Commit 9adcf560 authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32: Implement CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT in CryptVerifyCertificateSignatureEx.

parent 31f29ffc
...@@ -193,6 +193,41 @@ BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV hCryptProv, ...@@ -193,6 +193,41 @@ BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV hCryptProv,
CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL); CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL);
} }
static BOOL CRYPT_VerifyCertSignatureFromPublicKeyInfo(HCRYPTPROV hCryptProv,
DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo,
PCERT_SIGNED_CONTENT_INFO signedCert)
{
BOOL ret;
ALG_ID algID = CertOIDToAlgId(pubKeyInfo->Algorithm.pszObjId);
HCRYPTKEY key;
/* Load the default provider if necessary */
if (!hCryptProv)
hCryptProv = CRYPT_GetDefaultProvider();
ret = CryptImportPublicKeyInfoEx(hCryptProv, dwCertEncodingType,
pubKeyInfo, algID, 0, NULL, &key);
if (ret)
{
HCRYPTHASH hash;
/* Some key algorithms aren't hash algorithms, so map them */
if (algID == CALG_RSA_SIGN || algID == CALG_RSA_KEYX)
algID = CALG_SHA1;
ret = CryptCreateHash(hCryptProv, algID, 0, 0, &hash);
if (ret)
{
ret = CryptHashData(hash, signedCert->ToBeSigned.pbData,
signedCert->ToBeSigned.cbData, 0);
if (ret)
ret = CryptVerifySignatureW(hash, signedCert->Signature.pbData,
signedCert->Signature.cbData, key, NULL, 0);
CryptDestroyHash(hash);
}
CryptDestroyKey(key);
}
return ret;
}
BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV hCryptProv, BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV hCryptProv,
DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject, DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved) DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
...@@ -249,48 +284,18 @@ BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV hCryptProv, ...@@ -249,48 +284,18 @@ BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV hCryptProv,
switch (dwIssuerType) switch (dwIssuerType)
{ {
case CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY: case CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY:
{ ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
PCERT_PUBLIC_KEY_INFO pubKeyInfo = dwCertEncodingType, (PCERT_PUBLIC_KEY_INFO)pvIssuer,
(PCERT_PUBLIC_KEY_INFO)pvIssuer; signedCert);
ALG_ID algID = CertOIDToAlgId(pubKeyInfo->Algorithm.pszObjId);
if (algID)
{
HCRYPTKEY key;
ret = CryptImportPublicKeyInfoEx(hCryptProv,
dwCertEncodingType, pubKeyInfo, algID, 0, NULL, &key);
if (ret)
{
HCRYPTHASH hash;
ret = CryptCreateHash(hCryptProv, algID, 0, 0, &hash);
if (ret)
{
ret = CryptHashData(hash,
signedCert->ToBeSigned.pbData,
signedCert->ToBeSigned.cbData, 0);
if (ret)
{
ret = CryptVerifySignatureW(hash,
signedCert->Signature.pbData,
signedCert->Signature.cbData, key, NULL, 0);
}
CryptDestroyHash(hash);
}
CryptDestroyKey(key);
}
}
else
{
SetLastError(NTE_BAD_ALGID);
ret = FALSE;
}
break; break;
}
case CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT: case CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT:
ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
dwCertEncodingType,
&((PCCERT_CONTEXT)pvIssuer)->pCertInfo->SubjectPublicKeyInfo,
signedCert);
break;
case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN: case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN:
FIXME("issuer type %ld: stub\n", dwIssuerType); FIXME("CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN: stub\n");
ret = FALSE; ret = FALSE;
break; break;
case CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL: case CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment