Commit 5f3cd853 authored by Paul Gofman's avatar Paul Gofman Committed by Alexandre Julliard

crypt32: Support MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG.

parent 6f9cc9a0
...@@ -3696,6 +3696,44 @@ static BYTE msPubKey4[] = { ...@@ -3696,6 +3696,44 @@ static BYTE msPubKey4[] = {
0xa6,0xc6,0x48,0x4c,0xc3,0x37,0x51,0x23,0xd3,0x27,0xd7,0xb8,0x4e,0x70,0x96, 0xa6,0xc6,0x48,0x4c,0xc3,0x37,0x51,0x23,0xd3,0x27,0xd7,0xb8,0x4e,0x70,0x96,
0xf0,0xa1,0x44,0x76,0xaf,0x78,0xcf,0x9a,0xe1,0x66,0x13,0x02,0x03,0x01,0x00, 0xf0,0xa1,0x44,0x76,0xaf,0x78,0xcf,0x9a,0xe1,0x66,0x13,0x02,0x03,0x01,0x00,
0x01 }; 0x01 };
/* from Microsoft Root Certificate Authority 2011 */
static BYTE msPubKey5[] = {
0x30,0x82,0x02,0x0a,0x02,0x82,0x02,0x01,0x00,0xb2,0x80,0x41,0xaa,0x35,0x38,
0x4d,0x13,0x72,0x32,0x68,0x22,0x4d,0xb8,0xb2,0xf1,0xff,0xd5,0x52,0xbc,0x6c,
0xc7,0xf5,0xd2,0x4a,0x8c,0x36,0xee,0xd1,0xc2,0x5c,0x7e,0x8c,0x8a,0xae,0xaf,
0x13,0x28,0x6f,0xc0,0x73,0xe3,0x3a,0xce,0xd0,0x25,0xa8,0x5a,0x3a,0x6d,0xef,
0xa8,0xb8,0x59,0xab,0x13,0x23,0x68,0xcd,0x0c,0x29,0x87,0xd1,0x6f,0x80,0x5c,
0x8f,0x44,0x7f,0x5d,0x90,0x01,0x52,0x58,0xac,0x51,0xc5,0x5f,0x2a,0x87,0xdc,
0xdc,0xd8,0x0a,0x1d,0xc1,0x03,0xb9,0x7b,0xb0,0x56,0xe8,0xa3,0xde,0x64,0x61,
0xc2,0x9e,0xf8,0xf3,0x7c,0xb9,0xec,0x0d,0xb5,0x54,0xfe,0x4c,0xb6,0x65,0x4f,
0x88,0xf0,0x9c,0x48,0x99,0x0c,0x42,0x0b,0x09,0x7c,0x31,0x59,0x17,0x79,0x06,
0x78,0x28,0x8d,0x89,0x3a,0x4c,0x03,0x25,0xbe,0x71,0x6a,0x5c,0x0b,0xe7,0x84,
0x60,0xa4,0x99,0x22,0xe3,0xd2,0xaf,0x84,0xa4,0xa7,0xfb,0xd1,0x98,0xed,0x0c,
0xa9,0xde,0x94,0x89,0xe1,0x0e,0xa0,0xdc,0xc0,0xce,0x99,0x3d,0xea,0x08,0x52,
0xbb,0x56,0x79,0xe4,0x1f,0x84,0xba,0x1e,0xb8,0xb4,0xc4,0x49,0x5c,0x4f,0x31,
0x4b,0x87,0xdd,0xdd,0x05,0x67,0x26,0x99,0x80,0xe0,0x71,0x11,0xa3,0xb8,0xa5,
0x41,0xe2,0xa4,0x53,0xb9,0xf7,0x32,0x29,0x83,0x0c,0x13,0xbf,0x36,0x5e,0x04,
0xb3,0x4b,0x43,0x47,0x2f,0x6b,0xe2,0x91,0x1e,0xd3,0x98,0x4f,0xdd,0x42,0x07,
0xc8,0xe8,0x1d,0x12,0xfc,0x99,0xa9,0x6b,0x3e,0x92,0x7e,0xc8,0xd6,0x69,0x3a,
0xfc,0x64,0xbd,0xb6,0x09,0x9d,0xca,0xfd,0x0c,0x0b,0xa2,0x9b,0x77,0x60,0x4b,
0x03,0x94,0xa4,0x30,0x69,0x12,0xd6,0x42,0x2d,0xc1,0x41,0x4c,0xca,0xdc,0xaa,
0xfd,0x8f,0x5b,0x83,0x46,0x9a,0xd9,0xfc,0xb1,0xd1,0xe3,0xb3,0xc9,0x7f,0x48,
0x7a,0xcd,0x24,0xf0,0x41,0x8f,0x5c,0x74,0xd0,0xac,0xb0,0x10,0x20,0x06,0x49,
0xb7,0xc7,0x2d,0x21,0xc8,0x57,0xe3,0xd0,0x86,0xf3,0x03,0x68,0xfb,0xd0,0xce,
0x71,0xc1,0x89,0x99,0x4a,0x64,0x01,0x6c,0xfd,0xec,0x30,0x91,0xcf,0x41,0x3c,
0x92,0xc7,0xe5,0xba,0x86,0x1d,0x61,0x84,0xc7,0x5f,0x83,0x39,0x62,0xae,0xb4,
0x92,0x2f,0x47,0xf3,0x0b,0xf8,0x55,0xeb,0xa0,0x1f,0x59,0xd0,0xbb,0x74,0x9b,
