windows-nt/Source/XPSP1/NT/ds/security/inc/signer.h

398 lines
18 KiB
C
Raw Normal View History

2020-09-26 03:20:57 -05:00
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1999
//
// File: signer.h
//
// Contents: Digital Signing APIs
//
// History: June-25-1997 Xiaohs Created
//----------------------------------------------------------------------------
#ifndef SIGNER_H
#define SIGNER_H
#ifdef __cplusplus
extern "C" {
#endif
//-------------------------------------------------------------------------
//
// Struct to define the file to sign and/or timestamp
//
//-------------------------------------------------------------------------
typedef struct _SIGNER_FILE_INFO
{
DWORD cbSize; //Required: should be set to sizeof(SIGNER_FILE_INFO)
LPCWSTR pwszFileName; //Required: name of the file.
HANDLE hFile; //Optional: open handle to pwszFileName. If hFile is set
// to values other than NULL or INVALID_HANDLE_VALUE,
// this handle is used for access the file instead of pwszFileName
}SIGNER_FILE_INFO, *PSIGNER_FILE_INFO;
//-------------------------------------------------------------------------
//
// Struct to define the BLOB to sign and/or timestamp
//
//-------------------------------------------------------------------------
typedef struct _SIGNER_BLOB_INFO
{
DWORD cbSize; //Required: should be set to sizeof(SIGNER_BLOB_INFO)
GUID *pGuidSubject; //Required: Idenfity the sip functions to load
DWORD cbBlob; //Required: the size of BLOB, in bytes
BYTE *pbBlob; //Required: the pointer to the BLOB
LPCWSTR pwszDisplayName; //Optional: the display name of the BLOB
}SIGNER_BLOB_INFO, *PSIGNER_BLOB_INFO;
//-------------------------------------------------------------------------
//
// Struct to define the subject to sign and/or timestamp
//
//-------------------------------------------------------------------------
typedef struct _SIGNER_SUBJECT_INFO
{
DWORD cbSize; //Required: should be set to sizeof(SIGNER_SUBJECTINFO)
DWORD *pdwIndex; //Required: 0 based index of the signature
// Currently, only 0 is supported
DWORD dwSubjectChoice; //Required: indicate whether to the subject is a file
// or a memory BLOB. Can be either SIGNER_SUBJECT_FILE
// or SIGNER_SUBJECT_BLOB
union
{
SIGNER_FILE_INFO *pSignerFileInfo; //Required if dwSubjectChoice==SIGNER_SUBJECT_FILE
SIGNER_BLOB_INFO *pSignerBlobInfo; //Required if dwSubhectChoice==SIGNER_SUBJECT_BLOB
};
}SIGNER_SUBJECT_INFO, *PSIGNER_SUBJECT_INFO;
#define SIGNER_SUBJECT_FILE 0x01
#define SIGNER_SUBJECT_BLOB 0x02
//-------------------------------------------------------------------------
//
// Struct to define attributes of the signature for authenticode
//
//-------------------------------------------------------------------------
typedef struct _SIGNER_ATTR_AUTHCODE
{
DWORD cbSize; //Required: should be set to sizeof(SIGNER_ATTR_AUTHCODE)
BOOL fCommercial; //Required: whether to sign the document as a commercial publisher
BOOL fIndividual; //Required: whether to sign the document as an individual publisher
// if both fCommercial and fIndividual are FALSE,
// the document will be signed with certificate's highest capabitlity
LPCWSTR pwszName; //Optional: the display name of the file upon download time
LPCWSTR pwszInfo; //Optional: the display information(URL) of the file upon download time
}SIGNER_ATTR_AUTHCODE, *PSIGNER_ATTR_AUTHCODE;
//-------------------------------------------------------------------------
//
// Struct to define the signature information
//
//-------------------------------------------------------------------------
typedef struct _SIGNER_SIGNATURE_INFO
{
DWORD cbSize; //Required: should be set to sizeof(SIGNER_SIGNATURE_INFO)
ALG_ID algidHash; //Required: the hashing algorithm for signature
DWORD dwAttrChoice; //Required: indicate the predefined attributes of the signature
// can be either SIGNER_NO_ATTR or SIGNER_AUTHCODE_ATTR
union
{
SIGNER_ATTR_AUTHCODE *pAttrAuthcode; //Optional: should be set if dwAttrChoide==SIGNER_AUTHCODE_ATTR
// pre-defined attributes added to the signature
// Those attributes are related to authenticode
};
PCRYPT_ATTRIBUTES psAuthenticated; //Optional: user supplied authenticated attributes added to the signature
PCRYPT_ATTRIBUTES psUnauthenticated; //Optional: user supplied unauthenticated attributes added to the signature
}SIGNER_SIGNATURE_INFO, *PSIGNER_SIGNATURE_INFO;
//dwAttrChoice should be one of the following:
#define SIGNER_NO_ATTR 0x00
#define SIGNER_AUTHCODE_ATTR 0x01
//-------------------------------------------------------------------------
//
// Struct to define the cryptographic secutiry provider(CSP) and
// private key information
//
//-------------------------------------------------------------------------
typedef struct _SIGNER_PROVIDER_INFO
{
DWORD cbSize; //Required: should be set of sizeof(SIGNER_PROVIDER_INFO)
LPCWSTR pwszProviderName; //Required: the name of the CSP provider. NULL means default provider
DWORD dwProviderType; //Required: the provider type.
DWORD dwKeySpec; //Required: the specification of the key. This value can be set to 0,
// which means using the same key specification as in the
// private key file or keyContainer. If there are more than
// one key specification in the keyContainer, we will try
// AT_SIGNATURE, if it fails, try AT_KEYEXCHANGE.
DWORD dwPvkChoice; //Required: indicate the private key information
// either PVK_TYPE_FILE_NAME or PVK_TYPE_KEYCONTAINER
union
{
LPWSTR pwszPvkFileName; //Required if dwPvkChoice==PVK_TYPE_FILE_NAME
LPWSTR pwszKeyContainer; //Required if dwPvkChoice==PVK_TYPE_KEYCONTAINER
};
}SIGNER_PROVIDER_INFO, *PSIGNER_PROVIDER_INFO;
//dwPvkChoice in SIGNER_PKV_INFO should be one of the following:
#define PVK_TYPE_FILE_NAME 0x01
#define PVK_TYPE_KEYCONTAINER 0x02
//-------------------------------------------------------------------------
//
// Struct to define the SPC file and certificate chain used to sign the document
//
//-------------------------------------------------------------------------
typedef struct _SIGNER_SPC_CHAIN_INFO
{
DWORD cbSize; //Required: should be set to sizeof(SIGNER_SPC_CHAIN_INFO)
LPCWSTR pwszSpcFile; //Required: the name of the CSP file to use
DWORD dwCertPolicy; //Required: the policy of adding certificates to the signature:
// it can be set with one of the following the following flag:
// SIGNER_CERT_POLICY_CHAIN: add only the certs in the cert chain
// SIGNER_CERT_POLICY_CHAIN_NO_ROOT: add only the certs in the cert chain, excluding the root certificate
//
// The following flag can be Ored with any of the above flags:
// SIGNER_CERT_POLICY_STORE: add all the certs in hCertStore
//
// When we search for the certificate chain, we search
// MY, CA, ROOT, SPC store, and also hCertStore if it is set.
HCERTSTORE hCertStore; //Optional: additional certificate store.
}SIGNER_SPC_CHAIN_INFO, *PSIGNER_SPC_CHAIN_INFO;
//-------------------------------------------------------------------------
//
// Struct to define the certificate store used to sign the document
//
//-------------------------------------------------------------------------
typedef struct _SIGNER_CERT_STORE_INFO
{
DWORD cbSize; //Required: should be set to sizeof(SIGNER_CERT_STORE_INFO)
PCCERT_CONTEXT pSigningCert; //Required: the signing certificate context
DWORD dwCertPolicy; //Required: the policy of adding certificates to the signature:
// it can be set with one of the following the following flag:
// SIGNER_CERT_POLICY_CHAIN: add only the certs in the cert chain
// SIGNER_CERT_POLICY_CHAIN_NO_ROOT: add only the certs in the cert chain, excluding the root certificate
//
// The following flag can be Ored with any of the above flags:
// SIGNER_CERT_POLICY_STORE: add all the certs in hCertStore
//
HCERTSTORE hCertStore; //Optional: additional certificate store.
}SIGNER_CERT_STORE_INFO, *PSIGNER_CERT_STORE_INFO;
//dwCertPolicy in SIGNER_CERT_STORE_INFO should be ORed with the following flags:
#define SIGNER_CERT_POLICY_STORE 0x01
#define SIGNER_CERT_POLICY_CHAIN 0x02
#define SIGNER_CERT_POLICY_SPC 0x04
#define SIGNER_CERT_POLICY_CHAIN_NO_ROOT 0x08
//-------------------------------------------------------------------------
//
// Struct to define the certificate used to sign the docuemnt. The
// certificate can be in a SPC file, or in a cert store.
//
//-------------------------------------------------------------------------
typedef struct _SIGNER_CERT
{
DWORD cbSize; //Required: should be set to sizeof(SIGNER_CERT)
DWORD dwCertChoice; //Required: Can be set to one of the following:
// SIGNER_CERT_SPC_FILE
// SIGNER_CERT_STORE
// SIGNER_CERT_SPC_CHAIN
union
{
LPCWSTR pwszSpcFile; //Required if dwCertChoice==SIGNER_CERT_SPC_FILE.
// the name of the spc file to use
SIGNER_CERT_STORE_INFO *pCertStoreInfo; //Required if dwCertChoice==SIGNER_CERT_STORE
// the certificate store to use
SIGNER_SPC_CHAIN_INFO *pSpcChainInfo; //Required if dwCertChoice==SIGNER_CERT_SPC_CHAIN
// the name of the spc file and the cert chain
};
HWND hwnd; //Optional: The optional window handler for promting user for
// password of the private key information. NULL means
// default window
}SIGNER_CERT, *PSIGNER_CERT;
//dwCertChoice in SIGNER_CERT_INFO should be one of the following
#define SIGNER_CERT_SPC_FILE 0x01
#define SIGNER_CERT_STORE 0x02
#define SIGNER_CERT_SPC_CHAIN 0x03
//-------------------------------------------------------------------------
//
// The signed blob
//
//-------------------------------------------------------------------------
typedef struct _SIGNER_CONTEXT
{
DWORD cbSize;
DWORD cbBlob;
BYTE *pbBlob;
}SIGNER_CONTEXT, *PSIGNER_CONTEXT;
//+-----------------------------------------------------------------------
//
// SignerSign:
// Sign and/or timestamp a file.
//
//------------------------------------------------------------------------
HRESULT WINAPI
SignerSign(
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be signed and/or timestamped
IN SIGNER_CERT *pSignerCert, //Required: The signing certificate to use
IN SIGNER_SIGNATURE_INFO *pSignatureInfo, //Required: The signature information during signing process
IN SIGNER_PROVIDER_INFO *pProviderInfo, //Optional: The crypto security provider to use.
// This parameter has to be set unless
// certStoreInfo is set in *pSignerCert
// and the signing certificate has provider
// information associated with it
IN LPCWSTR pwszHttpTimeStamp, //Optional: Timestamp server http address. If this parameter
// is set, the file will be timestamped.
IN PCRYPT_ATTRIBUTES psRequest, //Optional: Attributes added to Time stamp request. Ignored
// unless pwszHttpTimeStamp is set
IN LPVOID pSipData //Optional: The additional data passed to sip funcitons
);
//+-----------------------------------------------------------------------
//
// SignerSignEx:
// Sign and/or timestamp a file. This function is the same as SignerSign with
// exception of the out put parameter ppSignerContext
//
//------------------------------------------------------------------------
HRESULT WINAPI
SignerSignEx(
IN DWORD dwFlags, //Reserved: Has to be set to 0.
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be signed and/or timestamped
IN SIGNER_CERT *pSignerCert, //Required: The signing certificate to use
IN SIGNER_SIGNATURE_INFO *pSignatureInfo, //Required: The signature information during signing process
IN SIGNER_PROVIDER_INFO *pProviderInfo, //Optional: The crypto security provider to use.
// This parameter has to be set unless
// certStoreInfo is set in *pSignerCert
// and the signing certificate has provider
// information associated with it
IN LPCWSTR pwszHttpTimeStamp, //Optional: Timestamp server http address. If this parameter
// is set, the file will be timestamped.
IN PCRYPT_ATTRIBUTES psRequest, //Optional: Attributes added to Time stamp request. Ignored
// unless pwszHttpTimeStamp is set
IN LPVOID pSipData, //Optional: The additional data passed to sip funcitons
OUT SIGNER_CONTEXT **ppSignerContext //Optional: The signed BLOB. User has to free
// the context via SignerFreeSignerContext
);
//+-----------------------------------------------------------------------
//
// SignerFreeSignerContext:
//
//------------------------------------------------------------------------
HRESULT WINAPI
SignerFreeSignerContext(
IN SIGNER_CONTEXT *pSignerContext //Required: The signerContext to free
);
//+-----------------------------------------------------------------------
//
// SignerTimeStamp:
// Timestamp a file.
//
//------------------------------------------------------------------------
HRESULT WINAPI
SignerTimeStamp(
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be timestamped
IN LPCWSTR pwszHttpTimeStamp, // Required: timestamp server HTTP address
IN PCRYPT_ATTRIBUTES psRequest, // Optional, attributes added to the timestamp
IN LPVOID pSipData // Optional: The additional data passed to sip funcitons
);
//+-----------------------------------------------------------------------
//
// SignerTimeStampEx:
// Timestamp a file. This function is the same as SignerTimeStamp with
// exception of the out put parameter ppSignerContext
//
//------------------------------------------------------------------------
HRESULT WINAPI
SignerTimeStampEx(
IN DWORD dwFlags, //Reserved: Has to be set to 0.
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to be timestamped
IN LPCWSTR pwszHttpTimeStamp, // Required: timestamp server HTTP address
IN PCRYPT_ATTRIBUTES psRequest, // Optional, attributes added to the timestamp
IN LPVOID pSipData, // Optional: The additional data passed to sip funcitons
OUT SIGNER_CONTEXT **ppSignerContext // Optional: The signed BLOB. User has to free
// the context via SignerFreeSignerContext
);
//+-----------------------------------------------------------------------
//
// SignerCreateTimeStampRequest:
// Create a timestamp request for a file.
//
// If pbTimestampRequest==NULL, *pcbTimeStampRequest is the size of
// the timestampRequest, in bytes.
//
//------------------------------------------------------------------------
HRESULT WINAPI
SignerCreateTimeStampRequest(
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject based on which to create a timestamp request
IN PCRYPT_ATTRIBUTES psRequest, // Optional: attributes added to Time stamp request
IN LPVOID pSipData, // Optional: The additional data passed to sip funcitons
OUT PBYTE pbTimeStampRequest, // Required: buffer to receive the timestamp request BLOB
IN OUT DWORD* pcbTimeStampRequest // Required: the number of bytes of the timestamp request BLOB
);
//+-----------------------------------------------------------------------
//
// SignerAddTimeStampResponse:
// Add the timestamp response from the timestamp server to a signed file.
//
//------------------------------------------------------------------------
HRESULT WINAPI
SignerAddTimeStampResponse(
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to which the timestamp request should be added
IN PBYTE pbTimeStampResponse, //Required: the timestamp response BLOB
IN DWORD cbTimeStampResponse, //Required: the size of the tiemstamp response BLOB
IN LPVOID pSipData //Optional: The additional data passed to sip funcitons
);
//+-----------------------------------------------------------------------
//
// SignerAddTimeStampResponseEx:
// Add the timestamp response from the timestamp server to a signed file.
// This function is the same as SignerTimeStamp with
// exception of the out put parameter ppSignerContext
//------------------------------------------------------------------------
HRESULT WINAPI
SignerAddTimeStampResponseEx(
IN DWORD dwFlags, //Reserved: Has to be set to 0.
IN SIGNER_SUBJECT_INFO *pSubjectInfo, //Required: The subject to which the timestamp request should be added
IN PBYTE pbTimeStampResponse, //Required: the timestamp response BLOB
IN DWORD cbTimeStampResponse, //Required: the size of the tiemstamp response BLOB
IN LPVOID pSipData, //Optional: The additional data passed to sip funcitons
OUT SIGNER_CONTEXT **ppSignerContext // Optional: The signed BLOB. User has to free
// the context via SignerFreeSignerContext
);
#ifdef __cplusplus
}
#endif
#endif // SIGNER_H