| blob | 49b8ce06175b64041ad67d1ee301901146b4ac19 |
1 /*
2 * Register related wintrust functions
3 *
4 * Copyright 2006 Paul Vriens
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
21 #include <stdarg.h>
73 static const WCHAR Initialization[] = {'I','n','i','t','i','a','l','i','z','a','t','i','o','n','\\', 0};
79 static const WCHAR DiagnosticPolicy[] = {'D','i','a','g','n','o','s','t','i','c','P','o','l','i','c','y','\\', 0};
85 /***********************************************************************
86 * WINTRUST_InitRegStructs
87 *
88 * Helper function to allocate and initialize the members of the
89 * CRYPT_TRUST_REG_ENTRY structs.
90 */
92 {
93 #define WINTRUST_INITREGENTRY( action, dllname, functionname ) \
94 action.cbStruct = sizeof(CRYPT_TRUST_REG_ENTRY); \
95 action.pwszDLLName = wcsdup(dllname); \
96 action.pwszFunctionName = wcsdup(functionname);
101 WINTRUST_INITREGENTRY(SoftpubCertificate, SP_POLICY_PROVIDER_DLL_NAME, WT_PROVIDER_CERTTRUST_FUNCTION)
105 WINTRUST_INITREGENTRY(SoftpubDefCertInit, SP_POLICY_PROVIDER_DLL_NAME, SP_GENERIC_CERT_INIT_FUNCTION)
106 WINTRUST_INITREGENTRY(SoftpubDumpStructure, SP_POLICY_PROVIDER_DLL_NAME, SP_TESTDUMPPOLICY_FUNCTION_TEST)
107 WINTRUST_INITREGENTRY(HTTPSCertificateTrust, SP_POLICY_PROVIDER_DLL_NAME, HTTPS_CERTTRUST_FUNCTION)
109 WINTRUST_INITREGENTRY(OfficeInitializePolicy, OFFICE_POLICY_PROVIDER_DLL_NAME, OFFICE_INITPROV_FUNCTION)
110 WINTRUST_INITREGENTRY(OfficeCleanupPolicy, OFFICE_POLICY_PROVIDER_DLL_NAME, OFFICE_CLEANUPPOLICY_FUNCTION)
111 WINTRUST_INITREGENTRY(DriverInitializePolicy, SP_POLICY_PROVIDER_DLL_NAME, DRIVER_INITPROV_FUNCTION)
112 WINTRUST_INITREGENTRY(DriverFinalPolicy, SP_POLICY_PROVIDER_DLL_NAME, DRIVER_FINALPOLPROV_FUNCTION)
113 WINTRUST_INITREGENTRY(DriverCleanupPolicy, SP_POLICY_PROVIDER_DLL_NAME, DRIVER_CLEANUPPOLICY_FUNCTION)
114 WINTRUST_INITREGENTRY(GenericChainCertificateTrust, SP_POLICY_PROVIDER_DLL_NAME, GENERIC_CHAIN_CERTTRUST_FUNCTION)
115 WINTRUST_INITREGENTRY(GenericChainFinalProv, SP_POLICY_PROVIDER_DLL_NAME, GENERIC_CHAIN_FINALPOLICY_FUNCTION)
117 #undef WINTRUST_INITREGENTRY
118 }
120 /***********************************************************************
121 * WINTRUST_FreeRegStructs
122 *
123 * Helper function to free 2 members of the CRYPT_TRUST_REG_ENTRY
124 * structs.
125 */
127 {
128 #define WINTRUST_FREEREGENTRY( action ) \
129 free(action.pwszDLLName); \
130 free(action.pwszFunctionName);
151 #undef WINTRUST_FREEREGENTRY
152 }
154 /***********************************************************************
155 * WINTRUST_guid2wstr
156 *
157 * Create a wide-string from a GUID
158 *
159 */
161 {
162 static const WCHAR wszFormat[] = {'{','%','0','8','l','X','-','%','0','4','X','-','%','0','4','X','-',
163 '%','0','2','X','%','0','2','X','-','%','0','2','X','%','0','2','X','%','0','2','X','%','0','2',
169 }
171 /***********************************************************************
172 * WINTRUST_WriteProviderToReg
173 *
174 * Helper function for WintrustAddActionID
175 *
176 */
179 CRYPT_TRUST_REG_ENTRY RegEntry)
180 {
183 HKEY Key;
186 /* Create the needed key string */
198 /* Create the $DLL entry */
203 /* Create the $Function entry */
207 error_close_key:
211 }
213 /***********************************************************************
214 * WintrustAddActionID (WINTRUST.@)
215 *
216 * Add the definitions of the actions a Trust provider can perform to
217 * the registry.
218 *
219 * PARAMS
220 * pgActionID [I] Pointer to a GUID for the Trust provider.
221 * fdwFlags [I] Flag to indicate whether registry errors are passed on.
222 * psProvInfo [I] Pointer to a structure with information about DLL
223 * name and functions.
224 *
225 * RETURNS
226 * Success: TRUE.
227 * Failure: FALSE. (Use GetLastError() for more information)
228 *
229 * NOTES
230 * Adding definitions is basically only adding relevant information
231 * to the registry. No verification takes place whether a DLL or its
232 * entrypoints exist.
233 * Information in the registry will always be overwritten.
234 *
235 */
238 {
240 LONG Res;
245 /* Some sanity checks.
246 * We use the W2K3 last error as it makes more sense (W2K leaves the last error
247 * as is).
248 */
252 {
255 }
257 /* Create this string only once, instead of in the helper function */
260 /* Write the information to the registry */
269 Res = WINTRUST_WriteProviderToReg(GuidString, CertCheck , psProvInfo->sCertificatePolicyProvider);
273 Res = WINTRUST_WriteProviderToReg(GuidString, DiagnosticPolicy, psProvInfo->sTestPolicyProvider);
278 /* Testing (by restricting access to the registry for some keys) shows that the last failing function
279 * will be used for last error.
280 * If the flag WT_ADD_ACTION_ID_RET_RESULT_FLAG is set and there are errors when adding the action
281 * we have to return FALSE. Errors includes both invalid entries as well as registry errors.
282 * Testing also showed that one error doesn't stop the registry writes. Every action will be dealt with.
283 */
286 {
291 }
294 }
296 /***********************************************************************
297 * WINTRUST_RemoveProviderFromReg
298 *
299 * Helper function for WintrustRemoveActionID
300 *
301 */
304 {
307 /* Create the needed key string */
313 /* We don't care about success or failure */
315 }
317 /***********************************************************************
318 * WintrustRemoveActionID (WINTRUST.@)
319 *
320 * Remove the definitions of the actions a Trust provider can perform
321 * from the registry.
322 *
323 * PARAMS
324 * pgActionID [I] Pointer to a GUID for the Trust provider.
325 *
326 * RETURNS
327 * Success: TRUE. (Use GetLastError() for more information)
328 * Failure: FALSE. (Use GetLastError() for more information)
329 *
330 * NOTES
331 * Testing shows that WintrustRemoveActionID always returns TRUE and
332 * that a possible error should be retrieved via GetLastError().
333 * There are no checks if the definitions are in the registry.
334 */
336 {
342 {
345 }
347 /* Create this string only once, instead of in the helper function */
350 /* We don't care about success or failure */
361 }
363 /***********************************************************************
364 * WINTRUST_WriteSingleUsageEntry
365 *
366 * Helper for WintrustAddDefaultForUsage, writes a single value and its
367 * data to:
368 *
369 * HKLM\Software\Microsoft\Cryptography\Trust\Usages\<OID>
370 */
374 {
377 HKEY Key;
380 DWORD Len;
382 /* Turn OID into a wide-character string */
387 /* Allocate the needed space for UsageKey */
389 /* Create the key string */
396 {
397 /* Create the Value entry */
400 }
407 }
409 /***************************************************************************
410 * WINTRUST_RegisterGenVerifyV2
411 *
412 * Register WINTRUST_ACTION_GENERIC_VERIFY_V2 actions and usages.
413 *
414 * NOTES
415 * WINTRUST_ACTION_GENERIC_VERIFY_V2 ({00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
416 * is defined in softpub.h
417 */
419 {
422 CRYPT_REGISTER_ACTIONID ProvInfo;
446 }
448 /***************************************************************************
449 * WINTRUST_RegisterPublishedSoftware
450 *
451 * Register WIN_SPUB_ACTION_PUBLISHED_SOFTWARE actions and usages.
452 *
453 * NOTES
454 * WIN_SPUB_ACTION_PUBLISHED_SOFTWARE ({64B9D180-8DA2-11CF-8736-00AA00A485EB})
455 * is defined in wintrust.h
456 */
458 {
460 CRYPT_REGISTER_ACTIONID ProvInfo;
476 }
478 #define WIN_SPUB_ACTION_PUBLISHED_SOFTWARE_NOBADUI { 0xc6b2e8d0, 0xe005, 0x11cf, { 0xa1,0x34,0x00,0xc0,0x4f,0xd7,0xbf,0x43 }}
480 /***************************************************************************
481 * WINTRUST_RegisterPublishedSoftwareNoBadUi
482 *
483 * Register WIN_SPUB_ACTION_PUBLISHED_SOFTWARE_NOBADUI actions and usages.
484 *
485 * NOTES
486 * WIN_SPUB_ACTION_PUBLISHED_SOFTWARE_NOBADUI ({C6B2E8D0-E005-11CF-A134-00C04FD7BF43})
487 * is not defined in any include file. (FIXME: Find out if the name is correct).
488 */
490 {
492 CRYPT_REGISTER_ACTIONID ProvInfo;
508 }
510 /***************************************************************************
511 * WINTRUST_RegisterGenCertVerify
512 *
513 * Register WINTRUST_ACTION_GENERIC_CERT_VERIFY actions and usages.
514 *
515 * NOTES
516 * WINTRUST_ACTION_GENERIC_CERT_VERIFY ({189A3842-3041-11D1-85E1-00C04FC295EE})
517 * is defined in softpub.h
518 */
520 {
522 CRYPT_REGISTER_ACTIONID ProvInfo;
538 }
540 /***************************************************************************
541 * WINTRUST_RegisterTrustProviderTest
542 *
543 * Register WINTRUST_ACTION_TRUSTPROVIDER_TEST actions and usages.
544 *
545 * NOTES
546 * WINTRUST_ACTION_TRUSTPROVIDER_TEST ({573E31F8-DDBA-11D0-8CCB-00C04FC295EE})
547 * is defined in softpub.h
548 */
550 {
552 CRYPT_REGISTER_ACTIONID ProvInfo;
568 }
570 /***************************************************************************
571 * WINTRUST_RegisterHttpsProv
572 *
573 * Register HTTPSPROV_ACTION actions and usages.
574 *
575 * NOTES
576 * HTTPSPROV_ACTION ({573E31F8-AABA-11D0-8CCB-00C04FC295EE})
577 * is defined in softpub.h
578 */
580 {
585 CRYPT_REGISTER_ACTIONID ProvInfo;
589 SoftpubLoadUsage,
590 SoftpubFreeUsage };
619 }
621 /***************************************************************************
622 * WINTRUST_RegisterOfficeSignVerify
623 *
624 * Register OFFICESIGN_ACTION_VERIFY actions and usages.
625 *
626 * NOTES
627 * OFFICESIGN_ACTION_VERIFY ({5555C2CD-17FB-11D1-85C4-00C04FC295EE})
628 * is defined in softpub.h
629 */
631 {
633 CRYPT_REGISTER_ACTIONID ProvInfo;
650 }
652 /***************************************************************************
653 * WINTRUST_RegisterDriverVerify
654 *
655 * Register DRIVER_ACTION_VERIFY actions and usages.
656 *
657 * NOTES
658 * DRIVER_ACTION_VERIFY ({F750E6C3-38EE-11D1-85E5-00C04FC295EE})
659 * is defined in softpub.h
660 */
662 {
664 CRYPT_REGISTER_ACTIONID ProvInfo;
681 }
683 /***************************************************************************
684 * WINTRUST_RegisterGenChainVerify
685 *
686 * Register WINTRUST_ACTION_GENERIC_CHAIN_VERIFY actions and usages.
