home *** CD-ROM | disk | FTP | other *** search
/ Tricks of the Windows Gam…ming Gurus (2nd Edition) / Disc2.iso / vc98 / include / wintrust.h < prev    next >
C/C++ Source or Header  |  1998-04-25  |  30KB  |  654 lines

  1. //+-------------------------------------------------------------------------
  2. //
  3. //  Microsoft Windows
  4. //
  5. //  Copyright 1996 - 1998 Microsoft Corporation.
  6. //
  7. //  File:       wintrust.h
  8. //
  9. //  Contents:   Microsoft Internet Security Trust Provider Model
  10. //
  11. //  History:    31-May-1997 created
  12. //
  13. //--------------------------------------------------------------------------
  14.  
  15. #ifndef WINTRUST_H
  16. #define WINTRUST_H
  17.  
  18. //////////////////////////////////////////////////////////////////////////////
  19. //////////////////////////////////////////////////////////////////////////////
  20. //
  21. //      Client definitions, typedefs, and prototypes
  22. //
  23. //////////////////////////////////////////////////////////////////////////////
  24. //////////////////////////////////////////////////////////////////////////////
  25.  
  26. #pragma pack(8)
  27.  
  28. //////////////////////////////////////////////////////////////////////////////
  29. //
  30. // WINTRUST_DATA Structure
  31. //----------------------------------------------------------------------------
  32. //  Used when calling WinVerifyTrust to pass necessary information into
  33. //  the Providers.
  34. //
  35. typedef struct _WINTRUST_DATA
  36. {
  37.     DWORD           cbStruct;                   // = sizeof(WINTRUST_DATA)
  38.  
  39.     LPVOID          pPolicyCallbackData;        // optional: used to pass data between the app and policy
  40.  
  41.     DWORD           dwUIChoice;                 // required: UI choice.  One of the following.
  42. #                       define      WTD_UI_ALL              1
  43. #                       define      WTD_UI_NONE             2
  44. #                       define      WTD_UI_NOBAD            3
  45. #                       define      WTD_UI_NOGOOD           4
  46.  
  47.     DWORD           fdwRevocationChecks;        // required: certificate revocation check options
  48. #                       define      WTD_REVOKE_NONE         0x00000000
  49. #                       define      WTD_REVOKE_WHOLECHAIN   0x00000001
  50.  
  51.     DWORD           dwUnionChoice;              // required: which structure is being passed in?
  52. #                       define      WTD_CHOICE_FILE         1
  53. #                       define      WTD_CHOICE_CATALOG      2
  54. #                       define      WTD_CHOICE_BLOB         3
  55. #                       define      WTD_CHOICE_SIGNER       4
  56. #                       define      WTD_CHOICE_CERT         5
  57.     union
  58.     {
  59.         struct WINTRUST_FILE_INFO_      *pFile;         // individual file
  60.         struct WINTRUST_CATALOG_INFO_   *pCatalog;      // member of a Catalog File
  61.         struct WINTRUST_BLOB_INFO_      *pBlob;         // memory blob
  62.         struct WINTRUST_SGNR_INFO_      *pSgnr;         // signer structure only
  63.         struct WINTRUST_CERT_INFO_      *pCert;
  64.     };
  65.  
  66.     DWORD           dwStateAction;                      // future. DO NOT USE!!! (optional)
  67. #                       define      WTD_STATEACTION_OPEN    1
  68. #                       define      WTD_STATEACTION_VERIFY  2
  69. #                       define      WTD_STATEACTION_CLOSE   3
  70.  
  71.     HANDLE          hWVTStateData;                      // future. DO NOT USE!!! (optional)
  72.  
  73. } WINTRUST_DATA, *PWINTRUST_DATA;
  74.  
  75. //////////////////////////////////////////////////////////////////////////////
  76. //
  77. // WINTRUST_FILE_INFO Structure
  78. //----------------------------------------------------------------------------
  79. //  Used when calling WinVerifyTrust against an individual file.
  80. //
  81. typedef struct WINTRUST_FILE_INFO_
  82. {
  83.     DWORD           cbStruct;                   // = sizeof(WINTRUST_FILE_INFO)
  84.  
  85.     LPCWSTR         pcwszFilePath;              // required, file name to be verified
  86.     HANDLE          hFile;                      // optional, open handle to pcwszFilePath
  87.       
