ncrypt: Implement NCryptVerifySignature.

dlls/ncrypt/main.c

@@ -36,8 +36,11 @@ static SECURITY_STATUS map_ntstatus(NTSTATUS status)
 {
     switch (status)
     {
-    case STATUS_INVALID_HANDLE: return NTE_INVALID_HANDLE;
-    case NTE_BAD_DATA:          return NTE_BAD_DATA;
+    case STATUS_INVALID_HANDLE:    return NTE_INVALID_HANDLE;
+    case STATUS_INVALID_SIGNATURE: return NTE_BAD_SIGNATURE;
+    case STATUS_SUCCESS:           return ERROR_SUCCESS;
+    case STATUS_INVALID_PARAMETER: return NTE_INVALID_PARAMETER;
+    case NTE_BAD_DATA:             return NTE_BAD_DATA;
     default:
         FIXME("unhandled status %#lx\n", status);
         return NTE_INTERNAL_ERROR;
@@ -458,7 +461,21 @@ SECURITY_STATUS WINAPI NCryptSetProperty(NCRYPT_HANDLE handle, const WCHAR *name
 SECURITY_STATUS WINAPI NCryptVerifySignature(NCRYPT_KEY_HANDLE handle, void *padding, BYTE *hash, DWORD hash_size,
                                              BYTE *signature, DWORD signature_size, DWORD flags)
 {
-    FIXME("(%#Ix, %p, %p, %lu, %p, %lu, %#lx): stub\n", handle, padding, hash, hash_size, signature,
+    struct object *key_object = (struct object *)handle;
+
+    TRACE("(%#Ix, %p, %p, %lu, %p, %lu, %#lx)\n", handle, padding, hash, hash_size, signature,
           signature_size, flags);
-    return ERROR_SUCCESS;
+
+    if (!hash_size || !signature_size) return NTE_INVALID_PARAMETER;
+    if (!hash || !signature) return HRESULT_FROM_WIN32(RPC_X_NULL_REF_POINTER);
+    if (!handle || key_object->type != KEY) return NTE_INVALID_HANDLE;
+
+    if (key_object->key.algid < RSA)
+    {
+        FIXME("Symmetric keys not supported.\n");
+        return NTE_NOT_SUPPORTED;
+    }
+
+    return map_ntstatus(BCryptVerifySignature(key_object->key.bcrypt_key, padding, hash, hash_size, signature,
+                                              signature_size, flags));
 }

dlls/ncrypt/tests/ncrypt.c

@@ -428,7 +428,6 @@ static void test_verify_signature(void)
                                 sizeof(signature_pkcs1_sha256), NCRYPT_PAD_PKCS1_FLAG);
     ok(ret == ERROR_SUCCESS, "got %#lx\n", ret);
 
-    todo_wine {
     ret = NCryptVerifySignature(key, &padinfo, sha256_hash, sizeof(sha256_hash), invalid_signature,
                                 sizeof(invalid_signature), NCRYPT_PAD_PKCS1_FLAG);
     ok(ret == NTE_BAD_SIGNATURE, "got %#lx\n", ret);
@@ -447,7 +446,7 @@ static void test_verify_signature(void)
 
     ret = NCryptVerifySignature(key, &padinfo, sha256_hash, 4, signature_pkcs1_sha256,
                                 sizeof(signature_pkcs1_sha256), NCRYPT_PAD_PKCS1_FLAG);
-    ok(ret == NTE_INVALID_PARAMETER, "got %#lx\n", ret);
+    todo_wine ok(ret == NTE_INVALID_PARAMETER, "got %#lx\n", ret);
 
     ret = NCryptVerifySignature(key, &padinfo, sha256_hash, sizeof(sha256_hash), NULL,
                                 sizeof(signature_pkcs1_sha256), NCRYPT_PAD_PKCS1_FLAG);
@@ -455,13 +454,12 @@ static void test_verify_signature(void)
 
     ret = NCryptVerifySignature(key, &padinfo, sha256_hash, sizeof(sha256_hash), signature_pkcs1_sha256, 4,
                                 NCRYPT_PAD_PKCS1_FLAG);
-    ok(ret == NTE_INVALID_PARAMETER, "got %#lx\n", ret);
+    todo_wine ok(ret == NTE_INVALID_PARAMETER, "got %#lx\n", ret);
 
     invalid_padinfo.pszAlgId = BCRYPT_MD5_ALGORITHM;
     ret = NCryptVerifySignature(key, &invalid_padinfo, sha256_hash, sizeof(sha256_hash), signature_pkcs1_sha256,
                                 sizeof(signature_pkcs1_sha256), NCRYPT_PAD_PKCS1_FLAG);
-    ok(ret == NTE_INVALID_PARAMETER, "got %#lx\n", ret);
-    }
+    todo_wine ok(ret == NTE_INVALID_PARAMETER, "got %#lx\n", ret);
 
     NCryptFreeObject(key);
     NCryptFreeObject(prov);