// Licensed under the Apache License, Version 2.0
// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
// All files in the project carrying such notice may not be copied, modified, or distributed
// except according to those terms.
use shared::basetsd::SIZE_T;
use shared::minwindef::{BOOL, DWORD, LPVOID, PBYTE, PDWORD, ULONG};
use um::minwinbase::SECURITY_ATTRIBUTES;
use um::wincrypt::ALG_ID;
use um::winnt::{LPCWSTR, LPWSTR, SID};
pub const WINEFS_SETUSERKEY_SET_CAPABILITIES: DWORD = 0x00000001;
STRUCT!{struct EFS_CERTIFICATE_BLOB {
dwCertEncodingType: DWORD,
cbData: DWORD,
pbData: PBYTE,
}}
pub type PEFS_CERTIFICATE_BLOB = *mut EFS_CERTIFICATE_BLOB;
STRUCT!{struct EFS_HASH_BLOB {
cbData: DWORD,
pbData: PBYTE,
}}
pub type PEFS_HASH_BLOB = *mut EFS_HASH_BLOB;
STRUCT!{struct EFS_RPC_BLOB {
cbData: DWORD,
pbData: PBYTE,
}}
pub type PEFS_RPC_BLOB = *mut EFS_RPC_BLOB;
STRUCT!{struct EFS_PIN_BLOB {
cbPadding: DWORD,
cbData: DWORD,
pbData: PBYTE,
}}
pub type PEFS_PIN_BLOB = *mut EFS_PIN_BLOB;
STRUCT!{struct EFS_KEY_INFO {
dwVersion: DWORD,
Entropy: ULONG,
Algorithm: ALG_ID,
KeyLength: ULONG,
}}
pub type PEFS_KEY_INFO = *mut EFS_KEY_INFO;
STRUCT!{struct EFS_COMPATIBILITY_INFO {
EfsVersion: DWORD,
}}
pub type PEFS_COMPATIBILITY_INFO = *mut EFS_COMPATIBILITY_INFO;
pub const EFS_COMPATIBILITY_VERSION_NCRYPT_PROTECTOR: DWORD = 5;
pub const EFS_COMPATIBILITY_VERSION_PFILE_PROTECTOR: DWORD = 6;
#[inline]
pub fn EFS_IS_DESCRIPTOR_VERSION(v: DWORD) -> bool {
v == EFS_COMPATIBILITY_VERSION_NCRYPT_PROTECTOR
|| v == EFS_COMPATIBILITY_VERSION_PFILE_PROTECTOR
}
pub const EFS_SUBVER_UNKNOWN: DWORD = 0;
pub const EFS_EFS_SUBVER_EFS_CERT: DWORD = 1;
pub const EFS_PFILE_SUBVER_RMS: DWORD = 2;
pub const EFS_PFILE_SUBVER_APPX: DWORD = 3;
STRUCT!{struct EFS_VERSION_INFO {
EfsVersion: DWORD,
SubVersion: DWORD,
}}
pub type PEFS_VERSION_INFO = *mut EFS_VERSION_INFO;
#[inline]
pub fn EFS_IS_APPX_VERSION(v: DWORD, subV: DWORD) -> bool {
v == EFS_COMPATIBILITY_VERSION_PFILE_PROTECTOR && subV == EFS_PFILE_SUBVER_APPX
}
STRUCT!{struct EFS_DECRYPTION_STATUS_INFO {
dwDecryptionError: DWORD,
dwHashOffset: DWORD,
cbHash: DWORD,
}}
pub type PEFS_DECRYPTION_STATUS_INFO = *mut EFS_DECRYPTION_STATUS_INFO;
STRUCT!{struct EFS_ENCRYPTION_STATUS_INFO {
bHasCurrentKey: BOOL,
dwEncryptionError: DWORD,
}}
pub type PEFS_ENCRYPTION_STATUS_INFO = *mut EFS_ENCRYPTION_STATUS_INFO;
STRUCT!{struct ENCRYPTION_CERTIFICATE {
cbTotalLength: DWORD,
pUserSid: *mut SID,
pCertBlob: PEFS_CERTIFICATE_BLOB,
}}
pub type PENCRYPTION_CERTIFICATE = *mut ENCRYPTION_CERTIFICATE;
pub const MAX_SID_SIZE: SIZE_T = 256;
STRUCT!{struct ENCRYPTION_CERTIFICATE_HASH {
cbTotalLength: DWORD,
pUserSid: *mut SID,
pHash: PEFS_HASH_BLOB,
lpDisplayInformation: LPWSTR,
}}
pub type PENCRYPTION_CERTIFICATE_HASH = *mut ENCRYPTION_CERTIFICATE_HASH;
STRUCT!{struct ENCRYPTION_CERTIFICATE_HASH_LIST {
nCert_Hash: DWORD,
pUsers: *mut PENCRYPTION_CERTIFICATE_HASH,
}}
pub type PENCRYPTION_CERTIFICATE_HASH_LIST = *mut ENCRYPTION_CERTIFICATE_HASH_LIST;
STRUCT!{struct ENCRYPTION_CERTIFICATE_LIST {
nUsers: DWORD,
pUsers: *mut PENCRYPTION_CERTIFICATE,
}}
pub type PENCRYPTION_CERTIFICATE_LIST = *mut ENCRYPTION_CERTIFICATE_LIST;
pub const EFS_METADATA_ADD_USER: DWORD = 0x00000001;
pub const EFS_METADATA_REMOVE_USER: DWORD = 0x00000002;
pub const EFS_METADATA_REPLACE_USER: DWORD = 0x00000004;
pub const EFS_METADATA_GENERAL_OP: DWORD = 0x00000008;
STRUCT!{struct ENCRYPTED_FILE_METADATA_SIGNATURE {
dwEfsAccessType: DWORD,
pCertificatesAdded: PENCRYPTION_CERTIFICATE_HASH_LIST,
pEncryptionCertificate: PENCRYPTION_CERTIFICATE,
pEfsStreamSignature: PEFS_RPC_BLOB,
}}
pub type PENCRYPTED_FILE_METADATA_SIGNATURE = *mut ENCRYPTED_FILE_METADATA_SIGNATURE;
STRUCT!{struct ENCRYPTION_PROTECTOR {
cbTotalLength: DWORD,
pUserSid: *mut SID,
lpProtectorDescriptor: LPWSTR,
}}
pub type PENCRYPTION_PROTECTOR = *mut ENCRYPTION_PROTECTOR;
STRUCT!{struct ENCRYPTION_PROTECTOR_LIST {
nProtectors: DWORD,
pProtectors: *mut PENCRYPTION_PROTECTOR,
}}
pub type PENCRYPTION_PROTECTOR_LIST = *mut ENCRYPTION_PROTECTOR_LIST;
extern "system" {
pub fn QueryUsersOnEncryptedFile(
lpFileName: LPCWSTR,
pUsers: *mut PENCRYPTION_CERTIFICATE_HASH_LIST,
) -> DWORD;
pub fn QueryRecoveryAgentsOnEncryptedFile(
lpFileName: LPCWSTR,
pRecoveryAgents: *mut PENCRYPTION_CERTIFICATE_HASH_LIST,
) -> DWORD;
pub fn RemoveUsersFromEncryptedFile(
lpFileName: LPCWSTR,
pHashes: PENCRYPTION_CERTIFICATE_HASH_LIST,
) -> DWORD;
pub fn AddUsersToEncryptedFile(
lpFileName: LPCWSTR,
pEncryptionCertificate: PENCRYPTION_CERTIFICATE_LIST,
) -> DWORD;
pub fn SetUserFileEncryptionKey(
pEncryptionCertificate: PENCRYPTION_CERTIFICATE,
) -> DWORD;
pub fn SetUserFileEncryptionKeyEx(
pEncryptionCertificate: PENCRYPTION_CERTIFICATE,
dwCapabilities: DWORD,
dwFlags: DWORD,
pvReserved: LPVOID,
) -> DWORD;
pub fn FreeEncryptionCertificateHashList(
pUsers: PENCRYPTION_CERTIFICATE_HASH_LIST,
);
pub fn EncryptionDisable(
DirPath: LPCWSTR,
Disable: BOOL,
) -> BOOL;
pub fn DuplicateEncryptionInfoFile(
SrcFileName: LPCWSTR,
DstFileName: LPCWSTR,
dwCreationDistribution: DWORD,
dwAttributes: DWORD,
lpSecurityAttributes: *const SECURITY_ATTRIBUTES,
) -> DWORD;
pub fn GetEncryptedFileMetadata(
lpFileName: LPCWSTR,
pcbMetadata: PDWORD,
ppbMetadata: *mut PBYTE,
) -> DWORD;
pub fn SetEncryptedFileMetadata(
lpFileName: LPCWSTR,
pbOldMetadata: PBYTE,
pbNewMetadata: PBYTE,
pOwnerHash: PENCRYPTION_CERTIFICATE_HASH,
dwOperation: DWORD,
pCertificatesAdded: PENCRYPTION_CERTIFICATE_HASH_LIST,
) -> DWORD;
pub fn FreeEncryptedFileMetadata(
pbMetadata: PBYTE,
);
}