FreeRDP
Loading...
Searching...
No Matches
include/winpr/schannel.h
1
20#ifndef WINPR_SSPI_SCHANNEL_H
21#define WINPR_SSPI_SCHANNEL_H
22
23#include <winpr/sspi.h>
24#include <winpr/crypto.h>
25
26#if defined(_WIN32) && !defined(_UWP)
27
28#include <schannel.h>
29
30#else
31
32#define SCHANNEL_NAME_A "Schannel"
33#define SCHANNEL_NAME_W L"Schannel"
34
35#ifdef _UNICODE
36#define SCHANNEL_NAME SCHANNEL_NAME_W
37#else
38#define SCHANNEL_NAME SCHANNEL_NAME_A
39#endif
40
41#define SECPKG_ATTR_SUPPORTED_ALGS 86
42#define SECPKG_ATTR_CIPHER_STRENGTHS 87
43#define SECPKG_ATTR_SUPPORTED_PROTOCOLS 88
44
45typedef struct
46{
47 DWORD cSupportedAlgs;
48 ALG_ID* palgSupportedAlgs;
49} SecPkgCred_SupportedAlgs, *PSecPkgCred_SupportedAlgs;
50
51typedef struct
52{
53 DWORD dwMinimumCipherStrength;
54 DWORD dwMaximumCipherStrength;
55} SecPkgCred_CipherStrengths, *PSecPkgCred_CipherStrengths;
56
57typedef struct
58{
59 DWORD grbitProtocol;
60} SecPkgCred_SupportedProtocols, *PSecPkgCred_SupportedProtocols;
61
62enum eTlsSignatureAlgorithm
63{
64 TlsSignatureAlgorithm_Anonymous = 0,
65 TlsSignatureAlgorithm_Rsa = 1,
66 TlsSignatureAlgorithm_Dsa = 2,
67 TlsSignatureAlgorithm_Ecdsa = 3
68};
69
70enum eTlsHashAlgorithm
71{
72 TlsHashAlgorithm_None = 0,
73 TlsHashAlgorithm_Md5 = 1,
74 TlsHashAlgorithm_Sha1 = 2,
75 TlsHashAlgorithm_Sha224 = 3,
76 TlsHashAlgorithm_Sha256 = 4,
77 TlsHashAlgorithm_Sha384 = 5,
78 TlsHashAlgorithm_Sha512 = 6
79};
80
81#define SCH_CRED_V1 0x00000001
82#define SCH_CRED_V2 0x00000002
83#define SCH_CRED_VERSION 0x00000002
84#define SCH_CRED_V3 0x00000003
85#define SCHANNEL_CRED_VERSION 0x00000004
86
87typedef struct
88{
89 DWORD dwVersion;
90 DWORD cCreds;
91 PCCERT_CONTEXT* paCred;
92 HCERTSTORE hRootStore;
93
94 DWORD cSupportedAlgs;
95 ALG_ID* palgSupportedAlgs;
96
97 DWORD grbitEnabledProtocols;
98 DWORD dwMinimumCipherStrength;
99 DWORD dwMaximumCipherStrength;
100 DWORD dwSessionLifespan;
101 DWORD dwFlags;
102 DWORD dwCredFormat;
103} SCHANNEL_CRED, *PSCHANNEL_CRED;
104
105#define SCH_CRED_FORMAT_CERT_CONTEXT 0x00000000
106#define SCH_CRED_FORMAT_CERT_HASH 0x00000001
107#define SCH_CRED_FORMAT_CERT_HASH_STORE 0x00000002
108
109#define SCH_CRED_MAX_STORE_NAME_SIZE 128
110#define SCH_CRED_MAX_SUPPORTED_ALGS 256
111#define SCH_CRED_MAX_SUPPORTED_CERTS 100
112
113typedef struct
114{
115 DWORD dwLength;
116 DWORD dwFlags;
117 HCRYPTPROV hProv;
118 BYTE ShaHash[20];
119} SCHANNEL_CERT_HASH, *PSCHANNEL_CERT_HASH;
120
121typedef struct
122{
123 DWORD dwLength;
124 DWORD dwFlags;
125 HCRYPTPROV hProv;
126 BYTE ShaHash[20];
127 WCHAR pwszStoreName[SCH_CRED_MAX_STORE_NAME_SIZE];
128} SCHANNEL_CERT_HASH_STORE, *PSCHANNEL_CERT_HASH_STORE;
129
130#define SCH_MACHINE_CERT_HASH 0x00000001
131
132#define SCH_CRED_NO_SYSTEM_MAPPER 0x00000002
133#define SCH_CRED_NO_SERVERNAME_CHECK 0x00000004
134#define SCH_CRED_MANUAL_CRED_VALIDATION 0x00000008
135#define SCH_CRED_NO_DEFAULT_CREDS 0x00000010
136#define SCH_CRED_AUTO_CRED_VALIDATION 0x00000020
137#define SCH_CRED_USE_DEFAULT_CREDS 0x00000040
138#define SCH_CRED_DISABLE_RECONNECTS 0x00000080
139
140#define SCH_CRED_REVOCATION_CHECK_END_CERT 0x00000100
141#define SCH_CRED_REVOCATION_CHECK_CHAIN 0x00000200
142#define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000400
143#define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 0x00000800
144#define SCH_CRED_IGNORE_REVOCATION_OFFLINE 0x00001000
145
146#define SCH_CRED_RESTRICTED_ROOTS 0x00002000
147#define SCH_CRED_REVOCATION_CHECK_CACHE_ONLY 0x00004000
148#define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL 0x00008000
149
150#define SCH_CRED_MEMORY_STORE_CERT 0x00010000
151
152#define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE 0x00020000
153
154#define SCH_SEND_ROOT_CERT 0x00040000
155#define SCH_CRED_SNI_CREDENTIAL 0x00080000
156#define SCH_CRED_SNI_ENABLE_OCSP 0x00100000
157#define SCH_SEND_AUX_RECORD 0x00200000
158
159#define SCHANNEL_RENEGOTIATE 0
160#define SCHANNEL_SHUTDOWN 1
161#define SCHANNEL_ALERT 2
162#define SCHANNEL_SESSION 3
163
164typedef struct
165{
166 DWORD dwTokenType;
167 DWORD dwAlertType;
168 DWORD dwAlertNumber;
169} SCHANNEL_ALERT_TOKEN;
170
171#define TLS1_ALERT_WARNING 1
172#define TLS1_ALERT_FATAL 2
173
174#define TLS1_ALERT_CLOSE_NOTIFY 0
175#define TLS1_ALERT_UNEXPECTED_MESSAGE 10
176#define TLS1_ALERT_BAD_RECORD_MAC 20
177#define TLS1_ALERT_DECRYPTION_FAILED 21
178#define TLS1_ALERT_RECORD_OVERFLOW 22
179#define TLS1_ALERT_DECOMPRESSION_FAIL 30
180#define TLS1_ALERT_HANDSHAKE_FAILURE 40
181#define TLS1_ALERT_BAD_CERTIFICATE 42
182#define TLS1_ALERT_UNSUPPORTED_CERT 43
183#define TLS1_ALERT_CERTIFICATE_REVOKED 44
184#define TLS1_ALERT_CERTIFICATE_EXPIRED 45
185#define TLS1_ALERT_CERTIFICATE_UNKNOWN 46
186#define TLS1_ALERT_ILLEGAL_PARAMETER 47
187#define TLS1_ALERT_UNKNOWN_CA 48
188#define TLS1_ALERT_ACCESS_DENIED 49
189#define TLS1_ALERT_DECODE_ERROR 50
190#define TLS1_ALERT_DECRYPT_ERROR 51
191#define TLS1_ALERT_EXPORT_RESTRICTION 60
192#define TLS1_ALERT_PROTOCOL_VERSION 70
193#define TLS1_ALERT_INSUFFIENT_SECURITY 71
194#define TLS1_ALERT_INTERNAL_ERROR 80
195#define TLS1_ALERT_USER_CANCELED 90
196#define TLS1_ALERT_NO_RENEGOTIATION 100
197#define TLS1_ALERT_UNSUPPORTED_EXT 110
198
199#define SSL_SESSION_ENABLE_RECONNECTS 1
200#define SSL_SESSION_DISABLE_RECONNECTS 2
201
202typedef struct
203{
204 DWORD dwTokenType;
205 DWORD dwFlags;
206} SCHANNEL_SESSION_TOKEN;
207
208typedef struct
209{
210 DWORD cbLength;
211 ALG_ID aiHash;
212 DWORD cbHash;
213 BYTE HashValue[36];
214 BYTE CertThumbprint[20];
215} SCHANNEL_CLIENT_SIGNATURE, *PSCHANNEL_CLIENT_SIGNATURE;
216
217#define SP_PROT_SSL3_SERVER 0x00000010
218#define SP_PROT_SSL3_CLIENT 0x00000020
219#define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT)
220
221#define SP_PROT_TLS1_SERVER 0x00000040
222#define SP_PROT_TLS1_CLIENT 0x00000080
223#define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT)
224
225#define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT)
226#define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER)
227#define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1)
228
229#define SP_PROT_UNI_SERVER 0x40000000
230#define SP_PROT_UNI_CLIENT 0x80000000
231#define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT)
232
233#define SP_PROT_ALL 0xFFFFFFFF
234#define SP_PROT_NONE 0
235#define SP_PROT_CLIENTS (SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT)
236#define SP_PROT_SERVERS (SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER)
237
238#define SP_PROT_TLS1_0_SERVER SP_PROT_TLS1_SERVER
239#define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT
240#define SP_PROT_TLS1_0 (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT)
241
242#define SP_PROT_TLS1_1_SERVER 0x00000100
243#define SP_PROT_TLS1_1_CLIENT 0x00000200
244#define SP_PROT_TLS1_1 (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT)
245
246#define SP_PROT_TLS1_2_SERVER 0x00000400
247#define SP_PROT_TLS1_2_CLIENT 0x00000800
248#define SP_PROT_TLS1_2 (SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT)
249
250#define SP_PROT_DTLS_SERVER 0x00010000
251#define SP_PROT_DTLS_CLIENT 0x00020000
252#define SP_PROT_DTLS (SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT)
253
254#define SP_PROT_DTLS1_0_SERVER SP_PROT_DTLS_SERVER
255#define SP_PROT_DTLS1_0_CLIENT SP_PROT_DTLS_CLIENT
256#define SP_PROT_DTLS1_0 (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT)
257
258#define SP_PROT_DTLS1_X_SERVER SP_PROT_DTLS1_0_SERVER
259
260#define SP_PROT_DTLS1_X_CLIENT SP_PROT_DTLS1_0_CLIENT
261
262#define SP_PROT_DTLS1_X (SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT)
263
264#define SP_PROT_TLS1_1PLUS_SERVER (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER)
265#define SP_PROT_TLS1_1PLUS_CLIENT (SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT)
266
267#define SP_PROT_TLS1_1PLUS (SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT)
268
269#define SP_PROT_TLS1_X_SERVER \
270 (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER)
271#define SP_PROT_TLS1_X_CLIENT \
272 (SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT)
273#define SP_PROT_TLS1_X (SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT)
274
275#define SP_PROT_SSL3TLS1_X_CLIENTS (SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT)
276#define SP_PROT_SSL3TLS1_X_SERVERS (SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER)
277#define SP_PROT_SSL3TLS1_X (SP_PROT_SSL3 | SP_PROT_TLS1_X)
278
279#define SP_PROT_X_CLIENTS (SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT | SP_PROT_DTLS1_X_CLIENT)
280#define SP_PROT_X_SERVERS (SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER | SP_PROT_DTLS1_X_SERVER)
281
282#endif
283
284#endif /* WINPR_SSPI_SCHANNEL_H */
CERT_CONTEXT
Definition wincrypt.h:269
SCHANNEL_ALERT_TOKEN
Definition include/winpr/schannel.h:165
SCHANNEL_CERT_HASH_STORE
Definition include/winpr/schannel.h:122
SCHANNEL_CERT_HASH
Definition include/winpr/schannel.h:114
SCHANNEL_CLIENT_SIGNATURE
Definition include/winpr/schannel.h:209
SCHANNEL_CRED
Definition include/winpr/schannel.h:88
SCHANNEL_SESSION_TOKEN
Definition include/winpr/schannel.h:203
SecPkgCred_CipherStrengths
Definition include/winpr/schannel.h:52
SecPkgCred_SupportedAlgs
Definition include/winpr/schannel.h:46
SecPkgCred_SupportedProtocols
Definition include/winpr/schannel.h:58