1800 lines
64 KiB
C
1800 lines
64 KiB
C
|
//==============================================================;
|
||
|
//
|
||
|
// CARDMOD.H
|
||
|
//
|
||
|
// Abstract:
|
||
|
// This is the header file commonly used for card modules.
|
||
|
//
|
||
|
// This source code is only intended as a supplement to existing Microsoft
|
||
|
// documentation.
|
||
|
//
|
||
|
// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
|
||
|
// KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
|
||
|
// IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
|
||
|
// PURPOSE.
|
||
|
//
|
||
|
// Copyright (C) Microsoft Corporation. All Rights Reserved.
|
||
|
//
|
||
|
//==============================================================;
|
||
|
#ifndef __CARDMOD__H__
|
||
|
#define __CARDMOD__H__
|
||
|
|
||
|
#include <windows.h>
|
||
|
#include <wincrypt.h>
|
||
|
#pragma warning(push)
|
||
|
#pragma warning(disable:4201)
|
||
|
// Disable error C4201 in public header
|
||
|
// nonstandard extension used : nameless struct/union
|
||
|
#include <winscard.h>
|
||
|
#pragma warning(pop)
|
||
|
#include <specstrings.h>
|
||
|
#include <bcrypt.h>
|
||
|
|
||
|
// This value should be passed to
|
||
|
//
|
||
|
// SCardSetCardTypeProviderName
|
||
|
// SCardGetCardTypeProviderName
|
||
|
//
|
||
|
// in order to query and set the Card Specific Module to be used
|
||
|
// for a given card.
|
||
|
#define SCARD_PROVIDER_CARD_MODULE 0x80000001
|
||
|
|
||
|
typedef struct _CARD_DATA CARD_DATA, *PCARD_DATA;
|
||
|
|
||
|
typedef ULONG_PTR CARD_KEY_HANDLE, *PCARD_KEY_HANDLE;
|
||
|
|
||
|
//
|
||
|
// This define can be used as a return value for queries involving
|
||
|
// card data that may be impossible to determine on a given card
|
||
|
// OS, such as the number of available card storage bytes.
|
||
|
//
|
||
|
#define CARD_DATA_VALUE_UNKNOWN ((DWORD) -1)
|
||
|
|
||
|
//
|
||
|
// Well Known Logical Names
|
||
|
//
|
||
|
|
||
|
//
|
||
|
// Logical Directory Names
|
||
|
//
|
||
|
|
||
|
// Second-level logical directories
|
||
|
|
||
|
#define szBASE_CSP_DIR "mscp"
|
||
|
|
||
|
#define szINTERMEDIATE_CERTS_DIR "mscerts"
|
||
|
|
||
|
//
|
||
|
// Logical File Names
|
||
|
//
|
||
|
// When requesting (or otherwise referring to) any logical file, the full path
|
||
|
// must be used, including when referring to well known files. For example,
|
||
|
// to request the wszCONTAINER_MAP_FILE, the provided name will be
|
||
|
// "/mscp/cmapfile".
|
||
|
//
|
||
|
|
||
|
// Well known logical files under Microsoft
|
||
|
#define szCACHE_FILE "cardcf"
|
||
|
|
||
|
#define szCARD_IDENTIFIER_FILE "cardid"
|
||
|
|
||
|
// Well known logical files under CSP
|
||
|
#define szCONTAINER_MAP_FILE "cmapfile"
|
||
|
#define szROOT_STORE_FILE "msroots"
|
||
|
|
||
|
//
|
||
|
// Well known logical files under User Certs
|
||
|
//
|
||
|
// The following prefixes are appended with the container index of the
|
||
|
// associated key. For example, the certificate associated with the
|
||
|
// Key Exchange key in container index 2 will have the name:
|
||
|
// "/mscp/kxc2"
|
||
|
//
|
||
|
#define szUSER_SIGNATURE_CERT_PREFIX "ksc"
|
||
|
#define szUSER_KEYEXCHANGE_CERT_PREFIX "kxc"
|
||
|
#define szUSER_SIGNATURE_PRIVATE_KEY_PREFIX "kss"
|
||
|
#define szUSER_SIGNATURE_PUBLIC_KEY_PREFIX "ksp"
|
||
|
#define szUSER_KEYEXCHANGE_PRIVATE_KEY_PREFIX "kxs"
|
||
|
#define szUSER_KEYEXCHANGE_PUBLIC_KEY_PREFIX "kxp"
|
||
|
|
||
|
//
|
||
|
// Logical Card User Names
|
||
|
//
|
||
|
#define wszCARD_USER_EVERYONE L"anonymous"
|
||
|
#define wszCARD_USER_USER L"user"
|
||
|
#define wszCARD_USER_ADMIN L"admin"
|
||
|
|
||
|
// new ecc key specs
|
||
|
|
||
|
#define AT_ECDSA_P256 3
|
||
|
#define AT_ECDSA_P384 4
|
||
|
#define AT_ECDSA_P521 5
|
||
|
#define AT_ECDHE_P256 6
|
||
|
#define AT_ECDHE_P384 7
|
||
|
#define AT_ECDHE_P521 8
|
||
|
|
||
|
//
|
||
|
// Type: CARD_CACHE_FILE_FORMAT
|
||
|
//
|
||
|
// This struct is used as the file format of the cache file,
|
||
|
// as stored on the card.
|
||
|
//
|
||
|
|
||
|
#define CARD_CACHE_FILE_CURRENT_VERSION 1
|
||
|
|
||
|
typedef struct _CARD_CACHE_FILE_FORMAT
|
||
|
{
|
||
|
BYTE bVersion;
|
||
|
BYTE bPinsFreshness;
|
||
|
|
||
|
WORD wContainersFreshness;
|
||
|
WORD wFilesFreshness;
|
||
|
} CARD_CACHE_FILE_FORMAT, *PCARD_CACHE_FILE_FORMAT;
|
||
|
|
||
|
//
|
||
|
// Type: CONTAINER_MAP_RECORD
|
||
|
//
|
||
|
// This structure describes the format of the Base CSP's container map file,
|
||
|
// stored on the card. This is well-known logical file wszCONTAINER_MAP_FILE.
|
||
|
// The file consists of zero or more of these records.
|
||
|
//
|
||
|
#define MAX_CONTAINER_NAME_LEN 39
|
||
|
|
||
|
// This flag is set in the CONTAINER_MAP_RECORD bFlags member if the
|
||
|
// corresponding container is valid and currently exists on the card.
|
||
|
// If the container is deleted, its bFlags field must be cleared.
|
||
|
#define CONTAINER_MAP_VALID_CONTAINER 1
|
||
|
|
||
|
// This flag is set in the CONTAINER_MAP_RECORD bFlags
|
||
|
// member if the corresponding container is the default container on the card.
|
||
|
#define CONTAINER_MAP_DEFAULT_CONTAINER 2
|
||
|
|
||
|
typedef struct _CONTAINER_MAP_RECORD
|
||
|
{
|
||
|
WCHAR wszGuid [MAX_CONTAINER_NAME_LEN + 1];
|
||
|
BYTE bFlags;
|
||
|
BYTE bReserved;
|
||
|
WORD wSigKeySizeBits;
|
||
|
WORD wKeyExchangeKeySizeBits;
|
||
|
} CONTAINER_MAP_RECORD, *PCONTAINER_MAP_RECORD;
|
||
|
|
||
|
//
|
||
|
// Converts a card filename string from unicode to ansi
|
||
|
//
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
I_CardConvertFileNameToAnsi(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPWSTR wszUnicodeName,
|
||
|
__out LPSTR *ppszAnsiName);
|
||
|
|
||
|
// Logical Directory Access Conditions
|
||
|
typedef enum
|
||
|
{
|
||
|
InvalidDirAc = 0,
|
||
|
|
||
|
// User Read, Write
|
||
|
UserCreateDeleteDirAc,
|
||
|
|
||
|
// Admin Write
|
||
|
AdminCreateDeleteDirAc
|
||
|
|
||
|
} CARD_DIRECTORY_ACCESS_CONDITION;
|
||
|
|
||
|
// Logical File Access Conditions
|
||
|
typedef enum
|
||
|
{
|
||
|
// Invalid value, chosed to cooincide with common initialization
|
||
|
// of memory
|
||
|
InvalidAc = 0,
|
||
|
|
||
|
// Everyone Read
|
||
|
// User Read, Write
|
||
|
//
|
||
|
// Example: A user certificate file.
|
||
|
EveryoneReadUserWriteAc,
|
||
|
|
||
|
// Everyone None
|
||
|
// User Write, Execute
|
||
|
//
|
||
|
// Example: A private key file.
|
||
|
UserWriteExecuteAc,
|
||
|
|
||
|
// Everyone Read
|
||
|
// Admin Read, Write
|
||
|
//
|
||
|
// Example: The Card Identifier file.
|
||
|
EveryoneReadAdminWriteAc,
|
||
|
|
||
|
// Explicit value to set when it is desired to say that
|
||
|
// it is unknown
|
||
|
UnknownAc,
|
||
|
|
||
|
// Everyone No Access
|
||
|
// User Read Write
|
||
|
//
|
||
|
// Example: A password wallet file.
