You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
258 lines
7.4 KiB
258 lines
7.4 KiB
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows NT Security
|
|
// Copyright (C) Microsoft Corporation, 1997 - 1999
|
|
//
|
|
// File: origin.cpp
|
|
//
|
|
// Contents: Origin Identifier implementation
|
|
//
|
|
// History: 10-Sep-97 kirtd Created
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
#include <global.hxx>
|
|
#include <dbgdef.h>
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: CertGetOriginIdentifier
|
|
//
|
|
// Synopsis: get the origin identifier for a certificate
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
BOOL WINAPI CertGetOriginIdentifier (
|
|
IN PCCERT_CONTEXT pCertContext,
|
|
IN PCCERT_CONTEXT pIssuer,
|
|
IN DWORD dwFlags,
|
|
OUT CRYPT_ORIGIN_IDENTIFIER OriginIdentifier
|
|
)
|
|
{
|
|
MD5_CTX md5ctx;
|
|
PCERT_INFO pCertInfo = pCertContext->pCertInfo;
|
|
PCERT_INFO pIssuerCertInfo = pIssuer->pCertInfo;
|
|
|
|
MD5Init( &md5ctx );
|
|
|
|
MD5Update( &md5ctx, pIssuerCertInfo->Subject.pbData, pIssuerCertInfo->Subject.cbData );
|
|
MD5Update( &md5ctx, pCertInfo->Subject.pbData, pCertInfo->Subject.cbData );
|
|
|
|
MD5Update(
|
|
&md5ctx,
|
|
(LPBYTE)pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId,
|
|
strlen( pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId )
|
|
);
|
|
|
|
MD5Update(
|
|
&md5ctx,
|
|
pCertInfo->SubjectPublicKeyInfo.Algorithm.Parameters.pbData,
|
|
pCertInfo->SubjectPublicKeyInfo.Algorithm.Parameters.cbData
|
|
);
|
|
|
|
// We assume that the unused public key bits are zero
|
|
MD5Update(
|
|
&md5ctx,
|
|
pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData,
|
|
pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData
|
|
);
|
|
|
|
MD5Update(
|
|
&md5ctx,
|
|
pIssuerCertInfo->SubjectPublicKeyInfo.PublicKey.pbData,
|
|
pIssuerCertInfo->SubjectPublicKeyInfo.PublicKey.cbData
|
|
);
|
|
|
|
MD5Final( &md5ctx );
|
|
|
|
memcpy( OriginIdentifier, md5ctx.digest, MD5DIGESTLEN );
|
|
return( TRUE );
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: CtlGetOriginIdentifier
|
|
//
|
|
// Synopsis: get the origin identifier for a CTL
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
BOOL WINAPI CtlGetOriginIdentifier (
|
|
IN PCCTL_CONTEXT pCtlContext,
|
|
IN PCCERT_CONTEXT pIssuer,
|
|
IN DWORD dwFlags,
|
|
OUT CRYPT_ORIGIN_IDENTIFIER OriginIdentifier
|
|
)
|
|
{
|
|
MD5_CTX md5ctx;
|
|
DWORD cCount;
|
|
PCTL_INFO pCtlInfo = pCtlContext->pCtlInfo;
|
|
PCTL_USAGE pCtlUsage = &( pCtlContext->pCtlInfo->SubjectUsage );
|
|
PCERT_INFO pIssuerCertInfo = pIssuer->pCertInfo;
|
|
|
|
MD5Init( &md5ctx );
|
|
|
|
MD5Update(
|
|
&md5ctx,
|
|
pIssuerCertInfo->Subject.pbData,
|
|
pIssuerCertInfo->Subject.cbData
|
|
);
|
|
|
|
MD5Update(
|
|
&md5ctx,
|
|
pIssuerCertInfo->SerialNumber.pbData,
|
|
pIssuerCertInfo->SerialNumber.cbData
|
|
);
|
|
|
|
for ( cCount = 0; cCount < pCtlUsage->cUsageIdentifier; cCount++ )
|
|
{
|
|
MD5Update(
|
|
&md5ctx,
|
|
(LPBYTE)pCtlUsage->rgpszUsageIdentifier[cCount],
|
|
strlen( pCtlUsage->rgpszUsageIdentifier[cCount] )
|
|
);
|
|
}
|
|
|
|
MD5Update(
|
|
&md5ctx,
|
|
pCtlInfo->ListIdentifier.pbData,
|
|
pCtlInfo->ListIdentifier.cbData
|
|
);
|
|
|
|
MD5Update(
|
|
&md5ctx,
|
|
pIssuerCertInfo->SubjectPublicKeyInfo.PublicKey.pbData,
|
|
pIssuerCertInfo->SubjectPublicKeyInfo.PublicKey.cbData
|
|
);
|
|
|
|
MD5Final( &md5ctx );
|
|
|
|
memcpy( OriginIdentifier, md5ctx.digest, MD5DIGESTLEN );
|
|
return( TRUE );
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: CrlGetOriginIdentifierFromCrlIssuer
|
|
//
|
|
// Synopsis: get origin identifier for a CRL given the CRL's issuer cert
|
|
//
|
|
// Comments: A freshest, delta CRL will have a different OriginIdentifier
|
|
// from a base CRL having the same issuer.
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
BOOL WINAPI CrlGetOriginIdentifierFromCrlIssuer (
|
|
IN PCCERT_CONTEXT pIssuerContext,
|
|
IN PCERT_NAME_BLOB pIssuerName,
|
|
IN BOOL fFreshest,
|
|
OUT CRYPT_ORIGIN_IDENTIFIER OriginIdentifier
|
|
)
|
|
{
|
|
MD5_CTX md5ctx;
|
|
PCERT_INFO pIssuerCertInfo = pIssuerContext->pCertInfo;
|
|
BYTE bFreshest;
|
|
|
|
|
|
MD5Init( &md5ctx );
|
|
|
|
if (fFreshest)
|
|
{
|
|
bFreshest = 1;
|
|
}
|
|
else
|
|
{
|
|
bFreshest = 0;
|
|
}
|
|
|
|
MD5Update(
|
|
&md5ctx,
|
|
&bFreshest,
|
|
sizeof(bFreshest)
|
|
);
|
|
|
|
MD5Update(
|
|
&md5ctx,
|
|
pIssuerName->pbData,
|
|
pIssuerName->cbData
|
|
);
|
|
|
|
MD5Update(
|
|
&md5ctx,
|
|
pIssuerCertInfo->SubjectPublicKeyInfo.PublicKey.pbData,
|
|
pIssuerCertInfo->SubjectPublicKeyInfo.PublicKey.cbData
|
|
);
|
|
|
|
MD5Final( &md5ctx );
|
|
|
|
memcpy( OriginIdentifier, md5ctx.digest, MD5DIGESTLEN );
|
|
return( TRUE );
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: CrlGetOriginIdentifier
|
|
//
|
|
// Synopsis: get the origin identifier for a CRL
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
BOOL WINAPI CrlGetOriginIdentifier (
|
|
IN PCCRL_CONTEXT pCrlContext,
|
|
IN PCCERT_CONTEXT pIssuer,
|
|
IN DWORD dwFlags,
|
|
OUT CRYPT_ORIGIN_IDENTIFIER OriginIdentifier
|
|
)
|
|
{
|
|
BOOL fFreshest;
|
|
|
|
// See if this is a delta, freshest CRL.
|
|
if (CertFindExtension(
|
|
szOID_DELTA_CRL_INDICATOR,
|
|
pCrlContext->pCrlInfo->cExtension,
|
|
pCrlContext->pCrlInfo->rgExtension
|
|
))
|
|
{
|
|
fFreshest = TRUE;
|
|
}
|
|
else
|
|
{
|
|
fFreshest = FALSE;
|
|
}
|
|
|
|
return CrlGetOriginIdentifierFromCrlIssuer (
|
|
pIssuer,
|
|
&pCrlContext->pCrlInfo->Issuer,
|
|
fFreshest,
|
|
OriginIdentifier
|
|
);
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: CrlGetOriginIdentifierFromSubjectCert
|
|
//
|
|
// Synopsis: get origin identifier for a CRL given the subject cert
|
|
//
|
|
// Comments: OBJECT_CONTEXT_FRESHEST_CRL_FLAG can be set in dwFlags.
|
|
//
|
|
// Assumption: Subject certificate and CRL's issuer are the same.
|
|
//----------------------------------------------------------------------------
|
|
BOOL WINAPI CrlGetOriginIdentifierFromSubjectCert (
|
|
IN PCCERT_CONTEXT pSubjectCert,
|
|
IN PCCERT_CONTEXT pIssuer,
|
|
IN BOOL fFreshest,
|
|
OUT CRYPT_ORIGIN_IDENTIFIER OriginIdentifier
|
|
)
|
|
{
|
|
//
|
|
// NOTENOTE: For the first version of this code we assume that the
|
|
// issuer of the CRL and the issuer of a subject certificate
|
|
// in the CRL are the same. Therefore, we can calculate
|
|
// the CRL origin identifier by using the subject cert's
|
|
// issuer name
|
|
//
|
|
|
|
return CrlGetOriginIdentifierFromCrlIssuer (
|
|
pIssuer,
|
|
&pSubjectCert->pCertInfo->Issuer,
|
|
fFreshest,
|
|
OriginIdentifier
|
|
);
|
|
}
|
|
|
|
|