ViewVC Help
View File | Revision Log | View Changeset | Root Listing
root/Oni2/Daodan/MSYS2/mingw32/i686-w64-mingw32/include/schannel.h
Revision: 1166
Committed: Tue Oct 26 14:22:36 2021 UTC (4 years ago) by rossy
Content type: text/x-chdr
File size: 23685 byte(s)
Log Message: 
Daodan: Replace MinGW build env with an up-to-date MSYS2 env

File Contents

# Content
1 /**
2 * This file has no copyright assigned and is placed in the Public Domain.
3 * This file is part of the mingw-w64 runtime package.
4 * No warranty is given; refer to the file DISCLAIMER.PD within this package.
5 */
6 #ifndef __SCHANNEL_H__
7 #define __SCHANNEL_H__
8
9 #include <_mingw_unicode.h>
10 #include <wincrypt.h>
11
12 #define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
13 #define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
14
15 #define SSL2SP_NAME_A "Microsoft SSL 2.0"
16 #define SSL2SP_NAME_W L"Microsoft SSL 2.0"
17
18 #define SSL3SP_NAME_A "Microsoft SSL 3.0"
19 #define SSL3SP_NAME_W L"Microsoft SSL 3.0"
20
21 #define TLS1SP_NAME_A "Microsoft TLS 1.0"
22 #define TLS1SP_NAME_W L"Microsoft TLS 1.0"
23
24 #define PCT1SP_NAME_A "Microsoft PCT 1.0"
25 #define PCT1SP_NAME_W L"Microsoft PCT 1.0"
26
27 #define SCHANNEL_NAME_A "Schannel"
28 #define SCHANNEL_NAME_W L"Schannel"
29
30 #define DEFAULT_TLS_SSP_NAME_A "Default TLS SSP"
31 #define DEFAULT_TLS_SSP_NAME_W L"Default TLS SSP"
32
33 #define UNISP_NAME __MINGW_NAME_UAW(UNISP_NAME)
34 #define PCT1SP_NAME __MINGW_NAME_UAW(PCT1SP_NAME)
35 #define SSL2SP_NAME __MINGW_NAME_UAW(SSL2SP_NAME)
36 #define SSL3SP_NAME __MINGW_NAME_UAW(SSL3SP_NAME)
37 #define TLS1SP_NAME __MINGW_NAME_UAW(TLS1SP_NAME)
38 #define SCHANNEL_NAME __MINGW_NAME_UAW(SCHANNEL_NAME)
39 #define DEFAULT_TLS_SSP_NAME __MINGW_NAME_UAW(DEFAULT_TLS_SSP_NAME_W)
40
41 typedef enum _eTlsSignatureAlgorithm {
42 TlsSignatureAlgorithm_Anonymous = 0,
43 TlsSignatureAlgorithm_Rsa = 1,
44 TlsSignatureAlgorithm_Dsa = 2,
45 TlsSignatureAlgorithm_Ecdsa = 3
46 } eTlsSignatureAlgorithm;
47
48 typedef enum _eTlsHashAlgorithm {
49 TlsHashAlgorithm_None = 0,
50 TlsHashAlgorithm_Md5 = 1,
51 TlsHashAlgorithm_Sha1 = 2,
52 TlsHashAlgorithm_Sha224 = 3,
53 TlsHashAlgorithm_Sha256 = 4,
54 TlsHashAlgorithm_Sha384 = 5,
55 TlsHashAlgorithm_Sha512 = 6
56 } eTlsHashAlgorithm;
57
58 #define UNISP_RPC_ID 14
59
60 #define SECPKG_ATTR_ISSUER_LIST 0x50
61 #define SECPKG_ATTR_REMOTE_CRED 0x51
62 #define SECPKG_ATTR_LOCAL_CRED 0x52
63 #define SECPKG_ATTR_REMOTE_CERT_CONTEXT 0x53
64 #define SECPKG_ATTR_LOCAL_CERT_CONTEXT 0x54
65 #define SECPKG_ATTR_ROOT_STORE 0x55
66 #define SECPKG_ATTR_SUPPORTED_ALGS 0x56
67 #define SECPKG_ATTR_CIPHER_STRENGTHS 0x57
68 #define SECPKG_ATTR_SUPPORTED_PROTOCOLS 0x58
69 #define SECPKG_ATTR_ISSUER_LIST_EX 0x59
70 #define SECPKG_ATTR_CONNECTION_INFO 0x5a
71 #define SECPKG_ATTR_EAP_KEY_BLOCK 0x5b
72 #define SECPKG_ATTR_MAPPED_CRED_ATTR 0x5c
73 #define SECPKG_ATTR_SESSION_INFO 0x5d
74 #define SECPKG_ATTR_APP_DATA 0x5e
75 #define SECPKG_ATTR_REMOTE_CERTIFICATES 0x5F
76 #define SECPKG_ATTR_CLIENT_CERT_POLICY 0x60
77 #define SECPKG_ATTR_CC_POLICY_RESULT 0x61
78 #define SECPKG_ATTR_USE_NCRYPT 0x62
79 #define SECPKG_ATTR_LOCAL_CERT_INFO 0x63
80 #define SECPKG_ATTR_CIPHER_INFO 0x64
81 #define SECPKG_ATTR_EAP_PRF_INFO 0x65
82 #define SECPKG_ATTR_SUPPORTED_SIGNATURES 0x66
83 #define SECPKG_ATTR_REMOTE_CERT_CHAIN 0x67
84 #define SECPKG_ATTR_UI_INFO 0x68
85 #define SECPKG_ATTR_EARLY_START 0x69
86 #define SECPKG_ATTR_KEYING_MATERIAL_INFO 0x6a
87 #define SECPKG_ATTR_KEYING_MATERIAL 0x6b
88 #define SECPKG_ATTR_SRTP_PARAMETERS 0x6c
89 #define SECPKG_ATTR_TOKEN_BINDING 0x6d
90 #define SECPKG_ATTR_CONNECTION_INFO_EX 0x6e
91 #define SECPKG_ATTR_KEYING_MATERIAL_TOKEN_BINDING 0x6f
92 #define SECPKG_ATTR_KEYING_MATERIAL_INPROC 0x70
93
94 typedef struct _SecPkgContext_IssuerListInfo {
95 DWORD cbIssuerList;
96 PBYTE pIssuerList;
97 } SecPkgContext_IssuerListInfo,*PSecPkgContext_IssuerListInfo;
98
99 typedef struct _SecPkgContext_RemoteCredentialInfo {
100 DWORD cbCertificateChain;
101 PBYTE pbCertificateChain;
102 DWORD cCertificates;
103 DWORD fFlags;
104 DWORD dwBits;
105 } SecPkgContext_RemoteCredentialInfo,*PSecPkgContext_RemoteCredentialInfo;
106
107 typedef SecPkgContext_RemoteCredentialInfo SecPkgContext_RemoteCredenitalInfo,*PSecPkgContext_RemoteCredenitalInfo;
108
109 #define RCRED_STATUS_NOCRED 0x00000000
110 #define RCRED_CRED_EXISTS 0x00000001
111 #define RCRED_STATUS_UNKNOWN_ISSUER 0x00000002
112
113 typedef struct _SecPkgContext_LocalCredentialInfo {
114 DWORD cbCertificateChain;
115 PBYTE pbCertificateChain;
116 DWORD cCertificates;
117 DWORD fFlags;
118 DWORD dwBits;
119 } SecPkgContext_LocalCredentialInfo,*PSecPkgContext_LocalCredentialInfo;
120
121 typedef SecPkgContext_LocalCredentialInfo SecPkgContext_LocalCredenitalInfo,*PSecPkgContext_LocalCredenitalInfo;
122
123 #define LCRED_STATUS_NOCRED 0x00000000
124 #define LCRED_CRED_EXISTS 0x00000001
125 #define LCRED_STATUS_UNKNOWN_ISSUER 0x00000002
126
127 typedef unsigned int ALG_ID;
128
129 typedef struct _SecPkgCred_SupportedAlgs {
130 DWORD cSupportedAlgs;
131 ALG_ID *palgSupportedAlgs;
132 } SecPkgCred_SupportedAlgs,*PSecPkgCred_SupportedAlgs;
133
134 typedef struct _SecPkgCred_CipherStrengths {
135 DWORD dwMinimumCipherStrength;
136 DWORD dwMaximumCipherStrength;
137 } SecPkgCred_CipherStrengths,*PSecPkgCred_CipherStrengths;
138
139 typedef struct _SecPkgCred_SupportedProtocols {
140 DWORD grbitProtocol;
141 } SecPkgCred_SupportedProtocols,*PSecPkgCred_SupportedProtocols;
142
143 typedef struct _SecPkgCred_ClientCertPolicy {
144 DWORD dwFlags;
145 GUID guidPolicyId;
146 DWORD dwCertFlags;
147 DWORD dwUrlRetrievalTimeout;
148 WINBOOL fCheckRevocationFreshnessTime;
149 DWORD dwRevocationFreshnessTime;
150 WINBOOL fOmitUsageCheck;
151 LPWSTR pwszSslCtlStoreName;
152 LPWSTR pwszSslCtlIdentifier;
153 } SecPkgCred_ClientCertPolicy, *PSecPkgCred_ClientCertPolicy;
154
155 typedef struct _SecPkgContext_ClientCertPolicyResult {
156 HRESULT dwPolicyResult;
157 GUID guidPolicyId;
158 } SecPkgContext_ClientCertPolicyResult, *PSecPkgContext_ClientCertPolicyResult;
159
160 typedef struct _SecPkgContext_IssuerListInfoEx {
161 PCERT_NAME_BLOB aIssuers;
162 DWORD cIssuers;
163 } SecPkgContext_IssuerListInfoEx,*PSecPkgContext_IssuerListInfoEx;
164
165 typedef struct _SecPkgContext_ConnectionInfo {
166 DWORD dwProtocol;
167 ALG_ID aiCipher;
168 DWORD dwCipherStrength;
169 ALG_ID aiHash;
170 DWORD dwHashStrength;
171 ALG_ID aiExch;
172 DWORD dwExchStrength;
173 } SecPkgContext_ConnectionInfo,*PSecPkgContext_ConnectionInfo;