0x1e,0xd0,0x76,0xe6,0xf2,0xe9,0x06,0xd7,0x10,0xe8,0xfa,0x64,0xde,0x69,0xc6,
0x35,0x96,0x88,0x02,0xf0,0x46,0xb8,0x3f,0x27,0x99,0x6f,0xcb,0x71,0x89,0x29,
0x35,0xf7,0x48,0x16,0x02,0x35,0x8f,0xd5,0x79,0x7c,0x4d,0x02,0xcf,0x5f,0xeb,
0x8a,0x83,0x4f,0x45,0x71,0x88,0xf9,0xa9,0x0d,0x4e,0x72,0xe9,0xc2,0x9c,0x07,
0xcf,0x49,0x1b,0x4e,0x04,0x0e,0x63,0x51,0x8c,0x5e,0xd8,0x00,0xc1,0x55,0x2c,
0xb6,0xc6,0xe0,0xc2,0x65,0x4e,0xc9,0x34,0x39,0xf5,0x9c,0xb3,0xc4,0x7e,0xe8,
0x61,0x6e,0x13,0x5f,0x15,0xc4,0x5f,0xd9,0x7e,0xed,0x1d,0xce,0xee,0x44,0xec,
0xcb,0x2e,0x86,0xb1,0xec,0x38,0xf6,0x70,0xed,0xab,0x5c,0x13,0xc1,0xd9,0x0f,
0x0d,0xc7,0x80,0xb2,0x55,0xed,0x34,0xf7,0xac,0x9b,0xe4,0xc3,0xda,0xe7,0x47,
0x3c,0xa6,0xb5,0x8f,0x31,0xdf,0xc5,0x4b,0xaf,0xeb,0xf1,0x02,0x03,0x01,0x00,
0x01 };
static BOOL WINAPI verify_ms_root_policy(LPCSTR szPolicyOID, static BOOL WINAPI verify_ms_root_policy(LPCSTR szPolicyOID,
PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
...@@ -3705,21 +3743,38 @@ static BOOL WINAPI verify_ms_root_policy(LPCSTR szPolicyOID, ...@@ -3705,21 +3743,38 @@ static BOOL WINAPI verify_ms_root_policy(LPCSTR szPolicyOID,
CERT_PUBLIC_KEY_INFO msPubKey = { { 0 } }; CERT_PUBLIC_KEY_INFO msPubKey = { { 0 } };
DWORD i; DWORD i;
CRYPT_DATA_BLOB keyBlobs[] = { static const CRYPT_DATA_BLOB keyBlobs[] = {
{ sizeof(msPubKey1), msPubKey1 }, { sizeof(msPubKey1), msPubKey1 },
{ sizeof(msPubKey2), msPubKey2 }, { sizeof(msPubKey2), msPubKey2 },
{ sizeof(msPubKey3), msPubKey3 }, { sizeof(msPubKey3), msPubKey3 },
{ sizeof(msPubKey4), msPubKey4 }, { sizeof(msPubKey4), msPubKey4 },
}; };
static const CRYPT_DATA_BLOB keyBlobs_approot[] = {
{ sizeof(msPubKey5), msPubKey5 },
};
PCERT_SIMPLE_CHAIN rootChain = PCERT_SIMPLE_CHAIN rootChain =
pChainContext->rgpChain[pChainContext->cChain - 1]; pChainContext->rgpChain[pChainContext->cChain - 1];
PCCERT_CONTEXT root = PCCERT_CONTEXT root =
rootChain->rgpElement[rootChain->cElement - 1]->pCertContext; rootChain->rgpElement[rootChain->cElement - 1]->pCertContext;
for (i = 0; !isMSRoot && i < ARRAY_SIZE(keyBlobs); i++) const CRYPT_DATA_BLOB *keys;
unsigned int key_count;
if (pPolicyPara && pPolicyPara->dwFlags & MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG)
{
keys = keyBlobs_approot;
key_count = ARRAY_SIZE(keyBlobs_approot);
}
else
{
keys = keyBlobs;
key_count = ARRAY_SIZE(keyBlobs);
}
for (i = 0; !isMSRoot && i < key_count; i++)
{ {
msPubKey.PublicKey.cbData = keyBlobs[i].cbData; msPubKey.PublicKey.cbData = keys[i].cbData;
msPubKey.PublicKey.pbData = keyBlobs[i].pbData; msPubKey.PublicKey.pbData = keys[i].pbData;
if (CertComparePublicKeyInfo(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, if (CertComparePublicKeyInfo(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
&root->pCertInfo->SubjectPublicKeyInfo, &msPubKey)) isMSRoot = TRUE; &root->pCertInfo->SubjectPublicKeyInfo, &msPubKey)) isMSRoot = TRUE;
} }
......
...@@ -4958,6 +4958,13 @@ static const ChainPolicyCheck msRootPolicyCheck[] = { ...@@ -4958,6 +4958,13 @@ static const ChainPolicyCheck msRootPolicyCheck[] = {
{ 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, NULL, 0 }, { 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, NULL, 0 },
}; };
static const ChainPolicyCheck msRootPolicyCheck_approot[] = {
{ { ARRAY_SIZE(chain32), chain32 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 2, NULL }, NULL, TODO_ELEMENTS },
{ { ARRAY_SIZE(chain33), chain33 },
{ 0, 0, 0, 0, NULL }, NULL, 0 },
};
static const char *num_to_str(WORD num) static const char *num_to_str(WORD num)
{ {
static char buf[6]; static char buf[6];
...@@ -5295,8 +5302,16 @@ static void check_ssl_policy(void) ...@@ -5295,8 +5302,16 @@ static void check_ssl_policy(void)
static void check_msroot_policy(void) static void check_msroot_policy(void)
{ {
CERT_CHAIN_POLICY_PARA para;
CHECK_CHAIN_POLICY_STATUS_ARRAY(CERT_CHAIN_POLICY_MICROSOFT_ROOT, NULL, CHECK_CHAIN_POLICY_STATUS_ARRAY(CERT_CHAIN_POLICY_MICROSOFT_ROOT, NULL,
msRootPolicyCheck, &may2020, NULL); msRootPolicyCheck, &may2020, NULL);
para.cbSize = sizeof(para);
para.pvExtraPolicyPara = NULL;
para.dwFlags = MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG;
CHECK_CHAIN_POLICY_STATUS_ARRAY(CERT_CHAIN_POLICY_MICROSOFT_ROOT, NULL,
msRootPolicyCheck_approot, &may2020, &para);
} }
static void testVerifyCertChainPolicy(void) static void testVerifyCertChainPolicy(void)
......
...@@ -1086,6 +1086,7 @@ typedef struct _CERT_CHAIN_POLICY_STATUS { ...@@ -1086,6 +1086,7 @@ typedef struct _CERT_CHAIN_POLICY_STATUS {
#define CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG 0x00004000 #define CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG 0x00004000
#define CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG 0x00008000 #define CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG 0x00008000
#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG 0x00010000 #define MICROSOFT_ROOT_CERT_CHAIN_POLICY_ENABLE_TEST_ROOT_FLAG 0x00010000
#define MICROSOFT_ROOT_CERT_CHAIN_POLICY_CHECK_APPLICATION_ROOT_FLAG 0x00020000
typedef struct _AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA { typedef struct _AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA {
DWORD cbSize; DWORD cbSize;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment