search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
push e8d2f3f1a5d20911a70f6477421a6c3dacf00760
[wine/hacks.git] / dlls / crypt32 / tests / encode.c
blob918f0f069e4bcd23eee4d4ffde81e26b4ba159e6
1 /*
2 * Unit test suite for crypt32.dll's CryptEncodeObjectEx/CryptDecodeObjectEx
3 *
4 * Copyright 2005 Juan Lang
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20 #include <stdio.h>
21 #include <stdarg.h>
22 #include <windef.h>
23 #include <winbase.h>
24 #include <winerror.h>
25 #include <wincrypt.h>
26
27 #include "wine/test.h"
28
29
30 static BOOL (WINAPI *pCryptDecodeObjectEx)(DWORD,LPCSTR,const BYTE*,DWORD,DWORD,PCRYPT_DECODE_PARA,void*,DWORD*);
31 static BOOL (WINAPI *pCryptEncodeObjectEx)(DWORD,LPCSTR,const void*,DWORD,PCRYPT_ENCODE_PARA,void*,DWORD*);
32
33 struct encodedInt
34 {
35 int val;
36 const BYTE *encoded;
37 };
38
39 static const BYTE bin1[] = {0x02,0x01,0x01};
40 static const BYTE bin2[] = {0x02,0x01,0x7f};
41 static const BYTE bin3[] = {0x02,0x02,0x00,0x80};
42 static const BYTE bin4[] = {0x02,0x02,0x01,0x00};
43 static const BYTE bin5[] = {0x02,0x01,0x80};
44 static const BYTE bin6[] = {0x02,0x02,0xff,0x7f};
45 static const BYTE bin7[] = {0x02,0x04,0xba,0xdd,0xf0,0x0d};
46
47 static const struct encodedInt ints[] = {
48 { 1, bin1 },
49 { 127, bin2 },
50 { 128, bin3 },
51 { 256, bin4 },
52 { -128, bin5 },
53 { -129, bin6 },
54 { 0xbaddf00d, bin7 },
55 };
56
57 struct encodedBigInt
58 {
59 const BYTE *val;
60 const BYTE *encoded;
61 const BYTE *decoded;
62 };
63
64 static const BYTE bin8[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
65 static const BYTE bin9[] = {0x02,0x0a,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0};
66 static const BYTE bin10[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
67
68 static const BYTE bin11[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0xff,0};
69 static const BYTE bin12[] = {0x02,0x09,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
70 static const BYTE bin13[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0};
71
72 static const struct encodedBigInt bigInts[] = {
73 { bin8, bin9, bin10 },
74 { bin11, bin12, bin13 },
75 };
76
77 static const BYTE bin14[] = {0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
78 static const BYTE bin15[] = {0x02,0x0a,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0};
79 static const BYTE bin16[] = {0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0xff,0xff,0xff,0};
80 static const BYTE bin17[] = {0x02,0x0c,0x00,0xff,0xff,0xff,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0};
81
82 /* Decoded is the same as original, so don't bother storing a separate copy */
83 static const struct encodedBigInt bigUInts[] = {
84 { bin14, bin15, NULL },
85 { bin16, bin17, NULL },
86 };
87
88 static void test_encodeInt(DWORD dwEncoding)
89 {
90 DWORD bufSize = 0;
91 int i;
92 BOOL ret;
93 CRYPT_INTEGER_BLOB blob;
94 BYTE *buf = NULL;
95
96 /* CryptEncodeObjectEx with NULL bufSize crashes..
97 ret = pCryptEncodeObjectEx(3, X509_INTEGER, &ints[0].val, 0, NULL, NULL,
98 NULL);
99 */
100 /* check bogus encoding */
101 ret = pCryptEncodeObjectEx(0, X509_INTEGER, &ints[0].val, 0, NULL, NULL,
102 &bufSize);
103 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
104 "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
105 /* check with NULL integer buffer. Windows XP incorrectly returns an
106 * NTSTATUS.
107 */
108 ret = pCryptEncodeObjectEx(dwEncoding, X509_INTEGER, NULL, 0, NULL, NULL,
109 &bufSize);
110 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
111 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
112 for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
113 {
114 /* encode as normal integer */
115 ret = pCryptEncodeObjectEx(dwEncoding, X509_INTEGER, &ints[i].val, 0,
116 NULL, NULL, &bufSize);
117 ok(ret, "Expected success, got %d\n", GetLastError());
118 ret = pCryptEncodeObjectEx(dwEncoding, X509_INTEGER, &ints[i].val,
119 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
120 ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
121 if (buf)
122 {
123 ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
124 buf[0]);
125 ok(buf[1] == ints[i].encoded[1], "Got length %d, expected %d\n",
126 buf[1], ints[i].encoded[1]);
127 ok(!memcmp(buf + 1, ints[i].encoded + 1, ints[i].encoded[1] + 1),
128 "Encoded value of 0x%08x didn't match expected\n", ints[i].val);
129 LocalFree(buf);
130 }
131 /* encode as multibyte integer */
132 blob.cbData = sizeof(ints[i].val);
133 blob.pbData = (BYTE *)&ints[i].val;
134 ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
135 0, NULL, NULL, &bufSize);
136 ok(ret, "Expected success, got %d\n", GetLastError());
137 ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
138 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
139 ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
140 if (buf)
141 {
142 ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
143 buf[0]);
144 ok(buf[1] == ints[i].encoded[1], "Got length %d, expected %d\n",
145 buf[1], ints[i].encoded[1]);
146 ok(!memcmp(buf + 1, ints[i].encoded + 1, ints[i].encoded[1] + 1),
147 "Encoded value of 0x%08x didn't match expected\n", ints[i].val);
148 LocalFree(buf);
149 }
150 }
151 /* encode a couple bigger ints, just to show it's little-endian and leading
152 * sign bytes are dropped
153 */
154 for (i = 0; i < sizeof(bigInts) / sizeof(bigInts[0]); i++)
155 {
156 blob.cbData = strlen((const char*)bigInts[i].val);
157 blob.pbData = (BYTE *)bigInts[i].val;
158 ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
159 0, NULL, NULL, &bufSize);
160 ok(ret, "Expected success, got %d\n", GetLastError());
161 ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, &blob,
162 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
163 ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
164 if (buf)
165 {
166 ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
167 buf[0]);
168 ok(buf[1] == bigInts[i].encoded[1], "Got length %d, expected %d\n",
169 buf[1], bigInts[i].encoded[1]);
170 ok(!memcmp(buf + 1, bigInts[i].encoded + 1,
171 bigInts[i].encoded[1] + 1),
172 "Encoded value didn't match expected\n");
173 LocalFree(buf);
174 }
175 }
176 /* and, encode some uints */
177 for (i = 0; i < sizeof(bigUInts) / sizeof(bigUInts[0]); i++)
178 {
179 blob.cbData = strlen((const char*)bigUInts[i].val);
180 blob.pbData = (BYTE*)bigUInts[i].val;
181 ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT, &blob,
182 0, NULL, NULL, &bufSize);
183 ok(ret, "Expected success, got %d\n", GetLastError());
184 ret = pCryptEncodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT, &blob,
185 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
186 ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
187 if (buf)
188 {
189 ok(buf[0] == 2, "Got unexpected type %d for integer (expected 2)\n",
190 buf[0]);
191 ok(buf[1] == bigUInts[i].encoded[1], "Got length %d, expected %d\n",
192 buf[1], bigUInts[i].encoded[1]);
193 ok(!memcmp(buf + 1, bigUInts[i].encoded + 1,
194 bigUInts[i].encoded[1] + 1),
195 "Encoded value didn't match expected\n");
196 LocalFree(buf);
197 }
198 }
199 }
200
201 static void test_decodeInt(DWORD dwEncoding)
202 {
203 static const BYTE bigInt[] = { 2, 5, 0xff, 0xfe, 0xff, 0xfe, 0xff };
204 static const BYTE testStr[] = { 0x16, 4, 't', 'e', 's', 't' };
205 static const BYTE longForm[] = { 2, 0x81, 0x01, 0x01 };
206 static const BYTE bigBogus[] = { 0x02, 0x84, 0x01, 0xff, 0xff, 0xf9 };
207 static const BYTE extraBytes[] = { 2, 1, 1, 0, 0, 0, 0 };
208 BYTE *buf = NULL;
209 DWORD bufSize = 0;
210 int i;
211 BOOL ret;
212
213 /* CryptDecodeObjectEx with NULL bufSize crashes..
214 ret = pCryptDecodeObjectEx(3, X509_INTEGER, &ints[0].encoded,
215 ints[0].encoded[1] + 2, 0, NULL, NULL, NULL);
216 */
217 /* check bogus encoding */
218 ret = pCryptDecodeObjectEx(3, X509_INTEGER, (BYTE *)&ints[0].encoded,
219 ints[0].encoded[1] + 2, 0, NULL, NULL, &bufSize);
220 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
221 "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
222 /* check with NULL integer buffer */
223 ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, NULL, 0, 0, NULL, NULL,
224 &bufSize);
225 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
226 "Expected CRYPT_E_ASN1_EOD, got %08x\n", GetLastError());
227 /* check with a valid, but too large, integer */
228 ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, bigInt, bigInt[1] + 2,
229 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
230 ok(!ret && GetLastError() == CRYPT_E_ASN1_LARGE,
231 "Expected CRYPT_E_ASN1_LARGE, got %d\n", GetLastError());
232 /* check with a DER-encoded string */
233 ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, testStr, testStr[1] + 2,
234 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
235 ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
236 "Expected CRYPT_E_ASN1_BADTAG, got %d\n", GetLastError());
237 for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
238 {
239 /* When the output buffer is NULL, this always succeeds */
240 SetLastError(0xdeadbeef);
241 ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER,
242 ints[i].encoded, ints[i].encoded[1] + 2, 0, NULL, NULL,
243 &bufSize);
244 ok(ret && GetLastError() == NOERROR,
245 "Expected success and NOERROR, got %d\n", GetLastError());
246 ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER,
247 ints[i].encoded, ints[i].encoded[1] + 2,
248 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
249 ok(ret, "CryptDecodeObjectEx failed: %d\n", GetLastError());
250 ok(bufSize == sizeof(int), "Wrong size %d\n", bufSize);
251 ok(buf != NULL, "Expected allocated buffer\n");
252 if (buf)
253 {
254 ok(!memcmp(buf, &ints[i].val, bufSize), "Expected %d, got %d\n",
255 ints[i].val, *(int *)buf);
256 LocalFree(buf);
257 }
258 }
259 for (i = 0; i < sizeof(bigInts) / sizeof(bigInts[0]); i++)
260 {
261 ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER,
262 bigInts[i].encoded, bigInts[i].encoded[1] + 2, 0, NULL, NULL,
263 &bufSize);
264 ok(ret && GetLastError() == NOERROR,
265 "Expected success and NOERROR, got %d\n", GetLastError());
266 ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER,
267 bigInts[i].encoded, bigInts[i].encoded[1] + 2,
268 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
269 ok(ret, "CryptDecodeObjectEx failed: %d\n", GetLastError());
270 ok(bufSize >= sizeof(CRYPT_INTEGER_BLOB), "Wrong size %d\n", bufSize);
271 ok(buf != NULL, "Expected allocated buffer\n");
272 if (buf)
273 {
274 CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf;
275
276 ok(blob->cbData == strlen((const char*)bigInts[i].decoded),
277 "Expected len %d, got %d\n", lstrlenA((const char*)bigInts[i].decoded),
278 blob->cbData);
279 ok(!memcmp(blob->pbData, bigInts[i].decoded, blob->cbData),
280 "Unexpected value\n");
281 LocalFree(buf);
282 }
283 }
284 for (i = 0; i < sizeof(bigUInts) / sizeof(bigUInts[0]); i++)
285 {
286 ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT,
287 bigUInts[i].encoded, bigUInts[i].encoded[1] + 2, 0, NULL, NULL,
288 &bufSize);
289 ok(ret && GetLastError() == NOERROR,
290 "Expected success and NOERROR, got %d\n", GetLastError());
291 ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_UINT,
292 bigUInts[i].encoded, bigUInts[i].encoded[1] + 2,
293 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
294 ok(ret, "CryptDecodeObjectEx failed: %d\n", GetLastError());
295 ok(bufSize >= sizeof(CRYPT_INTEGER_BLOB), "Wrong size %d\n", bufSize);
296 ok(buf != NULL, "Expected allocated buffer\n");
297 if (buf)
298 {
299 CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf;
300
301 ok(blob->cbData == strlen((const char*)bigUInts[i].val),
302 "Expected len %d, got %d\n", lstrlenA((const char*)bigUInts[i].val),
303 blob->cbData);
304 ok(!memcmp(blob->pbData, bigUInts[i].val, blob->cbData),
305 "Unexpected value\n");
306 LocalFree(buf);
307 }
308 }
309 /* Decode the value 1 with long-form length */
310 ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, longForm,
311 sizeof(longForm), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
312 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
313 if (buf)
314 {
315 ok(*(int *)buf == 1, "Expected 1, got %d\n", *(int *)buf);
316 LocalFree(buf);
317 }
318 /* check with extra bytes at the end */
319 ret = pCryptDecodeObjectEx(dwEncoding, X509_INTEGER, extraBytes,
320 sizeof(extraBytes), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
321 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
322 if (buf)
323 {
324 ok(*(int *)buf == 1, "Expected 1, got %d\n", *(int *)buf);
325 LocalFree(buf);
326 }
327 /* Try to decode some bogus large items */
328 /* The buffer size is smaller than the encoded length, so this should fail
329 * with CRYPT_E_ASN1_EOD if it's being decoded.
330 * Under XP it fails with CRYPT_E_ASN1_LARGE, which means there's a limit
331 * on the size decoded, but in ME it fails with CRYPT_E_ASN1_EOD or crashes.
332 * So this test unfortunately isn't useful.
333 ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, tooBig,
334 0x7fffffff, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
335 ok(!ret && GetLastError() == CRYPT_E_ASN1_LARGE,
336 "Expected CRYPT_E_ASN1_LARGE, got %08x\n", GetLastError());
337 */
338 /* This will try to decode the buffer and overflow it, check that it's
339 * caught.
340 */
341 if (0)
342 {
343 /* a large buffer isn't guaranteed to crash, it depends on memory allocation order */
344 ret = pCryptDecodeObjectEx(dwEncoding, X509_MULTI_BYTE_INTEGER, bigBogus,
345 0x01ffffff, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
346 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
347 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
348 }
349 }
350
351 static const BYTE bin18[] = {0x0a,0x01,0x01};
352 static const BYTE bin19[] = {0x0a,0x05,0x00,0xff,0xff,0xff,0x80};
353
354 /* These are always encoded unsigned, and aren't constrained to be any
355 * particular value
356 */
357 static const struct encodedInt enums[] = {
358 { 1, bin18 },
359 { -128, bin19 },
360 };
361
362 /* X509_CRL_REASON_CODE is also an enumerated type, but it's #defined to
363 * X509_ENUMERATED.
364 */
365 static const LPCSTR enumeratedTypes[] = { X509_ENUMERATED,
366 szOID_CRL_REASON_CODE };
367
368 static void test_encodeEnumerated(DWORD dwEncoding)
369 {
370 DWORD i, j;
371
372 for (i = 0; i < sizeof(enumeratedTypes) / sizeof(enumeratedTypes[0]); i++)
373 {
374 for (j = 0; j < sizeof(enums) / sizeof(enums[0]); j++)
375 {
376 BOOL ret;
377 BYTE *buf = NULL;
378 DWORD bufSize = 0;
379
380 ret = pCryptEncodeObjectEx(dwEncoding, enumeratedTypes[i],
381 &enums[j].val, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
382 &bufSize);
383 ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
384 if (buf)
385 {
386 ok(buf[0] == 0xa,
387 "Got unexpected type %d for enumerated (expected 0xa)\n",
388 buf[0]);
389 ok(buf[1] == enums[j].encoded[1],
390 "Got length %d, expected %d\n", buf[1], enums[j].encoded[1]);
391 ok(!memcmp(buf + 1, enums[j].encoded + 1,
392 enums[j].encoded[1] + 1),
393 "Encoded value of 0x%08x didn't match expected\n",
394 enums[j].val);
395 LocalFree(buf);
396 }
397 }
398 }
399 }
400
401 static void test_decodeEnumerated(DWORD dwEncoding)
402 {
403 DWORD i, j;
404
405 for (i = 0; i < sizeof(enumeratedTypes) / sizeof(enumeratedTypes[0]); i++)
406 {
407 for (j = 0; j < sizeof(enums) / sizeof(enums[0]); j++)
408 {
409 BOOL ret;
410 DWORD bufSize = sizeof(int);
411 int val;
412
413 ret = pCryptDecodeObjectEx(dwEncoding, enumeratedTypes[i],
414 enums[j].encoded, enums[j].encoded[1] + 2, 0, NULL,
415 (BYTE *)&val, &bufSize);
416 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
417 ok(bufSize == sizeof(int),
418 "Got unexpected size %d for enumerated\n", bufSize);
419 ok(val == enums[j].val, "Unexpected value %d, expected %d\n",
420 val, enums[j].val);
421 }
422 }
423 }
424
425 struct encodedFiletime
426 {
427 SYSTEMTIME sysTime;
428 const BYTE *encodedTime;
429 };
430
431 static void testTimeEncoding(DWORD dwEncoding, LPCSTR structType,
432 const struct encodedFiletime *time)
433 {
434 FILETIME ft = { 0 };
435 BYTE *buf = NULL;
436 DWORD bufSize = 0;
437 BOOL ret;
438
439 ret = SystemTimeToFileTime(&time->sysTime, &ft);
440 ok(ret, "SystemTimeToFileTime failed: %d\n", GetLastError());
441 ret = pCryptEncodeObjectEx(dwEncoding, structType, &ft,
442 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
443 /* years other than 1950-2050 are not allowed for encodings other than
444 * X509_CHOICE_OF_TIME.
445 */
446 if (structType == X509_CHOICE_OF_TIME ||
447 (time->sysTime.wYear >= 1950 && time->sysTime.wYear <= 2050))
448 {
449 ok(ret, "CryptEncodeObjectEx failed: %d (0x%08x)\n", GetLastError(),
450 GetLastError());
451 ok(buf != NULL, "Expected an allocated buffer\n");
452 if (buf)
453 {
454 ok(buf[0] == time->encodedTime[0],
455 "Expected type 0x%02x, got 0x%02x\n", time->encodedTime[0],
456 buf[0]);
457 ok(buf[1] == time->encodedTime[1], "Expected %d bytes, got %d\n",
458 time->encodedTime[1], bufSize);
459 ok(!memcmp(time->encodedTime + 2, buf + 2, time->encodedTime[1]),
460 "Got unexpected value for time encoding\n");
461 LocalFree(buf);
462 }
463 }
464 else
465 ok(!ret && GetLastError() == CRYPT_E_BAD_ENCODE,
466 "Expected CRYPT_E_BAD_ENCODE, got 0x%08x\n", GetLastError());
467 }
468
469 static const char *printSystemTime(const SYSTEMTIME *st)
470 {
471 static char buf[25];
472
473 sprintf(buf, "%02d-%02d-%04d %02d:%02d:%02d.%03d", st->wMonth, st->wDay,
474 st->wYear, st->wHour, st->wMinute, st->wSecond, st->wMilliseconds);
475 return buf;
476 }
477
478 static const char *printFileTime(const FILETIME *ft)
479 {
480 static char buf[25];
481 SYSTEMTIME st;
482
483 FileTimeToSystemTime(ft, &st);
484 sprintf(buf, "%02d-%02d-%04d %02d:%02d:%02d.%03d", st.wMonth, st.wDay,
485 st.wYear, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
486 return buf;
487 }
488
489 static void compareTime(const SYSTEMTIME *expected, const FILETIME *got)
490 {
491 SYSTEMTIME st;
492
493 FileTimeToSystemTime(got, &st);
494 ok(expected->wYear == st.wYear &&
495 expected->wMonth == st.wMonth &&
496 expected->wDay == st.wDay &&
497 expected->wHour == st.wHour &&
498 expected->wMinute == st.wMinute &&
499 expected->wSecond == st.wSecond &&
500 abs(expected->wMilliseconds - st.wMilliseconds) <= 1,
501 "Got unexpected value for time decoding:\nexpected %s, got %s\n",
502 printSystemTime(expected), printFileTime(got));
503 }
504
505 static void testTimeDecoding(DWORD dwEncoding, LPCSTR structType,
506 const struct encodedFiletime *time)
507 {
508 FILETIME ft = { 0 };
509 DWORD size = sizeof(ft);
510 BOOL ret;
511
512 ret = pCryptDecodeObjectEx(dwEncoding, structType, time->encodedTime,
513 time->encodedTime[1] + 2, 0, NULL, &ft, &size);
514 /* years other than 1950-2050 are not allowed for encodings other than
515 * X509_CHOICE_OF_TIME.
516 */
517 if (structType == X509_CHOICE_OF_TIME ||
518 (time->sysTime.wYear >= 1950 && time->sysTime.wYear <= 2050))
519 {
520 ok(ret, "CryptDecodeObjectEx failed: %d (0x%08x)\n", GetLastError(),
521 GetLastError());
522 compareTime(&time->sysTime, &ft);
523 }
524 else
525 ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
526 "Expected CRYPT_E_ASN1_BADTAG, got 0x%08x\n", GetLastError());
527 }
528
529 static const BYTE bin20[] = {
530 0x17,0x0d,'0','5','0','6','0','6','1','6','1','0','0','0','Z'};
531 static const BYTE bin21[] = {
532 0x18,0x0f,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','Z'};
533 static const BYTE bin22[] = {
534 0x18,0x0f,'2','1','4','5','0','6','0','6','1','6','1','0','0','0','Z'};
535
536 static const struct encodedFiletime times[] = {
537 { { 2005, 6, 1, 6, 16, 10, 0, 0 }, bin20 },
538 { { 1945, 6, 1, 6, 16, 10, 0, 0 }, bin21 },
539 { { 2145, 6, 1, 6, 16, 10, 0, 0 }, bin22 },
540 };
541
542 static void test_encodeFiletime(DWORD dwEncoding)
543 {
544 DWORD i;
545
546 for (i = 0; i < sizeof(times) / sizeof(times[0]); i++)
547 {
548 testTimeEncoding(dwEncoding, X509_CHOICE_OF_TIME, &times[i]);
549 testTimeEncoding(dwEncoding, PKCS_UTC_TIME, &times[i]);
550 testTimeEncoding(dwEncoding, szOID_RSA_signingTime, &times[i]);
551 }
552 }
553
554 static const BYTE bin23[] = {
555 0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','.','0','0','0','Z'};
556 static const BYTE bin24[] = {
557 0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','.','9','9','9','Z'};
558 static const BYTE bin25[] = {
559 0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','+','0','1','0','0'};
560 static const BYTE bin26[] = {
561 0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','-','0','1','0','0'};
562 static const BYTE bin27[] = {
563 0x18,0x13,'1','9','4','5','0','6','0','6','1','6','1','0','0','0','-','0','1','1','5'};
564 static const BYTE bin28[] = {
565 0x18,0x0a,'2','1','4','5','0','6','0','6','1','6'};
566 static const BYTE bin29[] = {
567 0x17,0x0a,'4','5','0','6','0','6','1','6','1','0'};
568 static const BYTE bin30[] = {
569 0x17,0x0b,'4','5','0','6','0','6','1','6','1','0','Z'};
570 static const BYTE bin31[] = {
571 0x17,0x0d,'4','5','0','6','0','6','1','6','1','0','+','0','1'};
572 static const BYTE bin32[] = {
573 0x17,0x0d,'4','5','0','6','0','6','1','6','1','0','-','0','1'};
574 static const BYTE bin33[] = {
575 0x17,0x0f,'4','5','0','6','0','6','1','6','1','0','+','0','1','0','0'};
576 static const BYTE bin34[] = {
577 0x17,0x0f,'4','5','0','6','0','6','1','6','1','0','-','0','1','0','0'};
578 static const BYTE bin35[] = {
579 0x17,0x08, '4','5','0','6','0','6','1','6'};
580 static const BYTE bin36[] = {
581 0x18,0x0f, 'a','a','a','a','a','a','a','a','a','a','a','a','a','a','Z'};
582 static const BYTE bin37[] = {
583 0x18,0x04, '2','1','4','5'};
584 static const BYTE bin38[] = {
585 0x18,0x08, '2','1','4','5','0','6','0','6'};
586
587 static void test_decodeFiletime(DWORD dwEncoding)
588 {
589 static const struct encodedFiletime otherTimes[] = {
590 { { 1945, 6, 1, 6, 16, 10, 0, 0 }, bin23 },
591 { { 1945, 6, 1, 6, 16, 10, 0, 999 }, bin24 },
592 { { 1945, 6, 1, 6, 17, 10, 0, 0 }, bin25 },
593 { { 1945, 6, 1, 6, 15, 10, 0, 0 }, bin26 },
594 { { 1945, 6, 1, 6, 14, 55, 0, 0 }, bin27 },
595 { { 2145, 6, 1, 6, 16, 0, 0, 0 }, bin28 },
596 { { 2045, 6, 1, 6, 16, 10, 0, 0 }, bin29 },
597 { { 2045, 6, 1, 6, 16, 10, 0, 0 }, bin30 },
598 { { 2045, 6, 1, 6, 17, 10, 0, 0 }, bin31 },
599 { { 2045, 6, 1, 6, 15, 10, 0, 0 }, bin32 },
600 { { 2045, 6, 1, 6, 17, 10, 0, 0 }, bin33 },
601 { { 2045, 6, 1, 6, 15, 10, 0, 0 }, bin34 },
602 };
603 /* An oddball case that succeeds in Windows, but doesn't seem correct
604 { { 2145, 6, 1, 2, 11, 31, 0, 0 }, "\x18" "\x13" "21450606161000-9999" },
605 */
606 static const unsigned char *bogusTimes[] = {
607 /* oddly, this succeeds on Windows, with year 2765
608 "\x18" "\x0f" "21r50606161000Z",
609 */
610 bin35,
611 bin36,
612 bin37,
613 bin38,
614 };
615 DWORD i, size;
616 FILETIME ft1 = { 0 }, ft2 = { 0 };
617 BOOL ret;
618
619 /* Check bogus length with non-NULL buffer */
620 ret = SystemTimeToFileTime(&times[0].sysTime, &ft1);
621 ok(ret, "SystemTimeToFileTime failed: %d\n", GetLastError());
622 size = 1;
623 ret = pCryptDecodeObjectEx(dwEncoding, X509_CHOICE_OF_TIME,
624 times[0].encodedTime, times[0].encodedTime[1] + 2, 0, NULL, &ft2, &size);
625 ok(!ret && GetLastError() == ERROR_MORE_DATA,
626 "Expected ERROR_MORE_DATA, got %d\n", GetLastError());
627 /* Normal tests */
628 for (i = 0; i < sizeof(times) / sizeof(times[0]); i++)
629 {
630 testTimeDecoding(dwEncoding, X509_CHOICE_OF_TIME, &times[i]);
631 testTimeDecoding(dwEncoding, PKCS_UTC_TIME, &times[i]);
632 testTimeDecoding(dwEncoding, szOID_RSA_signingTime, &times[i]);
633 }
634 for (i = 0; i < sizeof(otherTimes) / sizeof(otherTimes[0]); i++)
635 {
636 testTimeDecoding(dwEncoding, X509_CHOICE_OF_TIME, &otherTimes[i]);
637 testTimeDecoding(dwEncoding, PKCS_UTC_TIME, &otherTimes[i]);
638 testTimeDecoding(dwEncoding, szOID_RSA_signingTime, &otherTimes[i]);
639 }
640 for (i = 0; i < sizeof(bogusTimes) / sizeof(bogusTimes[0]); i++)
641 {
642 size = sizeof(ft1);
643 ret = pCryptDecodeObjectEx(dwEncoding, X509_CHOICE_OF_TIME,
644 bogusTimes[i], bogusTimes[i][1] + 2, 0, NULL, &ft1, &size);
645 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
646 "Expected CRYPT_E_ASN1_CORRUPT, got %08x\n", GetLastError());
647 }
648 }
649
650 static const char commonName[] = "Juan Lang";
651 static const char surName[] = "Lang";
652
653 static const BYTE emptySequence[] = { 0x30, 0 };
654 static const BYTE emptyRDNs[] = { 0x30, 0x02, 0x31, 0 };
655 static const BYTE twoRDNs[] = {
656 0x30,0x23,0x31,0x21,0x30,0x0c,0x06,0x03,0x55,0x04,0x04,
657 0x13,0x05,0x4c,0x61,0x6e,0x67,0x00,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
658 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0};
659 static const BYTE encodedTwoRDNs[] = {
660 0x30,0x2e,0x31,0x2c,0x30,0x2a,0x06,0x03,0x55,0x04,0x03,0x30,0x23,0x31,0x21,
661 0x30,0x0c,0x06,0x03,0x55,0x04,0x04,0x13,0x05,0x4c,0x61,0x6e,0x67,0x00,0x30,
662 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
663 0x6e,0x67,0x00,
664 };
665
666 static const BYTE us[] = { 0x55, 0x53 };
667 static const BYTE minnesota[] = { 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x73, 0x6f,
668 0x74, 0x61 };
669 static const BYTE minneapolis[] = { 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x61, 0x70,
670 0x6f, 0x6c, 0x69, 0x73 };
671 static const BYTE codeweavers[] = { 0x43, 0x6f, 0x64, 0x65, 0x57, 0x65, 0x61,
672 0x76, 0x65, 0x72, 0x73 };
673 static const BYTE wine[] = { 0x57, 0x69, 0x6e, 0x65, 0x20, 0x44, 0x65, 0x76,
674 0x65, 0x6c, 0x6f, 0x70, 0x6d, 0x65, 0x6e, 0x74 };
675 static const BYTE localhostAttr[] = { 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f,
676 0x73, 0x74 };
677 static const BYTE aric[] = { 0x61, 0x72, 0x69, 0x63, 0x40, 0x63, 0x6f, 0x64,
678 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63, 0x6f, 0x6d };
679
680 #define RDNA(arr) oid_ ## arr, CERT_RDN_PRINTABLE_STRING, { sizeof(arr), (LPBYTE)arr }
681 #define RDNIA5(arr) oid_ ## arr, CERT_RDN_IA5_STRING, { sizeof(arr), (LPBYTE)arr }
682
683 static CHAR oid_us[] = "2.5.4.6",
684 oid_minnesota[] = "2.5.4.8",
685 oid_minneapolis[] = "2.5.4.7",
686 oid_codeweavers[] = "2.5.4.10",
687 oid_wine[] = "2.5.4.11",
688 oid_localhostAttr[] = "2.5.4.3",
689 oid_aric[] = "1.2.840.113549.1.9.1";
690 static CERT_RDN_ATTR rdnAttrs[] = { { RDNA(us) },
691 { RDNA(minnesota) },
692 { RDNA(minneapolis) },
693 { RDNA(codeweavers) },
694 { RDNA(wine) },
695 { RDNA(localhostAttr) },
696 { RDNIA5(aric) } };
697 static CERT_RDN_ATTR decodedRdnAttrs[] = { { RDNA(us) },
698 { RDNA(localhostAttr) },
699 { RDNA(minnesota) },
700 { RDNA(minneapolis) },
701 { RDNA(codeweavers) },
702 { RDNA(wine) },
703 { RDNIA5(aric) } };
704
705 #undef RDNIA5
706 #undef RDNA
707
708 static const BYTE encodedRDNAttrs[] = {
709 0x30,0x81,0x96,0x31,0x81,0x93,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
710 0x53,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x6c,0x6f,0x63,0x61,0x6c,0x68,
711 0x6f,0x73,0x74,0x30,0x10,0x06,0x03,0x55,0x04,0x08,0x13,0x09,0x4d,0x69,0x6e,0x6e,
712 0x65,0x73,0x6f,0x74,0x61,0x30,0x12,0x06,0x03,0x55,0x04,0x07,0x13,0x0b,0x4d,0x69,
713 0x6e,0x6e,0x65,0x61,0x70,0x6f,0x6c,0x69,0x73,0x30,0x12,0x06,0x03,0x55,0x04,0x0a,
714 0x13,0x0b,0x43,0x6f,0x64,0x65,0x57,0x65,0x61,0x76,0x65,0x72,0x73,0x30,0x17,0x06,
715 0x03,0x55,0x04,0x0b,0x13,0x10,0x57,0x69,0x6e,0x65,0x20,0x44,0x65,0x76,0x65,0x6c,
716 0x6f,0x70,0x6d,0x65,0x6e,0x74,0x30,0x21,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
717 0x01,0x09,0x01,0x16,0x14,0x61,0x72,0x69,0x63,0x40,0x63,0x6f,0x64,0x65,0x77,0x65,
718 0x61,0x76,0x65,0x72,0x73,0x2e,0x63,0x6f,0x6d
719 };
720
721 static void test_encodeName(DWORD dwEncoding)
722 {
723 CERT_RDN_ATTR attrs[2];
724 CERT_RDN rdn;
725 CERT_NAME_INFO info;
726 static CHAR oid_common_name[] = szOID_COMMON_NAME,
727 oid_sur_name[] = szOID_SUR_NAME;
728 BYTE *buf = NULL;
729 DWORD size = 0;
730 BOOL ret;
731
732 /* Test with NULL pvStructInfo */
733 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, NULL,
734 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
735 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
736 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
737 /* Test with empty CERT_NAME_INFO */
738 info.cRDN = 0;
739 info.rgRDN = NULL;
740 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
741 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
742 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
743 if (buf)
744 {
745 ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
746 "Got unexpected encoding for empty name\n");
747 LocalFree(buf);
748 }
749 /* Test with bogus CERT_RDN */
750 info.cRDN = 1;
751 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
752 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
753 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
754 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
755 /* Test with empty CERT_RDN */
756 rdn.cRDNAttr = 0;
757 rdn.rgRDNAttr = NULL;
758 info.cRDN = 1;
759 info.rgRDN = &rdn;
760 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
761 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
762 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
763 if (buf)
764 {
765 ok(!memcmp(buf, emptyRDNs, sizeof(emptyRDNs)),
766 "Got unexpected encoding for empty RDN array\n");
767 LocalFree(buf);
768 }
769 /* Test with bogus attr array */
770 rdn.cRDNAttr = 1;
771 rdn.rgRDNAttr = NULL;
772 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
773 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
774 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
775 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
776 /* oddly, a bogus OID is accepted by Windows XP; not testing.
777 attrs[0].pszObjId = "bogus";
778 attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
779 attrs[0].Value.cbData = sizeof(commonName);
780 attrs[0].Value.pbData = (BYTE *)commonName;
781 rdn.cRDNAttr = 1;
782 rdn.rgRDNAttr = attrs;
783 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
784 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
785 ok(!ret, "Expected failure, got success\n");
786 */
787 /* Check with two CERT_RDN_ATTRs. Note DER encoding forces the order of
788 * the encoded attributes to be swapped.
789 */
790 attrs[0].pszObjId = oid_common_name;
791 attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
792 attrs[0].Value.cbData = sizeof(commonName);
793 attrs[0].Value.pbData = (BYTE *)commonName;
794 attrs[1].pszObjId = oid_sur_name;
795 attrs[1].dwValueType = CERT_RDN_PRINTABLE_STRING;
796 attrs[1].Value.cbData = sizeof(surName);
797 attrs[1].Value.pbData = (BYTE *)surName;
798 rdn.cRDNAttr = 2;
799 rdn.rgRDNAttr = attrs;
800 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
801 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
802 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
803 if (buf)
804 {
805 ok(!memcmp(buf, twoRDNs, sizeof(twoRDNs)),
806 "Got unexpected encoding for two RDN array\n");
807 LocalFree(buf);
808 }
809 /* A name can be "encoded" with previously encoded RDN attrs. */
810 attrs[0].dwValueType = CERT_RDN_ENCODED_BLOB;
811 attrs[0].Value.pbData = (LPBYTE)twoRDNs;
812 attrs[0].Value.cbData = sizeof(twoRDNs);
813 rdn.cRDNAttr = 1;
814 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
815 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
816 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
817 if (buf)
818 {
819 ok(size == sizeof(encodedTwoRDNs), "Unexpected size %d\n", size);
820 ok(!memcmp(buf, encodedTwoRDNs, size),
821 "Unexpected value for re-endoded two RDN array\n");
822 LocalFree(buf);
823 }
824 /* CERT_RDN_ANY_TYPE is too vague for X509_NAMEs, check the return */
825 rdn.cRDNAttr = 1;
826 attrs[0].dwValueType = CERT_RDN_ANY_TYPE;
827 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME, &info,
828 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
829 ok(!ret && GetLastError() == E_INVALIDARG,
830 "Expected E_INVALIDARG, got %08x\n", GetLastError());
831 /* Test a more complex name */
832 rdn.cRDNAttr = sizeof(rdnAttrs) / sizeof(rdnAttrs[0]);
833 rdn.rgRDNAttr = (PCERT_RDN_ATTR)rdnAttrs;
834 info.cRDN = 1;
835 info.rgRDN = &rdn;
836 buf = NULL;
837 size = 0;
838 ret = pCryptEncodeObjectEx(X509_ASN_ENCODING, X509_NAME, &info,
839 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &size);
840 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
841 if (ret)
842 {
843 ok(size == sizeof(encodedRDNAttrs), "Wrong size %d\n", size);
844 ok(!memcmp(buf, encodedRDNAttrs, size), "Unexpected value\n");
845 LocalFree(buf);
846 }
847 }
848
849 static WCHAR commonNameW[] = { 'J','u','a','n',' ','L','a','n','g',0 };
850 static WCHAR surNameW[] = { 'L','a','n','g',0 };
851
852 static const BYTE twoRDNsNoNull[] = {
853 0x30,0x21,0x31,0x1f,0x30,0x0b,0x06,0x03,0x55,0x04,0x04,0x13,0x04,0x4c,0x61,
854 0x6e,0x67,0x30,0x10,0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,
855 0x20,0x4c,0x61,0x6e,0x67 };
856 static const BYTE anyType[] = {
857 0x30,0x2f,0x31,0x2d,0x30,0x2b,0x06,0x03,0x55,0x04,0x03,0x1e,0x24,0x23,0x30,
858 0x21,0x31,0x0c,0x30,0x03,0x06,0x04,0x55,0x13,0x04,0x4c,0x05,0x6e,0x61,0x00,
859 0x67,0x11,0x30,0x03,0x06,0x04,0x55,0x13,0x03,0x4a,0x0a,0x61,0x75,0x20,0x6e,
860 0x61,0x4c,0x67,0x6e };
861
862 static void test_encodeUnicodeName(DWORD dwEncoding)
863 {
864 CERT_RDN_ATTR attrs[2];
865 CERT_RDN rdn;
866 CERT_NAME_INFO info;
867 static CHAR oid_common_name[] = szOID_COMMON_NAME,
868 oid_sur_name[] = szOID_SUR_NAME;
869 BYTE *buf = NULL;
870 DWORD size = 0;
871 BOOL ret;
872
873 /* Test with NULL pvStructInfo */
874 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, NULL,
875 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
876 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
877 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
878 /* Test with empty CERT_NAME_INFO */
879 info.cRDN = 0;
880 info.rgRDN = NULL;
881 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
882 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
883 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
884 if (buf)
885 {
886 ok(!memcmp(buf, emptySequence, sizeof(emptySequence)),
887 "Got unexpected encoding for empty name\n");
888 LocalFree(buf);
889 }
890 /* Check with one CERT_RDN_ATTR, that has an invalid character for the
891 * encoding (the NULL).
892 */
893 attrs[0].pszObjId = oid_common_name;
894 attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
895 attrs[0].Value.cbData = sizeof(commonNameW);
896 attrs[0].Value.pbData = (BYTE *)commonNameW;
897 rdn.cRDNAttr = 1;
898 rdn.rgRDNAttr = attrs;
899 info.cRDN = 1;
900 info.rgRDN = &rdn;
901 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
902 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
903 ok(!ret && GetLastError() == CRYPT_E_INVALID_PRINTABLE_STRING,
904 "Expected CRYPT_E_INVALID_PRINTABLE_STRING, got %08x\n", GetLastError());
905 ok(size == 9, "Unexpected error index %08x\n", size);
906 /* Check with two NULL-terminated CERT_RDN_ATTRs. Note DER encoding
907 * forces the order of the encoded attributes to be swapped.
908 */
909 attrs[0].pszObjId = oid_common_name;
910 attrs[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
911 attrs[0].Value.cbData = 0;
912 attrs[0].Value.pbData = (BYTE *)commonNameW;
913 attrs[1].pszObjId = oid_sur_name;
914 attrs[1].dwValueType = CERT_RDN_PRINTABLE_STRING;
915 attrs[1].Value.cbData = 0;
916 attrs[1].Value.pbData = (BYTE *)surNameW;
917 rdn.cRDNAttr = 2;
918 rdn.rgRDNAttr = attrs;
919 info.cRDN = 1;
920 info.rgRDN = &rdn;
921 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
922 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
923 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
924 if (buf)
925 {
926 ok(!memcmp(buf, twoRDNsNoNull, sizeof(twoRDNsNoNull)),
927 "Got unexpected encoding for two RDN array\n");
928 LocalFree(buf);
929 }
930 /* A name can be "encoded" with previously encoded RDN attrs. */
931 attrs[0].dwValueType = CERT_RDN_ENCODED_BLOB;
932 attrs[0].Value.pbData = (LPBYTE)twoRDNs;
933 attrs[0].Value.cbData = sizeof(twoRDNs);
934 rdn.cRDNAttr = 1;
935 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
936 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
937 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
938 if (buf)
939 {
940 ok(size == sizeof(encodedTwoRDNs), "Unexpected size %d\n", size);
941 ok(!memcmp(buf, encodedTwoRDNs, size),
942 "Unexpected value for re-endoded two RDN array\n");
943 LocalFree(buf);
944 }
945 /* Unicode names infer the type for CERT_RDN_ANY_TYPE */
946 rdn.cRDNAttr = 1;
947 attrs[0].dwValueType = CERT_RDN_ANY_TYPE;
948 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME, &info,
949 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
950 todo_wine ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
951 if (buf)
952 {
953 ok(size == sizeof(anyType), "Unexpected size %d\n", size);
954 ok(!memcmp(buf, anyType, size), "Unexpected value\n");
955 LocalFree(buf);
956 }
957 }
958
959 static void compareNameValues(const CERT_NAME_VALUE *expected,
960 const CERT_NAME_VALUE *got)
961 {
962 ok(got->dwValueType == expected->dwValueType,
963 "Expected string type %d, got %d\n", expected->dwValueType,
964 got->dwValueType);
965 ok(got->Value.cbData == expected->Value.cbData,
966 "String type %d: unexpected data size, got %d, expected %d\n",
967 expected->dwValueType, got->Value.cbData, expected->Value.cbData);
968 if (got->Value.cbData && got->Value.pbData)
969 ok(!memcmp(got->Value.pbData, expected->Value.pbData,
970 min(got->Value.cbData, expected->Value.cbData)),
971 "String type %d: unexpected value\n", expected->dwValueType);
972 }
973
974 static void compareRDNAttrs(const CERT_RDN_ATTR *expected,
975 const CERT_RDN_ATTR *got)
976 {
977 if (expected->pszObjId && strlen(expected->pszObjId))
978 {
979 ok(got->pszObjId != NULL, "Expected OID %s, got NULL\n",
980 expected->pszObjId);
981 if (got->pszObjId)
982 {
983 ok(!strcmp(got->pszObjId, expected->pszObjId),
984 "Got unexpected OID %s, expected %s\n", got->pszObjId,
985 expected->pszObjId);
986 }
987 }
988 compareNameValues((const CERT_NAME_VALUE *)&expected->dwValueType,
989 (const CERT_NAME_VALUE *)&got->dwValueType);
990 }
991
992 static void compareRDNs(const CERT_RDN *expected, const CERT_RDN *got)
993 {
994 ok(got->cRDNAttr == expected->cRDNAttr,
995 "Expected %d RDN attrs, got %d\n", expected->cRDNAttr, got->cRDNAttr);
996 if (got->cRDNAttr)
997 {
998 DWORD i;
999
1000 for (i = 0; i < got->cRDNAttr; i++)
1001 compareRDNAttrs(&expected->rgRDNAttr[i], &got->rgRDNAttr[i]);
1002 }
1003 }
1004
1005 static void compareNames(const CERT_NAME_INFO *expected,
1006 const CERT_NAME_INFO *got)
1007 {
1008 ok(got->cRDN == expected->cRDN, "Expected %d RDNs, got %d\n",
1009 expected->cRDN, got->cRDN);
1010 if (got->cRDN)
1011 {
1012 DWORD i;
1013
1014 for (i = 0; i < got->cRDN; i++)
1015 compareRDNs(&expected->rgRDN[i], &got->rgRDN[i]);
1016 }
1017 }
1018
1019 static const BYTE emptyIndefiniteSequence[] = { 0x30,0x80,0x00,0x00 };
1020 static const BYTE twoRDNsExtraBytes[] = {
1021 0x30,0x23,0x31,0x21,0x30,0x0c,0x06,0x03,0x55,0x04,0x04,
1022 0x13,0x05,0x4c,0x61,0x6e,0x67,0x00,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
1023 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0,0,0,0,0,0};
1024
1025 static void test_decodeName(DWORD dwEncoding)
1026 {
1027 BYTE *buf = NULL;
1028 DWORD bufSize = 0;
1029 BOOL ret;
1030 CERT_RDN rdn;
1031 CERT_NAME_INFO info = { 1, &rdn };
1032
1033 /* test empty name */
1034 bufSize = 0;
1035 ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, emptySequence,
1036 emptySequence[1] + 2,
1037 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1038 (BYTE *)&buf, &bufSize);
1039 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1040 /* Interestingly, in Windows, if cRDN is 0, rgRGN may not be NULL. My
1041 * decoder works the same way, so only test the count.
1042 */
1043 if (buf)
1044 {
1045 ok(bufSize == sizeof(CERT_NAME_INFO), "Wrong bufSize %d\n", bufSize);
1046 ok(((CERT_NAME_INFO *)buf)->cRDN == 0,
1047 "Expected 0 RDNs in empty info, got %d\n",
1048 ((CERT_NAME_INFO *)buf)->cRDN);
1049 LocalFree(buf);
1050 }
1051 /* test empty name with indefinite-length encoding */
1052 ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, emptyIndefiniteSequence,
1053 sizeof(emptyIndefiniteSequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
1054 (BYTE *)&buf, &bufSize);
1055 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1056 if (ret)
1057 {
1058 ok(bufSize == sizeof(CERT_NAME_INFO), "Wrong bufSize %d\n", bufSize);
1059 ok(((CERT_NAME_INFO *)buf)->cRDN == 0,
1060 "Expected 0 RDNs in empty info, got %d\n",
1061 ((CERT_NAME_INFO *)buf)->cRDN);
1062 LocalFree(buf);
1063 }
1064 /* test empty RDN */
1065 bufSize = 0;
1066 ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, emptyRDNs,
1067 emptyRDNs[1] + 2,
1068 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1069 (BYTE *)&buf, &bufSize);
1070 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1071 if (buf)
1072 {
1073 CERT_NAME_INFO *info = (CERT_NAME_INFO *)buf;
1074
1075 ok(bufSize == sizeof(CERT_NAME_INFO) + sizeof(CERT_RDN) &&
1076 info->cRDN == 1 && info->rgRDN && info->rgRDN[0].cRDNAttr == 0,
1077 "Got unexpected value for empty RDN\n");
1078 LocalFree(buf);
1079 }
1080 /* test two RDN attrs */
1081 bufSize = 0;
1082 ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, twoRDNs,
1083 twoRDNs[1] + 2,
1084 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1085 (BYTE *)&buf, &bufSize);
1086 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1087 if (buf)
1088 {
1089 static CHAR oid_sur_name[] = szOID_SUR_NAME,
1090 oid_common_name[] = szOID_COMMON_NAME;
1091
1092 CERT_RDN_ATTR attrs[] = {
1093 { oid_sur_name, CERT_RDN_PRINTABLE_STRING, { sizeof(surName),
1094 (BYTE *)surName } },
1095 { oid_common_name, CERT_RDN_PRINTABLE_STRING, { sizeof(commonName),
1096 (BYTE *)commonName } },
1097 };
1098
1099 rdn.cRDNAttr = sizeof(attrs) / sizeof(attrs[0]);
1100 rdn.rgRDNAttr = attrs;
1101 compareNames(&info, (CERT_NAME_INFO *)buf);
1102 LocalFree(buf);
1103 }
1104 /* test that two RDN attrs with extra bytes succeeds */
1105 bufSize = 0;
1106 ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME, twoRDNsExtraBytes,
1107 sizeof(twoRDNsExtraBytes), 0, NULL, NULL, &bufSize);
1108 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1109 /* And, a slightly more complicated name */
1110 buf = NULL;
1111 bufSize = 0;
1112 ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME, encodedRDNAttrs,
1113 sizeof(encodedRDNAttrs), CRYPT_DECODE_ALLOC_FLAG, NULL, &buf, &bufSize);
1114 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1115 if (ret)
1116 {
1117 rdn.cRDNAttr = sizeof(decodedRdnAttrs) / sizeof(decodedRdnAttrs[0]);
1118 rdn.rgRDNAttr = (PCERT_RDN_ATTR)decodedRdnAttrs;
1119 compareNames(&info, (CERT_NAME_INFO *)buf);
1120 LocalFree(buf);
1121 }
1122 }
1123
1124 static void test_decodeUnicodeName(DWORD dwEncoding)
1125 {
1126 BYTE *buf = NULL;
1127 DWORD bufSize = 0;
1128 BOOL ret;
1129 CERT_RDN rdn;
1130 CERT_NAME_INFO info = { 1, &rdn };
1131
1132 /* test empty name */
1133 bufSize = 0;
1134 ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME, emptySequence,
1135 emptySequence[1] + 2,
1136 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1137 (BYTE *)&buf, &bufSize);
1138 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1139 if (buf)
1140 {
1141 ok(bufSize == sizeof(CERT_NAME_INFO),
1142 "Got wrong bufSize %d\n", bufSize);
1143 ok(((CERT_NAME_INFO *)buf)->cRDN == 0,
1144 "Expected 0 RDNs in empty info, got %d\n",
1145 ((CERT_NAME_INFO *)buf)->cRDN);
1146 LocalFree(buf);
1147 }
1148 /* test empty RDN */
1149 bufSize = 0;
1150 ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME, emptyRDNs,
1151 emptyRDNs[1] + 2,
1152 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1153 (BYTE *)&buf, &bufSize);
1154 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1155 if (buf)
1156 {
1157 CERT_NAME_INFO *info = (CERT_NAME_INFO *)buf;
1158
1159 ok(bufSize == sizeof(CERT_NAME_INFO) + sizeof(CERT_RDN) &&
1160 info->cRDN == 1 && info->rgRDN && info->rgRDN[0].cRDNAttr == 0,
1161 "Got unexpected value for empty RDN\n");
1162 LocalFree(buf);
1163 }
1164 /* test two RDN attrs */
1165 bufSize = 0;
1166 ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME, twoRDNsNoNull,
1167 sizeof(twoRDNsNoNull),
1168 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1169 (BYTE *)&buf, &bufSize);
1170 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1171 if (buf)
1172 {
1173 static CHAR oid_sur_name[] = szOID_SUR_NAME,
1174 oid_common_name[] = szOID_COMMON_NAME;
1175
1176 CERT_RDN_ATTR attrs[] = {
1177 { oid_sur_name, CERT_RDN_PRINTABLE_STRING,
1178 { lstrlenW(surNameW) * sizeof(WCHAR), (BYTE *)surNameW } },
1179 { oid_common_name, CERT_RDN_PRINTABLE_STRING,
1180 { lstrlenW(commonNameW) * sizeof(WCHAR), (BYTE *)commonNameW } },
1181 };
1182
1183 rdn.cRDNAttr = sizeof(attrs) / sizeof(attrs[0]);
1184 rdn.rgRDNAttr = attrs;
1185 compareNames(&info, (CERT_NAME_INFO *)buf);
1186 LocalFree(buf);
1187 }
1188 }
1189
1190 struct EncodedNameValue
1191 {
1192 CERT_NAME_VALUE value;
1193 const BYTE *encoded;
1194 DWORD encodedSize;
1195 };
1196
1197 static const char bogusIA5[] = "\x80";
1198 static const char bogusPrintable[] = "~";
1199 static const char bogusNumeric[] = "A";
1200 static const BYTE bin42[] = { 0x16,0x02,0x80,0x00 };
1201 static const BYTE bin43[] = { 0x13,0x02,0x7e,0x00 };
1202 static const BYTE bin44[] = { 0x12,0x02,0x41,0x00 };
1203 static BYTE octetCommonNameValue[] = {
1204 0x04,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1205 static BYTE numericCommonNameValue[] = {
1206 0x12,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1207 static BYTE printableCommonNameValue[] = {
1208 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1209 static BYTE t61CommonNameValue[] = {
1210 0x14,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1211 static BYTE videotexCommonNameValue[] = {
1212 0x15,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1213 static BYTE ia5CommonNameValue[] = {
1214 0x16,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1215 static BYTE graphicCommonNameValue[] = {
1216 0x19,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1217 static BYTE visibleCommonNameValue[] = {
1218 0x1a,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1219 static BYTE generalCommonNameValue[] = {
1220 0x1b,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1221 static BYTE bmpCommonNameValue[] = {
1222 0x1e,0x14,0x00,0x4a,0x00,0x75,0x00,0x61,0x00,0x6e,0x00,0x20,0x00,0x4c,0x00,
1223 0x61,0x00,0x6e,0x00,0x67,0x00,0x00 };
1224 static BYTE utf8CommonNameValue[] = {
1225 0x0c,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1226
1227 static struct EncodedNameValue nameValues[] = {
1228 { { CERT_RDN_OCTET_STRING, { sizeof(commonName), (BYTE *)commonName } },
1229 octetCommonNameValue, sizeof(octetCommonNameValue) },
1230 { { CERT_RDN_NUMERIC_STRING, { sizeof(commonName), (BYTE *)commonName } },
1231 numericCommonNameValue, sizeof(numericCommonNameValue) },
1232 { { CERT_RDN_PRINTABLE_STRING, { sizeof(commonName), (BYTE *)commonName } },
1233 printableCommonNameValue, sizeof(printableCommonNameValue) },
1234 { { CERT_RDN_T61_STRING, { sizeof(commonName), (BYTE *)commonName } },
1235 t61CommonNameValue, sizeof(t61CommonNameValue) },
1236 { { CERT_RDN_VIDEOTEX_STRING, { sizeof(commonName), (BYTE *)commonName } },
1237 videotexCommonNameValue, sizeof(videotexCommonNameValue) },
1238 { { CERT_RDN_IA5_STRING, { sizeof(commonName), (BYTE *)commonName } },
1239 ia5CommonNameValue, sizeof(ia5CommonNameValue) },
1240 { { CERT_RDN_GRAPHIC_STRING, { sizeof(commonName), (BYTE *)commonName } },
1241 graphicCommonNameValue, sizeof(graphicCommonNameValue) },
1242 { { CERT_RDN_VISIBLE_STRING, { sizeof(commonName), (BYTE *)commonName } },
1243 visibleCommonNameValue, sizeof(visibleCommonNameValue) },
1244 { { CERT_RDN_GENERAL_STRING, { sizeof(commonName), (BYTE *)commonName } },
1245 generalCommonNameValue, sizeof(generalCommonNameValue) },
1246 { { CERT_RDN_BMP_STRING, { sizeof(commonNameW), (BYTE *)commonNameW } },
1247 bmpCommonNameValue, sizeof(bmpCommonNameValue) },
1248 { { CERT_RDN_UTF8_STRING, { sizeof(commonNameW), (BYTE *)commonNameW } },
1249 utf8CommonNameValue, sizeof(utf8CommonNameValue) },
1250 /* The following tests succeed under Windows, but really should fail,
1251 * they contain characters that are illegal for the encoding. I'm
1252 * including them to justify my lazy encoding.
