From c0b4dd453d5a28427a7251b31bac6e9390d7bf39 Mon Sep 17 00:00:00 2001 From: Joachim Henze Date: Wed, 2 Feb 2022 22:20:49 +0100 Subject: [PATCH] [0.4.7][BCRYPT][CRYPT32][PSDK] Add ECDSA P256 to known algorithms CORE-16741 Add missing structs and handler in BCryptOpenAlgorithmProvider(). Fixes CORE-16741 and similar problems. The modern internet is not waiting for ReactOS, needed to keep the RAPPS URLs working. fix picked from: 0.4.15-dev-3603-g e0a47b7b5ffc7d8dd5b883875200b56cec8ef923 [BCRYPT] Add BCRYPT_ECDSA_P256_ALGORITHM To make this work, we need to sync CRYPT32 to WineStaging-3.3, picked that from: 0.4.9-dev-214-g a8b9a43ae817ea1bee11a766b57fda76400505cb [PSDK] Fix the build for msvc 2010. wincrypt.h 0.4.9-dev-208-g dedd08c38d34f3bc380dfbd734c66a1d8453fda7 [PSDK] Fix wide string literals in bcrypt.h. Should fix VC2010 build 0.4.9-dev-207-g a6265fc4b07bcb2b95c0ab901e371f6fd616efc7 [BCRYPT] Improve stubs for functions needed by crypt32 aka fix build 0.4.9-dev-194-g a6e1034289e78bab3fcb153b54bccaf164688d38 [CRYPT32] Sync with Wine Staging 3.3 0.4.9-dev-193-g e12999505856817879a248108f1ddf34f08d5c4f [PSDK] Update bcrypt.h and wincrypt.h --- dll/win32/bcrypt/bcrypt.spec | 6 +- dll/win32/bcrypt/bcrypt_main.c | 7 +- dll/win32/crypt32/CMakeLists.txt | 6 +- dll/win32/crypt32/base64.c | 8 +- dll/win32/crypt32/cert.c | 307 ++++++++++++++++++++++++++-- dll/win32/crypt32/chain.c | 33 ++- dll/win32/crypt32/collectionstore.c | 7 +- dll/win32/crypt32/context.c | 7 +- dll/win32/crypt32/crl.c | 8 + dll/win32/crypt32/crypt32.rc | 2 +- dll/win32/crypt32/crypt32.spec | 1 + dll/win32/crypt32/crypt32_private.h | 35 +--- dll/win32/crypt32/cryptres.h | 3 +- dll/win32/crypt32/ctl.c | 7 + dll/win32/crypt32/decode.c | 241 +++++++++++++++++++--- dll/win32/crypt32/encode.c | 17 ++ dll/win32/crypt32/filestore.c | 8 +- dll/win32/crypt32/main.c | 11 +- dll/win32/crypt32/message.c | 7 +- dll/win32/crypt32/msg.c | 15 +- dll/win32/crypt32/object.c | 14 +- dll/win32/crypt32/oid.c | 32 +++ dll/win32/crypt32/precomp.h | 40 ++++ dll/win32/crypt32/proplist.c | 8 +- dll/win32/crypt32/protectdata.c | 10 +- dll/win32/crypt32/provstore.c | 7 + dll/win32/crypt32/regstore.c | 11 +- dll/win32/crypt32/rootstore.c | 15 +- dll/win32/crypt32/serialize.c | 9 + dll/win32/crypt32/sip.c | 14 +- dll/win32/crypt32/store.c | 22 +- dll/win32/crypt32/str.c | 11 +- media/doc/README.WINE | 2 +- sdk/include/psdk/bcrypt.h | 96 +++++++++ sdk/include/psdk/wincrypt.h | 68 ++++++ 35 files changed, 973 insertions(+), 122 deletions(-) create mode 100644 dll/win32/crypt32/precomp.h diff --git a/dll/win32/bcrypt/bcrypt.spec b/dll/win32/bcrypt/bcrypt.spec index e299fe0cce8..b7bde3a0df9 100644 --- a/dll/win32/bcrypt/bcrypt.spec +++ b/dll/win32/bcrypt/bcrypt.spec @@ -9,7 +9,7 @@ @ stub BCryptDeleteContext @ stub BCryptDeriveKey @ stdcall BCryptDestroyHash(ptr) -@ stub BCryptDestroyKey +@ stdcall -stub BCryptDestroyKey(ptr) @ stub BCryptDestroySecret @ stub BCryptDuplicateHash @ stub BCryptDuplicateKey @@ -32,7 +32,7 @@ @ stdcall BCryptHash(ptr ptr long ptr long ptr long) @ stdcall BCryptHashData(ptr ptr long long) @ stub BCryptImportKey -@ stub BCryptImportKeyPair +@ stdcall -stub BCryptImportKeyPair(ptr ptr wstr ptr ptr long long) @ stdcall BCryptOpenAlgorithmProvider(ptr wstr wstr long) @ stub BCryptQueryContextConfiguration @ stub BCryptQueryContextFunctionConfiguration @@ -50,7 +50,7 @@ @ stub BCryptSignHash @ stub BCryptUnregisterConfigChangeNotify @ stub BCryptUnregisterProvider -@ stub BCryptVerifySignature +@ stdcall -stub BCryptVerifySignature(ptr ptr ptr long ptr long long) @ stub GetAsymmetricEncryptionInterface @ stub GetCipherInterface @ stub GetHashInterface diff --git a/dll/win32/bcrypt/bcrypt_main.c b/dll/win32/bcrypt/bcrypt_main.c index 14523136440..042e906bb7d 100644 --- a/dll/win32/bcrypt/bcrypt_main.c +++ b/dll/win32/bcrypt/bcrypt_main.c @@ -266,7 +266,8 @@ enum alg_id ALG_ID_SHA1, ALG_ID_SHA256, ALG_ID_SHA384, - ALG_ID_SHA512 + ALG_ID_SHA512, + ALG_ID_ECDSA_P256 }; static const struct { @@ -278,7 +279,8 @@ static const struct { /* ALG_ID_SHA1 */ { 20, BCRYPT_SHA1_ALGORITHM }, /* ALG_ID_SHA256 */ { 32, BCRYPT_SHA256_ALGORITHM }, /* ALG_ID_SHA384 */ { 48, BCRYPT_SHA384_ALGORITHM }, - /* ALG_ID_SHA512 */ { 64, BCRYPT_SHA512_ALGORITHM } + /* ALG_ID_SHA512 */ { 64, BCRYPT_SHA512_ALGORITHM }, + /* ALG_ID_ECDSA_P256 */ { 0, BCRYPT_ECDSA_P256_ALGORITHM } }; struct algorithm @@ -351,6 +353,7 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256; else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384; else if (!strcmpW( id, BCRYPT_SHA512_ALGORITHM )) alg_id = ALG_ID_SHA512; + else if (!strcmpW( id, BCRYPT_ECDSA_P256_ALGORITHM )) alg_id = ALG_ID_ECDSA_P256; else { FIXME( "algorithm %s not supported\n", debugstr_w(id) ); diff --git a/dll/win32/crypt32/CMakeLists.txt b/dll/win32/crypt32/CMakeLists.txt index 11539f7e073..6bef4c7af9a 100644 --- a/dll/win32/crypt32/CMakeLists.txt +++ b/dll/win32/crypt32/CMakeLists.txt @@ -35,7 +35,7 @@ list(APPEND SOURCE sip.c store.c str.c - crypt32_private.h) + precomp.h) add_library(crypt32 SHARED ${SOURCE} @@ -46,6 +46,6 @@ add_library(crypt32 SHARED set_module_type(crypt32 win32dll) target_link_libraries(crypt32 wine ${PSEH_LIB} oldnames) add_delay_importlibs(crypt32 cryptnet) -add_importlibs(crypt32 user32 advapi32 advapi32_vista msvcrt kernel32 ntdll) -add_pch(crypt32 crypt32_private.h SOURCE) +add_importlibs(crypt32 bcrypt user32 advapi32 advapi32_vista msvcrt kernel32 ntdll) +add_pch(crypt32 precomp.h SOURCE) add_cd_file(TARGET crypt32 DESTINATION reactos/system32 FOR all) diff --git a/dll/win32/crypt32/base64.c b/dll/win32/crypt32/base64.c index d3c6ecf52b5..4a904d41cc2 100644 --- a/dll/win32/crypt32/base64.c +++ b/dll/win32/crypt32/base64.c @@ -19,7 +19,13 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ -#include "crypt32_private.h" +#include +#include "windef.h" +#include "winbase.h" +#include "winerror.h" +#include "wincrypt.h" +#include "wine/debug.h" +#include "wine/unicode.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/cert.c b/dll/win32/crypt32/cert.c index 0cf885b20b2..e379dc8a03b 100644 --- a/dll/win32/crypt32/cert.c +++ b/dll/win32/crypt32/cert.c @@ -17,9 +17,23 @@ * */ -#include "crypt32_private.h" +#include +#include -#include +#define NONAMELESSUNION +#include "ntstatus.h" +#define WIN32_NO_STATUS +#include "windef.h" +#include "winbase.h" +#include "wine/winternl.h" +#define CRYPT_OID_INFO_HAS_EXTRA_FIELDS +#include "wincrypt.h" +#include "bcrypt.h" +#include "winnls.h" +#include "rpc.h" +#include "wine/debug.h" +#include "wine/unicode.h" +#include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); @@ -1875,7 +1889,7 @@ PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore, CertFreeCertificateContext(ret); ret = NULL; } - if (CRYPT_IsCertificateSelfSigned(pSubjectContext)) + if (CRYPT_IsCertificateSelfSigned(pSubjectContext, NULL)) { CertFreeCertificateContext(ret); ret = NULL; @@ -2400,36 +2414,29 @@ BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV_LEGACY hCryptProv, CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL); } -static BOOL CRYPT_VerifyCertSignatureFromPublicKeyInfo(HCRYPTPROV_LEGACY hCryptProv, - DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo, - const CERT_SIGNED_CONTENT_INFO *signedCert) +static BOOL verify_signature_crypt(HCRYPTPROV_LEGACY hCryptProv, + DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo, + const CERT_SIGNED_CONTENT_INFO *signedCert, PCCRYPT_OID_INFO info) { - BOOL ret; - HCRYPTKEY key; - PCCRYPT_OID_INFO info; ALG_ID pubKeyID, hashID; + HCRYPTHASH hash; + HCRYPTKEY key; + BOOL ret; - info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY, - signedCert->SignatureAlgorithm.pszObjId, 0); - if (!info || info->dwGroupId != CRYPT_SIGN_ALG_OID_GROUP_ID) - { - SetLastError(NTE_BAD_ALGID); - return FALSE; - } hashID = info->u.Algid; if (info->ExtraInfo.cbData >= sizeof(ALG_ID)) pubKeyID = *(ALG_ID *)info->ExtraInfo.pbData; else pubKeyID = hashID; + /* Load the default provider if necessary */ if (!hCryptProv) hCryptProv = CRYPT_GetDefaultProvider(); + ret = CryptImportPublicKeyInfoEx(hCryptProv, dwCertEncodingType, pubKeyInfo, pubKeyID, 0, NULL, &key); if (ret) { - HCRYPTHASH hash; - ret = CryptCreateHash(hCryptProv, hashID, 0, 0, &hash); if (ret) { @@ -2445,6 +2452,270 @@ static BOOL CRYPT_VerifyCertSignatureFromPublicKeyInfo(HCRYPTPROV_LEGACY hCryptP return ret; } +static BOOL calculate_hash_bcrypt(const WCHAR *algorithm, + const CERT_SIGNED_CONTENT_INFO *signedCert, BYTE **hash_value, DWORD *hash_len) +{ + BCRYPT_HASH_HANDLE hash = NULL; + BCRYPT_ALG_HANDLE alg = NULL; + NTSTATUS status; + DWORD size; + BOOL ret = FALSE; + + if ((status = BCryptOpenAlgorithmProvider(&alg, algorithm, NULL, 0))) + goto done; + + if ((status = BCryptCreateHash(alg, &hash, NULL, 0, NULL, 0, 0))) + goto done; + + if ((status = BCryptHashData(hash, signedCert->ToBeSigned.pbData, signedCert->ToBeSigned.cbData, 0))) + goto done; + + if ((status = BCryptGetProperty(hash, BCRYPT_HASH_LENGTH, (BYTE *)hash_len, sizeof(*hash_len), &size, 0))) + goto done; + + if (!(*hash_value = CryptMemAlloc(*hash_len))) + { + status = STATUS_NO_MEMORY; + goto done; + } + + if ((status = BCryptFinishHash(hash, *hash_value, *hash_len, 0))) + { + CryptMemFree(*hash_value); + goto done; + } + + ret = TRUE; + +done: + if (hash) BCryptDestroyHash(hash); + if (alg) BCryptCloseAlgorithmProvider(alg, 0); + if (status) SetLastError(RtlNtStatusToDosError(status)); + return ret; +} + +static BOOL import_bcrypt_pubkey_ecc(PCERT_PUBLIC_KEY_INFO pubKeyInfo, BCRYPT_KEY_HANDLE *key) +{ + DWORD blob_magic, ecckey_len, size; + NTSTATUS status = STATUS_SUCCESS; + BCRYPT_ECCKEY_BLOB *ecckey; + const WCHAR *sign_algo; + BCRYPT_ALG_HANDLE alg; + LPSTR *ecc_curve; + + if (!pubKeyInfo->PublicKey.cbData) + { + SetLastError(NTE_BAD_ALGID); + return FALSE; + } + + if (pubKeyInfo->PublicKey.pbData[0] != 0x4) + { + FIXME("Compressed ECC curves (%02x) not yet supported\n", pubKeyInfo->PublicKey.pbData[0]); + SetLastError(NTE_BAD_ALGID); + return FALSE; + } + + if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_OBJECT_IDENTIFIER, + pubKeyInfo->Algorithm.Parameters.pbData, + pubKeyInfo->Algorithm.Parameters.cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, &ecc_curve, &size)) + return FALSE; + + if (!strcmp(*ecc_curve, szOID_ECC_CURVE_P256)) + { + sign_algo = BCRYPT_ECDSA_P256_ALGORITHM; + blob_magic = BCRYPT_ECDSA_PUBLIC_P256_MAGIC; + } + else if(!strcmp(*ecc_curve, szOID_ECC_CURVE_P384)) + { + sign_algo = BCRYPT_ECDSA_P384_ALGORITHM; + blob_magic = BCRYPT_ECDSA_PUBLIC_P384_MAGIC; + } + else + { + FIXME("Unsupported ecc curve type: %s\n", *ecc_curve); + sign_algo = NULL; + blob_magic = 0; + } + LocalFree(ecc_curve); + + if (!sign_algo) + { + SetLastError(NTE_BAD_ALGID); + return FALSE; + } + + if ((status = BCryptOpenAlgorithmProvider(&alg, sign_algo, NULL, 0))) + { + SetLastError(RtlNtStatusToDosError(status)); + return FALSE; + } + + ecckey_len = sizeof(BCRYPT_ECCKEY_BLOB) + pubKeyInfo->PublicKey.cbData - 1; + if (!(ecckey = CryptMemAlloc(ecckey_len))) + { + BCryptCloseAlgorithmProvider(alg, 0); + SetLastError(ERROR_OUTOFMEMORY); + return FALSE; + } + + ecckey->dwMagic = blob_magic; + ecckey->cbKey = (pubKeyInfo->PublicKey.cbData - 1) / 2; + memcpy(ecckey + 1, pubKeyInfo->PublicKey.pbData + 1, pubKeyInfo->PublicKey.cbData - 1); + + status = BCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, key, (BYTE*)ecckey, ecckey_len, 0); + BCryptCloseAlgorithmProvider(alg, 0); + if (status) + { + SetLastError(RtlNtStatusToDosError(status)); + return FALSE; + } + + return TRUE; +} + +static BOOL import_bcrypt_pubkey(PCERT_PUBLIC_KEY_INFO pubKeyInfo, BCRYPT_KEY_HANDLE *key) +{ + if (!strcmp(pubKeyInfo->Algorithm.pszObjId, szOID_ECC_PUBLIC_KEY)) + return import_bcrypt_pubkey_ecc(pubKeyInfo, key); + + FIXME("Unsupported public key type: %s\n", debugstr_a(pubKeyInfo->Algorithm.pszObjId)); + SetLastError(NTE_BAD_ALGID); + return FALSE; +} + +static BOOL prepare_bcrypt_signature_ecc(BYTE *encoded_sig, DWORD encoded_size, + BYTE **sig_value, DWORD *sig_len) +{ + CERT_ECC_SIGNATURE *ecc_sig; + DWORD size; + int i; + + if (!CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ECC_SIGNATURE, + encoded_sig, encoded_size, + CRYPT_DECODE_ALLOC_FLAG, NULL, &ecc_sig, &size)) + return FALSE; + + if (!ecc_sig->r.cbData || !ecc_sig->s.cbData) + { + LocalFree(ecc_sig); + SetLastError(ERROR_INVALID_DATA); + return FALSE; + } + + *sig_len = ecc_sig->r.cbData + ecc_sig->s.cbData; + if (!(*sig_value = CryptMemAlloc(*sig_len))) + { + LocalFree(ecc_sig); + SetLastError(ERROR_OUTOFMEMORY); + return FALSE; + } + + for (i = 0; i < ecc_sig->r.cbData; i++) + (*sig_value)[i] = ecc_sig->r.pbData[ecc_sig->r.cbData - i - 1]; + for (i = 0; i < ecc_sig->s.cbData; i++) + (*sig_value)[ecc_sig->r.cbData + i] = ecc_sig->s.pbData[ecc_sig->s.cbData - i - 1]; + + LocalFree(ecc_sig); + return TRUE; +} + +static BOOL prepare_bcrypt_signature(PCERT_PUBLIC_KEY_INFO pubKeyInfo, + const CERT_SIGNED_CONTENT_INFO *signedCert, BYTE **sig_value, DWORD *sig_len) +{ + BYTE *encoded_sig; + BOOL ret = FALSE; + int i; + + if (!signedCert->Signature.cbData) + { + SetLastError(ERROR_INVALID_DATA); + return FALSE; + } + + if (!(encoded_sig = CryptMemAlloc(signedCert->Signature.cbData))) + { + SetLastError(ERROR_OUTOFMEMORY); + return FALSE; + } + + for (i = 0; i < signedCert->Signature.cbData; i++) + encoded_sig[i] = signedCert->Signature.pbData[signedCert->Signature.cbData - i - 1]; + + if (!strcmp(pubKeyInfo->Algorithm.pszObjId, szOID_ECC_PUBLIC_KEY)) + ret = prepare_bcrypt_signature_ecc(encoded_sig, signedCert->Signature.cbData, sig_value, sig_len); + else + { + FIXME("Unsupported public key type: %s\n", debugstr_a(pubKeyInfo->Algorithm.pszObjId)); + SetLastError(NTE_BAD_ALGID); + } + + CryptMemFree(encoded_sig); + return ret; +} + +static BOOL verify_signature_bcrypt(HCRYPTPROV_LEGACY hCryptProv, + DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo, + const CERT_SIGNED_CONTENT_INFO *signedCert, PCCRYPT_OID_INFO info) +{ + BCRYPT_KEY_HANDLE key = NULL; + BYTE *hash_value, *sig_value; + DWORD hash_len, sig_len; + NTSTATUS status; + + if (!calculate_hash_bcrypt(info->pwszCNGAlgid, signedCert, &hash_value, &hash_len)) + return FALSE; + + if (!import_bcrypt_pubkey(pubKeyInfo, &key)) + { + CryptMemFree(hash_value); + return FALSE; + } + + if (!prepare_bcrypt_signature(pubKeyInfo, signedCert, &sig_value, &sig_len)) + { + CryptMemFree(hash_value); + BCryptDestroyKey(key); + return FALSE; + } + + status = BCryptVerifySignature(key, NULL, hash_value, hash_len, sig_value, sig_len, 0); + + BCryptDestroyKey(key); + CryptMemFree(hash_value); + CryptMemFree(sig_value); + + if (status) + { + FIXME("Failed to verify signature: %08x\n", status); + SetLastError(RtlNtStatusToDosError(status)); + return FALSE; + } + + return TRUE; +} + +static BOOL CRYPT_VerifyCertSignatureFromPublicKeyInfo(HCRYPTPROV_LEGACY hCryptProv, + DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo, + const CERT_SIGNED_CONTENT_INFO *signedCert) +{ + PCCRYPT_OID_INFO info; + + info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY, + signedCert->SignatureAlgorithm.pszObjId, 0); + if (!info || info->dwGroupId != CRYPT_SIGN_ALG_OID_GROUP_ID) + { + SetLastError(NTE_BAD_ALGID); + return FALSE; + } + + if (info->u.Algid == CALG_OID_INFO_CNG_ONLY) + return verify_signature_bcrypt(hCryptProv, dwCertEncodingType, pubKeyInfo, signedCert, info); + else + return verify_signature_crypt(hCryptProv, dwCertEncodingType, pubKeyInfo, signedCert, info); +} + BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject, DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved) diff --git a/dll/win32/crypt32/chain.c b/dll/win32/crypt32/chain.c index 45bb8f3a42a..89a8ddb95f4 100644 --- a/dll/win32/crypt32/chain.c +++ b/dll/win32/crypt32/chain.c @@ -16,11 +16,18 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA * */ - +#include +#define NONAMELESSUNION +#include "windef.h" +#include "winbase.h" +#define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS +#define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS +#include "wincrypt.h" +#include "wininet.h" +#include "wine/debug.h" +#include "wine/unicode.h" #include "crypt32_private.h" -#include - WINE_DEFAULT_DEBUG_CHANNEL(crypt); WINE_DECLARE_DEBUG_CHANNEL(chain); @@ -258,7 +265,7 @@ typedef struct _CertificateChain LONG ref; } CertificateChain; -BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) +BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert, DWORD *type) { PCERT_EXTENSION ext; DWORD size; @@ -293,6 +300,7 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) &directoryName->u.DirectoryName, &cert->pCertInfo->Issuer) && CertCompareIntegerBlob(&info->AuthorityCertSerialNumber, &cert->pCertInfo->SerialNumber); + if (type) *type = CERT_TRUST_HAS_NAME_MATCH_ISSUER; } else { @@ -314,6 +322,7 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) CERT_KEY_IDENTIFIER_PROP_ID, buf, &size); ret = !memcmp(buf, info->KeyId.pbData, size); CryptMemFree(buf); + if (type) *type = CERT_TRUST_HAS_KEY_MATCH_ISSUER; } else ret = FALSE; @@ -341,6 +350,7 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) &info->CertIssuer, &cert->pCertInfo->Issuer) && CertCompareIntegerBlob(&info->CertSerialNumber, &cert->pCertInfo->SerialNumber); + if (type) *type = CERT_TRUST_HAS_NAME_MATCH_ISSUER; } else if (info->KeyId.cbData) { @@ -356,6 +366,7 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) CERT_KEY_IDENTIFIER_PROP_ID, buf, &size); ret = !memcmp(buf, info->KeyId.pbData, size); CryptMemFree(buf); + if (type) *type = CERT_TRUST_HAS_KEY_MATCH_ISSUER; } else ret = FALSE; @@ -369,8 +380,11 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) } } else + { ret = CertCompareCertificateName(cert->dwCertEncodingType, &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer); + if (type) *type = CERT_TRUST_HAS_NAME_MATCH_ISSUER; + } return ret; } @@ -1313,7 +1327,7 @@ static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain) * constraints checked unless they're the end cert. */ if (j == 0 || !CRYPT_IsCertificateSelfSigned( - chain->rgpElement[j]->pCertContext)) + chain->rgpElement[j]->pCertContext, NULL)) { CRYPT_CheckNameConstraints(nameConstraints, chain->rgpElement[j]->pCertContext->pCertInfo, @@ -1886,6 +1900,7 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine, int i; BOOL pathLengthConstraintViolated = FALSE; CERT_BASIC_CONSTRAINTS2_INFO constraints = { FALSE, FALSE, 0 }; + DWORD type; TRACE_(chain)("checking chain with %d elements for time %s\n", chain->cElement, filetime_to_str(time)); @@ -1897,7 +1912,7 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine, dump_element(chain->rgpElement[i]->pCertContext); if (i == chain->cElement - 1) isRoot = CRYPT_IsCertificateSelfSigned( - chain->rgpElement[i]->pCertContext); + chain->rgpElement[i]->pCertContext, NULL); else isRoot = FALSE; if (!CRYPT_IsCertVersionValid(chain->rgpElement[i]->pCertContext)) @@ -1973,10 +1988,10 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine, } CRYPT_CheckChainNameConstraints(chain); CRYPT_CheckChainPolicies(chain); - if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext)) + if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext, &type)) { rootElement->TrustStatus.dwInfoStatus |= - CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER; + CERT_TRUST_IS_SELF_SIGNED | type; CRYPT_CheckRootCert(engine->hRoot, rootElement); } CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus); @@ -2188,7 +2203,7 @@ static BOOL CRYPT_BuildSimpleChain(const CertificateChainEngine *engine, PCCERT_CONTEXT cert = chain->rgpElement[chain->cElement - 1]->pCertContext; while (ret && !CRYPT_IsSimpleChainCyclic(chain) && - !CRYPT_IsCertificateSelfSigned(cert)) + !CRYPT_IsCertificateSelfSigned(cert, NULL)) { PCCERT_CONTEXT issuer = CRYPT_GetIssuer(engine, world, cert, NULL, flags, &chain->rgpElement[chain->cElement - 1]->TrustStatus.dwInfoStatus); diff --git a/dll/win32/crypt32/collectionstore.c b/dll/win32/crypt32/collectionstore.c index b0cdd7de34f..2c2398d7455 100644 --- a/dll/win32/crypt32/collectionstore.c +++ b/dll/win32/crypt32/collectionstore.c @@ -15,7 +15,11 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ - +#include +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "wine/debug.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); @@ -160,7 +164,6 @@ static context_t *CRYPT_CollectionAdvanceEnum(WINE_COLLECTIONSTORE *store, Context_AddRef(child); child = contextFuncs->enumContext(storeEntry->store, child); Context_Release(prev); - prev = NULL; } else { diff --git a/dll/win32/crypt32/context.c b/dll/win32/crypt32/context.c index e0824f5a906..90d1afd2021 100644 --- a/dll/win32/crypt32/context.c +++ b/dll/win32/crypt32/context.c @@ -15,7 +15,12 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ - +#include +#include +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "wine/debug.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(context); diff --git a/dll/win32/crypt32/crl.c b/dll/win32/crypt32/crl.c index ada6bea0af5..db8065192f0 100644 --- a/dll/win32/crypt32/crl.c +++ b/dll/win32/crypt32/crl.c @@ -17,6 +17,14 @@ * */ +#include +#include +#define NONAMELESSUNION +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "wine/debug.h" +#include "wine/unicode.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/crypt32.rc b/dll/win32/crypt32/crypt32.rc index 9214e27e570..2ed4b277562 100644 --- a/dll/win32/crypt32/crypt32.rc +++ b/dll/win32/crypt32/crypt32.rc @@ -27,7 +27,7 @@ #define WINE_PRODUCTVERSION 5,131,2600,1243 #define WINE_PRODUCTVERSION_STR "5.131.2600.1243" -#include +#include "wine/wine_common_ver.rc" /* UTF-8 */ #pragma code_page(65001) diff --git a/dll/win32/crypt32/crypt32.spec b/dll/win32/crypt32/crypt32.spec index 00a2d62caf5..fc0955e0092 100644 --- a/dll/win32/crypt32/crypt32.spec +++ b/dll/win32/crypt32/crypt32.spec @@ -92,6 +92,7 @@ @ stdcall CertSetStoreProperty(ptr long long ptr) @ stdcall CertStrToNameA(long str long ptr ptr ptr ptr) @ stdcall CertStrToNameW(long wstr long ptr ptr ptr ptr) +@ stdcall CertUnregisterPhysicalStore(ptr long wstr) @ stdcall CertUnregisterSystemStore(ptr long) @ stdcall CertVerifyCRLRevocation(long ptr long ptr) @ stdcall CertVerifyCRLTimeValidity(ptr ptr) diff --git a/dll/win32/crypt32/crypt32_private.h b/dll/win32/crypt32/crypt32_private.h index 9ef8655223b..5c08369f007 100644 --- a/dll/win32/crypt32/crypt32_private.h +++ b/dll/win32/crypt32/crypt32_private.h @@ -19,36 +19,7 @@ #ifndef __CRYPT32_PRIVATE_H__ #define __CRYPT32_PRIVATE_H__ -#include -#include - -#include -#include -#include - -#define _INC_WINDOWS -#define COM_NO_WINDOWS_H - -#define NONAMELESSUNION - -#include -#include -#include -#include -#include - -#define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS -#define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS -#include - -#include - -#include -#include -#include -#include - -#include "cryptres.h" +#include "wine/list.h" /* a few asn.1 tags we need */ #define ASN_BOOL (ASN_UNIVERSAL | ASN_PRIMITIVE | 0x01) @@ -370,7 +341,7 @@ void CRYPT_ImportSystemRootCertsToReg(void) DECLSPEC_HIDDEN; BOOL CRYPT_SerializeContextsToReg(HKEY key, DWORD flags, const WINE_CONTEXT_INTERFACE *contextInterface, HCERTSTORE memStore) DECLSPEC_HIDDEN; -BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DECLSPEC_HIDDEN; +BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert, DWORD *type) DECLSPEC_HIDDEN; /* Allocates and initializes a certificate chain engine, but without creating * the root store. Instead, it uses root, and assumes the caller has done any @@ -479,4 +450,4 @@ void init_empty_store(void) DECLSPEC_HIDDEN; */ #define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0) -#endif /* __CRYPT32_PRIVATE_H__ */ +#endif diff --git a/dll/win32/crypt32/cryptres.h b/dll/win32/crypt32/cryptres.h index fd6bc0d1452..bdb02517703 100644 --- a/dll/win32/crypt32/cryptres.h +++ b/dll/win32/crypt32/cryptres.h @@ -15,10 +15,11 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ - #ifndef __WINE_CRYPTRES_H__ #define __WINE_CRYPTRES_H__ +#include + #define IDS_AUTHORITY_KEY_ID 1000 #define IDS_KEY_ATTRIBUTES 1001 #define IDS_KEY_USAGE_RESTRICTION 1002 diff --git a/dll/win32/crypt32/ctl.c b/dll/win32/crypt32/ctl.c index ec2f0aa885d..b8b728f387c 100644 --- a/dll/win32/crypt32/ctl.c +++ b/dll/win32/crypt32/ctl.c @@ -17,6 +17,13 @@ * */ +#include +#include + +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "wine/debug.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/decode.c b/dll/win32/crypt32/decode.c index 5d91e3027ce..cc028a90907 100644 --- a/dll/win32/crypt32/decode.c +++ b/dll/win32/crypt32/decode.c @@ -30,6 +30,23 @@ * MSDN, especially "Constants for CryptEncodeObject and CryptDecodeObject" */ +#include "config.h" +#include "wine/port.h" + +#include +#include +#include +#include + +#define NONAMELESSUNION + +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "winnls.h" +#include "snmp.h" +#include "wine/debug.h" +#include "wine/exception.h" #include "crypt32_private.h" /* This is a bit arbitrary, but to set some limit: */ @@ -68,7 +85,7 @@ static BOOL CRYPT_AsnDecodeAlgorithmId(const BYTE *pbEncoded, DWORD cbEncoded, static BOOL CRYPT_AsnDecodeBool(const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo, DWORD *pcbDecoded); /* Assumes the CRYPT_DATA_BLOB's pbData member has been initialized */ -static BOOL CRYPT_AsnDecodeOctetsInternal(const BYTE *pbEncoded, +static BOOL CRYPT_AsnDecodeOctets(const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo, DWORD *pcbDecoded); /* Doesn't check the tag, assumes the caller does so */ @@ -462,6 +479,7 @@ static BOOL CRYPT_AsnDecodeSequence(struct AsnDecodeSequenceItem items[], { dataLen = cbEncoded; indefinite = TRUE; + lenBytes += 2; } else if (cbEncoded < dataLen) { @@ -1404,7 +1422,7 @@ static BOOL CRYPT_AsnDecodeExtension(const BYTE *pbEncoded, DWORD cbEncoded, { ASN_BOOL, offsetof(CERT_EXTENSION, fCritical), CRYPT_AsnDecodeBool, sizeof(BOOL), TRUE, FALSE, 0, 0 }, { ASN_OCTETSTRING, offsetof(CERT_EXTENSION, Value), - CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_OBJID_BLOB), FALSE, TRUE, + CRYPT_AsnDecodeOctets, sizeof(CRYPT_OBJID_BLOB), FALSE, TRUE, offsetof(CERT_EXTENSION, Value.pbData) }, }; BOOL ret = TRUE; @@ -2166,7 +2184,7 @@ static BOOL CRYPT_AsnDecodeCTLEntry(const BYTE *pbEncoded, DWORD cbEncoded, { struct AsnDecodeSequenceItem items[] = { { ASN_OCTETSTRING, offsetof(CTL_ENTRY, SubjectIdentifier), - CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_DATA_BLOB), FALSE, TRUE, + CRYPT_AsnDecodeOctets, sizeof(CRYPT_DATA_BLOB), FALSE, TRUE, offsetof(CTL_ENTRY, SubjectIdentifier.pbData), 0 }, { ASN_CONSTRUCTOR | ASN_SETOF, offsetof(CTL_ENTRY, cAttribute), CRYPT_AsnDecodeCTLEntryAttributes, @@ -2259,7 +2277,7 @@ static BOOL WINAPI CRYPT_AsnDecodeCTL(DWORD dwCertEncodingType, CRYPT_AsnDecodeCTLUsage, sizeof(CTL_USAGE), FALSE, TRUE, offsetof(CTL_INFO, SubjectUsage.rgpszUsageIdentifier), 0 }, { ASN_OCTETSTRING, offsetof(CTL_INFO, ListIdentifier), - CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_DATA_BLOB), TRUE, + CRYPT_AsnDecodeOctets, sizeof(CRYPT_DATA_BLOB), TRUE, TRUE, offsetof(CTL_INFO, ListIdentifier.pbData), 0 }, { ASN_INTEGER, offsetof(CTL_INFO, SequenceNumber), CRYPT_AsnDecodeIntegerInternal, sizeof(CRYPT_INTEGER_BLOB), @@ -3120,11 +3138,11 @@ static BOOL WINAPI CRYPT_AsnDecodeAuthorityKeyId(DWORD dwCertEncodingType, { struct AsnDecodeSequenceItem items[] = { { ASN_CONTEXT | 0, offsetof(CERT_AUTHORITY_KEY_ID_INFO, KeyId), - CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_DATA_BLOB), + CRYPT_AsnDecodeOctets, sizeof(CRYPT_DATA_BLOB), TRUE, TRUE, offsetof(CERT_AUTHORITY_KEY_ID_INFO, KeyId.pbData), 0 }, { ASN_CONTEXT | ASN_CONSTRUCTOR| 1, offsetof(CERT_AUTHORITY_KEY_ID_INFO, CertIssuer), - CRYPT_AsnDecodeOctetsInternal, sizeof(CERT_NAME_BLOB), TRUE, TRUE, + CRYPT_AsnDecodeOctets, sizeof(CERT_NAME_BLOB), TRUE, TRUE, offsetof(CERT_AUTHORITY_KEY_ID_INFO, CertIssuer.pbData), 0 }, { ASN_CONTEXT | 2, offsetof(CERT_AUTHORITY_KEY_ID_INFO, CertSerialNumber), CRYPT_AsnDecodeIntegerInternal, @@ -3155,7 +3173,7 @@ static BOOL WINAPI CRYPT_AsnDecodeAuthorityKeyId2(DWORD dwCertEncodingType, { struct AsnDecodeSequenceItem items[] = { { ASN_CONTEXT | 0, offsetof(CERT_AUTHORITY_KEY_ID2_INFO, KeyId), - CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_DATA_BLOB), + CRYPT_AsnDecodeOctets, sizeof(CRYPT_DATA_BLOB), TRUE, TRUE, offsetof(CERT_AUTHORITY_KEY_ID2_INFO, KeyId.pbData), 0 }, { ASN_CONTEXT | ASN_CONSTRUCTOR| 1, offsetof(CERT_AUTHORITY_KEY_ID2_INFO, AuthorityCertIssuer), @@ -3370,7 +3388,7 @@ BOOL CRYPT_AsnDecodePKCSDigestedData(const BYTE *pbEncoded, DWORD cbEncoded, sizeof(CRYPT_CONTENT_INFO), FALSE, TRUE, offsetof(CRYPT_DIGESTED_DATA, ContentInfo.pszObjId), 0 }, { ASN_OCTETSTRING, offsetof(CRYPT_DIGESTED_DATA, hash), - CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_HASH_BLOB), FALSE, TRUE, + CRYPT_AsnDecodeOctets, sizeof(CRYPT_HASH_BLOB), FALSE, TRUE, offsetof(CRYPT_DIGESTED_DATA, hash.pbData), 0 }, }; @@ -4062,7 +4080,7 @@ static BOOL WINAPI CRYPT_AsnDecodeRsaPrivKey(DWORD dwCertEncodingType, return ret; } -static BOOL CRYPT_AsnDecodeOctetsInternal(const BYTE *pbEncoded, +static BOOL CRYPT_AsnDecodeOctets(const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo, DWORD *pcbDecoded) { @@ -4111,7 +4129,99 @@ static BOOL CRYPT_AsnDecodeOctetsInternal(const BYTE *pbEncoded, return ret; } -static BOOL WINAPI CRYPT_AsnDecodeOctets(DWORD dwCertEncodingType, +static BOOL CRYPT_AsnDecodeOctetStringInternal(const BYTE *encoded, DWORD encoded_size, + DWORD flags, void *buf, DWORD *buf_size, DWORD *ret_decoded) +{ + DWORD decoded = 0, indefinite_len_depth = 0, len_size, len, bytes_needed; + CRYPT_DATA_BLOB *blob; + const BYTE *string; + + while (encoded[0] == (ASN_CONSTRUCTOR | ASN_OCTETSTRING)) + { + if (!CRYPT_GetLengthIndefinite(encoded, encoded_size, &len)) + return FALSE; + + len_size = GET_LEN_BYTES(encoded[1]); + encoded += 1 + len_size; + encoded_size -= 1 + len_size; + decoded += 1 + len_size; + + if (len == CMSG_INDEFINITE_LENGTH) + { + indefinite_len_depth++; + if (encoded_size < 2) + { + SetLastError(CRYPT_E_ASN1_EOD); + return FALSE; + } + encoded_size -= 2; + decoded += 2; + } + } + + if (encoded[0] != ASN_OCTETSTRING) + { + WARN("Unexpected tag %02x\n", encoded[0]); + SetLastError(CRYPT_E_ASN1_BADTAG); + return FALSE; + } + + if (!CRYPT_GetLen(encoded, encoded_size, &len)) + return FALSE; + len_size = GET_LEN_BYTES(encoded[1]); + decoded += 1 + len_size + len; + encoded_size -= 1 + len_size; + + if (len > encoded_size) + { + SetLastError(CRYPT_E_ASN1_EOD); + return FALSE; + } + if (ret_decoded) + *ret_decoded = decoded; + + encoded += 1 + len_size; + string = encoded; + encoded += len; + + while (indefinite_len_depth--) + { + if (encoded[0] || encoded[1]) + { + TRACE("expected 0 TLV, got %02x %02x\n", encoded[0], encoded[1]); + SetLastError(CRYPT_E_ASN1_CORRUPT); + return FALSE; + } + } + + bytes_needed = sizeof(*blob); + if (!(flags & CRYPT_DECODE_NOCOPY_FLAG)) bytes_needed += len; + if (!buf) + { + *buf_size = bytes_needed; + return TRUE; + } + if (*buf_size < bytes_needed) + { + SetLastError(ERROR_MORE_DATA); + *buf_size = bytes_needed; + return FALSE; + } + + *buf_size = bytes_needed; + blob = buf; + blob->cbData = len; + if (flags & CRYPT_DECODE_NOCOPY_FLAG) + blob->pbData = (BYTE*)string; + else if (blob->cbData) + memcpy(blob->pbData, string, blob->cbData); + + if (ret_decoded) + *ret_decoded = decoded; + return TRUE; +} + +static BOOL WINAPI CRYPT_AsnDecodeOctetString(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo) { @@ -4120,21 +4230,17 @@ static BOOL WINAPI CRYPT_AsnDecodeOctets(DWORD dwCertEncodingType, TRACE("%p, %d, %08x, %p, %p, %d\n", pbEncoded, cbEncoded, dwFlags, pDecodePara, pvStructInfo, *pcbStructInfo); + if (!cbEncoded) + { + SetLastError(CRYPT_E_ASN1_CORRUPT); + return FALSE; + } + __TRY { DWORD bytesNeeded = 0; - if (!cbEncoded) - { - SetLastError(CRYPT_E_ASN1_CORRUPT); - ret = FALSE; - } - else if (pbEncoded[0] != ASN_OCTETSTRING) - { - SetLastError(CRYPT_E_ASN1_BADTAG); - ret = FALSE; - } - else if ((ret = CRYPT_AsnDecodeOctetsInternal(pbEncoded, cbEncoded, + if ((ret = CRYPT_AsnDecodeOctetStringInternal(pbEncoded, cbEncoded, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG, NULL, &bytesNeeded, NULL))) { if (!pvStructInfo) @@ -4148,7 +4254,7 @@ static BOOL WINAPI CRYPT_AsnDecodeOctets(DWORD dwCertEncodingType, pvStructInfo = *(BYTE **)pvStructInfo; blob = pvStructInfo; blob->pbData = (BYTE *)pvStructInfo + sizeof(CRYPT_DATA_BLOB); - ret = CRYPT_AsnDecodeOctetsInternal(pbEncoded, cbEncoded, + ret = CRYPT_AsnDecodeOctetStringInternal(pbEncoded, cbEncoded, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG, pvStructInfo, &bytesNeeded, NULL); if (!ret && (dwFlags & CRYPT_DECODE_ALLOC_FLAG)) @@ -5467,7 +5573,7 @@ static BOOL CRYPT_AsnDecodePKCSSignerInfoInternal(const BYTE *pbEncoded, FALSE, TRUE, offsetof(CMSG_SIGNER_INFO, HashEncryptionAlgorithm.pszObjId), 0 }, { ASN_OCTETSTRING, offsetof(CMSG_SIGNER_INFO, EncryptedHash), - CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_DER_BLOB), + CRYPT_AsnDecodeOctets, sizeof(CRYPT_DER_BLOB), FALSE, TRUE, offsetof(CMSG_SIGNER_INFO, EncryptedHash.pbData), 0 }, { ASN_CONSTRUCTOR | ASN_CONTEXT | 1, offsetof(CMSG_SIGNER_INFO, UnauthAttrs), @@ -5592,7 +5698,7 @@ static BOOL CRYPT_AsnDecodeCMSSignerId(const BYTE *pbEncoded, } else if (*pbEncoded == (ASN_CONTEXT | 0)) { - ret = CRYPT_AsnDecodeOctetsInternal(pbEncoded, cbEncoded, dwFlags, + ret = CRYPT_AsnDecodeOctets(pbEncoded, cbEncoded, dwFlags, id ? &id->u.KeyId : NULL, pcbStructInfo, pcbDecoded); if (ret) { @@ -5636,7 +5742,7 @@ static BOOL CRYPT_AsnDecodeCMSSignerInfoInternal(const BYTE *pbEncoded, FALSE, TRUE, offsetof(CMSG_CMS_SIGNER_INFO, HashEncryptionAlgorithm.pszObjId), 0 }, { ASN_OCTETSTRING, offsetof(CMSG_CMS_SIGNER_INFO, EncryptedHash), - CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_DER_BLOB), + CRYPT_AsnDecodeOctets, sizeof(CRYPT_DER_BLOB), FALSE, TRUE, offsetof(CMSG_CMS_SIGNER_INFO, EncryptedHash.pbData), 0 }, { ASN_CONSTRUCTOR | ASN_CONTEXT | 1, offsetof(CMSG_CMS_SIGNER_INFO, UnauthAttrs), @@ -5774,7 +5880,7 @@ static BOOL CRYPT_AsnDecodeRecipientInfo(const BYTE *pbEncoded, DWORD cbEncoded, offsetof(CMSG_KEY_TRANS_RECIPIENT_INFO, KeyEncryptionAlgorithm.pszObjId), 0 }, { ASN_OCTETSTRING, offsetof(CMSG_KEY_TRANS_RECIPIENT_INFO, EncryptedKey), - CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_DATA_BLOB), FALSE, TRUE, + CRYPT_AsnDecodeOctets, sizeof(CRYPT_DATA_BLOB), FALSE, TRUE, offsetof(CMSG_KEY_TRANS_RECIPIENT_INFO, EncryptedKey.pbData), 0 }, }; @@ -5830,7 +5936,7 @@ static BOOL CRYPT_AsnDecodeEncryptedContentInfo(const BYTE *pbEncoded, offsetof(CRYPT_ENCRYPTED_CONTENT_INFO, contentEncryptionAlgorithm.pszObjId), 0 }, { ASN_CONTEXT | 0, offsetof(CRYPT_ENCRYPTED_CONTENT_INFO, - encryptedContent), CRYPT_AsnDecodeOctetsInternal, + encryptedContent), CRYPT_AsnDecodeOctets, sizeof(CRYPT_DATA_BLOB), TRUE, TRUE, offsetof(CRYPT_ENCRYPTED_CONTENT_INFO, encryptedContent.pbData) }, }; @@ -5873,6 +5979,75 @@ BOOL CRYPT_AsnDecodePKCSEnvelopedData(const BYTE *pbEncoded, DWORD cbEncoded, return ret; } +static BOOL WINAPI CRYPT_AsnDecodeObjectIdentifier(DWORD dwCertEncodingType, + LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, + PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo) +{ + DWORD bytesNeeded = 0; + BOOL ret; + + __TRY + { + ret = CRYPT_AsnDecodeOidInternal(pbEncoded, cbEncoded, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG, + NULL, &bytesNeeded, NULL); + if (ret) + { + if (!pvStructInfo) + *pcbStructInfo = bytesNeeded; + else if ((ret = CRYPT_DecodeEnsureSpace(dwFlags, pDecodePara, pvStructInfo, pcbStructInfo, bytesNeeded))) + { + LPSTR *info; + + if (dwFlags & CRYPT_DECODE_ALLOC_FLAG) + pvStructInfo = *(BYTE **)pvStructInfo; + + info = pvStructInfo; + *info = (void *)((BYTE *)info + sizeof(*info)); + ret = CRYPT_AsnDecodeOidInternal(pbEncoded, cbEncoded, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG, + pvStructInfo, &bytesNeeded, NULL); + if (!ret && (dwFlags & CRYPT_DECODE_ALLOC_FLAG)) + CRYPT_FreeSpace(pDecodePara, info); + } + } + } + __EXCEPT_PAGE_FAULT + { + SetLastError(STATUS_ACCESS_VIOLATION); + ret = FALSE; + } + __ENDTRY + return ret; +} + +static BOOL WINAPI CRYPT_AsnDecodeEccSignature(DWORD dwCertEncodingType, + LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, + PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo) +{ + BOOL ret; + struct AsnDecodeSequenceItem items[] = { + { ASN_INTEGER, offsetof(CERT_ECC_SIGNATURE, r), + CRYPT_AsnDecodeUnsignedIntegerInternal, sizeof(CRYPT_UINT_BLOB), FALSE, + TRUE, offsetof(CERT_ECC_SIGNATURE, r.pbData), 0 }, + { ASN_INTEGER, offsetof(CERT_ECC_SIGNATURE, s), + CRYPT_AsnDecodeUnsignedIntegerInternal, sizeof(CRYPT_UINT_BLOB), FALSE, + TRUE, offsetof(CERT_ECC_SIGNATURE, s.pbData), 0 }, + }; + + __TRY + { + ret = CRYPT_AsnDecodeSequence(items, sizeof(items) / sizeof(items[0]), + pbEncoded, cbEncoded, dwFlags, pDecodePara, pvStructInfo, + pcbStructInfo, NULL, NULL); + } + __EXCEPT_PAGE_FAULT + { + SetLastError(STATUS_ACCESS_VIOLATION); + ret = FALSE; + } + __ENDTRY + return ret; +} + static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType, LPCSTR lpszStructType) { @@ -5940,7 +6115,7 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType, decodeFunc = CRYPT_AsnDecodeUnicodeNameValue; break; case LOWORD(X509_OCTET_STRING): - decodeFunc = CRYPT_AsnDecodeOctets; + decodeFunc = CRYPT_AsnDecodeOctetString; break; case LOWORD(X509_BITS): case LOWORD(X509_KEY_USAGE): @@ -6012,6 +6187,12 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType, case LOWORD(CMS_SIGNER_INFO): decodeFunc = CRYPT_AsnDecodeCMSSignerInfo; break; + case LOWORD(X509_OBJECT_IDENTIFIER): + decodeFunc = CRYPT_AsnDecodeObjectIdentifier; + break; + case LOWORD(X509_ECC_SIGNATURE): + decodeFunc = CRYPT_AsnDecodeEccSignature; + break; } } else if (!strcmp(lpszStructType, szOID_CERT_EXTENSIONS)) @@ -6031,7 +6212,7 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType, else if (!strcmp(lpszStructType, szOID_KEY_USAGE)) decodeFunc = CRYPT_AsnDecodeBits; else if (!strcmp(lpszStructType, szOID_SUBJECT_KEY_IDENTIFIER)) - decodeFunc = CRYPT_AsnDecodeOctets; + decodeFunc = CRYPT_AsnDecodeOctetString; else if (!strcmp(lpszStructType, szOID_BASIC_CONSTRAINTS)) decodeFunc = CRYPT_AsnDecodeBasicConstraints; else if (!strcmp(lpszStructType, szOID_BASIC_CONSTRAINTS2)) @@ -6066,6 +6247,8 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType, decodeFunc = CRYPT_AsnDecodePolicyQualifierUserNotice; else if (!strcmp(lpszStructType, szOID_CTL)) decodeFunc = CRYPT_AsnDecodeCTL; + else if (!strcmp(lpszStructType, szOID_ECC_PUBLIC_KEY)) + decodeFunc = CRYPT_AsnDecodeObjectIdentifier; return decodeFunc; } diff --git a/dll/win32/crypt32/encode.c b/dll/win32/crypt32/encode.c index b00670471da..6f9f595f4f8 100644 --- a/dll/win32/crypt32/encode.c +++ b/dll/win32/crypt32/encode.c @@ -30,6 +30,23 @@ * MSDN, especially "Constants for CryptEncodeObject and CryptDecodeObject" */ +#include "config.h" +#include "wine/port.h" + +#include +#include +#include +#include + +#define NONAMELESSUNION + +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "snmp.h" +#include "wine/debug.h" +#include "wine/exception.h" +#include "wine/unicode.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(cryptasn); diff --git a/dll/win32/crypt32/filestore.c b/dll/win32/crypt32/filestore.c index f3e618f693f..0f7d8d5150f 100644 --- a/dll/win32/crypt32/filestore.c +++ b/dll/win32/crypt32/filestore.c @@ -15,7 +15,13 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ - +#include +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "winnls.h" +#include "wine/debug.h" +#include "wine/unicode.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/main.c b/dll/win32/crypt32/main.c index 8f2902e5c73..c03c092edd9 100644 --- a/dll/win32/crypt32/main.c +++ b/dll/win32/crypt32/main.c @@ -17,9 +17,18 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ -#include "crypt32_private.h" +#include "config.h" +#include +#include +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "winreg.h" +#include "winuser.h" #include "i_cryptasn1tls.h" +#include "crypt32_private.h" +#include "wine/debug.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/message.c b/dll/win32/crypt32/message.c index e7402355b6c..5b77c87bc48 100644 --- a/dll/win32/crypt32/message.c +++ b/dll/win32/crypt32/message.c @@ -16,7 +16,12 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ -#include "crypt32_private.h" +#include +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" + +#include "wine/debug.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/msg.c b/dll/win32/crypt32/msg.c index c9a0fe11649..fd43a7baeb3 100644 --- a/dll/win32/crypt32/msg.c +++ b/dll/win32/crypt32/msg.c @@ -16,6 +16,18 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ +#include "config.h" +#include "wine/port.h" + +#include +#define NONAMELESSUNION +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "snmp.h" + +#include "wine/debug.h" +#include "wine/exception.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); @@ -2715,12 +2727,10 @@ static BOOL CRYPT_CopySignerInfo(void *pvData, DWORD *pcbData, size += CRYPT_SizeOfAttributes(&in->UnauthAttrs); if (!pvData) { - *pcbData = size; ret = TRUE; } else if (*pcbData < size) { - *pcbData = size; SetLastError(ERROR_MORE_DATA); ret = FALSE; } @@ -2753,6 +2763,7 @@ static BOOL CRYPT_CopySignerInfo(void *pvData, DWORD *pcbData, CRYPT_CopyAttributes(&out->UnauthAttrs, &in->UnauthAttrs, &nextData); } } + *pcbData = size; TRACE("returning %d\n", ret); return ret; } diff --git a/dll/win32/crypt32/object.c b/dll/win32/crypt32/object.c index 78dea1991c0..0320cfda1bb 100644 --- a/dll/win32/crypt32/object.c +++ b/dll/win32/crypt32/object.c @@ -17,10 +17,18 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ - +#include +#define NONAMELESSUNION +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "mssip.h" +#include "winuser.h" +#include "wintrust.h" #include "crypt32_private.h" - -#include +#include "cryptres.h" +#include "wine/unicode.h" +#include "wine/debug.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/oid.c b/dll/win32/crypt32/oid.c index ff1c859b3f8..42d998a242c 100644 --- a/dll/win32/crypt32/oid.c +++ b/dll/win32/crypt32/oid.c @@ -17,7 +17,22 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ +#include "config.h" +#include "wine/port.h" + +#include +#include +#define NONAMELESSUNION +#include "windef.h" +#include "winbase.h" +#define CRYPT_OID_INFO_HAS_EXTRA_FIELDS +#include "wincrypt.h" +#include "winreg.h" +#include "winuser.h" +#include "wine/debug.h" +#include "wine/list.h" #include "crypt32_private.h" +#include "cryptres.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); @@ -1066,6 +1081,8 @@ static const WCHAR sha384RSA[] = { 's','h','a','3','8','4','R','S','A',0 }; static const WCHAR sha512RSA[] = { 's','h','a','5','1','2','R','S','A',0 }; static const WCHAR mosaicUpdatedSig[] = { 'm','o','s','a','i','c','U','p','d','a','t','e','d','S','i','g',0 }; +static const WCHAR sha256ECDSA[] = { 's','h','a','2','5','6','E','C','D','S','A',0 }; +static const WCHAR sha384ECDSA[] = { 's','h','a','3','8','4','E','C','D','S','A',0 }; static const WCHAR CN[] = { 'C','N',0 }; static const WCHAR L[] = { 'L',0 }; static const WCHAR O[] = { 'O',0 }; @@ -1112,12 +1129,16 @@ static const DWORD dssSign[2] = { CALG_DSS_SIGN, static const DWORD mosaicSign[2] = { CALG_DSS_SIGN, CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG | CRYPT_OID_NO_NULL_ALGORITHM_PARA_FLAG }; +static const DWORD ecdsaSign[2] = { CALG_OID_INFO_PARAMETERS, + CRYPT_OID_NO_NULL_ALGORITHM_PARA_FLAG }; static const CRYPT_DATA_BLOB rsaSignBlob = { sizeof(rsaSign), (LPBYTE)&rsaSign }; static const CRYPT_DATA_BLOB dssSignBlob = { sizeof(dssSign), (LPBYTE)dssSign }; static const CRYPT_DATA_BLOB mosaicSignBlob = { sizeof(mosaicSign), (LPBYTE)mosaicSign }; +static const CRYPT_DATA_BLOB ecdsaSignBlob = { sizeof(ecdsaSign), + (LPBYTE)ecdsaSign }; static const DWORD ia5String[] = { CERT_RDN_IA5_STRING, 0 }; static const DWORD numericString[] = { CERT_RDN_NUMERIC_STRING, 0 }; @@ -1139,6 +1160,8 @@ static const struct OIDInfoConstructor { UINT Algid; LPCWSTR pwszName; const CRYPT_DATA_BLOB *blob; + LPCWSTR pwszCNGAlgid; + LPCWSTR pwszCNGExtraAlgid; } oidInfoConstructors[] = { { 1, szOID_OIWSEC_sha1, CALG_SHA1, sha1, NULL }, { 1, szOID_OIWSEC_sha1, CALG_SHA1, sha, NULL }, @@ -1146,6 +1169,7 @@ static const struct OIDInfoConstructor { { 1, szOID_RSA_MD5, CALG_MD5, md5, NULL }, { 1, szOID_RSA_MD4, CALG_MD4, md4, NULL }, { 1, szOID_RSA_MD2, CALG_MD2, md2, NULL }, + /* NOTE: Windows Vista+ uses -1 instead of CALG_SHA_* following SHA entries. */ { 1, szOID_NIST_sha256, CALG_SHA_256, sha256, NULL }, { 1, szOID_NIST_sha384, CALG_SHA_384, sha384, NULL }, { 1, szOID_NIST_sha512, CALG_SHA_512, sha512, NULL }, @@ -1193,6 +1217,10 @@ static const struct OIDInfoConstructor { { 4, szOID_OIWSEC_dsaSHA1, CALG_SHA1, dsaSHA1, &dssSignBlob }, { 4, szOID_INFOSEC_mosaicUpdatedSig, CALG_SHA1, mosaicUpdatedSig, &mosaicSignBlob }, + { 4, szOID_ECDSA_SHA256, CALG_OID_INFO_CNG_ONLY, sha256ECDSA, &ecdsaSignBlob, + BCRYPT_SHA256_ALGORITHM, CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM }, + { 4, szOID_ECDSA_SHA384, CALG_OID_INFO_CNG_ONLY, sha384ECDSA, &ecdsaSignBlob, + BCRYPT_SHA384_ALGORITHM, CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM }, { 5, szOID_COMMON_NAME, 0, CN, NULL }, { 5, szOID_LOCALITY_NAME, 0, L, NULL }, @@ -1408,6 +1436,8 @@ static void init_oid_info(void) info->info.ExtraInfo.pbData = oidInfoConstructors[i].blob->pbData; } + info->info.pwszCNGAlgid = oidInfoConstructors[i].pwszCNGAlgid; + info->info.pwszCNGExtraAlgid = oidInfoConstructors[i].pwszCNGExtraAlgid; list_add_tail(&oidInfo, &info->entry); } } @@ -1440,6 +1470,8 @@ static void init_oid_info(void) info->info.ExtraInfo.pbData = oidInfoConstructors[i].blob->pbData; } + info->info.pwszCNGAlgid = oidInfoConstructors[i].pwszCNGAlgid; + info->info.pwszCNGExtraAlgid = oidInfoConstructors[i].pwszCNGExtraAlgid; list_add_tail(&oidInfo, &info->entry); } } diff --git a/dll/win32/crypt32/precomp.h b/dll/win32/crypt32/precomp.h new file mode 100644 index 00000000000..90336916bca --- /dev/null +++ b/dll/win32/crypt32/precomp.h @@ -0,0 +1,40 @@ + +#ifndef __CRYPT32_PRECOMP_H__ +#define __CRYPT32_PRECOMP_H__ + +#include +#include + +#include +#include +#include + +#define _INC_WINDOWS +#define COM_NO_WINDOWS_H + +#define NONAMELESSUNION + +#include +#define WIN32_NO_STATUS +#include +#include +#include +#include +#include +#include + +#define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS +#define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS +#define CRYPT_OID_INFO_HAS_EXTRA_FIELDS +#include + +#include + +#include +#include +#include + +#include "crypt32_private.h" +#include "cryptres.h" + +#endif /* !__CRYPT32_PRECOMP_H__ */ diff --git a/dll/win32/crypt32/proplist.c b/dll/win32/crypt32/proplist.c index 291b94c902a..f5ae2213525 100644 --- a/dll/win32/crypt32/proplist.c +++ b/dll/win32/crypt32/proplist.c @@ -15,7 +15,13 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ - +#include +#include +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "wine/debug.h" +#include "wine/list.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/protectdata.c b/dll/win32/crypt32/protectdata.c index 6ef8b638f00..20e11f457c8 100644 --- a/dll/win32/crypt32/protectdata.c +++ b/dll/win32/crypt32/protectdata.c @@ -34,7 +34,15 @@ * */ -#include "crypt32_private.h" +#include +#include +#include +#include + +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "wine/debug.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/provstore.c b/dll/win32/crypt32/provstore.c index 640ea626053..a6f7130be8e 100644 --- a/dll/win32/crypt32/provstore.c +++ b/dll/win32/crypt32/provstore.c @@ -16,6 +16,13 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ +#include +#include + +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "wine/debug.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/regstore.c b/dll/win32/crypt32/regstore.c index ba4b439a267..5a39a2684d7 100644 --- a/dll/win32/crypt32/regstore.c +++ b/dll/win32/crypt32/regstore.c @@ -15,11 +15,16 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ - +#include +#include +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "winreg.h" +#include "winuser.h" +#include "wine/debug.h" #include "crypt32_private.h" -#include - WINE_DEFAULT_DEBUG_CHANNEL(crypt); typedef struct _WINE_HASH_TO_DELETE diff --git a/dll/win32/crypt32/rootstore.c b/dll/win32/crypt32/rootstore.c index a5e2744833a..cdeec74341f 100644 --- a/dll/win32/crypt32/rootstore.c +++ b/dll/win32/crypt32/rootstore.c @@ -15,9 +15,9 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ - -#include "crypt32_private.h" - +#include "config.h" +#include +#include #include #ifdef HAVE_SYS_STAT_H #include @@ -34,6 +34,15 @@ #ifdef HAVE_SECURITY_SECURITY_H #include #endif +#include "ntstatus.h" +#define WIN32_NO_STATUS +#include "windef.h" +#include "winbase.h" +#include "winreg.h" +#include "wincrypt.h" +#include "wine/winternl.h" +#include "wine/debug.h" +#include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/serialize.c b/dll/win32/crypt32/serialize.c index b722d21de77..e8ccc4a06e0 100644 --- a/dll/win32/crypt32/serialize.c +++ b/dll/win32/crypt32/serialize.c @@ -16,6 +16,15 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ +#include "config.h" +#include "wine/port.h" + +#include +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "wine/debug.h" +#include "wine/exception.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/sip.c b/dll/win32/crypt32/sip.c index 9d195e0e402..8b561fdc2c7 100644 --- a/dll/win32/crypt32/sip.c +++ b/dll/win32/crypt32/sip.c @@ -18,7 +18,19 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ -#include "crypt32_private.h" +#include +#include + +#include "windef.h" +#include "winbase.h" +#include "wincrypt.h" +#include "winreg.h" +#include "winnls.h" +#include "mssip.h" +#include "winuser.h" + +#include "wine/debug.h" +#include "wine/list.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/dll/win32/crypt32/store.c b/dll/win32/crypt32/store.c index 7910635a299..bc4ebde5f65 100644 --- a/dll/win32/crypt32/store.c +++ b/dll/win32/crypt32/store.c @@ -23,6 +23,19 @@ * - Many flags, options and whatnot are unimplemented. */ +#include "config.h" +#include "wine/port.h" + +#include +#include +#include "windef.h" +#include "winbase.h" +#include "winnls.h" +#include "winreg.h" +#include "winuser.h" +#include "wincrypt.h" +#include "wine/debug.h" +#include "wine/exception.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); @@ -1371,6 +1384,13 @@ BOOL WINAPI CertRegisterPhysicalStore(const void *pvSystemStore, DWORD dwFlags, return FALSE; } +BOOL WINAPI CertUnregisterPhysicalStore(const void *pvSystemStore, DWORD dwFlags, + LPCWSTR pwszStoreName) +{ + FIXME("(%p, %08x, %s): stub\n", pvSystemStore, dwFlags, debugstr_w(pwszStoreName)); + return TRUE; +} + BOOL WINAPI CertRegisterSystemStore(const void *pvSystemStore, DWORD dwFlags, PCERT_SYSTEM_STORE_INFO pStoreInfo, void *pvReserved) { @@ -1394,7 +1414,7 @@ BOOL WINAPI CertRegisterSystemStore(const void *pvSystemStore, DWORD dwFlags, return FALSE; } -BOOL WINAPI CertUnregisterSystemStore(void *pvSystemStore, DWORD dwFlags) +BOOL WINAPI CertUnregisterSystemStore(const void *pvSystemStore, DWORD dwFlags) { HCERTSTORE hstore; diff --git a/dll/win32/crypt32/str.c b/dll/win32/crypt32/str.c index d2eee455b5d..1daf29f8a0f 100644 --- a/dll/win32/crypt32/str.c +++ b/dll/win32/crypt32/str.c @@ -15,8 +15,17 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */ +#include -#include "crypt32_private.h" +#define NONAMELESSUNION + +#include "windef.h" +#include "winbase.h" +#include "winnls.h" +#include "winuser.h" +#include "wincrypt.h" +#include "wine/debug.h" +#include "wine/unicode.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); diff --git a/media/doc/README.WINE b/media/doc/README.WINE index f2fdaeb3e2b..19ed2910bf2 100644 --- a/media/doc/README.WINE +++ b/media/doc/README.WINE @@ -58,7 +58,7 @@ reactos/dll/win32/comctl32 # Synced to WineStaging-2.16 reactos/dll/win32/comdlg32 # Synced to WineStaging-2.16 reactos/dll/win32/compstui # Synced to WineStaging-2.9 reactos/dll/win32/credui # Synced to WineStaging-2.9 -reactos/dll/win32/crypt32 # Synced to WineStaging-2.16 +reactos/dll/win32/crypt32 # Synced to WineStaging-3.3 reactos/dll/win32/cryptdlg # Synced to WineStaging-2.9 reactos/dll/win32/cryptdll # Synced to WineStaging-2.9 reactos/dll/win32/cryptnet # Synced to WineStaging-2.9 diff --git a/sdk/include/psdk/bcrypt.h b/sdk/include/psdk/bcrypt.h index 6a80528698b..de74af7bb1a 100644 --- a/sdk/include/psdk/bcrypt.h +++ b/sdk/include/psdk/bcrypt.h @@ -58,6 +58,14 @@ typedef NTSTATUS *PNTSTATUS; #define BCRYPT_PROVIDER_HANDLE L"ProviderHandle" #define BCRYPT_SIGNATURE_LENGTH L"SignatureLength" +#define BCRYPT_OPAQUE_KEY_BLOB L"OpaqueKeyBlob" +#define BCRYPT_KEY_DATA_BLOB L"KeyDataBlob" +#define BCRYPT_AES_WRAP_KEY_BLOB L"Rfc3565KeyWrapBlob" +#define BCRYPT_ECCPUBLIC_BLOB L"ECCPUBLICBLOB" +#define BCRYPT_ECCPRIVATE_BLOB L"ECCPRIVATEBLOB" +#define BCRYPT_RSAPUBLIC_BLOB L"RSAPUBLICBLOB" +#define BCRYPT_RSAPRIVATE_BLOB L"RSAPRIVATEBLOB" + #define MS_PRIMITIVE_PROVIDER L"Microsoft Primitive Provider" #define MS_PLATFORM_CRYPTO_PROVIDER L"Microsoft Platform Crypto Provider" @@ -67,6 +75,16 @@ typedef NTSTATUS *PNTSTATUS; #define BCRYPT_SHA256_ALGORITHM L"SHA256" #define BCRYPT_SHA384_ALGORITHM L"SHA384" #define BCRYPT_SHA512_ALGORITHM L"SHA512" +#define BCRYPT_ECDSA_P256_ALGORITHM L"ECDSA_P256" +#define BCRYPT_ECDSA_P384_ALGORITHM L"ECDSA_P384" +#define BCRYPT_ECDSA_P521_ALGORITHM L"ECDSA_P521" + +#define BCRYPT_ECDSA_PUBLIC_P256_MAGIC 0x31534345 +#define BCRYPT_ECDSA_PRIVATE_P256_MAGIC 0x32534345 +#define BCRYPT_ECDSA_PUBLIC_P384_MAGIC 0x33534345 +#define BCRYPT_ECDSA_PRIVATE_P384_MAGIC 0x34534345 +#define BCRYPT_ECDSA_PUBLIC_P521_MAGIC 0x35534345 +#define BCRYPT_ECDSA_PRIVATE_P521_MAGIC 0x36534345 typedef struct _BCRYPT_ALGORITHM_IDENTIFIER { @@ -75,7 +93,77 @@ typedef struct _BCRYPT_ALGORITHM_IDENTIFIER ULONG dwFlags; } BCRYPT_ALGORITHM_IDENTIFIER; +typedef struct __BCRYPT_KEY_LENGTHS_STRUCT +{ + ULONG dwMinLength; + ULONG dwMaxLength; + ULONG dwIncrement; +} BCRYPT_KEY_LENGTHS_STRUCT, BCRYPT_AUTH_TAG_LENGTHS_STRUCT; + +typedef struct _BCRYPT_KEY_DATA_BLOB_HEADER +{ + ULONG dwMagic; + ULONG dwVersion; + ULONG cbKeyData; +} BCRYPT_KEY_DATA_BLOB_HEADER, *PBCRYPT_KEY_DATA_BLOB_HEADER; + +typedef struct _BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO +{ + ULONG cbSize; + ULONG dwInfoVersion; + UCHAR *pbNonce; + ULONG cbNonce; + UCHAR *pbAuthData; + ULONG cbAuthData; + UCHAR *pbTag; + ULONG cbTag; + UCHAR *pbMacContext; + ULONG cbMacContext; + ULONG cbAAD; + ULONGLONG cbData; + ULONG dwFlags; +} BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO, *PBCRYPT_AUTHENTICATED_CIPHER_MODE_INFO; + +typedef struct _BCRYPT_ECCKEY_BLOB +{ + ULONG dwMagic; + ULONG cbKey; +} BCRYPT_ECCKEY_BLOB, *PBCRYPT_ECCKEY_BLOB; + +#define BCRYPT_RSAPUBLIC_MAGIC 0x31415352 +#define BCRYPT_RSAPRIVATE_MAGIC 0x32415352 +#define BCRYPT_RSAFULLPRIVATE_MAGIC 0x33415352 + +typedef struct _BCRYPT_RSAKEY_BLOB +{ + ULONG Magic; + ULONG BitLength; + ULONG cbPublicExp; + ULONG cbModulus; + ULONG cbPrime1; + ULONG cbPrime2; +} BCRYPT_RSAKEY_BLOB; + +typedef struct _BCRYPT_PKCS1_PADDING_INFO +{ + LPCWSTR pszAlgId; +} BCRYPT_PKCS1_PADDING_INFO; + +#define BCRYPT_PAD_NONE 0x00000001 +#define BCRYPT_PAD_PKCS1 0x00000002 +#define BCRYPT_PAD_OAEP 0x00000004 +#define BCRYPT_PAD_PSS 0x00000008 + +#define BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO_VERSION 1 + +#define BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG 0x00000001 +#define BCRYPT_AUTH_MODE_IN_PROGRESS_FLAG 0x00000002 + +#define BCRYPT_KEY_DATA_BLOB_MAGIC 0x4d42444b +#define BCRYPT_KEY_DATA_BLOB_VERSION1 1 + typedef PVOID BCRYPT_ALG_HANDLE; +typedef PVOID BCRYPT_KEY_HANDLE; typedef PVOID BCRYPT_HANDLE; typedef PVOID BCRYPT_HASH_HANDLE; @@ -85,14 +173,22 @@ typedef PVOID BCRYPT_HASH_HANDLE; NTSTATUS WINAPI BCryptCloseAlgorithmProvider(BCRYPT_ALG_HANDLE, ULONG); NTSTATUS WINAPI BCryptCreateHash(BCRYPT_ALG_HANDLE, BCRYPT_HASH_HANDLE *, PUCHAR, ULONG, PUCHAR, ULONG, ULONG); +NTSTATUS WINAPI BCryptDecrypt(BCRYPT_KEY_HANDLE, PUCHAR, ULONG, VOID *, PUCHAR, ULONG, PUCHAR, ULONG, ULONG *, ULONG); NTSTATUS WINAPI BCryptDestroyHash(BCRYPT_HASH_HANDLE); +NTSTATUS WINAPI BCryptDestroyKey(BCRYPT_KEY_HANDLE); +NTSTATUS WINAPI