📄 cert.c
字号:
pcbComputedHash, 0);
CryptDestroyHash(hHash);
}
LocalFree(buf);
}
}
return ret;
}
BOOL WINAPI CryptSignCertificate(HCRYPTPROV hCryptProv, DWORD dwKeySpec,
DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned,
DWORD cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
const void *pvHashAuxInfo, BYTE *pbSignature, DWORD *pcbSignature)
{
BOOL ret;
PCCRYPT_OID_INFO info;
HCRYPTHASH hHash;
TRACE("(%08lx, %d, %d, %p, %d, %p, %p, %p, %p)\n", hCryptProv,
dwKeySpec, dwCertEncodingType, pbEncodedToBeSigned, cbEncodedToBeSigned,
pSignatureAlgorithm, pvHashAuxInfo, pbSignature, pcbSignature);
info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
pSignatureAlgorithm->pszObjId, 0);
if (!info)
{
SetLastError(NTE_BAD_ALGID);
return FALSE;
}
if (info->dwGroupId == CRYPT_HASH_ALG_OID_GROUP_ID)
{
if (!hCryptProv)
hCryptProv = CRYPT_GetDefaultProvider();
ret = CryptCreateHash(hCryptProv, info->u.Algid, 0, 0, &hHash);
if (ret)
{
ret = CryptHashData(hHash, pbEncodedToBeSigned,
cbEncodedToBeSigned, 0);
if (ret)
ret = CryptGetHashParam(hHash, HP_HASHVAL, pbSignature,
pcbSignature, 0);
CryptDestroyHash(hHash);
}
}
else
{
if (!hCryptProv)
{
SetLastError(ERROR_INVALID_PARAMETER);
ret = FALSE;
}
else
{
ret = CryptCreateHash(hCryptProv, info->u.Algid, 0, 0, &hHash);
if (ret)
{
ret = CryptHashData(hHash, pbEncodedToBeSigned,
cbEncodedToBeSigned, 0);
if (ret)
ret = CryptSignHashW(hHash, dwKeySpec, NULL, 0, pbSignature,
pcbSignature);
CryptDestroyHash(hHash);
}
}
}
return ret;
}
BOOL WINAPI CryptSignAndEncodeCertificate(HCRYPTPROV hCryptProv,
DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType,
const void *pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
const void *pvHashAuxInfo, PBYTE pbEncoded, DWORD *pcbEncoded)
{
BOOL ret;
DWORD encodedSize, hashSize;
TRACE("(%08lx, %d, %d, %s, %p, %p, %p, %p, %p)\n", hCryptProv, dwKeySpec,
dwCertEncodingType, debugstr_a(lpszStructType), pvStructInfo,
pSignatureAlgorithm, pvHashAuxInfo, pbEncoded, pcbEncoded);
ret = CryptEncodeObject(dwCertEncodingType, lpszStructType, pvStructInfo,
NULL, &encodedSize);
if (ret)
{
PBYTE encoded = CryptMemAlloc(encodedSize);
if (encoded)
{
ret = CryptEncodeObject(dwCertEncodingType, lpszStructType,
pvStructInfo, encoded, &encodedSize);
if (ret)
{
ret = CryptSignCertificate(hCryptProv, dwKeySpec,
dwCertEncodingType, encoded, encodedSize, pSignatureAlgorithm,
pvHashAuxInfo, NULL, &hashSize);
if (ret)
{
PBYTE hash = CryptMemAlloc(hashSize);
if (hash)
{
ret = CryptSignCertificate(hCryptProv, dwKeySpec,
dwCertEncodingType, encoded, encodedSize,
pSignatureAlgorithm, pvHashAuxInfo, hash, &hashSize);
if (ret)
{
CERT_SIGNED_CONTENT_INFO info = { { 0 } };
info.ToBeSigned.cbData = encodedSize;
info.ToBeSigned.pbData = encoded;
memcpy(&info.SignatureAlgorithm,
pSignatureAlgorithm,
sizeof(info.SignatureAlgorithm));
info.Signature.cbData = hashSize;
info.Signature.pbData = hash;
info.Signature.cUnusedBits = 0;
ret = CryptEncodeObject(dwCertEncodingType,
X509_CERT, &info, pbEncoded, pcbEncoded);
}
CryptMemFree(hash);
}
}
}
CryptMemFree(encoded);
}
}
return ret;
}
BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV hCryptProv,
DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
PCERT_PUBLIC_KEY_INFO pPublicKey)
{
return CryptVerifyCertificateSignatureEx(hCryptProv, dwCertEncodingType,
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, (void *)pbEncoded,
CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL);
}
static BOOL CRYPT_VerifyCertSignatureFromPublicKeyInfo(HCRYPTPROV hCryptProv,
DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo,
const CERT_SIGNED_CONTENT_INFO *signedCert)
{
BOOL ret;
HCRYPTKEY key;
PCCRYPT_OID_INFO info;
ALG_ID pubKeyID, hashID;
info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
pubKeyInfo->Algorithm.pszObjId, 0);
if (!info || (info->dwGroupId != CRYPT_PUBKEY_ALG_OID_GROUP_ID &&
info->dwGroupId != CRYPT_SIGN_ALG_OID_GROUP_ID))
{
SetLastError(NTE_BAD_ALGID);
return FALSE;
}
if (info->dwGroupId == CRYPT_PUBKEY_ALG_OID_GROUP_ID)
{
switch (info->u.Algid)
{
case CALG_RSA_KEYX:
pubKeyID = CALG_RSA_SIGN;
hashID = CALG_SHA1;
break;
case CALG_RSA_SIGN:
pubKeyID = CALG_RSA_SIGN;
hashID = CALG_SHA1;
break;
default:
FIXME("unimplemented for %s\n", pubKeyInfo->Algorithm.pszObjId);
return FALSE;
}
}
else
{
hashID = info->u.Algid;
if (info->ExtraInfo.cbData >= sizeof(ALG_ID))
pubKeyID = *(ALG_ID *)info->ExtraInfo.pbData;
else
pubKeyID = hashID;
}
/* Load the default provider if necessary */
if (!hCryptProv)
hCryptProv = CRYPT_GetDefaultProvider();
ret = CryptImportPublicKeyInfoEx(hCryptProv, dwCertEncodingType,
pubKeyInfo, pubKeyID, 0, NULL, &key);
if (ret)
{
HCRYPTHASH hash;
ret = CryptCreateHash(hCryptProv, hashID, 0, 0, &hash);
if (ret)
{
ret = CryptHashData(hash, signedCert->ToBeSigned.pbData,
signedCert->ToBeSigned.cbData, 0);
if (ret)
ret = CryptVerifySignatureW(hash, signedCert->Signature.pbData,
signedCert->Signature.cbData, key, NULL, 0);
CryptDestroyHash(hash);
}
CryptDestroyKey(key);
}
return ret;
}
BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV hCryptProv,
DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
{
BOOL ret = TRUE;
CRYPT_DATA_BLOB subjectBlob;
TRACE("(%08lx, %d, %d, %p, %d, %p, %08x, %p)\n", hCryptProv,
dwCertEncodingType, dwSubjectType, pvSubject, dwIssuerType, pvIssuer,
dwFlags, pvReserved);
switch (dwSubjectType)
{
case CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB:
{
PCRYPT_DATA_BLOB blob = (PCRYPT_DATA_BLOB)pvSubject;
subjectBlob.pbData = blob->pbData;
subjectBlob.cbData = blob->cbData;
break;
}
case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT:
{
PCERT_CONTEXT context = (PCERT_CONTEXT)pvSubject;
subjectBlob.pbData = context->pbCertEncoded;
subjectBlob.cbData = context->cbCertEncoded;
break;
}
case CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL:
{
PCRL_CONTEXT context = (PCRL_CONTEXT)pvSubject;
subjectBlob.pbData = context->pbCrlEncoded;
subjectBlob.cbData = context->cbCrlEncoded;
break;
}
default:
SetLastError(E_INVALIDARG);
ret = FALSE;
}
if (ret)
{
PCERT_SIGNED_CONTENT_INFO signedCert = NULL;
DWORD size = 0;
ret = CryptDecodeObjectEx(dwCertEncodingType, X509_CERT,
subjectBlob.pbData, subjectBlob.cbData,
CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
(BYTE *)&signedCert, &size);
if (ret)
{
switch (dwIssuerType)
{
case CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY:
ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
dwCertEncodingType, (PCERT_PUBLIC_KEY_INFO)pvIssuer,
signedCert);
break;
case CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT:
ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
dwCertEncodingType,
&((PCCERT_CONTEXT)pvIssuer)->pCertInfo->SubjectPublicKeyInfo,
signedCert);
break;
case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN:
FIXME("CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN: stub\n");
ret = FALSE;
break;
case CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL:
if (pvIssuer)
{
SetLastError(E_INVALIDARG);
ret = FALSE;
}
else
{
FIXME("unimplemented for NULL signer\n");
SetLastError(E_INVALIDARG);
ret = FALSE;
}
break;
default:
SetLastError(E_INVALIDARG);
ret = FALSE;
}
LocalFree(signedCert);
}
}
return ret;
}
BOOL WINAPI CertGetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext, DWORD dwFlags,
PCERT_ENHKEY_USAGE pUsage, DWORD *pcbUsage)
{
PCERT_ENHKEY_USAGE usage = NULL;
DWORD bytesNeeded;
BOOL ret = TRUE;
if (!pCertContext || !pcbUsage)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
TRACE("(%p, %08x, %p, %d)\n", pCertContext, dwFlags, pUsage, *pcbUsage);
if (!(dwFlags & CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG))
{
DWORD propSize = 0;
if (CertGetCertificateContextProperty(pCertContext,
CERT_ENHKEY_USAGE_PROP_ID, NULL, &propSize))
{
LPBYTE buf = CryptMemAlloc(propSize);
if (buf)
{
if (CertGetCertificateContextProperty(pCertContext,
CERT_ENHKEY_USAGE_PROP_ID, buf, &propSize))
{
ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
X509_ENHANCED_KEY_USAGE, buf, propSize,
CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
}
CryptMemFree(buf);
}
}
}
if (!usage && !(dwFlags & CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG))
{
PCERT_EXTENSION ext = CertFindExtension(szOID_ENHANCED_KEY_USAGE,
pCertContext->pCertInfo->cExtension,
pCertContext->pCertInfo->rgExtension);
if (ext)
{
ret = CryptDecodeObjectEx(pCertContext->dwCertEncodingType,
X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData,
CRYPT_ENCODE_ALLOC_FLAG, NULL, &usage, &bytesNeeded);
}
}
if (!usage)
{
/* If a particular location is specified, this should fail. Otherwise
* it should succeed with an empty usage. (This is true on Win2k and
* later, which we emulate.)
*/
if (dwFlags)
{
SetLastError(CRYPT_E_NOT_FOUND);
ret = FALSE;
}
else
bytesNeeded = sizeof(CERT_ENHKEY_USAGE);
}
if (ret)
{
if (!pUsage)
*pcbUsage = bytesNeeded;
else if (*pcbUsage < bytesNeeded)
{
SetLastError(ERROR_MORE_DATA);
*pcbUsage = bytesNeeded;
ret = FALSE;
}
else
{
*pcbUsage = bytesNeeded;
if (usage)
{
DWORD i;
LPSTR nextOID = (LPSTR)((LPBYTE)pUsage +
sizeof(CERT_ENHKEY_USAGE) +
usage->cUsageIdentifier * sizeof(LPSTR));
pUsage->cUsageIdentifier = usage->cUsageIdentifier;
pUsage->rgpszUsageIdentifier = (LPSTR *)((LPBYTE)pUsage +
sizeof(CERT_ENHKEY_USAGE));
for (i = 0; i < usage->cUsageIdentifier; i++)
{
pUsage->rgpszUsageIdentifier[i] = nextOID;
strcpy(nextOID, usage->rgpszUsageIdentifier[i]);
nextOID += strlen(nextOID) + 1;
}
}
else
pUsage->cUsageIdentifier = 0;
}
}
if (usage)
LocalFree(usage);
TRACE("returning %d\n", ret);
return ret;
}
BOOL WINAPI CertSetEnhancedKeyUsage(PCCERT_CONTEXT pCertContext,
PCERT_ENHKEY_USAGE pUsage)
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -