2005-08-25 11:51:59 +02:00
|
|
|
/*
|
|
|
|
* crypt32 cert functions tests
|
|
|
|
*
|
2006-02-17 17:36:52 +01:00
|
|
|
* Copyright 2005-2006 Juan Lang
|
2005-08-25 11:51:59 +02:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
*/
|
|
|
|
|
2005-11-08 11:57:28 +01:00
|
|
|
#include <assert.h>
|
2005-08-25 11:51:59 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdarg.h>
|
|
|
|
#include <windef.h>
|
|
|
|
#include <winbase.h>
|
|
|
|
#include <winreg.h>
|
|
|
|
#include <winerror.h>
|
|
|
|
#include <wincrypt.h>
|
|
|
|
|
|
|
|
#include "wine/test.h"
|
|
|
|
|
2005-11-08 11:57:28 +01:00
|
|
|
static BOOL (WINAPI * pCryptVerifyCertificateSignatureEx)
|
|
|
|
(HCRYPTPROV, DWORD, DWORD, void *, DWORD, void *, DWORD, void *);
|
|
|
|
|
|
|
|
#define CRYPT_GET_PROC(func) \
|
|
|
|
p ## func = (void *)GetProcAddress(hCrypt32, #func); \
|
|
|
|
if(!p ## func) \
|
|
|
|
trace("GetProcAddress(hCrypt32, \"%s\") failed\n", #func); \
|
|
|
|
|
|
|
|
static void init_function_pointers(void)
|
|
|
|
{
|
|
|
|
HMODULE hCrypt32;
|
|
|
|
|
|
|
|
pCryptVerifyCertificateSignatureEx = NULL;
|
|
|
|
|
|
|
|
hCrypt32 = GetModuleHandleA("crypt32.dll");
|
|
|
|
assert(hCrypt32);
|
|
|
|
|
|
|
|
CRYPT_GET_PROC(CryptVerifyCertificateSignatureEx);
|
|
|
|
}
|
|
|
|
|
2005-08-25 11:51:59 +02:00
|
|
|
static void testCryptHashCert(void)
|
|
|
|
{
|
|
|
|
static const BYTE emptyHash[] = { 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b,
|
|
|
|
0x0d, 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07,
|
|
|
|
0x09 };
|
|
|
|
static const BYTE knownHash[] = { 0xae, 0x9d, 0xbf, 0x6d, 0xf5, 0x46, 0xee,
|
|
|
|
0x8b, 0xc5, 0x7a, 0x13, 0xba, 0xc2, 0xb1, 0x04, 0xf2, 0xbf, 0x52, 0xa8,
|
|
|
|
0xa2 };
|
|
|
|
static const BYTE toHash[] = "abcdefghijklmnopqrstuvwxyz0123456789.,;!?:";
|
|
|
|
BOOL ret;
|
|
|
|
BYTE hash[20];
|
|
|
|
DWORD hashLen = sizeof(hash);
|
|
|
|
|
|
|
|
/* NULL buffer and nonzero length crashes
|
|
|
|
ret = CryptHashCertificate(0, 0, 0, NULL, size, hash, &hashLen);
|
|
|
|
empty hash length also crashes
|
|
|
|
ret = CryptHashCertificate(0, 0, 0, buf, size, hash, NULL);
|
|
|
|
*/
|
|
|
|
/* Test empty hash */
|
|
|
|
ret = CryptHashCertificate(0, 0, 0, toHash, sizeof(toHash), NULL,
|
|
|
|
&hashLen);
|
|
|
|
ok(ret, "CryptHashCertificate failed: %08lx\n", GetLastError());
|
|
|
|
ok(hashLen == sizeof(hash),
|
|
|
|
"Got unexpected size of hash %ld, expected %d\n", hashLen, sizeof(hash));
|
|
|
|
/* Test with empty buffer */
|
|
|
|
ret = CryptHashCertificate(0, 0, 0, NULL, 0, hash, &hashLen);
|
|
|
|
ok(ret, "CryptHashCertificate failed: %08lx\n", GetLastError());
|
|
|
|
ok(!memcmp(hash, emptyHash, sizeof(emptyHash)),
|
|
|
|
"Unexpected hash of nothing\n");
|
|
|
|
/* Test a known value */
|
|
|
|
ret = CryptHashCertificate(0, 0, 0, toHash, sizeof(toHash), hash,
|
|
|
|
&hashLen);
|
|
|
|
ok(ret, "CryptHashCertificate failed: %08lx\n", GetLastError());
|
|
|
|
ok(!memcmp(hash, knownHash, sizeof(knownHash)), "Unexpected hash\n");
|
|
|
|
}
|
|
|
|
|
2005-10-31 11:04:06 +01:00
|
|
|
static const char cspName[] = "WineCryptTemp";
|
|
|
|
|
|
|
|
static void verifySig(HCRYPTPROV csp, const BYTE *toSign, size_t toSignLen,
|
|
|
|
const BYTE *sig, size_t sigLen)
|
|
|
|
{
|
|
|
|
HCRYPTHASH hash;
|
|
|
|
BOOL ret = CryptCreateHash(csp, CALG_SHA1, 0, 0, &hash);
