Headers diff for crypt32.dll between 5.131.3790.3959-Windows 5.0 and 6.0.6002.18005-Windows 6.0 versions



 mssip.h (5.131.3790.3959-Windows 5.0)   mssip.h (6.0.6002.18005-Windows 6.0) 
skipping to change at line 36 skipping to change at line 36
// //
// dwflags // dwflags
// //
#define MSSIP_FLAGS_PROHIBIT_RESIZE_ON_CREATE 0x00010000 #define MSSIP_FLAGS_PROHIBIT_RESIZE_ON_CREATE 0x00010000
#define MSSIP_FLAGS_USE_CATALOG 0x00020000 #define MSSIP_FLAGS_USE_CATALOG 0x00020000
#define SPC_INC_PE_RESOURCES_FLAG 0x80 #define SPC_INC_PE_RESOURCES_FLAG 0x80
#define SPC_INC_PE_DEBUG_INFO_FLAG 0x40 #define SPC_INC_PE_DEBUG_INFO_FLAG 0x40
#define SPC_INC_PE_IMPORT_ADDR_TABLE_FLAG 0x20 #define SPC_INC_PE_IMPORT_ADDR_TABLE_FLAG 0x20
#define SPC_EXC_PE_PAGE_HASHES_FLAG 0x10
// The above SPC_EXC_PE_PAGE_HASHES_FLAG takes precedence if also set.
#define SPC_INC_PE_PAGE_HASHES_FLAG 0x100
////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////
// //
// SIP_SUBJECTINFO // SIP_SUBJECTINFO
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------
// pass this structure to all defined SIPs. Make sure to initialize // pass this structure to all defined SIPs. Make sure to initialize
// the ENTIRE structure to binary zero before the FIRST call is made. Do // the ENTIRE structure to binary zero before the FIRST call is made. Do
// not initialize it BETWEEN calls! // not initialize it BETWEEN calls!
// //
typedef struct SIP_SUBJECTINFO_ typedef struct SIP_SUBJECTINFO_
 End of changes. 1 change blocks. 
0 lines changed or deleted 4 lines changed or added


 wincrypt.h (5.131.3790.3959-Windows 5.0)   wincrypt.h (6.0.6002.18005-Windows 6.0) 
skipping to change at line 15 skipping to change at line 15
// //
// File: wincrypt.h // File: wincrypt.h
// //
// Contents: Cryptographic API Prototypes and Definitions // Contents: Cryptographic API Prototypes and Definitions
// //
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------
#ifndef __WINCRYPT_H__ #ifndef __WINCRYPT_H__
#define __WINCRYPT_H__ #define __WINCRYPT_H__
#include <specstrings.h> /* for SAL annotations */
#if defined (_MSC_VER) #if defined (_MSC_VER)
#if ( _MSC_VER >= 800 ) #if ( _MSC_VER >= 800 )
#if _MSC_VER >= 1200 #if _MSC_VER >= 1200
#pragma warning(push) #pragma warning(push)
#endif #endif
#pragma warning(disable:4201) /* Nameless struct/union */ #pragma warning(disable:4201) /* Nameless struct/union */
#endif #endif
#if (_MSC_VER > 1020) #if (_MSC_VER > 1020)
skipping to change at line 36 skipping to change at line 38
#endif #endif
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#ifndef _HRESULT_DEFINED #ifndef _HRESULT_DEFINED
#define _HRESULT_DEFINED #define _HRESULT_DEFINED
typedef LONG HRESULT; typedef __success(return >= 0) long HRESULT;
#endif
#endif // !_HRESULT_DEFINED
#ifndef WINADVAPI #ifndef WINADVAPI
#define WINADVAPI #define WINADVAPI
#endif #endif
#ifndef WINAPI #ifndef WINAPI
#define WINAPI __stdcall #define WINAPI __stdcall
#endif #endif
#ifndef CALLBACK #ifndef CALLBACK
skipping to change at line 72 skipping to change at line 73
#endif #endif
#ifndef OUT #ifndef OUT
#define OUT #define OUT
#endif #endif
#ifndef OPTIONAL #ifndef OPTIONAL
#define OPTIONAL #define OPTIONAL
#endif #endif
#if (NTDDI_VERSION >= NTDDI_WINLH)
#if !defined(WINCRYPT32API)
#if !defined(_CRYPT32_) #if !defined(_CRYPT32_)
#define WINCRYPT32API DECLSPEC_IMPORT #define WINCRYPT32API DECLSPEC_IMPORT
#else #else
#define WINCRYPT32API #define WINCRYPT32API
#endif #endif
#endif
#else
#if !defined(_CRYPT32_)
#define WINCRYPT32API DECLSPEC_IMPORT
#else
#define WINCRYPT32API
#endif
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if !defined(WINCRYPT32STRINGAPI)
#if !defined(_CRYPT32STRING_) #if !defined(_CRYPT32STRING_)
# define WINCRYPT32STRINGAPI WINCRYPT32API #define WINCRYPT32STRINGAPI WINCRYPT32API
#else #else
# define WINCRYPT32STRINGAPI #define WINCRYPT32STRINGAPI
#endif
#endif #endif
// //
// Algorithm IDs and Flags // Algorithm IDs and Flags
// //
// ALG_ID crackers // ALG_ID crackers
#define GET_ALG_CLASS(x) (x & (7 << 13)) #define GET_ALG_CLASS(x) (x & (7 << 13))
#define GET_ALG_TYPE(x) (x & (15 << 9)) #define GET_ALG_TYPE(x) (x & (15 << 9))
#define GET_ALG_SID(x) (x & (511)) #define GET_ALG_SID(x) (x & (511))
// Algorithm classes // Algorithm classes
// certenrolld_begin -- ALG_CLASS_*
#define ALG_CLASS_ANY (0) #define ALG_CLASS_ANY (0)
#define ALG_CLASS_SIGNATURE (1 << 13) #define ALG_CLASS_SIGNATURE (1 << 13)
#define ALG_CLASS_MSG_ENCRYPT (2 << 13) #define ALG_CLASS_MSG_ENCRYPT (2 << 13)
#define ALG_CLASS_DATA_ENCRYPT (3 << 13) #define ALG_CLASS_DATA_ENCRYPT (3 << 13)
#define ALG_CLASS_HASH (4 << 13) #define ALG_CLASS_HASH (4 << 13)
#define ALG_CLASS_KEY_EXCHANGE (5 << 13) #define ALG_CLASS_KEY_EXCHANGE (5 << 13)
#define ALG_CLASS_ALL (7 << 13) #define ALG_CLASS_ALL (7 << 13)
// certenrolld_end
// Algorithm types // Algorithm types
#define ALG_TYPE_ANY (0) #define ALG_TYPE_ANY (0)
#define ALG_TYPE_DSS (1 << 9) #define ALG_TYPE_DSS (1 << 9)
#define ALG_TYPE_RSA (2 << 9) #define ALG_TYPE_RSA (2 << 9)
#define ALG_TYPE_BLOCK (3 << 9) #define ALG_TYPE_BLOCK (3 << 9)
#define ALG_TYPE_STREAM (4 << 9) #define ALG_TYPE_STREAM (4 << 9)
#define ALG_TYPE_DH (5 << 9) #define ALG_TYPE_DH (5 << 9)
#define ALG_TYPE_SECURECHANNEL (6 << 9) #define ALG_TYPE_SECURECHANNEL (6 << 9)
skipping to change at line 126 skipping to change at line 145
#define ALG_SID_RSA_PKCS 1 #define ALG_SID_RSA_PKCS 1
#define ALG_SID_RSA_MSATWORK 2 #define ALG_SID_RSA_MSATWORK 2
#define ALG_SID_RSA_ENTRUST 3 #define ALG_SID_RSA_ENTRUST 3
#define ALG_SID_RSA_PGP 4 #define ALG_SID_RSA_PGP 4
// Some DSS sub-ids // Some DSS sub-ids
// //
#define ALG_SID_DSS_ANY 0 #define ALG_SID_DSS_ANY 0
#define ALG_SID_DSS_PKCS 1 #define ALG_SID_DSS_PKCS 1
#define ALG_SID_DSS_DMS 2 #define ALG_SID_DSS_DMS 2
#if (NTDDI_VERSION >= NTDDI_WINLH)
#define ALG_SID_ECDSA 3
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
// Block cipher sub ids // Block cipher sub ids
// DES sub_ids // DES sub_ids
#define ALG_SID_DES 1 #define ALG_SID_DES 1
#define ALG_SID_3DES 3 #define ALG_SID_3DES 3
#define ALG_SID_DESX 4 #define ALG_SID_DESX 4
#define ALG_SID_IDEA 5 #define ALG_SID_IDEA 5
#define ALG_SID_CAST 6 #define ALG_SID_CAST 6
#define ALG_SID_SAFERSK64 7 #define ALG_SID_SAFERSK64 7
#define ALG_SID_SAFERSK128 8 #define ALG_SID_SAFERSK128 8
#define ALG_SID_3DES_112 9 #define ALG_SID_3DES_112 9
#define ALG_SID_CYLINK_MEK 12 #define ALG_SID_CYLINK_MEK 12
#define ALG_SID_RC5 13 #define ALG_SID_RC5 13
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define ALG_SID_AES_128 14 #define ALG_SID_AES_128 14
#define ALG_SID_AES_192 15 #define ALG_SID_AES_192 15
#define ALG_SID_AES_256 16 #define ALG_SID_AES_256 16
#define ALG_SID_AES 17 #define ALG_SID_AES 17
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
// Fortezza sub-ids // Fortezza sub-ids
#define ALG_SID_SKIPJACK 10 #define ALG_SID_SKIPJACK 10
#define ALG_SID_TEK 11 #define ALG_SID_TEK 11
// KP_MODE // KP_MODE
#define CRYPT_MODE_CBCI 6 // ANSI CBC Interleaved #define CRYPT_MODE_CBCI 6 // ANSI CBC Interleaved
#define CRYPT_MODE_CFBP 7 // ANSI CFB Pipelined #define CRYPT_MODE_CFBP 7 // ANSI CFB Pipelined
#define CRYPT_MODE_OFBP 8 // ANSI OFB Pipelined #define CRYPT_MODE_OFBP 8 // ANSI OFB Pipelined
#define CRYPT_MODE_CBCOFM 9 // ANSI CBC + OF Masking #define CRYPT_MODE_CBCOFM 9 // ANSI CBC + OF Masking
skipping to change at line 167 skipping to change at line 191
// Stream cipher sub-ids // Stream cipher sub-ids
#define ALG_SID_RC4 1 #define ALG_SID_RC4 1
#define ALG_SID_SEAL 2 #define ALG_SID_SEAL 2
// Diffie-Hellman sub-ids // Diffie-Hellman sub-ids
#define ALG_SID_DH_SANDF 1 #define ALG_SID_DH_SANDF 1
#define ALG_SID_DH_EPHEM 2 #define ALG_SID_DH_EPHEM 2
#define ALG_SID_AGREED_KEY_ANY 3 #define ALG_SID_AGREED_KEY_ANY 3
#define ALG_SID_KEA 4 #define ALG_SID_KEA 4
#if (NTDDI_VERSION >= NTDDI_WINLH)
#define ALG_SID_ECDH 5
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
// Hash sub ids // Hash sub ids
#define ALG_SID_MD2 1 #define ALG_SID_MD2 1
#define ALG_SID_MD4 2 #define ALG_SID_MD4 2
#define ALG_SID_MD5 3 #define ALG_SID_MD5 3
#define ALG_SID_SHA 4 #define ALG_SID_SHA 4
#define ALG_SID_SHA1 4 #define ALG_SID_SHA1 4
#define ALG_SID_MAC 5 #define ALG_SID_MAC 5
#define ALG_SID_RIPEMD 6 #define ALG_SID_RIPEMD 6
#define ALG_SID_RIPEMD160 7 #define ALG_SID_RIPEMD160 7
#define ALG_SID_SSL3SHAMD5 8 #define ALG_SID_SSL3SHAMD5 8
#define ALG_SID_HMAC 9 #define ALG_SID_HMAC 9
#define ALG_SID_TLS1PRF 10 #define ALG_SID_TLS1PRF 10
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define ALG_SID_HASH_REPLACE_OWF 11 #define ALG_SID_HASH_REPLACE_OWF 11
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION >= NTDDI_WS03)
#define ALG_SID_SHA_256 12 #define ALG_SID_SHA_256 12
#define ALG_SID_SHA_384 13 #define ALG_SID_SHA_384 13
#define ALG_SID_SHA_512 14 #define ALG_SID_SHA_512 14
#endif //(NTDDI_VERSION >= NTDDI_WS03)
// secure channel sub ids // secure channel sub ids
#define ALG_SID_SSL3_MASTER 1 #define ALG_SID_SSL3_MASTER 1
#define ALG_SID_SCHANNEL_MASTER_HASH 2 #define ALG_SID_SCHANNEL_MASTER_HASH 2
#define ALG_SID_SCHANNEL_MAC_KEY 3 #define ALG_SID_SCHANNEL_MAC_KEY 3
#define ALG_SID_PCT1_MASTER 4 #define ALG_SID_PCT1_MASTER 4
#define ALG_SID_SSL2_MASTER 5 #define ALG_SID_SSL2_MASTER 5
#define ALG_SID_TLS1_MASTER 6 #define ALG_SID_TLS1_MASTER 6
#define ALG_SID_SCHANNEL_ENC_KEY 7 #define ALG_SID_SCHANNEL_ENC_KEY 7
#if (NTDDI_VERSION >= NTDDI_WINLH)
// misc ECC sub ids
#define ALG_SID_ECMQV 1
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
// Our silly example sub-id // Our silly example sub-id
#define ALG_SID_EXAMPLE 80 #define ALG_SID_EXAMPLE 80
// certenrolls_begin -- PROV_ENUMALGS_EX
#ifndef ALGIDDEF #ifndef ALGIDDEF
#define ALGIDDEF #define ALGIDDEF
typedef unsigned int ALG_ID; typedef unsigned int ALG_ID;
#endif #endif
// certenrolls_end
// algorithm identifier definitions // algorithm identifier definitions
#define CALG_MD2 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2) #define CALG_MD2 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2)
#define CALG_MD4 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4) #define CALG_MD4 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4)
#define CALG_MD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5) #define CALG_MD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5)
#define CALG_SHA (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA) #define CALG_SHA (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA)
#define CALG_SHA1 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1) #define CALG_SHA1 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1)
#define CALG_MAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC) #define CALG_MAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC)
#define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RS A_ANY) #define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RS A_ANY)
#define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DS S_ANY) #define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DS S_ANY)
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define CALG_NO_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_AN Y) #define CALG_NO_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_AN Y)
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA _ANY) #define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA _ANY)
#define CALG_DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_D ES) #define CALG_DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_D ES)
#define CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3 DES_112) #define CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3 DES_112)
#define CALG_3DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3 DES) #define CALG_3DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3 DES)
#define CALG_DESX (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_D ESX) #define CALG_DESX (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_D ESX)
#define CALG_RC2 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_R C2) #define CALG_RC2 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_R C2)
#define CALG_RC4 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_ RC4) #define CALG_RC4 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_ RC4)
#define CALG_SEAL (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_ SEAL) #define CALG_SEAL (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_ SEAL)
#define CALG_DH_SF (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_S ANDF) #define CALG_DH_SF (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_S ANDF)
#define CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_E PHEM) #define CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_E PHEM)
skipping to change at line 239 skipping to change at line 279
#define CALG_SSL3_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SSL3_MASTER) #define CALG_SSL3_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SSL3_MASTER)
#define CALG_SCHANNEL_MASTER_HASH (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNE L|ALG_SID_SCHANNEL_MASTER_HASH) #define CALG_SCHANNEL_MASTER_HASH (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNE L|ALG_SID_SCHANNEL_MASTER_HASH)
#define CALG_SCHANNEL_MAC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SCHANNEL_MAC_KEY) #define CALG_SCHANNEL_MAC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SCHANNEL_MAC_KEY)
#define CALG_SCHANNEL_ENC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SCHANNEL_ENC_KEY) #define CALG_SCHANNEL_ENC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SCHANNEL_ENC_KEY)
#define CALG_PCT1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_PCT1_MASTER) #define CALG_PCT1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_PCT1_MASTER)
#define CALG_SSL2_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SSL2_MASTER) #define CALG_SSL2_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SSL2_MASTER)
#define CALG_TLS1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_TLS1_MASTER) #define CALG_TLS1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_TLS1_MASTER)
#define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_R C5) #define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_R C5)
#define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC) #define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC)
#define CALG_TLS1PRF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF ) #define CALG_TLS1PRF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF )
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_RE PLACE_OWF) #define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_RE PLACE_OWF)
#define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_128) #define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_128)
#define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_192) #define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_192)
#define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_256) #define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_256)
#define CALG_AES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES) #define CALG_AES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES)
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION >= NTDDI_WS03)
#define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256 ) #define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256 )
#define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384 ) #define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384 )
#define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512 ) #define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512 )
#endif //(NTDDI_VERSION >= NTDDI_WS03)
#if (NTDDI_VERSION >= NTDDI_WINLH)
#define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_
ECDH)
#define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID
_ECMQV)
#define CALG_ECDSA (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_EC
DSA)
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINXP)
// resource number for signatures in the CSP
#define SIGNATURE_RESOURCE_NUMBER 0x29A
typedef struct _VTableProvStruc {
DWORD Version;
FARPROC FuncVerifyImage;
FARPROC FuncReturnhWnd;
DWORD dwProvType;
BYTE *pbContextInfo;
DWORD cbContextInfo;
LPSTR pszProvName;
} VTableProvStruc, *PVTableProvStruc;
#endif //(NTDDI_VERSION < NTDDI_WINXP)
// Used for certenroll.idl:
// certenrolls_begin -- HCRYPT*
typedef ULONG_PTR HCRYPTPROV; typedef ULONG_PTR HCRYPTPROV;
typedef ULONG_PTR HCRYPTKEY; typedef ULONG_PTR HCRYPTKEY;
typedef ULONG_PTR HCRYPTHASH; typedef ULONG_PTR HCRYPTHASH;
// certenrolls_end
// dwFlags definitions for CryptAcquireContext // dwFlags definitions for CryptAcquireContext
#define CRYPT_VERIFYCONTEXT 0xF0000000 #define CRYPT_VERIFYCONTEXT 0xF0000000
#define CRYPT_NEWKEYSET 0x00000008 #define CRYPT_NEWKEYSET 0x00000008
#define CRYPT_DELETEKEYSET 0x00000010 #define CRYPT_DELETEKEYSET 0x00000010
#define CRYPT_MACHINE_KEYSET 0x00000020 #define CRYPT_MACHINE_KEYSET 0x00000020
#define CRYPT_SILENT 0x00000040 #define CRYPT_SILENT 0x00000040
#if (NTDDI_VERSION >= NTDDI_WINLH)
#define CRYPT_DEFAULT_CONTAINER_OPTIONAL 0x00000080
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
// dwFlag definitions for CryptGenKey // dwFlag definitions for CryptGenKey
#define CRYPT_EXPORTABLE 0x00000001 #define CRYPT_EXPORTABLE 0x00000001
#define CRYPT_USER_PROTECTED 0x00000002 #define CRYPT_USER_PROTECTED 0x00000002
#define CRYPT_CREATE_SALT 0x00000004 #define CRYPT_CREATE_SALT 0x00000004
#define CRYPT_UPDATE_KEY 0x00000008 #define CRYPT_UPDATE_KEY 0x00000008
#define CRYPT_NO_SALT 0x00000010 #define CRYPT_NO_SALT 0x00000010
#define CRYPT_PREGEN 0x00000040 #define CRYPT_PREGEN 0x00000040
#define CRYPT_RECIPIENT 0x00000010 #define CRYPT_RECIPIENT 0x00000010
#define CRYPT_INITIATOR 0x00000040 #define CRYPT_INITIATOR 0x00000040
#define CRYPT_ONLINE 0x00000080 #define CRYPT_ONLINE 0x00000080
#define CRYPT_SF 0x00000100 #define CRYPT_SF 0x00000100
#define CRYPT_CREATE_IV 0x00000200 #define CRYPT_CREATE_IV 0x00000200
#define CRYPT_KEK 0x00000400 #define CRYPT_KEK 0x00000400
#define CRYPT_DATA_KEY 0x00000800 #define CRYPT_DATA_KEY 0x00000800
#define CRYPT_VOLATILE 0x00001000 #define CRYPT_VOLATILE 0x00001000
#define CRYPT_SGCKEY 0x00002000 #define CRYPT_SGCKEY 0x00002000
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define CRYPT_ARCHIVABLE 0x00004000 #define CRYPT_ARCHIVABLE 0x00004000
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION >= NTDDI_WINLH)
#define CRYPT_FORCE_KEY_PROTECTION_HIGH 0x00008000
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#define RSA1024BIT_KEY 0x04000000 #define RSA1024BIT_KEY 0x04000000
// dwFlags definitions for CryptDeriveKey // dwFlags definitions for CryptDeriveKey
#define CRYPT_SERVER 0x00000400 #define CRYPT_SERVER 0x00000400
#define KEY_LENGTH_MASK 0xFFFF0000 #define KEY_LENGTH_MASK 0xFFFF0000
// dwFlag definitions for CryptExportKey // dwFlag definitions for CryptExportKey
#define CRYPT_Y_ONLY 0x00000001 #define CRYPT_Y_ONLY 0x00000001
#define CRYPT_SSL2_FALLBACK 0x00000002 #define CRYPT_SSL2_FALLBACK 0x00000002
#define CRYPT_DESTROYKEY 0x00000004 #define CRYPT_DESTROYKEY 0x00000004
#define CRYPT_OAEP 0x00000040 // used with RSA encryptions/decrypt ions #define CRYPT_OAEP 0x00000040 // used with RSA encryptions/decrypt ions
// CryptExportKey, CryptImportKey, // CryptExportKey, CryptImportKey,
// CryptEncrypt and CryptDecrypt // CryptEncrypt and CryptDecrypt
#define CRYPT_BLOB_VER3 0x00000080 // export version 3 of a blob type #define CRYPT_BLOB_VER3 0x00000080 // export version 3 of a blob type
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define CRYPT_IPSEC_HMAC_KEY 0x00000100 // CryptImportKey only #define CRYPT_IPSEC_HMAC_KEY 0x00000100 // CryptImportKey only
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION >= NTDDI_WS03)
// dwFlags definitions for CryptDecrypt // dwFlags definitions for CryptDecrypt
// See also CRYPT_OAEP, above. // See also CRYPT_OAEP, above.
// Note, the following flag is not supported for CryptEncrypt // Note, the following flag is not supported for CryptEncrypt
#define CRYPT_DECRYPT_RSA_NO_PADDING_CHECK 0x00000020 #define CRYPT_DECRYPT_RSA_NO_PADDING_CHECK 0x00000020
#endif //(NTDDI_VERSION >= NTDDI_WS03)
// dwFlags definitions for CryptCreateHash // dwFlags definitions for CryptCreateHash
#define CRYPT_SECRETDIGEST 0x00000001 #define CRYPT_SECRETDIGEST 0x00000001
#if (NTDDI_VERSION >= NTDDI_WINXP)
// dwFlags definitions for CryptHashData // dwFlags definitions for CryptHashData
#define CRYPT_OWF_REPL_LM_HASH 0x00000001 // this is only for the OWF replacem ent CSP #define CRYPT_OWF_REPL_LM_HASH 0x00000001 // this is only for the OWF replacem ent CSP
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
// dwFlags definitions for CryptHashSessionKey // dwFlags definitions for CryptHashSessionKey
#define CRYPT_LITTLE_ENDIAN 0x00000001 #define CRYPT_LITTLE_ENDIAN 0x00000001
// dwFlags definitions for CryptSignHash and CryptVerifySignature // dwFlags definitions for CryptSignHash and CryptVerifySignature
#define CRYPT_NOHASHOID 0x00000001 #define CRYPT_NOHASHOID 0x00000001
#define CRYPT_TYPE2_FORMAT 0x00000002 #define CRYPT_TYPE2_FORMAT 0x00000002
#define CRYPT_X931_FORMAT 0x00000004 #define CRYPT_X931_FORMAT 0x00000004
// dwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider // dwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider
#define CRYPT_MACHINE_DEFAULT 0x00000001 #define CRYPT_MACHINE_DEFAULT 0x00000001
#define CRYPT_USER_DEFAULT 0x00000002 #define CRYPT_USER_DEFAULT 0x00000002
#define CRYPT_DELETE_DEFAULT 0x00000004 #define CRYPT_DELETE_DEFAULT 0x00000004
// exported key blob definitions // exported key blob definitions
// certenrolld_begin -- *BLOB
#define SIMPLEBLOB 0x1 #define SIMPLEBLOB 0x1
#define PUBLICKEYBLOB 0x6 #define PUBLICKEYBLOB 0x6
#define PRIVATEKEYBLOB 0x7 #define PRIVATEKEYBLOB 0x7
#define PLAINTEXTKEYBLOB 0x8 #define PLAINTEXTKEYBLOB 0x8
#define OPAQUEKEYBLOB 0x9 #define OPAQUEKEYBLOB 0x9
#define PUBLICKEYBLOBEX 0xA #define PUBLICKEYBLOBEX 0xA
#define SYMMETRICWRAPKEYBLOB 0xB #define SYMMETRICWRAPKEYBLOB 0xB
#if (NTDDI_VERSION >= NTDDI_WS03)
#define KEYSTATEBLOB 0xC #define KEYSTATEBLOB 0xC
#endif //(NTDDI_VERSION >= NTDDI_WS03)
// certenrolld_end
// certenrolld_begin -- AT_*
#define AT_KEYEXCHANGE 1 #define AT_KEYEXCHANGE 1
#define AT_SIGNATURE 2 #define AT_SIGNATURE 2
// certenrolld_end
#define CRYPT_USERDATA 1 #define CRYPT_USERDATA 1
// dwParam // dwParam
#define KP_IV 1 // Initialization vector #define KP_IV 1 // Initialization vector
#define KP_SALT 2 // Salt value #define KP_SALT 2 // Salt value
#define KP_PADDING 3 // Padding values #define KP_PADDING 3 // Padding values
#define KP_MODE 4 // Mode of the cipher #define KP_MODE 4 // Mode of the cipher
#define KP_MODE_BITS 5 // Number of bits to feedback #define KP_MODE_BITS 5 // Number of bits to feedback
#define KP_PERMISSIONS 6 // Key permissions DWORD #define KP_PERMISSIONS 6 // Key permissions DWORD
skipping to change at line 369 skipping to change at line 456
#define KP_PRECOMP_SHA 25 #define KP_PRECOMP_SHA 25
#define KP_CERTIFICATE 26 // for setting Secure Channel certificat e data (PCT1) #define KP_CERTIFICATE 26 // for setting Secure Channel certificat e data (PCT1)
#define KP_CLEAR_KEY 27 // for setting Secure Channel clear key data (PCT1) #define KP_CLEAR_KEY 27 // for setting Secure Channel clear key data (PCT1)
#define KP_PUB_EX_LEN 28 #define KP_PUB_EX_LEN 28
#define KP_PUB_EX_VAL 29 #define KP_PUB_EX_VAL 29
#define KP_KEYVAL 30 #define KP_KEYVAL 30
#define KP_ADMIN_PIN 31 #define KP_ADMIN_PIN 31
#define KP_KEYEXCHANGE_PIN 32 #define KP_KEYEXCHANGE_PIN 32
#define KP_SIGNATURE_PIN 33 #define KP_SIGNATURE_PIN 33
#define KP_PREHASH 34 #define KP_PREHASH 34
#if (NTDDI_VERSION >= NTDDI_WS03)
#define KP_ROUNDS 35 #define KP_ROUNDS 35
#endif //(NTDDI_VERSION >= NTDDI_WS03)
#define KP_OAEP_PARAMS 36 // for setting OAEP params on RSA keys #define KP_OAEP_PARAMS 36 // for setting OAEP params on RSA keys
#define KP_CMS_KEY_INFO 37 #define KP_CMS_KEY_INFO 37
#define KP_CMS_DH_KEY_INFO 38 #define KP_CMS_DH_KEY_INFO 38
#define KP_PUB_PARAMS 39 // for setting public parameters #define KP_PUB_PARAMS 39 // for setting public parameters
#define KP_VERIFY_PARAMS 40 // for verifying DSA and DH parameters #define KP_VERIFY_PARAMS 40 // for verifying DSA and DH parameters
#define KP_HIGHEST_VERSION 41 // for TLS protocol version setting #define KP_HIGHEST_VERSION 41 // for TLS protocol version setting
#if (NTDDI_VERSION >= NTDDI_WS03)
#define KP_GET_USE_COUNT 42 // for use with PP_CRYPT_COUNT_KEY_USE c ontexts #define KP_GET_USE_COUNT 42 // for use with PP_CRYPT_COUNT_KEY_USE c ontexts
#endif //(NTDDI_VERSION >= NTDDI_WS03)
// KP_PADDING // KP_PADDING
#define PKCS5_PADDING 1 // PKCS 5 (sec 6.2) padding method #define PKCS5_PADDING 1 // PKCS 5 (sec 6.2) padding method
#define RANDOM_PADDING 2 #define RANDOM_PADDING 2
#define ZERO_PADDING 3 #define ZERO_PADDING 3
// KP_MODE // KP_MODE
#define CRYPT_MODE_CBC 1 // Cipher block chaining #define CRYPT_MODE_CBC 1 // Cipher block chaining
#define CRYPT_MODE_ECB 2 // Electronic code book #define CRYPT_MODE_ECB 2 // Electronic code book
#define CRYPT_MODE_OFB 3 // Output feedback mode #define CRYPT_MODE_OFB 3 // Output feedback mode
skipping to change at line 399 skipping to change at line 490
// KP_PERMISSIONS // KP_PERMISSIONS
#define CRYPT_ENCRYPT 0x0001 // Allow encryption #define CRYPT_ENCRYPT 0x0001 // Allow encryption
#define CRYPT_DECRYPT 0x0002 // Allow decryption #define CRYPT_DECRYPT 0x0002 // Allow decryption
#define CRYPT_EXPORT 0x0004 // Allow key to be exported #define CRYPT_EXPORT 0x0004 // Allow key to be exported
#define CRYPT_READ 0x0008 // Allow parameters to be read #define CRYPT_READ 0x0008 // Allow parameters to be read
#define CRYPT_WRITE 0x0010 // Allow parameters to be set #define CRYPT_WRITE 0x0010 // Allow parameters to be set
#define CRYPT_MAC 0x0020 // Allow MACs to be used with key #define CRYPT_MAC 0x0020 // Allow MACs to be used with key
#define CRYPT_EXPORT_KEY 0x0040 // Allow key to be used for exporting ke ys #define CRYPT_EXPORT_KEY 0x0040 // Allow key to be used for exporting ke ys
#define CRYPT_IMPORT_KEY 0x0080 // Allow key to be used for importing ke ys #define CRYPT_IMPORT_KEY 0x0080 // Allow key to be used for importing ke ys
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define CRYPT_ARCHIVE 0x0100 // Allow key to be exported at creation only #define CRYPT_ARCHIVE 0x0100 // Allow key to be exported at creation only
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#define HP_ALGID 0x0001 // Hash algorithm #define HP_ALGID 0x0001 // Hash algorithm
#define HP_HASHVAL 0x0002 // Hash value #define HP_HASHVAL 0x0002 // Hash value
#define HP_HASHSIZE 0x0004 // Hash value size #define HP_HASHSIZE 0x0004 // Hash value size
#define HP_HMAC_INFO 0x0005 // information for creating an HMAC #define HP_HMAC_INFO 0x0005 // information for creating an HMAC
#define HP_TLS1PRF_LABEL 0x0006 // label for TLS1 PRF #define HP_TLS1PRF_LABEL 0x0006 // label for TLS1 PRF
#define HP_TLS1PRF_SEED 0x0007 // seed for TLS1 PRF #define HP_TLS1PRF_SEED 0x0007 // seed for TLS1 PRF
#define CRYPT_FAILED FALSE #define CRYPT_FAILED FALSE
#define CRYPT_SUCCEED TRUE #define CRYPT_SUCCEED TRUE
skipping to change at line 447 skipping to change at line 540
#define PP_ADMIN_PIN 31 #define PP_ADMIN_PIN 31
#define PP_KEYEXCHANGE_PIN 32 #define PP_KEYEXCHANGE_PIN 32
#define PP_SIGNATURE_PIN 33 #define PP_SIGNATURE_PIN 33
#define PP_SIG_KEYSIZE_INC 34 #define PP_SIG_KEYSIZE_INC 34
#define PP_KEYX_KEYSIZE_INC 35 #define PP_KEYX_KEYSIZE_INC 35
#define PP_UNIQUE_CONTAINER 36 #define PP_UNIQUE_CONTAINER 36
#define PP_SGC_INFO 37 #define PP_SGC_INFO 37
#define PP_USE_HARDWARE_RNG 38 #define PP_USE_HARDWARE_RNG 38
#define PP_KEYSPEC 39 #define PP_KEYSPEC 39
#define PP_ENUMEX_SIGNING_PROT 40 #define PP_ENUMEX_SIGNING_PROT 40
#if (NTDDI_VERSION >= NTDDI_WS03)
#define PP_CRYPT_COUNT_KEY_USE 41 #define PP_CRYPT_COUNT_KEY_USE 41
#endif //(NTDDI_VERSION >= NTDDI_WS03)
#if (NTDDI_VERSION >= NTDDI_WINLH)
#define PP_USER_CERTSTORE 42
#define PP_SMARTCARD_READER 43
#define PP_SMARTCARD_GUID 45
#define PP_ROOT_CERTSTORE 46
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#define CRYPT_FIRST 1 #define CRYPT_FIRST 1
#define CRYPT_NEXT 2 #define CRYPT_NEXT 2
#define CRYPT_SGC_ENUM 4 #define CRYPT_SGC_ENUM 4
#define CRYPT_IMPL_HARDWARE 1 #define CRYPT_IMPL_HARDWARE 1
#define CRYPT_IMPL_SOFTWARE 2 #define CRYPT_IMPL_SOFTWARE 2
#define CRYPT_IMPL_MIXED 3 #define CRYPT_IMPL_MIXED 3
#define CRYPT_IMPL_UNKNOWN 4 #define CRYPT_IMPL_UNKNOWN 4
#define CRYPT_IMPL_REMOVABLE 8 #define CRYPT_IMPL_REMOVABLE 8
skipping to change at line 486 skipping to change at line 587
// //
// CryptSetProvParam // CryptSetProvParam
// //
#define PP_CLIENT_HWND 1 #define PP_CLIENT_HWND 1
#define PP_CONTEXT_INFO 11 #define PP_CONTEXT_INFO 11
#define PP_KEYEXCHANGE_KEYSIZE 12 #define PP_KEYEXCHANGE_KEYSIZE 12
#define PP_SIGNATURE_KEYSIZE 13 #define PP_SIGNATURE_KEYSIZE 13
#define PP_KEYEXCHANGE_ALG 14 #define PP_KEYEXCHANGE_ALG 14
#define PP_SIGNATURE_ALG 15 #define PP_SIGNATURE_ALG 15
#define PP_DELETEKEY 24 #define PP_DELETEKEY 24
#if (NTDDI_VERSION >= NTDDI_WINLH)
#define PP_PIN_PROMPT_STRING 44
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
// certenrolld_begin -- PROV_RSA_*
#define PROV_RSA_FULL 1 #define PROV_RSA_FULL 1
#define PROV_RSA_SIG 2 #define PROV_RSA_SIG 2
#define PROV_DSS 3 #define PROV_DSS 3
#define PROV_FORTEZZA 4 #define PROV_FORTEZZA 4
#define PROV_MS_EXCHANGE 5 #define PROV_MS_EXCHANGE 5
#define PROV_SSL 6 #define PROV_SSL 6
#define PROV_RSA_SCHANNEL 12 #define PROV_RSA_SCHANNEL 12
#define PROV_DSS_DH 13 #define PROV_DSS_DH 13
#define PROV_EC_ECDSA_SIG 14 #define PROV_EC_ECDSA_SIG 14
#define PROV_EC_ECNRA_SIG 15 #define PROV_EC_ECNRA_SIG 15
#define PROV_EC_ECDSA_FULL 16 #define PROV_EC_ECDSA_FULL 16
#define PROV_EC_ECNRA_FULL 17 #define PROV_EC_ECNRA_FULL 17
#define PROV_DH_SCHANNEL 18 #define PROV_DH_SCHANNEL 18
#define PROV_SPYRUS_LYNKS 20 #define PROV_SPYRUS_LYNKS 20
#define PROV_RNG 21 #define PROV_RNG 21
#define PROV_INTEL_SEC 22 #define PROV_INTEL_SEC 22
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define PROV_REPLACE_OWF 23 #define PROV_REPLACE_OWF 23
#define PROV_RSA_AES 24 #define PROV_RSA_AES 24
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
// certenrolld_end
#if (NTDDI_VERSION <= NTDDI_WINXP)
//
// STT defined Providers
//
#define PROV_STT_MER 7
#define PROV_STT_ACQ 8
#define PROV_STT_BRND 9
#define PROV_STT_ROOT 10
#define PROV_STT_ISS 11
#endif //(NTDDI_VERSION <= NTDDI_WINXP)
// //
// Provider friendly names // Provider friendly names
// //
#define MS_DEF_PROV_A "Microsoft Base Cryptographic Provider v1.0" #define MS_DEF_PROV_A "Microsoft Base Cryptographic Provider v1.0"
#define MS_DEF_PROV_W L"Microsoft Base Cryptographic Provider v1.0" #define MS_DEF_PROV_W L"Microsoft Base Cryptographic Provider v1.0"
#ifdef UNICODE #ifdef UNICODE
#define MS_DEF_PROV MS_DEF_PROV_W #define MS_DEF_PROV MS_DEF_PROV_W
#else #else
#define MS_DEF_PROV MS_DEF_PROV_A #define MS_DEF_PROV MS_DEF_PROV_A
skipping to change at line 589 skipping to change at line 708
#endif #endif
#define MS_SCARD_PROV_A "Microsoft Base Smart Card Crypto Provider" #define MS_SCARD_PROV_A "Microsoft Base Smart Card Crypto Provider"
#define MS_SCARD_PROV_W L"Microsoft Base Smart Card Crypto Provider" #define MS_SCARD_PROV_W L"Microsoft Base Smart Card Crypto Provider"
#ifdef UNICODE #ifdef UNICODE
#define MS_SCARD_PROV MS_SCARD_PROV_W #define MS_SCARD_PROV MS_SCARD_PROV_W
#else #else
#define MS_SCARD_PROV MS_SCARD_PROV_A #define MS_SCARD_PROV MS_SCARD_PROV_A
#endif #endif
#if (NTDDI_VERSION >= NTDDI_WS03)
#define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Pr ovider" #define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Pr ovider"
#define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic P rovider" #define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic P rovider"
#elif (NTDDI_VERSION == NTDDI_WINXP)
#define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Pr
ovider (Prototype)"
#define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic P
rovider (Prototype)"
#endif //(NTDDI_VERSION >= NTDDI_WS03)
#if (NTDDI_VERSION >= NTDDI_WINXP)
#ifdef UNICODE #ifdef UNICODE
#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_W #define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_W
#else #else
#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_A #define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_A
#endif #endif
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#define MAXUIDLEN 64 #define MAXUIDLEN 64
// Exponentiation Offload Reg Location // Exponentiation Offload Reg Location
#define EXPO_OFFLOAD_REG_VALUE "ExpoOffload" #define EXPO_OFFLOAD_REG_VALUE "ExpoOffload"
#define EXPO_OFFLOAD_FUNC_NAME "OffloadModExpo" #define EXPO_OFFLOAD_FUNC_NAME "OffloadModExpo"
// //
// Registry key in which the following private key-related // Registry key in which the following private key-related
// values are created. // values are created.
skipping to change at line 650 skipping to change at line 776
// UI-protected). // UI-protected).
// //
// To enable the new behavior, create the registry DWORD value // To enable the new behavior, create the registry DWORD value
// szKEY_CACHE_ENABLED and set it to 1. The registry DWORD value // szKEY_CACHE_ENABLED and set it to 1. The registry DWORD value
// szKEY_CACHE_SECONDS must also be created and set to the number of seconds // szKEY_CACHE_SECONDS must also be created and set to the number of seconds
// that a cached private key may still be considered usable. // that a cached private key may still be considered usable.
// //
#define szKEY_CACHE_ENABLED "CachePrivateKeys" #define szKEY_CACHE_ENABLED "CachePrivateKeys"
#define szKEY_CACHE_SECONDS "PrivateKeyLifetimeSeconds" #define szKEY_CACHE_SECONDS "PrivateKeyLifetimeSeconds"
#if (NTDDI_VERSION >= NTDDI_WINXP)
// //
// In platforms later than (and not including) Windows Server 2003, private // In platforms later than (and not including) Windows Server 2003, private
// keys are always cached for a period of time per-process, even when // keys are always cached for a period of time per-process, even when
// not being used in any context. // not being used in any context.
// //
// The differences between the process-wide caching settings described below // The differences between the process-wide caching settings described below
// and the Optional Key Timeouts described above are subtle. // and the Optional Key Timeouts described above are subtle.
// //
// - The Optional Key Timeout policy is applied only when an attempt is made // - The Optional Key Timeout policy is applied only when an attempt is made
// to use a specific private key with an open context handle (HCRYPTPROV). // to use a specific private key with an open context handle (HCRYPTPROV).
skipping to change at line 692 skipping to change at line 819
// //
#define szPRIV_KEY_CACHE_MAX_ITEMS "PrivKeyCacheMaxItems" #define szPRIV_KEY_CACHE_MAX_ITEMS "PrivKeyCacheMaxItems"
#define cPRIV_KEY_CACHE_MAX_ITEMS_DEFAULT 20 #define cPRIV_KEY_CACHE_MAX_ITEMS_DEFAULT 20
// //
// Registry value for controlling the interval at which the private key // Registry value for controlling the interval at which the private key
// cache is proactively purged of outdated keys. // cache is proactively purged of outdated keys.
// //
#define szPRIV_KEY_CACHE_PURGE_INTERVAL_SECONDS "PrivKeyCachePurgeIntervalSecond s" #define szPRIV_KEY_CACHE_PURGE_INTERVAL_SECONDS "PrivKeyCachePurgeIntervalSecond s"
#define cPRIV_KEY_CACHE_PURGE_INTERVAL_SECONDS_DEFAULT 86400 // 1 day #define cPRIV_KEY_CACHE_PURGE_INTERVAL_SECONDS_DEFAULT 86400 // 1 day
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#define CUR_BLOB_VERSION 2 #define CUR_BLOB_VERSION 2
// structure for use with CryptSetKeyParam for CMS keys // structure for use with CryptSetKeyParam for CMS keys
// DO NOT USE THIS STRUCTURE!!!!! // DO NOT USE THIS STRUCTURE!!!!!
typedef struct _CMS_KEY_INFO { typedef struct _CMS_KEY_INFO {
DWORD dwVersion; // sizeof(CMS_KEY_INFO) DWORD dwVersion; // sizeof(CMS_KEY_INFO)
ALG_ID Algid; // algorithmm id for the key to be converted ALG_ID Algid; // algorithmm id for the key to be converted
BYTE *pbOID; // pointer to OID to hash in wit h Z BYTE *pbOID; // pointer to OID to hash in wit h Z
DWORD cbOID; // length of OID to hash in with Z DWORD cbOID; // length of OID to hash in with Z
skipping to change at line 736 skipping to change at line 864
// uses of dwFlags SCHANNEL_ALG structure // uses of dwFlags SCHANNEL_ALG structure
#define INTERNATIONAL_USAGE 0x00000001 #define INTERNATIONAL_USAGE 0x00000001
typedef struct _PROV_ENUMALGS { typedef struct _PROV_ENUMALGS {
ALG_ID aiAlgid; ALG_ID aiAlgid;
DWORD dwBitLen; DWORD dwBitLen;
DWORD dwNameLen; DWORD dwNameLen;
CHAR szName[20]; CHAR szName[20];
} PROV_ENUMALGS; } PROV_ENUMALGS;
// certenrolls_begin -- PROV_ENUMALGS_EX
typedef struct _PROV_ENUMALGS_EX { typedef struct _PROV_ENUMALGS_EX {
ALG_ID aiAlgid; ALG_ID aiAlgid;
DWORD dwDefaultLen; DWORD dwDefaultLen;
DWORD dwMinLen; DWORD dwMinLen;
DWORD dwMaxLen; DWORD dwMaxLen;
DWORD dwProtocols; DWORD dwProtocols;
DWORD dwNameLen; DWORD dwNameLen;
CHAR szName[20]; CHAR szName[20];
DWORD dwLongNameLen; DWORD dwLongNameLen;
CHAR szLongName[40]; CHAR szLongName[40];
} PROV_ENUMALGS_EX; } PROV_ENUMALGS_EX;
// certenrolls_end
typedef struct _PUBLICKEYSTRUC { typedef struct _PUBLICKEYSTRUC {
BYTE bType; BYTE bType;
BYTE bVersion; BYTE bVersion;
WORD reserved; WORD reserved;
ALG_ID aiKeyAlg; ALG_ID aiKeyAlg;
} BLOBHEADER, PUBLICKEYSTRUC; } BLOBHEADER, PUBLICKEYSTRUC;
typedef struct _RSAPUBKEY { typedef struct _RSAPUBKEY {
DWORD magic; // Has to be RSA1 DWORD magic; // Has to be RSA1
skipping to change at line 801 skipping to change at line 931
GUID Type; GUID Type;
GUID Subtype; GUID Subtype;
} KEY_TYPE_SUBTYPE, *PKEY_TYPE_SUBTYPE; } KEY_TYPE_SUBTYPE, *PKEY_TYPE_SUBTYPE;
typedef struct _CERT_FORTEZZA_DATA_PROP { typedef struct _CERT_FORTEZZA_DATA_PROP {
unsigned char SerialNumber[8]; unsigned char SerialNumber[8];
int CertIndex; int CertIndex;
unsigned char CertLabel[36]; unsigned char CertLabel[36];
} CERT_FORTEZZA_DATA_PROP; } CERT_FORTEZZA_DATA_PROP;
#if (NTDDI_VERSION >= NTDDI_WS03)
typedef struct _CRYPT_RC4_KEY_STATE { typedef struct _CRYPT_RC4_KEY_STATE {
unsigned char Key[16]; unsigned char Key[16];
unsigned char SBox[256]; unsigned char SBox[256];
unsigned char i; unsigned char i;
unsigned char j; unsigned char j;
} CRYPT_RC4_KEY_STATE, *PCRYPT_RC4_KEY_STATE; } CRYPT_RC4_KEY_STATE, *PCRYPT_RC4_KEY_STATE;
typedef struct _CRYPT_DES_KEY_STATE { typedef struct _CRYPT_DES_KEY_STATE {
unsigned char Key[8]; unsigned char Key[8];
unsigned char IV[8]; unsigned char IV[8];
unsigned char Feedback[8]; unsigned char Feedback[8];
} CRYPT_DES_KEY_STATE, *PCRYPT_DES_KEY_STATE; } CRYPT_DES_KEY_STATE, *PCRYPT_DES_KEY_STATE;
typedef struct _CRYPT_3DES_KEY_STATE { typedef struct _CRYPT_3DES_KEY_STATE {
unsigned char Key[24]; unsigned char Key[24];
unsigned char IV[8]; unsigned char IV[8];
unsigned char Feedback[8]; unsigned char Feedback[8];
} CRYPT_3DES_KEY_STATE, *PCRYPT_3DES_KEY_STATE; } CRYPT_3DES_KEY_STATE, *PCRYPT_3DES_KEY_STATE;
#endif //(NTDDI_VERSION >= NTDDI_WS03)
#if (NTDDI_VERSION >= NTDDI_WINLH)
typedef struct _CRYPT_AES_128_KEY_STATE {
unsigned char Key[16];
unsigned char IV[16];
unsigned char EncryptionState[11][16]; // 10 rounds + 1
unsigned char DecryptionState[11][16];
unsigned char Feedback[16];
} CRYPT_AES_128_KEY_STATE, *PCRYPT_AES_128_KEY_STATE;
typedef struct _CRYPT_AES_256_KEY_STATE {
unsigned char Key[32];
unsigned char IV[16];
unsigned char EncryptionState[15][16]; // 14 rounds + 1
unsigned char DecryptionState[15][16];
unsigned char Feedback[16];
} CRYPT_AES_256_KEY_STATE, *PCRYPT_AES_256_KEY_STATE;
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRYPTOAPI BLOB definitions // CRYPTOAPI BLOB definitions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- *_BLOB
typedef struct _CRYPTOAPI_BLOB { typedef struct _CRYPTOAPI_BLOB {
DWORD cbData; DWORD cbData;
BYTE *pbData; __field_bcount(cbData) BYTE *pbData;
} CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB, } CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB,
CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB, CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB,
CRYPT_OBJID_BLOB, *PCRYPT_OBJID_BLOB, CRYPT_OBJID_BLOB, *PCRYPT_OBJID_BLOB,
CERT_NAME_BLOB, *PCERT_NAME_BLOB, CERT_NAME_BLOB, *PCERT_NAME_BLOB,
CERT_RDN_VALUE_BLOB, *PCERT_RDN_VALUE_BLOB, CERT_RDN_VALUE_BLOB, *PCERT_RDN_VALUE_BLOB,
CERT_BLOB, *PCERT_BLOB, CERT_BLOB, *PCERT_BLOB,
CRL_BLOB, *PCRL_BLOB, CRL_BLOB, *PCRL_BLOB,
DATA_BLOB, *PDATA_BLOB, DATA_BLOB, *PDATA_BLOB,
CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB, CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB,
CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB, CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB,
CRYPT_DIGEST_BLOB, *PCRYPT_DIGEST_BLOB, CRYPT_DIGEST_BLOB, *PCRYPT_DIGEST_BLOB,
CRYPT_DER_BLOB, *PCRYPT_DER_BLOB, CRYPT_DER_BLOB, *PCRYPT_DER_BLOB,
CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB; CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB;
// certenrolls_end
// structure for use with CryptSetKeyParam for CMS keys // structure for use with CryptSetKeyParam for CMS keys
typedef struct _CMS_DH_KEY_INFO { typedef struct _CMS_DH_KEY_INFO {
DWORD dwVersion; // sizeof(CMS_DH_KEY_INF O) DWORD dwVersion; // sizeof(CMS_DH_KEY_INF O)
ALG_ID Algid; // algorithmm id for the key to be converted ALG_ID Algid; // algorithmm id for the key to be converted
LPSTR pszContentEncObjId; // pointer to OID to hash in with Z LPSTR pszContentEncObjId; // pointer to OID to hash in with Z
CRYPT_DATA_BLOB PubInfo; // OPTIONAL - public information CRYPT_DATA_BLOB PubInfo; // OPTIONAL - public information
void *pReserved; // reserved - should be NULL void *pReserved; // reserved - should be NULL
} CMS_DH_KEY_INFO, *PCMS_DH_KEY_INFO; } CMS_DH_KEY_INFO, *PCMS_DH_KEY_INFO;
#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI
BOOL
WINAPI
CryptAcquireContextA(
__out HCRYPTPROV *phProv,
__in_opt LPCSTR szContainer,
__in_opt LPCSTR szProvider,
__in DWORD dwProvType,
__in DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptAcquireContextW(
__out HCRYPTPROV *phProv,
__in_opt LPCWSTR szContainer,
__in_opt LPCWSTR szProvider,
__in DWORD dwProvType,
__in DWORD dwFlags
);
#ifdef UNICODE
#define CryptAcquireContext CryptAcquireContextW
#else
#define CryptAcquireContext CryptAcquireContextA
#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptAcquireContextA( CryptAcquireContextA(
HCRYPTPROV *phProv, HCRYPTPROV *phProv,
LPCSTR szContainer, LPCSTR szContainer,
LPCSTR szProvider, LPCSTR szProvider,
DWORD dwProvType, DWORD dwProvType,
DWORD dwFlags DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptAcquireContextW( CryptAcquireContextW(
HCRYPTPROV *phProv, HCRYPTPROV *phProv,
LPCWSTR szContainer, LPCWSTR szContainer,
LPCWSTR szProvider, LPCWSTR szProvider,
DWORD dwProvType, DWORD dwProvType,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI
BOOL
WINAPI
CryptAcquireContextA(
HCRYPTPROV *phProv,
LPCSTR pszContainer,
LPCSTR pszProvider,
DWORD dwProvType,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptAcquireContextW(
HCRYPTPROV *phProv,
LPCWSTR pszContainer,
LPCWSTR pszProvider,
DWORD dwProvType,
DWORD dwFlags
);
#endif //(NTDDI_VERSION < NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINLH)
#ifdef UNICODE #ifdef UNICODE
#define CryptAcquireContext CryptAcquireContextW #define CryptAcquireContext CryptAcquireContextW
#else #else
#define CryptAcquireContext CryptAcquireContextA #define CryptAcquireContext CryptAcquireContextA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI
BOOL
WINAPI
CryptReleaseContext(
__in HCRYPTPROV hProv,
__in DWORD dwFlags
);
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptReleaseContext( CryptReleaseContext(
HCRYPTPROV hProv, HCRYPTPROV hProv,
DWORD dwFlags ULONG_PTR dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGenKey( CryptGenKey(
HCRYPTPROV hProv, __in HCRYPTPROV hProv,
ALG_ID Algid, __in ALG_ID Algid,
DWORD dwFlags, __in DWORD dwFlags,
HCRYPTKEY *phKey __out HCRYPTKEY *phKey
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDeriveKey( CryptDeriveKey(
HCRYPTPROV hProv, __in HCRYPTPROV hProv,
ALG_ID Algid, __in ALG_ID Algid,
HCRYPTHASH hBaseData, __in HCRYPTHASH hBaseData,
DWORD dwFlags, __in DWORD dwFlags,
HCRYPTKEY *phKey __out HCRYPTKEY *phKey
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDestroyKey( CryptDestroyKey(
HCRYPTKEY hKey __in HCRYPTKEY hKey
); );
#if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetKeyParam( CryptSetKeyParam(
HCRYPTKEY hKey, __in HCRYPTKEY hKey,
DWORD dwParam, __in DWORD dwParam,
CONST BYTE *pbData, __in CONST BYTE *pbData,
DWORD dwFlags __in DWORD dwFlags
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetKeyParam( CryptSetKeyParam(
HCRYPTKEY hKey, HCRYPTKEY hKey,
DWORD dwParam, DWORD dwParam,
BYTE *pbData, BYTE *pbData,
DWORD *pdwDataLen,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetKeyParam(
__in HCRYPTKEY hKey,
__in DWORD dwParam,
__out_bcount_part(*pdwDataLen, *pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen,
__in DWORD dwFlags
);
#if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI
BOOL
WINAPI
CryptSetHashParam(
__in HCRYPTHASH hHash,
__in DWORD dwParam,
__in CONST BYTE *pbData,
__in DWORD dwFlags
);
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI
BOOL
WINAPI
CryptSetHashParam( CryptSetHashParam(
HCRYPTHASH hHash, HCRYPTHASH hHash,
DWORD dwParam, DWORD dwParam,
CONST BYTE *pbData, BYTE*pbData,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetHashParam( CryptGetHashParam(
HCRYPTHASH hHash, __in HCRYPTHASH hHash,
DWORD dwParam, __in DWORD dwParam,
BYTE *pbData, __out_bcount_part(*pdwDataLen, *pdwDataLen) BYTE *pbData,
DWORD *pdwDataLen, __inout DWORD *pdwDataLen,
DWORD dwFlags __in DWORD dwFlags
);
#if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI
BOOL
WINAPI
CryptSetProvParam(
__in HCRYPTPROV hProv,
__in DWORD dwParam,
__in CONST BYTE *pbData,
__in DWORD dwFlags
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProvParam( CryptSetProvParam(
HCRYPTPROV hProv, HCRYPTPROV hProv,
DWORD dwParam, DWORD dwParam,
CONST BYTE *pbData, BYTE*pbData,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetProvParam( CryptGetProvParam(
HCRYPTPROV hProv, __in HCRYPTPROV hProv,
DWORD dwParam, __in DWORD dwParam,
BYTE *pbData, __out_bcount_part_opt(*pdwDataLen, *pdwDataLen) BYTE *pbData,
DWORD *pdwDataLen, __inout DWORD *pdwDataLen,
DWORD dwFlags __in DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGenRandom( CryptGenRandom(
HCRYPTPROV hProv, __in HCRYPTPROV hProv,
DWORD dwLen, __in DWORD dwLen,
BYTE *pbBuffer __inout_bcount(dwLen) BYTE *pbBuffer
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetUserKey( CryptGetUserKey(
HCRYPTPROV hProv, __in HCRYPTPROV hProv,
DWORD dwKeySpec, __in DWORD dwKeySpec,
HCRYPTKEY *phUserKey __out HCRYPTKEY *phUserKey
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptExportKey( CryptExportKey(
HCRYPTKEY hKey, __in HCRYPTKEY hKey,
HCRYPTKEY hExpKey, __in HCRYPTKEY hExpKey,
DWORD dwBlobType, __in DWORD dwBlobType,
DWORD dwFlags, __in DWORD dwFlags,
BYTE *pbData, __out_bcount_part_opt(*pdwDataLen, *pdwDataLen) BYTE *pbData,
DWORD *pdwDataLen __inout DWORD *pdwDataLen
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptImportKey( CryptImportKey(
HCRYPTPROV hProv, __in HCRYPTPROV hProv,
CONST BYTE *pbData, __in_bcount(dwDataLen) CONST BYTE *pbData,
DWORD dwDataLen, __in DWORD dwDataLen,
HCRYPTKEY hPubKey, __in HCRYPTKEY hPubKey,
DWORD dwFlags, __in DWORD dwFlags,
HCRYPTKEY *phKey __out HCRYPTKEY *phKey
); );
WINADVAPI WINADVAPI
BOOL __success(0 < return) BOOL
WINAPI WINAPI
CryptEncrypt( CryptEncrypt(
HCRYPTKEY hKey, __in HCRYPTKEY hKey,
HCRYPTHASH hHash, __in HCRYPTHASH hHash,
BOOL Final, __in BOOL Final,
DWORD dwFlags, __in DWORD dwFlags,
BYTE *pbData, __inout_bcount_part(dwBufLen, *pdwDataLen) BYTE *pbData,
DWORD *pdwDataLen, __out DWORD *pdwDataLen,
DWORD dwBufLen __in DWORD dwBufLen
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDecrypt( CryptDecrypt(
HCRYPTKEY hKey, __in HCRYPTKEY hKey,
HCRYPTHASH hHash, __in HCRYPTHASH hHash,
BOOL Final, __in BOOL Final,
DWORD dwFlags, __in DWORD dwFlags,
BYTE *pbData, __inout_bcount_part(*pdwDataLen, *pdwDataLen) BYTE *pbData,
DWORD *pdwDataLen __deref_inout DWORD *pdwDataLen
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptCreateHash( CryptCreateHash(
HCRYPTPROV hProv, __in HCRYPTPROV hProv,
ALG_ID Algid, __in ALG_ID Algid,
HCRYPTKEY hKey, __in HCRYPTKEY hKey,
DWORD dwFlags, __in DWORD dwFlags,
HCRYPTHASH *phHash __out HCRYPTHASH *phHash
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptHashData( CryptHashData(
HCRYPTHASH hHash, __in HCRYPTHASH hHash,
CONST BYTE *pbData, __in_bcount(dwDataLen) CONST BYTE *pbData,
DWORD dwDataLen, __in DWORD dwDataLen,
DWORD dwFlags __in DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptHashSessionKey( CryptHashSessionKey(
HCRYPTHASH hHash, __in HCRYPTHASH hHash,
HCRYPTKEY hKey, __in HCRYPTKEY hKey,
DWORD dwFlags __in DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDestroyHash( CryptDestroyHash(
HCRYPTHASH hHash __in HCRYPTHASH hHash
); );
#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI
BOOL
WINAPI
CryptSignHashA(
__in HCRYPTHASH hHash,
__in DWORD dwKeySpec,
__in LPCSTR szDescription,
__in DWORD dwFlags,
__out_bcount_part_opt(*pdwSigLen, *pdwSigLen) BYTE *pbSignature,
__inout DWORD *pdwSigLen
);
WINADVAPI
BOOL
WINAPI
CryptSignHashW(
__in HCRYPTHASH hHash,
__in DWORD dwKeySpec,
__in LPCWSTR szDescription,
__in DWORD dwFlags,
__out_bcount_part_opt(*pdwSigLen, *pdwSigLen) BYTE *pbSignature,
__inout DWORD *pdwSigLen
);
#ifdef UNICODE
#define CryptSignHash CryptSignHashW
#else
#define CryptSignHash CryptSignHashA
#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSignHashA( CryptSignHashA(
HCRYPTHASH hHash, HCRYPTHASH hHash,
DWORD dwKeySpec, DWORD dwKeySpec,
LPCSTR szDescription, LPCSTR szDescription,
DWORD dwFlags, DWORD dwFlags,
BYTE *pbSignature, BYTE *pbSignature,
DWORD *pdwSigLen DWORD *pdwSigLen
skipping to change at line 1100 skipping to change at line 1393
BOOL BOOL
WINAPI WINAPI
CryptSignHashW( CryptSignHashW(
HCRYPTHASH hHash, HCRYPTHASH hHash,
DWORD dwKeySpec, DWORD dwKeySpec,
LPCWSTR szDescription, LPCWSTR szDescription,
DWORD dwFlags, DWORD dwFlags,
BYTE *pbSignature, BYTE *pbSignature,
DWORD *pdwSigLen DWORD *pdwSigLen
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI
BOOL
WINAPI
CryptSignHashA(
HCRYPTHASH hHash,
DWORD dwKeySpec,
LPCSTR sDescription,
DWORD dwFlags,
BYTE *pbSignature,
DWORD *pdwSigLen
);
WINADVAPI
BOOL
WINAPI
CryptSignHashW(
HCRYPTHASH hHash,
DWORD dwKeySpec,
LPCWSTR sDescription,
DWORD dwFlags,
BYTE *pbSignature,
DWORD *pdwSigLen
);
#endif //(NTDDI_VERSION < NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINLH)
#ifdef UNICODE #ifdef UNICODE
#define CryptSignHash CryptSignHashW #define CryptSignHash CryptSignHashW
#else #else
#define CryptSignHash CryptSignHashA #define CryptSignHash CryptSignHashA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI
BOOL
WINAPI
CryptVerifySignatureA(
__in HCRYPTHASH hHash,
__in_bcount(dwSigLen) CONST BYTE *pbSignature,
__in DWORD dwSigLen,
__in HCRYPTKEY hPubKey,
__in LPCSTR szDescription,
__in DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptVerifySignatureW(
__in HCRYPTHASH hHash,
__in_bcount(dwSigLen) CONST BYTE *pbSignature,
__in DWORD dwSigLen,
__in HCRYPTKEY hPubKey,
__in LPCWSTR szDescription,
__in DWORD dwFlags
);
#ifdef UNICODE
#define CryptVerifySignature CryptVerifySignatureW
#else
#define CryptVerifySignature CryptVerifySignatureA
#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptVerifySignatureA( CryptVerifySignatureA(
HCRYPTHASH hHash, HCRYPTHASH hHash,
CONST BYTE *pbSignature, CONST BYTE *pbSignature,
DWORD dwSigLen, DWORD dwSigLen,
HCRYPTKEY hPubKey, HCRYPTKEY hPubKey,
LPCSTR szDescription, LPCSTR szDescription,
DWORD dwFlags DWORD dwFlags
skipping to change at line 1128 skipping to change at line 1481
BOOL BOOL
WINAPI WINAPI
CryptVerifySignatureW( CryptVerifySignatureW(
HCRYPTHASH hHash, HCRYPTHASH hHash,
CONST BYTE *pbSignature, CONST BYTE *pbSignature,
DWORD dwSigLen, DWORD dwSigLen,
HCRYPTKEY hPubKey, HCRYPTKEY hPubKey,
LPCWSTR szDescription, LPCWSTR szDescription,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI
BOOL
WINAPI
CryptVerifySignatureA(
HCRYPTHASH hHash,
CONST BYTE *pbSignature,
DWORD dwSigLen,
HCRYPTKEY hPubKey,
LPCSTR sDescription,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptVerifySignatureW(
HCRYPTHASH hHash,
CONST BYTE *pbSignature,
DWORD dwSigLen,
HCRYPTKEY hPubKey,
LPCWSTR sDescription,
DWORD dwFlags
);
#endif //(NTDDI_VERSION < NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINLH)
#ifdef UNICODE #ifdef UNICODE
#define CryptVerifySignature CryptVerifySignatureW #define CryptVerifySignature CryptVerifySignatureW
#else #else
#define CryptVerifySignature CryptVerifySignatureA #define CryptVerifySignature CryptVerifySignatureA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI
BOOL
WINAPI
CryptSetProviderA(
__in LPCSTR pszProvName,
__in DWORD dwProvType
);
WINADVAPI
BOOL
WINAPI
CryptSetProviderW(
__in LPCWSTR pszProvName,
__in DWORD dwProvType
);
#ifdef UNICODE
#define CryptSetProvider CryptSetProviderW
#else
#define CryptSetProvider CryptSetProviderA
#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProviderA( CryptSetProviderA(
LPCSTR pszProvName, LPCSTR pszProvName,
DWORD dwProvType DWORD dwProvType
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProviderW( CryptSetProviderW(
LPCWSTR pszProvName, LPCWSTR pszProvName,
DWORD dwProvType DWORD dwProvType
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptSetProvider CryptSetProviderW #define CryptSetProvider CryptSetProviderW
#else #else
#define CryptSetProvider CryptSetProviderA #define CryptSetProvider CryptSetProviderA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI
BOOL
WINAPI
CryptSetProviderExA(
__in LPCSTR pszProvName,
__in DWORD dwProvType,
__reserved DWORD *pdwReserved,
__in DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptSetProviderExW(
__in LPCWSTR pszProvName,
__in DWORD dwProvType,
__reserved DWORD *pdwReserved,
__in DWORD dwFlags
);
#ifdef UNICODE
#define CryptSetProviderEx CryptSetProviderExW
#else
#define CryptSetProviderEx CryptSetProviderExA
#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProviderExA( CryptSetProviderExA(
LPCSTR pszProvName, LPCSTR pszProvName,
DWORD dwProvType, DWORD dwProvType,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags DWORD dwFlags
); );
WINADVAPI WINADVAPI
skipping to change at line 1177 skipping to change at line 1610
LPCWSTR pszProvName, LPCWSTR pszProvName,
DWORD dwProvType, DWORD dwProvType,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags DWORD dwFlags
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptSetProviderEx CryptSetProviderExW #define CryptSetProviderEx CryptSetProviderExW
#else #else
#define CryptSetProviderEx CryptSetProviderExA #define CryptSetProviderEx CryptSetProviderExA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI
BOOL
WINAPI
CryptGetDefaultProviderA(
__in DWORD dwProvType,
__reserved DWORD *pdwReserved,
__in DWORD dwFlags,
__out_bcount_part(*pcbProvName, *pcbProvName) LPSTR pszProvName,
__out DWORD *pcbProvName
);
WINADVAPI
BOOL
WINAPI
CryptGetDefaultProviderW(
__in DWORD dwProvType,
__reserved DWORD *pdwReserved,
__in DWORD dwFlags,
__out_bcount_part(*pcbProvName, *pcbProvName) LPWSTR pszProvName,
__out DWORD *pcbProvName
);
#ifdef UNICODE
#define CryptGetDefaultProvider CryptGetDefaultProviderW
#else
#define CryptGetDefaultProvider CryptGetDefaultProviderA
#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetDefaultProviderA( CryptGetDefaultProviderA(
DWORD dwProvType, DWORD dwProvType,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
LPSTR pszProvName, LPSTR pszProvName,
DWORD *pcbProvName DWORD *pcbProvName
); );
skipping to change at line 1203 skipping to change at line 1666
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
LPWSTR pszProvName, LPWSTR pszProvName,
DWORD *pcbProvName DWORD *pcbProvName
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptGetDefaultProvider CryptGetDefaultProviderW #define CryptGetDefaultProvider CryptGetDefaultProviderW
#else #else
#define CryptGetDefaultProvider CryptGetDefaultProviderA #define CryptGetDefaultProvider CryptGetDefaultProviderA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI
BOOL
WINAPI
CryptEnumProviderTypesA(
__in DWORD dwIndex,
__reserved DWORD *pdwReserved,
__in DWORD dwFlags,
__out DWORD *pdwProvType,
__out_bcount_part(*pcbTypeName, *pcbTypeName) LPSTR szTypeName,
__out DWORD *pcbTypeName
);
WINADVAPI
BOOL
WINAPI
CryptEnumProviderTypesW(
__in DWORD dwIndex,
__reserved DWORD *pdwReserved,
__in DWORD dwFlags,
__out DWORD *pdwProvType,
__out_bcount_part(*pcbTypeName, *pcbTypeName) LPWSTR szTypeName,
__out DWORD *pcbTypeName
);
#ifdef UNICODE
#define CryptEnumProviderTypes CryptEnumProviderTypesW
#else
#define CryptEnumProviderTypes CryptEnumProviderTypesA
#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptEnumProviderTypesA( CryptEnumProviderTypesA(
DWORD dwIndex, DWORD dwIndex,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD *pdwProvType, DWORD *pdwProvType,
LPSTR szTypeName, LPSTR szTypeName,
DWORD *pcbTypeName DWORD *pcbTypeName
skipping to change at line 1226 skipping to change at line 1721
BOOL BOOL
WINAPI WINAPI
CryptEnumProviderTypesW( CryptEnumProviderTypesW(
DWORD dwIndex, DWORD dwIndex,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD *pdwProvType, DWORD *pdwProvType,
LPWSTR szTypeName, LPWSTR szTypeName,
DWORD *pcbTypeName DWORD *pcbTypeName
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI
BOOL
WINAPI
CryptEnumProviderTypesA(
DWORD dwIndex,
DWORD * pdwReserved,
DWORD dwFlags,
DWORD * pdwProvType,
LPSTR pszTypeName,
DWORD * pcbTypeName
);
WINADVAPI
BOOL
WINAPI
CryptEnumProviderTypesW(
DWORD dwIndex,
DWORD * pdwReserved,
DWORD dwFlags,
DWORD * pdwProvType,
LPWSTR pszTypeName,
DWORD * pcbTypeName
);
#endif //(NTDDI_VERSION < NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINLH)
#ifdef UNICODE #ifdef UNICODE
#define CryptEnumProviderTypes CryptEnumProviderTypesW #define CryptEnumProviderTypes CryptEnumProviderTypesW
#else #else
#define CryptEnumProviderTypes CryptEnumProviderTypesA #define CryptEnumProviderTypes CryptEnumProviderTypesA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI
BOOL
WINAPI
CryptEnumProvidersA(
__in DWORD dwIndex,
__reserved DWORD *pdwReserved,
__in DWORD dwFlags,
__out DWORD *pdwProvType,
__out_ecount_part_opt(*pcbProvName, *pcbProvName+1) LPSTR szProvName,
__inout DWORD *pcbProvName
);
WINADVAPI
BOOL
WINAPI
CryptEnumProvidersW(
__in DWORD dwIndex,
__reserved DWORD *pdwReserved,
__in DWORD dwFlags,
__out DWORD *pdwProvType,
__out_ecount_part_opt(*pcbProvName, *pcbProvName+1) LPWSTR szProvName,
__inout DWORD *pcbProvName
);
#ifdef UNICODE
#define CryptEnumProviders CryptEnumProvidersW
#else
#define CryptEnumProviders CryptEnumProvidersA
#endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptEnumProvidersA( CryptEnumProvidersA(
DWORD dwIndex, DWORD dwIndex,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD *pdwProvType, DWORD *pdwProvType,
LPSTR szProvName, LPSTR szProvName,
DWORD *pcbProvName DWORD *pcbProvName
skipping to change at line 1254 skipping to change at line 1809
BOOL BOOL
WINAPI WINAPI
CryptEnumProvidersW( CryptEnumProvidersW(
DWORD dwIndex, DWORD dwIndex,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD *pdwProvType, DWORD *pdwProvType,
LPWSTR szProvName, LPWSTR szProvName,
DWORD *pcbProvName DWORD *pcbProvName
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI
BOOL
WINAPI
CryptEnumProvidersA(
DWORD dwIndex,
DWORD * pdwReserved,
DWORD dwFlags,
DWORD * pdwProvType,
LPSTR pszProvName,
DWORD * pcbProvName
);
WINADVAPI
BOOL
WINAPI
CryptEnumProvidersW(
DWORD dwIndex,
DWORD * pdwReserved,
DWORD dwFlags,
DWORD * pdwProvType,
LPWSTR pszProvName,
DWORD * pcbProvName
);
#endif //(NTDDI_VERSION < NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINLH)
#ifdef UNICODE #ifdef UNICODE
#define CryptEnumProviders CryptEnumProvidersW #define CryptEnumProviders CryptEnumProvidersW
#else #else
#define CryptEnumProviders CryptEnumProvidersA #define CryptEnumProviders CryptEnumProvidersA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptContextAddRef( CryptContextAddRef(
HCRYPTPROV hProv, __in HCRYPTPROV hProv,
DWORD *pdwReserved, __reserved DWORD *pdwReserved,
DWORD dwFlags __in DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDuplicateKey( CryptDuplicateKey(
HCRYPTKEY hKey, __in HCRYPTKEY hKey,
DWORD *pdwReserved, __reserved DWORD *pdwReserved,
DWORD dwFlags, __in DWORD dwFlags,
HCRYPTKEY *phKey __out HCRYPTKEY *phKey
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDuplicateHash( CryptDuplicateHash(
HCRYPTHASH hHash, __in HCRYPTHASH hHash,
DWORD *pdwReserved, __reserved DWORD *pdwReserved,
DWORD dwFlags, __in DWORD dwFlags,
HCRYPTHASH *phHash __out HCRYPTHASH *phHash
); );
#if (NTDDI_VERSION >= NTDDI_WS03)
// //
// This function is provided in Microsoft Windows 2000 as a means of // This function is provided in Microsoft Windows 2000 as a means of
// installing the 128-bit encryption provider. This function is unavailable // installing the 128-bit encryption provider. This function is unavailable
// in Microsoft Windows XP, because Windows XP ships with the 128-bit // in Microsoft Windows XP, because Windows XP ships with the 128-bit
// encryption provider. // encryption provider.
// //
BOOL BOOL
__cdecl __cdecl
GetEncSChannel( GetEncSChannel(
BYTE **pData, BYTE **pData,
DWORD *dwDecSize DWORD *dwDecSize
); );
#endif //(NTDDI_VERSION >= NTDDI_WS03)
#if (NTDDI_VERSION == NTDDI_WINXP)
typedef struct {
DWORD dwVersion;
ALG_ID algId;
DWORD dwMinKeyLength;
DWORD dwMaxKeyLength;
DWORD dwRequiredFlags;
DWORD dwDisallowedFlags;
} _CRYPT_KEY_LIMITS_V01;
typedef _CRYPT_KEY_LIMITS_V01 CRYPT_KEY_LIMITS, *PCRYPT_KEY_LIMITS;
// Request Flag definitions
#define CRYPTLIMIT_USING_PCT 0x0001
#define CRYPTLIMIT_USING_SGC 0x0002
WINADVAPI
BOOL
WINAPI
CryptGetLocalKeyLimits(
IN ALG_ID algId,
IN DWORD dwFlags,
OUT PCRYPT_KEY_LIMITS pLimits,
IN OUT LPDWORD cbLimitLength);
#endif //(NTDDI_VERSION = NTDDI_WINXP)
#if !defined(_DDK_DRIVER_)
// In Longhorn, the following APIs were updated to support the new
// CNG (Cryptography Next Generation) BCrypt* and NCrypt* APIs in addition
// to the above CAPI1 APIs.
// Include the definitions for the CNG APIs
#include <bcrypt.h>
#include <ncrypt.h>
// This type is used when the API can take either the CAPI1 HCRYPTPROV or
// the CNG NCRYPT_KEY_HANDLE. Where appropriate, the HCRYPTPROV will be
// converted to a NCRYPT_KEY_HANDLE via the CNG NCryptTranslateHandle().
typedef ULONG_PTR HCRYPTPROV_OR_NCRYPT_KEY_HANDLE;
// This type is used where the HCRYPTPROV parameter is no longer used.
// The caller should always pass in NULL.
typedef ULONG_PTR HCRYPTPROV_LEGACY;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// In a CRYPT_BIT_BLOB the last byte may contain 0-7 unused bits. Therefore, th e // In a CRYPT_BIT_BLOB the last byte may contain 0-7 unused bits. Therefore, th e
// overall bit length is cbData * 8 - cUnusedBits. // overall bit length is cbData * 8 - cUnusedBits.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT
typedef struct _CRYPT_BIT_BLOB { typedef struct _CRYPT_BIT_BLOB {
DWORD cbData; DWORD cbData;
BYTE *pbData; BYTE *pbData;
DWORD cUnusedBits; DWORD cUnusedBits;
} CRYPT_BIT_BLOB, *PCRYPT_BIT_BLOB; } CRYPT_BIT_BLOB, *PCRYPT_BIT_BLOB;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Type used for any algorithm // Type used for any algorithm
// //
// Where the Parameters CRYPT_OBJID_BLOB is in its encoded representation. For most // Where the Parameters CRYPT_OBJID_BLOB is in its encoded representation. For most
// algorithm types, the Parameters CRYPT_OBJID_BLOB is NULL (Parameters.cbData = 0). // algorithm types, the Parameters CRYPT_OBJID_BLOB is NULL (Parameters.cbData = 0).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_ALGORITHM_IDENTIFIER { typedef struct _CRYPT_ALGORITHM_IDENTIFIER {
LPSTR pszObjId; LPSTR pszObjId;
CRYPT_OBJID_BLOB Parameters; CRYPT_OBJID_BLOB Parameters;
} CRYPT_ALGORITHM_IDENTIFIER, *PCRYPT_ALGORITHM_IDENTIFIER; } CRYPT_ALGORITHM_IDENTIFIER, *PCRYPT_ALGORITHM_IDENTIFIER;
// certenrolls_end
// Following are the definitions of various algorithm object identifiers // Following are the definitions of various algorithm object identifiers
// RSA // RSA
#define szOID_RSA "1.2.840.113549" #define szOID_RSA "1.2.840.113549"
#define szOID_PKCS "1.2.840.113549.1" #define szOID_PKCS "1.2.840.113549.1"
#define szOID_RSA_HASH "1.2.840.113549.2" #define szOID_RSA_HASH "1.2.840.113549.2"
#define szOID_RSA_ENCRYPT "1.2.840.113549.3" #define szOID_RSA_ENCRYPT "1.2.840.113549.3"
#define szOID_PKCS_1 "1.2.840.113549.1.1" #define szOID_PKCS_1 "1.2.840.113549.1.1"
#define szOID_PKCS_2 "1.2.840.113549.1.2" #define szOID_PKCS_2 "1.2.840.113549.1.2"
skipping to change at line 1349 skipping to change at line 1981
#define szOID_PKCS_10 "1.2.840.113549.1.10" #define szOID_PKCS_10 "1.2.840.113549.1.10"
#define szOID_PKCS_12 "1.2.840.113549.1.12" #define szOID_PKCS_12 "1.2.840.113549.1.12"
#define szOID_RSA_RSA "1.2.840.113549.1.1.1" #define szOID_RSA_RSA "1.2.840.113549.1.1.1"
#define szOID_RSA_MD2RSA "1.2.840.113549.1.1.2" #define szOID_RSA_MD2RSA "1.2.840.113549.1.1.2"
#define szOID_RSA_MD4RSA "1.2.840.113549.1.1.3" #define szOID_RSA_MD4RSA "1.2.840.113549.1.1.3"
#define szOID_RSA_MD5RSA "1.2.840.113549.1.1.4" #define szOID_RSA_MD5RSA "1.2.840.113549.1.1.4"
#define szOID_RSA_SHA1RSA "1.2.840.113549.1.1.5" #define szOID_RSA_SHA1RSA "1.2.840.113549.1.1.5"
#define szOID_RSA_SETOAEP_RSA "1.2.840.113549.1.1.6" #define szOID_RSA_SETOAEP_RSA "1.2.840.113549.1.1.6"
#define szOID_RSAES_OAEP "1.2.840.113549.1.1.7"
#define szOID_RSA_MGF1 "1.2.840.113549.1.1.8"
#define szOID_RSA_PSPECIFIED "1.2.840.113549.1.1.9"
#define szOID_RSA_SSA_PSS "1.2.840.113549.1.1.10"
#define szOID_RSA_SHA256RSA "1.2.840.113549.1.1.11"
#define szOID_RSA_SHA384RSA "1.2.840.113549.1.1.12"
#define szOID_RSA_SHA512RSA "1.2.840.113549.1.1.13"
#define szOID_RSA_DH "1.2.840.113549.1.3.1" #define szOID_RSA_DH "1.2.840.113549.1.3.1"
#define szOID_RSA_data "1.2.840.113549.1.7.1" #define szOID_RSA_data "1.2.840.113549.1.7.1"
#define szOID_RSA_signedData "1.2.840.113549.1.7.2" #define szOID_RSA_signedData "1.2.840.113549.1.7.2"
#define szOID_RSA_envelopedData "1.2.840.113549.1.7.3" #define szOID_RSA_envelopedData "1.2.840.113549.1.7.3"
#define szOID_RSA_signEnvData "1.2.840.113549.1.7.4" #define szOID_RSA_signEnvData "1.2.840.113549.1.7.4"
#define szOID_RSA_digestedData "1.2.840.113549.1.7.5" #define szOID_RSA_digestedData "1.2.840.113549.1.7.5"
#define szOID_RSA_hashedData "1.2.840.113549.1.7.5" #define szOID_RSA_hashedData "1.2.840.113549.1.7.5"
#define szOID_RSA_encryptedData "1.2.840.113549.1.7.6" #define szOID_RSA_encryptedData "1.2.840.113549.1.7.6"
skipping to change at line 1393 skipping to change at line 2033
#define szOID_RSA_DES_EDE3_CBC "1.2.840.113549.3.7" #define szOID_RSA_DES_EDE3_CBC "1.2.840.113549.3.7"
#define szOID_RSA_RC5_CBCPad "1.2.840.113549.3.9" #define szOID_RSA_RC5_CBCPad "1.2.840.113549.3.9"
#define szOID_ANSI_X942 "1.2.840.10046" #define szOID_ANSI_X942 "1.2.840.10046"
#define szOID_ANSI_X942_DH "1.2.840.10046.2.1" #define szOID_ANSI_X942_DH "1.2.840.10046.2.1"
#define szOID_X957 "1.2.840.10040" #define szOID_X957 "1.2.840.10040"
#define szOID_X957_DSA "1.2.840.10040.4.1" #define szOID_X957_DSA "1.2.840.10040.4.1"
#define szOID_X957_SHA1DSA "1.2.840.10040.4.3" #define szOID_X957_SHA1DSA "1.2.840.10040.4.3"
// iso(1) member-body(2) us(840) 10045 keyType(2) unrestricted(1)
#define szOID_ECC_PUBLIC_KEY "1.2.840.10045.2.1"
// iso(1) member-body(2) us(840) 10045 curves(3) prime(1) 7
#define szOID_ECC_CURVE_P256 "1.2.840.10045.3.1.7"
// iso(1) identified-organization(3) certicom(132) curve(0) 34
#define szOID_ECC_CURVE_P384 "1.3.132.0.34"
// iso(1) identified-organization(3) certicom(132) curve(0) 35
#define szOID_ECC_CURVE_P521 "1.3.132.0.35"
// iso(1) member-body(2) us(840) 10045 signatures(4) sha1(1)
#define szOID_ECDSA_SHA1 "1.2.840.10045.4.1"
// iso(1) member-body(2) us(840) 10045 signatures(4) specified(3)
#define szOID_ECDSA_SPECIFIED "1.2.840.10045.4.3"
// iso(1) member-body(2) us(840) 10045 signatures(4) specified(3) 2
#define szOID_ECDSA_SHA256 "1.2.840.10045.4.3.2"
// iso(1) member-body(2) us(840) 10045 signatures(4) specified(3) 3
#define szOID_ECDSA_SHA384 "1.2.840.10045.4.3.3"
// iso(1) member-body(2) us(840) 10045 signatures(4) specified(3) 4
#define szOID_ECDSA_SHA512 "1.2.840.10045.4.3.4"
// NIST AES CBC Algorithms
// joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistA
lgorithms(4) aesAlgs(1) }
#define szOID_NIST_AES128_CBC "2.16.840.1.101.3.4.1.2"
#define szOID_NIST_AES192_CBC "2.16.840.1.101.3.4.1.22"
#define szOID_NIST_AES256_CBC "2.16.840.1.101.3.4.1.42"
// For the above Algorithms, the AlgorithmIdentifier parameters must be
// present and the parameters field MUST contain an AES-IV:
//
// AES-IV ::= OCTET STRING (SIZE(16))
// NIST AES WRAP Algorithms
#define szOID_NIST_AES128_WRAP "2.16.840.1.101.3.4.1.5"
#define szOID_NIST_AES192_WRAP "2.16.840.1.101.3.4.1.25"
#define szOID_NIST_AES256_WRAP "2.16.840.1.101.3.4.1.45"
// x9-63-scheme OBJECT IDENTIFIER ::= { iso(1)
// identified-organization(3) tc68(133) country(16) x9(840)
// x9-63(63) schemes(0) }
// ECDH single pass ephemeral-static KeyAgreement KeyEncryptionAlgorithm
#define szOID_DH_SINGLE_PASS_STDDH_SHA1_KDF "1.3.133.16.840.63.0.2"
// For the above KeyEncryptionAlgorithm the following wrap algorithms are
// supported:
// szOID_RSA_SMIMEalgCMS3DESwrap
// szOID_RSA_SMIMEalgCMSRC2wrap
// szOID_NIST_AES128_WRAP
// szOID_NIST_AES192_WRAP
// szOID_NIST_AES256_WRAP
// ITU-T UsefulDefinitions // ITU-T UsefulDefinitions
#define szOID_DS "2.5" #define szOID_DS "2.5"
#define szOID_DSALG "2.5.8" #define szOID_DSALG "2.5.8"
#define szOID_DSALG_CRPT "2.5.8.1" #define szOID_DSALG_CRPT "2.5.8.1"
#define szOID_DSALG_HASH "2.5.8.2" #define szOID_DSALG_HASH "2.5.8.2"
#define szOID_DSALG_SIGN "2.5.8.3" #define szOID_DSALG_SIGN "2.5.8.3"
#define szOID_DSALG_RSA "2.5.8.1.1" #define szOID_DSALG_RSA "2.5.8.1.1"
// NIST OSE Implementors' Workshop (OIW) // NIST OSE Implementors' Workshop (OIW)
// http://nemo.ncsl.nist.gov/oiw/agreements/stable/OSI/12s_9506.w51 // http://nemo.ncsl.nist.gov/oiw/agreements/stable/OSI/12s_9506.w51
// http://nemo.ncsl.nist.gov/oiw/agreements/working/OSI/12w_9503.w51 // http://nemo.ncsl.nist.gov/oiw/agreements/working/OSI/12w_9503.w51
skipping to change at line 1466 skipping to change at line 2165
#define szOID_INFOSEC_SuiteASignature "2.16.840.1.101.2.1.1.13" #define szOID_INFOSEC_SuiteASignature "2.16.840.1.101.2.1.1.13"
#define szOID_INFOSEC_SuiteAConfidentiality "2.16.840.1.101.2.1.1.14" #define szOID_INFOSEC_SuiteAConfidentiality "2.16.840.1.101.2.1.1.14"
#define szOID_INFOSEC_SuiteAIntegrity "2.16.840.1.101.2.1.1.15" #define szOID_INFOSEC_SuiteAIntegrity "2.16.840.1.101.2.1.1.15"
#define szOID_INFOSEC_SuiteATokenProtection "2.16.840.1.101.2.1.1.16" #define szOID_INFOSEC_SuiteATokenProtection "2.16.840.1.101.2.1.1.16"
#define szOID_INFOSEC_SuiteAKeyManagement "2.16.840.1.101.2.1.1.17" #define szOID_INFOSEC_SuiteAKeyManagement "2.16.840.1.101.2.1.1.17"
#define szOID_INFOSEC_SuiteAKMandSig "2.16.840.1.101.2.1.1.18" #define szOID_INFOSEC_SuiteAKMandSig "2.16.840.1.101.2.1.1.18"
#define szOID_INFOSEC_mosaicUpdatedSig "2.16.840.1.101.2.1.1.19" #define szOID_INFOSEC_mosaicUpdatedSig "2.16.840.1.101.2.1.1.19"
#define szOID_INFOSEC_mosaicKMandUpdSig "2.16.840.1.101.2.1.1.20" #define szOID_INFOSEC_mosaicKMandUpdSig "2.16.840.1.101.2.1.1.20"
#define szOID_INFOSEC_mosaicUpdatedInteg "2.16.840.1.101.2.1.1.21" #define szOID_INFOSEC_mosaicUpdatedInteg "2.16.840.1.101.2.1.1.21"
// NIST Hash Algorithms
// joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nista
lgorithm(4) hashalgs(2)
#define szOID_NIST_sha256 "2.16.840.1.101.3.4.2.1"
#define szOID_NIST_sha384 "2.16.840.1.101.3.4.2.2"
#define szOID_NIST_sha512 "2.16.840.1.101.3.4.2.3"
typedef struct _CRYPT_OBJID_TABLE { typedef struct _CRYPT_OBJID_TABLE {
DWORD dwAlgId; DWORD dwAlgId;
LPCSTR pszObjId; LPCSTR pszObjId;
} CRYPT_OBJID_TABLE, *PCRYPT_OBJID_TABLE; } CRYPT_OBJID_TABLE, *PCRYPT_OBJID_TABLE;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PKCS #1 HashInfo (DigestInfo) // PKCS #1 HashInfo (DigestInfo)
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_HASH_INFO { typedef struct _CRYPT_HASH_INFO {
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_HASH_BLOB Hash; CRYPT_HASH_BLOB Hash;
} CRYPT_HASH_INFO, *PCRYPT_HASH_INFO; } CRYPT_HASH_INFO, *PCRYPT_HASH_INFO;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Type used for an extension to an encoded content // Type used for an extension to an encoded content
// //
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation. // Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT
typedef struct _CERT_EXTENSION { typedef struct _CERT_EXTENSION {
LPSTR pszObjId; LPSTR pszObjId;
BOOL fCritical; BOOL fCritical;
CRYPT_OBJID_BLOB Value; CRYPT_OBJID_BLOB Value;
} CERT_EXTENSION, *PCERT_EXTENSION; } CERT_EXTENSION, *PCERT_EXTENSION;
// certenrolls_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// AttributeTypeValue // AttributeTypeValue
// //
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation. // Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CRYPT_ATTRIBUTE_TYPE_VALUE
typedef struct _CRYPT_ATTRIBUTE_TYPE_VALUE { typedef struct _CRYPT_ATTRIBUTE_TYPE_VALUE {
LPSTR pszObjId; LPSTR pszObjId;
CRYPT_OBJID_BLOB Value; CRYPT_OBJID_BLOB Value;
} CRYPT_ATTRIBUTE_TYPE_VALUE, *PCRYPT_ATTRIBUTE_TYPE_VALUE; } CRYPT_ATTRIBUTE_TYPE_VALUE, *PCRYPT_ATTRIBUTE_TYPE_VALUE;
// certenrolls_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Attributes // Attributes
// //
// Where the Value's PATTR_BLOBs are in their encoded representation. // Where the Value's PATTR_BLOBs are in their encoded representation.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CRYPT_ATTRIBUTE
typedef struct _CRYPT_ATTRIBUTE { typedef struct _CRYPT_ATTRIBUTE {
LPSTR pszObjId; LPSTR pszObjId;
DWORD cValue; DWORD cValue;
PCRYPT_ATTR_BLOB rgValue; PCRYPT_ATTR_BLOB rgValue;
} CRYPT_ATTRIBUTE, *PCRYPT_ATTRIBUTE; } CRYPT_ATTRIBUTE, *PCRYPT_ATTRIBUTE;
typedef struct _CRYPT_ATTRIBUTES { typedef struct _CRYPT_ATTRIBUTES {
IN DWORD cAttr; DWORD cAttr;
IN PCRYPT_ATTRIBUTE rgAttr; PCRYPT_ATTRIBUTE rgAttr;
} CRYPT_ATTRIBUTES, *PCRYPT_ATTRIBUTES; } CRYPT_ATTRIBUTES, *PCRYPT_ATTRIBUTES;
// certenrolls_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Attributes making up a Relative Distinguished Name (CERT_RDN) // Attributes making up a Relative Distinguished Name (CERT_RDN)
// //
// The interpretation of the Value depends on the dwValueType. // The interpretation of the Value depends on the dwValueType.
// See below for a list of the types. // See below for a list of the types.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_RDN_ATTR { typedef struct _CERT_RDN_ATTR {
LPSTR pszObjId; LPSTR pszObjId;
DWORD dwValueType; DWORD dwValueType;
skipping to change at line 1608 skipping to change at line 2320
// the information has been added. // the information has been added.
#define szOID_DN_QUALIFIER "2.5.4.46" #define szOID_DN_QUALIFIER "2.5.4.46"
// Pilot user attribute types: // Pilot user attribute types:
#define szOID_DOMAIN_COMPONENT "0.9.2342.19200300.100.1.25" // IA5, UTF8 string #define szOID_DOMAIN_COMPONENT "0.9.2342.19200300.100.1.25" // IA5, UTF8 string
// used for PKCS 12 attributes // used for PKCS 12 attributes
#define szOID_PKCS_12_FRIENDLY_NAME_ATTR "1.2.840.113549.1.9.20" #define szOID_PKCS_12_FRIENDLY_NAME_ATTR "1.2.840.113549.1.9.20"
#define szOID_PKCS_12_LOCAL_KEY_ID "1.2.840.113549.1.9.21" #define szOID_PKCS_12_LOCAL_KEY_ID "1.2.840.113549.1.9.21"
#define szOID_PKCS_12_KEY_PROVIDER_NAME_ATTR "1.3.6.1.4.1.311.17.1" #define szOID_PKCS_12_KEY_PROVIDER_NAME_ATTR "1.3.6.1.4.1.311.17.1"
#define szOID_LOCAL_MACHINE_KEYSET "1.3.6.1.4.1.311.17.2" #define szOID_LOCAL_MACHINE_KEYSET "1.3.6.1.4.1.311.17.2"
#define szOID_PKCS_12_EXTENDED_ATTRIBUTES "1.3.6.1.4.1.311.17.3"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Microsoft CERT_RDN attribute Object Identifiers // Microsoft CERT_RDN attribute Object Identifiers
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Special RDN containing the KEY_ID. Its value type is CERT_RDN_OCTET_STRING. // Special RDN containing the KEY_ID. Its value type is CERT_RDN_OCTET_STRING.
#define szOID_KEYID_RDN "1.3.6.1.4.1.311.10.7.1" #define szOID_KEYID_RDN "1.3.6.1.4.1.311.10.7.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_RDN Attribute Value Types // CERT_RDN Attribute Value Types
// //
skipping to change at line 1720 skipping to change at line 2433
DWORD dwValueType; DWORD dwValueType;
CERT_RDN_VALUE_BLOB Value; CERT_RDN_VALUE_BLOB Value;
} CERT_NAME_VALUE, *PCERT_NAME_VALUE; } CERT_NAME_VALUE, *PCERT_NAME_VALUE;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Public Key Info // Public Key Info
// //
// The PublicKey is the encoded representation of the information as it is // The PublicKey is the encoded representation of the information as it is
// stored in the bit string // stored in the bit string
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT
typedef struct _CERT_PUBLIC_KEY_INFO { typedef struct _CERT_PUBLIC_KEY_INFO {
CRYPT_ALGORITHM_IDENTIFIER Algorithm; CRYPT_ALGORITHM_IDENTIFIER Algorithm;
CRYPT_BIT_BLOB PublicKey; CRYPT_BIT_BLOB PublicKey;
} CERT_PUBLIC_KEY_INFO, *PCERT_PUBLIC_KEY_INFO; } CERT_PUBLIC_KEY_INFO, *PCERT_PUBLIC_KEY_INFO;
// certenrolls_end
#define CERT_RSA_PUBLIC_KEY_OBJID szOID_RSA_RSA #define CERT_RSA_PUBLIC_KEY_OBJID szOID_RSA_RSA
#define CERT_DEFAULT_OID_PUBLIC_KEY_SIGN szOID_RSA_RSA #define CERT_DEFAULT_OID_PUBLIC_KEY_SIGN szOID_RSA_RSA
#define CERT_DEFAULT_OID_PUBLIC_KEY_XCHG szOID_RSA_RSA #define CERT_DEFAULT_OID_PUBLIC_KEY_XCHG szOID_RSA_RSA
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// structure that contains all the information in a PKCS#8 PrivateKeyInfo // structure that contains all the information in a PKCS#8 PrivateKeyInfo
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_PRIVATE_KEY_INFO{ typedef struct _CRYPT_PRIVATE_KEY_INFO{
DWORD Version; DWORD Version;
skipping to change at line 1765 skipping to change at line 2480
// EncryptedPrivateKey - the encrypted private key blob // EncryptedPrivateKey - the encrypted private key blob
// pClearTextKey - a buffer to receive the clear text // pClearTextKey - a buffer to receive the clear text
// cbClearTextKey - the number of bytes of the pClearTextKey buffer // cbClearTextKey - the number of bytes of the pClearTextKey buffer
// note the if this is zero then this should be // note the if this is zero then this should be
// filled in with the size required to decrypt the // filled in with the size required to decrypt the
// key into, and pClearTextKey should be ignored // key into, and pClearTextKey should be ignored
// pVoidDecryptFunc - this is the pVoid that was passed into the call // pVoidDecryptFunc - this is the pVoid that was passed into the call
// and is preserved and passed back as context // and is preserved and passed back as context
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
typedef BOOL (CALLBACK *PCRYPT_DECRYPT_PRIVATE_KEY_FUNC)( typedef BOOL (CALLBACK *PCRYPT_DECRYPT_PRIVATE_KEY_FUNC)(
CRYPT_ALGORITHM_IDENTIFI __in CRYPT_ALGORITHM_IDENTIFIER Algorithm,
ER Algorithm, __in CRYPT_DATA_BLOB EncryptedPrivateKey,
CRYPT_DATA_BLOB __out_bcount_opt (*pcbClearTextKey) BYTE* pbClearTextKey,
EncryptedPrivateKey, __inout DWORD* pcbClearTextKey,
BYTE __in LPVOID pVoidDecryptFunc);
*pbClearTextKey,
DWORD
*pcbClearTextKey,
LPVOID
pVoidDecryptFunc);
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// this callback is given when creating a PKCS8 EncryptedPrivateKeyInfo. // this callback is given when creating a PKCS8 EncryptedPrivateKeyInfo.
// The caller is then expected to encrypt the private key and hand back // The caller is then expected to encrypt the private key and hand back
// the encrypted contents. // the encrypted contents.
// //
// the parameters are: // the parameters are:
// Algorithm - the algorithm used to encrypt the PrivateKeyInfo // Algorithm - the algorithm used to encrypt the PrivateKeyInfo
// pClearTextPrivateKey - the cleartext private key to be encrypted // pClearTextPrivateKey - the cleartext private key to be encrypted
// pbEncryptedKey - the output encrypted private key blob // pbEncryptedKey - the output encrypted private key blob
// cbEncryptedKey - the number of bytes of the pbEncryptedKey buffer // cbEncryptedKey - the number of bytes of the pbEncryptedKey buffer
// note the if this is zero then this should be // note the if this is zero then this should be
// filled in with the size required to encrypt the // filled in with the size required to encrypt the
// key into, and pbEncryptedKey should be ignored // key into, and pbEncryptedKey should be ignored
// pVoidEncryptFunc - this is the pVoid that was passed into the call // pVoidEncryptFunc - this is the pVoid that was passed into the call
// and is preserved and passed back as context // and is preserved and passed back as context
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
typedef BOOL (CALLBACK *PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC)( typedef BOOL (CALLBACK *PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC)(
CRYPT_ALGORITHM_IDENTIFI __out CRYPT_ALGORITHM_IDENTIFIER* pAlgorithm,
ER* pAlgorithm, __in CRYPT_DATA_BLOB* pClearTextPrivateKey,
CRYPT_DATA_BLOB* __out_bcount_opt (*pcbEncryptedKey) BYTE* pbEncryptedKey,
pClearTextPrivateKey, __inout DWORD* pcbEncryptedKey,
BYTE __in LPVOID pVoidEncryptFunc);
*pbEncryptedKey,
DWORD
*pcbEncryptedKey,
LPVOID
pVoidEncryptFunc);
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// this callback is given from the context of a ImportPKCS8 calls. the caller // this callback is given from the context of a ImportPKCS8 calls. the caller
// is then expected to hand back an HCRYPTPROV to receive the key being imported // is then expected to hand back an HCRYPTPROV to receive the key being imported
// //
// the parameters are: // the parameters are:
// pPrivateKeyInfo - pointer to a CRYPT_PRIVATE_KEY_INFO structure which // pPrivateKeyInfo - pointer to a CRYPT_PRIVATE_KEY_INFO structure which
// describes the key being imported // describes the key being imported
// EncryptedPrivateKey - the encrypted private key blob // EncryptedPrivateKey - the encrypted private key blob
// phCryptProv - a pointer to a HCRRYPTPROV to be filled in // phCryptProv - a pointer to a HCRRYPTPROV to be filled in
skipping to change at line 1850 skipping to change at line 2565
PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC pEncryptPrivateKeyFunc; PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC pEncryptPrivateKeyFunc;
LPVOID pVoidEncryptFunc; LPVOID pVoidEncryptFunc;
} CRYPT_PKCS8_EXPORT_PARAMS, *PCRYPT_PKCS8_EXPORT_PARAMS; } CRYPT_PKCS8_EXPORT_PARAMS, *PCRYPT_PKCS8_EXPORT_PARAMS;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Information stored in a certificate // Information stored in a certificate
// //
// The Issuer, Subject, Algorithm, PublicKey and Extension BLOBs are the // The Issuer, Subject, Algorithm, PublicKey and Extension BLOBs are the
// encoded representation of the information. // encoded representation of the information.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT
typedef struct _CERT_INFO { typedef struct _CERT_INFO {
DWORD dwVersion; DWORD dwVersion;
CRYPT_INTEGER_BLOB SerialNumber; CRYPT_INTEGER_BLOB SerialNumber;
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm; CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CERT_NAME_BLOB Issuer; CERT_NAME_BLOB Issuer;
FILETIME NotBefore; FILETIME NotBefore;
FILETIME NotAfter; FILETIME NotAfter;
CERT_NAME_BLOB Subject; CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo; CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
CRYPT_BIT_BLOB IssuerUniqueId; CRYPT_BIT_BLOB IssuerUniqueId;
CRYPT_BIT_BLOB SubjectUniqueId; CRYPT_BIT_BLOB SubjectUniqueId;
DWORD cExtension; DWORD cExtension;
PCERT_EXTENSION rgExtension; PCERT_EXTENSION rgExtension;
} CERT_INFO, *PCERT_INFO; } CERT_INFO, *PCERT_INFO;
// certenrolls_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate versions // Certificate versions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_V1 0 #define CERT_V1 0
#define CERT_V2 1 #define CERT_V2 1
#define CERT_V3 2 #define CERT_V3 2
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Information Flags // Certificate Information Flags
skipping to change at line 2088 skipping to change at line 2805
// on a seperate line. // on a seperate line.
// //
// If there is no formatting routine installed or registered // If there is no formatting routine installed or registered
// for the lpszStructType, the hex dump of the encoded BLOB will be returned. // for the lpszStructType, the hex dump of the encoded BLOB will be returned.
// User can set the flag CRYPT_FORMAT_STR_NO_HEX to disable the hex dump. // User can set the flag CRYPT_FORMAT_STR_NO_HEX to disable the hex dump.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptFormatObject( CryptFormatObject(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN DWORD dwFormatType, __in DWORD dwFormatType,
IN DWORD dwFormatStrType, __in DWORD dwFormatStrType,
IN void *pFormatStruct, __in_opt void *pFormatStruct,
IN LPCSTR lpszStructType, __in_opt LPCSTR lpszStructType,
IN const BYTE *pbEncoded, __in_bcount(cbEncoded) const BYTE *pbEncoded,
IN DWORD cbEncoded, __in DWORD cbEncoded,
OUT void *pbFormat, __out_bcount_part_opt(*pcbFormat, *pcbFormat) __typefix(WCHAR *) void *pbFor
IN OUT DWORD *pcbFormat mat,
__inout DWORD *pcbFormat
); );
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
// constants for dwFormatStrType of function CryptFormatObject // constants for dwFormatStrType of function CryptFormatObject
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
#define CRYPT_FORMAT_STR_MULTI_LINE 0x0001 #define CRYPT_FORMAT_STR_MULTI_LINE 0x0001
#define CRYPT_FORMAT_STR_NO_HEX 0x0010 #define CRYPT_FORMAT_STR_NO_HEX 0x0010
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
// constants for dwFormatType of function CryptFormatObject // constants for dwFormatType of function CryptFormatObject
// when format X509_NAME or X509_UNICODE_NAME // when format X509_NAME or X509_UNICODE_NAME
skipping to change at line 2166 skipping to change at line 2883
#define CRYPT_FORMAT_CRLF CRYPT_FORMAT_RDN_CRLF #define CRYPT_FORMAT_CRLF CRYPT_FORMAT_RDN_CRLF
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Encode / decode the specified data structure according to the certificate // Encode / decode the specified data structure according to the certificate
// encoding type. // encoding type.
// //
// See below for a list of the predefined data structures. // See below for a list of the predefined data structures.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef LPVOID (WINAPI *PFN_CRYPT_ALLOC)( typedef LPVOID (WINAPI *PFN_CRYPT_ALLOC)(
IN size_t cbSize __in size_t cbSize
); );
typedef VOID (WINAPI *PFN_CRYPT_FREE)( typedef VOID (WINAPI *PFN_CRYPT_FREE)(
IN LPVOID pv __in LPVOID pv
); );
typedef struct _CRYPT_ENCODE_PARA { typedef struct _CRYPT_ENCODE_PARA {
DWORD cbSize; DWORD cbSize;
PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL
PFN_CRYPT_FREE pfnFree; // OPTIONAL PFN_CRYPT_FREE pfnFree; // OPTIONAL
} CRYPT_ENCODE_PARA, *PCRYPT_ENCODE_PARA; } CRYPT_ENCODE_PARA, *PCRYPT_ENCODE_PARA;
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEncodeObjectEx( CryptEncodeObjectEx(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN LPCSTR lpszStructType, __in LPCSTR lpszStructType,
IN const void *pvStructInfo, __in const void *pvStructInfo,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL PCRYPT_ENCODE_PARA pEncodePara, __in_opt PCRYPT_ENCODE_PARA pEncodePara,
OUT void *pvEncoded, __out_opt void *pvEncoded,
IN OUT DWORD *pcbEncoded IN __out DWORD *pcbEncoded
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEncodeObject( CryptEncodeObject(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN LPCSTR lpszStructType, __in LPCSTR lpszStructType,
IN const void *pvStructInfo, __in const void *pvStructInfo,
OUT BYTE *pbEncoded, __out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
IN OUT DWORD *pcbEncoded __inout DWORD *pcbEncoded
); );
// By default the signature bytes are reversed. The following flag can // By default the signature bytes are reversed. The following flag can
// be set to inhibit the byte reversal. // be set to inhibit the byte reversal.
// //
// This flag is applicable to // This flag is applicable to
// X509_CERT_TO_BE_SIGNED // X509_CERT_TO_BE_SIGNED
#define CRYPT_ENCODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG 0x8 #define CRYPT_ENCODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG 0x8
// When the following flag is set the called encode function allocates // When the following flag is set the called encode function allocates
skipping to change at line 2264 skipping to change at line 2981
typedef struct _CRYPT_DECODE_PARA { typedef struct _CRYPT_DECODE_PARA {
DWORD cbSize; DWORD cbSize;
PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL
PFN_CRYPT_FREE pfnFree; // OPTIONAL PFN_CRYPT_FREE pfnFree; // OPTIONAL
} CRYPT_DECODE_PARA, *PCRYPT_DECODE_PARA; } CRYPT_DECODE_PARA, *PCRYPT_DECODE_PARA;
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecodeObjectEx( CryptDecodeObjectEx(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN LPCSTR lpszStructType, __in LPCSTR lpszStructType,
IN const BYTE *pbEncoded, __in_bcount(cbEncoded) const BYTE *pbEncoded,
IN DWORD cbEncoded, __in DWORD cbEncoded,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL PCRYPT_DECODE_PARA pDecodePara, __in_opt PCRYPT_DECODE_PARA pDecodePara,
OUT OPTIONAL void *pvStructInfo, __out_opt void *pvStructInfo,
IN OUT DWORD *pcbStructInfo IN __out DWORD *pcbStructInfo
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecodeObject( CryptDecodeObject(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN LPCSTR lpszStructType, __in LPCSTR lpszStructType,
IN const BYTE *pbEncoded, __in_bcount(cbEncoded) const BYTE *pbEncoded,
IN DWORD cbEncoded, __in DWORD cbEncoded,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT void *pvStructInfo, __out_bcount_part_opt(*pcbStructInfo, *pcbStructInfo) void *pvStructInfo,
IN OUT DWORD *pcbStructInfo __inout DWORD *pcbStructInfo
); );
// When the following flag is set the nocopy optimization is enabled. // When the following flag is set the nocopy optimization is enabled.
// This optimization where appropriate, updates the pvStructInfo fields // This optimization where appropriate, updates the pvStructInfo fields
// to point to content residing within pbEncoded instead of making a copy // to point to content residing within pbEncoded instead of making a copy
// of and appending to pvStructInfo. // of and appending to pvStructInfo.
// //
// Note, when set, pbEncoded can't be freed until pvStructInfo is freed. // Note, when set, pbEncoded can't be freed until pvStructInfo is freed.
#define CRYPT_DECODE_NOCOPY_FLAG 0x1 #define CRYPT_DECODE_NOCOPY_FLAG 0x1
skipping to change at line 2399 skipping to change at line 3116
#define X509_MULTI_BYTE_INTEGER ((LPCSTR) 28) #define X509_MULTI_BYTE_INTEGER ((LPCSTR) 28)
#define X509_ENUMERATED ((LPCSTR) 29) #define X509_ENUMERATED ((LPCSTR) 29)
#define X509_CHOICE_OF_TIME ((LPCSTR) 30) #define X509_CHOICE_OF_TIME ((LPCSTR) 30)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// More predefined X509 certificate extension data structures that can be // More predefined X509 certificate extension data structures that can be
// encoded / decoded. // encoded / decoded.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define X509_AUTHORITY_KEY_ID2 ((LPCSTR) 31) #define X509_AUTHORITY_KEY_ID2 ((LPCSTR) 31)
#define X509_AUTHORITY_INFO_ACCESS ((LPCSTR) 32) #define X509_AUTHORITY_INFO_ACCESS ((LPCSTR) 32)
#define X509_SUBJECT_INFO_ACCESS X509_AUTHORITY_INFO_ACCESS
#define X509_CRL_REASON_CODE X509_ENUMERATED #define X509_CRL_REASON_CODE X509_ENUMERATED
#define PKCS_CONTENT_INFO ((LPCSTR) 33) #define PKCS_CONTENT_INFO ((LPCSTR) 33)
#define X509_SEQUENCE_OF_ANY ((LPCSTR) 34) #define X509_SEQUENCE_OF_ANY ((LPCSTR) 34)
#define X509_CRL_DIST_POINTS ((LPCSTR) 35) #define X509_CRL_DIST_POINTS ((LPCSTR) 35)
#define X509_ENHANCED_KEY_USAGE ((LPCSTR) 36) #define X509_ENHANCED_KEY_USAGE ((LPCSTR) 36)
#define PKCS_CTL ((LPCSTR) 37) #define PKCS_CTL ((LPCSTR) 37)
#define X509_MULTI_BYTE_UINT ((LPCSTR) 38) #define X509_MULTI_BYTE_UINT ((LPCSTR) 38)
#define X509_DSS_PUBLICKEY X509_MULTI_BYTE_UINT #define X509_DSS_PUBLICKEY X509_MULTI_BYTE_UINT
#define X509_DSS_PARAMETERS ((LPCSTR) 39) #define X509_DSS_PARAMETERS ((LPCSTR) 39)
#define X509_DSS_SIGNATURE ((LPCSTR) 40) #define X509_DSS_SIGNATURE ((LPCSTR) 40)
#define PKCS_RC2_CBC_PARAMETERS ((LPCSTR) 41) #define PKCS_RC2_CBC_PARAMETERS ((LPCSTR) 41)
#define PKCS_SMIME_CAPABILITIES ((LPCSTR) 42) #define PKCS_SMIME_CAPABILITIES ((LPCSTR) 42)
// Qualified Certificate Statements Extension uses the same encode/decode
// function as PKCS_SMIME_CAPABILITIES. Its data structures are identical
// except for the names of the fields.
#define X509_QC_STATEMENTS_EXT ((LPCSTR) 42)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// data structures for private keys // data structures for private keys
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define PKCS_RSA_PRIVATE_KEY ((LPCSTR) 43) #define PKCS_RSA_PRIVATE_KEY ((LPCSTR) 43)
#define PKCS_PRIVATE_KEY_INFO ((LPCSTR) 44) #define PKCS_PRIVATE_KEY_INFO ((LPCSTR) 44)
#define PKCS_ENCRYPTED_PRIVATE_KEY_INFO ((LPCSTR) 45) #define PKCS_ENCRYPTED_PRIVATE_KEY_INFO ((LPCSTR) 45)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// certificate policy qualifier // certificate policy qualifier
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 2434 skipping to change at line 3157
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Diffie-Hellman Key Exchange // Diffie-Hellman Key Exchange
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define X509_DH_PUBLICKEY X509_MULTI_BYTE_UINT #define X509_DH_PUBLICKEY X509_MULTI_BYTE_UINT
#define X509_DH_PARAMETERS ((LPCSTR) 47) #define X509_DH_PARAMETERS ((LPCSTR) 47)
#define PKCS_ATTRIBUTES ((LPCSTR) 48) #define PKCS_ATTRIBUTES ((LPCSTR) 48)
#define PKCS_SORTED_CTL ((LPCSTR) 49) #define PKCS_SORTED_CTL ((LPCSTR) 49)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// ECC Signature
//--------------------------------------------------------------------------
// Uses the same encode/decode function as X509_DH_PARAMETERS. Its data
// structure is identical except for the names of the fields.
#define X509_ECC_SIGNATURE ((LPCSTR) 47)
//+-------------------------------------------------------------------------
// X942 Diffie-Hellman // X942 Diffie-Hellman
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define X942_DH_PARAMETERS ((LPCSTR) 50) #define X942_DH_PARAMETERS ((LPCSTR) 50)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The following is the same as X509_BITS, except before encoding, // The following is the same as X509_BITS, except before encoding,
// the bit length is decremented to exclude trailing zero bits. // the bit length is decremented to exclude trailing zero bits.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define X509_BITS_WITHOUT_TRAILING_ZEROES ((LPCSTR) 51) #define X509_BITS_WITHOUT_TRAILING_ZEROES ((LPCSTR) 51)
skipping to change at line 2471 skipping to change at line 3201
#define CMC_STATUS ((LPCSTR) 61) #define CMC_STATUS ((LPCSTR) 61)
#define CMC_ADD_EXTENSIONS ((LPCSTR) 62) #define CMC_ADD_EXTENSIONS ((LPCSTR) 62)
#define CMC_ADD_ATTRIBUTES ((LPCSTR) 63) #define CMC_ADD_ATTRIBUTES ((LPCSTR) 63)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Template // Certificate Template
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define X509_CERTIFICATE_TEMPLATE ((LPCSTR) 64) #define X509_CERTIFICATE_TEMPLATE ((LPCSTR) 64)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Online Certificate Status Protocol (OCSP) Data Structures
//--------------------------------------------------------------------------
#define OCSP_SIGNED_REQUEST ((LPCSTR) 65)
#define OCSP_REQUEST ((LPCSTR) 66)
#define OCSP_RESPONSE ((LPCSTR) 67)
#define OCSP_BASIC_SIGNED_RESPONSE ((LPCSTR) 68)
#define OCSP_BASIC_RESPONSE ((LPCSTR) 69)
//+-------------------------------------------------------------------------
// Logotype and Biometric Extensions
//--------------------------------------------------------------------------
#define X509_LOGOTYPE_EXT ((LPCSTR) 70)
#define X509_BIOMETRIC_EXT ((LPCSTR) 71)
#define CNG_RSA_PUBLIC_KEY_BLOB ((LPCSTR) 72)
#define X509_OBJECT_IDENTIFIER ((LPCSTR) 73)
#define X509_ALGORITHM_IDENTIFIER ((LPCSTR) 74)
#define PKCS_RSA_SSA_PSS_PARAMETERS ((LPCSTR) 75)
#define PKCS_RSAES_OAEP_PARAMETERS ((LPCSTR) 76)
#define ECC_CMS_SHARED_INFO ((LPCSTR) 77)
//+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded. // Predefined PKCS #7 data structures that can be encoded / decoded.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define PKCS7_SIGNER_INFO ((LPCSTR) 500) #define PKCS7_SIGNER_INFO ((LPCSTR) 500)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded. // Predefined PKCS #7 data structures that can be encoded / decoded.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMS_SIGNER_INFO ((LPCSTR) 501) #define CMS_SIGNER_INFO ((LPCSTR) 501)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 2505 skipping to change at line 3258
#define szOID_KEY_USAGE_RESTRICTION "2.5.29.4" #define szOID_KEY_USAGE_RESTRICTION "2.5.29.4"
#define szOID_SUBJECT_ALT_NAME "2.5.29.7" #define szOID_SUBJECT_ALT_NAME "2.5.29.7"
#define szOID_ISSUER_ALT_NAME "2.5.29.8" #define szOID_ISSUER_ALT_NAME "2.5.29.8"
#define szOID_BASIC_CONSTRAINTS "2.5.29.10" #define szOID_BASIC_CONSTRAINTS "2.5.29.10"
#define szOID_KEY_USAGE "2.5.29.15" #define szOID_KEY_USAGE "2.5.29.15"
#define szOID_PRIVATEKEY_USAGE_PERIOD "2.5.29.16" #define szOID_PRIVATEKEY_USAGE_PERIOD "2.5.29.16"
#define szOID_BASIC_CONSTRAINTS2 "2.5.29.19" #define szOID_BASIC_CONSTRAINTS2 "2.5.29.19"
#define szOID_CERT_POLICIES "2.5.29.32" #define szOID_CERT_POLICIES "2.5.29.32"
#define szOID_ANY_CERT_POLICY "2.5.29.32.0" #define szOID_ANY_CERT_POLICY "2.5.29.32.0"
#define szOID_INHIBIT_ANY_POLICY "2.5.29.54"
#define szOID_AUTHORITY_KEY_IDENTIFIER2 "2.5.29.35" #define szOID_AUTHORITY_KEY_IDENTIFIER2 "2.5.29.35"
#define szOID_SUBJECT_KEY_IDENTIFIER "2.5.29.14" #define szOID_SUBJECT_KEY_IDENTIFIER "2.5.29.14"
#define szOID_SUBJECT_ALT_NAME2 "2.5.29.17" #define szOID_SUBJECT_ALT_NAME2 "2.5.29.17"
#define szOID_ISSUER_ALT_NAME2 "2.5.29.18" #define szOID_ISSUER_ALT_NAME2 "2.5.29.18"
#define szOID_CRL_REASON_CODE "2.5.29.21" #define szOID_CRL_REASON_CODE "2.5.29.21"
#define szOID_REASON_CODE_HOLD "2.5.29.23" #define szOID_REASON_CODE_HOLD "2.5.29.23"
#define szOID_CRL_DIST_POINTS "2.5.29.31" #define szOID_CRL_DIST_POINTS "2.5.29.31"
#define szOID_ENHANCED_KEY_USAGE "2.5.29.37" #define szOID_ENHANCED_KEY_USAGE "2.5.29.37"
#define szOID_ANY_ENHANCED_KEY_USAGE "2.5.29.37.0"
// szOID_CRL_NUMBER -- Base CRLs only. Monotonically increasing sequence // szOID_CRL_NUMBER -- Base CRLs only. Monotonically increasing sequence
// number for each CRL issued by a CA. // number for each CRL issued by a CA.
#define szOID_CRL_NUMBER "2.5.29.20" #define szOID_CRL_NUMBER "2.5.29.20"
// szOID_DELTA_CRL_INDICATOR -- Delta CRLs only. Marked critical. // szOID_DELTA_CRL_INDICATOR -- Delta CRLs only. Marked critical.
// Contains the minimum base CRL Number that can be used with a delta CRL. // Contains the minimum base CRL Number that can be used with a delta CRL.
#define szOID_DELTA_CRL_INDICATOR "2.5.29.27" #define szOID_DELTA_CRL_INDICATOR "2.5.29.27"
#define szOID_ISSUING_DIST_POINT "2.5.29.28" #define szOID_ISSUING_DIST_POINT "2.5.29.28"
// szOID_FRESHEST_CRL -- Base CRLs only. Formatted identically to a CDP // szOID_FRESHEST_CRL -- Base CRLs only. Formatted identically to a CDP
// extension that holds URLs to fetch the delta CRL. // extension that holds URLs to fetch the delta CRL.
#define szOID_FRESHEST_CRL "2.5.29.46" #define szOID_FRESHEST_CRL "2.5.29.46"
skipping to change at line 2546 skipping to change at line 3302
#define szOID_OS_VERSION "1.3.6.1.4.1.311.13.2.3" #define szOID_OS_VERSION "1.3.6.1.4.1.311.13.2.3"
// //
// Extension contain certificate type // Extension contain certificate type
#define szOID_ENROLLMENT_AGENT "1.3.6.1.4.1.311.20.2.1" #define szOID_ENROLLMENT_AGENT "1.3.6.1.4.1.311.20.2.1"
// Internet Public Key Infrastructure (PKIX) // Internet Public Key Infrastructure (PKIX)
#define szOID_PKIX "1.3.6.1.5.5.7" #define szOID_PKIX "1.3.6.1.5.5.7"
#define szOID_PKIX_PE "1.3.6.1.5.5.7.1" #define szOID_PKIX_PE "1.3.6.1.5.5.7.1"
#define szOID_AUTHORITY_INFO_ACCESS "1.3.6.1.5.5.7.1.1" #define szOID_AUTHORITY_INFO_ACCESS "1.3.6.1.5.5.7.1.1"
#define szOID_SUBJECT_INFO_ACCESS "1.3.6.1.5.5.7.1.11"
#define szOID_BIOMETRIC_EXT "1.3.6.1.5.5.7.1.2"
#define szOID_QC_STATEMENTS_EXT "1.3.6.1.5.5.7.1.3"
#define szOID_LOGOTYPE_EXT "1.3.6.1.5.5.7.1.12"
// Microsoft extensions or attributes // Microsoft extensions or attributes
#define szOID_CERT_EXTENSIONS "1.3.6.1.4.1.311.2.1.14" #define szOID_CERT_EXTENSIONS "1.3.6.1.4.1.311.2.1.14"
#define szOID_NEXT_UPDATE_LOCATION "1.3.6.1.4.1.311.10.2" #define szOID_NEXT_UPDATE_LOCATION "1.3.6.1.4.1.311.10.2"
#define szOID_REMOVE_CERTIFICATE "1.3.6.1.4.1.311.10.8.1" #define szOID_REMOVE_CERTIFICATE "1.3.6.1.4.1.311.10.8.1"
#define szOID_CROSS_CERT_DIST_POINTS "1.3.6.1.4.1.311.10.9.1" #define szOID_CROSS_CERT_DIST_POINTS "1.3.6.1.4.1.311.10.9.1"
// Microsoft PKCS #7 ContentType Object Identifiers // Microsoft PKCS #7 ContentType Object Identifiers
#define szOID_CTL "1.3.6.1.4.1.311.10.1" #define szOID_CTL "1.3.6.1.4.1.311.10.1"
skipping to change at line 2583 skipping to change at line 3343
// CryptUI // CryptUI
#define szOID_ANY_APPLICATION_POLICY "1.3.6.1.4.1.311.10.12.1" #define szOID_ANY_APPLICATION_POLICY "1.3.6.1.4.1.311.10.12.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Object Identifiers for use with Auto Enrollment // Object Identifiers for use with Auto Enrollment
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define szOID_AUTO_ENROLL_CTL_USAGE "1.3.6.1.4.1.311.20.1" #define szOID_AUTO_ENROLL_CTL_USAGE "1.3.6.1.4.1.311.20.1"
// Extension contain certificate type // Extension contain certificate type
// AKA Certificate template extension (v1)
#define szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" #define szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2"
#define szOID_CERT_MANIFOLD "1.3.6.1.4.1.311.20.3" #define szOID_CERT_MANIFOLD "1.3.6.1.4.1.311.20.3"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Object Identifiers for use with the MS Certificate Server // Object Identifiers for use with the MS Certificate Server
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#ifndef szOID_CERTSRV_CA_VERSION #ifndef szOID_CERTSRV_CA_VERSION
#define szOID_CERTSRV_CA_VERSION "1.3.6.1.4.1.311.21.1" #define szOID_CERTSRV_CA_VERSION "1.3.6.1.4.1.311.21.1"
#endif #endif
skipping to change at line 2690 skipping to change at line 3451
// (KEY_ENCIPHERMENT or KEY_AGREEMENT) // (KEY_ENCIPHERMENT or KEY_AGREEMENT)
#define szOID_PKIX_KP_IPSEC_TUNNEL "1.3.6.1.5.5.7.3.6" #define szOID_PKIX_KP_IPSEC_TUNNEL "1.3.6.1.5.5.7.3.6"
// Consistent key usage bits: DIGITAL_SIGNATURE and/or // Consistent key usage bits: DIGITAL_SIGNATURE and/or
// (KEY_ENCIPHERMENT or KEY_AGREEMENT) // (KEY_ENCIPHERMENT or KEY_AGREEMENT)
#define szOID_PKIX_KP_IPSEC_USER "1.3.6.1.5.5.7.3.7" #define szOID_PKIX_KP_IPSEC_USER "1.3.6.1.5.5.7.3.7"
// Consistent key usage bits: DIGITAL_SIGNATURE or NON_REPUDIATION // Consistent key usage bits: DIGITAL_SIGNATURE or NON_REPUDIATION
#define szOID_PKIX_KP_TIMESTAMP_SIGNING "1.3.6.1.5.5.7.3.8" #define szOID_PKIX_KP_TIMESTAMP_SIGNING "1.3.6.1.5.5.7.3.8"
// OCSP response signer
#define szOID_PKIX_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9"
// Following extension is present to indicate no revocation checking
// for the OCSP signer certificate
#define szOID_PKIX_OCSP_NOCHECK "1.3.6.1.5.5.7.48.1.5"
// OCSP Nonce
#define szOID_PKIX_OCSP_NONCE "1.3.6.1.5.5.7.48.1.2"
// IKE (Internet Key Exchange) Intermediate KP for an IPsec end entity. // IKE (Internet Key Exchange) Intermediate KP for an IPsec end entity.
// Defined in draft-ietf-ipsec-pki-req-04.txt, December 14, 1999. // Defined in draft-ietf-ipsec-pki-req-04.txt, December 14, 1999.
#define szOID_IPSEC_KP_IKE_INTERMEDIATE "1.3.6.1.5.5.8.2.2" #define szOID_IPSEC_KP_IKE_INTERMEDIATE "1.3.6.1.5.5.8.2.2"
// iso (1) org (3) dod (6) internet (1) security (5) kerberosv5 (2) pkinit (3) 5
#define szOID_PKINIT_KP_KDC "1.3.6.1.5.2.3.5"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Microsoft Enhanced Key Usage (Purpose) Object Identifiers // Microsoft Enhanced Key Usage (Purpose) Object Identifiers
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Signer of CTLs // Signer of CTLs
#define szOID_KP_CTL_USAGE_SIGNING "1.3.6.1.4.1.311.10.3.1" #define szOID_KP_CTL_USAGE_SIGNING "1.3.6.1.4.1.311.10.3.1"
// Signer of TimeStamps // Signer of TimeStamps
#define szOID_KP_TIME_STAMP_SIGNING "1.3.6.1.4.1.311.10.3.2" #define szOID_KP_TIME_STAMP_SIGNING "1.3.6.1.4.1.311.10.3.2"
skipping to change at line 2750 skipping to change at line 3524
// The default WinVerifyTrust Authenticode policy is to treat all time stamped // The default WinVerifyTrust Authenticode policy is to treat all time stamped
// signatures as being valid forever. This OID limits the valid lifetime of the // signatures as being valid forever. This OID limits the valid lifetime of the
// signature to the lifetime of the certificate. This allows timestamped // signature to the lifetime of the certificate. This allows timestamped
// signatures to expire. Normally this OID will be used in conjunction with // signatures to expire. Normally this OID will be used in conjunction with
// szOID_PKIX_KP_CODE_SIGNING to indicate new time stamp semantics should be // szOID_PKIX_KP_CODE_SIGNING to indicate new time stamp semantics should be
// used. Support for this OID was added in WXP. // used. Support for this OID was added in WXP.
#define szOID_KP_LIFETIME_SIGNING "1.3.6.1.4.1.311.10.3.13" #define szOID_KP_LIFETIME_SIGNING "1.3.6.1.4.1.311.10.3.13"
#define szOID_KP_MOBILE_DEVICE_SOFTWARE "1.3.6.1.4.1.311.10.3.14" #define szOID_KP_MOBILE_DEVICE_SOFTWARE "1.3.6.1.4.1.311.10.3.14"
#define szOID_KP_SMART_DISPLAY "1.3.6.1.4.1.311.10.3.15"
#define szOID_KP_CSP_SIGNATURE "1.3.6.1.4.1.311.10.3.16"
#ifndef szOID_DRM #ifndef szOID_DRM
#define szOID_DRM "1.3.6.1.4.1.311.10.5.1" #define szOID_DRM "1.3.6.1.4.1.311.10.5.1"
#endif #endif
// Microsoft DRM EKU // Microsoft DRM EKU
#ifndef szOID_DRM_INDIVIDUALIZATION #ifndef szOID_DRM_INDIVIDUALIZATION
#define szOID_DRM_INDIVIDUALIZATION "1.3.6.1.4.1.311.10.5.2" #define szOID_DRM_INDIVIDUALIZATION "1.3.6.1.4.1.311.10.5.2"
#endif #endif
#ifndef szOID_LICENSES #ifndef szOID_LICENSES
skipping to change at line 2771 skipping to change at line 3549
#endif #endif
#ifndef szOID_LICENSE_SERVER #ifndef szOID_LICENSE_SERVER
#define szOID_LICENSE_SERVER "1.3.6.1.4.1.311.10.6.2" #define szOID_LICENSE_SERVER "1.3.6.1.4.1.311.10.6.2"
#endif #endif
#ifndef szOID_KP_SMARTCARD_LOGON #ifndef szOID_KP_SMARTCARD_LOGON
#define szOID_KP_SMARTCARD_LOGON "1.3.6.1.4.1.311.20.2.2" #define szOID_KP_SMARTCARD_LOGON "1.3.6.1.4.1.311.20.2.2"
#endif #endif
#define szOID_KP_KERNEL_MODE_CODE_SIGNING "1.3.6.1.4.1.311.61.1.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Microsoft Attribute Object Identifiers // Microsoft Attribute Object Identifiers
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
#define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1" #define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Qualifiers that may be part of the szOID_CERT_POLICIES and // Qualifiers that may be part of the szOID_CERT_POLICIES and
// szOID_CERT_POLICIES95 extensions // szOID_CERT_POLICIES95 extensions
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
#define szOID_PKIX_POLICY_QUALIFIER_CPS "1.3.6.1.5.5.7.2.1" #define szOID_PKIX_POLICY_QUALIFIER_CPS "1.3.6.1.5.5.7.2.1"
#define szOID_PKIX_POLICY_QUALIFIER_USERNOTICE "1.3.6.1.5.5.7.2.2" #define szOID_PKIX_POLICY_QUALIFIER_USERNOTICE "1.3.6.1.5.5.7.2.2"
#define szOID_ROOT_PROGRAM_FLAGS "1.3.6.1.4.1.311.60.1.1"
// OID for old qualifer // OID for old qualifer
#define szOID_CERT_POLICIES_95_QUALIFIER1 "2.16.840.1.113733.1.7.1.1 " #define szOID_CERT_POLICIES_95_QUALIFIER1 "2.16.840.1.113733.1.7.1.1 "
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_CERT // X509_CERT
// //
// The "to be signed" encoded content plus its signature. The ToBeSigned // The "to be signed" encoded content plus its signature. The ToBeSigned
// content is the CryptEncodeObject() output for one of the following: // content is the CryptEncodeObject() output for one of the following:
// X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or // X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or
// X509_CERT_REQUEST_TO_BE_SIGNED. // X509_CERT_REQUEST_TO_BE_SIGNED.
skipping to change at line 2836 skipping to change at line 3618
// //
// For CryptEncodeObject(), the pbEncoded is just the "to be signed". // For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_EXTENSIONS // X509_EXTENSIONS
// szOID_CERT_EXTENSIONS // szOID_CERT_EXTENSIONS
// //
// pvStructInfo points to following CERT_EXTENSIONS. // pvStructInfo points to following CERT_EXTENSIONS.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXTS
typedef struct _CERT_EXTENSIONS { typedef struct _CERT_EXTENSIONS {
DWORD cExtension; DWORD cExtension;
PCERT_EXTENSION rgExtension; PCERT_EXTENSION rgExtension;
} CERT_EXTENSIONS, *PCERT_EXTENSIONS; } CERT_EXTENSIONS, *PCERT_EXTENSIONS;
// certenrolls_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_NAME_VALUE // X509_NAME_VALUE
// X509_ANY_STRING // X509_ANY_STRING
// //
// pvStructInfo points to CERT_NAME_VALUE. // pvStructInfo points to CERT_NAME_VALUE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_UNICODE_NAME_VALUE // X509_UNICODE_NAME_VALUE
skipping to change at line 3024 skipping to change at line 3808
FILETIME NotBefore; FILETIME NotBefore;
FILETIME NotAfter; FILETIME NotAfter;
} CERT_PRIVATE_KEY_VALIDITY, *PCERT_PRIVATE_KEY_VALIDITY; } CERT_PRIVATE_KEY_VALIDITY, *PCERT_PRIVATE_KEY_VALIDITY;
typedef struct _CERT_KEY_ATTRIBUTES_INFO { typedef struct _CERT_KEY_ATTRIBUTES_INFO {
CRYPT_DATA_BLOB KeyId; CRYPT_DATA_BLOB KeyId;
CRYPT_BIT_BLOB IntendedKeyUsage; CRYPT_BIT_BLOB IntendedKeyUsage;
PCERT_PRIVATE_KEY_VALIDITY pPrivateKeyUsagePeriod; // OPTIONAL PCERT_PRIVATE_KEY_VALIDITY pPrivateKeyUsagePeriod; // OPTIONAL
} CERT_KEY_ATTRIBUTES_INFO, *PCERT_KEY_ATTRIBUTES_INFO; } CERT_KEY_ATTRIBUTES_INFO, *PCERT_KEY_ATTRIBUTES_INFO;
// certenrolld_begin -- CERT_*_KEY_USAGE
// Byte[0] // Byte[0]
#define CERT_DIGITAL_SIGNATURE_KEY_USAGE 0x80 #define CERT_DIGITAL_SIGNATURE_KEY_USAGE 0x80
#define CERT_NON_REPUDIATION_KEY_USAGE 0x40 #define CERT_NON_REPUDIATION_KEY_USAGE 0x40
#define CERT_KEY_ENCIPHERMENT_KEY_USAGE 0x20 #define CERT_KEY_ENCIPHERMENT_KEY_USAGE 0x20
#define CERT_DATA_ENCIPHERMENT_KEY_USAGE 0x10 #define CERT_DATA_ENCIPHERMENT_KEY_USAGE 0x10
#define CERT_KEY_AGREEMENT_KEY_USAGE 0x08 #define CERT_KEY_AGREEMENT_KEY_USAGE 0x08
#define CERT_KEY_CERT_SIGN_KEY_USAGE 0x04 #define CERT_KEY_CERT_SIGN_KEY_USAGE 0x04
#define CERT_OFFLINE_CRL_SIGN_KEY_USAGE 0x02 #define CERT_OFFLINE_CRL_SIGN_KEY_USAGE 0x02
#define CERT_CRL_SIGN_KEY_USAGE 0x02 #define CERT_CRL_SIGN_KEY_USAGE 0x02
#define CERT_ENCIPHER_ONLY_KEY_USAGE 0x01 #define CERT_ENCIPHER_ONLY_KEY_USAGE 0x01
// Byte[1] // Byte[1]
#define CERT_DECIPHER_ONLY_KEY_USAGE 0x80 #define CERT_DECIPHER_ONLY_KEY_USAGE 0x80
// certenrolld_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_KEY_USAGE_RESTRICTION // X509_KEY_USAGE_RESTRICTION
// szOID_KEY_USAGE_RESTRICTION // szOID_KEY_USAGE_RESTRICTION
// //
// pvStructInfo points to following CERT_KEY_USAGE_RESTRICTION_INFO. // pvStructInfo points to following CERT_KEY_USAGE_RESTRICTION_INFO.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_POLICY_ID { typedef struct _CERT_POLICY_ID {
DWORD cCertPolicyElementId; DWORD cCertPolicyElementId;
LPSTR *rgpszCertPolicyElementId; // pszObjId LPSTR *rgpszCertPolicyElementId; // pszObjId
skipping to change at line 3066 skipping to change at line 3852
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_ALTERNATE_NAME // X509_ALTERNATE_NAME
// szOID_SUBJECT_ALT_NAME // szOID_SUBJECT_ALT_NAME
// szOID_ISSUER_ALT_NAME // szOID_ISSUER_ALT_NAME
// szOID_SUBJECT_ALT_NAME2 // szOID_SUBJECT_ALT_NAME2
// szOID_ISSUER_ALT_NAME2 // szOID_ISSUER_ALT_NAME2
// //
// pvStructInfo points to following CERT_ALT_NAME_INFO. // pvStructInfo points to following CERT_ALT_NAME_INFO.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_ALT_NAME_INFO
typedef struct _CERT_OTHER_NAME { typedef struct _CERT_OTHER_NAME {
LPSTR pszObjId; LPSTR pszObjId;
CRYPT_OBJID_BLOB Value; CRYPT_OBJID_BLOB Value;
} CERT_OTHER_NAME, *PCERT_OTHER_NAME; } CERT_OTHER_NAME, *PCERT_OTHER_NAME;
typedef struct _CERT_ALT_NAME_ENTRY { typedef struct _CERT_ALT_NAME_ENTRY {
DWORD dwAltNameChoice; DWORD dwAltNameChoice;
union { union { // certenrolls_skip
PCERT_OTHER_NAME pOtherName; // 1 PCERT_OTHER_NAME pOtherName; // 1
LPWSTR pwszRfc822Name; // 2 (encoded IA5) LPWSTR pwszRfc822Name; // 2 (encoded IA5)
LPWSTR pwszDNSName; // 3 (encoded IA5) LPWSTR pwszDNSName; // 3 (encoded IA5)
// Not implemented x400Address; // 4 // Not implemented x400Address; // 4
CERT_NAME_BLOB DirectoryName; // 5 CERT_NAME_BLOB DirectoryName; // 5
// Not implemented pEdiPartyName; // 6 // Not implemented pEdiPartyName; // 6
LPWSTR pwszURL; // 7 (encoded IA5) LPWSTR pwszURL; // 7 (encoded IA5)
CRYPT_DATA_BLOB IPAddress; // 8 (Octet String) CRYPT_DATA_BLOB IPAddress; // 8 (Octet String)
LPSTR pszRegisteredID; // 9 (Object Identifer) LPSTR pszRegisteredID; // 9 (Object Identifer)
}; }; // certenrolls_skip
} CERT_ALT_NAME_ENTRY, *PCERT_ALT_NAME_ENTRY; } CERT_ALT_NAME_ENTRY, *PCERT_ALT_NAME_ENTRY;
// certenrolls_end
// certenrolld_begin -- CERT_ALT_NAME_*
#define CERT_ALT_NAME_OTHER_NAME 1 #define CERT_ALT_NAME_OTHER_NAME 1
#define CERT_ALT_NAME_RFC822_NAME 2 #define CERT_ALT_NAME_RFC822_NAME 2
#define CERT_ALT_NAME_DNS_NAME 3 #define CERT_ALT_NAME_DNS_NAME 3
#define CERT_ALT_NAME_X400_ADDRESS 4 #define CERT_ALT_NAME_X400_ADDRESS 4
#define CERT_ALT_NAME_DIRECTORY_NAME 5 #define CERT_ALT_NAME_DIRECTORY_NAME 5
#define CERT_ALT_NAME_EDI_PARTY_NAME 6 #define CERT_ALT_NAME_EDI_PARTY_NAME 6
#define CERT_ALT_NAME_URL 7 #define CERT_ALT_NAME_URL 7
#define CERT_ALT_NAME_IP_ADDRESS 8 #define CERT_ALT_NAME_IP_ADDRESS 8
#define CERT_ALT_NAME_REGISTERED_ID 9 #define CERT_ALT_NAME_REGISTERED_ID 9
// certenrolld_end
// certenrolls_begin -- CERT_ALT_NAME_INFO
typedef struct _CERT_ALT_NAME_INFO { typedef struct _CERT_ALT_NAME_INFO {
DWORD cAltEntry; DWORD cAltEntry;
PCERT_ALT_NAME_ENTRY rgAltEntry; PCERT_ALT_NAME_ENTRY rgAltEntry;
} CERT_ALT_NAME_INFO, *PCERT_ALT_NAME_INFO; } CERT_ALT_NAME_INFO, *PCERT_ALT_NAME_INFO;
// certenrolls_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Alternate name IA5 Error Location Definitions for // Alternate name IA5 Error Location Definitions for
// CRYPT_E_INVALID_IA5_STRING. // CRYPT_E_INVALID_IA5_STRING.
// //
// Error location is returned in *pcbEncoded by // Error location is returned in *pcbEncoded by
// CryptEncodeObject(X509_ALTERNATE_NAME) // CryptEncodeObject(X509_ALTERNATE_NAME)
// //
// Error location consists of: // Error location consists of:
// ENTRY_INDEX - 8 bits << 16 // ENTRY_INDEX - 8 bits << 16
skipping to change at line 3170 skipping to change at line 3962
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_CERT_POLICIES // X509_CERT_POLICIES
// szOID_CERT_POLICIES // szOID_CERT_POLICIES
// szOID_CERT_POLICIES_95 NOTE--Only allowed for decoding!!! // szOID_CERT_POLICIES_95 NOTE--Only allowed for decoding!!!
// //
// pvStructInfo points to following CERT_POLICIES_INFO. // pvStructInfo points to following CERT_POLICIES_INFO.
// //
// NOTE: when decoding using szOID_CERT_POLICIES_95 the pszPolicyIdentifier // NOTE: when decoding using szOID_CERT_POLICIES_95 the pszPolicyIdentifier
// may contain an empty string // may contain an empty string
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_POLICY_QUALIFIER_INFO
typedef struct _CERT_POLICY_QUALIFIER_INFO { typedef struct _CERT_POLICY_QUALIFIER_INFO {
LPSTR pszPolicyQualifierId; // pszObjId LPSTR pszPolicyQualifierId; // pszObjId
CRYPT_OBJID_BLOB Qualifier; // optional CRYPT_OBJID_BLOB Qualifier; // optional
} CERT_POLICY_QUALIFIER_INFO, *PCERT_POLICY_QUALIFIER_INFO; } CERT_POLICY_QUALIFIER_INFO, *PCERT_POLICY_QUALIFIER_INFO;
typedef struct _CERT_POLICY_INFO { typedef struct _CERT_POLICY_INFO {
LPSTR pszPolicyIdentifier; // pszObjId LPSTR pszPolicyIdentifier; // pszObjId
DWORD cPolicyQualifier; // optional DWORD cPolicyQualifier; // optional
CERT_POLICY_QUALIFIER_INFO *rgPolicyQualifier; CERT_POLICY_QUALIFIER_INFO *rgPolicyQualifier;
} CERT_POLICY_INFO, *PCERT_POLICY_INFO; } CERT_POLICY_INFO, *PCERT_POLICY_INFO;
typedef struct _CERT_POLICIES_INFO { typedef struct _CERT_POLICIES_INFO {
DWORD cPolicyInfo; DWORD cPolicyInfo;
CERT_POLICY_INFO *rgPolicyInfo; CERT_POLICY_INFO *rgPolicyInfo;
} CERT_POLICIES_INFO, *PCERT_POLICIES_INFO; } CERT_POLICIES_INFO, *PCERT_POLICIES_INFO;
// certenrolls_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_PKIX_POLICY_QUALIFIER_USERNOTICE // X509_PKIX_POLICY_QUALIFIER_USERNOTICE
// szOID_PKIX_POLICY_QUALIFIER_USERNOTICE // szOID_PKIX_POLICY_QUALIFIER_USERNOTICE
// //
// pvStructInfo points to following CERT_POLICY_QUALIFIER_USER_NOTICE. // pvStructInfo points to following CERT_POLICY_QUALIFIER_USER_NOTICE.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_POLICY_QUALIFIER_NOTICE_REFERENCE { typedef struct _CERT_POLICY_QUALIFIER_NOTICE_REFERENCE {
LPSTR pszOrganization; LPSTR pszOrganization;
skipping to change at line 3225 skipping to change at line 4019
typedef struct _CERT_POLICY95_QUALIFIER1 { typedef struct _CERT_POLICY95_QUALIFIER1 {
LPWSTR pszPracticesReference; // optional LPWSTR pszPracticesReference; // optional
LPSTR pszNoticeIdentifier; // optional LPSTR pszNoticeIdentifier; // optional
LPSTR pszNSINoticeIdentifier; // optional LPSTR pszNSINoticeIdentifier; // optional
DWORD cCPSURLs; DWORD cCPSURLs;
CPS_URLS *rgCPSURLs; // optional CPS_URLS *rgCPSURLs; // optional
} CERT_POLICY95_QUALIFIER1, *PCERT_POLICY95_QUALIFIER1; } CERT_POLICY95_QUALIFIER1, *PCERT_POLICY95_QUALIFIER1;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// szOID_INHIBIT_ANY_POLICY data structure
//
// pvStructInfo points to an int.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_POLICY_MAPPINGS // X509_POLICY_MAPPINGS
// szOID_POLICY_MAPPINGS // szOID_POLICY_MAPPINGS
// szOID_LEGACY_POLICY_MAPPINGS // szOID_LEGACY_POLICY_MAPPINGS
// //
// pvStructInfo points to following CERT_POLICY_MAPPINGS_INFO. // pvStructInfo points to following CERT_POLICY_MAPPINGS_INFO.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_POLICY_MAPPING { typedef struct _CERT_POLICY_MAPPING {
LPSTR pszIssuerDomainPolicy; // pszObjId LPSTR pszIssuerDomainPolicy; // pszObjId
LPSTR pszSubjectDomainPolicy; // pszObjId LPSTR pszSubjectDomainPolicy; // pszObjId
} CERT_POLICY_MAPPING, *PCERT_POLICY_MAPPING; } CERT_POLICY_MAPPING, *PCERT_POLICY_MAPPING;
skipping to change at line 3277 skipping to change at line 4077
// modulus INTEGER and a publicExponent INTEGER. The modulus is encoded // modulus INTEGER and a publicExponent INTEGER. The modulus is encoded
// as being a unsigned integer. When decoded, if the modulus was encoded // as being a unsigned integer. When decoded, if the modulus was encoded
// as unsigned integer with a leading 0 byte, the 0 byte is removed before // as unsigned integer with a leading 0 byte, the 0 byte is removed before
// converting to the CSP modulus bytes. // converting to the CSP modulus bytes.
// //
// For decode, the aiKeyAlg field of PUBLICKEYSTRUC is always set to // For decode, the aiKeyAlg field of PUBLICKEYSTRUC is always set to
// CALG_RSA_KEYX. // CALG_RSA_KEYX.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CNG_RSA_PUBLIC_KEY_BLOB
//
// pvStructInfo points to a BCRYPT_RSAKEY_BLOB immediately followed by the
// exponent and the modulus bytes. Both the exponent and modulus are
// big endian. The private key fields consisting of cbPrime1 and cbPrime2
// are set to zero.
//
// For dwCertEncodingType = X509_ASN_ENCODING, the CNG_RSA_PUBLIC_KEY_BLOB is
// encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a
// modulus HUGEINTEGER and a publicExponent HUGEINTEGER.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_KEYGEN_REQUEST_TO_BE_SIGNED // X509_KEYGEN_REQUEST_TO_BE_SIGNED
// //
// pvStructInfo points to CERT_KEYGEN_REQUEST_INFO. // pvStructInfo points to CERT_KEYGEN_REQUEST_INFO.
// //
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its // For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()). // signature (output of a X509_CERT CryptEncodeObject()).
// //
// For CryptEncodeObject(), the pbEncoded is just the "to be signed". // For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 3415 skipping to change at line 4228
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// szOID_SUBJECT_KEY_IDENTIFIER // szOID_SUBJECT_KEY_IDENTIFIER
// //
// pvStructInfo points to a CRYPT_DATA_BLOB. // pvStructInfo points to a CRYPT_DATA_BLOB.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_AUTHORITY_INFO_ACCESS // X509_AUTHORITY_INFO_ACCESS
// szOID_AUTHORITY_INFO_ACCESS // szOID_AUTHORITY_INFO_ACCESS
// //
// X509_SUBJECT_INFO_ACCESS
// szOID_SUBJECT_INFO_ACCESS
//
// pvStructInfo points to following CERT_AUTHORITY_INFO_ACCESS. // pvStructInfo points to following CERT_AUTHORITY_INFO_ACCESS.
// //
// For CRYPT_E_INVALID_IA5_STRING, the error location is returned in // For CRYPT_E_INVALID_IA5_STRING, the error location is returned in
// *pcbEncoded by CryptEncodeObject(X509_AUTHORITY_INFO_ACCESS) // *pcbEncoded by CryptEncodeObject(X509_AUTHORITY_INFO_ACCESS)
// //
// Error location consists of: // Error location consists of:
// ENTRY_INDEX - 8 bits << 16 // ENTRY_INDEX - 8 bits << 16
// VALUE_INDEX - 16 bits (unicode character index) // VALUE_INDEX - 16 bits (unicode character index)
// //
// See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location // See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location
// defines. // defines.
//
// Note, the szOID_SUBJECT_INFO_ACCESS extension has the same ASN.1
// encoding as the szOID_AUTHORITY_INFO_ACCESS extension.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_ACCESS_DESCRIPTION { typedef struct _CERT_ACCESS_DESCRIPTION {
LPSTR pszAccessMethod; // pszObjId LPSTR pszAccessMethod; // pszObjId
CERT_ALT_NAME_ENTRY AccessLocation; CERT_ALT_NAME_ENTRY AccessLocation;
} CERT_ACCESS_DESCRIPTION, *PCERT_ACCESS_DESCRIPTION; } CERT_ACCESS_DESCRIPTION, *PCERT_ACCESS_DESCRIPTION;
typedef struct _CERT_AUTHORITY_INFO_ACCESS { typedef struct _CERT_AUTHORITY_INFO_ACCESS {
DWORD cAccDescr; DWORD cAccDescr;
PCERT_ACCESS_DESCRIPTION rgAccDescr; PCERT_ACCESS_DESCRIPTION rgAccDescr;
} CERT_AUTHORITY_INFO_ACCESS, *PCERT_AUTHORITY_INFO_ACCESS; } CERT_AUTHORITY_INFO_ACCESS, *PCERT_AUTHORITY_INFO_ACCESS,
CERT_SUBJECT_INFO_ACCESS, *PCERT_SUBJECT_INFO_ACCESS;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PKIX Access Description: Access Method Object Identifiers // PKIX Access Description: Access Method Object Identifiers
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define szOID_PKIX_ACC_DESCR "1.3.6.1.5.5.7.48" #define szOID_PKIX_ACC_DESCR "1.3.6.1.5.5.7.48"
// For szOID_AUTHORITY_INFO_ACCESS
#define szOID_PKIX_OCSP "1.3.6.1.5.5.7.48.1" #define szOID_PKIX_OCSP "1.3.6.1.5.5.7.48.1"
#define szOID_PKIX_CA_ISSUERS "1.3.6.1.5.5.7.48.2" #define szOID_PKIX_CA_ISSUERS "1.3.6.1.5.5.7.48.2"
// For szOID_SUBJECT_INFO_ACCESS
#define szOID_PKIX_TIME_STAMPING "1.3.6.1.5.5.7.48.3"
#define szOID_PKIX_CA_REPOSITORY "1.3.6.1.5.5.7.48.5"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_CRL_REASON_CODE // X509_CRL_REASON_CODE
// szOID_CRL_REASON_CODE // szOID_CRL_REASON_CODE
// //
// pvStructInfo points to an int which can be set to one of the following // pvStructInfo points to an int which can be set to one of the following
// enumerated values: // enumerated values:
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRL_REASON_UNSPECIFIED 0 #define CRL_REASON_UNSPECIFIED 0
#define CRL_REASON_KEY_COMPROMISE 1 #define CRL_REASON_KEY_COMPROMISE 1
#define CRL_REASON_CA_COMPROMISE 2 #define CRL_REASON_CA_COMPROMISE 2
skipping to change at line 3763 skipping to change at line 4589
// X509_DH_PARAMETERS // X509_DH_PARAMETERS
// //
// pvStructInfo points to following CERT_DH_PARAMETERS data structure. // pvStructInfo points to following CERT_DH_PARAMETERS data structure.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_DH_PARAMETERS { typedef struct _CERT_DH_PARAMETERS {
CRYPT_UINT_BLOB p; CRYPT_UINT_BLOB p;
CRYPT_UINT_BLOB g; CRYPT_UINT_BLOB g;
} CERT_DH_PARAMETERS, *PCERT_DH_PARAMETERS; } CERT_DH_PARAMETERS, *PCERT_DH_PARAMETERS;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_ECC_SIGNATURE
//
// pvStructInfo points to following CERT_ECC_SIGNATURE data structure.
//
// Note, identical to the above except for the names of the fields. Same
// underlying encode/decode functions are used.
//--------------------------------------------------------------------------
typedef struct _CERT_ECC_SIGNATURE {
CRYPT_UINT_BLOB r;
CRYPT_UINT_BLOB s;
} CERT_ECC_SIGNATURE, *PCERT_ECC_SIGNATURE;
//+-------------------------------------------------------------------------
// X942_DH_PARAMETERS // X942_DH_PARAMETERS
// //
// pvStructInfo points to following CERT_X942_DH_PARAMETERS data structure. // pvStructInfo points to following CERT_X942_DH_PARAMETERS data structure.
// //
// If q.cbData == 0, then, the following fields are zero'ed. // If q.cbData == 0, then, the following fields are zero'ed.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_X942_DH_VALIDATION_PARAMS { typedef struct _CERT_X942_DH_VALIDATION_PARAMS {
CRYPT_BIT_BLOB seed; CRYPT_BIT_BLOB seed;
DWORD pgenCounter; DWORD pgenCounter;
} CERT_X942_DH_VALIDATION_PARAMS, *PCERT_X942_DH_VALIDATION_PARAMS; } CERT_X942_DH_VALIDATION_PARAMS, *PCERT_X942_DH_VALIDATION_PARAMS;
skipping to change at line 3800 skipping to change at line 4639
#define CRYPT_X942_KEY_LENGTH_BYTE_LENGTH 4 #define CRYPT_X942_KEY_LENGTH_BYTE_LENGTH 4
#define CRYPT_X942_PUB_INFO_BYTE_LENGTH (512/8) #define CRYPT_X942_PUB_INFO_BYTE_LENGTH (512/8)
typedef struct _CRYPT_X942_OTHER_INFO { typedef struct _CRYPT_X942_OTHER_INFO {
LPSTR pszContentEncryptionObjId; LPSTR pszContentEncryptionObjId;
BYTE rgbCounter[CRYPT_X942_COUNTER_BYTE_LENGTH]; BYTE rgbCounter[CRYPT_X942_COUNTER_BYTE_LENGTH];
BYTE rgbKeyLength[CRYPT_X942_KEY_LENGTH_BYTE_LENGTH]; BYTE rgbKeyLength[CRYPT_X942_KEY_LENGTH_BYTE_LENGTH];
CRYPT_DATA_BLOB PubInfo; // OPTIONAL CRYPT_DATA_BLOB PubInfo; // OPTIONAL
} CRYPT_X942_OTHER_INFO, *PCRYPT_X942_OTHER_INFO; } CRYPT_X942_OTHER_INFO, *PCRYPT_X942_OTHER_INFO;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// ECC_CMS_SHARED_INFO
//
// pvStructInfo points to following ECC_CMS_SHARED_INFO data structure.
//
// rgbSuppPubInfo is in Little Endian order.
//--------------------------------------------------------------------------
#define CRYPT_ECC_CMS_SHARED_INFO_SUPPPUBINFO_BYTE_LENGTH 4
typedef struct _CRYPT_ECC_CMS_SHARED_INFO {
CRYPT_ALGORITHM_IDENTIFIER Algorithm;
CRYPT_DATA_BLOB EntityUInfo; // OPTIONAL
BYTE rgbSuppPubInfo[CRYPT_ECC_CMS_SHARED_INFO_SUPPPUB
INFO_BYTE_LENGTH];
} CRYPT_ECC_CMS_SHARED_INFO, *PCRYPT_ECC_CMS_SHARED_INFO;
//+-------------------------------------------------------------------------
// PKCS_RC2_CBC_PARAMETERS // PKCS_RC2_CBC_PARAMETERS
// szOID_RSA_RC2CBC // szOID_RSA_RC2CBC
// //
// pvStructInfo points to following CRYPT_RC2_CBC_PARAMETERS data structure. // pvStructInfo points to following CRYPT_RC2_CBC_PARAMETERS data structure.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_RC2_CBC_PARAMETERS { typedef struct _CRYPT_RC2_CBC_PARAMETERS {
DWORD dwVersion; DWORD dwVersion;
BOOL fIV; // set if has following IV BOOL fIV; // set if has following IV
BYTE rgbIV[8]; BYTE rgbIV[8];
} CRYPT_RC2_CBC_PARAMETERS, *PCRYPT_RC2_CBC_PARAMETERS; } CRYPT_RC2_CBC_PARAMETERS, *PCRYPT_RC2_CBC_PARAMETERS;
skipping to change at line 3827 skipping to change at line 4680
// PKCS_SMIME_CAPABILITIES // PKCS_SMIME_CAPABILITIES
// szOID_RSA_SMIMECapabilities // szOID_RSA_SMIMECapabilities
// //
// pvStructInfo points to following CRYPT_SMIME_CAPABILITIES data structure. // pvStructInfo points to following CRYPT_SMIME_CAPABILITIES data structure.
// //
// Note, for CryptEncodeObject(X509_ASN_ENCODING), Parameters.cbData == 0 // Note, for CryptEncodeObject(X509_ASN_ENCODING), Parameters.cbData == 0
// causes the encoded parameters to be omitted and not encoded as a NULL // causes the encoded parameters to be omitted and not encoded as a NULL
// (05 00) as is done when encoding a CRYPT_ALGORITHM_IDENTIFIER. This // (05 00) as is done when encoding a CRYPT_ALGORITHM_IDENTIFIER. This
// is per the SMIME specification for encoding capabilities. // is per the SMIME specification for encoding capabilities.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CRYPT_SMIME_CAPABILITY
typedef struct _CRYPT_SMIME_CAPABILITY { typedef struct _CRYPT_SMIME_CAPABILITY {
LPSTR pszObjId; LPSTR pszObjId;
CRYPT_OBJID_BLOB Parameters; CRYPT_OBJID_BLOB Parameters;
} CRYPT_SMIME_CAPABILITY, *PCRYPT_SMIME_CAPABILITY; } CRYPT_SMIME_CAPABILITY, *PCRYPT_SMIME_CAPABILITY;
typedef struct _CRYPT_SMIME_CAPABILITIES { typedef struct _CRYPT_SMIME_CAPABILITIES {
DWORD cCapability; DWORD cCapability;
PCRYPT_SMIME_CAPABILITY rgCapability; PCRYPT_SMIME_CAPABILITY rgCapability;
} CRYPT_SMIME_CAPABILITIES, *PCRYPT_SMIME_CAPABILITIES; } CRYPT_SMIME_CAPABILITIES, *PCRYPT_SMIME_CAPABILITIES;
// certenrolls_end
//+-------------------------------------------------------------------------
// Qualified Certificate Statements Extension Data Structures
//
// X509_QC_STATEMENTS_EXT
// szOID_QC_STATEMENTS_EXT
//
// pvStructInfo points to following CERT_QC_STATEMENTS_EXT_INFO
// data structure.
//
// Note, identical to the above except for the names of the fields. Same
// underlying encode/decode functions are used.
//--------------------------------------------------------------------------
typedef struct _CERT_QC_STATEMENT {
LPSTR pszStatementId; // pszObjId
CRYPT_OBJID_BLOB StatementInfo; // OPTIONAL
} CERT_QC_STATEMENT, *PCERT_QC_STATEMENT;
typedef struct _CERT_QC_STATEMENTS_EXT_INFO {
DWORD cStatement;
PCERT_QC_STATEMENT rgStatement;
} CERT_QC_STATEMENTS_EXT_INFO, *PCERT_QC_STATEMENTS_EXT_INFO;
// QC Statment Ids
// European Union
#define szOID_QC_EU_COMPLIANCE "0.4.0.1862.1.1"
// Secure Signature Creation Device
#define szOID_QC_SSCD "0.4.0.1862.1.4"
//+-------------------------------------------------------------------------
// X509_OBJECT_IDENTIFIER
// szOID_ECC_PUBLIC_KEY
//
// pvStructInfo points to a LPSTR of the dot representation.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_ALGORITHM_IDENTIFIER
// szOID_ECDSA_SPECIFIED
//
// pvStructInfo points to a CRYPT_ALGORITHM_IDENTIFIER.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// PKCS_RSA_SSA_PSS_PARAMETERS
// szOID_RSA_SSA_PSS
//
// pvStructInfo points to the following CRYPT_RSA_SSA_PSS_PARAMETERS
// data structure.
//
// For encoding uses the following defaults if the corresponding field
// is set to NULL or 0:
// HashAlgorithm.pszObjId : szOID_OIWSEC_sha1
// MaskGenAlgorithm.pszObjId : szOID_RSA_MGF1
// MaskGenAlgorithm.HashAlgorithm.pszObjId : HashAlgorithm.pszObjId
// dwSaltLength: cbHash
// dwTrailerField : PKCS_RSA_SSA_PSS_TRAILER_FIELD_BC
//
// Normally for encoding, only the HashAlgorithm.pszObjId field will
// need to be set.
//
// For decoding, all of fields are explicitly set.
//--------------------------------------------------------------------------
typedef struct _CRYPT_MASK_GEN_ALGORITHM {
LPSTR pszObjId;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
} CRYPT_MASK_GEN_ALGORITHM, *PCRYPT_MASK_GEN_ALGORITHM;
typedef struct _CRYPT_RSA_SSA_PSS_PARAMETERS {
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_MASK_GEN_ALGORITHM MaskGenAlgorithm;
DWORD dwSaltLength;
DWORD dwTrailerField;
} CRYPT_RSA_SSA_PSS_PARAMETERS, *PCRYPT_RSA_SSA_PSS_PARAMETERS;
#define PKCS_RSA_SSA_PSS_TRAILER_FIELD_BC 1
//+-------------------------------------------------------------------------
// PKCS_RSAES_OAEP_PARAMETERS
// szOID_RSAES_OAEP
//
// pvStructInfo points to the following CRYPT_RSAES_OAEP_PARAMETERS
// data structure.
//
// For encoding uses the following defaults if the corresponding field
// is set to NULL or 0:
// HashAlgorithm.pszObjId : szOID_OIWSEC_sha1
// MaskGenAlgorithm.pszObjId : szOID_RSA_MGF1
// MaskGenAlgorithm.HashAlgorithm.pszObjId : HashAlgorithm.pszObjId
// PSourceAlgorithm.pszObjId : szOID_RSA_PSPECIFIED
// PSourceAlgorithm.EncodingParameters.cbData : 0
// PSourceAlgorithm.EncodingParameters.pbData : NULL
//
// Normally for encoding, only the HashAlgorithm.pszObjId field will
// need to be set.
//
// For decoding, all of fields are explicitly set.
//--------------------------------------------------------------------------
typedef struct _CRYPT_PSOURCE_ALGORITHM {
LPSTR pszObjId;
CRYPT_DATA_BLOB EncodingParameters;
} CRYPT_PSOURCE_ALGORITHM, *PCRYPT_PSOURCE_ALGORITHM;
typedef struct _CRYPT_RSAES_OAEP_PARAMETERS {
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_MASK_GEN_ALGORITHM MaskGenAlgorithm;
CRYPT_PSOURCE_ALGORITHM PSourceAlgorithm;
} CRYPT_RSAES_OAEP_PARAMETERS, *PCRYPT_RSAES_OAEP_PARAMETERS;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PKCS7_SIGNER_INFO // PKCS7_SIGNER_INFO
// //
// pvStructInfo points to CMSG_SIGNER_INFO. // pvStructInfo points to CMSG_SIGNER_INFO.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMS_SIGNER_INFO // CMS_SIGNER_INFO
// //
skipping to change at line 4296 skipping to change at line 5260
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_TEMPLATE_EXT { typedef struct _CERT_TEMPLATE_EXT {
LPSTR pszObjId; LPSTR pszObjId;
DWORD dwMajorVersion; DWORD dwMajorVersion;
BOOL fMinorVersion; // TRUE for a minor version BOOL fMinorVersion; // TRUE for a minor version
DWORD dwMinorVersion; DWORD dwMinorVersion;
} CERT_TEMPLATE_EXT, *PCERT_TEMPLATE_EXT; } CERT_TEMPLATE_EXT, *PCERT_TEMPLATE_EXT;
//+========================================================================= //+=========================================================================
// Logotype Extension Data Structures
//
// X509_LOGOTYPE_EXT
// szOID_LOGOTYPE_EXT
//
// pvStructInfo points to a CERT_LOGOTYPE_EXT_INFO.
//==========================================================================
typedef struct _CERT_HASHED_URL {
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_HASH_BLOB Hash;
LPWSTR pwszUrl; // Encoded as IA5, Optional for
// biometric data
} CERT_HASHED_URL, *PCERT_HASHED_URL;
typedef struct _CERT_LOGOTYPE_DETAILS {
LPWSTR pwszMimeType; // Encoded as IA5
DWORD cHashedUrl;
PCERT_HASHED_URL rgHashedUrl;
} CERT_LOGOTYPE_DETAILS, *PCERT_LOGOTYPE_DETAILS;
typedef struct _CERT_LOGOTYPE_REFERENCE {
DWORD cHashedUrl;
PCERT_HASHED_URL rgHashedUrl;
} CERT_LOGOTYPE_REFERENCE, *PCERT_LOGOTYPE_REFERENCE;
typedef struct _CERT_LOGOTYPE_IMAGE_INFO {
// CERT_LOGOTYPE_GRAY_SCALE_IMAGE_INFO_CHOICE or
// CERT_LOGOTYPE_COLOR_IMAGE_INFO_CHOICE
DWORD dwLogotypeImageInfoChoice;
DWORD dwFileSize; // In octets
DWORD dwXSize; // Horizontal size in pixels
DWORD dwYSize; // Vertical size in pixels
DWORD dwLogotypeImageResolutionChoice;
union {
// CERT_LOGOTYPE_NO_IMAGE_RESOLUTION_CHOICE
// No resolution value
// CERT_LOGOTYPE_BITS_IMAGE_RESOLUTION_CHOICE
DWORD dwNumBits; // Resolution in bits
// CERT_LOGOTYPE_TABLE_SIZE_IMAGE_RESOLUTION_CHOICE
DWORD dwTableSize; // Number of color or grey t
ones
};
LPWSTR pwszLanguage; // Optional. Encoded as IA5.
// RFC 3066 Language Tag
} CERT_LOGOTYPE_IMAGE_INFO, *PCERT_LOGOTYPE_IMAGE_INFO;
#define CERT_LOGOTYPE_GRAY_SCALE_IMAGE_INFO_CHOICE 1
#define CERT_LOGOTYPE_COLOR_IMAGE_INFO_CHOICE 2
#define CERT_LOGOTYPE_NO_IMAGE_RESOLUTION_CHOICE 0
#define CERT_LOGOTYPE_BITS_IMAGE_RESOLUTION_CHOICE 1
#define CERT_LOGOTYPE_TABLE_SIZE_IMAGE_RESOLUTION_CHOICE 2
typedef struct _CERT_LOGOTYPE_IMAGE {
CERT_LOGOTYPE_DETAILS LogotypeDetails;
PCERT_LOGOTYPE_IMAGE_INFO pLogotypeImageInfo; // Optional
} CERT_LOGOTYPE_IMAGE, *PCERT_LOGOTYPE_IMAGE;
typedef struct _CERT_LOGOTYPE_AUDIO_INFO {
DWORD dwFileSize; // In octets
DWORD dwPlayTime; // In milliseconds
DWORD dwChannels; // 1=mono, 2=stereo, 4=quad
DWORD dwSampleRate; // Optional. 0 => not present.
// Samples per second
LPWSTR pwszLanguage; // Optional. Encoded as IA5.
// RFC 3066 Language Tag
} CERT_LOGOTYPE_AUDIO_INFO, *PCERT_LOGOTYPE_AUDIO_INFO;
typedef struct _CERT_LOGOTYPE_AUDIO {
CERT_LOGOTYPE_DETAILS LogotypeDetails;
PCERT_LOGOTYPE_AUDIO_INFO pLogotypeAudioInfo; // Optional
} CERT_LOGOTYPE_AUDIO, *PCERT_LOGOTYPE_AUDIO;
typedef struct _CERT_LOGOTYPE_DATA {
DWORD cLogotypeImage;
PCERT_LOGOTYPE_IMAGE rgLogotypeImage;
DWORD cLogotypeAudio;
PCERT_LOGOTYPE_AUDIO rgLogotypeAudio;
} CERT_LOGOTYPE_DATA, *PCERT_LOGOTYPE_DATA;
typedef struct _CERT_LOGOTYPE_INFO {
DWORD dwLogotypeInfoChoice;
union {
// CERT_LOGOTYPE_DIRECT_INFO_CHOICE
PCERT_LOGOTYPE_DATA pLogotypeDirectInfo;
// CERT_LOGOTYPE_INDIRECT_INFO_CHOICE
PCERT_LOGOTYPE_REFERENCE pLogotypeIndirectInfo;
};
} CERT_LOGOTYPE_INFO, *PCERT_LOGOTYPE_INFO;
#define CERT_LOGOTYPE_DIRECT_INFO_CHOICE 1
#define CERT_LOGOTYPE_INDIRECT_INFO_CHOICE 2
typedef struct _CERT_OTHER_LOGOTYPE_INFO {
LPSTR pszObjId;
CERT_LOGOTYPE_INFO LogotypeInfo;
} CERT_OTHER_LOGOTYPE_INFO, *PCERT_OTHER_LOGOTYPE_INFO;
#define szOID_LOYALTY_OTHER_LOGOTYPE "1.3.6.1.5.5.7.20.1"
#define szOID_BACKGROUND_OTHER_LOGOTYPE "1.3.6.1.5.5.7.20.2"
typedef struct _CERT_LOGOTYPE_EXT_INFO {
DWORD cCommunityLogo;
PCERT_LOGOTYPE_INFO rgCommunityLogo;
PCERT_LOGOTYPE_INFO pIssuerLogo; // Optional
PCERT_LOGOTYPE_INFO pSubjectLogo; // Optional
DWORD cOtherLogo;
PCERT_OTHER_LOGOTYPE_INFO rgOtherLogo;
} CERT_LOGOTYPE_EXT_INFO, *PCERT_LOGOTYPE_EXT_INFO;
//+=========================================================================
// Biometric Extension Data Structures
//
// X509_BIOMETRIC_EXT
// szOID_BIOMETRIC_EXT
//
// pvStructInfo points to following CERT_BIOMETRIC_EXT_INFO data structure.
