Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

797 lines
27 KiB

  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1996 - 1999
  6. //
  7. // File: msgprov.cpp
  8. //
  9. // Contents: Microsoft Internet Security Authenticode Policy Provider
  10. //
  11. // Functions: SoftpubLoadMessage
  12. //
  13. // *** local functions ***
  14. // _LoadSIP
  15. // _SetSubjectInfo
  16. // _GetMessage
  17. // _ExplodeMessage
  18. // _NoContentWrap
  19. // _SkipOverIdentifierAndLengthOctets
  20. //
  21. // History: 05-Jun-1997 pberkman created
  22. //
  23. //--------------------------------------------------------------------------
  24. #include "global.hxx"
  25. #include "crypthlp.h"
  26. #include "sipguids.h" // located in pki/mssip32
  27. BOOL _LoadSIP(CRYPT_PROVIDER_DATA *pProvData);
  28. BOOL _SetSubjectInfo(CRYPT_PROVIDER_DATA *pProvData);
  29. BOOL _GetMessage(CRYPT_PROVIDER_DATA *pProvData);
  30. BOOL _ExplodeMessage(CRYPT_PROVIDER_DATA *pProvData);
  31. BOOL _NoContentWrap(const BYTE *pbDER, DWORD cbDER);
  32. DWORD _SkipOverIdentifierAndLengthOctets(const BYTE *pbDER, DWORD cbDER);
  33. extern "C" BOOL MsCatConstructHashTag (IN DWORD cbDigest, IN LPBYTE pbDigest, OUT LPWSTR* ppwszHashTag);
  34. extern "C" VOID MsCatFreeHashTag (IN LPWSTR pwszHashTag);
  35. HRESULT WINAPI SoftpubLoadMessage(CRYPT_PROVIDER_DATA *pProvData)
  36. {
  37. if (!(pProvData->padwTrustStepErrors) ||
  38. (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_WVTINIT] != ERROR_SUCCESS) ||
  39. (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_INITPROV] != ERROR_SUCCESS))
  40. {
  41. return(S_FALSE);
  42. }
  43. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = ERROR_SUCCESS;
  44. switch (pProvData->pWintrustData->dwUnionChoice)
  45. {
  46. case WTD_CHOICE_CERT:
  47. case WTD_CHOICE_SIGNER:
  48. //
  49. // this is handled in the signature provider
  50. //
  51. return(ERROR_SUCCESS);
  52. case WTD_CHOICE_FILE:
  53. case WTD_CHOICE_CATALOG:
  54. case WTD_CHOICE_BLOB:
  55. break;
  56. default:
  57. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = ERROR_INVALID_PARAMETER;
  58. return(S_FALSE);
  59. }
  60. //
  61. // extract the message from object.
  62. //
  63. if (!(_SetSubjectInfo(pProvData)))
  64. {
  65. return(S_FALSE);
  66. }
  67. if (!(_LoadSIP(pProvData)))
  68. {
  69. return(S_FALSE);
  70. }
  71. if (!(_GetMessage(pProvData)))
  72. {
  73. return(S_FALSE);
  74. }
  75. if (!(_ExplodeMessage(pProvData)))
  76. {
  77. return(S_FALSE);
  78. }
  79. //
  80. // verify the object that the message pertains to
  81. //
  82. if ((pProvData->pWintrustData->dwUnionChoice == WTD_CHOICE_CATALOG) &&
  83. (_ISINSTRUCT(WINTRUST_CATALOG_INFO, pProvData->pWintrustData->pCatalog->cbStruct,
  84. cbCalculatedFileHash)) &&
  85. (pProvData->pWintrustData->pCatalog->pbCalculatedFileHash) &&
  86. (pProvData->pWintrustData->pCatalog->cbCalculatedFileHash > 0))
  87. {
  88. //
  89. // we've been passed in the calculated file hash so don't redo it, just check it!
