Skip to content

W
wine-winehq
Commit 5f06293e authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard
Browse files
Options

crypt32: Implement CertVerifyCertificateChainPolicy for the authenticode policy.

parent b56f0c5b
Hide whitespace changes
Inline Side-by-side
Showing with 75 additions and 30 deletions
dlls/crypt32/chain.c
View file @ 5f06293e
...@@ -1069,6 +1069,63 @@ static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID, ...@@ -1069,6 +1069,63 @@ static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID,
return TRUE; return TRUE;
} }
static BYTE msTestPubKey1[] = {
0x30,0x47,0x02,0x40,0x81,0x55,0x22,0xb9,0x8a,0xa4,0x6f,0xed,0xd6,0xe7,0xd9,
0x66,0x0f,0x55,0xbc,0xd7,0xcd,0xd5,0xbc,0x4e,0x40,0x02,0x21,0xa2,0xb1,0xf7,
0x87,0x30,0x85,0x5e,0xd2,0xf2,0x44,0xb9,0xdc,0x9b,0x75,0xb6,0xfb,0x46,0x5f,
0x42,0xb6,0x9d,0x23,0x36,0x0b,0xde,0x54,0x0f,0xcd,0xbd,0x1f,0x99,0x2a,0x10,
0x58,0x11,0xcb,0x40,0xcb,0xb5,0xa7,0x41,0x02,0x03,0x01,0x00,0x01 };
static BYTE msTestPubKey2[] = {
0x30,0x48,0x02,0x41,0x00,0x81,0x55,0x22,0xb9,0x8a,0xa4,0x6f,0xed,0xd6,0xe7,
0xd9,0x66,0x0f,0x55,0xbc,0xd7,0xcd,0xd5,0xbc,0x4e,0x40,0x02,0x21,0xa2,0xb1,
0xf7,0x87,0x30,0x85,0x5e,0xd2,0xf2,0x44,0xb9,0xdc,0x9b,0x75,0xb6,0xfb,0x46,
0x5f,0x42,0xb6,0x9d,0x23,0x36,0x0b,0xde,0x54,0x0f,0xcd,0xbd,0x1f,0x99,0x2a,
0x10,0x58,0x11,0xcb,0x40,0xcb,0xb5,0xa7,0x41,0x02,0x03,0x01,0x00,0x01 };
static BYTE msTestPubKey3[] = {
0x30,0x47,0x02,0x40,0x9c,0x50,0x05,0x1d,0xe2,0x0e,0x4c,0x53,0xd8,0xd9,0xb5,
0xe5,0xfd,0xe9,0xe3,0xad,0x83,0x4b,0x80,0x08,0xd9,0xdc,0xe8,0xe8,0x35,0xf8,
0x11,0xf1,0xe9,0x9b,0x03,0x7a,0x65,0x64,0x76,0x35,0xce,0x38,0x2c,0xf2,0xb6,
0x71,0x9e,0x06,0xd9,0xbf,0xbb,0x31,0x69,0xa3,0xf6,0x30,0xa0,0x78,0x7b,0x18,
0xdd,0x50,0x4d,0x79,0x1e,0xeb,0x61,0xc1,0x02,0x03,0x01,0x00,0x01 };
static BOOL WINAPI verify_authenticode_policy(LPCSTR szPolicyOID,
PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
{
BOOL ret = verify_base_policy(szPolicyOID, pChainContext, pPolicyPara,
pPolicyStatus);
if (ret && pPolicyStatus->dwError == CERT_E_UNTRUSTEDROOT)
{
CERT_PUBLIC_KEY_INFO msPubKey = { { 0 } };
BOOL isMSTestRoot = FALSE;
PCCERT_CONTEXT failingCert =
pChainContext->rgpChain[pPolicyStatus->lChainIndex]->
rgpElement[pPolicyStatus->lElementIndex]->pCertContext;
DWORD i;
CRYPT_DATA_BLOB keyBlobs[] = {
{ sizeof(msTestPubKey1), msTestPubKey1 },
{ sizeof(msTestPubKey2), msTestPubKey2 },
{ sizeof(msTestPubKey3), msTestPubKey3 },
};
/* Check whether the root is an MS test root */
for (i = 0; !isMSTestRoot && i < sizeof(keyBlobs) / sizeof(keyBlobs[0]);
i++)
{
msPubKey.PublicKey.cbData = keyBlobs[i].cbData;
msPubKey.PublicKey.pbData = keyBlobs[i].pbData;
if (CertComparePublicKeyInfo(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
&failingCert->pCertInfo->SubjectPublicKeyInfo, &msPubKey))
isMSTestRoot = TRUE;
}
if (isMSTestRoot)
pPolicyStatus->dwError = CERT_E_UNTRUSTEDTESTROOT;
}
return ret;
}
typedef BOOL (WINAPI *CertVerifyCertificateChainPolicyFunc)(LPCSTR szPolicyOID, typedef BOOL (WINAPI *CertVerifyCertificateChainPolicyFunc)(LPCSTR szPolicyOID,
PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
PCERT_CHAIN_POLICY_STATUS pPolicyStatus); PCERT_CHAIN_POLICY_STATUS pPolicyStatus);
...@@ -1092,6 +1149,9 @@ BOOL WINAPI CertVerifyCertificateChainPolicy(LPCSTR szPolicyOID, ...@@ -1092,6 +1149,9 @@ BOOL WINAPI CertVerifyCertificateChainPolicy(LPCSTR szPolicyOID,
case (int)CERT_CHAIN_POLICY_BASE: case (int)CERT_CHAIN_POLICY_BASE:
verifyPolicy = verify_base_policy; verifyPolicy = verify_base_policy;
