//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright 1992 - 1998 Microsoft Corporation.
//
// File: wincrypt.h
//
// Contents: Cryptographic API Prototypes and Definitions
//
//----------------------------------------------------------------------------
#ifndef __WINCRYPT_H__
#define __WINCRYPT_H__
#if(_WIN32_WINNT >= 0x0400)
#ifdef __cplusplus
extern "C" {
#endif
#ifndef _HRESULT_DEFINED
#define _HRESULT_DEFINED
typedef LONG HRESULT;
#endif // !_HRESULT_DEFINED
#if !defined(_CRYPT32_)
#define WINCRYPT32API DECLSPEC_IMPORT
#else
#define WINCRYPT32API
#endif
//
// Algorithm IDs and Flags
//
// ALG_ID crackers
#define GET_ALG_CLASS(x) (x & (7 << 13))
#define GET_ALG_TYPE(x) (x & (15 << 9))
#define GET_ALG_SID(x) (x & (511))
// Algorithm classes
#define ALG_CLASS_ANY (0)
#define ALG_CLASS_SIGNATURE (1 << 13)
#define ALG_CLASS_MSG_ENCRYPT (2 << 13)
#define ALG_CLASS_DATA_ENCRYPT (3 << 13)
#define ALG_CLASS_HASH (4 << 13)
#define ALG_CLASS_KEY_EXCHANGE (5 << 13)
// Algorithm types
#define ALG_TYPE_ANY (0)
#define ALG_TYPE_DSS (1 << 9)
#define ALG_TYPE_RSA (2 << 9)
#define ALG_TYPE_BLOCK (3 << 9)
#define ALG_TYPE_STREAM (4 << 9)
#define ALG_TYPE_DH (5 << 9)
#define ALG_TYPE_SECURECHANNEL (6 << 9)
// Generic sub-ids
#define ALG_SID_ANY (0)
// Some RSA sub-ids
#define ALG_SID_RSA_ANY 0
#define ALG_SID_RSA_PKCS 1
#define ALG_SID_RSA_MSATWORK 2
#define ALG_SID_RSA_ENTRUST 3
#define ALG_SID_RSA_PGP 4
// Some DSS sub-ids
//
#define ALG_SID_DSS_ANY 0
#define ALG_SID_DSS_PKCS 1
#define ALG_SID_DSS_DMS 2
// Block cipher sub ids
// DES sub_ids
#define ALG_SID_DES 1
#define ALG_SID_3DES 3
#define ALG_SID_DESX 4
#define ALG_SID_IDEA 5
#define ALG_SID_CAST 6
#define ALG_SID_SAFERSK64 7
#define ALG_SID_SAFERSK128 8
#define ALG_SID_3DES_112 9
#define ALG_SID_CYLINK_MEK 12
#define ALG_SID_RC5 13
// Fortezza sub-ids
#define ALG_SID_SKIPJACK 10
#define ALG_SID_TEK 11
// KP_MODE
#define CRYPT_MODE_CBCI 6 // ANSI CBC Interleaved
#define CRYPT_MODE_CFBP 7 // ANSI CFB Pipelined
#define CRYPT_MODE_OFBP 8 // ANSI OFB Pipelined
#define CRYPT_MODE_CBCOFM 9 // ANSI CBC + OF Masking
#define CRYPT_MODE_CBCOFMI 10 // ANSI CBC + OFM Interleaved
// RC2 sub-ids
#define ALG_SID_RC2 2
// Stream cipher sub-ids
#define ALG_SID_RC4 1
#define ALG_SID_SEAL 2
// Diffie-Hellman sub-ids
#define ALG_SID_DH_SANDF 1
#define ALG_SID_DH_EPHEM 2
#define ALG_SID_AGREED_KEY_ANY 3
#define ALG_SID_KEA 4
// Hash sub ids
#define ALG_SID_MD2 1
#define ALG_SID_MD4 2
#define ALG_SID_MD5 3
#define ALG_SID_SHA 4
#define ALG_SID_SHA1 4
#define ALG_SID_MAC 5
#define ALG_SID_RIPEMD 6
#define ALG_SID_RIPEMD160 7
#define ALG_SID_SSL3SHAMD5 8
#define ALG_SID_HMAC 9
// secure channel sub ids
#define ALG_SID_SSL3_MASTER 1
#define ALG_SID_SCHANNEL_MASTER_HASH 2
#define ALG_SID_SCHANNEL_MAC_KEY 3
#define ALG_SID_PCT1_MASTER 4
#define ALG_SID_SSL2_MASTER 5
#define ALG_SID_TLS1_MASTER 6
#define ALG_SID_SCHANNEL_ENC_KEY 7
// Our silly example sub-id
#define ALG_SID_EXAMPLE 80
#ifndef ALGIDDEF
#define ALGIDDEF
typedef unsigned int ALG_ID;
#endif
// algorithm identifier definitions
#define CALG_MD2 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2)
#define CALG_MD4 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4)
#define CALG_MD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5)
#define CALG_SHA (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA)
#define CALG_SHA1 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA1)
#define CALG_MAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC)
#define CALG_RSA_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RSA_ANY)
#define CALG_DSS_SIGN (ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DSS_ANY)
#define CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_RSA|ALG_SID_RSA_ANY)
#define CALG_DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_DES)
#define CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES_112)
#define CALG_3DES (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_3DES)
#define CALG_RC2 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC2)
#define CALG_RC4 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_RC4)
#define CALG_SEAL (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_STREAM|ALG_SID_SEAL)
#define CALG_DH_SF (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_SANDF)
#define CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_DH_EPHEM)
#define CALG_AGREEDKEY_ANY (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_AGREED_KEY_ANY)
#define CALG_KEA_KEYX (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_DH|ALG_SID_KEA)
#define CALG_HUGHES_MD5 (ALG_CLASS_KEY_EXCHANGE|ALG_TYPE_ANY|ALG_SID_MD5)
#define CALG_SKIPJACK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_SKIPJACK)
#define CALG_TEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_TEK)
#define CALG_CYLINK_MEK (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_CYLINK_MEK)
#define CALG_SSL3_SHAMD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHAMD5)
#define CALG_SSL3_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SSL3_MASTER)
#define CALG_SCHANNEL_MASTER_HASH (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_MASTER_HASH)
#define CALG_SCHANNEL_MAC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_MAC_KEY)
#define CALG_SCHANNEL_ENC_KEY (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SCHANNEL_ENC_KEY)
#define CALG_PCT1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_PCT1_MASTER)
#define CALG_SSL2_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_SSL2_MASTER)
#define CALG_TLS1_MASTER (ALG_CLASS_MSG_ENCRYPT|ALG_TYPE_SECURECHANNEL|ALG_SID_TLS1_MASTER)
#define CALG_RC5 (ALG_CLASS_DATA_ENCRYPT|ALG_TYPE_BLOCK|ALG_SID_RC5)
#define CALG_HMAC (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_HMAC)
typedef struct _VTableProvStruc {
DWORD Version;
FARPROC FuncVerifyImage;
FARPROC FuncReturnhWnd;
DWORD dwProvType;
BYTE *pbContextInfo;
DWORD cbContextInfo;
} VTableProvStruc, *PVTableProvStruc;
typedef unsigned long HCRYPTPROV;
typedef unsigned long HCRYPTKEY;
typedef unsigned long HCRYPTHASH;
// dwFlags definitions for CryptAcquireContext
#define CRYPT_VERIFYCONTEXT 0xF0000000
#define CRYPT_NEWKEYSET 0x00000008
#define CRYPT_DELETEKEYSET 0x00000010
#define CRYPT_MACHINE_KEYSET 0x00000020
// dwFlag definitions for CryptGenKey
#define CRYPT_EXPORTABLE 0x00000001
#define CRYPT_USER_PROTECTED 0x00000002
#define CRYPT_CREATE_SALT 0x00000004
#define CRYPT_UPDATE_KEY 0x00000008
#define CRYPT_NO_SALT 0x00000010
#define CRYPT_PREGEN 0x00000040
#define CRYPT_RECIPIENT 0x00000010
#define CRYPT_INITIATOR 0x00000040
#define CRYPT_ONLINE 0x00000080
#define CRYPT_SF 0x00000100
#define CRYPT_CREATE_IV 0x00000200
#define CRYPT_KEK 0x00000400
#define CRYPT_DATA_KEY 0x00000800
// dwFlags definitions for CryptDeriveKey
#define CRYPT_SERVER 0x00000400
#define KEY_LENGTH_MASK 0xFFFF0000
// dwFlag definitions for CryptExportKey
#define CRYPT_Y_ONLY 0x00000001
#define CRYPT_SSL2_SLUMMING 0x00000002
// dwFlags definitions for CryptHashSessionKey
#define CRYPT_LITTLE_ENDIAN 0x00000001
// dwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider
#define CRYPT_MACHINE_DEFAULT 0x00000001
#define CRYPT_USER_DEFAULT 0x00000002
#define CRYPT_DELETE_DEFAULT 0x00000004
// exported key blob definitions
#define SIMPLEBLOB 0x1
#define PUBLICKEYBLOB 0x6
#define PRIVATEKEYBLOB 0x7
#define PLAINTEXTKEYBLOB 0x8
#define AT_KEYEXCHANGE 1
#define AT_SIGNATURE 2
#define CRYPT_USERDATA 1
// dwParam
#define KP_IV 1 // Initialization vector
#define KP_SALT 2 // Salt value
#define KP_PADDING 3 // Padding values