  90. //
  91. if (!(pProvData->pPDSip->psIndirectData) ||
  92. !(pProvData->pPDSip->psIndirectData->Digest.pbData) ||
  93. (pProvData->pWintrustData->pCatalog->cbCalculatedFileHash !=
  94. pProvData->pPDSip->psIndirectData->Digest.cbData) ||
  95. (memcmp(pProvData->pWintrustData->pCatalog->pbCalculatedFileHash,
  96. pProvData->pPDSip->psIndirectData->Digest.pbData,
  97. pProvData->pPDSip->psIndirectData->Digest.cbData) != 0))
  98. {
  99. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_BAD_DIGEST;
  100. return(S_FALSE);
  101. }
  102. }
  103. else
  104. {
  105. //
  106. // we need to calculate the hash from the file.... do it!
  107. //
  108. if (!(pProvData->pPDSip->pSip->pfVerify(pProvData->pPDSip->psSipSubjectInfo,
  109. pProvData->pPDSip->psIndirectData)))
  110. {
  111. if (GetLastError() == CRYPT_E_SECURITY_SETTINGS)
  112. {
  113. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = CRYPT_E_SECURITY_SETTINGS;
  114. }
  115. else
  116. {
  117. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_BAD_DIGEST;
  118. }
  119. return(S_FALSE);
  120. }
  121. }
  122. return(ERROR_SUCCESS);
  123. }
  124. static GUID _gCATSubject = CRYPT_SUBJTYPE_CATALOG_IMAGE;
  125. BOOL _LoadSIP(CRYPT_PROVIDER_DATA *pProvData)
  126. {
  127. if (!(pProvData->pPDSip->pSip))
  128. {
  129. if (!(pProvData->pPDSip->pSip = (SIP_DISPATCH_INFO *)pProvData->psPfns->pfnAlloc(sizeof(SIP_DISPATCH_INFO))))
  130. {
  131. pProvData->dwError = GetLastError();
  132. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SYSTEM_ERROR;
  133. return(FALSE);
  134. }
  135. if (!(CryptSIPLoad(&pProvData->pPDSip->gSubject, 0, pProvData->pPDSip->pSip)))
  136. {
  137. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_SIP] = GetLastError();
  138. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_PROVIDER_UNKNOWN;
  139. return(FALSE);
  140. }
  141. }
  142. if (pProvData->pWintrustData->dwUnionChoice == WTD_CHOICE_CATALOG)
  143. {
  144. if (!(pProvData->pPDSip->pCATSip))
  145. {
  146. if (!(pProvData->pPDSip->pCATSip = (SIP_DISPATCH_INFO *)pProvData->psPfns->pfnAlloc(sizeof(SIP_DISPATCH_INFO))))
  147. {
  148. pProvData->dwError = GetLastError();
  149. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SYSTEM_ERROR;
  150. return(FALSE);
  151. }
  152. if (!(CryptSIPLoad(&_gCATSubject, 0, pProvData->pPDSip->pCATSip)))
  153. {
  154. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_SIP] = GetLastError();
  155. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_PROVIDER_UNKNOWN;
  156. return(FALSE);
  157. }
  158. }
  159. }
  160. return(TRUE);
  161. }
  162. BOOL _SetSubjectInfo(CRYPT_PROVIDER_DATA *pProvData)
  163. {
  164. SIP_SUBJECTINFO *pSubjInfo;
  165. SIP_DISPATCH_INFO sSIPDisp;
  166. switch (pProvData->pWintrustData->dwUnionChoice)
  167. {
  168. case WTD_CHOICE_BLOB:
  169. if (!(pProvData->pWintrustData->pBlob) ||
  170. !(_ISINSTRUCT(WINTRUST_BLOB_INFO, pProvData->pWintrustData->pBlob->cbStruct, pbMemSignedMsg)))
