1 /************************************************************************************
2   Copyright (C) 2014 MariaDB Corporation Ab
3 
4   This library is free software; you can redistribute it and/or
5   modify it under the terms of the GNU Library General Public
6   License as published by the Free Software Foundation; either
7   version 2 of the License, or (at your option) any later version.
8 
9   This library is distributed in the hope that it will be useful,
10   but WITHOUT ANY WARRANTY; without even the implied warranty of
11   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12   Library General Public License for more details.
13 
14   You should have received a copy of the GNU Library General Public
15   License along with this library; if not see <http://www.gnu.org/licenses>
16   or write to the Free Software Foundation, Inc.,
17   51 Franklin St., Fifth Floor, Boston, MA 02110, USA
18 
19   Author: Georg Richter
20 
21  *************************************************************************************/
22 #ifndef _ma_schannel_h_
23 #define _ma_schannel_h_
24 
25 #define SECURITY_WIN32
26 #include <ma_global.h>
27 #include <ma_sys.h>
28 #include <ma_common.h>
29 #include <ma_pvio.h>
30 #include <errmsg.h>
31 
32 
33 #include <wincrypt.h>
34 #include <wintrust.h>
35 
36 
37 #include <security.h>
38 
39 #include <schnlsp.h>
40 #undef SECURITY_WIN32
41 #include <windows.h>
42 #include <sspi.h>
43 
44 #define SC_IO_BUFFER_SIZE 0x4000
45 
46 
47 #include <ma_pthread.h>
48 
49 struct st_DER {
50   char* der_buffer;
51   DWORD der_length;
52 };
53 
54 struct st_schannel {
55   CredHandle CredHdl;
56   PUCHAR IoBuffer;
57   DWORD IoBufferSize;
58   SecPkgContext_StreamSizes Sizes;
59   CtxtHandle hCtxt;
60 
61   /* Cached data from the last read/decrypt call.*/
62   SecBuffer extraBuf; /* encrypted data read from server. */
63   SecBuffer dataBuf;  /* decrypted but still unread data from server.*/
64 
65 };
66 
67 typedef struct st_schannel SC_CTX;
68 
69 extern HCERTSTORE ca_CertStore, crl_CertStore;
70 extern my_bool ca_Check, crl_Check;
71 
72 ;
73 SECURITY_STATUS ma_schannel_client_handshake(MARIADB_TLS *ctls);
74 SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRead, SecBuffer *pExtraData);
75 
76 my_bool ma_schannel_verify_certs(MARIADB_TLS *ctls, BOOL verify_server_name);
77 ssize_t ma_schannel_write_encrypt(MARIADB_PVIO *pvio,
78                                  uchar *WriteBuffer,
79                                  size_t WriteBufferSize);
80 SECURITY_STATUS ma_schannel_read_decrypt(MARIADB_PVIO *pvio,
81                                  CtxtHandle* phContext,
82                                  DWORD *DecryptLength,
83                                  uchar *ReadBuffer,
84                                  DWORD ReadBufferSize);
85 
86 
87 #endif /* _ma_schannel_h_ */
88