Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

218 lines
7.4 KiB

//+-------------------------------------------------------------------------
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1997 - 1999
//
// File: certprot.h
//
// Contents: Certificate Protection APIs
//
// APIs: I_CertProtectFunction
// I_CertCltProtectFunction
// I_CertSrvProtectFunction
//
// History: 27-Nov-97 philh created
//--------------------------------------------------------------------------
#ifndef __CERTPROT_H__
#define __CERTPROT_H__
#ifdef __cplusplus
extern "C" {
#endif
//+-------------------------------------------------------------------------
// Calls the services process to do a protected certificate function,
// such as, add or delete a protected root certificate.
//
// CryptMemFree must be called to free the returned *ppbOut.
//--------------------------------------------------------------------------
BOOL
WINAPI
I_CertProtectFunction(
IN DWORD dwFuncId,
IN DWORD dwFlags,
IN OPTIONAL LPCWSTR pwszIn,
IN OPTIONAL BYTE *pbIn,
IN DWORD cbIn,
OUT OPTIONAL BYTE **ppbOut,
OUT OPTIONAL DWORD *pcbOut
);
#define CERT_PROT_INIT_ROOTS_FUNC_ID 1
#define CERT_PROT_PURGE_LM_ROOTS_FUNC_ID 2
#define CERT_PROT_ADD_ROOT_FUNC_ID 3
#define CERT_PROT_DELETE_ROOT_FUNC_ID 4
#define CERT_PROT_DELETE_UNKNOWN_ROOTS_FUNC_ID 5
#define CERT_PROT_ROOT_LIST_FUNC_ID 6
#define CERT_PROT_ADD_ROOT_IN_CTL_FUNC_ID 7
#define CERT_PROT_LOG_EVENT_FUNC_ID 8
//+-------------------------------------------------------------------------
// CERT_PROT_INIT_ROOTS_FUNC_ID
//
// Initialize the protected list of CurrentUser roots. Note, no UI.
//
// No IN/OUT parameters.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CERT_PROT_PURGE_LM_ROOTS_FUNC_ID
//
// Purge all CurrentUser roots from the protected list that also exist
// in the LocalMachine SystemRegistry "Root" store. Also removes duplicated
// certificates from the CurrentUser SystemRegistry "Root" store.
//
// Note, no UI. Purging can be disabled by setting the
// CERT_PROT_ROOT_INHIBIT_PURGE_LM_FLAG in the registry's ProtectedRootFlags
// value.
//
// No IN/OUT parameters.
//
// Even if purging is disabled, the protected list of roots is still
// initialized.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CERT_PROT_ADD_ROOT_FUNC_ID
//
// Add the specified certificate to the CurrentUser SystemRegistry "Root"
// store and the protected list of roots. The user is prompted before doing
// the add.
//
// pbIn and cbIn must be updated with the pointer to and length of the
// serialized certificate context to be added. No other IN/OUT parameters.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CERT_PROT_DELETE_ROOT_FUNC_ID
//
// Delete the specified certificate from the CurrentUser SystemRegistry "Root"
// store and the protected list of roots. The user is prompted before doing
// the delete.
//
// pbIn and cbIn must be updated with the pointer to and length of the
// certificate's SHA1 hash property. No other IN/OUT parameters.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CERT_PROT_DELETE_UNKNOWN_ROOTS_FUNC_ID
//
// Delete all CurrentUser roots from the protected list that don't also
// exist in the CurrentUser SystemRegistry "Root" store. The user is
// prompted before doing the delete.
//
// No IN/OUT parameters.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CERT_PROT_ROOT_LIST_FUNC_ID
//
// Add or remove the signed list of certificates to/from the CurrentUser
// SystemRegistry "Root" store and the protected list of roots. The user
// isn't prompted before doing the add or remove.
//
// pbIn and cbIn must be updated with the pointer to and length of the
// serialized CTL containing the signed list of roots to be added or
// removed. No other IN/OUT parameters.
//
// CURRENTLY NOT SUPPORTED!!!
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CERT_PROT_ADD_ROOT_IN_CTL_FUNC_ID
//
// Add the certificate in the Auto Update CTL to the HKLM AuthRoot store.
//
// pbIn and cbIn must be updated with the pointer to and length of the
// serialized X.509 certificate immediately followed by the
// serialized CTL. No other IN/OUT parameters.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CERT_PROT_LOG_EVENT_FUNC_ID
//
// Logs a crypt32 event.
//
// pbIn and cbIn must be updated to point to the following
// CERT_PROT_EVENT_LOG_PARA data structure. It contains the parameters
// passed to advapi32!ReportEventW.
//
// wNumString NULL terminated unicode strings immediately follow. Followed by
// dwDataSize binary data bytes.
//
// wCategory, wNumStrings and dwDataSize are optional.
//--------------------------------------------------------------------------
typedef struct _CERT_PROT_EVENT_LOG_PARA {
WORD wType;
WORD wCategory; // OPTIONAL, may be 0
DWORD dwEventID;
WORD wNumStrings; // OPTIONAL, may be 0
WORD wPad1;
DWORD dwDataSize; // OPTIONAL, may be 0
} CERT_PROT_EVENT_LOG_PARA, *PCERT_PROT_EVENT_LOG_PARA;
//+-------------------------------------------------------------------------
// Called from the client process to do the RPC to the server process.
//--------------------------------------------------------------------------
BOOL
WINAPI
I_CertCltProtectFunction(
IN DWORD dwFuncId,
IN DWORD dwFlags,
IN OPTIONAL LPCWSTR pwszIn,
IN OPTIONAL BYTE *pbIn,
IN DWORD cbIn,
OUT OPTIONAL BYTE **ppbOut,
OUT OPTIONAL DWORD *pcbOut
);
typedef void __RPC_FAR * (__RPC_USER *PFN_CERT_PROT_MIDL_USER_ALLOC)(
IN size_t cb
);
typedef void (__RPC_USER *PFN_CERT_PROT_MIDL_USER_FREE)(
IN void __RPC_FAR *pv
);
//+-------------------------------------------------------------------------
// Called from the services process to process a protected certificate
// function.
//
// Returns the error status, ie, not returned in LastError.
//--------------------------------------------------------------------------
DWORD
WINAPI
I_CertSrvProtectFunction(
IN handle_t hRpc,
IN DWORD dwFuncId,
IN DWORD dwFlags,
IN LPCWSTR pwszIn,
IN BYTE *pbIn,
IN DWORD cbIn,
OUT BYTE **ppbOut,
OUT DWORD *pcbOut,
IN PFN_CERT_PROT_MIDL_USER_ALLOC pfnAlloc,
IN PFN_CERT_PROT_MIDL_USER_FREE pfnFree
);
typedef DWORD (WINAPI *PFN_CERT_SRV_PROTECT_FUNCTION)(
IN handle_t hRpc,
IN DWORD dwFuncId,
IN DWORD dwFlags,
IN LPCWSTR pwszIn,
IN BYTE *pbIn,
IN DWORD cbIn,
OUT BYTE **ppbOut,
OUT DWORD *pcbOut,
IN PFN_CERT_PROT_MIDL_USER_ALLOC pfnAlloc,
IN PFN_CERT_PROT_MIDL_USER_FREE pfnFree
);
#ifdef __cplusplus
} // Balance extern "C" above
#endif
#endif