Headers diff for crypt32.dll between 6.0.6002.18005-Windows 6.0 and 6.1.7601.18839-Windows 7.0 versions



 mssip.h (6.0.6002.18005-Windows 6.0)   mssip.h (6.1.7601.18839-Windows 7.0) 
skipping to change at line 398 skipping to change at line 398
IN DWORD dwFlags, // R eserved - MUST BE ZERO IN DWORD dwFlags, // R eserved - MUST BE ZERO
IN OUT SIP_DISPATCH_INFO *pSipDispatch); // T able of functions IN OUT SIP_DISPATCH_INFO *pSipDispatch); // T able of functions
////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////
// //
// CryptSIPRetrieveSubjectGuid (defined in crypt32.dll) // CryptSIPRetrieveSubjectGuid (defined in crypt32.dll)
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------
// looks at the file's "Magic Number" and tries to determine which // looks at the file's "Magic Number" and tries to determine which
// SIP's object ID is right for the file type. // SIP's object ID is right for the file type.
// //
// NOTE: This function only supports the MSSIP32.DLL set of SIPs.
//
// Returns: // Returns:
// TRUE: No fatal errors // TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError() // FALSE: Errors occured. See GetLastError()
// //
extern BOOL WINAPI CryptSIPRetrieveSubjectGuid(IN LPCWSTR FileName, // wide fi le name extern BOOL WINAPI CryptSIPRetrieveSubjectGuid(IN LPCWSTR FileName, // wide fi le name
IN OPTIONAL HANDLE hFileIn, / / or handle of open file IN OPTIONAL HANDLE hFileIn, / / or handle of open file
OUT GUID *pgSubject); / / defined SIP's GUID OUT GUID *pgSubject); / / defined SIP's GUID
///////////////////////////////// ///////////////////////////////////////////// ///////////////////////////////// /////////////////////////////////////////////
// //
 End of changes. 1 change blocks. 
2 lines changed or deleted 0 lines changed or added


 wincrypt.h (6.0.6002.18005-Windows 6.0)   wincrypt.h (6.1.7601.18839-Windows 7.0) 
skipping to change at line 210 skipping to change at line 210
#define ALG_SID_SHA1 4 #define ALG_SID_SHA1 4
#define ALG_SID_MAC 5 #define ALG_SID_MAC 5
#define ALG_SID_RIPEMD 6 #define ALG_SID_RIPEMD 6
#define ALG_SID_RIPEMD160 7 #define ALG_SID_RIPEMD160 7
#define ALG_SID_SSL3SHAMD5 8 #define ALG_SID_SSL3SHAMD5 8
#define ALG_SID_HMAC 9 #define ALG_SID_HMAC 9
#define ALG_SID_TLS1PRF 10 #define ALG_SID_TLS1PRF 10
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
#define ALG_SID_HASH_REPLACE_OWF 11 #define ALG_SID_HASH_REPLACE_OWF 11
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION >= NTDDI_WS03) #if (NTDDI_VERSION > NTDDI_WINXPSP2)
#define ALG_SID_SHA_256 12 #define ALG_SID_SHA_256 12
#define ALG_SID_SHA_384 13 #define ALG_SID_SHA_384 13
#define ALG_SID_SHA_512 14 #define ALG_SID_SHA_512 14
#endif //(NTDDI_VERSION >= NTDDI_WS03) #endif //(NTDDI_VERSION > NTDDI_WINXPSP2)
// secure channel sub ids // secure channel sub ids
#define ALG_SID_SSL3_MASTER 1 #define ALG_SID_SSL3_MASTER 1
#define ALG_SID_SCHANNEL_MASTER_HASH 2 #define ALG_SID_SCHANNEL_MASTER_HASH 2
#define ALG_SID_SCHANNEL_MAC_KEY 3 #define ALG_SID_SCHANNEL_MAC_KEY 3
#define ALG_SID_PCT1_MASTER 4 #define ALG_SID_PCT1_MASTER 4
#define ALG_SID_SSL2_MASTER 5 #define ALG_SID_SSL2_MASTER 5
#define ALG_SID_TLS1_MASTER 6 #define ALG_SID_TLS1_MASTER 6
#define ALG_SID_SCHANNEL_ENC_KEY 7 #define ALG_SID_SCHANNEL_ENC_KEY 7
skipping to change at line 286 skipping to change at line 286
#define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_R C5) #define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_R C5)
#define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC) #define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC)
#define CALG_TLS1PRF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF ) #define CALG_TLS1PRF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF )
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
#define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_RE PLACE_OWF) #define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_RE PLACE_OWF)
#define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_128) #define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_128)
#define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_192) #define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_192)
#define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_256) #define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_256)
#define CALG_AES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES) #define CALG_AES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES)
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION >= NTDDI_WS03) #if (NTDDI_VERSION > NTDDI_WINXPSP2)
#define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256 ) #define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256 )
#define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384 ) #define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384 )
#define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512 ) #define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512 )
#endif //(NTDDI_VERSION >= NTDDI_WS03) #endif //(NTDDI_VERSION > NTDDI_WINXPSP2)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINLH)
#define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_ ECDH) #define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_ ECDH)
#define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID _ECMQV) #define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID _ECMQV)
#define CALG_ECDSA (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_EC DSA) #define CALG_ECDSA (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_EC DSA)
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
// resource number for signatures in the CSP // resource number for signatures in the CSP
#define SIGNATURE_RESOURCE_NUMBER 0x29A #define SIGNATURE_RESOURCE_NUMBER 0x29A
skipping to change at line 468 skipping to change at line 468
#endif //(NTDDI_VERSION >= NTDDI_WS03) #endif //(NTDDI_VERSION >= NTDDI_WS03)
#define KP_OAEP_PARAMS 36 // for setting OAEP params on RSA keys #define KP_OAEP_PARAMS 36 // for setting OAEP params on RSA keys
#define KP_CMS_KEY_INFO 37 #define KP_CMS_KEY_INFO 37
#define KP_CMS_DH_KEY_INFO 38 #define KP_CMS_DH_KEY_INFO 38
#define KP_PUB_PARAMS 39 // for setting public parameters #define KP_PUB_PARAMS 39 // for setting public parameters
#define KP_VERIFY_PARAMS 40 // for verifying DSA and DH parameters #define KP_VERIFY_PARAMS 40 // for verifying DSA and DH parameters
#define KP_HIGHEST_VERSION 41 // for TLS protocol version setting #define KP_HIGHEST_VERSION 41 // for TLS protocol version setting
#if (NTDDI_VERSION >= NTDDI_WS03) #if (NTDDI_VERSION >= NTDDI_WS03)
#define KP_GET_USE_COUNT 42 // for use with PP_CRYPT_COUNT_KEY_USE c ontexts #define KP_GET_USE_COUNT 42 // for use with PP_CRYPT_COUNT_KEY_USE c ontexts
#endif //(NTDDI_VERSION >= NTDDI_WS03) #endif //(NTDDI_VERSION >= NTDDI_WS03)
#define KP_PIN_ID 43
#define KP_PIN_INFO 44
// KP_PADDING // KP_PADDING
#define PKCS5_PADDING 1 // PKCS 5 (sec 6.2) padding method #define PKCS5_PADDING 1 // PKCS 5 (sec 6.2) padding method
#define RANDOM_PADDING 2 #define RANDOM_PADDING 2
#define ZERO_PADDING 3 #define ZERO_PADDING 3
// KP_MODE // KP_MODE
#define CRYPT_MODE_CBC 1 // Cipher block chaining #define CRYPT_MODE_CBC 1 // Cipher block chaining
#define CRYPT_MODE_ECB 2 // Electronic code book #define CRYPT_MODE_ECB 2 // Electronic code book
#define CRYPT_MODE_OFB 3 // Output feedback mode #define CRYPT_MODE_OFB 3 // Output feedback mode
skipping to change at line 588 skipping to change at line 590
// CryptSetProvParam // CryptSetProvParam
// //
#define PP_CLIENT_HWND 1 #define PP_CLIENT_HWND 1
#define PP_CONTEXT_INFO 11 #define PP_CONTEXT_INFO 11
#define PP_KEYEXCHANGE_KEYSIZE 12 #define PP_KEYEXCHANGE_KEYSIZE 12
#define PP_SIGNATURE_KEYSIZE 13 #define PP_SIGNATURE_KEYSIZE 13
#define PP_KEYEXCHANGE_ALG 14 #define PP_KEYEXCHANGE_ALG 14
#define PP_SIGNATURE_ALG 15 #define PP_SIGNATURE_ALG 15
#define PP_DELETEKEY 24 #define PP_DELETEKEY 24
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINLH)
#define PP_PIN_PROMPT_STRING 44 #define PP_PIN_PROMPT_STRING 44
#define PP_SECURE_KEYEXCHANGE_PIN 47
#define PP_SECURE_SIGNATURE_PIN 48
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINLH)
// certenrolld_begin -- PROV_RSA_* // certenrolld_begin -- PROV_RSA_*
#define PROV_RSA_FULL 1 #define PROV_RSA_FULL 1
#define PROV_RSA_SIG 2 #define PROV_RSA_SIG 2
#define PROV_DSS 3 #define PROV_DSS 3
#define PROV_FORTEZZA 4 #define PROV_FORTEZZA 4
#define PROV_MS_EXCHANGE 5 #define PROV_MS_EXCHANGE 5
#define PROV_SSL 6 #define PROV_SSL 6
#define PROV_RSA_SCHANNEL 12 #define PROV_RSA_SCHANNEL 12
skipping to change at line 708 skipping to change at line 712
#endif #endif
#define MS_SCARD_PROV_A "Microsoft Base Smart Card Crypto Provider" #define MS_SCARD_PROV_A "Microsoft Base Smart Card Crypto Provider"
#define MS_SCARD_PROV_W L"Microsoft Base Smart Card Crypto Provider" #define MS_SCARD_PROV_W L"Microsoft Base Smart Card Crypto Provider"
#ifdef UNICODE #ifdef UNICODE
#define MS_SCARD_PROV MS_SCARD_PROV_W #define MS_SCARD_PROV MS_SCARD_PROV_W
#else #else
#define MS_SCARD_PROV MS_SCARD_PROV_A #define MS_SCARD_PROV MS_SCARD_PROV_A
#endif #endif
#if (NTDDI_VERSION >= NTDDI_WS03) #if (NTDDI_VERSION >= NTDDI_WINXP)
#define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Pr ovider" #define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Pr ovider"
#define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic P rovider" #define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic P rovider"
#elif (NTDDI_VERSION == NTDDI_WINXP) #define MS_ENH_RSA_AES_PROV_XP_A "Microsoft Enhanced RSA and AES Cryptographic P
#define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Pr rovider (Prototype)"
ovider (Prototype)" #define MS_ENH_RSA_AES_PROV_XP_W L"Microsoft Enhanced RSA and AES Cryptographic
#define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic P Provider (Prototype)"
rovider (Prototype)"
#endif //(NTDDI_VERSION >= NTDDI_WS03)
#if (NTDDI_VERSION >= NTDDI_WINXP)
#ifdef UNICODE #ifdef UNICODE
#define MS_ENH_RSA_AES_PROV_XP MS_ENH_RSA_AES_PROV_XP_W
#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_W #define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_W
#else #else
#define MS_ENH_RSA_AES_PROV_XP MS_ENH_RSA_AES_PROV_XP_A
#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_A #define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_A
#endif #endif
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
#define MAXUIDLEN 64 #define MAXUIDLEN 64
// Exponentiation Offload Reg Location // Exponentiation Offload Reg Location
#define EXPO_OFFLOAD_REG_VALUE "ExpoOffload" #define EXPO_OFFLOAD_REG_VALUE "ExpoOffload"
#define EXPO_OFFLOAD_FUNC_NAME "OffloadModExpo" #define EXPO_OFFLOAD_FUNC_NAME "OffloadModExpo"
skipping to change at line 974 skipping to change at line 977
unsigned char EncryptionState[15][16]; // 14 rounds + 1 unsigned char EncryptionState[15][16]; // 14 rounds + 1
unsigned char DecryptionState[15][16]; unsigned char DecryptionState[15][16];
unsigned char Feedback[16]; unsigned char Feedback[16];
} CRYPT_AES_256_KEY_STATE, *PCRYPT_AES_256_KEY_STATE; } CRYPT_AES_256_KEY_STATE, *PCRYPT_AES_256_KEY_STATE;
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINLH)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRYPTOAPI BLOB definitions // CRYPTOAPI BLOB definitions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- *_BLOB // certenrolls_begin -- *_BLOB
#ifndef CRYPTO_BLOBS_DEFINED
#define CRYPTO_BLOBS_DEFINED
typedef struct _CRYPTOAPI_BLOB { typedef struct _CRYPTOAPI_BLOB {
DWORD cbData; DWORD cbData;
__field_bcount(cbData) BYTE *pbData; __field_bcount(cbData) BYTE *pbData;
} CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB, } CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB,
CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB, CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB,
CRYPT_OBJID_BLOB, *PCRYPT_OBJID_BLOB, CRYPT_OBJID_BLOB, *PCRYPT_OBJID_BLOB,
CERT_NAME_BLOB, *PCERT_NAME_BLOB, CERT_NAME_BLOB, *PCERT_NAME_BLOB,
CERT_RDN_VALUE_BLOB, *PCERT_RDN_VALUE_BLOB, CERT_RDN_VALUE_BLOB, *PCERT_RDN_VALUE_BLOB,
CERT_BLOB, *PCERT_BLOB, CERT_BLOB, *PCERT_BLOB,
CRL_BLOB, *PCRL_BLOB, CRL_BLOB, *PCRL_BLOB,
DATA_BLOB, *PDATA_BLOB, DATA_BLOB, *PDATA_BLOB,
CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB, CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB,
CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB, CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB,
CRYPT_DIGEST_BLOB, *PCRYPT_DIGEST_BLOB, CRYPT_DIGEST_BLOB, *PCRYPT_DIGEST_BLOB,
CRYPT_DER_BLOB, *PCRYPT_DER_BLOB, CRYPT_DER_BLOB, *PCRYPT_DER_BLOB,
CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB; CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB;
#endif
// certenrolls_end // certenrolls_end
// structure for use with CryptSetKeyParam for CMS keys // structure for use with CryptSetKeyParam for CMS keys
typedef struct _CMS_DH_KEY_INFO { typedef struct _CMS_DH_KEY_INFO {
DWORD dwVersion; // sizeof(CMS_DH_KEY_INF O) DWORD dwVersion; // sizeof(CMS_DH_KEY_INF O)
ALG_ID Algid; // algorithmm id for the key to be converted ALG_ID Algid; // algorithmm id for the key to be converted
LPSTR pszContentEncObjId; // pointer to OID to hash in with Z LPSTR pszContentEncObjId; // pointer to OID to hash in with Z
CRYPT_DATA_BLOB PubInfo; // OPTIONAL - public information CRYPT_DATA_BLOB PubInfo; // OPTIONAL - public information
void *pReserved; // reserved - should be NULL void *pReserved; // reserved - should be NULL
} CMS_DH_KEY_INFO, *PCMS_DH_KEY_INFO; } CMS_DH_KEY_INFO, *PCMS_DH_KEY_INFO;
skipping to change at line 1159 skipping to change at line 1165
DWORD dwParam, DWORD dwParam,
BYTE *pbData, BYTE *pbData,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetKeyParam( CryptGetKeyParam(
__in HCRYPTKEY hKey, __in HCRYPTKEY hKey,
__in DWORD dwParam, __in DWORD dwParam,
__out_bcount_part(*pdwDataLen, *pdwDataLen) BYTE *pbData, __out_bcount_part_opt(*pdwDataLen, *pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen, __inout DWORD *pdwDataLen,
__in DWORD dwFlags __in DWORD dwFlags
); );
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetHashParam( CryptSetHashParam(
__in HCRYPTHASH hHash, __in HCRYPTHASH hHash,
__in DWORD dwParam, __in DWORD dwParam,
__in CONST BYTE *pbData, __in CONST BYTE *pbData,
skipping to change at line 1196 skipping to change at line 1202
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetHashParam( CryptGetHashParam(
__in HCRYPTHASH hHash, __in HCRYPTHASH hHash,
__in DWORD dwParam, __in DWORD dwParam,
__out_bcount_part(*pdwDataLen, *pdwDataLen) BYTE *pbData, __out_bcount_part_opt(*pdwDataLen, *pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen, __inout DWORD *pdwDataLen,
__in DWORD dwFlags __in DWORD dwFlags
); );
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProvParam( CryptSetProvParam(
__in HCRYPTPROV hProv, __in HCRYPTPROV hProv,
skipping to change at line 1279 skipping to change at line 1285
CryptImportKey( CryptImportKey(
__in HCRYPTPROV hProv, __in HCRYPTPROV hProv,
__in_bcount(dwDataLen) CONST BYTE *pbData, __in_bcount(dwDataLen) CONST BYTE *pbData,
__in DWORD dwDataLen, __in DWORD dwDataLen,
__in HCRYPTKEY hPubKey, __in HCRYPTKEY hPubKey,
__in DWORD dwFlags, __in DWORD dwFlags,
__out HCRYPTKEY *phKey __out HCRYPTKEY *phKey
); );
WINADVAPI WINADVAPI
__success(0 < return) BOOL __success(0 != return) BOOL
WINAPI WINAPI
CryptEncrypt( CryptEncrypt(
__in HCRYPTKEY hKey, __in HCRYPTKEY hKey,
__in HCRYPTHASH hHash, __in HCRYPTHASH hHash,
__in BOOL Final, __in BOOL Final,
__in DWORD dwFlags, __in DWORD dwFlags,
__inout_bcount_part(dwBufLen, *pdwDataLen) BYTE *pbData, __inout_bcount_part_opt(dwBufLen, *pdwDataLen) BYTE *pbData,
__out DWORD *pdwDataLen, __inout DWORD *pdwDataLen,
__in DWORD dwBufLen __in DWORD dwBufLen
); );
WINADVAPI WINADVAPI
BOOL __success(0 != return) BOOL
WINAPI WINAPI
CryptDecrypt( CryptDecrypt(
__in HCRYPTKEY hKey, __in HCRYPTKEY hKey,
__in HCRYPTHASH hHash, __in HCRYPTHASH hHash,
__in BOOL Final, __in BOOL Final,
__in DWORD dwFlags, __in DWORD dwFlags,
__inout_bcount_part(*pdwDataLen, *pdwDataLen) BYTE *pbData, __inout_bcount_part(*pdwDataLen, *pdwDataLen) BYTE *pbData,
__deref_inout DWORD *pdwDataLen __inout DWORD *pdwDataLen
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptCreateHash( CryptCreateHash(
__in HCRYPTPROV hProv, __in HCRYPTPROV hProv,
__in ALG_ID Algid, __in ALG_ID Algid,
__in HCRYPTKEY hKey, __in HCRYPTKEY hKey,
__in DWORD dwFlags, __in DWORD dwFlags,
skipping to change at line 1347 skipping to change at line 1353
__in HCRYPTHASH hHash __in HCRYPTHASH hHash
); );
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSignHashA( CryptSignHashA(
__in HCRYPTHASH hHash, __in HCRYPTHASH hHash,
__in DWORD dwKeySpec, __in DWORD dwKeySpec,
__in LPCSTR szDescription, __in_opt LPCSTR szDescription,
__in DWORD dwFlags, __in DWORD dwFlags,
__out_bcount_part_opt(*pdwSigLen, *pdwSigLen) BYTE *pbSignature, __out_bcount_part_opt(*pdwSigLen, *pdwSigLen) BYTE *pbSignature,
__inout DWORD *pdwSigLen __inout DWORD *pdwSigLen
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSignHashW( CryptSignHashW(
__in HCRYPTHASH hHash, __in HCRYPTHASH hHash,
__in DWORD dwKeySpec, __in DWORD dwKeySpec,
__in LPCWSTR szDescription, __in_opt LPCWSTR szDescription,
__in DWORD dwFlags, __in DWORD dwFlags,
__out_bcount_part_opt(*pdwSigLen, *pdwSigLen) BYTE *pbSignature, __out_bcount_part_opt(*pdwSigLen, *pdwSigLen) BYTE *pbSignature,
__inout DWORD *pdwSigLen __inout DWORD *pdwSigLen
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptSignHash CryptSignHashW #define CryptSignHash CryptSignHashW
#else #else
#define CryptSignHash CryptSignHashA #define CryptSignHash CryptSignHashA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINLH)
skipping to change at line 1437 skipping to change at line 1443
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptVerifySignatureA( CryptVerifySignatureA(
__in HCRYPTHASH hHash, __in HCRYPTHASH hHash,
__in_bcount(dwSigLen) CONST BYTE *pbSignature, __in_bcount(dwSigLen) CONST BYTE *pbSignature,
__in DWORD dwSigLen, __in DWORD dwSigLen,
__in HCRYPTKEY hPubKey, __in HCRYPTKEY hPubKey,
__in LPCSTR szDescription, __in_opt LPCSTR szDescription,
__in DWORD dwFlags __in DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptVerifySignatureW( CryptVerifySignatureW(
__in HCRYPTHASH hHash, __in HCRYPTHASH hHash,
__in_bcount(dwSigLen) CONST BYTE *pbSignature, __in_bcount(dwSigLen) CONST BYTE *pbSignature,
__in DWORD dwSigLen, __in DWORD dwSigLen,
__in HCRYPTKEY hPubKey, __in HCRYPTKEY hPubKey,
__in LPCWSTR szDescription, __in_opt LPCWSTR szDescription,
__in DWORD dwFlags __in DWORD dwFlags
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptVerifySignature CryptVerifySignatureW #define CryptVerifySignature CryptVerifySignatureW
#else #else
#define CryptVerifySignature CryptVerifySignatureA #define CryptVerifySignature CryptVerifySignatureA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
skipping to change at line 1614 skipping to change at line 1620
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptSetProviderEx CryptSetProviderExW #define CryptSetProviderEx CryptSetProviderExW
#else #else
#define CryptSetProviderEx CryptSetProviderExA #define CryptSetProviderEx CryptSetProviderExA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL __success(0 != return) BOOL
WINAPI WINAPI
CryptGetDefaultProviderA( CryptGetDefaultProviderA(
__in DWORD dwProvType, __in DWORD dwProvType,
__reserved DWORD *pdwReserved, __reserved DWORD *pdwReserved,
__in DWORD dwFlags, __in DWORD dwFlags,
__out_bcount_part(*pcbProvName, *pcbProvName) LPSTR pszProvName, __out_bcount_part_opt(*pcbProvName, *pcbProvName) LPSTR pszProvName,
__out DWORD *pcbProvName __inout DWORD *pcbProvName
); );
WINADVAPI WINADVAPI
BOOL __success(0 != return) BOOL
WINAPI WINAPI
CryptGetDefaultProviderW( CryptGetDefaultProviderW(
__in DWORD dwProvType, __in DWORD dwProvType,
__reserved DWORD *pdwReserved, __reserved DWORD *pdwReserved,
__in DWORD dwFlags, __in DWORD dwFlags,
__out_bcount_part(*pcbProvName, *pcbProvName) LPWSTR pszProvName, __out_bcount_part_opt(*pcbProvName, *pcbProvName) LPWSTR pszProvName,
__out DWORD *pcbProvName __inout DWORD *pcbProvName
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptGetDefaultProvider CryptGetDefaultProviderW #define CryptGetDefaultProvider CryptGetDefaultProviderW
#else #else
#define CryptGetDefaultProvider CryptGetDefaultProviderA #define CryptGetDefaultProvider CryptGetDefaultProviderA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
skipping to change at line 1670 skipping to change at line 1676
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptGetDefaultProvider CryptGetDefaultProviderW #define CryptGetDefaultProvider CryptGetDefaultProviderW
#else #else
#define CryptGetDefaultProvider CryptGetDefaultProviderA #define CryptGetDefaultProvider CryptGetDefaultProviderA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL __success(0 != return) BOOL
WINAPI WINAPI
CryptEnumProviderTypesA( CryptEnumProviderTypesA(
__in DWORD dwIndex, __in DWORD dwIndex,
__reserved DWORD *pdwReserved, __reserved DWORD *pdwReserved,
__in DWORD dwFlags, __in DWORD dwFlags,
__out DWORD *pdwProvType, __out DWORD *pdwProvType,
__out_bcount_part(*pcbTypeName, *pcbTypeName) LPSTR szTypeName, __out_bcount_part_opt(*pcbTypeName, *pcbTypeName) LPSTR szTypeName,
__out DWORD *pcbTypeName __inout DWORD *pcbTypeName
); );
WINADVAPI WINADVAPI
BOOL __success(0 != return) BOOL
WINAPI WINAPI
CryptEnumProviderTypesW( CryptEnumProviderTypesW(
__in DWORD dwIndex, __in DWORD dwIndex,
__reserved DWORD *pdwReserved, __reserved DWORD *pdwReserved,
__in DWORD dwFlags, __in DWORD dwFlags,
__out DWORD *pdwProvType, __out DWORD *pdwProvType,
__out_bcount_part(*pcbTypeName, *pcbTypeName) LPWSTR szTypeName, __out_bcount_part_opt(*pcbTypeName, *pcbTypeName) LPWSTR szTypeName,
__out DWORD *pcbTypeName __inout DWORD *pcbTypeName
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptEnumProviderTypes CryptEnumProviderTypesW #define CryptEnumProviderTypes CryptEnumProviderTypesW
#else #else
#define CryptEnumProviderTypes CryptEnumProviderTypesA #define CryptEnumProviderTypes CryptEnumProviderTypesA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
WINADVAPI WINADVAPI
skipping to change at line 1758 skipping to change at line 1764
#if (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION < NTDDI_WINLH)
#ifdef UNICODE #ifdef UNICODE
#define CryptEnumProviderTypes CryptEnumProviderTypesW #define CryptEnumProviderTypes CryptEnumProviderTypesW
#else #else
#define CryptEnumProviderTypes CryptEnumProviderTypesA #define CryptEnumProviderTypes CryptEnumProviderTypesA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINLH)
WINADVAPI WINADVAPI
BOOL __success(0 != return) BOOL
WINAPI WINAPI
CryptEnumProvidersA( CryptEnumProvidersA(
__in DWORD dwIndex, __in DWORD dwIndex,
__reserved DWORD *pdwReserved, __reserved DWORD *pdwReserved,
__in DWORD dwFlags, __in DWORD dwFlags,
__out DWORD *pdwProvType, __out DWORD *pdwProvType,
__out_ecount_part_opt(*pcbProvName, *pcbProvName+1) LPSTR szProvName, __out_bcount_part_opt(*pcbProvName, *pcbProvName) LPSTR szProvName,
__inout DWORD *pcbProvName __inout DWORD *pcbProvName
); );
WINADVAPI WINADVAPI
BOOL __success(0 != return) BOOL
WINAPI WINAPI
CryptEnumProvidersW( CryptEnumProvidersW(
__in DWORD dwIndex, __in DWORD dwIndex,
__reserved DWORD *pdwReserved, __reserved DWORD *pdwReserved,
__in DWORD dwFlags, __in DWORD dwFlags,
__out DWORD *pdwProvType, __out DWORD *pdwProvType,
__out_ecount_part_opt(*pcbProvName, *pcbProvName+1) LPWSTR szProvName, __out_bcount_part_opt(*pcbProvName, *pcbProvName) LPWSTR szProvName,
__inout DWORD *pcbProvName __inout DWORD *pcbProvName
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptEnumProviders CryptEnumProvidersW #define CryptEnumProviders CryptEnumProvidersW
#else #else
#define CryptEnumProviders CryptEnumProvidersA #define CryptEnumProviders CryptEnumProvidersA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINLH)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH)
skipping to change at line 1888 skipping to change at line 1894
// encryption provider. // encryption provider.
// //
BOOL BOOL
__cdecl __cdecl
GetEncSChannel( GetEncSChannel(
BYTE **pData, BYTE **pData,
DWORD *dwDecSize DWORD *dwDecSize
); );
#endif //(NTDDI_VERSION >= NTDDI_WS03) #endif //(NTDDI_VERSION >= NTDDI_WS03)
#if (NTDDI_VERSION == NTDDI_WINXP)
typedef struct {
DWORD dwVersion;
ALG_ID algId;
DWORD dwMinKeyLength;
DWORD dwMaxKeyLength;
DWORD dwRequiredFlags;
DWORD dwDisallowedFlags;
} _CRYPT_KEY_LIMITS_V01;
typedef _CRYPT_KEY_LIMITS_V01 CRYPT_KEY_LIMITS, *PCRYPT_KEY_LIMITS;
// Request Flag definitions
#define CRYPTLIMIT_USING_PCT 0x0001
#define CRYPTLIMIT_USING_SGC 0x0002
WINADVAPI
BOOL
WINAPI
CryptGetLocalKeyLimits(
IN ALG_ID algId,
IN DWORD dwFlags,
OUT PCRYPT_KEY_LIMITS pLimits,
IN OUT LPDWORD cbLimitLength);
#endif //(NTDDI_VERSION = NTDDI_WINXP)
#if !defined(_DDK_DRIVER_) #if !defined(_DDK_DRIVER_)
// In Longhorn, the following APIs were updated to support the new // In Vista, the following APIs were updated to support the new
// CNG (Cryptography Next Generation) BCrypt* and NCrypt* APIs in addition // CNG (Cryptography Next Generation) BCrypt* and NCrypt* APIs in addition
// to the above CAPI1 APIs. // to the above CAPI1 APIs.
// Include the definitions for the CNG APIs // Include the definitions for the CNG APIs
#include <bcrypt.h> #include <bcrypt.h>
#include <ncrypt.h> #include <ncrypt.h>
// This type is used when the API can take either the CAPI1 HCRYPTPROV or // This type is used when the API can take either the CAPI1 HCRYPTPROV or
// the CNG NCRYPT_KEY_HANDLE. Where appropriate, the HCRYPTPROV will be // the CNG NCRYPT_KEY_HANDLE. Where appropriate, the HCRYPTPROV will be
// converted to a NCRYPT_KEY_HANDLE via the CNG NCryptTranslateHandle(). // converted to a NCRYPT_KEY_HANDLE via the CNG NCryptTranslateHandle().
skipping to change at line 2012 skipping to change at line 1993
#define szOID_RSA_messageDigest "1.2.840.113549.1.9.4" #define szOID_RSA_messageDigest "1.2.840.113549.1.9.4"
#define szOID_RSA_signingTime "1.2.840.113549.1.9.5" #define szOID_RSA_signingTime "1.2.840.113549.1.9.5"
#define szOID_RSA_counterSign "1.2.840.113549.1.9.6" #define szOID_RSA_counterSign "1.2.840.113549.1.9.6"
#define szOID_RSA_challengePwd "1.2.840.113549.1.9.7" #define szOID_RSA_challengePwd "1.2.840.113549.1.9.7"
#define szOID_RSA_unstructAddr "1.2.840.113549.1.9.8" #define szOID_RSA_unstructAddr "1.2.840.113549.1.9.8"
#define szOID_RSA_extCertAttrs "1.2.840.113549.1.9.9" #define szOID_RSA_extCertAttrs "1.2.840.113549.1.9.9"
#define szOID_RSA_certExtensions "1.2.840.113549.1.9.14" #define szOID_RSA_certExtensions "1.2.840.113549.1.9.14"
#define szOID_RSA_SMIMECapabilities "1.2.840.113549.1.9.15" #define szOID_RSA_SMIMECapabilities "1.2.840.113549.1.9.15"
#define szOID_RSA_preferSignedData "1.2.840.113549.1.9.15.1" #define szOID_RSA_preferSignedData "1.2.840.113549.1.9.15.1"
#define szOID_TIMESTAMP_TOKEN "1.2.840.113549.1.9.16.1.4"
#define szOID_RFC3161_counterSign "1.3.6.1.4.1.311.3.3.1"
#define szOID_RSA_SMIMEalg "1.2.840.113549.1.9.16.3" #define szOID_RSA_SMIMEalg "1.2.840.113549.1.9.16.3"
#define szOID_RSA_SMIMEalgESDH "1.2.840.113549.1.9.16.3.5" #define szOID_RSA_SMIMEalgESDH "1.2.840.113549.1.9.16.3.5"
#define szOID_RSA_SMIMEalgCMS3DESwrap "1.2.840.113549.1.9.16.3.6" #define szOID_RSA_SMIMEalgCMS3DESwrap "1.2.840.113549.1.9.16.3.6"
#define szOID_RSA_SMIMEalgCMSRC2wrap "1.2.840.113549.1.9.16.3.7" #define szOID_RSA_SMIMEalgCMSRC2wrap "1.2.840.113549.1.9.16.3.7"
#define szOID_RSA_MD2 "1.2.840.113549.2.2" #define szOID_RSA_MD2 "1.2.840.113549.2.2"
#define szOID_RSA_MD4 "1.2.840.113549.2.4" #define szOID_RSA_MD4 "1.2.840.113549.2.4"
#define szOID_RSA_MD5 "1.2.840.113549.2.5" #define szOID_RSA_MD5 "1.2.840.113549.2.5"
#define szOID_RSA_RC2CBC "1.2.840.113549.3.2" #define szOID_RSA_RC2CBC "1.2.840.113549.3.2"
skipping to change at line 2082 skipping to change at line 2066
// NIST AES WRAP Algorithms // NIST AES WRAP Algorithms
#define szOID_NIST_AES128_WRAP "2.16.840.1.101.3.4.1.5" #define szOID_NIST_AES128_WRAP "2.16.840.1.101.3.4.1.5"
#define szOID_NIST_AES192_WRAP "2.16.840.1.101.3.4.1.25" #define szOID_NIST_AES192_WRAP "2.16.840.1.101.3.4.1.25"
#define szOID_NIST_AES256_WRAP "2.16.840.1.101.3.4.1.45" #define szOID_NIST_AES256_WRAP "2.16.840.1.101.3.4.1.45"
// x9-63-scheme OBJECT IDENTIFIER ::= { iso(1) // x9-63-scheme OBJECT IDENTIFIER ::= { iso(1)
// identified-organization(3) tc68(133) country(16) x9(840) // identified-organization(3) tc68(133) country(16) x9(840)
// x9-63(63) schemes(0) } // x9-63(63) schemes(0) }
// ECDH single pass ephemeral-static KeyAgreement KeyEncryptionAlgorithm // ECDH single pass ephemeral-static KeyAgreement KeyEncryptionAlgorithm
#define szOID_DH_SINGLE_PASS_STDDH_SHA1_KDF "1.3.133.16.840.63.0.2" #define szOID_DH_SINGLE_PASS_STDDH_SHA1_KDF "1.3.133.16.840.63.0.2"
#define szOID_DH_SINGLE_PASS_STDDH_SHA256_KDF "1.3.132.1.11.1"
#define szOID_DH_SINGLE_PASS_STDDH_SHA384_KDF "1.3.132.1.11.2"
// For the above KeyEncryptionAlgorithm the following wrap algorithms are // For the above KeyEncryptionAlgorithm the following wrap algorithms are
// supported: // supported:
// szOID_RSA_SMIMEalgCMS3DESwrap // szOID_RSA_SMIMEalgCMS3DESwrap
// szOID_RSA_SMIMEalgCMSRC2wrap // szOID_RSA_SMIMEalgCMSRC2wrap
// szOID_NIST_AES128_WRAP // szOID_NIST_AES128_WRAP
// szOID_NIST_AES192_WRAP // szOID_NIST_AES192_WRAP
// szOID_NIST_AES256_WRAP // szOID_NIST_AES256_WRAP
// ITU-T UsefulDefinitions // ITU-T UsefulDefinitions
skipping to change at line 2196 skipping to change at line 2182
// Type used for an extension to an encoded content // Type used for an extension to an encoded content
// //
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation. // Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT // certenrolls_begin -- CERT_CONTEXT
typedef struct _CERT_EXTENSION { typedef struct _CERT_EXTENSION {
LPSTR pszObjId; LPSTR pszObjId;
BOOL fCritical; BOOL fCritical;
CRYPT_OBJID_BLOB Value; CRYPT_OBJID_BLOB Value;
} CERT_EXTENSION, *PCERT_EXTENSION; } CERT_EXTENSION, *PCERT_EXTENSION;
typedef const CERT_EXTENSION* PCCERT_EXTENSION;
// certenrolls_end // certenrolls_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// AttributeTypeValue // AttributeTypeValue
// //
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation. // Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CRYPT_ATTRIBUTE_TYPE_VALUE // certenrolls_begin -- CRYPT_ATTRIBUTE_TYPE_VALUE
typedef struct _CRYPT_ATTRIBUTE_TYPE_VALUE { typedef struct _CRYPT_ATTRIBUTE_TYPE_VALUE {
LPSTR pszObjId; LPSTR pszObjId;
skipping to change at line 2330 skipping to change at line 2317
#define szOID_LOCAL_MACHINE_KEYSET "1.3.6.1.4.1.311.17.2" #define szOID_LOCAL_MACHINE_KEYSET "1.3.6.1.4.1.311.17.2"
#define szOID_PKCS_12_EXTENDED_ATTRIBUTES "1.3.6.1.4.1.311.17.3" #define szOID_PKCS_12_EXTENDED_ATTRIBUTES "1.3.6.1.4.1.311.17.3"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Microsoft CERT_RDN attribute Object Identifiers // Microsoft CERT_RDN attribute Object Identifiers
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Special RDN containing the KEY_ID. Its value type is CERT_RDN_OCTET_STRING. // Special RDN containing the KEY_ID. Its value type is CERT_RDN_OCTET_STRING.
#define szOID_KEYID_RDN "1.3.6.1.4.1.311.10.7.1" #define szOID_KEYID_RDN "1.3.6.1.4.1.311.10.7.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// EV RDN OIDs
//--------------------------------------------------------------------------
#define szOID_EV_RDN_LOCALE "1.3.6.1.4.1.311.60.2.1.1"
#define szOID_EV_RDN_STATE_OR_PROVINCE "1.3.6.1.4.1.311.60.2.1.2"
#define szOID_EV_RDN_COUNTRY "1.3.6.1.4.1.311.60.2.1.3"
//+-------------------------------------------------------------------------
// CERT_RDN Attribute Value Types // CERT_RDN Attribute Value Types
// //
// For RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded // For RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded
// representation. Otherwise, its an array of bytes. // representation. Otherwise, its an array of bytes.
// //
// For all CERT_RDN types, Value.cbData is always the number of bytes, not // For all CERT_RDN types, Value.cbData is always the number of bytes, not
// necessarily the number of elements in the string. For instance, // necessarily the number of elements in the string. For instance,
// RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and // RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and
// RDN_BMP_STRING is an array of unsigned shorts (cbData == ushortCnt * 2). // RDN_BMP_STRING is an array of unsigned shorts (cbData == ushortCnt * 2).
// //
skipping to change at line 2394 skipping to change at line 2388
// For encoding: when set, the characters aren't checked to see if they // For encoding: when set, the characters aren't checked to see if they
// are valid for the Value Type. // are valid for the Value Type.
#define CERT_RDN_DISABLE_CHECK_TYPE_FLAG 0x40000000 #define CERT_RDN_DISABLE_CHECK_TYPE_FLAG 0x40000000
// For decoding: by default, CERT_RDN_T61_STRING values are initially decoded // For decoding: by default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters. // as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Setting this flag skips the initial attempt to decode as UTF8. // Setting this flag skips the initial attempt to decode as UTF8.
#define CERT_RDN_DISABLE_IE4_UTF8_FLAG 0x01000000 #define CERT_RDN_DISABLE_IE4_UTF8_FLAG 0x01000000
// For encoding: If the string contains E/Email RDN, and the email-address
// (in RDN value) contains unicode characters outside of ASCII character set,
// the localpart and the hostname portion of the email-address would be first
// encoded in punycode and then the resultant Email-Address would be attempted
// to be encoded as IA5String. Punycode encoding of hostname is done on
// label-by-label basis.
// For decoding: If the name contains E/Email RDN, and local part or hostname
// portion of the email-address contains punycode encoded IA5String,
// The RDN string value is converted to its unicode equivalent.
#define CERT_RDN_ENABLE_PUNYCODE_FLAG 0x02000000
// Macro to check that the dwValueType is a character string and not an // Macro to check that the dwValueType is a character string and not an
// encoded blob or octet string // encoded blob or octet string
#define IS_CERT_RDN_CHAR_STRING(X) \ #define IS_CERT_RDN_CHAR_STRING(X) \
(((X) & CERT_RDN_TYPE_MASK) >= CERT_RDN_NUMERIC_STRING) (((X) & CERT_RDN_TYPE_MASK) >= CERT_RDN_NUMERIC_STRING)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// A CERT_RDN consists of an array of the above attributes // A CERT_RDN consists of an array of the above attributes
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_RDN { typedef struct _CERT_RDN {
DWORD cRDNAttr; DWORD cRDNAttr;
skipping to change at line 2641 skipping to change at line 2646
PCERT_EXTENSION rgExtension; PCERT_EXTENSION rgExtension;
} CRL_INFO, *PCRL_INFO; } CRL_INFO, *PCRL_INFO;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRL versions // CRL versions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRL_V1 0 #define CRL_V1 0
#define CRL_V2 1 #define CRL_V2 1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Bundle
//--------------------------------------------------------------------------
#define CERT_BUNDLE_CERTIFICATE 0
#define CERT_BUNDLE_CRL 1
typedef struct _CERT_OR_CRL_BLOB {
DWORD dwChoice;
DWORD cbEncoded;
__field_bcount(cbEncoded)
BYTE *pbEncoded;
} CERT_OR_CRL_BLOB, * PCERT_OR_CRL_BLOB;
typedef struct _CERT_OR_CRL_BUNDLE {
DWORD cItem;
__field_ecount(cItem)
PCERT_OR_CRL_BLOB rgItem;
} CERT_OR_CRL_BUNDLE, *PCERT_OR_CRL_BUNDLE;
//+-------------------------------------------------------------------------
// Information stored in a certificate request // Information stored in a certificate request
// //
// The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded // The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded
// representation of the information. // representation of the information.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_REQUEST_INFO { typedef struct _CERT_REQUEST_INFO {
DWORD dwVersion; DWORD dwVersion;
CERT_NAME_BLOB Subject; CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo; CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
DWORD cAttribute; DWORD cAttribute;
skipping to change at line 2695 skipping to change at line 2719
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CTL Usage. Also used for EnhancedKeyUsage extension. // CTL Usage. Also used for EnhancedKeyUsage extension.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CTL_USAGE { typedef struct _CTL_USAGE {
DWORD cUsageIdentifier; DWORD cUsageIdentifier;
LPSTR *rgpszUsageIdentifier; // array of pszObjId LPSTR *rgpszUsageIdentifier; // array of pszObjId
} CTL_USAGE, *PCTL_USAGE, } CTL_USAGE, *PCTL_USAGE,
CERT_ENHKEY_USAGE, *PCERT_ENHKEY_USAGE; CERT_ENHKEY_USAGE, *PCERT_ENHKEY_USAGE;
typedef const CTL_USAGE* PCCTL_USAGE;
typedef const CERT_ENHKEY_USAGE* PCCERT_ENHKEY_USAGE;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// An entry in a CTL // An entry in a CTL
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CTL_ENTRY { typedef struct _CTL_ENTRY {
CRYPT_DATA_BLOB SubjectIdentifier; // For example, its hash CRYPT_DATA_BLOB SubjectIdentifier; // For example, its hash
DWORD cAttribute; DWORD cAttribute;
PCRYPT_ATTRIBUTE rgAttribute; // OPTIONAL PCRYPT_ATTRIBUTE rgAttribute; // OPTIONAL
} CTL_ENTRY, *PCTL_ENTRY; } CTL_ENTRY, *PCTL_ENTRY;
skipping to change at line 2906 skipping to change at line 2932
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEncodeObjectEx( CryptEncodeObjectEx(
__in DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
__in LPCSTR lpszStructType, __in LPCSTR lpszStructType,
__in const void *pvStructInfo, __in const void *pvStructInfo,
__in DWORD dwFlags, __in DWORD dwFlags,
__in_opt PCRYPT_ENCODE_PARA pEncodePara, __in_opt PCRYPT_ENCODE_PARA pEncodePara,
__out_opt void *pvEncoded, __out_opt void *pvEncoded,
IN __out DWORD *pcbEncoded __inout DWORD *pcbEncoded
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEncodeObject( CryptEncodeObject(
__in DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
__in LPCSTR lpszStructType, __in LPCSTR lpszStructType,
__in const void *pvStructInfo, __in const void *pvStructInfo,
__out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded, __out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
skipping to change at line 2971 skipping to change at line 2997
// When set, the characters aren't checked to see if they // When set, the characters aren't checked to see if they
// are valid for the specified Value Type. // are valid for the specified Value Type.
#define CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG \ #define CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG \
CERT_RDN_DISABLE_CHECK_TYPE_FLAG CERT_RDN_DISABLE_CHECK_TYPE_FLAG
// The following flag is applicable when encoding the PKCS_SORTED_CTL. This // The following flag is applicable when encoding the PKCS_SORTED_CTL. This
// flag should be set if the identifier for the TrustedSubjects is a hash, // flag should be set if the identifier for the TrustedSubjects is a hash,
// such as, MD5 or SHA1. // such as, MD5 or SHA1.
#define CRYPT_SORTED_CTL_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x10000 #define CRYPT_SORTED_CTL_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x10000
// The following flag is applicable when encoding structures that require
// IA5String encoding of host name(in DNS Name/ URL/ EmailAddress) containing
// non-IA5 characters by encoding the host name in punycode first.
#define CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG 0x20000
typedef struct _CRYPT_DECODE_PARA { typedef struct _CRYPT_DECODE_PARA {
DWORD cbSize; DWORD cbSize;
PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL
PFN_CRYPT_FREE pfnFree; // OPTIONAL PFN_CRYPT_FREE pfnFree; // OPTIONAL
} CRYPT_DECODE_PARA, *PCRYPT_DECODE_PARA; } CRYPT_DECODE_PARA, *PCRYPT_DECODE_PARA;
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecodeObjectEx( CryptDecodeObjectEx(
__in DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
__in LPCSTR lpszStructType, __in LPCSTR lpszStructType,
__in_bcount(cbEncoded) const BYTE *pbEncoded, __in_bcount(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, __in DWORD cbEncoded,
__in DWORD dwFlags, __in DWORD dwFlags,
__in_opt PCRYPT_DECODE_PARA pDecodePara, __in_opt PCRYPT_DECODE_PARA pDecodePara,
__out_opt void *pvStructInfo, __out_opt void *pvStructInfo,
IN __out DWORD *pcbStructInfo __inout DWORD *pcbStructInfo
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecodeObject( CryptDecodeObject(
__in DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
__in LPCSTR lpszStructType, __in LPCSTR lpszStructType,
__in_bcount(cbEncoded) const BYTE *pbEncoded, __in_bcount(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, __in DWORD cbEncoded,
skipping to change at line 3059 skipping to change at line 3090
#define CRYPT_DECODE_ALLOC_FLAG 0x8000 #define CRYPT_DECODE_ALLOC_FLAG 0x8000
// The following flag is applicable when decoding X509_UNICODE_NAME, // The following flag is applicable when decoding X509_UNICODE_NAME,
// X509_UNICODE_NAME_VALUE or X509_UNICODE_ANY_STRING. // X509_UNICODE_NAME_VALUE or X509_UNICODE_ANY_STRING.
// By default, CERT_RDN_T61_STRING values are initially decoded // By default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters. // as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Setting this flag skips the initial attempt to decode as UTF8. // Setting this flag skips the initial attempt to decode as UTF8.
#define CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG \ #define CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG \
CERT_RDN_DISABLE_IE4_UTF8_FLAG CERT_RDN_DISABLE_IE4_UTF8_FLAG
// The following flag is applicable when decoding structures that contain
// IA5String encoding of punycode encoded host name (in DNS Name/ URL/
// EmailAddress). Decoded value contains the the unicode equivalent of
// punycode encoded data.
