Function

tCryptography.CheckSig

Module

XuDsigS

Last Modified

7/15/2014 3:26:44 PM

Visibility

Private

Owner

tCryptography

Declaration

function CheckSig(pBlob: pointer; Blobsize: DWORD): boolean;

Calls Hierarchy


tCryptography.CheckSig
 ├CryptMsgOpenToDecode
 ├CryptMsgUpdate
 ├tCryptography.RaiseErr
 ├CryptMsgGetParam
 ├CertOpenStore
 ├CertGetSubjectCertificateFromStore
 ├CertGetNameString
 ├CryptMsgControl
 ├CertVerifyTimeValidity
 └tCryptography.Release
   ├tCryptography.sCardReattach
   │ └SCardReconnect
   ├CryptMsgClose
   ├CertFreeCertificateContext
   ├CertCloseStore
   ├SCardDisconnect
   └SCardReleaseContext

Called-By Hierarchy


      tCryptography.CheckSig
tCryptography.Certsigndata┘ 
  tCryptography.SignData┘   

Calls

Name Declaration Comments
CertGetNameString function CertGetNameString(pCertContext: PCCERT_CONTEXT; dwType: DWORD; dwFlags: DWORD; pvTypePara: DWORD; pNameString: PChar; cchNameString: DWORD): BOOL; stdcall; -
CertGetSubjectCertificateFromStore function CertGetSubjectCertificateFromStore(hCertStore :HCERTSTORE; dwCertEncodingType :DWORD; pCertId :PCERT_INFO -
CertOpenStore function CertOpenStore(lpszStoreProvider :LPCSTR; dwEncodingType :DWORD; hCryptProv :HCRYPTPROV; dwFlags :DWORD; const pvPara :PVOID):HCERTSTORE ; stdcall; -
CertVerifyTimeValidity function CertVerifyTimeValidity(pTimeToVerify :PFILETIME; pCertInfo :PCERT_INFO):LONG ; stdcall; -
CryptMsgControl function CryptMsgControl(hCryptMsg :HCRYPTMSG; dwFlags :DWORD; dwCtrlType :DWORD; pvCtrlPara :PVOID):BOOL ; stdcall; -
CryptMsgGetParam function CryptMsgGetParam(hCryptMsg :HCRYPTMSG; dwParamType :DWORD; dwIndex :DWORD; pvData :PVOID; pcbData :PDWORD):BOOL ; stdcall; -
CryptMsgOpenToDecode function CryptMsgOpenToDecode(dwMsgEncodingType :DWORD; dwFlags :DWORD; dwMsgType :DWORD; hCryptProv :HCRYPTPROV; pRecipientInfo :PCERT_INFO; -
CryptMsgUpdate function CryptMsgUpdate(hCryptMsg :HCRYPTMSG; const pbData :PBYTE; cbData :DWORD; fFinal :BOOL):BOOL ; stdcall; -
tCryptography.RaiseErr procedure RaiseErr(msg: string); -
tCryptography.Release procedure Release; -