  171. {
  172. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = (DWORD)ERROR_INVALID_PARAMETER;
  173. return(FALSE);
  174. }
  175. memcpy(&pProvData->pPDSip->gSubject, &pProvData->pWintrustData->pBlob->gSubject, sizeof(GUID));
  176. break;
  177. case WTD_CHOICE_FILE:
  178. if (!(pProvData->pWintrustData->pFile) ||
  179. !(_ISINSTRUCT(WINTRUST_FILE_INFO, pProvData->pWintrustData->pFile->cbStruct, hFile)))
  180. {
  181. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = (DWORD)ERROR_INVALID_PARAMETER;
  182. return(FALSE);
  183. }
  184. if ((_ISINSTRUCT(WINTRUST_FILE_INFO, pProvData->pWintrustData->pFile->cbStruct, pgKnownSubject)) &&
  185. (pProvData->pWintrustData->pFile->pgKnownSubject))
  186. {
  187. memcpy(&pProvData->pPDSip->gSubject, pProvData->pWintrustData->pFile->pgKnownSubject, sizeof(GUID));
  188. }
  189. else if (!(CryptSIPRetrieveSubjectGuid(pProvData->pWintrustData->pFile->pcwszFilePath,
  190. pProvData->pWintrustData->pFile->hFile,
  191. &pProvData->pPDSip->gSubject)))
  192. {
  193. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_SIP] = GetLastError();
  194. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SUBJECT_FORM_UNKNOWN;
  195. return(FALSE);
  196. }
  197. break;
  198. case WTD_CHOICE_CATALOG:
  199. if (!(pProvData->pWintrustData->pCatalog) ||
  200. !(_ISINSTRUCT(WINTRUST_CATALOG_INFO, pProvData->pWintrustData->pCatalog->cbStruct,
  201. hMemberFile)))
  202. {
  203. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = (DWORD)ERROR_INVALID_PARAMETER;
  204. return(FALSE);
  205. }
  206. if ((_ISINSTRUCT(CRYPT_PROVIDER_DATA, pProvData->cbStruct, fRecallWithState)) &&
  207. (pProvData->fRecallWithState))
  208. {
  209. break;
  210. }
  211. if (!(pProvData->pPDSip->psSipCATSubjectInfo =
  212. (SIP_SUBJECTINFO *)pProvData->psPfns->pfnAlloc(sizeof(SIP_SUBJECTINFO))))
  213. {
  214. pProvData->dwError = GetLastError();
  215. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SYSTEM_ERROR;
  216. return(FALSE);
  217. }
  218. memset(pProvData->pPDSip->psSipCATSubjectInfo, 0x00, sizeof(SIP_SUBJECTINFO));
  219. pProvData->pPDSip->psSipCATSubjectInfo->cbSize = sizeof(SIP_SUBJECTINFO);
  220. pProvData->pPDSip->psSipCATSubjectInfo->hProv = pProvData->hProv;
  221. pProvData->pPDSip->psSipCATSubjectInfo->pClientData = pProvData->pWintrustData->pSIPClientData;
  222. pProvData->pPDSip->psSipCATSubjectInfo->pwsFileName =
  223. (WCHAR *)pProvData->pWintrustData->pCatalog->pcwszCatalogFilePath;
  224. pProvData->pPDSip->psSipCATSubjectInfo->pwsDisplayName =
  225. pProvData->pPDSip->psSipCATSubjectInfo->pwsFileName;
  226. pProvData->pPDSip->psSipCATSubjectInfo->fdwCAPISettings = pProvData->dwRegPolicySettings;
  227. pProvData->pPDSip->psSipCATSubjectInfo->fdwSecuritySettings = pProvData->dwRegPolicySettings;
  228. if (!(pProvData->pPDSip->psSipCATSubjectInfo->pgSubjectType =
  229. (GUID *)pProvData->psPfns->pfnAlloc(sizeof(GUID))))
  230. {
  231. pProvData->dwError = GetLastError();
  232. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SYSTEM_ERROR;
  233. return(FALSE);
  234. }
  235. memcpy(pProvData->pPDSip->psSipCATSubjectInfo->pgSubjectType, &_gCATSubject, sizeof(GUID));
  236. break;
  237. default:
  238. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_CATALOGFILE] = GetLastError();
  239. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = CRYPT_E_FILE_ERROR;
  240. return(FALSE);
  241. }
  242. //
  243. // setup the subject info for the SIP
  244. //
  245. if (!(pProvData->pPDSip->psSipSubjectInfo))
  246. {
  247. if (!(pProvData->pPDSip->psSipSubjectInfo =
  248. (SIP_SUBJECTINFO *)pProvData->psPfns->pfnAlloc(sizeof(SIP_SUBJECTINFO))))
  249. {
  250. pProvData->dwError = GetLastError();
  251. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SYSTEM_ERROR;
  252. return(FALSE);
  253. }
  254. pSubjInfo = pProvData->pPDSip->psSipSubjectInfo;
  255. memset(pSubjInfo, 0x00, sizeof(SIP_SUBJECTINFO));
  256. pSubjInfo->cbSize = sizeof(SIP_SUBJECTINFO);
  257. pSubjInfo->hProv = pProvData->hProv;
  258. }
  259. else
  260. {
  261. pSubjInfo = pProvData->pPDSip->psSipSubjectInfo;
  262. }
  263. pSubjInfo->pClientData = pProvData->pWintrustData->pSIPClientData;
  264. pSubjInfo->pwsFileName = WTHelperGetFileName(pProvData->pWintrustData);
  265. pSubjInfo->hFile = WTHelperGetFileHandle(pProvData->pWintrustData);
  266. pSubjInfo->pwsDisplayName = pSubjInfo->pwsFileName;
  267. pSubjInfo->fdwCAPISettings = pProvData->dwRegPolicySettings;
  268. pSubjInfo->fdwSecuritySettings = pProvData->dwRegSecuritySettings;
  269. if (!(pSubjInfo->pgSubjectType = (GUID *)pProvData->psPfns->pfnAlloc(sizeof(GUID))))
  270. {
  271. pProvData->dwError = GetLastError();
  272. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SYSTEM_ERROR;
  273. return(FALSE);
  274. }
  275. switch(pProvData->pWintrustData->dwUnionChoice)
  276. {
  277. case WTD_CHOICE_FILE:
  278. break;
  279. case WTD_CHOICE_BLOB:
  280. pSubjInfo->dwUnionChoice = MSSIP_ADDINFO_BLOB;
  281. if (!(pSubjInfo->psBlob = (MS_ADDINFO_BLOB *)pProvData->psPfns->pfnAlloc(sizeof(MS_ADDINFO_BLOB))))
  282. {
  283. pProvData->dwError = GetLastError();
  284. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SYSTEM_ERROR;
  285. return(FALSE);
  286. }
  287. memset(pSubjInfo->psBlob, 0x00, sizeof(MS_ADDINFO_BLOB));
  288. pSubjInfo->psBlob->cbStruct = sizeof(MS_ADDINFO_BLOB);
  289. pSubjInfo->psBlob->cbMemObject = pProvData->pWintrustData->pBlob->cbMemObject;
  290. pSubjInfo->psBlob->pbMemObject = pProvData->pWintrustData->pBlob->pbMemObject;
  291. pSubjInfo->psBlob->cbMemSignedMsg = pProvData->pWintrustData->pBlob->cbMemSignedMsg;
  292. pSubjInfo->psBlob->pbMemSignedMsg = pProvData->pWintrustData->pBlob->pbMemSignedMsg;
  293. pSubjInfo->pwsDisplayName = pProvData->pWintrustData->pBlob->pcwszDisplayName;
  294. break;
  295. case WTD_CHOICE_CATALOG:
  296. // The following APIs are in DELAYLOAD'ed mscat32.dll. If the
  297. // DELAYLOAD fails an exception is raised.
  298. __try {
  299. HANDLE hCatStore;
  300. MS_ADDINFO_CATALOGMEMBER *pCatAdd;
  301. if (!(pSubjInfo->psCatMember))
  302. {
  303. if (!(pSubjInfo->psCatMember =
  304. (MS_ADDINFO_CATALOGMEMBER *)pProvData->psPfns->pfnAlloc(sizeof(MS_ADDINFO_CATALOGMEMBER))))
  305. {
  306. pProvData->dwError = GetLastError();
  307. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SYSTEM_ERROR;
  308. return(FALSE);
  309. }
  310. memset(pSubjInfo->psCatMember, 0x00, sizeof(MS_ADDINFO_CATALOGMEMBER));
  311. pSubjInfo->dwUnionChoice = MSSIP_ADDINFO_CATMEMBER;
  312. pCatAdd = pSubjInfo->psCatMember;
  313. pCatAdd->cbStruct = sizeof(MS_ADDINFO_CATALOGMEMBER);
  314. hCatStore = CryptCATOpen((WCHAR *)pProvData->pWintrustData->pCatalog->pcwszCatalogFilePath,
  315. CRYPTCAT_OPEN_EXISTING,
  316. pProvData->hProv,
  317. pProvData->pWintrustData->pCatalog->dwCatalogVersion,
  318. NULL);
  319. if (!(hCatStore) || (hCatStore == INVALID_HANDLE_VALUE))
  320. {
  321. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_CATALOGFILE] = GetLastError();
  322. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = CRYPT_E_FILE_ERROR;
  323. return(FALSE);
  324. }
  325. pCatAdd->pStore = CryptCATStoreFromHandle(hCatStore);
  326. }
  327. else
  328. {
  329. pCatAdd = pSubjInfo->psCatMember;
  330. hCatStore = CryptCATHandleFromStore(pCatAdd->pStore);
  331. }
  332. pCatAdd->pMember = NULL;
  333. if ( ( pProvData->pWintrustData->pCatalog->pbCalculatedFileHash != NULL ) &&
  334. ( pProvData->pWintrustData->pCatalog->cbCalculatedFileHash != 0 ) )
  335. {
  336. LPWSTR pwszHashTag;
  337. if ( MsCatConstructHashTag(
  338. pProvData->pWintrustData->pCatalog->cbCalculatedFileHash,
  339. pProvData->pWintrustData->pCatalog->pbCalculatedFileHash,
  340. &pwszHashTag
  341. ) == TRUE )
  342. {
  343. pCatAdd->pMember = CryptCATGetMemberInfo(hCatStore, pwszHashTag);
  344. MsCatFreeHashTag(pwszHashTag);
  345. }
  346. }
  347. if (!(pCatAdd->pMember))
  348. {
  349. pCatAdd->pMember = CryptCATGetMemberInfo(hCatStore,
  350. (WCHAR *)pProvData->pWintrustData->pCatalog->pcwszMemberTag);
  351. }
  352. if (!(pCatAdd->pMember))
  353. {
  354. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_CATALOGFILE] = GetLastError();
  355. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_NOSIGNATURE;
  356. return(FALSE);
  357. }
  358. memcpy(&pProvData->pPDSip->gSubject, &pCatAdd->pMember->gSubjectType, sizeof(GUID));
  359. //
  360. // assign the correct cert version so hashes will match if the file was already signed!
  361. //
  362. pSubjInfo->dwIntVersion = pCatAdd->pMember->dwCertVersion;
  363. } __except(EXCEPTION_EXECUTE_HANDLER) {
  364. pProvData->dwError = GetExceptionCode();
  365. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] =
  366. TRUST_E_SYSTEM_ERROR;
  367. return(FALSE);
  368. }
  369. break;
  370. }
  371. //
  372. // set the GUID for the SIP... this is done at the end because the pProvData member
  373. // can get changed above!
  374. //
  375. memcpy(pSubjInfo->pgSubjectType, &pProvData->pPDSip->gSubject, sizeof(GUID));
  376. return(TRUE);
  377. }
  378. BOOL _GetMessage(CRYPT_PROVIDER_DATA *pProvData)
  379. {
  380. DWORD dwMsgEncoding;
  381. SIP_SUBJECTINFO *pSubjInfo;
  382. SIP_DISPATCH_INFO *pSip;
  383. DWORD cbEncodedMsg;
  384. BYTE *pbEncodedMsg;
  385. DWORD dwMsgType;
  386. HCRYPTMSG hMsg;
  387. HCRYPTPROV hProv;
  388. dwMsgEncoding = 0;
  389. dwMsgType = 0;
  390. switch(pProvData->pWintrustData->dwUnionChoice)
  391. {
  392. case WTD_CHOICE_CATALOG:
  393. if ((_ISINSTRUCT(CRYPT_PROVIDER_DATA, pProvData->cbStruct, fRecallWithState)) &&
  394. (pProvData->fRecallWithState) &&
  395. (pProvData->hMsg))
  396. {
  397. return(TRUE);
  398. }
  399. pSip = pProvData->pPDSip->pCATSip;
  400. pSubjInfo = pProvData->pPDSip->psSipCATSubjectInfo;
  401. break;
  402. case WTD_CHOICE_BLOB:
  403. case WTD_CHOICE_FILE:
  404. pSip = pProvData->pPDSip->pSip;
  405. pSubjInfo = pProvData->pPDSip->psSipSubjectInfo;
  406. break;
  407. default:
  408. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_NOSIGNATURE;
  409. return(FALSE);
  410. }
  411. cbEncodedMsg = 0;
  412. pSip->pfGet(pSubjInfo, &dwMsgEncoding, 0, &cbEncodedMsg, NULL);
  413. if (cbEncodedMsg == 0)
  414. {
  415. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_SIP] = GetLastError();
  416. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_NOSIGNATURE;
  417. return(FALSE);
  418. }
  419. if (!(pbEncodedMsg = (BYTE *)pProvData->psPfns->pfnAlloc(cbEncodedMsg)))
  420. {
  421. pProvData->dwError = GetLastError();
  422. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SYSTEM_ERROR;
  423. return(FALSE);
  424. }
  425. if (!(pSip->pfGet(pSubjInfo, &dwMsgEncoding, 0, &cbEncodedMsg, pbEncodedMsg)))
  426. {
  427. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_SIP] = GetLastError();
  428. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_NOSIGNATURE;
  429. pProvData->psPfns->pfnFree(pbEncodedMsg);
  430. return(FALSE);
  431. }
  432. pProvData->dwEncoding = dwMsgEncoding;
  433. if ((pProvData->dwEncoding & PKCS_7_ASN_ENCODING) &&
  434. (_NoContentWrap(pbEncodedMsg, cbEncodedMsg)))
  435. {
  436. dwMsgType = CMSG_SIGNED; // support for IE v3.0
  437. }
  438. // The default hProv to use depends on the type of the public key used to
  439. // do the signing.
  440. hProv = pProvData->hProv;
  441. if (hProv && hProv == I_CryptGetDefaultCryptProv(0))
  442. hProv = 0;
  443. if (!(hMsg = CryptMsgOpenToDecode(pProvData->dwEncoding, 0, dwMsgType,
  444. hProv, NULL, NULL)))
  445. {
  446. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_MESSAGE] = GetLastError();
  447. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = CRYPT_E_BAD_MSG;
  448. pProvData->psPfns->pfnFree(pbEncodedMsg);
  449. return(FALSE);
  450. }
  451. pProvData->hMsg = hMsg;
  452. // encoded message
  453. if (!(CryptMsgUpdate(hMsg, pbEncodedMsg, cbEncodedMsg, TRUE)))
  454. {
  455. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_MESSAGE] = GetLastError();
  456. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = CRYPT_E_BAD_MSG;
  457. pProvData->psPfns->pfnFree(pbEncodedMsg);
  458. return(FALSE);
  459. }
  460. pProvData->psPfns->pfnFree(pbEncodedMsg);
  461. return(TRUE);
  462. }
  463. BOOL _ExplodeMessage(CRYPT_PROVIDER_DATA *pProvData)
  464. {
  465. DWORD cbSize;
  466. DWORD cbContent;
  467. BYTE *pb;
  468. HCERTSTORE hStore;
  469. if (!(_ISINSTRUCT(CRYPT_PROVIDER_DATA, pProvData->cbStruct, fRecallWithState)) ||
  470. !(pProvData->fRecallWithState))
  471. {
  472. // message cert store
  473. hStore = CertOpenStore(CERT_STORE_PROV_MSG,
  474. pProvData->dwEncoding,
  475. pProvData->hProv,
  476. CERT_STORE_NO_CRYPT_RELEASE_FLAG,
  477. pProvData->hMsg);
  478. if (hStore)
  479. {
  480. if (!(pProvData->psPfns->pfnAddStore2Chain(pProvData, hStore)))
  481. {
  482. pProvData->dwError = GetLastError();
  483. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = TRUST_E_SYSTEM_ERROR;
  484. CertCloseStore(hStore, 0);
  485. return(FALSE);
  486. }
  487. CertCloseStore(hStore, 0);
  488. }
  489. else
  490. {
  491. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = GetLastError();
  492. return(FALSE);
  493. }
  494. }
  495. // inner content type
  496. cbSize = 0;
  497. CryptMsgGetParam(pProvData->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, NULL, &cbSize);
  498. if (cbSize == 0)
  499. {
  500. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = CRYPT_E_BAD_MSG;
  501. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_MSG_INNERCNTTYPE] = GetLastError();
  502. return(FALSE);
  503. }
  504. if (!(pb = (BYTE *)pProvData->psPfns->pfnAlloc(cbSize + 1)))
  505. {
  506. pProvData->dwError = GetLastError();
  507. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = TRUST_E_SYSTEM_ERROR;
  508. return(FALSE);
  509. }
  510. if (!(CryptMsgGetParam(pProvData->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0,
  511. pb, &cbSize)))
  512. {
  513. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_MSG_INNERCNTTYPE] = GetLastError();
  514. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = CRYPT_E_BAD_MSG;
  515. delete pb;
  516. return(FALSE);
  517. }
  518. pb[cbSize] = NULL;
  519. if (strcmp((char *)pb, SPC_INDIRECT_DATA_OBJID) == 0)
  520. {
  521. pProvData->psPfns->pfnFree(pb);
  522. cbContent = 0;
  523. CryptMsgGetParam(pProvData->hMsg, CMSG_CONTENT_PARAM, 0, NULL, &cbContent);
  524. if (cbContent == 0)
  525. {
  526. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = CRYPT_E_BAD_MSG;
  527. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_MSG_INNERCNT] = GetLastError();
  528. return(FALSE);
  529. }
  530. if (!(pb = (BYTE *)pProvData->psPfns->pfnAlloc(cbContent)))
  531. {
  532. pProvData->dwError = GetLastError();
  533. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = TRUST_E_SYSTEM_ERROR;
  534. return(FALSE);
  535. }
  536. if (!(CryptMsgGetParam(pProvData->hMsg, CMSG_CONTENT_PARAM, 0,
  537. pb, &cbContent)))
  538. {
  539. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = CRYPT_E_BAD_MSG;
  540. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_MSG_INNERCNT] = GetLastError();
  541. pProvData->psPfns->pfnFree(pb);
  542. return(FALSE);
  543. }
  544. if (!(TrustDecode(WVT_MODID_SOFTPUB, (BYTE **)&pProvData->pPDSip->psIndirectData, &cbSize, 202,
  545. pProvData->dwEncoding, SPC_INDIRECT_DATA_CONTENT_STRUCT,
  546. pb, cbContent, 0)))
  547. {
  548. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = CRYPT_E_BAD_MSG;
  549. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_MSG_INNERCNT] = GetLastError();
  550. pProvData->psPfns->pfnFree(pb);
  551. return(FALSE);
  552. }
  553. pProvData->psPfns->pfnFree(pb);
  554. }
  555. else
  556. {
  557. pProvData->psPfns->pfnFree(pb);
  558. if ((pProvData->pWintrustData->dwUnionChoice == WTD_CHOICE_CATALOG) &&
  559. (pProvData->pPDSip->psSipSubjectInfo->dwUnionChoice == MSSIP_ADDINFO_CATMEMBER))
  560. {
  561. //
  562. // get the indirect data from the pMember!!! Also, we want to
  563. // allocate just the structure and copy the pointers over to it.
