git.oblomov.eu Git - wine/blob - dlls/crypt32/crl.c

   1 /*
   2  * Copyright 2006 Juan Lang
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  *
  18  */
  19
  20 #include <assert.h>
  21 #include <stdarg.h>
  22 #include "windef.h"
  23 #include "winbase.h"
  24 #include "wincrypt.h"
  25 #include "wine/debug.h"
  26 #include "crypt32_private.h"
  27
  28 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
  29
  30 PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD dwCertEncodingType,
  31  const BYTE* pbCrlEncoded, DWORD cbCrlEncoded)
  32 {
  33     PCRL_CONTEXT crl = NULL;
  34     BOOL ret;
  35     PCRL_INFO crlInfo = NULL;
  36     DWORD size = 0;
  37
  38     TRACE("(%08lx, %p, %ld)\n", dwCertEncodingType, pbCrlEncoded,
  39      cbCrlEncoded);
  40
  41     if ((dwCertEncodingType & CERT_ENCODING_TYPE_MASK) != X509_ASN_ENCODING)
  42     {
  43         SetLastError(E_INVALIDARG);
  44         return NULL;
  45     }
  46     ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT_CRL_TO_BE_SIGNED,
  47      pbCrlEncoded, cbCrlEncoded, CRYPT_DECODE_ALLOC_FLAG, NULL,
  48      (BYTE *)&crlInfo, &size);
  49     if (ret)
  50     {
  51         BYTE *data = NULL;
  52
  53         crl = (PCRL_CONTEXT)Context_CreateDataContext(sizeof(CRL_CONTEXT));
  54         if (!crl)
  55             goto end;
  56         data = CryptMemAlloc(cbCrlEncoded);
  57         if (!data)
  58         {
  59             CryptMemFree(crl);
  60             crl = NULL;
  61             goto end;
  62         }
  63         memcpy(data, pbCrlEncoded, cbCrlEncoded);
  64         crl->dwCertEncodingType = dwCertEncodingType;
  65         crl->pbCrlEncoded       = data;
  66         crl->cbCrlEncoded       = cbCrlEncoded;
  67         crl->pCrlInfo           = crlInfo;
  68         crl->hCertStore         = 0;
  69     }
  70
  71 end:
  72     return (PCCRL_CONTEXT)crl;
  73 }
  74
  75 BOOL WINAPI CertAddEncodedCRLToStore(HCERTSTORE hCertStore,
  76  DWORD dwCertEncodingType, const BYTE *pbCrlEncoded, DWORD cbCrlEncoded,
  77  DWORD dwAddDisposition, PCCRL_CONTEXT *ppCrlContext)
  78 {
  79     PCCRL_CONTEXT crl = CertCreateCRLContext(dwCertEncodingType,
  80      pbCrlEncoded, cbCrlEncoded);
  81     BOOL ret;
  82
  83     TRACE("(%p, %08lx, %p, %ld, %08lx, %p)\n", hCertStore, dwCertEncodingType,
  84      pbCrlEncoded, cbCrlEncoded, dwAddDisposition, ppCrlContext);
  85
  86     if (crl)
  87     {
  88         ret = CertAddCRLContextToStore(hCertStore, crl, dwAddDisposition,
  89          ppCrlContext);
  90         CertFreeCRLContext(crl);
  91     }
  92     else
  93         ret = FALSE;
  94     return ret;
  95 }
  96
  97 typedef BOOL (*CrlCompareFunc)(PCCRL_CONTEXT pCrlContext, DWORD dwType,
  98  DWORD dwFlags, const void *pvPara);
  99
 100 static BOOL compare_crl_any(PCCRL_CONTEXT pCrlContext, DWORD dwType,
 101  DWORD dwFlags, const void *pvPara)
 102 {
 103     return TRUE;
 104 }
 105
 106 static BOOL compare_crl_issued_by(PCCRL_CONTEXT pCrlContext, DWORD dwType,
 107  DWORD dwFlags, const void *pvPara)
 108 {
 109     BOOL ret;
 110
 111     if (pvPara)
 112     {
 113         PCCERT_CONTEXT issuer = (PCCERT_CONTEXT)pvPara;
 114
 115         ret = CertCompareCertificateName(issuer->dwCertEncodingType,
 116          &issuer->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer);
 117     }
 118     else
 119         ret = TRUE;
 120     return ret;
 121 }
 122
 123 static BOOL compare_crl_existing(PCCRL_CONTEXT pCrlContext, DWORD dwType,
 124  DWORD dwFlags, const void *pvPara)
 125 {
 126     BOOL ret;
 127
 128     if (pvPara)
 129     {
 130         PCCRL_CONTEXT crl = (PCCRL_CONTEXT)pvPara;
 131
 132         ret = CertCompareCertificateName(pCrlContext->dwCertEncodingType,
 133          &pCrlContext->pCrlInfo->Issuer, &crl->pCrlInfo->Issuer);
 134     }
 135     else
 136         ret = TRUE;
 137     return ret;
 138 }
 139
 140 PCCRL_CONTEXT WINAPI CertFindCRLInStore(HCERTSTORE hCertStore,
 141  DWORD dwCertEncodingType, DWORD dwFindFlags, DWORD dwFindType,
 142  const void *pvFindPara, PCCRL_CONTEXT pPrevCrlContext)
 143 {
 144     PCCRL_CONTEXT ret;
 145     CrlCompareFunc compare;
 146
 147     TRACE("(%p, %ld, %ld, %ld, %p, %p)\n", hCertStore, dwCertEncodingType,
 148          dwFindFlags, dwFindType, pvFindPara, pPrevCrlContext);
 149
 150     switch (dwFindType)
 151     {
 152     case CRL_FIND_ANY:
 153         compare = compare_crl_any;
 154         break;
 155     case CRL_FIND_ISSUED_BY:
 156         compare = compare_crl_issued_by;
 157         break;
 158     case CRL_FIND_EXISTING:
 159         compare = compare_crl_existing;
 160         break;
 161     default:
 162         FIXME("find type %08lx unimplemented\n", dwFindType);
 163         compare = NULL;
 164     }
 165
 166     if (compare)
 167     {
 168         BOOL matches = FALSE;
 169
 170         ret = pPrevCrlContext;
 171         do {
 172             ret = CertEnumCRLsInStore(hCertStore, ret);
 173             if (ret)
 174                 matches = compare(ret, dwFindType, dwFindFlags, pvFindPara);
 175         } while (ret != NULL && !matches);
 176         if (!ret)
 177             SetLastError(CRYPT_E_NOT_FOUND);
 178     }
 179     else
 180     {
 181         SetLastError(CRYPT_E_NOT_FOUND);
 182         ret = NULL;
 183     }
 184     return ret;
 185 }
 186
 187 PCCRL_CONTEXT WINAPI CertGetCRLFromStore(HCERTSTORE hCertStore,
 188  PCCERT_CONTEXT pIssuerContext, PCCRL_CONTEXT pPrevCrlContext, DWORD *pdwFlags)
 189 {
 190     static const DWORD supportedFlags = CERT_STORE_SIGNATURE_FLAG |
 191      CERT_STORE_TIME_VALIDITY_FLAG | CERT_STORE_BASE_CRL_FLAG |
 192      CERT_STORE_DELTA_CRL_FLAG;
 193     PCCRL_CONTEXT ret;
 194
 195     TRACE("(%p, %p, %p, %08lx)\n", hCertStore, pIssuerContext, pPrevCrlContext,
 196      *pdwFlags);
 197
 198     if (*pdwFlags & ~supportedFlags)
 199     {
 200         SetLastError(E_INVALIDARG);
 201         return NULL;
 202     }
 203     if (pIssuerContext)
 204         ret = CertFindCRLInStore(hCertStore, pIssuerContext->dwCertEncodingType,
 205          0, CRL_FIND_ISSUED_BY, pIssuerContext, pPrevCrlContext);
 206     else
 207         ret = CertFindCRLInStore(hCertStore, 0, 0, CRL_FIND_ANY, NULL,
 208          pPrevCrlContext);
 209     if (ret)
 210     {
 211         if (*pdwFlags & CERT_STORE_TIME_VALIDITY_FLAG)
 212         {
 213             if (0 == CertVerifyCRLTimeValidity(NULL, ret->pCrlInfo))
 214                 *pdwFlags &= ~CERT_STORE_TIME_VALIDITY_FLAG;
 215         }
 216         if (*pdwFlags & CERT_STORE_SIGNATURE_FLAG)
 217         {
 218             if (CryptVerifyCertificateSignatureEx(0, ret->dwCertEncodingType,
 219              CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)ret,
 220              CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)pIssuerContext, 0,
 221              NULL))
 222                 *pdwFlags &= ~CERT_STORE_SIGNATURE_FLAG;
 223         }
 224     }
 225     return ret;
 226 }
 227
 228 PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT pCrlContext)
 229 {
 230     TRACE("(%p)\n", pCrlContext);
 231     Context_AddRef((void *)pCrlContext, sizeof(CRL_CONTEXT));
 232     return pCrlContext;
 233 }
 234
 235 static void CrlDataContext_Free(void *context)
 236 {
 237     PCRL_CONTEXT crlContext = (PCRL_CONTEXT)context;
 238
 239     CryptMemFree(crlContext->pbCrlEncoded);
 240     LocalFree(crlContext->pCrlInfo);
 241 }
 242
 243 BOOL WINAPI CertFreeCRLContext( PCCRL_CONTEXT pCrlContext)
 244 {
 245     TRACE("(%p)\n", pCrlContext);
 246
 247     if (pCrlContext)
 248         Context_Release((void *)pCrlContext, sizeof(CRL_CONTEXT),
 249          CrlDataContext_Free);
 250     return TRUE;
 251 }
 252
 253 DWORD WINAPI CertEnumCRLContextProperties(PCCRL_CONTEXT pCRLContext,
 254  DWORD dwPropId)
 255 {
 256     PCONTEXT_PROPERTY_LIST properties = Context_GetProperties(
 257      (void *)pCRLContext, sizeof(CRL_CONTEXT));
 258     DWORD ret;
 259
 260     TRACE("(%p, %ld)\n", pCRLContext, dwPropId);
 261
 262     if (properties)
 263         ret = ContextPropertyList_EnumPropIDs(properties, dwPropId);
 264     else
 265         ret = 0;
 266     return ret;
 267 }
 268
 269 static BOOL WINAPI CRLContext_SetProperty(void *context, DWORD dwPropId,
 270  DWORD dwFlags, const void *pvData);
 271
 272 static BOOL CRLContext_GetHashProp(void *context, DWORD dwPropId,
 273  ALG_ID algID, const BYTE *toHash, DWORD toHashLen, void *pvData,
 274  DWORD *pcbData)
 275 {
 276     BOOL ret = CryptHashCertificate(0, algID, 0, toHash, toHashLen, pvData,
 277      pcbData);
 278     if (ret)
 279     {
 280         CRYPT_DATA_BLOB blob = { *pcbData, pvData };
 281
 282         ret = CRLContext_SetProperty(context, dwPropId, 0, &blob);
 283     }
 284     return ret;
 285 }
 286
 287 static BOOL WINAPI CRLContext_GetProperty(void *context, DWORD dwPropId,
 288  void *pvData, DWORD *pcbData)
 289 {
 290     PCCRL_CONTEXT pCRLContext = (PCCRL_CONTEXT)context;
 291     PCONTEXT_PROPERTY_LIST properties =
 292      Context_GetProperties(context, sizeof(CRL_CONTEXT));
 293     BOOL ret;
 294     CRYPT_DATA_BLOB blob;
 295
 296     TRACE("(%p, %ld, %p, %p)\n", context, dwPropId, pvData, pcbData);
 297
 298     if (properties)
 299         ret = ContextPropertyList_FindProperty(properties, dwPropId, &blob);
 300     else
 301         ret = FALSE;
 302     if (ret)
 303     {
 304         if (!pvData)
 305         {
 306             *pcbData = blob.cbData;
 307             ret = TRUE;
 308         }
 309         else if (*pcbData < blob.cbData)
 310         {
 311             SetLastError(ERROR_MORE_DATA);
 312             *pcbData = blob.cbData;
 313         }
 314         else
 315         {
 316             memcpy(pvData, blob.pbData, blob.cbData);
 317             *pcbData = blob.cbData;
 318             ret = TRUE;
 319         }
 320     }
 321     else
 322     {
 323         /* Implicit properties */
 324         switch (dwPropId)
 325         {
 326         case CERT_SHA1_HASH_PROP_ID:
 327             ret = CRLContext_GetHashProp(context, dwPropId, CALG_SHA1,
 328              pCRLContext->pbCrlEncoded, pCRLContext->cbCrlEncoded, pvData,
 329              pcbData);
 330             break;
 331         case CERT_MD5_HASH_PROP_ID:
 332             ret = CRLContext_GetHashProp(context, dwPropId, CALG_MD5,
 333              pCRLContext->pbCrlEncoded, pCRLContext->cbCrlEncoded, pvData,
 334              pcbData);
 335             break;
 336         default:
 337             SetLastError(CRYPT_E_NOT_FOUND);
 338         }
 339     }
 340     TRACE("returning %d\n", ret);
 341     return ret;
 342 }
 343
 344 BOOL WINAPI CertGetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
 345  DWORD dwPropId, void *pvData, DWORD *pcbData)
 346 {
 347     BOOL ret;
 348
 349     TRACE("(%p, %ld, %p, %p)\n", pCRLContext, dwPropId, pvData, pcbData);
 350
 351     switch (dwPropId)
 352     {
 353     case 0:
 354     case CERT_CERT_PROP_ID:
 355     case CERT_CRL_PROP_ID:
 356     case CERT_CTL_PROP_ID:
 357         SetLastError(E_INVALIDARG);
 358         ret = FALSE;
 359         break;
 360     case CERT_ACCESS_STATE_PROP_ID:
 361         if (!pvData)
 362         {
 363             *pcbData = sizeof(DWORD);
 364             ret = TRUE;
 365         }
 366         else if (*pcbData < sizeof(DWORD))
 367         {
 368             SetLastError(ERROR_MORE_DATA);
 369             *pcbData = sizeof(DWORD);
 370             ret = FALSE;
 371         }
 372         else
 373         {
 374             *(DWORD *)pvData =
 375              CertStore_GetAccessState(pCRLContext->hCertStore);
 376             ret = TRUE;
 377         }
 378         break;
 379     default:
 380         ret = CRLContext_GetProperty((void *)pCRLContext, dwPropId, pvData,
 381          pcbData);
 382     }
 383     return ret;
 384 }
 385
 386 static BOOL WINAPI CRLContext_SetProperty(void *context, DWORD dwPropId,
 387  DWORD dwFlags, const void *pvData)
 388 {
 389     PCONTEXT_PROPERTY_LIST properties =
 390      Context_GetProperties(context, sizeof(CERT_CONTEXT));
 391     BOOL ret;
 392
 393     TRACE("(%p, %ld, %08lx, %p)\n", context, dwPropId, dwFlags, pvData);
 394
 395     if (!properties)
 396         ret = FALSE;
 397     else if (!pvData)
 398     {
 399         ContextPropertyList_RemoveProperty(properties, dwPropId);
 400         ret = TRUE;
 401     }
 402     else
 403     {
 404         switch (dwPropId)
 405         {
 406         case CERT_AUTO_ENROLL_PROP_ID:
 407         case CERT_CTL_USAGE_PROP_ID: /* same as CERT_ENHKEY_USAGE_PROP_ID */
 408         case CERT_DESCRIPTION_PROP_ID:
 409         case CERT_FRIENDLY_NAME_PROP_ID:
 410         case CERT_HASH_PROP_ID:
 411         case CERT_KEY_IDENTIFIER_PROP_ID:
 412         case CERT_MD5_HASH_PROP_ID:
 413         case CERT_NEXT_UPDATE_LOCATION_PROP_ID:
 414         case CERT_PUBKEY_ALG_PARA_PROP_ID:
 415         case CERT_PVK_FILE_PROP_ID:
 416         case CERT_SIGNATURE_HASH_PROP_ID:
 417         case CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID:
 418         case CERT_SUBJECT_NAME_MD5_HASH_PROP_ID:
 419         case CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID:
 420         case CERT_ENROLLMENT_PROP_ID:
 421         case CERT_CROSS_CERT_DIST_POINTS_PROP_ID:
 422         case CERT_RENEWAL_PROP_ID:
 423         {
 424             PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvData;
 425
 426             ret = ContextPropertyList_SetProperty(properties, dwPropId,
 427              blob->pbData, blob->cbData);
 428             break;
 429         }
 430         case CERT_DATE_STAMP_PROP_ID:
 431             ret = ContextPropertyList_SetProperty(properties, dwPropId,
 432              (LPBYTE)pvData, sizeof(FILETIME));
 433             break;
 434         default:
 435             FIXME("%ld: stub\n", dwPropId);
 436             ret = FALSE;
 437         }
 438     }
 439     TRACE("returning %d\n", ret);
 440     return ret;
 441 }
 442
 443 BOOL WINAPI CertSetCRLContextProperty(PCCRL_CONTEXT pCRLContext,
 444  DWORD dwPropId, DWORD dwFlags, const void *pvData)
 445 {
 446     BOOL ret;
 447
 448     TRACE("(%p, %ld, %08lx, %p)\n", pCRLContext, dwPropId, dwFlags, pvData);
 449
 450     /* Handle special cases for "read-only"/invalid prop IDs.  Windows just
 451      * crashes on most of these, I'll be safer.
 452      */
 453     switch (dwPropId)
 454     {
 455     case 0:
 456     case CERT_ACCESS_STATE_PROP_ID:
 457     case CERT_CERT_PROP_ID:
 458     case CERT_CRL_PROP_ID:
 459     case CERT_CTL_PROP_ID:
 460         SetLastError(E_INVALIDARG);
 461         return FALSE;
 462     }
 463     ret = CRLContext_SetProperty((void *)pCRLContext, dwPropId, dwFlags,
 464      pvData);
 465     TRACE("returning %d\n", ret);
 466     return ret;
 467 }
 468
 469 BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert,
 470  PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved)
 471 {
 472     TRACE("(%p, %p, %08lx, %p)\n", pCert, pCrl, dwFlags, pvReserved);
 473     return TRUE;
 474 }
 475
 476 static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, PCRL_INFO crl)
 477 {
 478     DWORD i;
 479     PCRL_ENTRY entry = NULL;
 480
 481     for (i = 0; !entry && i < crl->cCRLEntry; i++)
 482         if (CertCompareIntegerBlob(&crl->rgCRLEntry[i].SerialNumber,
 483          &cert->SerialNumber))
 484             entry = &crl->rgCRLEntry[i];
 485     return entry;
 486 }
 487
 488 BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT pCert,
 489  PCCRL_CONTEXT pCrlContext, DWORD dwFlags, void *pvReserved,
 490  PCRL_ENTRY *ppCrlEntry)
 491 {
 492     TRACE("(%p, %p, %08lx, %p, %p)\n", pCert, pCrlContext, dwFlags, pvReserved,
 493      ppCrlEntry);
 494
 495     *ppCrlEntry = CRYPT_FindCertificateInCRL(pCert->pCertInfo,
 496      pCrlContext->pCrlInfo);
 497     return TRUE;
 498 }
 499
 500 BOOL WINAPI CertVerifyCRLRevocation(DWORD dwCertEncodingType,
 501  PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO rgpCrlInfo[])
 502 {
 503     DWORD i;
 504     PCRL_ENTRY entry = NULL;
 505
 506     TRACE("(%08lx, %p, %ld, %p)\n", dwCertEncodingType, pCertId, cCrlInfo,
 507      rgpCrlInfo);
 508
 509     for (i = 0; !entry && i < cCrlInfo; i++)
 510         entry = CRYPT_FindCertificateInCRL(pCertId, rgpCrlInfo[i]);
 511     return entry == NULL;
 512 }
 513
 514 LONG WINAPI CertVerifyCRLTimeValidity(LPFILETIME pTimeToVerify,
 515  PCRL_INFO pCrlInfo)
 516 {
 517     FILETIME fileTime;
 518     LONG ret;
 519
 520     if (!pTimeToVerify)
 521     {
 522         SYSTEMTIME sysTime;
 523
 524         GetSystemTime(&sysTime);
 525         SystemTimeToFileTime(&sysTime, &fileTime);
 526         pTimeToVerify = &fileTime;
 527     }
 528     if ((ret = CompareFileTime(pTimeToVerify, &pCrlInfo->ThisUpdate)) >= 0)
 529     {
 530         ret = CompareFileTime(pTimeToVerify, &pCrlInfo->NextUpdate);
 531         if (ret < 0)
 532             ret = 0;
 533     }
 534     return ret;
 535 }