174
175 #define SZ_ALG_MAX_SIZE 64
176
177 #define SECPKGCONTEXT_CONNECTION_INFO_EX_V1 1
178
179 typedef struct _SecPkgContext_ConnectionInfoEx {
180 DWORD dwVersion;
181 DWORD dwProtocol;
182 WCHAR szCipher[SZ_ALG_MAX_SIZE];
183 DWORD dwCipherStrength;
184 WCHAR szHash[SZ_ALG_MAX_SIZE];
185 DWORD dwHashStrength;
186 WCHAR szExchange[SZ_ALG_MAX_SIZE];
187 DWORD dwExchStrength;
188 } SecPkgContext_ConnectionInfoEx, *PSecPkgContext_ConnectionInfoEx;
189
190 #define SECPKGCONTEXT_CIPHERINFO_V1 1
191
192 typedef struct _SecPkgContext_CipherInfo {
193 DWORD dwVersion;
194 DWORD dwProtocol;
195 DWORD dwCipherSuite;
196 DWORD dwBaseCipherSuite;
197 WCHAR szCipherSuite[SZ_ALG_MAX_SIZE];
198 WCHAR szCipher[SZ_ALG_MAX_SIZE];
199 DWORD dwCipherLen;
200 DWORD dwCipherBlockLen;
201 WCHAR szHash[SZ_ALG_MAX_SIZE];
202 DWORD dwHashLen;
203 WCHAR szExchange[SZ_ALG_MAX_SIZE];
204 DWORD dwMinExchangeLen;
205 DWORD dwMaxExchangeLen;
206 WCHAR szCertificate[SZ_ALG_MAX_SIZE];
207 DWORD dwKeyType;
208 } SecPkgContext_CipherInfo, *PSecPkgContext_CipherInfo;
209
210 typedef struct _SecPkgContext_EapKeyBlock {
211 BYTE rgbKeys[128];
212 BYTE rgbIVs[64];
213 } SecPkgContext_EapKeyBlock,*PSecPkgContext_EapKeyBlock;
214
215 typedef struct _SecPkgContext_MappedCredAttr {
216 DWORD dwAttribute;
217 PVOID pvBuffer;
218 } SecPkgContext_MappedCredAttr,*PSecPkgContext_MappedCredAttr;
219
220 #define SSL_SESSION_RECONNECT 1
221
222 typedef struct _SecPkgContext_SessionInfo {
223 DWORD dwFlags;
224 DWORD cbSessionId;
225 BYTE rgbSessionId[32];
226 } SecPkgContext_SessionInfo,*PSecPkgContext_SessionInfo;
227
228 typedef struct _SecPkgContext_SessionAppData {
229 DWORD dwFlags;
230 DWORD cbAppData;
231 PBYTE pbAppData;
232 } SecPkgContext_SessionAppData,*PSecPkgContext_SessionAppData;
233
234 typedef struct _SecPkgContext_EapPrfInfo {
235 DWORD dwVersion;
236 DWORD cbPrfData;
237 PBYTE pbPrfData;
238 } SecPkgContext_EapPrfInfo, *PSecPkgContext_EapPrfInfo;
239
240 typedef struct _SecPkgContext_SupportedSignatures {
241 WORD cSignatureAndHashAlgorithms;
242 WORD *pSignatureAndHashAlgorithms;
243 } SecPkgContext_SupportedSignatures, *PSecPkgContext_SupportedSignatures;
244
245 typedef struct _SecPkgContext_Certificates {
246 DWORD cCertificates;
247 DWORD cbCertificateChain;
248 PBYTE pbCertificateChain;
249 } SecPkgContext_Certificates, *PSecPkgContext_Certificates;
250
251 typedef struct _SecPkgContext_CertInfo {
252 DWORD dwVersion;
253 DWORD cbSubjectName;
254 LPWSTR pwszSubjectName;
255 DWORD cbIssuerName;
256 LPWSTR pwszIssuerName;
257 DWORD dwKeySize;
258 } SecPkgContext_CertInfo, *PSecPkgContext_CertInfo;
259
260 #define KERN_CONTEXT_CERT_INFO_V1 0x00000000
261
262 typedef struct _SecPkgContext_UiInfo {
263 HWND hParentWindow;
264 } SecPkgContext_UiInfo, *PSecPkgContext_UiInfo;
265
266 typedef struct _SecPkgContext_EarlyStart {
267 DWORD dwEarlyStartFlags;
268 } SecPkgContext_EarlyStart, *PSecPkgContext_EarlyStart;
269
270 #define ENABLE_TLS_CLIENT_EARLY_START 0x00000001
271
272 typedef struct _SecPkgContext_KeyingMaterialInfo {
273 WORD cbLabel;
274 LPSTR pszLabel;
275 WORD cbContextValue;
276 PBYTE pbContextValue;
277 DWORD cbKeyingMaterial;
278 } SecPkgContext_KeyingMaterialInfo, *PSecPkgContext_KeyingMaterialInfo;
279
280 typedef struct _SecPkgContext_KeyingMaterial {
