archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/win32/fusion/tools/xmllib/inspection/analyzerxmldsig.c

375 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include "nt.h"
  2. #include "ntdef.h"
  3. #include "ntrtl.h"
  4. #include "nturtl.h"
  5. #include "sxs-rtl.h"
  6. #include "skiplist.h"
  7. #include "fasterxml.h"
  8. #include "namespacemanager.h"
  9. #include "xmlstructure.h"
  10. #include "manifestinspection.h"
  11. #include "analyzerxmldsig.h"
  13. //
  14. // This is all the stuff required to do XMLDSIG for us
  15. //
  16. DECLARE_ELEMENT(Signature);
  17. DECLARE_ELEMENT(Signature_SignatureValue);
  18. DECLARE_ELEMENT(Signature_SignedInfo);
  19. DECLARE_ELEMENT(Signature_KeyInfo);
  20. DECLARE_ELEMENT(Signature_KeyInfo_KeyName);
  21. DECLARE_ELEMENT(Signature_KeyInfo_KeyValue);
  22. DECLARE_ELEMENT(Signature_KeyInfo_KeyValue_DSAKeyValue);
  23. DECLARE_ELEMENT(Signature_KeyInfo_KeyValue_RSAKeyValue);
  24. //DECLARE_ELEMENT(Signature_Object);
  25. DECLARE_ELEMENT(Signature_SignedInfo_CanonicalizationMethod);
  26. DECLARE_ELEMENT(Signature_SignedInfo_SignatureMethod);
  27. DECLARE_ELEMENT(Signature_SignedInfo_Reference);
  28. DECLARE_ELEMENT(Signature_SignedInfo_Reference_Transforms);
  29. DECLARE_ELEMENT(Signature_SignedInfo_Reference_DigestMethod);
  30. DECLARE_ELEMENT(Signature_SignedInfo_Reference_DigestValue);
  33. const XML_SPECIAL_STRING sc_ss_xmldsignamespace = MAKE_SPECIAL_STRING("http://www.w3.org/2000/09/xmldsig#");
  36. XML_ELEMENT_DEFINITION rgs_Element_Signature =
  37. {
  38. XML_ELEMENT_FLAG_ALLOW_ANY_CHILDREN,
  39. eManifestState_Signature,
  40. NULL,
  41. &sc_ss_xmldsignamespace,
  42. MAKE_SPECIAL_STRING("Signature"),
  43. &Rtl_InspectManifest_Signature,
  44. rgs_Element_Signature_Children,
  45. 0,
  46. { 0 }
  47. };
  49. PCXML_ELEMENT_DEFINITION rgs_Element_Signature_Children[] = {
  50. ELEMENT_NAMED(Signature_SignatureValue),
  51. ELEMENT_NAMED(Signature_SignedInfo),
  52. ELEMENT_NAMED(Signature_KeyInfo),
  53. // ELEMENT_NAMED(Signature_Object),
  54. };
  56. /*
  57. Signature::
  58. <!ELEMENT SignatureValue (#PCDATA) >
  59. <!ATTLIST SignatureValue
  60. Id ID #IMPLIED>
  61. */
  62. enum {
  63. eAttribs_Signature_SignatureValue_Id = 0,
  64. eAttribs_Signature_SignatureValue_Count
  65. };
  67. ELEMENT_DEFINITION_NS(Signature, SignatureValue, sc_ss_xmldsignamespace, Rtl_InspectManifest_Signature, XML_ELEMENT_FLAG_ALLOW_ANY_CHILDREN | XML_ELEMENT_FLAG_ALLOW_ANY_ATTRIBUTES)
  68. ATTRIBUTE_DEFINITION_NONS_NODEFAULT_OPTIONAL(Id),
  69. ELEMENT_DEFINITION_DEFNS_END();
  71. ELEMENT_DEFINITION_CHILD_ELEMENTS(Signature, SignatureValue)
  72. ELEMENT_DEFINITION_CHILD_ELEMENTS_END();
  74. /*
  75. <!ELEMENT SignedInfo (CanonicalizationMethod, SignatureMethod, Reference+) >
  76. <!ATTLIST SignedInfo Id ID #IMPLIED>
  77. */
  78. enum {
  79. eAttribs_Signature_SignedInfo_Id = 0,
  80. eAttribs_Signature_SignedInfo_Count
  81. };
  82. ELEMENT_DEFINITION_NS(Signature, SignedInfo, sc_ss_xmldsignamespace, Rtl_InspectManifest_Signature, XML_ELEMENT_FLAG_ALLOW_ANY_CHILDREN)
  83. ATTRIBUTE_DEFINITION_NONS_NODEFAULT_OPTIONAL(Id),
  84. ELEMENT_DEFINITION_DEFNS_END();
  86. ELEMENT_DEFINITION_CHILD_ELEMENTS(Signature, SignedInfo)
  87. ELEMENT_NAMED(Signature_SignedInfo_CanonicalizationMethod),
  88. ELEMENT_NAMED(Signature_SignedInfo_SignatureMethod),
  89. ELEMENT_NAMED(Signature_SignedInfo_Reference),
  90. ELEMENT_DEFINITION_CHILD_ELEMENTS_END();
  92. /*
  93. Signature::SignedInfo
  94. <!ELEMENT CanonicalizationMethod (#PCDATA %Method.ANY;)* >
  95. <!ATTLIST CanonicalizationMethod
  96. Algorithm CDATA #REQUIRED >
  97. */
  98. enum {
  99. eAttribs_Signature_SignedInfo_CanonicalizationMethod_Algorithm = 0,
  100. eAttribs_Signature_SignedInfo_CanonicalizationMethod_Count
  101. };
  102. ELEMENT_DEFINITION_NS(Signature_SignedInfo, CanonicalizationMethod, sc_ss_xmldsignamespace, Rtl_InspectManifest_Signature, XML_ELEMENT_FLAG_NO_ELEMENTS)
  103. ATTRIBUTE_DEFINITION_NONS_NODEFAULT(Algorithm),
  104. ELEMENT_DEFINITION_DEFNS_END();
  106. ELEMENT_DEFINITION_CHILD_ELEMENTS(Signature_SignedInfo, CanonicalizationMethod)
  107. ELEMENT_DEFINITION_CHILD_ELEMENTS_END();
  109. /*
  110. Signature::SignedInfo
  111. <!ELEMENT SignatureMethod (#PCDATA|HMACOutputLength %Method.ANY;)* >
  112. <!ATTLIST SignatureMethod
  113. Algorithm CDATA #REQUIRED >
  114. */
  115. enum {
  116. eAttribs_Signature_SignedInfo_SignatureMethod_Algorithm = 0,
  117. eAttribs_Signature_SignedInfo_SignatureMethod_Count
  118. };
  120. ELEMENT_DEFINITION_NS(Signature_SignedInfo, SignatureMethod, sc_ss_xmldsignamespace, Rtl_InspectManifest_Signature, XML_ELEMENT_FLAG_ALLOW_ANY_CHILDREN)
  121. ATTRIBUTE_DEFINITION_NONS_NODEFAULT(Algorithm),
  122. ELEMENT_DEFINITION_DEFNS_END();
  124. ELEMENT_DEFINITION_CHILD_ELEMENTS(Signature_SignedInfo, SignatureMethod)
  125. ELEMENT_DEFINITION_CHILD_ELEMENTS_END();
  127. /*
  128. Signature::SignedInfo
  129. <!ELEMENT Reference (Transforms?, DigestMethod, DigestValue) >
  130. <!ATTLIST Reference
  131. Id ID #IMPLIED
  132. URI CDATA #IMPLIED
  133. Type CDATA #IMPLIED>
  134. */
  135. enum {
  136. eAttribs_Signature_SignedInfo_Reference_Id = 0,
  137. eAttribs_Signature_SignedInfo_Reference_Type,
  138. eAttribs_Signature_SignedInfo_Reference_URI,
  139. eAttribs_Signature_SignedInfo_Reference_Count
  140. };
  141. ELEMENT_DEFINITION_NS(Signature_SignedInfo, Reference, sc_ss_xmldsignamespace, Rtl_InspectManifest_Signature, 0)
  142. ATTRIBUTE_DEFINITION_NONS_NODEFAULT_OPTIONAL(Id),
  143. ATTRIBUTE_DEFINITION_NONS_NODEFAULT_OPTIONAL(Type),
  144. ATTRIBUTE_DEFINITION_NONS_NODEFAULT_OPTIONAL(URI),
  145. ELEMENT_DEFINITION_DEFNS_END();
  147. ELEMENT_DEFINITION_CHILD_ELEMENTS(Signature_SignedInfo, Reference)
  148. // ELEMENT_NAMED(Signature_SignedInfo_Reference_Transforms),
  149. ELEMENT_NAMED(Signature_SignedInfo_Reference_DigestMethod),
  150. ELEMENT_NAMED(Signature_SignedInfo_Reference_DigestValue),
  151. ELEMENT_DEFINITION_CHILD_ELEMENTS_END();
  153. /*
  154. Signature::SignedInfo::Reference
  155. <!ELEMENT DigestMethod (#PCDATA %Method.ANY;)* >
  156. <!ATTLIST DigestMethod
  157. Algorithm CDATA #REQUIRED >
  158. */
  159. enum {
  160. eAttribs_Signature_SignedInfo_Reference_DigestMethod_Algorithm = 0,
  161. eAttribs_Signature_SignedInfo_Reference_DigestMethod_Count
  162. };
  163. ELEMENT_DEFINITION_NS(Signature_SignedInfo_Reference, DigestMethod, sc_ss_xmldsignamespace, Rtl_InspectManifest_Signature, 0)
  164. ATTRIBUTE_DEFINITION_NONS_NODEFAULT(Algorithm)
  165. ELEMENT_DEFINITION_DEFNS_END();
  167. ELEMENT_DEFINITION_CHILD_ELEMENTS(Signature_SignedInfo_Reference, DigestMethod)
  168. ELEMENT_DEFINITION_CHILD_ELEMENTS_END();
  170. /*
  171. Signature::SignedInfo::Reference
  172. <!ELEMENT DigestValue (#PCDATA) >
  173. */
  174. enum {
  175. eAttribs_Signature_SignedInfo_Reference_DigestValue_Count = 0
  176. };
  177. ELEMENT_DEFINITION_NS(Signature_SignedInfo_Reference, DigestValue, sc_ss_xmldsignamespace, Rtl_InspectManifest_Signature, 0)
  178. ATTRIBUTE_DEFINITION_NONS_NODEFAULT(unused)
  179. ELEMENT_DEFINITION_DEFNS_END();
  181. ELEMENT_DEFINITION_CHILD_ELEMENTS(Signature_SignedInfo_Reference, DigestValue)
  182. ELEMENT_DEFINITION_CHILD_ELEMENTS_END();
  185. /*
  186. Signature::
  187. <!ELEMENT KeyInfo (#PCDATA|KeyName|KeyValue|RetrievalMethod|
  188. X509Data|PGPData|SPKIData|MgmtData %KeyInfo.ANY;)* >
  189. <!ATTLIST KeyInfo
  190. Id ID #IMPLIED >
  191. */
  192. enum {
  193. eAttribs_Signature_KeyInfo_Id = 0,
  194. eAttribs_Signature_KeyInfo_Count
  195. };
  197. ELEMENT_DEFINITION_NS(Signature, KeyInfo, sc_ss_xmldsignamespace, Rtl_InspectManifest_Signature, 0)
  198. ATTRIBUTE_DEFINITION_NONS_NODEFAULT_OPTIONAL(Id),
  199. ELEMENT_DEFINITION_DEFNS_END();
  201. // For now we only support keyname and keyvalue
  202. ELEMENT_DEFINITION_CHILD_ELEMENTS(Signature, KeyInfo)
  203. ELEMENT_NAMED(Signature_KeyInfo_KeyName),
  204. // ELEMENT_NAMED(Signature_KeyInfo_KeyValue),
  205. // ELEMENT_NAMED(Signature_KeyInfo_RetrievalMethod),
  206. // ELEMENT_NAMED(Signature_KeyInfo_X509Data),
  207. // ELEMENT_NAMED(Signature_KeyInfo_PGPData),
  208. // ELEMENT_NAMED(Signature_KeyInfo_SPKIData),
  209. // ELEMENT_NAMED(Signature_KeyInfo_MgmtData)
  210. ELEMENT_DEFINITION_CHILD_ELEMENTS_END();
  213. /*
  214. Signature::KeyInfo
  215. <!ELEMENT KeyName (#PCDATA) >
  216. */
  217. enum {
  218. eAttribs_Signature_KeyInfo_KeyName_Count = 0
  219. };
  220. ELEMENT_DEFINITION_NS(Signature_KeyInfo, KeyName, sc_ss_xmldsignamespace, Rtl_InspectManifest_Signature, XML_ELEMENT_FLAG_NO_ELEMENTS)
  221. ATTRIBUTE_DEFINITION_NONS_NODEFAULT(empty),
  222. ELEMENT_DEFINITION_DEFNS_END();
  224. ELEMENT_DEFINITION_CHILD_ELEMENTS(Signature_KeyInfo, KeyName)
  225. ELEMENT_DEFINITION_CHILD_ELEMENTS_END();
  227. static int q[] = {0};
  229. NTSTATUS
  230. Rtl_InspectManifest_Signature(
  231. PXML_LOGICAL_STATE pLogicalState,
  232. PRTL_MANIFEST_CONTENT_RAW pManifestContent,
  233. PXMLDOC_THING pDocThing,
  234. PRTL_GROWING_LIST pAttributes,
  235. MANIFEST_ELEMENT_CALLBACK_REASON Reason,
  236. const struct _XML_ELEMENT_DEFINITION *pElementDefinition
  237. )
  238. {
  239. PXML_DSIG_BLOCK pCurrentBlock = NULL;
  240. ULONG ulBlockIndex = 0;
  241. NTSTATUS status;
  243. //
  244. // Might not want signatures
  245. //
  246. if (!pManifestContent->pManifestSignatures)
  247. return STATUS_SUCCESS;
  249. ulBlockIndex = pManifestContent->ulDocumentSignatures;
  251. //
  252. // Top-level <Signature> tag encountered
  253. //
  254. if (pElementDefinition == ELEMENT_NAMED(Signature)) {
  256. status = RtlIndexIntoGrowingList(
  257. pManifestContent->pManifestSignatures,
  258. ulBlockIndex,
  259. (PVOID*)&pCurrentBlock,
  260. (Reason == eElementNotify_Open));
  262. if (!NT_SUCCESS(status))
  263. goto Exit;
  265. //
  266. // Opening the Signature tag requires that we reserve another slot in the signature
  267. // array now before doing anything else.
  268. //
  269. if (Reason == eElementNotify_Open) {
  271. RtlZeroMemory(pCurrentBlock, sizeof(*pCurrentBlock));
  273. //
  274. // Track this opening element as the entire contents of the <Signature> blob
  275. // that will get hashed later on. In the close, we'll adjust the size of the
  276. // element to account for the entire data run.
  277. //
  278. pCurrentBlock->DsigDocumentExtent = pDocThing->TotalExtent;
  279. }
  280. //
  281. // As we close this element, we bump up the number of signatures found in the
  282. // raw content and reset the "whole signature block" value
  283. //
  284. else if (Reason == eElementNotify_Close) {
  285. pManifestContent->ulDocumentSignatures++;
  287. //
  288. // We only care about end elements - the above is already sufficient for
  289. // empty elements.
  290. //
  291. if (pDocThing->ulThingType == XMLDOC_THING_END_ELEMENT) {
  292. ULONG_PTR ulpStartLocation = (ULONG_PTR)pCurrentBlock->DsigDocumentExtent.pvData;
  293. ULONG_PTR ulpThisEnding = ((ULONG_PTR)pDocThing->TotalExtent.pvData) + pDocThing->TotalExtent.cbData;
  294. pCurrentBlock->DsigDocumentExtent.cbData = ulpThisEnding - ulpStartLocation;
  295. }
  297. }
  298. }
  299. //
  300. // Always get the 'active' block, we'll need it for all the operations below,
  301. // but don't grow in case we're out of range.
  302. //
  303. else {
  305. status = RtlIndexIntoGrowingList(pManifestContent->pManifestSignatures, ulBlockIndex, (PVOID*)&pCurrentBlock, FALSE);
  306. if (!NT_SUCCESS(status))
  307. goto Exit;
  308. }
  310. //
  311. // Now do something useful with this block
  312. //
  313. ASSERT(pCurrentBlock != NULL);
  314. if (pCurrentBlock == NULL) {
  315. status = STATUS_INTERNAL_ERROR;
  316. goto Exit;
  317. }
  319. //
  320. // Signature values are only hyperspace, and only one of them at that.
  321. //
  322. if (pElementDefinition == ELEMENT_NAMED(Signature_SignatureValue)) {
  324. if (Reason == eElementNotify_Hyperspace) {
  325. if ((pCurrentBlock->ulFlags & XMLDSIG_FLAG_SIGNATURE_DATA_PRESENT) == 0) {
  326. pCurrentBlock->ulFlags |= XMLDSIG_FLAG_SIGNATURE_DATA_PRESENT;
  327. pCurrentBlock->SignatureData = pDocThing->Hyperspace;
  328. }
  329. else {
  330. // TODO: Log an error here about duplicate <SignatureData>'s being invalid
  331. status = STATUS_UNSUCCESSFUL;
  332. goto Exit;
  333. }
  334. }
  335. }
  336. //
  337. // Signature methods get tacked into the current block as well
  338. //
  339. else if (pElementDefinition == ELEMENT_NAMED(Signature_SignedInfo_SignatureMethod)) {
  341. PXMLDOC_ATTRIBUTE OrganizedAttributes[eAttribs_Signature_SignedInfo_SignatureMethod_Count];
  343. if (Reason == eElementNotify_Open) {
  345. status = RtlValidateAttributesAndOrganize(
  346. &pLogicalState->ParseState,
  347. &pDocThing->Element,
  348. pAttributes,
  349. pElementDefinition,
  350. OrganizedAttributes);
  352. if (OrganizedAttributes[eAttribs_Signature_SignedInfo_SignatureMethod_Algorithm]) {
  353. if ((pCurrentBlock->ulFlags & XMLDSIG_FLAG_SIGNATURE_METHOD_PRESENT) == 0) {
  354. pCurrentBlock->SignedInfoData.SignatureMethod = OrganizedAttributes[eAttribs_Signature_SignedInfo_SignatureMethod_Algorithm]->Value;
  355. pCurrentBlock->ulFlags |= XMLDSIG_FLAG_SIGNATURE_METHOD_PRESENT;
  356. }
  357. else {
  358. // TODO: Log a message here about duplicated SignatureMethod.Algorithm values
  359. status = STATUS_UNSUCCESSFUL;
  360. goto Exit;
  361. }
  362. }
  363. else {
  364. // TODO: Algorithm is required on this element
  365. status = STATUS_UNSUCCESSFUL;
  366. goto Exit;
  367. }
  368. }
  369. }
  371. status = STATUS_SUCCESS;
  372. Exit:
  373. return status;
  374. }