1253 */
1254 { { CERT_RDN_IA5_STRING, { sizeof(bogusIA5), (BYTE *)bogusIA5 } }, bin42,
1255 sizeof(bin42) },
1256 { { CERT_RDN_PRINTABLE_STRING, { sizeof(bogusPrintable),
1257 (BYTE *)bogusPrintable } }, bin43, sizeof(bin43) },
1258 { { CERT_RDN_NUMERIC_STRING, { sizeof(bogusNumeric), (BYTE *)bogusNumeric } },
1259 bin44, sizeof(bin44) },
1260 };
1261
1262 static void test_encodeNameValue(DWORD dwEncoding)
1263 {
1264 BYTE *buf = NULL;
1265 DWORD size = 0, i;
1266 BOOL ret;
1267 CERT_NAME_VALUE value = { 0, { 0, NULL } };
1268
1269 value.dwValueType = CERT_RDN_ENCODED_BLOB;
1270 value.Value.pbData = printableCommonNameValue;
1271 value.Value.cbData = sizeof(printableCommonNameValue);
1272 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_VALUE, &value,
1273 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1274 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1275 if (buf)
1276 {
1277 ok(size == sizeof(printableCommonNameValue), "Unexpected size %d\n",
1278 size);
1279 ok(!memcmp(buf, printableCommonNameValue, size),
1280 "Unexpected encoding\n");
1281 LocalFree(buf);
1282 }
1283 for (i = 0; i < sizeof(nameValues) / sizeof(nameValues[0]); i++)
1284 {
1285 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_VALUE,
1286 &nameValues[i].value, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1287 &size);
1288 ok(ret, "Type %d: CryptEncodeObjectEx failed: %08x\n",
1289 nameValues[i].value.dwValueType, GetLastError());
1290 if (buf)
1291 {
1292 ok(size == nameValues[i].encodedSize,
1293 "Expected size %d, got %d\n", nameValues[i].encodedSize, size);
1294 ok(!memcmp(buf, nameValues[i].encoded, size),
1295 "Got unexpected encoding\n");
1296 LocalFree(buf);
1297 }
1298 }
1299 }
1300
1301 static void test_decodeNameValue(DWORD dwEncoding)
1302 {
1303 int i;
1304 BYTE *buf = NULL;
1305 DWORD bufSize = 0;
1306 BOOL ret;
1307
1308 for (i = 0; i < sizeof(nameValues) / sizeof(nameValues[0]); i++)
1309 {
1310 ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME_VALUE,
1311 nameValues[i].encoded, nameValues[i].encoded[1] + 2,
1312 CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_SHARE_OID_STRING_FLAG, NULL,
1313 (BYTE *)&buf, &bufSize);
1314 ok(ret, "Value type %d: CryptDecodeObjectEx failed: %08x\n",
1315 nameValues[i].value.dwValueType, GetLastError());
1316 if (buf)
1317 {
1318 compareNameValues(&nameValues[i].value,
1319 (const CERT_NAME_VALUE *)buf);
1320 LocalFree(buf);
1321 }
1322 }
1323 }
1324
1325 static const BYTE emptyURL[] = { 0x30, 0x02, 0x86, 0x00 };
1326 static const BYTE emptyURLExtraBytes[] = { 0x30, 0x02, 0x86, 0x00, 0, 0, 0 };
1327 static const WCHAR url[] = { 'h','t','t','p',':','/','/','w','i','n','e',
1328 'h','q','.','o','r','g',0 };
1329 static const BYTE encodedURL[] = { 0x30, 0x13, 0x86, 0x11, 0x68, 0x74,
1330 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71, 0x2e,
1331 0x6f, 0x72, 0x67 };
1332 static const WCHAR nihongoURL[] = { 'h','t','t','p',':','/','/',0x226f,
1333 0x575b, 0 };
1334 static const WCHAR dnsName[] = { 'w','i','n','e','h','q','.','o','r','g',0 };
1335 static const BYTE encodedDnsName[] = { 0x30, 0x0c, 0x82, 0x0a, 0x77, 0x69,
1336 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
1337 static const BYTE localhost[] = { 127, 0, 0, 1 };
1338 static const BYTE encodedIPAddr[] = { 0x30, 0x06, 0x87, 0x04, 0x7f, 0x00, 0x00,
1339 0x01 };
1340 static const unsigned char encodedCommonName[] = {
1341 0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,'J','u','a','n',' ','L','a','n','g',0};
1342 static const BYTE encodedOidName[] = { 0x30,0x04,0x88,0x02,0x2a,0x03 };
1343 static const BYTE encodedDirectoryName[] = {
1344 0x30,0x19,0xa4,0x17,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
1345 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00 };
1346
1347 static void test_encodeAltName(DWORD dwEncoding)
1348 {
1349 CERT_ALT_NAME_INFO info = { 0 };
1350 CERT_ALT_NAME_ENTRY entry = { 0 };
1351 BYTE *buf = NULL;
1352 DWORD size = 0;
1353 BOOL ret;
1354 char oid[] = "1.2.3";
1355
1356 /* Test with empty info */
1357 ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1358 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1359 if (buf)
1360 {
1361 ok(size == sizeof(emptySequence), "Wrong size %d\n", size);
1362 ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
1363 LocalFree(buf);
1364 }
1365 /* Test with an empty entry */
1366 info.cAltEntry = 1;
1367 info.rgAltEntry = &entry;
1368 ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1369 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1370 ok(!ret && GetLastError() == E_INVALIDARG,
1371 "Expected E_INVALIDARG, got %08x\n", GetLastError());
1372 /* Test with an empty pointer */
1373 entry.dwAltNameChoice = CERT_ALT_NAME_URL;
1374 ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1375 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1376 if (buf)
1377 {
1378 ok(size == sizeof(emptyURL), "Wrong size %d\n", size);
1379 ok(!memcmp(buf, emptyURL, size), "Unexpected value\n");
1380 LocalFree(buf);
1381 }
1382 /* Test with a real URL */
1383 U(entry).pwszURL = (LPWSTR)url;
1384 ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1385 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1386 if (buf)
1387 {
1388 ok(size == sizeof(encodedURL), "Wrong size %d\n", size);
1389 ok(!memcmp(buf, encodedURL, size), "Unexpected value\n");
1390 LocalFree(buf);
1391 }
1392 /* Now with the URL containing an invalid IA5 char */
1393 U(entry).pwszURL = (LPWSTR)nihongoURL;
1394 ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1395 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1396 ok(!ret && GetLastError() == CRYPT_E_INVALID_IA5_STRING,
1397 "Expected CRYPT_E_INVALID_IA5_STRING, got %08x\n", GetLastError());
1398 /* The first invalid character is at index 7 */
1399 ok(GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size) == 7,
1400 "Expected invalid char at index 7, got %d\n",
1401 GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size));
1402 /* Now with the URL missing a scheme */
1403 U(entry).pwszURL = (LPWSTR)dnsName;
1404 ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1405 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1406 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1407 if (buf)
1408 {
1409 /* This succeeds, but it shouldn't, so don't worry about conforming */
1410 LocalFree(buf);
1411 }
1412 /* Now with a DNS name */
1413 entry.dwAltNameChoice = CERT_ALT_NAME_DNS_NAME;
1414 ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1415 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1416 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1417 if (buf)
1418 {
1419 ok(size == sizeof(encodedDnsName), "Wrong size %d\n", size);
1420 ok(!memcmp(buf, encodedDnsName, size), "Unexpected value\n");
1421 LocalFree(buf);
1422 }
1423 /* Test with an IP address */
1424 entry.dwAltNameChoice = CERT_ALT_NAME_IP_ADDRESS;
1425 U(entry).IPAddress.cbData = sizeof(localhost);
1426 U(entry).IPAddress.pbData = (LPBYTE)localhost;
1427 ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1428 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1429 if (buf)
1430 {
1431 ok(size == sizeof(encodedIPAddr), "Wrong size %d\n", size);
1432 ok(!memcmp(buf, encodedIPAddr, size), "Unexpected value\n");
1433 LocalFree(buf);
1434 }
1435 /* Test with OID */
1436 entry.dwAltNameChoice = CERT_ALT_NAME_REGISTERED_ID;
1437 U(entry).pszRegisteredID = oid;
1438 ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1439 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1440 if (buf)
1441 {
1442 ok(size == sizeof(encodedOidName), "Wrong size %d\n", size);
1443 ok(!memcmp(buf, encodedOidName, size), "Unexpected value\n");
1444 LocalFree(buf);
1445 }
1446 /* Test with directory name */
1447 entry.dwAltNameChoice = CERT_ALT_NAME_DIRECTORY_NAME;
1448 U(entry).DirectoryName.cbData = sizeof(encodedCommonName);
1449 U(entry).DirectoryName.pbData = (LPBYTE)encodedCommonName;
1450 ret = pCryptEncodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, &info,
1451 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1452 if (buf)
1453 {
1454 ok(size == sizeof(encodedDirectoryName), "Wrong size %d\n", size);
1455 ok(!memcmp(buf, encodedDirectoryName, size), "Unexpected value\n");
1456 LocalFree(buf);
1457 }
1458 }
1459
1460 static void test_decodeAltName(DWORD dwEncoding)
1461 {
1462 static const BYTE unimplementedType[] = { 0x30, 0x06, 0x85, 0x04, 0x7f,
1463 0x00, 0x00, 0x01 };
1464 static const BYTE bogusType[] = { 0x30, 0x06, 0x89, 0x04, 0x7f, 0x00, 0x00,
1465 0x01 };
1466 BOOL ret;
1467 BYTE *buf = NULL;
1468 DWORD bufSize = 0;
1469 CERT_ALT_NAME_INFO *info;
1470
1471 /* Test some bogus ones first */
1472 ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1473 unimplementedType, sizeof(unimplementedType), CRYPT_DECODE_ALLOC_FLAG,
1474 NULL, (BYTE *)&buf, &bufSize);
1475 ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
1476 "Expected CRYPT_E_ASN1_BADTAG, got %08x\n", GetLastError());
1477 ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1478 bogusType, sizeof(bogusType), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1479 &bufSize);
1480 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
1481 "Expected CRYPT_E_ASN1_CORRUPT, got %08x\n", GetLastError());
1482 /* Now expected cases */
1483 ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, emptySequence,
1484 emptySequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1485 &bufSize);
1486 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1487 if (buf)
1488 {
1489 info = (CERT_ALT_NAME_INFO *)buf;
1490
1491 ok(info->cAltEntry == 0, "Expected 0 entries, got %d\n",
1492 info->cAltEntry);
1493 LocalFree(buf);
1494 }
1495 ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, emptyURL,
1496 emptyURL[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1497 &bufSize);
1498 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1499 if (buf)
1500 {
1501 info = (CERT_ALT_NAME_INFO *)buf;
1502
1503 ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1504 info->cAltEntry);
1505 ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_URL,
1506 "Expected CERT_ALT_NAME_URL, got %d\n",
1507 info->rgAltEntry[0].dwAltNameChoice);
1508 ok(U(info->rgAltEntry[0]).pwszURL == NULL || !*U(info->rgAltEntry[0]).pwszURL,
1509 "Expected empty URL\n");
1510 LocalFree(buf);
1511 }
1512 ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1513 emptyURLExtraBytes, sizeof(emptyURLExtraBytes), 0, NULL, NULL, &bufSize);
1514 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1515 ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedURL,
1516 encodedURL[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1517 &bufSize);
1518 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1519 if (buf)
1520 {
1521 info = (CERT_ALT_NAME_INFO *)buf;
1522
1523 ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1524 info->cAltEntry);
1525 ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_URL,
1526 "Expected CERT_ALT_NAME_URL, got %d\n",
1527 info->rgAltEntry[0].dwAltNameChoice);
1528 ok(!lstrcmpW(U(info->rgAltEntry[0]).pwszURL, url), "Unexpected URL\n");
1529 LocalFree(buf);
1530 }
1531 ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedDnsName,
1532 encodedDnsName[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1533 &bufSize);
1534 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1535 if (buf)
1536 {
1537 info = (CERT_ALT_NAME_INFO *)buf;
1538
1539 ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1540 info->cAltEntry);
1541 ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME,
1542 "Expected CERT_ALT_NAME_DNS_NAME, got %d\n",
1543 info->rgAltEntry[0].dwAltNameChoice);
1544 ok(!lstrcmpW(U(info->rgAltEntry[0]).pwszDNSName, dnsName),
1545 "Unexpected DNS name\n");
1546 LocalFree(buf);
1547 }
1548 ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedIPAddr,
1549 encodedIPAddr[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1550 &bufSize);
1551 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1552 if (buf)
1553 {
1554 info = (CERT_ALT_NAME_INFO *)buf;
1555
1556 ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1557 info->cAltEntry);
1558 ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS,
1559 "Expected CERT_ALT_NAME_IP_ADDRESS, got %d\n",
1560 info->rgAltEntry[0].dwAltNameChoice);
1561 ok(U(info->rgAltEntry[0]).IPAddress.cbData == sizeof(localhost),
1562 "Unexpected IP address length %d\n",
1563 U(info->rgAltEntry[0]).IPAddress.cbData);
1564 ok(!memcmp(U(info->rgAltEntry[0]).IPAddress.pbData, localhost,
1565 sizeof(localhost)), "Unexpected IP address value\n");
1566 LocalFree(buf);
1567 }
1568 ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME, encodedOidName,
1569 sizeof(encodedOidName), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1570 &bufSize);
1571 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1572 if (buf)
1573 {
1574 info = (CERT_ALT_NAME_INFO *)buf;
1575
1576 ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1577 info->cAltEntry);
1578 ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_REGISTERED_ID,
1579 "Expected CERT_ALT_NAME_REGISTERED_ID, got %d\n",
1580 info->rgAltEntry[0].dwAltNameChoice);
1581 ok(!strcmp(U(info->rgAltEntry[0]).pszRegisteredID, "1.2.3"),
1582 "Expected OID 1.2.3, got %s\n", U(info->rgAltEntry[0]).pszRegisteredID);
1583 LocalFree(buf);
1584 }
1585 ret = pCryptDecodeObjectEx(dwEncoding, X509_ALTERNATE_NAME,
1586 encodedDirectoryName, sizeof(encodedDirectoryName),
1587 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1588 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1589 if (buf)
1590 {
1591 info = (CERT_ALT_NAME_INFO *)buf;
1592
1593 ok(info->cAltEntry == 1, "Expected 1 entries, got %d\n",
1594 info->cAltEntry);
1595 ok(info->rgAltEntry[0].dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME,
1596 "Expected CERT_ALT_NAME_DIRECTORY_NAME, got %d\n",
1597 info->rgAltEntry[0].dwAltNameChoice);
1598 ok(U(info->rgAltEntry[0]).DirectoryName.cbData ==
1599 sizeof(encodedCommonName), "Unexpected directory name length %d\n",
1600 U(info->rgAltEntry[0]).DirectoryName.cbData);
1601 ok(!memcmp(U(info->rgAltEntry[0]).DirectoryName.pbData,
1602 encodedCommonName, sizeof(encodedCommonName)),
1603 "Unexpected directory name value\n");
1604 LocalFree(buf);
1605 }
1606 }
1607
1608 struct UnicodeExpectedError
1609 {
1610 DWORD valueType;
1611 LPCWSTR str;
1612 DWORD errorIndex;
1613 DWORD error;
1614 };
1615
1616 static const WCHAR oneW[] = { '1',0 };
1617 static const WCHAR aW[] = { 'a',0 };
1618 static const WCHAR quoteW[] = { '"', 0 };
1619
1620 static struct UnicodeExpectedError unicodeErrors[] = {
1621 { CERT_RDN_ANY_TYPE, oneW, 0, CRYPT_E_NOT_CHAR_STRING },
1622 { CERT_RDN_ENCODED_BLOB, oneW, 0, CRYPT_E_NOT_CHAR_STRING },
1623 { CERT_RDN_OCTET_STRING, oneW, 0, CRYPT_E_NOT_CHAR_STRING },
1624 { CERT_RDN_NUMERIC_STRING, aW, 0, CRYPT_E_INVALID_NUMERIC_STRING },
1625 { CERT_RDN_PRINTABLE_STRING, quoteW, 0, CRYPT_E_INVALID_PRINTABLE_STRING },
1626 { CERT_RDN_IA5_STRING, nihongoURL, 7, CRYPT_E_INVALID_IA5_STRING },
1627 };
1628
1629 struct UnicodeExpectedResult
1630 {
1631 DWORD valueType;
1632 LPCWSTR str;
1633 CRYPT_DATA_BLOB encoded;
1634 };
1635
1636 static BYTE oneNumeric[] = { 0x12, 0x01, 0x31 };
1637 static BYTE onePrintable[] = { 0x13, 0x01, 0x31 };
1638 static BYTE oneTeletex[] = { 0x14, 0x01, 0x31 };
1639 static BYTE oneVideotex[] = { 0x15, 0x01, 0x31 };
1640 static BYTE oneIA5[] = { 0x16, 0x01, 0x31 };
1641 static BYTE oneGraphic[] = { 0x19, 0x01, 0x31 };
1642 static BYTE oneVisible[] = { 0x1a, 0x01, 0x31 };
1643 static BYTE oneUniversal[] = { 0x1c, 0x04, 0x00, 0x00, 0x00, 0x31 };
1644 static BYTE oneGeneral[] = { 0x1b, 0x01, 0x31 };
1645 static BYTE oneBMP[] = { 0x1e, 0x02, 0x00, 0x31 };
1646 static BYTE oneUTF8[] = { 0x0c, 0x01, 0x31 };
1647 static BYTE nihongoT61[] = { 0x14,0x09,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x6f,
1648 0x5b };
1649 static BYTE nihongoGeneral[] = { 0x1b,0x09,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
1650 0x6f,0x5b };
1651 static BYTE nihongoBMP[] = { 0x1e,0x12,0x00,0x68,0x00,0x74,0x00,0x74,0x00,0x70,
1652 0x00,0x3a,0x00,0x2f,0x00,0x2f,0x22,0x6f,0x57,0x5b };
1653 static BYTE nihongoUTF8[] = { 0x0c,0x0d,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
1654 0xe2,0x89,0xaf,0xe5,0x9d,0x9b };
1655
1656 static struct UnicodeExpectedResult unicodeResults[] = {
1657 { CERT_RDN_NUMERIC_STRING, oneW, { sizeof(oneNumeric), oneNumeric } },
1658 { CERT_RDN_PRINTABLE_STRING, oneW, { sizeof(onePrintable), onePrintable } },
1659 { CERT_RDN_TELETEX_STRING, oneW, { sizeof(oneTeletex), oneTeletex } },
1660 { CERT_RDN_VIDEOTEX_STRING, oneW, { sizeof(oneVideotex), oneVideotex } },
1661 { CERT_RDN_IA5_STRING, oneW, { sizeof(oneIA5), oneIA5 } },
1662 { CERT_RDN_GRAPHIC_STRING, oneW, { sizeof(oneGraphic), oneGraphic } },
1663 { CERT_RDN_VISIBLE_STRING, oneW, { sizeof(oneVisible), oneVisible } },
1664 { CERT_RDN_UNIVERSAL_STRING, oneW, { sizeof(oneUniversal), oneUniversal } },
1665 { CERT_RDN_GENERAL_STRING, oneW, { sizeof(oneGeneral), oneGeneral } },
1666 { CERT_RDN_BMP_STRING, oneW, { sizeof(oneBMP), oneBMP } },
1667 { CERT_RDN_UTF8_STRING, oneW, { sizeof(oneUTF8), oneUTF8 } },
1668 { CERT_RDN_BMP_STRING, nihongoURL, { sizeof(nihongoBMP), nihongoBMP } },
1669 { CERT_RDN_UTF8_STRING, nihongoURL, { sizeof(nihongoUTF8), nihongoUTF8 } },
1670 };
1671
1672 static struct UnicodeExpectedResult unicodeWeirdness[] = {
1673 { CERT_RDN_TELETEX_STRING, nihongoURL, { sizeof(nihongoT61), nihongoT61 } },
1674 { CERT_RDN_GENERAL_STRING, nihongoURL, { sizeof(nihongoGeneral), nihongoGeneral } },
1675 };
1676
1677 static void test_encodeUnicodeNameValue(DWORD dwEncoding)
1678 {
1679 BYTE *buf = NULL;
1680 DWORD size = 0, i;
1681 BOOL ret;
1682 CERT_NAME_VALUE value;
1683
1684 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, NULL,
1685 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1686 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
1687 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
1688 /* Have to have a string of some sort */
1689 value.dwValueType = 0; /* aka CERT_RDN_ANY_TYPE */
1690 value.Value.pbData = NULL;
1691 value.Value.cbData = 0;
1692 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1693 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1694 ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1695 "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1696 value.dwValueType = CERT_RDN_ENCODED_BLOB;
1697 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1698 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1699 ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1700 "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1701 value.dwValueType = CERT_RDN_ANY_TYPE;
1702 value.Value.pbData = (LPBYTE)oneW;
1703 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1704 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1705 ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1706 "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1707 value.Value.cbData = sizeof(oneW);
1708 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1709 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1710 ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1711 "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1712 /* An encoded string with specified length isn't good enough either */
1713 value.dwValueType = CERT_RDN_ENCODED_BLOB;
1714 value.Value.pbData = oneUniversal;
1715 value.Value.cbData = sizeof(oneUniversal);
1716 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1717 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1718 ok(!ret && GetLastError() == CRYPT_E_NOT_CHAR_STRING,
1719 "Expected CRYPT_E_NOT_CHAR_STRING, got %08x\n", GetLastError());
1720 /* More failure checking */
1721 value.Value.cbData = 0;
1722 for (i = 0; i < sizeof(unicodeErrors) / sizeof(unicodeErrors[0]); i++)
1723 {
1724 value.Value.pbData = (LPBYTE)unicodeErrors[i].str;
1725 value.dwValueType = unicodeErrors[i].valueType;
1726 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1727 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1728 ok(!ret && GetLastError() == unicodeErrors[i].error,
1729 "Value type %d: expected %08x, got %08x\n", value.dwValueType,
1730 unicodeErrors[i].error, GetLastError());
1731 ok(size == unicodeErrors[i].errorIndex,
1732 "Expected error index %d, got %d\n", unicodeErrors[i].errorIndex,
1733 size);
1734 }
1735 /* cbData can be zero if the string is NULL-terminated */
1736 value.Value.cbData = 0;
1737 for (i = 0; i < sizeof(unicodeResults) / sizeof(unicodeResults[0]); i++)
1738 {
1739 value.Value.pbData = (LPBYTE)unicodeResults[i].str;
1740 value.dwValueType = unicodeResults[i].valueType;
1741 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1742 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1743 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1744 if (buf)
1745 {
1746 ok(size == unicodeResults[i].encoded.cbData,
1747 "Value type %d: expected size %d, got %d\n",
1748 value.dwValueType, unicodeResults[i].encoded.cbData, size);
1749 ok(!memcmp(unicodeResults[i].encoded.pbData, buf, size),
1750 "Value type %d: unexpected value\n", value.dwValueType);
1751 LocalFree(buf);
1752 }
1753 }
1754 /* These "encode," but they do so by truncating each unicode character
1755 * rather than properly encoding it. Kept separate from the proper results,
1756 * because the encoded forms won't decode to their original strings.
1757 */
1758 for (i = 0; i < sizeof(unicodeWeirdness) / sizeof(unicodeWeirdness[0]); i++)
1759 {
1760 value.Value.pbData = (LPBYTE)unicodeWeirdness[i].str;
1761 value.dwValueType = unicodeWeirdness[i].valueType;
1762 ret = pCryptEncodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE, &value,
1763 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1764 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1765 if (buf)
1766 {
1767 ok(size == unicodeWeirdness[i].encoded.cbData,
1768 "Value type %d: expected size %d, got %d\n",
1769 value.dwValueType, unicodeWeirdness[i].encoded.cbData, size);
1770 ok(!memcmp(unicodeWeirdness[i].encoded.pbData, buf, size),
1771 "Value type %d: unexpected value\n", value.dwValueType);
1772 LocalFree(buf);
1773 }
1774 }
1775 }
1776
1777 static inline int strncmpW( const WCHAR *str1, const WCHAR *str2, int n )
1778 {
1779 if (n <= 0) return 0;
1780 while ((--n > 0) && *str1 && (*str1 == *str2)) { str1++; str2++; }
1781 return *str1 - *str2;
1782 }
1783
1784 static void test_decodeUnicodeNameValue(DWORD dwEncoding)
1785 {
1786 DWORD i;
1787
1788 for (i = 0; i < sizeof(unicodeResults) / sizeof(unicodeResults[0]); i++)
1789 {
1790 BYTE *buf = NULL;
1791 BOOL ret;
1792 DWORD size = 0;
1793
1794 ret = pCryptDecodeObjectEx(dwEncoding, X509_UNICODE_NAME_VALUE,
1795 unicodeResults[i].encoded.pbData, unicodeResults[i].encoded.cbData,
1796 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
1797 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1798 if (ret && buf)
1799 {
1800 PCERT_NAME_VALUE value = (PCERT_NAME_VALUE)buf;
1801
1802 ok(value->dwValueType == unicodeResults[i].valueType,
1803 "Expected value type %d, got %d\n", unicodeResults[i].valueType,
1804 value->dwValueType);
1805 ok(!strncmpW((LPWSTR)value->Value.pbData, unicodeResults[i].str,
1806 value->Value.cbData / sizeof(WCHAR)),
1807 "Unexpected decoded value for index %d (value type %d)\n", i,
1808 unicodeResults[i].valueType);
1809 LocalFree(buf);
1810 }
1811 }
1812 }
1813
1814 struct encodedOctets
1815 {
1816 const BYTE *val;
1817 const BYTE *encoded;
1818 };
1819
1820 static const unsigned char bin46[] = { 'h','i',0 };
1821 static const unsigned char bin47[] = { 0x04,0x02,'h','i',0 };
1822 static const unsigned char bin48[] = {
1823 's','o','m','e','l','o','n','g',0xff,'s','t','r','i','n','g',0 };
1824 static const unsigned char bin49[] = {
1825 0x04,0x0f,'s','o','m','e','l','o','n','g',0xff,'s','t','r','i','n','g',0 };
1826 static const unsigned char bin50[] = { 0 };
1827 static const unsigned char bin51[] = { 0x04,0x00,0 };
1828
1829 static const struct encodedOctets octets[] = {
1830 { bin46, bin47 },
1831 { bin48, bin49 },
1832 { bin50, bin51 },
1833 };
1834
1835 static void test_encodeOctets(DWORD dwEncoding)
1836 {
1837 CRYPT_DATA_BLOB blob;
1838 DWORD i;
1839
1840 for (i = 0; i < sizeof(octets) / sizeof(octets[0]); i++)
1841 {
1842 BYTE *buf = NULL;
1843 BOOL ret;
1844 DWORD bufSize = 0;
1845
1846 blob.cbData = strlen((const char*)octets[i].val);
1847 blob.pbData = (BYTE*)octets[i].val;
1848 ret = pCryptEncodeObjectEx(dwEncoding, X509_OCTET_STRING, &blob,
1849 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1850 ok(ret, "CryptEncodeObjectEx failed: %d\n", GetLastError());
1851 if (buf)
1852 {
1853 ok(buf[0] == 4,
1854 "Got unexpected type %d for octet string (expected 4)\n", buf[0]);
1855 ok(buf[1] == octets[i].encoded[1], "Got length %d, expected %d\n",
1856 buf[1], octets[i].encoded[1]);
1857 ok(!memcmp(buf + 1, octets[i].encoded + 1,
1858 octets[i].encoded[1] + 1), "Got unexpected value\n");
1859 LocalFree(buf);
1860 }
1861 }
1862 }
1863
1864 static void test_decodeOctets(DWORD dwEncoding)
1865 {
1866 DWORD i;
1867
1868 for (i = 0; i < sizeof(octets) / sizeof(octets[0]); i++)
1869 {
1870 BYTE *buf = NULL;
1871 BOOL ret;
1872 DWORD bufSize = 0;
1873
1874 ret = pCryptDecodeObjectEx(dwEncoding, X509_OCTET_STRING,
1875 (BYTE *)octets[i].encoded, octets[i].encoded[1] + 2,
1876 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1877 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1878 ok(bufSize >= sizeof(CRYPT_DATA_BLOB) + octets[i].encoded[1],
1879 "Expected size >= %d, got %d\n",
1880 (int)sizeof(CRYPT_DATA_BLOB) + octets[i].encoded[1], bufSize);
1881 ok(buf != NULL, "Expected allocated buffer\n");
1882 if (buf)
1883 {
1884 CRYPT_DATA_BLOB *blob = (CRYPT_DATA_BLOB *)buf;
1885
1886 if (blob->cbData)
1887 ok(!memcmp(blob->pbData, octets[i].val, blob->cbData),
1888 "Unexpected value\n");
1889 LocalFree(buf);
1890 }
1891 }
1892 }
1893
1894 static const BYTE bytesToEncode[] = { 0xff, 0xff };
1895
1896 struct encodedBits
1897 {
1898 DWORD cUnusedBits;
1899 const BYTE *encoded;
1900 DWORD cbDecoded;
1901 const BYTE *decoded;
1902 };
1903
1904 static const unsigned char bin52[] = { 0x03,0x03,0x00,0xff,0xff };
1905 static const unsigned char bin53[] = { 0xff,0xff };
1906 static const unsigned char bin54[] = { 0x03,0x03,0x01,0xff,0xfe };
1907 static const unsigned char bin55[] = { 0xff,0xfe };
1908 static const unsigned char bin56[] = { 0x03,0x02,0x01,0xfe };
1909 static const unsigned char bin57[] = { 0xfe };
1910 static const unsigned char bin58[] = { 0x03,0x01,0x00 };
1911
1912 static const struct encodedBits bits[] = {
1913 /* normal test cases */
1914 { 0, bin52, 2, bin53 },
1915 { 1, bin54, 2, bin55 },
1916 /* strange test case, showing cUnusedBits >= 8 is allowed */
1917 { 9, bin56, 1, bin57 },
1918 /* even stranger test case, showing cUnusedBits > cbData * 8 is allowed */
1919 { 17, bin58, 0, NULL },
1920 };
1921
1922 static void test_encodeBits(DWORD dwEncoding)
1923 {
1924 DWORD i;
1925
1926 for (i = 0; i < sizeof(bits) / sizeof(bits[0]); i++)
1927 {
1928 CRYPT_BIT_BLOB blob;
1929 BOOL ret;
1930 BYTE *buf = NULL;
1931 DWORD bufSize = 0;
1932
1933 blob.cbData = sizeof(bytesToEncode);
1934 blob.pbData = (BYTE *)bytesToEncode;
1935 blob.cUnusedBits = bits[i].cUnusedBits;
1936 ret = pCryptEncodeObjectEx(dwEncoding, X509_BITS, &blob,
1937 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1938 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
1939 if (buf)
1940 {
1941 ok(bufSize == bits[i].encoded[1] + 2,
1942 "Got unexpected size %d, expected %d\n", bufSize,
1943 bits[i].encoded[1] + 2);
1944 ok(!memcmp(buf, bits[i].encoded, bits[i].encoded[1] + 2),
1945 "Unexpected value\n");
1946 LocalFree(buf);
1947 }
1948 }
1949 }
1950
1951 static void test_decodeBits(DWORD dwEncoding)
1952 {
1953 static const BYTE ber[] = "\x03\x02\x01\xff";
1954 static const BYTE berDecoded = 0xfe;
1955 DWORD i;
1956 BOOL ret;
1957 BYTE *buf = NULL;
1958 DWORD bufSize = 0;
1959
1960 /* normal cases */
1961 for (i = 0; i < sizeof(bits) / sizeof(bits[0]); i++)
1962 {
1963 ret = pCryptDecodeObjectEx(dwEncoding, X509_BITS, bits[i].encoded,
1964 bits[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
1965 &bufSize);
1966 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1967 if (buf)
1968 {
1969 CRYPT_BIT_BLOB *blob;
1970
1971 ok(bufSize >= sizeof(CRYPT_BIT_BLOB) + bits[i].cbDecoded,
1972 "Got unexpected size %d\n", bufSize);
1973 blob = (CRYPT_BIT_BLOB *)buf;
1974 ok(blob->cbData == bits[i].cbDecoded,
1975 "Got unexpected length %d, expected %d\n", blob->cbData,
1976 bits[i].cbDecoded);
1977 if (blob->cbData && bits[i].cbDecoded)
1978 ok(!memcmp(blob->pbData, bits[i].decoded, bits[i].cbDecoded),
1979 "Unexpected value\n");
1980 LocalFree(buf);
1981 }
1982 }
1983 /* special case: check that something that's valid in BER but not in DER
1984 * decodes successfully
1985 */
1986 ret = pCryptDecodeObjectEx(dwEncoding, X509_BITS, ber, ber[1] + 2,
1987 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
1988 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
1989 if (buf)
1990 {
1991 CRYPT_BIT_BLOB *blob;
1992
1993 ok(bufSize >= sizeof(CRYPT_BIT_BLOB) + sizeof(berDecoded),
1994 "Got unexpected size %d\n", bufSize);
1995 blob = (CRYPT_BIT_BLOB *)buf;
1996 ok(blob->cbData == sizeof(berDecoded),
1997 "Got unexpected length %d\n", blob->cbData);
1998 if (blob->cbData)
1999 ok(*blob->pbData == berDecoded, "Unexpected value\n");
2000 LocalFree(buf);
2001 }
2002 }
2003
2004 struct Constraints2
2005 {
2006 CERT_BASIC_CONSTRAINTS2_INFO info;
2007 const BYTE *encoded;
2008 };
2009
2010 static const unsigned char bin59[] = { 0x30,0x00 };
2011 static const unsigned char bin60[] = { 0x30,0x03,0x01,0x01,0xff };
2012 static const unsigned char bin61[] = { 0x30,0x03,0x02,0x01,0x00 };
2013 static const unsigned char bin62[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2014 static const struct Constraints2 constraints2[] = {
2015 /* empty constraints */
2016 { { FALSE, FALSE, 0}, bin59 },
2017 /* can be a CA */
2018 { { TRUE, FALSE, 0}, bin60 },
2019 /* has path length constraints set (MSDN implies fCA needs to be TRUE as well,
2020 * but that's not the case
2021 */
2022 { { FALSE, TRUE, 0}, bin61 },
2023 /* can be a CA and has path length constraints set */
2024 { { TRUE, TRUE, 1}, bin62 },
2025 };
2026
2027 static const BYTE emptyConstraint[] = { 0x30, 0x03, 0x03, 0x01, 0x00 };
2028 static const BYTE encodedDomainName[] = { 0x30, 0x2b, 0x31, 0x29, 0x30, 0x11,
2029 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16,
2030 0x03, 0x6f, 0x72, 0x67, 0x30, 0x14, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93,
2031 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x06, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71 };
2032 static const BYTE constraintWithDomainName[] = { 0x30, 0x32, 0x03, 0x01, 0x00,
2033 0x30, 0x2d, 0x30, 0x2b, 0x31, 0x29, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26,
2034 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x03, 0x6f, 0x72, 0x67, 0x30,
2035 0x14, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19,
2036 0x16, 0x06, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71 };
2037
2038 static void test_encodeBasicConstraints(DWORD dwEncoding)
2039 {
2040 DWORD i, bufSize = 0;
2041 CERT_BASIC_CONSTRAINTS_INFO info = { { 0 } };
2042 CERT_NAME_BLOB nameBlob = { sizeof(encodedDomainName),
2043 (LPBYTE)encodedDomainName };
2044 BOOL ret;
2045 BYTE *buf = NULL;
2046
2047 /* First test with the simpler info2 */
2048 for (i = 0; i < sizeof(constraints2) / sizeof(constraints2[0]); i++)
2049 {
2050 ret = pCryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2051 &constraints2[i].info, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
2052 &bufSize);
2053 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2054 if (buf)
2055 {
2056 ok(bufSize == constraints2[i].encoded[1] + 2,
2057 "Expected %d bytes, got %d\n", constraints2[i].encoded[1] + 2,
2058 bufSize);
2059 ok(!memcmp(buf, constraints2[i].encoded,
2060 constraints2[i].encoded[1] + 2), "Unexpected value\n");
2061 LocalFree(buf);
2062 }
2063 }
2064 /* Now test with more complex basic constraints */
2065 info.SubjectType.cbData = 0;
2066 info.fPathLenConstraint = FALSE;
2067 info.cSubtreesConstraint = 0;
2068 ret = pCryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS, &info,
2069 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2070 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2071 if (buf)
2072 {
2073 ok(bufSize == sizeof(emptyConstraint), "Wrong size %d\n", bufSize);
2074 ok(!memcmp(buf, emptyConstraint, sizeof(emptyConstraint)),
2075 "Unexpected value\n");
2076 LocalFree(buf);
2077 }
2078 /* None of the certs I examined had any subtree constraint, but I test one
2079 * anyway just in case.
2080 */
2081 info.cSubtreesConstraint = 1;
2082 info.rgSubtreesConstraint = &nameBlob;
2083 ret = pCryptEncodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS, &info,
2084 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2085 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2086 if (buf)
2087 {
2088 ok(bufSize == sizeof(constraintWithDomainName), "Wrong size %d\n", bufSize);
2089 ok(!memcmp(buf, constraintWithDomainName,
2090 sizeof(constraintWithDomainName)), "Unexpected value\n");
2091 LocalFree(buf);
2092 }
2093 /* FIXME: test encoding with subject type. */
2094 }
2095
2096 static const unsigned char bin63[] = { 0x30,0x06,0x01,0x01,0x01,0x02,0x01,0x01 };
2097
2098 static void test_decodeBasicConstraints(DWORD dwEncoding)
2099 {
2100 static const BYTE inverted[] = { 0x30, 0x06, 0x02, 0x01, 0x01, 0x01, 0x01,
2101 0xff };
2102 static const struct Constraints2 badBool = { { TRUE, TRUE, 1 }, bin63 };
2103 DWORD i;
2104 BOOL ret;
2105 BYTE *buf = NULL;
2106 DWORD bufSize = 0;
2107
2108 /* First test with simpler info2 */
2109 for (i = 0; i < sizeof(constraints2) / sizeof(constraints2[0]); i++)
2110 {
2111 ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2112 constraints2[i].encoded, constraints2[i].encoded[1] + 2,
2113 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2114 ok(ret, "CryptDecodeObjectEx failed for item %d: %08x\n", i,
2115 GetLastError());
2116 if (buf)
2117 {
2118 CERT_BASIC_CONSTRAINTS2_INFO *info =
2119 (CERT_BASIC_CONSTRAINTS2_INFO *)buf;
2120
2121 ok(!memcmp(info, &constraints2[i].info, sizeof(*info)),
2122 "Unexpected value for item %d\n", i);
2123 LocalFree(buf);
2124 }
2125 }
2126 /* Check with the order of encoded elements inverted */
2127 buf = (PBYTE)1;
2128 ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2129 inverted, inverted[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
2130 &bufSize);
2131 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
2132 "Expected CRYPT_E_ASN1_CORRUPT, got %08x\n", GetLastError());
2133 ok(!buf, "Expected buf to be set to NULL\n");
2134 /* Check with a non-DER bool */
2135 ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2136 badBool.encoded, badBool.encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
2137 (BYTE *)&buf, &bufSize);
2138 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2139 if (buf)
2140 {
2141 CERT_BASIC_CONSTRAINTS2_INFO *info =
2142 (CERT_BASIC_CONSTRAINTS2_INFO *)buf;
2143
2144 ok(!memcmp(info, &badBool.info, sizeof(*info)), "Unexpected value\n");
2145 LocalFree(buf);
2146 }
2147 /* Check with a non-basic constraints value */
2148 ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS2,
2149 (LPBYTE)encodedCommonName, encodedCommonName[1] + 2,
2150 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2151 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
2152 "Expected CRYPT_E_ASN1_CORRUPT, got %08x\n", GetLastError());
2153 /* Now check with the more complex CERT_BASIC_CONSTRAINTS_INFO */
2154 ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS,
2155 emptyConstraint, sizeof(emptyConstraint), CRYPT_DECODE_ALLOC_FLAG, NULL,
2156 (BYTE *)&buf, &bufSize);
2157 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2158 if (buf)
2159 {
2160 CERT_BASIC_CONSTRAINTS_INFO *info = (CERT_BASIC_CONSTRAINTS_INFO *)buf;
2161
2162 ok(info->SubjectType.cbData == 0, "Expected no subject type\n");
2163 ok(!info->fPathLenConstraint, "Expected no path length constraint\n");
2164 ok(info->cSubtreesConstraint == 0, "Expected no subtree constraints\n");
2165 LocalFree(buf);
2166 }
2167 ret = pCryptDecodeObjectEx(dwEncoding, X509_BASIC_CONSTRAINTS,
2168 constraintWithDomainName, sizeof(constraintWithDomainName),
2169 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2170 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2171 if (buf)
2172 {
2173 CERT_BASIC_CONSTRAINTS_INFO *info = (CERT_BASIC_CONSTRAINTS_INFO *)buf;
2174
2175 ok(info->SubjectType.cbData == 0, "Expected no subject type\n");
2176 ok(!info->fPathLenConstraint, "Expected no path length constraint\n");
2177 ok(info->cSubtreesConstraint == 1, "Expected a subtree constraint\n");
2178 if (info->cSubtreesConstraint && info->rgSubtreesConstraint)
2179 {
2180 ok(info->rgSubtreesConstraint[0].cbData ==
2181 sizeof(encodedDomainName), "Wrong size %d\n",
2182 info->rgSubtreesConstraint[0].cbData);
2183 ok(!memcmp(info->rgSubtreesConstraint[0].pbData, encodedDomainName,
2184 sizeof(encodedDomainName)), "Unexpected value\n");
2185 }
2186 LocalFree(buf);
2187 }
2188 }
2189
2190 /* These are terrible public keys of course, I'm just testing encoding */
2191 static const BYTE modulus1[] = { 0,0,0,1,1,1,1,1 };
2192 static const BYTE modulus2[] = { 1,1,1,1,1,0,0,0 };
2193 static const BYTE modulus3[] = { 0x80,1,1,1,1,0,0,0 };
2194 static const BYTE modulus4[] = { 1,1,1,1,1,0,0,0x80 };
2195 static const BYTE mod1_encoded[] = { 0x30,0x0f,0x02,0x08,0x01,0x01,0x01,0x01,0x01,0x00,0x00,0x00,0x02,0x03,0x01,0x00,0x01 };
2196 static const BYTE mod2_encoded[] = { 0x30,0x0c,0x02,0x05,0x01,0x01,0x01,0x01,0x01,0x02,0x03,0x01,0x00,0x01 };
2197 static const BYTE mod3_encoded[] = { 0x30,0x0c,0x02,0x05,0x01,0x01,0x01,0x01,0x80,0x02,0x03,0x01,0x00,0x01 };
2198 static const BYTE mod4_encoded[] = { 0x30,0x10,0x02,0x09,0x00,0x80,0x00,0x00,0x01,0x01,0x01,0x01,0x01,0x02,0x03,0x01,0x00,0x01 };
2199
2200 struct EncodedRSAPubKey
2201 {
2202 const BYTE *modulus;
2203 size_t modulusLen;
2204 const BYTE *encoded;
2205 size_t decodedModulusLen;
2206 };
2207
2208 struct EncodedRSAPubKey rsaPubKeys[] = {
2209 { modulus1, sizeof(modulus1), mod1_encoded, sizeof(modulus1) },
2210 { modulus2, sizeof(modulus2), mod2_encoded, 5 },
2211 { modulus3, sizeof(modulus3), mod3_encoded, 5 },
2212 { modulus4, sizeof(modulus4), mod4_encoded, 8 },
2213 };
2214
2215 static void test_encodeRsaPublicKey(DWORD dwEncoding)
2216 {
2217 BYTE toEncode[sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + sizeof(modulus1)];
2218 BLOBHEADER *hdr = (BLOBHEADER *)toEncode;
2219 RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(toEncode + sizeof(BLOBHEADER));
2220 BOOL ret;
2221 BYTE *buf = NULL;
2222 DWORD bufSize = 0, i;
2223
2224 /* Try with a bogus blob type */
2225 hdr->bType = 2;
2226 hdr->bVersion = CUR_BLOB_VERSION;
2227 hdr->reserved = 0;
2228 hdr->aiKeyAlg = CALG_RSA_KEYX;
2229 rsaPubKey->magic = 0x31415352;
2230 rsaPubKey->bitlen = sizeof(modulus1) * 8;
2231 rsaPubKey->pubexp = 65537;
2232 memcpy(toEncode + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY), modulus1,
2233 sizeof(modulus1));
2234
2235 ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2236 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
2237 &bufSize);
2238 ok(!ret && GetLastError() == E_INVALIDARG,
2239 "Expected E_INVALIDARG, got %08x\n", GetLastError());
2240 /* Now with a bogus reserved field */
2241 hdr->bType = PUBLICKEYBLOB;
2242 hdr->reserved = 1;
2243 ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2244 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
2245 &bufSize);
2246 if (buf)
2247 {
2248 ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
2249 "Expected size %d, got %d\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
2250 ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
2251 LocalFree(buf);
2252 }
2253 /* Now with a bogus blob version */
2254 hdr->reserved = 0;
2255 hdr->bVersion = 0;
2256 ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2257 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
2258 &bufSize);
2259 if (buf)
2260 {
2261 ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
2262 "Expected size %d, got %d\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
2263 ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
2264 LocalFree(buf);
2265 }
2266 /* And with a bogus alg ID */
2267 hdr->bVersion = CUR_BLOB_VERSION;
2268 hdr->aiKeyAlg = CALG_DES;
2269 ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2270 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
2271 &bufSize);
2272 if (buf)
2273 {
2274 ok(bufSize == rsaPubKeys[0].encoded[1] + 2,
2275 "Expected size %d, got %d\n", rsaPubKeys[0].encoded[1] + 2, bufSize);
2276 ok(!memcmp(buf, rsaPubKeys[0].encoded, bufSize), "Unexpected value\n");
2277 LocalFree(buf);
2278 }
2279 /* Check a couple of RSA-related OIDs */
2280 hdr->aiKeyAlg = CALG_RSA_KEYX;
2281 ret = pCryptEncodeObjectEx(dwEncoding, szOID_RSA_RSA,
2282 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2283 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2284 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2285 ret = pCryptEncodeObjectEx(dwEncoding, szOID_RSA_SHA1RSA,
2286 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2287 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2288 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2289 /* Finally, all valid */
2290 hdr->aiKeyAlg = CALG_RSA_KEYX;
2291 for (i = 0; i < sizeof(rsaPubKeys) / sizeof(rsaPubKeys[0]); i++)
2292 {
2293 memcpy(toEncode + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY),
2294 rsaPubKeys[i].modulus, rsaPubKeys[i].modulusLen);
2295 ret = pCryptEncodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2296 toEncode, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2297 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2298 if (buf)
2299 {
2300 ok(bufSize == rsaPubKeys[i].encoded[1] + 2,
2301 "Expected size %d, got %d\n", rsaPubKeys[i].encoded[1] + 2,
2302 bufSize);
2303 ok(!memcmp(buf, rsaPubKeys[i].encoded, bufSize),
2304 "Unexpected value\n");
2305 LocalFree(buf);
2306 }
2307 }
2308 }
2309
2310 static void test_decodeRsaPublicKey(DWORD dwEncoding)
2311 {
2312 DWORD i;
2313 LPBYTE buf = NULL;
2314 DWORD bufSize = 0;
2315 BOOL ret;
2316
2317 /* Try with a bad length */
2318 ret = pCryptDecodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2319 rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1],
2320 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2321 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
2322 "Expected CRYPT_E_ASN1_EOD, got %08x\n", CRYPT_E_ASN1_EOD);
2323 /* Try with a couple of RSA-related OIDs */
2324 ret = pCryptDecodeObjectEx(dwEncoding, szOID_RSA_RSA,
2325 rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1] + 2,
2326 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2327 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2328 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2329 ret = pCryptDecodeObjectEx(dwEncoding, szOID_RSA_SHA1RSA,
2330 rsaPubKeys[0].encoded, rsaPubKeys[0].encoded[1] + 2,
2331 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2332 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
2333 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
2334 /* Now try success cases */
2335 for (i = 0; i < sizeof(rsaPubKeys) / sizeof(rsaPubKeys[0]); i++)
2336 {
2337 bufSize = 0;
2338 ret = pCryptDecodeObjectEx(dwEncoding, RSA_CSP_PUBLICKEYBLOB,
2339 rsaPubKeys[i].encoded, rsaPubKeys[i].encoded[1] + 2,
2340 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2341 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2342 if (buf)
2343 {
2344 BLOBHEADER *hdr = (BLOBHEADER *)buf;
2345 RSAPUBKEY *rsaPubKey = (RSAPUBKEY *)(buf + sizeof(BLOBHEADER));
2346
2347 ok(bufSize >= sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) +
2348 rsaPubKeys[i].decodedModulusLen,
2349 "Wrong size %d\n", bufSize);
2350 ok(hdr->bType == PUBLICKEYBLOB,
2351 "Expected type PUBLICKEYBLOB (%d), got %d\n", PUBLICKEYBLOB,
2352 hdr->bType);
2353 ok(hdr->bVersion == CUR_BLOB_VERSION,
2354 "Expected version CUR_BLOB_VERSION (%d), got %d\n",
2355 CUR_BLOB_VERSION, hdr->bVersion);
2356 ok(hdr->reserved == 0, "Expected reserved 0, got %d\n",
2357 hdr->reserved);
2358 ok(hdr->aiKeyAlg == CALG_RSA_KEYX,
2359 "Expected CALG_RSA_KEYX, got %08x\n", hdr->aiKeyAlg);
2360 ok(rsaPubKey->magic == 0x31415352,
2361 "Expected magic RSA1, got %08x\n", rsaPubKey->magic);
2362 ok(rsaPubKey->bitlen == rsaPubKeys[i].decodedModulusLen * 8,
2363 "Wrong bit len %d\n", rsaPubKey->bitlen);
2364 ok(rsaPubKey->pubexp == 65537, "Expected pubexp 65537, got %d\n",
2365 rsaPubKey->pubexp);
2366 ok(!memcmp(buf + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY),
2367 rsaPubKeys[i].modulus, rsaPubKeys[i].decodedModulusLen),
2368 "Unexpected modulus\n");
2369 LocalFree(buf);
2370 }
2371 }
2372 }
2373
2374 static const BYTE intSequence[] = { 0x30, 0x1b, 0x02, 0x01, 0x01, 0x02, 0x01,
2375 0x7f, 0x02, 0x02, 0x00, 0x80, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x80, 0x02,
2376 0x02, 0xff, 0x7f, 0x02, 0x04, 0xba, 0xdd, 0xf0, 0x0d };
2377
2378 static const BYTE mixedSequence[] = { 0x30, 0x27, 0x17, 0x0d, 0x30, 0x35, 0x30,
