2 * Copyright 2004-2006 Juan Lang
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 #define NONAMELESSUNION
29 #include "wine/debug.h"
30 #include "crypt32_private.h"
32 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
34 /* Internal version of CertGetCertificateContextProperty that gets properties
35 * directly from the context (or the context it's linked to, depending on its
36 * type.) Doesn't handle special-case properties, since they are handled by
37 * CertGetCertificateContextProperty, and are particular to the store in which
38 * the property exists (which is separate from the context.)
40 static BOOL WINAPI CertContext_GetProperty(void *context, DWORD dwPropId,
41 void *pvData, DWORD *pcbData);
43 /* Internal version of CertSetCertificateContextProperty that sets properties
44 * directly on the context (or the context it's linked to, depending on its
45 * type.) Doesn't handle special cases, since they're handled by
46 * CertSetCertificateContextProperty anyway.
48 static BOOL WINAPI CertContext_SetProperty(void *context, DWORD dwPropId,
49 DWORD dwFlags, const void *pvData);
51 BOOL WINAPI CertAddEncodedCertificateToStore(HCERTSTORE hCertStore,
52 DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded,
53 DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext)
55 PCCERT_CONTEXT cert = CertCreateCertificateContext(dwCertEncodingType,
56 pbCertEncoded, cbCertEncoded);
59 TRACE("(%p, %08x, %p, %d, %08x, %p)\n", hCertStore, dwCertEncodingType,
60 pbCertEncoded, cbCertEncoded, dwAddDisposition, ppCertContext);
64 ret = CertAddCertificateContextToStore(hCertStore, cert,
65 dwAddDisposition, ppCertContext);
66 CertFreeCertificateContext(cert);
73 PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD dwCertEncodingType,
74 const BYTE *pbCertEncoded, DWORD cbCertEncoded)
76 PCERT_CONTEXT cert = NULL;
78 PCERT_INFO certInfo = NULL;
81 TRACE("(%08x, %p, %d)\n", dwCertEncodingType, pbCertEncoded,
84 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_TO_BE_SIGNED,
85 pbCertEncoded, cbCertEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
86 (BYTE *)&certInfo, &size);
91 cert = (PCERT_CONTEXT)Context_CreateDataContext(sizeof(CERT_CONTEXT));
94 data = CryptMemAlloc(cbCertEncoded);
101 memcpy(data, pbCertEncoded, cbCertEncoded);
102 cert->dwCertEncodingType = dwCertEncodingType;
103 cert->pbCertEncoded = data;
104 cert->cbCertEncoded = cbCertEncoded;
105 cert->pCertInfo = certInfo;
106 cert->hCertStore = 0;
110 return (PCCERT_CONTEXT)cert;
113 PCCERT_CONTEXT WINAPI CertDuplicateCertificateContext(
114 PCCERT_CONTEXT pCertContext)
116 TRACE("(%p)\n", pCertContext);
117 Context_AddRef((void *)pCertContext, sizeof(CERT_CONTEXT));
121 static void CertDataContext_Free(void *context)
123 PCERT_CONTEXT certContext = (PCERT_CONTEXT)context;
125 CryptMemFree(certContext->pbCertEncoded);
126 LocalFree(certContext->pCertInfo);
129 BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
131 TRACE("(%p)\n", pCertContext);
134 Context_Release((void *)pCertContext, sizeof(CERT_CONTEXT),
135 CertDataContext_Free);
139 DWORD WINAPI CertEnumCertificateContextProperties(PCCERT_CONTEXT pCertContext,
142 PCONTEXT_PROPERTY_LIST properties = Context_GetProperties(
143 (void *)pCertContext, sizeof(CERT_CONTEXT));
146 TRACE("(%p, %d)\n", pCertContext, dwPropId);
149 ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
155 static BOOL CertContext_GetHashProp(void *context, DWORD dwPropId,
156 ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
159 BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
163 CRYPT_DATA_BLOB blob = { *pcbData, pvData };
165 ret = CertContext_SetProperty(context, dwPropId, 0, &blob);
170 static BOOL WINAPI CertContext_GetProperty(void *context, DWORD dwPropId,
171 void *pvData, DWORD *pcbData)
173 PCCERT_CONTEXT pCertContext = (PCCERT_CONTEXT)context;
174 PCONTEXT_PROPERTY_LIST properties =
175 Context_GetProperties(context, sizeof(CERT_CONTEXT));
177 CRYPT_DATA_BLOB blob;
179 TRACE("(%p, %d, %p, %p)\n", context, dwPropId, pvData, pcbData);
182 ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
189 *pcbData = blob.cbData;
192 else if (*pcbData < blob.cbData)
194 SetLastError(ERROR_MORE_DATA);
195 *pcbData = blob.cbData;
199 memcpy(pvData, blob.pbData, blob.cbData);
200 *pcbData = blob.cbData;
206 /* Implicit properties */
209 case CERT_SHA1_HASH_PROP_ID:
210 ret = CertContext_GetHashProp(context, dwPropId, CALG_SHA1,
211 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
214 case CERT_MD5_HASH_PROP_ID:
215 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
216 pCertContext->pbCertEncoded, pCertContext->cbCertEncoded, pvData,
219 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
220 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
221 pCertContext->pCertInfo->Subject.pbData,
222 pCertContext->pCertInfo->Subject.cbData,
225 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
226 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
227 pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData,
228 pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData,
231 case CERT_ISSUER_SERIAL_NUMBER_MD5_HASH_PROP_ID:
232 ret = CertContext_GetHashProp(context, dwPropId, CALG_MD5,
233 pCertContext->pCertInfo->SerialNumber.pbData,
234 pCertContext->pCertInfo->SerialNumber.cbData,
237 case CERT_SIGNATURE_HASH_PROP_ID:
238 FIXME("CERT_SIGNATURE_HASH_PROP_ID unimplemented\n");
239 SetLastError(CRYPT_E_NOT_FOUND);
242 SetLastError(CRYPT_E_NOT_FOUND);
245 TRACE("returning %d\n", ret);
249 void CRYPT_FixKeyProvInfoPointers(PCRYPT_KEY_PROV_INFO info)
251 DWORD i, containerLen, provNameLen;
252 LPBYTE data = (LPBYTE)info + sizeof(CRYPT_KEY_PROV_INFO);
254 info->pwszContainerName = (LPWSTR)data;
255 containerLen = (lstrlenW(info->pwszContainerName) + 1) * sizeof(WCHAR);
256 data += containerLen;
258 info->pwszProvName = (LPWSTR)data;
259 provNameLen = (lstrlenW(info->pwszProvName) + 1) * sizeof(WCHAR);
262 info->rgProvParam = (PCRYPT_KEY_PROV_PARAM)data;
263 data += info->cProvParam * sizeof(CRYPT_KEY_PROV_PARAM);
265 for (i = 0; i < info->cProvParam; i++)
267 info->rgProvParam[i].pbData = data;
268 data += info->rgProvParam[i].cbData;
272 BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext,
273 DWORD dwPropId, void *pvData, DWORD *pcbData)
277 TRACE("(%p, %d, %p, %p)\n", pCertContext, dwPropId, pvData, pcbData);
282 case CERT_CERT_PROP_ID:
283 case CERT_CRL_PROP_ID:
284 case CERT_CTL_PROP_ID:
285 SetLastError(E_INVALIDARG);
288 case CERT_ACCESS_STATE_PROP_ID:
291 *pcbData = sizeof(DWORD);
294 else if (*pcbData < sizeof(DWORD))
296 SetLastError(ERROR_MORE_DATA);
297 *pcbData = sizeof(DWORD);
303 CertStore_GetAccessState(pCertContext->hCertStore);
307 case CERT_KEY_IDENTIFIER_PROP_ID:
308 ret = CertContext_GetProperty((void *)pCertContext, dwPropId,
311 SetLastError(ERROR_INVALID_DATA);
313 case CERT_KEY_PROV_HANDLE_PROP_ID:
315 CERT_KEY_CONTEXT keyContext;
316 DWORD size = sizeof(keyContext);
318 ret = CertContext_GetProperty((void *)pCertContext,
319 CERT_KEY_CONTEXT_PROP_ID, &keyContext, &size);
324 *pcbData = sizeof(HCRYPTPROV);
327 else if (*pcbData < sizeof(HCRYPTPROV))
329 SetLastError(ERROR_MORE_DATA);
330 *pcbData = sizeof(HCRYPTPROV);
335 *(HCRYPTPROV *)pvData = keyContext.hCryptProv;
341 case CERT_KEY_PROV_INFO_PROP_ID:
342 ret = CertContext_GetProperty((void *)pCertContext, dwPropId, pvData,
345 CRYPT_FixKeyProvInfoPointers((PCRYPT_KEY_PROV_INFO)pvData);
348 ret = CertContext_GetProperty((void *)pCertContext, dwPropId, pvData,
352 TRACE("returning %d\n", ret);
356 /* Copies key provider info from from into to, where to is assumed to be a
357 * contiguous buffer of memory large enough for from and all its associated
358 * data, but whose pointers are uninitialized.
359 * Upon return, to contains a contiguous copy of from, packed in the following
361 * - CRYPT_KEY_PROV_INFO
362 * - pwszContainerName
364 * - rgProvParam[0]...
366 static void CRYPT_CopyKeyProvInfo(PCRYPT_KEY_PROV_INFO to,
367 const CRYPT_KEY_PROV_INFO *from)
370 LPBYTE nextData = (LPBYTE)to + sizeof(CRYPT_KEY_PROV_INFO);
372 if (from->pwszContainerName)
374 to->pwszContainerName = (LPWSTR)nextData;
375 lstrcpyW(to->pwszContainerName, from->pwszContainerName);
376 nextData += (lstrlenW(from->pwszContainerName) + 1) * sizeof(WCHAR);
379 to->pwszContainerName = NULL;
380 if (from->pwszProvName)
382 to->pwszProvName = (LPWSTR)nextData;
383 lstrcpyW(to->pwszProvName, from->pwszProvName);
384 nextData += (lstrlenW(from->pwszProvName) + 1) * sizeof(WCHAR);
387 to->pwszProvName = NULL;
388 to->dwProvType = from->dwProvType;
389 to->dwFlags = from->dwFlags;
390 to->cProvParam = from->cProvParam;
391 to->rgProvParam = (PCRYPT_KEY_PROV_PARAM)nextData;
392 nextData += to->cProvParam * sizeof(CRYPT_KEY_PROV_PARAM);
393 to->dwKeySpec = from->dwKeySpec;
394 for (i = 0; i < to->cProvParam; i++)
396 memcpy(&to->rgProvParam[i], &from->rgProvParam[i],
397 sizeof(CRYPT_KEY_PROV_PARAM));
398 to->rgProvParam[i].pbData = nextData;
399 memcpy(to->rgProvParam[i].pbData, from->rgProvParam[i].pbData,
400 from->rgProvParam[i].cbData);
401 nextData += from->rgProvParam[i].cbData;
405 static BOOL CertContext_SetKeyProvInfoProperty(PCONTEXT_PROPERTY_LIST properties,
406 const CRYPT_KEY_PROV_INFO *info)
410 DWORD size = sizeof(CRYPT_KEY_PROV_INFO), i, containerSize, provNameSize;
412 if (info->pwszContainerName)
413 containerSize = (lstrlenW(info->pwszContainerName) + 1) * sizeof(WCHAR);
416 if (info->pwszProvName)
417 provNameSize = (lstrlenW(info->pwszProvName) + 1) * sizeof(WCHAR);
420 size += containerSize + provNameSize;
421 for (i = 0; i < info->cProvParam; i++)
422 size += sizeof(CRYPT_KEY_PROV_PARAM) + info->rgProvParam[i].cbData;
423 buf = CryptMemAlloc(size);
426 CRYPT_CopyKeyProvInfo((PCRYPT_KEY_PROV_INFO)buf, info);
427 ret = ContextPropertyList_SetProperty(properties,
428 CERT_KEY_PROV_INFO_PROP_ID, buf, size);
436 static BOOL WINAPI CertContext_SetProperty(void *context, DWORD dwPropId,
437 DWORD dwFlags, const void *pvData)
439 PCONTEXT_PROPERTY_LIST properties =
440 Context_GetProperties(context, sizeof(CERT_CONTEXT));
443 TRACE("(%p, %d, %08x, %p)\n", context, dwPropId, dwFlags, pvData);
451 case CERT_AUTO_ENROLL_PROP_ID:
452 case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
453 case CERT_DESCRIPTION_PROP_ID:
454 case CERT_FRIENDLY_NAME_PROP_ID:
455 case CERT_HASH_PROP_ID:
456 case CERT_KEY_IDENTIFIER_PROP_ID:
457 case CERT_MD5_HASH_PROP_ID:
458 case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
459 case CERT_PUBKEY_ALG_PARA_PROP_ID:
460 case CERT_PVK_FILE_PROP_ID:
461 case CERT_SIGNATURE_HASH_PROP_ID:
462 case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
463 case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
464 case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
465 case CERT_ENROLLMENT_PROP_ID:
466 case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
467 case CERT_RENEWAL_PROP_ID:
471 const CRYPT_DATA_BLOB *blob = (const CRYPT_DATA_BLOB *)pvData;
473 ret = ContextPropertyList_SetProperty(properties, dwPropId,
474 blob->pbData, blob->cbData);
478 ContextPropertyList_RemoveProperty(properties, dwPropId);
483 case CERT_DATE_STAMP_PROP_ID:
485 ret = ContextPropertyList_SetProperty(properties, dwPropId,
486 (const BYTE *)pvData, sizeof(FILETIME));
489 ContextPropertyList_RemoveProperty(properties, dwPropId);
493 case CERT_KEY_CONTEXT_PROP_ID:
497 const CERT_KEY_CONTEXT *keyContext = (const CERT_KEY_CONTEXT *)pvData;
499 ret = ContextPropertyList_SetProperty(properties, dwPropId,
500 (const BYTE *)keyContext, keyContext->cbSize);
504 ContextPropertyList_RemoveProperty(properties, dwPropId);
509 case CERT_KEY_PROV_INFO_PROP_ID:
511 ret = CertContext_SetKeyProvInfoProperty(properties,
512 (const CRYPT_KEY_PROV_INFO *)pvData);
515 ContextPropertyList_RemoveProperty(properties, dwPropId);
519 case CERT_KEY_PROV_HANDLE_PROP_ID:
521 CERT_KEY_CONTEXT keyContext;
522 DWORD size = sizeof(keyContext);
524 ret = CertContext_GetProperty(context, CERT_KEY_CONTEXT_PROP_ID,
528 if (!(dwFlags & CERT_STORE_NO_CRYPT_RELEASE_FLAG))
529 CryptReleaseContext(keyContext.hCryptProv, 0);
531 keyContext.hCryptProv = *(const HCRYPTPROV *)pvData;
533 keyContext.hCryptProv = 0;
534 ret = CertContext_SetProperty(context, CERT_KEY_CONTEXT_PROP_ID,
540 FIXME("%d: stub\n", dwPropId);
544 TRACE("returning %d\n", ret);
548 BOOL WINAPI CertSetCertificateContextProperty(PCCERT_CONTEXT pCertContext,
549 DWORD dwPropId, DWORD dwFlags, const void *pvData)
553 TRACE("(%p, %d, %08x, %p)\n", pCertContext, dwPropId, dwFlags, pvData);
555 /* Handle special cases for "read-only"/invalid prop IDs. Windows just
556 * crashes on most of these, I'll be safer.
561 case CERT_ACCESS_STATE_PROP_ID:
562 case CERT_CERT_PROP_ID:
563 case CERT_CRL_PROP_ID:
564 case CERT_CTL_PROP_ID:
565 SetLastError(E_INVALIDARG);
568 ret = CertContext_SetProperty((void *)pCertContext, dwPropId, dwFlags,
570 TRACE("returning %d\n", ret);
574 /* Acquires the private key using the key provider info, retrieving info from
575 * the certificate if info is NULL. The acquired provider is returned in
576 * *phCryptProv, and the key spec for the provider is returned in *pdwKeySpec.
578 static BOOL CRYPT_AcquirePrivateKeyFromProvInfo(PCCERT_CONTEXT pCert,
579 PCRYPT_KEY_PROV_INFO info, HCRYPTPROV *phCryptProv, DWORD *pdwKeySpec)
582 BOOL allocated = FALSE, ret = TRUE;
586 ret = CertGetCertificateContextProperty(pCert,
587 CERT_KEY_PROV_INFO_PROP_ID, 0, &size);
590 info = (PCRYPT_KEY_PROV_INFO)HeapAlloc(GetProcessHeap(), 0, size);
593 ret = CertGetCertificateContextProperty(pCert,
594 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
599 SetLastError(CRYPT_E_NO_KEY_PROPERTY);
603 ret = CryptAcquireContextW(phCryptProv, info->pwszContainerName,
604 info->pwszProvName, info->dwProvType, 0);
609 for (i = 0; i < info->cProvParam; i++)
611 CryptSetProvParam(*phCryptProv,
612 info->rgProvParam[i].dwParam, info->rgProvParam[i].pbData,
613 info->rgProvParam[i].dwFlags);
615 *pdwKeySpec = info->dwKeySpec;
618 SetLastError(CRYPT_E_NO_KEY_PROPERTY);
621 HeapFree(GetProcessHeap(), 0, info);
625 BOOL WINAPI CryptAcquireCertificatePrivateKey(PCCERT_CONTEXT pCert,
626 DWORD dwFlags, void *pvReserved, HCRYPTPROV *phCryptProv, DWORD *pdwKeySpec,
627 BOOL *pfCallerFreeProv)
629 BOOL ret = FALSE, cache = FALSE;
630 PCRYPT_KEY_PROV_INFO info = NULL;
631 CERT_KEY_CONTEXT keyContext;
634 TRACE("(%p, %08x, %p, %p, %p, %p)\n", pCert, dwFlags, pvReserved,
635 phCryptProv, pdwKeySpec, pfCallerFreeProv);
637 if (dwFlags & CRYPT_ACQUIRE_USE_PROV_INFO_FLAG)
641 ret = CertGetCertificateContextProperty(pCert,
642 CERT_KEY_PROV_INFO_PROP_ID, 0, &size);
645 info = (PCRYPT_KEY_PROV_INFO)HeapAlloc(
646 GetProcessHeap(), 0, size);
647 ret = CertGetCertificateContextProperty(pCert,
648 CERT_KEY_PROV_INFO_PROP_ID, info, &size);
650 cache = info->dwFlags & CERT_SET_KEY_CONTEXT_PROP_ID;
653 else if (dwFlags & CRYPT_ACQUIRE_CACHE_FLAG)
658 size = sizeof(keyContext);
659 ret = CertGetCertificateContextProperty(pCert, CERT_KEY_CONTEXT_PROP_ID,
663 *phCryptProv = keyContext.hCryptProv;
665 *pdwKeySpec = keyContext.dwKeySpec;
666 if (pfCallerFreeProv)
667 *pfCallerFreeProv = !cache;
672 ret = CRYPT_AcquirePrivateKeyFromProvInfo(pCert, info,
673 &keyContext.hCryptProv, &keyContext.dwKeySpec);
676 *phCryptProv = keyContext.hCryptProv;
678 *pdwKeySpec = keyContext.dwKeySpec;
681 keyContext.cbSize = sizeof(keyContext);
682 if (CertSetCertificateContextProperty(pCert,
683 CERT_KEY_CONTEXT_PROP_ID, 0, &keyContext))
685 if (pfCallerFreeProv)
686 *pfCallerFreeProv = FALSE;
691 if (pfCallerFreeProv)
692 *pfCallerFreeProv = TRUE;
696 HeapFree(GetProcessHeap(), 0, info);
700 BOOL WINAPI CertCompareCertificate(DWORD dwCertEncodingType,
701 PCERT_INFO pCertId1, PCERT_INFO pCertId2)
703 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pCertId1, pCertId2);
705 return CertCompareCertificateName(dwCertEncodingType, &pCertId1->Issuer,
706 &pCertId2->Issuer) && CertCompareIntegerBlob(&pCertId1->SerialNumber,
707 &pCertId2->SerialNumber);
710 BOOL WINAPI CertCompareCertificateName(DWORD dwCertEncodingType,
711 PCERT_NAME_BLOB pCertName1, PCERT_NAME_BLOB pCertName2)
715 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pCertName1, pCertName2);
717 if (pCertName1->cbData == pCertName2->cbData)
719 if (pCertName1->cbData)
720 ret = !memcmp(pCertName1->pbData, pCertName2->pbData,
730 /* Returns the number of significant bytes in pInt, where a byte is
731 * insignificant if it's a leading 0 for positive numbers or a leading 0xff
732 * for negative numbers. pInt is assumed to be little-endian.
734 static DWORD CRYPT_significantBytes(PCRYPT_INTEGER_BLOB pInt)
736 DWORD ret = pInt->cbData;
740 if (pInt->pbData[ret - 2] <= 0x7f && pInt->pbData[ret - 1] == 0)
742 else if (pInt->pbData[ret - 2] >= 0x80 && pInt->pbData[ret - 1] == 0xff)
750 BOOL WINAPI CertCompareIntegerBlob(PCRYPT_INTEGER_BLOB pInt1,
751 PCRYPT_INTEGER_BLOB pInt2)
756 TRACE("(%p, %p)\n", pInt1, pInt2);
758 cb1 = CRYPT_significantBytes(pInt1);
759 cb2 = CRYPT_significantBytes(pInt2);
763 ret = !memcmp(pInt1->pbData, pInt1->pbData, cb1);
772 BOOL WINAPI CertComparePublicKeyInfo(DWORD dwCertEncodingType,
773 PCERT_PUBLIC_KEY_INFO pPublicKey1, PCERT_PUBLIC_KEY_INFO pPublicKey2)
777 TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pPublicKey1, pPublicKey2);
779 if (pPublicKey1->PublicKey.cbData == pPublicKey2->PublicKey.cbData &&
780 pPublicKey1->PublicKey.cUnusedBits == pPublicKey2->PublicKey.cUnusedBits)
782 if (pPublicKey2->PublicKey.cbData)
783 ret = !memcmp(pPublicKey1->PublicKey.pbData,
784 pPublicKey2->PublicKey.pbData, pPublicKey1->PublicKey.cbData);
793 DWORD WINAPI CertGetPublicKeyLength(DWORD dwCertEncodingType,
794 PCERT_PUBLIC_KEY_INFO pPublicKey)
798 TRACE("(%08x, %p)\n", dwCertEncodingType, pPublicKey);
800 if (dwCertEncodingType != X509_ASN_ENCODING)
802 SetLastError(ERROR_FILE_NOT_FOUND);
805 if (pPublicKey->Algorithm.pszObjId &&
806 !strcmp(pPublicKey->Algorithm.pszObjId, szOID_RSA_DH))
808 FIXME("unimplemented for DH public keys\n");
809 SetLastError(CRYPT_E_ASN1_BADTAG);
815 BOOL ret = CryptDecodeObjectEx(dwCertEncodingType,
816 RSA_CSP_PUBLICKEYBLOB, pPublicKey->PublicKey.pbData,
817 pPublicKey->PublicKey.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &buf,
822 RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)((LPBYTE)buf +
825 len = rsaPubKey->bitlen;
832 typedef BOOL (*CertCompareFunc)(PCCERT_CONTEXT pCertContext, DWORD dwType,
833 DWORD dwFlags, const void *pvPara);
835 static BOOL compare_cert_any(PCCERT_CONTEXT pCertContext, DWORD dwType,
836 DWORD dwFlags, const void *pvPara)
841 static BOOL compare_cert_by_md5_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
842 DWORD dwFlags, const void *pvPara)
846 DWORD size = sizeof(hash);
848 ret = CertGetCertificateContextProperty(pCertContext,
849 CERT_MD5_HASH_PROP_ID, hash, &size);
852 const CRYPT_HASH_BLOB *pHash = (const CRYPT_HASH_BLOB *)pvPara;
854 if (size == pHash->cbData)
855 ret = !memcmp(pHash->pbData, hash, size);
862 static BOOL compare_cert_by_sha1_hash(PCCERT_CONTEXT pCertContext, DWORD dwType,
863 DWORD dwFlags, const void *pvPara)
867 DWORD size = sizeof(hash);
869 ret = CertGetCertificateContextProperty(pCertContext,
870 CERT_SHA1_HASH_PROP_ID, hash, &size);
873 const CRYPT_HASH_BLOB *pHash = (const CRYPT_HASH_BLOB *)pvPara;
875 if (size == pHash->cbData)
876 ret = !memcmp(pHash->pbData, hash, size);
883 static BOOL compare_cert_by_name(PCCERT_CONTEXT pCertContext, DWORD dwType,
884 DWORD dwFlags, const void *pvPara)
886 CERT_NAME_BLOB *blob = (CERT_NAME_BLOB *)pvPara, *toCompare;
889 if (dwType & CERT_INFO_SUBJECT_FLAG)
890 toCompare = &pCertContext->pCertInfo->Subject;
892 toCompare = &pCertContext->pCertInfo->Issuer;
893 ret = CertCompareCertificateName(pCertContext->dwCertEncodingType,
898 static BOOL compare_cert_by_subject_cert(PCCERT_CONTEXT pCertContext,
899 DWORD dwType, DWORD dwFlags, const void *pvPara)
901 CERT_INFO *pCertInfo = (CERT_INFO *)pvPara;
903 return CertCompareCertificateName(pCertContext->dwCertEncodingType,
904 &pCertInfo->Issuer, &pCertContext->pCertInfo->Subject);
907 static BOOL compare_cert_by_issuer(PCCERT_CONTEXT pCertContext,
908 DWORD dwType, DWORD dwFlags, const void *pvPara)
910 return compare_cert_by_subject_cert(pCertContext, dwType, dwFlags,
911 ((PCCERT_CONTEXT)pvPara)->pCertInfo);
914 PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore,
915 DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara,
916 PCCERT_CONTEXT pPrevCertContext)
919 CertCompareFunc compare;
921 TRACE("(%p, %d, %d, %d, %p, %p)\n", hCertStore, dwCertEncodingType,
922 dwFlags, dwType, pvPara, pPrevCertContext);
924 switch (dwType >> CERT_COMPARE_SHIFT)
926 case CERT_COMPARE_ANY:
927 compare = compare_cert_any;
929 case CERT_COMPARE_MD5_HASH:
930 compare = compare_cert_by_md5_hash;
932 case CERT_COMPARE_SHA1_HASH:
933 compare = compare_cert_by_sha1_hash;
935 case CERT_COMPARE_NAME:
936 compare = compare_cert_by_name;
938 case CERT_COMPARE_SUBJECT_CERT:
939 compare = compare_cert_by_subject_cert;
941 case CERT_COMPARE_ISSUER_OF:
942 compare = compare_cert_by_issuer;
945 FIXME("find type %08x unimplemented\n", dwType);
951 BOOL matches = FALSE;
953 ret = pPrevCertContext;
955 ret = CertEnumCertificatesInStore(hCertStore, ret);
957 matches = compare(ret, dwType, dwFlags, pvPara);
958 } while (ret != NULL && !matches);
960 SetLastError(CRYPT_E_NOT_FOUND);
964 SetLastError(CRYPT_E_NOT_FOUND);
970 PCCERT_CONTEXT WINAPI CertGetSubjectCertificateFromStore(HCERTSTORE hCertStore,
971 DWORD dwCertEncodingType, PCERT_INFO pCertId)
973 TRACE("(%p, %08x, %p)\n", hCertStore, dwCertEncodingType, pCertId);
977 SetLastError(E_INVALIDARG);
980 return CertFindCertificateInStore(hCertStore, dwCertEncodingType, 0,
981 CERT_FIND_SUBJECT_CERT, pCertId, NULL);
984 BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT pSubject,
985 PCCERT_CONTEXT pIssuer, DWORD *pdwFlags)
987 static const DWORD supportedFlags = CERT_STORE_REVOCATION_FLAG |
988 CERT_STORE_SIGNATURE_FLAG | CERT_STORE_TIME_VALIDITY_FLAG;
990 if (*pdwFlags & ~supportedFlags)
992 SetLastError(E_INVALIDARG);
995 if (*pdwFlags & CERT_STORE_REVOCATION_FLAG)
998 PCCRL_CONTEXT crl = CertGetCRLFromStore(pSubject->hCertStore, pSubject,
1001 /* FIXME: what if the CRL has expired? */
1004 if (CertVerifyCRLRevocation(pSubject->dwCertEncodingType,
1005 pSubject->pCertInfo, 1, (PCRL_INFO *)&crl->pCrlInfo))
1006 *pdwFlags &= CERT_STORE_REVOCATION_FLAG;
1009 *pdwFlags |= CERT_STORE_NO_CRL_FLAG;
1011 if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
1013 if (0 == CertVerifyTimeValidity(NULL, pSubject->pCertInfo))
1014 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
1016 if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
1018 if (CryptVerifyCertificateSignatureEx(0, pSubject->dwCertEncodingType,
1019 CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, (void *)pSubject,
1020 CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuer, 0, NULL))
1021 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
1026 PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
1027 PCCERT_CONTEXT pSubjectContext, PCCERT_CONTEXT pPrevIssuerContext,
1032 TRACE("(%p, %p, %p, %08x)\n", hCertStore, pSubjectContext,
1033 pPrevIssuerContext, *pdwFlags);
1035 if (!pSubjectContext)
1037 SetLastError(E_INVALIDARG);
1041 ret = CertFindCertificateInStore(hCertStore,
1042 pSubjectContext->dwCertEncodingType, 0, CERT_FIND_ISSUER_OF,
1043 pSubjectContext, pPrevIssuerContext);
1046 if (!CertVerifySubjectCertificateContext(pSubjectContext, ret,
1049 CertFreeCertificateContext(ret);
1057 PCRYPT_ATTRIBUTE WINAPI CertFindAttribute(LPCSTR pszObjId, DWORD cAttr,
1058 CRYPT_ATTRIBUTE rgAttr[])
1060 PCRYPT_ATTRIBUTE ret = NULL;
1063 TRACE("%s %d %p\n", debugstr_a(pszObjId), cAttr, rgAttr);
1069 SetLastError(ERROR_INVALID_PARAMETER);
1073 for (i = 0; !ret && i < cAttr; i++)
1074 if (rgAttr[i].pszObjId && !strcmp(pszObjId, rgAttr[i].pszObjId))
1079 PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions,
1080 CERT_EXTENSION rgExtensions[])
1082 PCERT_EXTENSION ret = NULL;
1085 TRACE("%s %d %p\n", debugstr_a(pszObjId), cExtensions, rgExtensions);
1091 SetLastError(ERROR_INVALID_PARAMETER);
1095 for (i = 0; !ret && i < cExtensions; i++)
1096 if (rgExtensions[i].pszObjId && !strcmp(pszObjId,
1097 rgExtensions[i].pszObjId))
1098 ret = &rgExtensions[i];
1102 PCERT_RDN_ATTR WINAPI CertFindRDNAttr(LPCSTR pszObjId, PCERT_NAME_INFO pName)
1104 PCERT_RDN_ATTR ret = NULL;
1107 TRACE("%s %p\n", debugstr_a(pszObjId), pName);
1111 SetLastError(ERROR_INVALID_PARAMETER);
1115 for (i = 0; !ret && i < pName->cRDN; i++)
1116 for (j = 0; !ret && j < pName->rgRDN[i].cRDNAttr; j++)
1117 if (pName->rgRDN[i].rgRDNAttr[j].pszObjId && !strcmp(pszObjId,
1118 pName->rgRDN[i].rgRDNAttr[j].pszObjId))
1119 ret = &pName->rgRDN[i].rgRDNAttr[j];
1123 LONG WINAPI CertVerifyTimeValidity(LPFILETIME pTimeToVerify,
1124 PCERT_INFO pCertInfo)
1133 GetSystemTime(&sysTime);
1134 SystemTimeToFileTime(&sysTime, &fileTime);
1135 pTimeToVerify = &fileTime;
1137 if ((ret = CompareFileTime(pTimeToVerify, &pCertInfo->NotBefore)) >= 0)
1139 ret = CompareFileTime(pTimeToVerify, &pCertInfo->NotAfter);
1146 BOOL WINAPI CertVerifyValidityNesting(PCERT_INFO pSubjectInfo,
1147 PCERT_INFO pIssuerInfo)
1149 TRACE("(%p, %p)\n", pSubjectInfo, pIssuerInfo);
1151 return CertVerifyTimeValidity(&pSubjectInfo->NotBefore, pIssuerInfo) == 0
1152 && CertVerifyTimeValidity(&pSubjectInfo->NotAfter, pIssuerInfo) == 0;
1155 BOOL WINAPI CryptHashCertificate(HCRYPTPROV hCryptProv, ALG_ID Algid,
1156 DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash,
1157 DWORD *pcbComputedHash)
1160 HCRYPTHASH hHash = 0;
1162 TRACE("(%08lx, %d, %08x, %p, %d, %p, %p)\n", hCryptProv, Algid, dwFlags,
1163 pbEncoded, cbEncoded, pbComputedHash, pcbComputedHash);
1166 hCryptProv = CRYPT_GetDefaultProvider();
1171 ret = CryptCreateHash(hCryptProv, Algid, 0, 0, &hHash);
1174 ret = CryptHashData(hHash, pbEncoded, cbEncoded, 0);
1176 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
1177 pcbComputedHash, 0);
1178 CryptDestroyHash(hHash);
1184 BOOL WINAPI CryptHashPublicKeyInfo(HCRYPTPROV hCryptProv, ALG_ID Algid,
1185 DWORD dwFlags, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo,
1186 BYTE *pbComputedHash, DWORD *pcbComputedHash)
1189 HCRYPTHASH hHash = 0;
1191 TRACE("(%08lx, %d, %08x, %d, %p, %p, %p)\n", hCryptProv, Algid, dwFlags,
1192 dwCertEncodingType, pInfo, pbComputedHash, pcbComputedHash);
1195 hCryptProv = CRYPT_GetDefaultProvider();
1203 ret = CryptEncodeObjectEx(dwCertEncodingType, X509_PUBLIC_KEY_INFO,
1204 pInfo, CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
1207 ret = CryptCreateHash(hCryptProv, Algid, 0, 0, &hHash);
1210 ret = CryptHashData(hHash, buf, size, 0);
1212 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbComputedHash,
1213 pcbComputedHash, 0);
1214 CryptDestroyHash(hHash);
1222 BOOL WINAPI CryptSignCertificate(HCRYPTPROV hCryptProv, DWORD dwKeySpec,
1223 DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned,
1224 DWORD cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
1225 const void *pvHashAuxInfo, BYTE *pbSignature, DWORD *pcbSignature)
1228 PCCRYPT_OID_INFO info;
1231 TRACE("(%08lx, %d, %d, %p, %d, %p, %p, %p, %p)\n", hCryptProv,
1232 dwKeySpec, dwCertEncodingType, pbEncodedToBeSigned, cbEncodedToBeSigned,
1233 pSignatureAlgorithm, pvHashAuxInfo, pbSignature, pcbSignature);
1235 info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
1236 pSignatureAlgorithm->pszObjId, 0);
1239 SetLastError(NTE_BAD_ALGID);
1242 if (info->dwGroupId == CRYPT_HASH_ALG_OID_GROUP_ID)
1245 hCryptProv = CRYPT_GetDefaultProvider();
1246 ret = CryptCreateHash(hCryptProv, info->u.Algid, 0, 0, &hHash);
1249 ret = CryptHashData(hHash, pbEncodedToBeSigned,
1250 cbEncodedToBeSigned, 0);
1252 ret = CryptGetHashParam(hHash, HP_HASHVAL, pbSignature,
1254 CryptDestroyHash(hHash);
1261 SetLastError(ERROR_INVALID_PARAMETER);
1266 ret = CryptCreateHash(hCryptProv, info->u.Algid, 0, 0, &hHash);
1269 ret = CryptHashData(hHash, pbEncodedToBeSigned,
1270 cbEncodedToBeSigned, 0);
1272 ret = CryptSignHashW(hHash, dwKeySpec, NULL, 0, pbSignature,
1274 CryptDestroyHash(hHash);
1281 BOOL WINAPI CryptSignAndEncodeCertificate(HCRYPTPROV hCryptProv,
1282 DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType,
1283 const void *pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
1284 const void *pvHashAuxInfo, PBYTE pbEncoded, DWORD *pcbEncoded)
1287 DWORD encodedSize, hashSize;
1289 TRACE("(%08lx, %d, %d, %s, %p, %p, %p, %p, %p)\n", hCryptProv, dwKeySpec,
1290 dwCertEncodingType, debugstr_a(lpszStructType), pvStructInfo,
1291 pSignatureAlgorithm, pvHashAuxInfo, pbEncoded, pcbEncoded);
1293 ret = CryptEncodeObject(dwCertEncodingType, lpszStructType, pvStructInfo,
1294 NULL, &encodedSize);
1297 PBYTE encoded = CryptMemAlloc(encodedSize);
1301 ret = CryptEncodeObject(dwCertEncodingType, lpszStructType,
1302 pvStructInfo, encoded, &encodedSize);
1305 ret = CryptSignCertificate(hCryptProv, dwKeySpec,
1306 dwCertEncodingType, encoded, encodedSize, pSignatureAlgorithm,
1307 pvHashAuxInfo, NULL, &hashSize);
1310 PBYTE hash = CryptMemAlloc(hashSize);
1314 ret = CryptSignCertificate(hCryptProv, dwKeySpec,
1315 dwCertEncodingType, encoded, encodedSize,
1316 pSignatureAlgorithm, pvHashAuxInfo, hash, &hashSize);
1319 CERT_SIGNED_CONTENT_INFO info = { { 0 } };
1321 info.ToBeSigned.cbData = encodedSize;
1322 info.ToBeSigned.pbData = encoded;
1323 memcpy(&info.SignatureAlgorithm,
1324 pSignatureAlgorithm,
1325 sizeof(info.SignatureAlgorithm));
1326 info.Signature.cbData = hashSize;
1327 info.Signature.pbData = hash;
1328 info.Signature.cUnusedBits = 0;
1329 ret = CryptEncodeObject(dwCertEncodingType,
1330 X509_CERT, &info, pbEncoded, pcbEncoded);
1336 CryptMemFree(encoded);
1342 BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV hCryptProv,
1343 DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
1344 PCERT_PUBLIC_KEY_INFO pPublicKey)
1346 return CryptVerifyCertificateSignatureEx(hCryptProv, dwCertEncodingType,
1347 CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, (void *)pbEncoded,
1348 CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL);
1351 static BOOL CRYPT_VerifyCertSignatureFromPublicKeyInfo(HCRYPTPROV hCryptProv,
1352 DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo,
1353 PCERT_SIGNED_CONTENT_INFO signedCert)
1357 PCCRYPT_OID_INFO info;
1358 ALG_ID pubKeyID, hashID;
1360 info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
1361 pubKeyInfo->Algorithm.pszObjId, 0);
1362 if (!info || (info->dwGroupId != CRYPT_PUBKEY_ALG_OID_GROUP_ID &&
1363 info->dwGroupId != CRYPT_SIGN_ALG_OID_GROUP_ID))
1365 SetLastError(NTE_BAD_ALGID);
1368 if (info->dwGroupId == CRYPT_PUBKEY_ALG_OID_GROUP_ID)
1370 switch (info->u.Algid)
1373 pubKeyID = CALG_RSA_SIGN;
1377 pubKeyID = CALG_RSA_SIGN;
1381 FIXME("unimplemented for %s\n", pubKeyInfo->Algorithm.pszObjId);
1387 hashID = info->u.Algid;
1388 if (info->ExtraInfo.cbData >= sizeof(ALG_ID))
1389 pubKeyID = *(ALG_ID *)info->ExtraInfo.pbData;
1393 /* Load the default provider if necessary */
1395 hCryptProv = CRYPT_GetDefaultProvider();
1396 ret = CryptImportPublicKeyInfoEx(hCryptProv, dwCertEncodingType,
1397 pubKeyInfo, pubKeyID, 0, NULL, &key);
1402 ret = CryptCreateHash(hCryptProv, hashID, 0, 0, &hash);
1405 ret = CryptHashData(hash, signedCert->ToBeSigned.pbData,
1406 signedCert->ToBeSigned.cbData, 0);
1408 ret = CryptVerifySignatureW(hash, signedCert->Signature.pbData,
1409 signedCert->Signature.cbData, key, NULL, 0);
1410 CryptDestroyHash(hash);
1412 CryptDestroyKey(key);
1417 BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV hCryptProv,
1418 DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
1419 DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
1422 CRYPT_DATA_BLOB subjectBlob;
1424 TRACE("(%08lx, %d, %d, %p, %d, %p, %08x, %p)\n", hCryptProv,
1425 dwCertEncodingType, dwSubjectType, pvSubject, dwIssuerType, pvIssuer,
1426 dwFlags, pvReserved);
1428 switch (dwSubjectType)
1430 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB:
1432 PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvSubject;
1434 subjectBlob.pbData = blob->pbData;
1435 subjectBlob.cbData = blob->cbData;
1438 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT:
1440 PCERT_CONTEXT context = (PCERT_CONTEXT)pvSubject;
1442 subjectBlob.pbData = context->pbCertEncoded;
1443 subjectBlob.cbData = context->cbCertEncoded;
1446 case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL:
1448 PCRL_CONTEXT context = (PCRL_CONTEXT)pvSubject;
1450 subjectBlob.pbData = context->pbCrlEncoded;
1451 subjectBlob.cbData = context->cbCrlEncoded;
1455 SetLastError(E_INVALIDARG);
1461 PCERT_SIGNED_CONTENT_INFO signedCert = NULL;
1464 ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT,
1465 subjectBlob.pbData, subjectBlob.cbData,
1466 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
1467 (BYTE *)&signedCert, &size);
1470 switch (dwIssuerType)
1472 case CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY:
1473 ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
1474 dwCertEncodingType, (PCERT_PUBLIC_KEY_INFO)pvIssuer,
1477 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT:
1478 ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
1480 &((PCCERT_CONTEXT)pvIssuer)->pCertInfo->SubjectPublicKeyInfo,
1483 case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN:
1484 FIXME("CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN: stub\n");
1487 case CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL:
1490 SetLastError(E_INVALIDARG);
1495 FIXME("unimplemented for NULL signer\n");
1496 SetLastError(E_INVALIDARG);
1501 SetLastError(E_INVALIDARG);
1504 LocalFree(signedCert);
1510 BOOL WINAPI CertGetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext, DWORD dwFlags,
1511 PCERT_ENHKEY_USAGE pUsage, DWORD *pcbUsage)
1513 PCERT_ENHKEY_USAGE usage = NULL;
1517 if (!pCertContext || !pcbUsage)
1519 SetLastError(ERROR_INVALID_PARAMETER);
1523 TRACE("(%p, %08x, %p, %d)\n", pCertContext, dwFlags, pUsage, *pcbUsage);
1525 if (!(dwFlags & CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG))
1529 if (CertGetCertificateContextProperty(pCertContext,
1530 CERT_ENHKEY_USAGE_PROP_ID, NULL, &propSize))
1532 LPBYTE buf = CryptMemAlloc(propSize);
1536 if (CertGetCertificateContextProperty(pCertContext,
1537 CERT_ENHKEY_USAGE_PROP_ID, buf, &propSize))
1539 ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
1540 X509_ENHANCED_KEY_USAGE, buf, propSize,
1541 CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
1547 if (!usage && !(dwFlags & CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG))
1549 PCERT_EXTENSION ext = CertFindExtension(szOID_ENHANCED_KEY_USAGE,
1550 pCertContext->pCertInfo->cExtension,
1551 pCertContext->pCertInfo->rgExtension);
1555 ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
1556 X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData,
1557 CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
1562 /* If a particular location is specified, this should fail. Otherwise
1563 * it should succeed with an empty usage. (This is true on Win2k and
1564 * later, which we emulate.)
1568 SetLastError(CRYPT_E_NOT_FOUND);
1572 bytesNeeded = sizeof(CERT_ENHKEY_USAGE);
1578 *pcbUsage = bytesNeeded;
1579 else if (*pcbUsage < bytesNeeded)
1581 SetLastError(ERROR_MORE_DATA);
1582 *pcbUsage = bytesNeeded;
1587 *pcbUsage = bytesNeeded;
1591 LPSTR nextOID = (LPSTR)((LPBYTE)pUsage +
1592 sizeof(CERT_ENHKEY_USAGE) +
1593 usage->cUsageIdentifier * sizeof(LPSTR));
1595 pUsage->cUsageIdentifier = usage->cUsageIdentifier;
1596 pUsage->rgpszUsageIdentifier = (LPSTR *)((LPBYTE)pUsage +
1597 sizeof(CERT_ENHKEY_USAGE));
1598 for (i = 0; i < usage->cUsageIdentifier; i++)
1600 pUsage->rgpszUsageIdentifier[i] = nextOID;
1601 strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
1602 nextOID += strlen(nextOID) + 1;
1606 pUsage->cUsageIdentifier = 0;
1611 TRACE("returning %d\n", ret);
1615 BOOL WINAPI CertSetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext,
1616 PCERT_ENHKEY_USAGE pUsage)
1620 TRACE("(%p, %p)\n", pCertContext, pUsage);
1624 CRYPT_DATA_BLOB blob = { 0, NULL };
1626 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_ENHANCED_KEY_USAGE,
1627 pUsage, CRYPT_ENCODE_ALLOC_FLAG, NULL, &blob.pbData, &blob.cbData);
1630 ret = CertSetCertificateContextProperty(pCertContext,
1631 CERT_ENHKEY_USAGE_PROP_ID, 0, &blob);
1632 LocalFree(blob.pbData);
1636 ret = CertSetCertificateContextProperty(pCertContext,
1637 CERT_ENHKEY_USAGE_PROP_ID, 0, NULL);
1641 BOOL WINAPI CertAddEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext,
1642 LPCSTR pszUsageIdentifier)
1647 TRACE("(%p, %s)\n", pCertContext, debugstr_a(pszUsageIdentifier));
1649 if (CertGetEnhancedKeyUsage(pCertContext,
1650 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, NULL, &size))
1652 PCERT_ENHKEY_USAGE usage = CryptMemAlloc(size);
1656 ret = CertGetEnhancedKeyUsage(pCertContext,
1657 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, usage, &size);
1660 PCERT_ENHKEY_USAGE newUsage = CryptMemAlloc(size +
1661 sizeof(LPSTR) + strlen(pszUsageIdentifier) + 1);
1668 newUsage->rgpszUsageIdentifier =
1669 (LPSTR *)((LPBYTE)newUsage + sizeof(CERT_ENHKEY_USAGE));
1670 nextOID = (LPSTR)((LPBYTE)newUsage->rgpszUsageIdentifier +
1671 (usage->cUsageIdentifier + 1) * sizeof(LPSTR));
1672 for (i = 0; i < usage->cUsageIdentifier; i++)
1674 newUsage->rgpszUsageIdentifier[i] = nextOID;
1675 strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
1676 nextOID += strlen(nextOID) + 1;
1678 newUsage->rgpszUsageIdentifier[i] = nextOID;
1679 strcpy(nextOID, pszUsageIdentifier);
1680 newUsage->cUsageIdentifier = i + 1;
1681 ret = CertSetEnhancedKeyUsage(pCertContext, newUsage);
1682 CryptMemFree(newUsage);
1685 CryptMemFree(usage);
1692 PCERT_ENHKEY_USAGE usage = CryptMemAlloc(sizeof(CERT_ENHKEY_USAGE) +
1693 sizeof(LPSTR) + strlen(pszUsageIdentifier) + 1);
1697 usage->rgpszUsageIdentifier =
1698 (LPSTR *)((LPBYTE)usage + sizeof(CERT_ENHKEY_USAGE));
1699 usage->rgpszUsageIdentifier[0] = (LPSTR)((LPBYTE)usage +
1700 sizeof(CERT_ENHKEY_USAGE) + sizeof(LPSTR));
1701 strcpy(usage->rgpszUsageIdentifier[0], pszUsageIdentifier);
1702 usage->cUsageIdentifier = 1;
1703 ret = CertSetEnhancedKeyUsage(pCertContext, usage);
1704 CryptMemFree(usage);
1712 BOOL WINAPI CertRemoveEnhancedKeyUsageIdentifier(PCCERT_CONTEXT pCertContext,
1713 LPCSTR pszUsageIdentifier)
1717 CERT_ENHKEY_USAGE usage;
1719 TRACE("(%p, %s)\n", pCertContext, debugstr_a(pszUsageIdentifier));
1721 size = sizeof(usage);
1722 ret = CertGetEnhancedKeyUsage(pCertContext,
1723 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, &usage, &size);
1724 if (!ret && GetLastError() == ERROR_MORE_DATA)
1726 PCERT_ENHKEY_USAGE pUsage = CryptMemAlloc(size);
1730 ret = CertGetEnhancedKeyUsage(pCertContext,
1731 CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG, pUsage, &size);
1734 if (pUsage->cUsageIdentifier)
1739 for (i = 0; i < pUsage->cUsageIdentifier; i++)
1741 if (!strcmp(pUsage->rgpszUsageIdentifier[i],
1742 pszUsageIdentifier))
1744 if (found && i < pUsage->cUsageIdentifier - 1)
1745 pUsage->rgpszUsageIdentifier[i] =
1746 pUsage->rgpszUsageIdentifier[i + 1];
1748 pUsage->cUsageIdentifier--;
1749 /* Remove the usage if it's empty */
1750 if (pUsage->cUsageIdentifier)
1751 ret = CertSetEnhancedKeyUsage(pCertContext, pUsage);
1753 ret = CertSetEnhancedKeyUsage(pCertContext, NULL);
1756 CryptMemFree(pUsage);
1763 /* it fit in an empty usage, therefore there's nothing to remove */
1769 BOOL WINAPI CertGetValidUsages(DWORD cCerts, PCCERT_CONTEXT *rghCerts,
1770 int *cNumOIDSs, LPSTR *rghOIDs, DWORD *pcbOIDs)
1773 DWORD i, cbOIDs = 0;
1774 BOOL allUsagesValid = TRUE;
1775 CERT_ENHKEY_USAGE validUsages = { 0, NULL };
1777 TRACE("(%d, %p, %p, %p, %d)\n", cCerts, *rghCerts, cNumOIDSs,
1780 for (i = 0; ret && i < cCerts; i++)
1782 CERT_ENHKEY_USAGE usage;
1783 DWORD size = sizeof(usage);
1785 ret = CertGetEnhancedKeyUsage(rghCerts[i], 0, &usage, &size);
1786 /* Success is deliberately ignored: it implies all usages are valid */
1787 if (!ret && GetLastError() == ERROR_MORE_DATA)
1789 PCERT_ENHKEY_USAGE pUsage = CryptMemAlloc(size);
1791 allUsagesValid = FALSE;
1794 ret = CertGetEnhancedKeyUsage(rghCerts[i], 0, pUsage, &size);
1797 if (!validUsages.cUsageIdentifier)
1801 cbOIDs = pUsage->cUsageIdentifier * sizeof(LPSTR);
1802 validUsages.cUsageIdentifier = pUsage->cUsageIdentifier;
1803 for (j = 0; j < validUsages.cUsageIdentifier; j++)
1804 cbOIDs += lstrlenA(pUsage->rgpszUsageIdentifier[j])
1806 validUsages.rgpszUsageIdentifier =
1807 CryptMemAlloc(cbOIDs);
1808 if (validUsages.rgpszUsageIdentifier)
1810 LPSTR nextOID = (LPSTR)
1811 ((LPBYTE)validUsages.rgpszUsageIdentifier +
1812 validUsages.cUsageIdentifier * sizeof(LPSTR));
1814 for (j = 0; j < validUsages.cUsageIdentifier; j++)
1816 validUsages.rgpszUsageIdentifier[j] = nextOID;
1817 lstrcpyA(validUsages.rgpszUsageIdentifier[j],
1818 pUsage->rgpszUsageIdentifier[j]);
1819 nextOID += lstrlenA(nextOID) + 1;
1827 DWORD j, k, validIndexes = 0, numRemoved = 0;
1829 /* Merge: build a bitmap of all the indexes of
1830 * validUsages.rgpszUsageIdentifier that are in pUsage.
1832 for (j = 0; j < pUsage->cUsageIdentifier; j++)
1834 for (k = 0; k < validUsages.cUsageIdentifier; k++)
1836 if (!strcmp(pUsage->rgpszUsageIdentifier[j],
1837 validUsages.rgpszUsageIdentifier[k]))
1839 validIndexes |= (1 << k);
1844 /* Merge by removing from validUsages those that are
1845 * not in the bitmap.
1847 for (j = 0; j < validUsages.cUsageIdentifier; j++)
1849 if (!(validIndexes & (1 << j)))
1851 if (j < validUsages.cUsageIdentifier - 1)
1853 memcpy(&validUsages.rgpszUsageIdentifier[j],
1854 &validUsages.rgpszUsageIdentifier[j +
1856 (validUsages.cUsageIdentifier - numRemoved
1857 - j - 1) * sizeof(LPSTR));
1859 validUsages.rgpszUsageIdentifier[j]) + 1 +
1864 validUsages.cUsageIdentifier--;
1869 CryptMemFree(pUsage);
1884 if (!rghOIDs || *pcbOIDs < cbOIDs)
1887 SetLastError(ERROR_MORE_DATA);
1892 LPSTR nextOID = (LPSTR)((LPBYTE)rghOIDs +
1893 validUsages.cUsageIdentifier * sizeof(LPSTR));
1896 *cNumOIDSs = validUsages.cUsageIdentifier;
1897 for (i = 0; i < validUsages.cUsageIdentifier; i++)
1899 rghOIDs[i] = nextOID;
1900 lstrcpyA(nextOID, validUsages.rgpszUsageIdentifier[i]);
1901 nextOID += lstrlenA(nextOID) + 1;
1906 CryptMemFree(validUsages.rgpszUsageIdentifier);
1910 /* Sets the CERT_KEY_PROV_INFO_PROP_ID property of context from pInfo, or, if
1911 * pInfo is NULL, from the attributes of hProv.
1913 static void CertContext_SetKeyProvInfo(PCCERT_CONTEXT context,
1914 PCRYPT_KEY_PROV_INFO pInfo, HCRYPTPROV hProv)
1916 CRYPT_KEY_PROV_INFO info = { 0 };
1924 ret = CryptGetProvParam(hProv, PP_CONTAINER, NULL, &size, 0);
1927 LPSTR szContainer = CryptMemAlloc(size);
1931 ret = CryptGetProvParam(hProv, PP_CONTAINER,
1932 (BYTE *)szContainer, &size, 0);
1935 len = MultiByteToWideChar(CP_ACP, 0, szContainer, -1,
1939 info.pwszContainerName = CryptMemAlloc(len *
1941 len = MultiByteToWideChar(CP_ACP, 0, szContainer, -1,
1942 info.pwszContainerName, len);
1945 CryptMemFree(szContainer);
1948 ret = CryptGetProvParam(hProv, PP_NAME, NULL, &size, 0);
1951 LPSTR szProvider = CryptMemAlloc(size);
1955 ret = CryptGetProvParam(hProv, PP_NAME, (BYTE *)szProvider,
1959 len = MultiByteToWideChar(CP_ACP, 0, szProvider, -1,
1963 info.pwszProvName = CryptMemAlloc(len *
1965 len = MultiByteToWideChar(CP_ACP, 0, szProvider, -1,
1966 info.pwszProvName, len);
1969 CryptMemFree(szProvider);
1972 size = sizeof(info.dwKeySpec);
1973 ret = CryptGetProvParam(hProv, PP_KEYSPEC, (LPBYTE)&info.dwKeySpec,
1976 info.dwKeySpec = AT_SIGNATURE;
1977 size = sizeof(info.dwProvType);
1978 ret = CryptGetProvParam(hProv, PP_PROVTYPE, (LPBYTE)&info.dwProvType,
1981 info.dwProvType = PROV_RSA_FULL;
1985 ret = CertSetCertificateContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID,
1990 CryptMemFree(info.pwszContainerName);
1991 CryptMemFree(info.pwszProvName);
1995 /* Creates a signed certificate context from the unsigned, encoded certificate
1996 * in blob, using the crypto provider hProv and the signature algorithm sigAlgo.
1998 static PCCERT_CONTEXT CRYPT_CreateSignedCert(PCRYPT_DER_BLOB blob,
1999 HCRYPTPROV hProv, PCRYPT_ALGORITHM_IDENTIFIER sigAlgo)
2001 PCCERT_CONTEXT context = NULL;
2005 ret = CryptSignCertificate(hProv, AT_SIGNATURE, X509_ASN_ENCODING,
2006 blob->pbData, blob->cbData, sigAlgo, NULL, NULL, &sigSize);
2009 LPBYTE sig = CryptMemAlloc(sigSize);
2011 ret = CryptSignCertificate(hProv, AT_SIGNATURE, X509_ASN_ENCODING,
2012 blob->pbData, blob->cbData, sigAlgo, NULL, sig, &sigSize);
2015 CERT_SIGNED_CONTENT_INFO signedInfo;
2016 BYTE *encodedSignedCert = NULL;
2017 DWORD encodedSignedCertSize = 0;
2019 signedInfo.ToBeSigned.cbData = blob->cbData;
2020 signedInfo.ToBeSigned.pbData = blob->pbData;
2021 memcpy(&signedInfo.SignatureAlgorithm, sigAlgo,
2022 sizeof(signedInfo.SignatureAlgorithm));
2023 signedInfo.Signature.cbData = sigSize;
2024 signedInfo.Signature.pbData = sig;
2025 signedInfo.Signature.cUnusedBits = 0;
2026 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT,
2027 &signedInfo, CRYPT_ENCODE_ALLOC_FLAG, NULL,
2028 (BYTE *)&encodedSignedCert, &encodedSignedCertSize);
2031 context = CertCreateCertificateContext(X509_ASN_ENCODING,
2032 encodedSignedCert, encodedSignedCertSize);
2033 LocalFree(encodedSignedCert);
2041 /* Copies data from the parameters into info, where:
2042 * pSerialNumber: The serial number. Must not be NULL.
2043 * pSubjectIssuerBlob: Specifies both the subject and issuer for info.
2045 * pSignatureAlgorithm: Optional.
2046 * pStartTime: The starting time of the certificate. If NULL, the current
2047 * system time is used.
2048 * pEndTime: The ending time of the certificate. If NULL, one year past the
2049 * starting time is used.
2050 * pubKey: The public key of the certificate. Must not be NULL.
2051 * pExtensions: Extensions to be included with the certificate. Optional.
2053 static void CRYPT_MakeCertInfo(PCERT_INFO info, PCRYPT_DATA_BLOB pSerialNumber,
2054 PCERT_NAME_BLOB pSubjectIssuerBlob,
2055 PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime,
2056 PSYSTEMTIME pEndTime, PCERT_PUBLIC_KEY_INFO pubKey,
2057 PCERT_EXTENSIONS pExtensions)
2059 static CHAR oid[] = szOID_RSA_SHA1RSA;
2062 assert(pSerialNumber);
2063 assert(pSubjectIssuerBlob);
2066 info->dwVersion = CERT_V3;
2067 info->SerialNumber.cbData = pSerialNumber->cbData;
2068 info->SerialNumber.pbData = pSerialNumber->pbData;
2069 if (pSignatureAlgorithm)
2070 memcpy(&info->SignatureAlgorithm, pSignatureAlgorithm,
2071 sizeof(info->SignatureAlgorithm));
2074 info->SignatureAlgorithm.pszObjId = oid;
2075 info->SignatureAlgorithm.Parameters.cbData = 0;
2076 info->SignatureAlgorithm.Parameters.pbData = NULL;
2078 info->Issuer.cbData = pSubjectIssuerBlob->cbData;
2079 info->Issuer.pbData = pSubjectIssuerBlob->pbData;
2081 SystemTimeToFileTime(pStartTime, &info->NotBefore);
2083 GetSystemTimeAsFileTime(&info->NotBefore);
2085 SystemTimeToFileTime(pEndTime, &info->NotAfter);
2090 if (FileTimeToSystemTime(&info->NotBefore, &endTime))
2093 SystemTimeToFileTime(&endTime, &info->NotAfter);
2096 info->Subject.cbData = pSubjectIssuerBlob->cbData;
2097 info->Subject.pbData = pSubjectIssuerBlob->pbData;
2098 memcpy(&info->SubjectPublicKeyInfo, pubKey,
2099 sizeof(info->SubjectPublicKeyInfo));
2102 info->cExtension = pExtensions->cExtension;
2103 info->rgExtension = pExtensions->rgExtension;
2107 info->cExtension = 0;
2108 info->rgExtension = NULL;
2112 typedef RPC_STATUS (RPC_ENTRY *UuidCreateFunc)(UUID *);
2113 typedef RPC_STATUS (RPC_ENTRY *UuidToStringFunc)(UUID *, unsigned char **);
2114 typedef RPC_STATUS (RPC_ENTRY *RpcStringFreeFunc)(unsigned char **);
2116 static HCRYPTPROV CRYPT_CreateKeyProv(void)
2118 HCRYPTPROV hProv = 0;
2119 HMODULE rpcrt = LoadLibraryA("rpcrt4");
2123 UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt,
2125 UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt,
2127 RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress(
2128 rpcrt, "RpcStringFreeA");
2130 if (uuidCreate && uuidToString && rpcStringFree)
2133 RPC_STATUS status = uuidCreate(&uuid);
2135 if (status == RPC_S_OK || status == RPC_S_UUID_LOCAL_ONLY)
2137 unsigned char *uuidStr;
2139 status = uuidToString(&uuid, &uuidStr);
2140 if (status == RPC_S_OK)
2142 BOOL ret = CryptAcquireContextA(&hProv, (LPCSTR)uuidStr,
2143 MS_DEF_PROV_A, PROV_RSA_FULL, CRYPT_NEWKEYSET);
2149 ret = CryptGenKey(hProv, AT_SIGNATURE, 0, &key);
2151 CryptDestroyKey(key);
2153 rpcStringFree(&uuidStr);
2162 PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV hProv,
2163 PCERT_NAME_BLOB pSubjectIssuerBlob, DWORD dwFlags,
2164 PCRYPT_KEY_PROV_INFO pKeyProvInfo,
2165 PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime,
2166 PSYSTEMTIME pEndTime, PCERT_EXTENSIONS pExtensions)
2168 PCCERT_CONTEXT context = NULL;
2169 BOOL ret, releaseContext = FALSE;
2170 PCERT_PUBLIC_KEY_INFO pubKey = NULL;
2171 DWORD pubKeySize = 0;
2173 TRACE("(%08lx, %p, %08x, %p, %p, %p, %p, %p)\n", hProv,
2174 pSubjectIssuerBlob, dwFlags, pKeyProvInfo, pSignatureAlgorithm, pStartTime,
2175 pExtensions, pExtensions);
2179 hProv = CRYPT_CreateKeyProv();
2180 releaseContext = TRUE;
2183 CryptExportPublicKeyInfo(hProv, AT_SIGNATURE, X509_ASN_ENCODING, NULL,
2185 pubKey = CryptMemAlloc(pubKeySize);
2188 ret = CryptExportPublicKeyInfo(hProv, AT_SIGNATURE, X509_ASN_ENCODING,
2189 pubKey, &pubKeySize);
2192 CERT_INFO info = { 0 };
2193 CRYPT_DER_BLOB blob = { 0, NULL };
2195 CRYPT_DATA_BLOB serialBlob = { sizeof(serial), serial };
2197 CryptGenRandom(hProv, sizeof(serial), serial);
2198 CRYPT_MakeCertInfo(&info, &serialBlob, pSubjectIssuerBlob,
2199 pSignatureAlgorithm, pStartTime, pEndTime, pubKey, pExtensions);
2200 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
2201 &info, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&blob.pbData,
2205 if (!(dwFlags & CERT_CREATE_SELFSIGN_NO_SIGN))
2206 context = CRYPT_CreateSignedCert(&blob, hProv,
2207 &info.SignatureAlgorithm);
2209 context = CertCreateCertificateContext(X509_ASN_ENCODING,
2210 blob.pbData, blob.cbData);
2211 if (context && !(dwFlags & CERT_CREATE_SELFSIGN_NO_KEY_INFO))
2212 CertContext_SetKeyProvInfo(context, pKeyProvInfo, hProv);
2213 LocalFree(blob.pbData);
2216 CryptMemFree(pubKey);
2219 CryptReleaseContext(hProv, 0);
projects / wine / blob