Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

473 lines
16 KiB

  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1999
  5. //
  6. // File: signhlp.h
  7. //
  8. // Contents: Digital Signing Helper APIs
  9. //
  10. // History: June-25-1997 Xiaohs Created
  11. //----------------------------------------------------------------------------
  12. #ifndef _SIGNHLP_H
  13. #define _SIGNHLP_H
  14. #ifdef __cplusplus
  15. extern "C" {
  16. #endif
  17. //--------------------------------------------------------------------------
  18. //
  19. // Copy all the certs from store name to hDescStore
  20. //
  21. //--------------------------------------------------------------------------
  22. HRESULT MoveStoreName(HCRYPTPROV hCryptProv,
  23. DWORD dwCertEncodingType,
  24. HCERTSTORE hDescStore,
  25. DWORD dwStoreName,
  26. DWORD dwStoreFlag);
  27. //--------------------------------------------------------------------------
  28. //
  29. // Copy all the certs from hSrcStore to hDescStore
  30. //
  31. //--------------------------------------------------------------------------
  32. HRESULT MoveStore(HCERTSTORE hDescStore,
  33. HCERTSTORE hSrcStore);
  34. //--------------------------------------------------------------------------
  35. //
  36. // Build up the certificate chain. Put the whole chain to the store
  37. //
  38. //
  39. //--------------------------------------------------------------------------
  40. HRESULT BuildCertChain(HCRYPTPROV hCryptProv,
  41. DWORD dwCertEncodingType,
  42. HCERTSTORE hStore,
  43. HCERTSTORE hOptionalStore,
  44. PCCERT_CONTEXT pSigningCert,
  45. DWORD dwCertPolicy);
  46. //+-------------------------------------------------------------------------
  47. // Build the spc certificate store from the cert chain
  48. //--------------------------------------------------------------------------
  49. HRESULT BuildStoreFromStore(HCRYPTPROV hPvkProv,
  50. DWORD dwKeySpec,
  51. HCRYPTPROV hCryptProv,
  52. DWORD dwCertEncodingType,
  53. SIGNER_CERT_STORE_INFO *pCertStoreInfo,
  54. HCERTSTORE *phSpcStore,
  55. PCCERT_CONTEXT *ppSignCert);
  56. //+-------------------------------------------------------------------------
  57. // Build the spc certificate store from a spc file
  58. //--------------------------------------------------------------------------
  59. HRESULT BuildStoreFromSpcFile(HCRYPTPROV hPvkProv,
  60. DWORD dwKeySpec,
  61. HCRYPTPROV hCryptProv,
  62. DWORD dwCertEncodingType,
  63. LPCWSTR pwszSpcFile,
  64. HCERTSTORE *phSpcStore,
  65. PCCERT_CONTEXT *ppSignCert);
  66. //+-------------------------------------------------------------------------
  67. // Build the spc certificate store from either a spc file or the
  68. // cert chain
  69. //--------------------------------------------------------------------------
  70. HRESULT BuildCertStore(HCRYPTPROV hPvkProv,
  71. DWORD dwKeySpec,
  72. HCRYPTPROV hCryptProv,
  73. DWORD dwCertEncodingType,
  74. SIGNER_CERT *pSignerCert,
  75. HCERTSTORE *phSpcStore,
  76. PCCERT_CONTEXT *ppSigningCert);
  77. //-----------------------------------------------------------------------------
  78. //
  79. // Parse the private key information from a pCertContext's property
  80. // CERT_PVK_FILE_PROP_ID
  81. //
  82. //----------------------------------------------------------------------------
  83. BOOL GetProviderInfoFromCert(PCCERT_CONTEXT pCertContext,
  84. CRYPT_KEY_PROV_INFO *pKeyProvInfo);
  85. //+-------------------------------------------------------------------------
  86. // Get hCryptProv handle and key spec for the certificate
  87. //--------------------------------------------------------------------------
  88. BOOL WINAPI GetCryptProvFromCert(
  89. HWND hwnd,
  90. PCCERT_CONTEXT pCert,
  91. HCRYPTPROV *phCryptProv,
  92. DWORD *pdwKeySpec,
  93. BOOL *pfDidCryptAcquire,
  94. LPWSTR *ppwszTmpContainer,
  95. LPWSTR *ppwszProviderName,
  96. DWORD *pdwProviderType
  97. );
  98. //This is a subst of GetCryptProvFromCert. This function does not consider
  99. //the private key file property of the certificate
  100. BOOL WINAPI CryptProvFromCert(
  101. HWND hwnd,
  102. PCCERT_CONTEXT pCert,
  103. HCRYPTPROV *phCryptProv,
  104. DWORD *pdwKeySpec,
  105. BOOL *pfDidCryptAcquire
  106. );
  107. //+-------------------------------------------------------------------------
  108. // Free hCryptProv handle and key spec for the certificate
  109. //--------------------------------------------------------------------------
  110. void WINAPI FreeCryptProvFromCert(BOOL fAcquired,
  111. HCRYPTPROV hProv,
  112. LPWSTR pwszCapiProvider,
  113. DWORD dwProviderType,
  114. LPWSTR pwszTmpContainer);
  115. //+-----------------------------------------------------------------------
  116. // Check the input parameters of Signcode. Make sure they are valid.
  117. //
  118. //+-----------------------------------------------------------------------
  119. BOOL CheckSigncodeParam(
  120. SIGNER_SUBJECT_INFO *pSubjectInfo,
  121. SIGNER_CERT *pSignerCert,
  122. SIGNER_SIGNATURE_INFO *pSignatureInfo,
  123. SIGNER_PROVIDER_INFO *pProviderInfo);
  124. //+-----------------------------------------------------------------------
  125. // Check the SIGNER_SUBJECT_INFO
  126. //
  127. //+-----------------------------------------------------------------------
  128. BOOL CheckSigncodeSubjectInfo(
  129. PSIGNER_SUBJECT_INFO pSubjectInfo);
  130. //+-----------------------------------------------------------------------
  131. //
  132. //
  133. // Parameters:
  134. // Return Values:
  135. // Error Codes:
  136. //
  137. //------------------------------------------------------------------------
  138. HRESULT WINAPI
  139. AddTimeStampSubj(IN DWORD dwEncodingType,
  140. IN HCRYPTPROV hCryptProv,
  141. IN LPSIP_SUBJECTINFO pSipInfo,
  142. IN DWORD *pdwIndex,
  143. IN PBYTE pbTimeStampResponse,
  144. IN DWORD cbTimeStampResponse,
  145. IN PBYTE pbEncodedSignerInfo,
  146. IN DWORD cbEncodedSignerInfo,
  147. OUT PBYTE* ppbMessage,
  148. OUT DWORD* pcbMessage);
  149. //+-----------------------------------------------------------------------
  150. //
  151. //
  152. // Parameters:
  153. // Return Values:
  154. // Error Codes:
  155. //
  156. //------------------------------------------------------------------------
  157. HRESULT WINAPI
  158. GetSignedMessageDigest(IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject based on which to create a timestamp request
  159. IN LPVOID pSipData,
  160. IN OUT PBYTE* ppbDigest,
  161. IN OUT DWORD* pcbDigest);
  162. //+-----------------------------------------------------------------------
  163. //
  164. //
  165. // Parameters:
  166. // Return Values:
  167. // Error Codes:
  168. //
  169. //------------------------------------------------------------------------
  170. HRESULT WINAPI
  171. GetSignedMessageDigestSubj(IN DWORD dwEncodingType,
  172. IN HCRYPTPROV hCryptProv,
  173. IN struct SIP_SUBJECTINFO_ *pSipInfo, // SIP information
  174. IN DWORD* pdwIndex,
  175. IN OUT PBYTE* ppbTimeDigest,
  176. IN OUT DWORD* pcbTimeDigest);
  177. //+-----------------------------------------------------------------------
  178. //
  179. //
  180. // Parameters:
  181. // Return Values:
  182. // Error Codes:
  183. //
  184. //------------------------------------------------------------------------
  185. HRESULT WINAPI
  186. TimeStampRequest(IN DWORD dwEncodingType,
  187. IN PCRYPT_ATTRIBUTES psRequest,
  188. IN PBYTE pbDigest,
  189. IN DWORD cbDigest,
  190. OUT PBYTE pbTimeRequest,
  191. IN OUT DWORD* pcbTimeRequest);
  192. //+-----------------------------------------------------------------------
  193. // FileToSubjectType
  194. //
  195. // Parameters:
  196. // Return Values:
  197. // Error Codes:
  198. // E_INVALIDARG
  199. // Invalid arguement passed in (Requires a file name
  200. // and pointer to a guid ptr)
  201. // TRUST_E_SUBJECT_FORM_UNKNOWN
  202. // Unknow file type
  203. // See also:
  204. // GetFileInformationByHandle()
  205. // CreateFile()
  206. //
  207. //------------------------------------------------------------------------
  208. HRESULT SignOpenFile(LPCWSTR pwszFilename,
  209. HANDLE* pFileHandle);
  210. //+-----------------------------------------------------------------------
  211. // SignGetFileType
  212. //
  213. // Parameters:
  214. // Return Values:
  215. // Error Codes:
  216. // E_INVALIDARG
  217. // Invalid arguement passed in (Requires a file name
  218. // and pointer to a guid ptr)
  219. // See also:
  220. // GetFileInformationByHandle()
  221. // CreateFile()
  222. //
  223. //------------------------------------------------------------------------
  224. HRESULT SignGetFileType(HANDLE hFile,
  225. const WCHAR *pwszFile,
  226. GUID* pGuid);
  227. //+-----------------------------------------------------------------------
  228. // SpcGetFileType
  229. //
  230. // Parameters:
  231. // Return Values:
  232. // Error Codes:
  233. // E_INVALIDARG
  234. // Invalid arguement passed in (Requires a file name
  235. // and pointer to a guid ptr)
  236. // See also:
  237. // GetFileInformationByHandle()
  238. // CreateFile()
  239. //
  240. //------------------------------------------------------------------------
  241. HRESULT SpcGetFileType(HANDLE hFile,
  242. GUID* pGuid);
  243. //+-----------------------------------------------------------------------
  244. // SpcOpenFile
  245. //
  246. // Parameters:
  247. // Return Values:
  248. // Error Codes:
  249. // E_INVALIDARG
  250. // Invalid arguement passed in (Requires a file name
  251. // and pointer to a handle);
  252. // See also:
  253. // GetFileInformationByHandle()
  254. // CreateFile()
  255. //
  256. //------------------------------------------------------------------------
  257. HRESULT SpcOpenFile(LPCWSTR pwszFileName,
  258. HANDLE* pFileHandle);
  259. //+-------------------------------------------------------------------------
  260. // Find the the cert from the hprov
  261. // Parameter Returns:
  262. // pReturnCert - context of the cert found (must pass in cert context);
  263. // Returns:
  264. // S_OK - everything worked
  265. // E_OUTOFMEMORY - memory failure
  266. // E_INVALIDARG - no pReturnCert supplied
  267. // CRYPT_E_NO_MATCH - could not locate certificate in store
  268. //
  269. HRESULT
  270. SpcGetCertFromKey(IN DWORD dwCertEncodingType,
  271. IN HCERTSTORE hStore,
  272. IN HCRYPTPROV hProv,
  273. IN DWORD hKeySpec,
  274. OUT PCCERT_CONTEXT* pReturnCert);
  275. //+-------------------------------------------------------------------------
  276. //If all of the following three conditions are true, we should not put
  277. // commercial or individual authenticated attributes into signer info
  278. //
  279. //1. the enhanced key usage extension of the signer's certificate has no code signing usage (szOID_PKIX_KP_CODE_SIGNING)
  280. //2. basic constraints extension of the signer's cert is missing, or it is neither commercial nor individual
  281. //3. user did not specify -individual or -commercial in signcode.exe.
  282. //--------------------------------------------------------------------------
  283. BOOL NeedStatementTypeAttr(IN PCCERT_CONTEXT psSigningContext,
  284. IN BOOL fCommercial,
  285. IN BOOL fIndividual);
  286. //+-------------------------------------------------------------------------
  287. // Returns TRUE if the Signer Cert has a Key Usage Restriction extension and
  288. // only the commercial key purpose policy object identifier.
  289. //
  290. // Returns FALSE if it contains both a commercial and individual purpose
  291. // policy object identifier.
  292. //--------------------------------------------------------------------------
  293. HRESULT CheckCommercial(IN PCCERT_CONTEXT pSignerCert,
  294. IN BOOL fCommercial,
  295. IN BOOL fIndividual,
  296. OUT BOOL *pfCommercial);
  297. //+-------------------------------------------------------------------------
  298. // Encode the StatementType authenticated attribute value
  299. //--------------------------------------------------------------------------
  300. HRESULT CreateStatementType(IN BOOL fCommercial,
  301. OUT BYTE **ppbEncoded,
  302. IN OUT DWORD *pcbEncoded);
  303. //+-------------------------------------------------------------------------
  304. // Encode the SpOpusInfo authenticated attribute value
  305. //--------------------------------------------------------------------------
  306. HRESULT CreateOpusInfo(IN LPCWSTR pwszOpusName,
  307. IN LPCWSTR pwszOpusInfo,
  308. OUT BYTE **ppbEncoded,
  309. IN OUT DWORD *pcbEncoded);
  310. //+-----------------------------------------------------------------------
  311. //
  312. //
  313. // Parameters:
  314. // Return Values:
  315. // Error Codes:
  316. //
  317. //------------------------------------------------------------------------
  318. HRESULT SpcLoadSipFlags(GUID* pSubjectGuid,
  319. DWORD *dwFlags);
  320. //+-----------------------------------------------------------------------
  321. //
  322. //
  323. // Parameters:
  324. // Return Values:
  325. // Error Codes:
  326. //
  327. //------------------------------------------------------------------------
  328. HINSTANCE GetInstanceHandle();
  329. //+-----------------------------------------------------------------------
  330. //
  331. //
  332. // Parameters:
  333. // Return Values:
  334. // Error Codes:
  335. //
  336. //------------------------------------------------------------------------
  337. void WINAPI PvkFreeCryptProv(IN HCRYPTPROV hProv,
  338. IN LPCWSTR pwszCapiProvider,
  339. IN DWORD dwProviderType,
  340. IN LPWSTR pwszTmpContainer);
  341. //+-----------------------------------------------------------------------
  342. //
  343. //
  344. // Parameters:
  345. // Return Values:
  346. // Error Codes:
  347. //
  348. //------------------------------------------------------------------------
  349. HRESULT WINAPI PvkGetCryptProv( IN HWND hwnd,
  350. IN LPCWSTR pwszCaption,
  351. IN LPCWSTR pwszCapiProvider,
  352. IN DWORD dwProviderType,
  353. IN LPCWSTR pwszPvkFile,
  354. IN LPCWSTR pwszKeyContainerName,
  355. IN DWORD *pdwKeySpec,
  356. OUT LPWSTR *ppwszTmpContainer,
  357. OUT HCRYPTPROV *phCryptProv);
  358. //+-----------------------------------------------------------------------
  359. // Check to see if the certificate is a glue cert
  360. //------------------------------------------------------------------------
  361. HRESULT SignIsGlueCert(IN PCCERT_CONTEXT pCert);
  362. //+-----------------------------------------------------------------------
  363. // Return hr based on GetLastError().
  364. //------------------------------------------------------------------------
  365. HRESULT WINAPI SignError();
  366. //+-----------------------------------------------------------------------
  367. // Check if there is TAG in front of a PKCS7 signed message
  368. //------------------------------------------------------------------------
  369. BOOL WINAPI SignNoContentWrap(IN const BYTE *pbDER,
  370. IN DWORD cbDER);
  371. //-------------------------------------------------------------------------
  372. //
  373. // WSZtoSZ:
  374. // Convert a wchar string to a multi-byte string.
  375. //
  376. //-------------------------------------------------------------------------
  377. HRESULT WSZtoSZ(LPWSTR wsz, LPSTR *psz);
  378. //-------------------------------------------------------------------------
  379. //
  380. // BytesToBase64:
  381. // convert bytes to base64 bstr
  382. //
  383. //-------------------------------------------------------------------------
  384. HRESULT BytesToBase64(BYTE *pb, DWORD cb, CHAR **pszEncode, DWORD *pdwEncode);
  385. //-------------------------------------------------------------------------
  386. //
  387. // BytesToBase64:
  388. // conver base64 bstr to bytes
  389. //
  390. //-------------------------------------------------------------------------
  391. HRESULT Base64ToBytes(CHAR *pEncode, DWORD cbEncode, BYTE **ppb, DWORD *pcb);
  392. #ifdef __cplusplus
  393. }
  394. #endif
  395. #endif