Commit 68fceb5e authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

wintrust: Get time to verify from cryptographic message when present.

parent a4c1b341
...@@ -24,6 +24,7 @@ ...@@ -24,6 +24,7 @@
#include "wintrust.h" #include "wintrust.h"
#include "mssip.h" #include "mssip.h"
#include "softpub.h" #include "softpub.h"
#include "winnls.h"
#include "wine/debug.h" #include "wine/debug.h"
WINE_DEFAULT_DEBUG_CHANNEL(wintrust); WINE_DEFAULT_DEBUG_CHANNEL(wintrust);
...@@ -469,6 +470,98 @@ static CMSG_SIGNER_INFO *WINTRUST_GetSigner(CRYPT_PROVIDER_DATA *data, ...@@ -469,6 +470,98 @@ static CMSG_SIGNER_INFO *WINTRUST_GetSigner(CRYPT_PROVIDER_DATA *data,
return signerInfo; return signerInfo;
} }
static BOOL WINTRUST_GetTimeFromCounterSigner(
const CMSG_CMS_SIGNER_INFO *counterSignerInfo, FILETIME *time)
{
DWORD i;
BOOL foundTimeStamp = FALSE;
for (i = 0; !foundTimeStamp && i < counterSignerInfo->AuthAttrs.cAttr; i++)
{
if (!strcmp(counterSignerInfo->AuthAttrs.rgAttr[i].pszObjId,
szOID_RSA_signingTime))
{
const CRYPT_ATTRIBUTE *attr =
&counterSignerInfo->AuthAttrs.rgAttr[i];
DWORD j;
for (j = 0; !foundTimeStamp && j < attr->cValue; j++)
{
static const DWORD encoding = X509_ASN_ENCODING |
PKCS_7_ASN_ENCODING;
DWORD size = sizeof(FILETIME);
foundTimeStamp = CryptDecodeObjectEx(encoding,
X509_CHOICE_OF_TIME,
attr->rgValue[j].pbData, attr->rgValue[j].cbData, 0, NULL,
time, &size);
}
}
}
return foundTimeStamp;
}
static LPCSTR filetime_to_str(const FILETIME *time)
{
static char date[80];
char dateFmt[80]; /* sufficient for all versions of LOCALE_SSHORTDATE */
SYSTEMTIME sysTime;
if (!time) return NULL;
GetLocaleInfoA(LOCALE_SYSTEM_DEFAULT, LOCALE_SSHORTDATE, dateFmt,
sizeof(dateFmt) / sizeof(dateFmt[0]));
FileTimeToSystemTime(time, &sysTime);
GetDateFormatA(LOCALE_SYSTEM_DEFAULT, 0, &sysTime, dateFmt, date,
sizeof(date) / sizeof(date[0]));
return date;
}
static FILETIME WINTRUST_GetTimeFromSigner(const CRYPT_PROVIDER_DATA *data,
const CMSG_SIGNER_INFO *signerInfo)
{
DWORD i;
FILETIME time;
BOOL foundTimeStamp = FALSE;
for (i = 0; !foundTimeStamp && i < signerInfo->UnauthAttrs.cAttr; i++)
{
if (!strcmp(signerInfo->UnauthAttrs.rgAttr[i].pszObjId,
szOID_RSA_counterSign))
{
const CRYPT_ATTRIBUTE *attr = &signerInfo->UnauthAttrs.rgAttr[i];
DWORD j;
for (j = 0; j < attr->cValue; j++)
{
static const DWORD encoding = X509_ASN_ENCODING |
PKCS_7_ASN_ENCODING;
CMSG_CMS_SIGNER_INFO *counterSignerInfo;
DWORD size;
BOOL ret = CryptDecodeObjectEx(encoding, CMS_SIGNER_INFO,
attr->rgValue[j].pbData, attr->rgValue[j].cbData,
CRYPT_DECODE_ALLOC_FLAG, NULL, &counterSignerInfo, &size);
if (ret)
{
/* FIXME: need to verify countersigner signature too */
foundTimeStamp = WINTRUST_GetTimeFromCounterSigner(
counterSignerInfo, &time);
LocalFree(counterSignerInfo);
}
}
}
}
if (!foundTimeStamp)
{
TRACE("returning system time %s\n",
filetime_to_str(&data->sftSystemTime));
time = data->sftSystemTime;
}
else
TRACE("returning time from message %s\n", filetime_to_str(&time));
return time;
}
static DWORD WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx) static DWORD WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
{ {
DWORD err; DWORD err;
...@@ -479,7 +572,7 @@ static DWORD WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx) ...@@ -479,7 +572,7 @@ static DWORD WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
CRYPT_PROVIDER_SGNR sgnr = { sizeof(sgnr), { 0 } }; CRYPT_PROVIDER_SGNR sgnr = { sizeof(sgnr), { 0 } };
sgnr.psSigner = signerInfo; sgnr.psSigner = signerInfo;
sgnr.sftVerifyAsOf = data->sftSystemTime; sgnr.sftVerifyAsOf = WINTRUST_GetTimeFromSigner(data, signerInfo);
if (!data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr)) if (!data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr))
err = GetLastError(); err = GetLastError();
else else
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment