1 /***********************************************************************\
2 *                               wincrypt.d                              *
3 *                                                                       *
4 *                       Windows API header module                       *
5 *                                                                       *
6 *                 Translated from MinGW Windows headers                 *
7 *                           by Stewart Gordon                           *
8 *                                                                       *
9 *                       Placed into public domain                       *
10 \***********************************************************************/
11 module windows.wincrypt;
12 nothrow:
13 private import windows.w32api, windows.winbase, windows.windef;
14 
15 /* FIXME:
16  *	Types of some constants
17  *	Types of macros
18  *	Inits of various "size" and "version" members
19  *	Why are some #ifdefs commented out?
20  */
21 
22 const TCHAR[]
23 	MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0",
24 	MS_ENHANCED_PROV = "Microsoft Enhanced Cryptographic Provider v1.0",
25 	MS_STRONG_PROV = "Microsoft Strong Cryptographic Provider",
26 	MS_DEF_RSA_SIG_PROV = "Microsoft RSA Signature Cryptographic Provider",
27 	MS_DEF_RSA_SCHANNEL_PROV = "Microsoft RSA SChannel Cryptographic Provider",
28 	MS_DEF_DSS_PROV = "Microsoft Base DSS Cryptographic Provider",
29 	MS_DEF_DSS_DH_PROV
30 	  = "Microsoft Base DSS and Diffie-Hellman Cryptographic Provider",
31 	MS_ENH_DSS_DH_PROV
32 	  = "Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider",
33 	MS_DEF_DH_SCHANNEL_PROV = "Microsoft DH SChannel Cryptographic Provider",
34 	MS_SCARD_PROV = "Microsoft Base Smart Card Crypto Provider";
35 
36 static if (_WIN32_WINNT > 0x501) {
37 	const TCHAR[] MS_ENH_RSA_AES_PROV
38 	  = "Microsoft Enhanced RSA and AES Cryptographic Provider";
39 } else static if (_WIN32_WINNT == 0x501) {
40 	const TCHAR[] MS_ENH_RSA_AES_PROV
41 	  = "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)";
42 }
43 
44 ALG_ID GET_ALG_CLASS(ALG_ID x) { return x & 0xE000; }
45 ALG_ID GET_ALG_TYPE (ALG_ID x) { return x & 0x1E00; }
46 ALG_ID GET_ALG_SID  (ALG_ID x) { return x & 0x01FF; }
47 
48 enum : ALG_ID {
49 	ALG_CLASS_ANY           = 0,
50 	ALG_CLASS_SIGNATURE     = 0x2000,
51 	ALG_CLASS_MSG_ENCRYPT   = 0x4000,
52 	ALG_CLASS_DATA_ENCRYPT  = 0x6000,
53 	ALG_CLASS_HASH          = 0x8000,
54 	ALG_CLASS_KEY_EXCHANGE  = 0xA000,
55 	ALG_CLASS_ALL           = 0xE000
56 }
57 
58 enum : ALG_ID {
59 	ALG_TYPE_ANY           = 0,
60 	ALG_TYPE_DSS           = 0x0200,
61 	ALG_TYPE_RSA           = 0x0400,
62 	ALG_TYPE_BLOCK         = 0x0600,
63 	ALG_TYPE_STREAM        = 0x0800,
64 	ALG_TYPE_DH            = 0x0A00,
65 	ALG_TYPE_SECURECHANNEL = 0x0C00
66 }
67 
68 enum : ALG_ID {
69 	ALG_SID_ANY          =  0,
70 	ALG_SID_RSA_ANY      =  0,
71 	ALG_SID_RSA_PKCS,
72 	ALG_SID_RSA_MSATWORK,
73 	ALG_SID_RSA_ENTRUST,
74 	ALG_SID_RSA_PGP,  // =  4
75 	ALG_SID_DSS_ANY      =  0,
76 	ALG_SID_DSS_PKCS,
77 	ALG_SID_DSS_DMS,  // =  2
78 	ALG_SID_DES          =  1,
79 	ALG_SID_3DES         =  3,
80 	ALG_SID_DESX,
81 	ALG_SID_IDEA,
82 	ALG_SID_CAST,
83 	ALG_SID_SAFERSK64,
84 	ALG_SID_SAFERSK128,
85 	ALG_SID_3DES_112,
86 	ALG_SID_SKIPJACK,
87 	ALG_SID_TEK,
88 	ALG_SID_CYLINK_MEK,
89 	ALG_SID_RC5,      // = 13
90 	ALG_SID_RC2          =  2,
91 	ALG_SID_RC4          =  1,
92 	ALG_SID_SEAL         =  2,
93 	ALG_SID_MD2          =  1,
94 	ALG_SID_MD4,
95 	ALG_SID_MD5,
96 	ALG_SID_SHA,
97 	ALG_SID_MAC,
98 	ALG_SID_RIPEMD,
99 	ALG_SID_RIPEMD160,
100 	ALG_SID_SSL3SHAMD5,
101 	ALG_SID_HMAC,
102 	ALG_SID_TLS1PRF,  // = 10
103 	ALG_SID_AES_128      = 14,
104 	ALG_SID_AES_192,
105 	ALG_SID_AES_256,
106 	ALG_SID_AES,      // = 17
107 	ALG_SID_EXAMPLE      = 80
108 }
109 
110 enum : ALG_ID {
111 	CALG_MD2        = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD2,
112 	CALG_MD4        = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD4,
113 	CALG_MD5        = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MD5,
114 	CALG_SHA        = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA,
115 	CALG_SHA1       = CALG_SHA,
116 	CALG_MAC        = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAC,
117 	CALG_3DES       = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | 3,
118 	CALG_CYLINK_MEK = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | 12,
119 	CALG_SKIPJACK   = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | 10,
120 	CALG_KEA_KEYX   = ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_STREAM | ALG_TYPE_DSS | 4,
121 	CALG_RSA_SIGN   = ALG_CLASS_SIGNATURE | ALG_TYPE_RSA | ALG_SID_RSA_ANY,
122 	CALG_DSS_SIGN   = ALG_CLASS_SIGNATURE | ALG_TYPE_DSS | ALG_SID_DSS_ANY,
123 	CALG_RSA_KEYX   = ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_RSA | ALG_SID_RSA_ANY,
124 	CALG_DES        = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_DES,
125 	CALG_RC2        = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_RC2,
126 	CALG_RC4        = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_STREAM | ALG_SID_RC4,
127 	CALG_SEAL       = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_STREAM | ALG_SID_SEAL,
128 	CALG_DH_EPHEM   = ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_STREAM | ALG_TYPE_DSS
129 	                  | ALG_SID_DSS_DMS,
130 	CALG_DESX       = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_DESX,
131 // is undefined ALG_CLASS_DHASH in MinGW - presuming typo
132 	CALG_TLS1PRF    = ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_TLS1PRF,
133 	CALG_AES_128    = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_128,
134 	CALG_AES_192    = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_192,
135 	CALG_AES_256    = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES_256,
136 	CALG_AES        = ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_AES,
137 }
138 
139 enum {
140 	CRYPT_VERIFYCONTEXT = 0xF0000000,
141 }
142 
143 enum {
144 	CRYPT_NEWKEYSET = 8,
145 	CRYPT_DELETEKEYSET = 16,
146 	CRYPT_MACHINE_KEYSET = 32,
147 	CRYPT_SILENT = 64,
148 }
149 
150 enum {
151 	CRYPT_EXPORTABLE = 1,
152 	CRYPT_USER_PROTECTED = 2,
153 	CRYPT_CREATE_SALT = 4,
154 	CRYPT_UPDATE_KEY = 8,
155 }
156 
157 enum {
158 	SIMPLEBLOB = 1,
159 	PUBLICKEYBLOB = 6,
160 	PRIVATEKEYBLOB = 7,
161 	PLAINTEXTKEYBLOB = 8,
162 	OPAQUEKEYBLOB = 9,
163 	PUBLICKEYBLOBEX = 10,
164 	SYMMETRICWRAPKEYBLOB = 11,
165 }
166 
167 enum {
168 	AT_KEYEXCHANGE = 1,
169 	AT_SIGNATURE = 2,
170 }
171 
172 enum {
173 	CRYPT_USERDATA = 1,
174 }
175 
176 enum {
177 	PKCS5_PADDING = 1,
178 }
179 
180 enum {
181 	CRYPT_MODE_CBC = 1,
182 	CRYPT_MODE_ECB = 2,
183 	CRYPT_MODE_OFB = 3,
184 	CRYPT_MODE_CFB = 4,
185 	CRYPT_MODE_CTS = 5,
186 	CRYPT_MODE_CBCI = 6,
187 	CRYPT_MODE_CFBP = 7,
188 	CRYPT_MODE_OFBP = 8,
189 	CRYPT_MODE_CBCOFM = 9,
190 	CRYPT_MODE_CBCOFMI = 10,
191 }
192 
193 enum {
194 	CRYPT_ENCRYPT = 1,
195 	CRYPT_DECRYPT = 2,
196 	CRYPT_EXPORT = 4,
197 	CRYPT_READ = 8,
198 	CRYPT_WRITE = 16,
199 	CRYPT_MAC = 32,
200 }
201 
202 enum {
203 	HP_ALGID = 1,
204 	HP_HASHVAL = 2,
205 	HP_HASHSIZE = 4,
206 	HP_HMAC_INFO = 5,
207 }
208 
209 enum {
210 	CRYPT_FAILED = FALSE,
211 	CRYPT_SUCCEED = TRUE,
212 }
213 
214 bool RCRYPT_SUCCEEDED(BOOL r) { return r==CRYPT_SUCCEED; }
215 bool RCRYPT_FAILED(BOOL r) { return r==CRYPT_FAILED; }
216 
217 enum {
218 	PP_ENUMALGS = 1,
219 	PP_ENUMCONTAINERS = 2,
220 	PP_IMPTYPE = 3,
221 	PP_NAME = 4,
222 	PP_VERSION = 5,
223 	PP_CONTAINER = 6,
224 	PP_CHANGE_PASSWORD	= 7,
225 	PP_KEYSET_SEC_DESCR	= 8,
226 	PP_CERTCHAIN	= 9,
227 	PP_KEY_TYPE_SUBTYPE	= 10,
228 	PP_PROVTYPE	= 16,
229 	PP_KEYSTORAGE	= 17,
230 	PP_APPLI_CERT	= 18,
231 	PP_SYM_KEYSIZE	= 19,
232 	PP_SESSION_KEYSIZE	= 20,
233 	PP_UI_PROMPT	= 21,
234 	PP_ENUMALGS_EX	= 22,
235 	PP_ENUMMANDROOTS = 25,
236 	PP_ENUMELECTROOTS = 26,
237 	PP_KEYSET_TYPE = 27,
238 	PP_ADMIN_PIN = 31,
239 	PP_KEYEXCHANGE_PIN = 32,
240 	PP_SIGNATURE_PIN = 33,
241 	PP_SIG_KEYSIZE_INC = 34,
242 	PP_KEYX_KEYSIZE_INC = 35,
243 	PP_UNIQUE_CONTAINER = 36,
244 	PP_SGC_INFO = 37,
245 	PP_USE_HARDWARE_RNG = 38,
246 	PP_KEYSPEC = 39,
247 	PP_ENUMEX_SIGNING_PROT = 40,
248 }
249 
250 enum {
251 	CRYPT_FIRST = 1,
252 	CRYPT_NEXT = 2,
253 }
254 
255 enum {
256 	CRYPT_IMPL_HARDWARE = 1,
257 	CRYPT_IMPL_SOFTWARE = 2,
258 	CRYPT_IMPL_MIXED = 3,
259 	CRYPT_IMPL_UNKNOWN = 4,
260 }
261 
262 enum {
263 	PROV_RSA_FULL = 1,
264 	PROV_RSA_SIG = 2,
265 	PROV_DSS = 3,
266 	PROV_FORTEZZA = 4,
267 	PROV_MS_MAIL = 5,
268 	PROV_SSL = 6,
269 	PROV_STT_MER = 7,
270 	PROV_STT_ACQ = 8,
271 	PROV_STT_BRND = 9,
272 	PROV_STT_ROOT = 10,
273 	PROV_STT_ISS = 11,
274 	PROV_RSA_SCHANNEL = 12,
275 	PROV_DSS_DH = 13,
276 	PROV_EC_ECDSA_SIG = 14,
277 	PROV_EC_ECNRA_SIG = 15,
278 	PROV_EC_ECDSA_FULL = 16,
279 	PROV_EC_ECNRA_FULL = 17,
280 	PROV_DH_SCHANNEL = 18,
281 	PROV_SPYRUS_LYNKS = 20,
282 	PROV_RNG = 21,
283 	PROV_INTEL_SEC = 22,
284 	PROV_RSA_AES = 24,
285 	MAXUIDLEN = 64,
286 }
287 
288 enum {
289 	CUR_BLOB_VERSION = 2,
290 }
291 
292 enum {
293 	X509_ASN_ENCODING = 1,
294 	PKCS_7_ASN_ENCODING  = 65536,
295 }
296 
297 enum {
298 	CERT_V1 = 0,
299 	CERT_V2 = 1,
300 	CERT_V3 = 2,
301 }
302 
303 enum {
304 	CERT_E_CHAINING = (-2146762486),
305 	CERT_E_CN_NO_MATCH = (-2146762481),
306 	CERT_E_EXPIRED = (-2146762495),
307 	CERT_E_PURPOSE = (-2146762490),
308 	CERT_E_REVOCATION_FAILURE = (-2146762482),
309 	CERT_E_REVOKED = (-2146762484),
310 	CERT_E_ROLE = (-2146762493),
311 	CERT_E_UNTRUSTEDROOT = (-2146762487),
312 	CERT_E_UNTRUSTEDTESTROOT = (-2146762483),
313 	CERT_E_VALIDITYPERIODNESTING = (-2146762494),
314 	CERT_E_WRONG_USAGE = (-2146762480),
315 	CERT_E_PATHLENCONST = (-2146762492),
316 	CERT_E_CRITICAL = (-2146762491),
317 	CERT_E_ISSUERCHAINING = (-2146762489),
318 	CERT_E_MALFORMED = (-2146762488),
319 	CRYPT_E_REVOCATION_OFFLINE = (-2146885613),
320 	CRYPT_E_REVOKED = (-2146885616),
321 	TRUST_E_BASIC_CONSTRAINTS = (-2146869223),
322 	TRUST_E_CERT_SIGNATURE = (-2146869244),
323 	TRUST_E_FAIL = (-2146762485),
324 }
325 
326 enum {
327 	CERT_TRUST_NO_ERROR = 0,
328 	CERT_TRUST_IS_NOT_TIME_VALID = 1,
329 	CERT_TRUST_IS_NOT_TIME_NESTED = 2,
330 	CERT_TRUST_IS_REVOKED = 4,
331 	CERT_TRUST_IS_NOT_SIGNATURE_VALID = 8,
332 	CERT_TRUST_IS_NOT_VALID_FOR_USAGE = 16,
333 	CERT_TRUST_IS_UNTRUSTED_ROOT = 32,
334 	CERT_TRUST_REVOCATION_STATUS_UNKNOWN = 64,
335 	CERT_TRUST_IS_CYCLIC = 128,
336 	CERT_TRUST_IS_PARTIAL_CHAIN = 65536,
337 	CERT_TRUST_CTL_IS_NOT_TIME_VALID = 131072,
338 	CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID = 262144,
339 	CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE = 524288,
340 }
341 
342 enum {
343 	CERT_TRUST_HAS_EXACT_MATCH_ISSUER = 1,
344 	CERT_TRUST_HAS_KEY_MATCH_ISSUER = 2,
345 	CERT_TRUST_HAS_NAME_MATCH_ISSUER = 4,
346 	CERT_TRUST_IS_SELF_SIGNED = 8,
347 	CERT_TRUST_IS_COMPLEX_CHAIN = 65536,
348 }
349 
350 enum {
351 	CERT_CHAIN_POLICY_BASE              = cast(LPCSTR) 1,
352 	CERT_CHAIN_POLICY_AUTHENTICODE      = cast(LPCSTR) 2,
353 	CERT_CHAIN_POLICY_AUTHENTICODE_TS   = cast(LPCSTR) 3,
354 	CERT_CHAIN_POLICY_SSL               = cast(LPCSTR) 4,
355 	CERT_CHAIN_POLICY_BASIC_CONSTRAINTS = cast(LPCSTR) 5,
