Microsoft/Windows2003-3790
Microsoft/Windows2003-3790
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
master
Windows2003-3790/inetcore/outlookexpress/inetcomm/mimeole/smime.cpp
Microsoft 50969b0ea2 First commit
2020-09-30 16:53:55 +02:00

4608 lines
152 KiB
C++
Raw Permalink Blame History

/*
** s m i m e . c p p
**
** Purpose:
** Implementation of a class to wrap around CAPI functionality
**
** History
** 1/26/98 (brucek) Allow multiple security layers (triple-wrapping)
** 6/15/97: (t-erikne) CAPI streaming
** 5/18/97: (t-erikne) new IMimeSecurity interface
** 2/07/97: (t-erikne) multipart/signed
** 1/06/97: (t-erikne) Moved into MimeOLE
** 11/14/96: (t-erikne) CAPI Post-SDR work
** 8/27/96: (t-erikne) Created.
**
** Copyright (C) Microsoft Corp. 1996-1998.
*/
///////////////////////////////////////////////////////////////////////////
//
// Depends on
//
#include "pch.hxx"
#include "smime.h"
#include "vstream.h"
#include "olealloc.h"
#include "capistm.h"
#include "bookbody.h"
#ifndef MAC
#include <shlwapi.h>
#endif // !MAC
#include <demand.h>
// from dllmain.h
extern CMimeAllocator * g_pMoleAlloc;
extern CRITICAL_SECTION g_csDllMain;
extern ULONG DllAddRef(void);
extern ULONG DllRelease(void);
extern HCERTSTORE WINAPI OpenCachedMyStore();
extern HCERTSTORE WINAPI OpenCachedAddressBookStore();
#define MST_THIS_SIGN_ENCRYPT (MST_THIS_SIGN | MST_THIS_ENCRYPT)
///////////////////////////////////////////////////////////////////////////
//
// Static Prototypes
//
static void _FreeCertArray(PCCERT_CONTEXT *rgpCert, const UINT cCerts);
static HRESULT _HrConvertHrFromGetCertToEncode(HRESULT hr, const BOOL fEncrypt);
#ifndef SMIME_V3
static HRESULT ConstructAuthAttributes(BLOB * pblEncoded, BLOB * pblAuthAttr, FILETIME * pftSigntime, BLOB * pblSymcaps);
#endif // SMIME_V3
extern HRESULT HrCopyBlob(LPCBLOB pIn, LPBLOB pOut);
static LPBYTE DuplicateMemory(LPBYTE lpvIn, ULONG cbIn);
///////////////////////////////////////////////////////////////////////////
//
// Macros
//
#define CHECKSMIMEINITDW { if (FAILED(CheckInit())) return (DWORD)-1; }
#define CHECKSMIMEINITV { if (FAILED(CheckInit())) return; }
#define CHECKSMIMEINITB { if (FAILED(CheckInit())) return FALSE; }
#define CHECKSMIMEINIT { if (FAILED(CheckInit())) return MIME_E_SECURITY_NOTINIT; }
#define SCHECKSMIMEINITP { if (FAILED(StaticCheckInit())) return NULL; }
#define SCHECKSMIMEINITV { if (FAILED(StaticCheckInit())) return; }
#define SCHECKSMIMEINIT { if (FAILED(StaticCheckInit())) return MIME_E_SECURITY_NOTINIT; }
#define ALLOCED(_pv) \
(0 != g_pMalloc->DidAlloc(_pv))
#define THIS_AS_UNK ((IUnknown *)(IStream *)this)
///////////////////////////////////////////////////////////////////////////
//
// Globals
//
ASSERTDATA
static const char s_szSMIMEP7s[] = "smime.p7s";
static const char s_szSMIMEP7m[] = "smime.p7m";
#ifdef DEBUG
static LPCSTR s_lpszCertStore = "c:\\ttfn\\debug.sto";
// emit signatures, encryption that should be broken
static BOOL s_fDebugEmitBroken = 0;
// show the certificate found by HrGetUsableCert
static BOOL s_fDebugShowFoundCert = 0;
// copy the message source to a BYTE *
static BOOL s_fDebugDumpWholeMsg = 1;
// show/select certs w/o email oids
static BOOL s_fDebugAllowNoEmail = 1;
#endif // DEBUG
static const char s_cszMy[] = "My";
static const char s_cszWABCertStore[] = "AddressBook";
CRYPT_ENCODE_PARA CryptEncodeAlloc = {
sizeof(CRYPT_ENCODE_PARA), CryptAllocFunc, CryptFreeFunc
};
CRYPT_DECODE_PARA CryptDecodeAlloc = {
sizeof(CRYPT_DECODE_PARA), CryptAllocFunc, CryptFreeFunc
};
///////////////////////////////////////////////////////////////////////////
//
// Initialization of statics to class
//
#ifdef MAC
EXTERN_C WINCRYPT32API HCERTSTORE WINAPI MacCertOpenStore(LPCSTR lpszStoreProvider,
DWORD dwEncodingType,
HCRYPTPROV hCryptProv,
DWORD dwFlags,
const void *pvPara);
#define CertOpenStore MacCertOpenStore
// We don't have DLL's on the Mac, so let's just hardcode the vtable.
CAPIfuncs CSMime::ms_CAPI = { CertEnumCertificatesInStore,
CertNameToStrA
};
#endif // MAC
///////////////////////////////////////////////////////////////////////////
//
// inlines
//
INLINE void ReleaseCert(PCCERT_CONTEXT pc)
{ if (pc) CertFreeCertificateContext(pc); }
INLINE void ReleaseCertStore(HCERTSTORE hc)
{ if (hc) CertCloseStore(hc, 0); }
INLINE void FreeCert(PCCERT_CONTEXT pc)
{ CertFreeCertificateContext(pc); }
INLINE PCCERT_CONTEXT DupCert(const PCCERT_CONTEXT pc)
{ return CertDuplicateCertificateContext(pc); }
///////////////////////////////////////////////////////////////////////////
//
// ctor, dtor
//
CSMime::CSMime(void)
{
DllAddRef();
m_cRef = 1;
InitializeCriticalSection(&m_cs);
DOUT("CSMIME::constructor() %#x -> %d", this, m_cRef);
}
CSMime::~CSMime()
{
DOUT("CSMIME::destructor() %#x -> %d", this, m_cRef);
DeleteCriticalSection(&m_cs);
DllRelease();
}
///////////////////////////////////////////////////////////////////////////
//
// IUnknown methods
//
STDMETHODIMP CSMime::QueryInterface(REFIID riid, LPVOID *ppv)
{
if (!ppv)
return TrapError(E_INVALIDARG);
// Find IID
if (IID_IUnknown == riid)
*ppv = (IUnknown *)(IMimeSecurity *)this;
else if (IID_IMimeSecurity == riid)
*ppv = (IMimeSecurity *)this;
else
{
*ppv = NULL;
return TrapError(E_NOINTERFACE);
}
((IUnknown *)*ppv)->AddRef();
return S_OK;
}
STDMETHODIMP_(ULONG) CSMime::AddRef(void)
{
DOUT("CSMime::AddRef() %#x -> %d", this, m_cRef+1);
InterlockedIncrement((LPLONG)&m_cRef);
return m_cRef;
}
STDMETHODIMP_(ULONG) CSMime::Release(void)
{
DOUT("CSMime::Release() %#x -> %d", this, m_cRef-1);
if (0 == InterlockedDecrement((LPLONG)&m_cRef))
{
delete this;
return 0;
}
return m_cRef;
}
///////////////////////////////////////////////////////////////////////////
//
// Initialization functions
//
STDMETHODIMP CSMime::CheckInit(void)
{
register BOOL f;
EnterCriticalSection(&m_cs);
#ifdef MAC
f = TRUE;
#else // !MAC
f = !!DemandLoadCrypt32();
#endif // MAC
#ifdef DEBUG
if(!f) {
DebugStrf("CSMime not initialized ! ! !\n");
}
#endif
LeaveCriticalSection(&m_cs);
return f ? S_OK : MIME_E_SECURITY_NOTINIT;
}
inline HRESULT CSMime::StaticCheckInit(void)
{
#ifdef MAC
return S_OK;
#else // !MAC
HRESULT hr;
if(DemandLoadCrypt32()) {
hr = S_OK;
}
else {
#ifdef DEBUG
DebugStrf("CSMime not initialized ! ! !\n");
#endif
hr = MIME_E_SECURITY_NOTINIT;
}
return hr;
#endif // MAC
}
/* InitNew:
**
** Purpose:
** Called after the ctor by clients. Initializes CSMime.
*/
STDMETHODIMP CSMime::InitNew(void)
{
register HRESULT hr;
EnterCriticalSection(&m_cs);
hr = HrInitCAPI();
#ifdef DEBUG
if (SUCCEEDED(hr))
#ifdef MAC
InitDebugHelpers((HINSTANCE) 1);
#else // !MAC
InitDebugHelpers(/*g_hCryptoDll*/ (HINSTANCE) 1);
#endif // MAC
if (0) {
DumpAlgorithms();
}
TrapError(hr);
#endif
LeaveCriticalSection(&m_cs);
if (E_FAIL == hr) {
hr = MIME_E_SECURITY_NOTINIT;
}
return hr;
}
/* InitCAPI:
**
** Purpose:
** Loads the required dll and inits the function table.
** Returns:
** MIME_E_SECURITY_LOADCRYPT32 if LoadLibrary fails
** MIME_E_SECURITY_BADPROCADDR if any of the GetProcAddress calls fail
*/
HRESULT CSMime::HrInitCAPI()
{
#ifdef MAC
return S_OK;
#else // !MAC
HRESULT hr = S_OK;
UINT u = 0;
FARPROC *pVTable;
EnterCriticalSection(&g_csDllMain);
if (!DemandLoadCrypt32()) {
hr = TrapError(MIME_E_SECURITY_LOADCRYPT32);
goto ErrorReturn;
}
exit:
LeaveCriticalSection(&g_csDllMain);
return hr;
ErrorReturn:
{
DWORD dwErr = GetLastError();
UnloadCAPI();
SetLastError(dwErr);
Assert(S_OK != hr);
}
goto exit;
#endif // MAC
}
/* UnloadAll:
**
** Purpose:
** Called during deinit of our DLL to unload S/MIME
*/
void CSMime::UnloadAll(void)
{
UnloadCAPI();
return;
}
/* UnloadCAPI:
**
** Purpose:
** Frees the crypt32 library. Note that this will
** cause subsequent CheckInit calls to fail
*/
void CSMime::UnloadCAPI()
{
}
///////////////////////////////////////////////////////////////////////////
//
// Encode/Decode stuff . . .
//
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
//
// Message crackers
//
#ifndef WIN16
HRESULT CSMime::GetMessageType(
HWND hwndParent,
IMimeBody *const pBody,
DWORD *const pdwSecType)
#else
HRESULT CSMime::GetMessageType(
const HWND hwndParent,
IMimeBody *const pBody,
DWORD *const pdwSecType)
#endif // !WIN16
{
return StaticGetMessageType(hwndParent, pBody, pdwSecType);
}
/* StaticGetMessageType:
**
** Purpose:
** Used to figure out if a message is signed/encrypted/none/both
** without doing any cryptographic operations.
** Takes:
** IN hwndParent - all modal UI to this
** IN pBody - body to decode
** OUT dwSecType - which, if any, S/MIME types have been applied
** Notes:
** if MIME_E_SECURITY_BADSECURETYPE is returned, pdwSecType is set
** to the actual CMSG_ return from CAPI.
** (7/10/97) MIME_E_SECURITY_BADSECURETYPE now comes from CAPISTM.
*/
HRESULT CSMime::StaticGetMessageType(
HWND hwndParent,
IMimeBody *const pBody,
DWORD *const pdwSecType)
{
HRESULT hr;
// SCHECKSMIMEINIT
if (!(pBody && pdwSecType))
return TrapError(E_INVALIDARG);
CCAPIStm capistmMsg(NULL);
hr = capistmMsg.HrInitialize(0, hwndParent, FALSE, NULL, CSTM_TYPE_ONLY, NULL, NULL);
if (SUCCEEDED(hr)) {
IStream * pstmCapi;
PSECURITY_LAYER_DATA psld;
capistmMsg.QueryInterface(IID_IStream, (void**)&pstmCapi);
#ifdef N_BAD1
// This is what would happen if I were passed a stream
// instead of a body
LPSTREAM pstmBody;
ULARGE_INTEGER uliCopy;
hr = pBody->GetData(IET_BINARY, &pstmBody);
uliCopy.HighPart = (ULONG)-1;
uliCopy.LowPart = (ULONG)-1;
pstmBody->CopyTo(pstmCapi, uliCopy, NULL, NULL);
#else
hr = pBody->GetDataHere(IET_BINARY, pstmCapi);
#endif
// We expect CAPISTM_E_GOTTYPE because the streamer
// fails its Write() as soon as it gets the type
Assert(FAILED(hr));
// However, try to get the data even if we succeeded. That
// would surprise me.
// BUGBUG: Does this make sense? We're only dealing with the outer layer here.
if (psld = capistmMsg.GetSecurityLayerData()) {
if (CAPISTM_E_GOTTYPE == hr) {
hr = S_OK;
}
*pdwSecType = psld->m_dwMsgEnhancement;
psld->Release();
} else {
hr = E_FAIL;
}
pstmCapi->Release();
hr = capistmMsg.EndStreaming();
}
return hr;
}
///////////////////////////////////////////////////////////////////////////
//
// Encode methods
//
/* EncodeMessage:
**
** Purpose:
** call EncodeBody for lazy developers
** Takes:
** IN pTree - the tree of the message
** IN dwFlags - SEF_*
*/
STDMETHODIMP CSMime::EncodeMessage(
IMimeMessageTree *const pTree,
DWORD dwFlags)
{
HRESULT hr;
HBODY hRoot;
if (!pTree || (dwFlags & ~SEF_MASK)) {
hr = TrapError(E_INVALIDARG);
}
else if (SUCCEEDED(hr = pTree->GetBody(IBL_ROOT, NULL, &hRoot))) {
hr = TrapError(EncodeBody(pTree, hRoot, dwFlags|EBF_RECURSE|EBF_COMMITIFDIRTY));
}
return hr;
}
HRESULT CSMime::EncodeMessage2(IMimeMessageTree *const pTree, DWORD dwFlags,
HWND hwnd)
{
HRESULT hr;
HBODY hRoot;
if (!pTree || (dwFlags & ~SEF_MASK)) {
hr = TrapError(E_INVALIDARG);
}
else if (SUCCEEDED(hr = pTree->GetBody(IBL_ROOT, NULL, &hRoot))) {
hr = TrapError(EncodeBody2(pTree, hRoot, dwFlags|EBF_RECURSE|
EBF_COMMITIFDIRTY, hwnd));
}
return hr;
}
/* EncodeBody:
**
** Purpose:
** Do the entirety of the S/MIME encode operation. This includes converting bodyoptions
** to SMIMEINFO and calling the appropriate encoding subfunctions.
**
** Takes:
** IN pTree - the tree of the body to encode
** IN hEncodeRoot - body from which to encode downward
** IN dwFlags - set of EBF_ or SEF_
*/
STDMETHODIMP CSMime::EncodeBody(
IMimeMessageTree *const pTree,
HBODY hEncodeRoot,
DWORD dwFlags)
{
HRESULT hr;
HWND hwnd = NULL;
IMimeBody * pEncodeRoot = NULL;
PROPVARIANT var;
if (! pTree || ! hEncodeRoot) {
hr = TrapError(E_INVALIDARG);
goto exit;
}
// Get the body we are suppose to be encoding
CHECKHR(hr = pTree->BindToObject(hEncodeRoot, IID_IMimeBody, (void**)&pEncodeRoot));
#ifdef _WIN64
if (SUCCEEDED(pEncodeRoot->GetOption(OID_SECURITY_HWND_OWNER_64, &var)) && (NULL != (HWND)(var.pulVal))) {
Assert(VT_UI8 == var.vt);
hwnd = *(HWND *)(&(var.uhVal));
}
#else
if (SUCCEEDED(pEncodeRoot->GetOption(OID_SECURITY_HWND_OWNER, &var)) && (NULL != var.ulVal))
{
Assert(VT_UI4 == var.vt);
hwnd = (HWND)var.ulVal;
}
#endif // _WIN64
hr = EncodeBody2(pTree, hEncodeRoot, dwFlags, hwnd);
exit:
ReleaseObj(pEncodeRoot);
return hr;
}
HRESULT CSMime::EncodeBody2(IMimeMessageTree *const pTree, HBODY hEncodeRoot,
DWORD dwFlags, HWND hwnd)
{
IMimeAddressTable * pAdrTable = NULL;
IMimeEnumAddressTypes * pAdrEnum = NULL;
CVirtualStream * pvstmEncoded = NULL;
IMimeBody * pEncodeRoot = NULL;
HRESULT hr;
SMIMEINFO si;
CERTARRAY caCerts;
BOOL fIgnoreSenderCertProbs;
PSECURITY_LAYER_DATA psldLoop;
PROPVARIANT var;
memset(&si, 0, sizeof(si));
memset(&caCerts, 0, sizeof(caCerts));
if (! pTree || ! hEncodeRoot) {
hr = TrapError(E_INVALIDARG);
goto exit;
}
// Get the body we are suppose to be encoding
CHECKHR(hr = pTree->BindToObject(hEncodeRoot, IID_IMimeBody, (void**)&pEncodeRoot));
// We are going to set the state to don't encode this body
// We we are called this should never be set to TRUE as we are getting explicity called.
// If it is true, then ignore it.
#ifdef DEBUG
hr = pEncodeRoot->GetOption(OID_NOSECURITY_ONSAVE, &var);
Assert((hr == S_OK) && (var.boolVal == FALSE));
#endif // DEBUG
var.boolVal = TRUE;
CHECKHR(hr = pEncodeRoot->SetOption(OID_NOSECURITY_ONSAVE, &var));
hr = OptionsToSMIMEINFO(TRUE, pTree, pEncodeRoot, &si);
if (S_OK != hr) {
goto exit;
}
if (MIME_S_SECURITY_NOOP == hr) {
SMDOUT("Encode body called on plain set.");
goto exit;
}
if (EBF_RECURSE & dwFlags) {
if (MST_DESCENDENT_MASK & si.dwMsgEnhancement) {
AssertSz(0, "nyi: recursion.");
}
}
if (MIME_S_SECURITY_RECURSEONLY == hr) {
hr = MIME_S_SECURITY_NOOP;
SMDOUT("Encode body called on plain body.");
goto exit;
}
fIgnoreSenderCertProbs = (SEF_ENCRYPTWITHNOSENDERCERT|SEF_SENDERSCERTPROVIDED) & dwFlags;
psldLoop = si.psldLayers;
while (psldLoop) {
// Can only apply one of signing or encryption
Assert(!!(psldLoop->m_dwMsgEnhancement & MST_THIS_SIGN) +
!!(psldLoop->m_dwMsgEnhancement & MST_THIS_ENCRYPT) == 1);
if (psldLoop->m_dwMsgEnhancement & MST_SIGN_MASK) {
// 2nd attempt at finding a signing cert
Assert(psldLoop->m_rgSigners != NULL);
if (psldLoop->m_rgSigners[0].pccert == NULL) {
CHECKHR(hr = HrGetNeededAddresses(IAT_FROM, pTree, &pAdrTable,
&pAdrEnum));
hr = HrGetCertificates(pAdrTable, pAdrEnum, ITT_SIGNING,
fIgnoreSenderCertProbs, &caCerts);
if (S_OK != hr) {
hr = _HrConvertHrFromGetCertToEncode(hr, FALSE);
Assert(FAILED(hr));
goto exit;
}
Assert(caCerts.rgpCerts);
Assert(1 == caCerts.cCerts);
// need the sender's cert listed a second time
if (caCerts.rgpCerts[0]) {
psldLoop->m_rgSigners[0].pccert = DupCert(caCerts.rgpCerts[0]);
}
}
}
if (psldLoop->m_dwMsgEnhancement & MST_THIS_ENCRYPT) {
Assert(! caCerts.rgpCerts);
// 2nd place to look for encryption certs
ReleaseObj(pAdrTable);
ReleaseObj(pAdrEnum);
// NOTE: Do NOT include IAT_REPLYTO in the needed addresses!
