using System;
using System.Runtime.InteropServices;
using System.Text;
namespace Vanara.PInvoke
{
/// Methods and data types found in NCrypt.dll.
public static partial class NCrypt
{
///
public const int NCRYPT_SSL_MAX_NAME_SIZE = 64;
///
/// The content type that corresponds to this packet, which specifies the higher level protocol used to process the enclosed packet.
///
[PInvokeData("Sslprovider.h", MSDNShortId = "1002158b-1a4f-4461-978f-b221ef6332e0")]
public enum PacketContentType
{
/// Indicates a change in the ciphering strategy.
CT_CHANGE_CIPHER_SPEC = 20,
/// Indicates that the enclosed packet contains an alert.
CT_ALERT = 21,
/// Indicates that the enclosed packet is part of the handshake protocol.
CT_HANDSHAKE = 22,
/// Indicates that the packet contains application data.
CT_APPLICATIONDATA = 23,
}
/// Specifies the type of host for the call.
[PInvokeData("Sslprovider.h")]
public enum SslHost
{
/// Specifies that this is a client call.
NCRYPT_SSL_CLIENT_FLAG = 0x00000001,
/// Specifies that this is a server call.
NCRYPT_SSL_SERVER_FLAG = 0x00000002,
}
/// CNG SSL Provider Cipher Suite Identifiers
[PInvokeData("Sslprovider.h")]
public enum SslProviderCipherSuiteId
{
///
TLS_RSA_WITH_NULL_MD5 = 0x0001,
///
TLS_RSA_WITH_NULL_SHA = 0x0002,
///
TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
///
TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
///
TLS_RSA_WITH_RC4_128_SHA = 0x0005,
///
TLS_RSA_WITH_DES_CBC_SHA = 0x0009,
///
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
///
TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
///
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
///
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
///
TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
///
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
///
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
///
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
///
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
///
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
///
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062,
///
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063,
///
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064,
///
TLS_RSA_WITH_NULL_SHA256 = 0x003B,
///
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
///
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
///
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
///
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
///
TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
///
TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
///
TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
///
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
///
TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
///
TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
///
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xc009,
///
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xc013,
///
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xc00a,
///
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xc014,
///
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
///
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
///
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
///
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
///
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
///
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
///
SSL_CK_RC4_128_WITH_MD5 = 0x010080,
///
SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080,
///
SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080,
///
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080,
///
SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080,
///
SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040,
///
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0,
}
/// CNG SSL Provider Key Type Identifiers
[PInvokeData("Sslprovider.h")]
public enum SslProviderKeyTypeId
{
///
TLS_ECC_P256_CURVE_KEY_TYPE = 23,
///
TLS_ECC_P384_CURVE_KEY_TYPE = 24,
///
TLS_ECC_P521_CURVE_KEY_TYPE = 25
}
/// CNG SSL Provider Protocol Identifiers
[PInvokeData("Sslprovider.h")]
public enum SslProviderProtocolId
{
///
SSL2_PROTOCOL_VERSION = 0x0002,
///
SSL3_PROTOCOL_VERSION = 0x0300,
///
TLS1_PROTOCOL_VERSION = 0x0301,
///
TLS1_0_PROTOCOL_VERSION = TLS1_PROTOCOL_VERSION,
///
TLS1_1_PROTOCOL_VERSION = 0x0302,
///
TLS1_2_PROTOCOL_VERSION = 0x0303,
///
DTLS1_0_PROTOCOL_VERSION = 0xfeff,
}
/// The SslComputeClientAuthHash function computes a hash to use during certificate authentication.
/// The handle of the Secure Sockets Layer protocol (SSL) protocol provider instance.
/// The handle of the master key object.
/// The handle of the hash of the handshake computed so far.
///
/// A pointer to a null-terminated Unicode string that identifies the requested cryptographic algorithm. This can be one of the
/// standard CNG Algorithm Identifiers or the identifier for another registered algorithm.
///
///
/// The address of a buffer that receives the key BLOB. The cbOutput parameter contains the size of this buffer. If this parameter is
/// NULL, this function will place the required size, in bytes, in the DWORD pointed to by the pcbResult parameter.
///
/// The length, in bytes, of the pbOutput buffer.
///
/// A pointer to a DWORD value that specifies the length, in bytes, of the hash written to the pbOutput buffer.
///
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the supplied handles is not valid.
///
///
///
///
///
/// The SslComputeClientAuthHash function computes the hash that is sent in the certificate verification message of the SSL
/// handshake. The hash value is computed by creating a hash that contains the master secret with a hash of all previous handshake
/// messages sent or received. For more information about the SSL handshake sequence, see Description of the Secure Sockets Layer
/// (SSL) Handshake.
///
///
/// The manner in which the hash is computed depends on the protocol and cipher suite used. In addition, the hash depends on the type
/// of client authentication key used; the pszAlgId parameter indicates the type of key used for client authentication.
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslcomputeclientauthhash SECURITY_STATUS WINAPI SslComputeClientAuthHash(
// _In_ NCRYPT_PROV_HANDLE hSslProvider, _In_ NCRYPT_KEY_HANDLE hMasterKey, _In_ NCRYPT_HASH_HANDLE hHandshakeHash, _In_ LPCWSTR
// pszAlgId, _Out_ PBYTE pbOutput, _In_ DWORD cbOutput, _Out_ DWORD *pcbResult, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "f4a12464-8ad6-4bf9-8b6e-49bdf5332b66")]
public static extern HRESULT SslComputeClientAuthHash(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hMasterKey, NCRYPT_HASH_HANDLE hHandshakeHash, [MarshalAs(UnmanagedType.LPWStr)] string pszAlgId, [Out] IntPtr pbOutput, uint cbOutput, out uint pcbResult, uint dwFlags = 0);
///
/// The SslComputeEapKeyBlock function computes the key block used by the Extensible Authentication Protocol (EAP).
///
/// The handle of the Secure Sockets Layer protocol (SSL) protocol provider instance.
/// The handle of the master key object.
///
/// A pointer to a buffer that contains a concatenation of the client_random and server_random values of the SSL session.
///
/// The length, in bytes, of the pbRandoms buffer.
///
/// The address of a buffer that receives the key BLOB. The cbOutput parameter contains the size of this buffer. If this parameter is
/// NULL, this function will place the required size, in bytes, in the DWORD pointed to by the pcbResult parameter.
///
/// The length, in bytes, of the pbOutput buffer.
///
/// A pointer to a DWORD value that specifies the length, in bytes, of the hash written to the pbOutput buffer.
///
/// Set to NCRYPT_SSL_SERVER_FLAG to indicate that this is a server call.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the supplied handles is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslcomputeeapkeyblock SECURITY_STATUS WINAPI SslComputeEapKeyBlock( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _In_ NCRYPT_KEY_HANDLE hMasterKey, _In_ PBYTE pbRandoms, _In_ DWORD cbRandoms, _Out_opt_ PBYTE
// pbOutput, _In_ DWORD cbOutput, _Out_ DWORD *pcbResult, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "0f382668-6fc6-440f-ba61-70b1db0f3987")]
public static extern HRESULT SslComputeEapKeyBlock(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hMasterKey, [In] IntPtr pbRandoms, uint cbRandoms, [Optional] IntPtr pbOutput, uint cbOutput, out uint pcbResult, SslHost dwFlags);
///
/// The SslComputeFinishedHash function computes the hash sent in the finished message of the Secure Sockets Layer protocol
/// (SSL) handshake. For more information about the SSL handshake sequence, see Description of the Secure Sockets Layer (SSL) Handshake.
///
/// The handle of the SSL protocol provider instance.
/// The handle of the master key object.
/// The handle of the hash of the handshake messages.
/// A pointer to a buffer that receives the hash for the finish message.
/// The length, in bytes, of the pbOutput buffer.
///
/// One of the following constants.
///
///
/// Value
/// Meaning
///
/// -
/// NCRYPT_SSL_CLIENT_FLAG 0x00000001
/// Specifies that this is a client call.
///
/// -
/// NCRYPT_SSL_SERVER_FLAG 0x00000002
/// Specifies that this is a server call.
///
///
///
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 2148073510 (0x80090026)
/// One of the supplied handles is not valid.
///
///
///
///
/// The SslComputeFinishedHash function is one of three functions used to generate a hash to use during the SSL handshake.
///
/// -
/// The SslCreateHandshakeHash function is called to obtain a hash handle.
///
/// -
/// The SslHashHandshake function is called any number of times with the hash handle to add data to the hash.
///
/// -
/// The SslComputeFinishedHash function is called with the hash handle to obtain the digest of the hashed data.
///
///
/// The hash value is computed by hashing the master secret with a hash of all previous handshake messages sent or received.
///
/// The value of cbOutput determines the length of the hash data. When the Transport Layer Security protocol (TLS) 1.0 protocol is
/// used, this should always be 12 (bytes). For more information, see The TLS Protocol Version 1.0.
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslcomputefinishedhash SECURITY_STATUS WINAPI SslComputeFinishedHash( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _In_ NCRYPT_KEY_HANDLE hMasterKey, _In_ NCRYPT_HASH_HANDLE hHandshakeHash, _Out_ PBYTE pbOutput,
// _In_ DWORD cbOutput, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "82dfeb1d-c141-40c9-b692-daad78ab6d55")]
public static extern HRESULT SslComputeFinishedHash(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hMasterKey, NCRYPT_HASH_HANDLE hHandshakeHash, [Out] IntPtr pbOutput, uint cbOutput, SslHost dwFlags);
/// The SslCreateClientAuthHash function retrieves a handle to the handshake hash that is used for client authentication.
/// The handle of the Secure Sockets Layer protocol (SSL) protocol provider instance.
/// A pointer to an NCRYPT_HASH_HANDLE variable to receive the hash handle.
/// One of the CNG SSL Provider Protocol Identifier values.
/// One of the CNG SSL Provider Cipher Suite Identifier values.
/// One of the CNG Algorithm Identifiers values.
/// This parameter is reserved for future use and must be set to zero.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// The hSslProvider parameter contains a pointer that is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The phHandshakeHash parameter is set to NULL.
///
/// -
/// NTE_NOT_SUPPORTED 0x80090029L
/// The selected function is not supported in the specified version of the interface.
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// Insufficient memory to allocate buffers.
///
/// -
/// NTE_BAD_FLAGS 0x80090009L
/// The dwFlags parameter must be set to zero.
///
///
///
///
/// The SslCreateClientAuthHash function is called for Transport Layer Security protocol (TLS) 1.2 or later conversations to
/// create hash objects that are used to hash handshake messages. It is called once for each possible hashing algorithm that can be
/// used in the client authentication signature.
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslcreateclientauthhash SECURITY_STATUS WINAPI SslCreateClientAuthHash( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _Out_ NCRYPT_HASH_HANDLE *phHandshakeHash, _In_ DWORD dwProtocol, _In_ DWORD dwCipherSuite, _In_
// LPCWSTR pszHashAlgId, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "55007ce0-4bf1-4605-9b34-2931935762aa")]
public static extern HRESULT SslCreateClientAuthHash(NCRYPT_PROV_HANDLE hSslProvider, out NCRYPT_HASH_HANDLE phHandshakeHash, SslProviderProtocolId dwProtocol, SslProviderCipherSuiteId dwCipherSuite, [MarshalAs(UnmanagedType.LPWStr)] string pszHashAlgId, uint dwFlags = 0);
///
/// The SslCreateEphemeralKey function creates an ephemeral key for use during the authentication that occurs during the
/// Secure Sockets Layer protocol (SSL) handshake.
///
/// The handle of the SSL protocol provider instance.
/// The handle of the ephemeral key.
/// One of the CNG SSL Provider Protocol Identifier values.
/// One of the CNG SSL Provider Cipher Suite Identifier values.
///
/// One of the CNG SSL Provider Key Type Identifier values. Set this parameter to zero for key types that are not elliptic
/// curve cryptography (ECC).
///
/// The length, in bits, of the key.
///
/// A pointer to a buffer to contain parameters for the key that is to be created. If a Diffie-Hellman (ephemeral) key-exchange
/// algorithm (DHE) cipher suite is not used, set the pbParams parameter to NULL and the cbParams parameter to zero.
///
/// The length, in bytes, of the data in the pbParams buffer.
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// There is insufficient memory to allocate the buffer.
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// The hSslProvider handle is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// One of the supplied parameters is not valid.
///
///
///
///
///
/// When using a DHE cipher suite, the internal SSL implementation passes server p and g parameters to the
/// SslCreateEphemeralKey function in the pbParams and cbParams parameters.
///
///
/// The format of the data in the pbParams buffer is the same as that used when setting the BCRYPT_DH_PARAMETERS property, and
/// it starts with a BCRYPT_DH_PARAMETER_HEADER structure.
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslcreateephemeralkey SECURITY_STATUS WINAPI SslCreateEphemeralKey( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _Out_ NCRYPT_KEY_HANDLE *phEphemeralKey, _In_ DWORD dwProtocol, _In_ DWORD dwCipherSuite, _In_
// DWORD dwKeyType, _In_ DWORD dwKeyBitLen, _In_ PBYTE pbParams, _In_ DWORD cbParams, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "faad9b3b-e476-4e61-b978-bcb517ecaeb7")]
public static extern HRESULT SslCreateEphemeralKey(NCRYPT_PROV_HANDLE hSslProvider, out NCRYPT_KEY_HANDLE phEphemeralKey, SslProviderProtocolId dwProtocol, SslProviderCipherSuiteId dwCipherSuite, SslProviderKeyTypeId dwKeyType, uint dwKeyBitLen, [In] IntPtr pbParams, uint cbParams, uint dwFlags = 0);
/// The SslCreateHandshakeHash function obtains a hash handle that is used to hash handshake messages.
/// The handle of the Secure Sockets Layer protocol (SSL) protocol provider instance.
/// A hash handle that can be passed to other SSL provider functions.
/// One of the CNG SSL Provider Protocol Identifier values.
/// One of the CNG SSL Provider Cipher Suite Identifier values.
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// There is insufficient memory to allocate the hash buffer.
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// The hSslProvider handle is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The phHandshakeHash is null.
///
///
///
///
/// The SslCreateHandshakeHash function is one of three functions used to generate a hash to use during the SSL handshake.
///
/// -
/// The SslCreateHandshakeHash function is called to obtain a hash handle.
///
/// -
/// The SslHashHandshake function is called any number of times with the hash handle to add data to the hash.
///
/// -
/// The SslComputeFinishedHash function is called with the hash handle to obtain the digest of the hashed data.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslcreatehandshakehash SECURITY_STATUS WINAPI SslCreateHandshakeHash( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _Out_ NCRYPT_HASH_HANDLE *phHandshakeHash, _In_ DWORD dwProtocol, _In_ DWORD dwCipherSuite, _In_
// DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "31390584-9d23-41d1-8604-b84a5e52ecde")]
public static extern HRESULT SslCreateHandshakeHash(NCRYPT_PROV_HANDLE hSslProvider, out NCRYPT_HASH_HANDLE phHandshakeHash, SslProviderProtocolId dwProtocol, SslProviderCipherSuiteId dwCipherSuite, uint dwFlags = 0);
///
/// The SslDecrementProviderReferenceCount function decrements the references to the Secure Sockets Layer protocol (SSL) provider.
///
/// The handle of the SSL protocol provider instance.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// STATUS_INVALID_HANDLE 0xC0000008L
/// The SSL provider handle is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/ssldecrementproviderreferencecount SECURITY_STATUS WINAPI
// SslDecrementProviderReferenceCount( _In_ NCRYPT_PROV_HANDLE hSslProvider );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "67bfa4b5-c02c-4a76-871d-93f3bf4e3602")]
public static extern HRESULT SslDecrementProviderReferenceCount(NCRYPT_PROV_HANDLE hSslProvider);
/// the SslDecryptPacket function decrypts a single Secure Sockets Layer protocol (SSL) packet.
/// The handle of the SSL protocol provider instance.
/// The handle to the key that is used to decrypt the packet.
/// A pointer to the buffer that contains the packet to be decrypted.
/// The length, in bytes, of the pbInput buffer.
/// A pointer to a buffer to contain the decrypted packet.
/// The length, bytes, of the pbOutput buffer.
/// The number of bytes written to the pbOutput buffer.
/// The sequence number that corresponds to this packet.
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
///
///
/// The length of the packet can be zero, such as when a "HelloRequest" message is decrypted.
// https://docs.microsoft.com/en-us/windows/win32/seccng/ssldecryptpacket SECURITY_STATUS WINAPI SslDecryptPacket( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _Inout_ NCRYPT_KEY_HANDLE hKey, _In_ PBYTE *pbInput, _In_ DWORD cbInput, _Out_ PBYTE pbOutput,
// _In_ DWORD cbOutput, _Out_ DWORD *pcbResult, _In_ ULONGLONG SequenceNumber, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "22a7dd2b-d023-47b9-8f76-1c17c2dd6466")]
public static extern HRESULT SslDecryptPacket(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hKey, ref IntPtr pbInput, uint cbInput, [Out] IntPtr pbOutput, uint cbOutput, out uint pcbResult, ulong SequenceNumber, uint dwFlags = 0);
/// The SslEncryptPacket function encrypts a single Secure Sockets Layer protocol (SSL) packet.
/// The handle of the SSL protocol provider instance.
/// The handle to the key that is used to encrypt the packet.
/// A pointer to the buffer that contains the packet to be encrypted.
/// The length, in bytes, of the pbInput buffer.
/// A pointer to a buffer to receive the encrypted packet.
/// The length, bytes, of the pbOutput buffer.
/// The number of bytes written to the pbOutput buffer.
/// The sequence number that corresponds to this packet.
///
///
/// The content type that corresponds to this packet, which specifies the higher level protocol used to process the enclosed packet.
///
///
///
/// Value
/// Meaning
///
/// -
/// CT_CHANGE_CIPHER_SPEC 20
/// Indicates a change in the ciphering strategy.
///
/// -
/// CT_ALERT 21
/// Indicates that the enclosed packet contains an alert.
///
/// -
/// CT_HANDSHAKE 22
/// Indicates that the enclosed packet is part of the handshake protocol.
///
/// -
/// CT_APPLICATIONDATA 23
/// Indicates that the packet contains application data.
///
///
///
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslencryptpacket SECURITY_STATUS WINAPI SslEncryptPacket( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _Inout_ NCRYPT_KEY_HANDLE hKey, _In_ PBYTE *pbInput, _In_ DWORD cbInput, _Out_ PBYTE pbOutput,
// _In_ DWORD cbOutput, _Out_ DWORD *pcbResult, _In_ ULONGLONG SequenceNumber, _In_ DWORD dwContentType, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "1002158b-1a4f-4461-978f-b221ef6332e0")]
public static extern HRESULT SslEncryptPacket(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hKey, ref IntPtr pbInput, uint cbInput, [Out] IntPtr pbOutput, uint cbOutput, out uint pcbResult, ulong SequenceNumber, PacketContentType dwContentType, uint dwFlags = 0);
///
/// The SslEnumCipherSuites function enumerates the cipher suites supported by a Secure Sockets Layer protocol (SSL) protocol provider.
///
/// The handle of the SSL protocol provider instance.
///
///
/// The handle of a private key. When a private key is specified, SslEnumCipherSuites enumerates the cipher suites that are
/// compatible with the private key. For example, if the private key is a DSS key, then only the DSS_DHE cipher suites are returned.
/// If the private key is an RSA key, but it does not support raw decryption operations, then the SSL2 cipher suites are not returned.
///
/// Set this parameter to NULL when you are not specifying a private key.
///
///
/// A pointer to a NCRYPT_SSL_CIPHER_SUITE structure to receive the address of the next cipher suite in the list.
///
///
/// A pointer to a buffer that indicates the current position in the list of cipher suites.
///
/// Set the pointer to NULL on the first call to SslEnumCipherSuites. On each subsequent call, pass the unmodified
/// value back to SslEnumCipherSuites.
///
/// When there are no more cipher suites available, you should free ppEnumState by calling the SslFreeBuffer function.
///
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// Not enough memory is available to allocate necessary buffers.
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
/// -
/// NTE_NO_MORE_ITEMS 0x8009002AL
/// No additional cipher suites are supported.
///
///
///
///
/// To enumerate all cipher suites supported by the SSL provider, call the SslEnumCipherSuites function in a loop until
/// NTE_NO_MORE_ITEMS is returned.
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslenumciphersuites SECURITY_STATUS WINAPI SslEnumCipherSuites( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _In_opt_ NCRYPT_KEY_HANDLE hPrivateKey, _Out_ NCRYPT_SSL_CIPHER_SUITE **ppCipherSuite, _Inout_
// PVOID *ppEnumState, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "c12bc422-71c9-44f4-abf7-76902b19d3bd")]
public static extern HRESULT SslEnumCipherSuites(NCRYPT_PROV_HANDLE hSslProvider, [Optional] NCRYPT_KEY_HANDLE hPrivateKey, out IntPtr ppCipherSuite, ref IntPtr ppEnumState, uint dwFlags = 0);
///
/// The SslEnumProtocolProviders function returns an array of installed Secure Sockets Layer protocol (SSL) protocol providers.
///
/// A pointer to a DWORD value to receive the number of protocol providers returned.
/// A pointer to a buffer that receives the array of NCryptProviderName structures.
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_BAD_FLAGS 0x80090009L
/// The dwFlags parameter is not zero.
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// Not enough memory is available to allocate necessary buffers.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The pdwProviderCount or ppProviderList parameter is NULL.
///
///
///
///
/// When you have finished using the array of NCryptProviderName structures, call the SslFreeBuffer function to free
/// the array.
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslenumprotocolproviders SECURITY_STATUS WINAPI SslEnumProtocolProviders(
// _Out_ DWORD *pdwProviderCount, _Out_ NCryptProviderName **ppProviderList, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "a61ddcf5-b7e3-40b2-82fc-1cf87eb963ec")]
public static extern HRESULT SslEnumProtocolProviders(out uint pdwProviderCount, out SafeSslBuffer ppProviderList, uint dwFlags = 0);
///
/// The SslExportKey function returns an Secure Sockets Layer protocol (SSL) session key or public ephemeral key into a
/// serialized BLOB.
///
/// The handle of the SSL protocol provider instance.
///
/// The handle of the key to export.
/// When you are not specifying a key, set this parameter to NULL.
///
///
///
/// A null-terminated Unicode string that contains an identifier that specifies the type of BLOB to export. This can be one of the
/// following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// BCRYPT_DH_PUBLIC_BLOB
///
/// Export a Diffie-Hellman public key. The pbOutput buffer receives a BCRYPT_DH_KEY_BLOB structure immediately followed by the key data.
///
///
/// -
/// BCRYPT_ECCPUBLIC_BLOB
///
/// Export an elliptic curve cryptography (ECC) public key. The pbOutput buffer receives a BCRYPT_ECCKEY_BLOB structure immediately
/// followed by the key data.
///
///
/// -
/// BCRYPT_OPAQUE_KEY_BLOB
///
/// Export a symmetric key in a format that is specific to a single cryptographic service provider (CSP). Opaque BLOBs are not
/// transferable and must be imported by using the same cryptographic service provider (CSP) that generated the BLOB.
///
///
/// -
/// BCRYPT_RSAPUBLIC_BLOB
///
/// Export an RSA public key. The pbOutput buffer receives a BCRYPT_RSAKEY_BLOB structure immediately followed by the key data.
///
///
///
///
///
/// The address of a buffer that receives the key BLOB. The cbOutput parameter contains the size of this buffer. If this parameter is
/// NULL, this function will place the required size, in bytes, in the DWORD pointed to by the pcbResult parameter.
///
/// The size, in bytes, of the pbOutput buffer.
///
/// The address of a DWORD variable that receives the number of bytes copied to the pbOutput buffer. If the pbOutput parameter
/// is set to NULL when the function is called, the required size for the pbOutput buffer, in bytes, is returned in the
/// DWORD pointed to by this parameter.
///
/// Reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
///
///
///
///
/// The SslExportKey function facilitates transporting session keys from one process to another as well as exporting the
/// public portion an ephemeral key.
///
///
/// When exporting session keys, the BLOB type is opaque, meaning that the format of the BLOB is irrelevant as long as both the
/// SslExportKey and SslImportKey functions can interpret it.
///
///
/// When exporting the public portion of an ephemeral key the BLOB type must be the appropriate type, such as
/// NCRYPT_DH_PUBLIC_BLOB or NCRYPT_ECCPUBLIC_BLOB.
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslexportkey SECURITY_STATUS WINAPI SslExportKey( _In_ NCRYPT_PROV_HANDLE
// hSslProvider, _In_ NCRYPT_KEY_HANDLE hKey, _In_ LPCWSTR pszBlobType, _Out_opt_ PBYTE pbOutput, _In_ DWORD cbOutput, _Out_ DWORD
// *pcbResult, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "c978e6ac-a535-4625-8598-4aa16484dcad")]
public static extern HRESULT SslExportKey(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hKey, [MarshalAs(UnmanagedType.LPWStr)] string pszBlobType, [Out, Optional] IntPtr pbOutput, uint cbOutput, out uint pcbResult, uint dwFlags = 0);
///
/// Exports keying material per the RFC 5705 standard. This function uses the TLS pseudorandom function to produce a byte buffer of
/// keying material. It takes a reference to the master secret, the disambiguating ASCII label, client and server random values, and
/// optionally the application context data.
///
/// The handle of the TLS protocol provider instance.
/// The handle of the master key object that will be used to create the keying material to br exported.
///
/// a NUL-terminated ASCII label string. Schannel will remove the terminating NUL character before passing it to the pseudorandom function.
///
///
/// A pointer to a buffer that contains a concatenation of the client_random and server_random values of the TLS connection.
///
/// The length, in bytes, of the pbRandoms buffer.
///
/// A pointer to a buffer that contains the application context. If pbContextValue is NULL, cbContextValue must be zero.
///
/// The length, in bytes, of the pbContextValue buffer.
///
/// The address of a buffer that receives the exported keying material. The cbOutput parameter contains the size of this buffer. This
/// value cannot be NULL.
///
/// The length, in bytes, of the pbOutput buffer. Must be greater than zero.
/// Not used. Must be set to zero.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslexportkeyingmaterial SECURITY_STATUS WINAPI SslExportKeyingMaterial( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _In_ NCRYPT_KEY_HANDLE hMasterKey, _In_ PCHAR sLabel, _In_ PBYTE pbRandoms, _In_ DWORD cbRandoms,
// _In_opt_ PBYTE pbContextValue, _In_ WORD cbContextValue, _Out_ PBYTE pbOutput, _In_ DWORD cbOutput, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "19624852-B1A6-4BB4-96AF-0457834DA294")]
public static extern HRESULT SslExportKeyingMaterial(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hMasterKey, [MarshalAs(UnmanagedType.LPStr)] string sLabel, [In] IntPtr pbRandoms, uint cbRandoms, [In, Optional] IntPtr pbContextValue, ushort cbContextValue, [Out] IntPtr pbOutput, uint cbOutput, uint dwFlags = 0);
///
/// The SslFreeBuffer function is used to free memory that was allocated by one of the Secure Sockets Layer protocol (SSL)
/// provider functions.
///
/// A pointer to the memory buffer to be freed.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The pdwProviderCount or ppProviderList parameter is NULL.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslfreebuffer SECURITY_STATUS WINAPI SslFreeBuffer( _In_ PVOID pvInput );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "75a85013-c745-43cb-85b5-e13a2778ec1d")]
public static extern HRESULT SslFreeBuffer(IntPtr pvInput);
/// The SslFreeObject function frees a key, hash, or provider object.
/// The handle of the object to free.
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// An internal handle is not valid.
///
/// -
/// STATUS_INVALID_HANDLE 0xC0000008L
/// The provided handle is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslfreeobject SECURITY_STATUS WINAPI SslFreeObject( _In_ NCRYPT_HANDLE
// hObject, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "73fa0a08-4654-4515-bdb2-9951936b689a")]
public static extern HRESULT SslFreeObject(NCRYPT_HANDLE hObject, uint dwFlags = 0);
/// The SslGenerateMasterKey function computes the Secure Sockets Layer protocol (SSL) master secret key.
/// The handle to the SSL protocol provider instance.
/// The handle to the private key used in the exchange.
/// The handle to the public key used in the exchange.
/// A pointer to the handle to the generated master key.
/// One of the CNG SSL Provider Protocol Identifier values.
/// One of the CNG SSL Provider Cipher Suite Identifier values.
///
/// A pointer to an array of NCryptBuffer buffers that contain information used as part of the key exchange operation. The
/// precise set of buffers is dependent on the protocol and cipher suite that is used. At the minimum, the list will contain buffers
/// that contain the client and server supplied random values.
///
///
/// The address of a buffer that receives the premaster secret encrypted with the public key of the server. The cbOutput parameter
/// contains the size of this buffer. If this parameter is NULL, this function returns the required size, in bytes, in the
/// DWORD pointed to by the pcbResult parameter.
///
/// The size, in bytes, of the pbOutput buffer.
/// A pointer to a DWORD value in which to place number of bytes written to the pbOutput buffer.
///
/// Specifies whether this function is being used for client-side or server-side key exchange.
///
///
/// Value
/// Meaning
///
/// -
/// NCRYPT_SSL_CLIENT_FLAG 0x00000001
/// Specifies a client-side key exchange.
///
/// -
/// NCRYPT_SSL_SERVER_FLAG 0x00000002
/// Specifies a server-side key exchange.
///
///
///
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// Not enough memory is available to allocate necessary buffers.
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The phMasterKey or hPublicKey parameter is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslgeneratemasterkey SECURITY_STATUS WINAPI SslGenerateMasterKey( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _In_ NCRYPT_KEY_HANDLE hPrivateKey, _In_ NCRYPT_KEY_HANDLE hPublicKey, _Out_ NCRYPT_KEY_HANDLE
// *phMasterKey, _In_ DWORD dwProtocol, _In_ DWORD dwCipherSuite, _In_ PNCryptBufferDesc pParameterList, _Out_ PBYTE pbOutput, _In_
// DWORD cbOutput, _Out_ DWORD *pcbResult, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "c9408eb3-711d-42c3-a4ba-e388689da34e")]
public static extern HRESULT SslGenerateMasterKey(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hPrivateKey, NCRYPT_KEY_HANDLE hPublicKey, out NCRYPT_KEY_HANDLE phMasterKey, SslProviderProtocolId dwProtocol, SslProviderCipherSuiteId dwCipherSuite, [In] NCryptBufferDesc pParameterList, [Out] IntPtr pbOutput, uint cbOutput, out uint pcbResult, SslHost dwFlags);
/// The SslGenerateSessionKeys function generates a set of Secure Sockets Layer protocol (SSL) session keys.
/// The handle to the SSL protocol provider instance.
/// The handle to the master key object.
/// A pointer to the returned read key handle.
/// A pointer to the returned write key handle.
///
/// A pointer to an array of NCryptBuffer buffers that contain information used as part of the key exchange operation. The
/// precise set of buffers is dependent on the protocol and cipher suite that is used. At the minimum, the list will contain buffers
/// that contain the client and server supplied random values.
///
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// Not enough memory is available to allocate necessary buffers.
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The phReadKey or phWriteKey parameter is null.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslgeneratesessionkeys SECURITY_STATUS WINAPI SslGenerateSessionKeys( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _In_ NCRYPT_KEY_HANDLE hMasterKey, _Out_ NCRYPT_KEY_HANDLE *phReadKey, _Out_ NCRYPT_KEY_HANDLE
// *phWriteKey, _In_ PNCryptBufferDesc pParameterList, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "88465f30-8591-411e-8618-8a381d4c22e9")]
public static extern HRESULT SslGenerateSessionKeys(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hMasterKey, out NCRYPT_KEY_HANDLE phReadKey, out NCRYPT_KEY_HANDLE phWriteKey, [In] NCryptBufferDesc pParameterList, uint dwFlags = 0);
///
/// The SslGetCipherSuitePRFHashAlgorithm function returns the Cryptography API: Next Generation (CNG) Algorithm Identifier of
/// the hashing algorithm that is used for the Transport Layer Security protocol (TLS) pseudo-random function (PRF) for the input
/// protocol, cipher suite, and key type.
///
/// The handle of the Secure Sockets Layer protocol (SSL) protocol provider instance.
/// One of the CNG SSL Provider Protocol Identifier values.
/// One of the CNG SSL Provider Cipher Suite Identifier values.
///
/// One of the CNG SSL Provider Key Type Identifier values. For key types that are not elliptic curve cryptography (ECC), set
/// this parameter to zero.
///
/// One of the CNG Algorithm Identifiers for the hash that will be used for the TLS PRF.
/// This parameter is reserved for future use and must be set to zero.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// The hSslProvider parameter contains a pointer that is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The szPRFHash parameter is set to NULL.
///
/// -
/// NTE_NOT_SUPPORTED 0x80090029L
/// The selected function is not supported in the specified version of the interface.
///
/// -
/// NTE_BAD_FLAGS 0x80090009L
/// The dwFlags parameter must be set to zero.
///
///
///
///
/// This SslGetCipherSuitePRFHashAlgorithm function is called for TLS 1.2 or later conversations to query the hashing
/// algorithm that will be used in the TLS PRF.
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslgetciphersuiteprfhashalgorithm SECURITY_STATUS WINAPI
// SslGetCipherSuitePRFHashAlgorithm( _In_ NCRYPT_PROV_HANDLE hSslProvider, _In_ DWORD dwProtocol, _In_ DWORD dwCipherSuite, _In_
// DWORD dwKeyType, _Out_ WCHAR szPRFHash[NCRYPT_SSL_MAX_NAME_SIZE], _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "8d20b2da-390e-458e-b122-f5ef3722ad87")]
public static extern HRESULT SslGetCipherSuitePRFHashAlgorithm(NCRYPT_PROV_HANDLE hSslProvider, SslProviderProtocolId dwProtocol, SslProviderCipherSuiteId dwCipherSuite, SslProviderKeyTypeId dwKeyType, [MarshalAs(UnmanagedType.LPWStr)] StringBuilder szPRFHash, uint dwFlags = 0);
///
/// The SslGetKeyProperty function retrieves the value of a named property for a Secure Sockets Layer protocol (SSL) provider
/// key object.
///
/// The handle of the SSL provider.
///
/// A pointer to a null-terminated Unicode string that contains the name of the property to retrieve. This can be one of the
/// predefined Key Storage Property Identifiers or a custom property identifier.
///
///
/// A pointer to a buffer that receives the property value. The caller of the function must free this buffer by calling the
/// SslFreeBuffer function.
///
/// The size, in bytes, of the pbOutput buffer.
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// One of the supplied parameters is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslgetkeyproperty SECURITY_STATUS WINAPI SslGetKeyProperty( _In_
// NCRYPT_KEY_HANDLE hKey, _In_ LPCWSTR pszProperty, _Out_ PBYTE ppbOutput, _Out_ DWORD *pcbOutput, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "01a7e82a-3888-4f96-85a2-e07811f1895e")]
public static extern HRESULT SslGetKeyProperty(NCRYPT_KEY_HANDLE hKey, [MarshalAs(UnmanagedType.LPWStr)] string pszProperty, [Out] IntPtr ppbOutput, out uint pcbOutput, uint dwFlags = 0);
/// The SslGetProviderProperty function retrieves the value of a specified provider property.
/// The handle of the Secure Sockets Layer protocol (SSL) provider for which to retrieve the property.
/// A pointer to a null-terminated Unicode string that contains the name of the property to retrieve.
///
/// The address of a buffer that receives the property value.
/// The caller of the function must free this buffer by calling the SslFreeBuffer function.
///
/// The size, in bytes, of the pbOutput buffer.
///
///
/// The address of a VOID pointer that receives enumeration state information that is used in subsequent calls to this
/// function. This information only has meaning to the SSL provider and is opaque to the caller. The SSL provider uses this
/// information to determine which item is next in the enumeration. If the variable pointed to by this parameter contains
/// NULL, the enumeration is started from the beginning.
///
/// The caller of the function must free this memory by calling the SslFreeBuffer function.
///
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// Not enough memory is available to allocate necessary buffers.
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// The hSslProvider handle is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// One of the supplied parameters is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslgetproviderproperty SECURITY_STATUS WINAPI SslGetProviderProperty( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _In_ LPCWSTR pszProperty, _Out_ PBYTE ppbOutput, _Out_ DWORD *pcbOutput, _Inout_ PVOID
// *ppEnumState, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "69235520-acaa-4ec4-9fd6-4b3297e14376")]
public static extern HRESULT SslGetProviderProperty(NCRYPT_PROV_HANDLE hSslProvider, [MarshalAs(UnmanagedType.LPWStr)] string pszProperty, [Out] IntPtr ppbOutput, out uint pcbOutput, ref IntPtr ppEnumState, uint dwFlags = 0);
/// The SslHashHandshake function returns a handle to the handshake hash.
/// The handle to the Secure Sockets Layer protocol (SSL) protocol provider instance.
/// The handle to the hash object.
/// The address of a buffer that contains the data to be hashed.
/// The size, in bytes, of the pbInput buffer.
/// This parameter is reserved for future use.
/// If the function succeeds, it returns zero.
///
/// The SslHashHandshake function is one of three functions used to generate a hash to use during the SSL handshake.
///
/// -
/// The SslCreateHandshakeHash function is called to obtain a hash handle.
///
/// -
/// The SslHashHandshake function is called any number of times with the hash handle to add data to the hash.
///
/// -
/// The SslComputeFinishedHash function is called with the hash handle to obtain the digest of the hashed data.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslhashhandshake SECURITY_STATUS WINAPI SslHashHandshake( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _Inout_ NCRYPT_HASH_HANDLE hHandshakeHash, _Out_ PBYTE pbInput, _In_ DWORD cbInput, _In_ DWORD
// dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "c0f20084-c863-42cf-afdf-298c5a96eed9")]
public static extern HRESULT SslHashHandshake(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_HASH_HANDLE hHandshakeHash, [Out] IntPtr pbInput, uint cbInput, uint dwFlags = 0);
/// The SslImportKey function imports a key into the Secure Sockets Layer protocol (SSL) protocol provider.
/// The handle to the SSL protocol provider instance.
/// A pointer to the handle of the cryptographic key to receive the imported key.
///
///
/// A null-terminated Unicode string that contains an identifier that specifies the type of BLOB that is contained in the pbInput
/// buffer. This can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// BCRYPT_DH_PUBLIC_BLOB
///
/// Export a Diffie-Hellman public key. The pbOutput buffer receives a BCRYPT_DH_KEY_BLOB structure immediately followed by the key data.
///
///
/// -
/// BCRYPT_ECCPUBLIC_BLOB
///
/// Export an elliptic curve cryptography (ECC) public key. The pbOutput buffer receives a BCRYPT_ECCKEY_BLOB structure immediately
/// followed by the key data.
///
///
/// -
/// BCRYPT_OPAQUE_KEY_BLOB
///
/// Export a symmetric key in a format that is specific to a single cryptographic service provider (CSP). Opaque BLOBs are not
/// transferable and must be imported by using the same CSP that generated the BLOB.
///
///
/// -
/// BCRYPT_RSAPUBLIC_BLOB
///
/// Export an RSA public key. The pbOutput buffer receives a BCRYPT_RSAKEY_BLOB structure immediately followed by the key data.
///
///
///
///
/// A pointer to the buffer that contains the key BLOB.
/// The size, in bytes, of the pbKeyBlob buffer.
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// Not enough memory is available to allocate necessary buffers.
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// The hSslProvider handle is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The phKey parameter is NULL.
///
///
///
///
/// You can use the SslImportKey function to import session keys as a part of the process of transferring session keys from
/// one process to another.
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslimportkey SECURITY_STATUS WINAPI SslImportKey( _In_ NCRYPT_PROV_HANDLE
// hSslProvider, _Out_ NCRYPT_KEY_HANDLE *phKey, _In_ LPCWSTR pszBlobType, _In_ PBYTE pbKeyBlob, _In_ DWORD cbKeyBlob, _In_ DWORD
// dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "42310799-384e-4396-a9d5-5f226ca25a86")]
public static extern HRESULT SslImportKey(NCRYPT_PROV_HANDLE hSslProvider, out NCRYPT_KEY_HANDLE phKey, [MarshalAs(UnmanagedType.LPWStr)] string pszBlobType, [In] IntPtr pbKeyBlob, uint cbKeyBlob, uint dwFlags = 0);
/// The SslImportMasterKey function performs a server-side Secure Sockets Layer protocol (SSL) key exchange operation.
/// The handle to the SSL protocol provider instance.
/// The handle to the private key used in the exchange.
/// A pointer to the handle to receive the master key.
/// One of the CNG SSL Provider Protocol Identifier values.
/// One of the CNG SSL Provider Cipher Suite Identifiers values.
///
/// A pointer to an array of NCryptBuffer buffers that contain information used as part of the key exchange operation. The
/// precise set of buffers is dependent on the protocol and cipher suite that is used. At the minimum, the list will contain buffers
/// that contain the client and server supplied random values.
///
///
/// A pointer to a buffer that contains the encrypted premaster secret key encrypted with the public key of the server.
///
/// The size, in bytes, of the pbEncryptedKey buffer.
/// Set this parameter to NCRYPT_SSL_SERVER_FLAG to indicate that this is a server call.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// Not enough memory is available to allocate necessary buffers.
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The phMasterKey parameter is NULL.
///
///
///
///
/// This function decrypts the premaster secret, computes the SSL master secret, and returns a handle to this object to the caller.
/// This master key can then be used to derive the SSL session key and finish the SSL handshake.
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslimportmasterkey SECURITY_STATUS WINAPI SslImportMasterKey( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _In_ NCRYPT_KEY_HANDLE hPrivateKey, _Out_ NCRYPT_KEY_HANDLE *phMasterKey, _In_ DWORD dwProtocol,
// _In_ DWORD dwCipherSuite, _In_ PNCryptBufferDesc pParameterList, _In_ PBYTE pbEncryptedKey, _In_ DWORD cbEncryptedKey, _In_ DWORD
// dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "052e38ee-658c-47dc-8098-c9a1fd359e1c")]
public static extern HRESULT SslImportMasterKey(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hPrivateKey, out NCRYPT_KEY_HANDLE phMasterKey, SslProviderProtocolId dwProtocol, SslProviderCipherSuiteId dwCipherSuite, [In] NCryptBufferDesc pParameterList, [In] IntPtr pbEncryptedKey, uint cbEncryptedKey, SslHost dwFlags);
///
/// The SslIncrementProviderReferenceCount function increments the reference count to a Secure Sockets Layer protocol (SSL)
/// provider instance.
///
/// The handle to the SSL protocol provider instance.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// The hSslProvider handle is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslincrementproviderreferencecount SECURITY_STATUS WINAPI
// SslIncrementProviderReferenceCount( _In_ NCRYPT_PROV_HANDLE hSslProvider );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "67e7b8b4-b073-4936-b1e0-3fc7c1c011a2")]
public static extern HRESULT SslIncrementProviderReferenceCount(NCRYPT_PROV_HANDLE hSslProvider);
///
/// The SslLookupCipherLengths function returns an NCRYPT_SSL_CIPHER_LENGTHS structure that contains the header and
/// trailer lengths of the input protocol, cipher suite, and key type.
///
/// The handle of the Secure Sockets Layer protocol (SSL) protocol provider instance.
/// One of the CNG SSL Provider Protocol Identifier values.
/// One of the CNG SSL Provider Cipher Suite Identifier values.
///
/// One of the CNG SSL Provider Key Type Identifier values. For key types that are not elliptic curve cryptography (ECC), set
/// this parameter to zero.
///
/// A pointer to a buffer to receive the NCRYPT_SSL_CIPHER_LENGTHS structure.
/// The length, in bytes, of the buffer pointed to by the pCipherLengths parameter.
/// This parameter is reserved for future use and must be set to zero.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// The hSslProvider parameter contains a pointer that is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The pCipherLengths parameter is set to NULL or the buffer length specified by the cbCipherLengths is too short.
///
/// -
/// NTE_BAD_FLAGS 0x80090009L
/// The dwFlags parameter must be set to zero.
///
///
///
///
/// The SslLookupCipherLengths function is called for Transport Layer Security protocol (TLS) 1.1 or later conversations to
/// query the header and trailer lengths for the requested protocol, cipher suite, and key type.
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/ssllookupcipherlengths SECURITY_STATUS WINAPI SslLookupCipherLengths( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _In_ DWORD dwProtocol, _In_ DWORD dwCipherSuite, _In_ DWORD dwKeyType, _Out_
// NCRYPT_SSL_CIPHER_LENGTHS *pCipherLengths, _In_ DWORD cbCipherLengths, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "44d0d803-16d7-4bdf-9638-afbdaf9e1802")]
public static extern HRESULT SslLookupCipherLengths(NCRYPT_PROV_HANDLE hSslProvider, SslProviderProtocolId dwProtocol, SslProviderCipherSuiteId dwCipherSuite, SslProviderKeyTypeId dwKeyType, ref NCRYPT_SSL_CIPHER_LENGTHS pCipherLengths, uint cbCipherLengths, uint dwFlags = 0);
///
/// The SslLookupCipherSuiteInfo function retrieves the cipher suite information for a specified protocol, cipher suite, and
/// key type set.
///
/// The handle to the Secure Sockets Layer protocol (SSL) protocol provider instance.
/// One of the CNG SSL Provider Protocol Identifier values.
/// One of the CNG SSL Provider Cipher Suite Identifiers values.
/// One of the CNG SSL Provider Key Type Identifiers values.
///
/// The address of a buffer that contains a NCRYPT_SSL_CIPHER_SUITE structure in which to write the cipher suite information.
///
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// The hSslProvider handle is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/ssllookupciphersuiteinfo SECURITY_STATUS WINAPI SslLookupCipherSuiteInfo(
// _In_ NCRYPT_PROV_HANDLE hSslProvider, _In_ DWORD dwProtocol, _In_ DWORD dwCipherSuite, _In_ DWORD dwKeyType, _Out_
// NCRYPT_SSL_CIPHER_SUITE *pCipherSuite, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "ab995d9a-48fa-491a-95b1-d15c5b92f1da")]
public static extern HRESULT SslLookupCipherSuiteInfo(NCRYPT_PROV_HANDLE hSslProvider, SslProviderProtocolId dwProtocol, SslProviderCipherSuiteId dwCipherSuite, SslProviderKeyTypeId dwKeyType, out NCRYPT_SSL_CIPHER_SUITE pCipherSuite, uint dwFlags = 0);
/// The SslOpenPrivateKey function opens a handle to a private key.
/// The handle to the Secure Sockets Layer protocol (SSL) protocol provider instance.
///
/// The address of a buffer in which to write the handle to the private key.
/// When you have finished using the key, you should free phPrivateKey by calling the SslFreeObject function.
///
/// The address of the certificate from which to obtain the private key.
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_NO_MEMORY 0x8009000EL
/// Not enough memory is available to allocate necessary buffers.
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// The hSslProvider handle is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The phPrivateKey or pCertContext parameter is NULL.
///
///
///
///
/// The private key obtained is part of a public/private key pair within a certificate. This function merely extracts the private key
/// from the certificate specified by the pCertContext parameter.
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslopenprivatekey SECURITY_STATUS WINAPI SslOpenPrivateKey( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _Out_ NCRYPT_KEY_HANDLE *phPrivateKey, _In_ PCCERT_CONTEXT pCertContext, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "2406be2c-121c-4475-b193-d370a88641da")]
public static extern HRESULT SslOpenPrivateKey(NCRYPT_PROV_HANDLE hSslProvider, out NCRYPT_KEY_HANDLE phPrivateKey, in Crypt32.CERT_CONTEXT pCertContext, uint dwFlags = 0);
///
/// The SslOpenProvider function opens a handle to the specified Secure Sockets Layer protocol (SSL) protocol provider.
///
///
/// The address of an NCRYPT_PROV_HANDLE in which to write the provider handle.
/// When you have finished using the handle, you should free it by calling the SslFreeObject function.
///
///
/// A pointer to a Unicode string that contains the provider name. If the value of this parameter is NULL, a handle to the
/// MS_SCHANNEL_PROVIDER is returned.
///
/// This parameter is reserved for future use, and it must be set to zero.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
/// -
/// NTE_INVALID_PARAMETER 0x80090027L
/// The phSslProvider or ppProviderList parameter is NULL.
///
/// -
/// STATUS_NO_MEMORY 0xC0000017L
/// Not enough memory is available to allocate necessary buffers.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslopenprovider SECURITY_STATUS WINAPI SslOpenProvider( _Out_
// NCRYPT_PROV_HANDLE *phSslProvider, _In_ LPCWSTR pszProviderName, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "0d5c4da3-12d6-4a53-a4d0-f0f174a4c8d8")]
public static extern HRESULT SslOpenProvider(out NCRYPT_PROV_HANDLE phSslProvider, [MarshalAs(UnmanagedType.LPWStr)] string pszProviderName, uint dwFlags = 0);
///
/// The SslSignHash function signs a hash by using the specified private key. The signing process is performed on the server.
///
/// The handle to the Secure Sockets Layer protocol (SSL) protocol provider instance.
/// The handle to the private key to use to sign the hash.
/// A pointer to a buffer that contains the hash to sign.
/// The size, in bytes, of the pbHashValue buffer.
///
/// The address of a buffer that receives the signature of the hash. The cbSignature parameter contains the size of this buffer. To
/// determine the required sized size of the buffer, set the pbSignature parameter to NULL. The required size of the buffer
/// will be returned in the pcbResult parameter.
///
/// The size, in bytes, of the pbSignature buffer.
///
/// A pointer to a value that, upon completion, contains the actual number of bytes written to the pbSignature buffer.
///
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslsignhash SECURITY_STATUS WINAPI SslSignHash( _In_ NCRYPT_PROV_HANDLE
// hSslProvider, _In_ NCRYPT_KEY_HANDLE hPrivateKey, _In_ PBYTE pbHashValue, _In_ DWORD cbHashValue, _Out_ PBYTE pbSignature, _In_
// DWORD cbSignature, _Out_ DWORD *pcbResult, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "25e8ebc5-278d-4d1f-977a-c2fab07b790a")]
public static extern HRESULT SslSignHash(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hPrivateKey, [In] IntPtr pbHashValue, uint cbHashValue, [Out] IntPtr pbSignature, uint cbSignature, out uint pcbResult, uint dwFlags = 0);
///
/// The SslVerifySignature function verifies the specified signature by using the supplied hash and the public key.
///
/// The handle to the Secure Sockets Layer protocol (SSL) protocol provider instance.
/// The handle to the public key.
/// A pointer to a buffer that contains the hash to use to verify the signature.
/// The size, in bytes, of the pbHashValue buffer.
/// A pointer to a buffer that contains the signature to verify.
/// The size, in bytes, of the pbSignature buffer.
/// This parameter is reserved for future use.
///
/// If the function succeeds, it returns zero.
/// If the function fails, it returns a nonzero error value.
/// Possible return codes include, but are not limited to, the following.
///
///
/// Return code/value
/// Description
///
/// -
/// NTE_INVALID_HANDLE 0x80090026L
/// One of the provided handles is not valid.
///
///
///
///
///
/// The SslVerifySignature function is not currently called by Windows. This function is a required part of the SSL Provider
/// interface and should be fully implemented to ensure forward compatibility.
///
///
/// Current implementations of the server side of the Transport Layer Security protocol (TLS) connection call the
/// NCryptVerifySignature function during the client authentication to process the certificate verify message.
///
///
// https://docs.microsoft.com/en-us/windows/win32/seccng/sslverifysignature SECURITY_STATUS WINAPI SslVerifySignature( _In_
// NCRYPT_PROV_HANDLE hSslProvider, _In_ NCRYPT_KEY_HANDLE hPublicKey, _In_ PBYTE pbHashValue, _In_ DWORD cbHashValue, _In_ PBYTE
// pbSignature, _In_ DWORD cbSignature, _In_ DWORD dwFlags );
[DllImport(Lib.Ncrypt, SetLastError = false, ExactSpelling = true)]
[PInvokeData("Sslprovider.h", MSDNShortId = "fa274851-15f2-4be0-9e2f-4cdced36daff")]
public static extern HRESULT SslVerifySignature(NCRYPT_PROV_HANDLE hSslProvider, NCRYPT_KEY_HANDLE hPublicKey, [In] IntPtr pbHashValue, uint cbHashValue, [In] IntPtr pbSignature, uint cbSignature, uint dwFlags = 0);
/// Contains the header and trailer lengths of the input protocol, cipher suite, and key type.
[PInvokeData("Sslprovider.h", MSDNShortId = "44d0d803-16d7-4bdf-9638-afbdaf9e1802")]
[StructLayout(LayoutKind.Sequential)]
public struct NCRYPT_SSL_CIPHER_LENGTHS
{
///
public uint cbLength;
///
public uint dwHeaderLen;
///
public uint dwFixedTrailerLen;
///
public uint dwMaxVariableTrailerLen;
///
public uint dwFlags;
}
/// The cipher suite information for a specified protocol, cipher suite, and key type set.
[PInvokeData("Sslprovider.h", MSDNShortId = "ab995d9a-48fa-491a-95b1-d15c5b92f1da")]
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct NCRYPT_SSL_CIPHER_SUITE
{
///
public SslProviderProtocolId dwProtocol;
///
public SslProviderCipherSuiteId dwCipherSuite;
///
public SslProviderCipherSuiteId dwBaseCipherSuite;
///
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = NCRYPT_SSL_MAX_NAME_SIZE)]
public string szCipherSuite;
///
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = NCRYPT_SSL_MAX_NAME_SIZE)]
public string szCipher;
///
public uint dwCipherLen;
///
public uint dwCipherBlockLen;
///
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = NCRYPT_SSL_MAX_NAME_SIZE)]
public string szHash;
///
public uint dwHashLen;
///
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = NCRYPT_SSL_MAX_NAME_SIZE)]
public string szExchange;
///
public uint dwMinExchangeLen;
///
public uint dwMaxExchangeLen;
///
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = NCRYPT_SSL_MAX_NAME_SIZE)]
public string szCertificate;
///
public SslProviderKeyTypeId dwKeyType;
}
/// Provides a for an SSL buffer that is disposed using .
public class SafeSslBuffer : SafeHANDLE
{
/// Initializes a new instance of the class and assigns an existing handle.
/// An object that represents the pre-existing handle to use.
///
/// to reliably release the handle during the finalization phase; otherwise, (not recommended).
///
public SafeSslBuffer(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// Initializes a new instance of the class.
private SafeSslBuffer() : base() { }
///
protected override bool InternalReleaseHandle() => SslFreeBuffer(handle).Succeeded;
}
}
}