certstore/certstore_windows.go

597 строки
15 KiB
Go

package certstore
/*
#cgo windows LDFLAGS: -lcrypt32 -lncrypt
#include <windows.h>
#include <wincrypt.h>
#include <ncrypt.h>
char* errMsg(DWORD code) {
char* lpMsgBuf;
DWORD ret = 0;
ret = FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
code,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &lpMsgBuf,
0, NULL);
if (ret == 0) {
return NULL;
} else {
return lpMsgBuf;
}
}
*/
import "C"
import (
"crypto"
"crypto/ecdsa"
"crypto/rsa"
"crypto/x509"
"encoding/asn1"
"fmt"
"io"
"math/big"
"unicode/utf16"
"unsafe"
"github.com/pkg/errors"
)
const (
winTrue C.WINBOOL = 1
winFalse C.WINBOOL = 0
)
// winAPIFlag specifies the flags that should be passed to
// CryptAcquireCertificatePrivateKey. This impacts whether the CryptoAPI or CNG
// API will be used.
//
// Possible values are:
// 0x00000000 — — Only use CryptoAPI.
// 0x00010000 — CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG — Prefer CryptoAPI.
// 0x00020000 — CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG — Prefer CNG.
// 0x00040000 — CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG — Only uyse CNG.
var winAPIFlag C.DWORD = C.CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG
// winStore is a wrapper around a C.HCERTSTORE.
type winStore struct {
store C.HCERTSTORE
}
// openStore opens the current user's personal cert store.
func openStore() (*winStore, error) {
storeName := unsafe.Pointer(stringToUTF16("MY"))
defer C.free(storeName)
store := C.CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, C.CERT_SYSTEM_STORE_CURRENT_USER, storeName)
if store == nil {
return nil, lastError("failed to open system cert store")
}
return &winStore{store}, nil
}
// Identities implements the Store interface.
func (s *winStore) Identities() ([]Identity, error) {
var (
ctx = C.PCCERT_CONTEXT(nil)
encoding = C.DWORD(C.X509_ASN_ENCODING | C.PKCS_7_ASN_ENCODING)
idents = []Identity{}
)
for {
if ctx = C.CertFindCertificateInStore(s.store, encoding, 0, C.CERT_FIND_ANY, nil, ctx); ctx == nil {
break
}
idents = append(idents, newWinIdentity(ctx))
}
if err := lastError("failed to iterate certs in store"); err != nil && errors.Cause(err) != cryptENotFound {
for _, ident := range idents {
ident.Close()
}
return nil, err
}
return idents, nil
}
// Import implements the Store interface.
func (s *winStore) Import(data []byte, password string) error {
cdata := C.CBytes(data)
defer C.free(cdata)
cpw := stringToUTF16(password)
defer C.free(unsafe.Pointer(cpw))
pfx := &C.CRYPT_DATA_BLOB{
cbData: C.DWORD(len(data)),
pbData: (*C.BYTE)(cdata),
}
flags := C.CRYPT_USER_KEYSET
// import into preferred KSP
if winAPIFlag&C.CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG > 0 {
flags |= C.PKCS12_PREFER_CNG_KSP
} else if winAPIFlag&C.CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG > 0 {
flags |= C.PKCS12_ALWAYS_CNG_KSP
}
store := C.PFXImportCertStore(pfx, cpw, C.DWORD(flags))
if store == nil {
return lastError("failed to import PFX cert store")
}
defer C.CertCloseStore(store, C.CERT_CLOSE_STORE_FORCE_FLAG)
var (
ctx = C.PCCERT_CONTEXT(nil)
encoding = C.DWORD(C.X509_ASN_ENCODING | C.PKCS_7_ASN_ENCODING)
)
for {
// iterate through certs in temporary store
if ctx = C.CertFindCertificateInStore(store, encoding, 0, C.CERT_FIND_ANY, nil, ctx); ctx == nil {
if err := lastError("failed to iterate certs in store"); err != nil && errors.Cause(err) != cryptENotFound {
return err
}
break
}
// Copy the cert to the system store.
if ok := C.CertAddCertificateContextToStore(s.store, ctx, C.CERT_STORE_ADD_REPLACE_EXISTING, nil); ok == winFalse {
return lastError("failed to add importerd certificate to MY store")
}
}
return nil
}
// Close implements the Store interface.
func (s *winStore) Close() {
C.CertCloseStore(s.store, 0)
s.store = nil
}
// winIdentity implements the Identity iterface.