281 DWORD cbKeyingMaterial;
282 PBYTE pbKeyingMaterial;
283 } SecPkgContext_KeyingMaterial, *PSecPkgContext_KeyingMaterial;
284
285 typedef struct _SecPkgContext_KeyingMaterial_Inproc {
286 WORD cbLabel;
287 LPSTR pszLabel;
288 WORD cbContextValue;
289 PBYTE pbContextValue;
290 DWORD cbKeyingMaterial;
291 PBYTE pbKeyingMaterial;
292 } SecPkgContext_KeyingMaterial_Inproc, *PSecPkgContext_KeyingMaterial_Inproc;
293
294 typedef struct _SecPkgContext_SrtpParameters {
295 WORD ProtectionProfile;
296 BYTE MasterKeyIdentifierSize;
297 PBYTE MasterKeyIdentifier;
298 } SecPkgContext_SrtpParameters, *PSecPkgContext_SrtpParameters;
299
300 typedef struct _SecPkgContext_TokenBinding {
301 BYTE MajorVersion;
302 BYTE MinorVersion;
303 WORD KeyParametersSize;
304 PBYTE KeyParameters;
305 } SecPkgContext_TokenBinding, *PSecPkgContext_TokenBinding;
306
307 #define SCH_CRED_V1 0x00000001
308 #define SCH_CRED_V2 0x00000002
309 #define SCH_CRED_VERSION 0x00000002
310 #define SCH_CRED_V3 0x00000003
311 #define SCHANNEL_CRED_VERSION 0x00000004
312 #define SCH_CREDENTIALS_VERSION 0x00000005
313
314 struct _HMAPPER;
315
316 typedef struct _SCHANNEL_CRED {
317 DWORD dwVersion;
318 DWORD cCreds;
319 PCCERT_CONTEXT *paCred;
320 HCERTSTORE hRootStore;
321 DWORD cMappers;
322 struct _HMAPPER **aphMappers;
323 DWORD cSupportedAlgs;
324 ALG_ID *palgSupportedAlgs;
325 DWORD grbitEnabledProtocols;
326 DWORD dwMinimumCipherStrength;
327 DWORD dwMaximumCipherStrength;
328 DWORD dwSessionLifespan;
329 DWORD dwFlags;
330 DWORD dwCredFormat;
331 } SCHANNEL_CRED,*PSCHANNEL_CRED;
332
333 #ifdef SCHANNEL_USE_BLACKLISTS
334
335 typedef enum _eTlsAlgorithmUsage {
336 TlsParametersCngAlgUsageKeyExchange,
337 TlsParametersCngAlgUsageSignature,
338 TlsParametersCngAlgUsageCipher,
339 TlsParametersCngAlgUsageDigest,
340 TlsParametersCngAlgUsageCertSig
341 } eTlsAlgorithmUsage;
342
343 typedef struct _CRYPTO_SETTINGS {
344 eTlsAlgorithmUsage eAlgorithmUsage;
345 UNICODE_STRING strCngAlgId;
346 DWORD cChainingModes;
347 PUNICODE_STRING rgstrChainingModes;
348 DWORD dwMinBitLength;
349 DWORD dwMaxBitLength;
350 } CRYPTO_SETTINGS, *PCRYPTO_SETTINGS;
351
352 typedef struct _TLS_PARAMETERS {
353 DWORD cAlpnIds;
354 PUNICODE_STRING rgstrAlpnIds;
355 DWORD grbitDisabledProtocols;
356 DWORD cDisabledCrypto;
357 PCRYPTO_SETTINGS pDisabledCrypto;
358 DWORD dwFlags;
359 } TLS_PARAMETERS, *PTLS_PARAMETERS;
360
361 #define TLS_PARAMS_OPTIONAL 0x00000001
362
363 typedef struct _SCH_CREDENTIALS {
364 DWORD dwVersion;
365 DWORD dwCredFormat;
366 DWORD cCreds;
367 PCCERT_CONTEXT *paCred;
368 HCERTSTORE hRootStore;
369 DWORD cMappers;
370 struct _HMAPPER **aphMappers;
371 DWORD dwSessionLifespan;
372 DWORD dwFlags;
373 DWORD cTlsParameters;
374 PTLS_PARAMETERS pTlsParameters;
375 } SCH_CREDENTIALS, *PSCH_CREDENTIALS;
376
377 #define SCH_CRED_MAX_SUPPORTED_PARAMETERS 16
378 #define SCH_CRED_MAX_SUPPORTED_ALPN_IDS 16
379 #define SCH_CRED_MAX_SUPPORTED_CRYPTO_SETTINGS 16
380 #define SCH_CRED_MAX_SUPPORTED_CHAINING_MODES 16
381
382 #endif /* SCHANNEL_USE_BLACKLISTS */
383
384 typedef struct _SEND_GENERIC_TLS_EXTENSION {
385 WORD ExtensionType;
386 WORD HandshakeType;
387 DWORD Flags;
388 WORD BufferSize;
389 UCHAR Buffer[ANYSIZE_ARRAY];
390 } SEND_GENERIC_TLS_EXTENSION, *PSEND_GENERIC_TLS_EXTENSION;
391
392 typedef struct _TLS_EXTENSION_SUBSCRIPTION {
393 WORD ExtensionType;
394 WORD HandshakeType;
395 } TLS_EXTENSION_SUBSCRIPTION, *PTLS_EXTENSION_SUBSCRIPTION;
396
397 typedef struct _SUBSCRIBE_GENERIC_TLS_EXTENSION {
398 DWORD Flags;
399 DWORD SubscriptionsCount;
400 TLS_EXTENSION_SUBSCRIPTION Subscriptions[ANYSIZE_ARRAY];
401 } SUBSCRIBE_GENERIC_TLS_EXTENSION, *PSUBSCRIBE_GENERIC_TLS_EXTENSION;
402
403 #define SCH_MAX_EXT_SUBSCRIPTIONS 2
404
405 #define SCH_CRED_FORMAT_CERT_CONTEXT 0x00000000
406 #define SCH_CRED_FORMAT_CERT_HASH 0x00000001
407 #define SCH_CRED_FORMAT_CERT_HASH_STORE 0x00000002
408
409 #define SCH_CRED_MAX_STORE_NAME_SIZE 128
410 #define SCH_CRED_MAX_SUPPORTED_ALGS 256
411 #define SCH_CRED_MAX_SUPPORTED_CERTS 100
412
413 typedef struct _SCHANNEL_CERT_HASH {
414 DWORD dwLength;
415 DWORD dwFlags;
416 HCRYPTPROV hProv;
417 BYTE ShaHash[20];
418 } SCHANNEL_CERT_HASH,*PSCHANNEL_CERT_HASH;
419
420 typedef struct _SCHANNEL_CERT_HASH_STORE {
421 DWORD dwLength;
422 DWORD dwFlags;
423 HCRYPTPROV hProv;
424 BYTE ShaHash[20];
425 WCHAR pwszStoreName[SCH_CRED_MAX_STORE_NAME_SIZE];
426 } SCHANNEL_CERT_HASH_STORE, *PSCHANNEL_CERT_HASH_STORE;
427
428 #define SCH_MACHINE_CERT_HASH 0x00000001
429
430 #define SCH_CRED_NO_SYSTEM_MAPPER 0x00000002
431 #define SCH_CRED_NO_SERVERNAME_CHECK 0x00000004
432 #define SCH_CRED_MANUAL_CRED_VALIDATION 0x00000008
433 #define SCH_CRED_NO_DEFAULT_CREDS 0x00000010
434 #define SCH_CRED_AUTO_CRED_VALIDATION 0x00000020
435 #define SCH_CRED_USE_DEFAULT_CREDS 0x00000040
436 #define SCH_CRED_DISABLE_RECONNECTS 0x00000080
437
438 #define SCH_CRED_REVOCATION_CHECK_END_CERT 0x00000100
439 #define SCH_CRED_REVOCATION_CHECK_CHAIN 0x00000200
440 #define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000400
441 #define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 0x00000800
442 #define SCH_CRED_IGNORE_REVOCATION_OFFLINE 0x00001000
443
444 #define SCH_CRED_RESTRICTED_ROOTS 0x00002000
445 #define SCH_CRED_REVOCATION_CHECK_CACHE_ONLY 0x00004000
446 #define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL 0x00008000
447
448 #define SCH_CRED_MEMORY_STORE_CERT 0x00010000
449
450 #define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE 0x00020000
451
452 #define SCH_SEND_ROOT_CERT 0x00040000
453 #define SCH_CRED_SNI_CREDENTIAL 0x00080000
454 #define SCH_CRED_SNI_ENABLE_OCSP 0x00100000
455 #define SCH_SEND_AUX_RECORD 0x00200000
456 #define SCH_USE_STRONG_CRYPTO 0x00400000
457 #define SCH_USE_PRESHAREDKEY_ONLY 0x00800000
458 #define SCH_USE_DTLS_ONLY 0x01000000
459 #define SCH_ALLOW_NULL_ENCRYPTION 0x02000000
460
461 #define SCHANNEL_RENEGOTIATE 0
462 #define SCHANNEL_SHUTDOWN 1
463 #define SCHANNEL_ALERT 2
464 #define SCHANNEL_SESSION 3
465
466 typedef struct _SCHANNEL_ALERT_TOKEN {
467 DWORD dwTokenType;
468 DWORD dwAlertType;
469 DWORD dwAlertNumber;
470 } SCHANNEL_ALERT_TOKEN;
471
472 #define TLS1_ALERT_WARNING 1
473 #define TLS1_ALERT_FATAL 2
474
475 #define TLS1_ALERT_CLOSE_NOTIFY 0
476 #define TLS1_ALERT_UNEXPECTED_MESSAGE 10
477 #define TLS1_ALERT_BAD_RECORD_MAC 20
478 #define TLS1_ALERT_DECRYPTION_FAILED 21
479 #define TLS1_ALERT_RECORD_OVERFLOW 22
480 #define TLS1_ALERT_DECOMPRESSION_FAIL 30
481 #define TLS1_ALERT_HANDSHAKE_FAILURE 40
