1 /** 2 * This file has no copyright assigned and is placed in the Public Domain. 3 * This file is part of the mingw-w64 runtime package. 4 * No warranty is given; refer to the file DISCLAIMER.PD within this package. 5 */ 6 #ifndef __SCHANNEL_H__ 7 #define __SCHANNEL_H__ 8 9 #include <_mingw_unicode.h> 10 #include <wincrypt.h> 11 12 #define UNISP_NAME_A "Microsoft Unified Security Protocol Provider" 13 #define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider" 14 15 #define SSL2SP_NAME_A "Microsoft SSL 2.0" 16 #define SSL2SP_NAME_W L"Microsoft SSL 2.0" 17 18 #define SSL3SP_NAME_A "Microsoft SSL 3.0" 19 #define SSL3SP_NAME_W L"Microsoft SSL 3.0" 20 21 #define TLS1SP_NAME_A "Microsoft TLS 1.0" 22 #define TLS1SP_NAME_W L"Microsoft TLS 1.0" 23 24 #define PCT1SP_NAME_A "Microsoft PCT 1.0" 25 #define PCT1SP_NAME_W L"Microsoft PCT 1.0" 26 27 #define SCHANNEL_NAME_A "Schannel" 28 #define SCHANNEL_NAME_W L"Schannel" 29 30 #define UNISP_NAME __MINGW_NAME_UAW(UNISP_NAME) 31 #define PCT1SP_NAME __MINGW_NAME_UAW(PCT1SP_NAME) 32 #define SSL2SP_NAME __MINGW_NAME_UAW(SSL2SP_NAME) 33 #define SSL3SP_NAME __MINGW_NAME_UAW(SSL3SP_NAME) 34 #define TLS1SP_NAME __MINGW_NAME_UAW(TLS1SP_NAME) 35 #define SCHANNEL_NAME __MINGW_NAME_UAW(SCHANNEL_NAME) 36 37 #define UNISP_RPC_ID 14 38 39 #define SECPKG_ATTR_ISSUER_LIST 0x50 40 #define SECPKG_ATTR_REMOTE_CRED 0x51 41 #define SECPKG_ATTR_LOCAL_CRED 0x52 42 #define SECPKG_ATTR_REMOTE_CERT_CONTEXT 0x53 43 #define SECPKG_ATTR_LOCAL_CERT_CONTEXT 0x54 44 #define SECPKG_ATTR_ROOT_STORE 0x55 45 #define SECPKG_ATTR_SUPPORTED_ALGS 0x56 46 #define SECPKG_ATTR_CIPHER_STRENGTHS 0x57 47 #define SECPKG_ATTR_SUPPORTED_PROTOCOLS 0x58 48 #define SECPKG_ATTR_ISSUER_LIST_EX 0x59 49 #define SECPKG_ATTR_CONNECTION_INFO 0x5a 50 #define SECPKG_ATTR_EAP_KEY_BLOCK 0x5b 51 #define SECPKG_ATTR_MAPPED_CRED_ATTR 0x5c 52 #define SECPKG_ATTR_SESSION_INFO 0x5d 53 #define SECPKG_ATTR_APP_DATA 0x5e 54 55 typedef struct _SecPkgContext_IssuerListInfo { 56 DWORD cbIssuerList; 57 PBYTE pIssuerList; 58 } SecPkgContext_IssuerListInfo,*PSecPkgContext_IssuerListInfo; 59 60 typedef struct _SecPkgContext_RemoteCredentialInfo { 61 DWORD cbCertificateChain; 62 PBYTE pbCertificateChain; 63 DWORD cCertificates; 64 DWORD fFlags; 65 DWORD dwBits; 66 } SecPkgContext_RemoteCredentialInfo,*PSecPkgContext_RemoteCredentialInfo; 67 68 typedef SecPkgContext_RemoteCredentialInfo SecPkgContext_RemoteCredenitalInfo,*PSecPkgContext_RemoteCredenitalInfo; 69 70 #define RCRED_STATUS_NOCRED 0x00000000 71 #define RCRED_CRED_EXISTS 0x00000001 72 #define RCRED_STATUS_UNKNOWN_ISSUER 0x00000002 73 74 typedef struct _SecPkgContext_LocalCredentialInfo { 75 DWORD cbCertificateChain; 76 PBYTE pbCertificateChain; 77 DWORD cCertificates; 78 DWORD fFlags; 79 DWORD dwBits; 80 } SecPkgContext_LocalCredentialInfo,*PSecPkgContext_LocalCredentialInfo; 81 82 typedef SecPkgContext_LocalCredentialInfo SecPkgContext_LocalCredenitalInfo,*PSecPkgContext_LocalCredenitalInfo; 83 84 #define LCRED_STATUS_NOCRED 0x00000000 85 #define LCRED_CRED_EXISTS 0x00000001 86 #define LCRED_STATUS_UNKNOWN_ISSUER 0x00000002 87 88 typedef struct _SecPkgCred_SupportedAlgs { 89 DWORD cSupportedAlgs; 90 ALG_ID *palgSupportedAlgs; 91 } SecPkgCred_SupportedAlgs,*PSecPkgCred_SupportedAlgs; 92 93 typedef struct _SecPkgCred_CipherStrengths { 94 DWORD dwMinimumCipherStrength; 95 DWORD dwMaximumCipherStrength; 96 } SecPkgCred_CipherStrengths,*PSecPkgCred_CipherStrengths; 97 98 typedef struct _SecPkgCred_SupportedProtocols { 99 DWORD grbitProtocol; 100 } SecPkgCred_SupportedProtocols,*PSecPkgCred_SupportedProtocols; 101 102 typedef struct _SecPkgContext_IssuerListInfoEx { 103 PCERT_NAME_BLOB aIssuers; 104 DWORD cIssuers; 105 } SecPkgContext_IssuerListInfoEx,*PSecPkgContext_IssuerListInfoEx; 106 107 typedef struct _SecPkgContext_ConnectionInfo { 108 DWORD dwProtocol; 109 ALG_ID aiCipher; 110 DWORD dwCipherStrength; 111 ALG_ID aiHash; 112 DWORD dwHashStrength; 113 ALG_ID aiExch; 114 DWORD dwExchStrength; 115 } SecPkgContext_ConnectionInfo,*PSecPkgContext_ConnectionInfo; 116 117 typedef struct _SecPkgContext_EapKeyBlock { 118 BYTE rgbKeys[128]; 119 BYTE rgbIVs[64]; 120 } SecPkgContext_EapKeyBlock,*PSecPkgContext_EapKeyBlock; 121 122 typedef struct _SecPkgContext_MappedCredAttr { 123 DWORD dwAttribute; 124 PVOID pvBuffer; 125 } SecPkgContext_MappedCredAttr,*PSecPkgContext_MappedCredAttr; 126 127 #define SSL_SESSION_RECONNECT 1 128 129 typedef struct _SecPkgContext_SessionInfo { 130 DWORD dwFlags; 131 DWORD cbSessionId; 132 BYTE rgbSessionId[32]; 133 } SecPkgContext_SessionInfo,*PSecPkgContext_SessionInfo; 134 135 typedef struct _SecPkgContext_SessionAppData { 136 DWORD dwFlags; 137 DWORD cbAppData; 138 PBYTE pbAppData; 139 } SecPkgContext_SessionAppData,*PSecPkgContext_SessionAppData; 140 141 #define SCH_CRED_V1 0x00000001 142 #define SCH_CRED_V2 0x00000002 143 #define SCH_CRED_VERSION 0x00000002 144 #define SCH_CRED_V3 0x00000003 145 #define SCHANNEL_CRED_VERSION 0x00000004 146 147 struct _HMAPPER; 148 149 typedef struct _SCHANNEL_CRED { 150 DWORD dwVersion; 151 DWORD cCreds; 152 PCCERT_CONTEXT *paCred; 153 HCERTSTORE hRootStore; 154 DWORD cMappers; 155 struct _HMAPPER **aphMappers; 156 DWORD cSupportedAlgs; 157 ALG_ID *palgSupportedAlgs; 158 DWORD grbitEnabledProtocols; 159 DWORD dwMinimumCipherStrength; 160 DWORD dwMaximumCipherStrength; 161 DWORD dwSessionLifespan; 162 DWORD dwFlags; 163 DWORD dwCredFormat; 164 } SCHANNEL_CRED,*PSCHANNEL_CRED; 165 166 #define SCH_CRED_FORMAT_CERT_HASH 0x00000001 167 168 #define SCH_CRED_MAX_SUPPORTED_ALGS 256 169 #define SCH_CRED_MAX_SUPPORTED_CERTS 100 170 171 typedef struct _SCHANNEL_CERT_HASH { 172 DWORD dwLength; 173 DWORD dwFlags; 174 HCRYPTPROV hProv; 175 BYTE ShaHash[20]; 176 } SCHANNEL_CERT_HASH,*PSCHANNEL_CERT_HASH; 177 178 #define SCH_MACHINE_CERT_HASH 0x00000001 179 180 #define SCH_CRED_NO_SYSTEM_MAPPER 0x00000002 181 #define SCH_CRED_NO_SERVERNAME_CHECK 0x00000004 182 #define SCH_CRED_MANUAL_CRED_VALIDATION 0x00000008 183 #define SCH_CRED_NO_DEFAULT_CREDS 0x00000010 184 #define SCH_CRED_AUTO_CRED_VALIDATION 0x00000020 185 #define SCH_CRED_USE_DEFAULT_CREDS 0x00000040 186 #define SCH_CRED_DISABLE_RECONNECTS 0x00000080 187 188 #define SCH_CRED_REVOCATION_CHECK_END_CERT 0x00000100 189 #define SCH_CRED_REVOCATION_CHECK_CHAIN 0x00000200 190 #define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000400 191 #define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 0x00000800 192 #define SCH_CRED_IGNORE_REVOCATION_OFFLINE 0x00001000 193 #define SCH_CRED_REVOCATION_CHECK_CACHE_ONLY 0x00004000 194 195 #define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL 0x00008000 196 197 #define SCHANNEL_RENEGOTIATE 0 198 #define SCHANNEL_SHUTDOWN 1 199 #define SCHANNEL_ALERT 2 200 #define SCHANNEL_SESSION 3 201 202 typedef struct _SCHANNEL_ALERT_TOKEN { 203 DWORD dwTokenType; 204 DWORD dwAlertType; 205 DWORD dwAlertNumber; 206 } SCHANNEL_ALERT_TOKEN; 207 208 #define TLS1_ALERT_WARNING 1 209 #define TLS1_ALERT_FATAL 2 210 211 #define TLS1_ALERT_CLOSE_NOTIFY 0 212 #define TLS1_ALERT_UNEXPECTED_MESSAGE 10 213 #define TLS1_ALERT_BAD_RECORD_MAC 20 214 #define TLS1_ALERT_DECRYPTION_FAILED 21 215 #define TLS1_ALERT_RECORD_OVERFLOW 22 216 #define TLS1_ALERT_DECOMPRESSION_FAIL 30 217 #define TLS1_ALERT_HANDSHAKE_FAILURE 40 218 #define TLS1_ALERT_BAD_CERTIFICATE 42 219 #define TLS1_ALERT_UNSUPPORTED_CERT 43 220 #define TLS1_ALERT_CERTIFICATE_REVOKED 44 221 #define TLS1_ALERT_CERTIFICATE_EXPIRED 45 222 #define TLS1_ALERT_CERTIFICATE_UNKNOWN 46 223 #define TLS1_ALERT_ILLEGAL_PARAMETER 47 224 #define TLS1_ALERT_UNKNOWN_CA 48 225 #define TLS1_ALERT_ACCESS_DENIED 49 226 #define TLS1_ALERT_DECODE_ERROR 50 227 #define TLS1_ALERT_DECRYPT_ERROR 51 228 #define TLS1_ALERT_EXPORT_RESTRICTION 60 229 #define TLS1_ALERT_PROTOCOL_VERSION 70 230 #define TLS1_ALERT_INSUFFIENT_SECURITY 71 231 #define TLS1_ALERT_INTERNAL_ERROR 80 232 #define TLS1_ALERT_USER_CANCELED 90 233 #define TLS1_ALERT_NO_RENEGOTIATATION 100 234 235 #define SSL_SESSION_ENABLE_RECONNECTS 1 236 #define SSL_SESSION_DISABLE_RECONNECTS 2 237 238 typedef struct _SCHANNEL_SESSION_TOKEN { 239 DWORD dwTokenType; 240 DWORD dwFlags; 241 } SCHANNEL_SESSION_TOKEN; 242 243 #define CERT_SCHANNEL_IIS_PRIVATE_KEY_PROP_ID (CERT_FIRST_USER_PROP_ID + 0) 244 #define CERT_SCHANNEL_IIS_PASSWORD_PROP_ID (CERT_FIRST_USER_PROP_ID + 1) 245 #define CERT_SCHANNEL_SGC_CERTIFICATE_PROP_ID (CERT_FIRST_USER_PROP_ID + 2) 246 247 #define SP_PROT_PCT1_SERVER 0x00000001 248 #define SP_PROT_PCT1_CLIENT 0x00000002 249 #define SP_PROT_PCT1 (SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT) 250 251 #define SP_PROT_SSL2_SERVER 0x00000004 252 #define SP_PROT_SSL2_CLIENT 0x00000008 253 #define SP_PROT_SSL2 (SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT) 254 255 #define SP_PROT_SSL3_SERVER 0x00000010 256 #define SP_PROT_SSL3_CLIENT 0x00000020 257 #define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT) 258 259 #define SP_PROT_TLS1_SERVER 0x00000040 260 #define SP_PROT_TLS1_CLIENT 0x00000080 261 #define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT) 262 263 #define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT) 264 #define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER) 265 #define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1) 266 267 #define SP_PROT_UNI_SERVER 0x40000000 268 #define SP_PROT_UNI_CLIENT 0x80000000 269 #define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT) 270 271 #define SP_PROT_ALL 0xffffffff 272 #define SP_PROT_NONE 0 273 #define SP_PROT_CLIENTS (SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT) 274 #define SP_PROT_SERVERS (SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER) 275 276 typedef WINBOOL (*SSL_EMPTY_CACHE_FN_A)(LPSTR pszTargetName,DWORD dwFlags); 277 278 WINBOOL SslEmptyCacheA(LPSTR pszTargetName,DWORD dwFlags); 279 280 typedef WINBOOL (*SSL_EMPTY_CACHE_FN_W)(LPWSTR pszTargetName,DWORD dwFlags); 281 282 WINBOOL SslEmptyCacheW(LPWSTR pszTargetName,DWORD dwFlags); 283 284 #define SSL_EMPTY_CACHE_FN __MINGW_NAME_UAW(SSL_EMPTY_CACHE_FN) 285 #define SslEmptyCache __MINGW_NAME_AW(SslEmptyCache) 286 287 typedef struct _SSL_CREDENTIAL_CERTIFICATE { 288 DWORD cbPrivateKey; 289 PBYTE pPrivateKey; 290 DWORD cbCertificate; 291 PBYTE pCertificate; 292 PSTR pszPassword; 293 } SSL_CREDENTIAL_CERTIFICATE,*PSSL_CREDENTIAL_CERTIFICATE; 294 295 #define SCHANNEL_SECRET_TYPE_CAPI 0x00000001 296 #define SCHANNEL_SECRET_PRIVKEY 0x00000002 297 #define SCH_CRED_X509_CERTCHAIN 0x00000001 298 #define SCH_CRED_X509_CAPI 0x00000002 299 #define SCH_CRED_CERT_CONTEXT 0x00000003 300 301 struct _HMAPPER; 302 typedef struct _SCH_CRED { 303 DWORD dwVersion; 304 DWORD cCreds; 305 PVOID *paSecret; 306 PVOID *paPublic; 307 DWORD cMappers; 308 struct _HMAPPER **aphMappers; 309 } SCH_CRED,*PSCH_CRED; 310 311 typedef struct _SCH_CRED_SECRET_CAPI { 312 DWORD dwType; 313 HCRYPTPROV hProv; 314 } SCH_CRED_SECRET_CAPI,*PSCH_CRED_SECRET_CAPI; 315 316 typedef struct _SCH_CRED_SECRET_PRIVKEY { 317 DWORD dwType; 318 PBYTE pPrivateKey; 319 DWORD cbPrivateKey; 320 PSTR pszPassword; 321 } SCH_CRED_SECRET_PRIVKEY,*PSCH_CRED_SECRET_PRIVKEY; 322 323 typedef struct _SCH_CRED_PUBLIC_CERTCHAIN { 324 DWORD dwType; 325 DWORD cbCertChain; 326 PBYTE pCertChain; 327 } SCH_CRED_PUBLIC_CERTCHAIN,*PSCH_CRED_PUBLIC_CERTCHAIN; 328 329 typedef struct _SCH_CRED_PUBLIC_CAPI { 330 DWORD dwType; 331 HCRYPTPROV hProv; 332 } SCH_CRED_PUBLIC_CAPI,*PSCH_CRED_PUBLIC_CAPI; 333 334 typedef struct _PctPublicKey { 335 DWORD Type; 336 DWORD cbKey; 337 UCHAR pKey[1]; 338 } PctPublicKey; 339 340 typedef struct _X509Certificate { 341 DWORD Version; 342 DWORD SerialNumber[4]; 343 ALG_ID SignatureAlgorithm; 344 FILETIME ValidFrom; 345 FILETIME ValidUntil; 346 PSTR pszIssuer; 347 PSTR pszSubject; 348 PctPublicKey *pPublicKey; 349 } X509Certificate,*PX509Certificate; 350 351 WINBOOL SslGenerateKeyPair(PSSL_CREDENTIAL_CERTIFICATE pCerts,PSTR pszDN,PSTR pszPassword,DWORD Bits); 352 VOID SslGenerateRandomBits(PUCHAR pRandomData,LONG cRandomData); 353 WINBOOL SslCrackCertificate(PUCHAR pbCertificate,DWORD cbCertificate,DWORD dwFlags,PX509Certificate *ppCertificate); 354 VOID SslFreeCertificate(PX509Certificate pCertificate); 355 DWORD WINAPI SslGetMaximumKeySize(DWORD Reserved); 356 WINBOOL SslGetDefaultIssuers(PBYTE pbIssuers,DWORD *pcbIssuers); 357 358 #define SSL_CRACK_CERTIFICATE_NAME TEXT("SslCrackCertificate") 359 #define SSL_FREE_CERTIFICATE_NAME TEXT("SslFreeCertificate") 360 361 typedef WINBOOL (WINAPI *SSL_CRACK_CERTIFICATE_FN)(PUCHAR pbCertificate,DWORD cbCertificate,WINBOOL VerifySignature,PX509Certificate *ppCertificate); 362 typedef VOID (WINAPI *SSL_FREE_CERTIFICATE_FN)(PX509Certificate pCertificate); 363 364 #if (_WIN32_WINNT >= 0x0600) 365 typedef struct _SecPkgContext_EapPrfInfo { 366 DWORD dwVersion; 367 DWORD cbPrfData; 368 } SecPkgContext_EapPrfInfo, *PSecPkgContext_EapPrfInfo; 369 #endif /*(_WIN32_WINNT >= 0x0600)*/ 370 #if (_WIN32_WINNT >= 0x0601) 371 typedef struct _SecPkgContext_SupportedSignatures { 372 WORD cSignatureAndHashAlgorithms; 373 WORD *pSignatureAndHashAlgorithms; 374 } SecPkgContext_SupportedSignatures, *PSecPkgContext_SupportedSignatures; 375 #endif /*(_WIN32_WINNT >= 0x0601)*/ 376 #endif 377