mirror of https://github.com/lianthony/NT4.0
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
260 lines
6.4 KiB
260 lines
6.4 KiB
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1992 - 1996.
|
|
//
|
|
// File: schnlsp.h
|
|
//
|
|
// Contents: Public Definitions for SCHANNEL Security Provider
|
|
//
|
|
// Classes:
|
|
//
|
|
// Functions:
|
|
//
|
|
// History: 6-8-96 a-petesk Created
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
#ifndef __SCHNLSP_H__
|
|
#define __SCHNLSP_H__
|
|
|
|
#include <wincrypt.h>
|
|
|
|
#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
|
|
#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
|
|
|
|
#define SSL2SP_NAME_A "Microsoft SSL"
|
|
#define SSL2SP_NAME_W L"Microsoft SSL"
|
|
|
|
#define SSL3SP_NAME_A "Microsoft SSL 3.0"
|
|
#define SSL3SP_NAME_W L"Microsoft SSL 3.0"
|
|
|
|
#define PCT1SP_NAME_A "Microsoft PCT"
|
|
#define PCT1SP_NAME_W L"Microsoft PCT"
|
|
|
|
|
|
#ifdef UNICODE
|
|
#define UNISP_NAME UNISP_NAME_W
|
|
#define PCT1SP_NAME PCT1SP_NAME_W
|
|
#define SSL2SP_NAME SSL2SP_NAME_W
|
|
#define SSL3SP_NAME SSL3SP_NAME_W
|
|
|
|
#else
|
|
#define UNISP_NAME UNISP_NAME_A
|
|
#define PCT1SP_NAME PCT1SP_NAME_A
|
|
#define SSL2SP_NAME SSL2SP_NAME_A
|
|
#define SSL3SP_NAME SSL3SP_NAME_A
|
|
|
|
#endif
|
|
|
|
#define UNISP_RPC_ID 12
|
|
|
|
|
|
#define SCH_CRED_VERSION 0x00000001
|
|
|
|
#define SCHANNEL_SECRET_TYPE_CAPI 0x00000001
|
|
#define SCHANNEL_SECRET_PRIVKEY 0x00000002
|
|
|
|
#define SCH_CRED_X509_CERTCHAIN 0x00000001
|
|
|
|
|
|
/*
|
|
* CAPI Secret Credential
|
|
* Points to a pre-initialized Capi Provider handle
|
|
*/
|
|
typedef struct _SCH_CRED_SECRET_CAPI
|
|
{
|
|
DWORD dwType; // SCHANNEL_SECRET_TYPE_CAPI
|
|
HCRYPTPROV hProv; // credential secret information.
|
|
|
|
} SCH_CRED_SECRET_CAPI, * PSCH_CRED_SECRET_CAPI;
|
|
|
|
|
|
/*
|
|
* Private Key Secret Credential
|
|
* Contians a potentially encrypted private key in DER
|
|
* format, and a passowrd to crack the key.
|
|
*/
|
|
typedef struct _SCH_CRED_SECRET_PRIVKEY
|
|
{
|
|
DWORD dwType; // SCHANNEL_SECRET_PRIVKEY
|
|
PBYTE pPrivateKey; // Der encoded private key
|
|
DWORD cbPrivateKey;
|
|
PSTR pszPassword; // Password to crack the private key.
|
|
|
|
} SCH_CRED_SECRET_PRIVKEY, * PSCH_CRED_SECRET_PRIVKEY;
|
|
|
|
|
|
/*
|
|
* Public Cert Chain Credential
|
|
* DER encoded chain of certificates, with
|
|
* the leaf certificate corrisponding to the
|
|
* Secret credential
|
|
*/
|
|
typedef struct _SCH_CRED_PUBLIC_CERTCHAIN
|
|
{
|
|
DWORD dwType;
|
|
DWORD cbCertChain;
|
|
PBYTE pCertChain;
|
|
}SCH_CRED_PUBLIC_CERTCHAIN, *PSCH_CRED_PUBLIC_CERTCHAIN;
|
|
|
|
|
|
typedef struct _SCH_CRED
|
|
{
|
|
DWORD dwVersion; // always SCH_CRED_VERSION.
|
|
DWORD cCreds; // Number of credentials.
|
|
PVOID *paSecret; // Array of SCH_CRED_SECRET_* pointers
|
|
PVOID *paPublic; // Array of SCH_CRED_PUBLIC_* pointers
|
|
|
|
} SCH_CRED, * PSCH_CRED;
|
|
|
|
|
|
|
|
|
|
/*
|
|
* QueryContextAttributes extensions
|
|
*/
|
|
|
|
#define SECPKG_ATTR_ISSUER_LIST 0x50
|
|
#define SECPKG_ATTR_REMOTE_CRED 0x51
|
|
|
|
typedef struct _SecPkgContext_IssuerListInfo
|
|
{
|
|
DWORD cbIssuerList;
|
|
PBYTE pIssuerList;
|
|
}SecPkgContext_IssuerListInfo, *PSecPkgContext_IssuerListInfo;
|
|
|
|
typedef struct _SecPkgContext_RemoteCredenitalInfo
|
|
{
|
|
DWORD cbCertificateChain; // count of bytes in cert chain buffer.
|
|
PBYTE pbCertificateChain; // DER encoded chain of certificates, leaf cert first.
|
|
DWORD cCertificates;
|
|
DWORD fFlags;
|
|
}SecPkgContext_RemoteCredenitalInfo, *PSecPkgContext_RemoteCredenitalInfo;
|
|
|
|
typedef struct _PctPublicKey
|
|
{
|
|
DWORD Type;
|
|
DWORD cbKey;
|
|
UCHAR pKey[1];
|
|
} PctPublicKey;
|
|
|
|
typedef struct _X509Certificate {
|
|
DWORD Version;
|
|
DWORD SerialNumber[4];
|
|
ALG_ID SignatureAlgorithm;
|
|
FILETIME ValidFrom;
|
|
FILETIME ValidUntil;
|
|
PSTR pszIssuer;
|
|
PSTR pszSubject;
|
|
PctPublicKey *pPublicKey;
|
|
} X509Certificate, * PX509Certificate;
|
|
|
|
|
|
|
|
#define RCRED_STATUS_NOCRED 0x00000000
|
|
#define RCRED_CRED_EXISTS 0x00000001
|
|
#define RCRED_STATUS_UNKNOWN_ISSUER 0x00000002 // The last cert in this chain has
|
|
// an issuer that is unknown to us.
|
|
|
|
//
|
|
// MessageId: SEC_I_INCOMPLETE_CREDENTIALS
|
|
//
|
|
// MessageText:
|
|
//
|
|
// If this is returned from InitializeSecurityContext, it indicates
|
|
// that the credentials supplied were incomplete, and client-auth was
|
|
// attempted. On receipt, the client should call QueryContextAttributes
|
|
// with SECPKG_ATTR_LOCAL_CERT to get the cert that was negotiated,
|
|
// and the supply the private key with this cert to AcquireCredential
|
|
// to get a new credential. The context should then be closed,
|
|
// and renegotiation should be completed.
|
|
//
|
|
//
|
|
#define SEC_I_INCOMPLETE_CREDENTIALS ((HRESULT)0x00090320L)
|
|
|
|
#define SEC_E_INCOMPLETE_CREDENTIALS ((HRESULT)0x80090320L)
|
|
|
|
|
|
//
|
|
// MessageId: SEC_I_RENEGOTIATE
|
|
//
|
|
// MessageText:
|
|
//
|
|
// This is returned by UnsealMessage, and indicates that the app should
|
|
// restart the renegotiation loop. It should use the existing context, and
|
|
// pass in no data in the input buffers for the first call to AcceptSecurityContext
|
|
// or InitializeSecurityContext.
|
|
//
|
|
#define SEC_I_RENEGOTIATE ((HRESULT)0x00090321L)
|
|
|
|
|
|
|
|
#define NETWORK_DREP 0x00000000
|
|
|
|
|
|
|
|
// Structures for compatability with the old
|
|
// SCHANNEL cred interface.
|
|
|
|
typedef struct _SSL_CREDENTIAL_CERTIFICATE {
|
|
DWORD cbPrivateKey;
|
|
PBYTE pPrivateKey;
|
|
DWORD cbCertificate;
|
|
PBYTE pCertificate;
|
|
PSTR pszPassword;
|
|
} SSL_CREDENTIAL_CERTIFICATE, * PSSL_CREDENTIAL_CERTIFICATE;
|
|
|
|
|
|
|
|
BOOL
|
|
SslGenerateKeyPair(
|
|
PSSL_CREDENTIAL_CERTIFICATE pCerts,
|
|
PSTR pszDN,
|
|
PSTR pszPassword,
|
|
DWORD Bits );
|
|
|
|
|
|
VOID
|
|
SslGenerateRandomBits(
|
|
PUCHAR pRandomData,
|
|
LONG cRandomData
|
|
);
|
|
|
|
|
|
BOOL
|
|
SslCrackCertificate(
|
|
PUCHAR pbCertificate,
|
|
DWORD cbCertificate,
|
|
DWORD dwFlags,
|
|
PX509Certificate * ppCertificate
|
|
);
|
|
|
|
|
|
VOID
|
|
SslFreeCertificate(
|
|
PX509Certificate pCertificate
|
|
);
|
|
|
|
|
|
#define SSL_CRACK_CERTIFICATE_NAME TEXT("SslCrackCertificate")
|
|
#define SSL_FREE_CERTIFICATE_NAME TEXT("SslFreeCertificate")
|
|
|
|
typedef BOOL
|
|
(WINAPI * SSL_CRACK_CERTIFICATE_FN)
|
|
(
|
|
PUCHAR pbCertificate,
|
|
DWORD cbCertificate,
|
|
BOOL VerifySignature,
|
|
PX509Certificate * ppCertificate
|
|
);
|
|
|
|
|
|
typedef VOID
|
|
(WINAPI * SSL_FREE_CERTIFICATE_FN)
|
|
(
|
|
PX509Certificate pCertificate
|
|
);
|
|
|
|
|
|
#endif //__SCHNLSP_H__
|