Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

713 lines
19 KiB

//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: mssip32.cpp
//
// Contents: Microsoft SIP Provider
//
// History: 14-Feb-1997 pberkman created
//
//--------------------------------------------------------------------------
#include "global.hxx"
#include "sipobj.hxx"
#include "sipobjpe.hxx"
#include "sipobjjv.hxx"
#include "sipobjcb.hxx"
#include "sipobjfl.hxx"
#include "sipobjct.hxx"
#include "sipobjss.hxx"
#include "crypthlp.h"
#include "sha.h"
#include "md5.h"
#define MY_NAME L"WINTRUST.DLL"
SIPObject_ *mssip_CreateSubjectObject(const GUID *chk);
//
// the entries in SubjectsGuid MUST be in the same
// relative position and coalate with those in the
// SubjectsID.
//
static const GUID SubjectsGuid[] =
{
CRYPT_SUBJTYPE_PE_IMAGE,
CRYPT_SUBJTYPE_JAVACLASS_IMAGE,
CRYPT_SUBJTYPE_CABINET_IMAGE,
CRYPT_SUBJTYPE_FLAT_IMAGE,
CRYPT_SUBJTYPE_CATALOG_IMAGE,
CRYPT_SUBJTYPE_CTL_IMAGE
};
// CRYPT_SUBJTYPE_SS_IMAGE
static const UINT SubjectsID[] =
{
MSSIP_ID_PE,
MSSIP_ID_JAVA,
MSSIP_ID_CAB,
MSSIP_ID_FLAT,
MSSIP_ID_CATALOG,
MSSIP_ID_CTL,
MSSIP_ID_NONE // MUST be at the end!
};
// MSSIP_ID_SS,
BOOL WINAPI CryptSIPGetSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo,
OUT DWORD *dwEncodingType,
IN DWORD dwIndex,
IN OUT DWORD *pdwDataLen,
OUT BYTE *pbData)
{
DWORD dwLastError=0;
if (!(pSubjectInfo) || !(pdwDataLen) || !(dwEncodingType))
{
SetLastError((DWORD)ERROR_INVALID_PARAMETER);
return(FALSE);
}
SIPObject_ *pSubjectObj;
if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType)))
{
SetLastError((DWORD)ERROR_INVALID_PARAMETER);
return(FALSE);
}
pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType);
if (!(pSubjectObj))
{
if (!(pbData))
{
*pdwDataLen = 0;
}
return(FALSE);
}
pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion);
BOOL bRet;
bRet = pSubjectObj->GetSignedDataMsg(pSubjectInfo,
dwIndex,pdwDataLen,pbData,dwEncodingType);
dwLastError=GetLastError();
delete pSubjectObj;
SetLastError(dwLastError);
return(bRet);
}
BOOL WINAPI CryptSIPPutSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo,
IN DWORD dwEncodingType,
OUT DWORD *pdwIndex,
IN DWORD dwDataLen,
IN BYTE *pbData)
{
if (!(pSubjectInfo) ||
(dwDataLen < 1) ||
!(pdwIndex) ||
!(pbData))
{
SetLastError((DWORD)ERROR_INVALID_PARAMETER);
return(FALSE);
}
SIPObject_ *pSubjectObj;
if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType)))
{
SetLastError((DWORD)ERROR_INVALID_PARAMETER);
return(FALSE);
}
pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType);
if (!(pSubjectObj))
{
return(FALSE);
}
pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion);
BOOL bRet;
bRet = pSubjectObj->PutSignedDataMsg(pSubjectInfo,
pdwIndex,dwDataLen,pbData,dwEncodingType);
delete pSubjectObj;
return(bRet);
}
BOOL WINAPI CryptSIPRemoveSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo,
IN DWORD dwIndex)
{
if (!(pSubjectInfo))
{
SetLastError((DWORD)ERROR_INVALID_PARAMETER);
return(FALSE);
}
SIPObject_ *pSubjectObj;
if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType)))
{
SetLastError((DWORD)ERROR_INVALID_PARAMETER);
return(FALSE);
}
pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType);
if (!(pSubjectObj))
{
return(FALSE);
}
pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion);
BOOL bRet;
bRet = pSubjectObj->RemoveSignedDataMsg(pSubjectInfo,dwIndex);
delete pSubjectObj;
return(bRet);
}
BOOL WINAPI CryptSIPCreateIndirectData( IN SIP_SUBJECTINFO *pSubjectInfo,
IN OUT DWORD *pdwDataLen,
OUT SIP_INDIRECT_DATA *psData)
{
if (!(pSubjectInfo) || !(pdwDataLen))
{
SetLastError((DWORD)ERROR_INVALID_PARAMETER);
return(FALSE);
}
SIPObject_ *pSubjectObj;
if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType)))
{
SetLastError((DWORD)ERROR_INVALID_PARAMETER);
return(FALSE);
}
pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType);
if (!(pSubjectObj))
{
if (!(psData))
{
*pdwDataLen = 0;
}
return(FALSE);
}
//
// ALWAYS set the latest version when we are creating the
// indirect data content!
//
pSubjectInfo->dwIntVersion = WIN_CERT_REVISION_2_0;
pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion);
BOOL bRet;
bRet = pSubjectObj->CreateIndirectData(pSubjectInfo,pdwDataLen,psData);
delete pSubjectObj;
return(bRet);
}
BOOL WINAPI CryptSIPVerifyIndirectData( IN SIP_SUBJECTINFO *pSubjectInfo,
IN SIP_INDIRECT_DATA *psData)
{
if (!(pSubjectInfo))
{
SetLastError((DWORD)ERROR_INVALID_PARAMETER);
return(FALSE);
}
SIPObject_ *pSubjectObj;
if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType)))
{
SetLastError((DWORD)ERROR_INVALID_PARAMETER);
return(FALSE);
}
pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType);
if (!(pSubjectObj))
{
return(FALSE);
}
//
// if we are a catalog member, set the version number to whatever
// was set when the catalog file was created...
//
if ((WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwUnionChoice)) &&
(pSubjectInfo->dwUnionChoice == MSSIP_ADDINFO_CATMEMBER) &&
(pSubjectInfo->psCatMember))
{
if (pSubjectInfo->psCatMember->cbStruct == sizeof(MS_ADDINFO_CATALOGMEMBER))
{
if ((pSubjectInfo->psCatMember->pMember) &&
(pSubjectInfo->psCatMember->pMember->cbStruct == sizeof(CRYPTCATMEMBER)))
{
pSubjectInfo->dwIntVersion = pSubjectInfo->psCatMember->pMember->dwCertVersion;
}
}
}
pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion);
if (pSubjectObj->get_CertVersion() < WIN_CERT_REVISION_2_0)
{
DWORD dwCAPIFlags;
CryptSIPGetRegWorkingFlags(&dwCAPIFlags);
if (dwCAPIFlags & WTPF_VERIFY_V1_OFF)
{
delete pSubjectObj;
SetLastError((DWORD)CRYPT_E_SECURITY_SETTINGS);
return(FALSE);
}
}
BOOL bRet;
bRet = pSubjectObj->VerifyIndirectData(pSubjectInfo, psData);
delete pSubjectObj;
return(bRet);
}
//////////////////////////////////////////////////////////////////////////////////////
//
// internal utility functions
//------------------------------------------------------------------------------------
//
SIPObject_ *mssip_CreateSubjectObject(const GUID *chk)
{
UINT idx;
SIPObject_ *pSO;
pSO = NULL;
idx = 0;
while (SubjectsID[idx] != MSSIP_ID_NONE)
{
if (SubjectsGuid[idx] == *chk)
{
switch (SubjectsID[idx])
{
case MSSIP_ID_PE:
pSO = (SIPObject_ *)new SIPObjectPE_(SubjectsID[idx]);
break;
case MSSIP_ID_JAVA:
pSO = (SIPObject_ *)new SIPObjectJAVA_(SubjectsID[idx]);
break;
case MSSIP_ID_CAB:
pSO = (SIPObject_ *)new SIPObjectCAB_(SubjectsID[idx]);
break;
case MSSIP_ID_FLAT:
pSO = (SIPObject_ *)new SIPObjectFlat_(SubjectsID[idx]);
break;
case MSSIP_ID_CTL: // currently, the same logic as catalog files!
case MSSIP_ID_CATALOG:
pSO = (SIPObject_ *)new SIPObjectCatalog_(SubjectsID[idx]);
break;
/* case MSSIP_ID_SS:
pSO = (SIPObject_ *)new SIPObjectSS_(SubjectsID[idx]);
break; */
case MSSIP_V1ID_PE:
case MSSIP_V1ID_PE_EX:
default:
SetLastError((DWORD)TRUST_E_SUBJECT_FORM_UNKNOWN);
return(NULL);
}
if (!(pSO))
{
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
return(NULL);
}
break;
}
idx++;
}
if (!(pSO))
{
SetLastError((DWORD)TRUST_E_SUBJECT_FORM_UNKNOWN);
}
return(pSO);
}
BOOL WINAPI DigestFileData( IN HSPCDIGESTDATA hDigestData,
IN const BYTE *pbData,
IN DWORD cbData)
{
BOOL fRet;
PDIGEST_DATA pDigestData;
fRet = TRUE;
pDigestData = (PDIGEST_DATA)hDigestData;
if (cbData > HASH_CACHE_LEN)
{
if (pDigestData->cbCache > 0)
{
fRet = SipHashData(pDigestData, pDigestData->pbCache, pDigestData->cbCache);
pDigestData->cbCache = 0;
if (!(fRet))
{
return(FALSE);
}
}
fRet = SipHashData(pDigestData, (BYTE *)pbData, cbData);
}
else
{
while (cbData > 0)
{
DWORD cbCopy;
cbCopy = min(HASH_CACHE_LEN - pDigestData->cbCache, cbData);
memcpy(&pDigestData->pbCache[pDigestData->cbCache], pbData,
cbCopy);
cbData -= cbCopy;
pbData += cbCopy;
pDigestData->cbCache += cbCopy;
if (pDigestData->cbCache == HASH_CACHE_LEN)
{
pDigestData->cbCache = 0;
if (!(fRet = SipHashData(pDigestData, pDigestData->pbCache, HASH_CACHE_LEN)))
{
break;
}
}
}
}
return(fRet);
}
BOOL SipCreateHash(HCRYPTPROV hProv, DIGEST_DATA *psDigestData)
{
BOOL fRet;
fRet = TRUE;
switch (psDigestData->dwAlgId)
{
case CALG_MD5:
MD5Init((MD5_CTX *)psDigestData->pvSHA1orMD5Ctx);
break;
case CALG_SHA1:
A_SHAInit((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx);
break;
default:
if (!(hProv))
{
hProv = I_CryptGetDefaultCryptProv(0); // get the default and DONT RELEASE IT!!!!
}
fRet = CryptCreateHash(hProv, psDigestData->dwAlgId, NULL, 0, &psDigestData->hHash);
break;
}
return(fRet);
}
BOOL SipHashData(DIGEST_DATA *psDigestData, BYTE *pbData, DWORD cbData)
{
switch (psDigestData->dwAlgId)
{
case CALG_MD5:
MD5Update((MD5_CTX *)psDigestData->pvSHA1orMD5Ctx, pbData, cbData);
return(TRUE);
case CALG_SHA1:
A_SHAUpdate((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx, pbData, cbData);
return(TRUE);
}
return(CryptHashData(psDigestData->hHash, pbData, cbData, 0));
}
BYTE *SipGetHashValue(DIGEST_DATA *psDigestData, DWORD *pcbHash)
{
BYTE *pbRet;
pbRet = NULL;
switch (psDigestData->dwAlgId)
{
case CALG_MD5:
*pcbHash = MD5DIGESTLEN;
break;
case CALG_SHA1:
*pcbHash = A_SHA_DIGEST_LEN;
break;
default:
*pcbHash = 0;
CryptGetHashParam(psDigestData->hHash, HP_HASHVAL, NULL, pcbHash,0);
}
if (*pcbHash < 1)
{
goto HashLengthError;
}
if (!(pbRet = new BYTE[*pcbHash]))
{
goto MemoryError;
}
switch (psDigestData->dwAlgId)
{
case CALG_MD5:
MD5_CTX *pMD5;
pMD5 = (MD5_CTX *)psDigestData->pvSHA1orMD5Ctx;
MD5Final(pMD5);
memcpy(pbRet, pMD5->digest, MD5DIGESTLEN);
psDigestData->pvSHA1orMD5Ctx = NULL;
break;
case CALG_SHA1:
A_SHAFinal((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx, pbRet);
psDigestData->pvSHA1orMD5Ctx = NULL;
break;
default:
if (CryptGetHashParam(psDigestData->hHash, HP_HASHVAL, pbRet, pcbHash, 0))
{
goto HashParamError;
}
break;
}
CommonReturn:
return(pbRet);
ErrorReturn:
DELETE_OBJECT(pbRet);
goto CommonReturn;
SET_ERROR_VAR_EX(DBG_SS, MemoryError, ERROR_NOT_ENOUGH_MEMORY);
SET_ERROR_VAR_EX(DBG_SS, HashLengthError, GetLastError());
SET_ERROR_VAR_EX(DBG_SS, HashParamError, GetLastError());
}
void SipDestroyHash(DIGEST_DATA *psDigestData)
{
switch (psDigestData->dwAlgId)
{
case CALG_MD5:
if (psDigestData->pvSHA1orMD5Ctx)
{
MD5Final((MD5_CTX *)psDigestData->pvSHA1orMD5Ctx);
}
break;
case CALG_SHA1:
if (psDigestData->pvSHA1orMD5Ctx)
{
BYTE bRet[A_SHA_DIGEST_LEN];
A_SHAFinal((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx, &bRet[0]);
}
break;
default:
CryptDestroyHash(psDigestData->hHash);
break;
}
}
//////////////////////////////////////////////////////////////////////////////////////
//
// standard DLL exports ...
//------------------------------------------------------------------------------------
//
BOOL WINAPI mssip32DllMain(HANDLE hInstDLL,DWORD fdwReason,LPVOID lpvReserved)
{
return(TRUE);
}
STDAPI mssip32DllRegisterServer(void)
{
BOOL fRet;
GUID gFlat = CRYPT_SUBJTYPE_FLAT_IMAGE;
GUID gPe = CRYPT_SUBJTYPE_PE_IMAGE;
GUID gCb = CRYPT_SUBJTYPE_CABINET_IMAGE;
GUID gJv = CRYPT_SUBJTYPE_JAVACLASS_IMAGE;
GUID gCat = CRYPT_SUBJTYPE_CATALOG_IMAGE;
GUID gCTL = CRYPT_SUBJTYPE_CTL_IMAGE;
GUID gSS = CRYPT_SUBJTYPE_SS_IMAGE;
SIP_ADD_NEWPROVIDER sProv;
fRet = TRUE;
memset(&sProv, 0x00, sizeof(SIP_ADD_NEWPROVIDER));
sProv.cbStruct = sizeof(SIP_ADD_NEWPROVIDER);
sProv.pwszDLLFileName = MY_NAME;
sProv.pwszGetFuncName = L"CryptSIPGetSignedDataMsg";
sProv.pwszPutFuncName = L"CryptSIPPutSignedDataMsg";
sProv.pwszCreateFuncName = L"CryptSIPCreateIndirectData";
sProv.pwszVerifyFuncName = L"CryptSIPVerifyIndirectData";
sProv.pwszRemoveFuncName = L"CryptSIPRemoveSignedDataMsg";
sProv.pgSubject = &gFlat;
fRet &= CryptSIPAddProvider(&sProv);
sProv.pgSubject = &gCb;
sProv.pwszMagicNumber = L"MSCF";
fRet &= CryptSIPAddProvider(&sProv);
sProv.pgSubject = &gPe;
sProv.pwszMagicNumber = L"0x00004550";
fRet &= CryptSIPAddProvider(&sProv);
sProv.pgSubject = &gJv;
sProv.pwszMagicNumber = L"0xcafebabe";
fRet &= CryptSIPAddProvider(&sProv);
sProv.pgSubject = &gCat;
fRet &= CryptSIPAddProvider(&sProv);
sProv.pgSubject = &gCTL;
fRet &= CryptSIPAddProvider(&sProv);
//
// structured storage is last becuase it
// has an "is" function...
//
/* sProv.pgSubject = &gSS;
sProv.pwszIsFunctionNameFmt2 = L"IsStructuredStorageFile";
fRet &= CryptSIPAddProvider(&sProv); */
CryptSIPRemoveProvider(&gSS);
return(fRet ? S_OK : S_FALSE);
}
STDAPI mssip32DllUnregisterServer(void)
{
GUID gFlat = CRYPT_SUBJTYPE_FLAT_IMAGE;
GUID gPe = CRYPT_SUBJTYPE_PE_IMAGE;
GUID gCb = CRYPT_SUBJTYPE_CABINET_IMAGE;
GUID gJv = CRYPT_SUBJTYPE_JAVACLASS_IMAGE;
GUID gCat = CRYPT_SUBJTYPE_CATALOG_IMAGE;
GUID gCTL = CRYPT_SUBJTYPE_CTL_IMAGE;
GUID gSS = CRYPT_SUBJTYPE_SS_IMAGE;
CryptSIPRemoveProvider(&gFlat);
CryptSIPRemoveProvider(&gPe);
CryptSIPRemoveProvider(&gCb);
CryptSIPRemoveProvider(&gJv);
CryptSIPRemoveProvider(&gCat);
CryptSIPRemoveProvider(&gCTL);
CryptSIPRemoveProvider(&gSS);
return(S_OK);
}
void CryptSIPGetRegWorkingFlags(DWORD *pdwState)
{
WintrustGetRegPolicyFlags(pdwState);
}
//
// support for Auth2 release
//
typedef struct _SIP_INFORMATION
{
DWORD cbSize; // sizeof(SIP_INFORMATION)
DWORD cgSubjects; // number of guids in array
const GUID *pgSubjects; // array of supported guids/subjects
} SIP_INFORMATION, *PSIP_INFORMATION;
BOOL CryptSIPGetInfo(IN OUT SIP_INFORMATION *pSIPInit)
{
UINT i;
i = 0;
pSIPInit->cbSize = sizeof(SIP_INFORMATION);
while (SubjectsID[i] != MSSIP_ID_NONE)
{
i++;
}
pSIPInit->cgSubjects = i;
pSIPInit->pgSubjects = &SubjectsGuid[0];
return(TRUE);
}