2 * Copyright 2007 Juan Lang
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
24 #include "wine/debug.h"
26 WINE_DEFAULT_DEBUG_CHANNEL(crypt
);
28 HCERTSTORE WINAPI
CryptGetMessageCertificates(DWORD dwMsgAndCertEncodingType
,
29 HCRYPTPROV_LEGACY hCryptProv
, DWORD dwFlags
, const BYTE
* pbSignedBlob
,
32 CRYPT_DATA_BLOB blob
= { cbSignedBlob
, (LPBYTE
)pbSignedBlob
};
34 TRACE("(%08lx, %Id, %ld08x %p, %ld)\n", dwMsgAndCertEncodingType
, hCryptProv
,
35 dwFlags
, pbSignedBlob
, cbSignedBlob
);
37 return CertOpenStore(CERT_STORE_PROV_PKCS7
, dwMsgAndCertEncodingType
,
38 hCryptProv
, dwFlags
, &blob
);
41 LONG WINAPI
CryptGetMessageSignerCount(DWORD dwMsgEncodingType
,
42 const BYTE
*pbSignedBlob
, DWORD cbSignedBlob
)
47 TRACE("(%08lx, %p, %ld)\n", dwMsgEncodingType
, pbSignedBlob
, cbSignedBlob
);
49 msg
= CryptMsgOpenToDecode(dwMsgEncodingType
, 0, 0, 0, NULL
, NULL
);
52 if (CryptMsgUpdate(msg
, pbSignedBlob
, cbSignedBlob
, TRUE
))
54 DWORD size
= sizeof(count
);
56 CryptMsgGetParam(msg
, CMSG_SIGNER_COUNT_PARAM
, 0, &count
, &size
);
63 static CERT_INFO
*CRYPT_GetSignerCertInfoFromMsg(HCRYPTMSG msg
,
66 CERT_INFO
*certInfo
= NULL
;
69 if (CryptMsgGetParam(msg
, CMSG_SIGNER_CERT_INFO_PARAM
, dwSignerIndex
, NULL
,
72 certInfo
= CryptMemAlloc(size
);
75 if (!CryptMsgGetParam(msg
, CMSG_SIGNER_CERT_INFO_PARAM
,
76 dwSignerIndex
, certInfo
, &size
))
78 CryptMemFree(certInfo
);
84 SetLastError(CRYPT_E_UNEXPECTED_MSG_TYPE
);
88 static PCCERT_CONTEXT WINAPI
CRYPT_DefaultGetSignerCertificate(void *pvGetArg
,
89 DWORD dwCertEncodingType
, PCERT_INFO pSignerId
, HCERTSTORE hMsgCertStore
)
91 return CertFindCertificateInStore(hMsgCertStore
, dwCertEncodingType
, 0,
92 CERT_FIND_SUBJECT_CERT
, pSignerId
, NULL
);
95 static inline PCCERT_CONTEXT
CRYPT_GetSignerCertificate(HCRYPTMSG msg
,
96 PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara
, PCERT_INFO certInfo
, HCERTSTORE store
)
98 PFN_CRYPT_GET_SIGNER_CERTIFICATE getCert
;
100 if (pVerifyPara
->pfnGetSignerCertificate
)
101 getCert
= pVerifyPara
->pfnGetSignerCertificate
;
103 getCert
= CRYPT_DefaultGetSignerCertificate
;
104 return getCert(pVerifyPara
->pvGetArg
,
105 pVerifyPara
->dwMsgAndCertEncodingType
, certInfo
, store
);
108 BOOL WINAPI
CryptVerifyDetachedMessageSignature(
109 PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara
, DWORD dwSignerIndex
,
110 const BYTE
*pbDetachedSignBlob
, DWORD cbDetachedSignBlob
, DWORD cToBeSigned
,
111 const BYTE
*rgpbToBeSigned
[], DWORD rgcbToBeSigned
[],
112 PCCERT_CONTEXT
*ppSignerCert
)
117 TRACE("(%p, %ld, %p, %ld, %ld, %p, %p, %p)\n", pVerifyPara
, dwSignerIndex
,
118 pbDetachedSignBlob
, cbDetachedSignBlob
, cToBeSigned
, rgpbToBeSigned
,
119 rgcbToBeSigned
, ppSignerCert
);
122 *ppSignerCert
= NULL
;
124 pVerifyPara
->cbSize
!= sizeof(CRYPT_VERIFY_MESSAGE_PARA
) ||
125 GET_CMSG_ENCODING_TYPE(pVerifyPara
->dwMsgAndCertEncodingType
) !=
128 SetLastError(E_INVALIDARG
);
132 msg
= CryptMsgOpenToDecode(pVerifyPara
->dwMsgAndCertEncodingType
,
133 CMSG_DETACHED_FLAG
, 0, pVerifyPara
->hCryptProv
, NULL
, NULL
);
136 ret
= CryptMsgUpdate(msg
, pbDetachedSignBlob
, cbDetachedSignBlob
, TRUE
);
141 for (i
= 0; ret
&& i
< cToBeSigned
; i
++)
142 ret
= CryptMsgUpdate(msg
, rgpbToBeSigned
[i
], rgcbToBeSigned
[i
],
143 i
== cToBeSigned
- 1);
147 CERT_INFO
*certInfo
= CRYPT_GetSignerCertInfoFromMsg(msg
,
153 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_MSG
,
154 pVerifyPara
->dwMsgAndCertEncodingType
,
155 pVerifyPara
->hCryptProv
, 0, msg
);
159 PCCERT_CONTEXT cert
= CRYPT_GetSignerCertificate(
160 msg
, pVerifyPara
, certInfo
, store
);
164 ret
= CryptMsgControl(msg
, 0,
165 CMSG_CTRL_VERIFY_SIGNATURE
, cert
->pCertInfo
);
166 if (ret
&& ppSignerCert
)
167 *ppSignerCert
= cert
;
169 CertFreeCertificateContext(cert
);
172 SetLastError(CRYPT_E_NOT_FOUND
);
173 CertCloseStore(store
, 0);
175 CryptMemFree(certInfo
);
180 TRACE("returning %d\n", ret
);
184 BOOL WINAPI
CryptVerifyMessageSignature(PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara
,
185 DWORD dwSignerIndex
, const BYTE
* pbSignedBlob
, DWORD cbSignedBlob
,
186 BYTE
* pbDecoded
, DWORD
* pcbDecoded
, PCCERT_CONTEXT
* ppSignerCert
)
191 TRACE("(%p, %ld, %p, %ld, %p, %p, %p)\n",
192 pVerifyPara
, dwSignerIndex
, pbSignedBlob
, cbSignedBlob
,
193 pbDecoded
, pcbDecoded
, ppSignerCert
);
196 *ppSignerCert
= NULL
;
198 pVerifyPara
->cbSize
!= sizeof(CRYPT_VERIFY_MESSAGE_PARA
) ||
199 GET_CMSG_ENCODING_TYPE(pVerifyPara
->dwMsgAndCertEncodingType
) !=
204 SetLastError(E_INVALIDARG
);
208 msg
= CryptMsgOpenToDecode(pVerifyPara
->dwMsgAndCertEncodingType
, 0, 0,
209 pVerifyPara
->hCryptProv
, NULL
, NULL
);
212 ret
= CryptMsgUpdate(msg
, pbSignedBlob
, cbSignedBlob
, TRUE
);
213 if (ret
&& pcbDecoded
)
214 ret
= CryptMsgGetParam(msg
, CMSG_CONTENT_PARAM
, 0, pbDecoded
,
218 CERT_INFO
*certInfo
= CRYPT_GetSignerCertInfoFromMsg(msg
,
224 HCERTSTORE store
= CertOpenStore(CERT_STORE_PROV_MSG
,
225 pVerifyPara
->dwMsgAndCertEncodingType
,
226 pVerifyPara
->hCryptProv
, 0, msg
);
230 PCCERT_CONTEXT cert
= CRYPT_GetSignerCertificate(
231 msg
, pVerifyPara
, certInfo
, store
);
235 ret
= CryptMsgControl(msg
, 0,
236 CMSG_CTRL_VERIFY_SIGNATURE
, cert
->pCertInfo
);
237 if (ret
&& ppSignerCert
)
238 *ppSignerCert
= cert
;
240 CertFreeCertificateContext(cert
);
242 CertCloseStore(store
, 0);
245 CryptMemFree(certInfo
);
249 if(!ret
&& pcbDecoded
)
251 TRACE("returning %d\n", ret
);
255 BOOL WINAPI
CryptHashMessage(PCRYPT_HASH_MESSAGE_PARA pHashPara
,
256 BOOL fDetachedHash
, DWORD cToBeHashed
, const BYTE
*rgpbToBeHashed
[],
