1/**
2 * Windows API header module
3 *
4 * Translated from MinGW Windows headers
5 *
6 * Authors: Stewart Gordon
7 * License: $(LINK2 http://www.boost.org/LICENSE_1_0.txt, Boost License 1.0)
8 * Source: $(DRUNTIMESRC core/sys/windows/_wincrypt.d)
9 */
10module core.sys.windows.wincrypt;
11version (Windows):
12@system:
13pragma(lib, "advapi32");
14
15version (ANSI) {} else version = Unicode;
16
17import core.sys.windows.w32api, core.sys.windows.winbase, core.sys.windows.windef;
18
19/* FIXME:
20 *  Types of some constants
21 *  Types of macros
22 *  Inits of various "size" and "version" members
23 *  Why are some #ifdefs commented out?
24 */
25
26const TCHAR[]
27    MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0",
28    MS_ENHANCED_PROV = "Microsoft Enhanced Cryptographic Provider v1.0",
29    MS_STRONG_PROV = "Microsoft Strong Cryptographic Provider",
30    MS_DEF_RSA_SIG_PROV = "Microsoft RSA Signature Cryptographic Provider",
31    MS_DEF_RSA_SCHANNEL_PROV = "Microsoft RSA SChannel Cryptographic Provider",
32    MS_DEF_DSS_PROV = "Microsoft Base DSS Cryptographic Provider",
33    MS_DEF_DSS_DH_PROV
34      = "Microsoft Base DSS and Diffie-Hellman Cryptographic Provider",
35    MS_ENH_DSS_DH_PROV
36      = "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider",
37    MS_DEF_DH_SCHANNEL_PROV = "Microsoft DH SChannel Cryptographic Provider",
38    MS_SCARD_PROV = "Microsoft Base Smart Card Crypto Provider";
39
40static if (_WIN32_WINNT > 0x501) {
41const TCHAR[] MS_ENH_RSA_AES_PROV
42      = "Microsoft Enhanced RSA and AES Cryptographic Provider";
43} else static if (_WIN32_WINNT == 0x501) {
44const TCHAR[] MS_ENH_RSA_AES_PROV
45      = "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)";
46}
47
48ALG_ID GET_ALG_CLASS(ALG_ID x) { return x & 0xE000; }
49ALG_ID GET_ALG_TYPE (ALG_ID x) { return x & 0x1E00; }
50ALG_ID GET_ALG_SID  (ALG_ID x) { return x & 0x01FF; }
51
52enum : ALG_ID {
53    ALG_CLASS_ANY           = 0,
54    ALG_CLASS_SIGNATURE     = 0x2000,
55    ALG_CLASS_MSG_ENCRYPT   = 0x4000,
56    ALG_CLASS_DATA_ENCRYPT  = 0x6000,
57    ALG_CLASS_HASH          = 0x8000,
58    ALG_CLASS_KEY_EXCHANGE  = 0xA000,
59    ALG_CLASS_ALL           = 0xE000
60}
61
62enum : ALG_ID {
63    ALG_TYPE_ANY           = 0,
64    ALG_TYPE_DSS           = 0x0200,
65    ALG_TYPE_RSA           = 0x0400,
66    ALG_TYPE_BLOCK         = 0x0600,
67    ALG_TYPE_STREAM        = 0x0800,
68    ALG_TYPE_DH            = 0x0A00,
69    ALG_TYPE_SECURECHANNEL = 0x0C00
70}
71
72enum : ALG_ID {
73    ALG_SID_ANY          =  0,
74    ALG_SID_RSA_ANY      =  0,
75    ALG_SID_RSA_PKCS,
76    ALG_SID_RSA_MSATWORK,
77    ALG_SID_RSA_ENTRUST,
78    ALG_SID_RSA_PGP,  // =  4
79    ALG_SID_DSS_ANY      =  0,
80    ALG_SID_DSS_PKCS,
81    ALG_SID_DSS_DMS,  // =  2
82    ALG_SID_DES          =  1,
83    ALG_SID_3DES         =  3,
84    ALG_SID_DESX,
85    ALG_SID_IDEA,
86    ALG_SID_CAST,
87    ALG_SID_SAFERSK64,
88    ALG_SID_SAFERSK128,
89    ALG_SID_3DES_112,
90    ALG_SID_SKIPJACK,
91    ALG_SID_TEK,
92    ALG_SID_CYLINK_MEK,
93    ALG_SID_RC5,      // = 13
94    ALG_SID_RC2          =  2,
95    ALG_SID_RC4          =  1,
96    ALG_SID_SEAL         =  2,
97    ALG_SID_MD2          =  1,
98    ALG_SID_MD4,
99    ALG_SID_MD5,
100    ALG_SID_SHA,
101    ALG_SID_MAC,
102    ALG_SID_RIPEMD,
103    ALG_SID_RIPEMD160,
104    ALG_SID_SSL3SHAMD5,
105    ALG_SID_HMAC,
106    ALG_SID_TLS1PRF,  // = 10
107    ALG_SID_AES_128      = 14,
108    ALG_SID_AES_192,
109    ALG_SID_AES_256,
110    ALG_SID_AES,      // = 17
111    ALG_SID_EXAMPLE      = 80
112}
113
114enum : ALG_ID {
115    CALG_MD2        = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2,
116    CALG_MD4        = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4,
