From 3b90b7be75fc96d3c666ff8920327fe4d2484d13 Mon Sep 17 00:00:00 2001
From: Hans Leidekker <hans@codeweavers.com>
Date: Thu, 10 Mar 2022 14:15:50 +0100
Subject: [PATCH] crypt32: Add support for decoding OCSP responses.

Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/crypt32/decode.c       | 93 +++++++++++++++++++++++++++++++++++++
 dlls/crypt32/tests/encode.c | 73 +++++++++++++++++++++++++++++
 2 files changed, 166 insertions(+)

diff --git a/dlls/crypt32/decode.c b/dlls/crypt32/decode.c
index 1550b3d6f85..dde049b3c40 100644
--- a/dlls/crypt32/decode.c
+++ b/dlls/crypt32/decode.c
@@ -6147,6 +6147,96 @@ static BOOL WINAPI CRYPT_AsnDecodeEccSignature(DWORD dwCertEncodingType,
     return ret;
 }
 
+static BOOL CRYPT_AsnDecodeOCSPResponseStatus(const BYTE *pbEncoded,
+ DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo,
+ DWORD *pcbDecoded)
+{
+    if (!cbEncoded)
+    {
+        SetLastError(CRYPT_E_ASN1_EOD);
+        return FALSE;
+    }
+    if (pbEncoded[0] != ASN_ENUMERATED)
+    {
+        SetLastError(CRYPT_E_ASN1_BADTAG);
+        return FALSE;
+    }
+
+    return CRYPT_AsnDecodeIntInternal(pbEncoded, cbEncoded, dwFlags, pvStructInfo,
+     pcbStructInfo, pcbDecoded);
+}
+
+static BOOL CRYPT_AsnDecodeOCSPResponseBytes(const BYTE *pbEncoded,
+ DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo,
+ DWORD *pcbDecoded)
+{
+    DWORD dataLen;
+    BOOL ret;
+
+    if (!cbEncoded)
+    {
+        SetLastError(CRYPT_E_ASN1_EOD);
+        return FALSE;
+    }
+    if (pbEncoded[0] != (ASN_CONTEXT | ASN_CONSTRUCTOR))
+    {
+        SetLastError(CRYPT_E_ASN1_BADTAG);
+        return FALSE;
+    }
+
+    if ((ret = CRYPT_GetLen(pbEncoded, cbEncoded, &dataLen)))
+    {
+        struct AsnDecodeSequenceItem items[] = {
+         { ASN_OBJECTIDENTIFIER, 0,
+           CRYPT_AsnDecodeOidIgnoreTag, sizeof(LPSTR), FALSE, TRUE,
+           0, 0 },
+         { ASN_OCTETSTRING, sizeof(LPSTR),
+           CRYPT_AsnDecodeOctets, sizeof(CRYPT_OBJID_BLOB), FALSE, TRUE,
+           sizeof(LPSTR) + offsetof(CRYPT_OBJID_BLOB, pbData), 0 },
+         };
+         BYTE lenBytes = GET_LEN_BYTES(pbEncoded[1]);
+         DWORD bytesNeeded;
+
+         if (dataLen)
+         {
+            ret = CRYPT_AsnDecodeSequence(items, ARRAY_SIZE(items),
+             pbEncoded + 1 + lenBytes, cbEncoded - 1 - lenBytes, dwFlags, NULL,
+             pvStructInfo, pcbStructInfo, &bytesNeeded, NULL);
+            if (ret) *pcbDecoded = bytesNeeded + lenBytes + 1;
+         }
+    }
+    return ret;
+}
+
+static BOOL WINAPI CRYPT_AsnDecodeOCSPResponse(DWORD dwCertEncodingType,
+ LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags,
+ CRYPT_DECODE_PARA *pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
+{
+    BOOL ret;
+    struct AsnDecodeSequenceItem items[] = {
+     { ASN_ENUMERATED, offsetof(OCSP_RESPONSE_INFO, dwStatus),
+       CRYPT_AsnDecodeOCSPResponseStatus, sizeof(DWORD), FALSE, FALSE,
+       0, 0 },
+     { ASN_CONTEXT | ASN_CONSTRUCTOR, offsetof(OCSP_RESPONSE_INFO, pszObjId),
