Update 3.
From 43d18b7edc96a3f28a474ba4ba040e5bd1387e9d Mon Sep 17 00:00:00 2001 From: Biswapriyo Nath <nathbap...@gmail.com> Date: Sat, 9 Nov 2019 10:28:54 +0530 Subject: [PATCH] include/wincrypt: update header file
Signed-off-by: Biswapriyo Nath <nathbap...@gmail.com> --- mingw-w64-headers/include/wincrypt.h | 575 +++++++++++++++++++++++++-- 1 file changed, 550 insertions(+), 25 deletions(-) diff --git a/mingw-w64-headers/include/wincrypt.h b/mingw-w64-headers/include/wincrypt.h index 0e84a351..e2636803 100644 --- a/mingw-w64-headers/include/wincrypt.h +++ b/mingw-w64-headers/include/wincrypt.h @@ -95,9 +95,19 @@ extern "C" { #define ALG_TYPE_STREAM (4 << 9) #define ALG_TYPE_DH (5 << 9) #define ALG_TYPE_SECURECHANNEL (6 << 9) +#if NTDDI_VERSION >= NTDDI_VISTA +#define ALG_TYPE_ECDH (7 << 9) +#endif +#if NTDDI_VERSION >= NTDDI_WIN10_RS1 +#define ALG_TYPE_THIRDPARTY (8 << 9) +#endif #define ALG_SID_ANY (0) +#if NTDDI_VERSION >= NTDDI_WIN10_RS1 +#define ALG_SID_THIRDPARTY_ANY (0) +#endif + #define ALG_SID_RSA_ANY 0 #define ALG_SID_RSA_PKCS 1 #define ALG_SID_RSA_MSATWORK 2 @@ -107,7 +117,7 @@ extern "C" { #define ALG_SID_DSS_ANY 0 #define ALG_SID_DSS_PKCS 1 #define ALG_SID_DSS_DMS 2 -#if NTDDI_VERSION >= 0x06000000 +#if NTDDI_VERSION >= NTDDI_VISTA #define ALG_SID_ECDSA 3 #endif @@ -123,10 +133,12 @@ extern "C" { #define ALG_SID_TEK 11 #define ALG_SID_CYLINK_MEK 12 #define ALG_SID_RC5 13 +#if NTDDI_VERSION >= NTDDI_WINXP #define ALG_SID_AES_128 14 #define ALG_SID_AES_192 15 #define ALG_SID_AES_256 16 #define ALG_SID_AES 17 +#endif #define CRYPT_MODE_CBCI 6 #define CRYPT_MODE_CFBP 7 @@ -143,8 +155,9 @@ extern "C" { #define ALG_SID_DH_EPHEM 2 #define ALG_SID_AGREED_KEY_ANY 3 #define ALG_SID_KEA 4 -#if NTDDI_VERSION >= 0x06000000 +#if NTDDI_VERSION >= NTDDI_VISTA #define ALG_SID_ECDH 5 +#define ALG_SID_ECDH_EPHEM 6 #endif #define ALG_SID_MD2 1 @@ -158,10 +171,14 @@ extern "C" { #define ALG_SID_SSL3SHAMD5 8 #define ALG_SID_HMAC 9 #define ALG_SID_TLS1PRF 10 +#if NTDDI_VERSION >= NTDDI_WINXP #define ALG_SID_HASH_REPLACE_OWF 11 +#endif +#if NTDDI_VERSION > NTDDI_WINXPSP2 #define ALG_SID_SHA_256 12 #define ALG_SID_SHA_384 13 #define ALG_SID_SHA_512 14 +#endif #define ALG_SID_SSL3_MASTER 1 #define ALG_SID_SCHANNEL_MASTER_HASH 2 @@ -171,7 +188,7 @@ extern "C" { #define ALG_SID_TLS1_MASTER 6 #define ALG_SID_SCHANNEL_ENC_KEY 7 -#if NTDDI_VERSION >= 0x06000000 +#if NTDDI_VERSION >= NTDDI_VISTA #define ALG_SID_ECMQV 1 #endif @@ -190,7 +207,9 @@ extern "C" { #define CALG_MAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC) #define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RSA_ANY) #define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DSS_ANY) +#if NTDDI_VERSION >= NTDDI_WINXP #define CALG_NO_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_ANY) +#endif #define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA_ANY) #define CALG_DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_DES) #define CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES_112) @@ -218,18 +237,44 @@ extern "C" { #define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC5) #define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC) #define CALG_TLS1PRF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF) +#if NTDDI_VERSION >= NTDDI_WINXP #define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_REPLACE_OWF) #define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_128) #define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_192) #define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_256) #define CALG_AES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES) +#endif +#if NTDDI_VERSION > NTDDI_WINXPSP2 #define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256) #define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384) #define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512) -#if NTDDI_VERSION >= 0x06000000 +#endif +#if NTDDI_VERSION >= NTDDI_VISTA #define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_ECDH) +#define CALG_ECDH_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ECDH | ALG_SID_ECDH_EPHEM) #define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID_ECMQV) #define CALG_ECDSA (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_ECDSA) +#define CALG_NULLCIPHER (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_ANY | 0) +#endif +#if NTDDI_VERSION >= NTDDI_WIN10_RS1 +#define CALG_THIRDPARTY_KEY_EXCHANGE (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_THIRDPARTY | ALG_SID_THIRDPARTY_ANY) +#define CALG_THIRDPARTY_SIGNATURE (ALG_CLASS_SIGNATURE | ALG_TYPE_THIRDPARTY | ALG_SID_THIRDPARTY_ANY) +#define CALG_THIRDPARTY_CIPHER (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_THIRDPARTY | ALG_SID_THIRDPARTY_ANY) +#define CALG_THIRDPARTY_HASH (ALG_CLASS_HASH | ALG_TYPE_THIRDPARTY | ALG_SID_THIRDPARTY_ANY) +#endif + +#if NTDDI_VERSION < NTDDI_WINXP +#define SIGNATURE_RESOURCE_NUMBER 0x29A + + typedef struct _VTableProvStruc { + DWORD Version; + FARPROC FuncVerifyImage; + FARPROC FuncReturnhWnd; + DWORD dwProvType; + BYTE *pbContextInfo; + DWORD cbContextInfo; + LPSTR pszProvName; + } VTableProvStruc, *PVTableProvStruc; #endif /* In ncrypt.h too */ @@ -245,7 +290,7 @@ extern "C" { #define CRYPT_DELETEKEYSET 0x10 #define CRYPT_MACHINE_KEYSET 0x20 #define CRYPT_SILENT 0x40 -#if NTDDI_VERSION >= 0x06000000 +#if NTDDI_VERSION >= NTDDI_VISTA #define CRYPT_DEFAULT_CONTAINER_OPTIONAL 0x80 #endif @@ -264,8 +309,10 @@ extern "C" { #define CRYPT_DATA_KEY 0x800 #define CRYPT_VOLATILE 0x1000 #define CRYPT_SGCKEY 0x2000 +#if NTDDI_VERSION >= NTDDI_WINXP #define CRYPT_ARCHIVABLE 0x4000 -#if NTDDI_VERSION >= 0x06000000 +#endif +#if NTDDI_VERSION >= NTDDI_VISTA #define CRYPT_FORCE_KEY_PROTECTION_HIGH 0x8000 #endif #define CRYPT_USER_PROTECTED_STRONG 0x100000 @@ -279,13 +326,19 @@ extern "C" { #define CRYPT_Y_ONLY 0x1 #define CRYPT_SSL2_FALLBACK 0x2 #define CRYPT_DESTROYKEY 0x4 +#if NTDDI_VERSION >= NTDDI_WS03 #define CRYPT_DECRYPT_RSA_NO_PADDING_CHECK 0x20 +#endif #define CRYPT_OAEP 0x40 #define CRYPT_BLOB_VER3 0x80 +#if NTDDI_VERSION >= NTDDI_WINXP #define CRYPT_IPSEC_HMAC_KEY 0x100 +#endif #define CRYPT_SECRETDIGEST 0x1 +#if NTDDI_VERSION >= NTDDI_WINXP #define CRYPT_OWF_REPL_LM_HASH 0x1 +#endif #define CRYPT_LITTLE_ENDIAN 0x1 #define CRYPT_NOHASHOID 0x1 @@ -303,7 +356,9 @@ extern "C" { #define OPAQUEKEYBLOB 0x9 #define PUBLICKEYBLOBEX 0xa #define SYMMETRICWRAPKEYBLOB 0xb +#if NTDDI_VERSION >= NTDDI_WS03 #define KEYSTATEBLOB 0xc +#endif #define AT_KEYEXCHANGE 1 #define AT_SIGNATURE 2 @@ -344,14 +399,18 @@ extern "C" { #define KP_KEYEXCHANGE_PIN 32 #define KP_SIGNATURE_PIN 33 #define KP_PREHASH 34 +#if NTDDI_VERSION >= NTDDI_WS03 #define KP_ROUNDS 35 +#endif #define KP_OAEP_PARAMS 36 #define KP_CMS_KEY_INFO 37 #define KP_CMS_DH_KEY_INFO 38 #define KP_PUB_PARAMS 39 #define KP_VERIFY_PARAMS 40 #define KP_HIGHEST_VERSION 41 +#if NTDDI_VERSION >= NTDDI_WS03 #define KP_GET_USE_COUNT 42 +#endif #define KP_PIN_ID 43 #define KP_PIN_INFO 44 @@ -373,7 +432,9 @@ extern "C" { #define CRYPT_MAC 0x20 #define CRYPT_EXPORT_KEY 0x40 #define CRYPT_IMPORT_KEY 0x80 +#if NTDDI_VERSION >= NTDDI_WINXP #define CRYPT_ARCHIVE 0x100 +#endif #define HP_ALGID 0x1 #define HP_HASHVAL 0x2 @@ -418,14 +479,16 @@ extern "C" { #define PP_USE_HARDWARE_RNG 38 #define PP_KEYSPEC 39 #define PP_ENUMEX_SIGNING_PROT 40 +#if NTDDI_VERSION >= NTDDI_WS03 #define PP_CRYPT_COUNT_KEY_USE 41 -#if NTDDI_VERSION >= 0x06000000 +#endif +#if NTDDI_VERSION >= NTDDI_VISTA #define PP_USER_CERTSTORE 42 #define PP_SMARTCARD_READER 43 #define PP_SMARTCARD_GUID 45 #define PP_ROOT_CERTSTORE 46 #endif -#if NTDDI_VERSION >= 0x06020000 +#if NTDDI_VERSION >= NTDDI_WIN8 #define PP_SMARTCARD_READER_ICON 47 #endif @@ -460,11 +523,14 @@ extern "C" { #define PP_KEYEXCHANGE_ALG 14 #define PP_SIGNATURE_ALG 15 #define PP_DELETEKEY 24 -#if NTDDI_VERSION >= 0x06000000 +#if NTDDI_VERSION >= NTDDI_VISTA #define PP_PIN_PROMPT_STRING 44 #define PP_SECURE_KEYEXCHANGE_PIN 47 #define PP_SECURE_SIGNATURE_PIN 48 #endif +#if NTDDI_VERSION >= NTDDI_WIN10_RS5 +#define PP_DISMISS_PIN_UI_SEC 49 +#endif #define PROV_RSA_FULL 1 #define PROV_RSA_SIG 2 @@ -487,8 +553,10 @@ extern "C" { #define PROV_SPYRUS_LYNKS 20 #define PROV_RNG 21 #define PROV_INTEL_SEC 22 +#if NTDDI_VERSION >= NTDDI_WINXP #define PROV_REPLACE_OWF 23 #define PROV_RSA_AES 24 +#endif #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP) @@ -502,8 +570,10 @@ extern "C" { #define MS_ENH_DSS_DH_PROV __MINGW_NAME_UAW(MS_ENH_DSS_DH_PROV) #define MS_DEF_DH_SCHANNEL_PROV __MINGW_NAME_UAW(MS_DEF_DH_SCHANNEL_PROV) #define MS_SCARD_PROV __MINGW_NAME_UAW(MS_SCARD_PROV) +#if NTDDI_VERSION >= NTDDI_WINXP #define MS_ENH_RSA_AES_PROV_XP __MINGW_NAME_UAW(MS_ENH_RSA_AES_PROV_XP) #define MS_ENH_RSA_AES_PROV __MINGW_NAME_UAW(MS_ENH_RSA_AES_PROV) +#endif #define MS_DEF_PROV_A "Microsoft Base Cryptographic Provider v1.0" #define MS_DEF_PROV_W L"Microsoft Base Cryptographic Provider v1.0" @@ -525,10 +595,12 @@ extern "C" { #define MS_DEF_DH_SCHANNEL_PROV_W L"Microsoft DH SChannel Cryptographic Provider" #define MS_SCARD_PROV_A "Microsoft Base Smart Card Crypto Provider" #define MS_SCARD_PROV_W L"Microsoft Base Smart Card Crypto Provider" +#if NTDDI_VERSION >= NTDDI_WINXP #define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Provider" #define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic Provider" #define MS_ENH_RSA_AES_PROV_XP_A "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" #define MS_ENH_RSA_AES_PROV_XP_W L"Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" +#endif #define MAXUIDLEN 64 @@ -542,11 +614,13 @@ extern "C" { #define szKEY_CACHE_ENABLED "CachePrivateKeys" #define szKEY_CACHE_SECONDS "PrivateKeyLifetimeSeconds" +#if NTDDI_VERSION >= NTDDI_WINXP #define szPRIV_KEY_CACHE_MAX_ITEMS "PrivKeyCacheMaxItems" #define cPRIV_KEY_CACHE_MAX_ITEMS_DEFAULT 20 #define szPRIV_KEY_CACHE_PURGE_INTERVAL_SECONDS "PrivKeyCachePurgeIntervalSeconds" #define cPRIV_KEY_CACHE_PURGE_INTERVAL_SECONDS_DEFAULT 86400 +#endif #define CUR_BLOB_VERSION 2 @@ -648,6 +722,7 @@ extern "C" { unsigned char CertLabel[36]; } CERT_FORTEZZA_DATA_PROP; +#if NTDDI_VERSION >= NTDDI_WS03 typedef struct _CRYPT_RC4_KEY_STATE { unsigned char Key[16]; unsigned char SBox[256]; @@ -666,8 +741,9 @@ extern "C" { unsigned char IV[8]; unsigned char Feedback[8]; } CRYPT_3DES_KEY_STATE,*PCRYPT_3DES_KEY_STATE; +#endif -#if NTDDI_VERSION >= 0x06000000 +#if NTDDI_VERSION >= NTDDI_VISTA typedef struct _CRYPT_AES_128_KEY_STATE { unsigned char Key[16]; unsigned char IV[16]; @@ -756,8 +832,10 @@ extern "C" { WINIMPM WINBOOL WINAPI CryptContextAddRef (HCRYPTPROV hProv, DWORD *pdwReserved, DWORD dwFlags); WINIMPM WINBOOL WINAPI CryptDuplicateKey (HCRYPTKEY hKey, DWORD *pdwReserved, DWORD dwFlags, HCRYPTKEY *phKey); WINIMPM WINBOOL WINAPI CryptDuplicateHash (HCRYPTHASH hHash, DWORD *pdwReserved, DWORD dwFlags, HCRYPTHASH *phHash); +#if NTDDI_VERSION >= NTDDI_WS03 WINBOOL __cdecl GetEncSChannel (BYTE **pData, DWORD *dwDecSize); #endif +#endif #ifndef _DDK_DRIVER_ typedef ULONG_PTR HCRYPTPROV_OR_NCRYPT_KEY_HANDLE; @@ -864,6 +942,55 @@ extern "C" { #define szOID_ECC_CURVE_P256 "1.2.840.10045.3.1.7" #define szOID_ECC_CURVE_P384 "1.3.132.0.34" #define szOID_ECC_CURVE_P521 "1.3.132.0.35" + +#define szOID_ECC_CURVE_BRAINPOOLP160R1 "1.3.36.3.3.2.8.1.1.1" +#define szOID_ECC_CURVE_BRAINPOOLP160T1 "1.3.36.3.3.2.8.1.1.2" +#define szOID_ECC_CURVE_BRAINPOOLP192R1 "1.3.36.3.3.2.8.1.1.3" +#define szOID_ECC_CURVE_BRAINPOOLP192T1 "1.3.36.3.3.2.8.1.1.4" +#define szOID_ECC_CURVE_BRAINPOOLP224R1 "1.3.36.3.3.2.8.1.1.5" +#define szOID_ECC_CURVE_BRAINPOOLP224T1 "1.3.36.3.3.2.8.1.1.6" +#define szOID_ECC_CURVE_BRAINPOOLP256R1 "1.3.36.3.3.2.8.1.1.7" +#define szOID_ECC_CURVE_BRAINPOOLP256T1 "1.3.36.3.3.2.8.1.1.8" +#define szOID_ECC_CURVE_BRAINPOOLP320R1 "1.3.36.3.3.2.8.1.1.9" +#define szOID_ECC_CURVE_BRAINPOOLP320T1 "1.3.36.3.3.2.8.1.1.10" +#define szOID_ECC_CURVE_BRAINPOOLP384R1 "1.3.36.3.3.2.8.1.1.11" +#define szOID_ECC_CURVE_BRAINPOOLP384T1 "1.3.36.3.3.2.8.1.1.12" +#define szOID_ECC_CURVE_BRAINPOOLP512R1 "1.3.36.3.3.2.8.1.1.13" +#define szOID_ECC_CURVE_BRAINPOOLP512T1 "1.3.36.3.3.2.8.1.1.14" + +#define szOID_ECC_CURVE_EC192WAPI "1.2.156.11235.1.1.2.1" +#define szOID_CN_ECDSA_SHA256 "1.2.156.11235.1.1.1" + +#define szOID_ECC_CURVE_NISTP192 "1.2.840.10045.3.1.1" +#define szOID_ECC_CURVE_NISTP224 "1.3.132.0.33" +#define szOID_ECC_CURVE_NISTP256 szOID_ECC_CURVE_P256 +#define szOID_ECC_CURVE_NISTP384 szOID_ECC_CURVE_P384 +#define szOID_ECC_CURVE_NISTP521 szOID_ECC_CURVE_P521 + +#define szOID_ECC_CURVE_SECP160K1 "1.3.132.0.9" +#define szOID_ECC_CURVE_SECP160R1 "1.3.132.0.8" +#define szOID_ECC_CURVE_SECP160R2 "1.3.132.0.30" +#define szOID_ECC_CURVE_SECP192K1 "1.3.132.0.31" +#define szOID_ECC_CURVE_SECP192R1 szOID_ECC_CURVE_NISTP192 +#define szOID_ECC_CURVE_SECP224K1 "1.3.132.0.32" +#define szOID_ECC_CURVE_SECP224R1 szOID_ECC_CURVE_NISTP224 +#define szOID_ECC_CURVE_SECP256K1 "1.3.132.0.10" +#define szOID_ECC_CURVE_SECP256R1 szOID_ECC_CURVE_P256 +#define szOID_ECC_CURVE_SECP384R1 szOID_ECC_CURVE_P384 +#define szOID_ECC_CURVE_SECP521R1 szOID_ECC_CURVE_P521 + +#define szOID_ECC_CURVE_WTLS7 szOID_ECC_CURVE_SECP160R2 +#define szOID_ECC_CURVE_WTLS9 "2.23.43.1.4.9" +#define szOID_ECC_CURVE_WTLS12 szOID_ECC_CURVE_NISTP224 + +#define szOID_ECC_CURVE_X962P192V1 "1.2.840.10045.3.1.1" +#define szOID_ECC_CURVE_X962P192V2 "1.2.840.10045.3.1.2" +#define szOID_ECC_CURVE_X962P192V3 "1.2.840.10045.3.1.3" +#define szOID_ECC_CURVE_X962P239V1 "1.2.840.10045.3.1.4" +#define szOID_ECC_CURVE_X962P239V2 "1.2.840.10045.3.1.5" +#define szOID_ECC_CURVE_X962P239V3 "1.2.840.10045.3.1.6" +#define szOID_ECC_CURVE_X962P256V1 szOID_ECC_CURVE_P256 + #define szOID_ECDSA_SHA1 "1.2.840.10045.4.1" #define szOID_ECDSA_SPECIFIED "1.2.840.10045.4.3" #define szOID_ECDSA_SHA256 "1.2.840.10045.4.3.2" @@ -1458,6 +1585,8 @@ extern "C" { #define X509_CERT_BUNDLE ((LPCSTR) 81) #define X509_ECC_PRIVATE_KEY ((LPCSTR) 82) #define CNG_RSA_PRIVATE_KEY_BLOB ((LPCSTR) 83) +#define X509_SUBJECT_DIR_ATTRS ((LPCSTR) 84) +#define X509_ECC_PARAMETERS ((LPCSTR) 85) #define PKCS7_SIGNER_INFO ((LPCSTR) 500) #define CMS_SIGNER_INFO ((LPCSTR) 501) @@ -1516,6 +1645,7 @@ extern "C" { #define szOID_BIOMETRIC_EXT "1.3.6.1.5.5.7.1.2" #define szOID_QC_STATEMENTS_EXT "1.3.6.1.5.5.7.1.3" #define szOID_LOGOTYPE_EXT "1.3.6.1.5.5.7.1.12" +#define szOID_TLS_FEATURES_EXT "1.3.6.1.5.5.7.1.24" #define szOID_CERT_EXTENSIONS "1.3.6.1.4.1.311.2.1.14" #define szOID_NEXT_UPDATE_LOCATION "1.3.6.1.4.1.311.10.2" @@ -1613,6 +1743,7 @@ extern "C" { #define szOID_EFS_RECOVERY "1.3.6.1.4.1.311.10.3.4.1" #define szOID_WHQL_CRYPTO "1.3.6.1.4.1.311.10.3.5" +#define szOID_ATTEST_WHQL_CRYPTO "1.3.6.1.4.1.311.10.3.5.1" #define szOID_NT5_CRYPTO "1.3.6.1.4.1.311.10.3.6" #define szOID_OEM_WHQL_CRYPTO "1.3.6.1.4.1.311.10.3.7" #define szOID_EMBEDDED_NT_CRYPTO "1.3.6.1.4.1.311.10.3.8" @@ -1624,6 +1755,8 @@ extern "C" { #define szOID_KP_MOBILE_DEVICE_SOFTWARE "1.3.6.1.4.1.311.10.3.14" #define szOID_KP_SMART_DISPLAY "1.3.6.1.4.1.311.10.3.15" #define szOID_KP_CSP_SIGNATURE "1.3.6.1.4.1.311.10.3.16" +#define szOID_KP_FLIGHT_SIGNING "1.3.6.1.4.1.311.10.3.27" +#define szOID_PLATFORM_MANIFEST_BINARY_ID "1.3.6.1.4.1.311.10.3.28" #ifndef szOID_DRM #define szOID_DRM "1.3.6.1.4.1.311.10.5.1" @@ -1648,9 +1781,35 @@ extern "C" { #define szOID_KP_KERNEL_MODE_CODE_SIGNING "1.3.6.1.4.1.311.61.1.1" #define szOID_KP_KERNEL_MODE_TRUSTED_BOOT_SIGNING "1.3.6.1.4.1.311.61.4.1" #define szOID_REVOKED_LIST_SIGNER "1.3.6.1.4.1.311.10.3.19" +#define szOID_WINDOWS_KITS_SIGNER "1.3.6.1.4.1.311.10.3.20" +#define szOID_WINDOWS_RT_SIGNER "1.3.6.1.4.1.311.10.3.21" +#define szOID_PROTECTED_PROCESS_LIGHT_SIGNER "1.3.6.1.4.1.311.10.3.22" +#define szOID_WINDOWS_TCB_SIGNER "1.3.6.1.4.1.311.10.3.23" +#define szOID_PROTECTED_PROCESS_SIGNER "1.3.6.1.4.1.311.10.3.24" +#define szOID_WINDOWS_THIRD_PARTY_COMPONENT_SIGNER "1.3.6.1.4.1.311.10.3.25" +#define szOID_WINDOWS_SOFTWARE_EXTENSION_SIGNER "1.3.6.1.4.1.311.10.3.26" #define szOID_DISALLOWED_LIST "1.3.6.1.4.1.311.10.3.30" +#define szOID_PIN_RULES_SIGNER "1.3.6.1.4.1.311.10.3.31" +#define szOID_PIN_RULES_CTL "1.3.6.1.4.1.311.10.3.32" +#define szOID_PIN_RULES_EXT "1.3.6.1.4.1.311.10.3.33" +#define szOID_PIN_RULES_DOMAIN_NAME "1.3.6.1.4.1.311.10.3.34" +#define szOID_PIN_RULES_LOG_END_DATE_EXT "1.3.6.1.4.1.311.10.3.35" +#define szOID_IUM_SIGNING "1.3.6.1.4.1.311.10.3.37" +#define szOID_EV_WHQL_CRYPTO "1.3.6.1.4.1.311.10.3.39" +#define szOID_BIOMETRIC_SIGNING "1.3.6.1.4.1.311.10.3.41" +#define szOID_ENCLAVE_SIGNING "1.3.6.1.4.1.311.10.3.42" +#define szOID_SYNC_ROOT_CTL_EXT "1.3.6.1.4.1.311.10.3.50" +#define szOID_HPKP_DOMAIN_NAME_CTL "1.3.6.1.4.1.311.10.3.60" +#define szOID_HPKP_HEADER_VALUE_CTL "1.3.6.1.4.1.311.10.3.61" #define szOID_KP_KERNEL_MODE_HAL_EXTENSION_SIGNING "1.3.6.1.4.1.311.61.5.1" +#define szOID_WINDOWS_STORE_SIGNER "1.3.6.1.4.1.311.76.3.1" +#define szOID_DYNAMIC_CODE_GEN_SIGNER "1.3.6.1.4.1.311.76.5.1" +#define szOID_MICROSOFT_PUBLISHER_SIGNER "1.3.6.1.4.1.311.76.8.1" #define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1" +#define szOID_SITE_PIN_RULES_INDEX_ATTR "1.3.6.1.4.1.311.10.4.2" +#define szOID_SITE_PIN_RULES_FLAGS_ATTR "1.3.6.1.4.1.311.10.4.3" + +#define SITE_PIN_RULES_ALL_SUBDOMAINS_FLAG 0x1 #define szOID_PKIX_POLICY_QUALIFIER_CPS "1.3.6.1.5.5.7.2.1" #define szOID_PKIX_POLICY_QUALIFIER_USERNOTICE "1.3.6.1.5.5.7.2.2" @@ -1664,6 +1823,54 @@ extern "C" { #define szOID_CERT_POLICIES_95_QUALIFIER1 "2.16.840.1.113733.1.7.1.1" +#define szOID_RDN_TPM_MANUFACTURER "2.23.133.2.1" +#define szOID_RDN_TPM_MODEL "2.23.133.2.2" +#define szOID_RDN_TPM_VERSION "2.23.133.2.3" + +#define szOID_RDN_TCG_PLATFORM_MANUFACTURER "2.23.133.2.4" +#define szOID_RDN_TCG_PLATFORM_MODEL "2.23.133.2.5" +#define szOID_RDN_TCG_PLATFORM_VERSION "2.23.133.2.6" + +#define szOID_CT_CERT_SCTLIST "1.3.6.1.4.1.11129.2.4.2" + +#define szOID_ENROLL_EK_INFO "1.3.6.1.4.1.311.21.23" +#define szOID_ENROLL_AIK_INFO "1.3.6.1.4.1.311.21.39" +#define szOID_ENROLL_ATTESTATION_STATEMENT "1.3.6.1.4.1.311.21.24" + +#define szOID_ENROLL_KSP_NAME "1.3.6.1.4.1.311.21.25" + +#define szOID_ENROLL_EKPUB_CHALLENGE "1.3.6.1.4.1.311.21.26" +#define szOID_ENROLL_CAXCHGCERT_HASH "1.3.6.1.4.1.311.21.27" +#define szOID_ENROLL_ATTESTATION_CHALLENGE "1.3.6.1.4.1.311.21.28" +#define szOID_ENROLL_ENCRYPTION_ALGORITHM "1.3.6.1.4.1.311.21.29" + +#define szOID_KP_TPM_EK_CERTIFICATE "2.23.133.8.1" +#define szOID_KP_TPM_PLATFORM_CERTIFICATE "2.23.133.8.2" +#define szOID_KP_TPM_AIK_CERTIFICATE "2.23.133.8.3" + +#define szOID_ENROLL_EKVERIFYKEY "1.3.6.1.4.1.311.21.30" +#define szOID_ENROLL_EKVERIFYCERT "1.3.6.1.4.1.311.21.31" +#define szOID_ENROLL_EKVERIFYCREDS "1.3.6.1.4.1.311.21.32" + +#define szOID_ENROLL_SCEP_ERROR "1.3.6.1.4.1.311.21.33" + +#define szOID_ENROLL_SCEP_SERVER_STATE "1.3.6.1.4.1.311.21.34" +#define szOID_ENROLL_SCEP_CHALLENGE_ANSWER "1.3.6.1.4.1.311.21.35" +#define szOID_ENROLL_SCEP_CLIENT_REQUEST "1.3.6.1.4.1.311.21.37" +#define szOID_ENROLL_SCEP_SERVER_MESSAGE "1.3.6.1.4.1.311.21.38" +#define szOID_ENROLL_SCEP_SERVER_SECRET "1.3.6.1.4.1.311.21.40" + +#define szOID_ENROLL_KEY_AFFINITY "1.3.6.1.4.1.311.21.41" + +#define szOID_ENROLL_SCEP_SIGNER_HASH "1.3.6.1.4.1.311.21.42" + +#define szOID_ENROLL_EK_CA_KEYID "1.3.6.1.4.1.311.21.43" + +#define szOID_ATTR_SUPPORTED_ALGORITHMS "2.5.4.52" +#define szOID_ATTR_TPM_SPECIFICATION "2.23.133.2.16" +#define szOID_ATTR_PLATFORM_SPECIFICATION "2.23.133.2.17" +#define szOID_ATTR_TPM_SECURITY_ASSERTIONS "2.23.133.2.18" + typedef struct _CERT_EXTENSIONS { DWORD cExtension; PCERT_EXTENSION rgExtension; @@ -1698,6 +1905,7 @@ extern "C" { } CERT_KEY_ATTRIBUTES_INFO,*PCERT_KEY_ATTRIBUTES_INFO; #define CERT_ENCIPHER_ONLY_KEY_USAGE 0x01 +#define CERT_CRL_SIGN_KEY_USAGE 0x02 #define CERT_OFFLINE_CRL_SIGN_KEY_USAGE 0x02 #define CERT_KEY_CERT_SIGN_KEY_USAGE 0x04 #define CERT_KEY_AGREEMENT_KEY_USAGE 0x08 @@ -1893,6 +2101,8 @@ extern "C" { #define CRL_REASON_CESSATION_OF_OPERATION 5 #define CRL_REASON_CERTIFICATE_HOLD 6 #define CRL_REASON_REMOVE_FROM_CRL 8 +#define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +#define CRL_REASON_AA_COMPROMISE 10 typedef struct _CRL_DIST_POINT_NAME { DWORD dwDistPointNameChoice; @@ -1918,6 +2128,8 @@ extern "C" { #define CRL_REASON_SUPERSEDED_FLAG 0x08 #define CRL_REASON_CESSATION_OF_OPERATION_FLAG 0x04 #define CRL_REASON_CERTIFICATE_HOLD_FLAG 0x02 +#define CRL_REASON_PRIVILEGE_WITHDRAWN_FLAG 0x01 +#define CRL_REASON_AA_COMPROMISE_FLAG 0x80 typedef struct _CRL_DIST_POINTS_INFO { DWORD cDistPoint; @@ -2097,6 +2309,15 @@ extern "C" { #define szOID_VERISIGN_ISS_STRONG_CRYPTO "2.16.840.1.113733.1.8.1" +#define szOIDVerisign_MessageType "2.16.840.1.113733.1.9.2" +#define szOIDVerisign_PkiStatus "2.16.840.1.113733.1.9.3" +#define szOIDVerisign_FailInfo "2.16.840.1.113733.1.9.4" + +#define szOIDVerisign_SenderNonce "2.16.840.1.113733.1.9.5" +#define szOIDVerisign_RecipientNonce "2.16.840.1.113733.1.9.6" + +#define szOIDVerisign_TransactionID "2.16.840.1.113733.1.9.7" + #define szOID_NETSCAPE "2.16.840.1.113730" #define szOID_NETSCAPE_CERT_EXTENSION "2.16.840.1.113730.1" #define szOID_NETSCAPE_CERT_TYPE "2.16.840.1.113730.1.1" @@ -2467,6 +2688,18 @@ extern "C" { #define OCSP_BASIC_BY_NAME_RESPONDER_ID 1 #define OCSP_BASIC_BY_KEY_RESPONDER_ID 2 + typedef struct _CERT_SUPPORTED_ALGORITHM_INFO { + CRYPT_ALGORITHM_IDENTIFIER Algorithm; + CRYPT_BIT_BLOB IntendedKeyUsage; + CERT_POLICIES_INFO IntendedCertPolicies; + } CERT_SUPPORTED_ALGORITHM_INFO, *PCERT_SUPPORTED_ALGORITHM_INFO; + + typedef struct _CERT_TPM_SPECIFICATION_INFO { + LPWSTR pwszFamily; + DWORD dwLevel; + DWORD dwRevision; + } CERT_TPM_SPECIFICATION_INFO, *PCERT_TPM_SPECIFICATION_INFO; + typedef void *HCRYPTOIDFUNCSET; typedef void *HCRYPTOIDFUNCADDR; @@ -2572,6 +2805,8 @@ extern "C" { #define CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG 0x40000000 #define CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG 0x80000000 +#define CRYPT_OID_USE_CURVE_NAME_FOR_ENCODE_FLAG 0x20000000 +#define CRYPT_OID_USE_CURVE_PARAMETERS_FOR_ENCODE_FLAG 0x10000000 WINIMPM PCCRYPT_OID_INFO WINAPI CryptFindOIDInfo (DWORD dwKeyType, void *pvKey, DWORD dwGroupId); @@ -2872,6 +3107,7 @@ extern "C" { #define CMSG_CONTENTS_OCTETS_FLAG 0x10 #define CMSG_MAX_LENGTH_FLAG 0x20 #define CMSG_CMS_ENCAPSULATED_CONTENT_FLAG 0x40 +#define CMSG_SIGNED_DATA_NO_SIGN_FLAG 0x80 #define CMSG_CRYPT_RELEASE_CONTEXT_FLAG 0x8000 WINIMPM HCRYPTMSG WINAPI CryptMsgOpenToEncode (DWORD dwMsgEncodingType, DWORD dwFlags, DWORD dwMsgType, void const *pvMsgEncodeInfo, LPSTR pszInnerContentObjID, PCMSG_STREAM_INFO pStreamInfo); @@ -3375,11 +3611,58 @@ extern "C" { #define CERT_ROOT_PROGRAM_CHAIN_POLICIES_PROP_ID 105 #define CERT_SMART_CARD_READER_NON_REMOVABLE_PROP_ID 106 +#define CERT_SHA256_HASH_PROP_ID 107 + +#define CERT_SCEP_SERVER_CERTS_PROP_ID 108 +#define CERT_SCEP_RA_SIGNATURE_CERT_PROP_ID 109 +#define CERT_SCEP_RA_ENCRYPTION_CERT_PROP_ID 110 +#define CERT_SCEP_CA_CERT_PROP_ID 111 +#define CERT_SCEP_SIGNER_CERT_PROP_ID 112 +#define CERT_SCEP_NONCE_PROP_ID 113 + +#define CERT_SCEP_ENCRYPT_HASH_CNG_ALG_PROP_ID 114 +#define CERT_SCEP_FLAGS_PROP_ID 115 +#define CERT_SCEP_GUID_PROP_ID 116 +#define CERT_SERIALIZABLE_KEY_CONTEXT_PROP_ID 117 + +#define CERT_ISOLATED_KEY_PROP_ID 118 + +#define CERT_SERIAL_CHAIN_PROP_ID 119 +#define CERT_KEY_CLASSIFICATION_PROP_ID 120 + +#define CERT_OCSP_MUST_STAPLE_PROP_ID 121 + +#define CERT_DISALLOWED_ENHKEY_USAGE_PROP_ID 122 +#define CERT_NONCOMPLIANT_ROOT_URL_PROP_ID 123 + +#define CERT_PIN_SHA256_HASH_PROP_ID 124 +#define CERT_CLR_DELETE_KEY_PROP_ID 125 +#define CERT_NOT_BEFORE_FILETIME_PROP_ID 126 +#define CERT_NOT_BEFORE_ENHKEY_USAGE_PROP_ID 127 + #define CERT_FIRST_RESERVED_PROP_ID 107 #define CERT_LAST_RESERVED_PROP_ID 0x00007fff #define CERT_FIRST_USER_PROP_ID 0x8000 #define CERT_LAST_USER_PROP_ID 0x0000ffff +#if defined(__cplusplus) && __cplusplus >= 201103L && !defined(SORTPP_PASS) +#define WINCRYPT_DWORD_CPP_ONLY : DWORD +#else +#define WINCRYPT_DWORD_CPP_ONLY +#endif + + typedef enum CertKeyType WINCRYPT_DWORD_CPP_ONLY { + KeyTypeOther = 0, + KeyTypeVirtualSmartCard = 1, + KeyTypePhysicalSmartCard = 2, + KeyTypePassport = 3, + KeyTypePassportRemote = 4, + KeyTypePassportSmartCard = 5, + KeyTypeHardware = 6, + KeyTypeSoftware = 7, + KeyTypeSelfSigned = 8 + } CertKeyType; + #define IS_CERT_HASH_PROP_ID(X) (CERT_SHA1_HASH_PROP_ID == (X) || CERT_MD5_HASH_PROP_ID == (X) || CERT_SIGNATURE_HASH_PROP_ID == (X)) #define IS_PUBKEY_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID == (X)) #define IS_CHAIN_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID == (X) || CERT_SUBJECT_NAME_MD5_HASH_PROP_ID == (X)) @@ -3552,6 +3835,7 @@ extern "C" { #define CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID 7 #define CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID 8 #define CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID 9 +#define CERT_SYSTEM_STORE_LOCAL_MACHINE_WCOS_ID 10 #define CERT_SYSTEM_STORE_CURRENT_USER (CERT_SYSTEM_STORE_CURRENT_USER_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT) #define CERT_SYSTEM_STORE_LOCAL_MACHINE (CERT_SYSTEM_STORE_LOCAL_MACHINE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT) @@ -3561,6 +3845,7 @@ extern "C" { #define CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY (CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT) #define CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY (CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT) #define CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE (CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT) +#define CERT_SYSTEM_STORE_LOCAL_MACHINE_WCOS (CERT_SYSTEM_STORE_LOCAL_MACHINE_WCOS_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT) #define CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"Software\\Policies\\Microsoft\\SystemCertificates" @@ -3599,9 +3884,15 @@ extern "C" { #define CERT_DISABLE_ROOT_AUTO_UPDATE_REGPATH CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\AuthRoot" #define CERT_DISABLE_ROOT_AUTO_UPDATE_VALUE_NAME L"DisableRootAutoUpdate" +#define CERT_ENABLE_DISALLOWED_CERT_AUTO_UPDATE_VALUE_NAME L"EnableDisallowedCertAutoUpdate" + +#define CERT_DISABLE_PIN_RULES_AUTO_UPDATE_VALUE_NAME L"DisablePinRulesAutoUpdate" + #define CERT_AUTO_UPDATE_LOCAL_MACHINE_REGPATH CERT_LOCAL_MACHINE_SYSTEM_STORE_REGPATH L"\\AuthRoot\\AutoUpdate" #define CERT_AUTO_UPDATE_ROOT_DIR_URL_VALUE_NAME L"RootDirUrl" +#define CERT_AUTO_UPDATE_SYNC_FROM_DIR_URL_VALUE_NAME L"SyncFromDirUrl" + #define CERT_AUTH_ROOT_AUTO_UPDATE_LOCAL_MACHINE_REGPATH CERT_AUTO_UPDATE_LOCAL_MACHINE_REGPATH #define CERT_AUTH_ROOT_AUTO_UPDATE_ROOT_DIR_URL_VALUE_NAME CERT_AUTO_UPDATE_ROOT_DIR_URL_VALUE_NAME #define CERT_AUTH_ROOT_AUTO_UPDATE_SYNC_DELTA_TIME_VALUE_NAME L"SyncDeltaTime" @@ -3625,6 +3916,17 @@ extern "C" { #define CERT_DISALLOWED_CERT_CAB_FILENAME L"disallowedcertstl.cab" #define CERT_DISALLOWED_CERT_AUTO_UPDATE_LIST_IDENTIFIER L"DisallowedCert_AutoUpdate_1" +#define CERT_PIN_RULES_AUTO_UPDATE_SYNC_DELTA_TIME_VALUE_NAME L"PinRulesSyncDeltaTime" +#define CERT_PIN_RULES_AUTO_UPDATE_LAST_SYNC_TIME_VALUE_NAME L"PinRulesLastSyncTime" +#define CERT_PIN_RULES_AUTO_UPDATE_ENCODED_CTL_VALUE_NAME L"PinRulesEncodedCtl" + +#define CERT_PIN_RULES_CTL_FILENAME L"pinrules.stl" +#define CERT_PIN_RULES_CTL_FILENAME_A "pinrules.stl" + +#define CERT_PIN_RULES_CAB_FILENAME L"pinrulesstl.cab" + +#define CERT_PIN_RULES_AUTO_UPDATE_LIST_IDENTIFIER L"PinRules_AutoUpdate_1" + #define CERT_REGISTRY_STORE_REMOTE_FLAG 0x10000 #define CERT_REGISTRY_STORE_SERIALIZED_FLAG 0x20000 #define CERT_REGISTRY_STORE_CLIENT_GPT_FLAG 0x80000000 @@ -4196,7 +4498,7 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod WINIMPM WINBOOL WINAPI CertIsStrongHashToSign (PCCERT_STRONG_SIGN_PARA pStrongSignPara, LPCWSTR pwszCNGHashAlgid, PCCERT_CONTEXT pSigningCert); WINIMPM WINBOOL WINAPI CryptHashToBeSigned (HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD *pcbComputedHash); WINIMPM WINBOOL WINAPI CryptHashCertificate (HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid, DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD *pcbComputedHash); -#if NTDDI_VERSION >= 0x06000000 +#if NTDDI_VERSION >= NTDDI_VISTA WINIMPM WINBOOL WINAPI CryptHashCertificate2 (LPCWSTR pwszCNGHashAlgid, DWORD dwFlags, void *pvReserved, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD *pcbComputedHash); #endif WINIMPM WINBOOL WINAPI CryptSignCertificate (HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned, DWORD cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbSignature, DWORD *pcbSignature); @@ -4221,7 +4523,7 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod typedef WINBOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC) (NCRYPT_KEY_HANDLE hNCryptKey, DWORD dwCertEncodingType, LPSTR pszPublicKeyObjId, DWORD dwFlags, void *pvAuxInfo, PCERT_PUBLIC_KEY_INFO pInfo, DWORD *pcbInfo); -#if NTDDI_VERSION >= 0x06010000 +#if NTDDI_VERSION >= NTDDI_WIN7 #define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC "CryptDllExportPublicKeyInfoFromBCryptKeyHandle" typedef WINBOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC) (BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwCertEncodingType, LPSTR pszPublicKeyObjId, DWORD dwFlags, void *pvAuxInfo, PCERT_PUBLIC_KEY_INFO pInfo, DWORD *pcbInfo); @@ -4260,7 +4562,7 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod WINIMPM WINBOOL WINAPI CryptImportPublicKeyInfo (HCRYPTPROV hCryptProv, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, HCRYPTKEY *phKey); WINIMPM WINBOOL WINAPI CryptImportPublicKeyInfoEx (HCRYPTPROV hCryptProv, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, ALG_ID aiKeyAlg, DWORD dwFlags, void *pvAuxInfo, HCRYPTKEY *phKey); -#if NTDDI_VERSION >= 0x06000000 +#if NTDDI_VERSION >= NTDDI_VISTA #define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC "CryptDllImportPublicKeyInfoEx2" typedef WINBOOL (WINAPI *PFN_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC) (DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, DWORD dwFlags, void *pvAuxInfo, BCRYPT_KEY_HANDLE *phKey); @@ -4568,6 +4870,8 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CRYPT_OCSP_ONLY_RETRIEVAL 0x1000000 #define CRYPT_NO_OCSP_FAILOVER_TO_CRL_RETRIEVAL 0x2000000 #define CRYPT_RANDOM_QUERY_STRING_RETRIEVAL 0x4000000 +#define CRYPT_ENABLE_FILE_RETRIEVAL 0x08000000 +#define CRYPT_CREATE_NEW_FLUSH_ENTRY 0x10000000 typedef struct _CRYPTNET_URL_CACHE_PRE_FETCH_INFO { DWORD cbSize; @@ -4585,6 +4889,7 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CRYPTNET_URL_CACHE_PRE_FETCH_OCSP 3 #define CRYPTNET_URL_CACHE_PRE_FETCH_AUTOROOT_CAB 5 #define CRYPTNET_URL_CACHE_PRE_FETCH_DISALLOWED_CERT_CAB 6 +#define CRYPTNET_URL_CACHE_PRE_FETCH_PIN_RULES_CAB 7 typedef struct _CRYPTNET_URL_CACHE_FLUSH_INFO { DWORD cbSize; @@ -4623,6 +4928,8 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod DWORD dwHttpStatusCode; } CRYPT_RETRIEVE_AUX_INFO,*PCRYPT_RETRIEVE_AUX_INFO; +#define CRYPT_RETRIEVE_MAX_ERROR_CONTENT_LENGTH 0x1000 + WINIMPM WINBOOL WINAPI CryptRetrieveObjectByUrlA (LPCSTR pszUrl, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo); WINIMPM WINBOOL WINAPI CryptRetrieveObjectByUrlW (LPCWSTR pszUrl, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo); @@ -4751,6 +5058,13 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_DEFAULT 10 #define CERT_CHAIN_OCSP_VALIDITY_SECONDS_VALUE_NAME L"OcspValiditySeconds" #define CERT_CHAIN_OCSP_VALIDITY_SECONDS_DEFAULT (12 *60 *60) +#define CERT_CHAIN_DISABLE_SERIAL_CHAIN_VALUE_NAME L"DisableSerialChain" +#define CERT_CHAIN_SERIAL_CHAIN_LOG_FILE_NAME_VALUE_NAME L"SerialChainLogFileName" +#define CERT_CHAIN_DISABLE_SYNC_WITH_SSL_TIME_VALUE_NAME L"DisableSyncWithSslTime" +#define CERT_CHAIN_MAX_SSL_TIME_UPDATED_EVENT_COUNT_VALUE_NAME L"MaxSslTimeUpdatedEventCount" +#define CERT_CHAIN_MAX_SSL_TIME_UPDATED_EVENT_COUNT_DEFAULT 5 +#define CERT_CHAIN_MAX_SSL_TIME_UPDATED_EVENT_COUNT_DISABLE 0xFFFFFFFF +#define CERT_CHAIN_SSL_HANDSHAKE_LOG_FILE_NAME_VALUE_NAME L"SslHandshakeLogFileName" #define CERT_CHAIN_ENABLE_WEAK_SIGNATURE_FLAGS_VALUE_NAME L"EnableWeakSignatureFlags" #define CERT_CHAIN_ENABLE_MD2_MD4_FLAG 0x1 #define CERT_CHAIN_ENABLE_WEAK_RSA_ROOT_FLAG 0x2 @@ -4762,6 +5076,72 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CERT_CHAIN_WEAK_RSA_PUB_KEY_TIME_VALUE_NAME L"WeakRsaPubKeyTime" #define CERT_CHAIN_WEAK_RSA_PUB_KEY_TIME_DEFAULT 0x01ca8a755c6e0000ULL #define CERT_CHAIN_WEAK_SIGNATURE_LOG_DIR_VALUE_NAME L"WeakSignatureLogDir" + +#define CERT_CHAIN_DEFAULT_CONFIG_SUBDIR L"Default" + +#define CERT_CHAIN_WEAK_PREFIX_NAME L"Weak" +#define CERT_CHAIN_WEAK_THIRD_PARTY_CONFIG_NAME L"ThirdParty" +#define CERT_CHAIN_WEAK_ALL_CONFIG_NAME L"All" +#define CERT_CHAIN_WEAK_FLAGS_NAME L"Flags" +#define CERT_CHAIN_WEAK_HYGIENE_NAME L"Hygiene" +#define CERT_CHAIN_WEAK_AFTER_TIME_NAME L"AfterTime" +#define CERT_CHAIN_WEAK_FILE_HASH_AFTER_TIME_NAME L"FileHashAfterTime" +#define CERT_CHAIN_WEAK_TIMESTAMP_HASH_AFTER_TIME_NAME L"TimestampHashAfterTime" +#define CERT_CHAIN_WEAK_MIN_BIT_LENGTH_NAME L"MinBitLength" +#define CERT_CHAIN_WEAK_SHA256_ALLOW_NAME L"Sha256Allow" + +#define CERT_CHAIN_MIN_PUB_KEY_BIT_LENGTH_DISABLE 0xFFFFFFFF + +#define CERT_CHAIN_ENABLE_WEAK_SETTINGS_FLAG 0x80000000 +#define CERT_CHAIN_DISABLE_ALL_EKU_WEAK_FLAG 0x00010000 +#define CERT_CHAIN_ENABLE_ALL_EKU_HYGIENE_FLAG 0x00020000 +#define CERT_CHAIN_DISABLE_OPT_IN_SERVER_AUTH_WEAK_FLAG 0x00040000 +#define CERT_CHAIN_DISABLE_SERVER_AUTH_WEAK_FLAG 0x00100000 +#define CERT_CHAIN_ENABLE_SERVER_AUTH_HYGIENE_FLAG 0x00200000 +#define CERT_CHAIN_DISABLE_CODE_SIGNING_WEAK_FLAG 0x00400000 +#define CERT_CHAIN_DISABLE_MOTW_CODE_SIGNING_WEAK_FLAG 0x00800000 +#define CERT_CHAIN_ENABLE_CODE_SIGNING_HYGIENE_FLAG 0x01000000 +#define CERT_CHAIN_ENABLE_MOTW_CODE_SIGNING_HYGIENE_FLAG 0x02000000 +#define CERT_CHAIN_DISABLE_TIMESTAMP_WEAK_FLAG 0x04000000 +#define CERT_CHAIN_DISABLE_MOTW_TIMESTAMP_WEAK_FLAG 0x08000000 +#define CERT_CHAIN_ENABLE_TIMESTAMP_HYGIENE_FLAG 0x10000000 +#define CERT_CHAIN_ENABLE_MOTW_TIMESTAMP_HYGIENE_FLAG 0x20000000 +#define CERT_CHAIN_MOTW_IGNORE_AFTER_TIME_WEAK_FLAG 0x40000000 +#define CERT_CHAIN_DISABLE_FILE_HASH_WEAK_FLAG 0x00001000 +#define CERT_CHAIN_DISABLE_MOTW_FILE_HASH_WEAK_FLAG 0x00002000 +#define CERT_CHAIN_DISABLE_TIMESTAMP_HASH_WEAK_FLAG 0x00004000 +#define CERT_CHAIN_DISABLE_MOTW_TIMESTAMP_HASH_WEAK_FLAG 0x00008000 +#define CERT_CHAIN_DISABLE_WEAK_FLAGS ( CERT_CHAIN_DISABLE_ALL_EKU_WEAK_FLAG | CERT_CHAIN_DISABLE_SERVER_AUTH_WEAK_FLAG | CERT_CHAIN_DISABLE_OPT_IN_SERVER_AUTH_WEAK_FLAG | CERT_CHAIN_DISABLE_CODE_SIGNING_WEAK_FLAG | CERT_CHAIN_DISABLE_MOTW_CODE_SIGNING_WEAK_FLAG | CERT_CHAIN_DISABLE_TIMESTAMP_WEAK_FLAG | CERT_CHAIN_DISABLE_MOTW_TIMESTAMP_WEAK_FLAG ) +#define CERT_CHAIN_DISABLE_FILE_HASH_WEAK_FLAGS ( CERT_CHAIN_DISABLE_FILE_HASH_WEAK_FLAG | CERT_CHAIN_DISABLE_MOTW_FILE_HASH_WEAK_FLAG ) +#define CERT_CHAIN_DISABLE_TIMESTAMP_HASH_WEAK_FLAGS ( CERT_CHAIN_DISABLE_TIMESTAMP_HASH_WEAK_FLAG | CERT_CHAIN_DISABLE_MOTW_TIMESTAMP_HASH_WEAK_FLAG ) +#define CERT_CHAIN_ENABLE_HYGIENE_FLAGS ( CERT_CHAIN_ENABLE_ALL_EKU_HYGIENE_FLAG | CERT_CHAIN_ENABLE_SERVER_AUTH_HYGIENE_FLAG | CERT_CHAIN_ENABLE_CODE_SIGNING_HYGIENE_FLAG | CERT_CHAIN_ENABLE_MOTW_CODE_SIGNING_HYGIENE_FLAG | CERT_CHAIN_ENABLE_TIMESTAMP_HYGIENE_FLAG | CERT_CHAIN_ENABLE_MOTW_TIMESTAMP_HYGIENE_FLAG ) +#define CERT_CHAIN_MOTW_WEAK_FLAGS ( CERT_CHAIN_DISABLE_MOTW_CODE_SIGNING_WEAK_FLAG | CERT_CHAIN_DISABLE_MOTW_TIMESTAMP_WEAK_FLAG | CERT_CHAIN_ENABLE_MOTW_CODE_SIGNING_HYGIENE_FLAG | CERT_CHAIN_ENABLE_MOTW_TIMESTAMP_HYGIENE_FLAG | CERT_CHAIN_MOTW_IGNORE_AFTER_TIME_WEAK_FLAG) +#define CERT_CHAIN_OPT_IN_WEAK_FLAGS ( CERT_CHAIN_DISABLE_OPT_IN_SERVER_AUTH_WEAK_FLAG) + +#define CERT_CHAIN_AUTO_CURRENT_USER 1 +#define CERT_CHAIN_AUTO_LOCAL_MACHINE 2 +#define CERT_CHAIN_AUTO_IMPERSONATED 3 +#define CERT_CHAIN_AUTO_PROCESS_INFO 4 +#define CERT_CHAIN_AUTO_PINRULE_INFO 5 +#define CERT_CHAIN_AUTO_NETWORK_INFO 6 +#define CERT_CHAIN_AUTO_SERIAL_LOCAL_MACHINE 7 +#define CERT_CHAIN_AUTO_HPKP_RULE_INFO 8 + +#define CERT_CHAIN_AUTO_FLAGS_VALUE_NAME L"AutoFlags" + +#define CERT_CHAIN_AUTO_FLUSH_DISABLE_FLAG 0x00000001 +#define CERT_CHAIN_AUTO_LOG_CREATE_FLAG 0x00000002 +#define CERT_CHAIN_AUTO_LOG_FREE_FLAG 0x00000004 +#define CERT_CHAIN_AUTO_LOG_FLUSH_FLAG 0x00000008 +#define CERT_CHAIN_AUTO_LOG_FLAGS ( CERT_CHAIN_AUTO_LOG_CREATE_FLAG | CERT_CHAIN_AUTO_LOG_FREE_FLAG | CERT_CHAIN_AUTO_LOG_FLUSH_FLAG ) + +#define CERT_CHAIN_AUTO_FLUSH_FIRST_DELTA_SECONDS_VALUE_NAME L"AutoFlushFirstDeltaSeconds" +#define CERT_CHAIN_AUTO_FLUSH_FIRST_DELTA_SECONDS_DEFAULT (5 * 60) +#define CERT_CHAIN_AUTO_FLUSH_NEXT_DELTA_SECONDS_VALUE_NAME L"AutoFlushNextDeltaSeconds" +#define CERT_CHAIN_AUTO_FLUSH_NEXT_DELTA_SECONDS_DEFAULT (30 * 60) +#define CERT_CHAIN_AUTO_LOG_FILE_NAME_VALUE_NAME L"AutoLogFileName" +#define CERT_CHAIN_DISABLE_AUTO_FLUSH_PROCESS_NAME_LIST_VALUE_NAME L"DisableAutoFlushProcessNameList" + #define CERT_SRV_OCSP_RESP_MIN_VALIDITY_SECONDS_VALUE_NAME L"SrvOcspRespMinValiditySeconds" #define CERT_SRV_OCSP_RESP_MIN_VALIDITY_SECONDS_DEFAULT (10 *60) #define CERT_SRV_OCSP_RESP_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME L"SrvOcspRespUrlRetrievalTimeoutMilliseconds" @@ -4772,6 +5152,10 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CERT_SRV_OCSP_RESP_MIN_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT (2 *60) #define CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_VALUE_NAME L"SrvOcspRespMinAfterNextUpdateSeconds" #define CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_DEFAULT (1 *60) +#define CERT_SRV_OCSP_RESP_MIN_SYNC_CERT_FILE_SECONDS_VALUE_NAME L"SrvOcspRespMinSyncCertFileSeconds" +#define CERT_SRV_OCSP_RESP_MIN_SYNC_CERT_FILE_SECONDS_DEFAULT 5 +#define CERT_SRV_OCSP_RESP_MAX_SYNC_CERT_FILE_SECONDS_VALUE_NAME L"SrvOcspRespMaxSyncCertFileSeconds" +#define CERT_SRV_OCSP_RESP_MAX_SYNC_CERT_FILE_SECONDS_DEFAULT (1 * 60 * 60) #define CRYPTNET_MAX_CACHED_OCSP_PER_CRL_COUNT_VALUE_NAME L"CryptnetMaxCachedOcspPerCrlCount" #define CRYPTNET_MAX_CACHED_OCSP_PER_CRL_COUNT_DEFAULT 500 #define CRYPTNET_OCSP_AFTER_CRL_DISABLE 0xffffffff @@ -4804,6 +5188,24 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CRYPTNET_PRE_FETCH_SCAN_AFTER_TRIGGER_DELAY_SECONDS_DEFAULT 30 #define CRYPTNET_PRE_FETCH_RETRIEVAL_TIMEOUT_SECONDS_VALUE_NAME L"CryptnetPreFetchRetrievalTimeoutSeconds" #define CRYPTNET_PRE_FETCH_RETRIEVAL_TIMEOUT_SECONDS_DEFAULT (5 *60) +#define CRYPTNET_CRL_PRE_FETCH_CONFIG_REGPATH CERT_CHAIN_CONFIG_REGPATH L"\\CrlPreFetch" +#define CRYPTNET_CRL_PRE_FETCH_PROCESS_NAME_LIST_VALUE_NAME L"ProcessNameList" +#define CRYPTNET_CRL_PRE_FETCH_URL_LIST_VALUE_NAME L"PreFetchUrlList" +#define CRYPTNET_CRL_PRE_FETCH_DISABLE_INFORMATION_EVENTS_VALUE_NAME L"DisableInformationEvents" +#define CRYPTNET_CRL_PRE_FETCH_LOG_FILE_NAME_VALUE_NAME L"LogFileName" +#define CRYPTNET_CRL_PRE_FETCH_TIMEOUT_SECONDS_VALUE_NAME L"TimeoutSeconds" +#define CRYPTNET_CRL_PRE_FETCH_TIMEOUT_SECONDS_DEFAULT (5 * 60) +#define CRYPTNET_CRL_PRE_FETCH_MAX_AGE_SECONDS_VALUE_NAME L"MaxAgeSeconds" +#define CRYPTNET_CRL_PRE_FETCH_MAX_AGE_SECONDS_DEFAULT (2 * 60 * 60) +#define CRYPTNET_CRL_PRE_FETCH_MAX_AGE_SECONDS_MIN (5 * 60) +#define CRYPTNET_CRL_PRE_FETCH_PUBLISH_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME L"PublishBeforeNextUpdateSeconds" +#define CRYPTNET_CRL_PRE_FETCH_PUBLISH_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT (1 * 60 * 60) +#define CRYPTNET_CRL_PRE_FETCH_PUBLISH_RANDOM_INTERVAL_SECONDS_VALUE_NAME L"PublishRandomIntervalSeconds" +#define CRYPTNET_CRL_PRE_FETCH_PUBLISH_RANDOM_INTERVAL_SECONDS_DEFAULT (5 * 60) +#define CRYPTNET_CRL_PRE_FETCH_MIN_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME L"MinBeforeNextUpdateSeconds" +#define CRYPTNET_CRL_PRE_FETCH_MIN_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT (5 * 60) +#define CRYPTNET_CRL_PRE_FETCH_MIN_AFTER_NEXT_UPDATE_SECONDS_VALUE_NAME L"MinAfterNextUpdateSeconds" +#define CRYPTNET_CRL_PRE_FETCH_MIN_AFTER_NEXT_UPDATE_SECONDS_DEFAULT (5 * 60) #define CERT_GROUP_POLICY_CHAIN_CONFIG_REGPATH CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\ChainEngine\\Config" #define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME L"ChainUrlRetrievalTimeoutMilliseconds" #define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT (15 *1000) @@ -4827,6 +5229,7 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define HCCE_CURRENT_USER ((HCERTCHAINENGINE)NULL) #define HCCE_LOCAL_MACHINE ((HCERTCHAINENGINE)0x1) +#define HCCE_SERIAL_LOCAL_MACHINE ((HCERTCHAINENGINE)0x2) #define CERT_CHAIN_CACHE_END_CERT 0x1 #define CERT_CHAIN_THREAD_STORE_SYNC 0x2 @@ -4848,16 +5251,16 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod DWORD dwUrlRetrievalTimeout; DWORD MaximumCachedCertificates; DWORD CycleDetectionModulus; -#if NTDDI_VERSION >= 0x06010000 +#if NTDDI_VERSION >= NTDDI_WIN7 HCERTSTORE hExclusiveRoot; HCERTSTORE hExclusiveTrustedPeople; #endif -#if NTDDI_VERSION >= 0x06020000 +#if NTDDI_VERSION >= NTDDI_WIN8 DWORD dwExclusiveFlags; #endif } CERT_CHAIN_ENGINE_CONFIG,*PCERT_CHAIN_ENGINE_CONFIG; -#if NTDDI_VERSION >= 0x06020000 +#if NTDDI_VERSION >= NTDDI_WIN8 #define CERT_CHAIN_EXCLUSIVE_ENABLE_CA_FLAG 0x1 #endif @@ -4904,16 +5307,25 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CERT_TRUST_AUTO_UPDATE_CA_REVOCATION 0x10 #define CERT_TRUST_AUTO_UPDATE_END_REVOCATION 0x20 #define CERT_TRUST_NO_OCSP_FAILOVER_TO_CRL 0x40 +#define CERT_TRUST_IS_KEY_ROLLOVER 0x00000080 +#define CERT_TRUST_SSL_HANDSHAKE_OCSP 0x00040000 +#define CERT_TRUST_SSL_TIME_VALID_OCSP 0x00080000 +#define CERT_TRUST_SSL_RECONNECT_OCSP 0x00100000 + #define CERT_TRUST_HAS_PREFERRED_ISSUER 0x100 #define CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x200 #define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x400 #define CERT_TRUST_IS_PEER_TRUSTED 0x800 #define CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED 0x1000 #define CERT_TRUST_IS_FROM_EXCLUSIVE_TRUST_STORE 0x2000 -#if NTDDI_VERSION >= 0x06020000 -#define CERT_TRUST_IS_CA_TRUSTED 0x4000 +#if NTDDI_VERSION >= NTDDI_WIN8 +#define CERT_TRUST_IS_CA_TRUSTED 0x00004000 +#define CERT_TRUST_HAS_AUTO_UPDATE_WEAK_SIGNATURE 0x00008000 +#define CERT_TRUST_HAS_ALLOW_WEAK_SIGNATURE 0x00020000 #endif -#define CERT_TRUST_IS_COMPLEX_CHAIN 0x10000 +#define CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000 +#define CERT_TRUST_SSL_TIME_VALID 0x01000000 +#define CERT_TRUST_NO_TIME_CHECK 0x02000000 typedef struct _CERT_REVOCATION_INFO { DWORD cbSize; @@ -5118,6 +5530,10 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CERT_CHAIN_POLICY_NT_AUTH ((LPCSTR) 6) #define CERT_CHAIN_POLICY_MICROSOFT_ROOT ((LPCSTR) 7) #define CERT_CHAIN_POLICY_EV ((LPCSTR) 8) +#define CERT_CHAIN_POLICY_SSL_F12 ((LPCSTR) 9) +#define CERT_CHAIN_POLICY_SSL_HPKP_HEADER ((LPCSTR) 10) +#define CERT_CHAIN_POLICY_THIRD_PARTY_ROOT ((LPCSTR) 11) +#define CERT_CHAIN_POLICY_SSL_KEY_PIN ((LPCSTR) 12) typedef struct _AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA { DWORD cbSize; @@ -5151,8 +5567,9 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define BASIC_CONSTRAINTS_CERT_CHAIN_POLICY_CA_FLAG 0x80000000 #define BASIC_CONSTRAINTS_CERT_CHAIN_POLICY_END_ENTITY_FLAG 0x40000000 -#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG 0x10000 -#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG 0x20000 +#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG 0x00010000 +#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG 0x00020000 +#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_DISABLE_FLIGHT_ROOT_FLAG 0x00040000 typedef struct _EV_EXTRA_CERT_CHAIN_POLICY_PARA { DWORD cbSize; @@ -5165,6 +5582,53 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod DWORD dwIssuanceUsageIndex; } EV_EXTRA_CERT_CHAIN_POLICY_STATUS,*PEV_EXTRA_CERT_CHAIN_POLICY_STATUS; +#define SSL_F12_ERROR_TEXT_LENGTH 256 + typedef struct _SSL_F12_EXTRA_CERT_CHAIN_POLICY_STATUS { + DWORD cbSize; + DWORD dwErrorLevel; + DWORD dwErrorCategory; + DWORD dwReserved; + WCHAR wszErrorText[SSL_F12_ERROR_TEXT_LENGTH]; // Localized + } SSL_F12_EXTRA_CERT_CHAIN_POLICY_STATUS, *PSSL_F12_EXTRA_CERT_CHAIN_POLICY_STATUS; + +#define CERT_CHAIN_POLICY_SSL_F12_SUCCESS_LEVEL 0 +#define CERT_CHAIN_POLICY_SSL_F12_WARNING_LEVEL 1 +#define CERT_CHAIN_POLICY_SSL_F12_ERROR_LEVEL 2 + +#define CERT_CHAIN_POLICY_SSL_F12_NONE_CATEGORY 0 +#define CERT_CHAIN_POLICY_SSL_F12_WEAK_CRYPTO_CATEGORY 1 +#define CERT_CHAIN_POLICY_SSL_F12_ROOT_PROGRAM_CATEGORY 2 + +#define SSL_HPKP_PKP_HEADER_INDEX 0 +#define SSL_HPKP_PKP_RO_HEADER_INDEX 1 +#define SSL_HPKP_HEADER_COUNT 2 + + typedef struct _SSL_HPKP_HEADER_EXTRA_CERT_CHAIN_POLICY_PARA { + DWORD cbSize; + DWORD dwReserved; + LPWSTR pwszServerName; + LPSTR rgpszHpkpValue[SSL_HPKP_HEADER_COUNT]; + } SSL_HPKP_HEADER_EXTRA_CERT_CHAIN_POLICY_PARA, *PSSL_HPKP_HEADER_EXTRA_CERT_CHAIN_POLICY_PARA; + + typedef struct _SSL_KEY_PIN_EXTRA_CERT_CHAIN_POLICY_PARA { + DWORD cbSize; + DWORD dwReserved; + PCWSTR pwszServerName; + } SSL_KEY_PIN_EXTRA_CERT_CHAIN_POLICY_PARA, *PSSL_KEY_PIN_EXTRA_CERT_CHAIN_POLICY_PARA; + +#define SSL_KEY_PIN_ERROR_TEXT_LENGTH 512 + typedef struct _SSL_KEY_PIN_EXTRA_CERT_CHAIN_POLICY_STATUS { + DWORD cbSize; + LONG lError; + WCHAR wszErrorText[SSL_KEY_PIN_ERROR_TEXT_LENGTH]; + } SSL_KEY_PIN_EXTRA_CERT_CHAIN_POLICY_STATUS, *PSSL_KEY_PIN_EXTRA_CERT_CHAIN_POLICY_STATUS; + +#define CERT_CHAIN_POLICY_SSL_KEY_PIN_MISMATCH_ERROR -2 +#define CERT_CHAIN_POLICY_SSL_KEY_PIN_MITM_ERROR -1 +#define CERT_CHAIN_POLICY_SSL_KEY_PIN_SUCCESS 0 +#define CERT_CHAIN_POLICY_SSL_KEY_PIN_MITM_WARNING 1 +#define CERT_CHAIN_POLICY_SSL_KEY_PIN_MISMATCH_WARNING 2 + #define CryptStringToBinary __MINGW_NAME_AW(CryptStringToBinary) #define CryptBinaryToString __MINGW_NAME_AW(CryptBinaryToString) @@ -5186,7 +5650,13 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CRYPT_STRING_HEXADDR 0x0000000a #define CRYPT_STRING_HEXASCIIADDR 0x0000000b #define CRYPT_STRING_HEXRAW 0x0000000c +#define CRYPT_STRING_BASE64URI 0x0000000d + +#define CRYPT_STRING_ENCODEMASK 0x000000ff +#define CRYPT_STRING_RESERVED100 0x00000100 +#define CRYPT_STRING_RESERVED200 0x00000200 +#define CRYPT_STRING_PERCENTESCAPE 0x08000000 #define CRYPT_STRING_HASHDATA 0x10000000 #define CRYPT_STRING_STRICT 0x20000000 #define CRYPT_STRING_NOCRLF 0x40000000 @@ -5199,6 +5669,8 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define szOID_PKCS_12_pbeWithSHA1And2KeyTripleDES "1.2.840.113549.1.12.1.4" #define szOID_PKCS_12_pbeWithSHA1And128BitRC2 "1.2.840.113549.1.12.1.5" #define szOID_PKCS_12_pbeWithSHA1And40BitRC2 "1.2.840.113549.1.12.1.6" +#define szOID_PKCS_5_PBKDF2 "1.2.840.113549.1.5.12" +#define szOID_PKCS_5_PBES2 "1.2.840.113549.1.5.13" typedef struct _CRYPT_PKCS12_PBE_PARAMS { int iIterations; @@ -5217,12 +5689,19 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CRYPT_USER_KEYSET 0x1000 #define PKCS12_PREFER_CNG_KSP 0x100 #define PKCS12_ALWAYS_CNG_KSP 0x200 +#define PKCS12_ONLY_CERTIFICATES 0x00000400 +#define PKCS12_ONLY_NOT_ENCRYPTED_CERTIFICATES 0x00000800 #define PKCS12_ALLOW_OVERWRITE_KEY 0x4000 #define PKCS12_NO_PERSIST_KEY 0x8000 +#define PKCS12_VIRTUAL_ISOLATION_KEY 0x00010000 #define PKCS12_IMPORT_RESERVED_MASK 0xffff0000 #define PKCS12_OBJECT_LOCATOR_ALL_IMPORT_FLAGS (PKCS12_ALWAYS_CNG_KSP | PKCS12_NO_PERSIST_KEY | PKCS12_IMPORT_SILENT | PKCS12_INCLUDE_EXTENDED_PROPERTIES) +#define PKCS12_ONLY_CERTIFICATES_PROVIDER_TYPE 0 +#define PKCS12_ONLY_CERTIFICATES_PROVIDER_NAME L"PfxProvider" +#define PKCS12_ONLY_CERTIFICATES_CONTAINER_NAME L"PfxContainer" + WINIMPM WINBOOL WINAPI PFXIsPFXBlob (CRYPT_DATA_BLOB *pPFX); WINIMPM WINBOOL WINAPI PFXVerifyPassword (CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, DWORD dwFlags); WINIMPM WINBOOL WINAPI PFXExportCertStoreEx (HCERTSTORE hStore, CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, void *pvPara, DWORD dwFlags); @@ -5233,11 +5712,31 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x10 #define PKCS12_PROTECT_TO_DOMAIN_SIDS 0x20 #define PKCS12_EXPORT_SILENT 0x40 +#define PKCS12_EXPORT_PBES2_PARAMS 0x0080 +#define PKCS12_DISABLE_ENCRYPT_CERTIFICATES 0x0100 +#define PKCS12_ENCRYPT_CERTIFICATES 0x0200 +#define PKCS12_EXPORT_ECC_CURVE_PARAMETERS 0x1000 +#define PKCS12_EXPORT_ECC_CURVE_OID 0x2000 #define PKCS12_EXPORT_RESERVED_MASK 0xffff0000 +#define PKCS12_PBKDF2_ID_HMAC_SHA1 "1.2.840.113549.2.7" +#define PKCS12_PBKDF2_ID_HMAC_SHA256 "1.2.840.113549.2.9" +#define PKCS12_PBKDF2_ID_HMAC_SHA384 "1.2.840.113549.2.10" +#define PKCS12_PBKDF2_ID_HMAC_SHA512 "1.2.840.113549.2.11" + + typedef struct _PKCS12_PBES2_EXPORT_PARAMS { + DWORD dwSize; + PVOID hNcryptDescriptor; + LPWSTR pwszPbes2Alg; + } PKCS12_PBES2_EXPORT_PARAMS, *PPKCS12_PBES2_EXPORT_PARAMS; + +#define PKCS12_PBES2_ALG_AES256_SHA256 L"AES256-SHA256" +#define PKCS12_CONFIG_REGPATH L"Software\\Microsoft\\Windows\\CurrentVersion\\PFX" +#define PKCS12_ENCRYPT_CERTIFICATES_VALUE_NAME L"EncryptCertificates" + WINIMPM WINBOOL WINAPI PFXExportCertStore (HCERTSTORE hStore, CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, DWORD dwFlags); -#if NTDDI_VERSION >= 0x06000000 +#if NTDDI_VERSION >= NTDDI_VISTA typedef VOID *HCERT_SERVER_OCSP_RESPONSE; WINIMPM HCERT_SERVER_OCSP_RESPONSE WINAPI CertOpenServerOcspResponse (PCCERT_CHAIN_CONTEXT pChainContext, DWORD dwFlags, LPVOID pvReserved); @@ -5256,6 +5755,20 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod DWORD cbEncodedOcspResponse; }; + typedef VOID (CALLBACK *PFN_CERT_SERVER_OCSP_RESPONSE_UPDATE_CALLBACK)(PCCERT_CHAIN_CONTEXT pChainContext, PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext, PCCRL_CONTEXT pNewCrlContext, PCCRL_CONTEXT pPrevCrlContext, PVOID pvArg, DWORD dwWriteOcspFileError); + + typedef struct _CERT_SERVER_OCSP_RESPONSE_OPEN_PARA { + DWORD cbSize; + DWORD dwFlags; + DWORD *pcbUsedSize; + PWSTR pwszOcspDirectory; + PFN_CERT_SERVER_OCSP_RESPONSE_UPDATE_CALLBACK pfnUpdateCallback; + PVOID pvUpdateCallbackArg; + } CERT_SERVER_OCSP_RESPONSE_OPEN_PARA, *PCERT_SERVER_OCSP_RESPONSE_OPEN_PARA; + +#define CERT_SERVER_OCSP_RESPONSE_OPEN_PARA_READ_FLAG 0x00000001 +#define CERT_SERVER_OCSP_RESPONSE_OPEN_PARA_WRITE_FLAG 0x00000002 + WINIMPM PCCERT_SERVER_OCSP_RESPONSE_CONTEXT WINAPI CertGetServerOcspResponseContext (HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, DWORD dwFlags, LPVOID pvReserved); WINIMPM VOID WINAPI CertAddRefServerOcspResponseContext (PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext); WINIMPM VOID WINAPI CertFreeServerOcspResponseContext (PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext); @@ -5271,7 +5784,7 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CERT_RETRIEVE_BIOMETRIC_PICTURE_TYPE (CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_PICTURE_TYPE) #define CERT_RETRIEVE_BIOMETRIC_SIGNATURE_TYPE (CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_SIGNATURE_TYPE) -#if NTDDI_VERSION >= 0x06010000 +#if NTDDI_VERSION >= NTDDI_WIN7 typedef struct _CERT_SELECT_CHAIN_PARA { HCERTCHAINENGINE hChainEngine; PFILETIME pTime; @@ -5303,6 +5816,9 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CERT_SELECT_BY_ISSUER_NAME 9 #define CERT_SELECT_BY_PUBLIC_KEY 10 #define CERT_SELECT_BY_TLS_SIGNATURES 11 +#define CERT_SELECT_BY_ISSUER_DISPLAYNAME 12 +#define CERT_SELECT_BY_FRIENDLYNAME 13 +#define CERT_SELECT_BY_THUMBPRINT 14 #define CERT_SELECT_LAST CERT_SELECT_BY_TLS_SIGNATURES #define CERT_SELECT_MAX (CERT_SELECT_LAST *3) @@ -5315,12 +5831,13 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod #define CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE 0x20 #define CERT_SELECT_HARDWARE_ONLY 0x40 #define CERT_SELECT_ALLOW_DUPLICATES 0x80 +#define CERT_SELECT_IGNORE_AUTOSELECT 0x00000100 WINIMPM WINBOOL WINAPI CertSelectCertificateChains (LPCGUID pSelectionContext, DWORD dwFlags, PCCERT_SELECT_CHAIN_PARA pChainParameters, DWORD cCriteria, PCCERT_SELECT_CRITERIA rgpCriteria, HCERTSTORE hStore, PDWORD pcSelection, PCCERT_CHAIN_CONTEXT **pprgpSelection); WINIMPM VOID WINAPI CertFreeCertificateChainList (PCCERT_CHAIN_CONTEXT *prgpSelection); #endif -#if NTDDI_VERSION >= 0x06010000 +#if NTDDI_VERSION >= NTDDI_WIN7 #define TIMESTAMP_VERSION 1 typedef struct _CRYPT_TIMESTAMP_REQUEST { @@ -5402,7 +5919,7 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod WINBOOL WINAPI CryptVerifyTimeStampSignature (const BYTE *pbTSContentInfo, DWORD cbTSContentInfo, const BYTE *pbData, DWORD cbData, HCERTSTORE hAdditionalStore, PCRYPT_TIMESTAMP_CONTEXT *ppTsContext, PCCERT_CONTEXT *ppTsSigner, HCERTSTORE *phStore); #endif -#if NTDDI_VERSION >= 0x06020000 +#if NTDDI_VERSION >= NTDDI_WIN8 #define CRYPT_OBJECT_LOCATOR_SPN_NAME_TYPE 1 #define CRYPT_OBJECT_LOCATOR_LAST_RESERVED_NAME_TYPE 32 #define CRYPT_OBJECT_LOCATOR_FIRST_RESERVED_USER_NAME_TYPE 33 @@ -5434,6 +5951,14 @@ WINIMPM HCERTSTORE WINAPI CertOpenStore (LPCSTR lpszStoreProvider, DWORD dwEncod } CRYPT_OBJECT_LOCATOR_PROVIDER_TABLE,*PCRYPT_OBJECT_LOCATOR_PROVIDER_TABLE; typedef WINBOOL (WINAPI *PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_INITIALIZE) (PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FLUSH pfnFlush, LPVOID pContext, DWORD *pdwExpectedObjectCount, PCRYPT_OBJECT_LOCATOR_PROVIDER_TABLE *ppFuncTable, void **ppPluginContext); + + WINIMPM BOOL WINAPI CertIsWeakHash(DWORD dwHashUseType, LPCWSTR pwszCNGHashAlgid, DWORD dwChainFlags, PCCERT_CHAIN_CONTEXT pSignerChainContext, LPFILETIME pTimeStamp, LPCWSTR pwszFileName); + + typedef WINBOOL (WINAPI *PFN_CERT_IS_WEAK_HASH)(DWORD dwHashUseType, LPCWSTR pwszCNGHashAlgid, DWORD dwChainFlags, PCCERT_CHAIN_CONTEXT pSignerChainContext, LPFILETIME pTimeStamp, LPCWSTR pwszFileName); + +#define CERT_FILE_HASH_USE_TYPE 1 +#define CERT_TIMESTAMP_HASH_USE_TYPE 2 + #endif #endif -- 2.24.0
_______________________________________________ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public