Headers diff for crypt32.dll between 6.1.7601.18839-Windows_7.0 and 6.3.9600.17415-Windows_8.1 versions



 mssip.h (6.1.7601.18839-Windows_7.0)   mssip.h (6.3.9600.17415-Windows_8.1) 
skipping to change at line 17 skipping to change at line 17
// File: mssip.h // File: mssip.h
// //
// Contents: Microsoft SIP Provider Main Include File // Contents: Microsoft SIP Provider Main Include File
// //
// History: 19-Feb-1997 pberkman Created // History: 19-Feb-1997 pberkman Created
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#ifndef MSSIP_H #ifndef MSSIP_H
#define MSSIP_H #define MSSIP_H
#include <winapifamily.h>
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
#pragma pack (8) #pragma pack (8)
typedef CRYPT_HASH_BLOB CRYPT_DIGEST_DATA; typedef CRYPT_HASH_BLOB CRYPT_DIGEST_DATA;
skipping to change at line 141 skipping to change at line 145
DWORD cbStruct; DWORD cbStruct;
DWORD cbMemObject; DWORD cbMemObject;
BYTE *pbMemObject; BYTE *pbMemObject;
DWORD cbMemSignedMsg; DWORD cbMemSignedMsg;
BYTE *pbMemSignedMsg; BYTE *pbMemSignedMsg;
} MS_ADDINFO_BLOB, *PMS_ADDINFO_BLOB; } MS_ADDINFO_BLOB, *PMS_ADDINFO_BLOB;
////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////
// SIP_CAP_SET
//----------------------------------------------------------------------------
// A structure describing the capabilities supported by a SIP.
//
#if (NTDDI_VERSION >= NTDDI_WIN8)
typedef struct _SIP_CAP_SET_V2
{
DWORD cbSize; //Size of this struct
DWORD dwVersion; //The SIP API version being used, default to 2.
BOOL isMultiSign; //Set to 1 to indicate support for multiple sigs
DWORD dwReserved; //Reserved, must be 0
} SIP_CAP_SET_V2, *PSIP_CAP_SET_V2;
#if (NTDDI_VERSION >= NTDDI_WINBLUE)
typedef struct _SIP_CAP_SET_V3
{
DWORD cbSize; //Size of this struct
DWORD dwVersion; //The SIP API version being used, default to 2.
BOOL isMultiSign; //Set to 1 to indicate support for multiple sigs
union
{
DWORD dwFlags;
DWORD dwReserved; //Reserved, must be 0
};
} SIP_CAP_SET_V3, *PSIP_CAP_SET_V3;
typedef SIP_CAP_SET_V3 SIP_CAP_SET;
typedef PSIP_CAP_SET_V3 PSIP_CAP_SET;
#define SIP_CAP_SET_VERSION_2 2
#define SIP_CAP_SET_VERSION_3 3
#define SIP_CAP_SET_CUR_VER 3
#define SIP_CAP_FLAG_SEALING 0x00000001
#else //#if (NTDDI_VERSION > NTDDI_WIN8)
typedef SIP_CAP_SET_V2 SIP_CAP_SET;
typedef PSIP_CAP_SET_V2 PSIP_CAP_SET;
#define SIP_CAP_SET_CUR_VER 2
#endif //#if (NTDDI_VERSION > NTDDI_WINBLUE)
#endif //#if (NTDDI_VERSION >= NTDDI_WIN8)
//////////////////////////////////////////////////////////////////////////////
// //
// SIP_INDIRECT_DATA // SIP_INDIRECT_DATA
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------
// Indirect data structure is used to store the hash of the subject // Indirect data structure is used to store the hash of the subject
// along with data that is relevant to the subject. This can include // along with data that is relevant to the subject. This can include
// names etc. // names etc.
// //
typedef struct SIP_INDIRECT_DATA_ typedef struct SIP_INDIRECT_DATA_
{ {
CRYPT_ATTRIBUTE_TYPE_VALUE Data; // Encoded attribute CRYPT_ATTRIBUTE_TYPE_VALUE Data; // Encoded attribute
skipping to change at line 372 skipping to change at line 425
WCHAR *pwszIsFunctionName; // optiona: pfnIsFileSu pported WCHAR *pwszIsFunctionName; // optiona: pfnIsFileSu pported
WCHAR *pwszGetFuncName; WCHAR *pwszGetFuncName;
WCHAR *pwszPutFuncName; WCHAR *pwszPutFuncName;
WCHAR *pwszCreateFuncName; WCHAR *pwszCreateFuncName;
WCHAR *pwszVerifyFuncName; WCHAR *pwszVerifyFuncName;
WCHAR *pwszRemoveFuncName; WCHAR *pwszRemoveFuncName;
WCHAR *pwszIsFunctionNameFmt2; // optiona: pfnIsFi leSupported WCHAR *pwszIsFunctionNameFmt2; // optiona: pfnIsFi leSupported
#if (NTDDI_VERSION >= NTDDI_WIN8)
PWSTR pwszGetCapFuncName; // optional: CryptSIPGet
Caps
#endif //#if (NTDDI_VERSION >= NTDDI_WIN8)
} SIP_ADD_NEWPROVIDER, *PSIP_ADD_NEWPROVIDER; } SIP_ADD_NEWPROVIDER, *PSIP_ADD_NEWPROVIDER;
#define SIP_MAX_MAGIC_NUMBER 4 #define SIP_MAX_MAGIC_NUMBER 4
#pragma pack() #pragma pack()
////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////
// //
// CryptLoadSIP // CryptLoadSIP
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------
skipping to change at line 406 skipping to change at line 463
// SIP's object ID is right for the file type. // SIP's object ID is right for the file type.
// //
// Returns: // Returns:
// TRUE: No fatal errors // TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError() // FALSE: Errors occured. See GetLastError()
// //
extern BOOL WINAPI CryptSIPRetrieveSubjectGuid(IN LPCWSTR FileName, // wide fi le name extern BOOL WINAPI CryptSIPRetrieveSubjectGuid(IN LPCWSTR FileName, // wide fi le name
IN OPTIONAL HANDLE hFileIn, / / or handle of open file IN OPTIONAL HANDLE hFileIn, / / or handle of open file
OUT GUID *pgSubject); / / defined SIP's GUID OUT GUID *pgSubject); / / defined SIP's GUID
///////////////////////////////// ///////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////
// //
// CryptSIPRetrieveSubjectGuidForCatalogFile (defined in crypt32.dll) // CryptSIPRetrieveSubjectGuidForCatalogFile (defined in crypt32.dll)
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------
// looks at the file's "Magic Number" and tries to determine which // looks at the file's "Magic Number" and tries to determine which
// SIP's object ID is right for the file type. // SIP's object ID is right for the file type.
// //
// NOTE: This function only supports SIPs that are used for catalog files (eith er PE, CAB, or flat). // NOTE: This function only supports SIPs that are used for catalog files (eith er PE, CAB, or flat).
// //
// Returns: // Returns:
// TRUE: No fatal errors // TRUE: No fatal errors
skipping to change at line 445 skipping to change at line 502
// //
// CryptSIPRemoveProvider // CryptSIPRemoveProvider
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------
// //
// Returns: // Returns:
// TRUE: No fatal errors // TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError() // FALSE: Errors occured. See GetLastError()
// //
extern BOOL WINAPI CryptSIPRemoveProvider(IN GUID *pgProv); extern BOOL WINAPI CryptSIPRemoveProvider(IN GUID *pgProv);
//////////////////////////////////////////////////////////////////////////////
//
// CryptSIPGetCaps
//----------------------------------------------------------------------------
// Retrieves the capabilities of a SIP.
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
#if (NTDDI_VERSION >= NTDDI_WIN8)
extern BOOL WINAPI CryptSIPGetCaps(_In_ SIP_SUBJECTINFO * pSubjInfo,
_Inout_ SIP_CAP_SET *pCaps);
typedef BOOL (WINAPI *pCryptSIPGetCaps)(_In_ SIP_SUBJECTINFO * pSubjInfo,
_Inout_ SIP_CAP_SET *pCaps);
#endif //#if (NTDDI_VERSION >= NTDDI_WIN8)
#if (NTDDI_VERSION >= NTDDI_WINBLUE)
extern
_Success_(return != FALSE)
BOOL WINAPI CryptSIPGetSealedDigest(_In_ SIP_SUBJECTINFO *pSubjectInfo,
_In_opt_count_(dwSig) const BYTE *pSi
g,
_In_ DWORD dwSig,
_Out_writes_opt_(*pcbDigest) BYTE *pb
Digest,
_Inout_ DWORD *pcbDigest);
typedef
_Success_(return != FALSE)
BOOL (WINAPI *pCryptSIPGetSealedDigest)(_In_ SIP_SUBJECTINFO *pSubjectInfo,
_In_opt_count_(dwSig) const BYTE *pSi
g,
_In_ DWORD dwSig,
_Out_writes_opt_(*pcbDigest) BYTE *pb
Digest,
_Inout_ DWORD *pcbDigest);
#endif //#if (NTDDI_VERSION >= NTDDI_WINBLUE)
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#endif // MSSIP_H #endif // MSSIP_H
 End of changes. 6 change blocks. 
1 lines changed or deleted 103 lines changed or added


 wincrypt.h (6.1.7601.18839-Windows_7.0)   wincrypt.h (6.3.9600.17415-Windows_8.1) 
skipping to change at line 32 skipping to change at line 32
#endif #endif
#pragma warning(disable:4201) /* Nameless struct/union */ #pragma warning(disable:4201) /* Nameless struct/union */
#endif #endif
#if (_MSC_VER > 1020) #if (_MSC_VER > 1020)
#pragma once #pragma once
#endif #endif
#endif #endif
#include <winapifamily.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
#ifndef _HRESULT_DEFINED #ifndef _HRESULT_DEFINED
#define _HRESULT_DEFINED #define _HRESULT_DEFINED
typedef __success(return >= 0) long HRESULT; typedef _Return_type_success_(return >= 0) long HRESULT;
#endif #endif
#ifndef WINADVAPI #ifndef WINADVAPI
#define WINADVAPI #define WINADVAPI
#endif #endif
#ifndef WINAPI #ifndef WINAPI
#define WINAPI __stdcall #define WINAPI __stdcall
#endif #endif
skipping to change at line 73 skipping to change at line 78
#endif #endif
#ifndef OUT #ifndef OUT
#define OUT #define OUT
#endif #endif
#ifndef OPTIONAL #ifndef OPTIONAL
#define OPTIONAL #define OPTIONAL
#endif #endif
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
#if !defined(WINCRYPT32API) #if !defined(WINCRYPT32API)
#if !defined(_CRYPT32_) #if !defined(_CRYPT32_)
#define WINCRYPT32API DECLSPEC_IMPORT #define WINCRYPT32API DECLSPEC_IMPORT
#else #else
#define WINCRYPT32API #define WINCRYPT32API
#endif #endif
#endif #endif
#else #else
#if !defined(_CRYPT32_) #if !defined(_CRYPT32_)
#define WINCRYPT32API DECLSPEC_IMPORT #define WINCRYPT32API DECLSPEC_IMPORT
#else #else
#define WINCRYPT32API #define WINCRYPT32API
#endif #endif
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if !defined(WINCRYPT32STRINGAPI) #if !defined(WINCRYPT32STRINGAPI)
#if !defined(_CRYPT32STRING_) #if !defined(_CRYPT32STRING_)
#define WINCRYPT32STRINGAPI WINCRYPT32API #define WINCRYPT32STRINGAPI WINCRYPT32API
#else #else
#define WINCRYPT32STRINGAPI #define WINCRYPT32STRINGAPI
#endif #endif
#endif #endif
// //
skipping to change at line 145 skipping to change at line 150
#define ALG_SID_RSA_PKCS 1 #define ALG_SID_RSA_PKCS 1
#define ALG_SID_RSA_MSATWORK 2 #define ALG_SID_RSA_MSATWORK 2
#define ALG_SID_RSA_ENTRUST 3 #define ALG_SID_RSA_ENTRUST 3
#define ALG_SID_RSA_PGP 4 #define ALG_SID_RSA_PGP 4
// Some DSS sub-ids // Some DSS sub-ids
// //
#define ALG_SID_DSS_ANY 0 #define ALG_SID_DSS_ANY 0
#define ALG_SID_DSS_PKCS 1 #define ALG_SID_DSS_PKCS 1
#define ALG_SID_DSS_DMS 2 #define ALG_SID_DSS_DMS 2
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
#define ALG_SID_ECDSA 3 #define ALG_SID_ECDSA 3
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
// Block cipher sub ids // Block cipher sub ids
// DES sub_ids // DES sub_ids
#define ALG_SID_DES 1 #define ALG_SID_DES 1
#define ALG_SID_3DES 3 #define ALG_SID_3DES 3
#define ALG_SID_DESX 4 #define ALG_SID_DESX 4
#define ALG_SID_IDEA 5 #define ALG_SID_IDEA 5
#define ALG_SID_CAST 6 #define ALG_SID_CAST 6
#define ALG_SID_SAFERSK64 7 #define ALG_SID_SAFERSK64 7
#define ALG_SID_SAFERSK128 8 #define ALG_SID_SAFERSK128 8
skipping to change at line 191 skipping to change at line 196
// Stream cipher sub-ids // Stream cipher sub-ids
#define ALG_SID_RC4 1 #define ALG_SID_RC4 1
#define ALG_SID_SEAL 2 #define ALG_SID_SEAL 2
// Diffie-Hellman sub-ids // Diffie-Hellman sub-ids
#define ALG_SID_DH_SANDF 1 #define ALG_SID_DH_SANDF 1
#define ALG_SID_DH_EPHEM 2 #define ALG_SID_DH_EPHEM 2
#define ALG_SID_AGREED_KEY_ANY 3 #define ALG_SID_AGREED_KEY_ANY 3
#define ALG_SID_KEA 4 #define ALG_SID_KEA 4
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
#define ALG_SID_ECDH 5 #define ALG_SID_ECDH 5
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
// Hash sub ids // Hash sub ids
#define ALG_SID_MD2 1 #define ALG_SID_MD2 1
#define ALG_SID_MD4 2 #define ALG_SID_MD4 2
#define ALG_SID_MD5 3 #define ALG_SID_MD5 3
#define ALG_SID_SHA 4 #define ALG_SID_SHA 4
#define ALG_SID_SHA1 4 #define ALG_SID_SHA1 4
#define ALG_SID_MAC 5 #define ALG_SID_MAC 5
#define ALG_SID_RIPEMD 6 #define ALG_SID_RIPEMD 6
#define ALG_SID_RIPEMD160 7 #define ALG_SID_RIPEMD160 7
skipping to change at line 225 skipping to change at line 230
// secure channel sub ids // secure channel sub ids
#define ALG_SID_SSL3_MASTER 1 #define ALG_SID_SSL3_MASTER 1
#define ALG_SID_SCHANNEL_MASTER_HASH 2 #define ALG_SID_SCHANNEL_MASTER_HASH 2
#define ALG_SID_SCHANNEL_MAC_KEY 3 #define ALG_SID_SCHANNEL_MAC_KEY 3
#define ALG_SID_PCT1_MASTER 4 #define ALG_SID_PCT1_MASTER 4
#define ALG_SID_SSL2_MASTER 5 #define ALG_SID_SSL2_MASTER 5
#define ALG_SID_TLS1_MASTER 6 #define ALG_SID_TLS1_MASTER 6
#define ALG_SID_SCHANNEL_ENC_KEY 7 #define ALG_SID_SCHANNEL_ENC_KEY 7
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
// misc ECC sub ids // misc ECC sub ids
#define ALG_SID_ECMQV 1 #define ALG_SID_ECMQV 1
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
// Our silly example sub-id // Our silly example sub-id
#define ALG_SID_EXAMPLE 80 #define ALG_SID_EXAMPLE 80
// certenrolls_begin -- PROV_ENUMALGS_EX // certenrolls_begin -- PROV_ENUMALGS_EX
#ifndef ALGIDDEF #ifndef ALGIDDEF
#define ALGIDDEF #define ALGIDDEF
typedef unsigned int ALG_ID; typedef unsigned int ALG_ID;
#endif #endif
// certenrolls_end // certenrolls_end
// algorithm identifier definitions // algorithm identifier definitions
#define CALG_MD2 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2) #define CALG_MD2 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2)
#define CALG_MD4 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4) #define CALG_MD4 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4)
#define CALG_MD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5) #define CALG_MD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5)
#define CALG_SHA (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA) #define CALG_SHA (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA)
#define CALG_SHA1 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1) #define CALG_SHA1 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1)
#define CALG_MAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC) #define CALG_MAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC) // Deprecated. Don't use.
#define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RS A_ANY) #define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RS A_ANY)
#define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DS S_ANY) #define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DS S_ANY)
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
#define CALG_NO_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_AN Y) #define CALG_NO_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_AN Y)
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
#define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA _ANY) #define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA _ANY)
#define CALG_DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_D ES) #define CALG_DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_D ES)
#define CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3 DES_112) #define CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3 DES_112)
#define CALG_3DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3 DES) #define CALG_3DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3 DES)
#define CALG_DESX (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_D ESX) #define CALG_DESX (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_D ESX)
#define CALG_RC2 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_R C2) #define CALG_RC2 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_R C2)
#define CALG_RC4 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_ RC4) #define CALG_RC4 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_ RC4)
#define CALG_SEAL (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_ SEAL) #define CALG_SEAL (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_ SEAL)
#define CALG_DH_SF (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_S ANDF) #define CALG_DH_SF (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_S ANDF)
#define CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_E PHEM) #define CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_E PHEM)
#define CALG_AGREEDKEY_ANY (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_AGRE ED_KEY_ANY) #define CALG_AGREEDKEY_ANY (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_AGRE ED_KEY_ANY)
#define CALG_KEA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_KEA) #define CALG_KEA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_KEA)
#define CALG_HUGHES_MD5 (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_ANY|ALG_SID_MD5 ) #define CALG_HUGHES_MD5 (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_ANY|ALG_SID_MD5 )
#define CALG_SKIPJACK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_S KIPJACK) #define CALG_SKIPJACK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_S KIPJACK)
#define CALG_TEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_T EK) #define CALG_TEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_T EK)
#define CALG_CYLINK_MEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_C YLINK_MEK) #define CALG_CYLINK_MEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_C YLINK_MEK) // Deprecated. Do not use
#define CALG_SSL3_SHAMD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHA MD5) #define CALG_SSL3_SHAMD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHA MD5)
#define CALG_SSL3_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SSL3_MASTER) #define CALG_SSL3_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SSL3_MASTER)
#define CALG_SCHANNEL_MASTER_HASH (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNE L|ALG_SID_SCHANNEL_MASTER_HASH) #define CALG_SCHANNEL_MASTER_HASH (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNE L|ALG_SID_SCHANNEL_MASTER_HASH)
#define CALG_SCHANNEL_MAC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SCHANNEL_MAC_KEY) #define CALG_SCHANNEL_MAC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SCHANNEL_MAC_KEY)
#define CALG_SCHANNEL_ENC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SCHANNEL_ENC_KEY) #define CALG_SCHANNEL_ENC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SCHANNEL_ENC_KEY)
#define CALG_PCT1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_PCT1_MASTER) #define CALG_PCT1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_PCT1_MASTER)
#define CALG_SSL2_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SSL2_MASTER) #define CALG_SSL2_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_SSL2_MASTER)
#define CALG_TLS1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_TLS1_MASTER) #define CALG_TLS1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|AL G_SID_TLS1_MASTER)
#define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_R C5) #define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_R C5)
#define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC) #define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC)
skipping to change at line 291 skipping to change at line 296
#define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_128) #define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_128)
#define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_192) #define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_192)
#define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_256) #define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES_256)
#define CALG_AES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES) #define CALG_AES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_A ES)
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION > NTDDI_WINXPSP2) #if (NTDDI_VERSION > NTDDI_WINXPSP2)
#define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256 ) #define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256 )
#define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384 ) #define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384 )
#define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512 ) #define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512 )
#endif //(NTDDI_VERSION > NTDDI_WINXPSP2) #endif //(NTDDI_VERSION > NTDDI_WINXPSP2)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
#define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_ ECDH) #define CALG_ECDH (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_ ECDH)
#define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID _ECMQV) #define CALG_ECMQV (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_ANY | ALG_SID _ECMQV)
#define CALG_ECDSA (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_EC DSA) #define CALG_ECDSA (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_EC DSA)
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
// resource number for signatures in the CSP // resource number for signatures in the CSP
#define SIGNATURE_RESOURCE_NUMBER 0x29A #define SIGNATURE_RESOURCE_NUMBER 0x29A
typedef struct _VTableProvStruc { typedef struct _VTableProvStruc {
DWORD Version; DWORD Version;
FARPROC FuncVerifyImage; FARPROC FuncVerifyImage;
FARPROC FuncReturnhWnd; FARPROC FuncReturnhWnd;
DWORD dwProvType; DWORD dwProvType;
BYTE *pbContextInfo; BYTE *pbContextInfo;
DWORD cbContextInfo; DWORD cbContextInfo;
LPSTR pszProvName; LPSTR pszProvName;
} VTableProvStruc, *PVTableProvStruc; } VTableProvStruc, *PVTableProvStruc;
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
// Used for certenroll.idl: // Used for certenroll.idl:
// certenrolls_begin -- HCRYPT* // certenrolls_begin -- HCRYPT*
#ifndef HCRYPTPROV_DEFINED
#define HCRYPTPROV_DEFINED
typedef ULONG_PTR HCRYPTPROV; typedef ULONG_PTR HCRYPTPROV;
typedef ULONG_PTR HCRYPTKEY; typedef ULONG_PTR HCRYPTKEY;
typedef ULONG_PTR HCRYPTHASH; typedef ULONG_PTR HCRYPTHASH;
#endif
// certenrolls_end // certenrolls_end
// dwFlags definitions for CryptAcquireContext // dwFlags definitions for CryptAcquireContext
#define CRYPT_VERIFYCONTEXT 0xF0000000 #define CRYPT_VERIFYCONTEXT 0xF0000000
#define CRYPT_NEWKEYSET 0x00000008 #define CRYPT_NEWKEYSET 0x00000008
#define CRYPT_DELETEKEYSET 0x00000010 #define CRYPT_DELETEKEYSET 0x00000010
#define CRYPT_MACHINE_KEYSET 0x00000020 #define CRYPT_MACHINE_KEYSET 0x00000020
#define CRYPT_SILENT 0x00000040 #define CRYPT_SILENT 0x00000040
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
#define CRYPT_DEFAULT_CONTAINER_OPTIONAL 0x00000080 #define CRYPT_DEFAULT_CONTAINER_OPTIONAL 0x00000080
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
// dwFlag definitions for CryptGenKey // dwFlag definitions for CryptGenKey
#define CRYPT_EXPORTABLE 0x00000001 #define CRYPT_EXPORTABLE 0x00000001
#define CRYPT_USER_PROTECTED 0x00000002 #define CRYPT_USER_PROTECTED 0x00000002
#define CRYPT_CREATE_SALT 0x00000004 #define CRYPT_CREATE_SALT 0x00000004
#define CRYPT_UPDATE_KEY 0x00000008 #define CRYPT_UPDATE_KEY 0x00000008
#define CRYPT_NO_SALT 0x00000010 #define CRYPT_NO_SALT 0x00000010
#define CRYPT_PREGEN 0x00000040 #define CRYPT_PREGEN 0x00000040
#define CRYPT_RECIPIENT 0x00000010 #define CRYPT_RECIPIENT 0x00000010
#define CRYPT_INITIATOR 0x00000040 #define CRYPT_INITIATOR 0x00000040
#define CRYPT_ONLINE 0x00000080 #define CRYPT_ONLINE 0x00000080
#define CRYPT_SF 0x00000100 #define CRYPT_SF 0x00000100
#define CRYPT_CREATE_IV 0x00000200 #define CRYPT_CREATE_IV 0x00000200
#define CRYPT_KEK 0x00000400 #define CRYPT_KEK 0x00000400
#define CRYPT_DATA_KEY 0x00000800 #define CRYPT_DATA_KEY 0x00000800
#define CRYPT_VOLATILE 0x00001000 #define CRYPT_VOLATILE 0x00001000
#define CRYPT_SGCKEY 0x00002000 #define CRYPT_SGCKEY 0x00002000
//PKCS12_ALLOW_OVERWRITE_KEY 0x00004000
//PKCS12_NO_PERSIST_KEY 0x00008000
//should use other than these two
#define CRYPT_USER_PROTECTED_STRONG 0x00100000
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
#define CRYPT_ARCHIVABLE 0x00004000 #define CRYPT_ARCHIVABLE 0x00004000
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
#define CRYPT_FORCE_KEY_PROTECTION_HIGH 0x00008000 #define CRYPT_FORCE_KEY_PROTECTION_HIGH 0x00008000
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#define RSA1024BIT_KEY 0x04000000 #define RSA1024BIT_KEY 0x04000000
// dwFlags definitions for CryptDeriveKey // dwFlags definitions for CryptDeriveKey
#define CRYPT_SERVER 0x00000400 #define CRYPT_SERVER 0x00000400
#define KEY_LENGTH_MASK 0xFFFF0000 #define KEY_LENGTH_MASK 0xFFFF0000
// dwFlag definitions for CryptExportKey // dwFlag definitions for CryptExportKey
#define CRYPT_Y_ONLY 0x00000001 #define CRYPT_Y_ONLY 0x00000001
skipping to change at line 392 skipping to change at line 404
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
// dwFlags definitions for CryptHashData // dwFlags definitions for CryptHashData
#define CRYPT_OWF_REPL_LM_HASH 0x00000001 // this is only for the OWF replacem ent CSP #define CRYPT_OWF_REPL_LM_HASH 0x00000001 // this is only for the OWF replacem ent CSP
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
// dwFlags definitions for CryptHashSessionKey // dwFlags definitions for CryptHashSessionKey
#define CRYPT_LITTLE_ENDIAN 0x00000001 #define CRYPT_LITTLE_ENDIAN 0x00000001
// dwFlags definitions for CryptSignHash and CryptVerifySignature // dwFlags definitions for CryptSignHash and CryptVerifySignature
#define CRYPT_NOHASHOID 0x00000001 #define CRYPT_NOHASHOID 0x00000001
#define CRYPT_TYPE2_FORMAT 0x00000002 #define CRYPT_TYPE2_FORMAT 0x00000002 // Not supported
#define CRYPT_X931_FORMAT 0x00000004 #define CRYPT_X931_FORMAT 0x00000004 // Not supported
// dwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider // dwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider
#define CRYPT_MACHINE_DEFAULT 0x00000001 #define CRYPT_MACHINE_DEFAULT 0x00000001
#define CRYPT_USER_DEFAULT 0x00000002 #define CRYPT_USER_DEFAULT 0x00000002
#define CRYPT_DELETE_DEFAULT 0x00000004 #define CRYPT_DELETE_DEFAULT 0x00000004
// exported key blob definitions // exported key blob definitions
// certenrolld_begin -- *BLOB // certenrolld_begin -- *BLOB
#define SIMPLEBLOB 0x1 #define SIMPLEBLOB 0x1
#define PUBLICKEYBLOB 0x6 #define PUBLICKEYBLOB 0x6
skipping to change at line 545 skipping to change at line 557
#define PP_SIG_KEYSIZE_INC 34 #define PP_SIG_KEYSIZE_INC 34
#define PP_KEYX_KEYSIZE_INC 35 #define PP_KEYX_KEYSIZE_INC 35
#define PP_UNIQUE_CONTAINER 36 #define PP_UNIQUE_CONTAINER 36
#define PP_SGC_INFO 37 #define PP_SGC_INFO 37
#define PP_USE_HARDWARE_RNG 38 #define PP_USE_HARDWARE_RNG 38
#define PP_KEYSPEC 39 #define PP_KEYSPEC 39
#define PP_ENUMEX_SIGNING_PROT 40 #define PP_ENUMEX_SIGNING_PROT 40
#if (NTDDI_VERSION >= NTDDI_WS03) #if (NTDDI_VERSION >= NTDDI_WS03)
#define PP_CRYPT_COUNT_KEY_USE 41 #define PP_CRYPT_COUNT_KEY_USE 41
#endif //(NTDDI_VERSION >= NTDDI_WS03) #endif //(NTDDI_VERSION >= NTDDI_WS03)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
#define PP_USER_CERTSTORE 42 #define PP_USER_CERTSTORE 42
#define PP_SMARTCARD_READER 43 #define PP_SMARTCARD_READER 43
#define PP_SMARTCARD_GUID 45 #define PP_SMARTCARD_GUID 45
#define PP_ROOT_CERTSTORE 46 #define PP_ROOT_CERTSTORE 46
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define PP_SMARTCARD_READER_ICON 47
#endif // (NTDDI_VERSION >= NTDDI_WIN8)
#define CRYPT_FIRST 1 #define CRYPT_FIRST 1
#define CRYPT_NEXT 2 #define CRYPT_NEXT 2
#define CRYPT_SGC_ENUM 4 #define CRYPT_SGC_ENUM 4
#define CRYPT_IMPL_HARDWARE 1 #define CRYPT_IMPL_HARDWARE 1
#define CRYPT_IMPL_SOFTWARE 2 #define CRYPT_IMPL_SOFTWARE 2
#define CRYPT_IMPL_MIXED 3 #define CRYPT_IMPL_MIXED 3
#define CRYPT_IMPL_UNKNOWN 4 #define CRYPT_IMPL_UNKNOWN 4
#define CRYPT_IMPL_REMOVABLE 8 #define CRYPT_IMPL_REMOVABLE 8
skipping to change at line 589 skipping to change at line 604
// //
// CryptSetProvParam // CryptSetProvParam
// //
#define PP_CLIENT_HWND 1 #define PP_CLIENT_HWND 1
#define PP_CONTEXT_INFO 11 #define PP_CONTEXT_INFO 11
#define PP_KEYEXCHANGE_KEYSIZE 12 #define PP_KEYEXCHANGE_KEYSIZE 12
#define PP_SIGNATURE_KEYSIZE 13 #define PP_SIGNATURE_KEYSIZE 13
#define PP_KEYEXCHANGE_ALG 14 #define PP_KEYEXCHANGE_ALG 14
#define PP_SIGNATURE_ALG 15 #define PP_SIGNATURE_ALG 15
#define PP_DELETEKEY 24 #define PP_DELETEKEY 24
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
#define PP_PIN_PROMPT_STRING 44 #define PP_PIN_PROMPT_STRING 44
#define PP_SECURE_KEYEXCHANGE_PIN 47 #define PP_SECURE_KEYEXCHANGE_PIN 47
#define PP_SECURE_SIGNATURE_PIN 48 #define PP_SECURE_SIGNATURE_PIN 48
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
// certenrolld_begin -- PROV_RSA_* // certenrolld_begin -- PROV_RSA_*
#define PROV_RSA_FULL 1 #define PROV_RSA_FULL 1
#define PROV_RSA_SIG 2 #define PROV_RSA_SIG 2
#define PROV_DSS 3 #define PROV_DSS 3
#define PROV_FORTEZZA 4 #define PROV_FORTEZZA 4
#define PROV_MS_EXCHANGE 5 #define PROV_MS_EXCHANGE 5
#define PROV_SSL 6 #define PROV_SSL 6
#define PROV_RSA_SCHANNEL 12 #define PROV_RSA_SCHANNEL 12
#define PROV_DSS_DH 13 #define PROV_DSS_DH 13
skipping to change at line 736 skipping to change at line 751
#define MAXUIDLEN 64 #define MAXUIDLEN 64
// Exponentiation Offload Reg Location // Exponentiation Offload Reg Location
#define EXPO_OFFLOAD_REG_VALUE "ExpoOffload" #define EXPO_OFFLOAD_REG_VALUE "ExpoOffload"
#define EXPO_OFFLOAD_FUNC_NAME "OffloadModExpo" #define EXPO_OFFLOAD_FUNC_NAME "OffloadModExpo"
// //
// Registry key in which the following private key-related // Registry key in which the following private key-related
// values are created. // values are created.
// //
#ifndef szKEY_CRYPTOAPI_PRIVATE_KEY_OPTIONS
#define szKEY_CRYPTOAPI_PRIVATE_KEY_OPTIONS \ #define szKEY_CRYPTOAPI_PRIVATE_KEY_OPTIONS \
"Software\\Policies\\Microsoft\\Cryptography" "Software\\Policies\\Microsoft\\Cryptography"
#endif
//
// Registry value for controlling Data Protection API (DPAPI) UI settings.
//
#define szFORCE_KEY_PROTECTION "ForceKeyProtection"
#define dwFORCE_KEY_PROTECTION_DISABLED 0x0
#define dwFORCE_KEY_PROTECTION_USER_SELECT 0x1
#define dwFORCE_KEY_PROTECTION_HIGH 0x2
// //
// Registry values for enabling and controlling the caching (and timeout) // Registry values for enabling and controlling the caching (and timeout)
// of private keys. This feature is intended for UI-protected private // of private keys. This feature is intended for UI-protected private
// keys. // keys.
// //
// Note that in Windows 2000 and later, private keys, once read from storage, // Note that in Windows 2000 and later, private keys, once read from storage,
// are cached in the associated HCRYPTPROV structure for subsequent use. // are cached in the associated HCRYPTPROV structure for subsequent use.
// //
// In Server 2003 and XP SP1, new key caching behavior is available. Keys // In Server 2003 and XP SP1, new key caching behavior is available. Keys
skipping to change at line 955 skipping to change at line 963
unsigned char Feedback[8]; unsigned char Feedback[8];
} CRYPT_DES_KEY_STATE, *PCRYPT_DES_KEY_STATE; } CRYPT_DES_KEY_STATE, *PCRYPT_DES_KEY_STATE;
typedef struct _CRYPT_3DES_KEY_STATE { typedef struct _CRYPT_3DES_KEY_STATE {
unsigned char Key[24]; unsigned char Key[24];
unsigned char IV[8]; unsigned char IV[8];
unsigned char Feedback[8]; unsigned char Feedback[8];
} CRYPT_3DES_KEY_STATE, *PCRYPT_3DES_KEY_STATE; } CRYPT_3DES_KEY_STATE, *PCRYPT_3DES_KEY_STATE;
#endif //(NTDDI_VERSION >= NTDDI_WS03) #endif //(NTDDI_VERSION >= NTDDI_WS03)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
typedef struct _CRYPT_AES_128_KEY_STATE { typedef struct _CRYPT_AES_128_KEY_STATE {
unsigned char Key[16]; unsigned char Key[16];
unsigned char IV[16]; unsigned char IV[16];
unsigned char EncryptionState[11][16]; // 10 rounds + 1 unsigned char EncryptionState[11][16]; // 10 rounds + 1
unsigned char DecryptionState[11][16]; unsigned char DecryptionState[11][16];
unsigned char Feedback[16]; unsigned char Feedback[16];
} CRYPT_AES_128_KEY_STATE, *PCRYPT_AES_128_KEY_STATE; } CRYPT_AES_128_KEY_STATE, *PCRYPT_AES_128_KEY_STATE;
typedef struct _CRYPT_AES_256_KEY_STATE { typedef struct _CRYPT_AES_256_KEY_STATE {
unsigned char Key[32]; unsigned char Key[32];
unsigned char IV[16]; unsigned char IV[16];
unsigned char EncryptionState[15][16]; // 14 rounds + 1 unsigned char EncryptionState[15][16]; // 14 rounds + 1
unsigned char DecryptionState[15][16]; unsigned char DecryptionState[15][16];
unsigned char Feedback[16]; unsigned char Feedback[16];
} CRYPT_AES_256_KEY_STATE, *PCRYPT_AES_256_KEY_STATE; } CRYPT_AES_256_KEY_STATE, *PCRYPT_AES_256_KEY_STATE;
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#pragma region Application Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRYPTOAPI BLOB definitions // CRYPTOAPI BLOB definitions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- *_BLOB // certenrolls_begin -- *_BLOB
#ifndef CRYPTO_BLOBS_DEFINED #ifndef CRYPTO_BLOBS_DEFINED
#define CRYPTO_BLOBS_DEFINED #define CRYPTO_BLOBS_DEFINED
typedef struct _CRYPTOAPI_BLOB { typedef struct _CRYPTOAPI_BLOB {
DWORD cbData; DWORD cbData;
__field_bcount(cbData) BYTE *pbData; _Field_size_bytes_(cbData) BYTE *pbData;
} CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB, } CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB,
CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB, CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB,
CRYPT_OBJID_BLOB, *PCRYPT_OBJID_BLOB, CRYPT_OBJID_BLOB, *PCRYPT_OBJID_BLOB,
CERT_NAME_BLOB, *PCERT_NAME_BLOB, CERT_NAME_BLOB, *PCERT_NAME_BLOB,
CERT_RDN_VALUE_BLOB, *PCERT_RDN_VALUE_BLOB, CERT_RDN_VALUE_BLOB, *PCERT_RDN_VALUE_BLOB,
CERT_BLOB, *PCERT_BLOB, CERT_BLOB, *PCERT_BLOB,
CRL_BLOB, *PCRL_BLOB, CRL_BLOB, *PCRL_BLOB,
DATA_BLOB, *PDATA_BLOB, DATA_BLOB, *PDATA_BLOB,
CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB, CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB,
CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB, CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB,
CRYPT_DIGEST_BLOB, *PCRYPT_DIGEST_BLOB, CRYPT_DIGEST_BLOB, *PCRYPT_DIGEST_BLOB,
CRYPT_DER_BLOB, *PCRYPT_DER_BLOB, CRYPT_DER_BLOB, *PCRYPT_DER_BLOB,
CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB; CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB;
#endif #endif
// certenrolls_end // certenrolls_end
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) */
#pragma endregion
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
// structure for use with CryptSetKeyParam for CMS keys // structure for use with CryptSetKeyParam for CMS keys
typedef struct _CMS_DH_KEY_INFO { typedef struct _CMS_DH_KEY_INFO {
DWORD dwVersion; // sizeof(CMS_DH_KEY_INF O) DWORD dwVersion; // sizeof(CMS_DH_KEY_INF O)
ALG_ID Algid; // algorithmm id for the key to be converted ALG_ID Algid; // algorithmm id for the key to be converted
LPSTR pszContentEncObjId; // pointer to OID to hash in with Z LPSTR pszContentEncObjId; // pointer to OID to hash in with Z
CRYPT_DATA_BLOB PubInfo; // OPTIONAL - public information CRYPT_DATA_BLOB PubInfo; // OPTIONAL - public information
void *pReserved; // reserved - should be NULL void *pReserved; // reserved - should be NULL
} CMS_DH_KEY_INFO, *PCMS_DH_KEY_INFO; } CMS_DH_KEY_INFO, *PCMS_DH_KEY_INFO;
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptAcquireContextA( CryptAcquireContextA(
__out HCRYPTPROV *phProv, _Out_ HCRYPTPROV *phProv,
__in_opt LPCSTR szContainer, _In_opt_ LPCSTR szContainer,
__in_opt LPCSTR szProvider, _In_opt_ LPCSTR szProvider,
__in DWORD dwProvType, _In_ DWORD dwProvType,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptAcquireContextW( CryptAcquireContextW(
__out HCRYPTPROV *phProv, _Out_ HCRYPTPROV *phProv,
__in_opt LPCWSTR szContainer, _In_opt_ LPCWSTR szContainer,
__in_opt LPCWSTR szProvider, _In_opt_ LPCWSTR szProvider,
__in DWORD dwProvType, _In_ DWORD dwProvType,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptAcquireContext CryptAcquireContextW #define CryptAcquireContext CryptAcquireContextW
#else #else
#define CryptAcquireContext CryptAcquireContextA #define CryptAcquireContext CryptAcquireContextA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptAcquireContextA( CryptAcquireContextA(
HCRYPTPROV *phProv, HCRYPTPROV *phProv,
LPCSTR szContainer, LPCSTR szContainer,
LPCSTR szProvider, LPCSTR szProvider,
DWORD dwProvType, DWORD dwProvType,
DWORD dwFlags DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptAcquireContextW( CryptAcquireContextW(
HCRYPTPROV *phProv, HCRYPTPROV *phProv,
LPCWSTR szContainer, LPCWSTR szContainer,
LPCWSTR szProvider, LPCWSTR szProvider,
DWORD dwProvType, DWORD dwProvType,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptAcquireContextA( CryptAcquireContextA(
HCRYPTPROV *phProv, HCRYPTPROV *phProv,
LPCSTR pszContainer, LPCSTR pszContainer,
LPCSTR pszProvider, LPCSTR pszProvider,
DWORD dwProvType, DWORD dwProvType,
skipping to change at line 1081 skipping to change at line 1101
WINAPI WINAPI
CryptAcquireContextW( CryptAcquireContextW(
HCRYPTPROV *phProv, HCRYPTPROV *phProv,
LPCWSTR pszContainer, LPCWSTR pszContainer,
LPCWSTR pszProvider, LPCWSTR pszProvider,
DWORD dwProvType, DWORD dwProvType,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION < NTDDI_VISTA)
#ifdef UNICODE #ifdef UNICODE
#define CryptAcquireContext CryptAcquireContextW #define CryptAcquireContext CryptAcquireContextW
#else #else
#define CryptAcquireContext CryptAcquireContextA #define CryptAcquireContext CryptAcquireContextA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptReleaseContext( CryptReleaseContext(
__in HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptReleaseContext( CryptReleaseContext(
HCRYPTPROV hProv, HCRYPTPROV hProv,
ULONG_PTR dwFlags ULONG_PTR dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGenKey( CryptGenKey(
__in HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
__in ALG_ID Algid, _In_ ALG_ID Algid,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out HCRYPTKEY *phKey _Out_ HCRYPTKEY *phKey
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDeriveKey( CryptDeriveKey(
__in HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
__in ALG_ID Algid, _In_ ALG_ID Algid,
__in HCRYPTHASH hBaseData, _In_ HCRYPTHASH hBaseData,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out HCRYPTKEY *phKey _Out_ HCRYPTKEY *phKey
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDestroyKey( CryptDestroyKey(
__in HCRYPTKEY hKey _In_ HCRYPTKEY hKey
); );
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetKeyParam( CryptSetKeyParam(
__in HCRYPTKEY hKey, _In_ HCRYPTKEY hKey,
__in DWORD dwParam, _In_ DWORD dwParam,
__in CONST BYTE *pbData, _In_ CONST BYTE *pbData,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetKeyParam( CryptSetKeyParam(
HCRYPTKEY hKey, HCRYPTKEY hKey,
DWORD dwParam, DWORD dwParam,
BYTE *pbData, BYTE *pbData,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetKeyParam( CryptGetKeyParam(
__in HCRYPTKEY hKey, _In_ HCRYPTKEY hKey,
__in DWORD dwParam, _In_ DWORD dwParam,
__out_bcount_part_opt(*pdwDataLen, *pdwDataLen) BYTE *pbData, _Out_writes_bytes_to_opt_(*pdwDataLen, *pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen, _Inout_ DWORD *pdwDataLen,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetHashParam( CryptSetHashParam(
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__in DWORD dwParam, _In_ DWORD dwParam,
__in CONST BYTE *pbData, _In_ CONST BYTE *pbData,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetHashParam( CryptSetHashParam(
HCRYPTHASH hHash, HCRYPTHASH hHash,
DWORD dwParam, DWORD dwParam,
BYTE*pbData, BYTE*pbData,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetHashParam( CryptGetHashParam(
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__in DWORD dwParam, _In_ DWORD dwParam,
__out_bcount_part_opt(*pdwDataLen, *pdwDataLen) BYTE *pbData, _Out_writes_bytes_to_opt_(*pdwDataLen, *pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen, _Inout_ DWORD *pdwDataLen,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
#if (NTDDI_VERSION >= NTDDI_WINXP) #if (NTDDI_VERSION >= NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProvParam( CryptSetProvParam(
__in HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
__in DWORD dwParam, _In_ DWORD dwParam,
__in CONST BYTE *pbData, _In_ CONST BYTE *pbData,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) #endif //(NTDDI_VERSION >= NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProvParam( CryptSetProvParam(
HCRYPTPROV hProv, HCRYPTPROV hProv,
DWORD dwParam, DWORD dwParam,
BYTE*pbData, BYTE*pbData,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetProvParam( CryptGetProvParam(
__in HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
__in DWORD dwParam, _In_ DWORD dwParam,
__out_bcount_part_opt(*pdwDataLen, *pdwDataLen) BYTE *pbData, _Out_writes_bytes_to_opt_(*pdwDataLen, *pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen, _Inout_ DWORD *pdwDataLen,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGenRandom( CryptGenRandom(
__in HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
__in DWORD dwLen, _In_ DWORD dwLen,
__inout_bcount(dwLen) BYTE *pbBuffer _Inout_updates_bytes_(dwLen) BYTE *pbBuffer
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetUserKey( CryptGetUserKey(
__in HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
__in DWORD dwKeySpec, _In_ DWORD dwKeySpec,
__out HCRYPTKEY *phUserKey _Out_ HCRYPTKEY *phUserKey
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptExportKey( CryptExportKey(
__in HCRYPTKEY hKey, _In_ HCRYPTKEY hKey,
__in HCRYPTKEY hExpKey, _In_ HCRYPTKEY hExpKey,
__in DWORD dwBlobType, _In_ DWORD dwBlobType,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pdwDataLen, *pdwDataLen) BYTE *pbData, _Out_writes_bytes_to_opt_(*pdwDataLen, *pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen _Inout_ DWORD *pdwDataLen
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptImportKey( CryptImportKey(
__in HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
__in_bcount(dwDataLen) CONST BYTE *pbData, _In_reads_bytes_(dwDataLen) CONST BYTE *pbData,
__in DWORD dwDataLen, _In_ DWORD dwDataLen,
__in HCRYPTKEY hPubKey, _In_ HCRYPTKEY hPubKey,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out HCRYPTKEY *phKey _Out_ HCRYPTKEY *phKey
); );
WINADVAPI WINADVAPI
__success(0 != return) BOOL _Success_(0 != return) BOOL
WINAPI WINAPI
CryptEncrypt( CryptEncrypt(
__in HCRYPTKEY hKey, _In_ HCRYPTKEY hKey,
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__in BOOL Final, _In_ BOOL Final,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__inout_bcount_part_opt(dwBufLen, *pdwDataLen) BYTE *pbData, _Inout_updates_bytes_to_opt_(dwBufLen, *pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen, _Inout_ DWORD *pdwDataLen,
__in DWORD dwBufLen _In_ DWORD dwBufLen
); );
WINADVAPI WINADVAPI
__success(0 != return) BOOL _Success_(0 != return) BOOL
WINAPI WINAPI
CryptDecrypt( CryptDecrypt(
__in HCRYPTKEY hKey, _In_ HCRYPTKEY hKey,
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__in BOOL Final, _In_ BOOL Final,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__inout_bcount_part(*pdwDataLen, *pdwDataLen) BYTE *pbData, _Inout_updates_bytes_to_(*pdwDataLen, *pdwDataLen) BYTE *pbData,
__inout DWORD *pdwDataLen _Inout_ DWORD *pdwDataLen
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptCreateHash( CryptCreateHash(
__in HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
__in ALG_ID Algid, _In_ ALG_ID Algid,
__in HCRYPTKEY hKey, _In_ HCRYPTKEY hKey,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out HCRYPTHASH *phHash _Out_ HCRYPTHASH *phHash
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptHashData( CryptHashData(
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__in_bcount(dwDataLen) CONST BYTE *pbData, _In_reads_bytes_(dwDataLen) CONST BYTE *pbData,
__in DWORD dwDataLen, _In_ DWORD dwDataLen,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptHashSessionKey( CryptHashSessionKey(
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__in HCRYPTKEY hKey, _In_ HCRYPTKEY hKey,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDestroyHash( CryptDestroyHash(
__in HCRYPTHASH hHash _In_ HCRYPTHASH hHash
); );
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSignHashA( CryptSignHashA(
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__in DWORD dwKeySpec, _In_ DWORD dwKeySpec,
__in_opt LPCSTR szDescription, _In_opt_ LPCSTR szDescription,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pdwSigLen, *pdwSigLen) BYTE *pbSignature, _Out_writes_bytes_to_opt_(*pdwSigLen, *pdwSigLen) BYTE *pbSignature,
__inout DWORD *pdwSigLen _Inout_ DWORD *pdwSigLen
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSignHashW( CryptSignHashW(
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__in DWORD dwKeySpec, _In_ DWORD dwKeySpec,
__in_opt LPCWSTR szDescription, _In_opt_ LPCWSTR szDescription,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pdwSigLen, *pdwSigLen) BYTE *pbSignature, _Out_writes_bytes_to_opt_(*pdwSigLen, *pdwSigLen) BYTE *pbSignature,
__inout DWORD *pdwSigLen _Inout_ DWORD *pdwSigLen
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptSignHash CryptSignHashW #define CryptSignHash CryptSignHashW
#else #else
#define CryptSignHash CryptSignHashA #define CryptSignHash CryptSignHashA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSignHashA( CryptSignHashA(
HCRYPTHASH hHash, HCRYPTHASH hHash,
DWORD dwKeySpec, DWORD dwKeySpec,
LPCSTR szDescription, LPCSTR szDescription,
DWORD dwFlags, DWORD dwFlags,
BYTE *pbSignature, BYTE *pbSignature,
DWORD *pdwSigLen DWORD *pdwSigLen
skipping to change at line 1399 skipping to change at line 1419
BOOL BOOL
WINAPI WINAPI
CryptSignHashW( CryptSignHashW(
HCRYPTHASH hHash, HCRYPTHASH hHash,
DWORD dwKeySpec, DWORD dwKeySpec,
LPCWSTR szDescription, LPCWSTR szDescription,
DWORD dwFlags, DWORD dwFlags,
BYTE *pbSignature, BYTE *pbSignature,
DWORD *pdwSigLen DWORD *pdwSigLen
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSignHashA( CryptSignHashA(
HCRYPTHASH hHash, HCRYPTHASH hHash,
DWORD dwKeySpec, DWORD dwKeySpec,
LPCSTR sDescription, LPCSTR sDescription,
DWORD dwFlags, DWORD dwFlags,
skipping to change at line 1426 skipping to change at line 1446
CryptSignHashW( CryptSignHashW(
HCRYPTHASH hHash, HCRYPTHASH hHash,
DWORD dwKeySpec, DWORD dwKeySpec,
LPCWSTR sDescription, LPCWSTR sDescription,
DWORD dwFlags, DWORD dwFlags,
BYTE *pbSignature, BYTE *pbSignature,
DWORD *pdwSigLen DWORD *pdwSigLen
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION < NTDDI_VISTA)
#ifdef UNICODE #ifdef UNICODE
#define CryptSignHash CryptSignHashW #define CryptSignHash CryptSignHashW
#else #else
#define CryptSignHash CryptSignHashA #define CryptSignHash CryptSignHashA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptVerifySignatureA( CryptVerifySignatureA(
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__in_bcount(dwSigLen) CONST BYTE *pbSignature, _In_reads_bytes_(dwSigLen) CONST BYTE *pbSignature,
__in DWORD dwSigLen, _In_ DWORD dwSigLen,
__in HCRYPTKEY hPubKey, _In_ HCRYPTKEY hPubKey,
__in_opt LPCSTR szDescription, _In_opt_ LPCSTR szDescription,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptVerifySignatureW( CryptVerifySignatureW(
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__in_bcount(dwSigLen) CONST BYTE *pbSignature, _In_reads_bytes_(dwSigLen) CONST BYTE *pbSignature,
__in DWORD dwSigLen, _In_ DWORD dwSigLen,
__in HCRYPTKEY hPubKey, _In_ HCRYPTKEY hPubKey,
__in_opt LPCWSTR szDescription, _In_opt_ LPCWSTR szDescription,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptVerifySignature CryptVerifySignatureW #define CryptVerifySignature CryptVerifySignatureW
#else #else
#define CryptVerifySignature CryptVerifySignatureA #define CryptVerifySignature CryptVerifySignatureA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptVerifySignatureA( CryptVerifySignatureA(
HCRYPTHASH hHash, HCRYPTHASH hHash,
CONST BYTE *pbSignature, CONST BYTE *pbSignature,
DWORD dwSigLen, DWORD dwSigLen,
HCRYPTKEY hPubKey, HCRYPTKEY hPubKey,
LPCSTR szDescription, LPCSTR szDescription,
DWORD dwFlags DWORD dwFlags
skipping to change at line 1487 skipping to change at line 1507
BOOL BOOL
WINAPI WINAPI
CryptVerifySignatureW( CryptVerifySignatureW(
HCRYPTHASH hHash, HCRYPTHASH hHash,
CONST BYTE *pbSignature, CONST BYTE *pbSignature,
DWORD dwSigLen, DWORD dwSigLen,
HCRYPTKEY hPubKey, HCRYPTKEY hPubKey,
LPCWSTR szDescription, LPCWSTR szDescription,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptVerifySignatureA( CryptVerifySignatureA(
HCRYPTHASH hHash, HCRYPTHASH hHash,
CONST BYTE *pbSignature, CONST BYTE *pbSignature,
DWORD dwSigLen, DWORD dwSigLen,
HCRYPTKEY hPubKey, HCRYPTKEY hPubKey,
skipping to change at line 1514 skipping to change at line 1534
CryptVerifySignatureW( CryptVerifySignatureW(
HCRYPTHASH hHash, HCRYPTHASH hHash,
CONST BYTE *pbSignature, CONST BYTE *pbSignature,
DWORD dwSigLen, DWORD dwSigLen,
HCRYPTKEY hPubKey, HCRYPTKEY hPubKey,
LPCWSTR sDescription, LPCWSTR sDescription,
DWORD dwFlags DWORD dwFlags
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION < NTDDI_VISTA)
#ifdef UNICODE #ifdef UNICODE
#define CryptVerifySignature CryptVerifySignatureW #define CryptVerifySignature CryptVerifySignatureW
#else #else
#define CryptVerifySignature CryptVerifySignatureA #define CryptVerifySignature CryptVerifySignatureA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProviderA( CryptSetProviderA(
__in LPCSTR pszProvName, _In_ LPCSTR pszProvName,
__in DWORD dwProvType _In_ DWORD dwProvType
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProviderW( CryptSetProviderW(
__in LPCWSTR pszProvName, _In_ LPCWSTR pszProvName,
__in DWORD dwProvType _In_ DWORD dwProvType
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptSetProvider CryptSetProviderW #define CryptSetProvider CryptSetProviderW
#else #else
#define CryptSetProvider CryptSetProviderA #define CryptSetProvider CryptSetProviderA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION < NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProviderA( CryptSetProviderA(
LPCSTR pszProvName, LPCSTR pszProvName,
DWORD dwProvType DWORD dwProvType
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProviderW( CryptSetProviderW(
LPCWSTR pszProvName, LPCWSTR pszProvName,
DWORD dwProvType DWORD dwProvType
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptSetProvider CryptSetProviderW #define CryptSetProvider CryptSetProviderW
#else #else
#define CryptSetProvider CryptSetProviderA #define CryptSetProvider CryptSetProviderA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProviderExA( CryptSetProviderExA(
__in LPCSTR pszProvName, _In_ LPCSTR pszProvName,
__in DWORD dwProvType, _In_ DWORD dwProvType,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProviderExW( CryptSetProviderExW(
__in LPCWSTR pszProvName, _In_ LPCWSTR pszProvName,
__in DWORD dwProvType, _In_ DWORD dwProvType,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptSetProviderEx CryptSetProviderExW #define CryptSetProviderEx CryptSetProviderExW
#else #else
#define CryptSetProviderEx CryptSetProviderExA #define CryptSetProviderEx CryptSetProviderExA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION < NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptSetProviderExA( CryptSetProviderExA(
LPCSTR pszProvName, LPCSTR pszProvName,
DWORD dwProvType, DWORD dwProvType,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags DWORD dwFlags
); );
WINADVAPI WINADVAPI
skipping to change at line 1616 skipping to change at line 1636
LPCWSTR pszProvName, LPCWSTR pszProvName,
DWORD dwProvType, DWORD dwProvType,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags DWORD dwFlags
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptSetProviderEx CryptSetProviderExW #define CryptSetProviderEx CryptSetProviderExW
#else #else
#define CryptSetProviderEx CryptSetProviderExA #define CryptSetProviderEx CryptSetProviderExA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
WINADVAPI WINADVAPI
__success(0 != return) BOOL _Success_(0 != return) BOOL
WINAPI WINAPI
CryptGetDefaultProviderA( CryptGetDefaultProviderA(
__in DWORD dwProvType, _In_ DWORD dwProvType,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbProvName, *pcbProvName) LPSTR pszProvName, _Out_writes_bytes_to_opt_(*pcbProvName, *pcbProvName) LPSTR pszProvName,
__inout DWORD *pcbProvName _Inout_ DWORD *pcbProvName
); );
WINADVAPI WINADVAPI
__success(0 != return) BOOL _Success_(0 != return) BOOL
WINAPI WINAPI
CryptGetDefaultProviderW( CryptGetDefaultProviderW(
__in DWORD dwProvType, _In_ DWORD dwProvType,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbProvName, *pcbProvName) LPWSTR pszProvName, _Out_writes_bytes_to_opt_(*pcbProvName, *pcbProvName) LPWSTR pszProvName,
__inout DWORD *pcbProvName _Inout_ DWORD *pcbProvName
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptGetDefaultProvider CryptGetDefaultProviderW #define CryptGetDefaultProvider CryptGetDefaultProviderW
#else #else
#define CryptGetDefaultProvider CryptGetDefaultProviderA #define CryptGetDefaultProvider CryptGetDefaultProviderA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION < NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptGetDefaultProviderA( CryptGetDefaultProviderA(
DWORD dwProvType, DWORD dwProvType,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
LPSTR pszProvName, LPSTR pszProvName,
DWORD *pcbProvName DWORD *pcbProvName
); );
skipping to change at line 1672 skipping to change at line 1692
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
LPWSTR pszProvName, LPWSTR pszProvName,
DWORD *pcbProvName DWORD *pcbProvName
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptGetDefaultProvider CryptGetDefaultProviderW #define CryptGetDefaultProvider CryptGetDefaultProviderW
#else #else
#define CryptGetDefaultProvider CryptGetDefaultProviderA #define CryptGetDefaultProvider CryptGetDefaultProviderA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
WINADVAPI WINADVAPI
__success(0 != return) BOOL _Success_(0 != return) BOOL
WINAPI WINAPI
CryptEnumProviderTypesA( CryptEnumProviderTypesA(
__in DWORD dwIndex, _In_ DWORD dwIndex,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out DWORD *pdwProvType, _Out_ DWORD *pdwProvType,
__out_bcount_part_opt(*pcbTypeName, *pcbTypeName) LPSTR szTypeName, _Out_writes_bytes_to_opt_(*pcbTypeName, *pcbTypeName) LPSTR szTypeName,
__inout DWORD *pcbTypeName _Inout_ DWORD *pcbTypeName
); );
WINADVAPI WINADVAPI
__success(0 != return) BOOL _Success_(0 != return) BOOL
WINAPI WINAPI
CryptEnumProviderTypesW( CryptEnumProviderTypesW(
__in DWORD dwIndex, _In_ DWORD dwIndex,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out DWORD *pdwProvType, _Out_ DWORD *pdwProvType,
__out_bcount_part_opt(*pcbTypeName, *pcbTypeName) LPWSTR szTypeName, _Out_writes_bytes_to_opt_(*pcbTypeName, *pcbTypeName) LPWSTR szTypeName,
__inout DWORD *pcbTypeName _Inout_ DWORD *pcbTypeName
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptEnumProviderTypes CryptEnumProviderTypesW #define CryptEnumProviderTypes CryptEnumProviderTypesW
#else #else
#define CryptEnumProviderTypes CryptEnumProviderTypesA #define CryptEnumProviderTypes CryptEnumProviderTypesA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptEnumProviderTypesA( CryptEnumProviderTypesA(
DWORD dwIndex, DWORD dwIndex,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD *pdwProvType, DWORD *pdwProvType,
LPSTR szTypeName, LPSTR szTypeName,
DWORD *pcbTypeName DWORD *pcbTypeName
skipping to change at line 1727 skipping to change at line 1747
BOOL BOOL
WINAPI WINAPI
CryptEnumProviderTypesW( CryptEnumProviderTypesW(
DWORD dwIndex, DWORD dwIndex,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD *pdwProvType, DWORD *pdwProvType,
LPWSTR szTypeName, LPWSTR szTypeName,
DWORD *pcbTypeName DWORD *pcbTypeName
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptEnumProviderTypesA( CryptEnumProviderTypesA(
DWORD dwIndex, DWORD dwIndex,
DWORD * pdwReserved, DWORD * pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD * pdwProvType, DWORD * pdwProvType,
skipping to change at line 1754 skipping to change at line 1774
CryptEnumProviderTypesW( CryptEnumProviderTypesW(
DWORD dwIndex, DWORD dwIndex,
DWORD * pdwReserved, DWORD * pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD * pdwProvType, DWORD * pdwProvType,
LPWSTR pszTypeName, LPWSTR pszTypeName,
DWORD * pcbTypeName DWORD * pcbTypeName
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION < NTDDI_VISTA)
#ifdef UNICODE #ifdef UNICODE
#define CryptEnumProviderTypes CryptEnumProviderTypesW #define CryptEnumProviderTypes CryptEnumProviderTypesW
#else #else
#define CryptEnumProviderTypes CryptEnumProviderTypesA #define CryptEnumProviderTypes CryptEnumProviderTypesA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
WINADVAPI WINADVAPI
__success(0 != return) BOOL _Success_(0 != return) BOOL
WINAPI WINAPI
CryptEnumProvidersA( CryptEnumProvidersA(
__in DWORD dwIndex, _In_ DWORD dwIndex,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out DWORD *pdwProvType, _Out_ DWORD *pdwProvType,
__out_bcount_part_opt(*pcbProvName, *pcbProvName) LPSTR szProvName, _Out_writes_bytes_to_opt_(*pcbProvName, *pcbProvName) LPSTR szProvName,
__inout DWORD *pcbProvName _Inout_ DWORD *pcbProvName
); );
WINADVAPI WINADVAPI
__success(0 != return) BOOL _Success_(0 != return) BOOL
WINAPI WINAPI
CryptEnumProvidersW( CryptEnumProvidersW(
__in DWORD dwIndex, _In_ DWORD dwIndex,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out DWORD *pdwProvType, _Out_ DWORD *pdwProvType,
__out_bcount_part_opt(*pcbProvName, *pcbProvName) LPWSTR szProvName, _Out_writes_bytes_to_opt_(*pcbProvName, *pcbProvName) LPWSTR szProvName,
__inout DWORD *pcbProvName _Inout_ DWORD *pcbProvName
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptEnumProviders CryptEnumProvidersW #define CryptEnumProviders CryptEnumProvidersW
#else #else
#define CryptEnumProviders CryptEnumProvidersA #define CryptEnumProviders CryptEnumProvidersA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION >= NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_VISTA)
#if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptEnumProvidersA( CryptEnumProvidersA(
DWORD dwIndex, DWORD dwIndex,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD *pdwProvType, DWORD *pdwProvType,
LPSTR szProvName, LPSTR szProvName,
DWORD *pcbProvName DWORD *pcbProvName
skipping to change at line 1815 skipping to change at line 1835
BOOL BOOL
WINAPI WINAPI
CryptEnumProvidersW( CryptEnumProvidersW(
DWORD dwIndex, DWORD dwIndex,
DWORD *pdwReserved, DWORD *pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD *pdwProvType, DWORD *pdwProvType,
LPWSTR szProvName, LPWSTR szProvName,
DWORD *pcbProvName DWORD *pcbProvName
); );
#endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION >= NTDDI_WINXP) && (NTDDI_VERSION < NTDDI_VISTA)
#if (NTDDI_VERSION < NTDDI_WINXP) #if (NTDDI_VERSION < NTDDI_WINXP)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptEnumProvidersA( CryptEnumProvidersA(
DWORD dwIndex, DWORD dwIndex,
DWORD * pdwReserved, DWORD * pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD * pdwProvType, DWORD * pdwProvType,
skipping to change at line 1842 skipping to change at line 1862
CryptEnumProvidersW( CryptEnumProvidersW(
DWORD dwIndex, DWORD dwIndex,
DWORD * pdwReserved, DWORD * pdwReserved,
DWORD dwFlags, DWORD dwFlags,
DWORD * pdwProvType, DWORD * pdwProvType,
LPWSTR pszProvName, LPWSTR pszProvName,
DWORD * pcbProvName DWORD * pcbProvName
); );
#endif //(NTDDI_VERSION < NTDDI_WINXP) #endif //(NTDDI_VERSION < NTDDI_WINXP)
#if (NTDDI_VERSION < NTDDI_WINLH) #if (NTDDI_VERSION < NTDDI_VISTA)
#ifdef UNICODE #ifdef UNICODE
#define CryptEnumProviders CryptEnumProvidersW #define CryptEnumProviders CryptEnumProvidersW
#else #else
#define CryptEnumProviders CryptEnumProvidersA #define CryptEnumProviders CryptEnumProvidersA
#endif // !UNICODE #endif // !UNICODE
#endif //(NTDDI_VERSION < NTDDI_WINLH) #endif //(NTDDI_VERSION < NTDDI_VISTA)
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptContextAddRef( CryptContextAddRef(
__in HCRYPTPROV hProv, _In_ HCRYPTPROV hProv,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDuplicateKey( CryptDuplicateKey(
__in HCRYPTKEY hKey, _In_ HCRYPTKEY hKey,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out HCRYPTKEY *phKey _Out_ HCRYPTKEY *phKey
); );
WINADVAPI WINADVAPI
BOOL BOOL
WINAPI WINAPI
CryptDuplicateHash( CryptDuplicateHash(
__in HCRYPTHASH hHash, _In_ HCRYPTHASH hHash,
__reserved DWORD *pdwReserved, _Reserved_ DWORD *pdwReserved,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out HCRYPTHASH *phHash _Out_ HCRYPTHASH *phHash
); );
#if (NTDDI_VERSION >= NTDDI_WS03) #if (NTDDI_VERSION >= NTDDI_WS03)
// //
// This function is provided in Microsoft Windows 2000 as a means of // This function is provided in Microsoft Windows 2000 as a means of
// installing the 128-bit encryption provider. This function is unavailable // installing the 128-bit encryption provider. This function is unavailable
// in Microsoft Windows XP, because Windows XP ships with the 128-bit // in Microsoft Windows XP, because Windows XP ships with the 128-bit
// encryption provider. // encryption provider.
// //
BOOL BOOL
__cdecl __cdecl
GetEncSChannel( GetEncSChannel(
BYTE **pData, _Outptr_result_buffer_(*dwDecSize) BYTE **pData,
DWORD *dwDecSize _Out_ DWORD *dwDecSize
); );
#endif //(NTDDI_VERSION >= NTDDI_WS03) #endif //(NTDDI_VERSION >= NTDDI_WS03)
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#if !defined(_DDK_DRIVER_) #if !defined(_DDK_DRIVER_)
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
// In Vista, the following APIs were updated to support the new // In Vista, the following APIs were updated to support the new
// CNG (Cryptography Next Generation) BCrypt* and NCrypt* APIs in addition // CNG (Cryptography Next Generation) BCrypt* and NCrypt* APIs in addition
// to the above CAPI1 APIs. // to the above CAPI1 APIs.
// Include the definitions for the CNG APIs // Include the definitions for the CNG APIs
#include <bcrypt.h> #include <bcrypt.h>
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#pragma region Application Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
#include <ncrypt.h> #include <ncrypt.h>
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) */
#pragma endregion
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
// This type is used when the API can take either the CAPI1 HCRYPTPROV or // This type is used when the API can take either the CAPI1 HCRYPTPROV or
// the CNG NCRYPT_KEY_HANDLE. Where appropriate, the HCRYPTPROV will be // the CNG NCRYPT_KEY_HANDLE. Where appropriate, the HCRYPTPROV will be
// converted to a NCRYPT_KEY_HANDLE via the CNG NCryptTranslateHandle(). // converted to a NCRYPT_KEY_HANDLE via the CNG NCryptTranslateHandle().
typedef ULONG_PTR HCRYPTPROV_OR_NCRYPT_KEY_HANDLE; typedef ULONG_PTR HCRYPTPROV_OR_NCRYPT_KEY_HANDLE;
// This type is used where the HCRYPTPROV parameter is no longer used. // This type is used where the HCRYPTPROV parameter is no longer used.
// The caller should always pass in NULL. // The caller should always pass in NULL.
typedef ULONG_PTR HCRYPTPROV_LEGACY; typedef ULONG_PTR HCRYPTPROV_LEGACY;
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#pragma region Application Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// In a CRYPT_BIT_BLOB the last byte may contain 0-7 unused bits. Therefore, th e // In a CRYPT_BIT_BLOB the last byte may contain 0-7 unused bits. Therefore, th e
// overall bit length is cbData * 8 - cUnusedBits. // overall bit length is cbData * 8 - cUnusedBits.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT // certenrolls_begin -- CERT_CONTEXT
typedef struct _CRYPT_BIT_BLOB { typedef struct _CRYPT_BIT_BLOB {
DWORD cbData; DWORD cbData;
BYTE *pbData; BYTE *pbData;
DWORD cUnusedBits; DWORD cUnusedBits;
} CRYPT_BIT_BLOB, *PCRYPT_BIT_BLOB; } CRYPT_BIT_BLOB, *PCRYPT_BIT_BLOB;
skipping to change at line 1936 skipping to change at line 1981
// //
// Where the Parameters CRYPT_OBJID_BLOB is in its encoded representation. For most // Where the Parameters CRYPT_OBJID_BLOB is in its encoded representation. For most
// algorithm types, the Parameters CRYPT_OBJID_BLOB is NULL (Parameters.cbData = 0). // algorithm types, the Parameters CRYPT_OBJID_BLOB is NULL (Parameters.cbData = 0).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_ALGORITHM_IDENTIFIER { typedef struct _CRYPT_ALGORITHM_IDENTIFIER {
LPSTR pszObjId; LPSTR pszObjId;
CRYPT_OBJID_BLOB Parameters; CRYPT_OBJID_BLOB Parameters;
} CRYPT_ALGORITHM_IDENTIFIER, *PCRYPT_ALGORITHM_IDENTIFIER; } CRYPT_ALGORITHM_IDENTIFIER, *PCRYPT_ALGORITHM_IDENTIFIER;
// certenrolls_end // certenrolls_end
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) */
#pragma endregion
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
// Following are the definitions of various algorithm object identifiers // Following are the definitions of various algorithm object identifiers
// RSA // RSA
#define szOID_RSA "1.2.840.113549" #define szOID_RSA "1.2.840.113549"
#define szOID_PKCS "1.2.840.113549.1" #define szOID_PKCS "1.2.840.113549.1"
#define szOID_RSA_HASH "1.2.840.113549.2" #define szOID_RSA_HASH "1.2.840.113549.2"
#define szOID_RSA_ENCRYPT "1.2.840.113549.3" #define szOID_RSA_ENCRYPT "1.2.840.113549.3"
#define szOID_PKCS_1 "1.2.840.113549.1.1" #define szOID_PKCS_1 "1.2.840.113549.1.1"
#define szOID_PKCS_2 "1.2.840.113549.1.2" #define szOID_PKCS_2 "1.2.840.113549.1.2"
#define szOID_PKCS_3 "1.2.840.113549.1.3" #define szOID_PKCS_3 "1.2.840.113549.1.3"
skipping to change at line 2171 skipping to change at line 2222
} CRYPT_OBJID_TABLE, *PCRYPT_OBJID_TABLE; } CRYPT_OBJID_TABLE, *PCRYPT_OBJID_TABLE;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PKCS #1 HashInfo (DigestInfo) // PKCS #1 HashInfo (DigestInfo)
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_HASH_INFO { typedef struct _CRYPT_HASH_INFO {
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_HASH_BLOB Hash; CRYPT_HASH_BLOB Hash;
} CRYPT_HASH_INFO, *PCRYPT_HASH_INFO; } CRYPT_HASH_INFO, *PCRYPT_HASH_INFO;
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#pragma region Application Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Type used for an extension to an encoded content // Type used for an extension to an encoded content
// //
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation. // Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT // certenrolls_begin -- CERT_CONTEXT
typedef struct _CERT_EXTENSION { typedef struct _CERT_EXTENSION {
LPSTR pszObjId; LPSTR pszObjId;
BOOL fCritical; BOOL fCritical;
CRYPT_OBJID_BLOB Value; CRYPT_OBJID_BLOB Value;
} CERT_EXTENSION, *PCERT_EXTENSION; } CERT_EXTENSION, *PCERT_EXTENSION;
typedef const CERT_EXTENSION* PCCERT_EXTENSION; typedef const CERT_EXTENSION* PCCERT_EXTENSION;
// certenrolls_end // certenrolls_end
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) */
#pragma endregion
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// AttributeTypeValue // AttributeTypeValue
// //
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation. // Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CRYPT_ATTRIBUTE_TYPE_VALUE // certenrolls_begin -- CRYPT_ATTRIBUTE_TYPE_VALUE
typedef struct _CRYPT_ATTRIBUTE_TYPE_VALUE { typedef struct _CRYPT_ATTRIBUTE_TYPE_VALUE {
LPSTR pszObjId; LPSTR pszObjId;
CRYPT_OBJID_BLOB Value; CRYPT_OBJID_BLOB Value;
} CRYPT_ATTRIBUTE_TYPE_VALUE, *PCRYPT_ATTRIBUTE_TYPE_VALUE; } CRYPT_ATTRIBUTE_TYPE_VALUE, *PCRYPT_ATTRIBUTE_TYPE_VALUE;
skipping to change at line 2309 skipping to change at line 2372
// Pilot user attribute types: // Pilot user attribute types:
#define szOID_DOMAIN_COMPONENT "0.9.2342.19200300.100.1.25" // IA5, UTF8 string #define szOID_DOMAIN_COMPONENT "0.9.2342.19200300.100.1.25" // IA5, UTF8 string
// used for PKCS 12 attributes // used for PKCS 12 attributes
#define szOID_PKCS_12_FRIENDLY_NAME_ATTR "1.2.840.113549.1.9.20" #define szOID_PKCS_12_FRIENDLY_NAME_ATTR "1.2.840.113549.1.9.20"
#define szOID_PKCS_12_LOCAL_KEY_ID "1.2.840.113549.1.9.21" #define szOID_PKCS_12_LOCAL_KEY_ID "1.2.840.113549.1.9.21"
#define szOID_PKCS_12_KEY_PROVIDER_NAME_ATTR "1.3.6.1.4.1.311.17.1" #define szOID_PKCS_12_KEY_PROVIDER_NAME_ATTR "1.3.6.1.4.1.311.17.1"
#define szOID_LOCAL_MACHINE_KEYSET "1.3.6.1.4.1.311.17.2" #define szOID_LOCAL_MACHINE_KEYSET "1.3.6.1.4.1.311.17.2"
#define szOID_PKCS_12_EXTENDED_ATTRIBUTES "1.3.6.1.4.1.311.17.3" #define szOID_PKCS_12_EXTENDED_ATTRIBUTES "1.3.6.1.4.1.311.17.3"
#define szOID_PKCS_12_PROTECTED_PASSWORD_SECRET_BAG_TYPE_ID "1.3.6.1.4.1.311.17. 4"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Microsoft CERT_RDN attribute Object Identifiers // Microsoft CERT_RDN attribute Object Identifiers
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Special RDN containing the KEY_ID. Its value type is CERT_RDN_OCTET_STRING. // Special RDN containing the KEY_ID. Its value type is CERT_RDN_OCTET_STRING.
#define szOID_KEYID_RDN "1.3.6.1.4.1.311.10.7.1" #define szOID_KEYID_RDN "1.3.6.1.4.1.311.10.7.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// EV RDN OIDs // EV RDN OIDs
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 2432 skipping to change at line 2496
// Name attribute value without the Object Identifier // Name attribute value without the Object Identifier
// //
// The interpretation of the Value depends on the dwValueType. // The interpretation of the Value depends on the dwValueType.
// See above for a list of the types. // See above for a list of the types.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_NAME_VALUE { typedef struct _CERT_NAME_VALUE {
DWORD dwValueType; DWORD dwValueType;
CERT_RDN_VALUE_BLOB Value; CERT_RDN_VALUE_BLOB Value;
} CERT_NAME_VALUE, *PCERT_NAME_VALUE; } CERT_NAME_VALUE, *PCERT_NAME_VALUE;
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#pragma region Application Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Public Key Info // Public Key Info
// //
// The PublicKey is the encoded representation of the information as it is // The PublicKey is the encoded representation of the information as it is
// stored in the bit string // stored in the bit string
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT // certenrolls_begin -- CERT_CONTEXT
typedef struct _CERT_PUBLIC_KEY_INFO { typedef struct _CERT_PUBLIC_KEY_INFO {
CRYPT_ALGORITHM_IDENTIFIER Algorithm; CRYPT_ALGORITHM_IDENTIFIER Algorithm;
CRYPT_BIT_BLOB PublicKey; CRYPT_BIT_BLOB PublicKey;
} CERT_PUBLIC_KEY_INFO, *PCERT_PUBLIC_KEY_INFO; } CERT_PUBLIC_KEY_INFO, *PCERT_PUBLIC_KEY_INFO;
// certenrolls_end // certenrolls_end
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) */
#pragma endregion
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
#define CERT_RSA_PUBLIC_KEY_OBJID szOID_RSA_RSA #define CERT_RSA_PUBLIC_KEY_OBJID szOID_RSA_RSA
#define CERT_DEFAULT_OID_PUBLIC_KEY_SIGN szOID_RSA_RSA #define CERT_DEFAULT_OID_PUBLIC_KEY_SIGN szOID_RSA_RSA
#define CERT_DEFAULT_OID_PUBLIC_KEY_XCHG szOID_RSA_RSA #define CERT_DEFAULT_OID_PUBLIC_KEY_XCHG szOID_RSA_RSA
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// ECC Private Key Info
//--------------------------------------------------------------------------
typedef struct _CRYPT_ECC_PRIVATE_KEY_INFO{
DWORD dwVersion; // ecPrivKeyVer1(1)
CRYPT_DER_BLOB PrivateKey; // d
LPSTR szCurveOid; // Optional
CRYPT_BIT_BLOB PublicKey; // Optional (x, y)
} CRYPT_ECC_PRIVATE_KEY_INFO, *PCRYPT_ECC_PRIVATE_KEY_INFO;
#define CRYPT_ECC_PRIVATE_KEY_INFO_v1 1
//+-------------------------------------------------------------------------
// structure that contains all the information in a PKCS#8 PrivateKeyInfo // structure that contains all the information in a PKCS#8 PrivateKeyInfo
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_PRIVATE_KEY_INFO{ typedef struct _CRYPT_PRIVATE_KEY_INFO{
DWORD Version; DWORD Version;
CRYPT_ALGORITHM_IDENTIFIER Algorithm; CRYPT_ALGORITHM_IDENTIFIER Algorithm;
CRYPT_DER_BLOB PrivateKey; CRYPT_DER_BLOB PrivateKey;
PCRYPT_ATTRIBUTES pAttributes; PCRYPT_ATTRIBUTES pAttributes;
} CRYPT_PRIVATE_KEY_INFO, *PCRYPT_PRIVATE_KEY_INFO; } CRYPT_PRIVATE_KEY_INFO, *PCRYPT_PRIVATE_KEY_INFO;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 2485 skipping to change at line 2573
// EncryptedPrivateKey - the encrypted private key blob // EncryptedPrivateKey - the encrypted private key blob
// pClearTextKey - a buffer to receive the clear text // pClearTextKey - a buffer to receive the clear text
// cbClearTextKey - the number of bytes of the pClearTextKey buffer // cbClearTextKey - the number of bytes of the pClearTextKey buffer
// note the if this is zero then this should be // note the if this is zero then this should be
// filled in with the size required to decrypt the // filled in with the size required to decrypt the
// key into, and pClearTextKey should be ignored // key into, and pClearTextKey should be ignored
// pVoidDecryptFunc - this is the pVoid that was passed into the call // pVoidDecryptFunc - this is the pVoid that was passed into the call
// and is preserved and passed back as context // and is preserved and passed back as context
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
typedef BOOL (CALLBACK *PCRYPT_DECRYPT_PRIVATE_KEY_FUNC)( typedef BOOL (CALLBACK *PCRYPT_DECRYPT_PRIVATE_KEY_FUNC)(
__in CRYPT_ALGORITHM_IDENTIFIER Algorithm, _In_ CRYPT_ALGORITHM_IDENTIFIER Algorithm,
__in CRYPT_DATA_BLOB EncryptedPrivateKey, _In_ CRYPT_DATA_BLOB EncryptedPrivateKey,
__out_bcount_opt (*pcbClearTextKey) BYTE* pbClearTextKey, _Out_writes_bytes_opt_ (*pcbClearTextKey) BYTE* pbClearTextKey,
__inout DWORD* pcbClearTextKey, _Inout_ DWORD* pcbClearTextKey,
__in LPVOID pVoidDecryptFunc); _In_ LPVOID pVoidDecryptFunc);
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// this callback is given when creating a PKCS8 EncryptedPrivateKeyInfo. // this callback is given when creating a PKCS8 EncryptedPrivateKeyInfo.
// The caller is then expected to encrypt the private key and hand back // The caller is then expected to encrypt the private key and hand back
// the encrypted contents. // the encrypted contents.
// //
// the parameters are: // the parameters are:
// Algorithm - the algorithm used to encrypt the PrivateKeyInfo // Algorithm - the algorithm used to encrypt the PrivateKeyInfo
// pClearTextPrivateKey - the cleartext private key to be encrypted // pClearTextPrivateKey - the cleartext private key to be encrypted
// pbEncryptedKey - the output encrypted private key blob // pbEncryptedKey - the output encrypted private key blob
// cbEncryptedKey - the number of bytes of the pbEncryptedKey buffer // cbEncryptedKey - the number of bytes of the pbEncryptedKey buffer
// note the if this is zero then this should be // note the if this is zero then this should be
// filled in with the size required to encrypt the // filled in with the size required to encrypt the
// key into, and pbEncryptedKey should be ignored // key into, and pbEncryptedKey should be ignored
// pVoidEncryptFunc - this is the pVoid that was passed into the call // pVoidEncryptFunc - this is the pVoid that was passed into the call
// and is preserved and passed back as context // and is preserved and passed back as context
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
typedef BOOL (CALLBACK *PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC)( typedef BOOL (CALLBACK *PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC)(
__out CRYPT_ALGORITHM_IDENTIFIER* pAlgorithm, _Out_ CRYPT_ALGORITHM_IDENTIFIER* pAlgorithm,
__in CRYPT_DATA_BLOB* pClearTextPrivateKey, _In_ CRYPT_DATA_BLOB* pClearTextPrivateKey,
__out_bcount_opt (*pcbEncryptedKey) BYTE* pbEncryptedKey, _Out_writes_bytes_opt_ (*pcbEncryptedKey) BYTE* pbEncryptedKey,
__inout DWORD* pcbEncryptedKey, _Inout_ DWORD* pcbEncryptedKey,
__in LPVOID pVoidEncryptFunc); _In_ LPVOID pVoidEncryptFunc);
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// this callback is given from the context of a ImportPKCS8 calls. the caller // this callback is given from the context of a ImportPKCS8 calls. the caller
// is then expected to hand back an HCRYPTPROV to receive the key being imported // is then expected to hand back an HCRYPTPROV to receive the key being imported
// //
// the parameters are: // the parameters are:
// pPrivateKeyInfo - pointer to a CRYPT_PRIVATE_KEY_INFO structure which // pPrivateKeyInfo - pointer to a CRYPT_PRIVATE_KEY_INFO structure which
// describes the key being imported // describes the key being imported
// EncryptedPrivateKey - the encrypted private key blob // EncryptedPrivateKey - the encrypted private key blob
// phCryptProv - a pointer to a HCRRYPTPROV to be filled in // phCryptProv - a pointer to a HCRRYPTPROV to be filled in
skipping to change at line 2564 skipping to change at line 2652
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
typedef struct _CRYPT_PKCS8_EXPORT_PARAMS{ typedef struct _CRYPT_PKCS8_EXPORT_PARAMS{
HCRYPTPROV hCryptProv; HCRYPTPROV hCryptProv;
DWORD dwKeySpec; DWORD dwKeySpec;
LPSTR pszPrivateKeyObjId; LPSTR pszPrivateKeyObjId;
PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC pEncryptPrivateKeyFunc; PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC pEncryptPrivateKeyFunc;
LPVOID pVoidEncryptFunc; LPVOID pVoidEncryptFunc;
} CRYPT_PKCS8_EXPORT_PARAMS, *PCRYPT_PKCS8_EXPORT_PARAMS; } CRYPT_PKCS8_EXPORT_PARAMS, *PCRYPT_PKCS8_EXPORT_PARAMS;
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#pragma region Application Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Information stored in a certificate // Information stored in a certificate
// //
// The Issuer, Subject, Algorithm, PublicKey and Extension BLOBs are the // The Issuer, Subject, Algorithm, PublicKey and Extension BLOBs are the
// encoded representation of the information. // encoded representation of the information.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// certenrolls_begin -- CERT_CONTEXT // certenrolls_begin -- CERT_CONTEXT
typedef struct _CERT_INFO { typedef struct _CERT_INFO {
DWORD dwVersion; DWORD dwVersion;
CRYPT_INTEGER_BLOB SerialNumber; CRYPT_INTEGER_BLOB SerialNumber;
skipping to change at line 2587 skipping to change at line 2681
FILETIME NotAfter; FILETIME NotAfter;
CERT_NAME_BLOB Subject; CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo; CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
CRYPT_BIT_BLOB IssuerUniqueId; CRYPT_BIT_BLOB IssuerUniqueId;
CRYPT_BIT_BLOB SubjectUniqueId; CRYPT_BIT_BLOB SubjectUniqueId;
DWORD cExtension; DWORD cExtension;
PCERT_EXTENSION rgExtension; PCERT_EXTENSION rgExtension;
} CERT_INFO, *PCERT_INFO; } CERT_INFO, *PCERT_INFO;
// certenrolls_end // certenrolls_end
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) */
#pragma endregion
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate versions // Certificate versions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_V1 0 #define CERT_V1 0
#define CERT_V2 1 #define CERT_V2 1
#define CERT_V3 2 #define CERT_V3 2
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Information Flags // Certificate Information Flags
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 2654 skipping to change at line 2754
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Bundle // Certificate Bundle
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_BUNDLE_CERTIFICATE 0 #define CERT_BUNDLE_CERTIFICATE 0
#define CERT_BUNDLE_CRL 1 #define CERT_BUNDLE_CRL 1
typedef struct _CERT_OR_CRL_BLOB { typedef struct _CERT_OR_CRL_BLOB {
DWORD dwChoice; DWORD dwChoice;
DWORD cbEncoded; DWORD cbEncoded;
__field_bcount(cbEncoded) _Field_size_bytes_(cbEncoded)
BYTE *pbEncoded; BYTE *pbEncoded;
} CERT_OR_CRL_BLOB, * PCERT_OR_CRL_BLOB; } CERT_OR_CRL_BLOB, * PCERT_OR_CRL_BLOB;
typedef struct _CERT_OR_CRL_BUNDLE { typedef struct _CERT_OR_CRL_BUNDLE {
DWORD cItem; DWORD cItem;
__field_ecount(cItem) _Field_size_(cItem)
PCERT_OR_CRL_BLOB rgItem; PCERT_OR_CRL_BLOB rgItem;
} CERT_OR_CRL_BUNDLE, *PCERT_OR_CRL_BUNDLE; } CERT_OR_CRL_BUNDLE, *PCERT_OR_CRL_BUNDLE;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Information stored in a certificate request // Information stored in a certificate request
// //
// The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded // The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded
// representation of the information. // representation of the information.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_REQUEST_INFO { typedef struct _CERT_REQUEST_INFO {
skipping to change at line 2831 skipping to change at line 2931
// on a seperate line. // on a seperate line.
// //
// If there is no formatting routine installed or registered // If there is no formatting routine installed or registered
// for the lpszStructType, the hex dump of the encoded BLOB will be returned. // for the lpszStructType, the hex dump of the encoded BLOB will be returned.
// User can set the flag CRYPT_FORMAT_STR_NO_HEX to disable the hex dump. // User can set the flag CRYPT_FORMAT_STR_NO_HEX to disable the hex dump.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptFormatObject( CryptFormatObject(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in DWORD dwFormatType, _In_ DWORD dwFormatType,
__in DWORD dwFormatStrType, _In_ DWORD dwFormatStrType,
__in_opt void *pFormatStruct, _In_opt_ void *pFormatStruct,
__in_opt LPCSTR lpszStructType, _In_opt_ LPCSTR lpszStructType,
__in_bcount(cbEncoded) const BYTE *pbEncoded, _In_reads_bytes_(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, _In_ DWORD cbEncoded,
__out_bcount_part_opt(*pcbFormat, *pcbFormat) __typefix(WCHAR *) void *pbFor _At_((WCHAR *)pbFormat, _Out_writes_bytes_to_opt_(*pcbFormat, *pcbFormat)) v
mat, oid *pbFormat,
__inout DWORD *pcbFormat _Inout_ DWORD *pcbFormat
); );
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
// constants for dwFormatStrType of function CryptFormatObject // constants for dwFormatStrType of function CryptFormatObject
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
#define CRYPT_FORMAT_STR_MULTI_LINE 0x0001 #define CRYPT_FORMAT_STR_MULTI_LINE 0x0001
#define CRYPT_FORMAT_STR_NO_HEX 0x0010 #define CRYPT_FORMAT_STR_NO_HEX 0x0010
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
// constants for dwFormatType of function CryptFormatObject // constants for dwFormatType of function CryptFormatObject
// when format X509_NAME or X509_UNICODE_NAME // when format X509_NAME or X509_UNICODE_NAME
skipping to change at line 2909 skipping to change at line 3009
#define CRYPT_FORMAT_CRLF CRYPT_FORMAT_RDN_CRLF #define CRYPT_FORMAT_CRLF CRYPT_FORMAT_RDN_CRLF
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Encode / decode the specified data structure according to the certificate // Encode / decode the specified data structure according to the certificate
// encoding type. // encoding type.
// //
// See below for a list of the predefined data structures. // See below for a list of the predefined data structures.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef LPVOID (WINAPI *PFN_CRYPT_ALLOC)( typedef LPVOID (WINAPI *PFN_CRYPT_ALLOC)(
__in size_t cbSize _In_ size_t cbSize
); );
typedef VOID (WINAPI *PFN_CRYPT_FREE)( typedef VOID (WINAPI *PFN_CRYPT_FREE)(
__in LPVOID pv _In_ LPVOID pv
); );
typedef struct _CRYPT_ENCODE_PARA { typedef struct _CRYPT_ENCODE_PARA {
DWORD cbSize; DWORD cbSize;
PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL
PFN_CRYPT_FREE pfnFree; // OPTIONAL PFN_CRYPT_FREE pfnFree; // OPTIONAL
} CRYPT_ENCODE_PARA, *PCRYPT_ENCODE_PARA; } CRYPT_ENCODE_PARA, *PCRYPT_ENCODE_PARA;
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEncodeObjectEx( CryptEncodeObjectEx(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in LPCSTR lpszStructType, _In_ LPCSTR lpszStructType,
__in const void *pvStructInfo, _In_ const void *pvStructInfo,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt PCRYPT_ENCODE_PARA pEncodePara, _In_opt_ PCRYPT_ENCODE_PARA pEncodePara,
__out_opt void *pvEncoded, _Out_opt_ void *pvEncoded,
__inout DWORD *pcbEncoded _Inout_ DWORD *pcbEncoded
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEncodeObject( CryptEncodeObject(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in LPCSTR lpszStructType, _In_ LPCSTR lpszStructType,
__in const void *pvStructInfo, _In_ const void *pvStructInfo,
__out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded, _Out_writes_bytes_to_opt_(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
__inout DWORD *pcbEncoded _Inout_ DWORD *pcbEncoded
); );
// By default the signature bytes are reversed. The following flag can // By default the signature bytes are reversed. The following flag can
// be set to inhibit the byte reversal. // be set to inhibit the byte reversal.
// //
// This flag is applicable to // This flag is applicable to
// X509_CERT_TO_BE_SIGNED // X509_CERT_TO_BE_SIGNED
#define CRYPT_ENCODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG 0x8 #define CRYPT_ENCODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG 0x8
// When the following flag is set the called encode function allocates // When the following flag is set the called encode function allocates
skipping to change at line 3002 skipping to change at line 3102
// The following flag is applicable when encoding the PKCS_SORTED_CTL. This // The following flag is applicable when encoding the PKCS_SORTED_CTL. This
// flag should be set if the identifier for the TrustedSubjects is a hash, // flag should be set if the identifier for the TrustedSubjects is a hash,
// such as, MD5 or SHA1. // such as, MD5 or SHA1.
#define CRYPT_SORTED_CTL_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x10000 #define CRYPT_SORTED_CTL_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x10000
// The following flag is applicable when encoding structures that require // The following flag is applicable when encoding structures that require
// IA5String encoding of host name(in DNS Name/ URL/ EmailAddress) containing // IA5String encoding of host name(in DNS Name/ URL/ EmailAddress) containing
// non-IA5 characters by encoding the host name in punycode first. // non-IA5 characters by encoding the host name in punycode first.
#define CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG 0x20000 #define CRYPT_ENCODE_ENABLE_PUNYCODE_FLAG 0x20000
// The following flag is applicable when encoding structures that require
// IA5String encoding of a path (http URL/Ldap query) containing non-IA5
// characters by encoding the path part as UTF8 percent encoding.
#define CRYPT_ENCODE_ENABLE_UTF8PERCENT_FLAG 0x40000
// The following flag is applicable when encoding structures that require
// IA5String encoding of the host name (URL) and path. If the data to be encoded
// contains non-IA5 characters then using this flag in during encoding will caus
e
// the hostname to be punycode and the path as UTF8-percent encoding
// For example: http://www.zzzzzz.com/yyyyy/qqqqq/rrrrrr.sssss
// If zzzzzz contains non-IA5 characters then using this flag will punycode
// encode the zzzzzz component.
// If yyyyy or qqqqq or rrrrrr or sssss contain non-IA5 characters then using
// this flag will UTF8 percent encode those characters which are not IA5.
#define CRYPT_ENCODE_ENABLE_IA5CONVERSION_FLAG (CRYPT_ENCODE_ENABLE_PUNYCODE_FLA
G | CRYPT_ENCODE_ENABLE_UTF8PERCENT_FLAG)
typedef struct _CRYPT_DECODE_PARA { typedef struct _CRYPT_DECODE_PARA {
DWORD cbSize; DWORD cbSize;
PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL
PFN_CRYPT_FREE pfnFree; // OPTIONAL PFN_CRYPT_FREE pfnFree; // OPTIONAL
} CRYPT_DECODE_PARA, *PCRYPT_DECODE_PARA; } CRYPT_DECODE_PARA, *PCRYPT_DECODE_PARA;
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecodeObjectEx( CryptDecodeObjectEx(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in LPCSTR lpszStructType, _In_ LPCSTR lpszStructType,
__in_bcount(cbEncoded) const BYTE *pbEncoded, _In_reads_bytes_(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, _In_ DWORD cbEncoded,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt PCRYPT_DECODE_PARA pDecodePara, _In_opt_ PCRYPT_DECODE_PARA pDecodePara,
__out_opt void *pvStructInfo, _Out_opt_ void *pvStructInfo,
__inout DWORD *pcbStructInfo _Inout_ DWORD *pcbStructInfo
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecodeObject( CryptDecodeObject(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in LPCSTR lpszStructType, _In_ LPCSTR lpszStructType,
__in_bcount(cbEncoded) const BYTE *pbEncoded, _In_reads_bytes_(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, _In_ DWORD cbEncoded,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbStructInfo, *pcbStructInfo) void *pvStructInfo, _Out_writes_bytes_to_opt_(*pcbStructInfo, *pcbStructInfo) void *pvStructInfo
__inout DWORD *pcbStructInfo ,
_Inout_ DWORD *pcbStructInfo
); );
// When the following flag is set the nocopy optimization is enabled. // When the following flag is set the nocopy optimization is enabled.
// This optimization where appropriate, updates the pvStructInfo fields // This optimization where appropriate, updates the pvStructInfo fields
// to point to content residing within pbEncoded instead of making a copy // to point to content residing within pbEncoded instead of making a copy
// of and appending to pvStructInfo. // of and appending to pvStructInfo.
// //
// Note, when set, pbEncoded can't be freed until pvStructInfo is freed. // Note, when set, pbEncoded can't be freed until pvStructInfo is freed.
#define CRYPT_DECODE_NOCOPY_FLAG 0x1 #define CRYPT_DECODE_NOCOPY_FLAG 0x1
skipping to change at line 3096 skipping to change at line 3212
// Setting this flag skips the initial attempt to decode as UTF8. // Setting this flag skips the initial attempt to decode as UTF8.
#define CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG \ #define CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG \
CERT_RDN_DISABLE_IE4_UTF8_FLAG CERT_RDN_DISABLE_IE4_UTF8_FLAG
// The following flag is applicable when decoding structures that contain // The following flag is applicable when decoding structures that contain
// IA5String encoding of punycode encoded host name (in DNS Name/ URL/ // IA5String encoding of punycode encoded host name (in DNS Name/ URL/
// EmailAddress). Decoded value contains the the unicode equivalent of // EmailAddress). Decoded value contains the the unicode equivalent of
// punycode encoded data. // punycode encoded data.
#define CRYPT_DECODE_ENABLE_PUNYCODE_FLAG 0x02000000 #define CRYPT_DECODE_ENABLE_PUNYCODE_FLAG 0x02000000
// The following flag is applicable when decoding structures that contain
// IA5String that is UTF8 percent encoded in the path part of a url.
#define CRYPT_DECODE_ENABLE_UTF8PERCENT_FLAG 0x04000000
// The following flag is applicable when decoding structures that contain
// an IA5String that is a punycode and UTF8-percent encoded host name and path (
URL). The decoded
// value contains the Unicode equivalent of the punycode encoded host name and U
TF8 percent
// encoded path.
#define CRYPT_DECODE_ENABLE_IA5CONVERSION_FLAG (CRYPT_DECODE_ENABLE_PUNYCODE_FLA
G | CRYPT_DECODE_ENABLE_UTF8PERCENT_FLAG)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Predefined X509 certificate data structures that can be encoded / decoded. // Predefined X509 certificate data structures that can be encoded / decoded.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_ENCODE_DECODE_NONE 0 #define CRYPT_ENCODE_DECODE_NONE 0
#define X509_CERT ((LPCSTR) 1) #define X509_CERT ((LPCSTR) 1)
#define X509_CERT_TO_BE_SIGNED ((LPCSTR) 2) #define X509_CERT_TO_BE_SIGNED ((LPCSTR) 2)
#define X509_CERT_CRL_TO_BE_SIGNED ((LPCSTR) 3) #define X509_CERT_CRL_TO_BE_SIGNED ((LPCSTR) 3)
#define X509_CERT_REQUEST_TO_BE_SIGNED ((LPCSTR) 4) #define X509_CERT_REQUEST_TO_BE_SIGNED ((LPCSTR) 4)
#define X509_EXTENSIONS ((LPCSTR) 5) #define X509_EXTENSIONS ((LPCSTR) 5)
#define X509_NAME_VALUE ((LPCSTR) 6) #define X509_NAME_VALUE ((LPCSTR) 6)
skipping to change at line 3273 skipping to change at line 3399
#define TIMESTAMP_REQUEST ((LPCSTR) 78) #define TIMESTAMP_REQUEST ((LPCSTR) 78)
#define TIMESTAMP_RESPONSE ((LPCSTR) 79) #define TIMESTAMP_RESPONSE ((LPCSTR) 79)
#define TIMESTAMP_INFO ((LPCSTR) 80) #define TIMESTAMP_INFO ((LPCSTR) 80)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CertificateBundle // CertificateBundle
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define X509_CERT_BUNDLE ((LPCSTR) 81) #define X509_CERT_BUNDLE ((LPCSTR) 81)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// ECC Keys
//--------------------------------------------------------------------------
#define X509_ECC_PRIVATE_KEY ((LPCSTR) 82) // CRYPT_ECC_PRIVATE
_KEY_INFO
#define CNG_RSA_PRIVATE_KEY_BLOB ((LPCSTR) 83) // BCRYPT_RSAKEY_BLO
B
//+-------------------------------------------------------------------------
// Subject Directory Attributes extension
//--------------------------------------------------------------------------
#define X509_SUBJECT_DIR_ATTRS ((LPCSTR) 84)
//+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded. // Predefined PKCS #7 data structures that can be encoded / decoded.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define PKCS7_SIGNER_INFO ((LPCSTR) 500) #define PKCS7_SIGNER_INFO ((LPCSTR) 500)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded. // Predefined PKCS #7 data structures that can be encoded / decoded.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMS_SIGNER_INFO ((LPCSTR) 501) #define CMS_SIGNER_INFO ((LPCSTR) 501)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 3378 skipping to change at line 3516
// serialized serial numbers for PRS // serialized serial numbers for PRS
#ifndef szOID_SERIALIZED #ifndef szOID_SERIALIZED
#define szOID_SERIALIZED "1.3.6.1.4.1.311.10.3.3.1" #define szOID_SERIALIZED "1.3.6.1.4.1.311.10.3.3.1"
#endif #endif
// UPN principal name in SubjectAltName // UPN principal name in SubjectAltName
#ifndef szOID_NT_PRINCIPAL_NAME #ifndef szOID_NT_PRINCIPAL_NAME
#define szOID_NT_PRINCIPAL_NAME "1.3.6.1.4.1.311.20.2.3" #define szOID_NT_PRINCIPAL_NAME "1.3.6.1.4.1.311.20.2.3"
#endif #endif
// Internationalized Email Address in SubjectAltName (OtherName:UTF8)
#ifndef szOID_INTERNATIONALIZED_EMAIL_ADDRESS
#define szOID_INTERNATIONALIZED_EMAIL_ADDRESS "1.3.6.1.4.1.311.20.2.4"
#endif
// Windows product update unauthenticated attribute // Windows product update unauthenticated attribute
#ifndef szOID_PRODUCT_UPDATE #ifndef szOID_PRODUCT_UPDATE
#define szOID_PRODUCT_UPDATE "1.3.6.1.4.1.311.31.1" #define szOID_PRODUCT_UPDATE "1.3.6.1.4.1.311.31.1"
#endif #endif
// CryptUI // CryptUI
#define szOID_ANY_APPLICATION_POLICY "1.3.6.1.4.1.311.10.12.1" #define szOID_ANY_APPLICATION_POLICY "1.3.6.1.4.1.311.10.12.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Object Identifiers for use with Auto Enrollment // Object Identifiers for use with Auto Enrollment
skipping to change at line 3462 skipping to change at line 3605
#define szOID_REQUEST_CLIENT_INFO "1.3.6.1.4.1.311.21.20" #define szOID_REQUEST_CLIENT_INFO "1.3.6.1.4.1.311.21.20"
#define szOID_ENCRYPTED_KEY_HASH "1.3.6.1.4.1.311.21.21" #define szOID_ENCRYPTED_KEY_HASH "1.3.6.1.4.1.311.21.21"
#define szOID_CERTSRV_CROSSCA_VERSION "1.3.6.1.4.1.311.21.22" #define szOID_CERTSRV_CROSSCA_VERSION "1.3.6.1.4.1.311.21.22"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Object Identifiers for use with the MS Directory Service // Object Identifiers for use with the MS Directory Service
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define szOID_NTDS_REPLICATION "1.3.6.1.4.1.311.25.1" #define szOID_NTDS_REPLICATION "1.3.6.1.4.1.311.25.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Extension Object Identifiers (currently not implemented) // Extension Object Identifiers
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define szOID_SUBJECT_DIR_ATTRS "2.5.29.9" #define szOID_SUBJECT_DIR_ATTRS "2.5.29.9"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enhanced Key Usage (Purpose) Object Identifiers // Enhanced Key Usage (Purpose) Object Identifiers
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define szOID_PKIX_KP "1.3.6.1.5.5.7.3" #define szOID_PKIX_KP "1.3.6.1.5.5.7.3"
// Consistent key usage bits: DIGITAL_SIGNATURE, KEY_ENCIPHERMENT // Consistent key usage bits: DIGITAL_SIGNATURE, KEY_ENCIPHERMENT
// or KEY_AGREEMENT // or KEY_AGREEMENT
skipping to change at line 3600 skipping to change at line 3743
#ifndef szOID_LICENSE_SERVER #ifndef szOID_LICENSE_SERVER
#define szOID_LICENSE_SERVER "1.3.6.1.4.1.311.10.6.2" #define szOID_LICENSE_SERVER "1.3.6.1.4.1.311.10.6.2"
#endif #endif
#ifndef szOID_KP_SMARTCARD_LOGON #ifndef szOID_KP_SMARTCARD_LOGON
#define szOID_KP_SMARTCARD_LOGON "1.3.6.1.4.1.311.20.2.2" #define szOID_KP_SMARTCARD_LOGON "1.3.6.1.4.1.311.20.2.2"
#endif #endif
#define szOID_KP_KERNEL_MODE_CODE_SIGNING "1.3.6.1.4.1.311.61.1.1" #define szOID_KP_KERNEL_MODE_CODE_SIGNING "1.3.6.1.4.1.311.61.1.1"
#define szOID_KP_KERNEL_MODE_TRUSTED_BOOT_SIGNING "1.3.6.1.4.1.311.61.4.1"
// Signer of CRL // Signer of CRL
#define szOID_REVOKED_LIST_SIGNER "1.3.6.1.4.1.311.10.3.19" #define szOID_REVOKED_LIST_SIGNER "1.3.6.1.4.1.311.10.3.19"
// Signer of Kits-built code
#define szOID_WINDOWS_KITS_SIGNER "1.3.6.1.4.1.311.10.3.20"
// Signer of Windows RT code
#define szOID_WINDOWS_RT_SIGNER "1.3.6.1.4.1.311.10.3.21"
// Signer of Protected Process Light code
#define szOID_PROTECTED_PROCESS_LIGHT_SIGNER "1.3.6.1.4.1.311.10.3.22"
// Signer of Windows TCB code
#define szOID_WINDOWS_TCB_SIGNER "1.3.6.1.4.1.311.10.3.23"
// Signer of Protected Process code
#define szOID_PROTECTED_PROCESS_SIGNER "1.3.6.1.4.1.311.10.3.24"
// Signer of third-party components that are Windows in box
#define szOID_WINDOWS_THIRD_PARTY_COMPONENT_SIGNER "1.3.6.1.4.1.311.10.3.25"
// Signed by the Windows Software Portal
#define szOID_WINDOWS_SOFTWARE_EXTENSION_SIGNER "1.3.6.1.4.1.311.10.3.26"
// CTL containing disallowed entries
#define szOID_DISALLOWED_LIST "1.3.6.1.4.1.311.10.3.30"
// The following extension is set in the disallowed CTL to trigger
// a quicker sync of the autorootupdate CTL
#define szOID_SYNC_ROOT_CTL_EXT "1.3.6.1.4.1.311.10.3.50"
// HAL Extensions
#define szOID_KP_KERNEL_MODE_HAL_EXTENSION_SIGNING "1.3.6.1.4.1.311.61.5.1"
// Signer of Windows Store applications
#define szOID_WINDOWS_STORE_SIGNER "1.3.6.1.4.1.311.76.3.1"
// Signer of dynamic code generators
#define szOID_DYNAMIC_CODE_GEN_SIGNER "1.3.6.1.4.1.311.76.5.1"
// Signer of Microsoft code
#define szOID_MICROSOFT_PUBLISHER_SIGNER "1.3.6.1.4.1.311.76.8.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Microsoft Attribute Object Identifiers // Microsoft Attribute Object Identifiers
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
#define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1" #define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Qualifiers that may be part of the szOID_CERT_POLICIES and // Qualifiers that may be part of the szOID_CERT_POLICIES and
// szOID_CERT_POLICIES95 extensions // szOID_CERT_POLICIES95 extensions
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
#define szOID_PKIX_POLICY_QUALIFIER_CPS "1.3.6.1.5.5.7.2.1" #define szOID_PKIX_POLICY_QUALIFIER_CPS "1.3.6.1.5.5.7.2.1"
skipping to change at line 3644 skipping to change at line 3829
// meets Root Program Requirements for display. // meets Root Program Requirements for display.
#define CERT_ROOT_PROGRAM_FLAG_OU 0x10 #define CERT_ROOT_PROGRAM_FLAG_OU 0x10
// Validation of the address field in the subject name meets Root // Validation of the address field in the subject name meets Root
// Program Requirements for display. // Program Requirements for display.
#define CERT_ROOT_PROGRAM_FLAG_ADDRESS 0x08 #define CERT_ROOT_PROGRAM_FLAG_ADDRESS 0x08
// OID for old qualifer // OID for old qualifer
#define szOID_CERT_POLICIES_95_QUALIFIER1 "2.16.840.1.113733.1.7.1.1 " #define szOID_CERT_POLICIES_95_QUALIFIER1 "2.16.840.1.113733.1.7.1.1 "
//+=========================================================================
// TPM Object Identifiers
//-=========================================================================
// Subject Alt Name Directory Name RDNs
#define szOID_RDN_TPM_MANUFACTURER "2.23.133.2.1"
#define szOID_RDN_TPM_MODEL "2.23.133.2.2"
#define szOID_RDN_TPM_VERSION "2.23.133.2.3"
// TPM Manufacturer ASCII Hex Strings
// AMD "AMD" 0x41 0x4D 0x44 0x00
// Atmel "ATML" 0x41 0x54 0x4D 0x4C
// Broadcom "BRCM" 0x42 0x52 0x43 0x4D
// IBM "IBM" 0x49 0x42 0x4d 0x00
// Infineon "IFX" 0x49 0x46 0x58 0x00
// Intel "INTC" 0x49 0x4E 0x54 0x43
// Lenovo "LEN" 0x4C 0x45 0x4E 0x00
// National Semiconductor "NSM " 0x4E 0x53 0x4D 0x20
// Qualcomm "QCOM" 0x51 0x43 0x4F 0x4D
// SMSC "SMSC" 0x53 0x4D 0x53 0x43
// ST Microelectronics "STM " 0x53 0x54 0x4D 0x20
// Samsung "SMSN" 0x53 0x4D 0x53 0x4E
// Sinosun "SNS" 0x53 0x4E 0x53 0x00
// Texas Instruments "TXN" 0x54 0x58 0x4E 0x00
// Winbond "WEC" 0x57 0x45 0x43 0x00
//
// Obtained from: http://www.trustedcomputinggroup.org/files/static_page_files/B
4D74EEA-1A4B-B294-D022691CD8A6FD41/Vendor_ID_Registry_0.5_clean.pdf
// pkcs10 attributes
#define szOID_ENROLL_EK_INFO "1.3.6.1.4.1.311.21.23"
#define szOID_ENROLL_ATTESTATION_STATEMENT "1.3.6.1.4.1.311.21.24"
#define szOID_ENROLL_KSP_NAME "1.3.6.1.4.1.311.21.25" // pkcs10 an
d cmc full response
// ksp_name
encoded as a unicode
// string. S
ee CERT_RDN_UNICODE_STRING.
// on CERT_N
AME_VALUE structure. It
// must be n
ull terminated.
// CMC Full Response Tagged Attributes
#define szOID_ENROLL_EKPUB_CHALLENGE "1.3.6.1.4.1.311.21.26"
#define szOID_ENROLL_CAXCHGCERT_HASH "1.3.6.1.4.1.311.21.27"
#define szOID_ENROLL_ATTESTATION_CHALLENGE "1.3.6.1.4.1.311.21.28"
#define szOID_ENROLL_ENCRYPTION_ALGORITHM "1.3.6.1.4.1.311.21.29" // algorithm
oid
// TPM certificate EKU OIDs
#define szOID_KP_TPM_EK_CERTIFICATE "2.23.133.8.1"
#define szOID_KP_TPM_PLATFORM_CERTIFICATE "2.23.133.8.2"
#define szOID_KP_TPM_AIK_CERTIFICATE "2.23.133.8.3"
// EK validation Issuance Policy OIDs
#define szOID_ENROLL_EKVERIFYKEY "1.3.6.1.4.1.311.21.30"
#define szOID_ENROLL_EKVERIFYCERT "1.3.6.1.4.1.311.21.31"
#define szOID_ENROLL_EKVERIFYCREDS "1.3.6.1.4.1.311.21.32"
// Signed decimal string encoded as a Printable String
#define szOID_ENROLL_SCEP_ERROR "1.3.6.1.4.1.311.21.33"
// Subject Directory Attributes
#define szOID_ATTR_SUPPORTED_ALGORITHMS "2.5.4.52"
#define szOID_ATTR_TPM_SPECIFICATION "2.23.133.2.16"
#define szOID_ATTR_TPM_SECURITY_ASSERTIONS "2.23.133.2.18"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// X509_CERT // X509_CERT
// //
// The "to be signed" encoded content plus its signature. The ToBeSigned // The "to be signed" encoded content plus its signature. The ToBeSigned
// content is the CryptEncodeObject() output for one of the following: // content is the CryptEncodeObject() output for one of the following:
// X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or // X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or
// X509_CERT_REQUEST_TO_BE_SIGNED. // X509_CERT_REQUEST_TO_BE_SIGNED.
// //
// pvStructInfo points to CERT_SIGNED_CONTENT_INFO. // pvStructInfo points to CERT_SIGNED_CONTENT_INFO.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 4189 skipping to change at line 4435
// pvStructInfo points to a CRYPT_ATTRIBUTE. // pvStructInfo points to a CRYPT_ATTRIBUTE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PKCS_ATTRIBUTES data structure // PKCS_ATTRIBUTES data structure
// //
// pvStructInfo points to a CRYPT_ATTRIBUTES. // pvStructInfo points to a CRYPT_ATTRIBUTES.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// szOID_SUBJECT_DIR_ATTRS
// X509_SUBJECT_DIR_ATTRS
//
// pvStructInfo points to a CRYPT_ATTRIBUTES.
//
// Encoded as a "SEQUENCE OF" instead of "SET OF"
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// PKCS_CONTENT_INFO_SEQUENCE_OF_ANY data structure // PKCS_CONTENT_INFO_SEQUENCE_OF_ANY data structure
// //
// pvStructInfo points to following CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY. // pvStructInfo points to following CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY.
// //
// For X509_ASN_ENCODING: encoded as a PKCS#7 ContentInfo structure wrapping // For X509_ASN_ENCODING: encoded as a PKCS#7 ContentInfo structure wrapping
// a sequence of ANY. The value of the contentType field is pszObjId, // a sequence of ANY. The value of the contentType field is pszObjId,
// while the content field is the following structure: // while the content field is the following structure:
// SequenceOfAny ::= SEQUENCE OF ANY // SequenceOfAny ::= SEQUENCE OF ANY
// //
// The CRYPT_DER_BLOBs point to the already encoded ANY content. // The CRYPT_DER_BLOBs point to the already encoded ANY content.
skipping to change at line 4906 skipping to change at line 5161
// Octet String containing IA5 string: lower case 32 char hex string // Octet String containing IA5 string: lower case 32 char hex string
#define szOID_VERISIGN_ONSITE_JURISDICTION_HASH "2.16.840.1.113733.1.6.11" #define szOID_VERISIGN_ONSITE_JURISDICTION_HASH "2.16.840.1.113733.1.6.11"
// Octet String containing Bit string // Octet String containing Bit string
#define szOID_VERISIGN_BITSTRING_6_13 "2.16.840.1.113733.1.6.13" #define szOID_VERISIGN_BITSTRING_6_13 "2.16.840.1.113733.1.6.13"
// EKU // EKU
#define szOID_VERISIGN_ISS_STRONG_CRYPTO "2.16.840.1.113733.1.8.1" #define szOID_VERISIGN_ISS_STRONG_CRYPTO "2.16.840.1.113733.1.8.1"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verisign SCEP Signed Pkcs7 authenticated attribute Object Identifiers
//--------------------------------------------------------------------------
// Signed decimal strings encoded as Printable String
#define szOIDVerisign_MessageType "2.16.840.1.113733.1.9.2"
#define szOIDVerisign_PkiStatus "2.16.840.1.113733.1.9.3"
#define szOIDVerisign_FailInfo "2.16.840.1.113733.1.9.4"
// Binary data encoded as Octet String
#define szOIDVerisign_SenderNonce "2.16.840.1.113733.1.9.5"
#define szOIDVerisign_RecipientNonce "2.16.840.1.113733.1.9.6"
// Binary data converted to hexadecimal string and encoded as Printable String
#define szOIDVerisign_TransactionID "2.16.840.1.113733.1.9.7"
//+-------------------------------------------------------------------------
// Netscape Certificate Extension Object Identifiers // Netscape Certificate Extension Object Identifiers
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define szOID_NETSCAPE "2.16.840.1.113730" #define szOID_NETSCAPE "2.16.840.1.113730"
#define szOID_NETSCAPE_CERT_EXTENSION "2.16.840.1.113730.1" #define szOID_NETSCAPE_CERT_EXTENSION "2.16.840.1.113730.1"
#define szOID_NETSCAPE_CERT_TYPE "2.16.840.1.113730.1.1" #define szOID_NETSCAPE_CERT_TYPE "2.16.840.1.113730.1.1"
#define szOID_NETSCAPE_BASE_URL "2.16.840.1.113730.1.2" #define szOID_NETSCAPE_BASE_URL "2.16.840.1.113730.1.2"
#define szOID_NETSCAPE_REVOCATION_URL "2.16.840.1.113730.1.3" #define szOID_NETSCAPE_REVOCATION_URL "2.16.840.1.113730.1.3"
#define szOID_NETSCAPE_CA_REVOCATION_URL "2.16.840.1.113730.1.4" #define szOID_NETSCAPE_CA_REVOCATION_URL "2.16.840.1.113730.1.4"
#define szOID_NETSCAPE_CERT_RENEWAL_URL "2.16.840.1.113730.1.7" #define szOID_NETSCAPE_CERT_RENEWAL_URL "2.16.840.1.113730.1.7"
#define szOID_NETSCAPE_CA_POLICY_URL "2.16.840.1.113730.1.8" #define szOID_NETSCAPE_CA_POLICY_URL "2.16.840.1.113730.1.8"
skipping to change at line 5631 skipping to change at line 5902
DWORD cExtension; DWORD cExtension;
PCERT_EXTENSION rgExtension; PCERT_EXTENSION rgExtension;
} OCSP_BASIC_RESPONSE_INFO, *POCSP_BASIC_RESPONSE_INFO; } OCSP_BASIC_RESPONSE_INFO, *POCSP_BASIC_RESPONSE_INFO;
#define OCSP_BASIC_RESPONSE_V1 0 #define OCSP_BASIC_RESPONSE_V1 0
#define OCSP_BASIC_BY_NAME_RESPONDER_ID 1 #define OCSP_BASIC_BY_NAME_RESPONDER_ID 1
#define OCSP_BASIC_BY_KEY_RESPONDER_ID 2 #define OCSP_BASIC_BY_KEY_RESPONDER_ID 2
//+========================================================================= //+=========================================================================
// TPM CryptEncodeObject/CryptDecodeObject Data Structures
//==========================================================================
//+-------------------------------------------------------------------------
// szOID_ATTR_SUPPORTED_ALGORITHMS
//
// pvStructInfo points to following CERT_SUPPORTED_ALGORITHM_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_SUPPORTED_ALGORITHM_INFO {
CRYPT_ALGORITHM_IDENTIFIER Algorithm;
CRYPT_BIT_BLOB IntendedKeyUsage; // OPTIONAL
CERT_POLICIES_INFO IntendedCertPolicies; // OPTIONAL
} CERT_SUPPORTED_ALGORITHM_INFO, *PCERT_SUPPORTED_ALGORITHM_INFO;
//+-------------------------------------------------------------------------
// szOID_ATTR_TPM_SPECIFICATION
//
// pvStructInfo points to following CERT_TPM_SPECIFICATION_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_TPM_SPECIFICATION_INFO {
LPWSTR pwszFamily; // Encoded as UTF8
DWORD dwLevel;
DWORD dwRevision;
} CERT_TPM_SPECIFICATION_INFO, *PCERT_TPM_SPECIFICATION_INFO;
//+=========================================================================
// Object IDentifier (OID) Installable Functions: Data Structures and APIs // Object IDentifier (OID) Installable Functions: Data Structures and APIs
//========================================================================== //==========================================================================
typedef void *HCRYPTOIDFUNCSET; typedef void *HCRYPTOIDFUNCSET;
typedef void *HCRYPTOIDFUNCADDR; typedef void *HCRYPTOIDFUNCADDR;
// Predefined OID Function Names // Predefined OID Function Names
#define CRYPT_OID_ENCODE_OBJECT_FUNC "CryptDllEncodeObject" #define CRYPT_OID_ENCODE_OBJECT_FUNC "CryptDllEncodeObject"
#define CRYPT_OID_DECODE_OBJECT_FUNC "CryptDllDecodeObject" #define CRYPT_OID_DECODE_OBJECT_FUNC "CryptDllDecodeObject"
#define CRYPT_OID_ENCODE_OBJECT_EX_FUNC "CryptDllEncodeObjectEx" #define CRYPT_OID_ENCODE_OBJECT_EX_FUNC "CryptDllEncodeObjectEx"
skipping to change at line 5669 skipping to change at line 5966
// CryptDllDecodeObjectEx has same function signature as CryptDecodeObjectEx. // CryptDllDecodeObjectEx has same function signature as CryptDecodeObjectEx.
// The Ex version MUST support the CRYPT_DECODE_ALLOC_FLAG option. // The Ex version MUST support the CRYPT_DECODE_ALLOC_FLAG option.
// //
// If an Ex function isn't installed or registered, then, attempts to find // If an Ex function isn't installed or registered, then, attempts to find
// a non-EX version. If the ALLOC flag is set, then, CryptDecodeObjectEx, // a non-EX version. If the ALLOC flag is set, then, CryptDecodeObjectEx,
// does the allocation and calls the non-EX version twice. // does the allocation and calls the non-EX version twice.
// CryptDllCreateCOMObject has the following signature: // CryptDllCreateCOMObject has the following signature:
// BOOL WINAPI CryptDllCreateCOMObject( // BOOL WINAPI CryptDllCreateCOMObject(
// __in DWORD dwEncodingType, // _In_ DWORD dwEncodingType,
// __in LPCSTR pszOID, // _In_ LPCSTR pszOID,
// __In PCRYPT_DATA_BLOB pEncodedContent, // __In PCRYPT_DATA_BLOB pEncodedContent,
// __in DWORD dwFlags, // _In_ DWORD dwFlags,
// __in REFIID riid, // _In_ REFIID riid,
// __deref_out void **ppvObj); // _Outptr_ void **ppvObj);
// CertDllVerifyRevocation has the same signature as CertVerifyRevocation // CertDllVerifyRevocation has the same signature as CertVerifyRevocation
// (See CertVerifyRevocation for details on when called) // (See CertVerifyRevocation for details on when called)
// CertDllVerifyCTLUsage has the same signature as CertVerifyCTLUsage // CertDllVerifyCTLUsage has the same signature as CertVerifyCTLUsage
// CryptDllFindOIDInfo currently is only used to store values used by // CryptDllFindOIDInfo currently is only used to store values used by
// CryptFindOIDInfo. See CryptFindOIDInfo() for more details. // CryptFindOIDInfo. See CryptFindOIDInfo() for more details.
// CryptDllFindLocalizedName is only used to store localized string // CryptDllFindLocalizedName is only used to store localized string
skipping to change at line 5736 skipping to change at line 6033
// case when the Dll has also regsvr32'ed OID functions via // case when the Dll has also regsvr32'ed OID functions via
// CryptRegisterOIDFunction. // CryptRegisterOIDFunction.
// //
// DEFAULT functions are installed by setting rgFuncEntry[].pszOID = // DEFAULT functions are installed by setting rgFuncEntry[].pszOID =
// CRYPT_DEFAULT_OID. // CRYPT_DEFAULT_OID.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptInstallOIDFunctionAddress( CryptInstallOIDFunctionAddress(
__in_opt HMODULE hModule, // hModule passed to DllMain _In_opt_ HMODULE hModule, // hModule passed to DllMain
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in LPCSTR pszFuncName, _In_ LPCSTR pszFuncName,
__in DWORD cFuncEntry, _In_ DWORD cFuncEntry,
__in_ecount(cFuncEntry) const CRYPT_OID_FUNC_ENTRY rgFuncEntry[], _In_reads_(cFuncEntry) const CRYPT_OID_FUNC_ENTRY rgFuncEntry[],
__in DWORD dwFlags _In_ DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Initialize and return handle to the OID function set identified by its // Initialize and return handle to the OID function set identified by its
// function name. // function name.
// //
// If the set already exists, a handle to the existing set is returned. // If the set already exists, a handle to the existing set is returned.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCRYPTOIDFUNCSET HCRYPTOIDFUNCSET
WINAPI WINAPI
CryptInitOIDFunctionSet( CryptInitOIDFunctionSet(
__in LPCSTR pszFuncName, _In_ LPCSTR pszFuncName,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Search the list of installed functions for an encoding type and OID match. // Search the list of installed functions for an encoding type and OID match.
// If not found, search the registry. // If not found, search the registry.
// //
// For success, returns TRUE with *ppvFuncAddr updated with the function's // For success, returns TRUE with *ppvFuncAddr updated with the function's
// address and *phFuncAddr updated with the function address's handle. // address and *phFuncAddr updated with the function address's handle.
// The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to // The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to
// be called to release it. // be called to release it.
skipping to change at line 5777 skipping to change at line 6074
// For a registry match, the Dll containing the function is loaded. // For a registry match, the Dll containing the function is loaded.
// //
// By default, both the registered and installed function lists are searched. // By default, both the registered and installed function lists are searched.
// Set CRYPT_GET_INSTALLED_OID_FUNC_FLAG to only search the installed list // Set CRYPT_GET_INSTALLED_OID_FUNC_FLAG to only search the installed list
// of functions. This flag would be set by a registered function to get // of functions. This flag would be set by a registered function to get
// the address of a pre-installed function it was replacing. For example, // the address of a pre-installed function it was replacing. For example,
// the registered function might handle a new special case and call the // the registered function might handle a new special case and call the
// pre-installed function to handle the remaining cases. // pre-installed function to handle the remaining cases.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CryptGetOIDFunctionAddress( CryptGetOIDFunctionAddress(
__in HCRYPTOIDFUNCSET hFuncSet, _In_ HCRYPTOIDFUNCSET hFuncSet,
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in LPCSTR pszOID, _In_ LPCSTR pszOID,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__deref_out void **ppvFuncAddr, _Outptr_ void **ppvFuncAddr,
__out HCRYPTOIDFUNCADDR *phFuncAddr _Out_ HCRYPTOIDFUNCADDR *phFuncAddr
); );
#define CRYPT_GET_INSTALLED_OID_FUNC_FLAG 0x1 #define CRYPT_GET_INSTALLED_OID_FUNC_FLAG 0x1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the list of registered default Dll entries for the specified // Get the list of registered default Dll entries for the specified
// function set and encoding type. // function set and encoding type.
// //
// The returned list consists of none, one or more null terminated Dll file // The returned list consists of none, one or more null terminated Dll file
// names. The list is terminated with an empty (L"\0") Dll file name. // names. The list is terminated with an empty (L"\0") Dll file name.
// For example: L"first.dll" L"\0" L"second.dll" L"\0" L"\0" // For example: L"first.dll" L"\0" L"second.dll" L"\0" L"\0"
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
_Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CryptGetDefaultOIDDllList( CryptGetDefaultOIDDllList(
__in HCRYPTOIDFUNCSET hFuncSet, _In_ HCRYPTOIDFUNCSET hFuncSet,
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__out_ecount_part_opt(*pcchDllList, *pcchDllList) __nullnullterminated WCHAR _Out_writes_to_opt_(*pcchDllList, *pcchDllList) _Post_ _NullNull_terminated_
*pwszDllList, WCHAR *pwszDllList,
__inout DWORD *pcchDllList _Inout_ DWORD *pcchDllList
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Either: get the first or next installed DEFAULT function OR // Either: get the first or next installed DEFAULT function OR
// load the Dll containing the DEFAULT function. // load the Dll containing the DEFAULT function.
// //
// If pwszDll is NULL, search the list of installed DEFAULT functions. // If pwszDll is NULL, search the list of installed DEFAULT functions.
// *phFuncAddr must be set to NULL to get the first installed function. // *phFuncAddr must be set to NULL to get the first installed function.
// Successive installed functions are returned by setting *phFuncAddr // Successive installed functions are returned by setting *phFuncAddr
// to the hFuncAddr returned by the previous call. // to the hFuncAddr returned by the previous call.
skipping to change at line 5833 skipping to change at line 6131
// function. *phFuncAddr is ignored upon entry and isn't // function. *phFuncAddr is ignored upon entry and isn't
// CryptFreeOIDFunctionAddress'ed. // CryptFreeOIDFunctionAddress'ed.
// //
// For success, returns TRUE with *ppvFuncAddr updated with the function's // For success, returns TRUE with *ppvFuncAddr updated with the function's
// address and *phFuncAddr updated with the function address's handle. // address and *phFuncAddr updated with the function address's handle.
// The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to // The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to
// be called to release it or CryptGetDefaultOIDFunctionAddress can also // be called to release it or CryptGetDefaultOIDFunctionAddress can also
// be called for a NULL pwszDll. // be called for a NULL pwszDll.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CryptGetDefaultOIDFunctionAddress( CryptGetDefaultOIDFunctionAddress(
__in HCRYPTOIDFUNCSET hFuncSet, _In_ HCRYPTOIDFUNCSET hFuncSet,
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in_opt LPCWSTR pwszDll, _In_opt_ LPCWSTR pwszDll,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__deref_out void **ppvFuncAddr, _Outptr_ void **ppvFuncAddr,
__inout HCRYPTOIDFUNCADDR *phFuncAddr _Inout_ HCRYPTOIDFUNCADDR *phFuncAddr
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Releases the handle AddRef'ed and returned by CryptGetOIDFunctionAddress // Releases the handle AddRef'ed and returned by CryptGetOIDFunctionAddress
// or CryptGetDefaultOIDFunctionAddress. // or CryptGetDefaultOIDFunctionAddress.
// //
// If a Dll was loaded for the function its unloaded. However, before doing // If a Dll was loaded for the function its unloaded. However, before doing
// the unload, the DllCanUnloadNow function exported by the loaded Dll is // the unload, the DllCanUnloadNow function exported by the loaded Dll is
// called. It should return S_FALSE to inhibit the unload or S_TRUE to enable // called. It should return S_FALSE to inhibit the unload or S_TRUE to enable
// the unload. If the Dll doesn't export DllCanUnloadNow, the Dll is unloaded. // the unload. If the Dll doesn't export DllCanUnloadNow, the Dll is unloaded.
// //
// DllCanUnloadNow has the following signature: // DllCanUnloadNow has the following signature:
// STDAPI DllCanUnloadNow(void); // STDAPI DllCanUnloadNow(void);
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptFreeOIDFunctionAddress( CryptFreeOIDFunctionAddress(
__in HCRYPTOIDFUNCADDR hFuncAddr, _In_ HCRYPTOIDFUNCADDR hFuncAddr,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Register the Dll containing the function to be called for the specified // Register the Dll containing the function to be called for the specified
// encoding type, function name and OID. // encoding type, function name and OID.
// //
// pwszDll may contain environment-variable strings // pwszDll may contain environment-variable strings
// which are ExpandEnvironmentStrings()'ed before loading the Dll. // which are ExpandEnvironmentStrings()'ed before loading the Dll.
// //
// In addition to registering the DLL, you may override the // In addition to registering the DLL, you may override the
// name of the function to be called. For example, // name of the function to be called. For example,
// pszFuncName = "CryptDllEncodeObject", // pszFuncName = "CryptDllEncodeObject",
// pszOverrideFuncName = "MyEncodeXyz". // pszOverrideFuncName = "MyEncodeXyz".
// This allows a Dll to export multiple OID functions for the same // This allows a Dll to export multiple OID functions for the same
// function name without needing to interpose its own OID dispatcher function. // function name without needing to interpose its own OID dispatcher function.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptRegisterOIDFunction( CryptRegisterOIDFunction(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in LPCSTR pszFuncName, _In_ LPCSTR pszFuncName,
__in LPCSTR pszOID, _In_ LPCSTR pszOID,
__in_opt LPCWSTR pwszDll, _In_opt_ LPCWSTR pwszDll,
__in_opt LPCSTR pszOverrideFuncName _In_opt_ LPCSTR pszOverrideFuncName
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Unregister the Dll containing the function to be called for the specified // Unregister the Dll containing the function to be called for the specified
// encoding type, function name and OID. // encoding type, function name and OID.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUnregisterOIDFunction( CryptUnregisterOIDFunction(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in LPCSTR pszFuncName, _In_ LPCSTR pszFuncName,
__in LPCSTR pszOID _In_ LPCSTR pszOID
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Register the Dll containing the default function to be called for the // Register the Dll containing the default function to be called for the
// specified encoding type and function name. // specified encoding type and function name.
// //
// Unlike CryptRegisterOIDFunction, you can't override the function name // Unlike CryptRegisterOIDFunction, you can't override the function name
// needing to be exported by the Dll. // needing to be exported by the Dll.
// //
// The Dll is inserted before the entry specified by dwIndex. // The Dll is inserted before the entry specified by dwIndex.
// dwIndex == 0, inserts at the beginning. // dwIndex == 0, inserts at the beginning.
// dwIndex == CRYPT_REGISTER_LAST_INDEX, appends at the end. // dwIndex == CRYPT_REGISTER_LAST_INDEX, appends at the end.
// //
// pwszDll may contain environment-variable strings // pwszDll may contain environment-variable strings
// which are ExpandEnvironmentStrings()'ed before loading the Dll. // which are ExpandEnvironmentStrings()'ed before loading the Dll.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptRegisterDefaultOIDFunction( CryptRegisterDefaultOIDFunction(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in LPCSTR pszFuncName, _In_ LPCSTR pszFuncName,
__in DWORD dwIndex, _In_ DWORD dwIndex,
__in LPCWSTR pwszDll _In_ LPCWSTR pwszDll
); );
#define CRYPT_REGISTER_FIRST_INDEX 0 #define CRYPT_REGISTER_FIRST_INDEX 0
#define CRYPT_REGISTER_LAST_INDEX 0xFFFFFFFF #define CRYPT_REGISTER_LAST_INDEX 0xFFFFFFFF
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Unregister the Dll containing the default function to be called for // Unregister the Dll containing the default function to be called for
// the specified encoding type and function name. // the specified encoding type and function name.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUnregisterDefaultOIDFunction( CryptUnregisterDefaultOIDFunction(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in LPCSTR pszFuncName, _In_ LPCSTR pszFuncName,
__in LPCWSTR pwszDll _In_ LPCWSTR pwszDll
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set the value for the specified encoding type, function name, OID and // Set the value for the specified encoding type, function name, OID and
// value name. // value name.
// //
// See RegSetValueEx for the possible value types. // See RegSetValueEx for the possible value types.
// //
// String types are UNICODE. // String types are UNICODE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSetOIDFunctionValue( CryptSetOIDFunctionValue(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in LPCSTR pszFuncName, _In_ LPCSTR pszFuncName,
__in LPCSTR pszOID, _In_ LPCSTR pszOID,
__in_opt LPCWSTR pwszValueName, _In_opt_ LPCWSTR pwszValueName,
__in DWORD dwValueType, _In_ DWORD dwValueType,
__in_bcount_opt(cbValueData) const BYTE *pbValueData, _In_reads_bytes_opt_(cbValueData) const BYTE *pbValueData,
__in DWORD cbValueData _In_ DWORD cbValueData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the value for the specified encoding type, function name, OID and // Get the value for the specified encoding type, function name, OID and
// value name. // value name.
// //
// See RegEnumValue for the possible value types. // See RegEnumValue for the possible value types.
// //
// String types are UNICODE. // String types are UNICODE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptGetOIDFunctionValue( CryptGetOIDFunctionValue(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in LPCSTR pszFuncName, _In_ LPCSTR pszFuncName,
__in LPCSTR pszOID, _In_ LPCSTR pszOID,
__in_opt LPCWSTR pwszValueName, _In_opt_ LPCWSTR pwszValueName,
__out_opt DWORD *pdwValueType, _Out_opt_ DWORD *pdwValueType,
__out_bcount_part_opt(*pcbValueData, *pcbValueData) BYTE *pbValueData, _Out_writes_bytes_to_opt_(*pcbValueData, *pcbValueData) BYTE *pbValueData,
__inout_opt DWORD *pcbValueData _Inout_opt_ DWORD *pcbValueData
); );
typedef BOOL (WINAPI *PFN_CRYPT_ENUM_OID_FUNC)( typedef BOOL (WINAPI *PFN_CRYPT_ENUM_OID_FUNC)(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in LPCSTR pszFuncName, _In_ LPCSTR pszFuncName,
__in LPCSTR pszOID, _In_ LPCSTR pszOID,
__in DWORD cValue, _In_ DWORD cValue,
__in_ecount(cValue) const DWORD rgdwValueType[], _In_reads_(cValue) const DWORD rgdwValueType[],
__in_ecount(cValue) LPCWSTR const rgpwszValueName[], _In_reads_(cValue) LPCWSTR const rgpwszValueName[],
__in_ecount(cValue) const BYTE * const rgpbValueData[], _In_reads_(cValue) const BYTE * const rgpbValueData[],
__in_ecount(cValue) const DWORD rgcbValueData[], _In_reads_(cValue) const DWORD rgcbValueData[],
__inout_opt void *pvArg _Inout_opt_ void *pvArg
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the OID functions identified by their encoding type, // Enumerate the OID functions identified by their encoding type,
// function name and OID. // function name and OID.
// //
// pfnEnumOIDFunc is called for each registry key matching the input // pfnEnumOIDFunc is called for each registry key matching the input
// parameters. Setting dwEncodingType to CRYPT_MATCH_ANY_ENCODING_TYPE matches // parameters. Setting dwEncodingType to CRYPT_MATCH_ANY_ENCODING_TYPE matches
// any. Setting pszFuncName or pszOID to NULL matches any. // any. Setting pszFuncName or pszOID to NULL matches any.
// //
// Set pszOID == CRYPT_DEFAULT_OID to restrict the enumeration to only the // Set pszOID == CRYPT_DEFAULT_OID to restrict the enumeration to only the
// DEFAULT functions // DEFAULT functions
// //
// String types are UNICODE. // String types are UNICODE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEnumOIDFunction( CryptEnumOIDFunction(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in_opt LPCSTR pszFuncName, _In_opt_ LPCSTR pszFuncName,
__in_opt LPCSTR pszOID, _In_opt_ LPCSTR pszOID,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__inout_opt void *pvArg, _Inout_opt_ void *pvArg,
__callback PFN_CRYPT_ENUM_OID_FUNC pfnEnumOIDFunc __callback PFN_CRYPT_ENUM_OID_FUNC pfnEnumOIDFunc
); );
#define CRYPT_MATCH_ANY_ENCODING_TYPE 0xFFFFFFFF #define CRYPT_MATCH_ANY_ENCODING_TYPE 0xFFFFFFFF
//+========================================================================= //+=========================================================================
// Object IDentifier (OID) Information: Data Structures and APIs // Object IDentifier (OID) Information: Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 6050 skipping to change at line 6348
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Special CNG Algorithms used in CRYPT_OID_INFO // Special CNG Algorithms used in CRYPT_OID_INFO
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_OID_INFO_HASH_PARAMETERS_ALGORITHM L"CryptOIDInfoHashParameters" #define CRYPT_OID_INFO_HASH_PARAMETERS_ALGORITHM L"CryptOIDInfoHashParameters"
#define CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM L"CryptOIDInfoECCParameters" #define CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM L"CryptOIDInfoECCParameters"
#define CRYPT_OID_INFO_MGF1_PARAMETERS_ALGORITHM L"CryptOIDInfoMgf1Parameters" #define CRYPT_OID_INFO_MGF1_PARAMETERS_ALGORITHM L"CryptOIDInfoMgf1Parameters"
#define CRYPT_OID_INFO_NO_SIGN_ALGORITHM L"CryptOIDInfoNoSign" #define CRYPT_OID_INFO_NO_SIGN_ALGORITHM L"CryptOIDInfoNoSign"
#define CRYPT_OID_INFO_OAEP_PARAMETERS_ALGORITHM L"CryptOIDInfoOAEPParameters" #define CRYPT_OID_INFO_OAEP_PARAMETERS_ALGORITHM L"CryptOIDInfoOAEPParameters"
#define CRYPT_OID_INFO_ECC_WRAP_PARAMETERS_ALGORITHM L"CryptOIDInfoECCWrapParame ters" #define CRYPT_OID_INFO_ECC_WRAP_PARAMETERS_ALGORITHM L"CryptOIDInfoECCWrapParame ters"
#define CRYPT_OID_INFO_NO_PARAMETERS_ALGORITHM L"CryptOIDInfoNoParameters"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// OID Information // OID Information
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_OID_INFO { typedef struct _CRYPT_OID_INFO {
DWORD cbSize; DWORD cbSize;
LPCSTR pszOID; LPCSTR pszOID;
LPCWSTR pwszName; LPCWSTR pwszName;
DWORD dwGroupId; DWORD dwGroupId;
union { union {
skipping to change at line 6188 skipping to change at line 6487
// For CRYPT_OID_INFO_NAME_KEY, CRYPT_OID_INFO_CNG_ALGID_KEY and // For CRYPT_OID_INFO_NAME_KEY, CRYPT_OID_INFO_CNG_ALGID_KEY and
// CRYPT_OID_INFO_CNG_SIGN_KEY the string comparison is case insensitive. // CRYPT_OID_INFO_CNG_SIGN_KEY the string comparison is case insensitive.
// //
// Setting dwGroupId to 0, searches all groups according to the dwKeyType. // Setting dwGroupId to 0, searches all groups according to the dwKeyType.
// Otherwise, only the dwGroupId is searched. // Otherwise, only the dwGroupId is searched.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRYPT_OID_INFO PCCRYPT_OID_INFO
WINAPI WINAPI
CryptFindOIDInfo( CryptFindOIDInfo(
__in DWORD dwKeyType, _In_ DWORD dwKeyType,
__in void *pvKey, _In_ void *pvKey,
__in DWORD dwGroupId _In_ DWORD dwGroupId
); );
#define CRYPT_OID_INFO_OID_KEY 1 #define CRYPT_OID_INFO_OID_KEY 1
#define CRYPT_OID_INFO_NAME_KEY 2 #define CRYPT_OID_INFO_NAME_KEY 2
#define CRYPT_OID_INFO_ALGID_KEY 3 #define CRYPT_OID_INFO_ALGID_KEY 3
#define CRYPT_OID_INFO_SIGN_KEY 4 #define CRYPT_OID_INFO_SIGN_KEY 4
#define CRYPT_OID_INFO_CNG_ALGID_KEY 5 #define CRYPT_OID_INFO_CNG_ALGID_KEY 5
#define CRYPT_OID_INFO_CNG_SIGN_KEY 6 #define CRYPT_OID_INFO_CNG_SIGN_KEY 6
// Set the following in the above dwKeyType parameter to restrict public keys // Set the following in the above dwKeyType parameter to restrict public keys
skipping to change at line 6258 skipping to change at line 6557
// allows applications to augment crypt32.dll's OID information. During // allows applications to augment crypt32.dll's OID information. During
// CryptFindOIDInfo's first call, the registered OID information is installed. // CryptFindOIDInfo's first call, the registered OID information is installed.
// //
// By default the registered OID information is installed after crypt32.dll's // By default the registered OID information is installed after crypt32.dll's
// OID entries. Set CRYPT_INSTALL_OID_INFO_BEFORE_FLAG to install before. // OID entries. Set CRYPT_INSTALL_OID_INFO_BEFORE_FLAG to install before.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptRegisterOIDInfo( CryptRegisterOIDInfo(
__in PCCRYPT_OID_INFO pInfo, _In_ PCCRYPT_OID_INFO pInfo,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
#define CRYPT_INSTALL_OID_INFO_BEFORE_FLAG 1 #define CRYPT_INSTALL_OID_INFO_BEFORE_FLAG 1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Unregister OID information. Only the pszOID and dwGroupId fields are // Unregister OID information. Only the pszOID and dwGroupId fields are
// used to identify the OID information to be unregistered. // used to identify the OID information to be unregistered.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUnregisterOIDInfo( CryptUnregisterOIDInfo(
__in PCCRYPT_OID_INFO pInfo _In_ PCCRYPT_OID_INFO pInfo
); );
// If the callback returns FALSE, stops the enumeration. // If the callback returns FALSE, stops the enumeration.
typedef BOOL (WINAPI *PFN_CRYPT_ENUM_OID_INFO)( typedef BOOL (WINAPI *PFN_CRYPT_ENUM_OID_INFO)(
__in PCCRYPT_OID_INFO pInfo, _In_ PCCRYPT_OID_INFO pInfo,
__inout_opt void *pvArg _Inout_opt_ void *pvArg
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the OID information. // Enumerate the OID information.
// //
// pfnEnumOIDInfo is called for each OID information entry. // pfnEnumOIDInfo is called for each OID information entry.
// //
// Setting dwGroupId to 0 matches all groups. Otherwise, only enumerates // Setting dwGroupId to 0 matches all groups. Otherwise, only enumerates
// entries in the specified group. // entries in the specified group.
// //
// dwFlags currently isn't used and must be set to 0. // dwFlags currently isn't used and must be set to 0.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEnumOIDInfo( CryptEnumOIDInfo(
__in DWORD dwGroupId, _In_ DWORD dwGroupId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__inout_opt void *pvArg, _Inout_opt_ void *pvArg,
__callback PFN_CRYPT_ENUM_OID_INFO pfnEnumOIDInfo __callback PFN_CRYPT_ENUM_OID_INFO pfnEnumOIDInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find the localized name for the specified name. For example, find the // Find the localized name for the specified name. For example, find the
// localized name for the "Root" system store name. A case insensitive // localized name for the "Root" system store name. A case insensitive
// string comparison is done. // string comparison is done.
// //
// Returns NULL if unable to find the the specified name. // Returns NULL if unable to find the the specified name.
// //
skipping to change at line 6328 skipping to change at line 6627
// cbValueData = (wcslen(UNICODE localized string) + 1) * sizeof(WCHAR) // cbValueData = (wcslen(UNICODE localized string) + 1) * sizeof(WCHAR)
// //
// To unregister, set pbValueData to NULL and cbValueData to 0. // To unregister, set pbValueData to NULL and cbValueData to 0.
// //
// The registered names are searched before the pre-installed names. // The registered names are searched before the pre-installed names.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
LPCWSTR LPCWSTR
WINAPI WINAPI
CryptFindLocalizedName( CryptFindLocalizedName(
__in LPCWSTR pwszCryptName _In_ LPCWSTR pwszCryptName
); );
#define CRYPT_LOCALIZED_NAME_ENCODING_TYPE 0 #define CRYPT_LOCALIZED_NAME_ENCODING_TYPE 0
#define CRYPT_LOCALIZED_NAME_OID "LocalizedNames" #define CRYPT_LOCALIZED_NAME_OID "LocalizedNames"
//+========================================================================= //+=========================================================================
// Certificate Strong Signature Defines and Data Structures
//==========================================================================
typedef struct _CERT_STRONG_SIGN_SERIALIZED_INFO {
DWORD dwFlags;
LPWSTR pwszCNGSignHashAlgids;
LPWSTR pwszCNGPubKeyMinBitLengths; // Optional
} CERT_STRONG_SIGN_SERIALIZED_INFO, *PCERT_STRONG_SIGN_SERIALIZED_INFO;
#define CERT_STRONG_SIGN_ECDSA_ALGORITHM L"ECDSA"
//
// Following CNG Signature Algorithms are supported
//
// #define BCRYPT_RSA_ALGORITHM L"RSA"
// #define BCRYPT_DSA_ALGORITHM L"DSA"
// #define CERT_STRONG_SIGN_ECDSA_ALGORITHM L"ECDSA"
//
//
// Following CNG Hash Algorithms are supported
//
// #define BCRYPT_MD5_ALGORITHM L"MD5"
// #define BCRYPT_SHA1_ALGORITHM L"SHA1"
// #define BCRYPT_SHA256_ALGORITHM L"SHA256"
// #define BCRYPT_SHA384_ALGORITHM L"SHA384"
// #define BCRYPT_SHA512_ALGORITHM L"SHA512"
//
typedef struct _CERT_STRONG_SIGN_PARA {
DWORD cbSize;
DWORD dwInfoChoice;
union {
void *pvInfo;
// CERT_STRONG_SIGN_SERIALIZED_INFO_CHOICE
PCERT_STRONG_SIGN_SERIALIZED_INFO pSerializedInfo;
// CERT_STRONG_SIGN_OID_INFO_CHOICE
LPSTR pszOID;
} DUMMYUNIONNAME;
} CERT_STRONG_SIGN_PARA, *PCERT_STRONG_SIGN_PARA;
typedef const CERT_STRONG_SIGN_PARA *PCCERT_STRONG_SIGN_PARA;
#define CERT_STRONG_SIGN_SERIALIZED_INFO_CHOICE 1
#define CERT_STRONG_SIGN_OID_INFO_CHOICE 2
// By default, strong signature checking isn't enabled for either
// CRLs or OCSP responses.
#define CERT_STRONG_SIGN_ENABLE_CRL_CHECK 0x1
#define CERT_STRONG_SIGN_ENABLE_OCSP_CHECK 0x2
//
// OID Strong Sign Parameters used by Windows OS Components
//
#define szOID_CERT_STRONG_SIGN_OS_PREFIX "1.3.6.1.4.1.311.72.1."
// OS_1 was supported starting with Windows 8
// Requires
// RSA keys >= 2047 or ECDSA >= 256 (DSA not allowed)
// SHA2 hashes (MD2, MD4, MD5 or SHA1 not allowed)
// Both CERT_STRONG_SIGN_ENABLE_CRL_CHECK and
// CERT_STRONG_SIGN_ENABLE_OCSP_CHECK are set
#define szOID_CERT_STRONG_SIGN_OS_1 "1.3.6.1.4.1.311.72.1.1"
#define szOID_CERT_STRONG_SIGN_OS_CURRENT szOID_CERT_STRONG_SIGN_OS_1
#define CERT_STRONG_SIGN_PARA_OS_1 \
{ \
sizeof(CERT_STRONG_SIGN_PARA), \
CERT_STRONG_SIGN_OID_INFO_CHOICE, \
szOID_CERT_STRONG_SIGN_OS_1 \
}
#define CERT_STRONG_SIGN_PARA_OS_CURRENT \
{ \
sizeof(CERT_STRONG_SIGN_PARA), \
CERT_STRONG_SIGN_OID_INFO_CHOICE, \
szOID_CERT_STRONG_SIGN_OS_CURRENT \
}
#define szOID_CERT_STRONG_KEY_OS_PREFIX "1.3.6.1.4.1.311.72.2."
// OS_1 was supported starting with Windows 8
// Requires
// RSA keys >= 2047 or ECDSA >= 256 (DSA not allowed)
// SHA1 or SHA2 hashes (MD2, MD4 or MD5 not allowed)
// Both CERT_STRONG_SIGN_ENABLE_CRL_CHECK and
// CERT_STRONG_SIGN_ENABLE_OCSP_CHECK are set
#define szOID_CERT_STRONG_KEY_OS_1 "1.3.6.1.4.1.311.72.2.1"
#define szOID_CERT_STRONG_KEY_OS_CURRENT szOID_CERT_STRONG_KEY_OS_1
#define CERT_STRONG_KEY_PARA_OS_1 \
{ \
sizeof(CERT_STRONG_SIGN_PARA), \
CERT_STRONG_SIGN_OID_INFO_CHOICE, \
szOID_CERT_STRONG_KEY_OS_1 \
}
#define CERT_STRONG_KEY_PARA_OS_CURRENT \
{ \
sizeof(CERT_STRONG_SIGN_PARA), \
CERT_STRONG_SIGN_OID_INFO_CHOICE, \
szOID_CERT_STRONG_KEY_OS_CURRENT \
}
//+=========================================================================
// Low Level Cryptographic Message Data Structures and APIs // Low Level Cryptographic Message Data Structures and APIs
//========================================================================== //==========================================================================
typedef void *HCRYPTMSG; typedef void *HCRYPTMSG;
#define szOID_PKCS_7_DATA "1.2.840.113549.1.7.1" #define szOID_PKCS_7_DATA "1.2.840.113549.1.7.1"
#define szOID_PKCS_7_SIGNED "1.2.840.113549.1.7.2" #define szOID_PKCS_7_SIGNED "1.2.840.113549.1.7.2"
#define szOID_PKCS_7_ENVELOPED "1.2.840.113549.1.7.3" #define szOID_PKCS_7_ENVELOPED "1.2.840.113549.1.7.3"
#define szOID_PKCS_7_SIGNEDANDENVELOPED "1.2.840.113549.1.7.4" #define szOID_PKCS_7_SIGNEDANDENVELOPED "1.2.840.113549.1.7.4"
#define szOID_PKCS_7_DIGESTED "1.2.840.113549.1.7.5" #define szOID_PKCS_7_DIGESTED "1.2.840.113549.1.7.5"
skipping to change at line 6871 skipping to change at line 7279
// called to get the cryptographically processed content. Until closed, // called to get the cryptographically processed content. Until closed,
// the handle keeps a copy of the processed content. // the handle keeps a copy of the processed content.
// //
// With streamed output, the processed content can be freed as its streamed. // With streamed output, the processed content can be freed as its streamed.
// //
// If the length of the content to be updated is known at the time of the // If the length of the content to be updated is known at the time of the
// open, then, ContentLength should be set to that length. Otherwise, it // open, then, ContentLength should be set to that length. Otherwise, it
// should be set to CMSG_INDEFINITE_LENGTH. // should be set to CMSG_INDEFINITE_LENGTH.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_CMSG_STREAM_OUTPUT)( typedef BOOL (WINAPI *PFN_CMSG_STREAM_OUTPUT)(
__in_opt const void *pvArg, _In_opt_ const void *pvArg,
__in_bcount_opt(cbData) BYTE *pbData, _In_reads_bytes_opt_(cbData) BYTE *pbData,
__in DWORD cbData, _In_ DWORD cbData,
__in BOOL fFinal _In_ BOOL fFinal
); );
#define CMSG_INDEFINITE_LENGTH (0xFFFFFFFF) #define CMSG_INDEFINITE_LENGTH (0xFFFFFFFF)
typedef struct _CMSG_STREAM_INFO { typedef struct _CMSG_STREAM_INFO {
DWORD cbContent; DWORD cbContent;
PFN_CMSG_STREAM_OUTPUT pfnStreamOutput; PFN_CMSG_STREAM_OUTPUT pfnStreamOutput;
void *pvArg; void *pvArg;
} CMSG_STREAM_INFO, *PCMSG_STREAM_INFO; } CMSG_STREAM_INFO, *PCMSG_STREAM_INFO;
skipping to change at line 6922 skipping to change at line 7330
// the streamed output will not have an outer ContentInfo wrapper. This // the streamed output will not have an outer ContentInfo wrapper. This
// makes it suitable to be streamed into an enclosing message. // makes it suitable to be streamed into an enclosing message.
// //
// The pStreamInfo parameter needs to be set to stream the encoded message // The pStreamInfo parameter needs to be set to stream the encoded message
// output. // output.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCRYPTMSG HCRYPTMSG
WINAPI WINAPI
CryptMsgOpenToEncode( CryptMsgOpenToEncode(
__in DWORD dwMsgEncodingType, _In_ DWORD dwMsgEncodingType,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in DWORD dwMsgType, _In_ DWORD dwMsgType,
__in void const *pvMsgEncodeInfo, _In_ void const *pvMsgEncodeInfo,
__in_opt LPSTR pszInnerContentObjID, _In_opt_ LPSTR pszInnerContentObjID,
__in_opt PCMSG_STREAM_INFO pStreamInfo _In_opt_ PCMSG_STREAM_INFO pStreamInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Calculate the length of an encoded cryptographic message. // Calculate the length of an encoded cryptographic message.
// //
// Calculates the length of the encoded message given the // Calculates the length of the encoded message given the
// message type, encoding parameters and total length of // message type, encoding parameters and total length of
// the data to be updated. Note, this might not be the exact length. However, // the data to be updated. Note, this might not be the exact length. However,
// it will always be greater than or equal to the actual length. // it will always be greater than or equal to the actual length.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CryptMsgCalculateEncodedLength( CryptMsgCalculateEncodedLength(
__in DWORD dwMsgEncodingType, _In_ DWORD dwMsgEncodingType,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in DWORD dwMsgType, _In_ DWORD dwMsgType,
__in void const *pvMsgEncodeInfo, _In_ void const *pvMsgEncodeInfo,
__in_opt LPSTR pszInnerContentObjID, _In_opt_ LPSTR pszInnerContentObjID,
__in DWORD cbData _In_ DWORD cbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Open a cryptographic message for decoding // Open a cryptographic message for decoding
// //
// hCryptProv specifies the crypto provider to use for hashing and/or // hCryptProv specifies the crypto provider to use for hashing and/or
// decrypting the message. If hCryptProv is NULL, a default crypt provider // decrypting the message. If hCryptProv is NULL, a default crypt provider
// is used. // is used.
// //
// Currently pRecipientInfo isn't used and should be set to NULL. // Currently pRecipientInfo isn't used and should be set to NULL.
// //
// The pStreamInfo parameter needs to be set to stream the decoded content // The pStreamInfo parameter needs to be set to stream the decoded content
// output. // output.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCRYPTMSG HCRYPTMSG
WINAPI WINAPI
CryptMsgOpenToDecode( CryptMsgOpenToDecode(
__in DWORD dwMsgEncodingType, _In_ DWORD dwMsgEncodingType,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in DWORD dwMsgType, _In_ DWORD dwMsgType,
__in_opt HCRYPTPROV_LEGACY hCryptProv, _In_opt_ HCRYPTPROV_LEGACY hCryptProv,
__reserved PCERT_INFO pRecipientInfo, _Reserved_ PCERT_INFO pRecipientInfo,
__in_opt PCMSG_STREAM_INFO pStreamInfo _In_opt_ PCMSG_STREAM_INFO pStreamInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Duplicate a cryptographic message handle // Duplicate a cryptographic message handle
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCRYPTMSG HCRYPTMSG
WINAPI WINAPI
CryptMsgDuplicate( CryptMsgDuplicate(
__in_opt HCRYPTMSG hCryptMsg _In_opt_ HCRYPTMSG hCryptMsg
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Close a cryptographic message handle // Close a cryptographic message handle
// //
// LastError is preserved unless FALSE is returned. // LastError is preserved unless FALSE is returned.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgClose( CryptMsgClose(
__in_opt HCRYPTMSG hCryptMsg _In_opt_ HCRYPTMSG hCryptMsg
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Update the content of a cryptographic message. Depending on how the // Update the content of a cryptographic message. Depending on how the
// message was opened, the content is either encoded or decoded. // message was opened, the content is either encoded or decoded.
// //
// This function is repetitively called to append to the message content. // This function is repetitively called to append to the message content.
// fFinal is set to identify the last update. On fFinal, the encode/decode // fFinal is set to identify the last update. On fFinal, the encode/decode
// is completed. The encoded/decoded content and the decoded parameters // is completed. The encoded/decoded content and the decoded parameters
// are valid until the open and all duplicated handles are closed. // are valid until the open and all duplicated handles are closed.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgUpdate( CryptMsgUpdate(
__in HCRYPTMSG hCryptMsg, _In_ HCRYPTMSG hCryptMsg,
__in_bcount_opt(cbData) const BYTE *pbData, _In_reads_bytes_opt_(cbData) const BYTE *pbData,
__in DWORD cbData, _In_ DWORD cbData,
__in BOOL fFinal _In_ BOOL fFinal
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get a parameter after encoding/decoding a cryptographic message. Called // Get a parameter after encoding/decoding a cryptographic message. Called
// after the final CryptMsgUpdate. Only the CMSG_CONTENT_PARAM and // after the final CryptMsgUpdate. Only the CMSG_CONTENT_PARAM and
// CMSG_COMPUTED_HASH_PARAM are valid for an encoded message. // CMSG_COMPUTED_HASH_PARAM are valid for an encoded message.
// //
// For an encoded HASHED message, the CMSG_COMPUTED_HASH_PARAM can be got // For an encoded HASHED message, the CMSG_COMPUTED_HASH_PARAM can be got
// before any CryptMsgUpdates to get its length. // before any CryptMsgUpdates to get its length.
// //
skipping to change at line 7043 skipping to change at line 7451
// The OBJID BLOBs returned in the pvData structures point to // The OBJID BLOBs returned in the pvData structures point to
// their still encoded representation. The appropriate functions // their still encoded representation. The appropriate functions
// must be called to decode the information. // must be called to decode the information.
// //
// See below for a list of the parameters to get. // See below for a list of the parameters to get.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgGetParam( CryptMsgGetParam(
__in HCRYPTMSG hCryptMsg, _In_ HCRYPTMSG hCryptMsg,
__in DWORD dwParamType, _In_ DWORD dwParamType,
__in DWORD dwIndex, _In_ DWORD dwIndex,
__out_bcount_part_opt(*pcbData, *pcbData) void *pvData, _Out_writes_bytes_to_opt_(*pcbData, *pcbData) void *pvData,
__inout DWORD *pcbData _Inout_ DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get parameter types and their corresponding data structure definitions. // Get parameter types and their corresponding data structure definitions.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMSG_TYPE_PARAM 1 #define CMSG_TYPE_PARAM 1
#define CMSG_CONTENT_PARAM 2 #define CMSG_CONTENT_PARAM 2
#define CMSG_BARE_CONTENT_PARAM 3 #define CMSG_BARE_CONTENT_PARAM 3
#define CMSG_INNER_CONTENT_TYPE_PARAM 4 #define CMSG_INNER_CONTENT_TYPE_PARAM 4
#define CMSG_SIGNER_COUNT_PARAM 5 #define CMSG_SIGNER_COUNT_PARAM 5
skipping to change at line 7576 skipping to change at line 7984
// //
// The pvCtrlPara definition depends on the dwCtrlType value. // The pvCtrlPara definition depends on the dwCtrlType value.
// //
// See below for a list of the control operations and their pvCtrlPara // See below for a list of the control operations and their pvCtrlPara
// type definition. // type definition.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgControl( CryptMsgControl(
__in HCRYPTMSG hCryptMsg, _In_ HCRYPTMSG hCryptMsg,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in DWORD dwCtrlType, _In_ DWORD dwCtrlType,
__in_opt void const *pvCtrlPara _In_opt_ void const *pvCtrlPara
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Message control types // Message control types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMSG_CTRL_VERIFY_SIGNATURE 1 #define CMSG_CTRL_VERIFY_SIGNATURE 1
#define CMSG_CTRL_DECRYPT 2 #define CMSG_CTRL_DECRYPT 2
#define CMSG_CTRL_VERIFY_HASH 5 #define CMSG_CTRL_VERIFY_HASH 5
#define CMSG_CTRL_ADD_SIGNER 6 #define CMSG_CTRL_ADD_SIGNER 6
#define CMSG_CTRL_DEL_SIGNER 7 #define CMSG_CTRL_DEL_SIGNER 7
skipping to change at line 7603 skipping to change at line 8011
#define CMSG_CTRL_DEL_CERT 11 #define CMSG_CTRL_DEL_CERT 11
#define CMSG_CTRL_ADD_CRL 12 #define CMSG_CTRL_ADD_CRL 12
#define CMSG_CTRL_DEL_CRL 13 #define CMSG_CTRL_DEL_CRL 13
#define CMSG_CTRL_ADD_ATTR_CERT 14 #define CMSG_CTRL_ADD_ATTR_CERT 14
#define CMSG_CTRL_DEL_ATTR_CERT 15 #define CMSG_CTRL_DEL_ATTR_CERT 15
#define CMSG_CTRL_KEY_TRANS_DECRYPT 16 #define CMSG_CTRL_KEY_TRANS_DECRYPT 16
#define CMSG_CTRL_KEY_AGREE_DECRYPT 17 #define CMSG_CTRL_KEY_AGREE_DECRYPT 17
#define CMSG_CTRL_MAIL_LIST_DECRYPT 18 #define CMSG_CTRL_MAIL_LIST_DECRYPT 18
#define CMSG_CTRL_VERIFY_SIGNATURE_EX 19 #define CMSG_CTRL_VERIFY_SIGNATURE_EX 19
#define CMSG_CTRL_ADD_CMS_SIGNER_INFO 20 #define CMSG_CTRL_ADD_CMS_SIGNER_INFO 20
#define CMSG_CTRL_ENABLE_STRONG_SIGNATURE 21
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_CTRL_VERIFY_SIGNATURE // CMSG_CTRL_VERIFY_SIGNATURE
// //
// Verify the signature of a SIGNED or SIGNED_AND_ENVELOPED // Verify the signature of a SIGNED or SIGNED_AND_ENVELOPED
// message after it has been decoded. // message after it has been decoded.
// //
// For a SIGNED_AND_ENVELOPED message, called after // For a SIGNED_AND_ENVELOPED message, called after
// CryptMsgControl(CMSG_CTRL_DECRYPT), if CryptMsgOpenToDecode was called // CryptMsgControl(CMSG_CTRL_DECRYPT), if CryptMsgOpenToDecode was called
// with a NULL pRecipientInfo. // with a NULL pRecipientInfo.
skipping to change at line 7669 skipping to change at line 8078
#define CMSG_VERIFY_SIGNER_PUBKEY 1 #define CMSG_VERIFY_SIGNER_PUBKEY 1
// pvSigner :: PCERT_PUBLIC_KEY_INFO // pvSigner :: PCERT_PUBLIC_KEY_INFO
#define CMSG_VERIFY_SIGNER_CERT 2 #define CMSG_VERIFY_SIGNER_CERT 2
// pvSigner :: PCCERT_CONTEXT // pvSigner :: PCCERT_CONTEXT
#define CMSG_VERIFY_SIGNER_CHAIN 3 #define CMSG_VERIFY_SIGNER_CHAIN 3
// pvSigner :: PCCERT_CHAIN_CONTEXT // pvSigner :: PCCERT_CHAIN_CONTEXT
#define CMSG_VERIFY_SIGNER_NULL 4 #define CMSG_VERIFY_SIGNER_NULL 4
// pvSigner :: NULL // pvSigner :: NULL
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CMSG_CTRL_ENABLE_STRONG_SIGNATURE
//
// Enables Strong Signature Checking for subsequent verifies.
//
// pvCtrlPara points to a const CERT_STRONG_SIGN_PARA struct.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_DECRYPT // CMSG_CTRL_DECRYPT
// //
// Decrypt an ENVELOPED or SIGNED_AND_ENVELOPED message after it has been // Decrypt an ENVELOPED or SIGNED_AND_ENVELOPED message after it has been
// decoded. // decoded.
// //
// This decrypt is only applicable to key transport recipients. // This decrypt is only applicable to key transport recipients.
// //
// hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec == // hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec ==
// 0, defaults to AT_KEYEXCHANGE. // 0, defaults to AT_KEYEXCHANGE.
// //
skipping to change at line 7968 skipping to change at line 8385
// ie. verify that pbSignerInfoCountersignature contains the encrypted // ie. verify that pbSignerInfoCountersignature contains the encrypted
// hash of the encryptedDigest field of pbSignerInfo. // hash of the encryptedDigest field of pbSignerInfo.
// //
// hCryptProv is used to hash the encryptedDigest field of pbSignerInfo. // hCryptProv is used to hash the encryptedDigest field of pbSignerInfo.
// The only fields referenced from pciCountersigner are SerialNumber, Issuer, // The only fields referenced from pciCountersigner are SerialNumber, Issuer,
// and SubjectPublicKeyInfo. // and SubjectPublicKeyInfo.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CryptMsgVerifyCountersignatureEncoded( CryptMsgVerifyCountersignatureEncoded(
__in_opt HCRYPTPROV_LEGACY hCryptProv, _In_opt_ HCRYPTPROV_LEGACY hCryptProv,
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in_bcount(cbSignerInfo) PBYTE pbSignerInfo, _In_reads_bytes_(cbSignerInfo) PBYTE pbSignerInfo,
__in DWORD cbSignerInfo, _In_ DWORD cbSignerInfo,
__in_bcount(cbSignerInfoCountersignature) PBYTE pbSignerInfoCountersignature _In_reads_bytes_(cbSignerInfoCountersignature) PBYTE pbSignerInfoCountersign
, ature,
__in DWORD cbSignerInfoCountersignature, _In_ DWORD cbSignerInfoCountersignature,
__in PCERT_INFO pciCountersigner _In_ PCERT_INFO pciCountersigner
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a countersignature, at the SignerInfo level. // Verify a countersignature, at the SignerInfo level.
// ie. verify that pbSignerInfoCountersignature contains the encrypted // ie. verify that pbSignerInfoCountersignature contains the encrypted
// hash of the encryptedDigest field of pbSignerInfo. // hash of the encryptedDigest field of pbSignerInfo.
// //
// hCryptProv is used to hash the encryptedDigest field of pbSignerInfo. // hCryptProv is used to hash the encryptedDigest field of pbSignerInfo.
// //
// The signer can be a CERT_PUBLIC_KEY_INFO, certificate context or a // The signer can be a CERT_PUBLIC_KEY_INFO, certificate context or a
// chain context. // chain context.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CryptMsgVerifyCountersignatureEncodedEx( CryptMsgVerifyCountersignatureEncodedEx(
__in_opt HCRYPTPROV_LEGACY hCryptProv, _In_opt_ HCRYPTPROV_LEGACY hCryptProv,
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in_bcount(cbSignerInfo) PBYTE pbSignerInfo, _In_reads_bytes_(cbSignerInfo) PBYTE pbSignerInfo,
__in DWORD cbSignerInfo, _In_ DWORD cbSignerInfo,
__in_bcount(cbSignerInfoCountersignature) PBYTE pbSignerInfoCountersignature _In_reads_bytes_(cbSignerInfoCountersignature) PBYTE pbSignerInfoCountersign
, ature,
__in DWORD cbSignerInfoCountersignature, _In_ DWORD cbSignerInfoCountersignature,
__in DWORD dwSignerType, _In_ DWORD dwSignerType,
__in void *pvSigner, _In_ void *pvSigner,
__reserved DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Inout_opt_ void *pvExtra
); );
// See CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA for dwSignerType definitions // See CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA for dwSignerType definitions
// When set, pvExtra points to const CERT_STRONG_SIGN_PARA struct
#define CMSG_VERIFY_COUNTER_SIGN_ENABLE_STRONG_FLAG 0x00000001
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Countersign an already-existing signature in a message // Countersign an already-existing signature in a message
// //
// dwIndex is a zero-based index of the SignerInfo to be countersigned. // dwIndex is a zero-based index of the SignerInfo to be countersigned.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CryptMsgCountersign( CryptMsgCountersign(
__in HCRYPTMSG hCryptMsg, _In_ HCRYPTMSG hCryptMsg,
__in DWORD dwIndex, _In_ DWORD dwIndex,
__in DWORD cCountersigners, _In_ DWORD cCountersigners,
__in_ecount(cCountersigners) PCMSG_SIGNER_ENCODE_INFO rgCountersigners _In_reads_(cCountersigners) PCMSG_SIGNER_ENCODE_INFO rgCountersigners
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Countersign an already-existing signature (encoded SignerInfo). // Countersign an already-existing signature (encoded SignerInfo).
// Output an encoded SignerInfo blob, suitable for use as a countersignature // Output an encoded SignerInfo blob, suitable for use as a countersignature
// attribute in the unauthenticated attributes of a signed-data or // attribute in the unauthenticated attributes of a signed-data or
// signed-and-enveloped-data message. // signed-and-enveloped-data message.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CryptMsgCountersignEncoded( CryptMsgCountersignEncoded(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in_bcount(cbSignerInfo) PBYTE pbSignerInfo, _In_reads_bytes_(cbSignerInfo) PBYTE pbSignerInfo,
__in DWORD cbSignerInfo, _In_ DWORD cbSignerInfo,
__in DWORD cCountersigners, _In_ DWORD cCountersigners,
__in_ecount(cCountersigners) PCMSG_SIGNER_ENCODE_INFO rgCountersigners, _In_reads_(cCountersigners) PCMSG_SIGNER_ENCODE_INFO rgCountersigners,
__out_bcount_part_opt(*pcbCountersignature, *pcbCountersignature) PBYTE pbCo _Out_writes_bytes_to_opt_(*pcbCountersignature, *pcbCountersignature) PBYTE
untersignature, pbCountersignature,
__inout PDWORD pcbCountersignature _Inout_ PDWORD pcbCountersignature
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CryptMsg OID installable functions // CryptMsg OID installable functions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef void * (WINAPI *PFN_CMSG_ALLOC) ( typedef void * (WINAPI *PFN_CMSG_ALLOC) (
__in size_t cb _In_ size_t cb
); );
typedef void (WINAPI *PFN_CMSG_FREE)( typedef void (WINAPI *PFN_CMSG_FREE)(
__inout void *pv _Inout_ void *pv
); );
// Note, the following 3 installable functions are obsolete and have been // Note, the following 3 installable functions are obsolete and have been
// replaced with GenContentEncryptKey, ExportKeyTrans, ExportKeyAgree, // replaced with GenContentEncryptKey, ExportKeyTrans, ExportKeyAgree,
// ExportMailList, ImportKeyTrans, ImportKeyAgree and ImportMailList // ExportMailList, ImportKeyTrans, ImportKeyAgree and ImportMailList
// installable functions. // installable functions.
// If *phCryptProv is NULL upon entry, then, if supported, the installable // If *phCryptProv is NULL upon entry, then, if supported, the installable
// function should acquire a default provider and return. Note, its up // function should acquire a default provider and return. Note, its up
// to the installable function to release at process detach. // to the installable function to release at process detach.
// //
// If paiEncrypt->Parameters.cbData is 0, then, the callback may optionally // If paiEncrypt->Parameters.cbData is 0, then, the callback may optionally
// return default encoded parameters in *ppbEncryptParameters and // return default encoded parameters in *ppbEncryptParameters and
// *pcbEncryptParameters. pfnAlloc must be called for the allocation. // *pcbEncryptParameters. pfnAlloc must be called for the allocation.
#define CMSG_OID_GEN_ENCRYPT_KEY_FUNC "CryptMsgDllGenEncryptKey" #define CMSG_OID_GEN_ENCRYPT_KEY_FUNC "CryptMsgDllGenEncryptKey"
typedef __success(return == TRUE) BOOL (WINAPI *PFN_CMSG_GEN_ENCRYPT_KEY) ( typedef _Success_(return != FALSE) BOOL (WINAPI *PFN_CMSG_GEN_ENCRYPT_KEY) (
__inout HCRYPTPROV *phCryptProv, _Inout_ HCRYPTPROV *phCryptProv,
__in PCRYPT_ALGORITHM_IDENTIFIER paiEncrypt, _In_ PCRYPT_ALGORITHM_IDENTIFIER paiEncrypt,
__in_opt PVOID pvEncryptAuxInfo, _In_opt_ PVOID pvEncryptAuxInfo,
__in PCERT_PUBLIC_KEY_INFO pPublicKeyInfo, _In_ PCERT_PUBLIC_KEY_INFO pPublicKeyInfo,
__callback PFN_CMSG_ALLOC pfnAlloc, __callback PFN_CMSG_ALLOC pfnAlloc,
__out HCRYPTKEY *phEncryptKey, _Out_ HCRYPTKEY *phEncryptKey,
__deref_out_bcount(*pcbEncryptParameters) PBYTE *ppbEncryptParameters, _Outptr_result_bytebuffer_(*pcbEncryptParameters) PBYTE *ppbEncryptParameter
__out PDWORD pcbEncryptParameters s,
_Out_ PDWORD pcbEncryptParameters
); );
#define CMSG_OID_EXPORT_ENCRYPT_KEY_FUNC "CryptMsgDllExportEncryptKey" #define CMSG_OID_EXPORT_ENCRYPT_KEY_FUNC "CryptMsgDllExportEncryptKey"
typedef BOOL (WINAPI *PFN_CMSG_EXPORT_ENCRYPT_KEY) ( typedef BOOL (WINAPI *PFN_CMSG_EXPORT_ENCRYPT_KEY) (
__in HCRYPTPROV hCryptProv, _In_ HCRYPTPROV hCryptProv,
__in HCRYPTKEY hEncryptKey, _In_ HCRYPTKEY hEncryptKey,
__in PCERT_PUBLIC_KEY_INFO pPublicKeyInfo, _In_ PCERT_PUBLIC_KEY_INFO pPublicKeyInfo,
__out_bcount_part_opt(*pcbData, *pcbData) PBYTE pbData, _Out_writes_bytes_to_opt_(*pcbData, *pcbData) PBYTE pbData,
__inout PDWORD pcbData _Inout_ PDWORD pcbData
); );
#define CMSG_OID_IMPORT_ENCRYPT_KEY_FUNC "CryptMsgDllImportEncryptKey" #define CMSG_OID_IMPORT_ENCRYPT_KEY_FUNC "CryptMsgDllImportEncryptKey"
typedef BOOL (WINAPI *PFN_CMSG_IMPORT_ENCRYPT_KEY) ( typedef BOOL (WINAPI *PFN_CMSG_IMPORT_ENCRYPT_KEY) (
__in HCRYPTPROV hCryptProv, _In_ HCRYPTPROV hCryptProv,
__in DWORD dwKeySpec, _In_ DWORD dwKeySpec,
__in PCRYPT_ALGORITHM_IDENTIFIER paiEncrypt, _In_ PCRYPT_ALGORITHM_IDENTIFIER paiEncrypt,
__in PCRYPT_ALGORITHM_IDENTIFIER paiPubKey, _In_ PCRYPT_ALGORITHM_IDENTIFIER paiPubKey,
__in_bcount(cbEncodedKey) PBYTE pbEncodedKey, _In_reads_bytes_(cbEncodedKey) PBYTE pbEncodedKey,
__in DWORD cbEncodedKey, _In_ DWORD cbEncodedKey,
__out HCRYPTKEY *phEncryptKey _Out_ HCRYPTKEY *phEncryptKey
); );
// To get the default installable function for GenContentEncryptKey, // To get the default installable function for GenContentEncryptKey,
// ExportKeyTrans, ExportKeyAgree, ExportMailList, ImportKeyTrans, // ExportKeyTrans, ExportKeyAgree, ExportMailList, ImportKeyTrans,
// ImportKeyAgree or ImportMailList call CryptGetOIDFunctionAddress() // ImportKeyAgree or ImportMailList call CryptGetOIDFunctionAddress()
// with the pszOID argument set to the following constant. dwEncodingType // with the pszOID argument set to the following constant. dwEncodingType
// should be set to CRYPT_ASN_ENCODING or X509_ASN_ENCODING. // should be set to CRYPT_ASN_ENCODING or X509_ASN_ENCODING.
#define CMSG_DEFAULT_INSTALLABLE_FUNC_OID ((LPCSTR) 1) #define CMSG_DEFAULT_INSTALLABLE_FUNC_OID ((LPCSTR) 1)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 8203 skipping to change at line 8623
// pfnFree must be used for doing the allocation. // pfnFree must be used for doing the allocation.
// //
// ContentEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress. // ContentEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The following CAPI1 installable function is called when fCNG == FALSE. // The following CAPI1 installable function is called when fCNG == FALSE.
#define CMSG_OID_GEN_CONTENT_ENCRYPT_KEY_FUNC "CryptMsgDllGenContentEncryptKey" #define CMSG_OID_GEN_CONTENT_ENCRYPT_KEY_FUNC "CryptMsgDllGenContentEncryptKey"
#define CMSG_OID_CAPI1_GEN_CONTENT_ENCRYPT_KEY_FUNC CMSG_OID_GEN_CONTENT_ENCRYPT _KEY_FUNC #define CMSG_OID_CAPI1_GEN_CONTENT_ENCRYPT_KEY_FUNC CMSG_OID_GEN_CONTENT_ENCRYPT _KEY_FUNC
typedef BOOL (WINAPI *PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY) ( typedef BOOL (WINAPI *PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY) (
__inout PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo, _Inout_ PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
// The following installable function is called when fCNG == TRUE. It has the // The following installable function is called when fCNG == TRUE. It has the
// same API signature as for the above // same API signature as for the above
// CMSG_OID_CAPI1_GEN_CONTENT_ENCRYPT_KEY_FUNC. // CMSG_OID_CAPI1_GEN_CONTENT_ENCRYPT_KEY_FUNC.
#define CMSG_OID_CNG_GEN_CONTENT_ENCRYPT_KEY_FUNC "CryptMsgDllCNGGenContentEncr yptKey" #define CMSG_OID_CNG_GEN_CONTENT_ENCRYPT_KEY_FUNC "CryptMsgDllCNGGenContentEncr yptKey"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Key Transport Encrypt Info // Key Transport Encrypt Info
// //
skipping to change at line 8260 skipping to change at line 8680
// for doing the allocation. // for doing the allocation.
// //
// KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress. // KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The following CAPI1 installable function is called when // The following CAPI1 installable function is called when
// pContentEncryptInfo->fCNG == FALSE. // pContentEncryptInfo->fCNG == FALSE.
#define CMSG_OID_EXPORT_KEY_TRANS_FUNC "CryptMsgDllExportKeyTrans" #define CMSG_OID_EXPORT_KEY_TRANS_FUNC "CryptMsgDllExportKeyTrans"
#define CMSG_OID_CAPI1_EXPORT_KEY_TRANS_FUNC CMSG_OID_EXPORT_KEY_TRANS_FUNC #define CMSG_OID_CAPI1_EXPORT_KEY_TRANS_FUNC CMSG_OID_EXPORT_KEY_TRANS_FUNC
typedef BOOL (WINAPI *PFN_CMSG_EXPORT_KEY_TRANS) ( typedef BOOL (WINAPI *PFN_CMSG_EXPORT_KEY_TRANS) (
__in PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo, _In_ PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo,
__in PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO pKeyTransEncodeInfo, _In_ PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO pKeyTransEncodeInfo,
__inout PCMSG_KEY_TRANS_ENCRYPT_INFO pKeyTransEncryptInfo, _Inout_ PCMSG_KEY_TRANS_ENCRYPT_INFO pKeyTransEncryptInfo,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
// The following CNG installable function is called when // The following CNG installable function is called when
// pContentEncryptInfo->fCNG == TRUE. It has the same API signature as for // pContentEncryptInfo->fCNG == TRUE. It has the same API signature as for
// the above CMSG_OID_CAPI1_EXPORT_KEY_TRANS_FUNC. // the above CMSG_OID_CAPI1_EXPORT_KEY_TRANS_FUNC.
#define CMSG_OID_CNG_EXPORT_KEY_TRANS_FUNC "CryptMsgDllCNGExportKeyTrans" #define CMSG_OID_CNG_EXPORT_KEY_TRANS_FUNC "CryptMsgDllCNGExportKeyTrans"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Key Agree Key Encrypt Info // Key Agree Key Encrypt Info
// //
skipping to change at line 8366 skipping to change at line 8786
// ContentEncryptInfo must be used for doing the allocation. // ContentEncryptInfo must be used for doing the allocation.
// //
// KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress. // KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The following CAPI1 installable function is called when // The following CAPI1 installable function is called when
// pContentEncryptInfo->fCNG == FALSE. // pContentEncryptInfo->fCNG == FALSE.
#define CMSG_OID_EXPORT_KEY_AGREE_FUNC "CryptMsgDllExportKeyAgree" #define CMSG_OID_EXPORT_KEY_AGREE_FUNC "CryptMsgDllExportKeyAgree"
#define CMSG_OID_CAPI1_EXPORT_KEY_AGREE_FUNC CMSG_OID_EXPORT_KEY_AGREE_FUNC #define CMSG_OID_CAPI1_EXPORT_KEY_AGREE_FUNC CMSG_OID_EXPORT_KEY_AGREE_FUNC
typedef BOOL (WINAPI *PFN_CMSG_EXPORT_KEY_AGREE) ( typedef BOOL (WINAPI *PFN_CMSG_EXPORT_KEY_AGREE) (
__in PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo, _In_ PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo,
__in PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO pKeyAgreeEncodeInfo, _In_ PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO pKeyAgreeEncodeInfo,
__inout PCMSG_KEY_AGREE_ENCRYPT_INFO pKeyAgreeEncryptInfo, _Inout_ PCMSG_KEY_AGREE_ENCRYPT_INFO pKeyAgreeEncryptInfo,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
// The following CNG installable function is called when // The following CNG installable function is called when
// pContentEncryptInfo->fCNG == TRUE. It has the same API signature as for // pContentEncryptInfo->fCNG == TRUE. It has the same API signature as for
// the above CMSG_OID_CAPI1_EXPORT_KEY_AGREE_FUNC. // the above CMSG_OID_CAPI1_EXPORT_KEY_AGREE_FUNC.
#define CMSG_OID_CNG_EXPORT_KEY_AGREE_FUNC "CryptMsgDllCNGExportKeyAgree" #define CMSG_OID_CNG_EXPORT_KEY_AGREE_FUNC "CryptMsgDllCNGExportKeyAgree"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Mail List Encrypt Info // Mail List Encrypt Info
// //
skipping to change at line 8426 skipping to change at line 8846
// //
// KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress. // KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
// //
// Note, only has a CAPI1 installable function. No CNG installable function. // Note, only has a CAPI1 installable function. No CNG installable function.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The following CAPI1 installable function is called when // The following CAPI1 installable function is called when
// pContentEncryptInfo->fCNG == FALSE. // pContentEncryptInfo->fCNG == FALSE.
#define CMSG_OID_EXPORT_MAIL_LIST_FUNC "CryptMsgDllExportMailList" #define CMSG_OID_EXPORT_MAIL_LIST_FUNC "CryptMsgDllExportMailList"
#define CMSG_OID_CAPI1_EXPORT_MAIL_LIST_FUNC CMSG_OID_EXPORT_MAIL_LIST_FUNC #define CMSG_OID_CAPI1_EXPORT_MAIL_LIST_FUNC CMSG_OID_EXPORT_MAIL_LIST_FUNC
typedef BOOL (WINAPI *PFN_CMSG_EXPORT_MAIL_LIST) ( typedef BOOL (WINAPI *PFN_CMSG_EXPORT_MAIL_LIST) (
__in PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo, _In_ PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo,
__in PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO pMailListEncodeInfo, _In_ PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO pMailListEncodeInfo,
__inout PCMSG_MAIL_LIST_ENCRYPT_INFO pMailListEncryptInfo, _Inout_ PCMSG_MAIL_LIST_ENCRYPT_INFO pMailListEncryptInfo,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CAPI1 OID Installable functions for importing an encoded and encrypted // CAPI1 OID Installable functions for importing an encoded and encrypted
// content encryption key. // content encryption key.
// //
// There's a different installable function for each CMS Recipient choice: // There's a different installable function for each CMS Recipient choice:
// ImportKeyTrans // ImportKeyTrans
// ImportKeyAgree // ImportKeyAgree
// ImportMailList // ImportMailList
skipping to change at line 8454 skipping to change at line 8874
// KeyEncryptionOID // KeyEncryptionOID
// ContentEncryptionOID // ContentEncryptionOID
// //
// If the OID installable function doesn't support the specified // If the OID installable function doesn't support the specified
// KeyEncryption and ContentEncryption OIDs, then, return FALSE with // KeyEncryption and ContentEncryption OIDs, then, return FALSE with
// LastError set to E_NOTIMPL. // LastError set to E_NOTIMPL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMSG_OID_IMPORT_KEY_TRANS_FUNC "CryptMsgDllImportKeyTrans" #define CMSG_OID_IMPORT_KEY_TRANS_FUNC "CryptMsgDllImportKeyTrans"
#define CMSG_OID_CAPI1_IMPORT_KEY_TRANS_FUNC CMSG_OID_IMPORT_KEY_TRANS_FUNC #define CMSG_OID_CAPI1_IMPORT_KEY_TRANS_FUNC CMSG_OID_IMPORT_KEY_TRANS_FUNC
typedef BOOL (WINAPI *PFN_CMSG_IMPORT_KEY_TRANS) ( typedef BOOL (WINAPI *PFN_CMSG_IMPORT_KEY_TRANS) (
__in PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm, _In_ PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm,
__in PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA pKeyTransDecryptPara, _In_ PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA pKeyTransDecryptPara,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__out HCRYPTKEY *phContentEncryptKey _Out_ HCRYPTKEY *phContentEncryptKey
); );
#define CMSG_OID_IMPORT_KEY_AGREE_FUNC "CryptMsgDllImportKeyAgree" #define CMSG_OID_IMPORT_KEY_AGREE_FUNC "CryptMsgDllImportKeyAgree"
#define CMSG_OID_CAPI1_IMPORT_KEY_AGREE_FUNC CMSG_OID_IMPORT_KEY_AGREE_FUNC #define CMSG_OID_CAPI1_IMPORT_KEY_AGREE_FUNC CMSG_OID_IMPORT_KEY_AGREE_FUNC
typedef BOOL (WINAPI *PFN_CMSG_IMPORT_KEY_AGREE) ( typedef BOOL (WINAPI *PFN_CMSG_IMPORT_KEY_AGREE) (
__in PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm, _In_ PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm,
__in PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA pKeyAgreeDecryptPara, _In_ PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA pKeyAgreeDecryptPara,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__out HCRYPTKEY *phContentEncryptKey _Out_ HCRYPTKEY *phContentEncryptKey
); );
#define CMSG_OID_IMPORT_MAIL_LIST_FUNC "CryptMsgDllImportMailList" #define CMSG_OID_IMPORT_MAIL_LIST_FUNC "CryptMsgDllImportMailList"
#define CMSG_OID_CAPI1_IMPORT_MAIL_LIST_FUNC CMSG_OID_IMPORT_MAIL_LIST_FUNC #define CMSG_OID_CAPI1_IMPORT_MAIL_LIST_FUNC CMSG_OID_IMPORT_MAIL_LIST_FUNC
typedef BOOL (WINAPI *PFN_CMSG_IMPORT_MAIL_LIST) ( typedef BOOL (WINAPI *PFN_CMSG_IMPORT_MAIL_LIST) (
__in PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm, _In_ PCRYPT_ALGORITHM_IDENTIFIER pContentEncryptionAlgorithm,
__in PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA pMailListDecryptPara, _In_ PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA pMailListDecryptPara,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__out HCRYPTKEY *phContentEncryptKey _Out_ HCRYPTKEY *phContentEncryptKey
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CNG Content Decrypt Info // CNG Content Decrypt Info
// //
// The following data structure contains the information shared between // The following data structure contains the information shared between
// CNGImportKeyTrans, CNGImportKeyAgree and CNGImportContentEncryptKey // CNGImportKeyTrans, CNGImportKeyAgree and CNGImportContentEncryptKey
// installable functions. // installable functions.
// //
// pbContentEncryptKey and pbCNGContentEncryptKeyObject are allocated // pbContentEncryptKey and pbCNGContentEncryptKeyObject are allocated
skipping to change at line 8527 skipping to change at line 8947
// pbContentEncryptKey (pfnAlloc'ed) // pbContentEncryptKey (pfnAlloc'ed)
// cbContentEncryptKey // cbContentEncryptKey
// //
// All other fields in the CNGContentEncryptInfo are READONLY. // All other fields in the CNGContentEncryptInfo are READONLY.
// //
// pKeyTransDecryptPara->pKeyTrans->KeyEncryptionAlgorithm.pszObjId is used // pKeyTransDecryptPara->pKeyTrans->KeyEncryptionAlgorithm.pszObjId is used
// to get the OIDFunctionAddress. // to get the OIDFunctionAddress.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMSG_OID_CNG_IMPORT_KEY_TRANS_FUNC "CryptMsgDllCNGImportKeyTrans" #define CMSG_OID_CNG_IMPORT_KEY_TRANS_FUNC "CryptMsgDllCNGImportKeyTrans"
typedef BOOL (WINAPI *PFN_CMSG_CNG_IMPORT_KEY_TRANS) ( typedef BOOL (WINAPI *PFN_CMSG_CNG_IMPORT_KEY_TRANS) (
__inout PCMSG_CNG_CONTENT_DECRYPT_INFO pCNGContentDecryptInfo, _Inout_ PCMSG_CNG_CONTENT_DECRYPT_INFO pCNGContentDecryptInfo,
__in PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA pKeyTransDecryptPara, _In_ PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA pKeyTransDecryptPara,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CNG OID Installable function for importing and decrypting a key agreement // CNG OID Installable function for importing and decrypting a key agreement
// recipient encrypted content encryption key. // recipient encrypted content encryption key.
// //
// Upon input, CNGContentDecryptInfo has been initialized. // Upon input, CNGContentDecryptInfo has been initialized.
// //
// The following fields must be updated using hNCryptKey to decrypt // The following fields must be updated using hNCryptKey to decrypt
// pKeyAgreeDecryptPara->pKeyAgree->rgpRecipientEncryptedKeys[ // pKeyAgreeDecryptPara->pKeyAgree->rgpRecipientEncryptedKeys[
skipping to change at line 8552 skipping to change at line 8972
// pbContentEncryptKey (pfnAlloc'ed) // pbContentEncryptKey (pfnAlloc'ed)
// cbContentEncryptKey // cbContentEncryptKey
// //
// All other fields in the CNGContentEncryptInfo are READONLY. // All other fields in the CNGContentEncryptInfo are READONLY.
// //
// pKeyAgreeDecryptPara->pKeyAgree->KeyEncryptionAlgorithm.pszObjId is used // pKeyAgreeDecryptPara->pKeyAgree->KeyEncryptionAlgorithm.pszObjId is used
// to get the OIDFunctionAddress. // to get the OIDFunctionAddress.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMSG_OID_CNG_IMPORT_KEY_AGREE_FUNC "CryptMsgDllCNGImportKeyAgree" #define CMSG_OID_CNG_IMPORT_KEY_AGREE_FUNC "CryptMsgDllCNGImportKeyAgree"
typedef BOOL (WINAPI *PFN_CMSG_CNG_IMPORT_KEY_AGREE) ( typedef BOOL (WINAPI *PFN_CMSG_CNG_IMPORT_KEY_AGREE) (
__inout PCMSG_CNG_CONTENT_DECRYPT_INFO pCNGContentDecryptInfo, _Inout_ PCMSG_CNG_CONTENT_DECRYPT_INFO pCNGContentDecryptInfo,
__in PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA pKeyAgreeDecryptPara, _In_ PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA pKeyAgreeDecryptPara,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CNG OID Installable function for importing an already decrypted // CNG OID Installable function for importing an already decrypted
// content encryption key. // content encryption key.
// //
// Upon input, CNGContentDecryptInfo has been initialized. // Upon input, CNGContentDecryptInfo has been initialized.
// //
// The following fields must be updated using pbContentEncryptKey and // The following fields must be updated using pbContentEncryptKey and
// cbContentEncryptKey: // cbContentEncryptKey:
skipping to change at line 8577 skipping to change at line 8997
// pbCNGContentEncryptKeyObject (pfnAlloc'ed) // pbCNGContentEncryptKeyObject (pfnAlloc'ed)
// //
// The hCNGContentEncryptKey will be destroyed when hCryptMsg is closed. // The hCNGContentEncryptKey will be destroyed when hCryptMsg is closed.
// //
// All other fields in the CNGContentEncryptInfo are READONLY. // All other fields in the CNGContentEncryptInfo are READONLY.
// //
// ContentEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress. // ContentEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CMSG_OID_CNG_IMPORT_CONTENT_ENCRYPT_KEY_FUNC "CryptMsgDllCNGImportConte ntEncryptKey" #define CMSG_OID_CNG_IMPORT_CONTENT_ENCRYPT_KEY_FUNC "CryptMsgDllCNGImportConte ntEncryptKey"
typedef BOOL (WINAPI *PFN_CMSG_CNG_IMPORT_CONTENT_ENCRYPT_KEY) ( typedef BOOL (WINAPI *PFN_CMSG_CNG_IMPORT_CONTENT_ENCRYPT_KEY) (
__inout PCMSG_CNG_CONTENT_DECRYPT_INFO pCNGContentDecryptInfo, _Inout_ PCMSG_CNG_CONTENT_DECRYPT_INFO pCNGContentDecryptInfo,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
//+========================================================================= //+=========================================================================
// Certificate Store Data Structures and APIs // Certificate Store Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// In its most basic implementation, a cert store is simply a // In its most basic implementation, a cert store is simply a
// collection of certificates and/or CRLs. This is the case when // collection of certificates and/or CRLs. This is the case when
// a cert store is opened with all of its certificates and CRLs // a cert store is opened with all of its certificates and CRLs
skipping to change at line 8655 skipping to change at line 9075
// If these properties don't already exist, then, a hash of the // If these properties don't already exist, then, a hash of the
// content is computed. (CERT_HASH_PROP_ID maps to the default // content is computed. (CERT_HASH_PROP_ID maps to the default
// hash algorithm, currently, CERT_SHA1_HASH_PROP_ID). // hash algorithm, currently, CERT_SHA1_HASH_PROP_ID).
// //
// There are additional APIs for creating certificate and CRL // There are additional APIs for creating certificate and CRL
// contexts not in a store (CertCreateCertificateContext and // contexts not in a store (CertCreateCertificateContext and
// CertCreateCRLContext). // CertCreateCRLContext).
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#pragma region Application Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
typedef void *HCERTSTORE; typedef void *HCERTSTORE;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate context. // Certificate context.
// //
// A certificate context contains both the encoded and decoded representation // A certificate context contains both the encoded and decoded representation
// of a certificate. A certificate context returned by a cert store function // of a certificate. A certificate context returned by a cert store function
// must be freed by calling the CertFreeCertificateContext function. The // must be freed by calling the CertFreeCertificateContext function. The
// CertDuplicateCertificateContext function can be called to make a duplicate // CertDuplicateCertificateContext function can be called to make a duplicate
// copy (which also must be freed by calling CertFreeCertificateContext). // copy (which also must be freed by calling CertFreeCertificateContext).
skipping to change at line 8677 skipping to change at line 9103
typedef struct _CERT_CONTEXT { typedef struct _CERT_CONTEXT {
DWORD dwCertEncodingType; DWORD dwCertEncodingType;
BYTE *pbCertEncoded; BYTE *pbCertEncoded;
DWORD cbCertEncoded; DWORD cbCertEncoded;
PCERT_INFO pCertInfo; PCERT_INFO pCertInfo;
HCERTSTORE hCertStore; HCERTSTORE hCertStore;
} CERT_CONTEXT, *PCERT_CONTEXT; } CERT_CONTEXT, *PCERT_CONTEXT;
typedef const CERT_CONTEXT *PCCERT_CONTEXT; typedef const CERT_CONTEXT *PCCERT_CONTEXT;
// certenrolls_end // certenrolls_end
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) */
#pragma endregion
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRL context. // CRL context.
// //
// A CRL context contains both the encoded and decoded representation // A CRL context contains both the encoded and decoded representation
// of a CRL. A CRL context returned by a cert store function // of a CRL. A CRL context returned by a cert store function
// must be freed by calling the CertFreeCRLContext function. The // must be freed by calling the CertFreeCRLContext function. The
// CertDuplicateCRLContext function can be called to make a duplicate // CertDuplicateCRLContext function can be called to make a duplicate
// copy (which also must be freed by calling CertFreeCRLContext). // copy (which also must be freed by calling CertFreeCRLContext).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRL_CONTEXT { typedef struct _CRL_CONTEXT {
skipping to change at line 8752 skipping to change at line 9184
#define CERT_EFS_PROP_ID 17 #define CERT_EFS_PROP_ID 17
#define CERT_FORTEZZA_DATA_PROP_ID 18 #define CERT_FORTEZZA_DATA_PROP_ID 18
#define CERT_ARCHIVED_PROP_ID 19 #define CERT_ARCHIVED_PROP_ID 19
#define CERT_KEY_IDENTIFIER_PROP_ID 20 #define CERT_KEY_IDENTIFIER_PROP_ID 20
#define CERT_AUTO_ENROLL_PROP_ID 21 // string:Template name #define CERT_AUTO_ENROLL_PROP_ID 21 // string:Template name
#define CERT_PUBKEY_ALG_PARA_PROP_ID 22 #define CERT_PUBKEY_ALG_PARA_PROP_ID 22
#define CERT_CROSS_CERT_DIST_POINTS_PROP_ID 23 #define CERT_CROSS_CERT_DIST_POINTS_PROP_ID 23
#define CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID 24 #define CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID 24
#define CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID 25 #define CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID 25
#define CERT_ENROLLMENT_PROP_ID 26 // RequestId+CADNS+CACN+Friendly Name #define CERT_ENROLLMENT_PROP_ID 26 // RequestId+CADNS+CACN+Friendly Name
#define CERT_DATE_STAMP_PROP_ID 27 #define CERT_DATE_STAMP_PROP_ID 27 // FILETIME
#define CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID 28 #define CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID 28
#define CERT_SUBJECT_NAME_MD5_HASH_PROP_ID 29 #define CERT_SUBJECT_NAME_MD5_HASH_PROP_ID 29
#define CERT_EXTENDED_ERROR_INFO_PROP_ID 30 // string #define CERT_EXTENDED_ERROR_INFO_PROP_ID 30 // string
// Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs. // Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs.
// 36 - 62 are reserved for future element IDs. // 36 - 62 are reserved for future element IDs.
#define CERT_RENEWAL_PROP_ID 64 #define CERT_RENEWAL_PROP_ID 64
#define CERT_ARCHIVED_KEY_HASH_PROP_ID 65 // Encrypted key hash #define CERT_ARCHIVED_KEY_HASH_PROP_ID 65 // Encrypted key hash
#define CERT_AUTO_ENROLL_RETRY_PROP_ID 66 // AE_RETRY_INFO:cb+cRetry+FILETI ME #define CERT_AUTO_ENROLL_RETRY_PROP_ID 66 // AE_RETRY_INFO:cb+cRetry+FILETI ME
skipping to change at line 8786 skipping to change at line 9218
#define CERT_SUBJECT_INFO_ACCESS_PROP_ID 80 #define CERT_SUBJECT_INFO_ACCESS_PROP_ID 80
#define CERT_CA_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 81 #define CERT_CA_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 81
#define CERT_CA_DISABLE_CRL_PROP_ID 82 #define CERT_CA_DISABLE_CRL_PROP_ID 82
#define CERT_ROOT_PROGRAM_CERT_POLICIES_PROP_ID 83 #define CERT_ROOT_PROGRAM_CERT_POLICIES_PROP_ID 83
#define CERT_ROOT_PROGRAM_NAME_CONSTRAINTS_PROP_ID 84 #define CERT_ROOT_PROGRAM_NAME_CONSTRAINTS_PROP_ID 84
#define CERT_SUBJECT_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 85 #define CERT_SUBJECT_OCSP_AUTHORITY_INFO_ACCESS_PROP_ID 85
#define CERT_SUBJECT_DISABLE_CRL_PROP_ID 86 #define CERT_SUBJECT_DISABLE_CRL_PROP_ID 86
#define CERT_CEP_PROP_ID 87 // Version+PropFlags+AuthType+Url Flags+CESAuthType+Url+Id+CESUrl+ReqId #define CERT_CEP_PROP_ID 87 // Version+PropFlags+AuthType+Url Flags+CESAuthType+Url+Id+CESUrl+ReqId
// 88 reserved, originally used for CERT_CEP_PROP_ID // 88 reserved, originally used for CERT_CEP_PROP_ID
#define CERT_SIGN_HASH_CNG_ALG_PROP_ID 89
#define CERT_SIGN_HASH_CNG_ALG_PROP_ID 89 // eg: "RSA/SHA1"
#define CERT_SCARD_PIN_ID_PROP_ID 90 #define CERT_SCARD_PIN_ID_PROP_ID 90
#define CERT_SCARD_PIN_INFO_PROP_ID 91 #define CERT_SCARD_PIN_INFO_PROP_ID 91
#define CERT_FIRST_RESERVED_PROP_ID 92 #define CERT_SUBJECT_PUB_KEY_BIT_LENGTH_PROP_ID 92
#define CERT_PUB_KEY_CNG_ALG_BIT_LENGTH_PROP_ID 93
#define CERT_ISSUER_PUB_KEY_BIT_LENGTH_PROP_ID 94
#define CERT_ISSUER_CHAIN_SIGN_HASH_CNG_ALG_PROP_ID 95
#define CERT_ISSUER_CHAIN_PUB_KEY_CNG_ALG_BIT_LENGTH_PROP_ID 96
#define CERT_NO_EXPIRE_NOTIFICATION_PROP_ID 97
// Following property isn't implicitly created via a GetProperty.
#define CERT_AUTH_ROOT_SHA256_HASH_PROP_ID 98
#define CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID 99
#define CERT_HCRYPTPROV_TRANSFER_PROP_ID 100
// Smart card reader image path
#define CERT_SMART_CARD_READER_PROP_ID 101 //string
// Send as trusted issuer
#define CERT_SEND_AS_TRUSTED_ISSUER_PROP_ID 102 //boolean
#define CERT_KEY_REPAIR_ATTEMPTED_PROP_ID 103 // FILETME
#define CERT_DISALLOWED_FILETIME_PROP_ID 104
#define CERT_ROOT_PROGRAM_CHAIN_POLICIES_PROP_ID 105
// Smart card reader removable capabilities
#define CERT_SMART_CARD_READER_NON_REMOVABLE_PROP_ID 106 // boolean
#define CERT_SHA256_HASH_PROP_ID 107
#define CERT_SCEP_SERVER_CERTS_PROP_ID 108 // Pkcs7
#define CERT_SCEP_RA_SIGNATURE_CERT_PROP_ID 109 // sha1 Thumbprint
#define CERT_SCEP_RA_ENCRYPTION_CERT_PROP_ID 110 // sha1 Thumbprint
#define CERT_SCEP_CA_CERT_PROP_ID 111 // sha1 Thumbprint
#define CERT_SCEP_SIGNER_CERT_PROP_ID 112 // sha1 Thumbprint
#define CERT_SCEP_NONCE_PROP_ID 113 // blob
// string: "CNGEncryptAlgId/CNGHashAlgId" example: "3DES/SHA1"
#define CERT_SCEP_ENCRYPT_HASH_CNG_ALG_PROP_ID 114
#define CERT_SCEP_FLAGS_PROP_ID 115 // DWORD
#define CERT_FIRST_RESERVED_PROP_ID 116
#define CERT_LAST_RESERVED_PROP_ID 0x00007FFF #define CERT_LAST_RESERVED_PROP_ID 0x00007FFF
#define CERT_FIRST_USER_PROP_ID 0x00008000 #define CERT_FIRST_USER_PROP_ID 0x00008000
#define CERT_LAST_USER_PROP_ID 0x0000FFFF #define CERT_LAST_USER_PROP_ID 0x0000FFFF
// certenrolld_end // certenrolld_end
#define IS_CERT_HASH_PROP_ID(X) (CERT_SHA1_HASH_PROP_ID == (X) || \ #define IS_CERT_HASH_PROP_ID(X) (CERT_SHA1_HASH_PROP_ID == (X) || \
CERT_MD5_HASH_PROP_ID == (X) || \ CERT_MD5_HASH_PROP_ID == (X) || \
CERT_SHA256_HASH_PROP_ID == (X) || \
CERT_SIGNATURE_HASH_PROP_ID == (X)) CERT_SIGNATURE_HASH_PROP_ID == (X))
#define IS_PUBKEY_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID = = (X) || \ #define IS_PUBKEY_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID = = (X) || \
CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID == (X)) CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID == (X))
#define IS_CHAIN_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || \ #define IS_CHAIN_HASH_PROP_ID(X) (CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || \
CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || \ CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID == (X) || \
CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ ID == (X) || \ CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ ID == (X) || \
CERT_SUBJECT_NAME_MD5_HASH_PROP_ID == (X )) CERT_SUBJECT_NAME_MD5_HASH_PROP_ID == (X ))
#define IS_STRONG_SIGN_PROP_ID(X) (CERT_SIGN_HASH_CNG_ALG_PROP_ID == (X) ||
\
CERT_SUBJECT_PUB_KEY_BIT_LENGTH_PROP_ID
== (X) || \
CERT_PUB_KEY_CNG_ALG_BIT_LENGTH_PROP_ID
== (X))
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Property OIDs // Property OIDs
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The OID component following the prefix contains the PROP_ID (decimal) // The OID component following the prefix contains the PROP_ID (decimal)
#define szOID_CERT_PROP_ID_PREFIX "1.3.6.1.4.1.311.10.11." #define szOID_CERT_PROP_ID_PREFIX "1.3.6.1.4.1.311.10.11."
#define _szPROP_ID(PropId) #PropId #define _szPROP_ID(PropId) #PropId
// Ansi OID string from Property Id: // Ansi OID string from Property Id:
#define szOID_CERT_PROP_ID(PropId) szOID_CERT_PROP_ID_PREFIX _szPROP_ID(PropId) #define szOID_CERT_PROP_ID(PropId) szOID_CERT_PROP_ID_PREFIX _szPROP_ID(PropId)
skipping to change at line 8839 skipping to change at line 9319
// Use szOID_CERT_PROP_ID(CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID) instead: // Use szOID_CERT_PROP_ID(CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID) instead:
#define szOID_CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID \ #define szOID_CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID \
"1.3.6.1.4.1.311.10.11.28" "1.3.6.1.4.1.311.10.11.28"
// Use szOID_CERT_PROP_ID(CERT_SUBJECT_NAME_MD5_HASH_PROP_ID) instead: // Use szOID_CERT_PROP_ID(CERT_SUBJECT_NAME_MD5_HASH_PROP_ID) instead:
#define szOID_CERT_SUBJECT_NAME_MD5_HASH_PROP_ID \ #define szOID_CERT_SUBJECT_NAME_MD5_HASH_PROP_ID \
"1.3.6.1.4.1.311.10.11.29" "1.3.6.1.4.1.311.10.11.29"
// Use szOID_CERT_PROP_ID(CERT_MD5_HASH_PROP_ID) instead: // Use szOID_CERT_PROP_ID(CERT_MD5_HASH_PROP_ID) instead:
#define szOID_CERT_MD5_HASH_PROP_ID "1.3.6.1.4.1.311.10.11.4" #define szOID_CERT_MD5_HASH_PROP_ID "1.3.6.1.4.1.311.10.11.4"
// Use szOID_CERT_PROP_ID(CERT_SIGNATURE_HASH_PROP_ID) instead:
#define szOID_CERT_SIGNATURE_HASH_PROP_ID "1.3.6.1.4.1.311.10.11.15"
// The CERT_SIGNATURE_HASH_PROP_ID and CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID
// properties are used for disallowed hashes.
#define szOID_DISALLOWED_HASH szOID_CERT_SIGNATURE_HASH_PROP_ID
// Use szOID_CERT_PROP_ID(CERT_DISALLOWED_FILETIME_PROP_ID) instead:
#define szOID_CERT_DISALLOWED_FILETIME_PROP_ID \
"1.3.6.1.4.1.311.10.11.104"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Access State flags returned by CERT_ACCESS_STATE_PROP_ID. Note, // Access State flags returned by CERT_ACCESS_STATE_PROP_ID. Note,
// CERT_ACCESS_PROP_ID is read only. // CERT_ACCESS_PROP_ID is read only.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Set if context property writes are persisted. For instance, not set for // Set if context property writes are persisted. For instance, not set for
// memory store contexts. Set for registry based stores opened as read or write. // memory store contexts. Set for registry based stores opened as read or write.
// Not set for registry based stores opened as read only. // Not set for registry based stores opened as read only.
#define CERT_ACCESS_STATE_WRITE_PERSIST_FLAG 0x1 #define CERT_ACCESS_STATE_WRITE_PERSIST_FLAG 0x1
// Set if context resides in a SYSTEM or SYSTEM_REGISTRY store. // Set if context resides in a SYSTEM or SYSTEM_REGISTRY store.
#define CERT_ACCESS_STATE_SYSTEM_STORE_FLAG 0x2 #define CERT_ACCESS_STATE_SYSTEM_STORE_FLAG 0x2
// Set if context resides in a LocalMachine SYSTEM or SYSTEM_REGISTRY store. // Set if context resides in a LocalMachine SYSTEM or SYSTEM_REGISTRY store.
#define CERT_ACCESS_STATE_LM_SYSTEM_STORE_FLAG 0x4 #define CERT_ACCESS_STATE_LM_SYSTEM_STORE_FLAG 0x4
// Set if context resides in a GroupPolicy SYSTEM or SYSTEM_REGISTRY store. // Set if context resides in a GroupPolicy SYSTEM or SYSTEM_REGISTRY store.
#define CERT_ACCESS_STATE_GP_SYSTEM_STORE_FLAG 0x8 #define CERT_ACCESS_STATE_GP_SYSTEM_STORE_FLAG 0x8
// Set if context resides in a SHARED_USER physical store.
#define CERT_ACCESS_STATE_SHARED_USER_FLAG 0x10
//+-------------------------------------------------------------------------
// CERT_ROOT_PROGRAM_CHAIN_POLICIES_PROP_ID Property
//
// Encoded as an X509_ENHANCED_KEY_USAGE: sequence of Policy OIDs.
//--------------------------------------------------------------------------
// Supported Root Program Chain Policies:
#define szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION "1.3.6.1.4.1.311.60.3.1"
#define szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION "1.3.6.1.4.1.311.60.3.2"
#define szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL "1.3.6.1.4.1.311.60.3.3"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Cryptographic Key Provider Information // Cryptographic Key Provider Information
// //
// CRYPT_KEY_PROV_INFO defines the CERT_KEY_PROV_INFO_PROP_ID's pvData. // CRYPT_KEY_PROV_INFO defines the CERT_KEY_PROV_INFO_PROP_ID's pvData.
// //
// The CRYPT_KEY_PROV_INFO fields are passed to CryptAcquireContext // The CRYPT_KEY_PROV_INFO fields are passed to CryptAcquireContext
// to get a HCRYPTPROV handle. The optional CRYPT_KEY_PROV_PARAM fields are // to get a HCRYPTPROV handle. The optional CRYPT_KEY_PROV_PARAM fields are
// passed to CryptSetProvParam to further initialize the provider. // passed to CryptSetProvParam to further initialize the provider.
// //
// The dwKeySpec field identifies the private key to use from the container // The dwKeySpec field identifies the private key to use from the container
skipping to change at line 9053 skipping to change at line 9558
LPCWSTR pwszSystemStore; LPCWSTR pwszSystemStore;
} DUMMYUNIONNAME2; } DUMMYUNIONNAME2;
} CERT_SYSTEM_STORE_RELOCATE_PARA, *PCERT_SYSTEM_STORE_RELOCATE_PARA; } CERT_SYSTEM_STORE_RELOCATE_PARA, *PCERT_SYSTEM_STORE_RELOCATE_PARA;
// By default, when the CurrentUser "Root" store is opened, any SystemRegistry // By default, when the CurrentUser "Root" store is opened, any SystemRegistry
// roots not also on the protected root list are deleted from the cache before // roots not also on the protected root list are deleted from the cache before
// CertOpenStore() returns. Set the following flag to return all the roots // CertOpenStore() returns. Set the following flag to return all the roots
// in the SystemRegistry without checking the protected root list. // in the SystemRegistry without checking the protected root list.
#define CERT_SYSTEM_STORE_UNPROTECTED_FLAG 0x40000000 #define CERT_SYSTEM_STORE_UNPROTECTED_FLAG 0x40000000
#define CERT_SYSTEM_STORE_DEFER_READ_FLAG 0x20000000
// Location of the system store: // Location of the system store:
#define CERT_SYSTEM_STORE_LOCATION_MASK 0x00FF0000 #define CERT_SYSTEM_STORE_LOCATION_MASK 0x00FF0000
#define CERT_SYSTEM_STORE_LOCATION_SHIFT 16 #define CERT_SYSTEM_STORE_LOCATION_SHIFT 16
// Registry: HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE // Registry: HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE
#define CERT_SYSTEM_STORE_CURRENT_USER_ID 1 #define CERT_SYSTEM_STORE_CURRENT_USER_ID 1
#define CERT_SYSTEM_STORE_LOCAL_MACHINE_ID 2 #define CERT_SYSTEM_STORE_LOCAL_MACHINE_ID 2
// Registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services // Registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Services
#define CERT_SYSTEM_STORE_CURRENT_SERVICE_ID 4 #define CERT_SYSTEM_STORE_CURRENT_SERVICE_ID 4
#define CERT_SYSTEM_STORE_SERVICES_ID 5 #define CERT_SYSTEM_STORE_SERVICES_ID 5
skipping to change at line 9244 skipping to change at line 9751
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Registry path to the OCM Subcomponents local machine subkey // Registry path to the OCM Subcomponents local machine subkey
#define CERT_OCM_SUBCOMPONENTS_LOCAL_MACHINE_REGPATH \ #define CERT_OCM_SUBCOMPONENTS_LOCAL_MACHINE_REGPATH \
L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OC Manager\\Subcompon ents" L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OC Manager\\Subcompon ents"
// REG_DWORD, 1 is installed, 0 is NOT installed // REG_DWORD, 1 is installed, 0 is NOT installed
#define CERT_OCM_SUBCOMPONENTS_ROOT_AUTO_UPDATE_VALUE_NAME L"RootAutoUpdate" #define CERT_OCM_SUBCOMPONENTS_ROOT_AUTO_UPDATE_VALUE_NAME L"RootAutoUpdate"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// DisableRootAutoUpdate Defines // Root and Disallowed Certificate AutoUpdate Defines
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Registry path to the DisableRootAutoUpdate SubKey // Registry path to the DisableRootAutoUpdate SubKey
#define CERT_DISABLE_ROOT_AUTO_UPDATE_REGPATH \ #define CERT_DISABLE_ROOT_AUTO_UPDATE_REGPATH \
CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\AuthRoot" CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH L"\\AuthRoot"
// The following disables both Root and Disallowed Certificate AutoUpdate
// REG_DWORD Value Name, 1 - disables, 0 - enables // REG_DWORD Value Name, 1 - disables, 0 - enables
#define CERT_DISABLE_ROOT_AUTO_UPDATE_VALUE_NAME L"DisableRootAutoUpdate" #define CERT_DISABLE_ROOT_AUTO_UPDATE_VALUE_NAME L"DisableRootAutoUpdate"
// The following enables Disallowed Certificate AutoUpdate. It takes precedence
// over the above registry setting.
// REG_DWORD Value Name, 1 - enables
#define CERT_ENABLE_DISALLOWED_CERT_AUTO_UPDATE_VALUE_NAME L"EnableDisallowedCer
tAutoUpdate"
//+-------------------------------------------------------------------------
// Auto Update Definitions
//--------------------------------------------------------------------------
// Registry path to the "Auto Update" local machine subkey
#define CERT_AUTO_UPDATE_LOCAL_MACHINE_REGPATH \
CERT_LOCAL_MACHINE_SYSTEM_STORE_REGPATH L"\\AuthRoot\\AutoUpdate"
// Auto Update subkey value names.
// REG_SZ, URL to the directory containing the AutoUpdate files
#define CERT_AUTO_UPDATE_ROOT_DIR_URL_VALUE_NAME L"RootDirUrl"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// AuthRoot Auto Update Definitions // AuthRoot Auto Update Definitions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Registry path to the AuthRoot "Auto Update" local machine subkey // Registry path to the AuthRoot "Auto Update" local machine subkey
#define CERT_AUTH_ROOT_AUTO_UPDATE_LOCAL_MACHINE_REGPATH \ #define CERT_AUTH_ROOT_AUTO_UPDATE_LOCAL_MACHINE_REGPATH \
CERT_LOCAL_MACHINE_SYSTEM_STORE_REGPATH L"\\AuthRoot\\AutoUpdate" CERT_AUTO_UPDATE_LOCAL_MACHINE_REGPATH
// AuthRoot Auto Update subkey value names. // AuthRoot Auto Update subkey value names.
