2 * Copyright 2002 Mike McCormack for CodeWeavers
3 * Copyright 2005 Juan Lang
4 * Copyright 2006 Paul Vriens
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
32 #include "wine/debug.h"
33 #include "wine/list.h"
35 WINE_DEFAULT_DEBUG_CHANNEL(crypt
);
37 static const WCHAR szOID
[] = {
38 'S','o','f','t','w','a','r','e','\\',
39 'M','i','c','r','o','s','o','f','t','\\',
40 'C','r','y','p','t','o','g','r','a','p','h','y','\\',
42 'E','n','c','o','d','i','n','g','T','y','p','e',' ','0','\\',
43 'C','r','y','p','t','S','I','P','D','l','l', 0 };
45 static const WCHAR szPutSigned
[] = {
46 'P','u','t','S','i','g','n','e','d','D','a','t','a','M','s','g','\\',0};
47 static const WCHAR szGetSigned
[] = {
48 'G','e','t','S','i','g','n','e','d','D','a','t','a','M','s','g','\\',0};
49 static const WCHAR szRemoveSigned
[] = {
50 'R','e','m','o','v','e','S','i','g','n','e','d','D','a','t','a','M','s','g','\\',0};
51 static const WCHAR szCreate
[] = {
52 'C','r','e','a','t','e','I','n','d','i','r','e','c','t','D','a','t','a','\\',0};
53 static const WCHAR szVerify
[] = {
54 'V','e','r','i','f','y','I','n','d','i','r','e','c','t','D','a','t','a','\\',0};
55 static const WCHAR szIsMyFile
[] = {
56 'I','s','M','y','F','i','l','e','T','y','p','e','\\',0};
57 static const WCHAR szIsMyFile2
[] = {
58 'I','s','M','y','F','i','l','e','T','y','p','e','2','\\',0};
60 static const WCHAR szDllName
[] = { 'D','l','l',0 };
61 static const WCHAR szFuncName
[] = { 'F','u','n','c','N','a','m','e',0 };
63 /* convert a guid to a wide character string */
64 static void CRYPT_guid2wstr( const GUID
*guid
, LPWSTR wstr
)
68 sprintf(str
, "{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}",
69 guid
->Data1
, guid
->Data2
, guid
->Data3
,
70 guid
->Data4
[0], guid
->Data4
[1], guid
->Data4
[2], guid
->Data4
[3],
71 guid
->Data4
[4], guid
->Data4
[5], guid
->Data4
[6], guid
->Data4
[7] );
72 MultiByteToWideChar( CP_ACP
, 0, str
, -1, wstr
, 40 );
75 /***********************************************************************
76 * CRYPT_SIPDeleteFunction
78 * Helper function for CryptSIPRemoveProvider
80 static LONG
CRYPT_SIPDeleteFunction( const GUID
*guid
, LPCWSTR szKey
)
82 WCHAR szFullKey
[ 0x100 ];
83 LONG r
= ERROR_SUCCESS
;
85 /* max length of szFullKey depends on our code only, so we won't overrun */
86 lstrcpyW( szFullKey
, szOID
);
87 lstrcatW( szFullKey
, szKey
);
88 CRYPT_guid2wstr( guid
, &szFullKey
[ lstrlenW( szFullKey
) ] );
90 r
= RegDeleteKeyW(HKEY_LOCAL_MACHINE
, szFullKey
);
95 /***********************************************************************
96 * CryptSIPRemoveProvider (CRYPT32.@)
98 * Remove a SIP provider and its functions from the registry.
101 * pgProv [I] Pointer to a GUID for this SIP provider
105 * Failure: FALSE. (Look at GetLastError()).
108 * Registry errors are always reported via SetLastError(). Every registry
109 * deletion will be tried.
111 BOOL WINAPI
CryptSIPRemoveProvider(GUID
*pgProv
)
113 LONG r
= ERROR_SUCCESS
;
114 LONG remove_error
= ERROR_SUCCESS
;
116 TRACE("%s\n", debugstr_guid(pgProv
));
120 SetLastError(ERROR_INVALID_PARAMETER
);
125 #define CRYPT_SIPREMOVEPROV( key ) \
126 r = CRYPT_SIPDeleteFunction( pgProv, key); \
127 if (r != ERROR_SUCCESS) remove_error = r
129 CRYPT_SIPREMOVEPROV( szPutSigned
);
130 CRYPT_SIPREMOVEPROV( szGetSigned
);
131 CRYPT_SIPREMOVEPROV( szRemoveSigned
);
132 CRYPT_SIPREMOVEPROV( szCreate
);
133 CRYPT_SIPREMOVEPROV( szVerify
);
134 CRYPT_SIPREMOVEPROV( szIsMyFile
);
135 CRYPT_SIPREMOVEPROV( szIsMyFile2
);
137 #undef CRYPT_SIPREMOVEPROV
139 if (remove_error
!= ERROR_SUCCESS
)
141 SetLastError(remove_error
);
149 * Helper for CryptSIPAddProvider
151 * Add a registry key containing a dll name and function under
152 * "Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\<func>\\<guid>"
154 static LONG
CRYPT_SIPWriteFunction( const GUID
*guid
, LPCWSTR szKey
,
155 LPCWSTR szDll
, LPCWSTR szFunction
)
157 WCHAR szFullKey
[ 0x100 ];
158 LONG r
= ERROR_SUCCESS
;
162 return ERROR_SUCCESS
;
164 /* max length of szFullKey depends on our code only, so we won't overrun */
165 lstrcpyW( szFullKey
, szOID
);
166 lstrcatW( szFullKey
, szKey
);
167 CRYPT_guid2wstr( guid
, &szFullKey
[ lstrlenW( szFullKey
) ] );
169 TRACE("key is %s\n", debugstr_w( szFullKey
) );
171 r
= RegCreateKeyW( HKEY_LOCAL_MACHINE
, szFullKey
, &hKey
);
172 if( r
!= ERROR_SUCCESS
) goto error_close_key
;
174 /* write the values */
175 r
= RegSetValueExW( hKey
, szFuncName
, 0, REG_SZ
, (const BYTE
*) szFunction
,
176 ( lstrlenW( szFunction
) + 1 ) * sizeof (WCHAR
) );
177 if( r
!= ERROR_SUCCESS
) goto error_close_key
;
178 r
= RegSetValueExW( hKey
, szDllName
, 0, REG_SZ
, (const BYTE
*) szDll
,
179 ( lstrlenW( szDll
) + 1) * sizeof (WCHAR
) );
188 /***********************************************************************
189 * CryptSIPAddProvider (CRYPT32.@)
191 * Add a SIP provider and its functions to the registry.
194 * psNewProv [I] Pointer to a structure with information about
195 * the functions this SIP provider can perform.
199 * Failure: FALSE. (Look at GetLastError()).
