From de44ab8d508476103cc2cbdeb149c3e83373eeb4 Mon Sep 17 00:00:00 2001 From: David Hall Date: Thu, 9 May 2019 15:57:55 -0600 Subject: [PATCH] Added ALG_ID and CERT_TRUST_STATUS --- PInvoke/Cryptography/Crypt32/Wincrypt.cs | 425 +++++++++++++++++++++++++++++++ 1 file changed, 425 insertions(+) diff --git a/PInvoke/Cryptography/Crypt32/Wincrypt.cs b/PInvoke/Cryptography/Crypt32/Wincrypt.cs index a949b806..6594288f 100644 --- a/PInvoke/Cryptography/Crypt32/Wincrypt.cs +++ b/PInvoke/Cryptography/Crypt32/Wincrypt.cs @@ -8,12 +8,205 @@ namespace Vanara.PInvoke /// Methods and data types found in Crypt32.dll. public static partial class Crypt32 { + /// + /// The ALG_ID data type specifies an algorithm identifier. Parameters of this data type are passed to most of the functions in CryptoAPI. + /// + public enum ALG_ID : uint + { + /// Triple DES encryption algorithm. + CALG_3DES = 0x00006603, + + /// Two-key triple DES encryption with effective key length equal to 112 bits. + CALG_3DES_112 = 0x00006609, + + /// Advanced Encryption Standard (AES). This algorithm is supported by the Microsoft AES Cryptographic Provider. + CALG_AES = 0x00006611, + + /// 128 bit AES. This algorithm is supported by the Microsoft AES Cryptographic Provider. + CALG_AES_128 = 0x0000660e, + + /// 192 bit AES. This algorithm is supported by the Microsoft AES Cryptographic Provider. + CALG_AES_192 = 0x0000660f, + + /// 256 bit AES. This algorithm is supported by the Microsoft AES Cryptographic Provider. + CALG_AES_256 = 0x00006610, + + /// Temporary algorithm identifier for handles of Diffie-Hellman–agreed keys. + CALG_AGREEDKEY_ANY = 0x0000aa03, + + /// + /// An algorithm to create a 40-bit DES key that has parity bits and zeroed key bits to make its key length 64 bits. This + /// algorithm is supported by the Microsoft Base Cryptographic Provider. + /// + CALG_CYLINK_MEK = 0x0000660c, + + /// DES encryption algorithm. + CALG_DES = 0x00006601, + + /// DESX encryption algorithm. + CALG_DESX = 0x00006604, + + /// Diffie-Hellman ephemeral key exchange algorithm. + CALG_DH_EPHEM = 0x0000aa02, + + /// Diffie-Hellman store and forward key exchange algorithm. + CALG_DH_SF = 0x0000aa01, + + /// DSA public key signature algorithm. + CALG_DSS_SIGN = 0x00002200, + + /// + /// Elliptic curve Diffie-Hellman key exchange algorithm. + /// [!Note] + /// This algorithm is supported only through Cryptography API: Next Generation. + /// Windows Server 2003 and Windows XP: This algorithm is not supported. + /// + CALG_ECDH = 0x0000aa05, + + /// + /// Ephemeral elliptic curve Diffie-Hellman key exchange algorithm. + /// [!Note] + /// This algorithm is supported only through Cryptography API: Next Generation. + /// Windows Server 2003 and Windows XP: This algorithm is not supported. + /// + CALG_ECDH_EPHEM = 0x0000ae06, + + /// + /// Elliptic curve digital signature algorithm. + /// [!Note] + /// This algorithm is supported only through Cryptography API: Next Generation. + /// Windows Server 2003 and Windows XP: This algorithm is not supported. + /// + CALG_ECDSA = 0x00002203, + + /// Elliptic curve Menezes, Qu, and Vanstone (MQV) key exchange algorithm. This algorithm is not supported. + CALG_ECMQV = 0x0000a001, + + /// One way function hashing algorithm. + CALG_HASH_REPLACE_OWF = 0x0000800b, + + /// Hughes MD5 hashing algorithm. + CALG_HUGHES_MD5 = 0x0000a003, + + /// HMAC keyed hash algorithm. This algorithm is supported by the Microsoft Base Cryptographic Provider. + CALG_HMAC = 0x00008009, + + /// KEA key exchange algorithm (FORTEZZA). This algorithm is not supported. + CALG_KEA_KEYX = 0x0000aa04, + + /// MAC keyed hash algorithm. This algorithm is supported by the Microsoft Base Cryptographic Provider. + CALG_MAC = 0x00008005, + + /// MD2 hashing algorithm. This algorithm is supported by the Microsoft Base Cryptographic Provider. + CALG_MD2 = 0x00008001, + + /// MD4 hashing algorithm. + CALG_MD4 = 0x00008002, + + /// MD5 hashing algorithm. This algorithm is supported by the Microsoft Base Cryptographic Provider. + CALG_MD5 = 0x00008003, + + /// No signature algorithm. + CALG_NO_SIGN = 0x00002000, + + /// + /// The algorithm is only implemented in CNG. The macro, IS_SPECIAL_OID_INFO_ALGID, can be used to determine whether a + /// cryptography algorithm is only supported by using the CNG functions. + /// + CALG_OID_INFO_CNG_ONLY = 0xffffffff, + + /// + /// The algorithm is defined in the encoded parameters. The algorithm is only supported by using CNG. The macro, + /// IS_SPECIAL_OID_INFO_ALGID, can be used to determine whether a cryptography algorithm is only supported by using the CNG functions. + /// + CALG_OID_INFO_PARAMETERS = 0xfffffffe, + + /// Used by the Schannel.dll operations system. This ALG_ID should not be used by applications. + CALG_PCT1_MASTER = 0x00004c04, + + /// RC2 block encryption algorithm. This algorithm is supported by the Microsoft Base Cryptographic Provider. + CALG_RC2 = 0x00006602, + + /// RC4 stream encryption algorithm. This algorithm is supported by the Microsoft Base Cryptographic Provider. + CALG_RC4 = 0x00006801, + + /// RC5 block encryption algorithm. + CALG_RC5 = 0x0000660d, + + /// RSA public key exchange algorithm. This algorithm is supported by the Microsoft Base Cryptographic Provider. + CALG_RSA_KEYX = 0x0000a400, + + /// RSA public key signature algorithm. This algorithm is supported by the Microsoft Base Cryptographic Provider. + CALG_RSA_SIGN = 0x00002400, + + /// Used by the Schannel.dll operations system. This ALG_ID should not be used by applications. + CALG_SCHANNEL_ENC_KEY = 0x00004c07, + + /// Used by the Schannel.dll operations system. This ALG_ID should not be used by applications. + CALG_SCHANNEL_MAC_KEY = 0x00004c03, + + /// Used by the Schannel.dll operations system. This ALG_ID should not be used by applications. + CALG_SCHANNEL_MASTER_HASH = 0x00004c02, + + /// SEAL encryption algorithm. This algorithm is not supported. + CALG_SEAL = 0x00006802, + + /// SHA hashing algorithm. This algorithm is supported by the Microsoft Base Cryptographic Provider. + CALG_SHA = 0x00008004, + + /// Same as CALG_SHA. This algorithm is supported by the Microsoft Base Cryptographic Provider. + CALG_SHA1 = 0x00008004, + + /// + /// 256 bit SHA hashing algorithm. This algorithm is supported by Microsoft Enhanced RSA and AES Cryptographic Provider..Windows + /// XP with SP3: This algorithm is supported by the Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype). + /// Windows XP with SP2, Windows XP with SP1 and Windows XP: This algorithm is not supported. + /// + CALG_SHA_256 = 0x0000800c, + + /// + /// 384 bit SHA hashing algorithm. This algorithm is supported by Microsoft Enhanced RSA and AES Cryptographic Provider.Windows + /// XP with SP3: This algorithm is supported by the Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype). + /// Windows XP with SP2, Windows XP with SP1 and Windows XP: This algorithm is not supported. + /// + CALG_SHA_384 = 0x0000800d, + + /// + /// 512 bit SHA hashing algorithm. This algorithm is supported by Microsoft Enhanced RSA and AES Cryptographic Provider.Windows + /// XP with SP3: This algorithm is supported by the Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype). + /// Windows XP with SP2, Windows XP with SP1 and Windows XP: This algorithm is not supported. + /// + CALG_SHA_512 = 0x0000800e, + + /// Skipjack block encryption algorithm (FORTEZZA). This algorithm is not supported. + CALG_SKIPJACK = 0x0000660a, + + /// Used by the Schannel.dll operations system. This ALG_ID should not be used by applications. + CALG_SSL2_MASTER = 0x00004c05, + + /// Used by the Schannel.dll operations system. This ALG_ID should not be used by applications. + CALG_SSL3_MASTER = 0x00004c01, + + /// Used by the Schannel.dll operations system. This ALG_ID should not be used by applications. + CALG_SSL3_SHAMD5 = 0x00008008, + + /// TEK (FORTEZZA). This algorithm is not supported. + CALG_TEK = 0x0000660b, + + /// Used by the Schannel.dll operations system. This ALG_ID should not be used by applications. + CALG_TLS1_MASTER = 0x00004c06, + + /// Used by the Schannel.dll operations system. This ALG_ID should not be used by applications. + CALG_TLS1PRF = 0x0000800a, + } + /// Private key pair type. [PInvokeData("wincrypt.h")] public enum PrivateKeyType { /// Key exchange AT_KEYEXCHANGE = 1, + /// Digital signature AT_SIGNATURE = 2 } @@ -150,6 +343,238 @@ namespace Vanara.PInvoke public CRYPTOAPI_BLOB PublicKey; } + /// + /// The CERT_TRUST_STATUS structure contains trust information about a certificate in a certificate chain, summary trust + /// information about a simple chain of certificates, or summary information about an array of simple chains. + /// + // https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/ns-wincrypt-_cert_trust_status typedef struct _CERT_TRUST_STATUS { + // DWORD dwErrorStatus; DWORD dwInfoStatus; } CERT_TRUST_STATUS, *PCERT_TRUST_STATUS; + [PInvokeData("wincrypt.h", MSDNShortId = "af1e1db2-7b53-4491-8317-4abf3568fb03")] + [StructLayout(LayoutKind.Sequential)] + public struct CERT_TRUST_STATUS + { + /// + /// The following error status codes are defined for certificates and chains. + /// + /// + /// Value + /// Meaning + /// + /// + /// CERT_TRUST_NO_ERROR 0x00000000 + /// No error found for this certificate or chain. + /// + /// + /// CERT_TRUST_IS_NOT_TIME_VALID 0x00000001 + /// This certificate or one of the certificates in the certificate chain is not time valid. + /// + /// + /// CERT_TRUST_IS_REVOKED 0x00000004 + /// Trust for this certificate or one of the certificates in the certificate chain has been revoked. + /// + /// + /// CERT_TRUST_IS_NOT_SIGNATURE_VALID 0x00000008 + /// The certificate or one of the certificates in the certificate chain does not have a valid signature. + /// + /// + /// CERT_TRUST_IS_NOT_VALID_FOR_USAGE 0x00000010 + /// The certificate or certificate chain is not valid for its proposed usage. + /// + /// + /// CERT_TRUST_IS_UNTRUSTED_ROOT 0x00000020 + /// The certificate or certificate chain is based on an untrusted root. + /// + /// + /// CERT_TRUST_REVOCATION_STATUS_UNKNOWN 0x00000040 + /// The revocation status of the certificate or one of the certificates in the certificate chain is unknown. + /// + /// + /// CERT_TRUST_IS_CYCLIC 0x00000080 + /// One of the certificates in the chain was issued by a certification authority that the original certificate had certified. + /// + /// + /// CERT_TRUST_INVALID_EXTENSION 0x00000100 + /// One of the certificates has an extension that is not valid. + /// + /// + /// CERT_TRUST_INVALID_POLICY_CONSTRAINTS 0x00000200 + /// + /// The certificate or one of the certificates in the certificate chain has a policy constraints extension, and one of the issued + /// certificates has a disallowed policy mapping extension or does not have a required issuance policies extension. + /// + /// + /// + /// CERT_TRUST_INVALID_BASIC_CONSTRAINTS 0x00000400 + /// + /// The certificate or one of the certificates in the certificate chain has a basic constraints extension, and either the + /// certificate cannot be used to issue other certificates, or the chain path length has been exceeded. + /// + /// + /// + /// CERT_TRUST_INVALID_NAME_CONSTRAINTS 0x00000800 + /// The certificate or one of the certificates in the certificate chain has a name constraints extension that is not valid. + /// + /// + /// CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT 0x00001000 + /// + /// The certificate or one of the certificates in the certificate chain has a name constraints extension that contains + /// unsupported fields. The minimum and maximum fields are not supported. Thus minimum must always be zero and maximum must + /// always be absent. Only UPN is supported for an Other Name. The following alternative name choices are not supported: + /// + /// + /// + /// CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT 0x00002000 + /// + /// The certificate or one of the certificates in the certificate chain has a name constraints extension and a name constraint is + /// missing for one of the name choices in the end certificate. + /// + /// + /// + /// CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT 0x00004000 + /// + /// The certificate or one of the certificates in the certificate chain has a name constraints extension, and there is not a + /// permitted name constraint for one of the name choices in the end certificate. + /// + /// + /// + /// CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT 0x00008000 + /// + /// The certificate or one of the certificates in the certificate chain has a name constraints extension, and one of the name + /// choices in the end certificate is explicitly excluded. + /// + /// + /// + /// CERT_TRUST_IS_OFFLINE_REVOCATION 0x01000000 + /// + /// The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale. + /// + /// + /// + /// CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY 0x02000000 + /// + /// The end certificate does not have any resultant issuance policies, and one of the issuing certification authority + /// certificates has a policy constraints extension requiring it. + /// + /// + /// + /// CERT_TRUST_IS_EXPLICIT_DISTRUST 0x04000000 + /// The certificate is explicitly distrusted. Windows Vista and Windows Server 2008: Support for this flag begins. + /// + /// + /// CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT 0x08000000 + /// + /// The certificate does not support a critical extension. Windows Vista and Windows Server 2008: Support for this flag begins. + /// + /// + /// + /// CERT_TRUST_HAS_WEAK_SIGNATURE 0x00100000 + /// + /// The certificate has not been strong signed. Typically this indicates that the MD2 or MD5 hashing algorithms were used to + /// create a hash of the certificate. Windows 8 and Windows Server 2012: Support for this flag begins. + /// + /// + /// + /// The following codes are defined for chains only. + /// + /// + /// Value + /// Meaning + /// + /// + /// CERT_TRUST_IS_PARTIAL_CHAIN 0x00010000 + /// The certificate chain is not complete. + /// + /// + /// CERT_TRUST_CTL_IS_NOT_TIME_VALID 0x00020000 + /// A certificate trust list (CTL) used to create this chain was not time valid. + /// + /// + /// CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID 0x00040000 + /// A CTL used to create this chain did not have a valid signature. + /// + /// + /// CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE 0x00080000 + /// A CTL used to create this chain is not valid for this usage. + /// + /// + /// + public uint dwErrorStatus; + + /// + /// The following information status codes are defined. + /// + /// + /// Value + /// Meaning + /// + /// + /// CERT_TRUST_HAS_EXACT_MATCH_ISSUER 0x00000001 + /// An exact match issuer certificate has been found for this certificate. This status code applies to certificates only. + /// + /// + /// CERT_TRUST_HAS_KEY_MATCH_ISSUER 0x00000002 + /// A key match issuer certificate has been found for this certificate. This status code applies to certificates only. + /// + /// + /// CERT_TRUST_HAS_NAME_MATCH_ISSUER 0x00000004 + /// A name match issuer certificate has been found for this certificate. This status code applies to certificates only. + /// + /// + /// CERT_TRUST_IS_SELF_SIGNED 0x00000008 + /// This certificate is self-signed. This status code applies to certificates only. + /// + /// + /// CERT_TRUST_HAS_PREFERRED_ISSUER 0x00000100 + /// The certificate or chain has a preferred issuer. This status code applies to certificates and chains. + /// + /// + /// CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY 0x00000400 + /// An issuance chain policy exists. This status code applies to certificates and chains. + /// + /// + /// CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS 0x00000400 + /// A valid name constraints for all namespaces, including UPN. This status code applies to certificates and chains. + /// + /// + /// CERT_TRUST_IS_PEER_TRUSTED 0x00000800 + /// + /// This certificate is peer trusted. This status code applies to certificates only. Windows Vista and Windows Server 2008: + /// Support for this flag begins. + /// + /// + /// + /// CERT_TRUST_HAS_CRL_VALIDITY_EXTENDED 0x00001000 + /// + /// This certificate's certificate revocation list (CRL) validity has been extended. This status code applies to certificates + /// only. Windows Vista and Windows Server 2008: Support for this flag begins. + /// + /// + /// + /// CERT_TRUST_IS_FROM_EXCLUSIVE_TRUST_STORE 0x00002000 + /// + /// The certificate was found in either a store pointed to by the hExclusiveRoot or hExclusiveTrustedPeople member of the + /// CERT_CHAIN_ENGINE_CONFIG structure. Windows 7 and Windows Server 2008 R2: Support for this flag begins. + /// + /// + /// + /// CERT_TRUST_IS_COMPLEX_CHAIN 0x00010000 + /// The certificate chain created is a complex chain. This status code applies to chains only. + /// + /// + /// CERT_TRUST_IS_CA_TRUSTED 0x00004000 + /// + /// A non-self-signed intermediate CA certificate was found in the store pointed to by the hExclusiveRoot member of the + /// CERT_CHAIN_ENGINE_CONFIG structure. The CA certificate is treated as a trust anchor for the certificate chain. This flag will + /// only be set if the CERT_CHAIN_EXCLUSIVE_ENABLE_CA_FLAG value is set in the dwExclusiveFlags member of the + /// CERT_CHAIN_ENGINE_CONFIG structure. If this flag is set, the CERT_TRUST_IS_SELF_SIGNED and the + /// CERT_TRUST_IS_PARTIAL_CHAINdwErrorStatus flags will not be set. Windows 8 and Windows Server 2012: Support for this flag begins. + /// + /// + /// + /// + public uint dwInfoStatus; + } + /// /// The CRYPT_ALGORITHM_IDENTIFIER structure specifies an algorithm used to encrypt a private key. The structure includes the object /// identifier (OID) of the algorithm and any needed parameters for that algorithm. The parameters contained in its CRYPT_OBJID_BLOB