dlls/crypt32/crl.c

   1 /*
   2  * Copyright 2006 Juan Lang
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  *
  18  */
  19
  20 #include <assert.h>
  21 #include <stdarg.h>
  22 #include "windef.h"
  23 #include "winbase.h"
  24 #include "wincrypt.h"
  25 #include "wine/debug.h"
  26 #include "crypt32_private.h"
  27
  28 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
  29
  30 PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
  31  const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
  32 {
  33     PCRL_CONTEXT crl = NULL;
  34     BOOL ret;
  35     PCRL_INFO crlInfo = NULL;
  36     DWORD size = 0;
  37
  38     TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCrlEncoded,
  39      cbCrlEncoded);
  40
  41     if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
  42     {
  43         SetLastError(E_INVALIDARG);
  44         return NULL;
  45     }
  46     ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
  47      pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
  48      &crlInfo, &size);
  49     if (ret)
  50     {
  51         BYTE *data = NULL;
  52
  53         crl = Context_CreateDataContext(sizeof(CRL_CONTEXT));
  54         if (!crl)
  55             goto end;
  56         data = CryptMemAlloc(cbCrlEncoded);
  57         if (!data)
  58         {
  59             CryptMemFree(crl);
  60             crl = NULL;
  61             goto end;
  62         }
  63         memcpy(data, pbCrlEncoded, cbCrlEncoded);
  64         crl->dwCertEncodingType = dwCertEncodingType;
  65         crl->pbCrlEncoded       = data;
  66         crl->cbCrlEncoded       = cbCrlEncoded;
  67         crl->pCrlInfo           = crlInfo;
  68         crl->hCertStore         = 0;
  69     }
  70
  71 end:
  72     return crl;
  73 }
  74
  75 BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
  76  DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
  77  DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
  78 {
  79     PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
  80      pbCrlEncoded, cbCrlEncoded);
  81     BOOL ret;
  82
  83     TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
  84      pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
  85
  86     if (crl)
  87     {
  88         ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
  89          ppCrlContext);
  90         CertFreeCRLContext(crl);
  91     }
  92     else
  93         ret = FALSE;
  94     return ret;
  95 }
  96
  97 typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
  98  DWORD dwFlags, const void *pvPara);
  99
 100 static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
 101  DWORD dwFlags, const void *pvPara)
 102 {
 103     return TRUE;
 104 }
 105
 106 static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
 107  DWORD dwFlags, const void *pvPara)
 108 {
 109     BOOL ret;
 110
 111     if (pvPara)
 112     {
 113         PCCERT_CONTEXT issuer = pvPara;
 114
 115         ret = CertCompareCertificateName(issuer->dwCertEncodingType,
 116          &issuer->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
 117     }
 118     else
 119         ret = TRUE;
 120     return ret;
 121 }
 122
 123 static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
 124  DWORD dwFlags, const void *pvPara)
 125 {
 126     BOOL ret;
 127
 128     if (pvPara)
 129     {
 130         PCCRL_CONTEXT crl = pvPara;
 131
 132         ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
 133          &pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
 134     }
 135     else
 136         ret = TRUE;
 137     return ret;
 138 }
 139
 140 PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
 141  DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
 142  const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
 143 {
 144     PCCRL_CONTEXT ret;
 145     CrlCompareFunc compare;
 146
 147     TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore, dwCertEncodingType,
 148          dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
 149
 150     switch (dwFindType)
 151     {
 152     case CRL_FIND_ANY:
 153         compare = compare_crl_any;
 154         break;
 155     case CRL_FIND_ISSUED_BY:
 156         compare = compare_crl_issued_by;
 157         break;
 158     case CRL_FIND_EXISTING:
 159         compare = compare_crl_existing;
 160         break;
 161     default:
 162         FIXME("find type %08x unimplemented\n", dwFindType);
 163         compare = NULL;
 164     }
 165
 166     if (compare)
 167     {
 168         BOOL matches = FALSE;
 169
 170         ret = pPrevCrlContext;
 171         do {
 172             ret = CertEnumCRLsInStore(hCertStore, ret);
 173             if (ret)
 174                 matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
 175         } while (ret != NULL && !matches);
 176         if (!ret)
 177             SetLastError(CRYPT_E_NOT_FOUND);
 178     }
 179     else
 180     {
 181         SetLastError(CRYPT_E_NOT_FOUND);
 182         ret = NULL;
 183     }
 184     return ret;
 185 }
 186
 187 PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
 188  PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
 189 {
 190     static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG |
 191      CERT_STORE_TIME_VALIDITY_FLAG | CERT_STORE_BASE_CRL_FLAG |
 192      CERT_STORE_DELTA_CRL_FLAG;
 193     PCCRL_CONTEXT ret;
 194
 195     TRACE("(%p, %p, %p, %08x)\n", hCertStore, pIssuerContext, pPrevCrlContext,
 196      *pdwFlags);
 197
 198     if (*pdwFlags & ~supportedFlags)
 199     {
 200         SetLastError(E_INVALIDARG);
 201         return NULL;
 202     }
 203     if (pIssuerContext)
 204         ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
 205          0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
 206     else
 207         ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
 208          pPrevCrlContext);
 209     if (ret)
 210     {
 211         if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
 212         {
 213             if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
 214                 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
 215         }
 216         if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
 217         {
 218             if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
 219              CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
 220              CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
 221              NULL))
 222                 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
 223         }
 224     }
 225     return ret;
 226 }
 227
 228 PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
 229 {
 230     TRACE("(%p)\n", pCrlContext);
 231     Context_AddRef((void *)pCrlContext, sizeof(CRL_CONTEXT));
 232     return pCrlContext;
 233 }
 234
 235 static void CrlDataContext_Free(void *context)
 236 {
 237     PCRL_CONTEXT crlContext = context;
 238
 239     CryptMemFree(crlContext->pbCrlEncoded);
 240     LocalFree(crlContext->pCrlInfo);
 241 }
 242
 243 BOOL WINAPI CertFreeCRLContext( PCCRL_CONTEXT pCrlContext)
 244 {
 245     TRACE("(%p)\n", pCrlContext);
 246
 247     if (pCrlContext)
 248         Context_Release((void *)pCrlContext, sizeof(CRL_CONTEXT),
 249          CrlDataContext_Free);
 250     return TRUE;
 251 }
 252
 253 DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
 254  DWORD dwPropId)
 255 {
 256     PCONTEXT_PROPERTY_LIST properties = Context_GetProperties(
 257      pCRLContext, sizeof(CRL_CONTEXT));
 258     DWORD ret;
 259
 260     TRACE("(%p, %d)\n", pCRLContext, dwPropId);
 261
 262     if (properties)
 263         ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
 264     else
 265         ret = 0;
 266     return ret;
 267 }
 268
 269 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
 270                                    DWORD dwFlags, const void *pvData);
 271
 272 static BOOL CRLContext_GetHashProp(PCCRL_CONTEXT context, DWORD dwPropId,
 273  ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
 274  DWORD *pcbData)
 275 {
 276     BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
 277      pcbData);
 278     if (ret && pvData)
 279     {
 280         CRYPT_DATA_BLOB blob = { *pcbData, pvData };
 281
 282         ret = CRLContext_SetProperty(context, dwPropId, 0, &blob);
 283     }
 284     return ret;
 285 }
 286
 287 static BOOL CRLContext_GetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
 288                                    void *pvData, DWORD *pcbData)
 289 {
 290     PCONTEXT_PROPERTY_LIST properties =
 291      Context_GetProperties(context, sizeof(CRL_CONTEXT));
 292     BOOL ret;
 293     CRYPT_DATA_BLOB blob;
 294
 295     TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
 296
 297     if (properties)
 298         ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
 299     else
 300         ret = FALSE;
 301     if (ret)
 302     {
 303         if (!pvData)
 304             *pcbData = blob.cbData;
 305         else if (*pcbData < blob.cbData)
 306         {
 307             SetLastError(ERROR_MORE_DATA);
 308             *pcbData = blob.cbData;
 309             ret = FALSE;
 310         }
 311         else
 312         {
 313             memcpy(pvData, blob.pbData, blob.cbData);
 314             *pcbData = blob.cbData;
 315         }
 316     }
 317     else
 318     {
 319         /* Implicit properties */
 320         switch (dwPropId)
 321         {
 322         case CERT_SHA1_HASH_PROP_ID:
 323             ret = CRLContext_GetHashProp(context, dwPropId, CALG_SHA1,
 324                                          context->pbCrlEncoded, context->cbCrlEncoded, pvData,
 325              pcbData);
 326             break;
 327         case CERT_MD5_HASH_PROP_ID:
 328             ret = CRLContext_GetHashProp(context, dwPropId, CALG_MD5,
 329                                          context->pbCrlEncoded, context->cbCrlEncoded, pvData,
 330              pcbData);
 331             break;
 332         default:
 333             SetLastError(CRYPT_E_NOT_FOUND);
 334         }
 335     }
 336     TRACE("returning %d\n", ret);
 337     return ret;
 338 }
 339
 340 BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
 341  DWORD dwPropId, void *pvData, DWORD *pcbData)
 342 {
 343     BOOL ret;
 344
 345     TRACE("(%p, %d, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
 346
 347     switch (dwPropId)
 348     {
 349     case 0:
 350     case CERT_CERT_PROP_ID:
 351     case CERT_CRL_PROP_ID:
 352     case CERT_CTL_PROP_ID:
 353         SetLastError(E_INVALIDARG);
 354         ret = FALSE;
 355         break;
 356     case CERT_ACCESS_STATE_PROP_ID:
 357         if (!pvData)
 358         {
 359             *pcbData = sizeof(DWORD);
 360             ret = TRUE;
 361         }
 362         else if (*pcbData < sizeof(DWORD))
 363         {
 364             SetLastError(ERROR_MORE_DATA);
 365             *pcbData = sizeof(DWORD);
 366             ret = FALSE;
 367         }
 368         else
 369         {
 370             if (pCRLContext->hCertStore)
 371                 ret = CertGetStoreProperty(pCRLContext->hCertStore, dwPropId,
 372                  pvData, pcbData);
 373             else
 374                 *(DWORD *)pvData = 0;
 375             ret = TRUE;
 376         }
 377         break;
 378     default:
 379         ret = CRLContext_GetProperty(pCRLContext, dwPropId, pvData,
 380          pcbData);
 381     }
 382     return ret;
 383 }
 384
 385 static BOOL CRLContext_SetProperty(PCCRL_CONTEXT context, DWORD dwPropId,
 386  DWORD dwFlags, const void *pvData)
 387 {
 388     PCONTEXT_PROPERTY_LIST properties =
 389      Context_GetProperties(context, sizeof(CRL_CONTEXT));
 390     BOOL ret;
 391
 392     TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
 393
 394     if (!properties)
 395         ret = FALSE;
 396     else if (!pvData)
 397     {
 398         ContextPropertyList_RemoveProperty(properties, dwPropId);
 399         ret = TRUE;
 400     }
 401     else
 402     {
 403         switch (dwPropId)
 404         {
 405         case CERT_AUTO_ENROLL_PROP_ID:
 406         case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
 407         case CERT_DESCRIPTION_PROP_ID:
 408         case CERT_FRIENDLY_NAME_PROP_ID:
 409         case CERT_HASH_PROP_ID:
 410         case CERT_KEY_IDENTIFIER_PROP_ID:
 411         case CERT_MD5_HASH_PROP_ID:
 412         case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
 413         case CERT_PUBKEY_ALG_PARA_PROP_ID:
 414         case CERT_PVK_FILE_PROP_ID:
 415         case CERT_SIGNATURE_HASH_PROP_ID:
 416         case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
 417         case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
 418         case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
 419         case CERT_ENROLLMENT_PROP_ID:
 420         case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
 421         case CERT_RENEWAL_PROP_ID:
 422         {
 423             PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
 424
 425             ret = ContextPropertyList_SetProperty(properties, dwPropId,
 426              blob->pbData, blob->cbData);
 427             break;
 428         }
 429         case CERT_DATE_STAMP_PROP_ID:
 430             ret = ContextPropertyList_SetProperty(properties, dwPropId,
 431              pvData, sizeof(FILETIME));
 432             break;
 433         default:
 434             FIXME("%d: stub\n", dwPropId);
 435             ret = FALSE;
 436         }
 437     }
 438     TRACE("returning %d\n", ret);
 439     return ret;
 440 }
 441
 442 BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
 443  DWORD dwPropId, DWORD dwFlags, const void *pvData)
 444 {
 445     BOOL ret;
 446
 447     TRACE("(%p, %d, %08x, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
 448
 449     /* Handle special cases for "read-only"/invalid prop IDs.  Windows just
 450      * crashes on most of these, I'll be safer.
 451      */
 452     switch (dwPropId)
 453     {
 454     case 0:
 455     case CERT_ACCESS_STATE_PROP_ID:
 456     case CERT_CERT_PROP_ID:
 457     case CERT_CRL_PROP_ID:
 458     case CERT_CTL_PROP_ID:
 459         SetLastError(E_INVALIDARG);
 460         return FALSE;
 461     }
 462     ret = CRLContext_SetProperty(pCRLContext, dwPropId, dwFlags, pvData);
 463     TRACE("returning %d\n", ret);
 464     return ret;
 465 }
 466
 467 BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
 468  PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
 469 {
 470     TRACE("(%p, %p, %08x, %p)\n", pCert, pCrl, dwFlags, pvReserved);
 471     return TRUE;
 472 }
 473
 474 static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl)
 475 {
 476     DWORD i;
 477     PCRL_ENTRY entry = NULL;
 478
 479     for (i = 0; !entry && i < crl->cCRLEntry; i++)
 480         if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
 481          &cert->SerialNumber))
 482             entry = &crl->rgCRLEntry[i];
 483     return entry;
 484 }
 485
 486 BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
 487  PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
 488  PCRL_ENTRY *ppCrlEntry)
 489 {
 490     TRACE("(%p, %p, %08x, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
 491      ppCrlEntry);
 492
 493     *ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
 494      pCrlContext->pCrlInfo);
 495     return TRUE;
 496 }
 497
 498 BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
 499  PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
 500 {
 501     DWORD i;
 502     PCRL_ENTRY entry = NULL;
 503
 504     TRACE("(%08x, %p, %d, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
 505      rgpCrlInfo);
 506
 507     for (i = 0; !entry && i < cCrlInfo; i++)
 508         entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
 509     return entry == NULL;
 510 }
 511
 512 LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
 513  PCRL_INFO pCrlInfo)
 514 {
 515     FILETIME fileTime;
 516     LONG ret;
 517
 518     if (!pTimeToVerify)
 519     {
 520         GetSystemTimeAsFileTime(&fileTime);
 521         pTimeToVerify = &fileTime;
 522     }
 523     if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
 524     {
 525         ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
 526         if (ret < 0)
 527             ret = 0;
 528     }
 529     return ret;
 530 }