windows-nt/Source/XPSP1/NT/public/sdk/inc/mssip.h

460 lines
19 KiB
C
Raw Permalink Normal View History

2020-09-26 03:20:57 -05:00
//+-------------------------------------------------------------------------
//
// Microsoft Windows - Internet Security
//
// Copyright (C) Microsoft Corporation, 1996 - 1997
//
// File: mssip.h
//
// Contents: Microsoft SIP Provider Main Include File
//
// History: 19-Feb-1997 pberkman Created
//
//--------------------------------------------------------------------------
#ifndef MSSIP_H
#define MSSIP_H
#ifdef __cplusplus
extern "C"
{
#endif
#pragma pack (8)
typedef CRYPT_HASH_BLOB CRYPT_DIGEST_DATA;
//
// dwflags
//
#define MSSIP_FLAGS_PROHIBIT_RESIZE_ON_CREATE 0x00010000
#define MSSIP_FLAGS_USE_CATALOG 0x00020000
#define SPC_INC_PE_RESOURCES_FLAG 0x80
#define SPC_INC_PE_DEBUG_INFO_FLAG 0x40
#define SPC_INC_PE_IMPORT_ADDR_TABLE_FLAG 0x20
//////////////////////////////////////////////////////////////////////////////
//
// SIP_SUBJECTINFO
//----------------------------------------------------------------------------
// pass this structure to all defined SIPs. Make sure to initialize
// the ENTIRE structure to binary zero before the FIRST call is made. Do
// not initialize it BETWEEN calls!
//
typedef struct SIP_SUBJECTINFO_
{
DWORD cbSize; // set to sizeof(SIP_SUBJECTINFO)
GUID *pgSubjectType; // subject type
HANDLE hFile; // set to File handle that represents the subject
// set to INVALID_HANDLE VALUE to allow
// SIP to use pwsFileName for persistent
// storage types (will handle open/close)
LPCWSTR pwsFileName; // set to file name
LPCWSTR pwsDisplayName; // optional: set to display name of
// subject.
DWORD dwReserved1; // do not use!
DWORD dwIntVersion; // DO NOT SET OR CLEAR THIS.
// This member is used by the sip for
// passing the internal version number
// between the ..get and verify... functions.
HCRYPTPROV hProv;
CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm;
DWORD dwFlags;
DWORD dwEncodingType;
DWORD dwReserved2; // do not use!
DWORD fdwCAPISettings; // setreg settings
DWORD fdwSecuritySettings; // IE security settings
DWORD dwIndex; // message index of last "Get"
DWORD dwUnionChoice;
# define MSSIP_ADDINFO_NONE 0
# define MSSIP_ADDINFO_FLAT 1
# define MSSIP_ADDINFO_CATMEMBER 2
# define MSSIP_ADDINFO_BLOB 3
# define MSSIP_ADDINFO_NONMSSIP 500 // everything < is reserved by MS.
union
{
struct MS_ADDINFO_FLAT_ *psFlat;
struct MS_ADDINFO_CATALOGMEMBER_ *psCatMember;
struct MS_ADDINFO_BLOB_ *psBlob;
};
LPVOID pClientData; // data pased in from client to SIP
} SIP_SUBJECTINFO, *LPSIP_SUBJECTINFO;
//////////////////////////////////////////////////////////////////////////////
//
// MS_ADDINFO_FLAT
//----------------------------------------------------------------------------
// Flat or End-To-End types
// needed for flat type files during indirect calls
// "Digest" of file.
//
typedef struct MS_ADDINFO_FLAT_
{
DWORD cbStruct;
struct SIP_INDIRECT_DATA_ *pIndirectData;
} MS_ADDINFO_FLAT, *PMS_ADDINFO_FLAT;
//////////////////////////////////////////////////////////////////////////////
//
// MS_ADDINFO_CATALOGMEMBER
//----------------------------------------------------------------------------
// Catalog Member verification.
//
typedef struct MS_ADDINFO_CATALOGMEMBER_
{
DWORD cbStruct; // = sizeof(MS_ADDINFO_CATALOGMEMBER)
struct CRYPTCATSTORE_ *pStore; // defined in mscat.h
struct CRYPTCATMEMBER_ *pMember; // defined in mscat.h
} MS_ADDINFO_CATALOGMEMBER, *PMS_ADDINFO_CATALOGMEMBER;
//////////////////////////////////////////////////////////////////////////////
//
// MS_ADDINFO_BLOB
//----------------------------------------------------------------------------
// Memory "blob" verification.
//
typedef struct MS_ADDINFO_BLOB_
{
DWORD cbStruct;
DWORD cbMemObject;
BYTE *pbMemObject;
DWORD cbMemSignedMsg;
BYTE *pbMemSignedMsg;
} MS_ADDINFO_BLOB, *PMS_ADDINFO_BLOB;
//////////////////////////////////////////////////////////////////////////////
//
// SIP_INDIRECT_DATA
//----------------------------------------------------------------------------
// Indirect data structure is used to store the hash of the subject
// along with data that is relevant to the subject. This can include
// names etc.
//
typedef struct SIP_INDIRECT_DATA_
{
CRYPT_ATTRIBUTE_TYPE_VALUE Data; // Encoded attribute
CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm; // Digest algorithm used to hash
CRYPT_HASH_BLOB Digest; // Hash of subject
} SIP_INDIRECT_DATA, *PSIP_INDIRECT_DATA;
#pragma pack()
//////////////////////////////////////////////////////////////////////////////
//
// CryptSIPGetSignedDataMsg
//----------------------------------------------------------------------------
// Returns the message specified by the index count. Data, specific to
// the subject is passed in through pSubjectInfo. To retrieve the
// size of the signature, set pbData to NULL.
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
// Last Errors:
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
// ERROR_INVALID_PARAMETER: bad argument passed in
// ERROR_BAD_FORMAT: file/data format is not correct
// for the requested SIP.
// CRYPT_E_NO_MATCH: the signature could not be found
// based on the dwIndex provided.
// ERROR_INSUFFICIENT_BUFFER: the pbSignedDataMsg was not big
// enough to hold the data. pcbSignedDataMsg
// contains the required size.
//
extern BOOL WINAPI CryptSIPGetSignedDataMsg(
IN SIP_SUBJECTINFO *pSubjectInfo,
OUT DWORD *pdwEncodingType,
IN DWORD dwIndex,
IN OUT DWORD *pcbSignedDataMsg,
OUT BYTE *pbSignedDataMsg);
typedef BOOL (WINAPI * pCryptSIPGetSignedDataMsg)(
IN SIP_SUBJECTINFO *pSubjectInfo,
OUT DWORD *pdwEncodingType,
IN DWORD dwIndex,
IN OUT DWORD *pcbSignedDataMsg,
OUT BYTE *pbSignedDataMsg);
//////////////////////////////////////////////////////////////////////////////
//
// CryptSIPPuttSignedDataMsg
//----------------------------------------------------------------------------
// Adds a signature to the subject. The index that it was
// stored with is returned for future reference.
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
// Last Errors:
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
// CRYPT_E_BAD_LEN: the length specified in
// psData->dwSignature was
// insufficient.
// CRYPT_E_NO_MATCH: could not find the specified index
// ERROR_INVALID_PARAMETER: bad argument passed in
// ERROR_BAD_FORMAT: file/data format is not correct
// for the requested SIP.
// CRYPT_E_FILERESIZED: returned when signing a fixed-length
// file (e.g.: CABs) and the message
// is larger than the pre-allocated
// size. The 'put' function will re-
// size the file and return this error.
// The CreateIndirect function MUST be
// called again to recalculate the
// indirect data (hash). Then, call the
// 'put' function again.
//
extern BOOL WINAPI CryptSIPPutSignedDataMsg(
IN SIP_SUBJECTINFO *pSubjectInfo,
IN DWORD dwEncodingType,
OUT DWORD *pdwIndex,
IN DWORD cbSignedDataMsg,
IN BYTE *pbSignedDataMsg);
typedef BOOL (WINAPI * pCryptSIPPutSignedDataMsg)(
IN SIP_SUBJECTINFO *pSubjectInfo,
IN DWORD dwEncodingType,
OUT DWORD *pdwIndex,
IN DWORD cbSignedDataMsg,
IN BYTE *pbSignedDataMsg);
//////////////////////////////////////////////////////////////////////////////
//
// CryptSIPCreateIndirectData
//----------------------------------------------------------------------------
// Returns a PSIP_INDIRECT_DATA structure filled in the hash, digest alogrithm
// and an encoded attribute. If pcIndirectData points to a DWORD and
// psIndirect data points to null the the size of the data should be returned
// in pcIndirectData.
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
// Last Errors:
// NTE_BAD_ALGID: Bad Algorithm Identifyer
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
// ERROR_INVALID_PARAMETER: bad argument passed in
// ERROR_BAD_FORMAT: file/data format is not correct
// for the requested SIP.
//
extern BOOL WINAPI CryptSIPCreateIndirectData(
IN SIP_SUBJECTINFO *pSubjectInfo,
IN OUT DWORD *pcbIndirectData,
OUT SIP_INDIRECT_DATA *pIndirectData);
typedef BOOL (WINAPI * pCryptSIPCreateIndirectData)(
IN SIP_SUBJECTINFO *pSubjectInfo,
IN OUT DWORD *pcbIndirectData,
OUT SIP_INDIRECT_DATA *pIndirectData);
//////////////////////////////////////////////////////////////////////////////
//
// CryptSIPVerifyIndirectData
//----------------------------------------------------------------------------
// Takes the information stored in the indirect data and compares it to the
// subject.
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
// Last Errors:
// NTE_BAD_ALGID: Bad Algorithm Identifyer
// ERROR_NOT_ENOUGH_MEMORY: error allocating memory
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
// CRYPT_E_NO_MATCH: could not find the specified index
// CRYPT_E_SECURITY_SETTINGS: due to security settings, the file
// was not verified.
// ERROR_INVALID_PARAMETER: bad argument passed in
// ERROR_BAD_FORMAT: file/data format is not correct
// for the requested SIP.
extern BOOL WINAPI CryptSIPVerifyIndirectData(
IN SIP_SUBJECTINFO *pSubjectInfo,
IN SIP_INDIRECT_DATA *pIndirectData);
typedef BOOL (WINAPI * pCryptSIPVerifyIndirectData)(
IN SIP_SUBJECTINFO *pSubjectInfo,
IN SIP_INDIRECT_DATA *pIndirectData);
//////////////////////////////////////////////////////////////////////////////
//
// CryptSIPRemoveSignedDataMsg
//----------------------------------------------------------------------------
// Removes the signature at the specified index
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
// Last Errors:
// TRUST_E_SUBJECT_FORM_UNKNOWN: unknown subject type.
// CRYPT_E_NO_MATCH: could not find the specified index
// ERROR_INVALID_PARAMETER: bad argument passed in
// ERROR_BAD_FORMAT: file/data format is not correct
// for the requested SIP.
//
extern BOOL WINAPI CryptSIPRemoveSignedDataMsg(
IN SIP_SUBJECTINFO *pSubjectInfo,
IN DWORD dwIndex);
typedef BOOL (WINAPI * pCryptSIPRemoveSignedDataMsg)(
IN SIP_SUBJECTINFO *pSubjectInfo,
IN DWORD dwIndex);
#pragma pack(8)
//////////////////////////////////////////////////////////////////////////////
//
// SIP_DISPATCH_INFO
//----------------------------------------------------------------------------
//
typedef struct SIP_DISPATCH_INFO_
{
DWORD cbSize; // = sizeof(SIP_DISPATCH_INFO)
HANDLE hSIP; // used internal
pCryptSIPGetSignedDataMsg pfGet;
pCryptSIPPutSignedDataMsg pfPut;
pCryptSIPCreateIndirectData pfCreate;
pCryptSIPVerifyIndirectData pfVerify;
pCryptSIPRemoveSignedDataMsg pfRemove;
} SIP_DISPATCH_INFO, *LPSIP_DISPATCH_INFO;
//
// the sip exports this function to allow verification and signing
// processes to pass in the file handle and check if the sip supports
// this type of file. if it does, the sip will return TRUE and fill
// out the pgSubject with the appropiate GUID.
//
typedef BOOL (WINAPI *pfnIsFileSupported)(IN HANDLE hFile,
OUT GUID *pgSubject);
typedef BOOL (WINAPI *pfnIsFileSupportedName)(IN WCHAR *pwszFileName,
OUT GUID *pgSubject);
typedef struct SIP_ADD_NEWPROVIDER_
{
DWORD cbStruct;
GUID *pgSubject;
WCHAR *pwszDLLFileName;
WCHAR *pwszMagicNumber; // optional
WCHAR *pwszIsFunctionName; // optiona: pfnIsFileSupported
WCHAR *pwszGetFuncName;
WCHAR *pwszPutFuncName;
WCHAR *pwszCreateFuncName;
WCHAR *pwszVerifyFuncName;
WCHAR *pwszRemoveFuncName;
WCHAR *pwszIsFunctionNameFmt2; // optiona: pfnIsFileSupported
} SIP_ADD_NEWPROVIDER, *PSIP_ADD_NEWPROVIDER;
#define SIP_MAX_MAGIC_NUMBER 4
#pragma pack()
//////////////////////////////////////////////////////////////////////////////
//
// CryptLoadSIP
//----------------------------------------------------------------------------
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
extern BOOL WINAPI CryptSIPLoad(IN const GUID *pgSubject, // GUID for the requried sip
IN DWORD dwFlags, // Reserved - MUST BE ZERO
IN OUT SIP_DISPATCH_INFO *pSipDispatch); // Table of functions
//////////////////////////////////////////////////////////////////////////////
//
// CryptSIPRetrieveSubjectGuid (defined in crypt32.dll)
//----------------------------------------------------------------------------
// looks at the file's "Magic Number" and tries to determine which
// SIP's object ID is right for the file type.
//
// NOTE: This function only supports the MSSIP32.DLL set of SIPs.
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
extern BOOL WINAPI CryptSIPRetrieveSubjectGuid(IN LPCWSTR FileName, // wide file name
IN OPTIONAL HANDLE hFileIn, // or handle of open file
OUT GUID *pgSubject); // defined SIP's GUID
//////////////////////////////////////////////////////////////////////////////
//
// CryptSIPRetrieveSubjectGuidForCatalogFile (defined in crypt32.dll)
//----------------------------------------------------------------------------
// looks at the file's "Magic Number" and tries to determine which
// SIP's object ID is right for the file type.
//
// NOTE: This function only supports SIPs that are used for catalog files (either PE, CAB, or flat).
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
extern BOOL WINAPI CryptSIPRetrieveSubjectGuidForCatalogFile(IN LPCWSTR FileName, // wide file name
IN OPTIONAL HANDLE hFileIn, // or handle of open file
OUT GUID *pgSubject); // defined SIP's GUID
//////////////////////////////////////////////////////////////////////////////
//
// CryptSIPAddProvider
//----------------------------------------------------------------------------
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
extern BOOL WINAPI CryptSIPAddProvider(IN SIP_ADD_NEWPROVIDER *psNewProv);
//////////////////////////////////////////////////////////////////////////////
//
// CryptSIPRemoveProvider
//----------------------------------------------------------------------------
//
// Returns:
// TRUE: No fatal errors
// FALSE: Errors occured. See GetLastError()
//
extern BOOL WINAPI CryptSIPRemoveProvider(IN GUID *pgProv);
#ifdef __cplusplus
}
#endif
#endif // MSSIP_H