|
||
|
|
||
|
UserReadWriteAc,
|
||
|
// Everyone/User No Access
|
||
|
// Admin Read Write
|
||
|
//
|
||
|
// Example: Administration data.
|
||
|
|
||
|
AdminReadWriteAc
|
||
|
} CARD_FILE_ACCESS_CONDITION;
|
||
|
|
||
|
//
|
||
|
// Function: CardAcquireContext
|
||
|
//
|
||
|
// Purpose: Initialize the CARD_DATA structure which will be used by
|
||
|
// the CSP to interact with a specific card.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_ACQUIRE_CONTEXT)(
|
||
|
__inout PCARD_DATA pCardData,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardAcquireContext(
|
||
|
__inout PCARD_DATA pCardData,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
//
|
||
|
// Function: CardDeleteContext
|
||
|
//
|
||
|
// Purpose: Free resources consumed by the CARD_DATA structure.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_DELETE_CONTEXT)(
|
||
|
__inout PCARD_DATA pCardData);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardDeleteContext(
|
||
|
__inout PCARD_DATA pCardData);
|
||
|
|
||
|
//
|
||
|
// Function: CardQueryCapabilities
|
||
|
//
|
||
|
// Purpose: Query the card module for specific functionality
|
||
|
// provided by this card.
|
||
|
//
|
||
|
#define CARD_CAPABILITIES_CURRENT_VERSION 1
|
||
|
|
||
|
typedef struct _CARD_CAPABILITIES
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
BOOL fCertificateCompression;
|
||
|
BOOL fKeyGen;
|
||
|
} CARD_CAPABILITIES, *PCARD_CAPABILITIES;
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_QUERY_CAPABILITIES)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__inout PCARD_CAPABILITIES pCardCapabilities);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardQueryCapabilities(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__inout PCARD_CAPABILITIES pCardCapabilities);
|
||
|
|
||
|
// ****************
|
||
|
// PIN SUPPORT
|
||
|
// ****************
|
||
|
|
||
|
//
|
||
|
// There are 8 PINs currently defined in version 6. PIN values 0, 1 and 2 are
|
||
|
// reserved for backwards compatibility, whereas PIN values 3-7 can be used
|
||
|
// as additional PINs to protect key containers.
|
||
|
//
|
||
|
|
||
|
typedef DWORD PIN_ID, *PPIN_ID;
|
||
|
typedef DWORD PIN_SET, *PPIN_SET;
|
||
|
|
||
|
#define MAX_PINS 8
|
||
|
|
||
|
#define ROLE_EVERYONE 0
|
||
|
#define ROLE_USER 1
|
||
|
#define ROLE_ADMIN 2
|
||
|
|
||
|
#define PIN_SET_NONE 0x00
|
||
|
#define PIN_SET_ALL_ROLES 0xFF
|
||
|
#define CREATE_PIN_SET(PinId) (1 << PinId)
|
||
|
#define SET_PIN(PinSet, PinId) PinSet |= CREATE_PIN_SET(PinId)
|
||
|
#define IS_PIN_SET(PinSet, PinId) (0 != (PinSet & CREATE_PIN_SET(PinId)))
|
||
|
#define CLEAR_PIN(PinSet, PinId) PinSet &= ~CREATE_PIN_SET(PinId)
|
||
|
|
||
|
#define PIN_CHANGE_FLAG_UNBLOCK 0x01
|
||
|
#define PIN_CHANGE_FLAG_CHANGEPIN 0x02
|
||
|
|
||
|
#define CP_CACHE_MODE_GLOBAL_CACHE 1
|
||
|
#define CP_CACHE_MODE_SESSION_ONLY 2
|
||
|
#define CP_CACHE_MODE_NO_CACHE 3
|
||
|
|
||
|
#define CARD_AUTHENTICATE_GENERATE_SESSION_PIN 0x10000000
|
||
|
#define CARD_AUTHENTICATE_SESSION_PIN 0x20000000
|
||
|
|
||
|
#define CARD_PIN_STRENGTH_PLAINTEXT 0x1
|
||
|
#define CARD_PIN_STRENGTH_SESSION_PIN 0x2
|
||
|
|
||
|
#define CARD_PIN_SILENT_CONTEXT 0x00000040
|
||
|
|
||
|
typedef enum
|
||
|
{
|
||
|
AlphaNumericPinType = 0, // Regular PIN
|
||
|
ExternalPinType, // Biometric PIN
|
||
|
ChallengeResponsePinType, // Challenge/Response PIN
|
||
|
EmptyPinType // No PIN
|
||
|
} SECRET_TYPE;
|
||
|
|
||
|
typedef enum
|
||
|
{
|
||
|
AuthenticationPin, // Authentication PIN
|
||
|
DigitalSignaturePin, // Digital Signature PIN
|
||
|
EncryptionPin, // Encryption PIN
|
||
|
NonRepudiationPin, // Non Repudiation PIN
|
||
|
AdministratorPin, // Administrator PIN
|
||
|
PrimaryCardPin, // Primary Card PIN
|
||
|
UnblockOnlyPin, // Unblock only PIN (PUK)
|
||
|
} SECRET_PURPOSE;
|
||
|
|
||
|
typedef enum
|
||
|
{
|
||
|
PinCacheNormal = 0,
|
||
|
PinCacheTimed,
|
||
|
PinCacheNone,
|
||
|
PinCacheAlwaysPrompt
|
||
|
} PIN_CACHE_POLICY_TYPE;
|
||
|
|
||
|
#define PIN_CACHE_POLICY_CURRENT_VERSION 6
|
||
|
|
||
|
typedef struct _PIN_CACHE_POLICY
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
PIN_CACHE_POLICY_TYPE PinCachePolicyType;
|
||
|
DWORD dwPinCachePolicyInfo;
|
||
|
} PIN_CACHE_POLICY, *PPIN_CACHE_POLICY;
|
||
|
|
||
|
#define PIN_INFO_CURRENT_VERSION 6
|
||
|
|
||
|
#define PIN_INFO_REQUIRE_SECURE_ENTRY 1
|
||
|
|
||
|
typedef struct _PIN_INFO
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
SECRET_TYPE PinType;
|
||
|
SECRET_PURPOSE PinPurpose;
|
||
|
PIN_SET dwChangePermission;
|
||
|
PIN_SET dwUnblockPermission;
|
||
|
PIN_CACHE_POLICY PinCachePolicy;
|
||
|
DWORD dwFlags;
|
||
|
} PIN_INFO, *PPIN_INFO;
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_GET_CHALLENGE_EX)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in PIN_ID PinId,
|
||
|
__out_bcount(*pcbChallengeData) PBYTE *ppbChallengeData,
|
||
|
__out PDWORD pcbChallengeData,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardGetChallengeEx(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in PIN_ID PinId,
|
||
|
__deref_out_bcount(*pcbChallengeData) PBYTE *ppbChallengeData,
|
||
|
__out PDWORD pcbChallengeData,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_AUTHENTICATE_EX)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in PIN_ID PinId,
|
||
|
__in DWORD dwFlags,
|
||
|
__in_bcount(cbPinData) PBYTE pbPinData,
|
||
|
__in DWORD cbPinData,
|
||
|
__deref_opt_out_bcount(*pcbSessionPin) PBYTE *ppbSessionPin,
|
||
|
__out_opt PDWORD pcbSessionPin,
|
||
|
__out_opt PDWORD pcAttemptsRemaining);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardAuthenticateEx(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in PIN_ID PinId,
|
||
|
__in DWORD dwFlags,
|
||
|
__in_bcount(cbPinData) PBYTE pbPinData,
|
||
|
__in DWORD cbPinData,
|
||
|
__deref_opt_out_bcount(*pcbSessionPin) PBYTE *ppbSessionPin,
|
||
|
__out_opt PDWORD pcbSessionPin,
|
||
|
__out_opt PDWORD pcAttemptsRemaining);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_CHANGE_AUTHENTICATOR_EX)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in DWORD dwFlags,
|
||
|
__in PIN_ID dwAuthenticatingPinId,
|
||
|
__in_bcount(cbAuthenticatingPinData) PBYTE pbAuthenticatingPinData,
|
||
|
__in DWORD cbAuthenticatingPinData,
|
||
|
__in PIN_ID dwTargetPinId,
|
||
|
__in_bcount(cbTargetData) PBYTE pbTargetData,
|
||
|
__in DWORD cbTargetData,
|
||
|
__in DWORD cRetryCount,
|
||
|
__out_opt PDWORD pcAttemptsRemaining);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardChangeAuthenticatorEx(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in DWORD dwFlags,
|
||
|
__in PIN_ID dwAuthenticatingPinId,
|
||
|
__in_bcount(cbAuthenticatingPinData) PBYTE pbAuthenticatingPinData,
|
||
|
__in DWORD cbAuthenticatingPinData,
|
||
|
__in PIN_ID dwTargetPinId,
|
||
|
__in_bcount(cbTargetData) PBYTE pbTargetData,
|
||
|
__in DWORD cbTargetData,
|
||
|
__in DWORD cRetryCount,
|
||
|
__out_opt PDWORD pcAttemptsRemaining);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_DEAUTHENTICATE_EX)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in PIN_SET PinId,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardDeauthenticateEx(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in PIN_SET PinId,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
//
|
||
|
// Function: CardDeleteContainer
|
||
|
//
|
||
|
// Purpose: Delete the specified key container.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_DELETE_CONTAINER)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in DWORD dwReserved);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardDeleteContainer(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in DWORD dwReserved);
|
||
|
|
||
|
//
|
||
|
// Function: CardCreateContainer
|
||
|
//
|
||
|
|
||
|
#define CARD_CREATE_CONTAINER_KEY_GEN 1
|
||
|
#define CARD_CREATE_CONTAINER_KEY_IMPORT 2
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_CREATE_CONTAINER)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in DWORD dwFlags,
|
||
|
__in DWORD dwKeySpec,
|
||
|
__in DWORD dwKeySize,
|
||
|
__in PBYTE pbKeyData);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardCreateContainer(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in DWORD dwFlags,
|
||
|
__in DWORD dwKeySpec,
|
||
|
__in DWORD dwKeySize,
|
||
|
__in PBYTE pbKeyData);
|
||
|
|
||
|
//
|
||
|
// Function: CardCreateContainerEx
|
||
|
//
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_CREATE_CONTAINER_EX)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in DWORD dwFlags,
|
||
|
__in DWORD dwKeySpec,
|
||
|
__in DWORD dwKeySize,
|
||
|
__in PBYTE pbKeyData,
|
||
|
__in PIN_ID PinId);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardCreateContainerEx(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in DWORD dwFlags,
|
||
|
__in DWORD dwKeySpec,
|
||
|
__in DWORD dwKeySize,
|
||
|
__in PBYTE pbKeyData,
|
||
|
__in PIN_ID PinId);
|
||
|
|
||
|
//
|
||
|
// Function: CardGetContainerInfo
|
||
|
//
|
||
|
// Purpose: Query for all public information available about
|
||
|
// the named key container. This includes the Signature
|
||
|
// and Key Exchange type public keys, if they exist.
|
||
|
//
|
||
|
// The pbSigPublicKey and pbKeyExPublicKey buffers contain the
|
||
|
// Signature and Key Exchange public keys, respectively, if they
|
||
|
// exist. The format of these buffers is a Crypto
|
||
|
// API PUBLICKEYBLOB -
|
||
|
//
|
||
|
// BLOBHEADER
|
||
|
// RSAPUBKEY
|
||
|
// modulus
|
||
|
//
|
||
|
// In the case of ECC public keys, the pbSigPublicKey will contain
|
||
|
// the ECDSA key and pbKeyExPublicKey will contain the ECDH key if
|
||
|
// they exist. ECC key structure -
|
||
|
//
|
||
|
// BCRYPT_ECCKEY_BLOB
|
||
|
// X coord (big endian)
|
||
|
// Y coord (big endian)
|
||
|
//
|
||
|
#define CONTAINER_INFO_CURRENT_VERSION 1
|
||
|
|
||
|
typedef struct _CONTAINER_INFO
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
DWORD dwReserved;
|
||
|
|
||
|
DWORD cbSigPublicKey;
|
||
|
PBYTE pbSigPublicKey;
|
||
|
|
||
|
DWORD cbKeyExPublicKey;
|
||
|
PBYTE pbKeyExPublicKey;
|
||
|
} CONTAINER_INFO, *PCONTAINER_INFO;
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_GET_CONTAINER_INFO)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in DWORD dwFlags,
|
||
|
__inout PCONTAINER_INFO pContainerInfo);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardGetContainerInfo(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in DWORD dwFlags,
|
||
|
__inout PCONTAINER_INFO pContainerInfo);
|
||
|
|
||
|
//
|
||
|
// Function: CardAuthenticatePin
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_AUTHENTICATE_PIN)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPWSTR pwszUserId,
|
||
|
__in_bcount(cbPin) PBYTE pbPin,
|
||
|
__in DWORD cbPin,
|
||
|
__out_opt PDWORD pcAttemptsRemaining);
|
||
|
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardAuthenticatePin(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPWSTR pwszUserId,
|
||
|
__in_bcount(cbPin) PBYTE pbPin,
|
||
|
__in DWORD cbPin,
|
||
|
__out_opt PDWORD pcAttemptsRemaining);
|
||
|
|
||
|
//
|
||
|
// Function: CardGetChallenge
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_GET_CHALLENGE)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__deref_out_bcount(*pcbChallengeData) PBYTE *ppbChallengeData,
|
||
|
__out PDWORD pcbChallengeData);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardGetChallenge(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__deref_out_bcount(*pcbChallengeData) PBYTE *ppbChallengeData,
|
||
|
__out PDWORD pcbChallengeData);
|
||
|
|
||
|
//
|
||
|
// Function: CardAuthenticateChallenge
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_AUTHENTICATE_CHALLENGE)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_bcount(cbResponseData) PBYTE pbResponseData,
|
||
|
__in DWORD cbResponseData,
|
||
|
__out_opt PDWORD pcAttemptsRemaining);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardAuthenticateChallenge(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_bcount(cbResponseData) PBYTE pbResponseData,
|
||
|
__in DWORD cbResponseData,
|
||
|
__out_opt PDWORD pcAttemptsRemaining);
|
||
|
|
||
|
//
|
||
|
// Function: CardUnblockPin
|
||
|
//
|
||
|
#define CARD_AUTHENTICATE_PIN_CHALLENGE_RESPONSE 1
|
||
|
#define CARD_AUTHENTICATE_PIN_PIN 2
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_UNBLOCK_PIN)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPWSTR pwszUserId,
|
||
|
__in_bcount(cbAuthenticationData) PBYTE pbAuthenticationData,
|
||
|
__in DWORD cbAuthenticationData,
|
||
|
__in_bcount(cbNewPinData) PBYTE pbNewPinData,
|
||
|
__in DWORD cbNewPinData,
|
||
|
__in DWORD cRetryCount,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardUnblockPin(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPWSTR pwszUserId,
|
||
|
__in_bcount(cbAuthenticationData) PBYTE pbAuthenticationData,
|
||
|
__in DWORD cbAuthenticationData,
|
||
|
__in_bcount(cbNewPinData) PBYTE pbNewPinData,
|
||
|
__in DWORD cbNewPinData,
|
||
|
__in DWORD cRetryCount,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
//
|
||
|
// Function: CardChangeAuthenticator
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_CHANGE_AUTHENTICATOR)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPWSTR pwszUserId,
|
||
|
__in_bcount(cbCurrentAuthenticator) PBYTE pbCurrentAuthenticator,
|
||
|
__in DWORD cbCurrentAuthenticator,
|
||
|
__in_bcount(cbNewAuthenticator) PBYTE pbNewAuthenticator,
|
||
|
__in DWORD cbNewAuthenticator,
|
||
|
__in DWORD cRetryCount,
|
||
|
__in DWORD dwFlags,
|
||
|
__out_opt PDWORD pcAttemptsRemaining);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardChangeAuthenticator(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPWSTR pwszUserId,
|
||
|
__in_bcount(cbCurrentAuthenticator) PBYTE pbCurrentAuthenticator,
|
||
|
__in DWORD cbCurrentAuthenticator,
|
||
|
__in_bcount(cbNewAuthenticator) PBYTE pbNewAuthenticator,
|
||
|
__in DWORD cbNewAuthenticator,
|
||
|
__in DWORD cRetryCount,
|
||
|
__in DWORD dwFlags,
|
||
|
__out_opt PDWORD pcAttemptsRemaining);
|
||
|
|
||
|
//
|
||
|
// Function: CardDeauthenticate
|
||
|
//
|
||
|
// Purpose: De-authenticate the specified logical user name on the card.
|
||
|
//
|
||
|
// This is an optional API. If implemented, this API is used instead
|
||
|
// of SCARD_RESET_CARD by the Base CSP. An example scenario is leaving
|
||
|
// a transaction in which the card has been authenticated (a Pin has been
|
||
|
// successfully presented).
|
||
|
//
|
||
|
// The pwszUserId parameter will point to a valid well-known User Name (see
|
||
|
// above).
|
||
|
//
|
||
|
// The dwFlags parameter is currently unused and will always be zero.
|
||
|
//
|
||
|
// Card modules that choose to not implement this API must set the CARD_DATA
|
||
|
// pfnCardDeauthenticate pointer to NULL.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_DEAUTHENTICATE)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPWSTR pwszUserId,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardDeauthenticate(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPWSTR pwszUserId,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
// Directory Control Group
|
||
|
|
||
|
//
|
||
|
// Function: CardCreateDirectory
|
||
|
//
|
||
|
// Purpose: Register the specified application name on the card, and apply the
|
||
|
// provided access condition.