#define KP_MODE 4 // Mode of the cipher
#define KP_MODE_BITS 5 // Number of bits to feedback
#define KP_PERMISSIONS 6 // Key permissions DWORD
#define KP_ALGID 7 // Key algorithm
#define KP_BLOCKLEN 8 // Block size of the cipher
#define KP_KEYLEN 9 // Length of key in bits
#define KP_SALT_EX 10 // Length of salt in bytes
#define KP_P 11 // DSS/Diffie-Hellman P value
#define KP_G 12 // DSS/Diffie-Hellman G value
#define KP_Q 13 // DSS Q value
#define KP_X 14 // Diffie-Hellman X value
#define KP_Y 15 // Y value
#define KP_RA 16 // Fortezza RA value
#define KP_RB 17 // Fortezza RB value
#define KP_INFO 18 // for putting information into an RSA envelope
#define KP_EFFECTIVE_KEYLEN 19 // setting and getting RC2 effective key length
#define KP_SCHANNEL_ALG 20 // for setting the Secure Channel algorithms
#define KP_CLIENT_RANDOM 21 // for setting the Secure Channel client random data
#define KP_SERVER_RANDOM 22 // for setting the Secure Channel server random data
#define KP_RP 23
#define KP_PRECOMP_MD5 24
#define KP_PRECOMP_SHA 25
#define KP_CERTIFICATE 26 // for setting Secure Channel certificate data (PCT1)
#define KP_CLEAR_KEY 27 // for setting Secure Channel clear key data (PCT1)
#define KP_PUB_EX_LEN 28
#define KP_PUB_EX_VAL 29
// KP_PADDING
#define PKCS5_PADDING 1 // PKCS 5 (sec 6.2) padding method
#define RANDOM_PADDING 2
#define ZERO_PADDING 3
// KP_MODE
#define CRYPT_MODE_CBC 1 // Cipher block chaining
#define CRYPT_MODE_ECB 2 // Electronic code book
#define CRYPT_MODE_OFB 3 // Output feedback mode
#define CRYPT_MODE_CFB 4 // Cipher feedback mode
#define CRYPT_MODE_CTS 5 // Ciphertext stealing mode
// KP_PERMISSIONS
#define CRYPT_ENCRYPT 0x0001 // Allow encryption
#define CRYPT_DECRYPT 0x0002 // Allow decryption
#define CRYPT_EXPORT 0x0004 // Allow key to be exported
#define CRYPT_READ 0x0008 // Allow parameters to be read
#define CRYPT_WRITE 0x0010 // Allow parameters to be set
#define CRYPT_MAC 0x0020 // Allow MACs to be used with key
#define CRYPT_EXPORT_KEY 0x0040 // Allow key to be used for exporting keys
#define CRYPT_IMPORT_KEY 0x0080 // Allow key to be used for importing keys
#define HP_ALGID 0x0001 // Hash algorithm
#define HP_HASHVAL 0x0002 // Hash value
#define HP_HASHSIZE 0x0004 // Hash value size
#define HP_HMAC_INFO 0x0005 // information for creating an HMAC
#define CRYPT_FAILED FALSE
#define CRYPT_SUCCEED TRUE
#define RCRYPT_SUCCEEDED(rt) ((rt) == CRYPT_SUCCEED)
#define RCRYPT_FAILED(rt) ((rt) == CRYPT_FAILED)
//
// CryptGetProvParam
//
#define PP_ENUMALGS 1
#define PP_ENUMCONTAINERS 2
#define PP_IMPTYPE 3
#define PP_NAME 4
#define PP_VERSION 5
#define PP_CONTAINER 6
#define PP_CHANGE_PASSWORD 7
#define PP_KEYSET_SEC_DESCR 8 // get/set security descriptor of keyset
#define PP_CERTCHAIN 9 // for retrieving certificates from tokens
#define PP_KEY_TYPE_SUBTYPE 10
#define PP_PROVTYPE 16
#define PP_KEYSTORAGE 17
#define PP_APPLI_CERT 18
#define PP_SYM_KEYSIZE 19
#define PP_SESSION_KEYSIZE 20
#define PP_UI_PROMPT 21
#define PP_ENUMALGS_EX 22
#define CRYPT_FIRST 1
#define CRYPT_NEXT 2
#define CRYPT_IMPL_HARDWARE 1
#define CRYPT_IMPL_SOFTWARE 2
#define CRYPT_IMPL_MIXED 3
#define CRYPT_IMPL_UNKNOWN 4
// key storage flags
#define CRYPT_SEC_DESCR 0x00000001
#define CRYPT_PSTORE 0x00000002
#define CRYPT_UI_PROMPT 0x00000004
// protocol flags
#define CRYPT_FLAG_PCT1 0x0001
#define CRYPT_FLAG_SSL2 0x0002
#define CRYPT_FLAG_SSL3 0x0004
#define CRYPT_FLAG_TLS1 0x0008
//
// CryptSetProvParam
//
#define PP_CLIENT_HWND 1
#define PP_CONTEXT_INFO 11
#define PP_KEYEXCHANGE_KEYSIZE 12
#define PP_SIGNATURE_KEYSIZE 13
#define PP_KEYEXCHANGE_ALG 14
#define PP_SIGNATURE_ALG 15
#define PP_DELETEKEY 24
#define PROV_RSA_FULL 1
#define PROV_RSA_SIG 2
#define PROV_DSS 3
#define PROV_FORTEZZA 4
#define PROV_MS_EXCHANGE 5
#define PROV_SSL 6
#define PROV_RSA_SCHANNEL 12
#define PROV_DSS_DH 13
#define PROV_EC_ECDSA_SIG 14
#define PROV_EC_ECNRA_SIG 15
#define PROV_EC_ECDSA_FULL 16
#define PROV_EC_ECNRA_FULL 17
#define PROV_SPYRUS_LYNKS 20
//
// STT defined Providers
//
#define PROV_STT_MER 7
#define PROV_STT_ACQ 8
#define PROV_STT_BRND 9
#define PROV_STT_ROOT 10
#define PROV_STT_ISS 11
//
// Provider friendly names
//
#define MS_DEF_PROV_A "Microsoft Base Cryptographic Provider v1.0"
#define MS_DEF_PROV_W L"Microsoft Base Cryptographic Provider v1.0"
#ifdef UNICODE
#define MS_DEF_PROV MS_DEF_PROV_W
#else
#define MS_DEF_PROV MS_DEF_PROV_A
#endif
#define MS_ENHANCED_PROV_A "Microsoft Enhanced Cryptographic Provider v1.0"
#define MS_ENHANCED_PROV_W L"Microsoft Enhanced Cryptographic Provider v1.0"
#ifdef UNICODE
#define MS_ENHANCED_PROV MS_ENHANCED_PROV_W
#else
#define MS_ENHANCED_PROV MS_ENHANCED_PROV_A
#endif
#define MS_DEF_RSA_SIG_PROV_A "Microsoft RSA Signature Cryptographic Provider"
#define MS_DEF_RSA_SIG_PROV_W L"Microsoft RSA Signature Cryptographic Provider"
#ifdef UNICODE
#define MS_DEF_RSA_SIG_PROV MS_DEF_RSA_SIG_PROV_W
#else
#define MS_DEF_RSA_SIG_PROV MS_DEF_RSA_SIG_PROV_A
#endif
#define MS_DEF_RSA_SCHANNEL_PROV_A "Microsoft Base RSA SChannel Cryptographic Provider"
#define MS_DEF_RSA_SCHANNEL_PROV_W L"Microsoft Base RSA SChannel Cryptographic Provider"
#ifdef UNICODE
#define MS_DEF_RSA_SCHANNEL_PROV MS_DEF_RSA_SCHANNEL_PROV_W
#else
#define MS_DEF_RSA_SCHANNEL_PROV MS_DEF_RSA_SCHANNEL_PROV_A
#endif
#define MS_ENHANCED_RSA_SCHANNEL_PROV_A "Microsoft Enhanced RSA SChannel Cryptographic Provider"
#define MS_ENHANCED_RSA_SCHANNEL_PROV_W L"Microsoft Enhanced RSA SChannel Cryptographic Provider"
#ifdef UNICODE
#define MS_ENHANCED_RSA_SCHANNEL_PROV MS_ENHANCED_RSA_SCHANNEL_PROV_W
#else
#define MS_ENHANCED_RSA_SCHANNEL_PROV MS_ENHANCED_RSA_SCHANNEL_PROV_A
#endif
#define MS_DEF_DSS_PROV_A "Microsoft Base DSS Cryptographic Provider"
#define MS_DEF_DSS_PROV_W L"Microsoft Base DSS Cryptographic Provider"
#ifdef UNICODE
#define MS_DEF_DSS_PROV MS_DEF_DSS_PROV_W
#else
#define MS_DEF_DSS_PROV MS_DEF_DSS_PROV_A
#endif
#define MS_DEF_DSS_DH_PROV_A "Microsoft Base DSS and Diffie-Hellman Cryptographic Provider"
#define MS_DEF_DSS_DH_PROV_W L"Microsoft Base DSS and Diffie-Hellman Cryptographic Provider"
#ifdef UNICODE
#define MS_DEF_DSS_DH_PROV MS_DEF_DSS_DH_PROV_W
#else
#define MS_DEF_DSS_DH_PROV MS_DEF_DSS_DH_PROV_A
#endif
#define MAXUIDLEN 64
#define CUR_BLOB_VERSION 2
// structure for use with CryptSetHashParam with CALG_HMAC
typedef struct _HMAC_Info {
ALG_ID HashAlgid;
BYTE *pbInnerString;
DWORD cbInnerString;
BYTE *pbOuterString;
DWORD cbOuterString;
} HMAC_INFO, *PHMAC_INFO;
// structure for use with CryptSetKeyParam with KP_SCHANNEL_ALG
typedef struct _SCHANNEL_ALG {
DWORD dwUse;
ALG_ID Algid;
DWORD cBits;
} SCHANNEL_ALG, *PSCHANNEL_ALG;
// uses of algortihms for SCHANNEL_ALG structure
#define SCHANNEL_MAC_KEY 0x00000000
#define SCHANNEL_ENC_KEY 0x00000001
typedef struct _PROV_ENUMALGS {
ALG_ID aiAlgid;
DWORD dwBitLen;
DWORD dwNameLen;
CHAR szName[20];
} PROV_ENUMALGS;
typedef struct _PROV_ENUMALGS_EX {
ALG_ID aiAlgid;
DWORD dwDefaultLen;
DWORD dwMinLen;
DWORD dwMaxLen;
DWORD dwProtocols;
DWORD dwNameLen;
CHAR szName[20];
DWORD dwLongNameLen;
CHAR szLongName[40];
} PROV_ENUMALGS_EX;
typedef struct _PUBLICKEYSTRUC {
BYTE bType;
BYTE bVersion;
WORD reserved;
ALG_ID aiKeyAlg;
} BLOBHEADER, PUBLICKEYSTRUC;
typedef struct _RSAPUBKEY {
DWORD magic; // Has to be RSA1
DWORD bitlen; // # of bits in modulus
DWORD pubexp; // public exponent
// Modulus data follows
} RSAPUBKEY;
typedef struct _PUBKEY {
DWORD magic;
DWORD bitlen; // # of bits in modulus
} DHPUBKEY, DSSPUBKEY, KEAPUBKEY, TEKPUBKEY;
typedef struct _DSSSEED {
DWORD counter;
BYTE seed[20];
} DSSSEED;
typedef struct _KEY_TYPE_SUBTYPE {
DWORD dwKeySpec;
GUID Type;
GUID Subtype;
} KEY_TYPE_SUBTYPE, *PKEY_TYPE_SUBTYPE;
WINADVAPI
BOOL
WINAPI
CryptAcquireContextA(
HCRYPTPROV *phProv,
LPCSTR pszContainer,
LPCSTR pszProvider,
DWORD dwProvType,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptAcquireContextW(
HCRYPTPROV *phProv,
LPCWSTR pszContainer,
LPCWSTR pszProvider,
DWORD dwProvType,
DWORD dwFlags);
#ifdef UNICODE
#define CryptAcquireContext CryptAcquireContextW
#else
#define CryptAcquireContext CryptAcquireContextA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptReleaseContext(
HCRYPTPROV hProv,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptGenKey(
HCRYPTPROV hProv,
ALG_ID Algid,
DWORD dwFlags,
HCRYPTKEY *phKey);
WINADVAPI
BOOL
WINAPI
CryptDeriveKey(
HCRYPTPROV hProv,
ALG_ID Algid,
HCRYPTHASH hBaseData,
DWORD dwFlags,
HCRYPTKEY *phKey);
WINADVAPI
BOOL
WINAPI
CryptDestroyKey(
HCRYPTKEY hKey);
WINADVAPI
BOOL
WINAPI
CryptSetKeyParam(
HCRYPTKEY hKey,
DWORD dwParam,
BYTE *pbData,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptGetKeyParam(
HCRYPTKEY hKey,
DWORD dwParam,
BYTE *pbData,
DWORD *pdwDataLen,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptSetHashParam(
HCRYPTHASH hHash,
DWORD dwParam,
BYTE *pbData,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptGetHashParam(
HCRYPTHASH hHash,
DWORD dwParam,
BYTE *pbData,
DWORD *pdwDataLen,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptSetProvParam(
HCRYPTPROV hProv,
DWORD dwParam,
BYTE *pbData,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptGetProvParam(
HCRYPTPROV hProv,
DWORD dwParam,
BYTE *pbData,
DWORD *pdwDataLen,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptGenRandom(
HCRYPTPROV hProv,
DWORD dwLen,
BYTE *pbBuffer);
WINADVAPI
BOOL
WINAPI
CryptGetUserKey(
HCRYPTPROV hProv,
DWORD dwKeySpec,
HCRYPTKEY *phUserKey);
WINADVAPI
BOOL
WINAPI
CryptExportKey(
HCRYPTKEY hKey,
HCRYPTKEY hExpKey,
DWORD dwBlobType,
DWORD dwFlags,
BYTE *pbData,
DWORD *pdwDataLen);
WINADVAPI
BOOL
WINAPI
CryptImportKey(
HCRYPTPROV hProv,
CONST BYTE *pbData,
DWORD dwDataLen,
HCRYPTKEY hPubKey,
DWORD dwFlags,
HCRYPTKEY *phKey);
WINADVAPI
BOOL
WINAPI
CryptEncrypt(
HCRYPTKEY hKey,
HCRYPTHASH hHash,
BOOL Final,
DWORD dwFlags,
BYTE *pbData,
DWORD *pdwDataLen,
DWORD dwBufLen);
WINADVAPI
BOOL
WINAPI
CryptDecrypt(
HCRYPTKEY hKey,
HCRYPTHASH hHash,
BOOL Final,
DWORD dwFlags,
BYTE *pbData,
DWORD *pdwDataLen);
WINADVAPI
BOOL
WINAPI
CryptCreateHash(
HCRYPTPROV hProv,
ALG_ID Algid,
HCRYPTKEY hKey,
DWORD dwFlags,
HCRYPTHASH *phHash);
WINADVAPI
BOOL
WINAPI
CryptHashData(
HCRYPTHASH hHash,
CONST BYTE *pbData,
DWORD dwDataLen,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptHashSessionKey(
HCRYPTHASH hHash,
HCRYPTKEY hKey,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptDestroyHash(
HCRYPTHASH hHash);
WINADVAPI
BOOL
WINAPI
CryptSignHashA(
HCRYPTHASH hHash,
DWORD dwKeySpec,
LPCSTR sDescription,
DWORD dwFlags,
BYTE *pbSignature,
DWORD *pdwSigLen);
WINADVAPI
BOOL
WINAPI
CryptSignHashW(
HCRYPTHASH hHash,
DWORD dwKeySpec,
LPCWSTR sDescription,
DWORD dwFlags,
BYTE *pbSignature,
DWORD *pdwSigLen);
#ifdef UNICODE
#define CryptSignHash CryptSignHashW
#else
#define CryptSignHash CryptSignHashA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptVerifySignatureA(
HCRYPTHASH hHash,
CONST BYTE *pbSignature,
DWORD dwSigLen,
HCRYPTKEY hPubKey,
LPCSTR sDescription,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptVerifySignatureW(
HCRYPTHASH hHash,
CONST BYTE *pbSignature,
DWORD dwSigLen,
HCRYPTKEY hPubKey,
LPCWSTR sDescription,
DWORD dwFlags);
#ifdef UNICODE
#define CryptVerifySignature CryptVerifySignatureW
#else
#define CryptVerifySignature CryptVerifySignatureA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptSetProviderA(
LPCSTR pszProvName,
DWORD dwProvType);
WINADVAPI
BOOL
WINAPI
CryptSetProviderW(
LPCWSTR pszProvName,
DWORD dwProvType);
#ifdef UNICODE
#define CryptSetProvider CryptSetProviderW
#else
#define CryptSetProvider CryptSetProviderA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptSetProviderExA(
LPCSTR pszProvName,
DWORD dwProvType,
DWORD *pdwReserved,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI
CryptSetProviderExW(
LPCWSTR pszProvName,
DWORD dwProvType,
DWORD *pdwReserved,
DWORD dwFlags);
#ifdef UNICODE
#define CryptSetProviderEx CryptSetProviderExW
#else
#define CryptSetProviderEx CryptSetProviderExA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI
CryptGetDefaultProviderA(
DWORD dwProvType,
DWORD *pdwReserved,
DWORD dwFlags,
LPSTR pszProvName,
DWORD *pcbProvName);
WINADVAPI
BOOL
WINAPI
CryptGetDefaultProviderW(
DWORD dwProvType,
DWORD *pdwReserved,
DWORD dwFlags,
LPWSTR pszProvName,
DWORD *pcbProvName);
#ifdef UNICODE
#define CryptGetDefaultProvider CryptGetDefaultProviderW
#else
#define CryptGetDefaultProvider CryptGetDefaultProviderA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI CryptEnumProviderTypesA(
DWORD dwIndex,
DWORD *pdwReserved,
DWORD dwFlags,
DWORD *pdwProvType,
LPSTR pszTypeName,
DWORD *pcbTypeName);
WINADVAPI
BOOL
WINAPI CryptEnumProviderTypesW(
DWORD dwIndex,
DWORD *pdwReserved,
DWORD dwFlags,
DWORD *pdwProvType,
LPWSTR pszTypeName,
DWORD *pcbTypeName);
#ifdef UNICODE
#define CryptEnumProviderTypes CryptEnumProviderTypesW
#else
#define CryptEnumProviderTypes CryptEnumProviderTypesA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI CryptEnumProvidersA(
DWORD dwIndex,
DWORD *pdwReserved,
DWORD dwFlags,
DWORD *pdwProvType,
LPSTR pszProvName,
DWORD *pcbProvName);
WINADVAPI
BOOL
WINAPI CryptEnumProvidersW(
DWORD dwIndex,
DWORD *pdwReserved,
DWORD dwFlags,
DWORD *pdwProvType,
LPWSTR pszProvName,
DWORD *pcbProvName);
#ifdef UNICODE
#define CryptEnumProviders CryptEnumProvidersW
#else
#define CryptEnumProviders CryptEnumProvidersA
#endif // !UNICODE
WINADVAPI
BOOL
WINAPI CryptContextAddRef(
HCRYPTPROV hProv,
DWORD *pdwReserved,
DWORD dwFlags);
WINADVAPI
BOOL
WINAPI CryptDuplicateKey(
HCRYPTKEY hKey,
DWORD *pdwReserved,
DWORD dwFlags,
HCRYPTKEY * phKey);
WINADVAPI
BOOL
WINAPI CryptDuplicateHash(
HCRYPTHASH hHash,
DWORD *pdwReserved,
DWORD dwFlags,
HCRYPTHASH * phHash);
//+-------------------------------------------------------------------------
// CRYPTOAPI BLOB definitions
//--------------------------------------------------------------------------
typedef struct _CRYPTOAPI_BLOB {
DWORD cbData;
BYTE *pbData;
} CRYPT_INTEGER_BLOB, *PCRYPT_INTEGER_BLOB,
CRYPT_UINT_BLOB, *PCRYPT_UINT_BLOB,
CRYPT_OBJID_BLOB, *PCRYPT_OBJID_BLOB,
CERT_NAME_BLOB, *PCERT_NAME_BLOB,
CERT_RDN_VALUE_BLOB, *PCERT_RDN_VALUE_BLOB,
CERT_BLOB, *PCERT_BLOB,
CRL_BLOB, *PCRL_BLOB,
DATA_BLOB, *PDATA_BLOB, // JEFFJEFF temporary (too generic)
CRYPT_DATA_BLOB, *PCRYPT_DATA_BLOB,
CRYPT_HASH_BLOB, *PCRYPT_HASH_BLOB,
CRYPT_DIGEST_BLOB, *PCRYPT_DIGEST_BLOB,
CRYPT_DER_BLOB, *PCRYPT_DER_BLOB,
CRYPT_ATTR_BLOB, *PCRYPT_ATTR_BLOB;
//+-------------------------------------------------------------------------
// In a CRYPT_BIT_BLOB the last byte may contain 0-7 unused bits. Therefore, the
// overall bit length is cbData * 8 - cUnusedBits.
//--------------------------------------------------------------------------
typedef struct _CRYPT_BIT_BLOB {
DWORD cbData;
BYTE *pbData;
DWORD cUnusedBits;
} CRYPT_BIT_BLOB, *PCRYPT_BIT_BLOB;
//+-------------------------------------------------------------------------
// Type used for any algorithm
//
// Where the Parameters CRYPT_OBJID_BLOB is in its encoded representation. For most
// algorithm types, the Parameters CRYPT_OBJID_BLOB is NULL (Parameters.cbData = 0).
//--------------------------------------------------------------------------
typedef struct _CRYPT_ALGORITHM_IDENTIFIER {
LPSTR pszObjId;
CRYPT_OBJID_BLOB Parameters;
} CRYPT_ALGORITHM_IDENTIFIER, *PCRYPT_ALGORITHM_IDENTIFIER;
// Following are the definitions of various algorithm object identifiers
// RSA
#define szOID_RSA "1.2.840.113549"
#define szOID_PKCS "1.2.840.113549.1"
#define szOID_RSA_HASH "1.2.840.113549.2"
#define szOID_RSA_ENCRYPT "1.2.840.113549.3"
#define szOID_PKCS_1 "1.2.840.113549.1.1"
#define szOID_PKCS_2 "1.2.840.113549.1.2"
#define szOID_PKCS_3 "1.2.840.113549.1.3"
#define szOID_PKCS_4 "1.2.840.113549.1.4"
#define szOID_PKCS_5 "1.2.840.113549.1.5"
#define szOID_PKCS_6 "1.2.840.113549.1.6"
#define szOID_PKCS_7 "1.2.840.113549.1.7"
#define szOID_PKCS_8 "1.2.840.113549.1.8"
#define szOID_PKCS_9 "1.2.840.113549.1.9"
#define szOID_PKCS_10 "1.2.840.113549.1.10"
#define szOID_RSA_RSA "1.2.840.113549.1.1.1"
#define szOID_RSA_MD2RSA "1.2.840.113549.1.1.2"
#define szOID_RSA_MD4RSA "1.2.840.113549.1.1.3"
#define szOID_RSA_MD5RSA "1.2.840.113549.1.1.4"
#define szOID_RSA_SHA1RSA "1.2.840.113549.1.1.5"
#define szOID_RSA_SETOAEP_RSA "1.2.840.113549.1.1.6"
#define szOID_RSA_data "1.2.840.113549.1.7.1"
#define szOID_RSA_signedData "1.2.840.113549.1.7.2"
#define szOID_RSA_envelopedData "1.2.840.113549.1.7.3"
#define szOID_RSA_signEnvData "1.2.840.113549.1.7.4"
#define szOID_RSA_digestedData "1.2.840.113549.1.7.5"
#define szOID_RSA_hashedData "1.2.840.113549.1.7.5"
#define szOID_RSA_encryptedData "1.2.840.113549.1.7.6"
#define szOID_RSA_emailAddr "1.2.840.113549.1.9.1"
#define szOID_RSA_unstructName "1.2.840.113549.1.9.2"
#define szOID_RSA_contentType "1.2.840.113549.1.9.3"
#define szOID_RSA_messageDigest "1.2.840.113549.1.9.4"
#define szOID_RSA_signingTime "1.2.840.113549.1.9.5"
#define szOID_RSA_counterSign "1.2.840.113549.1.9.6"
#define szOID_RSA_challengePwd "1.2.840.113549.1.9.7"
#define szOID_RSA_unstructAddr "1.2.840.113549.1.9.8"
#define szOID_RSA_extCertAttrs "1.2.840.113549.1.9.9"
#define szOID_RSA_SMIMECapabilities "1.2.840.113549.1.9.15"
#define szOID_RSA_preferSignedData "1.2.840.113549.1.9.15.1"
#define szOID_RSA_MD2 "1.2.840.113549.2.2"
#define szOID_RSA_MD4 "1.2.840.113549.2.4"
#define szOID_RSA_MD5 "1.2.840.113549.2.5"
#define szOID_RSA_RC2CBC "1.2.840.113549.3.2"
#define szOID_RSA_RC4 "1.2.840.113549.3.4"
#define szOID_RSA_DES_EDE3_CBC "1.2.840.113549.3.7"
#define szOID_RSA_RC5_CBCPad "1.2.840.113549.3.9"
// ITU-T UsefulDefinitions
#define szOID_DS "2.5"
#define szOID_DSALG "2.5.8"
#define szOID_DSALG_CRPT "2.5.8.1"
#define szOID_DSALG_HASH "2.5.8.2"
#define szOID_DSALG_SIGN "2.5.8.3"
#define szOID_DSALG_RSA "2.5.8.1.1"
// NIST OSE Implementors' Workshop (OIW)
// http://nemo.ncsl.nist.gov/oiw/agreements/stable/OSI/12s_9506.w51
// http://nemo.ncsl.nist.gov/oiw/agreements/working/OSI/12w_9503.w51
#define szOID_OIW "1.3.14"
// NIST OSE Implementors' Workshop (OIW) Security SIG algorithm identifiers
#define szOID_OIWSEC "1.3.14.3.2"
#define szOID_OIWSEC_md4RSA "1.3.14.3.2.2"
#define szOID_OIWSEC_md5RSA "1.3.14.3.2.3"
#define szOID_OIWSEC_md4RSA2 "1.3.14.3.2.4"
#define szOID_OIWSEC_desECB "1.3.14.3.2.6"
#define szOID_OIWSEC_desCBC "1.3.14.3.2.7"
#define szOID_OIWSEC_desOFB "1.3.14.3.2.8"
#define szOID_OIWSEC_desCFB "1.3.14.3.2.9"
#define szOID_OIWSEC_desMAC "1.3.14.3.2.10"
#define szOID_OIWSEC_rsaSign "1.3.14.3.2.11"
#define szOID_OIWSEC_dsa "1.3.14.3.2.12"
#define szOID_OIWSEC_shaDSA "1.3.14.3.2.13"
#define szOID_OIWSEC_mdc2RSA "1.3.14.3.2.14"
#define szOID_OIWSEC_shaRSA "1.3.14.3.2.15"
#define szOID_OIWSEC_dhCommMod "1.3.14.3.2.16"
#define szOID_OIWSEC_desEDE "1.3.14.3.2.17"
#define szOID_OIWSEC_sha "1.3.14.3.2.18"
#define szOID_OIWSEC_mdc2 "1.3.14.3.2.19"
#define szOID_OIWSEC_dsaComm "1.3.14.3.2.20"
#define szOID_OIWSEC_dsaCommSHA "1.3.14.3.2.21"
#define szOID_OIWSEC_rsaXchg "1.3.14.3.2.22"
#define szOID_OIWSEC_keyHashSeal "1.3.14.3.2.23"
#define szOID_OIWSEC_md2RSASign "1.3.14.3.2.24"
#define szOID_OIWSEC_md5RSASign "1.3.14.3.2.25"
#define szOID_OIWSEC_sha1 "1.3.14.3.2.26"
#define szOID_OIWSEC_dsaSHA1 "1.3.14.3.2.27"
#define szOID_OIWSEC_dsaCommSHA1 "1.3.14.3.2.28"
#define szOID_OIWSEC_sha1RSASign "1.3.14.3.2.29"
// NIST OSE Implementors' Workshop (OIW) Directory SIG algorithm identifiers
#define szOID_OIWDIR "1.3.14.7.2"
#define szOID_OIWDIR_CRPT "1.3.14.7.2.1"
#define szOID_OIWDIR_HASH "1.3.14.7.2.2"
#define szOID_OIWDIR_SIGN "1.3.14.7.2.3"
#define szOID_OIWDIR_md2 "1.3.14.7.2.2.1"
#define szOID_OIWDIR_md2RSA "1.3.14.7.2.3.1"
// INFOSEC Algorithms
// joint-iso-ccitt(2) country(16) us(840) organization(1) us-government(101) dod(2) id-infosec(1)
#define szOID_INFOSEC "2.16.840.1.101.2.1"
#define szOID_INFOSEC_sdnsSignature "2.16.840.1.101.2.1.1.1"
#define szOID_INFOSEC_mosaicSignature "2.16.840.1.101.2.1.1.2"
#define szOID_INFOSEC_sdnsConfidentiality "2.16.840.1.101.2.1.1.3"
#define szOID_INFOSEC_mosaicConfidentiality "2.16.840.1.101.2.1.1.4"
#define szOID_INFOSEC_sdnsIntegrity "2.16.840.1.101.2.1.1.5"
#define szOID_INFOSEC_mosaicIntegrity "2.16.840.1.101.2.1.1.6"
#define szOID_INFOSEC_sdnsTokenProtection "2.16.840.1.101.2.1.1.7"
#define szOID_INFOSEC_mosaicTokenProtection "2.16.840.1.101.2.1.1.8"
#define szOID_INFOSEC_sdnsKeyManagement "2.16.840.1.101.2.1.1.9"
#define szOID_INFOSEC_mosaicKeyManagement "2.16.840.1.101.2.1.1.10"
#define szOID_INFOSEC_sdnsKMandSig "2.16.840.1.101.2.1.1.11"
#define szOID_INFOSEC_mosaicKMandSig "2.16.840.1.101.2.1.1.12"
#define szOID_INFOSEC_SuiteASignature "2.16.840.1.101.2.1.1.13"
#define szOID_INFOSEC_SuiteAConfidentiality "2.16.840.1.101.2.1.1.14"
#define szOID_INFOSEC_SuiteAIntegrity "2.16.840.1.101.2.1.1.15"
#define szOID_INFOSEC_SuiteATokenProtection "2.16.840.1.101.2.1.1.16"
#define szOID_INFOSEC_SuiteAKeyManagement "2.16.840.1.101.2.1.1.17"
#define szOID_INFOSEC_SuiteAKMandSig "2.16.840.1.101.2.1.1.18"
#define szOID_INFOSEC_mosaicUpdatedSig "2.16.840.1.101.2.1.1.19"
#define szOID_INFOSEC_mosaicKMandUpdSig "2.16.840.1.101.2.1.1.20"
#define szOID_INFOSEC_mosaicUpdatedInteg "2.16.840.1.101.2.1.1.21"
typedef struct _CRYPT_OBJID_TABLE {
DWORD dwAlgId;
LPCSTR pszObjId;
} CRYPT_OBJID_TABLE, *PCRYPT_OBJID_TABLE;
//+-------------------------------------------------------------------------
// PKCS #1 HashInfo (DigestInfo)
//--------------------------------------------------------------------------
typedef struct _CRYPT_HASH_INFO {
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
CRYPT_HASH_BLOB Hash;
} CRYPT_HASH_INFO, *PCRYPT_HASH_INFO;
//+-------------------------------------------------------------------------
// Type used for an extension to an encoded content
//
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//--------------------------------------------------------------------------
typedef struct _CERT_EXTENSION {
LPSTR pszObjId;
BOOL fCritical;
CRYPT_OBJID_BLOB Value;
} CERT_EXTENSION, *PCERT_EXTENSION;
//+-------------------------------------------------------------------------
// AttributeTypeValue
//
// Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
//--------------------------------------------------------------------------
typedef struct _CRYPT_ATTRIBUTE_TYPE_VALUE {
LPSTR pszObjId;
CRYPT_OBJID_BLOB Value;
} CRYPT_ATTRIBUTE_TYPE_VALUE, *PCRYPT_ATTRIBUTE_TYPE_VALUE;
//+-------------------------------------------------------------------------
// Attributes
//
// Where the Value's PATTR_BLOBs are in their encoded representation.
//--------------------------------------------------------------------------
typedef struct _CRYPT_ATTRIBUTE {
LPSTR pszObjId;
DWORD cValue;
PCRYPT_ATTR_BLOB rgValue;
} CRYPT_ATTRIBUTE, *PCRYPT_ATTRIBUTE;
typedef struct _CRYPT_ATTRIBUTES {
IN DWORD cAttr;
IN PCRYPT_ATTRIBUTE rgAttr;
} CRYPT_ATTRIBUTES, *PCRYPT_ATTRIBUTES;
//+-------------------------------------------------------------------------
// Attributes making up a Relative Distinguished Name (CERT_RDN)
//
// The interpretation of the Value depends on the dwValueType.
// See below for a list of the types.
//--------------------------------------------------------------------------
typedef struct _CERT_RDN_ATTR {
LPSTR pszObjId;
DWORD dwValueType;
CERT_RDN_VALUE_BLOB Value;
} CERT_RDN_ATTR, *PCERT_RDN_ATTR;
//+-------------------------------------------------------------------------
// CERT_RDN attribute Object Identifiers
//--------------------------------------------------------------------------
// Labeling attribute types:
#define szOID_COMMON_NAME "2.5.4.3" // case-ignore string
#define szOID_SUR_NAME "2.5.4.4" // case-ignore string
#define szOID_DEVICE_SERIAL_NUMBER "2.5.4.5" // printable string
// Geographic attribute types:
#define szOID_COUNTRY_NAME "2.5.4.6" // printable 2char string
#define szOID_LOCALITY_NAME "2.5.4.7" // case-ignore string
#define szOID_STATE_OR_PROVINCE_NAME "2.5.4.8" // case-ignore string
#define szOID_STREET_ADDRESS "2.5.4.9" // case-ignore string
// Organizational attribute types:
#define szOID_ORGANIZATION_NAME "2.5.4.10" // case-ignore string
#define szOID_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" // case-ignore string
#define szOID_TITLE "2.5.4.12" // case-ignore string
// Explanatory attribute types:
#define szOID_DESCRIPTION "2.5.4.13" // case-ignore string
#define szOID_SEARCH_GUIDE "2.5.4.14"
#define szOID_BUSINESS_CATEGORY "2.5.4.15" // case-ignore string
// Postal addressing attribute types:
#define szOID_POSTAL_ADDRESS "2.5.4.16"
#define szOID_POSTAL_CODE "2.5.4.17" // case-ignore string
#define szOID_POST_OFFICE_BOX "2.5.4.18" // case-ignore string
#define szOID_PHYSICAL_DELIVERY_OFFICE_NAME "2.5.4.19" // case-ignore string
// Telecommunications addressing attribute types:
#define szOID_TELEPHONE_NUMBER "2.5.4.20" // telephone number
#define szOID_TELEX_NUMBER "2.5.4.21"
#define szOID_TELETEXT_TERMINAL_IDENTIFIER "2.5.4.22"
#define szOID_FACSIMILE_TELEPHONE_NUMBER "2.5.4.23"
#define szOID_X21_ADDRESS "2.5.4.24" // numeric string
#define szOID_INTERNATIONAL_ISDN_NUMBER "2.5.4.25" // numeric string
#define szOID_REGISTERED_ADDRESS "2.5.4.26"
#define szOID_DESTINATION_INDICATOR "2.5.4.27" // printable string
// Preference attribute types:
#define szOID_PREFERRED_DELIVERY_METHOD "2.5.4.28"
// OSI application attribute types:
#define szOID_PRESENTATION_ADDRESS "2.5.4.29"
#define szOID_SUPPORTED_APPLICATION_CONTEXT "2.5.4.30"
// Relational application attribute types:
#define szOID_MEMBER "2.5.4.31"
#define szOID_OWNER "2.5.4.32"
#define szOID_ROLE_OCCUPANT "2.5.4.33"
#define szOID_SEE_ALSO "2.5.4.34"
// Security attribute types:
#define szOID_USER_PASSWORD "2.5.4.35"
#define szOID_USER_CERTIFICATE "2.5.4.36"
#define szOID_CA_CERTIFICATE "2.5.4.37"
#define szOID_AUTHORITY_REVOCATION_LIST "2.5.4.38"
#define szOID_CERTIFICATE_REVOCATION_LIST "2.5.4.39"
#define szOID_CROSS_CERTIFICATE_PAIR "2.5.4.40"
// Undocumented attribute types???
//#define szOID_??? "2.5.4.41"
#define szOID_GIVEN_NAME "2.5.4.42" // case-ignore string
#define szOID_INITIALS "2.5.4.43" // case-ignore string
// Pilot user attribute types:
#define szOID_DOMAIN_COMPONENT "0.9.2342.19200300.100.1.25" // IA5 string
//+-------------------------------------------------------------------------
// CERT_RDN Attribute Value Types
//
// For RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded
// representation. Otherwise, its an array of bytes.
//
// For all CERT_RDN types, Value.cbData is always the number of bytes, not
// necessarily the number of elements in the string. For instance,
// RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and
// RDN_BMP_STRING is an array of unsigned shorts (cbData == ushortCnt * 2).
//
// For CertDecodeName, two 0 bytes are always appended to the end of the
// string (ensures a CHAR or WCHAR string is null terminated).
// These added 0 bytes are't included in the BLOB.cbData.
//--------------------------------------------------------------------------
#define CERT_RDN_ANY_TYPE 0
#define CERT_RDN_ENCODED_BLOB 1
#define CERT_RDN_OCTET_STRING 2
#define CERT_RDN_NUMERIC_STRING 3
#define CERT_RDN_PRINTABLE_STRING 4
#define CERT_RDN_TELETEX_STRING 5
#define CERT_RDN_T61_STRING 5
#define CERT_RDN_VIDEOTEX_STRING 6
#define CERT_RDN_IA5_STRING 7
#define CERT_RDN_GRAPHIC_STRING 8
#define CERT_RDN_VISIBLE_STRING 9
#define CERT_RDN_ISO646_STRING 9
#define CERT_RDN_GENERAL_STRING 10
#define CERT_RDN_UNIVERSAL_STRING 11
#define CERT_RDN_INT4_STRING 11
#define CERT_RDN_BMP_STRING 12
#define CERT_RDN_UNICODE_STRING 12
// Macro to check that the dwValueType is a character string and not an
// encoded blob or octet string
#define IS_CERT_RDN_CHAR_STRING(X) (X >= CERT_RDN_NUMERIC_STRING)
//+-------------------------------------------------------------------------
// A CERT_RDN consists of an array of the above attributes
//--------------------------------------------------------------------------
typedef struct _CERT_RDN {
DWORD cRDNAttr;
PCERT_RDN_ATTR rgRDNAttr;
} CERT_RDN, *PCERT_RDN;
//+-------------------------------------------------------------------------
// Information stored in a subject's or issuer's name. The information
// is represented as an array of the above RDNs.
//--------------------------------------------------------------------------
typedef struct _CERT_NAME_INFO {
DWORD cRDN;
PCERT_RDN rgRDN;
} CERT_NAME_INFO, *PCERT_NAME_INFO;
//+-------------------------------------------------------------------------
// Name attribute value without the Object Identifier
//
// The interpretation of the Value depends on the dwValueType.
// See above for a list of the types.
//--------------------------------------------------------------------------
typedef struct _CERT_NAME_VALUE {
DWORD dwValueType;
CERT_RDN_VALUE_BLOB Value;
} CERT_NAME_VALUE, *PCERT_NAME_VALUE;
//+-------------------------------------------------------------------------
// Public Key Info
//
// The PublicKey is the encoded representation of the information as it is
// stored in the bit string
//--------------------------------------------------------------------------
typedef struct _CERT_PUBLIC_KEY_INFO {
CRYPT_ALGORITHM_IDENTIFIER Algorithm;
CRYPT_BIT_BLOB PublicKey;
} CERT_PUBLIC_KEY_INFO, *PCERT_PUBLIC_KEY_INFO;
#define CERT_RSA_PUBLIC_KEY_OBJID szOID_RSA_RSA
#define CERT_DEFAULT_OID_PUBLIC_KEY_SIGN szOID_RSA_RSA
#define CERT_DEFAULT_OID_PUBLIC_KEY_XCHG szOID_RSA_RSA
//+-------------------------------------------------------------------------
// Information stored in a certificate
//
// The Issuer, Subject, Algorithm, PublicKey and Extension BLOBs are the
// encoded representation of the information.
//--------------------------------------------------------------------------
typedef struct _CERT_INFO {
DWORD dwVersion;
CRYPT_INTEGER_BLOB SerialNumber;
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CERT_NAME_BLOB Issuer;
FILETIME NotBefore;
FILETIME NotAfter;
CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
CRYPT_BIT_BLOB IssuerUniqueId;
CRYPT_BIT_BLOB SubjectUniqueId;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CERT_INFO, *PCERT_INFO;
//+-------------------------------------------------------------------------
// Certificate versions
//--------------------------------------------------------------------------
#define CERT_V1 0
#define CERT_V2 1
#define CERT_V3 2
//+-------------------------------------------------------------------------
// Certificate Information Flags
//--------------------------------------------------------------------------
#define CERT_INFO_VERSION_FLAG 1
#define CERT_INFO_SERIAL_NUMBER_FLAG 2
#define CERT_INFO_SIGNATURE_ALGORITHM_FLAG 3
#define CERT_INFO_ISSUER_FLAG 4
#define CERT_INFO_NOT_BEFORE_FLAG 5
#define CERT_INFO_NOT_AFTER_FLAG 6
#define CERT_INFO_SUBJECT_FLAG 7
#define CERT_INFO_SUBJECT_PUBLIC_KEY_INFO_FLAG 8
#define CERT_INFO_ISSUER_UNIQUE_ID_FLAG 9
#define CERT_INFO_SUBJECT_UNIQUE_ID_FLAG 10
#define CERT_INFO_EXTENSION_FLAG 11
//+-------------------------------------------------------------------------
// An entry in a CRL
//
// The Extension BLOBs are the encoded representation of the information.
//--------------------------------------------------------------------------
typedef struct _CRL_ENTRY {
CRYPT_INTEGER_BLOB SerialNumber;
FILETIME RevocationDate;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CRL_ENTRY, *PCRL_ENTRY;
//+-------------------------------------------------------------------------
// Information stored in a CRL
//
// The Issuer, Algorithm and Extension BLOBs are the encoded
// representation of the information.
//--------------------------------------------------------------------------
typedef struct _CRL_INFO {
DWORD dwVersion;
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CERT_NAME_BLOB Issuer;
FILETIME ThisUpdate;
FILETIME NextUpdate;
DWORD cCRLEntry;
PCRL_ENTRY rgCRLEntry;
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CRL_INFO, *PCRL_INFO;
//+-------------------------------------------------------------------------
// CRL versions
//--------------------------------------------------------------------------
#define CRL_V1 0
#define CRL_V2 1
//+-------------------------------------------------------------------------
// Information stored in a certificate request
//
// The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded
// representation of the information.
//--------------------------------------------------------------------------
typedef struct _CERT_REQUEST_INFO {
DWORD dwVersion;
CERT_NAME_BLOB Subject;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
DWORD cAttribute;
PCRYPT_ATTRIBUTE rgAttribute;
} CERT_REQUEST_INFO, *PCERT_REQUEST_INFO;
//+-------------------------------------------------------------------------
// Certificate Request versions
//--------------------------------------------------------------------------
#define CERT_REQUEST_V1 0
//+-------------------------------------------------------------------------
// Information stored in Netscape's Keygen request
//--------------------------------------------------------------------------
typedef struct _CERT_KEYGEN_REQUEST_INFO {
DWORD dwVersion;
CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
LPWSTR pwszChallengeString; // encoded as IA5
} CERT_KEYGEN_REQUEST_INFO, *PCERT_KEYGEN_REQUEST_INFO;
#define CERT_KEYGEN_REQUEST_V1 0
//+-------------------------------------------------------------------------
// Certificate, CRL, Certificate Request or Keygen Request Signed Content
//
// The "to be signed" encoded content plus its signature. The ToBeSigned
// is the encoded CERT_INFO, CRL_INFO, CERT_REQUEST_INFO or
// CERT_KEYGEN_REQUEST_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_SIGNED_CONTENT_INFO {
CRYPT_DER_BLOB ToBeSigned;
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
CRYPT_BIT_BLOB Signature;
} CERT_SIGNED_CONTENT_INFO, *PCERT_SIGNED_CONTENT_INFO;
//+-------------------------------------------------------------------------
// Certificate Trust List (CTL)
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CTL Usage. Also used for EnhancedKeyUsage extension.
//--------------------------------------------------------------------------
typedef struct _CTL_USAGE {
DWORD cUsageIdentifier;
LPSTR *rgpszUsageIdentifier; // array of pszObjId
} CTL_USAGE, *PCTL_USAGE,
CERT_ENHKEY_USAGE, *PCERT_ENHKEY_USAGE;
//+-------------------------------------------------------------------------
// An entry in a CTL
//--------------------------------------------------------------------------
typedef struct _CTL_ENTRY {
CRYPT_DATA_BLOB SubjectIdentifier; // For example, its hash
DWORD cAttribute;
PCRYPT_ATTRIBUTE rgAttribute; // OPTIONAL
} CTL_ENTRY, *PCTL_ENTRY;
//+-------------------------------------------------------------------------
// Information stored in a CTL
//--------------------------------------------------------------------------
typedef struct _CTL_INFO {
DWORD dwVersion;
CTL_USAGE SubjectUsage;
CRYPT_DATA_BLOB ListIdentifier; // OPTIONAL
CRYPT_INTEGER_BLOB SequenceNumber; // OPTIONAL
FILETIME ThisUpdate;
FILETIME NextUpdate; // OPTIONAL
CRYPT_ALGORITHM_IDENTIFIER SubjectAlgorithm;
DWORD cCTLEntry;
PCTL_ENTRY rgCTLEntry; // OPTIONAL
DWORD cExtension;
PCERT_EXTENSION rgExtension; // OPTIONAL
} CTL_INFO, *PCTL_INFO;
//+-------------------------------------------------------------------------
// CTL versions
//--------------------------------------------------------------------------
#define CTL_V1 0
//+-------------------------------------------------------------------------
// TimeStamp Request
//
// The pszTimeStamp is the OID for the Time type requested
// The pszContentType is the Content Type OID for the content, usually DATA
// The Content is a un-decoded blob
//--------------------------------------------------------------------------
typedef struct _CRYPT_TIME_STAMP_REQUEST_INFO {
LPSTR pszTimeStampAlgorithm; // pszObjId
LPSTR pszContentType; // pszObjId
CRYPT_OBJID_BLOB Content;
DWORD cAttribute;
PCRYPT_ATTRIBUTE rgAttribute;
} CRYPT_TIME_STAMP_REQUEST_INFO, *PCRYPT_TIME_STAMP_REQUEST_INFO;
//+-------------------------------------------------------------------------
// Certificate and Message encoding types
//
// The encoding type is a DWORD containing both the certificate and message
// encoding types. The certificate encoding type is stored in the LOWORD.
// The message encoding type is stored in the HIWORD. Some functions or
// structure fields require only one of the encoding types. The following
// naming convention is used to indicate which encoding type(s) are
// required:
// dwEncodingType (both encoding types are required)
// dwMsgAndCertEncodingType (both encoding types are required)
// dwMsgEncodingType (only msg encoding type is required)
// dwCertEncodingType (only cert encoding type is required)
//
// Its always acceptable to specify both.
//--------------------------------------------------------------------------
#define CERT_ENCODING_TYPE_MASK 0x0000FFFF
#define CMSG_ENCODING_TYPE_MASK 0xFFFF0000
#define GET_CERT_ENCODING_TYPE(X) (X & CERT_ENCODING_TYPE_MASK)
#define GET_CMSG_ENCODING_TYPE(X) (X & CMSG_ENCODING_TYPE_MASK)
#define CRYPT_ASN_ENCODING 0x00000001
#define CRYPT_NDR_ENCODING 0x00000002
#define X509_ASN_ENCODING 0x00000001
#define X509_NDR_ENCODING 0x00000002
#define PKCS_7_ASN_ENCODING 0x00010000
#define PKCS_7_NDR_ENCODING 0x00020000
//+-------------------------------------------------------------------------
// format the specified data structure according to the certificate
// encoding type.
//
//--------------------------------------------------------------------------
WINCRYPT32API
BOOL
WINAPI
CryptFormatObject(
IN DWORD dwCertEncodingType,
IN DWORD dwFormatType,
IN DWORD dwFormatStrType,
IN void *pFormatStruct,
IN LPCSTR lpszStructType,
IN const BYTE *pbEncoded,
IN DWORD cbEncoded,
OUT void *pbFormat,
IN OUT DWORD *pcbFormat
);
//+-------------------------------------------------------------------------
// Encode / decode the specified data structure according to the certificate
// encoding type.
//
// See below for a list of the predefined data structures.
//--------------------------------------------------------------------------
WINCRYPT32API
BOOL
WINAPI
CryptEncodeObject(
IN DWORD dwCertEncodingType,
IN LPCSTR lpszStructType,
IN const void *pvStructInfo,
OUT BYTE *pbEncoded,
IN OUT DWORD *pcbEncoded
);
WINCRYPT32API
BOOL
WINAPI
CryptDecodeObject(
IN DWORD dwCertEncodingType,
IN LPCSTR lpszStructType,
IN const BYTE *pbEncoded,
IN DWORD cbEncoded,
IN DWORD dwFlags,
OUT void *pvStructInfo,
IN OUT DWORD *pcbStructInfo
);
// When the following flag is set the nocopy optimization is enabled.
// This optimization where appropriate, updates the pvStructInfo fields
// to point to content residing within pbEncoded instead of making a copy
// of and appending to pvStructInfo.
//
// Note, when set, pbEncoded can't be freed until pvStructInfo is freed.
#define CRYPT_DECODE_NOCOPY_FLAG 0x1
//+-------------------------------------------------------------------------
// Predefined X509 certificate data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
#define CRYPT_ENCODE_DECODE_NONE 0
#define X509_CERT ((LPCSTR) 1)
#define X509_CERT_TO_BE_SIGNED ((LPCSTR) 2)
#define X509_CERT_CRL_TO_BE_SIGNED ((LPCSTR) 3)
#define X509_CERT_REQUEST_TO_BE_SIGNED ((LPCSTR) 4)
#define X509_EXTENSIONS ((LPCSTR) 5)
#define X509_NAME_VALUE ((LPCSTR) 6)
#define X509_NAME ((LPCSTR) 7)
#define X509_PUBLIC_KEY_INFO ((LPCSTR) 8)
//+-------------------------------------------------------------------------
// Predefined X509 certificate extension data structures that can be
// encoded / decoded.
//--------------------------------------------------------------------------
#define X509_AUTHORITY_KEY_ID ((LPCSTR) 9)
#define X509_KEY_ATTRIBUTES ((LPCSTR) 10)
#define X509_KEY_USAGE_RESTRICTION ((LPCSTR) 11)
#define X509_ALTERNATE_NAME ((LPCSTR) 12)
#define X509_BASIC_CONSTRAINTS ((LPCSTR) 13)
#define X509_KEY_USAGE ((LPCSTR) 14)
#define X509_BASIC_CONSTRAINTS2 ((LPCSTR) 15)
#define X509_CERT_POLICIES ((LPCSTR) 16)
//+-------------------------------------------------------------------------
// Additional predefined data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
#define PKCS_UTC_TIME ((LPCSTR) 17)
#define PKCS_TIME_REQUEST ((LPCSTR) 18)
#define RSA_CSP_PUBLICKEYBLOB ((LPCSTR) 19)
#define X509_UNICODE_NAME ((LPCSTR) 20)
#define X509_KEYGEN_REQUEST_TO_BE_SIGNED ((LPCSTR) 21)
#define PKCS_ATTRIBUTE ((LPCSTR) 22)
#define PKCS_CONTENT_INFO_SEQUENCE_OF_ANY ((LPCSTR) 23)
//+-------------------------------------------------------------------------
// Predefined primitive data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
#define X509_UNICODE_NAME_VALUE ((LPCSTR) 24)
#define X509_ANY_STRING X509_NAME_VALUE
#define X509_UNICODE_ANY_STRING X509_UNICODE_NAME_VALUE
#define X509_OCTET_STRING ((LPCSTR) 25)
#define X509_BITS ((LPCSTR) 26)
#define X509_INTEGER ((LPCSTR) 27)
#define X509_MULTI_BYTE_INTEGER ((LPCSTR) 28)
#define X509_ENUMERATED ((LPCSTR) 29)
#define X509_CHOICE_OF_TIME ((LPCSTR) 30)
//+-------------------------------------------------------------------------
// More predefined X509 certificate extension data structures that can be
// encoded / decoded.
//--------------------------------------------------------------------------
#define X509_AUTHORITY_KEY_ID2 ((LPCSTR) 31)
//#define X509_AUTHORITY_INFO_ACCESS ((LPCSTR) 32)
#define X509_CRL_REASON_CODE X509_ENUMERATED
#define PKCS_CONTENT_INFO ((LPCSTR) 33)
#define X509_SEQUENCE_OF_ANY ((LPCSTR) 34)
#define X509_CRL_DIST_POINTS ((LPCSTR) 35)
#define X509_ENHANCED_KEY_USAGE ((LPCSTR) 36)
#define PKCS_CTL ((LPCSTR) 37)
#define X509_MULTI_BYTE_UINT ((LPCSTR) 38)
#define X509_DSS_PUBLICKEY X509_MULTI_BYTE_UINT
#define X509_DSS_PARAMETERS ((LPCSTR) 39)
#define X509_DSS_SIGNATURE ((LPCSTR) 40)
#define PKCS_RC2_CBC_PARAMETERS ((LPCSTR) 41)
#define PKCS_SMIME_CAPABILITIES ((LPCSTR) 42)
//+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
#define PKCS7_SIGNER_INFO ((LPCSTR) 500)
//+-------------------------------------------------------------------------
// Predefined Software Publishing Credential (SPC) data structures that
// can be encoded / decoded.
//
// Predefined values: 2000 .. 2999
//
// See spc.h for value and data structure definitions.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Extension Object Identifiers
//--------------------------------------------------------------------------
#define szOID_AUTHORITY_KEY_IDENTIFIER "2.5.29.1"
#define szOID_KEY_ATTRIBUTES "2.5.29.2"
#define szOID_KEY_USAGE_RESTRICTION "2.5.29.4"
#define szOID_SUBJECT_ALT_NAME "2.5.29.7"
#define szOID_ISSUER_ALT_NAME "2.5.29.8"
#define szOID_BASIC_CONSTRAINTS "2.5.29.10"
#define szOID_KEY_USAGE "2.5.29.15"
#define szOID_BASIC_CONSTRAINTS2 "2.5.29.19"
#define szOID_CERT_POLICIES "2.5.29.32"
#define szOID_AUTHORITY_KEY_IDENTIFIER2 "2.5.29.35"
#define szOID_SUBJECT_KEY_IDENTIFIER "2.5.29.14"
#define szOID_SUBJECT_ALT_NAME2 "2.5.29.17"
#define szOID_ISSUER_ALT_NAME2 "2.5.29.18"
#define szOID_CRL_REASON_CODE "2.5.29.21"
#define szOID_CRL_DIST_POINTS "2.5.29.31"
#define szOID_ENHANCED_KEY_USAGE "2.5.29.37"
// Internet Public Key Infrastructure
#define szOID_PKIX "1.3.6.1.5.5.7"
#define szOID_AUTHORITY_INFO_ACCESS "1.3.6.1.5.5.7.2"
// Microsoft extensions or attributes
#define szOID_CERT_EXTENSIONS "1.3.6.1.4.1.311.2.1.14"
#define szOID_NEXT_UPDATE_LOCATION "1.3.6.1.4.1.311.10.2"
// Microsoft PKCS #7 ContentType Object Identifiers
#define szOID_CTL "1.3.6.1.4.1.311.10.1"
//+-------------------------------------------------------------------------
// Extension Object Identifiers (currently not implemented)
//--------------------------------------------------------------------------
#define szOID_POLICY_MAPPINGS "2.5.29.5"
#define szOID_SUBJECT_DIR_ATTRS "2.5.29.9"
//+-------------------------------------------------------------------------
// Enhanced Key Usage (Purpose) Object Identifiers
//--------------------------------------------------------------------------
#define szOID_PKIX_KP "1.3.6.1.5.5.7.3"
// Consistent key usage bits: DIGITAL_SIGNATURE, KEY_ENCIPHERMENT
// or KEY_AGREEMENT
#define szOID_PKIX_KP_SERVER_AUTH "1.3.6.1.5.5.7.3.1"
// Consistent key usage bits: DIGITAL_SIGNATURE
#define szOID_PKIX_KP_CLIENT_AUTH "1.3.6.1.5.5.7.3.2"
// Consistent key usage bits: DIGITAL_SIGNATURE
#define szOID_PKIX_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3"
// Consistent key usage bits: DIGITAL_SIGNATURE, NON_REPUDIATION and/or
// (KEY_ENCIPHERMENT or KEY_AGREEMENT)
#define szOID_PKIX_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4"
//+-------------------------------------------------------------------------
// Microsoft Enhanced Key Usage (Purpose) Object Identifiers
//+-------------------------------------------------------------------------
// Signer of CTLs
#define szOID_KP_CTL_USAGE_SIGNING "1.3.6.1.4.1.311.10.3.1"
// Signer of TimeStamps
#define szOID_KP_TIME_STAMP_SIGNING "1.3.6.1.4.1.311.10.3.2"
//+-------------------------------------------------------------------------
// Microsoft Attribute Object Identifiers
//+-------------------------------------------------------------------------
#define szOID_YESNO_TRUST_ATTR "1.3.6.1.4.1.311.10.4.1"
//+-------------------------------------------------------------------------
// X509_CERT
//
// The "to be signed" encoded content plus its signature. The ToBeSigned
// content is the CryptEncodeObject() output for one of the following:
// X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or
// X509_CERT_REQUEST_TO_BE_SIGNED.
//
// pvStructInfo points to CERT_SIGNED_CONTENT_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_TO_BE_SIGNED
//
// pvStructInfo points to CERT_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_CRL_TO_BE_SIGNED
//
// pvStructInfo points to CRL_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_REQUEST_TO_BE_SIGNED
//
// pvStructInfo points to CERT_REQUEST_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_EXTENSIONS
// szOID_CERT_EXTENSIONS
//
// pvStructInfo points to following CERT_EXTENSIONS.
//--------------------------------------------------------------------------
typedef struct _CERT_EXTENSIONS {
DWORD cExtension;
PCERT_EXTENSION rgExtension;
} CERT_EXTENSIONS, *PCERT_EXTENSIONS;
//+-------------------------------------------------------------------------
// X509_NAME_VALUE
// X509_ANY_STRING
//
// pvStructInfo points to CERT_NAME_VALUE.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_UNICODE_NAME_VALUE
// X509_UNICODE_ANY_STRING
//
// pvStructInfo points to CERT_NAME_VALUE.
//
// The name values are unicode strings.
//
// For CryptEncodeObject:
// Value.pbData points to the unicode string.
// If Value.cbData = 0, then, the unicode string is NULL terminated.
// Otherwise, Value.cbData is the unicode string byte count. The byte count
// is twice the character count.
//
// If the unicode string contains an invalid character for the specified
// dwValueType, then, *pcbEncoded is updated with the unicode character
// index of the first invalid character. LastError is set to:
// CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or
// CRYPT_E_INVALID_IA5_STRING.
//
// The unicode string is converted before being encoded according to
// the specified dwValueType. If dwValueType is set to 0, LastError
// is set to E_INVALIDARG.
//
// If the dwValueType isn't one of the character strings (its a
// CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING), then, CryptEncodeObject
// will return FALSE with LastError set to CRYPT_E_NOT_CHAR_STRING.
//
// For CryptDecodeObject:
// Value.pbData points to a NULL terminated unicode string. Value.cbData
// contains the byte count of the unicode string excluding the NULL
// terminator. dwValueType contains the type used in the encoded object.
// Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is
// converted to the unicode string according to the dwValueType.
//
// If the encoded object isn't one of the character string types, then,
// CryptDecodeObject will return FALSE with LastError set to
// CRYPT_E_NOT_CHAR_STRING. For a non character string, decode using
// X509_NAME_VALUE or X509_ANY_STRING.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_NAME
//
// pvStructInfo points to CERT_NAME_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_UNICODE_NAME
//
// pvStructInfo points to CERT_NAME_INFO.
//
// The RDN attribute values are unicode strings except for the dwValueTypes of
// CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are
// the same as for a X509_NAME. Their values aren't converted to/from unicode.
//
// For CryptEncodeObject:
// Value.pbData points to the unicode string.
// If Value.cbData = 0, then, the unicode string is NULL terminated.
// Otherwise, Value.cbData is the unicode string byte count. The byte count
// is twice the character count.
//
// If dwValueType = 0 (CERT_RDN_ANY_TYPE), the pszObjId is used to find
// an acceptable dwValueType. If the unicode string contains an
// invalid character for the found or specified dwValueType, then,
// *pcbEncoded is updated with the error location of the invalid character.
// See below for details. LastError is set to:
// CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or
// CRYPT_E_INVALID_IA5_STRING.
//
// The unicode string is converted before being encoded according to
// the specified or ObjId matching dwValueType.
//
// For CryptDecodeObject:
// Value.pbData points to a NULL terminated unicode string. Value.cbData
// contains the byte count of the unicode string excluding the NULL
// terminator. dwValueType contains the type used in the encoded object.
// Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is
// converted to the unicode string according to the dwValueType.
//
// If the dwValueType of the encoded value isn't a character string
// type, then, it isn't converted to UNICODE. Use the
// IS_CERT_RDN_CHAR_STRING() macro on the dwValueType to check
// that Value.pbData points to a converted unicode string.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Unicode Name Value Error Location Definitions
//
// Error location is returned in *pcbEncoded by
// CryptEncodeObject(X509_UNICODE_NAME)
//
// Error location consists of:
// RDN_INDEX - 10 bits << 22
// ATTR_INDEX - 6 bits << 16
// VALUE_INDEX - 16 bits (unicode character index)
//--------------------------------------------------------------------------
#define CERT_UNICODE_RDN_ERR_INDEX_MASK 0x3FF
#define CERT_UNICODE_RDN_ERR_INDEX_SHIFT 22
#define CERT_UNICODE_ATTR_ERR_INDEX_MASK 0x003F
#define CERT_UNICODE_ATTR_ERR_INDEX_SHIFT 16
#define CERT_UNICODE_VALUE_ERR_INDEX_MASK 0x0000FFFF
#define CERT_UNICODE_VALUE_ERR_INDEX_SHIFT 0
#define GET_CERT_UNICODE_RDN_ERR_INDEX(X) \
((X >> CERT_UNICODE_RDN_ERR_INDEX_SHIFT) & CERT_UNICODE_RDN_ERR_INDEX_MASK)
#define GET_CERT_UNICODE_ATTR_ERR_INDEX(X) \
((X >> CERT_UNICODE_ATTR_ERR_INDEX_SHIFT) & CERT_UNICODE_ATTR_ERR_INDEX_MASK)
#define GET_CERT_UNICODE_VALUE_ERR_INDEX(X) \
(X & CERT_UNICODE_VALUE_ERR_INDEX_MASK)
//+-------------------------------------------------------------------------
// X509_PUBLIC_KEY_INFO
//
// pvStructInfo points to CERT_PUBLIC_KEY_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_AUTHORITY_KEY_ID
// szOID_AUTHORITY_KEY_IDENTIFIER
//
// pvStructInfo points to following CERT_AUTHORITY_KEY_ID_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_AUTHORITY_KEY_ID_INFO {
CRYPT_DATA_BLOB KeyId;
CERT_NAME_BLOB CertIssuer;
CRYPT_INTEGER_BLOB CertSerialNumber;
} CERT_AUTHORITY_KEY_ID_INFO, *PCERT_AUTHORITY_KEY_ID_INFO;
//+-------------------------------------------------------------------------
// X509_KEY_ATTRIBUTES
// szOID_KEY_ATTRIBUTES
//
// pvStructInfo points to following CERT_KEY_ATTRIBUTES_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_PRIVATE_KEY_VALIDITY {
FILETIME NotBefore;
FILETIME NotAfter;
} CERT_PRIVATE_KEY_VALIDITY, *PCERT_PRIVATE_KEY_VALIDITY;
typedef struct _CERT_KEY_ATTRIBUTES_INFO {
CRYPT_DATA_BLOB KeyId;
CRYPT_BIT_BLOB IntendedKeyUsage;
PCERT_PRIVATE_KEY_VALIDITY pPrivateKeyUsagePeriod; // OPTIONAL
} CERT_KEY_ATTRIBUTES_INFO, *PCERT_KEY_ATTRIBUTES_INFO;
#define CERT_DIGITAL_SIGNATURE_KEY_USAGE 0x80
#define CERT_NON_REPUDIATION_KEY_USAGE 0x40
#define CERT_KEY_ENCIPHERMENT_KEY_USAGE 0x20
#define CERT_DATA_ENCIPHERMENT_KEY_USAGE 0x10
#define CERT_KEY_AGREEMENT_KEY_USAGE 0x08
#define CERT_KEY_CERT_SIGN_KEY_USAGE 0x04
#define CERT_OFFLINE_CRL_SIGN_KEY_USAGE 0x02
#define CERT_CRL_SIGN_KEY_USAGE 0x02
//+-------------------------------------------------------------------------
// X509_KEY_USAGE_RESTRICTION
// szOID_KEY_USAGE_RESTRICTION
//
// pvStructInfo points to following CERT_KEY_USAGE_RESTRICTION_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_POLICY_ID {
DWORD cCertPolicyElementId;
LPSTR *rgpszCertPolicyElementId; // pszObjId
} CERT_POLICY_ID, *PCERT_POLICY_ID;
typedef struct _CERT_KEY_USAGE_RESTRICTION_INFO {
DWORD cCertPolicyId;
PCERT_POLICY_ID rgCertPolicyId;
CRYPT_BIT_BLOB RestrictedKeyUsage;
} CERT_KEY_USAGE_RESTRICTION_INFO, *PCERT_KEY_USAGE_RESTRICTION_INFO;
// See CERT_KEY_ATTRIBUTES_INFO for definition of the RestrictedKeyUsage bits
//+-------------------------------------------------------------------------
// X509_ALTERNATE_NAME
// szOID_SUBJECT_ALT_NAME
// szOID_ISSUER_ALT_NAME
// szOID_SUBJECT_ALT_NAME2
// szOID_ISSUER_ALT_NAME2
//
// pvStructInfo points to following CERT_ALT_NAME_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_ALT_NAME_ENTRY {
DWORD dwAltNameChoice;
union {
// Not implemented OtherName; // 1
LPWSTR pwszRfc822Name; // 2 (encoded IA5)
LPWSTR pwszDNSName; // 3 (encoded IA5)
// Not implemented x400Address; // 4
CERT_NAME_BLOB DirectoryName; // 5
// Not implemented pEdiPartyName; // 6
LPWSTR pwszURL; // 7 (encoded IA5)
CRYPT_DATA_BLOB IPAddress; // 8 (Octet String)
LPSTR pszRegisteredID; // 9 (Object Identifer)
};
} CERT_ALT_NAME_ENTRY, *PCERT_ALT_NAME_ENTRY;
#define CERT_ALT_NAME_OTHER_NAME 1
#define CERT_ALT_NAME_RFC822_NAME 2
#define CERT_ALT_NAME_DNS_NAME 3
#define CERT_ALT_NAME_X400_ADDRESS 4
#define CERT_ALT_NAME_DIRECTORY_NAME 5
#define CERT_ALT_NAME_EDI_PARTY_NAME 6
#define CERT_ALT_NAME_URL 7
#define CERT_ALT_NAME_IP_ADDRESS 8
#define CERT_ALT_NAME_REGISTERED_ID 9
typedef struct _CERT_ALT_NAME_INFO {
DWORD cAltEntry;
PCERT_ALT_NAME_ENTRY rgAltEntry;
} CERT_ALT_NAME_INFO, *PCERT_ALT_NAME_INFO;
//+-------------------------------------------------------------------------
// Alternate name IA5 Error Location Definitions for
// CRYPT_E_INVALID_IA5_STRING.
