search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
wintrust: Implement CryptCATOpen and CryptCATClose.
[wine/wine64.git] / dlls / wintrust / crypt.c
blob4055c55a2b8f232890e9486f3327aaa6520e3ebb
1 /*
2 * WinTrust Cryptography functions
3 *
4 * Copyright 2006 James Hawkins
5 * Copyright 2000-2002 Stuart Caie
6 * Copyright 2002 Patrik Stridvall
7 * Copyright 2003 Greg Turner
8 * Copyright 2008 Juan Lang
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 */
24
25 #include <stdarg.h>
26 #include <stdio.h>
27 #include "windef.h"
28 #include "winbase.h"
29 #include "wintrust.h"
30 #include "mscat.h"
31 #include "mssip.h"
32 #include "imagehlp.h"
33
34 #include "wine/debug.h"
35 #include "wine/unicode.h"
36
37 WINE_DEFAULT_DEBUG_CHANNEL(wintrust);
38
39 #define CATADMIN_MAGIC 0x43415441 /* 'CATA' */
40 #define CRYPTCAT_MAGIC 0x43415443 /* 'CATC' */
41 #define CATINFO_MAGIC 0x43415449 /* 'CATI' */
42
43 struct cryptcat
44 {
45 DWORD magic;
46 HANDLE msg;
47 DWORD encoding;
48 CTL_INFO *inner;
49 DWORD inner_len;
50 GUID subject;
51 DWORD attr_count;
52 CRYPTCATATTRIBUTE *attr;
53 };
54
55 struct catadmin
56 {
57 DWORD magic;
58 WCHAR path[MAX_PATH];
59 HANDLE find;
60 };
61
62 struct catinfo
63 {
64 DWORD magic;
65 WCHAR file[MAX_PATH];
66 };
67
68 static HCATINFO create_catinfo(const WCHAR *filename)
69 {
70 struct catinfo *ci;
71
72 if (!(ci = HeapAlloc(GetProcessHeap(), 0, sizeof(*ci))))
73 {
74 SetLastError(ERROR_OUTOFMEMORY);
75 return INVALID_HANDLE_VALUE;
76 }
77 strcpyW(ci->file, filename);
78 ci->magic = CATINFO_MAGIC;
79 return ci;
80 }
81
82 /***********************************************************************
83 * CryptCATAdminAcquireContext (WINTRUST.@)
84 *
85 * Get a catalog administrator context handle.
86 *
87 * PARAMS
88 * catAdmin [O] Pointer to the context handle.
89 * sys [I] Pointer to a GUID for the needed subsystem.
90 * dwFlags [I] Reserved.
91 *
92 * RETURNS
93 * Success: TRUE. catAdmin contains the context handle.
94 * Failure: FALSE.
95 *
96 */
97 BOOL WINAPI CryptCATAdminAcquireContext(HCATADMIN *catAdmin,
98 const GUID *sys, DWORD dwFlags)
99 {
100 static const WCHAR catroot[] =
101 {'\\','c','a','t','r','o','o','t',0};
102 static const WCHAR fmt[] =
103 {'%','s','\\','{','%','0','8','x','-','%','0','4','x','-','%','0',
104 '4','x','-','%','0','2','x','%','0','2','x','-','%','0','2','x',
105 '%','0','2','x','%','0','2','x','%','0','2','x','%','0','2','x',
106 '%','0','2','x','}',0};
107 static const GUID defsys =
108 {0x127d0a1d,0x4ef2,0x11d1,{0x86,0x08,0x00,0xc0,0x4f,0xc2,0x95,0xee}};
109
110 WCHAR catroot_dir[MAX_PATH];
111 struct catadmin *ca;
112
113 TRACE("%p %s %x\n", catAdmin, debugstr_guid(sys), dwFlags);
114
115 if (!catAdmin)
116 {
117 SetLastError(ERROR_INVALID_PARAMETER);
118 return FALSE;
119 }
120 if (!(ca = HeapAlloc(GetProcessHeap(), 0, sizeof(*ca))))
121 {
122 SetLastError(ERROR_OUTOFMEMORY);
123 return FALSE;
124 }
125
126 GetSystemDirectoryW(catroot_dir, MAX_PATH);
127 strcatW(catroot_dir, catroot);
128
129 /* create the directory if it doesn't exist */
130 CreateDirectoryW(catroot_dir, NULL);
131
132 if (!sys) sys = &defsys;
133 sprintfW(ca->path, fmt, catroot_dir, sys->Data1, sys->Data2,
134 sys->Data3, sys->Data4[0], sys->Data4[1], sys->Data4[2],
135 sys->Data4[3], sys->Data4[4], sys->Data4[5], sys->Data4[6],
136 sys->Data4[7]);
137
138 /* create the directory if it doesn't exist */
139 CreateDirectoryW(ca->path, NULL);
140
141 ca->magic = CATADMIN_MAGIC;
142 ca->find = NULL;
143
144 *catAdmin = ca;
145 return TRUE;
146 }
147
148 /***********************************************************************
149 * CryptCATAdminAddCatalog (WINTRUST.@)
150 */
151 HCATINFO WINAPI CryptCATAdminAddCatalog(HCATADMIN catAdmin, PWSTR catalogFile,
152 PWSTR selectBaseName, DWORD flags)
153 {
154 static const WCHAR slashW[] = {'\\',0};
155 struct catadmin *ca = catAdmin;
156 struct catinfo *ci;
157 WCHAR *target;
158 DWORD len;
159
160 TRACE("%p %s %s %d\n", catAdmin, debugstr_w(catalogFile),
161 debugstr_w(selectBaseName), flags);
162
163 if (!selectBaseName)
164 {
165 FIXME("NULL basename not handled\n");
166 SetLastError(ERROR_INVALID_PARAMETER);
167 return NULL;
168 }
169 if (!ca || ca->magic != CATADMIN_MAGIC || !catalogFile || flags)
170 {
171 SetLastError(ERROR_INVALID_PARAMETER);
172 return NULL;
173 }
174
175 len = strlenW(ca->path) + strlenW(selectBaseName) + 2;
176 if (!(target = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR))))
177 {
178 SetLastError(ERROR_OUTOFMEMORY);
179 return NULL;
180 }
181 strcpyW(target, ca->path);
182 strcatW(target, slashW);
183 strcatW(target, selectBaseName);
184
185 if (!CopyFileW(catalogFile, target, FALSE))
186 {
187 HeapFree(GetProcessHeap(), 0, target);
188 return NULL;
189 }
190 if (!(ci = HeapAlloc(GetProcessHeap(), 0, sizeof(*ci))))
191 {
192 HeapFree(GetProcessHeap(), 0, target);
193 SetLastError(ERROR_OUTOFMEMORY);
194 return NULL;
195 }
196 ci->magic = CATINFO_MAGIC;
197 strcpyW(ci->file, target);
198
199 HeapFree(GetProcessHeap(), 0, target);
200 return ci;
201 }
202
203 /***********************************************************************
204 * CryptCATAdminCalcHashFromFileHandle (WINTRUST.@)
205 */
206 BOOL WINAPI CryptCATAdminCalcHashFromFileHandle(HANDLE hFile, DWORD* pcbHash,
207 BYTE* pbHash, DWORD dwFlags )
208 {
209 BOOL ret = FALSE;
210
211 TRACE("%p %p %p %x\n", hFile, pcbHash, pbHash, dwFlags);
212
213 if (!hFile || !pcbHash || dwFlags)
214 {
215 SetLastError(ERROR_INVALID_PARAMETER);
216 return FALSE;
217 }
218 if (*pcbHash < 20)
219 {
220 *pcbHash = 20;
221 SetLastError(ERROR_INSUFFICIENT_BUFFER);
222 return TRUE;
223 }
224
225 *pcbHash = 20;
226 if (pbHash)
227 {
228 HCRYPTPROV prov;
229 HCRYPTHASH hash;
230 DWORD bytes_read;
231 BYTE *buffer;
232
233 if (!(buffer = HeapAlloc(GetProcessHeap(), 0, 4096)))
234 {
235 SetLastError(ERROR_OUTOFMEMORY);
236 return FALSE;
237 }
238 ret = CryptAcquireContextW(&prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
239 if (!ret)
240 {
241 HeapFree(GetProcessHeap(), 0, buffer);
242 return FALSE;
243 }
244 ret = CryptCreateHash(prov, CALG_SHA1, 0, 0, &hash);
245 if (!ret)
246 {
247 HeapFree(GetProcessHeap(), 0, buffer);
248 CryptReleaseContext(prov, 0);
249 return FALSE;
250 }
251 while ((ret = ReadFile(hFile, buffer, 4096, &bytes_read, NULL)) && bytes_read)
252 {
253 CryptHashData(hash, buffer, bytes_read, 0);
254 }
255 if (ret) ret = CryptGetHashParam(hash, HP_HASHVAL, pbHash, pcbHash, 0);
256
257 HeapFree(GetProcessHeap(), 0, buffer);
258 CryptDestroyHash(hash);
259 CryptReleaseContext(prov, 0);
260 }
261 return ret;
262 }
263
264 /***********************************************************************
265 * CryptCATAdminEnumCatalogFromHash (WINTRUST.@)
266 */
267 HCATINFO WINAPI CryptCATAdminEnumCatalogFromHash(HCATADMIN hCatAdmin, BYTE* pbHash,
268 DWORD cbHash, DWORD dwFlags,
269 HCATINFO* phPrevCatInfo )
270 {
271 static const WCHAR slashW[] = {'\\',0};
272 static const WCHAR globW[] = {'\\','*','.','c','a','t',0};
273
274 struct catadmin *ca = hCatAdmin;
275 WIN32_FIND_DATAW data;
276 HCATINFO prev = NULL;
277 HCRYPTPROV prov;
278 DWORD size;
279 BOOL ret;
280
281 TRACE("%p %p %d %x %p\n", hCatAdmin, pbHash, cbHash, dwFlags, phPrevCatInfo);
282
283 if (!ca || ca->magic != CATADMIN_MAGIC || !pbHash || cbHash != 20 || dwFlags)
284 {
285 SetLastError(ERROR_INVALID_PARAMETER);
286 return NULL;
287 }
288 if (phPrevCatInfo) prev = *phPrevCatInfo;
289
290 ret = CryptAcquireContextW(&prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
291 if (!ret) return NULL;
292
293 if (!prev)
294 {
295 WCHAR *path;
296
297 size = strlenW(ca->path) * sizeof(WCHAR) + sizeof(globW);
298 if (!(path = HeapAlloc(GetProcessHeap(), 0, size)))
299 {
300 CryptReleaseContext(prov, 0);
301 SetLastError(ERROR_OUTOFMEMORY);
302 return NULL;
303 }
304 strcpyW(path, ca->path);
305 strcatW(path, globW);
306
307 if (ca->find) FindClose(ca->find);
308 ca->find = FindFirstFileW(path, &data);
309
310 HeapFree(GetProcessHeap(), 0, path);
311 if (!ca->find)
312 {
313 CryptReleaseContext(prov, 0);
314 return NULL;
315 }
316 }
317 else if (!FindNextFileW(ca->find, &data))
318 {
319 CryptCATAdminReleaseCatalogContext(hCatAdmin, prev, 0);
320 CryptReleaseContext(prov, 0);
321 return NULL;
322 }
323
324 while (1)
325 {
326 WCHAR *filename;
327 CRYPTCATMEMBER *member = NULL;
328 struct catinfo *ci;
329 HANDLE hcat;
330
331 size = (strlenW(ca->path) + strlenW(data.cFileName) + 2) * sizeof(WCHAR);
332 if (!(filename = HeapAlloc(GetProcessHeap(), 0, size)))
333 {
334 SetLastError(ERROR_OUTOFMEMORY);
335 return NULL;
336 }
337 strcpyW(filename, ca->path);
338 strcatW(filename, slashW);
339 strcatW(filename, data.cFileName);
340
341 hcat = CryptCATOpen(filename, CRYPTCAT_OPEN_EXISTING, prov, 0, 0);
342 if (hcat == INVALID_HANDLE_VALUE)
343 {
344 WARN("couldn't open %s (%u)\n", debugstr_w(filename), GetLastError());
345 continue;
346 }
347 while ((member = CryptCATEnumerateMember(hcat, member)))
348 {
349 if (member->pIndirectData->Digest.cbData != cbHash)
350 {
351 WARN("amount of hash bytes differs: %u/%u\n", member->pIndirectData->Digest.cbData, cbHash);
352 continue;
353 }
354 if (!memcmp(member->pIndirectData->Digest.pbData, pbHash, cbHash))
355 {
356 TRACE("file %s matches\n", debugstr_w(data.cFileName));
357
358 CryptCATClose(hcat);
359 CryptReleaseContext(prov, 0);
360 if (!phPrevCatInfo)
361 {
362 FindClose(ca->find);
363 ca->find = NULL;
364 }
365 ci = create_catinfo(filename);
366 HeapFree(GetProcessHeap(), 0, filename);
367 return ci;
368 }
369 }
370 CryptCATClose(hcat);
371 HeapFree(GetProcessHeap(), 0, filename);
372
373 if (!FindNextFileW(ca->find, &data))
374 {
375 FindClose(ca->find);
376 ca->find = NULL;
377 CryptReleaseContext(prov, 0);
378 return NULL;
379 }
380 }
381 return NULL;
382 }
383
384 /***********************************************************************
385 * CryptCATAdminReleaseCatalogContext (WINTRUST.@)
386 *
387 * Release a catalog context handle.
388 *
389 * PARAMS
390 * hCatAdmin [I] Context handle.
391 * hCatInfo [I] Catalog handle.
392 * dwFlags [I] Reserved.
393 *
394 * RETURNS
395 * Success: TRUE.
396 * Failure: FALSE.
397 *
398 */
399 BOOL WINAPI CryptCATAdminReleaseCatalogContext(HCATADMIN hCatAdmin,
400 HCATINFO hCatInfo,
401 DWORD dwFlags)
402 {
403 struct catinfo *ci = hCatInfo;
404 struct catadmin *ca = hCatAdmin;
405
406 TRACE("%p %p %x\n", hCatAdmin, hCatInfo, dwFlags);
407
408 if (!ca || ca->magic != CATADMIN_MAGIC || !ci || ci->magic != CATINFO_MAGIC)
409 {
410 SetLastError(ERROR_INVALID_PARAMETER);
411 return FALSE;
412 }
413 ci->magic = 0;
414 return HeapFree(GetProcessHeap(), 0, ci);
415 }
416
417 /***********************************************************************
418 * CryptCATAdminReleaseContext (WINTRUST.@)
419 *
420 * Release a catalog administrator context handle.
421 *
422 * PARAMS
423 * catAdmin [I] Context handle.
424 * dwFlags [I] Reserved.
425 *
426 * RETURNS
427 * Success: TRUE.
428 * Failure: FALSE.