type winIdentity struct {
ctx C.PCCERT_CONTEXT
signer *winPrivateKey
}
func newWinIdentity(ctx C.PCCERT_CONTEXT) *winIdentity {
return &winIdentity{ctx: C.CertDuplicateCertificateContext(ctx)}
}
// Certificate implements the Identity iterface.
func (i *winIdentity) Certificate() (*x509.Certificate, error) {
der := C.GoBytes(unsafe.Pointer(i.ctx.pbCertEncoded), C.int(i.ctx.cbCertEncoded))
cert, err := x509.ParseCertificate(der)
if err != nil {
return nil, errors.Wrap(err, "certificate parsing failed")
}
return cert, nil
}
// Signer implements the Identity interface.
func (i *winIdentity) Signer() (crypto.Signer, error) {
return i.getPrivateKey()
}
// getPrivateKey gets this identity's private *winPrivateKey.
func (i *winIdentity) getPrivateKey() (*winPrivateKey, error) {
if i.signer != nil {
return i.signer, nil
}
cert, err := i.Certificate()
if err != nil {
return nil, errors.Wrap(err, "failed to get identity certificate")
}
signer, err := newWinPrivateKey(i.ctx, cert.PublicKey)
if err != nil {
return nil, errors.Wrap(err, "failed to load identity private key")
}
i.signer = signer
return i.signer, nil
}
// Delete implements the Identity iterface.
func (i *winIdentity) Delete() error {
// duplicate cert context, since CertDeleteCertificateFromStore will free it.
deleteCtx := C.CertDuplicateCertificateContext(i.ctx)
// try deleting cert
if ok := C.CertDeleteCertificateFromStore(deleteCtx); ok == winFalse {
return lastError("failed to delete certificate from store")
}
// try deleting private key
wpk, err := i.getPrivateKey()
if err != nil {
return errors.Wrap(err, "failed to get identity private key")
}
if err := wpk.Delete(); err != nil {
return errors.Wrap(err, "failed to delete identity private key")
}
return nil
}
// Close implements the Identity iterface.
func (i *winIdentity) Close() {
if i.signer != nil {
i.signer.Close()
i.signer = nil
}
C.CertFreeCertificateContext(i.ctx)
i.ctx = nil
}
// winPrivateKey is a wrapper around a HCRYPTPROV_OR_NCRYPT_KEY_HANDLE.
type winPrivateKey struct {
publicKey crypto.PublicKey
// CryptoAPI fields
capiProv C.HCRYPTPROV
// CNG fields
cngHandle C.NCRYPT_KEY_HANDLE
keySpec C.DWORD
}
// newWinPrivateKey gets a *winPrivateKey for the given certificate.
func newWinPrivateKey(certCtx C.PCCERT_CONTEXT, publicKey crypto.PublicKey) (*winPrivateKey, error) {
var (
provOrKey C.HCRYPTPROV_OR_NCRYPT_KEY_HANDLE
keySpec C.DWORD
mustFree C.WINBOOL
)
if publicKey == nil {
return nil, errors.New("nil public key")
}
// Get a handle for the found private key.
if ok := C.CryptAcquireCertificatePrivateKey(certCtx, winAPIFlag, nil, &provOrKey, &keySpec, &mustFree); ok == winFalse {
return nil, lastError("failed to get private key for certificate")
}
if mustFree != winTrue {
// This shouldn't happen since we're not asking for cached keys.
return nil, errors.New("CryptAcquireCertificatePrivateKey set mustFree")
}
if keySpec == C.CERT_NCRYPT_KEY_SPEC {
return &winPrivateKey{
publicKey: publicKey,
cngHandle: C.NCRYPT_KEY_HANDLE(provOrKey),
}, nil
} else {
return &winPrivateKey{
publicKey: publicKey,
capiProv: C.HCRYPTPROV(provOrKey),
keySpec: keySpec,
}, nil
}
}
// PublicKey implements the crypto.Signer interface.
func (wpk *winPrivateKey) Public() crypto.PublicKey {
return wpk.publicKey
}
// Sign implements the crypto.Signer interface.
func (wpk *winPrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
if wpk.capiProv != 0 {
return wpk.capiSignHash(opts.HashFunc(), digest)
} else if wpk.cngHandle != 0 {
return wpk.cngSignHash(opts.HashFunc(), digest)
} else {
return nil, errors.New("bad private key")
}
}
// cngSignHash signs a digest using the CNG APIs.