//==========================================================================
typedef struct _CERT_BIOMETRIC_DATA {
DWORD dwTypeOfBiometricDataChoice;
union {
// CERT_BIOMETRIC_PREDEFINED_DATA_CHOICE
DWORD dwPredefined;
// CERT_BIOMETRIC_OID_DATA_CHOICE
LPSTR pszObjId;
};
CERT_HASHED_URL HashedUrl; // pwszUrl is Optional.
} CERT_BIOMETRIC_DATA, *PCERT_BIOMETRIC_DATA;
#define CERT_BIOMETRIC_PREDEFINED_DATA_CHOICE 1
#define CERT_BIOMETRIC_OID_DATA_CHOICE 2
#define CERT_BIOMETRIC_PICTURE_TYPE 0
#define CERT_BIOMETRIC_SIGNATURE_TYPE 1
typedef struct _CERT_BIOMETRIC_EXT_INFO {
DWORD cBiometricData;
PCERT_BIOMETRIC_DATA rgBiometricData;
} CERT_BIOMETRIC_EXT_INFO, *PCERT_BIOMETRIC_EXT_INFO;
//+=========================================================================
// Online Certificate Status Protocol (OCSP) Data Structures
//==========================================================================
//+-------------------------------------------------------------------------
// OCSP_SIGNED_REQUEST
//
// OCSP signed request.
//
// Note, in most instances, pOptionalSignatureInfo will be NULL indicating
// no signature is present.
//--------------------------------------------------------------------------
typedef struct _OCSP_SIGNATURE_INFO {
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CRYPT_BIT_BLOB Signature;
DWORD cCertEncoded;
PCERT_BLOB rgCertEncoded;
} OCSP_SIGNATURE_INFO, *POCSP_SIGNATURE_INFO;
typedef struct _OCSP_SIGNED_REQUEST_INFO {
CRYPT_DER_BLOB ToBeSigned; // Encoded OCSP_REQUEST
POCSP_SIGNATURE_INFO pOptionalSignatureInfo; // NULL, no signature
} OCSP_SIGNED_REQUEST_INFO, *POCSP_SIGNED_REQUEST_INFO;
//+-------------------------------------------------------------------------
// OCSP_REQUEST
//
// ToBeSigned OCSP request.
//--------------------------------------------------------------------------
typedef struct _OCSP_CERT_ID {
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; // Normally SHA1
CRYPT_HASH_BLOB IssuerNameHash; // Hash of encoded name
CRYPT_HASH_BLOB IssuerKeyHash; // Hash of PublicKey bits
CRYPT_INTEGER_BLOB SerialNumber;
} OCSP_CERT_ID, *POCSP_CERT_ID;
typedef struct _OCSP_REQUEST_ENTRY {
OCSP_CERT_ID CertId;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} OCSP_REQUEST_ENTRY, *POCSP_REQUEST_ENTRY;
typedef struct _OCSP_REQUEST_INFO {
DWORD dwVersion;
PCERT_ALT_NAME_ENTRY pRequestorName; // OPTIONAL
DWORD cRequestEntry;
POCSP_REQUEST_ENTRY rgRequestEntry;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} OCSP_REQUEST_INFO, *POCSP_REQUEST_INFO;
#define OCSP_REQUEST_V1 0
//+-------------------------------------------------------------------------
// OCSP_RESPONSE
//
// OCSP outer, unsigned response wrapper.
//--------------------------------------------------------------------------
typedef struct _OCSP_RESPONSE_INFO {
DWORD dwStatus;
LPSTR pszObjId; // OPTIONAL, may be NULL
CRYPT_OBJID_BLOB Value; // OPTIONAL
} OCSP_RESPONSE_INFO, *POCSP_RESPONSE_INFO;
#define OCSP_SUCCESSFUL_RESPONSE 0
#define OCSP_MALFORMED_REQUEST_RESPONSE 1
#define OCSP_INTERNAL_ERROR_RESPONSE 2
#define OCSP_TRY_LATER_RESPONSE 3
// 4 is not used
#define OCSP_SIG_REQUIRED_RESPONSE 5
#define OCSP_UNAUTHORIZED_RESPONSE 6
#define szOID_PKIX_OCSP_BASIC_SIGNED_RESPONSE "1.3.6.1.5.5.7.48.1.1"
//+-------------------------------------------------------------------------
// OCSP_BASIC_SIGNED_RESPONSE
// szOID_PKIX_OCSP_BASIC_SIGNED_RESPONSE
//
// OCSP basic signed response.
//--------------------------------------------------------------------------
typedef struct _OCSP_BASIC_SIGNED_RESPONSE_INFO {
CRYPT_DER_BLOB ToBeSigned; // Encoded OCSP_BASIC_RESPONSE
OCSP_SIGNATURE_INFO SignatureInfo;
} OCSP_BASIC_SIGNED_RESPONSE_INFO, *POCSP_BASIC_SIGNED_RESPONSE_INFO;
//+-------------------------------------------------------------------------
// OCSP_BASIC_RESPONSE
//
// ToBeSigned OCSP basic response.
//--------------------------------------------------------------------------
typedef struct _OCSP_BASIC_REVOKED_INFO {
FILETIME RevocationDate;
// See X509_CRL_REASON_CODE for list of reason codes
DWORD dwCrlReasonCode;
} OCSP_BASIC_REVOKED_INFO, *POCSP_BASIC_REVOKED_INFO;
typedef struct _OCSP_BASIC_RESPONSE_ENTRY {
OCSP_CERT_ID CertId;
DWORD dwCertStatus;
union {
// OCSP_BASIC_GOOD_CERT_STATUS
// OCSP_BASIC_UNKNOWN_CERT_STATUS
// No additional information
// OCSP_BASIC_REVOKED_CERT_STATUS
POCSP_BASIC_REVOKED_INFO pRevokedInfo;
};
FILETIME ThisUpdate;
FILETIME NextUpdate; // Optional, zero filetime implies
// never expires
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} OCSP_BASIC_RESPONSE_ENTRY, *POCSP_BASIC_RESPONSE_ENTRY;
#define OCSP_BASIC_GOOD_CERT_STATUS 0
#define OCSP_BASIC_REVOKED_CERT_STATUS 1
#define OCSP_BASIC_UNKNOWN_CERT_STATUS 2
typedef struct _OCSP_BASIC_RESPONSE_INFO {
DWORD dwVersion;
DWORD dwResponderIdChoice;
union {
// OCSP_BASIC_BY_NAME_RESPONDER_ID
CERT_NAME_BLOB ByNameResponderId;
// OCSP_BASIC_BY_KEY_RESPONDER_ID
CRYPT_HASH_BLOB ByKeyResponderId;
};
FILETIME ProducedAt;
DWORD cResponseEntry;
POCSP_BASIC_RESPONSE_ENTRY rgResponseEntry;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} OCSP_BASIC_RESPONSE_INFO, *POCSP_BASIC_RESPONSE_INFO;
#define OCSP_BASIC_RESPONSE_V1 0
#define OCSP_BASIC_BY_NAME_RESPONDER_ID 1
#define OCSP_BASIC_BY_KEY_RESPONDER_ID 2
//+=========================================================================
// Object IDentifier (OID) Installable Functions: Data Structures and APIs // Object IDentifier (OID) Installable Functions: Data Structures and APIs
//========================================================================== //==========================================================================
typedef void *HCRYPTOIDFUNCSET; typedef void *HCRYPTOIDFUNCSET;
typedef void *HCRYPTOIDFUNCADDR; typedef void *HCRYPTOIDFUNCADDR;
// Predefined OID Function Names // Predefined OID Function Names
#define CRYPT_OID_ENCODE_OBJECT_FUNC "CryptDllEncodeObject" #define CRYPT_OID_ENCODE_OBJECT_FUNC "CryptDllEncodeObject"
#define CRYPT_OID_DECODE_OBJECT_FUNC "CryptDllDecodeObject" #define CRYPT_OID_DECODE_OBJECT_FUNC "CryptDllDecodeObject"
#define CRYPT_OID_ENCODE_OBJECT_EX_FUNC "CryptDllEncodeObjectEx" #define CRYPT_OID_ENCODE_OBJECT_EX_FUNC "CryptDllEncodeObjectEx"
skipping to change at line 4334 skipping to change at line 5593
// CryptDllDecodeObjectEx has same function signature as CryptDecodeObjectEx. // CryptDllDecodeObjectEx has same function signature as CryptDecodeObjectEx.
// The Ex version MUST support the CRYPT_DECODE_ALLOC_FLAG option. // The Ex version MUST support the CRYPT_DECODE_ALLOC_FLAG option.
// //
// If an Ex function isn't installed or registered, then, attempts to find // If an Ex function isn't installed or registered, then, attempts to find
// a non-EX version. If the ALLOC flag is set, then, CryptDecodeObjectEx, // a non-EX version. If the ALLOC flag is set, then, CryptDecodeObjectEx,
// does the allocation and calls the non-EX version twice. // does the allocation and calls the non-EX version twice.
// CryptDllCreateCOMObject has the following signature: // CryptDllCreateCOMObject has the following signature:
// BOOL WINAPI CryptDllCreateCOMObject( // BOOL WINAPI CryptDllCreateCOMObject(
// IN DWORD dwEncodingType, // __in DWORD dwEncodingType,
// IN LPCSTR pszOID, // __in LPCSTR pszOID,
// IN PCRYPT_DATA_BLOB pEncodedContent, // __In PCRYPT_DATA_BLOB pEncodedContent,
// IN DWORD dwFlags, // __in DWORD dwFlags,
// IN REFIID riid, // __in REFIID riid,
// OUT void **ppvObj); // __deref_out void **ppvObj);
// CertDllVerifyRevocation has the same signature as CertVerifyRevocation // CertDllVerifyRevocation has the same signature as CertVerifyRevocation
// (See CertVerifyRevocation for details on when called) // (See CertVerifyRevocation for details on when called)
// CertDllVerifyCTLUsage has the same signature as CertVerifyCTLUsage // CertDllVerifyCTLUsage has the same signature as CertVerifyCTLUsage
// CryptDllFindOIDInfo currently is only used to store values used by // CryptDllFindOIDInfo currently is only used to store values used by
// CryptFindOIDInfo. See CryptFindOIDInfo() for more details. // CryptFindOIDInfo. See CryptFindOIDInfo() for more details.
// CryptDllFindLocalizedName is only used to store localized string // CryptDllFindLocalizedName is only used to store localized string
skipping to change at line 4401 skipping to change at line 5660
// case when the Dll has also regsvr32'ed OID functions via // case when the Dll has also regsvr32'ed OID functions via
// CryptRegisterOIDFunction. // CryptRegisterOIDFunction.
// //
// DEFAULT functions are installed by setting rgFuncEntry[].pszOID = // DEFAULT functions are installed by setting rgFuncEntry[].pszOID =
// CRYPT_DEFAULT_OID. // CRYPT_DEFAULT_OID.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptInstallOIDFunctionAddress( CryptInstallOIDFunctionAddress(
IN HMODULE hModule, // hModule passed to DllMain __in_opt HMODULE hModule, // hModule passed to DllMain
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN LPCSTR pszFuncName, __in LPCSTR pszFuncName,
IN DWORD cFuncEntry, __in DWORD cFuncEntry,
IN const CRYPT_OID_FUNC_ENTRY rgFuncEntry[], __in_ecount(cFuncEntry) const CRYPT_OID_FUNC_ENTRY rgFuncEntry[],
IN DWORD dwFlags __in DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Initialize and return handle to the OID function set identified by its // Initialize and return handle to the OID function set identified by its
// function name. // function name.
// //
// If the set already exists, a handle to the existing set is returned. // If the set already exists, a handle to the existing set is returned.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCRYPTOIDFUNCSET HCRYPTOIDFUNCSET
WINAPI WINAPI
CryptInitOIDFunctionSet( CryptInitOIDFunctionSet(
IN LPCSTR pszFuncName, __in LPCSTR pszFuncName,
IN DWORD dwFlags __in DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Search the list of installed functions for an encoding type and OID match. // Search the list of installed functions for an encoding type and OID match.
// If not found, search the registry. // If not found, search the registry.
// //
// For success, returns TRUE with *ppvFuncAddr updated with the function's // For success, returns TRUE with *ppvFuncAddr updated with the function's
// address and *phFuncAddr updated with the function address's handle. // address and *phFuncAddr updated with the function address's handle.
// The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to // The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to
// be called to release it. // be called to release it.
skipping to change at line 4442 skipping to change at line 5701
// For a registry match, the Dll containing the function is loaded. // For a registry match, the Dll containing the function is loaded.
// //
// By default, both the registered and installed function lists are searched. // By default, both the registered and installed function lists are searched.
// Set CRYPT_GET_INSTALLED_OID_FUNC_FLAG to only search the installed list // Set CRYPT_GET_INSTALLED_OID_FUNC_FLAG to only search the installed list
// of functions. This flag would be set by a registered function to get // of functions. This flag would be set by a registered function to get
// the address of a pre-installed function it was replacing. For example, // the address of a pre-installed function it was replacing. For example,
// the registered function might handle a new special case and call the // the registered function might handle a new special case and call the
// pre-installed function to handle the remaining cases. // pre-installed function to handle the remaining cases.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptGetOIDFunctionAddress( CryptGetOIDFunctionAddress(
IN HCRYPTOIDFUNCSET hFuncSet, __in HCRYPTOIDFUNCSET hFuncSet,
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN LPCSTR pszOID, __in LPCSTR pszOID,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT void **ppvFuncAddr, __deref_out void **ppvFuncAddr,
OUT HCRYPTOIDFUNCADDR *phFuncAddr __out HCRYPTOIDFUNCADDR *phFuncAddr
); );
#define CRYPT_GET_INSTALLED_OID_FUNC_FLAG 0x1 #define CRYPT_GET_INSTALLED_OID_FUNC_FLAG 0x1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the list of registered default Dll entries for the specified // Get the list of registered default Dll entries for the specified
// function set and encoding type. // function set and encoding type.
// //
// The returned list consists of none, one or more null terminated Dll file // The returned list consists of none, one or more null terminated Dll file
// names. The list is terminated with an empty (L"\0") Dll file name. // names. The list is terminated with an empty (L"\0") Dll file name.
// For example: L"first.dll" L"\0" L"second.dll" L"\0" L"\0" // For example: L"first.dll" L"\0" L"second.dll" L"\0" L"\0"
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptGetDefaultOIDDllList( CryptGetDefaultOIDDllList(
IN HCRYPTOIDFUNCSET hFuncSet, __in HCRYPTOIDFUNCSET hFuncSet,
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
OUT LPWSTR pwszDllList, __out_ecount_part_opt(*pcchDllList, *pcchDllList) __nullnullterminated WCHAR
IN OUT DWORD *pcchDllList *pwszDllList,
__inout DWORD *pcchDllList
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Either: get the first or next installed DEFAULT function OR // Either: get the first or next installed DEFAULT function OR
// load the Dll containing the DEFAULT function. // load the Dll containing the DEFAULT function.
// //
// If pwszDll is NULL, search the list of installed DEFAULT functions. // If pwszDll is NULL, search the list of installed DEFAULT functions.
// *phFuncAddr must be set to NULL to get the first installed function. // *phFuncAddr must be set to NULL to get the first installed function.
// Successive installed functions are returned by setting *phFuncAddr // Successive installed functions are returned by setting *phFuncAddr
// to the hFuncAddr returned by the previous call. // to the hFuncAddr returned by the previous call.
skipping to change at line 4497 skipping to change at line 5757
// function. *phFuncAddr is ignored upon entry and isn't // function. *phFuncAddr is ignored upon entry and isn't
// CryptFreeOIDFunctionAddress'ed. // CryptFreeOIDFunctionAddress'ed.
// //
// For success, returns TRUE with *ppvFuncAddr updated with the function's // For success, returns TRUE with *ppvFuncAddr updated with the function's
// address and *phFuncAddr updated with the function address's handle. // address and *phFuncAddr updated with the function address's handle.
// The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to // The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to
// be called to release it or CryptGetDefaultOIDFunctionAddress can also // be called to release it or CryptGetDefaultOIDFunctionAddress can also
// be called for a NULL pwszDll. // be called for a NULL pwszDll.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptGetDefaultOIDFunctionAddress( CryptGetDefaultOIDFunctionAddress(
IN HCRYPTOIDFUNCSET hFuncSet, __in HCRYPTOIDFUNCSET hFuncSet,
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN OPTIONAL LPCWSTR pwszDll, __in_opt LPCWSTR pwszDll,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT void **ppvFuncAddr, __deref_out void **ppvFuncAddr,
IN OUT HCRYPTOIDFUNCADDR *phFuncAddr __inout HCRYPTOIDFUNCADDR *phFuncAddr
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Releases the handle AddRef'ed and returned by CryptGetOIDFunctionAddress // Releases the handle AddRef'ed and returned by CryptGetOIDFunctionAddress
// or CryptGetDefaultOIDFunctionAddress. // or CryptGetDefaultOIDFunctionAddress.
// //
// If a Dll was loaded for the function its unloaded. However, before doing // If a Dll was loaded for the function its unloaded. However, before doing
// the unload, the DllCanUnloadNow function exported by the loaded Dll is // the unload, the DllCanUnloadNow function exported by the loaded Dll is
// called. It should return S_FALSE to inhibit the unload or S_TRUE to enable // called. It should return S_FALSE to inhibit the unload or S_TRUE to enable
// the unload. If the Dll doesn't export DllCanUnloadNow, the Dll is unloaded. // the unload. If the Dll doesn't export DllCanUnloadNow, the Dll is unloaded.
// //
// DllCanUnloadNow has the following signature: // DllCanUnloadNow has the following signature:
// STDAPI DllCanUnloadNow(void); // STDAPI DllCanUnloadNow(void);
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptFreeOIDFunctionAddress( CryptFreeOIDFunctionAddress(
IN HCRYPTOIDFUNCADDR hFuncAddr, __in HCRYPTOIDFUNCADDR hFuncAddr,
IN DWORD dwFlags __in DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Register the Dll containing the function to be called for the specified // Register the Dll containing the function to be called for the specified
// encoding type, function name and OID. // encoding type, function name and OID.
// //
// pwszDll may contain environment-variable strings // pwszDll may contain environment-variable strings
// which are ExpandEnvironmentStrings()'ed before loading the Dll. // which are ExpandEnvironmentStrings()'ed before loading the Dll.
// //
// In addition to registering the DLL, you may override the // In addition to registering the DLL, you may override the
// name of the function to be called. For example, // name of the function to be called. For example,
// pszFuncName = "CryptDllEncodeObject", // pszFuncName = "CryptDllEncodeObject",
// pszOverrideFuncName = "MyEncodeXyz". // pszOverrideFuncName = "MyEncodeXyz".
// This allows a Dll to export multiple OID functions for the same // This allows a Dll to export multiple OID functions for the same
// function name without needing to interpose its own OID dispatcher function. // function name without needing to interpose its own OID dispatcher function.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptRegisterOIDFunction( CryptRegisterOIDFunction(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN LPCSTR pszFuncName, __in LPCSTR pszFuncName,
IN LPCSTR pszOID, __in LPCSTR pszOID,
IN OPTIONAL LPCWSTR pwszDll, __in_opt LPCWSTR pwszDll,
IN OPTIONAL LPCSTR pszOverrideFuncName __in_opt LPCSTR pszOverrideFuncName
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Unregister the Dll containing the function to be called for the specified // Unregister the Dll containing the function to be called for the specified
// encoding type, function name and OID. // encoding type, function name and OID.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUnregisterOIDFunction( CryptUnregisterOIDFunction(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN LPCSTR pszFuncName, __in LPCSTR pszFuncName,
IN LPCSTR pszOID __in LPCSTR pszOID
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Register the Dll containing the default function to be called for the // Register the Dll containing the default function to be called for the
// specified encoding type and function name. // specified encoding type and function name.
// //
// Unlike CryptRegisterOIDFunction, you can't override the function name // Unlike CryptRegisterOIDFunction, you can't override the function name
// needing to be exported by the Dll. // needing to be exported by the Dll.
// //
// The Dll is inserted before the entry specified by dwIndex. // The Dll is inserted before the entry specified by dwIndex.
// dwIndex == 0, inserts at the beginning. // dwIndex == 0, inserts at the beginning.
// dwIndex == CRYPT_REGISTER_LAST_INDEX, appends at the end. // dwIndex == CRYPT_REGISTER_LAST_INDEX, appends at the end.
// //
// pwszDll may contain environment-variable strings // pwszDll may contain environment-variable strings
// which are ExpandEnvironmentStrings()'ed before loading the Dll. // which are ExpandEnvironmentStrings()'ed before loading the Dll.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptRegisterDefaultOIDFunction( CryptRegisterDefaultOIDFunction(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN LPCSTR pszFuncName, __in LPCSTR pszFuncName,
IN DWORD dwIndex, __in DWORD dwIndex,
IN LPCWSTR pwszDll __in LPCWSTR pwszDll
); );
#define CRYPT_REGISTER_FIRST_INDEX 0 #define CRYPT_REGISTER_FIRST_INDEX 0
#define CRYPT_REGISTER_LAST_INDEX 0xFFFFFFFF #define CRYPT_REGISTER_LAST_INDEX 0xFFFFFFFF
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Unregister the Dll containing the default function to be called for // Unregister the Dll containing the default function to be called for
// the specified encoding type and function name. // the specified encoding type and function name.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUnregisterDefaultOIDFunction( CryptUnregisterDefaultOIDFunction(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN LPCSTR pszFuncName, __in LPCSTR pszFuncName,
IN LPCWSTR pwszDll __in LPCWSTR pwszDll
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set the value for the specified encoding type, function name, OID and // Set the value for the specified encoding type, function name, OID and
// value name. // value name.
// //
// See RegSetValueEx for the possible value types. // See RegSetValueEx for the possible value types.
// //
// String types are UNICODE. // String types are UNICODE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSetOIDFunctionValue( CryptSetOIDFunctionValue(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN LPCSTR pszFuncName, __in LPCSTR pszFuncName,
IN LPCSTR pszOID, __in LPCSTR pszOID,
IN LPCWSTR pwszValueName, __in_opt LPCWSTR pwszValueName,
IN DWORD dwValueType, __in DWORD dwValueType,
IN const BYTE *pbValueData, __in_bcount_opt(cbValueData) const BYTE *pbValueData,
IN DWORD cbValueData __in DWORD cbValueData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the value for the specified encoding type, function name, OID and // Get the value for the specified encoding type, function name, OID and
// value name. // value name.
// //
// See RegEnumValue for the possible value types. // See RegEnumValue for the possible value types.
// //
// String types are UNICODE. // String types are UNICODE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptGetOIDFunctionValue( CryptGetOIDFunctionValue(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN LPCSTR pszFuncName, __in LPCSTR pszFuncName,
IN LPCSTR pszOID, __in LPCSTR pszOID,
IN LPCWSTR pwszValueName, __in_opt LPCWSTR pwszValueName,
OUT DWORD *pdwValueType, __out_opt DWORD *pdwValueType,
OUT BYTE *pbValueData, __out_bcount_part_opt(*pcbValueData, *pcbValueData) BYTE *pbValueData,
IN OUT DWORD *pcbValueData __inout_opt DWORD *pcbValueData
); );
typedef BOOL (WINAPI *PFN_CRYPT_ENUM_OID_FUNC)( typedef BOOL (WINAPI *PFN_CRYPT_ENUM_OID_FUNC)(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN LPCSTR pszFuncName, __in LPCSTR pszFuncName,
IN LPCSTR pszOID, __in LPCSTR pszOID,
IN DWORD cValue, __in DWORD cValue,
IN const DWORD rgdwValueType[], __in_ecount(cValue) const DWORD rgdwValueType[],
IN LPCWSTR const rgpwszValueName[], __in_ecount(cValue) LPCWSTR const rgpwszValueName[],
IN const BYTE * const rgpbValueData[], __in_ecount(cValue) const BYTE * const rgpbValueData[],
IN const DWORD rgcbValueData[], __in_ecount(cValue) const DWORD rgcbValueData[],
IN void *pvArg __inout_opt void *pvArg
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the OID functions identified by their encoding type, // Enumerate the OID functions identified by their encoding type,
// function name and OID. // function name and OID.
// //
// pfnEnumOIDFunc is called for each registry key matching the input // pfnEnumOIDFunc is called for each registry key matching the input
// parameters. Setting dwEncodingType to CRYPT_MATCH_ANY_ENCODING_TYPE matches // parameters. Setting dwEncodingType to CRYPT_MATCH_ANY_ENCODING_TYPE matches
// any. Setting pszFuncName or pszOID to NULL matches any. // any. Setting pszFuncName or pszOID to NULL matches any.
// //
// Set pszOID == CRYPT_DEFAULT_OID to restrict the enumeration to only the // Set pszOID == CRYPT_DEFAULT_OID to restrict the enumeration to only the
// DEFAULT functions // DEFAULT functions
// //
// String types are UNICODE. // String types are UNICODE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEnumOIDFunction( CryptEnumOIDFunction(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN OPTIONAL LPCSTR pszFuncName, __in_opt LPCSTR pszFuncName,
IN OPTIONAL LPCSTR pszOID, __in_opt LPCSTR pszOID,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvArg, __inout_opt void *pvArg,
IN PFN_CRYPT_ENUM_OID_FUNC pfnEnumOIDFunc __callback PFN_CRYPT_ENUM_OID_FUNC pfnEnumOIDFunc
); );
#define CRYPT_MATCH_ANY_ENCODING_TYPE 0xFFFFFFFF #define CRYPT_MATCH_ANY_ENCODING_TYPE 0xFFFFFFFF
//+========================================================================= //+=========================================================================
// Object IDentifier (OID) Information: Data Structures and APIs // Object IDentifier (OID) Information: Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Special ALG_ID's used in CRYPT_OID_INFO
//--------------------------------------------------------------------------
// Algorithm is only implemented in CNG.
#define CALG_OID_INFO_CNG_ONLY 0xFFFFFFFF
// Algorithm is defined in the encoded parameters. Only supported
// using CNG.
#define CALG_OID_INFO_PARAMETERS 0xFFFFFFFE
// Macro to check for a special ALG_ID used in CRYPT_OID_INFO
#define IS_SPECIAL_OID_INFO_ALGID(Algid) (Algid >= CALG_OID_INFO_PARAMETE
RS)
//+-------------------------------------------------------------------------
// Special CNG Algorithms used in CRYPT_OID_INFO
//--------------------------------------------------------------------------
#define CRYPT_OID_INFO_HASH_PARAMETERS_ALGORITHM L"CryptOIDInfoHashParameters"
#define CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM L"CryptOIDInfoECCParameters"
#define CRYPT_OID_INFO_MGF1_PARAMETERS_ALGORITHM L"CryptOIDInfoMgf1Parameters"
#define CRYPT_OID_INFO_NO_SIGN_ALGORITHM L"CryptOIDInfoNoSign"
#define CRYPT_OID_INFO_OAEP_PARAMETERS_ALGORITHM L"CryptOIDInfoOAEPParameters"
#define CRYPT_OID_INFO_ECC_WRAP_PARAMETERS_ALGORITHM L"CryptOIDInfoECCWrapParame
ters"
//+-------------------------------------------------------------------------
// OID Information // OID Information
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_OID_INFO { typedef struct _CRYPT_OID_INFO {
DWORD cbSize; DWORD cbSize;
LPCSTR pszOID; LPCSTR pszOID;
LPCWSTR pwszName; LPCWSTR pwszName;
DWORD dwGroupId; DWORD dwGroupId;
union { union {
DWORD dwValue; DWORD dwValue;
ALG_ID Algid; ALG_ID Algid;
DWORD dwLength; DWORD dwLength;
}; };
CRYPT_DATA_BLOB ExtraInfo; CRYPT_DATA_BLOB ExtraInfo;
#ifdef CRYPT_OID_INFO_HAS_EXTRA_FIELDS
// Note, if you #define CRYPT_OID_INFO_HAS_EXTRA_FIELDS, then, you
// must zero all unused fields in this data structure.
// More fields could be added in a future release.
// The following 2 fields are set to an empty string, L"", if not defined.
// This is the Algid string passed to the BCrypt* and NCrypt* APIs
// defined in bcrypt.h and ncrypt.h.
//
// Its only applicable to the following groups:
// CRYPT_HASH_ALG_OID_GROUP_ID
// CRYPT_ENCRYPT_ALG_OID_GROUP_ID
// CRYPT_PUBKEY_ALG_OID_GROUP_ID
// CRYPT_SIGN_ALG_OID_GROUP_ID
LPCWSTR pwszCNGAlgid;
// Following is only applicable to the following groups:
// CRYPT_SIGN_ALG_OID_GROUP_ID
// The public key pwszCNGAlgid. For ECC,
// CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM.
// CRYPT_PUBKEY_ALG_OID_GROUP_ID
// For the ECC algorithms, CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM.
LPCWSTR pwszCNGExtraAlgid;
#endif
} CRYPT_OID_INFO, *PCRYPT_OID_INFO; } CRYPT_OID_INFO, *PCRYPT_OID_INFO;
typedef const CRYPT_OID_INFO CCRYPT_OID_INFO, *PCCRYPT_OID_INFO; typedef const CRYPT_OID_INFO CCRYPT_OID_INFO, *PCCRYPT_OID_INFO;
// certenrolld_begin -- CRYPT_*_OID_GROUP_ID
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// OID Group IDs // OID Group IDs
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_HASH_ALG_OID_GROUP_ID 1 #define CRYPT_HASH_ALG_OID_GROUP_ID 1
#define CRYPT_ENCRYPT_ALG_OID_GROUP_ID 2 #define CRYPT_ENCRYPT_ALG_OID_GROUP_ID 2
#define CRYPT_PUBKEY_ALG_OID_GROUP_ID 3 #define CRYPT_PUBKEY_ALG_OID_GROUP_ID 3
#define CRYPT_SIGN_ALG_OID_GROUP_ID 4 #define CRYPT_SIGN_ALG_OID_GROUP_ID 4
#define CRYPT_RDN_ATTR_OID_GROUP_ID 5 #define CRYPT_RDN_ATTR_OID_GROUP_ID 5
#define CRYPT_EXT_OR_ATTR_OID_GROUP_ID 6 #define CRYPT_EXT_OR_ATTR_OID_GROUP_ID 6
#define CRYPT_ENHKEY_USAGE_OID_GROUP_ID 7 #define CRYPT_ENHKEY_USAGE_OID_GROUP_ID 7
#define CRYPT_POLICY_OID_GROUP_ID 8 #define CRYPT_POLICY_OID_GROUP_ID 8
#define CRYPT_TEMPLATE_OID_GROUP_ID 9 #define CRYPT_TEMPLATE_OID_GROUP_ID 9
#define CRYPT_LAST_OID_GROUP_ID 9 #define CRYPT_LAST_OID_GROUP_ID 9
#define CRYPT_FIRST_ALG_OID_GROUP_ID CRYPT_HASH_ALG_OID_GROUP_ID #define CRYPT_FIRST_ALG_OID_GROUP_ID CRYPT_HASH_ALG_OID_GROUP_ID
#define CRYPT_LAST_ALG_OID_GROUP_ID CRYPT_SIGN_ALG_OID_GROUP_ID #define CRYPT_LAST_ALG_OID_GROUP_ID CRYPT_SIGN_ALG_OID_GROUP_ID
// certenrolld_end
// The CRYPT_*_ALG_OID_GROUP_ID's have an Algid. The CRYPT_RDN_ATTR_OID_GROUP_ID // The CRYPT_*_ALG_OID_GROUP_ID's have an Algid. The CRYPT_RDN_ATTR_OID_GROUP_ID
// has a dwLength. The CRYPT_EXT_OR_ATTR_OID_GROUP_ID, // has a dwLength. The CRYPT_EXT_OR_ATTR_OID_GROUP_ID,
// CRYPT_ENHKEY_USAGE_OID_GROUP_ID, CRYPT_POLICY_OID_GROUP_ID or // CRYPT_ENHKEY_USAGE_OID_GROUP_ID, CRYPT_POLICY_OID_GROUP_ID or
// CRYPT_TEMPLATE_OID_GROUP_ID don't have a dwValue. // CRYPT_TEMPLATE_OID_GROUP_ID don't have a dwValue.
// //
// CRYPT_ENCRYPT_ALG_OID_GROUP_ID has the following optional ExtraInfo
// for AES algorithms:
// DWORD[0] - dwBitLength
// CRYPT_PUBKEY_ALG_OID_GROUP_ID has the following optional ExtraInfo: // CRYPT_PUBKEY_ALG_OID_GROUP_ID has the following optional ExtraInfo:
// DWORD[0] - Flags. CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG can be set to // DWORD[0] - Flags. CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG can be set to
// inhibit the reformatting of the signature before // inhibit the reformatting of the signature before
// CryptVerifySignature is called or after CryptSignHash // CryptVerifySignature is called or after CryptSignHash
// is called. CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG can // is called. CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG can
// be set to include the public key algorithm's parameters // be set to include the public key algorithm's parameters
// in the PKCS7's digestEncryptionAlgorithm's parameters. // in the PKCS7's digestEncryptionAlgorithm's parameters.
// CRYPT_OID_NO_NULL_ALGORITHM_PARA_FLAG can be set to omit // CRYPT_OID_NO_NULL_ALGORITHM_PARA_FLAG can be set to omit
// NULL parameters when encoding. // NULL parameters when encoding.
//
// For the ECC named curve public keys
// DWORD[1] - BCRYPT_ECCKEY_BLOB dwMagic field value
// DWORD[2] - dwBitLength. Where BCRYPT_ECCKEY_BLOB's
// cbKey = dwBitLength / 8 + ((dwBitLength % 8) ? 1 : 0)
//
#define CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG 0x1 #define CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG 0x00000001
#define CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG 0x2 #define CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG 0x00000002
#define CRYPT_OID_NO_NULL_ALGORITHM_PARA_FLAG 0x4 #define CRYPT_OID_NO_NULL_ALGORITHM_PARA_FLAG 0x00000004
#define CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG 0x80000000
#define CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG 0x40000000
// CRYPT_SIGN_ALG_OID_GROUP_ID has the following optional ExtraInfo: // CRYPT_SIGN_ALG_OID_GROUP_ID has the following optional ExtraInfo:
// DWORD[0] - Public Key Algid. // DWORD[0] - Public Key Algid.
// DWORD[1] - Flags. Same as above for CRYPT_PUBKEY_ALG_OID_GROUP_ID. // DWORD[1] - Flags. Same as above for CRYPT_PUBKEY_ALG_OID_GROUP_ID.
// DWORD[2] - Optional CryptAcquireContext(CRYPT_VERIFYCONTEXT)'s dwProvType. // DWORD[2] - Optional CryptAcquireContext(CRYPT_VERIFYCONTEXT)'s dwProvType.
// If omitted or 0, uses Public Key Algid to select // If omitted or 0, uses Public Key Algid to select
// appropriate dwProvType for signature verification. // appropriate dwProvType for signature verification.
// CRYPT_RDN_ATTR_OID_GROUP_ID has the following optional ExtraInfo: // CRYPT_RDN_ATTR_OID_GROUP_ID has the following optional ExtraInfo:
// Array of DWORDs: // Array of DWORDs:
skipping to change at line 4770 skipping to change at line 6095
// for the specified key and group. Note, returns a pointer to a constant // for the specified key and group. Note, returns a pointer to a constant
// data structure. The returned pointer MUST NOT be freed. // data structure. The returned pointer MUST NOT be freed.
// //
// dwKeyType's: // dwKeyType's:
// CRYPT_OID_INFO_OID_KEY, pvKey points to a szOID // CRYPT_OID_INFO_OID_KEY, pvKey points to a szOID
// CRYPT_OID_INFO_NAME_KEY, pvKey points to a wszName // CRYPT_OID_INFO_NAME_KEY, pvKey points to a wszName
// CRYPT_OID_INFO_ALGID_KEY, pvKey points to an ALG_ID // CRYPT_OID_INFO_ALGID_KEY, pvKey points to an ALG_ID
// CRYPT_OID_INFO_SIGN_KEY, pvKey points to an array of two ALG_ID's: // CRYPT_OID_INFO_SIGN_KEY, pvKey points to an array of two ALG_ID's:
// ALG_ID[0] - Hash Algid // ALG_ID[0] - Hash Algid
// ALG_ID[1] - PubKey Algid // ALG_ID[1] - PubKey Algid
// CRYPT_OID_INFO_CNG_ALGID_KEY, pvKey points to a wszCNGAlgid
// CRYPT_OID_INFO_CNG_SIGN_KEY, pvKey is an array of two
// pwszCNGAlgid's:
// Algid[0] - Hash pwszCNGAlgid
// Algid[1] - PubKey pwszCNGAlgid
//
// For CRYPT_OID_INFO_NAME_KEY, CRYPT_OID_INFO_CNG_ALGID_KEY and
// CRYPT_OID_INFO_CNG_SIGN_KEY the string comparison is case insensitive.
// //
// Setting dwGroupId to 0, searches all groups according to the dwKeyType. // Setting dwGroupId to 0, searches all groups according to the dwKeyType.
// Otherwise, only the dwGroupId is searched. // Otherwise, only the dwGroupId is searched.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRYPT_OID_INFO PCCRYPT_OID_INFO
WINAPI WINAPI
CryptFindOIDInfo( CryptFindOIDInfo(
IN DWORD dwKeyType, __in DWORD dwKeyType,
IN void *pvKey, __in void *pvKey,
IN DWORD dwGroupId __in DWORD dwGroupId
); );
#define CRYPT_OID_INFO_OID_KEY 1 #define CRYPT_OID_INFO_OID_KEY 1
#define CRYPT_OID_INFO_NAME_KEY 2 #define CRYPT_OID_INFO_NAME_KEY 2
#define CRYPT_OID_INFO_ALGID_KEY 3 #define CRYPT_OID_INFO_ALGID_KEY 3
#define CRYPT_OID_INFO_SIGN_KEY 4 #define CRYPT_OID_INFO_SIGN_KEY 4
#define CRYPT_OID_INFO_CNG_ALGID_KEY 5
#define CRYPT_OID_INFO_CNG_SIGN_KEY 6
// Set the following in the above dwKeyType parameter to restrict public keys
// valid for signing or encrypting
// certenrolld_begin -- CRYPT_*_KEY_FLAG
#define CRYPT_OID_INFO_OID_KEY_FLAGS_MASK 0xFFFF0000
#define CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG 0x80000000
#define CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG 0x40000000
// The following flag can be set in above dwGroupId parameter to disable
// searching the directory server
#define CRYPT_OID_DISABLE_SEARCH_DS_FLAG 0x80000000
// certenrolld_end -- CRYPT_*_KEY_FLAG
// The bit length shifted left 16 bits can be OR'ed into the above
// dwGroupId parameter. Only applicable to the CRYPT_ENCRYPT_ALG_OID_GROUP_ID.
// Also, only applicable to encryption algorithms having a dwBitLen ExtraInfo.
// Currently, only the AES encryption algorithms have this.
//
// For example, to find the OIDInfo for BCRYPT_AES_ALGORITHM, bit length 192,
// CryptFindOIDInfo would be called as follows:
// PCCRYPT_OID_INFO pOIDInfo =
// CryptFindOIDInfo(
// CRYPT_OID_INFO_CNG_ALGID_KEY,
// (void *) BCRYPT_AES_ALGORITHM,
// CRYPT_ENCRYPT_ALG_OID_GROUP_ID |
// (192 << CRYPT_OID_INFO_OID_GROUP_BIT_LEN_SHIFT)
// );
#define CRYPT_OID_INFO_OID_GROUP_BIT_LEN_MASK 0x0FFF0000
#define CRYPT_OID_INFO_OID_GROUP_BIT_LEN_SHIFT 16
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Register OID information. The OID information specified in the // Register OID information. The OID information specified in the
// CCRYPT_OID_INFO structure is persisted to the registry. // CCRYPT_OID_INFO structure is persisted to the registry.
// //
// crypt32.dll contains information for the commonly known OIDs. This function // crypt32.dll contains information for the commonly known OIDs. This function
// allows applications to augment crypt32.dll's OID information. During // allows applications to augment crypt32.dll's OID information. During
// CryptFindOIDInfo's first call, the registered OID information is installed. // CryptFindOIDInfo's first call, the registered OID information is installed.
// //
// By default the registered OID information is installed after crypt32.dll's // By default the registered OID information is installed after crypt32.dll's
// OID entries. Set CRYPT_INSTALL_OID_INFO_BEFORE_FLAG to install before. // OID entries. Set CRYPT_INSTALL_OID_INFO_BEFORE_FLAG to install before.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptRegisterOIDInfo( CryptRegisterOIDInfo(
IN PCCRYPT_OID_INFO pInfo, __in PCCRYPT_OID_INFO pInfo,
IN DWORD dwFlags __in DWORD dwFlags
); );
#define CRYPT_INSTALL_OID_INFO_BEFORE_FLAG 1 #define CRYPT_INSTALL_OID_INFO_BEFORE_FLAG 1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Unregister OID information. Only the pszOID and dwGroupId fields are // Unregister OID information. Only the pszOID and dwGroupId fields are
// used to identify the OID information to be unregistered. // used to identify the OID information to be unregistered.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUnregisterOIDInfo( CryptUnregisterOIDInfo(
IN PCCRYPT_OID_INFO pInfo __in PCCRYPT_OID_INFO pInfo
); );
// If the callback returns FALSE, stops the enumeration. // If the callback returns FALSE, stops the enumeration.
typedef BOOL (WINAPI *PFN_CRYPT_ENUM_OID_INFO)( typedef BOOL (WINAPI *PFN_CRYPT_ENUM_OID_INFO)(
IN PCCRYPT_OID_INFO pInfo, __in PCCRYPT_OID_INFO pInfo,
IN void *pvArg __inout_opt void *pvArg
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the OID information. // Enumerate the OID information.
// //
// pfnEnumOIDInfo is called for each OID information entry. // pfnEnumOIDInfo is called for each OID information entry.
// //
// Setting dwGroupId to 0 matches all groups. Otherwise, only enumerates // Setting dwGroupId to 0 matches all groups. Otherwise, only enumerates
// entries in the specified group. // entries in the specified group.
// //
// dwFlags currently isn't used and must be set to 0. // dwFlags currently isn't used and must be set to 0.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEnumOIDInfo( CryptEnumOIDInfo(
IN DWORD dwGroupId, __in DWORD dwGroupId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvArg, __inout_opt void *pvArg,
IN PFN_CRYPT_ENUM_OID_INFO pfnEnumOIDInfo __callback PFN_CRYPT_ENUM_OID_INFO pfnEnumOIDInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find the localized name for the specified name. For example, find the // Find the localized name for the specified name. For example, find the
// localized name for the "Root" system store name. A case insensitive // localized name for the "Root" system store name. A case insensitive
// string comparison is done. // string comparison is done.
// //
// Returns NULL if unable to find the the specified name. // Returns NULL if unable to find the the specified name.
// //
// Localized names for the predefined system stores ("Root", "My") and // Localized names for the predefined system stores ("Root", "My") and
skipping to change at line 4873 skipping to change at line 6239
// cbValueData = (wcslen(UNICODE localized string) + 1) * sizeof(WCHAR) // cbValueData = (wcslen(UNICODE localized string) + 1) * sizeof(WCHAR)
// //
// To unregister, set pbValueData to NULL and cbValueData to 0. // To unregister, set pbValueData to NULL and cbValueData to 0.
// //
// The registered names are searched before the pre-installed names. // The registered names are searched before the pre-installed names.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
LPCWSTR LPCWSTR
WINAPI WINAPI
CryptFindLocalizedName( CryptFindLocalizedName(
IN LPCWSTR pwszCryptName __in LPCWSTR pwszCryptName
); );
#define CRYPT_LOCALIZED_NAME_ENCODING_TYPE 0 #define CRYPT_LOCALIZED_NAME_ENCODING_TYPE 0
#define CRYPT_LOCALIZED_NAME_OID "LocalizedNames" #define CRYPT_LOCALIZED_NAME_OID "LocalizedNames"
//+========================================================================= //+=========================================================================
// Low Level Cryptographic Message Data Structures and APIs // Low Level Cryptographic Message Data Structures and APIs
//========================================================================== //==========================================================================
typedef void *HCRYPTMSG; typedef void *HCRYPTMSG;
skipping to change at line 4985 skipping to change at line 6351
// == 0, then, defaults to AT_SIGNATURE. // == 0, then, defaults to AT_SIGNATURE.
// //
// If the HashEncryptionAlgorithm is set to szOID_PKIX_NO_SIGNATURE, then, // If the HashEncryptionAlgorithm is set to szOID_PKIX_NO_SIGNATURE, then,
// the signature value only contains the hash octets. hCryptProv must still // the signature value only contains the hash octets. hCryptProv must still
// be specified. However, since a private key isn't used the hCryptProv can be // be specified. However, since a private key isn't used the hCryptProv can be
// acquired using CRYPT_VERIFYCONTEXT. // acquired using CRYPT_VERIFYCONTEXT.
// //
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags // If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags
// passed to CryptMsgOpenToEncode(), the signer hCryptProv's are released. // passed to CryptMsgOpenToEncode(), the signer hCryptProv's are released.
// //
// For CNG, this applies to the hNCryptKey.
//
// pvHashAuxInfo currently isn't used and must be set to NULL. // pvHashAuxInfo currently isn't used and must be set to NULL.
// //
// CMS signed messages allow the inclusion of Attribute Certs. // CMS signed messages allow the inclusion of Attribute Certs.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_SIGNER_ENCODE_INFO { typedef struct _CMSG_SIGNER_ENCODE_INFO {
DWORD cbSize; DWORD cbSize;
PCERT_INFO pCertInfo; PCERT_INFO pCertInfo;
HCRYPTPROV hCryptProv;
// NCryptIsKeyHandle() is called to determine the union choice.
union {
HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey;
};
// not applicable for hNCryptKey choice
DWORD dwKeySpec; DWORD dwKeySpec;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
void *pvHashAuxInfo; void *pvHashAuxInfo;
DWORD cAuthAttr; DWORD cAuthAttr;
PCRYPT_ATTRIBUTE rgAuthAttr; PCRYPT_ATTRIBUTE rgAuthAttr;
DWORD cUnauthAttr; DWORD cUnauthAttr;
PCRYPT_ATTRIBUTE rgUnauthAttr; PCRYPT_ATTRIBUTE rgUnauthAttr;
#ifdef CMSG_SIGNER_ENCODE_INFO_HAS_CMS_FIELDS #ifdef CMSG_SIGNER_ENCODE_INFO_HAS_CMS_FIELDS
CERT_ID SignerId; CERT_ID SignerId;
// This is also referred to as the SignatureAlgorithm
CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm;
void *pvHashEncryptionAuxInfo; void *pvHashEncryptionAuxInfo;
#endif #endif
} CMSG_SIGNER_ENCODE_INFO, *PCMSG_SIGNER_ENCODE_INFO; } CMSG_SIGNER_ENCODE_INFO, *PCMSG_SIGNER_ENCODE_INFO;
typedef struct _CMSG_SIGNED_ENCODE_INFO { typedef struct _CMSG_SIGNED_ENCODE_INFO {
DWORD cbSize; DWORD cbSize;
DWORD cSigners; DWORD cSigners;
PCMSG_SIGNER_ENCODE_INFO rgSigners; PCMSG_SIGNER_ENCODE_INFO rgSigners;
DWORD cCertEncoded; DWORD cCertEncoded;
skipping to change at line 5058 skipping to change at line 6436
// //
// To enable SP3 compatible encryption, pvEncryptionAuxInfo should point to // To enable SP3 compatible encryption, pvEncryptionAuxInfo should point to
// a CMSG_SP3_COMPATIBLE_AUX_INFO data structure. // a CMSG_SP3_COMPATIBLE_AUX_INFO data structure.
// //
// To enable the CMS envelope enhancements, rgpRecipients must be set to // To enable the CMS envelope enhancements, rgpRecipients must be set to
// NULL, and rgCmsRecipients updated to point to an array of // NULL, and rgCmsRecipients updated to point to an array of
// CMSG_RECIPIENT_ENCODE_INFO's. // CMSG_RECIPIENT_ENCODE_INFO's.
// //
// Also, CMS envelope enhancements support the inclusion of a bag of // Also, CMS envelope enhancements support the inclusion of a bag of
// Certs, CRLs, Attribute Certs and/or Unprotected Attributes. // Certs, CRLs, Attribute Certs and/or Unprotected Attributes.
//
// AES ContentEncryption and ECC KeyAgreement recipients are only supported
// via CNG. DH KeyAgreement or mail list recipients are only supported via
// CAPI1. SP3 compatible encryption and RC4 are only supported via CAPI1.
//
// For an RSA recipient identified via PCERT_INFO, for AES ContentEncryption,
// szOID_RSAES_OAEP will be implicitly used for the KeyEncryptionAlgorithm.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_RECIPIENT_ENCODE_INFO CMSG_RECIPIENT_ENCODE_INFO, typedef struct _CMSG_RECIPIENT_ENCODE_INFO CMSG_RECIPIENT_ENCODE_INFO,
*PCMSG_RECIPIENT_ENCODE_INFO; *PCMSG_RECIPIENT_ENCODE_INFO;
typedef struct _CMSG_ENVELOPED_ENCODE_INFO { typedef struct _CMSG_ENVELOPED_ENCODE_INFO {
DWORD cbSize; DWORD cbSize;
HCRYPTPROV hCryptProv; HCRYPTPROV_LEGACY hCryptProv;
CRYPT_ALGORITHM_IDENTIFIER ContentEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER ContentEncryptionAlgorithm;
void *pvEncryptionAuxInfo; void *pvEncryptionAuxInfo;
DWORD cRecipients; DWORD cRecipients;
// The following array may only be used for transport recipients identified // The following array may only be used for transport recipients identified
// by their IssuereAndSerialNumber. If rgpRecipients != NULL, then, // by their IssuereAndSerialNumber. If rgpRecipients != NULL, then,
// the rgCmsRecipients must be NULL. // the rgCmsRecipients must be NULL.
PCERT_INFO *rgpRecipients; PCERT_INFO *rgpRecipients;
#ifdef CMSG_ENVELOPED_ENCODE_INFO_HAS_CMS_FIELDS #ifdef CMSG_ENVELOPED_ENCODE_INFO_HAS_CMS_FIELDS
skipping to change at line 5103 skipping to change at line 6488
// and export. The hCryptProv's private keys aren't used. // and export. The hCryptProv's private keys aren't used.
// //
// If hCryptProv is NULL, then, the hCryptProv specified in // If hCryptProv is NULL, then, the hCryptProv specified in
// CMSG_ENVELOPED_ENCODE_INFO is used. // CMSG_ENVELOPED_ENCODE_INFO is used.
// //
// Note, even if CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags // Note, even if CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags
// passed to CryptMsgOpenToEncode(), this hCryptProv isn't released. // passed to CryptMsgOpenToEncode(), this hCryptProv isn't released.
// //
// CMS supports the KEY_IDENTIFIER and ISSUER_SERIAL_NUMBER CERT_IDs. PKCS #7 // CMS supports the KEY_IDENTIFIER and ISSUER_SERIAL_NUMBER CERT_IDs. PKCS #7
// version 1.5 only supports the ISSUER_SERIAL_NUMBER CERT_ID choice. // version 1.5 only supports the ISSUER_SERIAL_NUMBER CERT_ID choice.
//
// For RSA AES, KeyEncryptionAlgorithm.pszObjId should be set to
// szOID_RSAES_OAEP. KeyEncryptionAlgorithm.Parameters should be set
// to the encoded PKCS_RSAES_OAEP_PARAMETERS. If
// KeyEncryptionAlgorithm.Parameters.cbData == 0, then, the default
// parameters are used and encoded.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO { typedef struct _CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO {
DWORD cbSize; DWORD cbSize;
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
void *pvKeyEncryptionAuxInfo; void *pvKeyEncryptionAuxInfo;
HCRYPTPROV hCryptProv; HCRYPTPROV_LEGACY hCryptProv;
CRYPT_BIT_BLOB RecipientPublicKey; CRYPT_BIT_BLOB RecipientPublicKey;
CERT_ID RecipientId; CERT_ID RecipientId;
} CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO, *PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO; } CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO, *PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Key Agreement Recipient Encode Info // Key Agreement Recipient Encode Info
// //
// If hCryptProv is NULL, then, the hCryptProv specified in // If hCryptProv is NULL, then, the hCryptProv specified in
// CMSG_ENVELOPED_ENCODE_INFO is used. // CMSG_ENVELOPED_ENCODE_INFO is used.
// //
skipping to change at line 5148 skipping to change at line 6539
// //
// If KeyEncryptionAlgorithm.Parameters.cbData == 0, then, its Parameters // If KeyEncryptionAlgorithm.Parameters.cbData == 0, then, its Parameters
// are updated with the encoded KeyWrapAlgorithm. // are updated with the encoded KeyWrapAlgorithm.
// //
// Currently, pvKeyWrapAuxInfo is only defined for algorithms with // Currently, pvKeyWrapAuxInfo is only defined for algorithms with
// RC2. Otherwise, its not used and must be set to NULL. // RC2. Otherwise, its not used and must be set to NULL.
// When set for RC2 algorithms, points to a CMSG_RC2_AUX_INFO containing // When set for RC2 algorithms, points to a CMSG_RC2_AUX_INFO containing
// the RC2 effective key length. // the RC2 effective key length.
// //
// Note, key agreement recipients are not supported in PKCS #7 version 1.5. // Note, key agreement recipients are not supported in PKCS #7 version 1.5.
//
// For the ECC szOID_DH_SINGLE_PASS_STDDH_SHA1_KDF KeyEncryptionAlgorithm
// the CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE must be specified.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO { typedef struct _CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO {
DWORD cbSize; DWORD cbSize;
CRYPT_BIT_BLOB RecipientPublicKey; CRYPT_BIT_BLOB RecipientPublicKey;
CERT_ID RecipientId; CERT_ID RecipientId;
// Following fields are optional and only applicable to KEY_IDENTIFIER // Following fields are optional and only applicable to KEY_IDENTIFIER
// CERT_IDs. // CERT_IDs.
FILETIME Date; FILETIME Date;
PCRYPT_ATTRIBUTE_TYPE_VALUE pOtherAttr; PCRYPT_ATTRIBUTE_TYPE_VALUE pOtherAttr;
skipping to change at line 5173 skipping to change at line 6567
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
void *pvKeyEncryptionAuxInfo; void *pvKeyEncryptionAuxInfo;
CRYPT_ALGORITHM_IDENTIFIER KeyWrapAlgorithm; CRYPT_ALGORITHM_IDENTIFIER KeyWrapAlgorithm;
void *pvKeyWrapAuxInfo; void *pvKeyWrapAuxInfo;
// The following hCryptProv and dwKeySpec must be specified for the // The following hCryptProv and dwKeySpec must be specified for the
// CMSG_KEY_AGREE_STATIC_KEY_CHOICE. // CMSG_KEY_AGREE_STATIC_KEY_CHOICE.
// //
// For CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE, dwKeySpec isn't applicable // For CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE, dwKeySpec isn't applicable
// and hCryptProv is optional. // and hCryptProv is optional.
HCRYPTPROV hCryptProv;
HCRYPTPROV_LEGACY hCryptProv;
DWORD dwKeySpec; DWORD dwKeySpec;
DWORD dwKeyChoice; DWORD dwKeyChoice;
union { union {
// CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE // CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE
// //
// The ephemeral public key algorithm and parameters. // The ephemeral public key algorithm and parameters.
PCRYPT_ALGORITHM_IDENTIFIER pEphemeralAlgorithm; PCRYPT_ALGORITHM_IDENTIFIER pEphemeralAlgorithm;
// CMSG_KEY_AGREE_STATIC_KEY_CHOICE // CMSG_KEY_AGREE_STATIC_KEY_CHOICE
skipping to change at line 5213 skipping to change at line 6608
// //
// Note, even if CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags // Note, even if CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags
// passed to CryptMsgOpenToEncode(), this hCryptProv isn't released. // passed to CryptMsgOpenToEncode(), this hCryptProv isn't released.
// //
// Currently, pvKeyEncryptionAuxInfo is only defined for RC2 key wrap // Currently, pvKeyEncryptionAuxInfo is only defined for RC2 key wrap
// algorithms. Otherwise, its not used and must be set to NULL. // algorithms. Otherwise, its not used and must be set to NULL.
// When set for RC2 algorithms, points to a CMSG_RC2_AUX_INFO containing // When set for RC2 algorithms, points to a CMSG_RC2_AUX_INFO containing
// the RC2 effective key length. // the RC2 effective key length.
// //
// Note, mail list recipients are not supported in PKCS #7 version 1.5. // Note, mail list recipients are not supported in PKCS #7 version 1.5.
//
// Mail list recipients aren't supported using CNG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO { typedef struct _CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO {
DWORD cbSize; DWORD cbSize;
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
void *pvKeyEncryptionAuxInfo; void *pvKeyEncryptionAuxInfo;
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
DWORD dwKeyChoice; DWORD dwKeyChoice;
union { union {
// CMSG_MAIL_LIST_HANDLE_KEY_CHOICE // CMSG_MAIL_LIST_HANDLE_KEY_CHOICE
HCRYPTKEY hKeyEncryptionKey; HCRYPTKEY hKeyEncryptionKey;
skipping to change at line 5285 skipping to change at line 6682
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_SP3_COMPATIBLE_AUX_INFO // CMSG_SP3_COMPATIBLE_AUX_INFO
// //
// AuxInfo for enabling SP3 compatible encryption. // AuxInfo for enabling SP3 compatible encryption.
// //
// The CMSG_SP3_COMPATIBLE_ENCRYPT_FLAG is set in dwFlags to enable SP3 // The CMSG_SP3_COMPATIBLE_ENCRYPT_FLAG is set in dwFlags to enable SP3
// compatible encryption. When set, uses zero salt instead of no salt, // compatible encryption. When set, uses zero salt instead of no salt,
// the encryption algorithm parameters are NULL instead of containing the // the encryption algorithm parameters are NULL instead of containing the
// encoded RC2 parameters or encoded IV octet string and the encrypted // encoded RC2 parameters or encoded IV octet string and the encrypted
// symmetric key is encoded little endian instead of big endian. // symmetric key is encoded little endian instead of big endian.
//
// SP3 compatible encryption isn't supported using CNG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_SP3_COMPATIBLE_AUX_INFO { typedef struct _CMSG_SP3_COMPATIBLE_AUX_INFO {
DWORD cbSize; DWORD cbSize;
DWORD dwFlags; DWORD dwFlags;
} CMSG_SP3_COMPATIBLE_AUX_INFO, *PCMSG_SP3_COMPATIBLE_AUX_INFO; } CMSG_SP3_COMPATIBLE_AUX_INFO, *PCMSG_SP3_COMPATIBLE_AUX_INFO;
#define CMSG_SP3_COMPATIBLE_ENCRYPT_FLAG 0x80000000 #define CMSG_SP3_COMPATIBLE_ENCRYPT_FLAG 0x80000000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_RC4_AUX_INFO // CMSG_RC4_AUX_INFO
// //
// AuxInfo for RC4 encryption algorithms. The pvEncryptionAuxInfo field // AuxInfo for RC4 encryption algorithms. The pvEncryptionAuxInfo field
// in CMSG_ENCRYPTED_ENCODE_INFO should be updated to point to this // in CMSG_ENCRYPTED_ENCODE_INFO should be updated to point to this
// structure. If not specified, uses the CSP's default bit length with no // structure. If not specified, uses the CSP's default bit length with no
// salt. Note, the base CSP has a 40 bit default and the enhanced CSP has // salt. Note, the base CSP has a 40 bit default and the enhanced CSP has
// a 128 bit default. // a 128 bit default.
// //
// If CMSG_RC4_NO_SALT_FLAG is set in dwBitLen, then, no salt is generated. // If CMSG_RC4_NO_SALT_FLAG is set in dwBitLen, then, no salt is generated.
// Otherwise, (128 - dwBitLen)/8 bytes of salt are generated and encoded // Otherwise, (128 - dwBitLen)/8 bytes of salt are generated and encoded
// as an OCTET STRING in the algorithm parameters field. // as an OCTET STRING in the algorithm parameters field.
//
// RC4 isn't supported using CNG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_RC4_AUX_INFO { typedef struct _CMSG_RC4_AUX_INFO {
DWORD cbSize; DWORD cbSize;
DWORD dwBitLen; DWORD dwBitLen;
} CMSG_RC4_AUX_INFO, *PCMSG_RC4_AUX_INFO; } CMSG_RC4_AUX_INFO, *PCMSG_RC4_AUX_INFO;
#define CMSG_RC4_NO_SALT_FLAG 0x40000000 #define CMSG_RC4_NO_SALT_FLAG 0x40000000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_SIGNED_AND_ENVELOPED // CMSG_SIGNED_AND_ENVELOPED
skipping to change at line 5334 skipping to change at line 6735
} CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO, *PCMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO ; } CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO, *PCMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO ;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_HASHED // CMSG_HASHED
// //
// hCryptProv is used to do the hash. Doesn't need to use a private key. // hCryptProv is used to do the hash. Doesn't need to use a private key.
// //
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags // If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags
// passed to CryptMsgOpenToEncode(), the hCryptProv is released. // passed to CryptMsgOpenToEncode(), the hCryptProv is released.
// //
// IN LH, the hCryptProv isn't used. However, its still released if the
// above flag is set.
//
// If fDetachedHash is set, then, the encoded message doesn't contain // If fDetachedHash is set, then, the encoded message doesn't contain
// any content (its treated as NULL Data) // any content (its treated as NULL Data)
// //
// pvHashAuxInfo currently isn't used and must be set to NULL. // pvHashAuxInfo currently isn't used and must be set to NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_HASHED_ENCODE_INFO { typedef struct _CMSG_HASHED_ENCODE_INFO {
DWORD cbSize; DWORD cbSize;
HCRYPTPROV hCryptProv; HCRYPTPROV_LEGACY hCryptProv;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
void *pvHashAuxInfo; void *pvHashAuxInfo;
} CMSG_HASHED_ENCODE_INFO, *PCMSG_HASHED_ENCODE_INFO; } CMSG_HASHED_ENCODE_INFO, *PCMSG_HASHED_ENCODE_INFO;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_ENCRYPTED // CMSG_ENCRYPTED
// //
// The key used to encrypt the message is identified outside of the message // The key used to encrypt the message is identified outside of the message
// content (for example, password). // content (for example, password).
// //
skipping to change at line 5378 skipping to change at line 6782
// called to get the cryptographically processed content. Until closed, // called to get the cryptographically processed content. Until closed,
// the handle keeps a copy of the processed content. // the handle keeps a copy of the processed content.
// //
// With streamed output, the processed content can be freed as its streamed. // With streamed output, the processed content can be freed as its streamed.
// //
// If the length of the content to be updated is known at the time of the // If the length of the content to be updated is known at the time of the
// open, then, ContentLength should be set to that length. Otherwise, it // open, then, ContentLength should be set to that length. Otherwise, it
// should be set to CMSG_INDEFINITE_LENGTH. // should be set to CMSG_INDEFINITE_LENGTH.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_CMSG_STREAM_OUTPUT)( typedef BOOL (WINAPI *PFN_CMSG_STREAM_OUTPUT)(
IN const void *pvArg, __in_opt const void *pvArg,
IN BYTE *pbData, __in_bcount_opt(cbData) BYTE *pbData,
IN DWORD cbData, __in DWORD cbData,
IN BOOL fFinal __in BOOL fFinal
); );
#define CMSG_INDEFINITE_LENGTH (0xFFFFFFFF) #define CMSG_INDEFINITE_LENGTH (0xFFFFFFFF)
typedef struct _CMSG_STREAM_INFO { typedef struct _CMSG_STREAM_INFO {
DWORD cbContent; DWORD cbContent;
PFN_CMSG_STREAM_OUTPUT pfnStreamOutput; PFN_CMSG_STREAM_OUTPUT pfnStreamOutput;
void *pvArg; void *pvArg;
} CMSG_STREAM_INFO, *PCMSG_STREAM_INFO; } CMSG_STREAM_INFO, *PCMSG_STREAM_INFO;
skipping to change at line 5410 skipping to change at line 6814
#define CMSG_MAX_LENGTH_FLAG 0x00000020 #define CMSG_MAX_LENGTH_FLAG 0x00000020
// When set, nonData type inner content is encapsulated within an // When set, nonData type inner content is encapsulated within an
// OCTET STRING. Applicable to both Signed and Enveloped messages. // OCTET STRING. Applicable to both Signed and Enveloped messages.
#define CMSG_CMS_ENCAPSULATED_CONTENT_FLAG 0x00000040 #define CMSG_CMS_ENCAPSULATED_CONTENT_FLAG 0x00000040
// If set, then, the hCryptProv passed to CryptMsgOpenToEncode or // If set, then, the hCryptProv passed to CryptMsgOpenToEncode or
// CryptMsgOpenToDecode is released on the final CryptMsgClose. // CryptMsgOpenToDecode is released on the final CryptMsgClose.
// Not released if CryptMsgOpenToEncode or CryptMsgOpenToDecode fails. // Not released if CryptMsgOpenToEncode or CryptMsgOpenToDecode fails.
// //
// Also applies to hNCryptKey where applicable.
//
// Note, the envelope recipient hCryptProv's aren't released. // Note, the envelope recipient hCryptProv's aren't released.
#define CMSG_CRYPT_RELEASE_CONTEXT_FLAG 0x00008000 #define CMSG_CRYPT_RELEASE_CONTEXT_FLAG 0x00008000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Open a cryptographic message for encoding // Open a cryptographic message for encoding
// //
// If CMSG_BARE_CONTENT_FLAG is specified for a streamed message, // If CMSG_BARE_CONTENT_FLAG is specified for a streamed message,
// the streamed output will not have an outer ContentInfo wrapper. This // the streamed output will not have an outer ContentInfo wrapper. This
// makes it suitable to be streamed into an enclosing message. // makes it suitable to be streamed into an enclosing message.
// //
// The pStreamInfo parameter needs to be set to stream the encoded message // The pStreamInfo parameter needs to be set to stream the encoded message
// output. // output.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCRYPTMSG HCRYPTMSG
WINAPI WINAPI
CryptMsgOpenToEncode( CryptMsgOpenToEncode(
IN DWORD dwMsgEncodingType, __in DWORD dwMsgEncodingType,
IN DWORD dwFlags, __in DWORD dwFlags,
IN DWORD dwMsgType, __in DWORD dwMsgType,
IN void const *pvMsgEncodeInfo, __in void const *pvMsgEncodeInfo,
IN OPTIONAL LPSTR pszInnerContentObjID, __in_opt LPSTR pszInnerContentObjID,
IN OPTIONAL PCMSG_STREAM_INFO pStreamInfo __in_opt PCMSG_STREAM_INFO pStreamInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Calculate the length of an encoded cryptographic message. // Calculate the length of an encoded cryptographic message.
// //
// Calculates the length of the encoded message given the // Calculates the length of the encoded message given the
// message type, encoding parameters and total length of // message type, encoding parameters and total length of
// the data to be updated. Note, this might not be the exact length. However, // the data to be updated. Note, this might not be the exact length. However,
// it will always be greater than or equal to the actual length. // it will always be greater than or equal to the actual length.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CryptMsgCalculateEncodedLength( CryptMsgCalculateEncodedLength(
IN DWORD dwMsgEncodingType, __in DWORD dwMsgEncodingType,
IN DWORD dwFlags, __in DWORD dwFlags,
IN DWORD dwMsgType, __in DWORD dwMsgType,
IN void const *pvMsgEncodeInfo, __in void const *pvMsgEncodeInfo,
IN OPTIONAL LPSTR pszInnerContentObjID, __in_opt LPSTR pszInnerContentObjID,
IN DWORD cbData __in DWORD cbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Open a cryptographic message for decoding // Open a cryptographic message for decoding
// //
// hCryptProv specifies the crypto provider to use for hashing and/or // hCryptProv specifies the crypto provider to use for hashing and/or
// decrypting the message. If hCryptProv is NULL, a default crypt provider // decrypting the message. If hCryptProv is NULL, a default crypt provider
// is used. // is used.
// //
// Currently pRecipientInfo isn't used and should be set to NULL. // Currently pRecipientInfo isn't used and should be set to NULL.
// //
// The pStreamInfo parameter needs to be set to stream the decoded content // The pStreamInfo parameter needs to be set to stream the decoded content
// output. // output.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCRYPTMSG HCRYPTMSG
WINAPI WINAPI
CryptMsgOpenToDecode( CryptMsgOpenToDecode(
IN DWORD dwMsgEncodingType, __in DWORD dwMsgEncodingType,
IN DWORD dwFlags, __in DWORD dwFlags,
IN DWORD dwMsgType, __in DWORD dwMsgType,
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
IN OPTIONAL PCERT_INFO pRecipientInfo, __reserved PCERT_INFO pRecipientInfo,
IN OPTIONAL PCMSG_STREAM_INFO pStreamInfo __in_opt PCMSG_STREAM_INFO pStreamInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Duplicate a cryptographic message handle // Duplicate a cryptographic message handle
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCRYPTMSG HCRYPTMSG
WINAPI WINAPI
CryptMsgDuplicate( CryptMsgDuplicate(
IN HCRYPTMSG hCryptMsg __in_opt HCRYPTMSG hCryptMsg
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Close a cryptographic message handle // Close a cryptographic message handle
// //
// LastError is preserved unless FALSE is returned. // LastError is preserved unless FALSE is returned.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgClose( CryptMsgClose(
IN HCRYPTMSG hCryptMsg __in_opt HCRYPTMSG hCryptMsg
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Update the content of a cryptographic message. Depending on how the // Update the content of a cryptographic message. Depending on how the
// message was opened, the content is either encoded or decoded. // message was opened, the content is either encoded or decoded.
// //
// This function is repetitively called to append to the message content. // This function is repetitively called to append to the message content.
// fFinal is set to identify the last update. On fFinal, the encode/decode // fFinal is set to identify the last update. On fFinal, the encode/decode
// is completed. The encoded/decoded content and the decoded parameters // is completed. The encoded/decoded content and the decoded parameters
// are valid until the open and all duplicated handles are closed. // are valid until the open and all duplicated handles are closed.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgUpdate( CryptMsgUpdate(
IN HCRYPTMSG hCryptMsg, __in HCRYPTMSG hCryptMsg,
IN const BYTE *pbData, __in_bcount_opt(cbData) const BYTE *pbData,
IN DWORD cbData, __in DWORD cbData,
IN BOOL fFinal __in BOOL fFinal
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get a parameter after encoding/decoding a cryptographic message. Called // Get a parameter after encoding/decoding a cryptographic message. Called
// after the final CryptMsgUpdate. Only the CMSG_CONTENT_PARAM and // after the final CryptMsgUpdate. Only the CMSG_CONTENT_PARAM and
// CMSG_COMPUTED_HASH_PARAM are valid for an encoded message. // CMSG_COMPUTED_HASH_PARAM are valid for an encoded message.
// //
// For an encoded HASHED message, the CMSG_COMPUTED_HASH_PARAM can be got // For an encoded HASHED message, the CMSG_COMPUTED_HASH_PARAM can be got
// before any CryptMsgUpdates to get its length. // before any CryptMsgUpdates to get its length.
// //
skipping to change at line 5548 skipping to change at line 6954
// The OBJID BLOBs returned in the pvData structures point to // The OBJID BLOBs returned in the pvData structures point to
// their still encoded representation. The appropriate functions // their still encoded representation. The appropriate functions
// must be called to decode the information. // must be called to decode the information.
// //
// See below for a list of the parameters to get. // See below for a list of the parameters to get.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgGetParam( CryptMsgGetParam(
IN HCRYPTMSG hCryptMsg, __in HCRYPTMSG hCryptMsg,
IN DWORD dwParamType, __in DWORD dwParamType,
IN DWORD dwIndex, __in DWORD dwIndex,
OUT void *pvData, __out_bcount_part_opt(*pcbData, *pcbData) void *pvData,
IN OUT DWORD *pcbData __inout DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get parameter types and their corresponding data structure definitions. // Get parameter types and their corresponding data structure definitions.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMSG_TYPE_PARAM 1 #define CMSG_TYPE_PARAM 1
#define CMSG_CONTENT_PARAM 2 #define CMSG_CONTENT_PARAM 2
#define CMSG_BARE_CONTENT_PARAM 3 #define CMSG_BARE_CONTENT_PARAM 3
#define CMSG_INNER_CONTENT_TYPE_PARAM 4 #define CMSG_INNER_CONTENT_TYPE_PARAM 4
#define CMSG_SIGNER_COUNT_PARAM 5 #define CMSG_SIGNER_COUNT_PARAM 5
skipping to change at line 5684 skipping to change at line 7090
// CERT_RDN_OCTET_STRING and value is the KEYID. When the // CERT_RDN_OCTET_STRING and value is the KEYID. When the
// CertGetSubjectCertificateFromStore and // CertGetSubjectCertificateFromStore and
// CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) APIs see this // CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) APIs see this
// special KEYID Issuer and SerialNumber, they do a KEYID match. // special KEYID Issuer and SerialNumber, they do a KEYID match.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_SIGNER_INFO { typedef struct _CMSG_SIGNER_INFO {
DWORD dwVersion; DWORD dwVersion;
CERT_NAME_BLOB Issuer; CERT_NAME_BLOB Issuer;
CRYPT_INTEGER_BLOB SerialNumber; CRYPT_INTEGER_BLOB SerialNumber;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
// This is also referred to as the SignatureAlgorithm
CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm;
CRYPT_DATA_BLOB EncryptedHash; CRYPT_DATA_BLOB EncryptedHash;
CRYPT_ATTRIBUTES AuthAttrs; CRYPT_ATTRIBUTES AuthAttrs;
CRYPT_ATTRIBUTES UnauthAttrs; CRYPT_ATTRIBUTES UnauthAttrs;
} CMSG_SIGNER_INFO, *PCMSG_SIGNER_INFO; } CMSG_SIGNER_INFO, *PCMSG_SIGNER_INFO;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_SIGNER_CERT_ID_PARAM // CMSG_SIGNER_CERT_ID_PARAM
// //
// To get all the signers, repetitively call CryptMsgGetParam, with // To get all the signers, repetitively call CryptMsgGetParam, with
// dwIndex set to 0 .. SignerCount - 1. // dwIndex set to 0 .. SignerCount - 1.
skipping to change at line 5714 skipping to change at line 7123
// //
// To get all the signers, repetitively call CryptMsgGetParam, with // To get all the signers, repetitively call CryptMsgGetParam, with
// dwIndex set to 0 .. SignerCount - 1. // dwIndex set to 0 .. SignerCount - 1.
// //
// pvData points to a CMSG_CMS_SIGNER_INFO struct. // pvData points to a CMSG_CMS_SIGNER_INFO struct.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_CMS_SIGNER_INFO { typedef struct _CMSG_CMS_SIGNER_INFO {
DWORD dwVersion; DWORD dwVersion;
CERT_ID SignerId; CERT_ID SignerId;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
// This is also referred to as the SignatureAlgorithm
CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm;
CRYPT_DATA_BLOB EncryptedHash; CRYPT_DATA_BLOB EncryptedHash;
CRYPT_ATTRIBUTES AuthAttrs; CRYPT_ATTRIBUTES AuthAttrs;
CRYPT_ATTRIBUTES UnauthAttrs; CRYPT_ATTRIBUTES UnauthAttrs;
} CMSG_CMS_SIGNER_INFO, *PCMSG_CMS_SIGNER_INFO; } CMSG_CMS_SIGNER_INFO, *PCMSG_CMS_SIGNER_INFO;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_SIGNER_HASH_ALGORITHM_PARAM // CMSG_SIGNER_HASH_ALGORITHM_PARAM
// //
// This parameter specifies the HashAlgorithm that was used for the signer. // This parameter specifies the HashAlgorithm that was used for the signer.
// //
skipping to change at line 6075 skipping to change at line 7487
// //
// The pvCtrlPara definition depends on the dwCtrlType value. // The pvCtrlPara definition depends on the dwCtrlType value.
// //
// See below for a list of the control operations and their pvCtrlPara // See below for a list of the control operations and their pvCtrlPara
// type definition. // type definition.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgControl( CryptMsgControl(
IN HCRYPTMSG hCryptMsg, __in HCRYPTMSG hCryptMsg,
IN DWORD dwFlags, __in DWORD dwFlags,
IN DWORD dwCtrlType, __in DWORD dwCtrlType,
IN void const *pvCtrlPara __in_opt void const *pvCtrlPara
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Message control types // Message control types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMSG_CTRL_VERIFY_SIGNATURE 1 #define CMSG_CTRL_VERIFY_SIGNATURE 1
#define CMSG_CTRL_DECRYPT 2 #define CMSG_CTRL_DECRYPT 2
#define CMSG_CTRL_VERIFY_HASH 5 #define CMSG_CTRL_VERIFY_HASH 5
#define CMSG_CTRL_ADD_SIGNER 6 #define CMSG_CTRL_ADD_SIGNER 6
#define CMSG_CTRL_DEL_SIGNER 7 #define CMSG_CTRL_DEL_SIGNER 7
skipping to change at line 6151 skipping to change at line 7563
// The signer can be a pointer to a CERT_PUBLIC_KEY_INFO, certificate // The signer can be a pointer to a CERT_PUBLIC_KEY_INFO, certificate
// context or a chain context. // context or a chain context.
// //
// If the signer's HashEncryptionAlgorithm is szOID_PKIX_NO_SIGNATURE, then, // If the signer's HashEncryptionAlgorithm is szOID_PKIX_NO_SIGNATURE, then,
// the signature is expected to contain the hash octets. Only dwSignerType // the signature is expected to contain the hash octets. Only dwSignerType
// of CMSG_VERIFY_SIGNER_NULL may be specified to verify this no signature // of CMSG_VERIFY_SIGNER_NULL may be specified to verify this no signature
// case. // case.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA { typedef struct _CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA {
DWORD cbSize; DWORD cbSize;
HCRYPTPROV hCryptProv; HCRYPTPROV_LEGACY hCryptProv;
DWORD dwSignerIndex; DWORD dwSignerIndex;
DWORD dwSignerType; DWORD dwSignerType;
void *pvSigner; void *pvSigner;
} CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA, *PCMSG_CTRL_VERIFY_SIGNATURE_EX_PARA; } CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA, *PCMSG_CTRL_VERIFY_SIGNATURE_EX_PARA;
// Signer Types // Signer Types
#define CMSG_VERIFY_SIGNER_PUBKEY 1 #define CMSG_VERIFY_SIGNER_PUBKEY 1
// pvSigner :: PCERT_PUBLIC_KEY_INFO // pvSigner :: PCERT_PUBLIC_KEY_INFO
#define CMSG_VERIFY_SIGNER_CERT 2 #define CMSG_VERIFY_SIGNER_CERT 2
// pvSigner :: PCCERT_CONTEXT // pvSigner :: PCCERT_CONTEXT
skipping to change at line 6178 skipping to change at line 7590
// CMSG_CTRL_DECRYPT // CMSG_CTRL_DECRYPT
// //
// Decrypt an ENVELOPED or SIGNED_AND_ENVELOPED message after it has been // Decrypt an ENVELOPED or SIGNED_AND_ENVELOPED message after it has been
// decoded. // decoded.
// //
// This decrypt is only applicable to key transport recipients. // This decrypt is only applicable to key transport recipients.
// //
// hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec == // hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec ==
// 0, defaults to AT_KEYEXCHANGE. // 0, defaults to AT_KEYEXCHANGE.
// //
// hNCryptKey can be set to decrypt using a CNG private key.
//
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed // If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed
// to CryptMsgControl, then, the hCryptProv is released on the final // to CryptMsgControl, then, the hCryptProv is released on the final
// CryptMsgClose. Not released if CryptMsgControl fails. // CryptMsgClose. Not released if CryptMsgControl fails. Also applies
// to freeing the hNCryptKey.
// //
// dwRecipientIndex is the index of the recipient in the message associated // dwRecipientIndex is the index of the recipient in the message associated
// with the hCryptProv's private key. // with the hCryptProv's or hNCryptKey's private key.
// //
// The dwRecipientIndex is the index of a key transport recipient. // The dwRecipientIndex is the index of a key transport recipient.
// //
// Note, the message can only be decrypted once. // Note, the message can only be decrypted once.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_DECRYPT_PARA { typedef struct _CMSG_CTRL_DECRYPT_PARA {
DWORD cbSize; DWORD cbSize;
HCRYPTPROV hCryptProv;
// NCryptIsKeyHandle() is called to determine the union choice.
union {
HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey;
};
// not applicable for hNCryptKey choice
DWORD dwKeySpec; DWORD dwKeySpec;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
} CMSG_CTRL_DECRYPT_PARA, *PCMSG_CTRL_DECRYPT_PARA; } CMSG_CTRL_DECRYPT_PARA, *PCMSG_CTRL_DECRYPT_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_CTRL_KEY_TRANS_DECRYPT // CMSG_CTRL_KEY_TRANS_DECRYPT
// //
// Decrypt an ENVELOPED message after it has been decoded for a key // Decrypt an ENVELOPED message after it has been decoded for a key
// transport recipient. // transport recipient.
// //
// hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec == // hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec ==
skipping to change at line 6205 skipping to change at line 7628
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_CTRL_KEY_TRANS_DECRYPT // CMSG_CTRL_KEY_TRANS_DECRYPT
// //
// Decrypt an ENVELOPED message after it has been decoded for a key // Decrypt an ENVELOPED message after it has been decoded for a key
// transport recipient. // transport recipient.
// //
// hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec == // hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec ==
// 0, defaults to AT_KEYEXCHANGE. // 0, defaults to AT_KEYEXCHANGE.
// //
// hNCryptKey can be set to decrypt using a CNG private key.
//
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed // If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed
// to CryptMsgControl, then, the hCryptProv is released on the final // to CryptMsgControl, then, the hCryptProv is released on the final
// CryptMsgClose. Not released if CryptMsgControl fails. // CryptMsgClose. Not released if CryptMsgControl fails. Also applies
// to freeing the hNCryptKey.
// //
// pKeyTrans points to the CMSG_KEY_TRANS_RECIPIENT_INFO obtained via // pKeyTrans points to the CMSG_KEY_TRANS_RECIPIENT_INFO obtained via
// CryptMsgGetParam(CMSG_CMS_RECIPIENT_INFO_PARAM) // CryptMsgGetParam(CMSG_CMS_RECIPIENT_INFO_PARAM)
// //
// dwRecipientIndex is the index of the recipient in the message associated // dwRecipientIndex is the index of the recipient in the message associated
// with the hCryptProv's private key. // with the hCryptProv's or hNCryptKey's private key.
// //
// Note, the message can only be decrypted once. // Note, the message can only be decrypted once.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_KEY_TRANS_DECRYPT_PARA { typedef struct _CMSG_CTRL_KEY_TRANS_DECRYPT_PARA {
DWORD cbSize; DWORD cbSize;
HCRYPTPROV hCryptProv; // NCryptIsKeyHandle() is called to determine the union choice.
union {
HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey;
};
// not applicable for hNCryptKey choice
DWORD dwKeySpec; DWORD dwKeySpec;
PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans; PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
} CMSG_CTRL_KEY_TRANS_DECRYPT_PARA, *PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA; } CMSG_CTRL_KEY_TRANS_DECRYPT_PARA, *PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_CTRL_KEY_AGREE_DECRYPT // CMSG_CTRL_KEY_AGREE_DECRYPT
// //
// Decrypt an ENVELOPED message after it has been decoded for a key // Decrypt an ENVELOPED message after it has been decoded for a key
// agreement recipient. // agreement recipient.
// //
skipping to change at line 6234 skipping to change at line 7667
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_CTRL_KEY_AGREE_DECRYPT // CMSG_CTRL_KEY_AGREE_DECRYPT
// //
// Decrypt an ENVELOPED message after it has been decoded for a key // Decrypt an ENVELOPED message after it has been decoded for a key
// agreement recipient. // agreement recipient.
// //
// hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec == // hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec ==
// 0, defaults to AT_KEYEXCHANGE. // 0, defaults to AT_KEYEXCHANGE.
// //
// hNCryptKey can be set to decrypt using a CNG private key.
//
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed // If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed
// to CryptMsgControl, then, the hCryptProv is released on the final // to CryptMsgControl, then, the hCryptProv is released on the final
// CryptMsgClose. Not released if CryptMsgControl fails. // CryptMsgClose. Not released if CryptMsgControl fails. Also applies
// to freeing the hNCryptKey.
// //
// pKeyAgree points to the CMSG_KEY_AGREE_RECIPIENT_INFO obtained via // pKeyAgree points to the CMSG_KEY_AGREE_RECIPIENT_INFO obtained via
// CryptMsgGetParam(CMSG_CMS_RECIPIENT_INFO_PARAM) for dwRecipientIndex. // CryptMsgGetParam(CMSG_CMS_RECIPIENT_INFO_PARAM) for dwRecipientIndex.
