//+------------------------------------------------------------------------- // // Microsoft Windows // // Copyright (C) Microsoft Corporation, 1996 - 1999 // // File: SIPObj.cpp // // Contents: Microsoft SIP Provider // // History: 15-Feb-1997 pberkman created // //-------------------------------------------------------------------------- #include "global.hxx" #include "crypthlp.h" #include "sipobj.hxx" #include "sha.h" #include "md5.h" //////////////////////////////////////////////////////////////////////////// // // construct/destruct: // SIPObject_::SIPObject_(DWORD id) { hFile = INVALID_HANDLE_VALUE; hProv = NULL; uSubjectForm = MSSIP_SUBJECT_FORM_FILE; bCloseFile = FALSE; fUseFileMap = TRUE; hMappedFile = INVALID_HANDLE_VALUE; pbFileMap = NULL; cbFileMap = 0; } SIPObject_::~SIPObject_(void) { HRESULT lerr; lerr = GetLastError(); if ((hFile != INVALID_HANDLE_VALUE) && (bCloseFile)) { CloseHandle(hFile); } this->UnmapFile(); SetLastError(lerr); } //////////////////////////////////////////////////////////////////////////// // // public: // BOOL SIPObject_::GetSignedDataMsg(SIP_SUBJECTINFO *pSI,DWORD dwIdx, DWORD *pdwDLen,BYTE *pbData, DWORD *pdwEncodeType) { if (!(pdwDLen)) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } if (this->FileHandleFromSubject(pSI)) { DWORD dwOldError; dwOldError = GetLastError(); if (*pdwDLen == 0) { pbData = NULL; // just to be sure for future WIN32 style calls! } if (this->GetMessageFromFile(pSI, (LPWIN_CERTIFICATE)pbData, dwIdx, pdwDLen)) { if (pbData) { LPWIN_CERTIFICATE pCertHdr; pCertHdr = (LPWIN_CERTIFICATE)pbData; if (*pdwDLen < OFFSETOF(WIN_CERTIFICATE,bCertificate) || pCertHdr->dwLength < OFFSETOF(WIN_CERTIFICATE,bCertificate)) { SetLastError((DWORD) ERROR_INVALID_PARAMETER); return(FALSE); } pSI->dwIntVersion = (DWORD)pCertHdr->wRevision; switch (pCertHdr->wCertificateType) { case WIN_CERT_TYPE_PKCS_SIGNED_DATA: *pdwEncodeType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING; break; case WIN_CERT_TYPE_X509: case WIN_CERT_TYPE_RESERVED_1: default: *pdwEncodeType = 0; } DWORD dwCert; BYTE *pszStart; BYTE *pszData; dwCert = pCertHdr->dwLength - OFFSETOF(WIN_CERTIFICATE,bCertificate); pszStart = (BYTE *)pCertHdr; pszData = pCertHdr->bCertificate; memcpy(pszStart, pszData, dwCert); *pdwDLen = dwCert; # if (DBG) HANDLE hDebug; DWORD dwDbgwr; hDebug = CreateFile("C:\\SIPOBJ.DBG",GENERIC_WRITE,FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL,NULL); if (hDebug != INVALID_HANDLE_VALUE) { WriteFile(hDebug, &pszData[0], dwCert, &dwDbgwr,NULL); CloseHandle(hDebug); } # endif // DBG } return(TRUE); } else if ((GetLastError() == ERROR_INSUFFICIENT_BUFFER) && (pbData == NULL)) { DWORD cbFileSize = GetFileSize(this->hFile, NULL); if (cbFileSize == INVALID_FILE_SIZE) { cbFileSize = 0; } // just getting length... if (*pdwDLen < OFFSETOF(WIN_CERTIFICATE,bCertificate) || (*pdwDLen - OFFSETOF(WIN_CERTIFICATE,bCertificate)) > cbFileSize) { // Signature can't be larger than the file *pdwDLen = 0; SetLastError((DWORD) ERROR_INVALID_PARAMETER); return(FALSE); } else { SetLastError(dwOldError); return(TRUE); } } } return(FALSE); } BOOL SIPObject_::PutSignedDataMsg(SIP_SUBJECTINFO *pSI,DWORD *pdwIdx, DWORD dwDLen,BYTE *pbData, DWORD dwEncodeType) { if (this->FileHandleFromSubject(pSI, GENERIC_READ | GENERIC_WRITE)) { LPWIN_CERTIFICATE pCertHdr; DWORD dwData; DWORD cbCheck; dwData = OFFSETOF(WIN_CERTIFICATE, bCertificate) + dwDLen; dwData = (dwData + 7) & ~7; // allign on 8 byte if (!(pCertHdr = (LPWIN_CERTIFICATE)this->SIPNew(dwData))) { return(FALSE); } memset(pCertHdr, 0x00, dwData); pCertHdr->dwLength = dwData; pCertHdr->wRevision = WIN_CERT_REVISION_2_0; pCertHdr->wCertificateType = WIN_CERT_TYPE_PKCS_SIGNED_DATA; if (pbData) { fSizeFileOnly = FALSE; memcpy(&pCertHdr->bCertificate[0], &pbData[0], dwDLen); # if (DBG) HANDLE hDebug; DWORD dwDbgwr; hDebug = CreateFile("C:\\SIPOBJ.DBG",GENERIC_WRITE,FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL,NULL); if (hDebug != INVALID_HANDLE_VALUE) { WriteFile(hDebug,&pbData[0],dwDLen,&dwDbgwr,NULL); CloseHandle(hDebug); } # endif // DBG } else { fSizeFileOnly = TRUE; memset(&pCertHdr->bCertificate[0], 0x00, dwDLen); } if (!(this->PutMessageInFile(pSI, pCertHdr, pdwIdx))) { delete pCertHdr; return(FALSE); } delete pCertHdr; return(TRUE); } return(FALSE); } BOOL SIPObject_::CreateIndirectData(SIP_SUBJECTINFO *pSI,DWORD *pdwDLen, SIP_INDIRECT_DATA *psData) { HCRYPTPROV hProvT; hProvT = pSI->hProv; if (!(hProvT)) { if (!(this->LoadDefaultProvider())) { return(FALSE); } hProvT = this->hProv; } BYTE *pbDigest; DWORD cbDigest; if (!(psData)) { // // length only! // HCRYPTHASH hHash; DWORD dwRetLen; DWORD dwEncLen; DWORD dwAlgId; dwRetLen = sizeof(SIP_INDIRECT_DATA); // crypt_algorithm_identifier... // obj id dwRetLen += strlen(pSI->DigestAlgorithm.pszObjId); dwRetLen += 1; // null term. // parameters (none)... // crypt_attribute_type_value size... dwRetLen += strlen(this->GetDataObjectID()); dwRetLen += 1; // null term. // size of the value (flags).... dwEncLen = 0; CryptEncodeObject( PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, this->GetDataOIDHint(), this->GetMyStructure(pSI), NULL, &dwEncLen); if (dwEncLen > 0) { dwRetLen += dwEncLen; // hash of subject if ((dwAlgId = CertOIDToAlgId(pSI->DigestAlgorithm.pszObjId)) == 0) { SetLastError((DWORD)NTE_BAD_ALGID); return(FALSE); } switch (dwAlgId) { case CALG_MD5: cbDigest = MD5DIGESTLEN; break; case CALG_SHA1: cbDigest = A_SHA_DIGEST_LEN; break; default: if (!(CryptCreateHash(hProvT, dwAlgId, NULL, 0, &hHash))) { return(FALSE); } // just to get hash length if (!(CryptHashData(hHash,(const BYTE *)" ",1,0))) { CryptDestroyHash(hHash); return(FALSE); } cbDigest = 0; CryptGetHashParam(hHash, HP_HASHVAL, NULL, &cbDigest,0); CryptDestroyHash(hHash); } if (cbDigest > 0) { dwRetLen += cbDigest; *pdwDLen = dwRetLen; return(TRUE); } } } else if (this->FileHandleFromSubject(pSI)) { if (pbDigest = this->DigestFile(hProvT, this->GetDigestFlags(pSI), pSI->DigestAlgorithm.pszObjId, &cbDigest)) { DWORD_PTR offset; DWORD dwRetLen; dwRetLen = 0; CryptEncodeObject( PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, this->GetDataOIDHint(), this->GetMyStructure(pSI), NULL, &dwRetLen); if (dwRetLen > 0) { BYTE *attrdata; attrdata = (BYTE *)this->SIPNew(dwRetLen); if (attrdata) { if (CryptEncodeObject( PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, this->GetDataOIDHint(), this->GetMyStructure(pSI), attrdata, &dwRetLen)) { // // assign allocated memory to our structure // offset = (DWORD_PTR)psData + sizeof(SIP_INDIRECT_DATA); if ((offset + strlen(this->GetDataObjectID()) + 1 + dwRetLen + strlen(pSI->DigestAlgorithm.pszObjId) + 1 + cbDigest) > ((DWORD_PTR) psData) + *pdwDLen) { delete pbDigest; delete attrdata; return(FALSE); } strcpy((char *)offset, this->GetDataObjectID()); psData->Data.pszObjId = (LPSTR)offset; offset += (strlen(this->GetDataObjectID()) + 1); memcpy((void *)offset,attrdata,dwRetLen); psData->Data.Value.pbData = (BYTE *)offset; psData->Data.Value.cbData = dwRetLen; offset += dwRetLen; strcpy((char *)offset, (char *)pSI->DigestAlgorithm.pszObjId); psData->DigestAlgorithm.pszObjId = (char *)offset; psData->DigestAlgorithm.Parameters.cbData = 0; psData->DigestAlgorithm.Parameters.pbData = NULL; offset += (strlen(pSI->DigestAlgorithm.pszObjId) + 1); memcpy((void *)offset,pbDigest,cbDigest); psData->Digest.pbData = (BYTE *)offset; psData->Digest.cbData = cbDigest; delete pbDigest; delete attrdata; return(TRUE); } delete attrdata; } } delete pbDigest; } } return(FALSE); } BOOL SIPObject_::VerifyIndirectData(SIP_SUBJECTINFO *pSI, SIP_INDIRECT_DATA *psData) { if (!(psData)) { if (this->FileHandleFromSubject(pSI)) // if the file exists, set bad parameter! { SetLastError((DWORD)ERROR_INVALID_PARAMETER); } return(FALSE); } if (this->FileHandleFromSubject(pSI)) { DWORD cbDigest; BYTE *pbDigest; if (!(pbDigest = this->DigestFile( pSI->hProv, this->GetDigestFlags(pSI), psData->DigestAlgorithm.pszObjId, &cbDigest))) { return(FALSE); } if ((cbDigest != psData->Digest.cbData) || (memcmp(pbDigest,psData->Digest.pbData,cbDigest) != 0)) { delete pbDigest; SetLastError(TRUST_E_BAD_DIGEST); return(FALSE); } delete pbDigest; return(TRUE); } return(FALSE); } ////////////////////////////////////////////////////////////////////////////// // // protected: // void *SIPObject_::SIPNew(DWORD cbytes) { void *pvRet; pvRet = (void *)new char[cbytes]; if (!(pvRet)) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); } return(pvRet); } BOOL SIPObject_::OpenFile(LPCWSTR FileName, DWORD dwAccess, DWORD dwShared) { if ((this->hFile != INVALID_HANDLE_VALUE) && (this->hFile)) { // // we've already opened it.... // return(TRUE); } if ((this->hFile = CreateFileU( FileName, dwAccess, dwShared, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE) { return(FALSE); } this->bCloseFile = TRUE; return(TRUE); } BOOL SIPObject_::FileHandleFromSubject(SIP_SUBJECTINFO *pSubject, DWORD dwAccess, DWORD dwShared) { dwFileAccess = dwAccess; if ((pSubject->hFile == NULL) || (pSubject->hFile == INVALID_HANDLE_VALUE)) { if (!(this->OpenFile(pSubject->pwsFileName, dwAccess, dwShared))) { return(FALSE); } } else { this->hFile = pSubject->hFile; if (SetFilePointer(this->hFile, 0, NULL, FILE_BEGIN) == 0xFFFFFFFF) { return(FALSE); } } return(this->MapFile()); } void SIPObject_::AllocateAndFillCryptBitBlob(CRYPT_BIT_BLOB *bb,DWORD Flags, DWORD cUnusedBits) { if (bb) { bb->cbData = 1; bb->pbData = new BYTE[1]; bb->cUnusedBits = cUnusedBits; if(bb->pbData) bb->pbData[0] = (BYTE)(Flags & 0x000000ff); } } void SIPObject_::DestroyCryptBitBlob(CRYPT_BIT_BLOB *bb) { if (bb) { if (bb->pbData) { delete bb->pbData; bb->pbData = NULL; } } } DWORD SIPObject_::CryptBitBlobToFlags(CRYPT_BIT_BLOB *bb) { if ((bb) && (bb->pbData)) { return((DWORD)bb->pbData[0]); } return(0); } BYTE *SIPObject_::DigestFile(HCRYPTPROV hProv, DWORD dwFlags, char *pszObjId, DWORD *pcbDigest) { DIGEST_DATA DigestData; A_SHA_CTX sShaCtx; MD5_CTX sMd5Ctx; *pcbDigest = 0; if ((DigestData.dwAlgId = CertOIDToAlgId(pszObjId)) == 0) { SetLastError((DWORD)NTE_BAD_ALGID); return(NULL); } DigestData.cbCache = 0; DigestData.hHash = 0; switch (DigestData.dwAlgId) { case CALG_MD5: DigestData.pvSHA1orMD5Ctx = &sMd5Ctx; break; case CALG_SHA1: DigestData.pvSHA1orMD5Ctx = &sShaCtx; break; default: DigestData.pvSHA1orMD5Ctx = NULL; } if (!(SipCreateHash(hProv, &DigestData))) { return(NULL); } if (!(this->GetDigestStream(&DigestData, (DIGEST_FUNCTION)DigestFileData, dwFlags))) { return(NULL); } // Data left over ? if (DigestData.cbCache > 0) { if (!(SipHashData(&DigestData, DigestData.pbCache, DigestData.cbCache))) { SipDestroyHash(&DigestData); return(NULL); } } BYTE *pbRet; pbRet = SipGetHashValue(&DigestData, pcbDigest); SipDestroyHash(&DigestData); return(pbRet); } BOOL SIPObject_::LoadDefaultProvider(void) { if (this->hProv) { return(TRUE); } this->hProv = I_CryptGetDefaultCryptProv(0); // get the default and DONT RELEASE IT!!!! if (this->hProv) { return(TRUE); } return(FALSE); } BOOL SIPObject_::SeekAndWriteFile(DWORD lFileOffset,BYTE *pb, DWORD cb) { DWORD cbWritten; if (SetFilePointer(this->hFile, lFileOffset, NULL, FILE_BEGIN) == 0xFFFFFFFF) { return(FALSE); } if (!(WriteFile(this->hFile, pb, cb, &cbWritten, NULL)) || (cbWritten != cb)) { return(FALSE); } return(TRUE); } BOOL SIPObject_::SeekAndReadFile(DWORD lFileOffset, BYTE *pb, DWORD cb) { if (!(this->pbFileMap) || (this->cbFileMap < (lFileOffset + cb))) { return(FALSE); } __try { memcpy(pb, &this->pbFileMap[lFileOffset], cb); } __except(EXCEPTION_EXECUTE_HANDLER) { SetLastError(GetExceptionCode()); return(FALSE); } return(TRUE); } void SIPObject_::set_CertVersion(DWORD dwNewCertVersion) { uCertVersion = dwNewCertVersion; if (uCertVersion < WIN_CERT_REVISION_1_0) // just in case it hasn't been set yet. { uCertVersion = WIN_CERT_REVISION_2_0; } } BOOL SIPObject_::MapFile(void) { if (!(this->fUseFileMap)) { return(TRUE); } BOOL fRet; if (this->pbFileMap) { this->UnmapFile(); } hMappedFile = CreateFileMapping(this->hFile, NULL, (dwFileAccess & GENERIC_WRITE) ? PAGE_READWRITE : PAGE_READONLY, 0, 0, NULL); if (!(hMappedFile) || (hMappedFile == INVALID_HANDLE_VALUE)) { goto FileMapFailed; } this->pbFileMap = (BYTE *)MapViewOfFile(hMappedFile, (dwFileAccess & GENERIC_WRITE) ? FILE_MAP_WRITE : FILE_MAP_READ, 0, 0, 0); if (!(this->pbFileMap)) { goto FileViewFailed; } this->cbFileMap = GetFileSize(this->hFile, NULL); fRet = TRUE; CommonReturn: return(fRet); ErrorReturn: this->cbFileMap = 0; this->UnmapFile(); fRet = FALSE; goto CommonReturn; TRACE_ERROR_EX(DBG_SS, FileMapFailed); TRACE_ERROR_EX(DBG_SS, FileViewFailed); } BOOL SIPObject_::UnmapFile(void) { if ((hMappedFile != INVALID_HANDLE_VALUE) && (hMappedFile)) { CloseHandle(hMappedFile); hMappedFile = INVALID_HANDLE_VALUE; } if (this->pbFileMap) { UnmapViewOfFile(this->pbFileMap); this->pbFileMap = NULL; this->cbFileMap = 0; } return(TRUE); }