模拟服务器

开发平台：

C/C++

WinCrypt.h：源码内容

//+---------------------------------------------------------------------------
//
// Microsoft Windows
//
// File: wincrypt.h
//
// Contents: Cryptographic API Prototypes and Definitions
//
//----------------------------------------------------------------------------
#ifndef __WINCRYPT_H__
#define __WINCRYPT_H__
#if defined (_MSC_VER)
#if ( _MSC_VER >= 800 )
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning(disable:4201) /* Nameless struct/union */
#endif
#if (_MSC_VER > 1020)
#pragma once
#endif
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifndef _HRESULT_DEFINED
#define _HRESULT_DEFINED
typedef LONG HRESULT;
#endif // !_HRESULT_DEFINED
#ifndef WINADVAPI
#define WINADVAPI
#endif
#ifndef WINAPI
#define WINAPI __stdcall
#endif
#ifndef CALLBACK
#define CALLBACK __stdcall
#endif
#ifndef DECLSPEC_IMPORT
#define DECLSPEC_IMPORT
#endif
#ifndef CONST
#define CONST const
#endif
#ifndef IN
#define IN
#endif
#ifndef OUT
#define OUT
#endif
#ifndef OPTIONAL
#define OPTIONAL
#endif
#if !defined(_CRYPT32_)
#define WINCRYPT32API DECLSPEC_IMPORT
#else
#define WINCRYPT32API
#endif
#if !defined(_CRYPT32STRING_)
# define WINCRYPT32STRINGAPI WINCRYPT32API
#else
# define WINCRYPT32STRINGAPI
#endif
//
// Algorithm IDs and Flags
//
// ALG_ID crackers
#define GET_ALG_CLASS(x) (x & (7 << 13))
#define GET_ALG_TYPE(x) (x & (15 << 9))
#define GET_ALG_SID(x) (x & (511))
// Algorithm classes
#define ALG_CLASS_ANY (0)
#define ALG_CLASS_SIGNATURE (1 << 13)
#define ALG_CLASS_MSG_ENCRYPT (2 << 13)
#define ALG_CLASS_DATA_ENCRYPT (3 << 13)
#define ALG_CLASS_HASH (4 << 13)
#define ALG_CLASS_KEY_EXCHANGE (5 << 13)
#define ALG_CLASS_ALL (7 << 13)
// Algorithm types
#define ALG_TYPE_ANY (0)
#define ALG_TYPE_DSS (1 << 9)
#define ALG_TYPE_RSA (2 << 9)
#define ALG_TYPE_BLOCK (3 << 9)
#define ALG_TYPE_STREAM (4 << 9)
#define ALG_TYPE_DH (5 << 9)
#define ALG_TYPE_SECURECHANNEL (6 << 9)
// Generic sub-ids
#define ALG_SID_ANY (0)
// Some RSA sub-ids
#define ALG_SID_RSA_ANY 0
#define ALG_SID_RSA_PKCS 1
#define ALG_SID_RSA_MSATWORK 2
#define ALG_SID_RSA_ENTRUST 3
#define ALG_SID_RSA_PGP 4
// Some DSS sub-ids
//
#define ALG_SID_DSS_ANY 0
#define ALG_SID_DSS_PKCS 1
#define ALG_SID_DSS_DMS 2
// Block cipher sub ids
// DES sub_ids
#define ALG_SID_DES 1
#define ALG_SID_3DES 3
#define ALG_SID_DESX 4
#define ALG_SID_IDEA 5
#define ALG_SID_CAST 6
#define ALG_SID_SAFERSK64 7
#define ALG_SID_SAFERSK128 8
#define ALG_SID_3DES_112 9
#define ALG_SID_CYLINK_MEK 12
#define ALG_SID_RC5 13
#define ALG_SID_AES_128 14
#define ALG_SID_AES_192 15
#define ALG_SID_AES_256 16
#define ALG_SID_AES 17
// Fortezza sub-ids
#define ALG_SID_SKIPJACK 10
#define ALG_SID_TEK 11
// KP_MODE
#define CRYPT_MODE_CBCI 6 // ANSI CBC Interleaved
#define CRYPT_MODE_CFBP 7 // ANSI CFB Pipelined
#define CRYPT_MODE_OFBP 8 // ANSI OFB Pipelined
#define CRYPT_MODE_CBCOFM 9 // ANSI CBC + OF Masking
#define CRYPT_MODE_CBCOFMI 10 // ANSI CBC + OFM Interleaved
// RC2 sub-ids
#define ALG_SID_RC2 2
// Stream cipher sub-ids
#define ALG_SID_RC4 1
#define ALG_SID_SEAL 2
// Diffie-Hellman sub-ids
#define ALG_SID_DH_SANDF 1
#define ALG_SID_DH_EPHEM 2
#define ALG_SID_AGREED_KEY_ANY 3
#define ALG_SID_KEA 4
// Hash sub ids
#define ALG_SID_MD2 1
#define ALG_SID_MD4 2
#define ALG_SID_MD5 3
#define ALG_SID_SHA 4
#define ALG_SID_SHA1 4
#define ALG_SID_MAC 5
#define ALG_SID_RIPEMD 6
#define ALG_SID_RIPEMD160 7
#define ALG_SID_SSL3SHAMD5 8
#define ALG_SID_HMAC 9
#define ALG_SID_TLS1PRF 10
#define ALG_SID_HASH_REPLACE_OWF 11
// secure channel sub ids
#define ALG_SID_SSL3_MASTER 1
#define ALG_SID_SCHANNEL_MASTER_HASH 2
#define ALG_SID_SCHANNEL_MAC_KEY 3
#define ALG_SID_PCT1_MASTER 4
#define ALG_SID_SSL2_MASTER 5
#define ALG_SID_TLS1_MASTER 6
#define ALG_SID_SCHANNEL_ENC_KEY 7
// Our silly example sub-id
#define ALG_SID_EXAMPLE 80
#ifndef ALGIDDEF
#define ALGIDDEF
typedef unsigned int ALG_ID;
#endif
// algorithm identifier definitions
#define CALG_MD2 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2)
#define CALG_MD4 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4)
#define CALG_MD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5)
#define CALG_SHA (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA)
#define CALG_SHA1 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1)
#define CALG_MAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC)
#define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RSA_ANY)
#define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DSS_ANY)
#define CALG_NO_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_ANY | ALG_SID_ANY)
#define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA_ANY)
#define CALG_DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_DES)
#define CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES_112)
#define CALG_3DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES)
#define CALG_DESX (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_DESX)
#define CALG_RC2 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC2)
#define CALG_RC4 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_RC4)
#define CALG_SEAL (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_SEAL)
#define CALG_DH_SF (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_SANDF)
#define CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_EPHEM)
#define CALG_AGREEDKEY_ANY (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_AGREED_KEY_ANY)
#define CALG_KEA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_KEA)
#define CALG_HUGHES_MD5 (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_ANY|ALG_SID_MD5)
#define CALG_SKIPJACK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_SKIPJACK)
#define CALG_TEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_TEK)
#define CALG_CYLINK_MEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_CYLINK_MEK)
#define CALG_SSL3_SHAMD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHAMD5)
#define CALG_SSL3_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SSL3_MASTER)
#define CALG_SCHANNEL_MASTER_HASH (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_MASTER_HASH)
#define CALG_SCHANNEL_MAC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_MAC_KEY)
#define CALG_SCHANNEL_ENC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_ENC_KEY)
#define CALG_PCT1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_PCT1_MASTER)
#define CALG_SSL2_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SSL2_MASTER)
#define CALG_TLS1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_TLS1_MASTER)
#define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC5)
#define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC)
#define CALG_TLS1PRF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF)
#define CALG_HASH_REPLACE_OWF (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HASH_REPLACE_OWF)
#define CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_128)
#define CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_192)
#define CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES_256)
#define CALG_AES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_AES)
typedef ULONG_PTR HCRYPTPROV;
typedef ULONG_PTR HCRYPTKEY;
typedef ULONG_PTR HCRYPTHASH;
// dwFlags definitions for CryptAcquireContext
#define CRYPT_VERIFYCONTEXT 0xF0000000
#define CRYPT_NEWKEYSET 0x00000008
#define CRYPT_DELETEKEYSET 0x00000010
#define CRYPT_MACHINE_KEYSET 0x00000020
#define CRYPT_SILENT 0x00000040
// dwFlag definitions for CryptGenKey
#define CRYPT_EXPORTABLE 0x00000001
#define CRYPT_USER_PROTECTED 0x00000002
#define CRYPT_CREATE_SALT 0x00000004
#define CRYPT_UPDATE_KEY 0x00000008
#define CRYPT_NO_SALT 0x00000010
#define CRYPT_PREGEN 0x00000040
#define CRYPT_RECIPIENT 0x00000010
#define CRYPT_INITIATOR 0x00000040
#define CRYPT_ONLINE 0x00000080
#define CRYPT_SF 0x00000100
#define CRYPT_CREATE_IV 0x00000200
#define CRYPT_KEK 0x00000400
#define CRYPT_DATA_KEY 0x00000800
#define CRYPT_VOLATILE 0x00001000
#define CRYPT_SGCKEY 0x00002000
#define CRYPT_ARCHIVABLE 0x00004000
#define RSA1024BIT_KEY 0x04000000
// dwFlags definitions for CryptDeriveKey
#define CRYPT_SERVER 0x00000400
#define KEY_LENGTH_MASK 0xFFFF0000
// dwFlag definitions for CryptExportKey
#define CRYPT_Y_ONLY 0x00000001
#define CRYPT_SSL2_FALLBACK 0x00000002
#define CRYPT_DESTROYKEY 0x00000004
#define CRYPT_OAEP 0x00000040 // used with RSA encryptions/decryptions
// CryptExportKey, CryptImportKey,
// CryptEncrypt and CryptDecrypt
#define CRYPT_BLOB_VER3 0x00000080 // export version 3 of a blob type
#define CRYPT_IPSEC_HMAC_KEY 0x00000100 // CryptImportKey only
// dwFlags definitions for CryptCreateHash
#define CRYPT_SECRETDIGEST 0x00000001
// dwFlags definitions for CryptHashData
#define CRYPT_OWF_REPL_LM_HASH 0x00000001 // this is only for the OWF replacement CSP
// dwFlags definitions for CryptHashSessionKey
#define CRYPT_LITTLE_ENDIAN 0x00000001
// dwFlags definitions for CryptSignHash and CryptVerifySignature
#define CRYPT_NOHASHOID 0x00000001
#define CRYPT_TYPE2_FORMAT 0x00000002
#define CRYPT_X931_FORMAT 0x00000004
// dwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider
#define CRYPT_MACHINE_DEFAULT 0x00000001
#define CRYPT_USER_DEFAULT 0x00000002
#define CRYPT_DELETE_DEFAULT 0x00000004
// exported key blob definitions
#define SIMPLEBLOB 0x1
#define PUBLICKEYBLOB 0x6
#define PRIVATEKEYBLOB 0x7
#define PLAINTEXTKEYBLOB 0x8
#define OPAQUEKEYBLOB 0x9
#define PUBLICKEYBLOBEX 0xA
#define SYMMETRICWRAPKEYBLOB 0xB
#define AT_KEYEXCHANGE 1
#define AT_SIGNATURE 2
#define CRYPT_USERDATA 1
// dwParam
#define KP_IV 1 // Initialization vector
#define KP_SALT 2 // Salt value
#define KP_PADDING 3 // Padding values
#define KP_MODE 4 // Mode of the cipher
#define KP_MODE_BITS 5 // Number of bits to feedback
#define KP_PERMISSIONS 6 // Key permissions DWORD
#define KP_ALGID 7 // Key algorithm
#define KP_BLOCKLEN 8 // Block size of the cipher
#define KP_KEYLEN 9 // Length of key in bits
#define KP_SALT_EX 10 // Length of salt in bytes
#define KP_P 11 // DSS/Diffie-Hellman P value
#define KP_G 12 // DSS/Diffie-Hellman G value
#define KP_Q 13 // DSS Q value
#define KP_X 14 // Diffie-Hellman X value
#define KP_Y 15 // Y value
#define KP_RA 16 // Fortezza RA value
#define KP_RB 17 // Fortezza RB value
#define KP_INFO 18 // for putting information into an RSA envelope
#define KP_EFFECTIVE_KEYLEN 19 // setting and getting RC2 effective key length
#define KP_SCHANNEL_ALG 20 // for setting the Secure Channel algorithms
#define KP_CLIENT_RANDOM 21 // for setting the Secure Channel client random data
#define KP_SERVER_RANDOM 22 // for setting the Secure Channel server random data
#define KP_RP 23
#define KP_PRECOMP_MD5 24
#define KP_PRECOMP_SHA 25
#define KP_CERTIFICATE 26 // for setting Secure Channel certificate data (PCT1)
#define KP_CLEAR_KEY 27 // for setting Secure Channel clear key data (PCT1)
#define KP_PUB_EX_LEN 28
#define KP_PUB_EX_VAL 29
#define KP_KEYVAL 30
#define KP_ADMIN_PIN 31
#define KP_KEYEXCHANGE_PIN 32
#define KP_SIGNATURE_PIN 33
#define KP_PREHASH 34
#define KP_OAEP_PARAMS 36 // for setting OAEP params on RSA keys
#define KP_CMS_KEY_INFO 37
#define KP_CMS_DH_KEY_INFO 38
#define KP_PUB_PARAMS 39 // for setting public parameters
#define KP_VERIFY_PARAMS 40 // for verifying DSA and DH parameters
#define KP_HIGHEST_VERSION 41 // for TLS protocol version setting
// KP_PADDING
#define PKCS5_PADDING 1 // PKCS 5 (sec 6.2) padding method
#define RANDOM_PADDING 2
#define ZERO_PADDING 3
// KP_MODE
#define CRYPT_MODE_CBC 1 // Cipher block chaining
#define CRYPT_MODE_ECB 2 // Electronic code book
#define CRYPT_MODE_OFB 3 // Output feedback mode
#define CRYPT_MODE_CFB 4 // Cipher feedback mode
#define CRYPT_MODE_CTS 5 // Ciphertext stealing mode
// KP_PERMISSIONS
#define CRYPT_ENCRYPT 0x0001 // Allow encryption
#define CRYPT_DECRYPT 0x0002 // Allow decryption
#define CRYPT_EXPORT 0x0004 // Allow key to be exported
#define CRYPT_READ 0x0008 // Allow parameters to be read
#define CRYPT_WRITE 0x0010 // Allow parameters to be set
#define CRYPT_MAC 0x0020 // Allow MACs to be used with key
#define CRYPT_EXPORT_KEY 0x0040 // Allow key to be used for exporting keys
#define CRYPT_IMPORT_KEY 0x0080 // Allow key to be used for importing keys
#define CRYPT_ARCHIVE 0x0100 // Allow key to be exported at creation only
#define HP_ALGID 0x0001 // Hash algorithm
#define HP_HASHVAL 0x0002 // Hash value
#define HP_HASHSIZE 0x0004 // Hash value size
#define HP_HMAC_INFO 0x0005 // information for creating an HMAC
#define HP_TLS1PRF_LABEL 0x0006 // label for TLS1 PRF
#define HP_TLS1PRF_SEED 0x0007 // seed for TLS1 PRF
#define CRYPT_FAILED FALSE
#define CRYPT_SUCCEED TRUE
#define RCRYPT_SUCCEEDED(rt) ((rt) == CRYPT_SUCCEED)
#define RCRYPT_FAILED(rt) ((rt) == CRYPT_FAILED)
//
// CryptGetProvParam
//
#define PP_ENUMALGS 1
#define PP_ENUMCONTAINERS 2
#define PP_IMPTYPE 3
#define PP_NAME 4
#define PP_VERSION 5
#define PP_CONTAINER 6
#define PP_CHANGE_PASSWORD 7
#define PP_KEYSET_SEC_DESCR 8 // get/set security descriptor of keyset
#define PP_CERTCHAIN 9 // for retrieving certificates from tokens
#define PP_KEY_TYPE_SUBTYPE 10
#define PP_PROVTYPE 16
#define PP_KEYSTORAGE 17
#define PP_APPLI_CERT 18
#define PP_SYM_KEYSIZE 19
#define PP_SESSION_KEYSIZE 20
#define PP_UI_PROMPT 21
#define PP_ENUMALGS_EX 22
#define PP_ENUMMANDROOTS 25
#define PP_ENUMELECTROOTS 26
#define PP_KEYSET_TYPE 27
#define PP_ADMIN_PIN 31
#define PP_KEYEXCHANGE_PIN 32
#define PP_SIGNATURE_PIN 33
#define PP_SIG_KEYSIZE_INC 34
#define PP_KEYX_KEYSIZE_INC 35
#define PP_UNIQUE_CONTAINER 36
#define PP_SGC_INFO 37
#define PP_USE_HARDWARE_RNG 38
#define PP_KEYSPEC 39
#define PP_ENUMEX_SIGNING_PROT 40
#define CRYPT_FIRST 1
#define CRYPT_NEXT 2
#define CRYPT_SGC_ENUM 4
#define CRYPT_IMPL_HARDWARE 1
#define CRYPT_IMPL_SOFTWARE 2
#define CRYPT_IMPL_MIXED 3
#define CRYPT_IMPL_UNKNOWN 4
#define CRYPT_IMPL_REMOVABLE 8
// key storage flags
#define CRYPT_SEC_DESCR 0x00000001
#define CRYPT_PSTORE 0x00000002
#define CRYPT_UI_PROMPT 0x00000004
// protocol flags
#define CRYPT_FLAG_PCT1 0x0001
#define CRYPT_FLAG_SSL2 0x0002
#define CRYPT_FLAG_SSL3 0x0004
#define CRYPT_FLAG_TLS1 0x0008
#define CRYPT_FLAG_IPSEC 0x0010
#define CRYPT_FLAG_SIGNING 0x0020
// SGC flags
#define CRYPT_SGC 0x0001
#define CRYPT_FASTSGC 0x0002
//
// CryptSetProvParam
//
#define PP_CLIENT_HWND 1
#define PP_CONTEXT_INFO 11
#define PP_KEYEXCHANGE_KEYSIZE 12
#define PP_SIGNATURE_KEYSIZE 13
#define PP_KEYEXCHANGE_ALG 14
#define PP_SIGNATURE_ALG 15
#define PP_DELETEKEY 24
#define PROV_RSA_FULL 1
#define PROV_RSA_SIG 2
#define PROV_DSS 3
#define PROV_FORTEZZA 4
#define PROV_MS_EXCHANGE 5
#define PROV_SSL 6
#define PROV_RSA_SCHANNEL 12
#define PROV_DSS_DH 13
#define PROV_EC_ECDSA_SIG 14
#define PROV_EC_ECNRA_SIG 15
#define PROV_EC_ECDSA_FULL 16
#define PROV_EC_ECNRA_FULL 17
#define PROV_DH_SCHANNEL 18
#define PROV_SPYRUS_LYNKS 20
#define PROV_RNG 21
#define PROV_INTEL_SEC 22
#define PROV_REPLACE_OWF 23
#define PROV_RSA_AES 24
//
// STT defined Providers
//
#define PROV_STT_MER 7
#define PROV_STT_ACQ 8
#define PROV_STT_BRND 9
#define PROV_STT_ROOT 10
#define PROV_STT_ISS 11
//
// Provider friendly names
//
#define MS_DEF_PROV_A "Microsoft Base Cryptographic Provider v1.0"
#define MS_DEF_PROV_W L"Microsoft Base Cryptographic Provider v1.0"
#ifdef UNICODE
#define MS_DEF_PROV MS_DEF_PROV_W
#else
#define MS_DEF_PROV MS_DEF_PROV_A
#endif
#define MS_ENHANCED_PROV_A "Microsoft Enhanced Cryptographic Provider v1.0"
#define MS_ENHANCED_PROV_W L"Microsoft Enhanced Cryptographic Provider v1.0"
#ifdef UNICODE
#define MS_ENHANCED_PROV MS_ENHANCED_PROV_W
#else
#define MS_ENHANCED_PROV MS_ENHANCED_PROV_A
#endif
#define MS_STRONG_PROV_A "Microsoft Strong Cryptographic Provider"
#define MS_STRONG_PROV_W L"Microsoft Strong Cryptographic Provider"
#ifdef UNICODE
#define MS_STRONG_PROV MS_STRONG_PROV_W
#else
#define MS_STRONG_PROV MS_STRONG_PROV_A
#endif
#define MS_DEF_RSA_SIG_PROV_A "Microsoft RSA Signature Cryptographic Provider"
#define MS_DEF_RSA_SIG_PROV_W L"Microsoft RSA Signature Cryptographic Provider"
#ifdef UNICODE
#define MS_DEF_RSA_SIG_PROV MS_DEF_RSA_SIG_PROV_W
#else
#define MS_DEF_RSA_SIG_PROV MS_DEF_RSA_SIG_PROV_A
#endif
#define MS_DEF_RSA_SCHANNEL_PROV_A "Microsoft RSA SChannel Cryptographic Provider"
#define MS_DEF_RSA_SCHANNEL_PROV_W L"Microsoft RSA SChannel Cryptographic Provider"
#ifdef UNICODE
#define MS_DEF_RSA_SCHANNEL_PROV MS_DEF_RSA_SCHANNEL_PROV_W
#else
#define MS_DEF_RSA_SCHANNEL_PROV MS_DEF_RSA_SCHANNEL_PROV_A
#endif
#define MS_DEF_DSS_PROV_A "Microsoft Base DSS Cryptographic Provider"
#define MS_DEF_DSS_PROV_W L"Microsoft Base DSS Cryptographic Provider"
#ifdef UNICODE
#define MS_DEF_DSS_PROV MS_DEF_DSS_PROV_W
#else
#define MS_DEF_DSS_PROV MS_DEF_DSS_PROV_A
#endif
#define MS_DEF_DSS_DH_PROV_A "Microsoft Base DSS and Diffie-Hellman Cryptographic Provider"
#define MS_DEF_DSS_DH_PROV_W L"Microsoft Base DSS and Diffie-Hellman Cryptographic Provider"
#ifdef UNICODE
#define MS_DEF_DSS_DH_PROV MS_DEF_DSS_DH_PROV_W
#else
#define MS_DEF_DSS_DH_PROV MS_DEF_DSS_DH_PROV_A
#endif
#define MS_ENH_DSS_DH_PROV_A "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider"
#define MS_ENH_DSS_DH_PROV_W L"Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider"
#ifdef UNICODE
#define MS_ENH_DSS_DH_PROV MS_ENH_DSS_DH_PROV_W
#else
#define MS_ENH_DSS_DH_PROV MS_ENH_DSS_DH_PROV_A
#endif
#define MS_DEF_DH_SCHANNEL_PROV_A "Microsoft DH SChannel Cryptographic Provider"
#define MS_DEF_DH_SCHANNEL_PROV_W L"Microsoft DH SChannel Cryptographic Provider"
#ifdef UNICODE
#define MS_DEF_DH_SCHANNEL_PROV MS_DEF_DH_SCHANNEL_PROV_W
#else
#define MS_DEF_DH_SCHANNEL_PROV MS_DEF_DH_SCHANNEL_PROV_A
#endif
#define MS_SCARD_PROV_A "Microsoft Base Smart Card Crypto Provider"
#define MS_SCARD_PROV_W L"Microsoft Base Smart Card Crypto Provider"
#ifdef UNICODE
#define MS_SCARD_PROV MS_SCARD_PROV_W
#else
#define MS_SCARD_PROV MS_SCARD_PROV_A
#endif
#define MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
#define MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
#ifdef UNICODE
#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_W
#else
#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_A
#endif
#define MAXUIDLEN 64
// Exponentiation Offload Reg Location
#define EXPO_OFFLOAD_REG_VALUE "ExpoOffload"
#define EXPO_OFFLOAD_FUNC_NAME "OffloadModExpo"
#define CUR_BLOB_VERSION 2
// structure for use with CryptSetKeyParam for CMS keys
// DO NOT USE THIS STRUCTURE!!!!!
typedef struct _CMS_KEY_INFO {
DWORD dwVersion; // sizeof(CMS_KEY_INFO)
ALG_ID Algid; // algorithmm id for the key to be converted
BYTE *pbOID; // pointer to OID to hash in with Z
DWORD cbOID; // length of OID to hash in with Z
} CMS_KEY_INFO, *PCMS_KEY_INFO;
// structure for use with CryptSetHashParam with CALG_HMAC
typedef struct _HMAC_Info {
ALG_ID HashAlgid;
BYTE *pbInnerString;
DWORD cbInnerString;
BYTE *pbOuterString;
DWORD cbOuterString;
} HMAC_INFO, *PHMAC_INFO;
// structure for use with CryptSetKeyParam with KP_SCHANNEL_ALG
typedef struct _SCHANNEL_ALG {
DWORD dwUse;
ALG_ID Algid;
DWORD cBits;
DWORD dwFlags;
DWORD dwReserved;
} SCHANNEL_ALG, *PSCHANNEL_ALG;
// uses of algortihms for SCHANNEL_ALG structure
#define SCHANNEL_MAC_KEY 0x00000000
#define SCHANNEL_ENC_KEY 0x00000001
// uses of dwFlags SCHANNEL_ALG structure
#define INTERNATIONAL_USAGE 0x00000001
typedef struct _PROV_ENUMALGS {
ALG_ID aiAlgid;
DWORD dwBitLen;
DWORD dwNameLen;
CHAR szName[20];
} PROV_ENUMALGS;
typedef struct _PROV_ENUMALGS_EX {
ALG_ID aiAlgid;
DWORD dwDefaultLen;
DWORD dwMinLen;
DWORD dwMaxLen;
DWORD dwProtocols;
DWORD dwNameLen;
CHAR szName[20];
DWORD dwLongNameLen;
CHAR szLongName[40];
} PROV_ENUMALGS_EX;
typedef struct _PUBLICKEYSTRUC {
BYTE bType;
BYTE bVersion;
WORD reserved;
ALG_ID aiKeyAlg;
} BLOBHEADER, PUBLICKEYSTRUC;
typedef struct _RSAPUBKEY {
DWORD magic; // Has to be RSA1
DWORD bitlen; // # of bits in modulus
DWORD pubexp; // public exponent
// Modulus data follows
} RSAPUBKEY;
typedef struct _PUBKEY {
DWORD magic;
DWORD bitlen; // # of bits in modulus
} DHPUBKEY, DSSPUBKEY, KEAPUBKEY, TEKPUBKEY;
typedef struct _DSSSEED {
DWORD counter;
BYTE seed[20];
} DSSSEED;
typedef struct _PUBKEYVER3 {
DWORD magic;
DWORD bitlenP; // # of bits in prime modulus
DWORD bitlenQ; // # of bits in prime q, 0 if not available
DWORD bitlenJ; // # of bits in (p-1)/q, 0 if not available
DSSSEED DSSSeed;
} DHPUBKEY_VER3, DSSPUBKEY_VER3;
typedef struct _PRIVKEYVER3 {
DWORD magic;
DWORD bitlenP; // # of bits in prime modulus
DWORD bitlenQ; // # of bits in prime q, 0 if not available
DWORD bitlenJ; // # of bits in (p-1)/q, 0 if not available
DWORD bitlenX; // # of bits in X
DSSSEED DSSSeed;
} DHPRIVKEY_VER3, DSSPRIVKEY_VER3;
typedef struct _KEY_TYPE_SUBTYPE {
DWORD dwKeySpec;
GUID Type;
GUID Subtype;
} KEY_TYPE_SUBTYPE, *PKEY_TYPE_SUBTYPE;
typedef struct _CERT_FORTEZZA_DATA_PROP {
unsigned char SerialNumber[8];
int CertIndex;
unsigned char CertLabel[36];
} CERT_FORTEZZA_DATA_PROP;
//+-------------------------------------------------------------------------
// CRYPTOAPI BLOB definitions
//--------------------------------------------------------------------------
typedef struct _CRYPTOAPI_BLOB {
DWORD cbData;
BYTE *pbData;
} CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB,
CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB,
CRYPT_OBJID_BLOB, *PCRYPT_OBJID_BLOB,
CERT_NAME_BLOB, *PCERT_NAME_BLOB,
CERT_RDN_VALUE_BLOB, *PCERT_RDN_VALUE_BLOB,
CERT_BLOB, *PCERT_BLOB,
CRL_BLOB, *PCRL_BLOB,
DATA_BLOB, *PDATA_BLOB,
CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB,
CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB,
CRYPT_DIGEST_BLOB, *PCRYPT_DIGEST_BLOB,
CRYPT_DER_BLOB, *PCRYPT_DER_BLOB,
CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB;
// structure for use with CryptSetKeyParam for CMS keys
typedef struct _CMS_DH_KEY_INFO {
DWORD dwVersion; // sizeof(CMS_DH_KEY_INFO)
ALG_ID Algid; // algorithmm id for the key to be converted
LPSTR pszContentEncObjId; // pointer to OID to hash in with Z
CRYPT_DATA_BLOB PubInfo; // OPTIONAL - public information
void *pReserved; // reserved - should be NULL
} CMS_DH_KEY_INFO, *PCMS_DH_KEY_INFO;
WINADVAPI
BOOL
WINAPI
CryptAcquireContextA(
HCRYPTPROV *phProv,
LPCSTR szContainer,
LPCSTR szProvider,
DWORD dwProvType,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptAcquireContextW(
HCRYPTPROV *phProv,
LPCWSTR szContainer,
LPCWSTR szProvider,
DWORD dwProvType,
DWORD dwFlags
);
#ifdef UNICODE
#define CryptAcquireContext CryptAcquireContextW
#else
#define CryptAcquireContext CryptAcquireContextA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptReleaseContext(
HCRYPTPROV hProv,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptGenKey(
HCRYPTPROV hProv,
ALG_ID Algid,
DWORD dwFlags,
HCRYPTKEY *phKey
);
WINADVAPI
BOOL
WINAPI
CryptDeriveKey(
HCRYPTPROV hProv,
ALG_ID Algid,
HCRYPTHASH hBaseData,
DWORD dwFlags,
HCRYPTKEY *phKey
);
WINADVAPI
BOOL
WINAPI
CryptDestroyKey(
HCRYPTKEY hKey
);
WINADVAPI
BOOL
WINAPI
CryptSetKeyParam(
HCRYPTKEY hKey,
DWORD dwParam,
CONST BYTE *pbData,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptGetKeyParam(
HCRYPTKEY hKey,
DWORD dwParam,
BYTE *pbData,
DWORD *pdwDataLen,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptSetHashParam(
HCRYPTHASH hHash,
DWORD dwParam,
CONST BYTE *pbData,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptGetHashParam(
HCRYPTHASH hHash,
DWORD dwParam,
BYTE *pbData,
DWORD *pdwDataLen,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptSetProvParam(
HCRYPTPROV hProv,
DWORD dwParam,
CONST BYTE *pbData,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptGetProvParam(
HCRYPTPROV hProv,
DWORD dwParam,
BYTE *pbData,
DWORD *pdwDataLen,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptGenRandom(
HCRYPTPROV hProv,
DWORD dwLen,
BYTE *pbBuffer
);
WINADVAPI
BOOL
WINAPI
CryptGetUserKey(
HCRYPTPROV hProv,
DWORD dwKeySpec,
HCRYPTKEY *phUserKey
);
WINADVAPI
BOOL
WINAPI
CryptExportKey(
HCRYPTKEY hKey,
HCRYPTKEY hExpKey,
DWORD dwBlobType,
DWORD dwFlags,
BYTE *pbData,
DWORD *pdwDataLen
);
WINADVAPI
BOOL
WINAPI
CryptImportKey(
HCRYPTPROV hProv,
CONST BYTE *pbData,
DWORD dwDataLen,
HCRYPTKEY hPubKey,
DWORD dwFlags,
HCRYPTKEY *phKey
);
WINADVAPI
BOOL
WINAPI
CryptEncrypt(
HCRYPTKEY hKey,
HCRYPTHASH hHash,
BOOL Final,
DWORD dwFlags,
BYTE *pbData,
DWORD *pdwDataLen,
DWORD dwBufLen
);
WINADVAPI
BOOL
WINAPI
CryptDecrypt(
HCRYPTKEY hKey,
HCRYPTHASH hHash,
BOOL Final,
DWORD dwFlags,
BYTE *pbData,
DWORD *pdwDataLen
);
WINADVAPI
BOOL
WINAPI
CryptCreateHash(
HCRYPTPROV hProv,
ALG_ID Algid,
HCRYPTKEY hKey,
DWORD dwFlags,
HCRYPTHASH *phHash
);
WINADVAPI
BOOL
WINAPI
CryptHashData(
HCRYPTHASH hHash,
CONST BYTE *pbData,
DWORD dwDataLen,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptHashSessionKey(
HCRYPTHASH hHash,
HCRYPTKEY hKey,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptDestroyHash(
HCRYPTHASH hHash
);
WINADVAPI
BOOL
WINAPI
CryptSignHashA(
HCRYPTHASH hHash,
DWORD dwKeySpec,
LPCSTR szDescription,
DWORD dwFlags,
BYTE *pbSignature,
DWORD *pdwSigLen
);
WINADVAPI
BOOL
WINAPI
CryptSignHashW(
HCRYPTHASH hHash,
DWORD dwKeySpec,
LPCWSTR szDescription,
DWORD dwFlags,
BYTE *pbSignature,
DWORD *pdwSigLen
);
#ifdef UNICODE
#define CryptSignHash CryptSignHashW
#else
#define CryptSignHash CryptSignHashA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptVerifySignatureA(
HCRYPTHASH hHash,
CONST BYTE *pbSignature,
DWORD dwSigLen,
HCRYPTKEY hPubKey,
LPCSTR szDescription,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptVerifySignatureW(
HCRYPTHASH hHash,
CONST BYTE *pbSignature,
DWORD dwSigLen,
HCRYPTKEY hPubKey,
LPCWSTR szDescription,
DWORD dwFlags
);
#ifdef UNICODE
#define CryptVerifySignature CryptVerifySignatureW
#else
#define CryptVerifySignature CryptVerifySignatureA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptSetProviderA(
LPCSTR pszProvName,
DWORD dwProvType
);
WINADVAPI
BOOL
WINAPI
CryptSetProviderW(
LPCWSTR pszProvName,
DWORD dwProvType
);
#ifdef UNICODE
#define CryptSetProvider CryptSetProviderW
#else
#define CryptSetProvider CryptSetProviderA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptSetProviderExA(
LPCSTR pszProvName,
DWORD dwProvType,
DWORD *pdwReserved,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptSetProviderExW(
LPCWSTR pszProvName,
DWORD dwProvType,
DWORD *pdwReserved,
DWORD dwFlags
);
#ifdef UNICODE
#define CryptSetProviderEx CryptSetProviderExW
#else
#define CryptSetProviderEx CryptSetProviderExA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptGetDefaultProviderA(
DWORD dwProvType,
DWORD *pdwReserved,
DWORD dwFlags,
LPSTR pszProvName,
DWORD *pcbProvName
);
WINADVAPI
BOOL
WINAPI
CryptGetDefaultProviderW(
DWORD dwProvType,
DWORD *pdwReserved,
DWORD dwFlags,
LPWSTR pszProvName,
DWORD *pcbProvName
);
#ifdef UNICODE
#define CryptGetDefaultProvider CryptGetDefaultProviderW
#else
#define CryptGetDefaultProvider CryptGetDefaultProviderA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptEnumProviderTypesA(
DWORD dwIndex,
DWORD *pdwReserved,
DWORD dwFlags,
DWORD *pdwProvType,
LPSTR szTypeName,
DWORD *pcbTypeName
);
WINADVAPI
BOOL
WINAPI
CryptEnumProviderTypesW(
DWORD dwIndex,
DWORD *pdwReserved,
DWORD dwFlags,
DWORD *pdwProvType,
LPWSTR szTypeName,
DWORD *pcbTypeName
);
#ifdef UNICODE
#define CryptEnumProviderTypes CryptEnumProviderTypesW
#else
#define CryptEnumProviderTypes CryptEnumProviderTypesA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptEnumProvidersA(
DWORD dwIndex,
DWORD *pdwReserved,
DWORD dwFlags,
DWORD *pdwProvType,
LPSTR szProvName,
DWORD *pcbProvName
);
WINADVAPI
BOOL
WINAPI
CryptEnumProvidersW(
DWORD dwIndex,
DWORD *pdwReserved,
DWORD dwFlags,
DWORD *pdwProvType,
LPWSTR szProvName,
DWORD *pcbProvName
);
#ifdef UNICODE
#define CryptEnumProviders CryptEnumProvidersW
#else
#define CryptEnumProviders CryptEnumProvidersA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptContextAddRef(
HCRYPTPROV hProv,
DWORD *pdwReserved,
DWORD dwFlags
);
WINADVAPI
BOOL
WINAPI
CryptDuplicateKey(
HCRYPTKEY hKey,
DWORD *pdwReserved,
DWORD dwFlags,
HCRYPTKEY *phKey
);
WINADVAPI
BOOL
WINAPI
CryptDuplicateHash(
HCRYPTHASH hHash,
DWORD *pdwReserved,
DWORD dwFlags,
HCRYPTHASH *phHash
);
typedef struct {
DWORD dwVersion;
ALG_ID algId;
DWORD dwMinKeyLength;
DWORD dwMaxKeyLength;
DWORD dwRequiredFlags;
DWORD dwDisallowedFlags;
} _CRYPT_KEY_LIMITS_V01;
typedef _CRYPT_KEY_LIMITS_V01 CRYPT_KEY_LIMITS, *PCRYPT_KEY_LIMITS;
// Request Flag definitions
#define CRYPTLIMIT_USING_PCT 0x0001
#define CRYPTLIMIT_USING_SGC 0x0002
WINADVAPI
BOOL
WINAPI
CryptGetLocalKeyLimits(
IN ALG_ID algId,
IN DWORD dwFlags,
OUT PCRYPT_KEY_LIMITS pLimits,
IN OUT LPDWORD cbLimitLength);
//+-------------------------------------------------------------------------
// In a CRYPT_BIT_BLOB the last byte may contain 0-7 unused bits. Therefore, the
// overall bit length is cbData * 8 - cUnusedBits.
//--------------------------------------------------------------------------
typedef struct _CRYPT_BIT_BLOB {
DWORD cbData;
BYTE *pbData;
DWORD cUnusedBits;
} CRYPT_BIT_BLOB, *PCRYPT_BIT_BLOB;
//+-------------------------------------------------------------------------
// Type used for any algorithm
//
// Where the Parameters CRYPT_OBJID_BLOB is in its encoded representation. For most
// algorithm types, the Parameters CRYPT_OBJID_BLOB is NULL (Parameters.cbData = 0).
//--------------------------------------------------------------------------
typedef struct _CRYPT_ALGORITHM_IDENTIFIER {
LPSTR pszObjId;
CRYPT_OBJID_BLOB Parameters;
} CRYPT_ALGORITHM_IDENTIFIER, *PCRYPT_ALGORITHM_IDENTIFIER;
// Following are the definitions of various algorithm object identifiers
// RSA
#define szOID_RSA "1.2.840.113549"
#define szOID_PKCS "1.2.840.113549.1"
#define szOID_RSA_HASH "1.2.840.113549.2"
#define szOID_RSA_ENCRYPT "1.2.840.113549.3"
#define szOID_PKCS_1 "1.2.840.113549.1.1"
#define szOID_PKCS_2 "1.2.840.113549.1.2"
#define szOID_PKCS_3 "1.2.840.113549.1.3"
#define szOID_PKCS_4 "1.2.840.113549.1.4"
#define szOID_PKCS_5 "1.2.840.113549.1.5"
#define szOID_PKCS_6 "1.2.840.113549.1.6"
#define szOID_PKCS_7 "1.2.840.113549.1.7"
#define szOID_PKCS_8 "1.2.840.113549.1.8"
#define szOID_PKCS_9 "1.2.840.113549.1.9"
#define szOID_PKCS_10 "1.2.840.113549.1.10"
#define szOID_PKCS_12 "1.2.840.113549.1.12"
#define szOID_RSA_RSA "1.2.840.113549.1.1.1"
#define szOID_RSA_MD2RSA "1.2.840.113549.1.1.2"
#define szOID_RSA_MD4RSA "1.2.840.113549.1.1.3"
#define szOID_RSA_MD5RSA "1.2.840.113549.1.1.4"
#define szOID_RSA_SHA1RSA "1.2.840.113549.1.1.5"
#define szOID_RSA_SETOAEP_RSA "1.2.840.113549.1.1.6"
#define szOID_RSA_DH "1.2.840.113549.1.3.1"
#define szOID_RSA_data "1.2.840.113549.1.7.1"
#define szOID_RSA_signedData "1.2.840.113549.1.7.2"
#define szOID_RSA_envelopedData "1.2.840.113549.1.7.3"
#define szOID_RSA_signEnvData "1.2.840.113549.1.7.4"
#define szOID_RSA_digestedData "1.2.840.113549.1.7.5"
#define szOID_RSA_hashedData "1.2.840.113549.1.7.5"
#define szOID_RSA_encryptedData "1.2.840.113549.1.7.6"
#define szOID_RSA_emailAddr "1.2.840.113549.1.9.1"
#define szOID_RSA_unstructName "1.2.840.113549.1.9.2"
#define szOID_RSA_contentType "1.2.840.113549.1.9.3"
#define szOID_RSA_messageDigest "1.2.840.113549.1.9.4"
#define szOID_RSA_signingTime "1.2.840.113549.1.9.5"
#define szOID_RSA_counterSign "1.2.840.113549.1.9.6"
#define szOID_RSA_challengePwd "1.2.840.113549.1.9.7"
#define szOID_RSA_unstructAddr "1.2.840.113549.1.9.8"
#define szOID_RSA_extCertAttrs "1.2.840.113549.1.9.9"
#define szOID_RSA_certExtensions "1.2.840.113549.1.9.14"
#define szOID_RSA_SMIMECapabilities "1.2.840.113549.1.9.15"
#define szOID_RSA_preferSignedData "1.2.840.113549.1.9.15.1"
#define szOID_RSA_SMIMEalg "1.2.840.113549.1.9.16.3"
#define szOID_RSA_SMIMEalgESDH "1.2.840.113549.1.9.16.3.5"
#define szOID_RSA_SMIMEalgCMS3DESwrap "1.2.840.113549.1.9.16.3.6"
#define szOID_RSA_SMIMEalgCMSRC2wrap "1.2.840.113549.1.9.16.3.7"
#define szOID_RSA_MD2 "1.2.840.113549.2.2"
#define szOID_RSA_MD4 "1.2.840.113549.2.4"
#define szOID_RSA_MD5 "1.2.840.113549.2.5"
#define szOID_RSA_RC2CBC "1.2.840.113549.3.2"
#define szOID_RSA_RC4 "1.2.840.113549.3.4"
#define szOID_RSA_DES_EDE3_CBC "1.2.840.113549.3.7"
#define szOID_RSA_RC5_CBCPad "1.2.840.113549.3.9"
#define szOID_ANSI_X942 "1.2.840.10046"
#define szOID_ANSI_X942_DH "1.2.840.10046.2.1"
#define szOID_X957 "1.2.840.10040"
#define szOID_X957_DSA "1.2.840.10040.4.1"
#define szOID_X957_SHA1DSA "1.2.840.10040.4.3"
// ITU-T UsefulDefinitions
#define szOID_DS "2.5"
#define szOID_DSALG "2.5.8"
#define szOID_DSALG_CRPT "2.5.8.1"
#define szOID_DSALG_HASH "2.5.8.2"
#define szOID_DSALG_SIGN "2.5.8.3"
#define szOID_DSALG_RSA "2.5.8.1.1"
// NIST OSE Implementors' Workshop (OIW)
// http://nemo.ncsl.nist.gov/oiw/agreements/stable/OSI/12s_9506.w51
// http://nemo.ncsl.nist.gov/oiw/agreements/working/OSI/12w_9503.w51
#define szOID_OIW "1.3.14"
// NIST OSE Implementors' Workshop (OIW) Security SIG algorithm identifiers
#define szOID_OIWSEC "1.3.14.3.2"
#define szOID_OIWSEC_md4RSA "1.3.14.3.2.2"
#define szOID_OIWSEC_md5RSA "1.3.14.3.2.3"
#define szOID_OIWSEC_md4RSA2 "1.3.14.3.2.4"
#define szOID_OIWSEC_desECB "1.3.14.3.2.6"
#define szOID_OIWSEC_desCBC "1.3.14.3.2.7"
#define szOID_OIWSEC_desOFB "1.3.14.3.2.8"
#define szOID_OIWSEC_desCFB "1.3.14.3.2.9"
#define szOID_OIWSEC_desMAC "1.3.14.3.2.10"
#define szOID_OIWSEC_rsaSign "1.3.14.3.2.11"
#define szOID_OIWSEC_dsa "1.3.14.3.2.12"
#define szOID_OIWSEC_shaDSA "1.3.14.3.2.13"
#define szOID_OIWSEC_mdc2RSA "1.3.14.3.2.14"
#define szOID_OIWSEC_shaRSA "1.3.14.3.2.15"
#define szOID_OIWSEC_dhCommMod "1.3.14.3.2.16"
#define szOID_OIWSEC_desEDE "1.3.14.3.2.17"
#define szOID_OIWSEC_sha "1.3.14.3.2.18"
#define szOID_OIWSEC_mdc2 "1.3.14.3.2.19"
#define szOID_OIWSEC_dsaComm "1.3.14.3.2.20"
#define szOID_OIWSEC_dsaCommSHA "1.3.14.3.2.21"
#define szOID_OIWSEC_rsaXchg "1.3.14.3.2.22"
#define szOID_OIWSEC_keyHashSeal "1.3.14.3.2.23"
#define szOID_OIWSEC_md2RSASign "1.3.14.3.2.24"
#define szOID_OIWSEC_md5RSASign "1.3.14.3.2.25"
#define szOID_OIWSEC_sha1 "1.3.14.3.2.26"
#define szOID_OIWSEC_dsaSHA1 "1.3.14.3.2.27"
#define szOID_OIWSEC_dsaCommSHA1 "1.3.14.3.2.28"
#define szOID_OIWSEC_sha1RSASign "1.3.14.3.2.29"
// NIST OSE Implementors' Workshop (OIW) Directory SIG algorithm identifiers
#define szOID_OIWDIR "1.3.14.7.2"
#define szOID_OIWDIR_CRPT "1.3.14.7.2.1"
#define szOID_OIWDIR_HASH "1.3.14.7.2.2"
#define szOID_OIWDIR_SIGN "1.3.14.7.2.3"
#define szOID_OIWDIR_md2 "1.3.14.7.2.2.1"
#define szOID_OIWDIR_md2RSA "1.3.14.7.2.3.1"
// INFOSEC Algorithms
// joint-iso-ccitt(2) country(16) us(840) organization(1) us-government(101) dod(2) id-infosec(1)
#define szOID_INFOSEC "2.16.840.1.101.2.1"
#define szOID_INFOSEC_sdnsSignature "2.16.840.1.101.2.1.1.1"
#define szOID_INFOSEC_mosaicSignature "2.16.840.1.101.2.1.1.2"
#define szOID_INFOSEC_sdnsConfidentiality "2.16.840.1.101.2.1.1.3"
#define szOID_INFOSEC_mosaicConfidentiality "2.16.840.1.101.2.1.1.4"
#define szOID_INFOSEC_sdnsIntegrity "2.16.840.1.101.2.1.1.5"
#define szOID_INFOSEC_mosaicIntegrity "2.16.840.1.101.2.1.1.6"
#define szOID_INFOSEC_sdnsTokenProtection "2.16.840.1.101.2.1.1.7"
#define szOID_INFOSEC_mosaicTokenProtection "2.16.840.1.101.2.1.1.8"
#define szOID_INFOSEC_sdnsKeyManagement "2.16.840.1.101.2.1.1.9"
#define szOID_INFOSEC_mosaicKeyManagement "2.16.840.1.101.2.1.1.10"
#define szOID_INFOSEC_sdnsKMandSig "2.16.840.1.101.2.1.1.11"
#define szOID_INFOSEC_mosaicKMandSig "2.16.840.1.101.2.1.1.12"
#define szOID_INFOSEC_SuiteASignature "2.16.840.1.101.2.1.1.13"
#define szOID_INFOSEC_SuiteAConfidentiality "2.16.840.1.101.2.1.1.14"
#define szOID_INFOSEC_SuiteAIntegrity "2.16.840.1.101.2.1.1.15"
#define szOID_INFOSEC_SuiteATokenProtection "2.16.840.1.101.2.1.1.16"
#define szOID_INFOSEC_SuiteAKeyManagement "2.16.840.1.101.2.1.1.17"
#define szOID_INFOSEC_SuiteAKMandSig "2.16.840.1.101.2.1.1.18"
#define szOID_INFOSEC_mosaicUpdatedSig "2.16.840.1.101.2.1.1.19"
#define szOID_INFOSEC_mosaicKMandUpdSig "2.16.840.1.101.2.1.1.20"
#define szOID_INFOSEC_mosaicUpdatedInteg "2.16.840.1.101.2.1.1.21"
typedef struct _CRYPT_OBJID_TABLE {
DWORD dwAlgId;
LPCSTR pszObjId;
} CRYPT_OBJID_TABLE, *PCRYPT_OBJID_TABLE;
//+-------------------------------------------------------------------------
// PKCS #1 HashInfo (DigestInfo)
//--------------------------------------------------------------------------
typedef struct _CRYPT_HASH_INFO {
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_HASH_BLOB Hash;
} CRYPT_HASH_INFO, *PCRYPT_HASH_INFO;
//+-------------------------------------------------------------------------
// Type used for an extension to an encoded content
//
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//--------------------------------------------------------------------------
typedef struct _CERT_EXTENSION {
LPSTR pszObjId;
BOOL fCritical;
CRYPT_OBJID_BLOB Value;
} CERT_EXTENSION, *PCERT_EXTENSION;
//+-------------------------------------------------------------------------
// AttributeTypeValue
//
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//--------------------------------------------------------------------------
typedef struct _CRYPT_ATTRIBUTE_TYPE_VALUE {
LPSTR pszObjId;
CRYPT_OBJID_BLOB Value;
} CRYPT_ATTRIBUTE_TYPE_VALUE, *PCRYPT_ATTRIBUTE_TYPE_VALUE;
//+-------------------------------------------------------------------------
// Attributes
//
// Where the Value's PATTR_BLOBs are in their encoded representation.
//--------------------------------------------------------------------------
typedef struct _CRYPT_ATTRIBUTE {
LPSTR pszObjId;
DWORD cValue;
PCRYPT_ATTR_BLOB rgValue;
} CRYPT_ATTRIBUTE, *PCRYPT_ATTRIBUTE;
typedef struct _CRYPT_ATTRIBUTES {
IN DWORD cAttr;
IN PCRYPT_ATTRIBUTE rgAttr;
} CRYPT_ATTRIBUTES, *PCRYPT_ATTRIBUTES;
//+-------------------------------------------------------------------------
// Attributes making up a Relative Distinguished Name (CERT_RDN)
//
// The interpretation of the Value depends on the dwValueType.
// See below for a list of the types.
//--------------------------------------------------------------------------
typedef struct _CERT_RDN_ATTR {
LPSTR pszObjId;
DWORD dwValueType;
CERT_RDN_VALUE_BLOB Value;
} CERT_RDN_ATTR, *PCERT_RDN_ATTR;
//+-------------------------------------------------------------------------
// CERT_RDN attribute Object Identifiers
//--------------------------------------------------------------------------
// Labeling attribute types:
#define szOID_COMMON_NAME "2.5.4.3" // case-ignore string
#define szOID_SUR_NAME "2.5.4.4" // case-ignore string
#define szOID_DEVICE_SERIAL_NUMBER "2.5.4.5" // printable string
// Geographic attribute types:
#define szOID_COUNTRY_NAME "2.5.4.6" // printable 2char string
#define szOID_LOCALITY_NAME "2.5.4.7" // case-ignore string
#define szOID_STATE_OR_PROVINCE_NAME "2.5.4.8" // case-ignore string
#define szOID_STREET_ADDRESS "2.5.4.9" // case-ignore string
// Organizational attribute types:
#define szOID_ORGANIZATION_NAME "2.5.4.10" // case-ignore string
#define szOID_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" // case-ignore string
#define szOID_TITLE "2.5.4.12" // case-ignore string
// Explanatory attribute types:
#define szOID_DESCRIPTION "2.5.4.13" // case-ignore string
#define szOID_SEARCH_GUIDE "2.5.4.14"
#define szOID_BUSINESS_CATEGORY "2.5.4.15" // case-ignore string
// Postal addressing attribute types:
#define szOID_POSTAL_ADDRESS "2.5.4.16"
#define szOID_POSTAL_CODE "2.5.4.17" // case-ignore string
#define szOID_POST_OFFICE_BOX "2.5.4.18" // case-ignore string
#define szOID_PHYSICAL_DELIVERY_OFFICE_NAME "2.5.4.19" // case-ignore string
// Telecommunications addressing attribute types:
#define szOID_TELEPHONE_NUMBER "2.5.4.20" // telephone number
#define szOID_TELEX_NUMBER "2.5.4.21"
#define szOID_TELETEXT_TERMINAL_IDENTIFIER "2.5.4.22"
#define szOID_FACSIMILE_TELEPHONE_NUMBER "2.5.4.23"
#define szOID_X21_ADDRESS "2.5.4.24" // numeric string
#define szOID_INTERNATIONAL_ISDN_NUMBER "2.5.4.25" // numeric string
#define szOID_REGISTERED_ADDRESS "2.5.4.26"
#define szOID_DESTINATION_INDICATOR "2.5.4.27" // printable string
// Preference attribute types:
#define szOID_PREFERRED_DELIVERY_METHOD "2.5.4.28"
// OSI application attribute types:
#define szOID_PRESENTATION_ADDRESS "2.5.4.29"
#define szOID_SUPPORTED_APPLICATION_CONTEXT "2.5.4.30"
// Relational application attribute types:
#define szOID_MEMBER "2.5.4.31"
#define szOID_OWNER "2.5.4.32"
#define szOID_ROLE_OCCUPANT "2.5.4.33"
#define szOID_SEE_ALSO "2.5.4.34"
// Security attribute types:
#define szOID_USER_PASSWORD "2.5.4.35"
#define szOID_USER_CERTIFICATE "2.5.4.36"
#define szOID_CA_CERTIFICATE "2.5.4.37"
#define szOID_AUTHORITY_REVOCATION_LIST "2.5.4.38"
#define szOID_CERTIFICATE_REVOCATION_LIST "2.5.4.39"
#define szOID_CROSS_CERTIFICATE_PAIR "2.5.4.40"
// Undocumented attribute types???
//#define szOID_??? "2.5.4.41"
#define szOID_GIVEN_NAME "2.5.4.42" // case-ignore string
#define szOID_INITIALS "2.5.4.43" // case-ignore string
// The DN Qualifier attribute type specifies disambiguating information to add
// to the relative distinguished name of an entry. It is intended to be used
// for entries held in multiple DSAs which would otherwise have the same name,
// and that its value be the same in a given DSA for all entries to which
// the information has been added.
#define szOID_DN_QUALIFIER "2.5.4.46"
// Pilot user attribute types:
#define szOID_DOMAIN_COMPONENT "0.9.2342.19200300.100.1.25" // IA5, UTF8 string
// used for PKCS 12 attributes
#define szOID_PKCS_12_FRIENDLY_NAME_ATTR "1.2.840.113549.1.9.20"
#define szOID_PKCS_12_LOCAL_KEY_ID "1.2.840.113549.1.9.21"
#define szOID_PKCS_12_KEY_PROVIDER_NAME_ATTR "1.3.6.1.4.1.311.17.1"
#define szOID_LOCAL_MACHINE_KEYSET "1.3.6.1.4.1.311.17.2"
//+-------------------------------------------------------------------------
// Microsoft CERT_RDN attribute Object Identifiers
//--------------------------------------------------------------------------
// Special RDN containing the KEY_ID. Its value type is CERT_RDN_OCTET_STRING.
#define szOID_KEYID_RDN "1.3.6.1.4.1.311.10.7.1"
//+-------------------------------------------------------------------------
// CERT_RDN Attribute Value Types
//
// For RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded
// representation. Otherwise, its an array of bytes.
//
// For all CERT_RDN types, Value.cbData is always the number of bytes, not
// necessarily the number of elements in the string. For instance,
// RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and
// RDN_BMP_STRING is an array of unsigned shorts (cbData == ushortCnt * 2).
//
// A RDN_UTF8_STRING is an array of UNICODE characters (cbData == charCnt *2).
// These UNICODE characters are encoded as UTF8 8 bit characters.
//
// For CertDecodeName, two 0 bytes are always appended to the end of the
// string (ensures a CHAR or WCHAR string is null terminated).
// These added 0 bytes are't included in the BLOB.cbData.
//--------------------------------------------------------------------------
#define CERT_RDN_ANY_TYPE 0
#define CERT_RDN_ENCODED_BLOB 1
#define CERT_RDN_OCTET_STRING 2
#define CERT_RDN_NUMERIC_STRING 3
#define CERT_RDN_PRINTABLE_STRING 4
#define CERT_RDN_TELETEX_STRING 5
#define CERT_RDN_T61_STRING 5
#define CERT_RDN_VIDEOTEX_STRING 6
#define CERT_RDN_IA5_STRING 7
#define CERT_RDN_GRAPHIC_STRING 8
#define CERT_RDN_VISIBLE_STRING 9
#define CERT_RDN_ISO646_STRING 9
#define CERT_RDN_GENERAL_STRING 10
#define CERT_RDN_UNIVERSAL_STRING 11
#define CERT_RDN_INT4_STRING 11
#define CERT_RDN_BMP_STRING 12
#define CERT_RDN_UNICODE_STRING 12
#define CERT_RDN_UTF8_STRING 13
#define CERT_RDN_TYPE_MASK 0x000000FF
#define CERT_RDN_FLAGS_MASK 0xFF000000
//+-------------------------------------------------------------------------
// Flags that can be or'ed with the above Value Type when encoding/decoding
//--------------------------------------------------------------------------
// For encoding: when set, CERT_RDN_T61_STRING is selected instead of
// CERT_RDN_UNICODE_STRING if all the unicode characters are <= 0xFF
#define CERT_RDN_ENABLE_T61_UNICODE_FLAG 0x80000000
// For encoding: when set, CERT_RDN_UTF8_STRING is selected instead of
// CERT_RDN_UNICODE_STRING.
#define CERT_RDN_ENABLE_UTF8_UNICODE_FLAG 0x20000000
// For encoding: when set, the characters aren't checked to see if they
// are valid for the Value Type.
#define CERT_RDN_DISABLE_CHECK_TYPE_FLAG 0x40000000
// For decoding: by default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Setting this flag skips the initial attempt to decode as UTF8.
#define CERT_RDN_DISABLE_IE4_UTF8_FLAG 0x01000000
// Macro to check that the dwValueType is a character string and not an
// encoded blob or octet string
#define IS_CERT_RDN_CHAR_STRING(X)
(((X) & CERT_RDN_TYPE_MASK) >= CERT_RDN_NUMERIC_STRING)
//+-------------------------------------------------------------------------
// A CERT_RDN consists of an array of the above attributes
//--------------------------------------------------------------------------
typedef struct _CERT_RDN {
DWORD cRDNAttr;
PCERT_RDN_ATTR rgRDNAttr;
} CERT_RDN, *PCERT_RDN;
//+-------------------------------------------------------------------------
// Information stored in a subject's or issuer's name. The information
// is represented as an array of the above RDNs.
//--------------------------------------------------------------------------
typedef struct _CERT_NAME_INFO {
DWORD cRDN;
PCERT_RDN rgRDN;
} CERT_NAME_INFO, *PCERT_NAME_INFO;
//+-------------------------------------------------------------------------
// Name attribute value without the Object Identifier
//
// The interpretation of the Value depends on the dwValueType.
// See above for a list of the types.
//--------------------------------------------------------------------------
typedef struct _CERT_NAME_VALUE {
DWORD dwValueType;
CERT_RDN_VALUE_BLOB Value;
} CERT_NAME_VALUE, *PCERT_NAME_VALUE;
//+-------------------------------------------------------------------------
// Public Key Info
//
// The PublicKey is the encoded representation of the information as it is
// stored in the bit string
//--------------------------------------------------------------------------
typedef struct _CERT_PUBLIC_KEY_INFO {
CRYPT_ALGORITHM_IDENTIFIER Algorithm;
CRYPT_BIT_BLOB PublicKey;
} CERT_PUBLIC_KEY_INFO, *PCERT_PUBLIC_KEY_INFO;
#define CERT_RSA_PUBLIC_KEY_OBJID szOID_RSA_RSA
#define CERT_DEFAULT_OID_PUBLIC_KEY_SIGN szOID_RSA_RSA
#define CERT_DEFAULT_OID_PUBLIC_KEY_XCHG szOID_RSA_RSA
//+-------------------------------------------------------------------------
// structure that contains all the information in a PKCS#8 PrivateKeyInfo
//--------------------------------------------------------------------------
typedef struct _CRYPT_PRIVATE_KEY_INFO{
DWORD Version;
CRYPT_ALGORITHM_IDENTIFIER Algorithm;
CRYPT_DER_BLOB PrivateKey;
PCRYPT_ATTRIBUTES pAttributes;
} CRYPT_PRIVATE_KEY_INFO, *PCRYPT_PRIVATE_KEY_INFO;
//+-------------------------------------------------------------------------
// structure that contains all the information in a PKCS#8
// EncryptedPrivateKeyInfo
//--------------------------------------------------------------------------
typedef struct _CRYPT_ENCRYPTED_PRIVATE_KEY_INFO{
CRYPT_ALGORITHM_IDENTIFIER EncryptionAlgorithm;
CRYPT_DATA_BLOB EncryptedPrivateKey;
} CRYPT_ENCRYPTED_PRIVATE_KEY_INFO, *PCRYPT_ENCRYPTED_PRIVATE_KEY_INFO;
//+-------------------------------------------------------------------------
// this callback is given when an EncryptedProvateKeyInfo structure is
// encountered during ImportPKCS8. the caller is then expected to decrypt
// the private key and hand back the decrypted contents.
//
// the parameters are:
// Algorithm - the algorithm used to encrypt the PrivateKeyInfo
// EncryptedPrivateKey - the encrypted private key blob
// pClearTextKey - a buffer to receive the clear text
// cbClearTextKey - the number of bytes of the pClearTextKey buffer
// note the if this is zero then this should be
// filled in with the size required to decrypt the
// key into, and pClearTextKey should be ignored
// pVoidDecryptFunc - this is the pVoid that was passed into the call
// and is preserved and passed back as context
//+-------------------------------------------------------------------------
typedef BOOL (CALLBACK *PCRYPT_DECRYPT_PRIVATE_KEY_FUNC)(
CRYPT_ALGORITHM_IDENTIFIER Algorithm,
CRYPT_DATA_BLOB EncryptedPrivateKey,
BYTE *pbClearTextKey,
DWORD *pcbClearTextKey,
LPVOID pVoidDecryptFunc);
//+-------------------------------------------------------------------------
// this callback is given when creating a PKCS8 EncryptedPrivateKeyInfo.
// The caller is then expected to encrypt the private key and hand back
// the encrypted contents.
//
// the parameters are:
// Algorithm - the algorithm used to encrypt the PrivateKeyInfo
// pClearTextPrivateKey - the cleartext private key to be encrypted
// pbEncryptedKey - the output encrypted private key blob
// cbEncryptedKey - the number of bytes of the pbEncryptedKey buffer
// note the if this is zero then this should be
// filled in with the size required to encrypt the
// key into, and pbEncryptedKey should be ignored
// pVoidEncryptFunc - this is the pVoid that was passed into the call
// and is preserved and passed back as context
//+-------------------------------------------------------------------------
typedef BOOL (CALLBACK *PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC)(
CRYPT_ALGORITHM_IDENTIFIER* pAlgorithm,
CRYPT_DATA_BLOB* pClearTextPrivateKey,
BYTE *pbEncryptedKey,
DWORD *pcbEncryptedKey,
LPVOID pVoidEncryptFunc);
//+-------------------------------------------------------------------------
// this callback is given from the context of a ImportPKCS8 calls. the caller
// is then expected to hand back an HCRYPTPROV to receive the key being imported
//
// the parameters are:
// pPrivateKeyInfo - pointer to a CRYPT_PRIVATE_KEY_INFO structure which
// describes the key being imported
// EncryptedPrivateKey - the encrypted private key blob
// phCryptProv - a pointer to a HCRRYPTPROV to be filled in
// pVoidResolveFunc - this is the pVoidResolveFunc passed in by the caller in the
// CRYPT_PRIVATE_KEY_BLOB_AND_PARAMS struct
//+-------------------------------------------------------------------------
typedef BOOL (CALLBACK *PCRYPT_RESOLVE_HCRYPTPROV_FUNC)(
CRYPT_PRIVATE_KEY_INFO *pPrivateKeyInfo,
HCRYPTPROV *phCryptProv,
LPVOID pVoidResolveFunc);
//+-------------------------------------------------------------------------
// this struct contains a PKCS8 private key and two pointers to callback
// functions, with a corresponding pVoids. the first callback is used to give
// the caller the opportunity to specify where the key is imported to. the callback
// passes the caller the algoroithm OID and key size to use in making the decision.
// the other callback is used to decrypt the private key if the PKCS8 contains an
// EncryptedPrivateKeyInfo. both pVoids are preserved and passed back to the caller
// in the respective callback
//+-------------------------------------------------------------------------
typedef struct _CRYPT_PKCS8_IMPORT_PARAMS{
CRYPT_DIGEST_BLOB PrivateKey; // PKCS8 blob
PCRYPT_RESOLVE_HCRYPTPROV_FUNC pResolvehCryptProvFunc; // optional
LPVOID pVoidResolveFunc; // optional
PCRYPT_DECRYPT_PRIVATE_KEY_FUNC pDecryptPrivateKeyFunc;
LPVOID pVoidDecryptFunc;
} CRYPT_PKCS8_IMPORT_PARAMS, *PCRYPT_PKCS8_IMPORT_PARAMS, CRYPT_PRIVATE_KEY_BLOB_AND_PARAMS, *PCRYPT_PRIVATE_KEY_BLOB_AND_PARAMS;
//+-------------------------------------------------------------------------
// this struct contains information identifying a private key and a pointer
// to a callback function, with a corresponding pVoid. The callback is used
// to encrypt the private key. If the pEncryptPrivateKeyFunc is NULL, the
// key will not be encrypted and an EncryptedPrivateKeyInfo will not be generated.
// The pVoid is preserved and passed back to the caller in the respective callback
//+-------------------------------------------------------------------------
typedef struct _CRYPT_PKCS8_EXPORT_PARAMS{
HCRYPTPROV hCryptProv;
DWORD dwKeySpec;
LPSTR pszPrivateKeyObjId;
PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC pEncryptPrivateKeyFunc;
LPVOID pVoidEncryptFunc;
} CRYPT_PKCS8_EXPORT_PARAMS, *PCRYPT_PKCS8_EXPORT_PARAMS;
//+-------------------------------------------------------------------------
// Information stored in a certificate
//
// The Issuer, Subject, Algorithm, PublicKey and Extension BLOBs are the
// encoded representation of the information.
//--------------------------------------------------------------------------
typedef struct _CERT_INFO {
DWORD dwVersion;
CRYPT_INTEGER_BLOB SerialNumber;
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CERT_NAME_BLOB Issuer;
FILETIME NotBefore;
FILETIME NotAfter;
CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
CRYPT_BIT_BLOB IssuerUniqueId;
CRYPT_BIT_BLOB SubjectUniqueId;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CERT_INFO, *PCERT_INFO;
//+-------------------------------------------------------------------------
// Certificate versions
//--------------------------------------------------------------------------
#define CERT_V1 0
#define CERT_V2 1
#define CERT_V3 2
//+-------------------------------------------------------------------------
// Certificate Information Flags
//--------------------------------------------------------------------------
#define CERT_INFO_VERSION_FLAG 1
#define CERT_INFO_SERIAL_NUMBER_FLAG 2
#define CERT_INFO_SIGNATURE_ALGORITHM_FLAG 3
#define CERT_INFO_ISSUER_FLAG 4
#define CERT_INFO_NOT_BEFORE_FLAG 5
#define CERT_INFO_NOT_AFTER_FLAG 6
#define CERT_INFO_SUBJECT_FLAG 7
#define CERT_INFO_SUBJECT_PUBLIC_KEY_INFO_FLAG 8
#define CERT_INFO_ISSUER_UNIQUE_ID_FLAG 9
#define CERT_INFO_SUBJECT_UNIQUE_ID_FLAG 10
#define CERT_INFO_EXTENSION_FLAG 11
//+-------------------------------------------------------------------------
// An entry in a CRL
//
// The Extension BLOBs are the encoded representation of the information.
//--------------------------------------------------------------------------
typedef struct _CRL_ENTRY {
CRYPT_INTEGER_BLOB SerialNumber;
FILETIME RevocationDate;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CRL_ENTRY, *PCRL_ENTRY;
//+-------------------------------------------------------------------------
// Information stored in a CRL
//
// The Issuer, Algorithm and Extension BLOBs are the encoded
// representation of the information.
//--------------------------------------------------------------------------
typedef struct _CRL_INFO {
DWORD dwVersion;
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CERT_NAME_BLOB Issuer;
FILETIME ThisUpdate;
FILETIME NextUpdate;
DWORD cCRLEntry;
PCRL_ENTRY rgCRLEntry;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CRL_INFO, *PCRL_INFO;
//+-------------------------------------------------------------------------
// CRL versions
//--------------------------------------------------------------------------
#define CRL_V1 0
#define CRL_V2 1
//+-------------------------------------------------------------------------
// Information stored in a certificate request
//
// The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded
// representation of the information.
//--------------------------------------------------------------------------
typedef struct _CERT_REQUEST_INFO {
DWORD dwVersion;
CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
DWORD cAttribute;
PCRYPT_ATTRIBUTE rgAttribute;
} CERT_REQUEST_INFO, *PCERT_REQUEST_INFO;
//+-------------------------------------------------------------------------
// Certificate Request versions
//--------------------------------------------------------------------------
#define CERT_REQUEST_V1 0
//+-------------------------------------------------------------------------
// Information stored in Netscape's Keygen request
//--------------------------------------------------------------------------
typedef struct _CERT_KEYGEN_REQUEST_INFO {
DWORD dwVersion;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
LPWSTR pwszChallengeString; // encoded as IA5
} CERT_KEYGEN_REQUEST_INFO, *PCERT_KEYGEN_REQUEST_INFO;
#define CERT_KEYGEN_REQUEST_V1 0
//+-------------------------------------------------------------------------
// Certificate, CRL, Certificate Request or Keygen Request Signed Content
//
// The "to be signed" encoded content plus its signature. The ToBeSigned
// is the encoded CERT_INFO, CRL_INFO, CERT_REQUEST_INFO or
// CERT_KEYGEN_REQUEST_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_SIGNED_CONTENT_INFO {
CRYPT_DER_BLOB ToBeSigned;
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CRYPT_BIT_BLOB Signature;
} CERT_SIGNED_CONTENT_INFO, *PCERT_SIGNED_CONTENT_INFO;
//+-------------------------------------------------------------------------
// Certificate Trust List (CTL)
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CTL Usage. Also used for EnhancedKeyUsage extension.
//--------------------------------------------------------------------------
typedef struct _CTL_USAGE {
DWORD cUsageIdentifier;
LPSTR *rgpszUsageIdentifier; // array of pszObjId
} CTL_USAGE, *PCTL_USAGE,
CERT_ENHKEY_USAGE, *PCERT_ENHKEY_USAGE;
//+-------------------------------------------------------------------------
// An entry in a CTL
//--------------------------------------------------------------------------
typedef struct _CTL_ENTRY {
CRYPT_DATA_BLOB SubjectIdentifier; // For example, its hash
DWORD cAttribute;
PCRYPT_ATTRIBUTE rgAttribute; // OPTIONAL
} CTL_ENTRY, *PCTL_ENTRY;
//+-------------------------------------------------------------------------
// Information stored in a CTL
//--------------------------------------------------------------------------
typedef struct _CTL_INFO {
DWORD dwVersion;
CTL_USAGE SubjectUsage;
CRYPT_DATA_BLOB ListIdentifier; // OPTIONAL
CRYPT_INTEGER_BLOB SequenceNumber; // OPTIONAL
FILETIME ThisUpdate;
FILETIME NextUpdate; // OPTIONAL
CRYPT_ALGORITHM_IDENTIFIER SubjectAlgorithm;
DWORD cCTLEntry;
PCTL_ENTRY rgCTLEntry; // OPTIONAL
DWORD cExtension;
PCERT_EXTENSION rgExtension; // OPTIONAL
} CTL_INFO, *PCTL_INFO;
//+-------------------------------------------------------------------------
// CTL versions
//--------------------------------------------------------------------------
#define CTL_V1 0
//+-------------------------------------------------------------------------
// TimeStamp Request
//
// The pszTimeStamp is the OID for the Time type requested
// The pszContentType is the Content Type OID for the content, usually DATA
// The Content is a un-decoded blob
//--------------------------------------------------------------------------
typedef struct _CRYPT_TIME_STAMP_REQUEST_INFO {
LPSTR pszTimeStampAlgorithm; // pszObjId
LPSTR pszContentType; // pszObjId
CRYPT_OBJID_BLOB Content;
DWORD cAttribute;
PCRYPT_ATTRIBUTE rgAttribute;
} CRYPT_TIME_STAMP_REQUEST_INFO, *PCRYPT_TIME_STAMP_REQUEST_INFO;
//+-------------------------------------------------------------------------
// Name Value Attribute
//--------------------------------------------------------------------------
typedef struct _CRYPT_ENROLLMENT_NAME_VALUE_PAIR {
LPWSTR pwszName;
LPWSTR pwszValue;
} CRYPT_ENROLLMENT_NAME_VALUE_PAIR, * PCRYPT_ENROLLMENT_NAME_VALUE_PAIR;
//+-------------------------------------------------------------------------
// CSP Provider
//--------------------------------------------------------------------------
typedef struct _CRYPT_CSP_PROVIDER {
DWORD dwKeySpec;
LPWSTR pwszProviderName;
CRYPT_BIT_BLOB Signature;
} CRYPT_CSP_PROVIDER, * PCRYPT_CSP_PROVIDER;
//+-------------------------------------------------------------------------
// Certificate and Message encoding types
//
// The encoding type is a DWORD containing both the certificate and message
// encoding types. The certificate encoding type is stored in the LOWORD.
// The message encoding type is stored in the HIWORD. Some functions or
// structure fields require only one of the encoding types. The following
// naming convention is used to indicate which encoding type(s) are
// required:
// dwEncodingType (both encoding types are required)
// dwMsgAndCertEncodingType (both encoding types are required)
// dwMsgEncodingType (only msg encoding type is required)
// dwCertEncodingType (only cert encoding type is required)
//
// Its always acceptable to specify both.
//--------------------------------------------------------------------------
#define CERT_ENCODING_TYPE_MASK 0x0000FFFF
#define CMSG_ENCODING_TYPE_MASK 0xFFFF0000
#define GET_CERT_ENCODING_TYPE(X) (X & CERT_ENCODING_TYPE_MASK)
#define GET_CMSG_ENCODING_TYPE(X) (X & CMSG_ENCODING_TYPE_MASK)
#define CRYPT_ASN_ENCODING 0x00000001
#define CRYPT_NDR_ENCODING 0x00000002
#define X509_ASN_ENCODING 0x00000001
#define X509_NDR_ENCODING 0x00000002
#define PKCS_7_ASN_ENCODING 0x00010000
#define PKCS_7_NDR_ENCODING 0x00020000
//+-------------------------------------------------------------------------
// format the specified data structure according to the certificate
// encoding type.
//
// The default behavior of CryptFormatObject is to return single line
// display of the encoded data, that is, each subfield will be concatenated with
// a ", " on one line. If user prefers to display the data in multiple line,
// set the flag CRYPT_FORMAT_STR_MULTI_LINE, that is, each subfield will be displayed
// on a seperate line.
//
// If there is no formatting routine installed or registered
// for the lpszStructType, the hex dump of the encoded BLOB will be returned.
// User can set the flag CRYPT_FORMAT_STR_NO_HEX to disable the hex dump.
//--------------------------------------------------------------------------
WINCRYPT32API
BOOL
WINAPI
CryptFormatObject(
IN DWORD dwCertEncodingType,
IN DWORD dwFormatType,
IN DWORD dwFormatStrType,
IN void *pFormatStruct,
IN LPCSTR lpszStructType,
IN const BYTE *pbEncoded,
IN DWORD cbEncoded,
OUT void *pbFormat,
IN OUT DWORD *pcbFormat
);
//-------------------------------------------------------------------------
// constants for dwFormatStrType of function CryptFormatObject
//-------------------------------------------------------------------------
#define CRYPT_FORMAT_STR_MULTI_LINE 0x0001
#define CRYPT_FORMAT_STR_NO_HEX 0x0010
//-------------------------------------------------------------------------
// constants for dwFormatType of function CryptFormatObject
// when format X509_NAME or X509_UNICODE_NAME
//-------------------------------------------------------------------------
// Just get the simple string
#define CRYPT_FORMAT_SIMPLE 0x0001
//Put an attribute name infront of the attribute
//such as "O=Microsoft,DN=xiaohs"
#define CRYPT_FORMAT_X509 0x0002
//Put an OID infront of the simple string, such as
//"2.5.4.22=Microsoft,2.5.4.3=xiaohs"
#define CRYPT_FORMAT_OID 0x0004
//Put a ";" between each RDN. The default is ","
#define CRYPT_FORMAT_RDN_SEMICOLON 0x0100
//Put a "n" between each RDN.
#define CRYPT_FORMAT_RDN_CRLF 0x0200
//Unquote the DN value, which is quoated by default va the following
//rules: if the DN contains leading or trailing
//white space or one of the following characters: ",", "+", "=",
//""", "n", "<", ">", "#" or ";". The quoting character is ".
//If the DN Value contains a " it is double quoted ("").
#define CRYPT_FORMAT_RDN_UNQUOTE 0x0400
//reverse the order of the RDNs before converting to the string
#define CRYPT_FORMAT_RDN_REVERSE 0x0800
//-------------------------------------------------------------------------
// contants dwFormatType of function CryptFormatObject when format a DN.:
//
// The following three values are defined in the section above:
// CRYPT_FORMAT_SIMPLE: Just a simple string
// such as "Microsoft+xiaohs+NT"
// CRYPT_FORMAT_X509 Put an attribute name infront of the attribute
// such as "O=Microsoft+xiaohs+NT"
//
// CRYPT_FORMAT_OID Put an OID infront of the simple string,
// such as "2.5.4.22=Microsoft+xiaohs+NT"
//
// Additional values are defined as following:
//----------------------------------------------------------------------------
//Put a "," between each value. Default is "+"
#define CRYPT_FORMAT_COMMA 0x1000
//Put a ";" between each value
#define CRYPT_FORMAT_SEMICOLON CRYPT_FORMAT_RDN_SEMICOLON
//Put a "n" between each value
#define CRYPT_FORMAT_CRLF CRYPT_FORMAT_RDN_CRLF
//+-------------------------------------------------------------------------
// Encode / decode the specified data structure according to the certificate
// encoding type.
//
// See below for a list of the predefined data structures.
//--------------------------------------------------------------------------
typedef LPVOID (WINAPI *PFN_CRYPT_ALLOC)(
IN size_t cbSize
);
typedef VOID (WINAPI *PFN_CRYPT_FREE)(
IN LPVOID pv
);
typedef struct _CRYPT_ENCODE_PARA {
DWORD cbSize;
PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL
PFN_CRYPT_FREE pfnFree; // OPTIONAL
} CRYPT_ENCODE_PARA, *PCRYPT_ENCODE_PARA;
WINCRYPT32API
BOOL
WINAPI
CryptEncodeObjectEx(
IN DWORD dwCertEncodingType,
IN LPCSTR lpszStructType,
IN const void *pvStructInfo,
IN DWORD dwFlags,
IN OPTIONAL PCRYPT_ENCODE_PARA pEncodePara,
OUT void *pvEncoded,
IN OUT DWORD *pcbEncoded
);
WINCRYPT32API
BOOL
WINAPI
CryptEncodeObject(
IN DWORD dwCertEncodingType,
IN LPCSTR lpszStructType,
IN const void *pvStructInfo,
OUT BYTE *pbEncoded,
IN OUT DWORD *pcbEncoded
);
// By default the signature bytes are reversed. The following flag can
// be set to inhibit the byte reversal.
//
// This flag is applicable to
// X509_CERT_TO_BE_SIGNED
#define CRYPT_ENCODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG 0x8
// When the following flag is set the called encode function allocates
// memory for the encoded bytes. A pointer to the allocated bytes
// is returned in pvEncoded. If pEncodePara or pEncodePara->pfnAlloc is
// NULL, then, LocalAlloc is called for the allocation and LocalFree must
// be called to do the free. Otherwise, pEncodePara->pfnAlloc is called
// for the allocation.
//
// *pcbEncoded is ignored on input and updated with the length of the
// allocated, encoded bytes.
//
// If pfnAlloc is set, then, pfnFree should also be set.
#define CRYPT_ENCODE_ALLOC_FLAG 0x8000
// The following flag is applicable when encoding X509_UNICODE_NAME.
// When set, CERT_RDN_T61_STRING is selected instead of
// CERT_RDN_UNICODE_STRING if all the unicode characters are <= 0xFF
#define CRYPT_UNICODE_NAME_ENCODE_ENABLE_T61_UNICODE_FLAG
CERT_RDN_ENABLE_T61_UNICODE_FLAG
// The following flag is applicable when encoding X509_UNICODE_NAME.
// When set, CERT_RDN_UTF8_STRING is selected instead of
// CERT_RDN_UNICODE_STRING.
#define CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG
CERT_RDN_ENABLE_UTF8_UNICODE_FLAG
// The following flag is applicable when encoding X509_UNICODE_NAME,
// X509_UNICODE_NAME_VALUE or X509_UNICODE_ANY_STRING.
// When set, the characters aren't checked to see if they
// are valid for the specified Value Type.
#define CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG
CERT_RDN_DISABLE_CHECK_TYPE_FLAG
// The following flag is applicable when encoding the PKCS_SORTED_CTL. This
// flag should be set if the identifier for the TrustedSubjects is a hash,
// such as, MD5 or SHA1.
#define CRYPT_SORTED_CTL_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG 0x10000
typedef struct _CRYPT_DECODE_PARA {
DWORD cbSize;
PFN_CRYPT_ALLOC pfnAlloc; // OPTIONAL
PFN_CRYPT_FREE pfnFree; // OPTIONAL
} CRYPT_DECODE_PARA, *PCRYPT_DECODE_PARA;
WINCRYPT32API
BOOL
WINAPI
CryptDecodeObjectEx(
IN DWORD dwCertEncodingType,
IN LPCSTR lpszStructType,
IN const BYTE *pbEncoded,
IN DWORD cbEncoded,
IN DWORD dwFlags,
IN OPTIONAL PCRYPT_DECODE_PARA pDecodePara,
OUT OPTIONAL void *pvStructInfo,
IN OUT DWORD *pcbStructInfo
);
WINCRYPT32API
BOOL
WINAPI
CryptDecodeObject(
IN DWORD dwCertEncodingType,
IN LPCSTR lpszStructType,
IN const BYTE *pbEncoded,
IN DWORD cbEncoded,
IN DWORD dwFlags,
OUT void *pvStructInfo,
IN OUT DWORD *pcbStructInfo
);
// When the following flag is set the nocopy optimization is enabled.
// This optimization where appropriate, updates the pvStructInfo fields
// to point to content residing within pbEncoded instead of making a copy
// of and appending to pvStructInfo.
//
// Note, when set, pbEncoded can't be freed until pvStructInfo is freed.
#define CRYPT_DECODE_NOCOPY_FLAG 0x1
// For CryptDecodeObject(), by default the pbEncoded is the "to be signed"
// plus its signature. Set the following flag, if pbEncoded points to only
// the "to be signed".
//
// This flag is applicable to
// X509_CERT_TO_BE_SIGNED
// X509_CERT_CRL_TO_BE_SIGNED
// X509_CERT_REQUEST_TO_BE_SIGNED
// X509_KEYGEN_REQUEST_TO_BE_SIGNED
#define CRYPT_DECODE_TO_BE_SIGNED_FLAG 0x2
// When the following flag is set, the OID strings are allocated in
// crypt32.dll and shared instead of being copied into the returned
// data structure. This flag may be set if crypt32.dll isn't unloaded
// before the caller is unloaded.
#define CRYPT_DECODE_SHARE_OID_STRING_FLAG 0x4
// By default the signature bytes are reversed. The following flag can
// be set to inhibit the byte reversal.
//
// This flag is applicable to
// X509_CERT_TO_BE_SIGNED
#define CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG 0x8
// When the following flag is set the called decode function allocates
// memory for the decoded structure. A pointer to the allocated structure
// is returned in pvStructInfo. If pDecodePara or pDecodePara->pfnAlloc is
// NULL, then, LocalAlloc is called for the allocation and LocalFree must
// be called to do the free. Otherwise, pDecodePara->pfnAlloc is called
// for the allocation.
//
// *pcbStructInfo is ignored on input and updated with the length of the
// allocated, decoded structure.
//
// This flag may also be set in the CryptDecodeObject API. Since
// CryptDecodeObject doesn't take a pDecodePara, LocalAlloc is always
// called for the allocation which must be freed by calling LocalFree.
#define CRYPT_DECODE_ALLOC_FLAG 0x8000
// The following flag is applicable when decoding X509_UNICODE_NAME,
// X509_UNICODE_NAME_VALUE or X509_UNICODE_ANY_STRING.
// By default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Setting this flag skips the initial attempt to decode as UTF8.
#define CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG
CERT_RDN_DISABLE_IE4_UTF8_FLAG
//+-------------------------------------------------------------------------
// Predefined X509 certificate data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
#define CRYPT_ENCODE_DECODE_NONE 0
#define X509_CERT ((LPCSTR) 1)
#define X509_CERT_TO_BE_SIGNED ((LPCSTR) 2)
#define X509_CERT_CRL_TO_BE_SIGNED ((LPCSTR) 3)
#define X509_CERT_REQUEST_TO_BE_SIGNED ((LPCSTR) 4)
#define X509_EXTENSIONS ((LPCSTR) 5)
#define X509_NAME_VALUE ((LPCSTR) 6)
#define X509_NAME ((LPCSTR) 7)
#define X509_PUBLIC_KEY_INFO ((LPCSTR) 8)
//+-------------------------------------------------------------------------
// Predefined X509 certificate extension data structures that can be
// encoded / decoded.
//--------------------------------------------------------------------------
#define X509_AUTHORITY_KEY_ID ((LPCSTR) 9)
#define X509_KEY_ATTRIBUTES ((LPCSTR) 10)
#define X509_KEY_USAGE_RESTRICTION ((LPCSTR) 11)
#define X509_ALTERNATE_NAME ((LPCSTR) 12)
#define X509_BASIC_CONSTRAINTS ((LPCSTR) 13)
#define X509_KEY_USAGE ((LPCSTR) 14)
#define X509_BASIC_CONSTRAINTS2 ((LPCSTR) 15)
#define X509_CERT_POLICIES ((LPCSTR) 16)
//+-------------------------------------------------------------------------
// Additional predefined data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
#define PKCS_UTC_TIME ((LPCSTR) 17)
#define PKCS_TIME_REQUEST ((LPCSTR) 18)
#define RSA_CSP_PUBLICKEYBLOB ((LPCSTR) 19)
#define X509_UNICODE_NAME ((LPCSTR) 20)
#define X509_KEYGEN_REQUEST_TO_BE_SIGNED ((LPCSTR) 21)
#define PKCS_ATTRIBUTE ((LPCSTR) 22)
#define PKCS_CONTENT_INFO_SEQUENCE_OF_ANY ((LPCSTR) 23)
//+-------------------------------------------------------------------------
// Predefined primitive data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
#define X509_UNICODE_NAME_VALUE ((LPCSTR) 24)
#define X509_ANY_STRING X509_NAME_VALUE
#define X509_UNICODE_ANY_STRING X509_UNICODE_NAME_VALUE
#define X509_OCTET_STRING ((LPCSTR) 25)
#define X509_BITS ((LPCSTR) 26)
#define X509_INTEGER ((LPCSTR) 27)
#define X509_MULTI_BYTE_INTEGER ((LPCSTR) 28)
#define X509_ENUMERATED ((LPCSTR) 29)
#define X509_CHOICE_OF_TIME ((LPCSTR) 30)
//+-------------------------------------------------------------------------
// More predefined X509 certificate extension data structures that can be
// encoded / decoded.
//--------------------------------------------------------------------------
#define X509_AUTHORITY_KEY_ID2 ((LPCSTR) 31)
#define X509_AUTHORITY_INFO_ACCESS ((LPCSTR) 32)
#define X509_CRL_REASON_CODE X509_ENUMERATED
#define PKCS_CONTENT_INFO ((LPCSTR) 33)
#define X509_SEQUENCE_OF_ANY ((LPCSTR) 34)
#define X509_CRL_DIST_POINTS ((LPCSTR) 35)
#define X509_ENHANCED_KEY_USAGE ((LPCSTR) 36)
#define PKCS_CTL ((LPCSTR) 37)
#define X509_MULTI_BYTE_UINT ((LPCSTR) 38)
#define X509_DSS_PUBLICKEY X509_MULTI_BYTE_UINT
#define X509_DSS_PARAMETERS ((LPCSTR) 39)
#define X509_DSS_SIGNATURE ((LPCSTR) 40)
#define PKCS_RC2_CBC_PARAMETERS ((LPCSTR) 41)
#define PKCS_SMIME_CAPABILITIES ((LPCSTR) 42)
//+-------------------------------------------------------------------------
// data structures for private keys
//--------------------------------------------------------------------------
#define PKCS_RSA_PRIVATE_KEY ((LPCSTR) 43)
#define PKCS_PRIVATE_KEY_INFO ((LPCSTR) 44)
#define PKCS_ENCRYPTED_PRIVATE_KEY_INFO ((LPCSTR) 45)
//+-------------------------------------------------------------------------
// certificate policy qualifier
//--------------------------------------------------------------------------
#define X509_PKIX_POLICY_QUALIFIER_USERNOTICE ((LPCSTR) 46)
//+-------------------------------------------------------------------------
// Diffie-Hellman Key Exchange
//--------------------------------------------------------------------------
#define X509_DH_PUBLICKEY X509_MULTI_BYTE_UINT
#define X509_DH_PARAMETERS ((LPCSTR) 47)
#define PKCS_ATTRIBUTES ((LPCSTR) 48)
#define PKCS_SORTED_CTL ((LPCSTR) 49)
//+-------------------------------------------------------------------------
// X942 Diffie-Hellman
//--------------------------------------------------------------------------
#define X942_DH_PARAMETERS ((LPCSTR) 50)
//+-------------------------------------------------------------------------
// The following is the same as X509_BITS, except before encoding,
// the bit length is decremented to exclude trailing zero bits.
//--------------------------------------------------------------------------
#define X509_BITS_WITHOUT_TRAILING_ZEROES ((LPCSTR) 51)
//+-------------------------------------------------------------------------
// X942 Diffie-Hellman Other Info
//--------------------------------------------------------------------------
#define X942_OTHER_INFO ((LPCSTR) 52)
#define X509_CERT_PAIR ((LPCSTR) 53)
#define X509_ISSUING_DIST_POINT ((LPCSTR) 54)
#define X509_NAME_CONSTRAINTS ((LPCSTR) 55)
#define X509_POLICY_MAPPINGS ((LPCSTR) 56)
#define X509_POLICY_CONSTRAINTS ((LPCSTR) 57)
#define X509_CROSS_CERT_DIST_POINTS ((LPCSTR) 58)
//+-------------------------------------------------------------------------
// Certificate Management Messages over CMS (CMC) Data Structures
//--------------------------------------------------------------------------
#define CMC_DATA ((LPCSTR) 59)
#define CMC_RESPONSE ((LPCSTR) 60)
#define CMC_STATUS ((LPCSTR) 61)
#define CMC_ADD_EXTENSIONS ((LPCSTR) 62)
#define CMC_ADD_ATTRIBUTES ((LPCSTR) 63)
//+-------------------------------------------------------------------------
// Certificate Template
//--------------------------------------------------------------------------
#define X509_CERTIFICATE_TEMPLATE ((LPCSTR) 64)
//+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
#define PKCS7_SIGNER_INFO ((LPCSTR) 500)
//+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
#define CMS_SIGNER_INFO ((LPCSTR) 501)
//+-------------------------------------------------------------------------
// Predefined Software Publishing Credential (SPC) data structures that
// can be encoded / decoded.
//
// Predefined values: 2000 .. 2999
//
// See spc.h for value and data structure definitions.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Extension Object Identifiers
//--------------------------------------------------------------------------
#define szOID_AUTHORITY_KEY_IDENTIFIER "2.5.29.1"
#define szOID_KEY_ATTRIBUTES "2.5.29.2"
#define szOID_CERT_POLICIES_95 "2.5.29.3"
#define szOID_KEY_USAGE_RESTRICTION "2.5.29.4"
#define szOID_SUBJECT_ALT_NAME "2.5.29.7"
#define szOID_ISSUER_ALT_NAME "2.5.29.8"
#define szOID_BASIC_CONSTRAINTS "2.5.29.10"
#define szOID_KEY_USAGE "2.5.29.15"
#define szOID_PRIVATEKEY_USAGE_PERIOD "2.5.29.16"
#define szOID_BASIC_CONSTRAINTS2 "2.5.29.19"
#define szOID_CERT_POLICIES "2.5.29.32"
#define szOID_ANY_CERT_POLICY "2.5.29.32.0"
#define szOID_AUTHORITY_KEY_IDENTIFIER2 "2.5.29.35"
#define szOID_SUBJECT_KEY_IDENTIFIER "2.5.29.14"
#define szOID_SUBJECT_ALT_NAME2 "2.5.29.17"
#define szOID_ISSUER_ALT_NAME2 "2.5.29.18"
#define szOID_CRL_REASON_CODE "2.5.29.21"
#define szOID_REASON_CODE_HOLD "2.5.29.23"
#define szOID_CRL_DIST_POINTS "2.5.29.31"
#define szOID_ENHANCED_KEY_USAGE "2.5.29.37"
// szOID_CRL_NUMBER -- Base CRLs only. Monotonically increasing sequence
// number for each CRL issued by a CA.
#define szOID_CRL_NUMBER "2.5.29.20"
// szOID_DELTA_CRL_INDICATOR -- Delta CRLs only. Marked critical.
// Contains the minimum base CRL Number that can be used with a delta CRL.
#define szOID_DELTA_CRL_INDICATOR "2.5.29.27"
#define szOID_ISSUING_DIST_POINT "2.5.29.28"
// szOID_FRESHEST_CRL -- Base CRLs only. Formatted identically to a CDP
// extension that holds URLs to fetch the delta CRL.
#define szOID_FRESHEST_CRL "2.5.29.46"
#define szOID_NAME_CONSTRAINTS "2.5.29.30"
// Note on 1/1/2000 szOID_POLICY_MAPPINGS was changed from "2.5.29.5"
#define szOID_POLICY_MAPPINGS "2.5.29.33"
#define szOID_LEGACY_POLICY_MAPPINGS "2.5.29.5"
#define szOID_POLICY_CONSTRAINTS "2.5.29.36"
// Microsoft PKCS10 Attributes
#define szOID_RENEWAL_CERTIFICATE "1.3.6.1.4.1.311.13.1"
#define szOID_ENROLLMENT_NAME_VALUE_PAIR "1.3.6.1.4.1.311.13.2.1"
#define szOID_ENROLLMENT_CSP_PROVIDER "1.3.6.1.4.1.311.13.2.2"
#define szOID_OS_VERSION "1.3.6.1.4.1.311.13.2.3"
//
// Extension contain certificate type
#define szOID_ENROLLMENT_AGENT "1.3.6.1.4.1.311.20.2.1"
// Internet Public Key Infrastructure (PKIX)
#define szOID_PKIX "1.3.6.1.5.5.7"
#define szOID_PKIX_PE "1.3.6.1.5.5.7.1"
#define szOID_AUTHORITY_INFO_ACCESS "1.3.6.1.5.5.7.1.1"
// Microsoft extensions or attributes
#define szOID_CERT_EXTENSIONS "1.3.6.1.4.1.311.2.1.14"
#define szOID_NEXT_UPDATE_LOCATION "1.3.6.1.4.1.311.10.2"
#define szOID_REMOVE_CERTIFICATE "1.3.6.1.4.1.311.10.8.1"
#define szOID_CROSS_CERT_DIST_POINTS "1.3.6.1.4.1.311.10.9.1"
// Microsoft PKCS #7 ContentType Object Identifiers
#define szOID_CTL "1.3.6.1.4.1.311.10.1"
// Microsoft Sorted CTL Extension Object Identifier
#define szOID_SORTED_CTL "1.3.6.1.4.1.311.10.1.1"
// serialized serial numbers for PRS
#ifndef szOID_SERIALIZED
#define szOID_SERIALIZED "1.3.6.1.4.1.311.10.3.3.1"
#endif
// UPN principal name in SubjectAltName
#ifndef szOID_NT_PRINCIPAL_NAME
#define szOID_NT_PRINCIPAL_NAME "1.3.6.1.4.1.311.20.2.3"
#endif
// Windows product update unauthenticated attribute
#ifndef szOID_PRODUCT_UPDATE
#define szOID_PRODUCT_UPDATE "1.3.6.1.4.1.311.31.1"
#endif
// CryptUI
#define szOID_ANY_APPLICATION_POLICY "1.3.6.1.4.1.311.10.12.1"
//+-------------------------------------------------------------------------
// Object Identifiers for use with Auto Enrollment
//--------------------------------------------------------------------------
#define szOID_AUTO_ENROLL_CTL_USAGE "1.3.6.1.4.1.311.20.1"
// Extension contain certificate type
#define szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2"
#define szOID_CERT_MANIFOLD "1.3.6.1.4.1.311.20.3"
//+-------------------------------------------------------------------------
// Object Identifiers for use with the MS Certificate Server
//--------------------------------------------------------------------------
#ifndef szOID_CERTSRV_CA_VERSION
#define szOID_CERTSRV_CA_VERSION "1.3.6.1.4.1.311.21.1"
#endif
// szOID_CERTSRV_PREVIOUS_CERT_HASH -- Contains the sha1 hash of the previous
// version of the CA certificate.
#define szOID_CERTSRV_PREVIOUS_CERT_HASH "1.3.6.1.4.1.311.21.2"
// szOID_CRL_VIRTUAL_BASE -- Delta CRLs only. Contains the base CRL Number
// of the corresponding base CRL.
#define szOID_CRL_VIRTUAL_BASE "1.3.6.1.4.1.311.21.3"
// szOID_CRL_NEXT_PUBLISH -- Contains the time when the next CRL is expected
// to be published. This may be sooner than the CRL's NextUpdate field.
#define szOID_CRL_NEXT_PUBLISH "1.3.6.1.4.1.311.21.4"
// Enhanced Key Usage for CA encryption certificate
#define szOID_KP_CA_EXCHANGE "1.3.6.1.4.1.311.21.5"
// Enhanced Key Usage for key recovery agent certificate
#define szOID_KP_KEY_RECOVERY_AGENT "1.3.6.1.4.1.311.21.6"
// Certificate template extension (v2)
#define szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7"
// The root oid for all enterprise specific oids
#define szOID_ENTERPRISE_OID_ROOT "1.3.6.1.4.1.311.21.8"
// Dummy signing Subject RDN
#define szOID_RDN_DUMMY_SIGNER "1.3.6.1.4.1.311.21.9"
// Application Policies extension -- same encoding as szOID_CERT_POLICIES
#define szOID_APPLICATION_CERT_POLICIES "1.3.6.1.4.1.311.21.10"
// Application Policy Mappings -- same encoding as szOID_POLICY_MAPPINGS
#define szOID_APPLICATION_POLICY_MAPPINGS "1.3.6.1.4.1.311.21.11"
// Application Policy Constraints -- same encoding as szOID_POLICY_CONSTRAINTS
#define szOID_APPLICATION_POLICY_CONSTRAINTS "1.3.6.1.4.1.311.21.12"
#define szOID_ARCHIVED_KEY_ATTR "1.3.6.1.4.1.311.21.13"
#define szOID_CRL_SELF_CDP "1.3.6.1.4.1.311.21.14"
// Requires all certificates below the root to have a non-empty intersecting
// issuance certificate policy usage.
#define szOID_REQUIRE_CERT_CHAIN_POLICY "1.3.6.1.4.1.311.21.15"
#define szOID_ARCHIVED_KEY_CERT_HASH "1.3.6.1.4.1.311.21.16"
#define szOID_ISSUED_CERT_HASH "1.3.6.1.4.1.311.21.17"
// Enhanced key usage for DS email replication
#define szOID_DS_EMAIL_REPLICATION "1.3.6.1.4.1.311.21.19"
#define szOID_REQUEST_CLIENT_INFO "1.3.6.1.4.1.311.21.20"
#define szOID_ENCRYPTED_KEY_HASH "1.3.6.1.4.1.311.21.21"
//+-------------------------------------------------------------------------
// Object Identifiers for use with the MS Directory Service
//--------------------------------------------------------------------------
#define szOID_NTDS_REPLICATION "1.3.6.1.4.1.311.25.1"
//+-------------------------------------------------------------------------
// Extension Object Identifiers (currently not implemented)
//--------------------------------------------------------------------------
#define szOID_SUBJECT_DIR_ATTRS "2.5.29.9"
//+-------------------------------------------------------------------------
// Enhanced Key Usage (Purpose) Object Identifiers
//--------------------------------------------------------------------------
#define szOID_PKIX_KP "1.3.6.1.5.5.7.3"
// Consistent key usage bits: DIGITAL_SIGNATURE, KEY_ENCIPHERMENT
// or KEY_AGREEMENT
#define szOID_PKIX_KP_SERVER_AUTH "1.3.6.1.5.5.7.3.1"
// Consistent key usage bits: DIGITAL_SIGNATURE
#define szOID_PKIX_KP_CLIENT_AUTH "1.3.6.1.5.5.7.3.2"
// Consistent key usage bits: DIGITAL_SIGNATURE
#define szOID_PKIX_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3"
// Consistent key usage bits: DIGITAL_SIGNATURE, NON_REPUDIATION and/or
// (KEY_ENCIPHERMENT or KEY_AGREEMENT)
#define szOID_PKIX_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4"
// Consistent key usage bits: DIGITAL_SIGNATURE and/or
// (KEY_ENCIPHERMENT or KEY_AGREEMENT)
#define szOID_PKIX_KP_IPSEC_END_SYSTEM "1.3.6.1.5.5.7.3.5"
// Consistent key usage bits: DIGITAL_SIGNATURE and/or
// (KEY_ENCIPHERMENT or KEY_AGREEMENT)
#define szOID_PKIX_KP_IPSEC_TUNNEL "1.3.6.1.5.5.7.3.6"
// Consistent key usage bits: DIGITAL_SIGNATURE and/or
// (KEY_ENCIPHERMENT or KEY_AGREEMENT)
#define szOID_PKIX_KP_IPSEC_USER "1.3.6.1.5.5.7.3.7"
// Consistent key usage bits: DIGITAL_SIGNATURE or NON_REPUDIATION
#define szOID_PKIX_KP_TIMESTAMP_SIGNING "1.3.6.1.5.5.7.3.8"
// IKE (Internet Key Exchange) Intermediate KP for an IPsec end entity.
// Defined in draft-ietf-ipsec-pki-req-04.txt, December 14, 1999.
#define szOID_IPSEC_KP_IKE_INTERMEDIATE "1.3.6.1.5.5.8.2.2"
//+-------------------------------------------------------------------------
// Microsoft Enhanced Key Usage (Purpose) Object Identifiers
//+-------------------------------------------------------------------------
// Signer of CTLs
#define szOID_KP_CTL_USAGE_SIGNING "1.3.6.1.4.1.311.10.3.1"
// Signer of TimeStamps
#define szOID_KP_TIME_STAMP_SIGNING "1.3.6.1.4.1.311.10.3.2"
#ifndef szOID_SERVER_GATED_CRYPTO
#define szOID_SERVER_GATED_CRYPTO "1.3.6.1.4.1.311.10.3.3"
#endif
#ifndef szOID_SGC_NETSCAPE
#define szOID_SGC_NETSCAPE "2.16.840.1.113730.4.1"
#endif
#define szOID_KP_EFS "1.3.6.1.4.1.311.10.3.4"
#define szOID_EFS_RECOVERY "1.3.6.1.4.1.311.10.3.4.1"
// Can use Windows Hardware Compatible (WHQL)
#define szOID_WHQL_CRYPTO "1.3.6.1.4.1.311.10.3.5"
// Signed by the NT5 build lab
#define szOID_NT5_CRYPTO "1.3.6.1.4.1.311.10.3.6"
// Signed by and OEM of WHQL
#define szOID_OEM_WHQL_CRYPTO "1.3.6.1.4.1.311.10.3.7"
// Signed by the Embedded NT
#define szOID_EMBEDDED_NT_CRYPTO "1.3.6.1.4.1.311.10.3.8"
// Signer of a CTL containing trusted roots
#define szOID_ROOT_LIST_SIGNER "1.3.6.1.4.1.311.10.3.9"
// Can sign cross-cert and subordinate CA requests with qualified
// subordination (name constraints, policy mapping, etc.)
#define szOID_KP_QUALIFIED_SUBORDINATION "1.3.6.1.4.1.311.10.3.10"
// Can be used to encrypt/recover escrowed keys
#define szOID_KP_KEY_RECOVERY "1.3.6.1.4.1.311.10.3.11"
// Signer of documents
#define szOID_KP_DOCUMENT_SIGNING "1.3.6.1.4.1.311.10.3.12"
// The default WinVerifyTrust Authenticode policy is to treat all time stamped
// signatures as being valid forever. This OID limits the valid lifetime of the
// signature to the lifetime of the certificate. This allows timestamped
// signatures to expire. Normally this OID will be used in conjunction with
// szOID_PKIX_KP_CODE_SIGNING to indicate new time stamp semantics should be
// used. Support for this OID was added in WXP.
#define szOID_KP_LIFETIME_SIGNING "1.3.6.1.4.1.311.10.3.13"
#ifndef szOID_DRM
#define szOID_DRM "1.3.6.1.4.1.311.10.5.1"
#endif
// Microsoft DRM EKU
#ifndef szOID_DRM_INDIVIDUALIZATION
#define szOID_DRM_INDIVIDUALIZATION "1.3.6.1.4.1.311.10.5.2"
#endif
#ifndef szOID_LICENSES
#define szOID_LICENSES "1.3.6.1.4.1.311.10.6.1"
#endif
#ifndef szOID_LICENSE_SERVER
#define szOID_LICENSE_SERVER "1.3.6.1.4.1.311.10.6.2"
#endif
#ifndef szOID_KP_SMARTCARD_LOGON
#define szOID_KP_SMARTCARD_LOGON "1.3.6.1.4.1.311.20.2.2"
#endif
//+-------------------------------------------------------------------------
// Microsoft Attribute Object Identifiers
//+-------------------------------------------------------------------------
#define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1"
//+-------------------------------------------------------------------------
// Qualifiers that may be part of the szOID_CERT_POLICIES and
// szOID_CERT_POLICIES95 extensions
//+-------------------------------------------------------------------------
#define szOID_PKIX_POLICY_QUALIFIER_CPS "1.3.6.1.5.5.7.2.1"
#define szOID_PKIX_POLICY_QUALIFIER_USERNOTICE "1.3.6.1.5.5.7.2.2"
// OID for old qualifer
#define szOID_CERT_POLICIES_95_QUALIFIER1 "2.16.840.1.113733.1.7.1.1"
//+-------------------------------------------------------------------------
// X509_CERT
//
// The "to be signed" encoded content plus its signature. The ToBeSigned
// content is the CryptEncodeObject() output for one of the following:
// X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or
// X509_CERT_REQUEST_TO_BE_SIGNED.
//
// pvStructInfo points to CERT_SIGNED_CONTENT_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_TO_BE_SIGNED
//
// pvStructInfo points to CERT_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_CRL_TO_BE_SIGNED
//
// pvStructInfo points to CRL_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_REQUEST_TO_BE_SIGNED
//
// pvStructInfo points to CERT_REQUEST_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_EXTENSIONS
// szOID_CERT_EXTENSIONS
//
// pvStructInfo points to following CERT_EXTENSIONS.
//--------------------------------------------------------------------------
typedef struct _CERT_EXTENSIONS {
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CERT_EXTENSIONS, *PCERT_EXTENSIONS;
//+-------------------------------------------------------------------------
// X509_NAME_VALUE
// X509_ANY_STRING
//
// pvStructInfo points to CERT_NAME_VALUE.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_UNICODE_NAME_VALUE
// X509_UNICODE_ANY_STRING
//
// pvStructInfo points to CERT_NAME_VALUE.
//
// The name values are unicode strings.
//
// For CryptEncodeObject:
// Value.pbData points to the unicode string.
// If Value.cbData = 0, then, the unicode string is NULL terminated.
// Otherwise, Value.cbData is the unicode string byte count. The byte count
// is twice the character count.
//
// If the unicode string contains an invalid character for the specified
// dwValueType, then, *pcbEncoded is updated with the unicode character
// index of the first invalid character. LastError is set to:
// CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or
// CRYPT_E_INVALID_IA5_STRING.
//
// To disable the above check, either set CERT_RDN_DISABLE_CHECK_TYPE_FLAG
// in dwValueType or set CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG
// in dwFlags passed to CryptEncodeObjectEx.
//
// The unicode string is converted before being encoded according to
// the specified dwValueType. If dwValueType is set to 0, LastError
// is set to E_INVALIDARG.
//
// If the dwValueType isn't one of the character strings (its a
// CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING), then, CryptEncodeObject
// will return FALSE with LastError set to CRYPT_E_NOT_CHAR_STRING.
//
// For CryptDecodeObject:
// Value.pbData points to a NULL terminated unicode string. Value.cbData
// contains the byte count of the unicode string excluding the NULL
// terminator. dwValueType contains the type used in the encoded object.
// Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is
// converted to the unicode string according to the dwValueType.
//
// If the encoded object isn't one of the character string types, then,
// CryptDecodeObject will return FALSE with LastError set to
// CRYPT_E_NOT_CHAR_STRING. For a non character string, decode using
// X509_NAME_VALUE or X509_ANY_STRING.
//
// By default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Set CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG in dwFlags
// passed to either CryptDecodeObject or CryptDecodeObjectEx to
// skip the initial attempt to decode as UTF8.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_NAME
//
// pvStructInfo points to CERT_NAME_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_UNICODE_NAME
//
// pvStructInfo points to CERT_NAME_INFO.
//
// The RDN attribute values are unicode strings except for the dwValueTypes of
// CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are
// the same as for a X509_NAME. Their values aren't converted to/from unicode.
//
// For CryptEncodeObject:
// Value.pbData points to the unicode string.
// If Value.cbData = 0, then, the unicode string is NULL terminated.
// Otherwise, Value.cbData is the unicode string byte count. The byte count
// is twice the character count.
//
// If dwValueType = 0 (CERT_RDN_ANY_TYPE), the pszObjId is used to find
// an acceptable dwValueType. If the unicode string contains an
// invalid character for the found or specified dwValueType, then,
// *pcbEncoded is updated with the error location of the invalid character.
// See below for details. LastError is set to:
// CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or
// CRYPT_E_INVALID_IA5_STRING.
//
// To disable the above check, either set CERT_RDN_DISABLE_CHECK_TYPE_FLAG
// in dwValueType or set CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG
// in dwFlags passed to CryptEncodeObjectEx.
//
// Set CERT_RDN_UNICODE_STRING in dwValueType or set
// CRYPT_UNICODE_NAME_ENCODE_ENABLE_T61_UNICODE_FLAG in dwFlags passed
// to CryptEncodeObjectEx to select CERT_RDN_T61_STRING instead of
// CERT_RDN_UNICODE_STRING if all the unicode characters are <= 0xFF.
//
// Set CERT_RDN_ENABLE_UTF8_UNICODE_STRING in dwValueType or set
// CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG in dwFlags passed
// to CryptEncodeObjectEx to select CERT_RDN_UTF8_STRING instead of
// CERT_RDN_UNICODE_STRING.
//
// The unicode string is converted before being encoded according to
// the specified or ObjId matching dwValueType.
//
// For CryptDecodeObject:
// Value.pbData points to a NULL terminated unicode string. Value.cbData
// contains the byte count of the unicode string excluding the NULL
// terminator. dwValueType contains the type used in the encoded object.
// Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is
// converted to the unicode string according to the dwValueType.
//
// If the dwValueType of the encoded value isn't a character string
// type, then, it isn't converted to UNICODE. Use the
// IS_CERT_RDN_CHAR_STRING() macro on the dwValueType to check
// that Value.pbData points to a converted unicode string.
//
// By default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Set CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG in dwFlags
// passed to either CryptDecodeObject or CryptDecodeObjectEx to
// skip the initial attempt to decode as UTF8.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Unicode Name Value Error Location Definitions
//
// Error location is returned in *pcbEncoded by
// CryptEncodeObject(X509_UNICODE_NAME)
//
// Error location consists of:
// RDN_INDEX - 10 bits << 22
// ATTR_INDEX - 6 bits << 16
// VALUE_INDEX - 16 bits (unicode character index)
//--------------------------------------------------------------------------
#define CERT_UNICODE_RDN_ERR_INDEX_MASK 0x3FF
#define CERT_UNICODE_RDN_ERR_INDEX_SHIFT 22
#define CERT_UNICODE_ATTR_ERR_INDEX_MASK 0x003F
#define CERT_UNICODE_ATTR_ERR_INDEX_SHIFT 16
#define CERT_UNICODE_VALUE_ERR_INDEX_MASK 0x0000FFFF
#define CERT_UNICODE_VALUE_ERR_INDEX_SHIFT 0
#define GET_CERT_UNICODE_RDN_ERR_INDEX(X)
((X >> CERT_UNICODE_RDN_ERR_INDEX_SHIFT) & CERT_UNICODE_RDN_ERR_INDEX_MASK)
#define GET_CERT_UNICODE_ATTR_ERR_INDEX(X)
((X >> CERT_UNICODE_ATTR_ERR_INDEX_SHIFT) & CERT_UNICODE_ATTR_ERR_INDEX_MASK)
#define GET_CERT_UNICODE_VALUE_ERR_INDEX(X)
(X & CERT_UNICODE_VALUE_ERR_INDEX_MASK)
//+-------------------------------------------------------------------------
// X509_PUBLIC_KEY_INFO
//
// pvStructInfo points to CERT_PUBLIC_KEY_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_AUTHORITY_KEY_ID
// szOID_AUTHORITY_KEY_IDENTIFIER
//
// pvStructInfo points to following CERT_AUTHORITY_KEY_ID_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_AUTHORITY_KEY_ID_INFO {
CRYPT_DATA_BLOB KeyId;
CERT_NAME_BLOB CertIssuer;
CRYPT_INTEGER_BLOB CertSerialNumber;
} CERT_AUTHORITY_KEY_ID_INFO, *PCERT_AUTHORITY_KEY_ID_INFO;
//+-------------------------------------------------------------------------
// X509_KEY_ATTRIBUTES
// szOID_KEY_ATTRIBUTES
//
// pvStructInfo points to following CERT_KEY_ATTRIBUTES_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_PRIVATE_KEY_VALIDITY {
FILETIME NotBefore;
FILETIME NotAfter;
} CERT_PRIVATE_KEY_VALIDITY, *PCERT_PRIVATE_KEY_VALIDITY;
typedef struct _CERT_KEY_ATTRIBUTES_INFO {
CRYPT_DATA_BLOB KeyId;
CRYPT_BIT_BLOB IntendedKeyUsage;
PCERT_PRIVATE_KEY_VALIDITY pPrivateKeyUsagePeriod; // OPTIONAL
} CERT_KEY_ATTRIBUTES_INFO, *PCERT_KEY_ATTRIBUTES_INFO;
// Byte[0]
#define CERT_DIGITAL_SIGNATURE_KEY_USAGE 0x80
#define CERT_NON_REPUDIATION_KEY_USAGE 0x40
#define CERT_KEY_ENCIPHERMENT_KEY_USAGE 0x20
#define CERT_DATA_ENCIPHERMENT_KEY_USAGE 0x10
#define CERT_KEY_AGREEMENT_KEY_USAGE 0x08
#define CERT_KEY_CERT_SIGN_KEY_USAGE 0x04
#define CERT_OFFLINE_CRL_SIGN_KEY_USAGE 0x02
#define CERT_CRL_SIGN_KEY_USAGE 0x02
#define CERT_ENCIPHER_ONLY_KEY_USAGE 0x01
// Byte[1]
#define CERT_DECIPHER_ONLY_KEY_USAGE 0x80
//+-------------------------------------------------------------------------
// X509_KEY_USAGE_RESTRICTION
// szOID_KEY_USAGE_RESTRICTION
//
// pvStructInfo points to following CERT_KEY_USAGE_RESTRICTION_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_POLICY_ID {
DWORD cCertPolicyElementId;
LPSTR *rgpszCertPolicyElementId; // pszObjId
} CERT_POLICY_ID, *PCERT_POLICY_ID;
typedef struct _CERT_KEY_USAGE_RESTRICTION_INFO {
DWORD cCertPolicyId;
PCERT_POLICY_ID rgCertPolicyId;
CRYPT_BIT_BLOB RestrictedKeyUsage;
} CERT_KEY_USAGE_RESTRICTION_INFO, *PCERT_KEY_USAGE_RESTRICTION_INFO;
// See CERT_KEY_ATTRIBUTES_INFO for definition of the RestrictedKeyUsage bits
//+-------------------------------------------------------------------------
// X509_ALTERNATE_NAME
// szOID_SUBJECT_ALT_NAME
// szOID_ISSUER_ALT_NAME
// szOID_SUBJECT_ALT_NAME2
// szOID_ISSUER_ALT_NAME2
//
// pvStructInfo points to following CERT_ALT_NAME_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_OTHER_NAME {
LPSTR pszObjId;
CRYPT_OBJID_BLOB Value;
} CERT_OTHER_NAME, *PCERT_OTHER_NAME;
typedef struct _CERT_ALT_NAME_ENTRY {
DWORD dwAltNameChoice;
union {
PCERT_OTHER_NAME pOtherName; // 1
LPWSTR pwszRfc822Name; // 2 (encoded IA5)
LPWSTR pwszDNSName; // 3 (encoded IA5)
// Not implemented x400Address; // 4
CERT_NAME_BLOB DirectoryName; // 5
// Not implemented pEdiPartyName; // 6
LPWSTR pwszURL; // 7 (encoded IA5)
CRYPT_DATA_BLOB IPAddress; // 8 (Octet String)
LPSTR pszRegisteredID; // 9 (Object Identifer)
};
} CERT_ALT_NAME_ENTRY, *PCERT_ALT_NAME_ENTRY;
#define CERT_ALT_NAME_OTHER_NAME 1
#define CERT_ALT_NAME_RFC822_NAME 2
#define CERT_ALT_NAME_DNS_NAME 3
#define CERT_ALT_NAME_X400_ADDRESS 4
#define CERT_ALT_NAME_DIRECTORY_NAME 5
#define CERT_ALT_NAME_EDI_PARTY_NAME 6
#define CERT_ALT_NAME_URL 7
#define CERT_ALT_NAME_IP_ADDRESS 8
#define CERT_ALT_NAME_REGISTERED_ID 9
typedef struct _CERT_ALT_NAME_INFO {
DWORD cAltEntry;
PCERT_ALT_NAME_ENTRY rgAltEntry;
} CERT_ALT_NAME_INFO, *PCERT_ALT_NAME_INFO;
//+-------------------------------------------------------------------------
// Alternate name IA5 Error Location Definitions for
// CRYPT_E_INVALID_IA5_STRING.
//
// Error location is returned in *pcbEncoded by
// CryptEncodeObject(X509_ALTERNATE_NAME)
//
// Error location consists of:
// ENTRY_INDEX - 8 bits << 16
// VALUE_INDEX - 16 bits (unicode character index)
//--------------------------------------------------------------------------
#define CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK 0xFF
#define CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT 16
#define CERT_ALT_NAME_VALUE_ERR_INDEX_MASK 0x0000FFFF
#define CERT_ALT_NAME_VALUE_ERR_INDEX_SHIFT 0
#define GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X)
((X >> CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT) &
CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK)
#define GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X)
(X & CERT_ALT_NAME_VALUE_ERR_INDEX_MASK)
//+-------------------------------------------------------------------------
// X509_BASIC_CONSTRAINTS
// szOID_BASIC_CONSTRAINTS
//
// pvStructInfo points to following CERT_BASIC_CONSTRAINTS_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_BASIC_CONSTRAINTS_INFO {
CRYPT_BIT_BLOB SubjectType;
BOOL fPathLenConstraint;
DWORD dwPathLenConstraint;
DWORD cSubtreesConstraint;
CERT_NAME_BLOB *rgSubtreesConstraint;
} CERT_BASIC_CONSTRAINTS_INFO, *PCERT_BASIC_CONSTRAINTS_INFO;
#define CERT_CA_SUBJECT_FLAG 0x80
#define CERT_END_ENTITY_SUBJECT_FLAG 0x40
//+-------------------------------------------------------------------------
// X509_BASIC_CONSTRAINTS2
// szOID_BASIC_CONSTRAINTS2
//
// pvStructInfo points to following CERT_BASIC_CONSTRAINTS2_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_BASIC_CONSTRAINTS2_INFO {
BOOL fCA;
BOOL fPathLenConstraint;
DWORD dwPathLenConstraint;
} CERT_BASIC_CONSTRAINTS2_INFO, *PCERT_BASIC_CONSTRAINTS2_INFO;
//+-------------------------------------------------------------------------
// X509_KEY_USAGE
// szOID_KEY_USAGE
//
// pvStructInfo points to a CRYPT_BIT_BLOB. Has same bit definitions as
// CERT_KEY_ATTRIBUTES_INFO's IntendedKeyUsage.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_POLICIES
// szOID_CERT_POLICIES
// szOID_CERT_POLICIES_95 NOTE--Only allowed for decoding!!!
//
// pvStructInfo points to following CERT_POLICIES_INFO.
//
// NOTE: when decoding using szOID_CERT_POLICIES_95 the pszPolicyIdentifier
// may contain an empty string
//--------------------------------------------------------------------------
typedef struct _CERT_POLICY_QUALIFIER_INFO {
LPSTR pszPolicyQualifierId; // pszObjId
CRYPT_OBJID_BLOB Qualifier; // optional
} CERT_POLICY_QUALIFIER_INFO, *PCERT_POLICY_QUALIFIER_INFO;
typedef struct _CERT_POLICY_INFO {
LPSTR pszPolicyIdentifier; // pszObjId
DWORD cPolicyQualifier; // optional
CERT_POLICY_QUALIFIER_INFO *rgPolicyQualifier;
} CERT_POLICY_INFO, *PCERT_POLICY_INFO;
typedef struct _CERT_POLICIES_INFO {
DWORD cPolicyInfo;
CERT_POLICY_INFO *rgPolicyInfo;
} CERT_POLICIES_INFO, *PCERT_POLICIES_INFO;
//+-------------------------------------------------------------------------
// X509_PKIX_POLICY_QUALIFIER_USERNOTICE
// szOID_PKIX_POLICY_QUALIFIER_USERNOTICE
//
// pvStructInfo points to following CERT_POLICY_QUALIFIER_USER_NOTICE.
//
//--------------------------------------------------------------------------
typedef struct _CERT_POLICY_QUALIFIER_NOTICE_REFERENCE {
LPSTR pszOrganization;
DWORD cNoticeNumbers;
int *rgNoticeNumbers;
} CERT_POLICY_QUALIFIER_NOTICE_REFERENCE, *PCERT_POLICY_QUALIFIER_NOTICE_REFERENCE;
typedef struct _CERT_POLICY_QUALIFIER_USER_NOTICE {
CERT_POLICY_QUALIFIER_NOTICE_REFERENCE *pNoticeReference; // optional
LPWSTR pszDisplayText; // optional
} CERT_POLICY_QUALIFIER_USER_NOTICE, *PCERT_POLICY_QUALIFIER_USER_NOTICE;
//+-------------------------------------------------------------------------
// szOID_CERT_POLICIES_95_QUALIFIER1 - Decode Only!!!!
//
// pvStructInfo points to following CERT_POLICY95_QUALIFIER1.
//
//--------------------------------------------------------------------------
typedef struct _CPS_URLS {
LPWSTR pszURL;
CRYPT_ALGORITHM_IDENTIFIER *pAlgorithm; // optional
CRYPT_DATA_BLOB *pDigest; // optional
} CPS_URLS, *PCPS_URLS;
typedef struct _CERT_POLICY95_QUALIFIER1 {
LPWSTR pszPracticesReference; // optional
LPSTR pszNoticeIdentifier; // optional
LPSTR pszNSINoticeIdentifier; // optional
DWORD cCPSURLs;
CPS_URLS *rgCPSURLs; // optional
} CERT_POLICY95_QUALIFIER1, *PCERT_POLICY95_QUALIFIER1;
//+-------------------------------------------------------------------------
// X509_POLICY_MAPPINGS
// szOID_POLICY_MAPPINGS
// szOID_LEGACY_POLICY_MAPPINGS
//
// pvStructInfo points to following CERT_POLICY_MAPPINGS_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_POLICY_MAPPING {
LPSTR pszIssuerDomainPolicy; // pszObjId
LPSTR pszSubjectDomainPolicy; // pszObjId
} CERT_POLICY_MAPPING, *PCERT_POLICY_MAPPING;
typedef struct _CERT_POLICY_MAPPINGS_INFO {
DWORD cPolicyMapping;
PCERT_POLICY_MAPPING rgPolicyMapping;
} CERT_POLICY_MAPPINGS_INFO, *PCERT_POLICY_MAPPINGS_INFO;
//+-------------------------------------------------------------------------
// X509_POLICY_CONSTRAINTS
// szOID_POLICY_CONSTRAINTS
//
// pvStructInfo points to following CERT_POLICY_CONSTRAINTS_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_POLICY_CONSTRAINTS_INFO {
BOOL fRequireExplicitPolicy;
DWORD dwRequireExplicitPolicySkipCerts;