429 *
430 */
431 BOOL WINAPI CryptCATAdminReleaseContext(HCATADMIN hCatAdmin, DWORD dwFlags )
432 {
433 struct catadmin *ca = hCatAdmin;
434
435 TRACE("%p %x\n", hCatAdmin, dwFlags);
436
437 if (!ca || ca->magic != CATADMIN_MAGIC)
438 {
439 SetLastError(ERROR_INVALID_PARAMETER);
440 return FALSE;
441 }
442 if (ca->find) FindClose(ca->find);
443 ca->magic = 0;
444 return HeapFree(GetProcessHeap(), 0, ca);
445 }
446
447 /***********************************************************************
448 * CryptCATAdminRemoveCatalog (WINTRUST.@)
449 *
450 * Remove a catalog file.
451 *
452 * PARAMS
453 * catAdmin [I] Context handle.
454 * pwszCatalogFile [I] Catalog file.
455 * dwFlags [I] Reserved.
456 *
457 * RETURNS
458 * Success: TRUE.
459 * Failure: FALSE.
460 *
461 */
462 BOOL WINAPI CryptCATAdminRemoveCatalog(HCATADMIN hCatAdmin, LPCWSTR pwszCatalogFile, DWORD dwFlags)
463 {
464 struct catadmin *ca = hCatAdmin;
465
466 TRACE("%p %s %x\n", hCatAdmin, debugstr_w(pwszCatalogFile), dwFlags);
467
468 if (!ca || ca->magic != CATADMIN_MAGIC)
469 {
470 SetLastError(ERROR_INVALID_PARAMETER);
471 return FALSE;
472 }
473 return DeleteFileW(pwszCatalogFile);
474 }
475
476 /***********************************************************************
477 * CryptCATClose (WINTRUST.@)
478 */
479 BOOL WINAPI CryptCATClose(HANDLE hCatalog)
480 {
481 struct cryptcat *cc = hCatalog;
482
483 TRACE("(%p)\n", hCatalog);
484
485 if (!hCatalog || hCatalog == INVALID_HANDLE_VALUE || cc->magic != CRYPTCAT_MAGIC)
486 {
487 SetLastError(ERROR_INVALID_PARAMETER);
488 return FALSE;
489 }
490 HeapFree(GetProcessHeap(), 0, cc->attr);
491 HeapFree(GetProcessHeap(), 0, cc->inner);
492 CryptMsgClose(cc->msg);
493
494 cc->magic = 0;
495 HeapFree(GetProcessHeap(), 0, cc);
496 return TRUE;
497 }
498
499 /***********************************************************************
500 * CryptCATEnumerateMember (WINTRUST.@)
501 */
502 CRYPTCATMEMBER *WINAPI CryptCATEnumerateMember(HANDLE hCatalog, CRYPTCATMEMBER* pPrevMember)
503 {
504 FIXME("(%p, %p) stub\n", hCatalog, pPrevMember);
505 return NULL;
506 }
507
508 static CTL_INFO *decode_inner_content(HANDLE hmsg, DWORD encoding, DWORD *len)
509 {
510 DWORD size;
511 LPSTR oid = NULL;
512 BYTE *buffer = NULL;
513 CTL_INFO *inner = NULL;
514
515 if (!CryptMsgGetParam(hmsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, NULL, &size)) return NULL;
516 if (!(oid = HeapAlloc(GetProcessHeap(), 0, size)))
517 {
518 SetLastError(ERROR_OUTOFMEMORY);
519 return NULL;
520 }
521 if (!CryptMsgGetParam(hmsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, oid, &size)) goto out;
522 if (!CryptMsgGetParam(hmsg, CMSG_CONTENT_PARAM, 0, NULL, &size)) goto out;
523 if (!(buffer = HeapAlloc(GetProcessHeap(), 0, size)))
524 {
525 SetLastError(ERROR_OUTOFMEMORY);
526 goto out;
527 }
528 if (!CryptMsgGetParam(hmsg, CMSG_CONTENT_PARAM, 0, buffer, &size)) goto out;
529 if (!CryptDecodeObject(encoding, oid, buffer, size, 0, NULL, &size)) goto out;
530 if (!(inner = HeapAlloc(GetProcessHeap(), 0, size)))
531 {
532 SetLastError(ERROR_OUTOFMEMORY);
533 goto out;
534 }
535 if (!CryptDecodeObject(encoding, oid, buffer, size, 0, inner, &size)) goto out;
536 *len = size;
537
538 out:
539 HeapFree(GetProcessHeap(), 0, oid);
540 HeapFree(GetProcessHeap(), 0, buffer);
541 return inner;
542 }
543
544 /***********************************************************************
545 * CryptCATOpen (WINTRUST.@)
546 */
547 HANDLE WINAPI CryptCATOpen(LPWSTR pwszFileName, DWORD fdwOpenFlags, HCRYPTPROV hProv,
548 DWORD dwPublicVersion, DWORD dwEncodingType)
549 {
550 HANDLE file, hmsg;
551 BYTE *buffer = NULL;
552 DWORD size, flags = OPEN_EXISTING;
553 struct cryptcat *cc;
554