356 	CERT_CHAIN_POLICY_NT_AUTH           = cast(LPCSTR) 6,
357 }
358 
359 enum {
360 	USAGE_MATCH_TYPE_AND = 0,
361 	USAGE_MATCH_TYPE_OR = 1,
362 }
363 
364 enum {
365 	CERT_SIMPLE_NAME_STR = 1,
366 	CERT_OID_NAME_STR = 2,
367 	CERT_X500_NAME_STR = 3,
368 }
369 enum {
370 	CERT_NAME_STR_SEMICOLON_FLAG = 1073741824,
371 	CERT_NAME_STR_CRLF_FLAG = 134217728,
372 	CERT_NAME_STR_NO_PLUS_FLAG = 536870912,
373 	CERT_NAME_STR_NO_QUOTING_FLAG = 268435456,
374 	CERT_NAME_STR_REVERSE_FLAG = 33554432,
375 	CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG = 131072,
376 }
377 
378 enum {
379 	CERT_FIND_ANY = 0,
380 	CERT_FIND_CERT_ID = 1048576,
381 	CERT_FIND_CTL_USAGE = 655360,
382 	CERT_FIND_ENHKEY_USAGE = 655360,
383 	CERT_FIND_EXISTING = 851968,
384 	CERT_FIND_HASH = 65536,
385 	CERT_FIND_ISSUER_ATTR = 196612,
386 	CERT_FIND_ISSUER_NAME = 131076,
387 	CERT_FIND_ISSUER_OF = 786432,
388 	CERT_FIND_KEY_IDENTIFIER = 983040,
389 	CERT_FIND_KEY_SPEC = 589824,
390 	CERT_FIND_MD5_HASH = 262144,
391 	CERT_FIND_PROPERTY = 327680,
392 	CERT_FIND_PUBLIC_KEY = 393216,
393 	CERT_FIND_SHA1_HASH = 65536,
394 	CERT_FIND_SIGNATURE_HASH = 917504,
395 	CERT_FIND_SUBJECT_ATTR = 196615,
396 	CERT_FIND_SUBJECT_CERT = 720896,
397 	CERT_FIND_SUBJECT_NAME = 131079,
398 	CERT_FIND_SUBJECT_STR_A = 458759,
399 	CERT_FIND_SUBJECT_STR_W = 524295,
400 	CERT_FIND_ISSUER_STR_A = 458756,
401 	CERT_FIND_ISSUER_STR_W = 524292,
402 }
403 
404 enum {
405 	CERT_FIND_OR_ENHKEY_USAGE_FLAG = 16,
406 	CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG  = 1,
407 	CERT_FIND_NO_ENHKEY_USAGE_FLAG  = 8,
408 	CERT_FIND_VALID_ENHKEY_USAGE_FLAG  = 32,
409 	CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG  = 2,
410 }
411 
412 enum {
413 	CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG  = 2,
414 	CERT_UNICODE_IS_RDN_ATTRS_FLAG = 1,
415 	CERT_CHAIN_FIND_BY_ISSUER = 1,
416 }
417 
418 enum {
419 	CERT_CHAIN_FIND_BY_ISSUER_COMPARE_KEY_FLAG = 1,
420 	CERT_CHAIN_FIND_BY_ISSUER_COMPLEX_CHAIN_FLAG = 2,
421 	CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG = 4,
422 	CERT_CHAIN_FIND_BY_ISSUER_LOCAL_MACHINE_FLAG = 8,
423 	CERT_CHAIN_FIND_BY_ISSUER_NO_KEY_FLAG = 16384,
424 	CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG = 32768,
425 }
426 
427 enum {
428 	CERT_STORE_PROV_SYSTEM = 10,
429 	CERT_SYSTEM_STORE_LOCAL_MACHINE = 131072,
430 }
431 
432 enum {
433 	szOID_PKIX_KP_SERVER_AUTH = "4235600",
434 	szOID_SERVER_GATED_CRYPTO = "4235658",
435 	szOID_SGC_NETSCAPE = "2.16.840.1.113730.4.1",
436 	szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2",
437 }
438 
439 enum {
440 	CRYPT_NOHASHOID = 0x00000001,
441 	CRYPT_NO_SALT = 0x10,
442 	CRYPT_PREGEN = 0x40,
443 }
444 
445 enum {
446 	CRYPT_RECIPIENT = 0x10,
447 	CRYPT_INITIATOR = 0x40,
448 	CRYPT_ONLINE = 0x80,
449 	CRYPT_SF = 0x100,
450 	CRYPT_CREATE_IV = 0x200,
451 	CRYPT_KEK = 0x400,
452 	CRYPT_DATA_KEY = 0x800,
453 	CRYPT_VOLATILE = 0x1000,
454 	CRYPT_SGCKEY = 0x2000,
455 }
456 
457 enum {
458 	KP_IV               = 0x00000001,
459 	KP_SALT             = 0x00000002,
460 	KP_PADDING          = 0x00000003,
461 	KP_MODE             = 0x00000004,
462 	KP_MODE_BITS        = 0x00000005,
463 	KP_PERMISSIONS      = 0x00000006,
464 	KP_ALGID            = 0x00000007,
465 	KP_BLOCKLEN         = 0x00000008,
466 	KP_KEYLEN           = 0x00000009,
467 	KP_SALT_EX          = 0x0000000a,
468 	KP_P                = 0x0000000b,
469 	KP_G                = 0x0000000c,
470 	KP_Q                = 0x0000000d,
471 	KP_X                = 0x0000000e,
472 	KP_Y                = 0x0000000f,
473 	KP_RA               = 0x00000010,
474 	KP_RB               = 0x00000011,
475 	KP_INFO             = 0x00000012,
476 	KP_EFFECTIVE_KEYLEN = 0x00000013,
