// Licensed under the Apache License, Version 2.0 // or the MIT license // , at your option. // All files in the project carrying such notice may not be copied, modified, or distributed // except according to those terms. //! Public Definitions for SCHANNEL Security Provider use shared::guiddef::GUID; use shared::minwindef::{BYTE, DWORD, PBYTE, WORD}; use shared::windef::HWND; use um::wincrypt::{ALG_ID, HCERTSTORE, HCRYPTPROV, PCCERT_CONTEXT, PCERT_NAME_BLOB}; use um::winnt::{HRESULT, LPWSTR, PVOID, WCHAR}; pub const UNISP_NAME: &'static str = "Microsoft Unified Security Protocol Provider"; pub const SSL2SP_NAME: &'static str = "Microsoft SSL 2.0"; pub const SSL3SP_NAME: &'static str = "Microsoft SSL 3.0"; pub const TLS1SP_NAME: &'static str = "Microsoft TLS 1.0"; pub const PCT1SP_NAME: &'static str = "Microsoft PCT 1.0"; pub const SCHANNEL_NAME: &'static str = "Schannel"; ENUM!{enum eTlsSignatureAlgorithm { TlsSignatureAlgorithm_Anonymous = 0, TlsSignatureAlgorithm_Rsa = 1, TlsSignatureAlgorithm_Dsa = 2, TlsSignatureAlgorithm_Ecdsa = 3, }} ENUM!{enum eTlsHashAlgorithm { TlsHashAlgorithm_None = 0, TlsHashAlgorithm_Md5 = 1, TlsHashAlgorithm_Sha1 = 2, TlsHashAlgorithm_Sha224 = 3, TlsHashAlgorithm_Sha256 = 4, TlsHashAlgorithm_Sha384 = 5, TlsHashAlgorithm_Sha512 = 6, }} pub const UNISP_RPC_ID: DWORD = 14; STRUCT!{struct SecPkgContext_RemoteCredentialInfo { cbCertificateChain: DWORD, pbCertificateChain: PBYTE, cCertificates: DWORD, fFlags: DWORD, dwBits: DWORD, }} pub type PSecPkgContext_RemoteCredentialInfo = *mut SecPkgContext_RemoteCredentialInfo; pub type SecPkgContext_RemoteCredenitalInfo = SecPkgContext_RemoteCredentialInfo; pub type PSecPkgContext_RemoteCredenitalInfo = *mut SecPkgContext_RemoteCredentialInfo; pub const RCRED_STATUS_NOCRED: DWORD = 0x00000000; pub const RCRED_CRED_EXISTS: DWORD = 0x00000001; pub const RCRED_STATUS_UNKNOWN_ISSUER: DWORD = 0x00000002; STRUCT!{struct SecPkgContext_LocalCredentialInfo { cbCertificateChain: DWORD, pbCertificateChain: PBYTE, cCertificates: DWORD, fFlags: DWORD, dwBits: DWORD, }} pub type PSecPkgContext_LocalCredentialInfo = *mut SecPkgContext_LocalCredentialInfo; pub type SecPkgContext_LocalCredenitalInfo = SecPkgContext_LocalCredentialInfo; pub type PSecPkgContext_LocalCredenitalInfo = *mut SecPkgContext_LocalCredentialInfo; pub const LCRED_STATUS_NOCRED: DWORD = 0x00000000; pub const LCRED_CRED_EXISTS: DWORD = 0x00000001; pub const LCRED_STATUS_UNKNOWN_ISSUER: DWORD = 0x00000002; STRUCT!{struct SecPkgContext_ClientCertPolicyResult { dwPolicyResult: HRESULT, guidPolicyId: GUID, }} pub type PSecPkgContext_ClientCertPolicyResult = *mut SecPkgContext_ClientCertPolicyResult; STRUCT!{struct SecPkgContext_IssuerListInfoEx { aIssuers: PCERT_NAME_BLOB, cIssuers: DWORD, }} pub type PSecPkgContext_IssuerListInfoEx = *mut SecPkgContext_IssuerListInfoEx; STRUCT!{struct SecPkgContext_ConnectionInfo { dwProtocol: DWORD, aiCipher: ALG_ID, dwCipherStrength: DWORD, aiHash: ALG_ID, dwHashStrength: DWORD, aiExch: ALG_ID, dwExchStrength: DWORD, }} pub type PSecPkgContext_ConnectionInfo = *mut SecPkgContext_ConnectionInfo; pub const SZ_ALG_MAX_SIZE: usize = 64; pub const SECPKGCONTEXT_CIPHERINFO_V1: DWORD = 1; STRUCT!{struct SecPkgContext_CipherInfo { dwVersion: DWORD, dwProtocol: DWORD, dwCipherSuite: DWORD, dwBaseCipherSuite: DWORD, szCipherSuite: [WCHAR; SZ_ALG_MAX_SIZE], szCipher: [WCHAR; SZ_ALG_MAX_SIZE], dwCipherLen: DWORD, dwCipherBlockLen: DWORD, szHash: [WCHAR; SZ_ALG_MAX_SIZE], dwHashLen: DWORD, szExchange: [WCHAR; SZ_ALG_MAX_SIZE], dwMinExchangeLen: DWORD, dwMaxExchangeLen: DWORD, szCertificate: [WCHAR; SZ_ALG_MAX_SIZE], dwKeyType: DWORD, }} pub type PSecPkgContext_CipherInfo = *mut SecPkgContext_CipherInfo; STRUCT!{struct SecPkgContext_EapKeyBlock { rgbKeys: [BYTE; 128], rgbIVs: [BYTE; 64], }} pub type PSecPkgContext_EapKeyBlock = *mut SecPkgContext_EapKeyBlock; STRUCT!{struct SecPkgContext_MappedCredAttr { dwAttribute: DWORD, pvBuffer: PVOID, }} pub type PSecPkgContext_MappedCredAttr = *mut SecPkgContext_MappedCredAttr; pub const SSL_SESSION_RECONNECT: DWORD = 1; STRUCT!{struct SecPkgContext_SessionInfo { dwFlags: DWORD, cbSessionId: DWORD, rgbSessionId: [BYTE; 32], }} pub type PSecPkgContext_SessionInfo = *mut SecPkgContext_SessionInfo; STRUCT!{struct SecPkgContext_SessionAppData { dwFlags: DWORD, cbAppData: DWORD, pbAppData: PBYTE, }} pub type PSecPkgContext_SessionAppData = *mut SecPkgContext_SessionAppData; STRUCT!{struct SecPkgContext_EapPrfInfo { dwVersion: DWORD, cbPrfData: DWORD, pbPrfData: PBYTE, }} pub type PSecPkgContext_EapPrfInfo = *mut SecPkgContext_EapPrfInfo; STRUCT!{struct SecPkgContext_SupportedSignatures { cSignatureAndHashAlgorithms: WORD, pSignatureAndHashAlgorithms: *mut WORD, }} pub type PSecPkgContext_SupportedSignatures = *mut SecPkgContext_SupportedSignatures; STRUCT!{struct SecPkgContext_Certificates { cCertificates: DWORD, cbCertificateChain: DWORD, pbCertificateChain: PBYTE, }} pub type PSecPkgContext_Certificates = *mut SecPkgContext_Certificates; STRUCT!{struct SecPkgContext_CertInfo { dwVersion: DWORD, cbSubjectName: DWORD, pwszSubjectName: LPWSTR, cbIssuerName: DWORD, pwszIssuerName: LPWSTR, dwKeySize: DWORD, }} pub type PSecPkgContext_CertInfo = *mut SecPkgContext_CertInfo; pub const KERN_CONTEXT_CERT_INFO_V1: DWORD = 0x00000000; STRUCT!{struct SecPkgContext_UiInfo { hParentWindow: HWND, }} pub type PSecPkgContext_UiInfo = *mut SecPkgContext_UiInfo; STRUCT!{struct SecPkgContext_EarlyStart { dwEarlyStartFlags: DWORD, }} pub type PSecPkgContext_EarlyStart = *mut SecPkgContext_EarlyStart; pub const ENABLE_TLS_CLIENT_EARLY_START: DWORD = 0x00000001; pub const SCH_CRED_V1: DWORD = 0x00000001; pub const SCH_CRED_V2: DWORD = 0x00000002; pub const SCH_CRED_VERSION: DWORD = 0x00000002; pub const SCH_CRED_V3: DWORD = 0x00000003; pub const SCHANNEL_CRED_VERSION: DWORD = 0x00000004; pub const SCHANNEL_SECRET_TYPE_CAPI: DWORD = 0x00000001; pub const SCHANNEL_SECRET_PRIVKEY: DWORD = 0x00000002; pub const SCH_CRED_X509_CERTCHAIN: DWORD = 0x00000001; pub const SCH_CRED_X509_CAPI: DWORD = 0x00000002; pub const SCH_CRED_CERT_CONTEXT: DWORD = 0x00000003; pub enum _HMAPPER {} STRUCT!{struct SCHANNEL_CRED { dwVersion: DWORD, cCreds: DWORD, paCred: *mut PCCERT_CONTEXT, hRootStore: HCERTSTORE, cMappers: DWORD, aphMappers: *mut *mut _HMAPPER, cSupportedAlgs: DWORD, palgSupportedAlgs: *mut ALG_ID, grbitEnabledProtocols: DWORD, dwMinimumCipherStrength: DWORD, dwMaximumCipherStrength: DWORD, dwSessionLifespan: DWORD, dwFlags: DWORD, dwCredFormat: DWORD, }} pub type PSCHANNEL_CRED = *mut SCHANNEL_CRED; pub const SCH_CRED_FORMAT_CERT_CONTEXT: DWORD = 0x00000000; pub const SCH_CRED_FORMAT_CERT_HASH: DWORD = 0x00000001; pub const SCH_CRED_FORMAT_CERT_HASH_STORE: DWORD = 0x00000002; pub const SCH_CRED_MAX_STORE_NAME_SIZE: usize = 128; pub const SCH_CRED_MAX_SUPPORTED_ALGS: DWORD = 256; pub const SCH_CRED_MAX_SUPPORTED_CERTS: DWORD = 100; STRUCT!{struct SCHANNEL_CERT_HASH { dwLength: DWORD, dwFlags: DWORD, hProv: HCRYPTPROV, ShaHash: [BYTE; 20], }} pub type PSCHANNEL_CERT_HASH = *mut SCHANNEL_CERT_HASH; STRUCT!{struct SCHANNEL_CERT_HASH_STORE { dwLength: DWORD, dwFlags: DWORD, hProv: HCRYPTPROV, ShaHash: [BYTE; 20], pwszStoreName: [WCHAR; SCH_CRED_MAX_STORE_NAME_SIZE], }} pub type PSCHANNEL_CERT_HASH_STORE = *mut SCHANNEL_CERT_HASH_STORE; pub const SCH_MACHINE_CERT_HASH: DWORD = 0x00000001; pub const SCH_CRED_NO_SYSTEM_MAPPER: DWORD = 0x00000002; pub const SCH_CRED_NO_SERVERNAME_CHECK: DWORD = 0x00000004; pub const SCH_CRED_MANUAL_CRED_VALIDATION: DWORD = 0x00000008; pub const SCH_CRED_NO_DEFAULT_CREDS: DWORD = 0x00000010; pub const SCH_CRED_AUTO_CRED_VALIDATION: DWORD = 0x00000020; pub const SCH_CRED_USE_DEFAULT_CREDS: DWORD = 0x00000040; pub const SCH_CRED_DISABLE_RECONNECTS: DWORD = 0x00000080; pub const SCH_CRED_REVOCATION_CHECK_END_CERT: DWORD = 0x00000100; pub const SCH_CRED_REVOCATION_CHECK_CHAIN: DWORD = 0x00000200; pub const SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT: DWORD = 0x00000400; pub const SCH_CRED_IGNORE_NO_REVOCATION_CHECK: DWORD = 0x00000800; pub const SCH_CRED_IGNORE_REVOCATION_OFFLINE: DWORD = 0x00001000; pub const SCH_CRED_RESTRICTED_ROOTS: DWORD = 0x00002000; pub const SCH_CRED_REVOCATION_CHECK_CACHE_ONLY: DWORD = 0x00004000; pub const SCH_CRED_CACHE_ONLY_URL_RETRIEVAL: DWORD = 0x00008000; pub const SCH_CRED_MEMORY_STORE_CERT: DWORD = 0x00010000; pub const SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE: DWORD = 0x00020000; pub const SCH_SEND_ROOT_CERT: DWORD = 0x00040000; pub const SCH_CRED_SNI_CREDENTIAL: DWORD = 0x00080000; pub const SCH_CRED_SNI_ENABLE_OCSP: DWORD = 0x00100000; pub const SCH_SEND_AUX_RECORD: DWORD = 0x00200000; pub const SCH_USE_STRONG_CRYPTO: DWORD = 0x00400000; pub const SCHANNEL_RENEGOTIATE: DWORD = 0; pub const SCHANNEL_SHUTDOWN: DWORD = 1; pub const SCHANNEL_ALERT: DWORD = 2; pub const SCHANNEL_SESSION: DWORD = 3; STRUCT!{struct SCHANNEL_ALERT_TOKEN { dwTokenType: DWORD, dwAlertType: DWORD, dwAlertNumber: DWORD, }} pub const TLS1_ALERT_WARNING: DWORD = 1; pub const TLS1_ALERT_FATAL: DWORD = 2; pub const TLS1_ALERT_CLOSE_NOTIFY: DWORD = 0; pub const TLS1_ALERT_UNEXPECTED_MESSAGE: DWORD = 10; pub const TLS1_ALERT_BAD_RECORD_MAC: DWORD = 20; pub const TLS1_ALERT_DECRYPTION_FAILED: DWORD = 21; pub const TLS1_ALERT_RECORD_OVERFLOW: DWORD = 22; pub const TLS1_ALERT_DECOMPRESSION_FAIL: DWORD = 30; pub const TLS1_ALERT_HANDSHAKE_FAILURE: DWORD = 40; pub const TLS1_ALERT_BAD_CERTIFICATE: DWORD = 42; pub const TLS1_ALERT_UNSUPPORTED_CERT: DWORD = 43; pub const TLS1_ALERT_CERTIFICATE_REVOKED: DWORD = 44; pub const TLS1_ALERT_CERTIFICATE_EXPIRED: DWORD = 45; pub const TLS1_ALERT_CERTIFICATE_UNKNOWN: DWORD = 46; pub const TLS1_ALERT_ILLEGAL_PARAMETER: DWORD = 47; pub const TLS1_ALERT_UNKNOWN_CA: DWORD = 48; pub const TLS1_ALERT_ACCESS_DENIED: DWORD = 49; pub const TLS1_ALERT_DECODE_ERROR: DWORD = 50; pub const TLS1_ALERT_DECRYPT_ERROR: DWORD = 51; pub const TLS1_ALERT_EXPORT_RESTRICTION: DWORD = 60; pub const TLS1_ALERT_PROTOCOL_VERSION: DWORD = 70; pub const TLS1_ALERT_INSUFFIENT_SECURITY: DWORD = 71; pub const TLS1_ALERT_INTERNAL_ERROR: DWORD = 80; pub const TLS1_ALERT_USER_CANCELED: DWORD = 90; pub const TLS1_ALERT_NO_RENEGOTIATION: DWORD = 100; pub const TLS1_ALERT_UNSUPPORTED_EXT: DWORD = 110; pub const TLS1_ALERT_NO_APP_PROTOCOL: DWORD = 120; pub const SSL_SESSION_ENABLE_RECONNECTS: DWORD = 1; pub const SSL_SESSION_DISABLE_RECONNECTS: DWORD = 2; STRUCT!{struct SCHANNEL_SESSION_TOKEN { dwTokenType: DWORD, dwFlags: DWORD, }} STRUCT!{struct SCHANNEL_CLIENT_SIGNATURE { cbLength: DWORD, aiHash: ALG_ID, cbHash: DWORD, HashValue: [BYTE; 36], CertThumbprint: [BYTE; 20], }} pub type PSCHANNEL_CLIENT_SIGNATURE = *mut SCHANNEL_CLIENT_SIGNATURE; pub const SP_PROT_PCT1_SERVER: DWORD = 0x00000001; pub const SP_PROT_PCT1_CLIENT: DWORD = 0x00000002; pub const SP_PROT_PCT1: DWORD = SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT; pub const SP_PROT_SSL2_SERVER: DWORD = 0x00000004; pub const SP_PROT_SSL2_CLIENT: DWORD = 0x00000008; pub const SP_PROT_SSL2: DWORD = SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT; pub const SP_PROT_SSL3_SERVER: DWORD = 0x00000010; pub const SP_PROT_SSL3_CLIENT: DWORD = 0x00000020; pub const SP_PROT_SSL3: DWORD = SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT; pub const SP_PROT_TLS1_SERVER: DWORD = 0x00000040; pub const SP_PROT_TLS1_CLIENT: DWORD = 0x00000080; pub const SP_PROT_TLS1: DWORD = SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT; pub const SP_PROT_SSL3TLS1_CLIENTS: DWORD = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT; pub const SP_PROT_SSL3TLS1_SERVERS: DWORD = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER; pub const SP_PROT_SSL3TLS1: DWORD = SP_PROT_SSL3 | SP_PROT_TLS1; pub