// Microsoft Windows // Copyright (C) Microsoft Corporation, 1996 - 1999 // File: mssip32.cpp // Contents: Microsoft SIP Provider // History: 14-Feb-1997 pberkman created #include "global.hxx" #include "sipobj.hxx" #include "sipobjpe.hxx" #include "sipobjjv.hxx" #include "sipobjcb.hxx" #include "sipobjfl.hxx" #include "sipobjct.hxx" #include "sipobjss.hxx" #include "crypthlp.h" #include "sha.h" #include "md5.h" #define MY_NAME L"WINTRUST.DLL" SIPObject_ *mssip_CreateSubjectObject(const GUID *chk); // the entries in SubjectsGuid MUST be in the same relative position and coalate with those in the SubjectsID. static const GUID SubjectsGuid[] = { CRYPT_SUBJTYPE_PE_IMAGE, CRYPT_SUBJTYPE_JAVACLASS_IMAGE, CRYPT_SUBJTYPE_CABINET_IMAGE, CRYPT_SUBJTYPE_FLAT_IMAGE, CRYPT_SUBJTYPE_CATALOG_IMAGE, CRYPT_SUBJTYPE_CTL_IMAGE }; // CRYPT_SUBJTYPE_SS_IMAGE static const UINT SubjectsID[] = { MSSIP_ID_PE, MSSIP_ID_JAVA, MSSIP_ID_CAB, MSSIP_ID_FLAT, MSSIP_ID_CATALOG, MSSIP_ID_CTL, MSSIP_ID_NONE // MUST be at the end! }; // MSSIP_ID_SS, BOOL WINAPI CryptSIPGetSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo, OUT DWORD *dwEncodingType, IN DWORD dwIndex, IN OUT DWORD *pdwDataLen, OUT BYTE *pbData) { DWORD dwLastError=0; if (!(pSubjectInfo) || !(pdwDataLen) || !(dwEncodingType)) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } SIPObject_ *pSubjectObj; if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType))) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType); if (!(pSubjectObj)) { if (!(pbData)) { *pdwDataLen = 0; } return(FALSE); } pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion); BOOL bRet; bRet = pSubjectObj->GetSignedDataMsg(pSubjectInfo, dwIndex,pdwDataLen,pbData,dwEncodingType); dwLastError=GetLastError(); delete pSubjectObj; SetLastError(dwLastError); return(bRet); } BOOL WINAPI CryptSIPPutSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwEncodingType, OUT DWORD *pdwIndex, IN DWORD dwDataLen, IN BYTE *pbData) { if (!(pSubjectInfo) || (dwDataLen < 1) || !(pdwIndex) || !(pbData)) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } SIPObject_ *pSubjectObj; if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType))) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType); if (!(pSubjectObj)) { return(FALSE); } pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion); BOOL bRet; bRet = pSubjectObj->PutSignedDataMsg(pSubjectInfo, pdwIndex,dwDataLen,pbData,dwEncodingType); delete pSubjectObj; return(bRet); } BOOL WINAPI CryptSIPRemoveSignedDataMsg( IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwIndex) { if (!(pSubjectInfo)) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } SIPObject_ *pSubjectObj; if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType))) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType); if (!(pSubjectObj)) { return(FALSE); } pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion); BOOL bRet; bRet = pSubjectObj->RemoveSignedDataMsg(pSubjectInfo,dwIndex); delete pSubjectObj; return(bRet); } BOOL WINAPI CryptSIPCreateIndirectData( IN SIP_SUBJECTINFO *pSubjectInfo, IN OUT DWORD *pdwDataLen, OUT SIP_INDIRECT_DATA *psData) { if (!(pSubjectInfo) || !(pdwDataLen)) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } SIPObject_ *pSubjectObj; if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType))) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType); if (!(pSubjectObj)) { if (!(psData)) { *pdwDataLen = 0; } return(FALSE); } // ALWAYS set the latest version when we are creating the indirect data content! pSubjectInfo->dwIntVersion = WIN_CERT_REVISION_2_0; pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion); BOOL bRet; bRet = pSubjectObj->CreateIndirectData(pSubjectInfo,pdwDataLen,psData); delete pSubjectObj; return(bRet); } BOOL WINAPI CryptSIPVerifyIndirectData( IN SIP_SUBJECTINFO *pSubjectInfo, IN SIP_INDIRECT_DATA *psData) { if (!(pSubjectInfo)) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } SIPObject_ *pSubjectObj; if (!(WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwEncodingType))) { SetLastError((DWORD)ERROR_INVALID_PARAMETER); return(FALSE); } pSubjectObj = mssip_CreateSubjectObject(pSubjectInfo->pgSubjectType); if (!(pSubjectObj)) { return(FALSE); } // if we are a catalog member, set the version number to whatever // was set when the catalog file was created... if ((WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(SIP_SUBJECTINFO, pSubjectInfo->cbSize, dwUnionChoice)) && (pSubjectInfo->dwUnionChoice == MSSIP_ADDINFO_CATMEMBER) && (pSubjectInfo->psCatMember)) { if (pSubjectInfo->psCatMember->cbStruct == sizeof(MS_ADDINFO_CATALOGMEMBER)) { if ((pSubjectInfo->psCatMember->pMember) && (pSubjectInfo->psCatMember->pMember->cbStruct == sizeof(CRYPTCATMEMBER))) { pSubjectInfo->dwIntVersion = pSubjectInfo->psCatMember->pMember->dwCertVersion; } } } pSubjectObj->set_CertVersion(pSubjectInfo->dwIntVersion); if (pSubjectObj->get_CertVersion() < WIN_CERT_REVISION_2_0) { DWORD dwCAPIFlags; CryptSIPGetRegWorkingFlags(&dwCAPIFlags); if (dwCAPIFlags & WTPF_VERIFY_V1_OFF) { delete pSubjectObj; SetLastError((DWORD)CRYPT_E_SECURITY_SETTINGS); return(FALSE); } } BOOL bRet; bRet = pSubjectObj->VerifyIndirectData(pSubjectInfo, psData); delete pSubjectObj; return(bRet); } // internal utility functions SIPObject_ *mssip_CreateSubjectObject(const GUID *chk) { UINT idx; SIPObject_ *pSO; pSO = NULL; idx = 0; while (SubjectsID[idx] != MSSIP_ID_NONE) { if (SubjectsGuid[idx] == *chk) { switch (SubjectsID[idx]) { case MSSIP_ID_PE: pSO = (SIPObject_ *)new SIPObjectPE_(SubjectsID[idx]); break; case MSSIP_ID_JAVA: pSO = (SIPObject_ *)new SIPObjectJAVA_(SubjectsID[idx]); break; case MSSIP_ID_CAB: pSO = (SIPObject_ *)new SIPObjectCAB_(SubjectsID[idx]); break; case MSSIP_ID_FLAT: pSO = (SIPObject_ *)new SIPObjectFlat_(SubjectsID[idx]); break; case MSSIP_ID_CTL: // currently, the same logic as catalog files! case MSSIP_ID_CATALOG: pSO = (SIPObject_ *)new SIPObjectCatalog_(SubjectsID[idx]); break; /* case MSSIP_ID_SS: pSO = (SIPObject_ *)new SIPObjectSS_(SubjectsID[idx]); break; */ case MSSIP_V1ID_PE: case MSSIP_V1ID_PE_EX: default: SetLastError((DWORD)TRUST_E_SUBJECT_FORM_UNKNOWN); return(NULL); } if (!(pSO)) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); return(NULL); } break; } idx++; } if (!(pSO)) { SetLastError((DWORD)TRUST_E_SUBJECT_FORM_UNKNOWN); } return(pSO); } BOOL WINAPI DigestFileData( IN HSPCDIGESTDATA hDigestData, IN const BYTE *pbData, IN DWORD cbData) { BOOL fRet; PDIGEST_DATA pDigestData; fRet = TRUE; pDigestData = (PDIGEST_DATA)hDigestData; if (cbData > HASH_CACHE_LEN) { if (pDigestData->cbCache > 0) { fRet = SipHashData(pDigestData, pDigestData->pbCache, pDigestData->cbCache); pDigestData->cbCache = 0; if (!(fRet)) { return(FALSE); } } fRet = SipHashData(pDigestData, (BYTE *)pbData, cbData); } else { while (cbData > 0) { DWORD cbCopy; cbCopy = min(HASH_CACHE_LEN - pDigestData->cbCache, cbData); memcpy(&pDigestData->pbCache[pDigestData->cbCache], pbData, cbCopy); cbData -= cbCopy; pbData += cbCopy; pDigestData->cbCache += cbCopy; if (pDigestData->cbCache == HASH_CACHE_LEN) { pDigestData->cbCache = 0; if (!(fRet = SipHashData(pDigestData, pDigestData->pbCache, HASH_CACHE_LEN))) { break; } } } } return(fRet); } BOOL SipCreateHash(HCRYPTPROV hProv, DIGEST_DATA *psDigestData) { BOOL fRet; fRet = TRUE; switch (psDigestData->dwAlgId) { case CALG_MD5: MD5Init((MD5_CTX *)psDigestData->pvSHA1orMD5Ctx); break; case CALG_SHA1: A_SHAInit((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx); break; default: if (!(hProv)) { hProv = I_CryptGetDefaultCryptProv(0); // get the default and DONT RELEASE IT!!!! } fRet = CryptCreateHash(hProv, psDigestData->dwAlgId, NULL, 0, &psDigestData->hHash); break; } return(fRet); } BOOL SipHashData(DIGEST_DATA *psDigestData, BYTE *pbData, DWORD cbData) { switch (psDigestData->dwAlgId) { case CALG_MD5: MD5Update((MD5_CTX *)psDigestData->pvSHA1orMD5Ctx, pbData, cbData); return(TRUE); case CALG_SHA1: A_SHAUpdate((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx, pbData, cbData); return(TRUE); } return(CryptHashData(psDigestData->hHash, pbData, cbData, 0)); } BYTE *SipGetHashValue(DIGEST_DATA *psDigestData, DWORD *pcbHash) { BYTE *pbRet; pbRet = NULL; switch (psDigestData->dwAlgId) { case CALG_MD5: *pcbHash = MD5DIGESTLEN; break; case CALG_SHA1: *pcbHash = A_SHA_DIGEST_LEN; break; default: *pcbHash = 0; CryptGetHashParam(psDigestData->hHash, HP_HASHVAL, NULL, pcbHash,0); } if (*pcbHash < 1) { goto HashLengthError; } if (!(pbRet = new BYTE[*pcbHash])) { goto MemoryError; } switch (psDigestData->dwAlgId) { case CALG_MD5: MD5_CTX *pMD5; pMD5 = (MD5_CTX *)psDigestData->pvSHA1orMD5Ctx; MD5Final(pMD5); memcpy(pbRet, pMD5->digest, MD5DIGESTLEN); psDigestData->pvSHA1orMD5Ctx = NULL; break; case CALG_SHA1: A_SHAFinal((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx, pbRet); psDigestData->pvSHA1orMD5Ctx = NULL; break; default: if (CryptGetHashParam(psDigestData->hHash, HP_HASHVAL, pbRet, pcbHash, 0)) { goto HashParamError; } break; } CommonReturn: return(pbRet); ErrorReturn: DELETE_OBJECT(pbRet); goto CommonReturn; SET_ERROR_VAR_EX(DBG_SS, MemoryError, ERROR_NOT_ENOUGH_MEMORY); SET_ERROR_VAR_EX(DBG_SS, HashLengthError, GetLastError()); SET_ERROR_VAR_EX(DBG_SS, HashParamError, GetLastError()); } void SipDestroyHash(DIGEST_DATA *psDigestData) { switch (psDigestData->dwAlgId) { case CALG_MD5: if (psDigestData->pvSHA1orMD5Ctx) { MD5Final((MD5_CTX *)psDigestData->pvSHA1orMD5Ctx); } break; case CALG_SHA1: if (psDigestData->pvSHA1orMD5Ctx) { BYTE bRet[A_SHA_DIGEST_LEN]; A_SHAFinal((A_SHA_CTX *)psDigestData->pvSHA1orMD5Ctx, &bRet[0]); } break; default: CryptDestroyHash(psDigestData->hHash); break; } } // standard DLL exports ... BOOL WINAPI mssip32DllMain(HANDLE hInstDLL,DWORD fdwReason,LPVOID lpvReserved) { return(TRUE); } STDAPI mssip32DllRegisterServer(void) { BOOL fRet; GUID gFlat = CRYPT_SUBJTYPE_FLAT_IMAGE; GUID gPe = CRYPT_SUBJTYPE_PE_IMAGE; GUID gCb = CRYPT_SUBJTYPE_CABINET_IMAGE; GUID gJv = CRYPT_SUBJTYPE_JAVACLASS_IMAGE; GUID gCat = CRYPT_SUBJTYPE_CATALOG_IMAGE; GUID gCTL = CRYPT_SUBJTYPE_CTL_IMAGE; GUID gSS = CRYPT_SUBJTYPE_SS_IMAGE; SIP_ADD_NEWPROVIDER sProv; fRet = TRUE; memset(&sProv, 0x00, sizeof(SIP_ADD_NEWPROVIDER)); sProv.cbStruct = sizeof(SIP_ADD_NEWPROVIDER); sProv.pwszDLLFileName = MY_NAME; sProv.pwszGetFuncName = L"CryptSIPGetSignedDataMsg"; sProv.pwszPutFuncName = L"CryptSIPPutSignedDataMsg"; sProv.pwszCreateFuncName = L"CryptSIPCreateIndirectData"; sProv.pwszVerifyFuncName = L"CryptSIPVerifyIndirectData"; sProv.pwszRemoveFuncName = L"CryptSIPRemoveSignedDataMsg"; sProv.pgSubject = &gFlat; fRet &= CryptSIPAddProvider(&sProv); sProv.pgSubject = &gCb; sProv.pwszMagicNumber = L"MSCF"; fRet &= CryptSIPAddProvider(&sProv); sProv.pgSubject = &gPe; sProv.pwszMagicNumber = L"0x00004550"; fRet &= CryptSIPAddProvider(&sProv); sProv.pgSubject = &gJv; sProv.pwszMagicNumber = L"0xcafebabe"; fRet &= CryptSIPAddProvider(&sProv); sProv.pgSubject = &gCat; fRet &= CryptSIPAddProvider(&sProv); sProv.pgSubject = &gCTL; fRet &= CryptSIPAddProvider(&sProv); // structured storage is last becuase it has an "is" function... /* sProv.pgSubject = &gSS; sProv.pwszIsFunctionNameFmt2 = L"IsStructuredStorageFile"; fRet &= CryptSIPAddProvider(&sProv); */ CryptSIPRemoveProvider(&gSS); return(fRet ? S_OK : S_FALSE); } STDAPI mssip32DllUnregisterServer(void) { GUID gFlat = CRYPT_SUBJTYPE_FLAT_IMAGE; GUID gPe = CRYPT_SUBJTYPE_PE_IMAGE; GUID gCb = CRYPT_SUBJTYPE_CABINET_IMAGE; GUID gJv = CRYPT_SUBJTYPE_JAVACLASS_IMAGE; GUID gCat = CRYPT_SUBJTYPE_CATALOG_IMAGE; GUID gCTL = CRYPT_SUBJTYPE_CTL_IMAGE; GUID gSS = CRYPT_SUBJTYPE_SS_IMAGE; CryptSIPRemoveProvider(&gFlat); CryptSIPRemoveProvider(&gPe); CryptSIPRemoveProvider(&gCb); CryptSIPRemoveProvider(&gJv); CryptSIPRemoveProvider(&gCat); CryptSIPRemoveProvider(&gCTL); CryptSIPRemoveProvider(&gSS); return(S_OK); } void CryptSIPGetRegWorkingFlags(DWORD *pdwState) { WintrustGetRegPolicyFlags(pdwState); } // support for Auth2 release typedef struct _SIP_INFORMATION { DWORD cbSize; // sizeof(SIP_INFORMATION) DWORD cgSubjects; // number of guids in array const GUID *pgSubjects; // array of supported guids/subjects } SIP_INFORMATION, *PSIP_INFORMATION; BOOL CryptSIPGetInfo(IN OUT SIP_INFORMATION *pSIPInit) { UINT i; i = 0; pSIPInit->cbSize = sizeof(SIP_INFORMATION); while (SubjectsID[i] != MSSIP_ID_NONE) { i++; } pSIPInit->cgSubjects = i; pSIPInit->pgSubjects = &SubjectsGuid[0]; return(TRUE); }