555 TRACE("%s, %x, %lx, %x, %x\n", debugstr_w(pwszFileName), fdwOpenFlags,
556 hProv, dwPublicVersion, dwEncodingType);
557
558 if (!pwszFileName)
559 {
560 SetLastError(ERROR_INVALID_PARAMETER);
561 return INVALID_HANDLE_VALUE;
562 }
563
564 if (!dwPublicVersion) dwPublicVersion = 0x00000100;
565 if (!dwEncodingType) dwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
566
567 if (fdwOpenFlags & CRYPTCAT_OPEN_ALWAYS) flags |= OPEN_ALWAYS;
568 if (fdwOpenFlags & CRYPTCAT_OPEN_CREATENEW) flags |= CREATE_NEW;
569
570 file = CreateFileW(pwszFileName, GENERIC_READ, FILE_SHARE_READ, NULL, flags, 0, NULL);
571 if (file == INVALID_HANDLE_VALUE) return INVALID_HANDLE_VALUE;
572
573 size = GetFileSize(file, NULL);
574 if (!(buffer = HeapAlloc(GetProcessHeap(), 0, size)))
575 {
576 CloseHandle(file);
577 SetLastError(ERROR_OUTOFMEMORY);
578 return INVALID_HANDLE_VALUE;
579 }
580 if (!(hmsg = CryptMsgOpenToDecode(dwEncodingType, 0, 0, hProv, NULL, NULL)))
581 {
582 CloseHandle(file);
583 HeapFree(GetProcessHeap(), 0, buffer);
584 return INVALID_HANDLE_VALUE;
585 }
586 if (!ReadFile(file, buffer, size, &size, NULL) || !CryptMsgUpdate(hmsg, buffer, size, TRUE))
587 {
588 CloseHandle(file);
589 HeapFree(GetProcessHeap(), 0, buffer);
590 CryptMsgClose(hmsg);
591 return INVALID_HANDLE_VALUE;
592 }
593 HeapFree(GetProcessHeap(), 0, buffer);
594 CloseHandle(file);
595
596 size = sizeof(DWORD);
597 if (!(cc = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*cc))))
598 {
599 CryptMsgClose(hmsg);
600 SetLastError(ERROR_OUTOFMEMORY);
601 return INVALID_HANDLE_VALUE;
602 }
603
604 cc->msg = hmsg;
605 cc->encoding = dwEncodingType;
606 if (CryptMsgGetParam(hmsg, CMSG_ATTR_CERT_COUNT_PARAM, 0, &cc->attr_count, &size))
607 {
608 DWORD i, sum = 0;
609 BYTE *p;
610
611 for (i = 0; i < cc->attr_count; i++)
612 {
613 if (!CryptMsgGetParam(hmsg, CMSG_ATTR_CERT_PARAM, i, NULL, &size))
614 {
615 CryptMsgClose(hmsg);
616 return INVALID_HANDLE_VALUE;
617 }
618 sum += size;
619 }
620 if (!(cc->attr = HeapAlloc(GetProcessHeap(), 0, sizeof(*cc->attr) * cc->attr_count + sum)))
621 {
622 CryptMsgClose(hmsg);
623 SetLastError(ERROR_OUTOFMEMORY);
624 return INVALID_HANDLE_VALUE;
625 }
626 p = (BYTE *)(cc->attr + cc->attr_count);
627 for (i = 0; i < cc->attr_count; i++)
628 {
629 if (!CryptMsgGetParam(hmsg, CMSG_ATTR_CERT_PARAM, i, NULL, &size))
630 {
631 CryptMsgClose(hmsg);
632 HeapFree(GetProcessHeap(), 0, cc->attr);
633 return INVALID_HANDLE_VALUE;
634 }
635 if (!CryptMsgGetParam(hmsg, CMSG_ATTR_CERT_PARAM, i, p, &size))
636 {
637 CryptMsgClose(hmsg);
638 HeapFree(GetProcessHeap(), 0, cc->attr);
639 return INVALID_HANDLE_VALUE;
640 }
641 p += size;
642 }
643 cc->inner = decode_inner_content(hmsg, dwEncodingType, &cc->inner_len);
644 if (!cc->inner || !CryptSIPRetrieveSubjectGuid(pwszFileName, NULL, &cc->subject))
645 {
646 CryptMsgClose(hmsg);
647 HeapFree(GetProcessHeap(), 0, cc->attr);
648 HeapFree(GetProcessHeap(), 0, cc->inner);
649 HeapFree(GetProcessHeap(), 0, cc);
650 return INVALID_HANDLE_VALUE;
651 }
652 cc->magic = CRYPTCAT_MAGIC;
653 return cc;
654 }
655 return INVALID_HANDLE_VALUE;
656 }
657
658 /***********************************************************************
659 * CryptSIPCreateIndirectData (WINTRUST.@)
660 */
661 BOOL WINAPI CryptSIPCreateIndirectData(SIP_SUBJECTINFO* pSubjectInfo, DWORD* pcbIndirectData,
662 SIP_INDIRECT_DATA* pIndirectData)
663 {
664 FIXME("(%p %p %p) stub\n", pSubjectInfo, pcbIndirectData, pIndirectData);
665
666 return FALSE;
667 }
668
669 static BOOL WINTRUST_GetSignedMsgFromPEFile(SIP_SUBJECTINFO *pSubjectInfo,
670 DWORD *pdwEncodingType, DWORD dwIndex, DWORD *pcbSignedDataMsg,
671 BYTE *pbSignedDataMsg)
672 {
673 BOOL ret;
674 WIN_CERTIFICATE *pCert = NULL;
