2 * Unit test suite for crypt32.dll's CryptEncodeObjectEx/CryptDecodeObjectEx
4 * Copyright 2005 Juan Lang
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 #include "wine/test.h"
35 static const BYTE bin1[] = {0x02,0x01,0x01,0};
36 static const BYTE bin2[] = {0x02,0x01,0x7f,0};
37 static const BYTE bin3[] = {0x02,0x02,0x00,0x80,0};
38 static const BYTE bin4[] = {0x02,0x02,0x01,0x00,0};
39 static const BYTE bin5[] = {0x02,0x01,0x80,0};
40 static const BYTE bin6[] = {0x02,0x02,0xff,0x7f,0};
41 static const BYTE bin7[] = {0x02,0x04,0xba,0xdd,0xf0,0x0d,0};
43 static const struct encodedInt ints[] = {
60 static const BYTE bin8[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
61 static const BYTE bin9[] = {0x02,0x0a,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0};
62 static const BYTE bin10[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
64 static const BYTE bin11[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0xff,0};
65 static const BYTE bin12[] = {0x02,0x09,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
66 static const BYTE bin13[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0};
68 static const struct encodedBigInt bigInts[] = {
69 { bin8, bin9, bin10 },
70 { bin11, bin12, bin13 },
73 static const BYTE bin14[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
74 static const BYTE bin15[] = {0x02,0x0a,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0};
75 static const BYTE bin16[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0xff,0};
76 static const BYTE bin17[] = {0x02,0x0c,0x00,0xff,0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
78 /* Decoded is the same as original, so don't bother storing a separate copy */
79 static const struct encodedBigInt bigUInts[] = {
80 { bin14, bin15, NULL },
81 { bin16, bin17, NULL },
84 static void test_encodeInt(DWORD dwEncoding)
89 CRYPT_INTEGER_BLOB blob;
92 /* CryptEncodeObjectEx with NULL bufSize crashes..
93 ret = CryptEncodeObjectEx(3, X509_INTEGER, &ints[0].val, 0, NULL, NULL,
96 /* check bogus encoding */
97 ret = CryptEncodeObjectEx(0, X509_INTEGER, &ints[0].val, 0, NULL, NULL,
99 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
100 "Expected ERROR_FILE_NOT_FOUND, got %ld\n", GetLastError());
101 /* check with NULL integer buffer. Windows XP incorrectly returns an
104 ret = CryptEncodeObjectEx(dwEncoding, X509_INTEGER, NULL, 0, NULL, NULL,
106 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
107 "Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
108 for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
110 /* encode as normal integer */
111 ret = CryptEncodeObjectEx(dwEncoding, X509_INTEGER, &ints[i].val, 0,
112 NULL, NULL, &bufSize);
113 ok(ret, "Expected success, got %ld\n", GetLastError());
114 ret = CryptEncodeObjectEx(dwEncoding, X509_INTEGER, &ints[i].val,
115 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
116 ok(ret, "CryptEncodeObjectEx failed: %ld\n", GetLastError());
119 ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
121 ok(buf[1] == ints[i].encoded[1], "Got length %d, expected %d\n",
122 buf[1], ints[i].encoded[1]);
123 ok(!memcmp(buf + 1, ints[i].encoded + 1, ints[i].encoded[1] + 1),
124 "Encoded value of 0x%08x didn't match expected\n", ints[i].val);
127 /* encode as multibyte integer */
128 blob.cbData = sizeof(ints[i].val);
129 blob.pbData = (BYTE *)&ints[i].val;
130 ret = CryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
131 0, NULL, NULL, &bufSize);
132 ok(ret, "Expected success, got %ld\n", GetLastError());
133 ret = CryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
134 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
135 ok(ret, "CryptEncodeObjectEx failed: %ld\n", GetLastError());
138 ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
140 ok(buf[1] == ints[i].encoded[1], "Got length %d, expected %d\n",
141 buf[1], ints[i].encoded[1]);
142 ok(!memcmp(buf + 1, ints[i].encoded + 1, ints[i].encoded[1] + 1),
143 "Encoded value of 0x%08x didn't match expected\n", ints[i].val);
147 /* encode a couple bigger ints, just to show it's little-endian and leading
148 * sign bytes are dropped
150 for (i = 0; i < sizeof(bigInts) / sizeof(bigInts[0]); i++)
152 blob.cbData = strlen((const char*)bigInts[i].val);
153 blob.pbData = (BYTE *)bigInts[i].val;
154 ret = CryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
155 0, NULL, NULL, &bufSize);
156 ok(ret, "Expected success, got %ld\n", GetLastError());
157 ret = CryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
158 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
159 ok(ret, "CryptEncodeObjectEx failed: %ld\n", GetLastError());
162 ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
164 ok(buf[1] == bigInts[i].encoded[1], "Got length %d, expected %d\n",
165 buf[1], bigInts[i].encoded[1]);
166 ok(!memcmp(buf + 1, bigInts[i].encoded + 1,
167 bigInts[i].encoded[1] + 1),
168 "Encoded value didn't match expected\n");
172 /* and, encode some uints */
173 for (i = 0; i < sizeof(bigUInts) / sizeof(bigUInts[0]); i++)
175 blob.cbData = strlen((const char*)bigUInts[i].val);
176 blob.pbData = (BYTE*)bigUInts[i].val;
177 ret = CryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT, &blob,
178 0, NULL, NULL, &bufSize);
179 ok(ret, "Expected success, got %ld\n", GetLastError());
180 ret = CryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT, &blob,
181 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
182 ok(ret, "CryptEncodeObjectEx failed: %ld\n", GetLastError());
185 ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
187 ok(buf[1] == bigUInts[i].encoded[1], "Got length %d, expected %d\n",
188 buf[1], bigUInts[i].encoded[1]);
189 ok(!memcmp(buf + 1, bigUInts[i].encoded + 1,
190 bigUInts[i].encoded[1] + 1),
191 "Encoded value didn't match expected\n");
197 static void test_decodeInt(DWORD dwEncoding)
199 static const BYTE bigInt[] = { 2, 5, 0xff, 0xfe, 0xff, 0xfe, 0xff };
200 static const BYTE testStr[] = { 0x16, 4, 't', 'e', 's', 't' };
201 static const BYTE longForm[] = { 2, 0x81, 0x01, 0x01 };
202 static const BYTE bigBogus[] = { 0x02, 0x84, 0x01, 0xff, 0xff, 0xf9 };
208 /* CryptDecodeObjectEx with NULL bufSize crashes..
209 ret = CryptDecodeObjectEx(3, X509_INTEGER, &ints[0].encoded,
210 ints[0].encoded[1] + 2, 0, NULL, NULL, NULL);
212 /* check bogus encoding */
213 ret = CryptDecodeObjectEx(3, X509_INTEGER, (BYTE *)&ints[0].encoded,
214 ints[0].encoded[1] + 2, 0, NULL, NULL, &bufSize);
215 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
216 "Expected ERROR_FILE_NOT_FOUND, got %ld\n", GetLastError());
217 /* check with NULL integer buffer */
218 ret = CryptDecodeObjectEx(dwEncoding, X509_INTEGER, NULL, 0, 0, NULL, NULL,
220 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
221 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", GetLastError());
222 /* check with a valid, but too large, integer */
223 ret = CryptDecodeObjectEx(dwEncoding, X509_INTEGER, bigInt, bigInt[1] + 2,
224 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
225 ok(!ret && GetLastError() == CRYPT_E_ASN1_LARGE,
226 "Expected CRYPT_E_ASN1_LARGE, got %ld\n", GetLastError());
227 /* check with a DER-encoded string */
228 ret = CryptDecodeObjectEx(dwEncoding, X509_INTEGER, testStr, testStr[1] + 2,
229 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
230 ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
231 "Expected CRYPT_E_ASN1_BADTAG, got %ld\n", GetLastError());
232 for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
234 /* When the output buffer is NULL, this always succeeds */
235 SetLastError(0xdeadbeef);
236 ret = CryptDecodeObjectEx(dwEncoding, X509_INTEGER,
237 (BYTE *)ints[i].encoded, ints[i].encoded[1] + 2, 0, NULL, NULL,
239 ok(ret && GetLastError() == NOERROR,
240 "Expected success and NOERROR, got %ld\n", GetLastError());
241 ret = CryptDecodeObjectEx(dwEncoding, X509_INTEGER,
242 (BYTE *)ints[i].encoded, ints[i].encoded[1] + 2,
243 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
244 ok(ret, "CryptDecodeObjectEx failed: %ld\n", GetLastError());
245 ok(bufSize == sizeof(int), "Expected size %d, got %ld\n", sizeof(int),
247 ok(buf != NULL, "Expected allocated buffer\n");
250 ok(!memcmp(buf, &ints[i].val, bufSize), "Expected %d, got %d\n",
251 ints[i].val, *(int *)buf);
255 for (i = 0; i < sizeof(bigInts) / sizeof(bigInts[0]); i++)
257 ret = CryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER,
258 (BYTE *)bigInts[i].encoded, bigInts[i].encoded[1] + 2, 0, NULL, NULL,
260 ok(ret && GetLastError() == NOERROR,
261 "Expected success and NOERROR, got %ld\n", GetLastError());
262 ret = CryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER,
263 (BYTE *)bigInts[i].encoded, bigInts[i].encoded[1] + 2,
264 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
265 ok(ret, "CryptDecodeObjectEx failed: %ld\n", GetLastError());
266 ok(bufSize >= sizeof(CRYPT_INTEGER_BLOB),
267 "Expected size at least %d, got %ld\n", sizeof(CRYPT_INTEGER_BLOB),
269 ok(buf != NULL, "Expected allocated buffer\n");
272 CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf;
274 ok(blob->cbData == strlen((const char*)bigInts[i].decoded),
275 "Expected len %d, got %ld\n", strlen((const char*)bigInts[i].decoded),
277 ok(!memcmp(blob->pbData, bigInts[i].decoded, blob->cbData),
278 "Unexpected value\n");
282 for (i = 0; i < sizeof(bigUInts) / sizeof(bigUInts[0]); i++)
284 ret = CryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT,
285 (BYTE *)bigUInts[i].encoded, bigUInts[i].encoded[1] + 2, 0, NULL, NULL,
287 ok(ret && GetLastError() == NOERROR,
288 "Expected success and NOERROR, got %ld\n", GetLastError());
289 ret = CryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT,
290 (BYTE *)bigUInts[i].encoded, bigUInts[i].encoded[1] + 2,
291 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
292 ok(ret, "CryptDecodeObjectEx failed: %ld\n", GetLastError());
293 ok(bufSize >= sizeof(CRYPT_INTEGER_BLOB),
294 "Expected size at least %d, got %ld\n", sizeof(CRYPT_INTEGER_BLOB),
296 ok(buf != NULL, "Expected allocated buffer\n");
299 CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf;
301 ok(blob->cbData == strlen((const char*)bigUInts[i].val),
302 "Expected len %d, got %ld\n", strlen((const char*)bigUInts[i].val),
304 ok(!memcmp(blob->pbData, bigUInts[i].val, blob->cbData),
305 "Unexpected value\n");
309 /* Decode the value 1 with long-form length */
310 ret = CryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, longForm,
311 sizeof(longForm), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
312 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
315 ok(*(int *)buf == 1, "Expected 1, got %d\n", *(int *)buf);
318 /* Try to decode some bogus large items */
319 /* The buffer size is smaller than the encoded length, so this should fail
320 * with CRYPT_E_ASN1_EOD if it's being decoded.
321 * Under XP it fails with CRYPT_E_ASN1_LARGE, which means there's a limit
322 * on the size decoded, but in ME it fails with CRYPT_E_ASN1_EOD or crashes.
323 * So this test unfortunately isn't useful.
324 ret = CryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, tooBig,
325 0x7fffffff, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
326 ok(!ret && GetLastError() == CRYPT_E_ASN1_LARGE,
327 "Expected CRYPT_E_ASN1_LARGE, got %08lx\n", GetLastError());
329 /* This will try to decode the buffer and overflow it, check that it's
332 ret = CryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, bigBogus,
333 0x01ffffff, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
334 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
335 "Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
338 static const BYTE bin18[] = {0x0a,0x01,0x01,0};
339 static const BYTE bin19[] = {0x0a,0x05,0x00,0xff,0xff,0xff,0x80,0};
341 /* These are always encoded unsigned, and aren't constrained to be any
344 static const struct encodedInt enums[] = {
349 /* X509_CRL_REASON_CODE is also an enumerated type, but it's #defined to
352 static const LPCSTR enumeratedTypes[] = { X509_ENUMERATED,
353 szOID_CRL_REASON_CODE };
355 static void test_encodeEnumerated(DWORD dwEncoding)
359 for (i = 0; i < sizeof(enumeratedTypes) / sizeof(enumeratedTypes[0]); i++)
361 for (j = 0; j < sizeof(enums) / sizeof(enums[0]); j++)
367 ret = CryptEncodeObjectEx(dwEncoding, enumeratedTypes[i],
368 &enums[j].val, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
370 ok(ret, "CryptEncodeObjectEx failed: %ld\n", GetLastError());
374 "Got unexpected type %d for enumerated (expected 0xa)\n",
376 ok(buf[1] == enums[j].encoded[1],
377 "Got length %d, expected %d\n", buf[1], enums[j].encoded[1]);
378 ok(!memcmp(buf + 1, enums[j].encoded + 1,
379 enums[j].encoded[1] + 1),
380 "Encoded value of 0x%08x didn't match expected\n",
388 static void test_decodeEnumerated(DWORD dwEncoding)
392 for (i = 0; i < sizeof(enumeratedTypes) / sizeof(enumeratedTypes[0]); i++)
394 for (j = 0; j < sizeof(enums) / sizeof(enums[0]); j++)
397 DWORD bufSize = sizeof(int);
400 ret = CryptDecodeObjectEx(dwEncoding, enumeratedTypes[i],
401 enums[j].encoded, enums[j].encoded[1] + 2, 0, NULL,
402 (BYTE *)&val, &bufSize);
403 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
404 ok(bufSize == sizeof(int),
405 "Got unexpected size %ld for enumerated (expected %d)\n",
406 bufSize, sizeof(int));
407 ok(val == enums[j].val, "Unexpected value %d, expected %d\n",
413 struct encodedFiletime
416 const BYTE *encodedTime;
419 static void testTimeEncoding(DWORD dwEncoding, LPCSTR structType,
420 const struct encodedFiletime *time)
427 ret = SystemTimeToFileTime(&time->sysTime, &ft);
428 ok(ret, "SystemTimeToFileTime failed: %ld\n", GetLastError());
429 ret = CryptEncodeObjectEx(dwEncoding, structType, &ft,
430 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
431 /* years other than 1950-2050 are not allowed for encodings other than
432 * X509_CHOICE_OF_TIME.
