Files
firestorm/build-env/VisualStudio6/VC98/Include/SCHNLSP.H
T
Cyd 2b8ca921cb Initial full mirror of c:\VWE (source + assets + toolchain + outputs) via Git LFS
Complete disaster-recovery snapshot: engine/game source, game data assets,
VC6 toolchain + DX SDKs, build outputs, deployed game, and _UNUSED archive.
Large binaries in Git LFS; text preserved byte-for-byte (core.autocrlf=false,
no eol attributes). See RECOVERY.md for the one-clone rebuild procedure.
2026-06-24 21:28:16 -05:00

529 lines
16 KiB
C++

//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright 1992 - 1998 Microsoft Corporation.
//
// File: schnlsp.h
//
// Contents: Public Definitions for SCHANNEL Security Provider
//
// Classes:
//
// Functions:
//
// History: 6-8-96 Created
//
//----------------------------------------------------------------------------
#ifndef __SCHNLSP_H__
#define __SCHNLSP_H__
#include <wincrypt.h>
#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
#define SSL2SP_NAME_A "Microsoft SSL 2.0"
#define SSL2SP_NAME_W L"Microsoft SSL 2.0"
#define SSL3SP_NAME_A "Microsoft SSL 3.0"
#define SSL3SP_NAME_W L"Microsoft SSL 3.0"
#define TLS1SP_NAME_A "Microsoft TLS 1.0"
#define TLS1SP_NAME_W L"Microsoft TLS 1.0"
#define PCT1SP_NAME_A "Microsoft PCT 1.0"
#define PCT1SP_NAME_W L"Microsoft PCT 1.0"
#ifdef UNICODE
#define UNISP_NAME UNISP_NAME_W
#define PCT1SP_NAME PCT1SP_NAME_W
#define SSL2SP_NAME SSL2SP_NAME_W
#define SSL3SP_NAME SSL3SP_NAME_W
#define TLS1SP_NAME TLS1SP_NAME_W
#else
#define UNISP_NAME UNISP_NAME_A
#define PCT1SP_NAME PCT1SP_NAME_A
#define SSL2SP_NAME SSL2SP_NAME_A
#define SSL3SP_NAME SSL3SP_NAME_A
#define TLS1SP_NAME TLS1SP_NAME_A
#endif
#define SSL2SP_RPC_ID 12
#define PCT1SP_RPC_ID 13
#define SSL3SP_RPC_ID 14
#define UNISP_RPC_ID 15
#define TLS1SP_RPC_ID 16
#define SCH_CRED_V1 0x00000001
#define SCH_CRED_V2 0x00000002 // for legacy code
#define SCH_CRED_VERSION 0x00000002 // for legacy code
#define SCHANNEL_CRED_VERSION 0x00000003
//
// QueryContextAttributes/QueryCredentialsAttribute extensions
//
#define SECPKG_ATTR_REMOTE_CERT_CONTEXT 0x53 // returns PCCERT_CONTEXT
#define SECPKG_ATTR_LOCAL_CERT_CONTEXT 0x54 // returns PCCERT_CONTEXT
#define SECPKG_ATTR_ROOT_STORE 0x55 // returns HCERTCONTEXT to the root store
#define SECPKG_ATTR_SUPPORTED_ALGS 0x56 // returns SecPkgCred_SupportedAlgs
#define SECPKG_ATTR_CIPHER_STRENGTHS 0x57 // returns SecPkgCred_CipherStrengths
#define SECPKG_ATTR_SUPPORTED_PROTOCOLS 0x58 // returns SecPkgCred_SupportedProtocols
#define SECPKG_ATTR_ISSUER_LIST_EX 0x59 // returns SecPkgContext_IssuerListInfoEx
#define SECPKG_ATTR_CONNECTION_INFO 0x5a // returns SecPkgContext_ConnectionInfo
typedef struct _SecPkgCred_SupportedAlgs
{
DWORD cSupportedAlgs;
ALG_ID *palgSupportedAlgs;
} SecPkgCred_SupportedAlgs, *PSecPkgCred_SupportedAlgs;
typedef struct _SecPkgCred_CipherStrengths
{
DWORD dwMinimumCipherStrength;
DWORD dwMaximumCipherStrength;
} SecPkgCred_CipherStrengths, *PSecPkgCred_CipherStrengths;
typedef struct _SecPkgCred_SupportedProtocols
{
DWORD grbitProtocol;
} SecPkgCred_SupportedProtocols, *PSecPkgCred_SupportedProtocols;
typedef struct _SecPkgContext_IssuerListInfoEx
{
PCERT_NAME_BLOB aIssuers;
DWORD cIssuers;
} SecPkgContext_IssuerListInfoEx, *PSecPkgContext_IssuerListInfoEx;
typedef struct _SecPkgContext_ConnectionInfo
{
DWORD dwProtocol;
ALG_ID aiCipher;
DWORD dwCipherStrength;
ALG_ID aiHash;
DWORD dwHashStrength;
ALG_ID aiExch;
DWORD dwExchStrength;
}SecPkgContext_ConnectionInfo, *PSecPkgContext_ConnectionInfo;
//
// SCHANNEL Credentials data structure
//
struct _HMAPPER;
typedef struct _SCHANNEL_CRED
{
DWORD dwVersion;
DWORD cCreds;
PCCERT_CONTEXT *paCred;
HCERTSTORE hRootStore;
DWORD cMappers;
struct _HMAPPER **aphMappers;
DWORD cSupportedAlgs;
ALG_ID *palgSupportedAlgs;
DWORD grbitEnabledProtocols;
DWORD dwMinimumCipherStrength;
DWORD dwMaximumCipherStrength;
DWORD dwSessionLifespan;
} SCHANNEL_CRED, *PSCHANNEL_CRED;
//
//
// ApplyControlToken PkgParams types
//
// These identifiers are the DWORD types
// to be passed into ApplyControlToken
// through a PkgParams buffer.
//
// SCHANNEL_RENEGOTIATE
//
// Cause SCHANNEL to renegotiate
// a connection.
//
#define SCHANNEL_RENEGOTIATE 0
//
// SCHANNEL_SHUTDOWN
//
// Cause SCHANNEL to shutdown
// a connection.
//
#define SCHANNEL_SHUTDOWN 1
//
//
// ADDITIONAL SCHANNEL ERROR CODES
//
//
//
// MessageId: SEC_I_INCOMPLETE_CREDENTIALS
//
// MessageText:
//
// If this is returned from InitializeSecurityContext, it indicates
// that the credentials supplied were incomplete, and client-auth was
// attempted. On receipt, the client should call QueryContextAttributes
// with SECPKG_ATTR_LOCAL_CERT to get the cert that was negotiated,
// and the supply the private key with this cert to AcquireCredential
// to get a new credential. The context should then be closed,
// and renegotiation should be completed.
//
//
#define SEC_I_INCOMPLETE_CREDENTIALS ((HRESULT)0x00090320L)
#define SEC_E_INCOMPLETE_CREDENTIALS ((HRESULT)0x80090320L)
//
// MessageId: SEC_I_RENEGOTIATE
//
// MessageText:
//
// This is returned by UnsealMessage, and indicates that the app should
// restart the renegotiation loop. It should use the existing context, and
// pass in no data in the input buffers for the first call to AcceptSecurityContext
// or InitializeSecurityContext.
//
#define SEC_I_RENEGOTIATE ((HRESULT)0x00090321L)
//
//
// ADDITIONAL SCHANNEL CERTIFICATE PROPERTIES
//
//
// This property specifies the DER private key data associated with this
// certificate. It is for use with legacy IIS style private keys.
//
// PBYTE
//
#define CERT_SCHANNEL_IIS_PRIVATE_KEY_PROP_ID (CERT_FIRST_USER_PROP_ID + 0)
// The password used to crack the private key associated with the certificate.
// It is for use with legacy IIS style private keys.
//
// PBYTE
#define CERT_SCHANNEL_IIS_PASSWORD_PROP_ID (CERT_FIRST_USER_PROP_ID + 1)
// This is the unique ID of a Server Gated Cryptography certificate associated
// with this certificate.
//
// CRYPT_BIT_BLOB
#define CERT_SCHANNEL_SGC_CERTIFICATE_PROP_ID (CERT_FIRST_USER_PROP_ID + 2)
//
// Flags for identifying the various different protocols.
//
/* flag/identifiers for protocols we support */
#define SP_PROT_PCT1_SERVER 0x00000001
#define SP_PROT_PCT1_CLIENT 0x00000002
#define SP_PROT_PCT1 (SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT)
#define SP_PROT_SSL2_SERVER 0x00000004
#define SP_PROT_SSL2_CLIENT 0x00000008
#define SP_PROT_SSL2 (SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT)
#define SP_PROT_SSL3_SERVER 0x00000010
#define SP_PROT_SSL3_CLIENT 0x00000020
#define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT)
#define SP_PROT_TLS1_SERVER 0x00000040
#define SP_PROT_TLS1_CLIENT 0x00000080
#define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT)
#define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT)
#define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER)
#define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1)
#define SP_PROT_UNI_SERVER 0x40000000
#define SP_PROT_UNI_CLIENT 0x80000000
#define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT)
#define SP_PROT_ALL 0xffffffff
#define SP_PROT_ALL_NOT_TLS (SP_PROT_PCT1 | SP_PROT_SSL2 | SP_PROT_SSL3)
#define SP_PROT_NONE 0
#define SP_PROT_CLIENTS (SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT)
#define SP_PROT_SERVERS (SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER)
// A call for IIS to empty the cache.
BOOL
SslEmptyCache(VOID);
//
//
// Support for legacy applications
// NOTE: Do not use the following
// API's and structures for new code.
//
#define SSLOLD_NAME_A "Microsoft SSL"
#define SSLOLD_NAME_W L"Microsoft SSL"
#define PCTOLD_NAME_A "Microsoft PCT"
#define PCTOLD_NAME_W L"Microsoft PCT"
#ifdef UNICODE
#define SSLOLD_NAME SSLOLD_NAME_W
#define PCTOLD_NAME PCTOLD_NAME_W
#else
#define SSLOLD_NAME SSLOLD_NAME_A
#define PCTOLD_NAME PCTOLD_NAME_A
#endif
#define NETWORK_DREP 0x00000000
// Structures for compatability with the
// NT 4.0 SP2 / IE 3.0 schannel interface, do
// not use.
typedef struct _SSL_CREDENTIAL_CERTIFICATE {
DWORD cbPrivateKey;
PBYTE pPrivateKey;
DWORD cbCertificate;
PBYTE pCertificate;
PSTR pszPassword;
} SSL_CREDENTIAL_CERTIFICATE, * PSSL_CREDENTIAL_CERTIFICATE;
// Structures for use with the
// NT 4.0 SP3 Schannel interface,
// do not use.
#define SCHANNEL_SECRET_TYPE_CAPI 0x00000001
#define SCHANNEL_SECRET_PRIVKEY 0x00000002
#define SCH_CRED_X509_CERTCHAIN 0x00000001
#define SCH_CRED_X509_CAPI 0x00000002
#define SCH_CRED_CERT_CONTEXT 0x00000003
struct _HMAPPER;
typedef struct _SCH_CRED
{
DWORD dwVersion; // always SCH_CRED_VERSION.
DWORD cCreds; // Number of credentials.
PVOID *paSecret; // Array of SCH_CRED_SECRET_* pointers
PVOID *paPublic; // Array of SCH_CRED_PUBLIC_* pointers
DWORD cMappers; // Number of credential mappers.
struct _HMAPPER **aphMappers; // pointer to an array of pointers to credential mappers
} SCH_CRED, * PSCH_CRED;
// Structures for use with the
// NT 4.0 SP3 Schannel interface,
// do not use.
typedef struct _SCH_CRED_SECRET_CAPI
{
DWORD dwType; // SCHANNEL_SECRET_TYPE_CAPI
HCRYPTPROV hProv; // credential secret information.
} SCH_CRED_SECRET_CAPI, * PSCH_CRED_SECRET_CAPI;
// Structures for use with the
// NT 4.0 SP3 Schannel interface,
// do not use.
typedef struct _SCH_CRED_SECRET_PRIVKEY
{
DWORD dwType; // SCHANNEL_SECRET_PRIVKEY
PBYTE pPrivateKey; // Der encoded private key
DWORD cbPrivateKey;
PSTR pszPassword; // Password to crack the private key.
} SCH_CRED_SECRET_PRIVKEY, * PSCH_CRED_SECRET_PRIVKEY;
// Structures for use with the
// NT 4.0 SP3 Schannel interface,
// do not use.
typedef struct _SCH_CRED_PUBLIC_CERTCHAIN
{
DWORD dwType;
DWORD cbCertChain;
PBYTE pCertChain;
} SCH_CRED_PUBLIC_CERTCHAIN, *PSCH_CRED_PUBLIC_CERTCHAIN;
// Structures for use with the
// NT 4.0 SP3 Schannel interface,
// do not use.
typedef struct _SCH_CRED_PUBLIC_CAPI
{
DWORD dwType; // SCH_CRED_X509_CAPI
HCRYPTPROV hProv; // CryptoAPI handle (usually a token CSP)
} SCH_CRED_PUBLIC_CAPI, * PSCH_CRED_PUBLIC_CAPI;
// Attributes for getting NON CAPI2
// certificate blobs. Use the CAPI2
// attributes defined above instead.
#define SECPKG_ATTR_ISSUER_LIST 0x50 // SecPkgContext_IssuerListInfo
#define SECPKG_ATTR_REMOTE_CRED 0x51 // SecPkgContext_RemoteCredentialInfo
#define SECPKG_ATTR_LOCAL_CRED 0x52 // SecPkgContext_LocalCredentialInfo
// Attributes for getting NON CAPI2
// certificate blobs. Use the CAPI2
// attributes defined above instead.
typedef struct _SecPkgContext_IssuerListInfo
{
DWORD cbIssuerList;
PBYTE pIssuerList;
} SecPkgContext_IssuerListInfo, *PSecPkgContext_IssuerListInfo;
// Attributes for getting NON CAPI2
// certificate blobs. Use the CAPI2
// attributes defined above instead.
typedef struct _SecPkgContext_RemoteCredentialInfo
{
DWORD cbCertificateChain; // count of bytes in cert chain buffer.
PBYTE pbCertificateChain; // DER encoded chain of certificates, leaf cert first.
DWORD cCertificates;
DWORD fFlags;
DWORD dwBits; // Number of bits in the remote credentials
} SecPkgContext_RemoteCredentialInfo, *PSecPkgContext_RemoteCredentialInfo;
// Make the old spelling error compatable
typedef SecPkgContext_RemoteCredentialInfo SecPkgContext_RemoteCredenitalInfo, *PSecPkgContext_RemoteCredenitalInfo;
// Attributes for getting NON CAPI2
// certificate blobs. Use the CAPI2
// attributes defined above instead.
typedef struct _SecPkgContext_LocalCredentialInfo
{
DWORD cbCertificateChain; // count of bytes in cert chain buffer.
PBYTE pbCertificateChain; // DER encoded chain of certificates, leaf cert first.
DWORD cCertificates;
DWORD fFlags;
DWORD dwBits; // Number of bits in the remote credentials.
} SecPkgContext_LocalCredentialInfo, *PSecPkgContext_LocalCredentialInfo;
// Make the old spelling error compatable.
typedef SecPkgContext_LocalCredentialInfo SecPkgContext_LocalCredenitalInfo, *PSecPkgContext_LocalCredenitalInfo;
#define RCRED_STATUS_NOCRED 0x00000000
#define RCRED_CRED_EXISTS 0x00000001
#define RCRED_STATUS_UNKNOWN_ISSUER 0x00000002 // The last cert in this chain has
// an issuer that is unknown to us.
#define LCRED_STATUS_NOCRED 0x00000000
#define LCRED_CRED_EXISTS 0x00000001
#define LCRED_STATUS_UNKNOWN_ISSUER 0x00000002 // The last cert in this chain has
// Structures needed for Pre NT4.0 SP2 calls.
typedef struct _PctPublicKey
{
DWORD Type;
DWORD cbKey;
UCHAR pKey[1];
} PctPublicKey;
typedef struct _X509Certificate {
DWORD Version;
DWORD SerialNumber[4];
ALG_ID SignatureAlgorithm;
FILETIME ValidFrom;
FILETIME ValidUntil;
PSTR pszIssuer;
PSTR pszSubject;
PctPublicKey *pPublicKey;
} X509Certificate, * PX509Certificate;
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
// to get the same functionality instead.
BOOL
SslGenerateKeyPair(
PSSL_CREDENTIAL_CERTIFICATE pCerts,
PSTR pszDN,
PSTR pszPassword,
DWORD Bits );
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
// to get the same functionality instead.
VOID
SslGenerateRandomBits(
PUCHAR pRandomData,
LONG cRandomData
);
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
// to get the same functionality instead.
BOOL
SslCrackCertificate(
PUCHAR pbCertificate,
DWORD cbCertificate,
DWORD dwFlags,
PX509Certificate * ppCertificate
);
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
// to get the same functionality instead.
VOID
SslFreeCertificate(
PX509Certificate pCertificate
);
// Call QueryCredentialsAttribute instead.
BOOL
SslGetDefaultIssuers(
PBYTE pbIssuers,
DWORD *pcbIssuers);
#define SSL_CRACK_CERTIFICATE_NAME TEXT("SslCrackCertificate")
#define SSL_FREE_CERTIFICATE_NAME TEXT("SslFreeCertificate")
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
// to get the same functionality instead.
typedef BOOL
(WINAPI * SSL_CRACK_CERTIFICATE_FN)
(
PUCHAR pbCertificate,
DWORD cbCertificate,
BOOL VerifySignature,
PX509Certificate * ppCertificate
);
// Pre NT4.0 SP2 calls. Call CAPI1 or CAPI2
// to get the same functionality instead.
typedef VOID
(WINAPI * SSL_FREE_CERTIFICATE_FN)
(
PX509Certificate pCertificate
);
#endif //__SCHNLSP_H__