1*6236dae4SAndroid Build Coastguard Worker #ifndef HEADER_CURL_SCHANNEL_INT_H 2*6236dae4SAndroid Build Coastguard Worker #define HEADER_CURL_SCHANNEL_INT_H 3*6236dae4SAndroid Build Coastguard Worker /*************************************************************************** 4*6236dae4SAndroid Build Coastguard Worker * _ _ ____ _ 5*6236dae4SAndroid Build Coastguard Worker * Project ___| | | | _ \| | 6*6236dae4SAndroid Build Coastguard Worker * / __| | | | |_) | | 7*6236dae4SAndroid Build Coastguard Worker * | (__| |_| | _ <| |___ 8*6236dae4SAndroid Build Coastguard Worker * \___|\___/|_| \_\_____| 9*6236dae4SAndroid Build Coastguard Worker * 10*6236dae4SAndroid Build Coastguard Worker * Copyright (C) Marc Hoersken, <[email protected]>, et al. 11*6236dae4SAndroid Build Coastguard Worker * Copyright (C) Daniel Stenberg, <[email protected]>, et al. 12*6236dae4SAndroid Build Coastguard Worker * 13*6236dae4SAndroid Build Coastguard Worker * This software is licensed as described in the file COPYING, which 14*6236dae4SAndroid Build Coastguard Worker * you should have received as part of this distribution. The terms 15*6236dae4SAndroid Build Coastguard Worker * are also available at https://curl.se/docs/copyright.html. 16*6236dae4SAndroid Build Coastguard Worker * 17*6236dae4SAndroid Build Coastguard Worker * You may opt to use, copy, modify, merge, publish, distribute and/or sell 18*6236dae4SAndroid Build Coastguard Worker * copies of the Software, and permit persons to whom the Software is 19*6236dae4SAndroid Build Coastguard Worker * furnished to do so, under the terms of the COPYING file. 20*6236dae4SAndroid Build Coastguard Worker * 21*6236dae4SAndroid Build Coastguard Worker * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 22*6236dae4SAndroid Build Coastguard Worker * KIND, either express or implied. 23*6236dae4SAndroid Build Coastguard Worker * 24*6236dae4SAndroid Build Coastguard Worker * SPDX-License-Identifier: curl 25*6236dae4SAndroid Build Coastguard Worker * 26*6236dae4SAndroid Build Coastguard Worker ***************************************************************************/ 27*6236dae4SAndroid Build Coastguard Worker #include "curl_setup.h" 28*6236dae4SAndroid Build Coastguard Worker 29*6236dae4SAndroid Build Coastguard Worker #ifdef USE_SCHANNEL 30*6236dae4SAndroid Build Coastguard Worker 31*6236dae4SAndroid Build Coastguard Worker #include "vtls.h" 32*6236dae4SAndroid Build Coastguard Worker 33*6236dae4SAndroid Build Coastguard Worker #if (defined(__MINGW32__) || defined(CERT_CHAIN_REVOCATION_CHECK_CHAIN)) \ 34*6236dae4SAndroid Build Coastguard Worker && !defined(CURL_WINDOWS_UWP) 35*6236dae4SAndroid Build Coastguard Worker #define HAS_MANUAL_VERIFY_API 36*6236dae4SAndroid Build Coastguard Worker #endif 37*6236dae4SAndroid Build Coastguard Worker 38*6236dae4SAndroid Build Coastguard Worker #if defined(CryptStringToBinary) && defined(CRYPT_STRING_HEX) \ 39*6236dae4SAndroid Build Coastguard Worker && !defined(DISABLE_SCHANNEL_CLIENT_CERT) 40*6236dae4SAndroid Build Coastguard Worker #define HAS_CLIENT_CERT_PATH 41*6236dae4SAndroid Build Coastguard Worker #endif 42*6236dae4SAndroid Build Coastguard Worker 43*6236dae4SAndroid Build Coastguard Worker #ifndef CRYPT_DECODE_NOCOPY_FLAG 44*6236dae4SAndroid Build Coastguard Worker #define CRYPT_DECODE_NOCOPY_FLAG 0x1 45*6236dae4SAndroid Build Coastguard Worker #endif 46*6236dae4SAndroid Build Coastguard Worker 47*6236dae4SAndroid Build Coastguard Worker #ifndef CRYPT_DECODE_ALLOC_FLAG 48*6236dae4SAndroid Build Coastguard Worker #define CRYPT_DECODE_ALLOC_FLAG 0x8000 