202 * Registry errors are always reported via SetLastError(). If a
203 * registry error occurs the rest of the registry write operations
206 BOOL WINAPI
CryptSIPAddProvider(SIP_ADD_NEWPROVIDER
*psNewProv
)
208 LONG r
= ERROR_SUCCESS
;
210 TRACE("%p\n", psNewProv
);
213 psNewProv
->cbStruct
!= sizeof(SIP_ADD_NEWPROVIDER
) ||
214 !psNewProv
->pwszGetFuncName
||
215 !psNewProv
->pwszPutFuncName
||
216 !psNewProv
->pwszCreateFuncName
||
217 !psNewProv
->pwszVerifyFuncName
||
218 !psNewProv
->pwszRemoveFuncName
)
220 SetLastError(ERROR_INVALID_PARAMETER
);
224 TRACE("%s %s %s %s %s\n",
225 debugstr_guid( psNewProv
->pgSubject
),
226 debugstr_w( psNewProv
->pwszDLLFileName
),
227 debugstr_w( psNewProv
->pwszMagicNumber
),
228 debugstr_w( psNewProv
->pwszIsFunctionName
),
229 debugstr_w( psNewProv
->pwszIsFunctionNameFmt2
) );
231 #define CRYPT_SIPADDPROV( key, field ) \
232 r = CRYPT_SIPWriteFunction( psNewProv->pgSubject, key, \
233 psNewProv->pwszDLLFileName, psNewProv->field); \
234 if (r != ERROR_SUCCESS) goto end_function
236 CRYPT_SIPADDPROV( szPutSigned
, pwszPutFuncName
);
237 CRYPT_SIPADDPROV( szGetSigned
, pwszGetFuncName
);
238 CRYPT_SIPADDPROV( szRemoveSigned
, pwszRemoveFuncName
);
239 CRYPT_SIPADDPROV( szCreate
, pwszCreateFuncName
);
240 CRYPT_SIPADDPROV( szVerify
, pwszVerifyFuncName
);
241 CRYPT_SIPADDPROV( szIsMyFile
, pwszIsFunctionName
);
242 CRYPT_SIPADDPROV( szIsMyFile2
, pwszIsFunctionNameFmt2
);
244 #undef CRYPT_SIPADDPROV
248 if (r
!= ERROR_SUCCESS
)
257 /***********************************************************************
258 * CryptSIPRetrieveSubjectGuid (CRYPT32.@)
260 * Determine the right SIP GUID for the given file.
263 * FileName [I] Filename.
264 * hFileIn [I] Optional handle to the file.
265 * pgSubject [O] The SIP's GUID.
268 * Success: TRUE. pgSubject contains the SIP GUID.
269 * Failure: FALSE. (Look at GetLastError()).
272 * On failure pgSubject will contain a NULL GUID.
273 * The handle is always preferred above the filename.
275 BOOL WINAPI CryptSIPRetrieveSubjectGuid
276 (LPCWSTR FileName
, HANDLE hFileIn
, GUID
*pgSubject
)
283 IMAGE_DOS_HEADER
*dos
;
284 /* FIXME, find out if there is a name for this GUID */
285 static const GUID unknown
= { 0xC689AAB8, 0x8E78, 0x11D0, { 0x8C,0x47,0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
287 TRACE("(%s %p %p)\n", wine_dbgstr_w(FileName
), hFileIn
, pgSubject
);
289 if (!pgSubject
|| (!FileName
&& !hFileIn
))
291 SetLastError(ERROR_INVALID_PARAMETER
);
295 /* Set pgSubject to zero's */
296 memset(pgSubject
, 0 , sizeof(GUID
));
299 /* Use the given handle, make sure not to close this one ourselves */
303 hFile
= CreateFileW(FileName
, GENERIC_READ
, FILE_SHARE_READ
, NULL
, OPEN_EXISTING
, FILE_ATTRIBUTE_NORMAL
, NULL
);
304 /* Last error is set by CreateFile */
305 if (hFile
== INVALID_HANDLE_VALUE
) return FALSE
;
308 hFilemapped
= CreateFileMappingA(hFile
, NULL
, PAGE_READONLY
, 0, 0, NULL
);
309 /* Last error is set by CreateFileMapping */
310 if (!hFilemapped
) goto cleanup3
;
312 pMapped
= MapViewOfFile(hFilemapped
, FILE_MAP_READ
, 0, 0, 0);
313 /* Last error is set by MapViewOfFile */
314 if (!pMapped
) goto cleanup2
;
316 /* Native checks it right here */
317 fileSize
= GetFileSize(hFile
, NULL
);
320 SetLastError(ERROR_INVALID_PARAMETER
);
324 /* As everything is in place now we start looking at the file header */
325 dos
= (IMAGE_DOS_HEADER
*)pMapped
;
326 if (dos
->e_magic
== IMAGE_DOS_SIGNATURE
)
328 memcpy(pgSubject
, &unknown
, sizeof(GUID
));
335 * There is a lot more to be checked:
336 * - Check for MSFC in the header
337 * - Check for the keys CryptSIPDllIsMyFileType and CryptSIPDllIsMyFileType2
338 * under HKLM\Software\Microsoft\Cryptography\OID\EncodingType 0. Here are
339 * functions listed that need check if a SIP Provider can deal with the
343 /* Let's set the most common error for now */
344 SetLastError(TRUST_E_SUBJECT_FORM_UNKNOWN
);
346 /* The 3 different cleanups are here because we shouldn't overwrite the last error */
348 UnmapViewOfFile(pMapped
);
350 CloseHandle(hFilemapped
);
352 /* If we didn't open this one we shouldn't close it (hFile is a copy) */
353 if (!hFileIn
) CloseHandle(hFile
);
358 static LONG
CRYPT_OpenSIPFunctionKey(const GUID
*guid
, LPCWSTR function
,
361 WCHAR szFullKey
[ 0x100 ];
363 lstrcpyW(szFullKey
, szOID
);
364 lstrcatW(szFullKey
, function
);
365 CRYPT_guid2wstr(guid
, &szFullKey
[lstrlenW(szFullKey
)]);
366 return RegOpenKeyExW(HKEY_LOCAL_MACHINE
, szFullKey
, 0, KEY_READ
, key
);
369 /* Loads the function named function for the SIP specified by pgSubject, and
370 * returns it if found. Returns NULL on error. If the function is loaded,
371 * *pLib is set to the library in which it is found.
373 static void *CRYPT_LoadSIPFunc(const GUID
*pgSubject
, LPCWSTR function
,
379 WCHAR dllName
[MAX_PATH
];
380 char functionName
[MAX_PATH
];
384 TRACE("(%s, %s)\n", debugstr_guid(pgSubject
), debugstr_w(function
));
386 r
= CRYPT_OpenSIPFunctionKey(pgSubject
, function
, &key
);
389 /* Read the DLL entry */
390 size
= sizeof(dllName
);
391 r
= RegQueryValueExW(key
, szDllName
, NULL
, NULL
, (LPBYTE
)dllName
, &size
);
394 /* Read the Function entry */
395 size
= sizeof(functionName
);
396 r
= RegQueryValueExA(key
, "FuncName", NULL
, NULL
, (LPBYTE
)functionName
,
400 lib
= LoadLibraryW(dllName
);
403 func
= GetProcAddress(lib
, functionName
);
411 TRACE("returning %p\n", func
);
415 typedef struct _WINE_SIP_PROVIDER
{
417 SIP_DISPATCH_INFO info
;
421 static struct list providers
= { &providers
, &providers
};
422 static CRITICAL_SECTION providers_cs
;
423 static CRITICAL_SECTION_DEBUG providers_cs_debug
=
426 { &providers_cs_debug
.ProcessLocksList
,
427 &providers_cs_debug
.ProcessLocksList
},
428 0, 0, { (DWORD_PTR
)(__FILE__
": providers_cs") }
430 static CRITICAL_SECTION providers_cs
= { &providers_cs_debug
, -1, 0, 0, 0, 0 };
432 static void CRYPT_CacheSIP(const GUID
*pgSubject
, SIP_DISPATCH_INFO
*info
)
434 WINE_SIP_PROVIDER
*prov
= CryptMemAlloc(sizeof(WINE_SIP_PROVIDER
));
438 memcpy(&prov
->subject
, pgSubject
, sizeof(prov
->subject
));
439 memcpy(&prov
->info
, info
, sizeof(prov
->info
));
440 EnterCriticalSection(&providers_cs
);
441 list_add_tail(&providers
, &prov
->entry
);
442 LeaveCriticalSection(&providers_cs
);
446 static WINE_SIP_PROVIDER
*CRYPT_GetCachedSIP(const GUID
*pgSubject
)
448 WINE_SIP_PROVIDER
*provider
= NULL
, *ret
= NULL
;
450 EnterCriticalSection(&providers_cs
);
451 LIST_FOR_EACH_ENTRY(provider
, &providers
, WINE_SIP_PROVIDER
, entry
)
453 if (IsEqualGUID(pgSubject
, &provider
->subject
))
456 if (provider
&& IsEqualGUID(pgSubject
, &provider
->subject
))
458 LeaveCriticalSection(&providers_cs
);
462 static inline BOOL
CRYPT_IsSIPCached(const GUID
*pgSubject
)
464 return CRYPT_GetCachedSIP(pgSubject
) != NULL
;
467 void crypt_sip_free(void)
469 WINE_SIP_PROVIDER
*prov
, *next
;
471 LIST_FOR_EACH_ENTRY_SAFE(prov
, next
, &providers
, WINE_SIP_PROVIDER
, entry
)
473 list_remove(&prov
->entry
);
474 FreeLibrary(prov
->info
.hSIP
);
479 /* Loads the SIP for pgSubject into the global cache. Returns FALSE if the
480 * SIP isn't registered or is invalid.
482 static BOOL
CRYPT_LoadSIP(const GUID
*pgSubject
)
484 SIP_DISPATCH_INFO sip
= { 0 };
485 HMODULE lib
, temp
= NULL
;
487 sip
.pfGet
= CRYPT_LoadSIPFunc(pgSubject
, szGetSigned
, &lib
);
490 sip
.pfPut
= CRYPT_LoadSIPFunc(pgSubject
, szPutSigned
, &temp
);
491 if (!sip
.pfPut
|| temp
!= lib
)
494 sip
.pfCreate
= CRYPT_LoadSIPFunc(pgSubject
, szCreate
, &temp
);
495 if (!sip
.pfCreate
|| temp
!= lib
)
498 sip
.pfVerify
= CRYPT_LoadSIPFunc(pgSubject
, szVerify
, &temp
);
499 if (!sip
.pfVerify
|| temp
!= lib
)
502 sip
.pfRemove
= CRYPT_LoadSIPFunc(pgSubject
, szRemoveSigned
, &temp
);
503 if (!sip
.pfRemove
|| temp
!= lib
)
507 CRYPT_CacheSIP(pgSubject
, &sip
);
513 SetLastError(TRUST_E_SUBJECT_FORM_UNKNOWN
);
517 /***********************************************************************
518 * CryptSIPLoad (CRYPT32.@)
520 * Load some internal crypt32 functions into a SIP_DISPATCH_INFO structure.
523 * pgSubject [I] The GUID.
525 * pSipDispatch [I] The loaded functions.
528 * Success: TRUE. pSipDispatch contains the functions.
529 * Failure: FALSE. (Look at GetLastError()).
532 * CryptSIPLoad uses caching for the list of GUIDs and whether a SIP is
535 * An application calls CryptSipLoad which will return a structure with the
536 * function addresses of some internal crypt32 functions. The application will
537 * then call these functions which will be forwarded to the appropriate SIP.
539 * CryptSIPLoad will load the needed SIP but doesn't unload this dll. The unloading
540 * is done when crypt32 is unloaded.
542 BOOL WINAPI CryptSIPLoad
543 (const GUID
*pgSubject
, DWORD dwFlags
, SIP_DISPATCH_INFO
*pSipDispatch
)
545 TRACE("(%s %d %p)\n", debugstr_guid(pgSubject
), dwFlags
, pSipDispatch
);
547 if (!pgSubject
|| dwFlags
!= 0 || !pSipDispatch
)
549 SetLastError(ERROR_INVALID_PARAMETER
);
552 if (!CRYPT_IsSIPCached(pgSubject
) && !CRYPT_LoadSIP(pgSubject
))
555 pSipDispatch
->hSIP
= NULL
;
556 pSipDispatch
->pfGet
= CryptSIPGetSignedDataMsg
;
557 pSipDispatch
->pfPut
= CryptSIPPutSignedDataMsg
;
558 pSipDispatch
->pfCreate
= CryptSIPCreateIndirectData
;
559 pSipDispatch
->pfVerify
= CryptSIPVerifyIndirectData
;
560 pSipDispatch
->pfRemove
= CryptSIPRemoveSignedDataMsg
;
565 /***********************************************************************
566 * CryptSIPCreateIndirectData (CRYPT32.@)
568 BOOL WINAPI
CryptSIPCreateIndirectData(SIP_SUBJECTINFO
* pSubjectInfo
, DWORD
* pcbIndirectData
,
569 SIP_INDIRECT_DATA
* pIndirectData
)
571 WINE_SIP_PROVIDER
*sip
;
574 TRACE("(%p %p %p)\n", pSubjectInfo
, pcbIndirectData
, pIndirectData
);
576 if ((sip
= CRYPT_GetCachedSIP(pSubjectInfo
->pgSubjectType
)))
577 ret
= sip
->info
.pfCreate(pSubjectInfo
, pcbIndirectData
, pIndirectData
);
578 TRACE("returning %d\n", ret
);
582 /***********************************************************************
583 * CryptSIPGetSignedDataMsg (CRYPT32.@)
585 BOOL WINAPI
CryptSIPGetSignedDataMsg(SIP_SUBJECTINFO
* pSubjectInfo
, DWORD
* pdwEncodingType
,
586 DWORD dwIndex
, DWORD
* pcbSignedDataMsg
, BYTE
* pbSignedDataMsg
)
588 WINE_SIP_PROVIDER
*sip
;
591 TRACE("(%p %p %d %p %p)\n", pSubjectInfo
, pdwEncodingType
, dwIndex
,
592 pcbSignedDataMsg
, pbSignedDataMsg
);
594 if ((sip
= CRYPT_GetCachedSIP(pSubjectInfo
->pgSubjectType
)))
595 ret
= sip
->info
.pfGet(pSubjectInfo
, pdwEncodingType
, dwIndex
,
596 pcbSignedDataMsg
, pbSignedDataMsg
);
597 TRACE("returning %d\n", ret
);
601 /***********************************************************************
602 * CryptSIPPutSignedDataMsg (CRYPT32.@)
604 BOOL WINAPI
CryptSIPPutSignedDataMsg(SIP_SUBJECTINFO
* pSubjectInfo
, DWORD pdwEncodingType
,
605 DWORD
* pdwIndex
, DWORD cbSignedDataMsg
, BYTE
* pbSignedDataMsg
)
607 WINE_SIP_PROVIDER
*sip
;
610 TRACE("(%p %d %p %d %p)\n", pSubjectInfo
, pdwEncodingType
, pdwIndex
,
611 cbSignedDataMsg
, pbSignedDataMsg
);
613 if ((sip
= CRYPT_GetCachedSIP(pSubjectInfo
->pgSubjectType
)))
614 ret
= sip
->info
.pfPut(pSubjectInfo
, pdwEncodingType
, pdwIndex
,
615 cbSignedDataMsg
, pbSignedDataMsg
);
616 TRACE("returning %d\n", ret
);
620 /***********************************************************************
621 * CryptSIPRemoveSignedDataMsg (CRYPT32.@)
623 BOOL WINAPI
CryptSIPRemoveSignedDataMsg(SIP_SUBJECTINFO
* pSubjectInfo
,
626 WINE_SIP_PROVIDER
*sip
;
629 TRACE("(%p %d)\n", pSubjectInfo
, dwIndex
);
631 if ((sip
= CRYPT_GetCachedSIP(pSubjectInfo
->pgSubjectType
)))
632 ret
= sip
->info
.pfRemove(pSubjectInfo
, dwIndex
);
633 TRACE("returning %d\n", ret
);
637 /***********************************************************************
638 * CryptSIPVerifyIndirectData (CRYPT32.@)
640 BOOL WINAPI
CryptSIPVerifyIndirectData(SIP_SUBJECTINFO
* pSubjectInfo
,
641 SIP_INDIRECT_DATA
* pIndirectData
)
643 WINE_SIP_PROVIDER
*sip
;
646 TRACE("(%p %p)\n", pSubjectInfo
, pIndirectData
);
648 if ((sip
= CRYPT_GetCachedSIP(pSubjectInfo
->pgSubjectType
)))
649 ret
= sip
->info
.pfVerify(pSubjectInfo
, pIndirectData
);
650 TRACE("returning %d\n", ret
);