mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
459 lines
19 KiB
459 lines
19 KiB
//+-------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows - Internet Security
|
|
//
|
|
// Copyright (C) Microsoft Corporation, 1996 - 1997
|
|
//
|
|
// File: mssip.h
|
|
//
|
|
// Contents: Microsoft SIP Provider Main Include File
|
|
//
|
|
// History: 19-Feb-1997 pberkman Created
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
#ifndef MSSIP_H
|
|
#define MSSIP_H
|
|
|
|
#ifdef __cplusplus
|
|
extern "C"
|
|
{
|
|
#endif
|
|
|
|
|
|
#pragma pack (8)
|
|
|
|
typedef CRYPT_HASH_BLOB CRYPT_DIGEST_DATA;
|
|
|
|
|
|
//
|
|
// dwflags
|
|
//
|
|
#define MSSIP_FLAGS_PROHIBIT_RESIZE_ON_CREATE 0x00010000
|
|
#define MSSIP_FLAGS_USE_CATALOG 0x00020000
|
|
|
|
#define SPC_INC_PE_RESOURCES_FLAG 0x80
|
|
#define SPC_INC_PE_DEBUG_INFO_FLAG 0x40
|
|
#define SPC_INC_PE_IMPORT_ADDR_TABLE_FLAG 0x20
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// SIP_SUBJECTINFO
|
|
//----------------------------------------------------------------------------
|
|
// pass this structure to all defined SIPs. Make sure to initialize
|
|
// the ENTIRE structure to binary zero before the FIRST call is made. Do
|
|
// not initialize it BETWEEN calls!
|
|
//
|
|
typedef struct SIP_SUBJECTINFO_
|
|
{
|
|
DWORD cbSize; // set to sizeof(SIP_SUBJECTINFO)
|
|
GUID *pgSubjectType; // subject type
|
|
HANDLE hFile; // set to File handle that represents the subject
|
|
// set to INVALID_HANDLE VALUE to allow
|
|
// SIP to use pwsFileName for persistent
|
|
// storage types (will handle open/close)
|
|
LPCWSTR pwsFileName; // set to file name
|
|
LPCWSTR pwsDisplayName; // optional: set to display name of
|
|
// subject.
|
|
|
|
DWORD dwReserved1; // do not use!
|
|
|
|
DWORD dwIntVersion; // DO NOT SET OR CLEAR THIS.
|
|
// This member is used by the sip for
|
|
// passing the internal version number
|
|
// between the ..get and verify... functions.
|
|
HCRYPTPROV hProv;
|
|
CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm;
|
|
DWORD dwFlags;
|
|
DWORD dwEncodingType;
|
|
|
|
DWORD dwReserved2; // do not use!
|
|
|
|
DWORD fdwCAPISettings; // setreg settings
|
|
DWORD fdwSecuritySettings; // IE security settings
|
|
DWORD dwIndex; // message index of last "Get"
|
|
|
|
DWORD dwUnionChoice;
|
|
# define MSSIP_ADDINFO_NONE 0
|
|
# define MSSIP_ADDINFO_FLAT 1
|
|
# define MSSIP_ADDINFO_CATMEMBER 2
|
|
# define MSSIP_ADDINFO_BLOB 3
|
|
# define MSSIP_ADDINFO_NONMSSIP 500 // everything < is reserved by MS.
|
|
|
|
union
|
|
{
|
|
struct MS_ADDINFO_FLAT_ *psFlat;
|
|
struct MS_ADDINFO_CATALOGMEMBER_ *psCatMember;
|
|
struct MS_ADDINFO_BLOB_ *psBlob;
|
|
};
|
|
|
|
LPVOID pClientData; // data pased in from client to SIP
|
|
|
|
} SIP_SUBJECTINFO, *LPSIP_SUBJECTINFO;
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// MS_ADDINFO_FLAT
|
|
//----------------------------------------------------------------------------
|
|
// Flat or End-To-End types
|
|
// needed for flat type files during indirect calls
|
|
// "Digest" of file.
|
|
//
|
|
typedef struct MS_ADDINFO_FLAT_
|
|
{
|
|
DWORD cbStruct;
|
|
struct SIP_INDIRECT_DATA_ *pIndirectData;
|
|
} MS_ADDINFO_FLAT, *PMS_ADDINFO_FLAT;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// MS_ADDINFO_CATALOGMEMBER
|
|
//----------------------------------------------------------------------------
|
|
// Catalog Member verification.
|
|
//
|
|
typedef struct MS_ADDINFO_CATALOGMEMBER_
|
|
{
|
|
DWORD cbStruct; // = sizeof(MS_ADDINFO_CATALOGMEMBER)
|
|
struct CRYPTCATSTORE_ *pStore; // defined in mscat.h
|
|
struct CRYPTCATMEMBER_ *pMember; // defined in mscat.h
|
|
} MS_ADDINFO_CATALOGMEMBER, *PMS_ADDINFO_CATALOGMEMBER;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// MS_ADDINFO_BLOB
|
|
//----------------------------------------------------------------------------
|
|
// Memory "blob" verification.
|
|
//
|
|
typedef struct MS_ADDINFO_BLOB_
|
|
{
|
|
DWORD cbStruct;
|
|
DWORD cbMemObject;
|
|
BYTE *pbMemObject;
|
|
|
|
DWORD cbMemSignedMsg;
|
|
BYTE *pbMemSignedMsg;
|
|
|
|
} MS_ADDINFO_BLOB, *PMS_ADDINFO_BLOB;
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// SIP_INDIRECT_DATA
|
|
//----------------------------------------------------------------------------
|
|
// Indirect data structure is used to store the hash of the subject
|
|
// along with data that is relevant to the subject. This can include
|
|
// names etc.
|
|
//
|
|
typedef struct SIP_INDIRECT_DATA_
|
|
{
|
|
CRYPT_ATTRIBUTE_TYPE_VALUE Data; // Encoded attribute
|
|
CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm; // Digest algorithm used to hash
|
|
CRYPT_HASH_BLOB Digest; // Hash of subject
|
|
} SIP_INDIRECT_DATA, *PSIP_INDIRECT_DATA;
|
|
|
|
#pragma pack()
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CryptSIPGetSignedDataMsg
|
|
//----------------------------------------------------------------------------
|
|
// Returns the message specified by the index count. Data, specific to
|
|
// the subject is passed in through pSubjectInfo. To retrieve the
|
|
// size of the signature, set pbData to NULL.
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
// Last Errors:
|
|
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
|
|
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
|
|
// ERROR_INVALID_PARAMETER: bad argument passed in
|
|
// ERROR_BAD_FORMAT: file/data format is not correct
|
|
// for the requested SIP.
|
|
// CRYPT_E_NO_MATCH: the signature could not be found
|
|
// based on the dwIndex provided.
|
|
// ERROR_INSUFFICIENT_BUFFER: the pbSignedDataMsg was not big
|
|
// enough to hold the data. pcbSignedDataMsg
|
|
// contains the required size.
|
|
//
|
|
extern BOOL WINAPI CryptSIPGetSignedDataMsg(
|
|
IN SIP_SUBJECTINFO *pSubjectInfo,
|
|
OUT DWORD *pdwEncodingType,
|
|
IN DWORD dwIndex,
|
|
IN OUT DWORD *pcbSignedDataMsg,
|
|
OUT BYTE *pbSignedDataMsg);
|
|
|
|
typedef BOOL (WINAPI * pCryptSIPGetSignedDataMsg)(
|
|
IN SIP_SUBJECTINFO *pSubjectInfo,
|
|
OUT DWORD *pdwEncodingType,
|
|
IN DWORD dwIndex,
|
|
IN OUT DWORD *pcbSignedDataMsg,
|
|
OUT BYTE *pbSignedDataMsg);
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CryptSIPPuttSignedDataMsg
|
|
//----------------------------------------------------------------------------
|
|
// Adds a signature to the subject. The index that it was
|
|
// stored with is returned for future reference.
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
// Last Errors:
|
|
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
|
|
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
|
|
// CRYPT_E_BAD_LEN: the length specified in
|
|
// psData->dwSignature was
|
|
// insufficient.
|
|
// CRYPT_E_NO_MATCH: could not find the specified index
|
|
// ERROR_INVALID_PARAMETER: bad argument passed in
|
|
// ERROR_BAD_FORMAT: file/data format is not correct
|
|
// for the requested SIP.
|
|
// CRYPT_E_FILERESIZED: returned when signing a fixed-length
|
|
// file (e.g.: CABs) and the message
|
|
// is larger than the pre-allocated
|
|
// size. The 'put' function will re-
|
|
// size the file and return this error.
|
|
// The CreateIndirect function MUST be
|
|
// called again to recalculate the
|
|
// indirect data (hash). Then, call the
|
|
// 'put' function again.
|
|
//
|
|
extern BOOL WINAPI CryptSIPPutSignedDataMsg(
|
|
IN SIP_SUBJECTINFO *pSubjectInfo,
|
|
IN DWORD dwEncodingType,
|
|
OUT DWORD *pdwIndex,
|
|
IN DWORD cbSignedDataMsg,
|
|
IN BYTE *pbSignedDataMsg);
|
|
|
|
typedef BOOL (WINAPI * pCryptSIPPutSignedDataMsg)(
|
|
IN SIP_SUBJECTINFO *pSubjectInfo,
|
|
IN DWORD dwEncodingType,
|
|
OUT DWORD *pdwIndex,
|
|
IN DWORD cbSignedDataMsg,
|
|
IN BYTE *pbSignedDataMsg);
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CryptSIPCreateIndirectData
|
|
//----------------------------------------------------------------------------
|
|
// Returns a PSIP_INDIRECT_DATA structure filled in the hash, digest alogrithm
|
|
// and an encoded attribute. If pcIndirectData points to a DWORD and
|
|
// psIndirect data points to null the the size of the data should be returned
|
|
// in pcIndirectData.
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
// Last Errors:
|
|
// NTE_BAD_ALGID: Bad Algorithm Identifyer
|
|
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
|
|
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
|
|
// ERROR_INVALID_PARAMETER: bad argument passed in
|
|
// ERROR_BAD_FORMAT: file/data format is not correct
|
|
// for the requested SIP.
|
|
//
|
|
extern BOOL WINAPI CryptSIPCreateIndirectData(
|
|
IN SIP_SUBJECTINFO *pSubjectInfo,
|
|
IN OUT DWORD *pcbIndirectData,
|
|
OUT SIP_INDIRECT_DATA *pIndirectData);
|
|
|
|
typedef BOOL (WINAPI * pCryptSIPCreateIndirectData)(
|
|
IN SIP_SUBJECTINFO *pSubjectInfo,
|
|
IN OUT DWORD *pcbIndirectData,
|
|
OUT SIP_INDIRECT_DATA *pIndirectData);
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CryptSIPVerifyIndirectData
|
|
//----------------------------------------------------------------------------
|
|
// Takes the information stored in the indirect data and compares it to the
|
|
// subject.
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
// Last Errors:
|
|
// NTE_BAD_ALGID: Bad Algorithm Identifyer
|
|
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
|
|
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
|
|
// CRYPT_E_NO_MATCH: could not find the specified index
|
|
// CRYPT_E_SECURITY_SETTINGS: due to security settings, the file
|
|
// was not verified.
|
|
// ERROR_INVALID_PARAMETER: bad argument passed in
|
|
// ERROR_BAD_FORMAT: file/data format is not correct
|
|
// for the requested SIP.
|
|
extern BOOL WINAPI CryptSIPVerifyIndirectData(
|
|
IN SIP_SUBJECTINFO *pSubjectInfo,
|
|
IN SIP_INDIRECT_DATA *pIndirectData);
|
|
|
|
typedef BOOL (WINAPI * pCryptSIPVerifyIndirectData)(
|
|
IN SIP_SUBJECTINFO *pSubjectInfo,
|
|
IN SIP_INDIRECT_DATA *pIndirectData);
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CryptSIPRemoveSignedDataMsg
|
|
//----------------------------------------------------------------------------
|
|
// Removes the signature at the specified index
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
// Last Errors:
|
|
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
|
|
// CRYPT_E_NO_MATCH: could not find the specified index
|
|
// ERROR_INVALID_PARAMETER: bad argument passed in
|
|
// ERROR_BAD_FORMAT: file/data format is not correct
|
|
// for the requested SIP.
|
|
//
|
|
extern BOOL WINAPI CryptSIPRemoveSignedDataMsg(
|
|
IN SIP_SUBJECTINFO *pSubjectInfo,
|
|
IN DWORD dwIndex);
|
|
|
|
typedef BOOL (WINAPI * pCryptSIPRemoveSignedDataMsg)(
|
|
IN SIP_SUBJECTINFO *pSubjectInfo,
|
|
IN DWORD dwIndex);
|
|
|
|
|
|
#pragma pack(8)
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// SIP_DISPATCH_INFO
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
typedef struct SIP_DISPATCH_INFO_
|
|
{
|
|
DWORD cbSize; // = sizeof(SIP_DISPATCH_INFO)
|
|
HANDLE hSIP; // used internal
|
|
pCryptSIPGetSignedDataMsg pfGet;
|
|
pCryptSIPPutSignedDataMsg pfPut;
|
|
pCryptSIPCreateIndirectData pfCreate;
|
|
pCryptSIPVerifyIndirectData pfVerify;
|
|
pCryptSIPRemoveSignedDataMsg pfRemove;
|
|
} SIP_DISPATCH_INFO, *LPSIP_DISPATCH_INFO;
|
|
|
|
//
|
|
// the sip exports this function to allow verification and signing
|
|
// processes to pass in the file handle and check if the sip supports
|
|
// this type of file. if it does, the sip will return TRUE and fill
|
|
// out the pgSubject with the appropiate GUID.
|
|
//
|
|
typedef BOOL (WINAPI *pfnIsFileSupported)(IN HANDLE hFile,
|
|
OUT GUID *pgSubject);
|
|
|
|
typedef BOOL (WINAPI *pfnIsFileSupportedName)(IN WCHAR *pwszFileName,
|
|
OUT GUID *pgSubject);
|
|
|
|
|
|
typedef struct SIP_ADD_NEWPROVIDER_
|
|
{
|
|
DWORD cbStruct;
|
|
GUID *pgSubject;
|
|
WCHAR *pwszDLLFileName;
|
|
WCHAR *pwszMagicNumber; // optional
|
|
|
|
WCHAR *pwszIsFunctionName; // optiona: pfnIsFileSupported
|
|
|
|
WCHAR *pwszGetFuncName;
|
|
WCHAR *pwszPutFuncName;
|
|
WCHAR *pwszCreateFuncName;
|
|
WCHAR *pwszVerifyFuncName;
|
|
WCHAR *pwszRemoveFuncName;
|
|
|
|
WCHAR *pwszIsFunctionNameFmt2; // optiona: pfnIsFileSupported
|
|
|
|
} SIP_ADD_NEWPROVIDER, *PSIP_ADD_NEWPROVIDER;
|
|
|
|
#define SIP_MAX_MAGIC_NUMBER 4
|
|
|
|
#pragma pack()
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CryptLoadSIP
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
extern BOOL WINAPI CryptSIPLoad(IN const GUID *pgSubject, // GUID for the requried sip
|
|
IN DWORD dwFlags, // Reserved - MUST BE ZERO
|
|
IN OUT SIP_DISPATCH_INFO *pSipDispatch); // Table of functions
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CryptSIPRetrieveSubjectGuid (defined in crypt32.dll)
|
|
//----------------------------------------------------------------------------
|
|
// looks at the file's "Magic Number" and tries to determine which
|
|
// SIP's object ID is right for the file type.
|
|
//
|
|
// NOTE: This function only supports the MSSIP32.DLL set of SIPs.
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
extern BOOL WINAPI CryptSIPRetrieveSubjectGuid(IN LPCWSTR FileName, // wide file name
|
|
IN OPTIONAL HANDLE hFileIn, // or handle of open file
|
|
OUT GUID *pgSubject); // defined SIP's GUID
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CryptSIPRetrieveSubjectGuidForCatalogFile (defined in crypt32.dll)
|
|
//----------------------------------------------------------------------------
|
|
// looks at the file's "Magic Number" and tries to determine which
|
|
// SIP's object ID is right for the file type.
|
|
//
|
|
// NOTE: This function only supports SIPs that are used for catalog files (either PE, CAB, or flat).
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
extern BOOL WINAPI CryptSIPRetrieveSubjectGuidForCatalogFile(IN LPCWSTR FileName, // wide file name
|
|
IN OPTIONAL HANDLE hFileIn, // or handle of open file
|
|
OUT GUID *pgSubject); // defined SIP's GUID
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CryptSIPAddProvider
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
extern BOOL WINAPI CryptSIPAddProvider(IN SIP_ADD_NEWPROVIDER *psNewProv);
|
|
|
|
//////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CryptSIPRemoveProvider
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
// Returns:
|
|
// TRUE: No fatal errors
|
|
// FALSE: Errors occured. See GetLastError()
|
|
//
|
|
extern BOOL WINAPI CryptSIPRemoveProvider(IN GUID *pgProv);
|
|
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
|
|
#endif // MSSIP_H
|