|
||
|
//
|
||
|
// Return Value:
|
||
|
// ERROR_FILE_EXISTS - directory already exists
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_CREATE_DIRECTORY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPSTR pszDirectoryName,
|
||
|
__in CARD_DIRECTORY_ACCESS_CONDITION AccessCondition);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardCreateDirectory(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPSTR pszDirectoryName,
|
||
|
__in CARD_DIRECTORY_ACCESS_CONDITION AccessCondition);
|
||
|
|
||
|
//
|
||
|
// Function: CardDeleteDirectory
|
||
|
//
|
||
|
// Purpose: Unregister the specified application from the card.
|
||
|
//
|
||
|
// Return Value:
|
||
|
// SCARD_E_DIR_NOT_FOUND - directory does not exist
|
||
|
// ERROR_DIR_NOT_EMPTY - the directory is not empty
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_DELETE_DIRECTORY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPSTR pszDirectoryName);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardDeleteDirectory(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPSTR pszDirectoryName);
|
||
|
|
||
|
// File Control Group
|
||
|
|
||
|
//
|
||
|
// Function: CardCreateFile
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_CREATE_FILE)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__in LPSTR pszFileName,
|
||
|
__in DWORD cbInitialCreationSize,
|
||
|
__in CARD_FILE_ACCESS_CONDITION AccessCondition);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardCreateFile(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__in LPSTR pszFileName,
|
||
|
__in DWORD cbInitialCreationSize,
|
||
|
__in CARD_FILE_ACCESS_CONDITION AccessCondition);
|
||
|
|
||
|
//
|
||
|
// Function: CardReadFile
|
||
|
//
|
||
|
// Purpose: Read the specified file from the card.
|
||
|
//
|
||
|
// The pbData parameter should be allocated
|
||
|
// by the card module and freed by the CSP. The card module
|
||
|
// must set the cbData parameter to the size of the returned buffer.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_READ_FILE)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__in LPSTR pszFileName,
|
||
|
__in DWORD dwFlags,
|
||
|
__deref_out_bcount_opt(*pcbData) PBYTE *ppbData,
|
||
|
__out PDWORD pcbData);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardReadFile(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__in LPSTR pszFileName,
|
||
|
__in DWORD dwFlags,
|
||
|
__deref_out_bcount_opt(*pcbData) PBYTE *ppbData,
|
||
|
__out PDWORD pcbData);
|
||
|
|
||
|
//
|
||
|
// Function: CardWriteFile
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_WRITE_FILE)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__in LPSTR pszFileName,
|
||
|
__in DWORD dwFlags,
|
||
|
__in_bcount(cbData) PBYTE pbData,
|
||
|
__in DWORD cbData);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardWriteFile(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__in LPSTR pszFileName,
|
||
|
__in DWORD dwFlags,
|
||
|
__in_bcount(cbData) PBYTE pbData,
|
||
|
__in DWORD cbData);
|
||
|
|
||
|
//
|
||
|
// Function: CardDeleteFile
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_DELETE_FILE)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__in LPSTR pszFileName,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardDeleteFile(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__in LPSTR pszFileName,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
//
|
||
|
// Function: CardEnumFiles
|
||
|
//
|
||
|
// Purpose: Return a multi-string list of the general files
|
||
|
// present on this card. The multi-string is allocated
|
||
|
// by the card module and must be freed by the CSP.
|
||
|
//
|
||
|
// The caller must provide a logical file directory name in the
|
||
|
// pmwszFileNames parameter (see Logical Directory Names, above).
|
||
|
// The logical directory name indicates which group of files will be
|
||
|
// enumerated.
|
||
|
//
|
||
|
// The logical directory name is expected to be a static string, so the
|
||
|
// the card module will not free it. The card module
|
||
|
// will allocate a new buffer in *pmwszFileNames to store the multi-string
|
||
|
// list of enumerated files using pCardData->pfnCspAlloc.
|
||
|
//
|
||
|
// If the function fails for any reason, *pmwszFileNames is set to NULL.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CARD_ENUM_FILES)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__deref_out_ecount(*pdwcbFileName) LPSTR *pmszFileNames,
|
||
|
__out LPDWORD pdwcbFileName,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardEnumFiles(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__deref_out_ecount(*pdwcbFileName) LPSTR *pmszFileNames,
|
||
|
__out LPDWORD pdwcbFileName,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
//
|
||
|
// Function: CardGetFileInfo
|
||
|
//
|
||
|
#define CARD_FILE_INFO_CURRENT_VERSION 1
|
||
|
|
||
|
typedef struct _CARD_FILE_INFO
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
DWORD cbFileSize;
|
||
|
CARD_FILE_ACCESS_CONDITION AccessCondition;
|
||
|
} CARD_FILE_INFO, *PCARD_FILE_INFO;
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_GET_FILE_INFO)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__in LPSTR pszFileName,
|
||
|
__inout PCARD_FILE_INFO pCardFileInfo);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardGetFileInfo(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_opt LPSTR pszDirectoryName,
|
||
|
__in LPSTR pszFileName,
|
||
|
__inout PCARD_FILE_INFO pCardFileInfo);
|
||
|
|
||
|
//
|
||
|
// Function: CardQueryFreeSpace
|
||
|
//
|
||
|
#define CARD_FREE_SPACE_INFO_CURRENT_VERSION 1
|
||
|
|
||
|
typedef struct _CARD_FREE_SPACE_INFO
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
DWORD dwBytesAvailable;
|
||
|
DWORD dwKeyContainersAvailable;
|
||
|
DWORD dwMaxKeyContainers;
|
||
|
|
||
|
} CARD_FREE_SPACE_INFO, *PCARD_FREE_SPACE_INFO;
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_QUERY_FREE_SPACE)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in DWORD dwFlags,
|
||
|
__inout PCARD_FREE_SPACE_INFO pCardFreeSpaceInfo);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardQueryFreeSpace(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in DWORD dwFlags,
|
||
|
__inout PCARD_FREE_SPACE_INFO pCardFreeSpaceInfo);
|
||
|
|
||
|
//
|
||
|
// Function: CardQueryKeySizes
|
||
|
//
|
||
|
#define CARD_KEY_SIZES_CURRENT_VERSION 1
|
||
|
|
||
|
typedef struct _CARD_KEY_SIZES
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
DWORD dwMinimumBitlen;
|
||
|
DWORD dwDefaultBitlen;
|
||
|
DWORD dwMaximumBitlen;
|
||
|
DWORD dwIncrementalBitlen;
|
||
|
|
||
|
} CARD_KEY_SIZES, *PCARD_KEY_SIZES;
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_QUERY_KEY_SIZES)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in DWORD dwKeySpec,
|
||
|
__in DWORD dwFlags,
|
||
|
__inout PCARD_KEY_SIZES pKeySizes);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardQueryKeySizes(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in DWORD dwKeySpec,
|
||
|
__in DWORD dwFlags,
|
||
|
__inout PCARD_KEY_SIZES pKeySizes);
|
||
|
|
||
|
// CARD_RSA_DECRYPT_INFO_VERSION_ONE is provided for pre-v7 certified
|
||
|
// mini-drivers that do not have logic for on-card padding removal.
|
||
|
#define CARD_RSA_KEY_DECRYPT_INFO_VERSION_ONE 1
|
||
|
|
||
|
#define CARD_RSA_KEY_DECRYPT_INFO_VERSION_TWO 2
|
||
|
|
||
|
//
|
||
|
// Function: CardRSADecrypt
|
||
|
//
|
||
|
// Purpose: Perform a private key decryption on the supplied data. The
|
||
|
// card module should assume that pbData is the length of the
|
||
|
// key modulus.
|
||
|
//
|
||
|
#define CARD_RSA_KEY_DECRYPT_INFO_CURRENT_VERSION CARD_RSA_KEY_DECRYPT_INFO_VERSION_TWO
|
||
|
|
||
|
typedef struct _CARD_RSA_DECRYPT_INFO
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
BYTE bContainerIndex;
|
||
|
|
||
|
// For RSA operations, this should be AT_SIGNATURE or AT_KEYEXCHANGE.
|
||
|
DWORD dwKeySpec;
|
||
|
|
||
|
// This is the buffer and length that the caller expects to be decrypted.
|
||
|
// For RSA operations, cbData is redundant since the length of the buffer
|
||
|
// should always be equal to the length of the key modulus.
|
||
|
PBYTE pbData;
|
||
|
DWORD cbData;
|
||
|
|
||
|
// The following parameters are new in version 2 of the
|
||
|
// CARD_RSA_DECRYPT_INFO structure.
|
||
|
// Currently supported values for dwPaddingType are
|
||
|
// CARD_PADDING_PKCS1, CARD_PADDING_OAEP, and CARD_PADDING_NONE.
|
||
|
// If dwPaddingType is set to CARD_PADDING_OAEP, then pPaddingInfo
|
||
|
// will point to a BCRYPT_OAEP_PADDING_INFO structure.
|
||
|
LPVOID pPaddingInfo;
|
||
|
DWORD dwPaddingType;
|
||
|
} CARD_RSA_DECRYPT_INFO, *PCARD_RSA_DECRYPT_INFO;
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_RSA_DECRYPT)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__inout PCARD_RSA_DECRYPT_INFO pInfo);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardRSADecrypt(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__inout PCARD_RSA_DECRYPT_INFO pInfo);
|
||
|
|
||
|
#define CARD_PADDING_INFO_PRESENT 0x40000000
|
||
|
#define CARD_BUFFER_SIZE_ONLY 0x20000000
|
||
|
#define CARD_PADDING_NONE 0x00000001
|
||
|
#define CARD_PADDING_PKCS1 0x00000002
|
||
|
#define CARD_PADDING_PSS 0x00000004
|
||
|
#define CARD_PADDING_OAEP 0x00000008
|
||
|
|
||
|
// CARD_SIGNING_INFO_BASIC_VERSION is provided for thos applications
|
||
|
// do not intend to support passing in the pPaddingInfo structure
|
||
|
#define CARD_SIGNING_INFO_BASIC_VERSION 1
|
||
|
|
||
|
//
|
||
|
// Function: CardSignData
|
||
|
//
|
||
|
// Purpose: Sign inupt data using a specified key
|
||
|
//
|
||
|
#define CARD_SIGNING_INFO_CURRENT_VERSION 2
|
||
|
typedef struct _CARD_SIGNING_INFO
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
|
||
|
BYTE bContainerIndex;
|
||
|
|
||
|
// See dwKeySpec constants
|
||
|
DWORD dwKeySpec;
|
||
|
|
||
|
// If CARD_BUFFER_SIZE_ONLY flag is present then the card
|
||
|
// module should return only the size of the resulting
|
||
|
// key in cbSignedData
|
||
|
DWORD dwSigningFlags;
|
||
|
|
||
|
// If the aiHashAlg is non zero, then it specifies the algorithm
|
||
|
// to use when padding the data using PKCS
|
||
|
ALG_ID aiHashAlg;
|
||
|
|
||
|
// This is the buffer and length that the caller expects to be signed.
|
||
|
// Signed version is allocated a buffer and put in cb/pbSignedData. That should
|
||
|
// be freed using PFN_CSP_FREE callback.
|
||
|
PBYTE pbData;
|
||
|
DWORD cbData;
|
||
|
|
||
|
PBYTE pbSignedData;
|
||
|
DWORD cbSignedData;
|
||
|
|
||
|
// The following parameters are new in version 2 of the
|
||
|
// CARD_SIGNING_INFO structure.
|
||
|
// If CARD_PADDING_INFO_PRESENT is set in dwSigningFlags then
|
||
|
// pPaddingInfo will point to the BCRYPT_PADDING_INFO structure
|
||
|
// defined by dwPaddingType. Currently supported values are
|
||
|
// CARD_PADDING_PKCS1, CARD_PADDING_PSS and CARD_PADDING_NONE
|
||
|
LPVOID pPaddingInfo;
|
||
|
DWORD dwPaddingType;
|
||
|
} CARD_SIGNING_INFO, *PCARD_SIGNING_INFO;
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_SIGN_DATA)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__inout PCARD_SIGNING_INFO pInfo);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardSignData(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__inout PCARD_SIGNING_INFO pInfo);
|
||
|
|
||
|
//
|
||
|
// Type: CARD_DH_AGREEMENT_INFO
|
||
|
//
|
||
|
// CARD_DH_AGREEMENT_INFO version 1 is no longer supported and should
|
||
|
// not be implemented
|
||
|
//
|
||
|
|
||
|
#define CARD_DH_AGREEMENT_INFO_VERSION 2
|
||
|
|
||
|
typedef struct _CARD_DH_AGREEMENT_INFO
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
BYTE bContainerIndex;
|
||
|
DWORD dwFlags;
|
||
|
DWORD dwPublicKey;
|
||
|
PBYTE pbPublicKey;
|
||
|
PBYTE pbReserved;
|
||
|
DWORD cbReserved;
|
||
|
|
||
|
OUT BYTE bSecretAgreementIndex;
|
||
|
} CARD_DH_AGREEMENT_INFO, *PCARD_DH_AGREEMENT_INFO;
|
||
|
|
||
|
//
|
||
|
// Function: CardConstructDHAgreement
|
||
|
//
|
||
|
// Purpose: compute a DH secret agreement from a ECDH key on the card
|
||
|
// and the public portion of another ECDH key
|
||
|
//
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_CONSTRUCT_DH_AGREEMENT)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__inout PCARD_DH_AGREEMENT_INFO pAgreementInfo);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardConstructDHAgreement(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__inout PCARD_DH_AGREEMENT_INFO pAgreementInfo);
|
||
|
|
||
|
//
|
||
|
// Type: CARD_DERIVE_KEY_INFO
|
||
|
//
|
||
|
#define CARD_DERIVE_KEY_VERSION 1
|
||
|
#define CARD_DERIVE_KEY_VERSION_TWO 2
|
||
|
#define CARD_DERIVE_KEY_CURRENT_VERSION CARD_DERIVE_KEY_VERSION_TWO
|
||
|
|
||
|
// If CARD_RETURN_KEY_HANDLE is passed then the card module should return a
|
||
|
// key handle instead of the key derivation data
|
||
|
#define CARD_RETURN_KEY_HANDLE 0x1000000
|
||
|
|
||
|
typedef struct _CARD_DERIVE_KEY
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
|
||
|
// If CARD_BUFFER_SIZE_ONLY is passed then the card module
|
||
|
// should return only the size of the resulting key in
|
||
|
// cbDerivedKey
|
||
|
DWORD dwFlags;
|
||
|
LPWSTR pwszKDF;
|
||
|
BYTE bSecretAgreementIndex;
|
||
|
|
||
|
PVOID pParameterList;
|
||
|
|
||
|
PBYTE pbDerivedKey;
|
||
|
DWORD cbDerivedKey;
|
||
|
|
||
|
// The following parameter can be used by the card to determine
|
||
|
// key derivation material and to pass back a symmetric key handle
|
||
|
// as a result of the key derivation algorithm
|
||
|
LPWSTR pwszAlgId;
|
||
|
DWORD dwKeyLen;
|
||
|
CARD_KEY_HANDLE hKey;
|
||
|
} CARD_DERIVE_KEY, *PCARD_DERIVE_KEY;
|
||
|
|
||
|
//
|
||
|
// Function: CardDeriveKey
|
||
|
//
|
||
|
// Purpose: Generate a dervived session key using a generated agreed
|
||
|
// secret and various other parameters.
|
||
|
//
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_DERIVE_KEY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__inout PCARD_DERIVE_KEY pAgreementInfo);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardDeriveKey(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__inout PCARD_DERIVE_KEY pAgreementInfo);
|
||
|
|
||
|
//
|
||
|
// Function: CardDestroyAgreement
|
||
|
//
|
||
|
// Purpose: Force a deletion of the DH agreed secret.
|
||
|
//
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_DESTROY_DH_AGREEMENT)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bSecretAgreementIndex,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardDestroyDHAgreement(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bSecretAgreementIndex,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
//
|
||
|
// Function: CspGetDHAgreement
|
||
|
//
|
||
|
// Purpose: The CARD_DERIVE_KEY structure contains a list of parameters
|
||
|
// (pParameterList) which might contain a reference to one or more addition
|
||
|
// agreed secrets (KDF_NCRYPT_SECRET_HANDLE). This callback is provided by
|
||
|
// the caller of CardDeriveKey and will translate the parameter into the
|
||
|
// on card agreed secret handle.
|
||
|
//
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CSP_GET_DH_AGREEMENT)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in PVOID hSecretAgreement,
|
||
|
__out BYTE* pbSecretAgreementIndex,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CspGetDHAgreement(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in PVOID hSecretAgreement,
|
||
|
__out BYTE* pbSecretAgreementIndex,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
//
|
||
|
// Memory Management Routines
|
||
|
//
|
||
|
// These routines are supplied to the card module
|
||
|
// by the calling CSP.
|
||
|
//
|
||
|
|
||
|
//
|
||
|
// Function: PFN_CSP_ALLOC
|
||
|
//
|
||
|
typedef LPVOID (WINAPI *PFN_CSP_ALLOC)(
|
||
|
__in SIZE_T Size);
|
||
|
|
||
|
//
|
||
|
// Function: PFN_CSP_REALLOC
|
||
|
//
|
||
|
typedef LPVOID (WINAPI *PFN_CSP_REALLOC)(
|
||
|
__in LPVOID Address,
|
||
|
__in SIZE_T Size);
|
||
|
|
||
|
//
|
||
|
// Function: PFN_CSP_FREE
|
||
|
//
|
||
|
// Note: Data allocated for the CSP by the card module must
|
||
|
// be freed by the CSP.
|
||
|
//
|
||
|
typedef void (WINAPI *PFN_CSP_FREE)(
|
||
|
__in LPVOID Address);
|
||
|
|
||
|
//
|
||
|
// Function: PFN_CSP_CACHE_ADD_FILE
|
||
|
//
|
||
|
// A copy of the pbData parameter is added to the cache.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CSP_CACHE_ADD_FILE)(
|
||
|
__in PVOID pvCacheContext,
|
||
|
__in LPWSTR wszTag,
|
||
|
__in DWORD dwFlags,
|
||
|
__in_bcount(cbData) PBYTE pbData,
|
||
|
__in DWORD cbData);
|
||
|
|
||
|
//
|
||
|
// Function: PFN_CSP_CACHE_LOOKUP_FILE
|
||
|
//
|
||
|
// If the cache lookup is successful,
|
||
|
// the caller must free the *ppbData pointer with pfnCspFree.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CSP_CACHE_LOOKUP_FILE)(
|
||
|
__in PVOID pvCacheContext,
|
||
|
__in LPWSTR wszTag,
|
||
|
__in DWORD dwFlags,
|
||
|
__deref_out_bcount(*pcbData) PBYTE *ppbData,
|
||
|
__out PDWORD pcbData);
|
||
|
|
||
|
//
|
||
|
// Function: PFN_CSP_CACHE_DELETE_FILE
|
||
|
//
|
||
|
// Deletes the specified item from the cache.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CSP_CACHE_DELETE_FILE)(
|
||
|
__in PVOID pvCacheContext,
|
||
|
__in LPWSTR wszTag,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
//
|
||
|
// Function: PFN_CSP_PAD_DATA
|
||
|
//
|
||
|
// Callback to pad buffer for crypto operation. Used when
|
||
|
// the card does not provide this.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CSP_PAD_DATA)(
|
||
|
__in PCARD_SIGNING_INFO pSigningInfo,
|
||
|
__in DWORD cbMaxWidth,
|
||
|
__out DWORD* pcbPaddedBuffer,
|
||
|
__deref_out_bcount(*pcbPaddedBuffer) PBYTE* ppbPaddedBuffer);
|
||
|
|
||
|
//
|
||
|
// Function: PFN_CSP_UNPAD_DATA
|
||
|
//
|
||
|
// Callback to unpad buffer for crypto operation. Used when
|
||
|
// the card does not provide this.
|
||
|
//
|
||
|
typedef DWORD (WINAPI *PFN_CSP_UNPAD_DATA)(
|
||
|
__in PCARD_RSA_DECRYPT_INFO pRSADecryptInfo,
|
||
|
__out DWORD* pcbUnpaddedData,
|
||
|
__deref_out_bcount(*pcbUnpaddedData) PBYTE* ppbUnpaddedData);
|
||
|
|
||
|
// *******************
|
||
|
// Container Porperties
|
||
|
// *******************
|
||
|
|
||
|
#define CCP_CONTAINER_INFO L"Container Info" // Read only
|
||
|
#define CCP_PIN_IDENTIFIER L"PIN Identifier"
|
||
|
#define CCP_ASSOCIATED_ECDH_KEY L"Associated ECDH Key"
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_GET_CONTAINER_PROPERTY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in LPCWSTR wszProperty,
|
||
|
__out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData,
|
||
|
__in DWORD cbData,
|
||
|
__out PDWORD pdwDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardGetContainerProperty(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in LPCWSTR wszProperty,
|
||
|
__out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData,
|
||
|
__in DWORD cbData,
|
||
|
__out PDWORD pdwDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_SET_CONTAINER_PROPERTY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in LPCWSTR wszProperty,
|
||
|
__in_bcount(cbDataLen) PBYTE pbData,
|
||
|
__in DWORD cbDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardSetContainerProperty(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in LPCWSTR wszProperty,
|
||
|
__in_bcount(cbDataLen) PBYTE pbData,
|
||
|
__in DWORD cbDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
// *******************
|
||
|
// Card Properties
|
||
|
// *******************
|
||
|
|
||
|
#define CP_CARD_FREE_SPACE L"Free Space" // Read only
|
||
|
#define CP_CARD_CAPABILITIES L"Capabilities" // Read only
|
||
|
#define CP_CARD_KEYSIZES L"Key Sizes" // Read only
|
||
|
|
||
|
#define CP_CARD_READ_ONLY L"Read Only Mode"
|
||
|
#define CP_CARD_CACHE_MODE L"Cache Mode"
|
||
|
#define CP_SUPPORTS_WIN_X509_ENROLLMENT L"Supports Windows x.509 Enrollment"
|
||
|
|
||
|
#define CP_CARD_GUID L"Card Identifier"
|
||
|
#define CP_CARD_SERIAL_NO L"Card Serial Number"
|
||
|
|
||
|
#define CP_CARD_PIN_INFO L"PIN Information"
|
||
|
#define CP_CARD_LIST_PINS L"PIN List" // Read only
|
||
|
#define CP_CARD_AUTHENTICATED_STATE L"Authenticated State" // Read only
|
||
|
|
||
|
#define CP_CARD_PIN_STRENGTH_VERIFY L"PIN Strength Verify" // Read only
|
||
|
#define CP_CARD_PIN_STRENGTH_CHANGE L"PIN Strength Change" // Read only
|
||
|
#define CP_CARD_PIN_STRENGTH_UNBLOCK L"PIN Strength Unblock" // Read only
|
||
|
|
||
|
#define CP_PARENT_WINDOW L"Parent Window" // Write only
|
||
|
#define CP_PIN_CONTEXT_STRING L"PIN Context String" // Write only
|
||
|
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_GET_PROPERTY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPCWSTR wszProperty,
|
||
|
__out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData,
|
||
|
__in DWORD cbData,
|
||
|
__out PDWORD pdwDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardGetProperty(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPCWSTR wszProperty,
|
||
|
__out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData,
|
||
|
__in DWORD cbData,
|
||
|
__out PDWORD pdwDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_SET_PROPERTY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPCWSTR wszProperty,
|
||
|
__in_bcount(cbDataLen) PBYTE pbData,
|
||
|
__in DWORD cbDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardSetProperty(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPCWSTR wszProperty,
|
||
|
__in_bcount(cbDataLen) PBYTE pbData,
|
||
|
__in DWORD cbDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
// **************************
|
||
|
// Secure key injection flags
|
||
|
// **************************
|
||
|
|
||
|
#define CARD_SECURE_KEY_INJECTION_NO_CARD_MODE 0x1 // No card operations
|
||
|
|
||
|
#define CARD_KEY_IMPORT_PLAIN_TEXT 0x1
|
||
|
#define CARD_KEY_IMPORT_RSA_KEYEST 0x2
|
||
|
#define CARD_KEY_IMPORT_ECC_KEYEST 0x4
|
||
|
#define CARD_KEY_IMPORT_SHARED_SYMMETRIC 0x8
|
||
|
|
||
|
#define CARD_CIPHER_OPERATION 0x1 // Symmetric operations
|
||
|
#define CARD_ASYMMETRIC_OPERATION 0x2 // Asymmetric operations
|
||
|
|
||
|
#define CARD_3DES_112_ALGORITHM BCRYPT_3DES_112_ALGORITHM // 3DES 2 key
|
||
|
#define CARD_3DES_ALGORITHM BCRYPT_3DES_ALGORITHM // 3DES 3 key
|
||
|
#define CARD_AES_ALGORITHM BCRYPT_AES_ALGORITHM
|
||
|
|
||
|
#define CARD_BLOCK_PADDING BCRYPT_BLOCK_PADDING
|
||
|
|
||
|
#define CARD_CHAIN_MODE_CBC BCRYPT_CHAIN_MODE_CBC
|
||
|
|
||
|
// *******************************
|
||
|
// Secure key injection structures
|
||
|
// *******************************
|
||
|
|
||
|
#pragma warning(push)
|
||
|
#pragma warning(disable:4200) //nonstandard extension used : zero-sized array in struct/union
|
||
|
|
||
|
typedef struct _CARD_ENCRYPTED_DATA {
|
||
|
PBYTE pbEncryptedData;
|
||
|
DWORD cbEncryptedData;
|
||
|
} CARD_ENCRYPTED_DATA, *PCARD_ENCRYPTED_DATA;
|
||
|
|
||
|
#define CARD_IMPORT_KEYPAIR_VERSION_SEVEN 7
|
||
|
#define CARD_IMPORT_KEYPAIR_CURRENT_VERSION CARD_IMPORT_KEYPAIR_VERSION_SEVEN
|
||
|
|
||
|
typedef struct _CARD_IMPORT_KEYPAIR
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
BYTE bContainerIndex;
|
||
|
PIN_ID PinId;
|
||
|
DWORD dwKeySpec;
|
||
|
DWORD dwKeySize;
|
||
|
DWORD cbInput;
|
||
|
BYTE pbInput[0];
|
||
|
} CARD_IMPORT_KEYPAIR, *PCARD_IMPORT_KEYPAIR;
|
||
|
|
||
|
#define CARD_CHANGE_AUTHENTICATOR_VERSION_SEVEN 7
|
||
|
#define CARD_CHANGE_AUTHENTICATOR_CURRENT_VERSION CARD_CHANGE_AUTHENTICATOR_VERSION_SEVEN
|
||
|
|
||
|
typedef struct _CARD_CHANGE_AUTHENTICATOR
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
DWORD dwFlags;
|
||
|
PIN_ID dwAuthenticatingPinId;
|
||
|
DWORD cbAuthenticatingPinData;
|
||
|
PIN_ID dwTargetPinId;
|
||
|
DWORD cbTargetData;
|
||
|
DWORD cRetryCount;
|
||
|
BYTE pbData[0];
|
||
|
/* pbAuthenticatingPinData = pbData */
|
||
|
/* pbTargetData = pbData + cbAuthenticatingPinData */
|
||
|
} CARD_CHANGE_AUTHENTICATOR, *PCARD_CHANGE_AUTHENTICATOR;
|
||
|
|
||
|
#define CARD_CHANGE_AUTHENTICATOR_RESPONSE_VERSION_SEVEN 7
|
||
|
