archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pki/activex/xaddroot/rootlist.cpp

747 lines
24 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. // Microsoft Windows
  3. //
  4. // Copyright (C) Microsoft Corporation, 1999 - 1999
  5. //
  6. // File: rootlist.cpp
  7. //
  8. // Contents: Signed List of Trusted Roots Helper Functions
  9. //
  10. //
  11. // Functions: I_CertVerifySignedListOfTrustedRoots
  12. //
  13. // History: 01-Aug-99 philh created
  14. //--------------------------------------------------------------------------
  16. #include <windows.h>
  17. #include <assert.h>
  18. #include "wincrypt.h"
  19. #include "wintrust.h"
  20. #include "softpub.h"
  22. #include <stdlib.h>
  23. #include <stdio.h>
  24. #include <string.h>
  25. #include <memory.h>
  26. #include <time.h>
  28. #include "dbgdef.h"
  29. #include "rootlist.h"
  31. #ifdef STATIC
  32. #undef STATIC
  33. #endif
  34. #define STATIC
  37. #define SHA1_HASH_LEN 20
  39. //+-------------------------------------------------------------------------
  40. // SHA1 Key Identifier of the signer's root
  41. //--------------------------------------------------------------------------
  42. STATIC BYTE rgbSignerRootKeyId[SHA1_HASH_LEN] = {
  43. #if 1
  44. // The following is the sha1 key identifier for the Microsoft root
  45. 0x4A, 0x5C, 0x75, 0x22, 0xAA, 0x46, 0xBF, 0xA4, 0x08, 0x9D,
  46. 0x39, 0x97, 0x4E, 0xBD, 0xB4, 0xA3, 0x60, 0xF7, 0xA0, 0x1D
  47. #else
  48. // The following is the sha1 key identifier for the test root
  49. 0x9A, 0xA6, 0x58, 0x7F, 0x94, 0xDD, 0x91, 0xD9, 0x1E, 0x63,
  50. 0xDF, 0xD3, 0xF0, 0xCE, 0x5F, 0xAE, 0x18, 0x93, 0xAA, 0xB7
  51. #endif
  52. };
  54. //+-------------------------------------------------------------------------
  55. // If the certificate has an EKU extension, returns an allocated and
  56. // decoded EKU. Otherwise, returns NULL.
  57. //
  58. // LocalFree() must be called to free the returned EKU.
  59. //--------------------------------------------------------------------------
  60. STATIC
  61. PCERT_ENHKEY_USAGE
  62. WINAPI
  63. GetAndAllocCertEKUExt(
  64. IN PCCERT_CONTEXT pCert
  65. )
  66. {
  67. PCERT_ENHKEY_USAGE pUsage = NULL;
  68. DWORD cbUsage;
  70. cbUsage = 0;
  71. if (!CertGetEnhancedKeyUsage(
  72. pCert,
  73. CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG,
  74. NULL, // pUsage
  75. &cbUsage) || 0 == cbUsage)
  76. goto GetEnhancedKeyUsageError;
  77. if (NULL == (pUsage = (PCERT_ENHKEY_USAGE) LocalAlloc(LPTR, cbUsage)))
  78. goto OutOfMemory;
  79. if (!CertGetEnhancedKeyUsage(
  80. pCert,
  81. CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG,
  82. pUsage,
  83. &cbUsage))
  84. goto GetEnhancedKeyUsageError;
  86. CommonReturn:
  87. return pUsage;
  88. ErrorReturn:
  89. if (pUsage) {
  90. LocalFree(pUsage);
  91. pUsage = NULL;
  92. }
  93. goto CommonReturn;
  95. SET_ERROR(GetEnhancedKeyUsageError, CERT_E_WRONG_USAGE)
  96. SET_ERROR(OutOfMemory, E_OUTOFMEMORY)
  97. }
  99. //+-------------------------------------------------------------------------
  100. // The signature of the CTL is verified. The signer of the CTL is verified
  101. // up to a trusted root containing the predefined Microsoft public key.
  102. // The signer and intermediate certificates must have the
  103. // szOID_ROOT_LIST_SIGNER enhanced key usage extension.
  104. //
  105. // For success, *ppSignerCert is updated with certificate context of the
  106. // signer.
  107. //--------------------------------------------------------------------------
  108. STATIC
  109. BOOL
  110. WINAPI
  111. GetAndVerifyTrustedRootsSigner(
  112. IN HCRYPTMSG hCryptMsg,
  113. IN HCERTSTORE hMsgStore,
  114. OUT PCCERT_CONTEXT *ppSignerCert
  115. )
  116. {
  117. BOOL fResult;
  118. LONG lStatus;
  119. PCCERT_CONTEXT pSignerCert = NULL;
  120. GUID wvtCertActionID = WINTRUST_ACTION_GENERIC_CERT_VERIFY;
  121. WINTRUST_CERT_INFO wvtCertInfo;
  122. WINTRUST_DATA wvtData;
  123. BOOL fCloseWVT = FALSE;
  124. DWORD dwLastError = 0;
  126. CRYPT_PROVIDER_DATA *pProvData; // not allocated
  127. CRYPT_PROVIDER_SGNR *pProvSigner; // not allocated
  128. CRYPT_PROVIDER_CERT *pProvCert; // not allocated
  129. DWORD idxCert;
  130. PCCERT_CONTEXT pCert; // not refCount'ed
  132. PCERT_ENHKEY_USAGE pUsage = NULL;
  134. BYTE rgbKeyId[SHA1_HASH_LEN];
  135. DWORD cbKeyId;
  137. if (!CryptMsgGetAndVerifySigner(
  138. hCryptMsg,
  139. 0, // cSignerStore
  140. NULL, // rghSignerStore
  141. 0, // dwFlags
  142. &pSignerCert,
  143. NULL // pdwSignerIndex
  144. ))
  145. goto CryptMsgGetAndVerifySignerError;
  147. memset(&wvtCertInfo, 0, sizeof(wvtCertInfo));
  148. wvtCertInfo.cbStruct = sizeof(wvtCertInfo);
  149. wvtCertInfo.psCertContext = (PCERT_CONTEXT) pSignerCert;
  150. wvtCertInfo.chStores = 1;
  151. wvtCertInfo.pahStores = &hMsgStore;
  152. wvtCertInfo.dwFlags = 0;
  153. wvtCertInfo.pcwszDisplayName = L"";
  155. memset(&wvtData, 0, sizeof(wvtData));
  156. wvtData.cbStruct = sizeof(wvtData);
  157. wvtData.pPolicyCallbackData = (void *) szOID_ROOT_LIST_SIGNER;
  158. wvtData.dwUIChoice = WTD_UI_NONE;
  159. wvtData.fdwRevocationChecks = WTD_REVOKE_NONE;
  160. wvtData.dwUnionChoice = WTD_CHOICE_CERT;
  161. wvtData.pCert = &wvtCertInfo;
  162. wvtData.dwStateAction = WTD_STATEACTION_VERIFY;
  163. wvtData.hWVTStateData = NULL;
  164. wvtData.dwProvFlags = 0;
  166. lStatus = WinVerifyTrust(
  167. NULL, // hwnd
  168. &wvtCertActionID,
  169. &wvtData
  170. );
  172. #if (0) // DSIE
  173. if (ERROR_SUCCESS != lStatus)
  174. goto WinVerifyTrustError;
  175. else
  176. fCloseWVT = TRUE;
  177. #else
  178. if (ERROR_SUCCESS != lStatus && CERT_E_REVOCATION_FAILURE != lStatus)
  179. goto WinVerifyTrustError;
  180. else
  181. fCloseWVT = TRUE;
  182. #endif
  183. if (NULL == (pProvData = WTHelperProvDataFromStateData(
  184. wvtData.hWVTStateData)))
  185. goto NoProvDataError;
  186. if (0 == pProvData->csSigners)
  187. goto NoProvSignerError;
  188. if (NULL == (pProvSigner = WTHelperGetProvSignerFromChain(
  189. pProvData,
  190. 0, // idxSigner
  191. FALSE, // fCounterSigner
  192. 0 // idxCounterSigner
  193. )))
  194. goto NoProvSignerError;
  196. if (2 > pProvSigner->csCertChain)
  197. goto MissingSignerCertsError;
  199. // Check that the top level certificate contains the public
  200. // key for the Microsoft root.
  201. pProvCert = WTHelperGetProvCertFromChain(pProvSigner,
  202. pProvSigner->csCertChain - 1);
  203. if (NULL == pProvCert)
  204. goto UnexpectedError;
  205. pCert = pProvCert->pCert;
  207. cbKeyId = SHA1_HASH_LEN;
  208. if (!CryptHashPublicKeyInfo(
  209. NULL, // hCryptProv
  210. CALG_SHA1,
  211. 0, // dwFlags
  212. X509_ASN_ENCODING,
  213. &pCert->pCertInfo->SubjectPublicKeyInfo,
  214. rgbKeyId,
  215. &cbKeyId
  216. ))
  217. goto HashPublicKeyInfoError;
  219. if (SHA1_HASH_LEN != cbKeyId ||
  220. 0 != memcmp(rgbSignerRootKeyId, rgbKeyId, SHA1_HASH_LEN))
  221. goto InvalidSignerRootError;
  223. // Check that the signer and intermediate certs have the RootListSigner
  224. // Usage extension
  225. for (idxCert = 0; idxCert < pProvSigner->csCertChain - 1; idxCert++) {
  226. DWORD i;
  228. pProvCert = WTHelperGetProvCertFromChain(pProvSigner, idxCert);
  229. if (NULL == pProvCert)
  230. goto UnexpectedError;
  231. pCert = pProvCert->pCert;
  233. pUsage = GetAndAllocCertEKUExt(pCert);
  234. if (NULL == pUsage)
  235. goto GetAndAllocCertEKUExtError;
  237. for (i = 0; i < pUsage->cUsageIdentifier; i++) {
  238. if (0 == strcmp(szOID_ROOT_LIST_SIGNER,
  239. pUsage->rgpszUsageIdentifier[i]))
  240. break;
  241. }
  243. if (i == pUsage->cUsageIdentifier)
  244. goto MissingTrustListSignerUsageError;
  246. LocalFree(pUsage);
  247. pUsage = NULL;
  249. }
  251. fResult = TRUE;
  253. CommonReturn:
  254. if (fCloseWVT) {
  255. wvtData.dwStateAction = WTD_STATEACTION_CLOSE;
  256. lStatus = WinVerifyTrust(
  257. NULL, // hwnd
  258. &wvtCertActionID,
  259. &wvtData
  260. );
  261. }
  262. if (pUsage)
  263. LocalFree(pUsage);
  265. SetLastError(dwLastError);
  266. *ppSignerCert = pSignerCert;
  267. return fResult;
  268. ErrorReturn:
  269. dwLastError = GetLastError();
  270. if (pSignerCert) {
  271. CertFreeCertificateContext(pSignerCert);
  272. pSignerCert = NULL;
  273. }
  274. fResult = FALSE;
  275. goto CommonReturn;
  277. TRACE_ERROR(CryptMsgGetAndVerifySignerError)
  278. SET_ERROR_VAR(WinVerifyTrustError, lStatus)
  279. SET_ERROR(NoProvDataError, E_UNEXPECTED)
  280. SET_ERROR(NoProvSignerError, TRUST_E_NO_SIGNER_CERT)
  281. SET_ERROR(MissingSignerCertsError, CERT_E_CHAINING)
  282. SET_ERROR(UnexpectedError, E_UNEXPECTED)
  283. TRACE_ERROR(HashPublicKeyInfoError)
  284. SET_ERROR(InvalidSignerRootError, CERT_E_UNTRUSTEDROOT)
  285. TRACE_ERROR(GetAndAllocCertEKUExtError)
  286. SET_ERROR(MissingTrustListSignerUsageError, CERT_E_WRONG_USAGE)
  287. }
  289. //+-------------------------------------------------------------------------
  290. // Returns TRUE if all the CTL fields are valid. Checks for the following:
  291. // - There is at least one SubjectUsage (really the roots enhanced key usage)
  292. // - If NextUpdate isn't NULL, that the CTL is still time valid
  293. // - Only allow roots identified by their sha1 hash
  294. //--------------------------------------------------------------------------
  295. STATIC
  296. BOOL
  297. WINAPI
  298. VerifyTrustedRootsCtlFields(
  299. IN PCTL_INFO pCtlInfo
  300. )
  301. {
  302. BOOL fResult;
  304. // Must have a least one usage
  305. if (0 == pCtlInfo->SubjectUsage.cUsageIdentifier)
  306. goto NoSubjectUsageError;
  309. // If NextUpdate is present, verify that the CTL hasn't expired.
  310. if (pCtlInfo->NextUpdate.dwLowDateTime ||
  311. pCtlInfo->NextUpdate.dwHighDateTime) {
  312. SYSTEMTIME SystemTime;
  313. FILETIME FileTime;
  315. GetSystemTime(&SystemTime);
  316. SystemTimeToFileTime(&SystemTime, &FileTime);
  318. if (CompareFileTime(&FileTime, &pCtlInfo->NextUpdate) > 0)
  319. goto ExpiredCtlError;
  320. }
  322. // Only allow roots identified by their sha1 hash
  323. if (0 != strcmp(szOID_OIWSEC_sha1,
  324. pCtlInfo->SubjectAlgorithm.pszObjId))
  325. goto InvalidSubjectAlgorithm;
  327. fResult = TRUE;
  328. CommonReturn:
  329. return fResult;
  330. ErrorReturn:
  331. fResult = FALSE;
  332. goto CommonReturn;
  334. SET_ERROR(NoSubjectUsageError, ERROR_INVALID_DATA)
  335. SET_ERROR(ExpiredCtlError, CERT_E_EXPIRED)
  336. SET_ERROR(InvalidSubjectAlgorithm, ERROR_INVALID_DATA)
  337. }
  339. //+-------------------------------------------------------------------------
  340. // Returns TRUE if all the known extensions are valid and there aren't any
  341. // unknown critical extensions.
  342. //
  343. // We know about the following extensions:
  344. // - szOID_ENHANCED_KEY_USAGE - if present, must contain
  345. // szOID_ROOT_LIST_SIGNER usage
  346. // - szOID_REMOVE_CERTIFICATE - integer value, 0 => FALSE (add)
  347. // 1 => TRUE (remove), all other values are invalid
  348. // - szOID_CERT_POLICIES - ignored
  349. //
  350. // If szOID_REMOVE_CERTIFICATE is present, then, *pfRemoveRoots is updated.
  351. // Otherwise, *pfRemoveRoots defaults to FALSE.
  352. //--------------------------------------------------------------------------
  353. STATIC
  354. BOOL
  355. WINAPI
  356. VerifyTrustedRootsCtlExtensions(
  357. IN PCTL_INFO pCtlInfo,
  358. OUT BOOL *pfRemoveRoots
  359. )
  360. {
  361. BOOL fResult;
  362. PCERT_EXTENSION pExt;
  363. DWORD cExt;
  364. PCERT_ENHKEY_USAGE pUsage = NULL;
  365. DWORD cbRemoveRoots;
  367. *pfRemoveRoots = FALSE;
  369. // Verify the extensions
  370. for (cExt = pCtlInfo->cExtension,
  371. pExt = pCtlInfo->rgExtension; 0 < cExt; cExt--, pExt++) {
  372. if (0 == strcmp(szOID_ENHANCED_KEY_USAGE, pExt->pszObjId)) {
  373. DWORD cbUsage;
  374. DWORD i;
  376. // Check for szOID_ROOT_LIST_SIGNER usage
  378. if (!CryptDecodeObject(
  379. X509_ASN_ENCODING,
  380. X509_ENHANCED_KEY_USAGE,
  381. pExt->Value.pbData,
  382. pExt->Value.cbData,
  383. 0, // dwFlags
  384. NULL, // pvStructInfo
  385. &cbUsage
  386. ))
  387. goto DecodeEnhancedKeyUsageExtError;
  388. if (NULL == (pUsage = (PCERT_ENHKEY_USAGE) LocalAlloc(
  389. LPTR, cbUsage)))
  390. goto OutOfMemory;
  391. if (!CryptDecodeObject(
  392. X509_ASN_ENCODING,
  393. X509_ENHANCED_KEY_USAGE,
  394. pExt->Value.pbData,
  395. pExt->Value.cbData,
  396. 0, // dwFlags
  397. pUsage,
  398. &cbUsage
  399. ))
  400. goto DecodeEnhancedKeyUsageExtError;
  401. for (i = 0; i < pUsage->cUsageIdentifier; i++) {
  402. if (0 == strcmp(szOID_ROOT_LIST_SIGNER,
  403. pUsage->rgpszUsageIdentifier[i]))
  404. break;
  405. }
  407. if (i == pUsage->cUsageIdentifier)
  408. goto MissingTrustListSignerUsageInExtError;
  410. LocalFree(pUsage);
  411. pUsage = NULL;
  412. } else if (0 == strcmp(szOID_REMOVE_CERTIFICATE, pExt->pszObjId)) {
  413. int iVal;
  414. DWORD cbVal;
  416. cbVal = sizeof(iVal);
  417. iVal = 0;
  418. if (!CryptDecodeObject(
  419. X509_ASN_ENCODING,
  420. X509_INTEGER,
  421. pExt->Value.pbData,
  422. pExt->Value.cbData,
  423. 0, // dwFlags
  424. &iVal,
  425. &cbVal
  426. ))
  427. goto DecodeRemoveCertificateExtError;
  429. switch(iVal) {
  430. case 0:
  431. *pfRemoveRoots = FALSE;
  432. break;
  433. case 1:
  434. *pfRemoveRoots = TRUE;
  435. break;
  436. default:
  437. goto InvalidRemoveCertificateExtValueError;
  438. }
  439. } else if (0 == strcmp(szOID_CERT_POLICIES, pExt->pszObjId)) {
  440. ;
  441. } else if (pExt->fCritical) {
  442. goto UnknownCriticalExtensionError;
  443. }
  444. }
  446. fResult = TRUE;
  448. CommonReturn:
  449. if (pUsage)
  450. LocalFree(pUsage);
  451. return fResult;
  452. ErrorReturn:
  453. fResult = FALSE;
  454. goto CommonReturn;
  456. TRACE_ERROR(DecodeEnhancedKeyUsageExtError)
  457. SET_ERROR(OutOfMemory, E_OUTOFMEMORY)
  458. SET_ERROR(MissingTrustListSignerUsageInExtError, ERROR_INVALID_DATA)
  459. TRACE_ERROR(DecodeRemoveCertificateExtError)
  460. SET_ERROR(InvalidRemoveCertificateExtValueError, ERROR_INVALID_DATA)
  461. SET_ERROR(UnknownCriticalExtensionError, ERROR_INVALID_DATA)
  462. }
  465. //+-------------------------------------------------------------------------
  466. // Returns TRUE, if a sha1 entry exists in the CTL for the certificate
  467. //--------------------------------------------------------------------------
  468. STATIC
  469. BOOL
  470. WINAPI
  471. IsTrustedRoot(
  472. IN PCTL_INFO pCtlInfo,
  473. IN PCCERT_CONTEXT pCert
  474. )
  475. {
  476. BOOL fResult = FALSE;
  477. BYTE rgbSha1Hash[SHA1_HASH_LEN];
  478. DWORD cbSha1Hash;
  479. DWORD cEntry;
  480. PCTL_ENTRY pEntry; // not allocated
  482. cbSha1Hash = SHA1_HASH_LEN;
  483. if (!CertGetCertificateContextProperty(
  484. pCert,
  485. CERT_SHA1_HASH_PROP_ID,
  486. rgbSha1Hash,
  487. &cbSha1Hash
  488. ))
  489. goto GetSha1HashError;
  491. for (cEntry = pCtlInfo->cCTLEntry,
  492. pEntry = pCtlInfo->rgCTLEntry; 0 < cEntry; cEntry--, pEntry++) {
  493. if (SHA1_HASH_LEN == pEntry->SubjectIdentifier.cbData &&
  494. 0 == memcmp(rgbSha1Hash, pEntry->SubjectIdentifier.pbData,
  495. SHA1_HASH_LEN)) {
  496. fResult = TRUE;
  497. break;
  498. }
  499. }
  501. CommonReturn:
  502. return fResult;
  503. ErrorReturn:
  504. goto CommonReturn;
  505. TRACE_ERROR(GetSha1HashError)
  506. }
  508. //+-------------------------------------------------------------------------
  509. // Checks if the certificate has an EKU extension and if all of the
  510. // cert's usages are within the specified list of usages.
  511. //
  512. // Returns TRUE if the above two conditions are satisfied.
  513. //--------------------------------------------------------------------------
  514. STATIC
  515. BOOL
  516. WINAPI
  517. IsValidCertEKUExtSubset(
  518. IN PCCERT_CONTEXT pCert,
  519. PCERT_ENHKEY_USAGE pValidUsage
  520. )
  521. {
  522. PCERT_ENHKEY_USAGE pCertUsage = NULL;
  523. BOOL fResult = FALSE;
  524. DWORD i, j;
  526. pCertUsage = GetAndAllocCertEKUExt(pCert);
  527. if (NULL == pCertUsage || 0 == pCertUsage->cUsageIdentifier)
  528. goto CommonReturn;
  530. for (i = 0; i < pCertUsage->cUsageIdentifier; i++) {
  531. for (j = 0; j < pValidUsage->cUsageIdentifier; j++) {
  532. if (0 == strcmp(pCertUsage->rgpszUsageIdentifier[i],
  533. pValidUsage->rgpszUsageIdentifier[j]))
  534. break;
  535. }
  536. if (j == pValidUsage->cUsageIdentifier)
  537. // No Match
  538. goto CommonReturn;
  539. }
  541. fResult = TRUE;
  543. CommonReturn:
  544. if (pCertUsage)
  545. LocalFree(pCertUsage);
  546. return fResult;
  547. }
  549. //+-------------------------------------------------------------------------
  550. // Removes all certificates from the store not having a sha1 hash
  551. // entry in the CTL.
  552. //
  553. // For added certificates, sets the CERT_ENHKEY_USAGE_PROP_ID
  554. //--------------------------------------------------------------------------
  555. STATIC
  556. BOOL
  557. WINAPI
  558. FilterAndUpdateTrustedRootsInStore(
  559. IN PCTL_INFO pCtlInfo,
  560. IN BOOL fRemoveRoots,
  561. IN OUT HCERTSTORE hMsgStore
  562. )
  563. {
  564. BOOL fResult;
  565. PCCERT_CONTEXT pCert = NULL;
  566. CRYPT_DATA_BLOB EncodedUsage = {0, NULL}; // pbData is allocated
  568. if (!fRemoveRoots) {
  569. // Re-encode the decoded SubjectUsage field. It will be added as
  570. // a CERT_ENHKEY_USAGE_PROP_ID to each of the certs in the list
  572. if (!CryptEncodeObject(
  573. X509_ASN_ENCODING,
  574. X509_ENHANCED_KEY_USAGE,
  575. &pCtlInfo->SubjectUsage,
  576. NULL, // pbEncoded
  577. &EncodedUsage.cbData
  578. ))
  579. goto EncodeUsageError;
  580. if (NULL == (EncodedUsage.pbData = (BYTE *) LocalAlloc(
  581. LPTR, EncodedUsage.cbData)))
  582. goto OutOfMemory;
  583. if (!CryptEncodeObject(
  584. X509_ASN_ENCODING,
  585. X509_ENHANCED_KEY_USAGE,
  586. &pCtlInfo->SubjectUsage,
  587. EncodedUsage.pbData,
  588. &EncodedUsage.cbData
  589. ))
  590. goto EncodeUsageError;
  591. }
  593. // Iterate through the certificates in the message store.
  594. // Remove certificates not in the signed CTL entry list
  595. pCert = NULL;
  596. while (pCert = CertEnumCertificatesInStore(hMsgStore, pCert)) {
  597. if (IsTrustedRoot(pCtlInfo, pCert)) {
  598. // Add the enhanced key usage property if the certificate
  599. // doesn't already have an EKU extension that's a subset
  600. // of the SubjectUsage
  601. if (!fRemoveRoots && !IsValidCertEKUExtSubset(
  602. pCert, &pCtlInfo->SubjectUsage)) {
  603. if (!CertSetCertificateContextProperty(
  604. pCert,
  605. CERT_ENHKEY_USAGE_PROP_ID,
  606. 0, // dwFlags
  607. &EncodedUsage
  608. ))
  609. goto SetEnhancedKeyUsagePropertyError;
  610. }
  611. } else {
  612. PCCERT_CONTEXT pCertDup;
  614. pCertDup = CertDuplicateCertificateContext(pCert);
  615. CertDeleteCertificateFromStore(pCertDup);
  616. }
  617. }
  619. fResult = TRUE;
  620. CommonReturn:
  621. if (EncodedUsage.pbData)
  622. LocalFree(EncodedUsage.pbData);
  623. if (pCert)
  624. CertFreeCertificateContext(pCert);
  625. return fResult;
  626. ErrorReturn:
  627. fResult = FALSE;
  628. goto CommonReturn;
  630. TRACE_ERROR(EncodeUsageError)
  631. SET_ERROR(OutOfMemory, E_OUTOFMEMORY)
  632. TRACE_ERROR(SetEnhancedKeyUsagePropertyError)
  633. }
  635. //+-------------------------------------------------------------------------
  636. // Verify that the encoded CTL contains a signed list of roots. For success,
  637. // return certificate store containing the trusted roots to add or
  638. // remove. Also for success, return certificate context of the signer.
  639. //
  640. // The signature of the CTL is verified. The signer of the CTL is verified
  641. // up to a trusted root containing the predefined Microsoft public key.
  642. // The signer and intermediate certificates must have the
  643. // szOID_ROOT_LIST_SIGNER enhanced key usage extension.
  644. //
  645. // The CTL fields are validated as follows:
  646. // - There is at least one SubjectUsage (really the roots enhanced key usage)
  647. // - If NextUpdate isn't NULL, that the CTL is still time valid
  648. // - Only allow roots identified by their sha1 hash
  649. //
  650. // The following CTL extensions are processed:
  651. // - szOID_ENHANCED_KEY_USAGE - if present, must contain
  652. // szOID_ROOT_LIST_SIGNER usage
  653. // - szOID_REMOVE_CERTIFICATE - integer value, 0 => FALSE (add)
  654. // 1 => TRUE (remove), all other values are invalid
  655. // - szOID_CERT_POLICIES - ignored
  656. //
  657. // If the CTL contains any other critical extensions, then, the
  658. // CTL verification fails.
  659. //
  660. // For a successfully verified CTL:
  661. // - TRUE is returned
  662. // - *pfRemoveRoots is set to FALSE to add roots and is set to TRUE to
  663. // remove roots.
  664. // - *phRootListStore is a certificate store containing only the roots to
  665. // add or remove. *phRootListStore must be closed by calling
  666. // CertCloseStore(). For added roots, the CTL's SubjectUsage field is
  667. // set as CERT_ENHKEY_USAGE_PROP_ID on all of the certificates in the
  668. // store.
  669. // - *ppSignerCert is a pointer to the certificate context of the signer.
  670. // *ppSignerCert must be freed by calling CertFreeCertificateContext().
  671. //
  672. // Otherwise, FALSE is returned with *phRootListStore and *ppSignerCert
  673. // set to NULL.
  674. //--------------------------------------------------------------------------
  675. BOOL
  676. WINAPI
  677. I_CertVerifySignedListOfTrustedRoots(
  678. IN const BYTE *pbCtlEncoded,
  679. IN DWORD cbCtlEncoded,
  680. OUT BOOL *pfRemoveRoots, // FALSE: add, TRUE: remove
  681. OUT HCERTSTORE *phRootListStore,
  682. OUT PCCERT_CONTEXT *ppSignerCert
  683. )
  684. {
  685. BOOL fResult;
  686. PCCTL_CONTEXT pCtl = NULL;
  687. HCERTSTORE hMsgStore = NULL;
  688. PCCERT_CONTEXT pSignerCert = NULL;
  689. BOOL fRemoveRoots = FALSE;
  690. PCTL_INFO pCtlInfo; // not allocated
  692. if (NULL == (pCtl = CertCreateCTLContext(
  693. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  694. pbCtlEncoded,
  695. cbCtlEncoded)))
  696. goto CreateCtlContextError;
  698. if (NULL == (hMsgStore = CertOpenStore(
  699. CERT_STORE_PROV_MSG,
  700. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  701. 0, // hCryptProv
  702. 0, // dwFlags
  703. pCtl->hCryptMsg // pvPara
  704. )))
  705. goto OpenMsgStoreError;
  707. if (!GetAndVerifyTrustedRootsSigner(
  708. pCtl->hCryptMsg, hMsgStore, &pSignerCert))
  709. goto GetAndVerifyTrustedRootsSignerError;
  711. pCtlInfo = pCtl->pCtlInfo;
  713. if (!VerifyTrustedRootsCtlFields(pCtlInfo))
  714. goto VerifyCtlFieldsError;
  715. if (!VerifyTrustedRootsCtlExtensions(pCtlInfo, &fRemoveRoots))
  716. goto VerifyCtlExtensionsError;
  717. if (!FilterAndUpdateTrustedRootsInStore(pCtlInfo, fRemoveRoots, hMsgStore))
  718. goto FilterAndUpdateTrustedRootsError;
  720. fResult = TRUE;
  721. CommonReturn:
  722. if (pCtl)
  723. CertFreeCTLContext(pCtl);
  724. *pfRemoveRoots = fRemoveRoots;
  725. *phRootListStore = hMsgStore;
  726. *ppSignerCert = pSignerCert;
  727. return fResult;
  728. ErrorReturn:
  729. if (pSignerCert) {
  730. CertFreeCertificateContext(pSignerCert);
  731. pSignerCert = NULL;
  732. }
  734. if (hMsgStore) {
  735. CertCloseStore(hMsgStore, 0);
  736. hMsgStore = NULL;
  737. }
  738. fResult = FALSE;
  739. goto CommonReturn;
  741. TRACE_ERROR(CreateCtlContextError)
  742. TRACE_ERROR(OpenMsgStoreError)
  743. TRACE_ERROR(GetAndVerifyTrustedRootsSignerError)
  744. TRACE_ERROR(VerifyCtlFieldsError)
  745. TRACE_ERROR(VerifyCtlExtensionsError)
  746. TRACE_ERROR(FilterAndUpdateTrustedRootsError)
  747. }