archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/win32/ntcrypto/mincrypt/vercert.cpp

632 lines
24 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. // Microsoft Windows
  3. //
  4. // Copyright (C) Microsoft Corporation, 2001 - 2001
  5. //
  6. // File: vercert.cpp
  7. //
  8. // Contents: Minimal Cryptographic functions to verify ASN.1 encoded
  9. // X.509 certificates
  10. //
  11. //
  12. // Functions: MinCryptVerifyCertificate
  13. //
  14. // History: 17-Jan-01 philh created
  15. //--------------------------------------------------------------------------
  17. #include "global.hxx"
  19. #define MAX_CHAIN_DEPTH 10
  21. //+=========================================================================
  22. // Microsoft Roots
  23. //-=========================================================================
  25. // Name:: <CN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=US>
  26. const BYTE rgbMicrosoftRoot0_Name[] = {
  27. 0x30, 0x50, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
  28. 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
  29. 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0A,
  30. 0x13, 0x04, 0x4D, 0x53, 0x46, 0x54, 0x31, 0x32,
  31. 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
  32. 0x29, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F,
  33. 0x66, 0x74, 0x20, 0x41, 0x75, 0x74, 0x68, 0x65,
  34. 0x6E, 0x74, 0x69, 0x63, 0x6F, 0x64, 0x65, 0x28,
  35. 0x74, 0x6D, 0x29, 0x20, 0x52, 0x6F, 0x6F, 0x74,
  36. 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69,
  37. 0x74, 0x79
  38. };
  39. const BYTE rgbMicrosoftRoot0_PubKeyInfo[]= {
  40. 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09,
  41. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
  42. 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00,
  43. 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01,
  44. 0x00, 0xDF, 0x08, 0xBA, 0xE3, 0x3F, 0x6E, 0x64,
  45. 0x9B, 0xF5, 0x89, 0xAF, 0x28, 0x96, 0x4A, 0x07,
  46. 0x8F, 0x1B, 0x2E, 0x8B, 0x3E, 0x1D, 0xFC, 0xB8,
  47. 0x80, 0x69, 0xA3, 0xA1, 0xCE, 0xDB, 0xDF, 0xB0,
  48. 0x8E, 0x6C, 0x89, 0x76, 0x29, 0x4F, 0xCA, 0x60,
  49. 0x35, 0x39, 0xAD, 0x72, 0x32, 0xE0, 0x0B, 0xAE,
  50. 0x29, 0x3D, 0x4C, 0x16, 0xD9, 0x4B, 0x3C, 0x9D,
  51. 0xDA, 0xC5, 0xD3, 0xD1, 0x09, 0xC9, 0x2C, 0x6F,
  52. 0xA6, 0xC2, 0x60, 0x53, 0x45, 0xDD, 0x4B, 0xD1,
  53. 0x55, 0xCD, 0x03, 0x1C, 0xD2, 0x59, 0x56, 0x24,
  54. 0xF3, 0xE5, 0x78, 0xD8, 0x07, 0xCC, 0xD8, 0xB3,
  55. 0x1F, 0x90, 0x3F, 0xC0, 0x1A, 0x71, 0x50, 0x1D,
  56. 0x2D, 0xA7, 0x12, 0x08, 0x6D, 0x7C, 0xB0, 0x86,
  57. 0x6C, 0xC7, 0xBA, 0x85, 0x32, 0x07, 0xE1, 0x61,
  58. 0x6F, 0xAF, 0x03, 0xC5, 0x6D, 0xE5, 0xD6, 0xA1,
  59. 0x8F, 0x36, 0xF6, 0xC1, 0x0B, 0xD1, 0x3E, 0x69,
  60. 0x97, 0x48, 0x72, 0xC9, 0x7F, 0xA4, 0xC8, 0xC2,
  61. 0x4A, 0x4C, 0x7E, 0xA1, 0xD1, 0x94, 0xA6, 0xD7,
  62. 0xDC, 0xEB, 0x05, 0x46, 0x2E, 0xB8, 0x18, 0xB4,
  63. 0x57, 0x1D, 0x86, 0x49, 0xDB, 0x69, 0x4A, 0x2C,
  64. 0x21, 0xF5, 0x5E, 0x0F, 0x54, 0x2D, 0x5A, 0x43,
  65. 0xA9, 0x7A, 0x7E, 0x6A, 0x8E, 0x50, 0x4D, 0x25,
  66. 0x57, 0xA1, 0xBF, 0x1B, 0x15, 0x05, 0x43, 0x7B,
  67. 0x2C, 0x05, 0x8D, 0xBD, 0x3D, 0x03, 0x8C, 0x93,
  68. 0x22, 0x7D, 0x63, 0xEA, 0x0A, 0x57, 0x05, 0x06,
  69. 0x0A, 0xDB, 0x61, 0x98, 0x65, 0x2D, 0x47, 0x49,
  70. 0xA8, 0xE7, 0xE6, 0x56, 0x75, 0x5C, 0xB8, 0x64,
  71. 0x08, 0x63, 0xA9, 0x30, 0x40, 0x66, 0xB2, 0xF9,
  72. 0xB6, 0xE3, 0x34, 0xE8, 0x67, 0x30, 0xE1, 0x43,
  73. 0x0B, 0x87, 0xFF, 0xC9, 0xBE, 0x72, 0x10, 0x5E,
  74. 0x23, 0xF0, 0x9B, 0xA7, 0x48, 0x65, 0xBF, 0x09,
  75. 0x88, 0x7B, 0xCD, 0x72, 0xBC, 0x2E, 0x79, 0x9B,
  76. 0x7B, 0x02, 0x03, 0x01, 0x00, 0x01
  77. };
  80. // Name:: <CN=Microsoft Root Authority, OU=Microsoft Corporation,
  81. // OU=Copyright (c) 1997 Microsoft Corp.>
  82. const BYTE rgbMicrosoftRoot1_Name[]= {
  83. 0x30, 0x70, 0x31, 0x2B, 0x30, 0x29, 0x06, 0x03,
  84. 0x55, 0x04, 0x0B, 0x13, 0x22, 0x43, 0x6F, 0x70,
  85. 0x79, 0x72, 0x69, 0x67, 0x68, 0x74, 0x20, 0x28,
  86. 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x37, 0x20,
  87. 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66,
  88. 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x2E, 0x31,
  89. 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0B,
  90. 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73,
  91. 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70,
  92. 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31,
  93. 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, 0x03,
  94. 0x13, 0x18, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73,
  95. 0x6F, 0x66, 0x74, 0x20, 0x52, 0x6F, 0x6F, 0x74,
  96. 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69,
  97. 0x74, 0x79
  98. };
  100. const BYTE rgbMicrosoftRoot1_PubKeyInfo[]= {
  101. 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09,
  102. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
  103. 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00,
  104. 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01,
  105. 0x00, 0xA9, 0x02, 0xBD, 0xC1, 0x70, 0xE6, 0x3B,
  106. 0xF2, 0x4E, 0x1B, 0x28, 0x9F, 0x97, 0x78, 0x5E,
  107. 0x30, 0xEA, 0xA2, 0xA9, 0x8D, 0x25, 0x5F, 0xF8,
  108. 0xFE, 0x95, 0x4C, 0xA3, 0xB7, 0xFE, 0x9D, 0xA2,
  109. 0x20, 0x3E, 0x7C, 0x51, 0xA2, 0x9B, 0xA2, 0x8F,
  110. 0x60, 0x32, 0x6B, 0xD1, 0x42, 0x64, 0x79, 0xEE,
  111. 0xAC, 0x76, 0xC9, 0x54, 0xDA, 0xF2, 0xEB, 0x9C,
  112. 0x86, 0x1C, 0x8F, 0x9F, 0x84, 0x66, 0xB3, 0xC5,
  113. 0x6B, 0x7A, 0x62, 0x23, 0xD6, 0x1D, 0x3C, 0xDE,
  114. 0x0F, 0x01, 0x92, 0xE8, 0x96, 0xC4, 0xBF, 0x2D,
  115. 0x66, 0x9A, 0x9A, 0x68, 0x26, 0x99, 0xD0, 0x3A,
  116. 0x2C, 0xBF, 0x0C, 0xB5, 0x58, 0x26, 0xC1, 0x46,
  117. 0xE7, 0x0A, 0x3E, 0x38, 0x96, 0x2C, 0xA9, 0x28,
  118. 0x39, 0xA8, 0xEC, 0x49, 0x83, 0x42, 0xE3, 0x84,
  119. 0x0F, 0xBB, 0x9A, 0x6C, 0x55, 0x61, 0xAC, 0x82,
  120. 0x7C, 0xA1, 0x60, 0x2D, 0x77, 0x4C, 0xE9, 0x99,
  121. 0xB4, 0x64, 0x3B, 0x9A, 0x50, 0x1C, 0x31, 0x08,
  122. 0x24, 0x14, 0x9F, 0xA9, 0xE7, 0x91, 0x2B, 0x18,
  123. 0xE6, 0x3D, 0x98, 0x63, 0x14, 0x60, 0x58, 0x05,
  124. 0x65, 0x9F, 0x1D, 0x37, 0x52, 0x87, 0xF7, 0xA7,
  125. 0xEF, 0x94, 0x02, 0xC6, 0x1B, 0xD3, 0xBF, 0x55,
  126. 0x45, 0xB3, 0x89, 0x80, 0xBF, 0x3A, 0xEC, 0x54,
  127. 0x94, 0x4E, 0xAE, 0xFD, 0xA7, 0x7A, 0x6D, 0x74,
  128. 0x4E, 0xAF, 0x18, 0xCC, 0x96, 0x09, 0x28, 0x21,
  129. 0x00, 0x57, 0x90, 0x60, 0x69, 0x37, 0xBB, 0x4B,
  130. 0x12, 0x07, 0x3C, 0x56, 0xFF, 0x5B, 0xFB, 0xA4,
  131. 0x66, 0x0A, 0x08, 0xA6, 0xD2, 0x81, 0x56, 0x57,
  132. 0xEF, 0xB6, 0x3B, 0x5E, 0x16, 0x81, 0x77, 0x04,
  133. 0xDA, 0xF6, 0xBE, 0xAE, 0x80, 0x95, 0xFE, 0xB0,
  134. 0xCD, 0x7F, 0xD6, 0xA7, 0x1A, 0x72, 0x5C, 0x3C,
  135. 0xCA, 0xBC, 0xF0, 0x08, 0xA3, 0x22, 0x30, 0xB3,
  136. 0x06, 0x85, 0xC9, 0xB3, 0x20, 0x77, 0x13, 0x85,
  137. 0xDF, 0x02, 0x03, 0x01, 0x00, 0x01
  138. };
  141. // 4096 bit key generated in 2001
  142. //
  143. // Name:: <CN=Microsoft Root Certificate Authority, DC=microsoft, DC=com>
  144. const BYTE rgbMicrosoftRoot2_Name[]= {
  145. 0x30, 0x5F, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0A,
  146. 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64,
  147. 0x01, 0x19, 0x16, 0x03, 0x63, 0x6F, 0x6D, 0x31,
  148. 0x19, 0x30, 0x17, 0x06, 0x0A, 0x09, 0x92, 0x26,
  149. 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19, 0x16,
  150. 0x09, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F,
  151. 0x66, 0x74, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03,
  152. 0x55, 0x04, 0x03, 0x13, 0x24, 0x4D, 0x69, 0x63,
  153. 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x20, 0x52,
  154. 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74,
  155. 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20,
  156. 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74,
  157. 0x79
  158. };
  159. const BYTE rgbMicrosoftRoot2_PubKeyInfo[]= {
  160. 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09,
  161. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
  162. 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00,
  163. 0x30, 0x82, 0x02, 0x0A, 0x02, 0x82, 0x02, 0x01,
  164. 0x00, 0xF3, 0x5D, 0xFA, 0x80, 0x67, 0xD4, 0x5A,
  165. 0xA7, 0xA9, 0x0C, 0x2C, 0x90, 0x20, 0xD0, 0x35,
  166. 0x08, 0x3C, 0x75, 0x84, 0xCD, 0xB7, 0x07, 0x89,
  167. 0x9C, 0x89, 0xDA, 0xDE, 0xCE, 0xC3, 0x60, 0xFA,
  168. 0x91, 0x68, 0x5A, 0x9E, 0x94, 0x71, 0x29, 0x18,
  169. 0x76, 0x7C, 0xC2, 0xE0, 0xC8, 0x25, 0x76, 0x94,
  170. 0x0E, 0x58, 0xFA, 0x04, 0x34, 0x36, 0xE6, 0xDF,
  171. 0xAF, 0xF7, 0x80, 0xBA, 0xE9, 0x58, 0x0B, 0x2B,
  172. 0x93, 0xE5, 0x9D, 0x05, 0xE3, 0x77, 0x22, 0x91,
  173. 0xF7, 0x34, 0x64, 0x3C, 0x22, 0x91, 0x1D, 0x5E,
  174. 0xE1, 0x09, 0x90, 0xBC, 0x14, 0xFE, 0xFC, 0x75,
  175. 0x58, 0x19, 0xE1, 0x79, 0xB7, 0x07, 0x92, 0xA3,
  176. 0xAE, 0x88, 0x59, 0x08, 0xD8, 0x9F, 0x07, 0xCA,
  177. 0x03, 0x58, 0xFC, 0x68, 0x29, 0x6D, 0x32, 0xD7,
  178. 0xD2, 0xA8, 0xCB, 0x4B, 0xFC, 0xE1, 0x0B, 0x48,
  179. 0x32, 0x4F, 0xE6, 0xEB, 0xB8, 0xAD, 0x4F, 0xE4,
  180. 0x5C, 0x6F, 0x13, 0x94, 0x99, 0xDB, 0x95, 0xD5,
  181. 0x75, 0xDB, 0xA8, 0x1A, 0xB7, 0x94, 0x91, 0xB4,
  182. 0x77, 0x5B, 0xF5, 0x48, 0x0C, 0x8F, 0x6A, 0x79,
  183. 0x7D, 0x14, 0x70, 0x04, 0x7D, 0x6D, 0xAF, 0x90,
  184. 0xF5, 0xDA, 0x70, 0xD8, 0x47, 0xB7, 0xBF, 0x9B,
  185. 0x2F, 0x6C, 0xE7, 0x05, 0xB7, 0xE1, 0x11, 0x60,
  186. 0xAC, 0x79, 0x91, 0x14, 0x7C, 0xC5, 0xD6, 0xA6,
  187. 0xE4, 0xE1, 0x7E, 0xD5, 0xC3, 0x7E, 0xE5, 0x92,
  188. 0xD2, 0x3C, 0x00, 0xB5, 0x36, 0x82, 0xDE, 0x79,
  189. 0xE1, 0x6D, 0xF3, 0xB5, 0x6E, 0xF8, 0x9F, 0x33,
  190. 0xC9, 0xCB, 0x52, 0x7D, 0x73, 0x98, 0x36, 0xDB,
  191. 0x8B, 0xA1, 0x6B, 0xA2, 0x95, 0x97, 0x9B, 0xA3,
  192. 0xDE, 0xC2, 0x4D, 0x26, 0xFF, 0x06, 0x96, 0x67,
  193. 0x25, 0x06, 0xC8, 0xE7, 0xAC, 0xE4, 0xEE, 0x12,
  194. 0x33, 0x95, 0x31, 0x99, 0xC8, 0x35, 0x08, 0x4E,
  195. 0x34, 0xCA, 0x79, 0x53, 0xD5, 0xB5, 0xBE, 0x63,
  196. 0x32, 0x59, 0x40, 0x36, 0xC0, 0xA5, 0x4E, 0x04,
  197. 0x4D, 0x3D, 0xDB, 0x5B, 0x07, 0x33, 0xE4, 0x58,
  198. 0xBF, 0xEF, 0x3F, 0x53, 0x64, 0xD8, 0x42, 0x59,
  199. 0x35, 0x57, 0xFD, 0x0F, 0x45, 0x7C, 0x24, 0x04,
  200. 0x4D, 0x9E, 0xD6, 0x38, 0x74, 0x11, 0x97, 0x22,
  201. 0x90, 0xCE, 0x68, 0x44, 0x74, 0x92, 0x6F, 0xD5,
  202. 0x4B, 0x6F, 0xB0, 0x86, 0xE3, 0xC7, 0x36, 0x42,
  203. 0xA0, 0xD0, 0xFC, 0xC1, 0xC0, 0x5A, 0xF9, 0xA3,
  204. 0x61, 0xB9, 0x30, 0x47, 0x71, 0x96, 0x0A, 0x16,
  205. 0xB0, 0x91, 0xC0, 0x42, 0x95, 0xEF, 0x10, 0x7F,
  206. 0x28, 0x6A, 0xE3, 0x2A, 0x1F, 0xB1, 0xE4, 0xCD,
  207. 0x03, 0x3F, 0x77, 0x71, 0x04, 0xC7, 0x20, 0xFC,
  208. 0x49, 0x0F, 0x1D, 0x45, 0x88, 0xA4, 0xD7, 0xCB,
  209. 0x7E, 0x88, 0xAD, 0x8E, 0x2D, 0xEC, 0x45, 0xDB,
  210. 0xC4, 0x51, 0x04, 0xC9, 0x2A, 0xFC, 0xEC, 0x86,
  211. 0x9E, 0x9A, 0x11, 0x97, 0x5B, 0xDE, 0xCE, 0x53,
  212. 0x88, 0xE6, 0xE2, 0xB7, 0xFD, 0xAC, 0x95, 0xC2,
  213. 0x28, 0x40, 0xDB, 0xEF, 0x04, 0x90, 0xDF, 0x81,
  214. 0x33, 0x39, 0xD9, 0xB2, 0x45, 0xA5, 0x23, 0x87,
  215. 0x06, 0xA5, 0x55, 0x89, 0x31, 0xBB, 0x06, 0x2D,
  216. 0x60, 0x0E, 0x41, 0x18, 0x7D, 0x1F, 0x2E, 0xB5,
  217. 0x97, 0xCB, 0x11, 0xEB, 0x15, 0xD5, 0x24, 0xA5,
  218. 0x94, 0xEF, 0x15, 0x14, 0x89, 0xFD, 0x4B, 0x73,
  219. 0xFA, 0x32, 0x5B, 0xFC, 0xD1, 0x33, 0x00, 0xF9,
  220. 0x59, 0x62, 0x70, 0x07, 0x32, 0xEA, 0x2E, 0xAB,
  221. 0x40, 0x2D, 0x7B, 0xCA, 0xDD, 0x21, 0x67, 0x1B,
  222. 0x30, 0x99, 0x8F, 0x16, 0xAA, 0x23, 0xA8, 0x41,
  223. 0xD1, 0xB0, 0x6E, 0x11, 0x9B, 0x36, 0xC4, 0xDE,
  224. 0x40, 0x74, 0x9C, 0xE1, 0x58, 0x65, 0xC1, 0x60,
  225. 0x1E, 0x7A, 0x5B, 0x38, 0xC8, 0x8F, 0xBB, 0x04,
  226. 0x26, 0x7C, 0xD4, 0x16, 0x40, 0xE5, 0xB6, 0x6B,
  227. 0x6C, 0xAA, 0x86, 0xFD, 0x00, 0xBF, 0xCE, 0xC1,
  228. 0x35, 0x02, 0x03, 0x01, 0x00, 0x01
  229. };
  233. //+=========================================================================
  234. // Test Roots
  235. //-=========================================================================
  237. // Name:: <CN=Microsoft Test Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1999 Microsoft Corp.>
  238. const BYTE rgbTestRoot0_Name[] = {
  239. 0x30, 0x75, 0x31, 0x2B, 0x30, 0x29, 0x06, 0x03,
  240. 0x55, 0x04, 0x0B, 0x13, 0x22, 0x43, 0x6F, 0x70,
  241. 0x79, 0x72, 0x69, 0x67, 0x68, 0x74, 0x20, 0x28,
  242. 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, 0x20,
  243. 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66,
  244. 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x2E, 0x31,
  245. 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x0B,
  246. 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73,
  247. 0x6F, 0x66, 0x74, 0x20, 0x43, 0x6F, 0x72, 0x70,
  248. 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31,
  249. 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03,
  250. 0x13, 0x1D, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73,
  251. 0x6F, 0x66, 0x74, 0x20, 0x54, 0x65, 0x73, 0x74,
  252. 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x41, 0x75,
  253. 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79
  254. };
  256. const BYTE rgbTestRoot0_PubKeyInfo[]= {
  257. 0x30, 0x81, 0xDF, 0x30, 0x0D, 0x06, 0x09, 0x2A,
  258. 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
  259. 0x05, 0x00, 0x03, 0x81, 0xCD, 0x00, 0x30, 0x81,
  260. 0xC9, 0x02, 0x81, 0xC1, 0x00, 0xA9, 0xAA, 0x83,
  261. 0x58, 0x6D, 0xB5, 0xD3, 0x0C, 0x4B, 0x5B, 0x80,
  262. 0x90, 0xE5, 0xC3, 0x0F, 0x28, 0x0C, 0x7E, 0x3D,
  263. 0x3C, 0x24, 0xC5, 0x29, 0x56, 0x63, 0x8C, 0xEE,
  264. 0xC7, 0x83, 0x4A, 0xD8, 0x8C, 0x25, 0xD3, 0x0E,
  265. 0xD3, 0x12, 0xB7, 0xE1, 0x86, 0x72, 0x74, 0xA7,
  266. 0x8B, 0xFB, 0x0F, 0x05, 0xE9, 0x65, 0xC1, 0x9B,
  267. 0xD8, 0x56, 0xC2, 0x93, 0xF0, 0xFB, 0xE9, 0x5A,
  268. 0x48, 0x85, 0x7D, 0x95, 0xAA, 0xDF, 0x01, 0x86,
  269. 0xB7, 0x33, 0x33, 0x46, 0x56, 0xCB, 0x5B, 0x7A,
  270. 0xC4, 0xAF, 0xA0, 0x96, 0x53, 0x3A, 0xE9, 0xFB,
  271. 0x3B, 0x78, 0xC1, 0x43, 0x0C, 0xC7, 0x6E, 0x1C,
  272. 0x2F, 0xD1, 0x55, 0xF1, 0x19, 0xB2, 0x3F, 0xF8,
  273. 0xD6, 0xA0, 0xC7, 0x24, 0x95, 0x3B, 0xC8, 0x45,
  274. 0x25, 0x6F, 0x45, 0x3A, 0x46, 0x4F, 0xD2, 0x27,
  275. 0x8B, 0xC7, 0x50, 0x75, 0xC6, 0x80, 0x5E, 0x0D,
  276. 0x99, 0x78, 0x61, 0x77, 0x39, 0xC1, 0xB3, 0x0F,
  277. 0x9D, 0x12, 0x9C, 0xC4, 0xBB, 0x32, 0x7B, 0xB2,
  278. 0x4B, 0x26, 0xAA, 0x4E, 0xC0, 0x32, 0xB0, 0x2A,
  279. 0x13, 0x21, 0xBE, 0xED, 0x24, 0xF4, 0x7D, 0x0D,
  280. 0xEA, 0xAA, 0x8A, 0x7A, 0xD2, 0x8B, 0x4D, 0x97,
  281. 0xB5, 0x4D, 0x64, 0xBA, 0xFB, 0x46, 0xDD, 0x69,
  282. 0x6F, 0x9A, 0x0E, 0xCC, 0x53, 0x77, 0xAA, 0x6E,
  283. 0xAE, 0x20, 0xD6, 0x21, 0x98, 0x69, 0xD9, 0x46,
  284. 0xB9, 0x64, 0x32, 0xD4, 0x17, 0x02, 0x03, 0x01,
  285. 0x00, 0x01
  286. };
  289. typedef struct _ROOT_INFO {
  290. CRYPT_DER_BLOB EncodedName;
  291. CRYPT_DER_BLOB EncodedPubKeyInfo;
  292. BOOL fTestRoot;
  293. } ROOT_INFO, *PROOT_INFO;
  295. const ROOT_INFO RootTable[] = {
  296. sizeof(rgbMicrosoftRoot0_Name), (BYTE *) rgbMicrosoftRoot0_Name,
  297. sizeof(rgbMicrosoftRoot0_PubKeyInfo), (BYTE *) rgbMicrosoftRoot0_PubKeyInfo,
  298. FALSE,
  300. sizeof(rgbMicrosoftRoot1_Name), (BYTE *) rgbMicrosoftRoot1_Name,
  301. sizeof(rgbMicrosoftRoot1_PubKeyInfo), (BYTE *) rgbMicrosoftRoot1_PubKeyInfo,
  302. FALSE,
  304. sizeof(rgbMicrosoftRoot2_Name), (BYTE *) rgbMicrosoftRoot2_Name,
  305. sizeof(rgbMicrosoftRoot2_PubKeyInfo), (BYTE *) rgbMicrosoftRoot2_PubKeyInfo,
  306. FALSE,
  308. sizeof(rgbTestRoot0_Name), (BYTE *) rgbTestRoot0_Name,
  309. sizeof(rgbTestRoot0_PubKeyInfo), (BYTE *) rgbTestRoot0_PubKeyInfo,
  310. TRUE
  311. };
  312. #define ROOT_CNT (sizeof(RootTable) / sizeof(RootTable[0]))
  314. #define wszSETUP_REG \
  315. L"System\\Setup"
  316. #define wszSYSTEM_SETUP_REG_VALUE \
  317. L"SystemSetupInProgress"
  318. #define wszTEST_ROOT_REG \
  319. L"SOFTWARE\\Microsoft\\SystemCertificates\\Root\\Certificates\\2BD63D28D7BCD0E251195AEB519243C13142EBC3"
  321. // Check the CERT_STORE_PROV_SYSTEM_REGISTRY store for the Test Root.
  322. //
  323. // If the Test Root is found, return ERROR_SUCCESS.
  324. // If the Test Root is not found but we're in NT GUI-mode setup,
  325. // return ERROR_SUCCESS.
  326. // If the Test Root is not found and we're not in setup,
  327. // return CERT_E_UNTRUSTEDROOT.
  328. // For any other error, return the provided error code.
  329. DWORD
  330. WINAPI
  331. I_CheckIsTestRootAllowed(void)
  332. {
  333. DWORD dwReturn;
  334. HKEY hTestRootKey = 0;
  335. HKEY hSetupKey = 0;
  336. DWORD cb = 0;
  337. BOOL fSystemSetupInProgress = FALSE;
  339. dwReturn = RegOpenKeyExW(
  340. HKEY_LOCAL_MACHINE,
  341. wszTEST_ROOT_REG,
  342. 0, KEY_READ, &hTestRootKey);
  344. if (ERROR_SUCCESS != dwReturn)
  345. {
  346. //
  347. // We've determined that the Test
  348. // Root isn't installed. Check if we're in NT GUI-mode
  349. // setup right now.
  350. //
  351. // If we're in setup, we need to allow the Test Root
  352. // (but *only* for an otherwise valid signature)
  353. // since we may have been called before
  354. // setup has had a chance to install the Test Root.
  355. //
  357. dwReturn = RegOpenKeyExW(
  358. HKEY_LOCAL_MACHINE,
  359. wszSETUP_REG,
  360. 0, KEY_READ, &hSetupKey);
  362. if (ERROR_SUCCESS != dwReturn)
  363. goto Ret;
  365. cb = sizeof(fSystemSetupInProgress);
  366. dwReturn = RegQueryValueExW(
  367. hSetupKey,
  368. wszSYSTEM_SETUP_REG_VALUE,
  369. NULL,
  370. NULL,
  371. (PBYTE) &fSystemSetupInProgress,
  372. &cb);
  374. if (ERROR_SUCCESS != dwReturn)
  375. goto Ret;
  377. if (FALSE == fSystemSetupInProgress)
  378. dwReturn = CERT_E_UNTRUSTEDROOT;
  379. }
  381. Ret:
  382. if (hTestRootKey)
  383. RegCloseKey(hTestRootKey);
  384. if (hSetupKey)
  385. RegCloseKey(hSetupKey);
  387. return dwReturn;
  388. }
  390. // If found, returns ERROR_SUCCESS and sets *ppRootBlob to the PubKeyInfo blob.
  391. // Otherwise, returns appropriate error code and set *ppRootBlob to NULL.
  392. DWORD
  393. WINAPI
  394. I_MinCryptFindRootByName(
  395. IN PCRYPT_DER_BLOB pIssuerNameValueBlob,
  396. OUT PCRYPT_DER_BLOB *ppRootBlob
  397. )
  398. {
  399. DWORD i;
  400. DWORD dwStatus;
  401. BOOL fInGuiModeSetup = FALSE;
  403. *ppRootBlob = NULL;
  405. for (i = 0; i < ROOT_CNT; i++) {
  406. if (pIssuerNameValueBlob->cbData == RootTable[i].EncodedName.cbData &&
  407. 0 == memcmp(pIssuerNameValueBlob->pbData,
  408. RootTable[i].EncodedName.pbData,
  409. pIssuerNameValueBlob->cbData))
  410. {
  411. if (RootTable[i].fTestRoot)
  412. {
  413. dwStatus = I_CheckIsTestRootAllowed();
  415. if (ERROR_SUCCESS != dwStatus)
  416. return dwStatus;
  417. }
  419. *ppRootBlob = (PCRYPT_DER_BLOB) &RootTable[i].EncodedPubKeyInfo;
  420. return ERROR_SUCCESS;
  421. }
  422. }
  424. return CERT_E_UNTRUSTEDROOT;
  425. }
  427. // If found, returns ERROR_SUCCESS and sets *ppRootBlob to the PubKeyInfo blob.
  428. // Otherwise, returns appropriate error code and set *ppRootBlob to NULL.
  429. DWORD
  430. WINAPI
  431. I_MinCryptFindRootByKey(
  432. IN PCRYPT_DER_BLOB pSubjectPubKeyInfoBlob,
  433. OUT PCRYPT_DER_BLOB *ppRootBlob
  434. )
  435. {
  436. DWORD i;
  437. DWORD dwStatus;
  439. *ppRootBlob = NULL;
  441. for (i = 0; i < ROOT_CNT; i++) {
  442. if (pSubjectPubKeyInfoBlob->cbData ==
  443. RootTable[i].EncodedPubKeyInfo.cbData
  444. &&
  445. 0 == memcmp(pSubjectPubKeyInfoBlob->pbData,
  446. RootTable[i].EncodedPubKeyInfo.pbData,
  447. pSubjectPubKeyInfoBlob->cbData))
  448. {
  449. if (RootTable[i].fTestRoot)
  450. {
  451. dwStatus = I_CheckIsTestRootAllowed();
  453. if (ERROR_SUCCESS != dwStatus)
  454. return dwStatus;
  455. }
  457. *ppRootBlob = (PCRYPT_DER_BLOB) &RootTable[i].EncodedPubKeyInfo;
  458. return ERROR_SUCCESS;
  459. }
  460. }
  462. return CERT_E_UNTRUSTEDROOT;
  463. }
  467. // If found, returns pointer to rgCertBlob[MINASN1_CERT_BLOB_CNT].
  468. // Otherwise, returns NULL.
  469. PCRYPT_DER_BLOB
  470. WINAPI
  471. I_MinCryptFindIssuerCertificateByName(
  472. IN PCRYPT_DER_BLOB pIssuerNameValueBlob,
  473. IN DWORD cCert,
  474. IN CRYPT_DER_BLOB rgrgCertBlob[][MINASN1_CERT_BLOB_CNT]
  475. )
  476. {
  477. DWORD i;
  478. DWORD cbName = pIssuerNameValueBlob->cbData;
  479. const BYTE *pbName = pIssuerNameValueBlob->pbData;
  481. if (0 == cbName)
  482. return NULL;
  484. for (i = 0; i < cCert; i++) {
  485. if (cbName == rgrgCertBlob[i][MINASN1_CERT_SUBJECT_IDX].cbData &&
  486. 0 == memcmp(pbName,
  487. rgrgCertBlob[i][MINASN1_CERT_SUBJECT_IDX].pbData,
  488. cbName))
  489. return rgrgCertBlob[i];
  490. }
  492. return NULL;
  493. }
  496. //+-------------------------------------------------------------------------
  497. // Verifies a previously parsed X.509 Certificate.
  498. //
  499. // Assumes the ASN.1 encoded X.509 certificate was parsed via
  500. // MinAsn1ParseCertificate() and the set of potential issuer certificates
  501. // were parsed via one or more of:
  502. // - MinAsn1ParseCertificate()
  503. // - MinAsn1ParseSignedDataCertificates()
  504. // - MinAsn1ExtractParsedCertificatesFromSignedData()
  505. //
  506. // Iteratively finds the issuer certificate via its encoded name. The
  507. // public key in the issuer certificate is used to verify the subject
  508. // certificate's signature. This is repeated until finding a self signed
  509. // certificate or a baked in root identified by its encoded name.
  510. // For a self signed certificate, compares against the baked in root
  511. // public keys.
  512. //
  513. // If the certificate and its issuers were successfully verified to a
  514. // baked in root, ERROR_SUCCESS is returned. Otherwise, a nonzero error
  515. // code is returned.
  516. //--------------------------------------------------------------------------
  517. LONG
  518. WINAPI
  519. MinCryptVerifyCertificate(
  520. IN CRYPT_DER_BLOB rgSubjectCertBlob[MINASN1_CERT_BLOB_CNT],
  521. IN DWORD cIssuerCert,
  522. IN CRYPT_DER_BLOB rgrgIssuerCertBlob[][MINASN1_CERT_BLOB_CNT]
  523. )
  524. {
  525. LONG lErr;
  526. DWORD dwChainDepth = 0;
  527. PCRYPT_DER_BLOB rgSubject;
  528. BOOL fRoot = FALSE;
  530. rgSubject = rgSubjectCertBlob;
  531. while (!fRoot) {
  532. ALG_ID HashAlgId;
  533. BYTE rgbHash[MINCRYPT_MAX_HASH_LEN];
  534. DWORD cbHash;
  536. PCRYPT_DER_BLOB rgIssuer = NULL;
  537. PCRYPT_DER_BLOB pIssuerPubKeyInfo = NULL;
  539. // Hash the Subject's ToBeSigned bytes
  540. HashAlgId = MinCryptDecodeHashAlgorithmIdentifier(
  541. &rgSubject[MINASN1_CERT_SIGN_ALGID_IDX]);
  542. if (0 == HashAlgId)
  543. goto UnknownHashAlgId;
  544. lErr = MinCryptHashMemory(
  545. HashAlgId,
  546. 1, // cBlob,
  547. &rgSubject[MINASN1_CERT_TO_BE_SIGNED_IDX],
  548. rgbHash,
  549. &cbHash
  550. );
  551. if (ERROR_SUCCESS != lErr)
  552. goto ErrorReturn;
  554. // Get the public key to decrypt the signature
  556. // Check if SelfSigned
  557. if (rgSubject[MINASN1_CERT_ISSUER_IDX].cbData ==
  558. rgSubject[MINASN1_CERT_SUBJECT_IDX].cbData
  559. &&
  560. 0 == memcmp(rgSubject[MINASN1_CERT_ISSUER_IDX].pbData,
  561. rgSubject[MINASN1_CERT_SUBJECT_IDX].pbData,
  562. rgSubject[MINASN1_CERT_ISSUER_IDX].cbData)) {
  563. lErr = I_MinCryptFindRootByKey(
  564. &rgSubject[MINASN1_CERT_PUBKEY_INFO_IDX],
  565. &pIssuerPubKeyInfo);
  566. if (NULL == pIssuerPubKeyInfo)
  567. goto ErrorReturn;
  568. fRoot = TRUE;
  569. } else {
  570. // Check if the issuer is a root
  571. lErr = I_MinCryptFindRootByName(
  572. &rgSubject[MINASN1_CERT_ISSUER_IDX],
  573. &pIssuerPubKeyInfo);
  574. if (pIssuerPubKeyInfo)
  575. fRoot = TRUE;
  576. else {
  577. // If some other error code is set, then some
  578. // sort of unexpected system error occurred
  579. // and we should bail.
  580. if (CERT_E_UNTRUSTEDROOT != lErr)
  581. goto ErrorReturn;
  583. // Try to find the issuer from the input set of
  584. // certificates
  585. rgIssuer = I_MinCryptFindIssuerCertificateByName(
  586. &rgSubject[MINASN1_CERT_ISSUER_IDX],
  587. cIssuerCert,
  588. rgrgIssuerCertBlob
  589. );
  590. if (NULL == rgIssuer)
  591. goto PartialChain;
  593. pIssuerPubKeyInfo = &rgIssuer[MINASN1_CERT_PUBKEY_INFO_IDX];
  594. }
  595. }
  597. // Use the issuer or root's public key to decrypt and verify
  598. // the signature.
  599. lErr = MinCryptVerifySignedHash(
  600. HashAlgId,
  601. rgbHash,
  602. cbHash,
  603. &rgSubject[MINASN1_CERT_SIGNATURE_IDX],
  604. pIssuerPubKeyInfo
  605. );
  606. if (ERROR_SUCCESS != lErr)
  607. goto ErrorReturn;
  609. if (!fRoot) {
  610. assert(rgIssuer);
  611. dwChainDepth++;
  612. if (MAX_CHAIN_DEPTH < dwChainDepth)
  613. goto CyclicChain;
  614. rgSubject = rgIssuer;
  615. }
  616. }
  619. lErr = ERROR_SUCCESS;
  621. ErrorReturn:
  622. CommonReturn:
  623. return lErr;
  625. UnknownHashAlgId:
  626. lErr = CRYPT_E_UNKNOWN_ALGO;
  627. goto CommonReturn;
  628. CyclicChain:
  629. PartialChain:
  630. lErr = CERT_E_CHAINING;
  631. goto CommonReturn;
  632. }