1 /************************************************************************************ 2 Copyright (C) 2014 MariaDB Corporation Ab 3 4 This library is free software; you can redistribute it and/or 5 modify it under the terms of the GNU Library General Public 6 License as published by the Free Software Foundation; either 7 version 2 of the License, or (at your option) any later version. 8 9 This library is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 Library General Public License for more details. 13 14 You should have received a copy of the GNU Library General Public 15 License along with this library; if not see <http://www.gnu.org/licenses> 16 or write to the Free Software Foundation, Inc., 17 51 Franklin St., Fifth Floor, Boston, MA 02110, USA 18 19 Author: Georg Richter 20 21 *************************************************************************************/ 22 #ifndef _ma_schannel_h_ 23 #define _ma_schannel_h_ 24 25 #define SECURITY_WIN32 26 #include <ma_global.h> 27 #include <ma_sys.h> 28 #include <ma_common.h> 29 #include <ma_pvio.h> 30 #include <errmsg.h> 31 32 33 #include <wincrypt.h> 34 #include <wintrust.h> 35 36 37 #include <security.h> 38 39 #include <schnlsp.h> 40 #undef SECURITY_WIN32 41 #include <windows.h> 42 #include <sspi.h> 43 44 #define SC_IO_BUFFER_SIZE 0x4000 45 46 47 #include <ma_pthread.h> 48 49 struct st_DER { 50 char* der_buffer; 51 DWORD der_length; 52 }; 53 54 struct st_schannel { 55 CredHandle CredHdl; 56 PUCHAR IoBuffer; 57 DWORD IoBufferSize; 58 SecPkgContext_StreamSizes Sizes; 59 CtxtHandle hCtxt; 60 61 /* Cached data from the last read/decrypt call.*/ 62 SecBuffer extraBuf; /* encrypted data read from server. */ 63 SecBuffer dataBuf; /* decrypted but still unread data from server.*/ 64 65 }; 66 67 typedef struct st_schannel SC_CTX; 68 69 extern HCERTSTORE ca_CertStore, crl_CertStore; 70 extern my_bool ca_Check, crl_Check; 71 72 ; 73 SECURITY_STATUS ma_schannel_client_handshake(MARIADB_TLS *ctls); 74 SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRead, SecBuffer *pExtraData); 75 76 my_bool ma_schannel_verify_certs(MARIADB_TLS *ctls, BOOL verify_server_name); 77 ssize_t ma_schannel_write_encrypt(MARIADB_PVIO *pvio, 78 uchar *WriteBuffer, 79 size_t WriteBufferSize); 80 SECURITY_STATUS ma_schannel_read_decrypt(MARIADB_PVIO *pvio, 81 CtxtHandle* phContext, 82 DWORD *DecryptLength, 83 uchar *ReadBuffer, 84 DWORD ReadBufferSize); 85 86 87 #endif /* _ma_schannel_h_ */ 88