Revision control

Copy as Markdown

Other Tools

// Licensed under the Apache License, Version 2.0
// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
// All files in the project carrying such notice may not be copied, modified, or distributed
// except according to those terms.
//! Public Definitions for SCHANNEL Security Provider
use shared::guiddef::GUID;
use shared::minwindef::{BYTE, DWORD, PBYTE, WORD};
use shared::windef::HWND;
use um::wincrypt::{ALG_ID, HCERTSTORE, HCRYPTPROV, PCCERT_CONTEXT, PCERT_NAME_BLOB};
use um::winnt::{HRESULT, LPWSTR, PVOID, WCHAR};
pub const UNISP_NAME: &'static str = "Microsoft Unified Security Protocol Provider";
pub const SSL2SP_NAME: &'static str = "Microsoft SSL 2.0";
pub const SSL3SP_NAME: &'static str = "Microsoft SSL 3.0";
pub const TLS1SP_NAME: &'static str = "Microsoft TLS 1.0";
pub const PCT1SP_NAME: &'static str = "Microsoft PCT 1.0";
pub const SCHANNEL_NAME: &'static str = "Schannel";
ENUM!{enum eTlsSignatureAlgorithm {
TlsSignatureAlgorithm_Anonymous = 0,
TlsSignatureAlgorithm_Rsa = 1,
TlsSignatureAlgorithm_Dsa = 2,
TlsSignatureAlgorithm_Ecdsa = 3,
}}
ENUM!{enum eTlsHashAlgorithm {
TlsHashAlgorithm_None = 0,
TlsHashAlgorithm_Md5 = 1,
TlsHashAlgorithm_Sha1 = 2,
TlsHashAlgorithm_Sha224 = 3,
TlsHashAlgorithm_Sha256 = 4,
TlsHashAlgorithm_Sha384 = 5,
TlsHashAlgorithm_Sha512 = 6,
}}
pub const UNISP_RPC_ID: DWORD = 14;
STRUCT!{struct SecPkgContext_RemoteCredentialInfo {
cbCertificateChain: DWORD,
pbCertificateChain: PBYTE,
cCertificates: DWORD,
fFlags: DWORD,
dwBits: DWORD,
}}
pub type PSecPkgContext_RemoteCredentialInfo = *mut SecPkgContext_RemoteCredentialInfo;
pub type SecPkgContext_RemoteCredenitalInfo = SecPkgContext_RemoteCredentialInfo;
pub type PSecPkgContext_RemoteCredenitalInfo = *mut SecPkgContext_RemoteCredentialInfo;
pub const RCRED_STATUS_NOCRED: DWORD = 0x00000000;
pub const RCRED_CRED_EXISTS: DWORD = 0x00000001;
pub const RCRED_STATUS_UNKNOWN_ISSUER: DWORD = 0x00000002;
STRUCT!{struct SecPkgContext_LocalCredentialInfo {
cbCertificateChain: DWORD,
pbCertificateChain: PBYTE,
cCertificates: DWORD,
fFlags: DWORD,
dwBits: DWORD,
}}
pub type PSecPkgContext_LocalCredentialInfo = *mut SecPkgContext_LocalCredentialInfo;
pub type SecPkgContext_LocalCredenitalInfo = SecPkgContext_LocalCredentialInfo;
pub type PSecPkgContext_LocalCredenitalInfo = *mut SecPkgContext_LocalCredentialInfo;
pub const LCRED_STATUS_NOCRED: DWORD = 0x00000000;
pub const LCRED_CRED_EXISTS: DWORD = 0x00000001;
pub const LCRED_STATUS_UNKNOWN_ISSUER: DWORD = 0x00000002;
STRUCT!{struct SecPkgContext_ClientCertPolicyResult {
dwPolicyResult: HRESULT,
guidPolicyId: GUID,
}}
pub type PSecPkgContext_ClientCertPolicyResult = *mut SecPkgContext_ClientCertPolicyResult;
STRUCT!{struct SecPkgContext_IssuerListInfoEx {
aIssuers: PCERT_NAME_BLOB,
cIssuers: DWORD,
}}
pub type PSecPkgContext_IssuerListInfoEx = *mut SecPkgContext_IssuerListInfoEx;
STRUCT!{struct SecPkgContext_ConnectionInfo {
dwProtocol: DWORD,
aiCipher: ALG_ID,
dwCipherStrength: DWORD,
aiHash: ALG_ID,
dwHashStrength: DWORD,
aiExch: ALG_ID,
dwExchStrength: DWORD,
}}
pub type PSecPkgContext_ConnectionInfo = *mut SecPkgContext_ConnectionInfo;
pub const SZ_ALG_MAX_SIZE: usize = 64;
pub const SECPKGCONTEXT_CIPHERINFO_V1: DWORD = 1;
STRUCT!{struct SecPkgContext_CipherInfo {
dwVersion: DWORD,
dwProtocol: DWORD,
dwCipherSuite: DWORD,
dwBaseCipherSuite: DWORD,
szCipherSuite: [WCHAR; SZ_ALG_MAX_SIZE],
szCipher: [WCHAR; SZ_ALG_MAX_SIZE],
dwCipherLen: DWORD,
dwCipherBlockLen: DWORD,
szHash: [WCHAR; SZ_ALG_MAX_SIZE],
dwHashLen: DWORD,
szExchange: [WCHAR; SZ_ALG_MAX_SIZE],
dwMinExchangeLen: DWORD,
dwMaxExchangeLen: DWORD,
szCertificate: [WCHAR; SZ_ALG_MAX_SIZE],
dwKeyType: DWORD,
}}
pub type PSecPkgContext_CipherInfo = *mut SecPkgContext_CipherInfo;
STRUCT!{struct SecPkgContext_EapKeyBlock {
rgbKeys: [BYTE; 128],
rgbIVs: [BYTE; 64],
}}
pub type PSecPkgContext_EapKeyBlock = *mut SecPkgContext_EapKeyBlock;
STRUCT!{struct SecPkgContext_MappedCredAttr {
dwAttribute: DWORD,
pvBuffer: PVOID,
}}
pub type PSecPkgContext_MappedCredAttr = *mut SecPkgContext_MappedCredAttr;
pub const SSL_SESSION_RECONNECT: DWORD = 1;
STRUCT!{struct SecPkgContext_SessionInfo {
dwFlags: DWORD,
cbSessionId: DWORD,
rgbSessionId: [BYTE; 32],
}}
pub type PSecPkgContext_SessionInfo = *mut SecPkgContext_SessionInfo;
STRUCT!{struct SecPkgContext_SessionAppData {
dwFlags: DWORD,
cbAppData: DWORD,
pbAppData: PBYTE,
}}
pub type PSecPkgContext_SessionAppData = *mut SecPkgContext_SessionAppData;
STRUCT!{struct SecPkgContext_EapPrfInfo {
dwVersion: DWORD,
cbPrfData: DWORD,
pbPrfData: PBYTE,
}}
pub type PSecPkgContext_EapPrfInfo = *mut SecPkgContext_EapPrfInfo;
STRUCT!{struct SecPkgContext_SupportedSignatures {
cSignatureAndHashAlgorithms: WORD,
pSignatureAndHashAlgorithms: *mut WORD,
}}
pub type PSecPkgContext_SupportedSignatures = *mut SecPkgContext_SupportedSignatures;
STRUCT!{struct SecPkgContext_Certificates {
cCertificates: DWORD,
cbCertificateChain: DWORD,
pbCertificateChain: PBYTE,
}}
pub type PSecPkgContext_Certificates = *mut SecPkgContext_Certificates;
STRUCT!{struct SecPkgContext_CertInfo {
dwVersion: DWORD,
cbSubjectName: DWORD,
pwszSubjectName: LPWSTR,
cbIssuerName: DWORD,
pwszIssuerName: LPWSTR,
dwKeySize: DWORD,
}}
pub type PSecPkgContext_CertInfo = *mut SecPkgContext_CertInfo;
pub const KERN_CONTEXT_CERT_INFO_V1: DWORD = 0x00000000;
STRUCT!{struct SecPkgContext_UiInfo {
hParentWindow: HWND,
}}
pub type PSecPkgContext_UiInfo = *mut SecPkgContext_UiInfo;
STRUCT!{struct SecPkgContext_EarlyStart {
dwEarlyStartFlags: DWORD,
}}
pub type PSecPkgContext_EarlyStart = *mut SecPkgContext_EarlyStart;
pub const ENABLE_TLS_CLIENT_EARLY_START: DWORD = 0x00000001;
pub const SCH_CRED_V1: DWORD = 0x00000001;
pub const SCH_CRED_V2: DWORD = 0x00000002;
pub const SCH_CRED_VERSION: DWORD = 0x00000002;
pub const SCH_CRED_V3: DWORD = 0x00000003;
pub const SCHANNEL_CRED_VERSION: DWORD = 0x00000004;
pub const SCHANNEL_SECRET_TYPE_CAPI: DWORD = 0x00000001;
