Blame winpr/include/winpr/schannel.h

Packit 1fb8d4
/**
Packit 1fb8d4
 * WinPR: Windows Portable Runtime
Packit 1fb8d4
 * Schannel Security Package
Packit 1fb8d4
 *
Packit 1fb8d4
 * Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
Packit 1fb8d4
 *
Packit 1fb8d4
 * Licensed under the Apache License, Version 2.0 (the "License");
Packit 1fb8d4
 * you may not use this file except in compliance with the License.
Packit 1fb8d4
 * You may obtain a copy of the License at
Packit 1fb8d4
 *
Packit 1fb8d4
 *     http://www.apache.org/licenses/LICENSE-2.0
Packit 1fb8d4
 *
Packit 1fb8d4
 * Unless required by applicable law or agreed to in writing, software
Packit 1fb8d4
 * distributed under the License is distributed on an "AS IS" BASIS,
Packit 1fb8d4
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Packit 1fb8d4
 * See the License for the specific language governing permissions and
Packit 1fb8d4
 * limitations under the License.
Packit 1fb8d4
 */
Packit 1fb8d4
Packit 1fb8d4
#ifndef WINPR_SSPI_SCHANNEL_H
Packit 1fb8d4
#define WINPR_SSPI_SCHANNEL_H
Packit 1fb8d4
Packit 1fb8d4
#include <winpr/sspi.h>
Packit 1fb8d4
#include <winpr/crypto.h>
Packit 1fb8d4
Packit 1fb8d4
#if defined(_WIN32) && !defined(_UWP)
Packit 1fb8d4
Packit 1fb8d4
#include <schannel.h>
Packit 1fb8d4
Packit 1fb8d4
#else
Packit 1fb8d4
Packit Service 5a9772
#define SCHANNEL_NAME_A "Schannel"
Packit Service 5a9772
#define SCHANNEL_NAME_W L"Schannel"
Packit 1fb8d4
Packit 1fb8d4
#ifdef _UNICODE
Packit Service 5a9772
#define SCHANNEL_NAME SCHANNEL_NAME_W
Packit 1fb8d4
#else
Packit Service 5a9772
#define SCHANNEL_NAME SCHANNEL_NAME_A
Packit 1fb8d4
#endif
Packit 1fb8d4
Packit Service 5a9772
#define SECPKG_ATTR_SUPPORTED_ALGS 86
Packit Service 5a9772
#define SECPKG_ATTR_CIPHER_STRENGTHS 87
Packit Service 5a9772
#define SECPKG_ATTR_SUPPORTED_PROTOCOLS 88
Packit 1fb8d4
Packit 1fb8d4
typedef struct _SecPkgCred_SupportedAlgs
Packit 1fb8d4
{
Packit 1fb8d4
	DWORD cSupportedAlgs;
Packit 1fb8d4
	ALG_ID* palgSupportedAlgs;
Packit 1fb8d4
} SecPkgCred_SupportedAlgs, *PSecPkgCred_SupportedAlgs;
Packit 1fb8d4
Packit 1fb8d4
typedef struct _SecPkgCred_CipherStrengths
Packit 1fb8d4
{
Packit 1fb8d4
	DWORD dwMinimumCipherStrength;
Packit 1fb8d4
	DWORD dwMaximumCipherStrength;
Packit 1fb8d4
} SecPkgCred_CipherStrengths, *PSecPkgCred_CipherStrengths;
Packit 1fb8d4
Packit 1fb8d4
typedef struct _SecPkgCred_SupportedProtocols
Packit 1fb8d4
{
Packit 1fb8d4
	DWORD grbitProtocol;
Packit 1fb8d4
} SecPkgCred_SupportedProtocols, *PSecPkgCred_SupportedProtocols;
Packit 1fb8d4
Packit 1fb8d4
enum eTlsSignatureAlgorithm
Packit 1fb8d4
{
Packit 1fb8d4
	TlsSignatureAlgorithm_Anonymous = 0,
Packit 1fb8d4
	TlsSignatureAlgorithm_Rsa = 1,
Packit 1fb8d4
	TlsSignatureAlgorithm_Dsa = 2,
Packit 1fb8d4
	TlsSignatureAlgorithm_Ecdsa = 3
Packit 1fb8d4
};
Packit 1fb8d4
Packit 1fb8d4
enum eTlsHashAlgorithm
Packit 1fb8d4
{
Packit 1fb8d4
	TlsHashAlgorithm_None = 0,
Packit 1fb8d4
	TlsHashAlgorithm_Md5 = 1,
Packit 1fb8d4
	TlsHashAlgorithm_Sha1 = 2,
Packit 1fb8d4
	TlsHashAlgorithm_Sha224 = 3,
Packit 1fb8d4
	TlsHashAlgorithm_Sha256 = 4,
Packit 1fb8d4
	TlsHashAlgorithm_Sha384 = 5,
Packit 1fb8d4
	TlsHashAlgorithm_Sha512 = 6
Packit 1fb8d4
};
Packit 1fb8d4
Packit Service 5a9772
#define SCH_CRED_V1 0x00000001
Packit Service 5a9772
