search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
crypt32: Add stubs for CryptFindOIDInfo and I_CryptInstallAsn1Module.
[wine/dcerpc.git] / dlls / crypt32 / cert.c
blob1b38c4046adec837ab818b160a1158ca6663df0e
1 /*
2 * Copyright 2004-2006 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 *
18 */
19
20 #include <assert.h>
21 #include <stdarg.h>
22 #include "windef.h"
23 #include "winbase.h"
24 #include "wincrypt.h"
25 #include "wine/debug.h"
26 #include "crypt32_private.h"
27
28 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
29
30 PCRYPT_ATTRIBUTE WINAPI CertFindAttribute(LPCSTR pszObjId, DWORD cAttr,
31 CRYPT_ATTRIBUTE rgAttr[])
32 {
33 PCRYPT_ATTRIBUTE ret = NULL;
34 DWORD i;
35
36 TRACE("%s %ld %p\n", debugstr_a(pszObjId), cAttr, rgAttr);
37
38 if (!cAttr)
39 return NULL;
40 if (!pszObjId)
41 {
42 SetLastError(ERROR_INVALID_PARAMETER);
43 return NULL;
44 }
45
46 for (i = 0; !ret && i < cAttr; i++)
47 if (rgAttr[i].pszObjId && !strcmp(pszObjId, rgAttr[i].pszObjId))
48 ret = &rgAttr[i];
49 return ret;
50 }
51
52 PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions,
53 CERT_EXTENSION rgExtensions[])
54 {
55 PCERT_EXTENSION ret = NULL;
56 DWORD i;
57
58 TRACE("%s %ld %p\n", debugstr_a(pszObjId), cExtensions, rgExtensions);
59
60 if (!cExtensions)
61 return NULL;
62 if (!pszObjId)
63 {
64 SetLastError(ERROR_INVALID_PARAMETER);
65 return NULL;
66 }
67
68 for (i = 0; !ret && i < cExtensions; i++)
69 if (rgExtensions[i].pszObjId && !strcmp(pszObjId,
70 rgExtensions[i].pszObjId))
71 ret = &rgExtensions[i];
72 return ret;
73 }
74
75 PCERT_RDN_ATTR WINAPI CertFindRDNAttr(LPCSTR pszObjId, PCERT_NAME_INFO pName)
76 {
77 PCERT_RDN_ATTR ret = NULL;
78 DWORD i, j;
79
80 TRACE("%s %p\n", debugstr_a(pszObjId), pName);
81
82 if (!pszObjId)
83 {
84 SetLastError(ERROR_INVALID_PARAMETER);
85 return NULL;
86 }
87
88 for (i = 0; !ret && i < pName->cRDN; i++)
89 for (j = 0; !ret && j < pName->rgRDN[i].cRDNAttr; j++)
90 if (pName->rgRDN[i].rgRDNAttr[j].pszObjId && !strcmp(pszObjId,
91 pName->rgRDN[i].rgRDNAttr[j].pszObjId))
92 ret = &pName->rgRDN[i].rgRDNAttr[j];
93 return ret;
94 }
95
96 LONG WINAPI CertVerifyTimeValidity(LPFILETIME pTimeToVerify,
97 PCERT_INFO pCertInfo)
98 {
99 FILETIME fileTime;
100 LONG ret;
101
102 if (!pTimeToVerify)
103 {
104 SYSTEMTIME sysTime;
105
106 GetSystemTime(&sysTime);
107 SystemTimeToFileTime(&sysTime, &fileTime);
108 pTimeToVerify = &fileTime;
109 }
110 if ((ret = CompareFileTime(pTimeToVerify, &pCertInfo->NotBefore)) >= 0)
111 {
112 ret = CompareFileTime(pTimeToVerify, &pCertInfo->NotAfter);
113 if (ret < 0)
114 ret = 0;
115 }
116 return ret;
117 }
118
119 BOOL WINAPI CryptHashCertificate(HCRYPTPROV hCryptProv, ALG_ID Algid,
120 DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash,
121 DWORD *pcbComputedHash)
122 {
123 BOOL ret = TRUE;
124 HCRYPTHASH hHash = 0;
125
126 TRACE("(%ld, %d, %08lx, %p, %ld, %p, %p)\n", hCryptProv, Algid, dwFlags,
127 pbEncoded, cbEncoded, pbComputedHash, pcbComputedHash);
128
129 if (!hCryptProv)
130 hCryptProv = CRYPT_GetDefaultProvider();
131 if (!Algid)
132 Algid = CALG_SHA1;
133 if (ret)
134 {
135 ret = CryptCreateHash(hCryptProv, Algid, 0, 0, &hHash);
136 if (ret)
137 {
138 ret = CryptHashData(hHash, pbEncoded, cbEncoded, 0);
139 if (ret)
140 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
141 pcbComputedHash, 0);
142 CryptDestroyHash(hHash);
143 }
144 }
145 return ret;
146 }
147
148 BOOL WINAPI CryptSignCertificate(HCRYPTPROV hCryptProv, DWORD dwKeySpec,
149 DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned,
150 DWORD cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
151 const void *pvHashAuxInfo, BYTE *pbSignature, DWORD *pcbSignature)
152 {
153 BOOL ret;
154 ALG_ID algID;
155 HCRYPTHASH hHash;
156
157 TRACE("(%08lx, %ld, %ld, %p, %ld, %p, %p, %p, %p)\n", hCryptProv,
158 dwKeySpec, dwCertEncodingType, pbEncodedToBeSigned, cbEncodedToBeSigned,
159 pSignatureAlgorithm, pvHashAuxInfo, pbSignature, pcbSignature);
160
161 algID = CertOIDToAlgId(pSignatureAlgorithm->pszObjId);
162 if (!algID)
163 {
164 SetLastError(NTE_BAD_ALGID);
165 return FALSE;
166 }
167 if (!hCryptProv)
168 {
169 SetLastError(ERROR_INVALID_PARAMETER);
170 return FALSE;
171 }
172
173 ret = CryptCreateHash(hCryptProv, algID, 0, 0, &hHash);
174 if (ret)
175 {
176 ret = CryptHashData(hHash, pbEncodedToBeSigned, cbEncodedToBeSigned, 0);
177 if (ret)
178 ret = CryptSignHashW(hHash, dwKeySpec, NULL, 0, pbSignature,
179 pcbSignature);
180 CryptDestroyHash(hHash);
181 }
182 return ret;
183 }
184
185 BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV hCryptProv,
186 DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
187 PCERT_PUBLIC_KEY_INFO pPublicKey)
188 {
189 return CryptVerifyCertificateSignatureEx(hCryptProv, dwCertEncodingType,
190 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, (void *)pbEncoded,
191 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL);
192 }
193
194 BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV hCryptProv,
195 DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
196 DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
197 {
198 BOOL ret = TRUE;
199 CRYPT_DATA_BLOB subjectBlob;
200
201 TRACE("(%08lx, %ld, %ld, %p, %ld, %p, %08lx, %p)\n", hCryptProv,
202 dwCertEncodingType, dwSubjectType, pvSubject, dwIssuerType, pvIssuer,
203 dwFlags, pvReserved);
204
205 switch (dwSubjectType)
206 {
207 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB:
208 {
209 PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvSubject;
210
211 subjectBlob.pbData = blob->pbData;
212 subjectBlob.cbData = blob->cbData;
213 break;
214 }
215 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT:
216 {
217 PCERT_CONTEXT context = (PCERT_CONTEXT)pvSubject;
218
219 subjectBlob.pbData = context->pbCertEncoded;
220 subjectBlob.cbData = context->cbCertEncoded;
221 break;
222 }
223 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL:
224 {
225 PCRL_CONTEXT context = (PCRL_CONTEXT)pvSubject;
226
227 subjectBlob.pbData = context->pbCrlEncoded;
228 subjectBlob.cbData = context->cbCrlEncoded;
229 break;
230 }
231 default:
232 SetLastError(HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER));
233 ret = FALSE;
234 }
235
236 if (ret)
237 {
238 PCERT_SIGNED_CONTENT_INFO signedCert = NULL;
239 DWORD size = 0;
240
241 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT,
242 subjectBlob.pbData, subjectBlob.cbData,
243 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
244 (BYTE *)&signedCert, &size);
245 if (ret)
246 {
247 switch (dwIssuerType)
248 {
249 case CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY:
250 {
251 PCERT_PUBLIC_KEY_INFO pubKeyInfo =
252 (PCERT_PUBLIC_KEY_INFO)pvIssuer;
253 ALG_ID algID = CertOIDToAlgId(pubKeyInfo->Algorithm.pszObjId);
254
255 if (algID)
256 {
257 HCRYPTKEY key;
258
259 ret = CryptImportPublicKeyInfoEx(hCryptProv,
260 dwCertEncodingType, pubKeyInfo, algID, 0, NULL, &key);
261 if (ret)
262 {
263 HCRYPTHASH hash;
264
265 ret = CryptCreateHash(hCryptProv, algID, 0, 0, &hash);
266 if (ret)
267 {
268 ret = CryptHashData(hash,
269 signedCert->ToBeSigned.pbData,
270 signedCert->ToBeSigned.cbData, 0);
271 if (ret)
272 {
273 ret = CryptVerifySignatureW(hash,
274 signedCert->Signature.pbData,
275 signedCert->Signature.cbData, key, NULL, 0);
276 }
277 CryptDestroyHash(hash);
278 }
279 CryptDestroyKey(key);
280 }
281 }
282 else
283 {
284 SetLastError(NTE_BAD_ALGID);
285 ret = FALSE;
286 }
287 break;
288 }
289 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT:
290 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN:
291 FIXME("issuer type %ld: stub\n", dwIssuerType);
292 ret = FALSE;
293 break;
294 case CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL:
295 if (pvIssuer)
296 {
297 SetLastError(HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER));
298 ret = FALSE;
299 }
300 else
301 {
302 FIXME("unimplemented for NULL signer\n");
303 SetLastError(HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER));
304 ret = FALSE;
305 }
306 break;
307 default:
308 SetLastError(HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER));
309 ret = FALSE;
310 }
311 LocalFree(signedCert);
312 }
313 }
314 return ret;
315 }
316
317 BOOL WINAPI CertGetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext, DWORD dwFlags,
318 PCERT_ENHKEY_USAGE pUsage, DWORD *pcbUsage)
319 {
320 PCERT_ENHKEY_USAGE usage = NULL;
321 DWORD bytesNeeded;
322 BOOL ret = TRUE;
323
324 TRACE("(%p, %08lx, %p, %ld)\n", pCertContext, dwFlags, pUsage, *pcbUsage);
325
326 if (!pCertContext || !pcbUsage)
327 {
328 SetLastError(ERROR_INVALID_PARAMETER);
329 return FALSE;
330 }
331
332 if (!(dwFlags & CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG))
333 {
334 DWORD propSize = 0;
335
336 if (CertGetCertificateContextProperty(pCertContext,
337 CERT_ENHKEY_USAGE_PROP_ID, NULL, &propSize))
338 {
339 LPBYTE buf = CryptMemAlloc(propSize);
340
341 if (buf)
342 {
343 if (CertGetCertificateContextProperty(pCertContext,
344 CERT_ENHKEY_USAGE_PROP_ID, buf, &propSize))
345 {
346 ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
347 X509_ENHANCED_KEY_USAGE, buf, propSize,
348 CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
349 }
350 CryptMemFree(buf);
351 }
352 }
353 }
354 if (!usage && !(dwFlags & CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG))
355 {
356 PCERT_EXTENSION ext = CertFindExtension(szOID_ENHANCED_KEY_USAGE,
357 pCertContext->pCertInfo->cExtension,
358 pCertContext->pCertInfo->rgExtension);
359
360 if (ext)
361 {
362 ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
363 X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData,
364 CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
365 }
366 }
367 if (!usage)
368 {
369 /* If a particular location is specified, this should fail. Otherwise
370 * it should succeed with an empty usage. (This is true on Win2k and
371 * later, which we emulate.)