#define CRYPT_DECODE_ENABLE_PUNYCODE_FLAG 0x02000000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Predefined X509 certificate data structures that can be encoded / decoded. // Predefined X509 certificate data structures that can be encoded / decoded.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_ENCODE_DECODE_NONE 0 #define CRYPT_ENCODE_DECODE_NONE 0
#define X509_CERT ((LPCSTR) 1) #define X509_CERT ((LPCSTR) 1)
#define X509_CERT_TO_BE_SIGNED ((LPCSTR) 2) #define X509_CERT_TO_BE_SIGNED ((LPCSTR) 2)
#define X509_CERT_CRL_TO_BE_SIGNED ((LPCSTR) 3) #define X509_CERT_CRL_TO_BE_SIGNED ((LPCSTR) 3)
#define X509_CERT_REQUEST_TO_BE_SIGNED ((LPCSTR) 4) #define X509_CERT_REQUEST_TO_BE_SIGNED ((LPCSTR) 4)
#define X509_EXTENSIONS ((LPCSTR) 5) #define X509_EXTENSIONS ((LPCSTR) 5)
#define X509_NAME_VALUE ((LPCSTR) 6) #define X509_NAME_VALUE ((LPCSTR) 6)
skipping to change at line 3224 skipping to change at line 3261
#define CNG_RSA_PUBLIC_KEY_BLOB ((LPCSTR) 72) #define CNG_RSA_PUBLIC_KEY_BLOB ((LPCSTR) 72)
#define X509_OBJECT_IDENTIFIER ((LPCSTR) 73) #define X509_OBJECT_IDENTIFIER ((LPCSTR) 73)
#define X509_ALGORITHM_IDENTIFIER ((LPCSTR) 74) #define X509_ALGORITHM_IDENTIFIER ((LPCSTR) 74)
#define PKCS_RSA_SSA_PSS_PARAMETERS ((LPCSTR) 75) #define PKCS_RSA_SSA_PSS_PARAMETERS ((LPCSTR) 75)
#define PKCS_RSAES_OAEP_PARAMETERS ((LPCSTR) 76) #define PKCS_RSAES_OAEP_PARAMETERS ((LPCSTR) 76)
#define ECC_CMS_SHARED_INFO ((LPCSTR) 77) #define ECC_CMS_SHARED_INFO ((LPCSTR) 77)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// TIMESTAMP
//--------------------------------------------------------------------------
#define TIMESTAMP_REQUEST ((LPCSTR) 78)
#define TIMESTAMP_RESPONSE ((LPCSTR) 79)
#define TIMESTAMP_INFO ((LPCSTR) 80)
//+-------------------------------------------------------------------------
// CertificateBundle
//--------------------------------------------------------------------------
#define X509_CERT_BUNDLE ((LPCSTR) 81)
//+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded. // Predefined PKCS #7 data structures that can be encoded / decoded.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define PKCS7_SIGNER_INFO ((LPCSTR) 500) #define PKCS7_SIGNER_INFO ((LPCSTR) 500)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded. // Predefined PKCS #7 data structures that can be encoded / decoded.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMS_SIGNER_INFO ((LPCSTR) 501) #define CMS_SIGNER_INFO ((LPCSTR) 501)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 3551 skipping to change at line 3600
#ifndef szOID_LICENSE_SERVER #ifndef szOID_LICENSE_SERVER
#define szOID_LICENSE_SERVER "1.3.6.1.4.1.311.10.6.2" #define szOID_LICENSE_SERVER "1.3.6.1.4.1.311.10.6.2"
#endif #endif
#ifndef szOID_KP_SMARTCARD_LOGON #ifndef szOID_KP_SMARTCARD_LOGON
#define szOID_KP_SMARTCARD_LOGON "1.3.6.1.4.1.311.20.2.2" #define szOID_KP_SMARTCARD_LOGON "1.3.6.1.4.1.311.20.2.2"
#endif #endif
#define szOID_KP_KERNEL_MODE_CODE_SIGNING "1.3.6.1.4.1.311.61.1.1" #define szOID_KP_KERNEL_MODE_CODE_SIGNING "1.3.6.1.4.1.311.61.1.1"
// Signer of CRL
#define szOID_REVOKED_LIST_SIGNER "1.3.6.1.4.1.311.10.3.19"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Microsoft Attribute Object Identifiers // Microsoft Attribute Object Identifiers
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
#define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1" #define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Qualifiers that may be part of the szOID_CERT_POLICIES and // Qualifiers that may be part of the szOID_CERT_POLICIES and
// szOID_CERT_POLICIES95 extensions // szOID_CERT_POLICIES95 extensions
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
#define szOID_PKIX_POLICY_QUALIFIER_CPS "1.3.6.1.5.5.7.2.1" #define szOID_PKIX_POLICY_QUALIFIER_CPS "1.3.6.1.5.5.7.2.1"
#define szOID_PKIX_POLICY_QUALIFIER_USERNOTICE "1.3.6.1.5.5.7.2.2" #define szOID_PKIX_POLICY_QUALIFIER_USERNOTICE "1.3.6.1.5.5.7.2.2"
#define szOID_ROOT_PROGRAM_FLAGS "1.3.6.1.4.1.311.60.1.1" #define szOID_ROOT_PROGRAM_FLAGS "1.3.6.1.4.1.311.60.1.1"
//+-------------------------------------------------------------------------
// Root program qualifier flags, used in pbData field of
// CERT_POLICY_QUALIFIER_INFO structure.
//+-------------------------------------------------------------------------
// Validation of the Organization (O) field in the subject name meets
// Root Program Requirements for display.
#define CERT_ROOT_PROGRAM_FLAG_ORG 0x80
// Validation of the Locale (L), State (S), and Country (C) fields in
// the subject name meets Program Requirements for display.
#define CERT_ROOT_PROGRAM_FLAG_LSC 0x40
// Subject logotype
#define CERT_ROOT_PROGRAM_FLAG_SUBJECT_LOGO 0x20
// Validation of the OrganizationalUnit (OU) field in the subject name
// meets Root Program Requirements for display.
#define CERT_ROOT_PROGRAM_FLAG_OU 0x10
// Validation of the address field in the subject name meets Root
// Program Requirements for display.
#define CERT_ROOT_PROGRAM_FLAG_ADDRESS 0x08
// OID for old qualifer // OID for old qualifer
#define szOID_CERT_POLICIES_95_QUALIFIER1 "2.16.840.1.113733.1.7.1.1 " #define szOID_CERT_POLICIES_95_QUALIFIER1 "2.16.840.1.113733.1.7.1.1 "
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_CERT // X509_CERT
// //
// The "to be signed" encoded content plus its signature. The ToBeSigned // The "to be signed" encoded content plus its signature. The ToBeSigned
// content is the CryptEncodeObject() output for one of the following: // content is the CryptEncodeObject() output for one of the following:
// X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or // X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or
// X509_CERT_REQUEST_TO_BE_SIGNED. // X509_CERT_REQUEST_TO_BE_SIGNED.
skipping to change at line 3870 skipping to change at line 3946
union { // certenrolls_skip union { // certenrolls_skip
PCERT_OTHER_NAME pOtherName; // 1 PCERT_OTHER_NAME pOtherName; // 1
LPWSTR pwszRfc822Name; // 2 (encoded IA5) LPWSTR pwszRfc822Name; // 2 (encoded IA5)
LPWSTR pwszDNSName; // 3 (encoded IA5) LPWSTR pwszDNSName; // 3 (encoded IA5)
// Not implemented x400Address; // 4 // Not implemented x400Address; // 4
CERT_NAME_BLOB DirectoryName; // 5 CERT_NAME_BLOB DirectoryName; // 5
// Not implemented pEdiPartyName; // 6 // Not implemented pEdiPartyName; // 6
LPWSTR pwszURL; // 7 (encoded IA5) LPWSTR pwszURL; // 7 (encoded IA5)
CRYPT_DATA_BLOB IPAddress; // 8 (Octet String) CRYPT_DATA_BLOB IPAddress; // 8 (Octet String)
LPSTR pszRegisteredID; // 9 (Object Identifer) LPSTR pszRegisteredID; // 9 (Object Identifer)
}; // certenrolls_skip } DUMMYUNIONNAME; // certenrolls_skip
} CERT_ALT_NAME_ENTRY, *PCERT_ALT_NAME_ENTRY; } CERT_ALT_NAME_ENTRY, *PCERT_ALT_NAME_ENTRY;
// certenrolls_end // certenrolls_end
// certenrolld_begin -- CERT_ALT_NAME_* // certenrolld_begin -- CERT_ALT_NAME_*
#define CERT_ALT_NAME_OTHER_NAME 1 #define CERT_ALT_NAME_OTHER_NAME 1
#define CERT_ALT_NAME_RFC822_NAME 2 #define CERT_ALT_NAME_RFC822_NAME 2
#define CERT_ALT_NAME_DNS_NAME 3 #define CERT_ALT_NAME_DNS_NAME 3
#define CERT_ALT_NAME_X400_ADDRESS 4 #define CERT_ALT_NAME_X400_ADDRESS 4
#define CERT_ALT_NAME_DIRECTORY_NAME 5 #define CERT_ALT_NAME_DIRECTORY_NAME 5
#define CERT_ALT_NAME_EDI_PARTY_NAME 6 #define CERT_ALT_NAME_EDI_PARTY_NAME 6
skipping to change at line 4310 skipping to change at line 4386
// VALUE_INDEX - 16 bits (unicode character index) // VALUE_INDEX - 16 bits (unicode character index)
// //
// See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location // See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location
// defines. // defines.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRL_DIST_POINT_NAME { typedef struct _CRL_DIST_POINT_NAME {
DWORD dwDistPointNameChoice; DWORD dwDistPointNameChoice;
union { union {
CERT_ALT_NAME_INFO FullName; // 1 CERT_ALT_NAME_INFO FullName; // 1
// Not implemented IssuerRDN; // 2 // Not implemented IssuerRDN; // 2
}; } DUMMYUNIONNAME;
} CRL_DIST_POINT_NAME, *PCRL_DIST_POINT_NAME; } CRL_DIST_POINT_NAME, *PCRL_DIST_POINT_NAME;
#define CRL_DIST_POINT_NO_NAME 0 #define CRL_DIST_POINT_NO_NAME 0
#define CRL_DIST_POINT_FULL_NAME 1 #define CRL_DIST_POINT_FULL_NAME 1
#define CRL_DIST_POINT_ISSUER_RDN_NAME 2 #define CRL_DIST_POINT_ISSUER_RDN_NAME 2
typedef struct _CRL_DIST_POINT { typedef struct _CRL_DIST_POINT {
CRL_DIST_POINT_NAME DistPointName; // OPTIONAL CRL_DIST_POINT_NAME DistPointName; // OPTIONAL
CRYPT_BIT_BLOB ReasonFlags; // OPTIONAL CRYPT_BIT_BLOB ReasonFlags; // OPTIONAL
CERT_ALT_NAME_INFO CRLIssuer; // OPTIONAL CERT_ALT_NAME_INFO CRLIssuer; // OPTIONAL
skipping to change at line 5081 skipping to change at line 5157
typedef struct _CMC_TAGGED_CERT_REQUEST { typedef struct _CMC_TAGGED_CERT_REQUEST {
DWORD dwBodyPartID; DWORD dwBodyPartID;
CRYPT_DER_BLOB SignedCertRequest; CRYPT_DER_BLOB SignedCertRequest;
} CMC_TAGGED_CERT_REQUEST, *PCMC_TAGGED_CERT_REQUEST; } CMC_TAGGED_CERT_REQUEST, *PCMC_TAGGED_CERT_REQUEST;
typedef struct _CMC_TAGGED_REQUEST { typedef struct _CMC_TAGGED_REQUEST {
DWORD dwTaggedRequestChoice; DWORD dwTaggedRequestChoice;
union { union {
// CMC_TAGGED_CERT_REQUEST_CHOICE // CMC_TAGGED_CERT_REQUEST_CHOICE
PCMC_TAGGED_CERT_REQUEST pTaggedCertRequest; PCMC_TAGGED_CERT_REQUEST pTaggedCertRequest;
}; } DUMMYUNIONNAME;
} CMC_TAGGED_REQUEST, *PCMC_TAGGED_REQUEST; } CMC_TAGGED_REQUEST, *PCMC_TAGGED_REQUEST;
#define CMC_TAGGED_CERT_REQUEST_CHOICE 1 #define CMC_TAGGED_CERT_REQUEST_CHOICE 1
typedef struct _CMC_TAGGED_CONTENT_INFO { typedef struct _CMC_TAGGED_CONTENT_INFO {
DWORD dwBodyPartID; DWORD dwBodyPartID;
CRYPT_DER_BLOB EncodedContentInfo; CRYPT_DER_BLOB EncodedContentInfo;
} CMC_TAGGED_CONTENT_INFO, *PCMC_TAGGED_CONTENT_INFO; } CMC_TAGGED_CONTENT_INFO, *PCMC_TAGGED_CONTENT_INFO;
typedef struct _CMC_TAGGED_OTHER_MSG { typedef struct _CMC_TAGGED_OTHER_MSG {
skipping to change at line 5144 skipping to change at line 5220
DWORD *rgdwBodyList; DWORD *rgdwBodyList;
LPWSTR pwszStatusString; // OPTIONAL LPWSTR pwszStatusString; // OPTIONAL
DWORD dwOtherInfoChoice; DWORD dwOtherInfoChoice;
union { union {
// CMC_OTHER_INFO_NO_CHOICE // CMC_OTHER_INFO_NO_CHOICE
// none // none
// CMC_OTHER_INFO_FAIL_CHOICE // CMC_OTHER_INFO_FAIL_CHOICE
DWORD dwFailInfo; DWORD dwFailInfo;
// CMC_OTHER_INFO_PEND_CHOICE // CMC_OTHER_INFO_PEND_CHOICE
PCMC_PEND_INFO pPendInfo; PCMC_PEND_INFO pPendInfo;
}; } DUMMYUNIONNAME;
} CMC_STATUS_INFO, *PCMC_STATUS_INFO; } CMC_STATUS_INFO, *PCMC_STATUS_INFO;
#define CMC_OTHER_INFO_NO_CHOICE 0 #define CMC_OTHER_INFO_NO_CHOICE 0
#define CMC_OTHER_INFO_FAIL_CHOICE 1 #define CMC_OTHER_INFO_FAIL_CHOICE 1
#define CMC_OTHER_INFO_PEND_CHOICE 2 #define CMC_OTHER_INFO_PEND_CHOICE 2
// //
// dwStatus values // dwStatus values
// //
skipping to change at line 5304 skipping to change at line 5380
DWORD dwLogotypeImageResolutionChoice; DWORD dwLogotypeImageResolutionChoice;
union { union {
// CERT_LOGOTYPE_NO_IMAGE_RESOLUTION_CHOICE // CERT_LOGOTYPE_NO_IMAGE_RESOLUTION_CHOICE
// No resolution value // No resolution value
// CERT_LOGOTYPE_BITS_IMAGE_RESOLUTION_CHOICE // CERT_LOGOTYPE_BITS_IMAGE_RESOLUTION_CHOICE
DWORD dwNumBits; // Resolution in bits DWORD dwNumBits; // Resolution in bits
// CERT_LOGOTYPE_TABLE_SIZE_IMAGE_RESOLUTION_CHOICE // CERT_LOGOTYPE_TABLE_SIZE_IMAGE_RESOLUTION_CHOICE
DWORD dwTableSize; // Number of color or grey t ones DWORD dwTableSize; // Number of color or grey t ones
}; } DUMMYUNIONNAME;
LPWSTR pwszLanguage; // Optional. Encoded as IA5. LPWSTR pwszLanguage; // Optional. Encoded as IA5.
// RFC 3066 Language Tag // RFC 3066 Language Tag
} CERT_LOGOTYPE_IMAGE_INFO, *PCERT_LOGOTYPE_IMAGE_INFO; } CERT_LOGOTYPE_IMAGE_INFO, *PCERT_LOGOTYPE_IMAGE_INFO;
#define CERT_LOGOTYPE_GRAY_SCALE_IMAGE_INFO_CHOICE 1 #define CERT_LOGOTYPE_GRAY_SCALE_IMAGE_INFO_CHOICE 1
#define CERT_LOGOTYPE_COLOR_IMAGE_INFO_CHOICE 2 #define CERT_LOGOTYPE_COLOR_IMAGE_INFO_CHOICE 2
#define CERT_LOGOTYPE_NO_IMAGE_RESOLUTION_CHOICE 0 #define CERT_LOGOTYPE_NO_IMAGE_RESOLUTION_CHOICE 0
#define CERT_LOGOTYPE_BITS_IMAGE_RESOLUTION_CHOICE 1 #define CERT_LOGOTYPE_BITS_IMAGE_RESOLUTION_CHOICE 1
#define CERT_LOGOTYPE_TABLE_SIZE_IMAGE_RESOLUTION_CHOICE 2 #define CERT_LOGOTYPE_TABLE_SIZE_IMAGE_RESOLUTION_CHOICE 2
skipping to change at line 5354 skipping to change at line 5430
} CERT_LOGOTYPE_DATA, *PCERT_LOGOTYPE_DATA; } CERT_LOGOTYPE_DATA, *PCERT_LOGOTYPE_DATA;
typedef struct _CERT_LOGOTYPE_INFO { typedef struct _CERT_LOGOTYPE_INFO {
DWORD dwLogotypeInfoChoice; DWORD dwLogotypeInfoChoice;
union { union {
// CERT_LOGOTYPE_DIRECT_INFO_CHOICE // CERT_LOGOTYPE_DIRECT_INFO_CHOICE
PCERT_LOGOTYPE_DATA pLogotypeDirectInfo; PCERT_LOGOTYPE_DATA pLogotypeDirectInfo;
// CERT_LOGOTYPE_INDIRECT_INFO_CHOICE // CERT_LOGOTYPE_INDIRECT_INFO_CHOICE
PCERT_LOGOTYPE_REFERENCE pLogotypeIndirectInfo; PCERT_LOGOTYPE_REFERENCE pLogotypeIndirectInfo;
}; } DUMMYUNIONNAME;
} CERT_LOGOTYPE_INFO, *PCERT_LOGOTYPE_INFO; } CERT_LOGOTYPE_INFO, *PCERT_LOGOTYPE_INFO;
#define CERT_LOGOTYPE_DIRECT_INFO_CHOICE 1 #define CERT_LOGOTYPE_DIRECT_INFO_CHOICE 1
#define CERT_LOGOTYPE_INDIRECT_INFO_CHOICE 2 #define CERT_LOGOTYPE_INDIRECT_INFO_CHOICE 2
typedef struct _CERT_OTHER_LOGOTYPE_INFO { typedef struct _CERT_OTHER_LOGOTYPE_INFO {
LPSTR pszObjId; LPSTR pszObjId;
CERT_LOGOTYPE_INFO LogotypeInfo; CERT_LOGOTYPE_INFO LogotypeInfo;
} CERT_OTHER_LOGOTYPE_INFO, *PCERT_OTHER_LOGOTYPE_INFO; } CERT_OTHER_LOGOTYPE_INFO, *PCERT_OTHER_LOGOTYPE_INFO;
skipping to change at line 5394 skipping to change at line 5470
//========================================================================== //==========================================================================
typedef struct _CERT_BIOMETRIC_DATA { typedef struct _CERT_BIOMETRIC_DATA {
DWORD dwTypeOfBiometricDataChoice; DWORD dwTypeOfBiometricDataChoice;
union { union {
// CERT_BIOMETRIC_PREDEFINED_DATA_CHOICE // CERT_BIOMETRIC_PREDEFINED_DATA_CHOICE
DWORD dwPredefined; DWORD dwPredefined;
// CERT_BIOMETRIC_OID_DATA_CHOICE // CERT_BIOMETRIC_OID_DATA_CHOICE
LPSTR pszObjId; LPSTR pszObjId;
}; } DUMMYUNIONNAME;
CERT_HASHED_URL HashedUrl; // pwszUrl is Optional. CERT_HASHED_URL HashedUrl; // pwszUrl is Optional.
} CERT_BIOMETRIC_DATA, *PCERT_BIOMETRIC_DATA; } CERT_BIOMETRIC_DATA, *PCERT_BIOMETRIC_DATA;
#define CERT_BIOMETRIC_PREDEFINED_DATA_CHOICE 1 #define CERT_BIOMETRIC_PREDEFINED_DATA_CHOICE 1
#define CERT_BIOMETRIC_OID_DATA_CHOICE 2 #define CERT_BIOMETRIC_OID_DATA_CHOICE 2
#define CERT_BIOMETRIC_PICTURE_TYPE 0 #define CERT_BIOMETRIC_PICTURE_TYPE 0
#define CERT_BIOMETRIC_SIGNATURE_TYPE 1 #define CERT_BIOMETRIC_SIGNATURE_TYPE 1
skipping to change at line 5521 skipping to change at line 5597
OCSP_CERT_ID CertId; OCSP_CERT_ID CertId;
DWORD dwCertStatus; DWORD dwCertStatus;
union { union {
// OCSP_BASIC_GOOD_CERT_STATUS // OCSP_BASIC_GOOD_CERT_STATUS
// OCSP_BASIC_UNKNOWN_CERT_STATUS // OCSP_BASIC_UNKNOWN_CERT_STATUS
// No additional information // No additional information
// OCSP_BASIC_REVOKED_CERT_STATUS // OCSP_BASIC_REVOKED_CERT_STATUS
POCSP_BASIC_REVOKED_INFO pRevokedInfo; POCSP_BASIC_REVOKED_INFO pRevokedInfo;
}; } DUMMYUNIONNAME;
FILETIME ThisUpdate; FILETIME ThisUpdate;
FILETIME NextUpdate; // Optional, zero filetime implies FILETIME NextUpdate; // Optional, zero filetime implies
// never expires // never expires
DWORD cExtension; DWORD cExtension;
PCERT_EXTENSION rgExtension; PCERT_EXTENSION rgExtension;
} OCSP_BASIC_RESPONSE_ENTRY, *POCSP_BASIC_RESPONSE_ENTRY; } OCSP_BASIC_RESPONSE_ENTRY, *POCSP_BASIC_RESPONSE_ENTRY;
#define OCSP_BASIC_GOOD_CERT_STATUS 0 #define OCSP_BASIC_GOOD_CERT_STATUS 0
#define OCSP_BASIC_REVOKED_CERT_STATUS 1 #define OCSP_BASIC_REVOKED_CERT_STATUS 1
#define OCSP_BASIC_UNKNOWN_CERT_STATUS 2 #define OCSP_BASIC_UNKNOWN_CERT_STATUS 2
typedef struct _OCSP_BASIC_RESPONSE_INFO { typedef struct _OCSP_BASIC_RESPONSE_INFO {
DWORD dwVersion; DWORD dwVersion;
DWORD dwResponderIdChoice; DWORD dwResponderIdChoice;
union { union {
// OCSP_BASIC_BY_NAME_RESPONDER_ID // OCSP_BASIC_BY_NAME_RESPONDER_ID
CERT_NAME_BLOB ByNameResponderId; CERT_NAME_BLOB ByNameResponderId;
// OCSP_BASIC_BY_KEY_RESPONDER_ID // OCSP_BASIC_BY_KEY_RESPONDER_ID
CRYPT_HASH_BLOB ByKeyResponderId; CRYPT_HASH_BLOB ByKeyResponderId;
}; } DUMMYUNIONNAME;
FILETIME ProducedAt; FILETIME ProducedAt;
DWORD cResponseEntry; DWORD cResponseEntry;
POCSP_BASIC_RESPONSE_ENTRY rgResponseEntry; POCSP_BASIC_RESPONSE_ENTRY rgResponseEntry;
DWORD cExtension; DWORD cExtension;
PCERT_EXTENSION rgExtension; PCERT_EXTENSION rgExtension;
} OCSP_BASIC_RESPONSE_INFO, *POCSP_BASIC_RESPONSE_INFO; } OCSP_BASIC_RESPONSE_INFO, *POCSP_BASIC_RESPONSE_INFO;
#define OCSP_BASIC_RESPONSE_V1 0 #define OCSP_BASIC_RESPONSE_V1 0
#define OCSP_BASIC_BY_NAME_RESPONDER_ID 1 #define OCSP_BASIC_BY_NAME_RESPONDER_ID 1
skipping to change at line 5987 skipping to change at line 6063
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_OID_INFO { typedef struct _CRYPT_OID_INFO {
DWORD cbSize; DWORD cbSize;
LPCSTR pszOID; LPCSTR pszOID;
LPCWSTR pwszName; LPCWSTR pwszName;
DWORD dwGroupId; DWORD dwGroupId;
union { union {
DWORD dwValue; DWORD dwValue;
ALG_ID Algid; ALG_ID Algid;
DWORD dwLength; DWORD dwLength;
}; } DUMMYUNIONNAME;
CRYPT_DATA_BLOB ExtraInfo; CRYPT_DATA_BLOB ExtraInfo;
#ifdef CRYPT_OID_INFO_HAS_EXTRA_FIELDS #ifdef CRYPT_OID_INFO_HAS_EXTRA_FIELDS
// Note, if you #define CRYPT_OID_INFO_HAS_EXTRA_FIELDS, then, you // Note, if you #define CRYPT_OID_INFO_HAS_EXTRA_FIELDS, then, you
// must zero all unused fields in this data structure. // must zero all unused fields in this data structure.