// //
// dwRecipientIndex, dwRecipientEncryptedKeyIndex are the indices of the // dwRecipientIndex, dwRecipientEncryptedKeyIndex are the indices of the
// recipient's encrypted key in the message associated with the hCryptProv's // recipient's encrypted key in the message associated with the hCryptProv's
// private key. // or hNCryptKey's private key.
// //
// OriginatorPublicKey is the originator's public key obtained from either // OriginatorPublicKey is the originator's public key obtained from either
// the originator's certificate or the CMSG_KEY_AGREE_RECIPIENT_INFO obtained // the originator's certificate or the CMSG_KEY_AGREE_RECIPIENT_INFO obtained
// via the CMSG_CMS_RECIPIENT_INFO_PARAM. // via the CMSG_CMS_RECIPIENT_INFO_PARAM.
// //
// Note, the message can only be decrypted once. // Note, the message can only be decrypted once.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_KEY_AGREE_DECRYPT_PARA { typedef struct _CMSG_CTRL_KEY_AGREE_DECRYPT_PARA {
DWORD cbSize; DWORD cbSize;
HCRYPTPROV hCryptProv;
// NCryptIsKeyHandle() is called to determine the union choice.
union {
HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey;
};
// not applicable for hNCryptKey choice
DWORD dwKeySpec; DWORD dwKeySpec;
PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree; PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
DWORD dwRecipientEncryptedKeyIndex; DWORD dwRecipientEncryptedKeyIndex;
CRYPT_BIT_BLOB OriginatorPublicKey; CRYPT_BIT_BLOB OriginatorPublicKey;
} CMSG_CTRL_KEY_AGREE_DECRYPT_PARA, *PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA; } CMSG_CTRL_KEY_AGREE_DECRYPT_PARA, *PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_CTRL_MAIL_LIST_DECRYPT // CMSG_CTRL_MAIL_LIST_DECRYPT
// //
// Decrypt an ENVELOPED message after it has been decoded for a mail // Decrypt an ENVELOPED message after it has been decoded for a mail
skipping to change at line 6283 skipping to change at line 7727
// //
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed // If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed
// to CryptMsgControl, then, the hCryptProv is released on the final // to CryptMsgControl, then, the hCryptProv is released on the final
// CryptMsgClose. Not released if CryptMsgControl fails. // CryptMsgClose. Not released if CryptMsgControl fails.
// //
// For RC2 wrap, the effective key length is obtained from the // For RC2 wrap, the effective key length is obtained from the
// KeyEncryptionAlgorithm parameters and set on the hKeyEncryptionKey before // KeyEncryptionAlgorithm parameters and set on the hKeyEncryptionKey before
// decrypting. // decrypting.
// //
// Note, the message can only be decrypted once. // Note, the message can only be decrypted once.
//
// Mail list recipients aren't supported using CNG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_MAIL_LIST_DECRYPT_PARA { typedef struct _CMSG_CTRL_MAIL_LIST_DECRYPT_PARA {
DWORD cbSize; DWORD cbSize;
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList; PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
DWORD dwKeyChoice; DWORD dwKeyChoice;
union { union {
// CMSG_MAIL_LIST_HANDLE_KEY_CHOICE // CMSG_MAIL_LIST_HANDLE_KEY_CHOICE
HCRYPTKEY hKeyEncryptionKey; HCRYPTKEY hKeyEncryptionKey;
skipping to change at line 6433 skipping to change at line 7879
// ie. verify that pbSignerInfoCountersignature contains the encrypted // ie. verify that pbSignerInfoCountersignature contains the encrypted
// hash of the encryptedDigest field of pbSignerInfo. // hash of the encryptedDigest field of pbSignerInfo.
// //
// hCryptProv is used to hash the encryptedDigest field of pbSignerInfo. // hCryptProv is used to hash the encryptedDigest field of pbSignerInfo.
// The only fields referenced from pciCountersigner are SerialNumber, Issuer, // The only fields referenced from pciCountersigner are SerialNumber, Issuer,
// and SubjectPublicKeyInfo. // and SubjectPublicKeyInfo.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CryptMsgVerifyCountersignatureEncoded( CryptMsgVerifyCountersignatureEncoded(
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN PBYTE pbSignerInfo, __in_bcount(cbSignerInfo) PBYTE pbSignerInfo,
IN DWORD cbSignerInfo, __in DWORD cbSignerInfo,
IN PBYTE pbSignerInfoCountersignature, __in_bcount(cbSignerInfoCountersignature) PBYTE pbSignerInfoCountersignature
IN DWORD cbSignerInfoCountersignature, ,
IN PCERT_INFO pciCountersigner __in DWORD cbSignerInfoCountersignature,
__in PCERT_INFO pciCountersigner
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a countersignature, at the SignerInfo level. // Verify a countersignature, at the SignerInfo level.
// ie. verify that pbSignerInfoCountersignature contains the encrypted // ie. verify that pbSignerInfoCountersignature contains the encrypted
// hash of the encryptedDigest field of pbSignerInfo. // hash of the encryptedDigest field of pbSignerInfo.
// //
// hCryptProv is used to hash the encryptedDigest field of pbSignerInfo. // hCryptProv is used to hash the encryptedDigest field of pbSignerInfo.
// //
// The signer can be a CERT_PUBLIC_KEY_INFO, certificate context or a // The signer can be a CERT_PUBLIC_KEY_INFO, certificate context or a
// chain context. // chain context.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CryptMsgVerifyCountersignatureEncodedEx( CryptMsgVerifyCountersignatureEncodedEx(
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN PBYTE pbSignerInfo, __in_bcount(cbSignerInfo) PBYTE pbSignerInfo,
IN DWORD cbSignerInfo, __in DWORD cbSignerInfo,
IN PBYTE pbSignerInfoCountersignature, __in_bcount(cbSignerInfoCountersignature) PBYTE pbSignerInfoCountersignature
IN DWORD cbSignerInfoCountersignature, ,
IN DWORD dwSignerType, __in DWORD cbSignerInfoCountersignature,
IN void *pvSigner, __in DWORD dwSignerType,
IN DWORD dwFlags, __in void *pvSigner,
IN OPTIONAL void *pvReserved __reserved DWORD dwFlags,
__reserved void *pvReserved
); );
// See CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA for dwSignerType definitions // See CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA for dwSignerType definitions
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Countersign an already-existing signature in a message // Countersign an already-existing signature in a message
// //
// dwIndex is a zero-based index of the SignerInfo to be countersigned. // dwIndex is a zero-based index of the SignerInfo to be countersigned.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CryptMsgCountersign( CryptMsgCountersign(
IN OUT HCRYPTMSG hCryptMsg, __in HCRYPTMSG hCryptMsg,
IN DWORD dwIndex, __in DWORD dwIndex,
IN DWORD cCountersigners, __in DWORD cCountersigners,
IN PCMSG_SIGNER_ENCODE_INFO rgCountersigners __in_ecount(cCountersigners) PCMSG_SIGNER_ENCODE_INFO rgCountersigners
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Countersign an already-existing signature (encoded SignerInfo). // Countersign an already-existing signature (encoded SignerInfo).
// Output an encoded SignerInfo blob, suitable for use as a countersignature // Output an encoded SignerInfo blob, suitable for use as a countersignature
// attribute in the unauthenticated attributes of a signed-data or // attribute in the unauthenticated attributes of a signed-data or
// signed-and-enveloped-data message. // signed-and-enveloped-data message.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CryptMsgCountersignEncoded( CryptMsgCountersignEncoded(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN PBYTE pbSignerInfo, __in_bcount(cbSignerInfo) PBYTE pbSignerInfo,
IN DWORD cbSignerInfo, __in DWORD cbSignerInfo,
IN DWORD cCountersigners, __in DWORD cCountersigners,
IN PCMSG_SIGNER_ENCODE_INFO rgCountersigners, __in_ecount(cCountersigners) PCMSG_SIGNER_ENCODE_INFO rgCountersigners,
OUT PBYTE pbCountersignature, __out_bcount_part_opt(*pcbCountersignature, *pcbCountersignature) PBYTE pbCo
IN OUT PDWORD pcbCountersignature untersignature,
__inout PDWORD pcbCountersignature
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CryptMsg OID installable functions // CryptMsg OID installable functions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef void * (WINAPI *PFN_CMSG_ALLOC) ( typedef void * (WINAPI *PFN_CMSG_ALLOC) (
IN size_t cb __in size_t cb
); );
typedef void (WINAPI *PFN_CMSG_FREE)( typedef void (WINAPI *PFN_CMSG_FREE)(
IN void *pv __inout void *pv
); );
// Note, the following 3 installable functions are obsolete and have been // Note, the following 3 installable functions are obsolete and have been
// replaced with GenContentEncryptKey, ExportKeyTrans, ExportKeyAgree, // replaced with GenContentEncryptKey, ExportKeyTrans, ExportKeyAgree,
// ExportMailList, ImportKeyTrans, ImportKeyAgree and ImportMailList // ExportMailList, ImportKeyTrans, ImportKeyAgree and ImportMailList
// installable functions. // installable functions.
// If *phCryptProv is NULL upon entry, then, if supported, the installable // If *phCryptProv is NULL upon entry, then, if supported, the installable
// function should acquire a default provider and return. Note, its up // function should acquire a default provider and return. Note, its up
// to the installable function to release at process detach. // to the installable function to release at process detach.
// //
// If paiEncrypt->Parameters.cbData is 0, then, the callback may optionally // If paiEncrypt->Parameters.cbData is 0, then, the callback may optionally
// return default encoded parameters in *ppbEncryptParameters and // return default encoded parameters in *ppbEncryptParameters and
// *pcbEncryptParameters. pfnAlloc must be called for the allocation. // *pcbEncryptParameters. pfnAlloc must be called for the allocation.
#define CMSG_OID_GEN_ENCRYPT_KEY_FUNC "CryptMsgDllGenEncryptKey" #define CMSG_OID_GEN_ENCRYPT_KEY_FUNC "CryptMsgDllGenEncryptKey"
typedef BOOL (WINAPI *PFN_CMSG_GEN_ENCRYPT_KEY) ( typedef __success(return == TRUE) BOOL (WINAPI *PFN_CMSG_GEN_ENCRYPT_KEY) (
IN OUT HCRYPTPROV *phCryptProv, __inout HCRYPTPROV *phCryptProv,
IN PCRYPT_ALGORITHM_IDENTIFIER paiEncrypt, __in PCRYPT_ALGORITHM_IDENTIFIER paiEncrypt,
IN PVOID pvEncryptAuxInfo, __in_opt PVOID pvEncryptAuxInfo,
IN PCERT_PUBLIC_KEY_INFO pPublicKeyInfo, __in PCERT_PUBLIC_KEY_INFO pPublicKeyInfo,
IN PFN_CMSG_ALLOC pfnAlloc, __callback PFN_CMSG_ALLOC pfnAlloc,
OUT HCRYPTKEY *phEncryptKey, __out HCRYPTKEY *phEncryptKey,
OUT PBYTE *ppbEncryptParameters, __deref_out_bcount(*pcbEncryptParameters) PBYTE *ppbEncryptParameters,
OUT PDWORD pcbEncryptParameters __out PDWORD pcbEncryptParameters
); );
#define CMSG_OID_EXPORT_ENCRYPT_KEY_FUNC "CryptMsgDllExportEncryptKey" #define CMSG_OID_EXPORT_ENCRYPT_KEY_FUNC "CryptMsgDllExportEncryptKey"
typedef BOOL (WINAPI *PFN_CMSG_EXPORT_ENCRYPT_KEY) ( typedef BOOL (WINAPI *PFN_CMSG_EXPORT_ENCRYPT_KEY) (
IN HCRYPTPROV hCryptProv, __in HCRYPTPROV hCryptProv,
IN HCRYPTKEY hEncryptKey, __in HCRYPTKEY hEncryptKey,
IN PCERT_PUBLIC_KEY_INFO pPublicKeyInfo, __in PCERT_PUBLIC_KEY_INFO pPublicKeyInfo,
OUT PBYTE pbData, __out_bcount_part_opt(*pcbData, *pcbData) PBYTE pbData,
IN OUT PDWORD pcbData __inout PDWORD pcbData
); );
#define CMSG_OID_IMPORT_ENCRYPT_KEY_FUNC "CryptMsgDllImportEncryptKey" #define CMSG_OID_IMPORT_ENCRYPT_KEY_FUNC "CryptMsgDllImportEncryptKey"
typedef BOOL (WINAPI *PFN_CMSG_IMPORT_ENCRYPT_KEY) ( typedef BOOL (WINAPI *PFN_CMSG_IMPORT_ENCRYPT_KEY) (
IN HCRYPTPROV hCryptProv, __in HCRYPTPROV hCryptProv,
IN DWORD dwKeySpec, __in DWORD dwKeySpec,
IN PCRYPT_ALGORITHM_IDENTIFIER paiEncrypt, __in PCRYPT_ALGORITHM_IDENTIFIER paiEncrypt,
IN PCRYPT_ALGORITHM_IDENTIFIER paiPubKey, __in PCRYPT_ALGORITHM_IDENTIFIER paiPubKey,
IN PBYTE pbEncodedKey, __in_bcount(cbEncodedKey) PBYTE pbEncodedKey,
IN DWORD cbEncodedKey, __in DWORD cbEncodedKey,
OUT HCRYPTKEY *phEncryptKey __out HCRYPTKEY *phEncryptKey
); );
// To get the default installable function for GenContentEncryptKey, // To get the default installable function for GenContentEncryptKey,
// ExportKeyTrans, ExportKeyAgree, ExportMailList, ImportKeyTrans, // ExportKeyTrans, ExportKeyAgree, ExportMailList, ImportKeyTrans,
// ImportKeyAgree or ImportMailList call CryptGetOIDFunctionAddress() // ImportKeyAgree or ImportMailList call CryptGetOIDFunctionAddress()
// with the pszOID argument set to the following constant. dwEncodingType // with the pszOID argument set to the following constant. dwEncodingType
// should be set to CRYPT_ASN_ENCODING or X509_ASN_ENCODING. // should be set to CRYPT_ASN_ENCODING or X509_ASN_ENCODING.
#define CMSG_DEFAULT_INSTALLABLE_FUNC_OID ((LPCSTR) 1) #define CMSG_DEFAULT_INSTALLABLE_FUNC_OID ((LPCSTR) 1)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Content Encrypt Info // Content Encrypt Info
// //
// The following data structure contains the information shared between // The following data structure contains the information shared between
// the GenContentEncryptKey and the ExportKeyTrans, ExportKeyAgree and // the GenContentEncryptKey and the ExportKeyTrans, ExportKeyAgree and
// ExportMailList installable functions. // ExportMailList installable functions.
//
// For a ContentEncryptionAlgorithm.pszObjId having a "Special" algid, only
// supported via CNG, for example, AES, then, fCNG will be set.
// fCNG will also be set to TRUE for any ECC agreement or OAEP RSA transport
// recipients.
//
// When, fCNG is TRUE, the hCNGContentEncryptKey choice is selected and
// pbCNGContentEncryptKeyObject and pbContentEncryptKey will be pfnAlloc'ed.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_CONTENT_ENCRYPT_INFO { typedef struct _CMSG_CONTENT_ENCRYPT_INFO {
DWORD cbSize; DWORD cbSize;
HCRYPTPROV hCryptProv; HCRYPTPROV_LEGACY hCryptProv;
CRYPT_ALGORITHM_IDENTIFIER ContentEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER ContentEncryptionAlgorithm;
void *pvEncryptionAuxInfo; void *pvEncryptionAuxInfo;
DWORD cRecipients; DWORD cRecipients;
PCMSG_RECIPIENT_ENCODE_INFO rgCmsRecipients; PCMSG_RECIPIENT_ENCODE_INFO rgCmsRecipients;
PFN_CMSG_ALLOC pfnAlloc; PFN_CMSG_ALLOC pfnAlloc;
PFN_CMSG_FREE pfnFree; PFN_CMSG_FREE pfnFree;
DWORD dwEncryptFlags; DWORD dwEncryptFlags;
HCRYPTKEY hContentEncryptKey; union {
// fCNG == FALSE
HCRYPTKEY hContentEncryptKey;
// fCNG == TRUE
BCRYPT_KEY_HANDLE hCNGContentEncryptKey;
};
DWORD dwFlags; DWORD dwFlags;
BOOL fCNG;
// When fCNG == TRUE, pfnAlloc'ed
BYTE *pbCNGContentEncryptKeyObject;
BYTE *pbContentEncryptKey;
DWORD cbContentEncryptKey;
} CMSG_CONTENT_ENCRYPT_INFO, *PCMSG_CONTENT_ENCRYPT_INFO; } CMSG_CONTENT_ENCRYPT_INFO, *PCMSG_CONTENT_ENCRYPT_INFO;
#define CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG 0x00000001 #define CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG 0x00000001
#define CMSG_CONTENT_ENCRYPT_FREE_PARA_FLAG 0x00000001 #define CMSG_CONTENT_ENCRYPT_FREE_PARA_FLAG 0x00000001
#define CMSG_CONTENT_ENCRYPT_FREE_OBJID_FLAG 0x00000002
#define CMSG_CONTENT_ENCRYPT_RELEASE_CONTEXT_FLAG 0x00008000 #define CMSG_CONTENT_ENCRYPT_RELEASE_CONTEXT_FLAG 0x00008000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Upon input, ContentEncryptInfo has been initialized from the // Upon input, ContentEncryptInfo has been initialized from the
// EnvelopedEncodeInfo. // EnvelopedEncodeInfo.
// //
// Note, if rgpRecipients instead of rgCmsRecipients are set in the // Note, if rgpRecipients instead of rgCmsRecipients are set in the
// EnvelopedEncodeInfo, then, the rgpRecipients have been converted // EnvelopedEncodeInfo, then, the rgpRecipients have been converted
// to rgCmsRecipients in the ContentEncryptInfo. // to rgCmsRecipients in the ContentEncryptInfo.
// //
// The following fields may be changed in ContentEncryptInfo: // For fCNG == FALSE, the following fields may be changed in ContentEncryptInfo:
// hContentEncryptKey // hContentEncryptKey
// hCryptProv // hCryptProv
// ContentEncryptionAlgorithm.pszObjId
// ContentEncryptionAlgorithm.Parameters
// dwFlags
//
// For fCNG == TRUE, the following fields may be changed in ContentEncryptInfo:
// hCNGContentEncryptKey
// pbCNGContentEncryptKeyObject
// pbContentEncryptKey
// cbContentEncryptKey
// ContentEncryptionAlgorithm.pszObjId
// ContentEncryptionAlgorithm.Parameters // ContentEncryptionAlgorithm.Parameters
// dwFlags // dwFlags
// //
// All other fields in the ContentEncryptInfo are READONLY. // All other fields in the ContentEncryptInfo are READONLY.
// //
// If CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG is set upon entry // If CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG is set upon entry
// in dwEncryptFlags, then, any potentially variable length encoded // in dwEncryptFlags, then, any potentially variable length encoded
// output should be padded with zeroes to always obtain the // output should be padded with zeroes to always obtain the
// same maximum encoded length. This is necessary for // same maximum encoded length. This is necessary for
// CryptMsgCalculateEncodedLength() or CryptMsgOpenToEncode() with // CryptMsgCalculateEncodedLength() or CryptMsgOpenToEncode() with
// definite length streaming. // definite length streaming.
// //
// The hContentEncryptKey must be updated. // For fCNG == FALSE:
// The hContentEncryptKey must be updated.
// //
// If hCryptProv is NULL upon input, then, it must be updated. // If hCryptProv is NULL upon input, then, it must be updated.
// If a HCRYPTPROV is acquired that must be released, then, the // If a HCRYPTPROV is acquired that must be released, then, the
// CMSG_CONTENT_ENCRYPT_RELEASE_CONTEXT_FLAG must be set in dwFlags. // CMSG_CONTENT_ENCRYPT_RELEASE_CONTEXT_FLAG must be set in dwFlags.
// Otherwise, for fCNG == TRUE:
// The hCNGContentEncryptKey and cbContentEncryptKey must be updated and
// pbCNGContentEncryptKeyObject and pbContentEncryptKey pfnAlloc'ed.
// This key will be freed and destroyed when hCryptMsg is closed.
// //
// If ContentEncryptionAlgorithm.pszObjId is changed, then, the
// CMSG_CONTENT_ENCRYPT_FREE_OBJID_FLAG must be set in dwFlags.
// If ContentEncryptionAlgorithm.Parameters is updated, then, the // If ContentEncryptionAlgorithm.Parameters is updated, then, the
// CMSG_CONTENT_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags. pfnAlloc and // CMSG_CONTENT_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags. pfnAlloc and
// pfnFree must be used for doing the allocation. // pfnFree must be used for doing the allocation.
// //
// ContentEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress. // ContentEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The following CAPI1 installable function is called when fCNG == FALSE.
#define CMSG_OID_GEN_CONTENT_ENCRYPT_KEY_FUNC "CryptMsgDllGenContentEncryptKey" #define CMSG_OID_GEN_CONTENT_ENCRYPT_KEY_FUNC "CryptMsgDllGenContentEncryptKey"
#define CMSG_OID_CAPI1_GEN_CONTENT_ENCRYPT_KEY_FUNC CMSG_OID_GEN_CONTENT_ENCRYPT
_KEY_FUNC
typedef BOOL (WINAPI *PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY) ( typedef BOOL (WINAPI *PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY) (
IN OUT PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo, __inout PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved __reserved void *pvReserved
); );
// The following installable function is called when fCNG == TRUE. It has the
// same API signature as for the above
// CMSG_OID_CAPI1_GEN_CONTENT_ENCRYPT_KEY_FUNC.
#define CMSG_OID_CNG_GEN_CONTENT_ENCRYPT_KEY_FUNC "CryptMsgDllCNGGenContentEncr
yptKey"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Key Transport Encrypt Info // Key Transport Encrypt Info
// //
// The following data structure contains the information updated by the // The following data structure contains the information updated by the
// ExportKeyTrans installable function. // ExportKeyTrans installable function.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_KEY_TRANS_ENCRYPT_INFO { typedef struct _CMSG_KEY_TRANS_ENCRYPT_INFO {
DWORD cbSize; DWORD cbSize;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
CRYPT_DATA_BLOB EncryptedKey; CRYPT_DATA_BLOB EncryptedKey;
DWORD dwFlags; DWORD dwFlags;
} CMSG_KEY_TRANS_ENCRYPT_INFO, *PCMSG_KEY_TRANS_ENCRYPT_INFO; } CMSG_KEY_TRANS_ENCRYPT_INFO, *PCMSG_KEY_TRANS_ENCRYPT_INFO;
#define CMSG_KEY_TRANS_ENCRYPT_FREE_PARA_FLAG 0x00000001 #define CMSG_KEY_TRANS_ENCRYPT_FREE_PARA_FLAG 0x00000001
#define CMSG_KEY_TRANS_ENCRYPT_FREE_OBJID_FLAG 0x00000002
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Upon input, KeyTransEncryptInfo has been initialized from the // Upon input, KeyTransEncryptInfo has been initialized from the
// KeyTransEncodeInfo. // KeyTransEncodeInfo.
// //
// The following fields may be changed in KeyTransEncryptInfo: // The following fields may be changed in KeyTransEncryptInfo:
// EncryptedKey // EncryptedKey
// KeyEncryptionAlgorithm.pszObjId
// KeyEncryptionAlgorithm.Parameters // KeyEncryptionAlgorithm.Parameters
// dwFlags // dwFlags
// //
// All other fields in the KeyTransEncryptInfo are READONLY. // All other fields in the KeyTransEncryptInfo are READONLY.
// //
// The EncryptedKey must be updated. The pfnAlloc and pfnFree specified in // The EncryptedKey must be updated. The pfnAlloc and pfnFree specified in
// ContentEncryptInfo must be used for doing the allocation. // ContentEncryptInfo must be used for doing the allocation.
// //
// If the KeyEncryptionAlgorithm.pszObjId is changed, then, the
// CMSG_KEY_TRANS_ENCRYPT_FREE_OBJID_FLAG must be set in dwFlags.
// If the KeyEncryptionAlgorithm.Parameters is updated, then, the // If the KeyEncryptionAlgorithm.Parameters is updated, then, the
// CMSG_KEY_TRANS_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags. // CMSG_KEY_TRANS_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags.
// The pfnAlloc and pfnFree specified in ContentEncryptInfo must be used // The pfnAlloc and pfnFree specified in ContentEncryptInfo must be used
// for doing the allocation. // for doing the allocation.
// //
// KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress. // KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The following CAPI1 installable function is called when
// pContentEncryptInfo->fCNG == FALSE.
#define CMSG_OID_EXPORT_KEY_TRANS_FUNC "CryptMsgDllExportKeyTrans" #define CMSG_OID_EXPORT_KEY_TRANS_FUNC "CryptMsgDllExportKeyTrans"
#define CMSG_OID_CAPI1_EXPORT_KEY_TRANS_FUNC CMSG_OID_EXPORT_KEY_TRANS_FUNC
typedef BOOL (WINAPI *PFN_CMSG_EXPORT_KEY_TRANS) ( typedef BOOL (WINAPI *PFN_CMSG_EXPORT_KEY_TRANS) (
IN PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo, __in PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo,
IN PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO pKeyTransEncodeInfo, __in PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO pKeyTransEncodeInfo,
IN OUT PCMSG_KEY_TRANS_ENCRYPT_INFO pKeyTransEncryptInfo, __inout PCMSG_KEY_TRANS_ENCRYPT_INFO pKeyTransEncryptInfo,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved __reserved void *pvReserved
); );
// The following CNG installable function is called when
// pContentEncryptInfo->fCNG == TRUE. It has the same API signature as for
// the above CMSG_OID_CAPI1_EXPORT_KEY_TRANS_FUNC.
#define CMSG_OID_CNG_EXPORT_KEY_TRANS_FUNC "CryptMsgDllCNGExportKeyTrans"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Key Agree Key Encrypt Info // Key Agree Key Encrypt Info
// //
// The following data structure contains the information updated by the // The following data structure contains the information updated by the
// ExportKeyAgree installable function for each encrypted key agree // ExportKeyAgree installable function for each encrypted key agree
// recipient. // recipient.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_KEY_AGREE_KEY_ENCRYPT_INFO { typedef struct _CMSG_KEY_AGREE_KEY_ENCRYPT_INFO {
DWORD cbSize; DWORD cbSize;
CRYPT_DATA_BLOB EncryptedKey; CRYPT_DATA_BLOB EncryptedKey;
skipping to change at line 6718 skipping to change at line 8223
DWORD cKeyAgreeKeyEncryptInfo; DWORD cKeyAgreeKeyEncryptInfo;
PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO *rgpKeyAgreeKeyEncryptInfo; PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO *rgpKeyAgreeKeyEncryptInfo;
DWORD dwFlags; DWORD dwFlags;
} CMSG_KEY_AGREE_ENCRYPT_INFO, *PCMSG_KEY_AGREE_ENCRYPT_INFO; } CMSG_KEY_AGREE_ENCRYPT_INFO, *PCMSG_KEY_AGREE_ENCRYPT_INFO;
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG 0x00000001 #define CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG 0x00000001
#define CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG 0x00000002 #define CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG 0x00000002
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_ALG_FLAG 0x00000004 #define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_ALG_FLAG 0x00000004
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_PARA_FLAG 0x00000008 #define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_PARA_FLAG 0x00000008
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_BITS_FLAG 0x00000010 #define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_BITS_FLAG 0x00000010
#define CMSG_KEY_AGREE_ENCRYPT_FREE_OBJID_FLAG 0x00000020
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Upon input, KeyAgreeEncryptInfo has been initialized from the // Upon input, KeyAgreeEncryptInfo has been initialized from the
// KeyAgreeEncodeInfo. // KeyAgreeEncodeInfo.
// //
// The following fields may be changed in KeyAgreeEncryptInfo: // The following fields may be changed in KeyAgreeEncryptInfo:
// KeyEncryptionAlgorithm.pszObjId
// KeyEncryptionAlgorithm.Parameters // KeyEncryptionAlgorithm.Parameters
// UserKeyingMaterial // UserKeyingMaterial
// dwOriginatorChoice // dwOriginatorChoice
// OriginatorCertId // OriginatorCertId
// OriginatorPublicKeyInfo // OriginatorPublicKeyInfo
// dwFlags // dwFlags
// //
// All other fields in the KeyAgreeEncryptInfo are READONLY. // All other fields in the KeyAgreeEncryptInfo are READONLY.
// //
// If the KeyEncryptionAlgorithm.pszObjId is changed, then, the
// CMSG_KEY_AGREE_ENCRYPT_FREE_OBJID_FLAG must be set in dwFlags.
// If the KeyEncryptionAlgorithm.Parameters is updated, then, the // If the KeyEncryptionAlgorithm.Parameters is updated, then, the
// CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags. // CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags.
// The pfnAlloc and pfnFree specified in ContentEncryptInfo must be used // The pfnAlloc and pfnFree specified in ContentEncryptInfo must be used
// for doing the allocation. // for doing the allocation.
// //
// If the UserKeyingMaterial is updated, then, the // If the UserKeyingMaterial is updated, then, the
// CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG must be set in dwFlags. // CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG must be set in dwFlags.
// pfnAlloc and pfnFree must be used for doing the allocation. // pfnAlloc and pfnFree must be used for doing the allocation.
// //
// The dwOriginatorChoice must be updated to either // The dwOriginatorChoice must be updated to either
skipping to change at line 6762 skipping to change at line 8271
// same maximum encoded length. Note, the length of the generated ephemeral Y // same maximum encoded length. Note, the length of the generated ephemeral Y
// public key can vary depending on the number of leading zero bits. // public key can vary depending on the number of leading zero bits.
// //
// Upon input, the array of *rgpKeyAgreeKeyEncryptInfo has been initialized. // Upon input, the array of *rgpKeyAgreeKeyEncryptInfo has been initialized.
// The EncryptedKey must be updated for each recipient key. // The EncryptedKey must be updated for each recipient key.
// The pfnAlloc and pfnFree specified in // The pfnAlloc and pfnFree specified in
// ContentEncryptInfo must be used for doing the allocation. // ContentEncryptInfo must be used for doing the allocation.
// //
// KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress. // KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The following CAPI1 installable function is called when
// pContentEncryptInfo->fCNG == FALSE.
#define CMSG_OID_EXPORT_KEY_AGREE_FUNC "CryptMsgDllExportKeyAgree" #define CMSG_OID_EXPORT_KEY_AGREE_FUNC "CryptMsgDllExportKeyAgree"
#define CMSG_OID_CAPI1_EXPORT_KEY_AGREE_FUNC CMSG_OID_EXPORT_KEY_AGREE_FUNC
typedef BOOL (WINAPI *PFN_CMSG_EXPORT_KEY_AGREE) ( typedef BOOL (WINAPI *PFN_CMSG_EXPORT_KEY_AGREE) (
IN PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo, __in PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo,
IN PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO pKeyAgreeEncodeInfo, __in PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO pKeyAgreeEncodeInfo,
IN OUT PCMSG_KEY_AGREE_ENCRYPT_INFO pKeyAgreeEncryptInfo, __inout PCMSG_KEY_AGREE_ENCRYPT_INFO pKeyAgreeEncryptInfo,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved __reserved void *pvReserved
); );
// The following CNG installable function is called when
// pContentEncryptInfo->fCNG == TRUE. It has the same API signature as for
// the above CMSG_OID_CAPI1_EXPORT_KEY_AGREE_FUNC.
#define CMSG_OID_CNG_EXPORT_KEY_AGREE_FUNC "CryptMsgDllCNGExportKeyAgree"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Mail List Encrypt Info // Mail List Encrypt Info
// //
// The following data structure contains the information updated by the // The following data structure contains the information updated by the
// ExportMailList installable function. // ExportMailList installable function.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_MAIL_LIST_ENCRYPT_INFO { typedef struct _CMSG_MAIL_LIST_ENCRYPT_INFO {
DWORD cbSize; DWORD cbSize;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
CRYPT_DATA_BLOB EncryptedKey; CRYPT_DATA_BLOB EncryptedKey;
DWORD dwFlags; DWORD dwFlags;
} CMSG_MAIL_LIST_ENCRYPT_INFO, *PCMSG_MAIL_LIST_ENCRYPT_INFO; } CMSG_MAIL_LIST_ENCRYPT_INFO, *PCMSG_MAIL_LIST_ENCRYPT_INFO;
#define CMSG_MAIL_LIST_ENCRYPT_FREE_PARA_FLAG 0x00000001 #define CMSG_MAIL_LIST_ENCRYPT_FREE_PARA_FLAG 0x00000001
#define CMSG_MAIL_LIST_ENCRYPT_FREE_OBJID_FLAG 0x00000002
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Upon input, MailListEncryptInfo has been initialized from the // Upon input, MailListEncryptInfo has been initialized from the
// MailListEncodeInfo. // MailListEncodeInfo.
// //
// The following fields may be changed in MailListEncryptInfo: // The following fields may be changed in MailListEncryptInfo:
// EncryptedKey // EncryptedKey
// KeyEncryptionAlgorithm.pszObjId
// KeyEncryptionAlgorithm.Parameters // KeyEncryptionAlgorithm.Parameters
// dwFlags // dwFlags
// //
// All other fields in the MailListEncryptInfo are READONLY. // All other fields in the MailListEncryptInfo are READONLY.
// //
// The EncryptedKey must be updated. The pfnAlloc and pfnFree specified in // The EncryptedKey must be updated. The pfnAlloc and pfnFree specified in
// ContentEncryptInfo must be used for doing the allocation. // ContentEncryptInfo must be used for doing the allocation.
// //
// If the KeyEncryptionAlgorithm.pszObjId is changed, then, the
// CMSG_MAIL_LIST_ENCRYPT_FREE_OBJID_FLAG must be set in dwFlags.
// If the KeyEncryptionAlgorithm.Parameters is updated, then, the // If the KeyEncryptionAlgorithm.Parameters is updated, then, the
// CMSG_MAIL_LIST_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags. // CMSG_MAIL_LIST_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags.
// The pfnAlloc and pfnFree specified in ContentEncryptInfo must be used // The pfnAlloc and pfnFree specified in ContentEncryptInfo must be used
// for doing the allocation. // for doing the allocation.
// //
// KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress. // KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//
// Note, only has a CAPI1 installable function. No CNG installable function.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The following CAPI1 installable function is called when
// pContentEncryptInfo->fCNG == FALSE.
#define CMSG_OID_EXPORT_MAIL_LIST_FUNC "CryptMsgDllExportMailList" #define CMSG_OID_EXPORT_MAIL_LIST_FUNC "CryptMsgDllExportMailList"
#define CMSG_OID_CAPI1_EXPORT_MAIL_LIST_FUNC CMSG_OID_EXPORT_MAIL_LIST_FUNC
typedef BOOL (WINAPI *PFN_CMSG_EXPORT_MAIL_LIST) ( typedef BOOL (WINAPI *PFN_CMSG_EXPORT_MAIL_LIST) (
IN PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo, __in PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo,
IN PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO pMailListEncodeInfo, __in PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO pMailListEncodeInfo,
IN OUT PCMSG_MAIL_LIST_ENCRYPT_INFO pMailListEncryptInfo, __inout PCMSG_MAIL_LIST_ENCRYPT_INFO pMailListEncryptInfo,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved __reserved void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// OID Installable functions for importing an encoded and encrypted content // CAPI1 OID Installable functions for importing an encoded and encrypted
// encryption key. // content encryption key.
// //
// There's a different installable function for each CMS Recipient choice: // There's a different installable function for each CMS Recipient choice:
// ImportKeyTrans // ImportKeyTrans
// ImportKeyAgree // ImportKeyAgree
// ImportMailList // ImportMailList
// //
// Iterates through the following OIDs to get the OID installable function: // Iterates through the following OIDs to get the OID installable function:
// KeyEncryptionOID!ContentEncryptionOID // KeyEncryptionOID!ContentEncryptionOID
// KeyEncryptionOID // KeyEncryptionOID
// ContentEncryptionOID // ContentEncryptionOID
// //
// If the OID installable function doesn't support the specified // If the OID installable function doesn't support the specified
// KeyEncryption and ContentEncryption OIDs, then, return FALSE with // KeyEncryption and ContentEncryption OIDs, then, return FALSE with
// LastError set to E_NOTIMPL. // LastError set to E_NOTIMPL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMSG_OID_IMPORT_KEY_TRANS_FUNC "CryptMsgDllImportKeyTrans" #define CMSG_OID_IMPORT_KEY_TRANS_FUNC "CryptMsgDllImportKeyTrans"
#define CMSG_OID_CAPI1_IMPORT_KEY_TRANS_FUNC CMSG_OID_IMPORT_KEY_TRANS_FUNC
typedef BOOL (WINAPI *PFN_CMSG_IMPORT_KEY_TRANS) ( typedef BOOL (WINAPI *PFN_CMSG_IMPORT_KEY_TRANS) (
IN PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm, __in PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm,
IN PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA pKeyTransDecryptPara, __in PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA pKeyTransDecryptPara,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
OUT HCRYPTKEY *phContentEncryptKey __out HCRYPTKEY *phContentEncryptKey
); );
#define CMSG_OID_IMPORT_KEY_AGREE_FUNC "CryptMsgDllImportKeyAgree" #define CMSG_OID_IMPORT_KEY_AGREE_FUNC "CryptMsgDllImportKeyAgree"
#define CMSG_OID_CAPI1_IMPORT_KEY_AGREE_FUNC CMSG_OID_IMPORT_KEY_AGREE_FUNC
typedef BOOL (WINAPI *PFN_CMSG_IMPORT_KEY_AGREE) ( typedef BOOL (WINAPI *PFN_CMSG_IMPORT_KEY_AGREE) (
IN PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm, __in PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm,
IN PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA pKeyAgreeDecryptPara, __in PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA pKeyAgreeDecryptPara,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
OUT HCRYPTKEY *phContentEncryptKey __out HCRYPTKEY *phContentEncryptKey
); );
#define CMSG_OID_IMPORT_MAIL_LIST_FUNC "CryptMsgDllImportMailList" #define CMSG_OID_IMPORT_MAIL_LIST_FUNC "CryptMsgDllImportMailList"
#define CMSG_OID_CAPI1_IMPORT_MAIL_LIST_FUNC CMSG_OID_IMPORT_MAIL_LIST_FUNC
typedef BOOL (WINAPI *PFN_CMSG_IMPORT_MAIL_LIST) ( typedef BOOL (WINAPI *PFN_CMSG_IMPORT_MAIL_LIST) (
IN PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm, __in PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm,
IN PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA pMailListDecryptPara, __in PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA pMailListDecryptPara,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
OUT HCRYPTKEY *phContentEncryptKey __out HCRYPTKEY *phContentEncryptKey
);
//+-------------------------------------------------------------------------
// CNG Content Decrypt Info
//
// The following data structure contains the information shared between
// CNGImportKeyTrans, CNGImportKeyAgree and CNGImportContentEncryptKey
// installable functions.
//
// pbContentEncryptKey and pbCNGContentEncryptKeyObject are allocated
// and freed via pfnAlloc and pfnFree.
//--------------------------------------------------------------------------
typedef struct _CMSG_CNG_CONTENT_DECRYPT_INFO {
DWORD cbSize;
CRYPT_ALGORITHM_IDENTIFIER ContentEncryptionAlgorithm;
PFN_CMSG_ALLOC pfnAlloc;
PFN_CMSG_FREE pfnFree;
// This key must be used over the one in the DecryptPara. An
// HCRYPTPROV in the DecryptPara may have been converted to a
// NCRYPT_KEY_HANDLE.
NCRYPT_KEY_HANDLE hNCryptKey;
BYTE *pbContentEncryptKey;
DWORD cbContentEncryptKey;
BCRYPT_KEY_HANDLE hCNGContentEncryptKey;
BYTE *pbCNGContentEncryptKeyObject;
} CMSG_CNG_CONTENT_DECRYPT_INFO, *PCMSG_CNG_CONTENT_DECRYPT_INFO;
//+-------------------------------------------------------------------------
// CNG OID Installable function for importing and decrypting a key transport
// recipient encrypted content encryption key.
//
// Upon input, CNGContentDecryptInfo has been initialized.
//
// The following fields must be updated using hNCryptKey to decrypt
// pKeyTransDecryptPara->pKeyTrans->EncryptedKey.
// pbContentEncryptKey (pfnAlloc'ed)
// cbContentEncryptKey
//
// All other fields in the CNGContentEncryptInfo are READONLY.
//
// pKeyTransDecryptPara->pKeyTrans->KeyEncryptionAlgorithm.pszObjId is used
// to get the OIDFunctionAddress.
//--------------------------------------------------------------------------
#define CMSG_OID_CNG_IMPORT_KEY_TRANS_FUNC "CryptMsgDllCNGImportKeyTrans"
typedef BOOL (WINAPI *PFN_CMSG_CNG_IMPORT_KEY_TRANS) (
__inout PCMSG_CNG_CONTENT_DECRYPT_INFO pCNGContentDecryptInfo,
__in PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA pKeyTransDecryptPara,
__in DWORD dwFlags,
__reserved void *pvReserved
);
//+-------------------------------------------------------------------------
// CNG OID Installable function for importing and decrypting a key agreement
// recipient encrypted content encryption key.
//
// Upon input, CNGContentDecryptInfo has been initialized.
//
// The following fields must be updated using hNCryptKey to decrypt
// pKeyAgreeDecryptPara->pKeyAgree->rgpRecipientEncryptedKeys[
// pKeyAgreeDecryptPara->dwRecipientEncryptedKeyIndex]->EncryptedKey.
// pbContentEncryptKey (pfnAlloc'ed)
// cbContentEncryptKey
//
// All other fields in the CNGContentEncryptInfo are READONLY.
//
// pKeyAgreeDecryptPara->pKeyAgree->KeyEncryptionAlgorithm.pszObjId is used
// to get the OIDFunctionAddress.
//--------------------------------------------------------------------------
#define CMSG_OID_CNG_IMPORT_KEY_AGREE_FUNC "CryptMsgDllCNGImportKeyAgree"
typedef BOOL (WINAPI *PFN_CMSG_CNG_IMPORT_KEY_AGREE) (
__inout PCMSG_CNG_CONTENT_DECRYPT_INFO pCNGContentDecryptInfo,
__in PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA pKeyAgreeDecryptPara,
__in DWORD dwFlags,
__reserved void *pvReserved
);
//+-------------------------------------------------------------------------
// CNG OID Installable function for importing an already decrypted
// content encryption key.
//
// Upon input, CNGContentDecryptInfo has been initialized.
//
// The following fields must be updated using pbContentEncryptKey and
// cbContentEncryptKey:
// hCNGContentEncryptKey
// pbCNGContentEncryptKeyObject (pfnAlloc'ed)
//
// The hCNGContentEncryptKey will be destroyed when hCryptMsg is closed.
//
// All other fields in the CNGContentEncryptInfo are READONLY.
//
// ContentEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//--------------------------------------------------------------------------
#define CMSG_OID_CNG_IMPORT_CONTENT_ENCRYPT_KEY_FUNC "CryptMsgDllCNGImportConte
ntEncryptKey"
typedef BOOL (WINAPI *PFN_CMSG_CNG_IMPORT_CONTENT_ENCRYPT_KEY) (
__inout PCMSG_CNG_CONTENT_DECRYPT_INFO pCNGContentDecryptInfo,
__in DWORD dwFlags,
__reserved void *pvReserved
); );
//+========================================================================= //+=========================================================================
// Certificate Store Data Structures and APIs // Certificate Store Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// In its most basic implementation, a cert store is simply a // In its most basic implementation, a cert store is simply a
// collection of certificates and/or CRLs. This is the case when // collection of certificates and/or CRLs. This is the case when
// a cert store is opened with all of its certificates and CRLs // a cert store is opened with all of its certificates and CRLs
skipping to change at line 6946 skipping to change at line 8577
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate context. // Certificate context.
// //
// A certificate context contains both the encoded and decoded representation // A certificate context contains both the encoded and decoded representation
// of a certificate. A certificate context returned by a cert store function // of a certificate. A certificate context returned by a cert store function
// must be freed by calling the CertFreeCertificateContext function. The // must be freed by calling the CertFreeCertificateContext function. The
// CertDuplicateCertificateContext function can be called to make a duplicate // CertDuplicateCertificateContext function can be called to make a duplicate
// copy (which also must be freed by calling CertFreeCertificateContext). // copy (which also must be freed by calling CertFreeCertificateContext).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT
typedef struct _CERT_CONTEXT { typedef struct _CERT_CONTEXT {
DWORD dwCertEncodingType; DWORD dwCertEncodingType;
BYTE *pbCertEncoded; BYTE *pbCertEncoded;
DWORD cbCertEncoded; DWORD cbCertEncoded;
PCERT_INFO pCertInfo; PCERT_INFO pCertInfo;
HCERTSTORE hCertStore; HCERTSTORE hCertStore;
} CERT_CONTEXT, *PCERT_CONTEXT; } CERT_CONTEXT, *PCERT_CONTEXT;
typedef const CERT_CONTEXT *PCCERT_CONTEXT; typedef const CERT_CONTEXT *PCCERT_CONTEXT;
// certenrolls_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRL context. // CRL context.
// //
// A CRL context contains both the encoded and decoded representation // A CRL context contains both the encoded and decoded representation
// of a CRL. A CRL context returned by a cert store function // of a CRL. A CRL context returned by a cert store function
// must be freed by calling the CertFreeCRLContext function. The // must be freed by calling the CertFreeCRLContext function. The
// CertDuplicateCRLContext function can be called to make a duplicate // CertDuplicateCRLContext function can be called to make a duplicate
// copy (which also must be freed by calling CertFreeCRLContext). // copy (which also must be freed by calling CertFreeCRLContext).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 6995 skipping to change at line 8628
BYTE *pbCtlEncoded; BYTE *pbCtlEncoded;
DWORD cbCtlEncoded; DWORD cbCtlEncoded;
PCTL_INFO pCtlInfo; PCTL_INFO pCtlInfo;
HCERTSTORE hCertStore; HCERTSTORE hCertStore;
HCRYPTMSG hCryptMsg; HCRYPTMSG hCryptMsg;
BYTE *pbCtlContent; BYTE *pbCtlContent;
DWORD cbCtlContent; DWORD cbCtlContent;
} CTL_CONTEXT, *PCTL_CONTEXT; } CTL_CONTEXT, *PCTL_CONTEXT;
typedef const CTL_CONTEXT *PCCTL_CONTEXT; typedef const CTL_CONTEXT *PCCTL_CONTEXT;
// certenrolld_begin -- CERT_*_PROP_ID
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate, CRL and CTL property IDs // Certificate, CRL and CTL property IDs
// //
// See CertSetCertificateContextProperty or CertGetCertificateContextProperty // See CertSetCertificateContextProperty or CertGetCertificateContextProperty
// for usage information. // for usage information.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_KEY_PROV_HANDLE_PROP_ID 1 #define CERT_KEY_PROV_HANDLE_PROP_ID 1
#define CERT_KEY_PROV_INFO_PROP_ID 2 #define CERT_KEY_PROV_INFO_PROP_ID 2 // CRYPT_KEY_PROV_INFO
#define CERT_SHA1_HASH_PROP_ID 3 #define CERT_SHA1_HASH_PROP_ID 3
#define CERT_MD5_HASH_PROP_ID 4 #define CERT_MD5_HASH_PROP_ID 4
#define CERT_HASH_PROP_ID CERT_SHA1_HASH_PROP_ID #define CERT_HASH_PROP_ID CERT_SHA1_HASH_PROP_ID
#define CERT_KEY_CONTEXT_PROP_ID 5 #define CERT_KEY_CONTEXT_PROP_ID 5
#define CERT_KEY_SPEC_PROP_ID 6 #define CERT_KEY_SPEC_PROP_ID 6
#define CERT_IE30_RESERVED_PROP_ID 7 #define CERT_IE30_RESERVED_PROP_ID 7
#define CERT_PUBKEY_HASH_RESERVED_PROP_ID 8 #define CERT_PUBKEY_HASH_RESERVED_PROP_ID 8
#define CERT_ENHKEY_USAGE_PROP_ID 9 #define CERT_ENHKEY_USAGE_PROP_ID 9
#define CERT_CTL_USAGE_PROP_ID CERT_ENHKEY_USAGE_PROP_ID #define CERT_CTL_USAGE_PROP_ID CERT_ENHKEY_USAGE_PROP_ID
#define CERT_NEXT_UPDATE_LOCATION_PROP_ID 10 #define CERT_NEXT_UPDATE_LOCATION_PROP_ID 10
#define CERT_FRIENDLY_NAME_PROP_ID 11 #define CERT_FRIENDLY_NAME_PROP_ID 11 // string
#define CERT_PVK_FILE_PROP_ID 12 #define CERT_PVK_FILE_PROP_ID 12
#define CERT_DESCRIPTION_PROP_ID 13 #define CERT_DESCRIPTION_PROP_ID 13 // string
#define CERT_ACCESS_STATE_PROP_ID 14 #define CERT_ACCESS_STATE_PROP_ID 14
#define CERT_SIGNATURE_HASH_PROP_ID 15 #define CERT_SIGNATURE_HASH_PROP_ID 15
#define CERT_SMART_CARD_DATA_PROP_ID 16 #define CERT_SMART_CARD_DATA_PROP_ID 16
#define CERT_EFS_PROP_ID 17 #define CERT_EFS_PROP_ID 17
#define CERT_FORTEZZA_DATA_PROP_ID 18 #define CERT_FORTEZZA_DATA_PROP_ID 18
#define CERT_ARCHIVED_PROP_ID 19 #define CERT_ARCHIVED_PROP_ID 19
#define CERT_KEY_IDENTIFIER_PROP_ID 20 #define CERT_KEY_IDENTIFIER_PROP_ID 20
#define CERT_AUTO_ENROLL_PROP_ID 21 #define CERT_AUTO_ENROLL_PROP_ID 21 // string:machine DNS name
#define CERT_PUBKEY_ALG_PARA_PROP_ID 22 #define CERT_PUBKEY_ALG_PARA_PROP_ID 22
#define CERT_CROSS_CERT_DIST_POINTS_PROP_ID 23 #define CERT_CROSS_CERT_DIST_POINTS_PROP_ID 23
#define CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID 24 #define CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID 24
#define CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID 25 #define CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID 25
#define CERT_ENROLLMENT_PROP_ID 26 #define CERT_ENROLLMENT_PROP_ID 26 // RequestId+CADNS+CACN+Friendly Name
#define CERT_DATE_STAMP_PROP_ID 27 #define CERT_DATE_STAMP_PROP_ID 27
#define CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID 28 #define CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID 28
#define CERT_SUBJECT_NAME_MD5_HASH_PROP_ID 29 #define CERT_SUBJECT_NAME_MD5_HASH_PROP_ID 29
#define CERT_EXTENDED_ERROR_INFO_PROP_ID 30 #define CERT_EXTENDED_ERROR_INFO_PROP_ID 30 // string
// Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs. // Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs.
// 36 - 63 are reserved for future element IDs. // 36 - 63 are reserved for future element IDs.
#define CERT_RENEWAL_PROP_ID 64 #define CERT_RENEWAL_PROP_ID 64
#define CERT_ARCHIVED_KEY_HASH_PROP_ID 65 #define CERT_ARCHIVED_KEY_HASH_PROP_ID 65 // Encrypted key hash
#define CERT_AUTO_ENROLL_RETRY_PROP_ID 66 #define CERT_AUTO_ENROLL_RETRY_PROP_ID 66 // AE_RETRY_INFO:cb+cRetry+FILETI
ME
#define CERT_AIA_URL_RETRIEVED_PROP_ID 67 #define CERT_AIA_URL_RETRIEVED_PROP_ID 67
// Note, 68 - 70 are reserved for future use. #define CERT_AUTHORITY_INFO_ACCESS_PROP_ID 68
#define CERT_REQUEST_ORIGINATOR_PROP_ID 71 #define CERT_BACKED_UP_PROP_ID 69 // VARIANT_BOOL+FILETIME
#define CERT_FIRST_RESERVED_PROP_ID 72 #define CERT_OCSP_RESPONSE_PROP_ID 70
#define CERT_REQUEST_ORIGINATOR_PROP_ID 71 // string:machine DNS name
#define CERT_SOURCE_LOCATION_PROP_ID 72 // string
#define CERT_SOURCE_URL_PROP_ID 73 // string
#define CERT_NEW_KEY_PROP_ID 74
#define CERT_OCSP_CACHE_PREFIX_PROP_ID 75 // string
#define CERT_SMART_CARD_ROOT_INFO_PROP_ID 76 // CRYPT_SMART_CARD_ROOT_INFO
#define CERT_NO_AUTO_EXPIRE_CHECK_PROP_ID 77
#define CERT_NCRYPT_KEY_HANDLE_PROP_ID 78
#define CERT_HCRYPTPROV_OR_NCRYPT_KEY_HANDLE_PROP_ID 79
#define CERT_SUBJECT_INFO_ACCESS_PROP_ID 80
#define CERT_CA_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 81
#define CERT_CA_DISABLE_CRL_PROP_ID 82
#define CERT_ROOT_PROGRAM_CERT_POLICIES_PROP_ID 83
#define CERT_ROOT_PROGRAM_NAME_CONSTRAINTS_PROP_ID 84
#define CERT_FIRST_RESERVED_PROP_ID 85
#define CERT_LAST_RESERVED_PROP_ID 0x00007FFF #define CERT_LAST_RESERVED_PROP_ID 0x00007FFF
#define CERT_FIRST_USER_PROP_ID 0x00008000 #define CERT_FIRST_USER_PROP_ID 0x00008000
#define CERT_LAST_USER_PROP_ID 0x0000FFFF #define CERT_LAST_USER_PROP_ID 0x0000FFFF
// certenrolld_end
#define IS_CERT_HASH_PROP_ID(X) (CERT_SHA1_HASH_PROP_ID == (X) || \ #define IS_CERT_HASH_PROP_ID(X) (CERT_SHA1_HASH_PROP_ID == (X) || \
CERT_MD5_HASH_PROP_ID == (X) || \ CERT_MD5_HASH_PROP_ID == (X) || \
CERT_SIGNATURE_HASH_PROP_ID == (X)) CERT_SIGNATURE_HASH_PROP_ID == (X))
#define IS_PUBKEY_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID = = (X) || \ #define IS_PUBKEY_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID = = (X) || \
CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID == (X)) CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID == (X))
#define IS_CHAIN_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || \ #define IS_CHAIN_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || \
CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || \ CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || \
CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ ID == (X) || \ CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ ID == (X) || \
CERT_SUBJECT_NAME_MD5_HASH_PROP_ID == (X )) CERT_SUBJECT_NAME_MD5_HASH_PROP_ID == (X ))
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Property OIDs // Property OIDs
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The OID component following the prefix contains the PROP_ID (decimal) // The OID component following the prefix contains the PROP_ID (decimal)
#define szOID_CERT_PROP_ID_PREFIX "1.3.6.1.4.1.311.10.11." #define szOID_CERT_PROP_ID_PREFIX "1.3.6.1.4.1.311.10.11."
#define _szPROP_ID(PropId) #PropId
// Ansi OID string from Property Id:
#define szOID_CERT_PROP_ID(PropId) szOID_CERT_PROP_ID_PREFIX _szPROP_ID(PropId)
// Unicode OID string from Property Id:
#define __CRYPT32WTEXT(quote) L##quote
#define _CRYPT32WTEXT(quote) __CRYPT32WTEXT(quote)
#define wszOID_CERT_PROP_ID(PropId) \
_CRYPT32WTEXT(szOID_CERT_PROP_ID_PREFIX) _CRYPT32WTEXT(_szPROP_ID(PropId
))
// Use szOID_CERT_PROP_ID(CERT_KEY_IDENTIFIER_PROP_ID) instead:
#define szOID_CERT_KEY_IDENTIFIER_PROP_ID "1.3.6.1.4.1.311.10.11.20" #define szOID_CERT_KEY_IDENTIFIER_PROP_ID "1.3.6.1.4.1.311.10.11.20"
// Use szOID_CERT_PROP_ID(CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID) instead:
#define szOID_CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID \ #define szOID_CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID \
"1.3.6.1.4.1.311.10.11.28" "1.3.6.1.4.1.311.10.11.28"
// Use szOID_CERT_PROP_ID(CERT_SUBJECT_NAME_MD5_HASH_PROP_ID) instead:
#define szOID_CERT_SUBJECT_NAME_MD5_HASH_PROP_ID \ #define szOID_CERT_SUBJECT_NAME_MD5_HASH_PROP_ID \
"1.3.6.1.4.1.311.10.11.29" "1.3.6.1.4.1.311.10.11.29"
// Use szOID_CERT_PROP_ID(CERT_MD5_HASH_PROP_ID) instead:
#define szOID_CERT_MD5_HASH_PROP_ID "1.3.6.1.4.1.311.10.11.4"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Access State flags returned by CERT_ACCESS_STATE_PROP_ID. Note, // Access State flags returned by CERT_ACCESS_STATE_PROP_ID. Note,
// CERT_ACCESS_PROP_ID is read only. // CERT_ACCESS_PROP_ID is read only.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Set if context property writes are persisted. For instance, not set for // Set if context property writes are persisted. For instance, not set for
// memory store contexts. Set for registry based stores opened as read or write. // memory store contexts. Set for registry based stores opened as read or write.
// Not set for registry based stores opened as read only. // Not set for registry based stores opened as read only.
#define CERT_ACCESS_STATE_WRITE_PERSIST_FLAG 0x1 #define CERT_ACCESS_STATE_WRITE_PERSIST_FLAG 0x1
// Set if context resides in a SYSTEM or SYSTEM_REGISTRY store. // Set if context resides in a SYSTEM or SYSTEM_REGISTRY store.
#define CERT_ACCESS_STATE_SYSTEM_STORE_FLAG 0x2 #define CERT_ACCESS_STATE_SYSTEM_STORE_FLAG 0x2
// Set if context resides in a LocalMachine SYSTEM or SYSTEM_REGISTRY store. // Set if context resides in a LocalMachine SYSTEM or SYSTEM_REGISTRY store.
#define CERT_ACCESS_STATE_LM_SYSTEM_STORE_FLAG 0x4 #define CERT_ACCESS_STATE_LM_SYSTEM_STORE_FLAG 0x4
// Set if context resides in a GroupPolicy SYSTEM or SYSTEM_REGISTRY store.
#define CERT_ACCESS_STATE_GP_SYSTEM_STORE_FLAG 0x8
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Cryptographic Key Provider Information // Cryptographic Key Provider Information
// //
// CRYPT_KEY_PROV_INFO defines the CERT_KEY_PROV_INFO_PROP_ID's pvData. // CRYPT_KEY_PROV_INFO defines the CERT_KEY_PROV_INFO_PROP_ID's pvData.
// //
// The CRYPT_KEY_PROV_INFO fields are passed to CryptAcquireContext // The CRYPT_KEY_PROV_INFO fields are passed to CryptAcquireContext
// to get a HCRYPTPROV handle. The optional CRYPT_KEY_PROV_PARAM fields are // to get a HCRYPTPROV handle. The optional CRYPT_KEY_PROV_PARAM fields are
// passed to CryptSetProvParam to further initialize the provider. // passed to CryptSetProvParam to further initialize the provider.
// //
// The dwKeySpec field identifies the private key to use from the container // The dwKeySpec field identifies the private key to use from the container
skipping to change at line 7129 skipping to change at line 8801
// The following flag should be set in the above dwFlags to enable // The following flag should be set in the above dwFlags to enable
// a CertSetCertificateContextProperty(CERT_KEY_CONTEXT_PROP_ID) after a // a CertSetCertificateContextProperty(CERT_KEY_CONTEXT_PROP_ID) after a
// CryptAcquireContext is done in the Sign or Decrypt Message functions. // CryptAcquireContext is done in the Sign or Decrypt Message functions.
// //
// The following define must not collide with any of the // The following define must not collide with any of the
// CryptAcquireContext dwFlag defines. // CryptAcquireContext dwFlag defines.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_SET_KEY_PROV_HANDLE_PROP_ID 0x00000001 #define CERT_SET_KEY_PROV_HANDLE_PROP_ID 0x00000001
#define CERT_SET_KEY_CONTEXT_PROP_ID 0x00000001 #define CERT_SET_KEY_CONTEXT_PROP_ID 0x00000001
// Special dwKeySpec indicating a CNG NCRYPT_KEY_HANDLE instead of a CAPI1
// HCRYPTPROV
#define CERT_NCRYPT_KEY_SPEC 0xFFFFFFFF
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Key Context // Certificate Key Context
// //
// CERT_KEY_CONTEXT defines the CERT_KEY_CONTEXT_PROP_ID's pvData. // CERT_KEY_CONTEXT defines the CERT_KEY_CONTEXT_PROP_ID's pvData.
//
// dwKeySpec is set to the special CERT_NCRYPT_KEY_SPEC to select the
// hNCryptKey choice.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_KEY_CONTEXT { typedef struct _CERT_KEY_CONTEXT {
DWORD cbSize; // sizeof(CERT_KEY_CONTEXT) DWORD cbSize; // sizeof(CERT_KEY_CONTEXT)
HCRYPTPROV hCryptProv; union {
HCRYPTPROV hCryptProv;
// dwKeySpec == CERT_NCRYPT_KEY_SPEC
NCRYPT_KEY_HANDLE hNCryptKey;
};
DWORD dwKeySpec; DWORD dwKeySpec;
} CERT_KEY_CONTEXT, *PCERT_KEY_CONTEXT; } CERT_KEY_CONTEXT, *PCERT_KEY_CONTEXT;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Cryptographic Smart Card Root Information
//
// CRYPT_SMART_CARD_ROOT_INFO defines the
// CERT_SMART_CARD_ROOT_INFO_PROP_ID's pvData.
//--------------------------------------------------------------------------
typedef struct _ROOT_INFO_LUID {
DWORD LowPart;
LONG HighPart;
} ROOT_INFO_LUID, *PROOT_INFO_LUID;
typedef struct _CRYPT_SMART_CARD_ROOT_INFO {
BYTE rgbCardID [16];
ROOT_INFO_LUID luid;
} CRYPT_SMART_CARD_ROOT_INFO, *PCRYPT_SMART_CARD_ROOT_INFO;
//+-------------------------------------------------------------------------
// Certificate Store Provider Types // Certificate Store Provider Types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_STORE_PROV_MSG ((LPCSTR) 1) #define CERT_STORE_PROV_MSG ((LPCSTR) 1)
#define CERT_STORE_PROV_MEMORY ((LPCSTR) 2) #define CERT_STORE_PROV_MEMORY ((LPCSTR) 2)
#define CERT_STORE_PROV_FILE ((LPCSTR) 3) #define CERT_STORE_PROV_FILE ((LPCSTR) 3)
#define CERT_STORE_PROV_REG ((LPCSTR) 4) #define CERT_STORE_PROV_REG ((LPCSTR) 4)
#define CERT_STORE_PROV_PKCS7 ((LPCSTR) 5) #define CERT_STORE_PROV_PKCS7 ((LPCSTR) 5)
#define CERT_STORE_PROV_SERIALIZED ((LPCSTR) 6) #define CERT_STORE_PROV_SERIALIZED ((LPCSTR) 6)
#define CERT_STORE_PROV_FILENAME_A ((LPCSTR) 7) #define CERT_STORE_PROV_FILENAME_A ((LPCSTR) 7)
skipping to change at line 7163 skipping to change at line 8863
#define CERT_STORE_PROV_SYSTEM_A ((LPCSTR) 9) #define CERT_STORE_PROV_SYSTEM_A ((LPCSTR) 9)
#define CERT_STORE_PROV_SYSTEM_W ((LPCSTR) 10) #define CERT_STORE_PROV_SYSTEM_W ((LPCSTR) 10)
#define CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_W #define CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_W
#define CERT_STORE_PROV_COLLECTION ((LPCSTR) 11) #define CERT_STORE_PROV_COLLECTION ((LPCSTR) 11)
#define CERT_STORE_PROV_SYSTEM_REGISTRY_A ((LPCSTR) 12) #define CERT_STORE_PROV_SYSTEM_REGISTRY_A ((LPCSTR) 12)
#define CERT_STORE_PROV_SYSTEM_REGISTRY_W ((LPCSTR) 13) #define CERT_STORE_PROV_SYSTEM_REGISTRY_W ((LPCSTR) 13)
#define CERT_STORE_PROV_SYSTEM_REGISTRY CERT_STORE_PROV_SYSTEM_REGISTRY_W #define CERT_STORE_PROV_SYSTEM_REGISTRY CERT_STORE_PROV_SYSTEM_REGISTRY_W
#define CERT_STORE_PROV_PHYSICAL_W ((LPCSTR) 14) #define CERT_STORE_PROV_PHYSICAL_W ((LPCSTR) 14)
#define CERT_STORE_PROV_PHYSICAL CERT_STORE_PROV_PHYSICAL_W #define CERT_STORE_PROV_PHYSICAL CERT_STORE_PROV_PHYSICAL_W
// SmartCard Store Provider isn't supported
#define CERT_STORE_PROV_SMART_CARD_W ((LPCSTR) 15) #define CERT_STORE_PROV_SMART_CARD_W ((LPCSTR) 15)
#define CERT_STORE_PROV_SMART_CARD CERT_STORE_PROV_SMART_CARD_W #define CERT_STORE_PROV_SMART_CARD CERT_STORE_PROV_SMART_CARD_W
#define CERT_STORE_PROV_LDAP_W ((LPCSTR) 16) #define CERT_STORE_PROV_LDAP_W ((LPCSTR) 16)
#define CERT_STORE_PROV_LDAP CERT_STORE_PROV_LDAP_W #define CERT_STORE_PROV_LDAP CERT_STORE_PROV_LDAP_W
#define CERT_STORE_PROV_PKCS12 ((LPCSTR) 17)
#define sz_CERT_STORE_PROV_MEMORY "Memory" #define sz_CERT_STORE_PROV_MEMORY "Memory"
#define sz_CERT_STORE_PROV_FILENAME_W "File" #define sz_CERT_STORE_PROV_FILENAME_W "File"
#define sz_CERT_STORE_PROV_FILENAME sz_CERT_STORE_PROV_FILENAME_W #define sz_CERT_STORE_PROV_FILENAME sz_CERT_STORE_PROV_FILENAME_W
#define sz_CERT_STORE_PROV_SYSTEM_W "System" #define sz_CERT_STORE_PROV_SYSTEM_W "System"
#define sz_CERT_STORE_PROV_SYSTEM sz_CERT_STORE_PROV_SYSTEM_W #define sz_CERT_STORE_PROV_SYSTEM sz_CERT_STORE_PROV_SYSTEM_W
#define sz_CERT_STORE_PROV_PKCS7 "PKCS7" #define sz_CERT_STORE_PROV_PKCS7 "PKCS7"
#define sz_CERT_STORE_PROV_PKCS12 "PKCS12"
#define sz_CERT_STORE_PROV_SERIALIZED "Serialized" #define sz_CERT_STORE_PROV_SERIALIZED "Serialized"
#define sz_CERT_STORE_PROV_COLLECTION "Collection" #define sz_CERT_STORE_PROV_COLLECTION "Collection"
#define sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W "SystemRegistry" #define sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W "SystemRegistry"
#define sz_CERT_STORE_PROV_SYSTEM_REGISTRY sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W #define sz_CERT_STORE_PROV_SYSTEM_REGISTRY sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W
#define sz_CERT_STORE_PROV_PHYSICAL_W "Physical" #define sz_CERT_STORE_PROV_PHYSICAL_W "Physical"
#define sz_CERT_STORE_PROV_PHYSICAL sz_CERT_STORE_PROV_PHYSICAL_W #define sz_CERT_STORE_PROV_PHYSICAL sz_CERT_STORE_PROV_PHYSICAL_W
// SmartCard Store Provider isn't supported
#define sz_CERT_STORE_PROV_SMART_CARD_W "SmartCard" #define sz_CERT_STORE_PROV_SMART_CARD_W "SmartCard"
#define sz_CERT_STORE_PROV_SMART_CARD sz_CERT_STORE_PROV_SMART_CARD_W #define sz_CERT_STORE_PROV_SMART_CARD sz_CERT_STORE_PROV_SMART_CARD_W
#define sz_CERT_STORE_PROV_LDAP_W "Ldap" #define sz_CERT_STORE_PROV_LDAP_W "Ldap"
#define sz_CERT_STORE_PROV_LDAP sz_CERT_STORE_PROV_LDAP_W #define sz_CERT_STORE_PROV_LDAP sz_CERT_STORE_PROV_LDAP_W
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Store verify/results flags // Certificate Store verify/results flags
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_STORE_SIGNATURE_FLAG 0x00000001 #define CERT_STORE_SIGNATURE_FLAG 0x00000001
#define CERT_STORE_TIME_VALIDITY_FLAG 0x00000002 #define CERT_STORE_TIME_VALIDITY_FLAG 0x00000002
#define CERT_STORE_REVOCATION_FLAG 0x00000004 #define CERT_STORE_REVOCATION_FLAG 0x00000004
#define CERT_STORE_NO_CRL_FLAG 0x00010000 #define CERT_STORE_NO_CRL_FLAG 0x00010000
skipping to change at line 7312 skipping to change at line 9020
#define CERT_EFSBLOB_REGPATH \ #define CERT_EFSBLOB_REGPATH \
CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\EFS" CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\EFS"
#define CERT_EFSBLOB_VALUE_NAME L"EFSBlob" #define CERT_EFSBLOB_VALUE_NAME L"EFSBlob"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Protected Root Defines // Protected Root Defines
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Registry path to the Protected Roots Flags SubKey // Registry path to the Protected Roots Flags SubKey
#define CERT_PROT_ROOT_FLAGS_REGPATH \ #define CERT_PROT_ROOT_FLAGS_REGPATH \
CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\Root\\ProtectedRoots" CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\Root\\ProtectedRoots"
// The following is a REG_DWORD. The bit definitions follow.
#define CERT_PROT_ROOT_FLAGS_VALUE_NAME L"Flags" #define CERT_PROT_ROOT_FLAGS_VALUE_NAME L"Flags"
// Set the following flag to inhibit the opening of the CurrentUser's // Set the following flag to inhibit the opening of the CurrentUser's
// .Default physical store when opening the CurrentUser's "Root" system store. // .Default physical store when opening the CurrentUser's "Root" system store.
// The .Default physical store open's the CurrentUser SystemRegistry "Root" // The .Default physical store open's the CurrentUser SystemRegistry "Root"
// store. // store.
#define CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG 0x1 #define CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG 0x1
// Set the following flag to inhibit the adding of roots from the // Set the following flag to inhibit the adding of roots from the
// CurrentUser SystemRegistry "Root" store to the protected root list // CurrentUser SystemRegistry "Root" store to the protected root list
skipping to change at line 7356 skipping to change at line 9066
// When set, CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_NT_AUTH) // When set, CertVerifyCertificateChainPolicy(CERT_CHAIN_POLICY_NT_AUTH)
// will check that the chain has a valid name constraint for all name // will check that the chain has a valid name constraint for all name
// spaces, including UPN if the issuing CA isn't in the "NTAuth" store. // spaces, including UPN if the issuing CA isn't in the "NTAuth" store.
#define CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG 0x10 #define CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG 0x10
// Set the following flag to disable checking for not defined name // Set the following flag to disable checking for not defined name
// constraints. // constraints.
// //
// When set, CertGetCertificateChain won't check for or set the following // When set, CertGetCertificateChain won't check for or set the following
// dwErrorStatus: CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT. // dwErrorStatus: CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT.
//
// In LH, checking for not defined name constraints is always disabled.
#define CERT_PROT_ROOT_DISABLE_NOT_DEFINED_NAME_CONSTRAINT_FLAG 0x20 #define CERT_PROT_ROOT_DISABLE_NOT_DEFINED_NAME_CONSTRAINT_FLAG 0x20
// Set the following flag to disallow the users to trust peer-trust
#define CERT_PROT_ROOT_DISABLE_PEER_TRUST 0x10000
// The following is a REG_MULTI_SZ containing the list of user allowed
// Enhanced Key Usages for peer trust.
#define CERT_PROT_ROOT_PEER_USAGES_VALUE_NAME L"PeerUsages"
#define CERT_PROT_ROOT_PEER_USAGES_VALUE_NAME_A "PeerUsages"
// If the above REG_MULTI_SZ isn't defined or is empty, defaults to
// the following multi-string value
#define CERT_PROT_ROOT_PEER_USAGES_DEFAULT_A \
szOID_PKIX_KP_CLIENT_AUTH "\0" \
szOID_PKIX_KP_EMAIL_PROTECTION "\0" \
szOID_KP_EFS "\0"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Trusted Publisher Definitions // Trusted Publisher Definitions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Registry path to the trusted publisher "Safer" group policy subkey // Registry path to the trusted publisher "Safer" group policy subkey
#define CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH \ #define CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH \
CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\TrustedPublisher\\Safer" CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\TrustedPublisher\\Safer"
// Registry path to the Local Machine system stores // Registry path to the Local Machine system stores
#define CERT_LOCAL_MACHINE_SYSTEM_STORE_REGPATH \ #define CERT_LOCAL_MACHINE_SYSTEM_STORE_REGPATH \
L"Software\\Microsoft\\SystemCertificates" L"Software\\Microsoft\\SystemCertificates"
skipping to change at line 7408 skipping to change at line 9135
// Set the following flag to enable revocation checking of the publisher // Set the following flag to enable revocation checking of the publisher
// chain. // chain.
#define CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG 0x00000100 #define CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG 0x00000100
// Set the following flag to enable revocation checking of the time stamp // Set the following flag to enable revocation checking of the time stamp
// chain. // chain.
#define CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG 0x00000200 #define CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG 0x00000200
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// OCM Subcomponents Definitions // OCM Subcomponents Definitions
//
// Reading of the following registry key has been deprecated on Longhorn.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Registry path to the OCM Subcomponents local machine subkey // Registry path to the OCM Subcomponents local machine subkey
#define CERT_OCM_SUBCOMPONENTS_LOCAL_MACHINE_REGPATH \ #define CERT_OCM_SUBCOMPONENTS_LOCAL_MACHINE_REGPATH \
L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OC Manager\\Subcompon ents" L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OC Manager\\Subcompon ents"
// REG_DWORD, 1 is installed, 0 is NOT installed // REG_DWORD, 1 is installed, 0 is NOT installed
#define CERT_OCM_SUBCOMPONENTS_ROOT_AUTO_UPDATE_VALUE_NAME L"RootAutoUpdate" #define CERT_OCM_SUBCOMPONENTS_ROOT_AUTO_UPDATE_VALUE_NAME L"RootAutoUpdate"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// DisableRootAutoUpdate Defines
//--------------------------------------------------------------------------
// Registry path to the DisableRootAutoUpdate SubKey
#define CERT_DISABLE_ROOT_AUTO_UPDATE_REGPATH \
CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\AuthRoot"
// REG_DWORD Value Name, 1 - disables, 0 - enables
#define CERT_DISABLE_ROOT_AUTO_UPDATE_VALUE_NAME L"DisableRootAutoUpdate"
//+-------------------------------------------------------------------------
// AuthRoot Auto Update Definitions // AuthRoot Auto Update Definitions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Registry path to the AuthRoot "Auto Update" local machine subkey // Registry path to the AuthRoot "Auto Update" local machine subkey
#define CERT_AUTH_ROOT_AUTO_UPDATE_LOCAL_MACHINE_REGPATH \ #define CERT_AUTH_ROOT_AUTO_UPDATE_LOCAL_MACHINE_REGPATH \
CERT_LOCAL_MACHINE_SYSTEM_STORE_REGPATH L"\\AuthRoot\\AutoUpdate" CERT_LOCAL_MACHINE_SYSTEM_STORE_REGPATH L"\\AuthRoot\\AutoUpdate"
// AuthRoot Auto Update subkey value names. // AuthRoot Auto Update subkey value names.
// REG_SZ, URL to the directory containing the AuthRoots, CTL and Seq files // REG_SZ, URL to the directory containing the AuthRoots, CTL and Seq files
skipping to change at line 7933 skipping to change at line 9672
// CERT_STORE_PROV_LDAP // CERT_STORE_PROV_LDAP
// sz_CERT_STORE_PROV_LDAP_W // sz_CERT_STORE_PROV_LDAP_W
// sz_CERT_STORE_PROV_LDAP // sz_CERT_STORE_PROV_LDAP
// Opens a store over the results of the query specified by and LDAP // Opens a store over the results of the query specified by and LDAP
// URL which is passed in via pvPara. In order to do writes to the // URL which is passed in via pvPara. In order to do writes to the
// store the URL must specify a BASE query, no filter and a single // store the URL must specify a BASE query, no filter and a single
// attribute. // attribute.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__checkReturn
HCERTSTORE HCERTSTORE
WINAPI WINAPI
CertOpenStore( CertOpenStore(
IN LPCSTR lpszStoreProvider, __in LPCSTR lpszStoreProvider,
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
IN DWORD dwFlags, __in DWORD dwFlags,
IN const void *pvPara __in_opt const void *pvPara
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// OID Installable Certificate Store Provider Data Structures // OID Installable Certificate Store Provider Data Structures
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Handle returned by the store provider when opened. // Handle returned by the store provider when opened.
typedef void *HCERTSTOREPROV; typedef void *HCERTSTOREPROV;
// Store Provider OID function's pszFuncName. // Store Provider OID function's pszFuncName.
skipping to change at line 7976 skipping to change at line 9716
} CERT_STORE_PROV_INFO, *PCERT_STORE_PROV_INFO; } CERT_STORE_PROV_INFO, *PCERT_STORE_PROV_INFO;
// Definition of the store provider's open function. // Definition of the store provider's open function.
// //
// *pStoreProvInfo has been zeroed before the call. // *pStoreProvInfo has been zeroed before the call.
// //
// Note, pStoreProvInfo->cStoreProvFunc should be set last. Once set, // Note, pStoreProvInfo->cStoreProvFunc should be set last. Once set,
// all subsequent store calls, such as CertAddSerializedElementToStore will // all subsequent store calls, such as CertAddSerializedElementToStore will
// call the appropriate provider callback function. // call the appropriate provider callback function.
typedef BOOL (WINAPI *PFN_CERT_DLL_OPEN_STORE_PROV_FUNC)( typedef BOOL (WINAPI *PFN_CERT_DLL_OPEN_STORE_PROV_FUNC)(
IN LPCSTR lpszStoreProvider, __in LPCSTR lpszStoreProvider,
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
IN DWORD dwFlags, __in DWORD dwFlags,
IN const void *pvPara, __in_opt const void *pvPara,
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN OUT PCERT_STORE_PROV_INFO pStoreProvInfo __inout PCERT_STORE_PROV_INFO pStoreProvInfo
); );
// The open callback sets the following flag, if it maintains its // The open callback sets the following flag, if it maintains its
// contexts externally and not in the cached store. // contexts externally and not in the cached store.
#define CERT_STORE_PROV_EXTERNAL_FLAG 0x1 #define CERT_STORE_PROV_EXTERNAL_FLAG 0x1
// The open callback sets the following flag for a successful delete. // The open callback sets the following flag for a successful delete.
// When set, the close callback isn't called. // When set, the close callback isn't called.
#define CERT_STORE_PROV_DELETED_FLAG 0x2 #define CERT_STORE_PROV_DELETED_FLAG 0x2
skipping to change at line 8005 skipping to change at line 9745
#define CERT_STORE_PROV_NO_PERSIST_FLAG 0x4 #define CERT_STORE_PROV_NO_PERSIST_FLAG 0x4
// The open callback sets the following flag if the contexts are persisted // The open callback sets the following flag if the contexts are persisted
// to a system store. // to a system store.
#define CERT_STORE_PROV_SYSTEM_STORE_FLAG 0x8 #define CERT_STORE_PROV_SYSTEM_STORE_FLAG 0x8
// The open callback sets the following flag if the contexts are persisted // The open callback sets the following flag if the contexts are persisted
// to a LocalMachine system store. // to a LocalMachine system store.
#define CERT_STORE_PROV_LM_SYSTEM_STORE_FLAG 0x10 #define CERT_STORE_PROV_LM_SYSTEM_STORE_FLAG 0x10
// The open callback sets the following flag if the contexts are persisted
// to a GroupPolicy system store.
#define CERT_STORE_PROV_GP_SYSTEM_STORE_FLAG 0x20
// Indices into the store provider's array of callback functions. // Indices into the store provider's array of callback functions.
// //
// The provider can implement any subset of the following functions. It // The provider can implement any subset of the following functions. It
// sets pStoreProvInfo->cStoreProvFunc to the last index + 1 and any // sets pStoreProvInfo->cStoreProvFunc to the last index + 1 and any
// preceding not implemented functions to NULL. // preceding not implemented functions to NULL.
#define CERT_STORE_PROV_CLOSE_FUNC 0 #define CERT_STORE_PROV_CLOSE_FUNC 0
#define CERT_STORE_PROV_READ_CERT_FUNC 1 #define CERT_STORE_PROV_READ_CERT_FUNC 1
#define CERT_STORE_PROV_WRITE_CERT_FUNC 2 #define CERT_STORE_PROV_WRITE_CERT_FUNC 2
#define CERT_STORE_PROV_DELETE_CERT_FUNC 3 #define CERT_STORE_PROV_DELETE_CERT_FUNC 3
#define CERT_STORE_PROV_SET_CERT_PROPERTY_FUNC 4 #define CERT_STORE_PROV_SET_CERT_PROPERTY_FUNC 4
skipping to change at line 8037 skipping to change at line 9781
#define CERT_STORE_PROV_FIND_CRL_FUNC 17 #define CERT_STORE_PROV_FIND_CRL_FUNC 17
#define CERT_STORE_PROV_FREE_FIND_CRL_FUNC 18 #define CERT_STORE_PROV_FREE_FIND_CRL_FUNC 18
#define CERT_STORE_PROV_GET_CRL_PROPERTY_FUNC 19 #define CERT_STORE_PROV_GET_CRL_PROPERTY_FUNC 19
#define CERT_STORE_PROV_FIND_CTL_FUNC 20 #define CERT_STORE_PROV_FIND_CTL_FUNC 20
#define CERT_STORE_PROV_FREE_FIND_CTL_FUNC 21 #define CERT_STORE_PROV_FREE_FIND_CTL_FUNC 21
#define CERT_STORE_PROV_GET_CTL_PROPERTY_FUNC 22 #define CERT_STORE_PROV_GET_CTL_PROPERTY_FUNC 22
// Called by CertCloseStore when the store's reference count is // Called by CertCloseStore when the store's reference count is
// decremented to 0. // decremented to 0.
typedef void (WINAPI *PFN_CERT_STORE_PROV_CLOSE)( typedef void (WINAPI *PFN_CERT_STORE_PROV_CLOSE)(
IN HCERTSTOREPROV hStoreProv, __inout_opt HCERTSTOREPROV hStoreProv,
IN DWORD dwFlags __in DWORD dwFlags
); );
// Currently not called directly by the store APIs. However, may be exported // Currently not called directly by the store APIs. However, may be exported
// to support other providers based on it. // to support other providers based on it.
// //
// Reads the provider's copy of the certificate context. If it exists, // Reads the provider's copy of the certificate context. If it exists,
// creates a new certificate context. // creates a new certificate context.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CERT)( typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CERT)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCERT_CONTEXT pStoreCertContext, __in PCCERT_CONTEXT pStoreCertContext,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT PCCERT_CONTEXT *ppProvCertContext __deref_out PCCERT_CONTEXT *ppProvCertContext
); );
#define CERT_STORE_PROV_WRITE_ADD_FLAG 0x1 #define CERT_STORE_PROV_WRITE_ADD_FLAG 0x1
// Called by CertAddEncodedCertificateToStore, // Called by CertAddEncodedCertificateToStore,
// CertAddCertificateContextToStore or CertAddSerializedElementToStore before // CertAddCertificateContextToStore or CertAddSerializedElementToStore before
// adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In // adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In
// addition to the encoded certificate, the added pCertContext might also // addition to the encoded certificate, the added pCertContext might also
// have properties. // have properties.
// //
// Returns TRUE if its OK to update the the store. // Returns TRUE if its OK to update the the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CERT)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CERT)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwFlags __in DWORD dwFlags
); );
// Called by CertDeleteCertificateFromStore before deleting from the // Called by CertDeleteCertificateFromStore before deleting from the
// store. // store.
// //
// Returns TRUE if its OK to delete from the store. // Returns TRUE if its OK to delete from the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CERT)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CERT)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwFlags __in DWORD dwFlags
); );
// Called by CertSetCertificateContextProperty before setting the // Called by CertSetCertificateContextProperty before setting the
// certificate's property. Also called by CertGetCertificateContextProperty, // certificate's property. Also called by CertGetCertificateContextProperty,
// when getting a hash property that needs to be created and then persisted // when getting a hash property that needs to be created and then persisted
// via the set. // via the set.
// //
// Upon input, the property hasn't been set for the pCertContext parameter. // Upon input, the property hasn't been set for the pCertContext parameter.
// //
// Returns TRUE if its OK to set the property. // Returns TRUE if its OK to set the property.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CERT_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CERT_PROPERTY)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN const void *pvData __in_opt const void *pvData
); );
// Currently not called directly by the store APIs. However, may be exported // Currently not called directly by the store APIs. However, may be exported
// to support other providers based on it. // to support other providers based on it.
// //
// Reads the provider's copy of the CRL context. If it exists, // Reads the provider's copy of the CRL context. If it exists,
// creates a new CRL context. // creates a new CRL context.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CRL)( typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CRL)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCRL_CONTEXT pStoreCrlContext, __in PCCRL_CONTEXT pStoreCrlContext,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT PCCRL_CONTEXT *ppProvCrlContext __deref_out PCCRL_CONTEXT *ppProvCrlContext
); );
// Called by CertAddEncodedCRLToStore, // Called by CertAddEncodedCRLToStore,
// CertAddCRLContextToStore or CertAddSerializedElementToStore before // CertAddCRLContextToStore or CertAddSerializedElementToStore before
// adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In // adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In
// addition to the encoded CRL, the added pCertContext might also // addition to the encoded CRL, the added pCertContext might also
// have properties. // have properties.