func (wpk *winPrivateKey) cngSignHash(hash crypto.Hash, digest []byte) ([]byte, error) {
if len(digest) != hash.Size() {
return nil, errors.New("bad digest for hash")
}
var (
// input
padPtr = unsafe.Pointer(nil)
digestPtr = (*C.BYTE)(&digest[0])
digestLen = C.DWORD(len(digest))
flags = C.DWORD(0)
// output
sigLen = C.DWORD(0)
)
// setup pkcs1v1.5 padding for RSA
if _, isRSA := wpk.publicKey.(*rsa.PublicKey); isRSA {
flags |= C.BCRYPT_PAD_PKCS1
padInfo := C.BCRYPT_PKCS1_PADDING_INFO{}
padPtr = unsafe.Pointer(&padInfo)
switch hash {
case crypto.SHA1:
padInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM
case crypto.SHA256:
padInfo.pszAlgId = BCRYPT_SHA256_ALGORITHM
case crypto.SHA384:
padInfo.pszAlgId = BCRYPT_SHA384_ALGORITHM
case crypto.SHA512:
padInfo.pszAlgId = BCRYPT_SHA512_ALGORITHM
default:
return nil, ErrUnsupportedHash
}
}
// get signature length
if err := checkStatus(C.NCryptSignHash(wpk.cngHandle, padPtr, digestPtr, digestLen, nil, 0, &sigLen, flags)); err != nil {
return nil, errors.Wrap(err, "failed to get signature length")
}
// get signature
sig := make([]byte, sigLen)
sigPtr := (*C.BYTE)(&sig[0])
if err := checkStatus(C.NCryptSignHash(wpk.cngHandle, padPtr, digestPtr, digestLen, sigPtr, sigLen, &sigLen, flags)); err != nil {
return nil, errors.Wrap(err, "failed to sign digest")
}
// CNG returns a raw ECDSA signature, but we wan't ASN.1 DER encoding.
if _, isEC := wpk.publicKey.(*ecdsa.PublicKey); isEC {
if len(sig)%2 != 0 {
return nil, errors.New("bad ecdsa signature from CNG")
}
type ecdsaSignature struct {
R, S *big.Int
}
r := new(big.Int).SetBytes(sig[:len(sig)/2])
s := new(big.Int).SetBytes(sig[len(sig)/2:])
encoded, err := asn1.Marshal(ecdsaSignature{r, s})
if err != nil {
return nil, errors.Wrap(err, "failed to ASN.1 encode EC signature")
}
return encoded, nil
}
return sig, nil
}
// capiSignHash signs a digest using the CryptoAPI APIs.
func (wpk *winPrivateKey) capiSignHash(hash crypto.Hash, digest []byte) ([]byte, error) {
if len(digest) != hash.Size() {
return nil, errors.New("bad digest for hash")
}
// Figure out which CryptoAPI hash algorithm we're using.
var hash_alg C.ALG_ID
switch hash {
case crypto.SHA1:
hash_alg = C.CALG_SHA1
case crypto.SHA256:
hash_alg = C.CALG_SHA_256
case crypto.SHA384:
hash_alg = C.CALG_SHA_384
case crypto.SHA512:
hash_alg = C.CALG_SHA_512
default:
return nil, ErrUnsupportedHash
}
// Instantiate a CryptoAPI hash object.
var chash C.HCRYPTHASH
if ok := C.CryptCreateHash(C.HCRYPTPROV(wpk.capiProv), hash_alg, 0, 0, &chash); ok == winFalse {
if err := lastError("failed to create hash"); errors.Cause(err) == nteBadAlgID {
return nil, ErrUnsupportedHash
} else {
return nil, err
}
}
defer C.CryptDestroyHash(chash)
// Make sure the hash size matches.
var (
hashSize C.DWORD
hashSizePtr = (*C.BYTE)(unsafe.Pointer(&hashSize))
hashSizeLen = C.DWORD(unsafe.Sizeof(hashSize))
)
if ok := C.CryptGetHashParam(chash, C.HP_HASHSIZE, hashSizePtr, &hashSizeLen, 0); ok == winFalse {
return nil, lastError("failed to get hash size")
}
if hash.Size() != int(hashSize) {
return nil, errors.New("invalid CryptoAPI hash")
}
// Put our digest into the hash object.
digestPtr := (*C.BYTE)(unsafe.Pointer(&digest[0]))
if ok := C.CryptSetHashParam(chash, C.HP_HASHVAL, digestPtr, 0); ok == winFalse {
return nil, lastError("failed to set hash digest")
}
// Get signature length.
var sigLen C.DWORD
if ok := C.CryptSignHash(chash, wpk.keySpec, nil, 0, nil, &sigLen); ok == winFalse {
return nil, lastError("failed to get signature length")
}
// Get signature
var (
sig = make([]byte, int(sigLen))
sigPtr = (*C.BYTE)(unsafe.Pointer(&sig[0]))
)
if ok := C.CryptSignHash(chash, wpk.keySpec, nil, 0, sigPtr, &sigLen); ok == winFalse {
return nil, lastError("failed to sign digest")
}
// Signature is little endian, but we want big endian. Reverse it.
for i := len(sig)/2 - 1; i >= 0; i-- {
opp := len(sig) - 1 - i
sig[i], sig[opp] = sig[opp], sig[i]
}
return sig, nil
}
func (wpk *winPrivateKey) Delete() error {
if wpk.cngHandle != 0 {
// Delete CNG key
if err := checkStatus(C.NCryptDeleteKey(wpk.cngHandle, 0)); err != nil {
return err
}
} else if wpk.capiProv != 0 {
// Delete CryptoAPI key
var (
param unsafe.Pointer
err error
containerName C.LPCTSTR
providerName C.LPCTSTR
providerType *C.DWORD
)
if param, err = wpk.getProviderParam(C.PP_CONTAINER); err != nil {
return errors.Wrap(err, "failed to get PP_CONTAINER")
} else {
containerName = C.LPCTSTR(param)
}
if param, err = wpk.getProviderParam(C.PP_NAME); err != nil {
return errors.Wrap(err, "failed to get PP_NAME")
} else {
providerName = C.LPCTSTR(param)
}
if param, err = wpk.getProviderParam(C.PP_PROVTYPE); err != nil {
return errors.Wrap(err, "failed to get PP_PROVTYPE")
} else {
providerType = (*C.DWORD)(param)
}
// use CRYPT_SILENT too?
var prov C.HCRYPTPROV
if ok := C.CryptAcquireContext(&prov, containerName, providerName, *providerType, C.CRYPT_DELETEKEYSET); ok == winFalse {
return lastError("failed to delete key set")
}
} else {
return errors.New("bad private key")
}
return nil
}
// getProviderParam gets a parameter about a provider.
func (wpk *winPrivateKey) getProviderParam(param C.DWORD) (unsafe.Pointer, error) {
var dataLen C.DWORD
if ok := C.CryptGetProvParam(wpk.capiProv, param, nil, &dataLen, 0); ok == winFalse {
return nil, lastError("failed to get provider parameter size")
}
data := make([]byte, dataLen)
dataPtr := (*C.BYTE)(unsafe.Pointer(&data[0]))
if ok := C.CryptGetProvParam(wpk.capiProv, param, dataPtr, &dataLen, 0); ok == winFalse {
return nil, lastError("failed to get provider parameter")
}
// TODO leaking memory here
return C.CBytes(data), nil
}
// Close closes this winPrivateKey.
func (wpk *winPrivateKey) Close() {
if wpk.cngHandle != 0 {
C.NCryptFreeObject(C.NCRYPT_HANDLE(wpk.cngHandle))
wpk.cngHandle = 0
}
if wpk.capiProv != 0 {
C.CryptReleaseContext(wpk.capiProv, 0)
wpk.capiProv = 0
}
}
type errCode C.DWORD
const (
// cryptENotFound — Cannot find object or property.
cryptENotFound errCode = C.CRYPT_E_NOT_FOUND & (1<<32 - 1)
// NTE_BAD_ALGID — Invalid algorithm specified.
nteBadAlgID errCode = C.NTE_BAD_ALGID & (1<<32 - 1)
)
// lastError gets the last error from the current thread.
func lastError(msg string) error {
return errors.Wrap(errCode(C.GetLastError()), msg)
}
func (c errCode) Error() string {
cmsg := C.errMsg(C.DWORD(c))
if cmsg == nil {
return fmt.Sprintf("Error %X", int(c))
}
defer C.LocalFree(C.HLOCAL(cmsg))
gomsg := C.GoString(cmsg)
return fmt.Sprintf("Error: %X %s", int(c), gomsg)
}
type securityStatus C.SECURITY_STATUS
func checkStatus(s C.SECURITY_STATUS) error {
if s == C.ERROR_SUCCESS {
return nil
}
if s == C.NTE_BAD_ALGID {
return ErrUnsupportedHash
}
return securityStatus(s)
}
func (s securityStatus) Error() string {
return fmt.Sprintf("SECURITY_STATUS %d", int(s))
}
func stringToUTF16(s string) C.LPCWSTR {
wstr := utf16.Encode([]rune(s))
p := C.calloc(C.size_t(len(wstr)+1), C.size_t(unsafe.Sizeof(uint16(0))))
pp := (*[1 << 30]uint16)(p)
copy(pp[:], wstr)
return (C.LPCWSTR)(p)
}