From 2d18734c6014bdfc4d7fd7cfc8e0608c9684967b Mon Sep 17 00:00:00 2001 From: Boshi LIAN Date: Thu, 31 Dec 2020 18:09:48 +0000 Subject: [PATCH] windows: add PFXImportCertStore and CertDuplicateCertificateContext add 2 new cert related dll call PFXImportCertStore [1] CertDuplicateCertificateContext [2] also, add missing flags for CertCloseStore [3] [1] https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-pfximportcertstore [2] https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certduplicatecertificatecontext [3] https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certclosestore Change-Id: Ia44100ddb2cac1c2a817932c859926e8183dcda0 GitHub-Last-Rev: f3cd41859d8bc24b69b8b1b5a7c598e585044273 GitHub-Pull-Request: golang/sys#93 Reviewed-on: https://go-review.googlesource.com/c/sys/+/273907 Reviewed-by: Jason A. Donenfeld Trust: Jason A. Donenfeld Trust: Alex Brainman Run-TryBot: Jason A. Donenfeld TryBot-Result: Go Bot --- windows/syscall_windows.go | 2 ++ windows/types_windows.go | 59 ++++++++++++++++++++++++++----------- windows/zsyscall_windows.go | 17 +++++++++++ 3 files changed, 60 insertions(+), 18 deletions(-) diff --git a/windows/syscall_windows.go b/windows/syscall_windows.go index 0f17fb75..8ad1cae8 100644 --- a/windows/syscall_windows.go +++ b/windows/syscall_windows.go @@ -265,6 +265,8 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys CertAddCertificateContextToStore(store Handle, certContext *CertContext, addDisposition uint32, storeContext **CertContext) (err error) = crypt32.CertAddCertificateContextToStore //sys CertCloseStore(store Handle, flags uint32) (err error) = crypt32.CertCloseStore //sys CertDeleteCertificateFromStore(certContext *CertContext) (err error) = crypt32.CertDeleteCertificateFromStore +//sys CertDuplicateCertificateContext(certContext *CertContext) (dupContext *CertContext) = crypt32.CertDuplicateCertificateContext +//sys PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (store Handle, err error) = crypt32.PFXImportCertStore //sys CertGetCertificateChain(engine Handle, leaf *CertContext, time *Filetime, additionalStore Handle, para *CertChainPara, flags uint32, reserved uintptr, chainCtx **CertChainContext) (err error) = crypt32.CertGetCertificateChain //sys CertFreeCertificateChain(ctx *CertChainContext) = crypt32.CertFreeCertificateChain //sys CertCreateCertificateContext(certEncodingType uint32, certEncoded *byte, encodedLen uint32) (context *CertContext, err error) [failretval==nil] = crypt32.CertCreateCertificateContext diff --git a/windows/types_windows.go b/windows/types_windows.go index bbede404..b3bd0da4 100644 --- a/windows/types_windows.go +++ b/windows/types_windows.go @@ -249,24 +249,27 @@ const ( const ( // wincrypt.h - PROV_RSA_FULL = 1 - PROV_RSA_SIG = 2 - PROV_DSS = 3 - PROV_FORTEZZA = 4 - PROV_MS_EXCHANGE = 5 - PROV_SSL = 6 - PROV_RSA_SCHANNEL = 12 - PROV_DSS_DH = 13 - PROV_EC_ECDSA_SIG = 14 - PROV_EC_ECNRA_SIG = 15 - PROV_EC_ECDSA_FULL = 16 - PROV_EC_ECNRA_FULL = 17 - PROV_DH_SCHANNEL = 18 - PROV_SPYRUS_LYNKS = 20 - PROV_RNG = 21 - PROV_INTEL_SEC = 22 - PROV_REPLACE_OWF = 23 - PROV_RSA_AES = 24 + /* certenrolld_begin -- PROV_RSA_*/ + PROV_RSA_FULL = 1 + PROV_RSA_SIG = 2 + PROV_DSS = 3 + PROV_FORTEZZA = 4 + PROV_MS_EXCHANGE = 5 + PROV_SSL = 6 + PROV_RSA_SCHANNEL = 12 + PROV_DSS_DH = 13 + PROV_EC_ECDSA_SIG = 14 + PROV_EC_ECNRA_SIG = 15 + PROV_EC_ECDSA_FULL = 16 + PROV_EC_ECNRA_FULL = 17 + PROV_DH_SCHANNEL = 18 + PROV_SPYRUS_LYNKS = 20 + PROV_RNG = 21 + PROV_INTEL_SEC = 22 + PROV_REPLACE_OWF = 23 + PROV_RSA_AES = 24 + + /* dwFlags definitions for CryptAcquireContext */ CRYPT_VERIFYCONTEXT = 0xF0000000 CRYPT_NEWKEYSET = 0x00000008 CRYPT_DELETEKEYSET = 0x00000010 @@ -274,6 +277,17 @@ const ( CRYPT_SILENT = 0x00000040 CRYPT_DEFAULT_CONTAINER_OPTIONAL = 0x00000080 + /* Flags for PFXImportCertStore */ + CRYPT_EXPORTABLE = 0x00000001 + CRYPT_USER_PROTECTED = 0x00000002 + CRYPT_USER_KEYSET = 0x00001000 + PKCS12_PREFER_CNG_KSP = 0x00000100 + PKCS12_ALWAYS_CNG_KSP = 0x00000200 + PKCS12_ALLOW_OVERWRITE_KEY = 0x00004000 + PKCS12_NO_PERSIST_KEY = 0x00008000 + PKCS12_INCLUDE_EXTENDED_PROPERTIES = 0x00000010 + + /* Default usage match type is AND with value zero */ USAGE_MATCH_TYPE_AND = 0 USAGE_MATCH_TYPE_OR = 1 @@ -409,6 +423,10 @@ const ( CERT_CHAIN_POLICY_EV = 8 CERT_CHAIN_POLICY_SSL_F12 = 9 + /* Certificate Store close flags */ + CERT_CLOSE_STORE_FORCE_FLAG = 0x00000001 + CERT_CLOSE_STORE_CHECK_FLAG = 0x00000002 + /* AuthType values for SSLExtraCertChainPolicyPara struct */ AUTHTYPE_CLIENT = 1 AUTHTYPE_SERVER = 2 @@ -1139,6 +1157,11 @@ type CertChainPolicyStatus struct { ExtraPolicyStatus Pointer } +type CryptDataBlob struct { + Size uint32 + Data *byte +} + const ( // do not reorder HKEY_CLASSES_ROOT = 0x80000000 + iota diff --git a/windows/zsyscall_windows.go b/windows/zsyscall_windows.go index 72a91a5f..5ad0b9bf 100644 --- a/windows/zsyscall_windows.go +++ b/windows/zsyscall_windows.go @@ -143,6 +143,7 @@ var ( procCertCloseStore = modcrypt32.NewProc("CertCloseStore") procCertCreateCertificateContext = modcrypt32.NewProc("CertCreateCertificateContext") procCertDeleteCertificateFromStore = modcrypt32.NewProc("CertDeleteCertificateFromStore") + procCertDuplicateCertificateContext = modcrypt32.NewProc("CertDuplicateCertificateContext") procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore") procCertFreeCertificateChain = modcrypt32.NewProc("CertFreeCertificateChain") procCertFreeCertificateContext = modcrypt32.NewProc("CertFreeCertificateContext") @@ -150,6 +151,7 @@ var ( procCertOpenStore = modcrypt32.NewProc("CertOpenStore") procCertOpenSystemStoreW = modcrypt32.NewProc("CertOpenSystemStoreW") procCertVerifyCertificateChainPolicy = modcrypt32.NewProc("CertVerifyCertificateChainPolicy") + procPFXImportCertStore = modcrypt32.NewProc("PFXImportCertStore") procDnsNameCompare_W = moddnsapi.NewProc("DnsNameCompare_W") procDnsQuery_W = moddnsapi.NewProc("DnsQuery_W") procDnsRecordListFree = moddnsapi.NewProc("DnsRecordListFree") @@ -1180,6 +1182,12 @@ func CertDeleteCertificateFromStore(certContext *CertContext) (err error) { return } +func CertDuplicateCertificateContext(certContext *CertContext) (dupContext *CertContext) { + r0, _, _ := syscall.Syscall(procCertDuplicateCertificateContext.Addr(), 1, uintptr(unsafe.Pointer(certContext)), 0, 0) + dupContext = (*CertContext)(unsafe.Pointer(r0)) + return +} + func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) { r0, _, e1 := syscall.Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0) context = (*CertContext)(unsafe.Pointer(r0)) @@ -1236,6 +1244,15 @@ func CertVerifyCertificateChainPolicy(policyOID uintptr, chain *CertChainContext return } +func PFXImportCertStore(pfx *CryptDataBlob, password *uint16, flags uint32) (store Handle, err error) { + r0, _, e1 := syscall.Syscall(procPFXImportCertStore.Addr(), 3, uintptr(unsafe.Pointer(pfx)), uintptr(unsafe.Pointer(password)), uintptr(flags)) + store = Handle(r0) + if store == 0 { + err = errnoErr(e1) + } + return +} + func DnsNameCompare(name1 *uint16, name2 *uint16) (same bool) { r0, _, _ := syscall.Syscall(procDnsNameCompare_W.Addr(), 2, uintptr(unsafe.Pointer(name1)), uintptr(unsafe.Pointer(name2)), 0) same = r0 != 0