Complete disaster-recovery snapshot: engine/game source, game data assets, VC6 toolchain + DX SDKs, build outputs, deployed game, and _UNUSED archive. Large binaries in Git LFS; text preserved byte-for-byte (core.autocrlf=false, no eol attributes). See RECOVERY.md for the one-clone rebuild procedure.
529 lines
16 KiB
C++
529 lines
16 KiB
C++
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright 1992 - 1998 Microsoft Corporation.
|
|
//
|
|
// File: schnlsp.h
|
|
//
|
|
// Contents: Public Definitions for SCHANNEL Security Provider
|
|
//
|
|
// Classes:
|
|
//
|
|
// Functions:
|
|
//
|
|
// History: 6-8-96 Created
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
#ifndef __SCHNLSP_H__
|
|
#define __SCHNLSP_H__
|
|
|
|
#include <wincrypt.h>
|
|
|
|
|
|
#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
|
|
#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
|
|
|
|
#define SSL2SP_NAME_A "Microsoft SSL 2.0"
|
|
#define SSL2SP_NAME_W L"Microsoft SSL 2.0"
|
|
|
|
#define SSL3SP_NAME_A "Microsoft SSL 3.0"
|
|
#define SSL3SP_NAME_W L"Microsoft SSL 3.0"
|
|
|
|
#define TLS1SP_NAME_A "Microsoft TLS 1.0"
|
|
#define TLS1SP_NAME_W L"Microsoft TLS 1.0"
|
|
|
|
#define PCT1SP_NAME_A "Microsoft PCT 1.0"
|
|
#define PCT1SP_NAME_W L"Microsoft PCT 1.0"
|
|
|
|
|
|
#ifdef UNICODE
|
|
|
|
#define UNISP_NAME UNISP_NAME_W
|
|
#define PCT1SP_NAME PCT1SP_NAME_W
|
|
#define SSL2SP_NAME SSL2SP_NAME_W
|
|
#define SSL3SP_NAME SSL3SP_NAME_W
|
|
#define TLS1SP_NAME TLS1SP_NAME_W
|
|
|
|
#else
|
|
|
|
#define UNISP_NAME UNISP_NAME_A
|
|
#define PCT1SP_NAME PCT1SP_NAME_A
|
|
#define SSL2SP_NAME SSL2SP_NAME_A
|
|
#define SSL3SP_NAME SSL3SP_NAME_A
|
|
#define TLS1SP_NAME TLS1SP_NAME_A
|
|
|
|
#endif
|
|
|
|
#define SSL2SP_RPC_ID 12
|
|
#define PCT1SP_RPC_ID 13
|
|
#define SSL3SP_RPC_ID 14
|
|
#define UNISP_RPC_ID 15
|
|
#define TLS1SP_RPC_ID 16
|
|
|
|
|
|
|
|
#define SCH_CRED_V1 0x00000001
|
|
#define SCH_CRED_V2 0x00000002 // for legacy code
|
|
#define SCH_CRED_VERSION 0x00000002 // for legacy code
|
|
#define SCHANNEL_CRED_VERSION 0x00000003
|
|
|
|
|
|
|
|
|
|
//
|
|
// QueryContextAttributes/QueryCredentialsAttribute extensions
|
|
//
|
|
#define SECPKG_ATTR_REMOTE_CERT_CONTEXT 0x53 // returns PCCERT_CONTEXT
|
|
#define SECPKG_ATTR_LOCAL_CERT_CONTEXT 0x54 // returns PCCERT_CONTEXT
|
|
#define SECPKG_ATTR_ROOT_STORE 0x55 // returns HCERTCONTEXT to the root store
|
|
#define SECPKG_ATTR_SUPPORTED_ALGS 0x56 // returns SecPkgCred_SupportedAlgs
|
|
#define SECPKG_ATTR_CIPHER_STRENGTHS 0x57 // returns SecPkgCred_CipherStrengths
|
|
#define SECPKG_ATTR_SUPPORTED_PROTOCOLS 0x58 // returns SecPkgCred_SupportedProtocols
|
|
#define SECPKG_ATTR_ISSUER_LIST_EX 0x59 // returns SecPkgContext_IssuerListInfoEx
|
|
#define SECPKG_ATTR_CONNECTION_INFO 0x5a // returns SecPkgContext_ConnectionInfo
|
|
|
|
|
|
|
|
typedef struct _SecPkgCred_SupportedAlgs
|
|
{
|
|
DWORD cSupportedAlgs;
|
|
ALG_ID *palgSupportedAlgs;
|
|
} SecPkgCred_SupportedAlgs, *PSecPkgCred_SupportedAlgs;
|
|
|
|
typedef struct _SecPkgCred_CipherStrengths
|
|
{
|
|
DWORD dwMinimumCipherStrength;
|
|
DWORD dwMaximumCipherStrength;
|
|
} SecPkgCred_CipherStrengths, *PSecPkgCred_CipherStrengths;
|
|
|
|
typedef struct _SecPkgCred_SupportedProtocols
|
|
{
|
|
DWORD grbitProtocol;
|
|
} SecPkgCred_SupportedProtocols, *PSecPkgCred_SupportedProtocols;
|
|
|
|
typedef struct _SecPkgContext_IssuerListInfoEx
|
|
{
|
|
PCERT_NAME_BLOB aIssuers;
|
|
DWORD cIssuers;
|
|
} SecPkgContext_IssuerListInfoEx, *PSecPkgContext_IssuerListInfoEx;
|
|
|
|
typedef struct _SecPkgContext_ConnectionInfo
|
|
{
|
|
DWORD dwProtocol;
|
|
ALG_ID aiCipher;
|
|
DWORD dwCipherStrength;
|
|
ALG_ID aiHash;
|
|
DWORD dwHashStrength;
|
|
ALG_ID aiExch;
|
|
DWORD dwExchStrength;
|
|
}SecPkgContext_ConnectionInfo, *PSecPkgContext_ConnectionInfo;
|
|
|
|
|
|
//
|
|
// SCHANNEL Credentials data structure
|
|
//
|
|
struct _HMAPPER;
|
|
|
|
typedef struct _SCHANNEL_CRED
|
|
{
|
|
DWORD dwVersion;
|
|
DWORD cCreds;
|
|
PCCERT_CONTEXT *paCred;
|
|
HCERTSTORE hRootStore;
|
|
|
|
DWORD cMappers;
|
|
struct _HMAPPER **aphMappers;
|
|
|
|
DWORD cSupportedAlgs;
|
|
ALG_ID *palgSupportedAlgs;
|
|
|
|
DWORD grbitEnabledProtocols;
|
|
DWORD dwMinimumCipherStrength;
|
|
DWORD dwMaximumCipherStrength;
|
|
DWORD dwSessionLifespan;
|
|
|
|
} SCHANNEL_CRED, *PSCHANNEL_CRED;
|
|
|
|
|
|
//
|
|
//
|
|
// ApplyControlToken PkgParams types
|
|
//
|
|
// These identifiers are the DWORD types
|
|
// to be passed into ApplyControlToken
|
|
// through a PkgParams buffer.
|
|
|
|
//
|
|
// SCHANNEL_RENEGOTIATE
|
|
//
|
|
// Cause SCHANNEL to renegotiate
|
|
// a connection.
|
|
//
|
|
#define SCHANNEL_RENEGOTIATE 0
|
|
|
|
//
|
|
// SCHANNEL_SHUTDOWN
|
|
//
|
|
// Cause SCHANNEL to shutdown
|
|
// a connection.