434 if (structType == X509_CHOICE_OF_TIME ||
435 (time->sysTime.wYear >= 1950 && time->sysTime.wYear <= 2050))
437 ok(ret, "CryptEncodeObjectEx failed: %ld (0x%08lx)\n", GetLastError(),
439 ok(buf != NULL, "Expected an allocated buffer\n");
442 ok(buf[0] == time->encodedTime[0],
443 "Expected type 0x%02x, got 0x%02x\n", time->encodedTime[0],
445 ok(buf[1] == time->encodedTime[1], "Expected %d bytes, got %ld\n",
446 time->encodedTime[1], bufSize);
447 ok(!memcmp(time->encodedTime + 2, buf + 2, time->encodedTime[1]),
448 "Got unexpected value for time encoding\n");
453 ok(!ret && GetLastError() == CRYPT_E_BAD_ENCODE,
454 "Expected CRYPT_E_BAD_ENCODE, got 0x%08lx\n", GetLastError());
457 static void testTimeDecoding(DWORD dwEncoding, LPCSTR structType,
458 const struct encodedFiletime *time)
460 FILETIME ft1 = { 0 }, ft2 = { 0 };
461 DWORD size = sizeof(ft2);
464 ret = SystemTimeToFileTime(&time->sysTime, &ft1);
465 ok(ret, "SystemTimeToFileTime failed: %ld\n", GetLastError());
466 ret = CryptDecodeObjectEx(dwEncoding, structType, time->encodedTime,
467 time->encodedTime[1] + 2, 0, NULL, &ft2, &size);
468 /* years other than 1950-2050 are not allowed for encodings other than
469 * X509_CHOICE_OF_TIME.
471 if (structType == X509_CHOICE_OF_TIME ||
472 (time->sysTime.wYear >= 1950 && time->sysTime.wYear <= 2050))
474 ok(ret, "CryptDecodeObjectEx failed: %ld (0x%08lx)\n", GetLastError(),
476 ok(!memcmp(&ft1, &ft2, sizeof(ft1)),
477 "Got unexpected value for time decoding\n");
480 ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
481 "Expected CRYPT_E_ASN1_BADTAG, got 0x%08lx\n", GetLastError());
484 static const BYTE bin20[] = {
485 0x17,0x0d,'0','5','0','6','0','6','1','6','1','0','0','0','Z',0};
486 static const BYTE bin21[] = {
487 0x18,0x0f,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','Z',0};
488 static const BYTE bin22[] = {
489 0x18,0x0f,'2','1','4','5','0','6','0','6','1','6','1','0','0','0','Z',0};
491 static const struct encodedFiletime times[] = {
492 { { 2005, 6, 1, 6, 16, 10, 0, 0 }, bin20 },
493 { { 1945, 6, 1, 6, 16, 10, 0, 0 }, bin21 },
494 { { 2145, 6, 1, 6, 16, 10, 0, 0 }, bin22 },
497 static void test_encodeFiletime(DWORD dwEncoding)
501 for (i = 0; i < sizeof(times) / sizeof(times[0]); i++)
503 testTimeEncoding(dwEncoding, X509_CHOICE_OF_TIME, ×[i]);
504 testTimeEncoding(dwEncoding, PKCS_UTC_TIME, ×[i]);
505 testTimeEncoding(dwEncoding, szOID_RSA_signingTime, ×[i]);
509 static const BYTE bin23[] = {
510 0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','.','0','0','0','Z',0};
511 static const BYTE bin24[] = {
512 0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','.','9','9','9','Z',0};
513 static const BYTE bin25[] = {
514 0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','+','0','1','0','0',0};
515 static const BYTE bin26[] = {
516 0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','-','0','1','0','0',0};
517 static const BYTE bin27[] = {
518 0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','-','0','1','1','5',0};
519 static const BYTE bin28[] = {
520 0x18,0x0a,'2','1','4','5','0','6','0','6','1','6',0};
521 static const BYTE bin29[] = {
522 0x17,0x0a,'4','5','0','6','0','6','1','6','1','0',0};
523 static const BYTE bin30[] = {
524 0x17,0x0b,'4','5','0','6','0','6','1','6','1','0','Z',0};
525 static const BYTE bin31[] = {
526 0x17,0x0d,'4','5','0','6','0','6','1','6','1','0','+','0','1',0};
527 static const BYTE bin32[] = {
528 0x17,0x0d,'4','5','0','6','0','6','1','6','1','0','-','0','1',0};
529 static const BYTE bin33[] = {
530 0x17,0x0f,'4','5','0','6','0','6','1','6','1','0','+','0','1','0','0',0};
531 static const BYTE bin34[] = {
532 0x17,0x0f,'4','5','0','6','0','6','1','6','1','0','-','0','1','0','0',0};
533 static const BYTE bin35[] = {
534 0x17,0x08, '4','5','0','6','0','6','1','6',0};
535 static const BYTE bin36[] = {
536 0x18,0x0f, 'a','a','a','a','a','a','a','a','a','a','a','a','a','a','Z',0};
537 static const BYTE bin37[] = {
538 0x18,0x04, '2','1','4','5',0};
539 static const BYTE bin38[] = {
540 0x18,0x08, '2','1','4','5','0','6','0','6',0};
542 static void test_decodeFiletime(DWORD dwEncoding)
544 static const struct encodedFiletime otherTimes[] = {
545 { { 1945, 6, 1, 6, 16, 10, 0, 0 }, bin23 },
546 { { 1945, 6, 1, 6, 16, 10, 0, 999 }, bin24 },
547 { { 1945, 6, 1, 6, 17, 10, 0, 0 }, bin25 },
548 { { 1945, 6, 1, 6, 15, 10, 0, 0 }, bin26 },
549 { { 1945, 6, 1, 6, 14, 55, 0, 0 }, bin27 },
550 { { 2145, 6, 1, 6, 16, 0, 0, 0 }, bin28 },
551 { { 2045, 6, 1, 6, 16, 10, 0, 0 }, bin29 },
552 { { 2045, 6, 1, 6, 16, 10, 0, 0 }, bin30 },
553 { { 2045, 6, 1, 6, 17, 10, 0, 0 }, bin31 },
554 { { 2045, 6, 1, 6, 15, 10, 0, 0 }, bin32 },
555 { { 2045, 6, 1, 6, 17, 10, 0, 0 }, bin33 },
556 { { 2045, 6, 1, 6, 15, 10, 0, 0 }, bin34 },
558 /* An oddball case that succeeds in Windows, but doesn't seem correct
559 { { 2145, 6, 1, 2, 11, 31, 0, 0 }, "\x18" "\x13" "21450606161000-9999" },
561 static const unsigned char *bogusTimes[] = {
562 /* oddly, this succeeds on Windows, with year 2765
563 "\x18" "\x0f" "21r50606161000Z",
571 FILETIME ft1 = { 0 }, ft2 = { 0 };
574 /* Check bogus length with non-NULL buffer */
575 ret = SystemTimeToFileTime(×[0].sysTime, &ft1);
576 ok(ret, "SystemTimeToFileTime failed: %ld\n", GetLastError());
578 ret = CryptDecodeObjectEx(dwEncoding, X509_CHOICE_OF_TIME,
579 times[0].encodedTime, times[0].encodedTime[1] + 2, 0, NULL, &ft2, &size);
580 ok(!ret && GetLastError() == ERROR_MORE_DATA,
581 "Expected ERROR_MORE_DATA, got %ld\n", GetLastError());
583 for (i = 0; i < sizeof(times) / sizeof(times[0]); i++)
585 testTimeDecoding(dwEncoding, X509_CHOICE_OF_TIME, ×[i]);
586 testTimeDecoding(dwEncoding, PKCS_UTC_TIME, ×[i]);
587 testTimeDecoding(dwEncoding, szOID_RSA_signingTime, ×[i]);
589 for (i = 0; i < sizeof(otherTimes) / sizeof(otherTimes[0]); i++)
591 testTimeDecoding(dwEncoding, X509_CHOICE_OF_TIME, &otherTimes[i]);
592 testTimeDecoding(dwEncoding, PKCS_UTC_TIME, &otherTimes[i]);
593 testTimeDecoding(dwEncoding, szOID_RSA_signingTime, &otherTimes[i]);
595 for (i = 0; i < sizeof(bogusTimes) / sizeof(bogusTimes[0]); i++)
598 ret = CryptDecodeObjectEx(dwEncoding, X509_CHOICE_OF_TIME,
599 bogusTimes[i], bogusTimes[i][1] + 2, 0, NULL, &ft1, &size);
600 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
601 "Expected CRYPT_E_ASN1_CORRUPT, got %08lx\n", GetLastError());
611 static const char commonName[] = "Juan Lang";
612 static const char surName[] = "Lang";
613 static const char bogusIA5[] = "\x80";
614 static const char bogusPrintable[] = "~";
615 static const char bogusNumeric[] = "A";
616 static const unsigned char bin39[] = {
617 0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,'J','u','a','n',' ','L','a','n','g',0};
618 static const unsigned char bin40[] = {
619 0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x16,0x0a,'J','u','a','n',' ','L','a','n','g',0};
620 static const unsigned char bin41[] = {
621 0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x04,0x16,0x05,'L','a','n','g',0};
622 static const unsigned char bin42[] = {
623 0x30,0x12,0x31,0x10,0x30,0x0e,0x06,0x00,0x13,0x0a,'J','u','a','n',' ','L','a','n','g',0};
624 static const unsigned char bin43[] = {
625 0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x03,0x16,0x02,0x80,0};
626 static const unsigned char bin44[] = {
627 0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x03,0x13,0x02,0x7e,0};
628 static const unsigned char bin45[] = {
629 0x30,0x0d,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x03,0x12,0x02,0x41,0};
630 static const struct EncodedName names[] = {
631 { { szOID_COMMON_NAME, CERT_RDN_PRINTABLE_STRING,
632 { sizeof(commonName), (BYTE *)commonName } }, bin39 },
633 { { szOID_COMMON_NAME, CERT_RDN_IA5_STRING,
634 { sizeof(commonName), (BYTE *)commonName } }, bin40 },
635 { { szOID_SUR_NAME, CERT_RDN_IA5_STRING,
636 { sizeof(surName), (BYTE *)surName } }, bin41 },
637 { { NULL, CERT_RDN_PRINTABLE_STRING,
638 { sizeof(commonName), (BYTE *)commonName } }, bin42 },
639 /* The following test isn't a very good one, because it doesn't encode any
640 * Japanese characters. I'm leaving it out for now.
641 { { szOID_COMMON_NAME, CERT_RDN_T61_STRING,
642 { sizeof(commonName), (BYTE *)commonName } },
643 "\x30\x15\x31\x13\x30\x11\x06\x03\x55\x04\x03\x14\x0aJuan Lang" },
645 /* The following tests succeed under Windows, but really should fail,
646 * they contain characters that are illegal for the encoding. I'm
647 * including them to justify my lazy encoding.
649 { { szOID_COMMON_NAME, CERT_RDN_IA5_STRING,
650 { sizeof(bogusIA5), (BYTE *)bogusIA5 } }, bin43 },
651 { { szOID_COMMON_NAME, CERT_RDN_PRINTABLE_STRING,
652 { sizeof(bogusPrintable), (BYTE *)bogusPrintable } }, bin44 },
653 { { szOID_COMMON_NAME, CERT_RDN_NUMERIC_STRING,
654 { sizeof(bogusNumeric), (BYTE *)bogusNumeric } }, bin45 },
657 static const BYTE emptySequence[] = { 0x30, 0 };
658 static const BYTE emptyRDNs[] = { 0x30, 0x02, 0x31, 0 };
659 static const BYTE twoRDNs[] = {
660 0x30,0x23,0x31,0x21,0x30,0x0c,0x06,0x03,0x55,0x04,0x04,
661 0x13,0x05,0x4c,0x61,0x6e,0x67,0x00,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
662 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0};
664 static const BYTE us[] = { 0x55, 0x53 };
665 static const BYTE minnesota[] = { 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x73, 0x6f,
667 static const BYTE minneapolis[] = { 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x61, 0x70,
668 0x6f, 0x6c, 0x69, 0x73 };
669 static const BYTE codeweavers[] = { 0x43, 0x6f, 0x64, 0x65, 0x57, 0x65, 0x61,
670 0x76, 0x65, 0x72, 0x73 };
671 static const BYTE wine[] = { 0x57, 0x69, 0x6e, 0x65, 0x20, 0x44, 0x65, 0x76,
672 0x65, 0x6c, 0x6f, 0x70, 0x6d, 0x65, 0x6e, 0x74 };
673 static const BYTE localhostAttr[] = { 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f,
675 static const BYTE aric[] = { 0x61, 0x72, 0x69, 0x63, 0x40, 0x63, 0x6f, 0x64,
676 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63, 0x6f, 0x6d };
678 #define _blob_of(arr) { sizeof(arr), (LPBYTE)arr }
679 const CERT_RDN_ATTR rdnAttrs[] = {
680 { "2.5.4.6", CERT_RDN_PRINTABLE_STRING, _blob_of(us) },
681 { "2.5.4.8", CERT_RDN_PRINTABLE_STRING, _blob_of(minnesota) },
682 { "2.5.4.7", CERT_RDN_PRINTABLE_STRING, _blob_of(minneapolis) },
683 { "2.5.4.10", CERT_RDN_PRINTABLE_STRING, _blob_of(codeweavers) },
684 { "2.5.4.11", CERT_RDN_PRINTABLE_STRING, _blob_of(wine) },
685 { "2.5.4.3", CERT_RDN_PRINTABLE_STRING, _blob_of(localhostAttr) },
686 { "1.2.840.113549.1.9.1", CERT_RDN_IA5_STRING, _blob_of(aric) },
688 const CERT_RDN_ATTR decodedRdnAttrs[] = {
689 { "2.5.4.6", CERT_RDN_PRINTABLE_STRING, _blob_of(us) },
690 { "2.5.4.3", CERT_RDN_PRINTABLE_STRING, _blob_of(localhostAttr) },
691 { "2.5.4.8", CERT_RDN_PRINTABLE_STRING, _blob_of(minnesota) },
692 { "2.5.4.7", CERT_RDN_PRINTABLE_STRING, _blob_of(minneapolis) },
693 { "2.5.4.10", CERT_RDN_PRINTABLE_STRING, _blob_of(codeweavers) },
694 { "2.5.4.11", CERT_RDN_PRINTABLE_STRING, _blob_of(wine) },
695 { "1.2.840.113549.1.9.1", CERT_RDN_IA5_STRING, _blob_of(aric) },
699 static const BYTE encodedRDNAttrs[] = {
700 0x30,0x81,0x96,0x31,0x81,0x93,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
701 0x53,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x6c,0x6f,0x63,0x61,0x6c,0x68,
702 0x6f,0x73,0x74,0x30,0x10,0x06,0x03,0x55,0x04,0x08,0x13,0x09,0x4d,0x69,0x6e,0x6e,
703 0x65,0x73,0x6f,0x74,0x61,0x30,0x12,0x06,0x03,0x55,0x04,0x07,0x13,0x0b,0x4d,0x69,
704 0x6e,0x6e,0x65,0x61,0x70,0x6f,0x6c,0x69,0x73,0x30,0x12,0x06,0x03,0x55,0x04,0x0a,
705 0x13,0x0b,0x43,0x6f,0x64,0x65,0x57,0x65,0x61,0x76,0x65,0x72,0x73,0x30,0x17,0x06,
706 0x03,0x55,0x04,0x0b,0x13,0x10,0x57,0x69,0x6e,0x65,0x20,0x44,0x65,0x76,0x65,0x6c,
707 0x6f,0x70,0x6d,0x65,0x6e,0x74,0x30,0x21,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
708 0x01,0x09,0x01,0x16,0x14,0x61,0x72,0x69,0x63,0x40,0x63,0x6f,0x64,0x65,0x77,0x65,
709 0x61,0x76,0x65,0x72,0x73,0x2e,0x63,0x6f,0x6d
712 static void test_encodeName(DWORD dwEncoding)
714 CERT_RDN_ATTR attrs[2];
721 /* Test with NULL pvStructInfo */
722 ret = CryptEncodeObjectEx(dwEncoding, X509_NAME, NULL,
723 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
724 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
725 "Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
726 /* Test with empty CERT_NAME_INFO */
729 ret = CryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
730 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
731 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
734 ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
735 "Got unexpected encoding for empty name\n");
738 /* Test with bogus CERT_RDN */
740 ret = CryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
741 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
742 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
743 "Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
744 /* Test with empty CERT_RDN */
746 rdn.rgRDNAttr = NULL;
749 ret = CryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
750 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
751 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
754 ok(!memcmp(buf, emptyRDNs, sizeof(emptyRDNs)),
755 "Got unexpected encoding for empty RDN array\n");
758 /* Test with bogus attr array */
760 rdn.rgRDNAttr = NULL;
761 ret = CryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
762 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
763 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
764 "Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
765 /* oddly, a bogus OID is accepted by Windows XP; not testing.
