archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pkisign/mssign32/signhlp.h

473 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1999
  5. //
  6. // File: signhlp.h
  7. //
  8. // Contents: Digital Signing Helper APIs
  9. //
  10. // History: June-25-1997 Xiaohs Created
  11. //----------------------------------------------------------------------------
  12. #ifndef _SIGNHLP_H
  13. #define _SIGNHLP_H
  16. #ifdef __cplusplus
  17. extern "C" {
  18. #endif
  21. //--------------------------------------------------------------------------
  22. //
  23. // Copy all the certs from store name to hDescStore
  24. //
  25. //--------------------------------------------------------------------------
  26. HRESULT MoveStoreName(HCRYPTPROV hCryptProv,
  27. DWORD dwCertEncodingType,
  28. HCERTSTORE hDescStore,
  29. DWORD dwStoreName,
  30. DWORD dwStoreFlag);
  33. //--------------------------------------------------------------------------
  34. //
  35. // Copy all the certs from hSrcStore to hDescStore
  36. //
  37. //--------------------------------------------------------------------------
  38. HRESULT MoveStore(HCERTSTORE hDescStore,
  39. HCERTSTORE hSrcStore);
  42. //--------------------------------------------------------------------------
  43. //
  44. // Build up the certificate chain. Put the whole chain to the store
  45. //
  46. //
  47. //--------------------------------------------------------------------------
  48. HRESULT BuildCertChain(HCRYPTPROV hCryptProv,
  49. DWORD dwCertEncodingType,
  50. HCERTSTORE hStore,
  51. HCERTSTORE hOptionalStore,
  52. PCCERT_CONTEXT pSigningCert,
  53. DWORD dwCertPolicy);
  56. //+-------------------------------------------------------------------------
  57. // Build the spc certificate store from the cert chain
  58. //--------------------------------------------------------------------------
  59. HRESULT BuildStoreFromStore(HCRYPTPROV hPvkProv,
  60. DWORD dwKeySpec,
  61. HCRYPTPROV hCryptProv,
  62. DWORD dwCertEncodingType,
  63. SIGNER_CERT_STORE_INFO *pCertStoreInfo,
  64. HCERTSTORE *phSpcStore,
  65. PCCERT_CONTEXT *ppSignCert);
  67. //+-------------------------------------------------------------------------
  68. // Build the spc certificate store from a spc file
  69. //--------------------------------------------------------------------------
  70. HRESULT BuildStoreFromSpcFile(HCRYPTPROV hPvkProv,
  71. DWORD dwKeySpec,
  72. HCRYPTPROV hCryptProv,
  73. DWORD dwCertEncodingType,
  74. LPCWSTR pwszSpcFile,
  75. HCERTSTORE *phSpcStore,
  76. PCCERT_CONTEXT *ppSignCert);
  80. //+-------------------------------------------------------------------------
  81. // Build the spc certificate store from either a spc file or the
  82. // cert chain
  83. //--------------------------------------------------------------------------
  84. HRESULT BuildCertStore(HCRYPTPROV hPvkProv,
  85. DWORD dwKeySpec,
  86. HCRYPTPROV hCryptProv,
  87. DWORD dwCertEncodingType,
  88. SIGNER_CERT *pSignerCert,
  89. HCERTSTORE *phSpcStore,
  90. PCCERT_CONTEXT *ppSigningCert);
  93. //-----------------------------------------------------------------------------
  94. //
  95. // Parse the private key information from a pCertContext's property
  96. // CERT_PVK_FILE_PROP_ID
  97. //
  98. //----------------------------------------------------------------------------
  99. BOOL GetProviderInfoFromCert(PCCERT_CONTEXT pCertContext,
  100. CRYPT_KEY_PROV_INFO *pKeyProvInfo);
  102. //+-------------------------------------------------------------------------
  103. // Get hCryptProv handle and key spec for the certificate
  104. //--------------------------------------------------------------------------
  105. BOOL WINAPI GetCryptProvFromCert(
  106. HWND hwnd,
  107. PCCERT_CONTEXT pCert,
  108. HCRYPTPROV *phCryptProv,
  109. DWORD *pdwKeySpec,
  110. BOOL *pfDidCryptAcquire,
  111. LPWSTR *ppwszTmpContainer,
  112. LPWSTR *ppwszProviderName,
  113. DWORD *pdwProviderType
  114. );
  117. //This is a subst of GetCryptProvFromCert. This function does not consider
  118. //the private key file property of the certificate
  119. BOOL WINAPI CryptProvFromCert(
  120. HWND hwnd,
  121. PCCERT_CONTEXT pCert,
  122. HCRYPTPROV *phCryptProv,
  123. DWORD *pdwKeySpec,
  124. BOOL *pfDidCryptAcquire
  125. );
  127. //+-------------------------------------------------------------------------
  128. // Free hCryptProv handle and key spec for the certificate
  129. //--------------------------------------------------------------------------
  130. void WINAPI FreeCryptProvFromCert(BOOL fAcquired,
  131. HCRYPTPROV hProv,
  132. LPWSTR pwszCapiProvider,
  133. DWORD dwProviderType,
  134. LPWSTR pwszTmpContainer);
  137. //+-----------------------------------------------------------------------
  138. // Check the input parameters of Signcode. Make sure they are valid.
  139. //
  140. //+-----------------------------------------------------------------------
  141. BOOL CheckSigncodeParam(
  142. SIGNER_SUBJECT_INFO *pSubjectInfo,
  143. SIGNER_CERT *pSignerCert,
  144. SIGNER_SIGNATURE_INFO *pSignatureInfo,
  145. SIGNER_PROVIDER_INFO *pProviderInfo);
  147. //+-----------------------------------------------------------------------
  148. // Check the SIGNER_SUBJECT_INFO
  149. //
  150. //+-----------------------------------------------------------------------
  151. BOOL CheckSigncodeSubjectInfo(
  152. PSIGNER_SUBJECT_INFO pSubjectInfo);
  155. //+-----------------------------------------------------------------------
  156. //
  157. //
  158. // Parameters:
  159. // Return Values:
  160. // Error Codes:
  161. //
  162. //------------------------------------------------------------------------
  164. HRESULT WINAPI
  165. AddTimeStampSubj(IN DWORD dwEncodingType,
  166. IN HCRYPTPROV hCryptProv,
  167. IN LPSIP_SUBJECTINFO pSipInfo,
  168. IN DWORD *pdwIndex,
  169. IN PBYTE pbTimeStampResponse,
  170. IN DWORD cbTimeStampResponse,
  171. IN PBYTE pbEncodedSignerInfo,
  172. IN DWORD cbEncodedSignerInfo,
  173. OUT PBYTE* ppbMessage,
  174. OUT DWORD* pcbMessage);
  177. //+-----------------------------------------------------------------------
  178. //
  179. //
  180. // Parameters:
  181. // Return Values:
  182. // Error Codes:
  183. //
  184. //------------------------------------------------------------------------
  186. HRESULT WINAPI
  187. GetSignedMessageDigest(IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject based on which to create a timestamp request
  188. IN LPVOID pSipData,
  189. IN OUT PBYTE* ppbDigest,
  190. IN OUT DWORD* pcbDigest);
  192. //+-----------------------------------------------------------------------
  193. //
  194. //
  195. // Parameters:
  196. // Return Values:
  197. // Error Codes:
  198. //
  199. //------------------------------------------------------------------------
  201. HRESULT WINAPI
  202. GetSignedMessageDigestSubj(IN DWORD dwEncodingType,
  203. IN HCRYPTPROV hCryptProv,
  204. IN struct SIP_SUBJECTINFO_ *pSipInfo, // SIP information
  205. IN DWORD* pdwIndex,
  206. IN OUT PBYTE* ppbTimeDigest,
  207. IN OUT DWORD* pcbTimeDigest);
  209. //+-----------------------------------------------------------------------
  210. //
  211. //
  212. // Parameters:
  213. // Return Values:
  214. // Error Codes:
  215. //
  216. //------------------------------------------------------------------------
  218. HRESULT WINAPI
  219. TimeStampRequest(IN DWORD dwEncodingType,
  220. IN PCRYPT_ATTRIBUTES psRequest,
  221. IN PBYTE pbDigest,
  222. IN DWORD cbDigest,
  223. OUT PBYTE pbTimeRequest,
  224. IN OUT DWORD* pcbTimeRequest);
  227. //+-----------------------------------------------------------------------
  228. // FileToSubjectType
  229. //
  230. // Parameters:
  231. // Return Values:
  232. // Error Codes:
  233. // E_INVALIDARG
  234. // Invalid arguement passed in (Requires a file name
  235. // and pointer to a guid ptr)
  236. // TRUST_E_SUBJECT_FORM_UNKNOWN
  237. // Unknow file type
  238. // See also:
  239. // GetFileInformationByHandle()
  240. // CreateFile()
  241. //
  242. //------------------------------------------------------------------------
  244. HRESULT SignOpenFile(LPCWSTR pwszFilename,
  245. HANDLE* pFileHandle);