// //
// Returns TRUE if its OK to update the the store. // Returns TRUE if its OK to update the the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CRL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CRL)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwFlags __in DWORD dwFlags
); );
// Called by CertDeleteCRLFromStore before deleting from the store. // Called by CertDeleteCRLFromStore before deleting from the store.
// //
// Returns TRUE if its OK to delete from the store. // Returns TRUE if its OK to delete from the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CRL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CRL)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwFlags __in DWORD dwFlags
); );
// Called by CertSetCRLContextProperty before setting the // Called by CertSetCRLContextProperty before setting the
// CRL's property. Also called by CertGetCRLContextProperty, // CRL's property. Also called by CertGetCRLContextProperty,
// when getting a hash property that needs to be created and then persisted // when getting a hash property that needs to be created and then persisted
// via the set. // via the set.
// //
// Upon input, the property hasn't been set for the pCrlContext parameter. // Upon input, the property hasn't been set for the pCrlContext parameter.
// //
// Returns TRUE if its OK to set the property. // Returns TRUE if its OK to set the property.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CRL_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CRL_PROPERTY)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN const void *pvData __in_opt const void *pvData
); );
// Currently not called directly by the store APIs. However, may be exported // Currently not called directly by the store APIs. However, may be exported
// to support other providers based on it. // to support other providers based on it.
// //
// Reads the provider's copy of the CTL context. If it exists, // Reads the provider's copy of the CTL context. If it exists,
// creates a new CTL context. // creates a new CTL context.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CTL)( typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CTL)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCTL_CONTEXT pStoreCtlContext, __in PCCTL_CONTEXT pStoreCtlContext,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT PCCTL_CONTEXT *ppProvCtlContext __deref_out PCCTL_CONTEXT *ppProvCtlContext
); );
// Called by CertAddEncodedCTLToStore, // Called by CertAddEncodedCTLToStore,
// CertAddCTLContextToStore or CertAddSerializedElementToStore before // CertAddCTLContextToStore or CertAddSerializedElementToStore before
// adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In // adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In
// addition to the encoded CTL, the added pCertContext might also // addition to the encoded CTL, the added pCertContext might also
// have properties. // have properties.
// //
// Returns TRUE if its OK to update the the store. // Returns TRUE if its OK to update the the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CTL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CTL)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwFlags __in DWORD dwFlags
); );
// Called by CertDeleteCTLFromStore before deleting from the store. // Called by CertDeleteCTLFromStore before deleting from the store.
// //
// Returns TRUE if its OK to delete from the store. // Returns TRUE if its OK to delete from the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CTL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CTL)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwFlags __in DWORD dwFlags
); );
// Called by CertSetCTLContextProperty before setting the // Called by CertSetCTLContextProperty before setting the
// CTL's property. Also called by CertGetCTLContextProperty, // CTL's property. Also called by CertGetCTLContextProperty,
// when getting a hash property that needs to be created and then persisted // when getting a hash property that needs to be created and then persisted
// via the set. // via the set.
// //
// Upon input, the property hasn't been set for the pCtlContext parameter. // Upon input, the property hasn't been set for the pCtlContext parameter.
// //
// Returns TRUE if its OK to set the property. // Returns TRUE if its OK to set the property.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CTL_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CTL_PROPERTY)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN const void *pvData __in_opt const void *pvData
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_CONTROL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_CONTROL)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN DWORD dwFlags, __in DWORD dwFlags,
IN DWORD dwCtrlType, __in DWORD dwCtrlType,
IN void const *pvCtrlPara __in_opt void const *pvCtrlPara
); );
typedef struct _CERT_STORE_PROV_FIND_INFO { typedef struct _CERT_STORE_PROV_FIND_INFO {
DWORD cbSize; DWORD cbSize;
DWORD dwMsgAndCertEncodingType; DWORD dwMsgAndCertEncodingType;
DWORD dwFindFlags; DWORD dwFindFlags;
DWORD dwFindType; DWORD dwFindType;
const void *pvFindPara; const void *pvFindPara;
} CERT_STORE_PROV_FIND_INFO, *PCERT_STORE_PROV_FIND_INFO; } CERT_STORE_PROV_FIND_INFO, *PCERT_STORE_PROV_FIND_INFO;
typedef const CERT_STORE_PROV_FIND_INFO CCERT_STORE_PROV_FIND_INFO, typedef const CERT_STORE_PROV_FIND_INFO CCERT_STORE_PROV_FIND_INFO,
*PCCERT_STORE_PROV_FIND_INFO; *PCCERT_STORE_PROV_FIND_INFO;
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CERT)( typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CERT)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCERT_STORE_PROV_FIND_INFO pFindInfo, __in PCCERT_STORE_PROV_FIND_INFO pFindInfo,
IN PCCERT_CONTEXT pPrevCertContext, __in PCCERT_CONTEXT pPrevCertContext,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OUT void **ppvStoreProvFindInfo, __deref_inout void **ppvStoreProvFindInfo,
OUT PCCERT_CONTEXT *ppProvCertContext __deref_out PCCERT_CONTEXT *ppProvCertContext
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CERT)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CERT)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN void *pvStoreProvFindInfo, __in void *pvStoreProvFindInfo,
IN DWORD dwFlags __in DWORD dwFlags
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CERT_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CERT_PROPERTY)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT void *pvData, __out_bcount_part_opt(*pcbData, *pcbData) void *pvData,
IN OUT DWORD *pcbData __inout DWORD *pcbData
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CRL)( typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CRL)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCERT_STORE_PROV_FIND_INFO pFindInfo, __in PCCERT_STORE_PROV_FIND_INFO pFindInfo,
IN PCCRL_CONTEXT pPrevCrlContext, __in PCCRL_CONTEXT pPrevCrlContext,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OUT void **ppvStoreProvFindInfo, __deref_inout void **ppvStoreProvFindInfo,
OUT PCCRL_CONTEXT *ppProvCrlContext __deref_out PCCRL_CONTEXT *ppProvCrlContext
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CRL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CRL)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN void *pvStoreProvFindInfo, __in void *pvStoreProvFindInfo,
IN DWORD dwFlags __in DWORD dwFlags
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CRL_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CRL_PROPERTY)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT void *pvData, __out_bcount_part_opt(*pcbData, *pcbData) void *pvData,
IN OUT DWORD *pcbData __inout DWORD *pcbData
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CTL)( typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CTL)(
IN HCERTSTOREPROV hStoreProv, __in HCERTSTOREPROV hStoreProv,
IN PCCERT_STORE_PROV_FIND_INFO pFindInfo, __in PCCERT_STORE_PROV_FIND_INFO pFindInfo,
IN PCCTL_CONTEXT pPrevCtlContext, __in PCCTL_CONTEXT pPrevCtlContext,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OUT void **ppvStoreProvFindInfo, __deref_inout void **ppvStoreProvFindInfo,
OUT PCCTL_CONTEXT *ppProvCtlContext __deref_out PCCTL_CONTEXT *ppProvCtlContext
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CTL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CTL)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN void *pvStoreProvFindInfo, __in void *pvStoreProvFindInfo,
IN DWORD dwFlags __in DWORD dwFlags
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CTL_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CTL_PROPERTY)(
IN HCERTSTOREPROV hStoreProv, __inout HCERTSTOREPROV hStoreProv,
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT void *pvData, __out_bcount_part_opt(*pcbData, *pcbData) void *pvData,
IN OUT DWORD *pcbData __inout DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Duplicate a cert store handle // Duplicate a cert store handle
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCERTSTORE HCERTSTORE
WINAPI WINAPI
CertDuplicateStore( CertDuplicateStore(
IN HCERTSTORE hCertStore __in HCERTSTORE hCertStore
); );
#define CERT_STORE_SAVE_AS_STORE 1 #define CERT_STORE_SAVE_AS_STORE 1
#define CERT_STORE_SAVE_AS_PKCS7 2 #define CERT_STORE_SAVE_AS_PKCS7 2
#define CERT_STORE_SAVE_AS_PKCS12 3
#define CERT_STORE_SAVE_TO_FILE 1 #define CERT_STORE_SAVE_TO_FILE 1
#define CERT_STORE_SAVE_TO_MEMORY 2 #define CERT_STORE_SAVE_TO_MEMORY 2
#define CERT_STORE_SAVE_TO_FILENAME_A 3 #define CERT_STORE_SAVE_TO_FILENAME_A 3
#define CERT_STORE_SAVE_TO_FILENAME_W 4 #define CERT_STORE_SAVE_TO_FILENAME_W 4
#define CERT_STORE_SAVE_TO_FILENAME CERT_STORE_SAVE_TO_FILENAME_W #define CERT_STORE_SAVE_TO_FILENAME CERT_STORE_SAVE_TO_FILENAME_W
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Save the cert store. Extended version with lots of options. // Save the cert store. Extended version with lots of options.
// //
skipping to change at line 8361 skipping to change at line 10106
// For "_A": given, // For "_A": given,
// LPCSTR pszFilename; pvSaveToPara = (void *) pszFilename; // LPCSTR pszFilename; pvSaveToPara = (void *) pszFilename;
// //
// Note, the default (without "_A" or "_W") is UNICODE. // Note, the default (without "_A" or "_W") is UNICODE.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSaveStore( CertSaveStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN DWORD dwSaveAs, __in DWORD dwSaveAs,
IN DWORD dwSaveTo, __in DWORD dwSaveTo,
IN OUT void *pvSaveToPara, __inout void *pvSaveToPara,
IN DWORD dwFlags __in DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Store close flags // Certificate Store close flags
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_CLOSE_STORE_FORCE_FLAG 0x00000001 #define CERT_CLOSE_STORE_FORCE_FLAG 0x00000001
#define CERT_CLOSE_STORE_CHECK_FLAG 0x00000002 #define CERT_CLOSE_STORE_CHECK_FLAG 0x00000002
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Close a cert store handle. // Close a cert store handle.
skipping to change at line 8403 skipping to change at line 10148
// returned with LastError set to CRYPT_E_PENDING_CLOSE. Note, for FALSE, // returned with LastError set to CRYPT_E_PENDING_CLOSE. Note, for FALSE,
// the store is still closed. This is a diagnostic flag. // the store is still closed. This is a diagnostic flag.
// //
// LastError is preserved unless CERT_CLOSE_STORE_CHECK_FLAG is set and FALSE // LastError is preserved unless CERT_CLOSE_STORE_CHECK_FLAG is set and FALSE
// is returned. // is returned.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertCloseStore( CertCloseStore(
IN HCERTSTORE hCertStore, __in_opt HCERTSTORE hCertStore,
DWORD dwFlags __in DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the subject certificate context uniquely identified by its Issuer and // Get the subject certificate context uniquely identified by its Issuer and
// SerialNumber from the store. // SerialNumber from the store.
// //
// If the certificate isn't found, NULL is returned. Otherwise, a pointer to // If the certificate isn't found, NULL is returned. Otherwise, a pointer to
// a read only CERT_CONTEXT is returned. CERT_CONTEXT must be freed by calling // a read only CERT_CONTEXT is returned. CERT_CONTEXT must be freed by calling
// CertFreeCertificateContext. CertDuplicateCertificateContext can be called to make a // CertFreeCertificateContext. CertDuplicateCertificateContext can be called to make a
// duplicate. // duplicate.
// //
// The returned certificate might not be valid. Normally, it would be // The returned certificate might not be valid. Normally, it would be
// verified when getting its issuer certificate (CertGetIssuerCertificateFromSt ore). // verified when getting its issuer certificate (CertGetIssuerCertificateFromSt ore).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertGetSubjectCertificateFromStore( CertGetSubjectCertificateFromStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_INFO pCertId // Only the Issuer and SerialNumber __in PCERT_INFO pCertId // Only the Issuer and SerialNumber
// fields are used // fields are used
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the certificate contexts in the store. // Enumerate the certificate contexts in the store.
// //
// If a certificate isn't found, NULL is returned. // If a certificate isn't found, NULL is returned.
// Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT // Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT
// must be freed by calling CertFreeCertificateContext or is freed when passed as the // must be freed by calling CertFreeCertificateContext or is freed when passed as the
// pPrevCertContext on a subsequent call. CertDuplicateCertificateContext // pPrevCertContext on a subsequent call. CertDuplicateCertificateContext
// can be called to make a duplicate. // can be called to make a duplicate.
skipping to change at line 8449 skipping to change at line 10194
// certificate in the store. Successive certificates are enumerated by setting // certificate in the store. Successive certificates are enumerated by setting
// pPrevCertContext to the CERT_CONTEXT returned by a previous call. // pPrevCertContext to the CERT_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by // NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertEnumCertificatesInStore( CertEnumCertificatesInStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN PCCERT_CONTEXT pPrevCertContext __in_opt PCCERT_CONTEXT pPrevCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find the first or next certificate context in the store. // Find the first or next certificate context in the store.
// //
// The certificate is found according to the dwFindType and its pvFindPara. // The certificate is found according to the dwFindType and its pvFindPara.
// See below for a list of the find types and its parameters. // See below for a list of the find types and its parameters.
// //
// Currently dwFindFlags is only used for CERT_FIND_SUBJECT_ATTR, // Currently dwFindFlags is only used for CERT_FIND_SUBJECT_ATTR,
// CERT_FIND_ISSUER_ATTR or CERT_FIND_CTL_USAGE. Otherwise, must be set to 0. // CERT_FIND_ISSUER_ATTR or CERT_FIND_CTL_USAGE. Otherwise, must be set to 0.
skipping to change at line 8481 skipping to change at line 10226
// call to find the certificate. To find the next certificate, the // call to find the certificate. To find the next certificate, the
// pPrevCertContext is set to the CERT_CONTEXT returned by a previous call. // pPrevCertContext is set to the CERT_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by // NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertFindCertificateInStore( CertFindCertificateInStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN DWORD dwFindFlags, __in DWORD dwFindFlags,
IN DWORD dwFindType, __in DWORD dwFindType,
IN const void *pvFindPara, __in_opt const void *pvFindPara,
IN PCCERT_CONTEXT pPrevCertContext __in_opt PCCERT_CONTEXT pPrevCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate comparison functions // Certificate comparison functions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_COMPARE_MASK 0xFFFF #define CERT_COMPARE_MASK 0xFFFF
#define CERT_COMPARE_SHIFT 16 #define CERT_COMPARE_SHIFT 16
#define CERT_COMPARE_ANY 0 #define CERT_COMPARE_ANY 0
#define CERT_COMPARE_SHA1_HASH 1 #define CERT_COMPARE_SHA1_HASH 1
#define CERT_COMPARE_NAME 2 #define CERT_COMPARE_NAME 2
skipping to change at line 8517 skipping to change at line 10262
#define CERT_COMPARE_SUBJECT_CERT 11 #define CERT_COMPARE_SUBJECT_CERT 11
#define CERT_COMPARE_ISSUER_OF 12 #define CERT_COMPARE_ISSUER_OF 12
#define CERT_COMPARE_EXISTING 13 #define CERT_COMPARE_EXISTING 13
#define CERT_COMPARE_SIGNATURE_HASH 14 #define CERT_COMPARE_SIGNATURE_HASH 14
#define CERT_COMPARE_KEY_IDENTIFIER 15 #define CERT_COMPARE_KEY_IDENTIFIER 15
#define CERT_COMPARE_CERT_ID 16 #define CERT_COMPARE_CERT_ID 16
#define CERT_COMPARE_CROSS_CERT_DIST_POINTS 17 #define CERT_COMPARE_CROSS_CERT_DIST_POINTS 17
#define CERT_COMPARE_PUBKEY_MD5_HASH 18 #define CERT_COMPARE_PUBKEY_MD5_HASH 18
#define CERT_COMPARE_SUBJECT_INFO_ACCESS 19
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// dwFindType // dwFindType
// //
// The dwFindType definition consists of two components: // The dwFindType definition consists of two components:
// - comparison function // - comparison function
// - certificate information flag // - certificate information flag
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_FIND_ANY (CERT_COMPARE_ANY << CERT_COMPARE_SHIFT) #define CERT_FIND_ANY (CERT_COMPARE_ANY << CERT_COMPARE_SHIFT)
#define CERT_FIND_SHA1_HASH (CERT_COMPARE_SHA1_HASH << CERT_COMPARE_SHIFT) #define CERT_FIND_SHA1_HASH (CERT_COMPARE_SHA1_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_MD5_HASH (CERT_COMPARE_MD5_HASH << CERT_COMPARE_SHIFT) #define CERT_FIND_MD5_HASH (CERT_COMPARE_MD5_HASH << CERT_COMPARE_SHIFT)
skipping to change at line 8564 skipping to change at line 10311
#define CERT_FIND_SUBJECT_CERT (CERT_COMPARE_SUBJECT_CERT << CERT_COMPARE_SHIFT ) #define CERT_FIND_SUBJECT_CERT (CERT_COMPARE_SUBJECT_CERT << CERT_COMPARE_SHIFT )
#define CERT_FIND_ISSUER_OF (CERT_COMPARE_ISSUER_OF << CERT_COMPARE_SHIFT) #define CERT_FIND_ISSUER_OF (CERT_COMPARE_ISSUER_OF << CERT_COMPARE_SHIFT)
#define CERT_FIND_EXISTING (CERT_COMPARE_EXISTING << CERT_COMPARE_SHIFT) #define CERT_FIND_EXISTING (CERT_COMPARE_EXISTING << CERT_COMPARE_SHIFT)
#define CERT_FIND_CERT_ID (CERT_COMPARE_CERT_ID << CERT_COMPARE_SHIFT) #define CERT_FIND_CERT_ID (CERT_COMPARE_CERT_ID << CERT_COMPARE_SHIFT)
#define CERT_FIND_CROSS_CERT_DIST_POINTS \ #define CERT_FIND_CROSS_CERT_DIST_POINTS \
(CERT_COMPARE_CROSS_CERT_DIST_POINTS << CERT_COMPARE_SHIFT) (CERT_COMPARE_CROSS_CERT_DIST_POINTS << CERT_COMPARE_SHIFT)
#define CERT_FIND_PUBKEY_MD5_HASH \ #define CERT_FIND_PUBKEY_MD5_HASH \
(CERT_COMPARE_PUBKEY_MD5_HASH << CERT_COMPARE_SHIFT) (CERT_COMPARE_PUBKEY_MD5_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_SUBJECT_INFO_ACCESS \
(CERT_COMPARE_SUBJECT_INFO_ACCESS << CERT_COMPARE_SHIFT)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_FIND_ANY // CERT_FIND_ANY
// //
// Find any certificate. // Find any certificate.
// //
// pvFindPara isn't used. // pvFindPara isn't used.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_FIND_HASH // CERT_FIND_HASH
skipping to change at line 8755 skipping to change at line 10505
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_FIND_CROSS_CERT_DIST_POINTS // CERT_FIND_CROSS_CERT_DIST_POINTS
// //
// Find a certificate having either a cross certificate distribution // Find a certificate having either a cross certificate distribution
// point extension or property. // point extension or property.
// //
// pvFindPara isn't used. // pvFindPara isn't used.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_FIND_SUBJECT_INFO_ACCESS
//
// Find a certificate having either a SubjectInfoAccess extension or
// property.
//
// pvFindPara isn't used.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Get the certificate context from the store for the first or next issuer // Get the certificate context from the store for the first or next issuer
// of the specified subject certificate. Perform the enabled // of the specified subject certificate. Perform the enabled
// verification checks on the subject. (Note, the checks are on the subject // verification checks on the subject. (Note, the checks are on the subject
// using the returned issuer certificate.) // using the returned issuer certificate.)
// //
// If the first or next issuer certificate isn't found, NULL is returned. // If the first or next issuer certificate isn't found, NULL is returned.
// Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT // Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT
// must be freed by calling CertFreeCertificateContext or is freed when passed as the // must be freed by calling CertFreeCertificateContext or is freed when passed as the
// pPrevIssuerContext on a subsequent call. CertDuplicateCertificateContext // pPrevIssuerContext on a subsequent call. CertDuplicateCertificateContext
// can be called to make a duplicate. // can be called to make a duplicate.
skipping to change at line 8812 skipping to change at line 10571
// CERT_STORE_NO_ISSUER_FLAG is set if it doesn't have an issuer certificate // CERT_STORE_NO_ISSUER_FLAG is set if it doesn't have an issuer certificate
// in the store. // in the store.
// //
// For a verification check failure, a pointer to the issuer's CERT_CONTEXT // For a verification check failure, a pointer to the issuer's CERT_CONTEXT
// is still returned and SetLastError isn't updated. // is still returned and SetLastError isn't updated.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertGetIssuerCertificateFromStore( CertGetIssuerCertificateFromStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN PCCERT_CONTEXT pSubjectContext, __in PCCERT_CONTEXT pSubjectContext,
IN OPTIONAL PCCERT_CONTEXT pPrevIssuerContext, __in_opt PCCERT_CONTEXT pPrevIssuerContext,
IN OUT DWORD *pdwFlags __inout DWORD *pdwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Perform the enabled verification checks on the subject certificate // Perform the enabled verification checks on the subject certificate
// using the issuer. Same checks and flags definitions as for the above // using the issuer. Same checks and flags definitions as for the above
// CertGetIssuerCertificateFromStore. // CertGetIssuerCertificateFromStore.
// //
// If you are only checking CERT_STORE_TIME_VALIDITY_FLAG, then, the // If you are only checking CERT_STORE_TIME_VALIDITY_FLAG, then, the
// issuer can be NULL. // issuer can be NULL.
// //
// For a verification check failure, SUCCESS is still returned. // For a verification check failure, SUCCESS is still returned.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifySubjectCertificateContext( CertVerifySubjectCertificateContext(
IN PCCERT_CONTEXT pSubject, __in PCCERT_CONTEXT pSubject,
IN OPTIONAL PCCERT_CONTEXT pIssuer, __in_opt PCCERT_CONTEXT pIssuer,
IN OUT DWORD *pdwFlags __inout DWORD *pdwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Duplicate a certificate context // Duplicate a certificate context
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertDuplicateCertificateContext( CertDuplicateCertificateContext(
IN PCCERT_CONTEXT pCertContext __in_opt PCCERT_CONTEXT pCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Create a certificate context from the encoded certificate. The created // Create a certificate context from the encoded certificate. The created
// context isn't put in a store. // context isn't put in a store.
// //
// Makes a copy of the encoded certificate in the created context. // Makes a copy of the encoded certificate in the created context.
// //
// If unable to decode and create the certificate context, NULL is returned. // If unable to decode and create the certificate context, NULL is returned.
// Otherwise, a pointer to a read only CERT_CONTEXT is returned. // Otherwise, a pointer to a read only CERT_CONTEXT is returned.
// CERT_CONTEXT must be freed by calling CertFreeCertificateContext. // CERT_CONTEXT must be freed by calling CertFreeCertificateContext.
// CertDuplicateCertificateContext can be called to make a duplicate. // CertDuplicateCertificateContext can be called to make a duplicate.
// //
// CertSetCertificateContextProperty and CertGetCertificateContextProperty can be called // CertSetCertificateContextProperty and CertGetCertificateContextProperty can be called
// to store properties for the certificate. // to store properties for the certificate.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertCreateCertificateContext( CertCreateCertificateContext(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN const BYTE *pbCertEncoded, __in_bcount(cbCertEncoded) const BYTE *pbCertEncoded,
IN DWORD cbCertEncoded __in DWORD cbCertEncoded
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Free a certificate context // Free a certificate context
// //
// There needs to be a corresponding free for each context obtained by a // There needs to be a corresponding free for each context obtained by a
// get, find, duplicate or create. // get, find, duplicate or create.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertFreeCertificateContext( CertFreeCertificateContext(
IN PCCERT_CONTEXT pCertContext __in_opt PCCERT_CONTEXT pCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set the property for the specified certificate context. // Set the property for the specified certificate context.
// //
// The type definition for pvData depends on the dwPropId value. There are // The type definition for pvData depends on the dwPropId value. There are
// five predefined types: // five predefined types:
// CERT_KEY_PROV_HANDLE_PROP_ID - a HCRYPTPROV for the certificate's // CERT_KEY_PROV_HANDLE_PROP_ID - a HCRYPTPROV for the certificate's
// private key is passed in pvData. Updates the hCryptProv field // private key is passed in pvData. Updates the hCryptProv field
// of the CERT_KEY_CONTEXT_PROP_ID. If the CERT_KEY_CONTEXT_PROP_ID // of the CERT_KEY_CONTEXT_PROP_ID. If the CERT_KEY_CONTEXT_PROP_ID
// doesn't exist, its created with all the other fields zeroed out. If // doesn't exist, its created with all the other fields zeroed out. If
// CERT_STORE_NO_CRYPT_RELEASE_FLAG isn't set, HCRYPTPROV is implicitly // CERT_STORE_NO_CRYPT_RELEASE_FLAG isn't set, HCRYPTPROV is implicitly
// released when either the property is set to NULL or on the final // released when either the property is set to NULL or on the final
// free of the CertContext. // free of the CertContext.
// //
// CERT_NCRYPT_KEY_HANDLE_PROP_ID - a NCRYPT_KEY_HANDLE for the
// certificate's private key is passed in pvData. The dwKeySpec is
// set to CERT_NCRYPT_KEY_SPEC.
//
// CERT_HCRYPTPROV_OR_NCRYPT_KEY_HANDLE_PROP_ID - a
// HCRYPTPROV_OR_NCRYPT_KEY_HANDLE for the certificates's private
// key is passed in pvData. NCryptIsKeyHandle()
// is called to determine if this is a CNG NCRYPT_KEY_HANDLE.
// For a NCRYPT_KEY_HANDLE does a CERT_NCRYPT_KEY_HANDLE_PROP_ID set.
// Otherwise, does a CERT_KEY_PROV_HANDLE_PROP_ID set.
//
// CERT_KEY_PROV_INFO_PROP_ID - a PCRYPT_KEY_PROV_INFO for the certificate' s // CERT_KEY_PROV_INFO_PROP_ID - a PCRYPT_KEY_PROV_INFO for the certificate' s
// private key is passed in pvData. // private key is passed in pvData.
// //
// CERT_SHA1_HASH_PROP_ID - // CERT_SHA1_HASH_PROP_ID -
// CERT_MD5_HASH_PROP_ID - // CERT_MD5_HASH_PROP_ID -
// CERT_SIGNATURE_HASH_PROP_ID - normally, a hash property is implicitly // CERT_SIGNATURE_HASH_PROP_ID - normally, a hash property is implicitly
// set by doing a CertGetCertificateContextProperty. pvData points to a // set by doing a CertGetCertificateContextProperty. pvData points to a
// CRYPT_HASH_BLOB. // CRYPT_HASH_BLOB.
// //
// CERT_KEY_CONTEXT_PROP_ID - a PCERT_KEY_CONTEXT for the certificate's // CERT_KEY_CONTEXT_PROP_ID - a PCERT_KEY_CONTEXT for the certificate's
// private key is passed in pvData. The CERT_KEY_CONTEXT contains both the // private key is passed in pvData. The CERT_KEY_CONTEXT contains both the
// hCryptProv and dwKeySpec for the private key. // hCryptProv and dwKeySpec for the private key. A dwKeySpec of
// CERT_NCRYPT_KEY_SPEC selects the hNCryptKey choice.
// See the CERT_KEY_PROV_HANDLE_PROP_ID for more information about // See the CERT_KEY_PROV_HANDLE_PROP_ID for more information about
// the hCryptProv field and dwFlags settings. Note, more fields may // the hCryptProv field and dwFlags settings. Note, more fields may
// be added for this property. The cbSize field value will be adjusted // be added for this property. The cbSize field value will be adjusted
// accordingly. // accordingly.
// //
// CERT_KEY_SPEC_PROP_ID - the dwKeySpec for the private key. pvData // CERT_KEY_SPEC_PROP_ID - the dwKeySpec for the private key. pvData
// points to a DWORD containing the KeySpec // points to a DWORD containing the KeySpec
// //
// CERT_ENHKEY_USAGE_PROP_ID - enhanced key usage definition for the // CERT_ENHKEY_USAGE_PROP_ID - enhanced key usage definition for the
// certificate. pvData points to a CRYPT_DATA_BLOB containing an // certificate. pvData points to a CRYPT_DATA_BLOB containing an
skipping to change at line 8971 skipping to change at line 10742
// followed by CAName string with null-terminator, // followed by CAName string with null-terminator,
// next 4 bytes - FriendlyName size in characters including null-terminator // next 4 bytes - FriendlyName size in characters including null-terminator
// followed by FriendlyName string with null-terminator. // followed by FriendlyName string with null-terminator.
// //
// CERT_DATE_STAMP_PROP_ID - contains the time when added to the store // CERT_DATE_STAMP_PROP_ID - contains the time when added to the store
// by an admin tool. pvData points to a CRYPT_DATA_BLOB containing // by an admin tool. pvData points to a CRYPT_DATA_BLOB containing
// the FILETIME. // the FILETIME.
// //
// CERT_RENEWAL_PROP_ID - contains the hash of renewed certificate // CERT_RENEWAL_PROP_ID - contains the hash of renewed certificate
// //
// CERT_OCSP_RESPONSE_PROP_ID - contains the encoded OCSP response.
// CryptDecodeObject/CryptEncodeObject using
// lpszStructType = OCSP_RESPONSE.
// pvData points to a CRYPT_DATA_BLOB containing the encoded OCSP response.
// If this property is present, CertVerifyRevocation() will first attempt
// to use before doing an URL retrieval.
//
// CERT_SOURCE_LOCATION_PROP_ID - contains source location of the CRL or
// OCSP. pvData points to a CRYPT_DATA_BLOB. pbData is a pointer to a NULL
// terminated unicode, wide character string. Where,
// cbData = (wcslen((LPWSTR) pbData) + 1) * sizeof(WCHAR).
//
// CERT_SOURCE_URL_PROP_ID - contains URL for the CRL or OCSP. pvData
// is the same as for CERT_SOURCE_LOCATION_PROP_ID.
//
// For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData. // For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData.
// //
// If the property already exists, then, the old value is deleted and silently // If the property already exists, then, the old value is deleted and silently
// replaced. Setting, pvData to NULL, deletes the property. // replaced. Setting, pvData to NULL, deletes the property.
// //
// CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG can be set to ignore any // CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG can be set to ignore any
// provider write errors and always update the cached context's property. // provider write errors and always update the cached context's property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetCertificateContextProperty( CertSetCertificateContextProperty(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN const void *pvData __in_opt const void *pvData
); );
// Set this flag to ignore any store provider write errors and always update // Set this flag to ignore any store provider write errors and always update
// the cached context's property // the cached context's property
#define CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG 0x80000000 #define CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG 0x80000000
// Set this flag to inhibit the persisting of this property // Set this flag to inhibit the persisting of this property
#define CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG 0x40000000 #define CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG 0x40000000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the property for the specified certificate context. // Get the property for the specified certificate context.
// //
// For CERT_KEY_PROV_HANDLE_PROP_ID, pvData points to a HCRYPTPROV. // For CERT_KEY_PROV_HANDLE_PROP_ID, pvData points to a HCRYPTPROV.
// The CERT_NCRYPT_KEY_SPEC NCRYPT_KEY_HANDLE choice isn't returned.
//
// For CERT_NCRYPT_KEY_HANDLE_PROP_ID, pvData points to a NCRYPT_KEY_HANDLE.
// Only returned for the CERT_NCRYPT_KEY_SPEC choice.
//
// For CERT_HCRYPTPROV_OR_NCRYPT_KEY_HANDLE_PROP_ID, pvData points to a
// HCRYPTPROV_OR_NCRYPT_KEY_HANDLE. Returns either the HCRYPTPROV or
// NCRYPT_KEY_HANDLE choice.
// //
// For CERT_KEY_PROV_INFO_PROP_ID, pvData points to a CRYPT_KEY_PROV_INFO struc ture. // For CERT_KEY_PROV_INFO_PROP_ID, pvData points to a CRYPT_KEY_PROV_INFO struc ture.
// Elements pointed to by fields in the pvData structure follow the // Elements pointed to by fields in the pvData structure follow the
// structure. Therefore, *pcbData may exceed the size of the structure. // structure. Therefore, *pcbData may exceed the size of the structure.
// //
// For CERT_KEY_CONTEXT_PROP_ID, pvData points to a CERT_KEY_CONTEXT structure. // For CERT_KEY_CONTEXT_PROP_ID, pvData points to a CERT_KEY_CONTEXT structure.
// //
// For CERT_KEY_SPEC_PROP_ID, pvData points to a DWORD containing the KeySpec. // For CERT_KEY_SPEC_PROP_ID, pvData points to a DWORD containing the KeySpec.
// If the CERT_KEY_CONTEXT_PROP_ID exists, the KeySpec is obtained from there. // If the CERT_KEY_CONTEXT_PROP_ID exists, the KeySpec is obtained from there.
// Otherwise, if the CERT_KEY_PROV_INFO_PROP_ID exists, its the source // Otherwise, if the CERT_KEY_PROV_INFO_PROP_ID exists, its the source
// of the KeySpec. // of the KeySpec. CERT_NCRYPT_KEY_SPEC is returned if the
// CERT_NCRYPT_KEY_HANDLE_PROP_ID has been set.
// //
// For CERT_SHA1_HASH_PROP_ID or CERT_MD5_HASH_PROP_ID, if the hash // For CERT_SHA1_HASH_PROP_ID or CERT_MD5_HASH_PROP_ID, if the hash
// doesn't already exist, then, its computed via CryptHashCertificate() // doesn't already exist, then, its computed via CryptHashCertificate()
// and then set. pvData points to the computed hash. Normally, the length // and then set. pvData points to the computed hash. Normally, the length
// is 20 bytes for SHA and 16 for MD5. // is 20 bytes for SHA and 16 for MD5.
// //
// For CERT_SIGNATURE_HASH_PROP_ID, if the hash // For CERT_SIGNATURE_HASH_PROP_ID, if the hash
// doesn't already exist, then, its computed via CryptHashToBeSigned() // doesn't already exist, then, its computed via CryptHashToBeSigned()
// and then set. pvData points to the computed hash. Normally, the length // and then set. pvData points to the computed hash. Normally, the length
// is 20 bytes for SHA and 16 for MD5. // is 20 bytes for SHA and 16 for MD5.
skipping to change at line 9040 skipping to change at line 10835
// points to the key identifier bytes. Normally, the length is 20 bytes. // points to the key identifier bytes. Normally, the length is 20 bytes.
// //
// For CERT_PUBKEY_ALG_PARA_PROP_ID, pvPara points to the ASN.1 encoded // For CERT_PUBKEY_ALG_PARA_PROP_ID, pvPara points to the ASN.1 encoded
// PublicKey Algorithm Parameters. This property will only be set // PublicKey Algorithm Parameters. This property will only be set
// for public keys supporting algorithm parameter inheritance and when the // for public keys supporting algorithm parameter inheritance and when the
// parameters have been omitted from the encoded and signed certificate. // parameters have been omitted from the encoded and signed certificate.
// //
// For CERT_DATE_STAMP_PROP_ID, pvPara points to a FILETIME updated by // For CERT_DATE_STAMP_PROP_ID, pvPara points to a FILETIME updated by
// an admin tool to indicate when the certificate was added to the store. // an admin tool to indicate when the certificate was added to the store.
// //
// For CERT_OCSP_RESPONSE_PROP_ID, pvPara points to an encoded OCSP response.
//
// For CERT_SOURCE_LOCATION_PROP_ID and CERT_SOURCE_URL_PROP_ID,
// pvPara points to a NULL terminated unicode, wide character string.
//
// For all other PROP_IDs, pvData points to an encoded array of bytes. // For all other PROP_IDs, pvData points to an encoded array of bytes.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetCertificateContextProperty( CertGetCertificateContextProperty(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwPropId, __in DWORD dwPropId,
OUT void *pvData, __out_bcount_part_opt(*pcbData, *pcbData) void *pvData,
IN OUT DWORD *pcbData __inout DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the properties for the specified certificate context. // Enumerate the properties for the specified certificate context.
// //
// To get the first property, set dwPropId to 0. The ID of the first // To get the first property, set dwPropId to 0. The ID of the first
// property is returned. To get the next property, set dwPropId to the // property is returned. To get the next property, set dwPropId to the
// ID returned by the last call. To enumerate all the properties continue // ID returned by the last call. To enumerate all the properties continue
// until 0 is returned. // until 0 is returned.
// //
// CertGetCertificateContextProperty is called to get the property's data. // CertGetCertificateContextProperty is called to get the property's data.
// //
// Note, since, the CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_SPEC_PROP_ID // Note, since, the CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_SPEC_PROP_ID
// properties are stored as fields in the CERT_KEY_CONTEXT_PROP_ID // properties are stored as fields in the CERT_KEY_CONTEXT_PROP_ID
// property, they aren't enumerated individually. // property, they aren't enumerated individually.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertEnumCertificateContextProperties( CertEnumCertificateContextProperties(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwPropId __in DWORD dwPropId
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Creates a CTL entry whose attributes are the certificate context's // Creates a CTL entry whose attributes are the certificate context's
// properties. // properties.
// //
// The SubjectIdentifier in the CTL entry is the SHA1 hash of the certificate. // The SubjectIdentifier in the CTL entry is the SHA1 hash of the certificate.
// //
// The certificate properties are added as attributes. The property attribute // The certificate properties are added as attributes. The property attribute
// OID is the decimal PROP_ID preceded by szOID_CERT_PROP_ID_PREFIX. Each // OID is the decimal PROP_ID preceded by szOID_CERT_PROP_ID_PREFIX. Each
skipping to change at line 9094 skipping to change at line 10894
// Any additional attributes to be included in the CTL entry can be passed // Any additional attributes to be included in the CTL entry can be passed
// in via the cOptAttr and rgOptAttr parameters. // in via the cOptAttr and rgOptAttr parameters.
// //
// CTL_ENTRY_FROM_PROP_CHAIN_FLAG can be set in dwFlags, to force the // CTL_ENTRY_FROM_PROP_CHAIN_FLAG can be set in dwFlags, to force the
// inclusion of the chain building hash properties as attributes. // inclusion of the chain building hash properties as attributes.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertCreateCTLEntryFromCertificateContextProperties( CertCreateCTLEntryFromCertificateContextProperties(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD cOptAttr, __in DWORD cOptAttr,
IN OPTIONAL PCRYPT_ATTRIBUTE rgOptAttr, __in_ecount_opt(cOptAttr) PCRYPT_ATTRIBUTE rgOptAttr,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
OUT OPTIONAL PCTL_ENTRY pCtlEntry, __out_bcount_part_opt(*pcbCtlEntry, *pcbCtlEntry) PCTL_ENTRY pCtlEntry,
IN OUT DWORD *pcbCtlEntry __inout DWORD *pcbCtlEntry
); );
// Set this flag to get and include the chain building hash properties // Set this flag to get and include the chain building hash properties
// as attributes in the CTL entry // as attributes in the CTL entry
#define CTL_ENTRY_FROM_PROP_CHAIN_FLAG 0x1 #define CTL_ENTRY_FROM_PROP_CHAIN_FLAG 0x1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sets properties on the certificate context using the attributes in // Sets properties on the certificate context using the attributes in
// the CTL entry. // the CTL entry.
// //
// The property attribute OID is the decimal PROP_ID preceded by // The property attribute OID is the decimal PROP_ID preceded by
// szOID_CERT_PROP_ID_PREFIX. Only attributes containing such an OID are // szOID_CERT_PROP_ID_PREFIX. Only attributes containing such an OID are
// copied. // copied.
// //
// CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG may be set in dwFlags. // CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG may be set in dwFlags.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetCertificateContextPropertiesFromCTLEntry( CertSetCertificateContextPropertiesFromCTLEntry(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN PCTL_ENTRY pCtlEntry, __in PCTL_ENTRY pCtlEntry,
IN DWORD dwFlags __in DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the first or next CRL context from the store for the specified // Get the first or next CRL context from the store for the specified
// issuer certificate. Perform the enabled verification checks on the CRL. // issuer certificate. Perform the enabled verification checks on the CRL.
// //
// If the first or next CRL isn't found, NULL is returned. // If the first or next CRL isn't found, NULL is returned.
// Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT // Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT
// must be freed by calling CertFreeCRLContext. However, the free must be // must be freed by calling CertFreeCRLContext. However, the free must be
// pPrevCrlContext on a subsequent call. CertDuplicateCRLContext // pPrevCrlContext on a subsequent call. CertDuplicateCRLContext
skipping to change at line 9182 skipping to change at line 10982
// If pIssuerContext == NULL, then, an enabled CERT_STORE_SIGNATURE_FLAG // If pIssuerContext == NULL, then, an enabled CERT_STORE_SIGNATURE_FLAG
// always fails and the CERT_STORE_NO_ISSUER_FLAG is also set. // always fails and the CERT_STORE_NO_ISSUER_FLAG is also set.
// //
// For a verification check failure, a pointer to the first or next // For a verification check failure, a pointer to the first or next
// CRL_CONTEXT is still returned and SetLastError isn't updated. // CRL_CONTEXT is still returned and SetLastError isn't updated.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRL_CONTEXT PCCRL_CONTEXT
WINAPI WINAPI
CertGetCRLFromStore( CertGetCRLFromStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN OPTIONAL PCCERT_CONTEXT pIssuerContext, __in_opt PCCERT_CONTEXT pIssuerContext,
IN PCCRL_CONTEXT pPrevCrlContext, __in_opt PCCRL_CONTEXT pPrevCrlContext,
IN OUT DWORD *pdwFlags __inout DWORD *pdwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the CRL contexts in the store. // Enumerate the CRL contexts in the store.
// //
// If a CRL isn't found, NULL is returned. // If a CRL isn't found, NULL is returned.
// Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT // Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT
// must be freed by calling CertFreeCRLContext or is freed when passed as the // must be freed by calling CertFreeCRLContext or is freed when passed as the
// pPrevCrlContext on a subsequent call. CertDuplicateCRLContext // pPrevCrlContext on a subsequent call. CertDuplicateCRLContext
// can be called to make a duplicate. // can be called to make a duplicate.
skipping to change at line 9208 skipping to change at line 11008
// CRL in the store. Successive CRLs are enumerated by setting // CRL in the store. Successive CRLs are enumerated by setting
// pPrevCrlContext to the CRL_CONTEXT returned by a previous call. // pPrevCrlContext to the CRL_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by // NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRL_CONTEXT PCCRL_CONTEXT
WINAPI WINAPI
CertEnumCRLsInStore( CertEnumCRLsInStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN PCCRL_CONTEXT pPrevCrlContext __in_opt PCCRL_CONTEXT pPrevCrlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find the first or next CRL context in the store. // Find the first or next CRL context in the store.
// //
// The CRL is found according to the dwFindType and its pvFindPara. // The CRL is found according to the dwFindType and its pvFindPara.
// See below for a list of the find types and its parameters. // See below for a list of the find types and its parameters.
// //
// Currently dwFindFlags isn't used and must be set to 0. // Currently dwFindFlags isn't used and must be set to 0.
// //
skipping to change at line 9239 skipping to change at line 11039
// call to find the CRL. To find the next CRL, the // call to find the CRL. To find the next CRL, the
// pPrevCrlContext is set to the CRL_CONTEXT returned by a previous call. // pPrevCrlContext is set to the CRL_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by // NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRL_CONTEXT PCCRL_CONTEXT
WINAPI WINAPI
CertFindCRLInStore( CertFindCRLInStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN DWORD dwFindFlags, __in DWORD dwFindFlags,
IN DWORD dwFindType, __in DWORD dwFindType,
IN const void *pvFindPara, __in_opt const void *pvFindPara,
IN PCCRL_CONTEXT pPrevCrlContext __in_opt PCCRL_CONTEXT pPrevCrlContext
); );
#define CRL_FIND_ANY 0 #define CRL_FIND_ANY 0
#define CRL_FIND_ISSUED_BY 1 #define CRL_FIND_ISSUED_BY 1
#define CRL_FIND_EXISTING 2 #define CRL_FIND_EXISTING 2
#define CRL_FIND_ISSUED_FOR 3 #define CRL_FIND_ISSUED_FOR 3
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRL_FIND_ANY // CRL_FIND_ANY
// //
skipping to change at line 9332 skipping to change at line 11132
PCCERT_CONTEXT pIssuerCert; PCCERT_CONTEXT pIssuerCert;
} CRL_FIND_ISSUED_FOR_PARA, *PCRL_FIND_ISSUED_FOR_PARA; } CRL_FIND_ISSUED_FOR_PARA, *PCRL_FIND_ISSUED_FOR_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Duplicate a CRL context // Duplicate a CRL context
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRL_CONTEXT PCCRL_CONTEXT
WINAPI WINAPI
CertDuplicateCRLContext( CertDuplicateCRLContext(
IN PCCRL_CONTEXT pCrlContext __in_opt PCCRL_CONTEXT pCrlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Create a CRL context from the encoded CRL. The created // Create a CRL context from the encoded CRL. The created
// context isn't put in a store. // context isn't put in a store.
// //
// Makes a copy of the encoded CRL in the created context. // Makes a copy of the encoded CRL in the created context.
// //
// If unable to decode and create the CRL context, NULL is returned. // If unable to decode and create the CRL context, NULL is returned.
// Otherwise, a pointer to a read only CRL_CONTEXT is returned. // Otherwise, a pointer to a read only CRL_CONTEXT is returned.
// CRL_CONTEXT must be freed by calling CertFreeCRLContext. // CRL_CONTEXT must be freed by calling CertFreeCRLContext.
// CertDuplicateCRLContext can be called to make a duplicate. // CertDuplicateCRLContext can be called to make a duplicate.
// //
// CertSetCRLContextProperty and CertGetCRLContextProperty can be called // CertSetCRLContextProperty and CertGetCRLContextProperty can be called
// to store properties for the CRL. // to store properties for the CRL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRL_CONTEXT PCCRL_CONTEXT
WINAPI WINAPI
CertCreateCRLContext( CertCreateCRLContext(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN const BYTE *pbCrlEncoded, __in_bcount(cbCrlEncoded) const BYTE *pbCrlEncoded,
IN DWORD cbCrlEncoded __in DWORD cbCrlEncoded
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Free a CRL context // Free a CRL context
// //
// There needs to be a corresponding free for each context obtained by a // There needs to be a corresponding free for each context obtained by a
// get, duplicate or create. // get, duplicate or create.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertFreeCRLContext( CertFreeCRLContext(
IN PCCRL_CONTEXT pCrlContext __in_opt PCCRL_CONTEXT pCrlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set the property for the specified CRL context. // Set the property for the specified CRL context.
// //
// Same Property Ids and semantics as CertSetCertificateContextProperty. // Same Property Ids and semantics as CertSetCertificateContextProperty.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetCRLContextProperty( CertSetCRLContextProperty(
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN const void *pvData __in_opt const void *pvData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the property for the specified CRL context. // Get the property for the specified CRL context.
// //
// Same Property Ids and semantics as CertGetCertificateContextProperty. // Same Property Ids and semantics as CertGetCertificateContextProperty.
// //
// CERT_SHA1_HASH_PROP_ID, CERT_MD5_HASH_PROP_ID or // CERT_SHA1_HASH_PROP_ID, CERT_MD5_HASH_PROP_ID or
// CERT_SIGNATURE_HASH_PROP_ID is the predefined property of most interest. // CERT_SIGNATURE_HASH_PROP_ID is the predefined property of most interest.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetCRLContextProperty( CertGetCRLContextProperty(
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwPropId, __in DWORD dwPropId,
OUT void *pvData, __out_bcount_part_opt(*pcbData, *pcbData) void *pvData,
IN OUT DWORD *pcbData __inout DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the properties for the specified CRL context. // Enumerate the properties for the specified CRL context.
// //
// To get the first property, set dwPropId to 0. The ID of the first // To get the first property, set dwPropId to 0. The ID of the first
// property is returned. To get the next property, set dwPropId to the // property is returned. To get the next property, set dwPropId to the
// ID returned by the last call. To enumerate all the properties continue // ID returned by the last call. To enumerate all the properties continue
// until 0 is returned. // until 0 is returned.
// //
// CertGetCRLContextProperty is called to get the property's data. // CertGetCRLContextProperty is called to get the property's data.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertEnumCRLContextProperties( CertEnumCRLContextProperties(
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwPropId __in DWORD dwPropId
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Search the CRL's list of entries for the specified certificate. // Search the CRL's list of entries for the specified certificate.
// //
// TRUE is returned if we were able to search the list. Otherwise, FALSE is // TRUE is returned if we were able to search the list. Otherwise, FALSE is
// returned, // returned,
// //
// For success, if the certificate was found in the list, *ppCrlEntry is // For success, if the certificate was found in the list, *ppCrlEntry is
// updated with a pointer to the entry. Otherwise, *ppCrlEntry is set to NULL. // updated with a pointer to the entry. Otherwise, *ppCrlEntry is set to NULL.
// The returned entry isn't allocated and must not be freed. // The returned entry isn't allocated and must not be freed.
// //
// dwFlags and pvReserved currently aren't used and must be set to 0 or NULL. // dwFlags and pvReserved currently aren't used and must be set to 0 or NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertFindCertificateInCRL( CertFindCertificateInCRL(
IN PCCERT_CONTEXT pCert, __in PCCERT_CONTEXT pCert,
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
OUT PCRL_ENTRY *ppCrlEntry __deref_out_opt PCRL_ENTRY *ppCrlEntry
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Is the specified CRL valid for the certificate. // Is the specified CRL valid for the certificate.
// //
// Returns TRUE if the CRL's list of entries would contain the certificate // Returns TRUE if the CRL's list of entries would contain the certificate
// if it was revoked. Note, doesn't check that the certificate is in the // if it was revoked. Note, doesn't check that the certificate is in the
// list of entries. // list of entries.
// //
// If the CRL has an Issuing Distribution Point (IDP) extension, checks // If the CRL has an Issuing Distribution Point (IDP) extension, checks
// that it's valid for the subject certificate. // that it's valid for the subject certificate.
// //
// dwFlags and pvReserved currently aren't used and must be set to 0 and NULL. // dwFlags and pvReserved currently aren't used and must be set to 0 and NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertIsValidCRLForCertificate( CertIsValidCRLForCertificate(
IN PCCERT_CONTEXT pCert, __in PCCERT_CONTEXT pCert,
IN PCCRL_CONTEXT pCrl, __in PCCRL_CONTEXT pCrl,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvReserved __reserved void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add certificate/CRL, encoded, context or element disposition values. // Add certificate/CRL, encoded, context or element disposition values.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_STORE_ADD_NEW 1 #define CERT_STORE_ADD_NEW 1
#define CERT_STORE_ADD_USE_EXISTING 2 #define CERT_STORE_ADD_USE_EXISTING 2
#define CERT_STORE_ADD_REPLACE_EXISTING 3 #define CERT_STORE_ADD_REPLACE_EXISTING 3
#define CERT_STORE_ADD_ALWAYS 4 #define CERT_STORE_ADD_ALWAYS 4
#define CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES 5 #define CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES 5
skipping to change at line 9524 skipping to change at line 11324
// Same as CERT_STORE_ADD_NEWER. However, if an older certificate is // Same as CERT_STORE_ADD_NEWER. However, if an older certificate is
// replaced, same as CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES. // replaced, same as CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES.
// //
// CertGetSubjectCertificateFromStore is called to determine if the // CertGetSubjectCertificateFromStore is called to determine if the
// certificate already exists in the store. // certificate already exists in the store.
// //
// ppCertContext can be NULL, indicating the caller isn't interested // ppCertContext can be NULL, indicating the caller isn't interested
// in getting the CERT_CONTEXT of the added or existing certificate. // in getting the CERT_CONTEXT of the added or existing certificate.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertAddEncodedCertificateToStore( CertAddEncodedCertificateToStore(
IN HCERTSTORE hCertStore, __in_opt HCERTSTORE hCertStore,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN const BYTE *pbCertEncoded, __in_bcount(cbCertEncoded) const BYTE *pbCertEncoded,
IN DWORD cbCertEncoded, __in DWORD cbCertEncoded,
IN DWORD dwAddDisposition, __in DWORD dwAddDisposition,
OUT OPTIONAL PCCERT_CONTEXT *ppCertContext __deref_opt_out PCCERT_CONTEXT *ppCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add the certificate context to the store according to the specified // Add the certificate context to the store according to the specified
// disposition action. // disposition action.
// //
// In addition to the encoded certificate, the context's properties are // In addition to the encoded certificate, the context's properties are
// also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its // also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its
// CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied. // CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied.
// //
skipping to change at line 9593 skipping to change at line 11394
// Same as CERT_STORE_ADD_NEWER. However, if an older context is // Same as CERT_STORE_ADD_NEWER. However, if an older context is
// replaced, same as CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES. // replaced, same as CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES.
// //
// CertGetSubjectCertificateFromStore is called to determine if the // CertGetSubjectCertificateFromStore is called to determine if the
// certificate already exists in the store. // certificate already exists in the store.
// //
// ppStoreContext can be NULL, indicating the caller isn't interested // ppStoreContext can be NULL, indicating the caller isn't interested
// in getting the CERT_CONTEXT of the added or existing certificate. // in getting the CERT_CONTEXT of the added or existing certificate.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertAddCertificateContextToStore( CertAddCertificateContextToStore(
IN HCERTSTORE hCertStore, __in_opt HCERTSTORE hCertStore,
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwAddDisposition, __in DWORD dwAddDisposition,
OUT OPTIONAL PCCERT_CONTEXT *ppStoreContext __deref_opt_out PCCERT_CONTEXT *ppStoreContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Store Context Types // Certificate Store Context Types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_STORE_CERTIFICATE_CONTEXT 1 #define CERT_STORE_CERTIFICATE_CONTEXT 1
#define CERT_STORE_CRL_CONTEXT 2 #define CERT_STORE_CRL_CONTEXT 2
#define CERT_STORE_CTL_CONTEXT 3 #define CERT_STORE_CTL_CONTEXT 3
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 9646 skipping to change at line 11448
// add either a certificate or CRL, set dwContextTypeFlags to: // add either a certificate or CRL, set dwContextTypeFlags to:
// CERT_STORE_CERTIFICATE_CONTEXT_FLAG | CERT_STORE_CRL_CONTEXT_FLAG // CERT_STORE_CERTIFICATE_CONTEXT_FLAG | CERT_STORE_CRL_CONTEXT_FLAG
// //
// *pdwContextType is updated with the type of the context returned in // *pdwContextType is updated with the type of the context returned in
// *ppvContxt. pdwContextType or ppvContext can be NULL, indicating the // *ppvContxt. pdwContextType or ppvContext can be NULL, indicating the
// caller isn't interested in getting the output. If *ppvContext is // caller isn't interested in getting the output. If *ppvContext is
// returned it must be freed by calling CertFreeCertificateContext or // returned it must be freed by calling CertFreeCertificateContext or
// CertFreeCRLContext. // CertFreeCRLContext.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertAddSerializedElementToStore( CertAddSerializedElementToStore(
IN HCERTSTORE hCertStore, __in_opt HCERTSTORE hCertStore,
IN const BYTE *pbElement, __in_bcount(cbElement) const BYTE *pbElement,
IN DWORD cbElement, __in DWORD cbElement,
IN DWORD dwAddDisposition, __in DWORD dwAddDisposition,
IN DWORD dwFlags, __in DWORD dwFlags,
IN DWORD dwContextTypeFlags, __in DWORD dwContextTypeFlags,
OUT OPTIONAL DWORD *pdwContextType, __out_opt DWORD *pdwContextType,
OUT OPTIONAL const void **ppvContext __deref_opt_out const void **ppvContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Delete the specified certificate from the store. // Delete the specified certificate from the store.
// //
// All subsequent gets or finds for the certificate will fail. However, // All subsequent gets or finds for the certificate will fail. However,
// memory allocated for the certificate isn't freed until all of its contexts // memory allocated for the certificate isn't freed until all of its contexts
// have also been freed. // have also been freed.
// //
// The pCertContext is obtained from a get, enum, find or duplicate. // The pCertContext is obtained from a get, enum, find or duplicate.
skipping to change at line 9678 skipping to change at line 11481
// Some store provider implementations might also delete the issuer's CRLs // Some store provider implementations might also delete the issuer's CRLs
// if this is the last certificate for the issuer in the store. // if this is the last certificate for the issuer in the store.
// //
// NOTE: the pCertContext is always CertFreeCertificateContext'ed by // NOTE: the pCertContext is always CertFreeCertificateContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertDeleteCertificateFromStore( CertDeleteCertificateFromStore(
IN PCCERT_CONTEXT pCertContext __in PCCERT_CONTEXT pCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add the encoded CRL to the store according to the specified // Add the encoded CRL to the store according to the specified
// disposition option. // disposition option.
// //
// Makes a copy of the encoded CRL before adding to the store. // Makes a copy of the encoded CRL before adding to the store.
// //
// dwAddDispostion specifies the action to take if the CRL // dwAddDispostion specifies the action to take if the CRL
// already exists in the store. See CertAddEncodedCertificateToStore for a // already exists in the store. See CertAddEncodedCertificateToStore for a
// list of and actions taken. // list of and actions taken.
// //
// Compares the CRL's Issuer to determine if the CRL already exists in the // Compares the CRL's Issuer to determine if the CRL already exists in the
// store. // store.
// //
// ppCrlContext can be NULL, indicating the caller isn't interested // ppCrlContext can be NULL, indicating the caller isn't interested
// in getting the CRL_CONTEXT of the added or existing CRL. // in getting the CRL_CONTEXT of the added or existing CRL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertAddEncodedCRLToStore( CertAddEncodedCRLToStore(
IN HCERTSTORE hCertStore, __in_opt HCERTSTORE hCertStore,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN const BYTE *pbCrlEncoded, __in_bcount(cbCrlEncoded) const BYTE *pbCrlEncoded,
IN DWORD cbCrlEncoded, __in DWORD cbCrlEncoded,
IN DWORD dwAddDisposition, __in DWORD dwAddDisposition,
OUT OPTIONAL PCCRL_CONTEXT *ppCrlContext __deref_opt_out PCCRL_CONTEXT *ppCrlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add the CRL context to the store according to the specified // Add the CRL context to the store according to the specified
// disposition option. // disposition option.
// //
// In addition to the encoded CRL, the context's properties are // In addition to the encoded CRL, the context's properties are
// also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its // also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its
// CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied. // CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied.
// //
skipping to change at line 9730 skipping to change at line 11534
// already exists in the store. See CertAddCertificateContextToStore for a // already exists in the store. See CertAddCertificateContextToStore for a
// list of and actions taken. // list of and actions taken.
// //
// Compares the CRL's Issuer, ThisUpdate and NextUpdate to determine // Compares the CRL's Issuer, ThisUpdate and NextUpdate to determine
// if the CRL already exists in the store. // if the CRL already exists in the store.
// //
// ppStoreContext can be NULL, indicating the caller isn't interested // ppStoreContext can be NULL, indicating the caller isn't interested
// in getting the CRL_CONTEXT of the added or existing CRL. // in getting the CRL_CONTEXT of the added or existing CRL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertAddCRLContextToStore( CertAddCRLContextToStore(
IN HCERTSTORE hCertStore, __in_opt HCERTSTORE hCertStore,
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwAddDisposition, __in DWORD dwAddDisposition,
OUT OPTIONAL PCCRL_CONTEXT *ppStoreContext __deref_opt_out PCCRL_CONTEXT *ppStoreContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Delete the specified CRL from the store. // Delete the specified CRL from the store.
// //
// All subsequent gets for the CRL will fail. However, // All subsequent gets for the CRL will fail. However,
// memory allocated for the CRL isn't freed until all of its contexts // memory allocated for the CRL isn't freed until all of its contexts
// have also been freed. // have also been freed.
// //
// The pCrlContext is obtained from a get or duplicate. // The pCrlContext is obtained from a get or duplicate.
// //
// NOTE: the pCrlContext is always CertFreeCRLContext'ed by // NOTE: the pCrlContext is always CertFreeCRLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertDeleteCRLFromStore( CertDeleteCRLFromStore(
IN PCCRL_CONTEXT pCrlContext __in PCCRL_CONTEXT pCrlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Serialize the certificate context's encoded certificate and its // Serialize the certificate context's encoded certificate and its
// properties. // properties.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSerializeCertificateStoreElement( CertSerializeCertificateStoreElement(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT BYTE *pbElement, __out_bcount_part_opt(*pcbElement, *pcbElement) BYTE *pbElement,
IN OUT DWORD *pcbElement __inout DWORD *pcbElement
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Serialize the CRL context's encoded CRL and its properties. // Serialize the CRL context's encoded CRL and its properties.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSerializeCRLStoreElement( CertSerializeCRLStoreElement(
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT BYTE *pbElement, __out_bcount_part_opt(*pcbElement, *pcbElement) BYTE *pbElement,
IN OUT DWORD *pcbElement __inout DWORD *pcbElement
); );
//+========================================================================= //+=========================================================================
// Certificate Trust List (CTL) Store Data Structures and APIs // Certificate Trust List (CTL) Store Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Duplicate a CTL context // Duplicate a CTL context
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCTL_CONTEXT PCCTL_CONTEXT
WINAPI WINAPI
CertDuplicateCTLContext( CertDuplicateCTLContext(
IN PCCTL_CONTEXT pCtlContext __in_opt PCCTL_CONTEXT pCtlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Create a CTL context from the encoded CTL. The created // Create a CTL context from the encoded CTL. The created
// context isn't put in a store. // context isn't put in a store.
// //
// Makes a copy of the encoded CTL in the created context. // Makes a copy of the encoded CTL in the created context.
// //
// If unable to decode and create the CTL context, NULL is returned. // If unable to decode and create the CTL context, NULL is returned.
// Otherwise, a pointer to a read only CTL_CONTEXT is returned. // Otherwise, a pointer to a read only CTL_CONTEXT is returned.
// CTL_CONTEXT must be freed by calling CertFreeCTLContext. // CTL_CONTEXT must be freed by calling CertFreeCTLContext.
// CertDuplicateCTLContext can be called to make a duplicate. // CertDuplicateCTLContext can be called to make a duplicate.
// //
// CertSetCTLContextProperty and CertGetCTLContextProperty can be called // CertSetCTLContextProperty and CertGetCTLContextProperty can be called
// to store properties for the CTL. // to store properties for the CTL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCTL_CONTEXT PCCTL_CONTEXT
WINAPI WINAPI
CertCreateCTLContext( CertCreateCTLContext(
IN DWORD dwMsgAndCertEncodingType, __in DWORD dwMsgAndCertEncodingType,
IN const BYTE *pbCtlEncoded, __in_bcount(cbCtlEncoded) const BYTE *pbCtlEncoded,
IN DWORD cbCtlEncoded __in DWORD cbCtlEncoded
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Free a CTL context // Free a CTL context
// //
// There needs to be a corresponding free for each context obtained by a // There needs to be a corresponding free for each context obtained by a
// get, duplicate or create. // get, duplicate or create.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertFreeCTLContext( CertFreeCTLContext(
IN PCCTL_CONTEXT pCtlContext __in_opt PCCTL_CONTEXT pCtlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set the property for the specified CTL context. // Set the property for the specified CTL context.
// //
// Same Property Ids and semantics as CertSetCertificateContextProperty. // Same Property Ids and semantics as CertSetCertificateContextProperty.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetCTLContextProperty( CertSetCTLContextProperty(
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN const void *pvData __in_opt const void *pvData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the property for the specified CTL context. // Get the property for the specified CTL context.
// //
// Same Property Ids and semantics as CertGetCertificateContextProperty. // Same Property Ids and semantics as CertGetCertificateContextProperty.
// //
// CERT_SHA1_HASH_PROP_ID or CERT_NEXT_UPDATE_LOCATION_PROP_ID are the // CERT_SHA1_HASH_PROP_ID or CERT_NEXT_UPDATE_LOCATION_PROP_ID are the
// predefined properties of most interest. // predefined properties of most interest.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetCTLContextProperty( CertGetCTLContextProperty(
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwPropId, __in DWORD dwPropId,
OUT void *pvData, __out_bcount_part_opt(*pcbData, *pcbData) void *pvData,
IN OUT DWORD *pcbData __inout DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the properties for the specified CTL context. // Enumerate the properties for the specified CTL context.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertEnumCTLContextProperties( CertEnumCTLContextProperties(
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwPropId __in DWORD dwPropId
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the CTL contexts in the store. // Enumerate the CTL contexts in the store.
// //
// If a CTL isn't found, NULL is returned. // If a CTL isn't found, NULL is returned.
// Otherwise, a pointer to a read only CTL_CONTEXT is returned. CTL_CONTEXT // Otherwise, a pointer to a read only CTL_CONTEXT is returned. CTL_CONTEXT
// must be freed by calling CertFreeCTLContext or is freed when passed as the // must be freed by calling CertFreeCTLContext or is freed when passed as the
// pPrevCtlContext on a subsequent call. CertDuplicateCTLContext // pPrevCtlContext on a subsequent call. CertDuplicateCTLContext
// can be called to make a duplicate. // can be called to make a duplicate.
skipping to change at line 9899 skipping to change at line 11704
// CTL in the store. Successive CTLs are enumerated by setting // CTL in the store. Successive CTLs are enumerated by setting
// pPrevCtlContext to the CTL_CONTEXT returned by a previous call. // pPrevCtlContext to the CTL_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by // NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCTL_CONTEXT PCCTL_CONTEXT
WINAPI WINAPI
CertEnumCTLsInStore( CertEnumCTLsInStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN PCCTL_CONTEXT pPrevCtlContext __in_opt PCCTL_CONTEXT pPrevCtlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Attempt to find the specified subject in the CTL. // Attempt to find the specified subject in the CTL.
// //
// For CTL_CERT_SUBJECT_TYPE, pvSubject points to a CERT_CONTEXT. The CTL's // For CTL_CERT_SUBJECT_TYPE, pvSubject points to a CERT_CONTEXT. The CTL's
// SubjectAlgorithm is examined to determine the representation of the // SubjectAlgorithm is examined to determine the representation of the
// subject's identity. Initially, only SHA1 or MD5 hash will be supported. // subject's identity. Initially, only SHA1 or MD5 hash will be supported.
// The appropriate hash property is obtained from the CERT_CONTEXT. // The appropriate hash property is obtained from the CERT_CONTEXT.
// //
skipping to change at line 9925 skipping to change at line 11730
// The certificate's hash or the CTL_ANY_SUBJECT_INFO's SubjectIdentifier // The certificate's hash or the CTL_ANY_SUBJECT_INFO's SubjectIdentifier
// is used as the key in searching the subject entries. A binary // is used as the key in searching the subject entries. A binary
// memory comparison is done between the key and the entry's SubjectIdentifer. // memory comparison is done between the key and the entry's SubjectIdentifer.
// //
// dwEncodingType isn't used for either of the above SubjectTypes. // dwEncodingType isn't used for either of the above SubjectTypes.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCTL_ENTRY PCTL_ENTRY
WINAPI WINAPI
CertFindSubjectInCTL( CertFindSubjectInCTL(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN DWORD dwSubjectType, __in DWORD dwSubjectType,
IN void *pvSubject, __in void *pvSubject,
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwFlags __in DWORD dwFlags
); );
// Subject Types: // Subject Types:
// CTL_ANY_SUBJECT_TYPE, pvSubject points to following CTL_ANY_SUBJECT_INFO. // CTL_ANY_SUBJECT_TYPE, pvSubject points to following CTL_ANY_SUBJECT_INFO.
// CTL_CERT_SUBJECT_TYPE, pvSubject points to CERT_CONTEXT. // CTL_CERT_SUBJECT_TYPE, pvSubject points to CERT_CONTEXT.
#define CTL_ANY_SUBJECT_TYPE 1 #define CTL_ANY_SUBJECT_TYPE 1
#define CTL_CERT_SUBJECT_TYPE 2 #define CTL_CERT_SUBJECT_TYPE 2
typedef struct _CTL_ANY_SUBJECT_INFO { typedef struct _CTL_ANY_SUBJECT_INFO {
CRYPT_ALGORITHM_IDENTIFIER SubjectAlgorithm; CRYPT_ALGORITHM_IDENTIFIER SubjectAlgorithm;
skipping to change at line 9970 skipping to change at line 11775
// call to find the CTL. To find the next CTL, the // call to find the CTL. To find the next CTL, the
// pPrevCtlContext is set to the CTL_CONTEXT returned by a previous call. // pPrevCtlContext is set to the CTL_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by // NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCTL_CONTEXT PCCTL_CONTEXT
WINAPI WINAPI
CertFindCTLInStore( CertFindCTLInStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN DWORD dwMsgAndCertEncodingType, __in DWORD dwMsgAndCertEncodingType,
IN DWORD dwFindFlags, __in DWORD dwFindFlags,
IN DWORD dwFindType, __in DWORD dwFindType,
IN const void *pvFindPara, __in_opt const void *pvFindPara,
IN PCCTL_CONTEXT pPrevCtlContext __in_opt PCCTL_CONTEXT pPrevCtlContext
); );
#define CTL_FIND_ANY 0 #define CTL_FIND_ANY 0
#define CTL_FIND_SHA1_HASH 1 #define CTL_FIND_SHA1_HASH 1
#define CTL_FIND_MD5_HASH 2 #define CTL_FIND_MD5_HASH 2
#define CTL_FIND_USAGE 3 #define CTL_FIND_USAGE 3
#define CTL_FIND_SUBJECT 4 #define CTL_FIND_SUBJECT 4
#define CTL_FIND_EXISTING 5 #define CTL_FIND_EXISTING 5
typedef struct _CTL_FIND_USAGE_PARA { typedef struct _CTL_FIND_USAGE_PARA {
skipping to change at line 10071 skipping to change at line 11876
// already exists in the store. See CertAddEncodedCertificateToStore for a // already exists in the store. See CertAddEncodedCertificateToStore for a
// list of and actions taken. // list of and actions taken.
// //
// Compares the CTL's SubjectUsage, ListIdentifier and any of its signers // Compares the CTL's SubjectUsage, ListIdentifier and any of its signers
// to determine if the CTL already exists in the store. // to determine if the CTL already exists in the store.
// //
// ppCtlContext can be NULL, indicating the caller isn't interested // ppCtlContext can be NULL, indicating the caller isn't interested
// in getting the CTL_CONTEXT of the added or existing CTL. // in getting the CTL_CONTEXT of the added or existing CTL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertAddEncodedCTLToStore( CertAddEncodedCTLToStore(
IN HCERTSTORE hCertStore, __in_opt HCERTSTORE hCertStore,
IN DWORD dwMsgAndCertEncodingType, __in DWORD dwMsgAndCertEncodingType,
IN const BYTE *pbCtlEncoded, __in_bcount(cbCtlEncoded) const BYTE *pbCtlEncoded,
IN DWORD cbCtlEncoded, __in DWORD cbCtlEncoded,
IN DWORD dwAddDisposition, __in DWORD dwAddDisposition,
OUT OPTIONAL PCCTL_CONTEXT *ppCtlContext __deref_opt_out PCCTL_CONTEXT *ppCtlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add the CTL context to the store according to the specified // Add the CTL context to the store according to the specified
// disposition option. // disposition option.
// //
// In addition to the encoded CTL, the context's properties are // In addition to the encoded CTL, the context's properties are
// also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its // also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its
// CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied. // CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied.
// //
skipping to change at line 10103 skipping to change at line 11909
// already exists in the store. See CertAddCertificateContextToStore for a // already exists in the store. See CertAddCertificateContextToStore for a
// list of and actions taken. // list of and actions taken.
// //
// Compares the CTL's SubjectUsage, ListIdentifier and any of its signers // Compares the CTL's SubjectUsage, ListIdentifier and any of its signers
// to determine if the CTL already exists in the store. // to determine if the CTL already exists in the store.
// //
// ppStoreContext can be NULL, indicating the caller isn't interested // ppStoreContext can be NULL, indicating the caller isn't interested
// in getting the CTL_CONTEXT of the added or existing CTL. // in getting the CTL_CONTEXT of the added or existing CTL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertAddCTLContextToStore( CertAddCTLContextToStore(
IN HCERTSTORE hCertStore, __in_opt HCERTSTORE hCertStore,
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwAddDisposition, __in DWORD dwAddDisposition,
OUT OPTIONAL PCCTL_CONTEXT *ppStoreContext __deref_opt_out PCCTL_CONTEXT *ppStoreContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Serialize the CTL context's encoded CTL and its properties. // Serialize the CTL context's encoded CTL and its properties.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSerializeCTLStoreElement( CertSerializeCTLStoreElement(
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT BYTE *pbElement, __out_bcount_part_opt(*pcbElement, *pcbElement) BYTE *pbElement,
IN OUT DWORD *pcbElement __inout DWORD *pcbElement
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Delete the specified CTL from the store. // Delete the specified CTL from the store.
// //
// All subsequent gets for the CTL will fail. However, // All subsequent gets for the CTL will fail. However,
// memory allocated for the CTL isn't freed until all of its contexts // memory allocated for the CTL isn't freed until all of its contexts
// have also been freed. // have also been freed.
// //
// The pCtlContext is obtained from a get or duplicate. // The pCtlContext is obtained from a get or duplicate.
// //
// NOTE: the pCtlContext is always CertFreeCTLContext'ed by // NOTE: the pCtlContext is always CertFreeCTLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertDeleteCTLFromStore( CertDeleteCTLFromStore(
IN PCCTL_CONTEXT pCtlContext __in PCCTL_CONTEXT pCtlContext
); );
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertAddCertificateLinkToStore( CertAddCertificateLinkToStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwAddDisposition, __in DWORD dwAddDisposition,
OUT OPTIONAL PCCERT_CONTEXT *ppStoreContext __deref_opt_out PCCERT_CONTEXT *ppStoreContext
); );
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertAddCRLLinkToStore( CertAddCRLLinkToStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN PCCRL_CONTEXT pCrlContext, __in PCCRL_CONTEXT pCrlContext,
IN DWORD dwAddDisposition, __in DWORD dwAddDisposition,
OUT OPTIONAL PCCRL_CONTEXT *ppStoreContext __deref_opt_out PCCRL_CONTEXT *ppStoreContext
); );
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertAddCTLLinkToStore( CertAddCTLLinkToStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwAddDisposition, __in DWORD dwAddDisposition,
OUT OPTIONAL PCCTL_CONTEXT *ppStoreContext __deref_opt_out PCCTL_CONTEXT *ppStoreContext
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertAddStoreToCollection( CertAddStoreToCollection(
IN HCERTSTORE hCollectionStore, __in HCERTSTORE hCollectionStore,
IN OPTIONAL HCERTSTORE hSiblingStore, __in_opt HCERTSTORE hSiblingStore,
IN DWORD dwUpdateFlags, __in DWORD dwUpdateFlags,
IN DWORD dwPriority __in DWORD dwPriority
); );
WINCRYPT32API WINCRYPT32API
void void
WINAPI WINAPI
CertRemoveStoreFromCollection( CertRemoveStoreFromCollection(
IN HCERTSTORE hCollectionStore, __in HCERTSTORE hCollectionStore,
IN HCERTSTORE hSiblingStore __in HCERTSTORE hSiblingStore
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertControlStore( CertControlStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN DWORD dwFlags, __in DWORD dwFlags,
IN DWORD dwCtrlType, __in DWORD dwCtrlType,
IN void const *pvCtrlPara __in_opt void const *pvCtrlPara
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Store control types // Certificate Store control types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_STORE_CTRL_RESYNC 1 #define CERT_STORE_CTRL_RESYNC 1
#define CERT_STORE_CTRL_NOTIFY_CHANGE 2 #define CERT_STORE_CTRL_NOTIFY_CHANGE 2
#define CERT_STORE_CTRL_COMMIT 3 #define CERT_STORE_CTRL_COMMIT 3
#define CERT_STORE_CTRL_AUTO_RESYNC 4 #define CERT_STORE_CTRL_AUTO_RESYNC 4
#define CERT_STORE_CTRL_CANCEL_NOTIFY 5 #define CERT_STORE_CTRL_CANCEL_NOTIFY 5
skipping to change at line 10309 skipping to change at line 12119
// Its not a property on an individual certificate, CRL or CTL context. // Its not a property on an individual certificate, CRL or CTL context.
// //
// Currently, no store properties are persisted. (This differs from // Currently, no store properties are persisted. (This differs from
// most context properties which are persisted.) // most context properties which are persisted.)
// //
// See CertSetStoreProperty or CertGetStoreProperty for usage information. // See CertSetStoreProperty or CertGetStoreProperty for usage information.
// //
// Note, the range for predefined store properties should be outside // Note, the range for predefined store properties should be outside
// the range of predefined context properties. We will start at 4096. // the range of predefined context properties. We will start at 4096.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolld_begin -- CERT_*_PROP_ID
#define CERT_STORE_LOCALIZED_NAME_PROP_ID 0x1000 #define CERT_STORE_LOCALIZED_NAME_PROP_ID 0x1000
// certenrolld_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set a store property. // Set a store property.
// //
// The type definition for pvData depends on the dwPropId value. // The type definition for pvData depends on the dwPropId value.
// CERT_STORE_LOCALIZED_NAME_PROP_ID - localized name of the store. // CERT_STORE_LOCALIZED_NAME_PROP_ID - localized name of the store.
// pvData points to a CRYPT_DATA_BLOB. pbData is a pointer to a NULL // pvData points to a CRYPT_DATA_BLOB. pbData is a pointer to a NULL
// terminated unicode, wide character string. // terminated unicode, wide character string.
// cbData = (wcslen((LPWSTR) pbData) + 1) * sizeof(WCHAR). // cbData = (wcslen((LPWSTR) pbData) + 1) * sizeof(WCHAR).
// //
// For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData. // For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData.
// //
// If the property already exists, then, the old value is deleted and silently // If the property already exists, then, the old value is deleted and silently
// replaced. Setting, pvData to NULL, deletes the property. // replaced. Setting, pvData to NULL, deletes the property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetStoreProperty( CertSetStoreProperty(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN const void *pvData __in_opt const void *pvData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get a store property. // Get a store property.
// //
// The type definition for pvData depends on the dwPropId value. // The type definition for pvData depends on the dwPropId value.
// CERT_STORE_LOCALIZED_NAME_PROP_ID - localized name of the store. // CERT_STORE_LOCALIZED_NAME_PROP_ID - localized name of the store.
// pvData points to a NULL terminated unicode, wide character string. // pvData points to a NULL terminated unicode, wide character string.
// cbData = (wcslen((LPWSTR) pvData) + 1) * sizeof(WCHAR). // cbData = (wcslen((LPWSTR) pvData) + 1) * sizeof(WCHAR).
// //
// For all other PROP_IDs, pvData points to an array of bytes. // For all other PROP_IDs, pvData points to an array of bytes.
// //
// If the property doesn't exist, returns FALSE and sets LastError to // If the property doesn't exist, returns FALSE and sets LastError to
// CRYPT_E_NOT_FOUND. // CRYPT_E_NOT_FOUND.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetStoreProperty( CertGetStoreProperty(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN DWORD dwPropId, __in DWORD dwPropId,
OUT void *pvData, __out_bcount_part_opt(*pcbData, *pcbData) void *pvData,
IN OUT DWORD *pcbData __inout DWORD *pcbData
);
//+-------------------------------------------------------------------------
// If the callback returns FALSE, stops the sort. CertCreateContext
// will return FALSE and set last error to ERROR_CANCELLED if the sort
// was stopped.
//
// Where:
// cbTotalEncoded - total byte count of the encoded entries.
// cbRemainEncoded - remaining byte count of the encoded entries.
// cEntry - running count of sorted entries
// pvSort - value passed in pCreatePara
//--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_CERT_CREATE_CONTEXT_SORT_FUNC)(
__in DWORD cbTotalEncoded,
__in DWORD cbRemainEncoded,
__in DWORD cEntry,
__inout_opt void *pvSort
); );
typedef struct _CERT_CREATE_CONTEXT_PARA { typedef struct _CERT_CREATE_CONTEXT_PARA {
DWORD cbSize; DWORD cbSize;
PFN_CRYPT_FREE pfnFree; // OPTIONAL PFN_CRYPT_FREE pfnFree; // OPTIONAL
void *pvFree; // OPTIONAL void *pvFree; // OPTIONAL
// Only applicable to CERT_STORE_CTL_CONTEXT when
// CERT_CREATE_CONTEXT_SORTED_FLAG is set in dwFlags.
PFN_CERT_CREATE_CONTEXT_SORT_FUNC pfnSort; // OPTIONAL
void *pvSort; // OPTIONAL
} CERT_CREATE_CONTEXT_PARA, *PCERT_CREATE_CONTEXT_PARA; } CERT_CREATE_CONTEXT_PARA, *PCERT_CREATE_CONTEXT_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Creates the specified context from the encoded bytes. The created // Creates the specified context from the encoded bytes. The created
// context isn't put in a store. // context isn't put in a store.
// //
// dwContextType values: // dwContextType values:
// CERT_STORE_CERTIFICATE_CONTEXT // CERT_STORE_CERTIFICATE_CONTEXT
// CERT_STORE_CRL_CONTEXT // CERT_STORE_CRL_CONTEXT
// CERT_STORE_CTL_CONTEXT // CERT_STORE_CTL_CONTEXT
skipping to change at line 10401 skipping to change at line 12236
// If unable to decode and create the context, NULL is returned. // If unable to decode and create the context, NULL is returned.
// Otherwise, a pointer to a read only CERT_CONTEXT, CRL_CONTEXT or // Otherwise, a pointer to a read only CERT_CONTEXT, CRL_CONTEXT or
// CTL_CONTEXT is returned. The context must be freed by the appropriate // CTL_CONTEXT is returned. The context must be freed by the appropriate
// free context API. The context can be duplicated by calling the // free context API. The context can be duplicated by calling the
// appropriate duplicate context API. // appropriate duplicate context API.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
const void * const void *
WINAPI WINAPI
CertCreateContext( CertCreateContext(
IN DWORD dwContextType, __in DWORD dwContextType,
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN const BYTE *pbEncoded, __in_bcount(cbEncoded) const BYTE *pbEncoded,
IN DWORD cbEncoded, __in DWORD cbEncoded,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL PCERT_CREATE_CONTEXT_PARA pCreatePara __in_opt PCERT_CREATE_CONTEXT_PARA pCreatePara
); );
// When the following flag is set, the created context points directly to the // When the following flag is set, the created context points directly to the
// pbEncoded instead of an allocated copy. If pCreatePara and // pbEncoded instead of an allocated copy. If pCreatePara and
// pCreatePara->pfnFree are non-NULL, then, pfnFree is called to free // pCreatePara->pfnFree are non-NULL, then, pfnFree is called to free
// the pbEncoded when the context is last freed. Otherwise, no attempt is // the pbEncoded when the context is last freed. Otherwise, no attempt is
// made to free the pbEncoded. If pCreatePara->pvFree is non-NULL, then its // made to free the pbEncoded. If pCreatePara->pvFree is non-NULL, then its
// passed to pfnFree instead of pbEncoded. // passed to pfnFree instead of pbEncoded.
// //
// Note, if CertCreateContext fails, pfnFree is still called. // Note, if CertCreateContext fails, pfnFree is still called.
skipping to change at line 10428 skipping to change at line 12263
// When the following flag is set, a context with sorted entries is created. // When the following flag is set, a context with sorted entries is created.
// Currently only applicable to a CTL context. // Currently only applicable to a CTL context.
// //
// For CTLs: the cCTLEntry in the returned CTL_INFO is always // For CTLs: the cCTLEntry in the returned CTL_INFO is always
// 0. CertFindSubjectInSortedCTL and CertEnumSubjectInSortedCTL must be called // 0. CertFindSubjectInSortedCTL and CertEnumSubjectInSortedCTL must be called
// to find or enumerate the CTL entries. // to find or enumerate the CTL entries.
// //
// The Sorted CTL TrustedSubjects extension isn't returned in the created // The Sorted CTL TrustedSubjects extension isn't returned in the created
// context's CTL_INFO. // context's CTL_INFO.
//
// pfnSort and pvSort can be set in the pCreatePara parameter to be called for
// each sorted entry. pfnSort can return FALSE to stop the sorting.
#define CERT_CREATE_CONTEXT_SORTED_FLAG 0x2 #define CERT_CREATE_CONTEXT_SORTED_FLAG 0x2
// By default when a CTL context is created, a HCRYPTMSG handle to its // By default when a CTL context is created, a HCRYPTMSG handle to its
// SignedData message is created. This flag can be set to improve performance // SignedData message is created. This flag can be set to improve performance
// by not creating the HCRYPTMSG handle. // by not creating the HCRYPTMSG handle.
// //
// This flag is only applicable to a CTL context. // This flag is only applicable to a CTL context.
#define CERT_CREATE_CONTEXT_NO_HCRYPTMSG_FLAG 0x4 #define CERT_CREATE_CONTEXT_NO_HCRYPTMSG_FLAG 0x4
// By default when a CTL context is created, its entries are decoded. // By default when a CTL context is created, its entries are decoded.
skipping to change at line 10548 skipping to change at line 12386
// "\\ComputerName\ServiceName\Trust". The leading "\\" backslashes are // "\\ComputerName\ServiceName\Trust". The leading "\\" backslashes are
// optional in the ComputerName. // optional in the ComputerName.
// //
// Set CERT_STORE_CREATE_NEW_FLAG to cause a failure if the system store // Set CERT_STORE_CREATE_NEW_FLAG to cause a failure if the system store
// already exists in the store location. // already exists in the store location.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertRegisterSystemStore( CertRegisterSystemStore(
IN const void *pvSystemStore, __in const void *pvSystemStore,
IN DWORD dwFlags, __in DWORD dwFlags,
IN PCERT_SYSTEM_STORE_INFO pStoreInfo, __in_opt PCERT_SYSTEM_STORE_INFO pStoreInfo,
IN OPTIONAL void *pvReserved __reserved void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Register a physical store for the specified system store. // Register a physical store for the specified system store.
