Complete disaster-recovery snapshot: engine/game source, game data assets, VC6 toolchain + DX SDKs, build outputs, deployed game, and _UNUSED archive. Large binaries in Git LFS; text preserved byte-for-byte (core.autocrlf=false, no eol attributes). See RECOVERY.md for the one-clone rebuild procedure.
654 lines
29 KiB
C++
654 lines
29 KiB
C++
//+-------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright 1996 - 1998 Microsoft Corporation.
|
|
//
|
|
// File: wintrust.h
|
|
//
|
|
// Contents: Microsoft Internet Security Trust Provider Model
|
|
//
|
|
// History: 31-May-1997 created
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
#ifndef WINTRUST_H
|
|
#define WINTRUST_H
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Client definitions, typedefs, and prototypes
|
|
//
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
|
|
#pragma pack(8)
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_DATA Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust to pass necessary information into
|
|
// the Providers.
|
|
//
|
|
typedef struct _WINTRUST_DATA
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_DATA)
|
|
|
|
LPVOID pPolicyCallbackData; // optional: used to pass data between the app and policy
|
|
|
|
DWORD dwUIChoice; // required: UI choice. One of the following.
|
|
# define WTD_UI_ALL 1
|
|
# define WTD_UI_NONE 2
|
|
# define WTD_UI_NOBAD 3
|
|
# define WTD_UI_NOGOOD 4
|
|
|
|
DWORD fdwRevocationChecks; // required: certificate revocation check options
|
|
# define WTD_REVOKE_NONE 0x00000000
|
|
# define WTD_REVOKE_WHOLECHAIN 0x00000001
|
|
|
|
DWORD dwUnionChoice; // required: which structure is being passed in?
|
|
# define WTD_CHOICE_FILE 1
|
|
# define WTD_CHOICE_CATALOG 2
|
|
# define WTD_CHOICE_BLOB 3
|
|
# define WTD_CHOICE_SIGNER 4
|
|
# define WTD_CHOICE_CERT 5
|
|
union
|
|
{
|
|
struct WINTRUST_FILE_INFO_ *pFile; // individual file
|
|
struct WINTRUST_CATALOG_INFO_ *pCatalog; // member of a Catalog File
|
|
struct WINTRUST_BLOB_INFO_ *pBlob; // memory blob
|
|
struct WINTRUST_SGNR_INFO_ *pSgnr; // signer structure only
|
|
struct WINTRUST_CERT_INFO_ *pCert;
|
|
};
|
|
|
|
DWORD dwStateAction; // future. DO NOT USE!!! (optional)
|
|
# define WTD_STATEACTION_OPEN 1
|
|
# define WTD_STATEACTION_VERIFY 2
|
|
# define WTD_STATEACTION_CLOSE 3
|
|
|
|
HANDLE hWVTStateData; // future. DO NOT USE!!! (optional)
|
|
|
|
} WINTRUST_DATA, *PWINTRUST_DATA;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_FILE_INFO Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust against an individual file.
|
|
//
|
|
typedef struct WINTRUST_FILE_INFO_
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_FILE_INFO)
|
|
|
|
LPCWSTR pcwszFilePath; // required, file name to be verified
|
|
HANDLE hFile; // optional, open handle to pcwszFilePath
|
|
|
|
} WINTRUST_FILE_INFO, *PWINTRUST_FILE_INFO;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_CATALOG_INFO Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust against a member of a Microsoft Catalog
|
|
// file.
|
|
//
|
|
typedef struct WINTRUST_CATALOG_INFO_
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_CATALOG_INFO)
|
|
|
|
DWORD dwCatalogVersion; // optional: Catalog version number
|
|
LPCWSTR pcwszCatalogFilePath; // required: path/name to Catalog file
|
|
|
|
LPCWSTR pcwszMemberTag; // required: tag to member in Catalog
|
|
LPCWSTR pcwszMemberFilePath; // required: path/name to member file
|
|
HANDLE hMemberFile; // optional: open handle to pcwszMemberFilePath
|
|
|
|
} WINTRUST_CATALOG_INFO, *PWINTRUST_CATALOG_INFO;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_BLOB_INFO Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust against a memory blob.
|
|
//
|
|
typedef struct WINTRUST_BLOB_INFO_
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_BLOB_INFO)
|
|
|
|
LPCWSTR pcwszDisplayName; // name of the "thing" the pbMem is pointing to.
|
|
|
|
DWORD cbMem;
|
|
BYTE *pbMem;
|
|
|
|
} WINTRUST_BLOB_INFO, *PWINTRUST_BLOB_INFO;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_SGNR_INFO Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust against a CMSG_SIGNER_INFO Structure
|
|
//
|
|
typedef struct WINTRUST_SGNR_INFO_
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_SGNR_INFO)
|
|
|
|
LPCWSTR pcwszDisplayName; // name of the "thing" the pbMem is pointing to.
|
|
|
|
CMSG_SIGNER_INFO *psSignerInfo;
|
|
|
|
DWORD chStores; // number of stores in pahStores
|
|
HCERTSTORE *pahStores; // array of stores to add to internal list
|
|
|
|
} WINTRUST_SGNR_INFO, *PWINTRUST_SGNR_INFO;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST_CERT_INFO Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used when calling WinVerifyTrust against a CERT_CONTEXT Structure
|
|
//
|
|
typedef struct WINTRUST_CERT_INFO_
|
|
{
|
|
DWORD cbStruct; // = sizeof(WINTRUST_CERT_INFO)
|
|
|
|
LPCWSTR pcwszDisplayName; // name of the "thing" the pbMem is pointing to.
|
|
|
|
CERT_CONTEXT *psCertContext;
|
|
|
|
DWORD chStores; // number of stores in pahStores
|
|
HCERTSTORE *pahStores; // array of stores to add to internal list
|
|
|
|
} WINTRUST_CERT_INFO, *PWINTRUST_CERT_INFO;
|
|
|
|
#pragma pack()
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WinVerifyTrust
|
|
//----------------------------------------------------------------------------
|
|
// Exported from WINTRUST.DLL.
|
|
// Call this function to verify the trust based on a digital signer.
|
|
//
|
|
// Returns:
|
|
// ERROR_SUCCESS If the trust is authenticated or
|
|
// if the user accepted the risk.
|
|
//
|
|
// TRUST_E_PROVIDER_UNKNOWN there was an error loading one of the
|
|
// required Providers.
|
|
//
|
|
// all error codes passed back are based on the Policy Provider used.
|
|
//
|
|
|
|
LONG WINAPI WinVerifyTrust(IN OPTIONAL HWND hwnd,
|
|
IN GUID *pgActionID,
|
|
IN LPVOID pWintrustData);
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Trust, Policy, and UI Provider definitions, typedefs, and prototypes
|
|
//
|
|
// Model:
|
|
// A client wishing to validate trust through WinVerifyTrust will
|
|
// select an appropriate Action ID guid for the call.
|
|
// This guid is defined by each Policy Provider and represents the
|
|
// functions called based on the policy for the given object.
|
|
//
|
|
// In this model, the Policy Provider determines which style of UI
|
|
// will be shown to the user (this only applies to style, the
|
|
// determination of whether UI is displayed is set by the calling client
|
|
// in the UI flags member of WINTRUST_DATA).
|
|
//
|
|
// Since the function entry points are common (same return value and
|
|
// parameters), it allows Policy Provider developers to take advantage
|
|
// of existing, generic, code to fill the CRYPT_PROVIDER_DATA structure.
|
|
//
|
|
// This also allows the developer to simply add the specific policy they
|
|
// need, then, call the generic Policy Provider - if appropriate.
|
|
//
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Supported ASN structures contained in WINTRUST.DLL
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
#pragma pack (8)
|
|
|
|
#define SPC_INDIRECT_DATA_CONTENT_STRUCT ((LPCSTR)2003)
|
|
#define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4"
|
|
#define SPC_GLUE_RDN_OBJID "1.3.6.1.4.1.311.2.1.25"
|
|
|
|
typedef struct _SPC_INDIRECT_DATA_CONTENT
|
|
{
|
|
CRYPT_ATTRIBUTE_TYPE_VALUE Data;
|
|
CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm;
|
|
CRYPT_HASH_BLOB Digest;
|
|
|
|
} SPC_INDIRECT_DATA_CONTENT, *PSPC_INDIRECT_DATA_CONTENT;
|
|
|
|
#pragma pack()
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Wintrust Policy Flags
|
|
//----------------------------------------------------------------------------
|
|
// These are set during install and can be modified by the user
|
|
// through various means. The SETREG.EXE utility (found in the Authenticode
|
|
// Tools Pack) will select/deselect each of them.
|
|
//
|
|
#define WTPF_TRUSTTEST 0x00000020 // trust any "TEST" generated certificate
|
|
#define WTPF_TESTCANBEVALID 0x00000080
|
|
#define WTPF_IGNOREEXPIRATION 0x00000100 // Use expiration date
|
|
#define WTPF_IGNOREREVOKATION 0x00000200 // Do revocation check
|
|
#define WTPF_OFFLINEOK_IND 0x00000400 // off-line is ok for individual certs
|
|
#define WTPF_OFFLINEOK_COM 0x00000800 // off-line is ok for commercial certs
|
|
#define WTPF_OFFLINEOKNBU_IND 0x00001000 // off-line is ok for individual certs, no bad ui
|
|
#define WTPF_OFFLINEOKNBU_COM 0x00002000 // off-line is ok for commercial certs, no bad ui
|
|
#define WTPF_TIMESTAMP_IND 0x00004000 // Use timestamp for individual certs
|
|
#define WTPF_TIMESTAMP_COM 0x00008000 // Use timestamp for commerical certs
|
|
#define WTPF_VERIFY_V1_OFF 0x00010000 // turn verify of v1 certs off
|
|
#define WTPF_IGNOREREVOCATIONONTS 0x00020000 // ignore TimeStamp revocation checks
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustGetRegPolicyFlags
|
|
//----------------------------------------------------------------------------
|
|
// This API call is exported from WINTRUST.DLL and is the recommended method
|
|
// of retrieving the DWORD representing the Policy Flags.
|
|
//
|
|
extern void WINAPI WintrustGetRegPolicyFlags(DWORD *pdwPolicyFlags);
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Trust Provider "Step" Error defines
|
|
//----------------------------------------------------------------------------
|
|
// Each "step" of the Trust process has an error "slot" associated with it.
|
|
// If an error occurs, the "step" will assign its result to this "slot". These
|
|
// errors can be any valid WINERROR.H HRESULT code.
|
|
//
|
|
#define TRUSTERROR_STEP_WVTPARAMS 0
|
|
#define TRUSTERROR_STEP_FILEIO 2
|
|
#define TRUSTERROR_STEP_SIP 3
|
|
#define TRUSTERROR_STEP_SIPSUBJINFO 5
|
|
#define TRUSTERROR_STEP_CATALOGFILE 6
|
|
#define TRUSTERROR_STEP_CERTSTORE 7
|
|
#define TRUSTERROR_STEP_MESSAGE 8
|
|
#define TRUSTERROR_STEP_MSG_SIGNERCOUNT 9
|
|
#define TRUSTERROR_STEP_MSG_INNERCNTTYPE 10
|
|
#define TRUSTERROR_STEP_MSG_INNERCNT 11
|
|
#define TRUSTERROR_STEP_MSG_STORE 12
|
|
#define TRUSTERROR_STEP_MSG_SIGNERINFO 13
|
|
#define TRUSTERROR_STEP_MSG_SIGNERCERT 14
|
|
#define TRUSTERROR_STEP_MSG_CERTCHAIN 15
|
|
#define TRUSTERROR_STEP_MSG_COUNTERSIGINFO 16
|
|
#define TRUSTERROR_STEP_MSG_COUNTERSIGCERT 17
|
|
#define TRUSTERROR_STEP_VERIFY_MSGHASH 18
|
|
#define TRUSTERROR_STEP_VERIFY_MSGINDIRECTDATA 19
|
|
|
|
#define TRUSTERROR_STEP_FINAL_WVTINIT 30
|
|
#define TRUSTERROR_STEP_FINAL_INITPROV 31
|
|
#define TRUSTERROR_STEP_FINAL_OBJPROV 32
|
|
#define TRUSTERROR_STEP_FINAL_SIGPROV 33
|
|
#define TRUSTERROR_STEP_FINAL_CERTPROV 34
|
|
#define TRUSTERROR_STEP_FINAL_CERTCHKPROV 35
|
|
#define TRUSTERROR_STEP_FINAL_POLICYPROV 36
|
|
#define TRUSTERROR_STEP_FINAL_UIPROV 37
|
|
|
|
#define TRUSTERROR_MAX_STEPS 38
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// allocation and free function prototypes
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
typedef void *(*PFN_CPD_MEM_ALLOC)(IN DWORD cbSize);
|
|
typedef void (*PFN_CPD_MEM_FREE)(IN void *pvMem2Free);
|
|
|
|
typedef BOOL (*PFN_CPD_ADD_STORE)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
|
|
IN HCERTSTORE hStore2Add);
|
|
|
|
typedef BOOL (*PFN_CPD_ADD_SGNR)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
|
|
IN BOOL fCounterSigner,
|
|
IN OPTIONAL DWORD idxSigner,
|
|
IN struct _CRYPT_PROVIDER_SGNR *pSgnr2Add);
|
|
|
|
typedef BOOL (*PFN_CPD_ADD_CERT)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
|
|
IN DWORD idxSigner,
|
|
IN BOOL fCounterSigner,
|
|
IN OPTIONAL DWORD idxCounterSigner,
|
|
IN PCCERT_CONTEXT pCert2Add);
|
|
|
|
typedef BOOL (*PFN_CPD_ADD_PRIVDATA)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
|
|
IN struct _CRYPT_PROVIDER_PRIVDATA *pPrivData2Add);
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Provider function prototypes
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
|
|
//
|
|
// entry point for the object provider
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_INIT_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the object provider
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_OBJTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Signature Provider
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_SIGTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Certificate Provider
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_CERTTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Policy Provider's final call (from the trust provider)
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_FINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Policy Provider's "dump structure" call
|
|
//
|
|
typedef HRESULT (*PFN_PROVIDER_TESTFINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
//
|
|
// entry point for the Policy Provider's Cert Check call. This will return
|
|
// true if the Trust Provider is to continue building the certificate chain.
|
|
// If the PP returns FALSE, it is assumed that we have reached a "TRUSTED",
|
|
// self-signed, root.
|
|
//
|
|
typedef BOOL (*PFN_PROVIDER_CERTCHKPOLICY_CALL)( IN struct _CRYPT_PROVIDER_DATA *pProvData,
|
|
IN DWORD idxSigner,
|
|
IN BOOL fCounterSignerChain,
|
|
IN OPTIONAL DWORD idxCounterSigner);
|
|
|
|
#pragma pack(8)
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVIDER_FUNCTIONS structure
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
//
|
|
typedef struct _CRYPT_PROVIDER_FUNCTIONS
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
PFN_CPD_MEM_ALLOC pfnAlloc; // set in WVT
|
|
PFN_CPD_MEM_FREE pfnFree; // set in WVT
|
|
|
|
PFN_CPD_ADD_STORE pfnAddStore2Chain; // call to add a store to the chain.
|
|
PFN_CPD_ADD_SGNR pfnAddSgnr2Chain; // call to add a sgnr struct to a msg struct sgnr chain
|
|
PFN_CPD_ADD_CERT pfnAddCert2Chain; // call to add a cert struct to a sgnr struct cert chain
|
|
PFN_CPD_ADD_PRIVDATA pfnAddPrivData2Chain; // call to add provider private data to struct.
