File Index Symbol Index

#include <winapifamily.h>
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 2004.
//
// File: ncrypt.h
//
// Contents: Cryptographic API Prototypes and Definitions
//
//----------------------------------------------------------------------------
#ifndef __NCRYPT_H__
#define __NCRYPT_H__
#if _MSC_VER >= 1200
#pragma warning(push)
#ifdef __cplusplus
extern
"C"
{
#endif
#ifndef WINAPI
#define WINAPI __stdcall
#endif
#ifndef __SECSTATUS_DEFINED__
typedef
LONG
SECURITY_STATUS
;
#define __SECSTATUS_DEFINED__ #endif
#include <bcrypt.h>
#ifndef HCRYPTPROV_DEFINED
#define HCRYPTPROV_DEFINED
typedef ULONG_PTR HCRYPTPROV;
typedef ULONG_PTR HCRYPTKEY;
typedef ULONG_PTR HCRYPTHASH;
#endif
//
// Maximum length of Key name, in characters
//
#define NCRYPT_MAX_KEY_NAME_LENGTH 512
//
// Maximum length of Algorithm name, in characters
//
#define NCRYPT_MAX_ALG_ID_LENGTH 512
/**************************************************************************** NCRYPT memory management routines for functions that require the caller to allocate memory ****************************************************************************/
); );
typedef
struct
NCRYPT_ALLOC_PARA
{
DWORD
cbSize
;
// size of this structure
PFN_NCRYPT_ALLOC
pfnAlloc
;
PFN_NCRYPT_FREE
pfnFree
; }
NCRYPT_ALLOC_PARA
;
//
// Microsoft built-in providers.
//
#define MS_KEY_STORAGE_PROVIDER L"Microsoft Software Key Storage Provider"
#define MS_SMART_CARD_KEY_STORAGE_PROVIDER L"Microsoft Smart Card Key Storage Provider"
#define MS_PLATFORM_KEY_STORAGE_PROVIDER L"Microsoft Platform Crypto Provider"
#define MS_NGC_KEY_STORAGE_PROVIDER L"Microsoft Passport Key Storage Provider"
//
// Key name for sealing
//
#if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
#define TPM_RSA_SRK_SEAL_KEY L"MICROSOFT_PCP_KSP_RSA_SEAL_KEY_3BD1C4BF-004E-4E2F-8A4D-0BF633DCB074" #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS1)
//
// Common algorithm identifiers.
//
#define NCRYPT_RSA_ALGORITHM BCRYPT_RSA_ALGORITHM
#define NCRYPT_RSA_SIGN_ALGORITHM BCRYPT_RSA_SIGN_ALGORITHM
#define NCRYPT_DH_ALGORITHM BCRYPT_DH_ALGORITHM
#define NCRYPT_DSA_ALGORITHM BCRYPT_DSA_ALGORITHM
#define NCRYPT_MD2_ALGORITHM BCRYPT_MD2_ALGORITHM
#define NCRYPT_MD4_ALGORITHM BCRYPT_MD4_ALGORITHM
#define NCRYPT_MD5_ALGORITHM BCRYPT_MD5_ALGORITHM
#define NCRYPT_SHA1_ALGORITHM BCRYPT_SHA1_ALGORITHM
#define NCRYPT_SHA256_ALGORITHM BCRYPT_SHA256_ALGORITHM
#define NCRYPT_SHA384_ALGORITHM BCRYPT_SHA384_ALGORITHM
#define NCRYPT_SHA512_ALGORITHM BCRYPT_SHA512_ALGORITHM
#define NCRYPT_ECDSA_P256_ALGORITHM BCRYPT_ECDSA_P256_ALGORITHM
#define NCRYPT_ECDSA_P384_ALGORITHM BCRYPT_ECDSA_P384_ALGORITHM
#define NCRYPT_ECDSA_P521_ALGORITHM BCRYPT_ECDSA_P521_ALGORITHM
#define NCRYPT_ECDH_P256_ALGORITHM BCRYPT_ECDH_P256_ALGORITHM
#define NCRYPT_ECDH_P384_ALGORITHM BCRYPT_ECDH_P384_ALGORITHM
#define NCRYPT_ECDH_P521_ALGORITHM BCRYPT_ECDH_P521_ALGORITHM
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_AES_ALGORITHM BCRYPT_AES_ALGORITHM
#define NCRYPT_RC2_ALGORITHM BCRYPT_RC2_ALGORITHM
#define NCRYPT_3DES_ALGORITHM BCRYPT_3DES_ALGORITHM
#define NCRYPT_DES_ALGORITHM BCRYPT_DES_ALGORITHM
#define NCRYPT_DESX_ALGORITHM BCRYPT_DESX_ALGORITHM
#define NCRYPT_3DES_112_ALGORITHM BCRYPT_3DES_112_ALGORITHM
#define NCRYPT_SP800108_CTR_HMAC_ALGORITHM BCRYPT_SP800108_CTR_HMAC_ALGORITHM
#define NCRYPT_SP80056A_CONCAT_ALGORITHM BCRYPT_SP80056A_CONCAT_ALGORITHM
#define NCRYPT_PBKDF2_ALGORITHM BCRYPT_PBKDF2_ALGORITHM
#define NCRYPT_CAPI_KDF_ALGORITHM BCRYPT_CAPI_KDF_ALGORITHM #endif // (NTDDI_VERSION >= NTDDI_WIN8)
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_ECDSA_ALGORITHM BCRYPT_ECDSA_ALGORITHM
#define NCRYPT_ECDH_ALGORITHM BCRYPT_ECDH_ALGORITHM #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_KEY_STORAGE_ALGORITHM L"KEY_STORAGE"
#if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
//
// This algorithm is not supported by any BCrypt provider. This identifier is for creating
// persistent stored HMAC keys in the TPM KSP.
//
#define NCRYPT_HMAC_SHA256_ALGORITHM L"HMAC-SHA256" #endif
//
// Interfaces
//
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_CIPHER_INTERFACE BCRYPT_CIPHER_INTERFACE #endif // (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_HASH_INTERFACE BCRYPT_HASH_INTERFACE
#define NCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE BCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE
#define NCRYPT_SECRET_AGREEMENT_INTERFACE BCRYPT_SECRET_AGREEMENT_INTERFACE
#define NCRYPT_SIGNATURE_INTERFACE BCRYPT_SIGNATURE_INTERFACE
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_KEY_DERIVATION_INTERFACE BCRYPT_KEY_DERIVATION_INTERFACE #endif // (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_KEY_STORAGE_INTERFACE 0x00010001
#define NCRYPT_SCHANNEL_INTERFACE 0x00010002
#if (NTDDI_VERSION >= NTDDI_WIN7)
#define NCRYPT_SCHANNEL_SIGNATURE_INTERFACE 0x00010003 #endif
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_KEY_PROTECTION_INTERFACE 0x00010004 #endif // (NTDDI_VERSION >= NTDDI_WIN8)
//
// algorithm groups.
//
#define NCRYPT_RSA_ALGORITHM_GROUP NCRYPT_RSA_ALGORITHM
#define NCRYPT_DH_ALGORITHM_GROUP NCRYPT_DH_ALGORITHM
#define NCRYPT_DSA_ALGORITHM_GROUP NCRYPT_DSA_ALGORITHM
#define NCRYPT_ECDSA_ALGORITHM_GROUP L"ECDSA"
#define NCRYPT_ECDH_ALGORITHM_GROUP L"ECDH"
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_AES_ALGORITHM_GROUP NCRYPT_AES_ALGORITHM
#define NCRYPT_RC2_ALGORITHM_GROUP NCRYPT_RC2_ALGORITHM
#define NCRYPT_DES_ALGORITHM_GROUP L"DES"
#define NCRYPT_KEY_DERIVATION_GROUP L"KEY_DERIVATION" #endif // (NTDDI_VERSION >= NTDDI_WIN8)
//
// NCrypt generic memory descriptors
//
#define NCRYPTBUFFER_VERSION 0
#define NCRYPTBUFFER_EMPTY 0
#define NCRYPTBUFFER_DATA 1
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPTBUFFER_PROTECTION_DESCRIPTOR_STRING 3 // The buffer contains a null-terminated Unicode string that contains the Protection Descriptor.
#define NCRYPTBUFFER_PROTECTION_FLAGS 4 // DWORD flags to be passed to NCryptCreateProtectionDescriptor function. #endif // (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPTBUFFER_SSL_CLIENT_RANDOM 20
#define NCRYPTBUFFER_SSL_SERVER_RANDOM 21
#define NCRYPTBUFFER_SSL_HIGHEST_VERSION 22
#define NCRYPTBUFFER_SSL_CLEAR_KEY 23
#define NCRYPTBUFFER_SSL_KEY_ARG_DATA 24
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPTBUFFER_SSL_SESSION_HASH 25 #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPTBUFFER_PKCS_OID 40
#define NCRYPTBUFFER_PKCS_ALG_OID 41
#define NCRYPTBUFFER_PKCS_ALG_PARAM 42
#define NCRYPTBUFFER_PKCS_ALG_ID 43
#define NCRYPTBUFFER_PKCS_ATTRS 44
#define NCRYPTBUFFER_PKCS_KEY_NAME 45
#define NCRYPTBUFFER_PKCS_SECRET 46
#define NCRYPTBUFFER_CERT_BLOB 47
//for threshold key attestation
#define NCRYPTBUFFER_CLAIM_IDBINDING_NONCE 48
#define NCRYPTBUFFER_CLAIM_KEYATTESTATION_NONCE 49
#define NCRYPTBUFFER_KEY_PROPERTY_FLAGS 50
#define NCRYPTBUFFER_ATTESTATIONSTATEMENT_BLOB 51
#define NCRYPTBUFFER_ATTESTATION_CLAIM_TYPE 52
#define NCRYPTBUFFER_ATTESTATION_CLAIM_CHALLENGE_REQUIRED 53
#if (NTDDI_VERSION >= NTDDI_WIN10_RS3)
#define NCRYPTBUFFER_VSM_KEY_ATTESTATION_CLAIM_RESTRICTIONS 54 #endif
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
//for generic ecc
#define NCRYPTBUFFER_ECC_CURVE_NAME 60
#define NCRYPTBUFFER_ECC_PARAMETERS 61 #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
//for TPM seal
#define NCRYPTBUFFER_TPM_SEAL_PASSWORD 70
#define NCRYPTBUFFER_TPM_SEAL_POLICYINFO 71
#define NCRYPTBUFFER_TPM_SEAL_TICKET 72
#define NCRYPTBUFFER_TPM_SEAL_NO_DA_PROTECTION 73 #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS1)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)
// for TPM platform attestation statements
#define NCRYPTBUFFER_TPM_PLATFORM_CLAIM_PCR_MASK 80
#define NCRYPTBUFFER_TPM_PLATFORM_CLAIM_NONCE 81
#define NCRYPTBUFFER_TPM_PLATFORM_CLAIM_STATIC_CREATE 82 #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5)
// NCRYPT shares the same BCRYPT definitions
typedef
BCryptBuffer
NCryptBuffer
;
typedef
BCryptBuffer
*
PNCryptBuffer
;
typedef
BCryptBufferDesc
NCryptBufferDesc
;
typedef
BCryptBufferDesc
*
PNCryptBufferDesc
;
//
// NCrypt handles
//
typedef
ULONG_PTR
NCRYPT_HANDLE
;
typedef
ULONG_PTR
NCRYPT_PROV_HANDLE
;
typedef
ULONG_PTR
NCRYPT_KEY_HANDLE
;
typedef
ULONG_PTR
NCRYPT_HASH_HANDLE
;
typedef
ULONG_PTR
NCRYPT_SECRET_HANDLE
;
#if (NTDDI_VERSION >= NTDDI_WIN8)
struct
_NCRYPT_CIPHER_PADDING_INFO
{
// size of this struct
ULONG
cbSize
;
// See NCRYPT_CIPHER_ flag values
DWORD
dwFlags
;
// [in, out, optional]
// The address of a buffer that contains the initialization vector (IV) to use during encryption.
// The cbIV parameter contains the size of this buffer. This function will modify the contents of this buffer.
// If you need to reuse the IV later, make sure you make a copy of this buffer before calling this function.
_Field_size_bytes_(cbIV)
PUCHAR
pbIV
;
ULONG
cbIV
;
// [in, out, optional]
// The address of a buffer that contains the algorithm specific info to use during encryption.
// The cbOtherInfo parameter contains the size of this buffer. This function will modify the contents of this buffer.
// If you need to reuse the buffer later, make sure you make a copy of this buffer before calling this function.
//
// For Microsoft providers, when an authenticated encryption mode is used,
// this parameter must point to a serialized BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO structure.
//
// NOTE: All pointers inside a structure must be to a data allocated within pbOtherInfo buffer.
//
_Field_size_bytes_(cbOtherInfo)
PUCHAR
pbOtherInfo
;
ULONG
cbOtherInfo
; }
NCRYPT_CIPHER_PADDING_INFO
, *
PNCRYPT_CIPHER_PADDING_INFO
;
//
// The following flags are used with NCRYPT_CIPHER_PADDING_INFO
//
#define NCRYPT_CIPHER_NO_PADDING_FLAG 0x00000000
#define NCRYPT_CIPHER_BLOCK_PADDING_FLAG 0x00000001
#define NCRYPT_CIPHER_OTHER_PADDING_FLAG 0x00000002
#endif // (NTDDI_VERSION >= NTDDI_WIN8)
#if (NTDDI_VERSION >= NTDDI_WINBLUE)
#define NCRYPT_PLATFORM_ATTEST_MAGIC 0x44504150 // 'PAPD'
typedef
struct
_NCRYPT_PLATFORM_ATTEST_PADDING_INFO
{
ULONG
magic
;
// 'PAPD'
ULONG
pcrMask
; }
NCRYPT_PLATFORM_ATTEST_PADDING_INFO
;
#define NCRYPT_KEY_ATTEST_MAGIC 0x4450414b // 'KAPD'
typedef
struct
_NCRYPT_KEY_ATTEST_PADDING_INFO
{
ULONG
magic
;
// 'KAPD'
PUCHAR
pbKeyBlob
;
ULONG
cbKeyBlob
;
PUCHAR
pbKeyAuth
;
ULONG
cbKeyAuth
; }
NCRYPT_KEY_ATTEST_PADDING_INFO
;
#endif // (NTDDI_VERSION >= NTDDI_WINBLUE)
//
// key attestation claim type
//
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_CLAIM_AUTHORITY_ONLY 0x00000001
#define NCRYPT_CLAIM_SUBJECT_ONLY 0x00000002
#define NCRYPT_CLAIM_WEB_AUTH_SUBJECT_ONLY 0x00000102
#define NCRYPT_CLAIM_AUTHORITY_AND_SUBJECT 0x00000003
#if (NTDDI_VERSION >= NTDDI_WIN10_RS3)
#define NCRYPT_CLAIM_VSM_KEY_ATTESTATION_STATEMENT 0x00000004 #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS3)
#define NCRYPT_CLAIM_UNKNOWN 0x00001000
#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)
#define NCRYPT_CLAIM_PLATFORM 0x00010000 #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5)
#endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS3)
// NCryptCreateClaim claim types, flags and buffer types
#define NCRYPT_ISOLATED_KEY_FLAG_CREATED_IN_ISOLATION 0x00000001 // if set, this key was generated in isolation, not imported
#define NCRYPT_ISOLATED_KEY_FLAG_IMPORT_ONLY 0x00000002 // if set, this key can only be used for importing other keys
#define NCRYPT_ISOLATED_KEY_ATTESTED_ATTRIBUTES_V0 0
#define NCRYPT_ISOLATED_KEY_ATTESTED_ATTRIBUTES_CURRENT_VERSION NCRYPT_ISOLATED_KEY_ATTESTED_ATTRIBUTES_V0
typedef
struct
_NCRYPT_ISOLATED_KEY_ATTESTED_ATTRIBUTES
{
ULONG
Version
;
// set to NCRYPT_ISOLATED_KEY_ATTESTED_ATTRIBUTES_V0
ULONG
Flags
;
// NCRYPT_ISOLATED_KEY_FLAG_ flags
ULONG
cbPublicKeyBlob
;
// pbPublicKeyBlob[cbPublicKeyBlob] - exported public key
}
NCRYPT_ISOLATED_KEY_ATTESTED_ATTRIBUTES
, *
PNCRYPT_ISOLATED_KEY_ATTESTED_ATTRIBUTES
;
#define NCRYPT_VSM_KEY_ATTESTATION_STATEMENT_V0 0
#define NCRYPT_VSM_KEY_ATTESTATION_STATEMENT_CURRENT_VERSION NCRYPT_VSM_KEY_ATTESTATION_STATEMENT_V0
typedef
struct
_NCRYPT_VSM_KEY_ATTESTATION_STATEMENT
{
ULONG
Magic
;
// {'I', 'M', 'S', 'V'} - 'VSMI' for VSM Isolated
ULONG
Version
;
// Set to NCRYPT_VSM_KEY_ATTESTATION_STATEMENT_CURRENT_VERSION
ULONG
cbSignature
;
// Secure kernel signature over the isolation report
ULONG
cbReport
;
// Key isolation report from the secure kernel
ULONG
cbAttributes
;
// Attributes of the isolated key including public key blob
// UCHAR Signature[cbSignature] -- Secure kernel signature of the report
// UCHAR Report[cbReport] -- Secure kernel report including hash of Attributes
// UCHAR Attributes[cbAttributes] -- Trustlet-reported attributes of the key
}
NCRYPT_VSM_KEY_ATTESTATION_STATEMENT
, *
PNCRYPT_VSM_KEY_ATTESTATION_STATEMENT
;
// Buffer contents for NCryptVerifyClaim (for buffer type NCRYPTBUFFER_ISOLATED_KEY_ATTESTATION_CLAIM_RESTRICTIONS)
#define NCRYPT_VSM_KEY_ATTESTATION_CLAIM_RESTRICTIONS_V0 0
#define NCRYPT_VSM_KEY_ATTESTATION_CLAIM_RESTRICTIONS_CURRENT_VERSION NCRYPT_VSM_KEY_ATTESTATION_CLAIM_RESTRICTIONS_V0
typedef
struct
_NCRYPT_VSM_KEY_ATTESTATION_CLAIM_RESTRICTIONS
{
ULONG
Version
;
// Set to NCRYPT_VSM_KEY_ATTESTATION_CLAIM_RESTRICTIONS_V0
ULONGLONG
TrustletId
;
// Trustlet type
ULONG
MinSvn
;
// Minimum acceptable trustlet SVN, 0 if don't care
ULONG
FlagsMask
;
// Which of NCRYPT_ISOLATED_KEY_ flags to check
ULONG
FlagsExpected
;
// Expected values of flags inside the mask
ULONG
AllowDebugging
:
1
;
// Is it okay for the trustlet to be debugged, 0 if no
ULONG
Reserved
:
31
;
// Future extension area, must be 0
}
NCRYPT_VSM_KEY_ATTESTATION_CLAIM_RESTRICTIONS
, *
PNCRYPT_VSM_KEY_ATTESTATION_CLAIM_RESTRICTIONS
;
// Structures to assist with importation of isolated keys
#define NCRYPT_EXPORTED_ISOLATED_KEY_HEADER_V0 0
#define NCRYPT_EXPORTED_ISOLATED_KEY_HEADER_CURRENT_VERSION NCRYPT_EXPORTED_ISOLATED_KEY_HEADER_V0
typedef
struct
_NCRYPT_EXPORTED_ISOLATED_KEY_HEADER
{
ULONG
Version
;
// Set to NCRYPT_EXPORTED_ISOLATED_KEY_HEADER_V0
ULONG
KeyUsage
;
// Set to NCRYPT_ALLOW_KEY_IMPORT_FLAG for import-only keys
ULONG
PerBootKey
:
1
;
// Set to TRUE if the key is to be valid in the current boot cycle only
ULONG
Reserved
:
31
;
// Leave as 0
ULONG
cbAlgName
;
// Number of bytes in Unicode algorithm name following header + terminating NULL
ULONG
cbNonce
;
// Number of bytes in the nonce used to encrypt the isolated key
ULONG
cbAuthTag
;
// Number of bytes in authentication tag resulting from encrypting the isolated key
ULONG
cbWrappingKey
;
// Number of bytes in encrypted wrapping key blob
ULONG
cbIsolatedKey
;
// Number of bytes in encrypted isolated key blob
}
NCRYPT_EXPORTED_ISOLATED_KEY_HEADER
, *
PNCRYPT_EXPORTED_ISOLATED_KEY_HEADER
;
typedef
struct
_NCRYPT_EXPORTED_ISOLATED_KEY_ENVELOPE
{
NCRYPT_EXPORTED_ISOLATED_KEY_HEADER
Header
;
// UCHAR AlgorithmName[Header.cbAlgName] -- Unicode algorithm name including terminating NULL
// UCHAR Nonce[Header.cbNonce] -- Nonce buffer used when encrypting isolated key
// ---- data after this point is not integrity protected in transit
// UCHAR AesGcmAuthTag[Header.cbAuthTag]
// UCHAR WrappingKeyBlob[Header.cbWrappingKey] -- RSA-OAEP encrypted AES wrapping key
// UCHAR IsolatedKeyBlob[Header.cbIsolatedKey] -- AES-GCM encrypted key to import
}
NCRYPT_EXPORTED_ISOLATED_KEY_ENVELOPE
, *
PNCRYPT_EXPORTED_ISOLATED_KEY_ENVELOPE
;
#endif
#if (NTDDI_VERSION >= NTDDI_WIN10_RS2)
typedef
struct
__NCRYPT_PCP_TPM_WEB_AUTHN_ATTESTATION_STATEMENT
{
UINT32
Magic
;
// { 'A', 'W', 'A', 'K' } - 'KAWA'
UINT32
Version
;
// 1 for the statement defined in this specification
UINT32
HeaderSize
;
// 24
UINT32
cbCertifyInfo
;
UINT32
cbSignature
;
UINT32
cbTpmPublic
;
// CertifyInfo[cbCertifyInfo];
// Signature[cbSignature];
// TpmPublic[cbTpmPublic];
}
NCRYPT_PCP_TPM_WEB_AUTHN_ATTESTATION_STATEMENT
,*
PNCRYPT_PCP_TPM_WEB_AUTHN_ATTESTATION_STATEMENT
;
#endif// (NTDDI_VERSION >= NTDDI_WIN10_RS2)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)
#define NCRYPT_TPM_PLATFORM_ATTESTATION_STATEMENT_V0 0
#define NCRYPT_TPM_PLATFORM_ATTESTATION_STATEMENT_CURRENT_VERSION NCRYPT_TPM_PLATFORM_ATTESTATION_STATEMENT_V0
typedef
struct
_NCRYPT_TPM_PLATFORM_ATTESTATION_STATEMENT
{
ULONG
Magic
;
// {'A', 'L', 'P', 'T'} - 'TPLA' for TPM Platform
ULONG
Version
;
// Set to NCRYPT_TPM_PLATFORM_ATTESTATION_STATEMENT_CURRENT_VERSION
ULONG
pcrAlg
;
// The TPM hash algorithm ID
ULONG
cbSignature
;
// TPMT_SIGNATURE structure signature over the quote
ULONG
cbQuote
;
// TPMS_ATTEST structure that was generated and signed
ULONG
cbPcrs
;
// Raw concatenation of all 24 PCRs
// UCHAR Signature[cbSignature]
// UCHAR Quote[cbQuote]
// UCHAR Pcrs[cbPcrs]
}
NCRYPT_TPM_PLATFORM_ATTESTATION_STATEMENT
, *
PNCRYPT_TPM_PLATFORM_ATTESTATION_STATEMENT
;
#endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5)
//
// NCrypt API Flags
//
#define NCRYPT_NO_PADDING_FLAG 0x00000001 // NCryptEncrypt/Decrypt
#define NCRYPT_PAD_PKCS1_FLAG 0x00000002 // NCryptEncrypt/Decrypt NCryptSignHash/VerifySignature
#define NCRYPT_PAD_OAEP_FLAG 0x00000004 // BCryptEncrypt/Decrypt
#define NCRYPT_PAD_PSS_FLAG 0x00000008 // BCryptSignHash/VerifySignature
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_PAD_CIPHER_FLAG 0x00000010 // NCryptEncrypt/Decrypt #endif // (NTDDI_VERSION >= NTDDI_WIN8)
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_ATTESTATION_FLAG 0x00000020 // NCryptDecrypt for key attestation #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
#define NCRYPT_SEALING_FLAG 0x00000100 // NCryptEncrypt/Decrypt for sealing #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS1)
#define NCRYPT_REGISTER_NOTIFY_FLAG 0x00000001 // NCryptNotifyChangeKey
#define NCRYPT_UNREGISTER_NOTIFY_FLAG 0x00000002 // NCryptNotifyChangeKey
#define NCRYPT_NO_KEY_VALIDATION BCRYPT_NO_KEY_VALIDATION
#define NCRYPT_MACHINE_KEY_FLAG 0x00000020 // same as CAPI CRYPT_MACHINE_KEYSET
#define NCRYPT_SILENT_FLAG 0x00000040 // same as CAPI CRYPT_SILENT
#define NCRYPT_OVERWRITE_KEY_FLAG 0x00000080
#define NCRYPT_WRITE_KEY_TO_LEGACY_STORE_FLAG 0x00000200
#define NCRYPT_DO_NOT_FINALIZE_FLAG 0x00000400
#define NCRYPT_EXPORT_LEGACY_FLAG 0x00000800
#if (NTDDI_VERSION >= NTDDI_WINBLUE)
#define NCRYPT_IGNORE_DEVICE_STATE_FLAG 0x00001000 // NCryptOpenStorageProvider #endif // (NTDDI_VERSION >= NTDDI_WINBLUE)
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_TREAT_NIST_AS_GENERIC_ECC_FLAG 0x00002000
#define NCRYPT_NO_CACHED_PASSWORD 0x00004000
#define NCRYPT_PROTECT_TO_LOCAL_SYSTEM 0x00008000 #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_PERSIST_ONLY_FLAG 0x40000000
#define NCRYPT_PERSIST_FLAG 0x80000000
#if (NTDDI_VERSION >= NTDDI_WIN10_RS2)
#define NCRYPT_PREFER_VIRTUAL_ISOLATION_FLAG 0x00010000 // NCryptCreatePersistedKey NCryptImportKey
#define NCRYPT_USE_VIRTUAL_ISOLATION_FLAG 0x00020000 // NCryptCreatePersistedKey NCryptImportKey
#define NCRYPT_USE_PER_BOOT_KEY_FLAG 0x00040000 // NCryptCreatePersistedKey NCryptImportKey #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2)
//
// Functions used to manage persisted keys.
//
// NCryptOpenStorageProvider flags
#define NCRYPT_SILENT_FLAG 0x00000040 // same as CAPI CRYPT_SILENT
#if (NTDDI_VERSION >= NTDDI_WINBLUE)
#define NCRYPT_IGNORE_DEVICE_STATE_FLAG 0x00001000 // NCryptOpenStorageProvider #endif // (NTDDI_VERSION >= NTDDI_WINBLUE)
_Check_return_
SECURITY_STATUS
NCryptOpenStorageProvider
(
// AlgOperations flags for use with NCryptEnumAlgorithms()
#define NCRYPT_CIPHER_OPERATION BCRYPT_CIPHER_OPERATION
#define NCRYPT_HASH_OPERATION BCRYPT_HASH_OPERATION
#define NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION BCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION
#define NCRYPT_SECRET_AGREEMENT_OPERATION BCRYPT_SECRET_AGREEMENT_OPERATION
#define NCRYPT_SIGNATURE_OPERATION BCRYPT_SIGNATURE_OPERATION
#define NCRYPT_RNG_OPERATION BCRYPT_RNG_OPERATION
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_KEY_DERIVATION_OPERATION BCRYPT_KEY_DERIVATION_OPERATION #endif // (NTDDI_VERSION >= NTDDI_WIN8)
// USE EXTREME CAUTION: editing comments that contain "certenrolls_*" tokens
// could break building CertEnroll idl files:
// certenrolls_begin -- NCryptAlgorithmName
typedef
struct
_NCryptAlgorithmName
{
LPWSTR
pszName
;
DWORD
dwClass
;
// the CNG interface that supports this algorithm
DWORD
dwAlgOperations
;
// the types of operations supported by this algorithm
DWORD
dwFlags
; }
NCryptAlgorithmName
;
// certenrolls_end
_Check_return_
SECURITY_STATUS
NCryptEnumAlgorithms
(
_Check_return_
SECURITY_STATUS
NCryptIsAlgSupported
(
// NCryptEnumKeys flags
#define NCRYPT_MACHINE_KEY_FLAG 0x00000020
typedef
struct
NCryptKeyName
{
LPWSTR
pszName
;
LPWSTR
pszAlgid
;
DWORD
dwLegacyKeySpec
;
DWORD
dwFlags
; }
NCryptKeyName
;
_Check_return_
SECURITY_STATUS
NCryptEnumKeys
(
typedef
struct
NCryptProviderName
{
LPWSTR
pszName
;
LPWSTR
pszComment
; }
NCryptProviderName
; #pragma region Desktop Family or OneCore Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM)
_Check_return_
SECURITY_STATUS
NCryptEnumStorageProviders
(
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) */
#pragma endregion
SECURITY_STATUS
NCryptFreeBuffer
(
// NCryptOpenKey flags
#define NCRYPT_MACHINE_KEY_FLAG 0x00000020
#define NCRYPT_SILENT_FLAG 0x00000040
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_AUTHORITY_KEY_FLAG 0x00000100 #endif
_Check_return_
SECURITY_STATUS
NCryptOpenKey
(
// NCryptCreatePersistedKey flags
#define NCRYPT_MACHINE_KEY_FLAG 0x00000020
#define NCRYPT_OVERWRITE_KEY_FLAG 0x00000080
_Check_return_
SECURITY_STATUS
NCryptCreatePersistedKey
(
// Standard property names.
#define NCRYPT_NAME_PROPERTY L"Name"
#define NCRYPT_UNIQUE_NAME_PROPERTY L"Unique Name"
#define NCRYPT_ALGORITHM_PROPERTY L"Algorithm Name"
#define NCRYPT_LENGTH_PROPERTY L"Length"
#define NCRYPT_LENGTHS_PROPERTY L"Lengths"
#define NCRYPT_BLOCK_LENGTH_PROPERTY L"Block Length"
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_PUBLIC_LENGTH_PROPERTY BCRYPT_PUBLIC_KEY_LENGTH
#define NCRYPT_SIGNATURE_LENGTH_PROPERTY BCRYPT_SIGNATURE_LENGTH #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_CHAINING_MODE_PROPERTY L"Chaining Mode"
#define NCRYPT_AUTH_TAG_LENGTH L"AuthTagLength" #endif // (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_UI_POLICY_PROPERTY L"UI Policy"
#define NCRYPT_EXPORT_POLICY_PROPERTY L"Export Policy"
#define NCRYPT_WINDOW_HANDLE_PROPERTY L"HWND Handle"
#define NCRYPT_USE_CONTEXT_PROPERTY L"Use Context"
#define NCRYPT_IMPL_TYPE_PROPERTY L"Impl Type"
#define NCRYPT_KEY_USAGE_PROPERTY L"Key Usage"
#define NCRYPT_KEY_TYPE_PROPERTY L"Key Type"
#define NCRYPT_VERSION_PROPERTY L"Version"
#define NCRYPT_SECURITY_DESCR_SUPPORT_PROPERTY L"Security Descr Support"
#define NCRYPT_SECURITY_DESCR_PROPERTY L"Security Descr"
#define NCRYPT_USE_COUNT_ENABLED_PROPERTY L"Enabled Use Count"
#define NCRYPT_USE_COUNT_PROPERTY L"Use Count"
#define NCRYPT_LAST_MODIFIED_PROPERTY L"Modified"
#define NCRYPT_MAX_NAME_LENGTH_PROPERTY L"Max Name Length"
#define NCRYPT_ALGORITHM_GROUP_PROPERTY L"Algorithm Group"
#define NCRYPT_DH_PARAMETERS_PROPERTY BCRYPT_DH_PARAMETERS
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_ECC_PARAMETERS_PROPERTY BCRYPT_ECC_PARAMETERS
#define NCRYPT_ECC_CURVE_NAME_PROPERTY BCRYPT_ECC_CURVE_NAME
#define NCRYPT_ECC_CURVE_NAME_LIST_PROPERTY BCRYPT_ECC_CURVE_NAME_LIST #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS2)
#define NCRYPT_USE_VIRTUAL_ISOLATION_PROPERTY L"Virtual Iso"
#define NCRYPT_USE_PER_BOOT_KEY_PROPERTY L"Per Boot Key" #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2)
#define NCRYPT_PROVIDER_HANDLE_PROPERTY L"Provider Handle"
#define NCRYPT_PIN_PROPERTY L"SmartCardPin"
#define NCRYPT_READER_PROPERTY L"SmartCardReader"
#define NCRYPT_SMARTCARD_GUID_PROPERTY L"SmartCardGuid"
#define NCRYPT_CERTIFICATE_PROPERTY L"SmartCardKeyCertificate"
#define NCRYPT_PIN_PROMPT_PROPERTY L"SmartCardPinPrompt"
#define NCRYPT_USER_CERTSTORE_PROPERTY L"SmartCardUserCertStore"
#define NCRYPT_ROOT_CERTSTORE_PROPERTY L"SmartcardRootCertStore"
#define NCRYPT_SECURE_PIN_PROPERTY L"SmartCardSecurePin"
#if (NTDDI_VERSION >= NTDDI_WIN7)
#define NCRYPT_ASSOCIATED_ECDH_KEY L"SmartCardAssociatedECDHKey"
#define NCRYPT_SCARD_PIN_ID L"SmartCardPinId"
#define NCRYPT_SCARD_PIN_INFO L"SmartCardPinInfo" #endif // (NTDDI_VERSION >= NTDDI_WIN7)
#if (NTDDI_VERSION >= NTDDI_WIN8)
#define NCRYPT_READER_ICON_PROPERTY L"SmartCardReaderIcon"
#define NCRYPT_KDF_SECRET_VALUE L"KDFKeySecret"
#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)
#define NCRYPT_DISMISS_UI_TIMEOUT_SEC_PROPERTY L"SmartCardDismissUITimeoutSeconds" #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5)
//
// Additional property strings specific for the Platform Crypto Provider
//
#define NCRYPT_PCP_PLATFORM_TYPE_PROPERTY L"PCP_PLATFORM_TYPE"
#define NCRYPT_PCP_PROVIDER_VERSION_PROPERTY L"PCP_PROVIDER_VERSION"
#define NCRYPT_PCP_EKPUB_PROPERTY L"PCP_EKPUB"
#define NCRYPT_PCP_EKCERT_PROPERTY L"PCP_EKCERT"
#define NCRYPT_PCP_EKNVCERT_PROPERTY L"PCP_EKNVCERT"
#define NCRYPT_PCP_RSA_EKPUB_PROPERTY L"PCP_RSA_EKPUB"
#define NCRYPT_PCP_RSA_EKCERT_PROPERTY L"PCP_RSA_EKCERT"
#define NCRYPT_PCP_RSA_EKNVCERT_PROPERTY L"PCP_RSA_EKNVCERT"
#define NCRYPT_PCP_ECC_EKPUB_PROPERTY L"PCP_ECC_EKPUB"
#define NCRYPT_PCP_ECC_EKCERT_PROPERTY L"PCP_ECC_EKCERT"
#define NCRYPT_PCP_ECC_EKNVCERT_PROPERTY L"PCP_ECC_EKNVCERT"
#define NCRYPT_PCP_SRKPUB_PROPERTY L"PCP_SRKPUB"
#define NCRYPT_PCP_PCRTABLE_PROPERTY L"PCP_PCRTABLE"
#define NCRYPT_PCP_CHANGEPASSWORD_PROPERTY L"PCP_CHANGEPASSWORD"
#define NCRYPT_PCP_PASSWORD_REQUIRED_PROPERTY L"PCP_PASSWORD_REQUIRED"
#define NCRYPT_PCP_USAGEAUTH_PROPERTY L"PCP_USAGEAUTH"
#define NCRYPT_PCP_MIGRATIONPASSWORD_PROPERTY L"PCP_MIGRATIONPASSWORD"
#define NCRYPT_PCP_EXPORT_ALLOWED_PROPERTY L"PCP_EXPORT_ALLOWED"
#define NCRYPT_PCP_STORAGEPARENT_PROPERTY L"PCP_STORAGEPARENT"
#define NCRYPT_PCP_PROVIDERHANDLE_PROPERTY L"PCP_PROVIDERMHANDLE"
#define NCRYPT_PCP_PLATFORMHANDLE_PROPERTY L"PCP_PLATFORMHANDLE"
#define NCRYPT_PCP_PLATFORM_BINDING_PCRMASK_PROPERTY L"PCP_PLATFORM_BINDING_PCRMASK"
#define NCRYPT_PCP_PLATFORM_BINDING_PCRDIGESTLIST_PROPERTY L"PCP_PLATFORM_BINDING_PCRDIGESTLIST"
#define NCRYPT_PCP_PLATFORM_BINDING_PCRDIGEST_PROPERTY L"PCP_PLATFORM_BINDING_PCRDIGEST"
