// Microsoft Windows - Internet Security
// Copyright (C) Microsoft Corporation, 1996 - 1997
// File: mssip.h
// Contents: Microsoft SIP Provider Main Include File
// History: 19-Feb-1997 pberkman Created
#ifndef MSSIP_H
#define MSSIP_H
#ifdef __cplusplus
extern "C" { #endif
#pragma pack (8)
// dwflags
#define MSSIP_FLAGS_USE_CATALOG 0x00020000
// pass this structure to all defined SIPs. Make sure to initialize
// the ENTIRE structure to binary zero before the FIRST call is made. Do
// not initialize it BETWEEN calls!
typedef struct SIP_SUBJECTINFO_ { DWORD cbSize; // set to sizeof(SIP_SUBJECTINFO)
GUID *pgSubjectType; // subject type
HANDLE hFile; // set to File handle that represents the subject
// set to INVALID_HANDLE VALUE to allow
// SIP to use pwsFileName for persistent
// storage types (will handle open/close)
LPCWSTR pwsFileName; // set to file name
LPCWSTR pwsDisplayName; // optional: set to display name of
// subject.
DWORD dwReserved1; // do not use!
// This member is used by the sip for
// passing the internal version number
// between the ..get and verify... functions.
DWORD dwReserved2; // do not use!
DWORD fdwCAPISettings; // setreg settings
DWORD fdwSecuritySettings; // IE security settings
DWORD dwIndex; // message index of last "Get"
DWORD dwUnionChoice; # define MSSIP_ADDINFO_NONE 0
# define MSSIP_ADDINFO_NONMSSIP 500 // everything < is reserved by MS.
union { struct MS_ADDINFO_FLAT_ *psFlat; struct MS_ADDINFO_CATALOGMEMBER_ *psCatMember; struct MS_ADDINFO_BLOB_ *psBlob; };
LPVOID pClientData; // data pased in from client to SIP
// Flat or End-To-End types
// needed for flat type files during indirect calls
// "Digest" of file.
typedef struct MS_ADDINFO_FLAT_ { DWORD cbStruct; struct SIP_INDIRECT_DATA_ *pIndirectData; } MS_ADDINFO_FLAT, *PMS_ADDINFO_FLAT;
// Catalog Member verification.
struct CRYPTCATSTORE_ *pStore; // defined in mscat.h
struct CRYPTCATMEMBER_ *pMember; // defined in mscat.h
// Memory "blob" verification.
typedef struct MS_ADDINFO_BLOB_ { DWORD cbStruct; DWORD cbMemObject; BYTE *pbMemObject; DWORD cbMemSignedMsg; BYTE *pbMemSignedMsg;
// Indirect data structure is used to store the hash of the subject
// along with data that is relevant to the subject. This can include
// names etc.
typedef struct SIP_INDIRECT_DATA_ { CRYPT_ATTRIBUTE_TYPE_VALUE Data; // Encoded attribute
CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm; // Digest algorithm used to hash
CRYPT_HASH_BLOB Digest; // Hash of subject
#pragma pack()
// CryptSIPGetSignedDataMsg
// Returns the message specified by the index count. Data, specific to
// the subject is passed in through pSubjectInfo. To retrieve the
// size of the signature, set pbData to NULL.
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
// Last Errors:
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
// ERROR_INVALID_PARAMETER: bad argument passed in
// ERROR_BAD_FORMAT: file/data format is not correct
// for the requested SIP.
// CRYPT_E_NO_MATCH: the signature could not be found
// based on the dwIndex provided.
// ERROR_INSUFFICIENT_BUFFER: the pbSignedDataMsg was not big
// enough to hold the data. pcbSignedDataMsg
// contains the required size.
extern BOOL WINAPI CryptSIPGetSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo, OUT DWORD *pdwEncodingType, IN DWORD dwIndex, IN OUT DWORD *pcbSignedDataMsg, OUT BYTE *pbSignedDataMsg);
typedef BOOL (WINAPI * pCryptSIPGetSignedDataMsg)( IN SIP_SUBJECTINFO *pSubjectInfo, OUT DWORD *pdwEncodingType, IN DWORD dwIndex, IN OUT DWORD *pcbSignedDataMsg, OUT BYTE *pbSignedDataMsg);
// CryptSIPPuttSignedDataMsg
// Adds a signature to the subject. The index that it was
// stored with is returned for future reference.
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
// Last Errors:
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
// CRYPT_E_BAD_LEN: the length specified in
// psData->dwSignature was
// insufficient.
// CRYPT_E_NO_MATCH: could not find the specified index
// ERROR_INVALID_PARAMETER: bad argument passed in
// ERROR_BAD_FORMAT: file/data format is not correct
// for the requested SIP.
// CRYPT_E_FILERESIZED: returned when signing a fixed-length
// file (e.g.: CABs) and the message
// is larger than the pre-allocated
// size. The 'put' function will re-
// size the file and return this error.
// The CreateIndirect function MUST be
// called again to recalculate the
// indirect data (hash). Then, call the
// 'put' function again.
extern BOOL WINAPI CryptSIPPutSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwEncodingType, OUT DWORD *pdwIndex, IN DWORD cbSignedDataMsg, IN BYTE *pbSignedDataMsg);
typedef BOOL (WINAPI * pCryptSIPPutSignedDataMsg)( IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwEncodingType, OUT DWORD *pdwIndex, IN DWORD cbSignedDataMsg, IN BYTE *pbSignedDataMsg);
// CryptSIPCreateIndirectData
// Returns a PSIP_INDIRECT_DATA structure filled in the hash, digest alogrithm
// and an encoded attribute. If pcIndirectData points to a DWORD and
// psIndirect data points to null the the size of the data should be returned
// in pcIndirectData.
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
// Last Errors:
// NTE_BAD_ALGID: Bad Algorithm Identifyer
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
// ERROR_INVALID_PARAMETER: bad argument passed in
// ERROR_BAD_FORMAT: file/data format is not correct
// for the requested SIP.
extern BOOL WINAPI CryptSIPCreateIndirectData( IN SIP_SUBJECTINFO *pSubjectInfo, IN OUT DWORD *pcbIndirectData, OUT SIP_INDIRECT_DATA *pIndirectData);
typedef BOOL (WINAPI * pCryptSIPCreateIndirectData)( IN SIP_SUBJECTINFO *pSubjectInfo, IN OUT DWORD *pcbIndirectData, OUT SIP_INDIRECT_DATA *pIndirectData);
// CryptSIPVerifyIndirectData
// Takes the information stored in the indirect data and compares it to the
// subject.
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
// Last Errors:
// NTE_BAD_ALGID: Bad Algorithm Identifyer
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
// CRYPT_E_NO_MATCH: could not find the specified index
// CRYPT_E_SECURITY_SETTINGS: due to security settings, the file
// was not verified.
// ERROR_INVALID_PARAMETER: bad argument passed in
// ERROR_BAD_FORMAT: file/data format is not correct
// for the requested SIP.
extern BOOL WINAPI CryptSIPVerifyIndirectData( IN SIP_SUBJECTINFO *pSubjectInfo, IN SIP_INDIRECT_DATA *pIndirectData);
typedef BOOL (WINAPI * pCryptSIPVerifyIndirectData)( IN SIP_SUBJECTINFO *pSubjectInfo, IN SIP_INDIRECT_DATA *pIndirectData);
// CryptSIPRemoveSignedDataMsg
// Removes the signature at the specified index
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
// Last Errors:
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
// CRYPT_E_NO_MATCH: could not find the specified index
// ERROR_INVALID_PARAMETER: bad argument passed in
// ERROR_BAD_FORMAT: file/data format is not correct
// for the requested SIP.
extern BOOL WINAPI CryptSIPRemoveSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwIndex);
typedef BOOL (WINAPI * pCryptSIPRemoveSignedDataMsg)( IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwIndex);
#pragma pack(8)
typedef struct SIP_DISPATCH_INFO_ { DWORD cbSize; // = sizeof(SIP_DISPATCH_INFO)
HANDLE hSIP; // used internal
pCryptSIPGetSignedDataMsg pfGet; pCryptSIPPutSignedDataMsg pfPut; pCryptSIPCreateIndirectData pfCreate; pCryptSIPVerifyIndirectData pfVerify; pCryptSIPRemoveSignedDataMsg pfRemove; } SIP_DISPATCH_INFO, *LPSIP_DISPATCH_INFO;
// the sip exports this function to allow verification and signing
// processes to pass in the file handle and check if the sip supports
// this type of file. if it does, the sip will return TRUE and fill
// out the pgSubject with the appropiate GUID.
typedef BOOL (WINAPI *pfnIsFileSupported)(IN HANDLE hFile, OUT GUID *pgSubject);
typedef BOOL (WINAPI *pfnIsFileSupportedName)(IN WCHAR *pwszFileName, OUT GUID *pgSubject);
typedef struct SIP_ADD_NEWPROVIDER_ { DWORD cbStruct; GUID *pgSubject; WCHAR *pwszDLLFileName; WCHAR *pwszMagicNumber; // optional
WCHAR *pwszIsFunctionName; // optiona: pfnIsFileSupported
WCHAR *pwszGetFuncName; WCHAR *pwszPutFuncName; WCHAR *pwszCreateFuncName; WCHAR *pwszVerifyFuncName; WCHAR *pwszRemoveFuncName;
WCHAR *pwszIsFunctionNameFmt2; // optiona: pfnIsFileSupported
#pragma pack()
// CryptLoadSIP
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
extern BOOL WINAPI CryptSIPLoad(IN const GUID *pgSubject, // GUID for the requried sip
IN DWORD dwFlags, // Reserved - MUST BE ZERO
IN OUT SIP_DISPATCH_INFO *pSipDispatch); // Table of functions
// CryptSIPRetrieveSubjectGuid (defined in crypt32.dll)
// looks at the file's "Magic Number" and tries to determine which
// SIP's object ID is right for the file type.
// NOTE: This function only supports the MSSIP32.DLL set of SIPs.
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
extern BOOL WINAPI CryptSIPRetrieveSubjectGuid(IN LPCWSTR FileName, // wide file name
IN OPTIONAL HANDLE hFileIn, // or handle of open file
OUT GUID *pgSubject); // defined SIP's GUID
// CryptSIPRetrieveSubjectGuidForCatalogFile (defined in crypt32.dll)
// looks at the file's "Magic Number" and tries to determine which
// SIP's object ID is right for the file type.
// NOTE: This function only supports SIPs that are used for catalog files (either PE, CAB, or flat).
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
extern BOOL WINAPI CryptSIPRetrieveSubjectGuidForCatalogFile(IN LPCWSTR FileName, // wide file name
IN OPTIONAL HANDLE hFileIn, // or handle of open file
OUT GUID *pgSubject); // defined SIP's GUID
// CryptSIPAddProvider
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
extern BOOL WINAPI CryptSIPAddProvider(IN SIP_ADD_NEWPROVIDER *psNewProv);
// CryptSIPRemoveProvider
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
extern BOOL WINAPI CryptSIPRemoveProvider(IN GUID *pgProv);
#ifdef __cplusplus
} #endif
#endif // MSSIP_H