|
|
|
|
PFN_PROVIDER_INIT_CALL pfnInitialize; // initialize Policy data.
|
|
PFN_PROVIDER_OBJTRUST_CALL pfnObjectTrust; // build info up to the signer info(s).
|
|
PFN_PROVIDER_SIGTRUST_CALL pfnSignatureTrust; // build info to the signing cert
|
|
PFN_PROVIDER_CERTTRUST_CALL pfnCertificateTrust; // build the chain
|
|
PFN_PROVIDER_FINALPOLICY_CALL pfnFinalPolicy; // final call to policy
|
|
PFN_PROVIDER_CERTCHKPOLICY_CALL pfnCertCheckPolicy; // check each cert will building chain
|
|
PFN_PROVIDER_TESTFINALPOLICY_CALL pfnTestFinalPolicy; // dump structures to a file (or whatever the policy chooses)
|
|
|
|
} CRYPT_PROVIDER_FUNCTIONS, *PCRYPT_PROVIDER_FUNCTIONS;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVIDER_CERT structure
|
|
//----------------------------------------------------------------------------
|
|
// After the Signature and Certificate Providers are finished there will
|
|
// be zero to many of these filled out in the CRYPT_PROVIDER_SGNR
|
|
// structure. One for each certificate in the chain.
|
|
//
|
|
//
|
|
typedef struct _CRYPT_PROVIDER_CERT
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
PCCERT_CONTEXT pCert; // must have its own ref-count!
|
|
|
|
BOOL fCommercial;
|
|
BOOL fTrustedRoot; // certchk policy should set this.
|
|
BOOL fSelfSigned; // set in cert provider
|
|
|
|
BOOL fTestCert; // certchk policy will set
|
|
|
|
DWORD dwRevokedReason;
|
|
|
|
DWORD dwConfidence; // set in the Certificate Provider
|
|
# define CERT_CONFIDENCE_SIG 0x10000000
|
|
# define CERT_CONFIDENCE_TIME 0x01000000
|
|
# define CERT_CONFIDENCE_TIMENEST 0x00100000
|
|
# define CERT_CONFIDENCE_AUTHIDEXT 0x00010000
|
|
# define CERT_CONFIDENCE_HIGHEST 0x11110000
|
|
|
|
DWORD dwError;
|
|
|
|
} CRYPT_PROVIDER_CERT, *PCRYPT_PROVIDER_CERT;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVIDER_SGNR structure
|
|
//----------------------------------------------------------------------------
|
|
// After the Signature Provider is finished there will be zero to many of these
|
|
// filled out. One for each signer of the message. Also, there will be zero
|
|
// to many of these filled out inside this structure. One for each counter
|
|
// signer of the signer.
|
|
//
|
|
// IMPORTANT: 1. All dynamically allocated members MUST use allocation
|
|
// and Add2 functions provided.
|
|
//
|
|
typedef struct _CRYPT_PROVIDER_SGNR
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
FILETIME sftVerifyAsOf; // either today's filetime or the timestamps
|
|
|
|
DWORD csCertChain; // do NOT set manually.
|
|
CRYPT_PROVIDER_CERT *pasCertChain; // use the Add2 allocator
|
|
|
|
DWORD dwSignerType; // set if known by policy
|
|
# define SGNR_TYPE_TIMESTAMP 0x00000010
|
|
|
|
CMSG_SIGNER_INFO *psSigner; // must use the pfnAlloc allocator!
|
|
|
|
DWORD dwError; // error encounted while building/verifying the signer.
|
|
|
|
DWORD csCounterSigners; // do NOT set manually.
|
|
struct _CRYPT_PROVIDER_SGNR *pasCounterSigners; // use the Add2 allocator.
|
|
|
|
} CRYPT_PROVIDER_SGNR, *PCRYPT_PROVIDER_SGNR;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVIDER_PRIVDATA structure
|
|
//----------------------------------------------------------------------------
|
|
// This structure is to allow Policy Provider functions to share
|
|
// POLICY SPECIFIC data between Policy Functions.
