crypt32: Test and correct verifying the signature of a valid signed message.

dlls/crypt32/msg.c

@@ -2114,15 +2114,21 @@ static BOOL CDecodeSignedMsg_VerifySignature(CDecodeMsg *msg, PCERT_INFO info)
         if (ret)
         {
             HCRYPTHASH hash;
+            CRYPT_HASH_BLOB reversedHash;
 
             if (msg->u.signed_data.info->rgSignerInfo[i].AuthAttrs.cAttr)
                 hash = msg->u.signed_data.signerHandles[i].authAttrHash;
             else
                 hash = msg->u.signed_data.signerHandles[i].contentHash;
-            ret = CryptVerifySignatureW(hash,
-             msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash.pbData,
-             msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash.cbData,
-             key, NULL, 0);
+            ret = CRYPT_ConstructBlob(&reversedHash,
+             &msg->u.signed_data.info->rgSignerInfo[i].EncryptedHash);
+            if (ret)
+            {
+                CRYPT_ReverseBytes(&reversedHash);
+                ret = CryptVerifySignatureW(hash, reversedHash.pbData,
+                 reversedHash.cbData, key, NULL, 0);
+                CryptMemFree(reversedHash.pbData);
+            }
             CryptDestroyKey(key);
         }
     }

dlls/crypt32/tests/msg.c

@@ -1110,6 +1110,12 @@ static const BYTE privKey[] = {
  0x69, 0x1c, 0x7a, 0xff, 0x81, 0x9d, 0x53, 0x52, 0x97, 0x9a, 0x76, 0x79, 0xda,
  0x93, 0x32, 0x16, 0xec, 0x69, 0x51, 0x1a, 0x4e, 0xc3, 0xf1, 0x72, 0x80, 0x78,
  0x5e, 0x66, 0x4a, 0x8d, 0x85, 0x2f, 0x3f, 0xb2, 0xa7 };
+static BYTE pubKey[] = {
+0x30,0x48,0x02,0x41,0x00,0xe2,0x54,0x3a,0xa7,0x83,0xb1,0x27,0x14,0x3e,0x59,
+0xbb,0xb4,0x53,0xe6,0x1f,0xe7,0x5d,0xf1,0x21,0x68,0xad,0x85,0x53,0xdb,0x6b,
+0x1e,0xeb,0x65,0x97,0x03,0x86,0x60,0xde,0xf3,0x6c,0x38,0x75,0xe0,0x4c,0x61,
+0xbb,0xbc,0x62,0x17,0xa9,0xcd,0x79,0x3f,0x21,0x4e,0x96,0xcb,0x0e,0xdc,0x61,
+0x94,0x30,0x18,0x10,0x6b,0xd0,0x1c,0x10,0x79,0x02,0x03,0x01,0x00,0x01 };
 
 static void test_signed_msg_update(void)
 {
@@ -2424,7 +2430,24 @@ static void test_msg_control(void)
     ok(!ret && GetLastError() == NTE_BAD_SIGNATURE,
      "Expected NTE_BAD_SIGNATURE, got %08x\n", GetLastError());
     CryptMsgClose(msg);
-    /* FIXME: need to test with a message with a valid signature and signer */
+    /* A message with no data doesn't have a valid signature */
+    msg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING, 0, 0, 0, NULL, NULL);
+    CryptMsgUpdate(msg, signedWithCertWithValidPubKeyEmptyContent,
+     sizeof(signedWithCertWithValidPubKeyEmptyContent), TRUE);
+    certInfo.SubjectPublicKeyInfo.Algorithm.pszObjId = oid_rsa_rsa;
+    certInfo.SubjectPublicKeyInfo.PublicKey.cbData = sizeof(pubKey);
+    certInfo.SubjectPublicKeyInfo.PublicKey.pbData = pubKey;
+    SetLastError(0xdeadbeef);
+    ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
+    ok(!ret && GetLastError() == NTE_BAD_SIGNATURE,
+     "Expected NTE_BAD_SIGNATURE, got %08x\n", GetLastError());
+    CryptMsgClose(msg);
+    /* Finally, this succeeds */
+    msg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING, 0, 0, 0, NULL, NULL);
+    CryptMsgUpdate(msg, signedWithCertWithValidPubKeyContent,
+     sizeof(signedWithCertWithValidPubKeyContent), TRUE);
+    ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_SIGNATURE, &certInfo);
+    ok(ret, "CryptMsgControl failed: %08x\n", GetLastError());
 }
 
 static void test_msg_get_signer_count(void)