crypt32: Implement verifying a decoded signed message's signature.

b7e42042 · Juan Lang · Alexandre Julliard · d3431271 · b7e42042 · b7e42042
Commit b7e42042 authored Aug 21, 2007 by Juan Lang Committed by Alexandre Julliard Aug 21, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 46 additions and 6 deletions

msg.c dlls/crypt32/msg.c +42 -1

msg.c dlls/crypt32/tests/msg.c +4 -5

No files found.
--- a/dlls/crypt32/msg.c
+++ b/dlls/crypt32/msg.c
@@ -2084,6 +2084,47 @@ static BOOL CDecodeHashMsg_VerifyHash(CDecodeMsg *msg)
    return ret;
 }

+static BOOL CDecodeSignedMsg_VerifySignature(CDecodeMsg *msg, PCERT_INFO info)
+{
+    BOOL ret = FALSE;
+    DWORD i;
+
+    for (i = 0; !ret && i < msg->u.signed_data.info->cSignerInfo; i++)
+    {
+        ret = CertCompareCertificateName(X509_ASN_ENCODING,
+         &msg->u.signed_data.info->rgSignerInfo[i].Issuer, &info->Issuer);
+        if (ret)
+            ret = CertCompareIntegerBlob(
+             &msg->u.signed_data.info->rgSignerInfo[i].SerialNumber,
+             &info->SerialNumber);
+    }
+    if (ret)
+    {
+        HCRYPTKEY key;
+
+        ret = CryptImportPublicKeyInfo(msg->crypt_prov, X509_ASN_ENCODING,
+         &info->SubjectPublicKeyInfo, &key);
+        if (ret)
+        {
+            HCRYPTHASH hash;
+
+            if (msg->u.signed_data.info->rgSignerInfo[i].AuthAttrs.cAttr)
+                hash = msg->u.signed_data.signerHandles[i].authAttrHash;
+            else
+                hash = msg->u.signed_data.signerHandles[i].contentHash;
+            ret = CryptVerifySignatureW(hash,
+             msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash.pbData,
+             msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash.cbData,
+             key, NULL, 0);
+            CryptDestroyKey(key);
+        }
+    }
+    else
+        SetLastError(CRYPT_E_SIGNER_NOT_FOUND);
+
+    return ret;
+}
+
 static BOOL CDecodeMsg_Control(HCRYPTMSG hCryptMsg, DWORD dwFlags,
 DWORD dwCtrlType, const void *pvCtrlPara)
 {
@@ -2096,7 +2137,7 @@ static BOOL CDecodeMsg_Control(HCRYPTMSG hCryptMsg, DWORD dwFlags,
        switch (msg->type)
        {
        case CMSG_SIGNED:
-            FIXME("CMSG_CTRL_VERIFY_SIGNATURE: stub\n");
+            ret = CDecodeSignedMsg_VerifySignature(msg, (PCERT_INFO)pvCtrlPara);
            break;
        default:
            SetLastError(CRYPT_E_INVALID_MSG_TYPE);

--- a/dlls/crypt32/tests/msg.c
+++ b/dlls/crypt32/tests/msg.c
@@ -2291,7 +2291,6 @@ static void test_msg_control(void)
     */
    SetLastError(0xdeadbeef);
    ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
-    todo_wine
    ok(!ret && GetLastError() == CRYPT_E_SIGNER_NOT_FOUND,
     "Expected CRYPT_E_SIGNER_NOT_FOUND, got %08x\n", GetLastError());
    /* The cert info is expected to have an issuer, serial number, and public
@@ -2303,7 +2302,6 @@ static void test_msg_control(void)
    certInfo.Issuer.pbData = encodedCommonName;
    SetLastError(0xdeadbeef);
    ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
-    todo_wine
    ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
     "Expected CRYPT_E_ASN1_EOD, got %08x\n", GetLastError());
    CryptMsgClose(msg);
@@ -2315,7 +2313,6 @@ static void test_msg_control(void)
    /* Again, cert info needs to have a public key set */
    SetLastError(0xdeadbeef);
    ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
-    todo_wine
    ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
     "Expected CRYPT_E_ASN1_EOD, got %08x\n", GetLastError());
    /* The public key is supposed to be in encoded form.. */
@@ -2324,7 +2321,6 @@ static void test_msg_control(void)
    certInfo.SubjectPublicKeyInfo.PublicKey.pbData = aKey;
    SetLastError(0xdeadbeef);
    ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
-    todo_wine
    ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
     "Expected CRYPT_E_ASN1_BADTAG, got %08x\n", GetLastError());
    /* but not as a X509_PUBLIC_KEY_INFO.. */
@@ -2333,7 +2329,6 @@ static void test_msg_control(void)
    certInfo.SubjectPublicKeyInfo.PublicKey.pbData = encodedPubKey;
    SetLastError(0xdeadbeef);
    ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
-    todo_wine
    ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
     "Expected CRYPT_E_ASN1_BADTAG, got %08x\n", GetLastError());
    /* This decodes successfully, but it doesn't match any key in the message */
@@ -2341,6 +2336,10 @@ static void test_msg_control(void)
    certInfo.SubjectPublicKeyInfo.PublicKey.pbData = mod_encoded;
    SetLastError(0xdeadbeef);
    ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
+    /* In Wine's rsaenh, this fails to decode because the key length is too
+     * small.  Not sure if that's a bug in rsaenh, so leaving todo_wine for
+     * now.
+     */
    todo_wine
    ok(!ret && GetLastError() == NTE_BAD_SIGNATURE,
     "Expected NTE_BAD_SIGNATURE, got %08x\n", GetLastError());