// REG_SZ, URL to the directory containing the AuthRoots, CTL and Seq files // REG_SZ, URL to the directory containing the AuthRoots, CTL and Seq files
#define CERT_AUTH_ROOT_AUTO_UPDATE_ROOT_DIR_URL_VALUE_NAME L"RootDirUrl" #define CERT_AUTH_ROOT_AUTO_UPDATE_ROOT_DIR_URL_VALUE_NAME \
CERT_AUTO_UPDATE_ROOT_DIR_URL_VALUE_NAME
// REG_DWORD, seconds between syncs. 0 implies use default. // REG_DWORD, seconds between syncs. 0 implies use default.
#define CERT_AUTH_ROOT_AUTO_UPDATE_SYNC_DELTA_TIME_VALUE_NAME L"SyncDeltaTime" #define CERT_AUTH_ROOT_AUTO_UPDATE_SYNC_DELTA_TIME_VALUE_NAME L"SyncDeltaTime"
// REG_DWORD, misc flags // REG_DWORD, misc flags
#define CERT_AUTH_ROOT_AUTO_UPDATE_FLAGS_VALUE_NAME L"Flags" #define CERT_AUTH_ROOT_AUTO_UPDATE_FLAGS_VALUE_NAME L"Flags"
#define CERT_AUTH_ROOT_AUTO_UPDATE_DISABLE_UNTRUSTED_ROOT_LOGGING_FLAG 0x1 #define CERT_AUTH_ROOT_AUTO_UPDATE_DISABLE_UNTRUSTED_ROOT_LOGGING_FLAG 0x1
#define CERT_AUTH_ROOT_AUTO_UPDATE_DISABLE_PARTIAL_CHAIN_LOGGING_FLAG 0x2 #define CERT_AUTH_ROOT_AUTO_UPDATE_DISABLE_PARTIAL_CHAIN_LOGGING_FLAG 0x2
// By default a random query string is appended to the Auto Update URLs
// passed to CryptRetrieveObjectByUrlW. See the
// CRYPT_RANDOM_QUERY_STRING_RETRIEVAL flag for more details. Set
// this flag to not set this random query string. This might be the
// case when setting CERT_AUTO_UPDATE_ROOT_DIR_URL_VALUE_NAME where the
// server doesn't strip off the query string.
#define CERT_AUTO_UPDATE_DISABLE_RANDOM_QUERY_STRING_FLAG 0x4
// REG_BINARY, updated with FILETIME of last wire retrieval of authroot cab/ctl
#define CERT_AUTH_ROOT_AUTO_UPDATE_LAST_SYNC_TIME_VALUE_NAME L"LastSyncTime"
// REG_BINARY, updated with last retrieved and verified authroot ctl
#define CERT_AUTH_ROOT_AUTO_UPDATE_ENCODED_CTL_VALUE_NAME L"EncodedCtl"
// AuthRoot Auto Update filenames // AuthRoot Auto Update filenames
// CTL containing the list of certs in the AuthRoot store // CTL containing the list of certs in the AuthRoot store
#define CERT_AUTH_ROOT_CTL_FILENAME L"authroot.stl" #define CERT_AUTH_ROOT_CTL_FILENAME L"authroot.stl"
#define CERT_AUTH_ROOT_CTL_FILENAME_A "authroot.stl" #define CERT_AUTH_ROOT_CTL_FILENAME_A "authroot.stl"
// Cab containing the above CTL // Cab containing the above CTL
#define CERT_AUTH_ROOT_CAB_FILENAME L"authrootstl.ca b" #define CERT_AUTH_ROOT_CAB_FILENAME L"authrootstl.ca b"
// SequenceNumber (Formatted as big endian ascii hex) // SequenceNumber (Formatted as big endian ascii hex)
#define CERT_AUTH_ROOT_SEQ_FILENAME L"authrootseq.tx t" #define CERT_AUTH_ROOT_SEQ_FILENAME L"authrootseq.tx t"
// Root certs extension // Root certs extension
#define CERT_AUTH_ROOT_CERT_EXT L".crt" #define CERT_AUTH_ROOT_CERT_EXT L".crt"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// DisallowedCert Auto Update Definitions
//--------------------------------------------------------------------------
//
// DisallowedCert Auto Update subkey value names.
//
// REG_DWORD, seconds between syncs. 0 implies use default.
#define CERT_DISALLOWED_CERT_AUTO_UPDATE_SYNC_DELTA_TIME_VALUE_NAME \
L"DisallowedCertSyncDeltaTime"
// REG_BINARY, updated with FILETIME of last wire retrieval of disallowed cert
// CTL
#define CERT_DISALLOWED_CERT_AUTO_UPDATE_LAST_SYNC_TIME_VALUE_NAME \
L"DisallowedCertLastSyncTime"
// REG_BINARY, updated with last retrieved and verified disallowed cert ctl
#define CERT_DISALLOWED_CERT_AUTO_UPDATE_ENCODED_CTL_VALUE_NAME \
L"DisallowedCertEncodedCtl"
//
// DisallowedCert Auto Update filenames
//
// CTL containing the list of disallowed certs
#define CERT_DISALLOWED_CERT_CTL_FILENAME L"disallowedcert.stl"
#define CERT_DISALLOWED_CERT_CTL_FILENAME_A "disallowedcert.stl"
// Cab containing disallowed certs CTL
#define CERT_DISALLOWED_CERT_CAB_FILENAME L"disallowedcertstl.cab"
//
// DisallowedCert Auto Update CTL List Identifiers
//
// Disallowed Cert CTL List Identifier
#define CERT_DISALLOWED_CERT_AUTO_UPDATE_LIST_IDENTIFIER \
L"DisallowedCert_AutoUpdate_1"
//+-------------------------------------------------------------------------
// Certificate Registry Store Flag Values (CERT_STORE_REG) // Certificate Registry Store Flag Values (CERT_STORE_REG)
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Set this flag if the HKEY passed in pvPara points to a remote computer // Set this flag if the HKEY passed in pvPara points to a remote computer
// registry key. // registry key.
#define CERT_REGISTRY_STORE_REMOTE_FLAG 0x10000 #define CERT_REGISTRY_STORE_REMOTE_FLAG 0x10000
// Set this flag if the contexts are to be persisted as a single serialized // Set this flag if the contexts are to be persisted as a single serialized
// store in the registry. Mainly used for stores downloaded from the GPT. // store in the registry. Mainly used for stores downloaded from the GPT.
// Such as the CurrentUserGroupPolicy or LocalMachineGroupPolicy stores. // Such as the CurrentUserGroupPolicy or LocalMachineGroupPolicy stores.
skipping to change at line 9335 skipping to change at line 9916
LPWSTR pwszStoreDirectory; LPWSTR pwszStoreDirectory;
} CERT_REGISTRY_STORE_ROAMING_PARA, *PCERT_REGISTRY_STORE_ROAMING_PARA; } CERT_REGISTRY_STORE_ROAMING_PARA, *PCERT_REGISTRY_STORE_ROAMING_PARA;
// The following flag is for internal use. When set, the "My" DWORD value // The following flag is for internal use. When set, the "My" DWORD value
// at HKLM\Software\Microsoft\Cryptography\IEDirtyFlags is set to 0x1 // at HKLM\Software\Microsoft\Cryptography\IEDirtyFlags is set to 0x1
// whenever a certificate is added to the registry store. // whenever a certificate is added to the registry store.
// //
// Legacy definition, no longer supported after 01-May-02 (Server 2003) // Legacy definition, no longer supported after 01-May-02 (Server 2003)
#define CERT_REGISTRY_STORE_MY_IE_DIRTY_FLAG 0x80000 #define CERT_REGISTRY_STORE_MY_IE_DIRTY_FLAG 0x80000
#define CERT_REGISTRY_STORE_EXTERNAL_FLAG 0x100000
// Registry path to the subkey containing the "My" DWORD value to be set // Registry path to the subkey containing the "My" DWORD value to be set
// //
// Legacy definition, no longer supported after 01-May-02 (Server 2003) // Legacy definition, no longer supported after 01-May-02 (Server 2003)
#define CERT_IE_DIRTY_FLAGS_REGPATH \ #define CERT_IE_DIRTY_FLAGS_REGPATH \
L"Software\\Microsoft\\Cryptography\\IEDirtyFlags" L"Software\\Microsoft\\Cryptography\\IEDirtyFlags"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate File Store Flag Values for the providers: // Certificate File Store Flag Values for the providers:
// CERT_STORE_PROV_FILE // CERT_STORE_PROV_FILE
// CERT_STORE_PROV_FILENAME // CERT_STORE_PROV_FILENAME
skipping to change at line 9769 skipping to change at line 10352
// CERT_STORE_PROV_LDAP // CERT_STORE_PROV_LDAP
// sz_CERT_STORE_PROV_LDAP_W // sz_CERT_STORE_PROV_LDAP_W
// sz_CERT_STORE_PROV_LDAP // sz_CERT_STORE_PROV_LDAP
// Opens a store over the results of the query specified by and LDAP // Opens a store over the results of the query specified by and LDAP
// URL which is passed in via pvPara. In order to do writes to the // URL which is passed in via pvPara. In order to do writes to the
// store the URL must specify a BASE query, no filter and a single // store the URL must specify a BASE query, no filter and a single
// attribute. // attribute.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__checkReturn _Must_inspect_result_
HCERTSTORE HCERTSTORE
WINAPI WINAPI
CertOpenStore( CertOpenStore(
__in LPCSTR lpszStoreProvider, _In_ LPCSTR lpszStoreProvider,
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in_opt HCRYPTPROV_LEGACY hCryptProv, _In_opt_ HCRYPTPROV_LEGACY hCryptProv,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt const void *pvPara _In_opt_ const void *pvPara
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// OID Installable Certificate Store Provider Data Structures // OID Installable Certificate Store Provider Data Structures
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Handle returned by the store provider when opened. // Handle returned by the store provider when opened.
typedef void *HCERTSTOREPROV; typedef void *HCERTSTOREPROV;
// Store Provider OID function's pszFuncName. // Store Provider OID function's pszFuncName.
skipping to change at line 9813 skipping to change at line 10396
} CERT_STORE_PROV_INFO, *PCERT_STORE_PROV_INFO; } CERT_STORE_PROV_INFO, *PCERT_STORE_PROV_INFO;
// Definition of the store provider's open function. // Definition of the store provider's open function.
// //
// *pStoreProvInfo has been zeroed before the call. // *pStoreProvInfo has been zeroed before the call.
// //
// Note, pStoreProvInfo->cStoreProvFunc should be set last. Once set, // Note, pStoreProvInfo->cStoreProvFunc should be set last. Once set,
// all subsequent store calls, such as CertAddSerializedElementToStore will // all subsequent store calls, such as CertAddSerializedElementToStore will
// call the appropriate provider callback function. // call the appropriate provider callback function.
typedef BOOL (WINAPI *PFN_CERT_DLL_OPEN_STORE_PROV_FUNC)( typedef BOOL (WINAPI *PFN_CERT_DLL_OPEN_STORE_PROV_FUNC)(
__in LPCSTR lpszStoreProvider, _In_ LPCSTR lpszStoreProvider,
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in_opt HCRYPTPROV_LEGACY hCryptProv, _In_opt_ HCRYPTPROV_LEGACY hCryptProv,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt const void *pvPara, _In_opt_ const void *pvPara,
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__inout PCERT_STORE_PROV_INFO pStoreProvInfo _Inout_ PCERT_STORE_PROV_INFO pStoreProvInfo
); );
// The open callback sets the following flag, if it maintains its // The open callback sets the following flag, if it maintains its
// contexts externally and not in the cached store. // contexts externally and not in the cached store.
#define CERT_STORE_PROV_EXTERNAL_FLAG 0x1 #define CERT_STORE_PROV_EXTERNAL_FLAG 0x1
// The open callback sets the following flag for a successful delete. // The open callback sets the following flag for a successful delete.
// When set, the close callback isn't called. // When set, the close callback isn't called.
#define CERT_STORE_PROV_DELETED_FLAG 0x2 #define CERT_STORE_PROV_DELETED_FLAG 0x2
skipping to change at line 9846 skipping to change at line 10429
#define CERT_STORE_PROV_SYSTEM_STORE_FLAG 0x8 #define CERT_STORE_PROV_SYSTEM_STORE_FLAG 0x8
// The open callback sets the following flag if the contexts are persisted // The open callback sets the following flag if the contexts are persisted
// to a LocalMachine system store. // to a LocalMachine system store.
#define CERT_STORE_PROV_LM_SYSTEM_STORE_FLAG 0x10 #define CERT_STORE_PROV_LM_SYSTEM_STORE_FLAG 0x10
// The open callback sets the following flag if the contexts are persisted // The open callback sets the following flag if the contexts are persisted
// to a GroupPolicy system store. // to a GroupPolicy system store.
#define CERT_STORE_PROV_GP_SYSTEM_STORE_FLAG 0x20 #define CERT_STORE_PROV_GP_SYSTEM_STORE_FLAG 0x20
// The open callback sets the following flag if the contexts are from
// a Shared User physical store.
#define CERT_STORE_PROV_SHARED_USER_FLAG 0x40
// Indices into the store provider's array of callback functions. // Indices into the store provider's array of callback functions.
// //
// The provider can implement any subset of the following functions. It // The provider can implement any subset of the following functions. It
// sets pStoreProvInfo->cStoreProvFunc to the last index + 1 and any // sets pStoreProvInfo->cStoreProvFunc to the last index + 1 and any
// preceding not implemented functions to NULL. // preceding not implemented functions to NULL.
#define CERT_STORE_PROV_CLOSE_FUNC 0 #define CERT_STORE_PROV_CLOSE_FUNC 0
#define CERT_STORE_PROV_READ_CERT_FUNC 1 #define CERT_STORE_PROV_READ_CERT_FUNC 1
#define CERT_STORE_PROV_WRITE_CERT_FUNC 2 #define CERT_STORE_PROV_WRITE_CERT_FUNC 2
#define CERT_STORE_PROV_DELETE_CERT_FUNC 3 #define CERT_STORE_PROV_DELETE_CERT_FUNC 3
#define CERT_STORE_PROV_SET_CERT_PROPERTY_FUNC 4 #define CERT_STORE_PROV_SET_CERT_PROPERTY_FUNC 4
skipping to change at line 9878 skipping to change at line 10465
#define CERT_STORE_PROV_FIND_CRL_FUNC 17 #define CERT_STORE_PROV_FIND_CRL_FUNC 17
#define CERT_STORE_PROV_FREE_FIND_CRL_FUNC 18 #define CERT_STORE_PROV_FREE_FIND_CRL_FUNC 18
#define CERT_STORE_PROV_GET_CRL_PROPERTY_FUNC 19 #define CERT_STORE_PROV_GET_CRL_PROPERTY_FUNC 19
#define CERT_STORE_PROV_FIND_CTL_FUNC 20 #define CERT_STORE_PROV_FIND_CTL_FUNC 20
#define CERT_STORE_PROV_FREE_FIND_CTL_FUNC 21 #define CERT_STORE_PROV_FREE_FIND_CTL_FUNC 21
#define CERT_STORE_PROV_GET_CTL_PROPERTY_FUNC 22 #define CERT_STORE_PROV_GET_CTL_PROPERTY_FUNC 22
// Called by CertCloseStore when the store's reference count is // Called by CertCloseStore when the store's reference count is
// decremented to 0. // decremented to 0.
typedef void (WINAPI *PFN_CERT_STORE_PROV_CLOSE)( typedef void (WINAPI *PFN_CERT_STORE_PROV_CLOSE)(
__inout_opt HCERTSTOREPROV hStoreProv, _Inout_opt_ HCERTSTOREPROV hStoreProv,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
// Currently not called directly by the store APIs. However, may be exported // Currently not called directly by the store APIs. However, may be exported
// to support other providers based on it. // to support other providers based on it.
// //
// Reads the provider's copy of the certificate context. If it exists, // Reads the provider's copy of the certificate context. If it exists,
// creates a new certificate context. // creates a new certificate context.
typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CERT)( typedef _Success_(return != FALSE) BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CERT)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCERT_CONTEXT pStoreCertContext, _In_ PCCERT_CONTEXT pStoreCertContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__deref_out PCCERT_CONTEXT *ppProvCertContext _Outptr_ PCCERT_CONTEXT *ppProvCertContext
); );
#define CERT_STORE_PROV_WRITE_ADD_FLAG 0x1 #define CERT_STORE_PROV_WRITE_ADD_FLAG 0x1
// Called by CertAddEncodedCertificateToStore, // Called by CertAddEncodedCertificateToStore,
// CertAddCertificateContextToStore or CertAddSerializedElementToStore before // CertAddCertificateContextToStore or CertAddSerializedElementToStore before
// adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In // adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In
// addition to the encoded certificate, the added pCertContext might also // addition to the encoded certificate, the added pCertContext might also
// have properties. // have properties.
// //
// Returns TRUE if its OK to update the the store. // Returns TRUE if its OK to update the the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CERT)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CERT)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
// Called by CertDeleteCertificateFromStore before deleting from the // Called by CertDeleteCertificateFromStore before deleting from the
// store. // store.
// //
// Returns TRUE if its OK to delete from the store. // Returns TRUE if its OK to delete from the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CERT)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CERT)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
// Called by CertSetCertificateContextProperty before setting the // Called by CertSetCertificateContextProperty before setting the
// certificate's property. Also called by CertGetCertificateContextProperty, // certificate's property. Also called by CertGetCertificateContextProperty,
// when getting a hash property that needs to be created and then persisted // when getting a hash property that needs to be created and then persisted
// via the set. // via the set.
// //
// Upon input, the property hasn't been set for the pCertContext parameter. // Upon input, the property hasn't been set for the pCertContext parameter.
// //
// Returns TRUE if its OK to set the property. // Returns TRUE if its OK to set the property.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CERT_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CERT_PROPERTY)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt const void *pvData _In_opt_ const void *pvData
); );
// Currently not called directly by the store APIs. However, may be exported // Currently not called directly by the store APIs. However, may be exported
// to support other providers based on it. // to support other providers based on it.
// //
// Reads the provider's copy of the CRL context. If it exists, // Reads the provider's copy of the CRL context. If it exists,
// creates a new CRL context. // creates a new CRL context.
typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CRL)( typedef _Success_(return != FALSE) BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CRL)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCRL_CONTEXT pStoreCrlContext, _In_ PCCRL_CONTEXT pStoreCrlContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__deref_out PCCRL_CONTEXT *ppProvCrlContext _Outptr_ PCCRL_CONTEXT *ppProvCrlContext
); );
// Called by CertAddEncodedCRLToStore, // Called by CertAddEncodedCRLToStore,
// CertAddCRLContextToStore or CertAddSerializedElementToStore before // CertAddCRLContextToStore or CertAddSerializedElementToStore before
// adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In // adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In
// addition to the encoded CRL, the added pCertContext might also // addition to the encoded CRL, the added pCertContext might also
// have properties. // have properties.
// //
// Returns TRUE if its OK to update the the store. // Returns TRUE if its OK to update the the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CRL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CRL)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
// Called by CertDeleteCRLFromStore before deleting from the store. // Called by CertDeleteCRLFromStore before deleting from the store.
// //
// Returns TRUE if its OK to delete from the store. // Returns TRUE if its OK to delete from the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CRL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CRL)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
// Called by CertSetCRLContextProperty before setting the // Called by CertSetCRLContextProperty before setting the
// CRL's property. Also called by CertGetCRLContextProperty, // CRL's property. Also called by CertGetCRLContextProperty,
// when getting a hash property that needs to be created and then persisted // when getting a hash property that needs to be created and then persisted
// via the set. // via the set.
// //
// Upon input, the property hasn't been set for the pCrlContext parameter. // Upon input, the property hasn't been set for the pCrlContext parameter.
// //
// Returns TRUE if its OK to set the property. // Returns TRUE if its OK to set the property.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CRL_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CRL_PROPERTY)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt const void *pvData _In_opt_ const void *pvData
); );
// Currently not called directly by the store APIs. However, may be exported // Currently not called directly by the store APIs. However, may be exported
// to support other providers based on it. // to support other providers based on it.
// //
// Reads the provider's copy of the CTL context. If it exists, // Reads the provider's copy of the CTL context. If it exists,
// creates a new CTL context. // creates a new CTL context.
typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CTL)( typedef _Success_(return != FALSE) BOOL (WINAPI *PFN_CERT_STORE_PROV_READ_CTL)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCTL_CONTEXT pStoreCtlContext, _In_ PCCTL_CONTEXT pStoreCtlContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__deref_out PCCTL_CONTEXT *ppProvCtlContext _Outptr_ PCCTL_CONTEXT *ppProvCtlContext
); );
// Called by CertAddEncodedCTLToStore, // Called by CertAddEncodedCTLToStore,
// CertAddCTLContextToStore or CertAddSerializedElementToStore before // CertAddCTLContextToStore or CertAddSerializedElementToStore before
// adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In // adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In
// addition to the encoded CTL, the added pCertContext might also // addition to the encoded CTL, the added pCertContext might also
// have properties. // have properties.
// //
// Returns TRUE if its OK to update the the store. // Returns TRUE if its OK to update the the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CTL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_WRITE_CTL)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
// Called by CertDeleteCTLFromStore before deleting from the store. // Called by CertDeleteCTLFromStore before deleting from the store.
// //
// Returns TRUE if its OK to delete from the store. // Returns TRUE if its OK to delete from the store.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CTL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_DELETE_CTL)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
// Called by CertSetCTLContextProperty before setting the // Called by CertSetCTLContextProperty before setting the
// CTL's property. Also called by CertGetCTLContextProperty, // CTL's property. Also called by CertGetCTLContextProperty,
// when getting a hash property that needs to be created and then persisted // when getting a hash property that needs to be created and then persisted
// via the set. // via the set.
// //
// Upon input, the property hasn't been set for the pCtlContext parameter. // Upon input, the property hasn't been set for the pCtlContext parameter.
// //
// Returns TRUE if its OK to set the property. // Returns TRUE if its OK to set the property.
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CTL_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_SET_CTL_PROPERTY)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt const void *pvData _In_opt_ const void *pvData
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_CONTROL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_CONTROL)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in DWORD dwCtrlType, _In_ DWORD dwCtrlType,
__in_opt void const *pvCtrlPara _In_opt_ void const *pvCtrlPara
); );
typedef struct _CERT_STORE_PROV_FIND_INFO { typedef struct _CERT_STORE_PROV_FIND_INFO {
DWORD cbSize; DWORD cbSize;
DWORD dwMsgAndCertEncodingType; DWORD dwMsgAndCertEncodingType;
DWORD dwFindFlags; DWORD dwFindFlags;
DWORD dwFindType; DWORD dwFindType;
const void *pvFindPara; const void *pvFindPara;
} CERT_STORE_PROV_FIND_INFO, *PCERT_STORE_PROV_FIND_INFO; } CERT_STORE_PROV_FIND_INFO, *PCERT_STORE_PROV_FIND_INFO;
typedef const CERT_STORE_PROV_FIND_INFO CCERT_STORE_PROV_FIND_INFO, typedef const CERT_STORE_PROV_FIND_INFO CCERT_STORE_PROV_FIND_INFO,
*PCCERT_STORE_PROV_FIND_INFO; *PCCERT_STORE_PROV_FIND_INFO;
typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CERT)( typedef _Success_(return != FALSE) BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CERT)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCERT_STORE_PROV_FIND_INFO pFindInfo, _In_ PCCERT_STORE_PROV_FIND_INFO pFindInfo,
__in PCCERT_CONTEXT pPrevCertContext, _In_ PCCERT_CONTEXT pPrevCertContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__deref_inout void **ppvStoreProvFindInfo, _Inout_ void **ppvStoreProvFindInfo,
__deref_out PCCERT_CONTEXT *ppProvCertContext _Outptr_ PCCERT_CONTEXT *ppProvCertContext
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CERT)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CERT)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in void *pvStoreProvFindInfo, _In_ void *pvStoreProvFindInfo,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CERT_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CERT_PROPERTY)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbData, *pcbData) void *pvData, _Out_writes_bytes_to_opt_(*pcbData, *pcbData) void *pvData,
__inout DWORD *pcbData _Inout_ DWORD *pcbData
); );
typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CRL)( typedef _Success_(return != FALSE) BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CRL)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCERT_STORE_PROV_FIND_INFO pFindInfo, _In_ PCCERT_STORE_PROV_FIND_INFO pFindInfo,
__in PCCRL_CONTEXT pPrevCrlContext, _In_ PCCRL_CONTEXT pPrevCrlContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__deref_inout void **ppvStoreProvFindInfo, _Inout_ void **ppvStoreProvFindInfo,
__deref_out PCCRL_CONTEXT *ppProvCrlContext _Outptr_ PCCRL_CONTEXT *ppProvCrlContext
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CRL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CRL)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in void *pvStoreProvFindInfo, _In_ void *pvStoreProvFindInfo,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CRL_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CRL_PROPERTY)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbData, *pcbData) void *pvData, _Out_writes_bytes_to_opt_(*pcbData, *pcbData) void *pvData,
__inout DWORD *pcbData _Inout_ DWORD *pcbData
); );
typedef __success(return == TRUE) BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CTL)( typedef _Success_(return != FALSE) BOOL (WINAPI *PFN_CERT_STORE_PROV_FIND_CTL)(
__in HCERTSTOREPROV hStoreProv, _In_ HCERTSTOREPROV hStoreProv,
__in PCCERT_STORE_PROV_FIND_INFO pFindInfo, _In_ PCCERT_STORE_PROV_FIND_INFO pFindInfo,
__in PCCTL_CONTEXT pPrevCtlContext, _In_ PCCTL_CONTEXT pPrevCtlContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__deref_inout void **ppvStoreProvFindInfo, _Inout_ void **ppvStoreProvFindInfo,
__deref_out PCCTL_CONTEXT *ppProvCtlContext _Outptr_ PCCTL_CONTEXT *ppProvCtlContext
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CTL)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_FREE_FIND_CTL)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in void *pvStoreProvFindInfo, _In_ void *pvStoreProvFindInfo,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CTL_PROPERTY)( typedef BOOL (WINAPI *PFN_CERT_STORE_PROV_GET_CTL_PROPERTY)(
__inout HCERTSTOREPROV hStoreProv, _Inout_ HCERTSTOREPROV hStoreProv,
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbData, *pcbData) void *pvData, _Out_writes_bytes_to_opt_(*pcbData, *pcbData) void *pvData,
__inout DWORD *pcbData _Inout_ DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Duplicate a cert store handle // Duplicate a cert store handle
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCERTSTORE HCERTSTORE
WINAPI WINAPI
CertDuplicateStore( CertDuplicateStore(
__in HCERTSTORE hCertStore _In_ HCERTSTORE hCertStore
); );
#define CERT_STORE_SAVE_AS_STORE 1 #define CERT_STORE_SAVE_AS_STORE 1
#define CERT_STORE_SAVE_AS_PKCS7 2 #define CERT_STORE_SAVE_AS_PKCS7 2
#define CERT_STORE_SAVE_AS_PKCS12 3 #define CERT_STORE_SAVE_AS_PKCS12 3
#define CERT_STORE_SAVE_TO_FILE 1 #define CERT_STORE_SAVE_TO_FILE 1
#define CERT_STORE_SAVE_TO_MEMORY 2 #define CERT_STORE_SAVE_TO_MEMORY 2
#define CERT_STORE_SAVE_TO_FILENAME_A 3 #define CERT_STORE_SAVE_TO_FILENAME_A 3
#define CERT_STORE_SAVE_TO_FILENAME_W 4 #define CERT_STORE_SAVE_TO_FILENAME_W 4
skipping to change at line 10203 skipping to change at line 10790
// For "_A": given, // For "_A": given,
// LPCSTR pszFilename; pvSaveToPara = (void *) pszFilename; // LPCSTR pszFilename; pvSaveToPara = (void *) pszFilename;
// //
// Note, the default (without "_A" or "_W") is UNICODE. // Note, the default (without "_A" or "_W") is UNICODE.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSaveStore( CertSaveStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in DWORD dwSaveAs, _In_ DWORD dwSaveAs,
__in DWORD dwSaveTo, _In_ DWORD dwSaveTo,
__inout void *pvSaveToPara, _Inout_ void *pvSaveToPara,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Store close flags // Certificate Store close flags
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_CLOSE_STORE_FORCE_FLAG 0x00000001 #define CERT_CLOSE_STORE_FORCE_FLAG 0x00000001
#define CERT_CLOSE_STORE_CHECK_FLAG 0x00000002 #define CERT_CLOSE_STORE_CHECK_FLAG 0x00000002
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Close a cert store handle. // Close a cert store handle.
skipping to change at line 10245 skipping to change at line 10832
// returned with LastError set to CRYPT_E_PENDING_CLOSE. Note, for FALSE, // returned with LastError set to CRYPT_E_PENDING_CLOSE. Note, for FALSE,
// the store is still closed. This is a diagnostic flag. // the store is still closed. This is a diagnostic flag.
// //
// LastError is preserved unless CERT_CLOSE_STORE_CHECK_FLAG is set and FALSE // LastError is preserved unless CERT_CLOSE_STORE_CHECK_FLAG is set and FALSE
// is returned. // is returned.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertCloseStore( CertCloseStore(
__in_opt HCERTSTORE hCertStore, _In_opt_ HCERTSTORE hCertStore,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the subject certificate context uniquely identified by its Issuer and // Get the subject certificate context uniquely identified by its Issuer and
// SerialNumber from the store. // SerialNumber from the store.
// //
// If the certificate isn't found, NULL is returned. Otherwise, a pointer to // If the certificate isn't found, NULL is returned. Otherwise, a pointer to
// a read only CERT_CONTEXT is returned. CERT_CONTEXT must be freed by calling // a read only CERT_CONTEXT is returned. CERT_CONTEXT must be freed by calling
// CertFreeCertificateContext. CertDuplicateCertificateContext can be called to make a // CertFreeCertificateContext. CertDuplicateCertificateContext can be called to make a
// duplicate. // duplicate.
// //
// The returned certificate might not be valid. Normally, it would be // The returned certificate might not be valid. Normally, it would be
// verified when getting its issuer certificate (CertGetIssuerCertificateFromSt ore). // verified when getting its issuer certificate (CertGetIssuerCertificateFromSt ore).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertGetSubjectCertificateFromStore( CertGetSubjectCertificateFromStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_INFO pCertId // Only the Issuer and SerialNumber _In_ PCERT_INFO pCertId // Only the Issuer and SerialNumber
// fields are used // fields are used
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the certificate contexts in the store. // Enumerate the certificate contexts in the store.
// //
// If a certificate isn't found, NULL is returned. // If a certificate isn't found, NULL is returned.
// Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT // Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT
// must be freed by calling CertFreeCertificateContext or is freed when passed as the // must be freed by calling CertFreeCertificateContext or is freed when passed as the
// pPrevCertContext on a subsequent call. CertDuplicateCertificateContext // pPrevCertContext on a subsequent call. CertDuplicateCertificateContext
skipping to change at line 10291 skipping to change at line 10878
// certificate in the store. Successive certificates are enumerated by setting // certificate in the store. Successive certificates are enumerated by setting
// pPrevCertContext to the CERT_CONTEXT returned by a previous call. // pPrevCertContext to the CERT_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by // NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertEnumCertificatesInStore( CertEnumCertificatesInStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in_opt PCCERT_CONTEXT pPrevCertContext _In_opt_ PCCERT_CONTEXT pPrevCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find the first or next certificate context in the store. // Find the first or next certificate context in the store.
// //
// The certificate is found according to the dwFindType and its pvFindPara. // The certificate is found according to the dwFindType and its pvFindPara.
// See below for a list of the find types and its parameters. // See below for a list of the find types and its parameters.
// //
// Currently dwFindFlags is only used for CERT_FIND_SUBJECT_ATTR, // Currently dwFindFlags is only used for CERT_FIND_SUBJECT_ATTR,
// CERT_FIND_ISSUER_ATTR or CERT_FIND_CTL_USAGE. Otherwise, must be set to 0. // CERT_FIND_ISSUER_ATTR or CERT_FIND_CTL_USAGE. Otherwise, must be set to 0.
skipping to change at line 10323 skipping to change at line 10910
// call to find the certificate. To find the next certificate, the // call to find the certificate. To find the next certificate, the
// pPrevCertContext is set to the CERT_CONTEXT returned by a previous call. // pPrevCertContext is set to the CERT_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by // NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertFindCertificateInStore( CertFindCertificateInStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in DWORD dwFindFlags, _In_ DWORD dwFindFlags,
__in DWORD dwFindType, _In_ DWORD dwFindType,
__in_opt const void *pvFindPara, _In_opt_ const void *pvFindPara,
__in_opt PCCERT_CONTEXT pPrevCertContext _In_opt_ PCCERT_CONTEXT pPrevCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate comparison functions // Certificate comparison functions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_COMPARE_MASK 0xFFFF #define CERT_COMPARE_MASK 0xFFFF
#define CERT_COMPARE_SHIFT 16 #define CERT_COMPARE_SHIFT 16
#define CERT_COMPARE_ANY 0 #define CERT_COMPARE_ANY 0
#define CERT_COMPARE_SHA1_HASH 1 #define CERT_COMPARE_SHA1_HASH 1
#define CERT_COMPARE_NAME 2 #define CERT_COMPARE_NAME 2
skipping to change at line 10360 skipping to change at line 10947
#define CERT_COMPARE_ISSUER_OF 12 #define CERT_COMPARE_ISSUER_OF 12
#define CERT_COMPARE_EXISTING 13 #define CERT_COMPARE_EXISTING 13
#define CERT_COMPARE_SIGNATURE_HASH 14 #define CERT_COMPARE_SIGNATURE_HASH 14
#define CERT_COMPARE_KEY_IDENTIFIER 15 #define CERT_COMPARE_KEY_IDENTIFIER 15
#define CERT_COMPARE_CERT_ID 16 #define CERT_COMPARE_CERT_ID 16
#define CERT_COMPARE_CROSS_CERT_DIST_POINTS 17 #define CERT_COMPARE_CROSS_CERT_DIST_POINTS 17
#define CERT_COMPARE_PUBKEY_MD5_HASH 18 #define CERT_COMPARE_PUBKEY_MD5_HASH 18
#define CERT_COMPARE_SUBJECT_INFO_ACCESS 19 #define CERT_COMPARE_SUBJECT_INFO_ACCESS 19
#define CERT_COMPARE_HASH_STR 20
#define CERT_COMPARE_HAS_PRIVATE_KEY 21
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// dwFindType // dwFindType
// //
// The dwFindType definition consists of two components: // The dwFindType definition consists of two components:
// - comparison function // - comparison function
// - certificate information flag // - certificate information flag
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_FIND_ANY (CERT_COMPARE_ANY << CERT_COMPARE_SHIFT) #define CERT_FIND_ANY (CERT_COMPARE_ANY << CERT_COMPARE_SHIFT)
#define CERT_FIND_SHA1_HASH (CERT_COMPARE_SHA1_HASH << CERT_COMPARE_SHIFT) #define CERT_FIND_SHA1_HASH (CERT_COMPARE_SHA1_HASH << CERT_COMPARE_SHIFT)
skipping to change at line 10411 skipping to change at line 11000
#define CERT_FIND_CERT_ID (CERT_COMPARE_CERT_ID << CERT_COMPARE_SHIFT) #define CERT_FIND_CERT_ID (CERT_COMPARE_CERT_ID << CERT_COMPARE_SHIFT)
#define CERT_FIND_CROSS_CERT_DIST_POINTS \ #define CERT_FIND_CROSS_CERT_DIST_POINTS \
(CERT_COMPARE_CROSS_CERT_DIST_POINTS << CERT_COMPARE_SHIFT) (CERT_COMPARE_CROSS_CERT_DIST_POINTS << CERT_COMPARE_SHIFT)
#define CERT_FIND_PUBKEY_MD5_HASH \ #define CERT_FIND_PUBKEY_MD5_HASH \
(CERT_COMPARE_PUBKEY_MD5_HASH << CERT_COMPARE_SHIFT) (CERT_COMPARE_PUBKEY_MD5_HASH << CERT_COMPARE_SHIFT)
#define CERT_FIND_SUBJECT_INFO_ACCESS \ #define CERT_FIND_SUBJECT_INFO_ACCESS \
(CERT_COMPARE_SUBJECT_INFO_ACCESS << CERT_COMPARE_SHIFT) (CERT_COMPARE_SUBJECT_INFO_ACCESS << CERT_COMPARE_SHIFT)
#define CERT_FIND_HASH_STR (CERT_COMPARE_HASH_STR << CERT_COMPARE_SHIFT)
#define CERT_FIND_HAS_PRIVATE_KEY (CERT_COMPARE_HAS_PRIVATE_KEY << CERT_COMPARE_
SHIFT)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_FIND_ANY // CERT_FIND_ANY
// //
// Find any certificate. // Find any certificate.
// //
// pvFindPara isn't used. // pvFindPara isn't used.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_FIND_HASH // CERT_FIND_HASH
skipping to change at line 10611 skipping to change at line 11203
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_FIND_SUBJECT_INFO_ACCESS // CERT_FIND_SUBJECT_INFO_ACCESS
// //
// Find a certificate having either a SubjectInfoAccess extension or // Find a certificate having either a SubjectInfoAccess extension or
// property. // property.
// //
// pvFindPara isn't used. // pvFindPara isn't used.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_FIND_HASH_STR
//
// Find a certificate with the specified hash.
//
// pvFindPara points to a null terminated wide character string, containing
// 40 hexadecimal digits that CryptStringToBinary(CRYPT_STRING_HEXRAW) can
// convert to a 20 byte SHA1 CRYPT_HASH_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Get the certificate context from the store for the first or next issuer // Get the certificate context from the store for the first or next issuer
// of the specified subject certificate. Perform the enabled // of the specified subject certificate. Perform the enabled
// verification checks on the subject. (Note, the checks are on the subject // verification checks on the subject. (Note, the checks are on the subject
// using the returned issuer certificate.) // using the returned issuer certificate.)
// //
// If the first or next issuer certificate isn't found, NULL is returned. // If the first or next issuer certificate isn't found, NULL is returned.
// Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT // Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT
// must be freed by calling CertFreeCertificateContext or is freed when passed as the // must be freed by calling CertFreeCertificateContext or is freed when passed as the
// pPrevIssuerContext on a subsequent call. CertDuplicateCertificateContext // pPrevIssuerContext on a subsequent call. CertDuplicateCertificateContext
// can be called to make a duplicate. // can be called to make a duplicate.
skipping to change at line 10668 skipping to change at line 11270
// CERT_STORE_NO_ISSUER_FLAG is set if it doesn't have an issuer certificate // CERT_STORE_NO_ISSUER_FLAG is set if it doesn't have an issuer certificate
// in the store. // in the store.
// //
// For a verification check failure, a pointer to the issuer's CERT_CONTEXT // For a verification check failure, a pointer to the issuer's CERT_CONTEXT
// is still returned and SetLastError isn't updated. // is still returned and SetLastError isn't updated.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertGetIssuerCertificateFromStore( CertGetIssuerCertificateFromStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in PCCERT_CONTEXT pSubjectContext, _In_ PCCERT_CONTEXT pSubjectContext,
__in_opt PCCERT_CONTEXT pPrevIssuerContext, _In_opt_ PCCERT_CONTEXT pPrevIssuerContext,
__inout DWORD *pdwFlags _Inout_ DWORD *pdwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Perform the enabled verification checks on the subject certificate // Perform the enabled verification checks on the subject certificate
// using the issuer. Same checks and flags definitions as for the above // using the issuer. Same checks and flags definitions as for the above
// CertGetIssuerCertificateFromStore. // CertGetIssuerCertificateFromStore.
// //
// If you are only checking CERT_STORE_TIME_VALIDITY_FLAG, then, the // If you are only checking CERT_STORE_TIME_VALIDITY_FLAG, then, the
// issuer can be NULL. // issuer can be NULL.
// //
// For a verification check failure, SUCCESS is still returned. // For a verification check failure, SUCCESS is still returned.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifySubjectCertificateContext( CertVerifySubjectCertificateContext(
__in PCCERT_CONTEXT pSubject, _In_ PCCERT_CONTEXT pSubject,
__in_opt PCCERT_CONTEXT pIssuer, _In_opt_ PCCERT_CONTEXT pIssuer,
__inout DWORD *pdwFlags _Inout_ DWORD *pdwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Duplicate a certificate context // Duplicate a certificate context
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertDuplicateCertificateContext( CertDuplicateCertificateContext(
__in_opt PCCERT_CONTEXT pCertContext _In_opt_ PCCERT_CONTEXT pCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Create a certificate context from the encoded certificate. The created // Create a certificate context from the encoded certificate. The created
// context isn't put in a store. // context isn't put in a store.
// //
// Makes a copy of the encoded certificate in the created context. // Makes a copy of the encoded certificate in the created context.
// //
// If unable to decode and create the certificate context, NULL is returned. // If unable to decode and create the certificate context, NULL is returned.
// Otherwise, a pointer to a read only CERT_CONTEXT is returned. // Otherwise, a pointer to a read only CERT_CONTEXT is returned.
// CERT_CONTEXT must be freed by calling CertFreeCertificateContext. // CERT_CONTEXT must be freed by calling CertFreeCertificateContext.
// CertDuplicateCertificateContext can be called to make a duplicate. // CertDuplicateCertificateContext can be called to make a duplicate.
// //
// CertSetCertificateContextProperty and CertGetCertificateContextProperty can be called // CertSetCertificateContextProperty and CertGetCertificateContextProperty can be called
// to store properties for the certificate. // to store properties for the certificate.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertCreateCertificateContext( CertCreateCertificateContext(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in_bcount(cbCertEncoded) const BYTE *pbCertEncoded, _In_reads_bytes_(cbCertEncoded) const BYTE *pbCertEncoded,
__in DWORD cbCertEncoded _In_ DWORD cbCertEncoded
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Free a certificate context // Free a certificate context
// //
// There needs to be a corresponding free for each context obtained by a // There needs to be a corresponding free for each context obtained by a
// get, find, duplicate or create. // get, find, duplicate or create.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertFreeCertificateContext( CertFreeCertificateContext(
__in_opt PCCERT_CONTEXT pCertContext _In_opt_ PCCERT_CONTEXT pCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set the property for the specified certificate context. // Set the property for the specified certificate context.
// //
// The type definition for pvData depends on the dwPropId value. There are // The type definition for pvData depends on the dwPropId value. There are
// five predefined types: // five predefined types:
// CERT_KEY_PROV_HANDLE_PROP_ID - a HCRYPTPROV for the certificate's // CERT_KEY_PROV_HANDLE_PROP_ID - a HCRYPTPROV for the certificate's
// private key is passed in pvData. Updates the hCryptProv field // private key is passed in pvData. Updates the hCryptProv field
// of the CERT_KEY_CONTEXT_PROP_ID. If the CERT_KEY_CONTEXT_PROP_ID // of the CERT_KEY_CONTEXT_PROP_ID. If the CERT_KEY_CONTEXT_PROP_ID
skipping to change at line 10868 skipping to change at line 11470
// next 4 bytes - Property Flags // next 4 bytes - Property Flags
// next 4 bytes - Authentication Type // next 4 bytes - Authentication Type
// next 4 bytes - Url Flags // next 4 bytes - Url Flags
// next 4 bytes - CES Authentication Type // next 4 bytes - CES Authentication Type
// followed by Url string with null-terminator, // followed by Url string with null-terminator,
// followed by Id string with null-terminator, // followed by Id string with null-terminator,
// followed by CES Url string with null-terminator, // followed by CES Url string with null-terminator,
// followed by RequestId string with null-terminator. // followed by RequestId string with null-terminator.
// a single null-terminator indicates no string is present. // a single null-terminator indicates no string is present.
// //
// CERT_KEY_REPAIR_ATTEMPTED_PROP_ID - contains the time when repair of
// a missing CERT_KEY_PROV_INFO_PROP_ID property was attempted and failed.
// pvData points to a CRYPT_DATA_BLOB containing the FILETIME.
//
// For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData. // For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData.
// //
// If the property already exists, then, the old value is deleted and silently // If the property already exists, then, the old value is deleted and silently
// replaced. Setting, pvData to NULL, deletes the property. // replaced. Setting, pvData to NULL, deletes the property.
// //
// CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG can be set to ignore any // CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG can be set to ignore any
// provider write errors and always update the cached context's property. // provider write errors and always update the cached context's property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetCertificateContextProperty( CertSetCertificateContextProperty(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt const void *pvData _In_opt_ const void *pvData
); );
// Set this flag to ignore any store provider write errors and always update // Set this flag to ignore any store provider write errors and always update
// the cached context's property // the cached context's property
#define CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG 0x80000000 #define CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG 0x80000000
// Set this flag to inhibit the persisting of this property // Set this flag to inhibit the persisting of this property
#define CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG 0x40000000 #define CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG 0x40000000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 10957 skipping to change at line 11563
// //
// For CERT_SOURCE_LOCATION_PROP_ID and CERT_SOURCE_URL_PROP_ID, // For CERT_SOURCE_LOCATION_PROP_ID and CERT_SOURCE_URL_PROP_ID,
// pvPara points to a NULL terminated unicode, wide character string. // pvPara points to a NULL terminated unicode, wide character string.
// //
// For all other PROP_IDs, pvData points to an encoded array of bytes. // For all other PROP_IDs, pvData points to an encoded array of bytes.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetCertificateContextProperty( CertGetCertificateContextProperty(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__out_bcount_part_opt(*pcbData, *pcbData) void *pvData, _Out_writes_bytes_to_opt_(*pcbData, *pcbData) void *pvData,
__inout DWORD *pcbData _Inout_ DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the properties for the specified certificate context. // Enumerate the properties for the specified certificate context.
// //
// To get the first property, set dwPropId to 0. The ID of the first // To get the first property, set dwPropId to 0. The ID of the first
// property is returned. To get the next property, set dwPropId to the // property is returned. To get the next property, set dwPropId to the
// ID returned by the last call. To enumerate all the properties continue // ID returned by the last call. To enumerate all the properties continue
// until 0 is returned. // until 0 is returned.
// //
// CertGetCertificateContextProperty is called to get the property's data. // CertGetCertificateContextProperty is called to get the property's data.
// //
// Note, since, the CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_SPEC_PROP_ID // Note, since, the CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_SPEC_PROP_ID
// properties are stored as fields in the CERT_KEY_CONTEXT_PROP_ID // properties are stored as fields in the CERT_KEY_CONTEXT_PROP_ID
// property, they aren't enumerated individually. // property, they aren't enumerated individually.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertEnumCertificateContextProperties( CertEnumCertificateContextProperties(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwPropId _In_ DWORD dwPropId
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Creates a CTL entry whose attributes are the certificate context's // Creates a CTL entry whose attributes are the certificate context's
// properties. // properties.
// //
// The SubjectIdentifier in the CTL entry is the SHA1 hash of the certificate. // The SubjectIdentifier in the CTL entry is the SHA1 hash of the certificate.
// //
// The certificate properties are added as attributes. The property attribute // The certificate properties are added as attributes. The property attribute
// OID is the decimal PROP_ID preceded by szOID_CERT_PROP_ID_PREFIX. Each // OID is the decimal PROP_ID preceded by szOID_CERT_PROP_ID_PREFIX. Each
// property value is copied as a single attribute value. // property value is copied as a single attribute value.
// //
// Any additional attributes to be included in the CTL entry can be passed // Any additional attributes to be included in the CTL entry can be passed
// in via the cOptAttr and rgOptAttr parameters. // in via the cOptAttr and rgOptAttr parameters.
// //
// CTL_ENTRY_FROM_PROP_CHAIN_FLAG can be set in dwFlags, to force the // CTL_ENTRY_FROM_PROP_CHAIN_FLAG can be set in dwFlags, to force the
// inclusion of the chain building hash properties as attributes. // inclusion of the chain building hash properties as attributes.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
_Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertCreateCTLEntryFromCertificateContextProperties( CertCreateCTLEntryFromCertificateContextProperties(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD cOptAttr, _In_ DWORD cOptAttr,
__in_ecount_opt(cOptAttr) PCRYPT_ATTRIBUTE rgOptAttr, _In_reads_opt_(cOptAttr) PCRYPT_ATTRIBUTE rgOptAttr,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__out_bcount_part_opt(*pcbCtlEntry, *pcbCtlEntry) PCTL_ENTRY pCtlEntry, _Out_writes_bytes_to_opt_(*pcbCtlEntry, *pcbCtlEntry) PCTL_ENTRY pCtlEntry,
__inout DWORD *pcbCtlEntry _Inout_ DWORD *pcbCtlEntry
); );
// Set this flag to get and include the chain building hash properties // Set this flag to get and include the chain building hash properties
// as attributes in the CTL entry // as attributes in the CTL entry
#define CTL_ENTRY_FROM_PROP_CHAIN_FLAG 0x1 #define CTL_ENTRY_FROM_PROP_CHAIN_FLAG 0x1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sets properties on the certificate context using the attributes in // Sets properties on the certificate context using the attributes in
// the CTL entry. // the CTL entry.
// //
// The property attribute OID is the decimal PROP_ID preceded by // The property attribute OID is the decimal PROP_ID preceded by
// szOID_CERT_PROP_ID_PREFIX. Only attributes containing such an OID are // szOID_CERT_PROP_ID_PREFIX. Only attributes containing such an OID are
// copied. // copied.
// //
// CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG may be set in dwFlags. // CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG may be set in dwFlags.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetCertificateContextPropertiesFromCTLEntry( CertSetCertificateContextPropertiesFromCTLEntry(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in PCTL_ENTRY pCtlEntry, _In_ PCTL_ENTRY pCtlEntry,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the first or next CRL context from the store for the specified // Get the first or next CRL context from the store for the specified
// issuer certificate. Perform the enabled verification checks on the CRL. // issuer certificate. Perform the enabled verification checks on the CRL.
// //
// If the first or next CRL isn't found, NULL is returned. // If the first or next CRL isn't found, NULL is returned.
// Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT // Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT
// must be freed by calling CertFreeCRLContext. However, the free must be // must be freed by calling CertFreeCRLContext. However, the free must be
// pPrevCrlContext on a subsequent call. CertDuplicateCRLContext // pPrevCrlContext on a subsequent call. CertDuplicateCRLContext
skipping to change at line 11093 skipping to change at line 11700
// If pIssuerContext == NULL, then, an enabled CERT_STORE_SIGNATURE_FLAG // If pIssuerContext == NULL, then, an enabled CERT_STORE_SIGNATURE_FLAG
// always fails and the CERT_STORE_NO_ISSUER_FLAG is also set. // always fails and the CERT_STORE_NO_ISSUER_FLAG is also set.
// //
// For a verification check failure, a pointer to the first or next // For a verification check failure, a pointer to the first or next
// CRL_CONTEXT is still returned and SetLastError isn't updated. // CRL_CONTEXT is still returned and SetLastError isn't updated.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRL_CONTEXT PCCRL_CONTEXT
WINAPI WINAPI
CertGetCRLFromStore( CertGetCRLFromStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in_opt PCCERT_CONTEXT pIssuerContext, _In_opt_ PCCERT_CONTEXT pIssuerContext,
__in_opt PCCRL_CONTEXT pPrevCrlContext, _In_opt_ PCCRL_CONTEXT pPrevCrlContext,
__inout DWORD *pdwFlags _Inout_ DWORD *pdwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the CRL contexts in the store. // Enumerate the CRL contexts in the store.
// //
// If a CRL isn't found, NULL is returned. // If a CRL isn't found, NULL is returned.
// Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT // Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT
// must be freed by calling CertFreeCRLContext or is freed when passed as the // must be freed by calling CertFreeCRLContext or is freed when passed as the
// pPrevCrlContext on a subsequent call. CertDuplicateCRLContext // pPrevCrlContext on a subsequent call. CertDuplicateCRLContext
// can be called to make a duplicate. // can be called to make a duplicate.
skipping to change at line 11119 skipping to change at line 11726
// CRL in the store. Successive CRLs are enumerated by setting // CRL in the store. Successive CRLs are enumerated by setting
// pPrevCrlContext to the CRL_CONTEXT returned by a previous call. // pPrevCrlContext to the CRL_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by // NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRL_CONTEXT PCCRL_CONTEXT
WINAPI WINAPI
CertEnumCRLsInStore( CertEnumCRLsInStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in_opt PCCRL_CONTEXT pPrevCrlContext _In_opt_ PCCRL_CONTEXT pPrevCrlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find the first or next CRL context in the store. // Find the first or next CRL context in the store.
// //
// The CRL is found according to the dwFindType and its pvFindPara. // The CRL is found according to the dwFindType and its pvFindPara.
// See below for a list of the find types and its parameters. // See below for a list of the find types and its parameters.
// //
// Currently dwFindFlags isn't used and must be set to 0. // Currently dwFindFlags isn't used and must be set to 0.
// //
skipping to change at line 11150 skipping to change at line 11757
// call to find the CRL. To find the next CRL, the // call to find the CRL. To find the next CRL, the
// pPrevCrlContext is set to the CRL_CONTEXT returned by a previous call. // pPrevCrlContext is set to the CRL_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by // NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRL_CONTEXT PCCRL_CONTEXT
WINAPI WINAPI
CertFindCRLInStore( CertFindCRLInStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in DWORD dwFindFlags, _In_ DWORD dwFindFlags,
__in DWORD dwFindType, _In_ DWORD dwFindType,
__in_opt const void *pvFindPara, _In_opt_ const void *pvFindPara,
__in_opt PCCRL_CONTEXT pPrevCrlContext _In_opt_ PCCRL_CONTEXT pPrevCrlContext
); );
#define CRL_FIND_ANY 0 #define CRL_FIND_ANY 0
#define CRL_FIND_ISSUED_BY 1 #define CRL_FIND_ISSUED_BY 1
#define CRL_FIND_EXISTING 2 #define CRL_FIND_EXISTING 2
#define CRL_FIND_ISSUED_FOR 3 #define CRL_FIND_ISSUED_FOR 3
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRL_FIND_ANY // CRL_FIND_ANY
// //
skipping to change at line 11236 skipping to change at line 11843
// certificate may not match the issuer name in the subject certificate and // certificate may not match the issuer name in the subject certificate and
// its corresponding CRL. // its corresponding CRL.
// //
// All of the above CRL_FIND_ISSUED_BY_*_FLAGS apply to this find type. // All of the above CRL_FIND_ISSUED_BY_*_FLAGS apply to this find type.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRL_FIND_ISSUED_FOR_PARA { typedef struct _CRL_FIND_ISSUED_FOR_PARA {
PCCERT_CONTEXT pSubjectCert; PCCERT_CONTEXT pSubjectCert;
PCCERT_CONTEXT pIssuerCert; PCCERT_CONTEXT pIssuerCert;
} CRL_FIND_ISSUED_FOR_PARA, *PCRL_FIND_ISSUED_FOR_PARA; } CRL_FIND_ISSUED_FOR_PARA, *PCRL_FIND_ISSUED_FOR_PARA;
//
// When the following flag is set, the strong signature properties
// are also set on the returned CRL.
//
// The strong signature properties are:
// - CERT_SIGN_HASH_CNG_ALG_PROP_ID
// - CERT_ISSUER_PUB_KEY_BIT_LENGTH_PROP_ID
//
#define CRL_FIND_ISSUED_FOR_SET_STRONG_PROPERTIES_FLAG 0x10
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Duplicate a CRL context // Duplicate a CRL context
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRL_CONTEXT PCCRL_CONTEXT
WINAPI WINAPI
CertDuplicateCRLContext( CertDuplicateCRLContext(
__in_opt PCCRL_CONTEXT pCrlContext _In_opt_ PCCRL_CONTEXT pCrlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Create a CRL context from the encoded CRL. The created // Create a CRL context from the encoded CRL. The created
// context isn't put in a store. // context isn't put in a store.
// //
// Makes a copy of the encoded CRL in the created context. // Makes a copy of the encoded CRL in the created context.
// //
// If unable to decode and create the CRL context, NULL is returned. // If unable to decode and create the CRL context, NULL is returned.
// Otherwise, a pointer to a read only CRL_CONTEXT is returned. // Otherwise, a pointer to a read only CRL_CONTEXT is returned.
// CRL_CONTEXT must be freed by calling CertFreeCRLContext. // CRL_CONTEXT must be freed by calling CertFreeCRLContext.
// CertDuplicateCRLContext can be called to make a duplicate. // CertDuplicateCRLContext can be called to make a duplicate.
// //
// CertSetCRLContextProperty and CertGetCRLContextProperty can be called // CertSetCRLContextProperty and CertGetCRLContextProperty can be called
// to store properties for the CRL. // to store properties for the CRL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCRL_CONTEXT PCCRL_CONTEXT
WINAPI WINAPI
CertCreateCRLContext( CertCreateCRLContext(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in_bcount(cbCrlEncoded) const BYTE *pbCrlEncoded, _In_reads_bytes_(cbCrlEncoded) const BYTE *pbCrlEncoded,
__in DWORD cbCrlEncoded _In_ DWORD cbCrlEncoded
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Free a CRL context // Free a CRL context
// //
// There needs to be a corresponding free for each context obtained by a // There needs to be a corresponding free for each context obtained by a
// get, duplicate or create. // get, duplicate or create.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertFreeCRLContext( CertFreeCRLContext(
__in_opt PCCRL_CONTEXT pCrlContext _In_opt_ PCCRL_CONTEXT pCrlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set the property for the specified CRL context. // Set the property for the specified CRL context.
// //
// Same Property Ids and semantics as CertSetCertificateContextProperty. // Same Property Ids and semantics as CertSetCertificateContextProperty.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetCRLContextProperty( CertSetCRLContextProperty(
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt const void *pvData _In_opt_ const void *pvData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the property for the specified CRL context. // Get the property for the specified CRL context.
// //
// Same Property Ids and semantics as CertGetCertificateContextProperty. // Same Property Ids and semantics as CertGetCertificateContextProperty.
// //
// CERT_SHA1_HASH_PROP_ID, CERT_MD5_HASH_PROP_ID or // CERT_SHA1_HASH_PROP_ID, CERT_MD5_HASH_PROP_ID or
// CERT_SIGNATURE_HASH_PROP_ID is the predefined property of most interest. // CERT_SIGNATURE_HASH_PROP_ID is the predefined property of most interest.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetCRLContextProperty( CertGetCRLContextProperty(
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__out_bcount_part_opt(*pcbData, *pcbData) void *pvData, _Out_writes_bytes_to_opt_(*pcbData, *pcbData) void *pvData,
__inout DWORD *pcbData _Inout_ DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the properties for the specified CRL context. // Enumerate the properties for the specified CRL context.
// //
// To get the first property, set dwPropId to 0. The ID of the first // To get the first property, set dwPropId to 0. The ID of the first
// property is returned. To get the next property, set dwPropId to the // property is returned. To get the next property, set dwPropId to the
// ID returned by the last call. To enumerate all the properties continue // ID returned by the last call. To enumerate all the properties continue
// until 0 is returned. // until 0 is returned.
// //
// CertGetCRLContextProperty is called to get the property's data. // CertGetCRLContextProperty is called to get the property's data.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertEnumCRLContextProperties( CertEnumCRLContextProperties(
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwPropId _In_ DWORD dwPropId
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Search the CRL's list of entries for the specified certificate. // Search the CRL's list of entries for the specified certificate.
// //
// TRUE is returned if we were able to search the list. Otherwise, FALSE is // TRUE is returned if we were able to search the list. Otherwise, FALSE is
// returned, // returned,
// //
// For success, if the certificate was found in the list, *ppCrlEntry is // For success, if the certificate was found in the list, *ppCrlEntry is
// updated with a pointer to the entry. Otherwise, *ppCrlEntry is set to NULL. // updated with a pointer to the entry. Otherwise, *ppCrlEntry is set to NULL.
// The returned entry isn't allocated and must not be freed. // The returned entry isn't allocated and must not be freed.
// //
// dwFlags and pvReserved currently aren't used and must be set to 0 or NULL. // dwFlags and pvReserved currently aren't used and must be set to 0 or NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertFindCertificateInCRL( CertFindCertificateInCRL(
__in PCCERT_CONTEXT pCert, _In_ PCCERT_CONTEXT pCert,
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__deref_out_opt PCRL_ENTRY *ppCrlEntry _Outptr_result_maybenull_ PCRL_ENTRY *ppCrlEntry
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Is the specified CRL valid for the certificate. // Is the specified CRL valid for the certificate.
// //
// Returns TRUE if the CRL's list of entries would contain the certificate // Returns TRUE if the CRL's list of entries would contain the certificate
// if it was revoked. Note, doesn't check that the certificate is in the // if it was revoked. Note, doesn't check that the certificate is in the
// list of entries. // list of entries.
// //
// If the CRL has an Issuing Distribution Point (IDP) extension, checks // If the CRL has an Issuing Distribution Point (IDP) extension, checks
// that it's valid for the subject certificate. // that it's valid for the subject certificate.
// //
// dwFlags and pvReserved currently aren't used and must be set to 0 and NULL. // dwFlags and pvReserved currently aren't used and must be set to 0 and NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertIsValidCRLForCertificate( CertIsValidCRLForCertificate(
__in PCCERT_CONTEXT pCert, _In_ PCCERT_CONTEXT pCert,
__in PCCRL_CONTEXT pCrl, _In_ PCCRL_CONTEXT pCrl,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add certificate/CRL, encoded, context or element disposition values. // Add certificate/CRL, encoded, context or element disposition values.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_STORE_ADD_NEW 1 #define CERT_STORE_ADD_NEW 1
#define CERT_STORE_ADD_USE_EXISTING 2 #define CERT_STORE_ADD_USE_EXISTING 2
#define CERT_STORE_ADD_REPLACE_EXISTING 3 #define CERT_STORE_ADD_REPLACE_EXISTING 3
#define CERT_STORE_ADD_ALWAYS 4 #define CERT_STORE_ADD_ALWAYS 4
#define CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES 5 #define CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES 5
skipping to change at line 11435 skipping to change at line 12052
// Same as CERT_STORE_ADD_NEWER. However, if an older certificate is // Same as CERT_STORE_ADD_NEWER. However, if an older certificate is
// replaced, same as CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES. // replaced, same as CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES.
// //
// CertGetSubjectCertificateFromStore is called to determine if the // CertGetSubjectCertificateFromStore is called to determine if the
// certificate already exists in the store. // certificate already exists in the store.
// //
// ppCertContext can be NULL, indicating the caller isn't interested // ppCertContext can be NULL, indicating the caller isn't interested
// in getting the CERT_CONTEXT of the added or existing certificate. // in getting the CERT_CONTEXT of the added or existing certificate.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertAddEncodedCertificateToStore( CertAddEncodedCertificateToStore(
__in_opt HCERTSTORE hCertStore, _In_opt_ HCERTSTORE hCertStore,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in_bcount(cbCertEncoded) const BYTE *pbCertEncoded, _In_reads_bytes_(cbCertEncoded) const BYTE *pbCertEncoded,
__in DWORD cbCertEncoded, _In_ DWORD cbCertEncoded,
__in DWORD dwAddDisposition, _In_ DWORD dwAddDisposition,
__deref_opt_out PCCERT_CONTEXT *ppCertContext _Outptr_opt_ PCCERT_CONTEXT *ppCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add the certificate context to the store according to the specified // Add the certificate context to the store according to the specified
// disposition action. // disposition action.
// //
// In addition to the encoded certificate, the context's properties are // In addition to the encoded certificate, the context's properties are
// also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its // also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its
// CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied. // CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied.
// //
skipping to change at line 11505 skipping to change at line 12122
// Same as CERT_STORE_ADD_NEWER. However, if an older context is // Same as CERT_STORE_ADD_NEWER. However, if an older context is
// replaced, same as CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES. // replaced, same as CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES.
// //
// CertGetSubjectCertificateFromStore is called to determine if the // CertGetSubjectCertificateFromStore is called to determine if the
// certificate already exists in the store. // certificate already exists in the store.
// //
// ppStoreContext can be NULL, indicating the caller isn't interested // ppStoreContext can be NULL, indicating the caller isn't interested
// in getting the CERT_CONTEXT of the added or existing certificate. // in getting the CERT_CONTEXT of the added or existing certificate.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertAddCertificateContextToStore( CertAddCertificateContextToStore(
__in_opt HCERTSTORE hCertStore, _In_opt_ HCERTSTORE hCertStore,
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwAddDisposition, _In_ DWORD dwAddDisposition,
__deref_opt_out PCCERT_CONTEXT *ppStoreContext _Outptr_opt_ PCCERT_CONTEXT *ppStoreContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Store Context Types // Certificate Store Context Types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_STORE_CERTIFICATE_CONTEXT 1 #define CERT_STORE_CERTIFICATE_CONTEXT 1
#define CERT_STORE_CRL_CONTEXT 2 #define CERT_STORE_CRL_CONTEXT 2
#define CERT_STORE_CTL_CONTEXT 3 #define CERT_STORE_CTL_CONTEXT 3
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 11559 skipping to change at line 12176
// add either a certificate or CRL, set dwContextTypeFlags to: // add either a certificate or CRL, set dwContextTypeFlags to:
// CERT_STORE_CERTIFICATE_CONTEXT_FLAG | CERT_STORE_CRL_CONTEXT_FLAG // CERT_STORE_CERTIFICATE_CONTEXT_FLAG | CERT_STORE_CRL_CONTEXT_FLAG
// //
// *pdwContextType is updated with the type of the context returned in // *pdwContextType is updated with the type of the context returned in
// *ppvContxt. pdwContextType or ppvContext can be NULL, indicating the // *ppvContxt. pdwContextType or ppvContext can be NULL, indicating the
// caller isn't interested in getting the output. If *ppvContext is // caller isn't interested in getting the output. If *ppvContext is
// returned it must be freed by calling CertFreeCertificateContext or // returned it must be freed by calling CertFreeCertificateContext or
// CertFreeCRLContext. // CertFreeCRLContext.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertAddSerializedElementToStore( CertAddSerializedElementToStore(
__in_opt HCERTSTORE hCertStore, _In_opt_ HCERTSTORE hCertStore,
__in_bcount(cbElement) const BYTE *pbElement, _In_reads_bytes_(cbElement) const BYTE *pbElement,
__in DWORD cbElement, _In_ DWORD cbElement,
__in DWORD dwAddDisposition, _In_ DWORD dwAddDisposition,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in DWORD dwContextTypeFlags, _In_ DWORD dwContextTypeFlags,
__out_opt DWORD *pdwContextType, _Out_opt_ DWORD *pdwContextType,
__deref_opt_out const void **ppvContext _Outptr_opt_ const void **ppvContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Delete the specified certificate from the store. // Delete the specified certificate from the store.
// //
// All subsequent gets or finds for the certificate will fail. However, // All subsequent gets or finds for the certificate will fail. However,
// memory allocated for the certificate isn't freed until all of its contexts // memory allocated for the certificate isn't freed until all of its contexts
// have also been freed. // have also been freed.
// //
// The pCertContext is obtained from a get, enum, find or duplicate. // The pCertContext is obtained from a get, enum, find or duplicate.
skipping to change at line 11592 skipping to change at line 12209
// Some store provider implementations might also delete the issuer's CRLs // Some store provider implementations might also delete the issuer's CRLs
// if this is the last certificate for the issuer in the store. // if this is the last certificate for the issuer in the store.
// //
// NOTE: the pCertContext is always CertFreeCertificateContext'ed by // NOTE: the pCertContext is always CertFreeCertificateContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertDeleteCertificateFromStore( CertDeleteCertificateFromStore(
__in PCCERT_CONTEXT pCertContext _In_ PCCERT_CONTEXT pCertContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add the encoded CRL to the store according to the specified // Add the encoded CRL to the store according to the specified
// disposition option. // disposition option.
// //
// Makes a copy of the encoded CRL before adding to the store. // Makes a copy of the encoded CRL before adding to the store.
// //
// dwAddDispostion specifies the action to take if the CRL // dwAddDispostion specifies the action to take if the CRL
// already exists in the store. See CertAddEncodedCertificateToStore for a // already exists in the store. See CertAddEncodedCertificateToStore for a
// list of and actions taken. // list of and actions taken.
// //
// Compares the CRL's Issuer to determine if the CRL already exists in the // Compares the CRL's Issuer to determine if the CRL already exists in the
// store. // store.
// //
// ppCrlContext can be NULL, indicating the caller isn't interested // ppCrlContext can be NULL, indicating the caller isn't interested
// in getting the CRL_CONTEXT of the added or existing CRL. // in getting the CRL_CONTEXT of the added or existing CRL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertAddEncodedCRLToStore( CertAddEncodedCRLToStore(
__in_opt HCERTSTORE hCertStore, _In_opt_ HCERTSTORE hCertStore,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in_bcount(cbCrlEncoded) const BYTE *pbCrlEncoded, _In_reads_bytes_(cbCrlEncoded) const BYTE *pbCrlEncoded,
__in DWORD cbCrlEncoded, _In_ DWORD cbCrlEncoded,
__in DWORD dwAddDisposition, _In_ DWORD dwAddDisposition,
__deref_opt_out PCCRL_CONTEXT *ppCrlContext _Outptr_opt_ PCCRL_CONTEXT *ppCrlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add the CRL context to the store according to the specified // Add the CRL context to the store according to the specified
// disposition option. // disposition option.
// //
// In addition to the encoded CRL, the context's properties are // In addition to the encoded CRL, the context's properties are
// also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its // also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its
// CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied. // CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied.
// //
skipping to change at line 11645 skipping to change at line 12262
// already exists in the store. See CertAddCertificateContextToStore for a // already exists in the store. See CertAddCertificateContextToStore for a
// list of and actions taken. // list of and actions taken.
// //
// Compares the CRL's Issuer, ThisUpdate and NextUpdate to determine // Compares the CRL's Issuer, ThisUpdate and NextUpdate to determine
// if the CRL already exists in the store. // if the CRL already exists in the store.
// //
// ppStoreContext can be NULL, indicating the caller isn't interested // ppStoreContext can be NULL, indicating the caller isn't interested
// in getting the CRL_CONTEXT of the added or existing CRL. // in getting the CRL_CONTEXT of the added or existing CRL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertAddCRLContextToStore( CertAddCRLContextToStore(
__in_opt HCERTSTORE hCertStore, _In_opt_ HCERTSTORE hCertStore,
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwAddDisposition, _In_ DWORD dwAddDisposition,
__deref_opt_out PCCRL_CONTEXT *ppStoreContext _Outptr_opt_ PCCRL_CONTEXT *ppStoreContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Delete the specified CRL from the store. // Delete the specified CRL from the store.
// //
// All subsequent gets for the CRL will fail. However, // All subsequent gets for the CRL will fail. However,
// memory allocated for the CRL isn't freed until all of its contexts // memory allocated for the CRL isn't freed until all of its contexts
// have also been freed. // have also been freed.
// //
// The pCrlContext is obtained from a get or duplicate. // The pCrlContext is obtained from a get or duplicate.
// //
// NOTE: the pCrlContext is always CertFreeCRLContext'ed by // NOTE: the pCrlContext is always CertFreeCRLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertDeleteCRLFromStore( CertDeleteCRLFromStore(
__in PCCRL_CONTEXT pCrlContext _In_ PCCRL_CONTEXT pCrlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Serialize the certificate context's encoded certificate and its // Serialize the certificate context's encoded certificate and its
// properties. // properties.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSerializeCertificateStoreElement( CertSerializeCertificateStoreElement(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbElement, *pcbElement) BYTE *pbElement, _Out_writes_bytes_to_opt_(*pcbElement, *pcbElement) BYTE *pbElement,
__inout DWORD *pcbElement _Inout_ DWORD *pcbElement
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Serialize the CRL context's encoded CRL and its properties. // Serialize the CRL context's encoded CRL and its properties.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSerializeCRLStoreElement( CertSerializeCRLStoreElement(
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbElement, *pcbElement) BYTE *pbElement, _Out_writes_bytes_to_opt_(*pcbElement, *pcbElement) BYTE *pbElement,
__inout DWORD *pcbElement _Inout_ DWORD *pcbElement
); );
//+========================================================================= //+=========================================================================
// Certificate Trust List (CTL) Store Data Structures and APIs // Certificate Trust List (CTL) Store Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Duplicate a CTL context // Duplicate a CTL context
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCTL_CONTEXT PCCTL_CONTEXT
WINAPI WINAPI
CertDuplicateCTLContext( CertDuplicateCTLContext(
__in_opt PCCTL_CONTEXT pCtlContext _In_opt_ PCCTL_CONTEXT pCtlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Create a CTL context from the encoded CTL. The created // Create a CTL context from the encoded CTL. The created
// context isn't put in a store. // context isn't put in a store.
// //
// Makes a copy of the encoded CTL in the created context. // Makes a copy of the encoded CTL in the created context.
// //
// If unable to decode and create the CTL context, NULL is returned. // If unable to decode and create the CTL context, NULL is returned.
// Otherwise, a pointer to a read only CTL_CONTEXT is returned. // Otherwise, a pointer to a read only CTL_CONTEXT is returned.
// CTL_CONTEXT must be freed by calling CertFreeCTLContext. // CTL_CONTEXT must be freed by calling CertFreeCTLContext.
// CertDuplicateCTLContext can be called to make a duplicate. // CertDuplicateCTLContext can be called to make a duplicate.
// //
// CertSetCTLContextProperty and CertGetCTLContextProperty can be called // CertSetCTLContextProperty and CertGetCTLContextProperty can be called
// to store properties for the CTL. // to store properties for the CTL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCTL_CONTEXT PCCTL_CONTEXT
WINAPI WINAPI
CertCreateCTLContext( CertCreateCTLContext(
__in DWORD dwMsgAndCertEncodingType, _In_ DWORD dwMsgAndCertEncodingType,
__in_bcount(cbCtlEncoded) const BYTE *pbCtlEncoded, _In_reads_bytes_(cbCtlEncoded) const BYTE *pbCtlEncoded,
__in DWORD cbCtlEncoded _In_ DWORD cbCtlEncoded
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Free a CTL context // Free a CTL context
// //
// There needs to be a corresponding free for each context obtained by a // There needs to be a corresponding free for each context obtained by a
// get, duplicate or create. // get, duplicate or create.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertFreeCTLContext( CertFreeCTLContext(
__in_opt PCCTL_CONTEXT pCtlContext _In_opt_ PCCTL_CONTEXT pCtlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set the property for the specified CTL context. // Set the property for the specified CTL context.
// //
// Same Property Ids and semantics as CertSetCertificateContextProperty. // Same Property Ids and semantics as CertSetCertificateContextProperty.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetCTLContextProperty( CertSetCTLContextProperty(
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt const void *pvData _In_opt_ const void *pvData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the property for the specified CTL context. // Get the property for the specified CTL context.
// //
// Same Property Ids and semantics as CertGetCertificateContextProperty. // Same Property Ids and semantics as CertGetCertificateContextProperty.
// //
// CERT_SHA1_HASH_PROP_ID or CERT_NEXT_UPDATE_LOCATION_PROP_ID are the // CERT_SHA1_HASH_PROP_ID or CERT_NEXT_UPDATE_LOCATION_PROP_ID are the
// predefined properties of most interest. // predefined properties of most interest.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetCTLContextProperty( CertGetCTLContextProperty(
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__out_bcount_part_opt(*pcbData, *pcbData) void *pvData, _Out_writes_bytes_to_opt_(*pcbData, *pcbData) void *pvData,
__inout DWORD *pcbData _Inout_ DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the properties for the specified CTL context. // Enumerate the properties for the specified CTL context.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertEnumCTLContextProperties( CertEnumCTLContextProperties(
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwPropId _In_ DWORD dwPropId
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the CTL contexts in the store. // Enumerate the CTL contexts in the store.
// //
// If a CTL isn't found, NULL is returned. // If a CTL isn't found, NULL is returned.
// Otherwise, a pointer to a read only CTL_CONTEXT is returned. CTL_CONTEXT // Otherwise, a pointer to a read only CTL_CONTEXT is returned. CTL_CONTEXT
// must be freed by calling CertFreeCTLContext or is freed when passed as the // must be freed by calling CertFreeCTLContext or is freed when passed as the
// pPrevCtlContext on a subsequent call. CertDuplicateCTLContext // pPrevCtlContext on a subsequent call. CertDuplicateCTLContext
// can be called to make a duplicate. // can be called to make a duplicate.
skipping to change at line 11815 skipping to change at line 12432
// CTL in the store. Successive CTLs are enumerated by setting // CTL in the store. Successive CTLs are enumerated by setting
// pPrevCtlContext to the CTL_CONTEXT returned by a previous call. // pPrevCtlContext to the CTL_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by // NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCTL_CONTEXT PCCTL_CONTEXT
WINAPI WINAPI
CertEnumCTLsInStore( CertEnumCTLsInStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in_opt PCCTL_CONTEXT pPrevCtlContext _In_opt_ PCCTL_CONTEXT pPrevCtlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Attempt to find the specified subject in the CTL. // Attempt to find the specified subject in the CTL.
// //
// For CTL_CERT_SUBJECT_TYPE, pvSubject points to a CERT_CONTEXT. The CTL's // For CTL_CERT_SUBJECT_TYPE, pvSubject points to a CERT_CONTEXT. The CTL's
// SubjectAlgorithm is examined to determine the representation of the // SubjectAlgorithm is examined to determine the representation of the
// subject's identity. Initially, only SHA1 or MD5 hash will be supported. // subject's identity. Initially, only SHA1 or MD5 hash will be supported.
// The appropriate hash property is obtained from the CERT_CONTEXT. // The appropriate hash property is obtained from the CERT_CONTEXT.
// //
skipping to change at line 11841 skipping to change at line 12458
// The certificate's hash or the CTL_ANY_SUBJECT_INFO's SubjectIdentifier // The certificate's hash or the CTL_ANY_SUBJECT_INFO's SubjectIdentifier
// is used as the key in searching the subject entries. A binary // is used as the key in searching the subject entries. A binary
// memory comparison is done between the key and the entry's SubjectIdentifer. // memory comparison is done between the key and the entry's SubjectIdentifer.
// //
// dwEncodingType isn't used for either of the above SubjectTypes. // dwEncodingType isn't used for either of the above SubjectTypes.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCTL_ENTRY PCTL_ENTRY
WINAPI WINAPI
CertFindSubjectInCTL( CertFindSubjectInCTL(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in DWORD dwSubjectType, _In_ DWORD dwSubjectType,
__in void *pvSubject, _In_ void *pvSubject,
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
// Subject Types: // Subject Types:
// CTL_ANY_SUBJECT_TYPE, pvSubject points to following CTL_ANY_SUBJECT_INFO. // CTL_ANY_SUBJECT_TYPE, pvSubject points to following CTL_ANY_SUBJECT_INFO.
// CTL_CERT_SUBJECT_TYPE, pvSubject points to CERT_CONTEXT. // CTL_CERT_SUBJECT_TYPE, pvSubject points to CERT_CONTEXT.
#define CTL_ANY_SUBJECT_TYPE 1 #define CTL_ANY_SUBJECT_TYPE 1
#define CTL_CERT_SUBJECT_TYPE 2 #define CTL_CERT_SUBJECT_TYPE 2
typedef struct _CTL_ANY_SUBJECT_INFO { typedef struct _CTL_ANY_SUBJECT_INFO {
CRYPT_ALGORITHM_IDENTIFIER SubjectAlgorithm; CRYPT_ALGORITHM_IDENTIFIER SubjectAlgorithm;
skipping to change at line 11886 skipping to change at line 12503
// call to find the CTL. To find the next CTL, the // call to find the CTL. To find the next CTL, the
// pPrevCtlContext is set to the CTL_CONTEXT returned by a previous call. // pPrevCtlContext is set to the CTL_CONTEXT returned by a previous call.
// //
// NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by // NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCTL_CONTEXT PCCTL_CONTEXT
WINAPI WINAPI
CertFindCTLInStore( CertFindCTLInStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in DWORD dwMsgAndCertEncodingType, _In_ DWORD dwMsgAndCertEncodingType,
__in DWORD dwFindFlags, _In_ DWORD dwFindFlags,
__in DWORD dwFindType, _In_ DWORD dwFindType,
__in_opt const void *pvFindPara, _In_opt_ const void *pvFindPara,
__in_opt PCCTL_CONTEXT pPrevCtlContext _In_opt_ PCCTL_CONTEXT pPrevCtlContext
); );
#define CTL_FIND_ANY 0 #define CTL_FIND_ANY 0
#define CTL_FIND_SHA1_HASH 1 #define CTL_FIND_SHA1_HASH 1
#define CTL_FIND_MD5_HASH 2 #define CTL_FIND_MD5_HASH 2
#define CTL_FIND_USAGE 3 #define CTL_FIND_USAGE 3
#define CTL_FIND_SUBJECT 4 #define CTL_FIND_SUBJECT 4
#define CTL_FIND_EXISTING 5 #define CTL_FIND_EXISTING 5
typedef struct _CTL_FIND_USAGE_PARA { typedef struct _CTL_FIND_USAGE_PARA {
skipping to change at line 11987 skipping to change at line 12604
// already exists in the store. See CertAddEncodedCertificateToStore for a // already exists in the store. See CertAddEncodedCertificateToStore for a
// list of and actions taken. // list of and actions taken.
// //
// Compares the CTL's SubjectUsage, ListIdentifier and any of its signers // Compares the CTL's SubjectUsage, ListIdentifier and any of its signers
// to determine if the CTL already exists in the store. // to determine if the CTL already exists in the store.
// //
// ppCtlContext can be NULL, indicating the caller isn't interested // ppCtlContext can be NULL, indicating the caller isn't interested
// in getting the CTL_CONTEXT of the added or existing CTL. // in getting the CTL_CONTEXT of the added or existing CTL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertAddEncodedCTLToStore( CertAddEncodedCTLToStore(
__in_opt HCERTSTORE hCertStore, _In_opt_ HCERTSTORE hCertStore,
__in DWORD dwMsgAndCertEncodingType, _In_ DWORD dwMsgAndCertEncodingType,
__in_bcount(cbCtlEncoded) const BYTE *pbCtlEncoded, _In_reads_bytes_(cbCtlEncoded) const BYTE *pbCtlEncoded,
__in DWORD cbCtlEncoded, _In_ DWORD cbCtlEncoded,
__in DWORD dwAddDisposition, _In_ DWORD dwAddDisposition,
__deref_opt_out PCCTL_CONTEXT *ppCtlContext _Outptr_opt_ PCCTL_CONTEXT *ppCtlContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add the CTL context to the store according to the specified // Add the CTL context to the store according to the specified
// disposition option. // disposition option.
// //
// In addition to the encoded CTL, the context's properties are // In addition to the encoded CTL, the context's properties are
// also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its // also copied. Note, the CERT_KEY_CONTEXT_PROP_ID property (and its
// CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied. // CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied.
// //
skipping to change at line 12020 skipping to change at line 12637
// already exists in the store. See CertAddCertificateContextToStore for a // already exists in the store. See CertAddCertificateContextToStore for a
// list of and actions taken. // list of and actions taken.
// //
// Compares the CTL's SubjectUsage, ListIdentifier and any of its signers // Compares the CTL's SubjectUsage, ListIdentifier and any of its signers
// to determine if the CTL already exists in the store. // to determine if the CTL already exists in the store.
// //
// ppStoreContext can be NULL, indicating the caller isn't interested // ppStoreContext can be NULL, indicating the caller isn't interested
// in getting the CTL_CONTEXT of the added or existing CTL. // in getting the CTL_CONTEXT of the added or existing CTL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertAddCTLContextToStore( CertAddCTLContextToStore(
__in_opt HCERTSTORE hCertStore, _In_opt_ HCERTSTORE hCertStore,
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwAddDisposition, _In_ DWORD dwAddDisposition,
__deref_opt_out PCCTL_CONTEXT *ppStoreContext _Outptr_opt_ PCCTL_CONTEXT *ppStoreContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Serialize the CTL context's encoded CTL and its properties. // Serialize the CTL context's encoded CTL and its properties.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSerializeCTLStoreElement( CertSerializeCTLStoreElement(
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbElement, *pcbElement) BYTE *pbElement, _Out_writes_bytes_to_opt_(*pcbElement, *pcbElement) BYTE *pbElement,
__inout DWORD *pcbElement _Inout_ DWORD *pcbElement
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Delete the specified CTL from the store. // Delete the specified CTL from the store.
// //
// All subsequent gets for the CTL will fail. However, // All subsequent gets for the CTL will fail. However,
// memory allocated for the CTL isn't freed until all of its contexts // memory allocated for the CTL isn't freed until all of its contexts
// have also been freed. // have also been freed.
// //
// The pCtlContext is obtained from a get or duplicate. // The pCtlContext is obtained from a get or duplicate.
// //
// NOTE: the pCtlContext is always CertFreeCTLContext'ed by // NOTE: the pCtlContext is always CertFreeCTLContext'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertDeleteCTLFromStore( CertDeleteCTLFromStore(
__in PCCTL_CONTEXT pCtlContext _In_ PCCTL_CONTEXT pCtlContext
); );
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertAddCertificateLinkToStore( CertAddCertificateLinkToStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwAddDisposition, _In_ DWORD dwAddDisposition,
__deref_opt_out PCCERT_CONTEXT *ppStoreContext _Outptr_opt_ PCCERT_CONTEXT *ppStoreContext
); );
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertAddCRLLinkToStore( CertAddCRLLinkToStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in PCCRL_CONTEXT pCrlContext, _In_ PCCRL_CONTEXT pCrlContext,
__in DWORD dwAddDisposition, _In_ DWORD dwAddDisposition,
__deref_opt_out PCCRL_CONTEXT *ppStoreContext _Outptr_opt_ PCCRL_CONTEXT *ppStoreContext
); );
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertAddCTLLinkToStore( CertAddCTLLinkToStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwAddDisposition, _In_ DWORD dwAddDisposition,
__deref_opt_out PCCTL_CONTEXT *ppStoreContext _Outptr_opt_ PCCTL_CONTEXT *ppStoreContext
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertAddStoreToCollection( CertAddStoreToCollection(
__in HCERTSTORE hCollectionStore, _In_ HCERTSTORE hCollectionStore,
__in_opt HCERTSTORE hSiblingStore, _In_opt_ HCERTSTORE hSiblingStore,
__in DWORD dwUpdateFlags, _In_ DWORD dwUpdateFlags,
__in DWORD dwPriority _In_ DWORD dwPriority
); );
WINCRYPT32API WINCRYPT32API
void void
WINAPI WINAPI
CertRemoveStoreFromCollection( CertRemoveStoreFromCollection(
__in HCERTSTORE hCollectionStore, _In_ HCERTSTORE hCollectionStore,
__in HCERTSTORE hSiblingStore _In_ HCERTSTORE hSiblingStore
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertControlStore( CertControlStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in DWORD dwCtrlType, _In_ DWORD dwCtrlType,
__in_opt void const *pvCtrlPara _In_opt_ void const *pvCtrlPara
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate Store control types // Certificate Store control types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_STORE_CTRL_RESYNC 1 #define CERT_STORE_CTRL_RESYNC 1
#define CERT_STORE_CTRL_NOTIFY_CHANGE 2 #define CERT_STORE_CTRL_NOTIFY_CHANGE 2
#define CERT_STORE_CTRL_COMMIT 3 #define CERT_STORE_CTRL_COMMIT 3
#define CERT_STORE_CTRL_AUTO_RESYNC 4 #define CERT_STORE_CTRL_AUTO_RESYNC 4
#define CERT_STORE_CTRL_CANCEL_NOTIFY 5 #define CERT_STORE_CTRL_CANCEL_NOTIFY 5
skipping to change at line 12252 skipping to change at line 12869
// //
// For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData. // For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData.
// //
// If the property already exists, then, the old value is deleted and silently // If the property already exists, then, the old value is deleted and silently
// replaced. Setting, pvData to NULL, deletes the property. // replaced. Setting, pvData to NULL, deletes the property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetStoreProperty( CertSetStoreProperty(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt const void *pvData _In_opt_ const void *pvData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get a store property. // Get a store property.
// //
// The type definition for pvData depends on the dwPropId value. // The type definition for pvData depends on the dwPropId value.
// CERT_STORE_LOCALIZED_NAME_PROP_ID - localized name of the store. // CERT_STORE_LOCALIZED_NAME_PROP_ID - localized name of the store.
// pvData points to a NULL terminated unicode, wide character string. // pvData points to a NULL terminated unicode, wide character string.
// cbData = (wcslen((LPWSTR) pvData) + 1) * sizeof(WCHAR). // cbData = (wcslen((LPWSTR) pvData) + 1) * sizeof(WCHAR).
// //
// For all other PROP_IDs, pvData points to an array of bytes. // For all other PROP_IDs, pvData points to an array of bytes.
// //
// If the property doesn't exist, returns FALSE and sets LastError to // If the property doesn't exist, returns FALSE and sets LastError to
// CRYPT_E_NOT_FOUND. // CRYPT_E_NOT_FOUND.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
_Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertGetStoreProperty( CertGetStoreProperty(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__out_bcount_part_opt(*pcbData, *pcbData) void *pvData, _Out_writes_bytes_to_opt_(*pcbData, *pcbData) void *pvData,
__inout DWORD *pcbData _Inout_ DWORD *pcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// If the callback returns FALSE, stops the sort. CertCreateContext // If the callback returns FALSE, stops the sort. CertCreateContext
// will return FALSE and set last error to ERROR_CANCELLED if the sort // will return FALSE and set last error to ERROR_CANCELLED if the sort
// was stopped. // was stopped.
// //
// Where: // Where:
// cbTotalEncoded - total byte count of the encoded entries. // cbTotalEncoded - total byte count of the encoded entries.
// cbRemainEncoded - remaining byte count of the encoded entries. // cbRemainEncoded - remaining byte count of the encoded entries.
// cEntry - running count of sorted entries // cEntry - running count of sorted entries
// pvSort - value passed in pCreatePara // pvSort - value passed in pCreatePara
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_CERT_CREATE_CONTEXT_SORT_FUNC)( typedef BOOL (WINAPI *PFN_CERT_CREATE_CONTEXT_SORT_FUNC)(
__in DWORD cbTotalEncoded, _In_ DWORD cbTotalEncoded,
__in DWORD cbRemainEncoded, _In_ DWORD cbRemainEncoded,
__in DWORD cEntry, _In_ DWORD cEntry,
__inout_opt void *pvSort _Inout_opt_ void *pvSort
); );
typedef struct _CERT_CREATE_CONTEXT_PARA { typedef struct _CERT_CREATE_CONTEXT_PARA {
DWORD cbSize; DWORD cbSize;
PFN_CRYPT_FREE pfnFree; // OPTIONAL PFN_CRYPT_FREE pfnFree; // OPTIONAL
void *pvFree; // OPTIONAL void *pvFree; // OPTIONAL
// Only applicable to CERT_STORE_CTL_CONTEXT when // Only applicable to CERT_STORE_CTL_CONTEXT when
// CERT_CREATE_CONTEXT_SORTED_FLAG is set in dwFlags. // CERT_CREATE_CONTEXT_SORTED_FLAG is set in dwFlags.
PFN_CERT_CREATE_CONTEXT_SORT_FUNC pfnSort; // OPTIONAL PFN_CERT_CREATE_CONTEXT_SORT_FUNC pfnSort; // OPTIONAL
skipping to change at line 12347 skipping to change at line 12965
// If unable to decode and create the context, NULL is returned. // If unable to decode and create the context, NULL is returned.
// Otherwise, a pointer to a read only CERT_CONTEXT, CRL_CONTEXT or // Otherwise, a pointer to a read only CERT_CONTEXT, CRL_CONTEXT or
// CTL_CONTEXT is returned. The context must be freed by the appropriate // CTL_CONTEXT is returned. The context must be freed by the appropriate
// free context API. The context can be duplicated by calling the // free context API. The context can be duplicated by calling the
// appropriate duplicate context API. // appropriate duplicate context API.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
const void * const void *
WINAPI WINAPI
CertCreateContext( CertCreateContext(
__in DWORD dwContextType, _In_ DWORD dwContextType,
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in_bcount(cbEncoded) const BYTE *pbEncoded, _In_reads_bytes_(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, _In_ DWORD cbEncoded,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt PCERT_CREATE_CONTEXT_PARA pCreatePara _In_opt_ PCERT_CREATE_CONTEXT_PARA pCreatePara
); );
// When the following flag is set, the created context points directly to the // When the following flag is set, the created context points directly to the
// pbEncoded instead of an allocated copy. If pCreatePara and // pbEncoded instead of an allocated copy. If pCreatePara and
// pCreatePara->pfnFree are non-NULL, then, pfnFree is called to free // pCreatePara->pfnFree are non-NULL, then, pfnFree is called to free
// the pbEncoded when the context is last freed. Otherwise, no attempt is // the pbEncoded when the context is last freed. Otherwise, no attempt is
// made to free the pbEncoded. If pCreatePara->pvFree is non-NULL, then its // made to free the pbEncoded. If pCreatePara->pvFree is non-NULL, then its
// passed to pfnFree instead of pbEncoded. // passed to pfnFree instead of pbEncoded.
// //
// Note, if CertCreateContext fails, pfnFree is still called. // Note, if CertCreateContext fails, pfnFree is still called.
skipping to change at line 12497 skipping to change at line 13115
// "\\ComputerName\ServiceName\Trust". The leading "\\" backslashes are // "\\ComputerName\ServiceName\Trust". The leading "\\" backslashes are
// optional in the ComputerName. // optional in the ComputerName.
// //
// Set CERT_STORE_CREATE_NEW_FLAG to cause a failure if the system store // Set CERT_STORE_CREATE_NEW_FLAG to cause a failure if the system store
// already exists in the store location. // already exists in the store location.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertRegisterSystemStore( CertRegisterSystemStore(
__in const void *pvSystemStore, _In_ const void *pvSystemStore,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt PCERT_SYSTEM_STORE_INFO pStoreInfo, _In_opt_ PCERT_SYSTEM_STORE_INFO pStoreInfo,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Register a physical store for the specified system store. // Register a physical store for the specified system store.
// //
// The upper word of the dwFlags parameter is used to specify the location of // The upper word of the dwFlags parameter is used to specify the location of
// the system store. // the system store.
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore
// points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise, // points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise,
skipping to change at line 12523 skipping to change at line 13141
// See CertRegisterSystemStore for details on prepending a ServiceName // See CertRegisterSystemStore for details on prepending a ServiceName
// and/or ComputerName to the system store name. // and/or ComputerName to the system store name.
// //
// Set CERT_STORE_CREATE_NEW_FLAG to cause a failure if the physical store // Set CERT_STORE_CREATE_NEW_FLAG to cause a failure if the physical store
// already exists in the system store. // already exists in the system store.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertRegisterPhysicalStore( CertRegisterPhysicalStore(
__in const void *pvSystemStore, _In_ const void *pvSystemStore,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in LPCWSTR pwszStoreName, _In_ LPCWSTR pwszStoreName,
__in PCERT_PHYSICAL_STORE_INFO pStoreInfo, _In_ PCERT_PHYSICAL_STORE_INFO pStoreInfo,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Unregister the specified system store. // Unregister the specified system store.
// //
// The upper word of the dwFlags parameter is used to specify the location of // The upper word of the dwFlags parameter is used to specify the location of
// the system store. // the system store.
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore
// points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise, // points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise,
skipping to change at line 12549 skipping to change at line 13167
// //
// See CertRegisterSystemStore for details on prepending a ServiceName // See CertRegisterSystemStore for details on prepending a ServiceName
// and/or ComputerName to the system store name. // and/or ComputerName to the system store name.
// //
// CERT_STORE_DELETE_FLAG can optionally be set in dwFlags. // CERT_STORE_DELETE_FLAG can optionally be set in dwFlags.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertUnregisterSystemStore( CertUnregisterSystemStore(
__in const void *pvSystemStore, _In_ const void *pvSystemStore,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Unregister the physical store from the specified system store. // Unregister the physical store from the specified system store.
// //
// The upper word of the dwFlags parameter is used to specify the location of // The upper word of the dwFlags parameter is used to specify the location of
// the system store. // the system store.
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore
// points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise, // points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise,
skipping to change at line 12572 skipping to change at line 13190
// //
// See CertRegisterSystemStore for details on prepending a ServiceName // See CertRegisterSystemStore for details on prepending a ServiceName
// and/or ComputerName to the system store name. // and/or ComputerName to the system store name.
// //
// CERT_STORE_DELETE_FLAG can optionally be set in dwFlags. // CERT_STORE_DELETE_FLAG can optionally be set in dwFlags.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertUnregisterPhysicalStore( CertUnregisterPhysicalStore(
__in const void *pvSystemStore, _In_ const void *pvSystemStore,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in LPCWSTR pwszStoreName _In_ LPCWSTR pwszStoreName
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enum callbacks // Enum callbacks
// //
// The CERT_SYSTEM_STORE_LOCATION_MASK bits in the dwFlags parameter // The CERT_SYSTEM_STORE_LOCATION_MASK bits in the dwFlags parameter
// specifies the location of the system store // specifies the location of the system store
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore
// points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise, // points to a CERT_SYSTEM_STORE_RELOCATE_PARA data structure. Otherwise,
// pvSystemStore points to a null terminated UNICODE string. // pvSystemStore points to a null terminated UNICODE string.
// //
// The callback returns FALSE and sets LAST_ERROR to stop the enumeration. // The callback returns FALSE and sets LAST_ERROR to stop the enumeration.
// The LAST_ERROR is returned to the caller of the enumeration. // The LAST_ERROR is returned to the caller of the enumeration.
// //
// The pvSystemStore passed to the callback has leading ComputerName and/or // The pvSystemStore passed to the callback has leading ComputerName and/or
// ServiceName prefixes where appropriate. // ServiceName prefixes where appropriate.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_CERT_ENUM_SYSTEM_STORE_LOCATION)( typedef BOOL (WINAPI *PFN_CERT_ENUM_SYSTEM_STORE_LOCATION)(
__in LPCWSTR pwszStoreLocation, _In_ LPCWSTR pwszStoreLocation,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__inout_opt void *pvArg _Inout_opt_ void *pvArg
); );
typedef BOOL (WINAPI *PFN_CERT_ENUM_SYSTEM_STORE)( typedef BOOL (WINAPI *PFN_CERT_ENUM_SYSTEM_STORE)(
__in const void *pvSystemStore, _In_ const void *pvSystemStore,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in PCERT_SYSTEM_STORE_INFO pStoreInfo, _In_ PCERT_SYSTEM_STORE_INFO pStoreInfo,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__inout_opt void *pvArg _Inout_opt_ void *pvArg
); );
typedef BOOL (WINAPI *PFN_CERT_ENUM_PHYSICAL_STORE)( typedef BOOL (WINAPI *PFN_CERT_ENUM_PHYSICAL_STORE)(
__in const void *pvSystemStore, _In_ const void *pvSystemStore,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in LPCWSTR pwszStoreName, _In_ LPCWSTR pwszStoreName,
__in PCERT_PHYSICAL_STORE_INFO pStoreInfo, _In_ PCERT_PHYSICAL_STORE_INFO pStoreInfo,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__inout_opt void *pvArg _Inout_opt_ void *pvArg
); );
// In the PFN_CERT_ENUM_PHYSICAL_STORE callback the following flag is // In the PFN_CERT_ENUM_PHYSICAL_STORE callback the following flag is
// set if the physical store wasn't registered and is an implicitly created // set if the physical store wasn't registered and is an implicitly created
// predefined physical store. // predefined physical store.
#define CERT_PHYSICAL_STORE_PREDEFINED_ENUM_FLAG 0x1 #define CERT_PHYSICAL_STORE_PREDEFINED_ENUM_FLAG 0x1
// Names of implicitly created predefined physical stores // Names of implicitly created predefined physical stores
#define CERT_PHYSICAL_STORE_DEFAULT_NAME L".Default" #define CERT_PHYSICAL_STORE_DEFAULT_NAME L".Default"
#define CERT_PHYSICAL_STORE_GROUP_POLICY_NAME L".GroupPolicy" #define CERT_PHYSICAL_STORE_GROUP_POLICY_NAME L".GroupPolicy"
skipping to change at line 12641 skipping to change at line 13259
#define CERT_PHYSICAL_STORE_AUTH_ROOT_NAME L".AuthRoot" #define CERT_PHYSICAL_STORE_AUTH_ROOT_NAME L".AuthRoot"
#define CERT_PHYSICAL_STORE_SMART_CARD_NAME L".SmartCard" #define CERT_PHYSICAL_STORE_SMART_CARD_NAME L".SmartCard"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the system store locations. // Enumerate the system store locations.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertEnumSystemStoreLocation( CertEnumSystemStoreLocation(
__in DWORD dwFlags, _In_ DWORD dwFlags,
__inout_opt void *pvArg, _Inout_opt_ void *pvArg,
__callback PFN_CERT_ENUM_SYSTEM_STORE_LOCATION pfnEnum __callback PFN_CERT_ENUM_SYSTEM_STORE_LOCATION pfnEnum
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the system stores. // Enumerate the system stores.
// //
// The upper word of the dwFlags parameter is used to specify the location of // The upper word of the dwFlags parameter is used to specify the location of
// the system store. // the system store.
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags,
skipping to change at line 12681 skipping to change at line 13299
// "\\ComputerName" or "ComputerName\" // "\\ComputerName" or "ComputerName\"
// "ComputerName\ServiceName" // "ComputerName\ServiceName"
// Note, if only the ComputerName is specified, then, it must have either // Note, if only the ComputerName is specified, then, it must have either
// the leading "\\" backslashes or a trailing backslash. Otherwise, its // the leading "\\" backslashes or a trailing backslash. Otherwise, its
// interpretted as the ServiceName or UserName. // interpretted as the ServiceName or UserName.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertEnumSystemStore( CertEnumSystemStore(
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt void *pvSystemStoreLocationPara, _In_opt_ void *pvSystemStoreLocationPara,
__inout_opt void *pvArg, _Inout_opt_ void *pvArg,
__callback PFN_CERT_ENUM_SYSTEM_STORE pfnEnum __callback PFN_CERT_ENUM_SYSTEM_STORE pfnEnum
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the physical stores for the specified system store. // Enumerate the physical stores for the specified system store.
// //
// The upper word of the dwFlags parameter is used to specify the location of // The upper word of the dwFlags parameter is used to specify the location of
// the system store. // the system store.
// //
// If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore // If CERT_SYSTEM_STORE_RELOCATE_FLAG is set in dwFlags, pvSystemStore
skipping to change at line 12707 skipping to change at line 13325
// See CertRegisterSystemStore for details on prepending a ServiceName // See CertRegisterSystemStore for details on prepending a ServiceName
// and/or ComputerName to the system store name. // and/or ComputerName to the system store name.
// //
// If the system store location only supports system stores and doesn't // If the system store location only supports system stores and doesn't
// support physical stores, LastError is set to ERROR_CALL_NOT_IMPLEMENTED. // support physical stores, LastError is set to ERROR_CALL_NOT_IMPLEMENTED.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertEnumPhysicalStore( CertEnumPhysicalStore(
__in const void *pvSystemStore, _In_ const void *pvSystemStore,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__inout_opt void *pvArg, _Inout_opt_ void *pvArg,
__callback PFN_CERT_ENUM_PHYSICAL_STORE pfnEnum __callback PFN_CERT_ENUM_PHYSICAL_STORE pfnEnum
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate System Store Installable Functions // Certificate System Store Installable Functions
// //
// The CERT_SYSTEM_STORE_LOCATION_MASK bits in the dwFlags parameter passed // The CERT_SYSTEM_STORE_LOCATION_MASK bits in the dwFlags parameter passed
// to the CertOpenStore(for "System", "SystemRegistry" or "Physical" // to the CertOpenStore(for "System", "SystemRegistry" or "Physical"
// Provider), CertRegisterSystemStore, // Provider), CertRegisterSystemStore,
// CertUnregisterSystemStore, CertEnumSystemStore, CertRegisterPhysicalStore, // CertUnregisterSystemStore, CertEnumSystemStore, CertRegisterPhysicalStore,
skipping to change at line 12768 skipping to change at line 13386
// If the CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the // If the CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the
// extension. // extension.
// //
// If the CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the // If the CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the
// property. // property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetEnhancedKeyUsage( CertGetEnhancedKeyUsage(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbUsage, *pcbUsage) PCERT_ENHKEY_USAGE pUsage, _Out_writes_bytes_to_opt_(*pcbUsage, *pcbUsage) PCERT_ENHKEY_USAGE pUsage,
__inout DWORD *pcbUsage _Inout_ DWORD *pcbUsage
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Set the enhanced key usage property for the certificate. // Set the enhanced key usage property for the certificate.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertSetEnhancedKeyUsage( CertSetEnhancedKeyUsage(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in_opt PCERT_ENHKEY_USAGE pUsage _In_opt_ PCERT_ENHKEY_USAGE pUsage
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Add the usage identifier to the certificate's enhanced key usage property. // Add the usage identifier to the certificate's enhanced key usage property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertAddEnhancedKeyUsageIdentifier( CertAddEnhancedKeyUsageIdentifier(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in LPCSTR pszUsageIdentifier _In_ LPCSTR pszUsageIdentifier
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Remove the usage identifier from the certificate's enhanced key usage // Remove the usage identifier from the certificate's enhanced key usage
// property. // property.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertRemoveEnhancedKeyUsageIdentifier( CertRemoveEnhancedKeyUsageIdentifier(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in LPCSTR pszUsageIdentifier _In_ LPCSTR pszUsageIdentifier
); );
//+--------------------------------------------------------------------------- //+---------------------------------------------------------------------------
// //
// //
// Takes an array of certs and returns an array of usages // Takes an array of certs and returns an array of usages
// which consists of the intersection of the valid usages for each cert. // which consists of the intersection of the valid usages for each cert.
// If each cert is good for all possible usages then the cNumOIDs is set to -1. // If each cert is good for all possible usages then the cNumOIDs is set to -1.
// //
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
_Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertGetValidUsages( CertGetValidUsages(
__in DWORD cCerts, _In_ DWORD cCerts,
__in_ecount(cCerts) PCCERT_CONTEXT *rghCerts, _In_reads_(cCerts) PCCERT_CONTEXT *rghCerts,
__out int *cNumOIDs, _Out_ int *cNumOIDs,
__out_bcount_part_opt(*pcbOIDs, *pcbOIDs) LPSTR *rghOIDs, _Out_writes_bytes_to_opt_(*pcbOIDs, *pcbOIDs) LPSTR *rghOIDs,
__inout DWORD *pcbOIDs); _Inout_ DWORD *pcbOIDs);
//+========================================================================= //+=========================================================================
// Cryptographic Message helper functions for verifying and signing a // Cryptographic Message helper functions for verifying and signing a
// CTL. // CTL.
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get and verify the signer of a cryptographic message. // Get and verify the signer of a cryptographic message.
// //
// To verify a CTL, the hCryptMsg is obtained from the CTL_CONTEXT's // To verify a CTL, the hCryptMsg is obtained from the CTL_CONTEXT's
skipping to change at line 12855 skipping to change at line 13474
// If CMSG_USE_SIGNER_INDEX_FLAG is set, then, only get the signer specified // If CMSG_USE_SIGNER_INDEX_FLAG is set, then, only get the signer specified
// by *pdwSignerIndex. Otherwise, iterate through all the signers // by *pdwSignerIndex. Otherwise, iterate through all the signers
// until a signer verifies or no more signers. // until a signer verifies or no more signers.
// //
// For a verified signature, *ppSigner is updated with certificate context // For a verified signature, *ppSigner is updated with certificate context
// of the signer and *pdwSignerIndex is updated with the index of the signer. // of the signer and *pdwSignerIndex is updated with the index of the signer.
// ppSigner and/or pdwSignerIndex can be NULL, indicating the caller isn't // ppSigner and/or pdwSignerIndex can be NULL, indicating the caller isn't
// interested in getting the CertContext and/or index of the signer. // interested in getting the CertContext and/or index of the signer.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptMsgGetAndVerifySigner( CryptMsgGetAndVerifySigner(
__in HCRYPTMSG hCryptMsg, _In_ HCRYPTMSG hCryptMsg,
__in DWORD cSignerStore, _In_ DWORD cSignerStore,
__in_ecount_opt(cSignerStore) HCERTSTORE *rghSignerStore, _In_reads_opt_(cSignerStore) HCERTSTORE *rghSignerStore,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__deref_opt_out PCCERT_CONTEXT *ppSigner, _Outptr_opt_ PCCERT_CONTEXT *ppSigner,
__inout_opt DWORD *pdwSignerIndex _Inout_opt_ DWORD *pdwSignerIndex
); );
#define CMSG_TRUSTED_SIGNER_FLAG 0x1 #define CMSG_TRUSTED_SIGNER_FLAG 0x1
#define CMSG_SIGNER_ONLY_FLAG 0x2 #define CMSG_SIGNER_ONLY_FLAG 0x2
#define CMSG_USE_SIGNER_INDEX_FLAG 0x4 #define CMSG_USE_SIGNER_INDEX_FLAG 0x4
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign an encoded CTL. // Sign an encoded CTL.
// //
// The pbCtlContent can be obtained via a CTL_CONTEXT's pbCtlContent // The pbCtlContent can be obtained via a CTL_CONTEXT's pbCtlContent
// field or via a CryptEncodeObject(PKCS_CTL or PKCS_SORTED_CTL). // field or via a CryptEncodeObject(PKCS_CTL or PKCS_SORTED_CTL).
// //
// CMSG_CMS_ENCAPSULATED_CTL_FLAG can be set to encode a CMS compatible // CMSG_CMS_ENCAPSULATED_CTL_FLAG can be set to encode a CMS compatible
// V3 SignedData message. // V3 SignedData message.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgSignCTL( CryptMsgSignCTL(
__in DWORD dwMsgEncodingType, _In_ DWORD dwMsgEncodingType,
__in_bcount(cbCtlContent) BYTE *pbCtlContent, _In_reads_bytes_(cbCtlContent) BYTE *pbCtlContent,
__in DWORD cbCtlContent, _In_ DWORD cbCtlContent,
__in PCMSG_SIGNED_ENCODE_INFO pSignInfo, _In_ PCMSG_SIGNED_ENCODE_INFO pSignInfo,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded, _Out_writes_bytes_to_opt_(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
__inout DWORD *pcbEncoded _Inout_ DWORD *pcbEncoded
); );
// When set, CTL inner content is encapsulated within an OCTET STRING // When set, CTL inner content is encapsulated within an OCTET STRING
#define CMSG_CMS_ENCAPSULATED_CTL_FLAG 0x00008000 #define CMSG_CMS_ENCAPSULATED_CTL_FLAG 0x00008000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Encode the CTL and create a signed message containing the encoded CTL. // Encode the CTL and create a signed message containing the encoded CTL.
// //
// Set CMSG_ENCODE_SORTED_CTL_FLAG if the CTL entries are to be sorted // Set CMSG_ENCODE_SORTED_CTL_FLAG if the CTL entries are to be sorted
// before encoding. This flag should be set, if the // before encoding. This flag should be set, if the
skipping to change at line 12913 skipping to change at line 13532
// MD5 or SHA1, then, CMSG_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG should // MD5 or SHA1, then, CMSG_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG should
// also be set. // also be set.
// //
// CMSG_CMS_ENCAPSULATED_CTL_FLAG can be set to encode a CMS compatible // CMSG_CMS_ENCAPSULATED_CTL_FLAG can be set to encode a CMS compatible
// V3 SignedData message. // V3 SignedData message.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptMsgEncodeAndSignCTL( CryptMsgEncodeAndSignCTL(
__in DWORD dwMsgEncodingType, _In_ DWORD dwMsgEncodingType,
__in PCTL_INFO pCtlInfo, _In_ PCTL_INFO pCtlInfo,
__in PCMSG_SIGNED_ENCODE_INFO pSignInfo, _In_ PCMSG_SIGNED_ENCODE_INFO pSignInfo,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded, _Out_writes_bytes_to_opt_(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
__inout DWORD *pcbEncoded _Inout_ DWORD *pcbEncoded
); );
// The following flag is set if the CTL is to be encoded with sorted // The following flag is set if the CTL is to be encoded with sorted
// trusted subjects and the szOID_SORTED_CTL extension is inserted containing // trusted subjects and the szOID_SORTED_CTL extension is inserted containing
// sorted offsets to the encoded subjects. // sorted offsets to the encoded subjects.
#define CMSG_ENCODE_SORTED_CTL_FLAG 0x1 #define CMSG_ENCODE_SORTED_CTL_FLAG 0x1
// If the above sorted flag is set, then, the following flag should also // If the above sorted flag is set, then, the following flag should also
// be set if the identifier for the TrustedSubjects is a hash, // be set if the identifier for the TrustedSubjects is a hash,
// such as, MD5 or SHA1. // such as, MD5 or SHA1.
#define CMSG_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x2 #define CMSG_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x2
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Returns TRUE if the SubjectIdentifier exists in the CTL. Optionally // Returns TRUE if the SubjectIdentifier exists in the CTL. Optionally
// returns a pointer to and byte count of the Subject's encoded attributes. // returns a pointer to and byte count of the Subject's encoded attributes.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertFindSubjectInSortedCTL( CertFindSubjectInSortedCTL(
__in PCRYPT_DATA_BLOB pSubjectIdentifier, _In_ PCRYPT_DATA_BLOB pSubjectIdentifier,
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__out_opt PCRYPT_DER_BLOB pEncodedAttributes _Out_opt_ PCRYPT_DER_BLOB pEncodedAttributes
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerates through the sequence of TrustedSubjects in a CTL context // Enumerates through the sequence of TrustedSubjects in a CTL context
// created with CERT_CREATE_CONTEXT_SORTED_FLAG set. // created with CERT_CREATE_CONTEXT_SORTED_FLAG set.
// //
// To start the enumeration, *ppvNextSubject must be NULL. Upon return, // To start the enumeration, *ppvNextSubject must be NULL. Upon return,
// *ppvNextSubject is updated to point to the next TrustedSubject in // *ppvNextSubject is updated to point to the next TrustedSubject in
// the encoded sequence. // the encoded sequence.
// //
// Returns FALSE for no more subjects or invalid arguments. // Returns FALSE for no more subjects or invalid arguments.
// //
// Note, the returned DER_BLOBs point directly into the encoded // Note, the returned DER_BLOBs point directly into the encoded
// bytes (not allocated, and must not be freed). // bytes (not allocated, and must not be freed).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertEnumSubjectInSortedCTL( CertEnumSubjectInSortedCTL(
__in PCCTL_CONTEXT pCtlContext, _In_ PCCTL_CONTEXT pCtlContext,
__deref_inout_opt void **ppvNextSubject, _Inout_ void **ppvNextSubject,
__out_opt PCRYPT_DER_BLOB pSubjectIdentifier, _Out_opt_ PCRYPT_DER_BLOB pSubjectIdentifier,
__out_opt PCRYPT_DER_BLOB pEncodedAttributes _Out_opt_ PCRYPT_DER_BLOB pEncodedAttributes
); );
//+========================================================================= //+=========================================================================
// Certificate Verify CTL Usage Data Structures and APIs // Certificate Verify CTL Usage Data Structures and APIs
//========================================================================== //==========================================================================
typedef struct _CTL_VERIFY_USAGE_PARA { typedef struct _CTL_VERIFY_USAGE_PARA {
DWORD cbSize; DWORD cbSize;
CRYPT_DATA_BLOB ListIdentifier; // OPTIONAL CRYPT_DATA_BLOB ListIdentifier; // OPTIONAL
DWORD cCtlStore; DWORD cCtlStore;
skipping to change at line 13052 skipping to change at line 13671
// CRYPT_E_NO_VERIFY_USAGE_DLL // CRYPT_E_NO_VERIFY_USAGE_DLL
// CRYPT_E_NO_VERIFY_USAGE_CHECK // CRYPT_E_NO_VERIFY_USAGE_CHECK
// CRYPT_E_VERIFY_USAGE_OFFLINE // CRYPT_E_VERIFY_USAGE_OFFLINE
// CRYPT_E_NOT_IN_CTL // CRYPT_E_NOT_IN_CTL
// CRYPT_E_NO_TRUSTED_SIGNER // CRYPT_E_NO_TRUSTED_SIGNER
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifyCTLUsage( CertVerifyCTLUsage(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in DWORD dwSubjectType, _In_ DWORD dwSubjectType,
__in void *pvSubject, _In_ void *pvSubject,
__in PCTL_USAGE pSubjectUsage, _In_ PCTL_USAGE pSubjectUsage,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt PCTL_VERIFY_USAGE_PARA pVerifyUsagePara, _In_opt_ PCTL_VERIFY_USAGE_PARA pVerifyUsagePara,
__inout PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus _Inout_ PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus
); );
//+========================================================================= //+=========================================================================
// Certificate Revocation Data Structures and APIs // Certificate Revocation Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// This data structure is updated by a CRL revocation type handler // This data structure is updated by a CRL revocation type handler
// with the base and possibly the delta CRL used. // with the base and possibly the delta CRL used.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 13267 skipping to change at line 13886
// CRYPT_E_REVOKED, then, CertVerifyRevocation either continues on to the // CRYPT_E_REVOKED, then, CertVerifyRevocation either continues on to the
// next DLL in the list for a returned dwIndex of 0 or for a returned // next DLL in the list for a returned dwIndex of 0 or for a returned
// dwIndex > 0, restarts the process of finding a verify function by // dwIndex > 0, restarts the process of finding a verify function by
// advancing the start of the context array to the returned dwIndex and // advancing the start of the context array to the returned dwIndex and
// decrementing the count of remaining contexts. // decrementing the count of remaining contexts.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifyRevocation( CertVerifyRevocation(
__in DWORD dwEncodingType, _In_ DWORD dwEncodingType,
__in DWORD dwRevType, _In_ DWORD dwRevType,
__in DWORD cContext, _In_ DWORD cContext,
__in_ecount(cContext) PVOID rgpvContext[], _In_reads_(cContext) PVOID rgpvContext[],
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt PCERT_REVOCATION_PARA pRevPara, _In_opt_ PCERT_REVOCATION_PARA pRevPara,
__inout PCERT_REVOCATION_STATUS pRevStatus _Inout_ PCERT_REVOCATION_STATUS pRevStatus
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Revocation types // Revocation types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_CONTEXT_REVOCATION_TYPE 1 #define CERT_CONTEXT_REVOCATION_TYPE 1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// When the following flag is set, rgpvContext[] consists of a chain // When the following flag is set, rgpvContext[] consists of a chain
// of certificates, where rgpvContext[i + 1] is the issuer of rgpvContext[i]. // of certificates, where rgpvContext[i + 1] is the issuer of rgpvContext[i].
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_VERIFY_REV_CHAIN_FLAG 0x00000001 #define CERT_VERIFY_REV_CHAIN_FLAG 0x00000001
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION prevents the revocation handler from // CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION prevents the revocation handler from
// accessing any network based resources for revocation checking // accessing any network based resources for revocation checking
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION 0x00000002 #define CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION 0x00000002
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// By default, the dwUrlRetrievalTimeout in pRevPara is the timeout used // By default, the dwUrlRetrievalTimeout in pRevPara is the timeout used
// for each URL wire retrieval. When the following flag is set, // for each URL wire retrieval. When the following flag is set,
// dwUrlRetrievalTimeout is the accumulative timeout across all URL wire // dwUrlRetrievalTimeout is the accumulative timeout across all URL wire
// retrievals. // retrievals.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG 0x00000004 #define CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG 0x00000004
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// When the following flag is set, only OCSP responses are used for // When the following flag is set, only OCSP responses are used for
// doing revocation checking. If the certificate doesn't have any // doing revocation checking. If the certificate doesn't have any
// OCSP AIA URLs, dwError is set to CRYPT_E_NOT_IN_REVOCATION_DATABASE. // OCSP AIA URLs, dwError is set to CRYPT_E_NOT_IN_REVOCATION_DATABASE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_VERIFY_REV_SERVER_OCSP_FLAG 0x00000008 #define CERT_VERIFY_REV_SERVER_OCSP_FLAG 0x00000008
//+-------------------------------------------------------------------------
// When the following flag is set, only the OCSP AIA URL is used if
// present in the subject. If the subject doesn't have an OCSP AIA URL, then,
// the CDP URLs are used.
//--------------------------------------------------------------------------
#define CERT_VERIFY_REV_NO_OCSP_FAILOVER_TO_CRL_FLAG 0x00000010
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_CONTEXT_REVOCATION_TYPE // CERT_CONTEXT_REVOCATION_TYPE
// //
// pvContext points to a const CERT_CONTEXT. // pvContext points to a const CERT_CONTEXT.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+========================================================================= //+=========================================================================
// Certificate Helper APIs // Certificate Helper APIs
//========================================================================== //==========================================================================
skipping to change at line 13335 skipping to change at line 13961
// The multiple byte integers are treated as Little Endian. pbData[0] is the // The multiple byte integers are treated as Little Endian. pbData[0] is the
// least significant byte and pbData[cbData - 1] is the most significant // least significant byte and pbData[cbData - 1] is the most significant
// byte. // byte.
// //
// Returns TRUE if the integer blobs are identical after removing leading // Returns TRUE if the integer blobs are identical after removing leading
// 0 or 0xFF bytes. // 0 or 0xFF bytes.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CertCompareIntegerBlob( CertCompareIntegerBlob(
__in PCRYPT_INTEGER_BLOB pInt1, _In_ PCRYPT_INTEGER_BLOB pInt1,
__in PCRYPT_INTEGER_BLOB pInt2 _In_ PCRYPT_INTEGER_BLOB pInt2
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compare two certificates to see if they are identical. // Compare two certificates to see if they are identical.
// //
// Since a certificate is uniquely identified by its Issuer and SerialNumber, // Since a certificate is uniquely identified by its Issuer and SerialNumber,
// these are the only fields needing to be compared. // these are the only fields needing to be compared.
// //
// Returns TRUE if the certificates are identical. // Returns TRUE if the certificates are identical.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertCompareCertificate( CertCompareCertificate(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_INFO pCertId1, _In_ PCERT_INFO pCertId1,
__in PCERT_INFO pCertId2 _In_ PCERT_INFO pCertId2
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compare two certificate names to see if they are identical. // Compare two certificate names to see if they are identical.
// //
// Returns TRUE if the names are identical. // Returns TRUE if the names are identical.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertCompareCertificateName( CertCompareCertificateName(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_NAME_BLOB pCertName1, _In_ PCERT_NAME_BLOB pCertName1,
__in PCERT_NAME_BLOB pCertName2 _In_ PCERT_NAME_BLOB pCertName2
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compare the attributes in the certificate name with the specified // Compare the attributes in the certificate name with the specified
// Relative Distinguished Name's (CERT_RDN) array of attributes. // Relative Distinguished Name's (CERT_RDN) array of attributes.
// The comparison iterates through the CERT_RDN attributes and looks for an // The comparison iterates through the CERT_RDN attributes and looks for an
// attribute match in any of the certificate name's RDNs. // attribute match in any of the certificate name's RDNs.
// Returns TRUE if all the attributes are found and match. // Returns TRUE if all the attributes are found and match.
// //
// The CERT_RDN_ATTR fields can have the following special values: // The CERT_RDN_ATTR fields can have the following special values:
skipping to change at line 13392 skipping to change at line 14018
// a case insensitive match. Otherwise, defaults to an exact, case sensitive // a case insensitive match. Otherwise, defaults to an exact, case sensitive
// match. // match.
// //
// CERT_UNICODE_IS_RDN_ATTRS_FLAG should be set if the pRDN was initialized // CERT_UNICODE_IS_RDN_ATTRS_FLAG should be set if the pRDN was initialized
// with unicode strings as for CryptEncodeObject(X509_UNICODE_NAME). // with unicode strings as for CryptEncodeObject(X509_UNICODE_NAME).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertIsRDNAttrsInCertificateName( CertIsRDNAttrsInCertificateName(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in PCERT_NAME_BLOB pCertName, _In_ PCERT_NAME_BLOB pCertName,
__in PCERT_RDN pRDN _In_ PCERT_RDN pRDN
); );
#define CERT_UNICODE_IS_RDN_ATTRS_FLAG 0x1 #define CERT_UNICODE_IS_RDN_ATTRS_FLAG 0x1
#define CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG 0x2 #define CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG 0x2
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compare two public keys to see if they are identical. // Compare two public keys to see if they are identical.
// //
// Returns TRUE if the keys are identical. // Returns TRUE if the keys are identical.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertComparePublicKeyInfo( CertComparePublicKeyInfo(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pPublicKey1, _In_ PCERT_PUBLIC_KEY_INFO pPublicKey1,
__in PCERT_PUBLIC_KEY_INFO pPublicKey2 _In_ PCERT_PUBLIC_KEY_INFO pPublicKey2
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the public/private key's bit length. // Get the public/private key's bit length.
// //
// Returns 0 if unable to determine the key's length. // Returns 0 if unable to determine the key's length.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertGetPublicKeyLength( CertGetPublicKeyLength(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pPublicKey _In_ PCERT_PUBLIC_KEY_INFO pPublicKey
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify the signature of a subject certificate or a CRL using the // Verify the signature of a subject certificate or a CRL using the
// public key info // public key info
// //
// Returns TRUE for a valid signature. // Returns TRUE for a valid signature.
// //
// hCryptProv specifies the crypto provider to use to verify the signature. // hCryptProv specifies the crypto provider to use to verify the signature.
// It doesn't need to use a private key. // It doesn't need to use a private key.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__checkReturn _Must_inspect_result_
BOOL BOOL
WINAPI WINAPI
CryptVerifyCertificateSignature( CryptVerifyCertificateSignature(
__in_opt HCRYPTPROV_LEGACY hCryptProv, _In_opt_ HCRYPTPROV_LEGACY hCryptProv,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in_bcount(cbEncoded) const BYTE *pbEncoded, _In_reads_bytes_(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, _In_ DWORD cbEncoded,
__in PCERT_PUBLIC_KEY_INFO pPublicKey _In_ PCERT_PUBLIC_KEY_INFO pPublicKey
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify the signature of a subject certificate, CRL, certificate request // Verify the signature of a subject certificate, CRL, certificate request
// or keygen request using the issuer's public key. // or keygen request using the issuer's public key.
// //
// Returns TRUE for a valid signature. // Returns TRUE for a valid signature.
// //
// The subject can be an encoded blob or a context for a certificate or CRL. // The subject can be an encoded blob or a context for a certificate or CRL.
// For a subject certificate context, if the certificate is missing // For a subject certificate context, if the certificate is missing
skipping to change at line 13475 skipping to change at line 14101
// Its private key isn't used. If hCryptProv is NULL, a default // Its private key isn't used. If hCryptProv is NULL, a default
// provider is picked according to the PublicKey Algorithm OID. // provider is picked according to the PublicKey Algorithm OID.
// //
// If the signature algorithm is a hashing algorithm, then, the // If the signature algorithm is a hashing algorithm, then, the
// signature is expected to contain the hash octets. Only dwIssuerType // signature is expected to contain the hash octets. Only dwIssuerType
// of CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL may be specified // of CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL may be specified
// to verify this no signature case. If any other dwIssuerType is // to verify this no signature case. If any other dwIssuerType is
// specified, the verify will fail with LastError set to E_INVALIDARG. // specified, the verify will fail with LastError set to E_INVALIDARG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__checkReturn _Must_inspect_result_
BOOL BOOL
WINAPI WINAPI
CryptVerifyCertificateSignatureEx( CryptVerifyCertificateSignatureEx(
__in_opt HCRYPTPROV_LEGACY hCryptProv, _In_opt_ HCRYPTPROV_LEGACY hCryptProv,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in DWORD dwSubjectType, _In_ DWORD dwSubjectType,
__in void *pvSubject, _In_ void *pvSubject,
__in DWORD dwIssuerType, _In_ DWORD dwIssuerType,
__in_opt void *pvIssuer, _In_opt_ void *pvIssuer,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Inout_opt_ void *pvExtra
); );
// Subject Types // Subject Types
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB 1 #define CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB 1
// pvSubject :: PCRYPT_DATA_BLOB // pvSubject :: PCRYPT_DATA_BLOB
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT 2 #define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT 2
// pvSubject :: PCCERT_CONTEXT // pvSubject :: PCCERT_CONTEXT
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL 3 #define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL 3
// pvSubject :: PCCRL_CONTEXT // pvSubject :: PCCRL_CONTEXT
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_OCSP_BASIC_SIGNED_RESPONSE 4 #define CRYPT_VERIFY_CERT_SIGN_SUBJECT_OCSP_BASIC_SIGNED_RESPONSE 4
skipping to change at line 13509 skipping to change at line 14135
// Issuer Types // Issuer Types
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY 1 #define CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY 1
// pvIssuer :: PCERT_PUBLIC_KEY_INFO // pvIssuer :: PCERT_PUBLIC_KEY_INFO
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT 2 #define CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT 2
// pvIssuer :: PCCERT_CONTEXT // pvIssuer :: PCCERT_CONTEXT
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN 3 #define CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN 3
// pvIssuer :: PCCERT_CHAIN_CONTEXT // pvIssuer :: PCCERT_CHAIN_CONTEXT
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL 4 #define CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL 4
// pvIssuer :: NULL // pvIssuer :: NULL
//
// If the following flag is set and a MD2 or MD4 signature hash is
// detected, then, this API fails and sets LastError to NTE_BAD_ALGID
//
// This API first does the signature verification check. If the signature
// verification succeeds and the following flag is set, it then checks for a
// MD2 or MD4 hash. For a MD2 or MD4 hash FALSE is returned with LastError set
// to NTE_BAD_ALGID. This error will only be set if MD2 or MD4 is detected.
// If NTE_BAD_ALGID is returned, then, the MD2 or MD4 signature verified.
// This allows the caller to conditionally allow MD2 or MD4.
//
#define CRYPT_VERIFY_CERT_SIGN_DISABLE_MD2_MD4_FLAG 0x00000001
//
// When the following flag is set, the strong signature properties are
// also set on the Subject. Only applicable to the
// CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL Subject Type.
//
// The strong signature properties are:
// - CERT_SIGN_HASH_CNG_ALG_PROP_ID
// - CERT_ISSUER_PUB_KEY_BIT_LENGTH_PROP_ID
//
#define CRYPT_VERIFY_CERT_SIGN_SET_STRONG_PROPERTIES_FLAG 0x00000002
//
// When the following flag is set, the strong signature properties are also
// returned. Only applicable to the
// CRYPT_VERIFY_CERT_SIGN_SUBJECT_OCSP_BASIC_SIGNED_RESPONSE Subject Type.
//
// pvExtra points to a pointer to CRYPT_VERIFY_CERT_SIGN_VERIFY_PROPERTIES_INFO.
// ie, PCRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO *ppStrongPropertiesInfo.
// The returned pointer is freed via CryptMemFree().
//
// The strong signature properties are:
// - CERT_SIGN_HASH_CNG_ALG_PROP_ID
// - CERT_ISSUER_PUB_KEY_BIT_LENGTH_PROP_ID
//
#define CRYPT_VERIFY_CERT_SIGN_RETURN_STRONG_PROPERTIES_FLAG 0x00000004
typedef struct _CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO {
// CERT_SIGN_HASH_CNG_ALG_PROP_ID
CRYPT_DATA_BLOB CertSignHashCNGAlgPropData;
// CERT_ISSUER_PUB_KEY_BIT_LENGTH_PROP_ID
CRYPT_DATA_BLOB CertIssuerPubKeyBitLengthPropData;
} CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO,
*PCRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO;
#define CRYPT_VERIFY_CERT_SIGN_CHECK_WEAK_HASH_FLAG 0x00000008
typedef struct _CRYPT_VERIFY_CERT_SIGN_WEAK_HASH_INFO {
DWORD cCNGHashAlgid;
PCWSTR *rgpwszCNGHashAlgid;
// If not weak, dwWeakIndex is set to cCNGHashAlgid. Otherwise,
// index into the above array.
DWORD dwWeakIndex;
} CRYPT_VERIFY_CERT_SIGN_WEAK_HASH_INFO,
*PCRYPT_VERIFY_CERT_SIGN_WEAK_HASH_INFO;
//+-------------------------------------------------------------------------
// Checks if the specified hash algorithm and the signing certificate's
// public key algorithm can be used to do a strong signature.
//
// Returns TRUE if the hash algorithm and certificate public key algorithm
// satisfy the strong signature requirements.
//
// pwszCNGHashAlgid is the CNG hash algorithm identifier string, for example,
// BCRYPT_SHA256_ALGORITHM (L"SHA256")
//
// The CNG hash algorithm identifier string can be empty (L"") to only check
// if the certificate's public key is strong.
//
// The SigningCert can be NULL to only check if the CNG hash algorithm is
// strong.
//--------------------------------------------------------------------------
WINCRYPT32API
BOOL
WINAPI
CertIsStrongHashToSign(
_In_ PCCERT_STRONG_SIGN_PARA pStrongSignPara,
_In_ LPCWSTR pwszCNGHashAlgid,
_In_opt_ PCCERT_CONTEXT pSigningCert
);
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compute the hash of the "to be signed" information in the encoded // Compute the hash of the "to be signed" information in the encoded
// signed content (CERT_SIGNED_CONTENT_INFO). // signed content (CERT_SIGNED_CONTENT_INFO).
// //
// hCryptProv specifies the crypto provider to use to compute the hash. // hCryptProv specifies the crypto provider to use to compute the hash.
// It doesn't need to use a private key. // It doesn't need to use a private key.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptHashToBeSigned( CryptHashToBeSigned(
__in_opt HCRYPTPROV_LEGACY hCryptProv, _In_opt_ HCRYPTPROV_LEGACY hCryptProv,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in_bcount(cbEncoded) const BYTE *pbEncoded, _In_reads_bytes_(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, _In_ DWORD cbEncoded,
__out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa _Out_writes_bytes_to_opt_(*pcbComputedHash, *pcbComputedHash) BYTE *pbComput
sh, edHash,
__inout DWORD *pcbComputedHash _Inout_ DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Hash the encoded content. // Hash the encoded content.
// //
// hCryptProv specifies the crypto provider to use to compute the hash. // hCryptProv specifies the crypto provider to use to compute the hash.
// It doesn't need to use a private key. // It doesn't need to use a private key.
// //
// Algid specifies the CAPI hash algorithm to use. If Algid is 0, then, the // Algid specifies the CAPI hash algorithm to use. If Algid is 0, then, the
// default hash algorithm (currently SHA1) is used. // default hash algorithm (currently SHA1) is used.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptHashCertificate( CryptHashCertificate(
__in_opt HCRYPTPROV_LEGACY hCryptProv, _In_opt_ HCRYPTPROV_LEGACY hCryptProv,
__in ALG_ID Algid, _In_ ALG_ID Algid,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_bcount_opt(cbEncoded) const BYTE *pbEncoded, _In_reads_bytes_(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, _In_ DWORD cbEncoded,
__out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa _Out_writes_bytes_to_opt_(*pcbComputedHash, *pcbComputedHash) BYTE *pbComput
sh, edHash,
__inout DWORD *pcbComputedHash _Inout_ DWORD *pcbComputedHash
); );
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Hash the encoded content using the CNG hash algorithm provider. // Hash the encoded content using the CNG hash algorithm provider.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
_Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CryptHashCertificate2( CryptHashCertificate2(
__in LPCWSTR pwszCNGHashAlgid, _In_ LPCWSTR pwszCNGHashAlgid,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__in_bcount_opt(cbEncoded) const BYTE *pbEncoded, _In_reads_bytes_opt_(cbEncoded) const BYTE *pbEncoded,
__in DWORD cbEncoded, _In_ DWORD cbEncoded,
__out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa _Out_writes_bytes_to_opt_(*pcbComputedHash, *pcbComputedHash) BYTE *pbComput
sh, edHash,
__inout DWORD *pcbComputedHash _Inout_ DWORD *pcbComputedHash
); );
#endif // (NTDDI_VERSION >= NTDDI_WINLH) #endif // (NTDDI_VERSION >= NTDDI_VISTA)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign the "to be signed" information in the encoded signed content. // Sign the "to be signed" information in the encoded signed content.
// //
// hCryptProvOrNCryptKey specifies the crypto provider to use to do the // hCryptProvOrNCryptKey specifies the crypto provider to use to do the
// signature. It uses the specified private key. // signature. It uses the specified private key.
// //
// If the SignatureAlgorithm is a hash algorithm, then, the signature // If the SignatureAlgorithm is a hash algorithm, then, the signature
// contains the hash octets. A private key isn't used to encrypt the hash. // contains the hash octets. A private key isn't used to encrypt the hash.
// dwKeySpec isn't used and hCryptProvOrNCryptKey can be NULL where an // dwKeySpec isn't used and hCryptProvOrNCryptKey can be NULL where an
// appropriate default provider will be used for hashing. // appropriate default provider will be used for hashing.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSignCertificate( CryptSignCertificate(
__in_opt HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, _In_opt_ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
__in_opt DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE _In_opt_ DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in_bcount(cbEncodedToBeSigned) const BYTE *pbEncodedToBeSigned, _In_reads_bytes_(cbEncodedToBeSigned) const BYTE *pbEncodedToBeSigned,
__in DWORD cbEncodedToBeSigned, _In_ DWORD cbEncodedToBeSigned,
__in PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, _In_ PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
__in_opt const void *pvHashAuxInfo, _In_opt_ const void *pvHashAuxInfo,
__out_bcount_part_opt(*pcbSignature, *pcbSignature) BYTE *pbSignature, _Out_writes_bytes_to_opt_(*pcbSignature, *pcbSignature) BYTE *pbSignature,
__inout DWORD *pcbSignature _Inout_ DWORD *pcbSignature
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Encode the "to be signed" information. Sign the encoded "to be signed". // Encode the "to be signed" information. Sign the encoded "to be signed".
// Encode the "to be signed" and the signature. // Encode the "to be signed" and the signature.
// //
// hCryptProv specifies the crypto provider to use to do the signature. // hCryptProv specifies the crypto provider to use to do the signature.
// It uses the specified private key. // It uses the specified private key.
// //
// If the SignatureAlgorithm is a hash algorithm, then, the signature // If the SignatureAlgorithm is a hash algorithm, then, the signature
// contains the hash octets. A private key isn't used to encrypt the hash. // contains the hash octets. A private key isn't used to encrypt the hash.
// dwKeySpec isn't used and hCryptProv can be NULL where an appropriate // dwKeySpec isn't used and hCryptProv can be NULL where an appropriate
// default provider will be used for hashing. // default provider will be used for hashing.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSignAndEncodeCertificate( CryptSignAndEncodeCertificate(
__in_opt HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, _In_opt_ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
__in_opt DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE _In_opt_ DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in LPCSTR lpszStructType, // "to be signed" _In_ LPCSTR lpszStructType, // "to be signed"
__in const void *pvStructInfo, _In_ const void *pvStructInfo,
__in PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, _In_ PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
__in_opt const void *pvHashAuxInfo, _In_opt_ const void *pvHashAuxInfo,
__out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded, _Out_writes_bytes_to_opt_(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
__inout DWORD *pcbEncoded _Inout_ DWORD *pcbEncoded
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate and CryptMsg encoded signature OID installable functions // Certificate and CryptMsg encoded signature OID installable functions
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// The dwCertEncodingType and pSignatureAlgorithm->pszObjId are used // The dwCertEncodingType and pSignatureAlgorithm->pszObjId are used
// to call the signature OID installable functions. // to call the signature OID installable functions.
// //
// If the OID installable function doesn't support the signature, // If the OID installable function doesn't support the signature,
skipping to change at line 13642 skipping to change at line 14353
// Called if the signature has encoded parameters. Returns the CNG // Called if the signature has encoded parameters. Returns the CNG
// hash algorithm identifier string. Optionally returns the decoded // hash algorithm identifier string. Optionally returns the decoded
// signature parameters passed to either the SignAndEncodeHash or // signature parameters passed to either the SignAndEncodeHash or
// VerifyEncodedSignature OID installable function. // VerifyEncodedSignature OID installable function.
// //
// Returned allocated parameters are freed via LocalFree(). // Returned allocated parameters are freed via LocalFree().
#define CRYPT_OID_EXTRACT_ENCODED_SIGNATURE_PARAMETERS_FUNC \ #define CRYPT_OID_EXTRACT_ENCODED_SIGNATURE_PARAMETERS_FUNC \
"CryptDllExtractEncodedSignatureParameters" "CryptDllExtractEncodedSignatureParameters"
typedef BOOL (WINAPI *PFN_CRYPT_EXTRACT_ENCODED_SIGNATURE_PARAMETERS_FUNC)( typedef BOOL (WINAPI *PFN_CRYPT_EXTRACT_ENCODED_SIGNATURE_PARAMETERS_FUNC)(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, _In_ PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
__deref_out_opt void **ppvDecodedSignPara, // LocalFree() _Outptr_result_maybenull_ void **ppvDecodedSignPara, // LocalFree()
__deref_out LPWSTR *ppwszCNGHashAlgid // LocalFree() _Outptr_ LPWSTR *ppwszCNGHashAlgid // LocalFree()
); );
// Called to sign the computed hash and encode it. // Called to sign the computed hash and encode it.
#define CRYPT_OID_SIGN_AND_ENCODE_HASH_FUNC \ #define CRYPT_OID_SIGN_AND_ENCODE_HASH_FUNC \
"CryptDllSignAndEncodeHash" "CryptDllSignAndEncodeHash"
typedef BOOL (WINAPI *PFN_CRYPT_SIGN_AND_ENCODE_HASH_FUNC)( typedef BOOL (WINAPI *PFN_CRYPT_SIGN_AND_ENCODE_HASH_FUNC)(
__in NCRYPT_KEY_HANDLE hKey, _In_ NCRYPT_KEY_HANDLE hKey,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, _In_ PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
__in_opt void *pvDecodedSignPara, _In_opt_ void *pvDecodedSignPara,
__in LPCWSTR pwszCNGPubKeyAlgid, // obtained from signature OID _In_ LPCWSTR pwszCNGPubKeyAlgid, // obtained from signature OID
__in LPCWSTR pwszCNGHashAlgid, _In_ LPCWSTR pwszCNGHashAlgid,
__in_bcount(cbComputedHash) BYTE *pbComputedHash, _In_reads_bytes_(cbComputedHash) BYTE *pbComputedHash,
__in DWORD cbComputedHash, _In_ DWORD cbComputedHash,
__out_bcount_part_opt(*pcbSignature, *pcbSignature) BYTE *pbSignature, _Out_writes_bytes_to_opt_(*pcbSignature, *pcbSignature) BYTE *pbSignature,
__inout DWORD *pcbSignature _Inout_ DWORD *pcbSignature
); );
// Called to decode and decrypt the encoded signature and compare it with the // Called to decode and decrypt the encoded signature and compare it with the
// computed hash. // computed hash.
#define CRYPT_OID_VERIFY_ENCODED_SIGNATURE_FUNC \ #define CRYPT_OID_VERIFY_ENCODED_SIGNATURE_FUNC \
"CryptDllVerifyEncodedSignature" "CryptDllVerifyEncodedSignature"
typedef BOOL (WINAPI *PFN_CRYPT_VERIFY_ENCODED_SIGNATURE_FUNC)( typedef BOOL (WINAPI *PFN_CRYPT_VERIFY_ENCODED_SIGNATURE_FUNC)(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pPubKeyInfo, _In_ PCERT_PUBLIC_KEY_INFO pPubKeyInfo,
__in PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, _In_ PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
__in_opt void *pvDecodedSignPara, _In_opt_ void *pvDecodedSignPara,
__in LPCWSTR pwszCNGPubKeyAlgid, // obtained from signature OID _In_ LPCWSTR pwszCNGPubKeyAlgid, // obtained from signature OID
__in LPCWSTR pwszCNGHashAlgid, _In_ LPCWSTR pwszCNGHashAlgid,
__in_bcount(cbComputedHash) BYTE *pbComputedHash, _In_reads_bytes_(cbComputedHash) BYTE *pbComputedHash,
__in DWORD cbComputedHash, _In_ DWORD cbComputedHash,
__in_bcount(cbSignature) BYTE *pbSignature, _In_reads_bytes_(cbSignature) BYTE *pbSignature,
__in DWORD cbSignature _In_ DWORD cbSignature
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify the time validity of a certificate. // Verify the time validity of a certificate.
// //
// Returns -1 if before NotBefore, +1 if after NotAfter and otherwise 0 for // Returns -1 if before NotBefore, +1 if after NotAfter and otherwise 0 for
// a valid certificate // a valid certificate
// //
// If pTimeToVerify is NULL, uses the current time. // If pTimeToVerify is NULL, uses the current time.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
LONG LONG
WINAPI WINAPI
CertVerifyTimeValidity( CertVerifyTimeValidity(
__in_opt LPFILETIME pTimeToVerify, _In_opt_ LPFILETIME pTimeToVerify,
__in PCERT_INFO pCertInfo _In_ PCERT_INFO pCertInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify the time validity of a CRL. // Verify the time validity of a CRL.
// //
// Returns -1 if before ThisUpdate, +1 if after NextUpdate and otherwise 0 for // Returns -1 if before ThisUpdate, +1 if after NextUpdate and otherwise 0 for
// a valid CRL // a valid CRL
// //
// If pTimeToVerify is NULL, uses the current time. // If pTimeToVerify is NULL, uses the current time.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
LONG LONG
WINAPI WINAPI
CertVerifyCRLTimeValidity( CertVerifyCRLTimeValidity(
__in_opt LPFILETIME pTimeToVerify, _In_opt_ LPFILETIME pTimeToVerify,
__in PCRL_INFO pCrlInfo _In_ PCRL_INFO pCrlInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify that the subject's time validity nests within the issuer's time // Verify that the subject's time validity nests within the issuer's time
// validity. // validity.
// //
// Returns TRUE if it nests. Otherwise, returns FALSE. // Returns TRUE if it nests. Otherwise, returns FALSE.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifyValidityNesting( CertVerifyValidityNesting(
__in PCERT_INFO pSubjectInfo, _In_ PCERT_INFO pSubjectInfo,
__in PCERT_INFO pIssuerInfo _In_ PCERT_INFO pIssuerInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify that the subject certificate isn't on its issuer CRL. // Verify that the subject certificate isn't on its issuer CRL.
// //
// Returns true if the certificate isn't on the CRL. // Returns true if the certificate isn't on the CRL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifyCRLRevocation( CertVerifyCRLRevocation(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_INFO pCertId, // Only the Issuer and SerialNumber _In_ PCERT_INFO pCertId, // Only the Issuer and SerialNumber
// fields are used // fields are used
__in DWORD cCrlInfo, _In_ DWORD cCrlInfo,
__in_ecount(cCrlInfo) PCRL_INFO rgpCrlInfo[] _In_reads_(cCrlInfo) PCRL_INFO rgpCrlInfo[]
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert the CAPI AlgId to the ASN.1 Object Identifier string // Convert the CAPI AlgId to the ASN.1 Object Identifier string
// //
// Returns NULL if there isn't an ObjId corresponding to the AlgId. // Returns NULL if there isn't an ObjId corresponding to the AlgId.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
LPCSTR LPCSTR
WINAPI WINAPI
CertAlgIdToOID( CertAlgIdToOID(
__in DWORD dwAlgId _In_ DWORD dwAlgId
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert the ASN.1 Object Identifier string to the CAPI AlgId. // Convert the ASN.1 Object Identifier string to the CAPI AlgId.
// //
// Returns 0 if there isn't an AlgId corresponding to the ObjId. // Returns 0 if there isn't an AlgId corresponding to the ObjId.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertOIDToAlgId( CertOIDToAlgId(
__in LPCSTR pszObjId _In_ LPCSTR pszObjId
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find an extension identified by its Object Identifier. // Find an extension identified by its Object Identifier.
// //
// If found, returns pointer to the extension. Otherwise, returns NULL. // If found, returns pointer to the extension. Otherwise, returns NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCERT_EXTENSION PCERT_EXTENSION
WINAPI WINAPI
CertFindExtension( CertFindExtension(
__in LPCSTR pszObjId, _In_ LPCSTR pszObjId,
__in DWORD cExtensions, _In_ DWORD cExtensions,
__in_ecount(cExtensions) CERT_EXTENSION rgExtensions[] _In_reads_(cExtensions) CERT_EXTENSION rgExtensions[]
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find the first attribute identified by its Object Identifier. // Find the first attribute identified by its Object Identifier.
// //
// If found, returns pointer to the attribute. Otherwise, returns NULL. // If found, returns pointer to the attribute. Otherwise, returns NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCRYPT_ATTRIBUTE PCRYPT_ATTRIBUTE
WINAPI WINAPI
CertFindAttribute( CertFindAttribute(
__in LPCSTR pszObjId, _In_ LPCSTR pszObjId,
__in DWORD cAttr, _In_ DWORD cAttr,
__in_ecount(cAttr) CRYPT_ATTRIBUTE rgAttr[] _In_reads_(cAttr) CRYPT_ATTRIBUTE rgAttr[]
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find the first CERT_RDN attribute identified by its Object Identifier in // Find the first CERT_RDN attribute identified by its Object Identifier in
// the name's list of Relative Distinguished Names. // the name's list of Relative Distinguished Names.
// //
// If found, returns pointer to the attribute. Otherwise, returns NULL. // If found, returns pointer to the attribute. Otherwise, returns NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCERT_RDN_ATTR PCERT_RDN_ATTR
WINAPI WINAPI
CertFindRDNAttr( CertFindRDNAttr(
__in LPCSTR pszObjId, _In_ LPCSTR pszObjId,
__in PCERT_NAME_INFO pName _In_ PCERT_NAME_INFO pName
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the intended key usage bytes from the certificate. // Get the intended key usage bytes from the certificate.
// //
// If the certificate doesn't have any intended key usage bytes, returns FALSE // If the certificate doesn't have any intended key usage bytes, returns FALSE
// and *pbKeyUsage is zeroed. Otherwise, returns TRUE and up through // and *pbKeyUsage is zeroed. Otherwise, returns TRUE and up through
// cbKeyUsage bytes are copied into *pbKeyUsage. Any remaining uncopied // cbKeyUsage bytes are copied into *pbKeyUsage. Any remaining uncopied
// bytes are zeroed. // bytes are zeroed.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertGetIntendedKeyUsage( CertGetIntendedKeyUsage(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_INFO pCertInfo, _In_ PCERT_INFO pCertInfo,
__out_bcount_full(cbKeyUsage) BYTE *pbKeyUsage, _Out_writes_bytes_all_(cbKeyUsage) BYTE *pbKeyUsage,
__in DWORD cbKeyUsage _In_ DWORD cbKeyUsage
); );
typedef void *HCRYPTDEFAULTCONTEXT; typedef void *HCRYPTDEFAULTCONTEXT;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Install a previously CryptAcquiredContext'ed HCRYPTPROV to be used as // Install a previously CryptAcquiredContext'ed HCRYPTPROV to be used as
// a default context. // a default context.
// //
// dwDefaultType and pvDefaultPara specify where the default context is used. // dwDefaultType and pvDefaultPara specify where the default context is used.
// For example, install the HCRYPTPROV to be used to verify certificate's // For example, install the HCRYPTPROV to be used to verify certificate's
skipping to change at line 13860 skipping to change at line 14571
// //
// If CRYPT_DEFAULT_CONTEXT_AUTO_RELEASE_FLAG is set, then, the HCRYPTPROV // If CRYPT_DEFAULT_CONTEXT_AUTO_RELEASE_FLAG is set, then, the HCRYPTPROV
// is CryptReleaseContext'ed at thread or process exit. However, // is CryptReleaseContext'ed at thread or process exit. However,
// not CryptReleaseContext'ed if CryptUninstallDefaultContext is // not CryptReleaseContext'ed if CryptUninstallDefaultContext is
// called. // called.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptInstallDefaultContext( CryptInstallDefaultContext(
__in HCRYPTPROV hCryptProv, _In_ HCRYPTPROV hCryptProv,
__in DWORD dwDefaultType, _In_ DWORD dwDefaultType,
__in_opt const void *pvDefaultPara, _In_opt_ const void *pvDefaultPara,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__out HCRYPTDEFAULTCONTEXT *phDefaultContext _Out_ HCRYPTDEFAULTCONTEXT *phDefaultContext
); );
// dwFlags // dwFlags
#define CRYPT_DEFAULT_CONTEXT_AUTO_RELEASE_FLAG 0x00000001 #define CRYPT_DEFAULT_CONTEXT_AUTO_RELEASE_FLAG 0x00000001
#define CRYPT_DEFAULT_CONTEXT_PROCESS_FLAG 0x00000002 #define CRYPT_DEFAULT_CONTEXT_PROCESS_FLAG 0x00000002
// List of dwDefaultType's // List of dwDefaultType's
#define CRYPT_DEFAULT_CONTEXT_CERT_SIGN_OID 1 #define CRYPT_DEFAULT_CONTEXT_CERT_SIGN_OID 1
#define CRYPT_DEFAULT_CONTEXT_MULTI_CERT_SIGN_OID 2 #define CRYPT_DEFAULT_CONTEXT_MULTI_CERT_SIGN_OID 2
skipping to change at line 13913 skipping to change at line 14624
// CryptInstallDefaultContext. // CryptInstallDefaultContext.
// //
// For a default context installed with CRYPT_DEFAULT_CONTEXT_PROCESS_FLAG // For a default context installed with CRYPT_DEFAULT_CONTEXT_PROCESS_FLAG
// set, if any other threads are currently using this context, // set, if any other threads are currently using this context,
// this function will block until they finish. // this function will block until they finish.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUninstallDefaultContext( CryptUninstallDefaultContext(
__in_opt HCRYPTDEFAULTCONTEXT hDefaultContext, _In_opt_ HCRYPTDEFAULTCONTEXT hDefaultContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Export the public key info associated with the provider's corresponding // Export the public key info associated with the provider's corresponding
// private key. // private key.
// //
// Calls CryptExportPublicKeyInfoEx with pszPublicKeyObjId = NULL, // Calls CryptExportPublicKeyInfoEx with pszPublicKeyObjId = NULL,
// dwFlags = 0 and pvAuxInfo = NULL. // dwFlags = 0 and pvAuxInfo = NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptExportPublicKeyInfo( CryptExportPublicKeyInfo(
__in HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, _In_ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
__in_opt DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE _In_opt_ DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo, _Out_writes_bytes_to_opt_(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
__inout DWORD *pcbInfo _Inout_ DWORD *pcbInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Export the public key info associated with the provider's corresponding // Export the public key info associated with the provider's corresponding
// private key. // private key.
// //
// Uses the dwCertEncodingType and pszPublicKeyObjId to call the // Uses the dwCertEncodingType and pszPublicKeyObjId to call the
// installable CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC. The called function // installable CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC. The called function
// has the same signature as CryptExportPublicKeyInfoEx. // has the same signature as CryptExportPublicKeyInfoEx.
// //
skipping to change at line 13959 skipping to change at line 14670
// dwFlags can be set with the following 2 flags passed directly to // dwFlags can be set with the following 2 flags passed directly to
// CryptFindOIDInfo: // CryptFindOIDInfo:
// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG // CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG // CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptExportPublicKeyInfoEx( CryptExportPublicKeyInfoEx(
__in HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, _In_ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
__in_opt DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE _In_opt_ DWORD dwKeySpec, // not applicable for NCRYPT_KEY_HANDLE
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in_opt LPSTR pszPublicKeyObjId, _In_opt_ LPSTR pszPublicKeyObjId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt void *pvAuxInfo, _In_opt_ void *pvAuxInfo,
__out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo, _Out_writes_bytes_to_opt_(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
__inout DWORD *pcbInfo _Inout_ DWORD *pcbInfo
); );
// Legacy define used for exporting CAPI1 HCRYPTPROV public keys. // Legacy define used for exporting CAPI1 HCRYPTPROV public keys.
#define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC "CryptDllExportPublicKeyInfoEx" #define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC "CryptDllExportPublicKeyInfoEx"
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Export CNG PublicKeyInfo OID installable function. Note, not called // Export CNG PublicKeyInfo OID installable function. Note, not called
// for a HCRYPTPROV choice. // for a HCRYPTPROV choice.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC \ #define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC \
"CryptDllExportPublicKeyInfoEx2" "CryptDllExportPublicKeyInfoEx2"
typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC) ( typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC) (
__in NCRYPT_KEY_HANDLE hNCryptKey, _In_ NCRYPT_KEY_HANDLE hNCryptKey,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in LPSTR pszPublicKeyObjId, _In_ LPSTR pszPublicKeyObjId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt void *pvAuxInfo, _In_opt_ void *pvAuxInfo,
__out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo, _Out_writes_bytes_to_opt_(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
__inout DWORD *pcbInfo _Inout_ DWORD *pcbInfo
); );
#if (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN7)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Export the public key info associated with the provider's corresponding // Export the public key info associated with the provider's corresponding
// private key. // private key.
// //
// Uses the dwCertEncodingType and pszPublicKeyObjId to call the // Uses the dwCertEncodingType and pszPublicKeyObjId to call the
// installable CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC. The // installable CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC. The
skipping to change at line 14014 skipping to change at line 14725
// In addition dwFlags can be set with the following 2 flags passed directly // In addition dwFlags can be set with the following 2 flags passed directly
// to CryptFindOIDInfo: // to CryptFindOIDInfo:
// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG // CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG // CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptExportPublicKeyInfoFromBCryptKeyHandle( CryptExportPublicKeyInfoFromBCryptKeyHandle(
__in BCRYPT_KEY_HANDLE hBCryptKey, _In_ BCRYPT_KEY_HANDLE hBCryptKey,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in_opt LPSTR pszPublicKeyObjId, _In_opt_ LPSTR pszPublicKeyObjId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt void *pvAuxInfo, _In_opt_ void *pvAuxInfo,
__out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo, _Out_writes_bytes_to_opt_(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
__inout DWORD *pcbInfo _Inout_ DWORD *pcbInfo
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Export CNG PublicKeyInfo OID installable function. Note, not called // Export CNG PublicKeyInfo OID installable function. Note, not called
// for a HCRYPTPROV or NCRYPT_KEY_HANDLE choice. // for a HCRYPTPROV or NCRYPT_KEY_HANDLE choice.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC \ #define CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC \
"CryptDllExportPublicKeyInfoFromBCryptKeyHandle" "CryptDllExportPublicKeyInfoFromBCryptKeyHandle"
typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC) ( typedef BOOL (WINAPI *PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_FROM_BCRYPT_HANDLE_FUNC) (
__in BCRYPT_KEY_HANDLE hBCryptKey, _In_ BCRYPT_KEY_HANDLE hBCryptKey,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in LPSTR pszPublicKeyObjId, _In_ LPSTR pszPublicKeyObjId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt void *pvAuxInfo, _In_opt_ void *pvAuxInfo,
__out_bcount_part_opt(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo, _Out_writes_bytes_to_opt_(*pcbInfo, *pcbInfo) PCERT_PUBLIC_KEY_INFO pInfo,
__inout DWORD *pcbInfo _Inout_ DWORD *pcbInfo
); );
#endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN7)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert and import the public key info into the provider and return a // Convert and import the public key info into the provider and return a
// handle to the public key. // handle to the public key.
// //
// Calls CryptImportPublicKeyInfoEx with aiKeyAlg = 0, dwFlags = 0 and // Calls CryptImportPublicKeyInfoEx with aiKeyAlg = 0, dwFlags = 0 and
// pvAuxInfo = NULL. // pvAuxInfo = NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptImportPublicKeyInfo( CryptImportPublicKeyInfo(
__in HCRYPTPROV hCryptProv, _In_ HCRYPTPROV hCryptProv,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo, _In_ PCERT_PUBLIC_KEY_INFO pInfo,
__out HCRYPTKEY *phKey _Out_ HCRYPTKEY *phKey
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert and import the public key info into the provider and return a // Convert and import the public key info into the provider and return a
// handle to the public key. // handle to the public key.
// //
// Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the // Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the
// installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC. The called function // installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC. The called function
// has the same signature as CryptImportPublicKeyInfoEx. // has the same signature as CryptImportPublicKeyInfoEx.
// //
skipping to change at line 14078 skipping to change at line 14789
// //
// For szOID_RSA_RSA: aiKeyAlg may be set to CALG_RSA_SIGN or CALG_RSA_KEYX. // For szOID_RSA_RSA: aiKeyAlg may be set to CALG_RSA_SIGN or CALG_RSA_KEYX.
// Defaults to CALG_RSA_KEYX. The dwFlags and pvAuxInfo aren't used. // Defaults to CALG_RSA_KEYX. The dwFlags and pvAuxInfo aren't used.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC "CryptDllImportPublicKeyInfoEx" #define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC "CryptDllImportPublicKeyInfoEx"
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptImportPublicKeyInfoEx( CryptImportPublicKeyInfoEx(
__in HCRYPTPROV hCryptProv, _In_ HCRYPTPROV hCryptProv,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo, _In_ PCERT_PUBLIC_KEY_INFO pInfo,
__in ALG_ID aiKeyAlg, _In_ ALG_ID aiKeyAlg,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt void *pvAuxInfo, _In_opt_ void *pvAuxInfo,
__out HCRYPTKEY *phKey _Out_ HCRYPTKEY *phKey
); );
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert and import the public key info into the CNG asymmetric or // Convert and import the public key info into the CNG asymmetric or
// signature algorithm provider and return a BCRYPT_KEY_HANDLE to it. // signature algorithm provider and return a BCRYPT_KEY_HANDLE to it.
// //
// Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the // Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the
// installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC. The called function // installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC. The called function
// has the same signature as CryptImportPublicKeyInfoEx2. // has the same signature as CryptImportPublicKeyInfoEx2.
// //
// dwFlags can be set with the following 2 flags passed directly to // dwFlags can be set with the following 2 flags passed directly to
// CryptFindOIDInfo: // CryptFindOIDInfo:
// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG // CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG // CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
// dwFlags can also have BCRYPT_NO_KEY_VALIDATION OR'd in. This flag is // dwFlags can also have BCRYPT_NO_KEY_VALIDATION OR'd in. This flag is
// passed to BCryptImportKeyPair. // passed to BCryptImportKeyPair.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptImportPublicKeyInfoEx2( CryptImportPublicKeyInfoEx2(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo, _In_ PCERT_PUBLIC_KEY_INFO pInfo,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt void *pvAuxInfo, _In_opt_ void *pvAuxInfo,
__out BCRYPT_KEY_HANDLE *phKey _Out_ BCRYPT_KEY_HANDLE *phKey
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Import CNG PublicKeyInfo OID installable function // Import CNG PublicKeyInfo OID installable function
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC \ #define CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC \
"CryptDllImportPublicKeyInfoEx2" "CryptDllImportPublicKeyInfoEx2"
typedef BOOL (WINAPI *PFN_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC) ( typedef BOOL (WINAPI *PFN_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC) (
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo, _In_ PCERT_PUBLIC_KEY_INFO pInfo,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt void *pvAuxInfo, _In_opt_ void *pvAuxInfo,
__out BCRYPT_KEY_HANDLE *phKey _Out_ BCRYPT_KEY_HANDLE *phKey
); );
#endif // (NTDDI_VERSION >= NTDDI_WINLH) #endif // (NTDDI_VERSION >= NTDDI_VISTA)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Acquire a HCRYPTPROV and dwKeySpec or NCRYPT_KEY_HANDLE for the // Acquire a HCRYPTPROV and dwKeySpec or NCRYPT_KEY_HANDLE for the
// specified certificate context. Uses the certificate's // specified certificate context. Uses the certificate's
// CERT_KEY_PROV_INFO_PROP_ID property. // CERT_KEY_PROV_INFO_PROP_ID property.
// The returned HCRYPTPROV or NCRYPT_KEY_HANDLE handle may optionally be // The returned HCRYPTPROV or NCRYPT_KEY_HANDLE handle may optionally be
// cached using the certificate's CERT_KEY_CONTEXT_PROP_ID property. // cached using the certificate's CERT_KEY_CONTEXT_PROP_ID property.
// //
// If CRYPT_ACQUIRE_CACHE_FLAG is set, then, if an already acquired and // If CRYPT_ACQUIRE_CACHE_FLAG is set, then, if an already acquired and
// cached HCRYPTPROV or NCRYPT_KEY_HANDLE exists for the certificate, its // cached HCRYPTPROV or NCRYPT_KEY_HANDLE exists for the certificate, its
skipping to change at line 14163 skipping to change at line 14874
// a cached HCRYPTPROV or NCRYPT_KEY_HANDLE is returned, the comparison isn't // a cached HCRYPTPROV or NCRYPT_KEY_HANDLE is returned, the comparison isn't
// done. We assume the comparison was done on the initial acquire. // done. We assume the comparison was done on the initial acquire.
// //
// The CRYPT_ACQUIRE_NO_HEALING flags prohibits this function from // The CRYPT_ACQUIRE_NO_HEALING flags prohibits this function from
// attempting to recreate the CERT_KEY_PROV_INFO_PROP_ID in the certificate // attempting to recreate the CERT_KEY_PROV_INFO_PROP_ID in the certificate
// context if it fails to retrieve this property. // context if it fails to retrieve this property.
// //
// The CRYPT_ACQUIRE_SILENT_FLAG can be set to suppress any UI by the CSP. // The CRYPT_ACQUIRE_SILENT_FLAG can be set to suppress any UI by the CSP.
// See CryptAcquireContext's CRYPT_SILENT flag for more details. // See CryptAcquireContext's CRYPT_SILENT flag for more details.
// //
// The CRYPT_ACQUIRE_WINDOW_HANDLE_FLAG can be set when a pointer to a window h
andle (HWND*)
// is passed in as the pvParameters. The window handle will be used
// by calling CryptSetProvParam with a NULL HCRYPTPROV and dwParam
// is PP_CLIENT_HWND before the call to CryptAcquireContext.
// This will set the window handle for all CAPI calls in this process.
// The caller should make sure the window handle is valid or clear it out by
// calling CryptSetProvParam with PP_CLIENT_HWND with a NULL hWnd.
// Or for cng, the hwnd will be used by calling NCryptSetProperty on the storag
e provider
// handle provider with property NCRYPT_WINDOW_HANDLE_PROPERTY and
// by calling NCryptSetPRoperty on the key handle with property NCRYPT_WINDOW_H
ANDLE_PROPERTY.
// If both calls to NCryptSetProperty fail then the function will return the fa
ilure of
// setting the NCRYPT_WINDOW_HANDLE_PROPERTY on the key handle.
// Do not use this flag with CRYPT_ACQUIRE_SILENT_FLAG.
//
// The following flags can be set to optionally open and return a CNG // The following flags can be set to optionally open and return a CNG
// NCRYPT_KEY_HANDLE instead of a HCRYPTPROV. *pdwKeySpec is set to // NCRYPT_KEY_HANDLE instead of a HCRYPTPROV. *pdwKeySpec is set to
// CERT_NCRYPT_KEY_SPEC when a NCRYPT_KEY_HANDLE is returned. // CERT_NCRYPT_KEY_SPEC when a NCRYPT_KEY_HANDLE is returned.
// CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG - if the CryptAcquireContext // CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG - if the CryptAcquireContext
// fails, then, an NCryptOpenKey is attempted. // fails, then, an NCryptOpenKey is attempted.
// //
// CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG - the NCryptOpenKey is // CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG - the NCryptOpenKey is
// first attempted and its handle returned for success. // first attempted and its handle returned for success.
// //
// CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG - only the NCryptOpenKey is // CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG - only the NCryptOpenKey is
skipping to change at line 14197 skipping to change at line 14922
// HCRYPTPROV must be released by the caller by calling CryptReleaseContext. // HCRYPTPROV must be released by the caller by calling CryptReleaseContext.
// A returned NCRYPT_KEY_HANDLE is freed by calling NCryptFreeObject. // A returned NCRYPT_KEY_HANDLE is freed by calling NCryptFreeObject.
// *pdwKeySpec MUST be checked when CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG // *pdwKeySpec MUST be checked when CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG
// or CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG is set. // or CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG is set.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptAcquireCertificatePrivateKey( CryptAcquireCertificatePrivateKey(
__in PCCERT_CONTEXT pCert, _In_ PCCERT_CONTEXT pCert,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _In_opt_ void *pvParameters,
__out HCRYPTPROV_OR_NCRYPT_KEY_HANDLE *phCryptProvOrNCryptKey, _Out_ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE *phCryptProvOrNCryptKey,
__out_opt DWORD *pdwKeySpec, _Out_opt_ DWORD *pdwKeySpec,
__out_opt BOOL *pfCallerFreeProvOrNCryptKey _Out_opt_ BOOL *pfCallerFreeProvOrNCryptKey
); );
#define CRYPT_ACQUIRE_CACHE_FLAG 0x00000001 #define CRYPT_ACQUIRE_CACHE_FLAG 0x00000001
#define CRYPT_ACQUIRE_USE_PROV_INFO_FLAG 0x00000002 #define CRYPT_ACQUIRE_USE_PROV_INFO_FLAG 0x00000002
#define CRYPT_ACQUIRE_COMPARE_KEY_FLAG 0x00000004 #define CRYPT_ACQUIRE_COMPARE_KEY_FLAG 0x00000004
#define CRYPT_ACQUIRE_NO_HEALING 0x00000008 #define CRYPT_ACQUIRE_NO_HEALING 0x00000008
#define CRYPT_ACQUIRE_SILENT_FLAG 0x00000040 #define CRYPT_ACQUIRE_SILENT_FLAG 0x00000040
#define CRYPT_ACQUIRE_WINDOW_HANDLE_FLAG 0x00000080
#define CRYPT_ACQUIRE_NCRYPT_KEY_FLAGS_MASK 0x00070000 #define CRYPT_ACQUIRE_NCRYPT_KEY_FLAGS_MASK 0x00070000
#define CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG 0x00010000 #define CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG 0x00010000
#define CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG 0x00020000 #define CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG 0x00020000
#define CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG 0x00040000 #define CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG 0x00040000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerates the cryptographic providers and their containers to find the // Enumerates the cryptographic providers and their containers to find the
// private key corresponding to the certificate's public key. For a match, // private key corresponding to the certificate's public key. For a match,
// the certificate's CERT_KEY_PROV_INFO_PROP_ID property is updated. // the certificate's CERT_KEY_PROV_INFO_PROP_ID property is updated.
skipping to change at line 14243 skipping to change at line 14969
// If a container isn't found, returns FALSE with LastError set to // If a container isn't found, returns FALSE with LastError set to
// NTE_NO_KEY. // NTE_NO_KEY.
// //
// The above CRYPT_ACQUIRE_NCRYPT_KEY_FLAGS can also be set. The default // The above CRYPT_ACQUIRE_NCRYPT_KEY_FLAGS can also be set. The default
// is CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG. // is CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptFindCertificateKeyProvInfo( CryptFindCertificateKeyProvInfo(
__in PCCERT_CONTEXT pCert, _In_ PCCERT_CONTEXT pCert,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
#define CRYPT_FIND_USER_KEYSET_FLAG 0x00000001 #define CRYPT_FIND_USER_KEYSET_FLAG 0x00000001
#define CRYPT_FIND_MACHINE_KEYSET_FLAG 0x00000002 #define CRYPT_FIND_MACHINE_KEYSET_FLAG 0x00000002
#define CRYPT_FIND_SILENT_KEYSET_FLAG 0x00000040 #define CRYPT_FIND_SILENT_KEYSET_FLAG 0x00000040
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// This is the prototype for the installable function which is called to // This is the prototype for the installable function which is called to
// actually import a key into a CSP. an installable of this type is called // actually import a key into a CSP. an installable of this type is called
// from CryptImportPKCS8. the algorithm OID of the private key is used // from CryptImportPKCS8. the algorithm OID of the private key is used
skipping to change at line 14267 skipping to change at line 14993
// //
// hCryptProv - the provider to import the key to // hCryptProv - the provider to import the key to
// pPrivateKeyInfo - describes the key to be imported // pPrivateKeyInfo - describes the key to be imported
// dwFlags - The available flags are: // dwFlags - The available flags are:
// CRYPT_EXPORTABLE // CRYPT_EXPORTABLE
// this flag is used when importing private keys, for a full // this flag is used when importing private keys, for a full
// explanation please see the documentation for CryptImportKey. // explanation please see the documentation for CryptImportKey.
// pvAuxInfo - reserved for future, must be NULL // pvAuxInfo - reserved for future, must be NULL
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_IMPORT_PRIV_KEY_FUNC) ( typedef BOOL (WINAPI *PFN_IMPORT_PRIV_KEY_FUNC) (
__in HCRYPTPROV hCryptProv, // in _In_ HCRYPTPROV hCryptProv, // in
__in CRYPT_PRIVATE_KEY_INFO* pPrivateKeyInfo, // in _In_ CRYPT_PRIVATE_KEY_INFO* pPrivateKeyInfo, // in
__in DWORD dwFlags, // in _In_ DWORD dwFlags, // in
__in_opt void* pvAuxInfo // in, optional _In_opt_ void* pvAuxInfo // in, optional
); );
#define CRYPT_OID_IMPORT_PRIVATE_KEY_INFO_FUNC "CryptDllImportPrivateKeyInfoEx " #define CRYPT_OID_IMPORT_PRIVATE_KEY_INFO_FUNC "CryptDllImportPrivateKeyInfoEx "
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert (from PKCS8 format) and import the private key into a provider // Convert (from PKCS8 format) and import the private key into a provider
// and return a handle to the provider as well as the KeySpec used to import to. // and return a handle to the provider as well as the KeySpec used to import to.
// //
// This function will call the PRESOLVE_HCRYPTPROV_FUNC in the // This function will call the PRESOLVE_HCRYPTPROV_FUNC in the
// privateKeyAndParams to obtain a handle of provider to import the key to. // privateKeyAndParams to obtain a handle of provider to import the key to.
skipping to change at line 14297 skipping to change at line 15023
// explanation please see the documentation for CryptImportKey. // explanation please see the documentation for CryptImportKey.
// phCryptProv - filled in with the handle of the provider the key was // phCryptProv - filled in with the handle of the provider the key was
// imported to, the caller is responsible for freeing it // imported to, the caller is responsible for freeing it
// pvAuxInfo - This parameter is reserved for future use and should be set // pvAuxInfo - This parameter is reserved for future use and should be set
// to NULL in the interim. // to NULL in the interim.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptImportPKCS8( CryptImportPKCS8(
__in CRYPT_PKCS8_IMPORT_PARAMS sPrivateKeyAndParams, // in _In_ CRYPT_PKCS8_IMPORT_PARAMS sPrivateKeyAndParams, // in
__in DWORD dwFlags, // in _In_ DWORD dwFlags, // in
__out_opt HCRYPTPROV *phCryptProv, // out, optional _Out_opt_ HCRYPTPROV *phCryptProv, // out, optional
__in_opt void* pvAuxInfo // in, optional _In_opt_ void* pvAuxInfo // in, optional
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// this is the prototype for installable functions for exporting the private key // this is the prototype for installable functions for exporting the private key
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_EXPORT_PRIV_KEY_FUNC) ( typedef BOOL (WINAPI *PFN_EXPORT_PRIV_KEY_FUNC) (
__in HCRYPTPROV hCryptProv, // in _In_ HCRYPTPROV hCryptProv, // in
__in DWORD dwKeySpec, // in _In_ DWORD dwKeySpec, // in
__in LPSTR pszPrivateKeyObjId, // in _In_ LPSTR pszPrivateKeyObjId, // in
__in DWORD dwFlags, // in _In_ DWORD dwFlags, // in
__in_opt void* pvAuxInfo, // in _In_opt_ void* pvAuxInfo, // in
__out_bcount_opt (*pcbPrivateKeyInfo) CRYPT_PRIVATE_KEY_INFO* pPrivateKeyInf _Out_writes_bytes_opt_ (*pcbPrivateKeyInfo) CRYPT_PRIVATE_KEY_INFO* pPrivate
o, // out KeyInfo, // out
__inout DWORD* pcbPrivateKeyInfo // in, out _Inout_ DWORD* pcbPrivateKeyInfo // in, out
); );
#define CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC "CryptDllExportPrivateKeyInfoEx " #define CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC "CryptDllExportPrivateKeyInfoEx "
#define CRYPT_DELETE_KEYSET CRYPT_DELETEKEYSET #define CRYPT_DELETE_KEYSET CRYPT_DELETEKEYSET
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CryptExportPKCS8 -- superseded by CryptExportPKCS8Ex // CryptExportPKCS8 -- superseded by CryptExportPKCS8Ex
// //
// Export the private key in PKCS8 format // Export the private key in PKCS8 format
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptExportPKCS8( CryptExportPKCS8(
__in HCRYPTPROV hCryptProv, // in _In_ HCRYPTPROV hCryptProv, // in
__in DWORD dwKeySpec, // in _In_ DWORD dwKeySpec, // in
__in LPSTR pszPrivateKeyObjId, // in _In_ LPSTR pszPrivateKeyObjId, // in
__in DWORD dwFlags, // in _In_ DWORD dwFlags, // in
__in_opt void* pvAuxInfo, // in _In_opt_ void* pvAuxInfo, // in
__out_bcount_opt (*pcbPrivateKeyBlob) BYTE* pbPrivateKeyBlob, // out _Out_writes_bytes_opt_ (*pcbPrivateKeyBlob) BYTE* pbPrivateKeyBlob, // out
__inout DWORD *pcbPrivateKeyBlob // in, out _Inout_ DWORD *pcbPrivateKeyBlob // in, out
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CryptExportPKCS8Ex // CryptExportPKCS8Ex
// //
// Export the private key in PKCS8 format // Export the private key in PKCS8 format
// //
// //
// Uses the pszPrivateKeyObjId to call the // Uses the pszPrivateKeyObjId to call the
// installable CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC. The called function // installable CRYPT_OID_EXPORT_PRIVATE_KEY_INFO_FUNC. The called function
skipping to change at line 14363 skipping to change at line 15089
// NULL in the interim. // NULL in the interim.
// pbPrivateKeyBlob - A pointer to the private key blob. It will be encoded // pbPrivateKeyBlob - A pointer to the private key blob. It will be encoded
// as a PKCS8 PrivateKeyInfo. // as a PKCS8 PrivateKeyInfo.
// pcbPrivateKeyBlob - A pointer to a DWORD that contains the size, in bytes, // pcbPrivateKeyBlob - A pointer to a DWORD that contains the size, in bytes,
// of the private key blob being exporte d. // of the private key blob being exporte d.
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptExportPKCS8Ex( CryptExportPKCS8Ex(
__in CRYPT_PKCS8_EXPORT_PARAMS* psExportParams, // in _In_ CRYPT_PKCS8_EXPORT_PARAMS* psExportParams, // in
__in DWORD dwFlags, // in _In_ DWORD dwFlags, // in
__in_opt void* pvAuxInfo, // in _In_opt_ void* pvAuxInfo, // in
__out_bcount_opt (*pcbPrivateKeyBlob) BYTE* pbPrivateKeyBlob, // out _Out_writes_bytes_opt_ (*pcbPrivateKeyBlob) BYTE* pbPrivateKeyBlob, // out
__inout DWORD* pcbPrivateKeyBlob // in, out _Inout_ DWORD* pcbPrivateKeyBlob // in, out
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Compute the hash of the encoded public key info. // Compute the hash of the encoded public key info.
// //
// The public key info is encoded and then hashed. // The public key info is encoded and then hashed.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptHashPublicKeyInfo( CryptHashPublicKeyInfo(
__in_opt HCRYPTPROV_LEGACY hCryptProv, _In_opt_ HCRYPTPROV_LEGACY hCryptProv,
__in ALG_ID Algid, _In_ ALG_ID Algid,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_PUBLIC_KEY_INFO pInfo, _In_ PCERT_PUBLIC_KEY_INFO pInfo,
__out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa _Out_writes_bytes_to_opt_(*pcbComputedHash, *pcbComputedHash) BYTE *pbComput
sh, edHash,
__inout DWORD *pcbComputedHash _Inout_ DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert a Name Value to a null terminated char string // Convert a Name Value to a null terminated char string
// //
// Returns the number of characters converted including the terminating null // Returns the number of characters converted including the terminating null
// character. If psz is NULL or csz is 0, returns the required size of the // character. If psz is NULL or csz is 0, returns the required size of the
// destination string (including the terminating null char). // destination string (including the terminating null char).
// //
// If psz != NULL && csz != 0, returned psz is always NULL terminated. // If psz != NULL && csz != 0, returned psz is always NULL terminated.
// //
// Note: csz includes the NULL char. // Note: csz includes the NULL char.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertRDNValueToStrA( CertRDNValueToStrA(
__in DWORD dwValueType, _In_ DWORD dwValueType,
__in PCERT_RDN_VALUE_BLOB pValue, _In_ PCERT_RDN_VALUE_BLOB pValue,
__out_ecount_part_opt(csz, return) LPSTR psz, _Out_writes_to_opt_(csz, return) LPSTR psz,
__in DWORD csz _In_ DWORD csz
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert a Name Value to a null terminated char string // Convert a Name Value to a null terminated char string
// //
// Returns the number of characters converted including the terminating null // Returns the number of characters converted including the terminating null
// character. If psz is NULL or csz is 0, returns the required size of the // character. If psz is NULL or csz is 0, returns the required size of the
// destination string (including the terminating null char). // destination string (including the terminating null char).
// //
// If psz != NULL && csz != 0, returned psz is always NULL terminated. // If psz != NULL && csz != 0, returned psz is always NULL terminated.
// //
// Note: csz includes the NULL char. // Note: csz includes the NULL char.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertRDNValueToStrW( CertRDNValueToStrW(
__in DWORD dwValueType, _In_ DWORD dwValueType,
__in PCERT_RDN_VALUE_BLOB pValue, _In_ PCERT_RDN_VALUE_BLOB pValue,
__out_ecount_part_opt(csz, return) LPWSTR psz, _Out_writes_to_opt_(csz, return) LPWSTR psz,
__in DWORD csz _In_ DWORD csz
); );
#ifdef UNICODE #ifdef UNICODE
#define CertRDNValueToStr CertRDNValueToStrW #define CertRDNValueToStr CertRDNValueToStrW
#else #else
#define CertRDNValueToStr CertRDNValueToStrA #define CertRDNValueToStr CertRDNValueToStrA
#endif // !UNICODE #endif // !UNICODE
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Convert the certificate name blob to a null terminated char string. // Convert the certificate name blob to a null terminated char string.
// //
skipping to change at line 14534 skipping to change at line 15260
// //
// Note: csz includes the NULL char. // Note: csz includes the NULL char.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertNameToStrA( CertNameToStrA(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_NAME_BLOB pName, _In_ PCERT_NAME_BLOB pName,
__in DWORD dwStrType, _In_ DWORD dwStrType,
__out_ecount_part_opt(csz, return) LPSTR psz, _Out_writes_to_opt_(csz, return) LPSTR psz,
__in DWORD csz _In_ DWORD csz
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertNameToStrW( CertNameToStrW(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_NAME_BLOB pName, _In_ PCERT_NAME_BLOB pName,
__in DWORD dwStrType, _In_ DWORD dwStrType,
__out_ecount_part_opt(csz, return) LPWSTR psz, _Out_writes_to_opt_(csz, return) LPWSTR psz,
__in DWORD csz _In_ DWORD csz
); );
#ifdef UNICODE #ifdef UNICODE
#define CertNameToStr CertNameToStrW #define CertNameToStr CertNameToStrW
#else #else
#define CertNameToStr CertNameToStrA #define CertNameToStr CertNameToStrA
#endif // !UNICODE #endif // !UNICODE
// certenrolld_begin -- CERT_NAME_STR_*_FLAG // certenrolld_begin -- CERT_NAME_STR_*_FLAG
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate name string types // Certificate name string types
skipping to change at line 14700 skipping to change at line 15426
// ppszError can be set to NULL if not interested in getting a pointer // ppszError can be set to NULL if not interested in getting a pointer
// to the invalid character sequence. // to the invalid character sequence.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertStrToNameA( CertStrToNameA(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in LPCSTR pszX500, _In_ LPCSTR pszX500,
__in DWORD dwStrType, _In_ DWORD dwStrType,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded, _Out_writes_bytes_to_opt_(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
__inout DWORD *pcbEncoded, _Inout_ DWORD *pcbEncoded,
__deref_opt_out_opt LPCSTR *ppszError _Outptr_opt_result_maybenull_ LPCSTR *ppszError
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertStrToNameW( CertStrToNameW(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in LPCWSTR pszX500, _In_ LPCWSTR pszX500,
__in DWORD dwStrType, _In_ DWORD dwStrType,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__out_bcount_part_opt(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded, _Out_writes_bytes_to_opt_(*pcbEncoded, *pcbEncoded) BYTE *pbEncoded,
__inout DWORD *pcbEncoded, _Inout_ DWORD *pcbEncoded,
__deref_opt_out_opt LPCWSTR *ppszError _Outptr_opt_result_maybenull_ LPCWSTR *ppszError
); );
#ifdef UNICODE #ifdef UNICODE
#define CertStrToName CertStrToNameW #define CertStrToName CertStrToNameW
#else #else
#define CertStrToName CertStrToNameA #define CertStrToName CertStrToNameA
#endif // !UNICODE #endif // !UNICODE
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get the subject or issuer name from the certificate and // Get the subject or issuer name from the certificate and
// according to the specified format type, convert to a null terminated // according to the specified format type, convert to a null terminated
skipping to change at line 14824 skipping to change at line 15550
// //
// Note: cchNameString includes the NULL char. // Note: cchNameString includes the NULL char.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertGetNameStringA( CertGetNameStringA(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwType, _In_ DWORD dwType,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt void *pvTypePara, _In_opt_ void *pvTypePara,
__out_ecount_part_opt(cchNameString, return) LPSTR pszNameString, _Out_writes_to_opt_(cchNameString, return) LPSTR pszNameString,
__in DWORD cchNameString _In_ DWORD cchNameString
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
DWORD DWORD
WINAPI WINAPI
CertGetNameStringW( CertGetNameStringW(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in DWORD dwType, _In_ DWORD dwType,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt void *pvTypePara, _In_opt_ void *pvTypePara,
__out_ecount_part_opt(cchNameString, return) LPWSTR pszNameString, _Out_writes_to_opt_(cchNameString, return) LPWSTR pszNameString,
__in DWORD cchNameString _In_ DWORD cchNameString
); );
#ifdef UNICODE #ifdef UNICODE
#define CertGetNameString CertGetNameStringW #define CertGetNameString CertGetNameStringW
#else #else
#define CertGetNameString CertGetNameStringA #define CertGetNameString CertGetNameStringA
#endif // !UNICODE #endif // !UNICODE
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate name types // Certificate name types
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
skipping to change at line 14868 skipping to change at line 15594
#define CERT_NAME_DNS_TYPE 6 #define CERT_NAME_DNS_TYPE 6
#define CERT_NAME_URL_TYPE 7 #define CERT_NAME_URL_TYPE 7
#define CERT_NAME_UPN_TYPE 8 #define CERT_NAME_UPN_TYPE 8
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Certificate name flags // Certificate name flags
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define CERT_NAME_ISSUER_FLAG 0x1 #define CERT_NAME_ISSUER_FLAG 0x1
#define CERT_NAME_DISABLE_IE4_UTF8_FLAG 0x00010000 #define CERT_NAME_DISABLE_IE4_UTF8_FLAG 0x00010000
// Following is only applicable to CERT_NAME_DNS_TYPE. When set returns
// all names not just the first one. Returns a multi-string. Each string
// will be null terminated. The last string will be double null terminated.
#define CERT_NAME_SEARCH_ALL_NAMES_FLAG 0x2
//+========================================================================= //+=========================================================================
// Simplified Cryptographic Message Data Structures and APIs // Simplified Cryptographic Message Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Conventions for the *pb and *pcb output parameters: // Conventions for the *pb and *pcb output parameters:
// //
// Upon entry to the function: // Upon entry to the function:
// if pcb is OPTIONAL && pcb == NULL, then, // if pcb is OPTIONAL && pcb == NULL, then,
// No output is returned // No output is returned
skipping to change at line 14920 skipping to change at line 15651
// //
// Note, if the KEYID choice was selected for a CMS SignerId, then, the // Note, if the KEYID choice was selected for a CMS SignerId, then, the
// SerialNumber is 0 and the Issuer is encoded containing a single RDN with a // SerialNumber is 0 and the Issuer is encoded containing a single RDN with a
// single Attribute whose OID is szOID_KEYID_RDN, value type is // single Attribute whose OID is szOID_KEYID_RDN, value type is
// CERT_RDN_OCTET_STRING and value is the KEYID. When the // CERT_RDN_OCTET_STRING and value is the KEYID. When the
// CertGetSubjectCertificateFromStore and // CertGetSubjectCertificateFromStore and
// CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) APIs see this // CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) APIs see this
// special KEYID Issuer and SerialNumber, they do a KEYID match. // special KEYID Issuer and SerialNumber, they do a KEYID match.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef PCCERT_CONTEXT (WINAPI *PFN_CRYPT_GET_SIGNER_CERTIFICATE)( typedef PCCERT_CONTEXT (WINAPI *PFN_CRYPT_GET_SIGNER_CERTIFICATE)(
__inout_opt void *pvGetArg, _Inout_opt_ void *pvGetArg,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in PCERT_INFO pSignerId, // Only the Issuer and SerialNumber _In_ PCERT_INFO pSignerId, // Only the Issuer and SerialNumber
// fields have been updated // fields have been updated
__in HCERTSTORE hMsgCertStore _In_ HCERTSTORE hMsgCertStore
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The CRYPT_SIGN_MESSAGE_PARA are used for signing messages using the // The CRYPT_SIGN_MESSAGE_PARA are used for signing messages using the
// specified signing certificate context. // specified signing certificate context.
// //
// Either the CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_PROV_INFO_PROP_ID must // Either the CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_PROV_INFO_PROP_ID must
// be set for each rgpSigningCert[]. Either one specifies the private // be set for each rgpSigningCert[]. Either one specifies the private
// signature key to use. // signature key to use.
// //
skipping to change at line 15036 skipping to change at line 15767
// //
// cbSize must be set to the sizeof(CRYPT_VERIFY_MESSAGE_PARA) or else // cbSize must be set to the sizeof(CRYPT_VERIFY_MESSAGE_PARA) or else
// LastError will be updated with E_INVALIDARG. // LastError will be updated with E_INVALIDARG.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_VERIFY_MESSAGE_PARA { typedef struct _CRYPT_VERIFY_MESSAGE_PARA {
DWORD cbSize; DWORD cbSize;
DWORD dwMsgAndCertEncodingType; DWORD dwMsgAndCertEncodingType;
HCRYPTPROV_LEGACY hCryptProv; HCRYPTPROV_LEGACY hCryptProv;
PFN_CRYPT_GET_SIGNER_CERTIFICATE pfnGetSignerCertificate; PFN_CRYPT_GET_SIGNER_CERTIFICATE pfnGetSignerCertificate;
void *pvGetArg; void *pvGetArg;
#ifdef CRYPT_VERIFY_MESSAGE_PARA_HAS_EXTRA_FIELDS
// Note, if you #define CRYPT_VERIFY_MESSAGE_PARA_HAS_EXTRA_FIELDS,
// then, you must zero all unused fields in this data structure.
// More fields could be added in a future release.
//
// The following is set to check for Strong and Restricted Signatures
//
PCCERT_STRONG_SIGN_PARA pStrongSignPara;
#endif
} CRYPT_VERIFY_MESSAGE_PARA, *PCRYPT_VERIFY_MESSAGE_PARA; } CRYPT_VERIFY_MESSAGE_PARA, *PCRYPT_VERIFY_MESSAGE_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// The CRYPT_ENCRYPT_MESSAGE_PARA are used for encrypting messages. // The CRYPT_ENCRYPT_MESSAGE_PARA are used for encrypting messages.
// //
// hCryptProv is used to do content encryption, recipient key // hCryptProv is used to do content encryption, recipient key
// encryption, and recipient key export. Its private key // encryption, and recipient key export. Its private key
// isn't used. // isn't used.
// //
// Currently, pvEncryptionAuxInfo is only defined for RC2 or RC4 encryption // Currently, pvEncryptionAuxInfo is only defined for RC2 or RC4 encryption
skipping to change at line 15203 skipping to change at line 15947
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign the message. // Sign the message.
// //
// If fDetachedSignature is TRUE, the "to be signed" content isn't included // If fDetachedSignature is TRUE, the "to be signed" content isn't included
// in the encoded signed blob. // in the encoded signed blob.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSignMessage( CryptSignMessage(
__in PCRYPT_SIGN_MESSAGE_PARA pSignPara, _In_ PCRYPT_SIGN_MESSAGE_PARA pSignPara,
__in BOOL fDetachedSignature, _In_ BOOL fDetachedSignature,
__in DWORD cToBeSigned, _In_ DWORD cToBeSigned,
__in_ecount_opt(cToBeSigned) const BYTE *rgpbToBeSigned[], _In_reads_opt_(cToBeSigned) const BYTE *rgpbToBeSigned[],
__in_ecount(cToBeSigned) DWORD rgcbToBeSigned[], _In_reads_(cToBeSigned) DWORD rgcbToBeSigned[],
__out_bcount_part_opt(*pcbSignedBlob, *pcbSignedBlob) BYTE *pbSignedBlob, _Out_writes_bytes_to_opt_(*pcbSignedBlob, *pcbSignedBlob) BYTE *pbSignedBlob
__inout DWORD *pcbSignedBlob ,
_Inout_ DWORD *pcbSignedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a signed message. // Verify a signed message.
// //
// If pbDecoded == NULL, then, *pcbDecoded is implicitly set to 0 on input. // If pbDecoded == NULL, then, *pcbDecoded is implicitly set to 0 on input.
// For *pcbDecoded == 0 && ppSignerCert == NULL on input, the signer isn't // For *pcbDecoded == 0 && ppSignerCert == NULL on input, the signer isn't
// verified. // verified.
// //
// A message might have more than one signer. Set dwSignerIndex to iterate // A message might have more than one signer. Set dwSignerIndex to iterate
skipping to change at line 15252 skipping to change at line 15996
// CRYPT_E_NO_SIGNER. Also, for CRYPT_E_NO_SIGNER, pfnGetSignerCertificate // CRYPT_E_NO_SIGNER. Also, for CRYPT_E_NO_SIGNER, pfnGetSignerCertificate
// is still called with pSignerId set to NULL. // is still called with pSignerId set to NULL.
// //
// Note, an alternative way to get the certificates and CRLs from a // Note, an alternative way to get the certificates and CRLs from a
// signed message is to call CryptGetMessageCertificates. // signed message is to call CryptGetMessageCertificates.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptVerifyMessageSignature( CryptVerifyMessageSignature(
__in PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, _In_ PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara,
__in DWORD dwSignerIndex, _In_ DWORD dwSignerIndex,
__in_bcount(cbSignedBlob) const BYTE *pbSignedBlob, _In_reads_bytes_(cbSignedBlob) const BYTE *pbSignedBlob,
__in DWORD cbSignedBlob, _In_ DWORD cbSignedBlob,
__out_bcount_part_opt(*pcbDecoded, *pcbDecoded) BYTE *pbDecoded, _Out_writes_bytes_to_opt_(*pcbDecoded, *pcbDecoded) BYTE *pbDecoded,
__inout_opt DWORD *pcbDecoded, _Inout_opt_ DWORD *pcbDecoded,
__deref_opt_out_opt PCCERT_CONTEXT *ppSignerCert _Outptr_opt_result_maybenull_ PCCERT_CONTEXT *ppSignerCert
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Returns the count of signers in the signed message. For no signers, returns // Returns the count of signers in the signed message. For no signers, returns
// 0. For an error returns -1 with LastError updated accordingly. // 0. For an error returns -1 with LastError updated accordingly.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
LONG LONG
WINAPI WINAPI
CryptGetMessageSignerCount( CryptGetMessageSignerCount(
__in DWORD dwMsgEncodingType, _In_ DWORD dwMsgEncodingType,
__in_bcount(cbSignedBlob) const BYTE *pbSignedBlob, _In_reads_bytes_(cbSignedBlob) const BYTE *pbSignedBlob,
__in DWORD cbSignedBlob _In_ DWORD cbSignedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Returns the cert store containing the message's certs and CRLs. // Returns the cert store containing the message's certs and CRLs.
// For an error, returns NULL with LastError updated. // For an error, returns NULL with LastError updated.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCERTSTORE HCERTSTORE
WINAPI WINAPI
CryptGetMessageCertificates( CryptGetMessageCertificates(
__in DWORD dwMsgAndCertEncodingType, _In_ DWORD dwMsgAndCertEncodingType,
__in_opt HCRYPTPROV_LEGACY hCryptProv, // passed to CertOpenStore _In_opt_ HCRYPTPROV_LEGACY hCryptProv, // passed to CertOpenStore
__in DWORD dwFlags, // passed to CertOpenStore _In_ DWORD dwFlags, // passed to CertOpenStore
__in_bcount(cbSignedBlob) const BYTE *pbSignedBlob, _In_reads_bytes_(cbSignedBlob) const BYTE *pbSignedBlob,
__in DWORD cbSignedBlob _In_ DWORD cbSignedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a signed message containing detached signature(s). // Verify a signed message containing detached signature(s).
// The "to be signed" content is passed in separately. No // The "to be signed" content is passed in separately. No
// decoded output. Otherwise, identical to CryptVerifyMessageSignature. // decoded output. Otherwise, identical to CryptVerifyMessageSignature.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptVerifyDetachedMessageSignature( CryptVerifyDetachedMessageSignature(
__in PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, _In_ PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara,
__in DWORD dwSignerIndex, _In_ DWORD dwSignerIndex,
__in_bcount(cbDetachedSignBlob) const BYTE *pbDetachedSignBlob, _In_reads_bytes_(cbDetachedSignBlob) const BYTE *pbDetachedSignBlob,
__in DWORD cbDetachedSignBlob, _In_ DWORD cbDetachedSignBlob,
__in DWORD cToBeSigned, _In_ DWORD cToBeSigned,
__in_ecount(cToBeSigned) const BYTE *rgpbToBeSigned[], _In_reads_(cToBeSigned) const BYTE *rgpbToBeSigned[],
__in_ecount(cToBeSigned) DWORD rgcbToBeSigned[], _In_reads_(cToBeSigned) DWORD rgcbToBeSigned[],
__deref_opt_out_opt PCCERT_CONTEXT *ppSignerCert _Outptr_opt_result_maybenull_ PCCERT_CONTEXT *ppSignerCert
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Encrypts the message for the recipient(s). // Encrypts the message for the recipient(s).
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEncryptMessage( CryptEncryptMessage(
__in PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara, _In_ PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara,
__in DWORD cRecipientCert, _In_ DWORD cRecipientCert,
__in_ecount(cRecipientCert) PCCERT_CONTEXT rgpRecipientCert[], _In_reads_(cRecipientCert) PCCERT_CONTEXT rgpRecipientCert[],
__in_bcount_opt(cbToBeEncrypted) const BYTE *pbToBeEncrypted, _In_reads_bytes_opt_(cbToBeEncrypted) const BYTE *pbToBeEncrypted,
__in DWORD cbToBeEncrypted, _In_ DWORD cbToBeEncrypted,
__out_bcount_part_opt(*pcbEncryptedBlob, *pcbEncryptedBlob) BYTE *pbEncrypte _Out_writes_bytes_to_opt_(*pcbEncryptedBlob, *pcbEncryptedBlob) BYTE *pbEncr
dBlob, yptedBlob,
__inout DWORD *pcbEncryptedBlob _Inout_ DWORD *pcbEncryptedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Decrypts the message. // Decrypts the message.
// //
// If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input. // If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input.
// For *pcbDecrypted == 0 && ppXchgCert == NULL on input, the message isn't // For *pcbDecrypted == 0 && ppXchgCert == NULL on input, the message isn't
// decrypted. // decrypted.
// //
// For a successfully decrypted message, *ppXchgCert is updated // For a successfully decrypted message, *ppXchgCert is updated
// with the CertContext used to decrypt. It must be freed by calling // with the CertContext used to decrypt. It must be freed by calling
// CertStoreFreeCert. Otherwise, *ppXchgCert is set to NULL. // CertStoreFreeCert. Otherwise, *ppXchgCert is set to NULL.
// //
// ppXchgCert can be NULL, indicating the caller isn't interested // ppXchgCert can be NULL, indicating the caller isn't interested
// in getting the CertContext used to decrypt. // in getting the CertContext used to decrypt.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecryptMessage( CryptDecryptMessage(
__in PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara, _In_ PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
__in_bcount(cbEncryptedBlob) const BYTE *pbEncryptedBlob, _In_reads_bytes_(cbEncryptedBlob) const BYTE *pbEncryptedBlob,
__in DWORD cbEncryptedBlob, _In_ DWORD cbEncryptedBlob,
__out_bcount_part_opt(*pcbDecrypted, *pcbDecrypted) BYTE *pbDecrypted, _Out_writes_bytes_to_opt_(*pcbDecrypted, *pcbDecrypted) BYTE *pbDecrypted,
__inout_opt DWORD *pcbDecrypted, _Inout_opt_ DWORD *pcbDecrypted,
__deref_opt_out_opt PCCERT_CONTEXT *ppXchgCert _Outptr_opt_result_maybenull_ PCCERT_CONTEXT *ppXchgCert
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign the message and encrypt for the recipient(s). Does a CryptSignMessage // Sign the message and encrypt for the recipient(s). Does a CryptSignMessage
// followed with a CryptEncryptMessage. // followed with a CryptEncryptMessage.
// //
// Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED // Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED
// inside of an CMSG_ENVELOPED. // inside of an CMSG_ENVELOPED.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSignAndEncryptMessage( CryptSignAndEncryptMessage(
__in PCRYPT_SIGN_MESSAGE_PARA pSignPara, _In_ PCRYPT_SIGN_MESSAGE_PARA pSignPara,
__in PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara, _In_ PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara,
__in DWORD cRecipientCert, _In_ DWORD cRecipientCert,
__in_ecount(cRecipientCert) PCCERT_CONTEXT rgpRecipientCert[], _In_reads_(cRecipientCert) PCCERT_CONTEXT rgpRecipientCert[],
__in_bcount(cbToBeSignedAndEncrypted) const BYTE *pbToBeSignedAndEncrypted, _In_reads_bytes_(cbToBeSignedAndEncrypted) const BYTE *pbToBeSignedAndEncryp
__in DWORD cbToBeSignedAndEncrypted, ted,
__out_bcount_part_opt(*pcbSignedAndEncryptedBlob, *pcbSignedAndEncryptedBlob _In_ DWORD cbToBeSignedAndEncrypted,
) BYTE *pbSignedAndEncryptedBlob, _Out_writes_bytes_to_opt_(*pcbSignedAndEncryptedBlob, *pcbSignedAndEncrypted
__inout DWORD *pcbSignedAndEncryptedBlob Blob) BYTE *pbSignedAndEncryptedBlob,
_Inout_ DWORD *pcbSignedAndEncryptedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Decrypts the message and verifies the signer. Does a CryptDecryptMessage // Decrypts the message and verifies the signer. Does a CryptDecryptMessage
// followed with a CryptVerifyMessageSignature. // followed with a CryptVerifyMessageSignature.
// //
// If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input. // If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input.
// For *pcbDecrypted == 0 && ppSignerCert == NULL on input, the signer isn't // For *pcbDecrypted == 0 && ppSignerCert == NULL on input, the signer isn't
// verified. // verified.
// //
skipping to change at line 15402 skipping to change at line 16146
// Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED // Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED
// inside of an CMSG_ENVELOPED. // inside of an CMSG_ENVELOPED.
// //
// The message always needs to be decrypted to allow access to the // The message always needs to be decrypted to allow access to the
// signed message. Therefore, if ppXchgCert != NULL, its always updated. // signed message. Therefore, if ppXchgCert != NULL, its always updated.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecryptAndVerifyMessageSignature( CryptDecryptAndVerifyMessageSignature(
__in PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara, _In_ PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
__in PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, _In_ PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara,
__in DWORD dwSignerIndex, _In_ DWORD dwSignerIndex,
__in_bcount(cbEncryptedBlob) const BYTE *pbEncryptedBlob, _In_reads_bytes_(cbEncryptedBlob) const BYTE *pbEncryptedBlob,
__in DWORD cbEncryptedBlob, _In_ DWORD cbEncryptedBlob,
__out_bcount_part_opt(*pcbDecrypted, *pcbDecrypted) BYTE *pbDecrypted, _Out_writes_bytes_to_opt_(*pcbDecrypted, *pcbDecrypted) BYTE *pbDecrypted,
__inout_opt DWORD *pcbDecrypted, _Inout_opt_ DWORD *pcbDecrypted,
__deref_opt_out_opt PCCERT_CONTEXT *ppXchgCert, _Outptr_opt_result_maybenull_ PCCERT_CONTEXT *ppXchgCert,
__deref_opt_out_opt PCCERT_CONTEXT *ppSignerCert _Outptr_opt_result_maybenull_ PCCERT_CONTEXT *ppSignerCert
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Decodes a cryptographic message which may be one of the following types: // Decodes a cryptographic message which may be one of the following types:
// CMSG_DATA // CMSG_DATA
// CMSG_SIGNED // CMSG_SIGNED
// CMSG_ENVELOPED // CMSG_ENVELOPED
// CMSG_SIGNED_AND_ENVELOPED // CMSG_SIGNED_AND_ENVELOPED
// CMSG_HASHED // CMSG_HASHED
// //
skipping to change at line 15449 skipping to change at line 16193
// For CMSG_SIGNED: same as CryptVerifyMessageSignature. // For CMSG_SIGNED: same as CryptVerifyMessageSignature.
// For CMSG_ENVELOPED: same as CryptDecryptMessage. // For CMSG_ENVELOPED: same as CryptDecryptMessage.
// For CMSG_SIGNED_AND_ENVELOPED: same as CryptDecryptMessage plus // For CMSG_SIGNED_AND_ENVELOPED: same as CryptDecryptMessage plus
// CryptVerifyMessageSignature. // CryptVerifyMessageSignature.
// For CMSG_HASHED: verifies the hash and returns decoded content. // For CMSG_HASHED: verifies the hash and returns decoded content.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptDecodeMessage( CryptDecodeMessage(
__in DWORD dwMsgTypeFlags, _In_ DWORD dwMsgTypeFlags,
__in_opt PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara, _In_opt_ PCRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
__in_opt PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, _In_opt_ PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara,
__in DWORD dwSignerIndex, _In_ DWORD dwSignerIndex,
__in_bcount(cbEncodedBlob) const BYTE *pbEncodedBlob, _In_reads_bytes_(cbEncodedBlob) const BYTE *pbEncodedBlob,
__in DWORD cbEncodedBlob, _In_ DWORD cbEncodedBlob,
__in DWORD dwPrevInnerContentType, _In_ DWORD dwPrevInnerContentType,
__out_opt DWORD *pdwMsgType, _Out_opt_ DWORD *pdwMsgType,
__out_opt DWORD *pdwInnerContentType, _Out_opt_ DWORD *pdwInnerContentType,
__out_bcount_part_opt(*pcbDecoded, *pcbDecoded) BYTE *pbDecoded, _Out_writes_bytes_to_opt_(*pcbDecoded, *pcbDecoded) BYTE *pbDecoded,
__inout_opt DWORD *pcbDecoded, _Inout_opt_ DWORD *pcbDecoded,
__deref_opt_out_opt PCCERT_CONTEXT *ppXchgCert, _Outptr_opt_result_maybenull_ PCCERT_CONTEXT *ppXchgCert,
__deref_opt_out_opt PCCERT_CONTEXT *ppSignerCert _Outptr_opt_result_maybenull_ PCCERT_CONTEXT *ppSignerCert
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Hash the message. // Hash the message.
// //
// If fDetachedHash is TRUE, only the ComputedHash is encoded in the // If fDetachedHash is TRUE, only the ComputedHash is encoded in the
// pbHashedBlob. Otherwise, both the ToBeHashed and ComputedHash // pbHashedBlob. Otherwise, both the ToBeHashed and ComputedHash
// are encoded. // are encoded.
// //
// pcbHashedBlob or pcbComputedHash can be NULL, indicating the caller // pcbHashedBlob or pcbComputedHash can be NULL, indicating the caller
// isn't interested in getting the output. // isn't interested in getting the output.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptHashMessage( CryptHashMessage(
__in PCRYPT_HASH_MESSAGE_PARA pHashPara, _In_ PCRYPT_HASH_MESSAGE_PARA pHashPara,
__in BOOL fDetachedHash, _In_ BOOL fDetachedHash,
__in DWORD cToBeHashed, _In_ DWORD cToBeHashed,
__in_ecount(cToBeHashed) const BYTE *rgpbToBeHashed[], _In_reads_(cToBeHashed) const BYTE *rgpbToBeHashed[],
__in_ecount(cToBeHashed) DWORD rgcbToBeHashed[], _In_reads_(cToBeHashed) DWORD rgcbToBeHashed[],
__out_bcount_part_opt(*pcbHashedBlob, *pcbHashedBlob) BYTE *pbHashedBlob, _Out_writes_bytes_to_opt_(*pcbHashedBlob, *pcbHashedBlob) BYTE *pbHashedBlob
__inout_opt DWORD *pcbHashedBlob, ,
__out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa _Inout_opt_ DWORD *pcbHashedBlob,
sh, _Out_writes_bytes_to_opt_(*pcbComputedHash, *pcbComputedHash) BYTE *pbComput
__inout_opt DWORD *pcbComputedHash edHash,
_Inout_opt_ DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a hashed message. // Verify a hashed message.
// //
// pcbToBeHashed or pcbComputedHash can be NULL, // pcbToBeHashed or pcbComputedHash can be NULL,
// indicating the caller isn't interested in getting the output. // indicating the caller isn't interested in getting the output.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptVerifyMessageHash( CryptVerifyMessageHash(
__in PCRYPT_HASH_MESSAGE_PARA pHashPara, _In_ PCRYPT_HASH_MESSAGE_PARA pHashPara,
__in_bcount(cbHashedBlob) BYTE *pbHashedBlob, _In_reads_bytes_(cbHashedBlob) BYTE *pbHashedBlob,
__in DWORD cbHashedBlob, _In_ DWORD cbHashedBlob,
__out_bcount_part_opt(*pcbToBeHashed, *pcbToBeHashed) BYTE *pbToBeHashed, _Out_writes_bytes_to_opt_(*pcbToBeHashed, *pcbToBeHashed) BYTE *pbToBeHashed
__inout_opt DWORD *pcbToBeHashed, ,
__out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa _Inout_opt_ DWORD *pcbToBeHashed,
sh, _Out_writes_bytes_to_opt_(*pcbComputedHash, *pcbComputedHash) BYTE *pbComput
__inout_opt DWORD *pcbComputedHash edHash,
_Inout_opt_ DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a hashed message containing a detached hash. // Verify a hashed message containing a detached hash.
// The "to be hashed" content is passed in separately. No // The "to be hashed" content is passed in separately. No
// decoded output. Otherwise, identical to CryptVerifyMessageHash. // decoded output. Otherwise, identical to CryptVerifyMessageHash.
// //
// pcbComputedHash can be NULL, indicating the caller isn't interested // pcbComputedHash can be NULL, indicating the caller isn't interested
// in getting the output. // in getting the output.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptVerifyDetachedMessageHash( CryptVerifyDetachedMessageHash(
__in PCRYPT_HASH_MESSAGE_PARA pHashPara, _In_ PCRYPT_HASH_MESSAGE_PARA pHashPara,
__in_bcount(cbDetachedHashBlob) BYTE *pbDetachedHashBlob, _In_reads_bytes_(cbDetachedHashBlob) BYTE *pbDetachedHashBlob,
__in DWORD cbDetachedHashBlob, _In_ DWORD cbDetachedHashBlob,
__in DWORD cToBeHashed, _In_ DWORD cToBeHashed,
__in_ecount(cToBeHashed) const BYTE *rgpbToBeHashed[], _In_reads_(cToBeHashed) const BYTE *rgpbToBeHashed[],
__in_ecount(cToBeHashed) DWORD rgcbToBeHashed[], _In_reads_(cToBeHashed) DWORD rgcbToBeHashed[],
__out_bcount_part_opt(*pcbComputedHash, *pcbComputedHash) BYTE *pbComputedHa _Out_writes_bytes_to_opt_(*pcbComputedHash, *pcbComputedHash) BYTE *pbComput
sh, edHash,
__inout_opt DWORD *pcbComputedHash _Inout_opt_ DWORD *pcbComputedHash
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Sign the message using the provider's private key specified in the // Sign the message using the provider's private key specified in the
// parameters. A dummy SignerId is created and stored in the message. // parameters. A dummy SignerId is created and stored in the message.
// //
// Normally used until a certificate has been created for the key. // Normally used until a certificate has been created for the key.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSignMessageWithKey( CryptSignMessageWithKey(
__in PCRYPT_KEY_SIGN_MESSAGE_PARA pSignPara, _In_ PCRYPT_KEY_SIGN_MESSAGE_PARA pSignPara,
__in_bcount(cbToBeSigned) const BYTE *pbToBeSigned, _In_reads_bytes_(cbToBeSigned) const BYTE *pbToBeSigned,
__in DWORD cbToBeSigned, _In_ DWORD cbToBeSigned,
__out_bcount_part_opt(*pcbSignedBlob, *pcbSignedBlob) BYTE *pbSignedBlob, _Out_writes_bytes_to_opt_(*pcbSignedBlob, *pcbSignedBlob) BYTE *pbSignedBlob
__inout DWORD *pcbSignedBlob ,
_Inout_ DWORD *pcbSignedBlob
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Verify a signed message using the specified public key info. // Verify a signed message using the specified public key info.
// //
// Normally called by a CA until it has created a certificate for the // Normally called by a CA until it has created a certificate for the
// key. // key.
// //
// pPublicKeyInfo contains the public key to use to verify the signed // pPublicKeyInfo contains the public key to use to verify the signed
// message. If NULL, the signature isn't verified (for instance, the decoded // message. If NULL, the signature isn't verified (for instance, the decoded
// content may contain the PublicKeyInfo). // content may contain the PublicKeyInfo).
// //
// pcbDecoded can be NULL, indicating the caller isn't interested // pcbDecoded can be NULL, indicating the caller isn't interested
// in getting the decoded content. // in getting the decoded content.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptVerifyMessageSignatureWithKey( CryptVerifyMessageSignatureWithKey(
__in PCRYPT_KEY_VERIFY_MESSAGE_PARA pVerifyPara, _In_ PCRYPT_KEY_VERIFY_MESSAGE_PARA pVerifyPara,
__in_opt PCERT_PUBLIC_KEY_INFO pPublicKeyInfo, _In_opt_ PCERT_PUBLIC_KEY_INFO pPublicKeyInfo,
__in_bcount(cbSignedBlob) const BYTE *pbSignedBlob, _In_reads_bytes_(cbSignedBlob) const BYTE *pbSignedBlob,
__in DWORD cbSignedBlob, _In_ DWORD cbSignedBlob,
__out_bcount_part_opt(*pcbDecoded, *pcbDecoded) BYTE *pbDecoded, _Out_writes_bytes_to_opt_(*pcbDecoded, *pcbDecoded) BYTE *pbDecoded,
__inout_opt DWORD *pcbDecoded _Inout_opt_ DWORD *pcbDecoded
); );
//+========================================================================= //+=========================================================================
// System Certificate Store Data Structures and APIs // System Certificate Store Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Get a system certificate store based on a subsystem protocol. // Get a system certificate store based on a subsystem protocol.
// //
// Current examples of subsystems protocols are: // Current examples of subsystems protocols are:
skipping to change at line 15600 skipping to change at line 16344
// The returned Cert Store can be searched for an appropriate Cert // The returned Cert Store can be searched for an appropriate Cert
// using the Cert Store API's (see certstor.h) // using the Cert Store API's (see certstor.h)
// //
// When done, the cert store should be closed using CertStoreClose // When done, the cert store should be closed using CertStoreClose
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCERTSTORE HCERTSTORE
WINAPI WINAPI
CertOpenSystemStoreA( CertOpenSystemStoreA(
__in_opt HCRYPTPROV_LEGACY hProv, _In_opt_ HCRYPTPROV_LEGACY hProv,
__in LPCSTR szSubsystemProtocol _In_ LPCSTR szSubsystemProtocol
); );
WINCRYPT32API WINCRYPT32API
HCERTSTORE HCERTSTORE
WINAPI WINAPI
CertOpenSystemStoreW( CertOpenSystemStoreW(
__in_opt HCRYPTPROV_LEGACY hProv, _In_opt_ HCRYPTPROV_LEGACY hProv,
__in LPCWSTR szSubsystemProtocol _In_ LPCWSTR szSubsystemProtocol
); );
#ifdef UNICODE #ifdef UNICODE
#define CertOpenSystemStore CertOpenSystemStoreW #define CertOpenSystemStore CertOpenSystemStoreW
#else #else
#define CertOpenSystemStore CertOpenSystemStoreA #define CertOpenSystemStore CertOpenSystemStoreA
#endif // !UNICODE #endif // !UNICODE
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertAddEncodedCertificateToSystemStoreA( CertAddEncodedCertificateToSystemStoreA(
__in LPCSTR szCertStoreName, _In_ LPCSTR szCertStoreName,
__in_bcount(cbCertEncoded) const BYTE * pbCertEncoded, _In_reads_bytes_(cbCertEncoded) const BYTE * pbCertEncoded,
__in DWORD cbCertEncoded _In_ DWORD cbCertEncoded
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertAddEncodedCertificateToSystemStoreW( CertAddEncodedCertificateToSystemStoreW(
__in LPCWSTR szCertStoreName, _In_ LPCWSTR szCertStoreName,
__in_bcount(cbCertEncoded) const BYTE * pbCertEncoded, _In_reads_bytes_(cbCertEncoded) const BYTE * pbCertEncoded,
__in DWORD cbCertEncoded _In_ DWORD cbCertEncoded
); );
#ifdef UNICODE #ifdef UNICODE
#define CertAddEncodedCertificateToSystemStore CertAddEncodedCertificateToSyste mStoreW #define CertAddEncodedCertificateToSystemStore CertAddEncodedCertificateToSyste mStoreW
#else #else
#define CertAddEncodedCertificateToSystemStore CertAddEncodedCertificateToSyste mStoreA #define CertAddEncodedCertificateToSystemStore CertAddEncodedCertificateToSyste mStoreA
#endif // !UNICODE #endif // !UNICODE
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Find all certificate chains tying the given issuer name to any certificate // Find all certificate chains tying the given issuer name to any certificate
// that the current user has a private key for. // that the current user has a private key for.
skipping to change at line 15660 skipping to change at line 16404
DWORD cCerts; // number of certs in chain DWORD cCerts; // number of certs in chain
PCERT_BLOB certs; // pointer to array of cert chain blobs PCERT_BLOB certs; // pointer to array of cert chain blobs
// representing the certs // representing the certs
CRYPT_KEY_PROV_INFO keyLocatorInfo; // key locator for cert CRYPT_KEY_PROV_INFO keyLocatorInfo; // key locator for cert
} CERT_CHAIN, *PCERT_CHAIN; } CERT_CHAIN, *PCERT_CHAIN;
// WINCRYPT32API This is not exported by crypt32, it is exported by softpub // WINCRYPT32API This is not exported by crypt32, it is exported by softpub
HRESULT HRESULT
WINAPI WINAPI
FindCertsByIssuer( FindCertsByIssuer(
__out_bcount_part_opt(*pcbCertChains, *pcbCertChains) PCERT_CHAIN pCertChain _Out_writes_bytes_to_opt_(*pcbCertChains, *pcbCertChains) PCERT_CHAIN pCertC
s, hains,
__inout DWORD *pcbCertChains, _Inout_ DWORD *pcbCertChains,
__out DWORD *pcCertChains, // count of certificates chains returned _Out_ DWORD *pcCertChains, // count of certificates chains returned
__in_bcount_opt(cbEncodedIssuerName) BYTE* pbEncodedIssuerName, // DER enc _In_reads_bytes_opt_(cbEncodedIssuerName) BYTE* pbEncodedIssuerName, // DE
oded issuer name R encoded issuer name
__in DWORD cbEncodedIssuerName, // count in bytes of encoded issuer name _In_ DWORD cbEncodedIssuerName, // count in bytes of encoded issuer name
__in_opt LPCWSTR pwszPurpose, // "ClientAuth" or "CodeSigning" _In_opt_ LPCWSTR pwszPurpose, // "ClientAuth" or "CodeSigning"
__in DWORD dwKeySpec // only return signers supporting this _In_ DWORD dwKeySpec // only return signers supporting this
// keyspec // keyspec
); );
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
// //
// CryptQueryObject takes a CERT_BLOB or a file name and returns the // CryptQueryObject takes a CERT_BLOB or a file name and returns the
// information about the content in the blob or in the file. // information about the content in the blob or in the file.
// //
// Parameters: // Parameters:
// INPUT dwObjectType: // INPUT dwObjectType:
skipping to change at line 15804 skipping to change at line 16548
// CERT_QUERY_CONTENT_SERIALIZED_CTL, it is a PCCTL_CONTEXT ; // CERT_QUERY_CONTENT_SERIALIZED_CTL, it is a PCCTL_CONTEXT ;
// Caller should free the pContext via CertFreeCTLContext. // Caller should free the pContext via CertFreeCTLContext.
// //
// If the *pbObject is of type CERT_QUERY_CONTENT_PKCS10 or CERT_QUERY_CONTENT_ PFX, CryptQueryObject // If the *pbObject is of type CERT_QUERY_CONTENT_PKCS10 or CERT_QUERY_CONTENT_ PFX, CryptQueryObject
// will not return anything in *phCertstore, *phMsg, or *ppvContext. // will not return anything in *phCertstore, *phMsg, or *ppvContext.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptQueryObject( CryptQueryObject(
__in DWORD dwObjectType, _In_ DWORD dwObjectType,
__in const void *pvObject, _In_ const void *pvObject,
__in DWORD dwExpectedContentTypeFlags, _In_ DWORD dwExpectedContentTypeFlags,
__in DWORD dwExpectedFormatTypeFlags, _In_ DWORD dwExpectedFormatTypeFlags,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_opt DWORD *pdwMsgAndCertEncodingType, _Out_opt_ DWORD *pdwMsgAndCertEncodingType,
__out_opt DWORD *pdwContentType, _Out_opt_ DWORD *pdwContentType,
__out_opt DWORD *pdwFormatType, _Out_opt_ DWORD *pdwFormatType,
__out_opt HCERTSTORE *phCertStore, _Out_opt_ HCERTSTORE *phCertStore,
__out_opt HCRYPTMSG *phMsg, _Out_opt_ HCRYPTMSG *phMsg,
__deref_opt_out_opt const void **ppvContext _Outptr_opt_result_maybenull_ const void **ppvContext
); );
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//dwObjectType for CryptQueryObject //dwObjectType for CryptQueryObject
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
#define CERT_QUERY_OBJECT_FILE 0x00000001 #define CERT_QUERY_OBJECT_FILE 0x00000001
#define CERT_QUERY_OBJECT_BLOB 0x00000002 #define CERT_QUERY_OBJECT_BLOB 0x00000002
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//dwContentType for CryptQueryObject //dwContentType for CryptQueryObject
skipping to change at line 15932 skipping to change at line 16676
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | \ CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | \
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL | \ CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL | \
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL | \ CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL | \
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | \ CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | \
CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED | \ CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED | \
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED | \ CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED | \
CERT_QUERY_CONTENT_FLAG_PKCS10 | \ CERT_QUERY_CONTENT_FLAG_PKCS10 | \
CERT_QUERY_CONTENT_FLAG_PFX | \ CERT_QUERY_CONTENT_FLAG_PFX | \
CERT_QUERY_CONTENT_FLAG_CERT_PAIR ) CERT_QUERY_CONTENT_FLAG_CERT_PAIR )
//content types allowed for Issuer certificates
#define CERT_QUERY_CONTENT_FLAG_ALL_ISSUER_CERT \
( CERT_QUERY_CONTENT_FLAG_CERT | \
CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | \
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | \
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | \
CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED )
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//dwFormatType for CryptQueryObject //dwFormatType for CryptQueryObject
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
//the content is in binary format //the content is in binary format
#define CERT_QUERY_FORMAT_BINARY 1 #define CERT_QUERY_FORMAT_BINARY 1
//the content is base64 encoded //the content is base64 encoded
#define CERT_QUERY_FORMAT_BASE64_ENCODED 2 #define CERT_QUERY_FORMAT_BASE64_ENCODED 2
//the content is ascii hex encoded with "{ASN}" prefix //the content is ascii hex encoded with "{ASN}" prefix
skipping to change at line 15974 skipping to change at line 16726
// //
// Crypt32 Memory Management Routines. All Crypt32 API which return allocated // Crypt32 Memory Management Routines. All Crypt32 API which return allocated
// buffers will do so via CryptMemAlloc, CryptMemRealloc. Clients can free // buffers will do so via CryptMemAlloc, CryptMemRealloc. Clients can free
// those buffers using CryptMemFree. Also included is CryptMemSize // those buffers using CryptMemFree. Also included is CryptMemSize
// //
WINCRYPT32API WINCRYPT32API
LPVOID LPVOID
WINAPI WINAPI
CryptMemAlloc ( CryptMemAlloc (
__in ULONG cbSize _In_ ULONG cbSize
); );
WINCRYPT32API WINCRYPT32API
LPVOID LPVOID
WINAPI WINAPI
CryptMemRealloc ( CryptMemRealloc (
__in_opt LPVOID pv, _In_opt_ LPVOID pv,
__in ULONG cbSize _In_ ULONG cbSize
); );
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CryptMemFree ( CryptMemFree (
__in_opt LPVOID pv _In_opt_ LPVOID pv
); );
// //
// Crypt32 Asynchronous Parameter Management Routines. All Crypt32 API which // Crypt32 Asynchronous Parameter Management Routines. All Crypt32 API which
// expose asynchronous mode operation use a Crypt32 Async Handle to pass // expose asynchronous mode operation use a Crypt32 Async Handle to pass
// around information about the operation e.g. callback routines. The // around information about the operation e.g. callback routines. The
// following API are used for manipulation of the async handle // following API are used for manipulation of the async handle
// //
// Following functions were never used. If called, will fail with LastError // Following functions were never used. If called, will fail with LastError
// set to ERROR_CALL_NOT_IMPLEMENTED. // set to ERROR_CALL_NOT_IMPLEMENTED.
typedef HANDLE HCRYPTASYNC, *PHCRYPTASYNC; typedef HANDLE HCRYPTASYNC, *PHCRYPTASYNC;
typedef VOID (WINAPI *PFN_CRYPT_ASYNC_PARAM_FREE_FUNC) ( typedef VOID (WINAPI *PFN_CRYPT_ASYNC_PARAM_FREE_FUNC) (
__in LPSTR pszParamOid, _In_ LPSTR pszParamOid,
__in LPVOID pvParam _In_ LPVOID pvParam
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptCreateAsyncHandle ( CryptCreateAsyncHandle (
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out PHCRYPTASYNC phAsync _Out_ PHCRYPTASYNC phAsync
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSetAsyncParam ( CryptSetAsyncParam (
__in HCRYPTASYNC hAsync, _In_ HCRYPTASYNC hAsync,
__in LPSTR pszParamOid, _In_ LPSTR pszParamOid,
__in_opt LPVOID pvParam, _In_opt_ LPVOID pvParam,
__callback PFN_CRYPT_ASYNC_PARAM_FREE_FUNC pfnFree __callback PFN_CRYPT_ASYNC_PARAM_FREE_FUNC pfnFree
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptGetAsyncParam ( CryptGetAsyncParam (
__in HCRYPTASYNC hAsync, _In_ HCRYPTASYNC hAsync,
__in LPSTR pszParamOid, _In_ LPSTR pszParamOid,
__deref_opt_out_opt LPVOID* ppvParam, _Outptr_opt_result_maybenull_ LPVOID* ppvParam,
__deref_opt_out_opt __callback PFN_CRYPT_ASYNC_PARAM_FREE_FUNC* ppfnFree _Outptr_opt_result_maybenull_ __callback PFN_CRYPT_ASYNC_PARAM_FREE_FUNC* p
pfnFree
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptCloseAsyncHandle ( CryptCloseAsyncHandle (
__in_opt HCRYPTASYNC hAsync _In_opt_ HCRYPTASYNC hAsync
); );
// //
// Crypt32 Remote Object Retrieval Routines. This API allows retrieval of // Crypt32 Remote Object Retrieval Routines. This API allows retrieval of
// remote PKI objects where the location is given by an URL. The remote // remote PKI objects where the location is given by an URL. The remote
// object retrieval manager exposes two provider models. One is the "Scheme // object retrieval manager exposes two provider models. One is the "Scheme
// Provider" model which allows for installable protocol providers as defined // Provider" model which allows for installable protocol providers as defined
// by the URL scheme e.g. ldap, http, ftp. The scheme provider entry point is // by the URL scheme e.g. ldap, http, ftp. The scheme provider entry point is
// the same as the CryptRetrieveObjectByUrl however the *ppvObject returned // the same as the CryptRetrieveObjectByUrl however the *ppvObject returned
// is ALWAYS a counted array of encoded bits (one per object retrieved). The // is ALWAYS a counted array of encoded bits (one per object retrieved). The
skipping to change at line 16108 skipping to change at line 16860
// //
// The following is obsolete and has been replaced with the following // The following is obsolete and has been replaced with the following
// definition // definition
#define SCHEME_OID_RETRIEVE_ENCODED_OBJECT_FUNC "SchemeDllRetrieveEncodedObject" #define SCHEME_OID_RETRIEVE_ENCODED_OBJECT_FUNC "SchemeDllRetrieveEncodedObject"
// 2-8-02 Server 2003 changed to use UNICODE Url strings instead of multibyte // 2-8-02 Server 2003 changed to use UNICODE Url strings instead of multibyte
#define SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC "SchemeDllRetrieveEncodedObject W" #define SCHEME_OID_RETRIEVE_ENCODED_OBJECTW_FUNC "SchemeDllRetrieveEncodedObject W"
typedef VOID (WINAPI *PFN_FREE_ENCODED_OBJECT_FUNC) ( typedef VOID (WINAPI *PFN_FREE_ENCODED_OBJECT_FUNC) (
__in_opt LPCSTR pszObjectOid, _In_opt_ LPCSTR pszObjectOid,
__inout PCRYPT_BLOB_ARRAY pObject, _Inout_ PCRYPT_BLOB_ARRAY pObject,
__inout_opt LPVOID pvFreeContext _Inout_opt_ LPVOID pvFreeContext
); );
// //
// SchemeDllRetrieveEncodedObject was replaced in Server 2003 with // SchemeDllRetrieveEncodedObject was replaced in Server 2003 with
// the following. (Changed to use UNICODE Url Strings.) // the following. (Changed to use UNICODE Url Strings.)
// //
// //
// SchemeDllRetrieveEncodedObjectW has the following signature: // SchemeDllRetrieveEncodedObjectW has the following signature:
// //
// __success(return == TRUE) // _Success_(return != FALSE)
// BOOL WINAPI SchemeDllRetrieveEncodedObjectW ( // BOOL WINAPI SchemeDllRetrieveEncodedObjectW (
// __in LPCWSTR pwszUrl, // _In_ LPCWSTR pwszUrl,
// __in_opt LPCSTR pszObjectOid, // _In_opt_ LPCSTR pszObjectOid,
// __in DWORD dwRetrievalFlags, // _In_ DWORD dwRetrievalFlags,
// __in DWORD dwTimeout, // milliseconds // _In_ DWORD dwTimeout, // milliseconds
// __out PCRYPT_BLOB_ARRAY pObject, // _Out_ PCRYPT_BLOB_ARRAY pObject,
// __deref_out __callback PFN_FREE_ENCODED_OBJECT_FUNC* ppfnFr // _Outptr_ __callback PFN_FREE_ENCODED_OBJECT_FUNC* ppfnFreeO
eeObject, bject,
// __deref_out_opt LPVOID* ppvFreeContext, // _Outptr_result_maybenull_ LPVOID* ppvFreeContext,
// __in_opt HCRYPTASYNC hAsyncRetrieve, // _In_opt_ HCRYPTASYNC hAsyncRetrieve,
// __in_opt PCRYPT_CREDENTIALS pCredentials, // _In_opt_ PCRYPT_CREDENTIALS pCredentials,
// __inout_opt PCRYPT_RETRIEVE_AUX_INFO pAuxInfo // _Inout_opt_ PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
// ) // )
// //
// //
// Context Provider Signatures // Context Provider Signatures
// //
#define CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC "ContextDllCreateObjectContext" #define CONTEXT_OID_CREATE_OBJECT_CONTEXT_FUNC "ContextDllCreateObjectContext"
#define CONTEXT_OID_CERTIFICATE ((LPCSTR)1) #define CONTEXT_OID_CERTIFICATE ((LPCSTR)1)
#define CONTEXT_OID_CRL ((LPCSTR)2) #define CONTEXT_OID_CRL ((LPCSTR)2)
#define CONTEXT_OID_CTL ((LPCSTR)3) #define CONTEXT_OID_CTL ((LPCSTR)3)
#define CONTEXT_OID_PKCS7 ((LPCSTR)4) #define CONTEXT_OID_PKCS7 ((LPCSTR)4)
#define CONTEXT_OID_CAPI2_ANY ((LPCSTR)5) #define CONTEXT_OID_CAPI2_ANY ((LPCSTR)5)
#define CONTEXT_OID_OCSP_RESP ((LPCSTR)6) #define CONTEXT_OID_OCSP_RESP ((LPCSTR)6)
// //
// ContextDllCreateObjectContext has the following signature: // ContextDllCreateObjectContext has the following signature:
// //
// __success(return == TRUE) // _Success_(return != FALSE)
// BOOL WINAPI ContextDllCreateObjectContext ( // BOOL WINAPI ContextDllCreateObjectContext (
// __in_opt LPCSTR pszObjectOid, // _In_opt_ LPCSTR pszObjectOid,
// __in DWORD dwRetrievalFlags, // _In_ DWORD dwRetrievalFlags,
// __in PCRYPT_BLOB_ARRAY pObject, // _In_ PCRYPT_BLOB_ARRAY pObject,
// __deref_out LPVOID* ppvContext // _Outptr_ LPVOID* ppvContext
// ) // )
// //
// //
// Remote Object Retrieval API // Remote Object Retrieval API
// //
// //
// Retrieval flags // Retrieval flags
// //
skipping to change at line 16242 skipping to change at line 16994
// set in pAuxInfo. Only applicable to http URL retrievals. // set in pAuxInfo. Only applicable to http URL retrievals.
#define CRYPT_PROXY_CACHE_RETRIEVAL 0x00200000 #define CRYPT_PROXY_CACHE_RETRIEVAL 0x00200000
// When this flag is set, for a conditional retrieval returning not modified, // When this flag is set, for a conditional retrieval returning not modified,
// TRUE is returned and *ppvObject is set to NULL. For a nonNULL pAuxInfo, // TRUE is returned and *ppvObject is set to NULL. For a nonNULL pAuxInfo,
// dwHttpStatusCode is set to winhttp.h's HTTP_STATUS_NOT_MODIFIED. Otherwise, // dwHttpStatusCode is set to winhttp.h's HTTP_STATUS_NOT_MODIFIED. Otherwise,
// *ppvObject is updated for a successful retrieval. Only applicable to // *ppvObject is updated for a successful retrieval. Only applicable to
// http URL retrievals. // http URL retrievals.
#define CRYPT_NOT_MODIFIED_RETRIEVAL 0x00400000 #define CRYPT_NOT_MODIFIED_RETRIEVAL 0x00400000
// When this flag is set, revocation checking is enabled for https URLs.
// If the server's certificate is revoked, then, LastError is set to
// CRYPT_E_REVOKED. For no other errors, LastError is set to
// CRYPT_E_REVOCATION_OFFLINE for any offline revocation error.
//
// To ignore offline revocation errors, this API can be called again without
// setting this flag.
#define CRYPT_ENABLE_SSL_REVOCATION_RETRIEVAL 0x00800000
// Set this flag to append a random query string to the URL passed to
// WinHttpOpenRequest. This should only be set on URL's accessing Windows
// Update content. The random query string ensures that cached proxy content
// isn't used and the HTTP request will always reach the Content Delivery
// Network (CDN) used by Windows Update which removes a query string
// before doing a cache lookup.
#define CRYPT_RANDOM_QUERY_STRING_RETRIEVAL 0x04000000
// File scheme retrieval's are disabled by default. This flag can be set to
// allow file retrievals.
#define CRYPT_ENABLE_FILE_RETRIEVAL 0x08000000
// //
// Data verification retrieval flags // Data verification retrieval flags
// //
// CRYPT_VERIFY_CONTEXT_SIGNATURE is used to get signature verification // CRYPT_VERIFY_CONTEXT_SIGNATURE is used to get signature verification
// on the context created. In this case pszObjectOid must be non-NULL and // on the context created. In this case pszObjectOid must be non-NULL and
// pvVerify points to the signer certificate context // pvVerify points to the signer certificate context
// //
// CRYPT_VERIFY_DATA_HASH is used to get verification of the blob data // CRYPT_VERIFY_DATA_HASH is used to get verification of the blob data
// retrieved by the protocol. The pvVerify points to an URL_DATA_HASH // retrieved by the protocol. The pvVerify points to an URL_DATA_HASH
// structure (TBD) // structure (TBD)
// //
#define CRYPT_VERIFY_CONTEXT_SIGNATURE 0x00000020 #define CRYPT_VERIFY_CONTEXT_SIGNATURE 0x00000020
#define CRYPT_VERIFY_DATA_HASH 0x00000040 #define CRYPT_VERIFY_DATA_HASH 0x00000040
// //
// Time Valid Object flags // Time Valid Object flags
// //
#define CRYPT_KEEP_TIME_VALID 0x00000080 #define CRYPT_KEEP_TIME_VALID 0x00000080
#define CRYPT_DONT_VERIFY_SIGNATURE 0x00000100 #define CRYPT_DONT_VERIFY_SIGNATURE 0x00000100
#define CRYPT_DONT_CHECK_TIME_VALIDITY 0x00000200 #define CRYPT_DONT_CHECK_TIME_VALIDITY 0x00000200
// The default checks if ftNextUpdate >= ftValidFor. Set this flag to // The default checks if ftNextUpdate >= ftValidFor. Set this flag to
// check if ftThisUpdate >= ftValidFor. // check if ftThisUpdate >= ftValidFor.
#define CRYPT_CHECK_FRESHNESS_TIME_VALIDITY 0x00000400 #define CRYPT_CHECK_FRESHNESS_TIME_VALIDITY 0x00000400
#define CRYPT_ACCUMULATIVE_TIMEOUT 0x00000800 #define CRYPT_ACCUMULATIVE_TIMEOUT 0x00000800
// Set this flag to only use OCSP AIA URLs. // Set this flag to only use OCSP AIA URLs.
#define CRYPT_OCSP_ONLY_RETRIEVAL 0x01000000 #define CRYPT_OCSP_ONLY_RETRIEVAL 0x01000000
// Set this flag to only use the OCSP AIA URL if present. If the subject
// doesn't have an OCSP AIA URL, then, the CDP URLs are used.
#define CRYPT_NO_OCSP_FAILOVER_TO_CRL_RETRIEVAL 0x02000000
// //
// Cryptnet URL Cache Pre-Fetch Info // Cryptnet URL Cache Pre-Fetch Info
// //
typedef struct _CRYPTNET_URL_CACHE_PRE_FETCH_INFO { typedef struct _CRYPTNET_URL_CACHE_PRE_FETCH_INFO {
DWORD cbSize; DWORD cbSize;
DWORD dwObjectType; DWORD dwObjectType;
// Possible errors: // Possible errors:
// S_OK - Pending // S_OK - Pending
skipping to change at line 16296 skipping to change at line 17073
// Other errors - Unable to retrieve pre-fetch content // Other errors - Unable to retrieve pre-fetch content
DWORD dwError; DWORD dwError;
DWORD dwReserved; DWORD dwReserved;
FILETIME ThisUpdateTime; FILETIME ThisUpdateTime;
FILETIME NextUpdateTime; FILETIME NextUpdateTime;
FILETIME PublishTime; // May be zero FILETIME PublishTime; // May be zero
} CRYPTNET_URL_CACHE_PRE_FETCH_INFO, *PCRYPTNET_URL_CACHE_PRE_FETCH_INFO; } CRYPTNET_URL_CACHE_PRE_FETCH_INFO, *PCRYPTNET_URL_CACHE_PRE_FETCH_INFO;
// Pre-fetch ObjectTypes // Pre-fetch ObjectTypes
#define CRYPTNET_URL_CACHE_PRE_FETCH_NONE 0 #define CRYPTNET_URL_CACHE_PRE_FETCH_NONE 0
#define CRYPTNET_URL_CACHE_PRE_FETCH_BLOB 1 #define CRYPTNET_URL_CACHE_PRE_FETCH_BLOB 1
#define CRYPTNET_URL_CACHE_PRE_FETCH_CRL 2 #define CRYPTNET_URL_CACHE_PRE_FETCH_CRL 2
#define CRYPTNET_URL_CACHE_PRE_FETCH_OCSP 3 #define CRYPTNET_URL_CACHE_PRE_FETCH_OCSP 3
#define CRYPTNET_URL_CACHE_PRE_FETCH_AUTOROOT_CAB 5 #define CRYPTNET_URL_CACHE_PRE_FETCH_AUTOROOT_CAB 5
#define CRYPTNET_URL_CACHE_PRE_FETCH_DISALLOWED_CERT_CAB 6
// //
// Cryptnet URL Cache Flush Info // Cryptnet URL Cache Flush Info
// //
typedef struct _CRYPTNET_URL_CACHE_FLUSH_INFO { typedef struct _CRYPTNET_URL_CACHE_FLUSH_INFO {
DWORD cbSize; DWORD cbSize;
// If pre-fetching is enabled, following is ignored // If pre-fetching is enabled, following is ignored
// //
// 0 - use default flush exempt seconds (2 weeks) // 0 - use default flush exempt seconds (2 weeks)
// 0xFFFFFFFF - disable flushing // 0xFFFFFFFF - disable flushing
skipping to change at line 16404 skipping to change at line 17182
// cleared. This value will only be updated for http or https URL // cleared. This value will only be updated for http or https URL
// retrievals. // retrievals.
// //
// If CRYPT_NOT_MODIFIED_RETRIEVAL was set in dwFlags, set to winhttp.h's // If CRYPT_NOT_MODIFIED_RETRIEVAL was set in dwFlags, set to winhttp.h's
// HTTP_STATUS_NOT_MODIFIED if the retrieval returned not modified. In // HTTP_STATUS_NOT_MODIFIED if the retrieval returned not modified. In
// this case TRUE is returned with *ppvObject set to NULL. // this case TRUE is returned with *ppvObject set to NULL.
DWORD dwHttpStatusCode; DWORD dwHttpStatusCode;
} CRYPT_RETRIEVE_AUX_INFO, *PCRYPT_RETRIEVE_AUX_INFO; } CRYPT_RETRIEVE_AUX_INFO, *PCRYPT_RETRIEVE_AUX_INFO;
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptRetrieveObjectByUrlA ( CryptRetrieveObjectByUrlA (
__in LPCSTR pszUrl, _In_ LPCSTR pszUrl,
__in_opt LPCSTR pszObjectOid, _In_opt_ LPCSTR pszObjectOid,
__in DWORD dwRetrievalFlags, _In_ DWORD dwRetrievalFlags,
__in DWORD dwTimeout, // milliseconds _In_ DWORD dwTimeout, // milliseconds
__deref_out LPVOID* ppvObject, _Outptr_ LPVOID* ppvObject,
__in_opt HCRYPTASYNC hAsyncRetrieve, _In_opt_ HCRYPTASYNC hAsyncRetrieve,
__in_opt PCRYPT_CREDENTIALS pCredentials, _In_opt_ PCRYPT_CREDENTIALS pCredentials,
__in_opt LPVOID pvVerify, _In_opt_ LPVOID pvVerify,
__inout_opt PCRYPT_RETRIEVE_AUX_INFO pAuxInfo _Inout_opt_ PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
); );
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptRetrieveObjectByUrlW ( CryptRetrieveObjectByUrlW (
__in LPCWSTR pszUrl, _In_ LPCWSTR pszUrl,
__in_opt LPCSTR pszObjectOid, _In_opt_ LPCSTR pszObjectOid,
__in DWORD dwRetrievalFlags, _In_ DWORD dwRetrievalFlags,
__in DWORD dwTimeout, // milliseconds _In_ DWORD dwTimeout, // milliseconds
__deref_out LPVOID* ppvObject, _Outptr_ LPVOID* ppvObject,
__in_opt HCRYPTASYNC hAsyncRetrieve, _In_opt_ HCRYPTASYNC hAsyncRetrieve,
__in_opt PCRYPT_CREDENTIALS pCredentials, _In_opt_ PCRYPT_CREDENTIALS pCredentials,
__in_opt LPVOID pvVerify, _In_opt_ LPVOID pvVerify,
__inout_opt PCRYPT_RETRIEVE_AUX_INFO pAuxInfo _Inout_opt_ PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptRetrieveObjectByUrl CryptRetrieveObjectByUrlW #define CryptRetrieveObjectByUrl CryptRetrieveObjectByUrlW
#else #else
#define CryptRetrieveObjectByUrl CryptRetrieveObjectByUrlA #define CryptRetrieveObjectByUrl CryptRetrieveObjectByUrlA
#endif // !UNICODE #endif // !UNICODE
// //
// Call back function to cancel object retrieval // Call back function to cancel object retrieval
// //
// The function can be installed on a per thread basis. // The function can be installed on a per thread basis.
// If CryptInstallCancelRetrieval is called for multiple times, only the most re cent // If CryptInstallCancelRetrieval is called for multiple times, only the most re cent
// installation will be kept. // installation will be kept.
// //
// This is only effective for http, https, gopher, and ftp protocol. // This is only effective for http, https, gopher, and ftp protocol.
// It is ignored by the rest of the protocols. // It is ignored by the rest of the protocols.
typedef BOOL (WINAPI *PFN_CRYPT_CANCEL_RETRIEVAL)( typedef BOOL (WINAPI *PFN_CRYPT_CANCEL_RETRIEVAL)(
__in DWORD dwFlags, _In_ DWORD dwFlags,
__inout_opt void *pvArg _Inout_opt_ void *pvArg
); );
// //
// PFN_CRYPT_CANCEL_RETRIEVAL // PFN_CRYPT_CANCEL_RETRIEVAL
// //
// This function should return FALSE when the object retrieval should be continu ed // This function should return FALSE when the object retrieval should be continu ed
// and return TRUE when the object retrieval should be cancelled. // and return TRUE when the object retrieval should be cancelled.
// //
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptInstallCancelRetrieval( CryptInstallCancelRetrieval(
__callback PFN_CRYPT_CANCEL_RETRIEVAL pfnCancel, __callback PFN_CRYPT_CANCEL_RETRIEVAL pfnCancel,
__in_opt const void *pvArg, _In_opt_ const void *pvArg,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptUninstallCancelRetrieval( CryptUninstallCancelRetrieval(
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved _Reserved_ void *pvReserved
); );
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptCancelAsyncRetrieval ( CryptCancelAsyncRetrieval (
__in_opt HCRYPTASYNC hAsyncRetrieval _In_opt_ HCRYPTASYNC hAsyncRetrieval
); );
// //
// Remote Object Async Retrieval parameters // Remote Object Async Retrieval parameters
// //
// //
// A client that wants to be notified of asynchronous object retrieval // A client that wants to be notified of asynchronous object retrieval
// completion sets this parameter on the async handle // completion sets this parameter on the async handle
// //
#define CRYPT_PARAM_ASYNC_RETRIEVAL_COMPLETION ((LPCSTR)1) #define CRYPT_PARAM_ASYNC_RETRIEVAL_COMPLETION ((LPCSTR)1)
typedef VOID (WINAPI *PFN_CRYPT_ASYNC_RETRIEVAL_COMPLETION_FUNC) ( typedef VOID (WINAPI *PFN_CRYPT_ASYNC_RETRIEVAL_COMPLETION_FUNC) (
__inout_opt LPVOID pvCompletion, _Inout_opt_ LPVOID pvCompletion,
__in DWORD dwCompletionCode, _In_ DWORD dwCompletionCode,
__in LPCSTR pszUrl, _In_ LPCSTR pszUrl,
__in_opt LPSTR pszObjectOid, _In_opt_ LPSTR pszObjectOid,
__in LPVOID pvObject _In_ LPVOID pvObject
); );
typedef struct _CRYPT_ASYNC_RETRIEVAL_COMPLETION { typedef struct _CRYPT_ASYNC_RETRIEVAL_COMPLETION {
__callback PFN_CRYPT_ASYNC_RETRIEVAL_COMPLETION_FUNC pfnCompletion; __callback PFN_CRYPT_ASYNC_RETRIEVAL_COMPLETION_FUNC pfnCompletion;
__inout_opt LPVOID pvCompletion; _Inout_opt_ LPVOID pvCompletion;
} CRYPT_ASYNC_RETRIEVAL_COMPLETION, *PCRYPT_ASYNC_RETRIEVAL_COMPLETION; } CRYPT_ASYNC_RETRIEVAL_COMPLETION, *PCRYPT_ASYNC_RETRIEVAL_COMPLETION;
// //
// This function is set on the async handle by a scheme provider that // This function is set on the async handle by a scheme provider that
// supports asynchronous retrieval // supports asynchronous retrieval
// //
#define CRYPT_PARAM_CANCEL_ASYNC_RETRIEVAL ((LPCSTR)2) #define CRYPT_PARAM_CANCEL_ASYNC_RETRIEVAL ((LPCSTR)2)
typedef BOOL (WINAPI *PFN_CANCEL_ASYNC_RETRIEVAL_FUNC) ( typedef BOOL (WINAPI *PFN_CANCEL_ASYNC_RETRIEVAL_FUNC) (
__in_opt HCRYPTASYNC hAsyncRetrieve _In_opt_ HCRYPTASYNC hAsyncRetrieve
); );
// //
// Get the locator for a CAPI object // Get the locator for a CAPI object
// //
#define CRYPT_GET_URL_FROM_PROPERTY 0x00000001 #define CRYPT_GET_URL_FROM_PROPERTY 0x00000001
#define CRYPT_GET_URL_FROM_EXTENSION 0x00000002 #define CRYPT_GET_URL_FROM_EXTENSION 0x00000002
#define CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE 0x00000004 #define CRYPT_GET_URL_FROM_UNAUTH_ATTRIBUTE 0x00000004
#define CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE 0x00000008 #define CRYPT_GET_URL_FROM_AUTH_ATTRIBUTE 0x00000008
skipping to change at line 16552 skipping to change at line 17330
// distribution points. Each distribution point may have multiple // distribution points. Each distribution point may have multiple
// URLs, (LDAP and HTTP scheme). // URLs, (LDAP and HTTP scheme).
DWORD cGroup; DWORD cGroup;
DWORD *rgcGroupEntry; DWORD *rgcGroupEntry;
} CRYPT_URL_INFO, *PCRYPT_URL_INFO; } CRYPT_URL_INFO, *PCRYPT_URL_INFO;
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptGetObjectUrl ( CryptGetObjectUrl (
__in LPCSTR pszUrlOid, _In_ LPCSTR pszUrlOid,
__in LPVOID pvPara, _In_ LPVOID pvPara,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbUrlArray, *pcbUrlArray) PCRYPT_URL_ARRAY pUrlArray _Out_writes_bytes_to_opt_(*pcbUrlArray, *pcbUrlArray) PCRYPT_URL_ARRAY pUrlA
, rray,
__inout DWORD* pcbUrlArray, _Inout_ DWORD* pcbUrlArray,
__out_bcount_part_opt(*pcbUrlInfo, *pcbUrlInfo) PCRYPT_URL_INFO pUrlInfo, _Out_writes_bytes_to_opt_(*pcbUrlInfo, *pcbUrlInfo) PCRYPT_URL_INFO pUrlInfo
__inout_opt DWORD* pcbUrlInfo, ,
__reserved LPVOID pvReserved _Inout_opt_ DWORD* pcbUrlInfo,
_Reserved_ LPVOID pvReserved
); );
#define URL_OID_GET_OBJECT_URL_FUNC "UrlDllGetObjectUrl" #define URL_OID_GET_OBJECT_URL_FUNC "UrlDllGetObjectUrl"
// //
// UrlDllGetObjectUrl has the same signature as CryptGetObjectUrl // UrlDllGetObjectUrl has the same signature as CryptGetObjectUrl
// //
// //
// URL_OID_CERTIFICATE_ISSUER // URL_OID_CERTIFICATE_ISSUER
skipping to change at line 16732 skipping to change at line 17510
PCERT_REVOCATION_CHAIN_PARA pChainPara; PCERT_REVOCATION_CHAIN_PARA pChainPara;
// Should be used if the DeltaCrlIndicator value is more than 4 bytes // Should be used if the DeltaCrlIndicator value is more than 4 bytes
// If nonNull and iDeltaCrlIndicator == MAXLONG, check that the CRL's number is >= // If nonNull and iDeltaCrlIndicator == MAXLONG, check that the CRL's number is >=
PCRYPT_INTEGER_BLOB pDeltaCrlIndicator; PCRYPT_INTEGER_BLOB pDeltaCrlIndicator;
} CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO, } CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO,
*PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO; *PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO;
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptGetTimeValidObject ( CryptGetTimeValidObject (
__in LPCSTR pszTimeValidOid, _In_ LPCSTR pszTimeValidOid,
__in LPVOID pvPara, _In_ LPVOID pvPara,
__in PCCERT_CONTEXT pIssuer, _In_ PCCERT_CONTEXT pIssuer,
__in_opt LPFILETIME pftValidFor, _In_opt_ LPFILETIME pftValidFor,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in DWORD dwTimeout, // milliseconds _In_ DWORD dwTimeout, // milliseconds
__deref_opt_out LPVOID* ppvObject, _Outptr_opt_ LPVOID* ppvObject,
__in_opt PCRYPT_CREDENTIALS pCredentials, _In_opt_ PCRYPT_CREDENTIALS pCredentials,
__inout_opt PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO pExtraInfo _Inout_opt_ PCRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO pExtraInfo
); );
#define TIME_VALID_OID_GET_OBJECT_FUNC "TimeValidDllGetObject" #define TIME_VALID_OID_GET_OBJECT_FUNC "TimeValidDllGetObject"
// //
// TimeValidDllGetObject has the same signature as CryptGetTimeValidObject // TimeValidDllGetObject has the same signature as CryptGetTimeValidObject
// //
// //
// TIME_VALID_OID_GET_CTL // TIME_VALID_OID_GET_CTL
skipping to change at line 16786 skipping to change at line 17564
#define TIME_VALID_OID_GET_CRL ((LPCSTR)2) #define TIME_VALID_OID_GET_CRL ((LPCSTR)2)
#define TIME_VALID_OID_GET_CRL_FROM_CERT ((LPCSTR)3) #define TIME_VALID_OID_GET_CRL_FROM_CERT ((LPCSTR)3)
#define TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CERT ((LPCSTR)4) #define TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CERT ((LPCSTR)4)
#define TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CRL ((LPCSTR)5) #define TIME_VALID_OID_GET_FRESHEST_CRL_FROM_CRL ((LPCSTR)5)
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptFlushTimeValidObject ( CryptFlushTimeValidObject (
__in LPCSTR pszFlushTimeValidOid, _In_ LPCSTR pszFlushTimeValidOid,
__in LPVOID pvPara, _In_ LPVOID pvPara,
__in PCCERT_CONTEXT pIssuer, _In_ PCCERT_CONTEXT pIssuer,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved LPVOID pvReserved _Reserved_ LPVOID pvReserved
); );
#define TIME_VALID_OID_FLUSH_OBJECT_FUNC "TimeValidDllFlushObject" #define TIME_VALID_OID_FLUSH_OBJECT_FUNC "TimeValidDllFlushObject"
// //
// TimeValidDllFlushObject has the same signature as CryptFlushTimeValidObject // TimeValidDllFlushObject has the same signature as CryptFlushTimeValidObject
// //
// //
// TIME_VALID_OID_FLUSH_CTL // TIME_VALID_OID_FLUSH_CTL
skipping to change at line 16829 skipping to change at line 17607
// freshest CRL to flush // freshest CRL to flush
// //
#define TIME_VALID_OID_FLUSH_CTL ((LPCSTR)1) #define TIME_VALID_OID_FLUSH_CTL ((LPCSTR)1)
#define TIME_VALID_OID_FLUSH_CRL ((LPCSTR)2) #define TIME_VALID_OID_FLUSH_CRL ((LPCSTR)2)
#define TIME_VALID_OID_FLUSH_CRL_FROM_CERT ((LPCSTR)3) #define TIME_VALID_OID_FLUSH_CRL_FROM_CERT ((LPCSTR)3)
#define TIME_VALID_OID_FLUSH_FRESHEST_CRL_FROM_CERT ((LPCSTR)4) #define TIME_VALID_OID_FLUSH_FRESHEST_CRL_FROM_CERT ((LPCSTR)4)
#define TIME_VALID_OID_FLUSH_FRESHEST_CRL_FROM_CRL ((LPCSTR)5) #define TIME_VALID_OID_FLUSH_FRESHEST_CRL_FROM_CRL ((LPCSTR)5)
//-------------------------------------------------------------------------
// Data Protection APIs
//-------------------------------------------------------------------------
//
// Data protection APIs enable applications to easily secure data.
//
// The base provider provides protection based on the users' logon
// credentials. The data secured with these APIs follow the same
// roaming characteristics as HKCU -- if HKCU roams, the data
// protected by the base provider may roam as well. This makes
// the API ideal for the munging of data stored in the registry.
//
//
// Prompt struct -- what to tell users about the access
//
typedef struct _CRYPTPROTECT_PROMPTSTRUCT
{
DWORD cbSize;
DWORD dwPromptFlags;
HWND hwndApp;
LPCWSTR szPrompt;
} CRYPTPROTECT_PROMPTSTRUCT, *PCRYPTPROTECT_PROMPTSTRUCT;
//
// base provider action
//
#define CRYPTPROTECT_DEFAULT_PROVIDER { 0xdf9d8cd0, 0x1501, 0x11d1, {0x8c, 0x7
a, 0x00, 0xc0, 0x4f, 0xc2, 0x97, 0xeb} }
//
// CryptProtect PromptStruct dwPromtFlags
//
//
// prompt on unprotect
#define CRYPTPROTECT_PROMPT_ON_UNPROTECT 0x1 // 1<<0
//
// prompt on protect
#define CRYPTPROTECT_PROMPT_ON_PROTECT 0x2 // 1<<1
#define CRYPTPROTECT_PROMPT_RESERVED 0x04 // reserved, do not use.
//
// default to strong variant UI protection (user supplied password currently).
#define CRYPTPROTECT_PROMPT_STRONG 0x08 // 1<<3
//
// require strong variant UI protection (user supplied password currently).
#define CRYPTPROTECT_PROMPT_REQUIRE_STRONG 0x10 // 1<<4
//
// CryptProtectData and CryptUnprotectData dwFlags
//
// for remote-access situations where ui is not an option
// if UI was specified on protect or unprotect operation, the call
// will fail and GetLastError() will indicate ERROR_PASSWORD_RESTRICTION
#define CRYPTPROTECT_UI_FORBIDDEN 0x1
//
// per machine protected data -- any user on machine where CryptProtectData
// took place may CryptUnprotectData
#define CRYPTPROTECT_LOCAL_MACHINE 0x4
//
// force credential synchronize during CryptProtectData()
// Synchronize is only operation that occurs during this operation
#define CRYPTPROTECT_CRED_SYNC 0x8
//
// Generate an Audit on protect and unprotect operations
//
#define CRYPTPROTECT_AUDIT 0x10
//
// Protect data with a non-recoverable key
//
#define CRYPTPROTECT_NO_RECOVERY 0x20
//
// Verify the protection of a protected blob
//
#define CRYPTPROTECT_VERIFY_PROTECTION 0x40
//
// Regenerate the local machine protection
//
#define CRYPTPROTECT_CRED_REGENERATE 0x80
// flags reserved for system use
#define CRYPTPROTECT_FIRST_RESERVED_FLAGVAL 0x0FFFFFFF
#define CRYPTPROTECT_LAST_RESERVED_FLAGVAL 0xFFFFFFFF
//
// flags specific to base provider
//
WINCRYPT32API
BOOL
WINAPI
CryptProtectData(
__in DATA_BLOB* pDataIn,
__in_opt LPCWSTR szDataDescr,
__in_opt DATA_BLOB* pOptionalEntropy,
__reserved PVOID pvReserved,
__in_opt CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
__in DWORD dwFlags,
__out DATA_BLOB* pDataOut // out encr blob
);
WINCRYPT32API
BOOL
WINAPI
CryptUnprotectData(
__in DATA_BLOB* pDataIn, // in encr blob
__deref_opt_out_opt LPWSTR* ppszDataDescr, // out
__in_opt DATA_BLOB* pOptionalEntropy,
__reserved PVOID pvReserved,
__in_opt CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
__in DWORD dwFlags,
__out DATA_BLOB* pDataOut
);
#if (NTDDI_VERSION >= NTDDI_WINLH)
WINCRYPT32API
BOOL
WINAPI
CryptUpdateProtectedState(
__in_opt PSID pOldSid,
__in_opt LPCWSTR pwszOldPassword,
__in DWORD dwFlags,
__out_opt DWORD *pdwSuccessCount,
__out_opt DWORD *pdwFailureCount);
#endif // (NTDDI_VERSION >= NTDDI_WINLH)
//
// The buffer length passed into CryptProtectMemory and CryptUnprotectMemory
// must be a multiple of this length (or zero).
//
#define CRYPTPROTECTMEMORY_BLOCK_SIZE 16
//
// CryptProtectMemory/CryptUnprotectMemory dwFlags
//
//
// Encrypt/Decrypt within current process context.
//
#define CRYPTPROTECTMEMORY_SAME_PROCESS 0x00
//
// Encrypt/Decrypt across process boundaries.
// eg: encrypted buffer passed across LPC to another process which calls CryptUn
protectMemory.
//
#define CRYPTPROTECTMEMORY_CROSS_PROCESS 0x01
//
// Encrypt/Decrypt across callers with same LogonId.
// eg: encrypted buffer passed across LPC to another process which calls CryptUn
protectMemory whilst impersonating.
//
#define CRYPTPROTECTMEMORY_SAME_LOGON 0x02
WINCRYPT32API
BOOL
WINAPI
CryptProtectMemory(
__inout LPVOID pDataIn, // in out data to encry
pt
__in DWORD cbDataIn, // multiple of CRYPTPRO
TECTMEMORY_BLOCK_SIZE
__in DWORD dwFlags
);
WINCRYPT32API
BOOL
WINAPI
CryptUnprotectMemory(
__inout LPVOID pDataIn, // in out data to decry
pt
__in DWORD cbDataIn, // multiple of CRYPTPRO
TECTMEMORY_BLOCK_SIZE
__in DWORD dwFlags
);
//+========================================================================= //+=========================================================================
// Helper functions to build certificates // Helper functions to build certificates
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// //
// Builds a self-signed certificate and returns a PCCERT_CONTEXT representing // Builds a self-signed certificate and returns a PCCERT_CONTEXT representing
// the certificate. A hProv may be specified to build the cert context. // the certificate. A hProv may be specified to build the cert context.
// //
// pSubjectIssuerBlob is the DN for the certifcate. If an alternate subject // pSubjectIssuerBlob is the DN for the certifcate. If an alternate subject
skipping to change at line 17051 skipping to change at line 17645
// //
// If the cert being built is only a dummy placeholder cert for speed it may not // If the cert being built is only a dummy placeholder cert for speed it may not
// need to be signed. Signing of the cert is skipped if CERT_CREATE_SELFSIGN_NO_ SIGN // need to be signed. Signing of the cert is skipped if CERT_CREATE_SELFSIGN_NO_ SIGN
// is specified in dwFlags. // is specified in dwFlags.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CONTEXT PCCERT_CONTEXT
WINAPI WINAPI
CertCreateSelfSignCertificate( CertCreateSelfSignCertificate(
__in_opt HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, _In_opt_ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey,
__in PCERT_NAME_BLOB pSubjectIssuerBlob, _In_ PCERT_NAME_BLOB pSubjectIssuerBlob,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt PCRYPT_KEY_PROV_INFO pKeyProvInfo, _In_opt_ PCRYPT_KEY_PROV_INFO pKeyProvInfo,
__in_opt PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, _In_opt_ PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
__in_opt PSYSTEMTIME pStartTime, _In_opt_ PSYSTEMTIME pStartTime,
__in_opt PSYSTEMTIME pEndTime, _In_opt_ PSYSTEMTIME pEndTime,
__in_opt PCERT_EXTENSIONS pExtensions _In_opt_ PCERT_EXTENSIONS pExtensions
); );
#define CERT_CREATE_SELFSIGN_NO_SIGN 1 #define CERT_CREATE_SELFSIGN_NO_SIGN 1
#define CERT_CREATE_SELFSIGN_NO_KEY_INFO 2 #define CERT_CREATE_SELFSIGN_NO_KEY_INFO 2
//+========================================================================= //+=========================================================================
// Key Identifier Property Data Structures and APIs // Key Identifier Property Data Structures and APIs
//========================================================================== //==========================================================================
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 17097 skipping to change at line 17691
// By default, searches the CurrentUser's list of Key Identifiers. // By default, searches the CurrentUser's list of Key Identifiers.
// CRYPT_KEYID_MACHINE_FLAG can be set to search the LocalMachine's list // CRYPT_KEYID_MACHINE_FLAG can be set to search the LocalMachine's list
// of Key Identifiers. When CRYPT_KEYID_MACHINE_FLAG is set, pwszComputerName // of Key Identifiers. When CRYPT_KEYID_MACHINE_FLAG is set, pwszComputerName
// can also be set to specify the name of a remote computer to be searched // can also be set to specify the name of a remote computer to be searched
// instead of the local machine. // instead of the local machine.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptGetKeyIdentifierProperty( CryptGetKeyIdentifierProperty(
__in const CRYPT_HASH_BLOB *pKeyIdentifier, _In_ const CRYPT_HASH_BLOB *pKeyIdentifier,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt LPCWSTR pwszComputerName, _In_opt_ LPCWSTR pwszComputerName,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__out_bcount_part_opt(*pcbData, *pcbData) void *pvData, _Out_writes_bytes_to_opt_(*pcbData, *pcbData) void *pvData,
__inout DWORD *pcbData _Inout_ DWORD *pcbData
); );
// When the following flag is set, searches the LocalMachine instead of the // When the following flag is set, searches the LocalMachine instead of the
// CurrentUser. This flag is applicable to all the KeyIdentifierProperty APIs. // CurrentUser. This flag is applicable to all the KeyIdentifierProperty APIs.
#define CRYPT_KEYID_MACHINE_FLAG 0x00000020 #define CRYPT_KEYID_MACHINE_FLAG 0x00000020
// When the following flag is set, *pvData is updated with a pointer to // When the following flag is set, *pvData is updated with a pointer to
// allocated memory. LocalFree() must be called to free the allocated memory. // allocated memory. LocalFree() must be called to free the allocated memory.
#define CRYPT_KEYID_ALLOC_FLAG 0x00008000 #define CRYPT_KEYID_ALLOC_FLAG 0x00008000
skipping to change at line 17137 skipping to change at line 17731
// properties is deleted. // properties is deleted.
// //
// If CRYPT_KEYID_SET_NEW_FLAG is set, the set fails if the property already // If CRYPT_KEYID_SET_NEW_FLAG is set, the set fails if the property already
// exists. For an existing property, FALSE is returned with LastError set to // exists. For an existing property, FALSE is returned with LastError set to
// CRYPT_E_EXISTS. // CRYPT_E_EXISTS.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptSetKeyIdentifierProperty( CryptSetKeyIdentifierProperty(
__in const CRYPT_HASH_BLOB *pKeyIdentifier, _In_ const CRYPT_HASH_BLOB *pKeyIdentifier,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt LPCWSTR pwszComputerName, _In_opt_ LPCWSTR pwszComputerName,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__in_opt const void *pvData _In_opt_ const void *pvData
); );
// When the following flag is set, the Key Identifier and all its properties // When the following flag is set, the Key Identifier and all its properties
// are deleted. // are deleted.
#define CRYPT_KEYID_DELETE_FLAG 0x00000010 #define CRYPT_KEYID_DELETE_FLAG 0x00000010
// When the following flag is set, the set fails if the property already // When the following flag is set, the set fails if the property already
// exists. // exists.
#define CRYPT_KEYID_SET_NEW_FLAG 0x00002000 #define CRYPT_KEYID_SET_NEW_FLAG 0x00002000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// For CERT_KEY_PROV_INFO_PROP_ID, rgppvData[] points to a // For CERT_KEY_PROV_INFO_PROP_ID, rgppvData[] points to a
// CRYPT_KEY_PROV_INFO. // CRYPT_KEY_PROV_INFO.
// //
// Return FALSE to stop the enumeration. // Return FALSE to stop the enumeration.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef BOOL (WINAPI *PFN_CRYPT_ENUM_KEYID_PROP)( typedef BOOL (WINAPI *PFN_CRYPT_ENUM_KEYID_PROP)(
__in const CRYPT_HASH_BLOB *pKeyIdentifier, _In_ const CRYPT_HASH_BLOB *pKeyIdentifier,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__inout_opt void *pvArg, _Inout_opt_ void *pvArg,
__in DWORD cProp, _In_ DWORD cProp,
__in_ecount(cProp) DWORD *rgdwPropId, _In_reads_(cProp) DWORD *rgdwPropId,
__in_ecount(cProp) void **rgpvData, _In_reads_(cProp) void **rgpvData,
__in_ecount(cProp) DWORD *rgcbData _In_reads_(cProp) DWORD *rgcbData
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Enumerate the Key Identifiers. // Enumerate the Key Identifiers.
// //
// If pKeyIdentifier is NULL, enumerates all Key Identifers. Otherwise, // If pKeyIdentifier is NULL, enumerates all Key Identifers. Otherwise,
// calls the callback for the specified KeyIdentifier. If dwPropId is // calls the callback for the specified KeyIdentifier. If dwPropId is
// 0, calls the callback with all the properties. Otherwise, only calls // 0, calls the callback with all the properties. Otherwise, only calls
// the callback with the specified property (cProp = 1). // the callback with the specified property (cProp = 1).
// Furthermore, when dwPropId is specified, skips KeyIdentifiers not // Furthermore, when dwPropId is specified, skips KeyIdentifiers not
// having the property. // having the property.
// //
// Set CRYPT_KEYID_MACHINE_FLAG to enumerate the LocalMachine // Set CRYPT_KEYID_MACHINE_FLAG to enumerate the LocalMachine
// Key Identifiers. Set pwszComputerName, to enumerate Key Identifiers on // Key Identifiers. Set pwszComputerName, to enumerate Key Identifiers on
// a remote computer. // a remote computer.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptEnumKeyIdentifierProperties( CryptEnumKeyIdentifierProperties(
__in_opt const CRYPT_HASH_BLOB *pKeyIdentifier, _In_opt_ const CRYPT_HASH_BLOB *pKeyIdentifier,
__in DWORD dwPropId, _In_ DWORD dwPropId,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt LPCWSTR pwszComputerName, _In_opt_ LPCWSTR pwszComputerName,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__inout_opt void *pvArg, _Inout_opt_ void *pvArg,
__callback PFN_CRYPT_ENUM_KEYID_PROP pfnEnum __callback PFN_CRYPT_ENUM_KEYID_PROP pfnEnum
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Create a KeyIdentifier from the CSP Public Key Blob. // Create a KeyIdentifier from the CSP Public Key Blob.
// //
// Converts the CSP PUBLICKEYSTRUC into a X.509 CERT_PUBLIC_KEY_INFO and // Converts the CSP PUBLICKEYSTRUC into a X.509 CERT_PUBLIC_KEY_INFO and
// encodes. The encoded CERT_PUBLIC_KEY_INFO is SHA1 hashed to obtain // encodes. The encoded CERT_PUBLIC_KEY_INFO is SHA1 hashed to obtain
// the Key Identifier. // the Key Identifier.
// //
// By default, the pPubKeyStruc->aiKeyAlg is used to find the appropriate // By default, the pPubKeyStruc->aiKeyAlg is used to find the appropriate
// public key Object Identifier. pszPubKeyOID can be set to override // public key Object Identifier. pszPubKeyOID can be set to override
// the default OID obtained from the aiKeyAlg. // the default OID obtained from the aiKeyAlg.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CryptCreateKeyIdentifierFromCSP( CryptCreateKeyIdentifierFromCSP(
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in_opt LPCSTR pszPubKeyOID, _In_opt_ LPCSTR pszPubKeyOID,
__in_bcount(cbPubKeyStruc) const PUBLICKEYSTRUC *pPubKeyStruc, _In_reads_bytes_(cbPubKeyStruc) const PUBLICKEYSTRUC *pPubKeyStruc,
__in DWORD cbPubKeyStruc, _In_ DWORD cbPubKeyStruc,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__out_bcount_part_opt(*pcbHash, *pcbHash) BYTE *pbHash, _Out_writes_bytes_to_opt_(*pcbHash, *pcbHash) BYTE *pbHash,
__inout DWORD *pcbHash _Inout_ DWORD *pcbHash
); );
//+========================================================================= //+=========================================================================
// Certificate Chaining Infrastructure // Certificate Chaining Infrastructure
//========================================================================== //==========================================================================
#define CERT_CHAIN_CONFIG_REGPATH \ #define CERT_CHAIN_CONFIG_REGPATH \
L"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCerti ficateChainEngine\\Config" L"Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCerti ficateChainEngine\\Config"
// max size of the cryptographic object to download, in bytes // max size of the cryptographic object to download, in bytes
skipping to change at line 17288 skipping to change at line 17882
L"MaxAIAUrlRetrievalCertCount" L"MaxAIAUrlRetrievalCertCount"
#define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_DEFAULT 10 #define CERT_CHAIN_MAX_AIA_URL_RETRIEVAL_CERT_COUNT_DEFAULT 10
// The following is a REG_DWORD. If the OCSP response NextUpdate is zero, // The following is a REG_DWORD. If the OCSP response NextUpdate is zero,
// this value is added to the ThisUpdate to get a nonzero NextUpdate. // this value is added to the ThisUpdate to get a nonzero NextUpdate.
#define CERT_CHAIN_OCSP_VALIDITY_SECONDS_VALUE_NAME \ #define CERT_CHAIN_OCSP_VALIDITY_SECONDS_VALUE_NAME \
L"OcspValiditySeconds" L"OcspValiditySeconds"
// 12 hours // 12 hours
#define CERT_CHAIN_OCSP_VALIDITY_SECONDS_DEFAULT (12 * 60 * 60) #define CERT_CHAIN_OCSP_VALIDITY_SECONDS_DEFAULT (12 * 60 * 60)
// The following is a REG_DWORD. Flags can be set to enable weak
// signature hash algorithms and/or weak public key lengths that
// are disabled by default. Also, has flags to enable logging of weak
// certificates.
//
#define CERT_CHAIN_ENABLE_WEAK_SIGNATURE_FLAGS_VALUE_NAME \
L"EnableWeakSignatureFlags"
// The following flag is set to enable MD2 or MD4 hashes that are
// disabled by default. If none, code signing, driver signing
// or time stamping requested EKUs are passed to CertGetCertificateChain API,
// then MD2 or MD4 isn't disabled by default.
#define CERT_CHAIN_ENABLE_MD2_MD4_FLAG 0x00000001
// The following flag is set to enable weak RSA public key lengths
// for trusted roots that are disabled by default.
#define CERT_CHAIN_ENABLE_WEAK_RSA_ROOT_FLAG 0x00000002
// The following flag is set to enable the logging of weak certificates
// to the directory identified by CERT_CHAIN_WEAK_SIGNATURE_LOG_DIR_VALUE_NAME.
// Not applicable to MD2 or MD4 certificates.
#define CERT_CHAIN_ENABLE_WEAK_LOGGING_FLAG 0x00000004
// The following flag is set to only log weak certificates. Disables
// weak signature errors from being returned. Not applicable
// to MD2 or MD4 certificates.
#define CERT_CHAIN_ENABLE_ONLY_WEAK_LOGGING_FLAG 0x00000008
// The following is a REG_DWORD that specifies the minimum RSA public
// key length in bits. If not defined or a value of 0, uses the
// default value.
#define CERT_CHAIN_MIN_RSA_PUB_KEY_BIT_LENGTH_VALUE_NAME \
L"MinRsaPubKeyBitLength"
#define CERT_CHAIN_MIN_RSA_PUB_KEY_BIT_LENGTH_DEFAULT 1023
// The following value disables checking for weak RSA public key lengths.
#define CERT_CHAIN_MIN_RSA_PUB_KEY_BIT_LENGTH_DISABLE \
0xFFFFFFFF
// The following is a REG_BINARY containing the 8 byte FILETIME. The weak
// RSA public key length check is disabled for timestamped files before
// this time. If not defined or a zero FILETIME, uses the default value.
#define CERT_CHAIN_WEAK_RSA_PUB_KEY_TIME_VALUE_NAME \
L"WeakRsaPubKeyTime"
// The default time: UTC: Fri Jan 01 00:00:00 2010
#define CERT_CHAIN_WEAK_RSA_PUB_KEY_TIME_DEFAULT \
0x01CA8A755C6E0000ui64
// The following is a REG_SZ. When defined, weak certificates are
// written to this directory. This directory should be ACL'ed to allow
// modify access by Authenticated Users and All Application Packages.
#define CERT_CHAIN_WEAK_SIGNATURE_LOG_DIR_VALUE_NAME \
L"WeakSignatureLogDir"
//+=========================================================================
//
// Weak Signature Registry Configuration
//
//==========================================================================
//
// The administrator will continue to place the weak crypto settings under:
// CERT_CHAIN_CONFIG_REGPATH defined above.
//
// The OS and Windows Update will configure the same settings in the
// "Default" subkey under CERT_CHAIN_CONFIG_REGPATH.
//
#define CERT_CHAIN_DEFAULT_CONFIG_SUBDIR L"Default"
//
// The registry values will have the following name syntax:
// "Weak"<CryptoAlg><ConfigType><ValueType>
//
// Where:
// - <CryptoAlg> can be: "Md5", "Sha1", "Rsa", "Dsa" or "Ecdsa"
// - <ConfigType> can be: "ThirdParty" or "All"
// - <ValueType> can be: "Flags", "Hygiene", "MinBitLength", "AfterTime" or
// "Sha256Allow"
// - "Hygiene" is only applicable to hash algorithms
// - "MinBitLengh" is only applicable to key algorithms
// - <CryptoAlg>, <ConfigType> and <ValueType> will be present in all names.
//
//
// For example, all possible registry value names for Md5:
// WeakMd5ThirdPartyFlags
// WeakMd5AllFlags
// WeakMd5ThirdPartyHygiene
// WeakMd5AllHygiene
// WeakMd5ThirdPartyAfterTime
// WeakMd5AllAfterTime
// WeakMd5ThirdPartySha256Allow
// WeakMd5AllSha256Allow
//
// For example, all possible registry value names for Rsa:
// WeakRsaThirdPartyFlags
// WeakRsaAllFlags
// WeakRsaThirdPartyAfterTime
// WeakRsaAllAfterTime
// WeakRsaThirdPartyMinBitLength
// WeakRsaAllMinBitLength
// WeakRsaThirdPartySha256Allow
// WeakRsaAllSha256Allow
//
// The following registry values can be set:
// - "Weak"<CryptoAlg><ConfigType>"Flags"
// - REG_DWORD
// - Flags can be set to disable the hash algorithm or enable a
// minimum key length. See below for a complete list.
// - "Weak"<HashCryptoAlg><ConfigType>"Hygiene"
// - REG_DWORD or REG_QWORD. The REG_DWORD can be used until the number
// of hygiene functions exceeds 32. We will support either registry type
// for this value.
// - This value corresponds to the qwHygieneFlags parameter passed to the
// I_CertGetCertificateHygieneStatus internal API.
// - The hygiene checks are skipped if the hash algorithm has been disabled.
// - "Weak"<KeyCryptoAlg><ConfigType>"MinBitLength"
// - REG_DWORD
// - This value specifies the minimum public key length in bits.
// - "Weak"<CryptoAlg><ConfigType>"AfterTime"
// - REG_BINARY
// - This value contains an 8 byte FILETIME. The weak crypto algorithm
// check is disabled for time stamped files before this time.
// - This configuration value isn't applicable to timestamp chains.
// - This configuration value isn't applicable to hygiene checks.
// - "Weak"<CryptoAlg><ConfigType>"Sha256Allow"
// - REG_SZ or REG_MULTI_SZ
// - This value contains the list of certificate SHA256 thumbprints
// (ASCII_HEX formatted) identifying weak certificates to be explicitly
// allowed. Non ASCII_HEX characters in the string are skipped.
// This allows embedded spaces.
// - The resultant set used for either "Weak"<CryptoAlg>"ThirdParty" or
// "Weak"<CryptoAlg>"All" is the union of:
// - Default and Administrator
// - "ThirdParty" and "All"
//
#define CERT_CHAIN_WEAK_PREFIX_NAME L"Weak"
#define CERT_CHAIN_WEAK_THIRD_PARTY_CONFIG_NAME L"ThirdParty"
#define CERT_CHAIN_WEAK_ALL_CONFIG_NAME L"All"
#define CERT_CHAIN_WEAK_FLAGS_NAME L"Flags"
#define CERT_CHAIN_WEAK_HYGIENE_NAME L"Hygiene"
#define CERT_CHAIN_WEAK_AFTER_TIME_NAME L"AfterTime"
#define CERT_CHAIN_WEAK_MIN_BIT_LENGTH_NAME L"MinBitLength"
#define CERT_CHAIN_WEAK_SHA256_ALLOW_NAME L"Sha256Allow"
// The following value disables checking for weak public key lengths.
#define CERT_CHAIN_MIN_PUB_KEY_BIT_LENGTH_DISABLE \
0xFFFFFFFF
// The following flags can be set in the above
// "Weak"<CryptoAlg><ConfigType>"Flags"
// If the following flag isn't set, then all other flags and registry values
// are ignored for this "Weak"<CryptoAlg><ConfigType>.
//
// If the administrator sets this flag for its "Weak"<CryptoAlg><ConfigType>,
// then, the corresponding Default OS/Windows Update settings are ignored.
//
// If this flag is set in "Weak"<CryptoAlg>"AllFlags":
// - Resultant "Weak"<CryptoAlg>"ThirdPartyFlags" will or with
// "Weak"<CryptoAlg>"AllFlags". However, "Weak"<CryptoAlg>"ThirdPartyFlags"
// logging flags won't be updated.
//
// ThirdPartyFlags |= AllFlags &
// ~(CERT_CHAIN_ENABLE_WEAK_LOGGING_FLAG |
// CERT_CHAIN_ENABLE_ONLY_WEAK_LOGGING_FLAG);
// - Resultant "Weak"<HashCryptoAlg>"ThirdPartyHygine" will or with
// "Weak"<HashCryptoAlg>AllHygiene"
// - Resultant "Weak<CryptoAlg>"ThirdPartyAfterTime" will be earliest
// ("Weak"<CryptoAlg>"AllAfterTime", "Weak"<CryptoAlg>"ThirdPartyAfterTime").
//
// Only applicable if "Weak"<CryptoAlg>"AllAfterTime" is defined and nonzero.
// - Resultant "Weak"<KeyCryptoAlg>"ThirdPartyMinBitLength" will be largest
// ("Weak"<KeyCryptoAlg>"AllMinBitLength",
// "Weak"<KeyCryptoAlg>"ThirdPartyMinBitLength"
#define CERT_CHAIN_ENABLE_WEAK_SETTINGS_FLAG 0x80000000
// The following flag is set to enable the logging of weak certificates to the
// directory identified by CERT_CHAIN_WEAK_SIGNATURE_LOG_DIR_VALUE_NAME.
// #define CERT_CHAIN_ENABLE_WEAK_LOGGING_FLAG 0x00000004
// The following flag is set to only log weak certificates to the directory
// identified by CERT_CHAIN_WEAK_SIGNATURE_LOG_DIR_VALUE_NAME. Weak signature
// errors aren't returned.
// #define CERT_CHAIN_ENABLE_ONLY_WEAK_LOGGING_FLAG 0x00000008
// In addition to setting the above CERT_CHAIN_ENABLE_WEAK_SETTINGS_FLAG flag,
// the following flags corresponding to the EKU must be set to disable weak
// signature or enable weak hash hygiene checks:
// This flag disables for all EKUs.
#define CERT_CHAIN_DISABLE_ALL_EKU_WEAK_FLAG 0x00010000
// This flag enables hygiene for all EKUs not disabling.
#define CERT_CHAIN_ENABLE_ALL_EKU_HYGIENE_FLAG 0x00020000
// This flag disables for ServerAuth EKUs.
#define CERT_CHAIN_DISABLE_SERVER_AUTH_WEAK_FLAG 0x00100000
// This flag enables hygiene for ServerAuth EKUs.
#define CERT_CHAIN_ENABLE_SERVER_AUTH_HYGIENE_FLAG 0x00200000
// This flag disables for code signing EKUs
#define CERT_CHAIN_DISABLE_CODE_SIGNING_WEAK_FLAG 0x00400000
// This flag disables for code signing EKUs only when CertGetCertificateChain
// is called with the Mark-Of-The-Web (CERT_CHAIN_HAS_MOTW)
#define CERT_CHAIN_DISABLE_MOTW_CODE_SIGNING_WEAK_FLAG 0x00800000
// This flag enables hygiene for code signing EKUs
#define CERT_CHAIN_ENABLE_CODE_SIGNING_HYGIENE_FLAG 0x01000000
// This flag enables hygiene for code signing EKUs only when
// CertGetCertificateChain is called with the
// Mark-Of-The-Web (CERT_CHAIN_HAS_MOTW)
#define CERT_CHAIN_ENABLE_MOTW_CODE_SIGNING_HYGIENE_FLAG 0x02000000
// This flag disables for timestamp EKUs.
#define CERT_CHAIN_DISABLE_TIMESTAMP_WEAK_FLAG 0x04000000
// This flag disables for timestamp EKUs only when CertGetCertificateChain is
// called with the Mark-Of-The-Web (CERT_CHAIN_HAS_MOTW)
#define CERT_CHAIN_DISABLE_MOTW_TIMESTAMP_WEAK_FLAG 0x08000000
// This flag enables hygiene for timestamp EKUs
#define CERT_CHAIN_ENABLE_TIMESTAMP_HYGIENE_FLAG 0x10000000
// This flag enables hygiene for timestamp EKUs only when
// CertGetCertificateChain is called with the
// Mark-Of-The-Web (CERT_CHAIN_HAS_MOTW)
#define CERT_CHAIN_ENABLE_MOTW_TIMESTAMP_HYGIENE_FLAG 0x20000000
// This flag ignores the "Weak"<CryptoAlg><ConfigType>"AfterTime" value
// when CertGetCertificateChain is called with the
// Mark-Of-The-Web (CERT_CHAIN_HAS_MOTW)
#define CERT_CHAIN_MOTW_IGNORE_AFTER_TIME_WEAK_FLAG 0x40000000
// If the hash algorithm is disabled, then, the hygiene check will be skipped.
// The hygiene flags are only applicable to hash algorithms.
// If no EKU flags are set, then, weak crypto isn't enforced for the
// "Weak"<CryptoAlg><ConfigType>. This allows the administrator to always
// ignore the Default OS/Windows Update settings.
#define CERT_CHAIN_DISABLE_WEAK_FLAGS ( \
CERT_CHAIN_DISABLE_ALL_EKU_WEAK_FLAG | \
CERT_CHAIN_DISABLE_SERVER_AUTH_WEAK_FLAG | \
CERT_CHAIN_DISABLE_CODE_SIGNING_WEAK_FLAG | \
CERT_CHAIN_DISABLE_MOTW_CODE_SIGNING_WEAK_FLAG | \
CERT_CHAIN_DISABLE_TIMESTAMP_WEAK_FLAG | \
CERT_CHAIN_DISABLE_MOTW_TIMESTAMP_WEAK_FLAG )
#define CERT_CHAIN_ENABLE_HYGIENE_FLAGS ( \
CERT_CHAIN_ENABLE_ALL_EKU_HYGIENE_FLAG | \
CERT_CHAIN_ENABLE_SERVER_AUTH_HYGIENE_FLAG | \
CERT_CHAIN_ENABLE_CODE_SIGNING_HYGIENE_FLAG | \
CERT_CHAIN_ENABLE_MOTW_CODE_SIGNING_HYGIENE_FLAG | \
CERT_CHAIN_ENABLE_TIMESTAMP_HYGIENE_FLAG | \
CERT_CHAIN_ENABLE_MOTW_TIMESTAMP_HYGIENE_FLAG )
#define CERT_CHAIN_MOTW_WEAK_FLAGS ( \
CERT_CHAIN_DISABLE_MOTW_CODE_SIGNING_WEAK_FLAG | \
CERT_CHAIN_DISABLE_MOTW_TIMESTAMP_WEAK_FLAG | \
CERT_CHAIN_ENABLE_MOTW_CODE_SIGNING_HYGIENE_FLAG | \
CERT_CHAIN_ENABLE_MOTW_TIMESTAMP_HYGIENE_FLAG | \
CERT_CHAIN_MOTW_IGNORE_AFTER_TIME_WEAK_FLAG)
// The following are REG_DWORD's. These configuration parameters are // The following are REG_DWORD's. These configuration parameters are
// used by the following APIs to get a non-blocking, time valid OCSP // used by the following APIs to get a non-blocking, time valid OCSP
// response for a server certificate chain: // response for a server certificate chain:
// CertOpenServerOcspResponse // CertOpenServerOcspResponse
// CertAddRefServerOcspResponse // CertAddRefServerOcspResponse
// CertCloseServerOcspResponse // CertCloseServerOcspResponse
// CertGetServerOcspResponseContext // CertGetServerOcspResponseContext
// CertAddRefServerOcspResponseContext // CertAddRefServerOcspResponseContext
// CertFreeServerOcspResponseContext // CertFreeServerOcspResponseContext
skipping to change at line 17386 skipping to change at line 18249
// 1 hour // 1 hour
#define CRYPTNET_PRE_FETCH_MIN_MAX_AGE_SECONDS_DEFAULT \ #define CRYPTNET_PRE_FETCH_MIN_MAX_AGE_SECONDS_DEFAULT \
(1 * 60 * 60) (1 * 60 * 60)
#define CRYPTNET_PRE_FETCH_MAX_MAX_AGE_SECONDS_VALUE_NAME \ #define CRYPTNET_PRE_FETCH_MAX_MAX_AGE_SECONDS_VALUE_NAME \
L"CryptnetPreFetchMaxMaxAgeSeconds" L"CryptnetPreFetchMaxMaxAgeSeconds"
// 2 Weeks : 14 days * 24 hours * 60 minutes * 60 seconds // 2 Weeks : 14 days * 24 hours * 60 minutes * 60 seconds
#define CRYPTNET_PRE_FETCH_MAX_MAX_AGE_SECONDS_DEFAULT \ #define CRYPTNET_PRE_FETCH_MAX_MAX_AGE_SECONDS_DEFAULT \
(14 * 24 * 60 * 60) (14 * 24 * 60 * 60)
// Following parameter is used to set the lower limit on the
// OCSP validity period
#define CRYPTNET_PRE_FETCH_MIN_OCSP_VALIDITY_PERIOD_SECONDS_VALUE_NAME \
L"CryptnetPreFetchMinOcspValidityPeriodSeconds"
// 2 Weeks : 14 days * 24 hours * 60 minutes * 60 seconds
#define CRYPTNET_PRE_FETCH_MIN_OCSP_VALIDITY_PERIOD_SECONDS_DEFAULT \
(14 * 24 * 60 * 60)
// Following 3 parameters are used to calculate the PreFetch start before // Following 3 parameters are used to calculate the PreFetch start before
// the NextUpdate // the NextUpdate
// //
// Where PreFetchStartTime = PublishTime + // Where PreFetchStartTime = PublishTime +
// PublishPeriod / AfterPublishPreFetchDivisor // PublishPeriod / AfterPublishPreFetchDivisor
// PreFetchEndTime = NextUpdate - // PreFetchEndTime = NextUpdate -
// PublishPeriod / BeforeNextUpdatePreFetchDivisor // PublishPeriod / BeforeNextUpdatePreFetchDivisor
// //
// PreFetchPeriod = PreFetchEndTime - PreFetchStartTime // PreFetchPeriod = PreFetchEndTime - PreFetchStartTime
// //
skipping to change at line 17693 skipping to change at line 18564
// (milliseconds) // (milliseconds)
// //
#define CERT_CHAIN_CACHE_END_CERT 0x00000001 #define CERT_CHAIN_CACHE_END_CERT 0x00000001
#define CERT_CHAIN_THREAD_STORE_SYNC 0x00000002 #define CERT_CHAIN_THREAD_STORE_SYNC 0x00000002
#define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL 0x00000004 #define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL 0x00000004
#define CERT_CHAIN_USE_LOCAL_MACHINE_STORE 0x00000008 #define CERT_CHAIN_USE_LOCAL_MACHINE_STORE 0x00000008
#define CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE 0x00000010 #define CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE 0x00000010
#define CERT_CHAIN_ENABLE_SHARE_STORE 0x00000020 #define CERT_CHAIN_ENABLE_SHARE_STORE 0x00000020
// Following CertGetCertificateChain dwFlag can also be set on the
// chain engine flags
// #define CERT_CHAIN_DISABLE_AIA 0x00002000
typedef struct _CERT_CHAIN_ENGINE_CONFIG { typedef struct _CERT_CHAIN_ENGINE_CONFIG {
DWORD cbSize; DWORD cbSize;
HCERTSTORE hRestrictedRoot; HCERTSTORE hRestrictedRoot;
HCERTSTORE hRestrictedTrust; HCERTSTORE hRestrictedTrust;
HCERTSTORE hRestrictedOther; HCERTSTORE hRestrictedOther;
DWORD cAdditionalStore; DWORD cAdditionalStore;
HCERTSTORE* rghAdditionalStore; HCERTSTORE* rghAdditionalStore;
DWORD dwFlags; DWORD dwFlags;
DWORD dwUrlRetrievalTimeout; // milliseconds DWORD dwUrlRetrievalTimeout; // milliseconds
DWORD MaximumCachedCertificates; DWORD MaximumCachedCertificates;
DWORD CycleDetectionModulus; DWORD CycleDetectionModulus;
#if (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN7)
HCERTSTORE hExclusiveRoot; HCERTSTORE hExclusiveRoot;
HCERTSTORE hExclusiveTrustedPeople; HCERTSTORE hExclusiveTrustedPeople;
#endif #endif
#if (NTDDI_VERSION >= NTDDI_WIN8)
DWORD dwExclusiveFlags;
#endif
} CERT_CHAIN_ENGINE_CONFIG, *PCERT_CHAIN_ENGINE_CONFIG; } CERT_CHAIN_ENGINE_CONFIG, *PCERT_CHAIN_ENGINE_CONFIG;
#if (NTDDI_VERSION >= NTDDI_WIN8)
//
// dwExclusiveFlags
//
// CA certificates in hExclusiveRoot are also trusted. Chain building
// can terminate in a trusted CA certificate.
#define CERT_CHAIN_EXCLUSIVE_ENABLE_CA_FLAG 0x00000001
#endif
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertCreateCertificateChainEngine ( CertCreateCertificateChainEngine (
__in PCERT_CHAIN_ENGINE_CONFIG pConfig, _In_ PCERT_CHAIN_ENGINE_CONFIG pConfig,
__out HCERTCHAINENGINE* phChainEngine _Out_ HCERTCHAINENGINE* phChainEngine
); );
// //
// Free a certificate trust engine // Free a certificate trust engine
// //
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CertFreeCertificateChainEngine ( CertFreeCertificateChainEngine (
__in_opt HCERTCHAINENGINE hChainEngine _In_opt_ HCERTCHAINENGINE hChainEngine
); );
// //
// Resync the certificate chain engine. This resync's the stores backing // Resync the certificate chain engine. This resync's the stores backing
// the engine and updates the engine caches. // the engine and updates the engine caches.
// //
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertResyncCertificateChainEngine ( CertResyncCertificateChainEngine (
__in_opt HCERTCHAINENGINE hChainEngine _In_opt_ HCERTCHAINENGINE hChainEngine
); );
// //
// When an application requests a certificate chain, the data structure // When an application requests a certificate chain, the data structure
// returned is in the form of a CERT_CHAIN_CONTEXT. This contains // returned is in the form of a CERT_CHAIN_CONTEXT. This contains
// an array of CERT_SIMPLE_CHAIN where each simple chain goes from // an array of CERT_SIMPLE_CHAIN where each simple chain goes from
// an end cert to a self signed cert and the chain context connects simple // an end cert to a self signed cert and the chain context connects simple
// chains via trust lists. Each simple chain contains the chain of // chains via trust lists. Each simple chain contains the chain of
// certificates, summary trust information about the chain and trust information // certificates, summary trust information about the chain and trust information
// about each certificate element in the chain. // about each certificate element in the chain.
skipping to change at line 17798 skipping to change at line 18687
// In LH, this error will never be set. // In LH, this error will never be set.
#define CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT 0x00002000 #define CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT 0x00002000
#define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT 0x00004000 #define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT 0x00004000
#define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT 0x00008000 #define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT 0x00008000
#define CERT_TRUST_IS_OFFLINE_REVOCATION 0x01000000 #define CERT_TRUST_IS_OFFLINE_REVOCATION 0x01000000
#define CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY 0x02000000 #define CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY 0x02000000
#define CERT_TRUST_IS_EXPLICIT_DISTRUST 0x04000000 #define CERT_TRUST_IS_EXPLICIT_DISTRUST 0x04000000
#define CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT 0x08000000 #define CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT 0x08000000
#define CERT_TRUST_HAS_WEAK_SIGNATURE 0x00100000
#define CERT_TRUST_HAS_WEAK_HYGIENE 0x00200000
// These can be applied to chains only // These can be applied to chains only
#define CERT_TRUST_IS_PARTIAL_CHAIN 0x00010000 #define CERT_TRUST_IS_PARTIAL_CHAIN 0x00010000
#define CERT_TRUST_CTL_IS_NOT_TIME_VALID 0x00020000 #define CERT_TRUST_CTL_IS_NOT_TIME_VALID 0x00020000
#define CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID 0x00040000 #define CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID 0x00040000
#define CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE 0x00080000 #define CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE 0x00080000
// //
// The following are info status bits // The following are info status bits
// //
// These can be applied to certificates only // These can be applied to certificates only
#define CERT_TRUST_HAS_EXACT_MATCH_ISSUER 0x00000001 #define CERT_TRUST_HAS_EXACT_MATCH_ISSUER 0x00000001
#define CERT_TRUST_HAS_KEY_MATCH_ISSUER 0x00000002 #define CERT_TRUST_HAS_KEY_MATCH_ISSUER 0x00000002
#define CERT_TRUST_HAS_NAME_MATCH_ISSUER 0x00000004 #define CERT_TRUST_HAS_NAME_MATCH_ISSUER 0x00000004
#define CERT_TRUST_IS_SELF_SIGNED 0x00000008 #define CERT_TRUST_IS_SELF_SIGNED 0x00000008
#define CERT_TRUST_AUTO_UPDATE_CA_REVOCATION 0x00000010
#define CERT_TRUST_AUTO_UPDATE_END_REVOCATION 0x00000020
#define CERT_TRUST_NO_OCSP_FAILOVER_TO_CRL 0x00000040
// These can be applied to certificates and chains // These can be applied to certificates and chains
#define CERT_TRUST_HAS_PREFERRED_ISSUER 0x00000100 #define CERT_TRUST_HAS_PREFERRED_ISSUER 0x00000100
#define CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x00000200 #define CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x00000200
#define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x00000400 #define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x00000400
#define CERT_TRUST_IS_PEER_TRUSTED 0x00000800 #define CERT_TRUST_IS_PEER_TRUSTED 0x00000800
#define CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED 0x00001000 #define CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED 0x00001000
// Indicates that the certificate was found in // Indicates that the certificate was found in
// a store specified by hExclusiveRoot or hExclusiveTrustedPeople // a store specified by hExclusiveRoot or hExclusiveTrustedPeople
#define CERT_TRUST_IS_FROM_EXCLUSIVE_TRUST_STORE 0x00002000 #define CERT_TRUST_IS_FROM_EXCLUSIVE_TRUST_STORE 0x00002000
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define CERT_TRUST_IS_CA_TRUSTED 0x00004000
#define CERT_TRUST_HAS_AUTO_UPDATE_WEAK_SIGNATURE 0x00008000
#define CERT_TRUST_HAS_ALLOW_WEAK_SIGNATURE 0x00020000
#endif
// These can be applied to chains only // These can be applied to chains only
#define CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000 #define CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000
// //
// Each certificate context in a simple chain has a corresponding chain element // Each certificate context in a simple chain has a corresponding chain element
// in the simple chain context // in the simple chain context
// //
// dwErrorStatus has CERT_TRUST_IS_REVOKED, pRevocationInfo set // dwErrorStatus has CERT_TRUST_IS_REVOKED, pRevocationInfo set
// dwErrorStatus has CERT_TRUST_REVOCATION_STATUS_UNKNOWN, pRevocationInfo set // dwErrorStatus has CERT_TRUST_REVOCATION_STATUS_UNKNOWN, pRevocationInfo set
skipping to change at line 18011 skipping to change at line 18911
CERT_USAGE_MATCH RequestedIssuancePolicy; CERT_USAGE_MATCH RequestedIssuancePolicy;
DWORD dwUrlRetrievalTimeout; // milliseconds DWORD dwUrlRetrievalTimeout; // milliseconds
BOOL fCheckRevocationFreshnessTime; BOOL fCheckRevocationFreshnessTime;
DWORD dwRevocationFreshnessTime; // seconds DWORD dwRevocationFreshnessTime; // seconds
// If nonNULL, any cached information before this time is considered // If nonNULL, any cached information before this time is considered
// time invalid and forces a wire retrieval. When set overrides // time invalid and forces a wire retrieval. When set overrides
// the registry configuration CacheResync time. // the registry configuration CacheResync time.
LPFILETIME pftCacheResync; LPFILETIME pftCacheResync;
//
// The following is set to check for Strong Signatures
//
PCCERT_STRONG_SIGN_PARA pStrongSignPara;
//
// By default the public key in the end certificate is checked.
// CERT_CHAIN_STRONG_SIGN_DISABLE_END_CHECK_FLAG can be
// set in the following flags to not check if the end certificate's public
// key length is strong.
//
DWORD dwStrongSignFlags;
#endif #endif
} CERT_CHAIN_PARA, *PCERT_CHAIN_PARA; } CERT_CHAIN_PARA, *PCERT_CHAIN_PARA;
#define CERT_CHAIN_STRONG_SIGN_DISABLE_END_CHECK_FLAG 0x00000001
// //
// The following API is used for retrieving certificate chains // The following API is used for retrieving certificate chains
// //
// Parameters: // Parameters:
// //
// hChainEngine - the chain engine (namespace and cache) to use, NULL // hChainEngine - the chain engine (namespace and cache) to use, NULL
// mean use the default chain engine // mean use the default chain engine
// //
// pCertContext - the context we are retrieving the chain for, it // pCertContext - the context we are retrieving the chain for, it
// will be the zero index element in the chain // will be the zero index element in the chain
skipping to change at line 18104 skipping to change at line 19019
#define CERT_CHAIN_ENABLE_PEER_TRUST 0x00000400 #define CERT_CHAIN_ENABLE_PEER_TRUST 0x00000400
// When this flag is set, "My" certificates aren't considered for // When this flag is set, "My" certificates aren't considered for
// PEER_TRUST. // PEER_TRUST.
// //
// This flag was added 11/12/04 in LH. // This flag was added 11/12/04 in LH.
// //
// On 8-05-05 changed to never consider "My" certificates for PEER_TRUST. // On 8-05-05 changed to never consider "My" certificates for PEER_TRUST.
#define CERT_CHAIN_DISABLE_MY_PEER_TRUST 0x00000800 #define CERT_CHAIN_DISABLE_MY_PEER_TRUST 0x00000800
// The following flag should be set to explicitly disable MD2 or MD4 for
// any requested EKU. By default, MD2 or MD4 isn't disabled for none,
// code signing, driver signing or time stamping requested EKUs.
#define CERT_CHAIN_DISABLE_MD2_MD4 0x00001000
// The following flag can be set to explicitly disable AIA retrievals.
// If can also be set in the chain engine dwFlags.
#define CERT_CHAIN_DISABLE_AIA 0x00002000
// The following flag should be set when verifying the certificate
// associated with a file having the Mark-Of-The-Web
#define CERT_CHAIN_HAS_MOTW 0x00004000
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertGetCertificateChain ( CertGetCertificateChain (
__in_opt HCERTCHAINENGINE hChainEngine, _In_opt_ HCERTCHAINENGINE hChainEngine,
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in_opt LPFILETIME pTime, _In_opt_ LPFILETIME pTime,
__in_opt HCERTSTORE hAdditionalStore, _In_opt_ HCERTSTORE hAdditionalStore,
__in PCERT_CHAIN_PARA pChainPara, _In_ PCERT_CHAIN_PARA pChainPara,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved LPVOID pvReserved, _Reserved_ LPVOID pvReserved,
__out PCCERT_CHAIN_CONTEXT* ppChainContext _Out_ PCCERT_CHAIN_CONTEXT* ppChainContext
); );
// //
// Free a certificate chain // Free a certificate chain
// //
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CertFreeCertificateChain ( CertFreeCertificateChain (
__in PCCERT_CHAIN_CONTEXT pChainContext _In_ PCCERT_CHAIN_CONTEXT pChainContext
); );
// //
// Duplicate (add a reference to) a certificate chain // Duplicate (add a reference to) a certificate chain
// //
WINCRYPT32API WINCRYPT32API
PCCERT_CHAIN_CONTEXT PCCERT_CHAIN_CONTEXT
WINAPI WINAPI
CertDuplicateCertificateChain ( CertDuplicateCertificateChain (
__in PCCERT_CHAIN_CONTEXT pChainContext _In_ PCCERT_CHAIN_CONTEXT pChainContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// This data structure is optionally pointed to by the pChainPara field // This data structure is optionally pointed to by the pChainPara field
// in the CERT_REVOCATION_PARA and CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO // in the CERT_REVOCATION_PARA and CRYPT_GET_TIME_VALID_OBJECT_EXTRA_INFO
// data structures. CertGetCertificateChain() populates when it calls // data structures. CertGetCertificateChain() populates when it calls
// the CertVerifyRevocation() API. // the CertVerifyRevocation() API.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
struct _CERT_REVOCATION_CHAIN_PARA { struct _CERT_REVOCATION_CHAIN_PARA {
DWORD cbSize; DWORD cbSize;
skipping to change at line 18212 skipping to change at line 19140
// pPrevChainContext is set to the CERT_CHAIN_CONTEXT returned by a previous // pPrevChainContext is set to the CERT_CHAIN_CONTEXT returned by a previous
// call. // call.
// //
// NOTE: a NON-NULL pPrevChainContext is always CertFreeCertificateChain'ed by // NOTE: a NON-NULL pPrevChainContext is always CertFreeCertificateChain'ed by
// this function, even for an error. // this function, even for an error.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_CHAIN_CONTEXT PCCERT_CHAIN_CONTEXT
WINAPI WINAPI
CertFindChainInStore( CertFindChainInStore(
__in HCERTSTORE hCertStore, _In_ HCERTSTORE hCertStore,
__in DWORD dwCertEncodingType, _In_ DWORD dwCertEncodingType,
__in DWORD dwFindFlags, _In_ DWORD dwFindFlags,
__in DWORD dwFindType, _In_ DWORD dwFindType,
__in_opt const void *pvFindPara, _In_opt_ const void *pvFindPara,
__in_opt PCCERT_CHAIN_CONTEXT pPrevChainContext _In_opt_ PCCERT_CHAIN_CONTEXT pPrevChainContext
); );
#define CERT_CHAIN_FIND_BY_ISSUER 1 #define CERT_CHAIN_FIND_BY_ISSUER 1
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_CHAIN_FIND_BY_ISSUER // CERT_CHAIN_FIND_BY_ISSUER
// //
// Find a certificate chain having a private key for the end certificate and // Find a certificate chain having a private key for the end certificate and
// matching one of the given issuer names. A matching dwKeySpec and // matching one of the given issuer names. A matching dwKeySpec and
// enhanced key usage can also be specified. Additionally a callback can // enhanced key usage can also be specified. Additionally a callback can
skipping to change at line 18267 skipping to change at line 19195
// cached system stores instead of the Current User's. // cached system stores instead of the Current User's.
// //
// Setting CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG in dwFindFlags // Setting CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG in dwFindFlags
// restricts CertGetCertificateChain to only search the URL cache // restricts CertGetCertificateChain to only search the URL cache
// and not hit the wire. // and not hit the wire.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
// Returns FALSE to skip this certificate. Otherwise, returns TRUE to // Returns FALSE to skip this certificate. Otherwise, returns TRUE to
// build a chain for this certificate. // build a chain for this certificate.
typedef BOOL (WINAPI *PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK)( typedef BOOL (WINAPI *PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK)(
__in PCCERT_CONTEXT pCert, _In_ PCCERT_CONTEXT pCert,
__inout_opt void *pvFindArg _Inout_opt_ void *pvFindArg
); );
typedef struct _CERT_CHAIN_FIND_BY_ISSUER_PARA { typedef struct _CERT_CHAIN_FIND_BY_ISSUER_PARA {
DWORD cbSize; DWORD cbSize;
// If pszUsageIdentifier == NULL, matches any usage. // If pszUsageIdentifier == NULL, matches any usage.
LPCSTR pszUsageIdentifier; LPCSTR pszUsageIdentifier;
// If dwKeySpec == 0, matches any KeySpec // If dwKeySpec == 0, matches any KeySpec
DWORD dwKeySpec; DWORD dwKeySpec;
skipping to change at line 18435 skipping to change at line 19363
// behaviour. In addition, policy specific parameters can be passed in // behaviour. In addition, policy specific parameters can be passed in
// the pvExtraPolicyPara field of pPolicyPara. // the pvExtraPolicyPara field of pPolicyPara.
// //
// In addition to returning dwError, in pPolicyStatus, policy OID specific // In addition to returning dwError, in pPolicyStatus, policy OID specific
// extra status may be returned via pvExtraPolicyStatus. // extra status may be returned via pvExtraPolicyStatus.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
CertVerifyCertificateChainPolicy( CertVerifyCertificateChainPolicy(
__in LPCSTR pszPolicyOID, _In_ LPCSTR pszPolicyOID,
__in PCCERT_CHAIN_CONTEXT pChainContext, _In_ PCCERT_CHAIN_CONTEXT pChainContext,
__in PCERT_CHAIN_POLICY_PARA pPolicyPara, _In_ PCERT_CHAIN_POLICY_PARA pPolicyPara,
__inout PCERT_CHAIN_POLICY_STATUS pPolicyStatus _Inout_ PCERT_CHAIN_POLICY_STATUS pPolicyStatus
); );
// Predefined OID Function Names // Predefined OID Function Names
#define CRYPT_OID_VERIFY_CERTIFICATE_CHAIN_POLICY_FUNC \ #define CRYPT_OID_VERIFY_CERTIFICATE_CHAIN_POLICY_FUNC \
"CertDllVerifyCertificateChainPolicy" "CertDllVerifyCertificateChainPolicy"
// CertDllVerifyCertificateChainPolicy has same function signature as // CertDllVerifyCertificateChainPolicy has same function signature as
// CertVerifyCertificateChainPolicy. // CertVerifyCertificateChainPolicy.
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
skipping to change at line 18611 skipping to change at line 19539
// CERT_CHAIN_POLICY_MICROSOFT_ROOT // CERT_CHAIN_POLICY_MICROSOFT_ROOT
// //
// Checks if the last element of the first simple chain contains a // Checks if the last element of the first simple chain contains a
// Microsoft root public key. If it doesn't contain a Microsoft root // Microsoft root public key. If it doesn't contain a Microsoft root
// public key, dwError is set to CERT_E_UNTRUSTEDROOT. // public key, dwError is set to CERT_E_UNTRUSTEDROOT.
// //
// pPolicyPara is optional. However, // pPolicyPara is optional. However,
// MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG can be set in // MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG can be set in
// the dwFlags in pPolicyPara to also check for the Microsoft Test Roots. // the dwFlags in pPolicyPara to also check for the Microsoft Test Roots.
// //
// MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG can be set
// in the dwFlags in pPolicyPara to check for the Microsoft root for
// application signing instead of the Microsoft product root. This flag
// explicitly checks for the application root only and cannot be combined
// with the test root flag.
//
// pvExtraPolicyPara and pvExtraPolicyStatus aren't used and must be set // pvExtraPolicyPara and pvExtraPolicyStatus aren't used and must be set
// to NULL. // to NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG 0x00010000 #define MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG 0x00010000
#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG 0x00020000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CERT_CHAIN_POLICY_EV // CERT_CHAIN_POLICY_EV
// //
// Verify the issuance policy in the end certificate of the first simple // Verify the issuance policy in the end certificate of the first simple
// chain matches with the root certificate EV policy. // chain matches with the root certificate EV policy.
// //
// pvExtraPolicyPara may optionally be set to point to the following // pvExtraPolicyPara may optionally be set to point to the following
// EV_EXTRA_CERT_CHAIN_POLICY_PARA. The dwRootProgramQualifierFlags member // EV_EXTRA_CERT_CHAIN_POLICY_PARA. The dwRootProgramQualifierFlags member
// can be set to one or more of the CERT_ROOT_PROGRAM_FLAG_* to define // can be set to one or more of the CERT_ROOT_PROGRAM_FLAG_* to define
skipping to change at line 18657 skipping to change at line 19592
// cchString is obtained via strlen() + 1. // cchString is obtained via strlen() + 1.
// dwFlags defines string format // dwFlags defines string format
// if pbBinary is NULL, *pcbBinary returns the size of required memory // if pbBinary is NULL, *pcbBinary returns the size of required memory
// *pdwSkip returns the character count of skipped strings, optional // *pdwSkip returns the character count of skipped strings, optional
// *pdwFlags returns the actual format used in the conversion, optional // *pdwFlags returns the actual format used in the conversion, optional
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32STRINGAPI WINCRYPT32STRINGAPI
BOOL BOOL
WINAPI WINAPI
CryptStringToBinaryA( CryptStringToBinaryA(
__in_ecount(cchString) LPCSTR pszString, _In_reads_(cchString) LPCSTR pszString,
__in DWORD cchString, _In_ DWORD cchString,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbBinary, *pcbBinary) BYTE *pbBinary, _Out_writes_bytes_to_opt_(*pcbBinary, *pcbBinary) BYTE *pbBinary,
__inout DWORD *pcbBinary, _Inout_ DWORD *pcbBinary,
__out_opt DWORD *pdwSkip, _Out_opt_ DWORD *pdwSkip,
__out_opt DWORD *pdwFlags _Out_opt_ DWORD *pdwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// convert formatted string to binary // convert formatted string to binary
// If cchString is 0, then pszString is NULL terminated and // If cchString is 0, then pszString is NULL terminated and
// cchString is obtained via strlen() + 1. // cchString is obtained via strlen() + 1.
// dwFlags defines string format // dwFlags defines string format
// if pbBinary is NULL, *pcbBinary returns the size of required memory // if pbBinary is NULL, *pcbBinary returns the size of required memory
// *pdwSkip returns the character count of skipped strings, optional // *pdwSkip returns the character count of skipped strings, optional
// *pdwFlags returns the actual format used in the conversion, optional // *pdwFlags returns the actual format used in the conversion, optional
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32STRINGAPI WINCRYPT32STRINGAPI
BOOL BOOL
WINAPI WINAPI
CryptStringToBinaryW( CryptStringToBinaryW(
__in_ecount(cchString) LPCWSTR pszString, _In_reads_(cchString) LPCWSTR pszString,
__in DWORD cchString, _In_ DWORD cchString,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_bcount_part_opt(*pcbBinary, *pcbBinary) BYTE *pbBinary, _Out_writes_bytes_to_opt_(*pcbBinary, *pcbBinary) BYTE *pbBinary,
__inout DWORD *pcbBinary, _Inout_ DWORD *pcbBinary,
__out_opt DWORD *pdwSkip, _Out_opt_ DWORD *pdwSkip,
__out_opt DWORD *pdwFlags _Out_opt_ DWORD *pdwFlags
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptStringToBinary CryptStringToBinaryW #define CryptStringToBinary CryptStringToBinaryW
#else #else
#define CryptStringToBinary CryptStringToBinaryA #define CryptStringToBinary CryptStringToBinaryA
#endif // !UNICODE #endif // !UNICODE
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// convert binary to formatted string // convert binary to formatted string
// dwFlags defines string format // dwFlags defines string format
// if pszString is NULL, *pcchString returns size in characters // if pszString is NULL, *pcchString returns size in characters
// including null-terminator // including null-terminator
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
_Success_(return)
WINCRYPT32STRINGAPI WINCRYPT32STRINGAPI
BOOL BOOL
WINAPI WINAPI
CryptBinaryToStringA( CryptBinaryToStringA(
__in_bcount(cbBinary) CONST BYTE *pbBinary, _In_reads_bytes_(cbBinary) CONST BYTE *pbBinary,
__in DWORD cbBinary, _In_ DWORD cbBinary,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_ecount_part_opt(*pcchString, *pcchString) LPSTR pszString, _Out_writes_to_opt_(*pcchString, *pcchString) LPSTR pszString,
__inout DWORD *pcchString _Inout_ DWORD *pcchString
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// convert binary to formatted string // convert binary to formatted string
// dwFlags defines string format // dwFlags defines string format
// if pszString is NULL, *pcchString returns size in characters // if pszString is NULL, *pcchString returns size in characters
// including null-terminator // including null-terminator
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
_Success_(return)
WINCRYPT32STRINGAPI WINCRYPT32STRINGAPI
BOOL BOOL
WINAPI WINAPI
CryptBinaryToStringW( CryptBinaryToStringW(
__in_bcount(cbBinary) CONST BYTE *pbBinary, _In_reads_bytes_(cbBinary) CONST BYTE *pbBinary,
__in DWORD cbBinary, _In_ DWORD cbBinary,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__out_ecount_part_opt(*pcchString, *pcchString) LPWSTR pszString, _Out_writes_to_opt_(*pcchString, *pcchString) LPWSTR pszString,
__inout DWORD *pcchString _Inout_ DWORD *pcchString
); );
#ifdef UNICODE #ifdef UNICODE
#define CryptBinaryToString CryptBinaryToStringW #define CryptBinaryToString CryptBinaryToStringW
#else #else
#define CryptBinaryToString CryptBinaryToStringA #define CryptBinaryToString CryptBinaryToStringA
#endif // !UNICODE #endif // !UNICODE
// dwFlags has the following defines // dwFlags has the following defines
// certenrolld_begin -- CRYPT_STRING_* // certenrolld_begin -- CRYPT_STRING_*
#define CRYPT_STRING_BASE64HEADER 0x00000000 #define CRYPT_STRING_BASE64HEADER 0x00000000
skipping to change at line 18823 skipping to change at line 19760
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PFXImportCertStore // PFXImportCertStore
// //
// Import the PFX blob and return a store containing certificates // Import the PFX blob and return a store containing certificates
// //
// If the password parameter is incorrect or any other problems decoding // If the password parameter is incorrect or any other problems decoding
// the PFX blob are encountered, the function will return NULL and the // the PFX blob are encountered, the function will return NULL and the
// error code can be found from GetLastError(). // error code can be found from GetLastError().
// //
// The dwFlags parameter may be set to the following: // The dwFlags parameter may be set to the following:
// PKCS12_IMPORT_SILENT - only allow importing key in silent mode. If the
// csp or ksp requires ui then this call will fail
// with the error from the csp or ksp.
// CRYPT_EXPORTABLE - specify that any imported keys should be marked as // CRYPT_EXPORTABLE - specify that any imported keys should be marked as
// exportable (see documentation on CryptImportKey) // exportable (see documentation on CryptImportKey)
// CRYPT_USER_PROTECTED - (see documentation on CryptImportKey) // CRYPT_USER_PROTECTED - (see documentation on CryptImportKey)
// CRYPT_MACHINE_KEYSET - used to force the private key to be stored in the // CRYPT_MACHINE_KEYSET - used to force the private key to be stored in the
// the local machine and not the current user. // the local machine and not the current user.
// CRYPT_USER_KEYSET - used to force the private key to be stored in the // CRYPT_USER_KEYSET - used to force the private key to be stored in the
// the current user and not the local machine, even if // the current user and not the local machine, even if
// the pfx blob specifies that it should go into local // the pfx blob specifies that it should go into local
// machine. // machine.
// PKCS12_INCLUDE_EXTENDED_PROPERTIES - used to import all extended // PKCS12_INCLUDE_EXTENDED_PROPERTIES - used to import all extended
// properties that were saved with CertExportCertStore() // properties that were saved with CertExportCertStore()
// using the same flag. // using the same flag.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCERTSTORE HCERTSTORE
WINAPI WINAPI
PFXImportCertStore( PFXImportCertStore(
__in CRYPT_DATA_BLOB* pPFX, _In_ CRYPT_DATA_BLOB* pPFX,
__in LPCWSTR szPassword, _In_ LPCWSTR szPassword,
__in DWORD dwFlags); _In_ DWORD dwFlags);
// dwFlags definitions for PFXImportCertStore // dwFlags definitions for PFXImportCertStore
//#define CRYPT_EXPORTABLE 0x00000001 // CryptImportKey dwFlags //#define CRYPT_EXPORTABLE 0x00000001 // CryptImportKey dwFlags
//#define CRYPT_USER_PROTECTED 0x00000002 // CryptImportKey dwFlags //#define CRYPT_USER_PROTECTED 0x00000002 // CryptImportKey dwFlags
//#define CRYPT_MACHINE_KEYSET 0x00000020 // CryptAcquireContext dwFlags //#define CRYPT_MACHINE_KEYSET 0x00000020 // CryptAcquireContext dwFlags
//#define PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x10 //#define PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x10
#define PKCS12_IMPORT_SILENT 0x00000040
#define CRYPT_USER_KEYSET 0x00001000 #define CRYPT_USER_KEYSET 0x00001000
#define PKCS12_PREFER_CNG_KSP 0x00000100 // prefer using CNG KSP #define PKCS12_PREFER_CNG_KSP 0x00000100 // prefer using CNG KSP
#define PKCS12_ALWAYS_CNG_KSP 0x00000200 // always use CNG KSP #define PKCS12_ALWAYS_CNG_KSP 0x00000200 // always use CNG KSP
#define PKCS12_ALLOW_OVERWRITE_KEY 0x00004000 // allow overwrite existing key #define PKCS12_ALLOW_OVERWRITE_KEY 0x00004000 // allow overwrite existing key
#define PKCS12_NO_PERSIST_KEY 0x00008000 // key will not be persisted #define PKCS12_NO_PERSIST_KEY 0x00008000 // key will not be persisted
#define PKCS12_IMPORT_RESERVED_MASK 0xffff0000 #define PKCS12_IMPORT_RESERVED_MASK 0xffff0000
#define PKCS12_OBJECT_LOCATOR_ALL_IMPORT_FLAGS \
( PKCS12_ALWAYS_CNG_KSP | \
PKCS12_NO_PERSIST_KEY | \
PKCS12_IMPORT_SILENT | \
PKCS12_INCLUDE_EXTENDED_PROPERTIES )
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PFXIsPFXBlob // PFXIsPFXBlob
// //
// This function will try to decode the outer layer of the blob as a pfx // This function will try to decode the outer layer of the blob as a pfx
// blob, and if that works it will return TRUE, it will return FALSE otherwise // blob, and if that works it will return TRUE, it will return FALSE otherwise
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
PFXIsPFXBlob( PFXIsPFXBlob(
__in CRYPT_DATA_BLOB* pPFX); _In_ CRYPT_DATA_BLOB* pPFX);
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PFXVerifyPassword // PFXVerifyPassword
// //
// This function will attempt to decode the outer layer of the blob as a pfx // This function will attempt to decode the outer layer of the blob as a pfx
// blob and decrypt with the given password. No data from the blob will be // blob and decrypt with the given password. No data from the blob will be
// imported. // imported.
// //
// Return value is TRUE if password appears correct, FALSE otherwise. // Return value is TRUE if password appears correct, FALSE otherwise.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
PFXVerifyPassword( PFXVerifyPassword(
__in CRYPT_DATA_BLOB* pPFX, _In_ CRYPT_DATA_BLOB* pPFX,
__in LPCWSTR szPassword, _In_ LPCWSTR szPassword,
__in DWORD dwFlags); _In_ DWORD dwFlags);
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PFXExportCertStoreEx // PFXExportCertStoreEx
// //
// Export the certificates and private keys referenced in the passed-in store // Export the certificates and private keys referenced in the passed-in store
// //
// This API encodes the blob under a stronger algorithm. The resulting // This API encodes the blob under a stronger algorithm. The resulting
// PKCS12 blobs are incompatible with the earlier PFXExportCertStore API. // PKCS12 blobs are incompatible with the earlier PFXExportCertStore API.
// //
// The value passed in the password parameter will be used to encrypt and // The value passed in the password parameter will be used to encrypt and
// verify the integrity of the PFX packet. If any problems encoding the store // verify the integrity of the PFX packet. If any problems encoding the store
// are encountered, the function will return FALSE and the error code can // are encountered, the function will return FALSE and the error code can
// be found from GetLastError(). // be found from GetLastError().
// //
// The PKCS12_PROTECT_TO_DOMAIN_SIDS flag together with an
// NCRYPT_DESCRIPTOR_HANDLE* for pvPara means the password will be stored
// in the pfx protected to the NCRYPT_DESCRIPTOR_HANDLE. On import, any
// principal that is listed in NCRYPT_DESCRIPTOR_HANDLE can decrypt the
// password within the pfx and use it to descrypt the entire pfx.
//
// If the password parameter is NULL or L"" and the
// PKCS12_PROTECT_TO_DOMAIN_SIDS flag is set together with an
// NCRYPT_DESCRIPTOR_HANDLE* for pvPara then a random password of length
// 40 characters is chosen to protect the pfx. This password will be
// protected inside the pfx.
//
// The dwFlags parameter may be set to any combination of // The dwFlags parameter may be set to any combination of
// EXPORT_PRIVATE_KEYS // EXPORT_PRIVATE_KEYS
// REPORT_NO_PRIVATE_KEY // REPORT_NO_PRIVATE_KEY
// REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY // REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY
// PKCS12_EXPORT_SILENT
// PKCS12_INCLUDE_EXTENDED_PROPERTIES // PKCS12_INCLUDE_EXTENDED_PROPERTIES
// PKCS12_PROTECT_TO_DOMAIN_SIDS
// //
// The encoded PFX blob is returned in *pPFX. If pPFX->pbData is NULL upon // The encoded PFX blob is returned in *pPFX. If pPFX->pbData is NULL upon
// input, this is a length only calculation, whereby, pPFX->cbData is updated // input, this is a length only calculation, whereby, pPFX->cbData is updated
// with the number of bytes required for the encoded blob. Otherwise, // with the number of bytes required for the encoded blob. Otherwise,
// the memory pointed to by pPFX->pbData is updated with the encoded bytes // the memory pointed to by pPFX->pbData is updated with the encoded bytes
// and pPFX->cbData is updated with the encoded byte length. // and pPFX->cbData is updated with the encoded byte length.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
PFXExportCertStoreEx( PFXExportCertStoreEx(
__in HCERTSTORE hStore, _In_ HCERTSTORE hStore,
__inout CRYPT_DATA_BLOB* pPFX, _Inout_ CRYPT_DATA_BLOB* pPFX,
__in LPCWSTR szPassword, _In_ LPCWSTR szPassword,
__reserved void* pvReserved, _In_ void* pvPara,
__in DWORD dwFlags); _In_ DWORD dwFlags);
// dwFlags definitions for PFXExportCertStoreEx // dwFlags definitions for PFXExportCertStoreEx
#define REPORT_NO_PRIVATE_KEY 0x0001 #define REPORT_NO_PRIVATE_KEY 0x0001
#define REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY 0x0002 #define REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY 0x0002
#define EXPORT_PRIVATE_KEYS 0x0004 #define EXPORT_PRIVATE_KEYS 0x0004
#define PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x0010 #define PKCS12_INCLUDE_EXTENDED_PROPERTIES 0x0010
#define PKCS12_PROTECT_TO_DOMAIN_SIDS 0x0020
#define PKCS12_EXPORT_SILENT 0x0040
#define PKCS12_EXPORT_RESERVED_MASK 0xffff0000 #define PKCS12_EXPORT_RESERVED_MASK 0xffff0000
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// PFXExportCertStore // PFXExportCertStore
// //
// Export the certificates and private keys referenced in the passed-in store // Export the certificates and private keys referenced in the passed-in store
// //
// This is an old API kept for compatibility with IE4 clients. New applications // This is an old API kept for compatibility with IE4 clients. New applications
// should call the above PfxExportCertStoreEx for enhanced security. // should call the above PfxExportCertStoreEx for enhanced security.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
BOOL BOOL
WINAPI WINAPI
PFXExportCertStore( PFXExportCertStore(
__in HCERTSTORE hStore, _In_ HCERTSTORE hStore,
__inout CRYPT_DATA_BLOB* pPFX, _Inout_ CRYPT_DATA_BLOB* pPFX,
__in LPCWSTR szPassword, _In_ LPCWSTR szPassword,
__in DWORD dwFlags); _In_ DWORD dwFlags);
//+========================================================================= //+=========================================================================
// APIs to get a non-blocking, time valid OCSP response for // APIs to get a non-blocking, time valid OCSP response for
// a server certificate chain. // a server certificate chain.
// //
// Normally, this OCSP response will be included along with the server // Normally, this OCSP response will be included along with the server
// certificate in a message returned to the client. As a result only the // certificate in a message returned to the client. As a result only the
// server should need to contact the OCSP responser for its certificate. // server should need to contact the OCSP responser for its certificate.
//========================================================================== //==========================================================================
#if (NTDDI_VERSION >= NTDDI_WINLH) #if (NTDDI_VERSION >= NTDDI_VISTA)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Server OCSP response handle. // Server OCSP response handle.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef VOID *HCERT_SERVER_OCSP_RESPONSE; typedef VOID *HCERT_SERVER_OCSP_RESPONSE;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Open a handle to an OCSP response associated with a server certificate // Open a handle to an OCSP response associated with a server certificate
// chain. If the end certificate doesn't have an OCSP AIA URL, NULL is // chain. If the end certificate doesn't have an OCSP AIA URL, NULL is
// returned with LastError set to CRYPT_E_NOT_IN_REVOCATION_DATABASE. NULL // returned with LastError set to CRYPT_E_NOT_IN_REVOCATION_DATABASE. NULL
// will also be returned if unable to allocate memory or create system // will also be returned if unable to allocate memory or create system
// objects. // objects.
// //
// This API will try to retrieve an initial OCSP response before returning. // This API will try to retrieve an initial OCSP response before returning.
// This API will block during the retrieval. If unable to successfully // This API will block during the retrieval. If unable to successfully
// retrieve the first OCSP response, a non-NULL handle will still be returned // retrieve the first OCSP response, a non-NULL handle will still be returned
// if not one of the error cases mentioned above. // if not one of the error cases mentioned above.
// //
// The CERT_SERVER_OCSP_RESPONSE_ASYNC_FLAG flag can be set to
// return immediately without making the initial synchronous retrieval.
//
// A background thread is created that will pre-fetch time valid // A background thread is created that will pre-fetch time valid
// OCSP responses. // OCSP responses.
// //
// The input chain context will be AddRef'ed and not freed until // The input chain context will be AddRef'ed and not freed until
// the returned handle is closed. // the returned handle is closed.
// //
// CertCloseServerOcspResponse() must be called to close the returned // CertCloseServerOcspResponse() must be called to close the returned
// handle. // handle.
// //
// dwFlags and pvReserved aren't currently used and must be set to 0 // pvReserved isn't currently used and must be set to NULL.
// and NULL.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
HCERT_SERVER_OCSP_RESPONSE HCERT_SERVER_OCSP_RESPONSE
WINAPI WINAPI
CertOpenServerOcspResponse( CertOpenServerOcspResponse(
__in PCCERT_CHAIN_CONTEXT pChainContext, _In_ PCCERT_CHAIN_CONTEXT pChainContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved LPVOID pvReserved _Reserved_ LPVOID pvReserved
); );
// Set this flag to return immediately without making the initial
// synchronous retrieval
#define CERT_SERVER_OCSP_RESPONSE_ASYNC_FLAG 0x00000001
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// AddRef a HCERT_SERVER_OCSP_RESPONSE returned by // AddRef a HCERT_SERVER_OCSP_RESPONSE returned by
// CertOpenServerOcspResponse(). Each Open and AddRef requires a // CertOpenServerOcspResponse(). Each Open and AddRef requires a
// corresponding CertCloseServerOcspResponse(). // corresponding CertCloseServerOcspResponse().
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CertAddRefServerOcspResponse( CertAddRefServerOcspResponse(
__in_opt HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse _In_opt_ HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Close the handle returned by CertOpenServerOcspResponse() or AddRef'ed // Close the handle returned by CertOpenServerOcspResponse() or AddRef'ed
// by CertAddRefServerOcspResponse(). // by CertAddRefServerOcspResponse().
// //
// dwFlags isn't currently used and must be set to 0. // dwFlags isn't currently used and must be set to 0.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CertCloseServerOcspResponse( CertCloseServerOcspResponse(
__in_opt HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, _In_opt_ HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse,
__in DWORD dwFlags _In_ DWORD dwFlags
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Server OCSP response context. // Server OCSP response context.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CERT_SERVER_OCSP_RESPONSE_CONTEXT typedef struct _CERT_SERVER_OCSP_RESPONSE_CONTEXT
CERT_SERVER_OCSP_RESPONSE_CONTEXT, CERT_SERVER_OCSP_RESPONSE_CONTEXT,
*PCERT_SERVER_OCSP_RESPONSE_CONTEXT; *PCERT_SERVER_OCSP_RESPONSE_CONTEXT;
typedef const CERT_SERVER_OCSP_RESPONSE_CONTEXT typedef const CERT_SERVER_OCSP_RESPONSE_CONTEXT
*PCCERT_SERVER_OCSP_RESPONSE_CONTEXT; *PCCERT_SERVER_OCSP_RESPONSE_CONTEXT;
skipping to change at line 19051 skipping to change at line 20020
// isn't available, NULL will be returned with LAST_ERROR set to // isn't available, NULL will be returned with LAST_ERROR set to
// CRYPT_E_REVOCATION_OFFLINE. // CRYPT_E_REVOCATION_OFFLINE.
// //
// CertFreeServerOcspResponseContext() must be called to free the // CertFreeServerOcspResponseContext() must be called to free the
// returned OCSP response context. // returned OCSP response context.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
PCCERT_SERVER_OCSP_RESPONSE_CONTEXT PCCERT_SERVER_OCSP_RESPONSE_CONTEXT
WINAPI WINAPI
CertGetServerOcspResponseContext( CertGetServerOcspResponseContext(
__in HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse, _In_ HCERT_SERVER_OCSP_RESPONSE hServerOcspResponse,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved LPVOID pvReserved _Reserved_ LPVOID pvReserved
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// AddRef a PCCERT_SERVER_OCSP_RESPONSE_CONTEXT returned by // AddRef a PCCERT_SERVER_OCSP_RESPONSE_CONTEXT returned by
// CertGetServerOcspResponseContext(). Each Get and AddRef requires a // CertGetServerOcspResponseContext(). Each Get and AddRef requires a
// corresponding CertFreeServerOcspResponseContext(). // corresponding CertFreeServerOcspResponseContext().
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CertAddRefServerOcspResponseContext( CertAddRefServerOcspResponseContext(
__in_opt PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext _In_opt_ PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Free the OCSP response context returned by // Free the OCSP response context returned by
// CertGetServerOcspResponseContext(). // CertGetServerOcspResponseContext().
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CertFreeServerOcspResponseContext( CertFreeServerOcspResponseContext(
__in_opt PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext _In_opt_ PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext
); );
#endif // (NTDDI_VERSION >= NTDDI_WINLH) #endif // (NTDDI_VERSION >= NTDDI_VISTA)
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Helper function to do URL retrieval of logo or biometric information // Helper function to do URL retrieval of logo or biometric information
// specified in either the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT // specified in either the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT
// certificate extension. // certificate extension.
// //
// Only the first hashed URL matching lpszLogoOrBiometricType is used // Only the first hashed URL matching lpszLogoOrBiometricType is used
// to do the URL retrieval. Only direct logotypes are supported. // to do the URL retrieval. Only direct logotypes are supported.
// The bytes at the first URL are retrieved via // The bytes at the first URL are retrieved via
// CryptRetrieveObjectByUrlW and hashed. The computed hash is compared // CryptRetrieveObjectByUrlW and hashed. The computed hash is compared
skipping to change at line 19129 skipping to change at line 20098
// dwRetrievalFlags - see CryptRetrieveObjectByUrlW // dwRetrievalFlags - see CryptRetrieveObjectByUrlW
// dwTimeout - see CryptRetrieveObjectByUrlW // dwTimeout - see CryptRetrieveObjectByUrlW
// //
// dwFlags - reserved, must be set to 0 // dwFlags - reserved, must be set to 0
// pvReserved - reserved, must be set to NULL // pvReserved - reserved, must be set to NULL
// //
// *ppwszMimeType is always NULL for the biometric types. For success, // *ppwszMimeType is always NULL for the biometric types. For success,
// the caller must always check if non-NULL before dereferencing. // the caller must always check if non-NULL before dereferencing.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
__success(return == TRUE) _Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertRetrieveLogoOrBiometricInfo( CertRetrieveLogoOrBiometricInfo(
__in PCCERT_CONTEXT pCertContext, _In_ PCCERT_CONTEXT pCertContext,
__in LPCSTR lpszLogoOrBiometricType, _In_ LPCSTR lpszLogoOrBiometricType,
__in DWORD dwRetrievalFlags, _In_ DWORD dwRetrievalFlags,
__in DWORD dwTimeout, // milliseconds _In_ DWORD dwTimeout, // milliseconds
__in DWORD dwFlags, _In_ DWORD dwFlags,
__reserved void *pvReserved, _Reserved_ void *pvReserved,
__deref_out_bcount_opt(*pcbData) BYTE **ppbData, // CryptMemFree() _Outptr_result_bytebuffer_(*pcbData) BYTE **ppbData, // CryptMemFree()
__out DWORD *pcbData, _Out_ DWORD *pcbData,
__deref_opt_out_opt LPWSTR *ppwszMimeType // CryptMemFree() _Outptr_opt_result_maybenull_ LPWSTR *ppwszMimeType // CryptMemFree(
)
); );
// Predefined Logotypes // Predefined Logotypes
#define CERT_RETRIEVE_ISSUER_LOGO ((LPCSTR) 1) #define CERT_RETRIEVE_ISSUER_LOGO ((LPCSTR) 1)
#define CERT_RETRIEVE_SUBJECT_LOGO ((LPCSTR) 2) #define CERT_RETRIEVE_SUBJECT_LOGO ((LPCSTR) 2)
#define CERT_RETRIEVE_COMMUNITY_LOGO ((LPCSTR) 3) #define CERT_RETRIEVE_COMMUNITY_LOGO ((LPCSTR) 3)
// Predefined Biometric types // Predefined Biometric types
#define CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE ((LPCSTR) 1000) #define CERT_RETRIEVE_BIOMETRIC_PREDEFINED_BASE_TYPE ((LPCSTR) 1000)
skipping to change at line 19180 skipping to change at line 20149
} }
CERT_SELECT_CHAIN_PARA, *PCERT_SELECT_CHAIN_PARA; CERT_SELECT_CHAIN_PARA, *PCERT_SELECT_CHAIN_PARA;
typedef const CERT_SELECT_CHAIN_PARA* PCCERT_SELECT_CHAIN_PARA; typedef const CERT_SELECT_CHAIN_PARA* PCCERT_SELECT_CHAIN_PARA;
#define CERT_SELECT_MAX_PARA 500 #define CERT_SELECT_MAX_PARA 500
typedef struct _CERT_SELECT_CRITERIA typedef struct _CERT_SELECT_CRITERIA
{ {
DWORD dwType; DWORD dwType;
DWORD cPara; DWORD cPara;
__field_ecount(cPara) void** ppPara; _Field_size_(cPara) void** ppPara;
} }
CERT_SELECT_CRITERIA, *PCERT_SELECT_CRITERIA; CERT_SELECT_CRITERIA, *PCERT_SELECT_CRITERIA;
typedef const CERT_SELECT_CRITERIA* PCCERT_SELECT_CRITERIA; typedef const CERT_SELECT_CRITERIA* PCCERT_SELECT_CRITERIA;
// Selection Criteria // Selection Criteria
#define CERT_SELECT_BY_ENHKEY_USAGE 1 #define CERT_SELECT_BY_ENHKEY_USAGE 1
#define CERT_SELECT_BY_KEY_USAGE 2 #define CERT_SELECT_BY_KEY_USAGE 2
#define CERT_SELECT_BY_POLICY_OID 3 #define CERT_SELECT_BY_POLICY_OID 3
#define CERT_SELECT_BY_PROV_NAME 4 #define CERT_SELECT_BY_PROV_NAME 4
#define CERT_SELECT_BY_EXTENSION 5 #define CERT_SELECT_BY_EXTENSION 5
#define CERT_SELECT_BY_SUBJECT_HOST_NAME 6 #define CERT_SELECT_BY_SUBJECT_HOST_NAME 6
#define CERT_SELECT_BY_ISSUER_ATTR 7 #define CERT_SELECT_BY_ISSUER_ATTR 7
#define CERT_SELECT_BY_SUBJECT_ATTR 8 #define CERT_SELECT_BY_SUBJECT_ATTR 8
#define CERT_SELECT_BY_ISSUER_NAME 9 #define CERT_SELECT_BY_ISSUER_NAME 9
#define CERT_SELECT_BY_PUBLIC_KEY 10 #define CERT_SELECT_BY_PUBLIC_KEY 10
#define CERT_SELECT_BY_TLS_SIGNATURES 11 #define CERT_SELECT_BY_TLS_SIGNATURES 11
//add for WinRT
#define CERT_SELECT_BY_ISSUER_DISPLAYNAME 12
#define CERT_SELECT_BY_FRIENDLYNAME 13
#define CERT_SELECT_BY_THUMBPRINT 14
#define CERT_SELECT_LAST CERT_SELECT_BY_TLS_SIGNATURES #define CERT_SELECT_LAST CERT_SELECT_BY_TLS_SIGNATURES
#define CERT_SELECT_MAX (CERT_SELECT_LAST * 3) #define CERT_SELECT_MAX (CERT_SELECT_LAST * 3)
// Selection Flags // Selection Flags
#define CERT_SELECT_ALLOW_EXPIRED 0x00000001 #define CERT_SELECT_ALLOW_EXPIRED 0x00000001
#define CERT_SELECT_TRUSTED_ROOT 0x00000002 #define CERT_SELECT_TRUSTED_ROOT 0x00000002
#define CERT_SELECT_DISALLOW_SELFSIGNED 0x00000004 #define CERT_SELECT_DISALLOW_SELFSIGNED 0x00000004
#define CERT_SELECT_HAS_PRIVATE_KEY 0x00000008 #define CERT_SELECT_HAS_PRIVATE_KEY 0x00000008
#define CERT_SELECT_HAS_KEY_FOR_SIGNATURE 0x00000010 #define CERT_SELECT_HAS_KEY_FOR_SIGNATURE 0x00000010
#define CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE 0x00000020 #define CERT_SELECT_HAS_KEY_FOR_KEY_EXCHANGE 0x00000020
#define CERT_SELECT_HARDWARE_ONLY 0x00000040 #define CERT_SELECT_HARDWARE_ONLY 0x00000040
#define CERT_SELECT_ALLOW_DUPLICATES 0x00000080 #define CERT_SELECT_ALLOW_DUPLICATES 0x00000080
#define CERT_SELECT_IGNORE_AUTOSELECT 0x00000100
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Build certificate chains from the certificates in the store and select // Build certificate chains from the certificates in the store and select
// the matching ones based on the flags and selection criteria. // the matching ones based on the flags and selection criteria.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
_Success_(return != FALSE)
BOOL BOOL
WINAPI WINAPI
CertSelectCertificateChains( CertSelectCertificateChains(
__in_opt LPCGUID pSelectionContext, _In_opt_ LPCGUID pSelectionContext,
__in DWORD dwFlags, _In_ DWORD dwFlags,
__in_opt PCCERT_SELECT_CHAIN_PARA pChainParameters, _In_opt_ PCCERT_SELECT_CHAIN_PARA pChainParameters,
__in DWORD cCriteria, _In_ DWORD cCriteria,
__in_ecount_opt(cCriteria) PCCERT_SELECT_CRITERIA rgpCriteria, _In_reads_opt_(cCriteria) PCCERT_SELECT_CRITERIA rgpCriteria,
__in HCERTSTORE hStore, _In_ HCERTSTORE hStore,
__out PDWORD pcSelection, _Out_ PDWORD pcSelection,
__out_ecount(*pcSelection) PCCERT_CHAIN_CONTEXT** pprgpSelection _Outptr_result_buffer_(*pcSelection) PCCERT_CHAIN_CONTEXT** pprgpSelection
); );
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// Free the array of pointers to chain contexts. // Free the array of pointers to chain contexts.
// CertFreeCertificateChain is NOT called for each entry. // CertFreeCertificateChain is NOT called for each entry.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
WINCRYPT32API WINCRYPT32API
VOID VOID
WINAPI WINAPI
CertFreeCertificateChainList( CertFreeCertificateChainList(
__in PCCERT_CHAIN_CONTEXT* prgpSelection _In_ PCCERT_CHAIN_CONTEXT* prgpSelection
); );
#endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN7)
// //
// Time stamp API // Time stamp API
// //
#if (NTDDI_VERSION >= NTDDI_WIN7) #if (NTDDI_VERSION >= NTDDI_WIN7)
skipping to change at line 19267 skipping to change at line 20243
typedef struct _CRYPT_TIMESTAMP_REQUEST typedef struct _CRYPT_TIMESTAMP_REQUEST
{ {
DWORD dwVersion; // v1 DWORD dwVersion; // v1
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_DER_BLOB HashedMessage; CRYPT_DER_BLOB HashedMessage;
LPSTR pszTSAPolicyId; // OPTIONAL LPSTR pszTSAPolicyId; // OPTIONAL
CRYPT_INTEGER_BLOB Nonce; // OPTIONAL CRYPT_INTEGER_BLOB Nonce; // OPTIONAL
BOOL fCertReq; // DEFAULT FALSE BOOL fCertReq; // DEFAULT FALSE
DWORD cExtension; DWORD cExtension;
__field_ecount(cExtension) _Field_size_(cExtension)
PCERT_EXTENSION rgExtension; // OPTIONAL PCERT_EXTENSION rgExtension; // OPTIONAL
} CRYPT_TIMESTAMP_REQUEST, *PCRYPT_TIMESTAMP_REQUEST; } CRYPT_TIMESTAMP_REQUEST, *PCRYPT_TIMESTAMP_REQUEST;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRYPT_TIMESTAMP_RESPONSE // CRYPT_TIMESTAMP_RESPONSE
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_TIMESTAMP_RESPONSE typedef struct _CRYPT_TIMESTAMP_RESPONSE
{ {
DWORD dwStatus; DWORD dwStatus;
DWORD cFreeText; // OPTIONAL DWORD cFreeText; // OPTIONAL
__field_ecount(cFreeText) _Field_size_(cFreeText)
LPWSTR* rgFreeText; LPWSTR* rgFreeText;
CRYPT_BIT_BLOB FailureInfo; // OPTIONAL CRYPT_BIT_BLOB FailureInfo; // OPTIONAL
CRYPT_DER_BLOB ContentInfo; // OPTIONAL CRYPT_DER_BLOB ContentInfo; // OPTIONAL
} CRYPT_TIMESTAMP_RESPONSE, *PCRYPT_TIMESTAMP_RESPONSE; } CRYPT_TIMESTAMP_RESPONSE, *PCRYPT_TIMESTAMP_RESPONSE;
#define TIMESTAMP_STATUS_GRANTED 0 #define TIMESTAMP_STATUS_GRANTED 0
#define TIMESTAMP_STATUS_GRANTED_WITH_MODS 1 #define TIMESTAMP_STATUS_GRANTED_WITH_MODS 1
#define TIMESTAMP_STATUS_REJECTED 2 #define TIMESTAMP_STATUS_REJECTED 2
#define TIMESTAMP_STATUS_WAITING 3 #define TIMESTAMP_STATUS_WAITING 3
#define TIMESTAMP_STATUS_REVOCATION_WARNING 4 #define TIMESTAMP_STATUS_REVOCATION_WARNING 4
skipping to change at line 19329 skipping to change at line 20305
LPSTR pszTSAPolicyId; LPSTR pszTSAPolicyId;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm; CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_DER_BLOB HashedMessage; CRYPT_DER_BLOB HashedMessage;
CRYPT_INTEGER_BLOB SerialNumber; CRYPT_INTEGER_BLOB SerialNumber;
FILETIME ftTime; FILETIME ftTime;
PCRYPT_TIMESTAMP_ACCURACY pvAccuracy; // OPTIONAL PCRYPT_TIMESTAMP_ACCURACY pvAccuracy; // OPTIONAL
BOOL fOrdering; // OPTIONAL BOOL fOrdering; // OPTIONAL
CRYPT_DER_BLOB Nonce; // OPTIONAL CRYPT_DER_BLOB Nonce; // OPTIONAL
CRYPT_DER_BLOB Tsa; // OPTIONAL CRYPT_DER_BLOB Tsa; // OPTIONAL
DWORD cExtension; DWORD cExtension;
__field_ecount(cExtension) _Field_size_(cExtension)
PCERT_EXTENSION rgExtension; // OPTIONAL PCERT_EXTENSION rgExtension; // OPTIONAL
} CRYPT_TIMESTAMP_INFO, *PCRYPT_TIMESTAMP_INFO; } CRYPT_TIMESTAMP_INFO, *PCRYPT_TIMESTAMP_INFO;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRYPT_TIMESTAMP_CONTEXT // CRYPT_TIMESTAMP_CONTEXT
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_TIMESTAMP_CONTEXT typedef struct _CRYPT_TIMESTAMP_CONTEXT
{ {
DWORD cbEncoded; DWORD cbEncoded;
__field_bcount(cbEncoded) _Field_size_bytes_(cbEncoded)
BYTE *pbEncoded; BYTE *pbEncoded;
PCRYPT_TIMESTAMP_INFO pTimeStamp; PCRYPT_TIMESTAMP_INFO pTimeStamp;
} CRYPT_TIMESTAMP_CONTEXT, *PCRYPT_TIMESTAMP_CONTEXT; } CRYPT_TIMESTAMP_CONTEXT, *PCRYPT_TIMESTAMP_CONTEXT;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CRYPT_TIMESTAMP_PARA // CRYPT_TIMESTAMP_PARA
// //
// pszTSAPolicyId // pszTSAPolicyId
// [optional] Specifies the TSA policy under which the time stamp token // [optional] Specifies the TSA policy under which the time stamp token
// should be provided. // should be provided.
skipping to change at line 19370 skipping to change at line 20346
// rgExtension // rgExtension
// [optional] Specifies Extensions to be included in request. // [optional] Specifies Extensions to be included in request.
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
typedef struct _CRYPT_TIMESTAMP_PARA typedef struct _CRYPT_TIMESTAMP_PARA
{ {
LPCSTR pszTSAPolicyId; // OPTIONAL LPCSTR pszTSAPolicyId; // OPTIONAL
BOOL fRequestCerts; // Default is TRUE BOOL fRequestCerts; // Default is TRUE
CRYPT_INTEGER_BLOB Nonce; // OPTIONAL CRYPT_INTEGER_BLOB Nonce; // OPTIONAL
DWORD cExtension; DWORD cExtension;
__field_ecount(cExtension) _Field_size_(cExtension)
PCERT_EXTENSION rgExtension; // OPTIONAL PCERT_EXTENSION rgExtension; // OPTIONAL
} CRYPT_TIMESTAMP_PARA, *PCRYPT_TIMESTAMP_PARA; } CRYPT_TIMESTAMP_PARA, *PCRYPT_TIMESTAMP_PARA;
//+------------------------------------------------------------------------- //+-------------------------------------------------------------------------
// CryptRetrieveTimeStamp // CryptRetrieveTimeStamp
// //
// wszUrl // wszUrl
// [in] Specifies TSA where to send request to. // [in] Specifies TSA where to send request to.
// //
// dwRetrievalFlags // dwRetrievalFlags
skipping to change at line 19421 skipping to change at line 20397
// //
// Remarks: // Remarks:
// //
// The TIMESTAMP_VERIFY_CONTEXT_SIGNATURE flag can be only used, // The TIMESTAMP_VERIFY_CONTEXT_SIGNATURE flag can be only used,
// if fRequestCerts value is TRUE. // if fRequestCerts value is TRUE.
// //
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
BOOL BOOL
WINAPI WINAPI
CryptRetrieveTimeStamp( CryptRetrieveTimeStamp(
__in LPCWSTR wszUrl, _In_ LPCWSTR wszUrl,
DWORD dwRetrievalFlags, DWORD dwRetrievalFlags,
DWORD dwTimeout, DWORD dwTimeout,
__in LPCSTR pszHashId, _In_ LPCSTR pszHashId,
__in_opt const CRYPT_TIMESTAMP_PARA *pPara, _In_opt_ const CRYPT_TIMESTAMP_PARA *pPara,
__in_bcount(cbData) _In_reads_bytes_(cbData)
const BYTE *pbData, const BYTE *pbData,
DWORD cbData, DWORD cbData,
__deref_out PCRYPT_TIMESTAMP_CONTEXT *ppTsContext, _Outptr_ PCRYPT_TIMESTAMP_CONTEXT *ppTsContext,
__deref_out_opt PCCERT_CONTEXT *ppTsSigner, _Outptr_result_maybenull_ PCCERT_CONTEXT *ppTsSigner,
__out_opt HCERTSTORE *phStore _Out_opt_ HCERTSTORE *phStore
); );
// Set this flag to inhibit hash calculation on pbData // Set this flag to inhibit hash calculation on pbData
#define TIMESTAMP_DONT_HASH_DATA 0x00000001 #define TIMESTAMP_DONT_HASH_DATA 0x00000001
// Set this flag to enforce signature validation on retrieved time stamp. // Set this flag to enforce signature validation on retrieved time stamp.
#define TIMESTAMP_VERIFY_CONTEXT_SIGNATURE 0x00000020 // CRYPT_VERIFY_CON TEXT_SIGNATURE #define TIMESTAMP_VERIFY_CONTEXT_SIGNATURE 0x00000020 // CRYPT_VERIFY_CON TEXT_SIGNATURE
// Set this flag to inhibit automatic authentication handling. See the // Set this flag to inhibit automatic authentication handling. See the
// wininet flag, INTERNET_FLAG_NO_AUTH, for more details. // wininet flag, INTERNET_FLAG_NO_AUTH, for more details.
skipping to change at line 19480 skipping to change at line 20456
// receives the certificate of the signer. // receives the certificate of the signer.
// When you have finished using this structure, free it by passing this // When you have finished using this structure, free it by passing this
// pointer to the CertFreeCertificateContext function. // pointer to the CertFreeCertificateContext function.
// This parameter can be NULL if the TSA signer's certificate is not needed. // This parameter can be NULL if the TSA signer's certificate is not needed.
// //
// NOTE: // NOTE:
// The caller should validate pszTSAPolicyId, if any was specified in the req uest, // The caller should validate pszTSAPolicyId, if any was specified in the req uest,
// and ftTime. // and ftTime.
// The caller should also build a chain for ppTsSigner and validate the trust . // The caller should also build a chain for ppTsSigner and validate the trust .
//-------------------------------------------------------------------------- //--------------------------------------------------------------------------
__success(return == TRUE) _Success_(return == TRUE)
BOOL BOOL
WINAPI WINAPI
CryptVerifyTimeStampSignature ( CryptVerifyTimeStampSignature (
__in_bcount( cbTSContentInfo ) _In_reads_bytes_( cbTSContentInfo )
const BYTE *pbTSContentInfo, const BYTE *pbTSContentInfo,
DWORD cbTSContentInfo, DWORD cbTSContentInfo,
__in_bcount_opt(cbData) _In_reads_bytes_opt_(cbData)
const BYTE *pbData, const BYTE *pbData,
DWORD cbData, DWORD cbData,
__in_opt HCERTSTORE hAdditionalStore, _In_opt_ HCERTSTORE hAdditionalStore,
__deref_out PCRYPT_TIMESTAMP_CONTEXT *ppTsContext, _Outptr_ PCRYPT_TIMESTAMP_CONTEXT *ppTsContext,
__deref_out_opt PCCERT_CONTEXT *ppTsSigner, _Outptr_result_maybenull_ PCCERT_CONTEXT *ppTsSigner,
__out_opt HCERTSTORE *phStore _Out_opt_ HCERTSTORE *phStore
); );
#endif // (NTDDI_VERSION >= NTDDI_WIN7) #endif // (NTDDI_VERSION >= NTDDI_WIN7)
//
// Object Locator Provider API
//
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define CRYPT_OBJECT_LOCATOR_SPN_NAME_TYPE 1 //ex. "HTTP/www
.contoso.com"
#define CRYPT_OBJECT_LOCATOR_LAST_RESERVED_NAME_TYPE 32
#define CRYPT_OBJECT_LOCATOR_FIRST_RESERVED_USER_NAME_TYPE 33
#define CRYPT_OBJECT_LOCATOR_LAST_RESERVED_USER_NAME_TYPE 0x0000FFFF
#define SSL_OBJECT_LOCATOR_PFX_FUNC "SslObjectLocatorInitia
lizePfx"
#define SSL_OBJECT_LOCATOR_ISSUER_LIST_FUNC "SslObjectLocatorInitia
lizeIssuerList"
#define SSL_OBJECT_LOCATOR_CERT_VALIDATION_CONFIG_FUNC "SslObjectLocatorInitia
lizeCertValidationConfig"
//--------------------------------------------------------------------------
// Releasing the locator can be done with the following reasons
// On system shutdown and process exit, the provider is not expected to
// release all memory. However, on service stop and dll unload the provider
// should clean itself up.
//--------------------------------------------------------------------------
#define CRYPT_OBJECT_LOCATOR_RELEASE_SYSTEM_SHUTDOWN 1
#define CRYPT_OBJECT_LOCATOR_RELEASE_SERVICE_STOP 2
#define CRYPT_OBJECT_LOCATOR_RELEASE_PROCESS_EXIT 3
#define CRYPT_OBJECT_LOCATOR_RELEASE_DLL_UNLOAD 4
//--------------------------------------------------------------------------
// The object locator provider receives this function when it is initialized.
// The object locator provider is expected to call this function when an
// object has changed. This indicates to the application that its copy of the
// object is stale and it should get an updated object.
//
// pContext
// This is the context pararameter passed into the object locator providers
// initialize function. The object locator provider must hold onto this conte
xt
// and pass it back into this flush function.
//
// rgIdentifierOrNameList
// An array of name/identifier blobs for objects that are stale. If an object
// has an identifier then pass in the identifier name. If an object does not
have
// an identifier then pass in the name. You can pass in NULL which indicates
all
// objects are stale but this is not recommended for performance reasons.
//
// dwIdentifierOrNameListCount
// Number of names/identifiers in the array. 0 implies that rgIdentifierOrNam
eList
// is NULL which means all objects are stale.
//
//--------------------------------------------------------------------------
_Success_(return != 0)
typedef BOOL (WINAPI *PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FLUSH)(
_In_ LPVOID pContext,
_In_reads_(dwIdentifierOrNameListCount) PCERT_NAME_BLOB *rgIdentifierOrNameL
ist,
_In_ DWORD dwIdentifierOrNameListCount);
//--------------------------------------------------------------------------
// An application will call on the object provider with the GET function when
// the application needs an object. The name blob uniquely identifies the conten
t
// to return. This function can return an identifier data blob. Subsequent calls
// to this function for the same object will pass in the identifier that was pre
viously
// returned. The identifier does not need to uniquely identify a particular obje
ct.
//
// pPluginContext
// This is the context that is returned by the object locator provider when
// it is initialized.
//
// pIdentifier
// This is the identifier that was returned on a previous GET call for this o
bject.
// On the first call for a particular object it is always NULL.
//
// dwNameType, pNameBlob
// The name the application is using for the object. The name will uniquely i
dentify
// an object.
//
// ppContent, pcbContent
// The returned object.
//
// ppwszPassword
// If the returned object is a pfx then this is the password for the pfx.
//
// ppIdentifier
// The identifier for the object.
//--------------------------------------------------------------------------
_Success_(return != 0)
typedef BOOL (WINAPI *PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_GET)(
_In_opt_ LPVOID pPluginContext,
_In_opt_ PCRYPT_DATA_BLOB pIdentifier,
_In_ DWORD dwNameType,
_In_ PCERT_NAME_BLOB pNameBlob,
_Outptr_result_bytebuffer_(*pcbContent) PBYTE *ppbContent,
_Out_ DWORD *pcbContent,
_Outptr_result_maybenull_ PCWSTR *ppwszPassword,
_Outptr_result_maybenull_ PCRYPT_DATA_BLOB *ppIdentifier);
//--------------------------------------------------------------------------
// The application has indicated it no longer needs to locate objects by
// calling this release function.
//
// dwReason
// Can be one of:
// CRYPT_OBJECT_LOCATOR_RELEASE_SYSTEM_SHUTDOWN
// CRYPT_OBJECT_LOCATOR_RELEASE_SERVICE_STOP
// CRYPT_OBJECT_LOCATOR_RELEASE_PROCESS_EXIT
// CRYPT_OBJECT_LOCATOR_RELEASE_DLL_UNLOAD
//
// pPluginContext
// This is the context that is returned by the object locator provider when
// it is initialized.
//--------------------------------------------------------------------------
typedef void (WINAPI * PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_RELEASE)(
_In_ DWORD dwReason,
_In_opt_ LPVOID pPluginContext);
//--------------------------------------------------------------------------
// If the PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_GET function returns a password
// that is non-NULL then this function will be called to release the memory.
// Best practice is to zero the memory before releasing it.
//
// pPluginContext
// This is the context that is returned by the object locator provider when
// it is initialized.
//
// pwszPassword
// Password obtained from PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_GET
//--------------------------------------------------------------------------
typedef void (WINAPI *PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE_PASSWORD)(
_In_opt_ LPVOID pPluginContext,
_In_ PCWSTR pwszPassword
);
//--------------------------------------------------------------------------
// The content returned by the PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_GET function
// is released using this function.
//
// pPluginContext
// This is the context that is returned by the object locator provider when
// it is initialized.
//
// pbData
// Content returned by the GET function.
//--------------------------------------------------------------------------
typedef void (WINAPI *PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE)(
_In_opt_ LPVOID pPluginContext,
_In_ PBYTE pbData
);
//--------------------------------------------------------------------------
//
// The identifier returned by the PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_GET function
// is released with this function. This will be called only if the identifier is
// non-NULL.
// The identifier will be released when the application no longer needs the
// object that was returned by the GET call.
//
// pPluginContext
// This is the context that is returned by the object locator provider when
// it is initialized.
//
// pIdentifier
// Identifier returned by the GET function.
//--------------------------------------------------------------------------
typedef void (WINAPI *PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE_IDENTIFIER)(
_In_opt_ LPVOID pPluginContext,
_In_ PCRYPT_DATA_BLOB pIdentifier);
typedef struct _CRYPT_OBJECT_LOCATOR_PROVIDER_TABLE
{
_Field_range_(sizeof(CRYPT_OBJECT_LOCATOR_PROVIDER_TABLE), sizeof(CRYPT_OBJE
CT_LOCATOR_PROVIDER_TABLE)) DWORD cbSize;
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_GET pfnGet;
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_RELEASE pfnRelease;
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE_PASSWORD pfnFreePassword;
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE pfnFree;
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE_IDENTIFIER pfnFreeIdentifier;
} CRYPT_OBJECT_LOCATOR_PROVIDER_TABLE, *PCRYPT_OBJECT_LOCATOR_PROVIDER_TABLE;
//--------------------------------------------------------------------------
//
// This is the initialization function of the object locator provider.
//
// pfnFlush
// This is the function which the provider must call when it detects that
// an object has changed and the calling application should know about it
// to prevent stale copies of the object from being used.
//
// pContext
// This context is passed to the intialization function. The provider
// is expected to hold onto this context and pass it back with the call
// call to the flush function
//
// pdwExpectedObjectCount
// The number of objects that the provider expects it will need to locate.
// This number will determine the size of a hash table used internally.
//
// pFuncTable
// A structure that describes a set of callback functions which can be used
// to get objects and free objects.
//
// ppPluginContext
// Extra information that the provider can return in its initialize call whic
h
// will be passed back to each of the subsequent callback functions.
//--------------------------------------------------------------------------
_Success_(return != 0)
typedef BOOL (WINAPI *PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_INITIALIZE)(
_In_ PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FLUSH pfnFlush,
_In_ LPVOID pContext,
_Out_ DWORD *pdwExpectedObjectCount,
_Outptr_ PCRYPT_OBJECT_LOCATOR_PROVIDER_TABLE *ppFuncTable,
_Outptr_result_maybenull_ void **ppPluginContext);
#endif // (NTDDI_VERSION >= NTDDI_WIN8)
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#endif //!defined(_DDK_DRIVER_) #endif //!defined(_DDK_DRIVER_)
#ifdef __cplusplus #ifdef __cplusplus
} // Balance extern "C" above } // Balance extern "C" above
#endif #endif
#if defined (_MSC_VER) #if defined (_MSC_VER)
#if ( _MSC_VER >= 800 ) #if ( _MSC_VER >= 800 )
#if _MSC_VER >= 1200 #if _MSC_VER >= 1200
#pragma warning(pop) #pragma warning(pop)
#else #else
#pragma warning(default:4201) #pragma warning(default:4201)
#endif #endif
#endif #endif
#endif #endif
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
//
// The following headers are refactored out of WinCrypt.h,
// reflecting the separate binaries.
// Applications which do not depend on all functionality of CRYPT32 etc.,
// can link directly to smaller binaries using smaller headers also.
//
#ifndef _WINCRYPT_NO_DPAPI
#include <dpapi.h>
#endif
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#endif // __WINCRYPT_H__ #endif // __WINCRYPT_H__
 End of changes. 574 change blocks. 
1869 lines changed or deleted 3119 lines changed or added

This html diff was produced by rfcdiff 1.41.