|
|
//
|
|
|
|
#define SCHANNEL_SHUTDOWN 1
|
|
|
|
|
|
//
|
|
//
|
|
// ADDITIONAL SCHANNEL ERROR CODES
|
|
//
|
|
//
|
|
|
|
|
|
//
|
|
// MessageId: SEC_I_INCOMPLETE_CREDENTIALS
|
|
//
|
|
// MessageText:
|
|
//
|
|
// If this is returned from InitializeSecurityContext, it indicates
|
|
// that the credentials supplied were incomplete, and client-auth was
|
|
// attempted. On receipt, the client should call QueryContextAttributes
|
|
// with SECPKG_ATTR_LOCAL_CERT to get the cert that was negotiated,
|
|
// and the supply the private key with this cert to AcquireCredential
|
|
// to get a new credential. The context should then be closed,
|
|
// and renegotiation should be completed.
|
|
//
|
|
//
|
|
#define SEC_I_INCOMPLETE_CREDENTIALS ((HRESULT)0x00090320L)
|
|
|
|
#define SEC_E_INCOMPLETE_CREDENTIALS ((HRESULT)0x80090320L)
|
|
|
|
|
|
//
|
|
// MessageId: SEC_I_RENEGOTIATE
|
|
//
|
|
// MessageText:
|
|
//
|
|
// This is returned by UnsealMessage, and indicates that the app should
|
|
// restart the renegotiation loop. It should use the existing context, and
|
|
// pass in no data in the input buffers for the first call to AcceptSecurityContext
|
|
// or InitializeSecurityContext.
|
|
//
|
|
#define SEC_I_RENEGOTIATE ((HRESULT)0x00090321L)
|
|
|
|
|
|
|
|
//
|
|
//
|
|
// ADDITIONAL SCHANNEL CERTIFICATE PROPERTIES
|
|
//
|
|
//
|
|
|
|
|
|
// This property specifies the DER private key data associated with this
|
|
// certificate. It is for use with legacy IIS style private keys.
|
|
//
|
|
// PBYTE
|
|
//
|
|
#define CERT_SCHANNEL_IIS_PRIVATE_KEY_PROP_ID (CERT_FIRST_USER_PROP_ID + 0)
|
|
|
|
// The password used to crack the private key associated with the certificate.
|
|
// It is for use with legacy IIS style private keys.
|
|
//
|
|
// PBYTE
|
|
#define CERT_SCHANNEL_IIS_PASSWORD_PROP_ID (CERT_FIRST_USER_PROP_ID + 1)
|
|
|
|
// This is the unique ID of a Server Gated Cryptography certificate associated
|
|
// with this certificate.
|
|
//
|
|
// CRYPT_BIT_BLOB
|
|
#define CERT_SCHANNEL_SGC_CERTIFICATE_PROP_ID (CERT_FIRST_USER_PROP_ID + 2)
|
|
|
|
|
|
|
|
//
|
|
// Flags for identifying the various different protocols.
|
|
//
|
|
|
|
/* flag/identifiers for protocols we support */
|
|
#define SP_PROT_PCT1_SERVER 0x00000001
|
|
#define SP_PROT_PCT1_CLIENT 0x00000002
|
|
#define SP_PROT_PCT1 (SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT)
|
|
|
|
#define SP_PROT_SSL2_SERVER 0x00000004
|
|
#define SP_PROT_SSL2_CLIENT 0x00000008
|
|
#define SP_PROT_SSL2 (SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT)
|
|
|
|
#define SP_PROT_SSL3_SERVER 0x00000010
|
|
#define SP_PROT_SSL3_CLIENT 0x00000020
|
|
#define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT)
|
|
|
|
#define SP_PROT_TLS1_SERVER 0x00000040
|
|
#define SP_PROT_TLS1_CLIENT 0x00000080
|
|
#define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT)
|
|
|
|
#define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT)
|
|
#define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER)
|
|
#define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1)
|
|
|
|
#define SP_PROT_UNI_SERVER 0x40000000
|
|
#define SP_PROT_UNI_CLIENT 0x80000000
|
|
#define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT)
|
|
|
|
#define SP_PROT_ALL 0xffffffff
|
|
#define SP_PROT_ALL_NOT_TLS (SP_PROT_PCT1 | SP_PROT_SSL2 | SP_PROT_SSL3)
|
|
#define SP_PROT_NONE 0
|
|
#define SP_PROT_CLIENTS (SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT)
|
|
#define SP_PROT_SERVERS (SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER)
|
|
|
|
|
|
// A call for IIS to empty the cache.
|
|
|
|
BOOL
|
|
SslEmptyCache(VOID);
|
|
|
|
//
|
|
//
|
|
// Support for legacy applications
|
|
// NOTE: Do not use the following
|
|
// API's and structures for new code.
|
|
//
|
|
|
|
|
|
#define SSLOLD_NAME_A "Microsoft SSL"
|
|
#define SSLOLD_NAME_W L"Microsoft SSL"
|
|
#define PCTOLD_NAME_A "Microsoft PCT"
|
|
#define PCTOLD_NAME_W L"Microsoft PCT"
|
|
|
|
#ifdef UNICODE
|
|
#define SSLOLD_NAME SSLOLD_NAME_W
|
|
#define PCTOLD_NAME PCTOLD_NAME_W
|
|
#else
|
|
#define SSLOLD_NAME SSLOLD_NAME_A
|
|
#define PCTOLD_NAME PCTOLD_NAME_A
|
|
#endif
|
|
|
|
#define NETWORK_DREP 0x00000000
|
|
|
|
|
|
|
|
// Structures for compatability with the
|
|
// NT 4.0 SP2 / IE 3.0 schannel interface, do
|
|
// not use.
|
|
|
|
typedef struct _SSL_CREDENTIAL_CERTIFICATE {
|
|
DWORD cbPrivateKey;
|
|
PBYTE pPrivateKey;
|
|
DWORD cbCertificate;
|
|
PBYTE pCertificate;
|
|
PSTR pszPassword;
|
|
} SSL_CREDENTIAL_CERTIFICATE, * PSSL_CREDENTIAL_CERTIFICATE;
|
|
|
|
|
|
|
|
|
|
// Structures for use with the
|
|
// NT 4.0 SP3 Schannel interface,
|
|
// do not use.
|
|
#define SCHANNEL_SECRET_TYPE_CAPI 0x00000001
|
|
#define SCHANNEL_SECRET_PRIVKEY 0x00000002
|
|
#define SCH_CRED_X509_CERTCHAIN 0x00000001
|
|
#define SCH_CRED_X509_CAPI 0x00000002
|
|
#define SCH_CRED_CERT_CONTEXT 0x00000003
|
|
|
|
struct _HMAPPER;
|
|
typedef struct _SCH_CRED
|
|
{
|
|
DWORD dwVersion; // always SCH_CRED_VERSION.
|
|
DWORD cCreds; // Number of credentials.
|
|
PVOID *paSecret; // Array of SCH_CRED_SECRET_* pointers
|
|
PVOID *paPublic; // Array of SCH_CRED_PUBLIC_* pointers
|
|
DWORD cMappers; // Number of credential mappers.
|
|
struct _HMAPPER **aphMappers; // pointer to an array of pointers to credential mappers
|
|
} SCH_CRED, * PSCH_CRED;
|
|
|
|
// Structures for use with the
|
|
// NT 4.0 SP3 Schannel interface,
|
|
// do not use.
|
|
typedef struct _SCH_CRED_SECRET_CAPI
|
|
{
|
|
DWORD dwType; // SCHANNEL_SECRET_TYPE_CAPI
|
|
HCRYPTPROV hProv; // credential secret information.
|
|
|
|
} SCH_CRED_SECRET_CAPI, * PSCH_CRED_SECRET_CAPI;
|
|
|
|
|
|
// Structures for use with the
|
|
// NT 4.0 SP3 Schannel interface,
|
|
// do not use.
|
|
typedef struct _SCH_CRED_SECRET_PRIVKEY
|
|
{
|
|
DWORD dwType; // SCHANNEL_SECRET_PRIVKEY
|
|
PBYTE pPrivateKey; // Der encoded private key
|
|
DWORD cbPrivateKey;
|
|
PSTR pszPassword; // Password to crack the private key.
|
|
|
|
} SCH_CRED_SECRET_PRIVKEY, * PSCH_CRED_SECRET_PRIVKEY;
|
|
|
|
|
|
// Structures for use with the
|
|
// NT 4.0 SP3 Schannel interface,
|
|
// do not use.
|
|
typedef struct _SCH_CRED_PUBLIC_CERTCHAIN
|
|
{
|
|
DWORD dwType;
|
|
DWORD cbCertChain;
|
|
PBYTE pCertChain;
|
|
} SCH_CRED_PUBLIC_CERTCHAIN, *PSCH_CRED_PUBLIC_CERTCHAIN;
|
|
|
|
// Structures for use with the
|
|
// NT 4.0 SP3 Schannel interface,
|
|
// do not use.
|
|
typedef struct _SCH_CRED_PUBLIC_CAPI
|
|
{
|
|
DWORD dwType; // SCH_CRED_X509_CAPI
|
|
HCRYPTPROV hProv; // CryptoAPI handle (usually a token CSP)
|
|
|
|
} SCH_CRED_PUBLIC_CAPI, * PSCH_CRED_PUBLIC_CAPI;
|
|
|
|
// Attributes for getting NON CAPI2
|
|
// certificate blobs. Use the CAPI2
|
|
// attributes defined above instead.
|
|
#define SECPKG_ATTR_ISSUER_LIST 0x50 // SecPkgContext_IssuerListInfo
|
|
#define SECPKG_ATTR_REMOTE_CRED 0x51 // SecPkgContext_RemoteCredentialInfo
|
|
#define SECPKG_ATTR_LOCAL_CRED 0x52 // SecPkgContext_LocalCredentialInfo
|
|
|
|
// Attributes for getting NON CAPI2
|
|
// certificate blobs. Use the CAPI2
|
|
// attributes defined above instead.
|
|
typedef struct _SecPkgContext_IssuerListInfo
|
|
{
|
|
DWORD cbIssuerList;
|
|
PBYTE pIssuerList;
|
|
} SecPkgContext_IssuerListInfo, *PSecPkgContext_IssuerListInfo;
|
|
|
|
// Attributes for getting NON CAPI2
|
|
// certificate blobs. Use the CAPI2
|
|
// attributes defined above instead.
|
|
typedef struct _SecPkgContext_RemoteCredentialInfo
|
|
{
|
|
DWORD cbCertificateChain; // count of bytes in cert chain buffer.
|
|
PBYTE pbCertificateChain; // DER encoded chain of certificates, leaf cert first.
|
|
DWORD cCertificates;
|
|
DWORD fFlags;
|
|
DWORD dwBits; // Number of bits in the remote credentials
|
|
} SecPkgContext_RemoteCredentialInfo, *PSecPkgContext_RemoteCredentialInfo;
|
|
|
|
// Make the old spelling error compatable
|
|
typedef SecPkgContext_RemoteCredentialInfo SecPkgContext_RemoteCredenitalInfo, *PSecPkgContext_RemoteCredenitalInfo;
|
|
|
|
// Attributes for getting NON CAPI2
|
|
// certificate blobs. Use the CAPI2
|
|
// attributes defined above instead.
|
|
typedef struct _SecPkgContext_LocalCredentialInfo
|
|
{
|
|
DWORD cbCertificateChain; // count of bytes in cert chain buffer.
|
|
PBYTE pbCertificateChain; // DER encoded chain of certificates, leaf cert first.
|
|
DWORD cCertificates;
|
|
DWORD fFlags;
|
|
DWORD dwBits; // Number of bits in the remote credentials.
|
|
} SecPkgContext_LocalCredentialInfo, *PSecPkgContext_LocalCredentialInfo;
|
|
|
|
// Make the old spelling error compatable.
|
|
typedef SecPkgContext_LocalCredentialInfo SecPkgContext_LocalCredenitalInfo, *PSecPkgContext_LocalCredenitalInfo;
|
|
#define RCRED_STATUS_NOCRED 0x00000000
|
|
#define RCRED_CRED_EXISTS 0x00000001
|
|
#define RCRED_STATUS_UNKNOWN_ISSUER 0x00000002 // The last cert in this chain has
|
|
// an issuer that is unknown to us.
|
|
#define LCRED_STATUS_NOCRED 0x00000000
|
|
#define LCRED_CRED_EXISTS 0x00000001
|
|
#define LCRED_STATUS_UNKNOWN_ISSUER 0x00000002 // The last cert in this chain has
|
|
|
|
|
|
// Structures needed for Pre NT4.0 SP2 calls.
|
|
typedef struct _PctPublicKey
|
|
{
|
|
DWORD Type;
|
|
DWORD cbKey;
|
|
UCHAR pKey[1];
|
|
} PctPublicKey;
|
|
|
|
typedef struct _X509Certificate {
|
|
DWORD Version;
|
|
DWORD SerialNumber[4];
|
|
ALG_ID SignatureAlgorithm;
|
|
FILETIME ValidFrom;
|
|
FILETIME ValidUntil;
|
|
PSTR pszIssuer;
|
|
PSTR pszSubject;
|
|
PctPublicKey *pPublicKey;
|
|
} X509Certificate, * PX509Certificate;
|
|
|
|
|
|
|
|
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
|
|
// to get the same functionality instead.
|
|
BOOL
|
|
SslGenerateKeyPair(
|
|
PSSL_CREDENTIAL_CERTIFICATE pCerts,
|
|
PSTR pszDN,
|
|
PSTR pszPassword,
|
|
DWORD Bits );
|
|
|
|
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
|
|
// to get the same functionality instead.
|
|
VOID
|
|
SslGenerateRandomBits(
|
|
PUCHAR pRandomData,
|
|
LONG cRandomData
|
|
);
|
|
|
|
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
|
|
// to get the same functionality instead.
|
|
BOOL
|
|
SslCrackCertificate(
|
|
PUCHAR pbCertificate,
|
|
DWORD cbCertificate,
|
|
DWORD dwFlags,
|
|
PX509Certificate * ppCertificate
|
|
);
|
|
|
|
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
|
|
// to get the same functionality instead.
|
|
VOID
|
|
SslFreeCertificate(
|
|
PX509Certificate pCertificate
|
|
);
|
|
|
|
// Call QueryCredentialsAttribute instead.
|
|
BOOL
|
|
SslGetDefaultIssuers(
|
|
PBYTE pbIssuers,
|
|
DWORD *pcbIssuers);
|
|
|
|
|
|
#define SSL_CRACK_CERTIFICATE_NAME TEXT("SslCrackCertificate")
|
|
#define SSL_FREE_CERTIFICATE_NAME TEXT("SslFreeCertificate")
|
|
|
|
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
|
|
// to get the same functionality instead.
|
|
typedef BOOL
|
|
(WINAPI * SSL_CRACK_CERTIFICATE_FN)
|
|
(
|
|
PUCHAR pbCertificate,
|
|
DWORD cbCertificate,
|
|
BOOL VerifySignature,
|
|
PX509Certificate * ppCertificate
|
|
);
|
|
|
|
|
|
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
|
|
// to get the same functionality instead.
|
|
typedef VOID
|
|
(WINAPI * SSL_FREE_CERTIFICATE_FN)
|
|
(
|
|
PX509Certificate pCertificate
|
|
);
|
|
|
|
|
|
#endif //__SCHNLSP_H__
|