#ifdef SMIME_V3
if (psldLoop->m_rgRecipientInfo == NULL) {
hr = E_FAIL;
Assert(FAILED(hr));
goto exit;
}
#else // !SMIME_V3
if (psldLoop->m_rgEncryptItems == NULL) {
hr = HrGetNeededAddresses(IAT_FROM | IAT_TO | IAT_CC | IAT_BCC | IAT_SENDER, pTree, &pAdrTable, &pAdrEnum);
if (SUCCEEDED(hr)) {
DWORD i;
DWORD dexBogus; // the index into certResults of the NULL sender's cert
hr = HrGetCertificates(pAdrTable, pAdrEnum, ITT_ENCRYPTION,
fIgnoreSenderCertProbs, &caCerts);
//
// Outlook98 doesn't pass us an address table, all of the certs
// are already in the SMIMEINFO struct. So if we're told that the
// sender certs are provided, and we don't have any certificates
// from the table, we just continue. We'll fail properly
// in the zero certificate case down below.
//
if ((S_OK != hr) &&
!((MIME_S_SECURITY_NOOP == hr) &&
((fIgnoreSenderCertProbs & SEF_SENDERSCERTPROVIDED) != 0))) {
hr = _HrConvertHrFromGetCertToEncode(hr, TRUE);
Assert(FAILED(hr));
goto exit;
}
if (caCerts.cCerts == 0) {
hr = TrapError(MIME_E_SECURITY_NOCERT);
goto exit;
}
// just reference the certResults as the encryption array
Assert(0 == psldLoop->m_cEncryptItems);
if (!MemAlloc((LPVOID *) &psldLoop->m_rgEncryptItems,
sizeof(EncryptItem))) {
hr = E_OUTOFMEMORY;
goto exit;
}
psldLoop->m_cEncryptItems = 1;
psldLoop->m_rgEncryptItems[0].dwTagType = ENCRYPT_ITEM_TRANSPORT;
psldLoop->m_rgEncryptItems[0].Transport.cCert = caCerts.cCerts;
psldLoop->m_rgEncryptItems[0].Transport.rgpccert = caCerts.rgpCerts;
psldLoop->m_rgEncryptItems[0].Transport.blobAlg.pBlobData = NULL;
psldLoop->m_rgEncryptItems[0].Transport.blobAlg.cbSize = 0;
caCerts.rgpCerts = NULL; // we're holding it in the layer now
// Encryption algorithm
if (SUCCEEDED(pEncodeRoot->GetOption(OID_SECURITY_ALG_BULK, &var)) &&
(0 != var.blob.cbSize)) {
Assert(VT_BLOB == var.vt);
psldLoop->m_rgEncryptItems[0].Transport.blobAlg.pBlobData = var.blob.pBlobData;
psldLoop->m_rgEncryptItems[0].Transport.blobAlg.cbSize = var.blob.cbSize;
}
}
}
else {
if (!fIgnoreSenderCertProbs) {
hr = TrapError(MIME_E_SECURITY_ENCRYPTNOSENDERCERT);
goto exit;
}
}
#endif // SMIME_V3
} // encryption
// Clean up cert array for next round
if (caCerts.rgpCerts) {
_FreeCertArray(caCerts.rgpCerts, caCerts.cCerts);
caCerts.rgpCerts = NULL;
}
psldLoop = psldLoop->m_psldInner;
}
if (!(pvstmEncoded = new CVirtualStream)) {
hr = TrapError(E_OUTOFMEMORY);
goto exit;
}
if (FClearSign(si.dwMsgEnhancement)) {
if (FEncrypt(si.dwMsgEnhancement)) {
si.dwMsgEnhancement |= MST_BLOB_FLAG;
CHECKHR(hr = HrEncodeOpaque(&si, pTree, hEncodeRoot, pEncodeRoot, pvstmEncoded, hwnd));
}
else {
CHECKHR(hr = HrEncodeClearSigned(&si, pTree, hEncodeRoot, pEncodeRoot,
pvstmEncoded, (dwFlags & EBF_COMMITIFDIRTY), hwnd));
// Since this went multi-part, the root body changed on us and we need to get
// it back
pEncodeRoot->Release();
CHECKHR(hr = pTree->BindToObject(hEncodeRoot, IID_IMimeBody,
(void**)&pEncodeRoot));
}
}
else {
// encryption and/or signedData signature
CHECKHR(hr = HrEncodeOpaque(&si, pTree, hEncodeRoot, pEncodeRoot, pvstmEncoded, hwnd));
}
CommonReturn:
if (pEncodeRoot != NULL)
{
var.boolVal = FALSE;
pEncodeRoot->SetOption(OID_NOSECURITY_ONSAVE, &var);
}
ReleaseObj(pAdrTable);
ReleaseObj(pAdrEnum);
ReleaseObj(pvstmEncoded);
ReleaseObj(pEncodeRoot);
FreeSMIMEINFO(&si);
return hr;
exit:
// these objects are only need attention on error
_FreeCertArray(caCerts.rgpCerts, caCerts.cCerts);
goto CommonReturn;
}
/* HrEncodeClearSigned:
**
** Purpose:
** Builds the multipart message needed for clear signing and
** retrieves the data stream to pass to the stream wrapepr.
** Takes:
** IN psi - needs the certificate array, signing
** certificate, etc.
** IN pTree - tree containing body to convert to m/s
** IN pEncodeRoot - body that will become 1st child of the m/s
** OUT lpstmOut - contains the signature bits (PKCS#7 nodata)
** Returns:
** hresult. no function-specific return values.
*/
HRESULT CSMime::HrEncodeClearSigned(
SMIMEINFO *const psi,
IMimeMessageTree *const pTree,
const HBODY hEncodeRoot,
IMimeBody *const pEncodeRoot,
LPSTREAM lpstmOut,
BOOL fCommit,
HWND hwnd)
{
HBODY hNew, hSignature, hData;
HRESULT hr;
HRESULT hr_smime = S_OK;
DWORD i;
IMimeBody * pSig = NULL;
IMimeBody * pMS = NULL;
IMimeBody * pData = NULL;
IMimeBody * pRoot = NULL;
IStream * pstmMsg = NULL;
BODYOFFSETS boData;
LARGE_INTEGER liPos;
PROPVARIANT var;
#ifdef DEBUG
BLOB blobMsg = {NULL,0};
#endif
ULARGE_INTEGER uliCopy;
ALG_ID aid;
const char * lpszProtocol;
CCAPIStm capistmMsg(lpstmOut);
// We need lpstmOut because it is the media of transmission for
// the signature. The sig body gets it through SetData
Assert(psi && hEncodeRoot && pEncodeRoot && pTree && lpstmOut);
CHECKHR(hr = pTree->ToMultipart(hEncodeRoot, STR_SUB_SIGNED, &hNew));
if (fCommit) {
BOOL fCleanup;
// Need to commit the tree, but if Tonja cleans it, I'll lose my
// multipart. So, turn off cleaning and save the value to set back.
CHECKHR(hr = pTree->GetOption(OID_CLEANUP_TREE_ON_SAVE, &var));
fCleanup = var.boolVal ? TRUE : FALSE;
var.boolVal = FALSE;
CHECKHR(hr = pTree->SetOption(OID_CLEANUP_TREE_ON_SAVE, &var));
CHECKHR(hr = pTree->Commit(COMMIT_SMIMETRANSFERENCODE));
var.boolVal = (VARIANT_BOOL) !!fCleanup;
pTree->SetOption(OID_CLEANUP_TREE_ON_SAVE, &var);
}
CHECKHR(hr = pTree->GetBody(IBL_FIRST, hNew, &hData));
CHECKHR(hr = pTree->BindToObject(hData, IID_IMimeBody, (LPVOID *)&pData));
CHECKHR(hr = pData->GetOffsets(&boData));
// BUG 38411: I need a clean pristine virginal-white stream
// so we have to go straight to the horse's smelly mouth.
CHECKHR(hr = pTree->GetMessageSource(&pstmMsg, 0));
#if defined(DEBUG) && !defined(MAC)
if (s_fDebugDumpWholeMsg) {
hr = HrStreamToByte(pstmMsg, &blobMsg.pBlobData, &blobMsg.cbSize);
HrRewindStream(pstmMsg);
}
#endif
// Now slice out the part we actually want
liPos.HighPart = 0;
liPos.LowPart = boData.cbHeaderStart;
CHECKHR(hr = pstmMsg->Seek(liPos, STREAM_SEEK_SET, NULL));
CHECKHR(hr = capistmMsg.HrInitialize(0, hwnd, TRUE, psi, CSTM_DETACHED, NULL, psi->psldInner));
if (SUCCEEDED(hr)) {
IStream *pstmCapi;
uliCopy.HighPart = 0;
uliCopy.LowPart = boData.cbBodyEnd-boData.cbHeaderStart;
capistmMsg.QueryInterface(IID_IStream, (void**)&pstmCapi);
hr = pstmMsg->CopyTo(pstmCapi, uliCopy, NULL, NULL);
pstmCapi->Release();
CHECKHR(hr = capistmMsg.EndStreaming());
}
CHECKHR(hr = pTree->InsertBody(IBL_LAST, hNew, &hSignature));
CHECKHR(hr = pTree->BindToObject(hSignature, IID_IMimeBody, (void**)&pSig));
CHECKHR(hr = pSig->SetData(IET_BINARY, STR_CNT_APPLICATION,
STR_SUB_XPKCS7SIG, IID_IStream, (void*)lpstmOut));
if (-1 != psi->ietRequested) {
var.vt = VT_UI4;
var.ulVal = psi->ietRequested;
pSig->SetOption(OID_TRANSMIT_BODY_ENCODING, &var);
}
// Set the properties for the signature blob as in S/MIGv2 3.3
var.vt = VT_LPSTR;
var.pszVal = (LPSTR)STR_DIS_ATTACHMENT;
CHECKHR(hr = pSig->SetProp(PIDTOSTR(PID_HDR_CNTDISP), 0, &var));
var.pszVal = (char *)s_szSMIMEP7s;
pSig->SetProp(PIDTOSTR(PID_PAR_FILENAME), 0, &var);
pSig->SetProp(PIDTOSTR(PID_PAR_NAME), 0, &var);
// Set the parameters on the m/s root as in rfc1847 2.1
CHECKHR(hr = pTree->BindToObject(hNew, IID_IMimeBody, (void**)&pMS));
var.pszVal = (char *)STR_MIME_APPL_PKCS7SIG;
CHECKHR(hr = pMS->SetProp(STR_PAR_PROTOCOL, 0, &var));
// Get the HASH algorithm. Note that we should NOT get a multi-layer
// message with Multipart/Signed so we should not have to worry about
// what layer this is for.
Assert(psi->psldLayers);
Assert(psi->psldLayers->m_psldInner == NULL);
Assert(psi->psldLayers->m_cSigners > 0);
Assert(psi->psldLayers->m_rgSigners != NULL);
if (psi->psldLayers->m_cSigners == 0) {
hr = E_INVALIDARG;
goto exit;
}
lpszProtocol = "unknown";
// M00BUG -- should add these together and remove duplicates
for (i=0; i<psi->psldLayers->m_cSigners; i++) {
hr = MimeOleAlgNameFromSMimeCap(psi->psldLayers->m_rgSigners[i].blobHashAlg.pBlobData,
psi->psldLayers->m_rgSigners[i].blobHashAlg.cbSize,
&lpszProtocol);
}
var.pszVal = (LPSTR)lpszProtocol;
CHECKHR(hr = pMS->SetProp(STR_PAR_MICALG, 0, &var));
var.ulVal = 0;
CHECKHR(hr = pTree->BindToObject(HBODY_ROOT, IID_IMimeBody, (void**)&pRoot));
SideAssert(SUCCEEDED(pRoot->SetOption(OID_SECURITY_SIGNATURE_COUNT, &var)));
SideAssert(SUCCEEDED(pRoot->SetOption(OID_SECURITY_TYPE, &var)));
exit:
#ifdef DEBUG
if (blobMsg.pBlobData) {
MemFree(blobMsg.pBlobData);
}
#endif
ReleaseObj(pRoot);
ReleaseObj(pSig);
ReleaseObj(pData);
ReleaseObj(pMS);
ReleaseObj(pstmMsg);
if (FAILED(hr) && hNew) {
// need to undo the multipartization and delete the sig body
// errors are not as important as the one that has already occured
if (hSignature) {
pTree->DeleteBody(hSignature, 0);
}
pTree->DeleteBody(hNew, DELETE_PROMOTE_CHILDREN);
}
if (S_OK != hr_smime && SUCCEEDED(hr)) {
hr = hr_smime;
}
return hr;
}
/* HrEncodeOpaque:
**
** Purpose:
**
** Takes:
** IN psi - needs signing cert,
** certificate array (opt)
** IN pTree - the normal tree baggage
** IN hEncodeRoot - the tree likes handles
** IN pEncodeRoot - body to begin encoding at
** OUT lpstmOut - contains the PKCS#7 message
*/
HRESULT CSMime::HrEncodeOpaque(
SMIMEINFO *const psi,
IMimeMessageTree * pTree,
HBODY hEncodeRoot,
IMimeBody * pEncodeRoot,
LPSTREAM lpstmOut,
HWND hwnd)
{
HRESULT hr;
HRESULT hrCAPI = S_OK;
CCAPIStm capistmMsg(lpstmOut);
IMimePropertySet *pFullProp = NULL, *pBodyProp = NULL;
hr = capistmMsg.HrInitialize(0, hwnd, TRUE, psi, 0, NULL, psi->psldInner);
#ifdef INTEROP2
//N8 This is one half of the fix to do headers correctly
// In the inner, no 822 headers, just MIME
// See another N8 comment for the other half, which is to
// have the outer 822's merged with the inner's MIME headers
// on decode
if (SUCCEEDED(hr)) {
hr = pEncodeRoot->BindToObject(IID_IMimePropertySet, (LPVOID *)&pBodyProp);
}
if (SUCCEEDED(hr)) {
hr = pBodyProp->Clone(&pFullProp);
}
if (SUCCEEDED(hr)) {
LPCSTR rgszHdrKeep[] = {
PIDTOSTR(PID_HDR_CNTTYPE),
PIDTOSTR(PID_HDR_CNTXFER),
PIDTOSTR(PID_HDR_CNTID),
PIDTOSTR(PID_HDR_CNTDESC),
PIDTOSTR(PID_HDR_CNTDISP),
PIDTOSTR(PID_HDR_CNTBASE),
PIDTOSTR(PID_HDR_CNTLOC),
};
hr = pBodyProp->DeleteExcept(ARRAYSIZE(rgszHdrKeep), rgszHdrKeep);
#endif
if (SUCCEEDED(hr)) {
IStream *pstmCapi;
capistmMsg.QueryInterface(IID_IStream, (void**)&pstmCapi);
hr = pTree->SaveBody(hEncodeRoot, 0, pstmCapi);
#if defined(DEBUG) && !defined(MAC)
if (s_fDebugDumpWholeMsg) {
BYTE *pb;
DWORD cb;
if (SUCCEEDED(HrStreamToByte(lpstmOut, &pb, &cb))) {
MemFree(pb);
}
}
#endif
pstmCapi->Release();
hrCAPI = capistmMsg.EndStreaming();
if (SUCCEEDED(hr)) { // hr from the SaveBody takes precedence
hr = hrCAPI;
}
}
#ifdef INTEROP2
}
#endif
if (SUCCEEDED(hr)) {
PROPVARIANT var;
pTree->DeleteBody(hEncodeRoot, DELETE_CHILDREN_ONLY);
pEncodeRoot->EmptyData();
var.ulVal = 0;
SideAssert(SUCCEEDED(pEncodeRoot->SetOption(OID_SECURITY_TYPE, &var)));
SideAssert(SUCCEEDED(pEncodeRoot->SetOption(OID_SECURITY_SIGNATURE_COUNT, &var)));
#ifdef INTEROP2
// reset the propset
pFullProp->CopyProps(0, NULL, pBodyProp);
#endif
//QPTEST DebugDumpStreamToFile(lpstmOut, "c:\\hexin.bin");
hr = pEncodeRoot->SetData(IET_BINARY, STR_CNT_APPLICATION,
STR_SUB_XPKCS7MIME, IID_IStream, (void*)lpstmOut);
if (SUCCEEDED(hr)) {
PROPVARIANT var;
var.vt = VT_UI4;
if (-1 != psi->ietRequested) {
var.ulVal = psi->ietRequested;
}
else {
var.ulVal = IET_BASE64;
}
pEncodeRoot->SetOption(OID_TRANSMIT_BODY_ENCODING, &var);
// Set the properties for the opaque blob as in S/MIGv2 3.3
var.vt = VT_LPSTR;
var.pszVal = (LPSTR)STR_DIS_ATTACHMENT;
pEncodeRoot->SetProp(PIDTOSTR(PID_HDR_CNTDISP), 0, &var);
var.pszVal = (LPSTR)s_szSMIMEP7m;
pEncodeRoot->SetProp(PIDTOSTR(PID_PAR_FILENAME), 0, &var);
pEncodeRoot->SetProp(PIDTOSTR(PID_PAR_NAME), 0, &var);
if (FEncrypt(psi->dwMsgEnhancement))
{
var.pszVal = (LPSTR) STR_SMT_ENVELOPEDDATA;
}
else
{
#ifdef SMIME_V3
if ((psi->pszInnerContent != NULL) &&
(strcmp(psi->pszInnerContent, szOID_SMIME_ContentType_Receipt) == 0))
{
var.pszVal = (LPSTR) STR_SMT_SIGNEDRECEIPT;
}
else
{
var.pszVal = (LPSTR) STR_SMT_SIGNEDDATA;
}
#else // !SMIME_V3
var.pszVal = (LPSTR) STR_SMT_SIGNEDDATA;
#endif // SMIME_V3
}
pEncodeRoot->SetProp(STR_PAR_SMIMETYPE, 0, &var);
}
}
ReleaseObj(pFullProp);
ReleaseObj(pBodyProp);
return hr;
}
///////////////////////////////////////////////////////////////////////////
//
// Decode methods
//
/* DecodeMessage:
**
** Purpose:
** To rip the shroud of secrecy from a message, leaving it naked in the
** harsh light of dawning comprehension. However, this function hides
** the unsightly goings-on that accomplish this task, simply returning
** a radically different tree
** Takes:
** IN pTree - the message's tree
** IN dwFlags - expansion. must be 0
** Returns:
** a variety of good and bad responses
*/
HRESULT CSMime::DecodeMessage(
IMimeMessageTree *const pTree,
DWORD dwFlags)
{
HRESULT hr;
HBODY hRoot;
HWND hwnd = NULL;
IMimeBody * pDecodeRoot = NULL;
PROPVARIANT var;
if (!pTree || (dwFlags & ~SEF_MASK)) {
return TrapError(E_INVALIDARG);
}
if (SUCCEEDED(hr = pTree->GetBody(IBL_ROOT, NULL, &hRoot))) {
CHECKHR(hr = pTree->BindToObject(hRoot, IID_IMimeBody, (void**)&pDecodeRoot));
#ifdef _WIN64
if (SUCCEEDED(pDecodeRoot->GetOption(OID_SECURITY_HWND_OWNER_64, &var)) &&
(NULL != (HWND)(var.pulVal)))
{
Assert(VT_UI8 == var.vt);
hwnd = *(HWND *)(&(var.uhVal));
}
#else
if (SUCCEEDED(pDecodeRoot->GetOption(OID_SECURITY_HWND_OWNER, &var)) &&
(NULL != var.ulVal))
{
Assert(VT_UI4 == var.vt);
hwnd = (HWND)var.ulVal;
}
#endif // _WIN64
hr = TrapError(DecodeBody2(pTree, hRoot, dwFlags|EBF_RECURSE, NULL,
hwnd, NULL));
}
exit:
ReleaseObj(pDecodeRoot);
return hr;
}
HRESULT CSMime::DecodeMessage2(IMimeMessageTree *const pTree, DWORD dwFlags,
HWND hwnd, IMimeSecurityCallback * pCallback)
{
HRESULT hr;
HBODY hRoot;
if (!pTree || (dwFlags & ~SEF_MASK)) {
return TrapError(E_INVALIDARG);
}
if (SUCCEEDED(hr = pTree->GetBody(IBL_ROOT, NULL, &hRoot))) {
hr = TrapError(DecodeBody2(pTree, hRoot, dwFlags|EBF_RECURSE, NULL,
hwnd, pCallback));
}
return hr;
}
/* DecodeBody:
**
** Purpose:
** Do the entirety of the S/MIME decode operation.
**
** Takes:
** IN pTree - the tree of the body to decode
** IN hEncodeRoot - body from which to decode downward
** IN dwFlags - set of DBF_ or SDF_
*/
HRESULT CSMime::DecodeBody(
IMimeMessageTree *const pTree,
HBODY hDecodeRoot,
DWORD dwFlags)
{
return DecodeBody(pTree, hDecodeRoot, dwFlags, NULL);
}
/* DecodeBody:
**
** Purpose:
** The X-rated version of the released (interface) copy. This
** one can tell if it has been recursed and merge the data.
**
** Takes:
** all the scenes of the original film plus:
** IN psiOuterOp - SMIMEINFO from the outer operation
** Note that this doesn't really mean
** subbodys or messages, but nested S/MIME.
** Simplest case is clearsigned in encryption.
*/
HRESULT CSMime::DecodeBody(
IMimeMessageTree *const pTree,
HBODY hDecodeRoot,
DWORD dwFlags,
SMIMEINFO * psiOuterOp)
{
HRESULT hr;
HWND hwnd = NULL;
IMimeBody * pDecodeRoot = NULL;
PROPVARIANT var;
if (! pTree || ! hDecodeRoot) {
hr = TrapError(E_INVALIDARG);
goto exit;
}
// Get the body we are suppose to be encoding
CHECKHR(hr = pTree->BindToObject(hDecodeRoot, IID_IMimeBody, (void**)&pDecodeRoot));
#ifdef _WIN64
if (SUCCEEDED(pDecodeRoot->GetOption(OID_SECURITY_HWND_OWNER_64, &var)) && (NULL != (HWND)(var.pulVal))) {
Assert(VT_UI8 == var.vt);
hwnd = *(HWND *)(&(var.uhVal));
}
#else
if (SUCCEEDED(pDecodeRoot->GetOption(OID_SECURITY_HWND_OWNER, &var)) && (NULL != var.ulVal))
{
Assert(VT_UI4 == var.vt);
hwnd = (HWND)var.ulVal;
}
#endif // _WIN6
hr = DecodeBody2(pTree, hDecodeRoot, dwFlags, psiOuterOp, hwnd, NULL);
exit:
ReleaseObj(pDecodeRoot);
return hr;
}
HRESULT CSMime::DecodeBody2(
IMimeMessageTree *const pTree,
HBODY hDecodeRoot,
DWORD dwFlags,
SMIMEINFO * psiOuterOp,
HWND hwnd,
IMimeSecurityCallback * pCallback)
{
PROPVARIANT var;
IMimeBody * pData;
IMimeBody * pDecodeRoot = NULL;
HRESULT hr, hr_smime = S_OK;
HBODY hSignature, hData;
SMIMEINFO si;
CVirtualStream * pvstmDecoded = NULL;
IStream * pstmMsg = NULL;
if (!(pTree && hDecodeRoot)) {
hr = TrapError(E_INVALIDARG);
goto exit;
}
//
// Get the body we are going to decode
//
CHECKHR(hr = pTree->BindToObject(hDecodeRoot, IID_IMimeBody, (void**)&pDecodeRoot));
memset(&si, 0, sizeof(SMIMEINFO));
OptionsToSMIMEINFO(FALSE, pTree, pDecodeRoot, &si);
//
// If we know what crypt provider to use, then grab it
//
#ifndef _WIN64
if (SUCCEEDED(pDecodeRoot->GetOption(OID_SECURITY_HCRYPTPROV, &var)) &&
(NULL != var.ulVal))
{
Assert(VT_UI4 == var.vt);
si.hProv = var.ulVal;
}
#else // _WIN64
if (SUCCEEDED(pDecodeRoot->GetOption(OID_SECURITY_HCRYPTPROV_64, &var)) &&
(NULL != var.pulVal))
{
Assert(VT_UI8 == var.vt);
si.hProv = (HCRYPTPROV) var.pulVal;
}
#endif //_WIN64
//
// Determine if this is a multi-part signed message, if so then do the appropriate
// decoding. Determined by "content-type: multipart/signed; protocol=pkcs7-signature"
//
if (S_OK == pDecodeRoot->IsContentType(STR_CNT_MULTIPART, STR_SUB_SIGNED) &&
IsSMimeProtocol(pDecodeRoot)) {
CHECKHR(hr = pTree->GetBody(IBL_FIRST, hDecodeRoot, &hData));
CHECKHR(hr = pTree->GetBody(IBL_LAST, hDecodeRoot, &hSignature));
if FAILED(hr_smime = HrDecodeClearSigned(dwFlags, &si, pTree, hData,
hSignature, hwnd, pCallback)) {
goto exit;
}
// now we need to make the message readable. get rid of the signature
// blob. this will leave the m/s with one child, the message data.
// delete the parent with DELETE_PROMOTE_CHILDREN and this will
// kick the data body up as the only remaining body.
pTree->DeleteBody(hSignature, 0);
pTree->DeleteBody(hDecodeRoot, DELETE_PROMOTE_CHILDREN);
pTree->Commit(0);
}
//
// Determine if this is a blob signed or encrypted message. If it is then
// do the appropriate decoding.
//
else if (S_OK == pDecodeRoot->IsContentType(STR_CNT_APPLICATION, STR_SUB_XPKCS7MIME) ||
S_OK == pDecodeRoot->IsContentType(STR_CNT_APPLICATION, STR_SUB_PKCS7MIME)) {
//
// Create the stream to hold the decoded mime body
//
if (!(pvstmDecoded = new CVirtualStream)) {
hr = TrapError(E_OUTOFMEMORY);
goto exit;
}
//
// Do the actual decode of the message. This produces the decode stream in
// pvstmDecode.
//
if (FAILED(hr_smime = HrDecodeOpaque(dwFlags, &si, pDecodeRoot,
pvstmDecoded, hwnd, pCallback))) {
goto exit;
}
// Header bug fix:
// we need to blow away the subtree below this body
// however, we have to keep the 822 headers around. This option
// change does this, mostly. the EmptyData call removes
// some of the body's properties, most notably the content-*
// ones. when I use RELOAD_HEADER_REPLACE, the inner body
// will blow away any of the overlapping outer headers, but
// keep the ones that don't exist.
//
// Why did I do this?
// Deming doesn't put a from: line in the #7 signedData. We
// shoudln't either. Now we don't. Without this fix, this
// would prevent us from being able to add to WAB because
// the address table would be empty.
CHECKHR(hr = pTree->DeleteBody(hDecodeRoot, DELETE_CHILDREN_ONLY));
CHECKHR(hr = pDecodeRoot->EmptyData());
ULONG ulOldval;
pTree->GetOption(OID_HEADER_RELOAD_TYPE, &var);
Assert(VT_UI4 == var.vt);
ulOldval = var.ulVal;
var.ulVal = RELOAD_HEADER_REPLACE;
pTree->SetOption(OID_HEADER_RELOAD_TYPE, &var);
//
// Load the decoded message back into the message so that we can have the
// decrypted message.
//
CHECKHR(hr = pTree->Load(pvstmDecoded));
var.ulVal = ulOldval;
pTree->SetOption(OID_HEADER_RELOAD_TYPE, &var);
//
// Grab the root node -- this is where we are going to put the info relative
// to the decryption/decoding we just did.
//
CHECKHR(hr = pTree->GetBody(IBL_ROOT, NULL, &hData));
}
else {
hr = MIME_S_SECURITY_NOOP;
goto exit;
}
// now, this could be way cool and actually have another S/MIME part inside
// The most common case is a clear signed message inside of encryption, but
// others could occur.
// Recurse!
{
HBODY hRoot;
if (SUCCEEDED(hr = pTree->GetBody(IBL_ROOT, NULL, &hRoot))) {
hr = TrapError(DecodeBody2(pTree, hRoot, dwFlags|EBF_RECURSE, &si,
hwnd, pCallback));
}
CHECKHR(hr);
}
if (hr == MIME_S_SECURITY_NOOP) {
hr = S_OK;
}
else {
hData = HBODY_ROOT;
}
//
// If this is the root of the decode, then we move the decryption information back
// into the message we are dealing with. If this is not the root then merge together
// the S/MIME info structure from the caller.
//
if (psiOuterOp == NULL) {
hr = SMIMEINFOToOptions(pTree, &si, hData);
}
else {
hr = MergeSMIMEINFO(psiOuterOp, &si);
}
Assert(SUCCEEDED(hr));
exit:
ReleaseObj(pDecodeRoot);
ReleaseObj(pstmMsg);
ReleaseObj(pvstmDecoded);
FreeSMIMEINFO(&si);
if (S_OK != hr_smime && SUCCEEDED(hr)) {
hr = (MIME_E_SECURITY_NOOP == hr_smime) ? MIME_S_SECURITY_NOOP : hr_smime;
}
return TrapError(hr);
}
/* HrDecodeOpaque:
**
** Purpose:
**
** Takes:
**
**
*/
HRESULT CSMime::HrDecodeOpaque(DWORD dwFlags,
SMIMEINFO *const psi,
IMimeBody *const pBody,
IStream *const pstmOut,
HWND hwnd,
IMimeSecurityCallback * pCallback)
{
HRESULT hr;
CCAPIStm capistmMsg(pstmOut);
hr = capistmMsg.HrInitialize(dwFlags, hwnd, FALSE, psi, 0, pCallback, NULL);
if (SUCCEEDED(hr)) {
IStream * pstmCapi;
HCRYPTMSG hMsg;
//QPTEST hr = pBody->GetDataHere(IET_BINARY, pstmOut);
//QPTEST DebugDumpStreamToFile(pstmOut, "c:\\stmout.bin");
//QPTEST HrRewindStream(pstmOut);
capistmMsg.QueryInterface(IID_IStream, (void**)&pstmCapi);
hr = pBody->GetDataHere(IET_BINARY, pstmCapi);
pstmCapi->Release();
if (FAILED(hr)) goto exit;
CHECKHR(hr = capistmMsg.EndStreaming());
#if defined(DEBUG) && !defined(MAC)
if (s_fDebugDumpWholeMsg) {
BYTE *pb;
DWORD cb;
if (SUCCEEDED(HrStreamToByte(pstmOut, &pb, &cb))) {
MemFree(pb);
}
}
#endif
hr = CAPISTMtoSMIMEINFO(&capistmMsg, psi);
}
exit:
return hr;
}
/* HrDecodeClearSigned:
**
** Purpose:
** Reform the signed body to be hashed and extract the signature
** data. Pass these through to the interface stream method.
** Takes:
** IN dwFlags - Control Flags for the decode
** IN OUT psi - passed to DecodeDetachedStream
** IN pTree - tree to get message source from
** IN hData - handle to body with signed data
** IN hSig - handle to body with signature
** Returns:
** hresult. no function-specific return values.
*/
HRESULT CSMime::HrDecodeClearSigned(DWORD dwFlags,
SMIMEINFO *const psi,
IMimeMessageTree *const pTree,
const HBODY hData,
const HBODY hSig,
HWND hwnd, IMimeSecurityCallback * pCallback)
{
HRESULT hr, hr_smime=S_OK;
IMimeBody *pData = NULL,
*pSig = NULL;
IStream *pstmSig,
*pstmMsg = NULL;
BODYOFFSETS boData;
LARGE_INTEGER liPos;
ULARGE_INTEGER uliToCopy;
CVirtualStream *pvstmDecoded = NULL;
CCAPIStm capistmMsg(NULL);
#ifdef DEBUG
BLOB blobMsg = {NULL,0};
#endif
CHECKHR(hr = pTree->BindToObject(hData, IID_IMimeBody, (void**)&pData));
CHECKHR(hr = pData->GetOffsets(&boData));
// BUG 38411: I need a clean pristine virginal-white stream
// so we have to go straight to the horse's smelly mouth.
CHECKHR(hr = pTree->GetMessageSource(&pstmMsg, 0));
#if defined(DEBUG) && !defined(MAC)
if (s_fDebugDumpWholeMsg) {
CHECKHR (hr = HrStreamToByte(pstmMsg, &blobMsg.pBlobData, &blobMsg.cbSize));
HrRewindStream(pstmMsg);
}
#endif
// Compute the portion we want of the mondo stream
liPos.HighPart = 0;
liPos.LowPart = boData.cbHeaderStart;
CHECKHR(hr = pstmMsg->Seek(liPos, STREAM_SEEK_SET, NULL));
hr = capistmMsg.HrInitialize(dwFlags, hwnd, FALSE, psi, CSTM_DETACHED, pCallback, NULL);
if (SUCCEEDED(hr)) {
IStream *pstmCapi;
capistmMsg.QueryInterface(IID_IStream, (void**)&pstmCapi);
// Get the signature data and feed it in
hr = pTree->BindToObject(hSig, IID_IMimeBody, (void**)&pSig);
if (SUCCEEDED(hr)) {
hr = pSig->GetDataHere(IET_BINARY, pstmCapi);
if (SUCCEEDED(hr)) {
hr = capistmMsg.EndStreaming();
}
}
uliToCopy.HighPart = 0;
uliToCopy.LowPart = boData.cbBodyEnd-boData.cbHeaderStart;
// Now feed in the actual data to hash
if (SUCCEEDED(hr)) {
hr = pstmMsg->CopyTo(pstmCapi, uliToCopy, NULL, NULL);
}
if (SUCCEEDED(hr)) {
hr = capistmMsg.EndStreaming();
}
if (SUCCEEDED(hr)) {
hr = CAPISTMtoSMIMEINFO(&capistmMsg, psi);
}
pstmCapi->Release();
}
exit:
ReleaseObj(pData);
ReleaseObj(pSig);
ReleaseObj(pstmMsg);
#ifdef DEBUG
if (blobMsg.pBlobData) {
MemFree(blobMsg.pBlobData);
}
#endif
if (S_OK != hr_smime && SUCCEEDED(hr)) {
hr = hr_smime;
}
return hr;
}
HRESULT CSMime::CAPISTMtoSMIMEINFO(CCAPIStm *pcapistm, SMIMEINFO *psi)
{
DWORD i;
PSECURITY_LAYER_DATA psldMessage = pcapistm->GetSecurityLayerData();
psi->dwMsgEnhancement = MST_NONE;
psi->ulMsgValidity = MSV_OK;
#ifdef DEBUG
{
DWORD dwLevel = 0;
PSECURITY_LAYER_DATA psldLoop;
psldLoop = psldMessage;
if (psldLoop) {
SMDOUT("Decode called on:");
}
else {
SMDOUT("Decode called but the message data is NULL.");
}
dwLevel = 0;
while (psldLoop) {
for (DWORD i = 0; i <= dwLevel; i++) {
DebugTrace(" ");
}
if (MST_BLOB_FLAG & psldLoop->m_dwMsgEnhancement) {
SMDOUT("CMSG_SIGNED");
}
else if ((MST_THIS_SIGN | MST_THIS_ENCRYPT) ==
((MST_THIS_SIGN | MST_THIS_ENCRYPT) & psldLoop->m_dwMsgEnhancement)) {
SMDOUT("CMSG_SIGNED_AND_ENVELOPED, uhoh.");
}
else if (MST_THIS_SIGN & psldLoop->m_dwMsgEnhancement) {
SMDOUT("clear signed mail");
}
else if (MST_THIS_ENCRYPT & psldLoop->m_dwMsgEnhancement) {
SMDOUT("CMSG_ENVELOPED");
}
dwLevel++;
psldLoop = psldLoop->m_psldInner;
}
}
#endif
if (psldMessage) {
PSECURITY_LAYER_DATA psldLoop;
Assert(0 == psi->dwMsgEnhancement);
Assert(0 == psi->ulMsgValidity);
Assert(NULL == psi->psldLayers);
Assert(NULL == psi->psldEncrypt);
Assert(NULL == psi->psldInner);
psi->psldLayers = psldMessage;
psi->psldLayers->AddRef();
for (psldLoop = psldMessage; psldLoop != NULL;
psldLoop = psldLoop->m_psldInner) {
psi->dwMsgEnhancement |= psldLoop->m_dwMsgEnhancement;
psi->fCertWithMsg |= psldLoop->m_fCertInLayer;
if (MST_THIS_SIGN & psldLoop->m_dwMsgEnhancement) {
for (i=0; i<psldLoop->m_cSigners; i++) {
psi->ulMsgValidity |= psldLoop->m_rgSigners[i].ulValidity;
}
}
//
// We need to get the inner most encryption item here.
//
if (MST_THIS_ENCRYPT & psldLoop->m_dwMsgEnhancement) {
psi->ulMsgValidity |= psldLoop->m_ulDecValidity;
// Keep track of the innermost encryption layer for easy access
psi->psldEncrypt = psldLoop;
}
if (! psldLoop->m_psldInner) {
psi->psldInner = psldLoop;
}
}
CCAPIStm::FreeSecurityLayerData(psldMessage);
}
// need to handle this stuff again
//hr = MIME_E_SECURITY_CANTDECRYPT;
//case CMSG_SIGNED_AND_ENVELOPED:
//case CMSG_DATA:
//default:
//hr = MIME_E_SECURITY_UNKMSGTYPE;
return S_OK;
}
///////////////////////////////////////////////////////////////////////////
//
// Crytographic transformations... functions that do the real work
//
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
//
// Signature verification and decryption
//
///////////////////////////////////////////////////////////////////////////
//
// Other function sets
//
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
//
// Other certificate routines
//
/* GetCertificateName:
**
** Purpose:
**
** Takes:
** IN pX509Cert - certificate from which to snarf name
** IN cn - style of name to return (SIMPLE|OID|X500)
** OUT ppszName - name gets stuffed here. Caller frees.
** Returns:
** hresult
*/
STDMETHODIMP CSMime::GetCertificateName(
const PCX509CERT pX509Cert,
const CERTNAMETYPE cn,
LPSTR * ppszName)
{
DWORD flag, cch;
HRESULT hr;
CHECKSMIMEINIT
if (!(pX509Cert && ppszName)) {
hr = TrapError(E_INVALIDARG);
goto exit;
}
// convert to CAPI flag
switch (cn) {
case SIMPLE:
flag = CERT_SIMPLE_NAME_STR;
break;
case OID:
flag = CERT_OID_NAME_STR;
break;
case X500:
flag = CERT_X500_NAME_STR;
break;
default:
hr = TrapError(E_INVALIDARG);
goto exit;
}
#define pCert ((PCCERT_CONTEXT)pX509Cert)
cch = CertNameToStr(pCert->dwCertEncodingType, &pCert->pCertInfo->Subject,
flag, NULL, 0);
CHECKHR(hr = HrAlloc((void**)ppszName, cch*sizeof(TCHAR)));
CertNameToStr(pCert->dwCertEncodingType, &pCert->pCertInfo->Subject,
flag|CERT_NAME_STR_SEMICOLON_FLAG, *ppszName, cch);
#undef pCert
exit:
return hr;
}
/* HrGetCertsFromThumbprints:
**
** Purpose:
** This version of the function opens the "My" and "AddressBook" stores
** and calls the exposed GetCertsFromThumbprints method.
**
*/
HRESULT CSMime::HrGetCertsFromThumbprints(
THUMBBLOB *const rgThumbprint,
X509CERTRESULT *const pResults)
{
HRESULT hr = E_FAIL;
const DWORD cStores = 2;
HCERTSTORE rgCertStore[cStores];
rgCertStore[0] = OpenCachedMyStore();
if (rgCertStore[0]) {
rgCertStore[1] = OpenCachedAddressBookStore();
if (rgCertStore[1]) {
hr = MimeOleGetCertsFromThumbprints(rgThumbprint, pResults, rgCertStore, cStores);
CertCloseStore(rgCertStore[1], 0);
}
else {
// No WAB store, so there are NO matching certs
CRDOUT("No thumbprints in WAB");
for (ULONG iEntry = 0; iEntry < pResults->cEntries; iEntry++) {
pResults->rgpCert[iEntry] = NULL;
pResults->rgcs[iEntry] = CERTIFICATE_NOPRINT;
}
hr = MIME_S_SECURITY_ERROROCCURED;
}
CertCloseStore(rgCertStore[0], 0);
}
return hr;
}
/* EnumCertificates:
**
** Purpose:
** enumerate certificates from a store
** Takes:
** IN hc - store to query
** IN dwUsage - ITT_* or 0
** maps to a CAPI dwKeyUsage (AT_*)
** IN pPrev - last certificate received from this function
** (NULL to get first cert)
** OUT pCert - certificate next in enumeration
** Notes:
** pPrev and pCert may reference the same variable
** dwUsage may be 0 if caller just wants to check for existance of any certs
** Returns:
** CRYPT_E_NOT_FOUND if no more certs
** S_FALSE if dwUsage is 0 and no certs exist
*/
STDMETHODIMP CSMime::EnumCertificates(
HCAPICERTSTORE hc,
DWORD dwUsage,
PCX509CERT pPrev,
PCX509CERT * ppCert)
{
HRESULT hr;
PCCERT_CONTEXT pNewCert = NULL;
CHECKSMIMEINIT
if (!(hc && (ppCert || !dwUsage))) {
hr = TrapError(E_INVALIDARG);
goto exit;
}
if (ITT_SIGNING == dwUsage || ITT_ENCRYPTION == dwUsage) {
dwUsage = AT_KEYEXCHANGE;
hr = HrFindUsableCert((HCERTSTORE)hc, (BYTE)dwUsage, (PCCERT_CONTEXT)pPrev, &pNewCert);
}
else if (0 == dwUsage) {
pNewCert = CertEnumCertificatesInStore(hc, NULL);
if (pNewCert) {
hr = S_OK;
FreeCert(pNewCert);
}
else {
hr = S_FALSE;
}
}
else {
hr = TrapError(E_INVALIDARG);
}
exit:
if (ppCert) {
*ppCert = (PCX509CERT)pNewCert;
}
return hr;
}
/* HrGetLastError
**
** Purpose:
** Convert a GetLastError value to an HRESULT
** A failure HRESULT must have the high bit set.
**
** Takes:
** none
**
** Returns:
** HRESULT
*/
HRESULT HrGetLastError(void)
{
DWORD error;
HRESULT hr;
error = GetLastError();
if (!(error & 0x80000000)) {
hr = error | 0x80070000; // system error
} else {
hr = (HRESULT)error;
}
return(hr);
}
/* HrFindUsableCert:
**
** Purpose:
** Get a cert out of a cert store that has the right keyspec
** Takes:
** IN hCertStore - store to enumerate
** IN dwKeySpec - AT_SIGNATURE or AT_KEYEXCHANGE
** IN pPrevCert - last certificate received from this function
** (NULL to get first cert)
** OUT ppCert - the matching cert, NULL iff none
** Returns:
** SMIME_E_NOCERT if no cert can be found
*/
HRESULT CSMime::HrFindUsableCert(
HCERTSTORE hCertStore,
BYTE dwKeySpec,
PCCERT_CONTEXT pPrevCert,
PCCERT_CONTEXT *ppCert)
{
PCCERT_CONTEXT pCert;
PCRYPT_KEY_PROV_INFO pKPI;
HRESULT hr = S_OK;
BOOL fFound = FALSE;
PCERT_NAME_INFO pNameInfo;
PCERT_RDN_ATTR pRDNAttr;
#ifdef DEBUG
DWORD count=0;
#endif
LPTSTR lpEmailAddress;
CHECKSMIMEINIT
Assert(hCertStore && ppCert);
Assert(AT_SIGNATURE == dwKeySpec || AT_KEYEXCHANGE == dwKeySpec);
*ppCert = NULL;
pKPI = NULL;
while (!fFound) {
pCert = CertEnumCertificatesInStore(hCertStore, pPrevCert);
if (pCert == NULL) { // no more certs?
break;
}
// Need to find the key provider
pKPI = (PCRYPT_KEY_PROV_INFO)PVGetCertificateParam(pCert, CERT_KEY_PROV_INFO_PROP_ID, NULL);
#ifdef DEBUG
count++;
// We want to be able to send broken mail so that the
// verify/decrypt fails.
if (s_fDebugEmitBroken) {
if (pKPI && pKPI->dwKeySpec != dwKeySpec) fFound = TRUE;
}
else {
if (pKPI && pKPI->dwKeySpec == dwKeySpec) fFound = TRUE;
}
#else
if (pKPI && pKPI->dwKeySpec == dwKeySpec) {
fFound = TRUE;
}
#endif
// Validate the email address
if (fFound && (lpEmailAddress = SzGetCertificateEmailAddress(pCert))) {
MemFree(lpEmailAddress);
}
else {
#ifdef DEBUG
{
SMDOUT("Certificate %d has no email address", count);
if (fFound && !s_fDebugAllowNoEmail) {
fFound = FALSE;
}
}
#else
fFound = FALSE;
#endif
}
if (pKPI) {
MemFree(pKPI);
pKPI = NULL;
}
pPrevCert = pCert; // next enumeration round
} // enum
if (pCert == NULL) {
CRDOUT("Couldn't find a signature cert having a key provider");
hr = HrGetLastError();
if (hr == CRYPT_E_NOT_FOUND) {
hr = S_FALSE;
}
else {
hr = MIME_E_SECURITY_NOCERT;
}
}
#ifdef DEBUG
else {
CRDOUT("Usable cert #%d found with keyspec==%d", count, dwKeySpec);
Assert(pCert);
if (s_fDebugShowFoundCert) {
DisplayCert(pCert);
}
}
#endif
*ppCert = pCert;
return TrapError(hr);
}
///////////////////////////////////////////////////////////////////////////
//
// Other functions
//
///////////////////////////////////////////////////////////////////////////
/* HrGetNeededAddresses:
**
** Purpose:
** get the maximum set of addresses needed for S/MIME to work
** Takes:
** IN dwTypes - class(es) of addresses to get
** IN pTree - source of addresses
** OUT ppEnum - enumerator for found addresses
*/
HRESULT CSMime::HrGetNeededAddresses(
const DWORD dwTypes,
IMimeMessageTree * pTree,
IMimeAddressTable ** ppAdrTable,
IMimeEnumAddressTypes **ppEnum)
{
HRESULT hr;
Assert(ppEnum && ppAdrTable && pTree);
if (SUCCEEDED(hr = pTree->BindToObject(HBODY_ROOT, IID_IMimeAddressTable, (void**)ppAdrTable))) {
hr = (*ppAdrTable)->EnumTypes(dwTypes,
IAP_HANDLE | IAP_ADRTYPE | IAP_SIGNING_PRINT | IAP_ENCRYPTION_PRINT | IAP_CERTSTATE, ppEnum);
}
return hr;
}
/* HrGetThumbprints:
**
** Purpose:
**
** Takes:
** IN pEnum - enumerator walked for source addresses
** IN dwType - which SECURE-type certs are needed
** OUT rgThumbprint - array of found thumbprints
** Returns:
** S_OK, unless a GetProp call fails
** E_FAIL if the loop doesn't run for Count times
*/
HRESULT CSMime::HrGetThumbprints(
IMimeEnumAddressTypes * pEnum,
const ITHUMBPRINTTYPE ittType,
THUMBBLOB *const rgThumbprint)
{
HRESULT hr = S_OK;
ADDRESSPROPS apEntry;
const ULONG numToGet = 1;
ULONG cPrints = 0;
Assert(pEnum && rgThumbprint);
Assert((ITT_SIGNING == ittType) || (ITT_ENCRYPTION == ittType));
Assert(!IsBadWritePtr(rgThumbprint, sizeof(THUMBBLOB)*cPrints));
pEnum->Reset();
while(S_OK == pEnum->Next(numToGet, &apEntry, NULL)) {
// if the print isn't found, we deal with that elsewhere
if (ITT_SIGNING == ittType) {
Assert((apEntry.tbSigning.pBlobData && apEntry.tbSigning.cbSize) ||
(!apEntry.tbSigning.pBlobData && !apEntry.tbSigning.cbSize));
if (apEntry.tbSigning.cbSize) {
// we need to null out the thumbprint flag so print doesn't get
// freed below
rgThumbprint[cPrints].pBlobData = apEntry.tbSigning.pBlobData;
rgThumbprint[cPrints].cbSize = apEntry.tbSigning.cbSize;
apEntry.dwProps &= ~IAP_SIGNING_PRINT;
}
}
else {
Assert(ITT_ENCRYPTION == ittType);
Assert((apEntry.tbEncryption.pBlobData && apEntry.tbEncryption.cbSize) ||
(!apEntry.tbEncryption.pBlobData && !apEntry.tbEncryption.cbSize));
if (apEntry.tbEncryption.cbSize) {
// we need to null out the thumbprint flag so print doesn't get
// freed below
rgThumbprint[cPrints].pBlobData = apEntry.tbEncryption.pBlobData;
rgThumbprint[cPrints].cbSize = apEntry.tbEncryption.cbSize;
apEntry.dwProps &= ~IAP_ENCRYPTION_PRINT;
}
}
cPrints++;
g_pMoleAlloc->FreeAddressProps(&apEntry);
}
return hr;
}
/* HrGetCertificates:
**
** Purpose:
** Get certificates based from thumbprints, then update the address
** table based on the return of that operation
** Takes:
** IN pEnum - enumerator that provides the thumbprints
** IN dwType - which certs are needed
** IN fAlreadyHaveSendersCert - if the sender's cert is already found
** OUT pResults - get an array of certs and the assoc certstates
** pResults->cEntries has the size measured in entries
** Returns:
** SMIME_E_CERTERROR if not all certs were retrieved
*/
HRESULT CSMime::HrGetCertificates(
IMimeAddressTable *const pAdrTable,
IMimeEnumAddressTypes * pEnum,
const DWORD dwType,
const BOOL fAlreadyHaveSendersCert,
CERTARRAY * pcaCerts)
{
HRESULT hr;
THUMBBLOB * rgThumbprint;
ULONG cCerts;
X509CERTRESULT certResults;
Assert(pAdrTable && pEnum && pcaCerts);
pcaCerts->rgpCerts = NULL;
pcaCerts->cCerts = 0;
pEnum->Count(&cCerts);
if (! cCerts) {
return MIME_S_SECURITY_NOOP;
}
if (! MemAlloc((void**)&rgThumbprint, sizeof(THUMBBLOB)*cCerts)) {
return E_OUTOFMEMORY;
}
memset(rgThumbprint, 0, sizeof(THUMBBLOB)*cCerts);
if (! MemAlloc((void**)&certResults.rgpCert, sizeof(PCX509CERT)*cCerts)) {
return E_OUTOFMEMORY;
}
memset(certResults.rgpCert, 0, sizeof(PCX509CERT)*cCerts);
if (! MemAlloc((void**)&certResults.rgcs, sizeof(CERTSTATE)*cCerts)) {
return E_OUTOFMEMORY;
}
memset(certResults.rgcs, 0, sizeof(CERTSTATE)*cCerts);
certResults.cEntries = cCerts;
HrGetThumbprints(pEnum, dwType, rgThumbprint);
hr = HrGetCertsFromThumbprints(rgThumbprint, &certResults);
if (SUCCEEDED(hr)) {
hr = HrGenerateCertsStatus(&certResults, pAdrTable, pEnum, fAlreadyHaveSendersCert);
if (SUCCEEDED(hr)) {
pcaCerts->cCerts = certResults.cEntries;
pcaCerts->rgpCerts = (PCCERT_CONTEXT*)certResults.rgpCert;
}
}
if (FAILED(hr)) {
_FreeCertArray((PCCERT_CONTEXT *)certResults.rgpCert, certResults.cEntries);
}
MemFree(certResults.rgcs);
if (rgThumbprint) {
for (DWORD i = 0; i < cCerts; i++) {
if (rgThumbprint[i].pBlobData) {
MemFree(rgThumbprint[i].pBlobData);
}
}
MemFree(rgThumbprint);
}
return hr;
}
/* HrGenerateCertsStatus:
**
** Purpose:
** No assumptions about the rghr in pResults, this function scans the
** HRESULTs and sets the CERTSTATEs in pAdrTable (1:1 mapping) accordingly
** Takes:
** IN pResults - results to use for CERTSTATEs
** IN pAdrTable - address table to set states on
** IN pEnum - list of address handles
** Returns:
**
*/
HRESULT CSMime::HrGenerateCertsStatus(
X509CERTRESULT * pResults,
IMimeAddressTable *const pAdrTable,
IMimeEnumAddressTypes *const pEnum,
const BOOL fIgnoreSenderError)
{
ADDRESSPROPS apEntry;
ADDRESSPROPS apModify;
UINT i;
const ULONG numToGet = 1;
DWORD dexBogus = (DWORD)-1;
HRESULT hr = S_OK;
// Walk the entire Enumerator
i=0;
pEnum->Reset();
apModify.dwProps = IAP_CERTSTATE;
while(S_OK == pEnum->Next(numToGet, &apEntry, NULL)) {
Assert(apEntry.hAddress);
apModify.certstate = pResults->rgcs[i];
// Why was this added, you ask?
// if the client has set OID_SECURITY_CERT_INCLUDED then
// we need to not return spurious errors about the sender's
// certificate. if we didn't find it but were given it
// elsewhere, say things are cool.
// make sure to run through the whole array because the
// error MIME_S_SECURITY_CERTERROR is the most important
// since the sender cert one is really just a warning.
if (CERTIFICATE_OK != apModify.certstate) {
if (FMissingCert(apModify.certstate)) {
if (apEntry.dwAdrType == IAT_FROM) {
if (fIgnoreSenderError) {
apModify.certstate = CERTIFICATE_OK;
}
else {
// since this can be ignored with fIgnoreSenderError
// it should never override another warning
if (S_OK == hr) {
hr = MIME_S_SECURITY_NOSENDERCERT;
}
}
dexBogus = i;
}
else {
hr = MIME_S_SECURITY_NOCERT;
}
}
else {
hr = MIME_S_SECURITY_CERTERROR;
}
}
SideAssert(SUCCEEDED(pAdrTable->SetProps(apEntry.hAddress, &apModify)));
g_pMoleAlloc->FreeAddressProps(&apEntry);
i++;
}
if (i == pResults->cEntries) { // success
if ((DWORD)-1 != dexBogus) {
// we found the sender and the cert for this entry is NULL.
// CAPI doesn't like null certificates, so replace it
if (dexBogus != pResults->cEntries-1) {
// don't need to dupe b/c the end will no
// longer be included in the count
pResults->rgpCert[dexBogus] = pResults->rgpCert[pResults->cEntries-1];
}
--pResults->cEntries;
}
}
else {
hr = E_FAIL;
}
return hr;
}
///////////////////////////////////////////////////////////////////////////
//
// CAPI wrappers
//
/* GetCertData:
**
** Returns:
** MIME_E_NOT_FOUND if the data is not in the cert
**
** Note:
** Currently only supports CDID_EMAIL
*/
STDMETHODIMP CSMime::GetCertData(
const PCX509CERT pX509Cert,
const CERTDATAID dataid,
LPPROPVARIANT pValue)
{
#define pCert ((PCCERT_CONTEXT)pX509Cert)
PCERT_NAME_INFO pNameInfo = NULL;
PCERT_RDN_ATTR pRDNAttr;
HRESULT hr = MIME_E_NOT_FOUND;
LPSTR szOID;
CHECKSMIMEINIT
if (!(pX509Cert && pCert->pCertInfo) || dataid >= CDID_MAX) {
return TrapError(E_INVALIDARG);
}
switch (dataid) {
case CDID_EMAIL:
// Let msoert handle this request
if (pValue->pszVal = SzGetCertificateEmailAddress(pCert)) {
pValue->vt = VT_LPSTR;
hr = S_OK;
}
break;
// if you add any cases, rewrite the findRDN code below
// I assume IA5 and PhilH's NULL's at the end, leaving me
// a very clean copy
default:
hr = E_INVALIDARG;
goto exit;
}
exit:
return TrapError(hr);
#undef pCert
}
///////////////////////////////////////////////////////////////////////////
//
// Static functions
//
///////////////////////////////////////////////////////////////////////////
/***************************************************************************
Name : _HrConvertHrFromGetCertToEncode
Purpose :
Parameters: hr = input HRESULT
fEncrypt = TRUE if we are encrypting
Returns : HRESULT
Comment :
***************************************************************************/
HRESULT _HrConvertHrFromGetCertToEncode(HRESULT hr, const BOOL fEncrypt)
{
if (MIME_S_SECURITY_NOSENDERCERT == hr)
if (fEncrypt) {
hr = MIME_E_SECURITY_ENCRYPTNOSENDERCERT;
}
else {
hr = MIME_E_SECURITY_NOSIGNINGCERT;
}
else if (MIME_S_SECURITY_CERTERROR == hr) {
hr = MIME_E_SECURITY_CERTERROR;
}
else if (MIME_S_SECURITY_NOCERT == hr) {
hr = MIME_E_SECURITY_NOCERT;
}
return hr;
}
/***************************************************************************
Name : _FreeCertArray
Purpose : Free an array of certs
Parameters: rgpCert = array of cert pointers
cCerts = number of certs in rgpCert
Returns : void
Comment :
***************************************************************************/
void _FreeCertArray(PCCERT_CONTEXT *rgpCert, const UINT cCerts)
{
if (rgpCert) {
for (register DWORD i = 0; i < cCerts; i++) {
ReleaseCert(rgpCert[i]);
}
Assert(ALLOCED(rgpCert));
MemFree(rgpCert);
}
}
#ifdef DEBUG
///////////////////////////////////////////////////////////////////////////
//
// Debugging functions
//
///////////////////////////////////////////////////////////////////////////
/***************************************************************************
Name : DumpAlgorithms
Purpose : Debug dump of algorithms
Parameters: void
Returns : void
Comment :
***************************************************************************/
void CSMime::DumpAlgorithms()
{
DWORD dwAlgCount;
char *ptr = NULL;
DWORD i;
ALG_ID aiAlgid;
DWORD dwBits;
DWORD dwNameLen;
char szName[100];
BYTE pbData[1000];
DWORD dwDataLen;
DWORD dwFlags;
CHAR *pszAlgType = NULL;
HCRYPTPROV hProv;
CryptAcquireContext(&hProv, NULL, NULL, 5, 0);
Assert(hProv);
for(i=0; ;i++) {
if (0==i) {
dwFlags = CRYPT_FIRST;
}
else {
dwFlags = 0;
}
dwDataLen = 1000;
if(!CryptGetProvParam(hProv, PP_ENUMALGS, pbData, &dwDataLen, 0)) {
if (ERROR_NO_MORE_ITEMS == GetLastError()) {
break;
}
else {
Assert(0);
}
}
ptr = (char *)pbData;
aiAlgid = *(ALG_ID *)ptr;
ptr += sizeof(ALG_ID);
dwBits = *(DWORD *)ptr;
ptr += sizeof(DWORD);
dwNameLen = *(DWORD *)ptr;
ptr += sizeof(DWORD);
StrCpyN(szName, ptr, (int)(min(dwNameLen, ARRAYSIZE(szName))));
switch(GET_ALG_CLASS(aiAlgid)) {
case ALG_CLASS_DATA_ENCRYPT:
pszAlgType = "Encrypt ";
break;
case ALG_CLASS_HASH:
pszAlgType = "Hash ";
break;
case ALG_CLASS_KEY_EXCHANGE:
pszAlgType = "Exchange ";
break;
case ALG_CLASS_SIGNATURE:
pszAlgType = "Signature";
break;
default:
pszAlgType = "Unknown ";
}
DOUTL(CRYPT_LEVEL, "Algid:%8.8xh, Bits:%-4d, Type:%s, NameLen:%-2d, Name:%s\n",
aiAlgid, dwBits, pszAlgType, dwNameLen, szName);
}
CryptReleaseContext(hProv, 0);
return;
}
#endif // debug
BOOL FSameAgreeParameters(CMS_RECIPIENT_INFO * pRecipInfo1,
CMS_RECIPIENT_INFO * pRecipInfo2)
{
if (pRecipInfo1->dwU1 != pRecipInfo2->dwU1) return FALSE;
if (pRecipInfo1->dwU1 == CMS_RECIPIENT_INFO_PUBKEY_EPHEMERAL_KEYAGREE) {
if ((lstrcmp(pRecipInfo1->u1.u3.EphemeralAlgorithm.pszObjId,
pRecipInfo2->u1.u3.EphemeralAlgorithm.pszObjId) != 0) ||
(pRecipInfo1->u1.u3.EphemeralAlgorithm.Parameters.cbData !=
pRecipInfo2->u1.u3.EphemeralAlgorithm.Parameters.cbData) ||
(memcmp(pRecipInfo1->u1.u3.EphemeralAlgorithm.Parameters.pbData,
pRecipInfo2->u1.u3.EphemeralAlgorithm.Parameters.pbData,
pRecipInfo1->u1.u3.EphemeralAlgorithm.Parameters.cbData) != 0)){
return FALSE;
}
if ((pRecipInfo1->u1.u3.UserKeyingMaterial.cbData !=
pRecipInfo2->u1.u3.UserKeyingMaterial.cbData) ||
(memcmp(pRecipInfo1->u1.u3.UserKeyingMaterial.pbData,
pRecipInfo2->u1.u3.UserKeyingMaterial.pbData,
pRecipInfo1->u1.u3.UserKeyingMaterial.cbData) != 0)) {
return FALSE;
}
}
else if (pRecipInfo1->dwU1 == CMS_RECIPIENT_INFO_PUBKEY_STATIC_KEYAGREE) {
//
// We don't bother checking the sender cert id. I don't know of
// any reason why the same key would be encoded with different
// identifiers (issuer and serial vs subject key id)
//
if (pRecipInfo1->u1.u4.hprov != pRecipInfo2->u1.u4.hprov) return FALSE;
if (pRecipInfo1->u1.u4.dwKeySpec != pRecipInfo2->u1.u4.dwKeySpec) {
return FALSE;
}
if ((pRecipInfo1->u1.u3.UserKeyingMaterial.cbData !=
pRecipInfo2->u1.u3.UserKeyingMaterial.cbData) ||
(memcmp(pRecipInfo1->u1.u3.UserKeyingMaterial.pbData,
pRecipInfo2->u1.u3.UserKeyingMaterial.pbData,
pRecipInfo1->u1.u3.UserKeyingMaterial.cbData) != 0)) {
return FALSE;
}
}
else return FALSE;
return TRUE;
}
HRESULT ConvertEncryptionLayer(IMimeBody * pBody, IMimeSecurity2 * psm, SMIMEINFO * psi)
{
DWORD cAgree;
DWORD cRecipients;
HRESULT hr;
DWORD i;
DWORD i2;
DWORD iAgree;
DWORD iRecip;
CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO * pAgree = NULL;
CRYPT_ATTRIBUTE * pattr = NULL;
CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO * pMailList = NULL;
PSECURITY_LAYER_DATA psld = NULL;
CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO * pTrans = NULL;
CMS_RECIPIENT_INFO * rgRecipInfo = NULL;
PROPVARIANT var;
PropVariantInit(&var);
//
// Create a layer to hold the encryption information
//
if (! (psld = new CSECURITY_LAYER_DATA)) {
hr = E_OUTOFMEMORY;
goto exit;
}
// Link together the different layers
if (psi->psldLayers == NULL) {
psi->psldLayers = psld;
}
psld->m_psldOuter = psi->psldInner;
if (psld->m_psldOuter != NULL) {
psld->m_psldOuter->m_psldInner = psld;
}
psi->psldInner = psld;
//
// Encryption layers must be blobed -- so or it in.
//
psi->dwMsgEnhancement |= MST_BLOB_FLAG;
psld->m_dwMsgEnhancement = psi->dwMsgEnhancement &
(MST_ENCRYPT_MASK | MST_BLOB_FLAG);
//
// The encryption algorithm may not be encoded the way we need it
// to be. The call will re-encode correctly for CMS.
//
// If we are encrypting, it is an error to not have an encryption
// algorithm.
//
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_ALG_BULK, &var)) &&
(0 != var.blob.cbSize)) {
Assert(VT_BLOB == var.vt);
hr = HrBuildContentEncryptionAlg(psld, &var.blob);
if (hr != S_OK) {
Assert(FALSE);
// goto exit;
}
}
else {
hr = E_INVALIDARG;
goto exit;
}
//
// The call may have provided a specific certificate to be used
// in decrypting the message. This functionality is now obsolete but
// still supported. If no certificate is provided then we will search
// for a valid decryption key.
//
PropVariantClear(&var);
#ifdef _WIN64
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_CERT_DECRYPTION_64, &var)) &&
(NULL != (PCCERT_CONTEXT *) var.pulVal))
{
Assert(VT_UI8 == var.vt);
// don't need to dupe the cert, been done in GetOption
psld->m_pccertDecrypt = (PCCERT_CONTEXT) var.pulVal;
#else // !_WIN64
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_CERT_DECRYPTION, &var)) &&
(NULL != (PCCERT_CONTEXT *) var.ulVal))
{
Assert(VT_UI4 == var.vt);
// don't need to dupe the cert, been done in GetOption
psld->m_pccertDecrypt = (PCCERT_CONTEXT) var.ulVal;
#endif // _WIN64
// Included a cert in this layer
psld->m_fCertInLayer = TRUE;
}
//
// Allocate the space to hold the Encryption structures we are going
// to pass into the CMS structures.
//
CHECKHR(hr = psm->GetRecipientCount(0, &cRecipients));
if (cRecipients == 0) {
hr = MIME_E_SECURITY_ENCRYPTNOSENDERCERT;
goto exit;
}
if (!MemAlloc((LPVOID *) &psld->m_rgRecipientInfo,
cRecipients * sizeof(CMSG_RECIPIENT_ENCODE_INFO))) {
hr = E_OUTOFMEMORY;
goto exit;
}
memset(psld->m_rgRecipientInfo, 0,
cRecipients*sizeof(CMSG_RECIPIENT_ENCODE_INFO));
//
// Allocate the space to hold the values we currently are holding
//
if (!MemAlloc((LPVOID *) &rgRecipInfo,
cRecipients * sizeof(rgRecipInfo[0]))) {
hr = E_OUTOFMEMORY;
goto exit;
}
memset(rgRecipInfo, 0, cRecipients*sizeof(rgRecipInfo[0]));
CHECKHR(hr = psm->GetRecipient(0, 0, cRecipients, rgRecipInfo));
//
// Walk through and process all of the recipients by copying data
// from the current structure into the CMS version of the structure.
//
// Note that we do no free any of the data allocated in the GetRecipient
// call. The data will be freed as part of freeing the CMS data
// structure instead. Ownership of all data is transfered.
//
for (i=0, iRecip = 0; i<cRecipients; i++) {
switch (rgRecipInfo[i].dwRecipientType) {
//
// If this is set then we must have already processed this item
//
case CMS_RECIPIENT_INFO_TYPE_UNKNOWN:
break;
//
// Key Transport items copy over one-for-one.
//
case CMS_RECIPIENT_INFO_TYPE_KEYTRANS:
// try and allocate the object to hold the data.
if (!MemAlloc((LPVOID *) &pTrans, sizeof (*pTrans))) {
hr = E_OUTOFMEMORY;
goto exit;
}
memset(pTrans, 0, sizeof(*pTrans));
//
// Copy the data over from the old to the new structure.
// Ownership of all data is transfered here.
//
pTrans->cbSize = sizeof(*pTrans);
pTrans->KeyEncryptionAlgorithm = rgRecipInfo[i].KeyEncryptionAlgorithm;
pTrans->pvKeyEncryptionAuxInfo = rgRecipInfo[i].pvKeyEncryptionAuxInfo;
Assert(rgRecipInfo[i].dwU1 == CMS_RECIPIENT_INFO_PUBKEY_KEYTRANS);
pTrans->RecipientPublicKey = rgRecipInfo[i].u1.SubjectPublicKey;
Assert((rgRecipInfo[i].dwU3 == CMS_RECIPIENT_INFO_KEYID_KEY_ID) ||
(rgRecipInfo[i].dwU3 == CMS_RECIPIENT_INFO_KEYID_ISSUERSERIAL));
if (rgRecipInfo[i].dwU3 == CMS_RECIPIENT_INFO_KEYID_KEY_ID) {
pTrans->RecipientId.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
pTrans->RecipientId.KeyId = rgRecipInfo[i].u3.KeyId;
}
else if (rgRecipInfo[i].dwU3 == CMS_RECIPIENT_INFO_KEYID_ISSUERSERIAL) {
pTrans->RecipientId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
pTrans->RecipientId.IssuerSerialNumber = rgRecipInfo[i].u3.IssuerSerial;
}
else {
hr = E_INVALIDARG;
goto exit;
}
//
// The copy has been sucessful so point to the new data.
//
psld->m_rgRecipientInfo[iRecip].dwRecipientChoice = CMSG_KEY_TRANS_RECIPIENT;
psld->m_rgRecipientInfo[iRecip].pKeyTrans = pTrans;
pTrans = NULL;
iRecip += 1;
if(rgRecipInfo[i].pccert)
CertFreeCertificateContext(rgRecipInfo[i].pccert);
break;
//
// Mail List items can also just be copied over from the source
// to the destination structures
//
case CMS_RECIPIENT_INFO_TYPE_MAIL_LIST:
// Allocate the CMS structure to hold this data
if (!MemAlloc((LPVOID *) &pMailList, sizeof(*pMailList))) {
hr = E_OUTOFMEMORY;
goto exit;
}
memset(pMailList, 0, sizeof(*pMailList));
//
// Copy the data over from the old to the new structure.
// Ownership of all data is transfered here.
//
pMailList->cbSize = sizeof(*pMailList);
pMailList->KeyEncryptionAlgorithm = rgRecipInfo[i].KeyEncryptionAlgorithm;
pMailList->pvKeyEncryptionAuxInfo = rgRecipInfo[i].pvKeyEncryptionAuxInfo;
Assert(rgRecipInfo[i].dwU1 == CMS_RECIPIENT_INFO_PUBKEY_PROVIDER);
pMailList->hCryptProv = rgRecipInfo[i].u1.u2.hprov;
pMailList->dwKeyChoice = CMSG_MAIL_LIST_HANDLE_KEY_CHOICE;
pMailList->hKeyEncryptionKey = rgRecipInfo[i].u1.u2.hkey;
Assert(rgRecipInfo[i].dwU3 == CMS_RECIPIENT_INFO_KEYID_KEY_ID);
pMailList->KeyId = rgRecipInfo[i].u3.KeyId;
pMailList->Date = rgRecipInfo[i].filetime;
pMailList->pOtherAttr = rgRecipInfo[i].pOtherAttr;
//
// Copy is successful so point to the data
//
psld->m_rgRecipientInfo[iRecip].dwRecipientChoice = CMSG_MAIL_LIST_RECIPIENT;
psld->m_rgRecipientInfo[iRecip].pMailList = pMailList;
iRecip += 1;
pMailList = NULL;
break;
//
// We need to do some magic with key agree structures.
// Specifically we want to do the following:
// - Combine together all key agrees with the same parameters
// into a single record to pass into the CMS code.
// -
case CMS_RECIPIENT_INFO_TYPE_KEYAGREE:
// allocate the CMS structure to hold this data
if (!MemAlloc((LPVOID *) &pAgree, sizeof(*pAgree))) {
hr = E_OUTOFMEMORY;
goto exit;
}
memset(pAgree, 0, sizeof(*pAgree));
//
// Start by setting up the common parameters used by all of the
// recipients in the common key set.
// Setup the key agreement parameters for encoding and
// so forth.
pAgree->cbSize = sizeof(*pAgree);
// Key Encryption Algorithm -
pAgree->KeyEncryptionAlgorithm = rgRecipInfo[i].KeyEncryptionAlgorithm;
pAgree->pvKeyEncryptionAuxInfo = rgRecipInfo[i].pvKeyEncryptionAuxInfo;
// Key Wrap Algorithm - Derive from the content algorithm
// if not already known.
if (rgRecipInfo[i].KeyWrapAlgorithm.pszObjId != NULL) {
pAgree->KeyWrapAlgorithm = rgRecipInfo[i].KeyWrapAlgorithm;
pAgree->pvKeyWrapAuxInfo = rgRecipInfo[i].pvKeyWrapAuxInfo;
}
else {
hr = HrDeriveKeyWrapAlg(psld, pAgree);
if (FAILED(hr)) {
goto exit;
}
}
// Items which are specificly located accroding to static or
// ephemeral key agreement.
if (rgRecipInfo[i].dwU1 == CMS_RECIPIENT_INFO_PUBKEY_EPHEMERAL_KEYAGREE) {
pAgree->UserKeyingMaterial = rgRecipInfo[i].u1.u3.UserKeyingMaterial;
if (!MemAlloc((LPVOID *) &pAgree->pEphemeralAlgorithm,
sizeof(CRYPT_ALGORITHM_IDENTIFIER))) {
hr = E_OUTOFMEMORY;
goto exit;
}
memset(pAgree->pEphemeralAlgorithm, 0,
sizeof(CRYPT_ALGORITHM_IDENTIFIER));
pAgree->dwKeyChoice = CMSG_KEY_AGREE_EPHEMERAL_KEY_CHOICE;
memcpy(pAgree->pEphemeralAlgorithm,
&rgRecipInfo[i].u1.u3.EphemeralAlgorithm,
sizeof(CRYPT_ALGORITHM_IDENTIFIER));
}
else {
Assert(rgRecipInfo[i].dwU1 == CMS_RECIPIENT_INFO_PUBKEY_STATIC_KEYAGREE);
pAgree->dwKeyChoice = CMSG_KEY_AGREE_STATIC_KEY_CHOICE;
pAgree->UserKeyingMaterial = rgRecipInfo[i].u1.u4.UserKeyingMaterial;
if (!MemAlloc((LPVOID *) &pAgree->pSenderId, sizeof(CERT_ID))) {
hr = E_OUTOFMEMORY;
goto exit;
}
memcpy(pAgree->pSenderId, &rgRecipInfo[i].u1.u4.senderCertId,
sizeof(CERT_ID));
pAgree->hCryptProv = rgRecipInfo[i].u1.u4.hprov;
pAgree->dwKeySpec = rgRecipInfo[i].u1.u4.dwKeySpec;
}
//
// We need to count of common items
//
for (i2=i+1, cAgree = 1; i2<cRecipients; i2++) {
cAgree += FSameAgreeParameters(&rgRecipInfo[i],
&rgRecipInfo[i2]);
}
//
//
//
// Allocate space to hold the set of common key agree recipients
//
if (!MemAlloc((LPVOID *) &pAgree->rgpRecipientEncryptedKeys,
cAgree * sizeof(LPVOID))) {
hr = E_OUTOFMEMORY;
goto exit;
}
pAgree->cRecipientEncryptedKeys = cAgree;
memset(pAgree->rgpRecipientEncryptedKeys, 0, cAgree * sizeof(LPVOID));
for (i2=i, iAgree = 0; i2<cRecipients; i2++) {
if ((i2 != i) && !FSameAgreeParameters(&rgRecipInfo[i],
&rgRecipInfo[i2])) {
continue;
}
if (!MemAlloc((LPVOID *) &pAgree->rgpRecipientEncryptedKeys[iAgree],
sizeof(CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO))) {
hr = E_OUTOFMEMORY;
goto exit;
}
memset(pAgree->rgpRecipientEncryptedKeys[iAgree], 0,
sizeof(CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO));
pAgree->rgpRecipientEncryptedKeys[iAgree]->cbSize = sizeof(CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO);
//
// Get the recipients Public Key value
//
if (rgRecipInfo[i2].dwU1 == CMS_RECIPIENT_INFO_PUBKEY_EPHEMERAL_KEYAGREE) {
pAgree->rgpRecipientEncryptedKeys[iAgree]->RecipientPublicKey = rgRecipInfo[i2].u1.u3.SubjectPublicKey;
}
else {
Assert(rgRecipInfo[i2].dwU1 == CMS_RECIPIENT_INFO_PUBKEY_STATIC_KEYAGREE);
pAgree->rgpRecipientEncryptedKeys[iAgree]->RecipientPublicKey = rgRecipInfo[i2].u1.u4.SubjectPublicKey;
}
//
// Get the recipients certificate ID
//
Assert((rgRecipInfo[i2].dwU3 == CMS_RECIPIENT_INFO_KEYID_KEY_ID) ||
(rgRecipInfo[i2].dwU3 == CMS_RECIPIENT_INFO_KEYID_ISSUERSERIAL));
if (rgRecipInfo[i2].dwU3 == CMS_RECIPIENT_INFO_KEYID_KEY_ID) {
pAgree->rgpRecipientEncryptedKeys[iAgree]->RecipientId.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
pAgree->rgpRecipientEncryptedKeys[iAgree]->RecipientId.KeyId = rgRecipInfo[i2].u3.KeyId;
pAgree->rgpRecipientEncryptedKeys[iAgree]->Date = rgRecipInfo[i2].filetime;
pAgree->rgpRecipientEncryptedKeys[iAgree]->pOtherAttr = rgRecipInfo[i2].pOtherAttr;
}
else if (rgRecipInfo[i2].dwU3 == CMS_RECIPIENT_INFO_KEYID_ISSUERSERIAL) {
pAgree->rgpRecipientEncryptedKeys[iAgree]->RecipientId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
pAgree->rgpRecipientEncryptedKeys[iAgree]->RecipientId.IssuerSerialNumber = rgRecipInfo[i2].u3.IssuerSerial;
}
else {
hr = E_INVALIDARG;
goto exit;
}
//
// Zero the data so it does not freed twice. (pointers are now
// in the CMS structure)
//
if (i != i2) {
memset(&rgRecipInfo[i2], 0, sizeof(rgRecipInfo[i2]));
}
iAgree += 1;
}
Assert(iAgree == cAgree);
//
// The copy has been successfully completed. We now move
// the data (and ownership) into new structure.
