| /** |
| * This file has no copyright assigned and is placed in the Public Domain. |
| * This file is part of the mingw-w64 runtime package. |
| * No warranty is given; refer to the file DISCLAIMER.PD within this package. |
| */ |
| #ifndef __SCHANNEL_H__ |
| #define __SCHANNEL_H__ |
| |
| #include <_mingw_unicode.h> |
| #include <wincrypt.h> |
| |
| #define UNISP_NAME_A "Microsoft Unified Security Protocol Provider" |
| #define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider" |
| |
| #define SSL2SP_NAME_A "Microsoft SSL 2.0" |
| #define SSL2SP_NAME_W L"Microsoft SSL 2.0" |
| |
| #define SSL3SP_NAME_A "Microsoft SSL 3.0" |
| #define SSL3SP_NAME_W L"Microsoft SSL 3.0" |
| |
| #define TLS1SP_NAME_A "Microsoft TLS 1.0" |
| #define TLS1SP_NAME_W L"Microsoft TLS 1.0" |
| |
| #define PCT1SP_NAME_A "Microsoft PCT 1.0" |
| #define PCT1SP_NAME_W L"Microsoft PCT 1.0" |
| |
| #define SCHANNEL_NAME_A "Schannel" |
| #define SCHANNEL_NAME_W L"Schannel" |
| |
| #define DEFAULT_TLS_SSP_NAME_A "Default TLS SSP" |
| #define DEFAULT_TLS_SSP_NAME_W L"Default TLS SSP" |
| |
| #define UNISP_NAME __MINGW_NAME_UAW(UNISP_NAME) |
| #define PCT1SP_NAME __MINGW_NAME_UAW(PCT1SP_NAME) |
| #define SSL2SP_NAME __MINGW_NAME_UAW(SSL2SP_NAME) |
| #define SSL3SP_NAME __MINGW_NAME_UAW(SSL3SP_NAME) |
| #define TLS1SP_NAME __MINGW_NAME_UAW(TLS1SP_NAME) |
| #define SCHANNEL_NAME __MINGW_NAME_UAW(SCHANNEL_NAME) |
| #define DEFAULT_TLS_SSP_NAME __MINGW_NAME_UAW(DEFAULT_TLS_SSP_NAME_W) |
| |
| typedef enum _eTlsSignatureAlgorithm { |
| TlsSignatureAlgorithm_Anonymous = 0, |
| TlsSignatureAlgorithm_Rsa = 1, |
| TlsSignatureAlgorithm_Dsa = 2, |
| TlsSignatureAlgorithm_Ecdsa = 3 |
| } eTlsSignatureAlgorithm; |
| |
| typedef enum _eTlsHashAlgorithm { |
| TlsHashAlgorithm_None = 0, |
| TlsHashAlgorithm_Md5 = 1, |
| TlsHashAlgorithm_Sha1 = 2, |
| TlsHashAlgorithm_Sha224 = 3, |
| TlsHashAlgorithm_Sha256 = 4, |
| TlsHashAlgorithm_Sha384 = 5, |
| TlsHashAlgorithm_Sha512 = 6 |
| } eTlsHashAlgorithm; |
| |
| #define UNISP_RPC_ID 14 |
| |
| #define SECPKG_ATTR_ISSUER_LIST 0x50 |
| #define SECPKG_ATTR_REMOTE_CRED 0x51 |
| #define SECPKG_ATTR_LOCAL_CRED 0x52 |
| #define SECPKG_ATTR_REMOTE_CERT_CONTEXT 0x53 |
| #define SECPKG_ATTR_LOCAL_CERT_CONTEXT 0x54 |
| #define SECPKG_ATTR_ROOT_STORE 0x55 |
| #define SECPKG_ATTR_SUPPORTED_ALGS 0x56 |
| #define SECPKG_ATTR_CIPHER_STRENGTHS 0x57 |
| #define SECPKG_ATTR_SUPPORTED_PROTOCOLS 0x58 |
| #define SECPKG_ATTR_ISSUER_LIST_EX 0x59 |
| #define SECPKG_ATTR_CONNECTION_INFO 0x5a |
| #define SECPKG_ATTR_EAP_KEY_BLOCK 0x5b |
| #define SECPKG_ATTR_MAPPED_CRED_ATTR 0x5c |
| #define SECPKG_ATTR_SESSION_INFO 0x5d |
| #define SECPKG_ATTR_APP_DATA 0x5e |
| #define SECPKG_ATTR_REMOTE_CERTIFICATES 0x5F |
| #define SECPKG_ATTR_CLIENT_CERT_POLICY 0x60 |
| #define SECPKG_ATTR_CC_POLICY_RESULT 0x61 |
| #define SECPKG_ATTR_USE_NCRYPT 0x62 |
| #define SECPKG_ATTR_LOCAL_CERT_INFO 0x63 |
| #define SECPKG_ATTR_CIPHER_INFO 0x64 |
| #define SECPKG_ATTR_EAP_PRF_INFO 0x65 |
| #define SECPKG_ATTR_SUPPORTED_SIGNATURES 0x66 |
| #define SECPKG_ATTR_REMOTE_CERT_CHAIN 0x67 |
| #define SECPKG_ATTR_UI_INFO 0x68 |
| #define SECPKG_ATTR_EARLY_START 0x69 |
| #define SECPKG_ATTR_KEYING_MATERIAL_INFO 0x6a |
| #define SECPKG_ATTR_KEYING_MATERIAL 0x6b |
