Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1343 lines
56 KiB

  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1996 - 1999
  6. //
  7. // File: wintrust.h
  8. //
  9. // Contents: Microsoft Internet Security Trust Provider Model
  10. //
  11. // History: 31-May-1997 pberkman created
  12. //
  13. //--------------------------------------------------------------------------
  14. #ifndef WINTRUST_H
  15. #define WINTRUST_H
  16. #if _MSC_VER > 1000
  17. #pragma once
  18. #endif
  19. #include <wincrypt.h>
  20. #ifdef __cplusplus
  21. extern "C"
  22. {
  23. #endif
  24. #ifndef WIN_CERT_REVISION_1_0 // there were duplicate definitions in winbase.h
  25. # define WT_DEFINE_ALL_APIS
  26. #else
  27. # undef WT_DEFINE_ALL_APIS
  28. #endif
  29. //////////////////////////////////////////////////////////////////////////////
  30. //////////////////////////////////////////////////////////////////////////////
  31. //
  32. // Client definitions, typedefs, and prototypes
  33. //
  34. //////////////////////////////////////////////////////////////////////////////
  35. //////////////////////////////////////////////////////////////////////////////
  36. #include <pshpack8.h>
  37. //////////////////////////////////////////////////////////////////////////////
  38. //
  39. // WINTRUST_DATA Structure
  40. //----------------------------------------------------------------------------
  41. // Used when calling WinVerifyTrust to pass necessary information into
  42. // the Providers.
  43. //
  44. typedef struct _WINTRUST_DATA
  45. {
  46. DWORD cbStruct; // = sizeof(WINTRUST_DATA)
  47. LPVOID pPolicyCallbackData; // optional: used to pass data between the app and policy
  48. LPVOID pSIPClientData; // optional: used to pass data between the app and SIP.
  49. DWORD dwUIChoice; // required: UI choice. One of the following.
  50. # define WTD_UI_ALL 1
  51. # define WTD_UI_NONE 2
  52. # define WTD_UI_NOBAD 3
  53. # define WTD_UI_NOGOOD 4
  54. DWORD fdwRevocationChecks; // required: certificate revocation check options
  55. # define WTD_REVOKE_NONE 0x00000000
  56. # define WTD_REVOKE_WHOLECHAIN 0x00000001
  57. DWORD dwUnionChoice; // required: which structure is being passed in?
  58. # define WTD_CHOICE_FILE 1
  59. # define WTD_CHOICE_CATALOG 2
  60. # define WTD_CHOICE_BLOB 3
  61. # define WTD_CHOICE_SIGNER 4
  62. # define WTD_CHOICE_CERT 5
  63. union
  64. {
  65. struct WINTRUST_FILE_INFO_ *pFile; // individual file
  66. struct WINTRUST_CATALOG_INFO_ *pCatalog; // member of a Catalog File
  67. struct WINTRUST_BLOB_INFO_ *pBlob; // memory blob
  68. struct WINTRUST_SGNR_INFO_ *pSgnr; // signer structure only
  69. struct WINTRUST_CERT_INFO_ *pCert;
  70. };
  71. DWORD dwStateAction; // optional (Catalog File Processing)
  72. # define WTD_STATEACTION_IGNORE 0x00000000
  73. # define WTD_STATEACTION_VERIFY 0x00000001
  74. # define WTD_STATEACTION_CLOSE 0x00000002
  75. # define WTD_STATEACTION_AUTO_CACHE 0x00000003
  76. # define WTD_STATEACTION_AUTO_CACHE_FLUSH 0x00000004
  77. HANDLE hWVTStateData; // optional (Catalog File Processing)
  78. WCHAR *pwszURLReference; // optional: (future) used to determine zone.
  79. // 17-Feb-1998 philh: added
  80. DWORD dwProvFlags;
  81. # define WTD_PROV_FLAGS_MASK 0x0000FFFF
  82. # define WTD_USE_IE4_TRUST_FLAG 0x00000001
  83. # define WTD_NO_IE4_CHAIN_FLAG 0x00000002
  84. # define WTD_NO_POLICY_USAGE_FLAG 0x00000004
  85. # define WTD_REVOCATION_CHECK_NONE 0x00000010
  86. # define WTD_REVOCATION_CHECK_END_CERT 0x00000020
  87. # define WTD_REVOCATION_CHECK_CHAIN 0x00000040
  88. # define WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000080
  89. # define WTD_SAFER_FLAG 0x00000100
  90. # define WTD_HASH_ONLY_FLAG 0x00000200
  91. # define WTD_USE_DEFAULT_OSVER_CHECK 0x00000400
  92. # define WTD_LIFETIME_SIGNING_FLAG 0x00000800
  93. # define WTD_CACHE_ONLY_URL_RETRIEVAL 0x00001000 // affects CRL retrieval and AIA retrieval
  94. } WINTRUST_DATA, *PWINTRUST_DATA;
  95. //////////////////////////////////////////////////////////////////////////////
  96. //
  97. // WINTRUST_FILE_INFO Structure
  98. //----------------------------------------------------------------------------
  99. // Used when calling WinVerifyTrust against an individual file.
  100. //
  101. typedef struct WINTRUST_FILE_INFO_
  102. {
  103. DWORD cbStruct; // = sizeof(WINTRUST_FILE_INFO)
  104. LPCWSTR pcwszFilePath; // required, file name to be verified
  105. HANDLE hFile; // optional, open handle to pcwszFilePath
  106. // 09-Dec-1997 pberkman: added
  107. GUID *pgKnownSubject; // optional: fill if the subject type is known.
  108. } WINTRUST_FILE_INFO, *PWINTRUST_FILE_INFO;
  109. //////////////////////////////////////////////////////////////////////////////
  110. //
  111. // WINTRUST_CATALOG_INFO Structure
  112. //----------------------------------------------------------------------------
  113. // Used when calling WinVerifyTrust against a member of a Microsoft Catalog
  114. // file.
  115. //
  116. typedef struct WINTRUST_CATALOG_INFO_
  117. {
  118. DWORD cbStruct; // = sizeof(WINTRUST_CATALOG_INFO)
  119. DWORD dwCatalogVersion; // optional: Catalog version number
  120. LPCWSTR pcwszCatalogFilePath; // required: path/name to Catalog file
  121. LPCWSTR pcwszMemberTag; // required: tag to member in Catalog
  122. LPCWSTR pcwszMemberFilePath; // required: path/name to member file
  123. HANDLE hMemberFile; // optional: open handle to pcwszMemberFilePath
  124. // 30-Oct-1997 pberkman: added
  125. BYTE *pbCalculatedFileHash; // optional: pass in the calculated hash
  126. DWORD cbCalculatedFileHash; // optional: pass in the count bytes of the calc hash
  127. // 15-Jan-1998 pberkman: added
  128. PCCTL_CONTEXT pcCatalogContext; // optional: pass in to use instead of CatalogFilePath.
  129. } WINTRUST_CATALOG_INFO, *PWINTRUST_CATALOG_INFO;
  130. //////////////////////////////////////////////////////////////////////////////
  131. //
  132. // WINTRUST_BLOB_INFO Structure
  133. //----------------------------------------------------------------------------
  134. // Used when calling WinVerifyTrust against a memory blob.
  135. //
  136. typedef struct WINTRUST_BLOB_INFO_
  137. {
  138. DWORD cbStruct; // = sizeof(WINTRUST_BLOB_INFO)
  139. GUID gSubject; // SIP to load
  140. LPCWSTR pcwszDisplayName; // display name of object
  141. DWORD cbMemObject;
  142. BYTE *pbMemObject;
  143. DWORD cbMemSignedMsg;
  144. BYTE *pbMemSignedMsg;
  145. } WINTRUST_BLOB_INFO, *PWINTRUST_BLOB_INFO;
  146. //////////////////////////////////////////////////////////////////////////////
  147. //
  148. // WINTRUST_SGNR_INFO Structure
  149. //----------------------------------------------------------------------------
  150. // Used when calling WinVerifyTrust against a CMSG_SIGNER_INFO Structure
  151. //
  152. typedef struct WINTRUST_SGNR_INFO_
  153. {
  154. DWORD cbStruct; // = sizeof(WINTRUST_SGNR_INFO)
  155. LPCWSTR pcwszDisplayName; // name of the "thing" the pbMem is pointing to.
  156. CMSG_SIGNER_INFO *psSignerInfo;
  157. DWORD chStores; // number of stores in pahStores
  158. HCERTSTORE *pahStores; // array of stores to add to internal list
  159. } WINTRUST_SGNR_INFO, *PWINTRUST_SGNR_INFO;
  160. //////////////////////////////////////////////////////////////////////////////
  161. //
  162. // WINTRUST_CERT_INFO Structure
  163. //----------------------------------------------------------------------------
  164. // Used when calling WinVerifyTrust against a CERT_CONTEXT Structure
  165. //
  166. typedef struct WINTRUST_CERT_INFO_
  167. {
  168. DWORD cbStruct; // = sizeof(WINTRUST_CERT_INFO)
  169. LPCWSTR pcwszDisplayName; // display name
  170. CERT_CONTEXT *psCertContext;
  171. DWORD chStores; // number of stores in pahStores
  172. HCERTSTORE *pahStores; // array of stores to add to internal list
  173. // 17-Nov-1997 pberkman: added
  174. DWORD dwFlags;
  175. # define WTCI_DONT_OPEN_STORES 0x00000001 // only open dummy "root" all other are in pahStores.
  176. # define WTCI_OPEN_ONLY_ROOT 0x00000002
  177. // 26-Nov-1997 pberkman: added
  178. FILETIME *psftVerifyAsOf; // if not null, each cert will be validated as of this time.
  179. } WINTRUST_CERT_INFO, *PWINTRUST_CERT_INFO;
  180. #include <poppack.h>
  181. //////////////////////////////////////////////////////////////////////////////
  182. //
  183. // WinVerifyTrust
  184. //----------------------------------------------------------------------------
  185. // Exported from WINTRUST.DLL.
  186. // Call this function to verify the trust based on a digital signer.
  187. //
  188. // pWVTData points to a WINTRUST_DATA data structure.
  189. //
  190. // WTD_SAFER_FLAG should be set in WINTRUST_DATA's dwProvFlags to enable
  191. // the following semantics for the WINTRUST_ACTION_GENERIC_VERIFY_V2
  192. // policy provider specified in pgActionID:
  193. // - return TRUST_E_NOSIGNATURE if the subject isn't signed, has an
  194. // invalid signature or unable to find the signer certificate.
  195. // UI will never be displayed when not signed.
  196. // - ignore NO_CHECK revocation errors. Otherwise, continue to return
  197. // CERT_E_REVOCATION_FAILURE.
  198. // - search the code hash and publisher databases for the WTD_UI_NONE
  199. // dwUIChoice case. The default is to only search these databases when
  200. // UI has been enabled or user trust has been disabled.
  201. //
  202. //
  203. // Returns:
  204. // ERROR_SUCCESS If the trust is authenticated or
  205. // if the user accepted the risk.
  206. //
  207. // TRUST_E_PROVIDER_UNKNOWN there was an error loading one of the
  208. // required Providers.
  209. //
  210. // all error codes passed back are based on the Policy Provider used.
  211. //
  212. // The following errors are returned when the
  213. // WINTRUST_ACTION_GENERIC_VERIFY_V2 policy provider is specified in
  214. // pgActionID:
  215. //
  216. // TRUST_E_NOSIGNATURE (when WTD_SAFER_FLAG is set in dwProvFlags)
  217. // The subject isn't signed, has an invalid signature or unable
  218. // to find the signer certificate. All signature verification
  219. // errors will map to this error. Basically all errors except for
  220. // publisher or timestamp certificate verification.
  221. //
  222. // Call GetLastError() to get the underlying reason for not having
  223. // a valid signature.
  224. //
  225. // The following LastErrors indicate that the file doesn't have a
  226. // signature: TRUST_E_NOSIGNATURE, TRUST_E_SUBJECT_FORM_UNKNOWN or
  227. // TRUST_E_PROVIDER_UNKNOWN.
  228. //
  229. // UI will never be displayed for this case.
  230. //
  231. // TRUST_E_EXPLICIT_DISTRUST
  232. // Returned if the hash representing the subject is trusted as
  233. // AUTHZLEVELID_DISALLOWED or the publisher is in the "Disallowed"
  234. // store. Also returned if the publisher certificate is revoked.
  235. //
  236. // UI will never be displayed for this case.
  237. //
  238. // ERROR_SUCCESS
  239. // No UI unless noted below.
  240. //
  241. // Returned for the following:
  242. // - Hash representing the subject is trusted as
  243. // AUTHZLEVELID_FULLYTRUSTED
  244. // - The publisher certificate exists in the
  245. // "TrustedPublisher" store and there weren't any verification errors.
  246. // - UI was enabled and the user clicked "Yes" when asked
  247. // to install and run the signed subject.
  248. // - UI was disabled. No publisher or timestamp chain error.
  249. //
  250. // TRUST_E_SUBJECT_NOT_TRUSTED
  251. // UI was enabled and the the user clicked "No" when asked to install
  252. // and run the signed subject.
  253. //
  254. // CRYPT_E_SECURITY_SETTINGS
  255. // The subject hash or publisher wasn't explicitly trusted and
  256. // user trust wasn't allowed in the safer authenticode flags.
  257. // No UI will be displayed for this case.
  258. //
  259. // The subject is signed and its signature successfully
  260. // verified.
  261. //
  262. // Any publisher or timestamp chain error. If WTD_SAFER_FLAG wasn't set in
  263. // dwProvFlags, any signed code verification error.
  264. //
  265. extern LONG WINAPI WinVerifyTrust(HWND hwnd, GUID *pgActionID,
  266. LPVOID pWVTData);
  267. //////////////////////////////////////////////////////////////////////////////
  268. //
  269. // WinVerifyTrustEx
  270. //----------------------------------------------------------------------------
  271. // *** DO NOT USE ***
  272. //
  273. //
  274. extern HRESULT WINAPI WinVerifyTrustEx(HWND hwnd, GUID *pgActionID,
  275. WINTRUST_DATA *pWinTrustData);
  276. //////////////////////////////////////////////////////////////////////////////
  277. //////////////////////////////////////////////////////////////////////////////
  278. //
  279. // Trust, Policy, and UI Provider definitions, typedefs, and prototypes
  280. //
  281. // Model:
  282. // A client wishing to validate trust through WinVerifyTrust will
  283. // select an appropriate Action ID guid for the call.
  284. // This guid is defined by each Policy Provider and represents the
  285. // functions called based on the policy for the given object.
  286. //
  287. // In this model, the Policy Provider determines which style of UI
  288. // will be shown to the user (this only applies to style, the
  289. // determination of whether UI is displayed is set by the calling client
  290. // in the UI flags member of WINTRUST_DATA).
  291. //
  292. // Since the function entry points are common (same return value and
  293. // parameters), it allows Policy Provider developers to take advantage
  294. // of existing, generic, code to fill the CRYPT_PROVIDER_DATA structure.
  295. //
  296. // This also allows the developer to simply add the specific policy they
  297. // need, then, call the generic Policy Provider - if appropriate.