pub const SCHANNEL_SECRET_PRIVKEY: DWORD = 0x00000002;
pub const SCH_CRED_X509_CERTCHAIN: DWORD = 0x00000001;
pub const SCH_CRED_X509_CAPI: DWORD = 0x00000002;
pub const SCH_CRED_CERT_CONTEXT: DWORD = 0x00000003;
pub enum _HMAPPER {}
STRUCT!{struct SCHANNEL_CRED {
dwVersion: DWORD,
cCreds: DWORD,
paCred: *mut PCCERT_CONTEXT,
hRootStore: HCERTSTORE,
cMappers: DWORD,
aphMappers: *mut *mut _HMAPPER,
cSupportedAlgs: DWORD,
palgSupportedAlgs: *mut ALG_ID,
grbitEnabledProtocols: DWORD,
dwMinimumCipherStrength: DWORD,
dwMaximumCipherStrength: DWORD,
dwSessionLifespan: DWORD,
dwFlags: DWORD,
dwCredFormat: DWORD,
}}
pub type PSCHANNEL_CRED = *mut SCHANNEL_CRED;
pub const SCH_CRED_FORMAT_CERT_CONTEXT: DWORD = 0x00000000;
pub const SCH_CRED_FORMAT_CERT_HASH: DWORD = 0x00000001;
pub const SCH_CRED_FORMAT_CERT_HASH_STORE: DWORD = 0x00000002;
pub const SCH_CRED_MAX_STORE_NAME_SIZE: usize = 128;
pub const SCH_CRED_MAX_SUPPORTED_ALGS: DWORD = 256;
pub const SCH_CRED_MAX_SUPPORTED_CERTS: DWORD = 100;
STRUCT!{struct SCHANNEL_CERT_HASH {
dwLength: DWORD,
dwFlags: DWORD,
hProv: HCRYPTPROV,
ShaHash: [BYTE; 20],
}}
pub type PSCHANNEL_CERT_HASH = *mut SCHANNEL_CERT_HASH;
STRUCT!{struct SCHANNEL_CERT_HASH_STORE {
dwLength: DWORD,
dwFlags: DWORD,
hProv: HCRYPTPROV,
ShaHash: [BYTE; 20],
pwszStoreName: [WCHAR; SCH_CRED_MAX_STORE_NAME_SIZE],
}}
pub type PSCHANNEL_CERT_HASH_STORE = *mut SCHANNEL_CERT_HASH_STORE;
pub const SCH_MACHINE_CERT_HASH: DWORD = 0x00000001;
pub const SCH_CRED_NO_SYSTEM_MAPPER: DWORD = 0x00000002;
pub const SCH_CRED_NO_SERVERNAME_CHECK: DWORD = 0x00000004;
pub const SCH_CRED_MANUAL_CRED_VALIDATION: DWORD = 0x00000008;
pub const SCH_CRED_NO_DEFAULT_CREDS: DWORD = 0x00000010;
pub const SCH_CRED_AUTO_CRED_VALIDATION: DWORD = 0x00000020;
pub const SCH_CRED_USE_DEFAULT_CREDS: DWORD = 0x00000040;
pub const SCH_CRED_DISABLE_RECONNECTS: DWORD = 0x00000080;
pub const SCH_CRED_REVOCATION_CHECK_END_CERT: DWORD = 0x00000100;
pub const SCH_CRED_REVOCATION_CHECK_CHAIN: DWORD = 0x00000200;
pub const SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT: DWORD = 0x00000400;
pub const SCH_CRED_IGNORE_NO_REVOCATION_CHECK: DWORD = 0x00000800;
pub const SCH_CRED_IGNORE_REVOCATION_OFFLINE: DWORD = 0x00001000;
pub const SCH_CRED_RESTRICTED_ROOTS: DWORD = 0x00002000;
pub const SCH_CRED_REVOCATION_CHECK_CACHE_ONLY: DWORD = 0x00004000;
pub const SCH_CRED_CACHE_ONLY_URL_RETRIEVAL: DWORD = 0x00008000;
pub const SCH_CRED_MEMORY_STORE_CERT: DWORD = 0x00010000;
pub const SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE: DWORD = 0x00020000;
pub const SCH_SEND_ROOT_CERT: DWORD = 0x00040000;
pub const SCH_CRED_SNI_CREDENTIAL: DWORD = 0x00080000;
pub const SCH_CRED_SNI_ENABLE_OCSP: DWORD = 0x00100000;
pub const SCH_SEND_AUX_RECORD: DWORD = 0x00200000;
pub const SCH_USE_STRONG_CRYPTO: DWORD = 0x00400000;
pub const SCHANNEL_RENEGOTIATE: DWORD = 0;
pub const SCHANNEL_SHUTDOWN: DWORD = 1;
pub const SCHANNEL_ALERT: DWORD = 2;
pub const SCHANNEL_SESSION: DWORD = 3;
STRUCT!{struct SCHANNEL_ALERT_TOKEN {
dwTokenType: DWORD,
dwAlertType: DWORD,
dwAlertNumber: DWORD,
}}
pub const TLS1_ALERT_WARNING: DWORD = 1;
pub const TLS1_ALERT_FATAL: DWORD = 2;
pub const TLS1_ALERT_CLOSE_NOTIFY: DWORD = 0;
pub const TLS1_ALERT_UNEXPECTED_MESSAGE: DWORD = 10;
pub const TLS1_ALERT_BAD_RECORD_MAC: DWORD = 20;
pub const TLS1_ALERT_DECRYPTION_FAILED: DWORD = 21;
pub const TLS1_ALERT_RECORD_OVERFLOW: DWORD = 22;
pub const TLS1_ALERT_DECOMPRESSION_FAIL: DWORD = 30;
pub const TLS1_ALERT_HANDSHAKE_FAILURE: DWORD = 40;
pub const TLS1_ALERT_BAD_CERTIFICATE: DWORD = 42;
pub const TLS1_ALERT_UNSUPPORTED_CERT: DWORD = 43;
pub const TLS1_ALERT_CERTIFICATE_REVOKED: DWORD = 44;
pub const TLS1_ALERT_CERTIFICATE_EXPIRED: DWORD = 45;
pub const TLS1_ALERT_CERTIFICATE_UNKNOWN: DWORD = 46;
pub const TLS1_ALERT_ILLEGAL_PARAMETER: DWORD = 47;
pub const TLS1_ALERT_UNKNOWN_CA: DWORD = 48;
pub const TLS1_ALERT_ACCESS_DENIED: DWORD = 49;
pub const TLS1_ALERT_DECODE_ERROR: DWORD = 50;
pub const TLS1_ALERT_DECRYPT_ERROR: DWORD = 51;
pub const TLS1_ALERT_EXPORT_RESTRICTION: DWORD = 60;
pub const TLS1_ALERT_PROTOCOL_VERSION: DWORD = 70;
pub const TLS1_ALERT_INSUFFIENT_SECURITY: DWORD = 71;
pub const TLS1_ALERT_INTERNAL_ERROR: DWORD = 80;
pub const TLS1_ALERT_USER_CANCELED: DWORD = 90;
pub const TLS1_ALERT_NO_RENEGOTIATION: DWORD = 100;
pub const TLS1_ALERT_UNSUPPORTED_EXT: DWORD = 110;
pub const TLS1_ALERT_NO_APP_PROTOCOL: DWORD = 120;
pub const SSL_SESSION_ENABLE_RECONNECTS: DWORD = 1;
pub const SSL_SESSION_DISABLE_RECONNECTS: DWORD = 2;
STRUCT!{struct SCHANNEL_SESSION_TOKEN {
dwTokenType: DWORD,
dwFlags: DWORD,
}}
STRUCT!{struct SCHANNEL_CLIENT_SIGNATURE {
cbLength: DWORD,
aiHash: ALG_ID,
cbHash: DWORD,
HashValue: [BYTE; 36],
CertThumbprint: [BYTE; 20],
}}
pub type PSCHANNEL_CLIENT_SIGNATURE = *mut SCHANNEL_CLIENT_SIGNATURE;
pub const SP_PROT_PCT1_SERVER: DWORD = 0x00000001;
pub const SP_PROT_PCT1_CLIENT: DWORD = 0x00000002;
pub const SP_PROT_PCT1: DWORD = SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT;
pub const SP_PROT_SSL2_SERVER: DWORD = 0x00000004;
pub const SP_PROT_SSL2_CLIENT: DWORD = 0x00000008;
pub const SP_PROT_SSL2: DWORD = SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT;
pub const SP_PROT_SSL3_SERVER: DWORD = 0x00000010;
pub const SP_PROT_SSL3_CLIENT: DWORD = 0x00000020;
pub const SP_PROT_SSL3: DWORD = SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT;
pub const SP_PROT_TLS1_SERVER: DWORD = 0x00000040;
pub const SP_PROT_TLS1_CLIENT: DWORD = 0x00000080;
pub const SP_PROT_TLS1: DWORD = SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT;
pub const SP_PROT_SSL3TLS1_CLIENTS: DWORD = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT;
pub const SP_PROT_SSL3TLS1_SERVERS: DWORD = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER;
pub const SP_PROT_SSL3TLS1: DWORD = SP_PROT_SSL3 | SP_PROT_TLS1;
pub const SP_PROT_UNI_SERVER: DWORD = 0x40000000;
pub const SP_PROT_UNI_CLIENT: DWORD = 0x80000000;
pub const SP_PROT_UNI: DWORD = SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT;
pub const SP_PROT_ALL: DWORD = 0xffffffff;
pub const SP_PROT_NONE: DWORD = 0;
pub const SP_PROT_CLIENTS: DWORD = SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT
| SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT;
pub const SP_PROT_SERVERS: DWORD = SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER
| SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER;
pub const SP_PROT_TLS1_0_SERVER: DWORD = SP_PROT_TLS1_SERVER;
pub const SP_PROT_TLS1_0_CLIENT: DWORD = SP_PROT_TLS1_CLIENT;
pub const SP_PROT_TLS1_0: DWORD = SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT;
pub const SP_PROT_TLS1_1_SERVER: DWORD = 0x00000100;
pub const SP_PROT_TLS1_1_CLIENT: DWORD = 0x00000200;
pub const SP_PROT_TLS1_1: DWORD = SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT;
pub const SP_PROT_TLS1_2_SERVER: DWORD = 0x00000400;
pub const SP_PROT_TLS1_2_CLIENT: DWORD = 0x00000800;
pub const SP_PROT_TLS1_2: DWORD = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT;
pub const SP_PROT_DTLS_SERVER: DWORD = 0x00010000;
pub const SP_PROT_DTLS_CLIENT: DWORD = 0x00020000;
pub const SP_PROT_DTLS: DWORD = SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT;
pub const SP_PROT_DTLS1_0_SERVER: DWORD = SP_PROT_DTLS_SERVER;
pub const SP_PROT_DTLS1_0_CLIENT: DWORD = SP_PROT_DTLS_CLIENT;
pub const SP_PROT_DTLS1_0: DWORD = SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT;
pub const SP_PROT_DTLS1_X_SERVER: DWORD = SP_PROT_DTLS1_0_SERVER;
pub const SP_PROT_DTLS1_X_CLIENT: DWORD = SP_PROT_DTLS1_0_CLIENT;
pub const SP_PROT_DTLS1_X: DWORD = SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT;
pub const SP_PROT_TLS1_1PLUS_SERVER: DWORD = SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER;
pub const SP_PROT_TLS1_1PLUS_CLIENT: DWORD = SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT;
pub const SP_PROT_TLS1_1PLUS: DWORD = SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT;
pub const SP_PROT_TLS1_X_SERVER: DWORD = SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER
| SP_PROT_TLS1_2_SERVER;
pub const SP_PROT_TLS1_X_CLIENT: DWORD = SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT
| SP_PROT_TLS1_2_CLIENT;
pub const SP_PROT_TLS1_X: DWORD = SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT;
pub const SP_PROT_SSL3TLS1_X_CLIENTS: DWORD = SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT;
pub const SP_PROT_SSL3TLS1_X_SERVERS: DWORD = SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER;
pub const SP_PROT_SSL3TLS1_X: DWORD = SP_PROT_SSL3 | SP_PROT_TLS1_X;
pub const SP_PROT_X_CLIENTS: DWORD = SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT
| SP_PROT_DTLS1_X_CLIENT;
pub const SP_PROT_X_SERVERS: DWORD = SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER
| SP_PROT_DTLS1_X_SERVER;
pub const SSL_CRACK_CERTIFICATE_NAME: &'static str = "SslCrackCertificate";
pub const SSL_FREE_CERTIFICATE_NAME: &'static str = "SslFreeCertificate";