#define NCRYPT_PCP_KEY_USAGE_POLICY_PROPERTY L"PCP_KEY_USAGE_POLICY"
#define NCRYPT_PCP_RSA_SCHEME_PROPERTY L"PCP_RSA_SCHEME"
#define NCRYPT_PCP_RSA_SCHEME_HASH_ALG_PROPERTY L"PCP_RSA_SCHEME_HASH_ALG"
#define NCRYPT_PCP_TPM12_IDBINDING_PROPERTY L"PCP_TPM12_IDBINDING"
#define NCRYPT_PCP_TPM12_IDBINDING_DYNAMIC_PROPERTY L"PCP_TPM12_IDBINDING_DYNAMIC"
#define NCRYPT_PCP_TPM12_IDACTIVATION_PROPERTY L"PCP_TPM12_IDACTIVATION"
#define NCRYPT_PCP_KEYATTESTATION_PROPERTY L"PCP_TPM12_KEYATTESTATION"
#define NCRYPT_PCP_ALTERNATE_KEY_STORAGE_LOCATION_PROPERTY L"PCP_ALTERNATE_KEY_STORAGE_LOCATION"
#define NCRYPT_PCP_TPM_IFX_RSA_KEYGEN_PROHIBITED_PROPERTY L"PCP_TPM_IFX_RSA_KEYGEN_PROHIBITED"
#define NCRYPT_PCP_TPM_IFX_RSA_KEYGEN_VULNERABILITY_PROPERTY \
L"PCP_TPM_IFX_RSA_KEYGEN_VULNERABILITY"
#if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
#define NCRYPT_PCP_HMAC_AUTH_POLICYREF L"PCP_HMAC_AUTH_POLICYREF"
#define NCRYPT_PCP_HMAC_AUTH_POLICYINFO L"PCP_HMAC_AUTH_POLICYINFO"
#define NCRYPT_PCP_HMAC_AUTH_NONCE L"PCP_HMAC_AUTH_NONCE"
#define NCRYPT_PCP_HMAC_AUTH_SIGNATURE L"PCP_HMAC_AUTH_SIGNATURE"
#define NCRYPT_PCP_HMAC_AUTH_TICKET L"PCP_HMAC_AUTH_TICKET"
#define NCRYPT_PCP_NO_DA_PROTECTION_PROPERTY L"PCP_NO_DA_PROTECTION" #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS1)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS2)
#define NCRYPT_PCP_TPM_MANUFACTURER_ID_PROPERTY L"PCP_TPM_MANUFACTURER_ID"
#define NCRYPT_PCP_TPM_FW_VERSION_PROPERTY L"PCP_TPM_FW_VERSION" #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS3)
#define NCRYPT_PCP_TPM2BNAME_PROPERTY L"PCP_TPM2BNAME"
#define NCRYPT_PCP_TPM_VERSION_PROPERTY L"PCP_TPM_VERSION" #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS3)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS4)
#define NCRYPT_PCP_RAW_POLICYDIGEST_PROPERTY L"PCP_RAW_POLICYDIGEST"
#define NCRYPT_PCP_KEY_CREATIONHASH_PROPERTY L"PCP_KEY_CREATIONHASH"
#define NCRYPT_PCP_KEY_CREATIONTICKET_PROPERTY L"PCP_KEY_CREATIONTICKET" #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS4)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)
#define NCRYPT_PCP_SESSIONID_PROPERTY L"PCP_SESSIONID" #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS4)
// TPM RSAPSS Salt size types
#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)
#define NCRYPT_TPM_PSS_SALT_SIZE_UNKNOWN 0x00000000
#define NCRYPT_TPM_PSS_SALT_SIZE_MAXIMUM 0x00000001 // Pre-TPM Spec-1.16: Max allowed salt size
#define NCRYPT_TPM_PSS_SALT_SIZE_HASHSIZE 0x00000002 // Post-1.16: PSS salt = hashLen #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5)
// TPM NCryptSignHash Flag
#if (NTDDI_VERSION >= NTDDI_WIN10_RS5)
#define NCRYPT_TPM_PAD_PSS_IGNORE_SALT 0x00000020 // NCryptSignHash #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS5)
//
// NCRYPT_PCP_TPM_IFX_RSA_KEYGEN_VULNERABILITY_PROPERTY values
//
#define IFX_RSA_KEYGEN_VUL_NOT_AFFECTED 0
#define IFX_RSA_KEYGEN_VUL_AFFECTED_LEVEL_1 1
#define IFX_RSA_KEYGEN_VUL_AFFECTED_LEVEL_2 2
//
// BCRYPT_PCP_KEY_USAGE_POLICY values
//
#define NCRYPT_TPM12_PROVIDER (0x00010000)
#define NCRYPT_PCP_SIGNATURE_KEY (0x00000001)
#define NCRYPT_PCP_ENCRYPTION_KEY (0x00000002)
#define NCRYPT_PCP_GENERIC_KEY (NCRYPT_PCP_SIGNATURE_KEY | NCRYPT_PCP_ENCRYPTION_KEY)
#define NCRYPT_PCP_STORAGE_KEY (0x00000004)
#define NCRYPT_PCP_IDENTITY_KEY (0x00000008) #endif // (NTDDI_VERSION >= NTDDI_WIN8)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
#define NCRYPT_PCP_HMACVERIFICATION_KEY (0x00000010) #endif // (NTDDI_VERSION >= NTDDI_WIN10_RS1)
//
// Additional property strings specific for the Smart Card Key Storage Provider
//
#if (NTDDI_VERSION >= NTDDI_WIN10)
#define NCRYPT_SCARD_NGC_KEY_NAME L"SmartCardNgcKeyName" #endif // (NTDDI_VERSION >= NTDDI_WIN10)
#if (NTDDI_VERSION >= NTDDI_WIN10)
#define NCRYPT_PCP_PLATFORM_BINDING_PCRALGID_PROPERTY L"PCP_PLATFORM_BINDING_PCRALGID" #endif // (NTDDI_VERSION >= NTDDI_WIN10)
#if (NTDDI_VERSION >= NTDDI_WIN8)
//
// Used to set IV for block ciphers, before calling NCryptEncrypt/NCryptDecrypt
//
#define NCRYPT_INITIALIZATION_VECTOR BCRYPT_INITIALIZATION_VECTOR #endif // (NTDDI_VERSION >= NTDDI_WIN8)
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_CHANGEPASSWORD_PROPERTY NCRYPT_PCP_CHANGEPASSWORD_PROPERTY
#define NCRYPT_ALTERNATE_KEY_STORAGE_LOCATION_PROPERTY NCRYPT_PCP_ALTERNATE_KEY_STORAGE_LOCATION_PROPERTY
#define NCRYPT_KEY_ACCESS_POLICY_PROPERTY L"Key Access Policy" #endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
// Maximum length of property name (in characters)
#define NCRYPT_MAX_PROPERTY_NAME 64
// Maximum length of property data (in bytes)
#define NCRYPT_MAX_PROPERTY_DATA 0x100000
// NCRYPT_EXPORT_POLICY_PROPERTY property flags.
#define NCRYPT_ALLOW_EXPORT_FLAG 0x00000001
#define NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG 0x00000002
#define NCRYPT_ALLOW_ARCHIVING_FLAG 0x00000004
#define NCRYPT_ALLOW_PLAINTEXT_ARCHIVING_FLAG 0x00000008
// NCRYPT_IMPL_TYPE_PROPERTY property flags.
#define NCRYPT_IMPL_HARDWARE_FLAG 0x00000001
#define NCRYPT_IMPL_SOFTWARE_FLAG 0x00000002
#define NCRYPT_IMPL_REMOVABLE_FLAG 0x00000008
#define NCRYPT_IMPL_HARDWARE_RNG_FLAG 0x00000010
#if (NTDDI_VERSION >= NTDDI_WIN10_RS4)
#define NCRYPT_IMPL_VIRTUAL_ISOLATION_FLAG 0x00000020 #endif
// NCRYPT_KEY_USAGE_PROPERTY property flags.
#define NCRYPT_ALLOW_DECRYPT_FLAG 0x00000001
#define NCRYPT_ALLOW_SIGNING_FLAG 0x00000002
#define NCRYPT_ALLOW_KEY_AGREEMENT_FLAG 0x00000004
#if (NTDDI_VERSION >= NTDDI_WIN10_RS3)
#define NCRYPT_ALLOW_KEY_IMPORT_FLAG 0x00000008 #endif
#define NCRYPT_ALLOW_ALL_USAGES 0x00ffffff
// NCRYPT_UI_POLICY_PROPERTY property flags and structure
#define NCRYPT_UI_PROTECT_KEY_FLAG 0x00000001
#define NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG 0x00000002
#if (NTDDI_VERSION >= NTDDI_WINBLUE)
#define NCRYPT_UI_FINGERPRINT_PROTECTION_FLAG 0x00000004
#define NCRYPT_UI_APPCONTAINER_ACCESS_MEDIUM_FLAG 0x00000008 #endif // (NTDDI_VERSION >= NTDDI_WINBLUE)
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
//
// Pin Cache Provider Properties
//
#define NCRYPT_PIN_CACHE_FREE_APPLICATION_TICKET_PROPERTY L"PinCacheFreeApplicationTicket"
#if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
#define NCRYPT_PIN_CACHE_FLAGS_PROPERTY L"PinCacheFlags"
// The NCRYPT_PIN_CACHE_FLAGS_PROPERTY property is a DWORD value that can be set from a trusted process. The
// following flags can be set.
#define NCRYPT_PIN_CACHE_DISABLE_DPL_FLAG 0x00000001
#endif // (NTDDI_VERSION >= NTDDI_WIN10_RS1)
//
// Pin Cache Key Properties
//
#define NCRYPT_PIN_CACHE_APPLICATION_TICKET_PROPERTY L"PinCacheApplicationTicket"
#define NCRYPT_PIN_CACHE_APPLICATION_IMAGE_PROPERTY L"PinCacheApplicationImage"
#define NCRYPT_PIN_CACHE_APPLICATION_STATUS_PROPERTY L"PinCacheApplicationStatus"
#define NCRYPT_PIN_CACHE_PIN_PROPERTY L"PinCachePin"
#define NCRYPT_PIN_CACHE_IS_GESTURE_REQUIRED_PROPERTY L"PinCacheIsGestureRequired"
#define NCRYPT_PIN_CACHE_REQUIRE_GESTURE_FLAG 0x00000001
// The NCRYPT_PIN_CACHE_PIN_PROPERTY and NCRYPT_PIN_CACHE_APPLICATION_TICKET_PROPERTY properties
// return a 32 byte random unique ID encoded as a null terminated base64 Unicode string. The string length
// is 32 * 4/3 + 1 characters = 45 characters, 90 bytes
#define NCRYPT_PIN_CACHE_PIN_BYTE_LENGTH 90
#define NCRYPT_PIN_CACHE_APPLICATION_TICKET_BYTE_LENGTH 90
#endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
#define NCRYPT_PIN_CACHE_CLEAR_PROPERTY L"PinCacheClear"
// The NCRYPT_PIN_CACHE_CLEAR_PROPERTY property is a DWORD value. The following option can be set:
#define NCRYPT_PIN_CACHE_CLEAR_FOR_CALLING_PROCESS_OPTION 0x00000001
#endif // (NTDDI_VERSION >= NTDDI_WIN10_RS1)
typedef
struct
__NCRYPT_UI_POLICY
{
DWORD
dwVersion
;
DWORD
dwFlags
;
LPCWSTR
pszCreationTitle
;
LPCWSTR
pszFriendlyName
;
LPCWSTR
pszDescription
; }
NCRYPT_UI_POLICY
;
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_KEY_ACCESS_POLICY_VERSION 1
#define NCRYPT_ALLOW_SILENT_KEY_ACCESS 0x00000001
typedef
struct
__NCRYPT_KEY_ACCESS_POLICY_BLOB
{
DWORD
dwVersion
;
DWORD
dwPolicyFlags
;
DWORD
cbUserSid
;
DWORD
cbApplicationSid
;
// User Sid
// Application Sid
}
NCRYPT_KEY_ACCESS_POLICY_BLOB
;
#endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
// NCRYPT_LENGTHS_PROPERTY property structure.
typedef
struct
__NCRYPT_SUPPORTED_LENGTHS
{
DWORD
dwMinLength
;
DWORD
dwMaxLength
;
DWORD
dwIncrement
;
DWORD
dwDefaultLength
; }
NCRYPT_SUPPORTED_LENGTHS
;
#if (NTDDI_VERSION >= NTDDI_WIN10_RS1)
// NCRYPT_PCP_HMAC_AUTH_SIGNATURE property structure.
typedef
struct
__NCRYPT_PCP_HMAC_AUTH_SIGNATURE_INFO
{
DWORD
dwVersion
;
INT32
iExpiration
;
BYTE
pabNonce
[
32
];
BYTE
pabPolicyRef
[
32
];
BYTE
pabHMAC
[
32
]; }
NCRYPT_PCP_HMAC_AUTH_SIGNATURE_INFO
;
#endif // (NTDDI_VERSION >= NTDDI_WIN10_RS1)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS2)
// NCRYPT_PCP_TPM_FW_VERSION property structure.
typedef
struct
__NCRYPT_PCP_TPM_FW_VERSION_INFO
{
UINT16
major1
;
UINT16
major2
;
UINT16
minor1
;
UINT16
minor2
; }
NCRYPT_PCP_TPM_FW_VERSION_INFO
;
#endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2)
#if (NTDDI_VERSION >= NTDDI_WIN10_RS4)
// NCRYPT_PCP_RAW_POLICYDIGEST_PROPERTY structure
typedef
struct
__NCRYPT_PCP_RAW_POLICYDIGEST
{
DWORD
dwVersion
;
DWORD
cbDigest
; }
NCRYPT_PCP_RAW_POLICYDIGEST_INFO
;
#endif // (NTDDI_VERSION >= NTDDI_WIN10_RS2)
// NCryptGetProperty flags
#define NCRYPT_PERSIST_ONLY_FLAG 0x40000000
_Check_return_
_Success_( return == 0 )
SECURITY_STATUS
NCryptGetProperty
(
// NCryptSetProperty flags
#define NCRYPT_PERSIST_FLAG 0x80000000
#define NCRYPT_PERSIST_ONLY_FLAG 0x40000000
_Check_return_
SECURITY_STATUS
NCryptSetProperty
(
// NCryptFinalizeKey flags
#define NCRYPT_WRITE_KEY_TO_LEGACY_STORE_FLAG 0x00000200
_Check_return_
SECURITY_STATUS
NCryptFinalizeKey
(
_Check_return_
SECURITY_STATUS
NCryptEncrypt
(
_Check_return_
SECURITY_STATUS
NCryptDecrypt
(
#if (NTDDI_VERSION >= NTDDI_WIN8)
typedef
struct
_NCRYPT_KEY_BLOB_HEADER
{
ULONG
cbSize
;
// size of this structure
ULONG
dwMagic
;
ULONG
cbAlgName
;
// size of the algorithm, in bytes, including terminating 0
ULONG
cbKeyData
; }
NCRYPT_KEY_BLOB_HEADER
, *
PNCRYPT_KEY_BLOB_HEADER
;
#define NCRYPT_CIPHER_KEY_BLOB_MAGIC 0x52485043 // CPHR
#define NCRYPT_KDF_KEY_BLOB_MAGIC 0x3146444B // KDF1
#define NCRYPT_PROTECTED_KEY_BLOB_MAGIC 0x4B545250 // PRTK
#define NCRYPT_CIPHER_KEY_BLOB L"CipherKeyBlob"
#define NCRYPT_KDF_KEY_BLOB L"KDFKeyBlob"
#define NCRYPT_PROTECTED_KEY_BLOB L"ProtectedKeyBlob"
#endif // (NTDDI_VERSION >= NTDDI_WIN8)
typedef
struct
NCRYPT_TPM_LOADABLE_KEY_BLOB_HEADER
{
DWORD
magic
;
DWORD
cbHeader
;
DWORD
cbPublic
;
DWORD
cbPrivate
;
DWORD
cbName
; }
NCRYPT_TPM_LOADABLE_KEY_BLOB_HEADER
, *
PNCRYPT_TPM_LOADABLE_KEY_BLOB_HEADER
;
#define NCRYPT_TPM_LOADABLE_KEY_BLOB_MIN_SIZE sizeof(NCRYPT_TPM_LOADABLE_KEY_BLOB_HEADER)
#define NCRYPT_TPM_LOADABLE_KEY_BLOB L"PcpTpmProtectedKeyBlob"
#define NCRYPT_TPM_LOADABLE_KEY_BLOB_MAGIC 0x4D54504B //'MTPK'
#define NCRYPT_PKCS7_ENVELOPE_BLOB L"PKCS7_ENVELOPE"
#define NCRYPT_PKCS8_PRIVATE_KEY_BLOB L"PKCS8_PRIVATEKEY"
#define NCRYPT_OPAQUETRANSPORT_BLOB L"OpaqueTransport"
#if (NTDDI_VERSION >= NTDDI_WIN10_RS3)
#define NCRYPT_ISOLATED_KEY_ENVELOPE_BLOB L"ISOLATED_KEY_ENVELOPE" #endif
// NCryptImportKey flags
#define NCRYPT_MACHINE_KEY_FLAG 0x00000020
#define NCRYPT_DO_NOT_FINALIZE_FLAG 0x00000400
#define NCRYPT_EXPORT_LEGACY_FLAG 0x00000800
_Check_return_
SECURITY_STATUS
NCryptImportKey
(
_Check_return_
SECURITY_STATUS
NCryptExportKey
(
_Check_return_
SECURITY_STATUS
NCryptSignHash
(
_Check_return_
SECURITY_STATUS
NCryptVerifySignature
(
SECURITY_STATUS
NCryptDeleteKey
(
SECURITY_STATUS
NCryptFreeObject
( #pragma region Desktop Family or OneCore Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM)
BOOL
NCryptIsKeyHandle
(
_Check_return_
SECURITY_STATUS
NCryptTranslateHandle
(
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) */
#pragma endregion
// NCryptNotifyChangeKey flags
#define NCRYPT_REGISTER_NOTIFY_FLAG 0x00000001
#define NCRYPT_UNREGISTER_NOTIFY_FLAG 0x00000002
#define NCRYPT_MACHINE_KEY_FLAG 0x00000020
#pragma region Desktop Family or OneCore Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM)
_Check_return_
SECURITY_STATUS
NCryptNotifyChangeKey
(
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) */
#pragma endregion
_Check_return_
SECURITY_STATUS
NCryptSecretAgreement
(
_Check_return_
SECURITY_STATUS
NCryptDeriveKey
(
#if (NTDDI_VERSION >= NTDDI_WIN8)
_Check_return_
SECURITY_STATUS
NCryptKeyDerivation
(
#endif // (NTDDI_VERSION >= NTDDI_WIN8)
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
_Check_return_
SECURITY_STATUS
NCryptCreateClaim
(
#endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
_Check_return_
SECURITY_STATUS
NCryptVerifyClaim
(
#endif // (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
#define NCRYPT_KEY_STORAGE_INTERFACE_VERSION BCRYPT_MAKE_INTERFACE_VERSION(1,0)
#define NCRYPT_KEY_STORAGE_INTERFACE_VERSION_2 BCRYPT_MAKE_INTERFACE_VERSION(2,0)
#define NCRYPT_KEY_STORAGE_INTERFACE_VERSION_3 BCRYPT_MAKE_INTERFACE_VERSION(3,0)
#ifdef __cplusplus
}
// Balance extern "C" above
#endif
#if _MSC_VER >= 1200
#pragma warning(pop)
#endif
#endif // __NCRYPT_H__