766 attrs[0].pszObjId = "bogus";
767 attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
768 attrs[0].Value.cbData = sizeof(commonName);
769 attrs[0].Value.pbData = (BYTE *)commonName;
771 rdn.rgRDNAttr = attrs;
772 ret = CryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
773 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
774 ok(!ret, "Expected failure, got success\n");
776 /* Check with two CERT_RDN_ATTRs. Note DER encoding forces the order of
777 * the encoded attributes to be swapped.
779 attrs[0].pszObjId = szOID_COMMON_NAME;
780 attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
781 attrs[0].Value.cbData = sizeof(commonName);
782 attrs[0].Value.pbData = (BYTE *)commonName;
783 attrs[1].pszObjId = szOID_SUR_NAME;
784 attrs[1].dwValueType = CERT_RDN_PRINTABLE_STRING;
785 attrs[1].Value.cbData = sizeof(surName);
786 attrs[1].Value.pbData = (BYTE *)surName;
788 rdn.rgRDNAttr = attrs;
789 ret = CryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
790 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
791 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
794 ok(!memcmp(buf, twoRDNs, sizeof(twoRDNs)),
795 "Got unexpected encoding for two RDN array\n");
798 /* CERT_RDN_ANY_TYPE is too vague for X509_NAMEs, check the return */
800 attrs[0].dwValueType = CERT_RDN_ANY_TYPE;
801 ret = CryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
802 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
803 ok(!ret && GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER),
804 "Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
805 for (i = 0; i < sizeof(names) / sizeof(names[0]); i++)
808 rdn.rgRDNAttr = (CERT_RDN_ATTR *)&names[i].attr;
809 ret = CryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
810 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
811 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
814 ok(size == names[i].encoded[1] + 2, "Expected size %d, got %ld\n",
815 names[i].encoded[1] + 2, size);
816 ok(!memcmp(buf, names[i].encoded, names[i].encoded[1] + 2),
817 "Got unexpected encoding\n");
821 /* Test a more complex name */
822 rdn.cRDNAttr = sizeof(rdnAttrs) / sizeof(rdnAttrs[0]);
823 rdn.rgRDNAttr = (PCERT_RDN_ATTR)rdnAttrs;
828 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_NAME, &info,
829 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
830 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
833 ok(size == sizeof(encodedRDNAttrs), "Expected size %d, got %ld\n",
834 sizeof(encodedRDNAttrs), size);
835 ok(!memcmp(buf, encodedRDNAttrs, size), "Unexpected value\n");
840 static void compareRDNAttrs(const CERT_RDN_ATTR *expected,
841 const CERT_RDN_ATTR *got)
843 if (expected->pszObjId && strlen(expected->pszObjId))
845 ok(got->pszObjId != NULL, "Expected OID %s, got NULL\n",
849 ok(!strcmp(got->pszObjId, expected->pszObjId),
850 "Got unexpected OID %s, expected %s\n", got->pszObjId,
854 ok(got->dwValueType == expected->dwValueType,
855 "Expected string type %ld, got %ld\n", expected->dwValueType,
857 ok(got->Value.cbData == expected->Value.cbData,
858 "Unexpected data size, got %ld, expected %ld\n", got->Value.cbData,
859 expected->Value.cbData);
860 if (got->Value.cbData && got->Value.pbData)
861 ok(!memcmp(got->Value.pbData, expected->Value.pbData,
862 min(got->Value.cbData, expected->Value.cbData)), "Unexpected value\n");
865 static void compareRDNs(const CERT_RDN *expected, const CERT_RDN *got)
867 ok(got->cRDNAttr == expected->cRDNAttr,
868 "Expected %ld RDN attrs, got %ld\n", expected->cRDNAttr, got->cRDNAttr);
873 for (i = 0; i < got->cRDNAttr; i++)
874 compareRDNAttrs(&expected->rgRDNAttr[i], &got->rgRDNAttr[i]);
878 static void compareNames(const CERT_NAME_INFO *expected,
879 const CERT_NAME_INFO *got)
881 ok(got->cRDN == expected->cRDN, "Expected %ld RDNs, got %ld\n",
882 expected->cRDN, got->cRDN);
887 for (i = 0; i < got->cRDN; i++)
888 compareRDNs(&expected->rgRDN[i], &got->rgRDN[i]);
892 static void test_decodeName(DWORD dwEncoding)
899 CERT_NAME_INFO info = { 1, &rdn };
901 for (i = 0; i < sizeof(names) / sizeof(names[0]); i++)
903 /* When the output buffer is NULL, this always succeeds */
904 SetLastError(0xdeadbeef);
905 ret = CryptDecodeObjectEx(dwEncoding, X509_NAME, names[i].encoded,
906 names[i].encoded[1] + 2, 0, NULL, NULL, &bufSize);
907 ok(ret && GetLastError() == NOERROR,
908 "Expected success and NOERROR, got %08lx\n", GetLastError());
909 ret = CryptDecodeObjectEx(dwEncoding, X509_NAME, names[i].encoded,
910 names[i].encoded[1] + 2,
911 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
912 (BYTE *)&buf, &bufSize);
913 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
915 rdn.rgRDNAttr = (CERT_RDN_ATTR *)&names[i].attr;
918 compareNames(&info, (CERT_NAME_INFO *)buf);
922 /* test empty name */
924 ret = CryptDecodeObjectEx(dwEncoding, X509_NAME, emptySequence,
925 emptySequence[1] + 2,
926 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
927 (BYTE *)&buf, &bufSize);
928 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
929 /* Interestingly, in Windows, if cRDN is 0, rgRGN may not be NULL. My
930 * decoder works the same way, so only test the count.
934 ok(bufSize == sizeof(CERT_NAME_INFO),
935 "Expected bufSize %d, got %ld\n", sizeof(CERT_NAME_INFO), bufSize);
936 ok(((CERT_NAME_INFO *)buf)->cRDN == 0,
937 "Expected 0 RDNs in empty info, got %ld\n",
938 ((CERT_NAME_INFO *)buf)->cRDN);
943 ret = CryptDecodeObjectEx(dwEncoding, X509_NAME, emptyRDNs,
945 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
946 (BYTE *)&buf, &bufSize);
947 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
950 CERT_NAME_INFO *info = (CERT_NAME_INFO *)buf;
952 ok(bufSize == sizeof(CERT_NAME_INFO) + sizeof(CERT_RDN) &&
953 info->cRDN == 1 && info->rgRDN && info->rgRDN[0].cRDNAttr == 0,
954 "Got unexpected value for empty RDN\n");
957 /* test two RDN attrs */
959 ret = CryptDecodeObjectEx(dwEncoding, X509_NAME, twoRDNs,
961 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
962 (BYTE *)&buf, &bufSize);
963 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
966 CERT_RDN_ATTR attrs[] = {
967 { szOID_SUR_NAME, CERT_RDN_PRINTABLE_STRING, { sizeof(surName),
969 { szOID_COMMON_NAME, CERT_RDN_PRINTABLE_STRING, { sizeof(commonName),
970 (BYTE *)commonName } },
973 rdn.cRDNAttr = sizeof(attrs) / sizeof(attrs[0]);
974 rdn.rgRDNAttr = attrs;
975 compareNames(&info, (CERT_NAME_INFO *)buf);
978 /* And, a slightly more complicated name */
981 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME, encodedRDNAttrs,
982 sizeof(encodedRDNAttrs), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
983 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
986 rdn.cRDNAttr = sizeof(decodedRdnAttrs) / sizeof(decodedRdnAttrs[0]);
987 rdn.rgRDNAttr = (PCERT_RDN_ATTR)decodedRdnAttrs;
988 compareNames(&info, (CERT_NAME_INFO *)buf);
993 static const BYTE emptyURL[] = { 0x30, 0x02, 0x86, 0x00 };
994 static const WCHAR url[] = { 'h','t','t','p',':','/','/','w','i','n','e',
995 'h','q','.','o','r','g',0 };
996 static const BYTE encodedURL[] = { 0x30, 0x13, 0x86, 0x11, 0x68, 0x74,
997 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71, 0x2e,
999 static const WCHAR nihongoURL[] = { 'h','t','t','p',':','/','/',0x226f,
1001 static const WCHAR dnsName[] = { 'w','i','n','e','h','q','.','o','r','g',0 };
1002 static const BYTE encodedDnsName[] = { 0x30, 0x0c, 0x82, 0x0a, 0x77, 0x69,
1003 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
1004 static const BYTE localhost[] = { 127, 0, 0, 1 };
1005 static const BYTE encodedIPAddr[] = { 0x30, 0x06, 0x87, 0x04, 0x7f, 0x00, 0x00,
1008 static void test_encodeAltName(DWORD dwEncoding)
1010 CERT_ALT_NAME_INFO info = { 0 };
1011 CERT_ALT_NAME_ENTRY entry = { 0 };
1016 /* Test with empty info */
1017 ret = CryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1018 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1021 ok(size == sizeof(emptySequence), "Expected size %d, got %ld\n",
1022 sizeof(emptySequence), size);
1023 ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
1026 /* Test with an empty entry */
1028 info.rgAltEntry = &entry;
1029 ret = CryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1030 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1031 ok(!ret && GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER),
1032 "Expected HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER), got %08lx\n",
1034 /* Test with an empty pointer */
1035 entry.dwAltNameChoice = CERT_ALT_NAME_URL;
1036 ret = CryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1037 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1040 ok(size == sizeof(emptyURL), "Expected size %d, got %ld\n",
1041 sizeof(emptyURL), size);
1042 ok(!memcmp(buf, emptyURL, size), "Unexpected value\n");
1045 /* Test with a real URL */
1046 U(entry).pwszURL = (LPWSTR)url;
1047 ret = CryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1048 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1051 ok(size == sizeof(encodedURL), "Expected size %d, got %ld\n",
1052 sizeof(encodedURL), size);
1053 ok(!memcmp(buf, encodedURL, size), "Unexpected value\n");
1056 /* Now with the URL containing an invalid IA5 char */
1057 U(entry).pwszURL = (LPWSTR)nihongoURL;
1058 ret = CryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1059 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1060 ok(!ret && GetLastError() == CRYPT_E_INVALID_IA5_STRING,
1061 "Expected CRYPT_E_INVALID_IA5_STRING, got %08lx\n", GetLastError());
1062 /* The first invalid character is at index 7 */
1063 ok(GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size) == 7,
1064 "Expected invalid char at index 7, got %ld\n",
1065 GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size));
1066 /* Now with the URL missing a scheme */
1067 U(entry).pwszURL = (LPWSTR)dnsName;
1068 ret = CryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1069 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1070 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1073 /* This succeeds, but it shouldn't, so don't worry about conforming */
1076 /* Now with a DNS name */
1077 entry.dwAltNameChoice = CERT_ALT_NAME_DNS_NAME;
1078 ret = CryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1079 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1080 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1083 ok(size == sizeof(encodedDnsName), "Expected size %d, got %ld\n",
1084 sizeof(encodedDnsName), size);
1085 ok(!memcmp(buf, encodedDnsName, size), "Unexpected value\n");
1088 /* Test with an IP address */
1089 entry.dwAltNameChoice = CERT_ALT_NAME_IP_ADDRESS;
1090 U(entry).IPAddress.cbData = sizeof(localhost);
1091 U(entry).IPAddress.pbData = (LPBYTE)localhost;
1092 ret = CryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1093 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1096 ok(size == sizeof(encodedIPAddr), "Expected size %d, got %ld\n",
1097 sizeof(encodedIPAddr), size);
1098 ok(!memcmp(buf, encodedIPAddr, size), "Unexpected value\n");
1103 static void test_decodeAltName(DWORD dwEncoding)
1105 static const BYTE unimplementedType[] = { 0x30, 0x06, 0x85, 0x04, 0x7f,
1107 static const BYTE bogusType[] = { 0x30, 0x06, 0x89, 0x04, 0x7f, 0x00, 0x00,
1112 CERT_ALT_NAME_INFO *info;
1114 /* Test some bogus ones first */
1115 ret = CryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1116 unimplementedType, sizeof(unimplementedType), CRYPT_DECODE_ALLOC_FLAG,
1117 NULL, (BYTE *)&buf, &bufSize);
1118 ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
1119 "Expected CRYPT_E_ASN1_BADTAG, got %08lx\n", GetLastError());
1120 ret = CryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1121 bogusType, sizeof(bogusType), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1123 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
1124 "Expected CRYPT_E_ASN1_CORRUPT, got %08lx\n", GetLastError());
1125 /* Now expected cases */
1126 ret = CryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, emptySequence,
1127 emptySequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1129 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1132 info = (CERT_ALT_NAME_INFO *)buf;
1134 ok(info->cAltEntry == 0, "Expected 0 entries, got %ld\n",
1138 ret = CryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, emptyURL,
1139 emptyURL[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1141 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1144 info = (CERT_ALT_NAME_INFO *)buf;
1146 ok(info->cAltEntry == 1, "Expected 1 entries, got %ld\n",
1148 ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_URL,
1149 "Expected CERT_ALT_NAME_URL, got %ld\n",
1150 info->rgAltEntry[0].dwAltNameChoice);
1151 ok(U(info->rgAltEntry[0]).pwszURL == NULL || !*U(info->rgAltEntry[0]).pwszURL,
1152 "Expected empty URL\n");
1155 ret = CryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedURL,
1156 encodedURL[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1158 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1161 info = (CERT_ALT_NAME_INFO *)buf;
1163 ok(info->cAltEntry == 1, "Expected 1 entries, got %ld\n",
1165 ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_URL,
1166 "Expected CERT_ALT_NAME_URL, got %ld\n",
1167 info->rgAltEntry[0].dwAltNameChoice);
1168 ok(!lstrcmpW(U(info->rgAltEntry[0]).pwszURL, url), "Unexpected URL\n");
1171 ret = CryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedDnsName,
1172 encodedDnsName[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1174 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1177 info = (CERT_ALT_NAME_INFO *)buf;
1179 ok(info->cAltEntry == 1, "Expected 1 entries, got %ld\n",
1181 ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME,
1182 "Expected CERT_ALT_NAME_DNS_NAME, got %ld\n",
1183 info->rgAltEntry[0].dwAltNameChoice);
1184 ok(!lstrcmpW(U(info->rgAltEntry[0]).pwszDNSName, dnsName),
1185 "Unexpected DNS name\n");
1188 ret = CryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedIPAddr,
1189 encodedIPAddr[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1191 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1194 info = (CERT_ALT_NAME_INFO *)buf;
1196 ok(info->cAltEntry == 1, "Expected 1 entries, got %ld\n",
1198 ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS,
1199 "Expected CERT_ALT_NAME_IP_ADDRESS, got %ld\n",
1200 info->rgAltEntry[0].dwAltNameChoice);
1201 ok(U(info->rgAltEntry[0]).IPAddress.cbData == sizeof(localhost),
1202 "Unexpected IP address length %ld\n",
1203 U(info->rgAltEntry[0]).IPAddress.cbData);
1204 ok(!memcmp(U(info->rgAltEntry[0]).IPAddress.pbData, localhost,
1205 sizeof(localhost)), "Unexpected IP address value\n");
1210 struct encodedOctets
1213 const BYTE *encoded;
1216 static const unsigned char bin46[] = { 'h','i',0 };
1217 static const unsigned char bin47[] = { 0x04,0x02,'h','i',0 };
1218 static const unsigned char bin48[] = {
1219 's','o','m','e','l','o','n','g',0xff,'s','t','r','i','n','g',0 };
1220 static const unsigned char bin49[] = {
1221 0x04,0x0f,'s','o','m','e','l','o','n','g',0xff,'s','t','r','i','n','g',0 };
1222 static const unsigned char bin50[] = { 0 };
1223 static const unsigned char bin51[] = { 0x04,0x00,0 };
1225 static const struct encodedOctets octets[] = {
1231 static void test_encodeOctets(DWORD dwEncoding)
1233 CRYPT_DATA_BLOB blob;
1236 for (i = 0; i < sizeof(octets) / sizeof(octets[0]); i++)
1242 blob.cbData = strlen((const char*)octets[i].val);
1243 blob.pbData = (BYTE*)octets[i].val;
1244 ret = CryptEncodeObjectEx(dwEncoding, X509_OCTET_STRING, &blob,
1245 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1246 ok(ret, "CryptEncodeObjectEx failed: %ld\n", GetLastError());
1250 "Got unexpected type %d for octet string (expected 4)\n", buf[0]);
1251 ok(buf[1] == octets[i].encoded[1], "Got length %d, expected %d\n",
1252 buf[1], octets[i].encoded[1]);
1253 ok(!memcmp(buf + 1, octets[i].encoded + 1,
1254 octets[i].encoded[1] + 1), "Got unexpected value\n");
1260 static void test_decodeOctets(DWORD dwEncoding)
1264 for (i = 0; i < sizeof(octets) / sizeof(octets[0]); i++)
1270 ret = CryptDecodeObjectEx(dwEncoding, X509_OCTET_STRING,
1271 (BYTE *)octets[i].encoded, octets[i].encoded[1] + 2,
1272 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1273 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1274 ok(bufSize >= sizeof(CRYPT_DATA_BLOB) + octets[i].encoded[1],
1275 "Expected size >= %d, got %ld\n",
1276 sizeof(CRYPT_DATA_BLOB) + octets[i].encoded[1], bufSize);
1277 ok(buf != NULL, "Expected allocated buffer\n");
1280 CRYPT_DATA_BLOB *blob = (CRYPT_DATA_BLOB *)buf;
1283 ok(!memcmp(blob->pbData, octets[i].val, blob->cbData),
1284 "Unexpected value\n");
1290 static const BYTE bytesToEncode[] = { 0xff, 0xff };
1295 const BYTE *encoded;
1297 const BYTE *decoded;
1300 static const unsigned char bin52[] = { 0x03,0x03,0x00,0xff,0xff,0 };
1301 static const unsigned char bin53[] = { 0xff,0xff,0 };
1302 static const unsigned char bin54[] = { 0x03,0x03,0x01,0xff,0xfe,0 };
1303 static const unsigned char bin55[] = { 0xff,0xfe,0 };
1304 static const unsigned char bin56[] = { 0x03,0x02,0x01,0xfe,0 };
1305 static const unsigned char bin57[] = { 0xfe,0 };
1306 static const unsigned char bin58[] = { 0x03,0x01,0x00,0 };
1308 static const struct encodedBits bits[] = {
1309 /* normal test cases */
1310 { 0, bin52, 2, bin53 },
1311 { 1, bin54, 2, bin55 },
1312 /* strange test case, showing cUnusedBits >= 8 is allowed */
1313 { 9, bin56, 1, bin57 },
1314 /* even stranger test case, showing cUnusedBits > cbData * 8 is allowed */
1315 { 17, bin58, 0, NULL },
1318 static void test_encodeBits(DWORD dwEncoding)
1322 for (i = 0; i < sizeof(bits) / sizeof(bits[0]); i++)
1324 CRYPT_BIT_BLOB blob;
1329 blob.cbData = sizeof(bytesToEncode);
1330 blob.pbData = (BYTE *)bytesToEncode;
1331 blob.cUnusedBits = bits[i].cUnusedBits;
1332 ret = CryptEncodeObjectEx(dwEncoding, X509_BITS, &blob,
1333 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1334 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1337 ok(bufSize == bits[i].encoded[1] + 2,
1338 "Got unexpected size %ld, expected %d\n", bufSize,
1339 bits[i].encoded[1] + 2);
1340 ok(!memcmp(buf, bits[i].encoded, bits[i].encoded[1] + 2),
1341 "Unexpected value\n");
1347 static void test_decodeBits(DWORD dwEncoding)
1349 static const BYTE ber[] = "\x03\x02\x01\xff";
1350 static const BYTE berDecoded = 0xfe;
1357 for (i = 0; i < sizeof(bits) / sizeof(bits[0]); i++)
1359 ret = CryptDecodeObjectEx(dwEncoding, X509_BITS, bits[i].encoded,
1360 bits[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1362 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1365 CRYPT_BIT_BLOB *blob;
1367 ok(bufSize >= sizeof(CRYPT_BIT_BLOB) + bits[i].cbDecoded,
1368 "Got unexpected size %ld, expected >= %ld\n", bufSize,
1369 sizeof(CRYPT_BIT_BLOB) + bits[i].cbDecoded);
1370 blob = (CRYPT_BIT_BLOB *)buf;
1371 ok(blob->cbData == bits[i].cbDecoded,
1372 "Got unexpected length %ld, expected %ld\n", blob->cbData,
1374 if (blob->cbData && bits[i].cbDecoded)
1375 ok(!memcmp(blob->pbData, bits[i].decoded, bits[i].cbDecoded),
1376 "Unexpected value\n");
1380 /* special case: check that something that's valid in BER but not in DER
1381 * decodes successfully
1383 ret = CryptDecodeObjectEx(dwEncoding, X509_BITS, ber, ber[1] + 2,
1384 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1385 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1388 CRYPT_BIT_BLOB *blob;
1390 ok(bufSize >= sizeof(CRYPT_BIT_BLOB) + sizeof(berDecoded),
1391 "Got unexpected size %ld, expected >= %d\n", bufSize,
1392 sizeof(CRYPT_BIT_BLOB) + berDecoded);
1393 blob = (CRYPT_BIT_BLOB *)buf;
1394 ok(blob->cbData == sizeof(berDecoded),
1395 "Got unexpected length %ld, expected %d\n", blob->cbData,
1396 sizeof(berDecoded));
1398 ok(*blob->pbData == berDecoded, "Unexpected value\n");
1405 CERT_BASIC_CONSTRAINTS2_INFO info;
1406 const BYTE *encoded;
1409 static const unsigned char bin59[] = { 0x30,0x00,0 };
1410 static const unsigned char bin60[] = { 0x30,0x03,0x01,0x01,0xff,0 };
1411 static const unsigned char bin61[] = { 0x30,0x03,0x02,0x01,0x00,0 };
1412 static const unsigned char bin62[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01,0 };
1413 static const struct Constraints2 constraints2[] = {
1414 /* empty constraints */
1415 { { FALSE, FALSE, 0}, bin59 },
1417 { { TRUE, FALSE, 0}, bin60 },
1418 /* has path length constraints set (MSDN implies fCA needs to be TRUE as well,
1419 * but that's not the case
1421 { { FALSE, TRUE, 0}, bin61 },
1422 /* can be a CA and has path length constraints set */
1423 { { TRUE, TRUE, 1}, bin62 },
1426 static const BYTE emptyConstraint[] = { 0x30, 0x03, 0x03, 0x01, 0x00 };
1427 static const BYTE encodedDomainName[] = { 0x30, 0x2b, 0x31, 0x29, 0x30, 0x11,
1428 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16,
1429 0x03, 0x6f, 0x72, 0x67, 0x30, 0x14, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93,
1430 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x06, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71 };
1431 static const BYTE constraintWithDomainName[] = { 0x30, 0x32, 0x03, 0x01, 0x00,
1432 0x30, 0x2d, 0x30, 0x2b, 0x31, 0x29, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26,
1433 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x03, 0x6f, 0x72, 0x67, 0x30,
1434 0x14, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19,
1435 0x16, 0x06, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71 };
1437 static void test_encodeBasicConstraints(DWORD dwEncoding)
1439 DWORD i, bufSize = 0;
1440 CERT_BASIC_CONSTRAINTS_INFO info;
1441 CERT_NAME_BLOB nameBlob = { sizeof(encodedDomainName),
1442 (LPBYTE)encodedDomainName };
1446 /* First test with the simpler info2 */
1447 for (i = 0; i < sizeof(constraints2) / sizeof(constraints2[0]); i++)
1449 ret = CryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
1450 &constraints2[i].info, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1452 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1455 ok(bufSize == constraints2[i].encoded[1] + 2,
1456 "Expected %d bytes, got %ld\n", constraints2[i].encoded[1] + 2,
1458 ok(!memcmp(buf, constraints2[i].encoded,
1459 constraints2[i].encoded[1] + 2), "Unexpected value\n");
1463 /* Now test with more complex basic constraints */
1464 info.SubjectType.cbData = 0;
1465 info.fPathLenConstraint = FALSE;
1466 info.cSubtreesConstraint = 0;
1467 ret = CryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS, &info,
1468 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1469 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1472 ok(bufSize == sizeof(emptyConstraint), "Expected %d bytes, got %ld\n",
1473 sizeof(emptyConstraint), bufSize);
1474 ok(!memcmp(buf, emptyConstraint, sizeof(emptyConstraint)),
1475 "Unexpected value\n");
1478 /* None of the certs I examined had any subtree constraint, but I test one
1479 * anyway just in case.
1481 info.cSubtreesConstraint = 1;
1482 info.rgSubtreesConstraint = &nameBlob;
1483 ret = CryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS, &info,
1484 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1485 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1488 ok(bufSize == sizeof(constraintWithDomainName),
1489 "Expected %d bytes, got %ld\n", sizeof(constraintWithDomainName),
1491 ok(!memcmp(buf, constraintWithDomainName,
1492 sizeof(constraintWithDomainName)), "Unexpected value\n");
1495 /* FIXME: test encoding with subject type. */
1498 static const unsigned char bin63[] = { 0x30,0x06,0x01,0x01,0x01,0x02,0x01,0x01,0 };
1500 static void test_decodeBasicConstraints(DWORD dwEncoding)
1502 static const BYTE inverted[] = "\x30\x06\x02\x01\x01\x01\x01\xff";
1503 static const struct Constraints2 badBool = { { TRUE, TRUE, 1 }, bin63 };
1509 /* First test with simpler info2 */
1510 for (i = 0; i < sizeof(constraints2) / sizeof(constraints2[0]); i++)
1512 ret = CryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
1513 constraints2[i].encoded, constraints2[i].encoded[1] + 2,
1514 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1515 ok(ret, "CryptDecodeObjectEx failed for item %ld: %08lx\n", i,
1519 CERT_BASIC_CONSTRAINTS2_INFO *info =
1520 (CERT_BASIC_CONSTRAINTS2_INFO *)buf;
1522 ok(!memcmp(info, &constraints2[i].info, sizeof(*info)),
1523 "Unexpected value for item %ld\n", i);
1527 /* Check with the order of encoded elements inverted */
1529 ret = CryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
1530 inverted, inverted[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1532 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
1533 "Expected CRYPT_E_ASN1_CORRUPT, got %08lx\n", GetLastError());
1534 ok(!buf, "Expected buf to be set to NULL\n");
1535 /* Check with a non-DER bool */
1536 ret = CryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
1537 badBool.encoded, badBool.encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
1538 (BYTE *)&buf, &bufSize);
1539 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1542 CERT_BASIC_CONSTRAINTS2_INFO *info =
1543 (CERT_BASIC_CONSTRAINTS2_INFO *)buf;
1545 ok(!memcmp(info, &badBool.info, sizeof(*info)), "Unexpected value\n");
1548 /* Check with a non-basic constraints value */
1549 ret = CryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
1550 names[0].encoded, names[0].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
1551 (BYTE *)&buf, &bufSize);
1552 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
1553 "Expected CRYPT_E_ASN1_CORRUPT, got %08lx\n", GetLastError());
1554 /* Now check with the more complex CERT_BASIC_CONSTRAINTS_INFO */
1555 ret = CryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS,
1556 emptyConstraint, sizeof(emptyConstraint), CRYPT_DECODE_ALLOC_FLAG, NULL,
1557 (BYTE *)&buf, &bufSize);
1558 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1561 CERT_BASIC_CONSTRAINTS_INFO *info = (CERT_BASIC_CONSTRAINTS_INFO *)buf;
1563 ok(info->SubjectType.cbData == 0, "Expected no subject type\n");
1564 ok(!info->fPathLenConstraint, "Expected no path length constraint\n");
1565 ok(info->cSubtreesConstraint == 0, "Expected no subtree constraints\n");
1568 ret = CryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS,
1569 constraintWithDomainName, sizeof(constraintWithDomainName),
1570 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1571 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1574 CERT_BASIC_CONSTRAINTS_INFO *info = (CERT_BASIC_CONSTRAINTS_INFO *)buf;
1576 ok(info->SubjectType.cbData == 0, "Expected no subject type\n");
1577 ok(!info->fPathLenConstraint, "Expected no path length constraint\n");
1578 ok(info->cSubtreesConstraint == 1, "Expected a subtree constraint\n");
1579 if (info->cSubtreesConstraint && info->rgSubtreesConstraint)
1581 ok(info->rgSubtreesConstraint[0].cbData ==
1582 sizeof(encodedDomainName), "Expected %d bytes, got %ld\n",
1583 sizeof(encodedDomainName), info->rgSubtreesConstraint[0].cbData);
1584 ok(!memcmp(info->rgSubtreesConstraint[0].pbData, encodedDomainName,
1585 sizeof(encodedDomainName)), "Unexpected value\n");
1591 /* These are terrible public keys of course, I'm just testing encoding */
1592 static const BYTE modulus1[] = { 0,0,0,1,1,1,1,1 };
1593 static const BYTE modulus2[] = { 1,1,1,1,1,0,0,0 };
1594 static const BYTE modulus3[] = { 0x80,1,1,1,1,0,0,0 };
1595 static const BYTE modulus4[] = { 1,1,1,1,1,0,0,0x80 };
1596 static const BYTE mod1_encoded[] = { 0x30,0x0f,0x02,0x08,0x01,0x01,0x01,0x01,0x01,0x00,0x00,0x00,0x02,0x03,0x01,0x00,0x01 };
1597 static const BYTE mod2_encoded[] = { 0x30,0x0c,0x02,0x05,0x01,0x01,0x01,0x01,0x01,0x02,0x03,0x01,0x00,0x01 };
1598 static const BYTE mod3_encoded[] = { 0x30,0x0c,0x02,0x05,0x01,0x01,0x01,0x01,0x80,0x02,0x03,0x01,0x00,0x01 };
1599 static const BYTE mod4_encoded[] = { 0x30,0x10,0x02,0x09,0x00,0x80,0x00,0x00,0x01,0x01,0x01,0x01,0x01,0x02,0x03,0x01,0x00,0x01 };
1601 struct EncodedRSAPubKey
1603 const BYTE *modulus;
1605 const BYTE *encoded;
1606 size_t decodedModulusLen;
1609 struct EncodedRSAPubKey rsaPubKeys[] = {
1610 { modulus1, sizeof(modulus1), mod1_encoded, sizeof(modulus1) },
1611 { modulus2, sizeof(modulus2), mod2_encoded, 5 },
1612 { modulus3, sizeof(modulus3), mod3_encoded, 5 },
1613 { modulus4, sizeof(modulus4), mod4_encoded, 8 },
1616 static void test_encodeRsaPublicKey(DWORD dwEncoding)
1618 BYTE toEncode[sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + sizeof(modulus1)];
1619 BLOBHEADER *hdr = (BLOBHEADER *)toEncode;
1620 RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(toEncode + sizeof(BLOBHEADER));
1623 DWORD bufSize = 0, i;
1625 /* Try with a bogus blob type */
1627 hdr->bVersion = CUR_BLOB_VERSION;
1629 hdr->aiKeyAlg = CALG_RSA_KEYX;
1630 rsaPubKey->magic = 0x31415352;
1631 rsaPubKey->bitlen = sizeof(modulus1) * 8;
1632 rsaPubKey->pubexp = 65537;
1633 memcpy(toEncode + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY), modulus1,
1636 ret = CryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
1637 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1639 ok(!ret && GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER),
1640 "Expected HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER), got %08lx\n",
1642 /* Now with a bogus reserved field */
1643 hdr->bType = PUBLICKEYBLOB;
1645 ret = CryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
1646 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1650 ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
1651 "Expected size %d, got %ld\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
1652 ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
1655 /* Now with a bogus blob version */
1658 ret = CryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
1659 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1663 ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
1664 "Expected size %d, got %ld\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
1665 ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
1668 /* And with a bogus alg ID */
1669 hdr->bVersion = CUR_BLOB_VERSION;
1670 hdr->aiKeyAlg = CALG_DES;
1671 ret = CryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
1672 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1676 ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
1677 "Expected size %d, got %ld\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
1678 ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
1681 /* Check a couple of RSA-related OIDs */
1682 hdr->aiKeyAlg = CALG_RSA_KEYX;
1683 ret = CryptEncodeObjectEx(dwEncoding, szOID_RSA_RSA,
1684 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1685 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1686 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
1687 ret = CryptEncodeObjectEx(dwEncoding, szOID_RSA_SHA1RSA,
1688 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1689 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1690 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
1691 /* Finally, all valid */
1692 hdr->aiKeyAlg = CALG_RSA_KEYX;
1693 for (i = 0; i < sizeof(rsaPubKeys) / sizeof(rsaPubKeys[0]); i++)
1695 memcpy(toEncode + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY),
1696 rsaPubKeys[i].modulus, rsaPubKeys[i].modulusLen);
1697 ret = CryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
1698 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1699 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1702 ok(bufSize == rsaPubKeys[i].encoded[1] + 2,
1703 "Expected size %d, got %ld\n", rsaPubKeys[i].encoded[1] + 2,
1705 ok(!memcmp(buf, rsaPubKeys[i].encoded, bufSize),
1706 "Unexpected value\n");
1712 static void test_decodeRsaPublicKey(DWORD dwEncoding)
1719 /* Try with a bad length */
1720 ret = CryptDecodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
1721 rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1],
1722 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1723 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
1724 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", CRYPT_E_ASN1_EOD);
1725 /* Try with a couple of RSA-related OIDs */
1726 ret = CryptDecodeObjectEx(dwEncoding, szOID_RSA_RSA,
1727 rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1] + 2,
1728 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1729 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1730 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
1731 ret = CryptDecodeObjectEx(dwEncoding, szOID_RSA_SHA1RSA,
1732 rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1] + 2,
1733 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1734 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
1735 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
1736 /* Now try success cases */
1737 for (i = 0; i < sizeof(rsaPubKeys) / sizeof(rsaPubKeys[0]); i++)
1740 ret = CryptDecodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
1741 rsaPubKeys[i].encoded, rsaPubKeys[i].encoded[1] + 2,
1742 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1743 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1746 BLOBHEADER *hdr = (BLOBHEADER *)buf;
1747 RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(buf + sizeof(BLOBHEADER));
1749 ok(bufSize >= sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) +
1750 rsaPubKeys[i].decodedModulusLen,
1751 "Expected size at least %d, got %ld\n",
1752 sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) +
1753 rsaPubKeys[i].decodedModulusLen, bufSize);
1754 ok(hdr->bType == PUBLICKEYBLOB,
1755 "Expected type PUBLICKEYBLOB (%d), got %d\n", PUBLICKEYBLOB,
1757 ok(hdr->bVersion == CUR_BLOB_VERSION,
1758 "Expected version CUR_BLOB_VERSION (%d), got %d\n",
1759 CUR_BLOB_VERSION, hdr->bVersion);
1760 ok(hdr->reserved == 0, "Expected reserved 0, got %d\n",
1762 ok(hdr->aiKeyAlg == CALG_RSA_KEYX,
1763 "Expected CALG_RSA_KEYX, got %08x\n", hdr->aiKeyAlg);
1764 ok(rsaPubKey->magic == 0x31415352,
1765 "Expected magic RSA1, got %08lx\n", rsaPubKey->magic);
1766 ok(rsaPubKey->bitlen == rsaPubKeys[i].decodedModulusLen * 8,
1767 "Expected bit len %d, got %ld\n",
1768 rsaPubKeys[i].decodedModulusLen * 8, rsaPubKey->bitlen);
1769 ok(rsaPubKey->pubexp == 65537, "Expected pubexp 65537, got %ld\n",
1771 ok(!memcmp(buf + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY),
1772 rsaPubKeys[i].modulus, rsaPubKeys[i].decodedModulusLen),
1773 "Unexpected modulus\n");
1779 static const BYTE intSequence[] = { 0x30, 0x1b, 0x02, 0x01, 0x01, 0x02, 0x01,
1780 0x7f, 0x02, 0x02, 0x00, 0x80, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x80, 0x02,
1781 0x02, 0xff, 0x7f, 0x02, 0x04, 0xba, 0xdd, 0xf0, 0x0d };
1783 static const BYTE mixedSequence[] = { 0x30, 0x27, 0x17, 0x0d, 0x30, 0x35, 0x30,
1784 0x36, 0x30, 0x36, 0x31, 0x36, 0x31, 0x30, 0x30, 0x30, 0x5a, 0x02, 0x01, 0x7f,
1785 0x02, 0x02, 0x00, 0x80, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x80, 0x02, 0x02,
1786 0xff, 0x7f, 0x02, 0x04, 0xba, 0xdd, 0xf0, 0x0d };
1788 static void test_encodeSequenceOfAny(DWORD dwEncoding)
1790 CRYPT_DER_BLOB blobs[sizeof(ints) / sizeof(ints[0])];
1791 CRYPT_SEQUENCE_OF_ANY seq;
1797 /* Encode a homogenous sequence */
1798 for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
1800 blobs[i].cbData = ints[i].encoded[1] + 2;
1801 blobs[i].pbData = (BYTE *)ints[i].encoded;
1803 seq.cValue = sizeof(ints) / sizeof(ints[0]);
1804 seq.rgValue = blobs;
1806 ret = CryptEncodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, &seq,
1807 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1808 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1811 ok(bufSize == sizeof(intSequence), "Expected %d bytes, got %ld\n",
1812 sizeof(intSequence), bufSize);
1813 ok(!memcmp(buf, intSequence, intSequence[1] + 2), "Unexpected value\n");
1816 /* Change the type of the first element in the sequence, and give it
1819 blobs[0].cbData = times[0].encodedTime[1] + 2;
1820 blobs[0].pbData = (BYTE *)times[0].encodedTime;
1821 ret = CryptEncodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, &seq,
1822 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1823 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1826 ok(bufSize == sizeof(mixedSequence), "Expected %d bytes, got %ld\n",
1827 sizeof(mixedSequence), bufSize);
1828 ok(!memcmp(buf, mixedSequence, mixedSequence[1] + 2),
1829 "Unexpected value\n");
1834 static void test_decodeSequenceOfAny(DWORD dwEncoding)
1840 ret = CryptDecodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, intSequence,
1841 intSequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1842 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1845 CRYPT_SEQUENCE_OF_ANY *seq = (CRYPT_SEQUENCE_OF_ANY *)buf;
1848 ok(seq->cValue == sizeof(ints) / sizeof(ints[0]),
1849 "Expected %d elements, got %ld\n", sizeof(ints) / sizeof(ints[0]),
1851 for (i = 0; i < min(seq->cValue, sizeof(ints) / sizeof(ints[0])); i++)
1853 ok(seq->rgValue[i].cbData == ints[i].encoded[1] + 2,
1854 "Expected %d bytes, got %ld\n", ints[i].encoded[1] + 2,
1855 seq->rgValue[i].cbData);
1856 ok(!memcmp(seq->rgValue[i].pbData, ints[i].encoded,
1857 ints[i].encoded[1] + 2), "Unexpected value\n");
1861 ret = CryptDecodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, mixedSequence,
1862 mixedSequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1864 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1867 CRYPT_SEQUENCE_OF_ANY *seq = (CRYPT_SEQUENCE_OF_ANY *)buf;
1869 ok(seq->cValue == sizeof(ints) / sizeof(ints[0]),
1870 "Expected %d elements, got %ld\n", sizeof(ints) / sizeof(ints[0]),
1872 /* Just check the first element since it's all that changed */
1873 ok(seq->rgValue[0].cbData == times[0].encodedTime[1] + 2,
1874 "Expected %d bytes, got %ld\n", times[0].encodedTime[1] + 2,
1875 seq->rgValue[0].cbData);
1876 ok(!memcmp(seq->rgValue[0].pbData, times[0].encodedTime,
1877 times[0].encodedTime[1] + 2), "Unexpected value\n");
1882 struct encodedExtensions
1884 CERT_EXTENSIONS exts;
1885 const BYTE *encoded;
1888 static BYTE crit_ext_data[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
1889 static BYTE noncrit_ext_data[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
1891 static CERT_EXTENSION criticalExt =
1892 { szOID_BASIC_CONSTRAINTS2, TRUE, { 8, crit_ext_data } };
1893 static CERT_EXTENSION nonCriticalExt =
1894 { szOID_BASIC_CONSTRAINTS2, FALSE, { 8, noncrit_ext_data } };
1896 static const BYTE ext0[] = { 0x30,0x00 };
1897 static const BYTE ext1[] = { 0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
1898 0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
1899 static const BYTE ext2[] = { 0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x04,
1900 0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
1902 static const struct encodedExtensions exts[] = {
1903 { { 0, NULL }, ext0 },
1904 { { 1, &criticalExt }, ext1 },
1905 { { 1, &nonCriticalExt }, ext2 },
1908 static void test_encodeExtensions(DWORD dwEncoding)
1912 for (i = 0; i < sizeof(exts) / sizeof(exts[i]); i++)
1918 ret = CryptEncodeObjectEx(dwEncoding, X509_EXTENSIONS, &exts[i].exts,
1919 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1920 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
1923 ok(bufSize == exts[i].encoded[1] + 2,
1924 "Expected %d bytes, got %ld\n", exts[i].encoded[1] + 2, bufSize);
1925 ok(!memcmp(buf, exts[i].encoded, exts[i].encoded[1] + 2),
1926 "Unexpected value\n");
1932 static void test_decodeExtensions(DWORD dwEncoding)
1936 for (i = 0; i < sizeof(exts) / sizeof(exts[i]); i++)
1942 ret = CryptDecodeObjectEx(dwEncoding, X509_EXTENSIONS,
1943 exts[i].encoded, exts[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
1944 NULL, (BYTE *)&buf, &bufSize);
1945 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
1948 CERT_EXTENSIONS *ext = (CERT_EXTENSIONS *)buf;
1951 ok(ext->cExtension == exts[i].exts.cExtension,
1952 "Expected %ld extensions, see %ld\n", exts[i].exts.cExtension,
1954 for (j = 0; j < min(ext->cExtension, exts[i].exts.cExtension); j++)
1956 ok(!strcmp(ext->rgExtension[j].pszObjId,
1957 exts[i].exts.rgExtension[j].pszObjId),
1958 "Expected OID %s, got %s\n",
1959 exts[i].exts.rgExtension[j].pszObjId,
1960 ext->rgExtension[j].pszObjId);
1961 ok(!memcmp(ext->rgExtension[j].Value.pbData,
1962 exts[i].exts.rgExtension[j].Value.pbData,
1963 exts[i].exts.rgExtension[j].Value.cbData),
1964 "Unexpected value\n");
1971 /* MS encodes public key info with a NULL if the algorithm identifier's
1972 * parameters are empty. However, when encoding an algorithm in a CERT_INFO,
1973 * it encodes them by omitting the algorithm parameters. This latter approach
1974 * seems more correct, so accept either form.
1976 struct encodedPublicKey
1978 CERT_PUBLIC_KEY_INFO info;
1979 const BYTE *encoded;
1980 const BYTE *encodedNoNull;
1981 CERT_PUBLIC_KEY_INFO decoded;
1984 static const BYTE aKey[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd,
1986 static const BYTE params[] = { 0x02, 0x01, 0x01 };
1988 static const unsigned char bin64[] = {
1989 0x30,0x0b,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x03,0x01,0x00,0};
1990 static const unsigned char bin65[] = {
1991 0x30,0x09,0x30,0x04,0x06,0x02,0x2a,0x03,0x03,0x01,0x00,0};
1992 static const unsigned char bin66[] = {
1993 0x30,0x0f,0x30,0x0a,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x05,0x00,0x03,0x01,0x00,0};
1994 static const unsigned char bin67[] = {
1995 0x30,0x0d,0x30,0x08,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x03,0x01,0x00,0};
1996 static const unsigned char bin68[] = {
1997 0x30,0x1f,0x30,0x0a,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x05,0x00,0x03,0x11,0x00,0x00,0x01,
1998 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0};
1999 static const unsigned char bin69[] = {
2000 0x30,0x1d,0x30,0x08,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x03,0x11,0x00,0x00,0x01,
2001 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0};
2002 static const unsigned char bin70[] = {
2003 0x30,0x20,0x30,0x0b,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x01,0x01,
2004 0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,
2006 static const unsigned char bin71[] = {
2007 0x30,0x20,0x30,0x0b,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x01,0x01,
2008 0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,
2010 static unsigned char bin72[] = { 0x05,0x00,0};
2012 static const struct encodedPublicKey pubKeys[] = {
2013 /* with a bogus OID */
2014 { { { "1.2.3", { 0, NULL } }, { 0, NULL, 0 } },
2016 { { "1.2.3", { 2, bin72 } }, { 0, NULL, 0 } } },
2017 /* some normal keys */
2018 { { { szOID_RSA, { 0, NULL } }, { 0, NULL, 0} },
2020 { { szOID_RSA, { 2, bin72 } }, { 0, NULL, 0 } } },
2021 { { { szOID_RSA, { 0, NULL } }, { sizeof(aKey), (BYTE *)aKey, 0} },
2023 { { szOID_RSA, { 2, bin72 } }, { sizeof(aKey), (BYTE *)aKey, 0} } },
2024 /* with add'l parameters--note they must be DER-encoded */
2025 { { { szOID_RSA, { sizeof(params), (BYTE *)params } }, { sizeof(aKey),
2026 (BYTE *)aKey, 0 } },
2028 { { szOID_RSA, { sizeof(params), (BYTE *)params } }, { sizeof(aKey),
2029 (BYTE *)aKey, 0 } } },
2032 static void test_encodePublicKeyInfo(DWORD dwEncoding)
2036 for (i = 0; i < sizeof(pubKeys) / sizeof(pubKeys[0]); i++)
2042 ret = CryptEncodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2043 &pubKeys[i].info, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
2045 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2048 ok(bufSize == pubKeys[i].encoded[1] + 2 ||
2049 bufSize == pubKeys[i].encodedNoNull[1] + 2,
2050 "Expected %d or %d bytes, got %ld\n", pubKeys[i].encoded[1] + 2,
2051 pubKeys[i].encodedNoNull[1] + 2, bufSize);
2052 if (bufSize == pubKeys[i].encoded[1] + 2)
2053 ok(!memcmp(buf, pubKeys[i].encoded, pubKeys[i].encoded[1] + 2),
2054 "Unexpected value\n");
2055 else if (bufSize == pubKeys[i].encodedNoNull[1] + 2)
2056 ok(!memcmp(buf, pubKeys[i].encodedNoNull,
2057 pubKeys[i].encodedNoNull[1] + 2), "Unexpected value\n");
2063 static void comparePublicKeyInfo(const CERT_PUBLIC_KEY_INFO *expected,
2064 const CERT_PUBLIC_KEY_INFO *got)
2066 ok(!strcmp(expected->Algorithm.pszObjId, got->Algorithm.pszObjId),
2067 "Expected OID %s, got %s\n", expected->Algorithm.pszObjId,
2068 got->Algorithm.pszObjId);
2069 ok(expected->Algorithm.Parameters.cbData ==
2070 got->Algorithm.Parameters.cbData,
2071 "Expected parameters of %ld bytes, got %ld\n",
2072 expected->Algorithm.Parameters.cbData, got->Algorithm.Parameters.cbData);
2073 if (expected->Algorithm.Parameters.cbData)
2074 ok(!memcmp(expected->Algorithm.Parameters.pbData,
2075 got->Algorithm.Parameters.pbData, got->Algorithm.Parameters.cbData),
2076 "Unexpected algorithm parameters\n");
2077 ok(expected->PublicKey.cbData == got->PublicKey.cbData,
2078 "Expected public key of %ld bytes, got %ld\n",
2079 expected->PublicKey.cbData, got->PublicKey.cbData);
2080 if (expected->PublicKey.cbData)
2081 ok(!memcmp(expected->PublicKey.pbData, got->PublicKey.pbData,
2082 got->PublicKey.cbData), "Unexpected public key value\n");
2085 static void test_decodePublicKeyInfo(DWORD dwEncoding)
2087 static const BYTE bogusPubKeyInfo[] =
2088 "\x30\x22\x30\x0d\x06\x06\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x01\x01"
2089 "\x03\x11\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e"
2096 for (i = 0; i < sizeof(pubKeys) / sizeof(pubKeys[0]); i++)
2098 /* The NULL form decodes to the decoded member */
2099 ret = CryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2100 pubKeys[i].encoded, pubKeys[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2101 NULL, (BYTE *)&buf, &bufSize);
2102 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
2105 comparePublicKeyInfo(&pubKeys[i].decoded,
2106 (CERT_PUBLIC_KEY_INFO *)buf);
2109 /* The non-NULL form decodes to the original */
2110 ret = CryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2111 pubKeys[i].encodedNoNull, pubKeys[i].encodedNoNull[1] + 2,
2112 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2113 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
2116 comparePublicKeyInfo(&pubKeys[i].info, (CERT_PUBLIC_KEY_INFO *)buf);
2120 /* Test with bogus (not valid DER) parameters */
2121 ret = CryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2122 bogusPubKeyInfo, bogusPubKeyInfo[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2123 NULL, (BYTE *)&buf, &bufSize);
2124 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
2125 "Expected CRYPT_E_ASN1_CORRUPT, got %08lx\n", GetLastError());
2128 static const BYTE v1Cert[] = { 0x30, 0x33, 0x02, 0x00, 0x30, 0x02, 0x06, 0x00,
2129 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
2130 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30,
2131 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x07, 0x30,
2132 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
2133 static const BYTE v2Cert[] = { 0x30, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x01, 0x02,
2134 0x00, 0x30, 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
2135 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f,
2136 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
2137 0x30, 0x5a, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
2138 static const BYTE v3Cert[] = { 0x30, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
2139 0x00, 0x30, 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
2140 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f,
2141 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
2142 0x30, 0x5a, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
2143 static const BYTE v1CertWithConstraints[] = { 0x30, 0x4b, 0x02, 0x00, 0x30,
2144 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31,
2145 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36,
2146 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
2147 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14,
2148 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
2149 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
2150 static const BYTE v1CertWithSerial[] = { 0x30, 0x4c, 0x02, 0x01, 0x01, 0x30,
2151 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31,
2152 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36,
2153 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
2154 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14,
2155 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
2156 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
2157 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
2158 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
2159 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
2160 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
2161 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
2162 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
2163 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
2164 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
2165 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
2166 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
2168 /* This is the encoded form of the printable string "Juan Lang" */
2169 static const BYTE encodedCommonName[] = { 0x30, 0x15, 0x31, 0x13, 0x30, 0x11,
2170 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c,
2171 0x61, 0x6e, 0x67, 0x00 };
2172 static const BYTE serialNum[] = { 0x01 };
2174 static void test_encodeCertToBeSigned(DWORD dwEncoding)
2179 CERT_INFO info = { 0 };
2181 /* Test with NULL pvStructInfo */
2182 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL,
2183 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2184 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
2185 "Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
2186 /* Test with a V1 cert */
2187 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2188 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2189 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2192 ok(size == v1Cert[1] + 2, "Expected size %d, got %ld\n",
2193 v1Cert[1] + 2, size);
2194 ok(!memcmp(buf, v1Cert, size), "Got unexpected value\n");
2198 info.dwVersion = CERT_V2;
2199 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2200 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2201 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2204 ok(size == sizeof(v2Cert), "Expected size %d, got %ld\n",
2205 sizeof(v2Cert), size);
2206 ok(!memcmp(buf, v2Cert, size), "Got unexpected value\n");
2210 info.dwVersion = CERT_V3;
2211 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2212 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2213 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2216 ok(size == sizeof(v3Cert), "Expected size %d, got %ld\n",
2217 sizeof(v3Cert), size);
2218 ok(!memcmp(buf, v3Cert, size), "Got unexpected value\n");
2221 /* see if a V1 cert can have basic constraints set (RFC3280 says no, but
2222 * API doesn't prevent it)
2224 info.dwVersion = CERT_V1;
2225 info.cExtension = 1;
2226 info.rgExtension = &criticalExt;
2227 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2228 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2229 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2232 ok(size == sizeof(v1CertWithConstraints), "Expected size %d, got %ld\n",
2233 sizeof(v1CertWithConstraints), size);
2234 ok(!memcmp(buf, v1CertWithConstraints, size), "Got unexpected value\n");
2237 /* test v1 cert with a serial number */
2238 info.SerialNumber.cbData = sizeof(serialNum);
2239 info.SerialNumber.pbData = (BYTE *)serialNum;
2240 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2241 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2244 ok(size == sizeof(v1CertWithSerial), "Expected size %d, got %ld\n",
2245 sizeof(v1CertWithSerial), size);
2246 ok(!memcmp(buf, v1CertWithSerial, size), "Got unexpected value\n");
2249 /* Test v1 cert with an issuer name, a subject name, and a serial number */
2250 info.Issuer.cbData = sizeof(encodedCommonName);
2251 info.Issuer.pbData = (BYTE *)encodedCommonName;
2252 info.Subject.cbData = sizeof(encodedCommonName);
2253 info.Subject.pbData = (BYTE *)encodedCommonName;
2254 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2255 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2258 ok(size == sizeof(bigCert), "Expected size %d, got %ld\n",
2259 sizeof(bigCert), size);
2260 ok(!memcmp(buf, bigCert, size), "Got unexpected value\n");
2263 /* for now, I let more interesting tests be done for each subcomponent,
2264 * rather than retesting them all here.
2268 static void test_decodeCertToBeSigned(DWORD dwEncoding)
2270 static const BYTE *corruptCerts[] = { v1Cert, v2Cert, v3Cert,
2271 v1CertWithConstraints, v1CertWithSerial };
2276 /* Test with NULL pbEncoded */
2277 ret = CryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL, 0,
2278 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2279 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
2280 "Expected CRYPT_E_ASN1_EOD, got %08lx\n", GetLastError());
2281 ret = CryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL, 1,
2282 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2283 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
2284 "Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
2285 /* The following certs all fail with CRYPT_E_ASN1_CORRUPT, because at a
2286 * minimum a cert must have a non-zero serial number, an issuer, and a
2289 for (i = 0; i < sizeof(corruptCerts) / sizeof(corruptCerts[0]); i++)
2291 ret = CryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
2292 corruptCerts[i], corruptCerts[i][1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
2293 (BYTE *)&buf, &size);
2294 ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT),
2295 "Expected CRYPT_E_ASN1_CORRUPT, got %08lx\n", GetLastError());
2297 /* Now check with serial number, subject and issuer specified */
2298 ret = CryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, bigCert,
2299 sizeof(bigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2300 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
2303 CERT_INFO *info = (CERT_INFO *)buf;
2305 ok(size >= sizeof(CERT_INFO), "Expected size at least %d, got %ld\n",
2306 sizeof(CERT_INFO), size);
2307 ok(info->SerialNumber.cbData == 1,
2308 "Expected serial number size 1, got %ld\n", info->SerialNumber.cbData);
2309 ok(*info->SerialNumber.pbData == *serialNum,
2310 "Expected serial number %d, got %d\n", *serialNum,
2311 *info->SerialNumber.pbData);
2312 ok(info->Issuer.cbData == sizeof(encodedCommonName),
2313 "Expected issuer of %d bytes, got %ld\n", sizeof(encodedCommonName),
2314 info->Issuer.cbData);
2315 ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
2316 "Unexpected issuer\n");
2317 ok(info->Subject.cbData == sizeof(encodedCommonName),
2318 "Expected subject of %d bytes, got %ld\n", sizeof(encodedCommonName),
2319 info->Subject.cbData);
2320 ok(!memcmp(info->Subject.pbData, encodedCommonName,
2321 info->Subject.cbData), "Unexpected subject\n");
2326 static const BYTE hash[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd,
2329 static const BYTE signedBigCert[] = {
2330 0x30, 0x81, 0x93, 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06, 0x00, 0x30,
2331 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
2332 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f,
2333 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
2334 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
2335 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
2336 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61,
2337 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3,
2338 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
2339 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
2340 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 0x07,
2341 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
2343 static void test_encodeCert(DWORD dwEncoding)
2345 /* Note the SignatureAlgorithm must match that in the encoded cert. Note
2346 * also that bigCert is a NULL-terminated string, so don't count its
2347 * last byte (otherwise the signed cert won't decode.)
