schannel.h (8810B)
1/** 2 * WinPR: Windows Portable Runtime 3 * Schannel Security Package 4 * 5 * Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com> 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); 8 * you may not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, 15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 */ 19 20#ifndef WINPR_SSPI_SCHANNEL_H 21#define WINPR_SSPI_SCHANNEL_H 22 23#include <winpr/sspi.h> 24#include <winpr/crypto.h> 25 26#if defined(_WIN32) && !defined(_UWP) 27 28#include <schannel.h> 29 30#else 31 32#define SCHANNEL_NAME_A "Schannel" 33#define SCHANNEL_NAME_W L"Schannel" 34 35#ifdef _UNICODE 36#define SCHANNEL_NAME SCHANNEL_NAME_W 37#else 38#define SCHANNEL_NAME SCHANNEL_NAME_A 39#endif 40 41#define SECPKG_ATTR_SUPPORTED_ALGS 86 42#define SECPKG_ATTR_CIPHER_STRENGTHS 87 43#define SECPKG_ATTR_SUPPORTED_PROTOCOLS 88 44 45typedef struct _SecPkgCred_SupportedAlgs 46{ 47 DWORD cSupportedAlgs; 48 ALG_ID* palgSupportedAlgs; 49} SecPkgCred_SupportedAlgs, *PSecPkgCred_SupportedAlgs; 50 51typedef struct _SecPkgCred_CipherStrengths 52{ 53 DWORD dwMinimumCipherStrength; 54 DWORD dwMaximumCipherStrength; 55} SecPkgCred_CipherStrengths, *PSecPkgCred_CipherStrengths; 56 57typedef struct _SecPkgCred_SupportedProtocols 58{ 59 DWORD grbitProtocol; 60} SecPkgCred_SupportedProtocols, *PSecPkgCred_SupportedProtocols; 61 62enum eTlsSignatureAlgorithm 63{ 64 TlsSignatureAlgorithm_Anonymous = 0, 65 TlsSignatureAlgorithm_Rsa = 1, 66 TlsSignatureAlgorithm_Dsa = 2, 67 TlsSignatureAlgorithm_Ecdsa = 3 68}; 69 70enum eTlsHashAlgorithm 71{ 72 TlsHashAlgorithm_None = 0, 73 TlsHashAlgorithm_Md5 = 1, 74 TlsHashAlgorithm_Sha1 = 2, 75 TlsHashAlgorithm_Sha224 = 3, 76 TlsHashAlgorithm_Sha256 = 4, 77 TlsHashAlgorithm_Sha384 = 5, 78 TlsHashAlgorithm_Sha512 = 6 79}; 80 81#define SCH_CRED_V1 0x00000001 82#define SCH_CRED_V2 0x00000002 83#define SCH_CRED_VERSION 0x00000002 84#define SCH_CRED_V3 0x00000003 85#define SCHANNEL_CRED_VERSION 0x00000004 86 87struct _HMAPPER; 88 89typedef struct _SCHANNEL_CRED 90{ 91 DWORD dwVersion; 92 DWORD cCreds; 93 PCCERT_CONTEXT* paCred; 94 HCERTSTORE hRootStore; 95 96 DWORD cMappers; 97 struct _HMAPPER** aphMappers; 98 99 DWORD cSupportedAlgs; 100 ALG_ID* palgSupportedAlgs; 101 102 DWORD grbitEnabledProtocols; 103 DWORD dwMinimumCipherStrength; 104 DWORD dwMaximumCipherStrength; 105 DWORD dwSessionLifespan; 106 DWORD dwFlags; 107 DWORD dwCredFormat; 108} SCHANNEL_CRED, *PSCHANNEL_CRED; 109 110#define SCH_CRED_FORMAT_CERT_CONTEXT 0x00000000 111#define SCH_CRED_FORMAT_CERT_HASH 0x00000001 112#define SCH_CRED_FORMAT_CERT_HASH_STORE 0x00000002 113 114#define SCH_CRED_MAX_STORE_NAME_SIZE 128 115#define SCH_CRED_MAX_SUPPORTED_ALGS 256 116#define SCH_CRED_MAX_SUPPORTED_CERTS 100 117 118typedef struct _SCHANNEL_CERT_HASH 119{ 120 DWORD dwLength; 121 DWORD dwFlags; 122 HCRYPTPROV hProv; 123 BYTE ShaHash[20]; 124} SCHANNEL_CERT_HASH, *PSCHANNEL_CERT_HASH; 125 126typedef struct _SCHANNEL_CERT_HASH_STORE 127{ 128 DWORD dwLength; 129 DWORD dwFlags; 130 HCRYPTPROV hProv; 131 BYTE ShaHash[20]; 132 WCHAR pwszStoreName[SCH_CRED_MAX_STORE_NAME_SIZE]; 133} SCHANNEL_CERT_HASH_STORE, *PSCHANNEL_CERT_HASH_STORE; 134 135#define SCH_MACHINE_CERT_HASH 0x00000001 136 137#define SCH_CRED_NO_SYSTEM_MAPPER 0x00000002 138#define SCH_CRED_NO_SERVERNAME_CHECK 0x00000004 139#define SCH_CRED_MANUAL_CRED_VALIDATION 0x00000008 140#define SCH_CRED_NO_DEFAULT_CREDS 0x00000010 141#define SCH_CRED_AUTO_CRED_VALIDATION 0x00000020 142#define SCH_CRED_USE_DEFAULT_CREDS 0x00000040 143#define SCH_CRED_DISABLE_RECONNECTS 0x00000080 144 145#define SCH_CRED_REVOCATION_CHECK_END_CERT 0x00000100 146#define SCH_CRED_REVOCATION_CHECK_CHAIN 0x00000200 147#define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000400 148#define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 0x00000800 149#define SCH_CRED_IGNORE_REVOCATION_OFFLINE 0x00001000 150 151#define SCH_CRED_RESTRICTED_ROOTS 0x00002000 152#define SCH_CRED_REVOCATION_CHECK_CACHE_ONLY 0x00004000 153#define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL 0x00008000 154 155#define SCH_CRED_MEMORY_STORE_CERT 0x00010000 156 157#define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE 0x00020000 158 159#define SCH_SEND_ROOT_CERT 0x00040000 160#define SCH_CRED_SNI_CREDENTIAL 0x00080000 161#define SCH_CRED_SNI_ENABLE_OCSP 0x00100000 162#define SCH_SEND_AUX_RECORD 0x00200000 163 164#define SCHANNEL_RENEGOTIATE 0 165#define SCHANNEL_SHUTDOWN 1 166#define SCHANNEL_ALERT 2 167#define SCHANNEL_SESSION 3 168 169typedef struct _SCHANNEL_ALERT_TOKEN 170{ 171 DWORD dwTokenType; 172 DWORD dwAlertType; 173 DWORD dwAlertNumber; 174} SCHANNEL_ALERT_TOKEN; 175 176#define TLS1_ALERT_WARNING 1 177#define TLS1_ALERT_FATAL 2 178 179#define TLS1_ALERT_CLOSE_NOTIFY 0 180#define TLS1_ALERT_UNEXPECTED_MESSAGE 10 181#define TLS1_ALERT_BAD_RECORD_MAC 20 182#define TLS1_ALERT_DECRYPTION_FAILED 21 183#define TLS1_ALERT_RECORD_OVERFLOW 22 184#define TLS1_ALERT_DECOMPRESSION_FAIL 30 185#define TLS1_ALERT_HANDSHAKE_FAILURE 40 186#define TLS1_ALERT_BAD_CERTIFICATE 42 187#define TLS1_ALERT_UNSUPPORTED_CERT 43 188#define TLS1_ALERT_CERTIFICATE_REVOKED 44 189#define TLS1_ALERT_CERTIFICATE_EXPIRED 45 190#define TLS1_ALERT_CERTIFICATE_UNKNOWN 46 191#define TLS1_ALERT_ILLEGAL_PARAMETER 47 192#define TLS1_ALERT_UNKNOWN_CA 48 193#define TLS1_ALERT_ACCESS_DENIED 49 194#define TLS1_ALERT_DECODE_ERROR 50 195#define TLS1_ALERT_DECRYPT_ERROR 51 196#define TLS1_ALERT_EXPORT_RESTRICTION 60 197#define TLS1_ALERT_PROTOCOL_VERSION 70 198#define TLS1_ALERT_INSUFFIENT_SECURITY 71 199#define TLS1_ALERT_INTERNAL_ERROR 80 200#define TLS1_ALERT_USER_CANCELED 90 201#define TLS1_ALERT_NO_RENEGOTIATION 100 202#define TLS1_ALERT_UNSUPPORTED_EXT 110 203 204#define SSL_SESSION_ENABLE_RECONNECTS 1 205#define SSL_SESSION_DISABLE_RECONNECTS 2 206 207typedef struct _SCHANNEL_SESSION_TOKEN 208{ 209 DWORD dwTokenType; 210 DWORD dwFlags; 211} SCHANNEL_SESSION_TOKEN; 212 213typedef struct _SCHANNEL_CLIENT_SIGNATURE 214{ 215 DWORD cbLength; 216 ALG_ID aiHash; 217 DWORD cbHash; 218 BYTE HashValue[36]; 219 BYTE CertThumbprint[20]; 220} SCHANNEL_CLIENT_SIGNATURE, *PSCHANNEL_CLIENT_SIGNATURE; 221 222#define SP_PROT_SSL3_SERVER 0x00000010 223#define SP_PROT_SSL3_CLIENT 0x00000020 224#define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT) 225 226#define SP_PROT_TLS1_SERVER 0x00000040 227#define SP_PROT_TLS1_CLIENT 0x00000080 228#define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT) 229 230#define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT) 231#define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER) 232#define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1) 233 234#define SP_PROT_UNI_SERVER 0x40000000 235#define SP_PROT_UNI_CLIENT 0x80000000 236#define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT) 237 238#define SP_PROT_ALL 0xFFFFFFFF 239#define SP_PROT_NONE 0 240#define SP_PROT_CLIENTS (SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT) 241#define SP_PROT_SERVERS (SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER) 242 243#define SP_PROT_TLS1_0_SERVER SP_PROT_TLS1_SERVER 244#define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT 245#define SP_PROT_TLS1_0 (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT) 246 247#define SP_PROT_TLS1_1_SERVER 0x00000100 248#define SP_PROT_TLS1_1_CLIENT 0x00000200 249#define SP_PROT_TLS1_1 (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT) 250 251#define SP_PROT_TLS1_2_SERVER 0x00000400 252#define SP_PROT_TLS1_2_CLIENT 0x00000800 253#define SP_PROT_TLS1_2 (SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT) 254 255#define SP_PROT_DTLS_SERVER 0x00010000 256#define SP_PROT_DTLS_CLIENT 0x00020000 257#define SP_PROT_DTLS (SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT) 258 259#define SP_PROT_DTLS1_0_SERVER SP_PROT_DTLS_SERVER 260#define SP_PROT_DTLS1_0_CLIENT SP_PROT_DTLS_CLIENT 261#define SP_PROT_DTLS1_0 (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT) 262 263#define SP_PROT_DTLS1_X_SERVER SP_PROT_DTLS1_0_SERVER 264 265#define SP_PROT_DTLS1_X_CLIENT SP_PROT_DTLS1_0_CLIENT 266 267#define SP_PROT_DTLS1_X (SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT) 268 269#define SP_PROT_TLS1_1PLUS_SERVER (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER) 270#define SP_PROT_TLS1_1PLUS_CLIENT (SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT) 271 272#define SP_PROT_TLS1_1PLUS (SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT) 273 274#define SP_PROT_TLS1_X_SERVER \ 275 (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER) 276#define SP_PROT_TLS1_X_CLIENT \ 277 (SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT) 278#define SP_PROT_TLS1_X (SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT) 279 280#define SP_PROT_SSL3TLS1_X_CLIENTS (SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT) 281#define SP_PROT_SSL3TLS1_X_SERVERS (SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER) 282#define SP_PROT_SSL3TLS1_X (SP_PROT_SSL3 | SP_PROT_TLS1_X) 283 284#define SP_PROT_X_CLIENTS (SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT | SP_PROT_DTLS1_X_CLIENT) 285#define SP_PROT_X_SERVERS (SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER | SP_PROT_DTLS1_X_SERVER) 286 287#endif 288 289#endif /* WINPR_SSPI_SCHANNEL_H */