1 // Licensed under the Apache License, Version 2.0
2 // <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
3 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
4 // All files in the project carrying such notice may not be copied, modified, or distributed
5 // except according to those terms.
6 //! Public Definitions for SCHANNEL Security Provider
7 use shared
::guiddef
::GUID
;
8 use shared
::minwindef
::{BYTE, DWORD, PBYTE, WORD}
;
9 use shared
::windef
::HWND
;
10 use um
::wincrypt
::{ALG_ID, HCERTSTORE, HCRYPTPROV, PCCERT_CONTEXT, PCERT_NAME_BLOB}
;
11 use um
::winnt
::{HRESULT, LPWSTR, PVOID, WCHAR}
;
12 pub const UNISP_NAME
: &'
static str = "Microsoft Unified Security Protocol Provider";
13 pub const SSL2SP_NAME
: &'
static str = "Microsoft SSL 2.0";
14 pub const SSL3SP_NAME
: &'
static str = "Microsoft SSL 3.0";
15 pub const TLS1SP_NAME
: &'
static str = "Microsoft TLS 1.0";
16 pub const PCT1SP_NAME
: &'
static str = "Microsoft PCT 1.0";
17 pub const SCHANNEL_NAME
: &'
static str = "Schannel";
18 ENUM
!{enum eTlsSignatureAlgorithm
{
19 TlsSignatureAlgorithm_Anonymous
= 0,
20 TlsSignatureAlgorithm_Rsa
= 1,
21 TlsSignatureAlgorithm_Dsa
= 2,
22 TlsSignatureAlgorithm_Ecdsa
= 3,
24 ENUM
!{enum eTlsHashAlgorithm
{
25 TlsHashAlgorithm_None
= 0,
26 TlsHashAlgorithm_Md5
= 1,
27 TlsHashAlgorithm_Sha1
= 2,
28 TlsHashAlgorithm_Sha224
= 3,
29 TlsHashAlgorithm_Sha256
= 4,
30 TlsHashAlgorithm_Sha384
= 5,
31 TlsHashAlgorithm_Sha512
= 6,
33 pub const UNISP_RPC_ID
: DWORD
= 14;
34 STRUCT
!{struct SecPkgContext_RemoteCredentialInfo
{
35 cbCertificateChain
: DWORD
,
36 pbCertificateChain
: PBYTE
,
41 pub type PSecPkgContext_RemoteCredentialInfo
= *mut SecPkgContext_RemoteCredentialInfo
;
42 pub type SecPkgContext_RemoteCredenitalInfo
= SecPkgContext_RemoteCredentialInfo
;
43 pub type PSecPkgContext_RemoteCredenitalInfo
= *mut SecPkgContext_RemoteCredentialInfo
;
44 pub const RCRED_STATUS_NOCRED
: DWORD
= 0x00000000;
45 pub const RCRED_CRED_EXISTS
: DWORD
= 0x00000001;
46 pub const RCRED_STATUS_UNKNOWN_ISSUER
: DWORD
= 0x00000002;
47 STRUCT
!{struct SecPkgContext_LocalCredentialInfo
{
48 cbCertificateChain
: DWORD
,
49 pbCertificateChain
: PBYTE
,
54 pub type PSecPkgContext_LocalCredentialInfo
= *mut SecPkgContext_LocalCredentialInfo
;
55 pub type SecPkgContext_LocalCredenitalInfo
= SecPkgContext_LocalCredentialInfo
;
56 pub type PSecPkgContext_LocalCredenitalInfo
= *mut SecPkgContext_LocalCredentialInfo
;
57 pub const LCRED_STATUS_NOCRED
: DWORD