372 */
373 if (dwFlags)
374 {
375 SetLastError(CRYPT_E_NOT_FOUND);
376 ret = FALSE;
377 }
378 else
379 bytesNeeded = sizeof(CERT_ENHKEY_USAGE);
380 }
381
382 if (ret)
383 {
384 if (!pUsage)
385 *pcbUsage = bytesNeeded;
386 else if (*pcbUsage < bytesNeeded)
387 {
388 SetLastError(ERROR_MORE_DATA);
389 *pcbUsage = bytesNeeded;
390 ret = FALSE;
391 }
392 else
393 {
394 *pcbUsage = bytesNeeded;
395 if (usage)
396 {
397 DWORD i;
398 LPSTR nextOID = (LPSTR)((LPBYTE)pUsage +
399 sizeof(CERT_ENHKEY_USAGE) +
400 usage->cUsageIdentifier * sizeof(LPSTR));
401
402 pUsage->cUsageIdentifier = usage->cUsageIdentifier;
403 pUsage->rgpszUsageIdentifier = (LPSTR *)((LPBYTE)pUsage +
404 sizeof(CERT_ENHKEY_USAGE));
405 for (i = 0; i < usage->cUsageIdentifier; i++)
406 {
407 pUsage->rgpszUsageIdentifier[i] = nextOID;
408 strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
409 nextOID += strlen(nextOID) + 1;
410 }
411 }
412 else
413 pUsage->cUsageIdentifier = 0;
414 }
415 }
416 if (usage)
417 LocalFree(usage);
418 TRACE("returning %d\n", ret);
419 return ret;
420 }
421
422 BOOL WINAPI CertSetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext,
423 PCERT_ENHKEY_USAGE pUsage)
424 {
425 BOOL ret;
426
427 TRACE("(%p, %p)\n", pCertContext, pUsage);
428
429 if (pUsage)
430 {
431 CRYPT_DATA_BLOB blob = { 0, NULL };
432
433 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE,
434 pUsage, CRYPT_ENCODE_ALLOC_FLAG, NULL, &blob.pbData, &blob.cbData);
435 if (ret)
436 {
437 ret = CertSetCertificateContextProperty(pCertContext,
438 CERT_ENHKEY_USAGE_PROP_ID, 0, &blob);
439 LocalFree(blob.pbData);
440 }
441 }
442 else
443 ret = CertSetCertificateContextProperty(pCertContext,
444 CERT_ENHKEY_USAGE_PROP_ID, 0, NULL);
445 return ret;
446 }
447
448 BOOL WINAPI CertAddEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext,
449 LPCSTR pszUsageIdentifier)
450 {
451 BOOL ret;
452 DWORD size;
453
454 TRACE("(%p, %s)\n", pCertContext, debugstr_a(pszUsageIdentifier));
455
456 if (CertGetEnhancedKeyUsage(pCertContext,
457 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, NULL, &size))
458 {
459 PCERT_ENHKEY_USAGE usage = CryptMemAlloc(size);
460
461 if (usage)
462 {
463 ret = CertGetEnhancedKeyUsage(pCertContext,
464 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, usage, &size);
465 if (ret)
466 {
467 PCERT_ENHKEY_USAGE newUsage = CryptMemAlloc(size +
468 sizeof(LPSTR) + strlen(pszUsageIdentifier) + 1);
469
470 if (newUsage)
471 {
472 LPSTR nextOID;
473 DWORD i;
474
475 newUsage->rgpszUsageIdentifier =
476 (LPSTR *)((LPBYTE)newUsage + sizeof(CERT_ENHKEY_USAGE));
477 nextOID = (LPSTR)((LPBYTE)newUsage->rgpszUsageIdentifier +
