2 * Copyright 2007 Juan Lang
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 #include "wine/port.h"
28 #include "wine/debug.h"
29 #include "wine/exception.h"
30 #include "crypt32_private.h"
32 WINE_DEFAULT_DEBUG_CHANNEL(crypt
);
34 /* Called when a message's ref count reaches zero. Free any message-specific
37 typedef void (*CryptMsgCloseFunc
)(HCRYPTMSG msg
);
39 typedef BOOL (*CryptMsgGetParamFunc
)(HCRYPTMSG hCryptMsg
, DWORD dwParamType
,
40 DWORD dwIndex
, void *pvData
, DWORD
*pcbData
);
42 typedef BOOL (*CryptMsgUpdateFunc
)(HCRYPTMSG hCryptMsg
, const BYTE
*pbData
,
43 DWORD cbData
, BOOL fFinal
);
45 typedef BOOL (*CryptMsgControlFunc
)(HCRYPTMSG hCryptMsg
, DWORD dwFlags
,
46 DWORD dwCtrlType
, const void *pvCtrlPara
);
48 BOOL
CRYPT_DefaultMsgControl(HCRYPTMSG hCryptMsg
, DWORD dwFlags
,
49 DWORD dwCtrlType
, const void *pvCtrlPara
)
51 TRACE("(%p, %08x, %d, %p)\n", hCryptMsg
, dwFlags
, dwCtrlType
, pvCtrlPara
);
52 SetLastError(E_INVALIDARG
);
56 typedef enum _CryptMsgState
{
59 MsgStateDataFinalized
,
63 typedef struct _CryptMsgBase
68 CMSG_STREAM_INFO stream_info
;
70 CryptMsgCloseFunc close
;
71 CryptMsgUpdateFunc update
;
72 CryptMsgGetParamFunc get_param
;
73 CryptMsgControlFunc control
;
76 static inline void CryptMsgBase_Init(CryptMsgBase
*msg
, DWORD dwFlags
,
77 PCMSG_STREAM_INFO pStreamInfo
, CryptMsgCloseFunc close
,
78 CryptMsgGetParamFunc get_param
, CryptMsgUpdateFunc update
,
79 CryptMsgControlFunc control
)
82 msg
->open_flags
= dwFlags
;
86 msg
->stream_info
= *pStreamInfo
;
90 msg
->streamed
= FALSE
;
91 memset(&msg
->stream_info
, 0, sizeof(msg
->stream_info
));
94 msg
->get_param
= get_param
;
96 msg
->control
= control
;
97 msg
->state
= MsgStateInit
;
100 typedef struct _CDataEncodeMsg
103 DWORD bare_content_len
;
107 static const BYTE empty_data_content
[] = { 0x04,0x00 };
109 static void CDataEncodeMsg_Close(HCRYPTMSG hCryptMsg
)
111 CDataEncodeMsg
*msg
= (CDataEncodeMsg
*)hCryptMsg
;
113 if (msg
->bare_content
!= empty_data_content
)
114 LocalFree(msg
->bare_content
);
117 static BOOL WINAPI
CRYPT_EncodeContentLength(DWORD dwCertEncodingType
,
118 LPCSTR lpszStructType
, const void *pvStructInfo
, DWORD dwFlags
,
119 PCRYPT_ENCODE_PARA pEncodePara
, BYTE
*pbEncoded
, DWORD
*pcbEncoded
)
121 DWORD dataLen
= *(DWORD
*)pvStructInfo
;
125 /* Trick: report bytes needed based on total message length, even though
126 * the message isn't available yet. The caller will use the length
127 * reported here to encode its length.
129 CRYPT_EncodeLen(dataLen
, NULL
, &lenBytes
);
131 *pcbEncoded
= 1 + lenBytes
+ dataLen
;
134 if ((ret
= CRYPT_EncodeEnsureSpace(dwFlags
, pEncodePara
, pbEncoded
,
135 pcbEncoded
, 1 + lenBytes
)))
137 if (dwFlags
& CRYPT_ENCODE_ALLOC_FLAG
)
138 pbEncoded
= *(BYTE
**)pbEncoded
;
139 *pbEncoded
++ = ASN_OCTETSTRING
;
140 CRYPT_EncodeLen(dataLen
, pbEncoded
,
147 static BOOL
CRYPT_EncodeDataContentInfoHeader(CDataEncodeMsg
*msg
,
148 CRYPT_DATA_BLOB
*header
)
152 if (msg
->base
.streamed
&& msg
->base
.stream_info
.cbContent
== 0xffffffff)
154 static const BYTE headerValue
[] = { 0x30,0x80,0x06,0x09,0x2a,0x86,0x48,
155 0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x80,0x24,0x80 };
157 header
->pbData
= LocalAlloc(0, sizeof(headerValue
));
160 header
->cbData
= sizeof(headerValue
);
161 memcpy(header
->pbData
, headerValue
, sizeof(headerValue
));
169 struct AsnConstructedItem constructed
= { 0,
170 &msg
->base
.stream_info
.cbContent
, CRYPT_EncodeContentLength
};
171 struct AsnEncodeSequenceItem items
[2] = {
172 { szOID_RSA_data
, CRYPT_AsnEncodeOid
, 0 },
173 { &constructed
, CRYPT_AsnEncodeConstructed
, 0 },
176 ret
= CRYPT_AsnEncodeSequence(X509_ASN_ENCODING
, items
,
177 sizeof(items
) / sizeof(items
[0]), CRYPT_ENCODE_ALLOC_FLAG
, NULL
,
178 (LPBYTE
)&header
->pbData
, &header
->cbData
);
181 /* Trick: subtract the content length from the reported length,
182 * as the actual content hasn't come yet.
184 header
->cbData
-= msg
->base
.stream_info
.cbContent
;
190 static BOOL
CDataEncodeMsg_Update(HCRYPTMSG hCryptMsg
, const BYTE
*pbData
,
191 DWORD cbData
, BOOL fFinal
)
193 CDataEncodeMsg
*msg
= (CDataEncodeMsg
*)hCryptMsg
;
196 if (msg
->base
.state
== MsgStateFinalized
)
197 SetLastError(CRYPT_E_MSG_ERROR
);
198 else if (msg
->base
.streamed
)
202 if (msg
->base
.state
!= MsgStateUpdated
)
204 CRYPT_DATA_BLOB header
;
206 ret
= CRYPT_EncodeDataContentInfoHeader(msg
, &header
);
209 ret
= msg
->base
.stream_info
.pfnStreamOutput(
210 msg
->base
.stream_info
.pvArg
, header
.pbData
, header
.cbData
,
212 LocalFree(header
.pbData
);
215 /* Curiously, every indefinite-length streamed update appears to
216 * get its own tag and length, regardless of fFinal.
218 if (msg
->base
.stream_info
.cbContent
== 0xffffffff)
223 ret
= CRYPT_EncodeContentLength(X509_ASN_ENCODING
, NULL
,
224 &cbData
, CRYPT_ENCODE_ALLOC_FLAG
, NULL
, (BYTE
*)&header
,
228 ret
= msg
->base
.stream_info
.pfnStreamOutput(
229 msg
->base
.stream_info
.pvArg
, header
, headerLen
,
236 ret
= msg
->base
.stream_info
.pfnStreamOutput(
237 msg
->base
.stream_info
.pvArg
, (BYTE
*)pbData
, cbData
,
239 msg
->base
.state
= MsgStateUpdated
;
243 msg
->base
.state
= MsgStateFinalized
;
244 if (msg
->base
.stream_info
.cbContent
== 0xffffffff)
246 BYTE indefinite_trailer
[6] = { 0 };
248 ret
= msg
->base
.stream_info
.pfnStreamOutput(
249 msg
->base
.stream_info
.pvArg
, (BYTE
*)pbData
, cbData
,
252 ret
= msg
->base
.stream_info
.pfnStreamOutput(
253 msg
->base
.stream_info
.pvArg
, indefinite_trailer
,
254 sizeof(indefinite_trailer
), TRUE
);
257 ret
= msg
->base
.stream_info
.pfnStreamOutput(
258 msg
->base
.stream_info
.pvArg
, (BYTE
*)pbData
, cbData
, TRUE
);
263 SetLastError(STATUS_ACCESS_VIOLATION
);
272 if (msg
->base
.open_flags
& CMSG_DETACHED_FLAG
)
273 SetLastError(E_INVALIDARG
);
275 SetLastError(CRYPT_E_MSG_ERROR
);
279 msg
->base
.state
= MsgStateFinalized
;
281 SetLastError(E_INVALIDARG
);
284 CRYPT_DATA_BLOB blob
= { cbData
, (LPBYTE
)pbData
};
286 /* non-streamed data messages don't allow non-final updates,
287 * don't bother checking whether data already exist, they can't.
289 ret
= CryptEncodeObjectEx(X509_ASN_ENCODING
, X509_OCTET_STRING
,
290 &blob
, CRYPT_ENCODE_ALLOC_FLAG
, NULL
, &msg
->bare_content
,
291 &msg
->bare_content_len
);
298 static BOOL
CRYPT_CopyParam(void *pvData
, DWORD
*pcbData
, const void *src
,
305 else if (*pcbData
< len
)
308 SetLastError(ERROR_MORE_DATA
);
314 memcpy(pvData
, src
, len
);
319 static BOOL
CDataEncodeMsg_GetParam(HCRYPTMSG hCryptMsg
, DWORD dwParamType
,
320 DWORD dwIndex
, void *pvData
, DWORD
*pcbData
)
322 CDataEncodeMsg
*msg
= (CDataEncodeMsg
*)hCryptMsg
;
327 case CMSG_CONTENT_PARAM
:
328 if (msg
->base
.streamed
)
329 SetLastError(E_INVALIDARG
);
332 CRYPT_CONTENT_INFO info
;
333 char rsa_data
[] = "1.2.840.113549.1.7.1";
335 info
.pszObjId
= rsa_data
;
336 info
.Content
.cbData
= msg
->bare_content_len
;
337 info
.Content
.pbData
= msg
->bare_content
;
338 ret
= CryptEncodeObject(X509_ASN_ENCODING
, PKCS_CONTENT_INFO
, &info
,
342 case CMSG_BARE_CONTENT_PARAM
:
343 if (msg
->base
.streamed
)
344 SetLastError(E_INVALIDARG
);
346 ret
= CRYPT_CopyParam(pvData
, pcbData
, msg
->bare_content
,
347 msg
->bare_content_len
);
350 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
355 static HCRYPTMSG
CDataEncodeMsg_Open(DWORD dwFlags
, const void *pvMsgEncodeInfo
,
356 LPSTR pszInnerContentObjID
, PCMSG_STREAM_INFO pStreamInfo
)
362 SetLastError(E_INVALIDARG
);
365 msg
= CryptMemAlloc(sizeof(CDataEncodeMsg
));
368 CryptMsgBase_Init((CryptMsgBase
*)msg
, dwFlags
, pStreamInfo
,
369 CDataEncodeMsg_Close
, CDataEncodeMsg_GetParam
, CDataEncodeMsg_Update
,
370 CRYPT_DefaultMsgControl
);
371 msg
->bare_content_len
= sizeof(empty_data_content
);
372 msg
->bare_content
= (LPBYTE
)empty_data_content
;
374 return (HCRYPTMSG
)msg
;
377 typedef struct _CHashEncodeMsg
382 CRYPT_DATA_BLOB data
;
385 static void CHashEncodeMsg_Close(HCRYPTMSG hCryptMsg
)
387 CHashEncodeMsg
*msg
= (CHashEncodeMsg
*)hCryptMsg
;
389 CryptMemFree(msg
->data
.pbData
);
390 CryptDestroyHash(msg
->hash
);
391 if (msg
->base
.open_flags
& CMSG_CRYPT_RELEASE_CONTEXT_FLAG
)
392 CryptReleaseContext(msg
->prov
, 0);
395 static BOOL
CRYPT_EncodePKCSDigestedData(CHashEncodeMsg
*msg
, void *pvData
,
400 DWORD size
= sizeof(algID
);
402 ret
= CryptGetHashParam(msg
->hash
, HP_ALGID
, (BYTE
*)&algID
, &size
, 0);
405 CRYPT_DIGESTED_DATA digestedData
= { 0 };
406 char oid_rsa_data
[] = szOID_RSA_data
;
408 digestedData
.version
= CMSG_HASHED_DATA_PKCS_1_5_VERSION
;
409 digestedData
.DigestAlgorithm
.pszObjId
= (LPSTR
)CertAlgIdToOID(algID
);
410 /* FIXME: what about digestedData.DigestAlgorithm.Parameters? */
411 /* Quirk: OID is only encoded messages if an update has happened */
412 if (msg
->base
.state
!= MsgStateInit
)
413 digestedData
.ContentInfo
.pszObjId
= oid_rsa_data
;
414 if (!(msg
->base
.open_flags
& CMSG_DETACHED_FLAG
) && msg
->data
.cbData
)
416 ret
= CRYPT_AsnEncodeOctets(0, NULL
, &msg
->data
,
417 CRYPT_ENCODE_ALLOC_FLAG
, NULL
,
418 (LPBYTE
)&digestedData
.ContentInfo
.Content
.pbData
,
419 &digestedData
.ContentInfo
.Content
.cbData
);
421 if (msg
->base
.state
== MsgStateFinalized
)
423 size
= sizeof(DWORD
);
424 ret
= CryptGetHashParam(msg
->hash
, HP_HASHSIZE
,
425 (LPBYTE
)&digestedData
.hash
.cbData
, &size
, 0);
428 digestedData
.hash
.pbData
= CryptMemAlloc(
429 digestedData
.hash
.cbData
);
430 ret
= CryptGetHashParam(msg
->hash
, HP_HASHVAL
,
431 digestedData
.hash
.pbData
, &digestedData
.hash
.cbData
, 0);
435 ret
= CRYPT_AsnEncodePKCSDigestedData(&digestedData
, pvData
,
437 CryptMemFree(digestedData
.hash
.pbData
);
438 LocalFree(digestedData
.ContentInfo
.Content
.pbData
);
443 static BOOL
CHashEncodeMsg_GetParam(HCRYPTMSG hCryptMsg
, DWORD dwParamType
,
444 DWORD dwIndex
, void *pvData
, DWORD
*pcbData
)
446 CHashEncodeMsg
*msg
= (CHashEncodeMsg
*)hCryptMsg
;
449 TRACE("(%p, %d, %d, %p, %p)\n", hCryptMsg
, dwParamType
, dwIndex
,
454 case CMSG_BARE_CONTENT_PARAM
:
455 if (msg
->base
.streamed
)
456 SetLastError(E_INVALIDARG
);
458 ret
= CRYPT_EncodePKCSDigestedData(msg
, pvData
, pcbData
);
460 case CMSG_CONTENT_PARAM
:
462 CRYPT_CONTENT_INFO info
;
464 ret
= CryptMsgGetParam(hCryptMsg
, CMSG_BARE_CONTENT_PARAM
, 0, NULL
,
465 &info
.Content
.cbData
);
468 info
.Content
.pbData
= CryptMemAlloc(info
.Content
.cbData
);
469 if (info
.Content
.pbData
)
471 ret
= CryptMsgGetParam(hCryptMsg
, CMSG_BARE_CONTENT_PARAM
, 0,
472 info
.Content
.pbData
, &info
.Content
.cbData
);
475 char oid_rsa_hashed
[] = szOID_RSA_hashedData
;
477 info
.pszObjId
= oid_rsa_hashed
;
478 ret
= CryptEncodeObjectEx(X509_ASN_ENCODING
,
479 PKCS_CONTENT_INFO
, &info
, 0, NULL
, pvData
, pcbData
);
481 CryptMemFree(info
.Content
.pbData
);
488 case CMSG_COMPUTED_HASH_PARAM
:
489 ret
= CryptGetHashParam(msg
->hash
, HP_HASHVAL
, (BYTE
*)pvData
, pcbData
,
492 case CMSG_VERSION_PARAM
:
493 if (msg
->base
.state
!= MsgStateFinalized
)
494 SetLastError(CRYPT_E_MSG_ERROR
);
497 DWORD version
= CMSG_HASHED_DATA_PKCS_1_5_VERSION
;
499 /* Since the data are always encoded as octets, the version is
500 * always 0 (see rfc3852, section 7)
502 ret
= CRYPT_CopyParam(pvData
, pcbData
, &version
, sizeof(version
));
506 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
511 static BOOL
CHashEncodeMsg_Update(HCRYPTMSG hCryptMsg
, const BYTE
*pbData
,
512 DWORD cbData
, BOOL fFinal
)
514 CHashEncodeMsg
*msg
= (CHashEncodeMsg
*)hCryptMsg
;
517 TRACE("(%p, %p, %d, %d)\n", hCryptMsg
, pbData
, cbData
, fFinal
);
519 if (msg
->base
.state
== MsgStateFinalized
)
520 SetLastError(CRYPT_E_MSG_ERROR
);
521 else if (msg
->base
.streamed
|| (msg
->base
.open_flags
& CMSG_DETACHED_FLAG
))
523 /* Doesn't do much, as stream output is never called, and you
524 * can't get the content.
526 ret
= CryptHashData(msg
->hash
, pbData
, cbData
, 0);
527 msg
->base
.state
= fFinal
? MsgStateFinalized
: MsgStateUpdated
;
532 SetLastError(CRYPT_E_MSG_ERROR
);
535 ret
= CryptHashData(msg
->hash
, pbData
, cbData
, 0);
538 msg
->data
.pbData
= CryptMemAlloc(cbData
);
539 if (msg
->data
.pbData
)
541 memcpy(msg
->data
.pbData
+ msg
->data
.cbData
, pbData
, cbData
);
542 msg
->data
.cbData
+= cbData
;
547 msg
->base
.state
= MsgStateFinalized
;
553 static HCRYPTMSG
CHashEncodeMsg_Open(DWORD dwFlags
, const void *pvMsgEncodeInfo
,
554 LPSTR pszInnerContentObjID
, PCMSG_STREAM_INFO pStreamInfo
)
557 const CMSG_HASHED_ENCODE_INFO
*info
=
558 (const CMSG_HASHED_ENCODE_INFO
*)pvMsgEncodeInfo
;
562 if (info
->cbSize
!= sizeof(CMSG_HASHED_ENCODE_INFO
))
564 SetLastError(E_INVALIDARG
);
567 if (!(algID
= CertOIDToAlgId(info
->HashAlgorithm
.pszObjId
)))
569 SetLastError(CRYPT_E_UNKNOWN_ALGO
);
572 if (info
->hCryptProv
)
573 prov
= info
->hCryptProv
;
576 prov
= CRYPT_GetDefaultProvider();
577 dwFlags
&= ~CMSG_CRYPT_RELEASE_CONTEXT_FLAG
;
579 msg
= CryptMemAlloc(sizeof(CHashEncodeMsg
));
582 CryptMsgBase_Init((CryptMsgBase
*)msg
, dwFlags
, pStreamInfo
,
583 CHashEncodeMsg_Close
, CHashEncodeMsg_GetParam
, CHashEncodeMsg_Update
,
584 CRYPT_DefaultMsgControl
);
586 msg
->data
.cbData
= 0;
587 msg
->data
.pbData
= NULL
;
588 if (!CryptCreateHash(prov
, algID
, 0, 0, &msg
->hash
))
594 return (HCRYPTMSG
)msg
;
597 typedef struct _CMSG_SIGNER_ENCODE_INFO_WITH_CMS
600 PCERT_INFO pCertInfo
;
601 HCRYPTPROV hCryptProv
;
603 CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm
;
606 PCRYPT_ATTRIBUTE rgAuthAttr
;
608 PCRYPT_ATTRIBUTE rgUnauthAttr
;
610 CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm
;
611 void *pvHashEncryptionAuxInfo
;
612 } CMSG_SIGNER_ENCODE_INFO_WITH_CMS
, *PCMSG_SIGNER_ENCODE_INFO_WITH_CMS
;
614 typedef struct _CMSG_SIGNED_ENCODE_INFO_WITH_CMS
618 PCMSG_SIGNER_ENCODE_INFO_WITH_CMS rgSigners
;
620 PCERT_BLOB rgCertEncoded
;
622 PCRL_BLOB rgCrlEncoded
;
623 DWORD cAttrCertEncoded
;
624 PCERT_BLOB rgAttrCertEncoded
;
625 } CMSG_SIGNED_ENCODE_INFO_WITH_CMS
, *PCMSG_SIGNED_ENCODE_INFO_WITH_CMS
;
627 static BOOL
CRYPT_IsValidSigner(CMSG_SIGNER_ENCODE_INFO_WITH_CMS
*signer
)
629 if (signer
->cbSize
!= sizeof(CMSG_SIGNER_ENCODE_INFO
) &&
630 signer
->cbSize
!= sizeof(CMSG_SIGNER_ENCODE_INFO_WITH_CMS
))
632 SetLastError(E_INVALIDARG
);
635 if (signer
->cbSize
== sizeof(CMSG_SIGNER_ENCODE_INFO
))
637 if (!signer
->pCertInfo
->SerialNumber
.cbData
)
639 SetLastError(E_INVALIDARG
);
642 if (!signer
->pCertInfo
->Issuer
.cbData
)
644 SetLastError(E_INVALIDARG
);
648 else if (signer
->cbSize
== sizeof(CMSG_SIGNER_ENCODE_INFO_WITH_CMS
))
650 switch (signer
->SignerId
.dwIdChoice
)
653 if (!signer
->pCertInfo
->SerialNumber
.cbData
)
655 SetLastError(E_INVALIDARG
);
658 if (!signer
->pCertInfo
->Issuer
.cbData
)
660 SetLastError(E_INVALIDARG
);
664 case CERT_ID_ISSUER_SERIAL_NUMBER
:
665 if (!signer
->SignerId
.IssuerSerialNumber
.SerialNumber
.cbData
)
667 SetLastError(E_INVALIDARG
);
670 if (!signer
->SignerId
.IssuerSerialNumber
.Issuer
.cbData
)
672 SetLastError(E_INVALIDARG
);
676 case CERT_ID_KEY_IDENTIFIER
:
677 if (!signer
->SignerId
.KeyId
.cbData
)
679 SetLastError(E_INVALIDARG
);
684 SetLastError(E_INVALIDARG
);
686 if (signer
->HashEncryptionAlgorithm
.pszObjId
)
688 FIXME("CMSG_SIGNER_ENCODE_INFO with CMS fields unsupported\n");
692 if (!signer
->hCryptProv
)
694 SetLastError(E_INVALIDARG
);
697 if (!CertOIDToAlgId(signer
->HashAlgorithm
.pszObjId
))
699 SetLastError(CRYPT_E_UNKNOWN_ALGO
);
705 static BOOL
CRYPT_ConstructBlob(CRYPT_DATA_BLOB
*out
, const CRYPT_DATA_BLOB
*in
)
709 out
->cbData
= in
->cbData
;
712 out
->pbData
= CryptMemAlloc(out
->cbData
);
714 memcpy(out
->pbData
, in
->pbData
, out
->cbData
);
723 typedef struct _BlobArray
726 PCRYPT_DATA_BLOB blobs
;
729 static BOOL
CRYPT_ConstructBlobArray(BlobArray
*out
, const BlobArray
*in
)
733 out
->cBlobs
= in
->cBlobs
;
736 out
->blobs
= CryptMemAlloc(out
->cBlobs
* sizeof(CRYPT_DATA_BLOB
));
741 memset(out
->blobs
, 0, out
->cBlobs
* sizeof(CRYPT_DATA_BLOB
));
742 for (i
= 0; ret
&& i
< out
->cBlobs
; i
++)
743 ret
= CRYPT_ConstructBlob(&out
->blobs
[i
], &in
->blobs
[i
]);
751 static void CRYPT_FreeBlobArray(BlobArray
*array
)
755 for (i
= 0; i
< array
->cBlobs
; i
++)
756 CryptMemFree(array
->blobs
[i
].pbData
);
757 CryptMemFree(array
->blobs
);
760 static BOOL
CRYPT_ConstructAttribute(CRYPT_ATTRIBUTE
*out
,
761 const CRYPT_ATTRIBUTE
*in
)
765 out
->pszObjId
= CryptMemAlloc(strlen(in
->pszObjId
) + 1);
768 strcpy(out
->pszObjId
, in
->pszObjId
);
769 ret
= CRYPT_ConstructBlobArray((BlobArray
*)&out
->cValue
,
770 (const BlobArray
*)&in
->cValue
);
777 static BOOL
CRYPT_ConstructAttributes(CRYPT_ATTRIBUTES
*out
,
778 const CRYPT_ATTRIBUTES
*in
)
782 out
->cAttr
= in
->cAttr
;
785 out
->rgAttr
= CryptMemAlloc(out
->cAttr
* sizeof(CRYPT_ATTRIBUTE
));
790 memset(out
->rgAttr
, 0, out
->cAttr
* sizeof(CRYPT_ATTRIBUTE
));
791 for (i
= 0; ret
&& i
< out
->cAttr
; i
++)
792 ret
= CRYPT_ConstructAttribute(&out
->rgAttr
[i
], &in
->rgAttr
[i
]);
802 /* Constructs a CMSG_SIGNER_INFO from a CMSG_SIGNER_ENCODE_INFO_WITH_CMS. */
803 static BOOL
CSignerInfo_Construct(CMSG_SIGNER_INFO
*info
,
804 CMSG_SIGNER_ENCODE_INFO_WITH_CMS
*in
)
808 /* Note: needs to change if CMS fields are supported */
809 info
->dwVersion
= CMSG_SIGNER_INFO_V1
;
810 ret
= CRYPT_ConstructBlob(&info
->Issuer
, &in
->pCertInfo
->Issuer
);
812 ret
= CRYPT_ConstructBlob(&info
->SerialNumber
,
813 &in
->pCertInfo
->SerialNumber
);
814 /* Assumption: algorithm IDs will point to static strings, not
815 * stack-based ones, so copying the pointer values is safe.
817 info
->HashAlgorithm
.pszObjId
= in
->HashAlgorithm
.pszObjId
;
819 ret
= CRYPT_ConstructBlob(&info
->HashAlgorithm
.Parameters
,
820 &in
->HashAlgorithm
.Parameters
);
821 memset(&info
->HashEncryptionAlgorithm
, 0,
822 sizeof(info
->HashEncryptionAlgorithm
));
824 ret
= CRYPT_ConstructAttributes(&info
->AuthAttrs
,
825 (CRYPT_ATTRIBUTES
*)&in
->cAuthAttr
);
827 ret
= CRYPT_ConstructAttributes(&info
->UnauthAttrs
,
828 (CRYPT_ATTRIBUTES
*)&in
->cUnauthAttr
);
832 static void CSignerInfo_Free(CMSG_SIGNER_INFO
*info
)
836 CryptMemFree(info
->Issuer
.pbData
);
837 CryptMemFree(info
->SerialNumber
.pbData
);
838 CryptMemFree(info
->HashAlgorithm
.Parameters
.pbData
);
839 CryptMemFree(info
->EncryptedHash
.pbData
);
840 for (i
= 0; i
< info
->AuthAttrs
.cAttr
; i
++)
842 for (j
= 0; j
< info
->AuthAttrs
.rgAttr
[i
].cValue
; j
++)
843 CryptMemFree(info
->AuthAttrs
.rgAttr
[i
].rgValue
[j
].pbData
);
844 CryptMemFree(info
->AuthAttrs
.rgAttr
[i
].rgValue
);
845 CryptMemFree(info
->AuthAttrs
.rgAttr
[i
].pszObjId
);
847 CryptMemFree(info
->AuthAttrs
.rgAttr
);
848 for (i
= 0; i
< info
->UnauthAttrs
.cAttr
; i
++)
850 for (j
= 0; j
< info
->UnauthAttrs
.rgAttr
[i
].cValue
; j
++)
851 CryptMemFree(info
->UnauthAttrs
.rgAttr
[i
].rgValue
[j
].pbData
);
852 CryptMemFree(info
->UnauthAttrs
.rgAttr
[i
].rgValue
);
853 CryptMemFree(info
->UnauthAttrs
.rgAttr
[i
].pszObjId
);
855 CryptMemFree(info
->UnauthAttrs
.rgAttr
);
858 typedef struct _CSignerHandles
860 HCRYPTHASH contentHash
;
861 HCRYPTHASH authAttrHash
;
864 typedef struct _CSignedMsgData
866 CRYPT_SIGNED_INFO
*info
;
868 CSignerHandles
*signerHandles
;
871 /* Constructs the signer handles for the signerIndex'th signer of msg_data.
872 * Assumes signerIndex is a valid idnex, and that msg_data's info has already
875 static BOOL
CSignedMsgData_ConstructSignerHandles(CSignedMsgData
*msg_data
,
876 DWORD signerIndex
, HCRYPTPROV crypt_prov
)
881 algID
= CertOIDToAlgId(
882 msg_data
->info
->rgSignerInfo
[signerIndex
].HashAlgorithm
.pszObjId
);
883 ret
= CryptCreateHash(crypt_prov
, algID
, 0, 0,
884 &msg_data
->signerHandles
->contentHash
);
885 if (ret
&& msg_data
->info
->rgSignerInfo
[signerIndex
].AuthAttrs
.cAttr
> 0)
886 ret
= CryptCreateHash(crypt_prov
, algID
, 0, 0,
887 &msg_data
->signerHandles
->authAttrHash
);
891 /* Allocates a CSignedMsgData's handles. Assumes its info has already been
894 static BOOL
CSignedMsgData_AllocateHandles(CSignedMsgData
*msg_data
)
898 if (msg_data
->info
->cSignerInfo
)
900 msg_data
->signerHandles
=
901 CryptMemAlloc(msg_data
->info
->cSignerInfo
* sizeof(CSignerHandles
));
902 if (msg_data
->signerHandles
)
904 msg_data
->cSignerHandle
= msg_data
->info
->cSignerInfo
;
905 memset(msg_data
->signerHandles
, 0,
906 msg_data
->info
->cSignerInfo
* sizeof(CSignerHandles
));
910 msg_data
->cSignerHandle
= 0;
916 msg_data
->cSignerHandle
= 0;
917 msg_data
->signerHandles
= NULL
;
922 static void CSignedMsgData_CloseHandles(CSignedMsgData
*msg_data
)
926 for (i
= 0; i
< msg_data
->cSignerHandle
; i
++)
928 if (msg_data
->signerHandles
[i
].contentHash
)
929 CryptDestroyHash(msg_data
->signerHandles
[i
].contentHash
);
930 if (msg_data
->signerHandles
[i
].authAttrHash
)
931 CryptDestroyHash(msg_data
->signerHandles
[i
].authAttrHash
);
933 CryptMemFree(msg_data
->signerHandles
);
934 msg_data
->signerHandles
= NULL
;
935 msg_data
->cSignerHandle
= 0;
938 static BOOL
CSignedMsgData_UpdateHash(CSignedMsgData
*msg_data
,
939 const BYTE
*pbData
, DWORD cbData
)
944 for (i
= 0; ret
&& i
< msg_data
->cSignerHandle
; i
++)
945 ret
= CryptHashData(msg_data
->signerHandles
[i
].contentHash
, pbData
,
950 static BOOL
CRYPT_AppendAttribute(CRYPT_ATTRIBUTES
*out
,
951 const CRYPT_ATTRIBUTE
*in
)
955 out
->rgAttr
= CryptMemRealloc(out
->rgAttr
,
956 (out
->cAttr
+ 1) * sizeof(CRYPT_ATTRIBUTE
));
959 ret
= CRYPT_ConstructAttribute(&out
->rgAttr
[out
->cAttr
], in
);
966 static BOOL
CSignedMsgData_AppendMessageDigestAttribute(
967 CSignedMsgData
*msg_data
, DWORD signerIndex
)
971 CRYPT_HASH_BLOB hash
= { 0, NULL
}, encodedHash
= { 0, NULL
};
972 char messageDigest
[] = szOID_RSA_messageDigest
;
973 CRYPT_ATTRIBUTE messageDigestAttr
= { messageDigest
, 1, &encodedHash
};
975 size
= sizeof(DWORD
);
976 ret
= CryptGetHashParam(
977 msg_data
->signerHandles
[signerIndex
].contentHash
, HP_HASHSIZE
,
978 (LPBYTE
)&hash
.cbData
, &size
, 0);
981 hash
.pbData
= CryptMemAlloc(hash
.cbData
);
982 ret
= CryptGetHashParam(
983 msg_data
->signerHandles
[signerIndex
].contentHash
, HP_HASHVAL
,
984 hash
.pbData
, &hash
.cbData
, 0);
987 ret
= CRYPT_AsnEncodeOctets(0, NULL
, &hash
, CRYPT_ENCODE_ALLOC_FLAG
,
988 NULL
, (LPBYTE
)&encodedHash
.pbData
, &encodedHash
.cbData
);
991 ret
= CRYPT_AppendAttribute(
992 &msg_data
->info
->rgSignerInfo
[signerIndex
].AuthAttrs
,
994 LocalFree(encodedHash
.pbData
);
997 CryptMemFree(hash
.pbData
);
1007 static BOOL
CSignedMsgData_UpdateAuthenticatedAttributes(
1008 CSignedMsgData
*msg_data
, SignOrVerify flag
)
1013 TRACE("(%p)\n", msg_data
);
1015 for (i
= 0; ret
&& i
< msg_data
->info
->cSignerInfo
; i
++)
1017 if (msg_data
->info
->rgSignerInfo
[i
].AuthAttrs
.cAttr
)
1021 BYTE oid_rsa_data_encoded
[] = { 0x06,0x09,0x2a,0x86,0x48,0x86,
1022 0xf7,0x0d,0x01,0x07,0x01 };
1023 CRYPT_DATA_BLOB content
= { sizeof(oid_rsa_data_encoded
),
1024 oid_rsa_data_encoded
};
1025 char contentType
[] = szOID_RSA_contentType
;
1026 CRYPT_ATTRIBUTE contentTypeAttr
= { contentType
, 1, &content
};
1028 /* FIXME: does this depend on inner OID? */
1029 ret
= CRYPT_AppendAttribute(
1030 &msg_data
->info
->rgSignerInfo
[i
].AuthAttrs
, &contentTypeAttr
);
1032 ret
= CSignedMsgData_AppendMessageDigestAttribute(msg_data
,
1037 LPBYTE encodedAttrs
;
1040 ret
= CryptEncodeObjectEx(X509_ASN_ENCODING
, PKCS_ATTRIBUTES
,
1041 &msg_data
->info
->rgSignerInfo
[i
].AuthAttrs
,
1042 CRYPT_ENCODE_ALLOC_FLAG
, NULL
, (LPBYTE
)&encodedAttrs
, &size
);
1045 ret
= CryptHashData(
1046 msg_data
->signerHandles
[i
].authAttrHash
, encodedAttrs
,
1048 LocalFree(encodedAttrs
);
1053 TRACE("returning %d\n", ret
);
1057 static void CRYPT_ReverseBytes(CRYPT_HASH_BLOB
*hash
)
1062 for (i
= 0; i
< hash
->cbData
/ 2; i
++)
1064 tmp
= hash
->pbData
[hash
->cbData
- i
- 1];
1065 hash
->pbData
[hash
->cbData
- i
- 1] = hash
->pbData
[i
];
1066 hash
->pbData
[i
] = tmp
;
1070 static BOOL
CSignedMsgData_Sign(CSignedMsgData
*msg_data
)
1075 TRACE("(%p)\n", msg_data
);
1077 for (i
= 0; ret
&& i
< msg_data
->info
->cSignerInfo
; i
++)
1081 if (msg_data
->info
->rgSignerInfo
[i
].AuthAttrs
.cAttr
)
1082 hash
= msg_data
->signerHandles
[i
].authAttrHash
;
1084 hash
= msg_data
->signerHandles
[i
].contentHash
;
1085 ret
= CryptSignHashW(hash
, AT_SIGNATURE
, NULL
, 0, NULL
,
1086 &msg_data
->info
->rgSignerInfo
[i
].EncryptedHash
.cbData
);
1089 msg_data
->info
->rgSignerInfo
[i
].EncryptedHash
.pbData
=
1091 msg_data
->info
->rgSignerInfo
[i
].EncryptedHash
.cbData
);
1092 if (msg_data
->info
->rgSignerInfo
[i
].EncryptedHash
.pbData
)
1094 ret
= CryptSignHashW(hash
, AT_SIGNATURE
, NULL
, 0,
1095 msg_data
->info
->rgSignerInfo
[i
].EncryptedHash
.pbData
,
1096 &msg_data
->info
->rgSignerInfo
[i
].EncryptedHash
.cbData
);
1099 &msg_data
->info
->rgSignerInfo
[i
].EncryptedHash
);
1108 static BOOL
CSignedMsgData_Update(CSignedMsgData
*msg_data
,
1109 const BYTE
*pbData
, DWORD cbData
, BOOL fFinal
, SignOrVerify flag
)
1111 BOOL ret
= CSignedMsgData_UpdateHash(msg_data
, pbData
, cbData
);
1115 ret
= CSignedMsgData_UpdateAuthenticatedAttributes(msg_data
, flag
);
1116 if (ret
&& flag
== Sign
)
1117 ret
= CSignedMsgData_Sign(msg_data
);
1122 typedef struct _CSignedEncodeMsg
1125 CRYPT_DATA_BLOB data
;
1126 CSignedMsgData msg_data
;
1129 static void CSignedEncodeMsg_Close(HCRYPTMSG hCryptMsg
)
1131 CSignedEncodeMsg
*msg
= (CSignedEncodeMsg
*)hCryptMsg
;
1134 CryptMemFree(msg
->data
.pbData
);
1135 CRYPT_FreeBlobArray((BlobArray
*)&msg
->msg_data
.info
->cCertEncoded
);
1136 CRYPT_FreeBlobArray((BlobArray
*)&msg
->msg_data
.info
->cCrlEncoded
);
1137 for (i
= 0; i
< msg
->msg_data
.info
->cSignerInfo
; i
++)
1138 CSignerInfo_Free(&msg
->msg_data
.info
->rgSignerInfo
[i
]);
1139 CSignedMsgData_CloseHandles(&msg
->msg_data
);
1140 CryptMemFree(msg
->msg_data
.info
->rgSignerInfo
);
1141 CryptMemFree(msg
->msg_data
.info
);
1144 static BOOL
CSignedEncodeMsg_GetParam(HCRYPTMSG hCryptMsg
, DWORD dwParamType
,
1145 DWORD dwIndex
, void *pvData
, DWORD
*pcbData
)
1147 CSignedEncodeMsg
*msg
= (CSignedEncodeMsg
*)hCryptMsg
;
1150 switch (dwParamType
)
1152 case CMSG_CONTENT_PARAM
:
1154 CRYPT_CONTENT_INFO info
;
1156 ret
= CryptMsgGetParam(hCryptMsg
, CMSG_BARE_CONTENT_PARAM
, 0, NULL
,
1157 &info
.Content
.cbData
);
1160 info
.Content
.pbData
= CryptMemAlloc(info
.Content
.cbData
);
1161 if (info
.Content
.pbData
)
1163 ret
= CryptMsgGetParam(hCryptMsg
, CMSG_BARE_CONTENT_PARAM
, 0,
1164 info
.Content
.pbData
, &info
.Content
.cbData
);
1167 char oid_rsa_signed
[] = szOID_RSA_signedData
;
1169 info
.pszObjId
= oid_rsa_signed
;
1170 ret
= CryptEncodeObjectEx(X509_ASN_ENCODING
,
1171 PKCS_CONTENT_INFO
, &info
, 0, NULL
, pvData
, pcbData
);
1173 CryptMemFree(info
.Content
.pbData
);
1180 case CMSG_BARE_CONTENT_PARAM
:
1182 CRYPT_SIGNED_INFO info
;
1183 char oid_rsa_data
[] = szOID_RSA_data
;
1185 info
= *msg
->msg_data
.info
;
1186 /* Quirk: OID is only encoded messages if an update has happened */
1187 if (msg
->base
.state
!= MsgStateInit
)
1188 info
.content
.pszObjId
= oid_rsa_data
;
1190 info
.content
.pszObjId
= NULL
;
1191 if (msg
->data
.cbData
)
1193 CRYPT_DATA_BLOB blob
= { msg
->data
.cbData
, msg
->data
.pbData
};
1195 ret
= CryptEncodeObjectEx(X509_ASN_ENCODING
, X509_OCTET_STRING
,
1196 &blob
, CRYPT_ENCODE_ALLOC_FLAG
, NULL
,
1197 &info
.content
.Content
.pbData
, &info
.content
.Content
.cbData
);
1201 info
.content
.Content
.cbData
= 0;
1202 info
.content
.Content
.pbData
= NULL
;
1207 ret
= CRYPT_AsnEncodePKCSSignedInfo(&info
, pvData
, pcbData
);
1208 LocalFree(info
.content
.Content
.pbData
);
1212 case CMSG_COMPUTED_HASH_PARAM
:
1213 if (dwIndex
>= msg
->msg_data
.cSignerHandle
)
1214 SetLastError(CRYPT_E_INVALID_INDEX
);
1216 ret
= CryptGetHashParam(
1217 msg
->msg_data
.signerHandles
[dwIndex
].contentHash
, HP_HASHVAL
,
1218 pvData
, pcbData
, 0);
1220 case CMSG_ENCODED_SIGNER
:
1221 if (dwIndex
>= msg
->msg_data
.info
->cSignerInfo
)
1222 SetLastError(CRYPT_E_INVALID_INDEX
);
1224 ret
= CryptEncodeObjectEx(X509_ASN_ENCODING
| PKCS_7_ASN_ENCODING
,
1225 PKCS7_SIGNER_INFO
, &msg
->msg_data
.info
->rgSignerInfo
[dwIndex
], 0,
1226 NULL
, pvData
, pcbData
);
1228 case CMSG_VERSION_PARAM
:
1229 ret
= CRYPT_CopyParam(pvData
, pcbData
, &msg
->msg_data
.info
->version
,
1230 sizeof(msg
->msg_data
.info
->version
));
1233 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
1238 static BOOL
CSignedEncodeMsg_Update(HCRYPTMSG hCryptMsg
, const BYTE
*pbData
,
1239 DWORD cbData
, BOOL fFinal
)
1241 CSignedEncodeMsg
*msg
= (CSignedEncodeMsg
*)hCryptMsg
;
1244 if (msg
->base
.state
== MsgStateFinalized
)
1245 SetLastError(CRYPT_E_MSG_ERROR
);
1246 else if (msg
->base
.streamed
|| (msg
->base
.open_flags
& CMSG_DETACHED_FLAG
))
1248 ret
= CSignedMsgData_Update(&msg
->msg_data
, pbData
, cbData
, fFinal
,
1250 if (msg
->base
.streamed
)
1251 FIXME("streamed partial stub\n");
1252 msg
->base
.state
= fFinal
? MsgStateFinalized
: MsgStateUpdated
;
1257 SetLastError(CRYPT_E_MSG_ERROR
);
1262 msg
->data
.pbData
= CryptMemAlloc(cbData
);
1263 if (msg
->data
.pbData
)
1265 memcpy(msg
->data
.pbData
, pbData
, cbData
);
1266 msg
->data
.cbData
= cbData
;
1273 ret
= CSignedMsgData_Update(&msg
->msg_data
, pbData
, cbData
,
1275 msg
->base
.state
= MsgStateFinalized
;
1281 static HCRYPTMSG
CSignedEncodeMsg_Open(DWORD dwFlags
,
1282 const void *pvMsgEncodeInfo
, LPSTR pszInnerContentObjID
,
1283 PCMSG_STREAM_INFO pStreamInfo
)
1285 const CMSG_SIGNED_ENCODE_INFO_WITH_CMS
*info
=
1286 (const CMSG_SIGNED_ENCODE_INFO_WITH_CMS
*)pvMsgEncodeInfo
;
1288 CSignedEncodeMsg
*msg
;
1290 if (info
->cbSize
!= sizeof(CMSG_SIGNED_ENCODE_INFO
) &&
1291 info
->cbSize
!= sizeof(CMSG_SIGNED_ENCODE_INFO_WITH_CMS
))
1293 SetLastError(E_INVALIDARG
);
1296 if (info
->cbSize
== sizeof(CMSG_SIGNED_ENCODE_INFO_WITH_CMS
) &&
1297 info
->rgAttrCertEncoded
)
1299 FIXME("CMSG_SIGNED_ENCODE_INFO with CMS fields unsupported\n");
1302 for (i
= 0; i
< info
->cSigners
; i
++)
1303 if (!CRYPT_IsValidSigner(&info
->rgSigners
[i
]))
1305 msg
= CryptMemAlloc(sizeof(CSignedEncodeMsg
));
1310 CryptMsgBase_Init((CryptMsgBase
*)msg
, dwFlags
, pStreamInfo
,
1311 CSignedEncodeMsg_Close
, CSignedEncodeMsg_GetParam
,
1312 CSignedEncodeMsg_Update
, CRYPT_DefaultMsgControl
);
1313 msg
->data
.cbData
= 0;
1314 msg
->data
.pbData
= NULL
;
1315 msg
->msg_data
.info
= CryptMemAlloc(sizeof(CRYPT_SIGNED_INFO
));
1316 if (msg
->msg_data
.info
)
1318 memset(msg
->msg_data
.info
, 0, sizeof(CRYPT_SIGNED_INFO
));
1319 msg
->msg_data
.info
->version
= CMSG_SIGNED_DATA_V1
;
1327 msg
->msg_data
.info
->rgSignerInfo
=
1328 CryptMemAlloc(info
->cSigners
* sizeof(CMSG_SIGNER_INFO
));
1329 if (msg
->msg_data
.info
->rgSignerInfo
)
1331 msg
->msg_data
.info
->cSignerInfo
= info
->cSigners
;
1332 memset(msg
->msg_data
.info
->rgSignerInfo
, 0,
1333 msg
->msg_data
.info
->cSignerInfo
* sizeof(CMSG_SIGNER_INFO
));
1334 ret
= CSignedMsgData_AllocateHandles(&msg
->msg_data
);
1335 for (i
= 0; ret
&& i
< msg
->msg_data
.info
->cSignerInfo
; i
++)
1337 ret
= CSignerInfo_Construct(
1338 &msg
->msg_data
.info
->rgSignerInfo
[i
],
1339 &info
->rgSigners
[i
]);
1342 ret
= CSignedMsgData_ConstructSignerHandles(
1343 &msg
->msg_data
, i
, info
->rgSigners
[i
].hCryptProv
);
1344 if (dwFlags
& CMSG_CRYPT_RELEASE_CONTEXT_FLAG
)
1345 CryptReleaseContext(info
->rgSigners
[i
].hCryptProv
,
1355 msg
->msg_data
.info
->cSignerInfo
= 0;
1356 msg
->msg_data
.signerHandles
= NULL
;
1357 msg
->msg_data
.cSignerHandle
= 0;
1361 ret
= CRYPT_ConstructBlobArray(
1362 (BlobArray
*)&msg
->msg_data
.info
->cCertEncoded
,
1363 (const BlobArray
*)&info
->cCertEncoded
);
1365 ret
= CRYPT_ConstructBlobArray(
1366 (BlobArray
*)&msg
->msg_data
.info
->cCrlEncoded
,
1367 (const BlobArray
*)&info
->cCrlEncoded
);
1370 CSignedEncodeMsg_Close(msg
);
1377 static inline const char *MSG_TYPE_STR(DWORD type
)
1381 #define _x(x) case (x): return #x
1385 _x(CMSG_SIGNED_AND_ENVELOPED
);
1390 return wine_dbg_sprintf("unknown (%d)", type
);
1394 HCRYPTMSG WINAPI
CryptMsgOpenToEncode(DWORD dwMsgEncodingType
, DWORD dwFlags
,
1395 DWORD dwMsgType
, const void *pvMsgEncodeInfo
, LPSTR pszInnerContentObjID
,
1396 PCMSG_STREAM_INFO pStreamInfo
)
1398 HCRYPTMSG msg
= NULL
;
1400 TRACE("(%08x, %08x, %08x, %p, %s, %p)\n", dwMsgEncodingType
, dwFlags
,
1401 dwMsgType
, pvMsgEncodeInfo
, debugstr_a(pszInnerContentObjID
), pStreamInfo
);
1403 if (GET_CMSG_ENCODING_TYPE(dwMsgEncodingType
) != PKCS_7_ASN_ENCODING
)
1405 SetLastError(E_INVALIDARG
);
1411 msg
= CDataEncodeMsg_Open(dwFlags
, pvMsgEncodeInfo
,
1412 pszInnerContentObjID
, pStreamInfo
);
1415 msg
= CHashEncodeMsg_Open(dwFlags
, pvMsgEncodeInfo
,
1416 pszInnerContentObjID
, pStreamInfo
);
1419 msg
= CSignedEncodeMsg_Open(dwFlags
, pvMsgEncodeInfo
,
1420 pszInnerContentObjID
, pStreamInfo
);
1422 case CMSG_ENVELOPED
:
1423 FIXME("unimplemented for type %s\n", MSG_TYPE_STR(dwMsgType
));
1425 case CMSG_SIGNED_AND_ENVELOPED
:
1426 case CMSG_ENCRYPTED
:
1427 /* defined but invalid, fall through */
1429 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
1434 typedef struct _CDecodeMsg
1438 HCRYPTPROV crypt_prov
;
1441 CSignedMsgData signed_data
;
1443 CRYPT_DATA_BLOB msg_data
;
1444 PCONTEXT_PROPERTY_LIST properties
;
1447 static void CDecodeMsg_Close(HCRYPTMSG hCryptMsg
)
1449 CDecodeMsg
*msg
= (CDecodeMsg
*)hCryptMsg
;
1451 if (msg
->base
.open_flags
& CMSG_CRYPT_RELEASE_CONTEXT_FLAG
)
1452 CryptReleaseContext(msg
->crypt_prov
, 0);
1457 CryptDestroyHash(msg
->u
.hash
);
1460 if (msg
->u
.signed_data
.info
)
1462 LocalFree(msg
->u
.signed_data
.info
);
1463 CSignedMsgData_CloseHandles(&msg
->u
.signed_data
);
1467 CryptMemFree(msg
->msg_data
.pbData
);
1468 ContextPropertyList_Free(msg
->properties
);
1471 static BOOL
CDecodeMsg_CopyData(CDecodeMsg
*msg
, const BYTE
*pbData
,
1478 if (msg
->msg_data
.cbData
)
1479 msg
->msg_data
.pbData
= CryptMemRealloc(msg
->msg_data
.pbData
,
1480 msg
->msg_data
.cbData
+ cbData
);
1482 msg
->msg_data
.pbData
= CryptMemAlloc(cbData
);
1483 if (msg
->msg_data
.pbData
)
1485 memcpy(msg
->msg_data
.pbData
+ msg
->msg_data
.cbData
, pbData
, cbData
);
1486 msg
->msg_data
.cbData
+= cbData
;
1494 static BOOL
CDecodeMsg_DecodeDataContent(CDecodeMsg
*msg
, CRYPT_DER_BLOB
*blob
)
1497 CRYPT_DATA_BLOB
*data
;
1500 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_OCTET_STRING
,
1501 blob
->pbData
, blob
->cbData
, CRYPT_DECODE_ALLOC_FLAG
, NULL
, (LPBYTE
)&data
,
1505 ret
= ContextPropertyList_SetProperty(msg
->properties
,
1506 CMSG_CONTENT_PARAM
, data
->pbData
, data
->cbData
);
1512 static void CDecodeMsg_SaveAlgorithmID(CDecodeMsg
*msg
, DWORD param
,
1513 const CRYPT_ALGORITHM_IDENTIFIER
*id
)
1515 static const BYTE nullParams
[] = { ASN_NULL
, 0 };
1516 CRYPT_ALGORITHM_IDENTIFIER
*copy
;
1517 DWORD len
= sizeof(CRYPT_ALGORITHM_IDENTIFIER
);
1519 /* Linearize algorithm id */
1520 len
+= strlen(id
->pszObjId
) + 1;
1521 len
+= id
->Parameters
.cbData
;
1522 copy
= CryptMemAlloc(len
);
1526 (LPSTR
)((BYTE
*)copy
+ sizeof(CRYPT_ALGORITHM_IDENTIFIER
));
1527 strcpy(copy
->pszObjId
, id
->pszObjId
);
1528 copy
->Parameters
.pbData
= (BYTE
*)copy
->pszObjId
+ strlen(id
->pszObjId
)
1530 /* Trick: omit NULL parameters */
1531 if (id
->Parameters
.cbData
== sizeof(nullParams
) &&
1532 !memcmp(id
->Parameters
.pbData
, nullParams
, sizeof(nullParams
)))
1534 copy
->Parameters
.cbData
= 0;
1535 len
-= sizeof(nullParams
);
1538 copy
->Parameters
.cbData
= id
->Parameters
.cbData
;
1539 if (copy
->Parameters
.cbData
)
1540 memcpy(copy
->Parameters
.pbData
, id
->Parameters
.pbData
,
1541 id
->Parameters
.cbData
);
1542 ContextPropertyList_SetProperty(msg
->properties
, param
, (BYTE
*)copy
,
1548 static inline void CRYPT_FixUpAlgorithmID(CRYPT_ALGORITHM_IDENTIFIER
*id
)
1550 id
->pszObjId
= (LPSTR
)((BYTE
*)id
+ sizeof(CRYPT_ALGORITHM_IDENTIFIER
));
1551 id
->Parameters
.pbData
= (BYTE
*)id
->pszObjId
+ strlen(id
->pszObjId
) + 1;
1554 static BOOL
CDecodeMsg_DecodeHashedContent(CDecodeMsg
*msg
,
1555 CRYPT_DER_BLOB
*blob
)
1558 CRYPT_DIGESTED_DATA
*digestedData
;
1561 ret
= CRYPT_AsnDecodePKCSDigestedData(blob
->pbData
, blob
->cbData
,
1562 CRYPT_DECODE_ALLOC_FLAG
, NULL
, (CRYPT_DIGESTED_DATA
*)&digestedData
,
1566 ContextPropertyList_SetProperty(msg
->properties
, CMSG_VERSION_PARAM
,
1567 (const BYTE
*)&digestedData
->version
, sizeof(digestedData
->version
));
1568 CDecodeMsg_SaveAlgorithmID(msg
, CMSG_HASH_ALGORITHM_PARAM
,
1569 &digestedData
->DigestAlgorithm
);
1570 ContextPropertyList_SetProperty(msg
->properties
,
1571 CMSG_INNER_CONTENT_TYPE_PARAM
,
1572 (const BYTE
*)digestedData
->ContentInfo
.pszObjId
,
1573 digestedData
->ContentInfo
.pszObjId
?
1574 strlen(digestedData
->ContentInfo
.pszObjId
) + 1 : 0);
1575 if (digestedData
->ContentInfo
.Content
.cbData
)
1576 CDecodeMsg_DecodeDataContent(msg
,
1577 &digestedData
->ContentInfo
.Content
);
1579 ContextPropertyList_SetProperty(msg
->properties
,
1580 CMSG_CONTENT_PARAM
, NULL
, 0);
1581 ContextPropertyList_SetProperty(msg
->properties
, CMSG_HASH_DATA_PARAM
,
1582 digestedData
->hash
.pbData
, digestedData
->hash
.cbData
);
1583 LocalFree(digestedData
);
1588 static BOOL
CDecodeMsg_DecodeSignedContent(CDecodeMsg
*msg
,
1589 CRYPT_DER_BLOB
*blob
)
1592 CRYPT_SIGNED_INFO
*signedInfo
;
1595 ret
= CRYPT_AsnDecodePKCSSignedInfo(blob
->pbData
, blob
->cbData
,
1596 CRYPT_DECODE_ALLOC_FLAG
, NULL
, (CRYPT_SIGNED_INFO
*)&signedInfo
,
1602 msg
->u
.signed_data
.info
= signedInfo
;
1603 ret
= CSignedMsgData_AllocateHandles(&msg
->u
.signed_data
);
1604 for (i
= 0; ret
&& i
< msg
->u
.signed_data
.info
->cSignerInfo
; i
++)
1605 ret
= CSignedMsgData_ConstructSignerHandles(&msg
->u
.signed_data
, i
,
1609 /* Now that we have all the content, update the hash handles with
1610 * it. Have to decode it if the type is szOID_RSA_data.
1612 if (msg
->u
.signed_data
.info
->content
.Content
.cbData
)
1614 if (!strcmp(msg
->u
.signed_data
.info
->content
.pszObjId
,
1617 CRYPT_DATA_BLOB
*blob
;
1619 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
,
1621 msg
->u
.signed_data
.info
->content
.Content
.pbData
,
1622 msg
->u
.signed_data
.info
->content
.Content
.cbData
,
1623 CRYPT_DECODE_ALLOC_FLAG
, NULL
, (LPBYTE
)&blob
, &size
);
1626 ret
= CSignedMsgData_Update(&msg
->u
.signed_data
,
1627 blob
->pbData
, blob
->cbData
, TRUE
, Verify
);
1632 ret
= CSignedMsgData_Update(&msg
->u
.signed_data
,
1633 msg
->u
.signed_data
.info
->content
.Content
.pbData
,
1634 msg
->u
.signed_data
.info
->content
.Content
.cbData
, TRUE
,
1641 /* Decodes the content in blob as the type given, and updates the value
1642 * (type, parameters, etc.) of msg based on what blob contains.
1643 * It doesn't just use msg's type, to allow a recursive call from an implicitly
1644 * typed message once the outer content info has been decoded.
1646 static BOOL
CDecodeMsg_DecodeContent(CDecodeMsg
*msg
, CRYPT_DER_BLOB
*blob
,
1654 if ((ret
= CDecodeMsg_DecodeDataContent(msg
, blob
)))
1655 msg
->type
= CMSG_DATA
;
1658 if ((ret
= CDecodeMsg_DecodeHashedContent(msg
, blob
)))
1659 msg
->type
= CMSG_HASHED
;
1661 case CMSG_ENVELOPED
:
1662 FIXME("unimplemented for type %s\n", MSG_TYPE_STR(type
));
1666 if ((ret
= CDecodeMsg_DecodeSignedContent(msg
, blob
)))
1667 msg
->type
= CMSG_SIGNED
;
1671 CRYPT_CONTENT_INFO
*info
;
1674 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, PKCS_CONTENT_INFO
,
1675 msg
->msg_data
.pbData
, msg
->msg_data
.cbData
, CRYPT_DECODE_ALLOC_FLAG
,
1676 NULL
, (LPBYTE
)&info
, &size
);
1679 if (!strcmp(info
->pszObjId
, szOID_RSA_data
))
1680 ret
= CDecodeMsg_DecodeContent(msg
, &info
->Content
, CMSG_DATA
);
1681 else if (!strcmp(info
->pszObjId
, szOID_RSA_digestedData
))
1682 ret
= CDecodeMsg_DecodeContent(msg
, &info
->Content
,
1684 else if (!strcmp(info
->pszObjId
, szOID_RSA_envelopedData
))
1685 ret
= CDecodeMsg_DecodeContent(msg
, &info
->Content
,
1687 else if (!strcmp(info
->pszObjId
, szOID_RSA_signedData
))
1688 ret
= CDecodeMsg_DecodeContent(msg
, &info
->Content
,
1692 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
1702 static BOOL
CDecodeMsg_Update(HCRYPTMSG hCryptMsg
, const BYTE
*pbData
,
1703 DWORD cbData
, BOOL fFinal
)
1705 CDecodeMsg
*msg
= (CDecodeMsg
*)hCryptMsg
;
1708 TRACE("(%p, %p, %d, %d)\n", hCryptMsg
, pbData
, cbData
, fFinal
);
1710 if (msg
->base
.state
== MsgStateFinalized
)
1711 SetLastError(CRYPT_E_MSG_ERROR
);
1712 else if (msg
->base
.streamed
)
1714 FIXME("(%p, %p, %d, %d): streamed update stub\n", hCryptMsg
, pbData
,
1718 if (msg
->base
.open_flags
& CMSG_DETACHED_FLAG
&&
1719 msg
->base
.state
!= MsgStateDataFinalized
)
1721 ret
= CDecodeMsg_CopyData(msg
, pbData
, cbData
);
1722 msg
->base
.state
= MsgStateDataFinalized
;
1724 ret
= CDecodeMsg_DecodeContent(msg
, &msg
->msg_data
,
1729 FIXME("(%p, %p, %d, %d): detached update stub\n", hCryptMsg
,
1730 pbData
, cbData
, fFinal
);
1732 msg
->base
.state
= MsgStateFinalized
;
1737 ret
= CDecodeMsg_CopyData(msg
, pbData
, cbData
);
1738 if (msg
->base
.state
== MsgStateInit
)
1739 msg
->base
.state
= MsgStateUpdated
;
1745 SetLastError(CRYPT_E_MSG_ERROR
);
1748 if (msg
->base
.state
== MsgStateInit
)
1750 ret
= CDecodeMsg_CopyData(msg
, pbData
, cbData
);
1752 ret
= CDecodeMsg_DecodeContent(msg
, &msg
->msg_data
,
1754 if (msg
->base
.open_flags
& CMSG_DETACHED_FLAG
)
1755 msg
->base
.state
= MsgStateDataFinalized
;
1757 msg
->base
.state
= MsgStateFinalized
;
1759 else if (msg
->base
.state
== MsgStateDataFinalized
)
1761 FIXME("(%p, %p, %d, %d): detached update stub\n", hCryptMsg
,
1762 pbData
, cbData
, fFinal
);
1764 msg
->base
.state
= MsgStateFinalized
;
1771 static BOOL
CDecodeHashMsg_GetParam(CDecodeMsg
*msg
, DWORD dwParamType
,
1772 DWORD dwIndex
, void *pvData
, DWORD
*pcbData
)
1776 switch (dwParamType
)
1778 case CMSG_TYPE_PARAM
:
1779 ret
= CRYPT_CopyParam(pvData
, pcbData
, &msg
->type
, sizeof(msg
->type
));
1781 case CMSG_HASH_ALGORITHM_PARAM
:
1783 CRYPT_DATA_BLOB blob
;
1785 ret
= ContextPropertyList_FindProperty(msg
->properties
, dwParamType
,
1789 ret
= CRYPT_CopyParam(pvData
, pcbData
, blob
.pbData
, blob
.cbData
);
1791 CRYPT_FixUpAlgorithmID((CRYPT_ALGORITHM_IDENTIFIER
*)pvData
);
1794 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
1797 case CMSG_COMPUTED_HASH_PARAM
:
1800 CRYPT_ALGORITHM_IDENTIFIER
*hashAlgoID
= NULL
;
1804 CryptMsgGetParam(msg
, CMSG_HASH_ALGORITHM_PARAM
, 0, NULL
, &size
);
1805 hashAlgoID
= CryptMemAlloc(size
);
1806 ret
= CryptMsgGetParam(msg
, CMSG_HASH_ALGORITHM_PARAM
, 0,
1809 algID
= CertOIDToAlgId(hashAlgoID
->pszObjId
);
1810 ret
= CryptCreateHash(msg
->crypt_prov
, algID
, 0, 0, &msg
->u
.hash
);
1813 CRYPT_DATA_BLOB content
;
1815 ret
= ContextPropertyList_FindProperty(msg
->properties
,
1816 CMSG_CONTENT_PARAM
, &content
);
1818 ret
= CryptHashData(msg
->u
.hash
, content
.pbData
,
1821 CryptMemFree(hashAlgoID
);
1826 ret
= CryptGetHashParam(msg
->u
.hash
, HP_HASHVAL
, pvData
, pcbData
,
1831 CRYPT_DATA_BLOB blob
;
1833 ret
= ContextPropertyList_FindProperty(msg
->properties
, dwParamType
,
1836 ret
= CRYPT_CopyParam(pvData
, pcbData
, blob
.pbData
, blob
.cbData
);
1838 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
1844 /* nextData is an in/out parameter - on input it's the memory location in
1845 * which a copy of in's data should be made, and on output it's the memory
1846 * location immediately after out's copy of in's data.
1848 static inline void CRYPT_CopyBlob(CRYPT_DATA_BLOB
*out
,
1849 const CRYPT_DATA_BLOB
*in
, LPBYTE
*nextData
)
1851 out
->cbData
= in
->cbData
;
1854 out
->pbData
= *nextData
;
1855 memcpy(out
->pbData
, in
->pbData
, in
->cbData
);
1856 *nextData
+= in
->cbData
;
1860 static inline void CRYPT_CopyAlgorithmId(CRYPT_ALGORITHM_IDENTIFIER
*out
,
1861 const CRYPT_ALGORITHM_IDENTIFIER
*in
, LPBYTE
*nextData
)
1865 out
->pszObjId
= (LPSTR
)*nextData
;
1866 strcpy(out
->pszObjId
, in
->pszObjId
);
1867 *nextData
+= strlen(out
->pszObjId
) + 1;
1869 CRYPT_CopyBlob(&out
->Parameters
, &in
->Parameters
, nextData
);
1872 static inline void CRYPT_CopyAttributes(CRYPT_ATTRIBUTES
*out
,
1873 const CRYPT_ATTRIBUTES
*in
, LPBYTE
*nextData
)
1875 out
->cAttr
= in
->cAttr
;
1880 if ((*nextData
- (LPBYTE
)0) % sizeof(DWORD_PTR
))
1881 *nextData
+= (*nextData
- (LPBYTE
)0) % sizeof(DWORD_PTR
);
1882 out
->rgAttr
= (CRYPT_ATTRIBUTE
*)*nextData
;
1883 *nextData
+= in
->cAttr
* sizeof(CRYPT_ATTRIBUTE
);
1884 for (i
= 0; i
< in
->cAttr
; i
++)
1886 if (in
->rgAttr
[i
].pszObjId
)
1888 out
->rgAttr
[i
].pszObjId
= (LPSTR
)*nextData
;
1889 strcpy(out
->rgAttr
[i
].pszObjId
, in
->rgAttr
[i
].pszObjId
);
1890 *nextData
+= strlen(in
->rgAttr
[i
].pszObjId
) + 1;
1892 if (in
->rgAttr
[i
].cValue
)
1896 out
->rgAttr
[i
].cValue
= in
->rgAttr
[i
].cValue
;
1897 if ((*nextData
- (LPBYTE
)0) % sizeof(DWORD_PTR
))
1898 *nextData
+= (*nextData
- (LPBYTE
)0) % sizeof(DWORD_PTR
);
1899 out
->rgAttr
[i
].rgValue
= (PCRYPT_DATA_BLOB
)*nextData
;
1900 *nextData
+= in
->rgAttr
[i
].cValue
* sizeof(CRYPT_DATA_BLOB
);
1901 for (j
= 0; j
< in
->rgAttr
[i
].cValue
; j
++)
1902 CRYPT_CopyBlob(&out
->rgAttr
[i
].rgValue
[j
],
1903 &in
->rgAttr
[i
].rgValue
[j
], nextData
);
1909 static DWORD
CRYPT_SizeOfAttributes(const CRYPT_ATTRIBUTES
*attr
)
1911 DWORD size
= attr
->cAttr
* sizeof(CRYPT_ATTRIBUTE
), i
, j
;
1913 for (i
= 0; i
< attr
->cAttr
; i
++)
1915 if (attr
->rgAttr
[i
].pszObjId
)
1916 size
+= strlen(attr
->rgAttr
[i
].pszObjId
) + 1;
1918 if (size
% sizeof(DWORD_PTR
))
1919 size
+= size
% sizeof(DWORD_PTR
);
1920 size
+= attr
->rgAttr
[i
].cValue
* sizeof(CRYPT_DATA_BLOB
);
1921 for (j
= 0; j
< attr
->rgAttr
[i
].cValue
; j
++)
1922 size
+= attr
->rgAttr
[i
].rgValue
[j
].cbData
;
1924 /* align pointer again to be conservative */
1925 if (size
% sizeof(DWORD_PTR
))
1926 size
+= size
% sizeof(DWORD_PTR
);
1930 static BOOL
CRYPT_CopySignerInfo(void *pvData
, DWORD
*pcbData
,
1931 const CMSG_SIGNER_INFO
*in
)
1933 DWORD size
= sizeof(CMSG_SIGNER_INFO
);
1936 TRACE("(%p, %d, %p)\n", pvData
, pvData
? *pcbData
: 0, in
);
1938 size
+= in
->Issuer
.cbData
;
1939 size
+= in
->SerialNumber
.cbData
;
1940 if (in
->HashAlgorithm
.pszObjId
)
1941 size
+= strlen(in
->HashAlgorithm
.pszObjId
) + 1;
1942 size
+= in
->HashAlgorithm
.Parameters
.cbData
;
1943 if (in
->HashEncryptionAlgorithm
.pszObjId
)
1944 size
+= strlen(in
->HashEncryptionAlgorithm
.pszObjId
) + 1;
1945 size
+= in
->HashEncryptionAlgorithm
.Parameters
.cbData
;
1946 size
+= in
->EncryptedHash
.cbData
;
1948 if (size
% sizeof(DWORD_PTR
))
1949 size
+= size
% sizeof(DWORD_PTR
);
1950 size
+= CRYPT_SizeOfAttributes(&in
->AuthAttrs
);
1951 size
+= CRYPT_SizeOfAttributes(&in
->UnauthAttrs
);
1957 else if (*pcbData
< size
)
1960 SetLastError(ERROR_MORE_DATA
);
1965 LPBYTE nextData
= (BYTE
*)pvData
+ sizeof(CMSG_SIGNER_INFO
);
1966 CMSG_SIGNER_INFO
*out
= (CMSG_SIGNER_INFO
*)pvData
;
1968 out
->dwVersion
= in
->dwVersion
;
1969 CRYPT_CopyBlob(&out
->Issuer
, &in
->Issuer
, &nextData
);
1970 CRYPT_CopyBlob(&out
->SerialNumber
, &in
->SerialNumber
, &nextData
);
1971 CRYPT_CopyAlgorithmId(&out
->HashAlgorithm
, &in
->HashAlgorithm
,
1973 CRYPT_CopyAlgorithmId(&out
->HashEncryptionAlgorithm
,
1974 &in
->HashEncryptionAlgorithm
, &nextData
);
1975 CRYPT_CopyBlob(&out
->EncryptedHash
, &in
->EncryptedHash
, &nextData
);
1977 if ((nextData
- (LPBYTE
)0) % sizeof(DWORD_PTR
))
1978 nextData
+= (nextData
- (LPBYTE
)0) % sizeof(DWORD_PTR
);
1979 CRYPT_CopyAttributes(&out
->AuthAttrs
, &in
->AuthAttrs
, &nextData
);
1980 CRYPT_CopyAttributes(&out
->UnauthAttrs
, &in
->UnauthAttrs
, &nextData
);
1983 TRACE("returning %d\n", ret
);
1987 static BOOL
CRYPT_CopySignerCertInfo(void *pvData
, DWORD
*pcbData
,
1988 const CMSG_SIGNER_INFO
*in
)
1990 DWORD size
= sizeof(CERT_INFO
);
1993 TRACE("(%p, %d, %p)\n", pvData
, pvData
? *pcbData
: 0, in
);
1995 size
+= in
->Issuer
.cbData
;
1996 size
+= in
->SerialNumber
.cbData
;
2002 else if (*pcbData
< size
)
2005 SetLastError(ERROR_MORE_DATA
);
2010 LPBYTE nextData
= (BYTE
*)pvData
+ sizeof(CERT_INFO
);
2011 CERT_INFO
*out
= (CERT_INFO
*)pvData
;
2013 memset(out
, 0, sizeof(CERT_INFO
));
2014 CRYPT_CopyBlob(&out
->Issuer
, &in
->Issuer
, &nextData
);
2015 CRYPT_CopyBlob(&out
->SerialNumber
, &in
->SerialNumber
, &nextData
);
2018 TRACE("returning %d\n", ret
);
2022 static BOOL
CDecodeSignedMsg_GetParam(CDecodeMsg
*msg
, DWORD dwParamType
,
2023 DWORD dwIndex
, void *pvData
, DWORD
*pcbData
)
2027 switch (dwParamType
)
2029 case CMSG_TYPE_PARAM
:
2030 ret
= CRYPT_CopyParam(pvData
, pcbData
, &msg
->type
, sizeof(msg
->type
));
2032 case CMSG_CONTENT_PARAM
:
2033 if (msg
->u
.signed_data
.info
)
2035 if (!strcmp(msg
->u
.signed_data
.info
->content
.pszObjId
,
2038 CRYPT_DATA_BLOB
*blob
;
2041 ret
= CryptDecodeObjectEx(X509_ASN_ENCODING
, X509_OCTET_STRING
,
2042 msg
->u
.signed_data
.info
->content
.Content
.pbData
,
2043 msg
->u
.signed_data
.info
->content
.Content
.cbData
,
2044 CRYPT_DECODE_ALLOC_FLAG
, NULL
, (LPBYTE
)&blob
, &size
);
2047 ret
= CRYPT_CopyParam(pvData
, pcbData
, blob
->pbData
,
2053 ret
= CRYPT_CopyParam(pvData
, pcbData
,
2054 msg
->u
.signed_data
.info
->content
.Content
.pbData
,
2055 msg
->u
.signed_data
.info
->content
.Content
.cbData
);
2058 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2060 case CMSG_INNER_CONTENT_TYPE_PARAM
:
2061 if (msg
->u
.signed_data
.info
)
2062 ret
= CRYPT_CopyParam(pvData
, pcbData
,
2063 msg
->u
.signed_data
.info
->content
.pszObjId
,
2064 strlen(msg
->u
.signed_data
.info
->content
.pszObjId
) + 1);
2066 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2068 case CMSG_SIGNER_COUNT_PARAM
:
2069 if (msg
->u
.signed_data
.info
)
2070 ret
= CRYPT_CopyParam(pvData
, pcbData
,
2071 &msg
->u
.signed_data
.info
->cSignerInfo
, sizeof(DWORD
));
2073 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2075 case CMSG_SIGNER_INFO_PARAM
:
2076 if (msg
->u
.signed_data
.info
)
2078 if (dwIndex
>= msg
->u
.signed_data
.info
->cSignerInfo
)
2079 SetLastError(CRYPT_E_INVALID_INDEX
);
2081 ret
= CRYPT_CopySignerInfo(pvData
, pcbData
,
2082 &msg
->u
.signed_data
.info
->rgSignerInfo
[dwIndex
]);
2085 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2087 case CMSG_SIGNER_CERT_INFO_PARAM
:
2088 if (msg
->u
.signed_data
.info
)
2090 if (dwIndex
>= msg
->u
.signed_data
.info
->cSignerInfo
)
2091 SetLastError(CRYPT_E_INVALID_INDEX
);
2093 ret
= CRYPT_CopySignerCertInfo(pvData
, pcbData
,
2094 &msg
->u
.signed_data
.info
->rgSignerInfo
[dwIndex
]);
2097 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2099 case CMSG_CERT_COUNT_PARAM
:
2100 if (msg
->u
.signed_data
.info
)
2101 ret
= CRYPT_CopyParam(pvData
, pcbData
,
2102 &msg
->u
.signed_data
.info
->cCertEncoded
, sizeof(DWORD
));
2104 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2106 case CMSG_CERT_PARAM
:
2107 if (msg
->u
.signed_data
.info
)
2109 if (dwIndex
>= msg
->u
.signed_data
.info
->cCertEncoded
)
2110 SetLastError(CRYPT_E_INVALID_INDEX
);
2112 ret
= CRYPT_CopyParam(pvData
, pcbData
,
2113 msg
->u
.signed_data
.info
->rgCertEncoded
[dwIndex
].pbData
,
2114 msg
->u
.signed_data
.info
->rgCertEncoded
[dwIndex
].cbData
);
2117 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2119 case CMSG_CRL_COUNT_PARAM
:
2120 if (msg
->u
.signed_data
.info
)
2121 ret
= CRYPT_CopyParam(pvData
, pcbData
,
2122 &msg
->u
.signed_data
.info
->cCrlEncoded
, sizeof(DWORD
));
2124 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2126 case CMSG_CRL_PARAM
:
2127 if (msg
->u
.signed_data
.info
)
2129 if (dwIndex
>= msg
->u
.signed_data
.info
->cCrlEncoded
)
2130 SetLastError(CRYPT_E_INVALID_INDEX
);
2132 ret
= CRYPT_CopyParam(pvData
, pcbData
,
2133 msg
->u
.signed_data
.info
->rgCrlEncoded
[dwIndex
].pbData
,
2134 msg
->u
.signed_data
.info
->rgCrlEncoded
[dwIndex
].cbData
);
2137 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2139 case CMSG_COMPUTED_HASH_PARAM
:
2140 if (msg
->u
.signed_data
.info
)
2142 if (dwIndex
>= msg
->u
.signed_data
.cSignerHandle
)
2143 SetLastError(CRYPT_E_INVALID_INDEX
);
2145 ret
= CryptGetHashParam(
2146 msg
->u
.signed_data
.signerHandles
[dwIndex
].contentHash
,
2147 HP_HASHVAL
, pvData
, pcbData
, 0);
2150 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2152 case CMSG_ATTR_CERT_COUNT_PARAM
:
2153 if (msg
->u
.signed_data
.info
)
2155 DWORD attrCertCount
= 0;
2157 ret
= CRYPT_CopyParam(pvData
, pcbData
,
2158 &attrCertCount
, sizeof(DWORD
));
2161 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2163 case CMSG_ATTR_CERT_PARAM
:
2164 if (msg
->u
.signed_data
.info
)
2165 SetLastError(CRYPT_E_INVALID_INDEX
);
2167 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2170 FIXME("unimplemented for %d\n", dwParamType
);
2171 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2176 static BOOL
CDecodeMsg_GetParam(HCRYPTMSG hCryptMsg
, DWORD dwParamType
,
2177 DWORD dwIndex
, void *pvData
, DWORD
*pcbData
)
2179 CDecodeMsg
*msg
= (CDecodeMsg
*)hCryptMsg
;
2185 ret
= CDecodeHashMsg_GetParam(msg
, dwParamType
, dwIndex
, pvData
,
2189 ret
= CDecodeSignedMsg_GetParam(msg
, dwParamType
, dwIndex
, pvData
,
2193 switch (dwParamType
)
2195 case CMSG_TYPE_PARAM
:
2196 ret
= CRYPT_CopyParam(pvData
, pcbData
, &msg
->type
,
2201 CRYPT_DATA_BLOB blob
;
2203 ret
= ContextPropertyList_FindProperty(msg
->properties
, dwParamType
,
2206 ret
= CRYPT_CopyParam(pvData
, pcbData
, blob
.pbData
,
2209 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2216 static BOOL
CDecodeHashMsg_VerifyHash(CDecodeMsg
*msg
)
2219 CRYPT_DATA_BLOB hashBlob
;
2221 ret
= ContextPropertyList_FindProperty(msg
->properties
,
2222 CMSG_HASH_DATA_PARAM
, &hashBlob
);
2225 DWORD computedHashSize
= 0;
2227 ret
= CDecodeHashMsg_GetParam(msg
, CMSG_COMPUTED_HASH_PARAM
, 0, NULL
,
2229 if (hashBlob
.cbData
== computedHashSize
)
2231 LPBYTE computedHash
= CryptMemAlloc(computedHashSize
);
2235 ret
= CDecodeHashMsg_GetParam(msg
, CMSG_COMPUTED_HASH_PARAM
, 0,
2236 computedHash
, &computedHashSize
);
2238 ret
= !memcmp(hashBlob
.pbData
, computedHash
,
2240 CryptMemFree(computedHash
);
2249 static BOOL
CDecodeSignedMsg_VerifySignatureWithKey(CDecodeMsg
*msg
,
2250 HCRYPTPROV prov
, DWORD signerIndex
, PCERT_PUBLIC_KEY_INFO keyInfo
)
2256 prov
= msg
->crypt_prov
;
2257 ret
= CryptImportPublicKeyInfo(prov
, X509_ASN_ENCODING
, keyInfo
, &key
);
2261 CRYPT_HASH_BLOB reversedHash
;
2263 if (msg
->u
.signed_data
.info
->rgSignerInfo
[signerIndex
].AuthAttrs
.cAttr
)
2264 hash
= msg
->u
.signed_data
.signerHandles
[signerIndex
].authAttrHash
;
2266 hash
= msg
->u
.signed_data
.signerHandles
[signerIndex
].contentHash
;
2267 ret
= CRYPT_ConstructBlob(&reversedHash
,
2268 &msg
->u
.signed_data
.info
->rgSignerInfo
[signerIndex
].EncryptedHash
);
2271 CRYPT_ReverseBytes(&reversedHash
);
2272 ret
= CryptVerifySignatureW(hash
, reversedHash
.pbData
,
2273 reversedHash
.cbData
, key
, NULL
, 0);
2274 CryptMemFree(reversedHash
.pbData
);
2276 CryptDestroyKey(key
);
2281 static BOOL
CDecodeSignedMsg_VerifySignature(CDecodeMsg
*msg
, PCERT_INFO info
)
2286 for (i
= 0; !ret
&& i
< msg
->u
.signed_data
.info
->cSignerInfo
; i
++)
2288 ret
= CertCompareCertificateName(X509_ASN_ENCODING
,
2289 &msg
->u
.signed_data
.info
->rgSignerInfo
[i
].Issuer
, &info
->Issuer
);
2292 ret
= CertCompareIntegerBlob(
2293 &msg
->u
.signed_data
.info
->rgSignerInfo
[i
].SerialNumber
,
2294 &info
->SerialNumber
);
2300 ret
= CDecodeSignedMsg_VerifySignatureWithKey(msg
, 0, i
,
2301 &info
->SubjectPublicKeyInfo
);
2303 SetLastError(CRYPT_E_SIGNER_NOT_FOUND
);
2308 static BOOL
CDecodeSignedMsg_VerifySignatureEx(CDecodeMsg
*msg
,
2309 PCMSG_CTRL_VERIFY_SIGNATURE_EX_PARA para
)
2313 if (para
->cbSize
!= sizeof(CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA
))
2314 SetLastError(ERROR_INVALID_PARAMETER
);
2315 else if (para
->dwSignerIndex
>= msg
->u
.signed_data
.info
->cSignerInfo
)
2316 SetLastError(CRYPT_E_SIGNER_NOT_FOUND
);
2319 switch (para
->dwSignerType
)
2321 case CMSG_VERIFY_SIGNER_PUBKEY
:
2322 ret
= CDecodeSignedMsg_VerifySignatureWithKey(msg
,
2323 para
->hCryptProv
, para
->dwSignerIndex
,
2324 (PCERT_PUBLIC_KEY_INFO
)para
->pvSigner
);
2326 case CMSG_VERIFY_SIGNER_CERT
:
2328 PCCERT_CONTEXT cert
= (PCCERT_CONTEXT
)para
->pvSigner
;
2330 ret
= CDecodeSignedMsg_VerifySignatureWithKey(msg
, para
->hCryptProv
,
2331 para
->dwSignerIndex
, &cert
->pCertInfo
->SubjectPublicKeyInfo
);
2335 FIXME("unimplemented for signer type %d\n", para
->dwSignerType
);
2336 SetLastError(CRYPT_E_SIGNER_NOT_FOUND
);
2342 static BOOL
CDecodeMsg_Control(HCRYPTMSG hCryptMsg
, DWORD dwFlags
,
2343 DWORD dwCtrlType
, const void *pvCtrlPara
)
2345 CDecodeMsg
*msg
= (CDecodeMsg
*)hCryptMsg
;
2350 case CMSG_CTRL_VERIFY_SIGNATURE
:
2354 ret
= CDecodeSignedMsg_VerifySignature(msg
, (PCERT_INFO
)pvCtrlPara
);
2357 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2360 case CMSG_CTRL_DECRYPT
:
2364 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2367 case CMSG_CTRL_VERIFY_HASH
:
2371 ret
= CDecodeHashMsg_VerifyHash(msg
);
2374 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2377 case CMSG_CTRL_VERIFY_SIGNATURE_EX
:
2381 ret
= CDecodeSignedMsg_VerifySignatureEx(msg
,
2382 (PCMSG_CTRL_VERIFY_SIGNATURE_EX_PARA
)pvCtrlPara
);
2385 SetLastError(CRYPT_E_INVALID_MSG_TYPE
);
2389 SetLastError(CRYPT_E_CONTROL_TYPE
);
2394 HCRYPTMSG WINAPI
CryptMsgOpenToDecode(DWORD dwMsgEncodingType
, DWORD dwFlags
,
2395 DWORD dwMsgType
, HCRYPTPROV_LEGACY hCryptProv
, PCERT_INFO pRecipientInfo
,
2396 PCMSG_STREAM_INFO pStreamInfo
)
2400 TRACE("(%08x, %08x, %08x, %08lx, %p, %p)\n", dwMsgEncodingType
,
2401 dwFlags
, dwMsgType
, hCryptProv
, pRecipientInfo
, pStreamInfo
);
2403 if (GET_CMSG_ENCODING_TYPE(dwMsgEncodingType
) != PKCS_7_ASN_ENCODING
)
2405 SetLastError(E_INVALIDARG
);
2408 msg
= CryptMemAlloc(sizeof(CDecodeMsg
));
2411 CryptMsgBase_Init((CryptMsgBase
*)msg
, dwFlags
, pStreamInfo
,
2412 CDecodeMsg_Close
, CDecodeMsg_GetParam
, CDecodeMsg_Update
,
2413 CDecodeMsg_Control
);
2414 msg
->type
= dwMsgType
;
2416 msg
->crypt_prov
= hCryptProv
;
2419 msg
->crypt_prov
= CRYPT_GetDefaultProvider();
2420 msg
->base
.open_flags
&= ~CMSG_CRYPT_RELEASE_CONTEXT_FLAG
;
2422 memset(&msg
->u
, 0, sizeof(msg
->u
));
2423 msg
->msg_data
.cbData
= 0;
2424 msg
->msg_data
.pbData
= NULL
;
2425 msg
->properties
= ContextPropertyList_Create();
2430 HCRYPTMSG WINAPI
CryptMsgDuplicate(HCRYPTMSG hCryptMsg
)
2432 TRACE("(%p)\n", hCryptMsg
);
2436 CryptMsgBase
*msg
= (CryptMsgBase
*)hCryptMsg
;
2438 InterlockedIncrement(&msg
->ref
);
2443 BOOL WINAPI
CryptMsgClose(HCRYPTMSG hCryptMsg
)
2445 TRACE("(%p)\n", hCryptMsg
);
2449 CryptMsgBase
*msg
= (CryptMsgBase
*)hCryptMsg
;
2451 if (InterlockedDecrement(&msg
->ref
) == 0)
2453 TRACE("freeing %p\n", msg
);
2462 BOOL WINAPI
CryptMsgUpdate(HCRYPTMSG hCryptMsg
, const BYTE
*pbData
,
2463 DWORD cbData
, BOOL fFinal
)
2465 CryptMsgBase
*msg
= (CryptMsgBase
*)hCryptMsg
;
2467 TRACE("(%p, %p, %d, %d)\n", hCryptMsg
, pbData
, cbData
, fFinal
);
2469 return msg
->update(hCryptMsg
, pbData
, cbData
, fFinal
);
2472 BOOL WINAPI
CryptMsgGetParam(HCRYPTMSG hCryptMsg
, DWORD dwParamType
,
2473 DWORD dwIndex
, void *pvData
, DWORD
*pcbData
)
2475 CryptMsgBase
*msg
= (CryptMsgBase
*)hCryptMsg
;
2477 TRACE("(%p, %d, %d, %p, %p)\n", hCryptMsg
, dwParamType
, dwIndex
,
2479 return msg
->get_param(hCryptMsg
, dwParamType
, dwIndex
, pvData
, pcbData
);
2482 BOOL WINAPI
CryptMsgControl(HCRYPTMSG hCryptMsg
, DWORD dwFlags
,
2483 DWORD dwCtrlType
, const void *pvCtrlPara
)
2485 CryptMsgBase
*msg
= (CryptMsgBase
*)hCryptMsg
;
2487 TRACE("(%p, %08x, %d, %p)\n", hCryptMsg
, dwFlags
, dwCtrlType
,
2489 return msg
->control(hCryptMsg
, dwFlags
, dwCtrlType
, pvCtrlPara
);
2492 static CERT_INFO
*CRYPT_GetSignerCertInfoFromMsg(HCRYPTMSG msg
,
2493 DWORD dwSignerIndex
)
2495 CERT_INFO
*certInfo
= NULL
;
2498 if (CryptMsgGetParam(msg
, CMSG_SIGNER_CERT_INFO_PARAM
, dwSignerIndex
, NULL
,
2501 certInfo
= CryptMemAlloc(size
);
2504 if (!CryptMsgGetParam(msg
, CMSG_SIGNER_CERT_INFO_PARAM
,
2505 dwSignerIndex
, certInfo
, &size
))
2507 CryptMemFree(certInfo
);
2515 BOOL WINAPI
CryptMsgGetAndVerifySigner(HCRYPTMSG hCryptMsg
, DWORD cSignerStore
,
2516 HCERTSTORE
*rghSignerStore
, DWORD dwFlags
, PCCERT_CONTEXT
*ppSigner
,
2517 DWORD
*pdwSignerIndex
)
2520 DWORD i
, signerIndex
;
2521 PCCERT_CONTEXT signerCert
= NULL
;
2524 TRACE("(%p, %d, %p, %08x, %p, %p)\n", hCryptMsg
, cSignerStore
,
2525 rghSignerStore
, dwFlags
, ppSigner
, pdwSignerIndex
);
2527 /* Clear output parameters */
2530 if (pdwSignerIndex
&& !(dwFlags
& CMSG_USE_SIGNER_INDEX_FLAG
))
2531 *pdwSignerIndex
= 0;
2533 /* Create store to search for signer certificates */
2534 store
= CertOpenStore(CERT_STORE_PROV_COLLECTION
, 0, 0,
2535 CERT_STORE_CREATE_NEW_FLAG
, NULL
);
2536 if (!(dwFlags
& CMSG_TRUSTED_SIGNER_FLAG
))
2538 HCERTSTORE msgStore
= CertOpenStore(CERT_STORE_PROV_MSG
, 0, 0, 0,
2541 CertAddStoreToCollection(store
, msgStore
, 0, 0);
2542 CertCloseStore(msgStore
, 0);
2544 for (i
= 0; i
< cSignerStore
; i
++)
2545 CertAddStoreToCollection(store
, rghSignerStore
[i
], 0, 0);
2547 /* Find signer cert */
2548 if (dwFlags
& CMSG_USE_SIGNER_INDEX_FLAG
)
2550 CERT_INFO
*signer
= CRYPT_GetSignerCertInfoFromMsg(hCryptMsg
,
2555 signerIndex
= *pdwSignerIndex
;
2556 signerCert
= CertFindCertificateInStore(store
, X509_ASN_ENCODING
,
2557 0, CERT_FIND_SUBJECT_CERT
, signer
, NULL
);
2558 CryptMemFree(signer
);
2563 DWORD count
, size
= sizeof(count
);
2565 if (CryptMsgGetParam(hCryptMsg
, CMSG_SIGNER_COUNT_PARAM
, 0, &count
,
2568 for (i
= 0; !signerCert
&& i
< count
; i
++)
2570 CERT_INFO
*signer
= CRYPT_GetSignerCertInfoFromMsg(hCryptMsg
,
2575 signerCert
= CertFindCertificateInStore(store
,
2576 X509_ASN_ENCODING
, 0, CERT_FIND_SUBJECT_CERT
, signer
,
2580 CryptMemFree(signer
);
2585 SetLastError(CRYPT_E_NO_TRUSTED_SIGNER
);
2589 if (!(dwFlags
& CMSG_SIGNER_ONLY_FLAG
))
2590 ret
= CryptMsgControl(hCryptMsg
, 0, CMSG_CTRL_VERIFY_SIGNATURE
,
2591 signerCert
->pCertInfo
);
2597 *ppSigner
= CertDuplicateCertificateContext(signerCert
);
2599 *pdwSignerIndex
= signerIndex
;
2601 CertFreeCertificateContext(signerCert
);
2604 CertCloseStore(store
, 0);
2608 BOOL WINAPI
CryptMsgVerifyCountersignatureEncodedEx(HCRYPTPROV_LEGACY hCryptProv
,
2609 DWORD dwEncodingType
, PBYTE pbSignerInfo
, DWORD cbSignerInfo
,
2610 PBYTE pbSignerInfoCountersignature
, DWORD cbSignerInfoCountersignature
,
2611 DWORD dwSignerType
, void *pvSigner
, DWORD dwFlags
, void *pvReserved
)
2613 FIXME("(%08lx, %08x, %p, %d, %p, %d, %d, %p, %08x, %p): stub\n", hCryptProv
,
2614 dwEncodingType
, pbSignerInfo
, cbSignerInfo
, pbSignerInfoCountersignature
,
2615 cbSignerInfoCountersignature
, dwSignerType
, pvSigner
, dwFlags
, pvReserved
);