= 0x00000000;
58 pub const LCRED_CRED_EXISTS
: DWORD
= 0x00000001;
59 pub const LCRED_STATUS_UNKNOWN_ISSUER
: DWORD
= 0x00000002;
60 STRUCT
!{struct SecPkgContext_ClientCertPolicyResult
{
61 dwPolicyResult
: HRESULT
,
64 pub type PSecPkgContext_ClientCertPolicyResult
= *mut SecPkgContext_ClientCertPolicyResult
;
65 STRUCT
!{struct SecPkgContext_IssuerListInfoEx
{
66 aIssuers
: PCERT_NAME_BLOB
,
69 pub type PSecPkgContext_IssuerListInfoEx
= *mut SecPkgContext_IssuerListInfoEx
;
70 STRUCT
!{struct SecPkgContext_ConnectionInfo
{
73 dwCipherStrength
: DWORD
,
75 dwHashStrength
: DWORD
,
77 dwExchStrength
: DWORD
,
79 pub type PSecPkgContext_ConnectionInfo
= *mut SecPkgContext_ConnectionInfo
;
80 pub const SZ_ALG_MAX_SIZE
: usize = 64;
81 pub const SECPKGCONTEXT_CIPHERINFO_V1
: DWORD
= 1;
82 STRUCT
!{struct SecPkgContext_CipherInfo
{
86 dwBaseCipherSuite
: DWORD
,
87 szCipherSuite
: [WCHAR
; SZ_ALG_MAX_SIZE
],
88 szCipher
: [WCHAR
; SZ_ALG_MAX_SIZE
],
90 dwCipherBlockLen
: DWORD
,
91 szHash
: [WCHAR
; SZ_ALG_MAX_SIZE
],
93 szExchange
: [WCHAR
; SZ_ALG_MAX_SIZE
],
94 dwMinExchangeLen
: DWORD
,
95 dwMaxExchangeLen
: DWORD
,
96 szCertificate
: [WCHAR
; SZ_ALG_MAX_SIZE
],
99 pub type PSecPkgContext_CipherInfo
= *mut SecPkgContext_CipherInfo
;
100 STRUCT
!{struct SecPkgContext_EapKeyBlock
{
101 rgbKeys
: [BYTE
; 128],
104 pub type PSecPkgContext_EapKeyBlock
= *mut SecPkgContext_EapKeyBlock
;
105 STRUCT
!{struct SecPkgContext_MappedCredAttr
{
109 pub type PSecPkgContext_MappedCredAttr
= *mut SecPkgContext_MappedCredAttr
;
110 pub const SSL_SESSION_RECONNECT
: DWORD
= 1;
111 STRUCT
!{struct SecPkgContext_SessionInfo
{
114 rgbSessionId
: [BYTE
; 32],
116 pub type PSecPkgContext_SessionInfo
= *mut SecPkgContext_SessionInfo
;
117 STRUCT
!{struct SecPkgContext_SessionAppData
{
122 pub type PSecPkgContext_SessionAppData
= *mut SecPkgContext_SessionAppData
;
123 STRUCT
!{struct SecPkgContext_EapPrfInfo
{
128 pub type PSecPkgContext_EapPrfInfo
= *mut SecPkgContext_EapPrfInfo
;
129 STRUCT
!{struct SecPkgContext_SupportedSignatures
{
130 cSignatureAndHashAlgorithms
: WORD
,
131 pSignatureAndHashAlgorithms
: *mut WORD
,
133 pub type PSecPkgContext_SupportedSignatures
= *mut SecPkgContext_SupportedSignatures
;
134 STRUCT
!{struct SecPkgContext_Certificates
{
135 cCertificates
: DWORD
,
136 cbCertificateChain
: DWORD
,
137 pbCertificateChain
: PBYTE
,
139 pub type PSecPkgContext_Certificates
= *mut SecPkgContext_Certificates
;
140 STRUCT
!{struct SecPkgContext_CertInfo
{
142 cbSubjectName
: DWORD
,
143 pwszSubjectName
: LPWSTR
,
145 pwszIssuerName
: LPWSTR
,
148 pub type PSecPkgContext_CertInfo
= *mut SecPkgContext_CertInfo
;
149 pub const KERN_CONTEXT_CERT_INFO_V1
: DWORD
= 0x00000000;
150 STRUCT
!{struct SecPkgContext_UiInfo
{
153 pub type PSecPkgContext_UiInfo
= *mut SecPkgContext_UiInfo
;
154 STRUCT
!{struct SecPkgContext_EarlyStart
{
155 dwEarlyStartFlags
: DWORD
,
157 pub type PSecPkgContext_EarlyStart
= *mut SecPkgContext_EarlyStart
;
158 pub const ENABLE_TLS_CLIENT_EARLY_START
: DWORD
= 0x00000001;
159 pub const SCH_CRED_V1
: DWORD
= 0x00000001;
160 pub const SCH_CRED_V2
: DWORD
= 0x00000002;
161 pub const SCH_CRED_VERSION
: DWORD
= 0x00000002;
162 pub const SCH_CRED_V3
: DWORD
= 0x00000003;
163 pub const SCHANNEL_CRED_VERSION
: DWORD
= 0x00000004;
164 pub const SCHANNEL_SECRET_TYPE_CAPI
: DWORD
= 0x00000001;
165 pub const SCHANNEL_SECRET_PRIVKEY
: DWORD
= 0x00000002;
166 pub const SCH_CRED_X509_CERTCHAIN
: DWORD
= 0x00000001;
167 pub const SCH_CRED_X509_CAPI
: DWORD
= 0x00000002;
168 pub const SCH_CRED_CERT_CONTEXT
: DWORD
= 0x00000003;
170 STRUCT
!{struct SCHANNEL_CRED
{
173 paCred
: *mut PCCERT_CONTEXT
,
174 hRootStore
: HCERTSTORE
,
176 aphMappers
: *mut *mut _HMAPPER
,
177 cSupportedAlgs
: DWORD
,
178 palgSupportedAlgs
: *mut ALG_ID
,
179 grbitEnabledProtocols
: DWORD
,
180 dwMinimumCipherStrength
: DWORD
,
181 dwMaximumCipherStrength
: DWORD
,
182 dwSessionLifespan
: DWORD
,
186 pub type PSCHANNEL_CRED
= *mut SCHANNEL_CRED
;
187 pub const SCH_CRED_FORMAT_CERT_CONTEXT
: DWORD
= 0x00000000;
188 pub const SCH_CRED_FORMAT_CERT_HASH
: DWORD
= 0x00000001;
189 pub const SCH_CRED_FORMAT_CERT_HASH_STORE
: DWORD
= 0x00000002;
190 pub const SCH_CRED_MAX_STORE_NAME_SIZE
: usize = 128;
191 pub const SCH_CRED_MAX_SUPPORTED_ALGS
: DWORD
= 256;
192 pub const SCH_CRED_MAX_SUPPORTED_CERTS
: DWORD
= 100;
193 STRUCT
!{struct SCHANNEL_CERT_HASH
{
199 pub type PSCHANNEL_CERT_HASH
= *mut SCHANNEL_CERT_HASH
;
200 STRUCT
!{struct SCHANNEL_CERT_HASH_STORE
{
205 pwszStoreName
: [WCHAR
; SCH_CRED_MAX_STORE_NAME_SIZE
],
207 pub type PSCHANNEL_CERT_HASH_STORE
= *mut SCHANNEL_CERT_HASH_STORE
;
208 pub const SCH_MACHINE_CERT_HASH
: DWORD
= 0x00000001;
209 pub const SCH_CRED_NO_SYSTEM_MAPPER
: DWORD
= 0x00000002;
210 pub const SCH_CRED_NO_SERVERNAME_CHECK
: DWORD
= 0x00000004;
211 pub const SCH_CRED_MANUAL_CRED_VALIDATION
: DWORD
= 0x00000008;
212 pub const SCH_CRED_NO_DEFAULT_CREDS
: DWORD
= 0x00000010;
213 pub const SCH_CRED_AUTO_CRED_VALIDATION
: DWORD
= 0x00000020;
214 pub const SCH_CRED_USE_DEFAULT_CREDS
: DWORD
= 0x00000040;
215 pub const SCH_CRED_DISABLE_RECONNECTS
: DWORD
= 0x00000080;
216 pub const SCH_CRED_REVOCATION_CHECK_END_CERT
: DWORD
= 0x00000100;
217 pub const SCH_CRED_REVOCATION_CHECK_CHAIN
: DWORD
= 0x00000200;
218 pub const SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
: DWORD
= 0x00000400;
219 pub const SCH_CRED_IGNORE_NO_REVOCATION_CHECK
: DWORD
= 0x00000800;
220 pub const SCH_CRED_IGNORE_REVOCATION_OFFLINE
: DWORD
= 0x00001000;
221 pub const SCH_CRED_RESTRICTED_ROOTS
: DWORD
= 0x00002000;
222 pub const SCH_CRED_REVOCATION_CHECK_CACHE_ONLY
: DWORD
= 0x00004000;
223 pub const SCH_CRED_CACHE_ONLY_URL_RETRIEVAL
: DWORD
= 0x00008000;
224 pub const SCH_CRED_MEMORY_STORE_CERT
: DWORD
= 0x00010000;
225 pub const SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE
: DWORD
= 0x00020000;
226 pub const SCH_SEND_ROOT_CERT
: DWORD
= 0x00040000;
227 pub const SCH_CRED_SNI_CREDENTIAL
: DWORD
= 0x00080000;
228 pub const SCH_CRED_SNI_ENABLE_OCSP
: DWORD
= 0x00100000;
229 pub const SCH_SEND_AUX_RECORD
: DWORD
= 0x00200000;
230 pub const SCH_USE_STRONG_CRYPTO
: DWORD
= 0x00400000;
231 pub const SCHANNEL_RENEGOTIATE
: DWORD
= 0;
232 pub const SCHANNEL_SHUTDOWN
: DWORD
= 1;
233 pub const SCHANNEL_ALERT
: DWORD
= 2;
234 pub const SCHANNEL_SESSION
: DWORD
= 3;
235 STRUCT
!{struct SCHANNEL_ALERT_TOKEN
{
238 dwAlertNumber
: DWORD
,
240 pub const TLS1_ALERT_WARNING
: DWORD
= 1;
241 pub const TLS1_ALERT_FATAL
: DWORD
= 2;
242 pub const TLS1_ALERT_CLOSE_NOTIFY
: DWORD
= 0;
243 pub const TLS1_ALERT_UNEXPECTED_MESSAGE
: DWORD
= 10;
244 pub const TLS1_ALERT_BAD_RECORD_MAC
: DWORD
= 20;
245 pub const TLS1_ALERT_DECRYPTION_FAILED
: DWORD
= 21;
246 pub const TLS1_ALERT_RECORD_OVERFLOW
: DWORD
= 22;
247 pub const TLS1_ALERT_DECOMPRESSION_FAIL
: DWORD
= 30;
248 pub const TLS1_ALERT_HANDSHAKE_FAILURE
: DWORD
= 40;
249 pub const TLS1_ALERT_BAD_CERTIFICATE
: DWORD
= 42;
250 pub const TLS1_ALERT_UNSUPPORTED_CERT
: DWORD
= 43;
251 pub const TLS1_ALERT_CERTIFICATE_REVOKED
: DWORD
= 44;
252 pub const TLS1_ALERT_CERTIFICATE_EXPIRED
: DWORD
= 45;
253 pub const TLS1_ALERT_CERTIFICATE_UNKNOWN
: DWORD
= 46;
254 pub const TLS1_ALERT_ILLEGAL_PARAMETER
: DWORD
= 47;
255 pub const TLS1_ALERT_UNKNOWN_CA
: DWORD
= 48;
256 pub const TLS1_ALERT_ACCESS_DENIED
: DWORD
= 49;
257 pub const TLS1_ALERT_DECODE_ERROR
: DWORD
= 50;
258 pub const TLS1_ALERT_DECRYPT_ERROR
: DWORD
= 51;
259 pub const TLS1_ALERT_EXPORT_RESTRICTION
: DWORD
= 60;
260 pub const TLS1_ALERT_PROTOCOL_VERSION
: DWORD
= 70;
261 pub const TLS1_ALERT_INSUFFIENT_SECURITY
: DWORD
= 71;
262 pub const TLS1_ALERT_INTERNAL_ERROR
: DWORD
= 80;
263 pub const TLS1_ALERT_USER_CANCELED
: DWORD
= 90;
264 pub const TLS1_ALERT_NO_RENEGOTIATION
: DWORD
= 100;
265 pub const TLS1_ALERT_UNSUPPORTED_EXT
: DWORD
= 110;
266 pub const TLS1_ALERT_NO_APP_PROTOCOL
: DWORD
= 120;
267 pub const SSL_SESSION_ENABLE_RECONNECTS
: DWORD
= 1;
268 pub const SSL_SESSION_DISABLE_RECONNECTS
: DWORD
= 2;
269 STRUCT
!{struct SCHANNEL_SESSION_TOKEN
{
273 STRUCT
!{struct SCHANNEL_CLIENT_SIGNATURE
{
277 HashValue
: [BYTE
; 36],
278 CertThumbprint
: [BYTE
; 20],
280 pub type PSCHANNEL_CLIENT_SIGNATURE
= *mut SCHANNEL_CLIENT_SIGNATURE
;
281 pub const SP_PROT_PCT1_SERVER
: DWORD
= 0x00000001;
282 pub const SP_PROT_PCT1_CLIENT
: DWORD
= 0x00000002;
283 pub const SP_PROT_PCT1
: DWORD
= SP_PROT_PCT1_SERVER
| SP_PROT_PCT1_CLIENT
;
284 pub const SP_PROT_SSL2_SERVER
: DWORD
= 0x00000004;
285 pub const SP_PROT_SSL2_CLIENT
: DWORD
= 0x00000008;
286 pub const SP_PROT_SSL2
: DWORD
= SP_PROT_SSL2_SERVER
| SP_PROT_SSL2_CLIENT
;
287 pub const SP_PROT_SSL3_SERVER
: DWORD
= 0x00000010;
288 pub const SP_PROT_SSL3_CLIENT
: DWORD
= 0x00000020;
289 pub const SP_PROT_SSL3
: DWORD
= SP_PROT_SSL3_SERVER
| SP_PROT_SSL3_CLIENT
;
290 pub const SP_PROT_TLS1_SERVER
: DWORD
= 0x00000040;
291 pub const SP_PROT_TLS1_CLIENT
: DWORD
= 0x00000080;
292 pub const SP_PROT_TLS1
: DWORD
= SP_PROT_TLS1_SERVER
| SP_PROT_TLS1_CLIENT
;
293 pub const SP_PROT_SSL3TLS1_CLIENTS
: DWORD
= SP_PROT_TLS1_CLIENT
| SP_PROT_SSL3_CLIENT
;
294 pub const SP_PROT_SSL3TLS1_SERVERS
: DWORD
= SP_PROT_TLS1_SERVER
| SP_PROT_SSL3_SERVER
;
295 pub const SP_PROT_SSL3TLS1
: DWORD
= SP_PROT_SSL3
| SP_PROT_TLS1
;
296 pub const SP_PROT_UNI_SERVER
: DWORD
= 0x40000000;
297 pub const SP_PROT_UNI_CLIENT
: DWORD
= 0x80000000;
298 pub const SP_PROT_UNI
: DWORD
= SP_PROT_UNI_SERVER
| SP_PROT_UNI_CLIENT
;
299 pub const SP_PROT_ALL
: DWORD
= 0xffffffff;
300 pub const SP_PROT_NONE
: DWORD
= 0;
301 pub const SP_PROT_CLIENTS
: DWORD
= SP_PROT_PCT1_CLIENT
| SP_PROT_SSL2_CLIENT
302 | SP_PROT_SSL3_CLIENT
| SP_PROT_UNI_CLIENT
| SP_PROT_TLS1_CLIENT
;
303 pub const SP_PROT_SERVERS
: DWORD
= SP_PROT_PCT1_SERVER
| SP_PROT_SSL2_SERVER
304 | SP_PROT_SSL3_SERVER
| SP_PROT_UNI_SERVER
| SP_PROT_TLS1_SERVER
;
305 pub const SP_PROT_TLS1_0_SERVER
: DWORD
= SP_PROT_TLS1_SERVER
;
306 pub const SP_PROT_TLS1_0_CLIENT
: DWORD
= SP_PROT_TLS1_CLIENT
;
307 pub const SP_PROT_TLS1_0
: DWORD
= SP_PROT_TLS1_0_SERVER
| SP_PROT_TLS1_0_CLIENT
;
308 pub const SP_PROT_TLS1_1_SERVER
: DWORD
= 0x00000100;
309 pub const SP_PROT_TLS1_1_CLIENT
: DWORD
= 0x00000200;
310 pub const SP_PROT_TLS1_1
: DWORD
= SP_PROT_TLS1_1_SERVER
| SP_PROT_TLS1_1_CLIENT
;
311 pub const SP_PROT_TLS1_2_SERVER
: DWORD
= 0x00000400;
312 pub const SP_PROT_TLS1_2_CLIENT
: DWORD
= 0x00000800;
313 pub const SP_PROT_TLS1_2
: DWORD
= SP_PROT_TLS1_2_SERVER
| SP_PROT_TLS1_2_CLIENT
;
314 pub const SP_PROT_DTLS_SERVER
: DWORD
= 0x00010000;
315 pub const SP_PROT_DTLS_CLIENT
: DWORD
= 0x00020000;
316 pub const SP_PROT_DTLS
: DWORD
= SP_PROT_DTLS_SERVER
| SP_PROT_DTLS_CLIENT
;
317 pub const SP_PROT_DTLS1_0_SERVER
: DWORD
= SP_PROT_DTLS_SERVER
;
318 pub const SP_PROT_DTLS1_0_CLIENT
: DWORD
= SP_PROT_DTLS_CLIENT
;
319 pub const SP_PROT_DTLS1_0
: DWORD
= SP_PROT_DTLS1_0_SERVER
| SP_PROT_DTLS1_0_CLIENT
;
320 pub const SP_PROT_DTLS1_X_SERVER
: DWORD
= SP_PROT_DTLS1_0_SERVER
;
321 pub const SP_PROT_DTLS1_X_CLIENT
: DWORD
= SP_PROT_DTLS1_0_CLIENT
;
322 pub const SP_PROT_DTLS1_X
: DWORD
= SP_PROT_DTLS1_X_SERVER
| SP_PROT_DTLS1_X_CLIENT
;
323 pub const SP_PROT_TLS1_1PLUS_SERVER
: DWORD
= SP_PROT_TLS1_1_SERVER
| SP_PROT_TLS1_2_SERVER
;
324 pub const SP_PROT_TLS1_1PLUS_CLIENT
: DWORD
= SP_PROT_TLS1_1_CLIENT
| SP_PROT_TLS1_2_CLIENT
;
325 pub const SP_PROT_TLS1_1PLUS
: DWORD
= SP_PROT_TLS1_1PLUS_SERVER
| SP_PROT_TLS1_1PLUS_CLIENT
;
326 pub const SP_PROT_TLS1_X_SERVER
: DWORD
= SP_PROT_TLS1_0_SERVER
| SP_PROT_TLS1_1_SERVER
327 | SP_PROT_TLS1_2_SERVER
;
328 pub const SP_PROT_TLS1_X_CLIENT
: DWORD
= SP_PROT_TLS1_0_CLIENT
| SP_PROT_TLS1_1_CLIENT
329 | SP_PROT_TLS1_2_CLIENT
;
330 pub const SP_PROT_TLS1_X
: DWORD
= SP_PROT_TLS1_X_SERVER
| SP_PROT_TLS1_X_CLIENT
;
331 pub const SP_PROT_SSL3TLS1_X_CLIENTS
: DWORD
= SP_PROT_TLS1_X_CLIENT
| SP_PROT_SSL3_CLIENT
;
332 pub const SP_PROT_SSL3TLS1_X_SERVERS
: DWORD
= SP_PROT_TLS1_X_SERVER
| SP_PROT_SSL3_SERVER
;
333 pub const SP_PROT_SSL3TLS1_X
: DWORD
= SP_PROT_SSL3
| SP_PROT_TLS1_X
;
334 pub const SP_PROT_X_CLIENTS
: DWORD
= SP_PROT_CLIENTS
| SP_PROT_TLS1_X_CLIENT
335 | SP_PROT_DTLS1_X_CLIENT
;
336 pub const SP_PROT_X_SERVERS
: DWORD
= SP_PROT_SERVERS
| SP_PROT_TLS1_X_SERVER
337 | SP_PROT_DTLS1_X_SERVER
;
338 pub const SSL_CRACK_CERTIFICATE_NAME
: &'
static str = "SslCrackCertificate";
339 pub const SSL_FREE_CERTIFICATE_NAME
: &'
static str = "SslFreeCertificate";