Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

469 lines
16 KiB

  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1997.
  5. //
  6. // File: cryptdlg.h
  7. //
  8. // Contents: Common Cryptographic Dialog API Prototypes and Definitions
  9. //
  10. //----------------------------------------------------------------------------
  11. #ifndef __CRYPTDLG_H__
  12. #define __CRYPTDLG_H__
  13. #if defined (_MSC_VER) && (_MSC_VER >= 1020)
  14. #pragma once
  15. #endif
  16. #ifdef _CRYPTDLG_
  17. #define CRYPTDLGAPI
  18. #else
  19. #define CRYPTDLGAPI DECLSPEC_IMPORT
  20. #endif
  21. #if (_WIN32_WINNT >= 0x0400) || defined(_MAC) || defined(WIN16)
  22. #include <prsht.h>
  23. #ifdef __cplusplus
  24. extern "C" {
  25. #endif
  26. // Master flags to control how revocation is managed
  27. #define CRYTPDLG_FLAGS_MASK 0xff000000
  28. #define CRYPTDLG_REVOCATION_DEFAULT 0x00000000
  29. #define CRYPTDLG_REVOCATION_ONLINE 0x80000000
  30. #define CRYPTDLG_REVOCATION_CACHE 0x40000000
  31. #define CRYPTDLG_REVOCATION_NONE 0x20000000
  32. // Policy flags which control how we deal with user's certificates
  33. #define CRYPTDLG_POLICY_MASK 0x0000FFFF
  34. #define POLICY_IGNORE_NON_CRITICAL_BC 0x00000001
  35. #define CRYPTDLG_ACTION_MASK 0xFFFF0000
  36. #define ACTION_REVOCATION_DEFAULT_ONLINE 0x00010000
  37. #define ACTION_REVOCATION_DEFAULT_CACHE 0x00020000
  38. //
  39. // Many of the common dialogs can be passed a filter proc to reduce
  40. // the set of certificates displayed. A generic filter proc has been
  41. // provided to cover many of the generic cases.
  42. // Return TRUE to display and FALSE to hide
  43. typedef BOOL (WINAPI * PFNCMFILTERPROC)(
  44. IN PCCERT_CONTEXT pCertContext,
  45. IN DWORD, // lCustData, a cookie
  46. IN DWORD, // dwFlags
  47. IN DWORD); // dwDisplayWell
  48. // Display Well Values
  49. #define CERT_DISPWELL_SELECT 1
  50. #define CERT_DISPWELL_TRUST_CA_CERT 2
  51. #define CERT_DISPWELL_TRUST_LEAF_CERT 3
  52. #define CERT_DISPWELL_TRUST_ADD_CA_CERT 4
  53. #define CERT_DISPWELL_TRUST_ADD_LEAF_CERT 5
  54. #define CERT_DISPWELL_DISTRUST_CA_CERT 6
  55. #define CERT_DISPWELL_DISTRUST_LEAF_CERT 7
  56. #define CERT_DISPWELL_DISTRUST_ADD_CA_CERT 8
  57. #define CERT_DISPWELL_DISTRUST_ADD_LEAF_CERT 9
  58. //
  59. typedef UINT (WINAPI * PFNCMHOOKPROC)(
  60. IN HWND hwndDialog,
  61. IN UINT message,
  62. IN WPARAM wParam,
  63. IN LPARAM lParam);
  64. //
  65. #define CSS_SELECTCERT_MASK 0x00ffffff
  66. #define CSS_HIDE_PROPERTIES 0x00000001
  67. #define CSS_ENABLEHOOK 0x00000002
  68. #define CSS_ALLOWMULTISELECT 0x00000004
  69. #define CSS_SHOW_HELP 0x00000010
  70. #define CSS_ENABLETEMPLATE 0x00000020
  71. #define CSS_ENABLETEMPLATEHANDLE 0x00000040
  72. #define SELCERT_OK IDOK
  73. #define SELCERT_CANCEL IDCANCEL
  74. #define SELCERT_PROPERTIES 100
  75. #define SELCERT_FINEPRINT 101
  76. #define SELCERT_CERTLIST 102
  77. #define SELCERT_HELP IDHELP
  78. #define SELCERT_ISSUED_TO 103
  79. #define SELCERT_VALIDITY 104
  80. #define SELCERT_ALGORITHM 105
  81. #define SELCERT_SERIAL_NUM 106
  82. #define SELCERT_THUMBPRINT 107
  83. typedef struct tagCSSA {
  84. DWORD dwSize;
  85. HWND hwndParent;
  86. HINSTANCE hInstance;
  87. LPCSTR pTemplateName;
  88. DWORD dwFlags;
  89. LPCSTR szTitle;
  90. DWORD cCertStore;
  91. HCERTSTORE * arrayCertStore;
  92. LPCSTR szPurposeOid;