Called-By

Name Declaration Comments
tCryptography.Certsigndata procedure Certsigndata; -


Source

957   function tCryptography.CheckSig(pBlob: pointer; Blobsize: DWORD): boolean;
958   var
959     LastErr: DWORD;
960     pbDecoded: array of byte;
961     cbDecoded, cbSignerCertInfo: DWORD;
962     hMsg: HCRYPTMSG;
963     CertInfoBlob: array of DWORD;
964     str, NameString: string;
965     pTime: PFileTime;
966     i: integer;
967   begin
968     Result := false;
969     //---------------
970     subReason := 'SC msgOpen fail';
971     //Lets see if we can reload the msg.
972     hMsg := CryptMsgOpenToDecode(c_ENCODING_TYPE,        // Encoding type.
973                      0,            // Flags.
974                      0,            // Use the default message type.
975                                    // The message type is
976                                    // listed in the message header.
977                      0,            // Cryptographic provider. Use NULL
978                                    // for the default provider.
979                      nil,          // Recipient information.
980                      nil);         // Stream information.
981     if hMsg = nil then
982       Exit;
983     //--------------------------------------------------------------------
984     //  Update the message with an encoded blob.
985     //  Both pbEncodedBlob, the encoded data,
986     //  and cbEnclodeBlob, the length of the encoded data,
987     //  must be available.
988     if CryptMsgUpdate(hMsg,        // Handle to the message
989                         pBlob,     // Pointer to the encoded blob
990                         BlobSize,              // Size of the encoded blob
991                         True)                      // Last call
992     then
993       str := 'The encoded blob has been added to the message.'
994     else
995     begin
996       lastErr := GetLastError;
997       Str := IntToStr(lastErr)+' - '+SysErrorMessage(lastErr);
998       RaiseErr('Decode MsgUpdate failed - '+Str);
999     end;
1000  //We will try and verify the signature here.
1001  //new part
1002     //---------------
1003     // Get the number of bytes needed for a buffer
1004     // to hold the Decoded message.
1005    if CryptMsgGetParam(hMsg,                 //Handle to msg
1006                         CMSG_CONTENT_PARAM,   //Param type
1007                         0,                    //Index
1008                         nil,
1009                         @cbDecoded)
1010    then
1011      Str := 'The message param has been acquired'
1012    else
1013    begin
1014      lastErr := GetLastError;
1015      Str := IntToStr(lastErr)+' - '+SysErrorMessage(lastErr);
1016      TrackingMsg.Add('Decode CMSG_CONTENT_PARAM failed - '+Str);
1017      RaiseErr('Decode CMSG_CONTENT_PARAM failed');
1018      exit;
1019    end;
1020     // Allocate memory
1021    SetLength(pbDecoded, cbDecoded);
1022     //Copy the content to the buffer
1023     if CryptMsgGetParam(hMsg,                 //Handle to msg
1024                         CMSG_CONTENT_PARAM,   //Param type
1025                         0,                    //Index
1026                         pbDecoded,            //Address for return data
1027                         @cbDecoded)           //Size of return data
1028                    Then
1029       Str := 'The message param has been acquired'
1030     else
1031     begin
1032       lastErr := GetLastError;
1033       Str := IntToStr(lastErr)+' - '+SysErrorMessage(lastErr);
1034       TrackingMsg.Add('Decode CMSG_CONTENT_PARAM failed - '+Str);
1035       RaiseErr('Decode CMSG_CONTENT_PARAM failed');
1036       exit;
1037     end;
1038     //Verify the signature
1039     //First, Get the signer CERT_INFO from the message
1040     //------
1041     //Get the size needed
1042     if CryptMsgGetParam( hMsg,      //Msg Handle
1043                          CMSG_SIGNER_CERT_INFO_PARAM,   //Param Type
1044                          0,         //Index
1045                          nil,
1046                          @cbSignerCertInfo)  //Size of return data
1047     then
1048       Str:=IntToStr(cbSignerCertInfo) + ' bytes needed'
1049     else
1050     begin
1051       lastErr := GetLastError;
1052       Str := IntToStr(lastErr)+' - '+SysErrorMessage(lastErr);
1053       TrackingMsg.Add('Verify SIGNER_CERT #1 failed - '+Str);
1054       RaiseErr('Verify SIGNER_CERT #1 failed');
1055       exit;
1056     end;
1057     //Allocate Memory
1058     SetLength(CertInfoBlob,cbSignerCertInfo);
1059     //Get the signer CERT_INFO
1060     if CryptMsgGetParam( hMsg,      //Msg Handle
1061                          CMSG_SIGNER_CERT_INFO_PARAM,   //Param Type
1062                          0,         //Index
1063                          Pointer(CertInfoBlob),
1064                          @cbSignerCertInfo)  //Size of return data
1065     then
1066       Str:='CertInfoBlob acquired'
1067     else
1068     begin
1069       lastErr := GetLastError;
1070       Str := IntToStr(lastErr)+' - '+SysErrorMessage(lastErr);
1071       TrackingMsg.Add('Verify SIGNER_CERT #2 failed - '+Str);
1072       RaiseErr('Verify SIGNER_CERT #2 failed');
1073       exit;
1074     end;
1075     //------------
1076     //Open a certificate store in memory using CERT_STORE_PROV_MSG
1077     //which initializes it with the certificates from the MSG
1078     hCertStore := CertOpenStore( CERT_STORE_PROV_MSG,     //Store prov type
1079                                  c_ENCODING_TYPE,
1080                                  0,                       //Cryptographic provider
1081                                                           // use nil for default
1082                                  0,                       //Flags
1083                                  hMsg);
1084     if hCertStore = 0 then
1085     begin
1086       lastErr := GetLastError;
1087       Str := IntToStr(lastErr)+' - '+SysErrorMessage(lastErr);
1088       TrackingMsg.Add('Open Store failed - '+Str);
1089       RaiseErr('Open Store failed');
1090       exit;
1091     end;
1092     //--------------
1093     //Find the signer's cert in the store
1094     pCertContext :=
1095       CertGetSubjectCertificateFromStore(hCertStore,
1096                                          c_ENCODING_TYPE,
1097                                          pointer(CertInfoBlob)); // pSignerCertInfo);
1098     if pCertContext = nil then
1099     begin
1100       lastErr := GetLastError;
1101       Str := IntToStr(lastErr)+' - '+SysErrorMessage(lastErr);
1102       TrackingMsg.Add('GetSubjectCert failed - '+Str);
1103       RaiseErr('GetSubjectCert failed');
1104       exit;
1105     end;
1106     //Allocate memory for name
1107     SetLength(NameString, 256);
1108     //Get the Cert Name String
1109     CertGetNameString(pCertContext,
1110                       CERT_NAME_SIMPLE_DISPLAY_TYPE,
1111                       0,
1112                       0,
1113                       pointer(NameString),
1114                       256);
1115     //---------
1116     //Use the CERT_INFO from the signer Cert to Verify
1117     //the signature
1118     if CryptMsgControl( hMsg,             //Handle to msg
1119                         0,                //Flags
1120                         CMSG_CTRL_VERIFY_SIGNATURE,
1121                         pCertContext.pCertInfo)   //Pointer to the CERT_INFO
1122     then
1123       Result := true
1124     else
1125     begin
1126       lasterr := getLastError; // Check last system error
1127       subReason := 'Digital signature verification failed: ' +
1128                  SysErrorMessage(lasterr);
1129     end;
1130    if not IgnoreDates then
1131    begin
1132      //Check that the time is valid
1133      pTime := nil;
1134      i := CertVerifyTimeValidity(
1135            pTime,                // Use time of signing or current time.
1136            pCertContext.pCertinfo);   // Pointer to CERT_INFO.
1137      case i of
1138        -1 : Str := '89802019^Before Cert effective date.';   //Before the not before time
1139        1 : Str :='89802020^Certificate expired.'  ;   //After the not after time
1140        0 : Str := 'DateValid';
1141      end;
1142      if not (CompareStr(Str, 'DateValid') = 0) then
1143        ShowMessage('Certificate not valid: '+Str);
1144    end; // if not IgnoreDates
1145    Release;
1146  end;