2 * Copyright 2002 Mike McCormack for CodeWeavers
3 * Copyright 2005 Juan Lang
4 * Copyright 2006 Paul Vriens
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
32 #include "wine/debug.h"
33 #include "wine/list.h"
35 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
37 static const WCHAR szOID[] = {
38 'S','o','f','t','w','a','r','e','\\',
39 'M','i','c','r','o','s','o','f','t','\\',
40 'C','r','y','p','t','o','g','r','a','p','h','y','\\',
42 'E','n','c','o','d','i','n','g','T','y','p','e',' ','0','\\',
43 'C','r','y','p','t','S','I','P','D','l','l', 0 };
45 static const WCHAR szPutSigned[] = {
46 'P','u','t','S','i','g','n','e','d','D','a','t','a','M','s','g','\\',0};
47 static const WCHAR szGetSigned[] = {
48 'G','e','t','S','i','g','n','e','d','D','a','t','a','M','s','g','\\',0};
49 static const WCHAR szRemoveSigned[] = {
50 'R','e','m','o','v','e','S','i','g','n','e','d','D','a','t','a','M','s','g','\\',0};
51 static const WCHAR szCreate[] = {
52 'C','r','e','a','t','e','I','n','d','i','r','e','c','t','D','a','t','a','\\',0};
53 static const WCHAR szVerify[] = {
54 'V','e','r','i','f','y','I','n','d','i','r','e','c','t','D','a','t','a','\\',0};
55 static const WCHAR szIsMyFile[] = {
56 'I','s','M','y','F','i','l','e','T','y','p','e','\\',0};
57 static const WCHAR szIsMyFile2[] = {
58 'I','s','M','y','F','i','l','e','T','y','p','e','2','\\',0};
60 static const WCHAR szDllName[] = { 'D','l','l',0 };
61 static const WCHAR szFuncName[] = { 'F','u','n','c','N','a','m','e',0 };
63 /* convert a guid to a wide character string */
64 static void CRYPT_guid2wstr( const GUID *guid, LPWSTR wstr )
68 sprintf(str, "{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}",
69 guid->Data1, guid->Data2, guid->Data3,
70 guid->Data4[0], guid->Data4[1], guid->Data4[2], guid->Data4[3],
71 guid->Data4[4], guid->Data4[5], guid->Data4[6], guid->Data4[7] );
72 MultiByteToWideChar( CP_ACP, 0, str, -1, wstr, 40 );
75 /***********************************************************************
76 * CRYPT_SIPDeleteFunction
78 * Helper function for CryptSIPRemoveProvider
80 static LONG CRYPT_SIPDeleteFunction( const GUID *guid, LPCWSTR szKey )
82 WCHAR szFullKey[ 0x100 ];
83 LONG r = ERROR_SUCCESS;
85 /* max length of szFullKey depends on our code only, so we won't overrun */
86 lstrcpyW( szFullKey, szOID );
87 lstrcatW( szFullKey, szKey );
88 CRYPT_guid2wstr( guid, &szFullKey[ lstrlenW( szFullKey ) ] );
90 r = RegDeleteKeyW(HKEY_LOCAL_MACHINE, szFullKey);
95 /***********************************************************************
96 * CryptSIPRemoveProvider (CRYPT32.@)
98 * Remove a SIP provider and its functions from the registry.
101 * pgProv [I] Pointer to a GUID for this SIP provider
105 * Failure: FALSE. (Look at GetLastError()).
108 * Registry errors are always reported via SetLastError(). Every registry
109 * deletion will be tried.
111 BOOL WINAPI CryptSIPRemoveProvider(GUID *pgProv)
113 LONG r = ERROR_SUCCESS;
114 LONG remove_error = ERROR_SUCCESS;
116 TRACE("%s\n", debugstr_guid(pgProv));
120 SetLastError(ERROR_INVALID_PARAMETER);
125 #define CRYPT_SIPREMOVEPROV( key ) \
126 r = CRYPT_SIPDeleteFunction( pgProv, key); \
127 if (r != ERROR_SUCCESS) remove_error = r
129 CRYPT_SIPREMOVEPROV( szPutSigned);
130 CRYPT_SIPREMOVEPROV( szGetSigned);
131 CRYPT_SIPREMOVEPROV( szRemoveSigned);
132 CRYPT_SIPREMOVEPROV( szCreate);
133 CRYPT_SIPREMOVEPROV( szVerify);
134 CRYPT_SIPREMOVEPROV( szIsMyFile);
135 CRYPT_SIPREMOVEPROV( szIsMyFile2);
137 #undef CRYPT_SIPREMOVEPROV
139 if (remove_error != ERROR_SUCCESS)
141 SetLastError(remove_error);
149 * Helper for CryptSIPAddProvider
151 * Add a registry key containing a dll name and function under
152 * "Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\<func>\\<guid>"
154 static LONG CRYPT_SIPWriteFunction( const GUID *guid, LPCWSTR szKey,
155 LPCWSTR szDll, LPCWSTR szFunction )
157 WCHAR szFullKey[ 0x100 ];
158 LONG r = ERROR_SUCCESS;
162 return ERROR_SUCCESS;
164 /* max length of szFullKey depends on our code only, so we won't overrun */
165 lstrcpyW( szFullKey, szOID );
166 lstrcatW( szFullKey, szKey );
167 CRYPT_guid2wstr( guid, &szFullKey[ lstrlenW( szFullKey ) ] );
169 TRACE("key is %s\n", debugstr_w( szFullKey ) );
171 r = RegCreateKeyW( HKEY_LOCAL_MACHINE, szFullKey, &hKey );
172 if( r != ERROR_SUCCESS ) goto error_close_key;
174 /* write the values */
175 r = RegSetValueExW( hKey, szFuncName, 0, REG_SZ, (const BYTE*) szFunction,
176 ( lstrlenW( szFunction ) + 1 ) * sizeof (WCHAR) );
177 if( r != ERROR_SUCCESS ) goto error_close_key;
178 r = RegSetValueExW( hKey, szDllName, 0, REG_SZ, (const BYTE*) szDll,
179 ( lstrlenW( szDll ) + 1) * sizeof (WCHAR) );
188 /***********************************************************************
189 * CryptSIPAddProvider (CRYPT32.@)
191 * Add a SIP provider and its functions to the registry.
194 * psNewProv [I] Pointer to a structure with information about
195 * the functions this SIP provider can perform.
199 * Failure: FALSE. (Look at GetLastError()).
202 * Registry errors are always reported via SetLastError(). If a
203 * registry error occurs the rest of the registry write operations
206 BOOL WINAPI CryptSIPAddProvider(SIP_ADD_NEWPROVIDER *psNewProv)
208 LONG r = ERROR_SUCCESS;
210 TRACE("%p\n", psNewProv);
213 psNewProv->cbStruct != sizeof(SIP_ADD_NEWPROVIDER) ||
214 !psNewProv->pwszGetFuncName ||
215 !psNewProv->pwszPutFuncName ||
216 !psNewProv->pwszCreateFuncName ||
217 !psNewProv->pwszVerifyFuncName ||
218 !psNewProv->pwszRemoveFuncName)
220 SetLastError(ERROR_INVALID_PARAMETER);
224 TRACE("%s %s %s %s %s\n",
225 debugstr_guid( psNewProv->pgSubject ),
226 debugstr_w( psNewProv->pwszDLLFileName ),
227 debugstr_w( psNewProv->pwszMagicNumber ),
228 debugstr_w( psNewProv->pwszIsFunctionName ),
229 debugstr_w( psNewProv->pwszIsFunctionNameFmt2 ) );
231 #define CRYPT_SIPADDPROV( key, field ) \
232 r = CRYPT_SIPWriteFunction( psNewProv->pgSubject, key, \
233 psNewProv->pwszDLLFileName, psNewProv->field); \
234 if (r != ERROR_SUCCESS) goto end_function
236 CRYPT_SIPADDPROV( szPutSigned, pwszPutFuncName );
237 CRYPT_SIPADDPROV( szGetSigned, pwszGetFuncName );
238 CRYPT_SIPADDPROV( szRemoveSigned, pwszRemoveFuncName );
239 CRYPT_SIPADDPROV( szCreate, pwszCreateFuncName );
240 CRYPT_SIPADDPROV( szVerify, pwszVerifyFuncName );
241 CRYPT_SIPADDPROV( szIsMyFile, pwszIsFunctionName );
242 CRYPT_SIPADDPROV( szIsMyFile2, pwszIsFunctionNameFmt2 );
244 #undef CRYPT_SIPADDPROV
248 if (r != ERROR_SUCCESS)
257 /***********************************************************************
258 * CryptSIPRetrieveSubjectGuid (CRYPT32.@)
260 * Determine the right SIP GUID for the given file.
263 * FileName [I] Filename.
264 * hFileIn [I] Optional handle to the file.
265 * pgSubject [O] The SIP's GUID.
268 * Success: TRUE. pgSubject contains the SIP GUID.
269 * Failure: FALSE. (Look at GetLastError()).
272 * On failure pgSubject will contain a NULL GUID.
273 * The handle is always preferred above the filename.
275 BOOL WINAPI CryptSIPRetrieveSubjectGuid
276 (LPCWSTR FileName, HANDLE hFileIn, GUID *pgSubject)
283 IMAGE_DOS_HEADER *dos;
284 /* FIXME, find out if there is a name for this GUID */
285 static const GUID unknown = { 0xC689AAB8, 0x8E78, 0x11D0, { 0x8C,0x47,0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
287 TRACE("(%s %p %p)\n", wine_dbgstr_w(FileName), hFileIn, pgSubject);
289 if (!pgSubject || (!FileName && !hFileIn))
291 SetLastError(ERROR_INVALID_PARAMETER);
295 /* Set pgSubject to zero's */
296 memset(pgSubject, 0 , sizeof(GUID));
299 /* Use the given handle, make sure not to close this one ourselves */
303 hFile = CreateFileW(FileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
304 /* Last error is set by CreateFile */
305 if (hFile == INVALID_HANDLE_VALUE) return FALSE;
308 hFilemapped = CreateFileMappingA(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
309 /* Last error is set by CreateFileMapping */
310 if (!hFilemapped) goto cleanup3;
312 pMapped = MapViewOfFile(hFilemapped, FILE_MAP_READ, 0, 0, 0);
313 /* Last error is set by MapViewOfFile */
314 if (!pMapped) goto cleanup2;
316 /* Native checks it right here */
317 fileSize = GetFileSize(hFile, NULL);
320 SetLastError(ERROR_INVALID_PARAMETER);
324 /* As everything is in place now we start looking at the file header */
325 dos = (IMAGE_DOS_HEADER *)pMapped;
326 if (dos->e_magic == IMAGE_DOS_SIGNATURE)
328 *pgSubject = unknown;
335 * There is a lot more to be checked:
336 * - Check for MSFC in the header
337 * - Check for the keys CryptSIPDllIsMyFileType and CryptSIPDllIsMyFileType2
338 * under HKLM\Software\Microsoft\Cryptography\OID\EncodingType 0. Here are
339 * functions listed that need check if a SIP Provider can deal with the
343 /* Let's set the most common error for now */
344 SetLastError(TRUST_E_SUBJECT_FORM_UNKNOWN);
346 /* The 3 different cleanups are here because we shouldn't overwrite the last error */
348 UnmapViewOfFile(pMapped);
350 CloseHandle(hFilemapped);
352 /* If we didn't open this one we shouldn't close it (hFile is a copy) */
353 if (!hFileIn) CloseHandle(hFile);
358 static LONG CRYPT_OpenSIPFunctionKey(const GUID *guid, LPCWSTR function,
361 WCHAR szFullKey[ 0x100 ];
363 lstrcpyW(szFullKey, szOID);
364 lstrcatW(szFullKey, function);
365 CRYPT_guid2wstr(guid, &szFullKey[lstrlenW(szFullKey)]);
366 return RegOpenKeyExW(HKEY_LOCAL_MACHINE, szFullKey, 0, KEY_READ, key);
369 /* Loads the function named function for the SIP specified by pgSubject, and
370 * returns it if found. Returns NULL on error. If the function is loaded,
371 * *pLib is set to the library in which it is found.
373 static void *CRYPT_LoadSIPFunc(const GUID *pgSubject, LPCWSTR function,
379 WCHAR dllName[MAX_PATH];
380 char functionName[MAX_PATH];
384 TRACE("(%s, %s)\n", debugstr_guid(pgSubject), debugstr_w(function));
386 r = CRYPT_OpenSIPFunctionKey(pgSubject, function, &key);
389 /* Read the DLL entry */
390 size = sizeof(dllName);
391 r = RegQueryValueExW(key, szDllName, NULL, NULL, (LPBYTE)dllName, &size);
394 /* Read the Function entry */
395 size = sizeof(functionName);
396 r = RegQueryValueExA(key, "FuncName", NULL, NULL, (LPBYTE)functionName,
400 lib = LoadLibraryW(dllName);
403 func = GetProcAddress(lib, functionName);
411 TRACE("returning %p\n", func);
415 typedef struct _WINE_SIP_PROVIDER {
417 SIP_DISPATCH_INFO info;
421 static struct list providers = { &providers, &providers };
422 static CRITICAL_SECTION providers_cs;
423 static CRITICAL_SECTION_DEBUG providers_cs_debug =
426 { &providers_cs_debug.ProcessLocksList,
427 &providers_cs_debug.ProcessLocksList },
428 0, 0, { (DWORD_PTR)(__FILE__ ": providers_cs") }
430 static CRITICAL_SECTION providers_cs = { &providers_cs_debug, -1, 0, 0, 0, 0 };
432 static void CRYPT_CacheSIP(const GUID *pgSubject, SIP_DISPATCH_INFO *info)
434 WINE_SIP_PROVIDER *prov = CryptMemAlloc(sizeof(WINE_SIP_PROVIDER));
438 prov->subject = *pgSubject;
440 EnterCriticalSection(&providers_cs);
441 list_add_tail(&providers, &prov->entry);
442 LeaveCriticalSection(&providers_cs);
446 static WINE_SIP_PROVIDER *CRYPT_GetCachedSIP(const GUID *pgSubject)
448 WINE_SIP_PROVIDER *provider = NULL, *ret = NULL;
450 EnterCriticalSection(&providers_cs);
451 LIST_FOR_EACH_ENTRY(provider, &providers, WINE_SIP_PROVIDER, entry)
453 if (IsEqualGUID(pgSubject, &provider->subject))
456 if (provider && IsEqualGUID(pgSubject, &provider->subject))
458 LeaveCriticalSection(&providers_cs);
462 static inline BOOL CRYPT_IsSIPCached(const GUID *pgSubject)
464 return CRYPT_GetCachedSIP(pgSubject) != NULL;
467 void crypt_sip_free(void)
469 WINE_SIP_PROVIDER *prov, *next;
471 LIST_FOR_EACH_ENTRY_SAFE(prov, next, &providers, WINE_SIP_PROVIDER, entry)
473 list_remove(&prov->entry);
474 FreeLibrary(prov->info.hSIP);
479 /* Loads the SIP for pgSubject into the global cache. Returns FALSE if the
480 * SIP isn't registered or is invalid.
482 static BOOL CRYPT_LoadSIP(const GUID *pgSubject)
484 SIP_DISPATCH_INFO sip = { 0 };
485 HMODULE lib = NULL, temp = NULL;
487 sip.pfGet = CRYPT_LoadSIPFunc(pgSubject, szGetSigned, &lib);
490 sip.pfPut = CRYPT_LoadSIPFunc(pgSubject, szPutSigned, &temp);
491 if (!sip.pfPut || temp != lib)
494 sip.pfCreate = CRYPT_LoadSIPFunc(pgSubject, szCreate, &temp);
495 if (!sip.pfCreate || temp != lib)
498 sip.pfVerify = CRYPT_LoadSIPFunc(pgSubject, szVerify, &temp);
499 if (!sip.pfVerify || temp != lib)
502 sip.pfRemove = CRYPT_LoadSIPFunc(pgSubject, szRemoveSigned, &temp);
503 if (!sip.pfRemove || temp != lib)
507 CRYPT_CacheSIP(pgSubject, &sip);
513 SetLastError(TRUST_E_SUBJECT_FORM_UNKNOWN);
517 /***********************************************************************
518 * CryptSIPLoad (CRYPT32.@)
520 * Load some internal crypt32 functions into a SIP_DISPATCH_INFO structure.
523 * pgSubject [I] The GUID.
525 * pSipDispatch [I] The loaded functions.
528 * Success: TRUE. pSipDispatch contains the functions.
529 * Failure: FALSE. (Look at GetLastError()).
532 * CryptSIPLoad uses caching for the list of GUIDs and whether a SIP is
535 * An application calls CryptSipLoad which will return a structure with the
536 * function addresses of some internal crypt32 functions. The application will
537 * then call these functions which will be forwarded to the appropriate SIP.
539 * CryptSIPLoad will load the needed SIP but doesn't unload this dll. The unloading
540 * is done when crypt32 is unloaded.
542 BOOL WINAPI CryptSIPLoad
543 (const GUID *pgSubject, DWORD dwFlags, SIP_DISPATCH_INFO *pSipDispatch)
545 TRACE("(%s %d %p)\n", debugstr_guid(pgSubject), dwFlags, pSipDispatch);
547 if (!pgSubject || dwFlags != 0 || !pSipDispatch)
549 SetLastError(ERROR_INVALID_PARAMETER);
552 if (!CRYPT_IsSIPCached(pgSubject) && !CRYPT_LoadSIP(pgSubject))
555 pSipDispatch->hSIP = NULL;
556 pSipDispatch->pfGet = CryptSIPGetSignedDataMsg;
557 pSipDispatch->pfPut = CryptSIPPutSignedDataMsg;
558 pSipDispatch->pfCreate = CryptSIPCreateIndirectData;
559 pSipDispatch->pfVerify = CryptSIPVerifyIndirectData;
560 pSipDispatch->pfRemove = CryptSIPRemoveSignedDataMsg;
565 /***********************************************************************
566 * CryptSIPCreateIndirectData (CRYPT32.@)
568 BOOL WINAPI CryptSIPCreateIndirectData(SIP_SUBJECTINFO* pSubjectInfo, DWORD* pcbIndirectData,
569 SIP_INDIRECT_DATA* pIndirectData)
571 WINE_SIP_PROVIDER *sip;
574 TRACE("(%p %p %p)\n", pSubjectInfo, pcbIndirectData, pIndirectData);
576 if ((sip = CRYPT_GetCachedSIP(pSubjectInfo->pgSubjectType)))
577 ret = sip->info.pfCreate(pSubjectInfo, pcbIndirectData, pIndirectData);
578 TRACE("returning %d\n", ret);
582 /***********************************************************************
583 * CryptSIPGetSignedDataMsg (CRYPT32.@)
585 BOOL WINAPI CryptSIPGetSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo, DWORD* pdwEncodingType,
586 DWORD dwIndex, DWORD* pcbSignedDataMsg, BYTE* pbSignedDataMsg)
588 WINE_SIP_PROVIDER *sip;
591 TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
592 pcbSignedDataMsg, pbSignedDataMsg);
594 if ((sip = CRYPT_GetCachedSIP(pSubjectInfo->pgSubjectType)))
595 ret = sip->info.pfGet(pSubjectInfo, pdwEncodingType, dwIndex,
596 pcbSignedDataMsg, pbSignedDataMsg);
597 TRACE("returning %d\n", ret);
601 /***********************************************************************
602 * CryptSIPPutSignedDataMsg (CRYPT32.@)
604 BOOL WINAPI CryptSIPPutSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo, DWORD pdwEncodingType,
605 DWORD* pdwIndex, DWORD cbSignedDataMsg, BYTE* pbSignedDataMsg)
607 WINE_SIP_PROVIDER *sip;
610 TRACE("(%p %d %p %d %p)\n", pSubjectInfo, pdwEncodingType, pdwIndex,
611 cbSignedDataMsg, pbSignedDataMsg);
613 if ((sip = CRYPT_GetCachedSIP(pSubjectInfo->pgSubjectType)))
614 ret = sip->info.pfPut(pSubjectInfo, pdwEncodingType, pdwIndex,
615 cbSignedDataMsg, pbSignedDataMsg);
616 TRACE("returning %d\n", ret);
620 /***********************************************************************
621 * CryptSIPRemoveSignedDataMsg (CRYPT32.@)
623 BOOL WINAPI CryptSIPRemoveSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo,
626 WINE_SIP_PROVIDER *sip;
629 TRACE("(%p %d)\n", pSubjectInfo, dwIndex);
631 if ((sip = CRYPT_GetCachedSIP(pSubjectInfo->pgSubjectType)))
632 ret = sip->info.pfRemove(pSubjectInfo, dwIndex);
633 TRACE("returning %d\n", ret);
637 /***********************************************************************
638 * CryptSIPVerifyIndirectData (CRYPT32.@)
640 BOOL WINAPI CryptSIPVerifyIndirectData(SIP_SUBJECTINFO* pSubjectInfo,
641 SIP_INDIRECT_DATA* pIndirectData)
643 WINE_SIP_PROVIDER *sip;
646 TRACE("(%p %p)\n", pSubjectInfo, pIndirectData);
648 if ((sip = CRYPT_GetCachedSIP(pSubjectInfo->pgSubjectType)))
649 ret = sip->info.pfVerify(pSubjectInfo, pIndirectData);
650 TRACE("returning %d\n", ret);