2349 CERT_SIGNED_CONTENT_INFO info = { { sizeof(bigCert), (BYTE *)bigCert },
2350 { NULL, { 0, NULL } }, { sizeof(hash), (BYTE *)hash, 0 } };
2355 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT, &info,
2356 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2357 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2360 ok(bufSize == sizeof(signedBigCert), "Expected size %d, got %ld\n",
2361 sizeof(signedBigCert), bufSize);
2362 ok(!memcmp(buf, signedBigCert, bufSize), "Unexpected cert\n");
2367 static void test_decodeCert(DWORD dwEncoding)
2373 ret = CryptDecodeObjectEx(dwEncoding, X509_CERT, signedBigCert,
2374 sizeof(signedBigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2375 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
2378 CERT_SIGNED_CONTENT_INFO *info = (CERT_SIGNED_CONTENT_INFO *)buf;
2380 ok(info->ToBeSigned.cbData == sizeof(bigCert),
2381 "Expected cert to be %d bytes, got %ld\n", sizeof(bigCert),
2382 info->ToBeSigned.cbData);
2383 ok(!memcmp(info->ToBeSigned.pbData, bigCert, info->ToBeSigned.cbData),
2384 "Unexpected cert\n");
2385 ok(info->Signature.cbData == sizeof(hash),
2386 "Expected signature size %d, got %ld\n", sizeof(hash),
2387 info->Signature.cbData);
2388 ok(!memcmp(info->Signature.pbData, hash, info->Signature.cbData),
2389 "Unexpected signature\n");
2394 static const BYTE emptyDistPoint[] = { 0x30, 0x02, 0x30, 0x00 };
2395 static const BYTE distPointWithUrl[] = { 0x30, 0x19, 0x30, 0x17, 0xa0, 0x15,
2396 0xa0, 0x13, 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69,
2397 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
2398 static const BYTE distPointWithReason[] = { 0x30, 0x06, 0x30, 0x04, 0x81, 0x02,
2400 static const BYTE distPointWithIssuer[] = { 0x30, 0x17, 0x30, 0x15, 0xa2, 0x13,
2401 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65,
2402 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
2403 static const BYTE distPointWithUrlAndIssuer[] = { 0x30, 0x2e, 0x30, 0x2c, 0xa0,
2404 0x15, 0xa0, 0x13, 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77,
2405 0x69, 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67, 0xa2, 0x13, 0x86, 0x11,
2406 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71,
2407 0x2e, 0x6f, 0x72, 0x67 };
2408 static const BYTE crlReason = CRL_REASON_KEY_COMPROMISE |
2409 CRL_REASON_AFFILIATION_CHANGED;
2411 static void test_encodeCRLDistPoints(DWORD dwEncoding)
2413 CRL_DIST_POINTS_INFO info = { 0 };
2414 CRL_DIST_POINT point = { { 0 } };
2415 CERT_ALT_NAME_ENTRY entry = { 0 };
2420 /* Test with an empty info */
2421 ret = CryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
2422 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2423 ok(!ret && GetLastError() == HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER),
2424 "Expected HRESULT_FROM_WIN32(ERROR_INVALID_PARAMETER), got %08lx\n",
2426 /* Test with one empty dist point */
2427 info.cDistPoint = 1;
2428 info.rgDistPoint = &point;
2429 ret = CryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
2430 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2433 ok(size == sizeof(emptyDistPoint), "Expected size %d, got %ld\n",
2434 sizeof(emptyDistPoint), size);
2435 ok(!memcmp(buf, emptyDistPoint, size), "Unexpected value\n");
2438 /* A dist point with an invalid name */
2439 point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
2440 entry.dwAltNameChoice = CERT_ALT_NAME_URL;
2441 U(entry).pwszURL = (LPWSTR)nihongoURL;
2442 U(point.DistPointName).FullName.cAltEntry = 1;
2443 U(point.DistPointName).FullName.rgAltEntry = &entry;
2444 ret = CryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
2445 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2446 ok(!ret && GetLastError() == CRYPT_E_INVALID_IA5_STRING,
2447 "Expected CRYPT_E_INVALID_IA5_STRING, got %08lx\n", GetLastError());
2448 /* The first invalid character is at index 7 */
2449 ok(GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size) == 7,
2450 "Expected invalid char at index 7, got %ld\n",
2451 GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size));
2452 /* A dist point with (just) a valid name */
2453 U(entry).pwszURL = (LPWSTR)url;
2454 ret = CryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
2455 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2458 ok(size == sizeof(distPointWithUrl), "Expected size %d, got %ld\n",
2459 sizeof(distPointWithUrl), size);
2460 ok(!memcmp(buf, distPointWithUrl, size), "Unexpected value\n");
2463 /* A dist point with (just) reason flags */
2464 point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_NO_NAME;
2465 point.ReasonFlags.cbData = sizeof(crlReason);
2466 point.ReasonFlags.pbData = (LPBYTE)&crlReason;
2467 ret = CryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
2468 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2471 ok(size == sizeof(distPointWithReason), "Expected size %d, got %ld\n",
2472 sizeof(distPointWithReason), size);
2473 ok(!memcmp(buf, distPointWithReason, size), "Unexpected value\n");
2476 /* A dist point with just an issuer */
2477 point.ReasonFlags.cbData = 0;
2478 point.CRLIssuer.cAltEntry = 1;
2479 point.CRLIssuer.rgAltEntry = &entry;
2480 ret = CryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
2481 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2484 ok(size == sizeof(distPointWithIssuer), "Expected size %d, got %ld\n",
2485 sizeof(distPointWithIssuer), size);
2486 ok(!memcmp(buf, distPointWithIssuer, size), "Unexpected value\n");
2489 /* A dist point with both a name and an issuer */
2490 point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
2491 ret = CryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
2492 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2495 ok(size == sizeof(distPointWithUrlAndIssuer),
2496 "Expected size %d, got %ld\n", sizeof(distPointWithUrlAndIssuer),
2498 ok(!memcmp(buf, distPointWithUrlAndIssuer, size), "Unexpected value\n");
2503 static void test_decodeCRLDistPoints(DWORD dwEncoding)
2508 PCRL_DIST_POINTS_INFO info;
2509 PCRL_DIST_POINT point;
2510 PCERT_ALT_NAME_ENTRY entry;
2512 ret = CryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
2513 emptyDistPoint, emptyDistPoint[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
2514 (BYTE *)&buf, &size);
2517 info = (PCRL_DIST_POINTS_INFO)buf;
2518 ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
2519 "Expected size at least %d, got %ld\n",
2520 sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT), size);
2521 ok(info->cDistPoint == 1, "Expected 1 dist points, got %ld\n",
2523 point = info->rgDistPoint;
2524 ok(point->DistPointName.dwDistPointNameChoice == CRL_DIST_POINT_NO_NAME,
2525 "Expected CRL_DIST_POINT_NO_NAME, got %ld\n",
2526 point->DistPointName.dwDistPointNameChoice);
2527 ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
2528 ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
2531 ret = CryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
2532 distPointWithUrl, distPointWithUrl[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
2533 (BYTE *)&buf, &size);
2536 info = (PCRL_DIST_POINTS_INFO)buf;
2537 ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
2538 "Expected size at least %d, got %ld\n",
2539 sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT), size);
2540 ok(info->cDistPoint == 1, "Expected 1 dist points, got %ld\n",
2542 point = info->rgDistPoint;
2543 ok(point->DistPointName.dwDistPointNameChoice ==
2544 CRL_DIST_POINT_FULL_NAME,
2545 "Expected CRL_DIST_POINT_FULL_NAME, got %ld\n",
2546 point->DistPointName.dwDistPointNameChoice);
2547 ok(U(point->DistPointName).FullName.cAltEntry == 1,
2548 "Expected 1 name entry, got %ld\n",
2549 U(point->DistPointName).FullName.cAltEntry);
2550 entry = U(point->DistPointName).FullName.rgAltEntry;
2551 ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
2552 "Expected CERT_ALT_NAME_URL, got %ld\n", entry->dwAltNameChoice);
2553 ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
2554 ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
2555 ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
2558 ret = CryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
2559 distPointWithReason, distPointWithReason[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2560 NULL, (BYTE *)&buf, &size);
2563 info = (PCRL_DIST_POINTS_INFO)buf;
2564 ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
2565 "Expected size at least %d, got %ld\n",
2566 sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT), size);
2567 ok(info->cDistPoint == 1, "Expected 1 dist points, got %ld\n",
2569 point = info->rgDistPoint;
2570 ok(point->DistPointName.dwDistPointNameChoice ==
2571 CRL_DIST_POINT_NO_NAME,
2572 "Expected CRL_DIST_POINT_NO_NAME, got %ld\n",
2573 point->DistPointName.dwDistPointNameChoice);
2574 ok(point->ReasonFlags.cbData == sizeof(crlReason),
2575 "Expected reason length\n");
2576 ok(!memcmp(point->ReasonFlags.pbData, &crlReason, sizeof(crlReason)),
2577 "Unexpected reason\n");
2578 ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
2581 ret = CryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
2582 distPointWithUrlAndIssuer, distPointWithUrlAndIssuer[1] + 2,
2583 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2586 info = (PCRL_DIST_POINTS_INFO)buf;
2587 ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
2588 "Expected size at least %d, got %ld\n",
2589 sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT), size);
2590 ok(info->cDistPoint == 1, "Expected 1 dist points, got %ld\n",
2592 point = info->rgDistPoint;
2593 ok(point->DistPointName.dwDistPointNameChoice ==
2594 CRL_DIST_POINT_FULL_NAME,
2595 "Expected CRL_DIST_POINT_FULL_NAME, got %ld\n",
2596 point->DistPointName.dwDistPointNameChoice);
2597 ok(U(point->DistPointName).FullName.cAltEntry == 1,
2598 "Expected 1 name entry, got %ld\n",
2599 U(point->DistPointName).FullName.cAltEntry);
2600 entry = U(point->DistPointName).FullName.rgAltEntry;
2601 ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
2602 "Expected CERT_ALT_NAME_URL, got %ld\n", entry->dwAltNameChoice);
2603 ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
2604 ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
2605 ok(point->CRLIssuer.cAltEntry == 1,
2606 "Expected 1 issuer entry, got %ld\n", point->CRLIssuer.cAltEntry);
2607 entry = point->CRLIssuer.rgAltEntry;
2608 ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
2609 "Expected CERT_ALT_NAME_URL, got %ld\n", entry->dwAltNameChoice);
2610 ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
2615 static const BYTE v1CRL[] = { 0x30, 0x15, 0x30, 0x02, 0x06, 0x00, 0x18, 0x0f,
2616 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
2618 static const BYTE v2CRL[] = { 0x30, 0x18, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
2619 0x00, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30,
2620 0x30, 0x30, 0x30, 0x30, 0x5a };
2621 static const BYTE v1CRLWithIssuer[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
2622 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
2623 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
2624 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
2626 static const BYTE v1CRLWithIssuerAndEmptyEntry[] = { 0x30, 0x43, 0x30, 0x02,
2627 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
2628 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18,
2629 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30,
2630 0x30, 0x30, 0x5a, 0x30, 0x15, 0x30, 0x13, 0x02, 0x00, 0x18, 0x0f, 0x31, 0x36,
2631 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
2632 static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
2633 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
2634 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
2635 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
2636 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
2637 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
2638 static const BYTE v1CRLWithExt[] = { 0x30, 0x5a, 0x30, 0x02, 0x06, 0x00, 0x30,
2639 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
2640 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31, 0x36,
2641 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
2642 0x30, 0x2c, 0x30, 0x2a, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
2643 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x14,
2644 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
2645 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
2647 static void test_encodeCRLToBeSigned(DWORD dwEncoding)
2652 CRL_INFO info = { 0 };
2653 CRL_ENTRY entry = { { 0 }, { 0 }, 0, 0 };
2655 /* Test with a V1 CRL */
2656 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
2657 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2658 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2661 ok(size == sizeof(v1CRL), "Expected size %d, got %ld\n",
2662 sizeof(v1CRL), size);
2663 ok(!memcmp(buf, v1CRL, size), "Got unexpected value\n");
2667 info.dwVersion = CRL_V2;
2668 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
2669 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2670 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2673 ok(size == v2CRL[1] + 2, "Expected size %d, got %ld\n",
2674 v2CRL[1] + 2, size);
2675 ok(!memcmp(buf, v2CRL, size), "Got unexpected value\n");
2678 /* v1 CRL with a name */
2679 info.dwVersion = CRL_V1;
2680 info.Issuer.cbData = sizeof(encodedCommonName);
2681 info.Issuer.pbData = (BYTE *)encodedCommonName;
2682 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
2683 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2684 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2687 ok(size == sizeof(v1CRLWithIssuer), "Expected size %d, got %ld\n",
2688 sizeof(v1CRLWithIssuer), size);
2689 ok(!memcmp(buf, v1CRLWithIssuer, size), "Got unexpected value\n");
2692 /* v1 CRL with a name and a NULL entry pointer */
2694 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
2695 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2696 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
2697 "Expected STATUS_ACCESS_VIOLATION, got %08lx\n", GetLastError());
2698 /* now set an empty entry */
2699 info.rgCRLEntry = &entry;
2700 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
2701 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2704 ok(size == sizeof(v1CRLWithIssuerAndEmptyEntry),
2705 "Expected size %d, got %ld\n", sizeof(v1CRLWithIssuerAndEmptyEntry),
2707 ok(!memcmp(buf, v1CRLWithIssuerAndEmptyEntry, size),
2708 "Got unexpected value\n");
2711 /* an entry with a serial number */
2712 entry.SerialNumber.cbData = sizeof(serialNum);
2713 entry.SerialNumber.pbData = (BYTE *)serialNum;
2714 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
2715 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2718 ok(size == sizeof(v1CRLWithIssuerAndEntry),
2719 "Expected size %d, got %ld\n", sizeof(v1CRLWithIssuerAndEntry), size);
2720 ok(!memcmp(buf, v1CRLWithIssuerAndEntry, size),
2721 "Got unexpected value\n");
2724 /* and finally, an entry with an extension */
2725 entry.cExtension = 1;
2726 entry.rgExtension = &criticalExt;
2727 ret = CryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
2728 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2729 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2732 ok(size == sizeof(v1CRLWithExt), "Expected size %d, got %ld\n",
2733 sizeof(v1CRLWithExt), size);
2734 ok(!memcmp(buf, v1CRLWithExt, size), "Got unexpected value\n");
2739 static void test_decodeCRLToBeSigned(DWORD dwEncoding)
2741 static const BYTE *corruptCRLs[] = { v1CRL, v2CRL };
2746 for (i = 0; i < sizeof(corruptCRLs) / sizeof(corruptCRLs[0]); i++)
2748 ret = CryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
2749 corruptCRLs[i], corruptCRLs[i][1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
2750 (BYTE *)&buf, &size);
2751 ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT),
2752 "Expected CRYPT_E_ASN1_CORRUPT, got %08lx\n", GetLastError());
2754 /* at a minimum, a CRL must contain an issuer: */
2755 ret = CryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
2756 v1CRLWithIssuer, v1CRLWithIssuer[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
2757 (BYTE *)&buf, &size);
2758 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
2761 CRL_INFO *info = (CRL_INFO *)buf;
2763 ok(size >= sizeof(CRL_INFO), "Expected size at least %d, got %ld\n",
2764 sizeof(CRL_INFO), size);
2765 ok(info->cCRLEntry == 0, "Expected 0 CRL entries, got %ld\n",
2767 ok(info->Issuer.cbData == sizeof(encodedCommonName),
2768 "Expected issuer of %d bytes, got %ld\n", sizeof(encodedCommonName),
2769 info->Issuer.cbData);
2770 ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
2771 "Unexpected issuer\n");
2774 /* check decoding with an empty CRL entry */
2775 ret = CryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
2776 v1CRLWithIssuerAndEmptyEntry, v1CRLWithIssuerAndEmptyEntry[1] + 2,
2777 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2778 todo_wine ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
2779 "Expected CRYPT_E_ASN1_CORRUPT, got %08lx\n", GetLastError());
2780 /* with a real CRL entry */
2781 ret = CryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
2782 v1CRLWithIssuerAndEntry, v1CRLWithIssuerAndEntry[1] + 2,
2783 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2784 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
2787 CRL_INFO *info = (CRL_INFO *)buf;
2790 ok(size >= sizeof(CRL_INFO), "Expected size at least %d, got %ld\n",
2791 sizeof(CRL_INFO), size);
2792 ok(info->cCRLEntry == 1, "Expected 1 CRL entries, got %ld\n",
2794 ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
2795 entry = info->rgCRLEntry;
2796 ok(entry->SerialNumber.cbData == 1,
2797 "Expected serial number size 1, got %ld\n",
2798 entry->SerialNumber.cbData);
2799 ok(*entry->SerialNumber.pbData == *serialNum,
2800 "Expected serial number %d, got %d\n", *serialNum,
2801 *entry->SerialNumber.pbData);
2802 ok(info->Issuer.cbData == sizeof(encodedCommonName),
2803 "Expected issuer of %d bytes, got %ld\n", sizeof(encodedCommonName),
2804 info->Issuer.cbData);
2805 ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
2806 "Unexpected issuer\n");
2808 /* and finally, with an extension */
2809 ret = CryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
2810 v1CRLWithExt, sizeof(v1CRLWithExt), CRYPT_DECODE_ALLOC_FLAG,
2811 NULL, (BYTE *)&buf, &size);
2812 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
2815 CRL_INFO *info = (CRL_INFO *)buf;
2818 ok(size >= sizeof(CRL_INFO), "Expected size at least %d, got %ld\n",
2819 sizeof(CRL_INFO), size);
2820 ok(info->cCRLEntry == 1, "Expected 1 CRL entries, got %ld\n",
2822 ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
2823 entry = info->rgCRLEntry;
2824 ok(entry->SerialNumber.cbData == 1,
2825 "Expected serial number size 1, got %ld\n",
2826 entry->SerialNumber.cbData);
2827 ok(*entry->SerialNumber.pbData == *serialNum,
2828 "Expected serial number %d, got %d\n", *serialNum,
2829 *entry->SerialNumber.pbData);
2830 ok(info->Issuer.cbData == sizeof(encodedCommonName),
2831 "Expected issuer of %d bytes, got %ld\n", sizeof(encodedCommonName),
2832 info->Issuer.cbData);
2833 ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
2834 "Unexpected issuer\n");
2835 /* Oddly, the extensions don't seem to be decoded. Is this just an MS
2836 * bug, or am I missing something?
2838 ok(info->cExtension == 0, "Expected 0 extensions, got %ld\n",
2843 static const LPCSTR keyUsages[] = { szOID_PKIX_KP_CODE_SIGNING,
2844 szOID_PKIX_KP_CLIENT_AUTH, szOID_RSA_RSA };
2845 static const BYTE encodedUsage[] = {
2846 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03,
2847 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x09,
2848 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };
2850 static void test_encodeEnhancedKeyUsage(DWORD dwEncoding)
2855 CERT_ENHKEY_USAGE usage;
2857 /* Test with empty usage */
2858 usage.cUsageIdentifier = 0;
2859 ret = CryptEncodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE, &usage,
2860 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2861 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2864 ok(size == sizeof(emptySequence), "Expected size %d, got %ld\n",
2865 sizeof(emptySequence), size);
2866 ok(!memcmp(buf, emptySequence, size), "Got unexpected value\n");
2869 /* Test with a few usages */
2870 usage.cUsageIdentifier = sizeof(keyUsages) / sizeof(keyUsages[0]);
2871 usage.rgpszUsageIdentifier = (LPSTR *)keyUsages;
2872 ret = CryptEncodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE, &usage,
2873 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2874 ok(ret, "CryptEncodeObjectEx failed: %08lx\n", GetLastError());
2877 ok(size == sizeof(encodedUsage), "Expected size %d, got %ld\n",
2878 sizeof(encodedUsage), size);
2879 ok(!memcmp(buf, encodedUsage, size), "Got unexpected value\n");
2884 static void test_decodeEnhancedKeyUsage(DWORD dwEncoding)
2890 ret = CryptDecodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE,
2891 emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
2892 (BYTE *)&buf, &size);
2893 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
2896 CERT_ENHKEY_USAGE *usage = (CERT_ENHKEY_USAGE *)buf;
2898 ok(size >= sizeof(CERT_ENHKEY_USAGE),
2899 "Expected size at least %d, got %ld\n", sizeof(CERT_ENHKEY_USAGE),
2901 ok(usage->cUsageIdentifier == 0, "Expected 0 CRL entries, got %ld\n",
2902 usage->cUsageIdentifier);
2905 ret = CryptDecodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE,
2906 encodedUsage, sizeof(encodedUsage), CRYPT_DECODE_ALLOC_FLAG, NULL,
2907 (BYTE *)&buf, &size);
2908 ok(ret, "CryptDecodeObjectEx failed: %08lx\n", GetLastError());
2911 CERT_ENHKEY_USAGE *usage = (CERT_ENHKEY_USAGE *)buf;
2914 ok(size >= sizeof(CERT_ENHKEY_USAGE),
2915 "Expected size at least %d, got %ld\n", sizeof(CERT_ENHKEY_USAGE),
2917 ok(usage->cUsageIdentifier == sizeof(keyUsages) / sizeof(keyUsages[0]),
2918 "Expected %d CRL entries, got %ld\n",
2919 sizeof(keyUsages) / sizeof(keyUsages[0]),
2920 usage->cUsageIdentifier);
2921 for (i = 0; i < usage->cUsageIdentifier; i++)
2922 ok(!strcmp(usage->rgpszUsageIdentifier[i], keyUsages[i]),
2923 "Expected OID %s, got %s\n", keyUsages[i],
2924 usage->rgpszUsageIdentifier[i]);
2929 /* Free *pInfo with HeapFree */
2930 static void testExportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO *pInfo)
2937 ret = CryptExportPublicKeyInfoEx(0, 0, 0, NULL, 0, NULL, NULL, NULL);
2939 ret = CryptExportPublicKeyInfoEx(0, 0, 0, NULL, 0, NULL, NULL, &size);
2940 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2941 "Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
2942 ret = CryptExportPublicKeyInfoEx(0, AT_SIGNATURE, 0, NULL, 0, NULL, NULL,
2944 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2945 "Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
2946 ret = CryptExportPublicKeyInfoEx(0, 0, X509_ASN_ENCODING, NULL, 0, NULL,
2948 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2949 "Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
2950 ret = CryptExportPublicKeyInfoEx(0, AT_SIGNATURE, X509_ASN_ENCODING, NULL,
2951 0, NULL, NULL, &size);
2952 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
2953 "Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
2954 /* Test with no key */
2955 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING, NULL,
2956 0, NULL, NULL, &size);
2957 ok(!ret && GetLastError() == NTE_NO_KEY, "Expected NTE_NO_KEY, got %08lx\n",
2959 ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
2960 ok(ret, "CryptGenKey failed: %08lx\n", GetLastError());
2963 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
2964 NULL, 0, NULL, NULL, &size);
2965 ok(ret, "CryptExportPublicKeyInfoEx failed: %08lx\n", GetLastError());
2966 *pInfo = HeapAlloc(GetProcessHeap(), 0, size);
2969 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
2970 X509_ASN_ENCODING, NULL, 0, NULL, *pInfo, &size);
2971 ok(ret, "CryptExportPublicKeyInfoEx failed: %08lx\n",
2975 /* By default (we passed NULL as the OID) the OID is
2978 ok(!strcmp((*pInfo)->Algorithm.pszObjId, szOID_RSA_RSA),
2979 "Expected %s, got %s\n", szOID_RSA_RSA,
2980 (*pInfo)->Algorithm.pszObjId);
2986 static void testImportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO info)
2992 ret = CryptImportPublicKeyInfoEx(0, 0, NULL, 0, 0, NULL, NULL);
2993 ret = CryptImportPublicKeyInfoEx(0, 0, NULL, 0, 0, NULL, &key);
2994 ret = CryptImportPublicKeyInfoEx(0, 0, info, 0, 0, NULL, NULL);
2995 ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, 0, 0, NULL,
2998 ret = CryptImportPublicKeyInfoEx(0, 0, info, 0, 0, NULL, &key);
2999 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
3000 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
3001 ret = CryptImportPublicKeyInfoEx(csp, 0, info, 0, 0, NULL, &key);
3002 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
3003 "Expected ERROR_FILE_NOT_FOUND, got %08lx\n", GetLastError());
3004 ret = CryptImportPublicKeyInfoEx(0, X509_ASN_ENCODING, info, 0, 0, NULL,
3006 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
3007 "Expected ERROR_INVALID_PARAMETER, got %08lx\n", GetLastError());
3008 ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, 0, 0, NULL,
3010 ok(ret, "CryptImportPublicKeyInfoEx failed: %08lx\n", GetLastError());
3011 CryptDestroyKey(key);
3014 static const char cspName[] = "WineCryptTemp";
3016 static void testPortPublicKeyInfo(void)
3020 PCERT_PUBLIC_KEY_INFO info = NULL;
3022 /* Just in case a previous run failed, delete this thing */
3023 CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
3024 CRYPT_DELETEKEYSET);
3025 ret = CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
3028 testExportPublicKey(csp, &info);
3029 testImportPublicKey(csp, info);
3031 HeapFree(GetProcessHeap(), 0, info);
3032 CryptReleaseContext(csp, 0);
3033 ret = CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
3034 CRYPT_DELETEKEYSET);
3039 static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING,
3040 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING };
3043 for (i = 0; i < sizeof(encodings) / sizeof(encodings[0]); i++)
3045 test_encodeInt(encodings[i]);
3046 test_decodeInt(encodings[i]);
3047 test_encodeEnumerated(encodings[i]);
3048 test_decodeEnumerated(encodings[i]);
3049 test_encodeFiletime(encodings[i]);
3050 test_decodeFiletime(encodings[i]);
3051 test_encodeName(encodings[i]);
3052 test_decodeName(encodings[i]);
3053 test_encodeAltName(encodings[i]);
3054 test_decodeAltName(encodings[i]);
3055 test_encodeOctets(encodings[i]);
3056 test_decodeOctets(encodings[i]);
3057 test_encodeBits(encodings[i]);
3058 test_decodeBits(encodings[i]);
3059 test_encodeBasicConstraints(encodings[i]);
3060 test_decodeBasicConstraints(encodings[i]);
3061 test_encodeRsaPublicKey(encodings[i]);
3062 test_decodeRsaPublicKey(encodings[i]);
3063 test_encodeSequenceOfAny(encodings[i]);
3064 test_decodeSequenceOfAny(encodings[i]);
3065 test_encodeExtensions(encodings[i]);
3066 test_decodeExtensions(encodings[i]);
3067 test_encodePublicKeyInfo(encodings[i]);
3068 test_decodePublicKeyInfo(encodings[i]);
3069 test_encodeCertToBeSigned(encodings[i]);
3070 test_decodeCertToBeSigned(encodings[i]);
3071 test_encodeCert(encodings[i]);
3072 test_decodeCert(encodings[i]);
3073 test_encodeCRLDistPoints(encodings[i]);
3074 test_decodeCRLDistPoints(encodings[i]);
3075 test_encodeCRLToBeSigned(encodings[i]);
3076 test_decodeCRLToBeSigned(encodings[i]);
3077 test_encodeEnhancedKeyUsage(encodings[i]);
3078 test_decodeEnhancedKeyUsage(encodings[i]);
3080 testPortPublicKeyInfo();
projects / wine / blob