|
|
|
|
|
|
|
|
ok(ret, "CryptCreateHash failed: %08lx\n", GetLastError());
|
|
|
|
if (ret)
|
|
|
|
{
|
|
|
|
BYTE mySig[64];
|
|
|
|
DWORD mySigSize = sizeof(mySig);
|
|
|
|
|
|
|
|
ret = CryptHashData(hash, toSign, toSignLen, 0);
|
|
|
|
ok(ret, "CryptHashData failed: %08lx\n", GetLastError());
|
|
|
|
/* use the A variant so the test can run on Win9x */
|
|
|
|
ret = CryptSignHashA(hash, AT_SIGNATURE, NULL, 0, mySig, &mySigSize);
|
|
|
|
ok(ret, "CryptSignHash failed: %08lx\n", GetLastError());
|
|
|
|
if (ret)
|
|
|
|
{
|
|
|
|
ok(mySigSize == sigLen, "Expected sig length %d, got %ld\n",
|
|
|
|
sigLen, mySigSize);
|
|
|
|
ok(!memcmp(mySig, sig, sigLen), "Unexpected signature\n");
|
|
|
|
}
|
|
|
|
CryptDestroyHash(hash);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Tests signing the certificate described by toBeSigned with the CSP passed in,
|
|
|
|
* using the algorithm with OID sigOID. The CSP is assumed to be empty, and a
|
|
|
|
* keyset named AT_SIGNATURE will be added to it. The signing key will be
|
|
|
|
* stored in *key, and the signature will be stored in sig. sigLen should be
|
|
|
|
* at least 64 bytes.
|
|
|
|
*/
|
|
|
|
static void testSignCert(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
|
|
|
|
LPCSTR sigOID, HCRYPTKEY *key, BYTE *sig, DWORD *sigLen)
|
|
|
|
{
|
|
|
|
BOOL ret;
|
|
|
|
DWORD size = 0;
|
|
|
|
CRYPT_ALGORITHM_IDENTIFIER algoID = { NULL, { 0, NULL } };
|
|
|
|
|
|
|
|
/* These all crash
|
|
|
|
ret = CryptSignCertificate(0, 0, 0, NULL, 0, NULL, NULL, NULL, NULL);
|
|
|
|
ret = CryptSignCertificate(0, 0, 0, NULL, 0, NULL, NULL, NULL, &size);
|
|
|
|
ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
|
|
|
|
NULL, NULL, NULL, &size);
|
|
|
|
*/
|
|
|
|
ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
|
|
|
|
&algoID, NULL, NULL, &size);
|
|
|
|
ok(!ret && GetLastError() == NTE_BAD_ALGID,
|
|
|
|
"Expected NTE_BAD_ALGID, got %08lx\n", GetLastError());
|
|
|
|
algoID.pszObjId = (LPSTR)sigOID;
|
|
|
|
ret = CryptSignCertificate(0, 0, 0, toBeSigned->pbData, toBeSigned->cbData,
|
|
|
|
&algoID, NULL, NULL, &size);
|
|
|
|
ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
|
|
|
|
"Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
|
|
|
|
ret = CryptSignCertificate(0, AT_SIGNATURE, 0, toBeSigned->pbData,
|
|
|
|
toBeSigned->cbData, &algoID, NULL, NULL, &size);
|
|
|
|
ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
|
|
|
|
"Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
|
|
|
|
|
|
|
|
/* No keys exist in the new CSP yet.. */
|
|
|
|
ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
|
|
|
|
toBeSigned->cbData, &algoID, NULL, NULL, &size);
|
|
|
|
ok(!ret && (GetLastError() == NTE_BAD_KEYSET || GetLastError() ==
|
|
|
|
NTE_NO_KEY), "Expected NTE_BAD_KEYSET or NTE_NO_KEY, got %08lx\n",
|
|
|
|
GetLastError());
|
|
|
|
ret = CryptGenKey(csp, AT_SIGNATURE, 0, key);
|
|
|
|
ok(ret, "CryptGenKey failed: %08lx\n", GetLastError());
|
|
|
|
if (ret)
|
|
|
|
{
|
|
|
|
ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
|
|
|
|
toBeSigned->cbData, &algoID, NULL, NULL, &size);
|
|
|
|
ok(ret, "CryptSignCertificate failed: %08lx\n", GetLastError());
|
|
|
|
ok(size <= *sigLen, "Expected size <= %ld, got %ld\n", *sigLen, size);
|
|
|
|
if (ret)
|
|
|
|
{
|
|
|
|
ret = CryptSignCertificate(csp, AT_SIGNATURE, 0, toBeSigned->pbData,
|
|
|
|
toBeSigned->cbData, &algoID, NULL, sig, &size);
|
|
|
|
ok(ret, "CryptSignCertificate failed: %08lx\n", GetLastError());
|
|
|
|
if (ret)
|
|
|
|
{
|
|
|
|
*sigLen = size;
|
|
|
|
verifySig(csp, toBeSigned->pbData, toBeSigned->cbData, sig,
|
|
|
|
size);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void testVerifyCertSig(HCRYPTPROV csp, const CRYPT_DATA_BLOB *toBeSigned,
|
|
|
|
LPCSTR sigOID, const BYTE *sig, DWORD sigLen)
|
|
|
|
{
|
|
|
|
CERT_SIGNED_CONTENT_INFO info;
|
|
|
|
LPBYTE cert = NULL;
|
|
|
|
DWORD size = 0;
|
|
|
|
BOOL ret;
|
|
|
|
|
2005-11-14 12:22:34 +01:00
|
|
|
if(pCryptVerifyCertificateSignatureEx) {
|
|
|
|
ret = pCryptVerifyCertificateSignatureEx(0, 0, 0, NULL, 0, NULL, 0, NULL);
|
|
|
|
ok(!ret && GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER),
|
|
|
|
"Expected HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER), got %08lx\n",
|
|
|
|
GetLastError());
|
|
|
|
ret = pCryptVerifyCertificateSignatureEx(csp, 0, 0, NULL, 0, NULL, 0, NULL);
|
|
|
|
ok(!ret && GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER),
|
|
|
|
"Expected HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER), got %08lx\n",
|
|
|
|
GetLastError());
|
|
|
|
ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING, 0, NULL, 0,
|
|
|
|
NULL, 0, NULL);
|
|
|
|
ok(!ret && GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER),
|
|
|
|
"Expected HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER), got %08lx\n",
|
|
|
|
GetLastError());
|
|
|
|
/* This crashes
|
|
|
|
ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
|
|
|
|
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, NULL, 0, NULL, 0, NULL);
|
|
|
|
*/
|
|
|
|
}
|
2005-10-31 11:04:06 +01:00
|
|
|
info.ToBeSigned.cbData = toBeSigned->cbData;
|
|
|
|
info.ToBeSigned.pbData = toBeSigned->pbData;
|
|
|
|
info.SignatureAlgorithm.pszObjId = (LPSTR)sigOID;
|
|
|
|
info.SignatureAlgorithm.Parameters.cbData = 0;
|
|
|
|
info.Signature.cbData = sigLen;
|
|
|
|
info.Signature.pbData = (BYTE *)sig;
|
|
|
|
info.Signature.cUnusedBits = 0;
|
|
|
|
ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT, &info,
|
|
|
|
CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&cert, &size);
|
|
|
|
ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
|
|
|
|
if (cert)
|
|
|
|
{
|
|
|
|
CRYPT_DATA_BLOB certBlob = { 0, NULL };
|
|
|
|
PCERT_PUBLIC_KEY_INFO pubKeyInfo = NULL;
|
|
|
|
|
2005-11-14 12:22:34 +01:00
|
|
|
if(pCryptVerifyCertificateSignatureEx) {
|
|
|
|
ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
|
|
|
|
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
|
|
|
|
ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
|
|
|
|
"Expected CRYPT_E_ASN1_EOD, got %08lx\n", GetLastError());
|
|
|
|
certBlob.cbData = 1;
|
|
|
|
certBlob.pbData = (void *)0xdeadbeef;
|
|
|
|
ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
|
|
|
|
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
|
|
|
|
ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
|
|
|
|
"Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
|
|
|
|
certBlob.cbData = size;
|
|
|
|
certBlob.pbData = cert;
|
|
|
|
ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
|
|
|
|
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob, 0, NULL, 0, NULL);
|
|
|
|
ok(!ret && GetLastError() ==
|
|
|
|
HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER),
|
|
|
|
"Expected HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER), got %08lx\n",
|
|
|
|
GetLastError());
|
|
|
|
ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
|
|
|
|
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
|
|
|
|
CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL, NULL, 0, NULL);
|
|
|
|
ok(!ret && GetLastError() ==
|
|
|
|
HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER),
|
|
|
|
"Expected HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER), got %08lx\n",
|
|
|
|
GetLastError());
|
|
|
|
/* This crashes
|
|
|
|
ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
|
|
|
|
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
|
|
|
|
CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, NULL, 0, NULL);
|
|
|
|
*/
|
|
|
|
}
|
2005-10-31 11:04:06 +01:00
|
|
|
CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
|
|
|
|
(LPSTR)sigOID, 0, NULL, NULL, &size);
|
|
|
|
pubKeyInfo = HeapAlloc(GetProcessHeap(), 0, size);
|
|
|
|
if (pubKeyInfo)
|
|
|
|
{
|
|
|
|
ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
|
|
|
|
X509_ASN_ENCODING, (LPSTR)sigOID, 0, NULL, pubKeyInfo, &size);
|
|
|
|
ok(ret, "CryptExportKey failed: %08lx\n", GetLastError());
|
2005-11-14 12:22:34 +01:00
|
|
|
if (ret && pCryptVerifyCertificateSignatureEx)
|
2005-10-31 11:04:06 +01:00
|
|
|
{
|
2005-11-08 11:57:28 +01:00
|
|
|
ret = pCryptVerifyCertificateSignatureEx(csp, X509_ASN_ENCODING,
|
2005-10-31 11:04:06 +01:00
|
|
|
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB, &certBlob,
|
|
|
|
CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pubKeyInfo, 0, NULL);
|
|
|
|
ok(ret, "CryptVerifyCertificateSignatureEx failed: %08lx\n",
|
|
|
|
GetLastError());
|
|
|
|
}
|
|
|
|
HeapFree(GetProcessHeap(), 0, pubKeyInfo);
|
|
|
|
}
|
|
|
|
LocalFree(cert);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-02-17 17:36:52 +01:00
|
|
|
static const BYTE emptyCert[] = { 0x30, 0x00 };
|
|
|
|
|
2005-10-31 11:04:06 +01:00
|
|
|
static void testCertSigs(void)
|
|
|
|
{
|
|
|
|
HCRYPTPROV csp;
|
|
|
|
CRYPT_DATA_BLOB toBeSigned = { sizeof(emptyCert), (LPBYTE)emptyCert };
|
|
|
|
BOOL ret;
|
|
|
|
HCRYPTKEY key;
|
|
|
|
BYTE sig[64];
|
|
|
|
DWORD sigSize = sizeof(sig);
|
|
|
|
|
|
|
|
/* Just in case a previous run failed, delete this thing */
|
|
|
|
CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
|
|
|
|
CRYPT_DELETEKEYSET);
|
|
|
|
ret = CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
|
|
|
|
CRYPT_NEWKEYSET);
|
|
|
|
ok(ret, "CryptAcquireContext failed: %08lx\n", GetLastError());
|
|
|
|
|
|
|
|
testSignCert(csp, &toBeSigned, szOID_RSA_SHA1RSA, &key, sig, &sigSize);
|
|
|
|
testVerifyCertSig(csp, &toBeSigned, szOID_RSA_SHA1RSA, sig, sigSize);
|
|
|
|
|
|
|
|
CryptDestroyKey(key);
|
|
|
|
CryptReleaseContext(csp, 0);
|
|
|
|
ret = CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
|
|
|
|
CRYPT_DELETEKEYSET);
|
|
|
|
}
|
|
|
|
|
2005-08-25 11:51:59 +02:00
|
|
|
START_TEST(cert)
|
|
|
|
{
|
2005-11-08 11:57:28 +01:00
|
|
|
init_function_pointers();
|
2005-08-25 11:51:59 +02:00
|
|
|
testCryptHashCert();
|
2005-10-31 11:04:06 +01:00
|
|
|
testCertSigs();
|
2005-08-25 11:51:59 +02:00
|
|
|
}
|