// //
// The upper word of the dwFlags parameter is used to specify the location of // The upper word of the dwFlags parameter is used to specify the location of
// the system store. // the system store.
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore
// points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise, // points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise,
skipping to change at line 10574 skipping to change at line 12412
// See CertRegisterSystemStore for details on prepending a ServiceName // See CertRegisterSystemStore for details on prepending a ServiceName
// and/or ComputerName to the system store name. // and/or ComputerName to the system store name.
// //
// Set CERT_STORE_CREATE_NEW_FLAG to cause a failure if the physical store // Set CERT_STORE_CREATE_NEW_FLAG to cause a failure if the physical store
// already exists in the system store. // already exists in the system store.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertRegisterPhysicalStore( CertRegisterPhysicalStore(
IN const void *pvSystemStore, __in const void *pvSystemStore,
IN DWORD dwFlags, __in DWORD dwFlags,
IN LPCWSTR pwszStoreName, __in LPCWSTR pwszStoreName,
IN PCERT_PHYSICAL_STORE_INFO pStoreInfo, __in PCERT_PHYSICAL_STORE_INFO pStoreInfo,
IN OPTIONAL void *pvReserved __reserved void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Unregister the specified system store. // Unregister the specified system store.
// //
// The upper word of the dwFlags parameter is used to specify the location of // The upper word of the dwFlags parameter is used to specify the location of
// the system store. // the system store.
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore
// points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise, // points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise,
skipping to change at line 10600 skipping to change at line 12438
// //
// See CertRegisterSystemStore for details on prepending a ServiceName // See CertRegisterSystemStore for details on prepending a ServiceName
// and/or ComputerName to the system store name. // and/or ComputerName to the system store name.
// //
// CERT_STORE_DELETE_FLAG can optionally be set in dwFlags. // CERT_STORE_DELETE_FLAG can optionally be set in dwFlags.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertUnregisterSystemStore( CertUnregisterSystemStore(
IN const void *pvSystemStore, __in const void *pvSystemStore,
IN DWORD dwFlags __in DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Unregister the physical store from the specified system store. // Unregister the physical store from the specified system store.
// //
// The upper word of the dwFlags parameter is used to specify the location of // The upper word of the dwFlags parameter is used to specify the location of
// the system store. // the system store.
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore
// points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise, // points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise,
skipping to change at line 10623 skipping to change at line 12461
// //
// See CertRegisterSystemStore for details on prepending a ServiceName // See CertRegisterSystemStore for details on prepending a ServiceName
// and/or ComputerName to the system store name. // and/or ComputerName to the system store name.
// //
// CERT_STORE_DELETE_FLAG can optionally be set in dwFlags. // CERT_STORE_DELETE_FLAG can optionally be set in dwFlags.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertUnregisterPhysicalStore( CertUnregisterPhysicalStore(
IN const void *pvSystemStore, __in const void *pvSystemStore,
IN DWORD dwFlags, __in DWORD dwFlags,
IN LPCWSTR pwszStoreName __in LPCWSTR pwszStoreName
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enum callbacks // Enum callbacks
// //
// The CERT_SYSTEM_STORE_LOCATION_MASK bits in the dwFlags parameter // The CERT_SYSTEM_STORE_LOCATION_MASK bits in the dwFlags parameter
// specifies the location of the system store // specifies the location of the system store
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore
// points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise, // points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise,
// pvSystemStore points to a null terminated UNICODE string. // pvSystemStore points to a null terminated UNICODE string.
// //
// The callback returns FALSE and sets LAST_ERROR to stop the enumeration. // The callback returns FALSE and sets LAST_ERROR to stop the enumeration.
// The LAST_ERROR is returned to the caller of the enumeration. // The LAST_ERROR is returned to the caller of the enumeration.
// //
// The pvSystemStore passed to the callback has leading ComputerName and/or // The pvSystemStore passed to the callback has leading ComputerName and/or
// ServiceName prefixes where appropriate. // ServiceName prefixes where appropriate.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_CERT_ENUM_SYSTEM_STORE_LOCATION)( typedef BOOL (WINAPI *PFN_CERT_ENUM_SYSTEM_STORE_LOCATION)(
IN LPCWSTR pwszStoreLocation, __in LPCWSTR pwszStoreLocation,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
IN OPTIONAL void *pvArg __inout_opt void *pvArg
); );
typedef BOOL (WINAPI *PFN_CERT_ENUM_SYSTEM_STORE)( typedef BOOL (WINAPI *PFN_CERT_ENUM_SYSTEM_STORE)(
IN const void *pvSystemStore, __in const void *pvSystemStore,
IN DWORD dwFlags, __in DWORD dwFlags,
IN PCERT_SYSTEM_STORE_INFO pStoreInfo, __in PCERT_SYSTEM_STORE_INFO pStoreInfo,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
IN OPTIONAL void *pvArg __inout_opt void *pvArg
); );
typedef BOOL (WINAPI *PFN_CERT_ENUM_PHYSICAL_STORE)( typedef BOOL (WINAPI *PFN_CERT_ENUM_PHYSICAL_STORE)(
IN const void *pvSystemStore, __in const void *pvSystemStore,
IN DWORD dwFlags, __in DWORD dwFlags,
IN LPCWSTR pwszStoreName, __in LPCWSTR pwszStoreName,
IN PCERT_PHYSICAL_STORE_INFO pStoreInfo, __in PCERT_PHYSICAL_STORE_INFO pStoreInfo,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
IN OPTIONAL void *pvArg __inout_opt void *pvArg
); );
// In the PFN_CERT_ENUM_PHYSICAL_STORE callback the following flag is // In the PFN_CERT_ENUM_PHYSICAL_STORE callback the following flag is
// set if the physical store wasn't registered and is an implicitly created // set if the physical store wasn't registered and is an implicitly created
// predefined physical store. // predefined physical store.
#define CERT_PHYSICAL_STORE_PREDEFINED_ENUM_FLAG 0x1 #define CERT_PHYSICAL_STORE_PREDEFINED_ENUM_FLAG 0x1
// Names of implicitly created predefined physical stores // Names of implicitly created predefined physical stores
#define CERT_PHYSICAL_STORE_DEFAULT_NAME L".Default" #define CERT_PHYSICAL_STORE_DEFAULT_NAME L".Default"
#define CERT_PHYSICAL_STORE_GROUP_POLICY_NAME L".GroupPolicy" #define CERT_PHYSICAL_STORE_GROUP_POLICY_NAME L".GroupPolicy"
#define CERT_PHYSICAL_STORE_LOCAL_MACHINE_NAME L".LocalMachine" #define CERT_PHYSICAL_STORE_LOCAL_MACHINE_NAME L".LocalMachine"
#define CERT_PHYSICAL_STORE_DS_USER_CERTIFICATE_NAME L".UserCertificate" #define CERT_PHYSICAL_STORE_DS_USER_CERTIFICATE_NAME L".UserCertificate"
#define CERT_PHYSICAL_STORE_LOCAL_MACHINE_GROUP_POLICY_NAME \ #define CERT_PHYSICAL_STORE_LOCAL_MACHINE_GROUP_POLICY_NAME \
L".LocalMachineGroupPolicy" L".LocalMachineGroupPolicy"
#define CERT_PHYSICAL_STORE_ENTERPRISE_NAME L".Enterprise" #define CERT_PHYSICAL_STORE_ENTERPRISE_NAME L".Enterprise"
#define CERT_PHYSICAL_STORE_AUTH_ROOT_NAME L".AuthRoot" #define CERT_PHYSICAL_STORE_AUTH_ROOT_NAME L".AuthRoot"
#define CERT_PHYSICAL_STORE_SMART_CARD_NAME L".SmartCard"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the system store locations. // Enumerate the system store locations.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertEnumSystemStoreLocation( CertEnumSystemStoreLocation(
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvArg, __inout_opt void *pvArg,
IN PFN_CERT_ENUM_SYSTEM_STORE_LOCATION pfnEnum __callback PFN_CERT_ENUM_SYSTEM_STORE_LOCATION pfnEnum
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the system stores. // Enumerate the system stores.
// //
// The upper word of the dwFlags parameter is used to specify the location of // The upper word of the dwFlags parameter is used to specify the location of
// the system store. // the system store.
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags,
// pvSystemStoreLocationPara points to a CERT_SYSTEM_STORE_RELOCATE_PARA // pvSystemStoreLocationPara points to a CERT_SYSTEM_STORE_RELOCATE_PARA
skipping to change at line 10731 skipping to change at line 12570
// "\\ComputerName" or "ComputerName\" // "\\ComputerName" or "ComputerName\"
// "ComputerName\ServiceName" // "ComputerName\ServiceName"
// Note, if only the ComputerName is specified, then, it must have either // Note, if only the ComputerName is specified, then, it must have either
// the leading "\\" backslashes or a trailing backslash. Otherwise, its // the leading "\\" backslashes or a trailing backslash. Otherwise, its
// interpretted as the ServiceName or UserName. // interpretted as the ServiceName or UserName.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertEnumSystemStore( CertEnumSystemStore(
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvSystemStoreLocationPara, __in_opt void *pvSystemStoreLocationPara,
IN void *pvArg, __inout_opt void *pvArg,
IN PFN_CERT_ENUM_SYSTEM_STORE pfnEnum __callback PFN_CERT_ENUM_SYSTEM_STORE pfnEnum
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the physical stores for the specified system store. // Enumerate the physical stores for the specified system store.
// //
// The upper word of the dwFlags parameter is used to specify the location of // The upper word of the dwFlags parameter is used to specify the location of
// the system store. // the system store.
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore
// points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise, // points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise,
skipping to change at line 10757 skipping to change at line 12596
// See CertRegisterSystemStore for details on prepending a ServiceName // See CertRegisterSystemStore for details on prepending a ServiceName
// and/or ComputerName to the system store name. // and/or ComputerName to the system store name.
// //
// If the system store location only supports system stores and doesn't // If the system store location only supports system stores and doesn't
// support physical stores, LastError is set to ERROR_CALL_NOT_IMPLEMENTED. // support physical stores, LastError is set to ERROR_CALL_NOT_IMPLEMENTED.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertEnumPhysicalStore( CertEnumPhysicalStore(
IN const void *pvSystemStore, __in const void *pvSystemStore,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvArg, __inout_opt void *pvArg,
IN PFN_CERT_ENUM_PHYSICAL_STORE pfnEnum __callback PFN_CERT_ENUM_PHYSICAL_STORE pfnEnum
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate System Store Installable Functions // Certificate System Store Installable Functions
// //
// The CERT_SYSTEM_STORE_LOCATION_MASK bits in the dwFlags parameter passed // The CERT_SYSTEM_STORE_LOCATION_MASK bits in the dwFlags parameter passed
// to the CertOpenStore(for "System", "SystemRegistry" or "Physical" // to the CertOpenStore(for "System", "SystemRegistry" or "Physical"
// Provider), CertRegisterSystemStore, // Provider), CertRegisterSystemStore,
// CertUnregisterSystemStore, CertEnumSystemStore, CertRegisterPhysicalStore, // CertUnregisterSystemStore, CertEnumSystemStore, CertRegisterPhysicalStore,
// CertUnregisterPhysicalStore and CertEnumPhysicalStore APIs is used as the // CertUnregisterPhysicalStore and CertEnumPhysicalStore APIs is used as the
skipping to change at line 10818 skipping to change at line 12657
// If the CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the // If the CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the
// extension. // extension.
// //
// If the CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the // If the CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the
// property. // property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetEnhancedKeyUsage( CertGetEnhancedKeyUsage(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT PCERT_ENHKEY_USAGE pUsage, __out_bcount_part_opt(*pcbUsage, *pcbUsage) PCERT_ENHKEY_USAGE pUsage,
IN OUT DWORD *pcbUsage __inout DWORD *pcbUsage
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set the enhanced key usage property for the certificate. // Set the enhanced key usage property for the certificate.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetEnhancedKeyUsage( CertSetEnhancedKeyUsage(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN PCERT_ENHKEY_USAGE pUsage __in_opt PCERT_ENHKEY_USAGE pUsage
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add the usage identifier to the certificate's enhanced key usage property. // Add the usage identifier to the certificate's enhanced key usage property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertAddEnhancedKeyUsageIdentifier( CertAddEnhancedKeyUsageIdentifier(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN LPCSTR pszUsageIdentifier __in LPCSTR pszUsageIdentifier
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Remove the usage identifier from the certificate's enhanced key usage // Remove the usage identifier from the certificate's enhanced key usage
// property. // property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertRemoveEnhancedKeyUsageIdentifier( CertRemoveEnhancedKeyUsageIdentifier(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN LPCSTR pszUsageIdentifier __in LPCSTR pszUsageIdentifier
); );
//+--------------------------------------------------------------------------- //+---------------------------------------------------------------------------
// //
// //
// Takes an array of certs and returns an array of usages // Takes an array of certs and returns an array of usages
// which consists of the intersection of the valid usages for each cert. // which consists of the intersection of the valid usages for each cert.
// If each cert is good for all possible usages then the cNumOIDs is set to -1. // If each cert is good for all possible usages then the cNumOIDs is set to -1.
// //
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetValidUsages( CertGetValidUsages(
IN DWORD cCerts, __in DWORD cCerts,
IN PCCERT_CONTEXT *rghCerts, __in_ecount(cCerts) PCCERT_CONTEXT *rghCerts,
OUT int *cNumOIDs, __out int *cNumOIDs,
OUT LPSTR *rghOIDs, __out_bcount_part_opt(*pcbOIDs, *pcbOIDs) LPSTR *rghOIDs,
IN OUT DWORD *pcbOIDs); __inout DWORD *pcbOIDs);
//+========================================================================= //+=========================================================================
// Cryptographic Message helper functions for verifying and signing a // Cryptographic Message helper functions for verifying and signing a
// CTL. // CTL.
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get and verify the signer of a cryptographic message. // Get and verify the signer of a cryptographic message.
// //
// To verify a CTL, the hCryptMsg is obtained from the CTL_CONTEXT's // To verify a CTL, the hCryptMsg is obtained from the CTL_CONTEXT's
skipping to change at line 10905 skipping to change at line 12744
// If CMSG_USE_SIGNER_INDEX_FLAG is set, then, only get the signer specified // If CMSG_USE_SIGNER_INDEX_FLAG is set, then, only get the signer specified
// by *pdwSignerIndex. Otherwise, iterate through all the signers // by *pdwSignerIndex. Otherwise, iterate through all the signers
// until a signer verifies or no more signers. // until a signer verifies or no more signers.
// //
// For a verified signature, *ppSigner is updated with certificate context // For a verified signature, *ppSigner is updated with certificate context
// of the signer and *pdwSignerIndex is updated with the index of the signer. // of the signer and *pdwSignerIndex is updated with the index of the signer.
// ppSigner and/or pdwSignerIndex can be NULL, indicating the caller isn't // ppSigner and/or pdwSignerIndex can be NULL, indicating the caller isn't
// interested in getting the CertContext and/or index of the signer. // interested in getting the CertContext and/or index of the signer.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptMsgGetAndVerifySigner( CryptMsgGetAndVerifySigner(
IN HCRYPTMSG hCryptMsg, __in HCRYPTMSG hCryptMsg,
IN DWORD cSignerStore, __in DWORD cSignerStore,
IN OPTIONAL HCERTSTORE *rghSignerStore, __in_ecount_opt(cSignerStore) HCERTSTORE *rghSignerStore,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT OPTIONAL PCCERT_CONTEXT *ppSigner, __deref_opt_out PCCERT_CONTEXT *ppSigner,
IN OUT OPTIONAL DWORD *pdwSignerIndex __inout_opt DWORD *pdwSignerIndex
); );
#define CMSG_TRUSTED_SIGNER_FLAG 0x1 #define CMSG_TRUSTED_SIGNER_FLAG 0x1
#define CMSG_SIGNER_ONLY_FLAG 0x2 #define CMSG_SIGNER_ONLY_FLAG 0x2
#define CMSG_USE_SIGNER_INDEX_FLAG 0x4 #define CMSG_USE_SIGNER_INDEX_FLAG 0x4
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign an encoded CTL. // Sign an encoded CTL.
// //
// The pbCtlContent can be obtained via a CTL_CONTEXT's pbCtlContent // The pbCtlContent can be obtained via a CTL_CONTEXT's pbCtlContent
// field or via a CryptEncodeObject(PKCS_CTL or PKCS_SORTED_CTL). // field or via a CryptEncodeObject(PKCS_CTL or PKCS_SORTED_CTL).
// //
// CMSG_CMS_ENCAPSULATED_CTL_FLAG can be set to encode a CMS compatible // CMSG_CMS_ENCAPSULATED_CTL_FLAG can be set to encode a CMS compatible
// V3 SignedData message. // V3 SignedData message.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgSignCTL( CryptMsgSignCTL(
IN DWORD dwMsgEncodingType, __in DWORD dwMsgEncodingType,
IN BYTE *pbCtlContent, __in_bcount(cbCtlContent) BYTE *pbCtlContent,
IN DWORD cbCtlContent, __in DWORD cbCtlContent,
IN PCMSG_SIGNED_ENCODE_INFO pSignInfo, __in PCMSG_SIGNED_ENCODE_INFO pSignInfo,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT BYTE *pbEncoded, __out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
IN OUT DWORD *pcbEncoded __inout DWORD *pcbEncoded
); );
// When set, CTL inner content is encapsulated within an OCTET STRING // When set, CTL inner content is encapsulated within an OCTET STRING
#define CMSG_CMS_ENCAPSULATED_CTL_FLAG 0x00008000 #define CMSG_CMS_ENCAPSULATED_CTL_FLAG 0x00008000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Encode the CTL and create a signed message containing the encoded CTL. // Encode the CTL and create a signed message containing the encoded CTL.
// //
// Set CMSG_ENCODE_SORTED_CTL_FLAG if the CTL entries are to be sorted // Set CMSG_ENCODE_SORTED_CTL_FLAG if the CTL entries are to be sorted
// before encoding. This flag should be set, if the // before encoding. This flag should be set, if the
skipping to change at line 10962 skipping to change at line 12802
// MD5 or SHA1, then, CMSG_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG should // MD5 or SHA1, then, CMSG_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG should
// also be set. // also be set.
// //
// CMSG_CMS_ENCAPSULATED_CTL_FLAG can be set to encode a CMS compatible // CMSG_CMS_ENCAPSULATED_CTL_FLAG can be set to encode a CMS compatible
// V3 SignedData message. // V3 SignedData message.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgEncodeAndSignCTL( CryptMsgEncodeAndSignCTL(
IN DWORD dwMsgEncodingType, __in DWORD dwMsgEncodingType,
IN PCTL_INFO pCtlInfo, __in PCTL_INFO pCtlInfo,
IN PCMSG_SIGNED_ENCODE_INFO pSignInfo, __in PCMSG_SIGNED_ENCODE_INFO pSignInfo,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT BYTE *pbEncoded, __out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
IN OUT DWORD *pcbEncoded __inout DWORD *pcbEncoded
); );
// The following flag is set if the CTL is to be encoded with sorted // The following flag is set if the CTL is to be encoded with sorted
// trusted subjects and the szOID_SORTED_CTL extension is inserted containing // trusted subjects and the szOID_SORTED_CTL extension is inserted containing
// sorted offsets to the encoded subjects. // sorted offsets to the encoded subjects.
#define CMSG_ENCODE_SORTED_CTL_FLAG 0x1 #define CMSG_ENCODE_SORTED_CTL_FLAG 0x1
// If the above sorted flag is set, then, the following flag should also // If the above sorted flag is set, then, the following flag should also
// be set if the identifier for the TrustedSubjects is a hash, // be set if the identifier for the TrustedSubjects is a hash,
// such as, MD5 or SHA1. // such as, MD5 or SHA1.
#define CMSG_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x2 #define CMSG_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x2
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Returns TRUE if the SubjectIdentifier exists in the CTL. Optionally // Returns TRUE if the SubjectIdentifier exists in the CTL. Optionally
// returns a pointer to and byte count of the Subject's encoded attributes. // returns a pointer to and byte count of the Subject's encoded attributes.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertFindSubjectInSortedCTL( CertFindSubjectInSortedCTL(
IN PCRYPT_DATA_BLOB pSubjectIdentifier, __in PCRYPT_DATA_BLOB pSubjectIdentifier,
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvReserved, __reserved void *pvReserved,
OUT OPTIONAL PCRYPT_DER_BLOB pEncodedAttributes __out_opt PCRYPT_DER_BLOB pEncodedAttributes
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerates through the sequence of TrustedSubjects in a CTL context // Enumerates through the sequence of TrustedSubjects in a CTL context
// created with CERT_CREATE_CONTEXT_SORTED_FLAG set. // created with CERT_CREATE_CONTEXT_SORTED_FLAG set.
// //
// To start the enumeration, *ppvNextSubject must be NULL. Upon return, // To start the enumeration, *ppvNextSubject must be NULL. Upon return,
// *ppvNextSubject is updated to point to the next TrustedSubject in // *ppvNextSubject is updated to point to the next TrustedSubject in
// the encoded sequence. // the encoded sequence.
// //
// Returns FALSE for no more subjects or invalid arguments. // Returns FALSE for no more subjects or invalid arguments.
// //
// Note, the returned DER_BLOBs point directly into the encoded // Note, the returned DER_BLOBs point directly into the encoded
// bytes (not allocated, and must not be freed). // bytes (not allocated, and must not be freed).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertEnumSubjectInSortedCTL( CertEnumSubjectInSortedCTL(
IN PCCTL_CONTEXT pCtlContext, __in PCCTL_CONTEXT pCtlContext,
IN OUT void **ppvNextSubject, __deref_inout_opt void **ppvNextSubject,
OUT OPTIONAL PCRYPT_DER_BLOB pSubjectIdentifier, __out_opt PCRYPT_DER_BLOB pSubjectIdentifier,
OUT OPTIONAL PCRYPT_DER_BLOB pEncodedAttributes __out_opt PCRYPT_DER_BLOB pEncodedAttributes
); );
//+========================================================================= //+=========================================================================
// Certificate Verify CTL Usage Data Structures and APIs // Certificate Verify CTL Usage Data Structures and APIs
//========================================================================== //==========================================================================
typedef struct _CTL_VERIFY_USAGE_PARA { typedef struct _CTL_VERIFY_USAGE_PARA {
DWORD cbSize; DWORD cbSize;
CRYPT_DATA_BLOB ListIdentifier; // OPTIONAL CRYPT_DATA_BLOB ListIdentifier; // OPTIONAL
DWORD cCtlStore; DWORD cCtlStore;
skipping to change at line 11101 skipping to change at line 12941
// CRYPT_E_NO_VERIFY_USAGE_DLL // CRYPT_E_NO_VERIFY_USAGE_DLL
// CRYPT_E_NO_VERIFY_USAGE_CHECK // CRYPT_E_NO_VERIFY_USAGE_CHECK
// CRYPT_E_VERIFY_USAGE_OFFLINE // CRYPT_E_VERIFY_USAGE_OFFLINE
// CRYPT_E_NOT_IN_CTL // CRYPT_E_NOT_IN_CTL
// CRYPT_E_NO_TRUSTED_SIGNER // CRYPT_E_NO_TRUSTED_SIGNER
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifyCTLUsage( CertVerifyCTLUsage(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN DWORD dwSubjectType, __in DWORD dwSubjectType,
IN void *pvSubject, __in void *pvSubject,
IN PCTL_USAGE pSubjectUsage, __in PCTL_USAGE pSubjectUsage,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL PCTL_VERIFY_USAGE_PARA pVerifyUsagePara, __in_opt PCTL_VERIFY_USAGE_PARA pVerifyUsagePara,
IN OUT PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus __inout PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus
); );
//+========================================================================= //+=========================================================================
// Certificate Revocation Data Structures and APIs // Certificate Revocation Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// This data structure is updated by a CRL revocation type handler // This data structure is updated by a CRL revocation type handler
// with the base and possibly the delta CRL used. // with the base and possibly the delta CRL used.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 11180 skipping to change at line 13020
// If nonNULL, a CRL revocation type handler updates with the base and // If nonNULL, a CRL revocation type handler updates with the base and
// possibly the delta CRL used. Note, *pCrlInfo must be initialized // possibly the delta CRL used. Note, *pCrlInfo must be initialized
// by the caller. Any nonNULL CRL contexts are freed. Any updated // by the caller. Any nonNULL CRL contexts are freed. Any updated
// CRL contexts must be freed by the caller. // CRL contexts must be freed by the caller.
// //
// The CRL info is only applicable to the last context checked. If // The CRL info is only applicable to the last context checked. If
// interested in this information, then, CertVerifyRevocation should be // interested in this information, then, CertVerifyRevocation should be
// called with cContext = 1. // called with cContext = 1.
PCERT_REVOCATION_CRL_INFO pCrlInfo; PCERT_REVOCATION_CRL_INFO pCrlInfo;
// If nonNULL, any cached information before this time is considered
// time invalid and forces a wire retrieval.
LPFILETIME pftCacheResync;
#endif #endif
} CERT_REVOCATION_PARA, *PCERT_REVOCATION_PARA; } CERT_REVOCATION_PARA, *PCERT_REVOCATION_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The following data structure is returned by CertVerifyRevocation to // The following data structure is returned by CertVerifyRevocation to
// specify the status of the revoked or unchecked context. Review the // specify the status of the revoked or unchecked context. Review the
// following CertVerifyRevocation comments for details. // following CertVerifyRevocation comments for details.
// //
// Upon input to CertVerifyRevocation, cbSize must be set to a size // Upon input to CertVerifyRevocation, cbSize must be set to a size
// >= (offsetof(CERT_REVOCATION_STATUS, dwReason) + sizeof(DWORD) ). // >= (offsetof(CERT_REVOCATION_STATUS, dwReason) + sizeof(DWORD) ).
skipping to change at line 11296 skipping to change at line 13140
// CRYPT_E_REVOKED, then, CertVerifyRevocation either continues on to the // CRYPT_E_REVOKED, then, CertVerifyRevocation either continues on to the
// next DLL in the list for a returned dwIndex of 0 or for a returned // next DLL in the list for a returned dwIndex of 0 or for a returned
// dwIndex > 0, restarts the process of finding a verify function by // dwIndex > 0, restarts the process of finding a verify function by
// advancing the start of the context array to the returned dwIndex and // advancing the start of the context array to the returned dwIndex and
// decrementing the count of remaining contexts. // decrementing the count of remaining contexts.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifyRevocation( CertVerifyRevocation(
IN DWORD dwEncodingType, __in DWORD dwEncodingType,
IN DWORD dwRevType, __in DWORD dwRevType,
IN DWORD cContext, __in DWORD cContext,
IN PVOID rgpvContext[], __in_ecount(cContext) PVOID rgpvContext[],
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL PCERT_REVOCATION_PARA pRevPara, __in_opt PCERT_REVOCATION_PARA pRevPara,
IN OUT PCERT_REVOCATION_STATUS pRevStatus __inout PCERT_REVOCATION_STATUS pRevStatus
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Revocation types // Revocation types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_CONTEXT_REVOCATION_TYPE 1 #define CERT_CONTEXT_REVOCATION_TYPE 1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// When the following flag is set, rgpvContext[] consists of a chain // When the following flag is set, rgpvContext[] consists of a chain
// of certificates, where rgpvContext[i + 1] is the issuer of rgpvContext[i]. // of certificates, where rgpvContext[i + 1] is the issuer of rgpvContext[i].
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_VERIFY_REV_CHAIN_FLAG 0x00000001 #define CERT_VERIFY_REV_CHAIN_FLAG 0x00000001
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION prevents the revocation handler from // CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION prevents the revocation handler from
// accessing any network based resources for revocation checking // accessing any network based resources for revocation checking
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION 0x00000002 #define CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION 0x00000002
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// By default, the dwUrlRetrievalTimeout in pRevPara is the timeout used // By default, the dwUrlRetrievalTimeout in pRevPara is the timeout used
// for each URL wire retrieval. When the following flag is set, // for each URL wire retrieval. When the following flag is set,
// dwUrlRetrievalTimeout is the accumulative timeout across all URL wire // dwUrlRetrievalTimeout is the accumulative timeout across all URL wire
// retrievals. // retrievals.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG 0x00000004 #define CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG 0x00000004
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// When the following flag is set, only OCSP responses are used for
// doing revocation checking. If the certificate doesn't have any
// OCSP AIA URLs, dwError is set to CRYPT_E_NOT_IN_REVOCATION_DATABASE.
//--------------------------------------------------------------------------
#define CERT_VERIFY_REV_SERVER_OCSP_FLAG 0x00000008
//+-------------------------------------------------------------------------
// CERT_CONTEXT_REVOCATION_TYPE // CERT_CONTEXT_REVOCATION_TYPE
// //
// pvContext points to a const CERT_CONTEXT. // pvContext points to a const CERT_CONTEXT.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+========================================================================= //+=========================================================================
// Certificate Helper APIs // Certificate Helper APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 11357 skipping to change at line 13208
// The multiple byte integers are treated as Little Endian. pbData[0] is the // The multiple byte integers are treated as Little Endian. pbData[0] is the
// least significant byte and pbData[cbData - 1] is the most significant // least significant byte and pbData[cbData - 1] is the most significant
// byte. // byte.
// //
// Returns TRUE if the integer blobs are identical after removing leading // Returns TRUE if the integer blobs are identical after removing leading
// 0 or 0xFF bytes. // 0 or 0xFF bytes.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CertCompareIntegerBlob( CertCompareIntegerBlob(
IN PCRYPT_INTEGER_BLOB pInt1, __in PCRYPT_INTEGER_BLOB pInt1,
IN PCRYPT_INTEGER_BLOB pInt2 __in PCRYPT_INTEGER_BLOB pInt2
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compare two certificates to see if they are identical. // Compare two certificates to see if they are identical.
// //
// Since a certificate is uniquely identified by its Issuer and SerialNumber, // Since a certificate is uniquely identified by its Issuer and SerialNumber,
// these are the only fields needing to be compared. // these are the only fields needing to be compared.
// //
// Returns TRUE if the certificates are identical. // Returns TRUE if the certificates are identical.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertCompareCertificate( CertCompareCertificate(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_INFO pCertId1, __in PCERT_INFO pCertId1,
IN PCERT_INFO pCertId2 __in PCERT_INFO pCertId2
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compare two certificate names to see if they are identical. // Compare two certificate names to see if they are identical.
// //
// Returns TRUE if the names are identical. // Returns TRUE if the names are identical.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertCompareCertificateName( CertCompareCertificateName(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_NAME_BLOB pCertName1, __in PCERT_NAME_BLOB pCertName1,
IN PCERT_NAME_BLOB pCertName2 __in PCERT_NAME_BLOB pCertName2
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compare the attributes in the certificate name with the specified // Compare the attributes in the certificate name with the specified
// Relative Distinguished Name's (CERT_RDN) array of attributes. // Relative Distinguished Name's (CERT_RDN) array of attributes.
// The comparison iterates through the CERT_RDN attributes and looks for an // The comparison iterates through the CERT_RDN attributes and looks for an
// attribute match in any of the certificate name's RDNs. // attribute match in any of the certificate name's RDNs.
// Returns TRUE if all the attributes are found and match. // Returns TRUE if all the attributes are found and match.
// //
// The CERT_RDN_ATTR fields can have the following special values: // The CERT_RDN_ATTR fields can have the following special values:
skipping to change at line 11414 skipping to change at line 13265
// a case insensitive match. Otherwise, defaults to an exact, case sensitive // a case insensitive match. Otherwise, defaults to an exact, case sensitive
// match. // match.
// //
// CERT_UNICODE_IS_RDN_ATTRS_FLAG should be set if the pRDN was initialized // CERT_UNICODE_IS_RDN_ATTRS_FLAG should be set if the pRDN was initialized
// with unicode strings as for CryptEncodeObject(X509_UNICODE_NAME). // with unicode strings as for CryptEncodeObject(X509_UNICODE_NAME).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertIsRDNAttrsInCertificateName( CertIsRDNAttrsInCertificateName(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN DWORD dwFlags, __in DWORD dwFlags,
IN PCERT_NAME_BLOB pCertName, __in PCERT_NAME_BLOB pCertName,
IN PCERT_RDN pRDN __in PCERT_RDN pRDN
); );
#define CERT_UNICODE_IS_RDN_ATTRS_FLAG 0x1 #define CERT_UNICODE_IS_RDN_ATTRS_FLAG 0x1
#define CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG 0x2 #define CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG 0x2
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compare two public keys to see if they are identical. // Compare two public keys to see if they are identical.
// //
// Returns TRUE if the keys are identical. // Returns TRUE if the keys are identical.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertComparePublicKeyInfo( CertComparePublicKeyInfo(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_PUBLIC_KEY_INFO pPublicKey1, __in PCERT_PUBLIC_KEY_INFO pPublicKey1,
IN PCERT_PUBLIC_KEY_INFO pPublicKey2 __in PCERT_PUBLIC_KEY_INFO pPublicKey2
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the public/private key's bit length. // Get the public/private key's bit length.
// //
// Returns 0 if unable to determine the key's length. // Returns 0 if unable to determine the key's length.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertGetPublicKeyLength( CertGetPublicKeyLength(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_PUBLIC_KEY_INFO pPublicKey __in PCERT_PUBLIC_KEY_INFO pPublicKey
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify the signature of a subject certificate or a CRL using the // Verify the signature of a subject certificate or a CRL using the
// public key info // public key info
// //
// Returns TRUE for a valid signature. // Returns TRUE for a valid signature.
// //
// hCryptProv specifies the crypto provider to use to verify the signature. // hCryptProv specifies the crypto provider to use to verify the signature.
// It doesn't need to use a private key. // It doesn't need to use a private key.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__checkReturn
BOOL BOOL
WINAPI WINAPI
CryptVerifyCertificateSignature( CryptVerifyCertificateSignature(
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN const BYTE * pbEncoded, __in_bcount(cbEncoded) const BYTE *pbEncoded,
IN DWORD cbEncoded, __in DWORD cbEncoded,
IN PCERT_PUBLIC_KEY_INFO pPublicKey __in PCERT_PUBLIC_KEY_INFO pPublicKey
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify the signature of a subject certificate, CRL, certificate request // Verify the signature of a subject certificate, CRL, certificate request
// or keygen request using the issuer's public key. // or keygen request using the issuer's public key.
// //
// Returns TRUE for a valid signature. // Returns TRUE for a valid signature.
// //
// The subject can be an encoded blob or a context for a certificate or CRL. // The subject can be an encoded blob or a context for a certificate or CRL.
// For a subject certificate context, if the certificate is missing // For a subject certificate context, if the certificate is missing
skipping to change at line 11496 skipping to change at line 13348
// Its private key isn't used. If hCryptProv is NULL, a default // Its private key isn't used. If hCryptProv is NULL, a default
// provider is picked according to the PublicKey Algorithm OID. // provider is picked according to the PublicKey Algorithm OID.
// //
// If the signature algorithm is a hashing algorithm, then, the // If the signature algorithm is a hashing algorithm, then, the
// signature is expected to contain the hash octets. Only dwIssuerType // signature is expected to contain the hash octets. Only dwIssuerType
// of CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL may be specified // of CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL may be specified
// to verify this no signature case. If any other dwIssuerType is // to verify this no signature case. If any other dwIssuerType is
// specified, the verify will fail with LastError set to E_INVALIDARG. // specified, the verify will fail with LastError set to E_INVALIDARG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__checkReturn
BOOL BOOL
WINAPI WINAPI
CryptVerifyCertificateSignatureEx( CryptVerifyCertificateSignatureEx(
IN OPTIONAL HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN DWORD dwSubjectType, __in DWORD dwSubjectType,
IN void *pvSubject, __in void *pvSubject,
IN DWORD dwIssuerType, __in DWORD dwIssuerType,
IN void *pvIssuer, __in_opt void *pvIssuer,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved __reserved void *pvReserved
); );
// Subject Types // Subject Types
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB 1 #define CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB 1
// pvSubject :: PCRYPT_DATA_BLOB // pvSubject :: PCRYPT_DATA_BLOB
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT 2 #define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT 2
// pvSubject :: PCCERT_CONTEXT // pvSubject :: PCCERT_CONTEXT
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL 3 #define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL 3
// pvSubject :: PCCRL_CONTEXT // pvSubject :: PCCRL_CONTEXT
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_OCSP_BASIC_SIGNED_RESPONSE 4
// pvSubject :: POCSP_BASIC_SIGNED_RESPONSE_INFO
// Issuer Types // Issuer Types
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY 1 #define CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY 1
// pvIssuer :: PCERT_PUBLIC_KEY_INFO // pvIssuer :: PCERT_PUBLIC_KEY_INFO
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT 2 #define CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT 2
// pvIssuer :: PCCERT_CONTEXT // pvIssuer :: PCCERT_CONTEXT
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN 3 #define CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN 3
// pvIssuer :: PCCERT_CHAIN_CONTEXT // pvIssuer :: PCCERT_CHAIN_CONTEXT
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL 4 #define CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL 4
// pvIssuer :: NULL // pvIssuer :: NULL
skipping to change at line 11538 skipping to change at line 13393
// Compute the hash of the "to be signed" information in the encoded // Compute the hash of the "to be signed" information in the encoded
// signed content (CERT_SIGNED_CONTENT_INFO). // signed content (CERT_SIGNED_CONTENT_INFO).
// //
// hCryptProv specifies the crypto provider to use to compute the hash. // hCryptProv specifies the crypto provider to use to compute the hash.
// It doesn't need to use a private key. // It doesn't need to use a private key.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptHashToBeSigned( CryptHashToBeSigned(
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN const BYTE *pbEncoded, __in_bcount(cbEncoded) const BYTE *pbEncoded,
IN DWORD cbEncoded, __in DWORD cbEncoded,
OUT BYTE *pbComputedHash, __out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa
IN OUT DWORD *pcbComputedHash sh,
__inout DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Hash the encoded content. // Hash the encoded content.
// //
// hCryptProv specifies the crypto provider to use to compute the hash. // hCryptProv specifies the crypto provider to use to compute the hash.
// It doesn't need to use a private key. // It doesn't need to use a private key.
// //
// Algid specifies the CAPI hash algorithm to use. If Algid is 0, then, the // Algid specifies the CAPI hash algorithm to use. If Algid is 0, then, the
// default hash algorithm (currently SHA1) is used. // default hash algorithm (currently SHA1) is used.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptHashCertificate( CryptHashCertificate(
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
IN ALG_ID Algid, __in ALG_ID Algid,
IN DWORD dwFlags, __in DWORD dwFlags,
IN const BYTE *pbEncoded, __in_bcount_opt(cbEncoded) const BYTE *pbEncoded,
IN DWORD cbEncoded, __in DWORD cbEncoded,
OUT BYTE *pbComputedHash, __out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa
IN OUT DWORD *pcbComputedHash sh,
__inout DWORD *pcbComputedHash
);
//+-------------------------------------------------------------------------
// Hash the encoded content using the CNG hash algorithm provider.
//--------------------------------------------------------------------------
WINCRYPT32API
BOOL
WINAPI
CryptHashCertificate2(
__in LPCWSTR pwszCNGHashAlgid,
__in DWORD dwFlags,
__reserved void *pvReserved,
__in_bcount_opt(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded,
__out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa
sh,
__inout DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign the "to be signed" information in the encoded signed content. // Sign the "to be signed" information in the encoded signed content.
// //
// hCryptProv specifies the crypto provider to use to do the signature. // hCryptProvOrNCryptKey specifies the crypto provider to use to do the
// It uses the specified private key. // signature. It uses the specified private key.
// //
// If the SignatureAlgorithm is a hash algorithm, then, the signature // If the SignatureAlgorithm is a hash algorithm, then, the signature
// contains the hash octets. A private key isn't used to encrypt the hash. // contains the hash octets. A private key isn't used to encrypt the hash.
// dwKeySpec isn't used and hCryptProv can be NULL where an appropriate // dwKeySpec isn't used and hCryptProvOrNCryptKey can be NULL where an
// default provider will be used for hashing. // appropriate default provider will be used for hashing.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSignCertificate( CryptSignCertificate(
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
IN DWORD dwKeySpec, __in_opt DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN const BYTE *pbEncodedToBeSigned, __in_bcount(cbEncodedToBeSigned) const BYTE *pbEncodedToBeSigned,
IN DWORD cbEncodedToBeSigned, __in DWORD cbEncodedToBeSigned,
IN PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, __in PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
IN OPTIONAL const void *pvHashAuxInfo, __in_opt const void *pvHashAuxInfo,
OUT BYTE *pbSignature, __out_bcount_part_opt(*pcbSignature, *pcbSignature) BYTE *pbSignature,
IN OUT DWORD *pcbSignature __inout DWORD *pcbSignature
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Encode the "to be signed" information. Sign the encoded "to be signed". // Encode the "to be signed" information. Sign the encoded "to be signed".
// Encode the "to be signed" and the signature. // Encode the "to be signed" and the signature.
// //
// hCryptProv specifies the crypto provider to use to do the signature. // hCryptProv specifies the crypto provider to use to do the signature.
// It uses the specified private key. // It uses the specified private key.
// //
// If the SignatureAlgorithm is a hash algorithm, then, the signature // If the SignatureAlgorithm is a hash algorithm, then, the signature
// contains the hash octets. A private key isn't used to encrypt the hash. // contains the hash octets. A private key isn't used to encrypt the hash.
// dwKeySpec isn't used and hCryptProv can be NULL where an appropriate // dwKeySpec isn't used and hCryptProv can be NULL where an appropriate
// default provider will be used for hashing. // default provider will be used for hashing.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSignAndEncodeCertificate( CryptSignAndEncodeCertificate(
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
IN DWORD dwKeySpec, __in_opt DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN LPCSTR lpszStructType, // "to be signed" __in LPCSTR lpszStructType, // "to be signed"
IN const void *pvStructInfo, __in const void *pvStructInfo,
IN PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, __in PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
IN OPTIONAL const void *pvHashAuxInfo, __in_opt const void *pvHashAuxInfo,
OUT PBYTE pbEncoded, __out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
IN OUT DWORD *pcbEncoded __inout DWORD *pcbEncoded
);
//+-------------------------------------------------------------------------
// Certificate and CryptMsg encoded signature OID installable functions
//--------------------------------------------------------------------------
// The dwCertEncodingType and pSignatureAlgorithm->pszObjId are used
// to call the signature OID installable functions.
//
// If the OID installable function doesn't support the signature,
// it should return FALSE with LastError set to ERROR_NOT_SUPPORTED.
// Called if the signature has encoded parameters. Returns the CNG
// hash algorithm identifier string. Optionally returns the decoded
// signature parameters passed to either the SignAndEncodeHash or
// VerifyEncodedSignature OID installable function.
//
// Returned allocated parameters are freed via LocalFree().
#define CRYPT_OID_EXTRACT_ENCODED_SIGNATURE_PARAMETERS_FUNC \
"CryptDllExtractEncodedSignatureParameters"
typedef BOOL (WINAPI *PFN_CRYPT_EXTRACT_ENCODED_SIGNATURE_PARAMETERS_FUNC)(
__in DWORD dwCertEncodingType,
__in PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
__deref_out_opt void **ppvDecodedSignPara, // LocalFree()
__deref_out LPWSTR *ppwszCNGHashAlgid // LocalFree()
);
// Called to sign the computed hash and encode it.
#define CRYPT_OID_SIGN_AND_ENCODE_HASH_FUNC \
"CryptDllSignAndEncodeHash"
typedef BOOL (WINAPI *PFN_CRYPT_SIGN_AND_ENCODE_HASH_FUNC)(
__in NCRYPT_KEY_HANDLE hKey,
__in DWORD dwCertEncodingType,
__in PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
__in_opt void *pvDecodedSignPara,
__in LPCWSTR pwszCNGPubKeyAlgid, // obtained from signature OID
__in LPCWSTR pwszCNGHashAlgid,
__in_bcount(cbComputedHash) BYTE *pbComputedHash,
__in DWORD cbComputedHash,
__out_bcount_part_opt(*pcbSignature, *pcbSignature) BYTE *pbSignature,
__inout DWORD *pcbSignature
);
// Called to decode and decrypt the encoded signature and compare it with the
// computed hash.
#define CRYPT_OID_VERIFY_ENCODED_SIGNATURE_FUNC \
"CryptDllVerifyEncodedSignature"
typedef BOOL (WINAPI *PFN_CRYPT_VERIFY_ENCODED_SIGNATURE_FUNC)(
__in DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pPubKeyInfo,
__in PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
__in_opt void *pvDecodedSignPara,
__in LPCWSTR pwszCNGPubKeyAlgid, // obtained from signature OID
__in LPCWSTR pwszCNGHashAlgid,
__in_bcount(cbComputedHash) BYTE *pbComputedHash,
__in DWORD cbComputedHash,
__in_bcount(cbSignature) BYTE *pbSignature,
__in DWORD cbSignature
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify the time validity of a certificate. // Verify the time validity of a certificate.
// //
// Returns -1 if before NotBefore, +1 if after NotAfter and otherwise 0 for // Returns -1 if before NotBefore, +1 if after NotAfter and otherwise 0 for
// a valid certificate // a valid certificate
// //
// If pTimeToVerify is NULL, uses the current time. // If pTimeToVerify is NULL, uses the current time.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
LONG LONG
WINAPI WINAPI
CertVerifyTimeValidity( CertVerifyTimeValidity(
IN LPFILETIME pTimeToVerify, __in_opt LPFILETIME pTimeToVerify,
IN PCERT_INFO pCertInfo __in PCERT_INFO pCertInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify the time validity of a CRL. // Verify the time validity of a CRL.
// //
// Returns -1 if before ThisUpdate, +1 if after NextUpdate and otherwise 0 for // Returns -1 if before ThisUpdate, +1 if after NextUpdate and otherwise 0 for
// a valid CRL // a valid CRL
// //
// If pTimeToVerify is NULL, uses the current time. // If pTimeToVerify is NULL, uses the current time.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
LONG LONG
WINAPI WINAPI
CertVerifyCRLTimeValidity( CertVerifyCRLTimeValidity(
IN LPFILETIME pTimeToVerify, __in_opt LPFILETIME pTimeToVerify,
IN PCRL_INFO pCrlInfo __in PCRL_INFO pCrlInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify that the subject's time validity nests within the issuer's time // Verify that the subject's time validity nests within the issuer's time
// validity. // validity.
// //
// Returns TRUE if it nests. Otherwise, returns FALSE. // Returns TRUE if it nests. Otherwise, returns FALSE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifyValidityNesting( CertVerifyValidityNesting(
IN PCERT_INFO pSubjectInfo, __in PCERT_INFO pSubjectInfo,
IN PCERT_INFO pIssuerInfo __in PCERT_INFO pIssuerInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify that the subject certificate isn't on its issuer CRL. // Verify that the subject certificate isn't on its issuer CRL.
// //
// Returns true if the certificate isn't on the CRL. // Returns true if the certificate isn't on the CRL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifyCRLRevocation( CertVerifyCRLRevocation(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_INFO pCertId, // Only the Issuer and SerialNumber __in PCERT_INFO pCertId, // Only the Issuer and SerialNumber
// fields are used // fields are used
IN DWORD cCrlInfo, __in DWORD cCrlInfo,
IN PCRL_INFO rgpCrlInfo[] __in_ecount(cCrlInfo) PCRL_INFO rgpCrlInfo[]
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert the CAPI AlgId to the ASN.1 Object Identifier string // Convert the CAPI AlgId to the ASN.1 Object Identifier string
// //
// Returns NULL if there isn't an ObjId corresponding to the AlgId. // Returns NULL if there isn't an ObjId corresponding to the AlgId.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
LPCSTR LPCSTR
WINAPI WINAPI
CertAlgIdToOID( CertAlgIdToOID(
IN DWORD dwAlgId __in DWORD dwAlgId
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert the ASN.1 Object Identifier string to the CAPI AlgId. // Convert the ASN.1 Object Identifier string to the CAPI AlgId.
// //
// Returns 0 if there isn't an AlgId corresponding to the ObjId. // Returns 0 if there isn't an AlgId corresponding to the ObjId.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertOIDToAlgId( CertOIDToAlgId(
IN LPCSTR pszObjId __in LPCSTR pszObjId
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find an extension identified by its Object Identifier. // Find an extension identified by its Object Identifier.
// //
// If found, returns pointer to the extension. Otherwise, returns NULL. // If found, returns pointer to the extension. Otherwise, returns NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCERT_EXTENSION PCERT_EXTENSION
WINAPI WINAPI
CertFindExtension( CertFindExtension(
IN LPCSTR pszObjId, __in LPCSTR pszObjId,
IN DWORD cExtensions, __in DWORD cExtensions,
IN CERT_EXTENSION rgExtensions[] __in_ecount(cExtensions) CERT_EXTENSION rgExtensions[]
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find the first attribute identified by its Object Identifier. // Find the first attribute identified by its Object Identifier.
// //
// If found, returns pointer to the attribute. Otherwise, returns NULL. // If found, returns pointer to the attribute. Otherwise, returns NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCRYPT_ATTRIBUTE PCRYPT_ATTRIBUTE
WINAPI WINAPI
CertFindAttribute( CertFindAttribute(
IN LPCSTR pszObjId, __in LPCSTR pszObjId,
IN DWORD cAttr, __in DWORD cAttr,
IN CRYPT_ATTRIBUTE rgAttr[] __in_ecount(cAttr) CRYPT_ATTRIBUTE rgAttr[]
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find the first CERT_RDN attribute identified by its Object Identifier in // Find the first CERT_RDN attribute identified by its Object Identifier in
// the name's list of Relative Distinguished Names. // the name's list of Relative Distinguished Names.
// //
// If found, returns pointer to the attribute. Otherwise, returns NULL. // If found, returns pointer to the attribute. Otherwise, returns NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCERT_RDN_ATTR PCERT_RDN_ATTR
WINAPI WINAPI
CertFindRDNAttr( CertFindRDNAttr(
IN LPCSTR pszObjId, __in LPCSTR pszObjId,
IN PCERT_NAME_INFO pName __in PCERT_NAME_INFO pName
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the intended key usage bytes from the certificate. // Get the intended key usage bytes from the certificate.
// //
// If the certificate doesn't have any intended key usage bytes, returns FALSE // If the certificate doesn't have any intended key usage bytes, returns FALSE
// and *pbKeyUsage is zeroed. Otherwise, returns TRUE and up through // and *pbKeyUsage is zeroed. Otherwise, returns TRUE and up through
// cbKeyUsage bytes are copied into *pbKeyUsage. Any remaining uncopied // cbKeyUsage bytes are copied into *pbKeyUsage. Any remaining uncopied
// bytes are zeroed. // bytes are zeroed.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetIntendedKeyUsage( CertGetIntendedKeyUsage(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_INFO pCertInfo, __in PCERT_INFO pCertInfo,
OUT BYTE *pbKeyUsage, __out_bcount_full(cbKeyUsage) BYTE *pbKeyUsage,
IN DWORD cbKeyUsage __in DWORD cbKeyUsage
); );
typedef void *HCRYPTDEFAULTCONTEXT; typedef void *HCRYPTDEFAULTCONTEXT;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Install a previously CryptAcquiredContext'ed HCRYPTPROV to be used as // Install a previously CryptAcquiredContext'ed HCRYPTPROV to be used as
// a default context. // a default context.
// //
// dwDefaultType and pvDefaultPara specify where the default context is used. // dwDefaultType and pvDefaultPara specify where the default context is used.
// For example, install the HCRYPTPROV to be used to verify certificate's // For example, install the HCRYPTPROV to be used to verify certificate's
skipping to change at line 11800 skipping to change at line 13729
// //
// If CRYPT_DEFAULT_CONTEXT_AUTO_RELEASE_FLAG is set, then, the HCRYPTPROV // If CRYPT_DEFAULT_CONTEXT_AUTO_RELEASE_FLAG is set, then, the HCRYPTPROV
// is CryptReleaseContext'ed at thread or process exit. However, // is CryptReleaseContext'ed at thread or process exit. However,
// not CryptReleaseContext'ed if CryptUninstallDefaultContext is // not CryptReleaseContext'ed if CryptUninstallDefaultContext is
// called. // called.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptInstallDefaultContext( CryptInstallDefaultContext(
IN HCRYPTPROV hCryptProv, __in HCRYPTPROV hCryptProv,
IN DWORD dwDefaultType, __in DWORD dwDefaultType,
IN const void *pvDefaultPara, __in_opt const void *pvDefaultPara,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvReserved, __reserved void *pvReserved,
OUT HCRYPTDEFAULTCONTEXT *phDefaultContext __out HCRYPTDEFAULTCONTEXT *phDefaultContext
); );
// dwFlags // dwFlags
#define CRYPT_DEFAULT_CONTEXT_AUTO_RELEASE_FLAG 0x00000001 #define CRYPT_DEFAULT_CONTEXT_AUTO_RELEASE_FLAG 0x00000001
#define CRYPT_DEFAULT_CONTEXT_PROCESS_FLAG 0x00000002 #define CRYPT_DEFAULT_CONTEXT_PROCESS_FLAG 0x00000002
// List of dwDefaultType's // List of dwDefaultType's
#define CRYPT_DEFAULT_CONTEXT_CERT_SIGN_OID 1 #define CRYPT_DEFAULT_CONTEXT_CERT_SIGN_OID 1
#define CRYPT_DEFAULT_CONTEXT_MULTI_CERT_SIGN_OID 2 #define CRYPT_DEFAULT_CONTEXT_MULTI_CERT_SIGN_OID 2
skipping to change at line 11853 skipping to change at line 13782
// CryptInstallDefaultContext. // CryptInstallDefaultContext.
// //
// For a default context installed with CRYPT_DEFAULT_CONTEXT_PROCESS_FLAG // For a default context installed with CRYPT_DEFAULT_CONTEXT_PROCESS_FLAG
// set, if any other threads are currently using this context, // set, if any other threads are currently using this context,
// this function will block until they finish. // this function will block until they finish.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUninstallDefaultContext( CryptUninstallDefaultContext(
HCRYPTDEFAULTCONTEXT hDefaultContext, __in_opt HCRYPTDEFAULTCONTEXT hDefaultContext,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvReserved __reserved void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Export the public key info associated with the provider's corresponding // Export the public key info associated with the provider's corresponding
// private key. // private key.
// //
// Calls CryptExportPublicKeyInfoEx with pszPublicKeyObjId = NULL, // Calls CryptExportPublicKeyInfoEx with pszPublicKeyObjId = NULL,
// dwFlags = 0 and pvAuxInfo = NULL. // dwFlags = 0 and pvAuxInfo = NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptExportPublicKeyInfo( CryptExportPublicKeyInfo(
IN HCRYPTPROV hCryptProv, __in HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
IN DWORD dwKeySpec, __in_opt DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
OUT PCERT_PUBLIC_KEY_INFO pInfo, __out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
IN OUT DWORD *pcbInfo __inout DWORD *pcbInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Export the public key info associated with the provider's corresponding // Export the public key info associated with the provider's corresponding
// private key. // private key.
// //
// Uses the dwCertEncodingType and pszPublicKeyObjId to call the // Uses the dwCertEncodingType and pszPublicKeyObjId to call the
// installable CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC. The called function // installable CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC. The called function
// has the same signature as CryptExportPublicKeyInfoEx. // has the same signature as CryptExportPublicKeyInfoEx.
// //
// If unable to find an installable OID function for the pszPublicKeyObjId, // If unable to find an installable OID function for the pszPublicKeyObjId,
// attempts to export as a RSA Public Key (szOID_RSA_RSA). // attempts to export as a RSA Public Key (szOID_RSA_RSA).
// //
// The dwFlags and pvAuxInfo aren't used for szOID_RSA_RSA. // The dwFlags and pvAuxInfo aren't used for szOID_RSA_RSA.
//
// dwFlags can be set with the following 2 flags passed directly to
// CryptFindOIDInfo:
// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC "CryptDllExportPublicKeyInfoEx"
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptExportPublicKeyInfoEx( CryptExportPublicKeyInfoEx(
IN HCRYPTPROV hCryptProv, __in HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
IN DWORD dwKeySpec, __in_opt DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN LPSTR pszPublicKeyObjId, __in_opt LPSTR pszPublicKeyObjId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvAuxInfo, __in_opt void *pvAuxInfo,
OUT PCERT_PUBLIC_KEY_INFO pInfo, __out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
IN OUT DWORD *pcbInfo __inout DWORD *pcbInfo
);
// Legacy define used for exporting CAPI1 HCRYPTPROV public keys.
#define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC "CryptDllExportPublicKeyInfoEx"
//+-------------------------------------------------------------------------
// Export CNG PublicKeyInfo OID installable function. Note, not called
// for a HCRYPTPROV choice.
//--------------------------------------------------------------------------
#define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC \
"CryptDllExportPublicKeyInfoEx2"
typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC) (
__in NCRYPT_KEY_HANDLE hNCryptKey,
__in DWORD dwCertEncodingType,
__in LPSTR pszPublicKeyObjId,
__in DWORD dwFlags,
__in_opt void *pvAuxInfo,
__out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
__inout DWORD *pcbInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert and import the public key info into the provider and return a // Convert and import the public key info into the provider and return a
// handle to the public key. // handle to the public key.
// //
// Calls CryptImportPublicKeyInfoEx with aiKeyAlg = 0, dwFlags = 0 and // Calls CryptImportPublicKeyInfoEx with aiKeyAlg = 0, dwFlags = 0 and
// pvAuxInfo = NULL. // pvAuxInfo = NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptImportPublicKeyInfo( CryptImportPublicKeyInfo(
IN HCRYPTPROV hCryptProv, __in HCRYPTPROV hCryptProv,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_PUBLIC_KEY_INFO pInfo, __in PCERT_PUBLIC_KEY_INFO pInfo,
OUT HCRYPTKEY *phKey __out HCRYPTKEY *phKey
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert and import the public key info into the provider and return a // Convert and import the public key info into the provider and return a
// handle to the public key. // handle to the public key.
// //
// Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the // Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the
// installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC. The called function // installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC. The called function
// has the same signature as CryptImportPublicKeyInfoEx. // has the same signature as CryptImportPublicKeyInfoEx.
// //
skipping to change at line 11942 skipping to change at line 13894
// //
// For szOID_RSA_RSA: aiKeyAlg may be set to CALG_RSA_SIGN or CALG_RSA_KEYX. // For szOID_RSA_RSA: aiKeyAlg may be set to CALG_RSA_SIGN or CALG_RSA_KEYX.
// Defaults to CALG_RSA_KEYX. The dwFlags and pvAuxInfo aren't used. // Defaults to CALG_RSA_KEYX. The dwFlags and pvAuxInfo aren't used.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC "CryptDllImportPublicKeyInfoEx" #define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC "CryptDllImportPublicKeyInfoEx"
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptImportPublicKeyInfoEx( CryptImportPublicKeyInfoEx(
IN HCRYPTPROV hCryptProv, __in HCRYPTPROV hCryptProv,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_PUBLIC_KEY_INFO pInfo, __in PCERT_PUBLIC_KEY_INFO pInfo,
IN ALG_ID aiKeyAlg, __in ALG_ID aiKeyAlg,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvAuxInfo, __in_opt void *pvAuxInfo,
OUT HCRYPTKEY *phKey __out HCRYPTKEY *phKey
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Acquire a HCRYPTPROV handle and dwKeySpec for the specified certificate // Convert and import the public key info into the CNG asymmetric or
// context. Uses the certificate's CERT_KEY_PROV_INFO_PROP_ID property. // signature algorithm provider and return a BCRYPT_KEY_HANDLE to it.
// The returned HCRYPTPROV handle may optionally be cached using the //
// certificate's CERT_KEY_CONTEXT_PROP_ID property. // Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the
// installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC. The called function
// has the same signature as CryptImportPublicKeyInfoEx2.
//
// dwFlags can be set with the following 2 flags passed directly to
// CryptFindOIDInfo:
// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
//--------------------------------------------------------------------------
WINCRYPT32API
BOOL
WINAPI
CryptImportPublicKeyInfoEx2(
__in DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo,
__in DWORD dwFlags,
__in_opt void *pvAuxInfo,
__out BCRYPT_KEY_HANDLE *phKey
);
//+-------------------------------------------------------------------------
// Import CNG PublicKeyInfo OID installable function
//--------------------------------------------------------------------------
#define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC \
"CryptDllImportPublicKeyInfoEx2"
typedef BOOL (WINAPI *PFN_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC) (
__in DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo,
__in DWORD dwFlags,
__in_opt void *pvAuxInfo,
__out BCRYPT_KEY_HANDLE *phKey
);
//+-------------------------------------------------------------------------
// Acquire a HCRYPTPROV and dwKeySpec or NCRYPT_KEY_HANDLE for the
// specified certificate context. Uses the certificate's
// CERT_KEY_PROV_INFO_PROP_ID property.
// The returned HCRYPTPROV or NCRYPT_KEY_HANDLE handle may optionally be
// cached using the certificate's CERT_KEY_CONTEXT_PROP_ID property.
// //
// If CRYPT_ACQUIRE_CACHE_FLAG is set, then, if an already acquired and // If CRYPT_ACQUIRE_CACHE_FLAG is set, then, if an already acquired and
// cached HCRYPTPROV exists for the certificate, its returned. Otherwise, // cached HCRYPTPROV or NCRYPT_KEY_HANDLE exists for the certificate, its
// a HCRYPTPROV is acquired and then cached via the certificate's // returned. Otherwise, a HCRYPTPROV or NCRYPT_KEY_HANDLE is acquired and
// CERT_KEY_CONTEXT_PROP_ID. // then cached via the certificate's CERT_KEY_CONTEXT_PROP_ID.
// //
// The CRYPT_ACQUIRE_USE_PROV_INFO_FLAG can be set to use the dwFlags field of // The CRYPT_ACQUIRE_USE_PROV_INFO_FLAG can be set to use the dwFlags field of
// the certificate's CERT_KEY_PROV_INFO_PROP_ID property's CRYPT_KEY_PROV_INFO // the certificate's CERT_KEY_PROV_INFO_PROP_ID property's CRYPT_KEY_PROV_INFO
// data structure to determine if the returned HCRYPTPROV should be cached. // data structure to determine if the returned HCRYPTPROV or
// HCRYPTPROV caching is enabled if the CERT_SET_KEY_CONTEXT_PROP_ID flag was // NCRYPT_KEY_HANDLE should be cached.
// Caching is enabled if the CERT_SET_KEY_CONTEXT_PROP_ID flag was
// set. // set.
// //
// If CRYPT_ACQUIRE_COMPARE_KEY_FLAG is set, then, // If CRYPT_ACQUIRE_COMPARE_KEY_FLAG is set, then,
// the public key in the certificate is compared with the public // the public key in the certificate is compared with the public
// key returned by the cryptographic provider. If the keys don't match, the // key returned by the cryptographic provider. If the keys don't match, the
// acquire fails and LastError is set to NTE_BAD_PUBLIC_KEY. Note, if // acquire fails and LastError is set to NTE_BAD_PUBLIC_KEY. Note, if
// a cached HCRYPTPROV is returned, the comparison isn't done. We assume the // a cached HCRYPTPROV or NCRYPT_KEY_HANDLE is returned, the comparison isn't
// comparison was done on the initial acquire. // done. We assume the comparison was done on the initial acquire.
//
// The CRYPT_ACQUIRE_NO_HEALING flags prohibits this function from
// attempting to recreate the CERT_KEY_PROV_INFO_PROP_ID in the certificate
// context if it fails to retrieve this property.
// //
// The CRYPT_ACQUIRE_SILENT_FLAG can be set to suppress any UI by the CSP. // The CRYPT_ACQUIRE_SILENT_FLAG can be set to suppress any UI by the CSP.
// See CryptAcquireContext's CRYPT_SILENT flag for more details. // See CryptAcquireContext's CRYPT_SILENT flag for more details.
// //
// *pfCallerFreeProv is returned set to FALSE for: // The following flags can be set to optionally open and return a CNG
// NCRYPT_KEY_HANDLE instead of a HCRYPTPROV. *pdwKeySpec is set to
// CERT_NCRYPT_KEY_SPEC when a NCRYPT_KEY_HANDLE is returned.
// CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG - if the CryptAcquireContext
// fails, then, an NCryptOpenKey is attempted.
//
// CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG - the NCryptOpenKey is
// first attempted and its handle returned for success.
//
// CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG - only the NCryptOpenKey is
// attempted.
//
// *pfCallerFreeProvOrNCryptKey is returned set to FALSE for:
// - Acquire or public key comparison fails. // - Acquire or public key comparison fails.
// - CRYPT_ACQUIRE_CACHE_FLAG is set. // - CRYPT_ACQUIRE_CACHE_FLAG is set.
// - CRYPT_ACQUIRE_USE_PROV_INFO_FLAG is set AND // - CRYPT_ACQUIRE_USE_PROV_INFO_FLAG is set AND
// CERT_SET_KEY_CONTEXT_PROP_ID flag is set in the dwFlags field of the // CERT_SET_KEY_CONTEXT_PROP_ID flag is set in the dwFlags field of the
// certificate's CERT_KEY_PROV_INFO_PROP_ID property's // certificate's CERT_KEY_PROV_INFO_PROP_ID property's
// CRYPT_KEY_PROV_INFO data structure. // CRYPT_KEY_PROV_INFO data structure.
// When *pfCallerFreeProv is FALSE, the caller must not release. The // When *pfCallerFreeProvOrNCryptKey is FALSE, the caller must not release. The
// returned HCRYPTPROV will be released on the last free of the certificate // returned HCRYPTPROV or NCRYPT_KEY_HANDLE will be released on the last
// context. // free of the certificate context.
//
// Otherwise, *pfCallerFreeProvOrNCryptKey is TRUE and a returned
// HCRYPTPROV must be released by the caller by calling CryptReleaseContext.
// A returned NCRYPT_KEY_HANDLE is freed by calling NCryptFreeObject.
// *pdwKeySpec MUST be checked when CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG
// or CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG is set.
// //
// Otherwise, *pfCallerFreeProv is TRUE and the returned HCRYPTPROV must
// be released by the caller by calling CryptReleaseContext.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptAcquireCertificatePrivateKey( CryptAcquireCertificatePrivateKey(
IN PCCERT_CONTEXT pCert, __in PCCERT_CONTEXT pCert,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvReserved, __reserved void *pvReserved,
OUT HCRYPTPROV *phCryptProv, __out HCRYPTPROV_OR_NCRYPT_KEY_HANDLE *phCryptProvOrNCryptKey,
OUT OPTIONAL DWORD *pdwKeySpec, __out_opt DWORD *pdwKeySpec,
OUT OPTIONAL BOOL *pfCallerFreeProv __out_opt BOOL *pfCallerFreeProvOrNCryptKey
); );
#define CRYPT_ACQUIRE_CACHE_FLAG 0x00000001 #define CRYPT_ACQUIRE_CACHE_FLAG 0x00000001
#define CRYPT_ACQUIRE_USE_PROV_INFO_FLAG 0x00000002 #define CRYPT_ACQUIRE_USE_PROV_INFO_FLAG 0x00000002
#define CRYPT_ACQUIRE_COMPARE_KEY_FLAG 0x00000004 #define CRYPT_ACQUIRE_COMPARE_KEY_FLAG 0x00000004
#define CRYPT_ACQUIRE_NO_HEALING 0x00000008
#define CRYPT_ACQUIRE_SILENT_FLAG 0x00000040 #define CRYPT_ACQUIRE_SILENT_FLAG 0x00000040
#define CRYPT_ACQUIRE_NCRYPT_KEY_FLAGS_MASK 0x00070000
#define CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG 0x00010000
#define CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG 0x00020000
#define CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG 0x00040000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerates the cryptographic providers and their containers to find the // Enumerates the cryptographic providers and their containers to find the
// private key corresponding to the certificate's public key. For a match, // private key corresponding to the certificate's public key. For a match,
// the certificate's CERT_KEY_PROV_INFO_PROP_ID property is updated. // the certificate's CERT_KEY_PROV_INFO_PROP_ID property is updated.
// //
// If the CERT_KEY_PROV_INFO_PROP_ID is already set, then, its checked to // If the CERT_KEY_PROV_INFO_PROP_ID is already set, then, its checked to
// see if it matches the provider's public key. For a match, the above // see if it matches the provider's public key. For a match, the above
// enumeration is skipped. // enumeration is skipped.
// //
// By default both the user and machine key containers are searched. // By default both the user and machine key containers are searched.
// The CRYPT_FIND_USER_KEYSET_FLAG or CRYPT_FIND_MACHINE_KEYSET_FLAG // The CRYPT_FIND_USER_KEYSET_FLAG or CRYPT_FIND_MACHINE_KEYSET_FLAG
// can be set in dwFlags to restrict the search to either of the containers. // can be set in dwFlags to restrict the search to either of the containers.
// //
// The CRYPT_FIND_SILENT_KEYSET_FLAG can be set to suppress any UI by the CSP. // The CRYPT_FIND_SILENT_KEYSET_FLAG can be set to suppress any UI by the CSP.
// See CryptAcquireContext's CRYPT_SILENT flag for more details. // See CryptAcquireContext's CRYPT_SILENT flag for more details.
// //
// If a container isn't found, returns FALSE with LastError set to // If a container isn't found, returns FALSE with LastError set to
// NTE_NO_KEY. // NTE_NO_KEY.
//
// The above CRYPT_ACQUIRE_NCRYPT_KEY_FLAGS can also be set. The default
// is CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptFindCertificateKeyProvInfo( CryptFindCertificateKeyProvInfo(
IN PCCERT_CONTEXT pCert, __in PCCERT_CONTEXT pCert,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvReserved __reserved void *pvReserved
); );
#define CRYPT_FIND_USER_KEYSET_FLAG 0x00000001 #define CRYPT_FIND_USER_KEYSET_FLAG 0x00000001
#define CRYPT_FIND_MACHINE_KEYSET_FLAG 0x00000002 #define CRYPT_FIND_MACHINE_KEYSET_FLAG 0x00000002
#define CRYPT_FIND_SILENT_KEYSET_FLAG 0x00000040 #define CRYPT_FIND_SILENT_KEYSET_FLAG 0x00000040
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// This is the prototype for the installable function which is called to // This is the prototype for the installable function which is called to
// actually import a key into a CSP. an installable of this type is called // actually import a key into a CSP. an installable of this type is called
// from CryptImportPKCS8. the algorithm OID of the private key is used // from CryptImportPKCS8. the algorithm OID of the private key is used
skipping to change at line 12057 skipping to change at line 14077
// //
// hCryptProv - the provider to import the key to // hCryptProv - the provider to import the key to
// pPrivateKeyInfo - describes the key to be imported // pPrivateKeyInfo - describes the key to be imported
// dwFlags - The available flags are: // dwFlags - The available flags are:
// CRYPT_EXPORTABLE // CRYPT_EXPORTABLE
// this flag is used when importing private keys, for a full // this flag is used when importing private keys, for a full
// explanation please see the documentation for CryptImportKey. // explanation please see the documentation for CryptImportKey.
// pvAuxInfo - reserved for future, must be NULL // pvAuxInfo - reserved for future, must be NULL
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_IMPORT_PRIV_KEY_FUNC) ( typedef BOOL (WINAPI *PFN_IMPORT_PRIV_KEY_FUNC) (
HCRYPTPROV hCryptProv, // in __in HCRYPTPROV hCryptProv, // in
CRYPT_PRIVATE_KEY_INFO *pPrivateKeyInfo, // in __in CRYPT_PRIVATE_KEY_INFO* pPrivateKeyInfo, // in
DWORD dwFlags, // in, optional __in DWORD dwFlags, // in
void *pvAuxInfo // in, optional __in_opt void* pvAuxInfo // in, optional
); );
#define CRYPT_OID_IMPORT_PRIVATE_KEY_INFO_FUNC "CryptDllImportPrivateKeyInfoEx " #define CRYPT_OID_IMPORT_PRIVATE_KEY_INFO_FUNC "CryptDllImportPrivateKeyInfoEx "
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert (from PKCS8 format) and import the private key into a provider // Convert (from PKCS8 format) and import the private key into a provider
// and return a handle to the provider as well as the KeySpec used to import to. // and return a handle to the provider as well as the KeySpec used to import to.
// //
// This function will call the PRESOLVE_HCRYPTPROV_FUNC in the // This function will call the PRESOLVE_HCRYPTPROV_FUNC in the
// privateKeyAndParams to obtain a handle of provider to import the key to. // privateKeyAndParams to obtain a handle of provider to import the key to.
skipping to change at line 12087 skipping to change at line 14107
// explanation please see the documentation for CryptImportKey. // explanation please see the documentation for CryptImportKey.
// phCryptProv - filled in with the handle of the provider the key was // phCryptProv - filled in with the handle of the provider the key was
// imported to, the caller is responsible for freeing it // imported to, the caller is responsible for freeing it
// pvAuxInfo - This parameter is reserved for future use and should be set // pvAuxInfo - This parameter is reserved for future use and should be set
// to NULL in the interim. // to NULL in the interim.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptImportPKCS8( CryptImportPKCS8(
CRYPT_PKCS8_IMPORT_PARAMS sImportParams, // in __in CRYPT_PKCS8_IMPORT_PARAMS sPrivateKeyAndParams, // in
DWORD dwFlags, // in, optional __in DWORD dwFlags, // in
HCRYPTPROV *phCryptProv, // out, optional __out_opt HCRYPTPROV *phCryptProv, // out, optional
void *pvAuxInfo // in, optional __in_opt void* pvAuxInfo // in, optional
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// this is the prototype for installable functions for exporting the private key // this is the prototype for installable functions for exporting the private key
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_EXPORT_PRIV_KEY_FUNC) ( typedef BOOL (WINAPI *PFN_EXPORT_PRIV_KEY_FUNC) (
HCRYPTPROV hCryptProv, // in __in HCRYPTPROV hCryptProv, // in
DWORD dwKeySpec, // in __in DWORD dwKeySpec, // in
LPSTR pszPrivateKeyObjId, // in __in LPSTR pszPrivateKeyObjId, // in
DWORD dwFlags, // in __in DWORD dwFlags, // in
void *pvAuxInfo, // in __in_opt void* pvAuxInfo, // in
CRYPT_PRIVATE_KEY_INFO *pPrivateKeyInfo, // out __out_bcount_opt (*pcbPrivateKeyInfo) CRYPT_PRIVATE_KEY_INFO* pPrivateKeyInf
DWORD *pcbPrivateKeyBlob // in, out o, // out
__inout DWORD* pcbPrivateKeyInfo // in, out
); );
#define CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC "CryptDllExportPrivateKeyInfoEx " #define CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC "CryptDllExportPrivateKeyInfoEx "
#define CRYPT_DELETE_KEYSET 0x0001 #define CRYPT_DELETE_KEYSET 0x0001
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CryptExportPKCS8 -- superseded by CryptExportPKCS8Ex // CryptExportPKCS8 -- superseded by CryptExportPKCS8Ex
// //
// Export the private key in PKCS8 format // Export the private key in PKCS8 format
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptExportPKCS8( CryptExportPKCS8(
HCRYPTPROV hCryptProv, // in __in HCRYPTPROV hCryptProv, // in
DWORD dwKeySpec, // in __in DWORD dwKeySpec, // in
LPSTR pszPrivateKeyObjId, // in __in LPSTR pszPrivateKeyObjId, // in
DWORD dwFlags, // in __in DWORD dwFlags, // in
void *pvAuxInfo, // in __in_opt void* pvAuxInfo, // in
BYTE *pbPrivateKeyBlob, // out __out_bcount_opt (*pcbPrivateKeyBlob) BYTE* pbPrivateKeyBlob, // out
DWORD *pcbPrivateKeyBlob // in, out __inout DWORD *pcbPrivateKeyBlob // in, out
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CryptExportPKCS8Ex // CryptExportPKCS8Ex
// //
// Export the private key in PKCS8 format // Export the private key in PKCS8 format
// //
// //
// Uses the pszPrivateKeyObjId to call the // Uses the pszPrivateKeyObjId to call the
// installable CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC. The called function // installable CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC. The called function
skipping to change at line 12153 skipping to change at line 14173
// NULL in the interim. // NULL in the interim.
// pbPrivateKeyBlob - A pointer to the private key blob. It will be encoded // pbPrivateKeyBlob - A pointer to the private key blob. It will be encoded
// as a PKCS8 PrivateKeyInfo. // as a PKCS8 PrivateKeyInfo.
// pcbPrivateKeyBlob - A pointer to a DWORD that contains the size, in bytes, // pcbPrivateKeyBlob - A pointer to a DWORD that contains the size, in bytes,
// of the private key blob being exporte d. // of the private key blob being exporte d.
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptExportPKCS8Ex( CryptExportPKCS8Ex(
CRYPT_PKCS8_EXPORT_PARAMS* psExportParams, // in __in CRYPT_PKCS8_EXPORT_PARAMS* psExportParams, // in
DWORD dwFlags, // in __in DWORD dwFlags, // in
void *pvAuxInfo, // in __in_opt void* pvAuxInfo, // in
BYTE *pbPrivateKeyBlob, // out __out_bcount_opt (*pcbPrivateKeyBlob) BYTE* pbPrivateKeyBlob, // out
DWORD *pcbPrivateKeyBlob // in, out __inout DWORD* pcbPrivateKeyBlob // in, out
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compute the hash of the encoded public key info. // Compute the hash of the encoded public key info.
// //
// The public key info is encoded and then hashed. // The public key info is encoded and then hashed.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptHashPublicKeyInfo( CryptHashPublicKeyInfo(
IN HCRYPTPROV hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
IN ALG_ID Algid, __in ALG_ID Algid,
IN DWORD dwFlags, __in DWORD dwFlags,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_PUBLIC_KEY_INFO pInfo, __in PCERT_PUBLIC_KEY_INFO pInfo,
OUT BYTE *pbComputedHash, __out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa
IN OUT DWORD *pcbComputedHash sh,
__inout DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert a Name Value to a null terminated char string // Convert a Name Value to a null terminated char string
// //
// Returns the number of characters converted including the terminating null // Returns the number of characters converted including the terminating null
// character. If psz is NULL or csz is 0, returns the required size of the // character. If psz is NULL or csz is 0, returns the required size of the
// destination string (including the terminating null char). // destination string (including the terminating null char).
// //
// If psz != NULL && csz != 0, returned psz is always NULL terminated. // If psz != NULL && csz != 0, returned psz is always NULL terminated.
// //
// Note: csz includes the NULL char. // Note: csz includes the NULL char.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertRDNValueToStrA( CertRDNValueToStrA(
IN DWORD dwValueType, __in DWORD dwValueType,
IN PCERT_RDN_VALUE_BLOB pValue, __in PCERT_RDN_VALUE_BLOB pValue,
OUT OPTIONAL LPSTR psz, __out_ecount_part_opt(csz, return) LPSTR psz,
IN DWORD csz __in DWORD csz
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert a Name Value to a null terminated char string // Convert a Name Value to a null terminated char string
// //
// Returns the number of characters converted including the terminating null // Returns the number of characters converted including the terminating null
// character. If psz is NULL or csz is 0, returns the required size of the // character. If psz is NULL or csz is 0, returns the required size of the
// destination string (including the terminating null char). // destination string (including the terminating null char).
// //
// If psz != NULL && csz != 0, returned psz is always NULL terminated. // If psz != NULL && csz != 0, returned psz is always NULL terminated.
// //
// Note: csz includes the NULL char. // Note: csz includes the NULL char.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertRDNValueToStrW( CertRDNValueToStrW(
IN DWORD dwValueType, __in DWORD dwValueType,
IN PCERT_RDN_VALUE_BLOB pValue, __in PCERT_RDN_VALUE_BLOB pValue,
OUT OPTIONAL LPWSTR psz, __out_ecount_part_opt(csz, return) LPWSTR psz,
IN DWORD csz __in DWORD csz
); );
#ifdef UNICODE #ifdef UNICODE
#define CertRDNValueToStr CertRDNValueToStrW #define CertRDNValueToStr CertRDNValueToStrW
#else #else
#define CertRDNValueToStr CertRDNValueToStrA #define CertRDNValueToStr CertRDNValueToStrA
#endif // !UNICODE #endif // !UNICODE
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert the certificate name blob to a null terminated char string. // Convert the certificate name blob to a null terminated char string.
// //
skipping to change at line 12250 skipping to change at line 14270
// The object identifiers are included with a "=" separator from their // The object identifiers are included with a "=" separator from their
// attribute value. CERT_RDN entries are separated by ", ". // attribute value. CERT_RDN entries are separated by ", ".
// Multiple attributes per CERT_RDN are separated by " + ". For example: // Multiple attributes per CERT_RDN are separated by " + ". For example:
// 2.5.4.11=Microsoft, 2.5.4.3=Joe Cool + 2.5.4.12=Programmer // 2.5.4.11=Microsoft, 2.5.4.3=Joe Cool + 2.5.4.12=Programmer
// CERT_X500_NAME_STR // CERT_X500_NAME_STR
// The object identifiers are converted to their X500 key name. Otherwise, // The object identifiers are converted to their X500 key name. Otherwise,
// same as CERT_OID_NAME_STR. If the object identifier doesn't have // same as CERT_OID_NAME_STR. If the object identifier doesn't have
// a corresponding X500 key name, then, the object identifier is used with // a corresponding X500 key name, then, the object identifier is used with
// a "OID." prefix. For example: // a "OID." prefix. For example:
// OU=Microsoft, CN=Joe Cool + T=Programmer, OID.1.2.3.4.5.6=Unknown // OU=Microsoft, CN=Joe Cool + T=Programmer, OID.1.2.3.4.5.6=Unknown
// CERT_XML_NAME_STR
// The object identifiers are converted the same as the above
// CERT_X500_NAME_STR. However, formatted as sequence of XML elements.
// Here's an example:
// <CN>cart.barnesandnoble.com</CN>
// <OU>Terms of use at www.verisign.com/rpa (c)00</OU>
// <OU rDNAttribute="true">IT Operations</OU>
// <O>Barnesandnoble.com</O>
// <L>New York</L>
// <S>New York</S>
// <C>US</C>
// <RDN oid="1.2.3.4" type="string">name</RDN>
// <RDN rDNAttribute="true" oid="1.2.1.3" type="encoded">0500</RDN>
// <RDN oid="1.2.1.4" type="encoded">020135</RDN>
// <RDN oid="1.2.2.5.3" type="octet">01FF7F</RDN>
// Where:
// Any XML markup characters are escaped:
// L'&' - L"&amp;"
// L'<' - L"&lt;"
// L'>' - L"&gt;"
// L'\'' - L"&apos;"
// L'\"' - L"&quot;"
// Will escape characters > 0x7F via chararacter references,
// L"&#xXXXX;"
//
// CERT_NAME_STR_REVERSE_FLAG and CERT_NAME_STR_CRLF_FLAG can be set.
// The following quoting, semicolon and plus semantics aren't
// applicable. The "+" is replaced with rDNAttribute="true".
//
// //
// We quote the RDN value if it contains leading or trailing whitespace // We quote the RDN value if it contains leading or trailing whitespace
// or one of the following characters: ",", "+", "=", """, "\n", "<", ">", // or one of the following characters: ",", "+", "=", """, "\n", "<", ">",
// "#" or ";". The quoting character is ". If the the RDN Value contains // "#" or ";". The quoting character is ". If the the RDN Value contains
// a " it is double quoted (""). For example: // a " it is double quoted (""). For example:
// OU=" Microsoft", CN="Joe ""Cool""" + T="Programmer, Manager" // OU=" Microsoft", CN="Joe ""Cool""" + T="Programmer, Manager"
// //
// CERT_NAME_STR_SEMICOLON_FLAG can be or'ed into dwStrType to replace // CERT_NAME_STR_SEMICOLON_FLAG can be or'ed into dwStrType to replace
// the ", " separator with a "; " separator. // the ", " separator with a "; " separator.
// //
skipping to change at line 12292 skipping to change at line 14341
// //
// Note: csz includes the NULL char. // Note: csz includes the NULL char.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertNameToStrA( CertNameToStrA(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_NAME_BLOB pName, __in PCERT_NAME_BLOB pName,
IN DWORD dwStrType, __in DWORD dwStrType,
OUT OPTIONAL LPSTR psz, __out_ecount_part_opt(csz, return) LPSTR psz,
IN DWORD csz __in DWORD csz
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertNameToStrW( CertNameToStrW(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_NAME_BLOB pName, __in PCERT_NAME_BLOB pName,
IN DWORD dwStrType, __in DWORD dwStrType,
OUT OPTIONAL LPWSTR psz, __out_ecount_part_opt(csz, return) LPWSTR psz,
IN DWORD csz __in DWORD csz
); );
#ifdef UNICODE #ifdef UNICODE
#define CertNameToStr CertNameToStrW #define CertNameToStr CertNameToStrW
#else #else
#define CertNameToStr CertNameToStrA #define CertNameToStr CertNameToStrA
#endif // !UNICODE #endif // !UNICODE
// certenrolld_begin -- CERT_NAME_STR_*_FLAG
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate name string types // Certificate name string types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_SIMPLE_NAME_STR 1 #define CERT_SIMPLE_NAME_STR 1
#define CERT_OID_NAME_STR 2 #define CERT_OID_NAME_STR 2
#define CERT_X500_NAME_STR 3 #define CERT_X500_NAME_STR 3
#define CERT_XML_NAME_STR 4
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate name string type flags OR'ed with the above types // Certificate name string type flags OR'ed with the above types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_NAME_STR_SEMICOLON_FLAG 0x40000000 #define CERT_NAME_STR_SEMICOLON_FLAG 0x40000000
#define CERT_NAME_STR_NO_PLUS_FLAG 0x20000000 #define CERT_NAME_STR_NO_PLUS_FLAG 0x20000000
#define CERT_NAME_STR_NO_QUOTING_FLAG 0x10000000 #define CERT_NAME_STR_NO_QUOTING_FLAG 0x10000000
#define CERT_NAME_STR_CRLF_FLAG 0x08000000 #define CERT_NAME_STR_CRLF_FLAG 0x08000000
#define CERT_NAME_STR_COMMA_FLAG 0x04000000 #define CERT_NAME_STR_COMMA_FLAG 0x04000000
#define CERT_NAME_STR_REVERSE_FLAG 0x02000000 #define CERT_NAME_STR_REVERSE_FLAG 0x02000000
#define CERT_NAME_STR_FORWARD_FLAG 0x01000000
#define CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG 0x00010000 #define CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG 0x00010000
#define CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG 0x00020000 #define CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG 0x00020000
#define CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG 0x00040000 #define CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG 0x00040000
#define CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG 0x00080000 #define CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG 0x00080000
#define CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG 0x00100000
// certenrolld_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert the null terminated X500 string to an encoded certificate name. // Convert the null terminated X500 string to an encoded certificate name.
// //
// The input string is expected to be formatted the same as the output // The input string is expected to be formatted the same as the output
// from the above CertNameToStr API. // from the above CertNameToStr API.
// //
// The CERT_SIMPLE_NAME_STR type isn't supported. Otherwise, when dwStrType // The CERT_SIMPLE_NAME_STR type and CERT_XML_NAME_STR aren't supported.
// Otherwise, when dwStrType
// is set to 0, CERT_OID_NAME_STR or CERT_X500_NAME_STR, allow either a // is set to 0, CERT_OID_NAME_STR or CERT_X500_NAME_STR, allow either a
// case insensitive X500 key (CN=), case insensitive "OID." prefixed // case insensitive X500 key (CN=), case insensitive "OID." prefixed
// object identifier (OID.1.2.3.4.5.6=) or an object identifier (1.2.3.4=). // object identifier (OID.1.2.3.4.5.6=) or an object identifier (1.2.3.4=).
// //
// If no flags are OR'ed into dwStrType, then, allow "," or ";" as RDN // If no flags are OR'ed into dwStrType, then, allow "," or ";" as RDN
// separators and "+" as the multiple RDN value separator. Quoting is // separators and "+" as the multiple RDN value separator. Quoting is
// supported. A quote may be included in a quoted value by double quoting, // supported. A quote may be included in a quoted value by double quoting,
// for example (CN="Joe ""Cool"""). A value starting with a "#" is treated // for example (CN="Joe ""Cool"""). A value starting with a "#" is treated
// as ascii hex and converted to a CERT_RDN_OCTET_STRING. Embedded whitespace // as ascii hex and converted to a CERT_RDN_OCTET_STRING. Embedded whitespace
// is skipped (1.2.3 = # AB CD 01 is the same as 1.2.3=#ABCD01). // is skipped (1.2.3 = # AB CD 01 is the same as 1.2.3=#ABCD01).
skipping to change at line 12376 skipping to change at line 14431
// //
// CERT_NAME_STR_NO_PLUS_FLAG can be or'ed into dwStrType to ignore "+" // CERT_NAME_STR_NO_PLUS_FLAG can be or'ed into dwStrType to ignore "+"
// as a separator and not allow multiple values per RDN. // as a separator and not allow multiple values per RDN.
// //
// CERT_NAME_STR_NO_QUOTING_FLAG can be or'ed into dwStrType to inhibit // CERT_NAME_STR_NO_QUOTING_FLAG can be or'ed into dwStrType to inhibit
// quoting. // quoting.
// //
// CERT_NAME_STR_REVERSE_FLAG can be or'ed into dwStrType to reverse the // CERT_NAME_STR_REVERSE_FLAG can be or'ed into dwStrType to reverse the
// order of the RDNs after converting from the string and before encoding. // order of the RDNs after converting from the string and before encoding.
// //
// CERT_NAME_STR_FORWARD_FLAG can be or'ed into dwStrType to defeat setting
// CERT_NAME_STR_REVERSE_FLAG, if reverse order becomes the default.
//
// CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG can be or'ed into dwStrType to // CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG can be or'ed into dwStrType to
// to select the CERT_RDN_T61_STRING encoded value type instead of // to select the CERT_RDN_T61_STRING encoded value type instead of
// CERT_RDN_UNICODE_STRING if all the UNICODE characters are <= 0xFF. // CERT_RDN_UNICODE_STRING if all the UNICODE characters are <= 0xFF.
// //
// CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG can be or'ed into dwStrType to // CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG can be or'ed into dwStrType to
// to select the CERT_RDN_UTF8_STRING encoded value type instead of // to select the CERT_RDN_UTF8_STRING encoded value type instead of
// CERT_RDN_UNICODE_STRING. // CERT_RDN_UNICODE_STRING.
// //
// CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG can be or'ed into dwStrType // CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG can be or'ed into dwStrType
// to force the CERT_RDN_UTF8_STRING encoded value type instead of // to force the CERT_RDN_UTF8_STRING encoded value type instead of
// allowing CERT_RDN_PRINTABLE_STRING for DirectoryString types. // allowing CERT_RDN_PRINTABLE_STRING for DirectoryString types.
// Applies to the X500 Keys below which allow "Printable, Unicode". // Applies to the X500 Keys below which allow "Printable, Unicode".
// Also, enables CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG. // Also, enables CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG.
// //
// CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG can be or'ed into dwStrType to
// defeat setting CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG, if forcing UTF-8
// becomes the default.
//
// Support the following X500 Keys: // Support the following X500 Keys:
// //
// Key Object Identifier RDN Value Type(s) // Key Object Identifier RDN Value Type(s)
// --- ----------------- ----------------- // --- ----------------- -----------------
// CN szOID_COMMON_NAME Printable, Unicode // CN szOID_COMMON_NAME Printable, Unicode
// L szOID_LOCALITY_NAME Printable, Unicode // L szOID_LOCALITY_NAME Printable, Unicode
// O szOID_ORGANIZATION_NAME Printable, Unicode // O szOID_ORGANIZATION_NAME Printable, Unicode
// OU szOID_ORGANIZATIONAL_UNIT_NAME Printable, Unicode // OU szOID_ORGANIZATIONAL_UNIT_NAME Printable, Unicode
// E szOID_RSA_emailAddr Only IA5 // E szOID_RSA_emailAddr Only IA5
// Email szOID_RSA_emailAddr Only IA5 // Email szOID_RSA_emailAddr Only IA5
skipping to change at line 12444 skipping to change at line 14506
// ppszError can be set to NULL if not interested in getting a pointer // ppszError can be set to NULL if not interested in getting a pointer
// to the invalid character sequence. // to the invalid character sequence.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertStrToNameA( CertStrToNameA(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN LPCSTR pszX500, __in LPCSTR pszX500,
IN DWORD dwStrType, __in DWORD dwStrType,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
OUT BYTE *pbEncoded, __out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
IN OUT DWORD *pcbEncoded, __inout DWORD *pcbEncoded,
OUT OPTIONAL LPCSTR *ppszError __deref_opt_out_opt LPCSTR *ppszError
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertStrToNameW( CertStrToNameW(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN LPCWSTR pszX500, __in LPCWSTR pszX500,
IN DWORD dwStrType, __in DWORD dwStrType,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
OUT BYTE *pbEncoded, __out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
IN OUT DWORD *pcbEncoded, __inout DWORD *pcbEncoded,
OUT OPTIONAL LPCWSTR *ppszError __deref_opt_out_opt LPCWSTR *ppszError
); );
#ifdef UNICODE #ifdef UNICODE
#define CertStrToName CertStrToNameW #define CertStrToName CertStrToNameW
#else #else
#define CertStrToName CertStrToNameA #define CertStrToName CertStrToNameA
#endif // !UNICODE #endif // !UNICODE
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the subject or issuer name from the certificate and // Get the subject or issuer name from the certificate and
// according to the specified format type, convert to a null terminated // according to the specified format type, convert to a null terminated
skipping to change at line 12568 skipping to change at line 14630
// //
// Note: cchNameString includes the NULL char. // Note: cchNameString includes the NULL char.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertGetNameStringA( CertGetNameStringA(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwType, __in DWORD dwType,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvTypePara, __in_opt void *pvTypePara,
OUT OPTIONAL LPSTR pszNameString, __out_ecount_part_opt(cchNameString, return) LPSTR pszNameString,
IN DWORD cchNameString __in DWORD cchNameString
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertGetNameStringW( CertGetNameStringW(
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN DWORD dwType, __in DWORD dwType,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvTypePara, __in_opt void *pvTypePara,
OUT OPTIONAL LPWSTR pszNameString, __out_ecount_part_opt(cchNameString, return) LPWSTR pszNameString,
IN DWORD cchNameString __in DWORD cchNameString
); );
#ifdef UNICODE #ifdef UNICODE
#define CertGetNameString CertGetNameStringW #define CertGetNameString CertGetNameStringW
#else #else
#define CertGetNameString CertGetNameStringA #define CertGetNameString CertGetNameStringA
#endif // !UNICODE #endif // !UNICODE
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate name types // Certificate name types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 12664 skipping to change at line 14726
// //
// Note, if the KEYID choice was selected for a CMS SignerId, then, the // Note, if the KEYID choice was selected for a CMS SignerId, then, the
// SerialNumber is 0 and the Issuer is encoded containing a single RDN with a // SerialNumber is 0 and the Issuer is encoded containing a single RDN with a
// single Attribute whose OID is szOID_KEYID_RDN, value type is // single Attribute whose OID is szOID_KEYID_RDN, value type is
// CERT_RDN_OCTET_STRING and value is the KEYID. When the // CERT_RDN_OCTET_STRING and value is the KEYID. When the
// CertGetSubjectCertificateFromStore and // CertGetSubjectCertificateFromStore and
// CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) APIs see this // CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) APIs see this
// special KEYID Issuer and SerialNumber, they do a KEYID match. // special KEYID Issuer and SerialNumber, they do a KEYID match.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef PCCERT_CONTEXT (WINAPI *PFN_CRYPT_GET_SIGNER_CERTIFICATE)( typedef PCCERT_CONTEXT (WINAPI *PFN_CRYPT_GET_SIGNER_CERTIFICATE)(
IN void *pvGetArg, __inout_opt void *pvGetArg,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN PCERT_INFO pSignerId, // Only the Issuer and SerialNumber __in PCERT_INFO pSignerId, // Only the Issuer and SerialNumber
// fields have been updated // fields have been updated
IN HCERTSTORE hMsgCertStore __in HCERTSTORE hMsgCertStore
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The CRYPT_SIGN_MESSAGE_PARA are used for signing messages using the // The CRYPT_SIGN_MESSAGE_PARA are used for signing messages using the
// specified signing certificate context. // specified signing certificate context.
// //
// Either the CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_PROV_INFO_PROP_ID must // Either the CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_PROV_INFO_PROP_ID must
// be set for each rgpSigningCert[]. Either one specifies the private // be set for each rgpSigningCert[]. Either one specifies the private
// signature key to use. // signature key to use.
// //
skipping to change at line 12740 skipping to change at line 14802
DWORD cMsgCrl; DWORD cMsgCrl;
PCCRL_CONTEXT *rgpMsgCrl; PCCRL_CONTEXT *rgpMsgCrl;
DWORD cAuthAttr; DWORD cAuthAttr;
PCRYPT_ATTRIBUTE rgAuthAttr; PCRYPT_ATTRIBUTE rgAuthAttr;
DWORD cUnauthAttr; DWORD cUnauthAttr;
PCRYPT_ATTRIBUTE rgUnauthAttr; PCRYPT_ATTRIBUTE rgUnauthAttr;
DWORD dwFlags; DWORD dwFlags;
DWORD dwInnerContentType; DWORD dwInnerContentType;
#ifdef CRYPT_SIGN_MESSAGE_PARA_HAS_CMS_FIELDS #ifdef CRYPT_SIGN_MESSAGE_PARA_HAS_CMS_FIELDS
// This is also referred to as the SignatureAlgorithm
CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm;
void *pvHashEncryptionAuxInfo; void *pvHashEncryptionAuxInfo;
#endif #endif
} CRYPT_SIGN_MESSAGE_PARA, *PCRYPT_SIGN_MESSAGE_PARA; } CRYPT_SIGN_MESSAGE_PARA, *PCRYPT_SIGN_MESSAGE_PARA;
#define CRYPT_MESSAGE_BARE_CONTENT_OUT_FLAG 0x00000001 #define CRYPT_MESSAGE_BARE_CONTENT_OUT_FLAG 0x00000001
// When set, nonData type inner content is encapsulated within an // When set, nonData type inner content is encapsulated within an
// OCTET STRING // OCTET STRING
#define CRYPT_MESSAGE_ENCAPSULATED_CONTENT_OUT_FLAG 0x00000002 #define CRYPT_MESSAGE_ENCAPSULATED_CONTENT_OUT_FLAG 0x00000002
skipping to change at line 12776 skipping to change at line 14839
// //
// pfnGetSignerCertificate is called to get and verify the message signer's // pfnGetSignerCertificate is called to get and verify the message signer's
// certificate. // certificate.
// //
// cbSize must be set to the sizeof(CRYPT_VERIFY_MESSAGE_PARA) or else // cbSize must be set to the sizeof(CRYPT_VERIFY_MESSAGE_PARA) or else
// LastError will be updated with E_INVALIDARG. // LastError will be updated with E_INVALIDARG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_VERIFY_MESSAGE_PARA { typedef struct _CRYPT_VERIFY_MESSAGE_PARA {
DWORD cbSize; DWORD cbSize;
DWORD dwMsgAndCertEncodingType; DWORD dwMsgAndCertEncodingType;
HCRYPTPROV hCryptProv; HCRYPTPROV_LEGACY hCryptProv;
PFN_CRYPT_GET_SIGNER_CERTIFICATE pfnGetSignerCertificate; PFN_CRYPT_GET_SIGNER_CERTIFICATE pfnGetSignerCertificate;
void *pvGetArg; void *pvGetArg;
} CRYPT_VERIFY_MESSAGE_PARA, *PCRYPT_VERIFY_MESSAGE_PARA; } CRYPT_VERIFY_MESSAGE_PARA, *PCRYPT_VERIFY_MESSAGE_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The CRYPT_ENCRYPT_MESSAGE_PARA are used for encrypting messages. // The CRYPT_ENCRYPT_MESSAGE_PARA are used for encrypting messages.
// //
// hCryptProv is used to do content encryption, recipient key // hCryptProv is used to do content encryption, recipient key
// encryption, and recipient key export. Its private key // encryption, and recipient key export. Its private key
// isn't used. // isn't used.
skipping to change at line 12823 skipping to change at line 14886
// For CMS messages, CRYPT_MESSAGE_ENCAPSULATED_CONTENT_OUT_FLAG may be // For CMS messages, CRYPT_MESSAGE_ENCAPSULATED_CONTENT_OUT_FLAG may be
// set to encapsulate nonData inner content within an OCTET STRING before // set to encapsulate nonData inner content within an OCTET STRING before
// encrypting. // encrypting.
// //
// For CMS messages, CRYPT_MESSAGE_KEYID_RECIPIENT_FLAG may be set to identify // For CMS messages, CRYPT_MESSAGE_KEYID_RECIPIENT_FLAG may be set to identify
// recipients by their Key Identifier and not their Issuer and Serial Number. // recipients by their Key Identifier and not their Issuer and Serial Number.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_ENCRYPT_MESSAGE_PARA { typedef struct _CRYPT_ENCRYPT_MESSAGE_PARA {
DWORD cbSize; DWORD cbSize;
DWORD dwMsgEncodingType; DWORD dwMsgEncodingType;
HCRYPTPROV hCryptProv; HCRYPTPROV_LEGACY hCryptProv;
CRYPT_ALGORITHM_IDENTIFIER ContentEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER ContentEncryptionAlgorithm;
void *pvEncryptionAuxInfo; void *pvEncryptionAuxInfo;
DWORD dwFlags; DWORD dwFlags;
DWORD dwInnerContentType; DWORD dwInnerContentType;
} CRYPT_ENCRYPT_MESSAGE_PARA, *PCRYPT_ENCRYPT_MESSAGE_PARA; } CRYPT_ENCRYPT_MESSAGE_PARA, *PCRYPT_ENCRYPT_MESSAGE_PARA;
// When set, recipients are identified by their Key Identifier and not // When set, recipients are identified by their Key Identifier and not
// their Issuer and Serial Number. // their Issuer and Serial Number.
#define CRYPT_MESSAGE_KEYID_RECIPIENT_FLAG 0x4 #define CRYPT_MESSAGE_KEYID_RECIPIENT_FLAG 0x4
skipping to change at line 12884 skipping to change at line 14947
// hCryptProv is used to compute the hash. // hCryptProv is used to compute the hash.
// //
// pvHashAuxInfo currently isn't used and must be set to NULL. // pvHashAuxInfo currently isn't used and must be set to NULL.
// //
// cbSize must be set to the sizeof(CRYPT_HASH_MESSAGE_PARA) or else // cbSize must be set to the sizeof(CRYPT_HASH_MESSAGE_PARA) or else
// LastError will be updated with E_INVALIDARG. // LastError will be updated with E_INVALIDARG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_HASH_MESSAGE_PARA { typedef struct _CRYPT_HASH_MESSAGE_PARA {
DWORD cbSize; DWORD cbSize;
DWORD dwMsgEncodingType; DWORD dwMsgEncodingType;
HCRYPTPROV hCryptProv; HCRYPTPROV_LEGACY hCryptProv;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
void *pvHashAuxInfo; void *pvHashAuxInfo;
} CRYPT_HASH_MESSAGE_PARA, *PCRYPT_HASH_MESSAGE_PARA; } CRYPT_HASH_MESSAGE_PARA, *PCRYPT_HASH_MESSAGE_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The CRYPT_KEY_SIGN_MESSAGE_PARA are used for signing messages until a // The CRYPT_KEY_SIGN_MESSAGE_PARA are used for signing messages until a
// certificate has been created for the signature key. // certificate has been created for the signature key.
// //
// pvHashAuxInfo currently isn't used and must be set to NULL. // pvHashAuxInfo currently isn't used and must be set to NULL.
// //
// If PubKeyAlgorithm isn't set, defaults to szOID_RSA_RSA. // If PubKeyAlgorithm isn't set, defaults to szOID_RSA_RSA.
// //
// cbSize must be set to the sizeof(CRYPT_KEY_SIGN_MESSAGE_PARA) or else // cbSize must be set to the sizeof(CRYPT_KEY_SIGN_MESSAGE_PARA) or else
// LastError will be updated with E_INVALIDARG. // LastError will be updated with E_INVALIDARG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_KEY_SIGN_MESSAGE_PARA { typedef struct _CRYPT_KEY_SIGN_MESSAGE_PARA {
DWORD cbSize; DWORD cbSize;
DWORD dwMsgAndCertEncodingType; DWORD dwMsgAndCertEncodingType;
HCRYPTPROV hCryptProv;
// NCryptIsKeyHandle() is called to determine the union choice.
union {
HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey;
};
// not applicable for hNCryptKey choice
DWORD dwKeySpec; DWORD dwKeySpec;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
void *pvHashAuxInfo; void *pvHashAuxInfo;
// This is also referred to as the SignatureAlgorithm
CRYPT_ALGORITHM_IDENTIFIER PubKeyAlgorithm; CRYPT_ALGORITHM_IDENTIFIER PubKeyAlgorithm;
} CRYPT_KEY_SIGN_MESSAGE_PARA, *PCRYPT_KEY_SIGN_MESSAGE_PARA; } CRYPT_KEY_SIGN_MESSAGE_PARA, *PCRYPT_KEY_SIGN_MESSAGE_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The CRYPT_KEY_VERIFY_MESSAGE_PARA are used to verify signed messages without // The CRYPT_KEY_VERIFY_MESSAGE_PARA are used to verify signed messages without
// a certificate for the signer. // a certificate for the signer.
// //
// Normally used until a certificate has been created for the key. // Normally used until a certificate has been created for the key.
// //
// hCryptProv is used to do hashing and signature verification. // hCryptProv is used to do hashing and signature verification.
// //
// cbSize must be set to the sizeof(CRYPT_KEY_VERIFY_MESSAGE_PARA) or else // cbSize must be set to the sizeof(CRYPT_KEY_VERIFY_MESSAGE_PARA) or else
// LastError will be updated with E_INVALIDARG. // LastError will be updated with E_INVALIDARG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_KEY_VERIFY_MESSAGE_PARA { typedef struct _CRYPT_KEY_VERIFY_MESSAGE_PARA {
DWORD cbSize; DWORD cbSize;
DWORD dwMsgEncodingType; DWORD dwMsgEncodingType;
HCRYPTPROV hCryptProv; HCRYPTPROV_LEGACY hCryptProv;
} CRYPT_KEY_VERIFY_MESSAGE_PARA, *PCRYPT_KEY_VERIFY_MESSAGE_PARA; } CRYPT_KEY_VERIFY_MESSAGE_PARA, *PCRYPT_KEY_VERIFY_MESSAGE_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign the message. // Sign the message.
// //
// If fDetachedSignature is TRUE, the "to be signed" content isn't included // If fDetachedSignature is TRUE, the "to be signed" content isn't included
// in the encoded signed blob. // in the encoded signed blob.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSignMessage( CryptSignMessage(
IN PCRYPT_SIGN_MESSAGE_PARA pSignPara, __in PCRYPT_SIGN_MESSAGE_PARA pSignPara,
IN BOOL fDetachedSignature, __in BOOL fDetachedSignature,
IN DWORD cToBeSigned, __in DWORD cToBeSigned,
IN const BYTE *rgpbToBeSigned[], __in_ecount_opt(cToBeSigned) const BYTE *rgpbToBeSigned[],
IN DWORD rgcbToBeSigned[], __in_ecount(cToBeSigned) DWORD rgcbToBeSigned[],
OUT BYTE *pbSignedBlob, __out_bcount_part_opt(*pcbSignedBlob, *pcbSignedBlob) BYTE *pbSignedBlob,
IN OUT DWORD *pcbSignedBlob __inout DWORD *pcbSignedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a signed message. // Verify a signed message.
// //
// If pbDecoded == NULL, then, *pcbDecoded is implicitly set to 0 on input. // If pbDecoded == NULL, then, *pcbDecoded is implicitly set to 0 on input.
// For *pcbDecoded == 0 && ppSignerCert == NULL on input, the signer isn't // For *pcbDecoded == 0 && ppSignerCert == NULL on input, the signer isn't
// verified. // verified.
// //
// A message might have more than one signer. Set dwSignerIndex to iterate // A message might have more than one signer. Set dwSignerIndex to iterate
skipping to change at line 12986 skipping to change at line 15058
// CRYPT_E_NO_SIGNER. Also, for CRYPT_E_NO_SIGNER, pfnGetSignerCertificate // CRYPT_E_NO_SIGNER. Also, for CRYPT_E_NO_SIGNER, pfnGetSignerCertificate
// is still called with pSignerId set to NULL. // is still called with pSignerId set to NULL.
// //
// Note, an alternative way to get the certificates and CRLs from a // Note, an alternative way to get the certificates and CRLs from a
// signed message is to call CryptGetMessageCertificates. // signed message is to call CryptGetMessageCertificates.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptVerifyMessageSignature( CryptVerifyMessageSignature(
IN PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, __in PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara,
IN DWORD dwSignerIndex, __in DWORD dwSignerIndex,
IN const BYTE *pbSignedBlob, __in_bcount(cbSignedBlob) const BYTE *pbSignedBlob,
IN DWORD cbSignedBlob, __in DWORD cbSignedBlob,
OUT BYTE OPTIONAL *pbDecoded, __out_bcount_part_opt(*pcbDecoded, *pcbDecoded) BYTE *pbDecoded,
IN OUT OPTIONAL DWORD *pcbDecoded, __inout_opt DWORD *pcbDecoded,
OUT OPTIONAL PCCERT_CONTEXT *ppSignerCert __deref_opt_out_opt PCCERT_CONTEXT *ppSignerCert
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Returns the count of signers in the signed message. For no signers, returns // Returns the count of signers in the signed message. For no signers, returns
// 0. For an error returns -1 with LastError updated accordingly. // 0. For an error returns -1 with LastError updated accordingly.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
LONG LONG
WINAPI WINAPI
CryptGetMessageSignerCount( CryptGetMessageSignerCount(
IN DWORD dwMsgEncodingType, __in DWORD dwMsgEncodingType,
IN const BYTE *pbSignedBlob, __in_bcount(cbSignedBlob) const BYTE *pbSignedBlob,
IN DWORD cbSignedBlob __in DWORD cbSignedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Returns the cert store containing the message's certs and CRLs. // Returns the cert store containing the message's certs and CRLs.
// For an error, returns NULL with LastError updated. // For an error, returns NULL with LastError updated.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCERTSTORE HCERTSTORE
WINAPI WINAPI
CryptGetMessageCertificates( CryptGetMessageCertificates(
IN DWORD dwMsgAndCertEncodingType, __in DWORD dwMsgAndCertEncodingType,
IN HCRYPTPROV hCryptProv, // passed to CertOpenStore __in_opt HCRYPTPROV_LEGACY hCryptProv, // passed to CertOpenStore
IN DWORD dwFlags, // passed to CertOpenStore __in DWORD dwFlags, // passed to CertOpenStore
IN const BYTE *pbSignedBlob, __in_bcount(cbSignedBlob) const BYTE *pbSignedBlob,
IN DWORD cbSignedBlob __in DWORD cbSignedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a signed message containing detached signature(s). // Verify a signed message containing detached signature(s).
// The "to be signed" content is passed in separately. No // The "to be signed" content is passed in separately. No
// decoded output. Otherwise, identical to CryptVerifyMessageSignature. // decoded output. Otherwise, identical to CryptVerifyMessageSignature.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptVerifyDetachedMessageSignature( CryptVerifyDetachedMessageSignature(
IN PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, __in PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara,
IN DWORD dwSignerIndex, __in DWORD dwSignerIndex,
IN const BYTE *pbDetachedSignBlob, __in_bcount(cbDetachedSignBlob) const BYTE *pbDetachedSignBlob,
IN DWORD cbDetachedSignBlob, __in DWORD cbDetachedSignBlob,
IN DWORD cToBeSigned, __in DWORD cToBeSigned,
IN const BYTE *rgpbToBeSigned[], __in_ecount(cToBeSigned) const BYTE *rgpbToBeSigned[],
IN DWORD rgcbToBeSigned[], __in_ecount(cToBeSigned) DWORD rgcbToBeSigned[],
OUT OPTIONAL PCCERT_CONTEXT *ppSignerCert __deref_opt_out_opt PCCERT_CONTEXT *ppSignerCert
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Encrypts the message for the recipient(s). // Encrypts the message for the recipient(s).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEncryptMessage( CryptEncryptMessage(
IN PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara, __in PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara,
IN DWORD cRecipientCert, __in DWORD cRecipientCert,
IN PCCERT_CONTEXT rgpRecipientCert[], __in_ecount(cRecipientCert) PCCERT_CONTEXT rgpRecipientCert[],
IN const BYTE *pbToBeEncrypted, __in_bcount_opt(cbToBeEncrypted) const BYTE *pbToBeEncrypted,
IN DWORD cbToBeEncrypted, __in DWORD cbToBeEncrypted,
OUT BYTE *pbEncryptedBlob, __out_bcount_part_opt(*pcbEncryptedBlob, *pcbEncryptedBlob) BYTE *pbEncrypte
IN OUT DWORD *pcbEncryptedBlob dBlob,
__inout DWORD *pcbEncryptedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Decrypts the message. // Decrypts the message.
// //
// If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input. // If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input.
// For *pcbDecrypted == 0 && ppXchgCert == NULL on input, the message isn't // For *pcbDecrypted == 0 && ppXchgCert == NULL on input, the message isn't
// decrypted. // decrypted.
// //
// For a successfully decrypted message, *ppXchgCert is updated // For a successfully decrypted message, *ppXchgCert is updated
// with the CertContext used to decrypt. It must be freed by calling // with the CertContext used to decrypt. It must be freed by calling
// CertStoreFreeCert. Otherwise, *ppXchgCert is set to NULL. // CertStoreFreeCert. Otherwise, *ppXchgCert is set to NULL.
// //
// ppXchgCert can be NULL, indicating the caller isn't interested // ppXchgCert can be NULL, indicating the caller isn't interested
// in getting the CertContext used to decrypt. // in getting the CertContext used to decrypt.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecryptMessage( CryptDecryptMessage(
IN PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara, __in PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
IN const BYTE *pbEncryptedBlob, __in_bcount(cbEncryptedBlob) const BYTE *pbEncryptedBlob,
IN DWORD cbEncryptedBlob, __in DWORD cbEncryptedBlob,
OUT OPTIONAL BYTE *pbDecrypted, __out_bcount_part_opt(*pcbDecrypted, *pcbDecrypted) BYTE *pbDecrypted,
IN OUT OPTIONAL DWORD *pcbDecrypted, __inout_opt DWORD *pcbDecrypted,
OUT OPTIONAL PCCERT_CONTEXT *ppXchgCert __deref_opt_out_opt PCCERT_CONTEXT *ppXchgCert
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign the message and encrypt for the recipient(s). Does a CryptSignMessage // Sign the message and encrypt for the recipient(s). Does a CryptSignMessage
// followed with a CryptEncryptMessage. // followed with a CryptEncryptMessage.
// //
// Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED // Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED
// inside of an CMSG_ENVELOPED. // inside of an CMSG_ENVELOPED.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSignAndEncryptMessage( CryptSignAndEncryptMessage(
IN PCRYPT_SIGN_MESSAGE_PARA pSignPara, __in PCRYPT_SIGN_MESSAGE_PARA pSignPara,
IN PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara, __in PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara,
IN DWORD cRecipientCert, __in DWORD cRecipientCert,
IN PCCERT_CONTEXT rgpRecipientCert[], __in_ecount(cRecipientCert) PCCERT_CONTEXT rgpRecipientCert[],
IN const BYTE *pbToBeSignedAndEncrypted, __in_bcount(cbToBeSignedAndEncrypted) const BYTE *pbToBeSignedAndEncrypted,
IN DWORD cbToBeSignedAndEncrypted, __in DWORD cbToBeSignedAndEncrypted,
OUT BYTE *pbSignedAndEncryptedBlob, __out_bcount_part_opt(*pcbSignedAndEncryptedBlob, *pcbSignedAndEncryptedBlob
IN OUT DWORD *pcbSignedAndEncryptedBlob ) BYTE *pbSignedAndEncryptedBlob,
__inout DWORD *pcbSignedAndEncryptedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Decrypts the message and verifies the signer. Does a CryptDecryptMessage // Decrypts the message and verifies the signer. Does a CryptDecryptMessage
// followed with a CryptVerifyMessageSignature. // followed with a CryptVerifyMessageSignature.
// //
// If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input. // If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input.
// For *pcbDecrypted == 0 && ppSignerCert == NULL on input, the signer isn't // For *pcbDecrypted == 0 && ppSignerCert == NULL on input, the signer isn't
// verified. // verified.
// //
skipping to change at line 13136 skipping to change at line 15208
// Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED // Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED
// inside of an CMSG_ENVELOPED. // inside of an CMSG_ENVELOPED.
// //
// The message always needs to be decrypted to allow access to the // The message always needs to be decrypted to allow access to the
// signed message. Therefore, if ppXchgCert != NULL, its always updated. // signed message. Therefore, if ppXchgCert != NULL, its always updated.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecryptAndVerifyMessageSignature( CryptDecryptAndVerifyMessageSignature(
IN PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara, __in PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
IN PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, __in PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara,
IN DWORD dwSignerIndex, __in DWORD dwSignerIndex,
IN const BYTE *pbEncryptedBlob, __in_bcount(cbEncryptedBlob) const BYTE *pbEncryptedBlob,
IN DWORD cbEncryptedBlob, __in DWORD cbEncryptedBlob,
OUT OPTIONAL BYTE *pbDecrypted, __out_bcount_part_opt(*pcbDecrypted, *pcbDecrypted) BYTE *pbDecrypted,
IN OUT OPTIONAL DWORD *pcbDecrypted, __inout_opt DWORD *pcbDecrypted,
OUT OPTIONAL PCCERT_CONTEXT *ppXchgCert, __deref_opt_out_opt PCCERT_CONTEXT *ppXchgCert,
OUT OPTIONAL PCCERT_CONTEXT *ppSignerCert __deref_opt_out_opt PCCERT_CONTEXT *ppSignerCert
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Decodes a cryptographic message which may be one of the following types: // Decodes a cryptographic message which may be one of the following types:
// CMSG_DATA // CMSG_DATA
// CMSG_SIGNED // CMSG_SIGNED
// CMSG_ENVELOPED // CMSG_ENVELOPED
// CMSG_SIGNED_AND_ENVELOPED // CMSG_SIGNED_AND_ENVELOPED
// CMSG_HASHED // CMSG_HASHED
// //
skipping to change at line 13183 skipping to change at line 15255
// For CMSG_SIGNED: same as CryptVerifyMessageSignature. // For CMSG_SIGNED: same as CryptVerifyMessageSignature.
// For CMSG_ENVELOPED: same as CryptDecryptMessage. // For CMSG_ENVELOPED: same as CryptDecryptMessage.
// For CMSG_SIGNED_AND_ENVELOPED: same as CryptDecryptMessage plus // For CMSG_SIGNED_AND_ENVELOPED: same as CryptDecryptMessage plus
// CryptVerifyMessageSignature. // CryptVerifyMessageSignature.
// For CMSG_HASHED: verifies the hash and returns decoded content. // For CMSG_HASHED: verifies the hash and returns decoded content.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecodeMessage( CryptDecodeMessage(
IN DWORD dwMsgTypeFlags, __in DWORD dwMsgTypeFlags,
IN PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara, __in_opt PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
IN PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, __in_opt PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara,
IN DWORD dwSignerIndex, __in DWORD dwSignerIndex,
IN const BYTE *pbEncodedBlob, __in_bcount(cbEncodedBlob) const BYTE *pbEncodedBlob,
IN DWORD cbEncodedBlob, __in DWORD cbEncodedBlob,
IN DWORD dwPrevInnerContentType, __in DWORD dwPrevInnerContentType,
OUT OPTIONAL DWORD *pdwMsgType, __out_opt DWORD *pdwMsgType,
OUT OPTIONAL DWORD *pdwInnerContentType, __out_opt DWORD *pdwInnerContentType,
OUT OPTIONAL BYTE *pbDecoded, __out_bcount_part_opt(*pcbDecoded, *pcbDecoded) BYTE *pbDecoded,
IN OUT OPTIONAL DWORD *pcbDecoded, __inout_opt DWORD *pcbDecoded,
OUT OPTIONAL PCCERT_CONTEXT *ppXchgCert, __deref_opt_out_opt PCCERT_CONTEXT *ppXchgCert,
OUT OPTIONAL PCCERT_CONTEXT *ppSignerCert __deref_opt_out_opt PCCERT_CONTEXT *ppSignerCert
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Hash the message. // Hash the message.
// //
// If fDetachedHash is TRUE, only the ComputedHash is encoded in the // If fDetachedHash is TRUE, only the ComputedHash is encoded in the
// pbHashedBlob. Otherwise, both the ToBeHashed and ComputedHash // pbHashedBlob. Otherwise, both the ToBeHashed and ComputedHash
// are encoded. // are encoded.
// //
// pcbHashedBlob or pcbComputedHash can be NULL, indicating the caller // pcbHashedBlob or pcbComputedHash can be NULL, indicating the caller
// isn't interested in getting the output. // isn't interested in getting the output.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptHashMessage( CryptHashMessage(
IN PCRYPT_HASH_MESSAGE_PARA pHashPara, __in PCRYPT_HASH_MESSAGE_PARA pHashPara,
IN BOOL fDetachedHash, __in BOOL fDetachedHash,
IN DWORD cToBeHashed, __in DWORD cToBeHashed,
IN const BYTE *rgpbToBeHashed[], __in_ecount(cToBeHashed) const BYTE *rgpbToBeHashed[],
IN DWORD rgcbToBeHashed[], __in_ecount(cToBeHashed) DWORD rgcbToBeHashed[],
OUT OPTIONAL BYTE *pbHashedBlob, __out_bcount_part_opt(*pcbHashedBlob, *pcbHashedBlob) BYTE *pbHashedBlob,
IN OUT OPTIONAL DWORD *pcbHashedBlob, __inout_opt DWORD *pcbHashedBlob,
OUT OPTIONAL BYTE *pbComputedHash, __out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa
IN OUT OPTIONAL DWORD *pcbComputedHash sh,
__inout_opt DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a hashed message. // Verify a hashed message.
// //
// pcbToBeHashed or pcbComputedHash can be NULL, // pcbToBeHashed or pcbComputedHash can be NULL,
// indicating the caller isn't interested in getting the output. // indicating the caller isn't interested in getting the output.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptVerifyMessageHash( CryptVerifyMessageHash(
IN PCRYPT_HASH_MESSAGE_PARA pHashPara, __in PCRYPT_HASH_MESSAGE_PARA pHashPara,
IN BYTE *pbHashedBlob, __in_bcount(cbHashedBlob) BYTE *pbHashedBlob,
IN DWORD cbHashedBlob, __in DWORD cbHashedBlob,
OUT OPTIONAL BYTE *pbToBeHashed, __out_bcount_part_opt(*pcbToBeHashed, *pcbToBeHashed) BYTE *pbToBeHashed,
IN OUT OPTIONAL DWORD *pcbToBeHashed, __inout_opt DWORD *pcbToBeHashed,
OUT OPTIONAL BYTE *pbComputedHash, __out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa
IN OUT OPTIONAL DWORD *pcbComputedHash sh,
__inout_opt DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a hashed message containing a detached hash. // Verify a hashed message containing a detached hash.
// The "to be hashed" content is passed in separately. No // The "to be hashed" content is passed in separately. No
// decoded output. Otherwise, identical to CryptVerifyMessageHash. // decoded output. Otherwise, identical to CryptVerifyMessageHash.
// //
// pcbComputedHash can be NULL, indicating the caller isn't interested // pcbComputedHash can be NULL, indicating the caller isn't interested
// in getting the output. // in getting the output.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptVerifyDetachedMessageHash( CryptVerifyDetachedMessageHash(
IN PCRYPT_HASH_MESSAGE_PARA pHashPara, __in PCRYPT_HASH_MESSAGE_PARA pHashPara,
IN BYTE *pbDetachedHashBlob, __in_bcount(cbDetachedHashBlob) BYTE *pbDetachedHashBlob,
IN DWORD cbDetachedHashBlob, __in DWORD cbDetachedHashBlob,
IN DWORD cToBeHashed, __in DWORD cToBeHashed,
IN const BYTE *rgpbToBeHashed[], __in_ecount(cToBeHashed) const BYTE *rgpbToBeHashed[],
IN DWORD rgcbToBeHashed[], __in_ecount(cToBeHashed) DWORD rgcbToBeHashed[],
OUT OPTIONAL BYTE *pbComputedHash, __out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa
IN OUT OPTIONAL DWORD *pcbComputedHash sh,
__inout_opt DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign the message using the provider's private key specified in the // Sign the message using the provider's private key specified in the
// parameters. A dummy SignerId is created and stored in the message. // parameters. A dummy SignerId is created and stored in the message.
// //
// Normally used until a certificate has been created for the key. // Normally used until a certificate has been created for the key.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSignMessageWithKey( CryptSignMessageWithKey(
IN PCRYPT_KEY_SIGN_MESSAGE_PARA pSignPara, __in PCRYPT_KEY_SIGN_MESSAGE_PARA pSignPara,
IN const BYTE *pbToBeSigned, __in_bcount(cbToBeSigned) const BYTE *pbToBeSigned,
IN DWORD cbToBeSigned, __in DWORD cbToBeSigned,
OUT BYTE *pbSignedBlob, __out_bcount_part_opt(*pcbSignedBlob, *pcbSignedBlob) BYTE *pbSignedBlob,
IN OUT DWORD *pcbSignedBlob __inout DWORD *pcbSignedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a signed message using the specified public key info. // Verify a signed message using the specified public key info.
// //
// Normally called by a CA until it has created a certificate for the // Normally called by a CA until it has created a certificate for the
// key. // key.
// //
// pPublicKeyInfo contains the public key to use to verify the signed // pPublicKeyInfo contains the public key to use to verify the signed
// message. If NULL, the signature isn't verified (for instance, the decoded // message. If NULL, the signature isn't verified (for instance, the decoded
// content may contain the PublicKeyInfo). // content may contain the PublicKeyInfo).
// //
// pcbDecoded can be NULL, indicating the caller isn't interested // pcbDecoded can be NULL, indicating the caller isn't interested
// in getting the decoded content. // in getting the decoded content.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptVerifyMessageSignatureWithKey( CryptVerifyMessageSignatureWithKey(
IN PCRYPT_KEY_VERIFY_MESSAGE_PARA pVerifyPara, __in PCRYPT_KEY_VERIFY_MESSAGE_PARA pVerifyPara,
IN OPTIONAL PCERT_PUBLIC_KEY_INFO pPublicKeyInfo, __in_opt PCERT_PUBLIC_KEY_INFO pPublicKeyInfo,
IN const BYTE *pbSignedBlob, __in_bcount(cbSignedBlob) const BYTE *pbSignedBlob,
IN DWORD cbSignedBlob, __in DWORD cbSignedBlob,
OUT OPTIONAL BYTE *pbDecoded, __out_bcount_part_opt(*pcbDecoded, *pcbDecoded) BYTE *pbDecoded,
IN OUT OPTIONAL DWORD *pcbDecoded __inout_opt DWORD *pcbDecoded
); );
//+========================================================================= //+=========================================================================
// System Certificate Store Data Structures and APIs // System Certificate Store Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get a system certificate store based on a subsystem protocol. // Get a system certificate store based on a subsystem protocol.
// //
// Current examples of subsystems protocols are: // Current examples of subsystems protocols are:
skipping to change at line 13334 skipping to change at line 15406
// The returned Cert Store can be searched for an appropriate Cert // The returned Cert Store can be searched for an appropriate Cert
// using the Cert Store API's (see certstor.h) // using the Cert Store API's (see certstor.h)
// //
// When done, the cert store should be closed using CertStoreClose // When done, the cert store should be closed using CertStoreClose
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCERTSTORE HCERTSTORE
WINAPI WINAPI
CertOpenSystemStoreA( CertOpenSystemStoreA(
HCRYPTPROV hProv, __in_opt HCRYPTPROV_LEGACY hProv,
LPCSTR szSubsystemProtocol __in LPCSTR szSubsystemProtocol
); );
WINCRYPT32API WINCRYPT32API
HCERTSTORE HCERTSTORE
WINAPI WINAPI
CertOpenSystemStoreW( CertOpenSystemStoreW(
HCRYPTPROV hProv, __in_opt HCRYPTPROV_LEGACY hProv,
LPCWSTR szSubsystemProtocol __in LPCWSTR szSubsystemProtocol
); );
#ifdef UNICODE #ifdef UNICODE
#define CertOpenSystemStore CertOpenSystemStoreW #define CertOpenSystemStore CertOpenSystemStoreW
#else #else
#define CertOpenSystemStore CertOpenSystemStoreA #define CertOpenSystemStore CertOpenSystemStoreA
#endif // !UNICODE #endif // !UNICODE
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertAddEncodedCertificateToSystemStoreA( CertAddEncodedCertificateToSystemStoreA(
LPCSTR szCertStoreName, __in LPCSTR szCertStoreName,
const BYTE * pbCertEncoded, __in_bcount(cbCertEncoded) const BYTE * pbCertEncoded,
DWORD cbCertEncoded __in DWORD cbCertEncoded
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertAddEncodedCertificateToSystemStoreW( CertAddEncodedCertificateToSystemStoreW(
LPCWSTR szCertStoreName, __in LPCWSTR szCertStoreName,
const BYTE * pbCertEncoded, __in_bcount(cbCertEncoded) const BYTE * pbCertEncoded,
DWORD cbCertEncoded __in DWORD cbCertEncoded
); );
#ifdef UNICODE #ifdef UNICODE
#define CertAddEncodedCertificateToSystemStore CertAddEncodedCertificateToSyste mStoreW #define CertAddEncodedCertificateToSystemStore CertAddEncodedCertificateToSyste mStoreW
#else #else
#define CertAddEncodedCertificateToSystemStore CertAddEncodedCertificateToSyste mStoreA #define CertAddEncodedCertificateToSystemStore CertAddEncodedCertificateToSyste mStoreA
#endif // !UNICODE #endif // !UNICODE
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find all certificate chains tying the given issuer name to any certificate // Find all certificate chains tying the given issuer name to any certificate
// that the current user has a private key for. // that the current user has a private key for.
skipping to change at line 13394 skipping to change at line 15466
DWORD cCerts; // number of certs in chain DWORD cCerts; // number of certs in chain
PCERT_BLOB certs; // pointer to array of cert chain blobs PCERT_BLOB certs; // pointer to array of cert chain blobs
// representing the certs // representing the certs
CRYPT_KEY_PROV_INFO keyLocatorInfo; // key locator for cert CRYPT_KEY_PROV_INFO keyLocatorInfo; // key locator for cert
} CERT_CHAIN, *PCERT_CHAIN; } CERT_CHAIN, *PCERT_CHAIN;
// WINCRYPT32API This is not exported by crypt32, it is exported by softpub // WINCRYPT32API This is not exported by crypt32, it is exported by softpub
HRESULT HRESULT
WINAPI WINAPI
FindCertsByIssuer( FindCertsByIssuer(
OUT PCERT_CHAIN pCertChains, __out_bcount_part_opt(*pcbCertChains, *pcbCertChains) PCERT_CHAIN pCertChain
IN OUT DWORD *pcbCertChains, s,
OUT DWORD *pcCertChains, // count of certificates chains returned __inout DWORD *pcbCertChains,
IN BYTE* pbEncodedIssuerName, // DER encoded issuer name __out DWORD *pcCertChains, // count of certificates chains returned
IN DWORD cbEncodedIssuerName, // count in bytes of encoded issuer name __in_bcount_opt(cbEncodedIssuerName) BYTE* pbEncodedIssuerName, // DER enc
IN LPCWSTR pwszPurpose, // "ClientAuth" or "CodeSigning" oded issuer name
IN DWORD dwKeySpec // only return signers supporting this __in DWORD cbEncodedIssuerName, // count in bytes of encoded issuer name
// keyspec __in_opt LPCWSTR pwszPurpose, // "ClientAuth" or "CodeSigning"
__in DWORD dwKeySpec // only return signers supporting this
// keyspec
); );
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
// //
// CryptQueryObject takes a CERT_BLOB or a file name and returns the // CryptQueryObject takes a CERT_BLOB or a file name and returns the
// information about the content in the blob or in the file. // information about the content in the blob or in the file.
// //
// Parameters: // Parameters:
// INPUT dwObjectType: // INPUT dwObjectType:
// Indicate the type of the object. Should be one of the // Indicate the type of the object. Should be one of the
skipping to change at line 13439 skipping to change at line 15511
// CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE // CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE
// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT // CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT
// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL // CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL
// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL // CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL
// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED // CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
// CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED // CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED // CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED
// CERT_QUERY_CONTENT_FLAG_PKCS10 // CERT_QUERY_CONTENT_FLAG_PKCS10
// CERT_QUERY_CONTENT_FLAG_PFX // CERT_QUERY_CONTENT_FLAG_PFX
// CERT_QUERY_CONTENT_FLAG_CERT_PAIR // CERT_QUERY_CONTENT_FLAG_CERT_PAIR
// CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD
// //
// INPUT dwExpectedFormatTypeFlags: // INPUT dwExpectedFormatTypeFlags:
// Indicate the expected format type. // Indicate the expected format type.
// Can be one of the following: // Can be one of the following:
// CERT_QUERY_FORMAT_FLAG_ALL (the content can be a ny format) // CERT_QUERY_FORMAT_FLAG_ALL (the content can be a ny format)
// CERT_QUERY_FORMAT_FLAG_BINARY // CERT_QUERY_FORMAT_FLAG_BINARY
// CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED // CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED
// CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED // CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED
// //
// //
skipping to change at line 13475 skipping to change at line 15548
// CERT_QUERY_CONTENT_SERIALIZED_STORE // CERT_QUERY_CONTENT_SERIALIZED_STORE
// CERT_QUERY_CONTENT_SERIALIZED_CERT // CERT_QUERY_CONTENT_SERIALIZED_CERT
// CERT_QUERY_CONTENT_SERIALIZED_CTL // CERT_QUERY_CONTENT_SERIALIZED_CTL
// CERT_QUERY_CONTENT_SERIALIZED_CRL // CERT_QUERY_CONTENT_SERIALIZED_CRL
// CERT_QUERY_CONTENT_PKCS7_SIGNED // CERT_QUERY_CONTENT_PKCS7_SIGNED
// CERT_QUERY_CONTENT_PKCS7_UNSIGNED // CERT_QUERY_CONTENT_PKCS7_UNSIGNED
// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED // CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
// CERT_QUERY_CONTENT_PKCS10 // CERT_QUERY_CONTENT_PKCS10
// CERT_QUERY_CONTENT_PFX // CERT_QUERY_CONTENT_PFX
// CERT_QUERY_CONTENT_CERT_PAIR // CERT_QUERY_CONTENT_CERT_PAIR
// CERT_QUERY_CONTENT_PFX_AND_LOAD
// //
// OUTPUT pdwFormatType // OUTPUT pdwFormatType
// Optional output. If NULL !=pdwFormatType, it // Optional output. If NULL !=pdwFormatType, it
// contains the format type of the content as one of the // contains the format type of the content as one of the
// following: // following:
// CERT_QUERY_FORMAT_BINARY // CERT_QUERY_FORMAT_BINARY
// CERT_QUERY_FORMAT_BASE64_ENCODED // CERT_QUERY_FORMAT_BASE64_ENCODED
// CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED // CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED
// //
// //
skipping to change at line 13536 skipping to change at line 15610
// CERT_QUERY_CONTENT_SERIALIZED_CTL, it is a PCCTL_CONTEXT ; // CERT_QUERY_CONTENT_SERIALIZED_CTL, it is a PCCTL_CONTEXT ;
// Caller should free the pContext via CertFreeCTLContext. // Caller should free the pContext via CertFreeCTLContext.
// //
// If the *pbObject is of type CERT_QUERY_CONTENT_PKCS10 or CERT_QUERY_CONTENT_ PFX, CryptQueryObject // If the *pbObject is of type CERT_QUERY_CONTENT_PKCS10 or CERT_QUERY_CONTENT_ PFX, CryptQueryObject
// will not return anything in *phCertstore, *phMsg, or *ppvContext. // will not return anything in *phCertstore, *phMsg, or *ppvContext.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptQueryObject( CryptQueryObject(
DWORD dwObjectType, __in DWORD dwObjectType,
const void *pvObject, __in const void *pvObject,
DWORD dwExpectedContentTypeFlags, __in DWORD dwExpectedContentTypeFlags,
DWORD dwExpectedFormatTypeFlags, __in DWORD dwExpectedFormatTypeFlags,
DWORD dwFlags, __in DWORD dwFlags,
DWORD *pdwMsgAndCertEncodingType, __out_opt DWORD *pdwMsgAndCertEncodingType,
DWORD *pdwContentType, __out_opt DWORD *pdwContentType,
DWORD *pdwFormatType, __out_opt DWORD *pdwFormatType,
HCERTSTORE *phCertStore, __out_opt HCERTSTORE *phCertStore,
HCRYPTMSG *phMsg, __out_opt HCRYPTMSG *phMsg,
const void **ppvContext __deref_opt_out_opt const void **ppvContext
); );
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//dwObjectType for CryptQueryObject //dwObjectType for CryptQueryObject
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
#define CERT_QUERY_OBJECT_FILE 0x00000001 #define CERT_QUERY_OBJECT_FILE 0x00000001
#define CERT_QUERY_OBJECT_BLOB 0x00000002 #define CERT_QUERY_OBJECT_BLOB 0x00000002
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//dwContentType for CryptQueryObject //dwContentType for CryptQueryObject
skipping to change at line 13580 skipping to change at line 15654
//serialized single CRL //serialized single CRL
#define CERT_QUERY_CONTENT_SERIALIZED_CRL 7 #define CERT_QUERY_CONTENT_SERIALIZED_CRL 7
//a PKCS#7 signed message //a PKCS#7 signed message
#define CERT_QUERY_CONTENT_PKCS7_SIGNED 8 #define CERT_QUERY_CONTENT_PKCS7_SIGNED 8
//a PKCS#7 message, such as enveloped message. But it is not a signed message, //a PKCS#7 message, such as enveloped message. But it is not a signed message,
#define CERT_QUERY_CONTENT_PKCS7_UNSIGNED 9 #define CERT_QUERY_CONTENT_PKCS7_UNSIGNED 9
//a PKCS7 signed message embedded in a file //a PKCS7 signed message embedded in a file
#define CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED 10 #define CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED 10
//an encoded PKCS#10 //an encoded PKCS#10
#define CERT_QUERY_CONTENT_PKCS10 11 #define CERT_QUERY_CONTENT_PKCS10 11
//an encoded PKX BLOB //an encoded PFX BLOB
#define CERT_QUERY_CONTENT_PFX 12 #define CERT_QUERY_CONTENT_PFX 12
//an encoded CertificatePair (contains forward and/or reverse cross certs) //an encoded CertificatePair (contains forward and/or reverse cross certs)
#define CERT_QUERY_CONTENT_CERT_PAIR 13 #define CERT_QUERY_CONTENT_CERT_PAIR 13
//an encoded PFX BLOB, which was loaded to phCertStore
#define CERT_QUERY_CONTENT_PFX_AND_LOAD 14
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//dwExpectedConentTypeFlags for CryptQueryObject //dwExpectedConentTypeFlags for CryptQueryObject
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//encoded single certificate //encoded single certificate
#define CERT_QUERY_CONTENT_FLAG_CERT \ #define CERT_QUERY_CONTENT_FLAG_CERT \
( 1 << CERT_QUERY_CONTENT_CERT) ( 1 << CERT_QUERY_CONTENT_CERT)
//encoded single CTL //encoded single CTL
skipping to change at line 13641 skipping to change at line 15717
( 1 << CERT_QUERY_CONTENT_PKCS10) ( 1 << CERT_QUERY_CONTENT_PKCS10)
//an encoded PFX BLOB //an encoded PFX BLOB
#define CERT_QUERY_CONTENT_FLAG_PFX \ #define CERT_QUERY_CONTENT_FLAG_PFX \
( 1 << CERT_QUERY_CONTENT_PFX) ( 1 << CERT_QUERY_CONTENT_PFX)
//an encoded CertificatePair (contains forward and/or reverse cross certs) //an encoded CertificatePair (contains forward and/or reverse cross certs)
#define CERT_QUERY_CONTENT_FLAG_CERT_PAIR \ #define CERT_QUERY_CONTENT_FLAG_CERT_PAIR \
( 1 << CERT_QUERY_CONTENT_CERT_PAIR) ( 1 << CERT_QUERY_CONTENT_CERT_PAIR)
//an encoded PFX BLOB, and we do want to load it (not included in
//CERT_QUERY_CONTENT_FLAG_ALL)
#define CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD \
( 1 << CERT_QUERY_CONTENT_PFX_AND_LOAD)
//content can be any type //content can be any type
#define CERT_QUERY_CONTENT_FLAG_ALL \ #define CERT_QUERY_CONTENT_FLAG_ALL \
CERT_QUERY_CONTENT_FLAG_CERT | \ ( CERT_QUERY_CONTENT_FLAG_CERT | \
CERT_QUERY_CONTENT_FLAG_CTL | \ CERT_QUERY_CONTENT_FLAG_CTL | \
CERT_QUERY_CONTENT_FLAG_CRL | \ CERT_QUERY_CONTENT_FLAG_CRL | \
CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | \ CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | \
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | \ CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | \
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL | \ CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL | \
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL | \ CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL | \
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | \ CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | \
CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED | \ CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED | \
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED | \ CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED | \
CERT_QUERY_CONTENT_FLAG_PKCS10 | \ CERT_QUERY_CONTENT_FLAG_PKCS10 | \
CERT_QUERY_CONTENT_FLAG_PFX | \ CERT_QUERY_CONTENT_FLAG_PFX | \
CERT_QUERY_CONTENT_FLAG_CERT_PAIR CERT_QUERY_CONTENT_FLAG_CERT_PAIR )
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//dwFormatType for CryptQueryObject //dwFormatType for CryptQueryObject
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//the content is in binary format //the content is in binary format
#define CERT_QUERY_FORMAT_BINARY 1 #define CERT_QUERY_FORMAT_BINARY 1
//the content is base64 encoded //the content is base64 encoded
#define CERT_QUERY_FORMAT_BASE64_ENCODED 2 #define CERT_QUERY_FORMAT_BASE64_ENCODED 2
skipping to change at line 13685 skipping to change at line 15766
//the content is base64 encoded //the content is base64 encoded
#define CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED \ #define CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED \
( 1 << CERT_QUERY_FORMAT_BASE64_ENCODED) ( 1 << CERT_QUERY_FORMAT_BASE64_ENCODED)
//the content is ascii hex encoded with "{ASN}" prefix //the content is ascii hex encoded with "{ASN}" prefix
#define CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED \ #define CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED \
( 1 << CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED) ( 1 << CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED)
//the content can be of any format //the content can be of any format
#define CERT_QUERY_FORMAT_FLAG_ALL \ #define CERT_QUERY_FORMAT_FLAG_ALL \
CERT_QUERY_FORMAT_FLAG_BINARY | \ ( CERT_QUERY_FORMAT_FLAG_BINARY | \
CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED | \ CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED | \
CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED )
// //
// Crypt32 Memory Management Routines. All Crypt32 API which return allocated // Crypt32 Memory Management Routines. All Crypt32 API which return allocated
// buffers will do so via CryptMemAlloc, CryptMemRealloc. Clients can free // buffers will do so via CryptMemAlloc, CryptMemRealloc. Clients can free
// those buffers using CryptMemFree. Also included is CryptMemSize // those buffers using CryptMemFree. Also included is CryptMemSize
// //
WINCRYPT32API WINCRYPT32API
LPVOID LPVOID
WINAPI WINAPI
CryptMemAlloc ( CryptMemAlloc (
IN ULONG cbSize __in ULONG cbSize
); );
WINCRYPT32API WINCRYPT32API
LPVOID LPVOID
WINAPI WINAPI
CryptMemRealloc ( CryptMemRealloc (
IN LPVOID pv, __in_opt LPVOID pv,
IN ULONG cbSize __in ULONG cbSize
); );
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CryptMemFree ( CryptMemFree (
IN LPVOID pv __in_opt LPVOID pv
); );
// //
// Crypt32 Asynchronous Parameter Management Routines. All Crypt32 API which // Crypt32 Asynchronous Parameter Management Routines. All Crypt32 API which
// expose asynchronous mode operation use a Crypt32 Async Handle to pass // expose asynchronous mode operation use a Crypt32 Async Handle to pass
// around information about the operation e.g. callback routines. The // around information about the operation e.g. callback routines. The
// following API are used for manipulation of the async handle // following API are used for manipulation of the async handle
// //
// Following functions were never used. If called, will fail with LastError
// set to ERROR_CALL_NOT_IMPLEMENTED.
typedef HANDLE HCRYPTASYNC, *PHCRYPTASYNC; typedef HANDLE HCRYPTASYNC, *PHCRYPTASYNC;
typedef VOID (WINAPI *PFN_CRYPT_ASYNC_PARAM_FREE_FUNC) ( typedef VOID (WINAPI *PFN_CRYPT_ASYNC_PARAM_FREE_FUNC) (
LPSTR pszParamOid, __in LPSTR pszParamOid,
LPVOID pvParam __in LPVOID pvParam
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptCreateAsyncHandle ( CryptCreateAsyncHandle (
IN DWORD dwFlags, __in DWORD dwFlags,
OUT PHCRYPTASYNC phAsync __out PHCRYPTASYNC phAsync
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSetAsyncParam ( CryptSetAsyncParam (
IN HCRYPTASYNC hAsync, __in HCRYPTASYNC hAsync,
IN LPSTR pszParamOid, __in LPSTR pszParamOid,
IN LPVOID pvParam, __in_opt LPVOID pvParam,
IN OPTIONAL PFN_CRYPT_ASYNC_PARAM_FREE_FUNC pfnFree __callback PFN_CRYPT_ASYNC_PARAM_FREE_FUNC pfnFree
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptGetAsyncParam ( CryptGetAsyncParam (
IN HCRYPTASYNC hAsync, __in HCRYPTASYNC hAsync,
IN LPSTR pszParamOid, __in LPSTR pszParamOid,
OUT LPVOID* ppvParam, __deref_opt_out_opt LPVOID* ppvParam,
OUT OPTIONAL PFN_CRYPT_ASYNC_PARAM_FREE_FUNC* ppfnFree __deref_opt_out_opt __callback PFN_CRYPT_ASYNC_PARAM_FREE_FUNC* ppfnFree
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptCloseAsyncHandle ( CryptCloseAsyncHandle (
IN HCRYPTASYNC hAsync __in_opt HCRYPTASYNC hAsync
); );
// //
// Crypt32 Remote Object Retrieval Routines. This API allows retrieval of // Crypt32 Remote Object Retrieval Routines. This API allows retrieval of
// remote PKI objects where the location is given by an URL. The remote // remote PKI objects where the location is given by an URL. The remote
// object retrieval manager exposes two provider models. One is the "Scheme // object retrieval manager exposes two provider models. One is the "Scheme
// Provider" model which allows for installable protocol providers as defined // Provider" model which allows for installable protocol providers as defined
// by the URL scheme e.g. ldap, http, ftp. The scheme provider entry point is // by the URL scheme e.g. ldap, http, ftp. The scheme provider entry point is
// the same as the CryptRetrieveObjectByUrl however the *ppvObject returned // the same as the CryptRetrieveObjectByUrl however the *ppvObject returned
// is ALWAYS a counted array of encoded bits (one per object retrieved). The // is ALWAYS a counted array of encoded bits (one per object retrieved). The
skipping to change at line 13830 skipping to change at line 15914
// //
// The following is obsolete and has been replaced with the following // The following is obsolete and has been replaced with the following
// definition // definition
#define SCHEME_OID_RETRIEVE_ENCODED_OBJECT_FUNC "SchemeDllRetrieveEncodedObject" #define SCHEME_OID_RETRIEVE_ENCODED_OBJECT_FUNC "SchemeDllRetrieveEncodedObject"
// 2-8-02 Server 2003 changed to use UNICODE Url strings instead of multibyte // 2-8-02 Server 2003 changed to use UNICODE Url strings instead of multibyte
#define SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC "SchemeDllRetrieveEncodedObject W" #define SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC "SchemeDllRetrieveEncodedObject W"
typedef VOID (WINAPI *PFN_FREE_ENCODED_OBJECT_FUNC) ( typedef VOID (WINAPI *PFN_FREE_ENCODED_OBJECT_FUNC) (
LPCSTR pszObjectOid, __in_opt LPCSTR pszObjectOid,
PCRYPT_BLOB_ARRAY pObject, __inout PCRYPT_BLOB_ARRAY pObject,
LPVOID pvFreeContext __inout_opt LPVOID pvFreeContext
); );
// //
// SchemeDllRetrieveEncodedObject was replaced in Server 2003 with // SchemeDllRetrieveEncodedObject was replaced in Server 2003 with
// the following. (Changed to use UNICODE Url Strings.) // the following. (Changed to use UNICODE Url Strings.)
// //
// //
// SchemeDllRetrieveEncodedObjectW has the following signature: // SchemeDllRetrieveEncodedObjectW has the following signature:
// //
// __success(return == TRUE)
// BOOL WINAPI SchemeDllRetrieveEncodedObjectW ( // BOOL WINAPI SchemeDllRetrieveEncodedObjectW (
// IN LPCWSTR pwszUrl, // __in LPCWSTR pwszUrl,
// IN LPCSTR pszObjectOid, // __in_opt LPCSTR pszObjectOid,
// IN DWORD dwRetrievalFlags, // __in DWORD dwRetrievalFlags,
// IN DWORD dwTimeout, // milliseconds // __in DWORD dwTimeout, // milliseconds
// OUT PCRYPT_BLOB_ARRAY pObject, // __out PCRYPT_BLOB_ARRAY pObject,
// OUT PFN_FREE_ENCODED_OBJECT_FUNC* ppfnFreeObject, // __deref_out __callback PFN_FREE_ENCODED_OBJECT_FUNC* ppfnFr
// OUT LPVOID* ppvFreeContext, eeObject,
// IN HCRYPTASYNC hAsyncRetrieve, // __deref_out_opt LPVOID* ppvFreeContext,
// IN PCRYPT_CREDENTIALS pCredentials, // __in_opt HCRYPTASYNC hAsyncRetrieve,
// IN PCRYPT_RETRIEVE_AUX_INFO pAuxInfo // __in_opt PCRYPT_CREDENTIALS pCredentials,
// __inout_opt PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
// ) // )
// //
// //
// Context Provider Signatures // Context Provider Signatures
// //
#define CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC "ContextDllCreateObjectContext" #define CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC "ContextDllCreateObjectContext"
#define CONTEXT_OID_CERTIFICATE ((LPCSTR)1) #define CONTEXT_OID_CERTIFICATE ((LPCSTR)1)
#define CONTEXT_OID_CRL ((LPCSTR)2) #define CONTEXT_OID_CRL ((LPCSTR)2)
#define CONTEXT_OID_CTL ((LPCSTR)3) #define CONTEXT_OID_CTL ((LPCSTR)3)
#define CONTEXT_OID_PKCS7 ((LPCSTR)4) #define CONTEXT_OID_PKCS7 ((LPCSTR)4)
#define CONTEXT_OID_CAPI2_ANY ((LPCSTR)5) #define CONTEXT_OID_CAPI2_ANY ((LPCSTR)5)
#define CONTEXT_OID_OCSP_RESP ((LPCSTR)6)
// //
// ContextDllCreateObjectContext has the following signature: // ContextDllCreateObjectContext has the following signature:
// //
// __success(return == TRUE)
// BOOL WINAPI ContextDllCreateObjectContext ( // BOOL WINAPI ContextDllCreateObjectContext (
// IN LPCSTR pszObjectOid, // __in_opt LPCSTR pszObjectOid,
// IN DWORD dwRetrievalFlags, // __in DWORD dwRetrievalFlags,
// IN PCRYPT_BLOB_ARRAY pObject, // __in PCRYPT_BLOB_ARRAY pObject,
// OUT LPVOID* ppvContext // __deref_out LPVOID* ppvContext
// ) // )
// //
// //
// Remote Object Retrieval API // Remote Object Retrieval API
// //
// //
// Retrieval flags // Retrieval flags
// //
skipping to change at line 13927 skipping to change at line 16014
// names. Use this flag whenever passing a hostname as opposed to a // names. Use this flag whenever passing a hostname as opposed to a
// domain name for the hostname parameter. // domain name for the hostname parameter.
// //
// See LDAP_OPT_AREC_EXCLUSIVE defined in winldap.h for more details. // See LDAP_OPT_AREC_EXCLUSIVE defined in winldap.h for more details.
#define CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL 0x00040000 #define CRYPT_LDAP_AREC_EXCLUSIVE_RETRIEVAL 0x00040000
// Apply AIA URL restrictions, such as, validate retrieved content before // Apply AIA URL restrictions, such as, validate retrieved content before
// writing to cache. // writing to cache.
#define CRYPT_AIA_RETRIEVAL 0x00080000 #define CRYPT_AIA_RETRIEVAL 0x00080000
// For HTTP: use POST instead of the default GET
//
// The POST additional binary data and header strings are appended to
// the host name and path URL as follows:
// + L'/'<Optional url escaped and base64 encoded additional data>
// + L'?'<Optional additional headers>
//
// Here's an example of an OCSP POST URL:
// http://ocsp.openvalidation.org/MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdKNE
// wjytjKBQADcgM61jfflNpyQQUv1NDgnjQnsOA5RtnygUA37lIg6UCA
// QI%3D?Content-Type: application/ocsp-request
//
//
// When this flag is set, CryptRetrieveObjectByUrl, searches for the
// last L'/' and L'?' POST marker characters in the URL string.
// These are removed from the URL before it is passed to the WinHttp
// APIs. The L'?' string is passed as the AdditionHeaders to
// WinHttpSendRequest. The L'/' string is url unescaped (%xx converted
// to appropriate character) and base64 decoded into binary. This
// decoded binary is passed as the additional data to WinHttpSendRequest.
#define CRYPT_HTTP_POST_RETRIEVAL 0x00100000
// When this flag is set we won't attempt to bypass any potential proxy caches.
// If a proxy cache wasn't explicitly bypassed, fProxyCacheRetrieval will be
// set in pAuxInfo. Only applicable to http URL retrievals.
#define CRYPT_PROXY_CACHE_RETRIEVAL 0x00200000
// When this flag is set, for a conditional retrieval returning not modified,
// TRUE is returned and *ppvObject is set to NULL. For a nonNULL pAuxInfo,
// dwHttpStatusCode is set to winhttp.h's HTTP_STATUS_NOT_MODIFIED. Otherwise,
// *ppvObject is updated for a successful retrieval. Only applicable to
// http URL retrievals.
#define CRYPT_NOT_MODIFIED_RETRIEVAL 0x00400000
// //
// Data verification retrieval flags // Data verification retrieval flags
// //
// CRYPT_VERIFY_CONTEXT_SIGNATURE is used to get signature verification // CRYPT_VERIFY_CONTEXT_SIGNATURE is used to get signature verification
// on the context created. In this case pszObjectOid must be non-NULL and // on the context created. In this case pszObjectOid must be non-NULL and
// pvVerify points to the signer certificate context // pvVerify points to the signer certificate context
// //
// CRYPT_VERIFY_DATA_HASH is used to get verification of the blob data // CRYPT_VERIFY_DATA_HASH is used to get verification of the blob data
// retrieved by the protocol. The pvVerify points to an URL_DATA_HASH // retrieved by the protocol. The pvVerify points to an URL_DATA_HASH
// structure (TBD) // structure (TBD)
skipping to change at line 13956 skipping to change at line 16077
#define CRYPT_KEEP_TIME_VALID 0x00000080 #define CRYPT_KEEP_TIME_VALID 0x00000080
#define CRYPT_DONT_VERIFY_SIGNATURE 0x00000100 #define CRYPT_DONT_VERIFY_SIGNATURE 0x00000100
#define CRYPT_DONT_CHECK_TIME_VALIDITY 0x00000200 #define CRYPT_DONT_CHECK_TIME_VALIDITY 0x00000200
// The default checks if ftNextUpdate >= ftValidFor. Set this flag to // The default checks if ftNextUpdate >= ftValidFor. Set this flag to
// check if ftThisUpdate >= ftValidFor. // check if ftThisUpdate >= ftValidFor.
#define CRYPT_CHECK_FRESHNESS_TIME_VALIDITY 0x00000400 #define CRYPT_CHECK_FRESHNESS_TIME_VALIDITY 0x00000400
#define CRYPT_ACCUMULATIVE_TIMEOUT 0x00000800 #define CRYPT_ACCUMULATIVE_TIMEOUT 0x00000800
// Set this flag to only use OCSP AIA URLs.
#define CRYPT_OCSP_ONLY_RETRIEVAL 0x01000000
//
// Cryptnet URL Cache Pre-Fetch Info
//
typedef struct _CRYPTNET_URL_CACHE_PRE_FETCH_INFO {
DWORD cbSize;
DWORD dwObjectType;
// Possible errors:
// S_OK - Pending
// ERROR_MEDIA_OFFLINE - CRL pre-fetch disabled due to OCSP offline.
// ERROR_FILE_OFFLINE - Unchanged pre-fetch content
// ERROR_INVALID_DATA - Invalid pre-fetch content
// Other errors - Unable to retrieve pre-fetch content
DWORD dwError;
DWORD dwReserved;
FILETIME ThisUpdateTime;
FILETIME NextUpdateTime;
FILETIME PublishTime; // May be zero
} CRYPTNET_URL_CACHE_PRE_FETCH_INFO, *PCRYPTNET_URL_CACHE_PRE_FETCH_INFO;
// Pre-fetch ObjectTypes
#define CRYPTNET_URL_CACHE_PRE_FETCH_NONE 0
#define CRYPTNET_URL_CACHE_PRE_FETCH_BLOB 1
#define CRYPTNET_URL_CACHE_PRE_FETCH_CRL 2
#define CRYPTNET_URL_CACHE_PRE_FETCH_OCSP 3
#define CRYPTNET_URL_CACHE_PRE_FETCH_AUTOROOT_CAB 5
//
// Cryptnet URL Cache Flush Info
//
typedef struct _CRYPTNET_URL_CACHE_FLUSH_INFO {
DWORD cbSize;
// If pre-fetching is enabled, following is ignored
//
// 0 - use default flush exempt seconds (2 weeks)
// 0xFFFFFFFF - disable flushing
DWORD dwExemptSeconds;
// Time the object expires. The above dwExemptSeconds is added to
// to determine the flush time. The LastSyncTime is used if
// after this time.
FILETIME ExpireTime;
} CRYPTNET_URL_CACHE_FLUSH_INFO, *PCRYPTNET_URL_CACHE_FLUSH_INFO;
#define CRYPTNET_URL_CACHE_DEFAULT_FLUSH 0
#define CRYPTNET_URL_CACHE_DISABLE_FLUSH 0xFFFFFFFF
//
// Cryptnet URL Cache Response Info
//
typedef struct _CRYPTNET_URL_CACHE_RESPONSE_INFO {
DWORD cbSize;
WORD wResponseType;
WORD wResponseFlags;
// The following are zero if not present
FILETIME LastModifiedTime;
DWORD dwMaxAge;
LPCWSTR pwszETag;
DWORD dwProxyId;
} CRYPTNET_URL_CACHE_RESPONSE_INFO, *PCRYPTNET_URL_CACHE_RESPONSE_INFO;
// ResponseTypes
#define CRYPTNET_URL_CACHE_RESPONSE_NONE 0
#define CRYPTNET_URL_CACHE_RESPONSE_HTTP 1
// ResponseFlags
#define CRYPTNET_URL_CACHE_RESPONSE_VALIDATED 0x8000
//
// CryptRetrieveObjectByUrl Auxilliary Info
//
//
// All unused fields in this data structure must be zeroed. More fields
// could be added in a future release.
//
typedef struct _CRYPT_RETRIEVE_AUX_INFO { typedef struct _CRYPT_RETRIEVE_AUX_INFO {
DWORD cbSize; DWORD cbSize;
FILETIME *pLastSyncTime; FILETIME *pLastSyncTime;
DWORD dwMaxUrlRetrievalByteCount; // 0 => implies no limit
// 0 => implies no limit
DWORD dwMaxUrlRetrievalByteCount;
// To get any PreFetchInfo, set the following pointer to a
// CRYPTNET_URL_CACHE_PRE_FETCH_INFO structure with its cbSize set
// upon input. For no PreFetchInfo, except for cbSize, the data
// structure is zeroed upon return.
PCRYPTNET_URL_CACHE_PRE_FETCH_INFO pPreFetchInfo;
// To get any FlushInfo, set the following pointer to a
// CRYPTNET_URL_CACHE_FLUSH_INFO structure with its cbSize set
// upon input. For no FlushInfo, except for cbSize, the data structure
// is zeroed upon return.
PCRYPTNET_URL_CACHE_FLUSH_INFO pFlushInfo;
// To get any ResponseInfo, set the following pointer to the address
// of a PCRYPTNET_URL_CACHE_RESPONSE_INFO pointer updated with
// the allocated structure. For no ResponseInfo, *ppResponseInfo is set
// to NULL. Otherwise, *ppResponseInfo must be free via CryptMemFree().
PCRYPTNET_URL_CACHE_RESPONSE_INFO *ppResponseInfo;
// If nonNULL, the specified prefix string is prepended to the
// cached filename.
LPWSTR pwszCacheFileNamePrefix;
// If nonNULL, any cached information before this time is considered
// time invalid. For CRYPT_CACHE_ONLY_RETRIEVAL, if there is a
// cached entry before this time, LastError is set to ERROR_INVALID_TIME.
// Also used to set max-age for http retrievals.
LPFILETIME pftCacheResync;
// The following flag is set upon return if CRYPT_PROXY_CACHE_RETRIEVAL
// was set in dwRetrievalFlags and the proxy cache wasn't explicitly
// bypassed for the retrieval. This flag won't be explicitly cleared.
// This flag will only be set for http URL retrievals.
BOOL fProxyCacheRetrieval;
// This value is only updated upon return for a nonSuccessful status code
// returned in a HTTP response header. This value won't be explicitly
// cleared. This value will only be updated for http or https URL
// retrievals.
//
// If CRYPT_NOT_MODIFIED_RETRIEVAL was set in dwFlags, set to winhttp.h's
// HTTP_STATUS_NOT_MODIFIED if the retrieval returned not modified. In
// this case TRUE is returned with *ppvObject set to NULL.
DWORD dwHttpStatusCode;
} CRYPT_RETRIEVE_AUX_INFO, *PCRYPT_RETRIEVE_AUX_INFO; } CRYPT_RETRIEVE_AUX_INFO, *PCRYPT_RETRIEVE_AUX_INFO;
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptRetrieveObjectByUrlA ( CryptRetrieveObjectByUrlA (
IN LPCSTR pszUrl, __in LPCSTR pszUrl,
IN LPCSTR pszObjectOid, __in_opt LPCSTR pszObjectOid,
IN DWORD dwRetrievalFlags, __in DWORD dwRetrievalFlags,
IN DWORD dwTimeout, // milliseconds __in DWORD dwTimeout, // milliseconds
OUT LPVOID* ppvObject, __deref_out LPVOID* ppvObject,
IN HCRYPTASYNC hAsyncRetrieve, __in_opt HCRYPTASYNC hAsyncRetrieve,
IN OPTIONAL PCRYPT_CREDENTIALS pCredentials, __in_opt PCRYPT_CREDENTIALS pCredentials,
IN OPTIONAL LPVOID pvVerify, __in_opt LPVOID pvVerify,
IN OPTIONAL PCRYPT_RETRIEVE_AUX_INFO pAuxInfo __inout_opt PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
); );
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptRetrieveObjectByUrlW ( CryptRetrieveObjectByUrlW (
IN LPCWSTR pszUrl, __in LPCWSTR pszUrl,
IN LPCSTR pszObjectOid, __in_opt LPCSTR pszObjectOid,
IN DWORD dwRetrievalFlags, __in DWORD dwRetrievalFlags,
IN DWORD dwTimeout, // milliseconds __in DWORD dwTimeout, // milliseconds
OUT LPVOID* ppvObject, __deref_out LPVOID* ppvObject,
IN HCRYPTASYNC hAsyncRetrieve, __in_opt HCRYPTASYNC hAsyncRetrieve,
IN OPTIONAL PCRYPT_CREDENTIALS pCredentials, __in_opt PCRYPT_CREDENTIALS pCredentials,
IN OPTIONAL LPVOID pvVerify, __in_opt LPVOID pvVerify,
IN OPTIONAL PCRYPT_RETRIEVE_AUX_INFO pAuxInfo __inout_opt PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptRetrieveObjectByUrl CryptRetrieveObjectByUrlW #define CryptRetrieveObjectByUrl CryptRetrieveObjectByUrlW
#else #else
#define CryptRetrieveObjectByUrl CryptRetrieveObjectByUrlA #define CryptRetrieveObjectByUrl CryptRetrieveObjectByUrlA
#endif // !UNICODE #endif // !UNICODE
// //
// Call back function to cancel object retrieval // Call back function to cancel object retrieval
// //
// The function can be installed on a per thread basis. // The function can be installed on a per thread basis.
// If CryptInstallCancelRetrieval is called for multiple times, only the most re cent // If CryptInstallCancelRetrieval is called for multiple times, only the most re cent
// installation will be kept. // installation will be kept.
// //
// This is only effective for http, https, gopher, and ftp protocol. // This is only effective for http, https, gopher, and ftp protocol.
// It is ignored by the rest of the protocols. // It is ignored by the rest of the protocols.
typedef BOOL (WINAPI *PFN_CRYPT_CANCEL_RETRIEVAL)( typedef BOOL (WINAPI *PFN_CRYPT_CANCEL_RETRIEVAL)(
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvArg __inout_opt void *pvArg
); );
// //
// PFN_CRYPT_CANCEL_RETRIEVAL // PFN_CRYPT_CANCEL_RETRIEVAL
// //
// This function should return FALSE when the object retrieval should be continu ed // This function should return FALSE when the object retrieval should be continu ed
// and return TRUE when the object retrieval should be cancelled. // and return TRUE when the object retrieval should be cancelled.
// //
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptInstallCancelRetrieval( CryptInstallCancelRetrieval(
IN PFN_CRYPT_CANCEL_RETRIEVAL pfnCancel, __callback PFN_CRYPT_CANCEL_RETRIEVAL pfnCancel,
IN const void *pvArg, __in_opt const void *pvArg,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvReserved __reserved void *pvReserved
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUninstallCancelRetrieval( CryptUninstallCancelRetrieval(
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvReserved __reserved void *pvReserved
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptCancelAsyncRetrieval ( CryptCancelAsyncRetrieval (
HCRYPTASYNC hAsyncRetrieval __in_opt HCRYPTASYNC hAsyncRetrieval
); );
// //
// Remote Object Async Retrieval parameters // Remote Object Async Retrieval parameters
// //
// //
// A client that wants to be notified of asynchronous object retrieval // A client that wants to be notified of asynchronous object retrieval
// completion sets this parameter on the async handle // completion sets this parameter on the async handle
// //
#define CRYPT_PARAM_ASYNC_RETRIEVAL_COMPLETION ((LPCSTR)1) #define CRYPT_PARAM_ASYNC_RETRIEVAL_COMPLETION ((LPCSTR)1)
typedef VOID (WINAPI *PFN_CRYPT_ASYNC_RETRIEVAL_COMPLETION_FUNC) ( typedef VOID (WINAPI *PFN_CRYPT_ASYNC_RETRIEVAL_COMPLETION_FUNC) (
IN LPVOID pvCompletion, __inout_opt LPVOID pvCompletion,
IN DWORD dwCompletionCode, __in DWORD dwCompletionCode,
IN LPCSTR pszUrl, __in LPCSTR pszUrl,
IN LPSTR pszObjectOid, __in_opt LPSTR pszObjectOid,
IN LPVOID pvObject __in LPVOID pvObject
); );
typedef struct _CRYPT_ASYNC_RETRIEVAL_COMPLETION { typedef struct _CRYPT_ASYNC_RETRIEVAL_COMPLETION {
PFN_CRYPT_ASYNC_RETRIEVAL_COMPLETION_FUNC pfnCompletion; __callback PFN_CRYPT_ASYNC_RETRIEVAL_COMPLETION_FUNC pfnCompletion;
LPVOID pvCompletion; __inout_opt LPVOID pvCompletion;
} CRYPT_ASYNC_RETRIEVAL_COMPLETION, *PCRYPT_ASYNC_RETRIEVAL_COMPLETION; } CRYPT_ASYNC_RETRIEVAL_COMPLETION, *PCRYPT_ASYNC_RETRIEVAL_COMPLETION;
// //
// This function is set on the async handle by a scheme provider that // This function is set on the async handle by a scheme provider that
// supports asynchronous retrieval // supports asynchronous retrieval
// //
#define CRYPT_PARAM_CANCEL_ASYNC_RETRIEVAL ((LPCSTR)2) #define CRYPT_PARAM_CANCEL_ASYNC_RETRIEVAL ((LPCSTR)2)
typedef BOOL (WINAPI *PFN_CANCEL_ASYNC_RETRIEVAL_FUNC) ( typedef BOOL (WINAPI *PFN_CANCEL_ASYNC_RETRIEVAL_FUNC) (
HCRYPTASYNC hAsyncRetrieve __in_opt HCRYPTASYNC hAsyncRetrieve
); );
// //
// Get the locator for a CAPI object // Get the locator for a CAPI object
// //
#define CRYPT_GET_URL_FROM_PROPERTY 0x00000001 #define CRYPT_GET_URL_FROM_PROPERTY 0x00000001
#define CRYPT_GET_URL_FROM_EXTENSION 0x00000002 #define CRYPT_GET_URL_FROM_EXTENSION 0x00000002
#define CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE 0x00000004 #define CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE 0x00000004
#define CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE 0x00000008 #define CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE 0x00000008
skipping to change at line 14109 skipping to change at line 16358
// distribution points. Each distribution point may have multiple // distribution points. Each distribution point may have multiple
// URLs, (LDAP and HTTP scheme). // URLs, (LDAP and HTTP scheme).