  88. } WINTRUST_FILE_INFO, *PWINTRUST_FILE_INFO;
  89.  
  90. //////////////////////////////////////////////////////////////////////////////
  91. //
  92. // WINTRUST_CATALOG_INFO Structure
  93. //----------------------------------------------------------------------------
  94. //  Used when calling WinVerifyTrust against a member of a Microsoft Catalog
  95. //  file.
  96. //
  97. typedef struct WINTRUST_CATALOG_INFO_
  98. {
  99.     DWORD               cbStruct;               // = sizeof(WINTRUST_CATALOG_INFO)
  100.  
  101.     DWORD               dwCatalogVersion;       // optional: Catalog version number
  102.     LPCWSTR             pcwszCatalogFilePath;   // required: path/name to Catalog file
  103.  
  104.     LPCWSTR             pcwszMemberTag;         // required: tag to member in Catalog
  105.     LPCWSTR             pcwszMemberFilePath;    // required: path/name to member file
  106.     HANDLE              hMemberFile;            // optional: open handle to pcwszMemberFilePath
  107.  
  108. } WINTRUST_CATALOG_INFO, *PWINTRUST_CATALOG_INFO;
  109.  
  110. //////////////////////////////////////////////////////////////////////////////
  111. //
  112. // WINTRUST_BLOB_INFO Structure
  113. //----------------------------------------------------------------------------
  114. //  Used when calling WinVerifyTrust against a memory blob.
  115. //
  116. typedef struct WINTRUST_BLOB_INFO_
  117. {
  118.     DWORD               cbStruct;               // = sizeof(WINTRUST_BLOB_INFO)
  119.  
  120.     LPCWSTR             pcwszDisplayName;       // name of the "thing" the pbMem is pointing to.
  121.  
  122.     DWORD               cbMem;
  123.     BYTE                *pbMem;
  124.  
  125. } WINTRUST_BLOB_INFO, *PWINTRUST_BLOB_INFO;
  126.  
  127. //////////////////////////////////////////////////////////////////////////////
  128. //
  129. // WINTRUST_SGNR_INFO Structure
  130. //----------------------------------------------------------------------------
  131. //  Used when calling WinVerifyTrust against a CMSG_SIGNER_INFO Structure
  132. //
  133. typedef struct WINTRUST_SGNR_INFO_
  134. {
  135.     DWORD               cbStruct;               // = sizeof(WINTRUST_SGNR_INFO)
  136.  
  137.     LPCWSTR             pcwszDisplayName;       // name of the "thing" the pbMem is pointing to.
  138.  
  139.     CMSG_SIGNER_INFO    *psSignerInfo;
  140.  
  141.     DWORD               chStores;               // number of stores in pahStores
  142.     HCERTSTORE          *pahStores;             // array of stores to add to internal list
  143.  
  144. } WINTRUST_SGNR_INFO, *PWINTRUST_SGNR_INFO;
  145.  
  146. //////////////////////////////////////////////////////////////////////////////
  147. //
  148. // WINTRUST_CERT_INFO Structure
  149. //----------------------------------------------------------------------------
  150. //  Used when calling WinVerifyTrust against a CERT_CONTEXT Structure
  151. //
  152. typedef struct WINTRUST_CERT_INFO_
  153. {
  154.     DWORD               cbStruct;               // = sizeof(WINTRUST_CERT_INFO)
  155.  
  156.     LPCWSTR             pcwszDisplayName;       // name of the "thing" the pbMem is pointing to.
  157.  
  158.     CERT_CONTEXT        *psCertContext;
  159.  
  160.     DWORD               chStores;               // number of stores in pahStores
  161.     HCERTSTORE          *pahStores;             // array of stores to add to internal list
  162.  
  163. } WINTRUST_CERT_INFO, *PWINTRUST_CERT_INFO;
  164.  
  165. #pragma pack()
  166.  
  167.  
  168. //////////////////////////////////////////////////////////////////////////////
  169. //
  170. // WinVerifyTrust
  171. //----------------------------------------------------------------------------
  172. //  Exported from WINTRUST.DLL.
  173. //  Call this function to verify the trust based on a digital signer.
  174. //
  175. //  Returns:
  176. //          ERROR_SUCCESS               If the trust is authenticated or
  177. //                                      if the user accepted the risk.
  178. //
  179. //          TRUST_E_PROVIDER_UNKNOWN    there was an error loading one of the 
  180. //                                      required Providers.
  181. //
  182. //          all error codes passed back are based on the Policy Provider used.
  183. //
  184.  
  185. LONG WINAPI WinVerifyTrust(IN OPTIONAL HWND hwnd,
  186.                               IN          GUID *pgActionID,
  187.                               IN          LPVOID pWintrustData);
  188.  
  189.  
  190. //////////////////////////////////////////////////////////////////////////////
  191. //////////////////////////////////////////////////////////////////////////////
  192. //
  193. //      Trust, Policy, and UI Provider definitions, typedefs, and prototypes
  194. //
  195. //  Model:
  196. //      A client wishing to validate trust through WinVerifyTrust will
  197. //      select an appropriate Action ID guid for the call.
  198. //      This guid is defined by each Policy Provider and represents the 
  199. //      functions called based on the policy for the given object.
  200. //
  201. //      In this model, the Policy Provider determines which style of UI
  202. //      will be shown to the user (this only applies to style, the 
  203. //      determination of whether UI is displayed is set by the calling client
  204. //      in the UI flags member of WINTRUST_DATA).
  205. //
  206. //      Since the function entry points are common (same return value and
  207. //      parameters), it allows Policy Provider developers to take advantage 
  208. //      of existing, generic, code to fill the CRYPT_PROVIDER_DATA structure.
  209. //    
  210. //      This also allows the developer to simply add the specific policy they
  211. //      need, then, call the generic Policy Provider - if appropriate.
  212. //
  213. //////////////////////////////////////////////////////////////////////////////
  214. //////////////////////////////////////////////////////////////////////////////
  215.  
  216. //////////////////////////////////////////////////////////////////////////////
  217. //
  218. // Supported ASN structures contained in WINTRUST.DLL
  219. //----------------------------------------------------------------------------
  220. //  
  221. #pragma pack (8)
  222.  
  223. #define SPC_INDIRECT_DATA_CONTENT_STRUCT    ((LPCSTR)2003)
  224. #define SPC_INDIRECT_DATA_OBJID             "1.3.6.1.4.1.311.2.1.4"
  225. #define SPC_GLUE_RDN_OBJID                  "1.3.6.1.4.1.311.2.1.25"
  226.  
  227. typedef struct _SPC_INDIRECT_DATA_CONTENT 
  228. {
  229.     CRYPT_ATTRIBUTE_TYPE_VALUE    Data;
  230.     CRYPT_ALGORITHM_IDENTIFIER    DigestAlgorithm;
  231.     CRYPT_HASH_BLOB               Digest;
  232.  
  233. } SPC_INDIRECT_DATA_CONTENT, *PSPC_INDIRECT_DATA_CONTENT;
  234.  
  235. #pragma pack()
  236.  
  237.  
  238. //////////////////////////////////////////////////////////////////////////////
  239. //
  240. // Wintrust Policy Flags
  241. //----------------------------------------------------------------------------
  242. //  These are set during install and can be modified by the user
  243. //  through various means.  The SETREG.EXE utility (found in the Authenticode
  244. //  Tools Pack) will select/deselect each of them.
  245. //
  246. #define WTPF_TRUSTTEST              0x00000020  // trust any "TEST" generated certificate
  247. #define WTPF_TESTCANBEVALID         0x00000080 
  248. #define WTPF_IGNOREEXPIRATION       0x00000100  // Use expiration date
  249. #define WTPF_IGNOREREVOKATION       0x00000200  // Do revocation check
  250. #define WTPF_OFFLINEOK_IND          0x00000400  // off-line is ok for individual certs
  251. #define WTPF_OFFLINEOK_COM          0x00000800  // off-line is ok for commercial certs
  252. #define WTPF_OFFLINEOKNBU_IND       0x00001000  // off-line is ok for individual certs, no bad ui
  253. #define WTPF_OFFLINEOKNBU_COM       0x00002000  // off-line is ok for commercial certs, no bad ui
  254. #define WTPF_TIMESTAMP_IND          0x00004000  // Use timestamp for individual certs
  255. #define WTPF_TIMESTAMP_COM          0x00008000  // Use timestamp for commerical certs
  256. #define WTPF_VERIFY_V1_OFF          0x00010000  // turn verify of v1 certs off
  257. #define WTPF_IGNOREREVOCATIONONTS   0x00020000  // ignore TimeStamp revocation checks
  258.  