2379 0x36, 0x30, 0x36, 0x31, 0x36, 0x31, 0x30, 0x30, 0x30, 0x5a, 0x02, 0x01, 0x7f,
2380 0x02, 0x02, 0x00, 0x80, 0x02, 0x02, 0x01, 0x00, 0x02, 0x01, 0x80, 0x02, 0x02,
2381 0xff, 0x7f, 0x02, 0x04, 0xba, 0xdd, 0xf0, 0x0d };
2382
2383 static void test_encodeSequenceOfAny(DWORD dwEncoding)
2384 {
2385 CRYPT_DER_BLOB blobs[sizeof(ints) / sizeof(ints[0])];
2386 CRYPT_SEQUENCE_OF_ANY seq;
2387 DWORD i;
2388 BOOL ret;
2389 BYTE *buf = NULL;
2390 DWORD bufSize = 0;
2391
2392 /* Encode a homogeneous sequence */
2393 for (i = 0; i < sizeof(ints) / sizeof(ints[0]); i++)
2394 {
2395 blobs[i].cbData = ints[i].encoded[1] + 2;
2396 blobs[i].pbData = (BYTE *)ints[i].encoded;
2397 }
2398 seq.cValue = sizeof(ints) / sizeof(ints[0]);
2399 seq.rgValue = blobs;
2400
2401 ret = pCryptEncodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, &seq,
2402 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2403 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2404 if (buf)
2405 {
2406 ok(bufSize == sizeof(intSequence), "Wrong size %d\n", bufSize);
2407 ok(!memcmp(buf, intSequence, intSequence[1] + 2), "Unexpected value\n");
2408 LocalFree(buf);
2409 }
2410 /* Change the type of the first element in the sequence, and give it
2411 * another go
2412 */
2413 blobs[0].cbData = times[0].encodedTime[1] + 2;
2414 blobs[0].pbData = (BYTE *)times[0].encodedTime;
2415 ret = pCryptEncodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, &seq,
2416 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2417 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2418 if (buf)
2419 {
2420 ok(bufSize == sizeof(mixedSequence), "Wrong size %d\n", bufSize);
2421 ok(!memcmp(buf, mixedSequence, mixedSequence[1] + 2),
2422 "Unexpected value\n");
2423 LocalFree(buf);
2424 }
2425 }
2426
2427 static void test_decodeSequenceOfAny(DWORD dwEncoding)
2428 {
2429 BOOL ret;
2430 BYTE *buf = NULL;
2431 DWORD bufSize = 0;
2432
2433 ret = pCryptDecodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, intSequence,
2434 intSequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2435 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2436 if (buf)
2437 {
2438 CRYPT_SEQUENCE_OF_ANY *seq = (CRYPT_SEQUENCE_OF_ANY *)buf;
2439 DWORD i;
2440
2441 ok(seq->cValue == sizeof(ints) / sizeof(ints[0]),
2442 "Wrong elements %d\n", seq->cValue);
2443 for (i = 0; i < min(seq->cValue, sizeof(ints) / sizeof(ints[0])); i++)
2444 {
2445 ok(seq->rgValue[i].cbData == ints[i].encoded[1] + 2,
2446 "Expected %d bytes, got %d\n", ints[i].encoded[1] + 2,
2447 seq->rgValue[i].cbData);
2448 ok(!memcmp(seq->rgValue[i].pbData, ints[i].encoded,
2449 ints[i].encoded[1] + 2), "Unexpected value\n");
2450 }
2451 LocalFree(buf);
2452 }
2453 ret = pCryptDecodeObjectEx(dwEncoding, X509_SEQUENCE_OF_ANY, mixedSequence,
2454 mixedSequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
2455 &bufSize);
2456 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2457 if (buf)
2458 {
2459 CRYPT_SEQUENCE_OF_ANY *seq = (CRYPT_SEQUENCE_OF_ANY *)buf;
2460
2461 ok(seq->cValue == sizeof(ints) / sizeof(ints[0]),
2462 "Wrong elements %d\n", seq->cValue);
2463 /* Just check the first element since it's all that changed */
2464 ok(seq->rgValue[0].cbData == times[0].encodedTime[1] + 2,
2465 "Expected %d bytes, got %d\n", times[0].encodedTime[1] + 2,
2466 seq->rgValue[0].cbData);
2467 ok(!memcmp(seq->rgValue[0].pbData, times[0].encodedTime,
2468 times[0].encodedTime[1] + 2), "Unexpected value\n");
2469 LocalFree(buf);
2470 }
2471 }
2472
2473 struct encodedExtensions
2474 {
2475 CERT_EXTENSIONS exts;
2476 const BYTE *encoded;
2477 };
2478
2479 static BYTE crit_ext_data[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2480 static BYTE noncrit_ext_data[] = { 0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2481 static CHAR oid_basic_constraints2[] = szOID_BASIC_CONSTRAINTS2;
2482 static CERT_EXTENSION criticalExt =
2483 { oid_basic_constraints2, TRUE, { 8, crit_ext_data } };
2484 static CERT_EXTENSION nonCriticalExt =
2485 { oid_basic_constraints2, FALSE, { 8, noncrit_ext_data } };
2486
2487 static const BYTE ext0[] = { 0x30,0x00 };
2488 static const BYTE ext1[] = { 0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
2489 0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2490 static const BYTE ext2[] = { 0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,0x04,
2491 0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2492
2493 static const struct encodedExtensions exts[] = {
2494 { { 0, NULL }, ext0 },
2495 { { 1, &criticalExt }, ext1 },
2496 { { 1, &nonCriticalExt }, ext2 },
2497 };
2498
2499 static void test_encodeExtensions(DWORD dwEncoding)
2500 {
2501 DWORD i;
2502
2503 for (i = 0; i < sizeof(exts) / sizeof(exts[i]); i++)
2504 {
2505 BOOL ret;
2506 BYTE *buf = NULL;
2507 DWORD bufSize = 0;
2508
2509 ret = pCryptEncodeObjectEx(dwEncoding, X509_EXTENSIONS, &exts[i].exts,
2510 CRYPT_ENCODE_ALLOC_FLAG, NULL, &buf, &bufSize);
2511 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2512 if (buf)
2513 {
2514 ok(bufSize == exts[i].encoded[1] + 2,
2515 "Expected %d bytes, got %d\n", exts[i].encoded[1] + 2, bufSize);
2516 ok(!memcmp(buf, exts[i].encoded, exts[i].encoded[1] + 2),
2517 "Unexpected value\n");
2518 LocalFree(buf);
2519 }
2520 }
2521 }
2522
2523 static void test_decodeExtensions(DWORD dwEncoding)
2524 {
2525 DWORD i;
2526
2527 for (i = 0; i < sizeof(exts) / sizeof(exts[i]); i++)
2528 {
2529 BOOL ret;
2530 BYTE *buf = NULL;
2531 DWORD bufSize = 0;
2532
2533 ret = pCryptDecodeObjectEx(dwEncoding, X509_EXTENSIONS,
2534 exts[i].encoded, exts[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2535 NULL, (BYTE *)&buf, &bufSize);
2536 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2537 if (buf)
2538 {
2539 CERT_EXTENSIONS *ext = (CERT_EXTENSIONS *)buf;
2540 DWORD j;
2541
2542 ok(ext->cExtension == exts[i].exts.cExtension,
2543 "Expected %d extensions, see %d\n", exts[i].exts.cExtension,
2544 ext->cExtension);
2545 for (j = 0; j < min(ext->cExtension, exts[i].exts.cExtension); j++)
2546 {
2547 ok(!strcmp(ext->rgExtension[j].pszObjId,
2548 exts[i].exts.rgExtension[j].pszObjId),
2549 "Expected OID %s, got %s\n",
2550 exts[i].exts.rgExtension[j].pszObjId,
2551 ext->rgExtension[j].pszObjId);
2552 ok(!memcmp(ext->rgExtension[j].Value.pbData,
2553 exts[i].exts.rgExtension[j].Value.pbData,
2554 exts[i].exts.rgExtension[j].Value.cbData),
2555 "Unexpected value\n");
2556 }
2557 LocalFree(buf);
2558 }
2559 }
2560 }
2561
2562 /* MS encodes public key info with a NULL if the algorithm identifier's
2563 * parameters are empty. However, when encoding an algorithm in a CERT_INFO,
2564 * it encodes them by omitting the algorithm parameters. This latter approach
2565 * seems more correct, so accept either form.
2566 */
2567 struct encodedPublicKey
2568 {
2569 CERT_PUBLIC_KEY_INFO info;
2570 const BYTE *encoded;
2571 const BYTE *encodedNoNull;
2572 CERT_PUBLIC_KEY_INFO decoded;
2573 };
2574
2575 static const BYTE aKey[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd,
2576 0xe, 0xf };
2577 static const BYTE params[] = { 0x02, 0x01, 0x01 };
2578
2579 static const unsigned char bin64[] = {
2580 0x30,0x0b,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x03,0x01,0x00};
2581 static const unsigned char bin65[] = {
2582 0x30,0x09,0x30,0x04,0x06,0x02,0x2a,0x03,0x03,0x01,0x00};
2583 static const unsigned char bin66[] = {
2584 0x30,0x0f,0x30,0x0a,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x05,0x00,0x03,0x01,0x00};
2585 static const unsigned char bin67[] = {
2586 0x30,0x0d,0x30,0x08,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x03,0x01,0x00};
2587 static const unsigned char bin68[] = {
2588 0x30,0x1f,0x30,0x0a,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x05,0x00,0x03,0x11,0x00,0x00,0x01,
2589 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
2590 static const unsigned char bin69[] = {
2591 0x30,0x1d,0x30,0x08,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x03,0x11,0x00,0x00,0x01,
2592 0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
2593 static const unsigned char bin70[] = {
2594 0x30,0x20,0x30,0x0b,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x01,0x01,
2595 0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,
2596 0x0f};
2597 static const unsigned char bin71[] = {
2598 0x30,0x20,0x30,0x0b,0x06,0x06,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x01,0x01,
2599 0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,
2600 0x0f};
2601 static unsigned char bin72[] = { 0x05,0x00};
2602
2603 static CHAR oid_bogus[] = "1.2.3",
2604 oid_rsa[] = szOID_RSA;
2605
2606 static const struct encodedPublicKey pubKeys[] = {
2607 /* with a bogus OID */
2608 { { { oid_bogus, { 0, NULL } }, { 0, NULL, 0 } },
2609 bin64, bin65,
2610 { { oid_bogus, { 2, bin72 } }, { 0, NULL, 0 } } },
2611 /* some normal keys */
2612 { { { oid_rsa, { 0, NULL } }, { 0, NULL, 0} },
2613 bin66, bin67,
2614 { { oid_rsa, { 2, bin72 } }, { 0, NULL, 0 } } },
2615 { { { oid_rsa, { 0, NULL } }, { sizeof(aKey), (BYTE *)aKey, 0} },
2616 bin68, bin69,
2617 { { oid_rsa, { 2, bin72 } }, { sizeof(aKey), (BYTE *)aKey, 0} } },
2618 /* with add'l parameters--note they must be DER-encoded */
2619 { { { oid_rsa, { sizeof(params), (BYTE *)params } }, { sizeof(aKey),
2620 (BYTE *)aKey, 0 } },
2621 bin70, bin71,
2622 { { oid_rsa, { sizeof(params), (BYTE *)params } }, { sizeof(aKey),
2623 (BYTE *)aKey, 0 } } },
2624 };
2625
2626 static void test_encodePublicKeyInfo(DWORD dwEncoding)
2627 {
2628 DWORD i;
2629
2630 for (i = 0; i < sizeof(pubKeys) / sizeof(pubKeys[0]); i++)
2631 {
2632 BOOL ret;
2633 BYTE *buf = NULL;
2634 DWORD bufSize = 0;
2635
2636 ret = pCryptEncodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2637 &pubKeys[i].info, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
2638 &bufSize);
2639 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2640 if (buf)
2641 {
2642 ok(bufSize == pubKeys[i].encoded[1] + 2 ||
2643 bufSize == pubKeys[i].encodedNoNull[1] + 2,
2644 "Expected %d or %d bytes, got %d\n", pubKeys[i].encoded[1] + 2,
2645 pubKeys[i].encodedNoNull[1] + 2, bufSize);
2646 if (bufSize == pubKeys[i].encoded[1] + 2)
2647 ok(!memcmp(buf, pubKeys[i].encoded, pubKeys[i].encoded[1] + 2),
2648 "Unexpected value\n");
2649 else if (bufSize == pubKeys[i].encodedNoNull[1] + 2)
2650 ok(!memcmp(buf, pubKeys[i].encodedNoNull,
2651 pubKeys[i].encodedNoNull[1] + 2), "Unexpected value\n");
2652 LocalFree(buf);
2653 }
2654 }
2655 }
2656
2657 static void comparePublicKeyInfo(const CERT_PUBLIC_KEY_INFO *expected,
2658 const CERT_PUBLIC_KEY_INFO *got)
2659 {
2660 ok(!strcmp(expected->Algorithm.pszObjId, got->Algorithm.pszObjId),
2661 "Expected OID %s, got %s\n", expected->Algorithm.pszObjId,
2662 got->Algorithm.pszObjId);
2663 ok(expected->Algorithm.Parameters.cbData ==
2664 got->Algorithm.Parameters.cbData,
2665 "Expected parameters of %d bytes, got %d\n",
2666 expected->Algorithm.Parameters.cbData, got->Algorithm.Parameters.cbData);
2667 if (expected->Algorithm.Parameters.cbData)
2668 ok(!memcmp(expected->Algorithm.Parameters.pbData,
2669 got->Algorithm.Parameters.pbData, got->Algorithm.Parameters.cbData),
2670 "Unexpected algorithm parameters\n");
2671 ok(expected->PublicKey.cbData == got->PublicKey.cbData,
2672 "Expected public key of %d bytes, got %d\n",
2673 expected->PublicKey.cbData, got->PublicKey.cbData);
2674 if (expected->PublicKey.cbData)
2675 ok(!memcmp(expected->PublicKey.pbData, got->PublicKey.pbData,
2676 got->PublicKey.cbData), "Unexpected public key value\n");
2677 }
2678
2679 static void test_decodePublicKeyInfo(DWORD dwEncoding)
2680 {
2681 static const BYTE bogusPubKeyInfo[] = { 0x30, 0x22, 0x30, 0x0d, 0x06, 0x06,
2682 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x01, 0x01, 0x03,
2683 0x11, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
2684 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
2685 DWORD i;
2686 BOOL ret;
2687 BYTE *buf = NULL;
2688 DWORD bufSize = 0;
2689
2690 for (i = 0; i < sizeof(pubKeys) / sizeof(pubKeys[0]); i++)
2691 {
2692 /* The NULL form decodes to the decoded member */
2693 ret = pCryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2694 pubKeys[i].encoded, pubKeys[i].encoded[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2695 NULL, (BYTE *)&buf, &bufSize);
2696 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2697 if (buf)
2698 {
2699 comparePublicKeyInfo(&pubKeys[i].decoded,
2700 (CERT_PUBLIC_KEY_INFO *)buf);
2701 LocalFree(buf);
2702 }
2703 /* The non-NULL form decodes to the original */
2704 ret = pCryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2705 pubKeys[i].encodedNoNull, pubKeys[i].encodedNoNull[1] + 2,
2706 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
2707 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2708 if (buf)
2709 {
2710 comparePublicKeyInfo(&pubKeys[i].info, (CERT_PUBLIC_KEY_INFO *)buf);
2711 LocalFree(buf);
2712 }
2713 }
2714 /* Test with bogus (not valid DER) parameters */
2715 ret = pCryptDecodeObjectEx(dwEncoding, X509_PUBLIC_KEY_INFO,
2716 bogusPubKeyInfo, bogusPubKeyInfo[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
2717 NULL, (BYTE *)&buf, &bufSize);
2718 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
2719 "Expected CRYPT_E_ASN1_CORRUPT, got %08x\n", GetLastError());
2720 }
2721
2722 static const BYTE v1Cert[] = { 0x30, 0x33, 0x02, 0x00, 0x30, 0x02, 0x06, 0x00,
2723 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
2724 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30,
2725 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x07, 0x30,
2726 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
2727 static const BYTE v2Cert[] = { 0x30, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x01, 0x02,
2728 0x00, 0x30, 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
2729 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f,
2730 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
2731 0x30, 0x5a, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
2732 static const BYTE v3Cert[] = { 0x30, 0x38, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
2733 0x00, 0x30, 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31,
2734 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f,
2735 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
2736 0x30, 0x5a, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00 };
2737 static const BYTE v1CertWithConstraints[] = { 0x30, 0x4b, 0x02, 0x00, 0x30,
2738 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31,
2739 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36,
2740 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
2741 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14,
2742 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
2743 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
2744 static const BYTE v1CertWithSerial[] = { 0x30, 0x4c, 0x02, 0x01, 0x01, 0x30,
2745 0x02, 0x06, 0x00, 0x30, 0x22, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31,
2746 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36,
2747 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
2748 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3, 0x16, 0x30, 0x14,
2749 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
2750 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
2751 static const BYTE bigCert[] = { 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
2752 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
2753 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22,
2754 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30,
2755 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30,
2756 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30,
2757 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20,
2758 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01,
2759 0x00, 0xa3, 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
2760 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01 };
2761 static const BYTE v1CertWithPubKey[] = {
2762 0x30,0x81,0x95,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
2763 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
2764 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
2765 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
2766 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
2767 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
2768 0x67,0x00,0x30,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
2769 0x01,0x01,0x05,0x00,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
2770 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,
2771 0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,
2772 0x01,0x01 };
2773 static const BYTE v1CertWithPubKeyNoNull[] = {
2774 0x30,0x81,0x93,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,
2775 0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,
2776 0x6e,0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,
2777 0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
2778 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,
2779 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
2780 0x67,0x00,0x30,0x20,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,
2781 0x01,0x01,0x03,0x11,0x00,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
2782 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,
2783 0x1d,0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
2784 static const BYTE v1CertWithSubjectKeyId[] = {
2785 0x30,0x7b,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
2786 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
2787 0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
2788 0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
2789 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
2790 0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
2791 0x00,0x30,0x07,0x30,0x02,0x06,0x00,0x03,0x01,0x00,0xa3,0x17,0x30,0x15,0x30,
2792 0x13,0x06,0x03,0x55,0x1d,0x0e,0x04,0x0c,0x04,0x0a,0x4a,0x75,0x61,0x6e,0x20,
2793 0x4c,0x61,0x6e,0x67,0x00 };
2794
2795 static const BYTE serialNum[] = { 0x01 };
2796
2797 static void test_encodeCertToBeSigned(DWORD dwEncoding)
2798 {
2799 BOOL ret;
2800 BYTE *buf = NULL;
2801 DWORD size = 0;
2802 CERT_INFO info = { 0 };
2803 static char oid_rsa_rsa[] = szOID_RSA_RSA;
2804 static char oid_subject_key_identifier[] = szOID_SUBJECT_KEY_IDENTIFIER;
2805 CERT_EXTENSION ext;
2806
2807 /* Test with NULL pvStructInfo */
2808 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL,
2809 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2810 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
2811 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
2812 /* Test with a V1 cert */
2813 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2814 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2815 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2816 if (buf)
2817 {
2818 ok(size == v1Cert[1] + 2, "Expected size %d, got %d\n",
2819 v1Cert[1] + 2, size);
2820 ok(!memcmp(buf, v1Cert, size), "Got unexpected value\n");
2821 LocalFree(buf);
2822 }
2823 /* Test v2 cert */
2824 info.dwVersion = CERT_V2;
2825 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2826 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2827 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2828 if (buf)
2829 {
2830 ok(size == sizeof(v2Cert), "Wrong size %d\n", size);
2831 ok(!memcmp(buf, v2Cert, size), "Got unexpected value\n");
2832 LocalFree(buf);
2833 }
2834 /* Test v3 cert */
2835 info.dwVersion = CERT_V3;
2836 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2837 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2838 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2839 if (buf)
2840 {
2841 ok(size == sizeof(v3Cert), "Wrong size %d\n", size);
2842 ok(!memcmp(buf, v3Cert, size), "Got unexpected value\n");
2843 LocalFree(buf);
2844 }
2845 /* see if a V1 cert can have basic constraints set (RFC3280 says no, but
2846 * API doesn't prevent it)
2847 */
2848 info.dwVersion = CERT_V1;
2849 info.cExtension = 1;
2850 info.rgExtension = &criticalExt;
2851 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2852 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2853 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
2854 if (buf)
2855 {
2856 ok(size == sizeof(v1CertWithConstraints), "Wrong size %d\n", size);
2857 ok(!memcmp(buf, v1CertWithConstraints, size), "Got unexpected value\n");
2858 LocalFree(buf);
2859 }
2860 /* test v1 cert with a serial number */
2861 info.SerialNumber.cbData = sizeof(serialNum);
2862 info.SerialNumber.pbData = (BYTE *)serialNum;
2863 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2864 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2865 if (buf)
2866 {
2867 ok(size == sizeof(v1CertWithSerial), "Wrong size %d\n", size);
2868 ok(!memcmp(buf, v1CertWithSerial, size), "Got unexpected value\n");
2869 LocalFree(buf);
2870 }
2871 /* Test v1 cert with an issuer name, a subject name, and a serial number */
2872 info.Issuer.cbData = sizeof(encodedCommonName);
2873 info.Issuer.pbData = (BYTE *)encodedCommonName;
2874 info.Subject.cbData = sizeof(encodedCommonName);
2875 info.Subject.pbData = (BYTE *)encodedCommonName;
2876 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2877 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2878 if (buf)
2879 {
2880 ok(size == sizeof(bigCert), "Wrong size %d\n", size);
2881 ok(!memcmp(buf, bigCert, size), "Got unexpected value\n");
2882 LocalFree(buf);
2883 }
2884 /* Add a public key */
2885 info.SubjectPublicKeyInfo.Algorithm.pszObjId = oid_rsa_rsa;
2886 info.SubjectPublicKeyInfo.PublicKey.cbData = sizeof(aKey);
2887 info.SubjectPublicKeyInfo.PublicKey.pbData = (LPBYTE)aKey;
2888 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2889 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2890 if (buf)
2891 {
2892 ok(size == sizeof(v1CertWithPubKey) ||
2893 size == sizeof(v1CertWithPubKeyNoNull), "Wrong size %d\n", size);
2894 if (size == sizeof(v1CertWithPubKey))
2895 ok(!memcmp(buf, v1CertWithPubKey, size), "Got unexpected value\n");
2896 else if (size == sizeof(v1CertWithPubKeyNoNull))
2897 ok(!memcmp(buf, v1CertWithPubKeyNoNull, size),
2898 "Got unexpected value\n");
2899 LocalFree(buf);
2900 }
2901 /* Remove the public key, and add a subject key identifier extension */
2902 info.SubjectPublicKeyInfo.Algorithm.pszObjId = NULL;
2903 info.SubjectPublicKeyInfo.PublicKey.cbData = 0;
2904 info.SubjectPublicKeyInfo.PublicKey.pbData = NULL;
2905 ext.pszObjId = oid_subject_key_identifier;
2906 ext.fCritical = FALSE;
2907 ext.Value.cbData = sizeof(octetCommonNameValue);
2908 ext.Value.pbData = (BYTE *)octetCommonNameValue;
2909 info.cExtension = 1;
2910 info.rgExtension = &ext;
2911 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, &info,
2912 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2913 if (buf)
2914 {
2915 ok(size == sizeof(v1CertWithSubjectKeyId), "Wrong size %d\n", size);
2916 ok(!memcmp(buf, v1CertWithSubjectKeyId, size), "Unexpected value\n");
2917 LocalFree(buf);
2918 }
2919 }
2920
2921 static void test_decodeCertToBeSigned(DWORD dwEncoding)
2922 {
2923 static const BYTE *corruptCerts[] = { v1Cert, v2Cert, v3Cert,
2924 v1CertWithConstraints, v1CertWithSerial };
2925 BOOL ret;
2926 BYTE *buf = NULL;
2927 DWORD size = 0, i;
2928
2929 /* Test with NULL pbEncoded */
2930 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL, 0,
2931 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2932 ok(!ret && GetLastError() == CRYPT_E_ASN1_EOD,
2933 "Expected CRYPT_E_ASN1_EOD, got %08x\n", GetLastError());
2934 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, NULL, 1,
2935 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2936 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
2937 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
2938 /* The following certs all fail with CRYPT_E_ASN1_CORRUPT, because at a
2939 * minimum a cert must have a non-zero serial number, an issuer, and a
2940 * subject.
