2
0

schannel_int.h 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142
  1. #ifndef HEADER_CURL_SCHANNEL_INT_H
  2. #define HEADER_CURL_SCHANNEL_INT_H
  3. /***************************************************************************
  4. * _ _ ____ _
  5. * Project ___| | | | _ \| |
  6. * / __| | | | |_) | |
  7. * | (__| |_| | _ <| |___
  8. * \___|\___/|_| \_\_____|
  9. *
  10. * Copyright (C) Marc Hoersken, <info@marc-hoersken.de>, et al.
  11. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  12. *
  13. * This software is licensed as described in the file COPYING, which
  14. * you should have received as part of this distribution. The terms
  15. * are also available at https://curl.se/docs/copyright.html.
  16. *
  17. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  18. * copies of the Software, and permit persons to whom the Software is
  19. * furnished to do so, under the terms of the COPYING file.
  20. *
  21. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  22. * KIND, either express or implied.
  23. *
  24. * SPDX-License-Identifier: curl
  25. *
  26. ***************************************************************************/
  27. #include "curl_setup.h"
  28. #ifdef USE_SCHANNEL
  29. #ifdef __MINGW32__
  30. #ifdef __MINGW64_VERSION_MAJOR
  31. #define HAS_MANUAL_VERIFY_API
  32. #endif
  33. #else
  34. #ifdef CERT_CHAIN_REVOCATION_CHECK_CHAIN
  35. #define HAS_MANUAL_VERIFY_API
  36. #endif
  37. #endif
  38. #if defined(CryptStringToBinary) && defined(CRYPT_STRING_HEX) \
  39. && !defined(DISABLE_SCHANNEL_CLIENT_CERT)
  40. #define HAS_CLIENT_CERT_PATH
  41. #endif
  42. #ifndef SCH_CREDENTIALS_VERSION
  43. #define SCH_CREDENTIALS_VERSION 0x00000005
  44. typedef enum _eTlsAlgorithmUsage
  45. {
  46. TlsParametersCngAlgUsageKeyExchange,
  47. TlsParametersCngAlgUsageSignature,
  48. TlsParametersCngAlgUsageCipher,
  49. TlsParametersCngAlgUsageDigest,
  50. TlsParametersCngAlgUsageCertSig
  51. } eTlsAlgorithmUsage;
  52. typedef struct _CRYPTO_SETTINGS
  53. {
  54. eTlsAlgorithmUsage eAlgorithmUsage;
  55. UNICODE_STRING strCngAlgId;
  56. DWORD cChainingModes;
  57. PUNICODE_STRING rgstrChainingModes;
  58. DWORD dwMinBitLength;
  59. DWORD dwMaxBitLength;
  60. } CRYPTO_SETTINGS, * PCRYPTO_SETTINGS;
  61. typedef struct _TLS_PARAMETERS
  62. {
  63. DWORD cAlpnIds;
  64. PUNICODE_STRING rgstrAlpnIds;
  65. DWORD grbitDisabledProtocols;
  66. DWORD cDisabledCrypto;
  67. PCRYPTO_SETTINGS pDisabledCrypto;
  68. DWORD dwFlags;
  69. } TLS_PARAMETERS, * PTLS_PARAMETERS;
  70. typedef struct _SCH_CREDENTIALS
  71. {
  72. DWORD dwVersion;
  73. DWORD dwCredFormat;
  74. DWORD cCreds;
  75. PCCERT_CONTEXT* paCred;
  76. HCERTSTORE hRootStore;
  77. DWORD cMappers;
  78. struct _HMAPPER **aphMappers;
  79. DWORD dwSessionLifespan;
  80. DWORD dwFlags;
  81. DWORD cTlsParameters;
  82. PTLS_PARAMETERS pTlsParameters;
  83. } SCH_CREDENTIALS, * PSCH_CREDENTIALS;
  84. #define SCH_CRED_MAX_SUPPORTED_PARAMETERS 16
  85. #define SCH_CRED_MAX_SUPPORTED_ALPN_IDS 16
  86. #define SCH_CRED_MAX_SUPPORTED_CRYPTO_SETTINGS 16
  87. #define SCH_CRED_MAX_SUPPORTED_CHAINING_MODES 16
  88. #endif /* SCH_CREDENTIALS_VERSION */
  89. struct Curl_schannel_cred {
  90. CredHandle cred_handle;
  91. TimeStamp time_stamp;
  92. TCHAR *sni_hostname;
  93. #ifdef HAS_CLIENT_CERT_PATH
  94. HCERTSTORE client_cert_store;
  95. #endif
  96. int refcount;
  97. };
  98. struct Curl_schannel_ctxt {
  99. CtxtHandle ctxt_handle;
  100. TimeStamp time_stamp;
  101. };
  102. struct schannel_ssl_backend_data {
  103. struct Curl_schannel_cred *cred;
  104. struct Curl_schannel_ctxt *ctxt;
  105. SecPkgContext_StreamSizes stream_sizes;
  106. size_t encdata_length, decdata_length;
  107. size_t encdata_offset, decdata_offset;
  108. unsigned char *encdata_buffer, *decdata_buffer;
  109. /* encdata_is_incomplete: if encdata contains only a partial record that
  110. can't be decrypted without another recv() (that is, status is
  111. SEC_E_INCOMPLETE_MESSAGE) then set this true. after an recv() adds
  112. more bytes into encdata then set this back to false. */
  113. bool encdata_is_incomplete;
  114. unsigned long req_flags, ret_flags;
  115. CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */
  116. bool recv_sspi_close_notify; /* true if connection closed by close_notify */
  117. bool recv_connection_closed; /* true if connection closed, regardless how */
  118. bool recv_renegotiating; /* true if recv is doing renegotiation */
  119. bool use_alpn; /* true if ALPN is used for this connection */
  120. #ifdef HAS_MANUAL_VERIFY_API
  121. bool use_manual_cred_validation; /* true if manual cred validation is used */
  122. #endif
  123. };
  124. #endif /* USE_SCHANNEL */
  125. #endif /* HEADER_CURL_SCHANNEL_INT_H */