCHANNEL_CERT_HASH_STORE {
|
|
DWORD dwLength;
|
|
DWORD dwFlags;
|
|
HCRYPTPROV hProv;
|
|
BYTE ShaHash[20];
|
|
WCHAR pwszStoreName[SCH_CRED_MAX_STORE_NAME_SIZE];
|
|
} SCHANNEL_CERT_HASH_STORE, *PSCHANNEL_CERT_HASH_STORE;
|
|
|
|
#define SCH_MACHINE_CERT_HASH 0x00000001
|
|
|
|
#define SCH_CRED_NO_SYSTEM_MAPPER 0x00000002
|
|
#define SCH_CRED_NO_SERVERNAME_CHECK 0x00000004
|
|
#define SCH_CRED_MANUAL_CRED_VALIDATION 0x00000008
|
|
#define SCH_CRED_NO_DEFAULT_CREDS 0x00000010
|
|
#define SCH_CRED_AUTO_CRED_VALIDATION 0x00000020
|
|
#define SCH_CRED_USE_DEFAULT_CREDS 0x00000040
|
|
#define SCH_CRED_DISABLE_RECONNECTS 0x00000080
|
|
|
|
#define SCH_CRED_REVOCATION_CHECK_END_CERT 0x00000100
|
|
#define SCH_CRED_REVOCATION_CHECK_CHAIN 0x00000200
|
|
#define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000400
|
|
#define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 0x00000800
|
|
#define SCH_CRED_IGNORE_REVOCATION_OFFLINE 0x00001000
|
|
|
|
#define SCH_CRED_RESTRICTED_ROOTS 0x00002000
|
|
#define SCH_CRED_REVOCATION_CHECK_CACHE_ONLY 0x00004000
|
|
#define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL 0x00008000
|
|
|
|
#define SCH_CRED_MEMORY_STORE_CERT 0x00010000
|
|
|
|
#define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE 0x00020000
|
|
|
|
#define SCH_SEND_ROOT_CERT 0x00040000
|
|
#define SCH_CRED_SNI_CREDENTIAL 0x00080000
|
|
#define SCH_CRED_SNI_ENABLE_OCSP 0x00100000
|
|
#define SCH_SEND_AUX_RECORD 0x00200000
|
|
#define SCH_USE_STRONG_CRYPTO 0x00400000
|
|
#define SCH_USE_PRESHAREDKEY_ONLY 0x00800000
|
|
#define SCH_USE_DTLS_ONLY 0x01000000
|
|
#define SCH_ALLOW_NULL_ENCRYPTION 0x02000000
|
|
|
|
#define SCHANNEL_RENEGOTIATE 0
|
|
#define SCHANNEL_SHUTDOWN 1
|
|
#define SCHANNEL_ALERT 2
|
|
#define SCHANNEL_SESSION 3
|
|
|
|
typedef struct _SCHANNEL_ALERT_TOKEN {
|
|
DWORD dwTokenType;
|
|
DWORD dwAlertType;
|
|
DWORD dwAlertNumber;
|
|
} SCHANNEL_ALERT_TOKEN;
|
|
|
|
#define TLS1_ALERT_WARNING 1
|
|
#define TLS1_ALERT_FATAL 2
|
|
|
|
#define TLS1_ALERT_CLOSE_NOTIFY 0
|
|
#define TLS1_ALERT_UNEXPECTED_MESSAGE 10
|
|
#define TLS1_ALERT_BAD_RECORD_MAC 20
|
|
#define TLS1_ALERT_DECRYPTION_FAILED 21
|
|
#define TLS1_ALERT_RECORD_OVERFLOW 22
|
|
#define TLS1_ALERT_DECOMPRESSION_FAIL 30
|
|
#define TLS1_ALERT_HANDSHAKE_FAILURE 40
|
|
#define TLS1_ALERT_BAD_CERTIFICATE 42
|
|
#define TLS1_ALERT_UNSUPPORTED_CERT 43
|
|
#define TLS1_ALERT_CERTIFICATE_REVOKED 44
|
|
#define TLS1_ALERT_CERTIFICATE_EXPIRED 45
|
|
#define TLS1_ALERT_CERTIFICATE_UNKNOWN 46
|
|
#define TLS1_ALERT_ILLEGAL_PARAMETER 47
|
|
#define TLS1_ALERT_UNKNOWN_CA 48
|
|
#define TLS1_ALERT_ACCESS_DENIED 49
|
|
#define TLS1_ALERT_DECODE_ERROR 50
|
|
#define TLS1_ALERT_DECRYPT_ERROR 51
|
|
#define TLS1_ALERT_EXPORT_RESTRICTION 60
|
|
#define TLS1_ALERT_PROTOCOL_VERSION 70
|
|
#define TLS1_ALERT_INSUFFIENT_SECURITY 71
|
|
#define TLS1_ALERT_INTERNAL_ERROR 80
|
|
#define TLS1_ALERT_USER_CANCELED 90
|
|
#define TLS1_ALERT_NO_RENEGOTIATION 100
|
|
#define TLS1_ALERT_UNSUPPORTED_EXT 110
|
|
#define TLS1_ALERT_UNKNOWN_PSK_IDENTITY 115
|
|
#define TLS1_ALERT_NO_APP_PROTOCOL 120
|
|
|
|
#define SSL_SESSION_ENABLE_RECONNECTS 1
|
|
#define SSL_SESSION_DISABLE_RECONNECTS 2
|
|
|
|
typedef struct _SCHANNEL_SESSION_TOKEN {
|
|
DWORD dwTokenType;
|
|
DWORD dwFlags;
|
|
} SCHANNEL_SESSION_TOKEN;
|
|
|
|
typedef struct _SCHANNEL_CLIENT_SIGNATURE {
|
|
DWORD cbLength;
|
|
ALG_ID aiHash;
|
|
DWORD cbHash;
|
|
BYTE HashValue[36];
|
|
BYTE CertThumbprint[20];
|
|
} SCHANNEL_CLIENT_SIGNATURE, *PSCHANNEL_CLIENT_SIGNATURE;
|
|
|
|
#define CERT_SCHANNEL_IIS_PRIVATE_KEY_PROP_ID (CERT_FIRST_USER_PROP_ID + 0)
|
|
#define CERT_SCHANNEL_IIS_PASSWORD_PROP_ID (CERT_FIRST_USER_PROP_ID + 1)
|
|
#define CERT_SCHANNEL_SGC_CERTIFICATE_PROP_ID (CERT_FIRST_USER_PROP_ID + 2)
|
|
|
|
#define SP_PROT_PCT1_SERVER 0x00000001
|
|
#define SP_PROT_PCT1_CLIENT 0x00000002
|
|
#define SP_PROT_PCT1 (SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT)
|
|
|
|
#define SP_PROT_SSL2_SERVER 0x00000004
|
|
#define SP_PROT_SSL2_CLIENT 0x00000008
|
|
#define SP_PROT_SSL2 (SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT)
|
|
|
|
#define SP_PROT_SSL3_SERVER 0x00000010
|
|
#define SP_PROT_SSL3_CLIENT 0x00000020
|
|
#define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT)
|
|
|
|
#define SP_PROT_TLS1_SERVER 0x00000040
|
|
#define SP_PROT_TLS1_CLIENT 0x00000080
|
|
#define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT)
|
|
|
|
#define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT)
|
|
#define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER)
|
|
#define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1)
|
|
|
|
#define SP_PROT_UNI_SERVER 0x40000000
|
|
#define SP_PROT_UNI_CLIENT 0x80000000
|
|
#define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT)
|
|
|
|
#define SP_PROT_ALL 0xffffffff
|
|
#define SP_PROT_NONE 0
|
|
#define SP_PROT_CLIENTS (SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT)
|
|
#define SP_PROT_SERVERS (SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER)
|
|
|
|
#define SP_PROT_TLS1_0_SERVER SP_PROT_TLS1_SERVER
|
|
#define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT
|
|
#define SP_PROT_TLS1_0 (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT)
|
|
|
|
#define SP_PROT_TLS1_1_SERVER 0x00000100
|
|
#define SP_PROT_TLS1_1_CLIENT 0x00000200
|
|
#define SP_PROT_TLS1_1 (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT)
|
|
|
|
#define SP_PROT_TLS1_2_SERVER 0x00000400
|
|
#define SP_PROT_TLS1_2_CLIENT 0x00000800
|
|
#define SP_PROT_TLS1_2 (SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT)
|
|
|
|
#define SP_PROT_TLS1_3_SERVER 0x00001000
|
|
#define SP_PROT_TLS1_3_CLIENT 0x00002000
|
|
#define SP_PROT_TLS1_3 (SP_PROT_TLS1_3_SERVER | SP_PROT_TLS1_3_CLIENT)
|
|
|
|
#define SP_PROT_DTLS_SERVER 0x00010000
|
|
#define SP_PROT_DTLS_CLIENT 0x00020000
|
|
#define SP_PROT_DTLS (SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT )
|
|
|
|
#define SP_PROT_DTLS1_0_SERVER SP_PROT_DTLS_SERVER
|
|
#define SP_PROT_DTLS1_0_CLIENT SP_PROT_DTLS_CLIENT
|
|
#define SP_PROT_DTLS1_0 (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT)
|
|
|
|
#define SP_PROT_DTLS1_2_SERVER 0x00040000
|
|
#define SP_PROT_DTLS1_2_CLIENT 0x00080000
|
|
#define SP_PROT_DTLS1_2 (SP_PROT_DTLS1_2_SERVER | SP_PROT_DTLS1_2_CLIENT)
|
|
|
|
#define SP_PROT_DTLS1_X_SERVER (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_2_SERVER)
|
|
#define SP_PROT_DTLS1_X_CLIENT (SP_PROT_DTLS1_0_CLIENT | SP_PROT_DTLS1_2_CLIENT)
|
|
#define SP_PROT_DTLS1_X (SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT)
|
|
|
|
#define SP_PROT_TLS1_1PLUS_SERVER (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_3_SERVER)
|
|
#define SP_PROT_TLS1_1PLUS_CLIENT (SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_3_CLIENT)
|
|
#define SP_PROT_TLS1_1PLUS (SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT)
|
|
|
|
#define SP_PROT_TLS1_3PLUS_SERVER SP_PROT_TLS1_3_SERVER
|
|
#define SP_PROT_TLS1_3PLUS_CLIENT SP_PROT_TLS1_3_CLIENT
|
|
#define SP_PROT_TLS1_3PLUS (SP_PROT_TLS1_3PLUS_SERVER | SP_PROT_TLS1_3PLUS_CLIENT)
|
|
|
|
#define SP_PROT_TLS1_X_SERVER (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_3_SERVER)
|
|
#define SP_PROT_TLS1_X_CLIENT (SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_3_CLIENT)
|
|
#define SP_PROT_TLS1_X (SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT)
|
|
|
|
#define SP_PROT_SSL3TLS1_X_CLIENTS (SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT)
|
|
#define SP_PROT_SSL3TLS1_X_SERVERS (SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER)
|
|
#define SP_PROT_SSL3TLS1_X (SP_PROT_SSL3 | SP_PROT_TLS1_X)
|
|
|
|
#define SP_PROT_X_CLIENTS (SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT | SP_PROT_DTLS1_X_CLIENT )
|
|
#define SP_PROT_X_SERVERS (SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER | SP_PROT_DTLS1_X_SERVER )
|
|
|
|
typedef WINBOOL (*SSL_EMPTY_CACHE_FN_A)(LPSTR pszTargetName,DWORD dwFlags);
|
|
|
|
WINBOOL SslEmptyCacheA(LPSTR pszTargetName,DWORD dwFlags);
|
|
|
|
typedef WINBOOL (*SSL_EMPTY_CACHE_FN_W)(LPWSTR pszTargetName,DWORD dwFlags);
|
|
|
|
WINBOOL SslEmptyCacheW(LPWSTR pszTargetName,DWORD dwFlags);
|
|
|
|
#define SSL_EMPTY_CACHE_FN __MINGW_NAME_UAW(SSL_EMPTY_CACHE_FN)
|
|
#define SslEmptyCache __MINGW_NAME_AW(SslEmptyCache)
|
|
|
|
typedef struct _SSL_CREDENTIAL_CERTIFICATE {
|
|
DWORD cbPrivateKey;
|
|
PBYTE pPrivateKey;
|
|
DWORD cbCertificate;
|
|
PBYTE pCertificate;
|
|
PSTR pszPassword;
|
|
} SSL_CREDENTIAL_CERTIFICATE,*PSSL_CREDENTIAL_CERTIFICATE;
|
|
|
|
#define SCHANNEL_SECRET_TYPE_CAPI 0x00000001
|
|
#define SCHANNEL_SECRET_PRIVKEY 0x00000002
|
|
#define SCH_CRED_X509_CERTCHAIN 0x00000001
|
|
#define SCH_CRED_X509_CAPI 0x00000002
|
|
#define SCH_CRED_CERT_CONTEXT 0x00000003
|
|
|
|
struct _HMAPPER;
|
|
typedef struct _SCH_CRED {
|
|
DWORD dwVersion;
|
|
DWORD cCreds;
|
|
PVOID *paSecret;
|
|
PVOID *paPublic;
|
|
DWORD cMappers;
|
|
struct _HMAPPER **aphMappers;
|
|
} SCH_CRED,*PSCH_CRED;
|
|
|
|
typedef struct _SCH_CRED_SECRET_CAPI {
|
|
DWORD dwType;
|
|
HCRYPTPROV hProv;
|
|
} SCH_CRED_SECRET_CAPI,*PSCH_CRED_SECRET_CAPI;
|
|
|
|
typedef struct _SCH_CRED_SECRET_PRIVKEY {
|
|
DWORD dwType;
|
|
PBYTE pPrivateKey;
|
|
DWORD cbPrivateKey;
|
|
PSTR pszPassword;
|
|
} SCH_CRED_SECRET_PRIVKEY,*PSCH_CRED_SECRET_PRIVKEY;
|
|
|
|
typedef struct _SCH_CRED_PUBLIC_CERTCHAIN {
|
|
DWORD dwType;
|
|
DWORD cbCertChain;
|
|
PBYTE pCertChain;
|
|
} SCH_CRED_PUBLIC_CERTCHAIN,*PSCH_CRED_PUBLIC_CERTCHAIN;
|
|
|
|
typedef struct _SCH_CRED_PUBLIC_CAPI {
|
|
DWORD dwType;
|
|
HCRYPTPROV hProv;
|
|
} SCH_CRED_PUBLIC_CAPI,*PSCH_CRED_PUBLIC_CAPI;
|
|
|
|
typedef struct _PctPublicKey {
|
|
DWORD Type;
|
|
DWORD cbKey;
|
|
UCHAR pKey[1];
|
|
} PctPublicKey;
|
|
|
|
typedef struct _X509Certificate {
|
|
DWORD Version;
|
|
DWORD SerialNumber[4];
|
|
ALG_ID SignatureAlgorithm;
|
|
FILETIME ValidFrom;
|
|
FILETIME ValidUntil;
|
|
PSTR pszIssuer;
|
|
PSTR pszSubject;
|
|
PctPublicKey *pPublicKey;
|
|
} X509Certificate,*PX509Certificate;
|
|
|
|
WINBOOL SslGenerateKeyPair(PSSL_CREDENTIAL_CERTIFICATE pCerts,PSTR pszDN,PSTR pszPassword,DWORD Bits);
|
|
VOID SslGenerateRandomBits(PUCHAR pRandomData,LONG cRandomData);
|
|
WINBOOL SslCrackCertificate(PUCHAR pbCertificate,DWORD cbCertificate,DWORD dwFlags,PX509Certificate *ppCertificate);
|
|
VOID SslFreeCertificate(PX509Certificate pCertificate);
|
|
DWORD WINAPI SslGetMaximumKeySize(DWORD Reserved);
|
|
WINBOOL SslGetDefaultIssuers(PBYTE pbIssuers,DWORD *pcbIssuers);
|
|
|
|
#define SSL_CRACK_CERTIFICATE_NAME TEXT("SslCrackCertificate")
|
|
#define SSL_FREE_CERTIFICATE_NAME TEXT("SslFreeCertificate")
|
|
|
|
typedef WINBOOL (WINAPI *SSL_CRACK_CERTIFICATE_FN)(PUCHAR pbCertificate,DWORD cbCertificate,WINBOOL VerifySignature,PX509Certificate *ppCertificate);
|
|
typedef VOID (WINAPI *SSL_FREE_CERTIFICATE_FN)(PX509Certificate pCertificate);
|
|
|
|
typedef SECURITY_STATUS (WINAPI *SslGetServerIdentityFn)(PBYTE ClientHello, DWORD ClientHelloSize, PBYTE *ServerIdentity, PDWORD ServerIdentitySize, DWORD Flags);
|
|
SECURITY_STATUS WINAPI SslGetServerIdentity(PBYTE ClientHello, DWORD ClientHelloSize, PBYTE *ServerIdentity, PDWORD ServerIdentitySize, DWORD Flags);
|
|
|
|
#if NTDDI_VERSION >= NTDDI_WIN10_19H1
|
|
|
|
typedef struct _SCH_EXTENSION_DATA {
|
|
WORD ExtensionType;
|
|
const BYTE *pExtData;
|
|
DWORD cbExtData;
|
|
}SCH_EXTENSION_DATA;
|
|
|
|
typedef enum _SchGetExtensionsOptions {
|
|
SCH_EXTENSIONS_OPTIONS_NONE = 0x0,
|
|
SCH_NO_RECORD_HEADER = 0x1
|
|
}SchGetExtensionsOptions;
|
|
|
|
typedef SECURITY_STATUS (WINAPI *SslGetExtensionsFn)(const BYTE *clientHello, DWORD clientHelloByteSize, SCH_EXTENSION_DATA *genericExtensions, BYTE genericExtensionsCount, DWORD *bytesToRead, SchGetExtensionsOptions flags);
|
|
SECURITY_STATUS WINAPI SslGetExtensions(const BYTE *clientHello, DWORD clientHelloByteSize, SCH_EXTENSION_DATA *genericExtensions, BYTE genericExtensionsCount, DWORD *bytesToRead, SchGetExtensionsOptions flags);
|
|
|
|
#endif /* NTDDI_VERSION >= NTDDI_WIN10_19H1 */
|
|
|
|
#endif /* __SCHANNEL_H__ */
|