2941 */
2942 for (i = 0; i < sizeof(corruptCerts) / sizeof(corruptCerts[0]); i++)
2943 {
2944 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
2945 corruptCerts[i], corruptCerts[i][1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
2946 (BYTE *)&buf, &size);
2947 ok(!ret, "Expected failure\n");
2948 }
2949 /* Now check with serial number, subject and issuer specified */
2950 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, bigCert,
2951 sizeof(bigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
2952 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2953 if (buf)
2954 {
2955 CERT_INFO *info = (CERT_INFO *)buf;
2956
2957 ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
2958 ok(info->SerialNumber.cbData == 1,
2959 "Expected serial number size 1, got %d\n", info->SerialNumber.cbData);
2960 ok(*info->SerialNumber.pbData == *serialNum,
2961 "Expected serial number %d, got %d\n", *serialNum,
2962 *info->SerialNumber.pbData);
2963 ok(info->Issuer.cbData == sizeof(encodedCommonName),
2964 "Wrong size %d\n", info->Issuer.cbData);
2965 ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
2966 "Unexpected issuer\n");
2967 ok(info->Subject.cbData == sizeof(encodedCommonName),
2968 "Wrong size %d\n", info->Subject.cbData);
2969 ok(!memcmp(info->Subject.pbData, encodedCommonName,
2970 info->Subject.cbData), "Unexpected subject\n");
2971 LocalFree(buf);
2972 }
2973 /* Check again with pub key specified */
2974 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED,
2975 v1CertWithPubKey, sizeof(v1CertWithPubKey), CRYPT_DECODE_ALLOC_FLAG, NULL,
2976 (BYTE *)&buf, &size);
2977 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
2978 if (buf)
2979 {
2980 CERT_INFO *info = (CERT_INFO *)buf;
2981
2982 ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
2983 ok(info->SerialNumber.cbData == 1,
2984 "Expected serial number size 1, got %d\n", info->SerialNumber.cbData);
2985 ok(*info->SerialNumber.pbData == *serialNum,
2986 "Expected serial number %d, got %d\n", *serialNum,
2987 *info->SerialNumber.pbData);
2988 ok(info->Issuer.cbData == sizeof(encodedCommonName),
2989 "Wrong size %d\n", info->Issuer.cbData);
2990 ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
2991 "Unexpected issuer\n");
2992 ok(info->Subject.cbData == sizeof(encodedCommonName),
2993 "Wrong size %d\n", info->Subject.cbData);
2994 ok(!memcmp(info->Subject.pbData, encodedCommonName,
2995 info->Subject.cbData), "Unexpected subject\n");
2996 ok(!strcmp(info->SubjectPublicKeyInfo.Algorithm.pszObjId,
2997 szOID_RSA_RSA), "Expected szOID_RSA_RSA, got %s\n",
2998 info->SubjectPublicKeyInfo.Algorithm.pszObjId);
2999 ok(info->SubjectPublicKeyInfo.PublicKey.cbData == sizeof(aKey),
3000 "Wrong size %d\n", info->SubjectPublicKeyInfo.PublicKey.cbData);
3001 ok(!memcmp(info->SubjectPublicKeyInfo.PublicKey.pbData, aKey,
3002 sizeof(aKey)), "Unexpected public key\n");
3003 LocalFree(buf);
3004 }
3005 }
3006
3007 static const BYTE hash[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd,
3008 0xe, 0xf };
3009
3010 static const BYTE signedBigCert[] = {
3011 0x30, 0x81, 0x93, 0x30, 0x7a, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06, 0x00, 0x30,
3012 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a,
3013 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x30, 0x22, 0x18, 0x0f,
3014 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
3015 0x30, 0x5a, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
3016 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06,
3017 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61,
3018 0x6e, 0x67, 0x00, 0x30, 0x07, 0x30, 0x02, 0x06, 0x00, 0x03, 0x01, 0x00, 0xa3,
3019 0x16, 0x30, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
3020 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
3021 0x00, 0x03, 0x11, 0x00, 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 0x07,
3022 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
3023
3024 static void test_encodeCert(DWORD dwEncoding)
3025 {
3026 /* Note the SignatureAlgorithm must match that in the encoded cert. Note
3027 * also that bigCert is a NULL-terminated string, so don't count its
3028 * last byte (otherwise the signed cert won't decode.)
3029 */
3030 CERT_SIGNED_CONTENT_INFO info = { { sizeof(bigCert), (BYTE *)bigCert },
3031 { NULL, { 0, NULL } }, { sizeof(hash), (BYTE *)hash, 0 } };
3032 BOOL ret;
3033 BYTE *buf = NULL;
3034 DWORD bufSize = 0;
3035
3036 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT, &info,
3037 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &bufSize);
3038 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3039 if (buf)
3040 {
3041 ok(bufSize == sizeof(signedBigCert), "Wrong size %d\n", bufSize);
3042 ok(!memcmp(buf, signedBigCert, bufSize), "Unexpected cert\n");
3043 LocalFree(buf);
3044 }
3045 }
3046
3047 static void test_decodeCert(DWORD dwEncoding)
3048 {
3049 BOOL ret;
3050 BYTE *buf = NULL;
3051 DWORD size = 0;
3052
3053 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT, signedBigCert,
3054 sizeof(signedBigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3055 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3056 if (buf)
3057 {
3058 CERT_SIGNED_CONTENT_INFO *info = (CERT_SIGNED_CONTENT_INFO *)buf;
3059
3060 ok(info->ToBeSigned.cbData == sizeof(bigCert),
3061 "Wrong cert size %d\n", info->ToBeSigned.cbData);
3062 ok(!memcmp(info->ToBeSigned.pbData, bigCert, info->ToBeSigned.cbData),
3063 "Unexpected cert\n");
3064 ok(info->Signature.cbData == sizeof(hash),
3065 "Wrong signature size %d\n", info->Signature.cbData);
3066 ok(!memcmp(info->Signature.pbData, hash, info->Signature.cbData),
3067 "Unexpected signature\n");
3068 LocalFree(buf);
3069 }
3070 /* A signed cert decodes as a CERT_INFO too */
3071 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_TO_BE_SIGNED, signedBigCert,
3072 sizeof(signedBigCert), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3073 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3074 if (buf)
3075 {
3076 CERT_INFO *info = (CERT_INFO *)buf;
3077
3078 ok(size >= sizeof(CERT_INFO), "Wrong size %d\n", size);
3079 ok(info->SerialNumber.cbData == 1,
3080 "Expected serial number size 1, got %d\n", info->SerialNumber.cbData);
3081 ok(*info->SerialNumber.pbData == *serialNum,
3082 "Expected serial number %d, got %d\n", *serialNum,
3083 *info->SerialNumber.pbData);
3084 ok(info->Issuer.cbData == sizeof(encodedCommonName),
3085 "Wrong size %d\n", info->Issuer.cbData);
3086 ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
3087 "Unexpected issuer\n");
3088 ok(info->Subject.cbData == sizeof(encodedCommonName),
3089 "Wrong size %d\n", info->Subject.cbData);
3090 ok(!memcmp(info->Subject.pbData, encodedCommonName,
3091 info->Subject.cbData), "Unexpected subject\n");
3092 LocalFree(buf);
3093 }
3094 }
3095
3096 static const BYTE emptyDistPoint[] = { 0x30, 0x02, 0x30, 0x00 };
3097 static const BYTE distPointWithUrl[] = { 0x30, 0x19, 0x30, 0x17, 0xa0, 0x15,
3098 0xa0, 0x13, 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69,
3099 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
3100 static const BYTE distPointWithReason[] = { 0x30, 0x06, 0x30, 0x04, 0x81, 0x02,
3101 0x00, 0x03 };
3102 static const BYTE distPointWithIssuer[] = { 0x30, 0x17, 0x30, 0x15, 0xa2, 0x13,
3103 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65,
3104 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67 };
3105 static const BYTE distPointWithUrlAndIssuer[] = { 0x30, 0x2e, 0x30, 0x2c, 0xa0,
3106 0x15, 0xa0, 0x13, 0x86, 0x11, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77,
3107 0x69, 0x6e, 0x65, 0x68, 0x71, 0x2e, 0x6f, 0x72, 0x67, 0xa2, 0x13, 0x86, 0x11,
3108 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x69, 0x6e, 0x65, 0x68, 0x71,
3109 0x2e, 0x6f, 0x72, 0x67 };
3110 static const BYTE crlReason = CRL_REASON_KEY_COMPROMISE |
3111 CRL_REASON_AFFILIATION_CHANGED;
3112
3113 static void test_encodeCRLDistPoints(DWORD dwEncoding)
3114 {
3115 CRL_DIST_POINTS_INFO info = { 0 };
3116 CRL_DIST_POINT point = { { 0 } };
3117 CERT_ALT_NAME_ENTRY entry = { 0 };
3118 BOOL ret;
3119 BYTE *buf = NULL;
3120 DWORD size = 0;
3121
3122 /* Test with an empty info */
3123 ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3124 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3125 ok(!ret && GetLastError() == E_INVALIDARG,
3126 "Expected E_INVALIDARG, got %08x\n", GetLastError());
3127 /* Test with one empty dist point */
3128 info.cDistPoint = 1;
3129 info.rgDistPoint = &point;
3130 ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3131 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3132 if (buf)
3133 {
3134 ok(size == sizeof(emptyDistPoint), "Wrong size %d\n", size);
3135 ok(!memcmp(buf, emptyDistPoint, size), "Unexpected value\n");
3136 LocalFree(buf);
3137 }
3138 /* A dist point with an invalid name */
3139 point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
3140 entry.dwAltNameChoice = CERT_ALT_NAME_URL;
3141 U(entry).pwszURL = (LPWSTR)nihongoURL;
3142 U(point.DistPointName).FullName.cAltEntry = 1;
3143 U(point.DistPointName).FullName.rgAltEntry = &entry;
3144 ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3145 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3146 ok(!ret && GetLastError() == CRYPT_E_INVALID_IA5_STRING,
3147 "Expected CRYPT_E_INVALID_IA5_STRING, got %08x\n", GetLastError());
3148 /* The first invalid character is at index 7 */
3149 ok(GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size) == 7,
3150 "Expected invalid char at index 7, got %d\n",
3151 GET_CERT_ALT_NAME_VALUE_ERR_INDEX(size));
3152 /* A dist point with (just) a valid name */
3153 U(entry).pwszURL = (LPWSTR)url;
3154 ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3155 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3156 if (buf)
3157 {
3158 ok(size == sizeof(distPointWithUrl), "Wrong size %d\n", size);
3159 ok(!memcmp(buf, distPointWithUrl, size), "Unexpected value\n");
3160 LocalFree(buf);
3161 }
3162 /* A dist point with (just) reason flags */
3163 point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_NO_NAME;
3164 point.ReasonFlags.cbData = sizeof(crlReason);
3165 point.ReasonFlags.pbData = (LPBYTE)&crlReason;
3166 ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3167 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3168 if (buf)
3169 {
3170 ok(size == sizeof(distPointWithReason), "Wrong size %d\n", size);
3171 ok(!memcmp(buf, distPointWithReason, size), "Unexpected value\n");
3172 LocalFree(buf);
3173 }
3174 /* A dist point with just an issuer */
3175 point.ReasonFlags.cbData = 0;
3176 point.CRLIssuer.cAltEntry = 1;
3177 point.CRLIssuer.rgAltEntry = &entry;
3178 ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3179 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3180 if (buf)
3181 {
3182 ok(size == sizeof(distPointWithIssuer), "Wrong size %d\n", size);
3183 ok(!memcmp(buf, distPointWithIssuer, size), "Unexpected value\n");
3184 LocalFree(buf);
3185 }
3186 /* A dist point with both a name and an issuer */
3187 point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
3188 ret = pCryptEncodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS, &info,
3189 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3190 if (buf)
3191 {
3192 ok(size == sizeof(distPointWithUrlAndIssuer),
3193 "Wrong size %d\n", size);
3194 ok(!memcmp(buf, distPointWithUrlAndIssuer, size), "Unexpected value\n");
3195 LocalFree(buf);
3196 }
3197 }
3198
3199 static void test_decodeCRLDistPoints(DWORD dwEncoding)
3200 {
3201 BOOL ret;
3202 BYTE *buf = NULL;
3203 DWORD size = 0;
3204 PCRL_DIST_POINTS_INFO info;
3205 PCRL_DIST_POINT point;
3206 PCERT_ALT_NAME_ENTRY entry;
3207
3208 ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3209 emptyDistPoint, emptyDistPoint[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3210 (BYTE *)&buf, &size);
3211 if (ret)
3212 {
3213 info = (PCRL_DIST_POINTS_INFO)buf;
3214 ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3215 "Wrong size %d\n", size);
3216 ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3217 info->cDistPoint);
3218 point = info->rgDistPoint;
3219 ok(point->DistPointName.dwDistPointNameChoice == CRL_DIST_POINT_NO_NAME,
3220 "Expected CRL_DIST_POINT_NO_NAME, got %d\n",
3221 point->DistPointName.dwDistPointNameChoice);
3222 ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
3223 ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
3224 LocalFree(buf);
3225 }
3226 ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3227 distPointWithUrl, distPointWithUrl[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3228 (BYTE *)&buf, &size);
3229 if (ret)
3230 {
3231 info = (PCRL_DIST_POINTS_INFO)buf;
3232 ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3233 "Wrong size %d\n", size);
3234 ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3235 info->cDistPoint);
3236 point = info->rgDistPoint;
3237 ok(point->DistPointName.dwDistPointNameChoice ==
3238 CRL_DIST_POINT_FULL_NAME,
3239 "Expected CRL_DIST_POINT_FULL_NAME, got %d\n",
3240 point->DistPointName.dwDistPointNameChoice);
3241 ok(U(point->DistPointName).FullName.cAltEntry == 1,
3242 "Expected 1 name entry, got %d\n",
3243 U(point->DistPointName).FullName.cAltEntry);
3244 entry = U(point->DistPointName).FullName.rgAltEntry;
3245 ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
3246 "Expected CERT_ALT_NAME_URL, got %d\n", entry->dwAltNameChoice);
3247 ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
3248 ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
3249 ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
3250 LocalFree(buf);
3251 }
3252 ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3253 distPointWithReason, distPointWithReason[1] + 2, CRYPT_DECODE_ALLOC_FLAG,
3254 NULL, (BYTE *)&buf, &size);
3255 if (ret)
3256 {
3257 info = (PCRL_DIST_POINTS_INFO)buf;
3258 ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3259 "Wrong size %d\n", size);
3260 ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3261 info->cDistPoint);
3262 point = info->rgDistPoint;
3263 ok(point->DistPointName.dwDistPointNameChoice ==
3264 CRL_DIST_POINT_NO_NAME,
3265 "Expected CRL_DIST_POINT_NO_NAME, got %d\n",
3266 point->DistPointName.dwDistPointNameChoice);
3267 ok(point->ReasonFlags.cbData == sizeof(crlReason),
3268 "Expected reason length\n");
3269 ok(!memcmp(point->ReasonFlags.pbData, &crlReason, sizeof(crlReason)),
3270 "Unexpected reason\n");
3271 ok(point->CRLIssuer.cAltEntry == 0, "Expected no issuer\n");
3272 LocalFree(buf);
3273 }
3274 ret = pCryptDecodeObjectEx(dwEncoding, X509_CRL_DIST_POINTS,
3275 distPointWithUrlAndIssuer, distPointWithUrlAndIssuer[1] + 2,
3276 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3277 if (ret)
3278 {
3279 info = (PCRL_DIST_POINTS_INFO)buf;
3280 ok(size >= sizeof(CRL_DIST_POINTS_INFO) + sizeof(CRL_DIST_POINT),
3281 "Wrong size %d\n", size);
3282 ok(info->cDistPoint == 1, "Expected 1 dist points, got %d\n",
3283 info->cDistPoint);
3284 point = info->rgDistPoint;
3285 ok(point->DistPointName.dwDistPointNameChoice ==
3286 CRL_DIST_POINT_FULL_NAME,
3287 "Expected CRL_DIST_POINT_FULL_NAME, got %d\n",
3288 point->DistPointName.dwDistPointNameChoice);
3289 ok(U(point->DistPointName).FullName.cAltEntry == 1,
3290 "Expected 1 name entry, got %d\n",
3291 U(point->DistPointName).FullName.cAltEntry);
3292 entry = U(point->DistPointName).FullName.rgAltEntry;
3293 ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
3294 "Expected CERT_ALT_NAME_URL, got %d\n", entry->dwAltNameChoice);
3295 ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
3296 ok(point->ReasonFlags.cbData == 0, "Expected no reason\n");
3297 ok(point->CRLIssuer.cAltEntry == 1,
3298 "Expected 1 issuer entry, got %d\n", point->CRLIssuer.cAltEntry);
3299 entry = point->CRLIssuer.rgAltEntry;
3300 ok(entry->dwAltNameChoice == CERT_ALT_NAME_URL,
3301 "Expected CERT_ALT_NAME_URL, got %d\n", entry->dwAltNameChoice);
3302 ok(!lstrcmpW(U(*entry).pwszURL, url), "Unexpected name\n");
3303 LocalFree(buf);
3304 }
3305 }
3306
3307 static const BYTE badFlagsIDP[] = { 0x30,0x06,0x81,0x01,0xff,0x82,0x01,0xff };
3308 static const BYTE emptyNameIDP[] = { 0x30,0x04,0xa0,0x02,0xa0,0x00 };
3309 static const BYTE urlIDP[] = { 0x30,0x17,0xa0,0x15,0xa0,0x13,0x86,0x11,0x68,
3310 0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,
3311 0x67 };
3312
3313 static void test_encodeCRLIssuingDistPoint(DWORD dwEncoding)
3314 {
3315 BOOL ret;
3316 BYTE *buf = NULL;
3317 DWORD size = 0;
3318 CRL_ISSUING_DIST_POINT point = { { 0 } };
3319 CERT_ALT_NAME_ENTRY entry;
3320
3321 ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, NULL,
3322 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3323 if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
3324 {
3325 skip("no X509_ISSUING_DIST_POINT encode support\n");
3326 return;
3327 }
3328 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
3329 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
3330 ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3331 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3332 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3333 if (buf)
3334 {
3335 ok(size == sizeof(emptySequence), "Unexpected size %d\n", size);
3336 ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
3337 LocalFree(buf);
3338 }
3339 /* nonsensical flags */
3340 point.fOnlyContainsUserCerts = TRUE;
3341 point.fOnlyContainsCACerts = TRUE;
3342 ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3343 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3344 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3345 if (buf)
3346 {
3347 ok(size == sizeof(badFlagsIDP), "Unexpected size %d\n", size);
3348 ok(!memcmp(buf, badFlagsIDP, size), "Unexpected value\n");
3349 LocalFree(buf);
3350 }
3351 /* unimplemented name type */
3352 point.fOnlyContainsCACerts = point.fOnlyContainsUserCerts = FALSE;
3353 point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_ISSUER_RDN_NAME;
3354 ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3355 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3356 ok(!ret && GetLastError() == E_INVALIDARG,
3357 "Expected E_INVALIDARG, got %08x\n", GetLastError());
3358 /* empty name */
3359 point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
3360 U(point.DistPointName).FullName.cAltEntry = 0;
3361 ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3362 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3363 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3364 if (buf)
3365 {
3366 ok(size == sizeof(emptyNameIDP), "Unexpected size %d\n", size);
3367 ok(!memcmp(buf, emptyNameIDP, size), "Unexpected value\n");
3368 LocalFree(buf);
3369 }
3370 /* name with URL entry */
3371 entry.dwAltNameChoice = CERT_ALT_NAME_URL;
3372 U(entry).pwszURL = (LPWSTR)url;
3373 U(point.DistPointName).FullName.cAltEntry = 1;
3374 U(point.DistPointName).FullName.rgAltEntry = &entry;
3375 ret = pCryptEncodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT, &point,
3376 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3377 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3378 if (buf)
3379 {
3380 ok(size == sizeof(urlIDP), "Unexpected size %d\n", size);
3381 ok(!memcmp(buf, urlIDP, size), "Unexpected value\n");
3382 LocalFree(buf);
3383 }
3384 }
3385
3386 static void compareAltNameEntry(const CERT_ALT_NAME_ENTRY *expected,
3387 const CERT_ALT_NAME_ENTRY *got)
3388 {
3389 ok(expected->dwAltNameChoice == got->dwAltNameChoice,
3390 "Expected name choice %d, got %d\n", expected->dwAltNameChoice,
3391 got->dwAltNameChoice);
3392 if (expected->dwAltNameChoice == got->dwAltNameChoice)
3393 {
3394 switch (got->dwAltNameChoice)
3395 {
3396 case CERT_ALT_NAME_RFC822_NAME:
3397 case CERT_ALT_NAME_DNS_NAME:
3398 case CERT_ALT_NAME_EDI_PARTY_NAME:
3399 case CERT_ALT_NAME_URL:
3400 case CERT_ALT_NAME_REGISTERED_ID:
3401 ok((!U(*expected).pwszURL && !U(*got).pwszURL) ||
3402 (!U(*expected).pwszURL && !lstrlenW(U(*got).pwszURL)) ||
3403 (!U(*got).pwszURL && !lstrlenW(U(*expected).pwszURL)) ||
3404 !lstrcmpW(U(*expected).pwszURL, U(*got).pwszURL),
3405 "Unexpected name\n");
3406 break;
3407 case CERT_ALT_NAME_X400_ADDRESS:
3408 case CERT_ALT_NAME_DIRECTORY_NAME:
3409 case CERT_ALT_NAME_IP_ADDRESS:
3410 ok(U(*got).IPAddress.cbData == U(*expected).IPAddress.cbData,
3411 "Unexpected IP address length %d\n", U(*got).IPAddress.cbData);
3412 ok(!memcmp(U(*got).IPAddress.pbData, U(*got).IPAddress.pbData,
3413 U(*got).IPAddress.cbData), "Unexpected value\n");
3414 break;
3415 }
3416 }
3417 }
3418
3419 static void compareAltNameInfo(const CERT_ALT_NAME_INFO *expected,
3420 const CERT_ALT_NAME_INFO *got)
3421 {
3422 DWORD i;
3423
3424 ok(expected->cAltEntry == got->cAltEntry, "Expected %d entries, got %d\n",
3425 expected->cAltEntry, got->cAltEntry);
3426 for (i = 0; i < min(expected->cAltEntry, got->cAltEntry); i++)
3427 compareAltNameEntry(&expected->rgAltEntry[i], &got->rgAltEntry[i]);
3428 }
3429
3430 static void compareDistPointName(const CRL_DIST_POINT_NAME *expected,
3431 const CRL_DIST_POINT_NAME *got)
3432 {
3433 ok(got->dwDistPointNameChoice == expected->dwDistPointNameChoice,
3434 "Unexpected name choice %d\n", got->dwDistPointNameChoice);
3435 if (got->dwDistPointNameChoice == CRL_DIST_POINT_FULL_NAME)
3436 compareAltNameInfo(&(U(*expected).FullName), &(U(*got).FullName));
3437 }
3438
3439 static void compareCRLIssuingDistPoints(const CRL_ISSUING_DIST_POINT *expected,
3440 const CRL_ISSUING_DIST_POINT *got)
3441 {
3442 compareDistPointName(&expected->DistPointName, &got->DistPointName);
3443 ok(got->fOnlyContainsUserCerts == expected->fOnlyContainsUserCerts,
3444 "Unexpected fOnlyContainsUserCerts\n");
3445 ok(got->fOnlyContainsCACerts == expected->fOnlyContainsCACerts,
3446 "Unexpected fOnlyContainsCACerts\n");
3447 ok(got->OnlySomeReasonFlags.cbData == expected->OnlySomeReasonFlags.cbData,
3448 "Unexpected reason flags\n");
3449 ok(got->fIndirectCRL == expected->fIndirectCRL,
3450 "Unexpected fIndirectCRL\n");
3451 }
3452
3453 static void test_decodeCRLIssuingDistPoint(DWORD dwEncoding)
3454 {
3455 BOOL ret;
3456 BYTE *buf = NULL;
3457 DWORD size = 0;
3458 CRL_ISSUING_DIST_POINT point = { { 0 } };
3459
3460 ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3461 emptySequence, emptySequence[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3462 (BYTE *)&buf, &size);
3463 if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
3464 {
3465 skip("no X509_ISSUING_DIST_POINT decode support\n");
3466 return;
3467 }
3468 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3469 if (ret)
3470 {
3471 compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
3472 LocalFree(buf);
3473 }
3474 ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3475 badFlagsIDP, badFlagsIDP[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3476 (BYTE *)&buf, &size);
3477 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3478 if (ret)
3479 {
3480 point.fOnlyContainsUserCerts = point.fOnlyContainsCACerts = TRUE;
3481 compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
3482 LocalFree(buf);
3483 }
3484 ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3485 emptyNameIDP, emptyNameIDP[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
3486 (BYTE *)&buf, &size);
3487 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3488 if (ret)
3489 {
3490 point.fOnlyContainsCACerts = point.fOnlyContainsUserCerts = FALSE;
3491 point.DistPointName.dwDistPointNameChoice = CRL_DIST_POINT_FULL_NAME;
3492 U(point.DistPointName).FullName.cAltEntry = 0;
3493 compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
3494 LocalFree(buf);
3495 }
3496 ret = pCryptDecodeObjectEx(dwEncoding, X509_ISSUING_DIST_POINT,
3497 urlIDP, urlIDP[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3498 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
3499 if (ret)
3500 {
3501 CERT_ALT_NAME_ENTRY entry;
3502
3503 entry.dwAltNameChoice = CERT_ALT_NAME_URL;
3504 U(entry).pwszURL = (LPWSTR)url;
3505 U(point.DistPointName).FullName.cAltEntry = 1;
3506 U(point.DistPointName).FullName.rgAltEntry = &entry;
3507 compareCRLIssuingDistPoints(&point, (PCRL_ISSUING_DIST_POINT)buf);
3508 LocalFree(buf);
3509 }
3510 }
3511
3512 static const BYTE v1CRL[] = { 0x30, 0x15, 0x30, 0x02, 0x06, 0x00, 0x18, 0x0f,
3513 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
3514 0x30, 0x5a };
3515 static const BYTE v2CRL[] = { 0x30, 0x18, 0x02, 0x01, 0x01, 0x30, 0x02, 0x06,
3516 0x00, 0x18, 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30,
3517 0x30, 0x30, 0x30, 0x30, 0x5a };
3518 static const BYTE v1CRLWithIssuer[] = { 0x30, 0x2c, 0x30, 0x02, 0x06, 0x00,
3519 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0a,
3520 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f, 0x31,
3521 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
3522 0x5a };
3523 static const BYTE v1CRLWithIssuerAndEmptyEntry[] = { 0x30, 0x43, 0x30, 0x02,
3524 0x06, 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
3525 0x13, 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18,
3526 0x0f, 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30,
3527 0x30, 0x30, 0x5a, 0x30, 0x15, 0x30, 0x13, 0x02, 0x00, 0x18, 0x0f, 0x31, 0x36,
3528 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
3529 static const BYTE v1CRLWithIssuerAndEntry[] = { 0x30, 0x44, 0x30, 0x02, 0x06,
3530 0x00, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
3531 0x0a, 0x4a, 0x75, 0x61, 0x6e, 0x20, 0x4c, 0x61, 0x6e, 0x67, 0x00, 0x18, 0x0f,
3532 0x31, 0x36, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30,
3533 0x30, 0x5a, 0x30, 0x16, 0x30, 0x14, 0x02, 0x01, 0x01, 0x18, 0x0f, 0x31, 0x36,
3534 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a };
3535 static const BYTE v1CRLWithEntryExt[] = { 0x30,0x5a,0x30,0x02,0x06,0x00,0x30,
3536 0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,
3537 0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
3538 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x2c,0x30,0x2a,0x02,0x01,
3539 0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,
3540 0x30,0x30,0x5a,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,
3541 0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
3542 static const BYTE v1CRLWithExt[] = { 0x30,0x5c,0x30,0x02,0x06,0x00,0x30,0x15,
3543 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,
3544 0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
3545 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,0x02,0x01,0x01,
3546 0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
3547 0x30,0x5a,0xa0,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,
3548 0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
3549 static const BYTE v2CRLWithExt[] = { 0x30,0x5c,0x02,0x01,0x01,0x30,0x02,0x06,
3550 0x00,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,
3551 0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,
3552 0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x16,0x30,0x14,
3553 0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,
3554 0x30,0x30,0x30,0x30,0x5a,0xa0,0x13,0x30,0x11,0x30,0x0f,0x06,0x03,0x55,0x1d,
3555 0x13,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
3556 static const BYTE v2CRLWithIssuingDistPoint[] = { 0x30,0x5c,0x02,0x01,0x01,
3557 0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,
3558 0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x18,0x0f,0x31,
3559 0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,
3560 0x16,0x30,0x14,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
3561 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0xa0,0x13,0x30,0x11,0x30,0x0f,0x06,
3562 0x03,0x55,0x1d,0x13,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01 };
3563
3564 static void test_encodeCRLToBeSigned(DWORD dwEncoding)
3565 {
3566 BOOL ret;
3567 BYTE *buf = NULL;
3568 static CHAR oid_issuing_dist_point[] = szOID_ISSUING_DIST_POINT;
3569 DWORD size = 0;
3570 CRL_INFO info = { 0 };
3571 CRL_ENTRY entry = { { 0 }, { 0 }, 0, 0 };
3572 CERT_EXTENSION ext;
3573
3574 /* Test with a V1 CRL */
3575 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3576 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3577 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3578 if (buf)
3579 {
3580 ok(size == sizeof(v1CRL), "Wrong size %d\n", size);
3581 ok(!memcmp(buf, v1CRL, size), "Got unexpected value\n");
3582 LocalFree(buf);
3583 }
3584 /* Test v2 CRL */
3585 info.dwVersion = CRL_V2;
3586 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3587 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3588 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3589 if (buf)
3590 {
3591 ok(size == v2CRL[1] + 2, "Expected size %d, got %d\n",
3592 v2CRL[1] + 2, size);
3593 ok(!memcmp(buf, v2CRL, size), "Got unexpected value\n");
3594 LocalFree(buf);
3595 }
3596 /* v1 CRL with a name */
3597 info.dwVersion = CRL_V1;
3598 info.Issuer.cbData = sizeof(encodedCommonName);
3599 info.Issuer.pbData = (BYTE *)encodedCommonName;
3600 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3601 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3602 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3603 if (buf)
3604 {
3605 ok(size == sizeof(v1CRLWithIssuer), "Wrong size %d\n", size);
3606 ok(!memcmp(buf, v1CRLWithIssuer, size), "Got unexpected value\n");
3607 LocalFree(buf);
3608 }
3609 /* v1 CRL with a name and a NULL entry pointer */
3610 info.cCRLEntry = 1;
3611 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3612 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3613 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
3614 "Expected STATUS_ACCESS_VIOLATION, got %08x\n", GetLastError());
3615 /* now set an empty entry */
3616 info.rgCRLEntry = &entry;
3617 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3618 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3619 if (buf)
3620 {
3621 ok(size == sizeof(v1CRLWithIssuerAndEmptyEntry),
3622 "Wrong size %d\n", size);
3623 ok(!memcmp(buf, v1CRLWithIssuerAndEmptyEntry, size),
3624 "Got unexpected value\n");
3625 LocalFree(buf);
3626 }
3627 /* an entry with a serial number */
3628 entry.SerialNumber.cbData = sizeof(serialNum);
3629 entry.SerialNumber.pbData = (BYTE *)serialNum;
3630 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3631 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3632 if (buf)
3633 {
3634 ok(size == sizeof(v1CRLWithIssuerAndEntry),
3635 "Wrong size %d\n", size);
3636 ok(!memcmp(buf, v1CRLWithIssuerAndEntry, size),
3637 "Got unexpected value\n");
3638 LocalFree(buf);
3639 }
3640 /* an entry with an extension */
3641 entry.cExtension = 1;
3642 entry.rgExtension = &criticalExt;
3643 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3644 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3645 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3646 if (buf)
3647 {
3648 ok(size == sizeof(v1CRLWithEntryExt), "Wrong size %d\n", size);
3649 ok(!memcmp(buf, v1CRLWithEntryExt, size), "Got unexpected value\n");
3650 LocalFree(buf);
3651 }
3652 /* a CRL with an extension */
3653 entry.cExtension = 0;
3654 info.cExtension = 1;
3655 info.rgExtension = &criticalExt;
3656 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3657 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3658 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3659 if (buf)
3660 {
3661 ok(size == sizeof(v1CRLWithExt), "Wrong size %d\n", size);
3662 ok(!memcmp(buf, v1CRLWithExt, size), "Got unexpected value\n");
3663 LocalFree(buf);
3664 }
3665 /* a v2 CRL with an extension, this time non-critical */
3666 info.dwVersion = CRL_V2;
3667 info.rgExtension = &nonCriticalExt;
3668 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3669 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3670 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3671 if (buf)
3672 {
3673 ok(size == sizeof(v2CRLWithExt), "Wrong size %d\n", size);
3674 ok(!memcmp(buf, v2CRLWithExt, size), "Got unexpected value\n");
3675 LocalFree(buf);
3676 }
3677 /* a v2 CRL with an issuing dist point extension */
3678 ext.pszObjId = oid_issuing_dist_point;
3679 ext.fCritical = TRUE;
3680 ext.Value.cbData = sizeof(urlIDP);
3681 ext.Value.pbData = (LPBYTE)urlIDP;
3682 entry.rgExtension = &ext;
3683 ret = pCryptEncodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED, &info,
3684 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
3685 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
3686 if (buf)
3687 {
3688 ok(size == sizeof(v2CRLWithIssuingDistPoint), "Wrong size %d\n", size);
3689 ok(!memcmp(buf, v2CRLWithIssuingDistPoint, size), "Unexpected value\n");
3690 LocalFree(buf);
3691 }
3692 }
3693
3694 static const BYTE verisignCRL[] = { 0x30, 0x82, 0x01, 0xb1, 0x30, 0x82, 0x01,
3695 0x1a, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
3696 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x30, 0x61, 0x31, 0x11, 0x30, 0x0f, 0x06,
3697 0x03, 0x55, 0x04, 0x07, 0x13, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
3698 0x74, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56,
3699 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
3700 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, 0x65,
3701 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x72,
3702 0x63, 0x69, 0x61, 0x6c, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
3703 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x72, 0x73, 0x20, 0x43,
3704 0x41, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x33, 0x32, 0x34, 0x30, 0x30, 0x30, 0x30,
3705 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x30, 0x34, 0x30, 0x31, 0x30, 0x37, 0x32, 0x33,
3706 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x30, 0x21, 0x02, 0x10, 0x1b, 0x51,
3707 0x90, 0xf7, 0x37, 0x24, 0x39, 0x9c, 0x92, 0x54, 0xcd, 0x42, 0x46, 0x37, 0x99,
3708 0x6a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x31, 0x33, 0x30, 0x30, 0x30, 0x30, 0x31,
3709 0x32, 0x34, 0x5a, 0x30, 0x21, 0x02, 0x10, 0x75, 0x0e, 0x40, 0xff, 0x97, 0xf0,
3710 0x47, 0xed, 0xf5, 0x56, 0xc7, 0x08, 0x4e, 0xb1, 0xab, 0xfd, 0x17, 0x0d, 0x30,
3711 0x31, 0x30, 0x31, 0x33, 0x31, 0x30, 0x30, 0x30, 0x30, 0x34, 0x39, 0x5a, 0x30,
3712 0x21, 0x02, 0x10, 0x77, 0xe6, 0x5a, 0x43, 0x59, 0x93, 0x5d, 0x5f, 0x7a, 0x75,
3713 0x80, 0x1a, 0xcd, 0xad, 0xc2, 0x22, 0x17, 0x0d, 0x30, 0x30, 0x30, 0x38, 0x33,
3714 0x31, 0x30, 0x30, 0x30, 0x30, 0x35, 0x36, 0x5a, 0xa0, 0x1a, 0x30, 0x18, 0x30,
3715 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0b, 0x06,
3716 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x05, 0xa0, 0x30, 0x0d, 0x06,
3717 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x02, 0x05, 0x00, 0x03,
3718 0x81, 0x81, 0x00, 0x18, 0x2c, 0xe8, 0xfc, 0x16, 0x6d, 0x91, 0x4a, 0x3d, 0x88,
3719 0x54, 0x48, 0x5d, 0xb8, 0x11, 0xbf, 0x64, 0xbb, 0xf9, 0xda, 0x59, 0x19, 0xdd,
3720 0x0e, 0x65, 0xab, 0xc0, 0x0c, 0xfa, 0x67, 0x7e, 0x21, 0x1e, 0x83, 0x0e, 0xcf,
3721 0x9b, 0x89, 0x8a, 0xcf, 0x0c, 0x4b, 0xc1, 0x39, 0x9d, 0xe7, 0x6a, 0xac, 0x46,
3722 0x74, 0x6a, 0x91, 0x62, 0x22, 0x0d, 0xc4, 0x08, 0xbd, 0xf5, 0x0a, 0x90, 0x7f,
3723 0x06, 0x21, 0x3d, 0x7e, 0xa7, 0xaa, 0x5e, 0xcd, 0x22, 0x15, 0xe6, 0x0c, 0x75,
3724 0x8e, 0x6e, 0xad, 0xf1, 0x84, 0xe4, 0x22, 0xb4, 0x30, 0x6f, 0xfb, 0x64, 0x8f,
3725 0xd7, 0x80, 0x43, 0xf5, 0x19, 0x18, 0x66, 0x1d, 0x72, 0xa3, 0xe3, 0x94, 0x82,
3726 0x28, 0x52, 0xa0, 0x06, 0x4e, 0xb1, 0xc8, 0x92, 0x0c, 0x97, 0xbe, 0x15, 0x07,
3727 0xab, 0x7a, 0xc9, 0xea, 0x08, 0x67, 0x43, 0x4d, 0x51, 0x63, 0x3b, 0x9c, 0x9c,
3728 0xcd };
3729 static const BYTE verisignCRLWithLotsOfEntries[] = {
3730 0x30,0x82,0x1d,0xbd,0x30,0x82,0x1d,0x26,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,
3731 0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,0x30,0x61,0x31,0x11,0x30,0x0f,0x06,
3732 0x03,0x55,0x04,0x07,0x13,0x08,0x49,0x6e,0x74,0x65,0x72,0x6e,0x65,0x74,0x31,
3733 0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0a,0x13,0x0e,0x56,0x65,0x72,0x69,0x53,
3734 0x69,0x67,0x6e,0x2c,0x20,0x49,0x6e,0x63,0x2e,0x31,0x33,0x30,0x31,0x06,0x03,
3735 0x55,0x04,0x0b,0x13,0x2a,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6e,0x20,0x43,
3736 0x6f,0x6d,0x6d,0x65,0x72,0x63,0x69,0x61,0x6c,0x20,0x53,0x6f,0x66,0x74,0x77,
3737 0x61,0x72,0x65,0x20,0x50,0x75,0x62,0x6c,0x69,0x73,0x68,0x65,0x72,0x73,0x20,
3738 0x43,0x41,0x17,0x0d,0x30,0x34,0x30,0x33,0x33,0x31,0x30,0x30,0x30,0x30,0x30,
3739 0x30,0x5a,0x17,0x0d,0x30,0x34,0x30,0x35,0x33,0x31,0x32,0x33,0x35,0x39,0x35,
3740 0x39,0x5a,0x30,0x82,0x1c,0x92,0x30,0x21,0x02,0x10,0x01,0x22,0xb8,0xb2,0xf3,
3741 0x76,0x42,0xcc,0x48,0x71,0xb6,0x11,0xbf,0xd1,0xcf,0xda,0x17,0x0d,0x30,0x32,
3742 0x30,0x34,0x31,0x35,0x31,0x35,0x34,0x30,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,
3743 0x01,0x83,0x93,0xfb,0x96,0xde,0x1d,0x89,0x4e,0xc3,0x47,0x9c,0xe1,0x60,0x13,
3744 0x63,0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x39,0x31,0x33,0x35,0x37,0x35,0x38,
3745 0x5a,0x30,0x21,0x02,0x10,0x01,0xdc,0xdb,0x63,0xd4,0xc9,0x9f,0x31,0xb8,0x16,
3746 0xf9,0x2c,0xf5,0xb1,0x08,0x8e,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x38,0x31,
3747 0x37,0x34,0x36,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x02,0x1a,0xa6,0xaf,0x94,
3748 0x71,0xf0,0x07,0x6e,0xf1,0x17,0xe4,0xd4,0x17,0x82,0xdb,0x17,0x0d,0x30,0x32,
3749 0x30,0x37,0x31,0x39,0x32,0x31,0x32,0x38,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,
3750 0x02,0x4c,0xe8,0x9d,0xfd,0x5f,0x77,0x4d,0x4b,0xf5,0x79,0x8b,0xb1,0x08,0x67,
3751 0xac,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x32,0x30,0x36,0x31,0x36,0x35,0x30,
3752 0x5a,0x30,0x21,0x02,0x10,0x02,0x59,0xae,0x6c,0x4c,0x21,0xf1,0x59,0x49,0x87,
3753 0xb0,0x95,0xf9,0x65,0xf3,0x20,0x17,0x0d,0x30,0x33,0x30,0x36,0x31,0x39,0x30,
3754 0x38,0x30,0x34,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x03,0x3c,0x41,0x0e,0x2f,
3755 0x42,0x5c,0x32,0x2c,0xb1,0x35,0xfe,0xe7,0x61,0x97,0xa5,0x17,0x0d,0x30,0x32,
3756 0x30,0x34,0x32,0x34,0x31,0x39,0x34,0x37,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,
3757 0x03,0x4e,0x68,0xfa,0x8b,0xb2,0x8e,0xb9,0x72,0xea,0x72,0xe5,0x3b,0x15,0xac,
3758 0x8b,0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x36,0x32,0x31,0x35,0x31,0x35,0x31,
3759 0x5a,0x30,0x21,0x02,0x10,0x03,0xc9,0xa8,0xe3,0x48,0xb0,0x5f,0xcf,0x08,0xee,
3760 0xb9,0x93,0xf9,0xe9,0xaf,0x0c,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x38,0x31,
3761 0x33,0x34,0x39,0x32,0x32,0x5a,0x30,0x21,0x02,0x10,0x04,0x9b,0x23,0x6a,0x37,
3762 0x5c,0x06,0x98,0x0a,0x31,0xc8,0x86,0xdc,0x3a,0x95,0xcc,0x17,0x0d,0x30,0x32,
3763 0x31,0x30,0x30,0x31,0x32,0x32,0x31,0x30,0x35,0x36,0x5a,0x30,0x21,0x02,0x10,
3764 0x06,0x08,0xba,0xc7,0xac,0xf8,0x5a,0x7c,0xa1,0xf4,0x25,0x85,0xbb,0x4e,0x8c,
3765 0x4f,0x17,0x0d,0x30,0x33,0x30,0x31,0x30,0x33,0x30,0x37,0x35,0x37,0x31,0x34,
3766 0x5a,0x30,0x21,0x02,0x10,0x07,0x66,0x22,0x4a,0x4a,0x9d,0xff,0x6e,0xb5,0x11,
3767 0x0b,0xa9,0x94,0xfc,0x68,0x20,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x32,0x30,
3768 0x31,0x34,0x30,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x07,0x8f,0xa1,0x4d,0xb5,
3769 0xfc,0x0c,0xc6,0x42,0x72,0x88,0x37,0x76,0x29,0x44,0x31,0x17,0x0d,0x30,0x32,
3770 0x30,0x33,0x31,0x35,0x32,0x30,0x31,0x39,0x34,0x39,0x5a,0x30,0x21,0x02,0x10,
3771 0x07,0xb9,0xd9,0x42,0x19,0x81,0xc4,0xfd,0x49,0x4f,0x72,0xce,0xf2,0xf8,0x6d,
3772 0x76,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x35,0x31,0x35,0x33,0x37,0x31,0x39,
3773 0x5a,0x30,0x21,0x02,0x10,0x08,0x6e,0xf9,0x6c,0x7f,0xbf,0xbc,0xc8,0x86,0x70,
3774 0x62,0x3f,0xe9,0xc4,0x2f,0x2b,0x17,0x0d,0x30,0x32,0x31,0x31,0x32,0x38,0x30,
3775 0x30,0x32,0x38,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x09,0x08,0xe4,0xaa,0xf5,
3776 0x2d,0x2b,0xc0,0x15,0x9e,0x00,0x8b,0x3f,0x97,0x93,0xf9,0x17,0x0d,0x30,0x33,
3777 0x30,0x32,0x31,0x32,0x32,0x32,0x30,0x30,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,
3778 0x09,0x13,0x0a,0x4f,0x0f,0x88,0xe5,0x50,0x05,0xc3,0x5f,0xf4,0xff,0x15,0x39,
3779 0xdd,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x36,0x30,0x38,0x31,0x31,0x33,0x30,
3780 0x5a,0x30,0x21,0x02,0x10,0x09,0x8d,0xdd,0x37,0xda,0xe7,0x84,0x03,0x9d,0x98,
3781 0x96,0xf8,0x88,0x3a,0x55,0xca,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x31,0x32,
3782 0x33,0x33,0x35,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x0a,0x35,0x0c,0xd7,0xf4,
3783 0x53,0xe6,0xc1,0x4e,0xf2,0x2a,0xd3,0xce,0xf8,0x7c,0xe7,0x17,0x0d,0x30,0x32,
3784 0x30,0x38,0x30,0x32,0x32,0x32,0x32,0x34,0x32,0x38,0x5a,0x30,0x21,0x02,0x10,