| #define SECPKG_ATTR_SRTP_PARAMETERS 0x6c |
| #define SECPKG_ATTR_TOKEN_BINDING 0x6d |
| #define SECPKG_ATTR_CONNECTION_INFO_EX 0x6e |
| #define SECPKG_ATTR_KEYING_MATERIAL_TOKEN_BINDING 0x6f |
| #define SECPKG_ATTR_KEYING_MATERIAL_INPROC 0x70 |
| |
| typedef struct _SecPkgContext_IssuerListInfo { |
| DWORD cbIssuerList; |
| PBYTE pIssuerList; |
| } SecPkgContext_IssuerListInfo,*PSecPkgContext_IssuerListInfo; |
| |
| typedef struct _SecPkgContext_RemoteCredentialInfo { |
| DWORD cbCertificateChain; |
| PBYTE pbCertificateChain; |
| DWORD cCertificates; |
| DWORD fFlags; |
| DWORD dwBits; |
| } SecPkgContext_RemoteCredentialInfo,*PSecPkgContext_RemoteCredentialInfo; |
| |
| typedef SecPkgContext_RemoteCredentialInfo SecPkgContext_RemoteCredenitalInfo,*PSecPkgContext_RemoteCredenitalInfo; |
| |
| #define RCRED_STATUS_NOCRED 0x00000000 |
| #define RCRED_CRED_EXISTS 0x00000001 |
| #define RCRED_STATUS_UNKNOWN_ISSUER 0x00000002 |
| |
| typedef struct _SecPkgContext_LocalCredentialInfo { |
| DWORD cbCertificateChain; |
| PBYTE pbCertificateChain; |
| DWORD cCertificates; |
| DWORD fFlags; |
| DWORD dwBits; |
| } SecPkgContext_LocalCredentialInfo,*PSecPkgContext_LocalCredentialInfo; |
| |
| typedef SecPkgContext_LocalCredentialInfo SecPkgContext_LocalCredenitalInfo,*PSecPkgContext_LocalCredenitalInfo; |
| |
| #define LCRED_STATUS_NOCRED 0x00000000 |
| #define LCRED_CRED_EXISTS 0x00000001 |
| #define LCRED_STATUS_UNKNOWN_ISSUER 0x00000002 |
| |
| typedef unsigned int ALG_ID; |
| |
| typedef struct _SecPkgCred_SupportedAlgs { |
| DWORD cSupportedAlgs; |
| ALG_ID *palgSupportedAlgs; |
| } SecPkgCred_SupportedAlgs,*PSecPkgCred_SupportedAlgs; |
| |
| typedef struct _SecPkgCred_CipherStrengths { |
| DWORD dwMinimumCipherStrength; |
| DWORD dwMaximumCipherStrength; |
| } SecPkgCred_CipherStrengths,*PSecPkgCred_CipherStrengths; |
| |
| typedef struct _SecPkgCred_SupportedProtocols { |
| DWORD grbitProtocol; |
| } SecPkgCred_SupportedProtocols,*PSecPkgCred_SupportedProtocols; |
| |
| typedef struct _SecPkgCred_ClientCertPolicy { |
| DWORD dwFlags; |
| GUID guidPolicyId; |
| DWORD dwCertFlags; |
| DWORD dwUrlRetrievalTimeout; |
| WINBOOL fCheckRevocationFreshnessTime; |
| DWORD dwRevocationFreshnessTime; |
| WINBOOL fOmitUsageCheck; |
| LPWSTR pwszSslCtlStoreName; |
| LPWSTR pwszSslCtlIdentifier; |
| } SecPkgCred_ClientCertPolicy, *PSecPkgCred_ClientCertPolicy; |
| |
| typedef struct _SecPkgContext_ClientCertPolicyResult { |
| HRESULT dwPolicyResult; |
| GUID guidPolicyId; |
| } SecPkgContext_ClientCertPolicyResult, *PSecPkgContext_ClientCertPolicyResult; |
| |
| typedef struct _SecPkgContext_IssuerListInfoEx { |
| PCERT_NAME_BLOB aIssuers; |
| DWORD cIssuers; |
| } SecPkgContext_IssuerListInfoEx,*PSecPkgContext_IssuerListInfoEx; |
| |
| typedef struct _SecPkgContext_ConnectionInfo { |
| DWORD dwProtocol; |
| ALG_ID aiCipher; |
| DWORD dwCipherStrength; |
| ALG_ID aiHash; |
| DWORD dwHashStrength; |
| ALG_ID aiExch; |
| DWORD dwExchStrength; |
| } SecPkgContext_ConnectionInfo,*PSecPkgContext_ConnectionInfo; |
| |
| #define SZ_ALG_MAX_SIZE 64 |
| |
| #define SECPKGCONTEXT_CONNECTION_INFO_EX_V1 1 |
| |
| typedef struct _SecPkgContext_ConnectionInfoEx { |
| DWORD dwVersion; |
