CryptMsgGetParam函数分析之CMSG_INNER_CONTENT_TYPE_PARAM

第0部分：

LONG _VerifyTrust(
IN HWND hWnd,
IN GUID *pgActionID,
IN OUT PWINTRUST_DATA pWinTrustData,
OUT OPTIONAL BYTE *pbSubjectHash,
IN OPTIONAL OUT DWORD *pcbSubjectHash,
OUT OPTIONAL ALG_ID *pHashAlgid
)
{

。。。。。。

     if ( fVersion1WVTCalled == FALSE )
{
if (sProvData.psPfns->pfnInitialize)
{
(*sProvData.psPfns->pfnInitialize)(&sProvData);
}

            if (sProvData.psPfns->pfnObjectTrust)
{
(*sProvData.psPfns->pfnObjectTrust)(&sProvData);
}

            if (sProvData.psPfns->pfnSignatureTrust)
{
(*sProvData.psPfns->pfnSignatureTrust)(&sProvData);
}

第一部分：

HRESULT WINAPI SoftpubLoadMessage(CRYPT_PROVIDER_DATA *pProvData)
{

    if (!(_GetMessage(pProvData)))
{
return(S_FALSE);
}

    if (!(_ExplodeMessage(pProvData)))
{
return(S_FALSE);
}

第二部分：

BOOL _ExplodeMessage(CRYPT_PROVIDER_DATA *pProvData)
{

    // inner content type
cbSize = 0;

    CryptMsgGetParam(pProvData->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, NULL, &cbSize);

    if (cbSize == 0)
{
pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = CRYPT_E_BAD_MSG;
pProvData->padwTrustStepErrors[TRUSTERROR_STEP_MSG_INNERCNTTYPE] = GetLastError();

        return(FALSE);
}

    if (!(pb = (BYTE *)pProvData->psPfns->pfnAlloc(cbSize + 1)))
{
pProvData->dwError = GetLastError();
pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = TRUST_E_SYSTEM_ERROR;

        return(FALSE);
}

    if (!(CryptMsgGetParam(pProvData->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0,
pb, &cbSize)))
{

    if (strcmp((char *)pb, SPC_INDIRECT_DATA_OBJID) == 0)
{
pProvData->psPfns->pfnFree(pb);

        cbContent = 0;

        CryptMsgGetParam(pProvData->hMsg, CMSG_CONTENT_PARAM, 0, NULL, &cbContent);

第三部分：

chenghao@chenghaodeiMac srv03rtm % grep "CMSG_INNER_CONTENT_TYPE_PARAM" -nr ./public/sdk |grep -v "inary"
./public/sdk/inc/wincrypt.h:5552:#define CMSG_INNER_CONTENT_TYPE_PARAM                4
./public/sdk/inc/wincrypt.h:5617://  CMSG_INNER_CONTENT_TYPE_PARAM
chenghao@chenghaodeiMac srv03rtm % 

//+-------------------------------------------------------------------------
//  Get parameter types and their corresponding data structure definitions.
//--------------------------------------------------------------------------
#define CMSG_TYPE_PARAM                              1
#define CMSG_CONTENT_PARAM                           2
#define CMSG_BARE_CONTENT_PARAM                      3
#define CMSG_INNER_CONTENT_TYPE_PARAM                4
#define CMSG_SIGNER_COUNT_PARAM                      5
#define CMSG_SIGNER_INFO_PARAM                       6
#define CMSG_SIGNER_CERT_INFO_PARAM                  7
#define CMSG_SIGNER_HASH_ALGORITHM_PARAM             8
#define CMSG_SIGNER_AUTH_ATTR_PARAM                  9
#define CMSG_SIGNER_UNAUTH_ATTR_PARAM                10
#define CMSG_CERT_COUNT_PARAM                        11
#define CMSG_CERT_PARAM                              12
#define CMSG_CRL_COUNT_PARAM                         13
#define CMSG_CRL_PARAM                               14
#define CMSG_ENVELOPE_ALGORITHM_PARAM                15
#define CMSG_RECIPIENT_COUNT_PARAM                   17
#define CMSG_RECIPIENT_INDEX_PARAM                   18
#define CMSG_RECIPIENT_INFO_PARAM                    19
#define CMSG_HASH_ALGORITHM_PARAM                    20
#define CMSG_HASH_DATA_PARAM                         21
#define CMSG_COMPUTED_HASH_PARAM                     22
#define CMSG_ENCRYPT_PARAM                           26
#define CMSG_ENCRYPTED_DIGEST                        27
#define CMSG_ENCODED_SIGNER                          28
#define CMSG_ENCODED_MESSAGE                         29
#define CMSG_VERSION_PARAM                           30
#define CMSG_ATTR_CERT_COUNT_PARAM                   31
#define CMSG_ATTR_CERT_PARAM                         32
#define CMSG_CMS_RECIPIENT_COUNT_PARAM               33
#define CMSG_CMS_RECIPIENT_INDEX_PARAM               34
#define CMSG_CMS_RECIPIENT_ENCRYPTED_KEY_INDEX_PARAM 35
#define CMSG_CMS_RECIPIENT_INFO_PARAM                36
#define CMSG_UNPROTECTED_ATTR_PARAM                  37
#define CMSG_SIGNER_CERT_ID_PARAM                    38
#define CMSG_CMS_SIGNER_INFO_PARAM                   39

//+-------------------------------------------------------------------------
//  CMSG_CONTENT_PARAM
//
//  The encoded content of a cryptographic message. Depending on how the
//  message was opened, the content is either the whole PKCS#7
//  message (opened to encode) or the inner content (opened to decode).
//  In the decode case, the decrypted content is returned, if enveloped.
//  If not enveloped, and if the inner content is of type DATA, the returned
//  data is the contents octets of the inner content.
//
//  pvData points to the buffer receiving the content bytes
//--------------------------------------------------------------------------

//+-------------------------------------------------------------------------
//  CMSG_INNER_CONTENT_TYPE_PARAM
//
//  The type of the inner content of a decoded cryptographic message,
//  in the form of a NULL-terminated object identifier string
//  (eg. "1.2.840.113549.1.7.1").
//
//  pvData points to the buffer receiving the object identifier string
//--------------------------------------------------------------------------

第四部分：

BOOL
WINAPI
#ifdef DEBUG_CRYPT_ASN1_MASTER
ICMTest_NewCryptMsgGetParam(
#else
CryptMsgGetParam(
#endif
IN HCRYPTMSG hCryptMsg,
IN DWORD dwParamType,
IN DWORD dwIndex,
OUT void *pvData,
IN OUT DWORD *pcbData)
{

if (pcmi->fEncoding) {
switch (dwParamType) {
case CMSG_CONTENT_PARAM:
case CMSG_BARE_CONTENT_PARAM:
{

    } else {
//
// Decode
//
switch (dwParamType) {
case CMSG_TYPE_PARAM:
if (pcsi && (0 == pcmi->dwMsgType))
goto StreamMsgNotReadyError;
fRet = ICM_GetDWORD( pcmi->dwMsgType, pvData, pcbData);
break;
case CMSG_CONTENT_PARAM:
{
ContentInfo     *pci;
PCONTENT_INFO   pci2;
PBYTE           pbDER = NULL;
DWORD           cbDER;
PBYTE           pb;
DWORD           cb;

                if (pcsi)
goto GetContentParamNotValidForStreaming;

                switch (pcmi->dwMsgType) {
case CMSG_DATA:
{
OctetStringType *poos = (OctetStringType *)pcmi->pvMsg;

                    pb = (PBYTE)poos->value;
cb = poos->length;
fRet = ICM_CopyOut( pb, cb, (PBYTE)pvData, pcbData);
break;
}
case CMSG_SIGNED:
if (NULL == pcmi->psdi)
goto InvalidSignedMessageError;
pci2 = pcmi->psdi->pci;
if (pci2->content.cbData) {
cb = pci2->content.cbData;
pb = pci2->content.pbData;

                        if (0 == strcmp(pszObjIdDataType,
pci2->pszContentType)
#ifdef CMS_PKCS7
||  pcmi->psdi->version >= CMSG_SIGNED_DATA_CMS_VERSION 
#endif  // CMS_PKCS7
) {
if (!ICM_ReEncodeAsOctetDER(
pb,
cb,
&pbDER,
&cbDER
))
goto ReEncodeAsOctetDERError;
if (pbDER) {
if (0 > Asn1UtilExtractContent( pbDER, cbDER,
&cb, (const BYTE **)&pb)) {
PkiAsn1FreeEncoded( ICM_GetEncoder(), pbDER);
goto ExtractContentError;
}
}
}

                        fRet = ICM_CopyOut( pb, cb, (PBYTE)pvData, pcbData);
if (!fRet)
dwError = GetLastError();
if (pbDER)
PkiAsn1FreeEncoded( ICM_GetEncoder(), pbDER);
if (!fRet)
SetLastError(dwError);
} else {
*pcbData = 0;
fRet = TRUE;
}
break;
case CMSG_ENVELOPED:
if (NULL == pcmi->Plaintext.pbData) {
// Hasn't been decrypted yet

                        EncryptedContentInfo *peci;
PBYTE pbCiphertext;
DWORD cbCiphertext;
#ifdef CMS_PKCS7
peci = &((CmsEnvelopedData *)pcmi->pvMsg)->encryptedContentInfo;
#else
peci = &((EnvelopedData *)pcmi->pvMsg)->encryptedContentInfo;
#endif  // CMS_PKCS7

                        if (peci->bit_mask & encryptedContent_present) {
pbCiphertext = peci->encryptedContent.value;
cbCiphertext = peci->encryptedContent.length;
} else {
pbCiphertext = NULL;
cbCiphertext = 0;
}

if (NULL == pvData) {
// Assume (sizeof plaintext) <=
// (sizeof ciphertext)
//
// not decrypted yet; return ciphertext size

                            fRet = TRUE;
// + 6 => to allow for identifier and length octets
*pcbData = cbCiphertext + 6;
} else
// Return ciphertext
fRet = ICM_CopyOut(
pbCiphertext,
cbCiphertext,
(PBYTE)pvData,
pcbData);
goto ContentCopiedOut;
}

                    if (!ICM_EqualObjectIDs(
#ifdef CMS_PKCS7
&((CmsEnvelopedData *)pcmi->pvMsg)->encryptedContentInfo.contentType,
&aoidMessages[ CMSG_DATA - 1])
&&
CMSG_ENVELOPED_DATA_CMS_VERSION >
((CmsEnvelopedData *)pcmi->pvMsg)->version) {
#else
&((EnvelopedData *)pcmi->pvMsg)->encryptedContentInfo.contentType,
&aoidMessages[ CMSG_DATA - 1])) {
#endif  // CMS_PKCS7
// Not DATA or encapsulated, so must prepend
// identifier and length octets
fRet = ICM_CopyOutAddDERPrefix(
pcmi->Plaintext.pbData,
pcmi->Plaintext.cbData,
ICM_TAG_SEQ,
(PBYTE)pvData,
pcbData);
} else {
fRet = ICM_CopyOut(
pcmi->Plaintext.pbData,
pcmi->Plaintext.cbData,
(PBYTE)pvData,
pcbData);
}
goto ContentCopiedOut;

                case CMSG_HASHED:
pci = &((DigestedData *)pcmi->pvMsg)->contentInfo;
if (pci->bit_mask & content_present) {
cb = (DWORD)pci->content.length;
pb = (PBYTE)pci->content.value;

                        if (ICM_EqualObjectIDs(
&pci->contentType,
&aoidMessages[ CMSG_DATA - 1])
#ifdef CMS_PKCS7
|| ((DigestedData *)pcmi->pvMsg)->version >=
CMSG_HASHED_DATA_V2 
#endif  // CMS_PKCS7
) {
if (!ICM_ReEncodeAsOctetDER(
pb,
cb,
&pbDER,
&cbDER
))
goto ReEncodeAsOctetDERError;
if (pbDER) {
if (0 > Asn1UtilExtractContent( pbDER, cbDER,
&cb, (const BYTE **)&pb)) {
PkiAsn1FreeEncoded( ICM_GetEncoder(), pbDER);
goto ExtractContentError;
}
}
}

                        fRet = ICM_CopyOut( pb, cb, (PBYTE)pvData, pcbData);
if (!fRet)
dwError = GetLastError();
if (pbDER)
PkiAsn1FreeEncoded( ICM_GetEncoder(), pbDER);
if (!fRet)
SetLastError(dwError);
} else {
*pcbData = 0;
fRet = TRUE;
}
break;
case CMSG_SIGNED_AND_ENVELOPED:
case CMSG_ENCRYPTED:
goto MessageTypeNotSupportedYet;
default:
goto InvalidMsgType;
}
ContentCopiedOut:
break;
}

        case CMSG_INNER_CONTENT_TYPE_PARAM:
{
ContentType     *pct;

                switch (pcmi->dwMsgType) {
case CMSG_SIGNED:
if (NULL == pcmi->psdi)
goto InvalidSignedMessageError;
fRet = ICM_CopyOut(
(PBYTE)pcmi->psdi->pci->pszContentType,
strlen( pcmi->psdi->pci->pszContentType) + 1,
(PBYTE)pvData,
pcbData);
goto ContentTypeCopiedOut;
break;
case CMSG_ENVELOPED:
#ifdef CMS_PKCS7
pct = &((CmsEnvelopedData *)pcmi->pvMsg)->encryptedContentInfo.contentType;
#else
pct = &((EnvelopedData *)pcmi->pvMsg)->encryptedContentInfo.contentType;
#endif  // CMS_PKCS7
break;
case CMSG_HASHED:
pct = &((DigestedData *)pcmi->pvMsg)->contentInfo.contentType;
break;
case CMSG_SIGNED_AND_ENVELOPED:
case CMSG_ENCRYPTED:
goto MessageTypeNotSupportedYet;
default:
goto InvalidMsgType;
}
fRet = PkiAsn1FromObjectIdentifier(
pct->count,
pct->value,
(LPSTR)pvData,
pcbData);
ContentTypeCopiedOut:
break;
}

        case CMSG_ENCODED_MESSAGE:
fRet = ICM_GetEncodedMessageParam(
pcmi,
(PBYTE)pvData,
pcbData);
break;

第五部分：

./ds/security/cryptoapi/pki/wincrmsg/wincrmsg.cpp:3443:    pcmi->dwMsgType = CMSG_SIGNED;
./ds/security/cryptoapi/pki/wincrmsg/wincrmsg.cpp:3752:    pcmi->dwMsgType = CMSG_SIGNED;
./ds/security/cryptoapi/pki/wincrmsg/wincrmsg.cpp:3850:    pcmi->dwMsgType         = CMSG_DATA;
./ds/security/cryptoapi/pki/wincrmsg/wincrmsg.cpp:3953:    pcmi->dwMsgType         = CMSG_HASHED;
./ds/security/cryptoapi/pki/wincrmsg/wincrmsg.cpp:6820:    pcmi->dwMsgType = CMSG_ENVELOPED;
./ds/security/cryptoapi/pki/wincrmsg/wincrmsg.cpp:7346:    pcmi->dwMsgType = CMSG_ENVELOPED;
./ds/security/cryptoapi/pki/wincrmsg/wincrmsg.cpp:7558:    pcmi->dwMsgType = CMSG_SIGNED_AND_ENVELOPED;
./ds/security/cryptoapi/pki/wincrmsg/wincrmsg.cpp:7767:    pcmi->dwMsgType         = dwMsgType;

HCRYPTMSG
WINAPI
#ifdef DEBUG_CRYPT_ASN1_MASTER
ICMTest_NewCryptMsgOpenToEncode(
#else
CryptMsgOpenToEncode(
#endif
IN DWORD dwEncodingType,
IN DWORD dwFlags,
IN DWORD dwMsgType,
IN void const *pvMsgEncodeInfo,
IN OPTIONAL LPSTR pszInnerContentObjID,
IN OPTIONAL PCMSG_STREAM_INFO pStreamInfo)
{

case CMSG_HASHED:
hcrmsg = ICM_OpenToEncodeDigestedData(
dwEncodingType,
dwFlags,
pvMsgEncodeInfo,
pszInnerContentObjID,
pStreamInfo);
break;