Windows编程

开发平台：

Delphi

JwaWinCrypt.pas：源码内容

CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO = _CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO;
{$EXTERNALSYM CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO}
TCmsgRecipientEncryptedKeyEncodeInfo = CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO;
PCmsgRecipientEncryptedKeyEncodeInfo = PCMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO;
PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO = ^CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO;
{$EXTERNALSYM PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO}
_CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO = record
cbSize: DWORD;
KeyEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
pvKeyEncryptionAuxInfo: Pointer;
KeyWrapAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
pvKeyWrapAuxInfo: Pointer;
// The following hCryptProv and dwKeySpec must be specified for the
// CMSG_KEY_AGREE_STATIC_KEY_CHOICE.
//
// For CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE, dwKeySpec isn't applicable
// and hCryptProv is optional.
hCryptProv: HCRYPTPROV;
dwKeySpec: DWORD;
dwKeyChoice: DWORD;
Union: record
case Integer of
// CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE
//
// The ephemeral public key algorithm and parameters.
0: (pEphemeralAlgorithm: PCRYPT_ALGORITHM_IDENTIFIER);
// CMSG_KEY_AGREE_STATIC_KEY_CHOICE
//
// The CertId of the sender's certificate
1: (pSenderId: PCERT_ID);
end;
UserKeyingMaterial: CRYPT_DATA_BLOB; // OPTIONAL
cRecipientEncryptedKeys: DWORD;
rgpRecipientEncryptedKeys: PCMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO;
end;
{$EXTERNALSYM _CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO}
CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO = _CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO;
{$EXTERNALSYM CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO}
TCmsgKeyAgreeRecipientEncodeInfo = CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO;
PCmsgKeyAgreeRecipientEncodeInfo = PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO;
const
CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE = 1;
{$EXTERNALSYM CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE}
CMSG_KEY_AGREE_STATIC_KEY_CHOICE = 2;
{$EXTERNALSYM CMSG_KEY_AGREE_STATIC_KEY_CHOICE}
//+-------------------------------------------------------------------------
// Mail List Recipient Encode Info
//
// There is 1 choice for the KeyEncryptionKey: an already created CSP key
// handle. For the key handle choice, hCryptProv must be nonzero. This key
// handle isn't destroyed.
//
// Note, even if CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags
// passed to CryptMsgOpenToEncode(), this hCryptProv isn't released.
//
// Currently, pvKeyEncryptionAuxInfo is only defined for RC2 key wrap
// algorithms. Otherwise, its not used and must be set to NULL.
// When set for RC2 algorithms, points to a CMSG_RC2_AUX_INFO containing
// the RC2 effective key length.
//
// Note, mail list recipients are not supported in PKCS #7 version 1.5.
//--------------------------------------------------------------------------
type
PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO = ^CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO;
{$EXTERNALSYM PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO}
_CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO = record
cbSize: DWORD;
KeyEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
pvKeyEncryptionAuxInfo: Pointer;
hCryptProv: HCRYPTPROV;
dwKeyChoice: DWORD;
Union: record
case Integer of
// CMSG_MAIL_LIST_HANDLE_KEY_CHOICE
0: (hKeyEncryptionKey: HCRYPTKEY);
// Reserve space for a potential pointer choice
1: (pvKeyEncryptionKey: Pointer);
end;
KeyId: CRYPT_DATA_BLOB;
// Following fields are optional.
Date: FILETIME;
pOtherAttr: PCRYPT_ATTRIBUTE_TYPE_VALUE;
end;
{$EXTERNALSYM _CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO}
CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO = _CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO;
{$EXTERNALSYM CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO}
TCmsgMailListRecipientEncodeInfo = CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO;
PCmsgMailListRecipientEncodeInfo = PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO;
const
CMSG_MAIL_LIST_HANDLE_KEY_CHOICE = 1;
{$EXTERNALSYM CMSG_MAIL_LIST_HANDLE_KEY_CHOICE}
//+-------------------------------------------------------------------------
// Recipient Encode Info
//
// Note, only key transport recipients are supported in PKCS #7 version 1.5.
//--------------------------------------------------------------------------
type
PCMSG_RECIPIENT_ENCODE_INFO = ^CMSG_RECIPIENT_ENCODE_INFO;
{$NODEFINE PCMSG_RECIPIENT_ENCODE_INFO}
_CMSG_RECIPIENT_ENCODE_INFO = record
dwRecipientChoice: DWORD;
case Integer of
// CMSG_KEY_TRANS_RECIPIENT
0: (pKeyTrans: PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO);
// CMSG_KEY_AGREE_RECIPIENT
1: (pKeyAgree: PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO);
// CMSG_MAIL_LIST_RECIPIENT
2: (pMailList: PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO);
end;
{$EXTERNALSYM _CMSG_RECIPIENT_ENCODE_INFO}
CMSG_RECIPIENT_ENCODE_INFO = _CMSG_RECIPIENT_ENCODE_INFO;
{$NODEFINE CMSG_RECIPIENT_ENCODE_INFO}
TCmsgRecipientEncodeInfo = CMSG_RECIPIENT_ENCODE_INFO;
PCmsgRecipientEncodeInfo = PCMSG_RECIPIENT_ENCODE_INFO;
const
CMSG_KEY_TRANS_RECIPIENT = 1;
{$EXTERNALSYM CMSG_KEY_TRANS_RECIPIENT}
CMSG_KEY_AGREE_RECIPIENT = 2;
{$EXTERNALSYM CMSG_KEY_AGREE_RECIPIENT}
CMSG_MAIL_LIST_RECIPIENT = 3;
{$EXTERNALSYM CMSG_MAIL_LIST_RECIPIENT}
//+-------------------------------------------------------------------------
// CMSG_RC2_AUX_INFO
//
// AuxInfo for RC2 encryption algorithms. The pvEncryptionAuxInfo field
// in CMSG_ENCRYPTED_ENCODE_INFO should be updated to point to this
// structure. If not specified, defaults to 40 bit.
//
// Note, this AuxInfo is only used when, the ContentEncryptionAlgorithm's
// Parameter.cbData is zero. Otherwise, the Parameters is decoded to
// get the bit length.
//
// If CMSG_SP3_COMPATIBLE_ENCRYPT_FLAG is set in dwBitLen, then, SP3
// compatible encryption is done and the bit length is ignored.
//--------------------------------------------------------------------------
type
PCMSG_RC2_AUX_INFO = ^CMSG_RC2_AUX_INFO;
{$EXTERNALSYM PCMSG_RC2_AUX_INFO}
_CMSG_RC2_AUX_INFO = record
cbSize: DWORD;
dwBitLen: DWORD;
end;
{$EXTERNALSYM _CMSG_RC2_AUX_INFO}
CMSG_RC2_AUX_INFO = _CMSG_RC2_AUX_INFO;
{$EXTERNALSYM CMSG_RC2_AUX_INFO}
TCmsgRc2AuxInfo = CMSG_RC2_AUX_INFO;
PCmsgRc2AuxInfo = PCMSG_RC2_AUX_INFO;
//+-------------------------------------------------------------------------
// CMSG_SP3_COMPATIBLE_AUX_INFO
//
// AuxInfo for enabling SP3 compatible encryption.
//
// The CMSG_SP3_COMPATIBLE_ENCRYPT_FLAG is set in dwFlags to enable SP3
// compatible encryption. When set, uses zero salt instead of no salt,
// the encryption algorithm parameters are NULL instead of containing the
// encoded RC2 parameters or encoded IV octet string and the encrypted
// symmetric key is encoded little endian instead of big endian.
//--------------------------------------------------------------------------
PCMSG_SP3_COMPATIBLE_AUX_INFO = ^CMSG_SP3_COMPATIBLE_AUX_INFO;
{$EXTERNALSYM PCMSG_SP3_COMPATIBLE_AUX_INFO}
_CMSG_SP3_COMPATIBLE_AUX_INFO = record
cbSize: DWORD;
dwFlags: DWORD;
end;
{$EXTERNALSYM _CMSG_SP3_COMPATIBLE_AUX_INFO}
CMSG_SP3_COMPATIBLE_AUX_INFO = _CMSG_SP3_COMPATIBLE_AUX_INFO;
{$EXTERNALSYM CMSG_SP3_COMPATIBLE_AUX_INFO}
TCmsgSp3CompatibleAuxInfo = CMSG_SP3_COMPATIBLE_AUX_INFO;
PCmsgSp3CompatibleAuxInfo = PCMSG_SP3_COMPATIBLE_AUX_INFO;
const
CMSG_SP3_COMPATIBLE_ENCRYPT_FLAG = DWORD($80000000);
{$EXTERNALSYM CMSG_SP3_COMPATIBLE_ENCRYPT_FLAG}
//+-------------------------------------------------------------------------
// CMSG_RC4_AUX_INFO
//
// AuxInfo for RC4 encryption algorithms. The pvEncryptionAuxInfo field
// in CMSG_ENCRYPTED_ENCODE_INFO should be updated to point to this
// structure. If not specified, uses the CSP's default bit length with no
// salt. Note, the base CSP has a 40 bit default and the enhanced CSP has
// a 128 bit default.
//
// If CMSG_RC4_NO_SALT_FLAG is set in dwBitLen, then, no salt is generated.
// Otherwise, (128 - dwBitLen)/8 bytes of salt are generated and encoded
// as an OCTET STRING in the algorithm parameters field.
//--------------------------------------------------------------------------
type
PCMSG_RC4_AUX_INFO = ^CMSG_RC4_AUX_INFO;
{$EXTERNALSYM PCMSG_RC4_AUX_INFO}
_CMSG_RC4_AUX_INFO = record
cbSize: DWORD;
dwBitLen: DWORD;
end;
{$EXTERNALSYM _CMSG_RC4_AUX_INFO}
CMSG_RC4_AUX_INFO = _CMSG_RC4_AUX_INFO;
{$EXTERNALSYM CMSG_RC4_AUX_INFO}
TCmsgRc4AuxInfo = CMSG_RC4_AUX_INFO;
PCmsgRc4AuxInfo = PCMSG_RC4_AUX_INFO;
const
CMSG_RC4_NO_SALT_FLAG = $40000000;
{$EXTERNALSYM CMSG_RC4_NO_SALT_FLAG}
//+-------------------------------------------------------------------------
// CMSG_SIGNED_AND_ENVELOPED
//
// For PKCS #7, a signed and enveloped message doesn't have the
// signer's authenticated or unauthenticated attributes. Otherwise, a
// combination of the CMSG_SIGNED_ENCODE_INFO and CMSG_ENVELOPED_ENCODE_INFO.
//--------------------------------------------------------------------------
type
PCMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO = ^CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO;
{$EXTERNALSYM PCMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO}
_CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO = record
cbSize: DWORD;
SignedInfo: CMSG_SIGNED_ENCODE_INFO;
EnvelopedInfo: CMSG_ENVELOPED_ENCODE_INFO;
end;
{$EXTERNALSYM _CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO}
CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO = _CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO;
{$EXTERNALSYM CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO}
TCmsgSignedAndEnvelopedEncodeInfo = CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO;
PCmsgSignedAndEnvelopedEncodeInfo = PCMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO;
//+-------------------------------------------------------------------------
// CMSG_HASHED
//
// hCryptProv is used to do the hash. Doesn't need to use a private key.
//
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags
// passed to CryptMsgOpenToEncode(), the hCryptProv is released.
//
// If fDetachedHash is set, then, the encoded message doesn't contain
// any content (its treated as NULL Data)
//
// pvHashAuxInfo currently isn't used and must be set to NULL.
//--------------------------------------------------------------------------
PCMSG_HASHED_ENCODE_INFO = ^CMSG_HASHED_ENCODE_INFO;
{$EXTERNALSYM PCMSG_HASHED_ENCODE_INFO}
_CMSG_HASHED_ENCODE_INFO = record
cbSize: DWORD;
hCryptProv: HCRYPTPROV;
HashAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
pvHashAuxInfo: Pointer;
end;
{$EXTERNALSYM _CMSG_HASHED_ENCODE_INFO}
CMSG_HASHED_ENCODE_INFO = _CMSG_HASHED_ENCODE_INFO;
{$EXTERNALSYM CMSG_HASHED_ENCODE_INFO}
TCmsgHashedEncodeInfo = CMSG_HASHED_ENCODE_INFO;
PCmsgHashedEncodeInfo = PCMSG_HASHED_ENCODE_INFO;
//+-------------------------------------------------------------------------
// CMSG_ENCRYPTED
//
// The key used to encrypt the message is identified outside of the message
// content (for example, password).
//
// The content input to CryptMsgUpdate has already been encrypted.
//
// pvEncryptionAuxInfo currently isn't used and must be set to NULL.
//--------------------------------------------------------------------------
PCMSG_ENCRYPTED_ENCODE_INFO = ^CMSG_ENCRYPTED_ENCODE_INFO;
{$EXTERNALSYM PCMSG_ENCRYPTED_ENCODE_INFO}
_CMSG_ENCRYPTED_ENCODE_INFO = record
cbSize: DWORD;
ContentEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
pvEncryptionAuxInfo: Pointer;
end;
{$EXTERNALSYM _CMSG_ENCRYPTED_ENCODE_INFO}
CMSG_ENCRYPTED_ENCODE_INFO = _CMSG_ENCRYPTED_ENCODE_INFO;
{$EXTERNALSYM CMSG_ENCRYPTED_ENCODE_INFO}
TCmsgEncryptedEncodeInfo = CMSG_ENCRYPTED_ENCODE_INFO;
PCmsgEncryptedEncodeInfo = PCMSG_ENCRYPTED_ENCODE_INFO;
//+-------------------------------------------------------------------------
// This parameter allows messages to be of variable length with streamed
// output.
//
// By default, messages are of a definite length and
// CryptMsgGetParam(CMSG_CONTENT_PARAM) is
// called to get the cryptographically processed content. Until closed,
// the handle keeps a copy of the processed content.
//
// With streamed output, the processed content can be freed as its streamed.
//
// If the length of the content to be updated is known at the time of the
// open, then, ContentLength should be set to that length. Otherwise, it
// should be set to CMSG_INDEFINITE_LENGTH.
//--------------------------------------------------------------------------
type
PFN_CMSG_STREAM_OUTPUT = function (pvArg: Pointer; pbData: LPBYTE;
cbData: DWORD; fFinal: BOOL): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_STREAM_OUTPUT}
PFnCMsgStreamOutput = PFN_CMSG_STREAM_OUTPUT;
const
CMSG_INDEFINITE_LENGTH = DWORD($FFFFFFFF);
{$EXTERNALSYM CMSG_INDEFINITE_LENGTH}
type
PCMSG_STREAM_INFO = ^CMSG_STREAM_INFO;
{$EXTERNALSYM PCMSG_STREAM_INFO}
_CMSG_STREAM_INFO = record
cbContent: DWORD;
pfnStreamOutput: PFN_CMSG_STREAM_OUTPUT;
pvArg: Pointer;
end;
{$EXTERNALSYM _CMSG_STREAM_INFO}
CMSG_STREAM_INFO = _CMSG_STREAM_INFO;
{$EXTERNALSYM CMSG_STREAM_INFO}
TCmsgStreamInfo = CMSG_STREAM_INFO;
PCmsgStreamInfo = PCMSG_STREAM_INFO;
//+-------------------------------------------------------------------------
// Open dwFlags
//--------------------------------------------------------------------------
const
CMSG_BARE_CONTENT_FLAG = $00000001;
{$EXTERNALSYM CMSG_BARE_CONTENT_FLAG}
CMSG_LENGTH_ONLY_FLAG = $00000002;
{$EXTERNALSYM CMSG_LENGTH_ONLY_FLAG}
CMSG_DETACHED_FLAG = $00000004;
{$EXTERNALSYM CMSG_DETACHED_FLAG}
CMSG_AUTHENTICATED_ATTRIBUTES_FLAG = $00000008;
{$EXTERNALSYM CMSG_AUTHENTICATED_ATTRIBUTES_FLAG}
CMSG_CONTENTS_OCTETS_FLAG = $00000010;
{$EXTERNALSYM CMSG_CONTENTS_OCTETS_FLAG}
CMSG_MAX_LENGTH_FLAG = $00000020;
{$EXTERNALSYM CMSG_MAX_LENGTH_FLAG}
// When set, nonData type inner content is encapsulated within an
// OCTET STRING. Applicable to both Signed and Enveloped messages.
CMSG_CMS_ENCAPSULATED_CONTENT_FLAG = $00000040;
{$EXTERNALSYM CMSG_CMS_ENCAPSULATED_CONTENT_FLAG}
// If set, then, the hCryptProv passed to CryptMsgOpenToEncode or
// CryptMsgOpenToDecode is released on the final CryptMsgClose.
// Not released if CryptMsgOpenToEncode or CryptMsgOpenToDecode fails.
//
// Note, the envelope recipient hCryptProv's aren't released.
CMSG_CRYPT_RELEASE_CONTEXT_FLAG = $00008000;
{$EXTERNALSYM CMSG_CRYPT_RELEASE_CONTEXT_FLAG}
//+-------------------------------------------------------------------------
// Open a cryptographic message for encoding
//
// For PKCS #7:
// If the content to be passed to CryptMsgUpdate has already
// been message encoded (the input to CryptMsgUpdate is the streamed output
// from another message encode), then, the CMSG_ENCODED_CONTENT_INFO_FLAG should
// be set in dwFlags. If not set, then, the inner ContentType is Data and
// the input to CryptMsgUpdate is treated as the inner Data type's Content,
// a string of bytes.
// If CMSG_BARE_CONTENT_FLAG is specified for a streamed message,
// the streamed output will not have an outer ContentInfo wrapper. This
// makes it suitable to be streamed into an enclosing message.
//
// The pStreamInfo parameter needs to be set to stream the encoded message
// output.
//--------------------------------------------------------------------------
function CryptMsgOpenToEncode(dwMsgEncodingType, dwFlags, dwMsgType: DWORD;
pvMsgEncodeInfo: Pointer; pszInnerContentObjID: LPSTR;
pStreamInfo: PCMSG_STREAM_INFO): HCRYPTMSG; stdcall;
{$EXTERNALSYM CryptMsgOpenToEncode}
//+-------------------------------------------------------------------------
// Calculate the length of an encoded cryptographic message.
//
// Calculates the length of the encoded message given the
// message type, encoding parameters and total length of
// the data to be updated. Note, this might not be the exact length. However,
// it will always be greater than or equal to the actual length.
//--------------------------------------------------------------------------
function CryptMsgCalculateEncodedLength(dwMsgEncodingType, dwFlags, dwMsgType: DWORD;
pvMsgEncodeInfo: Pointer; pszInnerContentObjID: LPSTR; cbData: DWORD): DWORD; stdcall;
{$EXTERNALSYM CryptMsgCalculateEncodedLength}
//+-------------------------------------------------------------------------
// Open a cryptographic message for decoding
//
// hCryptProv specifies the crypto provider to use for hashing and/or
// decrypting the message. If hCryptProv is NULL, a default crypt provider
// is used.
//
// Currently pRecipientInfo isn't used and should be set to NULL.
//
// The pStreamInfo parameter needs to be set to stream the decoded content
// output.
//--------------------------------------------------------------------------
function CryptMsgOpenToDecode(dwMsgEncodingType, dwFlags, dwMsgType: DWORD;
hCryptProv: HCRYPTPROV; pRecipientInfo: PCERT_INFO;
pStreamInfo: PCMSG_STREAM_INFO): HCRYPTMSG; stdcall;
{$EXTERNALSYM CryptMsgOpenToDecode}
//+-------------------------------------------------------------------------
// Duplicate a cryptographic message handle
//--------------------------------------------------------------------------
function CryptMsgDuplicate(hCryptMsg: HCRYPTMSG): HCRYPTMSG; stdcall;
{$EXTERNALSYM CryptMsgDuplicate}
//+-------------------------------------------------------------------------
// Close a cryptographic message handle
//
// LastError is preserved unless FALSE is returned.
//--------------------------------------------------------------------------
function CryptMsgClose(hCryptMsg: HCRYPTMSG): BOOL; stdcall;
{$EXTERNALSYM CryptMsgClose}
//+-------------------------------------------------------------------------
// Update the content of a cryptographic message. Depending on how the
// message was opened, the content is either encoded or decoded.
//
// This function is repetitively called to append to the message content.
// fFinal is set to identify the last update. On fFinal, the encode/decode
// is completed. The encoded/decoded content and the decoded parameters
// are valid until the open and all duplicated handles are closed.
//--------------------------------------------------------------------------
function CryptMsgUpdate(hCryptMsg: HCRYPTMSG; pbData: LPBYTE; cbData: DWORD;
fFinal: BOOL): BOOL; stdcall;
{$EXTERNALSYM CryptMsgUpdate}
//+-------------------------------------------------------------------------
// Get a parameter after encoding/decoding a cryptographic message. Called
// after the final CryptMsgUpdate. Only the CMSG_CONTENT_PARAM and
// CMSG_COMPUTED_HASH_PARAM are valid for an encoded message.
//
// For an encoded HASHED message, the CMSG_COMPUTED_HASH_PARAM can be got
// before any CryptMsgUpdates to get its length.
//
// The pvData type definition depends on the dwParamType value.
//
// Elements pointed to by fields in the pvData structure follow the
// structure. Therefore, *pcbData may exceed the size of the structure.
//
// Upon input, if *pcbData == 0, then, *pcbData is updated with the length
// of the data and the pvData parameter is ignored.
//
// Upon return, *pcbData is updated with the length of the data.
//
// The OBJID BLOBs returned in the pvData structures point to
// their still encoded representation. The appropriate functions
// must be called to decode the information.
//
// See below for a list of the parameters to get.
//--------------------------------------------------------------------------
function CryptMsgGetParam(hCryptMsg: HCRYPTMSG; dwParamType, dwIndex: DWORD;
pvData: Pointer; var pcbData: DWORD): BOOL; stdcall;
{$EXTERNALSYM CryptMsgGetParam}
//+-------------------------------------------------------------------------
// Get parameter types and their corresponding data structure definitions.
//--------------------------------------------------------------------------
const
CMSG_TYPE_PARAM = 1;
{$EXTERNALSYM CMSG_TYPE_PARAM}
CMSG_CONTENT_PARAM = 2;
{$EXTERNALSYM CMSG_CONTENT_PARAM}
CMSG_BARE_CONTENT_PARAM = 3;
{$EXTERNALSYM CMSG_BARE_CONTENT_PARAM}
CMSG_INNER_CONTENT_TYPE_PARAM = 4;
{$EXTERNALSYM CMSG_INNER_CONTENT_TYPE_PARAM}
CMSG_SIGNER_COUNT_PARAM = 5;
{$EXTERNALSYM CMSG_SIGNER_COUNT_PARAM}
CMSG_SIGNER_INFO_PARAM = 6;
{$EXTERNALSYM CMSG_SIGNER_INFO_PARAM}
CMSG_SIGNER_CERT_INFO_PARAM = 7;
{$EXTERNALSYM CMSG_SIGNER_CERT_INFO_PARAM}
CMSG_SIGNER_HASH_ALGORITHM_PARAM = 8;
{$EXTERNALSYM CMSG_SIGNER_HASH_ALGORITHM_PARAM}
CMSG_SIGNER_AUTH_ATTR_PARAM = 9;
{$EXTERNALSYM CMSG_SIGNER_AUTH_ATTR_PARAM}
CMSG_SIGNER_UNAUTH_ATTR_PARAM = 10;
{$EXTERNALSYM CMSG_SIGNER_UNAUTH_ATTR_PARAM}
CMSG_CERT_COUNT_PARAM = 11;
{$EXTERNALSYM CMSG_CERT_COUNT_PARAM}
CMSG_CERT_PARAM = 12;
{$EXTERNALSYM CMSG_CERT_PARAM}
CMSG_CRL_COUNT_PARAM = 13;
{$EXTERNALSYM CMSG_CRL_COUNT_PARAM}
CMSG_CRL_PARAM = 14;
{$EXTERNALSYM CMSG_CRL_PARAM}
CMSG_ENVELOPE_ALGORITHM_PARAM = 15;
{$EXTERNALSYM CMSG_ENVELOPE_ALGORITHM_PARAM}
CMSG_RECIPIENT_COUNT_PARAM = 17;
{$EXTERNALSYM CMSG_RECIPIENT_COUNT_PARAM}
CMSG_RECIPIENT_INDEX_PARAM = 18;
{$EXTERNALSYM CMSG_RECIPIENT_INDEX_PARAM}
CMSG_RECIPIENT_INFO_PARAM = 19;
{$EXTERNALSYM CMSG_RECIPIENT_INFO_PARAM}
CMSG_HASH_ALGORITHM_PARAM = 20;
{$EXTERNALSYM CMSG_HASH_ALGORITHM_PARAM}
CMSG_HASH_DATA_PARAM = 21;
{$EXTERNALSYM CMSG_HASH_DATA_PARAM}
CMSG_COMPUTED_HASH_PARAM = 22;
{$EXTERNALSYM CMSG_COMPUTED_HASH_PARAM}
CMSG_ENCRYPT_PARAM = 26;
{$EXTERNALSYM CMSG_ENCRYPT_PARAM}
CMSG_ENCRYPTED_DIGEST = 27;
{$EXTERNALSYM CMSG_ENCRYPTED_DIGEST}
CMSG_ENCODED_SIGNER = 28;
{$EXTERNALSYM CMSG_ENCODED_SIGNER}
CMSG_ENCODED_MESSAGE = 29;
{$EXTERNALSYM CMSG_ENCODED_MESSAGE}
CMSG_VERSION_PARAM = 30;
{$EXTERNALSYM CMSG_VERSION_PARAM}
CMSG_ATTR_CERT_COUNT_PARAM = 31;
{$EXTERNALSYM CMSG_ATTR_CERT_COUNT_PARAM}
CMSG_ATTR_CERT_PARAM = 32;
{$EXTERNALSYM CMSG_ATTR_CERT_PARAM}
CMSG_CMS_RECIPIENT_COUNT_PARAM = 33;
{$EXTERNALSYM CMSG_CMS_RECIPIENT_COUNT_PARAM}
CMSG_CMS_RECIPIENT_INDEX_PARAM = 34;
{$EXTERNALSYM CMSG_CMS_RECIPIENT_INDEX_PARAM}
CMSG_CMS_RECIPIENT_ENCRYPTED_KEY_INDEX_PARAM = 35;
{$EXTERNALSYM CMSG_CMS_RECIPIENT_ENCRYPTED_KEY_INDEX_PARAM}
CMSG_CMS_RECIPIENT_INFO_PARAM = 36;
{$EXTERNALSYM CMSG_CMS_RECIPIENT_INFO_PARAM}
CMSG_UNPROTECTED_ATTR_PARAM = 37;
{$EXTERNALSYM CMSG_UNPROTECTED_ATTR_PARAM}
CMSG_SIGNER_CERT_ID_PARAM = 38;
{$EXTERNALSYM CMSG_SIGNER_CERT_ID_PARAM}
CMSG_CMS_SIGNER_INFO_PARAM = 39;
{$EXTERNALSYM CMSG_CMS_SIGNER_INFO_PARAM}
//+-------------------------------------------------------------------------
// CMSG_TYPE_PARAM
//
// The type of the decoded message.
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CONTENT_PARAM
//
// The encoded content of a cryptographic message. Depending on how the
// message was opened, the content is either the whole PKCS#7
// message (opened to encode) or the inner content (opened to decode).
// In the decode case, the decrypted content is returned, if enveloped.
// If not enveloped, and if the inner content is of type DATA, the returned
// data is the contents octets of the inner content.
//
// pvData points to the buffer receiving the content bytes
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_BARE_CONTENT_PARAM
//
// The encoded content of an encoded cryptographic message, without the
// outer layer of ContentInfo. That is, only the encoding of the
// ContentInfo.content field is returned.
//
// pvData points to the buffer receiving the content bytes
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_INNER_CONTENT_TYPE_PARAM
//
// The type of the inner content of a decoded cryptographic message,
// in the form of a NULL-terminated object identifier string
// (eg. "1.2.840.113549.1.7.1").
//
// pvData points to the buffer receiving the object identifier string
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_SIGNER_COUNT_PARAM
//
// Count of signers in a SIGNED or SIGNED_AND_ENVELOPED message
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_SIGNER_CERT_INFO_PARAM
//
// To get all the signers, repetitively call CryptMsgGetParam, with
// dwIndex set to 0 .. SignerCount - 1.
//
// pvData points to a CERT_INFO struct.
//
// Only the following fields have been updated in the CERT_INFO struct:
// Issuer and SerialNumber.
//
// Note, if the KEYID choice was selected for a CMS SignerId, then, the
// SerialNumber is 0 and the Issuer is encoded containing a single RDN with a
// single Attribute whose OID is szOID_KEYID_RDN, value type is
// CERT_RDN_OCTET_STRING and value is the KEYID. When the
// CertGetSubjectCertificateFromStore and
// CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) APIs see this
// special KEYID Issuer and SerialNumber, they do a KEYID match.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_SIGNER_INFO_PARAM
//
// To get all the signers, repetitively call CryptMsgGetParam, with
// dwIndex set to 0 .. SignerCount - 1.
//
// pvData points to a CMSG_SIGNER_INFO struct.
//
// Note, if the KEYID choice was selected for a CMS SignerId, then, the
// SerialNumber is 0 and the Issuer is encoded containing a single RDN with a
// single Attribute whose OID is szOID_KEYID_RDN, value type is
// CERT_RDN_OCTET_STRING and value is the KEYID. When the
// CertGetSubjectCertificateFromStore and
// CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) APIs see this
// special KEYID Issuer and SerialNumber, they do a KEYID match.
//--------------------------------------------------------------------------
type
PCMSG_SIGNER_INFO = ^CMSG_SIGNER_INFO;
{$EXTERNALSYM PCMSG_SIGNER_INFO}
_CMSG_SIGNER_INFO = record
dwVersion: DWORD;
Issuer: CERT_NAME_BLOB;
SerialNumber: CRYPT_INTEGER_BLOB;
HashAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
HashEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
EncryptedHash: CRYPT_DATA_BLOB;
AuthAttrs: CRYPT_ATTRIBUTES;
UnauthAttrs: CRYPT_ATTRIBUTES;
end;
{$EXTERNALSYM _CMSG_SIGNER_INFO}
CMSG_SIGNER_INFO = _CMSG_SIGNER_INFO;
{$EXTERNALSYM CMSG_SIGNER_INFO}
TCmsgSignerInfo = CMSG_SIGNER_INFO;
PCmsgSignerInfo = PCMSG_SIGNER_INFO;
//+-------------------------------------------------------------------------
// CMSG_SIGNER_CERT_ID_PARAM
//
// To get all the signers, repetitively call CryptMsgGetParam, with
// dwIndex set to 0 .. SignerCount - 1.
//
// pvData points to a CERT_ID struct.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CMS_SIGNER_INFO_PARAM
//
// Same as CMSG_SIGNER_INFO_PARAM, except, contains SignerId instead of
// Issuer and SerialNumber.
//
// To get all the signers, repetitively call CryptMsgGetParam, with
// dwIndex set to 0 .. SignerCount - 1.
//
// pvData points to a CMSG_CMS_SIGNER_INFO struct.
//--------------------------------------------------------------------------
PCMSG_CMS_SIGNER_INFO = ^CMSG_CMS_SIGNER_INFO;
{$EXTERNALSYM PCMSG_CMS_SIGNER_INFO}
_CMSG_CMS_SIGNER_INFO = record
dwVersion: DWORD;
SignerId: CERT_ID;
HashAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
HashEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
EncryptedHash: CRYPT_DATA_BLOB;
AuthAttrs: CRYPT_ATTRIBUTES;
UnauthAttrs: CRYPT_ATTRIBUTES;
end;
{$EXTERNALSYM _CMSG_CMS_SIGNER_INFO}
CMSG_CMS_SIGNER_INFO = _CMSG_CMS_SIGNER_INFO;
{$EXTERNALSYM CMSG_CMS_SIGNER_INFO}
TCmsgCmsSignerInfo = CMSG_CMS_SIGNER_INFO;
PCmsgCmsSignerInfo = PCMSG_CMS_SIGNER_INFO;
//+-------------------------------------------------------------------------
// CMSG_SIGNER_HASH_ALGORITHM_PARAM
//
// This parameter specifies the HashAlgorithm that was used for the signer.
//
// Set dwIndex to iterate through all the signers.
//
// pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_SIGNER_AUTH_ATTR_PARAM
//
// The authenticated attributes for the signer.
//
// Set dwIndex to iterate through all the signers.
//
// pvData points to a CMSG_ATTR struct.
//--------------------------------------------------------------------------
CMSG_ATTR = CRYPT_ATTRIBUTES;
{$EXTERNALSYM CMSG_ATTR}
PCMSG_ATTR = ^CRYPT_ATTRIBUTES;
{$EXTERNALSYM PCMSG_ATTR}
//+-------------------------------------------------------------------------
// CMSG_SIGNER_UNAUTH_ATTR_PARAM
//
// The unauthenticated attributes for the signer.
//
// Set dwIndex to iterate through all the signers.
//
// pvData points to a CMSG_ATTR struct.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CERT_COUNT_PARAM
//
// Count of certificates in a SIGNED or SIGNED_AND_ENVELOPED message.
//
// CMS, also supports certificates in an ENVELOPED message.
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CERT_PARAM
//
// To get all the certificates, repetitively call CryptMsgGetParam, with
// dwIndex set to 0 .. CertCount - 1.
//
// pvData points to an array of the certificate's encoded bytes.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CRL_COUNT_PARAM
//
// Count of CRLs in a SIGNED or SIGNED_AND_ENVELOPED message.
//
// CMS, also supports CRLs in an ENVELOPED message.
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CRL_PARAM
//
// To get all the CRLs, repetitively call CryptMsgGetParam, with
// dwIndex set to 0 .. CrlCount - 1.
//
// pvData points to an array of the CRL's encoded bytes.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_ENVELOPE_ALGORITHM_PARAM
//
// The ContentEncryptionAlgorithm that was used in
// an ENVELOPED or SIGNED_AND_ENVELOPED message.
//
// For streaming you must be able to successfully get this parameter before
// doing a CryptMsgControl decrypt.
//
// pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_RECIPIENT_COUNT_PARAM
//
// Count of recipients in an ENVELOPED or SIGNED_AND_ENVELOPED message.
//
// Count of key transport recepients.
//
// The CMSG_CMS_RECIPIENT_COUNT_PARAM has the total count of
// recipients (it also includes key agree and mail list recipients).
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_RECIPIENT_INDEX_PARAM
//
// Index of the recipient used to decrypt an ENVELOPED or SIGNED_AND_ENVELOPED
// message.
//
// Index of a key transport recipient. If a non key transport
// recipient was used to decrypt, fails with LastError set to
// CRYPT_E_INVALID_INDEX.
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_RECIPIENT_INFO_PARAM
//
// To get all the recipients, repetitively call CryptMsgGetParam, with
// dwIndex set to 0 .. RecipientCount - 1.
//
// Only returns the key transport recepients.
//
// The CMSG_CMS_RECIPIENT_INFO_PARAM returns all recipients.
//
// pvData points to a CERT_INFO struct.
