Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

713 lines
18 KiB

  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1996 - 1999
  6. //
  7. // File: mssip32.cpp
  8. //
  9. // Contents: Microsoft SIP Provider
  10. //
  11. // History: 14-Feb-1997 pberkman created
  12. //
  13. //--------------------------------------------------------------------------
  14. #include "global.hxx"
  15. #include "sipobj.hxx"
  16. #include "sipobjpe.hxx"
  17. #include "sipobjjv.hxx"
  18. #include "sipobjcb.hxx"
  19. #include "sipobjfl.hxx"
  20. #include "sipobjct.hxx"
  21. #include "sipobjss.hxx"
  22. #include "crypthlp.h"
  23. #include "sha.h"
  24. #include "md5.h"
  25. #define MY_NAME L"WINTRUST.DLL"
  26. SIPObject_ *mssip_CreateSubjectObject(const GUID *chk);
  27. //
  28. // the entries in SubjectsGuid MUST be in the same
  29. // relative position and coalate with those in the
  30. // SubjectsID.
  31. //
  32. static const GUID SubjectsGuid[] =
  33. {
  34. CRYPT_SUBJTYPE_PE_IMAGE,
  35. CRYPT_SUBJTYPE_JAVACLASS_IMAGE,
  36. CRYPT_SUBJTYPE_CABINET_IMAGE,
  37. CRYPT_SUBJTYPE_FLAT_IMAGE,
  38. CRYPT_SUBJTYPE_CATALOG_IMAGE,
  39. CRYPT_SUBJTYPE_CTL_IMAGE
  40. };
  41. // CRYPT_SUBJTYPE_SS_IMAGE
  42. static const UINT SubjectsID[] =
  43. {
  44. MSSIP_ID_PE,
  45. MSSIP_ID_JAVA,
  46. MSSIP_ID_CAB,
  47. MSSIP_ID_FLAT,
  48. MSSIP_ID_CATALOG,
  49. MSSIP_ID_CTL,
  50. MSSIP_ID_NONE // MUST be at the end!
  51. };
  52. // MSSIP_ID_SS,
  53. BOOL WINAPI CryptSIPGetSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo,
  54. OUT DWORD *dwEncodingType,
  55. IN DWORD dwIndex,
  56. IN OUT DWORD *pdwDataLen,
  57. OUT BYTE *pbData)
  58. {
  59. DWORD dwLastError=0;
  60. if (!(pSubjectInfo) || !(pdwDataLen) || !(dwEncodingType))
  61. {
  62. SetLastError((DWORD)ERROR_INVALID_PARAMETER);
  63. return(FALSE);
  64. }
  65. SIPObject_ *pSubjectObj;
  66. if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType)))
  67. {
  68. SetLastError((DWORD)ERROR_INVALID_PARAMETER);
  69. return(FALSE);
  70. }
  71. pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType);
  72. if (!(pSubjectObj))
  73. {
  74. if (!(pbData))
  75. {
  76. *pdwDataLen = 0;
  77. }
  78. return(FALSE);
  79. }
  80. pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion);
  81. BOOL bRet;
  82. bRet = pSubjectObj->GetSignedDataMsg(pSubjectInfo,
  83. dwIndex,pdwDataLen,pbData,dwEncodingType);
  84. dwLastError=GetLastError();
  85. delete pSubjectObj;
  86. SetLastError(dwLastError);
  87. return(bRet);
  88. }
  89. BOOL WINAPI CryptSIPPutSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo,
  90. IN DWORD dwEncodingType,
  91. OUT DWORD *pdwIndex,
  92. IN DWORD dwDataLen,
  93. IN BYTE *pbData)
  94. {
  95. if (!(pSubjectInfo) ||
  96. (dwDataLen < 1) ||
  97. !(pdwIndex) ||
  98. !(pbData))
  99. {
  100. SetLastError((DWORD)ERROR_INVALID_PARAMETER);
  101. return(FALSE);
  102. }
  103. SIPObject_ *pSubjectObj;
  104. if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType)))
  105. {
  106. SetLastError((DWORD)ERROR_INVALID_PARAMETER);
  107. return(FALSE);
  108. }
  109. pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType);
  110. if (!(pSubjectObj))
  111. {
  112. return(FALSE);
  113. }
  114. pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion);
  115. BOOL bRet;
  116. bRet = pSubjectObj->PutSignedDataMsg(pSubjectInfo,
  117. pdwIndex,dwDataLen,pbData,dwEncodingType);
  118. delete pSubjectObj;
  119. return(bRet);
  120. }
  121. BOOL WINAPI CryptSIPRemoveSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo,
  122. IN DWORD dwIndex)
  123. {
  124. if (!(pSubjectInfo))
  125. {
  126. SetLastError((DWORD)ERROR_INVALID_PARAMETER);
  127. return(FALSE);
  128. }
  129. SIPObject_ *pSubjectObj;
  130. if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType)))
  131. {
  132. SetLastError((DWORD)ERROR_INVALID_PARAMETER);
  133. return(FALSE);
  134. }
  135. pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType);
  136. if (!(pSubjectObj))
  137. {
  138. return(FALSE);
  139. }