  259. //////////////////////////////////////////////////////////////////////////////
  260. //
  261. // WintrustGetRegPolicyFlags
  262. //----------------------------------------------------------------------------
  263. //  This API call is exported from WINTRUST.DLL and is the recommended method
  264. //  of retrieving the DWORD representing the Policy Flags.
  265. //
  266. extern void WINAPI      WintrustGetRegPolicyFlags(DWORD *pdwPolicyFlags);
  267.  
  268.  
  269. //////////////////////////////////////////////////////////////////////////////
  270. //
  271. // Trust Provider "Step" Error defines
  272. //----------------------------------------------------------------------------
  273. //  Each "step" of the Trust process has an error "slot" associated with it.
  274. //  If an error occurs, the "step" will assign its result to this "slot".  These
  275. //  errors can be any valid WINERROR.H HRESULT code.
  276. //
  277. #define TRUSTERROR_STEP_WVTPARAMS                   0
  278. #define TRUSTERROR_STEP_FILEIO                      2
  279. #define TRUSTERROR_STEP_SIP                         3
  280. #define TRUSTERROR_STEP_SIPSUBJINFO                 5
  281. #define TRUSTERROR_STEP_CATALOGFILE                 6
  282. #define TRUSTERROR_STEP_CERTSTORE                   7
  283. #define TRUSTERROR_STEP_MESSAGE                     8
  284. #define TRUSTERROR_STEP_MSG_SIGNERCOUNT             9
  285. #define TRUSTERROR_STEP_MSG_INNERCNTTYPE            10
  286. #define TRUSTERROR_STEP_MSG_INNERCNT                11
  287. #define TRUSTERROR_STEP_MSG_STORE                   12
  288. #define TRUSTERROR_STEP_MSG_SIGNERINFO              13
  289. #define TRUSTERROR_STEP_MSG_SIGNERCERT              14
  290. #define TRUSTERROR_STEP_MSG_CERTCHAIN               15
  291. #define TRUSTERROR_STEP_MSG_COUNTERSIGINFO          16
  292. #define TRUSTERROR_STEP_MSG_COUNTERSIGCERT          17
  293. #define TRUSTERROR_STEP_VERIFY_MSGHASH              18
  294. #define TRUSTERROR_STEP_VERIFY_MSGINDIRECTDATA      19
  295.  
  296. #define TRUSTERROR_STEP_FINAL_WVTINIT               30
  297. #define TRUSTERROR_STEP_FINAL_INITPROV              31
  298. #define TRUSTERROR_STEP_FINAL_OBJPROV               32
  299. #define TRUSTERROR_STEP_FINAL_SIGPROV               33
  300. #define TRUSTERROR_STEP_FINAL_CERTPROV              34
  301. #define TRUSTERROR_STEP_FINAL_CERTCHKPROV           35
  302. #define TRUSTERROR_STEP_FINAL_POLICYPROV            36
  303. #define TRUSTERROR_STEP_FINAL_UIPROV                37
  304.  
  305. #define TRUSTERROR_MAX_STEPS                        38
  306.  
  307. //////////////////////////////////////////////////////////////////////////////
  308. //
  309. //  allocation and free function prototypes
  310. //----------------------------------------------------------------------------
  311. //
  312. typedef void        *(*PFN_CPD_MEM_ALLOC)(IN DWORD cbSize);
  313. typedef void        (*PFN_CPD_MEM_FREE)(IN void *pvMem2Free);
  314.  
  315. typedef BOOL        (*PFN_CPD_ADD_STORE)(IN struct _CRYPT_PROVIDER_DATA *pProvData, 
  316.                                          IN HCERTSTORE hStore2Add);
  317.  
  318. typedef BOOL        (*PFN_CPD_ADD_SGNR)(IN          struct _CRYPT_PROVIDER_DATA *pProvData, 
  319.                                         IN          BOOL fCounterSigner,
  320.                                         IN OPTIONAL DWORD idxSigner,
  321.                                         IN          struct _CRYPT_PROVIDER_SGNR *pSgnr2Add);
  322.  
  323. typedef BOOL        (*PFN_CPD_ADD_CERT)(IN          struct _CRYPT_PROVIDER_DATA *pProvData, 
  324.                                         IN          DWORD idxSigner,
  325.                                         IN          BOOL fCounterSigner,
  326.                                         IN OPTIONAL DWORD idxCounterSigner,
  327.                                         IN          PCCERT_CONTEXT pCert2Add);
  328.  
  329. typedef BOOL        (*PFN_CPD_ADD_PRIVDATA)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
  330.                                             IN struct _CRYPT_PROVIDER_PRIVDATA *pPrivData2Add);
  331.  
  332. //////////////////////////////////////////////////////////////////////////////
  333. //
  334. //  Provider function prototypes
  335. //----------------------------------------------------------------------------
  336. //
  337.  
  338. //
  339. //  entry point for the object provider
  340. //
  341. typedef HRESULT     (*PFN_PROVIDER_INIT_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  342.  
  343. //
  344. //  entry point for the object provider
  345. //
  346. typedef HRESULT     (*PFN_PROVIDER_OBJTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  347.  
  348. //
  349. //  entry point for the Signature Provider
  350. //
  351. typedef HRESULT     (*PFN_PROVIDER_SIGTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  352.  
  353. //
  354. //  entry point for the Certificate Provider
  355. //
  356. typedef HRESULT     (*PFN_PROVIDER_CERTTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  357.  
  358. //
  359. //  entry point for the Policy Provider's final call (from the trust provider)
  360. //
  361. typedef HRESULT     (*PFN_PROVIDER_FINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  362.  
  363. //
  364. //  entry point for the Policy Provider's "dump structure" call 
  365. //
  366. typedef HRESULT     (*PFN_PROVIDER_TESTFINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
  367.  
  368. //
  369. //  entry point for the Policy Provider's Cert Check call.  This will return
  370. //  true if the Trust Provider is to continue building the certificate chain.
  371. //  If the PP returns FALSE, it is assumed that we have reached a "TRUSTED",
  372. //  self-signed, root.
  373. //
  374. typedef BOOL        (*PFN_PROVIDER_CERTCHKPOLICY_CALL)( IN          struct _CRYPT_PROVIDER_DATA *pProvData, 
  375.                                                         IN          DWORD idxSigner,
  376.                                                         IN          BOOL fCounterSignerChain,
  377.                                                         IN OPTIONAL DWORD idxCounterSigner);
  378.  
  379. #pragma pack(8)
  380.  
  381. //////////////////////////////////////////////////////////////////////////////
  382. //
  383. // CRYPT_PROVIDER_FUNCTIONS structure
  384. //----------------------------------------------------------------------------
  385. //
  386. //
  387. typedef struct _CRYPT_PROVIDER_FUNCTIONS
  388. {
  389.     DWORD                               cbStruct;
  390.  
  391.     PFN_CPD_MEM_ALLOC                   pfnAlloc;               // set in WVT
  392.     PFN_CPD_MEM_FREE                    pfnFree;                // set in WVT
  393.  
  394.     PFN_CPD_ADD_STORE                   pfnAddStore2Chain;      // call to add a store to the chain.
  395.     PFN_CPD_ADD_SGNR                    pfnAddSgnr2Chain;       // call to add a sgnr struct to a msg struct sgnr chain
  396.     PFN_CPD_ADD_CERT                    pfnAddCert2Chain;       // call to add a cert struct to a sgnr struct cert chain
  397.     PFN_CPD_ADD_PRIVDATA                pfnAddPrivData2Chain;   // call to add provider private data to struct.
  398.  
  399.     PFN_PROVIDER_INIT_CALL              pfnInitialize;          // initialize Policy data.
  400.     PFN_PROVIDER_OBJTRUST_CALL          pfnObjectTrust;         // build info up to the signer info(s).
  401.     PFN_PROVIDER_SIGTRUST_CALL          pfnSignatureTrust;      // build info to the signing cert
  402.     PFN_PROVIDER_CERTTRUST_CALL         pfnCertificateTrust;    // build the chain
  403.     PFN_PROVIDER_FINALPOLICY_CALL       pfnFinalPolicy;         // final call to policy
  404.     PFN_PROVIDER_CERTCHKPOLICY_CALL     pfnCertCheckPolicy;     // check each cert will building chain
  405.     PFN_PROVIDER_TESTFINALPOLICY_CALL   pfnTestFinalPolicy;     // dump structures to a file (or whatever the policy chooses)
  406.  
