search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
wintrust: Implement CryptCATAdminEnumCatalogFromHash.
[wine/wine64.git] / dlls / wintrust / crypt.c
blobd68267c960a6cfb068ec52872634fafa84983d38
1 /*
2 * WinTrust Cryptography functions
3 *
4 * Copyright 2006 James Hawkins
5 * Copyright 2000-2002 Stuart Caie
6 * Copyright 2002 Patrik Stridvall
7 * Copyright 2003 Greg Turner
8 * Copyright 2008 Juan Lang
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 */
24
25 #include <stdarg.h>
26 #include <stdio.h>
27 #include "windef.h"
28 #include "winbase.h"
29 #include "wintrust.h"
30 #include "mscat.h"
31 #include "mssip.h"
32 #include "imagehlp.h"
33
34 #include "wine/debug.h"
35 #include "wine/unicode.h"
36
37 WINE_DEFAULT_DEBUG_CHANNEL(wintrust);
38
39 #define CATADMIN_MAGIC 0x43415441 /* 'CATA' */
40 #define CATINFO_MAGIC 0x43415449 /* 'CATI' */
41
42 struct catadmin
43 {
44 DWORD magic;
45 WCHAR path[MAX_PATH];
46 HANDLE find;
47 };
48
49 struct catinfo
50 {
51 DWORD magic;
52 WCHAR file[MAX_PATH];
53 };
54
55 static HCATINFO create_catinfo(const WCHAR *filename)
56 {
57 struct catinfo *ci;
58
59 if (!(ci = HeapAlloc(GetProcessHeap(), 0, sizeof(*ci))))
60 {
61 SetLastError(ERROR_OUTOFMEMORY);
62 return INVALID_HANDLE_VALUE;
63 }
64 strcpyW(ci->file, filename);
65 ci->magic = CATINFO_MAGIC;
66 return ci;
67 }
68
69 /***********************************************************************
70 * CryptCATAdminAcquireContext (WINTRUST.@)
71 *
72 * Get a catalog administrator context handle.
73 *
74 * PARAMS
75 * catAdmin [O] Pointer to the context handle.
76 * sys [I] Pointer to a GUID for the needed subsystem.
77 * dwFlags [I] Reserved.
78 *
79 * RETURNS
80 * Success: TRUE. catAdmin contains the context handle.
81 * Failure: FALSE.
82 *
83 */
84 BOOL WINAPI CryptCATAdminAcquireContext(HCATADMIN *catAdmin,
85 const GUID *sys, DWORD dwFlags)
86 {
87 static const WCHAR catroot[] =
88 {'\\','c','a','t','r','o','o','t',0};
89 static const WCHAR fmt[] =
90 {'%','s','\\','{','%','0','8','x','-','%','0','4','x','-','%','0',
91 '4','x','-','%','0','2','x','%','0','2','x','-','%','0','2','x',
92 '%','0','2','x','%','0','2','x','%','0','2','x','%','0','2','x',
93 '%','0','2','x','}',0};
94 static const GUID defsys =
95 {0x127d0a1d,0x4ef2,0x11d1,{0x86,0x08,0x00,0xc0,0x4f,0xc2,0x95,0xee}};
96
97 WCHAR catroot_dir[MAX_PATH];
98 struct catadmin *ca;
99
100 TRACE("%p %s %x\n", catAdmin, debugstr_guid(sys), dwFlags);
101
102 if (!catAdmin)
103 {
104 SetLastError(ERROR_INVALID_PARAMETER);
105 return FALSE;
106 }
107 if (!(ca = HeapAlloc(GetProcessHeap(), 0, sizeof(*ca))))
108 {
109 SetLastError(ERROR_OUTOFMEMORY);
110 return FALSE;
111 }
112
113 GetSystemDirectoryW(catroot_dir, MAX_PATH);
114 strcatW(catroot_dir, catroot);
115
116 /* create the directory if it doesn't exist */
117 CreateDirectoryW(catroot_dir, NULL);
118
119 if (!sys) sys = &defsys;
120 sprintfW(ca->path, fmt, catroot_dir, sys->Data1, sys->Data2,
121 sys->Data3, sys->Data4[0], sys->Data4[1], sys->Data4[2],
122 sys->Data4[3], sys->Data4[4], sys->Data4[5], sys->Data4[6],
123 sys->Data4[7]);
124
125 /* create the directory if it doesn't exist */
126 CreateDirectoryW(ca->path, NULL);
127
128 ca->magic = CATADMIN_MAGIC;
129 ca->find = NULL;
