crypt32(1/2): Test and correct verifying the signature of a valid signed message

Juan Lang juan.lang at gmail.com
Wed Aug 22 11:43:59 CDT 2007


These are no different than the ones sent yesterday, but since they
depend on the advapi32 patch I'm resending them.
--Juan
-------------- next part --------------
From 0f8eb9565ae3f33d46c71b233fcafd10a2ba7bbd Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang at gmail.com>
Date: Wed, 22 Aug 2007 09:40:11 -0700
Subject: [PATCH] Test and correct verifying the signature of a valid signed message
---
 dlls/crypt32/msg.c       |   14 ++++++++++----
 dlls/crypt32/tests/msg.c |   25 ++++++++++++++++++++++++-
 2 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/dlls/crypt32/msg.c b/dlls/crypt32/msg.c
index 3ce2bca..dea6a11 100644
--- a/dlls/crypt32/msg.c
+++ b/dlls/crypt32/msg.c
@@ -2114,15 +2114,21 @@ static BOOL CDecodeSignedMsg_VerifySigna
         if (ret)
         {
             HCRYPTHASH hash;
+            CRYPT_HASH_BLOB reversedHash;
 
             if (msg->u.signed_data.info->rgSignerInfo[i].AuthAttrs.cAttr)
                 hash = msg->u.signed_data.signerHandles[i].authAttrHash;
             else
                 hash = msg->u.signed_data.signerHandles[i].contentHash;
-            ret = CryptVerifySignatureW(hash,
-             msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash.pbData,
-             msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash.cbData,
-             key, NULL, 0);
+            ret = CRYPT_ConstructBlob(&reversedHash,
+             &msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash);
+            if (ret)
+            {
+                CRYPT_ReverseBytes(&reversedHash);
+                ret = CryptVerifySignatureW(hash, reversedHash.pbData,
+                 reversedHash.cbData, key, NULL, 0);
+                CryptMemFree(reversedHash.pbData);
+            }
             CryptDestroyKey(key);
         }
     }
diff --git a/dlls/crypt32/tests/msg.c b/dlls/crypt32/tests/msg.c
index 33b29c3..008e60a 100644
--- a/dlls/crypt32/tests/msg.c
+++ b/dlls/crypt32/tests/msg.c
@@ -1110,6 +1110,12 @@ static const BYTE privKey[] = {
  0x69, 0x1c, 0x7a, 0xff, 0x81, 0x9d, 0x53, 0x52, 0x97, 0x9a, 0x76, 0x79, 0xda,
  0x93, 0x32, 0x16, 0xec, 0x69, 0x51, 0x1a, 0x4e, 0xc3, 0xf1, 0x72, 0x80, 0x78,
  0x5e, 0x66, 0x4a, 0x8d, 0x85, 0x2f, 0x3f, 0xb2, 0xa7 };
+static BYTE pubKey[] = {
+0x30,0x48,0x02,0x41,0x00,0xe2,0x54,0x3a,0xa7,0x83,0xb1,0x27,0x14,0x3e,0x59,
+0xbb,0xb4,0x53,0xe6,0x1f,0xe7,0x5d,0xf1,0x21,0x68,0xad,0x85,0x53,0xdb,0x6b,
+0x1e,0xeb,0x65,0x97,0x03,0x86,0x60,0xde,0xf3,0x6c,0x38,0x75,0xe0,0x4c,0x61,
+0xbb,0xbc,0x62,0x17,0xa9,0xcd,0x79,0x3f,0x21,0x4e,0x96,0xcb,0x0e,0xdc,0x61,
+0x94,0x30,0x18,0x10,0x6b,0xd0,0x1c,0x10,0x79,0x02,0x03,0x01,0x00,0x01 };
 
 static void test_signed_msg_update(void)
 {
@@ -2424,7 +2430,24 @@ static void test_msg_control(void)
     ok(!ret && GetLastError() == NTE_BAD_SIGNATURE,
      "Expected NTE_BAD_SIGNATURE, got %08x\n", GetLastError());
     CryptMsgClose(msg);
-    /* FIXME: need to test with a message with a valid signature and signer */
+    /* A message with no data doesn't have a valid signature */
+    msg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING, 0, 0, 0, NULL, NULL);
+    CryptMsgUpdate(msg, signedWithCertWithValidPubKeyEmptyContent,
+     sizeof(signedWithCertWithValidPubKeyEmptyContent), TRUE);
+    certInfo.SubjectPublicKeyInfo.Algorithm.pszObjId = oid_rsa_rsa;
+    certInfo.SubjectPublicKeyInfo.PublicKey.cbData = sizeof(pubKey);
+    certInfo.SubjectPublicKeyInfo.PublicKey.pbData = pubKey;
+    SetLastError(0xdeadbeef);
+    ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
+    ok(!ret && GetLastError() == NTE_BAD_SIGNATURE,
+     "Expected NTE_BAD_SIGNATURE, got %08x\n", GetLastError());
+    CryptMsgClose(msg);
+    /* Finally, this succeeds */
+    msg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING, 0, 0, 0, NULL, NULL);
+    CryptMsgUpdate(msg, signedWithCertWithValidPubKeyContent,
+     sizeof(signedWithCertWithValidPubKeyContent), TRUE);
+    ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
+    ok(ret, "CryptMsgControl failed: %08x\n", GetLastError());
 }
 
 static void test_msg_get_signer_count(void)
-- 
1.4.1


More information about the wine-patches mailing list