49*6236dae4SAndroid Build Coastguard Worker #endif 50*6236dae4SAndroid Build Coastguard Worker 51*6236dae4SAndroid Build Coastguard Worker #ifndef CERT_ALT_NAME_DNS_NAME 52*6236dae4SAndroid Build Coastguard Worker #define CERT_ALT_NAME_DNS_NAME 3 53*6236dae4SAndroid Build Coastguard Worker #endif 54*6236dae4SAndroid Build Coastguard Worker 55*6236dae4SAndroid Build Coastguard Worker #ifndef CERT_ALT_NAME_IP_ADDRESS 56*6236dae4SAndroid Build Coastguard Worker #define CERT_ALT_NAME_IP_ADDRESS 8 57*6236dae4SAndroid Build Coastguard Worker #endif 58*6236dae4SAndroid Build Coastguard Worker 59*6236dae4SAndroid Build Coastguard Worker #if defined(_MSC_VER) && (_MSC_VER <= 1600) 60*6236dae4SAndroid Build Coastguard Worker /* Workaround for warning: 61*6236dae4SAndroid Build Coastguard Worker 'type cast' : conversion from 'int' to 'LPCSTR' of greater size */ 62*6236dae4SAndroid Build Coastguard Worker #undef CERT_STORE_PROV_MEMORY 63*6236dae4SAndroid Build Coastguard Worker #undef CERT_STORE_PROV_SYSTEM_A 64*6236dae4SAndroid Build Coastguard Worker #undef CERT_STORE_PROV_SYSTEM_W 65*6236dae4SAndroid Build Coastguard Worker #define CERT_STORE_PROV_MEMORY ((LPCSTR)(size_t)2) 66*6236dae4SAndroid Build Coastguard Worker #define CERT_STORE_PROV_SYSTEM_A ((LPCSTR)(size_t)9) 67*6236dae4SAndroid Build Coastguard Worker #define CERT_STORE_PROV_SYSTEM_W ((LPCSTR)(size_t)10) 68*6236dae4SAndroid Build Coastguard Worker #endif 69*6236dae4SAndroid Build Coastguard Worker 70*6236dae4SAndroid Build Coastguard Worker #ifndef SCH_CREDENTIALS_VERSION 71*6236dae4SAndroid Build Coastguard Worker 72*6236dae4SAndroid Build Coastguard Worker #define SCH_CREDENTIALS_VERSION 0x00000005 73*6236dae4SAndroid Build Coastguard Worker 74*6236dae4SAndroid Build Coastguard Worker typedef enum _eTlsAlgorithmUsage 75*6236dae4SAndroid Build Coastguard Worker { 76*6236dae4SAndroid Build Coastguard Worker TlsParametersCngAlgUsageKeyExchange, 77*6236dae4SAndroid Build Coastguard Worker TlsParametersCngAlgUsageSignature, 78*6236dae4SAndroid Build Coastguard Worker TlsParametersCngAlgUsageCipher, 79*6236dae4SAndroid Build Coastguard Worker TlsParametersCngAlgUsageDigest, 80*6236dae4SAndroid Build Coastguard Worker TlsParametersCngAlgUsageCertSig 81*6236dae4SAndroid Build Coastguard Worker } eTlsAlgorithmUsage; 82*6236dae4SAndroid Build Coastguard Worker 83*6236dae4SAndroid Build Coastguard Worker typedef struct _CRYPTO_SETTINGS 84*6236dae4SAndroid Build Coastguard Worker { 85*6236dae4SAndroid Build Coastguard Worker eTlsAlgorithmUsage eAlgorithmUsage; 86*6236dae4SAndroid Build Coastguard Worker UNICODE_STRING strCngAlgId; 87*6236dae4SAndroid Build Coastguard Worker DWORD cChainingModes; 88*6236dae4SAndroid Build Coastguard Worker PUNICODE_STRING rgstrChainingModes; 89*6236dae4SAndroid Build Coastguard Worker DWORD dwMinBitLength; 90*6236dae4SAndroid Build Coastguard Worker DWORD dwMaxBitLength; 91*6236dae4SAndroid Build Coastguard Worker } CRYPTO_SETTINGS, * PCRYPTO_SETTINGS; 92*6236dae4SAndroid Build Coastguard Worker 93*6236dae4SAndroid Build Coastguard Worker typedef struct _TLS_PARAMETERS 94*6236dae4SAndroid Build Coastguard Worker { 95*6236dae4SAndroid Build Coastguard Worker DWORD cAlpnIds; 96*6236dae4SAndroid Build Coastguard Worker PUNICODE_STRING rgstrAlpnIds; 97*6236dae4SAndroid Build Coastguard Worker DWORD grbitDisabledProtocols; 98*6236dae4SAndroid Build Coastguard Worker DWORD cDisabledCrypto; 99*6236dae4SAndroid Build Coastguard Worker PCRYPTO_SETTINGS pDisabledCrypto; 100*6236dae4SAndroid Build Coastguard Worker DWORD dwFlags; 101*6236dae4SAndroid Build Coastguard Worker } TLS_PARAMETERS, * PTLS_PARAMETERS; 102*6236dae4SAndroid Build Coastguard Worker 103*6236dae4SAndroid Build Coastguard Worker typedef struct _SCH_CREDENTIALS 104*6236dae4SAndroid Build Coastguard Worker { 105*6236dae4SAndroid Build Coastguard Worker DWORD dwVersion; 106*6236dae4SAndroid Build Coastguard Worker DWORD dwCredFormat; 107*6236dae4SAndroid Build Coastguard Worker DWORD cCreds; 108*6236dae4SAndroid Build Coastguard Worker PCCERT_CONTEXT* paCred; 109*6236dae4SAndroid Build Coastguard Worker HCERTSTORE hRootStore; 110*6236dae4SAndroid Build Coastguard Worker 111*6236dae4SAndroid Build Coastguard Worker DWORD cMappers; 112*6236dae4SAndroid Build Coastguard Worker struct _HMAPPER **aphMappers; 113*6236dae4SAndroid Build Coastguard Worker 114*6236dae4SAndroid Build Coastguard Worker DWORD dwSessionLifespan; 115*6236dae4SAndroid Build Coastguard Worker DWORD dwFlags; 116*6236dae4SAndroid Build Coastguard Worker DWORD cTlsParameters; 117*6236dae4SAndroid Build Coastguard Worker PTLS_PARAMETERS pTlsParameters; 118*6236dae4SAndroid Build Coastguard Worker } SCH_CREDENTIALS, * PSCH_CREDENTIALS; 119*6236dae4SAndroid Build Coastguard Worker 120*6236dae4SAndroid Build Coastguard Worker #define SCH_CRED_MAX_SUPPORTED_PARAMETERS 16 121*6236dae4SAndroid Build Coastguard Worker #define SCH_CRED_MAX_SUPPORTED_ALPN_IDS 16 122*6236dae4SAndroid Build Coastguard Worker #define SCH_CRED_MAX_SUPPORTED_CRYPTO_SETTINGS 16 123*6236dae4SAndroid Build Coastguard Worker #define SCH_CRED_MAX_SUPPORTED_CHAINING_MODES 16 124*6236dae4SAndroid Build Coastguard Worker 125*6236dae4SAndroid Build Coastguard Worker #endif /* SCH_CREDENTIALS_VERSION */ 126*6236dae4SAndroid Build Coastguard Worker 127*6236dae4SAndroid Build Coastguard Worker struct Curl_schannel_cred { 128*6236dae4SAndroid Build Coastguard Worker CredHandle cred_handle; 129*6236dae4SAndroid Build Coastguard Worker TimeStamp time_stamp; 130*6236dae4SAndroid Build Coastguard Worker TCHAR *sni_hostname; 131*6236dae4SAndroid Build Coastguard Worker #ifdef HAS_CLIENT_CERT_PATH 132*6236dae4SAndroid Build Coastguard Worker HCERTSTORE client_cert_store; 133*6236dae4SAndroid Build Coastguard Worker #endif 134*6236dae4SAndroid Build Coastguard Worker int refcount; 135*6236dae4SAndroid Build Coastguard Worker }; 136*6236dae4SAndroid Build Coastguard Worker 137*6236dae4SAndroid Build Coastguard Worker struct Curl_schannel_ctxt { 138*6236dae4SAndroid Build Coastguard Worker CtxtHandle ctxt_handle; 139*6236dae4SAndroid Build Coastguard Worker TimeStamp time_stamp; 140*6236dae4SAndroid Build Coastguard Worker }; 141*6236dae4SAndroid Build Coastguard Worker 142*6236dae4SAndroid Build Coastguard Worker struct schannel_ssl_backend_data { 143*6236dae4SAndroid Build Coastguard Worker struct Curl_schannel_cred *cred; 144*6236dae4SAndroid Build Coastguard Worker struct Curl_schannel_ctxt *ctxt; 145*6236dae4SAndroid Build Coastguard Worker SecPkgContext_StreamSizes stream_sizes; 146*6236dae4SAndroid Build Coastguard Worker size_t encdata_length, decdata_length; 147*6236dae4SAndroid Build Coastguard Worker size_t encdata_offset, decdata_offset; 148*6236dae4SAndroid Build Coastguard Worker unsigned char *encdata_buffer, *decdata_buffer; 149*6236dae4SAndroid Build Coastguard Worker /* encdata_is_incomplete: if encdata contains only a partial record that 150*6236dae4SAndroid Build Coastguard Worker cannot be decrypted without another recv() (that is, status is 151*6236dae4SAndroid Build Coastguard Worker SEC_E_INCOMPLETE_MESSAGE) then set this true. after an recv() adds 152*6236dae4SAndroid Build Coastguard Worker more bytes into encdata then set this back to false. */ 153*6236dae4SAndroid Build Coastguard Worker bool encdata_is_incomplete; 154*6236dae4SAndroid Build Coastguard Worker unsigned long req_flags, ret_flags; 155*6236dae4SAndroid Build Coastguard Worker CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */ 156*6236dae4SAndroid Build Coastguard Worker bool recv_sspi_close_notify; /* true if connection closed by close_notify */ 157*6236dae4SAndroid Build Coastguard Worker bool recv_connection_closed; /* true if connection closed, regardless how */ 158*6236dae4SAndroid Build Coastguard Worker bool recv_renegotiating; /* true if recv is doing renegotiation */ 159*6236dae4SAndroid Build Coastguard Worker bool use_alpn; /* true if ALPN is used for this connection */ 160*6236dae4SAndroid Build Coastguard Worker #ifdef HAS_MANUAL_VERIFY_API 161*6236dae4SAndroid Build Coastguard Worker bool use_manual_cred_validation; /* true if manual cred validation is used */ 162*6236dae4SAndroid Build Coastguard Worker #endif 163*6236dae4SAndroid Build Coastguard Worker BIT(sent_shutdown); 164*6236dae4SAndroid Build Coastguard Worker }; 165*6236dae4SAndroid Build Coastguard Worker 166*6236dae4SAndroid Build Coastguard Worker /* key to use at `multi->proto_hash` */ 167*6236dae4SAndroid Build Coastguard Worker #define MPROTO_SCHANNEL_CERT_SHARE_KEY "tls:schannel:cert:share" 168*6236dae4SAndroid Build Coastguard Worker 169*6236dae4SAndroid Build Coastguard Worker struct schannel_cert_share { 170*6236dae4SAndroid Build Coastguard Worker unsigned char CAinfo_blob_digest[CURL_SHA256_DIGEST_LENGTH]; 171*6236dae4SAndroid Build Coastguard Worker size_t CAinfo_blob_size; /* CA info blob size */ 172*6236dae4SAndroid Build Coastguard Worker char *CAfile; /* CAfile path used to generate 173*6236dae4SAndroid Build Coastguard Worker certificate store */ 174*6236dae4SAndroid Build Coastguard Worker HCERTSTORE cert_store; /* cached certificate store or 175*6236dae4SAndroid Build Coastguard Worker NULL if none */ 176*6236dae4SAndroid Build Coastguard Worker struct curltime time; /* when the cached store was created */ 177*6236dae4SAndroid Build Coastguard Worker }; 178*6236dae4SAndroid Build Coastguard Worker 179*6236dae4SAndroid Build Coastguard Worker /* 180*6236dae4SAndroid Build Coastguard Worker * size of the structure: 20 bytes. 181*6236dae4SAndroid Build Coastguard Worker */ 182*6236dae4SAndroid Build Coastguard Worker struct num_ip_data { 183*6236dae4SAndroid Build Coastguard Worker DWORD size; /* 04 bytes */ 184*6236dae4SAndroid Build Coastguard Worker union { 185*6236dae4SAndroid Build Coastguard Worker struct in_addr ia; /* 04 bytes */ 186*6236dae4SAndroid Build Coastguard Worker struct in6_addr ia6; /* 16 bytes */ 187*6236dae4SAndroid Build Coastguard Worker } bData; 188*6236dae4SAndroid Build Coastguard Worker }; 189*6236dae4SAndroid Build Coastguard Worker 190*6236dae4SAndroid Build Coastguard Worker HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, 191*6236dae4SAndroid Build Coastguard Worker const struct Curl_easy *data); 192*6236dae4SAndroid Build Coastguard Worker 193*6236dae4SAndroid Build Coastguard Worker bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, 194*6236dae4SAndroid Build Coastguard Worker const struct Curl_easy *data, 195*6236dae4SAndroid Build Coastguard Worker HCERTSTORE cert_store); 196*6236dae4SAndroid Build Coastguard Worker 197*6236dae4SAndroid Build Coastguard Worker #endif /* USE_SCHANNEL */ 198*6236dae4SAndroid Build Coastguard Worker #endif /* HEADER_CURL_SCHANNEL_INT_H */ 199