117    CALG_MD5        = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5,
118    CALG_SHA        = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA,
119    CALG_SHA1       = CALG_SHA,
120    CALG_MAC        = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC,
121    CALG_3DES       = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | 3,
122    CALG_CYLINK_MEK = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | 12,
123    CALG_SKIPJACK   = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | 10,
124    CALG_KEA_KEYX   = ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_STREAM | ALG_TYPE_DSS | 4,
125    CALG_RSA_SIGN   = ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RSA_ANY,
126    CALG_DSS_SIGN   = ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DSS_ANY,
127    CALG_RSA_KEYX   = ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_RSA | ALG_SID_RSA_ANY,
128    CALG_DES        = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_DES,
129    CALG_RC2        = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_RC2,
130    CALG_RC4        = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_STREAM | ALG_SID_RC4,
131    CALG_SEAL       = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_STREAM | ALG_SID_SEAL,
132    CALG_DH_EPHEM   = ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_STREAM | ALG_TYPE_DSS
133                      | ALG_SID_DSS_DMS,
134    CALG_DESX       = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_DESX,
135// is undefined ALG_CLASS_DHASH in MinGW - presuming typo
136    CALG_TLS1PRF    = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF,
137    CALG_AES_128    = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_128,
138    CALG_AES_192    = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_192,
139    CALG_AES_256    = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_256,
140    CALG_AES        = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES,
141}
142
143enum {
144    CRYPT_VERIFYCONTEXT = 0xF0000000,
145}
146
147enum {
148    CRYPT_NEWKEYSET = 8,
149    CRYPT_DELETEKEYSET = 16,
150    CRYPT_MACHINE_KEYSET = 32,
151    CRYPT_SILENT = 64,
152}
153
154enum {
155    CRYPT_EXPORTABLE = 1,
156    CRYPT_USER_PROTECTED = 2,
157    CRYPT_CREATE_SALT = 4,
158    CRYPT_UPDATE_KEY = 8,
159}
160
161enum {
162    SIMPLEBLOB = 1,
163    PUBLICKEYBLOB = 6,
164    PRIVATEKEYBLOB = 7,
165    PLAINTEXTKEYBLOB = 8,
166    OPAQUEKEYBLOB = 9,
167    PUBLICKEYBLOBEX = 10,
168    SYMMETRICWRAPKEYBLOB = 11,
169}
170
171enum {
172    AT_KEYEXCHANGE = 1,
173    AT_SIGNATURE = 2,
174}
175
176enum {
177    CRYPT_USERDATA = 1,
178}
179
180enum {
181    PKCS5_PADDING = 1,
182}
183
184enum {
185    CRYPT_MODE_CBC = 1,
186    CRYPT_MODE_ECB = 2,
187    CRYPT_MODE_OFB = 3,
188    CRYPT_MODE_CFB = 4,
189    CRYPT_MODE_CTS = 5,
190    CRYPT_MODE_CBCI = 6,
191    CRYPT_MODE_CFBP = 7,
192    CRYPT_MODE_OFBP = 8,
193    CRYPT_MODE_CBCOFM = 9,
194    CRYPT_MODE_CBCOFMI = 10,
195}
196
197enum {
198    CRYPT_ENCRYPT = 1,
199    CRYPT_DECRYPT = 2,
200    CRYPT_EXPORT = 4,
201    CRYPT_READ = 8,
202    CRYPT_WRITE = 16,
203    CRYPT_MAC = 32,
204}
205
206enum {
207    HP_ALGID = 1,
208    HP_HASHVAL = 2,
209    HP_HASHSIZE = 4,
210    HP_HMAC_INFO = 5,
211}
212
213enum {
214    CRYPT_FAILED = FALSE,
215    CRYPT_SUCCEED = TRUE,
216}
217
218bool RCRYPT_SUCCEEDED(BOOL r) { return r==CRYPT_SUCCEED; }
219bool RCRYPT_FAILED(BOOL r) { return r==CRYPT_FAILED; }
220
221enum {
222    PP_ENUMALGS = 1,
223    PP_ENUMCONTAINERS = 2,
224    PP_IMPTYPE = 3,
225    PP_NAME = 4,
226    PP_VERSION = 5,
227    PP_CONTAINER = 6,
228    PP_CHANGE_PASSWORD  = 7,
229    PP_KEYSET_SEC_DESCR = 8,
230    PP_CERTCHAIN    = 9,
231    PP_KEY_TYPE_SUBTYPE = 10,
232    PP_PROVTYPE = 16,
233    PP_KEYSTORAGE   = 17,
234    PP_APPLI_CERT   = 18,
235    PP_SYM_KEYSIZE  = 19,
236    PP_SESSION_KEYSIZE  = 20,
237    PP_UI_PROMPT    = 21,
238    PP_ENUMALGS_EX  = 22,
239    PP_ENUMMANDROOTS = 25,
240    PP_ENUMELECTROOTS = 26,
241    PP_KEYSET_TYPE = 27,
242    PP_ADMIN_PIN = 31,
243    PP_KEYEXCHANGE_PIN = 32,
244    PP_SIGNATURE_PIN = 33,
245    PP_SIG_KEYSIZE_INC = 34,
246    PP_KEYX_KEYSIZE_INC = 35,
247    PP_UNIQUE_CONTAINER = 36,
248    PP_SGC_INFO = 37,
249    PP_USE_HARDWARE_RNG = 38,
250    PP_KEYSPEC = 39,
251    PP_ENUMEX_SIGNING_PROT = 40,
252}
253
254enum {
255    CRYPT_FIRST = 1,
256    CRYPT_NEXT = 2,
257}
258
259enum {
260    CRYPT_IMPL_HARDWARE = 1,
261    CRYPT_IMPL_SOFTWARE = 2,
262    CRYPT_IMPL_MIXED = 3,
263    CRYPT_IMPL_UNKNOWN = 4,
264}
265
266enum {
267    PROV_RSA_FULL = 1,
268    PROV_RSA_SIG = 2,
269    PROV_DSS = 3,
270    PROV_FORTEZZA = 4,
271    PROV_MS_MAIL = 5,
272    PROV_SSL = 6,
273    PROV_STT_MER = 7,
274    PROV_STT_ACQ = 8,
275    PROV_STT_BRND = 9,
276    PROV_STT_ROOT = 10,
277    PROV_STT_ISS = 11,
278    PROV_RSA_SCHANNEL = 12,
279    PROV_DSS_DH = 13,
280    PROV_EC_ECDSA_SIG = 14,
281    PROV_EC_ECNRA_SIG = 15,
282    PROV_EC_ECDSA_FULL = 16,
283    PROV_EC_ECNRA_FULL = 17,
284    PROV_DH_SCHANNEL = 18,
285    PROV_SPYRUS_LYNKS = 20,
286    PROV_RNG = 21,
287    PROV_INTEL_SEC = 22,
288    PROV_RSA_AES = 24,
289    MAXUIDLEN = 64,
290}
291
292enum {
293    CUR_BLOB_VERSION = 2,
294}
295
296enum {
297    X509_ASN_ENCODING = 1,
298    PKCS_7_ASN_ENCODING  = 65536,
299}
300
301enum {
302    CERT_V1 = 0,
303    CERT_V2 = 1,
304    CERT_V3 = 2,
305}
306
307enum {
308    CERT_E_CHAINING = (-2146762486),
309    CERT_E_CN_NO_MATCH = (-2146762481),
310    CERT_E_EXPIRED = (-2146762495),
311    CERT_E_PURPOSE = (-2146762490),
312    CERT_E_REVOCATION_FAILURE = (-2146762482),
313    CERT_E_REVOKED = (-2146762484),
314    CERT_E_ROLE = (-2146762493),
315    CERT_E_UNTRUSTEDROOT = (-2146762487),
316    CERT_E_UNTRUSTEDTESTROOT = (-2146762483),
317    CERT_E_VALIDITYPERIODNESTING = (-2146762494),
318    CERT_E_WRONG_USAGE = (-2146762480),
319    CERT_E_PATHLENCONST = (-2146762492),
320    CERT_E_CRITICAL = (-2146762491),
321    CERT_E_ISSUERCHAINING = (-2146762489),
322    CERT_E_MALFORMED = (-2146762488),
323    CRYPT_E_REVOCATION_OFFLINE = (-2146885613),
324    CRYPT_E_REVOKED = (-2146885616),
325    TRUST_E_BASIC_CONSTRAINTS = (-2146869223),
326    TRUST_E_CERT_SIGNATURE = (-2146869244),
327    TRUST_E_FAIL = (-2146762485),
328}
329
330enum {
331    CERT_TRUST_NO_ERROR = 0,
332    CERT_TRUST_IS_NOT_TIME_VALID = 1,
333    CERT_TRUST_IS_NOT_TIME_NESTED = 2,
334    CERT_TRUST_IS_REVOKED = 4,
335    CERT_TRUST_IS_NOT_SIGNATURE_VALID = 8,
336    CERT_TRUST_IS_NOT_VALID_FOR_USAGE = 16,
337    CERT_TRUST_IS_UNTRUSTED_ROOT = 32,
338    CERT_TRUST_REVOCATION_STATUS_UNKNOWN = 64,
339    CERT_TRUST_IS_CYCLIC = 128,
340    CERT_TRUST_IS_PARTIAL_CHAIN = 65536,
341    CERT_TRUST_CTL_IS_NOT_TIME_VALID = 131072,
342    CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID = 262144,
343    CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE = 524288,
344}
345
346enum {
347    CERT_TRUST_HAS_EXACT_MATCH_ISSUER = 1,
348    CERT_TRUST_HAS_KEY_MATCH_ISSUER = 2,
349    CERT_TRUST_HAS_NAME_MATCH_ISSUER = 4,
350    CERT_TRUST_IS_SELF_SIGNED = 8,
351    CERT_TRUST_IS_COMPLEX_CHAIN = 65536,
352}
353
354enum {
355    CERT_CHAIN_POLICY_BASE              = cast(LPCSTR) 1,
356    CERT_CHAIN_POLICY_AUTHENTICODE      = cast(LPCSTR) 2,
357    CERT_CHAIN_POLICY_AUTHENTICODE_TS   = cast(LPCSTR) 3,
358    CERT_CHAIN_POLICY_SSL               = cast(LPCSTR) 4,
359    CERT_CHAIN_POLICY_BASIC_CONSTRAINTS = cast(LPCSTR) 5,
360    CERT_CHAIN_POLICY_NT_AUTH           = cast(LPCSTR) 6,
361}
362
363enum {
364    USAGE_MATCH_TYPE_AND = 0,
365    USAGE_MATCH_TYPE_OR = 1,
366}
367
368enum {
369    CERT_SIMPLE_NAME_STR = 1,
370    CERT_OID_NAME_STR = 2,
371    CERT_X500_NAME_STR = 3,
372}
373enum {
374    CERT_NAME_STR_SEMICOLON_FLAG = 1073741824,
375    CERT_NAME_STR_CRLF_FLAG = 134217728,
376    CERT_NAME_STR_NO_PLUS_FLAG = 536870912,
377    CERT_NAME_STR_NO_QUOTING_FLAG = 268435456,
378    CERT_NAME_STR_REVERSE_FLAG = 33554432,
379    CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG = 131072,
380}
381
382enum {
383    CERT_FIND_ANY = 0,
384    CERT_FIND_CERT_ID = 1048576,
385    CERT_FIND_CTL_USAGE = 655360,
386    CERT_FIND_ENHKEY_USAGE = 655360,
387    CERT_FIND_EXISTING = 851968,
388    CERT_FIND_HASH = 65536,
389    CERT_FIND_ISSUER_ATTR = 196612,
390    CERT_FIND_ISSUER_NAME = 131076,
391    CERT_FIND_ISSUER_OF = 786432,
392    CERT_FIND_KEY_IDENTIFIER = 983040,
393    CERT_FIND_KEY_SPEC = 589824,
394    CERT_FIND_MD5_HASH = 262144,
395    CERT_FIND_PROPERTY = 327680,
396    CERT_FIND_PUBLIC_KEY = 393216,
397    CERT_FIND_SHA1_HASH = 65536,
398    CERT_FIND_SIGNATURE_HASH = 917504,
399    CERT_FIND_SUBJECT_ATTR = 196615,
400    CERT_FIND_SUBJECT_CERT = 720896,
401    CERT_FIND_SUBJECT_NAME = 131079,
402    CERT_FIND_SUBJECT_STR_A = 458759,
403    CERT_FIND_SUBJECT_STR_W = 524295,
404    CERT_FIND_ISSUER_STR_A = 458756,
405    CERT_FIND_ISSUER_STR_W = 524292,
406}
407
408enum {
409    CERT_FIND_OR_ENHKEY_USAGE_FLAG = 16,
410    CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG  = 1,
411    CERT_FIND_NO_ENHKEY_USAGE_FLAG  = 8,
412    CERT_FIND_VALID_ENHKEY_USAGE_FLAG  = 32,
413    CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG  = 2,
414}
415
416enum {
417    CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG  = 2,
418    CERT_UNICODE_IS_RDN_ATTRS_FLAG = 1,
419    CERT_CHAIN_FIND_BY_ISSUER = 1,
420}
421
422enum {
423    CERT_CHAIN_FIND_BY_ISSUER_COMPARE_KEY_FLAG = 1,
424    CERT_CHAIN_FIND_BY_ISSUER_COMPLEX_CHAIN_FLAG = 2,
425    CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG = 4,
426    CERT_CHAIN_FIND_BY_ISSUER_LOCAL_MACHINE_FLAG = 8,
427    CERT_CHAIN_FIND_BY_ISSUER_NO_KEY_FLAG = 16384,
428    CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG = 32768,
429}
430
431enum {
432    CERT_STORE_PROV_SYSTEM = 10,
433    CERT_SYSTEM_STORE_LOCAL_MACHINE = 131072,
434}
435
436enum {
437    szOID_PKIX_KP_SERVER_AUTH = "4235600",
438    szOID_SERVER_GATED_CRYPTO = "4235658",
439    szOID_SGC_NETSCAPE = "2.16.840.1.113730.4.1",
440    szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2",
441}
442
443enum {
444    CRYPT_NOHASHOID = 0x00000001,
445    CRYPT_NO_SALT = 0x10,
446    CRYPT_PREGEN = 0x40,
447}
448
449enum {
450    CRYPT_RECIPIENT = 0x10,
451    CRYPT_INITIATOR = 0x40,
452    CRYPT_ONLINE = 0x80,
453    CRYPT_SF = 0x100,
454    CRYPT_CREATE_IV = 0x200,
455    CRYPT_KEK = 0x400,
456    CRYPT_DATA_KEY = 0x800,
457    CRYPT_VOLATILE = 0x1000,
458    CRYPT_SGCKEY = 0x2000,
459}
460
461enum {
462    KP_IV               = 0x00000001,
463    KP_SALT             = 0x00000002,
464    KP_PADDING          = 0x00000003,
465    KP_MODE             = 0x00000004,
466    KP_MODE_BITS        = 0x00000005,
467    KP_PERMISSIONS      = 0x00000006,
468    KP_ALGID            = 0x00000007,
469    KP_BLOCKLEN         = 0x00000008,
470    KP_KEYLEN           = 0x00000009,
471    KP_SALT_EX          = 0x0000000a,
472    KP_P                = 0x0000000b,
473    KP_G                = 0x0000000c,
474    KP_Q                = 0x0000000d,
475    KP_X                = 0x0000000e,
476    KP_Y                = 0x0000000f,
477    KP_RA               = 0x00000010,
478    KP_RB               = 0x00000011,
479    KP_INFO             = 0x00000012,
480    KP_EFFECTIVE_KEYLEN = 0x00000013,
481    KP_SCHANNEL_ALG     = 0x00000014,
482    KP_PUB_PARAMS       = 0x00000027,
483}
484
485enum {
486    CRYPT_FLAG_PCT1    = 0x0001,
487    CRYPT_FLAG_SSL2    = 0x0002,
488    CRYPT_FLAG_SSL3    = 0x0004,
489    CRYPT_FLAG_TLS1    = 0x0008,
490    CRYPT_FLAG_IPSEC   = 0x0010,
491    CRYPT_FLAG_SIGNING = 0x0020,
492}
493
494enum {
495    SCHANNEL_MAC_KEY    = 0x00000000,
496    SCHANNEL_ENC_KEY    = 0x00000001,
497}
498
499enum {
500    INTERNATIONAL_USAGE = 0x00000001,
501}
502
503
504alias UINT ALG_ID;
505alias ULONG_PTR HCRYPTPROV, HCRYPTKEY, HCRYPTHASH;
506alias PVOID HCERTSTORE, HCRYPTMSG, HCERTCHAINENGINE;
507
508struct VTableProvStruc {
509    FARPROC FuncVerifyImage;
510}
511alias VTableProvStruc* PVTableProvStruc;
512
513struct _CRYPTOAPI_BLOB {
514    DWORD cbData;
515    BYTE* pbData;
516}
517alias _CRYPTOAPI_BLOB CRYPT_INTEGER_BLOB, CRYPT_UINT_BLOB,
518  CRYPT_OBJID_BLOB, CERT_NAME_BLOB, CERT_RDN_VALUE_BLOB, CERT_BLOB,
519  CRL_BLOB, DATA_BLOB, CRYPT_DATA_BLOB, CRYPT_HASH_BLOB,
520  CRYPT_DIGEST_BLOB, CRYPT_DER_BLOB, CRYPT_ATTR_BLOB;
521alias _CRYPTOAPI_BLOB* PCRYPT_INTEGER_BLOB, PCRYPT_UINT_BLOB,
522  PCRYPT_OBJID_BLOB, PCERT_NAME_BLOB, PCERT_RDN_VALUE_BLOB, PCERT_BLOB,
523  PCRL_BLOB, PDATA_BLOB, PCRYPT_DATA_BLOB, PCRYPT_HASH_BLOB,
524  PCRYPT_DIGEST_BLOB, PCRYPT_DER_BLOB, PCRYPT_ATTR_BLOB;
525
526// not described in SDK; has the same layout as HTTPSPolicyCallbackData
527struct SSL_EXTRA_CERT_CHAIN_POLICY_PARA {
528    DWORD  cbStruct;
529    DWORD  dwAuthType;
530    DWORD  fdwChecks;
531    LPWSTR pwszServerName;
532}
533alias SSL_EXTRA_CERT_CHAIN_POLICY_PARA HTTPSPolicyCallbackData;
534alias SSL_EXTRA_CERT_CHAIN_POLICY_PARA* PSSL_EXTRA_CERT_CHAIN_POLICY_PARA,
535  PHTTPSPolicyCallbackData;
536
537/* #if (_WIN32_WINNT>=0x500) */
538struct CERT_CHAIN_POLICY_PARA {
539    DWORD cbSize = CERT_CHAIN_POLICY_PARA.sizeof;
540    DWORD dwFlags;
541    void* pvExtraPolicyPara;
542}
543alias CERT_CHAIN_POLICY_PARA* PCERT_CHAIN_POLICY_PARA;
544
545struct CERT_CHAIN_POLICY_STATUS {
546    DWORD cbSize = CERT_CHAIN_POLICY_STATUS.sizeof;
547    DWORD dwError;
548    LONG  lChainIndex;
549    LONG  lElementIndex;
550    void* pvExtraPolicyStatus;
551}
552alias CERT_CHAIN_POLICY_STATUS* PCERT_CHAIN_POLICY_STATUS;
553/* #endif */
554
555struct CRYPT_ALGORITHM_IDENTIFIER {
556    LPSTR pszObjId;
557    CRYPT_OBJID_BLOB Parameters;
558}
559alias CRYPT_ALGORITHM_IDENTIFIER* PCRYPT_ALGORITHM_IDENTIFIER;
560
561struct CRYPT_BIT_BLOB {
562    DWORD cbData;
563    BYTE* pbData;
564    DWORD cUnusedBits;
565}
566alias CRYPT_BIT_BLOB* PCRYPT_BIT_BLOB;
567
568struct CERT_PUBLIC_KEY_INFO {
569    CRYPT_ALGORITHM_IDENTIFIER Algorithm;
570    CRYPT_BIT_BLOB             PublicKey;
571}
572alias CERT_PUBLIC_KEY_INFO* PCERT_PUBLIC_KEY_INFO;
573
574struct CERT_EXTENSION {
575    LPSTR            pszObjId;
576    BOOL             fCritical;
577    CRYPT_OBJID_BLOB Value;
578}
579alias CERT_EXTENSION* PCERT_EXTENSION;
580
581struct CERT_INFO {
582    DWORD dwVersion;
583    CRYPT_INTEGER_BLOB SerialNumber;
584    CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
585    CERT_NAME_BLOB Issuer;
586    FILETIME NotBefore;
587    FILETIME NotAfter;
588    CERT_NAME_BLOB Subject;
589    CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
590    CRYPT_BIT_BLOB IssuerUniqueId;
591    CRYPT_BIT_BLOB SubjectUniqueId;
592    DWORD cExtension;
593    PCERT_EXTENSION rgExtension;
594}
595alias CERT_INFO* PCERT_INFO;
596
597struct CERT_CONTEXT {
598    DWORD      dwCertEncodingType;
599    BYTE*      pbCertEncoded;
600    DWORD      cbCertEncoded;
601    PCERT_INFO pCertInfo;
602    HCERTSTORE hCertStore;
603}
604alias CERT_CONTEXT*        PCERT_CONTEXT;
605alias const(CERT_CONTEXT)* PCCERT_CONTEXT;
606
607struct CTL_USAGE {
608    DWORD  cUsageIdentifier;
609    LPSTR* rgpszUsageIdentifier;
610}
611alias CTL_USAGE CERT_ENHKEY_USAGE;
612alias CTL_USAGE* PCTRL_USAGE, PCERT_ENHKEY_USAGE;
613
614struct CERT_USAGE_MATCH {
615    DWORD             dwType;
616    CERT_ENHKEY_USAGE Usage;
617}
618alias CERT_USAGE_MATCH* PCERT_USAGE_MATCH;
619/* #if (_WIN32_WINNT>=0x500) */
620
621struct CERT_CHAIN_PARA {
622    DWORD            cbSize = CERT_CHAIN_PARA.sizeof;
623    CERT_USAGE_MATCH RequestedUsage;
624//#if CERT_CHAIN_PARA_HAS_EXTRA_FIELDS
625    CERT_USAGE_MATCH RequestedIssuancePolicy;
626    DWORD            dwUrlRetrievalTimeout;
627    BOOL             fCheckRevocationFreshnessTime;
628    DWORD            dwRevocationFreshnessTime;
629//#endif
630}
631alias CERT_CHAIN_PARA* PCERT_CHAIN_PARA;
632
633extern (Windows) alias BOOL function(PCCERT_CONTEXT, void*)
634  PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK;
635
636struct CERT_CHAIN_FIND_BY_ISSUER_PARA {
637    DWORD  cbSize = CERT_CHAIN_FIND_BY_ISSUER_PARA.sizeof;
638    LPCSTR pszUsageIdentifier;
639    DWORD  dwKeySpec;
640    DWORD  dwAcquirePrivateKeyFlags;
641    DWORD  cIssuer;
642    CERT_NAME_BLOB* rgIssuer;
643    PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK pfnFIndCallback;
644    void*  pvFindArg;
645    DWORD* pdwIssuerChainIndex;
646    DWORD* pdwIssuerElementIndex;
647}
648alias CERT_CHAIN_FIND_BY_ISSUER_PARA* PCERT_CHAIN_FIND_BY_ISSUER_PARA;
649/* #endif */
650
651struct CERT_TRUST_STATUS {
652    DWORD dwErrorStatus;
653    DWORD dwInfoStatus;
654}
655alias CERT_TRUST_STATUS* PCERT_TRUST_STATUS;
656
657struct CRL_ENTRY {
658    CRYPT_INTEGER_BLOB SerialNumber;
659    FILETIME           RevocationDate;
660    DWORD              cExtension;
661    PCERT_EXTENSION    rgExtension;
662}
663alias CRL_ENTRY* PCRL_ENTRY;
664
665struct CRL_INFO {
666    DWORD           dwVersion;
667    CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
668    CERT_NAME_BLOB  Issuer;
669    FILETIME        ThisUpdate;
670    FILETIME        NextUpdate;
671    DWORD           cCRLEntry;
672    PCRL_ENTRY      rgCRLEntry;
673    DWORD           cExtension;
674    PCERT_EXTENSION rgExtension;
675}
676alias CRL_INFO* PCRL_INFO;
677
678struct CRL_CONTEXT {
679    DWORD      dwCertEncodingType;
680    BYTE*      pbCrlEncoded;
681    DWORD      cbCrlEncoded;
682    PCRL_INFO  pCrlInfo;
683    HCERTSTORE hCertStore;
684}
685alias CRL_CONTEXT*        PCRL_CONTEXT;
686alias const(CRL_CONTEXT)* PCCRL_CONTEXT;
687
688struct CERT_REVOCATION_CRL_INFO {
689    DWORD         cbSize = CERT_REVOCATION_CRL_INFO.sizeof;
690    PCCRL_CONTEXT pBaseCRLContext;
691    PCCRL_CONTEXT pDeltaCRLContext;
692    PCRL_ENTRY    pCrlEntry;
693    BOOL          fDeltaCrlEntry;
694}
695alias CERT_REVOCATION_CRL_INFO* PCERT_REVOCATION_CRL_INFO;
696
697struct CERT_REVOCATION_INFO {
698    DWORD  cbSize = CERT_REVOCATION_INFO.sizeof;
699    DWORD  dwRevocationResult;
700    LPCSTR pszRevocationOid;
701    LPVOID pvOidSpecificInfo;
702    BOOL   fHasFreshnessTime;
703    DWORD  dwFreshnessTime;
704    PCERT_REVOCATION_CRL_INFO pCrlInfo;
705}
706alias CERT_REVOCATION_INFO* PCERT_REVOCATION_INFO;
707
708/* #if (_WIN32_WINNT>=0x500) */
709struct CERT_CHAIN_ELEMENT {
710    DWORD                 cbSize = CERT_CHAIN_ELEMENT.sizeof;
711    PCCERT_CONTEXT        pCertContext;
712    CERT_TRUST_STATUS     TrustStatus;
713    PCERT_REVOCATION_INFO pRevocationInfo;
714    PCERT_ENHKEY_USAGE    pIssuanceUsage;
715    PCERT_ENHKEY_USAGE    pApplicationUsage;
716}
717alias CERT_CHAIN_ELEMENT* PCERT_CHAIN_ELEMENT;
718/* #endif */
719
720struct CRYPT_ATTRIBUTE {
721    LPSTR            pszObjId;
722    DWORD            cValue;
723    PCRYPT_ATTR_BLOB rgValue;
724}
725alias CRYPT_ATTRIBUTE* PCRYPT_ATTRIBUTE;
726
727struct CTL_ENTRY {
728    CRYPT_DATA_BLOB  SubjectIdentifier;
729    DWORD            cAttribute;
730    PCRYPT_ATTRIBUTE rgAttribute;
731}
732alias CTL_ENTRY* PCTL_ENTRY;
733
734struct CTL_INFO {
735    DWORD              dwVersion;
736    CTL_USAGE          SubjectUsage;
737    CRYPT_DATA_BLOB    ListIdentifier;
738    CRYPT_INTEGER_BLOB SequenceNumber;
739    FILETIME           ThisUpdate;
740    FILETIME           NextUpdate;
741    CRYPT_ALGORITHM_IDENTIFIER SubjectAlgorithm;
742    DWORD              cCTLEntry;
743    PCTL_ENTRY         rgCTLEntry;
744    DWORD              cExtension;
745    PCERT_EXTENSION    rgExtension;
746}
747alias CTL_INFO* PCTL_INFO;
748
749struct CTL_CONTEXT {
750    DWORD      dwMsgAndCertEncodingType;
751    BYTE*      pbCtlEncoded;
752    DWORD      cbCtlEncoded;
753    PCTL_INFO  pCtlInfo;
754    HCERTSTORE hCertStore;
755    HCRYPTMSG  hCryptMsg;
756    BYTE*      pbCtlContent;
757    DWORD      cbCtlContent;
758}
759alias CTL_CONTEXT*        PCTL_CONTEXT;
760alias const(CTL_CONTEXT)* PCCTL_CONTEXT;
761
762struct CERT_TRUST_LIST_INFO {
763    DWORD         cbSize = CERT_TRUST_LIST_INFO.sizeof;
764    PCTL_ENTRY    pCtlEntry;
765    PCCTL_CONTEXT pCtlContext;
766}
767alias CERT_TRUST_LIST_INFO* PCERT_TRUST_LIST_INFO;
768
769struct CERT_SIMPLE_CHAIN {
770    DWORD                 cbSize = CERT_SIMPLE_CHAIN.sizeof;
771    CERT_TRUST_STATUS     TrustStatus;
772    DWORD                 cElement;
773    PCERT_CHAIN_ELEMENT*  rgpElement;
774    PCERT_TRUST_LIST_INFO pTrustListInfo;
775    BOOL                  fHasRevocationFreshnessTime;
776    DWORD                 dwRevocationFreshnessTime;
777}
778alias CERT_SIMPLE_CHAIN* PCERT_SIMPLE_CHAIN;
779
780/* #if (_WIN32_WINNT>=0x500) */
781alias const(CERT_CHAIN_CONTEXT)* PCCERT_CHAIN_CONTEXT;
782struct CERT_CHAIN_CONTEXT {
783    DWORD                 cbSize = CERT_CHAIN_CONTEXT.sizeof;
784    CERT_TRUST_STATUS     TrustStatus;
785    DWORD                 cChain;
786    PCERT_SIMPLE_CHAIN*   rgpChain;
787    DWORD                 cLowerQualityChainContext;
788    PCCERT_CHAIN_CONTEXT* rgpLowerQualityChainContext;
789    BOOL                  fHasRevocationFreshnessTime;
790    DWORD                 dwRevocationFreshnessTime;
791}
792alias CERT_CHAIN_CONTEXT* PCERT_CHAIN_CONTEXT;
793/* #endif */
794
795struct PROV_ENUMALGS {
796    ALG_ID   aiAlgid;
797    DWORD    dwBitLen;
798    DWORD    dwNameLen;
799    CHAR[20] szName = 0;
800}
801
802struct PUBLICKEYSTRUC {
803    BYTE   bType;
804    BYTE   bVersion;
805    WORD   reserved;
806    ALG_ID aiKeyAlg;
807}
808alias PUBLICKEYSTRUC BLOBHEADER;
809
810struct RSAPUBKEY {
811    DWORD magic;
812    DWORD bitlen;
813    DWORD pubexp;
814}
815
816struct HMAC_INFO {
817    ALG_ID HashAlgid;
818    BYTE*  pbInnerString;
819    DWORD  cbInnerString;
820    BYTE*  pbOuterString;
821    DWORD  cbOuterString;
822}
823alias HMAC_INFO* PHMAC_INFO;
824
825extern (Windows) @nogc nothrow {
826    BOOL CertCloseStore(HCERTSTORE, DWORD);
827    BOOL CertGetCertificateChain(HCERTCHAINENGINE, PCCERT_CONTEXT, LPFILETIME,
828      HCERTSTORE, PCERT_CHAIN_PARA, DWORD, LPVOID, PCCERT_CHAIN_CONTEXT*);
829    BOOL CertVerifyCertificateChainPolicy(LPCSTR, PCCERT_CHAIN_CONTEXT,
830      PCERT_CHAIN_POLICY_PARA, PCERT_CHAIN_POLICY_STATUS);
831    void CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT);
832    DWORD CertNameToStrA(DWORD, PCERT_NAME_BLOB, DWORD, LPSTR, DWORD);
833    DWORD CertNameToStrW(DWORD, PCERT_NAME_BLOB, DWORD, LPWSTR, DWORD);
834    HCERTSTORE CertOpenSystemStoreA(HCRYPTPROV, LPCSTR);
835    HCERTSTORE CertOpenSystemStoreW(HCRYPTPROV, LPCWSTR);
836    HCERTSTORE CertOpenStore(LPCSTR, DWORD, HCRYPTPROV, DWORD, const(void)*);
837    PCCERT_CONTEXT CertFindCertificateInStore(HCERTSTORE, DWORD, DWORD, DWORD,
838const(void)*, PCCERT_CONTEXT);
839    BOOL CertFreeCertificateContext(PCCERT_CONTEXT);
840    PCCERT_CONTEXT CertGetIssuerCertificateFromStore(HCERTSTORE,
841      PCCERT_CONTEXT, PCCERT_CONTEXT, DWORD*);
842    PCCERT_CHAIN_CONTEXT CertFindChainInStore(HCERTSTORE, DWORD, DWORD, DWORD,
843const(void)*, PCCERT_CHAIN_CONTEXT);
844
845    BOOL CryptAcquireContextA(HCRYPTPROV*, LPCSTR, LPCSTR, DWORD, DWORD);
846    BOOL CryptAcquireContextW(HCRYPTPROV*, LPCWSTR, LPCWSTR, DWORD, DWORD);
847     BOOL CryptContextAddRef(HCRYPTPROV, DWORD*, DWORD);
848    BOOL CryptReleaseContext(HCRYPTPROV, ULONG_PTR);
849    BOOL CryptGenKey(HCRYPTPROV, ALG_ID, DWORD, HCRYPTKEY*);
850    BOOL CryptDeriveKey(HCRYPTPROV, ALG_ID, HCRYPTHASH, DWORD, HCRYPTKEY*);
851    BOOL CryptDestroyKey(HCRYPTKEY);
852    static if (_WIN32_WINNT >= 0x500) {
853        BOOL CryptDuplicateHash(HCRYPTHASH, DWORD*, DWORD, HCRYPTHASH*);
854        BOOL CryptDuplicateKey(HCRYPTKEY, DWORD*, DWORD, HCRYPTKEY*);
855    }
856    BOOL CryptSetKeyParam(HCRYPTKEY, DWORD, PBYTE, DWORD);
857    BOOL CryptGetKeyParam(HCRYPTKEY, DWORD, PBYTE, PDWORD, DWORD);
858    BOOL CryptSetHashParam(HCRYPTHASH, DWORD, PBYTE, DWORD);
859    BOOL CryptGetHashParam(HCRYPTHASH, DWORD, PBYTE, PDWORD, DWORD);
860    BOOL CryptSetProvParam(HCRYPTPROV, DWORD, PBYTE, DWORD);
861    BOOL CryptGetProvParam(HCRYPTPROV, DWORD, PBYTE, PDWORD, DWORD);
862    BOOL CryptGenRandom(HCRYPTPROV, DWORD, PBYTE);
863    BOOL CryptGetUserKey(HCRYPTPROV, DWORD, HCRYPTKEY*);
864    BOOL CryptExportKey(HCRYPTKEY, HCRYPTKEY, DWORD, DWORD, PBYTE, PDWORD);
865    BOOL CryptImportKey(HCRYPTPROV, PBYTE, DWORD, HCRYPTKEY, DWORD,
866      HCRYPTKEY*);
867    BOOL CryptEncrypt(HCRYPTKEY, HCRYPTHASH, BOOL, DWORD, PBYTE, PDWORD,
868      DWORD);
869    BOOL CryptDecrypt(HCRYPTKEY, HCRYPTHASH, BOOL, DWORD, PBYTE, PDWORD);
870    BOOL CryptCreateHash(HCRYPTPROV, ALG_ID, HCRYPTKEY, DWORD, HCRYPTHASH*);
871    BOOL CryptHashData(HCRYPTHASH, PBYTE, DWORD, DWORD);
872    BOOL CryptHashSessionKey(HCRYPTHASH, HCRYPTKEY, DWORD);
873    BOOL CryptGetHashValue(HCRYPTHASH, DWORD, PBYTE, PDWORD);
874    BOOL CryptDestroyHash(HCRYPTHASH);
875    BOOL CryptSignHashA(HCRYPTHASH, DWORD, LPCSTR, DWORD, PBYTE, PDWORD);
876    BOOL CryptSignHashW(HCRYPTHASH, DWORD, LPCWSTR, DWORD, PBYTE, PDWORD);
877    BOOL CryptVerifySignatureA(HCRYPTHASH, PBYTE, DWORD, HCRYPTKEY, LPCSTR,
878      DWORD);
879    BOOL CryptVerifySignatureW(HCRYPTHASH, PBYTE, DWORD, HCRYPTKEY, LPCWSTR,
880      DWORD);
881    BOOL CryptSetProviderA(LPCSTR, DWORD);
882    BOOL CryptSetProviderW(LPCWSTR, DWORD);
883}
884
885version (Unicode) {
886    alias CertNameToStrW CertNameToStr;
887    alias CryptAcquireContextW CryptAcquireContext;
888    alias CryptSignHashW CryptSignHash;
889    alias CryptVerifySignatureW CryptVerifySignature;
890    alias CryptSetProviderW CryptSetProvider;
891    alias CertOpenSystemStoreW CertOpenSystemStore;
892    /+alias CERT_FIND_SUBJECT_STR_W CERT_FIND_SUBJECT_STR;
893    alias CERT_FIND_ISSUER_STR_W CERT_FIND_ISSUER_STR;+/
894} else {
895    alias CertNameToStrA CertNameToStr;
896    alias CryptAcquireContextA CryptAcquireContext;
897    alias CryptSignHashA CryptSignHash;
898    alias CryptVerifySignatureA CryptVerifySignature;
899    alias CryptSetProviderA CryptSetProvider;
900    alias CertOpenSystemStoreA CertOpenSystemStore;
901    /+alias CERT_FIND_SUBJECT_STR_A CERT_FIND_SUBJECT_STR;
902    alias CERT_FIND_ISSUER_STR_A CERT_FIND_ISSUER_STR;+/
903}
904