Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

397 lines
18 KiB

  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1999
  5. //
  6. // File: signer.h
  7. //
  8. // Contents: Digital Signing APIs
  9. //
  10. // History: June-25-1997 Xiaohs Created
  11. //----------------------------------------------------------------------------
  12. #ifndef SIGNER_H
  13. #define SIGNER_H
  14. #ifdef __cplusplus
  15. extern "C" {
  16. #endif
  17. //-------------------------------------------------------------------------
  18. //
  19. // Struct to define the file to sign and/or timestamp
  20. //
  21. //-------------------------------------------------------------------------
  22. typedef struct _SIGNER_FILE_INFO
  23. {
  24. DWORD cbSize; //Required: should be set to sizeof(SIGNER_FILE_INFO)
  25. LPCWSTR pwszFileName; //Required: name of the file.
  26. HANDLE hFile; //Optional: open handle to pwszFileName. If hFile is set
  27. // to values other than NULL or INVALID_HANDLE_VALUE,
  28. // this handle is used for access the file instead of pwszFileName
  29. }SIGNER_FILE_INFO, *PSIGNER_FILE_INFO;
  30. //-------------------------------------------------------------------------
  31. //
  32. // Struct to define the BLOB to sign and/or timestamp
  33. //
  34. //-------------------------------------------------------------------------
  35. typedef struct _SIGNER_BLOB_INFO
  36. {
  37. DWORD cbSize; //Required: should be set to sizeof(SIGNER_BLOB_INFO)
  38. GUID *pGuidSubject; //Required: Idenfity the sip functions to load
  39. DWORD cbBlob; //Required: the size of BLOB, in bytes
  40. BYTE *pbBlob; //Required: the pointer to the BLOB
  41. LPCWSTR pwszDisplayName; //Optional: the display name of the BLOB
  42. }SIGNER_BLOB_INFO, *PSIGNER_BLOB_INFO;
  43. //-------------------------------------------------------------------------
  44. //
  45. // Struct to define the subject to sign and/or timestamp
  46. //
  47. //-------------------------------------------------------------------------
  48. typedef struct _SIGNER_SUBJECT_INFO
  49. {
  50. DWORD cbSize; //Required: should be set to sizeof(SIGNER_SUBJECTINFO)
  51. DWORD *pdwIndex; //Required: 0 based index of the signature
  52. // Currently, only 0 is supported
  53. DWORD dwSubjectChoice; //Required: indicate whether to the subject is a file
  54. // or a memory BLOB. Can be either SIGNER_SUBJECT_FILE
  55. // or SIGNER_SUBJECT_BLOB
  56. union
  57. {
  58. SIGNER_FILE_INFO *pSignerFileInfo; //Required if dwSubjectChoice==SIGNER_SUBJECT_FILE
  59. SIGNER_BLOB_INFO *pSignerBlobInfo; //Required if dwSubhectChoice==SIGNER_SUBJECT_BLOB
  60. };
  61. }SIGNER_SUBJECT_INFO, *PSIGNER_SUBJECT_INFO;
  62. #define SIGNER_SUBJECT_FILE 0x01
  63. #define SIGNER_SUBJECT_BLOB 0x02
  64. //-------------------------------------------------------------------------
  65. //
  66. // Struct to define attributes of the signature for authenticode
  67. //
  68. //-------------------------------------------------------------------------
  69. typedef struct _SIGNER_ATTR_AUTHCODE
  70. {
  71. DWORD cbSize; //Required: should be set to sizeof(SIGNER_ATTR_AUTHCODE)
  72. BOOL fCommercial; //Required: whether to sign the document as a commercial publisher
  73. BOOL fIndividual; //Required: whether to sign the document as an individual publisher
  74. // if both fCommercial and fIndividual are FALSE,
  75. // the document will be signed with certificate's highest capabitlity
  76. LPCWSTR pwszName; //Optional: the display name of the file upon download time
  77. LPCWSTR pwszInfo; //Optional: the display information(URL) of the file upon download time
  78. }SIGNER_ATTR_AUTHCODE, *PSIGNER_ATTR_AUTHCODE;
  79. //-------------------------------------------------------------------------
  80. //
  81. // Struct to define the signature information
  82. //
  83. //-------------------------------------------------------------------------
  84. typedef struct _SIGNER_SIGNATURE_INFO
  85. {
  86. DWORD cbSize; //Required: should be set to sizeof(SIGNER_SIGNATURE_INFO)
  87. ALG_ID algidHash; //Required: the hashing algorithm for signature
  88. DWORD dwAttrChoice; //Required: indicate the predefined attributes of the signature
  89. // can be either SIGNER_NO_ATTR or SIGNER_AUTHCODE_ATTR
  90. union
  91. {
  92. SIGNER_ATTR_AUTHCODE *pAttrAuthcode; //Optional: should be set if dwAttrChoide==SIGNER_AUTHCODE_ATTR
  93. // pre-defined attributes added to the signature
  94. // Those attributes are related to authenticode
  95. };
  96. PCRYPT_ATTRIBUTES psAuthenticated; //Optional: user supplied authenticated attributes added to the signature
  97. PCRYPT_ATTRIBUTES psUnauthenticated; //Optional: user supplied unauthenticated attributes added to the signature
  98. }SIGNER_SIGNATURE_INFO, *PSIGNER_SIGNATURE_INFO;
  99. //dwAttrChoice should be one of the following:
  100. #define SIGNER_NO_ATTR 0x00
  101. #define SIGNER_AUTHCODE_ATTR 0x01
  102. //-------------------------------------------------------------------------
  103. //
  104. // Struct to define the cryptographic secutiry provider(CSP) and
  105. // private key information
  106. //
  107. //-------------------------------------------------------------------------
  108. typedef struct _SIGNER_PROVIDER_INFO
  109. {
  110. DWORD cbSize; //Required: should be set of sizeof(SIGNER_PROVIDER_INFO)
  111. LPCWSTR pwszProviderName; //Required: the name of the CSP provider. NULL means default provider
  112. DWORD dwProviderType; //Required: the provider type.
  113. DWORD dwKeySpec; //Required: the specification of the key. This value can be set to 0,
  114. // which means using the same key specification as in the
  115. // private key file or keyContainer. If there are more than
  116. // one key specification in the keyContainer, we will try
  117. // AT_SIGNATURE, if it fails, try AT_KEYEXCHANGE.
  118. DWORD dwPvkChoice; //Required: indicate the private key information
  119. // either PVK_TYPE_FILE_NAME or PVK_TYPE_KEYCONTAINER
  120. union
  121. {
  122. LPWSTR pwszPvkFileName; //Required if dwPvkChoice==PVK_TYPE_FILE_NAME
  123. LPWSTR pwszKeyContainer; //Required if dwPvkChoice==PVK_TYPE_KEYCONTAINER
  124. };
  125. }SIGNER_PROVIDER_INFO, *PSIGNER_PROVIDER_INFO;
  126. //dwPvkChoice in SIGNER_PKV_INFO should be one of the following:
  127. #define PVK_TYPE_FILE_NAME 0x01
  128. #define PVK_TYPE_KEYCONTAINER 0x02
  129. //-------------------------------------------------------------------------
  130. //
  131. // Struct to define the SPC file and certificate chain used to sign the document
  132. //
  133. //-------------------------------------------------------------------------
  134. typedef struct _SIGNER_SPC_CHAIN_INFO
  135. {
  136. DWORD cbSize; //Required: should be set to sizeof(SIGNER_SPC_CHAIN_INFO)
  137. LPCWSTR pwszSpcFile; //Required: the name of the CSP file to use
  138. DWORD dwCertPolicy; //Required: the policy of adding certificates to the signature:
  139. // it can be set with one of the following the following flag:
  140. // SIGNER_CERT_POLICY_CHAIN: add only the certs in the cert chain
  141. // SIGNER_CERT_POLICY_CHAIN_NO_ROOT: add only the certs in the cert chain, excluding the root certificate
  142. //
  143. // The following flag can be Ored with any of the above flags:
  144. // SIGNER_CERT_POLICY_STORE: add all the certs in hCertStore
  145. //
  146. // When we search for the certificate chain, we search
  147. // MY, CA, ROOT, SPC store, and also hCertStore if it is set.
  148. HCERTSTORE hCertStore; //Optional: additional certificate store.
  149. }SIGNER_SPC_CHAIN_INFO, *PSIGNER_SPC_CHAIN_INFO;
  150. //-------------------------------------------------------------------------
  151. //
  152. // Struct to define the certificate store used to sign the document
  153. //
  154. //-------------------------------------------------------------------------
  155. typedef struct _SIGNER_CERT_STORE_INFO
  156. {
  157. DWORD cbSize; //Required: should be set to sizeof(SIGNER_CERT_STORE_INFO)
  158. PCCERT_CONTEXT pSigningCert; //Required: the signing certificate context
  159. DWORD dwCertPolicy; //Required: the policy of adding certificates to the signature:
  160. // it can be set with one of the following the following flag:
  161. // SIGNER_CERT_POLICY_CHAIN: add only the certs in the cert chain
  162. // SIGNER_CERT_POLICY_CHAIN_NO_ROOT: add only the certs in the cert chain, excluding the root certificate
  163. //
  164. // The following flag can be Ored with any of the above flags:
  165. // SIGNER_CERT_POLICY_STORE: add all the certs in hCertStore
  166. //
  167. HCERTSTORE hCertStore; //Optional: additional certificate store.
  168. }SIGNER_CERT_STORE_INFO, *PSIGNER_CERT_STORE_INFO;
  169. //dwCertPolicy in SIGNER_CERT_STORE_INFO should be ORed with the following flags:
  170. #define SIGNER_CERT_POLICY_STORE 0x01
  171. #define SIGNER_CERT_POLICY_CHAIN 0x02
  172. #define SIGNER_CERT_POLICY_SPC 0x04
  173. #define SIGNER_CERT_POLICY_CHAIN_NO_ROOT 0x08
  174. //-------------------------------------------------------------------------
  175. //
  176. // Struct to define the certificate used to sign the docuemnt. The
  177. // certificate can be in a SPC file, or in a cert store.
  178. //
  179. //-------------------------------------------------------------------------
  180. typedef struct _SIGNER_CERT
  181. {
  182. DWORD cbSize; //Required: should be set to sizeof(SIGNER_CERT)
  183. DWORD dwCertChoice; //Required: Can be set to one of the following:
  184. // SIGNER_CERT_SPC_FILE
  185. // SIGNER_CERT_STORE
  186. // SIGNER_CERT_SPC_CHAIN
  187. union
  188. {
  189. LPCWSTR pwszSpcFile; //Required if dwCertChoice==SIGNER_CERT_SPC_FILE.
  190. // the name of the spc file to use
  191. SIGNER_CERT_STORE_INFO *pCertStoreInfo; //Required if dwCertChoice==SIGNER_CERT_STORE
  192. // the certificate store to use
  193. SIGNER_SPC_CHAIN_INFO *pSpcChainInfo; //Required if dwCertChoice==SIGNER_CERT_SPC_CHAIN
  194. // the name of the spc file and the cert chain
  195. };
  196. HWND hwnd; //Optional: The optional window handler for promting user for
  197. // password of the private key information. NULL means
  198. // default window
  199. }SIGNER_CERT, *PSIGNER_CERT;
  200. //dwCertChoice in SIGNER_CERT_INFO should be one of the following
  201. #define SIGNER_CERT_SPC_FILE 0x01
  202. #define SIGNER_CERT_STORE 0x02
  203. #define SIGNER_CERT_SPC_CHAIN 0x03
  204. //-------------------------------------------------------------------------
  205. //
  206. // The signed blob
  207. //
  208. //-------------------------------------------------------------------------
  209. typedef struct _SIGNER_CONTEXT
  210. {
  211. DWORD cbSize;
  212. DWORD cbBlob;
  213. BYTE *pbBlob;
  214. }SIGNER_CONTEXT, *PSIGNER_CONTEXT;
  215. //+-----------------------------------------------------------------------
  216. //
  217. // SignerSign:
  218. // Sign and/or timestamp a file.
  219. //
  220. //------------------------------------------------------------------------
  221. HRESULT WINAPI
  222. SignerSign(
  223. IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be signed and/or timestamped
  224. IN SIGNER_CERT *pSignerCert, //Required: The signing certificate to use
  225. IN SIGNER_SIGNATURE_INFO *pSignatureInfo, //Required: The signature information during signing process
  226. IN SIGNER_PROVIDER_INFO *pProviderInfo, //Optional: The crypto security provider to use.
  227. // This parameter has to be set unless
  228. // certStoreInfo is set in *pSignerCert
  229. // and the signing certificate has provider
  230. // information associated with it
  231. IN LPCWSTR pwszHttpTimeStamp, //Optional: Timestamp server http address. If this parameter
  232. // is set, the file will be timestamped.
  233. IN PCRYPT_ATTRIBUTES psRequest, //Optional: Attributes added to Time stamp request. Ignored
  234. // unless pwszHttpTimeStamp is set
  235. IN LPVOID pSipData //Optional: The additional data passed to sip funcitons
  236. );
  237. //+-----------------------------------------------------------------------
  238. //
  239. // SignerSignEx:
  240. // Sign and/or timestamp a file. This function is the same as SignerSign with
  241. // exception of the out put parameter ppSignerContext
  242. //
  243. //------------------------------------------------------------------------
  244. HRESULT WINAPI
  245. SignerSignEx(
  246. IN DWORD dwFlags, //Reserved: Has to be set to 0.
  247. IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be signed and/or timestamped
  248. IN SIGNER_CERT *pSignerCert, //Required: The signing certificate to use
  249. IN SIGNER_SIGNATURE_INFO *pSignatureInfo, //Required: The signature information during signing process
  250. IN SIGNER_PROVIDER_INFO *pProviderInfo, //Optional: The crypto security provider to use.
  251. // This parameter has to be set unless
  252. // certStoreInfo is set in *pSignerCert
  253. // and the signing certificate has provider
  254. // information associated with it
  255. IN LPCWSTR pwszHttpTimeStamp, //Optional: Timestamp server http address. If this parameter
  256. // is set, the file will be timestamped.
  257. IN PCRYPT_ATTRIBUTES psRequest, //Optional: Attributes added to Time stamp request. Ignored
  258. // unless pwszHttpTimeStamp is set
  259. IN LPVOID pSipData, //Optional: The additional data passed to sip funcitons
  260. OUT SIGNER_CONTEXT **ppSignerContext //Optional: The signed BLOB. User has to free
  261. // the context via SignerFreeSignerContext
  262. );
  263. //+-----------------------------------------------------------------------
  264. //
  265. // SignerFreeSignerContext:
  266. //
  267. //------------------------------------------------------------------------
  268. HRESULT WINAPI
  269. SignerFreeSignerContext(
  270. IN SIGNER_CONTEXT *pSignerContext //Required: The signerContext to free
  271. );
  272. //+-----------------------------------------------------------------------
  273. //
  274. // SignerTimeStamp:
  275. // Timestamp a file.
  276. //
  277. //------------------------------------------------------------------------
  278. HRESULT WINAPI
  279. SignerTimeStamp(
  280. IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be timestamped
  281. IN LPCWSTR pwszHttpTimeStamp, // Required: timestamp server HTTP address
  282. IN PCRYPT_ATTRIBUTES psRequest, // Optional, attributes added to the timestamp
  283. IN LPVOID pSipData // Optional: The additional data passed to sip funcitons
  284. );
  285. //+-----------------------------------------------------------------------
  286. //
  287. // SignerTimeStampEx:
  288. // Timestamp a file. This function is the same as SignerTimeStamp with
  289. // exception of the out put parameter ppSignerContext
  290. //
  291. //------------------------------------------------------------------------
  292. HRESULT WINAPI
  293. SignerTimeStampEx(
  294. IN DWORD dwFlags, //Reserved: Has to be set to 0.
  295. IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be timestamped
  296. IN LPCWSTR pwszHttpTimeStamp, // Required: timestamp server HTTP address
  297. IN PCRYPT_ATTRIBUTES psRequest, // Optional, attributes added to the timestamp
  298. IN LPVOID pSipData, // Optional: The additional data passed to sip funcitons
  299. OUT SIGNER_CONTEXT **ppSignerContext // Optional: The signed BLOB. User has to free
  300. // the context via SignerFreeSignerContext
  301. );
  302. //+-----------------------------------------------------------------------
  303. //
  304. // SignerCreateTimeStampRequest:
  305. // Create a timestamp request for a file.
  306. //
  307. // If pbTimestampRequest==NULL, *pcbTimeStampRequest is the size of
  308. // the timestampRequest, in bytes.
  309. //
  310. //------------------------------------------------------------------------
  311. HRESULT WINAPI
  312. SignerCreateTimeStampRequest(
  313. IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject based on which to create a timestamp request
  314. IN PCRYPT_ATTRIBUTES psRequest, // Optional: attributes added to Time stamp request
  315. IN LPVOID pSipData, // Optional: The additional data passed to sip funcitons
  316. OUT PBYTE pbTimeStampRequest, // Required: buffer to receive the timestamp request BLOB
  317. IN OUT DWORD* pcbTimeStampRequest // Required: the number of bytes of the timestamp request BLOB
  318. );
  319. //+-----------------------------------------------------------------------
  320. //
  321. // SignerAddTimeStampResponse:
  322. // Add the timestamp response from the timestamp server to a signed file.
  323. //
  324. //------------------------------------------------------------------------
  325. HRESULT WINAPI
  326. SignerAddTimeStampResponse(
  327. IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to which the timestamp request should be added
  328. IN PBYTE pbTimeStampResponse, //Required: the timestamp response BLOB
  329. IN DWORD cbTimeStampResponse, //Required: the size of the tiemstamp response BLOB
  330. IN LPVOID pSipData //Optional: The additional data passed to sip funcitons
  331. );
  332. //+-----------------------------------------------------------------------
  333. //
  334. // SignerAddTimeStampResponseEx:
  335. // Add the timestamp response from the timestamp server to a signed file.
  336. // This function is the same as SignerTimeStamp with
  337. // exception of the out put parameter ppSignerContext
  338. //------------------------------------------------------------------------
  339. HRESULT WINAPI
  340. SignerAddTimeStampResponseEx(
  341. IN DWORD dwFlags, //Reserved: Has to be set to 0.
  342. IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to which the timestamp request should be added
  343. IN PBYTE pbTimeStampResponse, //Required: the timestamp response BLOB
  344. IN DWORD cbTimeStampResponse, //Required: the size of the tiemstamp response BLOB
  345. IN LPVOID pSipData, //Optional: The additional data passed to sip funcitons
  346. OUT SIGNER_CONTEXT **ppSignerContext // Optional: The signed BLOB. User has to free
  347. // the context via SignerFreeSignerContext
  348. );
  349. #ifdef __cplusplus
  350. }
  351. #endif
  352. #endif // SIGNER_H