  407. } CRYPT_PROVIDER_FUNCTIONS, *PCRYPT_PROVIDER_FUNCTIONS;
  408.  
  409. //////////////////////////////////////////////////////////////////////////////
  410. //
  411. // CRYPT_PROVIDER_CERT structure
  412. //----------------------------------------------------------------------------
  413. //  After the Signature and Certificate Providers are finished there will 
  414. //  be zero to many of these filled out in the CRYPT_PROVIDER_SGNR 
  415. //  structure.  One for each certificate in the chain.
  416. //  
  417. //
  418. typedef struct _CRYPT_PROVIDER_CERT
  419. {
  420.     DWORD                       cbStruct;
  421.  
  422.     PCCERT_CONTEXT              pCert;              // must have its own ref-count!
  423.  
  424.     BOOL                        fCommercial;
  425.     BOOL                        fTrustedRoot;       // certchk policy should set this.
  426.     BOOL                        fSelfSigned;        // set in cert provider
  427.  
  428.     BOOL                        fTestCert;          // certchk policy will set
  429.  
  430.     DWORD                       dwRevokedReason;
  431.  
  432.     DWORD                       dwConfidence;       // set in the Certificate Provider
  433. #                                   define  CERT_CONFIDENCE_SIG          0x10000000
  434. #                                   define  CERT_CONFIDENCE_TIME         0x01000000
  435. #                                   define  CERT_CONFIDENCE_TIMENEST     0x00100000
  436. #                                   define  CERT_CONFIDENCE_AUTHIDEXT    0x00010000
  437. #                                   define  CERT_CONFIDENCE_HIGHEST      0x11110000
  438.  
  439.     DWORD                       dwError;
  440.  
  441. } CRYPT_PROVIDER_CERT, *PCRYPT_PROVIDER_CERT;
  442.  
  443. //////////////////////////////////////////////////////////////////////////////
  444. //
  445. // CRYPT_PROVIDER_SGNR structure
  446. //----------------------------------------------------------------------------
  447. //  After the Signature Provider is finished there will be zero to many of these
  448. //  filled out.  One for each signer of the message.  Also, there will be zero 
  449. //  to many of these filled out inside this structure.  One for each counter 
  450. //  signer of the signer.
  451. //  
  452. //  IMPORTANT:  1.  All dynamically allocated members MUST use allocation
  453. //                  and Add2 functions provided.
  454. //
  455. typedef struct _CRYPT_PROVIDER_SGNR
  456. {
  457.     DWORD                       cbStruct;
  458.  
  459.     FILETIME                    sftVerifyAsOf;      // either today's filetime or the timestamps
  460.  
  461.     DWORD                       csCertChain;        // do NOT set manually.
  462.     CRYPT_PROVIDER_CERT         *pasCertChain;      // use the Add2 allocator
  463.  
  464.     DWORD                       dwSignerType;       // set if known by policy
  465. #                                   define  SGNR_TYPE_TIMESTAMP     0x00000010
  466.  
  467.     CMSG_SIGNER_INFO            *psSigner;          // must use the pfnAlloc allocator!
  468.  
  469.     DWORD                       dwError;            // error encounted while building/verifying the signer.
  470.  
  471.     DWORD                       csCounterSigners;   // do NOT set manually.
  472.     struct _CRYPT_PROVIDER_SGNR *pasCounterSigners; // use the Add2 allocator.
  473.  
  474. } CRYPT_PROVIDER_SGNR, *PCRYPT_PROVIDER_SGNR;
  475.  
  476. //////////////////////////////////////////////////////////////////////////////
  477. //
  478. // CRYPT_PROVIDER_PRIVDATA structure
  479. //----------------------------------------------------------------------------
  480. //  This structure is to allow Policy Provider functions to share
  481. //  POLICY SPECIFIC data between Policy Functions.
  482. //  The Policy must use the pfnAddPrivateData2Chain function and 
  483. //  must free any data within the member before the Final Policy returns
  484. //  to WVT.  
  485. //  To allow multiple providers to use this feature, each provider that
  486. //  uses this member must set the provider ID to it's Action ID so that 
  487. //  the provider can find its data and ignore any other.
  488. //
  489. typedef struct _CRYPT_PROVIDER_PRIVDATA
  490. {
  491.     DWORD                           cbStruct;
  492.  
  493.     GUID                            gProviderID;
  494.  
  495.     DWORD                           cbProvData;
  496.     void                            *pvProvData;
  497.  
  498. } CRYPT_PROVIDER_PRIVDATA, *PCRYPT_PROVIDER_PRIVDATA;
  499.  
  500. //////////////////////////////////////////////////////////////////////////////
  501. //
  502. // CRYPT_PROVIDER_DATA Structure
  503. //----------------------------------------------------------------------------
  504. //  Used to pass information between WinVerifyTrust and all of the Provider
  505. //  calls.
  506. //
  507. //  IMPORTANT:  1.  All dynamically allocated members MUST use the allocation
  508. //                  and Add2 functions provided.
  509. //
  510. typedef struct _CRYPT_PROVIDER_DATA
  511. {
  512.     DWORD                       cbStruct;               // = sizeof(TRUST_PROVIDER_DATA) (set in WVT)
  513.  
  514.     WINTRUST_DATA               *pWintrustData;         // NOT verified (set in WVT)
  515.     BOOL                        fOpenedFile;            // the provider opened the file handle (if applicable)
  516.     HWND                        hWndParent;             // if passed in, else, Desktop hWnd (set in WVT).
  517.     GUID                        *pgActionID;            // represents the Provider combination (set in WVT).
  518.  
  519.     HCRYPTPROV                  hProv;                  // set in WVT
  520.  
  521.     DWORD                       dwError;                // error to be returned
  522.  
  523.     DWORD                       dwRegSecuritySettings;  // ie security settings (set in WVT)
  524.     DWORD                       dwRegPolicySettings;    // setreg settings (set in WVT)
  525.  
  526.     CRYPT_PROVIDER_FUNCTIONS    sPfns;                  // set in WVT.
  527.  
  528.     DWORD                       cdwTrustStepErrors;     // set in WVT.
  529.     DWORD                       *padwTrustStepErrors;   // allocated in WVT.  filled in WVT & Trust Provider
  530.  
  531.     DWORD                       chStores;               // number of stores in pahStores (root set in WVT)
  532.     HCERTSTORE                  *pahStores;             // array of known stores (root set in WVT) root is ALWAYS #0!!!
  533.  
  534.     DWORD                       dwEncoding;             // message encoding type (set in WVT and Signature Prov)
  535.     HCRYPTMSG                   hMsg;                   // set in Signature Prov.
  536.  
  537.     GUID                        gSubject;               // subject guid of file/member file. (set in Sig Prov)
  538.     struct SIP_DISPATCH_INFO_   *pSip;                  // set in Sig Prov - defined in sipbase.h
  539.     struct SIP_DISPATCH_INFO_   *pCATSip;               // set in Sig Prov - defined in sipbase.h
  540.     struct SIP_SUBJECTINFO_     *psSipSubjectInfo;      // set in Sig Prov - defined in sipbase.h
  541.     struct SIP_SUBJECTINFO_     *psSipCATSubjectInfo;   // set in Sig Prov - defined in sipbase.h
  542.     struct SIP_INDIRECT_DATA_   *psIndirectData;        // set in Sig Prov - defined in sipbase.h
  543.  
  544.     DWORD                       csSigners;              // use Add2 function!
  545.     CRYPT_PROVIDER_SGNR         *pasSigners;            // use Add2 function!
  546.  
  547.     DWORD                       csProvPrivData;         // use Add2 function!
  548.     CRYPT_PROVIDER_PRIVDATA     *pasProvPrivData;       // use Add2 function!
  549.  
  550. } CRYPT_PROVIDER_DATA, *PCRYPT_PROVIDER_DATA;
  551.  
  552.  
  553. //////////////////////////////////////////////////////////////////////////////
  554. //
  555. // structures used to register action IDs
  556. //----------------------------------------------------------------------------
  557. //
  558. typedef struct _CRYPT_TRUST_REG_ENTRY
  559. {
  560.     DWORD                   cbStruct;
  561.  
  562.     WCHAR                   *pwszDLLName;
  563.     WCHAR                   *pwszFunctionName;
  564.  
  565. } CRYPT_TRUST_REG_ENTRY, *PCRYPT_TRUST_REG_ENTRY;
  566.  
  567. typedef struct _CRYPT_REGISTER_ACTIONID
  568. {
  569.     DWORD                   cbStruct;
  570.  
  571.     CRYPT_TRUST_REG_ENTRY   sInitProvider;
  572.     CRYPT_TRUST_REG_ENTRY   sObjectProvider;
  573.     CRYPT_TRUST_REG_ENTRY   sSignatureProvider;
  574.     CRYPT_TRUST_REG_ENTRY   sCertificateProvider;
  575.     CRYPT_TRUST_REG_ENTRY   sCertificatePolicyProvider;
  576.     CRYPT_TRUST_REG_ENTRY   sFinalPolicyProvider;
  577.     CRYPT_TRUST_REG_ENTRY   sTestPolicyProvider;
  578.  
  579. } CRYPT_REGISTER_ACTIONID, *PCRYPT_REGISTER_ACTIONID;
  580.  
  581. #pragma pack()
  582.  
  583. //////////////////////////////////////////////////////////////////////////////
  584. //
  585. // WINTRUST.DLL Provider defines
  586. //----------------------------------------------------------------------------
  587. //  The following are definitions of the Microsoft Generic Cert Provider
  588. //  
  589. #define WT_CURRENT_VERSION                  0x00000200
  590. #define WT_MAX_FUNC_NAME                    128
  591.  
  592. #define WT_PROVIDER_DLL_NAME                L"WINTRUST.DLL"
  593. #define WT_PROVIDER_CERTTRUST_FUNCTION      L"WintrustCertificateTrust"
  594.  
  595. //////////////////////////////////////////////////////////////////////////////
  596. //
  597. // WintrustAddActionID
  598. //----------------------------------------------------------------------------
  599. //  Adds a new Provider combination to the users' 
  600. //  system.  Creates all necessary registry entries, etc.  This should be done
  601. //  during the Policy Provider's DllRegisterServer.
  602. //
  603. //  *** THE ONLY ONE WHO SHOULD CALL THIS IS THE POLICY PROVIDER ***
  604. // 
  605. // Returns: 
  606. //      TRUE:                           No fatal errors
  607. //      FALSE:                          Errors occured.  See GetLastError()
  608. //
  609. extern BOOL WINAPI  WintrustAddActionID(IN GUID *pgActionID, 
  610.                                         IN DWORD fdwReserved,    // future use.
  611.                                         IN CRYPT_REGISTER_ACTIONID *psProvInfo);
  612.  
  613.  
  614. //////////////////////////////////////////////////////////////////////////////
  615. //
  616. // WintrustRemoveActionID
  617. //----------------------------------------------------------------------------
  618. //  Removes the Provider action combination from the users'
  619. //  system.
  620. // 
  621. // Returns: 
  622. //      TRUE:                           No fatal errors
  623. //      FALSE:                          Errors occured.  See GetLastError()
  624. //
  625. extern BOOL WINAPI  WintrustRemoveActionID(IN GUID *pgActionID);
  626.  
  627. //////////////////////////////////////////////////////////////////////////////
  628. //
  629. // WintrustLoadFunctionPointers
  630. //----------------------------------------------------------------------------
  631. //  Retrieves the function entry points based on the Action ID given.
  632. // 
  633. // Returns: 
  634. //      TRUE                            success.
  635. //      FALSE                           fail.
  636. //
  637. extern BOOL WINAPI WintrustLoadFunctionPointers(GUID *pgActionID, CRYPT_PROVIDER_FUNCTIONS *pPfns);
  638.  
  639. //
  640. //  helper functions exported from wintrust.dll
  641. //
  642. extern HANDLE WINAPI            WTHelperGetFileHandle(WINTRUST_DATA *pWintrustData);
  643. extern WCHAR * WINAPI           WTHelperGetFileName(WINTRUST_DATA *pWintrustData);
  644. extern PCCERT_CONTEXT WINAPI    WTHelperCertFindIssuerCertificate(CRYPT_PROVIDER_DATA *pProvData, 
  645.                                                                   CRYPT_PROVIDER_SGNR *pSgnr,
  646.                                                                   PCCERT_CONTEXT pChildContext,
  647.                                                                   DWORD *pdwConfidence,
  648.                                                                   DWORD *pdwError);
  649. extern BOOL WINAPI              WTHelperCertIsSelfSigned(DWORD dwEncoding, CERT_INFO *pCert);
  650. extern BOOL WINAPI              WTHelperOpenKnownStores(CRYPT_PROVIDER_DATA *pProvData);
  651.  
  652.  
  653. #endif // WINTRUST_H
  654.