1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
// Licensed under the Apache License, Version 2.0
// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
// All files in the project carrying such notice may not be copied, modified, or distributed
// except according to those terms.
//! Microsoft SIP Provider Prototypes and Definitions
use shared::guiddef::GUID;
use shared::minwindef::{BOOL, BYTE, DWORD, LPVOID};
use um::mscat::{CRYPTCATMEMBER, CRYPTCATSTORE};
use um::wincrypt::{
CRYPT_ALGORITHM_IDENTIFIER, CRYPT_ATTRIBUTE_TYPE_VALUE, CRYPT_HASH_BLOB, HCRYPTPROV,
};
use um::winnt::{HANDLE, LPCWSTR, PWSTR, WCHAR};
pub type CRYPT_DIGEST_DATA = CRYPT_HASH_BLOB;
pub const MSSIP_FLAGS_PROHIBIT_RESIZE_ON_CREATE: DWORD = 0x00010000;
pub const MSSIP_FLAGS_USE_CATALOG: DWORD = 0x00020000;
pub const MSSIP_FLAGS_MULTI_HASH: DWORD = 0x00040000;
pub const SPC_INC_PE_RESOURCES_FLAG: DWORD = 0x80;
pub const SPC_INC_PE_DEBUG_INFO_FLAG: DWORD = 0x40;
pub const SPC_INC_PE_IMPORT_ADDR_TABLE_FLAG: DWORD = 0x20;
pub const SPC_EXC_PE_PAGE_HASHES_FLAG: DWORD = 0x10;
pub const SPC_INC_PE_PAGE_HASHES_FLAG: DWORD = 0x100;
pub const SPC_DIGEST_GENERATE_FLAG: DWORD = 0x200;
pub const SPC_DIGEST_SIGN_FLAG: DWORD = 0x400;
pub const SPC_RELAXED_PE_MARKER_CHECK: DWORD = 0x800;
pub const SPC_MARKER_CHECK_SKIP_SIP_INDIRECT_DATA_FLAG: DWORD = 0x00000001;
pub const SPC_MARKER_CHECK_CURRENTLY_SUPPORTED_FLAGS: DWORD
= SPC_MARKER_CHECK_SKIP_SIP_INDIRECT_DATA_FLAG;
pub const MSSIP_ADDINFO_NONE: DWORD = 0;
pub const MSSIP_ADDINFO_FLAT: DWORD = 1;
pub const MSSIP_ADDINFO_CATMEMBER: DWORD = 2;
pub const MSSIP_ADDINFO_BLOB: DWORD = 3;
pub const MSSIP_ADDINFO_NONMSSIP: DWORD = 500;
UNION!{union SIP_SUBJECTINFO_u {
[usize; 1],
psFlat psFlat_mut: *mut MS_ADDINFO_FLAT,
psCatMember psCatMember_mut: *mut MS_ADDINFO_CATALOGMEMBER,
psBlob psBlob_mut: *mut MS_ADDINFO_BLOB,
}}
STRUCT!{struct SIP_SUBJECTINFO {
cbSize: DWORD,
pgSubjectType: *mut GUID,
hFile: HANDLE,
pwsFileName: LPCWSTR,
pwsDisplayName: LPCWSTR,
dwReserved1: DWORD,
dwIntVersion: DWORD,
hProv: HCRYPTPROV,
DigestAlgorithm: CRYPT_ALGORITHM_IDENTIFIER,
dwFlags: DWORD,
dwEncodingType: DWORD,
dwReserved2: DWORD,
fdwCAPISettings: DWORD,
fdwSecuritySettings: DWORD,
dwIndex: DWORD,
dwUnionChoice: DWORD,
u: SIP_SUBJECTINFO_u,
pClientData: LPVOID,
}}
pub type LPSIP_SUBJECTINFO = *mut SIP_SUBJECTINFO;
STRUCT!{struct MS_ADDINFO_FLAT {
cbStruct: DWORD,
pIndirectData: *mut SIP_INDIRECT_DATA,
}}
pub type PMS_ADDINFO_FLAT = *mut MS_ADDINFO_FLAT;
STRUCT!{struct MS_ADDINFO_CATALOGMEMBER {
cbStruct: DWORD,
pStore: *mut CRYPTCATSTORE,
pMember: *mut CRYPTCATMEMBER,
}}
pub type PMS_ADDINFO_CATALOGMEMBER = *mut MS_ADDINFO_CATALOGMEMBER;
STRUCT!{struct MS_ADDINFO_BLOB {
cbStruct: DWORD,
cbMemObject: DWORD,
pbMemObject: *mut BYTE,
cbMemSignedMsg: DWORD,
pbMemSignedMsg: *mut BYTE,
}}
pub type PMS_ADDINFO_BLOB = *mut MS_ADDINFO_BLOB;
STRUCT!{struct SIP_CAP_SET_V2 {
cbSize: DWORD,
dwVersion: DWORD,
isMultiSign: BOOL,
dwReserved: DWORD,
}}
pub type PSIP_CAP_SET_V2 = *mut SIP_CAP_SET_V2;
UNION!{union SIP_CAP_SET_V3_u {
[u32; 1],
dwFlags dwFlags_mut: DWORD,
dwReserved dwReserved_mut: DWORD,
}}
STRUCT!{struct SIP_CAP_SET_V3 {
cbSize: DWORD,
dwVersion: DWORD,
isMultiSign: BOOL,
u: SIP_CAP_SET_V3_u,
}}
pub type PSIP_CAP_SET_V3 = *mut SIP_CAP_SET_V3;
pub type SIP_CAP_SET = SIP_CAP_SET_V3;
pub type PSIP_CAP_SET = PSIP_CAP_SET_V3;
pub const SIP_CAP_SET_VERSION_2: DWORD = 2;
pub const SIP_CAP_SET_VERSION_3: DWORD = 3;
pub const SIP_CAP_SET_CUR_VER: DWORD = 3;
pub const SIP_CAP_FLAG_SEALING: DWORD = 0x00000001;
STRUCT!{struct SIP_INDIRECT_DATA {
Data: CRYPT_ATTRIBUTE_TYPE_VALUE,
DigestAlgorithm: CRYPT_ALGORITHM_IDENTIFIER,
Digest: CRYPT_HASH_BLOB,
}}
pub type PSIP_INDIRECT_DATA = *mut SIP_INDIRECT_DATA;
extern "system" {
pub fn CryptSIPGetSignedDataMsg(
pSubjectInfo: *mut SIP_SUBJECTINFO,
pdwEncodingType: *mut DWORD,
dwIndex: DWORD,
pcbSignedDataMsg: *mut DWORD,
pbSignedDataMsg: *mut BYTE,
) -> BOOL;
}
FN!{stdcall pCryptSIPGetSignedDataMsg(
pSubjectInfo: *mut SIP_SUBJECTINFO,
pdwEncodingType: *mut DWORD,
dwIndex: DWORD,
pcbSignedDataMsg: *mut DWORD,
pbSignedDataMsg: *mut BYTE,
) -> BOOL}
extern "system" {
pub fn CryptSIPPutSignedDataMsg(
pSubjectInfo: *mut SIP_SUBJECTINFO,
dwEncodingType: DWORD,
pdwIndex: *mut DWORD,
cbSignedDataMsg: DWORD,
pbSignedDataMsg: *mut BYTE,
) -> BOOL;
}
FN!{stdcall pCryptSIPPutSignedDataMsg(
pSubjectInfo: *mut SIP_SUBJECTINFO,
dwEncodingType: DWORD,
pdwIndex: *mut DWORD,
cbSignedDataMsg: DWORD,
pbSignedDataMsg: *mut BYTE,
) -> BOOL}
extern "system" {
pub fn CryptSIPCreateIndirectData(
pSubjectInfo: *mut SIP_SUBJECTINFO,
pcbIndirectData: *mut DWORD,
pIndirectData: *mut SIP_INDIRECT_DATA,
) -> BOOL;
}
FN!{stdcall pCryptSIPCreateIndirectData(
pSubjectInfo: *mut SIP_SUBJECTINFO,
pcbIndirectData: *mut DWORD,
pIndirectData: *mut SIP_INDIRECT_DATA,
) -> BOOL}
extern "system" {
pub fn CryptSIPVerifyIndirectData(
pSubjectInfo: *mut SIP_SUBJECTINFO,
pIndirectData: *mut SIP_INDIRECT_DATA,
) -> BOOL;
}
FN!{stdcall pCryptSIPVerifyIndirectData(
pSubjectInfo: *mut SIP_SUBJECTINFO,
pIndirectData: *mut SIP_INDIRECT_DATA,
) -> BOOL}
extern "system" {
pub fn CryptSIPRemoveSignedDataMsg(
pSubjectInfo: *mut SIP_SUBJECTINFO,
dwIndex: DWORD,
) -> BOOL;
}
FN!{stdcall pCryptSIPRemoveSignedDataMsg(
pSubjectInfo: *mut SIP_SUBJECTINFO,
dwIndex: DWORD,
) -> BOOL}
STRUCT!{struct SIP_DISPATCH_INFO {
cbSize: DWORD,
hSIP: HANDLE,
pfGet: pCryptSIPGetSignedDataMsg,
pfPut: pCryptSIPPutSignedDataMsg,
pfCreate: pCryptSIPCreateIndirectData,
pfVerify: pCryptSIPVerifyIndirectData,
pfRemove: pCryptSIPRemoveSignedDataMsg,
}}
pub type LPSIP_DISPATCH_INFO = *mut SIP_DISPATCH_INFO;
FN!{stdcall pfnIsFileSupported(
hFile: HANDLE,
pgSubject: *mut GUID,
) -> BOOL}
FN!{stdcall pfnIsFileSupportedName(
pwszFileName: *mut WCHAR,
pgSubject: *mut GUID,
) -> BOOL}
STRUCT!{struct SIP_ADD_NEWPROVIDER {
cbStruct: DWORD,
pgSubject: *mut GUID,
pwszDLLFileName: *mut WCHAR,
pwszMagicNumber: *mut WCHAR,
pwszIsFunctionName: *mut WCHAR,
pwszGetFuncName: *mut WCHAR,
pwszPutFuncName: *mut WCHAR,
pwszCreateFuncName: *mut WCHAR,
pwszVerifyFuncName: *mut WCHAR,
pwszRemoveFuncName: *mut WCHAR,
pwszIsFunctionNameFmt2: *mut WCHAR,
pwszGetCapFuncName: PWSTR,
}}
pub type PSIP_ADD_NEWPROVIDER = *mut SIP_ADD_NEWPROVIDER;
pub const SIP_MAX_MAGIC_NUMBER: DWORD = 4;
extern "system" {
pub fn CryptSIPLoad(
pgSubject: *const GUID,
dwFlags: DWORD,
pSipDispatch: *mut SIP_DISPATCH_INFO,
) -> BOOL;
pub fn CryptSIPRetrieveSubjectGuid(
FileName: LPCWSTR,
hFileIn: HANDLE,
pgSubject: *mut GUID,
) -> BOOL;
pub fn CryptSIPRetrieveSubjectGuidForCatalogFile(
FileName: LPCWSTR,
hFileIn: HANDLE,
pgSubject: *mut GUID,
) -> BOOL;
pub fn CryptSIPAddProvider(
psNewProv: *mut SIP_ADD_NEWPROVIDER,
) -> BOOL;
pub fn CryptSIPRemoveProvider(
pgProv: *mut GUID,
) -> BOOL;
pub fn CryptSIPGetCaps(
pSubjInfo: *mut SIP_SUBJECTINFO,
pCaps: *mut SIP_CAP_SET,
) -> BOOL;
}
FN!{stdcall pCryptSIPGetCaps(
pSubjInfo: *mut SIP_SUBJECTINFO,
pCaps: *mut SIP_CAP_SET,
) -> BOOL}
extern "system" {
pub fn CryptSIPGetSealedDigest(
pSubjectInfo: *mut SIP_SUBJECTINFO,
pSig: *const BYTE,
dwSig: DWORD,
pbDigest: *mut BYTE,
pcbDigest: *mut DWORD,
) -> BOOL;
}
FN!{stdcall pCryptSIPGetSealedDigest(
pSubjectInfo: *mut SIP_SUBJECTINFO,
pSig: *const BYTE,
dwSig: DWORD,
pbDigest: *mut BYTE,
pcbDigest: *mut DWORD,
) -> BOOL}
|