  140. pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion);
  141. BOOL bRet;
  142. bRet = pSubjectObj->RemoveSignedDataMsg(pSubjectInfo,dwIndex);
  143. delete pSubjectObj;
  144. return(bRet);
  145. }
  146. BOOL WINAPI CryptSIPCreateIndirectData( IN SIP_SUBJECTINFO *pSubjectInfo,
  147. IN OUT DWORD *pdwDataLen,
  148. OUT SIP_INDIRECT_DATA *psData)
  149. {
  150. if (!(pSubjectInfo) || !(pdwDataLen))
  151. {
  152. SetLastError((DWORD)ERROR_INVALID_PARAMETER);
  153. return(FALSE);
  154. }
  155. SIPObject_ *pSubjectObj;
  156. if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType)))
  157. {
  158. SetLastError((DWORD)ERROR_INVALID_PARAMETER);
  159. return(FALSE);
  160. }
  161. pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType);
  162. if (!(pSubjectObj))
  163. {
  164. if (!(psData))
  165. {
  166. *pdwDataLen = 0;
  167. }
  168. return(FALSE);
  169. }
  170. //
  171. // ALWAYS set the latest version when we are creating the
  172. // indirect data content!
  173. //
  174. pSubjectInfo->dwIntVersion = WIN_CERT_REVISION_2_0;
  175. pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion);
  176. BOOL bRet;
  177. bRet = pSubjectObj->CreateIndirectData(pSubjectInfo,pdwDataLen,psData);
  178. delete pSubjectObj;
  179. return(bRet);
  180. }
  181. BOOL WINAPI CryptSIPVerifyIndirectData( IN SIP_SUBJECTINFO *pSubjectInfo,
  182. IN SIP_INDIRECT_DATA *psData)
  183. {
  184. if (!(pSubjectInfo))
  185. {
  186. SetLastError((DWORD)ERROR_INVALID_PARAMETER);
  187. return(FALSE);
  188. }
  189. SIPObject_ *pSubjectObj;
  190. if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType)))
  191. {
  192. SetLastError((DWORD)ERROR_INVALID_PARAMETER);
  193. return(FALSE);
  194. }
  195. pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType);
  196. if (!(pSubjectObj))
  197. {
  198. return(FALSE);
  199. }
  200. //
  201. // if we are a catalog member, set the version number to whatever
  202. // was set when the catalog file was created...
  203. //
  204. if ((WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwUnionChoice)) &&
  205. (pSubjectInfo->dwUnionChoice == MSSIP_ADDINFO_CATMEMBER) &&
  206. (pSubjectInfo->psCatMember))
  207. {
  208. if (pSubjectInfo->psCatMember->cbStruct == sizeof(MS_ADDINFO_CATALOGMEMBER))
  209. {
  210. if ((pSubjectInfo->psCatMember->pMember) &&
  211. (pSubjectInfo->psCatMember->pMember->cbStruct == sizeof(CRYPTCATMEMBER)))
  212. {
  213. pSubjectInfo->dwIntVersion = pSubjectInfo->psCatMember->pMember->dwCertVersion;
  214. }
  215. }
  216. }
  217. pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion);
  218. if (pSubjectObj->get_CertVersion() < WIN_CERT_REVISION_2_0)
  219. {
  220. DWORD dwCAPIFlags;
  221. CryptSIPGetRegWorkingFlags(&dwCAPIFlags);
  222. if (dwCAPIFlags & WTPF_VERIFY_V1_OFF)
  223. {
  224. delete pSubjectObj;
  225. SetLastError((DWORD)CRYPT_E_SECURITY_SETTINGS);
  226. return(FALSE);
  227. }
  228. }
  229. BOOL bRet;
  230. bRet = pSubjectObj->VerifyIndirectData(pSubjectInfo, psData);
  231. delete pSubjectObj;
  232. return(bRet);
  233. }
  234. //////////////////////////////////////////////////////////////////////////////////////
  235. //
  236. // internal utility functions
  237. //------------------------------------------------------------------------------------
  238. //
  239. SIPObject_ *mssip_CreateSubjectObject(const GUID *chk)
  240. {
  241. UINT idx;
  242. SIPObject_ *pSO;
  243. pSO = NULL;
  244. idx = 0;
  245. while (SubjectsID[idx] != MSSIP_ID_NONE)
  246. {
  247. if (SubjectsGuid[idx] == *chk)
  248. {
  249. switch (SubjectsID[idx])
  250. {
  251. case MSSIP_ID_PE:
  252. pSO = (SIPObject_ *)new SIPObjectPE_(SubjectsID[idx]);
  253. break;
  254. case MSSIP_ID_JAVA:
  255. pSO = (SIPObject_ *)new SIPObjectJAVA_(SubjectsID[idx]);
  256. break;
  257. case MSSIP_ID_CAB:
  258. pSO = (SIPObject_ *)new SIPObjectCAB_(SubjectsID[idx]);
  259. break;
  260. case MSSIP_ID_FLAT:
  261. pSO = (SIPObject_ *)new SIPObjectFlat_(SubjectsID[idx]);
  262. break;
  263. case MSSIP_ID_CTL: // currently, the same logic as catalog files!
  264. case MSSIP_ID_CATALOG:
  265. pSO = (SIPObject_ *)new SIPObjectCatalog_(SubjectsID[idx]);
  266. break;
  267. /* case MSSIP_ID_SS:
  268. pSO = (SIPObject_ *)new SIPObjectSS_(SubjectsID[idx]);
  269. break; */
  270. case MSSIP_V1ID_PE:
  271. case MSSIP_V1ID_PE_EX:
  272. default:
  273. SetLastError((DWORD)TRUST_E_SUBJECT_FORM_UNKNOWN);
  274. return(NULL);
  275. }
  276. if (!(pSO))
  277. {
  278. SetLastError(ERROR_NOT_ENOUGH_MEMORY);
  279. return(NULL);
  280. }
  281. break;
  282. }
  283. idx++;
  284. }
  285. if (!(pSO))
  286. {
  287. SetLastError((DWORD)TRUST_E_SUBJECT_FORM_UNKNOWN);
  288. }
  289. return(pSO);
  290. }
  291. BOOL WINAPI DigestFileData( IN HSPCDIGESTDATA hDigestData,
  292. IN const BYTE *pbData,
  293. IN DWORD cbData)
  294. {
  295. BOOL fRet;
  296. PDIGEST_DATA pDigestData;
  297. fRet = TRUE;
  298. pDigestData = (PDIGEST_DATA)hDigestData;
  299. if (cbData > HASH_CACHE_LEN)
  300. {
  301. if (pDigestData->cbCache > 0)
  302. {
  303. fRet = SipHashData(pDigestData, pDigestData->pbCache, pDigestData->cbCache);
  304. pDigestData->cbCache = 0;
  305. if (!(fRet))
  306. {
  307. return(FALSE);
  308. }
  309. }
  310. fRet = SipHashData(pDigestData, (BYTE *)pbData, cbData);
  311. }
  312. else
  313. {
  314. while (cbData > 0)
  315. {
  316. DWORD cbCopy;
  317. cbCopy = min(HASH_CACHE_LEN - pDigestData->cbCache, cbData);
  318. memcpy(&pDigestData->pbCache[pDigestData->cbCache], pbData,
  319. cbCopy);
  320. cbData -= cbCopy;
  321. pbData += cbCopy;
  322. pDigestData->cbCache += cbCopy;
  323. if (pDigestData->cbCache == HASH_CACHE_LEN)
  324. {
  325. pDigestData->cbCache = 0;
  326. if (!(fRet = SipHashData(pDigestData, pDigestData->pbCache, HASH_CACHE_LEN)))
  327. {
  328. break;
  329. }
  330. }
  331. }
  332. }
  333. return(fRet);
  334. }
  335. BOOL SipCreateHash(HCRYPTPROV hProv, DIGEST_DATA *psDigestData)
  336. {
  337. BOOL fRet;
  338. fRet = TRUE;
  339. switch (psDigestData->dwAlgId)
  340. {
  341. case CALG_MD5:
  342. MD5Init((MD5_CTX *)psDigestData->pvSHA1orMD5Ctx);
  343. break;
  344. case CALG_SHA1:
  345. A_SHAInit((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx);
  346. break;
  347. default:
  348. if (!(hProv))
  349. {
  350. hProv = I_CryptGetDefaultCryptProv(0); // get the default and DONT RELEASE IT!!!!
  351. }
  352. fRet = CryptCreateHash(hProv, psDigestData->dwAlgId, NULL, 0, &psDigestData->hHash);
  353. break;
  354. }
  355. return(fRet);
  356. }
  357. BOOL SipHashData(DIGEST_DATA *psDigestData, BYTE *pbData, DWORD cbData)
  358. {
  359. switch (psDigestData->dwAlgId)
  360. {
  361. case CALG_MD5:
  362. MD5Update((MD5_CTX *)psDigestData->pvSHA1orMD5Ctx, pbData, cbData);
  363. return(TRUE);
  364. case CALG_SHA1:
  365. A_SHAUpdate((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx, pbData, cbData);
  366. return(TRUE);
  367. }
  368. return(CryptHashData(psDigestData->hHash, pbData, cbData, 0));
  369. }
  370. BYTE *SipGetHashValue(DIGEST_DATA *psDigestData, DWORD *pcbHash)
  371. {
  372. BYTE *pbRet;
  373. pbRet = NULL;
  374. switch (psDigestData->dwAlgId)
  375. {
  376. case CALG_MD5:
  377. *pcbHash = MD5DIGESTLEN;
  378. break;
  379. case CALG_SHA1:
  380. *pcbHash = A_SHA_DIGEST_LEN;
  381. break;
  382. default:
  383. *pcbHash = 0;
  384. CryptGetHashParam(psDigestData->hHash, HP_HASHVAL, NULL, pcbHash,0);
  385. }
  386. if (*pcbHash < 1)
  387. {
  388. goto HashLengthError;
  389. }
  390. if (!(pbRet = new BYTE[*pcbHash]))
  391. {
  392. goto MemoryError;
  393. }
  394. switch (psDigestData->dwAlgId)
  395. {
  396. case CALG_MD5:
  397. MD5_CTX *pMD5;
  398. pMD5 = (MD5_CTX *)psDigestData->pvSHA1orMD5Ctx;
  399. MD5Final(pMD5);
  400. memcpy(pbRet, pMD5->digest, MD5DIGESTLEN);
  401. psDigestData->pvSHA1orMD5Ctx = NULL;
  402. break;
  403. case CALG_SHA1:
  404. A_SHAFinal((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx, pbRet);
  405. psDigestData->pvSHA1orMD5Ctx = NULL;
  406. break;
  407. default:
  408. if (CryptGetHashParam(psDigestData->hHash, HP_HASHVAL, pbRet, pcbHash, 0))
  409. {
  410. goto HashParamError;
  411. }
  412. break;
  413. }
  414. CommonReturn:
  415. return(pbRet);
  416. ErrorReturn:
  417. DELETE_OBJECT(pbRet);
  418. goto CommonReturn;
  419. SET_ERROR_VAR_EX(DBG_SS, MemoryError, ERROR_NOT_ENOUGH_MEMORY);
  420. SET_ERROR_VAR_EX(DBG_SS, HashLengthError, GetLastError());
  421. SET_ERROR_VAR_EX(DBG_SS, HashParamError, GetLastError());
  422. }
  423. void SipDestroyHash(DIGEST_DATA *psDigestData)
  424. {
  425. switch (psDigestData->dwAlgId)
  426. {
  427. case CALG_MD5:
  428. if (psDigestData->pvSHA1orMD5Ctx)
  429. {
  430. MD5Final((MD5_CTX *)psDigestData->pvSHA1orMD5Ctx);
  431. }
  432. break;
  433. case CALG_SHA1:
  434. if (psDigestData->pvSHA1orMD5Ctx)
  435. {
  436. BYTE bRet[A_SHA_DIGEST_LEN];
  437. A_SHAFinal((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx, &bRet[0]);
  438. }
  439. break;
  440. default:
  441. CryptDestroyHash(psDigestData->hHash);
  442. break;
  443. }
  444. }
  445. //////////////////////////////////////////////////////////////////////////////////////
  446. //
  447. // standard DLL exports ...
  448. //------------------------------------------------------------------------------------
  449. //
  450. BOOL WINAPI mssip32DllMain(HANDLE hInstDLL,DWORD fdwReason,LPVOID lpvReserved)
  451. {
  452. return(TRUE);
  453. }
  454. STDAPI mssip32DllRegisterServer(void)
  455. {
  456. BOOL fRet;
  457. GUID gFlat = CRYPT_SUBJTYPE_FLAT_IMAGE;
  458. GUID gPe = CRYPT_SUBJTYPE_PE_IMAGE;
  459. GUID gCb = CRYPT_SUBJTYPE_CABINET_IMAGE;
  460. GUID gJv = CRYPT_SUBJTYPE_JAVACLASS_IMAGE;
  461. GUID gCat = CRYPT_SUBJTYPE_CATALOG_IMAGE;
  462. GUID gCTL = CRYPT_SUBJTYPE_CTL_IMAGE;
  463. GUID gSS = CRYPT_SUBJTYPE_SS_IMAGE;
  464. SIP_ADD_NEWPROVIDER sProv;
  465. fRet = TRUE;
  466. memset(&sProv, 0x00, sizeof(SIP_ADD_NEWPROVIDER));
  467. sProv.cbStruct = sizeof(SIP_ADD_NEWPROVIDER);
  468. sProv.pwszDLLFileName = MY_NAME;
  469. sProv.pwszGetFuncName = L"CryptSIPGetSignedDataMsg";
  470. sProv.pwszPutFuncName = L"CryptSIPPutSignedDataMsg";
  471. sProv.pwszCreateFuncName = L"CryptSIPCreateIndirectData";
  472. sProv.pwszVerifyFuncName = L"CryptSIPVerifyIndirectData";
  473. sProv.pwszRemoveFuncName = L"CryptSIPRemoveSignedDataMsg";
  474. sProv.pgSubject = &gFlat;
  475. fRet &= CryptSIPAddProvider(&sProv);
  476. sProv.pgSubject = &gCb;
  477. sProv.pwszMagicNumber = L"MSCF";
  478. fRet &= CryptSIPAddProvider(&sProv);
  479. sProv.pgSubject = &gPe;
  480. sProv.pwszMagicNumber = L"0x00004550";
  481. fRet &= CryptSIPAddProvider(&sProv);
  482. sProv.pgSubject = &gJv;
  483. sProv.pwszMagicNumber = L"0xcafebabe";
  484. fRet &= CryptSIPAddProvider(&sProv);
  485. sProv.pgSubject = &gCat;
  486. fRet &= CryptSIPAddProvider(&sProv);
  487. sProv.pgSubject = &gCTL;
  488. fRet &= CryptSIPAddProvider(&sProv);
  489. //
  490. // structured storage is last becuase it
  491. // has an "is" function...
  492. //
  493. /* sProv.pgSubject = &gSS;
  494. sProv.pwszIsFunctionNameFmt2 = L"IsStructuredStorageFile";
  495. fRet &= CryptSIPAddProvider(&sProv); */
  496. CryptSIPRemoveProvider(&gSS);
  497. return(fRet ? S_OK : S_FALSE);
  498. }
  499. STDAPI mssip32DllUnregisterServer(void)
  500. {
  501. GUID gFlat = CRYPT_SUBJTYPE_FLAT_IMAGE;
  502. GUID gPe = CRYPT_SUBJTYPE_PE_IMAGE;
  503. GUID gCb = CRYPT_SUBJTYPE_CABINET_IMAGE;
  504. GUID gJv = CRYPT_SUBJTYPE_JAVACLASS_IMAGE;
  505. GUID gCat = CRYPT_SUBJTYPE_CATALOG_IMAGE;
  506. GUID gCTL = CRYPT_SUBJTYPE_CTL_IMAGE;
  507. GUID gSS = CRYPT_SUBJTYPE_SS_IMAGE;
  508. CryptSIPRemoveProvider(&gFlat);
  509. CryptSIPRemoveProvider(&gPe);
  510. CryptSIPRemoveProvider(&gCb);
  511. CryptSIPRemoveProvider(&gJv);
  512. CryptSIPRemoveProvider(&gCat);
  513. CryptSIPRemoveProvider(&gCTL);
  514. CryptSIPRemoveProvider(&gSS);
  515. return(S_OK);
  516. }
  517. void CryptSIPGetRegWorkingFlags(DWORD *pdwState)
  518. {
  519. WintrustGetRegPolicyFlags(pdwState);
  520. }
  521. //
  522. // support for Auth2 release
  523. //
  524. typedef struct _SIP_INFORMATION
  525. {
  526. DWORD cbSize; // sizeof(SIP_INFORMATION)
  527. DWORD cgSubjects; // number of guids in array
  528. const GUID *pgSubjects; // array of supported guids/subjects
  529. } SIP_INFORMATION, *PSIP_INFORMATION;
  530. BOOL CryptSIPGetInfo(IN OUT SIP_INFORMATION *pSIPInit)
  531. {
  532. UINT i;
  533. i = 0;
  534. pSIPInit->cbSize = sizeof(SIP_INFORMATION);
  535. while (SubjectsID[i] != MSSIP_ID_NONE)
  536. {
  537. i++;
  538. }
  539. pSIPInit->cgSubjects = i;
  540. pSIPInit->pgSubjects = &SubjectsGuid[0];
  541. return(TRUE);
  542. }