  93. DWORD cCertContext;
  94. PCCERT_CONTEXT * arrayCertContext;
  95. DWORD lCustData;
  96. PFNCMHOOKPROC pfnHook;
  97. PFNCMFILTERPROC pfnFilter;
  98. LPCSTR szHelpFileName;
  99. DWORD dwHelpId;
  100. HCRYPTPROV hprov;
  101. } CERT_SELECT_STRUCT_A, *PCERT_SELECT_STRUCT_A;
  102. typedef struct tagCSSW {
  103. DWORD dwSize;
  104. HWND hwndParent;
  105. HINSTANCE hInstance;
  106. LPCWSTR pTemplateName;
  107. DWORD dwFlags;
  108. LPCWSTR szTitle;
  109. DWORD cCertStore;
  110. HCERTSTORE * arrayCertStore;
  111. LPCSTR szPurposeOid;
  112. DWORD cCertContext;
  113. PCCERT_CONTEXT * arrayCertContext;
  114. DWORD lCustData;
  115. PFNCMHOOKPROC pfnHook;
  116. PFNCMFILTERPROC pfnFilter;
  117. LPCWSTR szHelpFileName;
  118. DWORD dwHelpId;
  119. HCRYPTPROV hprov;
  120. } CERT_SELECT_STRUCT_W, *PCERT_SELECT_STRUCT_W;
  121. #ifdef UNICODE
  122. typedef CERT_SELECT_STRUCT_W CERT_SELECT_STRUCT;
  123. typedef PCERT_SELECT_STRUCT_W PCERT_SELECT_STRUCT;
  124. #else
  125. typedef CERT_SELECT_STRUCT_A CERT_SELECT_STRUCT;
  126. typedef PCERT_SELECT_STRUCT_A PCERT_SELECT_STRUCT;
  127. #endif // UNICODE
  128. CRYPTDLGAPI
  129. BOOL
  130. WINAPI
  131. CertSelectCertificateA(
  132. IN OUT PCERT_SELECT_STRUCT_A pCertSelectInfo
  133. );
  134. #ifdef MAC
  135. #define CertSelectCertificate CertSelectCertificateA
  136. #else // !MAC
  137. CRYPTDLGAPI
  138. BOOL
  139. WINAPI
  140. CertSelectCertificateW(
  141. IN OUT PCERT_SELECT_STRUCT_W pCertSelectInfo
  142. );
  143. #ifdef UNICODE
  144. #define CertSelectCertificate CertSelectCertificateW
  145. #else
  146. #define CertSelectCertificate CertSelectCertificateA
  147. #endif
  148. #endif // MAC
  149. /////////////////////////////////////////////////////////////
  150. #define CM_VIEWFLAGS_MASK 0x00ffffff
  151. #define CM_ENABLEHOOK 0x00000001
  152. #define CM_SHOW_HELP 0x00000002
  153. #define CM_SHOW_HELPICON 0x00000004
  154. #define CM_ENABLETEMPLATE 0x00000008
  155. #define CM_HIDE_ADVANCEPAGE 0x00000010
  156. #define CM_HIDE_TRUSTPAGE 0x00000020
  157. #define CM_NO_NAMECHANGE 0x00000040
  158. #define CM_NO_EDITTRUST 0x00000080
  159. #define CM_HIDE_DETAILPAGE 0x00000100
  160. #define CM_ADD_CERT_STORES 0x00000200
  161. #define CERTVIEW_CRYPTUI_LPARAM 0x00800000
  162. typedef struct tagCERT_VIEWPROPERTIES_STRUCT_A {
  163. DWORD dwSize;
  164. HWND hwndParent;
  165. HINSTANCE hInstance;
  166. DWORD dwFlags;
  167. LPCSTR szTitle;
  168. PCCERT_CONTEXT pCertContext;
  169. LPSTR * arrayPurposes;
  170. DWORD cArrayPurposes;
  171. DWORD cRootStores; // Count of Root Stores
  172. HCERTSTORE * rghstoreRoots; // Array of root stores
  173. DWORD cStores; // Count of other stores to search
  174. HCERTSTORE * rghstoreCAs; // Array of other stores to search
  175. DWORD cTrustStores; // Count of trust stores
  176. HCERTSTORE * rghstoreTrust; // Array of trust stores
  177. HCRYPTPROV hprov; // Provider to use for verification
  178. DWORD lCustData;
  179. DWORD dwPad;
  180. LPCSTR szHelpFileName;
  181. DWORD dwHelpId;
  182. DWORD nStartPage;
  183. DWORD cArrayPropSheetPages;
  184. PROPSHEETPAGE * arrayPropSheetPages;
  185. } CERT_VIEWPROPERTIES_STRUCT_A, *PCERT_VIEWPROPERTIES_STRUCT_A;
  186. typedef struct tagCERT_VIEWPROPERTIES_STRUCT_W {
  187. DWORD dwSize;
  188. HWND hwndParent;
  189. HINSTANCE hInstance;
  190. DWORD dwFlags;
  191. LPCWSTR szTitle;
  192. PCCERT_CONTEXT pCertContext;
  193. LPSTR * arrayPurposes;
  194. DWORD cArrayPurposes;
  195. DWORD cRootStores; // Count of Root Stores
  196. HCERTSTORE * rghstoreRoots; // Array of root stores
  197. DWORD cStores; // Count of other stores to search
  198. HCERTSTORE * rghstoreCAs; // Array of other stores to search
  199. DWORD cTrustStores; // Count of trust stores
  200. HCERTSTORE * rghstoreTrust; // Array of trust stores
  201. HCRYPTPROV hprov; // Provider to use for verification
  202. DWORD lCustData;
  203. DWORD dwPad;
  204. LPCWSTR szHelpFileName;
  205. DWORD dwHelpId;
  206. DWORD nStartPage;
  207. DWORD cArrayPropSheetPages;
  208. PROPSHEETPAGE * arrayPropSheetPages;
  209. } CERT_VIEWPROPERTIES_STRUCT_W, *PCERT_VIEWPROPERTIES_STRUCT_W;
  210. #ifdef UNICODE
  211. typedef CERT_VIEWPROPERTIES_STRUCT_W CERT_VIEWPROPERTIES_STRUCT;
  212. typedef PCERT_VIEWPROPERTIES_STRUCT_W PCERT_VIEWPROPERTIES_STRUCT;
  213. #else
  214. typedef CERT_VIEWPROPERTIES_STRUCT_A CERT_VIEWPROPERTIES_STRUCT;
  215. typedef PCERT_VIEWPROPERTIES_STRUCT_A PCERT_VIEWPROPERTIES_STRUCT;
  216. #endif // UNICODE
  217. CRYPTDLGAPI
  218. BOOL
  219. WINAPI
  220. CertViewPropertiesA(
  221. PCERT_VIEWPROPERTIES_STRUCT_A pCertViewInfo
  222. );
  223. #ifdef MAC
  224. #define CertViewProperties CertViewPropertiesA
  225. #else // !MAC
  226. CRYPTDLGAPI
  227. BOOL
  228. WINAPI
  229. CertViewPropertiesW(
  230. PCERT_VIEWPROPERTIES_STRUCT_W pCertViewInfo
  231. );
  232. #ifdef UNICODE
  233. #define CertViewProperties CertViewPropertiesW
  234. #else
  235. #define CertViewProperties CertViewPropertiesA
  236. #endif
  237. #endif // MAC
  238. //
  239. // We provide a default filter function that people can use to do some
  240. // of the most simple things.
  241. //
  242. #define CERT_FILTER_OP_EXISTS 1
  243. #define CERT_FILTER_OP_NOT_EXISTS 2
  244. #define CERT_FILTER_OP_EQUALITY 3
  245. typedef struct tagCMOID {
  246. LPCSTR szExtensionOID; // Extension to filter on
  247. DWORD dwTestOperation;
  248. LPBYTE pbTestData;
  249. DWORD cbTestData;
  250. } CERT_FILTER_EXTENSION_MATCH;
  251. #define CERT_FILTER_INCLUDE_V1_CERTS 0x0001
  252. #define CERT_FILTER_VALID_TIME_RANGE 0x0002
  253. #define CERT_FILTER_VALID_SIGNATURE 0x0004
  254. #define CERT_FILTER_LEAF_CERTS_ONLY 0x0008
  255. #define CERT_FILTER_ISSUER_CERTS_ONLY 0x0010
  256. #define CERT_FILTER_KEY_EXISTS 0x0020
  257. typedef struct tagCMFLTR {
  258. DWORD dwSize;
  259. DWORD cExtensionChecks;
  260. CERT_FILTER_EXTENSION_MATCH * arrayExtensionChecks;
  261. DWORD dwCheckingFlags;
  262. } CERT_FILTER_DATA;
  263. //
  264. // Maybe this should not be here -- but until it goes into wincrypt.h
  265. //
  266. //
  267. // Get a formatted friendly name for a certificate
  268. CRYPTDLGAPI
  269. DWORD
  270. WINAPI
  271. GetFriendlyNameOfCertA(PCCERT_CONTEXT pccert, LPSTR pchBuffer,
  272. DWORD cchBuffer);
  273. CRYPTDLGAPI
  274. DWORD
  275. WINAPI
  276. GetFriendlyNameOfCertW(PCCERT_CONTEXT pccert, LPWSTR pchBuffer,
  277. DWORD cchBuffer);
  278. #ifdef UNICODE
  279. #define GetFriendlyNameOfCert GetFriendlyNameOfCertW
  280. #else
  281. #define GetFriendlyNameOfCert GetFriendlyNameOfCertA
  282. #endif
  283. //
  284. // We also provide a WinTrust provider which performs the same set of
  285. // parameter checking that we do in order to validate certificates.
  286. //
  287. #define CERT_CERTIFICATE_ACTION_VERIFY \
  288. { /* 7801ebd0-cf4b-11d0-851f-0060979387ea */ \
  289. 0x7801ebd0, \
  290. 0xcf4b, \
  291. 0x11d0, \
  292. {0x85, 0x1f, 0x00, 0x60, 0x97, 0x93, 0x87, 0xea} \
  293. }
  294. #define szCERT_CERTIFICATE_ACTION_VERIFY \
  295. "{7801ebd0-cf4b-11d0-851f-0060979387ea}"
  296. typedef HRESULT (WINAPI * PFNTRUSTHELPER)(
  297. IN PCCERT_CONTEXT pCertContext,
  298. IN DWORD lCustData,
  299. IN BOOL fLeafCertificate,
  300. IN LPBYTE pbTrustBlob);
  301. //
  302. // Failure Reasons:
  303. //
  304. #define CERT_VALIDITY_BEFORE_START 0x00000001
  305. #define CERT_VALIDITY_AFTER_END 0x00000002
  306. #define CERT_VALIDITY_SIGNATURE_FAILS 0x00000004
  307. #define CERT_VALIDITY_CERTIFICATE_REVOKED 0x00000008
  308. #define CERT_VALIDITY_KEY_USAGE_EXT_FAILURE 0x00000010
  309. #define CERT_VALIDITY_EXTENDED_USAGE_FAILURE 0x00000020
  310. #define CERT_VALIDITY_NAME_CONSTRAINTS_FAILURE 0x00000040
  311. #define CERT_VALIDITY_UNKNOWN_CRITICAL_EXTENSION 0x00000080
  312. #define CERT_VALIDITY_ISSUER_INVALID 0x00000100
  313. #define CERT_VALIDITY_OTHER_EXTENSION_FAILURE 0x00000200
  314. #define CERT_VALIDITY_PERIOD_NESTING_FAILURE 0x00000400
  315. #define CERT_VALIDITY_OTHER_ERROR 0x00000800
  316. #define CERT_VALIDITY_ISSUER_DISTRUST 0x02000000
  317. #define CERT_VALIDITY_EXPLICITLY_DISTRUSTED 0x01000000
  318. #define CERT_VALIDITY_NO_ISSUER_CERT_FOUND 0x10000000
  319. #define CERT_VALIDITY_NO_CRL_FOUND 0x20000000
  320. #define CERT_VALIDITY_CRL_OUT_OF_DATE 0x40000000
  321. #define CERT_VALIDITY_NO_TRUST_DATA 0x80000000
  322. #define CERT_VALIDITY_MASK_TRUST 0xffff0000
  323. #define CERT_VALIDITY_MASK_VALIDITY 0x0000ffff
  324. #define CERT_TRUST_MASK 0x00ffffff
  325. #define CERT_TRUST_DO_FULL_SEARCH 0x00000001
  326. #define CERT_TRUST_PERMIT_MISSING_CRLS 0x00000002
  327. #define CERT_TRUST_DO_FULL_TRUST 0x00000005
  328. #define CERT_TRUST_ADD_CERT_STORES CM_ADD_CERT_STORES
  329. //
  330. // Trust data structure
  331. //
  332. // Returned data arrays will be allocated using LocalAlloc and must
  333. // be freed by the caller. The data in the TrustInfo array are individually
  334. // allocated and must be freed. The data in rgChain must be freed by
  335. // calling CertFreeCertificateContext.
  336. //
  337. // Defaults:
  338. // pszUsageOid == NULL indicates that no trust validation should be done
  339. // cRootStores == 0 Will default to User's Root store
  340. // cStores == 0 Will default to User's CA and system's SPC stores
  341. // cTrustStores == 0 Will default to User's TRUST store
  342. // hprov == NULL Will default to RSABase
  343. // any returned item which has a null pointer will not return that item.
  344. // Notes:
  345. // pfnTrustHelper is nyi
  346. typedef struct _CERT_VERIFY_CERTIFICATE_TRUST {
  347. DWORD cbSize; // Size of this structure
  348. PCCERT_CONTEXT pccert; // Certificate to be verified
  349. DWORD dwFlags; // CERT_TRUST_*
  350. DWORD dwIgnoreErr; // Errors to ignore (CERT_VALIDITY_*)
  351. DWORD * pdwErrors; // Location to return error flags
  352. LPSTR pszUsageOid; // Extended Usage OID for Certificate
  353. HCRYPTPROV hprov; // Crypt Provider to use for validation
  354. DWORD cRootStores; // Count of Root Stores
  355. HCERTSTORE * rghstoreRoots; // Array of root stores
  356. DWORD cStores; // Count of other stores to search
  357. HCERTSTORE * rghstoreCAs; // Array of other stores to search
  358. DWORD cTrustStores; // Count of trust stores
  359. HCERTSTORE * rghstoreTrust; // Array of trust stores
  360. DWORD lCustData; //
  361. PFNTRUSTHELPER pfnTrustHelper; // Callback function for cert validation
  362. DWORD * pcChain; // Count of items in the chain array
  363. PCCERT_CONTEXT ** prgChain; // Chain of certificates used
  364. DWORD ** prgdwErrors; // Errors on a per certificate basis
  365. DATA_BLOB ** prgpbTrustInfo; // Array of trust information used
  366. } CERT_VERIFY_CERTIFICATE_TRUST, * PCERT_VERIFY_CERTIFICATE_TRUST;
  367. //
  368. // Trust list manipulation routine
  369. //
  370. // CertModifyCertificatesToTrust can be used to do modifications to the set of certificates
  371. // on trust lists for a given purpose.
  372. // if hcertstoreTrust is NULL, the System Store TRUST in Current User will be used
  373. // if pccertSigner is specified, it will be used to sign the resulting trust lists,
  374. // it also restricts the set of trust lists that may be modified.
  375. //
  376. #define CTL_MODIFY_REQUEST_ADD_NOT_TRUSTED 1
  377. #define CTL_MODIFY_REQUEST_REMOVE 2
  378. #define CTL_MODIFY_REQUEST_ADD_TRUSTED 3
  379. typedef struct _CTL_MODIFY_REQUEST {
  380. PCCERT_CONTEXT pccert; // Certificate to change trust on
  381. DWORD dwOperation; // Operation to be performed
  382. DWORD dwError; // Operation error code
  383. } CTL_MODIFY_REQUEST, * PCTL_MODIFY_REQUEST;
  384. CRYPTDLGAPI
  385. HRESULT
  386. WINAPI
  387. CertModifyCertificatesToTrust(
  388. int cCerts, // Count of modifications to be done
  389. PCTL_MODIFY_REQUEST rgCerts, // Array of modification requests
  390. LPCSTR szPurpose, // Purpose OID to for modifications
  391. HWND hwnd, // HWND for any dialogs
  392. HCERTSTORE hcertstoreTrust, // Cert Store to store trust information in
  393. PCCERT_CONTEXT pccertSigner); // Certificate to be used in signing trust list
  394. #ifdef WIN16
  395. // Need to define export functions in WATCOM.
  396. BOOL
  397. WINAPI CertConfigureTrustA(void);
  398. BOOL
  399. WINAPI FormatVerisignExtension(
  400. DWORD /*dwCertEncodingType*/,
  401. DWORD /*dwFormatType*/,
  402. DWORD /*dwFormatStrType*/,
  403. void * /*pFormatStruct*/,
  404. LPCSTR /*lpszStructType*/,
  405. const BYTE * /*pbEncoded*/,
  406. DWORD /*cbEncoded*/,
  407. void * pbFormat,
  408. DWORD * pcbFormat);
  409. #endif // !WIN16
  410. #ifdef __cplusplus
  411. } // Balance extern "C" above
  412. #endif
  413. #endif // (_WIN32_WINNT >= 0x0400)
  414. #endif // _CRYPTDLG_H_