From 1b6a04ca5504955c571d1c97504fb45ea0befee4 Mon Sep 17 00:00:00 2001 From: Valentin Popov Date: Mon, 8 Jan 2024 01:21:28 +0400 Subject: Initial vendor packages Signed-off-by: Valentin Popov --- vendor/winapi/src/um/schannel.rs | 339 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 339 insertions(+) create mode 100644 vendor/winapi/src/um/schannel.rs (limited to 'vendor/winapi/src/um/schannel.rs') diff --git a/vendor/winapi/src/um/schannel.rs b/vendor/winapi/src/um/schannel.rs new file mode 100644 index 0000000..5ec1ac0 --- /dev/null +++ b/vendor/winapi/src/um/schannel.rs @@ -0,0 +1,339 @@ +// Licensed under the Apache License, Version 2.0 +// or the MIT license +// , at your option. +// All files in the project carrying such notice may not be copied, modified, or distributed +// except according to those terms. +//! Public Definitions for SCHANNEL Security Provider +use shared::guiddef::GUID; +use shared::minwindef::{BYTE, DWORD, PBYTE, WORD}; +use shared::windef::HWND; +use um::wincrypt::{ALG_ID, HCERTSTORE, HCRYPTPROV, PCCERT_CONTEXT, PCERT_NAME_BLOB}; +use um::winnt::{HRESULT, LPWSTR, PVOID, WCHAR}; +pub const UNISP_NAME: &'static str = "Microsoft Unified Security Protocol Provider"; +pub const SSL2SP_NAME: &'static str = "Microsoft SSL 2.0"; +pub const SSL3SP_NAME: &'static str = "Microsoft SSL 3.0"; +pub const TLS1SP_NAME: &'static str = "Microsoft TLS 1.0"; +pub const PCT1SP_NAME: &'static str = "Microsoft PCT 1.0"; +pub const SCHANNEL_NAME: &'static str = "Schannel"; +ENUM!{enum eTlsSignatureAlgorithm { + TlsSignatureAlgorithm_Anonymous = 0, + TlsSignatureAlgorithm_Rsa = 1, + TlsSignatureAlgorithm_Dsa = 2, + TlsSignatureAlgorithm_Ecdsa = 3, +}} +ENUM!{enum eTlsHashAlgorithm { + TlsHashAlgorithm_None = 0, + TlsHashAlgorithm_Md5 = 1, + TlsHashAlgorithm_Sha1 = 2, + TlsHashAlgorithm_Sha224 = 3, + TlsHashAlgorithm_Sha256 = 4, + TlsHashAlgorithm_Sha384 = 5, + TlsHashAlgorithm_Sha512 = 6, +}} +pub const UNISP_RPC_ID: DWORD = 14; +STRUCT!{struct SecPkgContext_RemoteCredentialInfo { + cbCertificateChain: DWORD, + pbCertificateChain: PBYTE, + cCertificates: DWORD, + fFlags: DWORD, + dwBits: DWORD, +}} +pub type PSecPkgContext_RemoteCredentialInfo = *mut SecPkgContext_RemoteCredentialInfo; +pub type SecPkgContext_RemoteCredenitalInfo = SecPkgContext_RemoteCredentialInfo; +pub type PSecPkgContext_RemoteCredenitalInfo = *mut SecPkgContext_RemoteCredentialInfo; +pub const RCRED_STATUS_NOCRED: DWORD = 0x00000000; +pub const RCRED_CRED_EXISTS: DWORD = 0x00000001; +pub const RCRED_STATUS_UNKNOWN_ISSUER: DWORD = 0x00000002; +STRUCT!{struct SecPkgContext_LocalCredentialInfo { + cbCertificateChain: DWORD, + pbCertificateChain: PBYTE, + cCertificates: DWORD, + fFlags: DWORD, + dwBits: DWORD, +}} +pub type PSecPkgContext_LocalCredentialInfo = *mut SecPkgContext_LocalCredentialInfo; +pub type SecPkgContext_LocalCredenitalInfo = SecPkgContext_LocalCredentialInfo; +pub type PSecPkgContext_LocalCredenitalInfo = *mut SecPkgContext_LocalCredentialInfo; +pub const LCRED_STATUS_NOCRED: DWORD = 0x00000000; +pub const LCRED_CRED_EXISTS: DWORD = 0x00000001; +pub const LCRED_STATUS_UNKNOWN_ISSUER: DWORD = 0x00000002; +STRUCT!{struct SecPkgContext_ClientCertPolicyResult { + dwPolicyResult: HRESULT, + guidPolicyId: GUID, +}} +pub type PSecPkgContext_ClientCertPolicyResult = *mut SecPkgContext_ClientCertPolicyResult; +STRUCT!{struct SecPkgContext_IssuerListInfoEx { + aIssuers: PCERT_NAME_BLOB, + cIssuers: DWORD, +}} +pub type PSecPkgContext_IssuerListInfoEx = *mut SecPkgContext_IssuerListInfoEx; +STRUCT!{struct SecPkgContext_ConnectionInfo { + dwProtocol: DWORD, + aiCipher: ALG_ID, + dwCipherStrength: DWORD, + aiHash: ALG_ID, + dwHashStrength: DWORD, + aiExch: ALG_ID, + dwExchStrength: DWORD, +}} +pub type PSecPkgContext_ConnectionInfo = *mut SecPkgContext_ConnectionInfo; +pub const SZ_ALG_MAX_SIZE: usize = 64; +pub const SECPKGCONTEXT_CIPHERINFO_V1: DWORD = 1; +STRUCT!{struct SecPkgContext_CipherInfo { + dwVersion: DWORD, + dwProtocol: DWORD, + dwCipherSuite: DWORD, + dwBaseCipherSuite: DWORD, + szCipherSuite: [WCHAR; SZ_ALG_MAX_SIZE], + szCipher: [WCHAR; SZ_ALG_MAX_SIZE], + dwCipherLen: DWORD, + dwCipherBlockLen: DWORD, + szHash: [WCHAR; SZ_ALG_MAX_SIZE], + dwHashLen: DWORD, + szExchange: [WCHAR; SZ_ALG_MAX_SIZE], + dwMinExchangeLen: DWORD, + dwMaxExchangeLen: DWORD, + szCertificate: [WCHAR; SZ_ALG_MAX_SIZE], + dwKeyType: DWORD, +}} +pub type PSecPkgContext_CipherInfo = *mut SecPkgContext_CipherInfo; +STRUCT!{struct SecPkgContext_EapKeyBlock { + rgbKeys: [BYTE; 128], + rgbIVs: [BYTE; 64], +}} +pub type PSecPkgContext_EapKeyBlock = *mut SecPkgContext_EapKeyBlock; +STRUCT!{struct SecPkgContext_MappedCredAttr { + dwAttribute: DWORD, + pvBuffer: PVOID, +}} +pub type PSecPkgContext_MappedCredAttr = *mut SecPkgContext_MappedCredAttr; +pub const SSL_SESSION_RECONNECT: DWORD = 1; +STRUCT!{struct SecPkgContext_SessionInfo { + dwFlags: DWORD, + cbSessionId: DWORD, + rgbSessionId: [BYTE; 32], +}} +pub type PSecPkgContext_SessionInfo = *mut SecPkgContext_SessionInfo; +STRUCT!{struct SecPkgContext_SessionAppData { + dwFlags: DWORD, + cbAppData: DWORD, + pbAppData: PBYTE, +}} +pub type PSecPkgContext_SessionAppData = *mut SecPkgContext_SessionAppData; +STRUCT!{struct SecPkgContext_EapPrfInfo { + dwVersion: DWORD, + cbPrfData: DWORD, + pbPrfData: PBYTE, +}} +pub type PSecPkgContext_EapPrfInfo = *mut SecPkgContext_EapPrfInfo; +STRUCT!{struct SecPkgContext_SupportedSignatures { + cSignatureAndHashAlgorithms: WORD, + pSignatureAndHashAlgorithms: *mut WORD, +}} +pub type PSecPkgContext_SupportedSignatures = *mut SecPkgContext_SupportedSignatures; +STRUCT!{struct SecPkgContext_Certificates { + cCertificates: DWORD, + cbCertificateChain: DWORD, + pbCertificateChain: PBYTE, +}} +pub type PSecPkgContext_Certificates = *mut SecPkgContext_Certificates; +STRUCT!{struct SecPkgContext_CertInfo { + dwVersion: DWORD, + cbSubjectName: DWORD, + pwszSubjectName: LPWSTR, + cbIssuerName: DWORD, + pwszIssuerName: LPWSTR, + dwKeySize: DWORD, +}} +pub type PSecPkgContext_CertInfo = *mut SecPkgContext_CertInfo; +pub const KERN_CONTEXT_CERT_INFO_V1: DWORD = 0x00000000; +STRUCT!{struct SecPkgContext_UiInfo { + hParentWindow: HWND, +}} +pub type PSecPkgContext_UiInfo = *mut SecPkgContext_UiInfo; +STRUCT!{struct SecPkgContext_EarlyStart { + dwEarlyStartFlags: DWORD, +}} +pub type PSecPkgContext_EarlyStart = *mut SecPkgContext_EarlyStart; +pub const ENABLE_TLS_CLIENT_EARLY_START: DWORD = 0x00000001; +pub const SCH_CRED_V1: DWORD = 0x00000001; +pub const SCH_CRED_V2: DWORD = 0x00000002; +pub const SCH_CRED_VERSION: DWORD = 0x00000002; +pub const SCH_CRED_V3: DWORD = 0x00000003; +pub const SCHANNEL_CRED_VERSION: DWORD = 0x00000004; +pub const SCHANNEL_SECRET_TYPE_CAPI: DWORD = 0x00000001; +pub const SCHANNEL_SECRET_PRIVKEY: DWORD = 0x00000002; +pub const SCH_CRED_X509_CERTCHAIN: DWORD = 0x00000001; +pub const SCH_CRED_X509_CAPI: DWORD = 0x00000002; +pub const SCH_CRED_CERT_CONTEXT: DWORD = 0x00000003; +pub enum _HMAPPER {} +STRUCT!{struct SCHANNEL_CRED { + dwVersion: DWORD, + cCreds: DWORD, + paCred: *mut PCCERT_CONTEXT, + hRootStore: HCERTSTORE, + cMappers: DWORD, + aphMappers: *mut *mut _HMAPPER, + cSupportedAlgs: DWORD, + palgSupportedAlgs: *mut ALG_ID, + grbitEnabledProtocols: DWORD, + dwMinimumCipherStrength: DWORD, + dwMaximumCipherStrength: DWORD, + dwSessionLifespan: DWORD, + dwFlags: DWORD, + dwCredFormat: DWORD, +}} +pub type PSCHANNEL_CRED = *mut SCHANNEL_CRED; +pub const SCH_CRED_FORMAT_CERT_CONTEXT: DWORD = 0x00000000; +pub const SCH_CRED_FORMAT_CERT_HASH: DWORD = 0x00000001; +pub const SCH_CRED_FORMAT_CERT_HASH_STORE: DWORD = 0x00000002; +pub const SCH_CRED_MAX_STORE_NAME_SIZE: usize = 128; +pub const SCH_CRED_MAX_SUPPORTED_ALGS: DWORD = 256; +pub const SCH_CRED_MAX_SUPPORTED_CERTS: DWORD = 100; +STRUCT!{struct SCHANNEL_CERT_HASH { + dwLength: DWORD, + dwFlags: DWORD, + hProv: HCRYPTPROV, + ShaHash: [BYTE; 20], +}} +pub type PSCHANNEL_CERT_HASH = *mut SCHANNEL_CERT_HASH; +STRUCT!{struct SCHANNEL_CERT_HASH_STORE { + dwLength: DWORD, + dwFlags: DWORD, + hProv: HCRYPTPROV, + ShaHash: [BYTE; 20], + pwszStoreName: [WCHAR; SCH_CRED_MAX_STORE_NAME_SIZE], +}} +pub type PSCHANNEL_CERT_HASH_STORE = *mut SCHANNEL_CERT_HASH_STORE; +pub const SCH_MACHINE_CERT_HASH: DWORD = 0x00000001; +pub const SCH_CRED_NO_SYSTEM_MAPPER: DWORD = 0x00000002; +pub const SCH_CRED_NO_SERVERNAME_CHECK: DWORD = 0x00000004; +pub const SCH_CRED_MANUAL_CRED_VALIDATION: DWORD = 0x00000008; +pub const SCH_CRED_NO_DEFAULT_CREDS: DWORD = 0x00000010; +pub const SCH_CRED_AUTO_CRED_VALIDATION: DWORD = 0x00000020; +pub const SCH_CRED_USE_DEFAULT_CREDS: DWORD = 0x00000040; +pub const SCH_CRED_DISABLE_RECONNECTS: DWORD = 0x00000080; +pub const SCH_CRED_REVOCATION_CHECK_END_CERT: DWORD = 0x00000100; +pub const SCH_CRED_REVOCATION_CHECK_CHAIN: DWORD = 0x00000200; +pub const SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT: DWORD = 0x00000400; +pub const SCH_CRED_IGNORE_NO_REVOCATION_CHECK: DWORD = 0x00000800; +pub const SCH_CRED_IGNORE_REVOCATION_OFFLINE: DWORD = 0x00001000; +pub const SCH_CRED_RESTRICTED_ROOTS: DWORD = 0x00002000; +pub const SCH_CRED_REVOCATION_CHECK_CACHE_ONLY: DWORD = 0x00004000; +pub const SCH_CRED_CACHE_ONLY_URL_RETRIEVAL: DWORD = 0x00008000; +pub const SCH_CRED_MEMORY_STORE_CERT: DWORD = 0x00010000; +pub const SCH_CRED_CACHE_ONLY_URL_RETRIEVAL_ON_CREATE: DWORD = 0x00020000; +pub const SCH_SEND_ROOT_CERT: DWORD = 0x00040000; +pub const SCH_CRED_SNI_CREDENTIAL: DWORD = 0x00080000; +pub const SCH_CRED_SNI_ENABLE_OCSP: DWORD = 0x00100000; +pub const SCH_SEND_AUX_RECORD: DWORD = 0x00200000; +pub const SCH_USE_STRONG_CRYPTO: DWORD = 0x00400000; +pub const SCHANNEL_RENEGOTIATE: DWORD = 0; +pub const SCHANNEL_SHUTDOWN: DWORD = 1; +pub const SCHANNEL_ALERT: DWORD = 2; +pub const SCHANNEL_SESSION: DWORD = 3; +STRUCT!{struct SCHANNEL_ALERT_TOKEN { + dwTokenType: DWORD, + dwAlertType: DWORD, + dwAlertNumber: DWORD, +}} +pub const TLS1_ALERT_WARNING: DWORD = 1; +pub const TLS1_ALERT_FATAL: DWORD = 2; +pub const TLS1_ALERT_CLOSE_NOTIFY: DWORD = 0; +pub const TLS1_ALERT_UNEXPECTED_MESSAGE: DWORD = 10; +pub const TLS1_ALERT_BAD_RECORD_MAC: DWORD = 20; +pub const TLS1_ALERT_DECRYPTION_FAILED: DWORD = 21; +pub const TLS1_ALERT_RECORD_OVERFLOW: DWORD = 22; +pub const TLS1_ALERT_DECOMPRESSION_FAIL: DWORD = 30; +pub const TLS1_ALERT_HANDSHAKE_FAILURE: DWORD = 40; +pub const TLS1_ALERT_BAD_CERTIFICATE: DWORD = 42; +pub const TLS1_ALERT_UNSUPPORTED_CERT: DWORD = 43; +pub const TLS1_ALERT_CERTIFICATE_REVOKED: DWORD = 44; +pub const TLS1_ALERT_CERTIFICATE_EXPIRED: DWORD = 45; +pub const TLS1_ALERT_CERTIFICATE_UNKNOWN: DWORD = 46; +pub const TLS1_ALERT_ILLEGAL_PARAMETER: DWORD = 47; +pub const TLS1_ALERT_UNKNOWN_CA: DWORD = 48; +pub const TLS1_ALERT_ACCESS_DENIED: DWORD = 49; +pub const TLS1_ALERT_DECODE_ERROR: DWORD = 50; +pub const TLS1_ALERT_DECRYPT_ERROR: DWORD = 51; +pub const TLS1_ALERT_EXPORT_RESTRICTION: DWORD = 60; +pub const TLS1_ALERT_PROTOCOL_VERSION: DWORD = 70; +pub const TLS1_ALERT_INSUFFIENT_SECURITY: DWORD = 71; +pub const TLS1_ALERT_INTERNAL_ERROR: DWORD = 80; +pub const TLS1_ALERT_USER_CANCELED: DWORD = 90; +pub const TLS1_ALERT_NO_RENEGOTIATION: DWORD = 100; +pub const TLS1_ALERT_UNSUPPORTED_EXT: DWORD = 110; +pub const TLS1_ALERT_NO_APP_PROTOCOL: DWORD = 120; +pub const SSL_SESSION_ENABLE_RECONNECTS: DWORD = 1; +pub const SSL_SESSION_DISABLE_RECONNECTS: DWORD = 2; +STRUCT!{struct SCHANNEL_SESSION_TOKEN { + dwTokenType: DWORD, + dwFlags: DWORD, +}} +STRUCT!{struct SCHANNEL_CLIENT_SIGNATURE { + cbLength: DWORD, + aiHash: ALG_ID, + cbHash: DWORD, + HashValue: [BYTE; 36], + CertThumbprint: [BYTE; 20], +}} +pub type PSCHANNEL_CLIENT_SIGNATURE = *mut SCHANNEL_CLIENT_SIGNATURE; +pub const SP_PROT_PCT1_SERVER: DWORD = 0x00000001; +pub const SP_PROT_PCT1_CLIENT: DWORD = 0x00000002; +pub const SP_PROT_PCT1: DWORD = SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT; +pub const SP_PROT_SSL2_SERVER: DWORD = 0x00000004; +pub const SP_PROT_SSL2_CLIENT: DWORD = 0x00000008; +pub const SP_PROT_SSL2: DWORD = SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT; +pub const SP_PROT_SSL3_SERVER: DWORD = 0x00000010; +pub const SP_PROT_SSL3_CLIENT: DWORD = 0x00000020; +pub const SP_PROT_SSL3: DWORD = SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT; +pub const SP_PROT_TLS1_SERVER: DWORD = 0x00000040; +pub const SP_PROT_TLS1_CLIENT: DWORD = 0x00000080; +pub const SP_PROT_TLS1: DWORD = SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT; +pub const SP_PROT_SSL3TLS1_CLIENTS: DWORD = SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT; +pub const SP_PROT_SSL3TLS1_SERVERS: DWORD = SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER; +pub const SP_PROT_SSL3TLS1: DWORD = SP_PROT_SSL3 | SP_PROT_TLS1; +pub const SP_PROT_UNI_SERVER: DWORD = 0x40000000; +pub const SP_PROT_UNI_CLIENT: DWORD = 0x80000000; +pub const SP_PROT_UNI: DWORD = SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT; +pub const SP_PROT_ALL: DWORD = 0xffffffff; +pub const SP_PROT_NONE: DWORD = 0; +pub const SP_PROT_CLIENTS: DWORD = SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT + | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT; +pub const SP_PROT_SERVERS: DWORD = SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER + | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER; +pub const SP_PROT_TLS1_0_SERVER: DWORD = SP_PROT_TLS1_SERVER; +pub const SP_PROT_TLS1_0_CLIENT: DWORD = SP_PROT_TLS1_CLIENT; +pub const SP_PROT_TLS1_0: DWORD = SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_0_CLIENT; +pub const SP_PROT_TLS1_1_SERVER: DWORD = 0x00000100; +pub const SP_PROT_TLS1_1_CLIENT: DWORD = 0x00000200; +pub const SP_PROT_TLS1_1: DWORD = SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_1_CLIENT; +pub const SP_PROT_TLS1_2_SERVER: DWORD = 0x00000400; +pub const SP_PROT_TLS1_2_CLIENT: DWORD = 0x00000800; +pub const SP_PROT_TLS1_2: DWORD = SP_PROT_TLS1_2_SERVER | SP_PROT_TLS1_2_CLIENT; +pub const SP_PROT_DTLS_SERVER: DWORD = 0x00010000; +pub const SP_PROT_DTLS_CLIENT: DWORD = 0x00020000; +pub const SP_PROT_DTLS: DWORD = SP_PROT_DTLS_SERVER | SP_PROT_DTLS_CLIENT; +pub const SP_PROT_DTLS1_0_SERVER: DWORD = SP_PROT_DTLS_SERVER; +pub const SP_PROT_DTLS1_0_CLIENT: DWORD = SP_PROT_DTLS_CLIENT; +pub const SP_PROT_DTLS1_0: DWORD = SP_PROT_DTLS1_0_SERVER | SP_PROT_DTLS1_0_CLIENT; +pub const SP_PROT_DTLS1_X_SERVER: DWORD = SP_PROT_DTLS1_0_SERVER; +pub const SP_PROT_DTLS1_X_CLIENT: DWORD = SP_PROT_DTLS1_0_CLIENT; +pub const SP_PROT_DTLS1_X: DWORD = SP_PROT_DTLS1_X_SERVER | SP_PROT_DTLS1_X_CLIENT; +pub const SP_PROT_TLS1_1PLUS_SERVER: DWORD = SP_PROT_TLS1_1_SERVER | SP_PROT_TLS1_2_SERVER; +pub const SP_PROT_TLS1_1PLUS_CLIENT: DWORD = SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT; +pub const SP_PROT_TLS1_1PLUS: DWORD = SP_PROT_TLS1_1PLUS_SERVER | SP_PROT_TLS1_1PLUS_CLIENT; +pub const SP_PROT_TLS1_X_SERVER: DWORD = SP_PROT_TLS1_0_SERVER | SP_PROT_TLS1_1_SERVER + | SP_PROT_TLS1_2_SERVER; +pub const SP_PROT_TLS1_X_CLIENT: DWORD = SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT + | SP_PROT_TLS1_2_CLIENT; +pub const SP_PROT_TLS1_X: DWORD = SP_PROT_TLS1_X_SERVER | SP_PROT_TLS1_X_CLIENT; +pub const SP_PROT_SSL3TLS1_X_CLIENTS: DWORD = SP_PROT_TLS1_X_CLIENT | SP_PROT_SSL3_CLIENT; +pub const SP_PROT_SSL3TLS1_X_SERVERS: DWORD = SP_PROT_TLS1_X_SERVER | SP_PROT_SSL3_SERVER; +pub const SP_PROT_SSL3TLS1_X: DWORD = SP_PROT_SSL3 | SP_PROT_TLS1_X; +pub const SP_PROT_X_CLIENTS: DWORD = SP_PROT_CLIENTS | SP_PROT_TLS1_X_CLIENT + | SP_PROT_DTLS1_X_CLIENT; +pub const SP_PROT_X_SERVERS: DWORD = SP_PROT_SERVERS | SP_PROT_TLS1_X_SERVER + | SP_PROT_DTLS1_X_SERVER; +pub const SSL_CRACK_CERTIFICATE_NAME: &'static str = "SslCrackCertificate"; +pub const SSL_FREE_CERTIFICATE_NAME: &'static str = "SslFreeCertificate"; -- cgit v1.2.3