675
676 TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
677 pcbSignedDataMsg, pbSignedDataMsg);
678
679 if (!pbSignedDataMsg)
680 {
681 WIN_CERTIFICATE cert;
682
683 /* app hasn't passed buffer, just get the length */
684 ret = ImageGetCertificateHeader(pSubjectInfo->hFile, dwIndex, &cert);
685 if (ret)
686 *pcbSignedDataMsg = cert.dwLength;
687 }
688 else
689 {
690 DWORD len = 0;
691
692 ret = ImageGetCertificateData(pSubjectInfo->hFile, dwIndex, NULL, &len);
693 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
694 goto error;
695 pCert = HeapAlloc(GetProcessHeap(), 0, len);
696 if (!pCert)
697 {
698 ret = FALSE;
699 goto error;
700 }
701 ret = ImageGetCertificateData(pSubjectInfo->hFile, dwIndex, pCert,
702 &len);
703 if (!ret)
704 goto error;
705 if (*pcbSignedDataMsg < pCert->dwLength)
706 {
707 *pcbSignedDataMsg = pCert->dwLength;
708 SetLastError(ERROR_INSUFFICIENT_BUFFER);
709 ret = FALSE;
710 }
711 else
712 {
713 memcpy(pbSignedDataMsg, pCert->bCertificate, pCert->dwLength);
714 switch (pCert->wCertificateType)
715 {
716 case WIN_CERT_TYPE_X509:
717 *pdwEncodingType = X509_ASN_ENCODING;
718 break;
719 case WIN_CERT_TYPE_PKCS_SIGNED_DATA:
720 *pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
721 break;
722 default:
723 FIXME("don't know what to do for encoding type %d\n",
724 pCert->wCertificateType);
725 *pdwEncodingType = 0;
726 }
727 }
728 }
729 error:
730 HeapFree(GetProcessHeap(), 0, pCert);
731 return ret;
732 }
733
734 /* structure offsets */
735 #define cfhead_Signature (0x00)
736 #define cfhead_CabinetSize (0x08)
737 #define cfhead_MinorVersion (0x18)
738 #define cfhead_MajorVersion (0x19)
739 #define cfhead_Flags (0x1E)
740 #define cfhead_SIZEOF (0x24)
741 #define cfheadext_HeaderReserved (0x00)
742 #define cfheadext_SIZEOF (0x04)
743 #define cfsigninfo_CertOffset (0x04)
744 #define cfsigninfo_CertSize (0x08)
745 #define cfsigninfo_SIZEOF (0x0C)
746
747 /* flags */
748 #define cfheadRESERVE_PRESENT (0x0004)
749
750 /* endian-neutral reading of little-endian data */
751 #define EndGetI32(a) ((((a)[3])<<24)|(((a)[2])<<16)|(((a)[1])<<8)|((a)[0]))
752 #define EndGetI16(a) ((((a)[1])<<8)|((a)[0]))
753
754 /* For documentation purposes only: this is the structure in the reserved
755 * area of a signed cabinet file. The cert offset indicates where in the
756 * cabinet file the signature resides, and the count indicates its size.
757 */
758 typedef struct _CAB_SIGNINFO
759 {
760 WORD unk0; /* always 0? */
761 WORD unk1; /* always 0x0010? */
762 DWORD dwCertOffset;
763 DWORD cbCertBlock;
764 } CAB_SIGNINFO, *PCAB_SIGNINFO;
765
766 static BOOL WINTRUST_GetSignedMsgFromCabFile(SIP_SUBJECTINFO *pSubjectInfo,
767 DWORD *pdwEncodingType, DWORD dwIndex, DWORD *pcbSignedDataMsg,
768 BYTE *pbSignedDataMsg)
769 {
770 int header_resv;
771 LONG base_offset, cabsize;
772 USHORT flags;
773 BYTE buf[64];
774 DWORD cert_offset, cert_size, dwRead;
775
776 TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
777 pcbSignedDataMsg, pbSignedDataMsg);
778
779 /*
780 * FIXME: I just noticed that I am memorizing the initial file pointer
781 * offset and restoring it before reading in the rest of the header
782 * information in the cabinet. Perhaps that's correct -- that is, perhaps
783 * this API is supposed to support "streaming" cabinets which are embedded
784 * in other files, or cabinets which begin at file offsets other than zero.
785 * Otherwise, I should instead go to the absolute beginning of the file.
786 * (Either way, the semantics of wine's FDICopy require me to leave the
787 * file pointer where it is afterwards -- If Windows does not do so, we
788 * ought to duplicate the native behavior in the FDIIsCabinet API, not here.
