📄 wintrust.h
字号:
//
// Since the function entry points are common (same return value and
// parameters), it allows Policy Provider developers to take advantage
// of existing, generic, code to fill the CRYPT_PROVIDER_DATA structure.
//
// This also allows the developer to simply add the specific policy they
// need, then, call the generic Policy Provider - if appropriate.
//
//////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
//
// Wintrust Policy Flags
//----------------------------------------------------------------------------
// These are set during install and can be modified by the user
// through various means. The SETREG.EXE utility (found in the Authenticode
// Tools Pack) will select/deselect each of them.
//
#define WTPF_TRUSTTEST 0x00000020 // trust any "TEST" certificate
#define WTPF_TESTCANBEVALID 0x00000080
#define WTPF_IGNOREEXPIRATION 0x00000100 // Use expiration date
#define WTPF_IGNOREREVOKATION 0x00000200 // Do revocation check
#define WTPF_OFFLINEOK_IND 0x00000400 // off-line is ok individual certs
#define WTPF_OFFLINEOK_COM 0x00000800 // off-line is ok commercial certs
#define WTPF_OFFLINEOKNBU_IND 0x00001000 // off-line is ok individual certs, no bad ui
#define WTPF_OFFLINEOKNBU_COM 0x00002000 // off-line is ok commercial certs, no bad ui
#define WTPF_VERIFY_V1_OFF 0x00010000 // turn verify of v1 certs off
#define WTPF_IGNOREREVOCATIONONTS 0x00020000 // ignore TimeStamp revocation checks
#define WTPF_ALLOWONLYPERTRUST 0x00040000 // allow only items in personal trust db.
//////////////////////////////////////////////////////////////////////////////
//
// WintrustGetRegPolicyFlags
//----------------------------------------------------------------------------
// This API call is exported from WINTRUST.DLL and is the recommended method
// of retrieving the DWORD representing the Policy Flags.
//
extern void WINAPI WintrustGetRegPolicyFlags(DWORD *pdwPolicyFlags);
//////////////////////////////////////////////////////////////////////////////
//
// WintrustSetRegPolicyFlags
//----------------------------------------------------------------------------
// This API call is exported from WINTRUST.DLL and is the recommended method
// of setting the DWORD representing the Policy Flags. MAKE SURE to call
// WintrustGetRegPolicyFlags to get the current value and or/and the value
// you need then call the set the flags.
//
extern BOOL WINAPI WintrustSetRegPolicyFlags(DWORD dwPolicyFlags);
//////////////////////////////////////////////////////////////////////////////
//
// Trust Provider "Step" Error defines
//----------------------------------------------------------------------------
// Each "step" of the Trust process has an error "slot" associated with it.
// If an error occurs, the "step" will assign its result to this "slot". These
// errors can be any valid WINERROR.H HRESULT code.
//
//
// step errors 0 through 20 are reserved for Authenticode specific. If
// you are not calling any of the SOFTPUB.DLL (Authenticode) providers, you
// may use these as needed.
//
#define TRUSTERROR_STEP_WVTPARAMS 0
#define TRUSTERROR_STEP_FILEIO 2
#define TRUSTERROR_STEP_SIP 3
#define TRUSTERROR_STEP_SIPSUBJINFO 5
#define TRUSTERROR_STEP_CATALOGFILE 6
#define TRUSTERROR_STEP_CERTSTORE 7
#define TRUSTERROR_STEP_MESSAGE 8
#define TRUSTERROR_STEP_MSG_SIGNERCOUNT 9
#define TRUSTERROR_STEP_MSG_INNERCNTTYPE 10
#define TRUSTERROR_STEP_MSG_INNERCNT 11
#define TRUSTERROR_STEP_MSG_STORE 12
#define TRUSTERROR_STEP_MSG_SIGNERINFO 13
#define TRUSTERROR_STEP_MSG_SIGNERCERT 14
#define TRUSTERROR_STEP_MSG_CERTCHAIN 15
#define TRUSTERROR_STEP_MSG_COUNTERSIGINFO 16
#define TRUSTERROR_STEP_MSG_COUNTERSIGCERT 17
#define TRUSTERROR_STEP_VERIFY_MSGHASH 18
#define TRUSTERROR_STEP_VERIFY_MSGINDIRECTDATA 19
//
// step errors 30 through 37 are reserved for the ending error code for each
// entry point in the Trust Model.
//
#define TRUSTERROR_STEP_FINAL_WVTINIT 30
#define TRUSTERROR_STEP_FINAL_INITPROV 31
#define TRUSTERROR_STEP_FINAL_OBJPROV 32
#define TRUSTERROR_STEP_FINAL_SIGPROV 33
#define TRUSTERROR_STEP_FINAL_CERTPROV 34
#define TRUSTERROR_STEP_FINAL_CERTCHKPROV 35
#define TRUSTERROR_STEP_FINAL_POLICYPROV 36
#define TRUSTERROR_STEP_FINAL_UIPROV 37
#define TRUSTERROR_MAX_STEPS 38
//////////////////////////////////////////////////////////////////////////////
//
// allocation and free function prototypes
//----------------------------------------------------------------------------
//
typedef void *(*PFN_CPD_MEM_ALLOC)(IN DWORD cbSize);
typedef void (*PFN_CPD_MEM_FREE)(IN void *pvMem2Free);
typedef BOOL (*PFN_CPD_ADD_STORE)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
IN HCERTSTORE hStore2Add);
typedef BOOL (*PFN_CPD_ADD_SGNR)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
IN BOOL fCounterSigner,
IN OPTIONAL DWORD idxSigner,
IN struct _CRYPT_PROVIDER_SGNR *pSgnr2Add);
typedef BOOL (*PFN_CPD_ADD_CERT)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
IN DWORD idxSigner,
IN BOOL fCounterSigner,
IN OPTIONAL DWORD idxCounterSigner,
IN PCCERT_CONTEXT pCert2Add);
typedef BOOL (*PFN_CPD_ADD_PRIVDATA)(IN struct _CRYPT_PROVIDER_DATA *pProvData,
IN struct _CRYPT_PROVIDER_PRIVDATA *pPrivData2Add);
//////////////////////////////////////////////////////////////////////////////
//
// Provider function prototypes
//----------------------------------------------------------------------------
//
//
// entry point for the object provider
//
typedef HRESULT (*PFN_PROVIDER_INIT_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the object provider
//
typedef HRESULT (*PFN_PROVIDER_OBJTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Signature Provider
//
typedef HRESULT (*PFN_PROVIDER_SIGTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Certificate Provider
//
typedef HRESULT (*PFN_PROVIDER_CERTTRUST_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Policy Provider's final call (from the trust provider)
//
typedef HRESULT (*PFN_PROVIDER_FINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Policy Provider's "dump structure" call
//
typedef HRESULT (*PFN_PROVIDER_TESTFINALPOLICY_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Policy Provider's clean up routine for any PRIVDATA allocated
//
typedef HRESULT (*PFN_PROVIDER_CLEANUP_CALL)(IN OUT struct _CRYPT_PROVIDER_DATA *pProvData);
//
// entry point for the Policy Provider's Cert Check call. This will return
// true if the Trust Provider is to continue building the certificate chain.
// If the PP returns FALSE, it is assumed that we have reached a "TRUSTED",
// self-signed, root. it is also the CertCheck's responsibility to set the
// fTrustedRoot flag in the certificate structure.
//
typedef BOOL (*PFN_PROVIDER_CERTCHKPOLICY_CALL)( IN struct _CRYPT_PROVIDER_DATA *pProvData,
IN DWORD idxSigner,
IN BOOL fCounterSignerChain,
IN OPTIONAL DWORD idxCounterSigner);
#define WVT_OFFSETOF(t,f) ((ULONG)((ULONG_PTR)(&((t*)0)->f)))
#define WVT_ISINSTRUCT(structtypedef, structpassedsize, member) \
((WVT_OFFSETOF(structtypedef, member) < structpassedsize) ? TRUE : FALSE)
#define WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(structtypedef, structpassedsize, member) \
WVT_ISINSTRUCT(structtypedef, structpassedsize, member)
#include <pshpack8.h>
//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_DATA Structure
//----------------------------------------------------------------------------
// Used to pass information between WinVerifyTrust and all of the Provider
// calls.
//
// IMPORTANT: 1. All dynamically allocated members MUST use the allocation
// and Add2 functions provided.
//
typedef struct _CRYPT_PROVIDER_DATA
{
DWORD cbStruct; // = sizeof(TRUST_PROVIDER_DATA) (set in WVT)
WINTRUST_DATA *pWintrustData; // NOT verified (set in WVT)
BOOL fOpenedFile; // the provider opened the file handle (if applicable)
HWND hWndParent; // if passed in, else, Desktop hWnd (set in WVT).
GUID *pgActionID; // represents the Provider combination (set in WVT).
HCRYPTPROV hProv; // set to NULL to let CryptoAPI to assign.
DWORD dwError; // error if a low-level, system error was encountered
DWORD dwRegSecuritySettings; // ie security settings (set in WVT)
DWORD dwRegPolicySettings; // setreg settings (set in WVT)
struct _CRYPT_PROVIDER_FUNCTIONS *psPfns; // set in WVT.
DWORD cdwTrustStepErrors; // set in WVT.
DWORD *padwTrustStepErrors; // allocated in WVT. filled in WVT & Trust Provider
DWORD chStores; // number of stores in pahStores (root set in WVT)
HCERTSTORE *pahStores; // array of known stores (root set in WVT) root is ALWAYS #0!!!
DWORD dwEncoding; // message encoding type (set in WVT and Signature Prov)
HCRYPTMSG hMsg; // set in Signature Prov.
DWORD csSigners; // use Add2 and Get functions!
struct _CRYPT_PROVIDER_SGNR *pasSigners; // use Add2 and Get functions!
DWORD csProvPrivData; // use Add2 and Get functions!
struct _CRYPT_PROVIDER_PRIVDATA *pasProvPrivData; // use Add2 and Get functions!
DWORD dwSubjectChoice;
# define CPD_CHOICE_SIP 1
union
{
struct _PROVDATA_SIP *pPDSip;
};
char *pszUsageOID; // set in Init Provider
// 03-Oct-1997 pberkman: added
BOOL fRecallWithState; // state was maintained for Catalog Files.
// 10-Nov-1997 pberkman: added
FILETIME sftSystemTime;
// 16-Jan-1998 pberkman: added
char *pszCTLSignerUsageOID;
// 17-Feb-1998 philh: added
// LOWORD intialized from WINTRUST_DATA's dwProvFlags.
DWORD dwProvFlags;
# define CPD_USE_NT5_CHAIN_FLAG 0x80000000
# define CPD_REVOCATION_CHECK_NONE 0x00010000
# define CPD_REVOCATION_CHECK_END_CERT 0x00020000
# define CPD_REVOCATION_CHECK_CHAIN 0x00040000
# define CPD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00080000
// 24-Feb-1998 philh: added
DWORD dwFinalError;
// 20-May-1998 KeithV: added
PCERT_USAGE_MATCH pRequestUsage;
// 02-Aug-2000 philh: added
DWORD dwTrustPubSettings;
// 02-Sep-2003 tonyschr: added
DWORD dwUIStateFlags;
# define CPD_UISTATE_MODE_PROMPT 0x00000000
# define CPD_UISTATE_MODE_BLOCK 0x00000001
# define CPD_UISTATE_MODE_ALLOW 0x00000002
# define CPD_UISTATE_MODE_MASK 0x00000003
} CRYPT_PROVIDER_DATA, *PCRYPT_PROVIDER_DATA;
//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVIDER_FUNCTIONS structure
//----------------------------------------------------------------------------
//
typedef struct _CRYPT_PROVIDER_FUNCTIONS
{
DWORD cbStruct;
PFN_CPD_MEM_ALLOC pfnAlloc; // set in WVT
PFN_CPD_MEM_FREE pfnFree; // set in WVT
PFN_CPD_ADD_STORE pfnAddStore2Chain; // call to add a store to the chain.
PFN_CPD_ADD_SGNR pfnAddSgnr2Chain; // call to add a sgnr struct to a msg struct sgnr chain
PFN_CPD_ADD_CERT pfnAddCert2Chain; // call to add a cert struct to a sgnr struct cert chain
PFN_CPD_ADD_PRIVDATA pfnAddPrivData2Chain; // call to add provider private data to struct.
PFN_PROVIDER_INIT_CALL pfnInitialize; // initialize Policy data.
PFN_PROVIDER_OBJTRUST_CALL pfnObjectTrust; // build info up to the signer info(s).
PFN_PROVIDER_SIGTRUST_CALL pfnSignatureTrust; // build info to the signing cert
PFN_PROVIDER_CERTTRUST_CALL pfnCertificateTrust; // build the chain
PFN_PROVIDER_FINALPOLICY_CALL pfnFinalPolicy; // final call to policy
PFN_PROVIDER_CERTCHKPOLICY_CALL pfnCertCheckPolicy; // check each cert will building chain
PFN_PROVIDER_TESTFINALPOLICY_CALL pfnTestFinalPolicy; // dump structures to a file (or whatever the policy chooses)
struct _CRYPT_PROVUI_FUNCS *psUIpfns;
// 23-Jul-1997 pberkman: added
PFN_PROVIDER_CLEANUP_CALL pfnCleanupPolicy; // PRIVDATA cleanup routine.
} CRYPT_PROVIDER_FUNCTIONS, *PCRYPT_PROVIDER_FUNCTIONS;
//////////////////////////////////////////////////////////////////////////////
//
// CRYPT_PROVUI_FUNCS structure
//----------------------------------------------------------------------------
//
typedef BOOL (*PFN_PROVUI_CALL)(IN HWND hWndSecurityDialog, IN struct _CRYPT_PROVIDER_DATA *pProvData);
typedef struct _CRYPT_PROVUI_FUNCS
{
DWORD cbStruct;
struct _CRYPT_PROVUI_DATA *psUIData;
PFN_PROVUI_CALL pfnOnMoreInfoClick;
PFN_PROVUI_CALL pfnOnMoreInfoClickDefault;
PFN_PROVUI_CALL pfnOnAdvancedClick;
PFN_PROVUI_CALL pfnOnAdvancedClickDefault;
} CRYPT_PROVUI_FUNCS, *PCRYPT_PROVUI_FUNCS;
//////////////////////////////////////////////////////////////////////////////
//
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -