You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1343 lines
56 KiB
1343 lines
56 KiB
//+-------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (C) Microsoft Corporation, 1996 - 1999
|
|
//
|
|
// File: wintrust.h
|
|
//
|
|
// Contents: Microsoft Internet Security Trust Provider Model
|
|
//
|
|
// History: 31-May-1997 pberkman created
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
#ifndef WINTRUST_H
|
|
#define WINTRUST_H
|
|
|
|
#if _MSC_VER > 1000
|
|
#pragma once
|
|
#endif
|
|
|
|
#include <wincrypt.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C"
|
|
{
|
|
#endif
|
|
|
|
|
|
#ifndef WIN_CERT_REVISION_1_0 // there were duplicate definitions in winbase.h
|
|
# define WT_DEFINE_ALL_APIS
|
|
#else
|
|
# undef WT_DEFINE_ALL_APIS
|
|
#endif
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Client definitions, typedefs, and prototypes
|
|
//
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
|
|
#include <pshpack8.h>
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_DATA Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust to pass necessary information into
|
|
// the Providers.
|
|
//
|
|
typedef struct _WINTRUST_DATA
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_DATA)
|
|
|
|
LPVOID pPolicyCallbackData; // optional: used to pass data between the app and policy
|
|
LPVOID pSIPClientData; // optional: used to pass data between the app and SIP.
|
|
|
|
DWORD dwUIChoice; // required: UI choice. One of the following.
|
|
# define WTD_UI_ALL 1
|
|
# define WTD_UI_NONE 2
|
|
# define WTD_UI_NOBAD 3
|
|
# define WTD_UI_NOGOOD 4
|
|
|
|
DWORD fdwRevocationChecks; // required: certificate revocation check options
|
|
# define WTD_REVOKE_NONE 0x00000000
|
|
# define WTD_REVOKE_WHOLECHAIN 0x00000001
|
|
|
|
DWORD dwUnionChoice; // required: which structure is being passed in?
|
|
# define WTD_CHOICE_FILE 1
|
|
# define WTD_CHOICE_CATALOG 2
|
|
# define WTD_CHOICE_BLOB 3
|
|
# define WTD_CHOICE_SIGNER 4
|
|
# define WTD_CHOICE_CERT 5
|
|
union
|
|
{
|
|
struct WINTRUST_FILE_INFO_ *pFile; // individual file
|
|
struct WINTRUST_CATALOG_INFO_ *pCatalog; // member of a Catalog File
|
|
struct WINTRUST_BLOB_INFO_ *pBlob; // memory blob
|
|
struct WINTRUST_SGNR_INFO_ *pSgnr; // signer structure only
|
|
struct WINTRUST_CERT_INFO_ *pCert;
|
|
};
|
|
|
|
DWORD dwStateAction; // optional (Catalog File Processing)
|
|
# define WTD_STATEACTION_IGNORE 0x00000000
|
|
# define WTD_STATEACTION_VERIFY 0x00000001
|
|
# define WTD_STATEACTION_CLOSE 0x00000002
|
|
# define WTD_STATEACTION_AUTO_CACHE 0x00000003
|
|
# define WTD_STATEACTION_AUTO_CACHE_FLUSH 0x00000004
|
|
|
|
HANDLE hWVTStateData; // optional (Catalog File Processing)
|
|
|
|
WCHAR *pwszURLReference; // optional: (future) used to determine zone.
|
|
|
|
// 17-Feb-1998 philh: added
|
|
DWORD dwProvFlags;
|
|
# define WTD_PROV_FLAGS_MASK 0x0000FFFF
|
|
# define WTD_USE_IE4_TRUST_FLAG 0x00000001
|
|
# define WTD_NO_IE4_CHAIN_FLAG 0x00000002
|
|
# define WTD_NO_POLICY_USAGE_FLAG 0x00000004
|
|
# define WTD_REVOCATION_CHECK_NONE 0x00000010
|
|
# define WTD_REVOCATION_CHECK_END_CERT 0x00000020
|
|
# define WTD_REVOCATION_CHECK_CHAIN 0x00000040
|
|
# define WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000080
|
|
# define WTD_SAFER_FLAG 0x00000100
|
|
# define WTD_HASH_ONLY_FLAG 0x00000200
|
|
# define WTD_USE_DEFAULT_OSVER_CHECK 0x00000400
|
|
# define WTD_LIFETIME_SIGNING_FLAG 0x00000800
|
|
# define WTD_CACHE_ONLY_URL_RETRIEVAL 0x00001000 // affects CRL retrieval and AIA retrieval
|
|
|
|
} WINTRUST_DATA, *PWINTRUST_DATA;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_FILE_INFO Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust against an individual file.
|
|
//
|
|
typedef struct WINTRUST_FILE_INFO_
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_FILE_INFO)
|
|
|
|
LPCWSTR pcwszFilePath; // required, file name to be verified
|
|
HANDLE hFile; // optional, open handle to pcwszFilePath
|
|
|
|
// 09-Dec-1997 pberkman: added
|
|
GUID *pgKnownSubject; // optional: fill if the subject type is known.
|
|
|
|
} WINTRUST_FILE_INFO, *PWINTRUST_FILE_INFO;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_CATALOG_INFO Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust against a member of a Microsoft Catalog
|
|
// file.
|
|
//
|
|
typedef struct WINTRUST_CATALOG_INFO_
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_CATALOG_INFO)
|
|
|
|
DWORD dwCatalogVersion; // optional: Catalog version number
|
|
LPCWSTR pcwszCatalogFilePath; // required: path/name to Catalog file
|
|
|
|
LPCWSTR pcwszMemberTag; // required: tag to member in Catalog
|
|
LPCWSTR pcwszMemberFilePath; // required: path/name to member file
|
|
HANDLE hMemberFile; // optional: open handle to pcwszMemberFilePath
|
|
|
|
// 30-Oct-1997 pberkman: added
|
|
BYTE *pbCalculatedFileHash; // optional: pass in the calculated hash
|
|
DWORD cbCalculatedFileHash; // optional: pass in the count bytes of the calc hash
|
|
|
|
// 15-Jan-1998 pberkman: added
|
|
PCCTL_CONTEXT pcCatalogContext; // optional: pass in to use instead of CatalogFilePath.
|
|
|
|
} WINTRUST_CATALOG_INFO, *PWINTRUST_CATALOG_INFO;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_BLOB_INFO Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust against a memory blob.
|
|
//
|
|
typedef struct WINTRUST_BLOB_INFO_
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_BLOB_INFO)
|
|
|
|
GUID gSubject; // SIP to load
|
|
|
|
LPCWSTR pcwszDisplayName; // display name of object
|
|
|
|
DWORD cbMemObject;
|
|
BYTE *pbMemObject;
|
|
|
|
DWORD cbMemSignedMsg;
|
|
BYTE *pbMemSignedMsg;
|
|
|
|
} WINTRUST_BLOB_INFO, *PWINTRUST_BLOB_INFO;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_SGNR_INFO Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust against a CMSG_SIGNER_INFO Structure
|
|
//
|
|
typedef struct WINTRUST_SGNR_INFO_
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_SGNR_INFO)
|
|
|
|
LPCWSTR pcwszDisplayName; // name of the "thing" the pbMem is pointing to.
|
|
|
|
CMSG_SIGNER_INFO *psSignerInfo;
|
|
|
|
DWORD chStores; // number of stores in pahStores
|
|
HCERTSTORE *pahStores; // array of stores to add to internal list
|
|
|
|
} WINTRUST_SGNR_INFO, *PWINTRUST_SGNR_INFO;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_CERT_INFO Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust against a CERT_CONTEXT Structure
|
|
//
|
|
typedef struct WINTRUST_CERT_INFO_
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_CERT_INFO)
|
|
|
|
LPCWSTR pcwszDisplayName; // display name
|
|
|
|
CERT_CONTEXT *psCertContext;
|
|
|
|
DWORD chStores; // number of stores in pahStores
|
|
HCERTSTORE *pahStores; // array of stores to add to internal list
|
|
|
|
// 17-Nov-1997 pberkman: added
|
|
DWORD dwFlags;
|
|
# define WTCI_DONT_OPEN_STORES 0x00000001 // only open dummy "root" all other are in pahStores.
|
|
# define WTCI_OPEN_ONLY_ROOT 0x00000002
|
|
|
|
// 26-Nov-1997 pberkman: added
|
|
FILETIME *psftVerifyAsOf; // if not null, each cert will be validated as of this time.
|
|
|
|
} WINTRUST_CERT_INFO, *PWINTRUST_CERT_INFO;
|
|
|
|
#include <poppack.h>
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WinVerifyTrust
|
|
//----------------------------------------------------------------------------
|
|
// Exported from WINTRUST.DLL.
|
|
// Call this function to verify the trust based on a digital signer.
|
|
//
|
|
// pWVTData points to a WINTRUST_DATA data structure.
|
|
//
|
|
// WTD_SAFER_FLAG should be set in WINTRUST_DATA's dwProvFlags to enable
|
|
// the following semantics for the WINTRUST_ACTION_GENERIC_VERIFY_V2
|
|
// policy provider specified in pgActionID:
|
|
// - return TRUST_E_NOSIGNATURE if the subject isn't signed, has an
|
|
// invalid signature or unable to find the signer certificate.
|
|
// UI will never be displayed when not signed.
|
|
// - ignore NO_CHECK revocation errors. Otherwise, continue to return
|
|
// CERT_E_REVOCATION_FAILURE.
|
|
// - search the code hash and publisher databases for the WTD_UI_NONE
|
|
// dwUIChoice case. The default is to only search these databases when
|
|
// UI has been enabled or user trust has been disabled.
|
|
//
|
|
//
|
|
// Returns:
|
|
// ERROR_SUCCESS If the trust is authenticated or
|
|
// if the user accepted the risk.
|
|
//
|
|
// TRUST_E_PROVIDER_UNKNOWN there was an error loading one of the
|
|
// required Providers.
|
|
//
|
|
// all error codes passed back are based on the Policy Provider used.
|
|
//
|
|
// The following errors are returned when the
|
|
// WINTRUST_ACTION_GENERIC_VERIFY_V2 policy provider is specified in
|
|
// pgActionID:
|
|
//
|
|
// TRUST_E_NOSIGNATURE (when WTD_SAFER_FLAG is set in dwProvFlags)
|
|
// The subject isn't signed, has an invalid signature or unable
|
|
// to find the signer certificate. All signature verification
|
|
// errors will map to this error. Basically all errors except for
|
|
// publisher or timestamp certificate verification.
|
|
//
|
|
// Call GetLastError() to get the underlying reason for not having
|
|
// a valid signature.
|
|
//
|
|
// The following LastErrors indicate that the file doesn't have a
|
|
// signature: TRUST_E_NOSIGNATURE, TRUST_E_SUBJECT_FORM_UNKNOWN or
|
|
// TRUST_E_PROVIDER_UNKNOWN.
|
|
//
|
|
// UI will never be displayed for this case.
|
|
//
|
|
// TRUST_E_EXPLICIT_DISTRUST
|
|
// Returned if the hash representing the subject is trusted as
|
|
// AUTHZLEVELID_DISALLOWED or the publisher is in the "Disallowed"
|
|
// store. Also returned if the publisher certificate is revoked.
|
|
//
|
|
// UI will never be displayed for this case.
|
|
//
|
|
// ERROR_SUCCESS
|
|
// No UI unless noted below.
|
|
//
|
|
// Returned for the following:
|
|
// - Hash representing the subject is trusted as
|
|
// AUTHZLEVELID_FULLYTRUSTED
|
|
// - The publisher certificate exists in the
|
|
// "TrustedPublisher" store and there weren't any verification errors.
|
|
// - UI was enabled and the user clicked "Yes" when asked
|
|
// to install and run the signed subject.
|
|
// - UI was disabled. No publisher or timestamp chain error.
|
|
//
|
|
// TRUST_E_SUBJECT_NOT_TRUSTED
|
|
// UI was enabled and the the user clicked "No" when asked to install
|
|
// and run the signed subject.
|
|
//
|
|
// CRYPT_E_SECURITY_SETTINGS
|
|
// The subject hash or publisher wasn't explicitly trusted and
|
|
// user trust wasn't allowed in the safer authenticode flags.
|
|
// No UI will be displayed for this case.
|
|
//
|
|
// The subject is signed and its signature successfully
|
|
// verified.
|
|
//
|
|
// Any publisher or timestamp chain error. If WTD_SAFER_FLAG wasn't set in
|
|
// dwProvFlags, any signed code verification error.
|
|
//
|
|
extern LONG WINAPI WinVerifyTrust(HWND hwnd, GUID *pgActionID,
|
|
LPVOID pWVTData);
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WinVerifyTrustEx
|
|
//----------------------------------------------------------------------------
|
|
// *** DO NOT USE ***
|
|
//
|
|
//
|
|
extern HRESULT WINAPI WinVerifyTrustEx(HWND hwnd, GUID *pgActionID,
|
|
WINTRUST_DATA *pWinTrustData);
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Trust, Policy, and UI Provider definitions, typedefs, and prototypes
|
|
//
|
|
// Model:
|
|
// A client wishing to validate trust through WinVerifyTrust will
|
|
// select an appropriate Action ID guid for the call.
|
|
// This guid is defined by each Policy Provider and represents the
|
|
// functions called based on the policy for the given object.
|
|
//
|
|
// In this model, the Policy Provider determines which style of UI
|
|
// will be shown to the user (this only applies to style, the
|
|
// determination of whether UI is displayed is set by the calling client
|
|
// in the UI flags member of WINTRUST_DATA).
|
|
//
|
|
// Since the function entry points are common (same return value and
|
|
// parameters), it allows Policy Provider developers to take advantage
|
|
// of existing, generic, code to fill the CRYPT_PROVIDER_DATA structure.
|
|
//
|
|
// This also allows the developer to simply add the specific policy they
|
|
// need, then, call the generic Policy Provider - if appropriate.
|
|
//
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Wintrust Policy Flags
|
|
//----------------------------------------------------------------------------
|
|
// These are set during install and can be modified by the user
|
|
// through various means. The SETREG.EXE utility (found in the Authenticode
|
|
// Tools Pack) will select/deselect each of them.
|
|
//
|
|
#define WTPF_TRUSTTEST 0x00000020 // trust any "TEST" certificate
|
|
#define WTPF_TESTCANBEVALID 0x00000080
|
|
#define WTPF_IGNOREEXPIRATION 0x00000100 // Use expiration date
|
|
#define WTPF_IGNOREREVOKATION 0x00000200 // Do revocation check
|
|
#define WTPF_OFFLINEOK_IND 0x00000400 // off-line is ok individual certs
|
|
#define WTPF_OFFLINEOK_COM 0x00000800 // off-line is ok commercial certs
|
|
#define WTPF_OFFLINEOKNBU_IND 0x00001000 // off-line is ok individual certs, no bad ui
|
|
#define WTPF_OFFLINEOKNBU_COM 0x00002000 // off-line is ok commercial certs, no bad ui
|
|
#define WTPF_VERIFY_V1_OFF 0x00010000 // turn verify of v1 certs off
|
|
#define WTPF_IGNOREREVOCATIONONTS 0x00020000 // ignore TimeStamp revocation checks
|
|
#define WTPF_ALLOWONLYPERTRUST 0x00040000 // allow only items in personal trust db.
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustGetRegPolicyFlags
|
|
//----------------------------------------------------------------------------
|
|
// This API call is exported from WINTRUST.DLL and is the recommended method
|
|
// of retrieving the DWORD representing the Policy Flags.
|
|
//
|
|
extern void WINAPI WintrustGetRegPolicyFlags(DWORD *pdwPolicyFlags);
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustSetRegPolicyFlags
|
|
//----------------------------------------------------------------------------
|
|
// This API call is exported from WINTRUST.DLL and is the recommended method
|
|
// of setting the DWORD representing the Policy Flags. MAKE SURE to call
|
|
// WintrustGetRegPolicyFlags to get the current value and or/and the value
|
|
// you need then call the set the flags.
|
|
//
|
|
extern BOOL WINAPI WintrustSetRegPolicyFlags(DWORD dwPolicyFlags);
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Trust Provider "Step" Error defines
|
|
//----------------------------------------------------------------------------
|
|
// Each "step" of the Trust process has an error "slot" associated with it.
|
|
// If an error occurs, the "step" will assign its result to this "slot". These
|
|
// errors can be any valid WINERROR.H HRESULT code.
|
|
//
|
|
|
|
//
|
|
// step errors 0 through 20 are reserved for Authenticode specific. If
|
|
// you are not calling any of the SOFTPUB.DLL (Authenticode) providers, you
|
|
// may use these as needed.
|
|
//
|
|
#define TRUSTERROR_STEP_WVTPARAMS 0
|
|
#define TRUSTERROR_STEP_FILEIO 2
|
|
#define TRUSTERROR_STEP_SIP 3
|
|
#define TRUSTERROR_STEP_SIPSUBJINFO 5
|
|
#define TRUSTERROR_STEP_CATALOGFILE 6
|
|
#define TRUSTERROR_STEP_CERTSTORE 7
|
|
#define TRUSTERROR_STEP_MESSAGE 8
|
|
#define TRUSTERROR_STEP_MSG_SIGNERCOUNT 9
|
|
#define TRUSTERROR_STEP_MSG_INNERCNTTYPE 10
|
|
#define TRUSTERROR_STEP_MSG_INNERCNT 11
|
|
#define TRUSTERROR_STEP_MSG_STORE 12
|
|
#define TRUSTERROR_STEP_MSG_SIGNERINFO 13
|
|
#define TRUSTERROR_STEP_MSG_SIGNERCERT 14
|
|
#define TRUSTERROR_STEP_MSG_CERTCHAIN 15
|
|
#define TRUSTERROR_STEP_MSG_COUNTERSIGINFO 16
|
|
#define TRUSTERROR_STEP_MSG_COUNTERSIGCERT 17
|
|
#define TRUSTERROR_STEP_VERIFY_MSGHASH 18
|
|
#define TRUSTERROR_STEP_VERIFY_MSGINDIRECTDATA 19
|
|
|
|
//
|
|
// step errors 30 through 37 are reserved for the ending error code for each
|
|
// entry point in the Trust Model.
|
|
//
|
|
#define TRUSTERROR_STEP_FINAL_WVTINIT 30
|
|
#define TRUSTERROR_STEP_FINAL_INITPROV 31
|
|
#define TRUSTERROR_STEP_FINAL_OBJPROV 32
|
|
#define TRUSTERROR_STEP_FINAL_SIGPROV 33
|
|
#define TRUSTERROR_STEP_FINAL_CERTPROV 34
|
|
#define TRUSTERROR_STEP_FINAL_CERTCHKPROV 35
|
|
#define TRUSTERROR_STEP_FINAL_POLICYPROV 36
|
|
#define TRUSTERROR_STEP_FINAL_UIPROV 37
|
|
|
|
#define TRUSTERROR_MAX_STEPS 38
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// allocation and free function prototypes
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
typedef void *(*PFN_CPD_MEM_ALLOC)(IN DWORD cbSize);
|
|
typedef void (*PFN_CPD_MEM_FREE)(IN void *pvMem2Free);
|
|
|
|
typedef BOOL (*PFN_CPD_ADD_STORE)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
|
|
IN HCERTSTORE hStore2Add);
|
|
|
|
typedef BOOL (*PFN_CPD_ADD_SGNR)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
|
|
IN BOOL fCounterSigner,
|
|
IN OPTIONAL DWORD idxSigner,
|
|
IN struct _CRYPT_PROVIDER_SGNR *pSgnr2Add);
|
|
|
|
typedef BOOL (*PFN_CPD_ADD_CERT)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
|
|
IN DWORD idxSigner,
|
|
IN BOOL fCounterSigner,
|
|
IN OPTIONAL DWORD idxCounterSigner,
|
|
IN PCCERT_CONTEXT pCert2Add);
|
|
|
|
typedef BOOL (*PFN_CPD_ADD_PRIVDATA)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
|
|
IN struct _CRYPT_PROVIDER_PRIVDATA *pPrivData2Add);
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Provider function prototypes
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
|
|
//
|
|
// entry point for the object provider
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_INIT_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the object provider
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_OBJTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Signature Provider
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_SIGTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Certificate Provider
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_CERTTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Policy Provider's final call (from the trust provider)
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_FINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Policy Provider's "dump structure" call
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_TESTFINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Policy Provider's clean up routine for any PRIVDATA allocated
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_CLEANUP_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Policy Provider's Cert Check call. This will return
|
|
// true if the Trust Provider is to continue building the certificate chain.
|
|
// If the PP returns FALSE, it is assumed that we have reached a "TRUSTED",
|
|
// self-signed, root. it is also the CertCheck's responsibility to set the
|
|
// fTrustedRoot flag in the certificate structure.
|
|
//
|
|
typedef BOOL (*PFN_PROVIDER_CERTCHKPOLICY_CALL)( IN struct _CRYPT_PROVIDER_DATA *pProvData,
|
|
IN DWORD idxSigner,
|
|
IN BOOL fCounterSignerChain,
|
|
IN OPTIONAL DWORD idxCounterSigner);
|
|
|
|
|
|
#define WVT_OFFSETOF(t,f) ((ULONG)((ULONG_PTR)(&((t*)0)->f)))
|
|
|
|
#define WVT_ISINSTRUCT(structtypedef, structpassedsize, member) \
|
|
((WVT_OFFSETOF(structtypedef, member) < structpassedsize) ? TRUE : FALSE)
|
|
|
|
|
|
#define WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(structtypedef, structpassedsize, member) \
|
|
WVT_ISINSTRUCT(structtypedef, structpassedsize, member)
|
|
|
|
#include <pshpack8.h>
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVIDER_DATA Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used to pass information between WinVerifyTrust and all of the Provider
|
|
// calls.
|
|
//
|
|
// IMPORTANT: 1. All dynamically allocated members MUST use the allocation
|
|
// and Add2 functions provided.
|
|
//
|
|
typedef struct _CRYPT_PROVIDER_DATA
|
|
{
|
|
DWORD cbStruct; // = sizeof(TRUST_PROVIDER_DATA) (set in WVT)
|
|
|
|
WINTRUST_DATA *pWintrustData; // NOT verified (set in WVT)
|
|
BOOL fOpenedFile; // the provider opened the file handle (if applicable)
|
|
HWND hWndParent; // if passed in, else, Desktop hWnd (set in WVT).
|
|
GUID *pgActionID; // represents the Provider combination (set in WVT).
|
|
|
|
HCRYPTPROV hProv; // set to NULL to let CryptoAPI to assign.
|
|
|
|
DWORD dwError; // error if a low-level, system error was encountered
|
|
|
|
DWORD dwRegSecuritySettings; // ie security settings (set in WVT)
|
|
DWORD dwRegPolicySettings; // setreg settings (set in WVT)
|
|
|
|
struct _CRYPT_PROVIDER_FUNCTIONS *psPfns; // set in WVT.
|
|
|
|
DWORD cdwTrustStepErrors; // set in WVT.
|
|
DWORD *padwTrustStepErrors; // allocated in WVT. filled in WVT & Trust Provider
|
|
|
|
DWORD chStores; // number of stores in pahStores (root set in WVT)
|
|
HCERTSTORE *pahStores; // array of known stores (root set in WVT) root is ALWAYS #0!!!
|
|
|
|
DWORD dwEncoding; // message encoding type (set in WVT and Signature Prov)
|
|
HCRYPTMSG hMsg; // set in Signature Prov.
|
|
|
|
DWORD csSigners; // use Add2 and Get functions!
|
|
struct _CRYPT_PROVIDER_SGNR *pasSigners; // use Add2 and Get functions!
|
|
|
|
DWORD csProvPrivData; // use Add2 and Get functions!
|
|
struct _CRYPT_PROVIDER_PRIVDATA *pasProvPrivData; // use Add2 and Get functions!
|
|
|
|
DWORD dwSubjectChoice;
|
|
# define CPD_CHOICE_SIP 1
|
|
|
|
union
|
|
{
|
|
struct _PROVDATA_SIP *pPDSip;
|
|
};
|
|
|
|
char *pszUsageOID; // set in Init Provider
|
|
|
|
// 03-Oct-1997 pberkman: added
|
|
BOOL fRecallWithState; // state was maintained for Catalog Files.
|
|
|
|
// 10-Nov-1997 pberkman: added
|
|
FILETIME sftSystemTime;
|
|
|
|
// 16-Jan-1998 pberkman: added
|
|
char *pszCTLSignerUsageOID;
|
|
|
|
// 17-Feb-1998 philh: added
|
|
// LOWORD intialized from WINTRUST_DATA's dwProvFlags.
|
|
DWORD dwProvFlags;
|
|
# define CPD_USE_NT5_CHAIN_FLAG 0x80000000
|
|
# define CPD_REVOCATION_CHECK_NONE 0x00010000
|
|
# define CPD_REVOCATION_CHECK_END_CERT 0x00020000
|
|
# define CPD_REVOCATION_CHECK_CHAIN 0x00040000
|
|
# define CPD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00080000
|
|
|
|
// 24-Feb-1998 philh: added
|
|
DWORD dwFinalError;
|
|
|
|
// 20-May-1998 KeithV: added
|
|
PCERT_USAGE_MATCH pRequestUsage;
|
|
|
|
// 02-Aug-2000 philh: added
|
|
DWORD dwTrustPubSettings;
|
|
|
|
} CRYPT_PROVIDER_DATA, *PCRYPT_PROVIDER_DATA;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVIDER_FUNCTIONS structure
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
typedef struct _CRYPT_PROVIDER_FUNCTIONS
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
PFN_CPD_MEM_ALLOC pfnAlloc; // set in WVT
|
|
PFN_CPD_MEM_FREE pfnFree; // set in WVT
|
|
|
|
PFN_CPD_ADD_STORE pfnAddStore2Chain; // call to add a store to the chain.
|
|
PFN_CPD_ADD_SGNR pfnAddSgnr2Chain; // call to add a sgnr struct to a msg struct sgnr chain
|
|
PFN_CPD_ADD_CERT pfnAddCert2Chain; // call to add a cert struct to a sgnr struct cert chain
|
|
PFN_CPD_ADD_PRIVDATA pfnAddPrivData2Chain; // call to add provider private data to struct.
|
|
|
|
PFN_PROVIDER_INIT_CALL pfnInitialize; // initialize Policy data.
|
|
PFN_PROVIDER_OBJTRUST_CALL pfnObjectTrust; // build info up to the signer info(s).
|
|
PFN_PROVIDER_SIGTRUST_CALL pfnSignatureTrust; // build info to the signing cert
|
|
PFN_PROVIDER_CERTTRUST_CALL pfnCertificateTrust; // build the chain
|
|
PFN_PROVIDER_FINALPOLICY_CALL pfnFinalPolicy; // final call to policy
|
|
PFN_PROVIDER_CERTCHKPOLICY_CALL pfnCertCheckPolicy; // check each cert will building chain
|
|
PFN_PROVIDER_TESTFINALPOLICY_CALL pfnTestFinalPolicy; // dump structures to a file (or whatever the policy chooses)
|
|
|
|
struct _CRYPT_PROVUI_FUNCS *psUIpfns;
|
|
|
|
// 23-Jul-1997 pberkman: added
|
|
PFN_PROVIDER_CLEANUP_CALL pfnCleanupPolicy; // PRIVDATA cleanup routine.
|
|
|
|
} CRYPT_PROVIDER_FUNCTIONS, *PCRYPT_PROVIDER_FUNCTIONS;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVUI_FUNCS structure
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
|
|
typedef BOOL (*PFN_PROVUI_CALL)(IN HWND hWndSecurityDialog, IN struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
typedef struct _CRYPT_PROVUI_FUNCS
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
struct _CRYPT_PROVUI_DATA *psUIData;
|
|
|
|
PFN_PROVUI_CALL pfnOnMoreInfoClick;
|
|
PFN_PROVUI_CALL pfnOnMoreInfoClickDefault;
|
|
|
|
PFN_PROVUI_CALL pfnOnAdvancedClick;
|
|
PFN_PROVUI_CALL pfnOnAdvancedClickDefault;
|
|
|
|
} CRYPT_PROVUI_FUNCS, *PCRYPT_PROVUI_FUNCS;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVUI_DATA
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
typedef struct _CRYPT_PROVUI_DATA
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
DWORD dwFinalError;
|
|
|
|
WCHAR *pYesButtonText; // default: "&Yes"
|
|
WCHAR *pNoButtonText; // default: "&No"
|
|
WCHAR *pMoreInfoButtonText; // default: "&More Info"
|
|
WCHAR *pAdvancedLinkText; // default: <none>
|
|
|
|
// 15-Sep-1997 pberkman: added
|
|
// good: default:
|
|
// "Do you want to install and run ""%1"" signed on %2 and distributed by:"
|
|
WCHAR *pCopyActionText;
|
|
// good no time stamp: default:
|
|
// "Do you want to install and run ""%1"" signed on an unknown date/time and distributed by:"
|
|
WCHAR *pCopyActionTextNoTS;
|
|
// bad: default:
|
|
// "Do you want to install and run ""%1""?"
|
|
WCHAR *pCopyActionTextNotSigned;
|
|
|
|
|
|
} CRYPT_PROVUI_DATA, *PCRYPT_PROVUI_DATA;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVIDER_SGNR structure
|
|
//----------------------------------------------------------------------------
|
|
// After the Signature Provider is finished there will be zero to many of these
|
|
// filled out. One for each signer of the message. Also, there will be zero
|
|
// to many of these filled out inside this structure. One for each counter
|
|
// signer of the signer.
|
|
//
|
|
// IMPORTANT: 1. All dynamically allocated members MUST use allocation
|
|
// and Add2 functions provided.
|
|
//
|
|
typedef struct _CRYPT_PROVIDER_SGNR
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
FILETIME sftVerifyAsOf; // either today's filetime or the timestamps
|
|
|
|
DWORD csCertChain; // use Add2 and Get functions!
|
|
struct _CRYPT_PROVIDER_CERT *pasCertChain; // use Add2 and Get functions!
|
|
|
|
DWORD dwSignerType; // set if known by policy
|
|
# define SGNR_TYPE_TIMESTAMP 0x00000010
|
|
|
|
CMSG_SIGNER_INFO *psSigner; // must use the pfnAlloc allocator!
|
|
|
|
DWORD dwError; // error encounted while building/verifying the signer.
|
|
|
|
DWORD csCounterSigners; // use Add2 and Get functions!
|
|
struct _CRYPT_PROVIDER_SGNR *pasCounterSigners; // use Add2 and Get functions!
|
|
|
|
// 11-Feb-1998 philh: added
|
|
PCCERT_CHAIN_CONTEXT pChainContext;
|
|
|
|
} CRYPT_PROVIDER_SGNR, *PCRYPT_PROVIDER_SGNR;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVIDER_CERT structure
|
|
//----------------------------------------------------------------------------
|
|
// After the Signature and Certificate Providers are finished there will
|
|
// be zero to many of these filled out in the CRYPT_PROVIDER_SGNR
|
|
// structure. One for each certificate in the chain.
|
|
//
|
|
//
|
|
typedef struct _CRYPT_PROVIDER_CERT
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
PCCERT_CONTEXT pCert; // must have its own ref-count!
|
|
|
|
BOOL fCommercial;
|
|
BOOL fTrustedRoot; // certchk policy should set this.
|
|
BOOL fSelfSigned; // set in cert provider
|
|
|
|
BOOL fTestCert; // certchk policy will set
|
|
|
|
DWORD dwRevokedReason;
|
|
|
|
DWORD dwConfidence; // set in the Certificate Provider
|
|
# define CERT_CONFIDENCE_SIG 0x10000000 // this cert
|
|
# define CERT_CONFIDENCE_TIME 0x01000000 // issuer cert
|
|
# define CERT_CONFIDENCE_TIMENEST 0x00100000 // this cert
|
|
# define CERT_CONFIDENCE_AUTHIDEXT 0x00010000 // this cert
|
|
# define CERT_CONFIDENCE_HYGIENE 0x00001000 // this cert
|
|
# define CERT_CONFIDENCE_HIGHEST 0x11111000
|
|
|
|
DWORD dwError;
|
|
|
|
CTL_CONTEXT *pTrustListContext;
|
|
|
|
// 16-Jan-1998 pberkman: added
|
|
BOOL fTrustListSignerCert;
|
|
|
|
// 25-Feb-1998 philh: added
|
|
//
|
|
// The following two are only applicable to Self Signed certificates
|
|
// residing in a CTL.
|
|
PCCTL_CONTEXT pCtlContext;
|
|
DWORD dwCtlError;
|
|
|
|
// 12-Mar-1998 philh: added
|
|
BOOL fIsCyclic;
|
|
|
|
// 12-Oct-2000 DSIE: added
|
|
PCERT_CHAIN_ELEMENT pChainElement;
|
|
} CRYPT_PROVIDER_CERT, *PCRYPT_PROVIDER_CERT;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVIDER_PRIVDATA structure
|
|
//----------------------------------------------------------------------------
|
|
// This structure is to allow Policy Provider functions to share
|
|
// POLICY SPECIFIC data between Policy Functions.
|
|
// The Policy must use the pfnAddPrivateData2Chain function and
|
|
// must free any data within the member before the Final Policy returns
|
|
// to WVT.
|
|
// To allow multiple providers to use this feature, each provider that
|
|
// uses this member must set the provider ID to it's Action ID so that
|
|
// the provider can find its data and ignore any other.
|
|
//
|
|
typedef struct _CRYPT_PROVIDER_PRIVDATA
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
GUID gProviderID;
|
|
|
|
DWORD cbProvData;
|
|
void *pvProvData;
|
|
|
|
} CRYPT_PROVIDER_PRIVDATA, *PCRYPT_PROVIDER_PRIVDATA;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// PROVDATA_SIP
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
typedef struct _PROVDATA_SIP
|
|
{
|
|
DWORD cbStruct; // = sizeof(PROVDATA_SIP)
|
|
|
|
GUID gSubject; // subject guid of file/member file. (set in Sig Prov)
|
|
|
|
struct SIP_DISPATCH_INFO_ *pSip; // set in Sig Prov - defined in sipbase.h
|
|
struct SIP_DISPATCH_INFO_ *pCATSip; // set in Sig Prov - defined in sipbase.h
|
|
struct SIP_SUBJECTINFO_ *psSipSubjectInfo; // set in Sig Prov - defined in sipbase.h
|
|
struct SIP_SUBJECTINFO_ *psSipCATSubjectInfo; // set in Sig Prov - defined in sipbase.h
|
|
struct SIP_INDIRECT_DATA_ *psIndirectData; // set in Sig Prov - defined in sipbase.h
|
|
|
|
} PROVDATA_SIP, *PPROVDATA_SIP;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// structures used to register action IDs
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
#define WT_CURRENT_VERSION 0x00000200
|
|
|
|
typedef struct _CRYPT_TRUST_REG_ENTRY
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
WCHAR *pwszDLLName;
|
|
WCHAR *pwszFunctionName; // no more than WT_MAX_FUNC_NAME!
|
|
|
|
} CRYPT_TRUST_REG_ENTRY, *PCRYPT_TRUST_REG_ENTRY;
|
|
|
|
typedef struct _CRYPT_REGISTER_ACTIONID
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
CRYPT_TRUST_REG_ENTRY sInitProvider;
|
|
CRYPT_TRUST_REG_ENTRY sObjectProvider;
|
|
CRYPT_TRUST_REG_ENTRY sSignatureProvider;
|
|
CRYPT_TRUST_REG_ENTRY sCertificateProvider;
|
|
CRYPT_TRUST_REG_ENTRY sCertificatePolicyProvider;
|
|
CRYPT_TRUST_REG_ENTRY sFinalPolicyProvider;
|
|
CRYPT_TRUST_REG_ENTRY sTestPolicyProvider;
|
|
|
|
// 23-Jul-1997 pberkman: added
|
|
CRYPT_TRUST_REG_ENTRY sCleanupProvider;
|
|
|
|
} CRYPT_REGISTER_ACTIONID, *PCRYPT_REGISTER_ACTIONID;
|
|
|
|
typedef BOOL (*PFN_ALLOCANDFILLDEFUSAGE)(IN const char *pszUsageOID,
|
|
IN struct _CRYPT_PROVIDER_DEFUSAGE *psDefUsage);
|
|
typedef BOOL (*PFN_FREEDEFUSAGE)(IN const char *pszUsageOID,
|
|
IN struct _CRYPT_PROVIDER_DEFUSAGE *psDefUsage);
|
|
|
|
typedef struct _CRYPT_PROVIDER_REGDEFUSAGE
|
|
{
|
|
DWORD cbStruct; // = sizeof CRYPT_PROVIDER_REGDEFUSAGE
|
|
|
|
GUID *pgActionID;
|
|
|
|
WCHAR *pwszDllName;
|
|
char *pwszLoadCallbackDataFunctionName;
|
|
char *pwszFreeCallbackDataFunctionName;
|
|
|
|
} CRYPT_PROVIDER_REGDEFUSAGE, *PCRYPT_PROVIDER_REGDEFUSAGE;
|
|
|
|
typedef struct _CRYPT_PROVIDER_DEFUSAGE
|
|
{
|
|
DWORD cbStruct; // = sizeof CRYPT_PROVIDER_DEFUSAGE
|
|
|
|
GUID gActionID; // ActionID of provider
|
|
|
|
LPVOID pDefPolicyCallbackData; // normally filled in WINTRUST_DATA
|
|
LPVOID pDefSIPClientData; // normally filled in WINTRUST_DATA
|
|
|
|
} CRYPT_PROVIDER_DEFUSAGE, *PCRYPT_PROVIDER_DEFUSAGE;
|
|
|
|
#include <poppack.h>
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST.DLL Provider defines
|
|
//----------------------------------------------------------------------------
|
|
// The following are definitions of the Microsoft Generic Cert Provider
|
|
//
|
|
#define WT_PROVIDER_DLL_NAME L"WINTRUST.DLL"
|
|
#define WT_PROVIDER_CERTTRUST_FUNCTION L"WintrustCertificateTrust"
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustAddActionID
|
|
//----------------------------------------------------------------------------
|
|
// Adds a new Provider combination to the users'
|
|
// system. Creates all necessary registry entries, etc. This should be done
|
|
// during the Policy Provider's DllRegisterServer.
|
|
//
|
|
// *** THE ONLY ONE WHO SHOULD CALL THIS IS THE POLICY PROVIDER ***
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
extern BOOL WINAPI WintrustAddActionID(IN GUID *pgActionID,
|
|
IN DWORD fdwFlags,
|
|
IN CRYPT_REGISTER_ACTIONID *psProvInfo);
|
|
|
|
// By default, WintrustAddActionID doesn't return registry errors.
|
|
// Set this flag to return registry errors. If FALSE is returned,
|
|
// LastError is set.
|
|
#define WT_ADD_ACTION_ID_RET_RESULT_FLAG 0x1
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustRemoveActionID
|
|
//----------------------------------------------------------------------------
|
|
// Removes the Provider action combination from the users'
|
|
// system.
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
extern BOOL WINAPI WintrustRemoveActionID(IN GUID *pgActionID);
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustLoadFunctionPointers
|
|
//----------------------------------------------------------------------------
|
|
// Retrieves the function entry points based on the Action ID given.
|
|
//
|
|
// Returns:
|
|
// TRUE success.
|
|
// FALSE fail.
|
|
//
|
|
extern BOOL WINAPI WintrustLoadFunctionPointers(GUID *pgActionID, CRYPT_PROVIDER_FUNCTIONS *pPfns);
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustAddDefaultForUsage
|
|
//----------------------------------------------------------------------------
|
|
// Sets the default Action ID for the usage. If the provider uses this
|
|
// function, and the provider requires any of the "callback" data in
|
|
// WINTRUST_DATA to be filled out, it MUST completely fill out the
|
|
// CRYPT_PROVIDER_REGDEFUSAGE structure.
|
|
//
|
|
// Returns:
|
|
// TRUE success.
|
|
// FALSE fail.
|
|
//
|
|
extern BOOL WINAPI WintrustAddDefaultForUsage(IN const char *pszUsageOID,
|
|
IN CRYPT_PROVIDER_REGDEFUSAGE *psDefUsage);
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustGetDefaultForUsage
|
|
//----------------------------------------------------------------------------
|
|
// Retrieves the Action ID and default callback data for the specified usage
|
|
//
|
|
// this function must be called again with dwAction set to FREE to deallocate
|
|
//
|
|
//
|
|
// Returns:
|
|
// TRUE success.
|
|
// FALSE fail.
|
|
//
|
|
#define DWACTION_ALLOCANDFILL 1
|
|
#define DWACTION_FREE 2
|
|
extern BOOL WINAPI WintrustGetDefaultForUsage(IN DWORD dwAction,
|
|
IN const char *pszUsageOID,
|
|
IN OUT CRYPT_PROVIDER_DEFUSAGE *psUsage);
|
|
|
|
extern CRYPT_PROVIDER_SGNR * WINAPI WTHelperGetProvSignerFromChain(CRYPT_PROVIDER_DATA *pProvData,
|
|
DWORD idxSigner,
|
|
BOOL fCounterSigner,
|
|
DWORD idxCounterSigner);
|
|
extern CRYPT_PROVIDER_CERT * WINAPI WTHelperGetProvCertFromChain(CRYPT_PROVIDER_SGNR *pSgnr,
|
|
DWORD idxCert);
|
|
|
|
extern CRYPT_PROVIDER_DATA * WINAPI WTHelperProvDataFromStateData(HANDLE hStateData);
|
|
|
|
extern CRYPT_PROVIDER_PRIVDATA * WINAPI WTHelperGetProvPrivateDataFromChain(CRYPT_PROVIDER_DATA *pProvData,
|
|
GUID *pgProviderID);
|
|
extern BOOL WINAPI WTHelperCertIsSelfSigned(DWORD dwEncoding, CERT_INFO *pCert);
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Supported ASN structures contained in WINTRUST.DLL
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
#include <pshpack8.h>
|
|
|
|
//
|
|
// CTL Trusted CA Lists
|
|
//
|
|
#define szOID_TRUSTED_CODESIGNING_CA_LIST "1.3.6.1.4.1.311.2.2.1"
|
|
#define szOID_TRUSTED_CLIENT_AUTH_CA_LIST "1.3.6.1.4.1.311.2.2.2"
|
|
#define szOID_TRUSTED_SERVER_AUTH_CA_LIST "1.3.6.1.4.1.311.2.2.3"
|
|
|
|
//
|
|
// encode/decode OID defines
|
|
//
|
|
#define SPC_COMMON_NAME_OBJID szOID_COMMON_NAME
|
|
#define SPC_TIME_STAMP_REQUEST_OBJID "1.3.6.1.4.1.311.3.2.1"
|
|
#define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4"
|
|
#define SPC_SP_AGENCY_INFO_OBJID "1.3.6.1.4.1.311.2.1.10"
|
|
#define SPC_STATEMENT_TYPE_OBJID "1.3.6.1.4.1.311.2.1.11"
|
|
#define SPC_SP_OPUS_INFO_OBJID "1.3.6.1.4.1.311.2.1.12"
|
|
#define SPC_CERT_EXTENSIONS_OBJID "1.3.6.1.4.1.311.2.1.14"
|
|
#define SPC_PE_IMAGE_DATA_OBJID "1.3.6.1.4.1.311.2.1.15"
|
|
#define SPC_RAW_FILE_DATA_OBJID "1.3.6.1.4.1.311.2.1.18"
|
|
#define SPC_STRUCTURED_STORAGE_DATA_OBJID "1.3.6.1.4.1.311.2.1.19"
|
|
#define SPC_JAVA_CLASS_DATA_OBJID "1.3.6.1.4.1.311.2.1.20"
|
|
#define SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID "1.3.6.1.4.1.311.2.1.21"
|
|
#define SPC_COMMERCIAL_SP_KEY_PURPOSE_OBJID "1.3.6.1.4.1.311.2.1.22"
|
|
#define SPC_CAB_DATA_OBJID "1.3.6.1.4.1.311.2.1.25"
|
|
#define SPC_GLUE_RDN_OBJID "1.3.6.1.4.1.311.2.1.25" // obsolete!
|
|
#define SPC_MINIMAL_CRITERIA_OBJID "1.3.6.1.4.1.311.2.1.26"
|
|
#define SPC_FINANCIAL_CRITERIA_OBJID "1.3.6.1.4.1.311.2.1.27"
|
|
#define SPC_LINK_OBJID "1.3.6.1.4.1.311.2.1.28"
|
|
#define SPC_SIGINFO_OBJID "1.3.6.1.4.1.311.2.1.30"
|
|
|
|
#define CAT_NAMEVALUE_OBJID "1.3.6.1.4.1.311.12.2.1"
|
|
#define CAT_MEMBERINFO_OBJID "1.3.6.1.4.1.311.12.2.2"
|
|
|
|
|
|
//
|
|
// encode/decode internal defines
|
|
//
|
|
#define SPC_SP_AGENCY_INFO_STRUCT ((LPCSTR) 2000)
|
|
#define SPC_MINIMAL_CRITERIA_STRUCT ((LPCSTR) 2001)
|
|
#define SPC_FINANCIAL_CRITERIA_STRUCT ((LPCSTR) 2002)
|
|
#define SPC_INDIRECT_DATA_CONTENT_STRUCT ((LPCSTR) 2003)
|
|
#define SPC_PE_IMAGE_DATA_STRUCT ((LPCSTR) 2004)
|
|
#define SPC_LINK_STRUCT ((LPCSTR) 2005)
|
|
#define SPC_STATEMENT_TYPE_STRUCT ((LPCSTR) 2006)
|
|
#define SPC_SP_OPUS_INFO_STRUCT ((LPCSTR) 2007)
|
|
#define SPC_CAB_DATA_STRUCT ((LPCSTR) 2008)
|
|
#define SPC_JAVA_CLASS_DATA_STRUCT ((LPCSTR) 2009)
|
|
|
|
#define SPC_SIGINFO_STRUCT ((LPCSTR) 2130)
|
|
|
|
#define CAT_NAMEVALUE_STRUCT ((LPCSTR) 2221)
|
|
#define CAT_MEMBERINFO_STRUCT ((LPCSTR) 2222)
|
|
|
|
|
|
#define SPC_UUID_LENGTH 16
|
|
typedef BYTE SPC_UUID[SPC_UUID_LENGTH];
|
|
|
|
typedef struct _SPC_SERIALIZED_OBJECT
|
|
{
|
|
SPC_UUID ClassId;
|
|
CRYPT_DATA_BLOB SerializedData;
|
|
|
|
} SPC_SERIALIZED_OBJECT, *PSPC_SERIALIZED_OBJECT;
|
|
|
|
typedef struct SPC_SIGINFO_
|
|
{
|
|
DWORD dwSipVersion;
|
|
GUID gSIPGuid;
|
|
DWORD dwReserved1;
|
|
DWORD dwReserved2;
|
|
DWORD dwReserved3;
|
|
DWORD dwReserved4;
|
|
DWORD dwReserved5;
|
|
|
|
} SPC_SIGINFO, *PSPC_SIGINFO;
|
|
|
|
typedef struct SPC_LINK_
|
|
{
|
|
DWORD dwLinkChoice;
|
|
# define SPC_URL_LINK_CHOICE 1
|
|
# define SPC_MONIKER_LINK_CHOICE 2
|
|
# define SPC_FILE_LINK_CHOICE 3
|
|
|
|
union
|
|
{
|
|
LPWSTR pwszUrl;
|
|
SPC_SERIALIZED_OBJECT Moniker;
|
|
LPWSTR pwszFile;
|
|
};
|
|
|
|
} SPC_LINK, *PSPC_LINK;
|
|
|
|
typedef struct _SPC_PE_IMAGE_DATA
|
|
{
|
|
CRYPT_BIT_BLOB Flags;
|
|
PSPC_LINK pFile;
|
|
|
|
} SPC_PE_IMAGE_DATA, *PSPC_PE_IMAGE_DATA;
|
|
|
|
typedef struct _SPC_INDIRECT_DATA_CONTENT
|
|
{
|
|
CRYPT_ATTRIBUTE_TYPE_VALUE Data;
|
|
CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm;
|
|
CRYPT_HASH_BLOB Digest;
|
|
|
|
} SPC_INDIRECT_DATA_CONTENT, *PSPC_INDIRECT_DATA_CONTENT;
|
|
|
|
typedef struct _SPC_FINANCIAL_CRITERIA
|
|
{
|
|
BOOL fFinancialInfoAvailable;
|
|
BOOL fMeetsCriteria;
|
|
|
|
} SPC_FINANCIAL_CRITERIA, *PSPC_FINANCIAL_CRITERIA;
|
|
|
|
typedef struct _SPC_IMAGE
|
|
{
|
|
struct SPC_LINK_ *pImageLink;
|
|
CRYPT_DATA_BLOB Bitmap;
|
|
CRYPT_DATA_BLOB Metafile;
|
|
CRYPT_DATA_BLOB EnhancedMetafile;
|
|
CRYPT_DATA_BLOB GifFile;
|
|
|
|
} SPC_IMAGE, *PSPC_IMAGE;
|
|
|
|
typedef struct _SPC_SP_AGENCY_INFO
|
|
{
|
|
struct SPC_LINK_ *pPolicyInformation;
|
|
LPWSTR pwszPolicyDisplayText;
|
|
PSPC_IMAGE pLogoImage;
|
|
struct SPC_LINK_ *pLogoLink;
|
|
|
|
} SPC_SP_AGENCY_INFO, *PSPC_SP_AGENCY_INFO;
|
|
|
|
typedef struct _SPC_STATEMENT_TYPE
|
|
{
|
|
DWORD cKeyPurposeId;
|
|
LPSTR *rgpszKeyPurposeId; // pszObjId
|
|
|
|
} SPC_STATEMENT_TYPE, *PSPC_STATEMENT_TYPE;
|
|
|
|
typedef struct _SPC_SP_OPUS_INFO
|
|
{
|
|
LPCWSTR pwszProgramName;
|
|
struct SPC_LINK_ *pMoreInfo;
|
|
struct SPC_LINK_ *pPublisherInfo;
|
|
|
|
} SPC_SP_OPUS_INFO, *PSPC_SP_OPUS_INFO;
|
|
|
|
typedef struct _CAT_NAMEVALUE
|
|
{
|
|
LPWSTR pwszTag;
|
|
DWORD fdwFlags;
|
|
CRYPT_DATA_BLOB Value;
|
|
|
|
} CAT_NAMEVALUE, *PCAT_NAMEVALUE;
|
|
|
|
typedef struct _CAT_MEMBERINFO
|
|
{
|
|
LPWSTR pwszSubjGuid;
|
|
DWORD dwCertVersion;
|
|
|
|
} CAT_MEMBERINFO, *PCAT_MEMBERINFO;
|
|
|
|
#include <poppack.h>
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// support for old calling convention: *** DO NOT USE ***
|
|
//
|
|
#ifdef WT_DEFINE_ALL_APIS
|
|
|
|
typedef struct _WIN_CERTIFICATE
|
|
{
|
|
DWORD dwLength;
|
|
WORD wRevision;
|
|
WORD wCertificateType; // WIN_CERT_TYPE_xxx
|
|
BYTE bCertificate[ANYSIZE_ARRAY];
|
|
|
|
} WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
|
|
|
|
#define WIN_CERT_REVISION_1_0 (0x0100)
|
|
#define WIN_CERT_REVISION_2_0 (0x0200)
|
|
|
|
#define WIN_CERT_TYPE_X509 (0x0001) // bCertificate contains an X.509 Certificate
|
|
#define WIN_CERT_TYPE_PKCS_SIGNED_DATA (0x0002) // bCertificate contains a PKCS SignedData structure
|
|
#define WIN_CERT_TYPE_RESERVED_1 (0x0003) // Reserved
|
|
#define WIN_CERT_TYPE_TS_STACK_SIGNED (0x0004) // Terminal Server Protocol Stack Certificate signing
|
|
|
|
|
|
typedef LPVOID WIN_TRUST_SUBJECT;
|
|
|
|
typedef struct _WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT
|
|
{
|
|
HANDLE hClientToken;
|
|
GUID * SubjectType;
|
|
WIN_TRUST_SUBJECT Subject;
|
|
|
|
} WIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT, *LPWIN_TRUST_ACTDATA_CONTEXT_WITH_SUBJECT ;
|
|
|
|
|
|
typedef struct _WIN_TRUST_ACTDATA_SUBJECT_ONLY
|
|
{
|
|
GUID * SubjectType;
|
|
WIN_TRUST_SUBJECT Subject;
|
|
|
|
} WIN_TRUST_ACTDATA_SUBJECT_ONLY, *LPWIN_TRUST_ACTDATA_SUBJECT_ONLY;
|
|
|
|
/* RawFile == 959dc450-8d9e-11cf-8736-00aa00a485eb */
|
|
#define WIN_TRUST_SUBJTYPE_RAW_FILE \
|
|
{ 0x959dc450, \
|
|
0x8d9e, \
|
|
0x11cf, \
|
|
{0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
|
|
}
|
|
|
|
/* PeImage == 43c9a1e0-8da0-11cf-8736-00aa00a485eb */
|
|
#define WIN_TRUST_SUBJTYPE_PE_IMAGE \
|
|
{ 0x43c9a1e0, \
|
|
0x8da0, \
|
|
0x11cf, \
|
|
{0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
|
|
}
|
|
|
|
|
|
/* JavaClass = 08ad3990-8da1-11cf-8736-00aa00a485eb */
|
|
#define WIN_TRUST_SUBJTYPE_JAVA_CLASS \
|
|
{ 0x08ad3990, \
|
|
0x8da1, \
|
|
0x11cf, \
|
|
{0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
|
|
}
|
|
/* Cabinet = d17c5374-a392-11cf-9df5-00aa00c184e0 */
|
|
#define WIN_TRUST_SUBJTYPE_CABINET \
|
|
{ 0xd17c5374, \
|
|
0xa392, \
|
|
0x11cf, \
|
|
{ 0x9d, 0xf5, 0x0, 0xaa, 0x0, 0xc1, 0x84, 0xe0 } \
|
|
}
|
|
|
|
typedef struct _WIN_TRUST_SUBJECT_FILE
|
|
{
|
|
HANDLE hFile;
|
|
LPCWSTR lpPath;
|
|
|
|
} WIN_TRUST_SUBJECT_FILE, *LPWIN_TRUST_SUBJECT_FILE;
|
|
|
|
#define WIN_TRUST_SUBJTYPE_RAW_FILEEX \
|
|
{ 0x6f458110, \
|
|
0xc2f1, \
|
|
0x11cf, \
|
|
{ 0x8a, 0x69, 0x0, 0xaa, 0x0, 0x6c, 0x37, 0x6 } \
|
|
}
|
|
|
|
#define WIN_TRUST_SUBJTYPE_PE_IMAGEEX \
|
|
{ 0x6f458111, \
|
|
0xc2f1, \
|
|
0x11cf, \
|
|
{ 0x8a, 0x69, 0x0, 0xaa, 0x0, 0x6c, 0x37, 0x6 } \
|
|
}
|
|
|
|
#define WIN_TRUST_SUBJTYPE_JAVA_CLASSEX \
|
|
{ 0x6f458113, \
|
|
0xc2f1, \
|
|
0x11cf, \
|
|
{ 0x8a, 0x69, 0x0, 0xaa, 0x0, 0x6c, 0x37, 0x6 } \
|
|
}
|
|
|
|
#define WIN_TRUST_SUBJTYPE_CABINETEX \
|
|
{ 0x6f458114, \
|
|
0xc2f1, \
|
|
0x11cf, \
|
|
{ 0x8a, 0x69, 0x0, 0xaa, 0x0, 0x6c, 0x37, 0x6 } \
|
|
}
|
|
|
|
typedef struct _WIN_TRUST_SUBJECT_FILE_AND_DISPLAY
|
|
{
|
|
HANDLE hFile; // handle to the open file if you got it
|
|
LPCWSTR lpPath; // the path to open if you don't
|
|
LPCWSTR lpDisplayName; // (optional) display name to show to user
|
|
|
|
} WIN_TRUST_SUBJECT_FILE_AND_DISPLAY, *LPWIN_TRUST_SUBJECT_FILE_AND_DISPLAY;
|
|
|
|
/* OleStorage == c257e740-8da0-11cf-8736-00aa00a485eb */
|
|
#define WIN_TRUST_SUBJTYPE_OLE_STORAGE \
|
|
{ 0xc257e740, \
|
|
0x8da0, \
|
|
0x11cf, \
|
|
{0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
|
|
}
|
|
|
|
|
|
/* TrustedPublisher == 66426730-8da1-11cf-8736-00aa00a485eb */
|
|
#define WIN_SPUB_ACTION_TRUSTED_PUBLISHER \
|
|
{ 0x66426730, \
|
|
0x8da1, \
|
|
0x11cf, \
|
|
{0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
|
|
}
|
|
|
|
/* NtActivateImage == 8bc96b00-8da1-11cf-8736-00aa00a485eb */
|
|
#define WIN_SPUB_ACTION_NT_ACTIVATE_IMAGE \
|
|
{ 0x8bc96b00, \
|
|
0x8da1, \
|
|
0x11cf, \
|
|
{0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
|
|
}
|
|
|
|
/* PublishedSoftware == 64b9d180-8da2-11cf-8736-00aa00a485eb */
|
|
#define WIN_SPUB_ACTION_PUBLISHED_SOFTWARE \
|
|
{ 0x64b9d180, \
|
|
0x8da2, \
|
|
0x11cf, \
|
|
{0x87, 0x36, 0x00, 0xaa, 0x00, 0xa4, 0x85, 0xeb} \
|
|
}
|
|
|
|
typedef struct _WIN_SPUB_TRUSTED_PUBLISHER_DATA
|
|
{
|
|
HANDLE hClientToken;
|
|
LPWIN_CERTIFICATE lpCertificate;
|
|
|
|
} WIN_SPUB_TRUSTED_PUBLISHER_DATA, *LPWIN_SPUB_TRUSTED_PUBLISHER_DATA;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif // WINTRUST_H
|