+       CRYPT_AsnDecodeOCSPResponseBytes, sizeof(LPSTR) + sizeof(CRYPT_OBJID_BLOB), TRUE, TRUE,
+       offsetof(OCSP_RESPONSE_INFO, pszObjId), 0 },
+    };
+
+    __TRY
+    {
+        ret = CRYPT_AsnDecodeSequence(items, ARRAY_SIZE(items),
+         pbEncoded, cbEncoded, dwFlags, pDecodePara, pvStructInfo,
+         pcbStructInfo, NULL, NULL);
+    }
+    __EXCEPT_PAGE_FAULT
+    {
+        SetLastError(STATUS_ACCESS_VIOLATION);
+        ret = FALSE;
+    }
+    __ENDTRY
+    return ret;
+}
+
 static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType,
  LPCSTR lpszStructType)
 {
@@ -6295,6 +6385,9 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType,
         case LOWORD(CNG_RSA_PUBLIC_KEY_BLOB):
             decodeFunc = CRYPT_AsnDecodeRsaPubKey_Bcrypt;
             break;
+        case LOWORD(OCSP_RESPONSE):
+            decodeFunc = CRYPT_AsnDecodeOCSPResponse;
+            break;
         default:
             FIXME("Unimplemented decoder for lpszStructType OID %d\n", LOWORD(lpszStructType));
         }
diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c
index c47fd823673..11840d817fe 100644
--- a/dlls/crypt32/tests/encode.c
+++ b/dlls/crypt32/tests/encode.c
@@ -8760,6 +8760,78 @@ static void test_encodeOCSPRequestInfo(DWORD dwEncoding)
     LocalFree(buf);
 }
 
+static const BYTE ocsp_response[] = {
+ 0x30, 0x03, 0x0a, 0x01, 0x06
+};
+
+static const BYTE ocsp_response2[] = {
+  0x30, 0x82, 0x01, 0xd3, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x01, 0xcc, 0x30,
+  0x82, 0x01, 0xc8, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
+  0x01, 0x01, 0x04, 0x82, 0x01, 0xb9, 0x30, 0x82, 0x01, 0xb5, 0x30, 0x81,
+  0x9e, 0xa2, 0x16, 0x04, 0x14, 0xb7, 0x6b, 0xa2, 0xea, 0xa8, 0xaa, 0x84,
+  0x8c, 0x79, 0xea, 0xb4, 0xda, 0x0f, 0x98, 0xb2, 0xc5, 0x95, 0x76, 0xb9,
+  0xf4, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x32, 0x30, 0x33, 0x30, 0x37, 0x31,
+  0x38, 0x33, 0x36, 0x34, 0x33, 0x5a, 0x30, 0x73, 0x30, 0x71, 0x30, 0x49,
+  0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04,
+  0x14, 0xe4, 0xe3, 0x95, 0xa2, 0x29, 0xd3, 0xd4, 0xc1, 0xc3, 0x1f, 0xf0,
+  0x98, 0x0c, 0x0b, 0x4e, 0xc0, 0x09, 0x8a, 0xab, 0xd8, 0x04, 0x14, 0xb7,
+  0x6b, 0xa2, 0xea, 0xa8, 0xaa, 0x84, 0x8c, 0x79, 0xea, 0xb4, 0xda, 0x0f,
+  0x98, 0xb2, 0xc5, 0x95, 0x76, 0xb9, 0xf4, 0x02, 0x10, 0x08, 0x49, 0x8f,
+  0x6d, 0xd9, 0xef, 0xfb, 0x40, 0x55, 0x1e, 0xac, 0x54, 0x54, 0x87, 0xc1,
+  0xb1, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x32, 0x30, 0x33, 0x30,
+  0x37, 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5a, 0xa0, 0x11, 0x18, 0x0f,
+  0x32, 0x30, 0x32, 0x32, 0x30, 0x33, 0x31, 0x34, 0x31, 0x37, 0x33, 0x36,
+  0x30, 0x31, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+  0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2a,
+  0xf3, 0x5f, 0xf7, 0x72, 0x6b, 0x27, 0x38, 0x6b, 0xae, 0x66, 0x42, 0xe0,
+  0x3b, 0xc6, 0x44, 0x5f, 0x95, 0xe2, 0x1f, 0xbc, 0x3f, 0xb3, 0x1d, 0x6c,
+  0x6c, 0x7c, 0x91, 0xb3, 0x02, 0x23, 0x0f, 0xf0, 0x13, 0x5f, 0x62, 0x92,
+  0x0d, 0x91, 0xa9, 0x8f, 0x66, 0xe9, 0x18, 0xe3, 0xb1, 0xe0, 0x4c, 0x63,
+  0x40, 0x9e, 0x14, 0x26, 0x28, 0x7a, 0x5e, 0x51, 0x99, 0x43, 0x1c, 0xd5,
+  0xbd, 0x84, 0x88, 0x68, 0xd9, 0x0e, 0xd9, 0xf4, 0x78, 0x48, 0x9f, 0x01,
+  0x4c, 0x34, 0x14, 0x1e, 0x7c, 0x72, 0x9c, 0xdd, 0x94, 0xcb, 0x6e, 0x28,
+  0xf5, 0x76, 0x75, 0xa2, 0xbe, 0x4b, 0x52, 0xac, 0x38, 0x9d, 0xce, 0x52,
+  0x68, 0x33, 0xbc, 0x52, 0xc7, 0xdc, 0x2f, 0x19, 0xff, 0x15, 0x9c, 0x4b,
+  0xdb, 0x83, 0x4e, 0xd7, 0xf6, 0x9b, 0x7f, 0x76, 0x58, 0xa5, 0x46, 0x49,
+  0xe3, 0x2d, 0x41, 0x26, 0xf8, 0xce, 0xb7, 0x56, 0x61, 0xb2, 0x88, 0x65,
+  0x2b, 0xb8, 0x4d, 0xf2, 0xf2, 0x32, 0x50, 0x53, 0x8b, 0x0d, 0xc6, 0x58,
+  0xac, 0xd8, 0xe4, 0x8d, 0x38, 0x9e, 0x61, 0xeb, 0x6b, 0xd2, 0xd6, 0x50,
+  0x8d, 0xfa, 0x93, 0x47, 0x4e, 0x6e, 0x2b, 0xd3, 0xb9, 0xdc, 0xb9, 0xb5,
+  0x86, 0x46, 0xcb, 0xda, 0xd9, 0xd8, 0xd5, 0x99, 0x7a, 0x7c, 0x73, 0xee,
+  0xc1, 0x52, 0x8e, 0xc5, 0xca, 0x28, 0x1d, 0x15, 0x94, 0x06, 0xa0, 0xa5,
+  0x01, 0xf3, 0xbd, 0x67, 0x3f, 0x3d, 0x46, 0x63, 0xc5, 0xba, 0xd5, 0x12,
+  0xde, 0xb4, 0xc5, 0x86, 0xfe, 0x97, 0x6b, 0x70, 0xfe, 0xa4, 0x6a, 0x25,
+  0x63, 0x8e, 0xcf, 0xa4, 0x13, 0x1c, 0x2b, 0xf7, 0xf4, 0xc9, 0x79, 0x8e,
+  0x07, 0xa3, 0x25, 0x9f, 0xcf, 0x33, 0x65, 0x49, 0x84, 0xad, 0x7f, 0x90,
+  0x44, 0x85, 0xd8, 0xa7, 0x73, 0x53, 0x56, 0x73, 0xca, 0x15, 0x39, 0x99,
+  0x5f, 0x39, 0xfd
+};
+
+static void test_decodeOCSPResponseInfo(DWORD dwEncoding)
+{
+    OCSP_RESPONSE_INFO *info;
+    DWORD size;
+    BOOL ret;
+
+    ret = pCryptDecodeObjectEx(dwEncoding, OCSP_RESPONSE, ocsp_response, sizeof(ocsp_response),
+                               CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
+    ok(ret, "got %08lx\n", GetLastError());
+    ok(info->dwStatus == OCSP_UNAUTHORIZED_RESPONSE, "got %lu\n", info->dwStatus);
+    ok(info->pszObjId == NULL, "got %s\n", wine_dbgstr_a(info->pszObjId));
+    ok(!info->Value.cbData, "got %lu\n", info->Value.cbData);
+    ok(info->Value.pbData == NULL, "got %p\n", info->Value.pbData);
+    LocalFree(info);
+
+    ret = pCryptDecodeObjectEx(dwEncoding, OCSP_RESPONSE, ocsp_response2, sizeof(ocsp_response2),
+                               CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
+    ok(ret, "got %08lx\n", GetLastError());
+    ok(info->dwStatus == OCSP_SUCCESSFUL_RESPONSE, "got %lu\n", info->dwStatus);
+    ok(!strcmp(info->pszObjId, szOID_PKIX_OCSP_BASIC_SIGNED_RESPONSE), "got %s\n", wine_dbgstr_a(info->pszObjId));
+    ok(info->Value.cbData == 441, "got %lu\n", info->Value.cbData);
+    ok(info->Value.pbData != NULL, "got %p\n", info->Value.pbData);
+    LocalFree(info);
+}
+
 START_TEST(encode)
 {
     static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING,
@@ -8854,6 +8926,7 @@ START_TEST(encode)
         test_decodeCertPolicyConstraints(encodings[i]);
         test_decodeRsaPrivateKey(encodings[i]);
         test_encodeOCSPRequestInfo(encodings[i]);
+        test_decodeOCSPResponseInfo(encodings[i]);
     }
     testPortPublicKeyInfo();
 }