mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
397 lines
18 KiB
397 lines
18 KiB
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1992 - 1999
|
|
//
|
|
// File: signer.h
|
|
//
|
|
// Contents: Digital Signing APIs
|
|
//
|
|
// History: June-25-1997 Xiaohs Created
|
|
//----------------------------------------------------------------------------
|
|
|
|
#ifndef SIGNER_H
|
|
#define SIGNER_H
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
//-------------------------------------------------------------------------
|
|
//
|
|
// Struct to define the file to sign and/or timestamp
|
|
//
|
|
//-------------------------------------------------------------------------
|
|
typedef struct _SIGNER_FILE_INFO
|
|
{
|
|
DWORD cbSize; //Required: should be set to sizeof(SIGNER_FILE_INFO)
|
|
LPCWSTR pwszFileName; //Required: name of the file.
|
|
HANDLE hFile; //Optional: open handle to pwszFileName. If hFile is set
|
|
// to values other than NULL or INVALID_HANDLE_VALUE,
|
|
// this handle is used for access the file instead of pwszFileName
|
|
}SIGNER_FILE_INFO, *PSIGNER_FILE_INFO;
|
|
|
|
|
|
//-------------------------------------------------------------------------
|
|
//
|
|
// Struct to define the BLOB to sign and/or timestamp
|
|
//
|
|
//-------------------------------------------------------------------------
|
|
typedef struct _SIGNER_BLOB_INFO
|
|
{
|
|
DWORD cbSize; //Required: should be set to sizeof(SIGNER_BLOB_INFO)
|
|
GUID *pGuidSubject; //Required: Idenfity the sip functions to load
|
|
DWORD cbBlob; //Required: the size of BLOB, in bytes
|
|
BYTE *pbBlob; //Required: the pointer to the BLOB
|
|
LPCWSTR pwszDisplayName; //Optional: the display name of the BLOB
|
|
}SIGNER_BLOB_INFO, *PSIGNER_BLOB_INFO;
|
|
|
|
//-------------------------------------------------------------------------
|
|
//
|
|
// Struct to define the subject to sign and/or timestamp
|
|
//
|
|
//-------------------------------------------------------------------------
|
|
typedef struct _SIGNER_SUBJECT_INFO
|
|
{
|
|
DWORD cbSize; //Required: should be set to sizeof(SIGNER_SUBJECTINFO)
|
|
DWORD *pdwIndex; //Required: 0 based index of the signature
|
|
// Currently, only 0 is supported
|
|
DWORD dwSubjectChoice; //Required: indicate whether to the subject is a file
|
|
// or a memory BLOB. Can be either SIGNER_SUBJECT_FILE
|
|
// or SIGNER_SUBJECT_BLOB
|
|
union
|
|
{
|
|
SIGNER_FILE_INFO *pSignerFileInfo; //Required if dwSubjectChoice==SIGNER_SUBJECT_FILE
|
|
SIGNER_BLOB_INFO *pSignerBlobInfo; //Required if dwSubhectChoice==SIGNER_SUBJECT_BLOB
|
|
};
|
|
|
|
}SIGNER_SUBJECT_INFO, *PSIGNER_SUBJECT_INFO;
|
|
|
|
#define SIGNER_SUBJECT_FILE 0x01
|
|
#define SIGNER_SUBJECT_BLOB 0x02
|
|
|
|
//-------------------------------------------------------------------------
|
|
//
|
|
// Struct to define attributes of the signature for authenticode
|
|
//
|
|
//-------------------------------------------------------------------------
|
|
typedef struct _SIGNER_ATTR_AUTHCODE
|
|
{
|
|
DWORD cbSize; //Required: should be set to sizeof(SIGNER_ATTR_AUTHCODE)
|
|
BOOL fCommercial; //Required: whether to sign the document as a commercial publisher
|
|
BOOL fIndividual; //Required: whether to sign the document as an individual publisher
|
|
// if both fCommercial and fIndividual are FALSE,
|
|
// the document will be signed with certificate's highest capabitlity
|
|
LPCWSTR pwszName; //Optional: the display name of the file upon download time
|
|
LPCWSTR pwszInfo; //Optional: the display information(URL) of the file upon download time
|
|
}SIGNER_ATTR_AUTHCODE, *PSIGNER_ATTR_AUTHCODE;
|
|
|
|
|
|
//-------------------------------------------------------------------------
|
|
//
|
|
// Struct to define the signature information
|
|
//
|
|
//-------------------------------------------------------------------------
|
|
typedef struct _SIGNER_SIGNATURE_INFO
|
|
{
|
|
DWORD cbSize; //Required: should be set to sizeof(SIGNER_SIGNATURE_INFO)
|
|
ALG_ID algidHash; //Required: the hashing algorithm for signature
|
|
DWORD dwAttrChoice; //Required: indicate the predefined attributes of the signature
|
|
// can be either SIGNER_NO_ATTR or SIGNER_AUTHCODE_ATTR
|
|
union
|
|
{
|
|
SIGNER_ATTR_AUTHCODE *pAttrAuthcode; //Optional: should be set if dwAttrChoide==SIGNER_AUTHCODE_ATTR
|
|
// pre-defined attributes added to the signature
|
|
// Those attributes are related to authenticode
|
|
};
|
|
|
|
PCRYPT_ATTRIBUTES psAuthenticated; //Optional: user supplied authenticated attributes added to the signature
|
|
PCRYPT_ATTRIBUTES psUnauthenticated; //Optional: user supplied unauthenticated attributes added to the signature
|
|
}SIGNER_SIGNATURE_INFO, *PSIGNER_SIGNATURE_INFO;
|
|
|
|
//dwAttrChoice should be one of the following:
|
|
#define SIGNER_NO_ATTR 0x00
|
|
#define SIGNER_AUTHCODE_ATTR 0x01
|
|
|
|
//-------------------------------------------------------------------------
|
|
//
|
|
// Struct to define the cryptographic secutiry provider(CSP) and
|
|
// private key information
|
|
//
|
|
//-------------------------------------------------------------------------
|
|
typedef struct _SIGNER_PROVIDER_INFO
|
|
{
|
|
DWORD cbSize; //Required: should be set of sizeof(SIGNER_PROVIDER_INFO)
|
|
LPCWSTR pwszProviderName; //Required: the name of the CSP provider. NULL means default provider
|
|
DWORD dwProviderType; //Required: the provider type.
|
|
DWORD dwKeySpec; //Required: the specification of the key. This value can be set to 0,
|
|
// which means using the same key specification as in the
|
|
// private key file or keyContainer. If there are more than
|
|
// one key specification in the keyContainer, we will try
|
|
// AT_SIGNATURE, if it fails, try AT_KEYEXCHANGE.
|
|
DWORD dwPvkChoice; //Required: indicate the private key information
|
|
// either PVK_TYPE_FILE_NAME or PVK_TYPE_KEYCONTAINER
|
|
union
|
|
{
|
|
LPWSTR pwszPvkFileName; //Required if dwPvkChoice==PVK_TYPE_FILE_NAME
|
|
LPWSTR pwszKeyContainer; //Required if dwPvkChoice==PVK_TYPE_KEYCONTAINER
|
|
};
|
|
|
|
}SIGNER_PROVIDER_INFO, *PSIGNER_PROVIDER_INFO;
|
|
|
|
|
|
//dwPvkChoice in SIGNER_PKV_INFO should be one of the following:
|
|
#define PVK_TYPE_FILE_NAME 0x01
|
|
#define PVK_TYPE_KEYCONTAINER 0x02
|
|
|
|
//-------------------------------------------------------------------------
|
|
//
|
|
// Struct to define the SPC file and certificate chain used to sign the document
|
|
//
|
|
//-------------------------------------------------------------------------
|
|
typedef struct _SIGNER_SPC_CHAIN_INFO
|
|
{
|
|
DWORD cbSize; //Required: should be set to sizeof(SIGNER_SPC_CHAIN_INFO)
|
|
LPCWSTR pwszSpcFile; //Required: the name of the CSP file to use
|
|
DWORD dwCertPolicy; //Required: the policy of adding certificates to the signature:
|
|
// it can be set with one of the following the following flag:
|
|
// SIGNER_CERT_POLICY_CHAIN: add only the certs in the cert chain
|
|
// SIGNER_CERT_POLICY_CHAIN_NO_ROOT: add only the certs in the cert chain, excluding the root certificate
|
|
//
|
|
// The following flag can be Ored with any of the above flags:
|
|
// SIGNER_CERT_POLICY_STORE: add all the certs in hCertStore
|
|
//
|
|
// When we search for the certificate chain, we search
|
|
// MY, CA, ROOT, SPC store, and also hCertStore if it is set.
|
|
HCERTSTORE hCertStore; //Optional: additional certificate store.
|
|
}SIGNER_SPC_CHAIN_INFO, *PSIGNER_SPC_CHAIN_INFO;
|
|
|
|
//-------------------------------------------------------------------------
|
|
//
|
|
// Struct to define the certificate store used to sign the document
|
|
//
|
|
//-------------------------------------------------------------------------
|
|
typedef struct _SIGNER_CERT_STORE_INFO
|
|
{
|
|
DWORD cbSize; //Required: should be set to sizeof(SIGNER_CERT_STORE_INFO)
|
|
PCCERT_CONTEXT pSigningCert; //Required: the signing certificate context
|
|
DWORD dwCertPolicy; //Required: the policy of adding certificates to the signature:
|
|
// it can be set with one of the following the following flag:
|
|
// SIGNER_CERT_POLICY_CHAIN: add only the certs in the cert chain
|
|
// SIGNER_CERT_POLICY_CHAIN_NO_ROOT: add only the certs in the cert chain, excluding the root certificate
|
|
//
|
|
// The following flag can be Ored with any of the above flags:
|
|
// SIGNER_CERT_POLICY_STORE: add all the certs in hCertStore
|
|
//
|
|
HCERTSTORE hCertStore; //Optional: additional certificate store.
|
|
}SIGNER_CERT_STORE_INFO, *PSIGNER_CERT_STORE_INFO;
|
|
|
|
//dwCertPolicy in SIGNER_CERT_STORE_INFO should be ORed with the following flags:
|
|
#define SIGNER_CERT_POLICY_STORE 0x01
|
|
#define SIGNER_CERT_POLICY_CHAIN 0x02
|
|
#define SIGNER_CERT_POLICY_SPC 0x04
|
|
#define SIGNER_CERT_POLICY_CHAIN_NO_ROOT 0x08
|
|
|
|
//-------------------------------------------------------------------------
|
|
//
|
|
// Struct to define the certificate used to sign the docuemnt. The
|
|
// certificate can be in a SPC file, or in a cert store.
|
|
//
|
|
//-------------------------------------------------------------------------
|
|
typedef struct _SIGNER_CERT
|
|
{
|
|
DWORD cbSize; //Required: should be set to sizeof(SIGNER_CERT)
|
|
DWORD dwCertChoice; //Required: Can be set to one of the following:
|
|
// SIGNER_CERT_SPC_FILE
|
|
// SIGNER_CERT_STORE
|
|
// SIGNER_CERT_SPC_CHAIN
|
|
union
|
|
{
|
|
LPCWSTR pwszSpcFile; //Required if dwCertChoice==SIGNER_CERT_SPC_FILE.