//
// Only the following fields have been updated in the CERT_INFO struct:
// Issuer, SerialNumber and PublicKeyAlgorithm. The PublicKeyAlgorithm
// specifies the KeyEncryptionAlgorithm that was used.
//
// Note, if the KEYID choice was selected for a key transport recipient, then,
// the SerialNumber is 0 and the Issuer is encoded containing a single RDN
// with a single Attribute whose OID is szOID_KEYID_RDN, value type is
// CERT_RDN_OCTET_STRING and value is the KEYID. When the
// CertGetSubjectCertificateFromStore and
// CertFindCertificateInStore(CERT_FIND_SUBJECT_CERT) APIs see this
// special KEYID Issuer and SerialNumber, they do a KEYID match.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_HASH_ALGORITHM_PARAM
//
// The HashAlgorithm in a HASHED message.
//
// pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_HASH_DATA_PARAM
//
// The hash in a HASHED message.
//
// pvData points to an array of bytes.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_COMPUTED_HASH_PARAM
//
// The computed hash for a HASHED message.
// This may be called for either an encoded or decoded message.
//
// Also, the computed hash for one of the signer's in a SIGNED message.
// It may be called for either an encoded or decoded message after the
// final update. Set dwIndex to iterate through all the signers.
//
// pvData points to an array of bytes.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_ENCRYPT_PARAM
//
// The ContentEncryptionAlgorithm that was used in an ENCRYPTED message.
//
// pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_ENCODED_MESSAGE
//
// The full encoded message. This is useful in the case of a decoded
// message which has been modified (eg. a signed-data or
// signed-and-enveloped-data message which has been countersigned).
//
// pvData points to an array of the message's encoded bytes.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_VERSION_PARAM
//
// The version of the decoded message.
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
const
CMSG_SIGNED_DATA_V1 = 1;
{$EXTERNALSYM CMSG_SIGNED_DATA_V1}
CMSG_SIGNED_DATA_V3 = 3;
{$EXTERNALSYM CMSG_SIGNED_DATA_V3}
CMSG_SIGNED_DATA_PKCS_1_5_VERSION = CMSG_SIGNED_DATA_V1;
{$EXTERNALSYM CMSG_SIGNED_DATA_PKCS_1_5_VERSION}
CMSG_SIGNED_DATA_CMS_VERSION = CMSG_SIGNED_DATA_V3;
{$EXTERNALSYM CMSG_SIGNED_DATA_CMS_VERSION}
CMSG_SIGNER_INFO_V1 = 1;
{$EXTERNALSYM CMSG_SIGNER_INFO_V1}
CMSG_SIGNER_INFO_V3 = 3;
{$EXTERNALSYM CMSG_SIGNER_INFO_V3}
CMSG_SIGNER_INFO_PKCS_1_5_VERSION = CMSG_SIGNER_INFO_V1;
{$EXTERNALSYM CMSG_SIGNER_INFO_PKCS_1_5_VERSION}
CMSG_SIGNER_INFO_CMS_VERSION = CMSG_SIGNER_INFO_V3;
{$EXTERNALSYM CMSG_SIGNER_INFO_CMS_VERSION}
CMSG_HASHED_DATA_V0 = 0;
{$EXTERNALSYM CMSG_HASHED_DATA_V0}
CMSG_HASHED_DATA_V2 = 2;
{$EXTERNALSYM CMSG_HASHED_DATA_V2}
CMSG_HASHED_DATA_PKCS_1_5_VERSION = CMSG_HASHED_DATA_V0;
{$EXTERNALSYM CMSG_HASHED_DATA_PKCS_1_5_VERSION}
CMSG_HASHED_DATA_CMS_VERSION = CMSG_HASHED_DATA_V2;
{$EXTERNALSYM CMSG_HASHED_DATA_CMS_VERSION}
CMSG_ENVELOPED_DATA_V0 = 0;
{$EXTERNALSYM CMSG_ENVELOPED_DATA_V0}
CMSG_ENVELOPED_DATA_V2 = 2;
{$EXTERNALSYM CMSG_ENVELOPED_DATA_V2}
CMSG_ENVELOPED_DATA_PKCS_1_5_VERSION = CMSG_ENVELOPED_DATA_V0;
{$EXTERNALSYM CMSG_ENVELOPED_DATA_PKCS_1_5_VERSION}
CMSG_ENVELOPED_DATA_CMS_VERSION = CMSG_ENVELOPED_DATA_V2;
{$EXTERNALSYM CMSG_ENVELOPED_DATA_CMS_VERSION}
//+-------------------------------------------------------------------------
// CMSG_ATTR_CERT_COUNT_PARAM
//
// Count of attribute certificates in a SIGNED or ENVELOPED message.
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_ATTR_CERT_PARAM
//
// To get all the attribute certificates, repetitively call CryptMsgGetParam,
// with dwIndex set to 0 .. AttrCertCount - 1.
//
// pvData points to an array of the attribute certificate's encoded bytes.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CMS_RECIPIENT_COUNT_PARAM
//
// Count of all CMS recipients in an ENVELOPED message.
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CMS_RECIPIENT_INDEX_PARAM
//
// Index of the CMS recipient used to decrypt an ENVELOPED message.
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CMS_RECIPIENT_ENCRYPTED_KEY_INDEX_PARAM
//
// For a CMS key agreement recipient, the index of the encrypted key
// used to decrypt an ENVELOPED message.
//
// pvData points to a DWORD
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CMS_RECIPIENT_INFO_PARAM
//
// To get all the CMS recipients, repetitively call CryptMsgGetParam, with
// dwIndex set to 0 .. CmsRecipientCount - 1.
//
// pvData points to a CMSG_CMS_RECIPIENT_INFO struct.
//--------------------------------------------------------------------------
type
PCMSG_KEY_TRANS_RECIPIENT_INFO = ^CMSG_KEY_TRANS_RECIPIENT_INFO;
{$EXTERNALSYM PCMSG_KEY_TRANS_RECIPIENT_INFO}
_CMSG_KEY_TRANS_RECIPIENT_INFO = record
dwVersion: DWORD;
// Currently, only ISSUER_SERIAL_NUMBER or KEYID choices
RecipientId: CERT_ID;
KeyEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
EncryptedKey: CRYPT_DATA_BLOB;
end;
{$EXTERNALSYM _CMSG_KEY_TRANS_RECIPIENT_INFO}
CMSG_KEY_TRANS_RECIPIENT_INFO = _CMSG_KEY_TRANS_RECIPIENT_INFO;
{$EXTERNALSYM CMSG_KEY_TRANS_RECIPIENT_INFO}
TCmsgKeyTransRecipientInfo = CMSG_KEY_TRANS_RECIPIENT_INFO;
PCmsgKeyTransRecipientInfo = PCMSG_KEY_TRANS_RECIPIENT_INFO;
PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO = ^CMSG_RECIPIENT_ENCRYPTED_KEY_INFO;
{$EXTERNALSYM PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO}
_CMSG_RECIPIENT_ENCRYPTED_KEY_INFO = record
// Currently, only ISSUER_SERIAL_NUMBER or KEYID choices
RecipientId: CERT_ID;
EncryptedKey: CRYPT_DATA_BLOB;
// The following optional fields are only applicable to KEYID choice
Date: FILETIME;
pOtherAttr: PCRYPT_ATTRIBUTE_TYPE_VALUE;
end;
{$EXTERNALSYM _CMSG_RECIPIENT_ENCRYPTED_KEY_INFO}
CMSG_RECIPIENT_ENCRYPTED_KEY_INFO = _CMSG_RECIPIENT_ENCRYPTED_KEY_INFO;
{$EXTERNALSYM CMSG_RECIPIENT_ENCRYPTED_KEY_INFO}
TCmsgRecipientEncryptedKeyInfo = CMSG_RECIPIENT_ENCRYPTED_KEY_INFO;
PCmsgRecipientEncryptedKeyInfo = PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO;
PCMSG_KEY_AGREE_RECIPIENT_INFO = ^CMSG_KEY_AGREE_RECIPIENT_INFO;
{$EXTERNALSYM PCMSG_KEY_AGREE_RECIPIENT_INFO}
_CMSG_KEY_AGREE_RECIPIENT_INFO = record
dwVersion: DWORD;
dwOriginatorChoice: DWORD;
Union: record
case Integer of
// CMSG_KEY_AGREE_ORIGINATOR_CERT
0: (OriginatorCertId: CERT_ID);
// CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY
1: (OriginatorPublicKeyInfo: CERT_PUBLIC_KEY_INFO);
end;
UserKeyingMaterial: CRYPT_DATA_BLOB;
KeyEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
cRecipientEncryptedKeys: DWORD;
rgpRecipientEncryptedKeys: PCMSG_RECIPIENT_ENCRYPTED_KEY_INFO;
end;
{$EXTERNALSYM _CMSG_KEY_AGREE_RECIPIENT_INFO}
CMSG_KEY_AGREE_RECIPIENT_INFO = _CMSG_KEY_AGREE_RECIPIENT_INFO;
{$EXTERNALSYM CMSG_KEY_AGREE_RECIPIENT_INFO}
TCmsgKeyAgreeRecipientInfo = CMSG_KEY_AGREE_RECIPIENT_INFO;
PCmsgKeyAgreeRecipientInfo = PCMSG_KEY_AGREE_RECIPIENT_INFO;
const
CMSG_KEY_AGREE_ORIGINATOR_CERT = 1;
{$EXTERNALSYM CMSG_KEY_AGREE_ORIGINATOR_CERT}
CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY = 2;
{$EXTERNALSYM CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY}
type
PCMSG_MAIL_LIST_RECIPIENT_INFO = ^CMSG_MAIL_LIST_RECIPIENT_INFO;
{$EXTERNALSYM PCMSG_MAIL_LIST_RECIPIENT_INFO}
_CMSG_MAIL_LIST_RECIPIENT_INFO = record
dwVersion: DWORD;
KeyId: CRYPT_DATA_BLOB;
KeyEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
EncryptedKey: CRYPT_DATA_BLOB;
// The following fields are optional
Date: FILETIME;
pOtherAttr: PCRYPT_ATTRIBUTE_TYPE_VALUE;
end;
{$EXTERNALSYM _CMSG_MAIL_LIST_RECIPIENT_INFO}
CMSG_MAIL_LIST_RECIPIENT_INFO = _CMSG_MAIL_LIST_RECIPIENT_INFO;
{$EXTERNALSYM CMSG_MAIL_LIST_RECIPIENT_INFO}
TCmsgMailListRecipientInfo = CMSG_MAIL_LIST_RECIPIENT_INFO;
PCmsgMailListRecipientInfo = PCMSG_MAIL_LIST_RECIPIENT_INFO;
PCMSG_CMS_RECIPIENT_INFO = ^CMSG_CMS_RECIPIENT_INFO;
{$EXTERNALSYM PCMSG_CMS_RECIPIENT_INFO}
_CMSG_CMS_RECIPIENT_INFO = record
dwRecipientChoice: DWORD;
case Integer of
// CMSG_KEY_TRANS_RECIPIENT
0: (pKeyTrans: PCMSG_KEY_TRANS_RECIPIENT_INFO);
// CMSG_KEY_AGREE_RECIPIENT
1: (pKeyAgree: PCMSG_KEY_AGREE_RECIPIENT_INFO);
// CMSG_MAIL_LIST_RECIPIENT
2: (pMailList: PCMSG_MAIL_LIST_RECIPIENT_INFO);
end;
{$EXTERNALSYM _CMSG_CMS_RECIPIENT_INFO}
CMSG_CMS_RECIPIENT_INFO = _CMSG_CMS_RECIPIENT_INFO;
{$EXTERNALSYM CMSG_CMS_RECIPIENT_INFO}
TCmsgCmsRecipientInfo = CMSG_CMS_RECIPIENT_INFO;
PCmsgCmsRecipientInfo = PCMSG_CMS_RECIPIENT_INFO;
// dwVersion numbers for the KeyTrans, KeyAgree and MailList recipients
const
CMSG_ENVELOPED_RECIPIENT_V0 = 0;
{$EXTERNALSYM CMSG_ENVELOPED_RECIPIENT_V0}
CMSG_ENVELOPED_RECIPIENT_V2 = 2;
{$EXTERNALSYM CMSG_ENVELOPED_RECIPIENT_V2}
CMSG_ENVELOPED_RECIPIENT_V3 = 3;
{$EXTERNALSYM CMSG_ENVELOPED_RECIPIENT_V3}
CMSG_ENVELOPED_RECIPIENT_V4 = 4;
{$EXTERNALSYM CMSG_ENVELOPED_RECIPIENT_V4}
CMSG_KEY_TRANS_PKCS_1_5_VERSION = CMSG_ENVELOPED_RECIPIENT_V0;
{$EXTERNALSYM CMSG_KEY_TRANS_PKCS_1_5_VERSION}
CMSG_KEY_TRANS_CMS_VERSION = CMSG_ENVELOPED_RECIPIENT_V2;
{$EXTERNALSYM CMSG_KEY_TRANS_CMS_VERSION}
CMSG_KEY_AGREE_VERSION = CMSG_ENVELOPED_RECIPIENT_V3;
{$EXTERNALSYM CMSG_KEY_AGREE_VERSION}
CMSG_MAIL_LIST_VERSION = CMSG_ENVELOPED_RECIPIENT_V4;
{$EXTERNALSYM CMSG_MAIL_LIST_VERSION}
//+-------------------------------------------------------------------------
// CMSG_UNPROTECTED_ATTR_PARAM
//
// The unprotected attributes in the envelped message.
//
// pvData points to a CMSG_ATTR struct.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Perform a special "control" function after the final CryptMsgUpdate of a
// encoded/decoded cryptographic message.
//
// The dwCtrlType parameter specifies the type of operation to be performed.
//
// The pvCtrlPara definition depends on the dwCtrlType value.
//
// See below for a list of the control operations and their pvCtrlPara
// type definition.
//--------------------------------------------------------------------------
function CryptMsgControl(hCryptMsg: HCRYPTMSG; dwFlags, dwCtrlType: DWORD;
pvCtrlPara: Pointer): BOOL; stdcall;
{$EXTERNALSYM CryptMsgControl}
//+-------------------------------------------------------------------------
// Message control types
//--------------------------------------------------------------------------
const
CMSG_CTRL_VERIFY_SIGNATURE = 1;
{$EXTERNALSYM CMSG_CTRL_VERIFY_SIGNATURE}
CMSG_CTRL_DECRYPT = 2;
{$EXTERNALSYM CMSG_CTRL_DECRYPT}
CMSG_CTRL_VERIFY_HASH = 5;
{$EXTERNALSYM CMSG_CTRL_VERIFY_HASH}
CMSG_CTRL_ADD_SIGNER = 6;
{$EXTERNALSYM CMSG_CTRL_ADD_SIGNER}
CMSG_CTRL_DEL_SIGNER = 7;
{$EXTERNALSYM CMSG_CTRL_DEL_SIGNER}
CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR = 8;
{$EXTERNALSYM CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR}
CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR = 9;
{$EXTERNALSYM CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR}
CMSG_CTRL_ADD_CERT = 10;
{$EXTERNALSYM CMSG_CTRL_ADD_CERT}
CMSG_CTRL_DEL_CERT = 11;
{$EXTERNALSYM CMSG_CTRL_DEL_CERT}
CMSG_CTRL_ADD_CRL = 12;
{$EXTERNALSYM CMSG_CTRL_ADD_CRL}
CMSG_CTRL_DEL_CRL = 13;
{$EXTERNALSYM CMSG_CTRL_DEL_CRL}
CMSG_CTRL_ADD_ATTR_CERT = 14;
{$EXTERNALSYM CMSG_CTRL_ADD_ATTR_CERT}
CMSG_CTRL_DEL_ATTR_CERT = 15;
{$EXTERNALSYM CMSG_CTRL_DEL_ATTR_CERT}
CMSG_CTRL_KEY_TRANS_DECRYPT = 16;
{$EXTERNALSYM CMSG_CTRL_KEY_TRANS_DECRYPT}
CMSG_CTRL_KEY_AGREE_DECRYPT = 17;
{$EXTERNALSYM CMSG_CTRL_KEY_AGREE_DECRYPT}
CMSG_CTRL_MAIL_LIST_DECRYPT = 18;
{$EXTERNALSYM CMSG_CTRL_MAIL_LIST_DECRYPT}
CMSG_CTRL_VERIFY_SIGNATURE_EX = 19;
{$EXTERNALSYM CMSG_CTRL_VERIFY_SIGNATURE_EX}
CMSG_CTRL_ADD_CMS_SIGNER_INFO = 20;
{$EXTERNALSYM CMSG_CTRL_ADD_CMS_SIGNER_INFO}
//+-------------------------------------------------------------------------
// CMSG_CTRL_VERIFY_SIGNATURE
//
// Verify the signature of a SIGNED or SIGNED_AND_ENVELOPED
// message after it has been decoded.
//
// For a SIGNED_AND_ENVELOPED message, called after
// CryptMsgControl(CMSG_CTRL_DECRYPT), if CryptMsgOpenToDecode was called
// with a NULL pRecipientInfo.
//
// pvCtrlPara points to a CERT_INFO struct.
//
// The CERT_INFO contains the Issuer and SerialNumber identifying
// the Signer of the message. The CERT_INFO also contains the
// PublicKeyInfo
// used to verify the signature. The cryptographic provider specified
// in CryptMsgOpenToDecode is used.
//
// Note, if the message contains CMS signers identified by KEYID, then,
// the CERT_INFO's Issuer and SerialNumber is ignored and only the public
// key is used to find a signer whose signature verifies.