|
|
// The Policy must use the pfnAddPrivateData2Chain function and
|
|
// must free any data within the member before the Final Policy returns
|
|
// to WVT.
|
|
// To allow multiple providers to use this feature, each provider that
|
|
// uses this member must set the provider ID to it's Action ID so that
|
|
// the provider can find its data and ignore any other.
|
|
//
|
|
typedef struct _CRYPT_PROVIDER_PRIVDATA
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
GUID gProviderID;
|
|
|
|
DWORD cbProvData;
|
|
void *pvProvData;
|
|
|
|
} CRYPT_PROVIDER_PRIVDATA, *PCRYPT_PROVIDER_PRIVDATA;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CRYPT_PROVIDER_DATA Structure
|
|
//----------------------------------------------------------------------------
|
|
// Used to pass information between WinVerifyTrust and all of the Provider
|
|
// calls.
|
|
//
|
|
// IMPORTANT: 1. All dynamically allocated members MUST use the allocation
|
|
// and Add2 functions provided.
|
|
//
|
|
typedef struct _CRYPT_PROVIDER_DATA
|
|
{
|
|
DWORD cbStruct; // = sizeof(TRUST_PROVIDER_DATA) (set in WVT)
|
|
|
|
WINTRUST_DATA *pWintrustData; // NOT verified (set in WVT)
|
|
BOOL fOpenedFile; // the provider opened the file handle (if applicable)
|
|
HWND hWndParent; // if passed in, else, Desktop hWnd (set in WVT).
|
|
GUID *pgActionID; // represents the Provider combination (set in WVT).
|
|
|
|
HCRYPTPROV hProv; // set in WVT
|
|
|
|
DWORD dwError; // error to be returned
|
|
|
|
DWORD dwRegSecuritySettings; // ie security settings (set in WVT)
|
|
DWORD dwRegPolicySettings; // setreg settings (set in WVT)
|
|
|
|
CRYPT_PROVIDER_FUNCTIONS sPfns; // set in WVT.
|
|
|
|
DWORD cdwTrustStepErrors; // set in WVT.
|
|
DWORD *padwTrustStepErrors; // allocated in WVT. filled in WVT & Trust Provider
|
|
|
|
DWORD chStores; // number of stores in pahStores (root set in WVT)
|
|
HCERTSTORE *pahStores; // array of known stores (root set in WVT) root is ALWAYS #0!!!
|
|
|
|
DWORD dwEncoding; // message encoding type (set in WVT and Signature Prov)
|
|
HCRYPTMSG hMsg; // set in Signature Prov.
|
|
|
|
GUID gSubject; // subject guid of file/member file. (set in Sig Prov)
|
|
struct SIP_DISPATCH_INFO_ *pSip; // set in Sig Prov - defined in sipbase.h
|
|
struct SIP_DISPATCH_INFO_ *pCATSip; // set in Sig Prov - defined in sipbase.h
|
|
struct SIP_SUBJECTINFO_ *psSipSubjectInfo; // set in Sig Prov - defined in sipbase.h
|
|
struct SIP_SUBJECTINFO_ *psSipCATSubjectInfo; // set in Sig Prov - defined in sipbase.h
|
|
struct SIP_INDIRECT_DATA_ *psIndirectData; // set in Sig Prov - defined in sipbase.h
|
|
|
|
DWORD csSigners; // use Add2 function!
|
|
CRYPT_PROVIDER_SGNR *pasSigners; // use Add2 function!
|
|
|
|
DWORD csProvPrivData; // use Add2 function!
|
|
CRYPT_PROVIDER_PRIVDATA *pasProvPrivData; // use Add2 function!
