crypt32: Implement CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT in CryptVerifyCertificateSignatureEx.
This commit is contained in:
parent
31f29ffcc8
commit
9adcf560ae
|
@ -193,6 +193,41 @@ BOOL WINAPI CryptVerifyCertificateSignature(HCRYPTPROV hCryptProv,
|
||||||
CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL);
|
CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY, pPublicKey, 0, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static BOOL CRYPT_VerifyCertSignatureFromPublicKeyInfo(HCRYPTPROV hCryptProv,
|
||||||
|
DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pubKeyInfo,
|
||||||
|
PCERT_SIGNED_CONTENT_INFO signedCert)
|
||||||
|
{
|
||||||
|
BOOL ret;
|
||||||
|
ALG_ID algID = CertOIDToAlgId(pubKeyInfo->Algorithm.pszObjId);
|
||||||
|
HCRYPTKEY key;
|
||||||
|
|
||||||
|
/* Load the default provider if necessary */
|
||||||
|
if (!hCryptProv)
|
||||||
|
hCryptProv = CRYPT_GetDefaultProvider();
|
||||||
|
ret = CryptImportPublicKeyInfoEx(hCryptProv, dwCertEncodingType,
|
||||||
|
pubKeyInfo, algID, 0, NULL, &key);
|
||||||
|
if (ret)
|
||||||
|
{
|
||||||
|
HCRYPTHASH hash;
|
||||||
|
|
||||||
|
/* Some key algorithms aren't hash algorithms, so map them */
|
||||||
|
if (algID == CALG_RSA_SIGN || algID == CALG_RSA_KEYX)
|
||||||
|
algID = CALG_SHA1;
|
||||||
|
ret = CryptCreateHash(hCryptProv, algID, 0, 0, &hash);
|
||||||
|
if (ret)
|
||||||
|
{
|
||||||
|
ret = CryptHashData(hash, signedCert->ToBeSigned.pbData,
|
||||||
|
signedCert->ToBeSigned.cbData, 0);
|
||||||
|
if (ret)
|
||||||
|
ret = CryptVerifySignatureW(hash, signedCert->Signature.pbData,
|
||||||
|
signedCert->Signature.cbData, key, NULL, 0);
|
||||||
|
CryptDestroyHash(hash);
|
||||||
|
}
|
||||||
|
CryptDestroyKey(key);
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV hCryptProv,
|
BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV hCryptProv,
|
||||||
DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
|
DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
|
||||||
DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
|
DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
|
||||||
|
@ -249,48 +284,18 @@ BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV hCryptProv,
|
||||||
switch (dwIssuerType)
|
switch (dwIssuerType)
|
||||||
{
|
{
|
||||||
case CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY:
|
case CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY:
|
||||||
{
|
ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
|
||||||
PCERT_PUBLIC_KEY_INFO pubKeyInfo =
|
dwCertEncodingType, (PCERT_PUBLIC_KEY_INFO)pvIssuer,
|
||||||
(PCERT_PUBLIC_KEY_INFO)pvIssuer;
|
signedCert);
|
||||||
ALG_ID algID = CertOIDToAlgId(pubKeyInfo->Algorithm.pszObjId);
|
|
||||||
|
|
||||||
if (algID)
|
|
||||||
{
|
|
||||||
HCRYPTKEY key;
|
|
||||||
|
|
||||||
ret = CryptImportPublicKeyInfoEx(hCryptProv,
|
|
||||||
dwCertEncodingType, pubKeyInfo, algID, 0, NULL, &key);
|
|
||||||
if (ret)
|
|
||||||
{
|
|
||||||
HCRYPTHASH hash;
|
|
||||||
|
|
||||||
ret = CryptCreateHash(hCryptProv, algID, 0, 0, &hash);
|
|
||||||
if (ret)
|
|
||||||
{
|
|
||||||
ret = CryptHashData(hash,
|
|
||||||
signedCert->ToBeSigned.pbData,
|
|
||||||
signedCert->ToBeSigned.cbData, 0);
|
|
||||||
if (ret)
|
|
||||||
{
|
|
||||||
ret = CryptVerifySignatureW(hash,
|
|
||||||
signedCert->Signature.pbData,
|
|
||||||
signedCert->Signature.cbData, key, NULL, 0);
|
|
||||||
}
|
|
||||||
CryptDestroyHash(hash);
|
|
||||||
}
|
|
||||||
CryptDestroyKey(key);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SetLastError(NTE_BAD_ALGID);
|
|
||||||
ret = FALSE;
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
}
|
|
||||||
case CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT:
|
case CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT:
|
||||||
|
ret = CRYPT_VerifyCertSignatureFromPublicKeyInfo(hCryptProv,
|
||||||
|
dwCertEncodingType,
|
||||||
|
&((PCCERT_CONTEXT)pvIssuer)->pCertInfo->SubjectPublicKeyInfo,
|
||||||
|
signedCert);
|
||||||
|
break;
|
||||||
case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN:
|
case CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN:
|
||||||
FIXME("issuer type %ld: stub\n", dwIssuerType);
|
FIXME("CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN: stub\n");
|
||||||
ret = FALSE;
|
ret = FALSE;
|
||||||
break;
|
break;
|
||||||
case CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL:
|
case CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL:
|
||||||
|
|
Loading…
Reference in New Issue