//
// The following CMSG_CTRL_VERIFY_SIGNATURE_EX should be used instead.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_VERIFY_SIGNATURE_EX
//
// Verify the signature of a SIGNED message after it has been decoded.
//
// pvCtrlPara points to the following CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA.
//
// If hCryptProv is NULL, uses the cryptographic provider specified in
// CryptMsgOpenToDecode. If CryptMsgOpenToDecode's hCryptProv is also NULL,
// gets default provider according to the signer's public key OID.
//
// dwSignerIndex is the index of the signer to use to verify the signature.
//
// The signer can be a pointer to a CERT_PUBLIC_KEY_INFO, certificate
// context or a chain context.
//--------------------------------------------------------------------------
type
PCMSG_CTRL_VERIFY_SIGNATURE_EX_PARA = ^CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA;
{$EXTERNALSYM PCMSG_CTRL_VERIFY_SIGNATURE_EX_PARA}
_CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA = record
cbSize: DWORD;
hCryptProv: HCRYPTPROV;
dwSignerIndex: DWORD;
dwSignerType: DWORD;
pvSigner: Pointer;
end;
{$EXTERNALSYM _CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA}
CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA = _CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA;
{$EXTERNALSYM CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA}
TCmsgCtrlVerifySignatureExPara = CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA;
PCmsgCtrlVerifySignatureExPara = PCMSG_CTRL_VERIFY_SIGNATURE_EX_PARA;
// Signer Types
const
CMSG_VERIFY_SIGNER_PUBKEY = 1;
{$EXTERNALSYM CMSG_VERIFY_SIGNER_PUBKEY}
// pvSigner :: PCERT_PUBLIC_KEY_INFO
CMSG_VERIFY_SIGNER_CERT = 2;
{$EXTERNALSYM CMSG_VERIFY_SIGNER_CERT}
// pvSigner :: PCCERT_CONTEXT
CMSG_VERIFY_SIGNER_CHAIN = 3;
{$EXTERNALSYM CMSG_VERIFY_SIGNER_CHAIN}
// pvSigner :: PCCERT_CHAIN_CONTEXT
//+-------------------------------------------------------------------------
// CMSG_CTRL_DECRYPT
//
// Decrypt an ENVELOPED or SIGNED_AND_ENVELOPED message after it has been
// decoded.
//
// This decrypt is only applicable to key transport recipients.
//
// hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec ==
// 0, defaults to AT_KEYEXCHANGE.
//
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed
// to CryptMsgControl, then, the hCryptProv is released on the final
// CryptMsgClose. Not released if CryptMsgControl fails.
//
// dwRecipientIndex is the index of the recipient in the message associated
// with the hCryptProv's private key.
//
// The dwRecipientIndex is the index of a key transport recipient.
//
// Note, the message can only be decrypted once.
//--------------------------------------------------------------------------
type
PCMSG_CTRL_DECRYPT_PARA = ^CMSG_CTRL_DECRYPT_PARA;
{$EXTERNALSYM PCMSG_CTRL_DECRYPT_PARA}
_CMSG_CTRL_DECRYPT_PARA = record
cbSize: DWORD;
hCryptProv: HCRYPTPROV;
dwKeySpec: DWORD;
dwRecipientIndex: DWORD;
end;
{$EXTERNALSYM _CMSG_CTRL_DECRYPT_PARA}
CMSG_CTRL_DECRYPT_PARA = _CMSG_CTRL_DECRYPT_PARA;
{$EXTERNALSYM CMSG_CTRL_DECRYPT_PARA}
TCmsgCtrlDecryptPara = CMSG_CTRL_DECRYPT_PARA;
PCmsgCtrlDecryptPara = PCMSG_CTRL_DECRYPT_PARA;
//+-------------------------------------------------------------------------
// CMSG_CTRL_KEY_TRANS_DECRYPT
//
// Decrypt an ENVELOPED message after it has been decoded for a key
// transport recipient.
//
// hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec ==
// 0, defaults to AT_KEYEXCHANGE.
//
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed
// to CryptMsgControl, then, the hCryptProv is released on the final
// CryptMsgClose. Not released if CryptMsgControl fails.
//
// pKeyTrans points to the CMSG_KEY_TRANS_RECIPIENT_INFO obtained via
// CryptMsgGetParam(CMSG_CMS_RECIPIENT_INFO_PARAM)
//
// dwRecipientIndex is the index of the recipient in the message associated
// with the hCryptProv's private key.
//
// Note, the message can only be decrypted once.
//--------------------------------------------------------------------------
PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA = ^CMSG_CTRL_KEY_TRANS_DECRYPT_PARA;
{$EXTERNALSYM PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA}
_CMSG_CTRL_KEY_TRANS_DECRYPT_PARA = record
cbSize: DWORD;
hCryptProv: HCRYPTPROV;
dwKeySpec: DWORD;
pKeyTrans: PCMSG_KEY_TRANS_RECIPIENT_INFO;
dwRecipientIndex: DWORD;
end;
{$EXTERNALSYM _CMSG_CTRL_KEY_TRANS_DECRYPT_PARA}
CMSG_CTRL_KEY_TRANS_DECRYPT_PARA = _CMSG_CTRL_KEY_TRANS_DECRYPT_PARA;
{$EXTERNALSYM CMSG_CTRL_KEY_TRANS_DECRYPT_PARA}
TCmsgCtrlKeyTransDecryptPara = CMSG_CTRL_KEY_TRANS_DECRYPT_PARA;
PCmsgCtrlKeyTransDecryptPara = PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA;
//+-------------------------------------------------------------------------
// CMSG_CTRL_KEY_AGREE_DECRYPT
//
// Decrypt an ENVELOPED message after it has been decoded for a key
// agreement recipient.
//
// hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec ==
// 0, defaults to AT_KEYEXCHANGE.
//
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed
// to CryptMsgControl, then, the hCryptProv is released on the final
// CryptMsgClose. Not released if CryptMsgControl fails.
//
// pKeyAgree points to the CMSG_KEY_AGREE_RECIPIENT_INFO obtained via
// CryptMsgGetParam(CMSG_CMS_RECIPIENT_INFO_PARAM) for dwRecipientIndex.
//
// dwRecipientIndex, dwRecipientEncryptedKeyIndex are the indices of the
// recipient's encrypted key in the message associated with the hCryptProv's
// private key.
//
// OriginatorPublicKey is the originator's public key obtained from either
// the originator's certificate or the CMSG_KEY_AGREE_RECIPIENT_INFO obtained
// via the CMSG_CMS_RECIPIENT_INFO_PARAM.
//
// Note, the message can only be decrypted once.
//--------------------------------------------------------------------------
PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA = ^CMSG_CTRL_KEY_AGREE_DECRYPT_PARA;
{$EXTERNALSYM PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA}
_CMSG_CTRL_KEY_AGREE_DECRYPT_PARA = record
cbSize: DWORD;
hCryptProv: HCRYPTPROV;
dwKeySpec: DWORD;
pKeyAgree: PCMSG_KEY_AGREE_RECIPIENT_INFO;
dwRecipientIndex: DWORD;
dwRecipientEncryptedKeyIndex: DWORD;
OriginatorPublicKey: CRYPT_BIT_BLOB;
end;
{$EXTERNALSYM _CMSG_CTRL_KEY_AGREE_DECRYPT_PARA}
CMSG_CTRL_KEY_AGREE_DECRYPT_PARA = _CMSG_CTRL_KEY_AGREE_DECRYPT_PARA;
{$EXTERNALSYM CMSG_CTRL_KEY_AGREE_DECRYPT_PARA}
TCmsgCtrlKeyAgreeDecryptPara = CMSG_CTRL_KEY_AGREE_DECRYPT_PARA;
PCmsgCtrlKeyAgreeDecryptPara = PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA;
//+-------------------------------------------------------------------------
// CMSG_CTRL_MAIL_LIST_DECRYPT
//
// Decrypt an ENVELOPED message after it has been decoded for a mail
// list recipient.
//
// pMailList points to the CMSG_MAIL_LIST_RECIPIENT_INFO obtained via
// CryptMsgGetParam(CMSG_CMS_RECIPIENT_INFO_PARAM) for dwRecipientIndex.
//
// There is 1 choice for the KeyEncryptionKey: an already created CSP key
// handle. For the key handle choice, hCryptProv must be nonzero. This key
// handle isn't destroyed.
//
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags passed
// to CryptMsgControl, then, the hCryptProv is released on the final
// CryptMsgClose. Not released if CryptMsgControl fails.
//
// For RC2 wrap, the effective key length is obtained from the
// KeyEncryptionAlgorithm parameters and set on the hKeyEncryptionKey before
// decrypting.
//
// Note, the message can only be decrypted once.
//--------------------------------------------------------------------------
PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA = ^CMSG_CTRL_MAIL_LIST_DECRYPT_PARA;
{$EXTERNALSYM PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA}
_CMSG_CTRL_MAIL_LIST_DECRYPT_PARA = record
cbSize: DWORD;
hCryptProv: HCRYPTPROV;
pMailList: PCMSG_MAIL_LIST_RECIPIENT_INFO;
dwRecipientIndex: DWORD;
dwKeyChoice: DWORD;
case Integer of
// CMSG_MAIL_LIST_HANDLE_KEY_CHOICE
0: (hKeyEncryptionKey: HCRYPTKEY);
// Reserve space for a potential pointer choice
1: (pvKeyEncryptionKey: Pointer);
end;
{$EXTERNALSYM _CMSG_CTRL_MAIL_LIST_DECRYPT_PARA}
CMSG_CTRL_MAIL_LIST_DECRYPT_PARA = _CMSG_CTRL_MAIL_LIST_DECRYPT_PARA;
{$EXTERNALSYM CMSG_CTRL_MAIL_LIST_DECRYPT_PARA}
TCmsgCtrlMailListDecryptPara = CMSG_CTRL_MAIL_LIST_DECRYPT_PARA;
PCmsgCtrlMailListDecryptPara = PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA;
//+-------------------------------------------------------------------------
// CMSG_CTRL_VERIFY_HASH
//
// Verify the hash of a HASHED message after it has been decoded.
//
// Only the hCryptMsg parameter is used, to specify the message whose
// hash is being verified.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_ADD_SIGNER
//
// Add a signer to a signed-data message.
//
// pvCtrlPara points to a CMSG_SIGNER_ENCODE_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_ADD_CMS_SIGNER_INFO
//
// Add a signer to a signed-data message.
//
// Differs from the above, CMSG_CTRL_ADD_SIGNER, wherein, the signer info
// already contains the signature.
//
// pvCtrlPara points to a CMSG_CMS_SIGNER_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_DEL_SIGNER
//
// Remove a signer from a signed-data or signed-and-enveloped-data message.
//
// pvCtrlPara points to a DWORD containing the 0-based index of the
// signer to be removed.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR
//
// Add an unauthenticated attribute to the SignerInfo of a signed-data or
// signed-and-enveloped-data message.
//
// The unauthenticated attribute is input in the form of an encoded blob.
//--------------------------------------------------------------------------
PCMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA = ^CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA;
{$EXTERNALSYM PCMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA}
_CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA = record
cbSize: DWORD;
dwSignerIndex: DWORD;
blob: CRYPT_DATA_BLOB;
end;
{$EXTERNALSYM _CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA}
CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA = _CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA;
{$EXTERNALSYM CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA}
TCmsgCtrlAddSignerUnauthAttrPara = CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA;
PCmsgCtrlAddSignerUnauthAttrPara = PCMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA;
//+-------------------------------------------------------------------------
// CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR
//
// Delete an unauthenticated attribute from the SignerInfo of a signed-data
// or signed-and-enveloped-data message.
//
// The unauthenticated attribute to be removed is specified by
// a 0-based index.
//--------------------------------------------------------------------------
PCMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA = ^CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA;
{$EXTERNALSYM PCMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA}
_CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA = record
cbSize: DWORD;
dwSignerIndex: DWORD;
dwUnauthAttrIndex: DWORD;
end;
{$EXTERNALSYM _CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA}
CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA = _CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA;
{$EXTERNALSYM CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA}
TCmsgCtrlDelSignerUnauthAttrPara = CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA;
PCmsgCtrlDelSignerUnauthAttrPara = PCMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA;
//+-------------------------------------------------------------------------
// CMSG_CTRL_ADD_CERT
//
// Add a certificate to a signed-data or signed-and-enveloped-data message.
//
// pvCtrlPara points to a CRYPT_DATA_BLOB containing the certificate's
// encoded bytes.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_DEL_CERT
//
// Delete a certificate from a signed-data or signed-and-enveloped-data
// message.
//
// pvCtrlPara points to a DWORD containing the 0-based index of the
// certificate to be removed.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_ADD_CRL
//
// Add a CRL to a signed-data or signed-and-enveloped-data message.
//
// pvCtrlPara points to a CRYPT_DATA_BLOB containing the CRL's
// encoded bytes.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_DEL_CRL
//
// Delete a CRL from a signed-data or signed-and-enveloped-data message.
//
// pvCtrlPara points to a DWORD containing the 0-based index of the CRL
// to be removed.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_ADD_ATTR_CERT
//
// Add an attribute certificate to a signed-data message.
//
// pvCtrlPara points to a CRYPT_DATA_BLOB containing the attribute
// certificate's encoded bytes.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_CTRL_DEL_ATTR_CERT
//
// Delete an attribute certificate from a signed-data message.
//
// pvCtrlPara points to a DWORD containing the 0-based index of the
// attribute certificate to be removed.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Verify a countersignature, at the SignerInfo level.
// ie. verify that pbSignerInfoCountersignature contains the encrypted
// hash of the encryptedDigest field of pbSignerInfo.
//
// hCryptProv is used to hash the encryptedDigest field of pbSignerInfo.
// The only fields referenced from pciCountersigner are SerialNumber, Issuer,
// and SubjectPublicKeyInfo.
//--------------------------------------------------------------------------
function CryptMsgVerifyCountersignatureEncoded(hCryptProv: HCRYPTPROV;
dwEncodingType: DWORD; pbSignerInfo: PBYTE; cbSignerInfo: DWORD;
pbSignerInfoCountersignature: PBYTE; cbSignerInfoCountersignature: DWORD;
pciCountersigner: PCERT_INFO): BOOL; stdcall;
{$EXTERNALSYM CryptMsgVerifyCountersignatureEncoded}
//+-------------------------------------------------------------------------
// Verify a countersignature, at the SignerInfo level.
// ie. verify that pbSignerInfoCountersignature contains the encrypted
// hash of the encryptedDigest field of pbSignerInfo.
//
// hCryptProv is used to hash the encryptedDigest field of pbSignerInfo.
//
// The signer can be a CERT_PUBLIC_KEY_INFO, certificate context or a
// chain context.
//--------------------------------------------------------------------------
function CryptMsgVerifyCountersignatureEncodedEx(hCryptProv: HCRYPTPROV;
dwEncodingType: DWORD; pbSignerInfo: PBYTE; cbSignerInfo: DWORD;
pbSignerInfoCountersignature: PBYTE; cbSignerInfoCountersignature: DWORD;
dwSignerType: DWORD; pvSigner: Pointer; dwFlags: DWORD; pvReserved: Pointer): BOOL; stdcall;
{$EXTERNALSYM CryptMsgVerifyCountersignatureEncodedEx}
// See CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA for dwSignerType definitions
//+-------------------------------------------------------------------------
// Countersign an already-existing signature in a message
//
// dwIndex is a zero-based index of the SignerInfo to be countersigned.
//--------------------------------------------------------------------------
function CryptMsgCountersign(hCryptMsg: HCRYPTMSG; dwIndex, cCountersigners: DWORD;
rgCountersigners: PCMSG_SIGNER_ENCODE_INFO): BOOL; stdcall;
{$EXTERNALSYM CryptMsgCountersign}
//+-------------------------------------------------------------------------
// Countersign an already-existing signature (encoded SignerInfo).
// Output an encoded SignerInfo blob, suitable for use as a countersignature
// attribute in the unauthenticated attributes of a signed-data or
// signed-and-enveloped-data message.
//--------------------------------------------------------------------------
function CryptMsgCountersignEncoded(dwEncodingType: DWORD; pbSignerInfo: PBYTE;
cbSignerInfo: DWORD; cCountersigners: DWORD; rgCountersigners: PCMSG_SIGNER_ENCODE_INFO;
pbCountersignature: PBYTE; var pcbCountersignature: DWORD): BOOL; stdcall;
{$EXTERNALSYM CryptMsgCountersignEncoded}
//+-------------------------------------------------------------------------
// CryptMsg OID installable functions
//--------------------------------------------------------------------------
type
PFN_CMSG_ALLOC = function (cb: size_t): Pointer; stdcall;
{$EXTERNALSYM PFN_CMSG_ALLOC}
PFnCMsgAlloc = PFN_CMSG_ALLOC;
PFN_CMSG_FREE = procedure (pv: Pointer); stdcall;
{$EXTERNALSYM PFN_CMSG_FREE}
PFnCMsgFree = PFN_CMSG_FREE;
// Note, the following 3 installable functions are obsolete and have been
// replaced with GenContentEncryptKey, ExportKeyTrans, ExportKeyAgree,
// ExportMailList, ImportKeyTrans, ImportKeyAgree and ImportMailList
// installable functions.
// If *phCryptProv is NULL upon entry, then, if supported, the installable
// function should acquire a default provider and return. Note, its up
// to the installable function to release at process detach.