| DWORD dwProtocol; |
| WCHAR szCipher[SZ_ALG_MAX_SIZE]; |
| DWORD dwCipherStrength; |
| WCHAR szHash[SZ_ALG_MAX_SIZE]; |
| DWORD dwHashStrength; |
| WCHAR szExchange[SZ_ALG_MAX_SIZE]; |
| DWORD dwExchStrength; |
| } SecPkgContext_ConnectionInfoEx, *PSecPkgContext_ConnectionInfoEx; |
| |
| #define SECPKGCONTEXT_CIPHERINFO_V1 1 |
| |
| typedef struct _SecPkgContext_CipherInfo { |
| DWORD dwVersion; |
| DWORD dwProtocol; |
| DWORD dwCipherSuite; |
| DWORD dwBaseCipherSuite; |
| WCHAR szCipherSuite[SZ_ALG_MAX_SIZE]; |
| WCHAR szCipher[SZ_ALG_MAX_SIZE]; |
| DWORD dwCipherLen; |
| DWORD dwCipherBlockLen; |
| WCHAR szHash[SZ_ALG_MAX_SIZE]; |
| DWORD dwHashLen; |
| WCHAR szExchange[SZ_ALG_MAX_SIZE]; |
| DWORD dwMinExchangeLen; |
| DWORD dwMaxExchangeLen; |
| WCHAR szCertificate[SZ_ALG_MAX_SIZE]; |
| DWORD dwKeyType; |
| } SecPkgContext_CipherInfo, *PSecPkgContext_CipherInfo; |
| |
| typedef struct _SecPkgContext_EapKeyBlock { |
| BYTE rgbKeys[128]; |
| BYTE rgbIVs[64]; |
| } SecPkgContext_EapKeyBlock,*PSecPkgContext_EapKeyBlock; |
| |
| typedef struct _SecPkgContext_MappedCredAttr { |
| DWORD dwAttribute; |
| PVOID pvBuffer; |
| } SecPkgContext_MappedCredAttr,*PSecPkgContext_MappedCredAttr; |
| |
| #define SSL_SESSION_RECONNECT 1 |
| |
| typedef struct _SecPkgContext_SessionInfo { |
| DWORD dwFlags; |
| DWORD cbSessionId; |
| BYTE rgbSessionId[32]; |
| } SecPkgContext_SessionInfo,*PSecPkgContext_SessionInfo; |
| |
| typedef struct _SecPkgContext_SessionAppData { |
| DWORD dwFlags; |
| DWORD cbAppData; |
| PBYTE pbAppData; |
| } SecPkgContext_SessionAppData,*PSecPkgContext_SessionAppData; |
| |
| typedef struct _SecPkgContext_EapPrfInfo { |
| DWORD dwVersion; |
| DWORD cbPrfData; |
| PBYTE pbPrfData; |
| } SecPkgContext_EapPrfInfo, *PSecPkgContext_EapPrfInfo; |
| |
| typedef struct _SecPkgContext_SupportedSignatures { |
| WORD cSignatureAndHashAlgorithms; |
| WORD *pSignatureAndHashAlgorithms; |
| } SecPkgContext_SupportedSignatures, *PSecPkgContext_SupportedSignatures; |
| |
| typedef struct _SecPkgContext_Certificates { |
| DWORD cCertificates; |
| DWORD cbCertificateChain; |
| PBYTE pbCertificateChain; |
| } SecPkgContext_Certificates, *PSecPkgContext_Certificates; |
| |
| typedef struct _SecPkgContext_CertInfo { |
| DWORD dwVersion; |
| DWORD cbSubjectName; |
| LPWSTR pwszSubjectName; |
| DWORD cbIssuerName; |
| LPWSTR pwszIssuerName; |
| DWORD dwKeySize; |
| } SecPkgContext_CertInfo, *PSecPkgContext_CertInfo; |
| |
| #define KERN_CONTEXT_CERT_INFO_V1 0x00000000 |
| |
| typedef struct _SecPkgContext_UiInfo { |
| HWND hParentWindow; |
| } SecPkgContext_UiInfo, *PSecPkgContext_UiInfo; |
| |
| typedef struct _SecPkgContext_EarlyStart { |
| DWORD dwEarlyStartFlags; |
| } SecPkgContext_EarlyStart, *PSecPkgContext_EarlyStart; |
| |
| #define ENABLE_TLS_CLIENT_EARLY_START 0x00000001 |
| |
| typedef struct _SecPkgContext_KeyingMaterialInfo { |
| WORD cbLabel; |
| LPSTR pszLabel; |
| WORD cbContextValue; |
| PBYTE pbContextValue; |
| DWORD cbKeyingMaterial; |
| } SecPkgContext_KeyingMaterialInfo, *PSecPkgContext_KeyingMaterialInfo; |
| |
| typedef struct _SecPkgContext_KeyingMaterial { |
| DWORD cbKeyingMaterial; |
| PBYTE pbKeyingMaterial; |
| } SecPkgContext_KeyingMaterial, *PSecPkgContext_KeyingMaterial; |
| |
| typedef struct _SecPkgContext_KeyingMaterial_Inproc { |
| WORD cbLabel; |
| LPSTR pszLabel; |
| WORD cbContextValue; |
| PBYTE pbContextValue; |
| DWORD cbKeyingMaterial; |
| PBYTE pbKeyingMaterial; |
| } SecPkgContext_KeyingMaterial_Inproc, *PSecPkgContext_KeyingMaterial_Inproc; |
| |
| typedef struct _SecPkgContext_SrtpParameters { |
| WORD ProtectionProfile; |
| BYTE MasterKeyIdentifierSize; |
| PBYTE MasterKeyIdentifier; |
| } SecPkgContext_SrtpParameters, *PSecPkgContext_SrtpParameters; |
| |
| typedef struct _SecPkgContext_TokenBinding { |
| BYTE MajorVersion; |
| BYTE MinorVersion; |
| WORD KeyParametersSize; |
| PBYTE KeyParameters; |
| } SecPkgContext_TokenBinding, *PSecPkgContext_TokenBinding; |
| |
| #define SCH_CRED_V1 0x00000001 |
| #define SCH_CRED_V2 0x00000002 |
| #define SCH_CRED_VERSION 0x00000002 |
| #define SCH_CRED_V3 0x00000003 |
| #define SCHANNEL_CRED_VERSION 0x00000004 |
| #define SCH_CREDENTIALS_VERSION 0x00000005 |
| |
| struct _HMAPPER; |
| |
| typedef struct _SCHANNEL_CRED { |
| DWORD dwVersion; |
| DWORD cCreds; |
| PCCERT_CONTEXT *paCred; |
| HCERTSTORE hRootStore; |
| DWORD cMappers; |
| struct _HMAPPER **aphMappers; |
| DWORD cSupportedAlgs; |
| ALG_ID *palgSupportedAlgs; |
| DWORD grbitEnabledProtocols; |
| DWORD dwMinimumCipherStrength; |
| DWORD dwMaximumCipherStrength; |
| DWORD dwSessionLifespan; |
| DWORD dwFlags; |
| DWORD dwCredFormat; |
| } SCHANNEL_CRED,*PSCHANNEL_CRED; |
| |
| #ifdef SCHANNEL_USE_BLACKLISTS |
| |
| typedef enum _eTlsAlgorithmUsage { |
| TlsParametersCngAlgUsageKeyExchange, |
| TlsParametersCngAlgUsageSignature, |
| TlsParametersCngAlgUsageCipher, |
| TlsParametersCngAlgUsageDigest, |
| TlsParametersCngAlgUsageCertSig |
| } eTlsAlgorithmUsage; |
| |
| typedef struct _CRYPTO_SETTINGS { |
| eTlsAlgorithmUsage eAlgorithmUsage; |
| UNICODE_STRING strCngAlgId; |
| DWORD cChainingModes; |
| PUNICODE_STRING rgstrChainingModes; |
| DWORD dwMinBitLength; |
| DWORD dwMaxBitLength; |
| } CRYPTO_SETTINGS, *PCRYPTO_SETTINGS; |
| |
| typedef struct _TLS_PARAMETERS { |
| DWORD cAlpnIds; |
| PUNICODE_STRING rgstrAlpnIds; |
| DWORD grbitDisabledProtocols; |
| DWORD cDisabledCrypto; |
| PCRYPTO_SETTINGS pDisabledCrypto; |
| DWORD dwFlags; |
| } TLS_PARAMETERS, *PTLS_PARAMETERS; |
| |
| #define TLS_PARAMS_OPTIONAL 0x00000001 |
| |
| typedef struct _SCH_CREDENTIALS { |
| DWORD dwVersion; |
| DWORD dwCredFormat; |
| DWORD cCreds; |
| PCCERT_CONTEXT *paCred; |
| HCERTSTORE hRootStore; |
| DWORD cMappers; |
| struct _HMAPPER **aphMappers; |
| DWORD dwSessionLifespan; |
| DWORD dwFlags; |
| DWORD cTlsParameters; |
| PTLS_PARAMETERS pTlsParameters; |
| } SCH_CREDENTIALS, *PSCH_CREDENTIALS; |
| |
| #define SCH_CRED_MAX_SUPPORTED_PARAMETERS 16 |
| #define SCH_CRED_MAX_SUPPORTED_ALPN_IDS 16 |
| #define SCH_CRED_MAX_SUPPORTED_CRYPTO_SETTINGS 16 |
| #define SCH_CRED_MAX_SUPPORTED_CHAINING_MODES 16 |
| |
| #endif /* SCHANNEL_USE_BLACKLISTS */ |
| |
| typedef struct _SEND_GENERIC_TLS_EXTENSION { |
| WORD ExtensionType; |
| WORD HandshakeType; |
| DWORD Flags; |
| WORD BufferSize; |
| UCHAR Buffer[ANYSIZE_ARRAY]; |
| } SEND_GENERIC_TLS_EXTENSION, *PSEND_GENERIC_TLS_EXTENSION; |
| |
| typedef struct _TLS_EXTENSION_SUBSCRIPTION { |
| WORD ExtensionType; |
| WORD HandshakeType; |
| } TLS_EXTENSION_SUBSCRIPTION, *PTLS_EXTENSION_SUBSCRIPTION; |
| |
| typedef struct _SUBSCRIBE_GENERIC_TLS_EXTENSION { |
| DWORD Flags; |
| DWORD SubscriptionsCount; |
| TLS_EXTENSION_SUBSCRIPTION Subscriptions[ANYSIZE_ARRAY]; |
| } SUBSCRIBE_GENERIC_TLS_EXTENSION, *PSUBSCRIBE_GENERIC_TLS_EXTENSION; |
| |
| #define SCH_MAX_EXT_SUBSCRIPTIONS 2 |
| |
| #define SCH_CRED_FORMAT_CERT_CONTEXT 0x00000000 |
| #define SCH_CRED_FORMAT_CERT_HASH 0x00000001 |
| #define SCH_CRED_FORMAT_CERT_HASH_STORE 0x00000002 |
| |
| #define SCH_CRED_MAX_STORE_NAME_SIZE 128 |
| #define SCH_CRED_MAX_SUPPORTED_ALGS 256 |
| #define SCH_CRED_MAX_SUPPORTED_CERTS 100 |
| |
| typedef struct _SCHANNEL_CERT_HASH { |
| DWORD dwLength; |
| DWORD dwFlags; |
| HCRYPTPROV hProv; |
| BYTE ShaHash[20]; |
| } SCHANNEL_CERT_HASH,*PSCHANNEL_CERT_HASH; |
| |
| typedef struct _SCHANNEL_CERT_HASH_STORE { |
| DWORD dwLength; |
| DWORD dwFlags; |
| HCRYPTPROV hProv; |
| BYTE ShaHash[20]; |
| WCHAR pwszStoreName[SCH_CRED_MAX_STORE_NAME_SIZE]; |
| } SCHANNEL_CERT_HASH_STORE, *PSCHANNEL_CERT_HASH_STORE; |
| |
| #define SCH_MACHINE_CERT_HASH 0x00000001 |
| |
| #define SCH_CRED_NO_SYSTEM_MAPPER 0x00000002 |
| #define SCH_CRED_NO_SERVERNAME_CHECK 0x00000004 |
| #define SCH_CRED_MANUAL_CRED_VALIDATION 0x00000008 |
| #define SCH_CRED_NO_DEFAULT_CREDS 0x00000010 |
| #define SCH_CRED_AUTO_CRED_VALIDATION 0x00000020 |
| #define SCH_CRED_USE_DEFAULT_CREDS 0x00000040 |
| #define SCH_CRED_DISABLE_RECONNECTS 0x00000080 |
| |
| #define SCH_CRED_REVOCATION_CHECK_END_CERT 0x00000100 |
| #define SCH_CRED_REVOCATION_CHECK_CHAIN 0x00000200 |
| #define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000400 |
| #define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 0x00000800 |
| #define SCH_CRED_IGNORE_REVOCATION_OFFLINE 0x00001000 |
| |
| #define SCH_CRED_RESTRICTED_ROOTS 0x00002000 |
| #define SCH_CRED_REVOCATION_CHECK_CACHE_ONLY 0x00004000 |
| #define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL 0x00008000 |
| |
| #define SCH_CRED_MEMORY_STORE_CERT 0x00010000 |
| |
| #define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE 0x00020000 |
| |
| #define SCH_SEND_ROOT_CERT 0x00040000 |
| #define SCH_CRED_SNI_CREDENTIAL 0x00080000 |
| #define SCH_CRED_SNI_ENABLE_OCSP 0x00100000 |
| #define SCH_SEND_AUX_RECORD 0x00200000 |
| #define SCH_USE_STRONG_CRYPTO 0x00400000 |
| #define SCH_USE_PRESHAREDKEY_ONLY 0x00800000 |
| #define SCH_USE_DTLS_ONLY 0x01000000 |
| #define SCH_ALLOW_NULL_ENCRYPTION 0x02000000 |
| |
| #define SCHANNEL_RENEGOTIATE 0 |
| #define SCHANNEL_SHUTDOWN 1 |
| #define SCHANNEL_ALERT 2 |
| #define SCHANNEL_SESSION 3 |
| |
| typedef struct _SCHANNEL_ALERT_TOKEN { |
| DWORD dwTokenType; |
| DWORD dwAlertType; |
| DWORD dwAlertNumber; |
| } SCHANNEL_ALERT_TOKEN; |
| |
| #define TLS1_ALERT_WARNING 1 |
| #define TLS1_ALERT_FATAL 2 |
| |
| #define TLS1_ALERT_CLOSE_NOTIFY 0 |
| #define TLS1_ALERT_UNEXPECTED_MESSAGE 10 |
| #define TLS1_ALERT_BAD_RECORD_MAC 20 |
| #define TLS1_ALERT_DECRYPTION_FAILED 21 |
| #define TLS1_ALERT_RECORD_OVERFLOW 22 |
| #define TLS1_ALERT_DECOMPRESSION_FAIL 30 |
| #define TLS1_ALERT_HANDSHAKE_FAILURE 40 |
| #define TLS1_ALERT_BAD_CERTIFICATE 42 |
| #define TLS1_ALERT_UNSUPPORTED_CERT 43 |
| #define TLS1_ALERT_CERTIFICATE_REVOKED 44 |
| #define TLS1_ALERT_CERTIFICATE_EXPIRED 45 |
| #define TLS1_ALERT_CERTIFICATE_UNKNOWN 46 |
| #define TLS1_ALERT_ILLEGAL_PARAMETER 47 |
| #define TLS1_ALERT_UNKNOWN_CA 48 |
| #define TLS1_ALERT_ACCESS_DENIED 49 |
| #define TLS1_ALERT_DECODE_ERROR 50 |
| #define TLS1_ALERT_DECRYPT_ERROR 51 |
| #define TLS1_ALERT_EXPORT_RESTRICTION 60 |
| #define TLS1_ALERT_PROTOCOL_VERSION 70 |
| #define TLS1_ALERT_INSUFFIENT_SECURITY 71 |
| #define TLS1_ALERT_INTERNAL_ERROR 80 |
| #define TLS1_ALERT_USER_CANCELED 90 |
| #define TLS1_ALERT_NO_RENEGOTIATION 100 |
| #define TLS1_ALERT_UNSUPPORTED_EXT 110 |
| #define TLS1_ALERT_UNKNOWN_PSK_IDENTITY 115 |
| #define TLS1_ALERT_NO_APP_PROTOCOL 120 |
| |
| #define SSL_SESSION_ENABLE_RECONNECTS 1 |
| #define SSL_SESSION_DISABLE_RECONNECTS 2 |
| |
| typedef struct _SCHANNEL_SESSION_TOKEN { |
| DWORD dwTokenType; |
| DWORD dwFlags; |
| } SCHANNEL_SESSION_TOKEN; |
| |
| typedef struct _SCHANNEL_CLIENT_SIGNATURE { |
| DWORD cbLength; |
| ALG_ID aiHash; |
| DWORD cbHash; |
| BYTE HashValue[36]; |
| BYTE CertThumbprint[20]; |
| } SCHANNEL_CLIENT_SIGNATURE, *PSCHANNEL_CLIENT_SIGNATURE; |
| |
| #define CERT_SCHANNEL_IIS_PRIVATE_KEY_PROP_ID (CERT_FIRST_USER_PROP_ID + 0) |
| #define CERT_SCHANNEL_IIS_PASSWORD_PROP_ID (CERT_FIRST_USER_PROP_ID + 1) |
| #define CERT_SCHANNEL_SGC_CERTIFICATE_PROP_ID (CERT_FIRST_USER_PROP_ID + 2) |
| |
| #define SP_PROT_PCT1_SERVER 0x00000001 |
| #define SP_PROT_PCT1_CLIENT 0x00000002 |
| #define SP_PROT_PCT1 (SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT) |
| |
| #define SP_PROT_SSL2_SERVER 0x00000004 |
| #define SP_PROT_SSL2_CLIENT 0x00000008 |
| #define SP_PROT_SSL2 (SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT) |
| |
| #define SP_PROT_SSL3_SERVER 0x00000010 |
| #define SP_PROT_SSL3_CLIENT 0x00000020 |
| #define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT) |
| |
| #define SP_PROT_TLS1_SERVER 0x00000040 |
| #define SP_PROT_TLS1_CLIENT 0x00000080 |
| #define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT) |
| |
| #define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT) |
| #define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER) |
| #define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1) |
| |
| #define SP_PROT_UNI_SERVER 0x40000000 |
| #define SP_PROT_UNI_CLIENT 0x80000000 |
| #define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT) |
| |
| #define SP_PROT_ALL 0xffffffff |
| #define SP_PROT_NONE 0 |
| #define SP_PROT_CLIENTS (SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT) |
| #define SP_PROT_SERVERS (SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER) |
| |
| #define SP_PROT_TLS1_0_SERVER SP_PROT_TLS1_SERVER |
| #define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT |
| #define SP_PROT_TLS1_0 (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT) |
| |
| #define SP_PROT_TLS1_1_SERVER 0x00000100 |
| #define SP_PROT_TLS1_1_CLIENT 0x00000200 |
| #define SP_PROT_TLS1_1 (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT) |
| |
| #define SP_PROT_TLS1_2_SERVER 0x00000400 |
| #define SP_PROT_TLS1_2_CLIENT 0x00000800 |
| #define SP_PROT_TLS1_2 (SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT) |
| |
| #define SP_PROT_TLS1_3_SERVER 0x00001000 |
| #define SP_PROT_TLS1_3_CLIENT 0x00002000 |
| #define SP_PROT_TLS1_3 (SP_PROT_TLS1_3_SERVER | SP_PROT_TLS1_3_CLIENT) |
| |
| #define SP_PROT_DTLS_SERVER 0x00010000 |
| #define SP_PROT_DTLS_CLIENT 0x00020000 |
| #define SP_PROT_DTLS (SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT ) |
| |
| #define SP_PROT_DTLS1_0_SERVER SP_PROT_DTLS_SERVER |
| #define SP_PROT_DTLS1_0_CLIENT SP_PROT_DTLS_CLIENT |
| #define SP_PROT_DTLS1_0 (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT) |
| |
| #define SP_PROT_DTLS1_2_SERVER 0x00040000 |
| #define SP_PROT_DTLS1_2_CLIENT 0x00080000 |
| #define SP_PROT_DTLS1_2 (SP_PROT_DTLS1_2_SERVER | SP_PROT_DTLS1_2_CLIENT) |
| |
| #define SP_PROT_DTLS1_X_SERVER (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_2_SERVER) |
| #define SP_PROT_DTLS1_X_CLIENT (SP_PROT_DTLS1_0_CLIENT | SP_PROT_DTLS1_2_CLIENT) |
| #define SP_PROT_DTLS1_X (SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT) |
| |
| #define SP_PROT_TLS1_1PLUS_SERVER (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_3_SERVER) |
| #define SP_PROT_TLS1_1PLUS_CLIENT (SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_3_CLIENT) |
| #define SP_PROT_TLS1_1PLUS (SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT) |
| |
| #define SP_PROT_TLS1_3PLUS_SERVER SP_PROT_TLS1_3_SERVER |
| #define SP_PROT_TLS1_3PLUS_CLIENT SP_PROT_TLS1_3_CLIENT |
| #define SP_PROT_TLS1_3PLUS (SP_PROT_TLS1_3PLUS_SERVER | SP_PROT_TLS1_3PLUS_CLIENT) |
| |
| #define SP_PROT_TLS1_X_SERVER (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_3_SERVER) |
| #define SP_PROT_TLS1_X_CLIENT (SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_3_CLIENT) |
| #define SP_PROT_TLS1_X (SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT) |
| |
| #define SP_PROT_SSL3TLS1_X_CLIENTS (SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT) |
| #define SP_PROT_SSL3TLS1_X_SERVERS (SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER) |
| #define SP_PROT_SSL3TLS1_X (SP_PROT_SSL3 | SP_PROT_TLS1_X) |
| |
| #define SP_PROT_X_CLIENTS (SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT | SP_PROT_DTLS1_X_CLIENT ) |
| #define SP_PROT_X_SERVERS (SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER | SP_PROT_DTLS1_X_SERVER ) |
| |
| typedef WINBOOL (*SSL_EMPTY_CACHE_FN_A)(LPSTR pszTargetName,DWORD dwFlags); |
| |
| WINBOOL SslEmptyCacheA(LPSTR pszTargetName,DWORD dwFlags); |
| |
| typedef WINBOOL (*SSL_EMPTY_CACHE_FN_W)(LPWSTR pszTargetName,DWORD dwFlags); |
| |
| WINBOOL SslEmptyCacheW(LPWSTR pszTargetName,DWORD dwFlags); |
| |
| #define SSL_EMPTY_CACHE_FN __MINGW_NAME_UAW(SSL_EMPTY_CACHE_FN) |
| #define SslEmptyCache __MINGW_NAME_AW(SslEmptyCache) |
| |
| typedef struct _SSL_CREDENTIAL_CERTIFICATE { |
| DWORD cbPrivateKey; |
| PBYTE pPrivateKey; |
| DWORD cbCertificate; |
| PBYTE pCertificate; |
| PSTR pszPassword; |
| } SSL_CREDENTIAL_CERTIFICATE,*PSSL_CREDENTIAL_CERTIFICATE; |
| |
| #define SCHANNEL_SECRET_TYPE_CAPI 0x00000001 |
| #define SCHANNEL_SECRET_PRIVKEY 0x00000002 |
| #define SCH_CRED_X509_CERTCHAIN 0x00000001 |
| #define SCH_CRED_X509_CAPI 0x00000002 |
| #define SCH_CRED_CERT_CONTEXT 0x00000003 |
| |
| struct _HMAPPER; |
| typedef struct _SCH_CRED { |
| DWORD dwVersion; |
| DWORD cCreds; |
| PVOID *paSecret; |
| PVOID *paPublic; |
| DWORD cMappers; |
| struct _HMAPPER **aphMappers; |
| } SCH_CRED,*PSCH_CRED; |
| |
| typedef struct _SCH_CRED_SECRET_CAPI { |
| DWORD dwType; |
| HCRYPTPROV hProv; |
| } SCH_CRED_SECRET_CAPI,*PSCH_CRED_SECRET_CAPI; |
| |
| typedef struct _SCH_CRED_SECRET_PRIVKEY { |
| DWORD dwType; |
| PBYTE pPrivateKey; |
| DWORD cbPrivateKey; |
| PSTR pszPassword; |
| } SCH_CRED_SECRET_PRIVKEY,*PSCH_CRED_SECRET_PRIVKEY; |
| |
| typedef struct _SCH_CRED_PUBLIC_CERTCHAIN { |
| DWORD dwType; |
| DWORD cbCertChain; |
| PBYTE pCertChain; |
| } SCH_CRED_PUBLIC_CERTCHAIN,*PSCH_CRED_PUBLIC_CERTCHAIN; |
| |
| typedef struct _SCH_CRED_PUBLIC_CAPI { |
| DWORD dwType; |
| HCRYPTPROV hProv; |
| } SCH_CRED_PUBLIC_CAPI,*PSCH_CRED_PUBLIC_CAPI; |
| |
| typedef struct _PctPublicKey { |
| DWORD Type; |
| DWORD cbKey; |
| UCHAR pKey[1]; |
| } PctPublicKey; |
| |
| typedef struct _X509Certificate { |
| DWORD Version; |
| DWORD SerialNumber[4]; |
| ALG_ID SignatureAlgorithm; |
| FILETIME ValidFrom; |
| FILETIME ValidUntil; |
| PSTR pszIssuer; |
| PSTR pszSubject; |
| PctPublicKey *pPublicKey; |
| } X509Certificate,*PX509Certificate; |
| |
| WINBOOL SslGenerateKeyPair(PSSL_CREDENTIAL_CERTIFICATE pCerts,PSTR pszDN,PSTR pszPassword,DWORD Bits); |
| VOID SslGenerateRandomBits(PUCHAR pRandomData,LONG cRandomData); |
| WINBOOL SslCrackCertificate(PUCHAR pbCertificate,DWORD cbCertificate,DWORD dwFlags,PX509Certificate *ppCertificate); |
| VOID SslFreeCertificate(PX509Certificate pCertificate); |
| DWORD WINAPI SslGetMaximumKeySize(DWORD Reserved); |
| WINBOOL SslGetDefaultIssuers(PBYTE pbIssuers,DWORD *pcbIssuers); |
| |
| #define SSL_CRACK_CERTIFICATE_NAME TEXT("SslCrackCertificate") |
| #define SSL_FREE_CERTIFICATE_NAME TEXT("SslFreeCertificate") |
| |
| typedef WINBOOL (WINAPI *SSL_CRACK_CERTIFICATE_FN)(PUCHAR pbCertificate,DWORD cbCertificate,WINBOOL VerifySignature,PX509Certificate *ppCertificate); |
| typedef VOID (WINAPI *SSL_FREE_CERTIFICATE_FN)(PX509Certificate pCertificate); |
| |
| typedef SECURITY_STATUS (WINAPI *SslGetServerIdentityFn)(PBYTE ClientHello, DWORD ClientHelloSize, PBYTE *ServerIdentity, PDWORD ServerIdentitySize, DWORD Flags); |
| SECURITY_STATUS WINAPI SslGetServerIdentity(PBYTE ClientHello, DWORD ClientHelloSize, PBYTE *ServerIdentity, PDWORD ServerIdentitySize, DWORD Flags); |
| |
| #if NTDDI_VERSION >= NTDDI_WIN10_19H1 |
| |
| typedef struct _SCH_EXTENSION_DATA { |
| WORD ExtensionType; |
| const BYTE *pExtData; |
| DWORD cbExtData; |
| }SCH_EXTENSION_DATA; |
| |
| typedef enum _SchGetExtensionsOptions { |
| SCH_EXTENSIONS_OPTIONS_NONE = 0x0, |
| SCH_NO_RECORD_HEADER = 0x1 |
| }SchGetExtensionsOptions; |
| |
| typedef SECURITY_STATUS (WINAPI *SslGetExtensionsFn)(const BYTE *clientHello, DWORD clientHelloByteSize, SCH_EXTENSION_DATA *genericExtensions, BYTE genericExtensionsCount, DWORD *bytesToRead, SchGetExtensionsOptions flags); |
| SECURITY_STATUS WINAPI SslGetExtensions(const BYTE *clientHello, DWORD clientHelloByteSize, SCH_EXTENSION_DATA *genericExtensions, BYTE genericExtensionsCount, DWORD *bytesToRead, SchGetExtensionsOptions flags); |
| |
| #endif /* NTDDI_VERSION >= NTDDI_WIN10_19H1 */ |
| |
| #endif /* __SCHANNEL_H__ */ |