|
|
// the name of the spc file to use
|
|
SIGNER_CERT_STORE_INFO *pCertStoreInfo; //Required if dwCertChoice==SIGNER_CERT_STORE
|
|
// the certificate store to use
|
|
SIGNER_SPC_CHAIN_INFO *pSpcChainInfo; //Required if dwCertChoice==SIGNER_CERT_SPC_CHAIN
|
|
// the name of the spc file and the cert chain
|
|
};
|
|
HWND hwnd; //Optional: The optional window handler for promting user for
|
|
// password of the private key information. NULL means
|
|
// default window
|
|
}SIGNER_CERT, *PSIGNER_CERT;
|
|
|
|
//dwCertChoice in SIGNER_CERT_INFO should be one of the following
|
|
#define SIGNER_CERT_SPC_FILE 0x01
|
|
#define SIGNER_CERT_STORE 0x02
|
|
#define SIGNER_CERT_SPC_CHAIN 0x03
|
|
|
|
//-------------------------------------------------------------------------
|
|
//
|
|
// The signed blob
|
|
//
|
|
//-------------------------------------------------------------------------
|
|
typedef struct _SIGNER_CONTEXT
|
|
{
|
|
DWORD cbSize;
|
|
DWORD cbBlob;
|
|
BYTE *pbBlob;
|
|
}SIGNER_CONTEXT, *PSIGNER_CONTEXT;
|
|
|
|
//+-----------------------------------------------------------------------
|
|
//
|
|
// SignerSign:
|
|
// Sign and/or timestamp a file.
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
HRESULT WINAPI
|
|
SignerSign(
|
|
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be signed and/or timestamped
|
|
IN SIGNER_CERT *pSignerCert, //Required: The signing certificate to use
|
|
IN SIGNER_SIGNATURE_INFO *pSignatureInfo, //Required: The signature information during signing process
|
|
IN SIGNER_PROVIDER_INFO *pProviderInfo, //Optional: The crypto security provider to use.
|
|
// This parameter has to be set unless
|
|
// certStoreInfo is set in *pSignerCert
|
|
// and the signing certificate has provider
|
|
// information associated with it
|
|
IN LPCWSTR pwszHttpTimeStamp, //Optional: Timestamp server http address. If this parameter
|
|
// is set, the file will be timestamped.
|
|
IN PCRYPT_ATTRIBUTES psRequest, //Optional: Attributes added to Time stamp request. Ignored
|
|
// unless pwszHttpTimeStamp is set
|
|
IN LPVOID pSipData //Optional: The additional data passed to sip funcitons
|
|
);
|
|
|
|
//+-----------------------------------------------------------------------
|
|
//
|
|
// SignerSignEx:
|
|
// Sign and/or timestamp a file. This function is the same as SignerSign with
|
|
// exception of the out put parameter ppSignerContext
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
HRESULT WINAPI
|
|
SignerSignEx(
|
|
IN DWORD dwFlags, //Reserved: Has to be set to 0.
|
|
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be signed and/or timestamped
|
|
IN SIGNER_CERT *pSignerCert, //Required: The signing certificate to use
|
|
IN SIGNER_SIGNATURE_INFO *pSignatureInfo, //Required: The signature information during signing process
|
|
IN SIGNER_PROVIDER_INFO *pProviderInfo, //Optional: The crypto security provider to use.
|
|
// This parameter has to be set unless
|
|
// certStoreInfo is set in *pSignerCert
|
|
// and the signing certificate has provider
|
|
// information associated with it
|
|
IN LPCWSTR pwszHttpTimeStamp, //Optional: Timestamp server http address. If this parameter
|
|
// is set, the file will be timestamped.
|
|
IN PCRYPT_ATTRIBUTES psRequest, //Optional: Attributes added to Time stamp request. Ignored
|
|
// unless pwszHttpTimeStamp is set
|
|
IN LPVOID pSipData, //Optional: The additional data passed to sip funcitons
|
|
OUT SIGNER_CONTEXT **ppSignerContext //Optional: The signed BLOB. User has to free
|
|
// the context via SignerFreeSignerContext
|
|
);
|
|
|
|
//+-----------------------------------------------------------------------
|
|
//
|
|
// SignerFreeSignerContext:
|
|
//
|
|
//------------------------------------------------------------------------
|
|
HRESULT WINAPI
|
|
SignerFreeSignerContext(
|
|
IN SIGNER_CONTEXT *pSignerContext //Required: The signerContext to free
|
|
);
|
|
|
|
|
|
//+-----------------------------------------------------------------------
|
|
//
|
|
// SignerTimeStamp:
|
|
// Timestamp a file.
|
|
//
|
|
//------------------------------------------------------------------------
|
|
HRESULT WINAPI
|
|
SignerTimeStamp(
|
|
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be timestamped
|
|
IN LPCWSTR pwszHttpTimeStamp, // Required: timestamp server HTTP address
|
|
IN PCRYPT_ATTRIBUTES psRequest, // Optional, attributes added to the timestamp
|
|
IN LPVOID pSipData // Optional: The additional data passed to sip funcitons
|
|
);
|
|
|
|
//+-----------------------------------------------------------------------
|
|
//
|
|
// SignerTimeStampEx:
|
|
// Timestamp a file. This function is the same as SignerTimeStamp with
|
|
// exception of the out put parameter ppSignerContext
|
|
//
|
|
//------------------------------------------------------------------------
|
|
HRESULT WINAPI
|
|
SignerTimeStampEx(
|
|
IN DWORD dwFlags, //Reserved: Has to be set to 0.
|
|
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be timestamped
|
|
IN LPCWSTR pwszHttpTimeStamp, // Required: timestamp server HTTP address
|
|
IN PCRYPT_ATTRIBUTES psRequest, // Optional, attributes added to the timestamp
|
|
IN LPVOID pSipData, // Optional: The additional data passed to sip funcitons
|
|
OUT SIGNER_CONTEXT **ppSignerContext // Optional: The signed BLOB. User has to free
|
|
// the context via SignerFreeSignerContext
|
|
);
|
|
|
|
|
|
//+-----------------------------------------------------------------------
|
|
//
|
|
// SignerCreateTimeStampRequest:
|
|
// Create a timestamp request for a file.
|
|
//
|
|
// If pbTimestampRequest==NULL, *pcbTimeStampRequest is the size of
|
|
// the timestampRequest, in bytes.
|
|
//
|
|
//------------------------------------------------------------------------
|
|
HRESULT WINAPI
|
|
SignerCreateTimeStampRequest(
|
|
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject based on which to create a timestamp request
|
|
IN PCRYPT_ATTRIBUTES psRequest, // Optional: attributes added to Time stamp request
|
|
IN LPVOID pSipData, // Optional: The additional data passed to sip funcitons
|
|
OUT PBYTE pbTimeStampRequest, // Required: buffer to receive the timestamp request BLOB
|
|
IN OUT DWORD* pcbTimeStampRequest // Required: the number of bytes of the timestamp request BLOB
|
|
);
|
|
|
|
|
|
//+-----------------------------------------------------------------------
|
|
//
|
|
// SignerAddTimeStampResponse:
|
|
// Add the timestamp response from the timestamp server to a signed file.
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
HRESULT WINAPI
|
|
SignerAddTimeStampResponse(
|
|
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to which the timestamp request should be added
|
|
IN PBYTE pbTimeStampResponse, //Required: the timestamp response BLOB
|
|
IN DWORD cbTimeStampResponse, //Required: the size of the tiemstamp response BLOB
|
|
IN LPVOID pSipData //Optional: The additional data passed to sip funcitons
|
|
);
|
|
|
|
|
|
//+-----------------------------------------------------------------------
|
|
//
|
|
// SignerAddTimeStampResponseEx:
|
|
// Add the timestamp response from the timestamp server to a signed file.
|
|
// This function is the same as SignerTimeStamp with
|
|
// exception of the out put parameter ppSignerContext
|
|
//------------------------------------------------------------------------
|
|
|
|
HRESULT WINAPI
|
|
SignerAddTimeStampResponseEx(
|
|
IN DWORD dwFlags, //Reserved: Has to be set to 0.
|
|
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to which the timestamp request should be added
|
|
IN PBYTE pbTimeStampResponse, //Required: the timestamp response BLOB
|
|
IN DWORD cbTimeStampResponse, //Required: the size of the tiemstamp response BLOB
|
|
IN LPVOID pSipData, //Optional: The additional data passed to sip funcitons
|
|
OUT SIGNER_CONTEXT **ppSignerContext // Optional: The signed BLOB. User has to free
|
|
// the context via SignerFreeSignerContext
|
|
);
|
|
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif // SIGNER_H
|
|
|