#define SCH_CRED_V2 0x00000002
Packit Service 5a9772
#define SCH_CRED_VERSION 0x00000002
Packit Service 5a9772
#define SCH_CRED_V3 0x00000003
Packit Service 5a9772
#define SCHANNEL_CRED_VERSION 0x00000004
Packit 1fb8d4
Packit 1fb8d4
struct _HMAPPER;
Packit 1fb8d4
Packit 1fb8d4
typedef struct _SCHANNEL_CRED
Packit 1fb8d4
{
Packit 1fb8d4
	DWORD dwVersion;
Packit 1fb8d4
	DWORD cCreds;
Packit 1fb8d4
	PCCERT_CONTEXT* paCred;
Packit 1fb8d4
	HCERTSTORE hRootStore;
Packit 1fb8d4
Packit 1fb8d4
	DWORD cMappers;
Packit Service 5a9772
	struct _HMAPPER** aphMappers;
Packit 1fb8d4
Packit 1fb8d4
	DWORD cSupportedAlgs;
Packit 1fb8d4
	ALG_ID* palgSupportedAlgs;
Packit 1fb8d4
Packit 1fb8d4
	DWORD grbitEnabledProtocols;
Packit 1fb8d4
	DWORD dwMinimumCipherStrength;
Packit 1fb8d4
	DWORD dwMaximumCipherStrength;
Packit 1fb8d4
	DWORD dwSessionLifespan;
Packit 1fb8d4
	DWORD dwFlags;
Packit 1fb8d4
	DWORD dwCredFormat;
Packit 1fb8d4
} SCHANNEL_CRED, *PSCHANNEL_CRED;
Packit 1fb8d4
Packit Service 5a9772
#define SCH_CRED_FORMAT_CERT_CONTEXT 0x00000000
Packit Service 5a9772
#define SCH_CRED_FORMAT_CERT_HASH 0x00000001
Packit Service 5a9772
#define SCH_CRED_FORMAT_CERT_HASH_STORE 0x00000002
Packit 1fb8d4
Packit Service 5a9772
#define SCH_CRED_MAX_STORE_NAME_SIZE 128
Packit Service 5a9772
#define SCH_CRED_MAX_SUPPORTED_ALGS 256
Packit Service 5a9772
#define SCH_CRED_MAX_SUPPORTED_CERTS 100
Packit 1fb8d4
Packit 1fb8d4
typedef struct _SCHANNEL_CERT_HASH
Packit 1fb8d4
{
Packit 1fb8d4
	DWORD dwLength;
Packit 1fb8d4
	DWORD dwFlags;
Packit 1fb8d4
	HCRYPTPROV hProv;
Packit 1fb8d4
	BYTE ShaHash[20];
Packit 1fb8d4
} SCHANNEL_CERT_HASH, *PSCHANNEL_CERT_HASH;
Packit 1fb8d4
Packit 1fb8d4
typedef struct _SCHANNEL_CERT_HASH_STORE
Packit 1fb8d4
{
Packit Service 5a9772
	DWORD dwLength;
Packit Service 5a9772
	DWORD dwFlags;
Packit Service 5a9772
	HCRYPTPROV hProv;
Packit Service 5a9772
	BYTE ShaHash[20];
Packit Service 5a9772
	WCHAR pwszStoreName[SCH_CRED_MAX_STORE_NAME_SIZE];
Packit 1fb8d4
} SCHANNEL_CERT_HASH_STORE, *PSCHANNEL_CERT_HASH_STORE;
Packit 1fb8d4
Packit Service 5a9772
#define SCH_MACHINE_CERT_HASH 0x00000001
Packit 1fb8d4
Packit Service 5a9772
#define SCH_CRED_NO_SYSTEM_MAPPER 0x00000002
Packit Service 5a9772
#define SCH_CRED_NO_SERVERNAME_CHECK 0x00000004
Packit Service 5a9772
#define SCH_CRED_MANUAL_CRED_VALIDATION 0x00000008
Packit Service 5a9772
#define SCH_CRED_NO_DEFAULT_CREDS 0x00000010
Packit Service 5a9772
#define SCH_CRED_AUTO_CRED_VALIDATION 0x00000020
Packit Service 5a9772
#define SCH_CRED_USE_DEFAULT_CREDS 0x00000040
Packit Service 5a9772
#define SCH_CRED_DISABLE_RECONNECTS 0x00000080
Packit 1fb8d4
Packit Service 5a9772
#define SCH_CRED_REVOCATION_CHECK_END_CERT 0x00000100
Packit Service 5a9772
#define SCH_CRED_REVOCATION_CHECK_CHAIN 0x00000200
Packit Service 5a9772
#define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000400
Packit Service 5a9772
#define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 0x00000800
Packit Service 5a9772
#define SCH_CRED_IGNORE_REVOCATION_OFFLINE 0x00001000
Packit 1fb8d4
Packit Service 5a9772
#define SCH_CRED_RESTRICTED_ROOTS 0x00002000
Packit Service 5a9772
#define SCH_CRED_REVOCATION_CHECK_CACHE_ONLY 0x00004000
Packit Service 5a9772
#define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL 0x00008000
Packit 1fb8d4
Packit Service 5a9772
#define SCH_CRED_MEMORY_STORE_CERT 0x00010000
Packit 1fb8d4
Packit Service 5a9772
#define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE 0x00020000
Packit 1fb8d4
Packit Service 5a9772
#define SCH_SEND_ROOT_CERT 0x00040000
Packit Service 5a9772
#define SCH_CRED_SNI_CREDENTIAL 0x00080000
Packit Service 5a9772
#define SCH_CRED_SNI_ENABLE_OCSP 0x00100000
Packit Service 5a9772
#define SCH_SEND_AUX_RECORD 0x00200000
Packit 1fb8d4
Packit Service 5a9772
#define SCHANNEL_RENEGOTIATE 0
Packit Service 5a9772
#define SCHANNEL_SHUTDOWN 1
Packit Service 5a9772
#define SCHANNEL_ALERT 2
Packit Service 5a9772
#define SCHANNEL_SESSION 3
Packit 1fb8d4
Packit 1fb8d4
typedef struct _SCHANNEL_ALERT_TOKEN
Packit 1fb8d4
{
Packit 1fb8d4
	DWORD dwTokenType;
Packit 1fb8d4
	DWORD dwAlertType;
Packit 1fb8d4
	DWORD dwAlertNumber;
Packit 1fb8d4
} SCHANNEL_ALERT_TOKEN;
Packit 1fb8d4
Packit Service 5a9772
#define TLS1_ALERT_WARNING 1
Packit Service 5a9772
#define TLS1_ALERT_FATAL 2
Packit Service 5a9772
Packit Service 5a9772
#define TLS1_ALERT_CLOSE_NOTIFY 0
Packit Service 5a9772
#define TLS1_ALERT_UNEXPECTED_MESSAGE 10
Packit Service 5a9772
#define TLS1_ALERT_BAD_RECORD_MAC 20
Packit Service 5a9772
#define TLS1_ALERT_DECRYPTION_FAILED 21
Packit Service 5a9772
#define TLS1_ALERT_RECORD_OVERFLOW 22
Packit Service 5a9772
#define TLS1_ALERT_DECOMPRESSION_FAIL 30
Packit Service 5a9772
#define TLS1_ALERT_HANDSHAKE_FAILURE 40
Packit Service 5a9772
#define TLS1_ALERT_BAD_CERTIFICATE 42
Packit Service 5a9772
#define TLS1_ALERT_UNSUPPORTED_CERT 43
Packit Service 5a9772
#define TLS1_ALERT_CERTIFICATE_REVOKED 44
Packit Service 5a9772
#define TLS1_ALERT_CERTIFICATE_EXPIRED 45
Packit Service 5a9772
#define TLS1_ALERT_CERTIFICATE_UNKNOWN 46
Packit Service 5a9772
#define TLS1_ALERT_ILLEGAL_PARAMETER 47
Packit Service 5a9772
#define TLS1_ALERT_UNKNOWN_CA 48
Packit Service 5a9772
#define TLS1_ALERT_ACCESS_DENIED 49
Packit Service 5a9772
#define TLS1_ALERT_DECODE_ERROR 50
Packit Service 5a9772
#define TLS1_ALERT_DECRYPT_ERROR 51
Packit Service 5a9772
#define TLS1_ALERT_EXPORT_RESTRICTION 60
Packit Service 5a9772
#define TLS1_ALERT_PROTOCOL_VERSION 70
Packit Service 5a9772
#define TLS1_ALERT_INSUFFIENT_SECURITY 71
Packit Service 5a9772
#define TLS1_ALERT_INTERNAL_ERROR 80
Packit Service 5a9772
#define TLS1_ALERT_USER_CANCELED 90
Packit Service 5a9772
#define TLS1_ALERT_NO_RENEGOTIATION 100
Packit Service 5a9772
#define TLS1_ALERT_UNSUPPORTED_EXT 110
Packit Service 5a9772
Packit Service 5a9772
#define SSL_SESSION_ENABLE_RECONNECTS 1
Packit Service 5a9772
#define SSL_SESSION_DISABLE_RECONNECTS 2
Packit 1fb8d4
Packit 1fb8d4
typedef struct _SCHANNEL_SESSION_TOKEN
Packit 1fb8d4
{
Packit 1fb8d4
	DWORD dwTokenType;
Packit 1fb8d4
	DWORD dwFlags;
Packit 1fb8d4
} SCHANNEL_SESSION_TOKEN;
Packit 1fb8d4
Packit 1fb8d4
typedef struct _SCHANNEL_CLIENT_SIGNATURE
Packit 1fb8d4
{
Packit 1fb8d4
	DWORD cbLength;
Packit 1fb8d4
	ALG_ID aiHash;
Packit 1fb8d4
	DWORD cbHash;
Packit 1fb8d4
	BYTE HashValue[36];
Packit 1fb8d4
	BYTE CertThumbprint[20];
Packit 1fb8d4
} SCHANNEL_CLIENT_SIGNATURE, *PSCHANNEL_CLIENT_SIGNATURE;
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_SSL3_SERVER 0x00000010
Packit Service 5a9772
#define SP_PROT_SSL3_CLIENT 0x00000020
Packit Service 5a9772
#define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_TLS1_SERVER 0x00000040
Packit Service 5a9772
#define SP_PROT_TLS1_CLIENT 0x00000080
Packit Service 5a9772
#define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT)
Packit Service 5a9772
#define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER)
Packit Service 5a9772
#define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_UNI_SERVER 0x40000000
Packit Service 5a9772
#define SP_PROT_UNI_CLIENT 0x80000000
Packit Service 5a9772
#define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_ALL 0xFFFFFFFF
Packit Service 5a9772
#define SP_PROT_NONE 0
Packit Service 5a9772
#define SP_PROT_CLIENTS (SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT)
Packit Service 5a9772
#define SP_PROT_SERVERS (SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_TLS1_0_SERVER SP_PROT_TLS1_SERVER
Packit Service 5a9772
#define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT
Packit Service 5a9772
#define SP_PROT_TLS1_0 (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_TLS1_1_SERVER 0x00000100
Packit Service 5a9772
#define SP_PROT_TLS1_1_CLIENT 0x00000200
Packit Service 5a9772
#define SP_PROT_TLS1_1 (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_TLS1_2_SERVER 0x00000400
Packit Service 5a9772
#define SP_PROT_TLS1_2_CLIENT 0x00000800
Packit Service 5a9772
#define SP_PROT_TLS1_2 (SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_DTLS_SERVER 0x00010000
Packit Service 5a9772
#define SP_PROT_DTLS_CLIENT 0x00020000
Packit Service 5a9772
#define SP_PROT_DTLS (SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_DTLS1_0_SERVER SP_PROT_DTLS_SERVER
Packit Service 5a9772
#define SP_PROT_DTLS1_0_CLIENT SP_PROT_DTLS_CLIENT
Packit Service 5a9772
#define SP_PROT_DTLS1_0 (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_DTLS1_X_SERVER SP_PROT_DTLS1_0_SERVER
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_DTLS1_X_CLIENT SP_PROT_DTLS1_0_CLIENT
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_DTLS1_X (SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_TLS1_1PLUS_SERVER (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER)
Packit Service 5a9772
#define SP_PROT_TLS1_1PLUS_CLIENT (SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_TLS1_1PLUS (SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_TLS1_X_SERVER \
Packit Service 5a9772
	(SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER)
Packit Service 5a9772
#define SP_PROT_TLS1_X_CLIENT \
Packit Service 5a9772
	(SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT)
Packit Service 5a9772
#define SP_PROT_TLS1_X (SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_SSL3TLS1_X_CLIENTS (SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT)
Packit Service 5a9772
#define SP_PROT_SSL3TLS1_X_SERVERS (SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER)
Packit Service 5a9772
#define SP_PROT_SSL3TLS1_X (SP_PROT_SSL3 | SP_PROT_TLS1_X)
Packit 1fb8d4
Packit Service 5a9772
#define SP_PROT_X_CLIENTS (SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT | SP_PROT_DTLS1_X_CLIENT)
Packit Service 5a9772
#define SP_PROT_X_SERVERS (SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER | SP_PROT_DTLS1_X_SERVER)
Packit 1fb8d4
Packit 1fb8d4
#endif
Packit 1fb8d4
Packit 1fb8d4
#endif /* WINPR_SSPI_SCHANNEL_H */