  298. //
  299. //////////////////////////////////////////////////////////////////////////////
  300. //////////////////////////////////////////////////////////////////////////////
  301. //////////////////////////////////////////////////////////////////////////////
  302. //
  303. // Wintrust Policy Flags
  304. //----------------------------------------------------------------------------
  305. // These are set during install and can be modified by the user
  306. // through various means. The SETREG.EXE utility (found in the Authenticode
  307. // Tools Pack) will select/deselect each of them.
  308. //
  309. #define WTPF_TRUSTTEST 0x00000020 // trust any "TEST" certificate
  310. #define WTPF_TESTCANBEVALID 0x00000080
  311. #define WTPF_IGNOREEXPIRATION 0x00000100 // Use expiration date
  312. #define WTPF_IGNOREREVOKATION 0x00000200 // Do revocation check
  313. #define WTPF_OFFLINEOK_IND 0x00000400 // off-line is ok individual certs
  314. #define WTPF_OFFLINEOK_COM 0x00000800 // off-line is ok commercial certs
  315. #define WTPF_OFFLINEOKNBU_IND 0x00001000 // off-line is ok individual certs, no bad ui
  316. #define WTPF_OFFLINEOKNBU_COM 0x00002000 // off-line is ok commercial certs, no bad ui
  317. #define WTPF_VERIFY_V1_OFF 0x00010000 // turn verify of v1 certs off
  318. #define WTPF_IGNOREREVOCATIONONTS 0x00020000 // ignore TimeStamp revocation checks
  319. #define WTPF_ALLOWONLYPERTRUST 0x00040000 // allow only items in personal trust db.
  320. //////////////////////////////////////////////////////////////////////////////
  321. //
  322. // WintrustGetRegPolicyFlags
  323. //----------------------------------------------------------------------------
  324. // This API call is exported from WINTRUST.DLL and is the recommended method
  325. // of retrieving the DWORD representing the Policy Flags.
  326. //
  327. extern void WINAPI WintrustGetRegPolicyFlags(DWORD *pdwPolicyFlags);
  328. //////////////////////////////////////////////////////////////////////////////
  329. //
  330. // WintrustSetRegPolicyFlags
  331. //----------------------------------------------------------------------------
  332. // This API call is exported from WINTRUST.DLL and is the recommended method
  333. // of setting the DWORD representing the Policy Flags. MAKE SURE to call
  334. // WintrustGetRegPolicyFlags to get the current value and or/and the value
  335. // you need then call the set the flags.
  336. //
  337. extern BOOL WINAPI WintrustSetRegPolicyFlags(DWORD dwPolicyFlags);
  338. //////////////////////////////////////////////////////////////////////////////
  339. //
  340. // Trust Provider "Step" Error defines
  341. //----------------------------------------------------------------------------
  342. // Each "step" of the Trust process has an error "slot" associated with it.
  343. // If an error occurs, the "step" will assign its result to this "slot". These
  344. // errors can be any valid WINERROR.H HRESULT code.
  345. //
  346. //
  347. // step errors 0 through 20 are reserved for Authenticode specific. If
  348. // you are not calling any of the SOFTPUB.DLL (Authenticode) providers, you
  349. // may use these as needed.
  350. //
  351. #define TRUSTERROR_STEP_WVTPARAMS 0
  352. #define TRUSTERROR_STEP_FILEIO 2
  353. #define TRUSTERROR_STEP_SIP 3
  354. #define TRUSTERROR_STEP_SIPSUBJINFO 5
  355. #define TRUSTERROR_STEP_CATALOGFILE 6
  356. #define TRUSTERROR_STEP_CERTSTORE 7
  357. #define TRUSTERROR_STEP_MESSAGE 8
  358. #define TRUSTERROR_STEP_MSG_SIGNERCOUNT 9
  359. #define TRUSTERROR_STEP_MSG_INNERCNTTYPE 10
  360. #define TRUSTERROR_STEP_MSG_INNERCNT 11
  361. #define TRUSTERROR_STEP_MSG_STORE 12
  362. #define TRUSTERROR_STEP_MSG_SIGNERINFO 13
  363. #define TRUSTERROR_STEP_MSG_SIGNERCERT 14
  364. #define TRUSTERROR_STEP_MSG_CERTCHAIN 15
  365. #define TRUSTERROR_STEP_MSG_COUNTERSIGINFO 16
  366. #define TRUSTERROR_STEP_MSG_COUNTERSIGCERT 17
  367. #define TRUSTERROR_STEP_VERIFY_MSGHASH 18
  368. #define TRUSTERROR_STEP_VERIFY_MSGINDIRECTDATA 19
  369. //
  370. // step errors 30 through 37 are reserved for the ending error code for each
  371. // entry point in the Trust Model.
  372. //
  373. #define TRUSTERROR_STEP_FINAL_WVTINIT 30
  374. #define TRUSTERROR_STEP_FINAL_INITPROV 31
  375. #define TRUSTERROR_STEP_FINAL_OBJPROV 32
  376. #define TRUSTERROR_STEP_FINAL_SIGPROV 33
  377. #define TRUSTERROR_STEP_FINAL_CERTPROV 34
  378. #define TRUSTERROR_STEP_FINAL_CERTCHKPROV 35
  379. #define TRUSTERROR_STEP_FINAL_POLICYPROV 36
  380. #define TRUSTERROR_STEP_FINAL_UIPROV 37
  381. #define TRUSTERROR_MAX_STEPS 38
  382. //////////////////////////////////////////////////////////////////////////////
  383. //
  384. // allocation and free function prototypes
  385. //----------------------------------------------------------------------------
  386. //
  387. typedef void *(*PFN_CPD_MEM_ALLOC)(IN DWORD cbSize);
  388. typedef void (*PFN_CPD_MEM_FREE)(IN void *pvMem2Free);
  389. typedef BOOL (*PFN_CPD_ADD_STORE)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
  390. IN HCERTSTORE hStore2Add);
  391. typedef BOOL (*PFN_CPD_ADD_SGNR)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
  392. IN BOOL fCounterSigner,
  393. IN OPTIONAL DWORD idxSigner,
  394. IN struct _CRYPT_PROVIDER_SGNR *pSgnr2Add);
  395. typedef BOOL (*PFN_CPD_ADD_CERT)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
  396. IN DWORD idxSigner,
  397. IN BOOL fCounterSigner,
  398. IN OPTIONAL DWORD idxCounterSigner,
  399. IN PCCERT_CONTEXT pCert2Add);
  400. typedef BOOL (*PFN_CPD_ADD_PRIVDATA)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
  401. IN struct _CRYPT_PROVIDER_PRIVDATA *pPrivData2Add);
  402. //////////////////////////////////////////////////////////////////////////////
  403. //
  404. // Provider function prototypes
  405. //----------------------------------------------------------------------------
  406. //
  407. //
  408. // entry point for the object provider
  409. //
  410. typedef HRESULT (*PFN_PROVIDER_INIT_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  411. //
  412. // entry point for the object provider
  413. //
  414. typedef HRESULT (*PFN_PROVIDER_OBJTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  415. //
  416. // entry point for the Signature Provider
  417. //
  418. typedef HRESULT (*PFN_PROVIDER_SIGTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  419. //
  420. // entry point for the Certificate Provider
  421. //
  422. typedef HRESULT (*PFN_PROVIDER_CERTTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  423. //
  424. // entry point for the Policy Provider's final call (from the trust provider)
  425. //
  426. typedef HRESULT (*PFN_PROVIDER_FINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  427. //
  428. // entry point for the Policy Provider's "dump structure" call
  429. //
  430. typedef HRESULT (*PFN_PROVIDER_TESTFINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  431. //
  432. // entry point for the Policy Provider's clean up routine for any PRIVDATA allocated
  433. //
  434. typedef HRESULT (*PFN_PROVIDER_CLEANUP_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  435. //
  436. // entry point for the Policy Provider's Cert Check call. This will return
  437. // true if the Trust Provider is to continue building the certificate chain.
  438. // If the PP returns FALSE, it is assumed that we have reached a "TRUSTED",
  439. // self-signed, root. it is also the CertCheck's responsibility to set the
  440. // fTrustedRoot flag in the certificate structure.
  441. //
  442. typedef BOOL (*PFN_PROVIDER_CERTCHKPOLICY_CALL)( IN struct _CRYPT_PROVIDER_DATA *pProvData,
  443. IN DWORD idxSigner,
  444. IN BOOL fCounterSignerChain,
  445. IN OPTIONAL DWORD idxCounterSigner);
  446. #define WVT_OFFSETOF(t,f) ((ULONG)((ULONG_PTR)(&((t*)0)->f)))
  447. #define WVT_ISINSTRUCT(structtypedef, structpassedsize, member) \
  448. ((WVT_OFFSETOF(structtypedef, member) < structpassedsize) ? TRUE : FALSE)
  449. #define WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(structtypedef, structpassedsize, member) \
  450. WVT_ISINSTRUCT(structtypedef, structpassedsize, member)
  451. #include <pshpack8.h>
  452. //////////////////////////////////////////////////////////////////////////////
  453. //
  454. // CRYPT_PROVIDER_DATA Structure
  455. //----------------------------------------------------------------------------
  456. // Used to pass information between WinVerifyTrust and all of the Provider
  457. // calls.
  458. //
  459. // IMPORTANT: 1. All dynamically allocated members MUST use the allocation
  460. // and Add2 functions provided.
  461. //
  462. typedef struct _CRYPT_PROVIDER_DATA
  463. {
  464. DWORD cbStruct; // = sizeof(TRUST_PROVIDER_DATA) (set in WVT)
  465. WINTRUST_DATA *pWintrustData; // NOT verified (set in WVT)
  466. BOOL fOpenedFile; // the provider opened the file handle (if applicable)
  467. HWND hWndParent; // if passed in, else, Desktop hWnd (set in WVT).
  468. GUID *pgActionID; // represents the Provider combination (set in WVT).
  469. HCRYPTPROV hProv; // set to NULL to let CryptoAPI to assign.
  470. DWORD dwError; // error if a low-level, system error was encountered
  471. DWORD dwRegSecuritySettings; // ie security settings (set in WVT)
  472. DWORD dwRegPolicySettings; // setreg settings (set in WVT)
  473. struct _CRYPT_PROVIDER_FUNCTIONS *psPfns; // set in WVT.
  474. DWORD cdwTrustStepErrors; // set in WVT.
  475. DWORD *padwTrustStepErrors; // allocated in WVT. filled in WVT & Trust Provider
  476. DWORD chStores; // number of stores in pahStores (root set in WVT)
  477. HCERTSTORE *pahStores; // array of known stores (root set in WVT) root is ALWAYS #0!!!
  478. DWORD dwEncoding; // message encoding type (set in WVT and Signature Prov)
  479. HCRYPTMSG hMsg; // set in Signature Prov.
  480. DWORD csSigners; // use Add2 and Get functions!
  481. struct _CRYPT_PROVIDER_SGNR *pasSigners; // use Add2 and Get functions!
  482. DWORD csProvPrivData; // use Add2 and Get functions!
  483. struct _CRYPT_PROVIDER_PRIVDATA *pasProvPrivData; // use Add2 and Get functions!
  484. DWORD dwSubjectChoice;
  485. # define CPD_CHOICE_SIP 1
  486. union
  487. {
  488. struct _PROVDATA_SIP *pPDSip;
  489. };
  490. char *pszUsageOID; // set in Init Provider
  491. // 03-Oct-1997 pberkman: added
  492. BOOL fRecallWithState; // state was maintained for Catalog Files.
  493. // 10-Nov-1997 pberkman: added
  494. FILETIME sftSystemTime;
  495. // 16-Jan-1998 pberkman: added
  496. char *pszCTLSignerUsageOID;
  497. // 17-Feb-1998 philh: added
  498. // LOWORD intialized from WINTRUST_DATA's dwProvFlags.
  499. DWORD dwProvFlags;
  500. # define CPD_USE_NT5_CHAIN_FLAG 0x80000000
  501. # define CPD_REVOCATION_CHECK_NONE 0x00010000
  502. # define CPD_REVOCATION_CHECK_END_CERT 0x00020000
  503. # define CPD_REVOCATION_CHECK_CHAIN 0x00040000
  504. # define CPD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00080000
  505. // 24-Feb-1998 philh: added
  506. DWORD dwFinalError;
  507. // 20-May-1998 KeithV: added
  508. PCERT_USAGE_MATCH pRequestUsage;
  509. // 02-Aug-2000 philh: added
  510. DWORD dwTrustPubSettings;
  511. } CRYPT_PROVIDER_DATA, *PCRYPT_PROVIDER_DATA;
  512. //////////////////////////////////////////////////////////////////////////////
  513. //
  514. // CRYPT_PROVIDER_FUNCTIONS structure
  515. //----------------------------------------------------------------------------
  516. //
  517. typedef struct _CRYPT_PROVIDER_FUNCTIONS
  518. {
  519. DWORD cbStruct;
  520. PFN_CPD_MEM_ALLOC pfnAlloc; // set in WVT
  521. PFN_CPD_MEM_FREE pfnFree; // set in WVT
  522. PFN_CPD_ADD_STORE pfnAddStore2Chain; // call to add a store to the chain.
  523. PFN_CPD_ADD_SGNR pfnAddSgnr2Chain; // call to add a sgnr struct to a msg struct sgnr chain
  524. PFN_CPD_ADD_CERT pfnAddCert2Chain; // call to add a cert struct to a sgnr struct cert chain
  525. PFN_CPD_ADD_PRIVDATA pfnAddPrivData2Chain; // call to add provider private data to struct.
  526. PFN_PROVIDER_INIT_CALL pfnInitialize; // initialize Policy data.
  527. PFN_PROVIDER_OBJTRUST_CALL pfnObjectTrust; // build info up to the signer info(s).
  528. PFN_PROVIDER_SIGTRUST_CALL pfnSignatureTrust; // build info to the signing cert
  529. PFN_PROVIDER_CERTTRUST_CALL pfnCertificateTrust; // build the chain
  530. PFN_PROVIDER_FINALPOLICY_CALL pfnFinalPolicy; // final call to policy
  531. PFN_PROVIDER_CERTCHKPOLICY_CALL pfnCertCheckPolicy; // check each cert will building chain
  532. PFN_PROVIDER_TESTFINALPOLICY_CALL pfnTestFinalPolicy; // dump structures to a file (or whatever the policy chooses)
  533. struct _CRYPT_PROVUI_FUNCS *psUIpfns;