478 (usage->cUsageIdentifier + 1) * sizeof(LPSTR));
479 for (i = 0; i < usage->cUsageIdentifier; i++)
480 {
481 newUsage->rgpszUsageIdentifier[i] = nextOID;
482 strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
483 nextOID += strlen(nextOID) + 1;
484 }
485 newUsage->rgpszUsageIdentifier[i] = nextOID;
486 strcpy(nextOID, pszUsageIdentifier);
487 newUsage->cUsageIdentifier = i + 1;
488 ret = CertSetEnhancedKeyUsage(pCertContext, newUsage);
489 CryptMemFree(newUsage);
490 }
491 }
492 CryptMemFree(usage);
493 }
494 else
495 ret = FALSE;
496 }
497 else
498 {
499 PCERT_ENHKEY_USAGE usage = CryptMemAlloc(sizeof(CERT_ENHKEY_USAGE) +
500 sizeof(LPSTR) + strlen(pszUsageIdentifier) + 1);
501
502 if (usage)
503 {
504 usage->rgpszUsageIdentifier =
505 (LPSTR *)((LPBYTE)usage + sizeof(CERT_ENHKEY_USAGE));
506 usage->rgpszUsageIdentifier[0] = (LPSTR)((LPBYTE)usage +
507 sizeof(CERT_ENHKEY_USAGE) + sizeof(LPSTR));
508 strcpy(usage->rgpszUsageIdentifier[0], pszUsageIdentifier);
509 usage->cUsageIdentifier = 1;
510 ret = CertSetEnhancedKeyUsage(pCertContext, usage);
511 CryptMemFree(usage);
512 }
513 else
514 ret = FALSE;
515 }
516 return ret;
517 }
518
519 BOOL WINAPI CertRemoveEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext,
520 LPCSTR pszUsageIdentifier)
521 {
522 BOOL ret;
523 DWORD size;
524 CERT_ENHKEY_USAGE usage;
525
526 TRACE("(%p, %s)\n", pCertContext, debugstr_a(pszUsageIdentifier));
527
528 size = sizeof(usage);
529 ret = CertGetEnhancedKeyUsage(pCertContext,
530 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, &usage, &size);
531 if (!ret && GetLastError() == ERROR_MORE_DATA)
532 {
533 PCERT_ENHKEY_USAGE pUsage = CryptMemAlloc(size);
534
535 if (pUsage)
536 {
537 ret = CertGetEnhancedKeyUsage(pCertContext,
538 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
539 if (ret)
540 {
541 if (pUsage->cUsageIdentifier)
542 {
543 DWORD i;
544 BOOL found = FALSE;
545
546 for (i = 0; i < pUsage->cUsageIdentifier; i++)
547 {
548 if (!strcmp(pUsage->rgpszUsageIdentifier[i],
549 pszUsageIdentifier))
550 found = TRUE;
551 if (found && i < pUsage->cUsageIdentifier - 1)
552 pUsage->rgpszUsageIdentifier[i] =
553 pUsage->rgpszUsageIdentifier[i + 1];
554 }
555 pUsage->cUsageIdentifier--;
556 /* Remove the usage if it's empty */
557 if (pUsage->cUsageIdentifier)
558 ret = CertSetEnhancedKeyUsage(pCertContext, pUsage);
559 else
560 ret = CertSetEnhancedKeyUsage(pCertContext, NULL);
561 }
562 }
563 CryptMemFree(pUsage);
564 }
565 else
566 ret = FALSE;
567 }
568 else
569 {
570 /* it fit in an empty usage, therefore there's nothing to remove */
571 ret = TRUE;
572 }
573 return ret;
574 }
widl and rpcrt4 development