break; break;
case (int)CERT_CHAIN_POLICY_AUTHENTICODE:
verifyPolicy = verify_authenticode_policy;
break;
default: default:
FIXME("unimplemented for %d\n", LOWORD(szPolicyOID)); FIXME("unimplemented for %d\n", LOWORD(szPolicyOID));
} }
......
dlls/crypt32/tests/chain.c
View file @ 5f06293e
...@@ -1750,50 +1750,35 @@ static ChainPolicyCheck basePolicyCheck[] = { ...@@ -1750,50 +1750,35 @@ static ChainPolicyCheck basePolicyCheck[] = {
static ChainPolicyCheck authenticodePolicyCheck[] = { static ChainPolicyCheck authenticodePolicyCheck[] = {
{ { sizeof(chain0) / sizeof(chain0[0]), chain0 }, { { sizeof(chain0) / sizeof(chain0[0]), chain0 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain1) / sizeof(chain1[0]), chain1 }, { { sizeof(chain1) / sizeof(chain1[0]), chain1 },
{ 0, TRUST_E_CERT_SIGNATURE, 0, 0, NULL }, { 0, TRUST_E_CERT_SIGNATURE, 0, 0, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain2) / sizeof(chain2[0]), chain2 }, { { sizeof(chain2) / sizeof(chain2[0]), chain2 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain3) / sizeof(chain3[0]), chain3 }, { { sizeof(chain3) / sizeof(chain3[0]), chain3 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain4) / sizeof(chain4[0]), chain4 }, { { sizeof(chain4) / sizeof(chain4[0]), chain4 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 2, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 2, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain5) / sizeof(chain5[0]), chain5 }, { { sizeof(chain5) / sizeof(chain5[0]), chain5 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain6) / sizeof(chain6[0]), chain6 }, { { sizeof(chain6) / sizeof(chain6[0]), chain6 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain7) / sizeof(chain7[0]), chain7 }, { { sizeof(chain7) / sizeof(chain7[0]), chain7 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain8) / sizeof(chain8[0]), chain8 }, { { sizeof(chain8) / sizeof(chain8[0]), chain8 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 2, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 2, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain9) / sizeof(chain9[0]), chain9 }, { { sizeof(chain9) / sizeof(chain9[0]), chain9 },
{ 0, CERT_E_CHAINING, 0, -1, NULL }, { 0, CERT_E_CHAINING, 0, -1, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain10) / sizeof(chain10[0]), chain10 }, { { sizeof(chain10) / sizeof(chain10[0]), chain10 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain11) / sizeof(chain11[0]), chain11 }, { { sizeof(chain11) / sizeof(chain11[0]), chain11 },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 1, NULL }, 0 },
TODO_POLICY },
{ { sizeof(chain12) / sizeof(chain12[0]), chain12 }, { { sizeof(chain12) / sizeof(chain12[0]), chain12 },
{ 0, TRUST_E_CERT_SIGNATURE, 0, 1, NULL }, { 0, TRUST_E_CERT_SIGNATURE, 0, 1, NULL }, 0 },
TODO_POLICY },
{ { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain }, { { sizeof(selfSignedChain) / sizeof(selfSignedChain[0]), selfSignedChain },
{ 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, { 0, CERT_E_UNTRUSTEDROOT, 0, 0, NULL }, 0 },
TODO_POLICY },
{ { sizeof(iTunesChain) / sizeof(iTunesChain[0]), iTunesChain }, { { sizeof(iTunesChain) / sizeof(iTunesChain[0]), iTunesChain },
{ 0, 0, -1, -1, NULL }, { 0, 0, -1, -1, NULL }, 0 },
TODO_POLICY },
}; };
static ChainPolicyCheck basicConstraintsPolicyCheck[] = { static ChainPolicyCheck basicConstraintsPolicyCheck[] = {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment