//+------------------------------------------------------------------------- // // Microsoft Windows // // Copyright (C) Microsoft Corporation, 1996 - 1999 // // File: sipguid.cpp // // Contents: Microsoft Internet Security SIP Provider // // Functions: CryptSIPRetrieveSubjectGuid // // *** local functions *** // _DetermineWhichPE // _QueryLoadedIsMyFileType // _QueryRegisteredIsMyFileType // // History: 03-Jun-1997 pberkman created // //-------------------------------------------------------------------------- #include "global.hxx" #include "cryptreg.h" #include "sipbase.h" #include "mssip.h" #include "mscat.h" #include "sipguids.h" // located in pki-mssip32 BOOL _FindGuidFromMagicNumber(BYTE *pszMN, GUID *pgRet); BOOL _DetermineWhichPE(BYTE *pbFile, DWORD cbFile, GUID *pgRet); static inline DWORD FourBToDWORD(BYTE rgb[]) { return ((DWORD)rgb[0]<<24) | ((DWORD)rgb[1]<<16) | ((DWORD)rgb[2]<<8) | ((DWORD)rgb[3]<<0); } static inline void DWORDToFourB(DWORD dwIn, BYTE *pszOut) { pszOut[0] = (BYTE)((dwIn >> 24) & 0x000000FF); pszOut[1] = (BYTE)((dwIn >> 16) & 0x000000FF); pszOut[2] = (BYTE)((dwIn >> 8) & 0x000000FF); pszOut[3] = (BYTE)( dwIn & 0x000000FF); } #define PE_EXE_HEADER_TAG "MZ" #define CAB_MAGIC_NUMBER "MSCF" BOOL WINAPI CryptSIPRetrieveSubjectGuid(IN LPCWSTR FileName, IN OPTIONAL HANDLE hFileIn, OUT GUID *pgSubject) { BYTE *pbFile; DWORD cbFile; DWORD dwCheck; HANDLE hMappedFile; BOOL bCloseFile; BOOL fRet; DWORD dwException=0; PCCTL_CONTEXT pCTLContext=NULL; bCloseFile = FALSE; pbFile = NULL; fRet = TRUE; if (!(pgSubject)) { goto InvalidParameter; } memset(pgSubject, 0x00, sizeof(GUID)); if ((hFileIn == NULL) || (hFileIn == INVALID_HANDLE_VALUE)) { if (!(FileName)) { goto InvalidParameter; } if ((hFileIn = CreateFileU(FileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE) { goto FileOpenError; } bCloseFile = TRUE; } hMappedFile = CreateFileMapping(hFileIn, NULL, PAGE_READONLY, 0, 0, NULL); if (!(hMappedFile) || (hMappedFile == INVALID_HANDLE_VALUE)) { goto FileMapError; } pbFile = (BYTE *)MapViewOfFile(hMappedFile, FILE_MAP_READ, 0, 0, 0); CloseHandle(hMappedFile); cbFile = GetFileSize(hFileIn, NULL); if (cbFile < SIP_MAX_MAGIC_NUMBER) { goto FileSizeError; } //we need to check for the pbFile if(NULL == pbFile) goto FileMapError; //we need to handle the exception when we access the mapped file __try { // // PE // if (memcmp(&pbFile[0], PE_EXE_HEADER_TAG, strlen(PE_EXE_HEADER_TAG)) == 0) { // // if it is an Exe, Dll, Ocx, etc. make sure it is a 32 bit PE and set the // "internal" magic number. // if (_DetermineWhichPE(pbFile, cbFile, pgSubject)) { goto CommonReturn; } } // // CAB // if (memcmp(&pbFile[0], CAB_MAGIC_NUMBER, strlen(CAB_MAGIC_NUMBER)) == 0) { GUID gCAB = CRYPT_SUBJTYPE_CABINET_IMAGE; memcpy(pgSubject, &gCAB, sizeof(GUID)); goto CommonReturn; } // // JAVA Class // dwCheck = FourBToDWORD(&pbFile[0]); if (dwCheck == 0xCAFEBABE) { GUID gJClass = CRYPT_SUBJTYPE_JAVACLASS_IMAGE; memcpy(pgSubject, &gJClass, sizeof(GUID)); goto CommonReturn; } // // Catalog/CTL // if (pbFile[0] == 0x30) // could be a PKCS#7! { // // we could be a PKCS7.... check for CTL // pCTLContext = (PCCTL_CONTEXT) CertCreateContext( CERT_STORE_CTL_CONTEXT, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, pbFile, cbFile, CERT_CREATE_CONTEXT_NOCOPY_FLAG | CERT_CREATE_CONTEXT_NO_HCRYPTMSG_FLAG | CERT_CREATE_CONTEXT_NO_ENTRY_FLAG, NULL // pCreatePara ); if (pCTLContext) { if (pCTLContext->pCtlInfo->SubjectUsage.cUsageIdentifier) { char *pszCatalogListUsageOID = szOID_CATALOG_LIST; if (strcmp(pCTLContext->pCtlInfo->SubjectUsage.rgpszUsageIdentifier[0], pszCatalogListUsageOID) == 0) { GUID gCat = CRYPT_SUBJTYPE_CATALOG_IMAGE; memcpy(pgSubject, &gCat, sizeof(GUID)); CertFreeCTLContext(pCTLContext); pCTLContext=NULL; goto CommonReturn; } } // // otherwise, it is a CTL of some other type... // GUID gCTL = CRYPT_SUBJTYPE_CTL_IMAGE; memcpy(pgSubject, &gCTL, sizeof(GUID)); CertFreeCTLContext(pCTLContext); pCTLContext=NULL; goto CommonReturn; } } //we need to unmap the file if(pbFile) { UnmapViewOfFile(pbFile); pbFile=NULL; } // // none that we know about... Check the providers... // if (_QueryRegisteredIsMyFileType(hFileIn, FileName, pgSubject)) { goto CommonReturn; } } __except(EXCEPTION_EXECUTE_HANDLER) { dwException = GetExceptionCode(); goto ExceptionError; } // // cant find any provider to support this file type... // goto NoSIPProviderFound; CommonReturn: //we need to handle the exception when we access the mapped file if (pbFile) { UnmapViewOfFile(pbFile); } if(pCTLContext) { CertFreeCTLContext(pCTLContext); } if ((hFileIn) && (hFileIn != INVALID_HANDLE_VALUE)) { if (bCloseFile) { CloseHandle(hFileIn); } } return(fRet); ErrorReturn: fRet = FALSE; goto CommonReturn; SET_ERROR_VAR_EX(DBG_SS, InvalidParameter, ERROR_INVALID_PARAMETER); SET_ERROR_VAR_EX(DBG_SS, NoSIPProviderFound, TRUST_E_SUBJECT_FORM_UNKNOWN); SET_ERROR_VAR_EX(DBG_SS, FileOpenError, GetLastError()); SET_ERROR_VAR_EX(DBG_SS, FileMapError, GetLastError()); SET_ERROR_VAR_EX(DBG_SS, FileSizeError, ERROR_INVALID_PARAMETER); SET_ERROR_VAR_EX(DBG_SS, ExceptionError, dwException); } BOOL _DetermineWhichPE(BYTE *pbFile, DWORD cbFile, GUID *pgRet) { IMAGE_DOS_HEADER *pDosHead; pDosHead = (IMAGE_DOS_HEADER *)pbFile; if (pDosHead->e_magic == IMAGE_DOS_SIGNATURE) { if (cbFile >= sizeof(IMAGE_DOS_HEADER)) { if (cbFile >= (sizeof(IMAGE_DOS_HEADER) + pDosHead->e_lfanew)) { IMAGE_NT_HEADERS *pNTHead; pNTHead = (IMAGE_NT_HEADERS *)((ULONG_PTR)pDosHead + pDosHead->e_lfanew); if (pNTHead->Signature == IMAGE_NT_SIGNATURE) { GUID gPE = CRYPT_SUBJTYPE_PE_IMAGE; memcpy(pgRet, &gPE, sizeof(GUID)); return(TRUE); } } } } return(FALSE); } BOOL WINAPI CryptSIPRetrieveSubjectGuidForCatalogFile(IN LPCWSTR FileName, IN OPTIONAL HANDLE hFileIn, OUT GUID *pgSubject) { BYTE *pbFile; DWORD cbFile; HANDLE hMappedFile; BOOL bCloseFile; BOOL fRet; DWORD dwException = 0; GUID gFlat = CRYPT_SUBJTYPE_FLAT_IMAGE; bCloseFile = FALSE; pbFile = NULL; fRet = TRUE; if (!(pgSubject)) { goto InvalidParameter; } memset(pgSubject, 0x00, sizeof(GUID)); if ((hFileIn == NULL) || (hFileIn == INVALID_HANDLE_VALUE)) { if (!(FileName)) { goto InvalidParameter; } if ((hFileIn = CreateFileU(FileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE) { goto FileOpenError; } bCloseFile = TRUE; } hMappedFile = CreateFileMapping(hFileIn, NULL, PAGE_READONLY, 0, 0, NULL); if (!(hMappedFile) || (hMappedFile == INVALID_HANDLE_VALUE)) { goto FileMapError; } pbFile = (BYTE *)MapViewOfFile(hMappedFile, FILE_MAP_READ, 0, 0, 0); CloseHandle(hMappedFile); cbFile = GetFileSize(hFileIn, NULL); if (cbFile < SIP_MAX_MAGIC_NUMBER) { goto FlatFile; } //we need to check for the pbFile if(NULL == pbFile) goto FileMapError; //we need to handle the exception when we access the mapped file __try { // // PE // if (memcmp(&pbFile[0], PE_EXE_HEADER_TAG, strlen(PE_EXE_HEADER_TAG)) == 0) { // // if it is an Exe, Dll, Ocx, etc. make sure it is a 32 bit PE and set the // "internal" magic number. // if (_DetermineWhichPE(pbFile, cbFile, pgSubject)) { goto CommonReturn; } } // // CAB // if (memcmp(&pbFile[0], CAB_MAGIC_NUMBER, strlen(CAB_MAGIC_NUMBER)) == 0) { GUID gCAB = CRYPT_SUBJTYPE_CABINET_IMAGE; memcpy(pgSubject, &gCAB, sizeof(GUID)); goto CommonReturn; } } __except(EXCEPTION_EXECUTE_HANDLER) { dwException = GetExceptionCode(); goto ExceptionError; } // // Not PE, so go for flat // FlatFile: memcpy(pgSubject, &gFlat, sizeof(GUID)); CommonReturn: __try { if (pbFile) { UnmapViewOfFile(pbFile); } } __except(EXCEPTION_EXECUTE_HANDLER) { // can't really do anything } if ((hFileIn) && (hFileIn != INVALID_HANDLE_VALUE)) { if (bCloseFile) { CloseHandle(hFileIn); } } return(fRet); ErrorReturn: fRet = FALSE; goto CommonReturn; SET_ERROR_VAR_EX(DBG_SS, InvalidParameter, ERROR_INVALID_PARAMETER); SET_ERROR_VAR_EX(DBG_SS, FileOpenError, GetLastError()); SET_ERROR_VAR_EX(DBG_SS, FileMapError, GetLastError()); SET_ERROR_VAR_EX(DBG_SS, ExceptionError, dwException); }