477 	KP_SCHANNEL_ALG     = 0x00000014,
478 	KP_PUB_PARAMS       = 0x00000027,
479 }
480 
481 enum {
482 	CRYPT_FLAG_PCT1    = 0x0001,
483 	CRYPT_FLAG_SSL2    = 0x0002,
484 	CRYPT_FLAG_SSL3    = 0x0004,
485 	CRYPT_FLAG_TLS1    = 0x0008,
486 	CRYPT_FLAG_IPSEC   = 0x0010,
487 	CRYPT_FLAG_SIGNING = 0x0020,
488 }
489 
490 enum {
491 	SCHANNEL_MAC_KEY    = 0x00000000,
492 	SCHANNEL_ENC_KEY    = 0x00000001,
493 }
494 
495 enum {
496 	INTERNATIONAL_USAGE = 0x00000001,
497 }
498 
499 
500 alias UINT ALG_ID;
501 alias ULONG HCRYPTPROV, HCRYPTKEY, HCRYPTHASH;
502 alias PVOID HCERTSTORE, HCRYPTMSG, HCERTCHAINENGINE;
503 
504 struct VTableProvStruc {
505 	FARPROC FuncVerifyImage;
506 }
507 alias VTableProvStruc* PVTableProvStruc;
508 
509 struct _CRYPTOAPI_BLOB {
510 	DWORD cbData;
511 	BYTE* pbData;
512 }
513 alias _CRYPTOAPI_BLOB CRYPT_INTEGER_BLOB, CRYPT_UINT_BLOB,
514   CRYPT_OBJID_BLOB, CERT_NAME_BLOB, CERT_RDN_VALUE_BLOB, CERT_BLOB,
515   CRL_BLOB, DATA_BLOB, CRYPT_DATA_BLOB, CRYPT_HASH_BLOB,
516   CRYPT_DIGEST_BLOB, CRYPT_DER_BLOB, CRYPT_ATTR_BLOB;
517 alias _CRYPTOAPI_BLOB* PCRYPT_INTEGER_BLOB, PCRYPT_UINT_BLOB,
518   PCRYPT_OBJID_BLOB, PCERT_NAME_BLOB, PCERT_RDN_VALUE_BLOB, PCERT_BLOB,
519   PCRL_BLOB, PDATA_BLOB, PCRYPT_DATA_BLOB, PCRYPT_HASH_BLOB,
520   PCRYPT_DIGEST_BLOB, PCRYPT_DER_BLOB, PCRYPT_ATTR_BLOB;
521 
522 // not described in SDK; has the same layout as HTTPSPolicyCallbackData
523 struct SSL_EXTRA_CERT_CHAIN_POLICY_PARA {
524 	DWORD  cbStruct;
525 	DWORD  dwAuthType;
526 	DWORD  fdwChecks;
527 	LPWSTR pwszServerName;
528 }
529 alias SSL_EXTRA_CERT_CHAIN_POLICY_PARA HTTPSPolicyCallbackData;
530 alias SSL_EXTRA_CERT_CHAIN_POLICY_PARA* PSSL_EXTRA_CERT_CHAIN_POLICY_PARA,
531   PHTTPSPolicyCallbackData;
532 
533 /* #if (_WIN32_WINNT>=0x500) */
534 struct CERT_CHAIN_POLICY_PARA {
535 	DWORD cbSize = CERT_CHAIN_POLICY_PARA.sizeof;
536 	DWORD dwFlags;
537 	void* pvExtraPolicyPara;
538 }
539 alias CERT_CHAIN_POLICY_PARA* PCERT_CHAIN_POLICY_PARA;
540 
541 struct CERT_CHAIN_POLICY_STATUS {
542 	DWORD cbSize = CERT_CHAIN_POLICY_STATUS.sizeof;
543 	DWORD dwError;
544 	LONG  lChainIndex;
545 	LONG  lElementIndex;
546 	void* pvExtraPolicyStatus;
547 }
548 alias CERT_CHAIN_POLICY_STATUS* PCERT_CHAIN_POLICY_STATUS;
549 /* #endif */
550 
551 struct CRYPT_ALGORITHM_IDENTIFIER {
552 	LPSTR pszObjId;
553 	CRYPT_OBJID_BLOB Parameters;
554 }
555 alias CRYPT_ALGORITHM_IDENTIFIER* PCRYPT_ALGORITHM_IDENTIFIER;
556 
557 struct CRYPT_BIT_BLOB {
558 	DWORD cbData;
559 	BYTE* pbData;
560 	DWORD cUnusedBits;
561 }
562 alias CRYPT_BIT_BLOB* PCRYPT_BIT_BLOB;
563 
564 struct CERT_PUBLIC_KEY_INFO {
565 	CRYPT_ALGORITHM_IDENTIFIER Algorithm;
566 	CRYPT_BIT_BLOB             PublicKey;
567 }
568 alias CERT_PUBLIC_KEY_INFO* PCERT_PUBLIC_KEY_INFO;
569 
570 struct CERT_EXTENSION {
571 	LPSTR            pszObjId;
572 	BOOL             fCritical;
573 	CRYPT_OBJID_BLOB Value;
574 }
575 alias CERT_EXTENSION* PCERT_EXTENSION;
576 
577 struct CERT_INFO {
578 	DWORD dwVersion;
579 	CRYPT_INTEGER_BLOB SerialNumber;
580 	CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
581 	CERT_NAME_BLOB Issuer;
582 	FILETIME NotBefore;
583 	FILETIME NotAfter;
584 	CERT_NAME_BLOB Subject;
585 	CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo;
586 	CRYPT_BIT_BLOB IssuerUniqueId;
587 	CRYPT_BIT_BLOB SubjectUniqueId;
588 	DWORD cExtension;
589 	PCERT_EXTENSION rgExtension;
590 }
591 alias CERT_INFO* PCERT_INFO;
592 
593 struct CERT_CONTEXT {
594 	DWORD      dwCertEncodingType;
595 	BYTE*      pbCertEncoded;
596 	DWORD      cbCertEncoded;
597 	PCERT_INFO pCertInfo;
598 	HCERTSTORE hCertStore;
599 }
600 alias CERT_CONTEXT*        PCERT_CONTEXT;
601 alias const(CERT_CONTEXT)* PCCERT_CONTEXT;
602 
603 struct CTL_USAGE {