257 DWORD rgcbToBeHashed
[], BYTE
*pbHashedBlob
, DWORD
*pcbHashedBlob
,
258 BYTE
*pbComputedHash
, DWORD
*pcbComputedHash
)
263 CMSG_HASHED_ENCODE_INFO info
;
265 TRACE("(%p, %d, %ld, %p, %p, %p, %p, %p, %p)\n", pHashPara
, fDetachedHash
,
266 cToBeHashed
, rgpbToBeHashed
, rgcbToBeHashed
, pbHashedBlob
, pcbHashedBlob
,
267 pbComputedHash
, pcbComputedHash
);
269 if (pHashPara
->cbSize
!= sizeof(CRYPT_HASH_MESSAGE_PARA
))
271 SetLastError(E_INVALIDARG
);
274 /* Native seems to ignore any encoding type other than the expected
275 * PKCS_7_ASN_ENCODING
277 if (GET_CMSG_ENCODING_TYPE(pHashPara
->dwMsgEncodingType
) !=
280 /* Native also seems to do nothing if the output parameter isn't given */
284 flags
= fDetachedHash
? CMSG_DETACHED_FLAG
: 0;
285 memset(&info
, 0, sizeof(info
));
286 info
.cbSize
= sizeof(info
);
287 info
.hCryptProv
= pHashPara
->hCryptProv
;
288 info
.HashAlgorithm
= pHashPara
->HashAlgorithm
;
289 info
.pvHashAuxInfo
= pHashPara
->pvHashAuxInfo
;
290 msg
= CryptMsgOpenToEncode(pHashPara
->dwMsgEncodingType
, flags
, CMSG_HASHED
,
294 for (i
= 0, ret
= TRUE
; ret
&& i
< cToBeHashed
; i
++)
295 ret
= CryptMsgUpdate(msg
, rgpbToBeHashed
[i
], rgcbToBeHashed
[i
], i
== cToBeHashed
- 1);
298 ret
= CryptMsgGetParam(msg
, CMSG_CONTENT_PARAM
, 0, pbHashedBlob
,
300 if (ret
&& pcbComputedHash
)
301 ret
= CryptMsgGetParam(msg
, CMSG_COMPUTED_HASH_PARAM
, 0,
302 pbComputedHash
, pcbComputedHash
);
309 BOOL WINAPI
CryptVerifyDetachedMessageHash(PCRYPT_HASH_MESSAGE_PARA pHashPara
,
310 BYTE
*pbDetachedHashBlob
, DWORD cbDetachedHashBlob
, DWORD cToBeHashed
,
311 const BYTE
*rgpbToBeHashed
[], DWORD rgcbToBeHashed
[], BYTE
*pbComputedHash
,
312 DWORD
*pcbComputedHash
)
317 TRACE("(%p, %p, %ld, %ld, %p, %p, %p, %p)\n", pHashPara
, pbDetachedHashBlob
,
318 cbDetachedHashBlob
, cToBeHashed
, rgpbToBeHashed
, rgcbToBeHashed
,
319 pbComputedHash
, pcbComputedHash
);
321 if (pHashPara
->cbSize
!= sizeof(CRYPT_HASH_MESSAGE_PARA
))
323 SetLastError(E_INVALIDARG
);
326 if (GET_CMSG_ENCODING_TYPE(pHashPara
->dwMsgEncodingType
) !=
329 SetLastError(E_INVALIDARG
);
332 msg
= CryptMsgOpenToDecode(pHashPara
->dwMsgEncodingType
, CMSG_DETACHED_FLAG
,
333 0, pHashPara
->hCryptProv
, NULL
, NULL
);
338 ret
= CryptMsgUpdate(msg
, pbDetachedHashBlob
, cbDetachedHashBlob
, TRUE
);
343 for (i
= 0; ret
&& i
< cToBeHashed
; i
++)
345 ret
= CryptMsgUpdate(msg
, rgpbToBeHashed
[i
],
346 rgcbToBeHashed
[i
], i
== cToBeHashed
- 1);
350 ret
= CryptMsgUpdate(msg
, NULL
, 0, TRUE
);
354 ret
= CryptMsgControl(msg
, 0, CMSG_CTRL_VERIFY_HASH
, NULL
);
355 if (ret
&& pcbComputedHash
)
356 ret
= CryptMsgGetParam(msg
, CMSG_COMPUTED_HASH_PARAM
, 0,
357 pbComputedHash
, pcbComputedHash
);
364 BOOL WINAPI
CryptVerifyMessageHash(PCRYPT_HASH_MESSAGE_PARA pHashPara
,
365 BYTE
*pbHashedBlob
, DWORD cbHashedBlob
, BYTE
*pbToBeHashed
,
366 DWORD
*pcbToBeHashed
, BYTE
*pbComputedHash
, DWORD
*pcbComputedHash
)
371 TRACE("(%p, %p, %ld, %p, %p, %p, %p)\n", pHashPara
, pbHashedBlob
,
372 cbHashedBlob
, pbToBeHashed
, pcbToBeHashed
, pbComputedHash
,
375 if (pHashPara
->cbSize
!= sizeof(CRYPT_HASH_MESSAGE_PARA
))
377 SetLastError(E_INVALIDARG
);
380 if (GET_CMSG_ENCODING_TYPE(pHashPara
->dwMsgEncodingType
) !=
383 SetLastError(E_INVALIDARG
);
386 msg
= CryptMsgOpenToDecode(pHashPara
->dwMsgEncodingType
, 0, 0,
387 pHashPara
->hCryptProv
, NULL
, NULL
);
390 ret
= CryptMsgUpdate(msg
, pbHashedBlob
, cbHashedBlob
, TRUE
);
393 ret
= CryptMsgControl(msg
, 0, CMSG_CTRL_VERIFY_HASH
, NULL
);
394 if (ret
&& pcbToBeHashed
)
395 ret
= CryptMsgGetParam(msg
, CMSG_CONTENT_PARAM
, 0,
396 pbToBeHashed
, pcbToBeHashed
);
397 if (ret
&& pcbComputedHash
)
398 ret
= CryptMsgGetParam(msg
, CMSG_COMPUTED_HASH_PARAM
, 0,
399 pbComputedHash
, pcbComputedHash
);
406 BOOL WINAPI
CryptSignMessage(PCRYPT_SIGN_MESSAGE_PARA pSignPara
,
407 BOOL fDetachedSignature
, DWORD cToBeSigned
, const BYTE
*rgpbToBeSigned
[],
408 DWORD rgcbToBeSigned
[], BYTE
*pbSignedBlob
, DWORD
*pcbSignedBlob
)
410 HCRYPTPROV hCryptProv
;
411 BOOL ret
, freeProv
= FALSE
;
413 PCERT_BLOB certBlob
= NULL
;
414 PCRL_BLOB crlBlob
= NULL
;
415 CMSG_SIGNED_ENCODE_INFO signInfo
;
416 CMSG_SIGNER_ENCODE_INFO signer
;
419 TRACE("(%p, %d, %ld, %p, %p, %p, %p)\n", pSignPara
, fDetachedSignature
,
420 cToBeSigned
, rgpbToBeSigned
, rgcbToBeSigned
, pbSignedBlob
, pcbSignedBlob
);
422 if (pSignPara
->cbSize
!= sizeof(CRYPT_SIGN_MESSAGE_PARA
) ||
423 GET_CMSG_ENCODING_TYPE(pSignPara
->dwMsgEncodingType
) !=
427 SetLastError(E_INVALIDARG
);
430 if (!pSignPara
->pSigningCert
)
433 ret
= CryptAcquireCertificatePrivateKey(pSignPara
->pSigningCert
,
434 CRYPT_ACQUIRE_CACHE_FLAG
, NULL
, &hCryptProv
, &keySpec
, &freeProv
);
438 memset(&signer
, 0, sizeof(signer
));
439 signer
.cbSize
= sizeof(signer
);
440 signer
.pCertInfo
= pSignPara
->pSigningCert
->pCertInfo
;
441 signer
.hCryptProv
= hCryptProv
;
442 signer
.dwKeySpec
= keySpec
;
443 signer
.HashAlgorithm
= pSignPara
->HashAlgorithm
;
444 signer
.pvHashAuxInfo
= pSignPara
->pvHashAuxInfo
;
445 signer
.cAuthAttr
= pSignPara
->cAuthAttr
;
446 signer
.rgAuthAttr
= pSignPara
->rgAuthAttr
;
447 signer
.cUnauthAttr
= pSignPara
->cUnauthAttr
;
448 signer
.rgUnauthAttr
= pSignPara
->rgUnauthAttr
;
450 memset(&signInfo
, 0, sizeof(signInfo
));
451 signInfo
.cbSize
= sizeof(signInfo
);
452 signInfo
.cSigners
= 1;
453 signInfo
.rgSigners
= &signer
;
455 if (pSignPara
->cMsgCert
)
457 certBlob
= CryptMemAlloc(sizeof(CERT_BLOB
) * pSignPara
->cMsgCert
);
460 for (i
= 0; i
< pSignPara
->cMsgCert
; ++i
)
462 certBlob
[i
].cbData
= pSignPara
->rgpMsgCert
[i
]->cbCertEncoded
;
463 certBlob
[i
].pbData
= pSignPara
->rgpMsgCert
[i
]->pbCertEncoded
;
465 signInfo
.cCertEncoded
= pSignPara
->cMsgCert
;
466 signInfo
.rgCertEncoded
= certBlob
;
471 if (pSignPara
->cMsgCrl
)
473 crlBlob
= CryptMemAlloc(sizeof(CRL_BLOB
) * pSignPara
->cMsgCrl
);
476 for (i
= 0; i
< pSignPara
->cMsgCrl
; ++i
)
478 crlBlob
[i
].cbData
= pSignPara
->rgpMsgCrl
[i
]->cbCrlEncoded
;
479 crlBlob
[i
].pbData
= pSignPara
->rgpMsgCrl
[i
]->pbCrlEncoded
;
481 signInfo
.cCrlEncoded
= pSignPara
->cMsgCrl
;
482 signInfo
.rgCrlEncoded
= crlBlob
;
487 if (pSignPara
->dwFlags
|| pSignPara
->dwInnerContentType
)
488 FIXME("unimplemented feature\n");
491 msg
= CryptMsgOpenToEncode(pSignPara
->dwMsgEncodingType
,
492 fDetachedSignature
? CMSG_DETACHED_FLAG
: 0, CMSG_SIGNED
, &signInfo
,
498 for (i
= 0; ret
&& i
< cToBeSigned
; ++i
)
500 ret
= CryptMsgUpdate(msg
, rgpbToBeSigned
[i
], rgcbToBeSigned
[i
],
501 i
== cToBeSigned
- 1);
505 ret
= CryptMsgUpdate(msg
, NULL
, 0, TRUE
);
507 ret
= CryptMsgGetParam(msg
, CMSG_CONTENT_PARAM
, 0, pbSignedBlob
,
514 CryptMemFree(crlBlob
);
515 CryptMemFree(certBlob
);
517 CryptReleaseContext(hCryptProv
, 0);
521 BOOL WINAPI
CryptEncryptMessage(PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara
,
522 DWORD cRecipientCert
, PCCERT_CONTEXT rgpRecipientCert
[],
523 const BYTE
*pbToBeEncrypted
, DWORD cbToBeEncrypted
, BYTE
*pbEncryptedBlob
,
524 DWORD
*pcbEncryptedBlob
)
528 PCERT_INFO
*certInfo
= NULL
;
529 CMSG_ENVELOPED_ENCODE_INFO envelopedInfo
;
532 TRACE("(%p, %ld, %p, %p, %ld, %p, %p)\n", pEncryptPara
, cRecipientCert
,
533 rgpRecipientCert
, pbToBeEncrypted
, cbToBeEncrypted
, pbEncryptedBlob
,
536 if (pEncryptPara
->cbSize
!= sizeof(CRYPT_ENCRYPT_MESSAGE_PARA
) ||
537 GET_CMSG_ENCODING_TYPE(pEncryptPara
->dwMsgEncodingType
) !=
540 *pcbEncryptedBlob
= 0;
541 SetLastError(E_INVALIDARG
);
545 memset(&envelopedInfo
, 0, sizeof(envelopedInfo
));
546 envelopedInfo
.cbSize
= sizeof(envelopedInfo
);
547 envelopedInfo
.hCryptProv
= pEncryptPara
->hCryptProv
;
548 envelopedInfo
.ContentEncryptionAlgorithm
=
549 pEncryptPara
->ContentEncryptionAlgorithm
;
550 envelopedInfo
.pvEncryptionAuxInfo
= pEncryptPara
->pvEncryptionAuxInfo
;
554 certInfo
= CryptMemAlloc(sizeof(PCERT_INFO
) * cRecipientCert
);
557 for (i
= 0; i
< cRecipientCert
; ++i
)
558 certInfo
[i
] = rgpRecipientCert
[i
]->pCertInfo
;
559 envelopedInfo
.cRecipients
= cRecipientCert
;
560 envelopedInfo
.rgpRecipientCert
= certInfo
;
567 msg
= CryptMsgOpenToEncode(pEncryptPara
->dwMsgEncodingType
, 0,
568 CMSG_ENVELOPED
, &envelopedInfo
, NULL
, NULL
);
571 ret
= CryptMsgUpdate(msg
, pbToBeEncrypted
, cbToBeEncrypted
, TRUE
);
573 ret
= CryptMsgGetParam(msg
, CMSG_CONTENT_PARAM
, 0, pbEncryptedBlob
,
580 CryptMemFree(certInfo
);
581 if (!ret
) *pcbEncryptedBlob
= 0;