crypt32(1/2): Test and correct verifying the signature of a valid
signed message
Juan Lang
juan.lang at gmail.com
Wed Aug 22 11:43:59 CDT 2007
These are no different than the ones sent yesterday, but since they
depend on the advapi32 patch I'm resending them.
--Juan
-------------- next part --------------
From 0f8eb9565ae3f33d46c71b233fcafd10a2ba7bbd Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang at gmail.com>
Date: Wed, 22 Aug 2007 09:40:11 -0700
Subject: [PATCH] Test and correct verifying the signature of a valid signed message
---
dlls/crypt32/msg.c | 14 ++++++++++----
dlls/crypt32/tests/msg.c | 25 ++++++++++++++++++++++++-
2 files changed, 34 insertions(+), 5 deletions(-)
diff --git a/dlls/crypt32/msg.c b/dlls/crypt32/msg.c
index 3ce2bca..dea6a11 100644
--- a/dlls/crypt32/msg.c
+++ b/dlls/crypt32/msg.c
@@ -2114,15 +2114,21 @@ static BOOL CDecodeSignedMsg_VerifySigna
if (ret)
{
HCRYPTHASH hash;
+ CRYPT_HASH_BLOB reversedHash;
if (msg->u.signed_data.info->rgSignerInfo[i].AuthAttrs.cAttr)
hash = msg->u.signed_data.signerHandles[i].authAttrHash;
else
hash = msg->u.signed_data.signerHandles[i].contentHash;
- ret = CryptVerifySignatureW(hash,
- msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash.pbData,
- msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash.cbData,
- key, NULL, 0);
+ ret = CRYPT_ConstructBlob(&reversedHash,
+ &msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash);
+ if (ret)
+ {
+ CRYPT_ReverseBytes(&reversedHash);
+ ret = CryptVerifySignatureW(hash, reversedHash.pbData,
+ reversedHash.cbData, key, NULL, 0);
+ CryptMemFree(reversedHash.pbData);
+ }
CryptDestroyKey(key);
}
}
diff --git a/dlls/crypt32/tests/msg.c b/dlls/crypt32/tests/msg.c
index 33b29c3..008e60a 100644
--- a/dlls/crypt32/tests/msg.c
+++ b/dlls/crypt32/tests/msg.c
@@ -1110,6 +1110,12 @@ static const BYTE privKey[] = {
0x69, 0x1c, 0x7a, 0xff, 0x81, 0x9d, 0x53, 0x52, 0x97, 0x9a, 0x76, 0x79, 0xda,
0x93, 0x32, 0x16, 0xec, 0x69, 0x51, 0x1a, 0x4e, 0xc3, 0xf1, 0x72, 0x80, 0x78,
0x5e, 0x66, 0x4a, 0x8d, 0x85, 0x2f, 0x3f, 0xb2, 0xa7 };
+static BYTE pubKey[] = {
+0x30,0x48,0x02,0x41,0x00,0xe2,0x54,0x3a,0xa7,0x83,0xb1,0x27,0x14,0x3e,0x59,
+0xbb,0xb4,0x53,0xe6,0x1f,0xe7,0x5d,0xf1,0x21,0x68,0xad,0x85,0x53,0xdb,0x6b,
+0x1e,0xeb,0x65,0x97,0x03,0x86,0x60,0xde,0xf3,0x6c,0x38,0x75,0xe0,0x4c,0x61,
+0xbb,0xbc,0x62,0x17,0xa9,0xcd,0x79,0x3f,0x21,0x4e,0x96,0xcb,0x0e,0xdc,0x61,
+0x94,0x30,0x18,0x10,0x6b,0xd0,0x1c,0x10,0x79,0x02,0x03,0x01,0x00,0x01 };
static void test_signed_msg_update(void)
{
@@ -2424,7 +2430,24 @@ static void test_msg_control(void)
ok(!ret && GetLastError() == NTE_BAD_SIGNATURE,
"Expected NTE_BAD_SIGNATURE, got %08x\n", GetLastError());
CryptMsgClose(msg);
- /* FIXME: need to test with a message with a valid signature and signer */
+ /* A message with no data doesn't have a valid signature */
+ msg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING, 0, 0, 0, NULL, NULL);
+ CryptMsgUpdate(msg, signedWithCertWithValidPubKeyEmptyContent,
+ sizeof(signedWithCertWithValidPubKeyEmptyContent), TRUE);
+ certInfo.SubjectPublicKeyInfo.Algorithm.pszObjId = oid_rsa_rsa;
+ certInfo.SubjectPublicKeyInfo.PublicKey.cbData = sizeof(pubKey);
+ certInfo.SubjectPublicKeyInfo.PublicKey.pbData = pubKey;
+ SetLastError(0xdeadbeef);
+ ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
+ ok(!ret && GetLastError() == NTE_BAD_SIGNATURE,
+ "Expected NTE_BAD_SIGNATURE, got %08x\n", GetLastError());
+ CryptMsgClose(msg);
+ /* Finally, this succeeds */
+ msg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING, 0, 0, 0, NULL, NULL);
+ CryptMsgUpdate(msg, signedWithCertWithValidPubKeyContent,
+ sizeof(signedWithCertWithValidPubKeyContent), TRUE);
+ ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
+ ok(ret, "CryptMsgControl failed: %08x\n", GetLastError());
}
static void test_msg_get_signer_count(void)
--
1.4.1
More information about the wine-patches
mailing list