604 	DWORD  cUsageIdentifier;
605 	LPSTR* rgpszUsageIdentifier;
606 }
607 alias CTL_USAGE CERT_ENHKEY_USAGE;
608 alias CTL_USAGE* PCTRL_USAGE, PCERT_ENHKEY_USAGE;
609 
610 struct CERT_USAGE_MATCH {
611 	DWORD             dwType;
612 	CERT_ENHKEY_USAGE Usage;
613 }
614 alias CERT_USAGE_MATCH* PCERT_USAGE_MATCH;
615 /* #if (_WIN32_WINNT>=0x500) */
616 
617 struct CERT_CHAIN_PARA {
618 	DWORD            cbSize = CERT_CHAIN_PARA.sizeof;
619 	CERT_USAGE_MATCH RequestedUsage;
620 //#if CERT_CHAIN_PARA_HAS_EXTRA_FIELDS
621 	CERT_USAGE_MATCH RequestedIssuancePolicy;
622 	DWORD            dwUrlRetrievalTimeout;
623 	BOOL             fCheckRevocationFreshnessTime;
624 	DWORD            dwRevocationFreshnessTime;
625 //#endif
626 }
627 alias CERT_CHAIN_PARA* PCERT_CHAIN_PARA;
628 
629 extern (Windows) alias BOOL function(PCCERT_CONTEXT, void*)
630   PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK;
631 
632 struct CERT_CHAIN_FIND_BY_ISSUER_PARA {
633 	DWORD  cbSize = CERT_CHAIN_FIND_BY_ISSUER_PARA.sizeof;
634 	LPCSTR pszUsageIdentifier;
635 	DWORD  dwKeySpec;
636 	DWORD  dwAcquirePrivateKeyFlags;
637 	DWORD  cIssuer;
638 	CERT_NAME_BLOB* rgIssuer;
639 	PFN_CERT_CHAIN_FIND_BY_ISSUER_CALLBACK pfnFIndCallback;
640 	void*  pvFindArg;
641 	DWORD* pdwIssuerChainIndex;
642 	DWORD* pdwIssuerElementIndex;
643 }
644 alias CERT_CHAIN_FIND_BY_ISSUER_PARA* PCERT_CHAIN_FIND_BY_ISSUER_PARA;
645 /* #endif */
646 
647 struct CERT_TRUST_STATUS {
648 	DWORD dwErrorStatus;
649 	DWORD dwInfoStatus;
650 }
651 alias CERT_TRUST_STATUS* PCERT_TRUST_STATUS;
652 
653 struct CRL_ENTRY {
654 	CRYPT_INTEGER_BLOB SerialNumber;
655 	FILETIME           RevocationDate;
656 	DWORD              cExtension;
657 	PCERT_EXTENSION    rgExtension;
658 }
659 alias CRL_ENTRY* PCRL_ENTRY;
660 
661 struct CRL_INFO {
662 	DWORD           dwVersion;
663 	CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
664 	CERT_NAME_BLOB  Issuer;
665 	FILETIME        ThisUpdate;
666 	FILETIME        NextUpdate;
667 	DWORD           cCRLEntry;
668 	PCRL_ENTRY      rgCRLEntry;
669 	DWORD           cExtension;
670 	PCERT_EXTENSION rgExtension;
671 }
672 alias CRL_INFO* PCRL_INFO;
673 
674 struct CRL_CONTEXT {
675 	DWORD      dwCertEncodingType;
676 	BYTE*      pbCrlEncoded;
677 	DWORD      cbCrlEncoded;
678 	PCRL_INFO  pCrlInfo;
679 	HCERTSTORE hCertStore;
680 }
681 alias CRL_CONTEXT*        PCRL_CONTEXT;
682 alias const(CRL_CONTEXT)* PCCRL_CONTEXT;
683 
684 struct CERT_REVOCATION_CRL_INFO {
685 	DWORD         cbSize = CERT_REVOCATION_CRL_INFO.sizeof;
686 	PCCRL_CONTEXT pBaseCRLContext;
687 	PCCRL_CONTEXT pDeltaCRLContext;
688 	PCRL_ENTRY    pCrlEntry;
689 	BOOL          fDeltaCrlEntry;
690 }
691 alias CERT_REVOCATION_CRL_INFO* PCERT_REVOCATION_CRL_INFO;
692 
693 struct CERT_REVOCATION_INFO {
694 	DWORD  cbSize = CERT_REVOCATION_INFO.sizeof;
695 	DWORD  dwRevocationResult;
696 	LPCSTR pszRevocationOid;
697 	LPVOID pvOidSpecificInfo;
698 	BOOL   fHasFreshnessTime;
699 	DWORD  dwFreshnessTime;
700 	PCERT_REVOCATION_CRL_INFO pCrlInfo;
701 }
702 alias CERT_REVOCATION_INFO* PCERT_REVOCATION_INFO;
703 
704 /* #if (_WIN32_WINNT>=0x500) */
705 struct CERT_CHAIN_ELEMENT {
706 	DWORD                 cbSize = CERT_CHAIN_ELEMENT.sizeof;
707 	PCCERT_CONTEXT        pCertContext;
708 	CERT_TRUST_STATUS     TrustStatus;
709 	PCERT_REVOCATION_INFO pRevocationInfo;
710 	PCERT_ENHKEY_USAGE    pIssuanceUsage;
711 	PCERT_ENHKEY_USAGE    pApplicationUsage;
712 }
713 alias CERT_CHAIN_ELEMENT* PCERT_CHAIN_ELEMENT;
714 /* #endif */
715 
716 struct CRYPT_ATTRIBUTE {
717 	LPSTR            pszObjId;
718 	DWORD            cValue;
719 	PCRYPT_ATTR_BLOB rgValue;
720 }
721 alias CRYPT_ATTRIBUTE* PCRYPT_ATTRIBUTE;
722 
723 struct CRYPTPROTECT_PROMPTSTRUCT {
724   DWORD   cbSize;
725   DWORD   dwPromptFlags;
726   HWND    hwndApp;
727   LPCWSTR szPrompt;
728 } 
729 alias CRYPTPROTECT_PROMPTSTRUCT* PCRYPTPROTECT_PROMPTSTRUCT;
730 
731 struct CTL_ENTRY {
732 	CRYPT_DATA_BLOB  SubjectIdentifier;
733 	DWORD            cAttribute;
734 	PCRYPT_ATTRIBUTE rgAttribute;
735 }
736 alias CTL_ENTRY* PCTL_ENTRY;
737 
738 struct CTL_INFO {
739 	DWORD              dwVersion;
740 	CTL_USAGE          SubjectUsage;
741 	CRYPT_DATA_BLOB    ListIdentifier;
742 	CRYPT_INTEGER_BLOB SequenceNumber;
743 	FILETIME           ThisUpdate;
744 	FILETIME           NextUpdate;
745 	CRYPT_ALGORITHM_IDENTIFIER SubjectAlgorithm;
746 	DWORD              cCTLEntry;
747 	PCTL_ENTRY         rgCTLEntry;
748 	DWORD              cExtension;
749 	PCERT_EXTENSION    rgExtension;
750 }
751 alias CTL_INFO* PCTL_INFO;
752 
753 struct CTL_CONTEXT {
754 	DWORD      dwMsgAndCertEncodingType;
755 	BYTE*      pbCtlEncoded;
756 	DWORD      cbCtlEncoded;
757 	PCTL_INFO  pCtlInfo;
758 	HCERTSTORE hCertStore;
759 	HCRYPTMSG  hCryptMsg;
760 	BYTE*      pbCtlContent;
761 	DWORD      cbCtlContent;
762 }
763 alias CTL_CONTEXT*        PCTL_CONTEXT;
764 alias const(CTL_CONTEXT)* PCCTL_CONTEXT;
765 
766 struct CERT_TRUST_LIST_INFO {
767 	DWORD         cbSize = CERT_TRUST_LIST_INFO.sizeof;
768 	PCTL_ENTRY    pCtlEntry;
769 	PCCTL_CONTEXT pCtlContext;
770 }
771 alias CERT_TRUST_LIST_INFO* PCERT_TRUST_LIST_INFO;
772 
773 struct CERT_SIMPLE_CHAIN {
774 	DWORD                 cbSize = CERT_SIMPLE_CHAIN.sizeof;
775 	CERT_TRUST_STATUS     TrustStatus;
776 	DWORD                 cElement;
777 	PCERT_CHAIN_ELEMENT*  rgpElement;
778 	PCERT_TRUST_LIST_INFO pTrustListInfo;
779 	BOOL                  fHasRevocationFreshnessTime;
780 	DWORD                 dwRevocationFreshnessTime;
781 }
782 alias CERT_SIMPLE_CHAIN* PCERT_SIMPLE_CHAIN;
783 
784 /* #if (_WIN32_WINNT>=0x500) */
785 alias const(CERT_CHAIN_CONTEXT)* PCCERT_CHAIN_CONTEXT;
786 struct CERT_CHAIN_CONTEXT {
787 	DWORD                 cbSize = CERT_CHAIN_CONTEXT.sizeof;
788 	CERT_TRUST_STATUS     TrustStatus;
789 	DWORD                 cChain;
790 	PCERT_SIMPLE_CHAIN*   rgpChain;
791 	DWORD                 cLowerQualityChainContext;
792 	PCCERT_CHAIN_CONTEXT* rgpLowerQualityChainContext;
793 	BOOL                  fHasRevocationFreshnessTime;
794 	DWORD                 dwRevocationFreshnessTime;
795 }
796 alias CERT_CHAIN_CONTEXT* PCERT_CHAIN_CONTEXT;
797 /* #endif */
798 
799 struct PROV_ENUMALGS {
800 	ALG_ID   aiAlgid;
801 	DWORD    dwBitLen;
802 	DWORD    dwNameLen;
803 	CHAR[20] szName;
804 }
805 
806 struct PUBLICKEYSTRUC {
807 	BYTE   bType;
808 	BYTE   bVersion;
809 	WORD   reserved;
810 	ALG_ID aiKeyAlg;
811 }
812 alias PUBLICKEYSTRUC BLOBHEADER;
813 
814 struct RSAPUBKEY {
815 	DWORD magic;
816 	DWORD bitlen;
817 	DWORD pubexp;
818 }
819 
820 struct HMAC_INFO {
821 	ALG_ID HashAlgid;
822 	BYTE*  pbInnerString;
823 	DWORD  cbInnerString;
824 	BYTE*  pbOuterString;
825 	DWORD  cbOuterString;
826 }
827 alias HMAC_INFO* PHMAC_INFO;
828 
829 extern (Windows) {
830 	BOOL CertCloseStore(HCERTSTORE, DWORD);
831 	BOOL CertGetCertificateChain(HCERTCHAINENGINE, PCCERT_CONTEXT, LPFILETIME,
832 	  HCERTSTORE, PCERT_CHAIN_PARA, DWORD, LPVOID, PCCERT_CHAIN_CONTEXT*);
833 	BOOL CertVerifyCertificateChainPolicy(LPCSTR, PCCERT_CHAIN_CONTEXT,
834 	  PCERT_CHAIN_POLICY_PARA, PCERT_CHAIN_POLICY_STATUS);
835 	void CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT);
836 	DWORD CertNameToStrA(DWORD, PCERT_NAME_BLOB, DWORD, LPSTR, DWORD);
837 	DWORD CertNameToStrW(DWORD, PCERT_NAME_BLOB, DWORD, LPWSTR, DWORD);
838 	HCERTSTORE CertOpenSystemStoreA(HCRYPTPROV, LPCSTR);
839 	HCERTSTORE CertOpenSystemStoreW(HCRYPTPROV, LPCWSTR);
840 	HCERTSTORE CertOpenStore(LPCSTR, DWORD, HCRYPTPROV, DWORD, const(void)*);
841 	PCCERT_CONTEXT CertFindCertificateInStore(HCERTSTORE, DWORD, DWORD, DWORD,
842 	  const(void)*, PCCERT_CONTEXT);
843 	BOOL CertFreeCertificateContext(PCCERT_CONTEXT);
844 	PCCERT_CONTEXT CertGetIssuerCertificateFromStore(HCERTSTORE,
845 	  PCCERT_CONTEXT, PCCERT_CONTEXT, DWORD*);
846 	PCCERT_CHAIN_CONTEXT CertFindChainInStore(HCERTSTORE, DWORD, DWORD, DWORD,
847 	  const(void)*, PCCERT_CHAIN_CONTEXT);
848 
849 	BOOL CryptAcquireContextA(HCRYPTPROV*, LPCSTR, LPCSTR, DWORD, DWORD);
850 	BOOL CryptAcquireContextW(HCRYPTPROV*, LPCWSTR, LPCWSTR, DWORD, DWORD);
851 	 BOOL CryptContextAddRef(HCRYPTPROV, DWORD*, DWORD);
852 	BOOL CryptReleaseContext(HCRYPTPROV, DWORD);
853 	BOOL CryptGenKey(HCRYPTPROV, ALG_ID, DWORD, HCRYPTKEY*);
854 	BOOL CryptDeriveKey(HCRYPTPROV, ALG_ID, HCRYPTHASH, DWORD, HCRYPTKEY*);
855 	BOOL CryptDestroyKey(HCRYPTKEY);
856 	static if (_WIN32_WINNT >= 0x500) {
857 		BOOL CryptDuplicateHash(HCRYPTHASH, DWORD*, DWORD, HCRYPTHASH*);
858 		BOOL CryptDuplicateKey(HCRYPTKEY, DWORD*, DWORD, HCRYPTKEY*);
859 	}
860 	BOOL CryptSetKeyParam(HCRYPTKEY, DWORD, PBYTE, DWORD);
861 	BOOL CryptGetKeyParam(HCRYPTKEY, DWORD, PBYTE, PDWORD, DWORD);
862 	BOOL CryptSetHashParam(HCRYPTHASH, DWORD, PBYTE, DWORD);
863 	BOOL CryptGetHashParam(HCRYPTHASH, DWORD, PBYTE, PDWORD, DWORD);
864 	BOOL CryptSetProvParam(HCRYPTPROV, DWORD, PBYTE, DWORD);
865 	BOOL CryptGetProvParam(HCRYPTPROV, DWORD, PBYTE, PDWORD, DWORD);
866 	BOOL CryptGenRandom(HCRYPTPROV, DWORD, PBYTE);
867 	BOOL CryptGetUserKey(HCRYPTPROV, DWORD, HCRYPTKEY*);
868 	BOOL CryptExportKey(HCRYPTKEY, HCRYPTKEY, DWORD, DWORD, PBYTE, PDWORD);
869 	BOOL CryptImportKey(HCRYPTPROV, PBYTE, DWORD, HCRYPTKEY, DWORD,
870 	  HCRYPTKEY*);
871 	BOOL CryptEncrypt(HCRYPTKEY, HCRYPTHASH, BOOL, DWORD, PBYTE, PDWORD,
872 	  DWORD);
873 	BOOL CryptDecrypt(HCRYPTKEY, HCRYPTHASH, BOOL, DWORD, PBYTE, PDWORD);
874 	BOOL CryptCreateHash(HCRYPTPROV, ALG_ID, HCRYPTKEY, DWORD, HCRYPTHASH*);
875 	BOOL CryptHashData(HCRYPTHASH, PBYTE, DWORD, DWORD);
876 	BOOL CryptHashSessionKey(HCRYPTHASH, HCRYPTKEY, DWORD);
877 	BOOL CryptGetHashValue(HCRYPTHASH, DWORD, PBYTE, PDWORD);
878 	BOOL CryptDestroyHash(HCRYPTHASH);
879 	BOOL CryptSignHashA(HCRYPTHASH, DWORD, LPCSTR, DWORD, PBYTE, PDWORD);
880 	BOOL CryptSignHashW(HCRYPTHASH, DWORD, LPCWSTR, DWORD, PBYTE, PDWORD);
881 	BOOL CryptVerifySignatureA(HCRYPTHASH, PBYTE, DWORD, HCRYPTKEY, LPCSTR,
882 	  DWORD);
883 	BOOL CryptVerifySignatureW(HCRYPTHASH, PBYTE, DWORD, HCRYPTKEY, LPCWSTR,
884 	  DWORD);
885 	BOOL CryptSetProviderA(LPCSTR, DWORD);
886 	BOOL CryptSetProviderW(LPCWSTR, DWORD);
887 	
888 	BOOL CryptUnprotectData(DATA_BLOB*, LPWSTR*, DATA_BLOB*, PVOID, CRYPTPROTECT_PROMPTSTRUCT*, DWORD, DATA_BLOB*);
889 	BOOL CryptProtectData(DATA_BLOB*, LPCWSTR, DATA_BLOB*, PVOID, CRYPTPROTECT_PROMPTSTRUCT*, DWORD, DATA_BLOB*);
890 }
891 
892 version (Unicode) {
893 	alias CertNameToStrW CertNameToStr;
894 	alias CryptAcquireContextW CryptAcquireContext;
895 	alias CryptSignHashW CryptSignHash;
896 	alias CryptVerifySignatureW CryptVerifySignature;
897 	alias CryptSetProviderW CryptSetProvider;
898 	alias CertOpenSystemStoreW CertOpenSystemStore;
899 	/+alias CERT_FIND_SUBJECT_STR_W CERT_FIND_SUBJECT_STR;
900 	alias CERT_FIND_ISSUER_STR_W CERT_FIND_ISSUER_STR;+/
901 } else {
902 	alias CertNameToStrA CertNameToStr;
903 	alias CryptAcquireContextA CryptAcquireContext;
904 	alias CryptSignHashA CryptSignHash;
905 	alias CryptVerifySignatureA CryptVerifySignature;
906 	alias CryptSetProviderA CryptSetProvider;
907 	alias CertOpenSystemStoreA CertOpenSystemStore;
908 	/+alias CERT_FIND_SUBJECT_STR_A CERT_FIND_SUBJECT_STR;
909 	alias CERT_FIND_ISSUER_STR_A CERT_FIND_ISSUER_STR;+/
910 }