789 *
790 * So, the answer lies in Windows; will native cabinet.dll recognize a
791 * cabinet "file" embedded in another file? Note that cabextract.c does
792 * support this, which implies that Microsoft's might. I haven't tried it
793 * yet so I don't know. ATM, most of wine's FDI cabinet routines (except
794 * this one) would not work in this way. To fix it, we could just make the
795 * various references to absolute file positions in the code relative to an
796 * initial "beginning" offset. Because the FDICopy API doesn't take a
797 * file-handle like this one, we would therein need to search through the
798 * file for the beginning of the cabinet (as we also do in cabextract.c).
799 * Note that this limits us to a maximum of one cabinet per. file: the first.
800 *
801 * So, in summary: either the code below is wrong, or the rest of fdi.c is
802 * wrong... I cannot imagine that both are correct ;) One of these flaws
803 * should be fixed after determining the behavior on Windows. We ought
804 * to check both FDIIsCabinet and FDICopy for the right behavior.
805 *
806 * -gmt
807 */
808
809 /* get basic offset & size info */
810 base_offset = SetFilePointer(pSubjectInfo->hFile, 0L, NULL, SEEK_CUR);
811
812 if (SetFilePointer(pSubjectInfo->hFile, 0, NULL, SEEK_END) == INVALID_SET_FILE_POINTER)
813 {
814 TRACE("seek error\n");
815 return FALSE;
816 }
817
818 cabsize = SetFilePointer(pSubjectInfo->hFile, 0L, NULL, SEEK_CUR);
819 if ((cabsize == -1) || (base_offset == -1) ||
820 (SetFilePointer(pSubjectInfo->hFile, base_offset, NULL, SEEK_SET) == INVALID_SET_FILE_POINTER))
821 {
822 TRACE("seek error\n");
823 return FALSE;
824 }
825
826 /* read in the CFHEADER */
827 if (!ReadFile(pSubjectInfo->hFile, buf, cfhead_SIZEOF, &dwRead, NULL) ||
828 dwRead != cfhead_SIZEOF)
829 {
830 TRACE("reading header failed\n");
831 return FALSE;
832 }
833
834 /* check basic MSCF signature */
835 if (EndGetI32(buf+cfhead_Signature) != 0x4643534d)
836 {
837 WARN("cabinet signature not present\n");
838 return FALSE;
839 }
840
841 /* Ignore the number of folders and files and the set and cabinet IDs */
842
843 /* check the header revision */
844 if ((buf[cfhead_MajorVersion] > 1) ||
845 (buf[cfhead_MajorVersion] == 1 && buf[cfhead_MinorVersion] > 3))
846 {
847 WARN("cabinet format version > 1.3\n");
848 return FALSE;
849 }
850
851 /* pull the flags out */
852 flags = EndGetI16(buf+cfhead_Flags);
853
854 if (!(flags & cfheadRESERVE_PRESENT))
855 {
856 TRACE("no header present, not signed\n");
857 return FALSE;
858 }
859
860 if (!ReadFile(pSubjectInfo->hFile, buf, cfheadext_SIZEOF, &dwRead, NULL) ||
861 dwRead != cfheadext_SIZEOF)
862 {
863 ERR("bunk reserve-sizes?\n");
864 return FALSE;
865 }
866
867 header_resv = EndGetI16(buf+cfheadext_HeaderReserved);
868 if (!header_resv)
869 {
870 TRACE("no header_resv, not signed\n");
871 return FALSE;
872 }
873 else if (header_resv < cfsigninfo_SIZEOF)
874 {
875 TRACE("header_resv too small, not signed\n");
876 return FALSE;
877 }
878
879 if (header_resv > 60000)
880 {
881 WARN("WARNING; header reserved space > 60000\n");
882 }
883
884 if (!ReadFile(pSubjectInfo->hFile, buf, cfsigninfo_SIZEOF, &dwRead, NULL) ||
885 dwRead != cfsigninfo_SIZEOF)
886 {
887 ERR("couldn't read reserve\n");
888 return FALSE;
889 }
890
891 cert_offset = EndGetI32(buf+cfsigninfo_CertOffset);
892 TRACE("cert_offset: %d\n", cert_offset);
893 cert_size = EndGetI32(buf+cfsigninfo_CertSize);
894 TRACE("cert_size: %d\n", cert_size);
895
896 /* The redundant checks are to avoid wraparound */
897 if (cert_offset > cabsize || cert_size > cabsize ||
898 cert_offset + cert_size > cabsize)
899 {
900 WARN("offset beyond file, not attempting to read\n");
901 return FALSE;
902 }
903
904 SetFilePointer(pSubjectInfo->hFile, base_offset, NULL, SEEK_SET);
905 if (!pbSignedDataMsg)
906 {
907 *pcbSignedDataMsg = cert_size;
908 return TRUE;
909 }
910 if (*pcbSignedDataMsg < cert_size)
911 {
912 *pcbSignedDataMsg = cert_size;
913 SetLastError(ERROR_INSUFFICIENT_BUFFER);
914 return FALSE;
915 }
916 if (SetFilePointer(pSubjectInfo->hFile, cert_offset, NULL, SEEK_SET) == INVALID_SET_FILE_POINTER)
917 {
918 ERR("couldn't seek to cert location\n");
919 return FALSE;
920 }
921 if (!ReadFile(pSubjectInfo->hFile, pbSignedDataMsg, cert_size, &dwRead,
922 NULL) || dwRead != cert_size)
923 {
924 ERR("couldn't read cert\n");
925 return FALSE;
926 }
927 /* The encoding of the files I've seen appears to be in ASN.1
928 * format, and there isn't a field indicating the type, so assume it
929 * always is.
930 */
931 *pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
932 return TRUE;
933 }
934
935 static BOOL WINTRUST_GetSignedMsgFromCatFile(SIP_SUBJECTINFO *pSubjectInfo,
936 DWORD *pdwEncodingType, DWORD dwIndex, DWORD *pcbSignedDataMsg,
937 BYTE *pbSignedDataMsg)
938 {
939 BOOL ret;
940
941 TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
942 pcbSignedDataMsg, pbSignedDataMsg);
943
944 if (!pbSignedDataMsg)
945 {
946 *pcbSignedDataMsg = GetFileSize(pSubjectInfo->hFile, NULL);
947 ret = TRUE;
948 }
949 else
950 {
951 DWORD len = GetFileSize(pSubjectInfo->hFile, NULL);
952
953 if (*pcbSignedDataMsg < len)
954 {
955 *pcbSignedDataMsg = len;
956 SetLastError(ERROR_INSUFFICIENT_BUFFER);
957 ret = FALSE;
958 }
959 else
960 {
961 ret = ReadFile(pSubjectInfo->hFile, pbSignedDataMsg, len,
962 pcbSignedDataMsg, NULL);
963 if (ret)
964 *pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
965 }
966 }
967 return ret;
968 }
969
970 /***********************************************************************
971 * CryptSIPGetSignedDataMsg (WINTRUST.@)
972 */
973 BOOL WINAPI CryptSIPGetSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo, DWORD* pdwEncodingType,
974 DWORD dwIndex, DWORD* pcbSignedDataMsg, BYTE* pbSignedDataMsg)
975 {
976 static const GUID unknown = { 0xC689AAB8, 0x8E78, 0x11D0, { 0x8C,0x47,
977 0x00,0xC0,0x4F,0xC2,0x95,0xEE } };
978 static const GUID cabGUID = { 0xC689AABA, 0x8E78, 0x11D0, { 0x8C,0x47,
979 0x00,0xC0,0x4F,0xC2,0x95,0xEE } };
980 static const GUID catGUID = { 0xDE351A43, 0x8E59, 0x11D0, { 0x8C,0x47,
981 0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
982 BOOL ret;
983
984 TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
985 pcbSignedDataMsg, pbSignedDataMsg);
986
987 if (!memcmp(pSubjectInfo->pgSubjectType, &unknown, sizeof(unknown)))
988 ret = WINTRUST_GetSignedMsgFromPEFile(pSubjectInfo, pdwEncodingType,
989 dwIndex, pcbSignedDataMsg, pbSignedDataMsg);
990 else if (!memcmp(pSubjectInfo->pgSubjectType, &cabGUID, sizeof(cabGUID)))
991 ret = WINTRUST_GetSignedMsgFromCabFile(pSubjectInfo, pdwEncodingType,
992 dwIndex, pcbSignedDataMsg, pbSignedDataMsg);
993 else if (!memcmp(pSubjectInfo->pgSubjectType, &catGUID, sizeof(catGUID)))
994 ret = WINTRUST_GetSignedMsgFromCatFile(pSubjectInfo, pdwEncodingType,
995 dwIndex, pcbSignedDataMsg, pbSignedDataMsg);
996 else
997 {
998 FIXME("unimplemented for subject type %s\n",
999 debugstr_guid(pSubjectInfo->pgSubjectType));
1000 ret = FALSE;
1001 }
1002
1003 TRACE("returning %d\n", ret);
1004 return ret;
1005 }
1006
1007 /***********************************************************************
1008 * CryptSIPPutSignedDataMsg (WINTRUST.@)
1009 */
1010 BOOL WINAPI CryptSIPPutSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo, DWORD pdwEncodingType,
1011 DWORD* pdwIndex, DWORD cbSignedDataMsg, BYTE* pbSignedDataMsg)
1012 {
1013 FIXME("(%p %d %p %d %p) stub\n", pSubjectInfo, pdwEncodingType, pdwIndex,
1014 cbSignedDataMsg, pbSignedDataMsg);
1015
1016 return FALSE;
1017 }
1018
1019 /***********************************************************************
1020 * CryptSIPRemoveSignedDataMsg (WINTRUST.@)
1021 */
1022 BOOL WINAPI CryptSIPRemoveSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo,
1023 DWORD dwIndex)
1024 {
1025 FIXME("(%p %d) stub\n", pSubjectInfo, dwIndex);
1026
1027 return FALSE;
1028 }
1029
1030 /***********************************************************************
1031 * CryptSIPVerifyIndirectData (WINTRUST.@)
1032 */
1033 BOOL WINAPI CryptSIPVerifyIndirectData(SIP_SUBJECTINFO* pSubjectInfo,
1034 SIP_INDIRECT_DATA* pIndirectData)
1035 {
1036 FIXME("(%p %p) stub\n", pSubjectInfo, pIndirectData);
1037
1038 return FALSE;
1039 }