|
|
//+-------------------------------------------------------------------------//// Microsoft Windows - Internet Security//// Copyright (C) Microsoft Corporation, 1996 - 1997//// File: mssip.h//// Contents: Microsoft SIP Provider Main Include File//// History: 19-Feb-1997 pberkman Created////--------------------------------------------------------------------------
#ifndef MSSIP_H#define MSSIP_H
#ifdef __cplusplus extern "C" {#endif
#pragma pack (8)
typedef CRYPT_HASH_BLOB CRYPT_DIGEST_DATA;
//// dwflags//#define MSSIP_FLAGS_PROHIBIT_RESIZE_ON_CREATE 0x00010000#define MSSIP_FLAGS_USE_CATALOG 0x00020000
#define SPC_INC_PE_RESOURCES_FLAG 0x80#define SPC_INC_PE_DEBUG_INFO_FLAG 0x40#define SPC_INC_PE_IMPORT_ADDR_TABLE_FLAG 0x20
////////////////////////////////////////////////////////////////////////////////// SIP_SUBJECTINFO//----------------------------------------------------------------------------// pass this structure to all defined SIPs. Make sure to initialize// the ENTIRE structure to binary zero before the FIRST call is made. Do // not initialize it BETWEEN calls!//typedef struct SIP_SUBJECTINFO_{ DWORD cbSize; // set to sizeof(SIP_SUBJECTINFO) GUID *pgSubjectType; // subject type HANDLE hFile; // set to File handle that represents the subject // set to INVALID_HANDLE VALUE to allow // SIP to use pwsFileName for persistent // storage types (will handle open/close) LPCWSTR pwsFileName; // set to file name LPCWSTR pwsDisplayName; // optional: set to display name of // subject.
DWORD dwReserved1; // do not use!
DWORD dwIntVersion; // DO NOT SET OR CLEAR THIS. // This member is used by the sip for // passing the internal version number // between the ..get and verify... functions. HCRYPTPROV hProv; CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm; DWORD dwFlags; DWORD dwEncodingType;
DWORD dwReserved2; // do not use!
DWORD fdwCAPISettings; // setreg settings DWORD fdwSecuritySettings; // IE security settings DWORD dwIndex; // message index of last "Get"
DWORD dwUnionChoice;# define MSSIP_ADDINFO_NONE 0# define MSSIP_ADDINFO_FLAT 1# define MSSIP_ADDINFO_CATMEMBER 2# define MSSIP_ADDINFO_BLOB 3# define MSSIP_ADDINFO_NONMSSIP 500 // everything < is reserved by MS.
union { struct MS_ADDINFO_FLAT_ *psFlat; struct MS_ADDINFO_CATALOGMEMBER_ *psCatMember; struct MS_ADDINFO_BLOB_ *psBlob; };
LPVOID pClientData; // data pased in from client to SIP
} SIP_SUBJECTINFO, *LPSIP_SUBJECTINFO;
////////////////////////////////////////////////////////////////////////////////// MS_ADDINFO_FLAT//----------------------------------------------------------------------------// Flat or End-To-End types// needed for flat type files during indirect calls// "Digest" of file.//typedef struct MS_ADDINFO_FLAT_{ DWORD cbStruct; struct SIP_INDIRECT_DATA_ *pIndirectData;} MS_ADDINFO_FLAT, *PMS_ADDINFO_FLAT;
////////////////////////////////////////////////////////////////////////////////// MS_ADDINFO_CATALOGMEMBER//----------------------------------------------------------------------------// Catalog Member verification.//typedef struct MS_ADDINFO_CATALOGMEMBER_{ DWORD cbStruct; // = sizeof(MS_ADDINFO_CATALOGMEMBER) struct CRYPTCATSTORE_ *pStore; // defined in mscat.h struct CRYPTCATMEMBER_ *pMember; // defined in mscat.h} MS_ADDINFO_CATALOGMEMBER, *PMS_ADDINFO_CATALOGMEMBER;
////////////////////////////////////////////////////////////////////////////////// MS_ADDINFO_BLOB//----------------------------------------------------------------------------// Memory "blob" verification.//typedef struct MS_ADDINFO_BLOB_{ DWORD cbStruct; DWORD cbMemObject; BYTE *pbMemObject; DWORD cbMemSignedMsg; BYTE *pbMemSignedMsg;
} MS_ADDINFO_BLOB, *PMS_ADDINFO_BLOB;
////////////////////////////////////////////////////////////////////////////////// SIP_INDIRECT_DATA//----------------------------------------------------------------------------// Indirect data structure is used to store the hash of the subject // along with data that is relevant to the subject. This can include // names etc.//typedef struct SIP_INDIRECT_DATA_{ CRYPT_ATTRIBUTE_TYPE_VALUE Data; // Encoded attribute CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm; // Digest algorithm used to hash CRYPT_HASH_BLOB Digest; // Hash of subject} SIP_INDIRECT_DATA, *PSIP_INDIRECT_DATA;
#pragma pack()
////////////////////////////////////////////////////////////////////////////////// CryptSIPGetSignedDataMsg//----------------------------------------------------------------------------// Returns the message specified by the index count. Data, specific to // the subject is passed in through pSubjectInfo. To retrieve the// size of the signature, set pbData to NULL.//// Returns:// TRUE: No fatal errors// FALSE: Errors occured. See GetLastError()//// Last Errors:// ERROR_NOT_ENOUGH_MEMORY: error allocating memory// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.// ERROR_INVALID_PARAMETER: bad argument passed in// ERROR_BAD_FORMAT: file/data format is not correct// for the requested SIP.// CRYPT_E_NO_MATCH: the signature could not be found// based on the dwIndex provided.// ERROR_INSUFFICIENT_BUFFER: the pbSignedDataMsg was not big// enough to hold the data. pcbSignedDataMsg// contains the required size.//extern BOOL WINAPI CryptSIPGetSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo, OUT DWORD *pdwEncodingType, IN DWORD dwIndex, IN OUT DWORD *pcbSignedDataMsg, OUT BYTE *pbSignedDataMsg);
typedef BOOL (WINAPI * pCryptSIPGetSignedDataMsg)( IN SIP_SUBJECTINFO *pSubjectInfo, OUT DWORD *pdwEncodingType, IN DWORD dwIndex, IN OUT DWORD *pcbSignedDataMsg, OUT BYTE *pbSignedDataMsg);
////////////////////////////////////////////////////////////////////////////////// CryptSIPPuttSignedDataMsg//----------------------------------------------------------------------------// Adds a signature to the subject. The index that it was // stored with is returned for future reference.//// Returns:// TRUE: No fatal errors// FALSE: Errors occured. See GetLastError()//// Last Errors:// ERROR_NOT_ENOUGH_MEMORY: error allocating memory// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.// CRYPT_E_BAD_LEN: the length specified in // psData->dwSignature was// insufficient.// CRYPT_E_NO_MATCH: could not find the specified index// ERROR_INVALID_PARAMETER: bad argument passed in// ERROR_BAD_FORMAT: file/data format is not correct// for the requested SIP.// CRYPT_E_FILERESIZED: returned when signing a fixed-length// file (e.g.: CABs) and the message// is larger than the pre-allocated// size. The 'put' function will re-// size the file and return this error.// The CreateIndirect function MUST be// called again to recalculate the // indirect data (hash). Then, call the// 'put' function again.//extern BOOL WINAPI CryptSIPPutSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwEncodingType, OUT DWORD *pdwIndex, IN DWORD cbSignedDataMsg, IN BYTE *pbSignedDataMsg);
typedef BOOL (WINAPI * pCryptSIPPutSignedDataMsg)( IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwEncodingType, OUT DWORD *pdwIndex, IN DWORD cbSignedDataMsg, IN BYTE *pbSignedDataMsg);
////////////////////////////////////////////////////////////////////////////////// CryptSIPCreateIndirectData//----------------------------------------------------------------------------// Returns a PSIP_INDIRECT_DATA structure filled in the hash, digest alogrithm// and an encoded attribute. If pcIndirectData points to a DWORD and // psIndirect data points to null the the size of the data should be returned// in pcIndirectData.//// Returns:// TRUE: No fatal errors// FALSE: Errors occured. See GetLastError()//// Last Errors:// NTE_BAD_ALGID: Bad Algorithm Identifyer// ERROR_NOT_ENOUGH_MEMORY: error allocating memory// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.// ERROR_INVALID_PARAMETER: bad argument passed in// ERROR_BAD_FORMAT: file/data format is not correct// for the requested SIP.//extern BOOL WINAPI CryptSIPCreateIndirectData( IN SIP_SUBJECTINFO *pSubjectInfo, IN OUT DWORD *pcbIndirectData, OUT SIP_INDIRECT_DATA *pIndirectData);
typedef BOOL (WINAPI * pCryptSIPCreateIndirectData)( IN SIP_SUBJECTINFO *pSubjectInfo, IN OUT DWORD *pcbIndirectData, OUT SIP_INDIRECT_DATA *pIndirectData);
////////////////////////////////////////////////////////////////////////////////// CryptSIPVerifyIndirectData//----------------------------------------------------------------------------// Takes the information stored in the indirect data and compares it to the// subject. //// Returns: // TRUE: No fatal errors// FALSE: Errors occured. See GetLastError()//// Last Errors:// NTE_BAD_ALGID: Bad Algorithm Identifyer// ERROR_NOT_ENOUGH_MEMORY: error allocating memory// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.// CRYPT_E_NO_MATCH: could not find the specified index// CRYPT_E_SECURITY_SETTINGS: due to security settings, the file// was not verified.// ERROR_INVALID_PARAMETER: bad argument passed in// ERROR_BAD_FORMAT: file/data format is not correct// for the requested SIP.extern BOOL WINAPI CryptSIPVerifyIndirectData( IN SIP_SUBJECTINFO *pSubjectInfo, IN SIP_INDIRECT_DATA *pIndirectData);
typedef BOOL (WINAPI * pCryptSIPVerifyIndirectData)( IN SIP_SUBJECTINFO *pSubjectInfo, IN SIP_INDIRECT_DATA *pIndirectData);
////////////////////////////////////////////////////////////////////////////////// CryptSIPRemoveSignedDataMsg//----------------------------------------------------------------------------// Removes the signature at the specified index//// Returns: // TRUE: No fatal errors// FALSE: Errors occured. See GetLastError()//// Last Errors:// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.// CRYPT_E_NO_MATCH: could not find the specified index// ERROR_INVALID_PARAMETER: bad argument passed in// ERROR_BAD_FORMAT: file/data format is not correct// for the requested SIP.//extern BOOL WINAPI CryptSIPRemoveSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwIndex);
typedef BOOL (WINAPI * pCryptSIPRemoveSignedDataMsg)( IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwIndex);
#pragma pack(8)
////////////////////////////////////////////////////////////////////////////////// SIP_DISPATCH_INFO//----------------------------------------------------------------------------//typedef struct SIP_DISPATCH_INFO_{ DWORD cbSize; // = sizeof(SIP_DISPATCH_INFO) HANDLE hSIP; // used internal pCryptSIPGetSignedDataMsg pfGet; pCryptSIPPutSignedDataMsg pfPut; pCryptSIPCreateIndirectData pfCreate; pCryptSIPVerifyIndirectData pfVerify; pCryptSIPRemoveSignedDataMsg pfRemove;} SIP_DISPATCH_INFO, *LPSIP_DISPATCH_INFO;
//// the sip exports this function to allow verification and signing// processes to pass in the file handle and check if the sip supports// this type of file. if it does, the sip will return TRUE and fill// out the pgSubject with the appropiate GUID.//typedef BOOL (WINAPI *pfnIsFileSupported)(IN HANDLE hFile, OUT GUID *pgSubject);
typedef BOOL (WINAPI *pfnIsFileSupportedName)(IN WCHAR *pwszFileName, OUT GUID *pgSubject);
typedef struct SIP_ADD_NEWPROVIDER_{ DWORD cbStruct; GUID *pgSubject; WCHAR *pwszDLLFileName; WCHAR *pwszMagicNumber; // optional WCHAR *pwszIsFunctionName; // optiona: pfnIsFileSupported
WCHAR *pwszGetFuncName; WCHAR *pwszPutFuncName; WCHAR *pwszCreateFuncName; WCHAR *pwszVerifyFuncName; WCHAR *pwszRemoveFuncName;
WCHAR *pwszIsFunctionNameFmt2; // optiona: pfnIsFileSupported
} SIP_ADD_NEWPROVIDER, *PSIP_ADD_NEWPROVIDER;
#define SIP_MAX_MAGIC_NUMBER 4
#pragma pack()
////////////////////////////////////////////////////////////////////////////////// CryptLoadSIP //----------------------------------------------------------------------------//// Returns: // TRUE: No fatal errors// FALSE: Errors occured. See GetLastError()//extern BOOL WINAPI CryptSIPLoad(IN const GUID *pgSubject, // GUID for the requried sip IN DWORD dwFlags, // Reserved - MUST BE ZERO IN OUT SIP_DISPATCH_INFO *pSipDispatch); // Table of functions
////////////////////////////////////////////////////////////////////////////////// CryptSIPRetrieveSubjectGuid (defined in crypt32.dll)//----------------------------------------------------------------------------// looks at the file's "Magic Number" and tries to determine which// SIP's object ID is right for the file type.// // NOTE: This function only supports the MSSIP32.DLL set of SIPs.//// Returns: // TRUE: No fatal errors// FALSE: Errors occured. See GetLastError()//extern BOOL WINAPI CryptSIPRetrieveSubjectGuid(IN LPCWSTR FileName, // wide file name IN OPTIONAL HANDLE hFileIn, // or handle of open file OUT GUID *pgSubject); // defined SIP's GUID
////////////////////////////////////////////////////////////////////////////////// CryptSIPRetrieveSubjectGuidForCatalogFile (defined in crypt32.dll)//----------------------------------------------------------------------------// looks at the file's "Magic Number" and tries to determine which// SIP's object ID is right for the file type.// // NOTE: This function only supports SIPs that are used for catalog files (either PE, CAB, or flat).//// Returns: // TRUE: No fatal errors// FALSE: Errors occured. See GetLastError()//extern BOOL WINAPI CryptSIPRetrieveSubjectGuidForCatalogFile(IN LPCWSTR FileName, // wide file name IN OPTIONAL HANDLE hFileIn, // or handle of open file OUT GUID *pgSubject); // defined SIP's GUID
////////////////////////////////////////////////////////////////////////////////// CryptSIPAddProvider//----------------------------------------------------------------------------//// Returns: // TRUE: No fatal errors// FALSE: Errors occured. See GetLastError()//extern BOOL WINAPI CryptSIPAddProvider(IN SIP_ADD_NEWPROVIDER *psNewProv);
////////////////////////////////////////////////////////////////////////////////// CryptSIPRemoveProvider//----------------------------------------------------------------------------//// Returns: // TRUE: No fatal errors// FALSE: Errors occured. See GetLastError()//extern BOOL WINAPI CryptSIPRemoveProvider(IN GUID *pgProv);
#ifdef __cplusplus}#endif
#endif // MSSIP_H
|