#define CARD_CHANGE_AUTHENTICATOR_RESPONSE_CURRENT_VERSION CARD_CHANGE_AUTHENTICATOR_RESPONSE_VERSION_SEVEN
|
||
|
|
||
|
typedef struct _CARD_CHANGE_AUTHENTICATOR_RESPONSE
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
DWORD cAttemptsRemaining;
|
||
|
} CARD_CHANGE_AUTHENTICATOR_RESPONSE, *PCARD_CHANGE_AUTHENTICATOR_RESPONSE;
|
||
|
|
||
|
#define CARD_AUTHENTICATE_VERSION_SEVEN 7
|
||
|
#define CARD_AUTHENTICATE_CURRENT_VERSION CARD_AUTHENTICATE_VERSION_SEVEN
|
||
|
|
||
|
typedef struct _CARD_AUTHENTICATE
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
DWORD dwFlags;
|
||
|
PIN_ID PinId;
|
||
|
DWORD cbPinData;
|
||
|
BYTE pbPinData[0];
|
||
|
} CARD_AUTHENTICATE, *PCARD_AUTHENTICATE;
|
||
|
|
||
|
#define CARD_AUTHENTICATE_RESPONSE_VERSION_SEVEN 7
|
||
|
#define CARD_AUTHENTICATE_RESPONSE_CURRENT_VERSION CARD_AUTHENTICATE_RESPONSE_VERSION_SEVEN
|
||
|
|
||
|
typedef struct _CARD_AUTHENTICATE_RESPONSE
|
||
|
{
|
||
|
DWORD dwVersion;
|
||
|
DWORD cbSessionPin;
|
||
|
DWORD cAttemptsRemaining;
|
||
|
BYTE pbSessionPin[0];
|
||
|
} CARD_AUTHENTICATE_RESPONSE, *PCARD_AUTHENTICATE_RESPONSE;
|
||
|
|
||
|
#pragma warning(pop)
|
||
|
|
||
|
// *******************************************************
|
||
|
// Secure key injection properties / secure function names
|
||
|
// *******************************************************
|
||
|
|
||
|
#define CP_KEY_IMPORT_SUPPORT L"Key Import Support" // Read only
|
||
|
#define CP_ENUM_ALGORITHMS L"Algorithms" // Read only
|
||
|
#define CP_PADDING_SCHEMES L"Padding Schemes" // Read only
|
||
|
#define CP_CHAINING_MODES L"Chaining Modes" // Read only
|
||
|
|
||
|
#define CSF_IMPORT_KEYPAIR L"Import Key Pair"
|
||
|
#define CSF_CHANGE_AUTHENTICATOR L"Change Authenticator"
|
||
|
#define CSF_AUTHENTICATE L"Authenticate"
|
||
|
|
||
|
#define CKP_CHAINING_MODE L"ChainingMode"
|
||
|
#define CKP_INITIALIZATION_VECTOR L"IV"
|
||
|
#define CKP_BLOCK_LENGTH L"BlockLength"
|
||
|
|
||
|
// ******************************
|
||
|
// Secure key injection functions
|
||
|
// ******************************
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_MD_IMPORT_SESSION_KEY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPCWSTR pwszBlobType,
|
||
|
__in LPCWSTR pwszAlgId,
|
||
|
__out PCARD_KEY_HANDLE phKey,
|
||
|
__in_bcount(cbInput) PBYTE pbInput,
|
||
|
__in DWORD cbInput);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
MDImportSessionKey(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPCWSTR pwszBlobType,
|
||
|
__in LPCWSTR pwszAlgId,
|
||
|
__out PCARD_KEY_HANDLE phKey,
|
||
|
__in_bcount(cbInput) PBYTE pbInput,
|
||
|
__in DWORD cbInput);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_MD_ENCRYPT_DATA)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in CARD_KEY_HANDLE hKey,
|
||
|
__in LPCWSTR pwszSecureFunction,
|
||
|
__in_bcount(cbInput) PBYTE pbInput,
|
||
|
__in DWORD cbInput,
|
||
|
__in DWORD dwFlags,
|
||
|
__deref_out_ecount(*pcEncryptedData) PCARD_ENCRYPTED_DATA *ppEncryptedData,
|
||
|
__out PDWORD pcEncryptedData);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
MDEncryptData(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in CARD_KEY_HANDLE hKey,
|
||
|
__in LPCWSTR pwszSecureFunction,
|
||
|
__in_bcount(cbInput) PBYTE pbInput,
|
||
|
__in DWORD cbInput,
|
||
|
__in DWORD dwFlags,
|
||
|
__deref_out_ecount(*pcEncryptedData) PCARD_ENCRYPTED_DATA *ppEncryptedData,
|
||
|
__out PDWORD pcEncryptedData);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_GET_SHARED_KEY_HANDLE)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_bcount(cbInput) PBYTE pbInput,
|
||
|
__in DWORD cbInput,
|
||
|
__deref_opt_out_bcount(*pcbOutput) PBYTE *ppbOutput,
|
||
|
__out_opt PDWORD pcbOutput,
|
||
|
__out PCARD_KEY_HANDLE phKey);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardGetSharedKeyHandle(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in_bcount(cbInput) PBYTE pbInput,
|
||
|
__in DWORD cbInput,
|
||
|
__deref_opt_out_bcount(*pcbOutput) PBYTE *ppbOutput,
|
||
|
__out_opt PDWORD pcbOutput,
|
||
|
__out PCARD_KEY_HANDLE phKey);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_DESTROY_KEY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in CARD_KEY_HANDLE hKey);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardDestroyKey(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in CARD_KEY_HANDLE hKey);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_GET_ALGORITHM_PROPERTY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPCWSTR pwszAlgId,
|
||
|
__in LPCWSTR pwszProperty,
|
||
|
__out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData,
|
||
|
__in DWORD cbData,
|
||
|
__out PDWORD pdwDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardGetAlgorithmProperty(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in LPCWSTR pwszAlgId,
|
||
|
__in LPCWSTR pwszProperty,
|
||
|
__out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData,
|
||
|
__in DWORD cbData,
|
||
|
__out PDWORD pdwDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_GET_KEY_PROPERTY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in CARD_KEY_HANDLE hKey,
|
||
|
__in LPCWSTR pwszProperty,
|
||
|
__out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData,
|
||
|
__in DWORD cbData,
|
||
|
__out PDWORD pdwDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardGetKeyProperty(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in CARD_KEY_HANDLE hKey,
|
||
|
__in LPCWSTR pwszProperty,
|
||
|
__out_bcount_part_opt(cbData, *pdwDataLen) PBYTE pbData,
|
||
|
__in DWORD cbData,
|
||
|
__out PDWORD pdwDataLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_SET_KEY_PROPERTY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in CARD_KEY_HANDLE hKey,
|
||
|
__in LPCWSTR pwszProperty,
|
||
|
__in_bcount(cbInput) PBYTE pbInput,
|
||
|
__in DWORD cbInput,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardSetKeyProperty(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in CARD_KEY_HANDLE hKey,
|
||
|
__in LPCWSTR pwszProperty,
|
||
|
__in_bcount(cbInput) PBYTE pbInput,
|
||
|
__in DWORD cbInput,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_IMPORT_SESSION_KEY)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in LPVOID pPaddingInfo,
|
||
|
__in LPCWSTR pwszBlobType,
|
||
|
__in LPCWSTR pwszAlgId,
|
||
|
__out PCARD_KEY_HANDLE phKey,
|
||
|
__in_bcount(cbInput) PBYTE pbInput,
|
||
|
__in DWORD cbInput,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardImportSessionKey(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in BYTE bContainerIndex,
|
||
|
__in LPVOID pPaddingInfo,
|
||
|
__in LPCWSTR pwszBlobType,
|
||
|
__in LPCWSTR pwszAlgId,
|
||
|
__out PCARD_KEY_HANDLE phKey,
|
||
|
__in_bcount(cbInput) PBYTE pbInput,
|
||
|
__in DWORD cbInput,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
typedef DWORD (WINAPI *PFN_CARD_PROCESS_ENCRYPTED_DATA)(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in CARD_KEY_HANDLE hKey,
|
||
|
__in LPCWSTR pwszSecureFunction,
|
||
|
__in_ecount(cEncryptedData) PCARD_ENCRYPTED_DATA pEncryptedData,
|
||
|
__in DWORD cEncryptedData,
|
||
|
__out_bcount_part_opt(cbOutput, *pdwOutputLen) PBYTE pbOutput,
|
||
|
__in DWORD cbOutput,
|
||
|
__out_opt PDWORD pdwOutputLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
DWORD
|
||
|
WINAPI
|
||
|
CardProcessEncryptedData(
|
||
|
__in PCARD_DATA pCardData,
|
||
|
__in CARD_KEY_HANDLE hKey,
|
||
|
__in LPCWSTR pwszSecureFunction,
|
||
|
__in_ecount(cEncryptedData) PCARD_ENCRYPTED_DATA pEncryptedData,
|
||
|
__in DWORD cEncryptedData,
|
||
|
__out_bcount_part_opt(cbOutput, *pdwOutputLen) PBYTE pbOutput,
|
||
|
__in DWORD cbOutput,
|
||
|
__out_opt PDWORD pdwOutputLen,
|
||
|
__in DWORD dwFlags);
|
||
|
|
||
|
//
|
||
|
// Type: CARD_DATA
|
||
|
//
|
||
|
|
||
|
#define CARD_DATA_VERSION_SEVEN 7
|
||
|
|
||
|
// This verison supports new features suched as enhanced support
|
||
|
// for PINs, support for read-only cards, a secure PIN channel
|
||
|
// and external PIN support.
|
||
|
#define CARD_DATA_VERSION_SIX 6
|
||
|
|
||
|
// This version supports new features such as a designed
|
||
|
// CardSecretAgreement and key derivation functions. Also
|
||
|
// added is the PKCS#1 2.1 (PSS) padding format.
|
||
|
#define CARD_DATA_VERSION_FIVE 5
|
||
|
|
||
|
// This is the minimum version currently supported. Those
|
||
|
// applications that require basic RSA crypto functionality
|
||
|
// and file operations should use this version
|
||
|
#define CARD_DATA_VERSION_FOUR 4
|
||
|
|
||
|
// For those apps, that want the maximum version available, use
|
||
|
// CARD_DATA_CURRENT_VERSION. Otherwise applications should
|
||
|
// target a specific version that includes the functionality
|
||
|
// that they require.
|
||
|
#define CARD_DATA_CURRENT_VERSION CARD_DATA_VERSION_SEVEN
|
||
|
|
||
|
typedef struct _CARD_DATA
|
||
|
{
|
||
|
// These members must be initialized by the CSP/KSP before
|
||
|
// calling CardAcquireContext.
|
||
|
|
||
|
DWORD dwVersion;
|
||
|
|
||
|
PBYTE pbAtr;
|
||
|
DWORD cbAtr;
|
||
|
LPWSTR pwszCardName;
|
||
|
|
||
|
PFN_CSP_ALLOC pfnCspAlloc;
|
||
|
PFN_CSP_REALLOC pfnCspReAlloc;
|
||
|
PFN_CSP_FREE pfnCspFree;
|
||
|
|
||
|
PFN_CSP_CACHE_ADD_FILE pfnCspCacheAddFile;
|
||
|
PFN_CSP_CACHE_LOOKUP_FILE pfnCspCacheLookupFile;
|
||
|
PFN_CSP_CACHE_DELETE_FILE pfnCspCacheDeleteFile;
|
||
|
PVOID pvCacheContext;
|
||
|
|
||
|
PFN_CSP_PAD_DATA pfnCspPadData;
|
||
|
|
||
|
SCARDCONTEXT hSCardCtx;
|
||
|
SCARDHANDLE hScard;
|
||
|
|
||
|
// pointer to vendor specific information
|
||
|
|
||
|
PVOID pvVendorSpecific;
|
||
|
|
||
|
// These members are initialized by the card module
|
||
|
|
||
|
PFN_CARD_DELETE_CONTEXT pfnCardDeleteContext;
|
||
|
PFN_CARD_QUERY_CAPABILITIES pfnCardQueryCapabilities;
|
||
|
PFN_CARD_DELETE_CONTAINER pfnCardDeleteContainer;
|
||
|
PFN_CARD_CREATE_CONTAINER pfnCardCreateContainer;
|
||
|
PFN_CARD_GET_CONTAINER_INFO pfnCardGetContainerInfo;
|
||
|
PFN_CARD_AUTHENTICATE_PIN pfnCardAuthenticatePin;
|
||
|
PFN_CARD_GET_CHALLENGE pfnCardGetChallenge;
|
||
|
PFN_CARD_AUTHENTICATE_CHALLENGE pfnCardAuthenticateChallenge;
|
||
|
PFN_CARD_UNBLOCK_PIN pfnCardUnblockPin;
|
||
|
PFN_CARD_CHANGE_AUTHENTICATOR pfnCardChangeAuthenticator;
|
||
|
PFN_CARD_DEAUTHENTICATE pfnCardDeauthenticate;
|
||
|
PFN_CARD_CREATE_DIRECTORY pfnCardCreateDirectory;
|
||
|
PFN_CARD_DELETE_DIRECTORY pfnCardDeleteDirectory;
|
||
|
LPVOID pvUnused3;
|
||
|
LPVOID pvUnused4;
|
||
|
PFN_CARD_CREATE_FILE pfnCardCreateFile;
|
||
|
PFN_CARD_READ_FILE pfnCardReadFile;
|
||
|
PFN_CARD_WRITE_FILE pfnCardWriteFile;
|
||
|
PFN_CARD_DELETE_FILE pfnCardDeleteFile;
|
||
|
PFN_CARD_ENUM_FILES pfnCardEnumFiles;
|
||
|
PFN_CARD_GET_FILE_INFO pfnCardGetFileInfo;
|
||
|
PFN_CARD_QUERY_FREE_SPACE pfnCardQueryFreeSpace;
|
||
|
PFN_CARD_QUERY_KEY_SIZES pfnCardQueryKeySizes;
|
||
|
|
||
|
PFN_CARD_SIGN_DATA pfnCardSignData;
|
||
|
PFN_CARD_RSA_DECRYPT pfnCardRSADecrypt;
|
||
|
PFN_CARD_CONSTRUCT_DH_AGREEMENT pfnCardConstructDHAgreement;
|
||
|
|
||
|
// New functions in version five.
|
||
|
PFN_CARD_DERIVE_KEY pfnCardDeriveKey;
|
||
|
PFN_CARD_DESTROY_DH_AGREEMENT pfnCardDestroyDHAgreement;
|
||
|
PFN_CSP_GET_DH_AGREEMENT pfnCspGetDHAgreement;
|
||
|
|
||
|
// version 6 additions below here
|
||
|
PFN_CARD_GET_CHALLENGE_EX pfnCardGetChallengeEx;
|
||
|
PFN_CARD_AUTHENTICATE_EX pfnCardAuthenticateEx;
|
||
|
PFN_CARD_CHANGE_AUTHENTICATOR_EX pfnCardChangeAuthenticatorEx;
|
||
|
PFN_CARD_DEAUTHENTICATE_EX pfnCardDeauthenticateEx;
|
||
|
PFN_CARD_GET_CONTAINER_PROPERTY pfnCardGetContainerProperty;
|
||
|
PFN_CARD_SET_CONTAINER_PROPERTY pfnCardSetContainerProperty;
|
||
|
PFN_CARD_GET_PROPERTY pfnCardGetProperty;
|
||
|
PFN_CARD_SET_PROPERTY pfnCardSetProperty;
|
||
|
|
||
|
// version 7 additions below here
|
||
|
PFN_CSP_UNPAD_DATA pfnCspUnpadData;
|
||
|
PFN_MD_IMPORT_SESSION_KEY pfnMDImportSessionKey;
|
||
|
PFN_MD_ENCRYPT_DATA pfnMDEncryptData;
|
||
|
PFN_CARD_IMPORT_SESSION_KEY pfnCardImportSessionKey;
|
||
|
PFN_CARD_GET_SHARED_KEY_HANDLE pfnCardGetSharedKeyHandle;
|
||
|
PFN_CARD_GET_ALGORITHM_PROPERTY pfnCardGetAlgorithmProperty;
|
||
|
PFN_CARD_GET_KEY_PROPERTY pfnCardGetKeyProperty;
|
||
|
PFN_CARD_SET_KEY_PROPERTY pfnCardSetKeyProperty;
|
||
|
PFN_CARD_DESTROY_KEY pfnCardDestroyKey;
|
||
|
PFN_CARD_PROCESS_ENCRYPTED_DATA pfnCardProcessEncryptedData;
|
||
|
PFN_CARD_CREATE_CONTAINER_EX pfnCardCreateContainerEx;
|
||
|
|
||
|
} CARD_DATA, *PCARD_DATA;
|
||
|
|
||
|
#endif
|
||
|
|