687 *
688 * NOTES
689 * WINTRUST_ACTION_GENERIC_CHAIN_VERIFY ({FC451C16-AC75-11D1-B4B8-00C04FB66EA0})
690 * is defined in softpub.h
691 */
693 {
695 CRYPT_REGISTER_ACTIONID ProvInfo;
711 }
713 /***********************************************************************
714 * WintrustAddDefaultForUsage (WINTRUST.@)
715 *
716 * Write OID and callback functions to the registry.
717 *
718 * PARAMS
719 * pszUsageOID [I] Pointer to a GUID.
720 * psDefUsage [I] Pointer to a structure that specifies the callback functions.
721 *
722 * RETURNS
723 * Success: TRUE.
724 * Failure: FALSE.
725 *
726 * NOTES
727 * WintrustAddDefaultForUsage will only return TRUE or FALSE, no last
728 * error is set, not even when the registry cannot be written to.
729 */
732 {
733 static const WCHAR CBAlloc[] = {'C','a','l','l','b','a','c','k','A','l','l','o','c','F','u','n','c','t','i','o','n', 0};
734 static const WCHAR CBFree[] = {'C','a','l','l','b','a','c','k','F','r','e','e','F','u','n','c','t','i','o','n', 0};
737 DWORD Len;
742 /* Some sanity checks. */
747 {
750 }
753 {
756 }
758 {
761 Len = MultiByteToWideChar( CP_ACP, 0, psDefUsage->pwszLoadCallbackDataFunctionName, -1, NULL, 0 );
763 MultiByteToWideChar( CP_ACP, 0, psDefUsage->pwszLoadCallbackDataFunctionName, -1, CallbackW, Len );
769 }
771 {
774 Len = MultiByteToWideChar( CP_ACP, 0, psDefUsage->pwszFreeCallbackDataFunctionName, -1, NULL, 0 );
776 MultiByteToWideChar( CP_ACP, 0, psDefUsage->pwszFreeCallbackDataFunctionName, -1, CallbackW, Len );
782 }
792 }
795 {
798 HKEY Key;
800 DWORD Size;
801 HMODULE Lib;
804 /* Create the needed key string */
813 /* Read the $DLL entry */
818 /* Read the $Function entry */
823 /* Load the library - there appears to be no way to close a provider, so
824 * just leak the module handle.
825 */
829 error_close_key:
833 }
837 {
841 };
844 static struct provider_cache_entry
845 {
846 GUID guid;
847 CRYPT_PROVIDER_FUNCTIONS provider_functions;
848 }
853 {
855 }
858 {
860 }
862 /***********************************************************************
863 * WintrustLoadFunctionPointers (WINTRUST.@)
864 */
867 {
876 {
879 }
884 {
886 {
891 }
892 }
896 /* Create this string only once, instead of in the helper function */
899 /* Get the function pointers from the registry, where applicable */
907 pPfns->pfnInitialize = (PFN_PROVIDER_INIT_CALL)WINTRUST_ReadProviderFromReg(GuidString, Initialization);
908 pPfns->pfnObjectTrust = (PFN_PROVIDER_OBJTRUST_CALL)WINTRUST_ReadProviderFromReg(GuidString, Message);
909 pPfns->pfnSignatureTrust = (PFN_PROVIDER_SIGTRUST_CALL)WINTRUST_ReadProviderFromReg(GuidString, Signature);
910 pPfns->pfnCertificateTrust = (PFN_PROVIDER_CERTTRUST_CALL)WINTRUST_ReadProviderFromReg(GuidString, Certificate);
911 pPfns->pfnCertCheckPolicy = (PFN_PROVIDER_CERTCHKPOLICY_CALL)WINTRUST_ReadProviderFromReg(GuidString, CertCheck);
912 pPfns->pfnFinalPolicy = (PFN_PROVIDER_FINALPOLICY_CALL)WINTRUST_ReadProviderFromReg(GuidString, FinalPolicy);
913 pPfns->pfnTestFinalPolicy = (PFN_PROVIDER_TESTFINALPOLICY_CALL)WINTRUST_ReadProviderFromReg(GuidString, DiagnosticPolicy);
914 pPfns->pfnCleanupPolicy = (PFN_PROVIDER_CLEANUP_CALL)WINTRUST_ReadProviderFromReg(GuidString, Cleanup);
921 {
926 {
931 }
932 }
936 }
938 /***********************************************************************
939 * WINTRUST_SIPPAddProvider
940 *
941 * Helper for DllRegisterServer.
942 */
944 {
946 {'C','r','y','p','t','S','I','P','G','e','t','S','i','g','n','e','d','D','a','t','a','M','s','g', 0};
948 {'C','r','y','p','t','S','I','P','P','u','t','S','i','g','n','e','d','D','a','t','a','M','s','g', 0};
950 {'C','r','y','p','t','S','I','P','C','r','e','a','t','e','I','n','d','i','r','e','c','t','D','a','t','a', 0};
952 {'C','r','y','p','t','S','I','P','V','e','r','i','f','y','I','n','d','i','r','e','c','t','D','a','t','a', 0};
954 {'C','r','y','p','t','S','I','P','R','e','m','o','v','e','S','i','g','n','e','d','D','a','t','a','M','s','g', 0};
955 SIP_ADD_NEWPROVIDER NewProv;
956 BOOL Ret;
958 /* Clear and initialize the structure */
962 /* Fill the structure */
979 }
981 /***********************************************************************
982 * DllRegisterServer (WINTRUST.@)
983 */
985 {
1008 static GUID Unknown1 = { 0xDE351A42, 0x8E59, 0x11D0, { 0x8C,0x47,0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
1009 static GUID Unknown2 = { 0xC689AABA, 0x8E78, 0x11D0, { 0x8C,0x47,0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
1010 static GUID Unknown3 = { 0xC689AAB8, 0x8E78, 0x11D0, { 0x8C,0x47,0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
1011 static GUID Unknown4 = { 0xC689AAB9, 0x8E78, 0x11D0, { 0x8C,0x47,0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
1012 static GUID Unknown5 = { 0xDE351A43, 0x8E59, 0x11D0, { 0x8C,0x47,0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
1013 static GUID Unknown6 = { 0x9BA61D3F, 0xE73A, 0x11D0, { 0x8C,0xD2,0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
1021 HCRYPTPROV crypt_provider;
1022 BOOL ret;
1026 /* Testing on native shows that when an error is encountered in one of the CryptRegisterOIDFunction calls
1027 * the rest of these calls are skipped. Registering is however continued for the trust providers.
1028 *
1029 * We are not totally in line with native as all decoding functions are registered after all encoding
1030 * functions there.
1031 */
1032 #define WINTRUST_REGISTEROID( oid, encode_funcname, decode_funcname ) \
1033 do { \
1034 if (!CryptRegisterOIDFunction(X509_ASN_ENCODING, CRYPT_OID_ENCODE_OBJECT_FUNC, oid, SP_POLICY_PROVIDER_DLL_NAME, encode_funcname)) \
1035 { \
1036 CryptRegisterRes = HRESULT_FROM_WIN32(GetLastError()); \
1037 goto add_trust_providers; \
1038 } \
1039 if (!CryptRegisterOIDFunction(X509_ASN_ENCODING, CRYPT_OID_DECODE_OBJECT_FUNC, oid, SP_POLICY_PROVIDER_DLL_NAME, decode_funcname)) \
1040 { \
1041 CryptRegisterRes = HRESULT_FROM_WIN32(GetLastError()); \
1042 goto add_trust_providers; \
1043 } \
1044 } while (0)
1056 WINTRUST_REGISTEROID(SPC_INDIRECT_DATA_OBJID, SpcIndirectDataContentEncode, SpcIndirectDataContentDecode);
1057 WINTRUST_REGISTEROID(SPC_INDIRECT_DATA_CONTENT_STRUCT, SpcIndirectDataContentEncode, SpcIndirectDataContentDecode);
1060 WINTRUST_REGISTEROID(SPC_MINIMAL_CRITERIA_OBJID, SpcMinimalCriteriaInfoEncode, SpcMinimalCriteriaInfoDecode);
1061 WINTRUST_REGISTEROID(SPC_MINIMAL_CRITERIA_STRUCT, SpcMinimalCriteriaInfoEncode, SpcMinimalCriteriaInfoDecode);
1062 WINTRUST_REGISTEROID(SPC_FINANCIAL_CRITERIA_OBJID, SpcFinancialCriteriaInfoEncode, SpcFinancialCriteriaInfoDecode);
1063 WINTRUST_REGISTEROID(SPC_FINANCIAL_CRITERIA_STRUCT, SpcFinancialCriteriaInfoEncode, SpcFinancialCriteriaInfoDecode);
1064 WINTRUST_REGISTEROID(SPC_STATEMENT_TYPE_OBJID, SpcStatementTypeEncode, SpcStatementTypeDecode);
1065 WINTRUST_REGISTEROID(SPC_STATEMENT_TYPE_STRUCT, SpcStatementTypeEncode, SpcStatementTypeDecode);
1073 #undef WINTRUST_REGISTEROID
1075 add_trust_providers:
1077 /* Testing on W2K3 shows:
1078 * All registry writes are tried. If one fails this part will return S_FALSE.
1079 *
1080 * Last error is set to the last error encountered, regardless if the first
1081 * part failed or not.
1082 */
1084 /* Create the necessary action registry structures */
1087 /* Register several Trust Provider actions */
1107 /* Free the registry structures */
1110 /* Testing on W2K3 shows:
1111 * All registry writes are tried. If one fails this part will return S_FALSE.
1112 *
1113 * Last error is set to the last error encountered, regardless if the previous
1114 * parts failed or not.
1115 */
1130 /* Native does a CryptSIPRemoveProvider here for {941C2937-1292-11D1-85BE-00C04FC295EE}.
1131 * This SIP Provider is however not found on up-to-date window install and native will
1132 * set the last error to ERROR_FILE_NOT_FOUND.
1133 * Wine has the last error set to ERROR_INVALID_PARAMETER. There shouldn't be an app
1134 * depending on this last error though so there is no need to imitate native to the full extent.
1135 *
1136 * (The ERROR_INVALID_PARAMETER for Wine it totally valid as we (and native) do register
1137 * a trust provider without a diagnostic policy).
1138 */
1140 /* Create a dummy context to force creation of the MachineGuid registry key. */
1145 /* If CryptRegisterRes is not S_OK it will always overrule the return value. */
1150 else
1152 }
1154 /***********************************************************************
1155 * DllUnregisterServer (WINTRUST.@)
1156 */
1158 {
1161 }
1163 /***********************************************************************
1164 * SoftpubDllRegisterServer (WINTRUST.@)
1165 *
1166 * Registers softpub.dll
1167 *
1168 * PARAMS
1169 *
1170 * RETURNS
1171 * Success: S_OK.
1172 * Failure: S_FALSE. (See also GetLastError()).
1173 *
1174 * NOTES
1175 * DllRegisterServer in softpub.dll will call this function.
1176 * See comments in DllRegisterServer.
1177 */
1179 {
1184 /* Create the necessary action registry structures */
1187 /* Register several Trust Provider actions */
1207 /* Free the registry structures */
1211 }
1213 /***********************************************************************
1214 * SoftpubDllUnregisterServer (WINTRUST.@)
1215 */
1217 {
1220 }
1222 /***********************************************************************
1223 * mscat32DllRegisterServer (WINTRUST.@)
1224 */
1226 {
1229 }
1231 /***********************************************************************
1232 * mscat32DllUnregisterServer (WINTRUST.@)
1233 */
1235 {
1238 }
1240 /***********************************************************************
1241 * mssip32DllRegisterServer (WINTRUST.@)
1242 */
1244 {
1247 }
1249 /***********************************************************************
1250 * mssip32DllUnregisterServer (WINTRUST.@)
1251 */
1253 {
1256 }