//
// If paiEncrypt->Parameters.cbData is 0, then, the callback may optionally
// return default encoded parameters in *ppbEncryptParameters and
// *pcbEncryptParameters. pfnAlloc must be called for the allocation.
const
CMSG_OID_GEN_ENCRYPT_KEY_FUNC = 'CryptMsgDllGenEncryptKey';
{$EXTERNALSYM CMSG_OID_GEN_ENCRYPT_KEY_FUNC}
type
PFN_CMSG_GEN_ENCRYPT_KEY = function (phCryptProv: PHCRYPTPROV;
paiEncrypt: PCRYPT_ALGORITHM_IDENTIFIER; pvEncryptAuxInfo: PVOID;
pPublicKeyInfo: PCERT_PUBLIC_KEY_INFO; pfnAlloc: PFN_CMSG_ALLOC;
var phEncryptKey: HCRYPTKEY; var ppbEncryptParameters: PBYTE;
pcbEncryptParameters: PDWORD): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_GEN_ENCRYPT_KEY}
PfnCmsgGenEncryptKey = PFN_CMSG_GEN_ENCRYPT_KEY;
const
CMSG_OID_EXPORT_ENCRYPT_KEY_FUNC = 'CryptMsgDllExportEncryptKey';
{$EXTERNALSYM CMSG_OID_EXPORT_ENCRYPT_KEY_FUNC}
type
PFN_CMSG_EXPORT_ENCRYPT_KEY = function (hCryptProv: HCRYPTPROV;
hEncryptKey: HCRYPTKEY; pPublicKeyInfo: PCERT_PUBLIC_KEY_INFO;
pbData: PBYTE; var pcbData: DWORD): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_EXPORT_ENCRYPT_KEY}
PfnCmsgExportEncryptKey = PFN_CMSG_EXPORT_ENCRYPT_KEY;
const
CMSG_OID_IMPORT_ENCRYPT_KEY_FUNC = 'CryptMsgDllImportEncryptKey';
{$EXTERNALSYM CMSG_OID_IMPORT_ENCRYPT_KEY_FUNC}
type
PFN_CMSG_IMPORT_ENCRYPT_KEY = function (hCryptProv: HCRYPTPROV;
dwKeySpec: DWORD; paiEncrypt: PCRYPT_ALGORITHM_IDENTIFIER;
paiPubKey: PCRYPT_ALGORITHM_IDENTIFIER; pbEncodedKey: PBYTE;
cbEncodedKey: DWORD; var phEncryptKey: HCRYPTKEY): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_IMPORT_ENCRYPT_KEY}
PfnCmsgImportEncryptKey = PFN_CMSG_IMPORT_ENCRYPT_KEY;
// To get the default installable function for GenContentEncryptKey,
// ExportKeyTrans, ExportKeyAgree, ExportMailList, ImportKeyTrans,
// ImportKeyAgree or ImportMailList call CryptGetOIDFunctionAddress()
// with the pszOID argument set to the following constant. dwEncodingType
// should be set to CRYPT_ASN_ENCODING or X509_ASN_ENCODING.
const
CMSG_DEFAULT_INSTALLABLE_FUNC_OID = LPCSTR(1);
{$EXTERNALSYM CMSG_DEFAULT_INSTALLABLE_FUNC_OID}
//+-------------------------------------------------------------------------
// Content Encrypt Info
//
// The following data structure contains the information shared between
// the GenContentEncryptKey and the ExportKeyTrans, ExportKeyAgree and
// ExportMailList installable functions.
//--------------------------------------------------------------------------
type
PCMSG_CONTENT_ENCRYPT_INFO = ^CMSG_CONTENT_ENCRYPT_INFO;
{$EXTERNALSYM PCMSG_CONTENT_ENCRYPT_INFO}
_CMSG_CONTENT_ENCRYPT_INFO = record
cbSize: DWORD;
hCryptProv: HCRYPTPROV;
ContentEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
pvEncryptionAuxInfo: Pointer;
cRecipients: DWORD;
rgCmsRecipients: PCMSG_RECIPIENT_ENCODE_INFO;
pfnAlloc: PFN_CMSG_ALLOC;
pfnFree: PFN_CMSG_FREE;
dwEncryptFlags: DWORD;
hContentEncryptKey: HCRYPTKEY;
dwFlags: DWORD;
end;
{$EXTERNALSYM _CMSG_CONTENT_ENCRYPT_INFO}
CMSG_CONTENT_ENCRYPT_INFO = _CMSG_CONTENT_ENCRYPT_INFO;
{$EXTERNALSYM CMSG_CONTENT_ENCRYPT_INFO}
TCmsgContentEncryptInfo = CMSG_CONTENT_ENCRYPT_INFO;
PCmsgContentEncryptInfo = PCMSG_CONTENT_ENCRYPT_INFO;
const
CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG = $00000001;
{$EXTERNALSYM CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG}
CMSG_CONTENT_ENCRYPT_FREE_PARA_FLAG = $00000001;
{$EXTERNALSYM CMSG_CONTENT_ENCRYPT_FREE_PARA_FLAG}
CMSG_CONTENT_ENCRYPT_RELEASE_CONTEXT_FLAG = $00008000;
{$EXTERNALSYM CMSG_CONTENT_ENCRYPT_RELEASE_CONTEXT_FLAG}
//+-------------------------------------------------------------------------
// Upon input, ContentEncryptInfo has been initialized from the
// EnvelopedEncodeInfo.
//
// Note, if rgpRecipients instead of rgCmsRecipients are set in the
// EnvelopedEncodeInfo, then, the rgpRecipients have been converted
// to rgCmsRecipients in the ContentEncryptInfo.
//
// The following fields may be changed in ContentEncryptInfo:
// hContentEncryptKey
// hCryptProv
// ContentEncryptionAlgorithm.Parameters
// dwFlags
//
// All other fields in the ContentEncryptInfo are READONLY.
//
// If CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG is set upon entry
// in dwEncryptFlags, then, any potentially variable length encoded
// output should be padded with zeroes to always obtain the
// same maximum encoded length. This is necessary for
// CryptMsgCalculateEncodedLength() or CryptMsgOpenToEncode() with
// definite length streaming.
//
// The hContentEncryptKey must be updated.
//
// If hCryptProv is NULL upon input, then, it must be updated.
// If a HCRYPTPROV is acquired that must be released, then, the
// CMSG_CONTENT_ENCRYPT_RELEASE_CONTEXT_FLAG must be set in dwFlags.
//
// If ContentEncryptionAlgorithm.Parameters is updated, then, the
// CMSG_CONTENT_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags. pfnAlloc and
// pfnFree must be used for doing the allocation.
//
// ContentEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//--------------------------------------------------------------------------
const
CMSG_OID_GEN_CONTENT_ENCRYPT_KEY_FUNC = 'CryptMsgDllGenContentEncryptKey';
{$EXTERNALSYM CMSG_OID_GEN_CONTENT_ENCRYPT_KEY_FUNC}
type
PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY = function (pContentEncryptInfo: PCMSG_CONTENT_ENCRYPT_INFO;
dwFlags: DWORD; pvReserved: PPointer): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY}
PfnCmsgGenContentEncryptKey = PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY;
//+-------------------------------------------------------------------------
// Key Transport Encrypt Info
//
// The following data structure contains the information updated by the
// ExportKeyTrans installable function.
//--------------------------------------------------------------------------
type
PCMSG_KEY_TRANS_ENCRYPT_INFO = ^CMSG_KEY_TRANS_ENCRYPT_INFO;
{$EXTERNALSYM PCMSG_KEY_TRANS_ENCRYPT_INFO}
_CMSG_KEY_TRANS_ENCRYPT_INFO = record
cbSize: DWORD;
dwRecipientIndex: DWORD;
KeyEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
EncryptedKey: CRYPT_DATA_BLOB;
dwFlags: DWORD;
end;
{$EXTERNALSYM _CMSG_KEY_TRANS_ENCRYPT_INFO}
CMSG_KEY_TRANS_ENCRYPT_INFO = _CMSG_KEY_TRANS_ENCRYPT_INFO;
{$EXTERNALSYM CMSG_KEY_TRANS_ENCRYPT_INFO}
TCmsgKeyTransEncryptInfo = CMSG_KEY_TRANS_ENCRYPT_INFO;
PCmsgKeyTransEncryptInfo = PCMSG_KEY_TRANS_ENCRYPT_INFO;
const
CMSG_KEY_TRANS_ENCRYPT_FREE_PARA_FLAG = $00000001;
{$EXTERNALSYM CMSG_KEY_TRANS_ENCRYPT_FREE_PARA_FLAG}
//+-------------------------------------------------------------------------
// Upon input, KeyTransEncryptInfo has been initialized from the
// KeyTransEncodeInfo.
//
// The following fields may be changed in KeyTransEncryptInfo:
// EncryptedKey
// KeyEncryptionAlgorithm.Parameters
// dwFlags
//
// All other fields in the KeyTransEncryptInfo are READONLY.
//
// The EncryptedKey must be updated. The pfnAlloc and pfnFree specified in
// ContentEncryptInfo must be used for doing the allocation.
//
// If the KeyEncryptionAlgorithm.Parameters is updated, then, the
// CMSG_KEY_TRANS_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags.
// The pfnAlloc and pfnFree specified in ContentEncryptInfo must be used
// for doing the allocation.
//
// KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//--------------------------------------------------------------------------
const
CMSG_OID_EXPORT_KEY_TRANS_FUNC = 'CryptMsgDllExportKeyTrans';
{$EXTERNALSYM CMSG_OID_EXPORT_KEY_TRANS_FUNC}
type
PFN_CMSG_EXPORT_KEY_TRANS = function (pContentEncryptInfo: PCMSG_CONTENT_ENCRYPT_INFO;
pKeyTransEncodeInfo: PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO;
pKeyTransEncryptInfo: PCMSG_KEY_TRANS_ENCRYPT_INFO; dwFlags: DWORD;
pvReserved: Pointer): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_EXPORT_KEY_TRANS}
PfnCmsgExportKeyTrans = PFN_CMSG_EXPORT_KEY_TRANS;
//+-------------------------------------------------------------------------
// Key Agree Key Encrypt Info
//
// The following data structure contains the information updated by the
// ExportKeyAgree installable function for each encrypted key agree
// recipient.
//--------------------------------------------------------------------------
type
PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO = ^CMSG_KEY_AGREE_KEY_ENCRYPT_INFO;
{$EXTERNALSYM PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO}
_CMSG_KEY_AGREE_KEY_ENCRYPT_INFO = record
cbSize: DWORD;
EncryptedKey: CRYPT_DATA_BLOB;
end;
{$EXTERNALSYM _CMSG_KEY_AGREE_KEY_ENCRYPT_INFO}
CMSG_KEY_AGREE_KEY_ENCRYPT_INFO = _CMSG_KEY_AGREE_KEY_ENCRYPT_INFO;
{$EXTERNALSYM CMSG_KEY_AGREE_KEY_ENCRYPT_INFO}
TCmsgKeyAgreeKeyEncryptInfo = CMSG_KEY_AGREE_KEY_ENCRYPT_INFO;
PCmsgKeyAgreeKeyEncryptInfo = PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO;
PPCMSG_KEY_AGREE_KEY_ENCRYPT_INFO = ^PCMSG_KEY_AGREE_KEY_ENCRYPT_INFO;
{$NODEFINE PPCMSG_KEY_AGREE_KEY_ENCRYPT_INFO}
//+-------------------------------------------------------------------------
// Key Agree Encrypt Info
//
// The following data structure contains the information applicable to
// all recipients. Its updated by the ExportKeyAgree installable function.
//--------------------------------------------------------------------------
PCMSG_KEY_AGREE_ENCRYPT_INFO = ^CMSG_KEY_AGREE_ENCRYPT_INFO;
{$EXTERNALSYM PCMSG_KEY_AGREE_ENCRYPT_INFO}
_CMSG_KEY_AGREE_ENCRYPT_INFO = record
cbSize: DWORD;
dwRecipientIndex: DWORD;
KeyEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
UserKeyingMaterial: CRYPT_DATA_BLOB;
dwOriginatorChoice: DWORD;
Union: record
case Integer of
// CMSG_KEY_AGREE_ORIGINATOR_CERT
0: (OriginatorCertId: CERT_ID);
// CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY
1: (OriginatorPublicKeyInfo: CERT_PUBLIC_KEY_INFO);
end;
cKeyAgreeKeyEncryptInfo: DWORD;
rgpKeyAgreeKeyEncryptInfo: PPCMSG_KEY_AGREE_KEY_ENCRYPT_INFO;
dwFlags: DWORD;
end;
{$EXTERNALSYM _CMSG_KEY_AGREE_ENCRYPT_INFO}
CMSG_KEY_AGREE_ENCRYPT_INFO = _CMSG_KEY_AGREE_ENCRYPT_INFO;
{$EXTERNALSYM CMSG_KEY_AGREE_ENCRYPT_INFO}
TCmsgKeyAgreeEncryptInfo = CMSG_KEY_AGREE_ENCRYPT_INFO;
PCmsgKeyAgreeEncryptInfo = PCMSG_KEY_AGREE_ENCRYPT_INFO;
const
CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG = $00000001;
{$EXTERNALSYM CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG}
CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG = $00000002;
{$EXTERNALSYM CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG}
CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_ALG_FLAG = $00000004;
{$EXTERNALSYM CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_ALG_FLAG}
CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_PARA_FLAG = $00000008;
{$EXTERNALSYM CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_PARA_FLAG}
CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_BITS_FLAG = $00000010;
{$EXTERNALSYM CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_BITS_FLAG}
//+-------------------------------------------------------------------------
// Upon input, KeyAgreeEncryptInfo has been initialized from the
// KeyAgreeEncodeInfo.
//
// The following fields may be changed in KeyAgreeEncryptInfo:
// KeyEncryptionAlgorithm.Parameters
// UserKeyingMaterial
// dwOriginatorChoice
// OriginatorCertId
// OriginatorPublicKeyInfo
// dwFlags
//
// All other fields in the KeyAgreeEncryptInfo are READONLY.
//
// If the KeyEncryptionAlgorithm.Parameters is updated, then, the
// CMSG_KEY_AGREE_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags.
// The pfnAlloc and pfnFree specified in ContentEncryptInfo must be used
// for doing the allocation.
//
// If the UserKeyingMaterial is updated, then, the
// CMSG_KEY_AGREE_ENCRYPT_FREE_MATERIAL_FLAG must be set in dwFlags.
// pfnAlloc and pfnFree must be used for doing the allocation.
//
// The dwOriginatorChoice must be updated to either
// CMSG_KEY_AGREE_ORIGINATOR_CERT or CMSG_KEY_AGREE_ORIGINATOR_PUBLIC_KEY.
//
// If the OriginatorPublicKeyInfo is updated, then, the appropriate
// CMSG_KEY_AGREE_ENCRYPT_FREE_PUBKEY_*_FLAG must be set in dwFlags and
// pfnAlloc and pfnFree must be used for doing the allocation.
//
// If CMSG_CONTENT_ENCRYPT_PAD_ENCODED_LEN_FLAG is set upon entry
// in pContentEncryptInfo->dwEncryptFlags, then, the OriginatorPublicKeyInfo's
// Ephemeral PublicKey should be padded with zeroes to always obtain the
// same maximum encoded length. Note, the length of the generated ephemeral Y
// public key can vary depending on the number of leading zero bits.
//
// Upon input, the array of *rgpKeyAgreeKeyEncryptInfo has been initialized.
// The EncryptedKey must be updated for each recipient key.
// The pfnAlloc and pfnFree specified in
// ContentEncryptInfo must be used for doing the allocation.
//
// KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//--------------------------------------------------------------------------
const
CMSG_OID_EXPORT_KEY_AGREE_FUNC = 'CryptMsgDllExportKeyAgree';
{$EXTERNALSYM CMSG_OID_EXPORT_KEY_AGREE_FUNC}
type
PFN_CMSG_EXPORT_KEY_AGREE = function (pContentEncryptInfo: PCMSG_CONTENT_ENCRYPT_INFO;
pKeyAgreeEncodeInfo: PCMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO;
pKeyAgreeEncryptInfo: PCMSG_KEY_AGREE_ENCRYPT_INFO; dwFlags: DWORD;
pvReserved: Pointer): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_EXPORT_KEY_AGREE}
PfnCmsgExportKeyAgree = PFN_CMSG_EXPORT_KEY_AGREE;
//+-------------------------------------------------------------------------
// Mail List Encrypt Info
//
// The following data structure contains the information updated by the
// ExportMailList installable function.
//--------------------------------------------------------------------------
type
PCMSG_MAIL_LIST_ENCRYPT_INFO = ^CMSG_MAIL_LIST_ENCRYPT_INFO;
{$EXTERNALSYM PCMSG_MAIL_LIST_ENCRYPT_INFO}
_CMSG_MAIL_LIST_ENCRYPT_INFO = record
cbSize: DWORD;
dwRecipientIndex: DWORD;
KeyEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
EncryptedKey: CRYPT_DATA_BLOB;
dwFlags: DWORD;
end;
{$EXTERNALSYM _CMSG_MAIL_LIST_ENCRYPT_INFO}
CMSG_MAIL_LIST_ENCRYPT_INFO = _CMSG_MAIL_LIST_ENCRYPT_INFO;
{$EXTERNALSYM CMSG_MAIL_LIST_ENCRYPT_INFO}
TCmsgMailListEncryptInfo = CMSG_MAIL_LIST_ENCRYPT_INFO;
PCmsgMailListEncryptInfo = PCMSG_MAIL_LIST_ENCRYPT_INFO;
const
CMSG_MAIL_LIST_ENCRYPT_FREE_PARA_FLAG = $00000001;
{$EXTERNALSYM CMSG_MAIL_LIST_ENCRYPT_FREE_PARA_FLAG}
//+-------------------------------------------------------------------------
// Upon input, MailListEncryptInfo has been initialized from the
// MailListEncodeInfo.
//
// The following fields may be changed in MailListEncryptInfo:
// EncryptedKey
// KeyEncryptionAlgorithm.Parameters
// dwFlags
//
// All other fields in the MailListEncryptInfo are READONLY.
//
// The EncryptedKey must be updated. The pfnAlloc and pfnFree specified in
// ContentEncryptInfo must be used for doing the allocation.
//
// If the KeyEncryptionAlgorithm.Parameters is updated, then, the
// CMSG_MAIL_LIST_ENCRYPT_FREE_PARA_FLAG must be set in dwFlags.
// The pfnAlloc and pfnFree specified in ContentEncryptInfo must be used
// for doing the allocation.
//
// KeyEncryptionAlgorithm.pszObjId is used to get the OIDFunctionAddress.
//--------------------------------------------------------------------------
const
CMSG_OID_EXPORT_MAIL_LIST_FUNC = 'CryptMsgDllExportMailList';
{$EXTERNALSYM CMSG_OID_EXPORT_MAIL_LIST_FUNC}
type
PFN_CMSG_EXPORT_MAIL_LIST = function (pContentEncryptInfo: PCMSG_CONTENT_ENCRYPT_INFO;
pMailListEncodeInfo: PCMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO;
pMailListEncryptInfo: PCMSG_MAIL_LIST_ENCRYPT_INFO; dwFlags: DWORD;
pvReserved: Pointer): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_EXPORT_MAIL_LIST}
PfnCmsgExportMailList = PFN_CMSG_EXPORT_MAIL_LIST;
//+-------------------------------------------------------------------------
// OID Installable functions for importing an encoded and encrypted content
// encryption key.
//
// There's a different installable function for each CMS Recipient choice:
// ImportKeyTrans
// ImportKeyAgree
// ImportMailList
//
// Iterates through the following OIDs to get the OID installable function:
// KeyEncryptionOID!ContentEncryptionOID
// KeyEncryptionOID
// ContentEncryptionOID
//
// If the OID installable function doesn't support the specified
// KeyEncryption and ContentEncryption OIDs, then, return FALSE with
// LastError set to E_NOTIMPL.
//--------------------------------------------------------------------------
const
CMSG_OID_IMPORT_KEY_TRANS_FUNC = 'CryptMsgDllImportKeyTrans';
{$EXTERNALSYM CMSG_OID_IMPORT_KEY_TRANS_FUNC}
type
PFN_CMSG_IMPORT_KEY_TRANS = function (pContentEncryptionAlgorithm: PCRYPT_ALGORITHM_IDENTIFIER;
pKeyTransDecryptPara: PCMSG_CTRL_KEY_TRANS_DECRYPT_PARA; dwFlags: DWORD;
pvReserved: Pointer; var phContentEncryptKey: HCRYPTKEY): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_IMPORT_KEY_TRANS}
PfnCmsgImportKeyTrans = PFN_CMSG_IMPORT_KEY_TRANS;
const
CMSG_OID_IMPORT_KEY_AGREE_FUNC = 'CryptMsgDllImportKeyAgree';
{$EXTERNALSYM CMSG_OID_IMPORT_KEY_AGREE_FUNC}
type
PFN_CMSG_IMPORT_KEY_AGREE = function (pContentEncryptionAlgorithm: PCRYPT_ALGORITHM_IDENTIFIER;
pKeyAgreeDecryptPara: PCMSG_CTRL_KEY_AGREE_DECRYPT_PARA; dwFlags: DWORD;
pvReserved: Pointer; var phContentEncryptKey: HCRYPTKEY): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_IMPORT_KEY_AGREE}
PfnCmsgImportKeyAgree = PFN_CMSG_IMPORT_KEY_AGREE;
const
CMSG_OID_IMPORT_MAIL_LIST_FUNC = 'CryptMsgDllImportMailList';
{$EXTERNALSYM CMSG_OID_IMPORT_MAIL_LIST_FUNC}
type
PFN_CMSG_IMPORT_MAIL_LIST = function (pContentEncryptionAlgorithm: PCRYPT_ALGORITHM_IDENTIFIER;
pMailListDecryptPara: PCMSG_CTRL_MAIL_LIST_DECRYPT_PARA; dwFlags: DWORD;
pvReserved: Pointer; var phContentEncryptKey: HCRYPTKEY): BOOL; stdcall;
{$EXTERNALSYM PFN_CMSG_IMPORT_MAIL_LIST}
PfnCmsgImportMailList = PFN_CMSG_IMPORT_MAIL_LIST;
//+=========================================================================
// Certificate Store Data Structures and APIs
//==========================================================================
//+-------------------------------------------------------------------------
// In its most basic implementation, a cert store is simply a
// collection of certificates and/or CRLs. This is the case when
// a cert store is opened with all of its certificates and CRLs
// coming from a PKCS #7 encoded cryptographic message.
//
// Nonetheless, all cert stores have the following properties:
// - A public key may have more than one certificate in the store.
// For example, a private/public key used for signing may have a
// certificate issued for VISA and another issued for
// Mastercard. Also, when a certificate is renewed there might
// be more than one certificate with the same subject and
// issuer.
// - However, each certificate in the store is uniquely
// identified by its Issuer and SerialNumber.
// - There's an issuer of subject certificate relationship. A
// certificate's issuer is found by doing a match of
// pSubjectCert->Issuer with pIssuerCert->Subject.
// The relationship is verified by using
// the issuer's public key to verify the subject certificate's
// signature. Note, there might be X.509 v3 extensions
// to assist in finding the issuer certificate.
// - Since issuer certificates might be renewed, a subject
// certificate might have more than one issuer certificate.
// - There's an issuer of CRL relationship. An
// issuer's CRL is found by doing a match of
// pIssuerCert->Subject with pCrl->Issuer.
// The relationship is verified by using
// the issuer's public key to verify the CRL's
// signature. Note, there might be X.509 v3 extensions
// to assist in finding the CRL.
// - Since some issuers might support the X.509 v3 delta CRL
// extensions, an issuer might have more than one CRL.
// - The store shouldn't have any redundant certificates or
// CRLs. There shouldn't be two certificates with the same
// Issuer and SerialNumber. There shouldn't be two CRLs with
// the same Issuer, ThisUpdate and NextUpdate.
// - The store has NO policy or trust information. No
// certificates are tagged as being "root". Its up to
// the application to maintain a list of CertIds (Issuer +
// SerialNumber) for certificates it trusts.
// - The store might contain bad certificates and/or CRLs.
// The issuer's signature of a subject certificate or CRL may
// not verify. Certificates or CRLs may not satisfy their
// time validity requirements. Certificates may be
// revoked.
//
// In addition to the certificates and CRLs, properties can be
// stored. There are two predefined property IDs for a user
// certificate: CERT_KEY_PROV_HANDLE_PROP_ID and
// CERT_KEY_PROV_INFO_PROP_ID. The CERT_KEY_PROV_HANDLE_PROP_ID
// is a HCRYPTPROV handle to the private key assoicated
// with the certificate. The CERT_KEY_PROV_INFO_PROP_ID contains
// information to be used to call
// CryptAcquireContext and CryptSetProvParam to get a handle
// to the private key associated with the certificate.
//
// There exists two more predefined property IDs for certificates
// and CRLs, CERT_SHA1_HASH_PROP_ID and CERT_MD5_HASH_PROP_ID.
// If these properties don't already exist, then, a hash of the
// content is computed. (CERT_HASH_PROP_ID maps to the default
// hash algorithm, currently, CERT_SHA1_HASH_PROP_ID).
//
// There are additional APIs for creating certificate and CRL
// contexts not in a store (CertCreateCertificateContext and
// CertCreateCRLContext).
//
//--------------------------------------------------------------------------
type
HCERTSTORE = Pointer;
{$EXTERNALSYM HCERTSTORE}
PHCERTSTORE = ^HCERTSTORE;
{$NODEFINE PHCERTSTORE}
//+-------------------------------------------------------------------------
// Certificate context.
//
// A certificate context contains both the encoded and decoded representation
// of a certificate. A certificate context returned by a cert store function
// must be freed by calling the CertFreeCertificateContext function. The
// CertDuplicateCertificateContext function can be called to make a duplicate
// copy (which also must be freed by calling CertFreeCertificateContext).
//--------------------------------------------------------------------------
PCERT_CONTEXT = ^CERT_CONTEXT;
{$EXTERNALSYM CERT_CONTEXT}
_CERT_CONTEXT = record
dwCertEncodingType: DWORD;
pbCertEncoded: LPBYTE;
cbCertEncoded: DWORD;
pCertInfo: PCERT_INFO;
hCertStore: HCERTSTORE;
end;
{$EXTERNALSYM _CERT_CONTEXT}
CERT_CONTEXT = _CERT_CONTEXT;
{$EXTERNALSYM CERT_CONTEXT}
TCertContext = CERT_CONTEXT;
PCertContext = PCERT_CONTEXT;
PCCERT_CONTEXT = PCERT_CONTEXT;
{$EXTERNALSYM PCCERT_CONTEXT}
PPCCERT_CONTEXT = ^PCCERT_CONTEXT;
{$NODEFINE PCCERT_CONTEXT}
//+-------------------------------------------------------------------------
// CRL context.
//
// A CRL context contains both the encoded and decoded representation
// of a CRL. A CRL context returned by a cert store function
// must be freed by calling the CertFreeCRLContext function. The
// CertDuplicateCRLContext function can be called to make a duplicate
// copy (which also must be freed by calling CertFreeCRLContext).
//--------------------------------------------------------------------------
PCRL_CONTEXT = ^CRL_CONTEXT;
{$EXTERNALSYM PCRL_CONTEXT}
_CRL_CONTEXT = record
dwCertEncodingType: DWORD;
pbCrlEncoded: LPBYTE;
cbCrlEncoded: DWORD;
pCrlInfo: PCRL_INFO;
hCertStore: HCERTSTORE;
end;
{$EXTERNALSYM _CRL_CONTEXT}
CRL_CONTEXT = _CRL_CONTEXT;
{$EXTERNALSYM CRL_CONTEXT}
TCrlContext = CRL_CONTEXT;
PCrlContext = PCRL_CONTEXT;
PCCRL_CONTEXT = PCRL_CONTEXT;
{$EXTERNALSYM PCCRL_CONTEXT}
PPCCRL_CONTEXT = ^PCCRL_CONTEXT;
{$NODEFINE PPCCRL_CONTEXT}
//+-------------------------------------------------------------------------
// Certificate Trust List (CTL) context.
//
// A CTL context contains both the encoded and decoded representation
// of a CTL. Also contains an opened HCRYPTMSG handle to the decoded
// cryptographic signed message containing the CTL_INFO as its inner content.
// pbCtlContent is the encoded inner content of the signed message.
//
// The CryptMsg APIs can be used to extract additional signer information.
//--------------------------------------------------------------------------
PCTL_CONTEXT = ^CTL_CONTEXT;
{$EXTERNALSYM PCTL_CONTEXT}
_CTL_CONTEXT = record
dwMsgAndCertEncodingType: DWORD;
pbCtlEncoded: LPBYTE;
cbCtlEncoded: DWORD;
pCtlInfo: PCTL_INFO;
hCertStore: HCERTSTORE;
hCryptMsg: HCRYPTMSG;
pbCtlContent: LPBYTE;
cbCtlContent: DWORD;
end;
{$EXTERNALSYM _CTL_CONTEXT}
CTL_CONTEXT = _CTL_CONTEXT;
{$EXTERNALSYM CTL_CONTEXT}
TCtlContext = CTL_CONTEXT;
PCtlContext = PCTL_CONTEXT;
PCCTL_CONTEXT = PCTL_CONTEXT;
{$EXTERNALSYM PCCTL_CONTEXT}
PPCCTL_CONTEXT = ^PCCTL_CONTEXT;
{$EXTERNALSYM PPCCTL_CONTEXT}
//+-------------------------------------------------------------------------
// Certificate, CRL and CTL property IDs
//
// See CertSetCertificateContextProperty or CertGetCertificateContextProperty
// for usage information.
//--------------------------------------------------------------------------
const
CERT_KEY_PROV_HANDLE_PROP_ID = 1;
{$EXTERNALSYM CERT_KEY_PROV_HANDLE_PROP_ID}
CERT_KEY_PROV_INFO_PROP_ID = 2;
{$EXTERNALSYM CERT_KEY_PROV_INFO_PROP_ID}
CERT_SHA1_HASH_PROP_ID = 3;
{$EXTERNALSYM CERT_SHA1_HASH_PROP_ID}
CERT_MD5_HASH_PROP_ID = 4;
{$EXTERNALSYM CERT_MD5_HASH_PROP_ID}
CERT_HASH_PROP_ID = CERT_SHA1_HASH_PROP_ID;
{$EXTERNALSYM CERT_HASH_PROP_ID}
CERT_KEY_CONTEXT_PROP_ID = 5;
{$EXTERNALSYM CERT_KEY_CONTEXT_PROP_ID}
CERT_KEY_SPEC_PROP_ID = 6;
{$EXTERNALSYM CERT_KEY_SPEC_PROP_ID}
CERT_IE30_RESERVED_PROP_ID = 7;
{$EXTERNALSYM CERT_IE30_RESERVED_PROP_ID}
CERT_PUBKEY_HASH_RESERVED_PROP_ID = 8;
{$EXTERNALSYM CERT_PUBKEY_HASH_RESERVED_PROP_ID}
CERT_ENHKEY_USAGE_PROP_ID = 9;
{$EXTERNALSYM CERT_ENHKEY_USAGE_PROP_ID}
CERT_CTL_USAGE_PROP_ID = CERT_ENHKEY_USAGE_PROP_ID;
{$EXTERNALSYM CERT_CTL_USAGE_PROP_ID}
CERT_NEXT_UPDATE_LOCATION_PROP_ID = 10;
{$EXTERNALSYM CERT_NEXT_UPDATE_LOCATION_PROP_ID}
CERT_FRIENDLY_NAME_PROP_ID = 11;
{$EXTERNALSYM CERT_FRIENDLY_NAME_PROP_ID}
CERT_PVK_FILE_PROP_ID = 12;
{$EXTERNALSYM CERT_PVK_FILE_PROP_ID}
CERT_DESCRIPTION_PROP_ID = 13;
{$EXTERNALSYM CERT_DESCRIPTION_PROP_ID}
CERT_ACCESS_STATE_PROP_ID = 14;
{$EXTERNALSYM CERT_ACCESS_STATE_PROP_ID}
CERT_SIGNATURE_HASH_PROP_ID = 15;
{$EXTERNALSYM CERT_SIGNATURE_HASH_PROP_ID}
CERT_SMART_CARD_DATA_PROP_ID = 16;
{$EXTERNALSYM CERT_SMART_CARD_DATA_PROP_ID}
CERT_EFS_PROP_ID = 17;
{$EXTERNALSYM CERT_EFS_PROP_ID}
CERT_FORTEZZA_DATA_PROP_ID = 18;
{$EXTERNALSYM CERT_FORTEZZA_DATA_PROP_ID}
CERT_ARCHIVED_PROP_ID = 19;
{$EXTERNALSYM CERT_ARCHIVED_PROP_ID}
CERT_KEY_IDENTIFIER_PROP_ID = 20;
{$EXTERNALSYM CERT_KEY_IDENTIFIER_PROP_ID}
CERT_AUTO_ENROLL_PROP_ID = 21;
{$EXTERNALSYM CERT_AUTO_ENROLL_PROP_ID}
CERT_PUBKEY_ALG_PARA_PROP_ID = 22;
{$EXTERNALSYM CERT_PUBKEY_ALG_PARA_PROP_ID}
CERT_FIRST_RESERVED_PROP_ID = 23;
{$EXTERNALSYM CERT_FIRST_RESERVED_PROP_ID}
// Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs.
CERT_LAST_RESERVED_PROP_ID = $00007FFF;
{$EXTERNALSYM CERT_LAST_RESERVED_PROP_ID}
CERT_FIRST_USER_PROP_ID = $00008000;
{$EXTERNALSYM CERT_FIRST_USER_PROP_ID}
CERT_LAST_USER_PROP_ID = $0000FFFF;
{$EXTERNALSYM CERT_LAST_USER_PROP_ID}
function IS_CERT_HASH_PROP_ID(X: DWORD): Boolean;
{$EXTERNALSYM IS_CERT_HASH_PROP_ID}
//+-------------------------------------------------------------------------
// Access State flags returned by CERT_ACCESS_STATE_PROP_ID. Note,
// CERT_ACCESS_PROP_ID is read only.
//--------------------------------------------------------------------------
// Set if context property writes are persisted. For instance, not set for
// memory store contexts. Set for registry based stores opened as read or write.
// Not set for registry based stores opened as read only.
const
CERT_ACCESS_STATE_WRITE_PERSIST_FLAG = $1;
{$EXTERNALSYM CERT_ACCESS_STATE_WRITE_PERSIST_FLAG}
// Set if context resides in a SYSTEM or SYSTEM_REGISTRY store.
CERT_ACCESS_STATE_SYSTEM_STORE_FLAG = $2;
{$EXTERNALSYM CERT_ACCESS_STATE_SYSTEM_STORE_FLAG}
//+-------------------------------------------------------------------------
// Cryptographic Key Provider Information
//
// CRYPT_KEY_PROV_INFO defines the CERT_KEY_PROV_INFO_PROP_ID's pvData.
//
// The CRYPT_KEY_PROV_INFO fields are passed to CryptAcquireContext
// to get a HCRYPTPROV handle. The optional CRYPT_KEY_PROV_PARAM fields are
// passed to CryptSetProvParam to further initialize the provider.
//
// The dwKeySpec field identifies the private key to use from the container
// For example, AT_KEYEXCHANGE or AT_SIGNATURE.
//--------------------------------------------------------------------------
type
PCRYPT_KEY_PROV_PARAM = ^CRYPT_KEY_PROV_PARAM;
{$EXTERNALSYM PCRYPT_KEY_PROV_PARAM}
_CRYPT_KEY_PROV_PARAM = record
dwParam: DWORD;
pbData: LPBYTE;
cbData: DWORD;
dwFlags: DWORD;
end;
{$EXTERNALSYM _CRYPT_KEY_PROV_PARAM}
CRYPT_KEY_PROV_PARAM = _CRYPT_KEY_PROV_PARAM;
{$EXTERNALSYM CRYPT_KEY_PROV_PARAM}
TCryptKeyProvParam = CRYPT_KEY_PROV_PARAM;
PCryptKeyProvParam = PCRYPT_KEY_PROV_PARAM;
PCRYPT_KEY_PROV_INFO = ^CRYPT_KEY_PROV_INFO;
{$EXTERNALSYM PCRYPT_KEY_PROV_INFO}
_CRYPT_KEY_PROV_INFO = record
pwszContainerName: LPWSTR;
pwszProvName: LPWSTR;
dwProvType: DWORD;
dwFlags: DWORD;
cProvParam: DWORD;
rgProvParam: PCRYPT_KEY_PROV_PARAM;
dwKeySpec: DWORD;
end;
{$EXTERNALSYM _CRYPT_KEY_PROV_INFO}
CRYPT_KEY_PROV_INFO = _CRYPT_KEY_PROV_INFO;
{$EXTERNALSYM CRYPT_KEY_PROV_INFO}
TCryptKeyProvInfo = CRYPT_KEY_PROV_INFO;
PCryptKeyProvInfo = PCRYPT_KEY_PROV_INFO;
//+-------------------------------------------------------------------------
// The following flag should be set in the above dwFlags to enable
// a CertSetCertificateContextProperty(CERT_KEY_CONTEXT_PROP_ID) after a
// CryptAcquireContext is done in the Sign or Decrypt Message functions.
//
// The following define must not collide with any of the
// CryptAcquireContext dwFlag defines.
//--------------------------------------------------------------------------
const
CERT_SET_KEY_PROV_HANDLE_PROP_ID = $00000001;
{$EXTERNALSYM CERT_SET_KEY_PROV_HANDLE_PROP_ID}
CERT_SET_KEY_CONTEXT_PROP_ID = $00000001;
{$EXTERNALSYM CERT_SET_KEY_CONTEXT_PROP_ID}
//+-------------------------------------------------------------------------
// Certificate Key Context
//
// CERT_KEY_CONTEXT defines the CERT_KEY_CONTEXT_PROP_ID's pvData.
//--------------------------------------------------------------------------
type
PCERT_KEY_CONTEXT = ^CERT_KEY_CONTEXT;
{$EXTERNALSYM PCERT_KEY_CONTEXT}
_CERT_KEY_CONTEXT = record
cbSize: DWORD; // sizeof(CERT_KEY_CONTEXT)
hCryptProv: HCRYPTPROV;
dwKeySpec: DWORD;
end;
{$EXTERNALSYM _CERT_KEY_CONTEXT}
CERT_KEY_CONTEXT = _CERT_KEY_CONTEXT;
{$EXTERNALSYM CERT_KEY_CONTEXT}
TCertKeyContext = CERT_KEY_CONTEXT;
PCertKeyContext = PCERT_KEY_CONTEXT;
//+-------------------------------------------------------------------------
// Certificate Store Provider Types
//--------------------------------------------------------------------------
const
CERT_STORE_PROV_MSG = LPCSTR(1);
{$EXTERNALSYM CERT_STORE_PROV_MSG}
CERT_STORE_PROV_MEMORY = LPCSTR(2);
{$EXTERNALSYM CERT_STORE_PROV_MEMORY}
CERT_STORE_PROV_FILE = LPCSTR(3);
{$EXTERNALSYM CERT_STORE_PROV_FILE}
CERT_STORE_PROV_REG = LPCSTR(4);
{$EXTERNALSYM CERT_STORE_PROV_REG}
CERT_STORE_PROV_PKCS7 = LPCSTR(5);
{$EXTERNALSYM CERT_STORE_PROV_PKCS7}
CERT_STORE_PROV_SERIALIZED = LPCSTR(6);
{$EXTERNALSYM CERT_STORE_PROV_SERIALIZED}
CERT_STORE_PROV_FILENAME_A = LPCSTR(7);
{$EXTERNALSYM CERT_STORE_PROV_FILENAME_A}
CERT_STORE_PROV_FILENAME_W = LPCSTR(8);
{$EXTERNALSYM CERT_STORE_PROV_FILENAME_W}
CERT_STORE_PROV_FILENAME = CERT_STORE_PROV_FILENAME_W;
{$EXTERNALSYM CERT_STORE_PROV_FILENAME}
CERT_STORE_PROV_SYSTEM_A = LPCSTR(9);
{$EXTERNALSYM CERT_STORE_PROV_SYSTEM_A}
CERT_STORE_PROV_SYSTEM_W = LPCSTR(10);
{$EXTERNALSYM CERT_STORE_PROV_SYSTEM_W}
CERT_STORE_PROV_SYSTEM = CERT_STORE_PROV_SYSTEM_W;
{$EXTERNALSYM CERT_STORE_PROV_SYSTEM}
CERT_STORE_PROV_COLLECTION = LPCSTR(11);
{$EXTERNALSYM CERT_STORE_PROV_COLLECTION}
CERT_STORE_PROV_SYSTEM_REGISTRY_A = LPCSTR(12);
{$EXTERNALSYM CERT_STORE_PROV_SYSTEM_REGISTRY_A}
CERT_STORE_PROV_SYSTEM_REGISTRY_W = LPCSTR(13);
{$EXTERNALSYM CERT_STORE_PROV_SYSTEM_REGISTRY_W}
CERT_STORE_PROV_SYSTEM_REGISTRY = CERT_STORE_PROV_SYSTEM_REGISTRY_W;
{$EXTERNALSYM CERT_STORE_PROV_SYSTEM_REGISTRY}
CERT_STORE_PROV_PHYSICAL_W = LPCSTR(14);
{$EXTERNALSYM CERT_STORE_PROV_PHYSICAL_W}
CERT_STORE_PROV_PHYSICAL = CERT_STORE_PROV_PHYSICAL_W;
{$EXTERNALSYM CERT_STORE_PROV_PHYSICAL}
CERT_STORE_PROV_SMART_CARD_W = LPCSTR(15);
{$EXTERNALSYM CERT_STORE_PROV_SMART_CARD_W}
CERT_STORE_PROV_SMART_CARD = CERT_STORE_PROV_SMART_CARD_W;
{$EXTERNALSYM CERT_STORE_PROV_SMART_CARD}
CERT_STORE_PROV_LDAP_W = LPCSTR(16);
{$EXTERNALSYM CERT_STORE_PROV_LDAP_W}
CERT_STORE_PROV_LDAP = CERT_STORE_PROV_LDAP_W;
{$EXTERNALSYM CERT_STORE_PROV_LDAP}
sz_CERT_STORE_PROV_MEMORY = 'Memory';
{$EXTERNALSYM sz_CERT_STORE_PROV_MEMORY}
sz_CERT_STORE_PROV_FILENAME_W = 'File';
{$EXTERNALSYM sz_CERT_STORE_PROV_FILENAME_W}
sz_CERT_STORE_PROV_FILENAME = sz_CERT_STORE_PROV_FILENAME_W;
{$EXTERNALSYM sz_CERT_STORE_PROV_FILENAME}
sz_CERT_STORE_PROV_SYSTEM_W = 'System';
{$EXTERNALSYM sz_CERT_STORE_PROV_SYSTEM_W}
sz_CERT_STORE_PROV_SYSTEM = sz_CERT_STORE_PROV_SYSTEM_W;
{$EXTERNALSYM sz_CERT_STORE_PROV_SYSTEM}
sz_CERT_STORE_PROV_PKCS7 = 'PKCS7';
{$EXTERNALSYM sz_CERT_STORE_PROV_PKCS7}
sz_CERT_STORE_PROV_SERIALIZED = 'Serialized';
{$EXTERNALSYM sz_CERT_STORE_PROV_SERIALIZED}
sz_CERT_STORE_PROV_COLLECTION = 'Collection';
{$EXTERNALSYM sz_CERT_STORE_PROV_COLLECTION}
sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W = 'SystemRegistry';
{$EXTERNALSYM sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W}
sz_CERT_STORE_PROV_SYSTEM_REGISTRY = sz_CERT_STORE_PROV_SYSTEM_REGISTRY_W;
{$EXTERNALSYM sz_CERT_STORE_PROV_SYSTEM_REGISTRY}
sz_CERT_STORE_PROV_PHYSICAL_W = 'Physical';
{$EXTERNALSYM sz_CERT_STORE_PROV_PHYSICAL_W}
sz_CERT_STORE_PROV_PHYSICAL = sz_CERT_STORE_PROV_PHYSICAL_W;
{$EXTERNALSYM sz_CERT_STORE_PROV_PHYSICAL}
sz_CERT_STORE_PROV_SMART_CARD_W = 'SmartCard';
{$EXTERNALSYM sz_CERT_STORE_PROV_SMART_CARD_W}
sz_CERT_STORE_PROV_SMART_CARD = sz_CERT_STORE_PROV_SMART_CARD_W;
{$EXTERNALSYM sz_CERT_STORE_PROV_SMART_CARD}
sz_CERT_STORE_PROV_LDAP_W = 'Ldap';
{$EXTERNALSYM sz_CERT_STORE_PROV_LDAP_W}
sz_CERT_STORE_PROV_LDAP = sz_CERT_STORE_PROV_LDAP_W;
{$EXTERNALSYM sz_CERT_STORE_PROV_LDAP}
//+-------------------------------------------------------------------------
// Certificate Store verify/results flags
//--------------------------------------------------------------------------
CERT_STORE_SIGNATURE_FLAG = $00000001;
{$EXTERNALSYM CERT_STORE_SIGNATURE_FLAG}
CERT_STORE_TIME_VALIDITY_FLAG = $00000002;
{$EXTERNALSYM CERT_STORE_TIME_VALIDITY_FLAG}
CERT_STORE_REVOCATION_FLAG = $00000004;
{$EXTERNALSYM CERT_STORE_REVOCATION_FLAG}
CERT_STORE_NO_CRL_FLAG = $00010000;
{$EXTERNALSYM CERT_STORE_NO_CRL_FLAG}
CERT_STORE_NO_ISSUER_FLAG = $00020000;
{$EXTERNALSYM CERT_STORE_NO_ISSUER_FLAG}
//+-------------------------------------------------------------------------
// Certificate Store open/property flags
//--------------------------------------------------------------------------
CERT_STORE_NO_CRYPT_RELEASE_FLAG = $00000001;
{$EXTERNALSYM CERT_STORE_NO_CRYPT_RELEASE_FLAG}
CERT_STORE_SET_LOCALIZED_NAME_FLAG = $00000002;
{$EXTERNALSYM CERT_STORE_SET_LOCALIZED_NAME_FLAG}
CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG = $00000004;
{$EXTERNALSYM CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG}
CERT_STORE_DELETE_FLAG = $00000010;
{$EXTERNALSYM CERT_STORE_DELETE_FLAG}
CERT_STORE_MANIFOLD_FLAG = $00000100;
{$EXTERNALSYM CERT_STORE_MANIFOLD_FLAG}
CERT_STORE_ENUM_ARCHIVED_FLAG = $00000200;
{$EXTERNALSYM CERT_STORE_ENUM_ARCHIVED_FLAG}
CERT_STORE_UPDATE_KEYID_FLAG = $00000400;
{$EXTERNALSYM CERT_STORE_UPDATE_KEYID_FLAG}
CERT_STORE_READONLY_FLAG = $00008000;
{$EXTERNALSYM CERT_STORE_READONLY_FLAG}
CERT_STORE_OPEN_EXISTING_FLAG = $00004000;
{$EXTERNALSYM CERT_STORE_OPEN_EXISTING_FLAG}
CERT_STORE_CREATE_NEW_FLAG = $00002000;
{$EXTERNALSYM CERT_STORE_CREATE_NEW_FLAG}
CERT_STORE_MAXIMUM_ALLOWED_FLAG = $00001000;
{$EXTERNALSYM CERT_STORE_MAXIMUM_ALLOWED_FLAG}
//+-------------------------------------------------------------------------
// Certificate Store Provider flags are in the HiWord (0xFFFF0000)
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Certificate System Store Flag Values
//--------------------------------------------------------------------------
// Includes flags and location
CERT_SYSTEM_STORE_MASK = DWORD($FFFF0000);
{$EXTERNALSYM CERT_SYSTEM_STORE_MASK}
// Set if pvPara points to a CERT_SYSTEM_STORE_RELOCATE_PARA structure
CERT_SYSTEM_STORE_RELOCATE_FLAG = DWORD($80000000);
{$EXTERNALSYM CERT_SYSTEM_STORE_RELOCATE_FLAG}
type
PCERT_SYSTEM_STORE_RELOCATE_PARA = ^CERT_SYSTEM_STORE_RELOCATE_PARA;
{$EXTERNALSYM PCERT_SYSTEM_STORE_RELOCATE_PARA}
_CERT_SYSTEM_STORE_RELOCATE_PARA = record
Union1: record
case Integer of
0: (hKeyBase: HKEY);
1: (pvBase: Pointer);
end;
case Integer of
0: (pvSystemStore: Pointer);
1: (pszSystemStore: LPCSTR);
2: (pwszSystemStore: LPCWSTR);
end;
{$EXTERNALSYM _CERT_SYSTEM_STORE_RELOCATE_PARA}
CERT_SYSTEM_STORE_RELOCATE_PARA = _CERT_SYSTEM_STORE_RELOCATE_PARA;
{$EXTERNALSYM CERT_SYSTEM_STORE_RELOCATE_PARA}
TCertSystemStoreRelocatePara = CERT_SYSTEM_STORE_RELOCATE_PARA;
PCertSystemStoreRelocatePara = PCERT_SYSTEM_STORE_RELOCATE_PARA;
// By default, when the CurrentUser "Root" store is opened, any SystemRegistry
// roots not also on the protected root list are deleted from the cache before
// CertOpenStore() returns. Set the following flag to return all the roots
// in the SystemRegistry without checking the protected root list.
const
CERT_SYSTEM_STORE_UNPROTECTED_FLAG = $40000000;
{$EXTERNALSYM CERT_SYSTEM_STORE_UNPROTECTED_FLAG}
// Location of the system store:
CERT_SYSTEM_STORE_LOCATION_MASK = $00FF0000;
{$EXTERNALSYM CERT_SYSTEM_STORE_LOCATION_MASK}
CERT_SYSTEM_STORE_LOCATION_SHIFT = 16;
{$EXTERNALSYM CERT_SYSTEM_STORE_LOCATION_SHIFT}
// Registry: HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE
CERT_SYSTEM_STORE_CURRENT_USER_ID = 1;
{$EXTERNALSYM CERT_SYSTEM_STORE_CURRENT_USER_ID}
CERT_SYSTEM_STORE_LOCAL_MACHINE_ID = 2;
{$EXTERNALSYM CERT_SYSTEM_STORE_LOCAL_MACHINE_ID}
// Registry: HKEY_LOCAL_MACHINESoftwareMicrosoftCryptographyServices
CERT_SYSTEM_STORE_CURRENT_SERVICE_ID = 4;
{$EXTERNALSYM CERT_SYSTEM_STORE_CURRENT_SERVICE_ID}
CERT_SYSTEM_STORE_SERVICES_ID = 5;
{$EXTERNALSYM CERT_SYSTEM_STORE_SERVICES_ID}
// Registry: HKEY_USERS
CERT_SYSTEM_STORE_USERS_ID = 6;
{$EXTERNALSYM CERT_SYSTEM_STORE_USERS_ID}
// Registry: HKEY_CURRENT_USERSoftwarePoliciesMicrosoftSystemCertificates
CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID = 7;
{$EXTERNALSYM CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID}
// Registry: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftSystemCertificates
CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID = 8;
{$EXTERNALSYM CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID}
// Registry: HKEY_LOCAL_MACHINESoftwareMicrosoftEnterpriseCertificates
CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID = 9;
{$EXTERNALSYM CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID}
CERT_SYSTEM_STORE_CURRENT_USER = (CERT_SYSTEM_STORE_CURRENT_USER_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT);
{$EXTERNALSYM CERT_SYSTEM_STORE_CURRENT_USER}
CERT_SYSTEM_STORE_LOCAL_MACHINE = (CERT_SYSTEM_STORE_LOCAL_MACHINE_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT);
{$EXTERNALSYM CERT_SYSTEM_STORE_LOCAL_MACHINE}
CERT_SYSTEM_STORE_CURRENT_SERVICE = (CERT_SYSTEM_STORE_CURRENT_SERVICE_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT);
{$EXTERNALSYM CERT_SYSTEM_STORE_CURRENT_SERVICE}
CERT_SYSTEM_STORE_SERVICES = (CERT_SYSTEM_STORE_SERVICES_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT);
{$EXTERNALSYM CERT_SYSTEM_STORE_SERVICES}
CERT_SYSTEM_STORE_USERS = (CERT_SYSTEM_STORE_USERS_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT);
{$EXTERNALSYM CERT_SYSTEM_STORE_USERS}
CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY = (CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT);
{$EXTERNALSYM CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY}
CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY = (CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT);
{$EXTERNALSYM CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY}
CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE = (CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE_ID shl CERT_SYSTEM_STORE_LOCATION_SHIFT);
{$EXTERNALSYM CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE}
//+-------------------------------------------------------------------------
// Group Policy Store Defines
//--------------------------------------------------------------------------
// Registry path to the Group Policy system stores
CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH = 'SoftwarePoliciesMicrosoftSystemCertificates';
{$EXTERNALSYM CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH}
//+-------------------------------------------------------------------------
// EFS Defines
//--------------------------------------------------------------------------
// Registry path to the EFS EFSBlob SubKey - Value type is REG_BINARY
CERT_EFSBLOB_REGPATH = CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH + 'EFS';
{$EXTERNALSYM CERT_EFSBLOB_REGPATH}
CERT_EFSBLOB_VALUE_NAME = 'EFSBlob';
{$EXTERNALSYM CERT_EFSBLOB_VALUE_NAME}
//+-------------------------------------------------------------------------
// Protected Root Defines
//--------------------------------------------------------------------------
// Registry path to the Protected Roots Flags SubKey
CERT_PROT_ROOT_FLAGS_REGPATH = CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH + 'RootProtectedRoots';
{$EXTERNALSYM CERT_PROT_ROOT_FLAGS_REGPATH}
CERT_PROT_ROOT_FLAGS_VALUE_NAME = 'Flags';
{$EXTERNALSYM CERT_PROT_ROOT_FLAGS_VALUE_NAME}
// Set the following flag to inhibit the opening of the CurrentUser's
// .Default physical store when opening the CurrentUser's "Root" system store.
// The .Default physical store open's the CurrentUser SystemRegistry "Root"
// store.
CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG = $1;
{$EXTERNALSYM CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG}
// Set the following flag to inhibit the adding of roots from the
// CurrentUser SystemRegistry "Root" store to the protected root list
// when the "Root" store is initially protected.
CERT_PROT_ROOT_INHIBIT_ADD_AT_INIT_FLAG = $2;
{$EXTERNALSYM CERT_PROT_ROOT_INHIBIT_ADD_AT_INIT_FLAG}
// Set the following flag to inhibit the purging of protected roots from the
// CurrentUser SystemRegistry "Root" store that are
// also in the LocalMachine SystemRegistry "Root" store. Note, when not
// disabled, the purging is done silently without UI.
CERT_PROT_ROOT_INHIBIT_PURGE_LM_FLAG = $4;
{$EXTERNALSYM CERT_PROT_ROOT_INHIBIT_PURGE_LM_FLAG}
// Set the following flag to only open the .LocalMachineGroupPolicy
// physical store when opening the CurrentUser's "Root" system store.
CERT_PROT_ROOT_ONLY_LM_GPT_FLAG = $8;
{$EXTERNALSYM CERT_PROT_ROOT_ONLY_LM_GPT_FLAG}
//+-------------------------------------------------------------------------
// Certificate Registry Store Flag Values (CERT_STORE_REG)
//--------------------------------------------------------------------------
// Set this flag if the HKEY passed in pvPara points to a remote computer
// registry key.
CERT_REGISTRY_STORE_REMOTE_FLAG = $10000;
{$EXTERNALSYM CERT_REGISTRY_STORE_REMOTE_FLAG}
// Set this flag if the contexts are to be persisted as a single serialized
// store in the registry. Mainly used for stores downloaded from the GPT.
// Such as the CurrentUserGroupPolicy or LocalMachineGroupPolicy stores.
CERT_REGISTRY_STORE_SERIALIZED_FLAG = $20000;
{$EXTERNALSYM CERT_REGISTRY_STORE_SERIALIZED_FLAG}
// The following flags are for internal use. When set, the
// pvPara parameter passed to CertOpenStore is a pointer to the following
// data structure and not the HKEY. The above CERT_REGISTRY_STORE_REMOTE_FLAG
// is also set if hKeyBase was obtained via RegConnectRegistry().
CERT_REGISTRY_STORE_CLIENT_GPT_FLAG = DWORD($80000000);
{$EXTERNALSYM CERT_REGISTRY_STORE_CLIENT_GPT_FLAG}
CERT_REGISTRY_STORE_LM_GPT_FLAG = $01000000;
{$EXTERNALSYM CERT_REGISTRY_STORE_LM_GPT_FLAG}
type
PCERT_REGISTRY_STORE_CLIENT_GPT_PARA = ^CERT_REGISTRY_STORE_CLIENT_GPT_PARA;
{$EXTERNALSYM PCERT_REGISTRY_STORE_CLIENT_GPT_PARA}
_CERT_REGISTRY_STORE_CLIENT_GPT_PARA = record
hKeyBase: HKEY;
pwszRegPath: LPWSTR;
end;
{$EXTERNALSYM _CERT_REGISTRY_STORE_CLIENT_GPT_PARA}
CERT_REGISTRY_STORE_CLIENT_GPT_PARA = _CERT_REGISTRY_STORE_CLIENT_GPT_PARA;
{$EXTERNALSYM CERT_REGISTRY_STORE_CLIENT_GPT_PARA}
TCertRegistryStoreClientGptPara = CERT_REGISTRY_STORE_CLIENT_GPT_PARA;
PCertRegistryStoreClientGptPara = PCERT_REGISTRY_STORE_CLIENT_GPT_PARA;
// The following flag is for internal use. When set, the contexts are
// persisted into roaming files instead of the registry. Such as, the
// CurrentUser "My" store. When this flag is set, the following data structure
// is passed to CertOpenStore instead of HKEY.
const
CERT_REGISTRY_STORE_ROAMING_FLAG = $40000;
{$EXTERNALSYM CERT_REGISTRY_STORE_ROAMING_FLAG}
// hKey may be NULL or non-NULL. When non-NULL, existing contexts are
// moved from the registry to roaming files.
type
PCERT_REGISTRY_STORE_ROAMING_PARA = ^CERT_REGISTRY_STORE_ROAMING_PARA;
{$EXTERNALSYM PCERT_REGISTRY_STORE_ROAMING_PARA}
_CERT_REGISTRY_STORE_ROAMING_PARA = record
hKey: HKEY;
pwszStoreDirectory: LPWSTR;
end;
{$EXTERNALSYM _CERT_REGISTRY_STORE_ROAMING_PARA}
CERT_REGISTRY_STORE_ROAMING_PARA = _CERT_REGISTRY_STORE_ROAMING_PARA;
{$EXTERNALSYM CERT_REGISTRY_STORE_ROAMING_PARA}
TCertRegistryStoreRoamingPara = CERT_REGISTRY_STORE_ROAMING_PARA;
PCertRegistryStoreRoamingPara = PCERT_REGISTRY_STORE_ROAMING_PARA;
// The following flag is for internal use. When set, the "My" DWORD value
// at HKLMSoftwareMicrosoftCryptographyIEDirtyFlags is set to 0x1
// whenever a certificate is added to the registry store.
const
CERT_REGISTRY_STORE_MY_IE_DIRTY_FLAG = $80000;
{$EXTERNALSYM CERT_REGISTRY_STORE_MY_IE_DIRTY_FLAG}
// Registry path to the subkey containing the "My" DWORD value to be set
CERT_IE_DIRTY_FLAGS_REGPATH = 'SoftwareMicrosoftCryptographyIEDirtyFlags';
{$EXTERNALSYM CERT_IE_DIRTY_FLAGS_REGPATH}
//+-------------------------------------------------------------------------
// Certificate File Store Flag Values for the providers:
// CERT_STORE_PROV_FILE
// CERT_STORE_PROV_FILENAME
// CERT_STORE_PROV_FILENAME_A
// CERT_STORE_PROV_FILENAME_W
// sz_CERT_STORE_PROV_FILENAME_W
//--------------------------------------------------------------------------
// Set this flag if any store changes are to be committed to the file.
// The changes are committed at CertCloseStore or by calling
// CertControlStore(CERT_STORE_CTRL_COMMIT).
//
// The open fails with E_INVALIDARG if both CERT_FILE_STORE_COMMIT_ENABLE_FLAG
// and CERT_STORE_READONLY_FLAG are set in dwFlags.
//
// For the FILENAME providers: if the file contains an X509 encoded
// certificate, the open fails with ERROR_ACCESS_DENIED.
//
// For the FILENAME providers: if CERT_STORE_CREATE_NEW_FLAG is set, the
// CreateFile uses CREATE_NEW. If CERT_STORE_OPEN_EXISTING is set, uses
// OPEN_EXISTING. Otherwise, defaults to OPEN_ALWAYS.
//
// For the FILENAME providers: the file is committed as either a PKCS7 or
// serialized store depending on the type read at open. However, if the
// file is empty then, if the filename has either a ".p7c" or ".spc"
// extension its committed as a PKCS7. Otherwise, its committed as a
// serialized store.
//
// For CERT_STORE_PROV_FILE, the file handle is duplicated. Its always
// committed as a serialized store.
//
CERT_FILE_STORE_COMMIT_ENABLE_FLAG = $10000;
{$EXTERNALSYM CERT_FILE_STORE_COMMIT_ENABLE_FLAG}
//+-------------------------------------------------------------------------
// Open the cert store using the specified store provider.
//
// If CERT_STORE_DELETE_FLAG is set, then, the store is deleted. NULL is
// returned for both success and failure. However, GetLastError() returns 0
// for success and nonzero for failure.
//
// If CERT_STORE_SET_LOCALIZED_NAME_FLAG is set, then, if supported, the
// provider sets the store's CERT_STORE_LOCALIZED_NAME_PROP_ID property.
// The store's localized name can be retrieved by calling
// CertSetStoreProperty(dwPropID = CERT_STORE_LOCALIZED_NAME_PROP_ID).
// This flag is supported by the following providers (and their sz_
// equivalent):
// CERT_STORE_PROV_FILENAME_A
// CERT_STORE_PROV_FILENAME_W
// CERT_STORE_PROV_SYSTEM_A
// CERT_STORE_PROV_SYSTEM_W
// CERT_STORE_PROV_SYSTEM_REGISTRY_A
// CERT_STORE_PROV_SYSTEM_REGISTRY_W
// CERT_STORE_PROV_PHYSICAL_W
//
// If CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG is set, then, the
// closing of the store's provider is deferred until all certificate,
// CRL and CTL contexts obtained from the store are freed. Also,
// if a non NULL HCRYPTPROV was passed, then, it will continue to be used.
// By default, the store's provider is closed on the final CertCloseStore.
// If this flag isn't set, then, any property changes made to previously
// duplicated contexts after the final CertCloseStore will not be persisted.
// By setting this flag, property changes made
// after the CertCloseStore will be persisted. Note, setting this flag
// causes extra overhead in doing context duplicates and frees.
// If CertCloseStore is called with CERT_CLOSE_STORE_FORCE_FLAG, then,
// the CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG flag is ignored.
//
// CERT_STORE_MANIFOLD_FLAG can be set to check for certificates having the
// manifold extension and archive the "older" certificates with the same
// manifold extension value. A certificate is archived by setting the
// CERT_ARCHIVED_PROP_ID.
//
// By default, contexts having the CERT_ARCHIVED_PROP_ID, are skipped
// during enumeration. CERT_STORE_ENUM_ARCHIVED_FLAG can be set to include
// archived contexts when enumerating. Note, contexts having the
// CERT_ARCHIVED_PROP_ID are still found for explicit finds, such as,
// finding a context with a specific hash or finding a certificate having
// a specific issuer and serial number.
//
// CERT_STORE_UPDATE_KEYID_FLAG can be set to also update the Key Identifier's
// CERT_KEY_PROV_INFO_PROP_ID property whenever a certificate's
// CERT_KEY_IDENTIFIER_PROP_ID or CERT_KEY_PROV_INFO_PROP_ID property is set
// and the other property already exists. If the Key Identifier's
// CERT_KEY_PROV_INFO_PROP_ID already exists, it isn't updated. Any
// errors encountered are silently ignored.
//
// By default, this flag is implicitly set for the "My.Default" CurrentUser
// and LocalMachine physical stores.
//
// CERT_STORE_READONLY_FLAG can be set to open the store as read only.
// Otherwise, the store is opened as read/write.
//
// CERT_STORE_OPEN_EXISTING_FLAG can be set to only open an existing
// store. CERT_STORE_CREATE_NEW_FLAG can be set to create a new store and
// fail if the store already exists. Otherwise, the default is to open
// an existing store or create a new store if it doesn't already exist.
//
// hCryptProv specifies the crypto provider to use to create the hash
// properties or verify the signature of a subject certificate or CRL.
// The store doesn't need to use a private
// key. If the CERT_STORE_NO_CRYPT_RELEASE_FLAG isn't set, hCryptProv is
// CryptReleaseContext'ed on the final CertCloseStore.
//
// Note, if the open fails, hCryptProv is released if it would have been
// released when the store was closed.
//
// If hCryptProv is zero, then, the default provider and container for the
// PROV_RSA_FULL provider type is CryptAcquireContext'ed with
// CRYPT_VERIFYCONTEXT access. The CryptAcquireContext is deferred until
// the first create hash or verify signature. In addition, once acquired,
// the default provider isn't released until process exit when crypt32.dll
// is unloaded. The acquired default provider is shared across all stores
// and threads.
//
// After initializing the store's data structures and optionally acquiring a
// default crypt provider, CertOpenStore calls CryptGetOIDFunctionAddress to
// get the address of the CRYPT_OID_OPEN_STORE_PROV_FUNC specified by
// lpszStoreProvider. Since a store can contain certificates with different
// encoding types, CryptGetOIDFunctionAddress is called with dwEncodingType
// set to 0 and not the dwEncodingType passed to CertOpenStore.
// PFN_CERT_DLL_OPEN_STORE_FUNC specifies the signature of the provider's
// open function. This provider open function is called to load the
// store's certificates and CRLs. Optionally, the provider may return an
// array of functions called before a certificate or CRL is added or deleted
// or has a property that is set.
//
// Use of the dwEncodingType parameter is provider dependent. The type
// definition for pvPara also depends on the provider.
//
// Store providers are installed or registered via
// CryptInstallOIDFunctionAddress or CryptRegisterOIDFunction, where,
// dwEncodingType is 0 and pszFuncName is CRYPT_OID_OPEN_STORE_PROV_FUNC.
//
// Here's a list of the predefined provider types (implemented in crypt32.dll):
//
// CERT_STORE_PROV_MSG:
// Gets the certificates and CRLs from the specified cryptographic message.
// dwEncodingType contains the message and certificate encoding types.
// The message's handle is passed in pvPara. Given,
// HCRYPTMSG hCryptMsg; pvPara = (const void *) hCryptMsg;
//
// CERT_STORE_PROV_MEMORY
// sz_CERT_STORE_PROV_MEMORY:
// Opens a store without any initial certificates or CRLs. pvPara
// isn't used.
//
// CERT_STORE_PROV_FILE:
// Reads the certificates and CRLs from the specified file. The file's
// handle is passed in pvPara. Given,
// HANDLE hFile; pvPara = (const void *) hFile;
//
// For a successful open, the file pointer is advanced past
// the certificates and CRLs and their properties read from the file.
// Note, only expects a serialized store and not a file containing
// either a PKCS #7 signed message or a single encoded certificate.
//
// The hFile isn't closed.
//
// CERT_STORE_PROV_REG:
// Reads the certificates and CRLs from the registry. The registry's
// key handle is passed in pvPara. Given,
// HKEY hKey; pvPara = (const void *) hKey;
//
// The input hKey isn't closed by the provider. Before returning, the
// provider opens it own copy of the hKey.
//
// If CERT_STORE_READONLY_FLAG is set, then, the registry subkeys are
// RegOpenKey'ed with KEY_READ_ACCESS. Otherwise, the registry subkeys
// are RegCreateKey'ed with KEY_ALL_ACCESS.
//
// This provider returns the array of functions for reading, writing,
// deleting and property setting certificates and CRLs.
// Any changes to the opened store are immediately pushed through to
// the registry. However, if CERT_STORE_READONLY_FLAG is set, then,
// writing, deleting or property setting results in a
// SetLastError(E_ACCESSDENIED).
//
// Note, all the certificates and CRLs are read from the registry
// when the store is opened. The opened store serves as a write through
// cache.
//
// If CERT_REGISTRY_STORE_SERIALIZED_FLAG is set, then, the
// contexts are persisted as a single serialized store subkey in the
// registry.
//
// CERT_STORE_PROV_PKCS7:
// sz_CERT_STORE_PROV_PKCS7:
// Gets the certificates and CRLs from the encoded PKCS #7 signed message.
// dwEncodingType specifies the message and certificate encoding types.
// The pointer to the encoded message's blob is passed in pvPara. Given,
// CRYPT_DATA_BLOB EncodedMsg; pvPara = (const void *) &EncodedMsg;
//
// Note, also supports the IE3.0 special version of a
// PKCS #7 signed message referred to as a "SPC" formatted message.
//
// CERT_STORE_PROV_SERIALIZED:
// sz_CERT_STORE_PROV_SERIALIZED:
// Gets the certificates and CRLs from memory containing a serialized
// store. The pointer to the serialized memory blob is passed in pvPara.
// Given,
// CRYPT_DATA_BLOB Serialized; pvPara = (const void *) &Serialized;
//
// CERT_STORE_PROV_FILENAME_A:
// CERT_STORE_PROV_FILENAME_W:
// CERT_STORE_PROV_FILENAME:
// sz_CERT_STORE_PROV_FILENAME_W:
// sz_CERT_STORE_PROV_FILENAME:
// Opens the file and first attempts to read as a serialized store. Then,
// as a PKCS #7 signed message. Finally, as a single encoded certificate.
// The filename is passed in pvPara. The filename is UNICODE for the
// "_W" provider and ASCII for the "_A" provider. For "_W": given,
// LPCWSTR pwszFilename; pvPara = (const void *) pwszFilename;
// For "_A": given,
// LPCSTR pszFilename; pvPara = (const void *) pszFilename;
//
// Note, the default (without "_A" or "_W") is unicode.
//