  534. // 23-Jul-1997 pberkman: added
  535. PFN_PROVIDER_CLEANUP_CALL pfnCleanupPolicy; // PRIVDATA cleanup routine.
  536. } CRYPT_PROVIDER_FUNCTIONS, *PCRYPT_PROVIDER_FUNCTIONS;
  537. //////////////////////////////////////////////////////////////////////////////
  538. //
  539. // CRYPT_PROVUI_FUNCS structure
  540. //----------------------------------------------------------------------------
  541. //
  542. typedef BOOL (*PFN_PROVUI_CALL)(IN HWND hWndSecurityDialog, IN struct _CRYPT_PROVIDER_DATA *pProvData);
  543. typedef struct _CRYPT_PROVUI_FUNCS
  544. {
  545. DWORD cbStruct;
  546. struct _CRYPT_PROVUI_DATA *psUIData;
  547. PFN_PROVUI_CALL pfnOnMoreInfoClick;
  548. PFN_PROVUI_CALL pfnOnMoreInfoClickDefault;
  549. PFN_PROVUI_CALL pfnOnAdvancedClick;
  550. PFN_PROVUI_CALL pfnOnAdvancedClickDefault;
  551. } CRYPT_PROVUI_FUNCS, *PCRYPT_PROVUI_FUNCS;
  552. //////////////////////////////////////////////////////////////////////////////
  553. //
  554. // CRYPT_PROVUI_DATA
  555. //----------------------------------------------------------------------------
  556. //
  557. typedef struct _CRYPT_PROVUI_DATA
  558. {
  559. DWORD cbStruct;
  560. DWORD dwFinalError;
  561. WCHAR *pYesButtonText; // default: "&Yes"
  562. WCHAR *pNoButtonText; // default: "&No"
  563. WCHAR *pMoreInfoButtonText; // default: "&More Info"
  564. WCHAR *pAdvancedLinkText; // default: <none>
  565. // 15-Sep-1997 pberkman: added
  566. // good: default:
  567. // "Do you want to install and run ""%1"" signed on %2 and distributed by:"
  568. WCHAR *pCopyActionText;
  569. // good no time stamp: default:
  570. // "Do you want to install and run ""%1"" signed on an unknown date/time and distributed by:"
  571. WCHAR *pCopyActionTextNoTS;
  572. // bad: default:
  573. // "Do you want to install and run ""%1""?"
  574. WCHAR *pCopyActionTextNotSigned;
  575. } CRYPT_PROVUI_DATA, *PCRYPT_PROVUI_DATA;
  576. //////////////////////////////////////////////////////////////////////////////
  577. //
  578. // CRYPT_PROVIDER_SGNR structure
  579. //----------------------------------------------------------------------------
  580. // After the Signature Provider is finished there will be zero to many of these
  581. // filled out. One for each signer of the message. Also, there will be zero
  582. // to many of these filled out inside this structure. One for each counter
  583. // signer of the signer.
  584. //
  585. // IMPORTANT: 1. All dynamically allocated members MUST use allocation
  586. // and Add2 functions provided.
  587. //
  588. typedef struct _CRYPT_PROVIDER_SGNR
  589. {
  590. DWORD cbStruct;
  591. FILETIME sftVerifyAsOf; // either today's filetime or the timestamps
  592. DWORD csCertChain; // use Add2 and Get functions!
  593. struct _CRYPT_PROVIDER_CERT *pasCertChain; // use Add2 and Get functions!
  594. DWORD dwSignerType; // set if known by policy
  595. # define SGNR_TYPE_TIMESTAMP 0x00000010
  596. CMSG_SIGNER_INFO *psSigner; // must use the pfnAlloc allocator!
  597. DWORD dwError; // error encounted while building/verifying the signer.
  598. DWORD csCounterSigners; // use Add2 and Get functions!
  599. struct _CRYPT_PROVIDER_SGNR *pasCounterSigners; // use Add2 and Get functions!
  600. // 11-Feb-1998 philh: added
  601. PCCERT_CHAIN_CONTEXT pChainContext;
  602. } CRYPT_PROVIDER_SGNR, *PCRYPT_PROVIDER_SGNR;
  603. //////////////////////////////////////////////////////////////////////////////
  604. //
  605. // CRYPT_PROVIDER_CERT structure
  606. //----------------------------------------------------------------------------
  607. // After the Signature and Certificate Providers are finished there will
  608. // be zero to many of these filled out in the CRYPT_PROVIDER_SGNR
  609. // structure. One for each certificate in the chain.
  610. //
  611. //
  612. typedef struct _CRYPT_PROVIDER_CERT
  613. {
  614. DWORD cbStruct;
  615. PCCERT_CONTEXT pCert; // must have its own ref-count!
  616. BOOL fCommercial;
  617. BOOL fTrustedRoot; // certchk policy should set this.
  618. BOOL fSelfSigned; // set in cert provider
  619. BOOL fTestCert; // certchk policy will set
  620. DWORD dwRevokedReason;
  621. DWORD dwConfidence; // set in the Certificate Provider
  622. # define CERT_CONFIDENCE_SIG 0x10000000 // this cert
  623. # define CERT_CONFIDENCE_TIME 0x01000000 // issuer cert
  624. # define CERT_CONFIDENCE_TIMENEST 0x00100000 // this cert
  625. # define CERT_CONFIDENCE_AUTHIDEXT 0x00010000 // this cert
  626. # define CERT_CONFIDENCE_HYGIENE 0x00001000 // this cert
  627. # define CERT_CONFIDENCE_HIGHEST 0x11111000
  628. DWORD dwError;
  629. CTL_CONTEXT *pTrustListContext;
  630. // 16-Jan-1998 pberkman: added
  631. BOOL fTrustListSignerCert;
  632. // 25-Feb-1998 philh: added
  633. //
  634. // The following two are only applicable to Self Signed certificates
  635. // residing in a CTL.
  636. PCCTL_CONTEXT pCtlContext;
  637. DWORD dwCtlError;
  638. // 12-Mar-1998 philh: added
  639. BOOL fIsCyclic;
  640. // 12-Oct-2000 DSIE: added
  641. PCERT_CHAIN_ELEMENT pChainElement;
  642. } CRYPT_PROVIDER_CERT, *PCRYPT_PROVIDER_CERT;
  643. //////////////////////////////////////////////////////////////////////////////
  644. //
  645. // CRYPT_PROVIDER_PRIVDATA structure
  646. //----------------------------------------------------------------------------
  647. // This structure is to allow Policy Provider functions to share
  648. // POLICY SPECIFIC data between Policy Functions.
  649. // The Policy must use the pfnAddPrivateData2Chain function and
  650. // must free any data within the member before the Final Policy returns
  651. // to WVT.
  652. // To allow multiple providers to use this feature, each provider that
  653. // uses this member must set the provider ID to it's Action ID so that
  654. // the provider can find its data and ignore any other.
  655. //
  656. typedef struct _CRYPT_PROVIDER_PRIVDATA
  657. {
  658. DWORD cbStruct;
  659. GUID gProviderID;
  660. DWORD cbProvData;
  661. void *pvProvData;
  662. } CRYPT_PROVIDER_PRIVDATA, *PCRYPT_PROVIDER_PRIVDATA;
  663. //////////////////////////////////////////////////////////////////////////////
  664. //
  665. // PROVDATA_SIP
  666. //----------------------------------------------------------------------------
  667. //
  668. typedef struct _PROVDATA_SIP
  669. {
  670. DWORD cbStruct; // = sizeof(PROVDATA_SIP)
  671. GUID gSubject; // subject guid of file/member file. (set in Sig Prov)
  672. struct SIP_DISPATCH_INFO_ *pSip; // set in Sig Prov - defined in sipbase.h
  673. struct SIP_DISPATCH_INFO_ *pCATSip; // set in Sig Prov - defined in sipbase.h
  674. struct SIP_SUBJECTINFO_ *psSipSubjectInfo; // set in Sig Prov - defined in sipbase.h
  675. struct SIP_SUBJECTINFO_ *psSipCATSubjectInfo; // set in Sig Prov - defined in sipbase.h
  676. struct SIP_INDIRECT_DATA_ *psIndirectData; // set in Sig Prov - defined in sipbase.h
  677. } PROVDATA_SIP, *PPROVDATA_SIP;
  678. //////////////////////////////////////////////////////////////////////////////
  679. //
  680. // structures used to register action IDs
  681. //----------------------------------------------------------------------------
  682. //
  683. #define WT_CURRENT_VERSION 0x00000200
  684. typedef struct _CRYPT_TRUST_REG_ENTRY
  685. {
  686. DWORD cbStruct;
  687. WCHAR *pwszDLLName;
  688. WCHAR *pwszFunctionName; // no more than WT_MAX_FUNC_NAME!
  689. } CRYPT_TRUST_REG_ENTRY, *PCRYPT_TRUST_REG_ENTRY;
  690. typedef struct _CRYPT_REGISTER_ACTIONID
  691. {
  692. DWORD cbStruct;
  693. CRYPT_TRUST_REG_ENTRY sInitProvider;
  694. CRYPT_TRUST_REG_ENTRY sObjectProvider;
  695. CRYPT_TRUST_REG_ENTRY sSignatureProvider;
  696. CRYPT_TRUST_REG_ENTRY sCertificateProvider;
  697. CRYPT_TRUST_REG_ENTRY sCertificatePolicyProvider;
  698. CRYPT_TRUST_REG_ENTRY sFinalPolicyProvider;
  699. CRYPT_TRUST_REG_ENTRY sTestPolicyProvider;
  700. // 23-Jul-1997 pberkman: added
  701. CRYPT_TRUST_REG_ENTRY sCleanupProvider;
  702. } CRYPT_REGISTER_ACTIONID, *PCRYPT_REGISTER_ACTIONID;
  703. typedef BOOL (*PFN_ALLOCANDFILLDEFUSAGE)(IN const char *pszUsageOID,
  704. IN struct _CRYPT_PROVIDER_DEFUSAGE *psDefUsage);
  705. typedef BOOL (*PFN_FREEDEFUSAGE)(IN const char *pszUsageOID,
  706. IN struct _CRYPT_PROVIDER_DEFUSAGE *psDefUsage);
  707. typedef struct _CRYPT_PROVIDER_REGDEFUSAGE
  708. {
  709. DWORD cbStruct; // = sizeof CRYPT_PROVIDER_REGDEFUSAGE
  710. GUID *pgActionID;
  711. WCHAR *pwszDllName;
  712. char *pwszLoadCallbackDataFunctionName;
  713. char *pwszFreeCallbackDataFunctionName;
  714. } CRYPT_PROVIDER_REGDEFUSAGE, *PCRYPT_PROVIDER_REGDEFUSAGE;
  715. typedef struct _CRYPT_PROVIDER_DEFUSAGE
  716. {
  717. DWORD cbStruct; // = sizeof CRYPT_PROVIDER_DEFUSAGE
  718. GUID gActionID; // ActionID of provider
  719. LPVOID pDefPolicyCallbackData; // normally filled in WINTRUST_DATA
  720. LPVOID pDefSIPClientData; // normally filled in WINTRUST_DATA
  721. } CRYPT_PROVIDER_DEFUSAGE, *PCRYPT_PROVIDER_DEFUSAGE;
  722. #include <poppack.h>
  723. //////////////////////////////////////////////////////////////////////////////
  724. //
  725. // WINTRUST.DLL Provider defines
  726. //----------------------------------------------------------------------------
  727. // The following are definitions of the Microsoft Generic Cert Provider
  728. //
  729. #define WT_PROVIDER_DLL_NAME L"WINTRUST.DLL"
  730. #define WT_PROVIDER_CERTTRUST_FUNCTION L"WintrustCertificateTrust"
  731. //////////////////////////////////////////////////////////////////////////////
  732. //
  733. // WintrustAddActionID
  734. //----------------------------------------------------------------------------
  735. // Adds a new Provider combination to the users'
  736. // system. Creates all necessary registry entries, etc. This should be done
  737. // during the Policy Provider's DllRegisterServer.
  738. //
  739. // *** THE ONLY ONE WHO SHOULD CALL THIS IS THE POLICY PROVIDER ***
  740. //
  741. // Returns:
  742. // TRUE: No fatal errors
  743. // FALSE: Errors occured. See GetLastError()
  744. //
  745. extern BOOL WINAPI WintrustAddActionID(IN GUID *pgActionID,
  746. IN DWORD fdwFlags,
  747. IN CRYPT_REGISTER_ACTIONID *psProvInfo);
  748. // By default, WintrustAddActionID doesn't return registry errors.
  749. // Set this flag to return registry errors. If FALSE is returned,
  750. // LastError is set.
  751. #define WT_ADD_ACTION_ID_RET_RESULT_FLAG 0x1
  752. //////////////////////////////////////////////////////////////////////////////
  753. //
  754. // WintrustRemoveActionID
  755. //----------------------------------------------------------------------------
  756. // Removes the Provider action combination from the users'
  757. // system.
  758. //
  759. // Returns:
  760. // TRUE: No fatal errors
  761. // FALSE: Errors occured. See GetLastError()
  762. //
  763. extern BOOL WINAPI WintrustRemoveActionID(IN GUID *pgActionID);
  764. //////////////////////////////////////////////////////////////////////////////
  765. //
  766. // WintrustLoadFunctionPointers
  767. //----------------------------------------------------------------------------
  768. // Retrieves the function entry points based on the Action ID given.
  769. //
  770. // Returns:
  771. // TRUE success.
  772. // FALSE fail.
  773. //
  774. extern BOOL WINAPI WintrustLoadFunctionPointers(GUID *pgActionID, CRYPT_PROVIDER_FUNCTIONS *pPfns);
  775. //////////////////////////////////////////////////////////////////////////////
  776. //
  777. // WintrustAddDefaultForUsage
  778. //----------------------------------------------------------------------------
  779. // Sets the default Action ID for the usage. If the provider uses this
  780. // function, and the provider requires any of the "callback" data in
  781. // WINTRUST_DATA to be filled out, it MUST completely fill out the
  782. // CRYPT_PROVIDER_REGDEFUSAGE structure.
  783. //
  784. // Returns:
  785. // TRUE success.
  786. // FALSE fail.
  787. //
  788. extern BOOL WINAPI WintrustAddDefaultForUsage(IN const char *pszUsageOID,
  789. IN CRYPT_PROVIDER_REGDEFUSAGE *psDefUsage);
  790. //////////////////////////////////////////////////////////////////////////////
  791. //
  792. // WintrustGetDefaultForUsage
  793. //----------------------------------------------------------------------------
  794. // Retrieves the Action ID and default callback data for the specified usage
  795. //
  796. // this function must be called again with dwAction set to FREE to deallocate
  797. //
  798. //
  799. // Returns:
  800. // TRUE success.
  801. // FALSE fail.
  802. //
  803. #define DWACTION_ALLOCANDFILL 1
  804. #define DWACTION_FREE 2
  805. extern BOOL WINAPI WintrustGetDefaultForUsage(IN DWORD dwAction,
  806. IN const char *pszUsageOID,
  807. IN OUT CRYPT_PROVIDER_DEFUSAGE *psUsage);
  808. extern CRYPT_PROVIDER_SGNR * WINAPI WTHelperGetProvSignerFromChain(CRYPT_PROVIDER_DATA *pProvData,
  809. DWORD idxSigner,
  810. BOOL fCounterSigner,
  811. DWORD idxCounterSigner);
  812. extern CRYPT_PROVIDER_CERT * WINAPI WTHelperGetProvCertFromChain(CRYPT_PROVIDER_SGNR *pSgnr,
  813. DWORD idxCert);
  814. extern CRYPT_PROVIDER_DATA * WINAPI WTHelperProvDataFromStateData(HANDLE hStateData);
  815. extern CRYPT_PROVIDER_PRIVDATA * WINAPI WTHelperGetProvPrivateDataFromChain(CRYPT_PROVIDER_DATA *pProvData,
  816. GUID *pgProviderID);
  817. extern BOOL WINAPI WTHelperCertIsSelfSigned(DWORD dwEncoding, CERT_INFO *pCert);
  818. //////////////////////////////////////////////////////////////////////////////
  819. //
  820. // Supported ASN structures contained in WINTRUST.DLL
  821. //----------------------------------------------------------------------------
  822. //
  823. #include <pshpack8.h>
  824. //
  825. // CTL Trusted CA Lists
  826. //
  827. #define szOID_TRUSTED_CODESIGNING_CA_LIST "1.3.6.1.4.1.311.2.2.1"
  828. #define szOID_TRUSTED_CLIENT_AUTH_CA_LIST "1.3.6.1.4.1.311.2.2.2"
  829. #define szOID_TRUSTED_SERVER_AUTH_CA_LIST "1.3.6.1.4.1.311.2.2.3"
  830. //
  831. // encode/decode OID defines
  832. //
  833. #define SPC_COMMON_NAME_OBJID szOID_COMMON_NAME
  834. #define SPC_TIME_STAMP_REQUEST_OBJID "1.3.6.1.4.1.311.3.2.1"
  835. #define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4"
  836. #define SPC_SP_AGENCY_INFO_OBJID "1.3.6.1.4.1.311.2.1.10"
  837. #define SPC_STATEMENT_TYPE_OBJID "1.3.6.1.4.1.311.2.1.11"
  838. #define SPC_SP_OPUS_INFO_OBJID "1.3.6.1.4.1.311.2.1.12"
  839. #define SPC_CERT_EXTENSIONS_OBJID "1.3.6.1.4.1.311.2.1.14"
  840. #define SPC_PE_IMAGE_DATA_OBJID "1.3.6.1.4.1.311.2.1.15"
  841. #define SPC_RAW_FILE_DATA_OBJID "1.3.6.1.4.1.311.2.1.18"
  842. #define SPC_STRUCTURED_STORAGE_DATA_OBJID "1.3.6.1.4.1.311.2.1.19"
  843. #define SPC_JAVA_CLASS_DATA_OBJID "1.3.6.1.4.1.311.2.1.20"
  844. #define SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID "1.3.6.1.4.1.311.2.1.21"
  845. #define SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID "1.3.6.1.4.1.311.2.1.22"
  846. #define SPC_CAB_DATA_OBJID "1.3.6.1.4.1.311.2.1.25"
  847. #define SPC_GLUE_RDN_OBJID "1.3.6.1.4.1.311.2.1.25" // obsolete!
  848. #define SPC_MINIMAL_CRITERIA_OBJID "1.3.6.1.4.1.311.2.1.26"
  849. #define SPC_FINANCIAL_CRITERIA_OBJID "1.3.6.1.4.1.311.2.1.27"
  850. #define SPC_LINK_OBJID "1.3.6.1.4.1.311.2.1.28"
  851. #define SPC_SIGINFO_OBJID "1.3.6.1.4.1.311.2.1.30"
  852. #define CAT_NAMEVALUE_OBJID "1.3.6.1.4.1.311.12.2.1"
  853. #define CAT_MEMBERINFO_OBJID "1.3.6.1.4.1.311.12.2.2"
  854. //
  855. // encode/decode internal defines
  856. //
  857. #define SPC_SP_AGENCY_INFO_STRUCT ((LPCSTR) 2000)
  858. #define SPC_MINIMAL_CRITERIA_STRUCT ((LPCSTR) 2001)
  859. #define SPC_FINANCIAL_CRITERIA_STRUCT ((LPCSTR) 2002)
  860. #define SPC_INDIRECT_DATA_CONTENT_STRUCT ((LPCSTR) 2003)
  861. #define SPC_PE_IMAGE_DATA_STRUCT ((LPCSTR) 2004)
  862. #define SPC_LINK_STRUCT ((LPCSTR) 2005)
  863. #define SPC_STATEMENT_TYPE_STRUCT ((LPCSTR) 2006)
  864. #define SPC_SP_OPUS_INFO_STRUCT ((LPCSTR) 2007)
  865. #define SPC_CAB_DATA_STRUCT ((LPCSTR) 2008)
  866. #define SPC_JAVA_CLASS_DATA_STRUCT ((LPCSTR) 2009)
  867. #define SPC_SIGINFO_STRUCT ((LPCSTR) 2130)
  868. #define CAT_NAMEVALUE_STRUCT ((LPCSTR) 2221)
  869. #define CAT_MEMBERINFO_STRUCT ((LPCSTR) 2222)
  870. #define SPC_UUID_LENGTH 16
  871. typedef BYTE SPC_UUID[SPC_UUID_LENGTH];
  872. typedef struct _SPC_SERIALIZED_OBJECT
  873. {
  874. SPC_UUID ClassId;
  875. CRYPT_DATA_BLOB SerializedData;
  876. } SPC_SERIALIZED_OBJECT, *PSPC_SERIALIZED_OBJECT;
  877. typedef struct SPC_SIGINFO_
  878. {
  879. DWORD dwSipVersion;
  880. GUID gSIPGuid;
  881. DWORD dwReserved1;
  882. DWORD dwReserved2;
  883. DWORD dwReserved3;
  884. DWORD dwReserved4;
  885. DWORD dwReserved5;
  886. } SPC_SIGINFO, *PSPC_SIGINFO;
  887. typedef struct SPC_LINK_
  888. {
  889. DWORD dwLinkChoice;
  890. # define SPC_URL_LINK_CHOICE 1
  891. # define SPC_MONIKER_LINK_CHOICE 2
  892. # define SPC_FILE_LINK_CHOICE 3
  893. union
  894. {
  895. LPWSTR pwszUrl;
  896. SPC_SERIALIZED_OBJECT Moniker;
  897. LPWSTR pwszFile;
  898. };
  899. } SPC_LINK, *PSPC_LINK;
  900. typedef struct _SPC_PE_IMAGE_DATA
  901. {
  902. CRYPT_BIT_BLOB Flags;
  903. PSPC_LINK pFile;
  904. } SPC_PE_IMAGE_DATA, *PSPC_PE_IMAGE_DATA;
  905. typedef struct _SPC_INDIRECT_DATA_CONTENT
  906. {
  907. CRYPT_ATTRIBUTE_TYPE_VALUE Data;
  908. CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm;
  909. CRYPT_HASH_BLOB Digest;
  910. } SPC_INDIRECT_DATA_CONTENT, *PSPC_INDIRECT_DATA_CONTENT;
  911. typedef struct _SPC_FINANCIAL_CRITERIA
  912. {
  913. BOOL fFinancialInfoAvailable;
  914. BOOL fMeetsCriteria;
  915. } SPC_FINANCIAL_CRITERIA, *PSPC_FINANCIAL_CRITERIA;
  916. typedef struct _SPC_IMAGE
  917. {
  918. struct SPC_LINK_ *pImageLink;
  919. CRYPT_DATA_BLOB Bitmap;
  920. CRYPT_DATA_BLOB Metafile;
  921. CRYPT_DATA_BLOB EnhancedMetafile;
  922. CRYPT_DATA_BLOB GifFile;
  923. } SPC_IMAGE, *PSPC_IMAGE;
  924. typedef struct _SPC_SP_AGENCY_INFO
  925. {
  926. struct SPC_LINK_ *pPolicyInformation;
  927. LPWSTR pwszPolicyDisplayText;
  928. PSPC_IMAGE pLogoImage;
  929. struct SPC_LINK_ *pLogoLink;
  930. } SPC_SP_AGENCY_INFO, *PSPC_SP_AGENCY_INFO;
  931. typedef struct _SPC_STATEMENT_TYPE
  932. {
  933. DWORD cKeyPurposeId;
  934. LPSTR *rgpszKeyPurposeId; // pszObjId
  935. } SPC_STATEMENT_TYPE, *PSPC_STATEMENT_TYPE;
  936. typedef struct _SPC_SP_OPUS_INFO
  937. {
  938. LPCWSTR pwszProgramName;
  939. struct SPC_LINK_ *pMoreInfo;
  940. struct SPC_LINK_ *pPublisherInfo;
  941. } SPC_SP_OPUS_INFO, *PSPC_SP_OPUS_INFO;
  942. typedef struct _CAT_NAMEVALUE
  943. {
  944. LPWSTR pwszTag;
  945. DWORD fdwFlags;
  946. CRYPT_DATA_BLOB Value;
  947. } CAT_NAMEVALUE, *PCAT_NAMEVALUE;
  948. typedef struct _CAT_MEMBERINFO
  949. {
  950. LPWSTR pwszSubjGuid;
  951. DWORD dwCertVersion;
  952. } CAT_MEMBERINFO, *PCAT_MEMBERINFO;
  953. #include <poppack.h>
  954. //////////////////////////////////////////////////////////////////////////////////
  955. //
  956. // support for old calling convention: *** DO NOT USE ***
  957. //
  958. #ifdef WT_DEFINE_ALL_APIS
  959. typedef struct _WIN_CERTIFICATE
  960. {
  961. DWORD dwLength;
  962. WORD wRevision;
  963. WORD wCertificateType; // WIN_CERT_TYPE_xxx
  964. BYTE bCertificate[ANYSIZE_ARRAY];
  965. } WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
  966. #define WIN_CERT_REVISION_1_0 (0x0100)
  967. #define WIN_CERT_REVISION_2_0 (0x0200)
  968. #define WIN_CERT_TYPE_X509 (0x0001) // bCertificate contains an X.509 Certificate
  969. #define WIN_CERT_TYPE_PKCS_SIGNED_DATA (0x0002) // bCertificate contains a PKCS SignedData structure
  970. #define WIN_CERT_TYPE_RESERVED_1 (0x0003) // Reserved
  971. #define WIN_CERT_TYPE_TS_STACK_SIGNED (0x0004) // Terminal Server Protocol Stack Certificate signing
  972. typedef LPVOID WIN_TRUST_SUBJECT;
  973. typedef struct _WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT
  974. {
  975. HANDLE hClientToken;
  976. GUID * SubjectType;
  977. WIN_TRUST_SUBJECT Subject;
  978. } WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT, *LPWIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT ;
  979. typedef struct _WIN_TRUST_ACTDATA_SUBJECT_ONLY
  980. {
  981. GUID * SubjectType;
  982. WIN_TRUST_SUBJECT Subject;
  983. } WIN_TRUST_ACTDATA_SUBJECT_ONLY, *LPWIN_TRUST_ACTDATA_SUBJECT_ONLY;
  984. /* RawFile == 959dc450-8d9e-11cf-8736-00aa00a485eb */
  985. #define WIN_TRUST_SUBJTYPE_RAW_FILE \
  986. { 0x959dc450, \
  987. 0x8d9e, \
  988. 0x11cf, \
  989. {0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
  990. }
  991. /* PeImage == 43c9a1e0-8da0-11cf-8736-00aa00a485eb */
  992. #define WIN_TRUST_SUBJTYPE_PE_IMAGE \
  993. { 0x43c9a1e0, \
  994. 0x8da0, \
  995. 0x11cf, \
  996. {0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
  997. }
  998. /* JavaClass = 08ad3990-8da1-11cf-8736-00aa00a485eb */
  999. #define WIN_TRUST_SUBJTYPE_JAVA_CLASS \
  1000. { 0x08ad3990, \
  1001. 0x8da1, \
  1002. 0x11cf, \
  1003. {0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
  1004. }
  1005. /* Cabinet = d17c5374-a392-11cf-9df5-00aa00c184e0 */
  1006. #define WIN_TRUST_SUBJTYPE_CABINET \
  1007. { 0xd17c5374, \
  1008. 0xa392, \
  1009. 0x11cf, \
  1010. { 0x9d, 0xf5, 0x0, 0xaa, 0x0, 0xc1, 0x84, 0xe0 } \
  1011. }
  1012. typedef struct _WIN_TRUST_SUBJECT_FILE
  1013. {
  1014. HANDLE hFile;
  1015. LPCWSTR lpPath;
  1016. } WIN_TRUST_SUBJECT_FILE, *LPWIN_TRUST_SUBJECT_FILE;
  1017. #define WIN_TRUST_SUBJTYPE_RAW_FILEEX \
  1018. { 0x6f458110, \
  1019. 0xc2f1, \
  1020. 0x11cf, \
  1021. { 0x8a, 0x69, 0x0, 0xaa, 0x0, 0x6c, 0x37, 0x6 } \
  1022. }
  1023. #define WIN_TRUST_SUBJTYPE_PE_IMAGEEX \
  1024. { 0x6f458111, \
  1025. 0xc2f1, \
  1026. 0x11cf, \
  1027. { 0x8a, 0x69, 0x0, 0xaa, 0x0, 0x6c, 0x37, 0x6 } \
  1028. }
  1029. #define WIN_TRUST_SUBJTYPE_JAVA_CLASSEX \
  1030. { 0x6f458113, \
  1031. 0xc2f1, \
  1032. 0x11cf, \
  1033. { 0x8a, 0x69, 0x0, 0xaa, 0x0, 0x6c, 0x37, 0x6 } \
  1034. }
  1035. #define WIN_TRUST_SUBJTYPE_CABINETEX \
  1036. { 0x6f458114, \
  1037. 0xc2f1, \
  1038. 0x11cf, \
  1039. { 0x8a, 0x69, 0x0, 0xaa, 0x0, 0x6c, 0x37, 0x6 } \
  1040. }
  1041. typedef struct _WIN_TRUST_SUBJECT_FILE_AND_DISPLAY
  1042. {
  1043. HANDLE hFile; // handle to the open file if you got it
  1044. LPCWSTR lpPath; // the path to open if you don't
  1045. LPCWSTR lpDisplayName; // (optional) display name to show to user
  1046. } WIN_TRUST_SUBJECT_FILE_AND_DISPLAY, *LPWIN_TRUST_SUBJECT_FILE_AND_DISPLAY;
  1047. /* OleStorage == c257e740-8da0-11cf-8736-00aa00a485eb */
  1048. #define WIN_TRUST_SUBJTYPE_OLE_STORAGE \
  1049. { 0xc257e740, \
  1050. 0x8da0, \
  1051. 0x11cf, \
  1052. {0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
  1053. }
  1054. /* TrustedPublisher == 66426730-8da1-11cf-8736-00aa00a485eb */
  1055. #define WIN_SPUB_ACTION_TRUSTED_PUBLISHER \
  1056. { 0x66426730, \
  1057. 0x8da1, \
  1058. 0x11cf, \
  1059. {0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
  1060. }
  1061. /* NtActivateImage == 8bc96b00-8da1-11cf-8736-00aa00a485eb */
  1062. #define WIN_SPUB_ACTION_NT_ACTIVATE_IMAGE \
  1063. { 0x8bc96b00, \
  1064. 0x8da1, \
  1065. 0x11cf, \
  1066. {0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
  1067. }
  1068. /* PublishedSoftware == 64b9d180-8da2-11cf-8736-00aa00a485eb */
  1069. #define WIN_SPUB_ACTION_PUBLISHED_SOFTWARE \
  1070. { 0x64b9d180, \
  1071. 0x8da2, \
  1072. 0x11cf, \
  1073. {0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
  1074. }
  1075. typedef struct _WIN_SPUB_TRUSTED_PUBLISHER_DATA
  1076. {
  1077. HANDLE hClientToken;
  1078. LPWIN_CERTIFICATE lpCertificate;
  1079. } WIN_SPUB_TRUSTED_PUBLISHER_DATA, *LPWIN_SPUB_TRUSTED_PUBLISHER_DATA;
  1080. #endif
  1081. #ifdef __cplusplus
  1082. }
  1083. #endif
  1084. #endif // WINTRUST_H