|
|
|
|
} CRYPT_PROVIDER_DATA, *PCRYPT_PROVIDER_DATA;
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// structures used to register action IDs
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
typedef struct _CRYPT_TRUST_REG_ENTRY
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
WCHAR *pwszDLLName;
|
|
WCHAR *pwszFunctionName;
|
|
|
|
} CRYPT_TRUST_REG_ENTRY, *PCRYPT_TRUST_REG_ENTRY;
|
|
|
|
typedef struct _CRYPT_REGISTER_ACTIONID
|
|
{
|
|
DWORD cbStruct;
|
|
|
|
CRYPT_TRUST_REG_ENTRY sInitProvider;
|
|
CRYPT_TRUST_REG_ENTRY sObjectProvider;
|
|
CRYPT_TRUST_REG_ENTRY sSignatureProvider;
|
|
CRYPT_TRUST_REG_ENTRY sCertificateProvider;
|
|
CRYPT_TRUST_REG_ENTRY sCertificatePolicyProvider;
|
|
CRYPT_TRUST_REG_ENTRY sFinalPolicyProvider;
|
|
CRYPT_TRUST_REG_ENTRY sTestPolicyProvider;
|
|
|
|
} CRYPT_REGISTER_ACTIONID, *PCRYPT_REGISTER_ACTIONID;
|
|
|
|
#pragma pack()
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WINTRUST.DLL Provider defines
|
|
//----------------------------------------------------------------------------
|
|
// The following are definitions of the Microsoft Generic Cert Provider
|
|
//
|
|
#define WT_CURRENT_VERSION 0x00000200
|
|
#define WT_MAX_FUNC_NAME 128
|
|
|
|
#define WT_PROVIDER_DLL_NAME L"WINTRUST.DLL"
|
|
#define WT_PROVIDER_CERTTRUST_FUNCTION L"WintrustCertificateTrust"
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustAddActionID
|
|
//----------------------------------------------------------------------------
|
|
// Adds a new Provider combination to the users'
|
|
// system. Creates all necessary registry entries, etc. This should be done
|
|
// during the Policy Provider's DllRegisterServer.
|
|
//
|
|
// *** THE ONLY ONE WHO SHOULD CALL THIS IS THE POLICY PROVIDER ***
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
extern BOOL WINAPI WintrustAddActionID(IN GUID *pgActionID,
|
|
IN DWORD fdwReserved, // future use.
|
|
IN CRYPT_REGISTER_ACTIONID *psProvInfo);
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustRemoveActionID
|
|
//----------------------------------------------------------------------------
|
|
// Removes the Provider action combination from the users'
|
|
// system.
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
extern BOOL WINAPI WintrustRemoveActionID(IN GUID *pgActionID);
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// WintrustLoadFunctionPointers
|
|
//----------------------------------------------------------------------------
|
|
// Retrieves the function entry points based on the Action ID given.
|
|
//
|
|
// Returns:
|
|
// TRUE success.
|
|
// FALSE fail.
|
|
//
|
|
extern BOOL WINAPI WintrustLoadFunctionPointers(GUID *pgActionID, CRYPT_PROVIDER_FUNCTIONS *pPfns);
|
|
|
|
//
|
|
// helper functions exported from wintrust.dll
|
|
//
|
|
extern HANDLE WINAPI WTHelperGetFileHandle(WINTRUST_DATA *pWintrustData);
|
|
extern WCHAR * WINAPI WTHelperGetFileName(WINTRUST_DATA *pWintrustData);
|
|
extern PCCERT_CONTEXT WINAPI WTHelperCertFindIssuerCertificate(CRYPT_PROVIDER_DATA *pProvData,
|
|
CRYPT_PROVIDER_SGNR *pSgnr,
|
|
PCCERT_CONTEXT pChildContext,
|
|
DWORD *pdwConfidence,
|
|
DWORD *pdwError);
|
|
extern BOOL WINAPI WTHelperCertIsSelfSigned(DWORD dwEncoding, CERT_INFO *pCert);
|
|
extern BOOL WINAPI WTHelperOpenKnownStores(CRYPT_PROVIDER_DATA *pProvData);
|
|
|
|
|
|
#endif // WINTRUST_H
|