  564. // this is so we can have a generic cleanup.
  565. //
  566. MS_ADDINFO_CATALOGMEMBER *pCatAdd;
  567. pCatAdd = pProvData->pPDSip->psSipSubjectInfo->psCatMember;
  568. if ((pCatAdd) && (pCatAdd->pMember) && (pCatAdd->pMember->pIndirectData))
  569. {
  570. if (!(pProvData->pPDSip->psIndirectData =
  571. (SIP_INDIRECT_DATA *)pProvData->psPfns->pfnAlloc(sizeof(SIP_INDIRECT_DATA))))
  572. {
  573. pProvData->dwError = GetLastError();
  574. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = TRUST_E_SYSTEM_ERROR;
  575. return(FALSE);
  576. }
  577. memcpy(pProvData->pPDSip->psIndirectData, pCatAdd->pMember->pIndirectData,
  578. sizeof(SIP_INDIRECT_DATA));
  579. }
  580. }
  581. }
  582. return(TRUE);
  583. }
  584. DWORD _SkipOverIdentifierAndLengthOctets(const BYTE *pbDER, DWORD cbDER)
  585. {
  586. # define TAG_MASK 0x1f
  587. DWORD cb;
  588. DWORD cbLength;
  589. const BYTE *pb = pbDER;
  590. // Need minimum of 2 bytes
  591. if (cbDER < 2)
  592. {
  593. return(0);
  594. }
  595. // Skip over the identifier octet(s)
  596. if (TAG_MASK == (*pb++ & TAG_MASK))
  597. {
  598. // high-tag-number form
  599. for (cb=2; *pb++ & 0x80; cb++)
  600. {
  601. if (cb >= cbDER)
  602. {
  603. return(0);
  604. }
  605. }
  606. }
  607. else
  608. {
  609. // low-tag-number form
  610. cb = 1;
  611. }
  612. // need at least one more byte for length
  613. if (cb >= cbDER)
  614. {
  615. return(0);
  616. }
  617. if (0x80 == *pb)
  618. {
  619. // Indefinite
  620. cb++;
  621. }
  622. else if ((cbLength = *pb) & 0x80)
  623. {
  624. cbLength &= ~0x80; // low 7 bits have number of bytes
  625. cb += cbLength + 1;
  626. if (cb > cbDER)
  627. {
  628. return(0);
  629. }
  630. }
  631. else
  632. {
  633. cb++;
  634. }
  635. return(cb);
  636. }
  637. BOOL _NoContentWrap(const BYTE *pbDER, DWORD cbDER)
  638. {
  639. DWORD cb;
  640. cb = _SkipOverIdentifierAndLengthOctets(pbDER, cbDER);
  641. if ((cb > 0) && (cb < cbDER) && (pbDER[cb] == 0x02))
  642. {
  643. return TRUE;
  644. }
  645. return(FALSE);
  646. }