  248. //+-----------------------------------------------------------------------
  249. // SignGetFileType
  250. //
  251. // Parameters:
  252. // Return Values:
  253. // Error Codes:
  254. // E_INVALIDARG
  255. // Invalid arguement passed in (Requires a file name
  256. // and pointer to a guid ptr)
  257. // See also:
  258. // GetFileInformationByHandle()
  259. // CreateFile()
  260. //
  261. //------------------------------------------------------------------------
  263. HRESULT SignGetFileType(HANDLE hFile,
  264. const WCHAR *pwszFile,
  265. GUID* pGuid);
  267. //+-----------------------------------------------------------------------
  268. // SpcGetFileType
  269. //
  270. // Parameters:
  271. // Return Values:
  272. // Error Codes:
  273. // E_INVALIDARG
  274. // Invalid arguement passed in (Requires a file name
  275. // and pointer to a guid ptr)
  276. // See also:
  277. // GetFileInformationByHandle()
  278. // CreateFile()
  279. //
  280. //------------------------------------------------------------------------
  281. HRESULT SpcGetFileType(HANDLE hFile,
  282. GUID* pGuid);
  285. //+-----------------------------------------------------------------------
  286. // SpcOpenFile
  287. //
  288. // Parameters:
  289. // Return Values:
  290. // Error Codes:
  291. // E_INVALIDARG
  292. // Invalid arguement passed in (Requires a file name
  293. // and pointer to a handle);
  294. // See also:
  295. // GetFileInformationByHandle()
  296. // CreateFile()
  297. //
  298. //------------------------------------------------------------------------
  300. HRESULT SpcOpenFile(LPCWSTR pwszFileName,
  301. HANDLE* pFileHandle);
  304. //+-------------------------------------------------------------------------
  305. // Find the the cert from the hprov
  306. // Parameter Returns:
  307. // pReturnCert - context of the cert found (must pass in cert context);
  308. // Returns:
  309. // S_OK - everything worked
  310. // E_OUTOFMEMORY - memory failure
  311. // E_INVALIDARG - no pReturnCert supplied
  312. // CRYPT_E_NO_MATCH - could not locate certificate in store
  313. //
  315. HRESULT
  316. SpcGetCertFromKey(IN DWORD dwCertEncodingType,
  317. IN HCERTSTORE hStore,
  318. IN HCRYPTPROV hProv,
  319. IN DWORD hKeySpec,
  320. OUT PCCERT_CONTEXT* pReturnCert);
  323. //+-------------------------------------------------------------------------
  324. //If all of the following three conditions are true, we should not put
  325. // commercial or individual authenticated attributes into signer info
  326. //
  327. //1. the enhanced key usage extension of the signer's certificate has no code signing usage (szOID_PKIX_KP_CODE_SIGNING)
  328. //2. basic constraints extension of the signer's cert is missing, or it is neither commercial nor individual
  329. //3. user did not specify -individual or -commercial in signcode.exe.
  330. //--------------------------------------------------------------------------
  331. BOOL NeedStatementTypeAttr(IN PCCERT_CONTEXT psSigningContext,
  332. IN BOOL fCommercial,
  333. IN BOOL fIndividual);
  335. //+-------------------------------------------------------------------------
  336. // Returns TRUE if the Signer Cert has a Key Usage Restriction extension and
  337. // only the commercial key purpose policy object identifier.
  338. //
  339. // Returns FALSE if it contains both a commercial and individual purpose
  340. // policy object identifier.
  341. //--------------------------------------------------------------------------
  342. HRESULT CheckCommercial(IN PCCERT_CONTEXT pSignerCert,
  343. IN BOOL fCommercial,
  344. IN BOOL fIndividual,
  345. OUT BOOL *pfCommercial);
  348. //+-------------------------------------------------------------------------
  349. // Encode the StatementType authenticated attribute value
  350. //--------------------------------------------------------------------------
  351. HRESULT CreateStatementType(IN BOOL fCommercial,
  352. OUT BYTE **ppbEncoded,
  353. IN OUT DWORD *pcbEncoded);
  355. //+-------------------------------------------------------------------------
  356. // Encode the SpOpusInfo authenticated attribute value
  357. //--------------------------------------------------------------------------
  358. HRESULT CreateOpusInfo(IN LPCWSTR pwszOpusName,
  359. IN LPCWSTR pwszOpusInfo,
  360. OUT BYTE **ppbEncoded,
  361. IN OUT DWORD *pcbEncoded);
  364. //+-----------------------------------------------------------------------
  365. //
  366. //
  367. // Parameters:
  368. // Return Values:
  369. // Error Codes:
  370. //
  371. //------------------------------------------------------------------------
  373. HRESULT SpcLoadSipFlags(GUID* pSubjectGuid,
  374. DWORD *dwFlags);
  376. //+-----------------------------------------------------------------------
  377. //
  378. //
  379. // Parameters:
  380. // Return Values:
  381. // Error Codes:
  382. //
  383. //------------------------------------------------------------------------
  385. HINSTANCE GetInstanceHandle();
  387. //+-----------------------------------------------------------------------
  388. //
  389. //
  390. // Parameters:
  391. // Return Values:
  392. // Error Codes:
  393. //
  394. //------------------------------------------------------------------------
  396. void WINAPI PvkFreeCryptProv(IN HCRYPTPROV hProv,
  397. IN LPCWSTR pwszCapiProvider,
  398. IN DWORD dwProviderType,
  399. IN LPWSTR pwszTmpContainer);
  402. //+-----------------------------------------------------------------------
  403. //
  404. //
  405. // Parameters:
  406. // Return Values:
  407. // Error Codes:
  408. //
  409. //------------------------------------------------------------------------
  410. HRESULT WINAPI PvkGetCryptProv( IN HWND hwnd,
  411. IN LPCWSTR pwszCaption,
  412. IN LPCWSTR pwszCapiProvider,
  413. IN DWORD dwProviderType,
  414. IN LPCWSTR pwszPvkFile,
  415. IN LPCWSTR pwszKeyContainerName,
  416. IN DWORD *pdwKeySpec,
  417. OUT LPWSTR *ppwszTmpContainer,
  418. OUT HCRYPTPROV *phCryptProv);
  423. //+-----------------------------------------------------------------------
  424. // Check to see if the certificate is a glue cert
  425. //------------------------------------------------------------------------
  426. HRESULT SignIsGlueCert(IN PCCERT_CONTEXT pCert);
  428. //+-----------------------------------------------------------------------
  429. // Return hr based on GetLastError().
  430. //------------------------------------------------------------------------
  431. HRESULT WINAPI SignError();
  433. //+-----------------------------------------------------------------------
  434. // Check if there is TAG in front of a PKCS7 signed message
  435. //------------------------------------------------------------------------
  436. BOOL WINAPI SignNoContentWrap(IN const BYTE *pbDER,
  437. IN DWORD cbDER);
  439. //-------------------------------------------------------------------------
  440. //
  441. // WSZtoSZ:
  442. // Convert a wchar string to a multi-byte string.
  443. //
  444. //-------------------------------------------------------------------------
  445. HRESULT WSZtoSZ(LPWSTR wsz, LPSTR *psz);
  447. //-------------------------------------------------------------------------
  448. //
  449. // BytesToBase64:
  450. // convert bytes to base64 bstr
  451. //
  452. //-------------------------------------------------------------------------
  453. HRESULT BytesToBase64(BYTE *pb, DWORD cb, CHAR **pszEncode, DWORD *pdwEncode);
  455. //-------------------------------------------------------------------------
  456. //
  457. // BytesToBase64:
  458. // conver base64 bstr to bytes
  459. //
  460. //-------------------------------------------------------------------------
  461. HRESULT Base64ToBytes(CHAR *pEncode, DWORD cbEncode, BYTE **ppb, DWORD *pcb);
  465. #ifdef __cplusplus
  466. }
  467. #endif
  471. #endif