quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

schannel_int.h (6578B)

      1 #ifndef HEADER_CURL_SCHANNEL_INT_H
      2 #define HEADER_CURL_SCHANNEL_INT_H
      3 /***************************************************************************
      4  *                                  _   _ ____  _
      5  *  Project                     ___| | | |  _ \| |
      6  *                             / __| | | | |_) | |
      7  *                            | (__| |_| |  _ <| |___
      8  *                             \___|\___/|_| \_\_____|
      9  *
     10  * Copyright (C) Marc Hoersken, <info@marc-hoersken.de>, et al.
     11  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
     12  *
     13  * This software is licensed as described in the file COPYING, which
     14  * you should have received as part of this distribution. The terms
     15  * are also available at https://curl.se/docs/copyright.html.
     16  *
     17  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
     18  * copies of the Software, and permit persons to whom the Software is
     19  * furnished to do so, under the terms of the COPYING file.
     20  *
     21  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
     22  * KIND, either express or implied.
     23  *
     24  * SPDX-License-Identifier: curl
     25  *
     26  ***************************************************************************/
     27 #include "../curl_setup.h"
     28 
     29 #ifdef USE_SCHANNEL
     30 
     31 #include "vtls.h"
     32 
     33 #if (defined(__MINGW32__) || defined(CERT_CHAIN_REVOCATION_CHECK_CHAIN)) \
     34   && !defined(CURL_WINDOWS_UWP)
     35 #define HAS_MANUAL_VERIFY_API
     36 #endif
     37 
     38 #if defined(CryptStringToBinary) && defined(CRYPT_STRING_HEX)   \
     39   && !defined(DISABLE_SCHANNEL_CLIENT_CERT)
     40 #define HAS_CLIENT_CERT_PATH
     41 #endif
     42 
     43 #ifndef CRYPT_DECODE_NOCOPY_FLAG
     44 #define CRYPT_DECODE_NOCOPY_FLAG 0x1
     45 #endif
     46 
     47 #ifndef CRYPT_DECODE_ALLOC_FLAG
     48 #define CRYPT_DECODE_ALLOC_FLAG 0x8000
     49 #endif
     50 
     51 #ifndef CERT_ALT_NAME_DNS_NAME
     52 #define CERT_ALT_NAME_DNS_NAME 3
     53 #endif
     54 
     55 #ifndef CERT_ALT_NAME_IP_ADDRESS
     56 #define CERT_ALT_NAME_IP_ADDRESS 8
     57 #endif
     58 
     59 #if defined(_MSC_VER) && (_MSC_VER <= 1600)
     60 /* Workaround for warning:
     61    'type cast' : conversion from 'int' to 'LPCSTR' of greater size */
     62 #undef CERT_STORE_PROV_MEMORY
     63 #undef CERT_STORE_PROV_SYSTEM_A
     64 #undef CERT_STORE_PROV_SYSTEM_W
     65 #define CERT_STORE_PROV_MEMORY    ((LPCSTR)(size_t)2)
     66 #define CERT_STORE_PROV_SYSTEM_A  ((LPCSTR)(size_t)9)
     67 #define CERT_STORE_PROV_SYSTEM_W  ((LPCSTR)(size_t)10)
     68 #endif
     69 
     70 #ifndef SCH_CREDENTIALS_VERSION
     71 #define SCH_CREDENTIALS_VERSION  0x00000005
     72 
     73 typedef enum _eTlsAlgorithmUsage {
     74   TlsParametersCngAlgUsageKeyExchange,
     75   TlsParametersCngAlgUsageSignature,
     76   TlsParametersCngAlgUsageCipher,
     77   TlsParametersCngAlgUsageDigest,
     78   TlsParametersCngAlgUsageCertSig
     79 } eTlsAlgorithmUsage;
     80 
     81 /* !checksrc! disable TYPEDEFSTRUCT 1 */
     82 typedef struct _CRYPTO_SETTINGS {
     83   eTlsAlgorithmUsage  eAlgorithmUsage;
     84   UNICODE_STRING      strCngAlgId;
     85   DWORD               cChainingModes;
     86   PUNICODE_STRING     rgstrChainingModes;
     87   DWORD               dwMinBitLength;
     88   DWORD               dwMaxBitLength;
     89 } CRYPTO_SETTINGS, * PCRYPTO_SETTINGS;
     90 
     91 /* !checksrc! disable TYPEDEFSTRUCT 1 */
     92 typedef struct _TLS_PARAMETERS {
     93   DWORD               cAlpnIds;
     94   PUNICODE_STRING     rgstrAlpnIds;
     95   DWORD               grbitDisabledProtocols;
     96   DWORD               cDisabledCrypto;
     97   PCRYPTO_SETTINGS    pDisabledCrypto;
     98   DWORD               dwFlags;
     99 } TLS_PARAMETERS, * PTLS_PARAMETERS;
    100 
    101 /* !checksrc! disable TYPEDEFSTRUCT 1 */
    102 typedef struct _SCH_CREDENTIALS {
    103   DWORD               dwVersion;
    104   DWORD               dwCredFormat;
    105   DWORD               cCreds;
    106   PCCERT_CONTEXT* paCred;
    107   HCERTSTORE          hRootStore;
    108 
    109   DWORD               cMappers;
    110   struct _HMAPPER **aphMappers;
    111 
    112   DWORD               dwSessionLifespan;
    113   DWORD               dwFlags;
    114   DWORD               cTlsParameters;
    115   PTLS_PARAMETERS     pTlsParameters;
    116 } SCH_CREDENTIALS, * PSCH_CREDENTIALS;
    117 
    118 #define SCH_CRED_MAX_SUPPORTED_PARAMETERS 16
    119 #define SCH_CRED_MAX_SUPPORTED_ALPN_IDS 16
    120 #define SCH_CRED_MAX_SUPPORTED_CRYPTO_SETTINGS 16
    121 #define SCH_CRED_MAX_SUPPORTED_CHAINING_MODES 16
    122 
    123 #endif /* SCH_CREDENTIALS_VERSION */
    124 
    125 struct Curl_schannel_cred {
    126   CredHandle cred_handle;
    127   TimeStamp time_stamp;
    128   TCHAR *sni_hostname;
    129 #ifdef HAS_CLIENT_CERT_PATH
    130   HCERTSTORE client_cert_store;
    131 #endif
    132   int refcount;
    133 };
    134 
    135 struct Curl_schannel_ctxt {
    136   CtxtHandle ctxt_handle;
    137   TimeStamp time_stamp;
    138 };
    139 
    140 struct schannel_ssl_backend_data {
    141   struct Curl_schannel_cred *cred;
    142   struct Curl_schannel_ctxt *ctxt;
    143   SecPkgContext_StreamSizes stream_sizes;
    144   size_t encdata_length, decdata_length;
    145   size_t encdata_offset, decdata_offset;
    146   unsigned char *encdata_buffer, *decdata_buffer;
    147   /* encdata_is_incomplete: if encdata contains only a partial record that
    148      cannot be decrypted without another recv() (that is, status is
    149      SEC_E_INCOMPLETE_MESSAGE) then set this true. after an recv() adds
    150      more bytes into encdata then set this back to false. */
    151   unsigned long req_flags, ret_flags;
    152   CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */
    153   BIT(recv_sspi_close_notify); /* true if connection closed by close_notify */
    154   BIT(recv_connection_closed); /* true if connection closed, regardless how */
    155   BIT(recv_renegotiating);     /* true if recv is doing renegotiation */
    156   BIT(use_alpn); /* true if ALPN is used for this connection */
    157 #ifdef HAS_MANUAL_VERIFY_API
    158   BIT(use_manual_cred_validation); /* true if manual cred validation is used */
    159 #endif
    160   BIT(sent_shutdown);
    161   BIT(encdata_is_incomplete);
    162 };
    163 
    164 /* key to use at `multi->proto_hash` */
    165 #define MPROTO_SCHANNEL_CERT_SHARE_KEY   "tls:schannel:cert:share"
    166 
    167 struct schannel_cert_share {
    168   unsigned char CAinfo_blob_digest[CURL_SHA256_DIGEST_LENGTH];
    169   size_t CAinfo_blob_size;           /* CA info blob size */
    170   char *CAfile;                      /* CAfile path used to generate
    171                                         certificate store */
    172   HCERTSTORE cert_store;             /* cached certificate store or
    173                                         NULL if none */
    174   struct curltime time;              /* when the cached store was created */
    175 };
    176 
    177 /*
    178 * size of the structure: 20 bytes.
    179 */
    180 struct num_ip_data {
    181   DWORD size; /* 04 bytes */
    182   union {
    183     struct in_addr  ia;  /* 04 bytes */
    184     struct in6_addr ia6; /* 16 bytes */
    185   } bData;
    186 };
    187 
    188 HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf,
    189                                                const struct Curl_easy *data);
    190 
    191 bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf,
    192                                          const struct Curl_easy *data,
    193                                          HCERTSTORE cert_store);
    194 
    195 #endif /* USE_SCHANNEL */
    196 #endif /* HEADER_CURL_SCHANNEL_INT_H */