BCryptEncrypt(BCRYPT_KEY_HANDLE, PUCHAR, ULONG, VOID *, PUCHAR, ULONG, PUCHAR, ULONG, ULONG *, ULONG); NTSTATUS WINAPI BCryptEnumAlgorithms(ULONG, ULONG *, BCRYPT_ALGORITHM_IDENTIFIER **, ULONG); NTSTATUS WINAPI BCryptFinishHash(BCRYPT_HASH_HANDLE, PUCHAR, ULONG, ULONG); +NTSTATUS WINAPI BCryptGenerateSymmetricKey(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE *, PUCHAR, ULONG, PUCHAR, ULONG, ULONG); NTSTATUS WINAPI BCryptGenRandom(BCRYPT_ALG_HANDLE, PUCHAR, ULONG, ULONG); NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *); NTSTATUS WINAPI BCryptGetProperty(BCRYPT_HANDLE, LPCWSTR, PUCHAR, ULONG, ULONG *, ULONG); NTSTATUS WINAPI BCryptHash(BCRYPT_ALG_HANDLE, PUCHAR, ULONG, PUCHAR, ULONG, PUCHAR, ULONG); NTSTATUS WINAPI BCryptHashData(BCRYPT_HASH_HANDLE, PUCHAR, ULONG, ULONG); +NTSTATUS WINAPI BCryptImportKeyPair(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, BCRYPT_KEY_HANDLE *, UCHAR *, ULONG, ULONG); NTSTATUS WINAPI BCryptOpenAlgorithmProvider(BCRYPT_ALG_HANDLE *, LPCWSTR, LPCWSTR, ULONG); +NTSTATUS WINAPI BCryptSetProperty(BCRYPT_HANDLE, LPCWSTR, PUCHAR, ULONG, ULONG); +NTSTATUS WINAPI BCryptDuplicateHash(BCRYPT_HASH_HANDLE, BCRYPT_HASH_HANDLE *, UCHAR *, ULONG, ULONG); +NTSTATUS WINAPI BCryptVerifySignature(BCRYPT_KEY_HANDLE, void *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG); #endif /* __WINE_BCRYPT_H */ diff --git a/sdk/include/psdk/wincrypt.h b/sdk/include/psdk/wincrypt.h index 88b403f3736..789a7b0f833 100644 --- a/sdk/include/psdk/wincrypt.h +++ b/sdk/include/psdk/wincrypt.h @@ -295,6 +295,11 @@ typedef struct _CERT_KEY_ATTRIBUTES_INFO { PCERT_PRIVATE_KEY_VALIDITY pPrivateKeyUsagePeriod; } CERT_KEY_ATTRIBUTES_INFO, *PCERT_KEY_ATTRIBUTES_INFO; +typedef struct _CERT_ECC_SIGNATURE { + CRYPT_UINT_BLOB r; + CRYPT_UINT_BLOB s; +} CERT_ECC_SIGNATURE, *PCERT_ECC_SIGNATURE; + /* byte 0 */ #define CERT_DIGITAL_SIGNATURE_KEY_USAGE 0x80 #define CERT_NON_REPUDIATION_KEY_USAGE 0x40 @@ -1365,6 +1370,35 @@ typedef BOOL #define CRYPT_MATCH_ANY_ENCODING_TYPE 0xffffffff +#define CALG_OID_INFO_CNG_ONLY 0xffffffff +#define CALG_OID_INFO_PARAMETERS 0xfffffffe + +#if defined(__GNUC__) +#define CRYPT_OID_INFO_HASH_PARAMETERS_ALGORITHM (const WCHAR []){'C','r','y','p','t','O','I','D','I','n','f','o','H','a','s','h','P','a','r','a','m','e','t','e','r','s',0} +#define CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM (const WCHAR []){'C','r','y','p','t','O','I','D','I','n','f','o','E','C','C','P','a','r','a','m','e','t','e','r','s',0} +#define CRYPT_OID_INFO_MGF1_PARAMETERS_ALGORITHM (const WCHAR []){'C','r','y','p','t','O','I','D','I','n','f','o','M','g','f','1','P','a','r','a','m','e','t','e','r','s',0} +#define CRYPT_OID_INFO_NO_SIGN_ALGORITHM (const WCHAR []){'C','r','y','p','t','O','I','D','I','n','f','o','N','o','S','i','g','n',0} +#define CRYPT_OID_INFO_OAEP_PARAMETERS_ALGORITHM (const WCHAR []){'C','r','y','p','t','O','I','D','I','n','f','o','O','A','E','P','P','a','r','a','m','e','t','e','r','s',0} +#define CRYPT_OID_INFO_ECC_WRAP_PARAMETERS_ALGORITHM (const WCHAR []){'C','r','y','p','t','O','I','D','I','n','f','o','E','C','C','W','r','a','p','P','a','r','a','m','e','t','e','r','s',0} +#define CRYPT_OID_INFO_NO_PARAMETERS_ALGORITHM (const WCHAR []){'C','r','y','p','t','O','I','D','I','n','f','o','N','o','P','a','r','a','m','e','t','e','r','s',0} +#elif defined(_MSC_VER) +#define CRYPT_OID_INFO_HASH_PARAMETERS_ALGORITHM L"CryptOIDInfoHashParameters" +#define CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM L"CryptOIDInfoECCParameters" +#define CRYPT_OID_INFO_MGF1_PARAMETERS_ALGORITHM L"CryptOIDInfoMgf1Parameters" +#define CRYPT_OID_INFO_NO_SIGN_ALGORITHM L"CryptOIDInfoNoSign" +#define CRYPT_OID_INFO_OAEP_PARAMETERS_ALGORITHM L"CryptOIDInfoOAEPParameters" +#define CRYPT_OID_INFO_ECC_WRAP_PARAMETERS_ALGORITHM L"CryptOIDInfoECCWrapParameters" +#define CRYPT_OID_INFO_NO_PARAMETERS_ALGORITHM L"CryptOIDInfoNoParameters" +#else +static const WCHAR CRYPT_OID_INFO_HASH_PARAMETERS_ALGORITHM[] = {'C','r','y','p','t','O','I','D','I','n','f','o','H','a','s','h','P','a','r','a','m','e','t','e','r','s',0}; +static const WCHAR CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM[] = {'C','r','y','p','t','O','I','D','I','n','f','o','E','C','C','P','a','r','a','m','e','t','e','r','s',0}; +static const WCHAR CRYPT_OID_INFO_MGF1_PARAMETERS_ALGORITHM[] = {'C','r','y','p','t','O','I','D','I','n','f','o','M','g','f','1','P','a','r','a','m','e','t','e','r','s',0}; +static const WCHAR CRYPT_OID_INFO_NO_SIGN_ALGORITHM[] = {'C','r','y','p','t','O','I','D','I','n','f','o','N','o','S','i','g','n',0}; +static const WCHAR CRYPT_OID_INFO_OAEP_PARAMETERS_ALGORITHM[] = {'C','r','y','p','t','O','I','D','I','n','f','o','O','A','E','P','P','a','r','a','m','e','t','e','r','s',0}; +static const WCHAR CRYPT_OID_INFO_ECC_WRAP_PARAMETERS_ALGORITHM[] = {'C','r','y','p','t','O','I','D','I','n','f','o','E','C','C','W','r','a','p','P','a','r','a','m','e','t','e','r','s',0}; +static const WCHAR CRYPT_OID_INFO_NO_PARAMETERS_ALGORITHM[] = {'C','r','y','p','t','O','I','D','I','n','f','o','N','o','P','a','r','a','m','e','t','e','r','s',0}; +#endif + typedef struct _CRYPT_OID_INFO { DWORD cbSize; LPCSTR pszOID; @@ -1376,6 +1410,10 @@ typedef struct _CRYPT_OID_INFO { DWORD dwLength; } DUMMYUNIONNAME; CRYPT_DATA_BLOB ExtraInfo; +#ifdef CRYPT_OID_INFO_HAS_EXTRA_FIELDS + LPCWSTR pwszCNGAlgid; + LPCWSTR pwszCNGExtraAlgid; +#endif } CRYPT_OID_INFO, *PCRYPT_OID_INFO; typedef const CRYPT_OID_INFO CCRYPT_OID_INFO, *PCCRYPT_OID_INFO; @@ -2191,6 +2229,12 @@ static const WCHAR MS_ENH_RSA_AES_PROV_XP_W[] = { 'M','i','c','r','o','s','o','f #define CRYPTPROTECT_AUDIT 0x0010 #define CRYPTPROTECT_VERIFY_PROTECTION 0x0040 +/* Crypt{Protect,Unprotect}Memory */ +#define CRYPTPROTECTMEMORY_BLOCK_SIZE 16 +#define CRYPTPROTECTMEMORY_SAME_PROCESS 0x0000 +#define CRYPTPROTECTMEMORY_CROSS_PROCESS 0x0001 +#define CRYPTPROTECTMEMORY_SAME_LOGON 0x0002 + /* Blob Types */ #define SIMPLEBLOB 0x1 #define PUBLICKEYBLOB 0x6 @@ -3014,6 +3058,12 @@ typedef struct _CTL_FIND_SUBJECT_PARA #define szOID_X957 "1.2.840.10040" #define szOID_X957_DSA "1.2.840.10040.4.1" #define szOID_X957_SHA1DSA "1.2.840.10040.4.3" +#define szOID_ECC_PUBLIC_KEY "1.2.840.10045.2.1" +#define szOID_ECC_CURVE_P256 "1.2.840.10045.3.1.7" +#define szOID_ECDSA_SPECIFIED "1.2.840.10045.4.3" +#define szOID_ECDSA_SHA256 "1.2.840.10045.4.3.2" +#define szOID_ECDSA_SHA384 "1.2.840.10045.4.3.3" +#define szOID_ECDSA_SHA512 "1.2.840.10045.4.3.4" #define szOID_DS "2.5" #define szOID_DSALG "2.5.8" #define szOID_DSALG_CRPT "2.5.8.1" @@ -3055,6 +3105,8 @@ typedef struct _CTL_FIND_SUBJECT_PARA #define szOID_OIWDIR_SIGN "1.3.14.7.2.3" #define szOID_OIWDIR_md2 "1.3.14.7.2.2.1" #define szOID_OIWDIR_md2RSA "1.3.14.7.2.3.1" +#define szOID_ECC_CURVE_P384 "1.3.132.0.34" +#define szOID_ECC_CURVE_P521 "1.3.132.0.35" #define szOID_INFOSEC "2.16.840.1.101.2.1" #define szOID_INFOSEC_sdnsSignature "2.16.840.1.101.2.1.1.1" #define szOID_INFOSEC_mosaicSignature "2.16.840.1.101.2.1.1.2" @@ -3360,6 +3412,7 @@ typedef struct _CTL_FIND_SUBJECT_PARA #define X509_PKIX_POLICY_QUALIFIER_USERNOTICE ((LPCSTR)46) #define X509_DH_PUBLICKEY X509_MULTI_BYTE_UINT #define X509_DH_PARAMETERS ((LPCSTR)47) +#define X509_ECC_SIGNATURE ((LPCSTR)47) #define PKCS_ATTRIBUTES ((LPCSTR)48) #define PKCS_SORTED_CTL ((LPCSTR)49) #define X942_DH_PARAMETERS ((LPCSTR)50) @@ -3377,6 +3430,7 @@ typedef struct _CTL_FIND_SUBJECT_PARA #define CMC_ADD_EXTENSIONS ((LPCSTR)62) #define CMC_ADD_ATTRIBUTES ((LPCSTR)63) #define X509_CERTIFICATE_TEMPLATE ((LPCSTR)64) +#define X509_OBJECT_IDENTIFIER ((LPCSTR)73) #define PKCS7_SIGNER_INFO ((LPCSTR)500) #define CMS_SIGNER_INFO ((LPCSTR)501) @@ -4710,6 +4764,20 @@ CertEnumSystemStore( _Inout_opt_ void *pvArg, __callback PFN_CERT_ENUM_SYSTEM_STORE pfnEnum); +BOOL +WINAPI +CertRegisterSystemStore( + _In_ const void *pvSystemStore, + _In_ DWORD dwFlags, + _In_opt_ PCERT_SYSTEM_STORE_INFO pStoreInfo, + _Reserved_ void *pvReserved); + +BOOL +WINAPI +CertUnregisterSystemStore( + _In_ const void *pvSystemStore, + _In_ DWORD dwFlags); + BOOL WINAPI CertEnumPhysicalStore(