FreeRDP
include/winpr/schannel.h
1 
20 #ifndef WINPR_SSPI_SCHANNEL_H
21 #define WINPR_SSPI_SCHANNEL_H
22 
23 #include <winpr/sspi.h>
24 #include <winpr/crypto.h>
25 
26 #if defined(_WIN32) && !defined(_UWP)
27 
28 #include <schannel.h>
29 
30 #else
31 
32 #define SCHANNEL_NAME_A "Schannel"
33 #define SCHANNEL_NAME_W L"Schannel"
34 
35 #ifdef _UNICODE
36 #define SCHANNEL_NAME SCHANNEL_NAME_W
37 #else
38 #define SCHANNEL_NAME SCHANNEL_NAME_A
39 #endif
40 
41 #define SECPKG_ATTR_SUPPORTED_ALGS 86
42 #define SECPKG_ATTR_CIPHER_STRENGTHS 87
43 #define SECPKG_ATTR_SUPPORTED_PROTOCOLS 88
44 
45 typedef struct
46 {
47  DWORD cSupportedAlgs;
48  ALG_ID* palgSupportedAlgs;
49 } SecPkgCred_SupportedAlgs, *PSecPkgCred_SupportedAlgs;
50 
51 typedef struct
52 {
53  DWORD dwMinimumCipherStrength;
54  DWORD dwMaximumCipherStrength;
55 } SecPkgCred_CipherStrengths, *PSecPkgCred_CipherStrengths;
56 
57 typedef struct
58 {
59  DWORD grbitProtocol;
60 } SecPkgCred_SupportedProtocols, *PSecPkgCred_SupportedProtocols;
61 
62 enum eTlsSignatureAlgorithm
63 {
64  TlsSignatureAlgorithm_Anonymous = 0,
65  TlsSignatureAlgorithm_Rsa = 1,
66  TlsSignatureAlgorithm_Dsa = 2,
67  TlsSignatureAlgorithm_Ecdsa = 3
68 };
69 
70 enum eTlsHashAlgorithm
71 {
72  TlsHashAlgorithm_None = 0,
73  TlsHashAlgorithm_Md5 = 1,
74  TlsHashAlgorithm_Sha1 = 2,
75  TlsHashAlgorithm_Sha224 = 3,
76  TlsHashAlgorithm_Sha256 = 4,
77  TlsHashAlgorithm_Sha384 = 5,
78  TlsHashAlgorithm_Sha512 = 6
79 };
80 
81 #define SCH_CRED_V1 0x00000001
82 #define SCH_CRED_V2 0x00000002
83 #define SCH_CRED_VERSION 0x00000002
84 #define SCH_CRED_V3 0x00000003
85 #define SCHANNEL_CRED_VERSION 0x00000004
86 
87 typedef struct
88 {
89  DWORD dwVersion;
90  DWORD cCreds;
91  PCCERT_CONTEXT* paCred;
92  HCERTSTORE hRootStore;
93 
94  DWORD cSupportedAlgs;
95  ALG_ID* palgSupportedAlgs;
96 
97  DWORD grbitEnabledProtocols;
98  DWORD dwMinimumCipherStrength;
99  DWORD dwMaximumCipherStrength;
100  DWORD dwSessionLifespan;
101  DWORD dwFlags;
102  DWORD dwCredFormat;
103 } SCHANNEL_CRED, *PSCHANNEL_CRED;
104 
105 #define SCH_CRED_FORMAT_CERT_CONTEXT 0x00000000
106 #define SCH_CRED_FORMAT_CERT_HASH 0x00000001
107 #define SCH_CRED_FORMAT_CERT_HASH_STORE 0x00000002
108 
109 #define SCH_CRED_MAX_STORE_NAME_SIZE 128
110 #define SCH_CRED_MAX_SUPPORTED_ALGS 256
111 #define SCH_CRED_MAX_SUPPORTED_CERTS 100
112 
113 typedef struct
114 {
115  DWORD dwLength;
116  DWORD dwFlags;
117  HCRYPTPROV hProv;
118  BYTE ShaHash[20];
119 } SCHANNEL_CERT_HASH, *PSCHANNEL_CERT_HASH;
120 
121 typedef struct
122 {
123  DWORD dwLength;
124  DWORD dwFlags;
125  HCRYPTPROV hProv;
126  BYTE ShaHash[20];
127  WCHAR pwszStoreName[SCH_CRED_MAX_STORE_NAME_SIZE];
128 } SCHANNEL_CERT_HASH_STORE, *PSCHANNEL_CERT_HASH_STORE;
129 
130 #define SCH_MACHINE_CERT_HASH 0x00000001
131 
132 #define SCH_CRED_NO_SYSTEM_MAPPER 0x00000002
133 #define SCH_CRED_NO_SERVERNAME_CHECK 0x00000004
134 #define SCH_CRED_MANUAL_CRED_VALIDATION 0x00000008
135 #define SCH_CRED_NO_DEFAULT_CREDS 0x00000010
136 #define SCH_CRED_AUTO_CRED_VALIDATION 0x00000020
137 #define SCH_CRED_USE_DEFAULT_CREDS 0x00000040
138 #define SCH_CRED_DISABLE_RECONNECTS 0x00000080
139 
140 #define SCH_CRED_REVOCATION_CHECK_END_CERT 0x00000100
141 #define SCH_CRED_REVOCATION_CHECK_CHAIN 0x00000200
142 #define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000400
143 #define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 0x00000800
144 #define SCH_CRED_IGNORE_REVOCATION_OFFLINE 0x00001000
145 
146 #define SCH_CRED_RESTRICTED_ROOTS 0x00002000
147 #define SCH_CRED_REVOCATION_CHECK_CACHE_ONLY 0x00004000
148 #define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL 0x00008000
149 
150 #define SCH_CRED_MEMORY_STORE_CERT 0x00010000
151 
152 #define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE 0x00020000
153 
154 #define SCH_SEND_ROOT_CERT 0x00040000
155 #define SCH_CRED_SNI_CREDENTIAL 0x00080000
156 #define SCH_CRED_SNI_ENABLE_OCSP 0x00100000
157 #define SCH_SEND_AUX_RECORD 0x00200000
158 
159 #define SCHANNEL_RENEGOTIATE 0
160 #define SCHANNEL_SHUTDOWN 1
161 #define SCHANNEL_ALERT 2
162 #define SCHANNEL_SESSION 3
163 
164 typedef struct
165 {
166  DWORD dwTokenType;
167  DWORD dwAlertType;
168  DWORD dwAlertNumber;
169 } SCHANNEL_ALERT_TOKEN;
170 
171 #define TLS1_ALERT_WARNING 1
172 #define TLS1_ALERT_FATAL 2
173 
174 #define TLS1_ALERT_CLOSE_NOTIFY 0
175 #define TLS1_ALERT_UNEXPECTED_MESSAGE 10
176 #define TLS1_ALERT_BAD_RECORD_MAC 20
177 #define TLS1_ALERT_DECRYPTION_FAILED 21
178 #define TLS1_ALERT_RECORD_OVERFLOW 22
179 #define TLS1_ALERT_DECOMPRESSION_FAIL 30
180 #define TLS1_ALERT_HANDSHAKE_FAILURE 40
181 #define TLS1_ALERT_BAD_CERTIFICATE 42
182 #define TLS1_ALERT_UNSUPPORTED_CERT 43
183 #define TLS1_ALERT_CERTIFICATE_REVOKED 44
184 #define TLS1_ALERT_CERTIFICATE_EXPIRED 45
185 #define TLS1_ALERT_CERTIFICATE_UNKNOWN 46
186 #define TLS1_ALERT_ILLEGAL_PARAMETER 47
187 #define TLS1_ALERT_UNKNOWN_CA 48
188 #define TLS1_ALERT_ACCESS_DENIED 49
189 #define TLS1_ALERT_DECODE_ERROR 50
190 #define TLS1_ALERT_DECRYPT_ERROR 51
191 #define TLS1_ALERT_EXPORT_RESTRICTION 60
192 #define TLS1_ALERT_PROTOCOL_VERSION 70
193 #define TLS1_ALERT_INSUFFIENT_SECURITY 71
194 #define TLS1_ALERT_INTERNAL_ERROR 80
195 #define TLS1_ALERT_USER_CANCELED 90
196 #define TLS1_ALERT_NO_RENEGOTIATION 100
197 #define TLS1_ALERT_UNSUPPORTED_EXT 110
198 
199 #define SSL_SESSION_ENABLE_RECONNECTS 1
200 #define SSL_SESSION_DISABLE_RECONNECTS 2
201 
202 typedef struct
203 {
204  DWORD dwTokenType;
205  DWORD dwFlags;
206 } SCHANNEL_SESSION_TOKEN;
207 
208 typedef struct
209 {
210  DWORD cbLength;
211  ALG_ID aiHash;
212  DWORD cbHash;
213  BYTE HashValue[36];
214  BYTE CertThumbprint[20];
215 } SCHANNEL_CLIENT_SIGNATURE, *PSCHANNEL_CLIENT_SIGNATURE;
216 
217 #define SP_PROT_SSL3_SERVER 0x00000010
218 #define SP_PROT_SSL3_CLIENT 0x00000020
219 #define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT)
220 
221 #define SP_PROT_TLS1_SERVER 0x00000040
222 #define SP_PROT_TLS1_CLIENT 0x00000080
223 #define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT)
224 
225 #define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT)
226 #define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER)
227 #define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1)
228 
229 #define SP_PROT_UNI_SERVER 0x40000000
230 #define SP_PROT_UNI_CLIENT 0x80000000
231 #define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT)
232 
233 #define SP_PROT_ALL 0xFFFFFFFF
234 #define SP_PROT_NONE 0
235 #define SP_PROT_CLIENTS (SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT)
236 #define SP_PROT_SERVERS (SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER)
237 
238 #define SP_PROT_TLS1_0_SERVER SP_PROT_TLS1_SERVER
239 #define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT
240 #define SP_PROT_TLS1_0 (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT)
241 
242 #define SP_PROT_TLS1_1_SERVER 0x00000100
243 #define SP_PROT_TLS1_1_CLIENT 0x00000200
244 #define SP_PROT_TLS1_1 (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT)
245 
246 #define SP_PROT_TLS1_2_SERVER 0x00000400
247 #define SP_PROT_TLS1_2_CLIENT 0x00000800
248 #define SP_PROT_TLS1_2 (SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT)
249 
250 #define SP_PROT_DTLS_SERVER 0x00010000
251 #define SP_PROT_DTLS_CLIENT 0x00020000
252 #define SP_PROT_DTLS (SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT)
253 
254 #define SP_PROT_DTLS1_0_SERVER SP_PROT_DTLS_SERVER
255 #define SP_PROT_DTLS1_0_CLIENT SP_PROT_DTLS_CLIENT
256 #define SP_PROT_DTLS1_0 (SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT)
257 
258 #define SP_PROT_DTLS1_X_SERVER SP_PROT_DTLS1_0_SERVER
259 
260 #define SP_PROT_DTLS1_X_CLIENT SP_PROT_DTLS1_0_CLIENT
261 
262 #define SP_PROT_DTLS1_X (SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT)
263 
264 #define SP_PROT_TLS1_1PLUS_SERVER (SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER)
265 #define SP_PROT_TLS1_1PLUS_CLIENT (SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT)
266 
267 #define SP_PROT_TLS1_1PLUS (SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT)
268 
269 #define SP_PROT_TLS1_X_SERVER \
270  (SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER)
271 #define SP_PROT_TLS1_X_CLIENT \
272  (SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT)
273 #define SP_PROT_TLS1_X (SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT)
274 
275 #define SP_PROT_SSL3TLS1_X_CLIENTS (SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT)
276 #define SP_PROT_SSL3TLS1_X_SERVERS (SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER)
277 #define SP_PROT_SSL3TLS1_X (SP_PROT_SSL3 | SP_PROT_TLS1_X)
278 
279 #define SP_PROT_X_CLIENTS (SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT | SP_PROT_DTLS1_X_CLIENT)
280 #define SP_PROT_X_SERVERS (SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER | SP_PROT_DTLS1_X_SERVER)
281 
282 #endif
283 
284 #endif /* WINPR_SSPI_SCHANNEL_H */
CERT_CONTEXT
Definition: wincrypt.h:269
SCHANNEL_ALERT_TOKEN
Definition: include/winpr/schannel.h:165
SCHANNEL_CERT_HASH_STORE
Definition: include/winpr/schannel.h:122
SCHANNEL_CERT_HASH
Definition: include/winpr/schannel.h:114
SCHANNEL_CLIENT_SIGNATURE
Definition: include/winpr/schannel.h:209
SCHANNEL_CRED
Definition: include/winpr/schannel.h:88
SCHANNEL_SESSION_TOKEN
Definition: include/winpr/schannel.h:203
SecPkgCred_CipherStrengths
Definition: include/winpr/schannel.h:52
SecPkgCred_SupportedAlgs
Definition: include/winpr/schannel.h:46
SecPkgCred_SupportedProtocols
Definition: include/winpr/schannel.h:58