[PATCH] crypt32: Add support for decoding signed OCSP responses.

Hans Leidekker hans at codeweavers.com
Tue Mar 15 08:14:42 CDT 2022 

Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
 dlls/crypt32/decode.c       |  55 ++++++++++++++++-
 dlls/crypt32/tests/encode.c | 117 ++++++++++++++++++++++++++++++++++++
 2 files changed, 171 insertions(+), 1 deletion(-)

diff --git a/dlls/crypt32/decode.c b/dlls/crypt32/decode.c
index dde049b3c40..be36d3ef7b8 100644
--- a/dlls/crypt32/decode.c
+++ b/dlls/crypt32/decode.c
@@ -804,7 +804,7 @@ static BOOL CRYPT_AsnDecodeDerBlob(const BYTE *pbEncoded, DWORD cbEncoded,
     {
         BYTE lenBytes = GET_LEN_BYTES(pbEncoded[1]);
         DWORD bytesNeeded = sizeof(CRYPT_DER_BLOB);
-       
+
         if (!(dwFlags & CRYPT_DECODE_NOCOPY_FLAG))
             bytesNeeded += 1 + lenBytes + dataLen;
 
@@ -6237,6 +6237,56 @@ static BOOL WINAPI CRYPT_AsnDecodeOCSPResponse(DWORD dwCertEncodingType,
     return ret;
 }
 
+static BOOL CRYPT_AsnDecodeOCSPSignatureInfoCertEncoded(const BYTE *pbEncoded,
+ DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo,
+ DWORD *pcbDecoded)
+{
+    BOOL ret;
+    struct AsnArrayDescriptor arrayDesc = { 0,
+     offsetof(OCSP_SIGNATURE_INFO, cCertEncoded), offsetof(OCSP_SIGNATURE_INFO, rgCertEncoded),
+     FINALMEMBERSIZE(OCSP_SIGNATURE_INFO, cCertEncoded), verify_and_copy_certificate,
+     sizeof(CRYPT_DER_BLOB), TRUE, offsetof(CRYPT_DER_BLOB, pbData) };
+
+    ret = CRYPT_AsnDecodeArray(&arrayDesc, pbEncoded, cbEncoded,
+     dwFlags, NULL, pvStructInfo, pcbStructInfo, pcbDecoded);
+    return ret;
+}
+
+static BOOL WINAPI CRYPT_AsnDecodeOCSPBasicSignedResponse(DWORD dwCertEncodingType,
+ LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags,
+ CRYPT_DECODE_PARA *pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
+{
+    BOOL ret;
+    struct AsnDecodeSequenceItem items[] = {
+     { 0, offsetof(OCSP_BASIC_SIGNED_RESPONSE_INFO, ToBeSigned),
+       CRYPT_AsnDecodeDerBlob, sizeof(CRYPT_DER_BLOB), FALSE, TRUE,
+       offsetof(OCSP_BASIC_SIGNED_RESPONSE_INFO, ToBeSigned.pbData), 0 },
+     { ASN_SEQUENCEOF, offsetof(OCSP_BASIC_SIGNED_RESPONSE_INFO, SignatureInfo.SignatureAlgorithm),
+       CRYPT_AsnDecodeAlgorithmId, sizeof(CRYPT_ALGORITHM_IDENTIFIER), FALSE, TRUE,
+       offsetof(OCSP_BASIC_SIGNED_RESPONSE_INFO, SignatureInfo.SignatureAlgorithm.pszObjId), 0 },
+     { ASN_BITSTRING, offsetof(OCSP_BASIC_SIGNED_RESPONSE_INFO, SignatureInfo.Signature),
+       CRYPT_AsnDecodeBitsInternal, sizeof(CRYPT_BIT_BLOB), FALSE, TRUE,
+       offsetof(OCSP_BASIC_SIGNED_RESPONSE_INFO, SignatureInfo.Signature.pbData) },
+     { 0, offsetof(OCSP_BASIC_SIGNED_RESPONSE_INFO, SignatureInfo.cCertEncoded),
+       CRYPT_AsnDecodeOCSPSignatureInfoCertEncoded, FINALMEMBERSIZE(OCSP_SIGNATURE_INFO, cCertEncoded),
+       TRUE, TRUE, offsetof(OCSP_BASIC_SIGNED_RESPONSE_INFO, SignatureInfo.rgCertEncoded) },
+     };
+
+    __TRY
+    {
+        ret = CRYPT_AsnDecodeSequence(items, ARRAY_SIZE(items),
+         pbEncoded, cbEncoded, dwFlags, pDecodePara, pvStructInfo,
+         pcbStructInfo, NULL, NULL);
+    }
+    __EXCEPT_PAGE_FAULT
+    {
+        SetLastError(STATUS_ACCESS_VIOLATION);
+        ret = FALSE;
+    }
+    __ENDTRY
+    return ret;
+}
+
 static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType,
  LPCSTR lpszStructType)
 {
@@ -6388,6 +6438,9 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType,
         case LOWORD(OCSP_RESPONSE):
             decodeFunc = CRYPT_AsnDecodeOCSPResponse;
             break;
+        case LOWORD(OCSP_BASIC_SIGNED_RESPONSE):
+            decodeFunc = CRYPT_AsnDecodeOCSPBasicSignedResponse;
+            break;
         default:
             FIXME("Unimplemented decoder for lpszStructType OID %d\n", LOWORD(lpszStructType));
         }
diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c
index 11840d817fe..c4417a27e2c 100644
--- a/dlls/crypt32/tests/encode.c
+++ b/dlls/crypt32/tests/encode.c
@@ -8832,6 +8832,122 @@ static void test_decodeOCSPResponseInfo(DWORD dwEncoding)
     LocalFree(info);
 }
 
+static const BYTE ocsp_basic_signed_response[] = {
+  0x30, 0x82, 0x01, 0xb5, 0x30, 0x81, 0x9e, 0xa2, 0x16, 0x04, 0x14, 0xb7,
+  0x6b, 0xa2, 0xea, 0xa8, 0xaa, 0x84, 0x8c, 0x79, 0xea, 0xb4, 0xda, 0x0f,
+  0x98, 0xb2, 0xc5, 0x95, 0x76, 0xb9, 0xf4, 0x18, 0x0f, 0x32, 0x30, 0x32,
+  0x32, 0x30, 0x33, 0x31, 0x30, 0x31, 0x38, 0x33, 0x36, 0x34, 0x38, 0x5a,
+  0x30, 0x73, 0x30, 0x71, 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
+  0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0xe4, 0xe3, 0x95, 0xa2, 0x29,
+  0xd3, 0xd4, 0xc1, 0xc3, 0x1f, 0xf0, 0x98, 0x0c, 0x0b, 0x4e, 0xc0, 0x09,
+  0x8a, 0xab, 0xd8, 0x04, 0x14, 0xb7, 0x6b, 0xa2, 0xea, 0xa8, 0xaa, 0x84,
+  0x8c, 0x79, 0xea, 0xb4, 0xda, 0x0f, 0x98, 0xb2, 0xc5, 0x95, 0x76, 0xb9,
+  0xf4, 0x02, 0x10, 0x08, 0x49, 0x8f, 0x6d, 0xd9, 0xef, 0xfb, 0x40, 0x55,
+  0x1e, 0xac, 0x54, 0x54, 0x87, 0xc1, 0xb1, 0x80, 0x00, 0x18, 0x0f, 0x32,
+  0x30, 0x32, 0x32, 0x30, 0x33, 0x31, 0x30, 0x31, 0x38, 0x32, 0x31, 0x30,
+  0x31, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x32, 0x30, 0x33,
+  0x31, 0x37, 0x31, 0x37, 0x33, 0x36, 0x30, 0x31, 0x5a, 0x30, 0x0d, 0x06,
+  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
+  0x03, 0x82, 0x01, 0x01, 0x00, 0x6a, 0x4c, 0xfa, 0xe6, 0xe3, 0x48, 0xbb,
+  0xd6, 0x18, 0x33, 0x04, 0x9d, 0x6a, 0x92, 0x4d, 0x01, 0x74, 0x4f, 0x1a,
+  0x70, 0xfa, 0xf2, 0x8b, 0xba, 0x0d, 0x2c, 0x06, 0x30, 0xc9, 0x55, 0xce,
+  0x95, 0x13, 0x4d, 0x4c, 0x65, 0x99, 0xe7, 0xd6, 0x78, 0x9c, 0x3c, 0x9a,
+  0x60, 0xeb, 0x43, 0x3c, 0x08, 0x1c, 0x02, 0x6d, 0x45, 0x2d, 0x5b, 0xdf,
+  0xab, 0xf2, 0x92, 0xf1, 0x71, 0x61, 0xb4, 0x34, 0xcf, 0x84, 0x1f, 0xc9,
+  0x3f, 0x45, 0x9e, 0x64, 0x89, 0x58, 0xdb, 0x2c, 0x73, 0xa8, 0x04, 0xae,
+  0xad, 0xf2, 0xc5, 0x80, 0x80, 0xcf, 0x96, 0x4b, 0xf1, 0xb4, 0xf1, 0x2a,
+  0x86, 0x1c, 0x7f, 0x1d, 0xcc, 0xbf, 0xd6, 0xa2, 0x3f, 0x44, 0xb8, 0x62,
+  0x5b, 0x9b, 0x55, 0xc1, 0x4e, 0x18, 0x67, 0x5a, 0xbe, 0x31, 0xf5, 0x16,
+  0x6d, 0x74, 0xc4, 0xf2, 0x60, 0x4f, 0xa1, 0x63, 0x49, 0xe9, 0xff, 0x37,
+  0x3d, 0x66, 0xcd, 0xc3, 0x79, 0x4e, 0x38, 0x68, 0x1b, 0xbf, 0x0b, 0x3b,
+  0xdb, 0xa0, 0x13, 0x70, 0xb8, 0xd1, 0x59, 0xe2, 0x8e, 0x88, 0xfe, 0x77,
+  0x39, 0xa8, 0x3f, 0x93, 0xe1, 0xc6, 0x5e, 0x13, 0x9e, 0xea, 0xec, 0x49,
+  0x65, 0x0b, 0x6d, 0xbf, 0x76, 0xd5, 0x11, 0x59, 0x7b, 0xfe, 0xe6, 0xb2,
+  0x58, 0xa8, 0xbd, 0xd0, 0xe6, 0x13, 0x26, 0x72, 0x83, 0x78, 0x90, 0x85,
+  0x82, 0x86, 0x9f, 0x2e, 0x20, 0x64, 0x90, 0xc3, 0xd1, 0x37, 0x50, 0xac,
+  0xde, 0x52, 0x8e, 0x83, 0x9f, 0x02, 0x7b, 0xff, 0xf1, 0xd4, 0xe5, 0x8b,
+  0x77, 0x8d, 0xef, 0x61, 0xcb, 0x85, 0x4d, 0xa0, 0x2e, 0x05, 0x28, 0xc0,
+  0x86, 0x78, 0x59, 0xa9, 0x94, 0xb3, 0x90, 0x6b, 0xf7, 0xff, 0xd3, 0x08,
+  0x96, 0x7c, 0xbe, 0x22, 0xd8, 0xb6, 0x35, 0xce, 0x1e, 0xae, 0x70, 0x34,
+  0x05, 0x51, 0x49, 0xac, 0x2f, 0xe8, 0x67, 0xcf, 0xa7
+};
+
+static const BYTE ocsp_to_be_signed[] = {
+  0x30, 0x81, 0x9e, 0xa2, 0x16, 0x04, 0x14, 0xb7, 0x6b, 0xa2, 0xea, 0xa8,
+  0xaa, 0x84, 0x8c, 0x79, 0xea, 0xb4, 0xda, 0x0f, 0x98, 0xb2, 0xc5, 0x95,
+  0x76, 0xb9, 0xf4, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x32, 0x30, 0x33, 0x31,
+  0x30, 0x31, 0x38, 0x33, 0x36, 0x34, 0x38, 0x5a, 0x30, 0x73, 0x30, 0x71,
+  0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
+  0x00, 0x04, 0x14, 0xe4, 0xe3, 0x95, 0xa2, 0x29, 0xd3, 0xd4, 0xc1, 0xc3,
+  0x1f, 0xf0, 0x98, 0x0c, 0x0b, 0x4e, 0xc0, 0x09, 0x8a, 0xab, 0xd8, 0x04,
+  0x14, 0xb7, 0x6b, 0xa2, 0xea, 0xa8, 0xaa, 0x84, 0x8c, 0x79, 0xea, 0xb4,
+  0xda, 0x0f, 0x98, 0xb2, 0xc5, 0x95, 0x76, 0xb9, 0xf4, 0x02, 0x10, 0x08,
+  0x49, 0x8f, 0x6d, 0xd9, 0xef, 0xfb, 0x40, 0x55, 0x1e, 0xac, 0x54, 0x54,
+  0x87, 0xc1, 0xb1, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x32, 0x30,
+  0x33, 0x31, 0x30, 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5a, 0xa0, 0x11,
+  0x18, 0x0f, 0x32, 0x30, 0x32, 0x32, 0x30, 0x33, 0x31, 0x37, 0x31, 0x37,
+  0x33, 0x36, 0x30, 0x31, 0x5a
+};
+
+static const BYTE ocsp_signature[] = {
+  0x6a, 0x4c, 0xfa, 0xe6, 0xe3, 0x48, 0xbb, 0xd6, 0x18, 0x33, 0x04, 0x9d,
+  0x6a, 0x92, 0x4d, 0x01, 0x74, 0x4f, 0x1a, 0x70, 0xfa, 0xf2, 0x8b, 0xba,
+  0x0d, 0x2c, 0x06, 0x30, 0xc9, 0x55, 0xce, 0x95, 0x13, 0x4d, 0x4c, 0x65,
+  0x99, 0xe7, 0xd6, 0x78, 0x9c, 0x3c, 0x9a, 0x60, 0xeb, 0x43, 0x3c, 0x08,
+  0x1c, 0x02, 0x6d, 0x45, 0x2d, 0x5b, 0xdf, 0xab, 0xf2, 0x92, 0xf1, 0x71,
+  0x61, 0xb4, 0x34, 0xcf, 0x84, 0x1f, 0xc9, 0x3f, 0x45, 0x9e, 0x64, 0x89,
+  0x58, 0xdb, 0x2c, 0x73, 0xa8, 0x04, 0xae, 0xad, 0xf2, 0xc5, 0x80, 0x80,
+  0xcf, 0x96, 0x4b, 0xf1, 0xb4, 0xf1, 0x2a, 0x86, 0x1c, 0x7f, 0x1d, 0xcc,
+  0xbf, 0xd6, 0xa2, 0x3f, 0x44, 0xb8, 0x62, 0x5b, 0x9b, 0x55, 0xc1, 0x4e,
+  0x18, 0x67, 0x5a, 0xbe, 0x31, 0xf5, 0x16, 0x6d, 0x74, 0xc4, 0xf2, 0x60,
+  0x4f, 0xa1, 0x63, 0x49, 0xe9, 0xff, 0x37, 0x3d, 0x66, 0xcd, 0xc3, 0x79,
+  0x4e, 0x38, 0x68, 0x1b, 0xbf, 0x0b, 0x3b, 0xdb, 0xa0, 0x13, 0x70, 0xb8,
+  0xd1, 0x59, 0xe2, 0x8e, 0x88, 0xfe, 0x77, 0x39, 0xa8, 0x3f, 0x93, 0xe1,
+  0xc6, 0x5e, 0x13, 0x9e, 0xea, 0xec, 0x49, 0x65, 0x0b, 0x6d, 0xbf, 0x76,
+  0xd5, 0x11, 0x59, 0x7b, 0xfe, 0xe6, 0xb2, 0x58, 0xa8, 0xbd, 0xd0, 0xe6,
+  0x13, 0x26, 0x72, 0x83, 0x78, 0x90, 0x85, 0x82, 0x86, 0x9f, 0x2e, 0x20,
+  0x64, 0x90, 0xc3, 0xd1, 0x37, 0x50, 0xac, 0xde, 0x52, 0x8e, 0x83, 0x9f,
+  0x02, 0x7b, 0xff, 0xf1, 0xd4, 0xe5, 0x8b, 0x77, 0x8d, 0xef, 0x61, 0xcb,
+  0x85, 0x4d, 0xa0, 0x2e, 0x05, 0x28, 0xc0, 0x86, 0x78, 0x59, 0xa9, 0x94,
+  0xb3, 0x90, 0x6b, 0xf7, 0xff, 0xd3, 0x08, 0x96, 0x7c, 0xbe, 0x22, 0xd8,
+  0xb6, 0x35, 0xce, 0x1e, 0xae, 0x70, 0x34, 0x05, 0x51, 0x49, 0xac, 0x2f,
+  0xe8, 0x67, 0xcf, 0xa7
+};
+
+static void test_decodeOCSPBasicSignedResponseInfo(DWORD dwEncoding)
+{
+    OCSP_BASIC_SIGNED_RESPONSE_INFO *info;
+    DWORD size;
+    BOOL ret;
+
+    size = 0;
+    ret = pCryptDecodeObjectEx(dwEncoding, OCSP_BASIC_SIGNED_RESPONSE, ocsp_basic_signed_response,
+                               sizeof(ocsp_basic_signed_response), CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size);
+    ok(ret, "got %08lx\n", GetLastError());
+    if (sizeof(void *) == 4) todo_wine ok(size == 496, "got %lu\n", size);
+    else ok(size == 536, "got %lu\n", size);
+    ok(info->ToBeSigned.cbData == sizeof(ocsp_to_be_signed), "got %lu\n", info->ToBeSigned.cbData);
+    ok(!memcmp(info->ToBeSigned.pbData, ocsp_to_be_signed, sizeof(ocsp_to_be_signed)), "wrong data\n");
+
+    ok(!strcmp(info->SignatureInfo.SignatureAlgorithm.pszObjId, szOID_RSA_SHA256RSA),
+       "got %s\n", info->SignatureInfo.SignatureAlgorithm.pszObjId);
+    ok(info->SignatureInfo.SignatureAlgorithm.Parameters.cbData == 2,
+       "got %lu\n", info->SignatureInfo.SignatureAlgorithm.Parameters.cbData);
+    ok(info->SignatureInfo.SignatureAlgorithm.Parameters.pbData[0] == 5, "got 0x%02x\n",
+       info->SignatureInfo.SignatureAlgorithm.Parameters.pbData[0]);
+    ok(!info->SignatureInfo.SignatureAlgorithm.Parameters.pbData[1], "got 0x%02x\n",
+       info->SignatureInfo.SignatureAlgorithm.Parameters.pbData[1]);
+
+    ok(info->SignatureInfo.Signature.cbData == sizeof(ocsp_signature), "got %lu\n",
+       info->SignatureInfo.Signature.cbData);
+    ok(!memcmp(info->SignatureInfo.Signature.pbData, ocsp_signature, sizeof(ocsp_signature)),
+       "wrong signature data\n");
+
+    ok(!info->SignatureInfo.cCertEncoded, "got %lu\n", info->SignatureInfo.cCertEncoded);
+    ok(!info->SignatureInfo.rgCertEncoded, "got %p\n", info->SignatureInfo.rgCertEncoded);
+    LocalFree(info);
+}
+
 START_TEST(encode)
 {
     static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING,
@@ -8927,6 +9043,7 @@ START_TEST(encode)
         test_decodeRsaPrivateKey(encodings[i]);
         test_encodeOCSPRequestInfo(encodings[i]);
         test_decodeOCSPResponseInfo(encodings[i]);
+        test_decodeOCSPBasicSignedResponseInfo(encodings[i]);
     }
     testPortPublicKeyInfo();
 }
-- 
2.30.2

More information about the wine-devel mailing list