//
psld->m_rgRecipientInfo[iRecip].dwRecipientChoice = CMSG_KEY_AGREE_RECIPIENT;
psld->m_rgRecipientInfo[iRecip].pKeyAgree = pAgree;
iRecip += 1;
pAgree = NULL;
break;
}
//
// Zero the data so it does not freed twice. (pointers are now
// in the CMS structure)
//
memset(&rgRecipInfo[i], 0, sizeof(rgRecipInfo[i]));
}
psld->m_cEncryptItems = iRecip;
PropVariantClear(&var);
#ifndef _WIN64
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_HCRYPTPROV, &var)))
{
psi->hProv = (HCRYPTPROV) var.ulVal;
}
#else // _WIN64
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_HCRYPTPROV_64, &var)))
{
psi->hProv = (HCRYPTPROV) var.pulVal;
}
#endif // _WIN64
//
// Pickup the set of encryption certificate bag
//
PropVariantClear(&var);
#ifdef _WIN64
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_ENCRYPT_CERT_BAG_64, &var))) {
psld->m_hstoreEncrypt = (HCERTSTORE) var.pulVal;
#else
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_ENCRYPT_CERT_BAG, &var))) {
psld->m_hstoreEncrypt = (HCERTSTORE) var.ulVal;
#endif // _WIN64
}
//
// Pick up the unprotected attributes
//
if (g_FSupportV3) {
hr = psm->GetAttribute(0, 0, SMIME_ATTRIBUTE_SET_UNPROTECTED, 0, NULL,
&pattr);
if (FAILED(hr)) {
goto exit;
}
else if (hr == S_OK) {
Assert(pattr != NULL);
CHECKHR(hr = HrCopyCryptDataBlob(&pattr->rgValue[0],
&psld->m_blobUnprotectAttrs));
}
}
hr = S_OK;
exit:
PropVariantClear(&var);
if (rgRecipInfo != NULL) {
for (i=0; i<cRecipients; i++) {
FreeRecipientInfoContent(&rgRecipInfo[i]);
}
SafeMemFree(rgRecipInfo);
}
SafeMemFree(pTrans);
SafeMemFree(pMailList);
if (pAgree != NULL) {
for (i=0; pAgree->cRecipientEncryptedKeys; i++) {
SafeMemFree(pAgree->rgpRecipientEncryptedKeys[i]);
}
SafeMemFree(pAgree->pEphemeralAlgorithm);
SafeMemFree(pAgree->pSenderId);
SafeMemFree(pAgree->rgpRecipientEncryptedKeys);
SafeMemFree(pAgree);
}
SafeMemFree(pattr);
return hr;
}
/***************************************************************************
Name : OptionsToSMIMEINFO
Purpose : Fill the SMIMEINFO from the body properties
Parameters: fEncode = TRUE if encoding
pBody -> Body object
psi -> target SMIMEINFO
Returns : HRESULT
Comment :
***************************************************************************/
HRESULT CSMime::OptionsToSMIMEINFO(
BOOL fEncode,
IMimeMessageTree *const pmm,
IMimeBody * pBody,
SMIMEINFO * psi)
{
CRYPT_ATTRIBUTE attr;
DWORD cb;
DWORD cAgree;
ULONG cCertBag = 0;
DWORD dwSecurity;
FILETIME ftSignTime;
HCERTSTORE hCertStore = NULL;
HRESULT hr = S_OK;
ULONG i;
DWORD i2;
DWORD iAgree;
ULONG iLayer;
DWORD iSigner;
PSECURITY_LAYER_DATA psld = NULL, psldTemp;
BYTE rgb[50];
PCCERT_CONTEXT * rgpccCertSigning = NULL;
PCCERT_CONTEXT * rgpcCertBag = NULL;
PROPVARIANT * rgpvAlgHash = NULL;
PROPVARIANT * rgpvAuthAttr = NULL;
PROPVARIANT * rgpvUnauthAttr = NULL;
IMimeSecurity2 * psm = NULL;
ULONG ulLayers = 0;
CRYPT_ATTR_BLOB valTime;
PROPVARIANT var;
Assert(pBody && psi);
//
// Pick up the security interface on the body. It makes life easier
//
hr = pBody->QueryInterface(IID_IMimeSecurity2, (LPVOID *) &psm);
if (FAILED(hr)) {
goto exit;
}
//
// If we are going to encode the body, then see if the content type is
// "OID/xxx". In this case we encode the body specially and we need to
// get the size of the inner blob.
//
if (fEncode) {
// Must determine the body type to see if it needs special processing
if (pBody->IsContentType("OID", NULL) == S_OK) {
PROPVARIANT var;
var.vt = VT_LPSTR;
if (FAILED(pBody->GetProp(STR_ATT_SUBTYPE, 0, &var))) {
return TrapError(E_FAIL);
}
if (strcmp(var.pszVal, szOID_RSA_data) != 0) {
psi->pszInnerContent = var.pszVal;
if (FAILED(pBody->GetEstimatedSize(IET_BINARY, &psi->cbInnerContent))) {
return TrapError(E_FAIL);
}
}
}
}
if (FAILED(pBody->GetOption(OID_SECURITY_KEY_PROMPT, &var))) {
return TrapError(E_FAIL);
}
Assert(VT_LPWSTR == var.vt);
if (var.pwszVal != NULL) {
psi->pwszKeyPrompt = PszDupW(var.pwszVal);
if (psi->pwszKeyPrompt == NULL) {
return TrapError(E_OUTOFMEMORY);
}
}
//
// Get the security to be applied and put it into the security info layer
// structure
//
if (FAILED(pBody->GetOption(OID_SECURITY_TYPE, &var))) {
return TrapError(E_FAIL);
}
Assert(VT_UI4 == var.vt);
psi->dwMsgEnhancement = var.ulVal;
//
// Start doing the setup for encode operations.
//
if (fEncode) {
//
// We must be doing some type of encoding operation, or we should fail.
//
if (MST_NONE == var.ulVal) {
hr = TrapError(MIME_S_SECURITY_NOOP);
goto exit;
}
else if (!(MST_THIS_MASK & var.ulVal)) {
hr = TrapError(MIME_S_SECURITY_RECURSEONLY);
goto exit;
}
else if (MST_CLASS_SMIME_V1 != (var.ulVal & MST_CLASS_MASK)) {
hr = TrapError(MIME_E_SECURITY_CLASSNOTSUPPORTED);
goto exit;
}
//
// If we are doing multiple layers of encrption, then we require that
// the inner level be blobed and not clear.
//
if ((psi->pszInnerContent != NULL) && !(var.ulVal & MST_BLOB_FLAG)) {
hr = TrapError(E_INVALIDARG);
goto exit;
}
//
// Are we encrypting
//
if (psi->dwMsgEnhancement & MST_ENCRYPT_MASK) {
hr = ConvertEncryptionLayer(pBody, psm, psi);
if (FAILED(hr)) {
goto exit;
}
}
//
// Are we signing?
//
if (psi->dwMsgEnhancement & MST_SIGN_MASK) {
//
// Force in a a signing time
//
GetSystemTimeAsFileTime(&ftSignTime);
cb = sizeof(rgb);
if (CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CHOICE_OF_TIME,
&ftSignTime, 0, NULL, rgb, &cb)) {
attr.pszObjId = szOID_RSA_signingTime;
attr.cValue = 1;
attr.rgValue = &valTime;
valTime.pbData = rgb;
valTime.cbData = cb;
hr = psm->SetAttribute(SMIME_ATTR_ADD_IF_NOT_EXISTS,
(DWORD) -1, SMIME_ATTRIBUTE_SET_SIGNED,
&attr);
if (FAILED(hr)) {
goto exit;
}
}
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_SIGNATURE_COUNT, &var))) {
Assert(VT_UI4 == var.vt);
ulLayers = var.ulVal;
}
#ifdef _WIN64
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_CERT_SIGNING_RG_64, &var))) {
Assert((VT_VECTOR | VT_UI8) == var.vt);
Assert(var.cauh.cElems == ulLayers);
rgpccCertSigning = (PCCERT_CONTEXT *) (var.cauh.pElems);
}
// These next two are optional
// Furthermore, if we get the first, we don't check the second. BJK - Huh?
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_HCERTSTORE_64, &var)))
{
Assert(VT_UI8 == var.vt);
hCertStore = (HCERTSTORE) var.pulVal;
#else
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_CERT_SIGNING_RG, &var))) {
Assert((VT_VECTOR | VT_UI4) == var.vt);
Assert(var.caul.cElems == ulLayers);
rgpccCertSigning = (PCCERT_CONTEXT *)var.caul.pElems;
}
// These next two are optional
// Furthermore, if we get the first, we don't check the second. BJK - Huh?
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_HCERTSTORE, &var)))
{
Assert(VT_UI4 == var.vt);
hCertStore = (HCERTSTORE) var.ulVal;
#endif //_WIN64
}
// NOTE: OID_SECURITY_RG_CERT_BAG is not a per-layer array! It
// is an array of all the certs for the entire message.
#ifndef _WIN64
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_RG_CERT_BAG, &var))) {
Assert((VT_VECTOR | VT_UI4) == var.vt);
cCertBag = var.caul.cElems;
rgpcCertBag = (PCCERT_CONTEXT*)var.caul.pElems;
#else
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_RG_CERT_BAG_64, &var))) {
Assert((VT_VECTOR | VT_UI8) == var.vt);
cCertBag = var.cauh.cElems;
rgpcCertBag = (PCCERT_CONTEXT*)(var.cauh.pElems);
#endif //_WIN64
}
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_ALG_HASH_RG, &var))) {
Assert((VT_VECTOR | VT_VARIANT) == var.vt);
Assert(var.capropvar.cElems == ulLayers);
rgpvAlgHash = var.capropvar.pElems;
}
// Grab the unauthenicated attributes
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_UNAUTHATTR_RG, &var))) {
Assert((VT_VECTOR | VT_VARIANT) == var.vt);
Assert(var.capropvar.cElems == ulLayers);
rgpvUnauthAttr = var.capropvar.pElems;
}
// Grab the initial authenicated attributes
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_AUTHATTR_RG, &var))) {
Assert((VT_VECTOR | VT_VARIANT) == var.vt);
Assert(var.capropvar.cElems == ulLayers);
rgpvAuthAttr = var.capropvar.pElems;
}
// Create a layer to hold the signing information
if (! (psld = new CSECURITY_LAYER_DATA)) {
hr = E_OUTOFMEMORY;
goto exit;
}
// Link together the different layers
if (psi->psldLayers == NULL) {
psi->psldLayers = psld;
}
psld->m_psldOuter = psi->psldInner;
if (psld->m_psldOuter != NULL) {
psld->m_psldOuter->m_psldInner = psld;
}
psi->psldInner = psld;
//
psld->m_dwMsgEnhancement = psi->dwMsgEnhancement &
(MST_SIGN_MASK | MST_BLOB_FLAG);
// Fill in the signing information
if (!MemAlloc((LPVOID *) &psld->m_rgSigners,
sizeof(SignerData)*ulLayers)) {
hr = E_OUTOFMEMORY;
goto exit;
}
memset(psld->m_rgSigners, 0, sizeof(SignerData)*ulLayers);
psld->m_cSigners = ulLayers;
for (iSigner=0; iSigner < ulLayers; iSigner++) {
psld->m_rgSigners[iSigner].pccert = DupCert(rgpccCertSigning[iSigner]);
HrCopyBlob(&rgpvAlgHash[iSigner].blob,
&psld->m_rgSigners[iSigner].blobHashAlg);
HrCopyBlob(&rgpvUnauthAttr[iSigner].blob,
&psld->m_rgSigners[iSigner].blobUnauth);
HrCopyBlob(&rgpvAuthAttr[iSigner].blob,
&psld->m_rgSigners[iSigner].blobAuth);
}
#ifdef _WIN64
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_HCERTSTORE_64, &var)))
{
// Don't addref as we are just giving it to the sld object
psld->m_hcertstor = (HCERTSTORE) var.pulVal;
#else
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_HCERTSTORE, &var)))
{
// Don't addref as we are just giving it to the sld object
psld->m_hcertstor = (HCERTSTORE) var.ulVal;
#endif // _WIN64
}
}
//
// read these for both signing and encryption
//
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_REQUESTED_CTE, &var))) {
Assert(VT_I4 == var.vt);
psi->ietRequested = ENCODINGTYPE(var.lVal);
}
else {
psi->ietRequested = ENCODINGTYPE(-1);
}
}
//
// read these for both encoding and decoding
//
if (SUCCEEDED(pBody->GetOption(OID_SECURITY_SEARCHSTORES, &var)) &&
#ifdef _WIN64
(NULL != var.cauh.pElems)
#else
(NULL != var.caul.pElems)
#endif // _WIN64
) {
#ifdef _WIN64
CAUH& caul = var.cauh; // On Win64, it's really a cauh
#else
CAUL& caul = var.caul;
#endif // _WIN64
psi->rgStores = (HCERTSTORE*)g_pMoleAlloc->Alloc(caul.cElems * sizeof(HCERTSTORE));
if (psi->rgStores) {
for (DWORD i = 0; i < caul.cElems; i++) {
// Shouldn't have to duplicate since we're not freeing them here
#ifdef _WIN64
psi->rgStores[i] = (HCERTSTORE)caul.pElems[i].QuadPart;
#else
psi->rgStores[i] = (HCERTSTORE)caul.pElems[i];
#endif // _WIN64
}
psi->cStores = caul.cElems;
}
SafeMemFree(caul.pElems);
}
else {
// if we were given no stores, open "My"
psi->rgStores = (HCERTSTORE*)g_pMoleAlloc->Alloc(sizeof(HCERTSTORE));
if (psi->rgStores) {
psi->rgStores[0] = OpenCachedMyStore();
if (psi->rgStores[0]) {
psi->cStores = 1;
} else {
g_pMoleAlloc->Free(psi->rgStores);
}
}
}
exit:
#ifdef SMIME_V3
if (psm != NULL) psm->Release();
#endif // SMIME_V3
#ifndef SMIME_V3
SafeMemFree(rgftSigningTime);
#endif // SMIME_V3
if (rgpccCertSigning) {
for (iLayer = 0; iLayer < ulLayers; iLayer++) {
if (rgpccCertSigning[iLayer]) {
CertFreeCertificateContext(rgpccCertSigning[iLayer]);
}
}
}
SafeMemFree(rgpccCertSigning);
if (hCertStore) {
CertCloseStore(hCertStore, 0);
}
if (rgpcCertBag) {
// NOTE: rgpcCertBag isn't indexed by layer!
for (i = 0; i < cCertBag; i++) {
if (rgpcCertBag[i]) {
CertFreeCertificateContext(rgpcCertBag[i]);
}
}
}
SafeMemFree(rgpcCertBag);
if (rgpvAlgHash) {
for (iLayer = 0; iLayer < ulLayers; iLayer++) {
SafeMemFree(rgpvAlgHash[iLayer].blob.pBlobData);
}
}
SafeMemFree(rgpvAlgHash);
if (rgpvUnauthAttr) {
for (iLayer = 0; iLayer < ulLayers; iLayer++) {
SafeMemFree(rgpvUnauthAttr[iLayer].blob.pBlobData);
}
}
SafeMemFree(rgpvUnauthAttr);
if (rgpvAuthAttr) {
for (iLayer = 0; iLayer < ulLayers; iLayer++) {
SafeMemFree(rgpvAuthAttr[iLayer].blob.pBlobData);
}
}
SafeMemFree(rgpvAuthAttr);
#ifndef SMIME_V3
if (rgpvSymcaps) {
for (iLayer = 0; iLayer < ulLayers; iLayer++) {
SafeMemFree(rgpvSymcaps[iLayer].blob.pBlobData);
}
}
SafeMemFree(rgpvSymcaps);
#endif // !SMIME_V3
return(hr);
}
/***************************************************************************
Name : SMIMEINFOToOptions
Purpose : set the body properties based on contents of the SMIMEINFO
Parameters: psi -> source SMIMEINFO
pBody -> target body object
Returns : void
Comment :
***************************************************************************/
HRESULT CSMime::SMIMEINFOToOptions(
IMimeMessageTree * const pTree,
const SMIMEINFO * psi,
HBODY hBody)
{
DWORD dwSecurityType = 0;
HBODY hBody2;
HRESULT hr;
ULONG iLayer;
PCRYPT_ATTRIBUTES pattrsUnprot = NULL;
CMessageBody * pPrivBody = NULL;
PSECURITY_LAYER_DATA psldLoop;
IMimeSecurity2 * psm = NULL;
PROPVARIANT var;
#ifdef _WIN64
UNALIGNED CRYPT_ATTR_BLOB *pVal = NULL;
#endif
Assert(psi && hBody);
CHECKHR(hr = pTree->BindToObject(hBody, IID_CMessageBody, (void**)&pPrivBody));
Assert(pPrivBody);
pPrivBody->GetOption(OID_SECURITY_CERT_INCLUDED, &var);
Assert(VT_BOOL == var.vt);
if (!var.boolVal && psi->fCertWithMsg) {
var.boolVal = (VARIANT_BOOL) !!psi->fCertWithMsg;
pPrivBody->InternalSetOption(OID_SECURITY_CERT_INCLUDED, &var,
TRUE, TRUE);
}
pPrivBody->GetOption(OID_SECURITY_TYPE, &var);
dwSecurityType = var.ulVal;
// We could have been passed something like ROOT, move to a real handle
pPrivBody->GetHandle(&hBody2);
for (iLayer = 0, psldLoop = psi->psldLayers; psldLoop != NULL;
psldLoop = psldLoop->m_psldInner, iLayer++) {
// The rule here is: Always insert a new layer UNLESS:
// 1. this is an encrpytion layer and
// 2. the previous layer was a signing layer
if ((dwSecurityType != 0) &&
(!(dwSecurityType & MST_THIS_ENCRYPT) ||
!(psldLoop->m_dwMsgEnhancement & MST_THIS_SIGN))) {
/* ((dwSecurityType & MST_THIS_SIGN_ENCRYPT) != MST_THIS_SIGN) &&
((psldLoop->m_dwMsgEnhancement & MST_THIS_SIGN_ENCRYPT) != MST_THIS_ENCRYPT)) {
*/
if (psm != NULL) {
psm->Release();
psm = NULL;
}
pPrivBody->Release();
CHECKHR(hr = pTree->ToMultipart(hBody2, "y-security", NULL));
CHECKHR(hr = pTree->BindToObject(hBody2, IID_CMessageBody,
(void**)&pPrivBody));
}
// This must be after the above check for inserting a layer
dwSecurityType |= psldLoop->m_dwMsgEnhancement | MST_CLASS_SMIME_V1;
if (MST_SIGN_MASK & psldLoop->m_dwMsgEnhancement) {
DWORD cSigners = psldLoop->m_cSigners;
DWORD iSigner;
SignerData * pSigner;
// Allocate enough space in the option arrays for this layer
// OID_SECURITY_TYPE_RG // DWORD
// OID_SECURITY_ALG_HASH_RG // BLOB
// OID_SECURITY_CERT_SIGNING_RG // DWORD
// OID_SECURITY_HCERTSTORE_RG // DWORD
// OID_SECURITY_SYMCAPS_RG // BLOB
// OID_SECURITY_AUTHATTR_RG // BLOB
// OID_SECURITY_UNAUTHATTR_RG // BLOB
// OID_SECURITY_SIGNTIME_RG // FILETIME
// OID_SECURITY_USER_VALIDITY_RG // DWORD
// OID_SECURITY_RO_MSG_VALIDITY_RG // DWORD
#ifdef _WIN64
ULONG cbrgullCertSigning = cSigners * sizeof(ULONGLONG);
ULONGLONG * rgullCertSigning;
#else // !_WIN64
ULONG cbrgdwCertSigning = cSigners * sizeof(DWORD);
DWORD * rgdwCertSigning;
#endif // _WIN64
ULONG cbrgdwUserValidity = cSigners * sizeof(DWORD);
ULONG cbrgdwROMsgValidity = cSigners * sizeof(DWORD);
ULONG cbrgftSigntime = cSigners * sizeof(FILETIME);
ULONG cbrgpvAlgHash = cSigners * sizeof(PROPVARIANT);
ULONG cbrgpvSymcaps = cSigners * sizeof(PROPVARIANT);
ULONG cbrgpvAuthattr = cSigners * sizeof(PROPVARIANT);
ULONG cbrgpvUnauthattr = cSigners * sizeof(PROPVARIANT);
#ifdef SMIME_V3
ULONG cbrgpvReceipt = cSigners * sizeof(PROPVARIANT);
ULONG cbrgpvHash = cSigners * sizeof(PROPVARIANT);
#endif // SMIME_V3
#ifdef _WIN64
ULONG cbArrays = cbrgullCertSigning +
#else
ULONG cbArrays = cbrgdwCertSigning +
#endif
cbrgdwUserValidity + cbrgdwROMsgValidity +
cbrgftSigntime + cbrgpvAlgHash + cbrgpvSymcaps + cbrgpvAuthattr +
#ifdef SMIME_V3
cbrgpvReceipt + cbrgpvHash +
#endif // SMIME_V3
cbrgpvUnauthattr;
LPBYTE lpbArrays = NULL;
LPDWORD rgdwUserValidity;
LPDWORD rgdwROMsgValidity;
FILETIME * rgftSigntime;
PROPVARIANT * rgpvAlgHash;
PROPVARIANT * rgpvSymcaps;
PROPVARIANT * rgpvAuthattr;
PROPVARIANT * rgpvUnauthattr;
#ifdef SMIME_V3
PROPVARIANT * rgpvReceipt;
PROPVARIANT * rgpvHash;
#endif // SMIME_V3
// Allocate them all at once.
if (! MemAlloc((LPVOID *)&lpbArrays, cbArrays)) {
return E_OUTOFMEMORY;
}
ZeroMemory(lpbArrays, cbArrays);
// Set up the pointers
#ifdef _WIN64
rgullCertSigning = (ULONGLONG *) lpbArrays;
rgdwUserValidity = (LPDWORD)((LPBYTE)rgullCertSigning + cbrgullCertSigning);
#else // !_WIN64
rgdwCertSigning = (DWORD *) lpbArrays;
rgdwUserValidity = (LPDWORD)((LPBYTE)rgdwCertSigning + cbrgdwCertSigning);
#endif // _WIN64
rgdwROMsgValidity = (LPDWORD)((LPBYTE)rgdwUserValidity + cbrgdwUserValidity);
rgftSigntime = (FILETIME *)((LPBYTE)rgdwROMsgValidity + cbrgdwROMsgValidity);
rgpvAlgHash = (PROPVARIANT *)((LPBYTE)rgftSigntime + cbrgftSigntime);
rgpvSymcaps = (PROPVARIANT *)((LPBYTE)rgpvAlgHash + cbrgpvAlgHash);
rgpvAuthattr = (PROPVARIANT *)((LPBYTE)rgpvSymcaps + cbrgpvSymcaps);
rgpvUnauthattr = (PROPVARIANT *)((LPBYTE)rgpvAuthattr + cbrgpvAuthattr);
#ifdef SMIME_V3
rgpvReceipt = (PROPVARIANT *)((LPBYTE)rgpvUnauthattr + cbrgpvUnauthattr);
rgpvHash = (PROPVARIANT *)((LPBYTE)rgpvReceipt + cbrgpvReceipt);
#endif // SMIME_V3
for (iSigner=0, pSigner = psldLoop->m_rgSigners; iSigner<cSigners;
iSigner++, pSigner++) {
#ifdef _WIN64
rgullCertSigning[iSigner] = (ULONGLONG) pSigner->pccert;
#else // !_WIN64
rgdwCertSigning[iSigner] = (DWORD) pSigner->pccert;
#endif // _WIN64
if (pSigner->blobHashAlg.cbSize) {
rgpvAlgHash[iSigner].vt = VT_BLOB;
rgpvAlgHash[iSigner].blob.cbSize = pSigner->blobHashAlg.cbSize;
// Don't need to duplicate
rgpvAlgHash[iSigner].blob.pBlobData = pSigner->blobHashAlg.pBlobData;
}
if (pSigner->blobAuth.cbSize) {
rgpvAuthattr[iSigner].vt = VT_BLOB;
rgpvAuthattr[iSigner].blob.cbSize = pSigner->blobAuth.cbSize;
// Don't need to duplicate
rgpvAuthattr[iSigner].blob.pBlobData = pSigner->blobAuth.pBlobData;
// We want to break out two values from the authenticated blobs and put
// them into someplace easy to access
DWORD cbData = 0;
BOOL f;
DWORD i;
PCRYPT_ATTRIBUTES pattrs = NULL;
if ((! HrDecodeObject(pSigner->blobAuth.pBlobData,
pSigner->blobAuth.cbSize,
szOID_Microsoft_Attribute_Sequence, 0, &cbData,
(LPVOID *)&pattrs)) && pattrs) {
FILETIME * pSigningTime = NULL;
Assert(pattrs);
for (i = 0; i < pattrs->cAttr; i++) {
Assert(pattrs->rgAttr[i].cValue == 1);
if (lstrcmp(pattrs->rgAttr[i].pszObjId, szOID_RSA_signingTime) == 0) {
#ifndef _WIN64
if ((! HrDecodeObject(pattrs->rgAttr[i].rgValue[0].pbData,
pattrs->rgAttr[i].rgValue[0].cbData,
X509_CHOICE_OF_TIME, 0, &cbData, (LPVOID *)&pSigningTime)) && pSigningTime)
#else // _WIN64
pVal = &(pattrs->rgAttr[i].rgValue[0]);
if ((! HrDecodeObject(pVal->pbData,
pVal->cbData,
X509_CHOICE_OF_TIME, 0, &cbData, (LPVOID *)&pSigningTime)) && pSigningTime)
#endif //_WIN64
{
Assert(cbData == sizeof(FILETIME));
memcpy(&rgftSigntime[iSigner], pSigningTime, sizeof(FILETIME));
SafeMemFree(pSigningTime);
}
}
else if (lstrcmp(pattrs->rgAttr[i].pszObjId, szOID_RSA_SMIMECapabilities) == 0) {
rgpvSymcaps[iSigner].vt = VT_BLOB;
#ifndef _WIN64
rgpvSymcaps[iSigner].blob.cbSize = pattrs->rgAttr[i].rgValue[0].cbData;
// Duplicate the blob data since the MemFree(pattrs) will nuke this pointer.
rgpvSymcaps[iSigner].blob.pBlobData =
DuplicateMemory(pattrs->rgAttr[i].rgValue[0].pbData, rgpvSymcaps[iSigner].blob.cbSize);
#else // _WIN64
pVal = &(pattrs->rgAttr[i].rgValue[0]);
rgpvSymcaps[iSigner].blob.cbSize = pVal->cbData;
// Duplicate the blob data since the MemFree(pattrs) will nuke this pointer.
rgpvSymcaps[iSigner].blob.pBlobData =
DuplicateMemory(pVal->pbData, rgpvSymcaps[iSigner].blob.cbSize);
#endif //_WIN64
}
}
MemFree(pattrs);
}
}
if (pSigner->blobUnauth.cbSize) {
rgpvUnauthattr[iSigner].vt = VT_BLOB;
rgpvUnauthattr[iSigner].blob.cbSize = pSigner->blobUnauth.cbSize;
// Don't need to duplicate
rgpvUnauthattr[iSigner].blob.pBlobData = pSigner->blobUnauth.pBlobData;
}
#ifdef SMIME_V3
if (pSigner->blobReceipt.cbSize) {
rgpvReceipt[iSigner].vt = VT_BLOB;
rgpvReceipt[iSigner].blob.cbSize = pSigner->blobReceipt.cbSize;
// Don't need to duplicate
rgpvReceipt[iSigner].blob.pBlobData = pSigner->blobReceipt.pBlobData;
dwSecurityType |= MST_RECEIPT_REQUEST;
}
if (pSigner->blobHash.cbSize) {
rgpvHash[iSigner].vt = VT_BLOB;
rgpvHash[iSigner].blob.cbSize = pSigner->blobHash.cbSize;
// Don't need to duplicate
rgpvHash[iSigner].blob.pBlobData = pSigner->blobHash.pBlobData;
}
#endif // SMIME_V3
// Signature validity
rgdwROMsgValidity[iSigner] = pSigner->ulValidity;
}
#ifdef SMIME_V3
var.vt = VT_VECTOR | VT_VARIANT;
var.capropvar.pElems = rgpvReceipt;
var.capropvar.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_RECEIPT_RG, &var, TRUE, TRUE);
var.vt = VT_VECTOR | VT_VARIANT;
var.capropvar.pElems = rgpvHash;
var.capropvar.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_MESSAGE_HASH_RG, &var, TRUE, TRUE);
#endif // SMIME_V3
// Set the array options
#ifdef _WIN64
var.vt = VT_VECTOR | VT_UI8;
var.cauh.pElems = (ULARGE_INTEGER *)(rgullCertSigning);
var.cauh.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_CERT_SIGNING_RG_64, &var, TRUE, TRUE);
#else
var.vt = VT_VECTOR | VT_UI4;
var.caul.pElems = rgdwCertSigning;
var.caul.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_CERT_SIGNING_RG, &var, TRUE, TRUE);
#endif // _WIN64
var.vt = VT_VECTOR | VT_UI4;
var.caul.pElems = rgdwUserValidity;
var.caul.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_USER_VALIDITY_RG, &var, TRUE, TRUE);
var.vt = VT_VECTOR | VT_UI4;
var.caul.pElems = rgdwROMsgValidity;
var.caul.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_RO_MSG_VALIDITY_RG, &var, TRUE, TRUE);
var.vt = VT_VECTOR | VT_FILETIME;
var.cafiletime.pElems = rgftSigntime;
var.cafiletime.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_SIGNTIME_RG, &var, TRUE, TRUE);
var.vt = VT_VECTOR | VT_VARIANT;
var.capropvar.pElems = rgpvAlgHash;
var.capropvar.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_ALG_HASH_RG, &var, TRUE, TRUE);
var.vt = VT_VECTOR | VT_VARIANT;
var.capropvar.pElems = rgpvSymcaps;
var.capropvar.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_SYMCAPS_RG, &var, TRUE, TRUE);
var.vt = VT_VECTOR | VT_VARIANT;
var.capropvar.pElems = rgpvAuthattr;
var.capropvar.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_AUTHATTR_RG, &var, TRUE, TRUE);
var.vt = VT_VECTOR | VT_VARIANT;
var.capropvar.pElems = rgpvUnauthattr;
var.capropvar.cElems = cSigners;
pPrivBody->InternalSetOption(OID_SECURITY_UNAUTHATTR_RG, &var, TRUE, TRUE);
// clean up the duplicated rgpvSymcaps
if (rgpvSymcaps) {
for (iSigner = 0; iSigner < cSigners; iSigner++) {
SafeMemFree(rgpvSymcaps[iSigner].blob.pBlobData);
}
}
// Free the arrays
SafeMemFree(lpbArrays);
}
if (MST_THIS_ENCRYPT & psldLoop->m_dwMsgEnhancement) {
Assert(psldLoop->m_pccertDecrypt != NULL);
if (psldLoop->m_pccertDecrypt != NULL) {
#ifdef _WIN64
var.vt = VT_UI8;
var.pulVal = (ULONG *) (psldLoop->m_pccertDecrypt);
pPrivBody->InternalSetOption(OID_SECURITY_CERT_DECRYPTION_64, &var,
TRUE, TRUE);
#else // !_WIN64
var.vt = VT_UI4;
var.ulVal = (ULONG) psldLoop->m_pccertDecrypt;
pPrivBody->InternalSetOption(OID_SECURITY_CERT_DECRYPTION, &var,
TRUE, TRUE);
#endif // _WIN64
}
//N TODO: convert oids to symcaps
//BruceK: Why? Does this make sense on an encrypted layer? Maybe Erik is
// suggesting that we put can gather a little bit of information about
// the sender's capabilities from the encryption method he used. At any
// rate, it isn't nearly as important as the signed message case.
Assert(psldLoop->m_blobDecAlg.cbSize != 0);
if (psldLoop->m_blobDecAlg.cbSize) {
var.vt = VT_BLOB;
var.blob.cbSize = psldLoop->m_blobDecAlg.cbSize;
var.blob.pBlobData = psldLoop->m_blobDecAlg.pBlobData;
pPrivBody->InternalSetOption(OID_SECURITY_ALG_BULK, &var,
TRUE, TRUE);
}
if (g_FSupportV3 && (psldLoop->m_blobUnprotectAttrs.cbData > 0)) {
DWORD iAttr;
DWORD cbData = 0;
if (psm == NULL) {
CHECKHR(hr = pPrivBody->QueryInterface(IID_IMimeSecurity2, (LPVOID *) &psm));
}
CHECKHR(hr = HrDecodeObject(psldLoop->m_blobUnprotectAttrs.pbData,
psldLoop->m_blobUnprotectAttrs.cbData,
szOID_Microsoft_Attribute_Sequence, 0,
&cbData, (LPVOID *) &pattrsUnprot));
for (iAttr = 0; iAttr < pattrsUnprot->cAttr; iAttr++) {
CHECKHR(hr = psm->SetAttribute(0, 0, SMIME_ATTRIBUTE_SET_UNPROTECTED,
&pattrsUnprot->rgAttr[iAttr]));
}
}
}
var.vt = VT_UI4;
var.ulVal = dwSecurityType;
pPrivBody->InternalSetOption(OID_SECURITY_TYPE, &var, TRUE, TRUE);
// M00BUG -- must deal with two?
#ifdef _WIN64
if (psldLoop->m_hcertstor != NULL) {
var.vt = VT_UI8;
var.pulVal = (ULONG *) (psldLoop->m_hcertstor);
pPrivBody->InternalSetOption(OID_SECURITY_HCERTSTORE_64, &var, TRUE, TRUE);
}
#else
if (psldLoop->m_hcertstor != NULL)
{
var.vt = VT_UI4;
var.ulVal = (ULONG)psldLoop->m_hcertstor;
pPrivBody->InternalSetOption(OID_SECURITY_HCERTSTORE, &var, TRUE, TRUE);
}
#endif // _WIN64
}
hr = S_OK;
exit:
if (psm != NULL) psm->Release();
SafeMemFree(pattrsUnprot);
if (pPrivBody != NULL) pPrivBody->Release();
return hr;
}
/***************************************************************************
Name : MergeSMIMEINFO
Purpose :
Parameters: psiOuter -> Object to be merged into
psiInner -> Object to merge from
Returns : HRESULT of errors
Comment :
***************************************************************************/
HRESULT CSMime::MergeSMIMEINFO(SMIMEINFO *psiOuter, SMIMEINFO * psiInner)
{
PSECURITY_LAYER_DATA psld;
psiOuter->fCertWithMsg |= psiInner->fCertWithMsg;
// Just stick the inner data at the inner most point in the outer data
// and the clear out the inner data structure.
if (psiInner->psldLayers != NULL) {
for (psld = psiOuter->psldLayers; psld->m_psldInner != NULL;
psld = psld->m_psldInner);
psld->m_psldInner = psiInner->psldLayers;
psiInner->psldLayers = NULL;
}
return S_OK;
}
/***************************************************************************
Name : FreeSMIMEINFO
Purpose : Free and Release the memory and objects stored in the
SMIMEINFO.
Parameters: psi -> SMIMEINFO
Returns : none
Comment :
***************************************************************************/
void CSMime::FreeSMIMEINFO(SMIMEINFO *psi)
{
register DWORD i;
if (psi->psldLayers) {
psi->psldLayers->Release();
}
for (i = 0; i < psi->cStores; i++) {
CertCloseStore(psi->rgStores[i], 0);
}
if (psi->rgStores) {
g_pMoleAlloc->Free(psi->rgStores);
}
if (psi->hProv) {
CryptReleaseContext(psi->hProv, 0);
}
#ifdef SMIME_V3
MemFree(psi->pszInnerContent);
SafeMemFree(psi->pwszKeyPrompt);
#endif // SMIME_V3
return;
}
#ifdef KILL_THIS
/***************************************************************************
Name : MergeSMIMEINFOs
Purpose : Merge two SMIMEINFO structures into one
Parameters: psiOuter -> Source structure
psiInner -> Destination structure
Returns : void
Comment :
***************************************************************************/
void CSMime::MergeSMIMEINFOs(const SMIMEINFO *const psiOuter, SMIMEINFO *const psiInner)
{
PSECURITY_LAYER_DATA psldLoopOuter;
PSECURITY_LAYER_DATA psldLoopInner;
psiInner->fCertWithMsg |= psiOuter->fCertWithMsg;
Assert(0 == (psiOuter->ulMsgValidity & psiInner->ulMsgValidity));
psiInner->ulMsgValidity |= psiOuter->ulMsgValidity;
if (psiOuter->dwMsgEnhancement & MST_SIGN_MASK) {
// Duplicate the stores
if (psiOuter->cStores) {
psiInner->rgStores = (HCERTSTORE*)
g_pMoleAlloc->Alloc(psiOuter->cStores * sizeof(HCERTSTORE));
if (psiOuter->rgStores) {
for (DWORD i = 0; i < psiOuter->cStores; i++) {
psiInner->rgStores[i] = CertDuplicateStore(psiOuter->rgStores[i]);
}
psiInner->cStores = psiOuter->cStores;
}
}
}
psiInner->dwMsgEnhancement |= psiOuter->dwMsgEnhancement;
// Before I link in this new list, I'd like to do some error checking. In particular, I
// want to aviod loops and duplicates in my linked list.
psldLoopOuter = psiOuter->psldLayers;
while (psldLoopOuter) {
psldLoopInner = psiInner->psldLayers;
while (psldLoopInner) {
if (psldLoopInner == psldLoopOuter) {
AssertSz(FALSE, "MergeSMIMEINFOs found duplicate layer data");
// OK, we'll just ignore the outer layer data.
goto exit;
}
psldLoopInner = psldLoopInner->m_psldInner;
}
psldLoopOuter = psldLoopOuter->m_psldInner;
}
// Insert the outer layer data list at the head of the inner list.
psldLoopInner = psiInner->psldLayers;
psldLoopOuter = psiOuter->psldLayers;
psiInner->psldLayers = psldLoopOuter;
if (psldLoopOuter) {
// We've linked it into another SMIMEINFO, AddRef.
psldLoopOuter->AddRef();
// Walk the Outer list to find the end.
while (psldLoopOuter) {
if (! psldLoopOuter->m_psldInner) {
// Found end of list. Tack on original inner list here.
psldLoopOuter->m_psldInner = psldLoopInner;
// Hook up the Outer link
Assert(! psldLoopInner->m_psldOuter);
psldLoopInner->m_psldOuter = psldLoopOuter;
break;
}
psldLoopOuter = psldLoopOuter->m_psldInner;
}
}
// Make sure we bring the encryption layer with us.
if (psiOuter->psldEncrypt) {
Assert(! psiInner->psldEncrypt);
if (! psiInner->psldEncrypt) {
psiInner->psldEncrypt = psiOuter->psldEncrypt;
}
}
// Update the inner layer pointer (in case there was none before)
if (! psiInner->psldInner) {
psiInner->psldInner = psiOuter->psldInner;
}
psiInner->ulLayers += psiOuter->ulLayers;
exit:
return;
}
#endif // KILL_THIS?
#ifndef SMIME_V3
// Bitfield for dw below
#define CAA_SIGNING_TIME 1
#define CAA_SMIME_CAPABILITIES 2
#define CAA_ALL (CAA_SIGNING_TIME | CAA_SMIME_CAPABILITIES)
/***************************************************************************
Name : ConstructAuthAttributes
Purpose : crack open the authenticated attributes blobs and check
if there is a signing time specified. If not, we must
add one. Ditto with the S/Mime Capabilities.
Parameters: pblEncoded -> return blob of encoded Authenticated Attributes
pblAuthAttr -> authenticated attribute blob
data pointer may be replaced
pftSigntime -> signing time
pblSymcaps -> symcaps blob
Returns : HRESULT
Comment : The caller should be careful not to cache the
data pointer within the authenticated attributes blob since
it may be freed in here and replaced with a different one.
***************************************************************************/
static HRESULT ConstructAuthAttributes(BLOB * pblEncoded, BLOB * pblAuthAttr, FILETIME * pftSigntime, BLOB * pblSymcaps)
{
HRESULT hr = S_OK;
ULONG cbData;
ULONG i;
DWORD dw; // bitfield: CAA_SIGNING_TIME, CAA_SMIME_CAPABILITIES
PCRYPT_ATTRIBUTES pattrs = NULL;
BOOL fpattrs = FALSE;
PCRYPT_ATTRIBUTE pattr = NULL;
LPBYTE pbSignTime = NULL;
LPBYTE pbAttr = NULL;
CRYPT_ATTRIBUTES attrs;
CRYPT_ATTR_BLOB valCaps;
CRYPT_ATTR_BLOB valTime;
Assert(pblAuthAttr);
Assert(pftSigntime);
Assert(pblSymcaps);
Assert(pblEncoded);
if ((pblAuthAttr->cbSize > 0) &&
((! HrDecodeObject(pblAuthAttr->pBlobData, pblAuthAttr->cbSize,
szOID_Microsoft_Attribute_Sequence,
0, &cbData, (LPVOID *)&pattrs)) && pattrs)) {
fpattrs = TRUE; // don't forget to free pattrs!
for (i = 0, dw = CAA_ALL; i < pattrs->cAttr; i++) {
if (lstrcmp(pattrs->rgAttr[i].pszObjId, szOID_RSA_signingTime) == 0) {
dw &= ~CAA_SIGNING_TIME;
}
else if (lstrcmp(pattrs->rgAttr[i].pszObjId, szOID_RSA_SMIMECapabilities) == 0) {
dw &= ~CAA_SMIME_CAPABILITIES;
}
}
} else {
// BUGBUG: Should probably report the error if MemAlloc failed. As it sits, there is no
// real harm except that the message will go out without a signing time and symcaps.
dw = CAA_ALL;
pattrs = &attrs;
attrs.cAttr = 0;
attrs.rgAttr = NULL;
}
if (MemAlloc((LPVOID *)&pattr, (pattrs->cAttr + 2) * sizeof(CRYPT_ATTRIBUTE))) {
memcpy(pattr, pattrs->rgAttr, pattrs->cAttr * sizeof(CRYPT_ATTRIBUTE));
pattrs->rgAttr = pattr;
//
// The default answer does not have a signing time in it. We are going
// to create and add a signing time. This may come from either
// a passed in parameter, or from the system.
if (dw & CAA_SIGNING_TIME) {
if ((pftSigntime->dwLowDateTime == 0) &&
(pftSigntime->dwHighDateTime == 0)) {
GetSystemTimeAsFileTime(pftSigntime); // caller sees it now!
}
cbData = 0;
if (CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CHOICE_OF_TIME,
pftSigntime, CRYPT_ENCODE_ALLOC_FLAG,
&CryptEncodeAlloc, &pbSignTime, &cbData)) {
// BUGBUG: Should probably report the error if MemAlloc failed. As it sits, there is no
// real harm except that the message will go out without a signing time and symcaps.
pattr[pattrs->cAttr].pszObjId = szOID_RSA_signingTime;
pattr[pattrs->cAttr].cValue = 1;
pattr[pattrs->cAttr].rgValue = &valTime;
pattr[pattrs->cAttr].rgValue[0].pbData = pbSignTime;
pattr[pattrs->cAttr].rgValue[0].cbData = cbData;
pattrs->cAttr += 1;
}
}
if (dw & CAA_SMIME_CAPABILITIES) {
if (pblSymcaps->cbSize > 0) {
pattr[pattrs->cAttr].pszObjId = szOID_RSA_SMIMECapabilities;
pattr[pattrs->cAttr].cValue = 1;
pattr[pattrs->cAttr].rgValue = &valCaps;
pattr[pattrs->cAttr].rgValue[0].pbData = pblSymcaps->pBlobData;
pattr[pattrs->cAttr].rgValue[0].cbData = pblSymcaps->cbSize;
pattrs->cAttr += 1;
}
}
cbData = 0;
if (CryptEncodeObjectEx(X509_ASN_ENCODING, szOID_Microsoft_Attribute_Sequence,
pattrs, CRYPT_ENCODE_ALLOC_FLAG,
&CryptEncodeAlloc, &pbAttr, &cbData)) {
hr = HrGetLastError();
goto exit;
}
pblEncoded->cbSize = cbData;
pblEncoded->pBlobData = pbAttr;
pbAttr = NULL; // Drop this pointer so that it won't be freed below
} else {
hr = E_OUTOFMEMORY;
}
exit:
SafeMemFree(pattr);
if (fpattrs) {
SafeMemFree(pattrs);
}
SafeMemFree(pbSignTime);
return(hr);
}
#endif // !SMIME_V3
/***************************************************************************
Name : IsSMimeProtocol
Purpose : Test if the protocol type of this root message body is
application/x-pkcs7-signature
Parameters: lpPropSet -> Property set of message
Returns : TRUE if this is an S/MIME protocol message
Comment : Used to differentiate between S/MIME and PGP signatures.
***************************************************************************/
BOOL IsSMimeProtocol(LPMIMEPROPERTYSET lpPropSet) {
PROPVARIANT var;
BOOL fReturn = FALSE;
var.vt = VT_LPSTR;
if (SUCCEEDED(lpPropSet->GetProp(
STR_PAR_PROTOCOL,
0, // [in] DWORD dwFlags,
&var))) {
if (var.pszVal) {
fReturn = (! lstrcmpi(var.pszVal, STR_MIME_APPL_PKCS7SIG)) ||
(! lstrcmpi(var.pszVal, STR_MIME_APPL_PKCS7SIG_1));
SafeMemFree(var.pszVal);
}
}
return(fReturn);
}
/***************************************************************************
Name : DuplicateMemory
Purpose : Allocate a new buffer and copy the old one into it.
Parameters: lpbIn -> Existing buffer
cbIn = size of lpvIn
Returns : new MemAlloc'ed buffer
Comment : Caller is responsible for MemFree'ing the returned buffer.
***************************************************************************/
LPBYTE DuplicateMemory(LPBYTE lpvIn, ULONG cbIn) {
LPBYTE lpbReturn = NULL;
if (MemAlloc((void**)&lpbReturn, cbIn)) {
memcpy(lpbReturn, lpvIn, cbIn);
}
return(lpbReturn);
}
//*************************************************************************
// CSECURITY_LAYER_DATA
//*************************************************************************
///////////////////////////////////////////////////////////////////////////
//
// ctor/dtor
//
CSECURITY_LAYER_DATA::CSECURITY_LAYER_DATA(void)
{
m_cRef = 1;
DOUT("CSECURITY_LAYER_DATA::constructor() %#x -> %d", this, m_cRef);
m_dwMsgEnhancement = MST_NONE;
m_fCertInLayer = FALSE;
m_cSigners = 0;
m_rgSigners = NULL;
m_cEncryptItems = 0;
#ifdef SMIME_V3
m_rgRecipientInfo = NULL;
m_ContentEncryptAlgorithm.pszObjId = NULL;
m_ContentEncryptAlgorithm.Parameters.cbData = 0;
m_ContentEncryptAlgorithm.Parameters.pbData = NULL;
m_pvEncryptAuxInfo = NULL;
m_blobUnprotectAttrs.pbData = NULL;
m_blobUnprotectAttrs.cbData = 0;
m_hstoreEncrypt = NULL;
#else // !SMIME_V3
m_rgEncryptItems = NULL;
#endif // SMIME_V3
m_ulDecValidity = 0;
m_blobDecAlg.cbSize = 0;
m_blobDecAlg.pBlobData = NULL;
m_pccertDecrypt = NULL;
m_hcertstor = NULL;
m_psldInner = NULL;
m_psldOuter = NULL;
}
CSECURITY_LAYER_DATA::~CSECURITY_LAYER_DATA(void)
{
DWORD i;
DWORD i1;
DWORD iSigner;
DOUT("CSECURITY_LAYER_DATA::destructor() %#x -> %d", this, m_cRef);
if (m_psldInner != NULL) {
m_psldInner->Release();
}
if (m_hcertstor != NULL) CertCloseStore(m_hcertstor, 0);
if (m_pccertDecrypt != NULL) CertFreeCertificateContext(m_pccertDecrypt);
SafeMemFree(m_blobDecAlg.pBlobData);
for (iSigner=0; iSigner<m_cSigners; iSigner++) {
if (m_rgSigners[iSigner].pccert != NULL)
CertFreeCertificateContext(m_rgSigners[iSigner].pccert);
SafeMemFree(m_rgSigners[iSigner].blobHashAlg.pBlobData);
SafeMemFree(m_rgSigners[iSigner].blobAuth.pBlobData);
SafeMemFree(m_rgSigners[iSigner].blobUnauth.pBlobData);
#ifdef SMIME_V3
SafeMemFree(m_rgSigners[iSigner].blobReceipt.pBlobData);
SafeMemFree(m_rgSigners[iSigner].blobHash.pBlobData);
#endif // SMIME_V3
}
SafeMemFree(m_rgSigners);
for (i=0; i<m_cEncryptItems; i++) {
#ifdef SMIME_V3
switch (m_rgRecipientInfo[i].dwRecipientChoice) {
case CMSG_KEY_TRANS_RECIPIENT:
if (m_rgRecipientInfo[i].pKeyTrans->KeyEncryptionAlgorithm.pszObjId != 0) {
MemFree(m_rgRecipientInfo[i].pKeyTrans->KeyEncryptionAlgorithm.pszObjId);
MemFree(m_rgRecipientInfo[i].pKeyTrans->KeyEncryptionAlgorithm.Parameters.pbData);
}
if (m_rgRecipientInfo[i].pKeyTrans->pvKeyEncryptionAuxInfo != NULL) {
MemFree(m_rgRecipientInfo[i].pKeyTrans->pvKeyEncryptionAuxInfo);
}
if (m_rgRecipientInfo[i].pKeyTrans->RecipientPublicKey.cbData != 0) {
MemFree(m_rgRecipientInfo[i].pKeyTrans->RecipientPublicKey.pbData);
}
if (m_rgRecipientInfo[i].pKeyTrans->RecipientId.dwIdChoice == CERT_ID_KEY_IDENTIFIER)
{
if (m_rgRecipientInfo[i].pKeyTrans->RecipientId.KeyId.cbData != 0) {
MemFree(m_rgRecipientInfo[i].pKeyTrans->RecipientId.KeyId.pbData);
}
}
else if (m_rgRecipientInfo[i].pKeyTrans->RecipientId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER)
{
if (m_rgRecipientInfo[i].pKeyTrans->RecipientId.IssuerSerialNumber.Issuer.cbData != 0) {
MemFree(m_rgRecipientInfo[i].pKeyTrans->RecipientId.IssuerSerialNumber.Issuer.pbData);
}
if (m_rgRecipientInfo[i].pKeyTrans->RecipientId.IssuerSerialNumber.SerialNumber.cbData != 0) {
MemFree(m_rgRecipientInfo[i].pKeyTrans->RecipientId.IssuerSerialNumber.SerialNumber.pbData);
}
}
SafeMemFree(m_rgRecipientInfo[i].pKeyTrans);
break;
case CMSG_MAIL_LIST_RECIPIENT:
if (m_rgRecipientInfo[i].pMailList->KeyEncryptionAlgorithm.pszObjId != 0) {
MemFree(m_rgRecipientInfo[i].pMailList->KeyEncryptionAlgorithm.pszObjId);
MemFree(m_rgRecipientInfo[i].pMailList->KeyEncryptionAlgorithm.Parameters.pbData);
}
if (m_rgRecipientInfo[i].pMailList->pvKeyEncryptionAuxInfo != NULL) {
MemFree(m_rgRecipientInfo[i].pMailList->pvKeyEncryptionAuxInfo);
}
if (m_rgRecipientInfo[i].pMailList->pOtherAttr != NULL) {
MemFree(m_rgRecipientInfo[i].pMailList->pOtherAttr->pszObjId);
MemFree(m_rgRecipientInfo[i].pMailList->pOtherAttr->Value.pbData);
}
SafeMemFree(m_rgRecipientInfo[i].pMailList);
break;
case CMSG_KEY_AGREE_RECIPIENT:
if (m_rgRecipientInfo[i].pKeyAgree->KeyEncryptionAlgorithm.pszObjId != 0) {
MemFree(m_rgRecipientInfo[i].pKeyAgree->KeyEncryptionAlgorithm.pszObjId);
MemFree(m_rgRecipientInfo[i].pKeyAgree->KeyEncryptionAlgorithm.Parameters.pbData);
}
if (m_rgRecipientInfo[i].pKeyAgree->pvKeyEncryptionAuxInfo != NULL) {
MemFree(m_rgRecipientInfo[i].pKeyAgree->pvKeyEncryptionAuxInfo);
}
SafeMemFree(m_rgRecipientInfo[i].pKeyAgree);
break;
default:
Assert(FALSE);
break;
}
#else // SMIME_V3
SafeMemFree(m_rgEncryptItems[i].Transport.blobAlg.pBlobData);
switch (m_rgEncryptItems[i].dwTagType) {
case ENCRYPT_ITEM_TRANSPORT:
for (i1=0; i1<m_rgEncryptItems[i].Transport.cCert; i1++) {
CertFreeCertificateContext(m_rgEncryptItems[i].Transport.rgpccert[i1]);
}
SafeMemFree(m_rgEncryptItems[i].Transport.rgpccert);
break;
default:
Assert(FALSE);
break;
}
#endif // SMIME_V3
}
#ifdef SMIME_V3
SafeMemFree(m_rgRecipientInfo);
SafeMemFree(m_pvEncryptAuxInfo);
SafeMemFree(m_ContentEncryptAlgorithm.pszObjId);
SafeMemFree(m_ContentEncryptAlgorithm.Parameters.pbData);
SafeMemFree(m_blobUnprotectAttrs.pbData);
CertCloseStore(m_hstoreEncrypt, 0);
#else // SMIME_V3
SafeMemFree(m_rgEncryptItems);
#endif // SMIME_V3
}
///////////////////////////////////////////////////////////////////////////
//
// IUnknown methods
//
STDMETHODIMP CSECURITY_LAYER_DATA::QueryInterface(REFIID riid, LPVOID *ppv)
{
if (!ppv)
return TrapError(E_INVALIDARG);
// Find IID
if (IID_IUnknown == riid) {
*ppv = THIS_AS_UNK;
}
else if (IID_IStream == riid) {
*ppv = (IStream *)this;
}
else {
*ppv = NULL;
return E_NOINTERFACE;
}
((IUnknown *)*ppv)->AddRef();
return S_OK;
}
STDMETHODIMP_(ULONG) CSECURITY_LAYER_DATA::AddRef(void)
{
DOUT("CSECURITY_LAYER_DATA::AddRef() %#x -> %d", this, m_cRef+1);
InterlockedIncrement((LPLONG)&m_cRef);
return m_cRef;
}
STDMETHODIMP_(ULONG) CSECURITY_LAYER_DATA::Release(void)
{
DOUT("CSECURITY_LAYER_DATA::Release() %#x -> %d", this, m_cRef-1);
if (0 == InterlockedDecrement((LPLONG)&m_cRef)) {
delete this;
return 0;
}
return m_cRef;
}
#ifdef SMIME_V3
/*** HrCopyOID
*
* Description:
* General utility function to make copying of recipient info objects much easier
*/
HRESULT HrCopyOID(LPCSTR psz, LPSTR * ppsz)
{
DWORD cb;
HRESULT hr = S_OK;
cb = strlen(psz) + 1;
CHECKHR(hr = HrAlloc((void **) ppsz, cb));
memcpy(*ppsz, psz, cb);
exit:
return hr;
}
/*** HrCopyCryptDataBlob
*
* Description:
* General utility function to make copying of recipient info objects much easier
*/
HRESULT HrCopyCryptDataBlob(const CRYPT_DATA_BLOB * pblobSrc, PCRYPT_DATA_BLOB pblobDst)
{
HRESULT hr = S_OK;
if (pblobSrc->cbData == 0) {
Assert(pblobDst->pbData == NULL);
Assert(pblobDst->cbData == 0);
goto exit;
}
CHECKHR(hr = HrAlloc((void **) &pblobDst->pbData, pblobSrc->cbData));
memcpy(pblobDst->pbData, pblobSrc->pbData, pblobSrc->cbData);
pblobDst->cbData = pblobSrc->cbData;
exit:
return hr;
}
/*** HrCopyCryptDataBlob
*
* Description:
* General utility function to make copying of recipient info objects much easier
*/
HRESULT HrCopyCryptBitBlob(const CRYPT_BIT_BLOB * pblobSrc, PCRYPT_BIT_BLOB pblobDst)
{
HRESULT hr = S_OK;
if (pblobSrc->cbData == 0) {
Assert(pblobDst->pbData == NULL);
Assert(pblobDst->cbData == 0);
goto exit;
}
CHECKHR(hr = HrAlloc((void **) &pblobDst->pbData, pblobSrc->cbData));
memcpy(pblobDst->pbData, pblobSrc->pbData, pblobSrc->cbData);
pblobDst->cbData = pblobSrc->cbData;
pblobDst->cUnusedBits = pblobSrc->cUnusedBits;
exit:
return hr;
}
HRESULT HrCopyCryptAlgorithm(const CRYPT_ALGORITHM_IDENTIFIER * pAlgSrc,
PCRYPT_ALGORITHM_IDENTIFIER pAlgDst)
{
HRESULT hr = S_OK;
CHECKHR(hr = HrCopyOID(pAlgSrc->pszObjId, &pAlgDst->pszObjId));
if (pAlgSrc->Parameters.cbData != 0) {
CHECKHR(hr = HrCopyCryptDataBlob(&pAlgSrc->Parameters, &pAlgDst->Parameters));
}
exit:
return hr;
}
HRESULT HrCopyCertId(const CERT_ID * pcertidSrc, PCERT_ID pcertidDst)
{
HRESULT hr = S_OK;
pcertidDst->dwIdChoice = pcertidSrc->dwIdChoice;
switch (pcertidSrc->dwIdChoice) {
case CERT_ID_ISSUER_SERIAL_NUMBER:
hr = HrCopyCryptDataBlob(&pcertidSrc->IssuerSerialNumber.Issuer,
&pcertidDst->IssuerSerialNumber.Issuer);
hr = HrCopyCryptDataBlob(&pcertidSrc->IssuerSerialNumber.SerialNumber,
&pcertidDst->IssuerSerialNumber.SerialNumber);
break;
case CERT_ID_KEY_IDENTIFIER:
hr = HrCopyCryptDataBlob(&pcertidSrc->HashId, &pcertidDst->HashId);
break;
case CERT_ID_SHA1_HASH:
hr = HrCopyCryptDataBlob(&pcertidSrc->HashId, &pcertidDst->HashId);
break;
default:
return E_FAIL;
}
return hr;
}
/*** FreeRecipientInfo
*
* Description:
* Free all of the data pointed to by the recipient info as well as the recipient
* info object itself.
*/
void FreeRecipientInfoContent(PCMS_RECIPIENT_INFO pRecipInfo)
{
if (pRecipInfo->pccert != NULL) {
CertFreeCertificateContext(pRecipInfo->pccert);
}
if (pRecipInfo->KeyEncryptionAlgorithm.pszObjId != 0) {
MemFree(pRecipInfo->KeyEncryptionAlgorithm.pszObjId);
MemFree(pRecipInfo->KeyEncryptionAlgorithm.Parameters.pbData);
}
if (pRecipInfo->pvKeyEncryptionAuxInfo != NULL) {
MemFree(pRecipInfo->pvKeyEncryptionAuxInfo);
}
if ((pRecipInfo->dwU1 == CMS_RECIPIENT_INFO_PUBKEY_KEYTRANS) &&
(pRecipInfo->u1.SubjectPublicKey.cbData != 0)) {
MemFree(pRecipInfo->u1.SubjectPublicKey.pbData);
}
if (pRecipInfo->dwU1 == CMS_RECIPIENT_INFO_PUBKEY_PROVIDER) {
Assert(FALSE);
}
if (pRecipInfo->dwU3 == CMS_RECIPIENT_INFO_KEYID_ISSUERSERIAL) {
if (pRecipInfo->u3.IssuerSerial.Issuer.cbData != 0) {
MemFree(pRecipInfo->u3.IssuerSerial.Issuer.pbData);
}
if (pRecipInfo->u3.IssuerSerial.SerialNumber.cbData != 0) {
MemFree(pRecipInfo->u3.IssuerSerial.SerialNumber.pbData);
}
}
if (pRecipInfo->dwU3 == CMS_RECIPIENT_INFO_KEYID_KEY_ID) {
if (pRecipInfo->u3.KeyId.cbData != 0) {
MemFree(pRecipInfo->u3.KeyId.pbData);
}
}
if (pRecipInfo->pOtherAttr != NULL) {
MemFree(pRecipInfo->pOtherAttr->pszObjId);
MemFree(pRecipInfo->pOtherAttr->Value.pbData);
}
return;
}
#endif // SMIME_V3
/* * * END --- SMIME.CPP --- END * * */
Reference in New Issue View Git Blame Copy Permalink