const SP_PROT_UNI_SERVER: DWORD = 0x40000000; pub const SP_PROT_UNI_CLIENT: DWORD = 0x80000000; pub const SP_PROT_UNI: DWORD = SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT; pub const SP_PROT_ALL: DWORD = 0xffffffff; pub const SP_PROT_NONE: DWORD = 0; pub const SP_PROT_CLIENTS: DWORD = SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT; pub const SP_PROT_SERVERS: DWORD = SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER; pub const SP_PROT_TLS1_0_SERVER: DWORD = SP_PROT_TLS1_SERVER; pub const SP_PROT_TLS1_0_CLIENT: DWORD = SP_PROT_TLS1_CLIENT; pub const SP_PROT_TLS1_0: DWORD = SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT; pub const SP_PROT_TLS1_1_SERVER: DWORD = 0x00000100; pub const SP_PROT_TLS1_1_CLIENT: DWORD = 0x00000200; pub const SP_PROT_TLS1_1: DWORD = SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT; pub const SP_PROT_TLS1_2_SERVER: DWORD = 0x00000400; pub const SP_PROT_TLS1_2_CLIENT: DWORD = 0x00000800; pub const SP_PROT_TLS1_2: DWORD = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT; pub const SP_PROT_DTLS_SERVER: DWORD = 0x00010000; pub const SP_PROT_DTLS_CLIENT: DWORD = 0x00020000; pub const SP_PROT_DTLS: DWORD = SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT; pub const SP_PROT_DTLS1_0_SERVER: DWORD = SP_PROT_DTLS_SERVER; pub const SP_PROT_DTLS1_0_CLIENT: DWORD = SP_PROT_DTLS_CLIENT; pub const SP_PROT_DTLS1_0: DWORD = SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT; pub const SP_PROT_DTLS1_X_SERVER: DWORD = SP_PROT_DTLS1_0_SERVER; pub const SP_PROT_DTLS1_X_CLIENT: DWORD = SP_PROT_DTLS1_0_CLIENT; pub const SP_PROT_DTLS1_X: DWORD = SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT; pub const SP_PROT_TLS1_1PLUS_SERVER: DWORD = SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER; pub const SP_PROT_TLS1_1PLUS_CLIENT: DWORD = SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT; pub const SP_PROT_TLS1_1PLUS: DWORD = SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT; pub const SP_PROT_TLS1_X_SERVER: DWORD = SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER; pub const SP_PROT_TLS1_X_CLIENT: DWORD = SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT; pub const SP_PROT_TLS1_X: DWORD = SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT; pub const SP_PROT_SSL3TLS1_X_CLIENTS: DWORD = SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT; pub const SP_PROT_SSL3TLS1_X_SERVERS: DWORD = SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER; pub const SP_PROT_SSL3TLS1_X: DWORD = SP_PROT_SSL3 | SP_PROT_TLS1_X; pub const SP_PROT_X_CLIENTS: DWORD = SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT | SP_PROT_DTLS1_X_CLIENT; pub const SP_PROT_X_SERVERS: DWORD = SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER | SP_PROT_DTLS1_X_SERVER; pub const SSL_CRACK_CERTIFICATE_NAME: &'static str = "SslCrackCertificate"; pub const SSL_FREE_CERTIFICATE_NAME: &'static str = "SslFreeCertificate";