// More fields could be added in a future release. // More fields could be added in a future release.
// The following 2 fields are set to an empty string, L"", if not defined. // The following 2 fields are set to an empty string, L"", if not defined.
// This is the Algid string passed to the BCrypt* and NCrypt* APIs // This is the Algid string passed to the BCrypt* and NCrypt* APIs
skipping to change at line 6031 skipping to change at line 6107
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_HASH_ALG_OID_GROUP_ID 1 #define CRYPT_HASH_ALG_OID_GROUP_ID 1
#define CRYPT_ENCRYPT_ALG_OID_GROUP_ID 2 #define CRYPT_ENCRYPT_ALG_OID_GROUP_ID 2
#define CRYPT_PUBKEY_ALG_OID_GROUP_ID 3 #define CRYPT_PUBKEY_ALG_OID_GROUP_ID 3
#define CRYPT_SIGN_ALG_OID_GROUP_ID 4 #define CRYPT_SIGN_ALG_OID_GROUP_ID 4
#define CRYPT_RDN_ATTR_OID_GROUP_ID 5 #define CRYPT_RDN_ATTR_OID_GROUP_ID 5
#define CRYPT_EXT_OR_ATTR_OID_GROUP_ID 6 #define CRYPT_EXT_OR_ATTR_OID_GROUP_ID 6
#define CRYPT_ENHKEY_USAGE_OID_GROUP_ID 7 #define CRYPT_ENHKEY_USAGE_OID_GROUP_ID 7
#define CRYPT_POLICY_OID_GROUP_ID 8 #define CRYPT_POLICY_OID_GROUP_ID 8
#define CRYPT_TEMPLATE_OID_GROUP_ID 9 #define CRYPT_TEMPLATE_OID_GROUP_ID 9
#define CRYPT_LAST_OID_GROUP_ID 9 #define CRYPT_KDF_OID_GROUP_ID 10
#define CRYPT_LAST_OID_GROUP_ID 10
#define CRYPT_FIRST_ALG_OID_GROUP_ID CRYPT_HASH_ALG_OID_GROUP_ID #define CRYPT_FIRST_ALG_OID_GROUP_ID CRYPT_HASH_ALG_OID_GROUP_ID
#define CRYPT_LAST_ALG_OID_GROUP_ID CRYPT_SIGN_ALG_OID_GROUP_ID #define CRYPT_LAST_ALG_OID_GROUP_ID CRYPT_SIGN_ALG_OID_GROUP_ID
// certenrolld_end // certenrolld_end
// The CRYPT_*_ALG_OID_GROUP_ID's have an Algid. The CRYPT_RDN_ATTR_OID_GROUP_ID // The CRYPT_*_ALG_OID_GROUP_ID's have an Algid. The CRYPT_RDN_ATTR_OID_GROUP_ID
// has a dwLength. The CRYPT_EXT_OR_ATTR_OID_GROUP_ID, // has a dwLength. The CRYPT_EXT_OR_ATTR_OID_GROUP_ID,
// CRYPT_ENHKEY_USAGE_OID_GROUP_ID, CRYPT_POLICY_OID_GROUP_ID or // CRYPT_ENHKEY_USAGE_OID_GROUP_ID, CRYPT_POLICY_OID_GROUP_ID or
// CRYPT_TEMPLATE_OID_GROUP_ID don't have a dwValue. // CRYPT_TEMPLATE_OID_GROUP_ID don't have a dwValue.
// //
skipping to change at line 6134 skipping to change at line 6211
// valid for signing or encrypting // valid for signing or encrypting
// certenrolld_begin -- CRYPT_*_KEY_FLAG // certenrolld_begin -- CRYPT_*_KEY_FLAG
#define CRYPT_OID_INFO_OID_KEY_FLAGS_MASK 0xFFFF0000 #define CRYPT_OID_INFO_OID_KEY_FLAGS_MASK 0xFFFF0000
#define CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG 0x80000000 #define CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG 0x80000000
#define CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG 0x40000000 #define CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG 0x40000000
// The following flag can be set in above dwGroupId parameter to disable // The following flag can be set in above dwGroupId parameter to disable
// searching the directory server // searching the directory server
#define CRYPT_OID_DISABLE_SEARCH_DS_FLAG 0x80000000 #define CRYPT_OID_DISABLE_SEARCH_DS_FLAG 0x80000000
#ifdef CRYPT_OID_INFO_HAS_EXTRA_FIELDS
// The following flag can be set in above dwGroupId parameter to search
// through CRYPT_OID_INFO records. If there are multiple records that meet
// the search criteria, the first record with defined pwszCNGAlgid would be
// returned. If none of the records (meeting the search criteria) have
// pwszCNGAlgid defined, first record (meeting the search criteria) would be
// returned.
#define CRYPT_OID_PREFER_CNG_ALGID_FLAG 0x40000000
#endif
// certenrolld_end -- CRYPT_*_KEY_FLAG // certenrolld_end -- CRYPT_*_KEY_FLAG
// The bit length shifted left 16 bits can be OR'ed into the above // The bit length shifted left 16 bits can be OR'ed into the above
// dwGroupId parameter. Only applicable to the CRYPT_ENCRYPT_ALG_OID_GROUP_ID. // dwGroupId parameter. Only applicable to the CRYPT_ENCRYPT_ALG_OID_GROUP_ID.
// Also, only applicable to encryption algorithms having a dwBitLen ExtraInfo. // Also, only applicable to encryption algorithms having a dwBitLen ExtraInfo.
// Currently, only the AES encryption algorithms have this. // Currently, only the AES encryption algorithms have this.
// //
// For example, to find the OIDInfo for BCRYPT_AES_ALGORITHM, bit length 192, // For example, to find the OIDInfo for BCRYPT_AES_ALGORITHM, bit length 192,
// CryptFindOIDInfo would be called as follows: // CryptFindOIDInfo would be called as follows:
// PCCRYPT_OID_INFO pOIDInfo = // PCCRYPT_OID_INFO pOIDInfo =
skipping to change at line 6302 skipping to change at line 6391
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_ID { typedef struct _CERT_ID {
DWORD dwIdChoice; DWORD dwIdChoice;
union { union {
// CERT_ID_ISSUER_SERIAL_NUMBER // CERT_ID_ISSUER_SERIAL_NUMBER
CERT_ISSUER_SERIAL_NUMBER IssuerSerialNumber; CERT_ISSUER_SERIAL_NUMBER IssuerSerialNumber;
// CERT_ID_KEY_IDENTIFIER // CERT_ID_KEY_IDENTIFIER
CRYPT_HASH_BLOB KeyId; CRYPT_HASH_BLOB KeyId;
// CERT_ID_SHA1_HASH // CERT_ID_SHA1_HASH
CRYPT_HASH_BLOB HashId; CRYPT_HASH_BLOB HashId;
}; } DUMMYUNIONNAME;
} CERT_ID, *PCERT_ID; } CERT_ID, *PCERT_ID;
#define CERT_ID_ISSUER_SERIAL_NUMBER 1 #define CERT_ID_ISSUER_SERIAL_NUMBER 1
#define CERT_ID_KEY_IDENTIFIER 2 #define CERT_ID_KEY_IDENTIFIER 2
#define CERT_ID_SHA1_HASH 3 #define CERT_ID_SHA1_HASH 3
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The message encode information (pvMsgEncodeInfo) is message type dependent // The message encode information (pvMsgEncodeInfo) is message type dependent
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 6365 skipping to change at line 6454
// CMS signed messages allow the inclusion of Attribute Certs. // CMS signed messages allow the inclusion of Attribute Certs.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_SIGNER_ENCODE_INFO { typedef struct _CMSG_SIGNER_ENCODE_INFO {
DWORD cbSize; DWORD cbSize;
PCERT_INFO pCertInfo; PCERT_INFO pCertInfo;
// NCryptIsKeyHandle() is called to determine the union choice. // NCryptIsKeyHandle() is called to determine the union choice.
union { union {
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey; NCRYPT_KEY_HANDLE hNCryptKey;
}; } DUMMYUNIONNAME;
// not applicable for hNCryptKey choice // not applicable for hNCryptKey choice
DWORD dwKeySpec; DWORD dwKeySpec;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
void *pvHashAuxInfo; void *pvHashAuxInfo;
DWORD cAuthAttr; DWORD cAuthAttr;
PCRYPT_ATTRIBUTE rgAuthAttr; PCRYPT_ATTRIBUTE rgAuthAttr;
DWORD cUnauthAttr; DWORD cUnauthAttr;
PCRYPT_ATTRIBUTE rgUnauthAttr; PCRYPT_ATTRIBUTE rgUnauthAttr;
skipping to change at line 6582 skipping to change at line 6671
union { union {
// CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE // CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE
// //
// The ephemeral public key algorithm and parameters. // The ephemeral public key algorithm and parameters.
PCRYPT_ALGORITHM_IDENTIFIER pEphemeralAlgorithm; PCRYPT_ALGORITHM_IDENTIFIER pEphemeralAlgorithm;
// CMSG_KEY_AGREE_STATIC_KEY_CHOICE // CMSG_KEY_AGREE_STATIC_KEY_CHOICE
// //
// The CertId of the sender's certificate // The CertId of the sender's certificate
PCERT_ID pSenderId; PCERT_ID pSenderId;
}; } DUMMYUNIONNAME;
CRYPT_DATA_BLOB UserKeyingMaterial; // OPTIONAL CRYPT_DATA_BLOB UserKeyingMaterial; // OPTIONAL
DWORD cRecipientEncryptedKeys; DWORD cRecipientEncryptedKeys;
PCMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO *rgpRecipientEncryptedKeys; PCMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO *rgpRecipientEncryptedKeys;
} CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO, *PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO; } CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO, *PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO;
#define CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE 1 #define CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE 1
#define CMSG_KEY_AGREE_STATIC_KEY_CHOICE 2 #define CMSG_KEY_AGREE_STATIC_KEY_CHOICE 2
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 6622 skipping to change at line 6711
DWORD cbSize; DWORD cbSize;
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
void *pvKeyEncryptionAuxInfo; void *pvKeyEncryptionAuxInfo;
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
DWORD dwKeyChoice; DWORD dwKeyChoice;
union { union {
// CMSG_MAIL_LIST_HANDLE_KEY_CHOICE // CMSG_MAIL_LIST_HANDLE_KEY_CHOICE
HCRYPTKEY hKeyEncryptionKey; HCRYPTKEY hKeyEncryptionKey;
// Reserve space for a potential pointer choice // Reserve space for a potential pointer choice
void *pvKeyEncryptionKey; void *pvKeyEncryptionKey;
}; } DUMMYUNIONNAME;
CRYPT_DATA_BLOB KeyId; CRYPT_DATA_BLOB KeyId;
// Following fields are optional. // Following fields are optional.
FILETIME Date; FILETIME Date;
PCRYPT_ATTRIBUTE_TYPE_VALUE pOtherAttr; PCRYPT_ATTRIBUTE_TYPE_VALUE pOtherAttr;
} CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO, *PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO; } CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO, *PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO;
#define CMSG_MAIL_LIST_HANDLE_KEY_CHOICE 1 #define CMSG_MAIL_LIST_HANDLE_KEY_CHOICE 1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 6646 skipping to change at line 6735
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
struct _CMSG_RECIPIENT_ENCODE_INFO { struct _CMSG_RECIPIENT_ENCODE_INFO {
DWORD dwRecipientChoice; DWORD dwRecipientChoice;
union { union {
// CMSG_KEY_TRANS_RECIPIENT // CMSG_KEY_TRANS_RECIPIENT
PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO pKeyTrans; PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO pKeyTrans;
// CMSG_KEY_AGREE_RECIPIENT // CMSG_KEY_AGREE_RECIPIENT
PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO pKeyAgree; PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO pKeyAgree;
// CMSG_MAIL_LIST_RECIPIENT // CMSG_MAIL_LIST_RECIPIENT
PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO pMailList; PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO pMailList;
}; } DUMMYUNIONNAME;
}; };
#define CMSG_KEY_TRANS_RECIPIENT 1 #define CMSG_KEY_TRANS_RECIPIENT 1
#define CMSG_KEY_AGREE_RECIPIENT 2 #define CMSG_KEY_AGREE_RECIPIENT 2
#define CMSG_MAIL_LIST_RECIPIENT 3 #define CMSG_MAIL_LIST_RECIPIENT 3
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_RC2_AUX_INFO // CMSG_RC2_AUX_INFO
// //
// AuxInfo for RC2 encryption algorithms. The pvEncryptionAuxInfo field // AuxInfo for RC2 encryption algorithms. The pvEncryptionAuxInfo field
skipping to change at line 7420 skipping to change at line 7509
} CMSG_RECIPIENT_ENCRYPTED_KEY_INFO, *PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO; } CMSG_RECIPIENT_ENCRYPTED_KEY_INFO, *PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO;
typedef struct _CMSG_KEY_AGREE_RECIPIENT_INFO { typedef struct _CMSG_KEY_AGREE_RECIPIENT_INFO {
DWORD dwVersion; DWORD dwVersion;
DWORD dwOriginatorChoice; DWORD dwOriginatorChoice;
union { union {
// CMSG_KEY_AGREE_ORIGINATOR_CERT // CMSG_KEY_AGREE_ORIGINATOR_CERT
CERT_ID OriginatorCertId; CERT_ID OriginatorCertId;
// CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY // CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY
CERT_PUBLIC_KEY_INFO OriginatorPublicKeyInfo; CERT_PUBLIC_KEY_INFO OriginatorPublicKeyInfo;
}; } DUMMYUNIONNAME;
CRYPT_DATA_BLOB UserKeyingMaterial; CRYPT_DATA_BLOB UserKeyingMaterial;
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
DWORD cRecipientEncryptedKeys; DWORD cRecipientEncryptedKeys;
PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO *rgpRecipientEncryptedKeys; PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO *rgpRecipientEncryptedKeys;
} CMSG_KEY_AGREE_RECIPIENT_INFO, *PCMSG_KEY_AGREE_RECIPIENT_INFO; } CMSG_KEY_AGREE_RECIPIENT_INFO, *PCMSG_KEY_AGREE_RECIPIENT_INFO;
#define CMSG_KEY_AGREE_ORIGINATOR_CERT 1 #define CMSG_KEY_AGREE_ORIGINATOR_CERT 1
#define CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY 2 #define CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY 2
skipping to change at line 7451 skipping to change at line 7540
typedef struct _CMSG_CMS_RECIPIENT_INFO { typedef struct _CMSG_CMS_RECIPIENT_INFO {
DWORD dwRecipientChoice; DWORD dwRecipientChoice;
union { union {
// CMSG_KEY_TRANS_RECIPIENT // CMSG_KEY_TRANS_RECIPIENT
PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans; PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans;
// CMSG_KEY_AGREE_RECIPIENT // CMSG_KEY_AGREE_RECIPIENT
PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree; PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree;
// CMSG_MAIL_LIST_RECIPIENT // CMSG_MAIL_LIST_RECIPIENT
PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList; PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList;
}; } DUMMYUNIONNAME;
} CMSG_CMS_RECIPIENT_INFO, *PCMSG_CMS_RECIPIENT_INFO; } CMSG_CMS_RECIPIENT_INFO, *PCMSG_CMS_RECIPIENT_INFO;
// dwVersion numbers for the KeyTrans, KeyAgree and MailList recipients // dwVersion numbers for the KeyTrans, KeyAgree and MailList recipients
#define CMSG_ENVELOPED_RECIPIENT_V0 0 #define CMSG_ENVELOPED_RECIPIENT_V0 0
#define CMSG_ENVELOPED_RECIPIENT_V2 2 #define CMSG_ENVELOPED_RECIPIENT_V2 2
#define CMSG_ENVELOPED_RECIPIENT_V3 3 #define CMSG_ENVELOPED_RECIPIENT_V3 3
#define CMSG_ENVELOPED_RECIPIENT_V4 4 #define CMSG_ENVELOPED_RECIPIENT_V4 4
#define CMSG_KEY_TRANS_PKCS_1_5_VERSION CMSG_ENVELOPED_RECIPIENT_V0 #define CMSG_KEY_TRANS_PKCS_1_5_VERSION CMSG_ENVELOPED_RECIPIENT_V0
#define CMSG_KEY_TRANS_CMS_VERSION CMSG_ENVELOPED_RECIPIENT_V2 #define CMSG_KEY_TRANS_CMS_VERSION CMSG_ENVELOPED_RECIPIENT_V2
#define CMSG_KEY_AGREE_VERSION CMSG_ENVELOPED_RECIPIENT_V3 #define CMSG_KEY_AGREE_VERSION CMSG_ENVELOPED_RECIPIENT_V3
skipping to change at line 7611 skipping to change at line 7700
// //
// Note, the message can only be decrypted once. // Note, the message can only be decrypted once.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_DECRYPT_PARA { typedef struct _CMSG_CTRL_DECRYPT_PARA {
DWORD cbSize; DWORD cbSize;
// NCryptIsKeyHandle() is called to determine the union choice. // NCryptIsKeyHandle() is called to determine the union choice.
union { union {
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey; NCRYPT_KEY_HANDLE hNCryptKey;
}; } DUMMYUNIONNAME;
// not applicable for hNCryptKey choice // not applicable for hNCryptKey choice
DWORD dwKeySpec; DWORD dwKeySpec;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
} CMSG_CTRL_DECRYPT_PARA, *PCMSG_CTRL_DECRYPT_PARA; } CMSG_CTRL_DECRYPT_PARA, *PCMSG_CTRL_DECRYPT_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_CTRL_KEY_TRANS_DECRYPT // CMSG_CTRL_KEY_TRANS_DECRYPT
// //
skipping to change at line 7649 skipping to change at line 7738
// with the hCryptProv's or hNCryptKey's private key. // with the hCryptProv's or hNCryptKey's private key.
// //
// Note, the message can only be decrypted once. // Note, the message can only be decrypted once.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_KEY_TRANS_DECRYPT_PARA { typedef struct _CMSG_CTRL_KEY_TRANS_DECRYPT_PARA {
DWORD cbSize; DWORD cbSize;
// NCryptIsKeyHandle() is called to determine the union choice. // NCryptIsKeyHandle() is called to determine the union choice.
union { union {
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey; NCRYPT_KEY_HANDLE hNCryptKey;
}; } DUMMYUNIONNAME;
// not applicable for hNCryptKey choice // not applicable for hNCryptKey choice
DWORD dwKeySpec; DWORD dwKeySpec;
PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans; PCMSG_KEY_TRANS_RECIPIENT_INFO pKeyTrans;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
} CMSG_CTRL_KEY_TRANS_DECRYPT_PARA, *PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA; } CMSG_CTRL_KEY_TRANS_DECRYPT_PARA, *PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_CTRL_KEY_AGREE_DECRYPT // CMSG_CTRL_KEY_AGREE_DECRYPT
skipping to change at line 7694 skipping to change at line 7783
// //
// Note, the message can only be decrypted once. // Note, the message can only be decrypted once.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CMSG_CTRL_KEY_AGREE_DECRYPT_PARA { typedef struct _CMSG_CTRL_KEY_AGREE_DECRYPT_PARA {
DWORD cbSize; DWORD cbSize;
// NCryptIsKeyHandle() is called to determine the union choice. // NCryptIsKeyHandle() is called to determine the union choice.
union { union {
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey; NCRYPT_KEY_HANDLE hNCryptKey;
}; } DUMMYUNIONNAME;
// not applicable for hNCryptKey choice // not applicable for hNCryptKey choice
DWORD dwKeySpec; DWORD dwKeySpec;
PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree; PCMSG_KEY_AGREE_RECIPIENT_INFO pKeyAgree;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
DWORD dwRecipientEncryptedKeyIndex; DWORD dwRecipientEncryptedKeyIndex;
CRYPT_BIT_BLOB OriginatorPublicKey; CRYPT_BIT_BLOB OriginatorPublicKey;
} CMSG_CTRL_KEY_AGREE_DECRYPT_PARA, *PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA; } CMSG_CTRL_KEY_AGREE_DECRYPT_PARA, *PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA;
skipping to change at line 7741 skipping to change at line 7830
DWORD cbSize; DWORD cbSize;
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList; PCMSG_MAIL_LIST_RECIPIENT_INFO pMailList;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
DWORD dwKeyChoice; DWORD dwKeyChoice;
union { union {
// CMSG_MAIL_LIST_HANDLE_KEY_CHOICE // CMSG_MAIL_LIST_HANDLE_KEY_CHOICE
HCRYPTKEY hKeyEncryptionKey; HCRYPTKEY hKeyEncryptionKey;
// Reserve space for a potential pointer choice // Reserve space for a potential pointer choice
void *pvKeyEncryptionKey; void *pvKeyEncryptionKey;
}; } DUMMYUNIONNAME;
} CMSG_CTRL_MAIL_LIST_DECRYPT_PARA, *PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA; } CMSG_CTRL_MAIL_LIST_DECRYPT_PARA, *PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_CTRL_VERIFY_HASH // CMSG_CTRL_VERIFY_HASH
// //
// Verify the hash of a HASHED message after it has been decoded. // Verify the hash of a HASHED message after it has been decoded.