482 #define TLS1_ALERT_BAD_CERTIFICATE 42
483 #define TLS1_ALERT_UNSUPPORTED_CERT 43
484 #define TLS1_ALERT_CERTIFICATE_REVOKED 44
485 #define TLS1_ALERT_CERTIFICATE_EXPIRED 45
486 #define TLS1_ALERT_CERTIFICATE_UNKNOWN 46
487 #define TLS1_ALERT_ILLEGAL_PARAMETER 47
488 #define TLS1_ALERT_UNKNOWN_CA 48
489 #define TLS1_ALERT_ACCESS_DENIED 49
490 #define TLS1_ALERT_DECODE_ERROR 50
491 #define TLS1_ALERT_DECRYPT_ERROR 51
492 #define TLS1_ALERT_EXPORT_RESTRICTION 60
493 #define TLS1_ALERT_PROTOCOL_VERSION 70
494 #define TLS1_ALERT_INSUFFIENT_SECURITY 71
495 #define TLS1_ALERT_INTERNAL_ERROR 80
496 #define TLS1_ALERT_USER_CANCELED 90
497 #define TLS1_ALERT_NO_RENEGOTIATION 100
498 #define TLS1_ALERT_UNSUPPORTED_EXT 110
499 #define TLS1_ALERT_UNKNOWN_PSK_IDENTITY 115
500 #define TLS1_ALERT_NO_APP_PROTOCOL 120
501
502 #define SSL_SESSION_ENABLE_RECONNECTS 1
503 #define SSL_SESSION_DISABLE_RECONNECTS 2
504
505 typedef struct _SCHANNEL_SESSION_TOKEN {
506 DWORD dwTokenType;
507 DWORD dwFlags;
508 } SCHANNEL_SESSION_TOKEN;
509
510 typedef struct _SCHANNEL_CLIENT_SIGNATURE {
511 DWORD cbLength;
512 ALG_ID aiHash;
513 DWORD cbHash;
514 BYTE HashValue[36];
515 BYTE CertThumbprint[20];
516 } SCHANNEL_CLIENT_SIGNATURE, *PSCHANNEL_CLIENT_SIGNATURE;
517
518 #define CERT_SCHANNEL_IIS_PRIVATE_KEY_PROP_ID (CERT_FIRST_USER_PROP_ID + 0)
519 #define CERT_SCHANNEL_IIS_PASSWORD_PROP_ID (CERT_FIRST_USER_PROP_ID + 1)
520 #define CERT_SCHANNEL_SGC_CERTIFICATE_PROP_ID (CERT_FIRST_USER_PROP_ID + 2)
521
522 #define SP_PROT_PCT1_SERVER 0x00000001
523 #define SP_PROT_PCT1_CLIENT 0x00000002
524 #define SP_PROT_PCT1 (SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT)
525
526 #define SP_PROT_SSL2_SERVER 0x00000004
527 #define SP_PROT_SSL2_CLIENT 0x00000008
528 #define SP_PROT_SSL2 (SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT)
529
530 #define SP_PROT_SSL3_SERVER 0x00000010
531 #define SP_PROT_SSL3_CLIENT 0x00000020
532 #define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT)
533
534 #define SP_PROT_TLS1_SERVER 0x00000040
535 #define SP_PROT_TLS1_CLIENT 0x00000080
536 #define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT)
537
538 #define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT)
539 #define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER)
540 #define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1)
541
542 #define SP_PROT_UNI_SERVER 0x40000000
543 #define SP_PROT_UNI_CLIENT 0x80000000
544 #define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT)
545
546 #define SP_PROT_ALL 0xffffffff
547 #define SP_PROT_NONE 0
548 #define SP_PROT_CLIENTS (SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT)
549 #define SP_PROT_SERVERS (SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER)
550
551 #define SP_PROT_TLS1_0_SERVER SP_PROT_TLS1_SERVER
552 #define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT
553 #define SP_PROT_TLS1_0 (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT)
554
555 #define SP_PROT_TLS1_1_SERVER 0x00000100
556 #define SP_PROT_TLS1_1_CLIENT 0x00000200
557 #define SP_PROT_TLS1_1 (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT)
558
559 #define SP_PROT_TLS1_2_SERVER 0x00000400
560 #define SP_PROT_TLS1_2_CLIENT 0x00000800
561 #define SP_PROT_TLS1_2 (SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT)
562
563 #define SP_PROT_TLS1_3_SERVER 0x00001000
564 #define SP_PROT_TLS1_3_CLIENT 0x00002000
565 #define SP_PROT_TLS1_3 (SP_PROT_TLS1_3_SERVER | SP_PROT_TLS1_3_CLIENT)
566
567 #define SP_PROT_DTLS_SERVER 0x00010000
568 #define SP_PROT_DTLS_CLIENT 0x00020000
569 #define SP_PROT_DTLS (SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT )
570
571 #define SP_PROT_DTLS1_0_SERVER SP_PROT_DTLS_SERVER
572 #define SP_PROT_DTLS1_0_CLIENT SP_PROT_DTLS_CLIENT
573 #define SP_PROT_DTLS1_0 (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT)
574
575 #define SP_PROT_DTLS1_2_SERVER 0x00040000
576 #define SP_PROT_DTLS1_2_CLIENT 0x00080000
577 #define SP_PROT_DTLS1_2 (SP_PROT_DTLS1_2_SERVER | SP_PROT_DTLS1_2_CLIENT)
578
579 #define SP_PROT_DTLS1_X_SERVER (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_2_SERVER)
580 #define SP_PROT_DTLS1_X_CLIENT (SP_PROT_DTLS1_0_CLIENT | SP_PROT_DTLS1_2_CLIENT)
581 #define SP_PROT_DTLS1_X (SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT)
582
583 #define SP_PROT_TLS1_1PLUS_SERVER (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_3_SERVER)
584 #define SP_PROT_TLS1_1PLUS_CLIENT (SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_3_CLIENT)
585 #define SP_PROT_TLS1_1PLUS (SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT)
586
587 #define SP_PROT_TLS1_3PLUS_SERVER SP_PROT_TLS1_3_SERVER
588 #define SP_PROT_TLS1_3PLUS_CLIENT SP_PROT_TLS1_3_CLIENT
589 #define SP_PROT_TLS1_3PLUS (SP_PROT_TLS1_3PLUS_SERVER | SP_PROT_TLS1_3PLUS_CLIENT)
590
591 #define SP_PROT_TLS1_X_SERVER (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_3_SERVER)
592 #define SP_PROT_TLS1_X_CLIENT (SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT | SP_PROT_TLS1_3_CLIENT)
593 #define SP_PROT_TLS1_X (SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT)
594
595 #define SP_PROT_SSL3TLS1_X_CLIENTS (SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT)
596 #define SP_PROT_SSL3TLS1_X_SERVERS (SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER)
597 #define SP_PROT_SSL3TLS1_X (SP_PROT_SSL3 | SP_PROT_TLS1_X)
598
599 #define SP_PROT_X_CLIENTS (SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT | SP_PROT_DTLS1_X_CLIENT )
600 #define SP_PROT_X_SERVERS (SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER | SP_PROT_DTLS1_X_SERVER )
601
602 typedef WINBOOL (*SSL_EMPTY_CACHE_FN_A)(LPSTR pszTargetName,DWORD dwFlags);
603
604 WINBOOL SslEmptyCacheA(LPSTR pszTargetName,DWORD dwFlags);
605
606 typedef WINBOOL (*SSL_EMPTY_CACHE_FN_W)(LPWSTR pszTargetName,DWORD dwFlags);
607
608 WINBOOL SslEmptyCacheW(LPWSTR pszTargetName,DWORD dwFlags);
609
610 #define SSL_EMPTY_CACHE_FN __MINGW_NAME_UAW(SSL_EMPTY_CACHE_FN)
611 #define SslEmptyCache __MINGW_NAME_AW(SslEmptyCache)
612
613 typedef struct _SSL_CREDENTIAL_CERTIFICATE {
614 DWORD cbPrivateKey;
615 PBYTE pPrivateKey;
616 DWORD cbCertificate;
617 PBYTE pCertificate;
618 PSTR pszPassword;
619 } SSL_CREDENTIAL_CERTIFICATE,*PSSL_CREDENTIAL_CERTIFICATE;
620
621 #define SCHANNEL_SECRET_TYPE_CAPI 0x00000001
622 #define SCHANNEL_SECRET_PRIVKEY 0x00000002
623 #define SCH_CRED_X509_CERTCHAIN 0x00000001
624 #define SCH_CRED_X509_CAPI 0x00000002
625 #define SCH_CRED_CERT_CONTEXT 0x00000003
626
627 struct _HMAPPER;
628 typedef struct _SCH_CRED {
629 DWORD dwVersion;
630 DWORD cCreds;
631 PVOID *paSecret;
632 PVOID *paPublic;
633 DWORD cMappers;
634 struct _HMAPPER **aphMappers;
635 } SCH_CRED,*PSCH_CRED;
636
637 typedef struct _SCH_CRED_SECRET_CAPI {
638 DWORD dwType;
639 HCRYPTPROV hProv;
640 } SCH_CRED_SECRET_CAPI,*PSCH_CRED_SECRET_CAPI;
641
642 typedef struct _SCH_CRED_SECRET_PRIVKEY {
643 DWORD dwType;
644 PBYTE pPrivateKey;
645 DWORD cbPrivateKey;
646 PSTR pszPassword;
647 } SCH_CRED_SECRET_PRIVKEY,*PSCH_CRED_SECRET_PRIVKEY;
648
649 typedef struct _SCH_CRED_PUBLIC_CERTCHAIN {
650 DWORD dwType;
651 DWORD cbCertChain;
652 PBYTE pCertChain;
653 } SCH_CRED_PUBLIC_CERTCHAIN,*PSCH_CRED_PUBLIC_CERTCHAIN;
654
655 typedef struct _SCH_CRED_PUBLIC_CAPI {
656 DWORD dwType;
657 HCRYPTPROV hProv;
658 } SCH_CRED_PUBLIC_CAPI,*PSCH_CRED_PUBLIC_CAPI;
659
660 typedef struct _PctPublicKey {
661 DWORD Type;
662 DWORD cbKey;
663 UCHAR pKey[1];
664 } PctPublicKey;
665
666 typedef struct _X509Certificate {
667 DWORD Version;
668 DWORD SerialNumber[4];
669 ALG_ID SignatureAlgorithm;
670 FILETIME ValidFrom;
671 FILETIME ValidUntil;
672 PSTR pszIssuer;
673 PSTR pszSubject;
674 PctPublicKey *pPublicKey;
675 } X509Certificate,*PX509Certificate;
676
677 WINBOOL SslGenerateKeyPair(PSSL_CREDENTIAL_CERTIFICATE pCerts,PSTR pszDN,PSTR pszPassword,DWORD Bits);
678 VOID SslGenerateRandomBits(PUCHAR pRandomData,LONG cRandomData);
679 WINBOOL SslCrackCertificate(PUCHAR pbCertificate,DWORD cbCertificate,DWORD dwFlags,PX509Certificate *ppCertificate);
680 VOID SslFreeCertificate(PX509Certificate pCertificate);
681 DWORD WINAPI SslGetMaximumKeySize(DWORD Reserved);
682 WINBOOL SslGetDefaultIssuers(PBYTE pbIssuers,DWORD *pcbIssuers);
683
684 #define SSL_CRACK_CERTIFICATE_NAME TEXT("SslCrackCertificate")
685 #define SSL_FREE_CERTIFICATE_NAME TEXT("SslFreeCertificate")
686
687 typedef WINBOOL (WINAPI *SSL_CRACK_CERTIFICATE_FN)(PUCHAR pbCertificate,DWORD cbCertificate,WINBOOL VerifySignature,PX509Certificate *ppCertificate);
688 typedef VOID (WINAPI *SSL_FREE_CERTIFICATE_FN)(PX509Certificate pCertificate);
689
690 typedef SECURITY_STATUS (WINAPI *SslGetServerIdentityFn)(PBYTE ClientHello, DWORD ClientHelloSize, PBYTE *ServerIdentity, PDWORD ServerIdentitySize, DWORD Flags);
691 SECURITY_STATUS WINAPI SslGetServerIdentity(PBYTE ClientHello, DWORD ClientHelloSize, PBYTE *ServerIdentity, PDWORD ServerIdentitySize, DWORD Flags);
692
693 #if NTDDI_VERSION >= NTDDI_WIN10_19H1
694
695 typedef struct _SCH_EXTENSION_DATA {
696 WORD ExtensionType;
697 const BYTE *pExtData;
698 DWORD cbExtData;
699 }SCH_EXTENSION_DATA;
700
701 typedef enum _SchGetExtensionsOptions {
702 SCH_EXTENSIONS_OPTIONS_NONE = 0x0,
703 SCH_NO_RECORD_HEADER = 0x1
704 }SchGetExtensionsOptions;
705
706 typedef SECURITY_STATUS (WINAPI *SslGetExtensionsFn)(const BYTE *clientHello, DWORD clientHelloByteSize, SCH_EXTENSION_DATA *genericExtensions, BYTE genericExtensionsCount, DWORD *bytesToRead, SchGetExtensionsOptions flags);
707 SECURITY_STATUS WINAPI SslGetExtensions(const BYTE *clientHello, DWORD clientHelloByteSize, SCH_EXTENSION_DATA *genericExtensions, BYTE genericExtensionsCount, DWORD *bytesToRead, SchGetExtensionsOptions flags);
708
709 #endif /* NTDDI_VERSION >= NTDDI_WIN10_19H1 */
710
711 #endif /* __SCHANNEL_H__ */