130
131 *catAdmin = ca;
132 return TRUE;
133 }
134
135 /***********************************************************************
136 * CryptCATAdminAddCatalog (WINTRUST.@)
137 */
138 HCATINFO WINAPI CryptCATAdminAddCatalog(HCATADMIN catAdmin, PWSTR catalogFile,
139 PWSTR selectBaseName, DWORD flags)
140 {
141 static const WCHAR slashW[] = {'\\',0};
142 struct catadmin *ca = catAdmin;
143 struct catinfo *ci;
144 WCHAR *target;
145 DWORD len;
146
147 TRACE("%p %s %s %d\n", catAdmin, debugstr_w(catalogFile),
148 debugstr_w(selectBaseName), flags);
149
150 if (!selectBaseName)
151 {
152 FIXME("NULL basename not handled\n");
153 SetLastError(ERROR_INVALID_PARAMETER);
154 return NULL;
155 }
156 if (!ca || ca->magic != CATADMIN_MAGIC || !catalogFile || flags)
157 {
158 SetLastError(ERROR_INVALID_PARAMETER);
159 return NULL;
160 }
161
162 len = strlenW(ca->path) + strlenW(selectBaseName) + 2;
163 if (!(target = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR))))
164 {
165 SetLastError(ERROR_OUTOFMEMORY);
166 return NULL;
167 }
168 strcpyW(target, ca->path);
169 strcatW(target, slashW);
170 strcatW(target, selectBaseName);
171
172 if (!CopyFileW(catalogFile, target, FALSE))
173 {
174 HeapFree(GetProcessHeap(), 0, target);
175 return NULL;
176 }
177 if (!(ci = HeapAlloc(GetProcessHeap(), 0, sizeof(*ci))))
178 {
179 HeapFree(GetProcessHeap(), 0, target);
180 SetLastError(ERROR_OUTOFMEMORY);
181 return NULL;
182 }
183 ci->magic = CATINFO_MAGIC;
184 strcpyW(ci->file, target);
185
186 HeapFree(GetProcessHeap(), 0, target);
187 return ci;
188 }
189
190 /***********************************************************************
191 * CryptCATAdminCalcHashFromFileHandle (WINTRUST.@)
192 */
193 BOOL WINAPI CryptCATAdminCalcHashFromFileHandle(HANDLE hFile, DWORD* pcbHash,
194 BYTE* pbHash, DWORD dwFlags )
195 {
196 BOOL ret = FALSE;
197
198 TRACE("%p %p %p %x\n", hFile, pcbHash, pbHash, dwFlags);
199
200 if (!hFile || !pcbHash || dwFlags)
201 {
202 SetLastError(ERROR_INVALID_PARAMETER);
203 return FALSE;
204 }
205 if (*pcbHash < 20)
206 {
207 *pcbHash = 20;
208 SetLastError(ERROR_INSUFFICIENT_BUFFER);
209 return TRUE;
210 }
211
212 *pcbHash = 20;
213 if (pbHash)
214 {
215 HCRYPTPROV prov;
216 HCRYPTHASH hash;
217 DWORD bytes_read;
218 BYTE *buffer;
219
220 if (!(buffer = HeapAlloc(GetProcessHeap(), 0, 4096)))
221 {
222 SetLastError(ERROR_OUTOFMEMORY);
223 return FALSE;
224 }
225 ret = CryptAcquireContextW(&prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
226 if (!ret)
227 {
228 HeapFree(GetProcessHeap(), 0, buffer);
229 return FALSE;
230 }
231 ret = CryptCreateHash(prov, CALG_SHA1, 0, 0, &hash);
232 if (!ret)
233 {
234 HeapFree(GetProcessHeap(), 0, buffer);
235 CryptReleaseContext(prov, 0);
236 return FALSE;
237 }
238 while ((ret = ReadFile(hFile, buffer, 4096, &bytes_read, NULL)) && bytes_read)
239 {
240 CryptHashData(hash, buffer, bytes_read, 0);
241 }
242 if (ret) ret = CryptGetHashParam(hash, HP_HASHVAL, pbHash, pcbHash, 0);
243
244 HeapFree(GetProcessHeap(), 0, buffer);
245 CryptDestroyHash(hash);
246 CryptReleaseContext(prov, 0);
247 }
248 return ret;
249 }
250
251 /***********************************************************************
252 * CryptCATAdminEnumCatalogFromHash (WINTRUST.@)
253 */
254 HCATINFO WINAPI CryptCATAdminEnumCatalogFromHash(HCATADMIN hCatAdmin, BYTE* pbHash,
255 DWORD cbHash, DWORD dwFlags,
256 HCATINFO* phPrevCatInfo )
257 {
258 static const WCHAR slashW[] = {'\\',0};
259 static const WCHAR globW[] = {'\\','*','.','c','a','t',0};
260
261 struct catadmin *ca = hCatAdmin;
262 WIN32_FIND_DATAW data;
263 HCATINFO prev = NULL;
264 HCRYPTPROV prov;
265 DWORD size;
266 BOOL ret;
267
268 TRACE("%p %p %d %x %p\n", hCatAdmin, pbHash, cbHash, dwFlags, phPrevCatInfo);
269
270 if (!ca || ca->magic != CATADMIN_MAGIC || !pbHash || cbHash != 20 || dwFlags)
271 {
272 SetLastError(ERROR_INVALID_PARAMETER);
273 return NULL;
274 }
275 if (phPrevCatInfo) prev = *phPrevCatInfo;
276
277 ret = CryptAcquireContextW(&prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
278 if (!ret) return NULL;
279
280 if (!prev)
281 {
282 WCHAR *path;
283
284 size = strlenW(ca->path) * sizeof(WCHAR) + sizeof(globW);
285 if (!(path = HeapAlloc(GetProcessHeap(), 0, size)))
286 {
287 CryptReleaseContext(prov, 0);
288 SetLastError(ERROR_OUTOFMEMORY);
289 return NULL;
290 }
291 strcpyW(path, ca->path);
292 strcatW(path, globW);
293
294 if (ca->find) FindClose(ca->find);
295 ca->find = FindFirstFileW(path, &data);
296
297 HeapFree(GetProcessHeap(), 0, path);
298 if (!ca->find)
299 {
300 CryptReleaseContext(prov, 0);
301 return NULL;
302 }
303 }
304 else if (!FindNextFileW(ca->find, &data))
305 {
306 CryptCATAdminReleaseCatalogContext(hCatAdmin, prev, 0);
307 CryptReleaseContext(prov, 0);
308 return NULL;
309 }
310
311 while (1)
312 {
313 WCHAR *filename;
314 CRYPTCATMEMBER *member = NULL;
315 struct catinfo *ci;
316 HANDLE hcat;
317
318 size = (strlenW(ca->path) + strlenW(data.cFileName) + 2) * sizeof(WCHAR);
319 if (!(filename = HeapAlloc(GetProcessHeap(), 0, size)))
320 {
321 SetLastError(ERROR_OUTOFMEMORY);
322 return NULL;
323 }
324 strcpyW(filename, ca->path);
325 strcatW(filename, slashW);
326 strcatW(filename, data.cFileName);
327
328 hcat = CryptCATOpen(filename, CRYPTCAT_OPEN_EXISTING, prov, 0, 0);
329 if (hcat == INVALID_HANDLE_VALUE)
330 {
331 WARN("couldn't open %s (%u)\n", debugstr_w(filename), GetLastError());
332 continue;
333 }
334 while ((member = CryptCATEnumerateMember(hcat, member)))
335 {
336 if (member->pIndirectData->Digest.cbData != cbHash)
337 {
338 WARN("amount of hash bytes differs: %u/%u\n", member->pIndirectData->Digest.cbData, cbHash);
339 continue;
340 }
341 if (!memcmp(member->pIndirectData->Digest.pbData, pbHash, cbHash))
342 {
343 TRACE("file %s matches\n", debugstr_w(data.cFileName));
344
345 CryptCATClose(hcat);
346 CryptReleaseContext(prov, 0);
347 if (!phPrevCatInfo)
348 {
349 FindClose(ca->find);
350 ca->find = NULL;
351 }
352 ci = create_catinfo(filename);
353 HeapFree(GetProcessHeap(), 0, filename);
354 return ci;
355 }
356 }
357 CryptCATClose(hcat);
358 HeapFree(GetProcessHeap(), 0, filename);
359
360 if (!FindNextFileW(ca->find, &data))
361 {
362 FindClose(ca->find);
363 ca->find = NULL;
364 CryptReleaseContext(prov, 0);
365 return NULL;
366 }
367 }
368 return NULL;
369 }
370
371 /***********************************************************************
372 * CryptCATAdminReleaseCatalogContext (WINTRUST.@)
373 *
374 * Release a catalog context handle.
375 *
376 * PARAMS
377 * hCatAdmin [I] Context handle.
378 * hCatInfo [I] Catalog handle.
379 * dwFlags [I] Reserved.
380 *
381 * RETURNS
382 * Success: TRUE.
383 * Failure: FALSE.
384 *
385 */
386 BOOL WINAPI CryptCATAdminReleaseCatalogContext(HCATADMIN hCatAdmin,
387 HCATINFO hCatInfo,
388 DWORD dwFlags)
389 {
390 struct catinfo *ci = hCatInfo;
391 struct catadmin *ca = hCatAdmin;
392
393 TRACE("%p %p %x\n", hCatAdmin, hCatInfo, dwFlags);
394
395 if (!ca || ca->magic != CATADMIN_MAGIC || !ci || ci->magic != CATINFO_MAGIC)
396 {
397 SetLastError(ERROR_INVALID_PARAMETER);
398 return FALSE;
399 }
400 ci->magic = 0;
401 return HeapFree(GetProcessHeap(), 0, ci);
402 }
403
404 /***********************************************************************
405 * CryptCATAdminReleaseContext (WINTRUST.@)
406 *
407 * Release a catalog administrator context handle.
408 *
409 * PARAMS
410 * catAdmin [I] Context handle.
411 * dwFlags [I] Reserved.
412 *
413 * RETURNS
414 * Success: TRUE.
415 * Failure: FALSE.
416 *
417 */
418 BOOL WINAPI CryptCATAdminReleaseContext(HCATADMIN hCatAdmin, DWORD dwFlags )
419 {
420 struct catadmin *ca = hCatAdmin;
421
422 TRACE("%p %x\n", hCatAdmin, dwFlags);
423
424 if (!ca || ca->magic != CATADMIN_MAGIC)
425 {
426 SetLastError(ERROR_INVALID_PARAMETER);
427 return FALSE;
428 }
429 if (ca->find) FindClose(ca->find);
430 ca->magic = 0;
431 return HeapFree(GetProcessHeap(), 0, ca);
432 }
433
434 /***********************************************************************
435 * CryptCATAdminRemoveCatalog (WINTRUST.@)
436 *
437 * Remove a catalog file.
438 *
439 * PARAMS
440 * catAdmin [I] Context handle.
441 * pwszCatalogFile [I] Catalog file.
442 * dwFlags [I] Reserved.
443 *
444 * RETURNS
445 * Success: TRUE.
446 * Failure: FALSE.
447 *
448 */
449 BOOL WINAPI CryptCATAdminRemoveCatalog(HCATADMIN hCatAdmin, LPCWSTR pwszCatalogFile, DWORD dwFlags)
450 {
451 struct catadmin *ca = hCatAdmin;
452
453 TRACE("%p %s %x\n", hCatAdmin, debugstr_w(pwszCatalogFile), dwFlags);
454
455 if (!ca || ca->magic != CATADMIN_MAGIC)
456 {
457 SetLastError(ERROR_INVALID_PARAMETER);
458 return FALSE;
459 }
460 return DeleteFileW(pwszCatalogFile);
461 }
462
463 /***********************************************************************
464 * CryptCATClose (WINTRUST.@)
465 */
466 BOOL WINAPI CryptCATClose(HANDLE hCatalog)
467 {
468 FIXME("(%p) stub\n", hCatalog);
469 return TRUE;
470 }
471
472 /***********************************************************************
473 * CryptCATEnumerateMember (WINTRUST.@)
474 */
475 CRYPTCATMEMBER *WINAPI CryptCATEnumerateMember(HANDLE hCatalog, CRYPTCATMEMBER* pPrevMember)
476 {
477 FIXME("(%p, %p) stub\n", hCatalog, pPrevMember);
478 return NULL;
479 }
480
481 /***********************************************************************
482 * CryptCATOpen (WINTRUST.@)
483 */
484 HANDLE WINAPI CryptCATOpen(LPWSTR pwszFileName, DWORD fdwOpenFlags, HCRYPTPROV hProv,
485 DWORD dwPublicVersion, DWORD dwEncodingType)
486 {
487 FIXME("(%s, %d, %ld, %d, %d) stub\n", debugstr_w(pwszFileName), fdwOpenFlags,
488 hProv, dwPublicVersion, dwEncodingType);
489 return 0;
490 }
491
492 /***********************************************************************
493 * CryptSIPCreateIndirectData (WINTRUST.@)
494 */
495 BOOL WINAPI CryptSIPCreateIndirectData(SIP_SUBJECTINFO* pSubjectInfo, DWORD* pcbIndirectData,
496 SIP_INDIRECT_DATA* pIndirectData)
497 {
498 FIXME("(%p %p %p) stub\n", pSubjectInfo, pcbIndirectData, pIndirectData);
499
500 return FALSE;
501 }
502
503 static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
504 DWORD *pdwEncodingType, DWORD dwIndex, DWORD *pcbSignedDataMsg,
505 BYTE *pbSignedDataMsg)
506 {
507 BOOL ret;
508 WIN_CERTIFICATE *pCert = NULL;
509
510 TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
511 pcbSignedDataMsg, pbSignedDataMsg);
512
513 if (!pbSignedDataMsg)
514 {
515 WIN_CERTIFICATE cert;
516
517 /* app hasn't passed buffer, just get the length */
518 ret = ImageGetCertificateHeader(pSubjectInfo->hFile, dwIndex, &cert);
519 if (ret)
520 *pcbSignedDataMsg = cert.dwLength;
521 }
522 else
523 {
524 DWORD len = 0;
525
526 ret = ImageGetCertificateData(pSubjectInfo->hFile, dwIndex, NULL, &len);
527 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
528 goto error;
529 pCert = HeapAlloc(GetProcessHeap(), 0, len);
530 if (!pCert)
531 {
532 ret = FALSE;
533 goto error;
534 }
535 ret = ImageGetCertificateData(pSubjectInfo->hFile, dwIndex, pCert,
536 &len);
537 if (!ret)
538 goto error;
539 if (*pcbSignedDataMsg < pCert->dwLength)
540 {
541 *pcbSignedDataMsg = pCert->dwLength;
542 SetLastError(ERROR_INSUFFICIENT_BUFFER);
543 ret = FALSE;
544 }
545 else
546 {
547 memcpy(pbSignedDataMsg, pCert->bCertificate, pCert->dwLength);
548 switch (pCert->wCertificateType)
549 {
550 case WIN_CERT_TYPE_X509:
551 *pdwEncodingType = X509_ASN_ENCODING;
552 break;
553 case WIN_CERT_TYPE_PKCS_SIGNED_DATA:
554 *pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
555 break;
556 default:
557 FIXME("don't know what to do for encoding type %d\n",
558 pCert->wCertificateType);
559 *pdwEncodingType = 0;
560 }
561 }
562 }
563 error:
564 HeapFree(GetProcessHeap(), 0, pCert);
565 return ret;
566 }
567
568 /* structure offsets */
569 #define cfhead_Signature (0x00)
570 #define cfhead_CabinetSize (0x08)
571 #define cfhead_MinorVersion (0x18)
572 #define cfhead_MajorVersion (0x19)
573 #define cfhead_Flags (0x1E)
574 #define cfhead_SIZEOF (0x24)
575 #define cfheadext_HeaderReserved (0x00)
576 #define cfheadext_SIZEOF (0x04)
577 #define cfsigninfo_CertOffset (0x04)
578 #define cfsigninfo_CertSize (0x08)
579 #define cfsigninfo_SIZEOF (0x0C)
580
581 /* flags */
582 #define cfheadRESERVE_PRESENT (0x0004)
583
584 /* endian-neutral reading of little-endian data */
585 #define EndGetI32(a) ((((a)[3])<<24)|(((a)[2])<<16)|(((a)[1])<<8)|((a)[0]))
586 #define EndGetI16(a) ((((a)[1])<<8)|((a)[0]))
587
588 /* For documentation purposes only: this is the structure in the reserved
589 * area of a signed cabinet file. The cert offset indicates where in the
590 * cabinet file the signature resides, and the count indicates its size.
591 */
592 typedef struct _CAB_SIGNINFO
593 {
594 WORD unk0; /* always 0? */
595 WORD unk1; /* always 0x0010? */
596 DWORD dwCertOffset;
597 DWORD cbCertBlock;
598 } CAB_SIGNINFO, *PCAB_SIGNINFO;
599
600 static BOOL WINTRUST_GetSignedMsgFromCabFile(SIP_SUBJECTINFO *pSubjectInfo,
601 DWORD *pdwEncodingType, DWORD dwIndex, DWORD *pcbSignedDataMsg,
602 BYTE *pbSignedDataMsg)
603 {
604 int header_resv;
605 LONG base_offset, cabsize;
606 USHORT flags;
607 BYTE buf[64];
608 DWORD cert_offset, cert_size, dwRead;
609
610 TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
611 pcbSignedDataMsg, pbSignedDataMsg);
612
613 /*
614 * FIXME: I just noticed that I am memorizing the initial file pointer
615 * offset and restoring it before reading in the rest of the header
616 * information in the cabinet. Perhaps that's correct -- that is, perhaps
617 * this API is supposed to support "streaming" cabinets which are embedded
618 * in other files, or cabinets which begin at file offsets other than zero.
619 * Otherwise, I should instead go to the absolute beginning of the file.
620 * (Either way, the semantics of wine's FDICopy require me to leave the
621 * file pointer where it is afterwards -- If Windows does not do so, we
622 * ought to duplicate the native behavior in the FDIIsCabinet API, not here.
623 *
624 * So, the answer lies in Windows; will native cabinet.dll recognize a
625 * cabinet "file" embedded in another file? Note that cabextract.c does
626 * support this, which implies that Microsoft's might. I haven't tried it
627 * yet so I don't know. ATM, most of wine's FDI cabinet routines (except
628 * this one) would not work in this way. To fix it, we could just make the
629 * various references to absolute file positions in the code relative to an
630 * initial "beginning" offset. Because the FDICopy API doesn't take a
631 * file-handle like this one, we would therein need to search through the
632 * file for the beginning of the cabinet (as we also do in cabextract.c).
633 * Note that this limits us to a maximum of one cabinet per. file: the first.
634 *
635 * So, in summary: either the code below is wrong, or the rest of fdi.c is
636 * wrong... I cannot imagine that both are correct ;) One of these flaws
637 * should be fixed after determining the behavior on Windows. We ought
638 * to check both FDIIsCabinet and FDICopy for the right behavior.
639 *
640 * -gmt
641 */
642
643 /* get basic offset & size info */
644 base_offset = SetFilePointer(pSubjectInfo->hFile, 0L, NULL, SEEK_CUR);
645
646 if (SetFilePointer(pSubjectInfo->hFile, 0, NULL, SEEK_END) == INVALID_SET_FILE_POINTER)
647 {
648 TRACE("seek error\n");
649 return FALSE;
650 }
651
652 cabsize = SetFilePointer(pSubjectInfo->hFile, 0L, NULL, SEEK_CUR);
653 if ((cabsize == -1) || (base_offset == -1) ||
654 (SetFilePointer(pSubjectInfo->hFile, base_offset, NULL, SEEK_SET) == INVALID_SET_FILE_POINTER))
655 {
656 TRACE("seek error\n");
657 return FALSE;
658 }
659
660 /* read in the CFHEADER */
661 if (!ReadFile(pSubjectInfo->hFile, buf, cfhead_SIZEOF, &dwRead, NULL) ||
662 dwRead != cfhead_SIZEOF)
663 {
664 TRACE("reading header failed\n");
665 return FALSE;
666 }
667
668 /* check basic MSCF signature */
669 if (EndGetI32(buf+cfhead_Signature) != 0x4643534d)
670 {
671 WARN("cabinet signature not present\n");
672 return FALSE;
673 }
674
675 /* Ignore the number of folders and files and the set and cabinet IDs */
676
677 /* check the header revision */
678 if ((buf[cfhead_MajorVersion] > 1) ||
679 (buf[cfhead_MajorVersion] == 1 && buf[cfhead_MinorVersion] > 3))
680 {
681 WARN("cabinet format version > 1.3\n");
682 return FALSE;
683 }
684
685 /* pull the flags out */
686 flags = EndGetI16(buf+cfhead_Flags);
687
688 if (!(flags & cfheadRESERVE_PRESENT))
689 {
690 TRACE("no header present, not signed\n");
691 return FALSE;
692 }
693
694 if (!ReadFile(pSubjectInfo->hFile, buf, cfheadext_SIZEOF, &dwRead, NULL) ||
695 dwRead != cfheadext_SIZEOF)
696 {
697 ERR("bunk reserve-sizes?\n");
698 return FALSE;
699 }
700
701 header_resv = EndGetI16(buf+cfheadext_HeaderReserved);
702 if (!header_resv)
703 {
704 TRACE("no header_resv, not signed\n");
705 return FALSE;
706 }
707 else if (header_resv < cfsigninfo_SIZEOF)
708 {
709 TRACE("header_resv too small, not signed\n");
710 return FALSE;
711 }
712
713 if (header_resv > 60000)
714 {
715 WARN("WARNING; header reserved space > 60000\n");
716 }
717
718 if (!ReadFile(pSubjectInfo->hFile, buf, cfsigninfo_SIZEOF, &dwRead, NULL) ||
719 dwRead != cfsigninfo_SIZEOF)
720 {
721 ERR("couldn't read reserve\n");
722 return FALSE;
723 }
724
725 cert_offset = EndGetI32(buf+cfsigninfo_CertOffset);
726 TRACE("cert_offset: %d\n", cert_offset);
727 cert_size = EndGetI32(buf+cfsigninfo_CertSize);
728 TRACE("cert_size: %d\n", cert_size);
729
730 /* The redundant checks are to avoid wraparound */
731 if (cert_offset > cabsize || cert_size > cabsize ||
732 cert_offset + cert_size > cabsize)
733 {
734 WARN("offset beyond file, not attempting to read\n");
735 return FALSE;
736 }
737
738 SetFilePointer(pSubjectInfo->hFile, base_offset, NULL, SEEK_SET);
739 if (!pbSignedDataMsg)
740 {
741 *pcbSignedDataMsg = cert_size;
742 return TRUE;
743 }
744 if (*pcbSignedDataMsg < cert_size)
745 {
746 *pcbSignedDataMsg = cert_size;
747 SetLastError(ERROR_INSUFFICIENT_BUFFER);
748 return FALSE;
749 }
750 if (SetFilePointer(pSubjectInfo->hFile, cert_offset, NULL, SEEK_SET) == INVALID_SET_FILE_POINTER)
751 {
752 ERR("couldn't seek to cert location\n");
753 return FALSE;
754 }
755 if (!ReadFile(pSubjectInfo->hFile, pbSignedDataMsg, cert_size, &dwRead,
756 NULL) || dwRead != cert_size)
757 {
758 ERR("couldn't read cert\n");
759 return FALSE;
760 }
761 /* The encoding of the files I've seen appears to be in ASN.1
762 * format, and there isn't a field indicating the type, so assume it
763 * always is.
764 */
765 *pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
766 return TRUE;
767 }
768
769 static BOOL WINTRUST_GetSignedMsgFromCatFile(SIP_SUBJECTINFO *pSubjectInfo,
770 DWORD *pdwEncodingType, DWORD dwIndex, DWORD *pcbSignedDataMsg,
771 BYTE *pbSignedDataMsg)
772 {
773 BOOL ret;
774
775 TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
776 pcbSignedDataMsg, pbSignedDataMsg);
777
778 if (!pbSignedDataMsg)
779 {
780 *pcbSignedDataMsg = GetFileSize(pSubjectInfo->hFile, NULL);
781 ret = TRUE;
782 }
783 else
784 {
785 DWORD len = GetFileSize(pSubjectInfo->hFile, NULL);
786
787 if (*pcbSignedDataMsg < len)
788 {
789 *pcbSignedDataMsg = len;
790 SetLastError(ERROR_INSUFFICIENT_BUFFER);
791 ret = FALSE;
792 }
793 else
794 {
795 ret = ReadFile(pSubjectInfo->hFile, pbSignedDataMsg, len,
796 pcbSignedDataMsg, NULL);
797 if (ret)
798 *pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
799 }
800 }
801 return ret;
802 }
803
804 /***********************************************************************
805 * CryptSIPGetSignedDataMsg (WINTRUST.@)
806 */
807 BOOL WINAPI CryptSIPGetSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo, DWORD* pdwEncodingType,
808 DWORD dwIndex, DWORD* pcbSignedDataMsg, BYTE* pbSignedDataMsg)
809 {
810 static const GUID unknown = { 0xC689AAB8, 0x8E78, 0x11D0, { 0x8C,0x47,
811 0x00,0xC0,0x4F,0xC2,0x95,0xEE } };
812 static const GUID cabGUID = { 0xC689AABA, 0x8E78, 0x11D0, { 0x8C,0x47,
813 0x00,0xC0,0x4F,0xC2,0x95,0xEE } };
814 static const GUID catGUID = { 0xDE351A43, 0x8E59, 0x11D0, { 0x8C,0x47,
815 0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
816 BOOL ret;
817
818 TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
819 pcbSignedDataMsg, pbSignedDataMsg);
820
821 if (!memcmp(pSubjectInfo->pgSubjectType, &unknown, sizeof(unknown)))
822 ret = WINTRUST_GetSignedMsgFromPEFile(pSubjectInfo, pdwEncodingType,
823 dwIndex, pcbSignedDataMsg, pbSignedDataMsg);
824 else if (!memcmp(pSubjectInfo->pgSubjectType, &cabGUID, sizeof(cabGUID)))
825 ret = WINTRUST_GetSignedMsgFromCabFile(pSubjectInfo, pdwEncodingType,
826 dwIndex, pcbSignedDataMsg, pbSignedDataMsg);
827 else if (!memcmp(pSubjectInfo->pgSubjectType, &catGUID, sizeof(catGUID)))
828 ret = WINTRUST_GetSignedMsgFromCatFile(pSubjectInfo, pdwEncodingType,
829 dwIndex, pcbSignedDataMsg, pbSignedDataMsg);
830 else
831 {
832 FIXME("unimplemented for subject type %s\n",
833 debugstr_guid(pSubjectInfo->pgSubjectType));
834 ret = FALSE;
835 }
836
837 TRACE("returning %d\n", ret);
838 return ret;
839 }
840
841 /***********************************************************************
842 * CryptSIPPutSignedDataMsg (WINTRUST.@)
843 */
844 BOOL WINAPI CryptSIPPutSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo, DWORD pdwEncodingType,
845 DWORD* pdwIndex, DWORD cbSignedDataMsg, BYTE* pbSignedDataMsg)
846 {
847 FIXME("(%p %d %p %d %p) stub\n", pSubjectInfo, pdwEncodingType, pdwIndex,
848 cbSignedDataMsg, pbSignedDataMsg);
849
850 return FALSE;
851 }
852
853 /***********************************************************************
854 * CryptSIPRemoveSignedDataMsg (WINTRUST.@)
855 */
856 BOOL WINAPI CryptSIPRemoveSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo,
857 DWORD dwIndex)
858 {
859 FIXME("(%p %d) stub\n", pSubjectInfo, dwIndex);
860
861 return FALSE;
862 }
863
864 /***********************************************************************
865 * CryptSIPVerifyIndirectData (WINTRUST.@)
866 */
867 BOOL WINAPI CryptSIPVerifyIndirectData(SIP_SUBJECTINFO* pSubjectInfo,
868 SIP_INDIRECT_DATA* pIndirectData)
869 {
870 FIXME("(%p %p) stub\n", pSubjectInfo, pIndirectData);
871
872 return FALSE;
873 }