// //
// Only the hCryptMsg parameter is used, to specify the message whose // Only the hCryptMsg parameter is used, to specify the message whose
// hash is being verified. // hash is being verified.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 8040 skipping to change at line 8129
DWORD cRecipients; DWORD cRecipients;
PCMSG_RECIPIENT_ENCODE_INFO rgCmsRecipients; PCMSG_RECIPIENT_ENCODE_INFO rgCmsRecipients;
PFN_CMSG_ALLOC pfnAlloc; PFN_CMSG_ALLOC pfnAlloc;
PFN_CMSG_FREE pfnFree; PFN_CMSG_FREE pfnFree;
DWORD dwEncryptFlags; DWORD dwEncryptFlags;
union { union {
// fCNG == FALSE // fCNG == FALSE
HCRYPTKEY hContentEncryptKey; HCRYPTKEY hContentEncryptKey;
// fCNG == TRUE // fCNG == TRUE
BCRYPT_KEY_HANDLE hCNGContentEncryptKey; BCRYPT_KEY_HANDLE hCNGContentEncryptKey;
}; } DUMMYUNIONNAME;
DWORD dwFlags; DWORD dwFlags;
BOOL fCNG; BOOL fCNG;
// When fCNG == TRUE, pfnAlloc'ed // When fCNG == TRUE, pfnAlloc'ed
BYTE *pbCNGContentEncryptKeyObject; BYTE *pbCNGContentEncryptKeyObject;
BYTE *pbContentEncryptKey; BYTE *pbContentEncryptKey;
DWORD cbContentEncryptKey; DWORD cbContentEncryptKey;
} CMSG_CONTENT_ENCRYPT_INFO, *PCMSG_CONTENT_ENCRYPT_INFO; } CMSG_CONTENT_ENCRYPT_INFO, *PCMSG_CONTENT_ENCRYPT_INFO;
#define CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG 0x00000001 #define CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG 0x00000001
skipping to change at line 8212 skipping to change at line 8301
DWORD cbSize; DWORD cbSize;
DWORD dwRecipientIndex; DWORD dwRecipientIndex;
CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm; CRYPT_ALGORITHM_IDENTIFIER KeyEncryptionAlgorithm;
CRYPT_DATA_BLOB UserKeyingMaterial; CRYPT_DATA_BLOB UserKeyingMaterial;
DWORD dwOriginatorChoice; DWORD dwOriginatorChoice;
union { union {
// CMSG_KEY_AGREE_ORIGINATOR_CERT // CMSG_KEY_AGREE_ORIGINATOR_CERT
CERT_ID OriginatorCertId; CERT_ID OriginatorCertId;
// CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY // CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY
CERT_PUBLIC_KEY_INFO OriginatorPublicKeyInfo; CERT_PUBLIC_KEY_INFO OriginatorPublicKeyInfo;
}; } DUMMYUNIONNAME;
DWORD cKeyAgreeKeyEncryptInfo; DWORD cKeyAgreeKeyEncryptInfo;
PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO *rgpKeyAgreeKeyEncryptInfo; PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO *rgpKeyAgreeKeyEncryptInfo;
DWORD dwFlags; DWORD dwFlags;
} CMSG_KEY_AGREE_ENCRYPT_INFO, *PCMSG_KEY_AGREE_ENCRYPT_INFO; } CMSG_KEY_AGREE_ENCRYPT_INFO, *PCMSG_KEY_AGREE_ENCRYPT_INFO;
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG 0x00000001 #define CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG 0x00000001
#define CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG 0x00000002 #define CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG 0x00000002
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_ALG_FLAG 0x00000004 #define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_ALG_FLAG 0x00000004
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_PARA_FLAG 0x00000008 #define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_PARA_FLAG 0x00000008
#define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_BITS_FLAG 0x00000010 #define CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_BITS_FLAG 0x00000010
skipping to change at line 8657 skipping to change at line 8746
#define CERT_FRIENDLY_NAME_PROP_ID 11 // string #define CERT_FRIENDLY_NAME_PROP_ID 11 // string
#define CERT_PVK_FILE_PROP_ID 12 #define CERT_PVK_FILE_PROP_ID 12
#define CERT_DESCRIPTION_PROP_ID 13 // string #define CERT_DESCRIPTION_PROP_ID 13 // string
#define CERT_ACCESS_STATE_PROP_ID 14 #define CERT_ACCESS_STATE_PROP_ID 14
#define CERT_SIGNATURE_HASH_PROP_ID 15 #define CERT_SIGNATURE_HASH_PROP_ID 15
#define CERT_SMART_CARD_DATA_PROP_ID 16 #define CERT_SMART_CARD_DATA_PROP_ID 16
#define CERT_EFS_PROP_ID 17 #define CERT_EFS_PROP_ID 17
#define CERT_FORTEZZA_DATA_PROP_ID 18 #define CERT_FORTEZZA_DATA_PROP_ID 18
#define CERT_ARCHIVED_PROP_ID 19 #define CERT_ARCHIVED_PROP_ID 19
#define CERT_KEY_IDENTIFIER_PROP_ID 20 #define CERT_KEY_IDENTIFIER_PROP_ID 20
#define CERT_AUTO_ENROLL_PROP_ID 21 // string:machine DNS name #define CERT_AUTO_ENROLL_PROP_ID 21 // string:Template name
#define CERT_PUBKEY_ALG_PARA_PROP_ID 22 #define CERT_PUBKEY_ALG_PARA_PROP_ID 22
#define CERT_CROSS_CERT_DIST_POINTS_PROP_ID 23 #define CERT_CROSS_CERT_DIST_POINTS_PROP_ID 23
#define CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID 24 #define CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID 24
#define CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID 25 #define CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID 25
#define CERT_ENROLLMENT_PROP_ID 26 // RequestId+CADNS+CACN+Friendly Name #define CERT_ENROLLMENT_PROP_ID 26 // RequestId+CADNS+CACN+Friendly Name
#define CERT_DATE_STAMP_PROP_ID 27 #define CERT_DATE_STAMP_PROP_ID 27
#define CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID 28 #define CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID 28
#define CERT_SUBJECT_NAME_MD5_HASH_PROP_ID 29 #define CERT_SUBJECT_NAME_MD5_HASH_PROP_ID 29
#define CERT_EXTENDED_ERROR_INFO_PROP_ID 30 // string #define CERT_EXTENDED_ERROR_INFO_PROP_ID 30 // string
// Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs. // Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs.
// 36 - 63 are reserved for future element IDs. // 36 - 62 are reserved for future element IDs.
#define CERT_RENEWAL_PROP_ID 64 #define CERT_RENEWAL_PROP_ID 64
#define CERT_ARCHIVED_KEY_HASH_PROP_ID 65 // Encrypted key hash #define CERT_ARCHIVED_KEY_HASH_PROP_ID 65 // Encrypted key hash
#define CERT_AUTO_ENROLL_RETRY_PROP_ID 66 // AE_RETRY_INFO:cb+cRetry+FILETI ME #define CERT_AUTO_ENROLL_RETRY_PROP_ID 66 // AE_RETRY_INFO:cb+cRetry+FILETI ME
#define CERT_AIA_URL_RETRIEVED_PROP_ID 67 #define CERT_AIA_URL_RETRIEVED_PROP_ID 67
#define CERT_AUTHORITY_INFO_ACCESS_PROP_ID 68 #define CERT_AUTHORITY_INFO_ACCESS_PROP_ID 68
#define CERT_BACKED_UP_PROP_ID 69 // VARIANT_BOOL+FILETIME #define CERT_BACKED_UP_PROP_ID 69 // VARIANT_BOOL+FILETIME
#define CERT_OCSP_RESPONSE_PROP_ID 70 #define CERT_OCSP_RESPONSE_PROP_ID 70
#define CERT_REQUEST_ORIGINATOR_PROP_ID 71 // string:machine DNS name #define CERT_REQUEST_ORIGINATOR_PROP_ID 71 // string:machine DNS name
#define CERT_SOURCE_LOCATION_PROP_ID 72 // string #define CERT_SOURCE_LOCATION_PROP_ID 72 // string
skipping to change at line 8693 skipping to change at line 8782
#define CERT_SMART_CARD_ROOT_INFO_PROP_ID 76 // CRYPT_SMART_CARD_ROOT_INFO #define CERT_SMART_CARD_ROOT_INFO_PROP_ID 76 // CRYPT_SMART_CARD_ROOT_INFO
#define CERT_NO_AUTO_EXPIRE_CHECK_PROP_ID 77 #define CERT_NO_AUTO_EXPIRE_CHECK_PROP_ID 77
#define CERT_NCRYPT_KEY_HANDLE_PROP_ID 78 #define CERT_NCRYPT_KEY_HANDLE_PROP_ID 78
#define CERT_HCRYPTPROV_OR_NCRYPT_KEY_HANDLE_PROP_ID 79 #define CERT_HCRYPTPROV_OR_NCRYPT_KEY_HANDLE_PROP_ID 79
#define CERT_SUBJECT_INFO_ACCESS_PROP_ID 80 #define CERT_SUBJECT_INFO_ACCESS_PROP_ID 80
#define CERT_CA_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 81 #define CERT_CA_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 81
#define CERT_CA_DISABLE_CRL_PROP_ID 82 #define CERT_CA_DISABLE_CRL_PROP_ID 82
#define CERT_ROOT_PROGRAM_CERT_POLICIES_PROP_ID 83 #define CERT_ROOT_PROGRAM_CERT_POLICIES_PROP_ID 83
#define CERT_ROOT_PROGRAM_NAME_CONSTRAINTS_PROP_ID 84 #define CERT_ROOT_PROGRAM_NAME_CONSTRAINTS_PROP_ID 84
#define CERT_FIRST_RESERVED_PROP_ID 85 #define CERT_SUBJECT_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 85
#define CERT_SUBJECT_DISABLE_CRL_PROP_ID 86
#define CERT_CEP_PROP_ID 87 // Version+PropFlags+AuthType+Url
Flags+CESAuthType+Url+Id+CESUrl+ReqId
// 88 reserved, originally used for CERT_CEP_PROP_ID
#define CERT_SIGN_HASH_CNG_ALG_PROP_ID 89
#define CERT_SCARD_PIN_ID_PROP_ID 90
#define CERT_SCARD_PIN_INFO_PROP_ID 91
#define CERT_FIRST_RESERVED_PROP_ID 92
#define CERT_LAST_RESERVED_PROP_ID 0x00007FFF #define CERT_LAST_RESERVED_PROP_ID 0x00007FFF
#define CERT_FIRST_USER_PROP_ID 0x00008000 #define CERT_FIRST_USER_PROP_ID 0x00008000
#define CERT_LAST_USER_PROP_ID 0x0000FFFF #define CERT_LAST_USER_PROP_ID 0x0000FFFF
// certenrolld_end // certenrolld_end
#define IS_CERT_HASH_PROP_ID(X) (CERT_SHA1_HASH_PROP_ID == (X) || \ #define IS_CERT_HASH_PROP_ID(X) (CERT_SHA1_HASH_PROP_ID == (X) || \
CERT_MD5_HASH_PROP_ID == (X) || \ CERT_MD5_HASH_PROP_ID == (X) || \
CERT_SIGNATURE_HASH_PROP_ID == (X)) CERT_SIGNATURE_HASH_PROP_ID == (X))
#define IS_PUBKEY_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID = = (X) || \ #define IS_PUBKEY_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID = = (X) || \
skipping to change at line 8820 skipping to change at line 8917
// dwKeySpec is set to the special CERT_NCRYPT_KEY_SPEC to select the // dwKeySpec is set to the special CERT_NCRYPT_KEY_SPEC to select the
// hNCryptKey choice. // hNCryptKey choice.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_KEY_CONTEXT { typedef struct _CERT_KEY_CONTEXT {
DWORD cbSize; // sizeof(CERT_KEY_CONTEXT) DWORD cbSize; // sizeof(CERT_KEY_CONTEXT)
union { union {
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
// dwKeySpec == CERT_NCRYPT_KEY_SPEC // dwKeySpec == CERT_NCRYPT_KEY_SPEC
NCRYPT_KEY_HANDLE hNCryptKey; NCRYPT_KEY_HANDLE hNCryptKey;
}; } DUMMYUNIONNAME;
DWORD dwKeySpec; DWORD dwKeySpec;
} CERT_KEY_CONTEXT, *PCERT_KEY_CONTEXT; } CERT_KEY_CONTEXT, *PCERT_KEY_CONTEXT;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Cryptographic Smart Card Root Information // Cryptographic Smart Card Root Information
// //
// CRYPT_SMART_CARD_ROOT_INFO defines the // CRYPT_SMART_CARD_ROOT_INFO defines the
// CERT_SMART_CARD_ROOT_INFO_PROP_ID's pvData. // CERT_SMART_CARD_ROOT_INFO_PROP_ID's pvData.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _ROOT_INFO_LUID { typedef struct _ROOT_INFO_LUID {
skipping to change at line 8942 skipping to change at line 9039
// Includes flags and location // Includes flags and location
#define CERT_SYSTEM_STORE_MASK 0xFFFF0000 #define CERT_SYSTEM_STORE_MASK 0xFFFF0000
// Set if pvPara points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure // Set if pvPara points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure
#define CERT_SYSTEM_STORE_RELOCATE_FLAG 0x80000000 #define CERT_SYSTEM_STORE_RELOCATE_FLAG 0x80000000
typedef struct _CERT_SYSTEM_STORE_RELOCATE_PARA { typedef struct _CERT_SYSTEM_STORE_RELOCATE_PARA {
union { union {
HKEY hKeyBase; HKEY hKeyBase;
void *pvBase; void *pvBase;
}; } DUMMYUNIONNAME;
union { union {
void *pvSystemStore; void *pvSystemStore;
LPCSTR pszSystemStore; LPCSTR pszSystemStore;
LPCWSTR pwszSystemStore; LPCWSTR pwszSystemStore;
}; } DUMMYUNIONNAME2;
} CERT_SYSTEM_STORE_RELOCATE_PARA, *PCERT_SYSTEM_STORE_RELOCATE_PARA; } CERT_SYSTEM_STORE_RELOCATE_PARA, *PCERT_SYSTEM_STORE_RELOCATE_PARA;
// By default, when the CurrentUser "Root" store is opened, any SystemRegistry // By default, when the CurrentUser "Root" store is opened, any SystemRegistry
// roots not also on the protected root list are deleted from the cache before // roots not also on the protected root list are deleted from the cache before
// CertOpenStore() returns. Set the following flag to return all the roots // CertOpenStore() returns. Set the following flag to return all the roots
// in the SystemRegistry without checking the protected root list. // in the SystemRegistry without checking the protected root list.
#define CERT_SYSTEM_STORE_UNPROTECTED_FLAG 0x40000000 #define CERT_SYSTEM_STORE_UNPROTECTED_FLAG 0x40000000
// Location of the system store: // Location of the system store:
#define CERT_SYSTEM_STORE_LOCATION_MASK 0x00FF0000 #define CERT_SYSTEM_STORE_LOCATION_MASK 0x00FF0000
skipping to change at line 9136 skipping to change at line 9233
// chain. // chain.
#define CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG 0x00000100 #define CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG 0x00000100
// Set the following flag to enable revocation checking of the time stamp // Set the following flag to enable revocation checking of the time stamp
// chain. // chain.
#define CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG 0x00000200 #define CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG 0x00000200
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// OCM Subcomponents Definitions // OCM Subcomponents Definitions
// //
// Reading of the following registry key has been deprecated on Longhorn. // Reading of the following registry key has been deprecated on Vista.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Registry path to the OCM Subcomponents local machine subkey // Registry path to the OCM Subcomponents local machine subkey
#define CERT_OCM_SUBCOMPONENTS_LOCAL_MACHINE_REGPATH \ #define CERT_OCM_SUBCOMPONENTS_LOCAL_MACHINE_REGPATH \
L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OC Manager\\Subcompon ents" L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OC Manager\\Subcompon ents"
// REG_DWORD, 1 is installed, 0 is NOT installed // REG_DWORD, 1 is installed, 0 is NOT installed
#define CERT_OCM_SUBCOMPONENTS_ROOT_AUTO_UPDATE_VALUE_NAME L"RootAutoUpdate" #define CERT_OCM_SUBCOMPONENTS_ROOT_AUTO_UPDATE_VALUE_NAME L"RootAutoUpdate"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 10728 skipping to change at line 10825
// CryptEncodeObject(X509_DSS_PARAMETERS). This property may be set // CryptEncodeObject(X509_DSS_PARAMETERS). This property may be set
// by CryptVerifyCertificateSignatureEx(). // by CryptVerifyCertificateSignatureEx().
// //
// CERT_CROSS_CERT_DIST_POINTS_PROP_ID - location of the cross certs. // CERT_CROSS_CERT_DIST_POINTS_PROP_ID - location of the cross certs.
// Currently only applicable to certs. pvData points to a CRYPT_DATA_BLOB // Currently only applicable to certs. pvData points to a CRYPT_DATA_BLOB
// containing an ASN.1 encoded CROSS_CERT_DIST_POINTS_INFO (encoded via // containing an ASN.1 encoded CROSS_CERT_DIST_POINTS_INFO (encoded via
// CryptEncodeObject(X509_CROSS_CERT_DIST_POINTS)). // CryptEncodeObject(X509_CROSS_CERT_DIST_POINTS)).
// //
// CERT_ENROLLMENT_PROP_ID - enrollment information of the pending request. // CERT_ENROLLMENT_PROP_ID - enrollment information of the pending request.
// It contains RequestID, CADNSName, CAName, and FriendlyName. // It contains RequestID, CADNSName, CAName, and FriendlyName.
// The data format is defined as, the first 4 bytes - pending request ID, // The data format is defined as: the first 4 bytes - pending request ID,
// next 4 bytes - CADNSName size in characters including null-terminator // next 4 bytes - CADNSName size in characters including null-terminator
// followed by CADNSName string with null-terminator, // followed by CADNSName string with null-terminator,
// next 4 bytes - CAName size in characters including null-terminator // next 4 bytes - CAName size in characters including null-terminator
// followed by CAName string with null-terminator, // followed by CAName string with null-terminator,
// next 4 bytes - FriendlyName size in characters including null-terminator // next 4 bytes - FriendlyName size in characters including null-terminator
// followed by FriendlyName string with null-terminator. // followed by FriendlyName string with null-terminator.
// //
// CERT_DATE_STAMP_PROP_ID - contains the time when added to the store // CERT_DATE_STAMP_PROP_ID - contains the time when added to the store
// by an admin tool. pvData points to a CRYPT_DATA_BLOB containing // by an admin tool. pvData points to a CRYPT_DATA_BLOB containing
// the FILETIME. // the FILETIME.
skipping to change at line 10757 skipping to change at line 10854
// to use before doing an URL retrieval. // to use before doing an URL retrieval.
// //
// CERT_SOURCE_LOCATION_PROP_ID - contains source location of the CRL or // CERT_SOURCE_LOCATION_PROP_ID - contains source location of the CRL or
// OCSP. pvData points to a CRYPT_DATA_BLOB. pbData is a pointer to a NULL // OCSP. pvData points to a CRYPT_DATA_BLOB. pbData is a pointer to a NULL
// terminated unicode, wide character string. Where, // terminated unicode, wide character string. Where,
// cbData = (wcslen((LPWSTR) pbData) + 1) * sizeof(WCHAR). // cbData = (wcslen((LPWSTR) pbData) + 1) * sizeof(WCHAR).
// //
// CERT_SOURCE_URL_PROP_ID - contains URL for the CRL or OCSP. pvData // CERT_SOURCE_URL_PROP_ID - contains URL for the CRL or OCSP. pvData
// is the same as for CERT_SOURCE_LOCATION_PROP_ID. // is the same as for CERT_SOURCE_LOCATION_PROP_ID.
// //
// CERT_CEP_PROP_ID - contains Version, PropertyFlags, AuthType,
// UrlFlags and CESAuthType, followed by the CEPUrl, CEPId, CESUrl and
// RequestId strings
// The data format is defined as: the first 4 bytes - property version,
// next 4 bytes - Property Flags
// next 4 bytes - Authentication Type
// next 4 bytes - Url Flags
// next 4 bytes - CES Authentication Type
// followed by Url string with null-terminator,
// followed by Id string with null-terminator,
// followed by CES Url string with null-terminator,
// followed by RequestId string with null-terminator.
// a single null-terminator indicates no string is present.
//
// For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData. // For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData.
// //
// If the property already exists, then, the old value is deleted and silently // If the property already exists, then, the old value is deleted and silently
// replaced. Setting, pvData to NULL, deletes the property. // replaced. Setting, pvData to NULL, deletes the property.
// //
// CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG can be set to ignore any // CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG can be set to ignore any
// provider write errors and always update the cached context's property. // provider write errors and always update the cached context's property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
skipping to change at line 12970 skipping to change at line 13081
PCCRL_CONTEXT pBaseCrlContext; PCCRL_CONTEXT pBaseCrlContext;
PCCRL_CONTEXT pDeltaCrlContext; PCCRL_CONTEXT pDeltaCrlContext;
// When revoked, points to entry in either of the above CRL contexts. // When revoked, points to entry in either of the above CRL contexts.
// Don't free. // Don't free.
PCRL_ENTRY pCrlEntry; PCRL_ENTRY pCrlEntry;
BOOL fDeltaCrlEntry; // TRUE if in pDeltaCrlContext BOOL fDeltaCrlEntry; // TRUE if in pDeltaCrlContext
} CERT_REVOCATION_CRL_INFO, *PCERT_REVOCATION_CRL_INFO; } CERT_REVOCATION_CRL_INFO, *PCERT_REVOCATION_CRL_INFO;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// This data structure is optionally pointed to by the pChainPara field
// in the CERT_REVOCATION_PARA and CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO
// data structures.
//
// Its struct definition follows the CertGetCertificateChain() API
// definition below.
//--------------------------------------------------------------------------
typedef struct _CERT_REVOCATION_CHAIN_PARA
CERT_REVOCATION_CHAIN_PARA,
*PCERT_REVOCATION_CHAIN_PARA;
//+-------------------------------------------------------------------------
// The following data structure may be passed to CertVerifyRevocation to // The following data structure may be passed to CertVerifyRevocation to
// assist in finding the issuer of the context to be verified. // assist in finding the issuer of the context to be verified.
// //
// When pIssuerCert is specified, pIssuerCert is the issuer of // When pIssuerCert is specified, pIssuerCert is the issuer of
// rgpvContext[cContext - 1]. // rgpvContext[cContext - 1].
// //
// When cCertStore and rgCertStore are specified, these stores may contain // When cCertStore and rgCertStore are specified, these stores may contain
// an issuer certificate. // an issuer certificate.
// //
// When hCrlStore is specified then a handler which uses CRLs can search this // When hCrlStore is specified then a handler which uses CRLs can search this
skipping to change at line 13024 skipping to change at line 13147
// CRL contexts must be freed by the caller. // CRL contexts must be freed by the caller.
// //
// The CRL info is only applicable to the last context checked. If // The CRL info is only applicable to the last context checked. If
// interested in this information, then, CertVerifyRevocation should be // interested in this information, then, CertVerifyRevocation should be
// called with cContext = 1. // called with cContext = 1.
PCERT_REVOCATION_CRL_INFO pCrlInfo; PCERT_REVOCATION_CRL_INFO pCrlInfo;
// If nonNULL, any cached information before this time is considered // If nonNULL, any cached information before this time is considered
// time invalid and forces a wire retrieval. // time invalid and forces a wire retrieval.
LPFILETIME pftCacheResync; LPFILETIME pftCacheResync;
// If nonNULL, CertGetCertificateChain() parameters used by the caller.
// Enables independent OCSP signer certificate chain verification.
PCERT_REVOCATION_CHAIN_PARA pChainPara;
#endif #endif
} CERT_REVOCATION_PARA, *PCERT_REVOCATION_PARA; } CERT_REVOCATION_PARA, *PCERT_REVOCATION_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The following data structure is returned by CertVerifyRevocation to // The following data structure is returned by CertVerifyRevocation to
// specify the status of the revoked or unchecked context. Review the // specify the status of the revoked or unchecked context. Review the
// following CertVerifyRevocation comments for details. // following CertVerifyRevocation comments for details.
// //
// Upon input to CertVerifyRevocation, cbSize must be set to a size // Upon input to CertVerifyRevocation, cbSize must be set to a size
// >= (offsetof(CERT_REVOCATION_STATUS, dwReason) + sizeof(DWORD) ). // >= (offsetof(CERT_REVOCATION_STATUS, dwReason) + sizeof(DWORD) ).
skipping to change at line 13423 skipping to change at line 13550
CryptHashCertificate( CryptHashCertificate(
__in_opt HCRYPTPROV_LEGACY hCryptProv, __in_opt HCRYPTPROV_LEGACY hCryptProv,
__in ALG_ID Algid, __in ALG_ID Algid,
__in DWORD dwFlags, __in DWORD dwFlags,
__in_bcount_opt(cbEncoded) const BYTE *pbEncoded, __in_bcount_opt(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, __in DWORD cbEncoded,
__out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa sh, __out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa sh,
__inout DWORD *pcbComputedHash __inout DWORD *pcbComputedHash
); );
#if (NTDDI_VERSION >= NTDDI_WINLH)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Hash the encoded content using the CNG hash algorithm provider. // Hash the encoded content using the CNG hash algorithm provider.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptHashCertificate2( CryptHashCertificate2(
__in LPCWSTR pwszCNGHashAlgid, __in LPCWSTR pwszCNGHashAlgid,
__in DWORD dwFlags, __in DWORD dwFlags,
__reserved void *pvReserved, __reserved void *pvReserved,
__in_bcount_opt(cbEncoded) const BYTE *pbEncoded, __in_bcount_opt(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, __in DWORD cbEncoded,
__out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa sh, __out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa sh,
__inout DWORD *pcbComputedHash __inout DWORD *pcbComputedHash
); );
#endif // (NTDDI_VERSION >= NTDDI_WINLH)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign the "to be signed" information in the encoded signed content. // Sign the "to be signed" information in the encoded signed content.
// //
// hCryptProvOrNCryptKey specifies the crypto provider to use to do the // hCryptProvOrNCryptKey specifies the crypto provider to use to do the
// signature. It uses the specified private key. // signature. It uses the specified private key.
// //
// If the SignatureAlgorithm is a hash algorithm, then, the signature // If the SignatureAlgorithm is a hash algorithm, then, the signature
// contains the hash octets. A private key isn't used to encrypt the hash. // contains the hash octets. A private key isn't used to encrypt the hash.
// dwKeySpec isn't used and hCryptProvOrNCryptKey can be NULL where an // dwKeySpec isn't used and hCryptProvOrNCryptKey can be NULL where an
// appropriate default provider will be used for hashing. // appropriate default provider will be used for hashing.
skipping to change at line 13857 skipping to change at line 13988
typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC) ( typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC) (
__in NCRYPT_KEY_HANDLE hNCryptKey, __in NCRYPT_KEY_HANDLE hNCryptKey,
__in DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
__in LPSTR pszPublicKeyObjId, __in LPSTR pszPublicKeyObjId,
__in DWORD dwFlags, __in DWORD dwFlags,
__in_opt void *pvAuxInfo, __in_opt void *pvAuxInfo,
__out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo, __out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
__inout DWORD *pcbInfo __inout DWORD *pcbInfo
); );
#if (NTDDI_VERSION >= NTDDI_WIN7)
//+-------------------------------------------------------------------------
// Export the public key info associated with the provider's corresponding
// private key.
//
// Uses the dwCertEncodingType and pszPublicKeyObjId to call the
// installable CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC. The
// called function has the same signature as
// CryptExportPublicKeyInfoFromBCryptKeyHandle.
//
// If unable to find an installable OID function for the pszPublicKeyObjId,
// attempts to export as a RSA Public Key (szOID_RSA_RSA).
//
// The dwFlags and pvAuxInfo aren't used for szOID_RSA_RSA.
//
// In addition dwFlags can be set with the following 2 flags passed directly
// to CryptFindOIDInfo:
// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
//--------------------------------------------------------------------------
WINCRYPT32API
BOOL
WINAPI
CryptExportPublicKeyInfoFromBCryptKeyHandle(
__in BCRYPT_KEY_HANDLE hBCryptKey,
__in DWORD dwCertEncodingType,
__in_opt LPSTR pszPublicKeyObjId,
__in DWORD dwFlags,
__in_opt void *pvAuxInfo,
__out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
__inout DWORD *pcbInfo
);
//+-------------------------------------------------------------------------
// Export CNG PublicKeyInfo OID installable function. Note, not called
// for a HCRYPTPROV or NCRYPT_KEY_HANDLE choice.
//--------------------------------------------------------------------------
#define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC \
"CryptDllExportPublicKeyInfoFromBCryptKeyHandle"
typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC)
(
__in BCRYPT_KEY_HANDLE hBCryptKey,
__in DWORD dwCertEncodingType,
__in LPSTR pszPublicKeyObjId,
__in DWORD dwFlags,
__in_opt void *pvAuxInfo,
__out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
__inout DWORD *pcbInfo
);
#endif // (NTDDI_VERSION >= NTDDI_WIN7)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert and import the public key info into the provider and return a // Convert and import the public key info into the provider and return a
// handle to the public key. // handle to the public key.
// //
// Calls CryptImportPublicKeyInfoEx with aiKeyAlg = 0, dwFlags = 0 and // Calls CryptImportPublicKeyInfoEx with aiKeyAlg = 0, dwFlags = 0 and
// pvAuxInfo = NULL. // pvAuxInfo = NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
skipping to change at line 13903 skipping to change at line 14087
CryptImportPublicKeyInfoEx( CryptImportPublicKeyInfoEx(
__in HCRYPTPROV hCryptProv, __in HCRYPTPROV hCryptProv,
__in DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo, __in PCERT_PUBLIC_KEY_INFO pInfo,
__in ALG_ID aiKeyAlg, __in ALG_ID aiKeyAlg,
__in DWORD dwFlags, __in DWORD dwFlags,
__in_opt void *pvAuxInfo, __in_opt void *pvAuxInfo,
__out HCRYPTKEY *phKey __out HCRYPTKEY *phKey
); );
#if (NTDDI_VERSION >= NTDDI_WINLH)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert and import the public key info into the CNG asymmetric or // Convert and import the public key info into the CNG asymmetric or
// signature algorithm provider and return a BCRYPT_KEY_HANDLE to it. // signature algorithm provider and return a BCRYPT_KEY_HANDLE to it.
// //
// Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the // Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the
// installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC. The called function // installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC. The called function
// has the same signature as CryptImportPublicKeyInfoEx2. // has the same signature as CryptImportPublicKeyInfoEx2.
// //
// dwFlags can be set with the following 2 flags passed directly to // dwFlags can be set with the following 2 flags passed directly to
// CryptFindOIDInfo: // CryptFindOIDInfo:
// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG // CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG // CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
// dwFlags can also have BCRYPT_NO_KEY_VALIDATION OR'd in. This flag is
// passed to BCryptImportKeyPair.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptImportPublicKeyInfoEx2( CryptImportPublicKeyInfoEx2(
__in DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo, __in PCERT_PUBLIC_KEY_INFO pInfo,
__in DWORD dwFlags, __in DWORD dwFlags,
__in_opt void *pvAuxInfo, __in_opt void *pvAuxInfo,
__out BCRYPT_KEY_HANDLE *phKey __out BCRYPT_KEY_HANDLE *phKey
skipping to change at line 13940 skipping to change at line 14128
#define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC \ #define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC \
"CryptDllImportPublicKeyInfoEx2" "CryptDllImportPublicKeyInfoEx2"
typedef BOOL (WINAPI *PFN_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC) ( typedef BOOL (WINAPI *PFN_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC) (
__in DWORD dwCertEncodingType, __in DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo, __in PCERT_PUBLIC_KEY_INFO pInfo,
__in DWORD dwFlags, __in DWORD dwFlags,
__in_opt void *pvAuxInfo, __in_opt void *pvAuxInfo,
__out BCRYPT_KEY_HANDLE *phKey __out BCRYPT_KEY_HANDLE *phKey
); );
#endif // (NTDDI_VERSION >= NTDDI_WINLH)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Acquire a HCRYPTPROV and dwKeySpec or NCRYPT_KEY_HANDLE for the // Acquire a HCRYPTPROV and dwKeySpec or NCRYPT_KEY_HANDLE for the
// specified certificate context. Uses the certificate's // specified certificate context. Uses the certificate's
// CERT_KEY_PROV_INFO_PROP_ID property. // CERT_KEY_PROV_INFO_PROP_ID property.
// The returned HCRYPTPROV or NCRYPT_KEY_HANDLE handle may optionally be // The returned HCRYPTPROV or NCRYPT_KEY_HANDLE handle may optionally be
// cached using the certificate's CERT_KEY_CONTEXT_PROP_ID property. // cached using the certificate's CERT_KEY_CONTEXT_PROP_ID property.
// //
// If CRYPT_ACQUIRE_CACHE_FLAG is set, then, if an already acquired and // If CRYPT_ACQUIRE_CACHE_FLAG is set, then, if an already acquired and
// cached HCRYPTPROV or NCRYPT_KEY_HANDLE exists for the certificate, its // cached HCRYPTPROV or NCRYPT_KEY_HANDLE exists for the certificate, its
// returned. Otherwise, a HCRYPTPROV or NCRYPT_KEY_HANDLE is acquired and // returned. Otherwise, a HCRYPTPROV or NCRYPT_KEY_HANDLE is acquired and
skipping to change at line 14128 skipping to change at line 14318
__in DWORD dwKeySpec, // in __in DWORD dwKeySpec, // in
__in LPSTR pszPrivateKeyObjId, // in __in LPSTR pszPrivateKeyObjId, // in
__in DWORD dwFlags, // in __in DWORD dwFlags, // in
__in_opt void* pvAuxInfo, // in __in_opt void* pvAuxInfo, // in
__out_bcount_opt (*pcbPrivateKeyInfo) CRYPT_PRIVATE_KEY_INFO* pPrivateKeyInf o, // out __out_bcount_opt (*pcbPrivateKeyInfo) CRYPT_PRIVATE_KEY_INFO* pPrivateKeyInf o, // out
__inout DWORD* pcbPrivateKeyInfo // in, out __inout DWORD* pcbPrivateKeyInfo // in, out
); );
#define CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC "CryptDllExportPrivateKeyInfoEx " #define CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC "CryptDllExportPrivateKeyInfoEx "
#define CRYPT_DELETE_KEYSET 0x0001 #define CRYPT_DELETE_KEYSET CRYPT_DELETEKEYSET
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CryptExportPKCS8 -- superseded by CryptExportPKCS8Ex // CryptExportPKCS8 -- superseded by CryptExportPKCS8Ex
// //
// Export the private key in PKCS8 format // Export the private key in PKCS8 format
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptExportPKCS8( CryptExportPKCS8(
__in HCRYPTPROV hCryptProv, // in __in HCRYPTPROV hCryptProv, // in
skipping to change at line 14326 skipping to change at line 14516
// the above quoting. // the above quoting.
// //
// CERT_NAME_STR_REVERSE_FLAG can be or'ed into dwStrType to reverse the // CERT_NAME_STR_REVERSE_FLAG can be or'ed into dwStrType to reverse the
// order of the RDNs before converting to the string. // order of the RDNs before converting to the string.
// //
// By default, CERT_RDN_T61_STRING encoded values are initially decoded // By default, CERT_RDN_T61_STRING encoded values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters. // as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG can be or'ed into dwStrType to // CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG can be or'ed into dwStrType to
// skip the initial attempt to decode as UTF8. // skip the initial attempt to decode as UTF8.
// //
// CERT_NAME_STR_ENABLE_PUNYCODE_FLAG can be or'ed into dwStrType to enable
// encoding/decoding of unicode characters in email RDN value.
//
// Returns the number of characters converted including the terminating null // Returns the number of characters converted including the terminating null
// character. If psz is NULL or csz is 0, returns the required size of the // character. If psz is NULL or csz is 0, returns the required size of the
// destination string (including the terminating null char). // destination string (including the terminating null char).
// //
// If psz != NULL && csz != 0, returned psz is always NULL terminated. // If psz != NULL && csz != 0, returned psz is always NULL terminated.
// //
// Note: csz includes the NULL char. // Note: csz includes the NULL char.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 14390 skipping to change at line 14583
#define CERT_NAME_STR_CRLF_FLAG 0x08000000 #define CERT_NAME_STR_CRLF_FLAG 0x08000000
#define CERT_NAME_STR_COMMA_FLAG 0x04000000 #define CERT_NAME_STR_COMMA_FLAG 0x04000000
#define CERT_NAME_STR_REVERSE_FLAG 0x02000000 #define CERT_NAME_STR_REVERSE_FLAG 0x02000000
#define CERT_NAME_STR_FORWARD_FLAG 0x01000000 #define CERT_NAME_STR_FORWARD_FLAG 0x01000000
#define CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG 0x00010000 #define CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG 0x00010000
#define CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG 0x00020000 #define CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG 0x00020000
#define CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG 0x00040000 #define CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG 0x00040000
#define CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG 0x00080000 #define CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG 0x00080000
#define CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG 0x00100000 #define CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG 0x00100000
#define CERT_NAME_STR_ENABLE_PUNYCODE_FLAG 0x00200000
// certenrolld_end // certenrolld_end
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert the null terminated X500 string to an encoded certificate name. // Convert the null terminated X500 string to an encoded certificate name.
// //
// The input string is expected to be formatted the same as the output // The input string is expected to be formatted the same as the output
// from the above CertNameToStr API. // from the above CertNameToStr API.
// //
// The CERT_SIMPLE_NAME_STR type and CERT_XML_NAME_STR aren't supported. // The CERT_SIMPLE_NAME_STR type and CERT_XML_NAME_STR aren't supported.
// Otherwise, when dwStrType // Otherwise, when dwStrType
skipping to change at line 14971 skipping to change at line 15165
// LastError will be updated with E_INVALIDARG. // LastError will be updated with E_INVALIDARG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_KEY_SIGN_MESSAGE_PARA { typedef struct _CRYPT_KEY_SIGN_MESSAGE_PARA {
DWORD cbSize; DWORD cbSize;
DWORD dwMsgAndCertEncodingType; DWORD dwMsgAndCertEncodingType;
// NCryptIsKeyHandle() is called to determine the union choice. // NCryptIsKeyHandle() is called to determine the union choice.
union { union {
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
NCRYPT_KEY_HANDLE hNCryptKey; NCRYPT_KEY_HANDLE hNCryptKey;
}; } DUMMYUNIONNAME;
// not applicable for hNCryptKey choice // not applicable for hNCryptKey choice
DWORD dwKeySpec; DWORD dwKeySpec;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
void *pvHashAuxInfo; void *pvHashAuxInfo;
// This is also referred to as the SignatureAlgorithm // This is also referred to as the SignatureAlgorithm
CRYPT_ALGORITHM_IDENTIFIER PubKeyAlgorithm; CRYPT_ALGORITHM_IDENTIFIER PubKeyAlgorithm;
} CRYPT_KEY_SIGN_MESSAGE_PARA, *PCRYPT_KEY_SIGN_MESSAGE_PARA; } CRYPT_KEY_SIGN_MESSAGE_PARA, *PCRYPT_KEY_SIGN_MESSAGE_PARA;
skipping to change at line 16462 skipping to change at line 16656
// This will be retrieved from the authority info access and // This will be retrieved from the authority info access and
// CRL distribution point extension or property on the certificate. // CRL distribution point extension or property on the certificate.
// If any OCSP URLs are present, they will be first with each URL prefixed // If any OCSP URLs are present, they will be first with each URL prefixed
// with L"ocsp:". The L"ocsp:" prefix should be removed before using. // with L"ocsp:". The L"ocsp:" prefix should be removed before using.
// //
// URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP // URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP
// //
// Same as URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT, except, // Same as URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT, except,
// the CRL URLs will be first // the CRL URLs will be first
// //
// URL_OID_CERTIFICATE_ONLY_OCSP
//
// Same as URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT, except,
// only OCSP URLs are retrieved.
//
// URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS // URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS
// //
// pvPara == PCCERT_CONTEXT, certificate whose cross certificates // pvPara == PCCERT_CONTEXT, certificate whose cross certificates
// are being requested // are being requested
// //
// This will be retrieved from the Authority Info Access // This will be retrieved from the Authority Info Access
// extension or property on the certificate. Only access methods // extension or property on the certificate. Only access methods
// matching szOID_PKIX_CA_REPOSITORY will be returned. // matching szOID_PKIX_CA_REPOSITORY will be returned.
#define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1) #define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1)
skipping to change at line 16483 skipping to change at line 16682
#define URL_OID_CTL_ISSUER ((LPCSTR)3) #define URL_OID_CTL_ISSUER ((LPCSTR)3)
#define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4) #define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4)
#define URL_OID_CRL_ISSUER ((LPCSTR)5) #define URL_OID_CRL_ISSUER ((LPCSTR)5)
#define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6) #define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6)
#define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7) #define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7)
#define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8) #define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8)
#define URL_OID_CERTIFICATE_OCSP ((LPCSTR)9) #define URL_OID_CERTIFICATE_OCSP ((LPCSTR)9)
#define URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT ((LPCSTR)10) #define URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT ((LPCSTR)10)
#define URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP ((LPCSTR)11) #define URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP ((LPCSTR)11)
#define URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS ((LPCSTR)12) #define URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS ((LPCSTR)12)
#define URL_OID_CERTIFICATE_ONLY_OCSP ((LPCSTR)13)
typedef struct _CERT_CRL_CONTEXT_PAIR { typedef struct _CERT_CRL_CONTEXT_PAIR {
PCCERT_CONTEXT pCertContext; PCCERT_CONTEXT pCertContext;
PCCRL_CONTEXT pCrlContext; PCCRL_CONTEXT pCrlContext;
} CERT_CRL_CONTEXT_PAIR, *PCERT_CRL_CONTEXT_PAIR; } CERT_CRL_CONTEXT_PAIR, *PCERT_CRL_CONTEXT_PAIR;
typedef const CERT_CRL_CONTEXT_PAIR *PCCERT_CRL_CONTEXT_PAIR; typedef const CERT_CRL_CONTEXT_PAIR *PCCERT_CRL_CONTEXT_PAIR;
// //
// Get a time valid CAPI2 object // Get a time valid CAPI2 object
// //
skipping to change at line 16505 skipping to change at line 16705
// The following optional Extra Info may be passed to // The following optional Extra Info may be passed to
// CryptGetTimeValidObject(). // CryptGetTimeValidObject().
// //
// All unused fields in this data structure must be zeroed. More fields // All unused fields in this data structure must be zeroed. More fields
// could be added in a future release. // could be added in a future release.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO { typedef struct _CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO {
DWORD cbSize; DWORD cbSize;
// If > 0, check that the CRL's number is >= // If > 0, check that the CRL's number is >=
// Should be 0x7fffffff if pDeltaCrlIndicator is nonNull
int iDeltaCrlIndicator; int iDeltaCrlIndicator;
// If nonNULL, any cached information before this time is considered // If nonNULL, any cached information before this time is considered
// time invalid and forces a wire retrieval. // time invalid and forces a wire retrieval.
LPFILETIME pftCacheResync; LPFILETIME pftCacheResync;
// If nonNull, returns the cache's LastSyncTime // If nonNull, returns the cache's LastSyncTime
LPFILETIME pLastSyncTime; LPFILETIME pLastSyncTime;
// If nonNull, returns the internal MaxAge expiration time // If nonNull, returns the internal MaxAge expiration time
// for the object. If the object doesn't have a MaxAge expiration, set // for the object. If the object doesn't have a MaxAge expiration, set
// to zero. // to zero.
LPFILETIME pMaxAgeTime; LPFILETIME pMaxAgeTime;
// If nonNULL, CertGetCertificateChain() parameters used by the caller.
// Enables independent OCSP signer certificate chain verification.
PCERT_REVOCATION_CHAIN_PARA pChainPara;
// Should be used if the DeltaCrlIndicator value is more than 4 bytes
// If nonNull and iDeltaCrlIndicator == MAXLONG, check that the CRL's number
is >=
PCRYPT_INTEGER_BLOB pDeltaCrlIndicator;
} CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO, } CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO,
*PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO; *PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO;
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) __success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptGetTimeValidObject ( CryptGetTimeValidObject (
__in LPCSTR pszTimeValidOid, __in LPCSTR pszTimeValidOid,
__in LPVOID pvPara, __in LPVOID pvPara,
skipping to change at line 16718 skipping to change at line 16928
#define CRYPTPROTECT_LAST_RESERVED_FLAGVAL 0xFFFFFFFF #define CRYPTPROTECT_LAST_RESERVED_FLAGVAL 0xFFFFFFFF
// //
// flags specific to base provider // flags specific to base provider
// //
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptProtectData( CryptProtectData(
IN DATA_BLOB* pDataIn, __in DATA_BLOB* pDataIn,
__in_opt LPCWSTR szDataDescr, __in_opt LPCWSTR szDataDescr,
IN OPTIONAL DATA_BLOB* pOptionalEntropy, __in_opt DATA_BLOB* pOptionalEntropy,
__reserved PVOID pvReserved, __reserved PVOID pvReserved,
IN OPTIONAL CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct, __in_opt CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT DATA_BLOB* pDataOut // out encr blob __out DATA_BLOB* pDataOut // out encr blob
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUnprotectData( CryptUnprotectData(
IN DATA_BLOB* pDataIn, // in encr blob __in DATA_BLOB* pDataIn, // in encr blob
__deref_opt_out_opt LPWSTR* ppszDataDescr, // out __deref_opt_out_opt LPWSTR* ppszDataDescr, // out
IN OPTIONAL DATA_BLOB* pOptionalEntropy, __in_opt DATA_BLOB* pOptionalEntropy,
__reserved PVOID pvReserved, __reserved PVOID pvReserved,
IN OPTIONAL CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct, __in_opt CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
IN DWORD dwFlags, __in DWORD dwFlags,
OUT DATA_BLOB* pDataOut __out DATA_BLOB* pDataOut
); );
#if (NTDDI_VERSION >= NTDDI_WINLH)
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUpdateProtectedState( CryptUpdateProtectedState(
__in_opt PSID pOldSid, __in_opt PSID pOldSid,
__in_opt LPCWSTR pwszOldPassword, __in_opt LPCWSTR pwszOldPassword,
__in DWORD dwFlags, __in DWORD dwFlags,
__out_opt DWORD *pdwSuccessCount, __out_opt DWORD *pdwSuccessCount,
__out_opt DWORD *pdwFailureCount); __out_opt DWORD *pdwFailureCount);
#endif // (NTDDI_VERSION >= NTDDI_WINLH)
// //
// The buffer length passed into CryptProtectMemory and CryptUnprotectMemory // The buffer length passed into CryptProtectMemory and CryptUnprotectMemory
// must be a multiple of this length (or zero). // must be a multiple of this length (or zero).
// //
#define CRYPTPROTECTMEMORY_BLOCK_SIZE 16 #define CRYPTPROTECTMEMORY_BLOCK_SIZE 16
// //
// CryptProtectMemory/CryptUnprotectMemory dwFlags // CryptProtectMemory/CryptUnprotectMemory dwFlags
// //
skipping to change at line 16785 skipping to change at line 16999
// Encrypt/Decrypt across callers with same LogonId. // Encrypt/Decrypt across callers with same LogonId.
// eg: encrypted buffer passed across LPC to another process which calls CryptUn protectMemory whilst impersonating. // eg: encrypted buffer passed across LPC to another process which calls CryptUn protectMemory whilst impersonating.
// //
#define CRYPTPROTECTMEMORY_SAME_LOGON 0x02 #define CRYPTPROTECTMEMORY_SAME_LOGON 0x02
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptProtectMemory( CryptProtectMemory(
IN OUT LPVOID pDataIn, // in out data to encry __inout LPVOID pDataIn, // in out data to encry
pt pt
IN DWORD cbDataIn, // multiple of CRYPTPRO __in DWORD cbDataIn, // multiple of CRYPTPRO
TECTMEMORY_BLOCK_SIZE TECTMEMORY_BLOCK_SIZE
IN DWORD dwFlags __in DWORD dwFlags
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUnprotectMemory( CryptUnprotectMemory(
IN OUT LPVOID pDataIn, // in out data to decry __inout LPVOID pDataIn, // in out data to decry
pt pt
IN DWORD cbDataIn, // multiple of CRYPTPRO __in DWORD cbDataIn, // multiple of CRYPTPRO
TECTMEMORY_BLOCK_SIZE TECTMEMORY_BLOCK_SIZE
IN DWORD dwFlags __in DWORD dwFlags
); );
//+========================================================================= //+=========================================================================
// Helper functions to build certificates // Helper functions to build certificates
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// //
// Builds a self-signed certificate and returns a PCCERT_CONTEXT representing // Builds a self-signed certificate and returns a PCCERT_CONTEXT representing
// the certificate. A hProv may be specified to build the cert context. // the certificate. A hProv may be specified to build the cert context.
skipping to change at line 17015 skipping to change at line 17229
__inout DWORD *pcbHash __inout DWORD *pcbHash
); );
//+========================================================================= //+=========================================================================
// Certificate Chaining Infrastructure // Certificate Chaining Infrastructure
//========================================================================== //==========================================================================
#define CERT_CHAIN_CONFIG_REGPATH \ #define CERT_CHAIN_CONFIG_REGPATH \
L"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCerti ficateChainEngine\\Config" L"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCerti ficateChainEngine\\Config"
// max size of the cryptographic object to download, in bytes
// NOTE: AIA has different configuration
#define CERT_CHAIN_MAX_URL_RETRIEVAL_BYTE_COUNT_VALUE_NAME \
L"MaxUrlRetrievalByteCount"
#define CERT_CHAIN_MAX_URL_RETRIEVAL_BYTE_COUNT_DEFAULT (100*1024*1024)
// The following is a REG_BINARY. It contains the cache resync FILETIME. // The following is a REG_BINARY. It contains the cache resync FILETIME.
// Any cached information before this time is considered time invalid // Any cached information before this time is considered time invalid
// and forces a wire retrieval. By default this is disabled. // and forces a wire retrieval. By default this is disabled.
#define CERT_CHAIN_CACHE_RESYNC_FILETIME_VALUE_NAME \ #define CERT_CHAIN_CACHE_RESYNC_FILETIME_VALUE_NAME \
L"ChainCacheResyncFiletime" L"ChainCacheResyncFiletime"
// The following are REG_DWORD's. These configuration parameters are used // The following are REG_DWORD's. These configuration parameters are used
// to disable different chain building semantics enabled by default. Set // to disable different chain building semantics enabled by default. Set
// the appropriate registry value to nonzero to disable. // the appropriate registry value to nonzero to disable.
skipping to change at line 17050 skipping to change at line 17270
// The following are REG_DWORD's. These configuration parameters are used // The following are REG_DWORD's. These configuration parameters are used
// to restrict Authority Info Access (AIA) URL retrieval. // to restrict Authority Info Access (AIA) URL retrieval.