//
// Error location is returned in *pcbEncoded by
// CryptEncodeObject(X509_ALTERNATE_NAME)
//
// Error location consists of:
// ENTRY_INDEX - 8 bits << 16
// VALUE_INDEX - 16 bits (unicode character index)
//--------------------------------------------------------------------------
#define CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK 0xFF
#define CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT 16
#define CERT_ALT_NAME_VALUE_ERR_INDEX_MASK 0x0000FFFF
#define CERT_ALT_NAME_VALUE_ERR_INDEX_SHIFT 0
#define GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X) \
((X >> CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT) & \
CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK)
#define GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) \
(X & CERT_ALT_NAME_VALUE_ERR_INDEX_MASK)
//+-------------------------------------------------------------------------
// X509_BASIC_CONSTRAINTS
// szOID_BASIC_CONSTRAINTS
//
// pvStructInfo points to following CERT_BASIC_CONSTRAINTS_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_BASIC_CONSTRAINTS_INFO {
CRYPT_BIT_BLOB SubjectType;
BOOL fPathLenConstraint;
DWORD dwPathLenConstraint;
DWORD cSubtreesConstraint;
CERT_NAME_BLOB *rgSubtreesConstraint;
} CERT_BASIC_CONSTRAINTS_INFO, *PCERT_BASIC_CONSTRAINTS_INFO;
#define CERT_CA_SUBJECT_FLAG 0x80
#define CERT_END_ENTITY_SUBJECT_FLAG 0x40
//+-------------------------------------------------------------------------
// X509_BASIC_CONSTRAINTS2
// szOID_BASIC_CONSTRAINTS2
//
// pvStructInfo points to following CERT_BASIC_CONSTRAINTS2_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_BASIC_CONSTRAINTS2_INFO {
BOOL fCA;
BOOL fPathLenConstraint;
DWORD dwPathLenConstraint;
} CERT_BASIC_CONSTRAINTS2_INFO, *PCERT_BASIC_CONSTRAINTS2_INFO;
//+-------------------------------------------------------------------------
// X509_KEY_USAGE
// szOID_KEY_USAGE
//
// pvStructInfo points to a CRYPT_BIT_BLOB. Has same bit definitions as
// CERT_KEY_ATTRIBUTES_INFO's IntendedKeyUsage.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_POLICIES
// szOID_CERT_POLICIES
//
// pvStructInfo points to following CERT_POLICIES_INFO.
//--------------------------------------------------------------------------
typedef struct _CERT_POLICY_QUALIFIER_INFO {
LPSTR pszPolicyQualifierId; // pszObjId
CRYPT_OBJID_BLOB Qualifier; // optional
} CERT_POLICY_QUALIFIER_INFO, *PCERT_POLICY_QUALIFIER_INFO;
typedef struct _CERT_POLICY_INFO {
LPSTR pszPolicyIdentifier; // pszObjId
DWORD cPolicyQualifier; // optional
CERT_POLICY_QUALIFIER_INFO *rgPolicyQualifier;
} CERT_POLICY_INFO, *PCERT_POLICY_INFO;
typedef struct _CERT_POLICIES_INFO {
DWORD cPolicyInfo;
CERT_POLICY_INFO *rgPolicyInfo;
} CERT_POLICIES_INFO, *PCERT_POLICIES_INFO;
//+-------------------------------------------------------------------------
// RSA_CSP_PUBLICKEYBLOB
//
// pvStructInfo points to a PUBLICKEYSTRUC immediately followed by a
// RSAPUBKEY and the modulus bytes.
//
// CryptExportKey outputs the above StructInfo for a dwBlobType of
// PUBLICKEYBLOB. CryptImportKey expects the above StructInfo when
// importing a public key.
//
// For dwCertEncodingType = X509_ASN_ENCODING, the RSA_CSP_PUBLICKEYBLOB is
// encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a
// modulus INTEGER and a publicExponent INTEGER. The modulus is encoded
// as being a unsigned integer. When decoded, if the modulus was encoded
// as unsigned integer with a leading 0 byte, the 0 byte is removed before
// converting to the CSP modulus bytes.
//
// For decode, the aiKeyAlg field of PUBLICKEYSTRUC is always set to
// CALG_RSA_KEYX.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_KEYGEN_REQUEST_TO_BE_SIGNED
//
// pvStructInfo points to CERT_KEYGEN_REQUEST_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// PKCS_ATTRIBUTE data structure
//
// pvStructInfo points to a CRYPT_ATTRIBUTE.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// PKCS_CONTENT_INFO_SEQUENCE_OF_ANY data structure
//
// pvStructInfo points to following CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY.
//
// For X509_ASN_ENCODING: encoded as a PKCS#7 ContentInfo structure wrapping
// a sequence of ANY. The value of the contentType field is pszObjId,
// while the content field is the following structure:
// SequenceOfAny ::= SEQUENCE OF ANY
//
// The CRYPT_DER_BLOBs point to the already encoded ANY content.
//--------------------------------------------------------------------------
typedef struct _CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY {
LPSTR pszObjId;
DWORD cValue;
PCRYPT_DER_BLOB rgValue;
} CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY, *PCRYPT_CONTENT_INFO_SEQUENCE_OF_ANY;
//+-------------------------------------------------------------------------
// PKCS_CONTENT_INFO data structure
//
// pvStructInfo points to following CRYPT_CONTENT_INFO.
//
// For X509_ASN_ENCODING: encoded as a PKCS#7 ContentInfo structure.
// The CRYPT_DER_BLOB points to the already encoded ANY content.
//--------------------------------------------------------------------------
typedef struct _CRYPT_CONTENT_INFO {
LPSTR pszObjId;
CRYPT_DER_BLOB Content;
} CRYPT_CONTENT_INFO, *PCRYPT_CONTENT_INFO;
//+-------------------------------------------------------------------------
// X509_OCTET_STRING data structure
//
// pvStructInfo points to a CRYPT_DATA_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_BITS data structure
//
// pvStructInfo points to a CRYPT_BIT_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_INTEGER data structure
//
// pvStructInfo points to an int.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_MULTI_BYTE_INTEGER data structure
//
// pvStructInfo points to a CRYPT_INTEGER_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_ENUMERATED data structure
//
// pvStructInfo points to an int containing the enumerated value
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CHOICE_OF_TIME data structure
//
// pvStructInfo points to a FILETIME.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_SEQUENCE_OF_ANY data structure
//
// pvStructInfo points to following CRYPT_SEQUENCE_OF_ANY.
//
// The CRYPT_DER_BLOBs point to the already encoded ANY content.
//--------------------------------------------------------------------------
typedef struct _CRYPT_SEQUENCE_OF_ANY {
DWORD cValue;
PCRYPT_DER_BLOB rgValue;
} CRYPT_SEQUENCE_OF_ANY, *PCRYPT_SEQUENCE_OF_ANY;
//+-------------------------------------------------------------------------
// X509_AUTHORITY_KEY_ID2
// szOID_AUTHORITY_KEY_IDENTIFIER2
//
// pvStructInfo points to following CERT_AUTHORITY_KEY_ID2_INFO.
//
// For CRYPT_E_INVALID_IA5_STRING, the error location is returned in
// *pcbEncoded by CryptEncodeObject(X509_AUTHORITY_KEY_ID2)
//
// See X509_ALTERNATE_NAME for error location defines.
//--------------------------------------------------------------------------
typedef struct _CERT_AUTHORITY_KEY_ID2_INFO {
CRYPT_DATA_BLOB KeyId;
CERT_ALT_NAME_INFO AuthorityCertIssuer; // Optional, set cAltEntry
// to 0 to omit.
CRYPT_INTEGER_BLOB AuthorityCertSerialNumber;
} CERT_AUTHORITY_KEY_ID2_INFO, *PCERT_AUTHORITY_KEY_ID2_INFO;
//+-------------------------------------------------------------------------
// szOID_SUBJECT_KEY_IDENTIFIER
//
// pvStructInfo points to a CRYPT_DATA_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CRL_REASON_CODE
// szOID_CRL_REASON_CODE
//
// pvStructInfo points to an int which can be set to one of the following
// enumerated values:
//--------------------------------------------------------------------------
#define CRL_REASON_UNSPECIFIED 0
#define CRL_REASON_KEY_COMPROMISE 1
#define CRL_REASON_CA_COMPROMISE 2
#define CRL_REASON_AFFILIATION_CHANGED 3
#define CRL_REASON_SUPERSEDED 4
#define CRL_REASON_CESSATION_OF_OPERATION 5
#define CRL_REASON_CERTIFICATE_HOLD 6
#define CRL_REASON_REMOVE_FROM_CRL 8
//+-------------------------------------------------------------------------
// X509_CRL_DIST_POINTS
// szOID_CRL_DIST_POINTS
//
// pvStructInfo points to following CRL_DIST_POINTS_INFO.
//
// For CRYPT_E_INVALID_IA5_STRING, the error location is returned in
// *pcbEncoded by CryptEncodeObject(X509_CRL_DIST_POINTS)
//
// Error location consists of:
// CRL_ISSUER_BIT - 1 bit << 31 (0 for FullName, 1 for CRLIssuer)
// POINT_INDEX - 7 bits << 24
// ENTRY_INDEX - 8 bits << 16
// VALUE_INDEX - 16 bits (unicode character index)
//
// See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location
// defines.
//--------------------------------------------------------------------------
typedef struct _CRL_DIST_POINT_NAME {
DWORD dwDistPointNameChoice;
union {
CERT_ALT_NAME_INFO FullName; // 1
// Not implemented IssuerRDN; // 2
};
} CRL_DIST_POINT_NAME, *PCRL_DIST_POINT_NAME;
#define CRL_DIST_POINT_NO_NAME 0
#define CRL_DIST_POINT_FULL_NAME 1
#define CRL_DIST_POINT_ISSUER_RDN_NAME 2
typedef struct _CRL_DIST_POINT {
CRL_DIST_POINT_NAME DistPointName; // OPTIONAL
CRYPT_BIT_BLOB ReasonFlags; // OPTIONAL
CERT_ALT_NAME_INFO CRLIssuer; // OPTIONAL
} CRL_DIST_POINT, *PCRL_DIST_POINT;
#define CRL_REASON_UNUSED_FLAG 0x80
#define CRL_REASON_KEY_COMPROMISE_FLAG 0x40
#define CRL_REASON_CA_COMPROMISE_FLAG 0x20
#define CRL_REASON_AFFILIATION_CHANGED_FLAG 0x10
#define CRL_REASON_SUPERSEDED_FLAG 0x08
#define CRL_REASON_CESSATION_OF_OPERATION_FLAG 0x04
#define CRL_REASON_CERTIFICATE_HOLD_FLAG 0x02
typedef struct _CRL_DIST_POINTS_INFO {
DWORD cDistPoint;
PCRL_DIST_POINT rgDistPoint;
} CRL_DIST_POINTS_INFO, *PCRL_DIST_POINTS_INFO;
#define CRL_DIST_POINT_ERR_INDEX_MASK 0x7F
#define CRL_DIST_POINT_ERR_INDEX_SHIFT 24
#define GET_CRL_DIST_POINT_ERR_INDEX(X) \
((X >> CRL_DIST_POINT_ERR_INDEX_SHIFT) & CRL_DIST_POINT_ERR_INDEX_MASK)
#define CRL_DIST_POINT_ERR_CRL_ISSUER_BIT 0x80000000L
#define IS_CRL_DIST_POINT_ERR_CRL_ISSUER(X) \
(0 != (X & CRL_DIST_POINT_ERR_CRL_ISSUER_BIT))
//+-------------------------------------------------------------------------
// X509_ENHANCED_KEY_USAGE
// szOID_ENHANCED_KEY_USAGE
//
// pvStructInfo points to a CERT_ENHKEY_USAGE, CTL_USAGE.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// szOID_NEXT_UPDATE_LOCATION