DWORD cGroup; DWORD cGroup;
DWORD *rgcGroupEntry; DWORD *rgcGroupEntry;
} CRYPT_URL_INFO, *PCRYPT_URL_INFO; } CRYPT_URL_INFO, *PCRYPT_URL_INFO;
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptGetObjectUrl ( CryptGetObjectUrl (
IN LPCSTR pszUrlOid, __in LPCSTR pszUrlOid,
IN LPVOID pvPara, __in LPVOID pvPara,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT OPTIONAL PCRYPT_URL_ARRAY pUrlArray, __out_bcount_part_opt(*pcbUrlArray, *pcbUrlArray) PCRYPT_URL_ARRAY pUrlArray
IN OUT DWORD* pcbUrlArray, ,
OUT OPTIONAL PCRYPT_URL_INFO pUrlInfo, __inout DWORD* pcbUrlArray,
IN OUT OPTIONAL DWORD* pcbUrlInfo, __out_bcount_part_opt(*pcbUrlInfo, *pcbUrlInfo) PCRYPT_URL_INFO pUrlInfo,
IN OPTIONAL LPVOID pvReserved __inout_opt DWORD* pcbUrlInfo,
__reserved LPVOID pvReserved
); );
#define URL_OID_GET_OBJECT_URL_FUNC "UrlDllGetObjectUrl" #define URL_OID_GET_OBJECT_URL_FUNC "UrlDllGetObjectUrl"
// //
// UrlDllGetObjectUrl has the same signature as CryptGetObjectUrl // UrlDllGetObjectUrl has the same signature as CryptGetObjectUrl
// //
// //
// URL_OID_CERTIFICATE_ISSUER // URL_OID_CERTIFICATE_ISSUER
skipping to change at line 14191 skipping to change at line 16440
// on the CRL // on the CRL
// //
// URL_OID_CROSS_CERT_DIST_POINT // URL_OID_CROSS_CERT_DIST_POINT
// //
// pvPara == PCCERT_CONTEXT, certificate whose cross certificate distribution // pvPara == PCCERT_CONTEXT, certificate whose cross certificate distribution
// point is being requested // point is being requested
// //
// This will be retrieved from the cross certificate distribution point // This will be retrieved from the cross certificate distribution point
// extension or property on the certificate // extension or property on the certificate
// //
// URL_OID_CERTIFICATE_OCSP
//
// pvPara == PCCERT_CONTEXT, certificate whose OCSP URL is being requested
//
// This will be retrieved from the authority info access extension or property
// on the certificate
//
// URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT
//
// pvPara == PCCERT_CONTEXT, certificate whose OCSP URL and
// CRL distribution point are being requested
//
// This will be retrieved from the authority info access and
// CRL distribution point extension or property on the certificate.
// If any OCSP URLs are present, they will be first with each URL prefixed
// with L"ocsp:". The L"ocsp:" prefix should be removed before using.
//
// URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP
//
// Same as URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT, except,
// the CRL URLs will be first
//
// URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS
//
// pvPara == PCCERT_CONTEXT, certificate whose cross certificates
// are being requested
//
// This will be retrieved from the Authority Info Access
// extension or property on the certificate. Only access methods
// matching szOID_PKIX_CA_REPOSITORY will be returned.
#define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1) #define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1)
#define URL_OID_CERTIFICATE_CRL_DIST_POINT ((LPCSTR)2) #define URL_OID_CERTIFICATE_CRL_DIST_POINT ((LPCSTR)2)
#define URL_OID_CTL_ISSUER ((LPCSTR)3) #define URL_OID_CTL_ISSUER ((LPCSTR)3)
#define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4) #define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4)
#define URL_OID_CRL_ISSUER ((LPCSTR)5) #define URL_OID_CRL_ISSUER ((LPCSTR)5)
#define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6) #define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6)
#define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7) #define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7)
#define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8) #define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8)
#define URL_OID_CERTIFICATE_OCSP ((LPCSTR)9)
#define URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT ((LPCSTR)10)
#define URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP ((LPCSTR)11)
#define URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS ((LPCSTR)12)
typedef struct _CERT_CRL_CONTEXT_PAIR { typedef struct _CERT_CRL_CONTEXT_PAIR {
PCCERT_CONTEXT pCertContext; PCCERT_CONTEXT pCertContext;
PCCRL_CONTEXT pCrlContext; PCCRL_CONTEXT pCrlContext;
} CERT_CRL_CONTEXT_PAIR, *PCERT_CRL_CONTEXT_PAIR; } CERT_CRL_CONTEXT_PAIR, *PCERT_CRL_CONTEXT_PAIR;
typedef const CERT_CRL_CONTEXT_PAIR *PCCERT_CRL_CONTEXT_PAIR; typedef const CERT_CRL_CONTEXT_PAIR *PCCERT_CRL_CONTEXT_PAIR;
// //
// Get a time valid CAPI2 object // Get a time valid CAPI2 object
// //
//+-------------------------------------------------------------------------
// The following optional Extra Info may be passed to
// CryptGetTimeValidObject().
//
// All unused fields in this data structure must be zeroed. More fields
// could be added in a future release.
//--------------------------------------------------------------------------
typedef struct _CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO {
DWORD cbSize;
// If > 0, check that the CRL's number is >=
int iDeltaCrlIndicator;
// If nonNULL, any cached information before this time is considered
// time invalid and forces a wire retrieval.
LPFILETIME pftCacheResync;
// If nonNull, returns the cache's LastSyncTime
LPFILETIME pLastSyncTime;
// If nonNull, returns the internal MaxAge expiration time
// for the object. If the object doesn't have a MaxAge expiration, set
// to zero.
LPFILETIME pMaxAgeTime;
} CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO,
*PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO;
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptGetTimeValidObject ( CryptGetTimeValidObject (
IN LPCSTR pszTimeValidOid, __in LPCSTR pszTimeValidOid,
IN LPVOID pvPara, __in LPVOID pvPara,
IN PCCERT_CONTEXT pIssuer, __in PCCERT_CONTEXT pIssuer,
IN OPTIONAL LPFILETIME pftValidFor, __in_opt LPFILETIME pftValidFor,
IN DWORD dwFlags, __in DWORD dwFlags,
IN DWORD dwTimeout, // milliseconds __in DWORD dwTimeout, // milliseconds
OUT OPTIONAL LPVOID* ppvObject, __deref_opt_out LPVOID* ppvObject,
IN OPTIONAL PCRYPT_CREDENTIALS pCredentials, __in_opt PCRYPT_CREDENTIALS pCredentials,
IN OPTIONAL LPVOID pvReserved __inout_opt PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO pExtraInfo
); );
#define TIME_VALID_OID_GET_OBJECT_FUNC "TimeValidDllGetObject" #define TIME_VALID_OID_GET_OBJECT_FUNC "TimeValidDllGetObject"
// //
// TimeValidDllGetObject has the same signature as CryptGetTimeValidObject // TimeValidDllGetObject has the same signature as CryptGetTimeValidObject
// //
// //
// TIME_VALID_OID_GET_CTL // TIME_VALID_OID_GET_CTL
skipping to change at line 14265 skipping to change at line 16576
#define TIME_VALID_OID_GET_CRL ((LPCSTR)2) #define TIME_VALID_OID_GET_CRL ((LPCSTR)2)
#define TIME_VALID_OID_GET_CRL_FROM_CERT ((LPCSTR)3) #define TIME_VALID_OID_GET_CRL_FROM_CERT ((LPCSTR)3)
#define TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CERT ((LPCSTR)4) #define TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CERT ((LPCSTR)4)
#define TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CRL ((LPCSTR)5) #define TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CRL ((LPCSTR)5)
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptFlushTimeValidObject ( CryptFlushTimeValidObject (
IN LPCSTR pszFlushTimeValidOid, __in LPCSTR pszFlushTimeValidOid,
IN LPVOID pvPara, __in LPVOID pvPara,
IN PCCERT_CONTEXT pIssuer, __in PCCERT_CONTEXT pIssuer,
IN DWORD dwFlags, __in DWORD dwFlags,
IN LPVOID pvReserved __reserved LPVOID pvReserved
); );
#define TIME_VALID_OID_FLUSH_OBJECT_FUNC "TimeValidDllFlushObject" #define TIME_VALID_OID_FLUSH_OBJECT_FUNC "TimeValidDllFlushObject"
// //
// TimeValidDllFlushObject has the same signature as CryptFlushTimeValidObject // TimeValidDllFlushObject has the same signature as CryptFlushTimeValidObject
// //
// //
// TIME_VALID_OID_FLUSH_CTL // TIME_VALID_OID_FLUSH_CTL
skipping to change at line 14408 skipping to change at line 16719
// //
// flags specific to base provider // flags specific to base provider
// //
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptProtectData( CryptProtectData(
IN DATA_BLOB* pDataIn, IN DATA_BLOB* pDataIn,
IN LPCWSTR szDataDescr, __in_opt LPCWSTR szDataDescr,
IN OPTIONAL DATA_BLOB* pOptionalEntropy, IN OPTIONAL DATA_BLOB* pOptionalEntropy,
IN PVOID pvReserved, __reserved PVOID pvReserved,
IN OPTIONAL CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct, IN OPTIONAL CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
IN DWORD dwFlags, IN DWORD dwFlags,
OUT DATA_BLOB* pDataOut // out encr blob OUT DATA_BLOB* pDataOut // out encr blob
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUnprotectData( CryptUnprotectData(
IN DATA_BLOB* pDataIn, // in encr blob IN DATA_BLOB* pDataIn, // in encr blob
OUT OPTIONAL LPWSTR* ppszDataDescr, // out __deref_opt_out_opt LPWSTR* ppszDataDescr, // out
IN OPTIONAL DATA_BLOB* pOptionalEntropy, IN OPTIONAL DATA_BLOB* pOptionalEntropy,
IN PVOID pvReserved, __reserved PVOID pvReserved,
IN OPTIONAL CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct, IN OPTIONAL CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
IN DWORD dwFlags, IN DWORD dwFlags,
OUT DATA_BLOB* pDataOut OUT DATA_BLOB* pDataOut
); );
WINCRYPT32API
BOOL
WINAPI
CryptUpdateProtectedState(
__in_opt PSID pOldSid,
__in_opt LPCWSTR pwszOldPassword,
__in DWORD dwFlags,
__out_opt DWORD *pdwSuccessCount,
__out_opt DWORD *pdwFailureCount);
// //
// The buffer length passed into CryptProtectMemory and CryptUnprotectMemory // The buffer length passed into CryptProtectMemory and CryptUnprotectMemory
// must be a multiple of this length (or zero). // must be a multiple of this length (or zero).
// //
#define CRYPTPROTECTMEMORY_BLOCK_SIZE 16 #define CRYPTPROTECTMEMORY_BLOCK_SIZE 16
// //
// CryptProtectMemory/CryptUnprotectMemory dwFlags // CryptProtectMemory/CryptUnprotectMemory dwFlags
// //
skipping to change at line 14485 skipping to change at line 16806
IN DWORD dwFlags IN DWORD dwFlags
); );
//+========================================================================= //+=========================================================================
// Helper functions to build certificates // Helper functions to build certificates
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// //
// Builds a self-signed certificate and returns a PCCERT_CONTEXT representing // Builds a self-signed certificate and returns a PCCERT_CONTEXT representing
// the certificate. A hProv must be specified to build the cert context. // the certificate. A hProv may be specified to build the cert context.
// //
// pSubjectIssuerBlob is the DN for the certifcate. If an alternate subject // pSubjectIssuerBlob is the DN for the certifcate. If an alternate subject
// name is desired it must be specified as an extension in the pExtensions // name is desired it must be specified as an extension in the pExtensions
// parameter. pSubjectIssuerBlob can NOT be NULL, so minimually an empty DN // parameter. pSubjectIssuerBlob can NOT be NULL, so minimually an empty DN
// must be specified. // must be specified.
// //
// By default: // By default:
// pKeyProvInfo - The CSP is queried for the KeyProvInfo parameters. Only the Pr ovider, // pKeyProvInfo - The CSP is queried for the KeyProvInfo parameters. Only the Pr ovider,
// Provider Type and Container is queried. Many CSPs don't support these // Provider Type and Container is queried. Many CSPs don't support these
// queries and will cause a failure. In such cases the pKeyProvInfo // queries and will cause a failure. In such cases the pKeyProvInfo
skipping to change at line 14516 skipping to change at line 16837
// //
// If the cert being built is only a dummy placeholder cert for speed it may not // If the cert being built is only a dummy placeholder cert for speed it may not
// need to be signed. Signing of the cert is skipped if CERT_CREATE_SELFSIGN_NO_ SIGN // need to be signed. Signing of the cert is skipped if CERT_CREATE_SELFSIGN_NO_ SIGN
// is specified in dwFlags. // is specified in dwFlags.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertCreateSelfSignCertificate( CertCreateSelfSignCertificate(
IN HCRYPTPROV hProv, __in_opt HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
IN PCERT_NAME_BLOB pSubjectIssuerBlob, __in PCERT_NAME_BLOB pSubjectIssuerBlob,
IN DWORD dwFlags, __in DWORD dwFlags,
OPTIONAL PCRYPT_KEY_PROV_INFO pKeyProvInfo, __in_opt PCRYPT_KEY_PROV_INFO pKeyProvInfo,
OPTIONAL PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, __in_opt PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
OPTIONAL PSYSTEMTIME pStartTime, __in_opt PSYSTEMTIME pStartTime,
OPTIONAL PSYSTEMTIME pEndTime, __in_opt PSYSTEMTIME pEndTime,
OPTIONAL PCERT_EXTENSIONS pExtensions __in_opt PCERT_EXTENSIONS pExtensions
); );
#define CERT_CREATE_SELFSIGN_NO_SIGN 1 #define CERT_CREATE_SELFSIGN_NO_SIGN 1
#define CERT_CREATE_SELFSIGN_NO_KEY_INFO 2 #define CERT_CREATE_SELFSIGN_NO_KEY_INFO 2
//+========================================================================= //+=========================================================================
// Key Identifier Property Data Structures and APIs // Key Identifier Property Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 14562 skipping to change at line 16883
// By default, searches the CurrentUser's list of Key Identifiers. // By default, searches the CurrentUser's list of Key Identifiers.
// CRYPT_KEYID_MACHINE_FLAG can be set to search the LocalMachine's list // CRYPT_KEYID_MACHINE_FLAG can be set to search the LocalMachine's list
// of Key Identifiers. When CRYPT_KEYID_MACHINE_FLAG is set, pwszComputerName // of Key Identifiers. When CRYPT_KEYID_MACHINE_FLAG is set, pwszComputerName
// can also be set to specify the name of a remote computer to be searched // can also be set to specify the name of a remote computer to be searched
// instead of the local machine. // instead of the local machine.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptGetKeyIdentifierProperty( CryptGetKeyIdentifierProperty(
IN const CRYPT_HASH_BLOB *pKeyIdentifier, __in const CRYPT_HASH_BLOB *pKeyIdentifier,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL LPCWSTR pwszComputerName, __in_opt LPCWSTR pwszComputerName,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
OUT void *pvData, __out_bcount_part_opt(*pcbData, *pcbData) void *pvData,
IN OUT DWORD *pcbData __inout DWORD *pcbData
); );
// When the following flag is set, searches the LocalMachine instead of the // When the following flag is set, searches the LocalMachine instead of the
// CurrentUser. This flag is applicable to all the KeyIdentifierProperty APIs. // CurrentUser. This flag is applicable to all the KeyIdentifierProperty APIs.
#define CRYPT_KEYID_MACHINE_FLAG 0x00000020 #define CRYPT_KEYID_MACHINE_FLAG 0x00000020
// When the following flag is set, *pvData is updated with a pointer to // When the following flag is set, *pvData is updated with a pointer to
// allocated memory. LocalFree() must be called to free the allocated memory. // allocated memory. LocalFree() must be called to free the allocated memory.
#define CRYPT_KEYID_ALLOC_FLAG 0x00008000 #define CRYPT_KEYID_ALLOC_FLAG 0x00008000
skipping to change at line 14602 skipping to change at line 16923
// properties is deleted. // properties is deleted.
// //
// If CRYPT_KEYID_SET_NEW_FLAG is set, the set fails if the property already // If CRYPT_KEYID_SET_NEW_FLAG is set, the set fails if the property already
// exists. For an existing property, FALSE is returned with LastError set to // exists. For an existing property, FALSE is returned with LastError set to
// CRYPT_E_EXISTS. // CRYPT_E_EXISTS.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSetKeyIdentifierProperty( CryptSetKeyIdentifierProperty(
IN const CRYPT_HASH_BLOB *pKeyIdentifier, __in const CRYPT_HASH_BLOB *pKeyIdentifier,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL LPCWSTR pwszComputerName, __in_opt LPCWSTR pwszComputerName,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
IN const void *pvData __in_opt const void *pvData
); );
// When the following flag is set, the Key Identifier and all its properties // When the following flag is set, the Key Identifier and all its properties
// are deleted. // are deleted.
#define CRYPT_KEYID_DELETE_FLAG 0x00000010 #define CRYPT_KEYID_DELETE_FLAG 0x00000010
// When the following flag is set, the set fails if the property already // When the following flag is set, the set fails if the property already
// exists. // exists.
#define CRYPT_KEYID_SET_NEW_FLAG 0x00002000 #define CRYPT_KEYID_SET_NEW_FLAG 0x00002000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// For CERT_KEY_PROV_INFO_PROP_ID, rgppvData[] points to a // For CERT_KEY_PROV_INFO_PROP_ID, rgppvData[] points to a
// CRYPT_KEY_PROV_INFO. // CRYPT_KEY_PROV_INFO.
// //
// Return FALSE to stop the enumeration. // Return FALSE to stop the enumeration.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_CRYPT_ENUM_KEYID_PROP)( typedef BOOL (WINAPI *PFN_CRYPT_ENUM_KEYID_PROP)(
IN const CRYPT_HASH_BLOB *pKeyIdentifier, __in const CRYPT_HASH_BLOB *pKeyIdentifier,
IN DWORD dwFlags, __in DWORD dwFlags,
IN void *pvReserved, __reserved void *pvReserved,
IN void *pvArg, __inout_opt void *pvArg,
IN DWORD cProp, __in DWORD cProp,
IN DWORD *rgdwPropId, __in_ecount(cProp) DWORD *rgdwPropId,
IN void **rgpvData, __in_ecount(cProp) void **rgpvData,
IN DWORD *rgcbData __in_ecount(cProp) DWORD *rgcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the Key Identifiers. // Enumerate the Key Identifiers.
// //
// If pKeyIdentifier is NULL, enumerates all Key Identifers. Otherwise, // If pKeyIdentifier is NULL, enumerates all Key Identifers. Otherwise,
// calls the callback for the specified KeyIdentifier. If dwPropId is // calls the callback for the specified KeyIdentifier. If dwPropId is
// 0, calls the callback with all the properties. Otherwise, only calls // 0, calls the callback with all the properties. Otherwise, only calls
// the callback with the specified property (cProp = 1). // the callback with the specified property (cProp = 1).
// Furthermore, when dwPropId is specified, skips KeyIdentifiers not // Furthermore, when dwPropId is specified, skips KeyIdentifiers not
// having the property. // having the property.
// //
// Set CRYPT_KEYID_MACHINE_FLAG to enumerate the LocalMachine // Set CRYPT_KEYID_MACHINE_FLAG to enumerate the LocalMachine
// Key Identifiers. Set pwszComputerName, to enumerate Key Identifiers on // Key Identifiers. Set pwszComputerName, to enumerate Key Identifiers on
// a remote computer. // a remote computer.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEnumKeyIdentifierProperties( CryptEnumKeyIdentifierProperties(
IN OPTIONAL const CRYPT_HASH_BLOB *pKeyIdentifier, __in_opt const CRYPT_HASH_BLOB *pKeyIdentifier,
IN DWORD dwPropId, __in DWORD dwPropId,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL LPCWSTR pwszComputerName, __in_opt LPCWSTR pwszComputerName,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
IN OPTIONAL void *pvArg, __inout_opt void *pvArg,
IN PFN_CRYPT_ENUM_KEYID_PROP pfnEnum __callback PFN_CRYPT_ENUM_KEYID_PROP pfnEnum
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Create a KeyIdentifier from the CSP Public Key Blob. // Create a KeyIdentifier from the CSP Public Key Blob.
// //
// Converts the CSP PUBLICKEYSTRUC into a X.509 CERT_PUBLIC_KEY_INFO and // Converts the CSP PUBLICKEYSTRUC into a X.509 CERT_PUBLIC_KEY_INFO and
// encodes. The encoded CERT_PUBLIC_KEY_INFO is SHA1 hashed to obtain // encodes. The encoded CERT_PUBLIC_KEY_INFO is SHA1 hashed to obtain
// the Key Identifier. // the Key Identifier.
// //
// By default, the pPubKeyStruc->aiKeyAlg is used to find the appropriate // By default, the pPubKeyStruc->aiKeyAlg is used to find the appropriate
// public key Object Identifier. pszPubKeyOID can be set to override // public key Object Identifier. pszPubKeyOID can be set to override
// the default OID obtained from the aiKeyAlg. // the default OID obtained from the aiKeyAlg.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptCreateKeyIdentifierFromCSP( CryptCreateKeyIdentifierFromCSP(
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN OPTIONAL LPCSTR pszPubKeyOID, __in_opt LPCSTR pszPubKeyOID,
IN const PUBLICKEYSTRUC *pPubKeyStruc, __in_bcount(cbPubKeyStruc) const PUBLICKEYSTRUC *pPubKeyStruc,
IN DWORD cbPubKeyStruc, __in DWORD cbPubKeyStruc,
IN DWORD dwFlags, __in DWORD dwFlags,
IN OPTIONAL void *pvReserved, __reserved void *pvReserved,
OUT BYTE *pbHash, __out_bcount_part_opt(*pcbHash, *pcbHash) BYTE *pbHash,
IN OUT DWORD *pcbHash __inout DWORD *pcbHash
); );
//+========================================================================= //+=========================================================================
// Certificate Chaining Infrastructure // Certificate Chaining Infrastructure
//========================================================================== //==========================================================================
#define CERT_CHAIN_CONFIG_REGPATH \ #define CERT_CHAIN_CONFIG_REGPATH \
L"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCerti ficateChainEngine\\Config" L"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCerti ficateChainEngine\\Config"
// The following is a REG_BINARY. It contains the cache resync FILETIME.
// Any cached information before this time is considered time invalid
// and forces a wire retrieval. By default this is disabled.
#define CERT_CHAIN_CACHE_RESYNC_FILETIME_VALUE_NAME \
L"ChainCacheResyncFiletime"
// The following are REG_DWORD's. These configuration parameters are used // The following are REG_DWORD's. These configuration parameters are used
// to restrict Authority Info Access (AIA) URL retrieval. // to disable different chain building semantics enabled by default. Set
// the appropriate registry value to nonzero to disable.
#define CERT_CHAIN_DISABLE_AIA_URL_RETRIEVAL_VALUE_NAME \ #define CERT_CHAIN_DISABLE_MANDATORY_BASIC_CONSTRAINTS_VALUE_NAME \
L"DisableAIAUrlRetrieval" L"DisableMandatoryBasicConstraints"
// By default AIA Url Retrieval is enabled. Set this registry value to nonzero // By default the BasicConstraints extension must be present with CA enabled
// to disable // for non-Root intermediate CA certificates.
#define CERT_CHAIN_DISABLE_CA_NAME_CONSTRAINTS_VALUE_NAME \
L"DisableCANameConstraints"
// By default the NameConstraints extension is applied to the intermediate
// CA certificates in addition to the end entity certificate.
#define CERT_CHAIN_DISABLE_UNSUPPORTED_CRITICAL_EXTENSIONS_VALUE_NAME \
L"DisableUnsupportedCriticalExtensions"
// By default any unsupported extension marked critical sets the following
// dwErrorStatus bit: CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT.
// The following are REG_DWORD's. These configuration parameters are used
// to restrict Authority Info Access (AIA) URL retrieval.
#define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_VALUE_NAME \ #define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_VALUE_NAME \
L"MaxAIAUrlCountInCert" L"MaxAIAUrlCountInCert"
#define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_DEFAULT 5 #define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_DEFAULT 5
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_VALUE_NAME \ #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_VALUE_NAME \
L"MaxAIAUrlRetrievalCountPerChain" L"MaxAIAUrlRetrievalCountPerChain"
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_DEFAULT 10 #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_DEFAULT 10
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_VALUE_NAME \ #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_VALUE_NAME \
L"MaxAIAUrlRetrievalByteCount" L"MaxAIAUrlRetrievalByteCount"
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_DEFAULT 100000 #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_DEFAULT 100000
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_VALUE_NAME \ #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_VALUE_NAME \
L"MaxAIAUrlRetrievalCertCount" L"MaxAIAUrlRetrievalCertCount"
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_DEFAULT 10 #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_DEFAULT 10
// The following is a REG_DWORD. If the OCSP response NextUpdate is zero,
// this value is added to the ThisUpdate to get a nonzero NextUpdate.
#define CERT_CHAIN_OCSP_VALIDITY_SECONDS_VALUE_NAME \
L"OcspValiditySeconds"
// 12 hours
#define CERT_CHAIN_OCSP_VALIDITY_SECONDS_DEFAULT (12 * 60 * 60)
// The following are REG_DWORD's. These configuration parameters are
// used by the following APIs to get a non-blocking, time valid OCSP
// response for a server certificate chain:
// CertOpenServerOcspResponse
// CertAddRefServerOcspResponse
// CertCloseServerOcspResponse
// CertGetServerOcspResponseContext
// CertAddRefServerOcspResponseContext
// CertFreeServerOcspResponseContext
// This is the minimum validity of the server OCSP response to be
// returned by CertGetServerOcspResponseContext(). Since this OCSP
// response will be returned to the client, it must be sufficiently long
// so that the client will treat it as being time valid.
#define CERT_SRV_OCSP_RESP_MIN_VALIDITY_SECONDS_VALUE_NAME \
L"SrvOcspRespMinValiditySeconds"
// 10 minutes
#define CERT_SRV_OCSP_RESP_MIN_VALIDITY_SECONDS_DEFAULT \
(10 * 60)
// This is the maximum number of milliseconds for each server OCSP response
// pre-fetch wire URL retrieval.
#define CERT_SRV_OCSP_RESP_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME \
L"SrvOcspRespUrlRetrievalTimeoutMilliseconds"
// 15 seconds
#define CERT_SRV_OCSP_RESP_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \
(15 * 1000)
// This is the maximum number of seconds to do a server OCSP response
// pre-fetch retrieval before the OCSP response's NextUpdate. The
// server OCSP response pre-fetch thread will wait until CurrentTime >=
// NextUpdate - MaxBeforeNextUpdateSeconds before doing the next retrieval.
#define CERT_SRV_OCSP_RESP_MAX_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME \
L"SrvOcspRespMaxBeforeNextUpdateSeconds"
// 4 hours
#define CERT_SRV_OCSP_RESP_MAX_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT \
(4 * 60 * 60)
// This is the minimum number of seconds to do a server OCSP response
// pre-fetch retrieval before the OCSP response's NextUpdate.
// If CurrentTime >= NextUpdate - MinBeforeNextUpdateSeconds, will wait until
// after NextUpdate + MinAfterNextUpdateSeconds.
#define CERT_SRV_OCSP_RESP_MIN_BEFORE_NEXT_UPDATE_SECONDS_VALUE_NAME \
L"SrvOcspRespMinBeforeNextUpdateSeconds"
// 2 minutes
#define CERT_SRV_OCSP_RESP_MIN_BEFORE_NEXT_UPDATE_SECONDS_DEFAULT \
(2 * 60)
// This is the minimum number of seconds to do a server OCSP response
// pre-fetch retrieval after the OCSP response's NextUpdate when
// (NextUpdate - MinBeforeNextUpdateSeconds) < CurrentTime < NextUpdate.
#define CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_VALUE_NAME\
L"SrvOcspRespMinAfterNextUpdateSeconds"
// 1 minute
#define CERT_SRV_OCSP_RESP_MIN_AFTER_NEXT_UPDATE_SECONDS_DEFAULT \
(1 * 60)
// The following are REG_DWORD's. These configuration parameters are used
// in the ordering of the revocation retrieval URLs.
// When the number of cached OCSP URLs associated with the same CDP extension
// equal or exceed this number, the OCSP AIA URLs aren't used.
#define CRYPTNET_MAX_CACHED_OCSP_PER_CRL_COUNT_VALUE_NAME \
L"CryptnetMaxCachedOcspPerCrlCount"
#define CRYPTNET_MAX_CACHED_OCSP_PER_CRL_COUNT_DEFAULT \
500
// The above registry value can be set to this value, to disable OCSP
// when a CDP extension is present. Note, a registry value of 0, uses the
// above default value.
#define CRYPTNET_OCSP_AFTER_CRL_DISABLE \
0xFFFFFFFF
// The following are REG_DWORD's. These configuration parameters are
// used by the Cryptnet Url Cache Service (CUCS).
// The following parameter is used as the default flush exempt seconds
#define CRYPTNET_URL_CACHE_DEFAULT_FLUSH_EXEMPT_SECONDS_VALUE_NAME \
L"CryptnetDefaultFlushExemptSeconds"
// 4 Weeks : 28 days * 24 hours * 60 minutes * 60 seconds
#define CRYPTNET_URL_CACHE_DEFAULT_FLUSH_EXEMPT_SECONDS_DEFAULT \
(28 * 24 * 60 * 60)
// Following 2 parameters are used to set the lower and upper limit
// on the max-age retrievals done before the Publish and NextUpdate times.
#define CRYPTNET_PRE_FETCH_MIN_MAX_AGE_SECONDS_VALUE_NAME \
L"CryptnetPreFetchMinMaxAgeSeconds"
// 1 hour
#define CRYPTNET_PRE_FETCH_MIN_MAX_AGE_SECONDS_DEFAULT \
(1 * 60 * 60)
#define CRYPTNET_PRE_FETCH_MAX_MAX_AGE_SECONDS_VALUE_NAME \
L"CryptnetPreFetchMaxMaxAgeSeconds"
// 2 Weeks : 14 days * 24 hours * 60 minutes * 60 seconds
#define CRYPTNET_PRE_FETCH_MAX_MAX_AGE_SECONDS_DEFAULT \
(14 * 24 * 60 * 60)
// Following 3 parameters are used to calculate the PreFetch start before
// the NextUpdate
//
// Where PreFetchStartTime = PublishTime +
// PublishPeriod / AfterPublishPreFetchDivisor
// PreFetchEndTime = NextUpdate -
// PublishPeriod / BeforeNextUpdatePreFetchDivisor
//
// PreFetchPeriod = PreFetchEndTime - PreFetchStartTime
//
// if (PreFetchPeriod < MinBeforeNextUpdatePreFetchPeriodSeconds)
// - No PreFetch is done before NextUpdate
// else
// - PreFetch starts are randomized over this period
// The start of the PreFetch period is delayed after the start of the
// Publish period by dividing the PublishPeriod (NextUpdate - PublishTime)
// by this integer divisor.
#define CRYPTNET_PRE_FETCH_AFTER_PUBLISH_PRE_FETCH_DIVISOR_VALUE_NAME \
L"CryptnetPreFetchAfterPublishPreFetchDivisor"
// 10, where 12 hours / 10 = 72 minutes or 1.2 hours / 10 = 7.2 minutes
#define CRYPTNET_PRE_FETCH_AFTER_PUBLISH_PRE_FETCH_DIVISOR_DEFAULT \
10
// The finish of the PreFetch period occurs before NextUpdate
// by dividing the PublishPeriod (NextUpdate - PublishTime)
// by this integer divisor.
#define CRYPTNET_PRE_FETCH_BEFORE_NEXT_UPDATE_PRE_FETCH_DIVISOR_VALUE_NAME \
L"CryptnetPreFetchBeforeNextUpdatePreFetchDivisor"
// 20, where 12 hours / 20 = 36 minutes or 1.2 hours / 10 = 3.6 minutes
#define CRYPTNET_PRE_FETCH_BEFORE_NEXT_UPDATE_PRE_FETCH_DIVISOR_DEFAULT \
20
// The PreFetch period must exceed this minimum duration in seconds
// to do a PreFetch before NextUpdate
#define CRYPTNET_PRE_FETCH_MIN_BEFORE_NEXT_UPDATE_PRE_FETCH_PERIOD_SECONDS_VALUE
_NAME \
L"CryptnetPreFetchMinBeforeNextUpdatePreFetchSeconds"
// 1 hour
//
// For the default OCSP period of 12 hours using above defaults,
// PreFetchPeriod = 72 minutes - 7.2 minutes - 3.6 mintes = 61.2 minutes
#define CRYPTNET_PRE_FETCH_MIN_BEFORE_NEXT_UPDATE_PRE_FETCH_PERIOD_SECONDS_DEFAU
LT \
(1 * 60 * 60)
// Following 4 parameters are used to calculate the PreFetch start after
// the NextUpdate
//
// ValidityPeriod = NextUpdate - ThisUpdate
//
// PreFetchPeriod = ValidityPeriod / AfterNextUpdatePreFetchDivisor
//
// Where PreFetchPeriod is decreased to MaxAfterNextUpdatePreFetchPeriodSeconds
// or increased to MinAfterNextUpdatePreFetchPeriodSeconds;
//
// PreFetchStartTime = NextUpdate
// PreFetchEndTime = PreFetchStartTime + PreFetchPeriod
//
// PreFetch starts are randomized over the above PreFetchPeriod
//
// If CurrentTime > RandomPreFetchStartTime, then, the
// AfterCurrentTimePreFetchPeriodSeconds is randomized and added to
// CurrentTime for the RandomPreFetchStartTime
// The PreFetch period after NextUpdate is initially calculated by
// dividing the ValidityPeriod (NextUpdate - ThisUpdate) by this integer
// divisor.
#define CRYPTNET_PRE_FETCH_VALIDITY_PERIOD_AFTER_NEXT_UPDATE_PRE_FETCH_DIVISOR_V
ALUE_NAME \
L"CryptnetPreFetchValidityPeriodAfterNextUpdatePreFetchDivisor"
// 10, where 1 week / 10 = 16.8 hours
#define CRYPTNET_PRE_FETCH_VALIDITY_PERIOD_AFTER_NEXT_UPDATE_PRE_FETCH_DIVISOR_D
EFAULT \
10
// If necessary, the above PreFetch period will be decreased
// to this maximum duration in seconds.
#define CRYPTNET_PRE_FETCH_MAX_AFTER_NEXT_UPDATE_PRE_FETCH_PERIOD_SECONDS_VALUE_
NAME \
L"CryptnetPreFetchMaxAfterNextUpdatePreFetchPeriodSeconds"
// 4 hours
#define CRYPTNET_PRE_FETCH_MAX_AFTER_NEXT_UPDATE_PRE_FETCH_PERIOD_SECONDS_DEFAUL
T \
(4 * 60 * 60)
// If necessary, the above PreFetch period will be increased
// to this minimum duration in seconds.
#define CRYPTNET_PRE_FETCH_MIN_AFTER_NEXT_UPDATE_PRE_FETCH_PERIOD_SECONDS_VALUE_
NAME \
L"CryptnetPreFetchMinAfterNextUpdatePreFetchPeriodSeconds"
// 30 minutes
#define CRYPTNET_PRE_FETCH_MIN_AFTER_NEXT_UPDATE_PRE_FETCH_PERIOD_SECONDS_DEFAUL
T \
(30 * 60)
// If the CurrentTime is after the above randomized start time, the following
// parameter will be randomized and added to the CurrentTime.
#define CRYPTNET_PRE_FETCH_AFTER_CURRENT_TIME_PRE_FETCH_PERIOD_SECONDS_VALUE_NAM
E \
L"CryptnetPreFetchAfterCurrentTimePreFetchPeriodSeconds"
// 30 minutes
#define CRYPTNET_PRE_FETCH_AFTER_CURRENT_TIME_PRE_FETCH_PERIOD_SECONDS_DEFAULT \
(30 * 60)
// Following parameter specifies the minimum time period between sending
// trigger URL cache PreFetch LRPC messages to cryptsvc after doing online
// revocation enabled chain builds.
#define CRYPTNET_PRE_FETCH_TRIGGER_PERIOD_SECONDS_VALUE_NAME \
L"CryptnetPreFetchTriggerPeriodSeconds"
// 10 minutes
#define CRYPTNET_PRE_FETCH_TRIGGER_PERIOD_SECONDS_DEFAULT \
(10 * 60)
// The above registry value can be set to this value, to disable the
// sending of trigger URL cache PreFetch LRPC messages. Note, a registry
// value of 0, uses the above default value.
#define CRYPTNET_PRE_FETCH_TRIGGER_DISABLE \
0xFFFFFFFF
// Following parameter specifies the delay time to wait to scan the
// URL cache directory after receiving a trigger LRPC message request.
#define CRYPTNET_PRE_FETCH_SCAN_AFTER_TRIGGER_DELAY_SECONDS_VALUE_NAME \
L"CryptnetPreFetchScanAfterTriggerDelaySeconds"
// 30 seconds
#define CRYPTNET_PRE_FETCH_SCAN_AFTER_TRIGGER_DELAY_SECONDS_DEFAULT \
30
// Following parameter specifies the maximum amount of time to wait for any
// PreFetch retrieval to complete
#define CRYPTNET_PRE_FETCH_RETRIEVAL_TIMEOUT_SECONDS_VALUE_NAME \
L"CryptnetPreFetchRetrievalTimeoutSeconds"
// 5 minutes
#define CRYPTNET_PRE_FETCH_RETRIEVAL_TIMEOUT_SECONDS_DEFAULT \
(5 * 60)
//+-------------------------------------------------------------------------
// The following configuration parameters are store in HKLM group policy
//--------------------------------------------------------------------------
#define CERT_GROUP_POLICY_CHAIN_CONFIG_REGPATH \
CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\ChainEngine\\Config"
// In Longhorn, the following have been moved from the above HKLM
// configuration parameters:
// The following are REG_DWORD's. These configuration parameters are used
// to override the default URL timeouts in chain building
// This is the default URL timeout in milliseconds
#define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME \
L"ChainUrlRetrievalTimeoutMilliseconds"
// 15 seconds
#define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \
(15 * 1000)
// This is the default revocation accumulative URL timeout in milliseconds
// The first revocation URL retrieval uses half of this timeout
#define CERT_CHAIN_REV_ACCUMULATIVE_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAM
E \
L"ChainRevAccumulativeUrlRetrievalTimeoutMilliseconds"
// 20 seconds
#define CERT_CHAIN_REV_ACCUMULATIVE_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \
(20 * 1000)
// Note, will allow the machine setting to be used if this value isn't
// defined.
// By default AIA OCSP URLs are before CDP CRL URLs. When the number of cached
// OCSP URLs associated with the same CDP extension equal or exceed this
// number, the CRL URLs are placed before the OCSP URLs.
#define CRYPTNET_CACHED_OCSP_SWITCH_TO_CRL_COUNT_VALUE_NAME \
L"CryptnetCachedOcspSwitchToCrlCount"
#define CRYPTNET_CACHED_OCSP_SWITCH_TO_CRL_COUNT_DEFAULT \
50
// The above registry value can be set to this value, to always place
// the CRL URLs before the OCSP URLs. Note, a registry value of 0, uses the
// above default value.
#define CRYPTNET_CRL_BEFORE_OCSP_ENABLE \
0xFFFFFFFF
// Support for the following was removed in Longhorn. Changed to use
// the following OPTIONS flags in HKLM Group Policy
#define CERT_CHAIN_DISABLE_AIA_URL_RETRIEVAL_VALUE_NAME \
L"DisableAIAUrlRetrieval"
// By default AIA Url Retrieval is enabled. Set this registry value to nonzero
// to disable
// This is the name of the REG_DWORD for chain engine Options
#define CERT_CHAIN_OPTIONS_VALUE_NAME \
L"Options"
// Disable AIA URL retrieval when this bit is set in the Options
#define CERT_CHAIN_OPTION_DISABLE_AIA_URL_RETRIEVAL 0x2
#define CERT_CHAIN_CROSS_CERT_DOWNLOAD_INTERVAL_HOURS_VALUE_NAME \
L"CrossCertDownloadIntervalHours"
// 7 days
#define CERT_CHAIN_CROSS_CERT_DOWNLOAD_INTERVAL_HOURS_DEFAULT (24 * 7)
// When not defined or zero, the CRL validity isn't extended
#define CERT_CHAIN_CRL_VALIDITY_EXT_PERIOD_HOURS_VALUE_NAME \
L"CRLValidityExtensionPeriod"
// 12 hour
#define CERT_CHAIN_CRL_VALIDITY_EXT_PERIOD_HOURS_DEFAULT 12
// //
// The chain engine defines the store namespace and cache partitioning for // The chain engine defines the store namespace and cache partitioning for
// the Certificate Chaining infrastructure. A default chain engine // the Certificate Chaining infrastructure. A default chain engine
// is defined for the process which uses all default system stores e.g. // is defined for the process which uses all default system stores e.g.
// Root, CA, Trust, for chain building and caching. If an application // Root, CA, Trust, for chain building and caching. If an application
// wishes to define its own store namespace or have its own partitioned // wishes to define its own store namespace or have its own partitioned
// cache then it can create its own chain engine. It is advisable to create // cache then it can create its own chain engine. It is advisable to create
// a chain engine at application startup and use it throughout the lifetime // a chain engine at application startup and use it throughout the lifetime
// of the application in order to get optimal caching behavior // of the application in order to get optimal caching behavior
// //
skipping to change at line 14800 skipping to change at line 17443
DWORD cAdditionalStore; DWORD cAdditionalStore;
HCERTSTORE* rghAdditionalStore; HCERTSTORE* rghAdditionalStore;
DWORD dwFlags; DWORD dwFlags;
DWORD dwUrlRetrievalTimeout; // milliseconds DWORD dwUrlRetrievalTimeout; // milliseconds
DWORD MaximumCachedCertificates; DWORD MaximumCachedCertificates;
DWORD CycleDetectionModulus; DWORD CycleDetectionModulus;
} CERT_CHAIN_ENGINE_CONFIG, *PCERT_CHAIN_ENGINE_CONFIG; } CERT_CHAIN_ENGINE_CONFIG, *PCERT_CHAIN_ENGINE_CONFIG;
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertCreateCertificateChainEngine ( CertCreateCertificateChainEngine (
IN PCERT_CHAIN_ENGINE_CONFIG pConfig, __in PCERT_CHAIN_ENGINE_CONFIG pConfig,
OUT HCERTCHAINENGINE* phChainEngine __out HCERTCHAINENGINE* phChainEngine
); );
// //
// Free a certificate trust engine // Free a certificate trust engine
// //
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CertFreeCertificateChainEngine ( CertFreeCertificateChainEngine (
IN HCERTCHAINENGINE hChainEngine __in_opt HCERTCHAINENGINE hChainEngine
); );
// //
// Resync the certificate chain engine. This resync's the stores backing // Resync the certificate chain engine. This resync's the stores backing
// the engine and updates the engine caches. // the engine and updates the engine caches.
// //
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertResyncCertificateChainEngine ( CertResyncCertificateChainEngine (
IN HCERTCHAINENGINE hChainEngine __in_opt HCERTCHAINENGINE hChainEngine
); );
// //
// When an application requests a certificate chain, the data structure // When an application requests a certificate chain, the data structure
// returned is in the form of a CERT_CHAIN_CONTEXT. This contains // returned is in the form of a CERT_CHAIN_CONTEXT. This contains
// an array of CERT_SIMPLE_CHAIN where each simple chain goes from // an array of CERT_SIMPLE_CHAIN where each simple chain goes from
// an end cert to a self signed cert and the chain context connects simple // an end cert to a self signed cert and the chain context connects simple
// chains via trust lists. Each simple chain contains the chain of // chains via trust lists. Each simple chain contains the chain of
// certificates, summary trust information about the chain and trust information // certificates, summary trust information about the chain and trust information
// about each certificate element in the chain. // about each certificate element in the chain.
skipping to change at line 14872 skipping to change at line 17516
#define CERT_TRUST_IS_NOT_VALID_FOR_USAGE 0x00000010 #define CERT_TRUST_IS_NOT_VALID_FOR_USAGE 0x00000010
#define CERT_TRUST_IS_UNTRUSTED_ROOT 0x00000020 #define CERT_TRUST_IS_UNTRUSTED_ROOT 0x00000020
#define CERT_TRUST_REVOCATION_STATUS_UNKNOWN 0x00000040 #define CERT_TRUST_REVOCATION_STATUS_UNKNOWN 0x00000040
#define CERT_TRUST_IS_CYCLIC 0x00000080 #define CERT_TRUST_IS_CYCLIC 0x00000080
#define CERT_TRUST_INVALID_EXTENSION 0x00000100 #define CERT_TRUST_INVALID_EXTENSION 0x00000100
#define CERT_TRUST_INVALID_POLICY_CONSTRAINTS 0x00000200 #define CERT_TRUST_INVALID_POLICY_CONSTRAINTS 0x00000200
#define CERT_TRUST_INVALID_BASIC_CONSTRAINTS 0x00000400 #define CERT_TRUST_INVALID_BASIC_CONSTRAINTS 0x00000400
#define CERT_TRUST_INVALID_NAME_CONSTRAINTS 0x00000800 #define CERT_TRUST_INVALID_NAME_CONSTRAINTS 0x00000800
#define CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT 0x00001000 #define CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT 0x00001000
// In LH, this error will never be set.
#define CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT 0x00002000 #define CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT 0x00002000
#define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT 0x00004000 #define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT 0x00004000
#define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT 0x00008000 #define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT 0x00008000
#define CERT_TRUST_IS_OFFLINE_REVOCATION 0x01000000 #define CERT_TRUST_IS_OFFLINE_REVOCATION 0x01000000
#define CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY 0x02000000 #define CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY 0x02000000
#define CERT_TRUST_IS_EXPLICIT_DISTRUST 0x04000000
#define CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT 0x08000000
// These can be applied to chains only // These can be applied to chains only
#define CERT_TRUST_IS_PARTIAL_CHAIN 0x00010000 #define CERT_TRUST_IS_PARTIAL_CHAIN 0x00010000
#define CERT_TRUST_CTL_IS_NOT_TIME_VALID 0x00020000 #define CERT_TRUST_CTL_IS_NOT_TIME_VALID 0x00020000
#define CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID 0x00040000 #define CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID 0x00040000
#define CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE 0x00080000 #define CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE 0x00080000
// //
// The following are info status bits // The following are info status bits
skipping to change at line 14902 skipping to change at line 17551
#define CERT_TRUST_HAS_EXACT_MATCH_ISSUER 0x00000001 #define CERT_TRUST_HAS_EXACT_MATCH_ISSUER 0x00000001
#define CERT_TRUST_HAS_KEY_MATCH_ISSUER 0x00000002 #define CERT_TRUST_HAS_KEY_MATCH_ISSUER 0x00000002
#define CERT_TRUST_HAS_NAME_MATCH_ISSUER 0x00000004 #define CERT_TRUST_HAS_NAME_MATCH_ISSUER 0x00000004
#define CERT_TRUST_IS_SELF_SIGNED 0x00000008 #define CERT_TRUST_IS_SELF_SIGNED 0x00000008
// These can be applied to certificates and chains // These can be applied to certificates and chains
#define CERT_TRUST_HAS_PREFERRED_ISSUER 0x00000100 #define CERT_TRUST_HAS_PREFERRED_ISSUER 0x00000100
#define CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x00000200 #define CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x00000200
#define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x00000400 #define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x00000400
#define CERT_TRUST_IS_PEER_TRUSTED 0x00000800
#define CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED 0x00001000
// These can be applied to chains only // These can be applied to chains only
#define CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000 #define CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000
// //
// Each certificate context in a simple chain has a corresponding chain element // Each certificate context in a simple chain has a corresponding chain element
// in the simple chain context // in the simple chain context
// //
// dwErrorStatus has CERT_TRUST_IS_REVOKED, pRevocationInfo set // dwErrorStatus has CERT_TRUST_IS_REVOKED, pRevocationInfo set
skipping to change at line 15031 skipping to change at line 17681
PCCERT_CHAIN_CONTEXT* rgpLowerQualityChainContext; PCCERT_CHAIN_CONTEXT* rgpLowerQualityChainContext;
// fHasRevocationFreshnessTime is only set if we are able to retrieve // fHasRevocationFreshnessTime is only set if we are able to retrieve
// revocation information for all elements checked for revocation. // revocation information for all elements checked for revocation.
// For a CRL its CurrentTime - ThisUpdate. // For a CRL its CurrentTime - ThisUpdate.
// //
// dwRevocationFreshnessTime is the largest time across all elements // dwRevocationFreshnessTime is the largest time across all elements
// checked. // checked.
BOOL fHasRevocationFreshnessTime; BOOL fHasRevocationFreshnessTime;
DWORD dwRevocationFreshnessTime; // seconds DWORD dwRevocationFreshnessTime; // seconds
// Flags passed when created via CertGetCertificateChain
DWORD dwCreateFlags;
// Following is updated with unique Id when the chain context is logged.
GUID ChainId;
}; };
// //
// When building a chain, the there are various parameters used for finding // When building a chain, the there are various parameters used for finding
// issuing certificates and trust lists. They are identified in the // issuing certificates and trust lists. They are identified in the
// following structure // following structure
// //
// Default usage match type is AND with value zero // Default usage match type is AND with value zero
#define USAGE_MATCH_TYPE_AND 0x00000000 #define USAGE_MATCH_TYPE_AND 0x00000000
skipping to change at line 15073 skipping to change at line 17729
// Note, if you #define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS, then, you // Note, if you #define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS, then, you
// must zero all unused fields in this data structure. // must zero all unused fields in this data structure.
// More fields could be added in a future release. // More fields could be added in a future release.
CERT_USAGE_MATCH RequestedIssuancePolicy; CERT_USAGE_MATCH RequestedIssuancePolicy;
DWORD dwUrlRetrievalTimeout; // milliseconds DWORD dwUrlRetrievalTimeout; // milliseconds
BOOL fCheckRevocationFreshnessTime; BOOL fCheckRevocationFreshnessTime;
DWORD dwRevocationFreshnessTime; // seconds DWORD dwRevocationFreshnessTime; // seconds
// If nonNULL, any cached information before this time is considered
// time invalid and forces a wire retrieval. When set overrides
// the registry configuration CacheResync time.
LPFILETIME pftCacheResync;
#endif #endif
} CERT_CHAIN_PARA, *PCERT_CHAIN_PARA; } CERT_CHAIN_PARA, *PCERT_CHAIN_PARA;
// //
// The following API is used for retrieving certificate chains // The following API is used for retrieving certificate chains
// //
// Parameters: // Parameters:
// //
// hChainEngine - the chain engine (namespace and cache) to use, NULL // hChainEngine - the chain engine (namespace and cache) to use, NULL
skipping to change at line 15139 skipping to change at line 17800
// When this flag is set, pTime will be used as the timestamp time. // When this flag is set, pTime will be used as the timestamp time.
// pTime will be used to determine if the end certificate was valid at this // pTime will be used to determine if the end certificate was valid at this
// time. Revocation checking will be relative to pTime. // time. Revocation checking will be relative to pTime.
// In addition, current time will also be used // In addition, current time will also be used
// to determine if the certificate is still time valid. All remaining // to determine if the certificate is still time valid. All remaining
// CA and root certificates will be checked using current time and not pTime. // CA and root certificates will be checked using current time and not pTime.
// //
// This flag was added 4/5/01 in WXP. // This flag was added 4/5/01 in WXP.
#define CERT_CHAIN_TIMESTAMP_TIME 0x00000200 #define CERT_CHAIN_TIMESTAMP_TIME 0x00000200
// When this flag is set, "My" certificates having a private key or end
// entity certificates in the "TrustedPeople" store are trusted without
// doing any chain building. Neither the CERT_TRUST_IS_PARTIAL_CHAIN or
// CERT_TRUST_IS_UNTRUSTED_ROOT dwErrorStatus bits will be set for
// such certificates.
//
// This flag was added 6/9/03 in LH.
#define CERT_CHAIN_ENABLE_PEER_TRUST 0x00000400
// When this flag is set, "My" certificates aren't considered for
// PEER_TRUST.
//
// This flag was added 11/12/04 in LH.
//
// On 8-05-05 changed to never consider "My" certificates for PEER_TRUST.
#define CERT_CHAIN_DISABLE_MY_PEER_TRUST 0x00000800
WINCRYPT32API WINCRYPT32API
__success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertGetCertificateChain ( CertGetCertificateChain (
IN OPTIONAL HCERTCHAINENGINE hChainEngine, __in_opt HCERTCHAINENGINE hChainEngine,
IN PCCERT_CONTEXT pCertContext, __in PCCERT_CONTEXT pCertContext,
IN OPTIONAL LPFILETIME pTime, __in_opt LPFILETIME pTime,
IN OPTIONAL HCERTSTORE hAdditionalStore, __in_opt HCERTSTORE hAdditionalStore,
IN PCERT_CHAIN_PARA pChainPara, __in PCERT_CHAIN_PARA pChainPara,
IN DWORD dwFlags, __in DWORD dwFlags,
IN LPVOID pvReserved, __reserved LPVOID pvReserved,
OUT PCCERT_CHAIN_CONTEXT* ppChainContext __out PCCERT_CHAIN_CONTEXT* ppChainContext
); );
// //
// Free a certificate chain // Free a certificate chain
// //
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CertFreeCertificateChain ( CertFreeCertificateChain (
IN PCCERT_CHAIN_CONTEXT pChainContext __in PCCERT_CHAIN_CONTEXT pChainContext
); );
// //
// Duplicate (add a reference to) a certificate chain // Duplicate (add a reference to) a certificate chain
// //
WINCRYPT32API WINCRYPT32API
PCCERT_CHAIN_CONTEXT PCCERT_CHAIN_CONTEXT
WINAPI WINAPI
CertDuplicateCertificateChain ( CertDuplicateCertificateChain (
IN PCCERT_CHAIN_CONTEXT pChainContext __in PCCERT_CHAIN_CONTEXT pChainContext
); );
// //
// Specific Revocation Type OID and structure definitions // Specific Revocation Type OID and structure definitions
// //
// //
// CRL Revocation OID // CRL Revocation OID
// //
skipping to change at line 15226 skipping to change at line 17905
// pPrevChainContext is set to the CERT_CHAIN_CONTEXT returned by a previous // pPrevChainContext is set to the CERT_CHAIN_CONTEXT returned by a previous
// call. // call.
// //
// NOTE: a NON-NULL pPrevChainContext is always CertFreeCertificateChain'ed by // NOTE: a NON-NULL pPrevChainContext is always CertFreeCertificateChain'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CHAIN_CONTEXT PCCERT_CHAIN_CONTEXT
WINAPI WINAPI
CertFindChainInStore( CertFindChainInStore(
IN HCERTSTORE hCertStore, __in HCERTSTORE hCertStore,
IN DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
IN DWORD dwFindFlags, __in DWORD dwFindFlags,
IN DWORD dwFindType, __in DWORD dwFindType,
IN const void *pvFindPara, __in_opt const void *pvFindPara,
IN PCCERT_CHAIN_CONTEXT pPrevChainContext __in_opt PCCERT_CHAIN_CONTEXT pPrevChainContext
); );
#define CERT_CHAIN_FIND_BY_ISSUER 1 #define CERT_CHAIN_FIND_BY_ISSUER 1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_CHAIN_FIND_BY_ISSUER // CERT_CHAIN_FIND_BY_ISSUER
// //
// Find a certificate chain having a private key for the end certificate and // Find a certificate chain having a private key for the end certificate and
// matching one of the given issuer names. A matching dwKeySpec and // matching one of the given issuer names. A matching dwKeySpec and
// enhanced key usage can also be specified. Additionally a callback can // enhanced key usage can also be specified. Additionally a callback can
skipping to change at line 15281 skipping to change at line 17960
// cached system stores instead of the Current User's. // cached system stores instead of the Current User's.
// //
// Setting CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG in dwFindFlags // Setting CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG in dwFindFlags
// restricts CertGetCertificateChain to only search the URL cache // restricts CertGetCertificateChain to only search the URL cache
// and not hit the wire. // and not hit the wire.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Returns FALSE to skip this certificate. Otherwise, returns TRUE to // Returns FALSE to skip this certificate. Otherwise, returns TRUE to
// build a chain for this certificate. // build a chain for this certificate.
typedef BOOL (WINAPI *PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK)( typedef BOOL (WINAPI *PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK)(
IN PCCERT_CONTEXT pCert, __in PCCERT_CONTEXT pCert,
IN void *pvFindArg __inout_opt void *pvFindArg
); );
typedef struct _CERT_CHAIN_FIND_BY_ISSUER_PARA { typedef struct _CERT_CHAIN_FIND_BY_ISSUER_PARA {
DWORD cbSize; DWORD cbSize;
// If pszUsageIdentifier == NULL, matches any usage. // If pszUsageIdentifier == NULL, matches any usage.
LPCSTR pszUsageIdentifier; LPCSTR pszUsageIdentifier;
// If dwKeySpec == 0, matches any KeySpec // If dwKeySpec == 0, matches any KeySpec
DWORD dwKeySpec; DWORD dwKeySpec;
skipping to change at line 15420 skipping to change at line 18099
#define CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS ( \ #define CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS ( \
CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG | \ CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG | \
CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG | \ CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG | \
CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG | \ CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG | \
CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG \ CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG \
) )
#define CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG 0x00008000 #define CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG 0x00008000
#define CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG 0x00004000 #define CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG 0x00004000
#define CERT_CHAIN_POLICY_IGNORE_NOT_SUPPORTED_CRITICAL_EXT_FLAG 0x00002000
#define CERT_CHAIN_POLICY_IGNORE_PEER_TRUST_FLAG 0x00001000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify that the certificate chain satisfies the specified policy // Verify that the certificate chain satisfies the specified policy
// requirements. If we were able to verify the chain policy, TRUE is returned // requirements. If we were able to verify the chain policy, TRUE is returned
// and the dwError field of the pPolicyStatus is updated. A dwError of 0 // and the dwError field of the pPolicyStatus is updated. A dwError of 0
// (ERROR_SUCCESS, S_OK) indicates the chain satisfies the specified policy. // (ERROR_SUCCESS, S_OK) indicates the chain satisfies the specified policy.
// //
// If dwError applies to the entire chain context, both lChainIndex and // If dwError applies to the entire chain context, both lChainIndex and
// lElementIndex are set to -1. If dwError applies to a simple chain, // lElementIndex are set to -1. If dwError applies to a simple chain,
// lElementIndex is set to -1 and lChainIndex is set to the index of the // lElementIndex is set to -1 and lChainIndex is set to the index of the
// first offending chain having the error. If dwError applies to a // first offending chain having the error. If dwError applies to a
skipping to change at line 15446 skipping to change at line 18128
// behaviour. In addition, policy specific parameters can be passed in // behaviour. In addition, policy specific parameters can be passed in
// the pvExtraPolicyPara field of pPolicyPara. // the pvExtraPolicyPara field of pPolicyPara.
// //
// In addition to returning dwError, in pPolicyStatus, policy OID specific // In addition to returning dwError, in pPolicyStatus, policy OID specific
// extra status may be returned via pvExtraPolicyStatus. // extra status may be returned via pvExtraPolicyStatus.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifyCertificateChainPolicy( CertVerifyCertificateChainPolicy(
IN LPCSTR pszPolicyOID, __in LPCSTR pszPolicyOID,
IN PCCERT_CHAIN_CONTEXT pChainContext, __in PCCERT_CHAIN_CONTEXT pChainContext,
IN PCERT_CHAIN_POLICY_PARA pPolicyPara, __in PCERT_CHAIN_POLICY_PARA pPolicyPara,
IN OUT PCERT_CHAIN_POLICY_STATUS pPolicyStatus __inout PCERT_CHAIN_POLICY_STATUS pPolicyStatus
); );
// Predefined OID Function Names // Predefined OID Function Names
#define CRYPT_OID_VERIFY_CERTIFICATE_CHAIN_POLICY_FUNC \ #define CRYPT_OID_VERIFY_CERTIFICATE_CHAIN_POLICY_FUNC \
"CertDllVerifyCertificateChainPolicy" "CertDllVerifyCertificateChainPolicy"
// CertDllVerifyCertificateChainPolicy has same function signature as // CertDllVerifyCertificateChainPolicy has same function signature as
// CertVerifyCertificateChainPolicy. // CertVerifyCertificateChainPolicy.
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 15639 skipping to change at line 18321
// cchString is obtained via strlen() + 1. // cchString is obtained via strlen() + 1.
// dwFlags defines string format // dwFlags defines string format
// if pbBinary is NULL, *pcbBinary returns the size of required memory // if pbBinary is NULL, *pcbBinary returns the size of required memory
// *pdwSkip returns the character count of skipped strings, optional // *pdwSkip returns the character count of skipped strings, optional
// *pdwFlags returns the actual format used in the conversion, optional // *pdwFlags returns the actual format used in the conversion, optional
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32STRINGAPI WINCRYPT32STRINGAPI
BOOL BOOL
WINAPI WINAPI
CryptStringToBinaryA( CryptStringToBinaryA(
IN LPCSTR pszString, __in_ecount(cchString) LPCSTR pszString,
IN DWORD cchString, __in DWORD cchString,
IN DWORD dwFlags, __in DWORD dwFlags,
IN BYTE *pbBinary, __out_bcount_part_opt(*pcbBinary, *pcbBinary) BYTE *pbBinary,
IN OUT DWORD *pcbBinary, __inout DWORD *pcbBinary,
OUT DWORD *pdwSkip, //OPTIONAL __out_opt DWORD *pdwSkip,
OUT DWORD *pdwFlags //OPTIONAL __out_opt DWORD *pdwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// convert formatted string to binary // convert formatted string to binary
// If cchString is 0, then pszString is NULL terminated and // If cchString is 0, then pszString is NULL terminated and
// cchString is obtained via strlen() + 1. // cchString is obtained via strlen() + 1.
// dwFlags defines string format // dwFlags defines string format
// if pbBinary is NULL, *pcbBinary returns the size of required memory // if pbBinary is NULL, *pcbBinary returns the size of required memory
// *pdwSkip returns the character count of skipped strings, optional // *pdwSkip returns the character count of skipped strings, optional
// *pdwFlags returns the actual format used in the conversion, optional // *pdwFlags returns the actual format used in the conversion, optional
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32STRINGAPI WINCRYPT32STRINGAPI
BOOL BOOL
WINAPI WINAPI
CryptStringToBinaryW( CryptStringToBinaryW(
IN LPCWSTR pszString, __in_ecount(cchString) LPCWSTR pszString,
IN DWORD cchString, __in DWORD cchString,
IN DWORD dwFlags, __in DWORD dwFlags,
IN BYTE *pbBinary, __out_bcount_part_opt(*pcbBinary, *pcbBinary) BYTE *pbBinary,
IN OUT DWORD *pcbBinary, __inout DWORD *pcbBinary,
OUT DWORD *pdwSkip, //OPTIONAL __out_opt DWORD *pdwSkip,
OUT DWORD *pdwFlags //OPTIONAL __out_opt DWORD *pdwFlags
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptStringToBinary CryptStringToBinaryW #define CryptStringToBinary CryptStringToBinaryW
#else #else
#define CryptStringToBinary CryptStringToBinaryA #define CryptStringToBinary CryptStringToBinaryA
#endif // !UNICODE #endif // !UNICODE
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// convert binary to formatted string // convert binary to formatted string
// dwFlags defines string format // dwFlags defines string format
// if pszString is NULL, *pcchString returns size in characters // if pszString is NULL, *pcchString returns size in characters
// including null-terminator // including null-terminator
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32STRINGAPI WINCRYPT32STRINGAPI
BOOL BOOL
WINAPI WINAPI
CryptBinaryToStringA( CryptBinaryToStringA(
IN CONST BYTE *pbBinary, __in_bcount(cbBinary) CONST BYTE *pbBinary,
IN DWORD cbBinary, __in DWORD cbBinary,
IN DWORD dwFlags, __in DWORD dwFlags,
IN LPSTR pszString, __out_ecount_part_opt(*pcchString, *pcchString) LPSTR pszString,
IN OUT DWORD *pcchString __inout DWORD *pcchString
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// convert binary to formatted string // convert binary to formatted string
// dwFlags defines string format // dwFlags defines string format
// if pszString is NULL, *pcchString returns size in characters // if pszString is NULL, *pcchString returns size in characters
// including null-terminator // including null-terminator
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32STRINGAPI WINCRYPT32STRINGAPI
BOOL BOOL
WINAPI WINAPI
CryptBinaryToStringW( CryptBinaryToStringW(
IN CONST BYTE *pbBinary, __in_bcount(cbBinary) CONST BYTE *pbBinary,
IN DWORD cbBinary, __in DWORD cbBinary,
IN DWORD dwFlags, __in DWORD dwFlags,
IN LPWSTR pszString, __out_ecount_part_opt(*pcchString, *pcchString) LPWSTR pszString,
IN OUT DWORD *pcchString __inout DWORD *pcchString
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptBinaryToString CryptBinaryToStringW #define CryptBinaryToString CryptBinaryToStringW
#else #else
#define CryptBinaryToString CryptBinaryToStringA #define CryptBinaryToString CryptBinaryToStringA
#endif // !UNICODE #endif // !UNICODE
// dwFlags has the following defines // dwFlags has the following defines
// certenrolld_begin -- CRYPT_STRING_*
#define CRYPT_STRING_BASE64HEADER 0x00000000 #define CRYPT_STRING_BASE64HEADER 0x00000000
#define CRYPT_STRING_BASE64 0x00000001 #define CRYPT_STRING_BASE64 0x00000001
#define CRYPT_STRING_BINARY 0x00000002 #define CRYPT_STRING_BINARY 0x00000002
#define CRYPT_STRING_BASE64REQUESTHEADER 0x00000003 #define CRYPT_STRING_BASE64REQUESTHEADER 0x00000003
#define CRYPT_STRING_HEX 0x00000004 #define CRYPT_STRING_HEX 0x00000004
#define CRYPT_STRING_HEXASCII 0x00000005 #define CRYPT_STRING_HEXASCII 0x00000005
#define CRYPT_STRING_BASE64_ANY 0x00000006 #define CRYPT_STRING_BASE64_ANY 0x00000006
#define CRYPT_STRING_ANY 0x00000007 #define CRYPT_STRING_ANY 0x00000007
#define CRYPT_STRING_HEX_ANY 0x00000008 #define CRYPT_STRING_HEX_ANY 0x00000008
#define CRYPT_STRING_BASE64X509CRLHEADER 0x00000009 #define CRYPT_STRING_BASE64X509CRLHEADER 0x00000009
#define CRYPT_STRING_HEXADDR 0x0000000a #define CRYPT_STRING_HEXADDR 0x0000000a
#define CRYPT_STRING_HEXASCIIADDR 0x0000000b #define CRYPT_STRING_HEXASCIIADDR 0x0000000b
#define CRYPT_STRING_HEXRAW 0x0000000c
#define CRYPT_STRING_NOCRLF 0x40000000
#define CRYPT_STRING_NOCR 0x80000000 #define CRYPT_STRING_NOCR 0x80000000
// certenrolld_end
// CryptBinaryToString uses the following flags // CryptBinaryToString uses the following flags
// CRYPT_STRING_BASE64HEADER - base64 format with certificate begin // CRYPT_STRING_BASE64HEADER - base64 format with certificate begin
// and end headers // and end headers
// CRYPT_STRING_BASE64 - only base64 without headers // CRYPT_STRING_BASE64 - only base64 without headers
// CRYPT_STRING_BINARY - pure binary copy // CRYPT_STRING_BINARY - pure binary copy
// CRYPT_STRING_BASE64REQUESTHEADER - base64 format with request begin // CRYPT_STRING_BASE64REQUESTHEADER - base64 format with request begin
// and end headers // and end headers
// CRYPT_STRING_BASE64X509CRLHEADER - base64 format with x509 crl begin // CRYPT_STRING_BASE64X509CRLHEADER - base64 format with x509 crl begin
// and end headers // and end headers
skipping to change at line 15759 skipping to change at line 18445
// CRYPT_STRING_ANY tries the following, in order: // CRYPT_STRING_ANY tries the following, in order:
// CRYPT_STRING_BASE64_ANY // CRYPT_STRING_BASE64_ANY
// CRYPT_STRING_BINARY -- should always succeed // CRYPT_STRING_BINARY -- should always succeed
// CRYPT_STRING_HEX_ANY tries the following, in order: // CRYPT_STRING_HEX_ANY tries the following, in order:
// CRYPT_STRING_HEXADDR // CRYPT_STRING_HEXADDR
// CRYPT_STRING_HEXASCIIADDR // CRYPT_STRING_HEXASCIIADDR
// CRYPT_STRING_HEXASCII // CRYPT_STRING_HEXASCII
// CRYPT_STRING_HEX // CRYPT_STRING_HEX
//+========================================================================= //+=========================================================================
// PFX (PKCS #12) function defintions and types // PFX (PKCS #12) function definitions and types
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PKCS#12 OIDs
//--------------------------------------------------------------------------
#define szOID_PKCS_12_PbeIds "1.2.840.113549.1.12.1"
#define szOID_PKCS_12_pbeWithSHA1And128BitRC4 "1.2.840.113549.1.12.1.1"
#define szOID_PKCS_12_pbeWithSHA1And40BitRC4 "1.2.840.113549.1.12.1.2"
#define szOID_PKCS_12_pbeWithSHA1And3KeyTripleDES "1.2.840.113549.1.12.1.3"
#define szOID_PKCS_12_pbeWithSHA1And2KeyTripleDES "1.2.840.113549.1.12.1.4"
#define szOID_PKCS_12_pbeWithSHA1And128BitRC2 "1.2.840.113549.1.12.1.5"
#define szOID_PKCS_12_pbeWithSHA1And40BitRC2 "1.2.840.113549.1.12.1.6"
//+-------------------------------------------------------------------------
// PBE parameters as defined in PKCS#12 as pkcs-12PbeParams.
//
// NOTE that the salt bytes will immediately follow this structure.
// we avoid using pointers in this structure for easy of passing
// it into NCryptExportKey() as a NCryptBuffer (may be sent via RPC
// to the key isolation process).
//--------------------------------------------------------------------------
typedef struct _CRYPT_PKCS12_PBE_PARAMS
{
int iIterations; /* iteration count */
ULONG cbSalt; /* byte size of the salt */
}
CRYPT_PKCS12_PBE_PARAMS;
//+-------------------------------------------------------------------------
// PFXImportCertStore // PFXImportCertStore
// //
// Import the PFX blob and return a store containing certificates // Import the PFX blob and return a store containing certificates
// //
// If the password parameter is incorrect or any other problems decoding // If the password parameter is incorrect or any other problems decoding
// the PFX blob are encountered, the function will return NULL and the // the PFX blob are encountered, the function will return NULL and the
// error code can be found from GetLastError(). // error code can be found from GetLastError().
// //
// The dwFlags parameter may be set to the following: // The dwFlags parameter may be set to the following:
// CRYPT_EXPORTABLE - specify that any imported keys should be marked as // CRYPT_EXPORTABLE - specify that any imported keys should be marked as
// exportable (see documentation on CryptImportKey) // exportable (see documentation on CryptImportKey)
// CRYPT_USER_PROTECTED - (see documentation on CryptImportKey) // CRYPT_USER_PROTECTED - (see documentation on CryptImportKey)
// CRYPT_MACHINE_KEYSET - used to force the private key to be stored in the // CRYPT_MACHINE_KEYSET - used to force the private key to be stored in the
// the local machine and not the current user. // the local machine and not the current user.
// CRYPT_USER_KEYSET - used to force the private key to be stored in the // CRYPT_USER_KEYSET - used to force the private key to be stored in the
// the current user and not the local machine, even if // the current user and not the local machine, even if
// the pfx blob specifies that it should go into local // the pfx blob specifies that it should go into local
// machine. // machine.
// PKCS12_INCLUDE_EXTENDED_PROPERTIES - used to import all extended
// properties that were saved with CertExportCertStore()
// using the same flag.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCERTSTORE HCERTSTORE
WINAPI WINAPI
PFXImportCertStore( PFXImportCertStore(
IN CRYPT_DATA_BLOB* pPFX, __in CRYPT_DATA_BLOB* pPFX,
IN LPCWSTR szPassword, __in LPCWSTR szPassword,
IN DWORD dwFlags); __in DWORD dwFlags);
// dwFlags definitions for PFXImportCertStore // dwFlags definitions for PFXImportCertStore
//#define CRYPT_EXPORTABLE 0x00000001 // CryptImportKey dwFlags //#define CRYPT_EXPORTABLE 0x00000001 // CryptImportKey dwFlags
//#define CRYPT_USER_PROTECTED 0x00000002 // CryptImportKey dwFlags //#define CRYPT_USER_PROTECTED 0x00000002 // CryptImportKey dwFlags
//#define CRYPT_MACHINE_KEYSET 0x00000020 // CryptAcquireContext dwFlags //#define CRYPT_MACHINE_KEYSET 0x00000020 // CryptAcquireContext dwFlags
//#define PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x10
#define CRYPT_USER_KEYSET 0x00001000 #define CRYPT_USER_KEYSET 0x00001000
#define PKCS12_PREFER_CNG_KSP 0x00000100 // prefer using CNG KSP
#define PKCS12_IMPORT_RESERVED_MASK 0xffff0000 #define PKCS12_ALWAYS_CNG_KSP 0x00000200 // always use CNG KSP
#define PKCS12_ALLOW_OVERWRITE_KEY 0x00004000 // allow overwrite existing key
#define PKCS12_NO_PERSIST_KEY 0x00008000 // key will not be persisted
#define PKCS12_IMPORT_RESERVED_MASK 0xffff0000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PFXIsPFXBlob // PFXIsPFXBlob
// //
// This function will try to decode the outer layer of the blob as a pfx // This function will try to decode the outer layer of the blob as a pfx
// blob, and if that works it will return TRUE, it will return FALSE otherwise // blob, and if that works it will return TRUE, it will return FALSE otherwise
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
PFXIsPFXBlob( PFXIsPFXBlob(
IN CRYPT_DATA_BLOB* pPFX); __in CRYPT_DATA_BLOB* pPFX);
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PFXVerifyPassword // PFXVerifyPassword
// //
// This function will attempt to decode the outer layer of the blob as a pfx // This function will attempt to decode the outer layer of the blob as a pfx
// blob and decrypt with the given password. No data from the blob will be // blob and decrypt with the given password. No data from the blob will be
// imported. // imported.
// //
// Return value is TRUE if password appears correct, FALSE otherwise. // Return value is TRUE if password appears correct, FALSE otherwise.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
PFXVerifyPassword( PFXVerifyPassword(
IN CRYPT_DATA_BLOB* pPFX, __in CRYPT_DATA_BLOB* pPFX,
IN LPCWSTR szPassword, __in LPCWSTR szPassword,
IN DWORD dwFlags); __in DWORD dwFlags);
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PFXExportCertStoreEx // PFXExportCertStoreEx
// //
// Export the certificates and private keys referenced in the passed-in store // Export the certificates and private keys referenced in the passed-in store
// //
// This API encodes the blob under a stronger algorithm. The resulting // This API encodes the blob under a stronger algorithm. The resulting
// PKCS12 blobs are incompatible with the earlier PFXExportCertStore API. // PKCS12 blobs are incompatible with the earlier PFXExportCertStore API.
// //
// The value passed in the password parameter will be used to encrypt and // The value passed in the password parameter will be used to encrypt and
// verify the integrity of the PFX packet. If any problems encoding the store // verify the integrity of the PFX packet. If any problems encoding the store
// are encountered, the function will return FALSE and the error code can // are encountered, the function will return FALSE and the error code can
// be found from GetLastError(). // be found from GetLastError().
// //
// The dwFlags parameter may be set to any combination of // The dwFlags parameter may be set to any combination of
// EXPORT_PRIVATE_KEYS // EXPORT_PRIVATE_KEYS
// REPORT_NO_PRIVATE_KEY // REPORT_NO_PRIVATE_KEY
// REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY // REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY
// PKCS12_INCLUDE_EXTENDED_PROPERTIES
// //
// The encoded PFX blob is returned in *pPFX. If pPFX->pbData is NULL upon // The encoded PFX blob is returned in *pPFX. If pPFX->pbData is NULL upon
// input, this is a length only calculation, whereby, pPFX->cbData is updated // input, this is a length only calculation, whereby, pPFX->cbData is updated
// with the number of bytes required for the encoded blob. Otherwise, // with the number of bytes required for the encoded blob. Otherwise,
// the memory pointed to by pPFX->pbData is updated with the encoded bytes // the memory pointed to by pPFX->pbData is updated with the encoded bytes
// and pPFX->cbData is updated with the encoded byte length. // and pPFX->cbData is updated with the encoded byte length.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
PFXExportCertStoreEx( PFXExportCertStoreEx(
IN HCERTSTORE hStore, __in HCERTSTORE hStore,
IN OUT CRYPT_DATA_BLOB* pPFX, __inout CRYPT_DATA_BLOB* pPFX,
IN LPCWSTR szPassword, __in LPCWSTR szPassword,
IN void* pvReserved, __reserved void* pvReserved,
IN DWORD dwFlags); __in DWORD dwFlags);
// dwFlags definitions for PFXExportCertStoreEx // dwFlags definitions for PFXExportCertStoreEx
#define REPORT_NO_PRIVATE_KEY 0x0001 #define REPORT_NO_PRIVATE_KEY 0x0001
#define REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY 0x0002 #define REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY 0x0002
#define EXPORT_PRIVATE_KEYS 0x0004 #define EXPORT_PRIVATE_KEYS 0x0004
#define PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x0010
#define PKCS12_EXPORT_RESERVED_MASK 0xffff0000 #define PKCS12_EXPORT_RESERVED_MASK 0xffff0000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PFXExportCertStore // PFXExportCertStore
// //
// Export the certificates and private keys referenced in the passed-in store // Export the certificates and private keys referenced in the passed-in store
// //
// This is an old API kept for compatibility with IE4 clients. New applications // This is an old API kept for compatibility with IE4 clients. New applications
// should call the above PfxExportCertStoreEx for enhanced security. // should call the above PfxExportCertStoreEx for enhanced security.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
PFXExportCertStore( PFXExportCertStore(
IN HCERTSTORE hStore, __in HCERTSTORE hStore,
IN OUT CRYPT_DATA_BLOB* pPFX, __inout CRYPT_DATA_BLOB* pPFX,
IN LPCWSTR szPassword, __in LPCWSTR szPassword,
IN DWORD dwFlags); __in DWORD dwFlags);
//+=========================================================================
// APIs to get a non-blocking, time valid OCSP response for
// a server certificate chain.
//
// Normally, this OCSP response will be included along with the server
// certificate in a message returned to the client. As a result only the
// server should need to contact the OCSP responser for its certificate.
//==========================================================================
//+-------------------------------------------------------------------------
// Server OCSP response handle.
//--------------------------------------------------------------------------
typedef VOID *HCERT_SERVER_OCSP_RESPONSE;
//+-------------------------------------------------------------------------
// Open a handle to an OCSP response associated with a server certificate
// chain. If the end certificate doesn't have an OCSP AIA URL, NULL is
// returned with LastError set to CRYPT_E_NOT_IN_REVOCATION_DATABASE. NULL
// will also be returned if unable to allocate memory or create system
// objects.
//
// This API will try to retrieve an initial OCSP response before returning.
// This API will block during the retrieval. If unable to successfully
// retrieve the first OCSP response, a non-NULL handle will still be returned
// if not one of the error cases mentioned above.
//
// A background thread is created that will pre-fetch time valid
// OCSP responses.
//
// The input chain context will be AddRef'ed and not freed until
// the returned handle is closed.
//
// CertCloseServerOcspResponse() must be called to close the returned
// handle.
//
// dwFlags and pvReserved aren't currently used and must be set to 0
// and NULL.
//--------------------------------------------------------------------------
WINCRYPT32API
HCERT_SERVER_OCSP_RESPONSE
WINAPI
CertOpenServerOcspResponse(
__in PCCERT_CHAIN_CONTEXT pChainContext,
__in DWORD dwFlags,
__reserved LPVOID pvReserved
);
//+-------------------------------------------------------------------------
// AddRef a HCERT_SERVER_OCSP_RESPONSE returned by
// CertOpenServerOcspResponse(). Each Open and AddRef requires a
// corresponding CertCloseServerOcspResponse().
//--------------------------------------------------------------------------
WINCRYPT32API
VOID
WINAPI
CertAddRefServerOcspResponse(
__in_opt HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse
);
//+-------------------------------------------------------------------------
// Close the handle returned by CertOpenServerOcspResponse() or AddRef'ed
// by CertAddRefServerOcspResponse().
//
// dwFlags isn't currently used and must be set to 0.
//--------------------------------------------------------------------------
WINCRYPT32API
VOID
WINAPI
CertCloseServerOcspResponse(
__in_opt HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse,
__in DWORD dwFlags
);
//+-------------------------------------------------------------------------
// Server OCSP response context.
//--------------------------------------------------------------------------
typedef struct _CERT_SERVER_OCSP_RESPONSE_CONTEXT
CERT_SERVER_OCSP_RESPONSE_CONTEXT,
*PCERT_SERVER_OCSP_RESPONSE_CONTEXT;
typedef const CERT_SERVER_OCSP_RESPONSE_CONTEXT
*PCCERT_SERVER_OCSP_RESPONSE_CONTEXT;
struct _CERT_SERVER_OCSP_RESPONSE_CONTEXT {
DWORD cbSize;
BYTE *pbEncodedOcspResponse;
DWORD cbEncodedOcspResponse;
};
//+-------------------------------------------------------------------------
// Get a time valid OCSP response context for the handle created for
// the server certificate chain.
//
// This API won't block to retrieve the OCSP response. It will return
// the current pre-fetched OCSP response. If a time valid OCSP response
// isn't available, NULL will be returned with LAST_ERROR set to
// CRYPT_E_REVOCATION_OFFLINE.
//
// CertFreeServerOcspResponseContext() must be called to free the
// returned OCSP response context.
//--------------------------------------------------------------------------
WINCRYPT32API
PCCERT_SERVER_OCSP_RESPONSE_CONTEXT
WINAPI
CertGetServerOcspResponseContext(
__in HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse,
__in DWORD dwFlags,
__reserved LPVOID pvReserved
);
//+-------------------------------------------------------------------------
// AddRef a PCCERT_SERVER_OCSP_RESPONSE_CONTEXT returned by
// CertGetServerOcspResponseContext(). Each Get and AddRef requires a
// corresponding CertFreeServerOcspResponseContext().
//--------------------------------------------------------------------------
WINCRYPT32API
VOID
WINAPI
CertAddRefServerOcspResponseContext(
__in_opt PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext
);
//+-------------------------------------------------------------------------
// Free the OCSP response context returned by
// CertGetServerOcspResponseContext().
//--------------------------------------------------------------------------
WINCRYPT32API
VOID
WINAPI
CertFreeServerOcspResponseContext(
__in_opt PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext
);
//+-------------------------------------------------------------------------
// Helper function to do URL retrieval of logo or biometric information
// specified in either the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT
// certificate extension.
//
// Only the first hashed URL matching lpszLogoOrBiometricType is used
// to do the URL retrieval. Only direct logotypes are supported.
// The bytes at the first URL are retrieved via
// CryptRetrieveObjectByUrlW and hashed. The computed hash is compared
// against the hash in the certificate. For success, ppbData, pcbData
// and optionally ppwszMimeType are updated with
// CryptMemAlloc'ed memory which must be freed by calling CryptMemFree().
// For failure, *ppbData, *pcbData and optionally *ppwszMimeType are
// zero'ed.
//
// For failure, the following errors may be set in LastError:
// E_INVALIDARG - invalid lpszLogoOrBiometricType, not one of the
// acceptable predefined types.
// CRYPT_E_NOT_FOUND - certificate doesn't have the
// szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT extension or a matching
// lpszLogoOrBiometricType wasn't found with a non-empty
// hashed URL.
// ERROR_NOT_SUPPORTED - matched the unsupported indirect logotype
// NTE_BAD_ALGID - unknown hash algorithm OID
// ERROR_INVALID_DATA - no bytes were retrieved at the specified URL
// in the certificate extension
// CRYPT_E_HASH_VALUE - the computed hash doesn't match the hash
// in the certificate
// CertRetrieveLogoOrBiometricInfo calls the following functions which
// will set LastError for failure:
// CryptDecodeObjectEx(szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT)
// CryptRetrieveObjectByUrlW
// CryptHashCertificate
// CryptMemAlloc
//
// lpszLogoOrBiometricType is one of the predefined logotype or biometric
// types, an other logotype OID or a biometric OID.
//
// dwRetrievalFlags - see CryptRetrieveObjectByUrlW
// dwTimeout - see CryptRetrieveObjectByUrlW
//
// dwFlags - reserved, must be set to 0
// pvReserved - reserved, must be set to NULL
//
// *ppwszMimeType is always NULL for the biometric types. For success,
// the caller must always check if non-NULL before dereferencing.
//--------------------------------------------------------------------------
WINCRYPT32API
__success(return == TRUE)
BOOL
WINAPI
CertRetrieveLogoOrBiometricInfo(
__in PCCERT_CONTEXT pCertContext,
__in LPCSTR lpszLogoOrBiometricType,
__in DWORD dwRetrievalFlags,
__in DWORD dwTimeout, // milliseconds
__in DWORD dwFlags,
__reserved void *pvReserved,
__deref_out_bcount_opt(*pcbData) BYTE **ppbData, // CryptMemFree()
__out DWORD *pcbData,
__deref_opt_out_opt LPWSTR *ppwszMimeType // CryptMemFree()
);
// Predefined Logotypes
#define CERT_RETRIEVE_ISSUER_LOGO ((LPCSTR) 1)
#define CERT_RETRIEVE_SUBJECT_LOGO ((LPCSTR) 2)
#define CERT_RETRIEVE_COMMUNITY_LOGO ((LPCSTR) 3)
// Predefined Biometric types
#define CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE ((LPCSTR) 1000)
#define CERT_RETRIEVE_BIOMETRIC_PICTURE_TYPE \
(CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_PICTURE_TYPE)
#define CERT_RETRIEVE_BIOMETRIC_SIGNATURE_TYPE \
(CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_SIGNATURE_TYP
E)
#endif //!defined(_DDK_DRIVER_)
#ifdef __cplusplus #ifdef __cplusplus
} // Balance extern "C" above } // Balance extern "C" above
#endif #endif
#if defined (_MSC_VER) #if defined (_MSC_VER)
#if ( _MSC_VER >= 800 ) #if ( _MSC_VER >= 800 )
#if _MSC_VER >= 1200 #if _MSC_VER >= 1200
#pragma warning(pop) #pragma warning(pop)
 End of changes. 685 change blocks. 
1435 lines changed or deleted 4403 lines changed or added

This html diff was produced by rfcdiff 1.41.