#define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_VALUE_NAME \ #define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_VALUE_NAME \
L"MaxAIAUrlCountInCert" L"MaxAIAUrlCountInCert"
#define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_DEFAULT 5 #define CERT_CHAIN_MAX_AIA_URL_COUNT_IN_CERT_DEFAULT 5
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_VALUE_NAME \ #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_VALUE_NAME \
L"MaxAIAUrlRetrievalCountPerChain" L"MaxAIAUrlRetrievalCountPerChain"
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_DEFAULT 10 #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_COUNT_PER_CHAIN_DEFAULT 3
// max size of the object to download, specified by a URL in AIA extention, in b ytes
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_VALUE_NAME \ #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_VALUE_NAME \
L"MaxAIAUrlRetrievalByteCount" L"MaxAIAUrlRetrievalByteCount"
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_DEFAULT 100000 #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_BYTE_COUNT_DEFAULT 100000
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_VALUE_NAME \ #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_VALUE_NAME \
L"MaxAIAUrlRetrievalCertCount" L"MaxAIAUrlRetrievalCertCount"
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_DEFAULT 10 #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_DEFAULT 10
// The following is a REG_DWORD. If the OCSP response NextUpdate is zero, // The following is a REG_DWORD. If the OCSP response NextUpdate is zero,
// this value is added to the ThisUpdate to get a nonzero NextUpdate. // this value is added to the ThisUpdate to get a nonzero NextUpdate.
skipping to change at line 17299 skipping to change at line 17520
#define CRYPTNET_PRE_FETCH_RETRIEVAL_TIMEOUT_SECONDS_DEFAULT \ #define CRYPTNET_PRE_FETCH_RETRIEVAL_TIMEOUT_SECONDS_DEFAULT \
(5 * 60) (5 * 60)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The following configuration parameters are store in HKLM group policy // The following configuration parameters are store in HKLM group policy
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_GROUP_POLICY_CHAIN_CONFIG_REGPATH \ #define CERT_GROUP_POLICY_CHAIN_CONFIG_REGPATH \
CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\ChainEngine\\Config" CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\ChainEngine\\Config"
// In Longhorn, the following have been moved from the above HKLM // In Vista, the following have been moved from the above HKLM
// configuration parameters: // configuration parameters:
// The following are REG_DWORD's. These configuration parameters are used // The following are REG_DWORD's. These configuration parameters are used
// to override the default URL timeouts in chain building // to override the default URL timeouts in chain building
// This is the default URL timeout in milliseconds // This is the default URL timeout in milliseconds
#define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME \ #define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAME \
L"ChainUrlRetrievalTimeoutMilliseconds" L"ChainUrlRetrievalTimeoutMilliseconds"
// 15 seconds // 15 seconds
#define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \ #define CERT_CHAIN_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \
(15 * 1000) (15 * 1000)
// This is the default revocation accumulative URL timeout in milliseconds // This is the default revocation accumulative URL timeout in milliseconds
// The first revocation URL retrieval uses half of this timeout // The first revocation URL retrieval uses half of this timeout
#define CERT_CHAIN_REV_ACCUMULATIVE_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAM E \ #define CERT_CHAIN_REV_ACCUMULATIVE_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_VALUE_NAM E \
L"ChainRevAccumulativeUrlRetrievalTimeoutMilliseconds" L"ChainRevAccumulativeUrlRetrievalTimeoutMilliseconds"
// 20 seconds // 20 seconds
#define CERT_CHAIN_REV_ACCUMULATIVE_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \ #define CERT_CHAIN_REV_ACCUMULATIVE_URL_RETRIEVAL_TIMEOUT_MILLISECONDS_DEFAULT \
(20 * 1000) (20 * 1000)
// REG_DWORD: Set this value to non-zero in order to enable Internet connections
// with Unknown Authorization
#define CERT_RETR_BEHAVIOR_INET_AUTH_VALUE_NAME L"EnableInetUnknownAuth"
// REG_DWORD: Set this value to non-zero in order to override Internet
// connectivity status allowing LOCAL to be treated as INTERNET.
#define CERT_RETR_BEHAVIOR_INET_STATUS_VALUE_NAME L"EnableInetLocal"
// REG_DWORD: Set this value to non-zero in order to allow
// file:// URL scheme.
#define CERT_RETR_BEHAVIOR_FILE_VALUE_NAME L"AllowFileUrlScheme"
// REG_DWORD: Set this value to non-zero in order to disable
// LDAP mutual authentication and & encryption.
#define CERT_RETR_BEHAVIOR_LDAP_VALUE_NAME L"DisableLDAPSignAndEncrypt"
// Note, will allow the machine setting to be used if this value isn't // Note, will allow the machine setting to be used if this value isn't
// defined. // defined.
// By default AIA OCSP URLs are before CDP CRL URLs. When the number of cached // By default AIA OCSP URLs are before CDP CRL URLs. When the number of cached
// OCSP URLs associated with the same CDP extension equal or exceed this // OCSP URLs associated with the same CDP extension equal or exceed this
// number, the CRL URLs are placed before the OCSP URLs. // number, the CRL URLs are placed before the OCSP URLs.
#define CRYPTNET_CACHED_OCSP_SWITCH_TO_CRL_COUNT_VALUE_NAME \ #define CRYPTNET_CACHED_OCSP_SWITCH_TO_CRL_COUNT_VALUE_NAME \
L"CryptnetCachedOcspSwitchToCrlCount" L"CryptnetCachedOcspSwitchToCrlCount"
#define CRYPTNET_CACHED_OCSP_SWITCH_TO_CRL_COUNT_DEFAULT \ #define CRYPTNET_CACHED_OCSP_SWITCH_TO_CRL_COUNT_DEFAULT \
50 50
// The above registry value can be set to this value, to always place // The above registry value can be set to this value, to always place
// the CRL URLs before the OCSP URLs. Note, a registry value of 0, uses the // the CRL URLs before the OCSP URLs. Note, a registry value of 0, uses the
// above default value. // above default value.
#define CRYPTNET_CRL_BEFORE_OCSP_ENABLE \ #define CRYPTNET_CRL_BEFORE_OCSP_ENABLE \
0xFFFFFFFF 0xFFFFFFFF
// Support for the following was removed in Longhorn. Changed to use // Support for the following was removed in Vista. Changed to use
// the following OPTIONS flags in HKLM Group Policy // the following OPTIONS flags in HKLM Group Policy
#define CERT_CHAIN_DISABLE_AIA_URL_RETRIEVAL_VALUE_NAME \ #define CERT_CHAIN_DISABLE_AIA_URL_RETRIEVAL_VALUE_NAME \
L"DisableAIAUrlRetrieval" L"DisableAIAUrlRetrieval"
// By default AIA Url Retrieval is enabled. Set this registry value to nonzero // By default AIA Url Retrieval is enabled. Set this registry value to nonzero
// to disable // to disable
// This is the name of the REG_DWORD for chain engine Options // This is the name of the REG_DWORD for chain engine Options
#define CERT_CHAIN_OPTIONS_VALUE_NAME \ #define CERT_CHAIN_OPTIONS_VALUE_NAME \
L"Options" L"Options"
// Disable AIA URL retrieval when this bit is set in the Options // Disable AIA URL retrieval when this bit is set in the Options
#define CERT_CHAIN_OPTION_DISABLE_AIA_URL_RETRIEVAL 0x2 #define CERT_CHAIN_OPTION_DISABLE_AIA_URL_RETRIEVAL 0x2
// Enable SIA URL retrieval when this bit is set in the Options
#define CERT_CHAIN_OPTION_ENABLE_SIA_URL_RETRIEVAL 0x4
#define CERT_CHAIN_CROSS_CERT_DOWNLOAD_INTERVAL_HOURS_VALUE_NAME \ #define CERT_CHAIN_CROSS_CERT_DOWNLOAD_INTERVAL_HOURS_VALUE_NAME \
L"CrossCertDownloadIntervalHours" L"CrossCertDownloadIntervalHours"
// 7 days // 7 days
#define CERT_CHAIN_CROSS_CERT_DOWNLOAD_INTERVAL_HOURS_DEFAULT (24 * 7) #define CERT_CHAIN_CROSS_CERT_DOWNLOAD_INTERVAL_HOURS_DEFAULT (24 * 7)
// When not defined or zero, the CRL validity isn't extended // When not defined or zero, the CRL validity isn't extended
#define CERT_CHAIN_CRL_VALIDITY_EXT_PERIOD_HOURS_VALUE_NAME \ #define CERT_CHAIN_CRL_VALIDITY_EXT_PERIOD_HOURS_VALUE_NAME \
L"CRLValidityExtensionPeriod" L"CRLValidityExtensionPeriod"
// 12 hour // 12 hour
skipping to change at line 17392 skipping to change at line 17631
// Configuration parameters for the certificate chain engine // Configuration parameters for the certificate chain engine
// //
// hRestrictedRoot - restrict the root store (must be a subset of "Root") // hRestrictedRoot - restrict the root store (must be a subset of "Root")
// //
// hRestrictedTrust - restrict the store for CTLs // hRestrictedTrust - restrict the store for CTLs
// //
// hRestrictedOther - restrict the store for certs and CRLs // hRestrictedOther - restrict the store for certs and CRLs
// //
// cAdditionalStore, rghAdditionalStore - additional stores // cAdditionalStore, rghAdditionalStore - additional stores
// //
// NOTE: The algorithm used to define the stores for the engine is as // hExclusiveRoot - the root store to be used exclusively.
// If not NULL, then the restricted stores
// the system "Root" and "TrustedPeople" are not used
//
// hExclusiveTrustedPeople - the trusted people store to be used exclusivel
y.
// If not NULL, then the restricted stores
// the system "Root" and "TrustedPeople" are not used
//
// NOTE:
//
// (hExclusiveRoot, hExclusiveTrustedPeople) are mutually exclusive
// with (hRestrictedRoot, hRestrictedTrust, hRestrictedOther).
// If either hExclusiveRoot or hExclusiveTrustedPeople are used,
// then all restricted handles must be NULL and non of the system
// "Root" and "TrustedPeople" are used.
//
// The algorithm used to define the stores for the engine is as
// follows: // follows:
// //
// hRoot = hRestrictedRoot or System Store "Root" // If NULL!=hExclusiveRoot or NULL!=hExclusiveTrustedPeople
// hRoot = hExclusiveRoot
// //
// hTrust = hRestrictedTrust or hWorld (defined later) // hTrust = hWorld (defined later)
// //
// hOther = hRestrictedOther or (hRestrictedTrust == NULL) ? hWorld : // hOther = hWorld
// hRestrictedTrust + hWorld
// //
// hWorld = hRoot + "CA" + "My" + "Trust" + rghAdditionalStore // hWorld = hRoot + hExclusiveTrustedPeople + "CA" + "My" + rghAddi
tionalStore
//
// Else
// hRoot = hRestrictedRoot or System Store "Root"
//
// hTrust = hRestrictedTrust or hWorld (defined later)
//
// hOther = hRestrictedOther or (hRestrictedTrust == NULL) ? hWorld
:
// hRestrictedTrust + hWorld
//
// hWorld = hRoot + "CA" + "My" + "Trust" + rghAdditionalStore
// Endif
// //
// dwFlags - flags // dwFlags - flags
// //
// CERT_CHAIN_CACHE_END_CERT - information will be cached on // CERT_CHAIN_CACHE_END_CERT - information will be cached on
// the end cert as well as the other // the end cert as well as the other
// certs in the chain // certs in the chain
// //
// CERT_CHAIN_THREAD_STORE_SYNC - use separate thread for store syncs // CERT_CHAIN_THREAD_STORE_SYNC - use separate thread for store syncs
// and related cache updates // and related cache updates
// //
// CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL - don't hit the wire to get // CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL - don't hit the wire to get
// URL based objects // URL based objects
// //
// dwUrlRetrievalTimeout - timeout for wire based URL object retrievals // dwUrlRetrievalTimeout - timeout for wire based URL object retrievals
// (milliseconds) // (milliseconds)
// //
#define CERT_CHAIN_CACHE_END_CERT 0x00000001 #define CERT_CHAIN_CACHE_END_CERT 0x00000001
#define CERT_CHAIN_THREAD_STORE_SYNC 0x00000002 #define CERT_CHAIN_THREAD_STORE_SYNC 0x00000002
#define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL 0x00000004 #define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL 0x00000004
#define CERT_CHAIN_USE_LOCAL_MACHINE_STORE 0x00000008 #define CERT_CHAIN_USE_LOCAL_MACHINE_STORE 0x00000008
#define CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE 0x00000010 #define CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE 0x00000010
#define CERT_CHAIN_ENABLE_SHARE_STORE 0x00000020 #define CERT_CHAIN_ENABLE_SHARE_STORE 0x00000020
typedef struct _CERT_CHAIN_ENGINE_CONFIG { typedef struct _CERT_CHAIN_ENGINE_CONFIG {
DWORD cbSize; DWORD cbSize;
HCERTSTORE hRestrictedRoot; HCERTSTORE hRestrictedRoot;
HCERTSTORE hRestrictedTrust; HCERTSTORE hRestrictedTrust;
HCERTSTORE hRestrictedOther; HCERTSTORE hRestrictedOther;
DWORD cAdditionalStore; DWORD cAdditionalStore;
HCERTSTORE* rghAdditionalStore; HCERTSTORE* rghAdditionalStore;
DWORD dwFlags; DWORD dwFlags;
DWORD dwUrlRetrievalTimeout; // milliseconds DWORD dwUrlRetrievalTimeout; // milliseconds
DWORD MaximumCachedCertificates; DWORD MaximumCachedCertificates;
DWORD CycleDetectionModulus; DWORD CycleDetectionModulus;
#if (NTDDI_VERSION >= NTDDI_WIN7)
HCERTSTORE hExclusiveRoot;
HCERTSTORE hExclusiveTrustedPeople;
#endif
} CERT_CHAIN_ENGINE_CONFIG, *PCERT_CHAIN_ENGINE_CONFIG; } CERT_CHAIN_ENGINE_CONFIG, *PCERT_CHAIN_ENGINE_CONFIG;
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) __success(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CertCreateCertificateChainEngine ( CertCreateCertificateChainEngine (
__in PCERT_CHAIN_ENGINE_CONFIG pConfig, __in PCERT_CHAIN_ENGINE_CONFIG pConfig,
__out HCERTCHAINENGINE* phChainEngine __out HCERTCHAINENGINE* phChainEngine
); );
skipping to change at line 17554 skipping to change at line 17825
#define CERT_TRUST_IS_SELF_SIGNED 0x00000008 #define CERT_TRUST_IS_SELF_SIGNED 0x00000008
// These can be applied to certificates and chains // These can be applied to certificates and chains
#define CERT_TRUST_HAS_PREFERRED_ISSUER 0x00000100 #define CERT_TRUST_HAS_PREFERRED_ISSUER 0x00000100
#define CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x00000200 #define CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x00000200
#define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x00000400 #define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x00000400
#define CERT_TRUST_IS_PEER_TRUSTED 0x00000800 #define CERT_TRUST_IS_PEER_TRUSTED 0x00000800
#define CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED 0x00001000 #define CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED 0x00001000
// Indicates that the certificate was found in
// a store specified by hExclusiveRoot or hExclusiveTrustedPeople
#define CERT_TRUST_IS_FROM_EXCLUSIVE_TRUST_STORE 0x00002000
// These can be applied to chains only // These can be applied to chains only
#define CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000 #define CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000
// //
// Each certificate context in a simple chain has a corresponding chain element // Each certificate context in a simple chain has a corresponding chain element
// in the simple chain context // in the simple chain context
// //
// dwErrorStatus has CERT_TRUST_IS_REVOKED, pRevocationInfo set // dwErrorStatus has CERT_TRUST_IS_REVOKED, pRevocationInfo set
// dwErrorStatus has CERT_TRUST_REVOCATION_STATUS_UNKNOWN, pRevocationInfo set // dwErrorStatus has CERT_TRUST_REVOCATION_STATUS_UNKNOWN, pRevocationInfo set
skipping to change at line 17620 skipping to change at line 17895
DWORD cbSize; DWORD cbSize;
PCCERT_CONTEXT pCertContext; PCCERT_CONTEXT pCertContext;
CERT_TRUST_STATUS TrustStatus; CERT_TRUST_STATUS TrustStatus;
PCERT_REVOCATION_INFO pRevocationInfo; PCERT_REVOCATION_INFO pRevocationInfo;
PCERT_ENHKEY_USAGE pIssuanceUsage; // If NULL, any PCERT_ENHKEY_USAGE pIssuanceUsage; // If NULL, any
PCERT_ENHKEY_USAGE pApplicationUsage; // If NULL, any PCERT_ENHKEY_USAGE pApplicationUsage; // If NULL, any
LPCWSTR pwszExtendedErrorInfo; // If NULL, none LPCWSTR pwszExtendedErrorInfo; // If NULL, none
} CERT_CHAIN_ELEMENT, *PCERT_CHAIN_ELEMENT; } CERT_CHAIN_ELEMENT, *PCERT_CHAIN_ELEMENT;
typedef const CERT_CHAIN_ELEMENT* PCCERT_CHAIN_ELEMENT;
// //
// The simple chain is an array of chain elements and a summary trust status // The simple chain is an array of chain elements and a summary trust status
// for the chain // for the chain
// //
// rgpElements[0] is the end certificate chain element // rgpElements[0] is the end certificate chain element
// //
// rgpElements[cElement-1] is the self-signed "root" certificate chain element // rgpElements[cElement-1] is the self-signed "root" certificate chain element
// //
skipping to change at line 17648 skipping to change at line 17924
// fHasRevocationFreshnessTime is only set if we are able to retrieve // fHasRevocationFreshnessTime is only set if we are able to retrieve
// revocation information for all elements checked for revocation. // revocation information for all elements checked for revocation.
// For a CRL its CurrentTime - ThisUpdate. // For a CRL its CurrentTime - ThisUpdate.
// //
// dwRevocationFreshnessTime is the largest time across all elements // dwRevocationFreshnessTime is the largest time across all elements
// checked. // checked.
BOOL fHasRevocationFreshnessTime; BOOL fHasRevocationFreshnessTime;
DWORD dwRevocationFreshnessTime; // seconds DWORD dwRevocationFreshnessTime; // seconds
} CERT_SIMPLE_CHAIN, *PCERT_SIMPLE_CHAIN; } CERT_SIMPLE_CHAIN, *PCERT_SIMPLE_CHAIN;
typedef const CERT_SIMPLE_CHAIN* PCCERT_SIMPLE_CHAIN;
// //
// And the chain context contains an array of simple chains and summary trust // And the chain context contains an array of simple chains and summary trust
// status for all the connected simple chains // status for all the connected simple chains
// //
// rgpChains[0] is the end certificate simple chain // rgpChains[0] is the end certificate simple chain
// //
// rgpChains[cChain-1] is the final (possibly trust list signer) chain which // rgpChains[cChain-1] is the final (possibly trust list signer) chain which
// ends in a certificate which is contained in the root store // ends in a certificate which is contained in the root store
// //
skipping to change at line 17779 skipping to change at line 18056
#define CERT_CHAIN_REVOCATION_CHECK_CHAIN 0x20000000 #define CERT_CHAIN_REVOCATION_CHECK_CHAIN 0x20000000
#define CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x40000000 #define CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x40000000
#define CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY 0x80000000 #define CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY 0x80000000
// By default, the dwUrlRetrievalTimeout in pChainPara is the timeout used // By default, the dwUrlRetrievalTimeout in pChainPara is the timeout used
// for each revocation URL wire retrieval. When the following flag is set, // for each revocation URL wire retrieval. When the following flag is set,
// dwUrlRetrievalTimeout is the accumulative timeout across all // dwUrlRetrievalTimeout is the accumulative timeout across all
// revocation URL wire retrievals. // revocation URL wire retrievals.
#define CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT 0x08000000 #define CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT 0x08000000
// Revocation checking for an independent OCSP signer certificate.
//
// The above revocation flags indicate if just the signer certificate or all
// the certificates in the chain, excluding the root should be checked
// for revocation. If the signer certificate contains the
// szOID_PKIX_OCSP_NOCHECK extension, then, revocation checking is skipped
// for the leaf signer certificate. Both OCSP and CRL checking are allowed.
// However, recursive, independent OCSP signer certs are disabled.
#define CERT_CHAIN_REVOCATION_CHECK_OCSP_CERT 0x04000000
// First pass determines highest quality based upon: // First pass determines highest quality based upon:
// - Chain signature valid (higest quality bit of this set) // - Chain signature valid (higest quality bit of this set)
// - Complete chain // - Complete chain
// - Trusted root (lowestest quality bit of this set) // - Trusted root (lowestest quality bit of this set)
// By default, second pass only considers paths >= highest first pass quality // By default, second pass only considers paths >= highest first pass quality
#define CERT_CHAIN_DISABLE_PASS1_QUALITY_FILTERING 0x00000040 #define CERT_CHAIN_DISABLE_PASS1_QUALITY_FILTERING 0x00000040
#define CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS 0x00000080 #define CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS 0x00000080
#define CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE 0x00000100 #define CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE 0x00000100
skipping to change at line 17854 skipping to change at line 18141
// Duplicate (add a reference to) a certificate chain // Duplicate (add a reference to) a certificate chain
// //
WINCRYPT32API WINCRYPT32API
PCCERT_CHAIN_CONTEXT PCCERT_CHAIN_CONTEXT
WINAPI WINAPI
CertDuplicateCertificateChain ( CertDuplicateCertificateChain (
__in PCCERT_CHAIN_CONTEXT pChainContext __in PCCERT_CHAIN_CONTEXT pChainContext
); );
//+-------------------------------------------------------------------------
// This data structure is optionally pointed to by the pChainPara field
// in the CERT_REVOCATION_PARA and CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO
// data structures. CertGetCertificateChain() populates when it calls
// the CertVerifyRevocation() API.
//--------------------------------------------------------------------------
struct _CERT_REVOCATION_CHAIN_PARA {
DWORD cbSize;
HCERTCHAINENGINE hChainEngine;
HCERTSTORE hAdditionalStore;
DWORD dwChainFlags;
DWORD dwUrlRetrievalTimeout; // milliseconds
LPFILETIME pftCurrentTime;
LPFILETIME pftCacheResync;
// Max size of the URL object to download, in bytes.
// 0 value means no limit.
DWORD cbMaxUrlRetrievalByteCount;
};
// //
// Specific Revocation Type OID and structure definitions // Specific Revocation Type OID and structure definitions
// //
// //
// CRL Revocation OID // CRL Revocation OID
// //
#define REVOCATION_OID_CRL_REVOCATION ((LPCSTR)1) #define REVOCATION_OID_CRL_REVOCATION ((LPCSTR)1)
skipping to change at line 18151 skipping to change at line 18458
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Predefined verify chain policies // Predefined verify chain policies
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_CHAIN_POLICY_BASE ((LPCSTR) 1) #define CERT_CHAIN_POLICY_BASE ((LPCSTR) 1)
#define CERT_CHAIN_POLICY_AUTHENTICODE ((LPCSTR) 2) #define CERT_CHAIN_POLICY_AUTHENTICODE ((LPCSTR) 2)
#define CERT_CHAIN_POLICY_AUTHENTICODE_TS ((LPCSTR) 3) #define CERT_CHAIN_POLICY_AUTHENTICODE_TS ((LPCSTR) 3)
#define CERT_CHAIN_POLICY_SSL ((LPCSTR) 4) #define CERT_CHAIN_POLICY_SSL ((LPCSTR) 4)
#define CERT_CHAIN_POLICY_BASIC_CONSTRAINTS ((LPCSTR) 5) #define CERT_CHAIN_POLICY_BASIC_CONSTRAINTS ((LPCSTR) 5)
#define CERT_CHAIN_POLICY_NT_AUTH ((LPCSTR) 6) #define CERT_CHAIN_POLICY_NT_AUTH ((LPCSTR) 6)
#define CERT_CHAIN_POLICY_MICROSOFT_ROOT ((LPCSTR) 7) #define CERT_CHAIN_POLICY_MICROSOFT_ROOT ((LPCSTR) 7)
#define CERT_CHAIN_POLICY_EV ((LPCSTR) 8)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_CHAIN_POLICY_BASE // CERT_CHAIN_POLICY_BASE
// //
// Implements the base chain policy verification checks. dwFlags can // Implements the base chain policy verification checks. dwFlags can
// be set in pPolicyPara to alter the default policy checking behaviour. // be set in pPolicyPara to alter the default policy checking behaviour.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_CHAIN_POLICY_AUTHENTICODE // CERT_CHAIN_POLICY_AUTHENTICODE
skipping to change at line 18219 skipping to change at line 18527
// pvExtraPolicyPara may optionally be set to point to the following // pvExtraPolicyPara may optionally be set to point to the following
// SSL_EXTRA_CERT_CHAIN_POLICY_PARA data structure // SSL_EXTRA_CERT_CHAIN_POLICY_PARA data structure
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// fdwChecks flags are defined in wininet.h // fdwChecks flags are defined in wininet.h
typedef struct _HTTPSPolicyCallbackData typedef struct _HTTPSPolicyCallbackData
{ {
union { union {
DWORD cbStruct; // sizeof(HTTPSPolicyCallbackData); DWORD cbStruct; // sizeof(HTTPSPolicyCallbackData);
DWORD cbSize; // sizeof(HTTPSPolicyCallbackData); DWORD cbSize; // sizeof(HTTPSPolicyCallbackData);
}; } DUMMYUNIONNAME;
DWORD dwAuthType; DWORD dwAuthType;
# define AUTHTYPE_CLIENT 1 # define AUTHTYPE_CLIENT 1
# define AUTHTYPE_SERVER 2 # define AUTHTYPE_SERVER 2
DWORD fdwChecks; DWORD fdwChecks;
WCHAR *pwszServerName; // used to check against CN=xxxx WCHAR *pwszServerName; // used to check against CN=xxxx
} HTTPSPolicyCallbackData, *PHTTPSPolicyCallbackData, } HTTPSPolicyCallbackData, *PHTTPSPolicyCallbackData,
skipping to change at line 18309 skipping to change at line 18617
// pPolicyPara is optional. However, // pPolicyPara is optional. However,
// MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG can be set in // MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG can be set in
// the dwFlags in pPolicyPara to also check for the Microsoft Test Roots. // the dwFlags in pPolicyPara to also check for the Microsoft Test Roots.
// //
// pvExtraPolicyPara and pvExtraPolicyStatus aren't used and must be set // pvExtraPolicyPara and pvExtraPolicyStatus aren't used and must be set
// to NULL. // to NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG 0x00010000 #define MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG 0x00010000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_CHAIN_POLICY_EV
//
// Verify the issuance policy in the end certificate of the first simple
// chain matches with the root certificate EV policy.
//
// pvExtraPolicyPara may optionally be set to point to the following
// EV_EXTRA_CERT_CHAIN_POLICY_PARA. The dwRootProgramQualifierFlags member
// can be set to one or more of the CERT_ROOT_PROGRAM_FLAG_* to define
// which of the EV policy qualifier bits are required for validation.
//
// pvExtraPolicyStatus may optionally be set to point to the following
// EV_EXTRA_CERT_CHAIN_POLICY_STATUS. The fQualifiers member will contain
// a combination of CERT_ROOT_PROGRAM_FLAG_* flags.
//--------------------------------------------------------------------------
typedef struct _EV_EXTRA_CERT_CHAIN_POLICY_PARA {
DWORD cbSize;
DWORD dwRootProgramQualifierFlags;
} EV_EXTRA_CERT_CHAIN_POLICY_PARA,
*PEV_EXTRA_CERT_CHAIN_POLICY_PARA;
typedef struct _EV_EXTRA_CERT_CHAIN_POLICY_STATUS {
DWORD cbSize;
DWORD dwQualifiers;
DWORD dwIssuanceUsageIndex;
} EV_EXTRA_CERT_CHAIN_POLICY_STATUS, *PEV_EXTRA_CERT_CHAIN_POLICY_STATUS;
//+-------------------------------------------------------------------------
// convert formatted string to binary // convert formatted string to binary
// If cchString is 0, then pszString is NULL terminated and // If cchString is 0, then pszString is NULL terminated and
// cchString is obtained via strlen() + 1. // cchString is obtained via strlen() + 1.
// dwFlags defines string format // dwFlags defines string format
// if pbBinary is NULL, *pcbBinary returns the size of required memory // if pbBinary is NULL, *pcbBinary returns the size of required memory
// *pdwSkip returns the character count of skipped strings, optional // *pdwSkip returns the character count of skipped strings, optional
// *pdwFlags returns the actual format used in the conversion, optional // *pdwFlags returns the actual format used in the conversion, optional
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32STRINGAPI WINCRYPT32STRINGAPI
BOOL BOOL
skipping to change at line 18410 skipping to change at line 18746
#define CRYPT_STRING_HEX 0x00000004 #define CRYPT_STRING_HEX 0x00000004
#define CRYPT_STRING_HEXASCII 0x00000005 #define CRYPT_STRING_HEXASCII 0x00000005
#define CRYPT_STRING_BASE64_ANY 0x00000006 #define CRYPT_STRING_BASE64_ANY 0x00000006
#define CRYPT_STRING_ANY 0x00000007 #define CRYPT_STRING_ANY 0x00000007
#define CRYPT_STRING_HEX_ANY 0x00000008 #define CRYPT_STRING_HEX_ANY 0x00000008
#define CRYPT_STRING_BASE64X509CRLHEADER 0x00000009 #define CRYPT_STRING_BASE64X509CRLHEADER 0x00000009
#define CRYPT_STRING_HEXADDR 0x0000000a #define CRYPT_STRING_HEXADDR 0x0000000a
#define CRYPT_STRING_HEXASCIIADDR 0x0000000b #define CRYPT_STRING_HEXASCIIADDR 0x0000000b
#define CRYPT_STRING_HEXRAW 0x0000000c #define CRYPT_STRING_HEXRAW 0x0000000c
#define CRYPT_STRING_HASHDATA 0x10000000
#define CRYPT_STRING_STRICT 0x20000000
#define CRYPT_STRING_NOCRLF 0x40000000 #define CRYPT_STRING_NOCRLF 0x40000000
#define CRYPT_STRING_NOCR 0x80000000 #define CRYPT_STRING_NOCR 0x80000000
// certenrolld_end // certenrolld_end
// CryptBinaryToString uses the following flags // CryptBinaryToString uses the following flags
// CRYPT_STRING_BASE64HEADER - base64 format with certificate begin // CRYPT_STRING_BASE64HEADER - base64 format with certificate begin
// and end headers // and end headers
// CRYPT_STRING_BASE64 - only base64 without headers // CRYPT_STRING_BASE64 - only base64 without headers
// CRYPT_STRING_BINARY - pure binary copy // CRYPT_STRING_BINARY - pure binary copy
// CRYPT_STRING_BASE64REQUESTHEADER - base64 format with request begin // CRYPT_STRING_BASE64REQUESTHEADER - base64 format with request begin
skipping to change at line 18616 skipping to change at line 18954
__in DWORD dwFlags); __in DWORD dwFlags);
//+========================================================================= //+=========================================================================
// APIs to get a non-blocking, time valid OCSP response for // APIs to get a non-blocking, time valid OCSP response for
// a server certificate chain. // a server certificate chain.
// //
// Normally, this OCSP response will be included along with the server // Normally, this OCSP response will be included along with the server
// certificate in a message returned to the client. As a result only the // certificate in a message returned to the client. As a result only the
// server should need to contact the OCSP responser for its certificate. // server should need to contact the OCSP responser for its certificate.
//========================================================================== //==========================================================================
#if (NTDDI_VERSION >= NTDDI_WINLH)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Server OCSP response handle. // Server OCSP response handle.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef VOID *HCERT_SERVER_OCSP_RESPONSE; typedef VOID *HCERT_SERVER_OCSP_RESPONSE;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Open a handle to an OCSP response associated with a server certificate // Open a handle to an OCSP response associated with a server certificate
// chain. If the end certificate doesn't have an OCSP AIA URL, NULL is // chain. If the end certificate doesn't have an OCSP AIA URL, NULL is
// returned with LastError set to CRYPT_E_NOT_IN_REVOCATION_DATABASE. NULL // returned with LastError set to CRYPT_E_NOT_IN_REVOCATION_DATABASE. NULL
skipping to change at line 18740 skipping to change at line 19079
// Free the OCSP response context returned by // Free the OCSP response context returned by
// CertGetServerOcspResponseContext(). // CertGetServerOcspResponseContext().
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CertFreeServerOcspResponseContext( CertFreeServerOcspResponseContext(
__in_opt PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext __in_opt PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext
); );
#endif // (NTDDI_VERSION >= NTDDI_WINLH)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Helper function to do URL retrieval of logo or biometric information // Helper function to do URL retrieval of logo or biometric information
// specified in either the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT // specified in either the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT
// certificate extension. // certificate extension.
// //
// Only the first hashed URL matching lpszLogoOrBiometricType is used // Only the first hashed URL matching lpszLogoOrBiometricType is used
// to do the URL retrieval. Only direct logotypes are supported. // to do the URL retrieval. Only direct logotypes are supported.
// The bytes at the first URL are retrieved via // The bytes at the first URL are retrieved via
// CryptRetrieveObjectByUrlW and hashed. The computed hash is compared // CryptRetrieveObjectByUrlW and hashed. The computed hash is compared
// against the hash in the certificate. For success, ppbData, pcbData // against the hash in the certificate. For success, ppbData, pcbData
skipping to change at line 18816 skipping to change at line 19157
#define CERT_RETRIEVE_COMMUNITY_LOGO ((LPCSTR) 3) #define CERT_RETRIEVE_COMMUNITY_LOGO ((LPCSTR) 3)
// Predefined Biometric types // Predefined Biometric types
#define CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE ((LPCSTR) 1000) #define CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE ((LPCSTR) 1000)
#define CERT_RETRIEVE_BIOMETRIC_PICTURE_TYPE \ #define CERT_RETRIEVE_BIOMETRIC_PICTURE_TYPE \
(CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_PICTURE_TYPE) (CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_PICTURE_TYPE)
#define CERT_RETRIEVE_BIOMETRIC_SIGNATURE_TYPE \ #define CERT_RETRIEVE_BIOMETRIC_SIGNATURE_TYPE \
(CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_SIGNATURE_TYP E) (CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE + CERT_BIOMETRIC_SIGNATURE_TYP E)
//
// Certificate Selection API
//
#if (NTDDI_VERSION >= NTDDI_WIN7)
typedef struct _CERT_SELECT_CHAIN_PARA
{
HCERTCHAINENGINE hChainEngine;
PFILETIME pTime;
HCERTSTORE hAdditionalStore;
PCERT_CHAIN_PARA pChainPara;
DWORD dwFlags;
}
CERT_SELECT_CHAIN_PARA, *PCERT_SELECT_CHAIN_PARA;
typedef const CERT_SELECT_CHAIN_PARA* PCCERT_SELECT_CHAIN_PARA;
#define CERT_SELECT_MAX_PARA 500
typedef struct _CERT_SELECT_CRITERIA
{
DWORD dwType;
DWORD cPara;
__field_ecount(cPara) void** ppPara;
}
CERT_SELECT_CRITERIA, *PCERT_SELECT_CRITERIA;
typedef const CERT_SELECT_CRITERIA* PCCERT_SELECT_CRITERIA;
// Selection Criteria
#define CERT_SELECT_BY_ENHKEY_USAGE 1
#define CERT_SELECT_BY_KEY_USAGE 2
#define CERT_SELECT_BY_POLICY_OID 3
#define CERT_SELECT_BY_PROV_NAME 4
#define CERT_SELECT_BY_EXTENSION 5
#define CERT_SELECT_BY_SUBJECT_HOST_NAME 6
#define CERT_SELECT_BY_ISSUER_ATTR 7
#define CERT_SELECT_BY_SUBJECT_ATTR 8
#define CERT_SELECT_BY_ISSUER_NAME 9
#define CERT_SELECT_BY_PUBLIC_KEY 10
#define CERT_SELECT_BY_TLS_SIGNATURES 11
#define CERT_SELECT_LAST CERT_SELECT_BY_TLS_SIGNATURES
#define CERT_SELECT_MAX (CERT_SELECT_LAST * 3)
// Selection Flags
#define CERT_SELECT_ALLOW_EXPIRED 0x00000001
#define CERT_SELECT_TRUSTED_ROOT 0x00000002
#define CERT_SELECT_DISALLOW_SELFSIGNED 0x00000004
#define CERT_SELECT_HAS_PRIVATE_KEY 0x00000008
#define CERT_SELECT_HAS_KEY_FOR_SIGNATURE 0x00000010
#define CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE 0x00000020
#define CERT_SELECT_HARDWARE_ONLY 0x00000040
#define CERT_SELECT_ALLOW_DUPLICATES 0x00000080
//+-------------------------------------------------------------------------
// Build certificate chains from the certificates in the store and select
// the matching ones based on the flags and selection criteria.
//--------------------------------------------------------------------------
WINCRYPT32API
BOOL
WINAPI
CertSelectCertificateChains(
__in_opt LPCGUID pSelectionContext,
__in DWORD dwFlags,
__in_opt PCCERT_SELECT_CHAIN_PARA pChainParameters,
__in DWORD cCriteria,
__in_ecount_opt(cCriteria) PCCERT_SELECT_CRITERIA rgpCriteria,
__in HCERTSTORE hStore,
__out PDWORD pcSelection,
__out_ecount(*pcSelection) PCCERT_CHAIN_CONTEXT** pprgpSelection
);
//+-------------------------------------------------------------------------
// Free the array of pointers to chain contexts.
// CertFreeCertificateChain is NOT called for each entry.
//--------------------------------------------------------------------------
WINCRYPT32API
VOID
WINAPI
CertFreeCertificateChainList(
__in PCCERT_CHAIN_CONTEXT* prgpSelection
);
#endif // (NTDDI_VERSION >= NTDDI_WIN7)
//
// Time stamp API
//
#if (NTDDI_VERSION >= NTDDI_WIN7)
//+-------------------------------------------------------------------------
// CRYPT_TIMESTAMP_REQUEST
//
//--------------------------------------------------------------------------
#define TIMESTAMP_VERSION 1
typedef struct _CRYPT_TIMESTAMP_REQUEST
{
DWORD dwVersion; // v1
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_DER_BLOB HashedMessage;
LPSTR pszTSAPolicyId; // OPTIONAL
CRYPT_INTEGER_BLOB Nonce; // OPTIONAL
BOOL fCertReq; // DEFAULT FALSE
DWORD cExtension;
__field_ecount(cExtension)
PCERT_EXTENSION rgExtension; // OPTIONAL
} CRYPT_TIMESTAMP_REQUEST, *PCRYPT_TIMESTAMP_REQUEST;
//+-------------------------------------------------------------------------
// CRYPT_TIMESTAMP_RESPONSE
//
//--------------------------------------------------------------------------
typedef struct _CRYPT_TIMESTAMP_RESPONSE
{
DWORD dwStatus;
DWORD cFreeText; // OPTIONAL
__field_ecount(cFreeText)
LPWSTR* rgFreeText;
CRYPT_BIT_BLOB FailureInfo; // OPTIONAL
CRYPT_DER_BLOB ContentInfo; // OPTIONAL
} CRYPT_TIMESTAMP_RESPONSE, *PCRYPT_TIMESTAMP_RESPONSE;
#define TIMESTAMP_STATUS_GRANTED 0
#define TIMESTAMP_STATUS_GRANTED_WITH_MODS 1
#define TIMESTAMP_STATUS_REJECTED 2
#define TIMESTAMP_STATUS_WAITING 3
#define TIMESTAMP_STATUS_REVOCATION_WARNING 4
#define TIMESTAMP_STATUS_REVOKED 5
#define TIMESTAMP_FAILURE_BAD_ALG 0
#define TIMESTAMP_FAILURE_BAD_REQUEST 2
#define TIMESTAMP_FAILURE_BAD_FORMAT 5
#define TIMESTAMP_FAILURE_TIME_NOT_AVAILABLE 14
#define TIMESTAMP_FAILURE_POLICY_NOT_SUPPORTED 15
#define TIMESTAMP_FAILURE_EXTENSION_NOT_SUPPORTED 16
#define TIMESTAMP_FAILURE_INFO_NOT_AVAILABLE 17
#define TIMESTAMP_FAILURE_SYSTEM_FAILURE 25
//+-------------------------------------------------------------------------
// CRYPT_TIMESTAMP_ACCURACY
//
//--------------------------------------------------------------------------
typedef struct _CRYPT_TIMESTAMP_ACCURACY
{
DWORD dwSeconds; // OPTIONAL
DWORD dwMillis; // OPTIONAL
DWORD dwMicros; // OPTIONAL
} CRYPT_TIMESTAMP_ACCURACY, *PCRYPT_TIMESTAMP_ACCURACY;
//+-------------------------------------------------------------------------
// CRYPT_TIMESTAMP_INFO
//
//--------------------------------------------------------------------------
typedef struct _CRYPT_TIMESTAMP_INFO
{
DWORD dwVersion; // v1
LPSTR pszTSAPolicyId;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_DER_BLOB HashedMessage;
CRYPT_INTEGER_BLOB SerialNumber;
FILETIME ftTime;
PCRYPT_TIMESTAMP_ACCURACY pvAccuracy; // OPTIONAL
BOOL fOrdering; // OPTIONAL
CRYPT_DER_BLOB Nonce; // OPTIONAL
CRYPT_DER_BLOB Tsa; // OPTIONAL
DWORD cExtension;
__field_ecount(cExtension)
PCERT_EXTENSION rgExtension; // OPTIONAL
} CRYPT_TIMESTAMP_INFO, *PCRYPT_TIMESTAMP_INFO;
//+-------------------------------------------------------------------------
// CRYPT_TIMESTAMP_CONTEXT
//
//--------------------------------------------------------------------------
typedef struct _CRYPT_TIMESTAMP_CONTEXT
{
DWORD cbEncoded;
__field_bcount(cbEncoded)
BYTE *pbEncoded;
PCRYPT_TIMESTAMP_INFO pTimeStamp;
} CRYPT_TIMESTAMP_CONTEXT, *PCRYPT_TIMESTAMP_CONTEXT;
//+-------------------------------------------------------------------------
// CRYPT_TIMESTAMP_PARA
//
// pszTSAPolicyId
// [optional] Specifies the TSA policy under which the time stamp token
// should be provided.
//
// Nonce
// [optional] Specifies the nonce value used by the client to verify the
// timeliness of the response when no local clock is available.
//
// fCertReq
// Specifies whether the TSA must include in response the certificates
// used to sign the time stamp token.
//
// rgExtension
// [optional] Specifies Extensions to be included in request.
//--------------------------------------------------------------------------
typedef struct _CRYPT_TIMESTAMP_PARA
{
LPCSTR pszTSAPolicyId; // OPTIONAL
BOOL fRequestCerts; // Default is TRUE
CRYPT_INTEGER_BLOB Nonce; // OPTIONAL
DWORD cExtension;
__field_ecount(cExtension)
PCERT_EXTENSION rgExtension; // OPTIONAL
} CRYPT_TIMESTAMP_PARA, *PCRYPT_TIMESTAMP_PARA;
//+-------------------------------------------------------------------------
// CryptRetrieveTimeStamp
//
// wszUrl
// [in] Specifies TSA where to send request to.
//
// dwRetrievalFlags
// [in]
// TIMESTAMP_VERIFY_CONTEXT_SIGNATURE
// TIMESTAMP_NO_AUTH_RETRIEVAL
// TIMESTAMP_DONT_HASH_DATA
//
// dwTimeout
// [in] Specifies the maximum number of milliseconds to wait for retrieval.
// If a value of zero is specified, this function does not time-out.
//
// pszHashId
// [in] Specifies hash algorithm OID.
//
// pPara
// [in, optional] Specifies additional request parameters.
//
// pbData
// [in] Points to array of bytes to be timestamped.
//
// cbData
// [in] Number of bytes in pbData.
//
// ppTsContext
// [out] The caller must free ppTsContext with CryptMemFree.
//
// ppTsSigner
// [out, optional] The address of a CERT_CONTEXT structure pointer that
// receives the certificate of the signer.
// When you have finished using this structure, free it by passing this
// pointer to the CertFreeCertificateContext function.
// This parameter can be NULL if the TSA signer's certificate is not needed.
//
// Remarks:
//
// The TIMESTAMP_VERIFY_CONTEXT_SIGNATURE flag can be only used,
// if fRequestCerts value is TRUE.
//
//--------------------------------------------------------------------------
BOOL
WINAPI
CryptRetrieveTimeStamp(
__in LPCWSTR wszUrl,
DWORD dwRetrievalFlags,
DWORD dwTimeout,
__in LPCSTR pszHashId,
__in_opt const CRYPT_TIMESTAMP_PARA *pPara,
__in_bcount(cbData)
const BYTE *pbData,
DWORD cbData,
__deref_out PCRYPT_TIMESTAMP_CONTEXT *ppTsContext,
__deref_out_opt PCCERT_CONTEXT *ppTsSigner,
__out_opt HCERTSTORE *phStore
);
// Set this flag to inhibit hash calculation on pbData
#define TIMESTAMP_DONT_HASH_DATA 0x00000001
// Set this flag to enforce signature validation on retrieved time stamp.
#define TIMESTAMP_VERIFY_CONTEXT_SIGNATURE 0x00000020 // CRYPT_VERIFY_CON
TEXT_SIGNATURE
// Set this flag to inhibit automatic authentication handling. See the
// wininet flag, INTERNET_FLAG_NO_AUTH, for more details.
#define TIMESTAMP_NO_AUTH_RETRIEVAL 0x00020000 // CRYPT_NO_AUTH_RE
TRIEVAL
//+-------------------------------------------------------------------------
// CryptVerifyTimeStampSignature
//
// pbTSContentInfo
// [in] Points to a buffer with timestamp content.
// These bytes are the same as returned in response by CRYPT_TIMESTAMP_CONT
EXT::pbEncoded
//
// cbTSContentInfo
// [in] Number of bytes in pbTSContentInfo.
//
// pbData
// [in] Points to array of bytes to be timestamped.
//
// cbData
// [in] Number of bytes in pbData.
//
// hAdditionalStore
// [in] Handle of any additional store to search for supporting
// TSA's signing certificates and certificate trust lists (CTLs).
// This parameter can be NULL if no additional store is to be searched.
//
// ppTsContext
// [out] The caller must free ppTsContext with CryptMemFree
//
// ppTsSigner
// [out, optional] The address of a CERT_CONTEXT structure pointer that
// receives the certificate of the signer.
// When you have finished using this structure, free it by passing this
// pointer to the CertFreeCertificateContext function.
// This parameter can be NULL if the TSA signer's certificate is not needed.
//
// NOTE:
// The caller should validate pszTSAPolicyId, if any was specified in the req
uest,
// and ftTime.
// The caller should also build a chain for ppTsSigner and validate the trust
.
//--------------------------------------------------------------------------
__success(return == TRUE)
BOOL
WINAPI
CryptVerifyTimeStampSignature (
__in_bcount( cbTSContentInfo )
const BYTE *pbTSContentInfo,
DWORD cbTSContentInfo,
__in_bcount_opt(cbData)
const BYTE *pbData,
DWORD cbData,
__in_opt HCERTSTORE hAdditionalStore,
__deref_out PCRYPT_TIMESTAMP_CONTEXT *ppTsContext,
__deref_out_opt PCCERT_CONTEXT *ppTsSigner,
__out_opt HCERTSTORE *phStore
);
#endif // (NTDDI_VERSION >= NTDDI_WIN7)
#endif //!defined(_DDK_DRIVER_) #endif //!defined(_DDK_DRIVER_)
#ifdef __cplusplus #ifdef __cplusplus
} // Balance extern "C" above } // Balance extern "C" above
#endif #endif
#if defined (_MSC_VER) #if defined (_MSC_VER)
#if ( _MSC_VER >= 800 ) #if ( _MSC_VER >= 800 )
#if _MSC_VER >= 1200 #if _MSC_VER >= 1200
 End of changes. 137 change blocks. 
143 lines changed or deleted 836 lines changed or added

This html diff was produced by rfcdiff 1.41.