3785 0x0b,0x9c,0xb8,0xf8,0xfb,0x35,0x38,0xf2,0x91,0xfd,0xa1,0xe9,0x69,0x4a,0xb1,
3786 0x24,0x17,0x0d,0x30,0x33,0x30,0x34,0x30,0x38,0x30,0x31,0x30,0x32,0x32,0x32,
3787 0x5a,0x30,0x21,0x02,0x10,0x0c,0x2f,0x7f,0x32,0x15,0xe0,0x2f,0x74,0xfa,0x05,
3788 0x22,0x67,0xbc,0x8a,0x2d,0xd0,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x36,0x31,
3789 0x39,0x30,0x37,0x35,0x34,0x5a,0x30,0x21,0x02,0x10,0x0c,0x32,0x5b,0x78,0x32,
3790 0xc6,0x7c,0xd8,0xdd,0x25,0x91,0x22,0x4d,0x84,0x0a,0x94,0x17,0x0d,0x30,0x32,
3791 0x30,0x33,0x31,0x38,0x31,0x32,0x33,0x39,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,
3792 0x0d,0x76,0x36,0xb9,0x1c,0x72,0xb7,0x9d,0xdf,0xa5,0x35,0x82,0xc5,0xa8,0xf7,
3793 0xbb,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x37,0x32,0x31,0x34,0x32,0x31,0x31,
3794 0x5a,0x30,0x21,0x02,0x10,0x0f,0x28,0x79,0x98,0x56,0xb8,0xa5,0x5e,0xeb,0x79,
3795 0x5f,0x1b,0xed,0x0b,0x86,0x76,0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x33,0x30,
3796 0x31,0x31,0x30,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x0f,0x80,0x3c,0x24,0xf4,
3797 0x62,0x27,0x24,0xbe,0x6a,0x74,0x9c,0x18,0x8e,0x4b,0x3b,0x17,0x0d,0x30,0x32,
3798 0x31,0x31,0x32,0x30,0x31,0x37,0x31,0x31,0x33,0x35,0x5a,0x30,0x21,0x02,0x10,
3799 0x0f,0xf2,0xa7,0x8c,0x80,0x9c,0xbe,0x2f,0xc8,0xa9,0xeb,0xfe,0x94,0x86,0x5a,
3800 0x5c,0x17,0x0d,0x30,0x32,0x30,0x36,0x32,0x30,0x31,0x39,0x35,0x38,0x34,0x35,
3801 0x5a,0x30,0x21,0x02,0x10,0x10,0x45,0x13,0x35,0x45,0xf3,0xc6,0x02,0x8d,0x8d,
3802 0x18,0xb1,0xc4,0x0a,0x7a,0x18,0x17,0x0d,0x30,0x32,0x30,0x34,0x32,0x36,0x31,
3803 0x37,0x33,0x32,0x35,0x39,0x5a,0x30,0x21,0x02,0x10,0x10,0x79,0xb1,0x71,0x1b,
3804 0x26,0x98,0x92,0x08,0x1e,0x3c,0xe4,0x8b,0x29,0x37,0xf9,0x17,0x0d,0x30,0x32,
3805 0x30,0x33,0x32,0x38,0x31,0x36,0x33,0x32,0x35,0x35,0x5a,0x30,0x21,0x02,0x10,
3806 0x11,0x38,0x80,0x77,0xcb,0x6b,0xe5,0xd6,0xa7,0xf2,0x99,0xa1,0xc8,0xe9,0x40,
3807 0x25,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x39,0x31,0x32,0x32,0x34,0x31,0x37,
3808 0x5a,0x30,0x21,0x02,0x10,0x11,0x7a,0xc3,0x82,0xfe,0x74,0x36,0x11,0x21,0xd6,
3809 0x92,0x86,0x09,0xdf,0xe6,0xf3,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x39,0x31,
3810 0x35,0x31,0x31,0x33,0x36,0x5a,0x30,0x21,0x02,0x10,0x11,0xab,0x8e,0x21,0x28,
3811 0x7f,0x6d,0xf2,0xc1,0xc8,0x40,0x3e,0xa5,0xde,0x98,0xd3,0x17,0x0d,0x30,0x32,
3812 0x30,0x35,0x30,0x32,0x31,0x38,0x34,0x34,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,
3813 0x12,0x3c,0x38,0xae,0x3f,0x64,0x53,0x3a,0xf7,0xbc,0x6c,0x27,0xe2,0x9c,0x65,
3814 0x75,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x33,0x32,0x33,0x30,0x38,0x35,0x39,
3815 0x5a,0x30,0x21,0x02,0x10,0x12,0x88,0xb6,0x6c,0x9b,0xcf,0xe7,0x50,0x92,0xd2,
3816 0x87,0x63,0x8f,0xb7,0xa6,0xe3,0x17,0x0d,0x30,0x32,0x30,0x37,0x30,0x32,0x32,
3817 0x30,0x35,0x35,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,0x12,0x95,0x4e,0xb6,0x8f,
3818 0x3a,0x19,0x6a,0x16,0x73,0x4f,0x6e,0x15,0xba,0xa5,0xe7,0x17,0x0d,0x30,0x32,
3819 0x30,0x36,0x31,0x37,0x31,0x38,0x35,0x36,0x30,0x31,0x5a,0x30,0x21,0x02,0x10,
3820 0x13,0x37,0x0b,0x41,0x8c,0x31,0x43,0x1c,0x27,0xaa,0xe1,0x83,0x0f,0x99,0x21,
3821 0xcd,0x17,0x0d,0x30,0x32,0x30,0x37,0x32,0x32,0x31,0x32,0x31,0x37,0x31,0x36,
3822 0x5a,0x30,0x21,0x02,0x10,0x14,0x7a,0x29,0x0a,0x09,0x38,0xf4,0x53,0x28,0x33,
3823 0x6f,0x37,0x07,0x23,0x12,0x10,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x32,0x30,
3824 0x32,0x30,0x30,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x15,0x04,0x81,0x1e,0xe2,
3825 0x6f,0xf0,0xd8,0xdd,0x12,0x55,0x05,0x66,0x51,0x6e,0x1a,0x17,0x0d,0x30,0x32,
3826 0x30,0x33,0x31,0x33,0x31,0x30,0x35,0x33,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,
3827 0x15,0x30,0x0d,0x8a,0xbd,0x0e,0x89,0x0e,0x66,0x4f,0x49,0x93,0xa2,0x8f,0xbc,
3828 0x2e,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x34,0x30,0x36,0x34,0x32,0x32,0x33,
3829 0x5a,0x30,0x21,0x02,0x10,0x16,0xbe,0x64,0xd6,0x4f,0x90,0xf4,0xf7,0x2b,0xc8,
3830 0xca,0x67,0x5c,0x82,0x13,0xe8,0x17,0x0d,0x30,0x32,0x30,0x36,0x30,0x36,0x31,
3831 0x39,0x30,0x39,0x30,0x37,0x5a,0x30,0x21,0x02,0x10,0x18,0x51,0x9c,0xe4,0x48,
3832 0x62,0x06,0xfe,0xb8,0x2d,0x93,0xb7,0xc9,0xc9,0x1b,0x4e,0x17,0x0d,0x30,0x32,
3833 0x30,0x34,0x31,0x37,0x30,0x35,0x30,0x30,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,
3834 0x19,0x82,0xdb,0x39,0x74,0x00,0x38,0x36,0x59,0xf6,0xcc,0xc1,0x23,0x8d,0x40,
3835 0xe9,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x36,0x30,0x37,0x35,0x34,0x35,0x34,
3836 0x5a,0x30,0x21,0x02,0x10,0x1b,0x51,0x90,0xf7,0x37,0x24,0x39,0x9c,0x92,0x54,
3837 0xcd,0x42,0x46,0x37,0x99,0x6a,0x17,0x0d,0x30,0x31,0x30,0x31,0x33,0x30,0x30,
3838 0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x21,0x02,0x10,0x1b,0xe4,0xb2,0xbb,0xb6,
3839 0x74,0x5d,0x6b,0x8b,0x04,0xb6,0xa0,0x1b,0x35,0xeb,0x29,0x17,0x0d,0x30,0x32,
3840 0x30,0x39,0x32,0x35,0x32,0x30,0x31,0x34,0x35,0x36,0x5a,0x30,0x21,0x02,0x10,
3841 0x1c,0x1d,0xd5,0x2a,0xf6,0xaa,0xfd,0xbb,0x47,0xc2,0x73,0x36,0xcf,0x53,0xbd,
3842 0x81,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x33,0x31,0x39,0x30,0x33,0x34,0x32,
3843 0x5a,0x30,0x21,0x02,0x10,0x1c,0xb0,0x5a,0x1f,0xfd,0xa6,0x98,0xf6,0x46,0xf9,
3844 0x32,0x10,0x9e,0xef,0x52,0x8e,0x17,0x0d,0x30,0x32,0x30,0x36,0x32,0x37,0x31,
3845 0x33,0x30,0x33,0x32,0x32,0x5a,0x30,0x21,0x02,0x10,0x1d,0x01,0xfc,0xa7,0xdd,
3846 0xb4,0x0c,0x64,0xbd,0x65,0x45,0xe6,0xbf,0x1c,0x7e,0x90,0x17,0x0d,0x30,0x32,
3847 0x30,0x32,0x32,0x31,0x30,0x34,0x32,0x30,0x30,0x36,0x5a,0x30,0x21,0x02,0x10,
3848 0x1e,0x4d,0xc9,0xc6,0x6e,0x57,0xda,0x8a,0x07,0x97,0x70,0xfa,0xee,0x9c,0xc5,
3849 0x58,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x39,0x32,0x32,0x33,0x34,0x32,0x31,
3850 0x5a,0x30,0x21,0x02,0x10,0x1e,0xbb,0x9b,0x28,0x61,0x50,0x7f,0x12,0x30,0xfb,
3851 0x02,0xb5,0xe1,0xb0,0x7e,0x9d,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x36,0x30,
3852 0x30,0x30,0x34,0x32,0x30,0x5a,0x30,0x21,0x02,0x10,0x1f,0x5a,0x64,0xc9,0xa5,
3853 0x51,0x8c,0xe2,0x2d,0x50,0x83,0xc2,0x4c,0x7c,0xe7,0x85,0x17,0x0d,0x30,0x32,
3854 0x30,0x38,0x32,0x34,0x30,0x36,0x33,0x31,0x32,0x38,0x5a,0x30,0x21,0x02,0x10,
3855 0x1f,0xc2,0x4e,0xd0,0xac,0x52,0xd3,0x39,0x18,0x6d,0xd0,0x0f,0x23,0xd7,0x45,
3856 0x72,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x38,0x31,0x39,0x31,0x35,0x34,0x32,
3857 0x5a,0x30,0x20,0x02,0x0f,0x24,0x60,0x7a,0x8e,0x0e,0x86,0xa4,0x88,0x68,0xaf,
3858 0xd9,0x0c,0x6b,0xba,0xff,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x38,0x30,0x35,
3859 0x31,0x38,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x20,0x41,0x73,0xbb,0x72,0x88,
3860 0x6e,0x4b,0x1c,0xb6,0x70,0x02,0x67,0xaa,0x3b,0x3d,0x17,0x0d,0x30,0x32,0x30,
3861 0x39,0x30,0x33,0x31,0x37,0x30,0x36,0x32,0x31,0x5a,0x30,0x21,0x02,0x10,0x20,
3862 0x6e,0x0d,0xdc,0x8c,0xa4,0xac,0xf7,0x08,0x77,0x5c,0x80,0xf9,0xa3,0x68,0x92,
3863 0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x30,0x32,0x30,0x35,0x37,0x31,0x36,0x5a,
3864 0x30,0x21,0x02,0x10,0x21,0xe4,0x6b,0x98,0x47,0x91,0xe6,0x02,0xdf,0xb2,0x45,
3865 0xbc,0x31,0x37,0xa0,0x7c,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x32,0x33,
3866 0x32,0x33,0x31,0x33,0x5a,0x30,0x21,0x02,0x10,0x22,0x00,0x95,0x70,0x79,0xf9,
3867 0x9c,0x34,0x91,0xbb,0x84,0xb9,0x91,0xde,0x22,0x55,0x17,0x0d,0x30,0x32,0x30,
3868 0x32,0x31,0x33,0x30,0x36,0x35,0x39,0x33,0x39,0x5a,0x30,0x21,0x02,0x10,0x22,
3869 0xf9,0x67,0x4f,0xcd,0x29,0xc6,0xdc,0xc8,0x22,0x6e,0xe9,0x0a,0xa1,0x48,0x5a,
3870 0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x33,0x30,0x30,0x34,0x33,0x32,0x36,0x5a,
3871 0x30,0x21,0x02,0x10,0x24,0xa3,0xa7,0xd0,0xb8,0x1d,0x1c,0xf7,0xe6,0x1f,0x6e,
3872 0xba,0xc9,0x98,0x59,0xed,0x17,0x0d,0x30,0x33,0x30,0x37,0x32,0x34,0x32,0x30,
3873 0x35,0x38,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,0x24,0xef,0x89,0xa1,0x30,0x4f,
3874 0x51,0x63,0xfe,0xdb,0xdb,0x64,0x6e,0x4c,0x5a,0x81,0x17,0x0d,0x30,0x32,0x30,
3875 0x37,0x30,0x33,0x30,0x39,0x32,0x31,0x31,0x37,0x5a,0x30,0x21,0x02,0x10,0x25,
3876 0x08,0xe5,0xac,0xdd,0x6f,0x74,0x44,0x51,0x1a,0xf5,0xdb,0xf8,0xba,0x25,0xe0,
3877 0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x39,0x30,0x34,0x31,0x36,0x32,0x32,0x5a,
3878 0x30,0x21,0x02,0x10,0x25,0x81,0xe8,0x18,0x60,0x88,0xbc,0x1a,0xe9,0x14,0x84,
3879 0xed,0xd4,0x62,0xf5,0x47,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x33,0x30,0x31,
3880 0x35,0x37,0x31,0x39,0x5a,0x30,0x21,0x02,0x10,0x26,0xe5,0x5c,0xab,0x16,0xec,
3881 0x61,0x38,0x49,0x2c,0xd2,0xb1,0x48,0x89,0xd5,0x47,0x17,0x0d,0x30,0x32,0x30,
3882 0x33,0x31,0x33,0x31,0x38,0x30,0x30,0x33,0x38,0x5a,0x30,0x21,0x02,0x10,0x27,
3883 0xbe,0xda,0x7f,0x4f,0x1f,0x6c,0x76,0x09,0xc0,0x9a,0xaf,0xd4,0x68,0xe2,0x16,
3884 0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x30,0x31,0x38,0x33,0x32,0x33,0x30,0x5a,
3885 0x30,0x21,0x02,0x10,0x28,0x89,0xd0,0xb3,0xb5,0xc4,0x56,0x36,0x9b,0x3e,0x81,
3886 0x1a,0x21,0x56,0xaa,0x42,0x17,0x0d,0x30,0x32,0x31,0x31,0x30,0x34,0x31,0x31,
3887 0x30,0x33,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,0x28,0xab,0x93,0x06,0xb1,0x1e,
3888 0x05,0xe0,0xe1,0x25,0x75,0xc7,0x74,0xcb,0x55,0xa6,0x17,0x0d,0x30,0x33,0x30,
3889 0x31,0x32,0x34,0x31,0x39,0x34,0x38,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x29,
3890 0xe9,0x3b,0x44,0x8d,0xc3,0x4b,0x80,0x17,0xda,0xe4,0x1c,0x43,0x96,0x83,0x59,
3891 0x17,0x0d,0x30,0x32,0x30,0x36,0x30,0x37,0x32,0x31,0x34,0x33,0x33,0x39,0x5a,
3892 0x30,0x21,0x02,0x10,0x2a,0x08,0x64,0x2b,0x48,0xe2,0x17,0x89,0x6a,0x0c,0xf9,
3893 0x7e,0x10,0x66,0x8f,0xe7,0x17,0x0d,0x30,0x32,0x30,0x38,0x31,0x39,0x31,0x38,
3894 0x33,0x35,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x2a,0x44,0xee,0x91,0x5d,0xe3,
3895 0xa5,0x2b,0x09,0xf3,0x56,0x59,0xe0,0x8f,0x25,0x22,0x17,0x0d,0x30,0x32,0x30,
3896 0x32,0x32,0x31,0x31,0x39,0x33,0x31,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x2a,
3897 0x8b,0x4e,0xa5,0xb6,0x06,0xc8,0x48,0x3b,0x0e,0x71,0x1e,0x6b,0xf4,0x16,0xc1,
3898 0x17,0x0d,0x30,0x32,0x30,0x34,0x33,0x30,0x30,0x39,0x32,0x31,0x31,0x38,0x5a,
3899 0x30,0x21,0x02,0x10,0x2b,0x03,0xfc,0x2f,0xc2,0x8e,0x38,0x29,0x6f,0xa1,0x0f,
3900 0xe9,0x47,0x1b,0x35,0xd7,0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x34,0x32,0x30,
3901 0x31,0x38,0x33,0x33,0x5a,0x30,0x21,0x02,0x10,0x2c,0x48,0xf7,0xd6,0xd5,0x71,
3902 0xc0,0xd1,0xbd,0x6a,0x00,0x65,0x1d,0x2d,0xa9,0xdd,0x17,0x0d,0x30,0x32,0x30,
3903 0x33,0x30,0x36,0x31,0x37,0x32,0x30,0x34,0x33,0x5a,0x30,0x21,0x02,0x10,0x2c,
3904 0xbf,0x84,0x1d,0xe4,0x58,0x32,0x79,0x32,0x10,0x37,0xde,0xd7,0x94,0xff,0x85,
3905 0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x32,0x31,0x39,0x30,0x32,0x32,0x35,0x5a,
3906 0x30,0x21,0x02,0x10,0x2d,0x03,0x54,0x35,0x54,0x45,0x2c,0x6d,0x39,0xf0,0x1b,
3907 0x74,0x68,0xde,0xcf,0x93,0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x33,0x31,0x33,
3908 0x32,0x33,0x33,0x37,0x5a,0x30,0x21,0x02,0x10,0x2d,0x24,0x94,0x34,0x19,0x92,
3909 0xb1,0xf2,0x37,0x9d,0x6e,0xc5,0x35,0x93,0xdd,0xf0,0x17,0x0d,0x30,0x32,0x30,
3910 0x33,0x31,0x35,0x31,0x37,0x31,0x37,0x32,0x37,0x5a,0x30,0x21,0x02,0x10,0x2d,
3911 0x47,0x24,0x61,0x87,0x91,0xba,0x2e,0xf2,0xf7,0x92,0x21,0xf3,0x1b,0x8b,0x1e,
3912 0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x34,0x32,0x33,0x30,0x38,0x32,0x32,0x5a,
3913 0x30,0x21,0x02,0x10,0x2d,0x84,0xc2,0xb1,0x01,0xa1,0x3a,0x6f,0xb0,0x30,0x13,
3914 0x76,0x5a,0x69,0xec,0x41,0x17,0x0d,0x30,0x32,0x30,0x37,0x31,0x35,0x31,0x37,
3915 0x32,0x39,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x2d,0xd5,0x26,0xc3,0xcd,0x01,
3916 0xce,0xfd,0x67,0xb8,0x08,0xac,0x5a,0x70,0xc4,0x34,0x17,0x0d,0x30,0x32,0x30,
3917 0x32,0x32,0x37,0x30,0x34,0x34,0x36,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x2e,
3918 0x2b,0x0a,0x94,0x4d,0xf1,0xa4,0x37,0xb7,0xa3,0x9b,0x4b,0x96,0x26,0xa8,0xe3,
3919 0x17,0x0d,0x30,0x33,0x30,0x31,0x30,0x39,0x30,0x36,0x32,0x38,0x32,0x38,0x5a,
3920 0x30,0x21,0x02,0x10,0x2e,0x31,0x30,0xc1,0x2e,0x16,0x31,0xd9,0x2b,0x0a,0x70,
3921 0xca,0x3f,0x31,0x73,0x62,0x17,0x0d,0x30,0x33,0x30,0x31,0x32,0x39,0x30,0x31,
3922 0x34,0x39,0x32,0x37,0x5a,0x30,0x21,0x02,0x10,0x2e,0xbd,0x6d,0xdf,0xce,0x20,
3923 0x6f,0xe7,0xa8,0xf4,0xf3,0x25,0x9c,0xc3,0xc1,0x12,0x17,0x0d,0x30,0x32,0x30,
3924 0x39,0x32,0x30,0x31,0x33,0x35,0x34,0x34,0x32,0x5a,0x30,0x21,0x02,0x10,0x2f,
3925 0x56,0x16,0x22,0xba,0x87,0xd5,0xfd,0xff,0xe6,0xb0,0xdd,0x3c,0x08,0x26,0x2c,
3926 0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x33,0x31,0x37,0x35,0x33,0x31,0x31,0x5a,
3927 0x30,0x21,0x02,0x10,0x30,0x3e,0x77,0x7b,0xec,0xcb,0x89,0x2c,0x15,0x55,0x7f,
3928 0x20,0xf2,0x33,0xc1,0x1e,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x31,0x32,0x33,
3929 0x35,0x30,0x34,0x39,0x5a,0x30,0x21,0x02,0x10,0x30,0x59,0x6c,0xaa,0x5f,0xd3,
3930 0xac,0x50,0x86,0x2c,0xc4,0xfa,0x3c,0x48,0x50,0xd1,0x17,0x0d,0x30,0x32,0x30,
3931 0x32,0x32,0x31,0x30,0x34,0x31,0x39,0x33,0x35,0x5a,0x30,0x21,0x02,0x10,0x30,
3932 0xce,0x9a,0xf1,0xfa,0x17,0xfa,0xf5,0x4c,0xbc,0x52,0x8a,0xf4,0x26,0x2b,0x7b,
3933 0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x31,0x31,0x39,0x31,0x32,0x33,0x39,0x5a,
3934 0x30,0x21,0x02,0x10,0x31,0x16,0x4a,0x6a,0x2e,0x6d,0x34,0x4d,0xd2,0x40,0xf0,
3935 0x5f,0x47,0xe6,0x5b,0x47,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x32,0x31,0x37,
3936 0x33,0x38,0x35,0x32,0x5a,0x30,0x21,0x02,0x10,0x31,0xdb,0x97,0x5b,0x06,0x63,
3937 0x0b,0xd8,0xfe,0x06,0xb3,0xf5,0xf9,0x64,0x0a,0x59,0x17,0x0d,0x30,0x32,0x30,
3938 0x32,0x31,0x32,0x31,0x35,0x35,0x39,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x32,
3939 0xbc,0xeb,0x0c,0xca,0x65,0x06,0x3f,0xa4,0xd5,0x4a,0x56,0x46,0x7c,0x22,0x09,
3940 0x17,0x0d,0x30,0x32,0x30,0x38,0x31,0x36,0x30,0x37,0x33,0x33,0x35,0x35,0x5a,
3941 0x30,0x21,0x02,0x10,0x33,0x17,0xef,0xe1,0x89,0xec,0x11,0x25,0x15,0x8f,0x3b,
3942 0x67,0x7a,0x64,0x0b,0x50,0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x38,0x31,0x37,
3943 0x30,0x33,0x34,0x36,0x5a,0x30,0x21,0x02,0x10,0x34,0x24,0xa0,0xd2,0x00,0x61,
3944 0xeb,0xd3,0x9a,0xa7,0x2a,0x66,0xb4,0x82,0x23,0x77,0x17,0x0d,0x30,0x32,0x30,
3945 0x33,0x31,0x35,0x32,0x32,0x34,0x33,0x33,0x39,0x5a,0x30,0x21,0x02,0x10,0x34,
3946 0xa8,0x16,0x67,0xa5,0x1b,0xa3,0x31,0x11,0x5e,0x26,0xc8,0x3f,0x21,0x38,0xbe,
3947 0x17,0x0d,0x30,0x32,0x30,0x33,0x32,0x31,0x32,0x31,0x31,0x36,0x32,0x31,0x5a,
3948 0x30,0x21,0x02,0x10,0x36,0x3a,0xbe,0x05,0x55,0x52,0x93,0x4f,0x32,0x5f,0x30,
3949 0x63,0xc0,0xd4,0x50,0xdf,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x31,0x31,
3950 0x34,0x36,0x31,0x34,0x5a,0x30,0x21,0x02,0x10,0x37,0x19,0xcc,0xa5,0x9d,0x85,
3951 0x05,0x56,0xe1,0x63,0x42,0x4b,0x0d,0x3c,0xbf,0xd6,0x17,0x0d,0x30,0x33,0x30,
3952 0x31,0x30,0x38,0x31,0x38,0x35,0x38,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x37,
3953 0x2f,0xfd,0x2b,0xec,0x4d,0x94,0x35,0x51,0xf4,0x07,0x2a,0xf5,0x0b,0x97,0xc4,
3954 0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x33,0x31,0x39,0x31,0x38,0x30,0x31,0x5a,
3955 0x30,0x21,0x02,0x10,0x37,0x83,0xf5,0x1e,0x7e,0xf4,0x5f,0xad,0x1f,0x0c,0x55,
3956 0x86,0x30,0x02,0x54,0xc1,0x17,0x0d,0x30,0x33,0x30,0x31,0x30,0x38,0x32,0x30,
3957 0x30,0x33,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,0x38,0x32,0x3e,0x50,0x2b,0x36,
3958 0x93,0x01,0x32,0x0a,0x59,0x8c,0xce,0xad,0xa0,0xeb,0x17,0x0d,0x30,0x32,0x30,
3959 0x34,0x33,0x30,0x32,0x31,0x32,0x34,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,0x3a,
3960 0x62,0xd8,0x64,0xd3,0x85,0xd5,0x61,0x1d,0x9d,0x3f,0x61,0x25,0xe9,0x3a,0x1d,
3961 0x17,0x0d,0x30,0x32,0x30,0x36,0x31,0x37,0x31,0x35,0x31,0x39,0x31,0x36,0x5a,
3962 0x30,0x21,0x02,0x10,0x3a,0x97,0x36,0xb1,0x26,0x14,0x73,0x50,0xa3,0xcc,0x3f,
3963 0xd0,0x3b,0x83,0x99,0xc9,0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x31,0x30,0x33,
3964 0x32,0x39,0x33,0x30,0x5a,0x30,0x21,0x02,0x10,0x3b,0x87,0x3e,0x20,0xbe,0x97,
3965 0xff,0xa7,0x6b,0x2b,0x5f,0xff,0x9a,0x7f,0x4c,0x95,0x17,0x0d,0x30,0x32,0x30,
3966 0x37,0x30,0x33,0x30,0x30,0x33,0x31,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x3b,
3967 0xba,0xe5,0xf2,0x23,0x99,0xc6,0xd7,0xae,0xe2,0x98,0x0d,0xa4,0x13,0x5c,0xd4,
3968 0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x34,0x31,0x39,0x32,0x38,0x34,0x35,0x5a,
3969 0x30,0x21,0x02,0x10,0x3b,0xc2,0x7c,0xf0,0xbd,0xd2,0x9a,0x6f,0x97,0xdd,0x76,
3970 0xbc,0xa9,0x6c,0x45,0x0d,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x31,0x30,
3971 0x34,0x32,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,0x3b,0xc5,0xda,0x41,0x64,0x7a,
3972 0x37,0x8e,0x9f,0x7f,0x1f,0x9b,0x25,0x0a,0xb4,0xda,0x17,0x0d,0x30,0x32,0x30,
3973 0x33,0x30,0x36,0x31,0x33,0x32,0x34,0x34,0x38,0x5a,0x30,0x21,0x02,0x10,0x3c,
3974 0x1b,0xf1,0x9a,0x48,0xb0,0xb8,0xa0,0x45,0xd5,0x8f,0x0f,0x57,0x90,0xc2,0xcd,
3975 0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x38,0x30,0x36,0x34,0x33,0x32,0x33,0x5a,
3976 0x30,0x21,0x02,0x10,0x3d,0x15,0x48,0x80,0xb4,0xfe,0x51,0x7e,0xed,0x46,0xae,
3977 0x51,0xfd,0x47,0x73,0xde,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x37,0x30,0x39,
3978 0x32,0x30,0x30,0x38,0x5a,0x30,0x21,0x02,0x10,0x3d,0x61,0x4e,0x87,0xea,0x39,
3979 0x02,0xf3,0x1e,0x3e,0x56,0x5c,0x0e,0x3b,0xa7,0xe3,0x17,0x0d,0x30,0x32,0x31,
3980 0x30,0x32,0x39,0x31,0x39,0x35,0x34,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x3d,
3981 0xdd,0x61,0x92,0x82,0x69,0x6b,0x01,0x79,0x0e,0xef,0x96,0x12,0xa3,0x76,0x80,
3982 0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x31,0x32,0x32,0x32,0x34,0x31,0x36,0x5a,
3983 0x30,0x21,0x02,0x10,0x3e,0x0e,0x14,0x71,0x55,0xf3,0x48,0x09,0x1b,0x56,0x3b,
3984 0x91,0x7a,0x7d,0xec,0xc9,0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x31,0x32,0x31,
3985 0x34,0x35,0x35,0x31,0x5a,0x30,0x21,0x02,0x10,0x3e,0x23,0x00,0x1f,0x9b,0xbd,
3986 0xe8,0xb1,0xf0,0x06,0x67,0xa6,0x70,0x42,0x2e,0xc3,0x17,0x0d,0x30,0x32,0x30,
3987 0x38,0x30,0x38,0x31,0x32,0x32,0x31,0x33,0x32,0x5a,0x30,0x21,0x02,0x10,0x41,
3988 0x91,0x1a,0x8c,0xde,0x2d,0xb3,0xeb,0x79,0x1d,0xc7,0x99,0x99,0xbe,0x0c,0x0e,
3989 0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x35,0x31,0x39,0x31,0x38,0x35,0x34,0x5a,
3990 0x30,0x21,0x02,0x10,0x41,0xa8,0xd7,0x9c,0x10,0x5e,0x5a,0xac,0x16,0x7f,0x93,
3991 0xaa,0xd1,0x83,0x34,0x55,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x30,0x31,0x32,
3992 0x35,0x33,0x34,0x30,0x5a,0x30,0x21,0x02,0x10,0x42,0x88,0x96,0xb0,0x7b,0x28,
3993 0xa2,0xfa,0x2f,0x91,0x73,0x58,0xa7,0x1e,0x53,0x7c,0x17,0x0d,0x30,0x33,0x30,
3994 0x33,0x30,0x31,0x30,0x39,0x34,0x33,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,0x42,
3995 0x93,0x2f,0xd2,0x54,0xd3,0x94,0xd0,0x41,0x6a,0x2e,0x33,0x8b,0x81,0xb4,0x3c,
3996 0x17,0x0d,0x30,0x32,0x30,0x38,0x30,0x38,0x30,0x30,0x34,0x38,0x34,0x36,0x5a,
3997 0x30,0x21,0x02,0x10,0x44,0x24,0xdd,0xba,0x85,0xfd,0x3e,0xb2,0xb8,0x17,0x74,
3998 0xfd,0x9d,0x5c,0x0c,0xbd,0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x31,0x31,0x36,
3999 0x30,0x39,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x45,0x02,0x18,0x7d,0x39,0x9c,
4000 0xb9,0x14,0xfb,0x10,0x37,0x96,0xf4,0xc1,0xdd,0x2f,0x17,0x0d,0x30,0x32,0x30,
4001 0x32,0x31,0x31,0x31,0x31,0x31,0x31,0x30,0x36,0x5a,0x30,0x21,0x02,0x10,0x45,
4002 0x16,0xbc,0x31,0x0b,0x4e,0x87,0x0a,0xcc,0xe3,0xd5,0x14,0x16,0x33,0x11,0x83,
4003 0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x32,0x30,0x32,0x32,0x30,0x31,0x37,0x5a,
4004 0x30,0x21,0x02,0x10,0x46,0x16,0x36,0xde,0x3f,0xef,0x8c,0xfa,0x67,0x53,0x12,
4005 0xcc,0x76,0x63,0xd6,0xdd,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x34,0x31,0x36,
4006 0x35,0x39,0x34,0x33,0x5a,0x30,0x21,0x02,0x10,0x46,0x5f,0x85,0xa3,0xa4,0x98,
4007 0x3c,0x40,0x63,0xf6,0x1c,0xf7,0xc2,0xbe,0xfd,0x0e,0x17,0x0d,0x30,0x32,0x30,
4008 0x34,0x30,0x39,0x31,0x35,0x33,0x30,0x30,0x35,0x5a,0x30,0x21,0x02,0x10,0x47,
4009 0x20,0xc2,0xd8,0x85,0x85,0x54,0x39,0xcd,0xf2,0x10,0xf0,0xa7,0x88,0x52,0x75,
4010 0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x30,0x32,0x32,0x32,0x35,0x32,0x37,0x5a,
4011 0x30,0x21,0x02,0x10,0x47,0x42,0x6e,0xa2,0xab,0xc5,0x33,0x5d,0x50,0x44,0x0b,
4012 0x88,0x97,0x84,0x59,0x4c,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x35,0x31,0x34,
4013 0x30,0x35,0x31,0x39,0x5a,0x30,0x21,0x02,0x10,0x49,0x20,0x3f,0xa8,0x6e,0x81,
4014 0xc8,0x3b,0x26,0x05,0xf4,0xa7,0x9b,0x5a,0x81,0x60,0x17,0x0d,0x30,0x32,0x30,
4015 0x37,0x31,0x31,0x31,0x37,0x35,0x30,0x34,0x38,0x5a,0x30,0x21,0x02,0x10,0x49,
4016 0x8b,0x6f,0x05,0xfb,0xcb,0xf4,0x5a,0xaf,0x09,0x47,0xb1,0x04,0xc5,0xe3,0x51,
4017 0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x32,0x31,0x37,0x34,0x38,0x30,0x38,0x5a,
4018 0x30,0x21,0x02,0x10,0x49,0xb2,0xc3,0x7a,0xbf,0x75,0x2a,0xb3,0x13,0xae,0x53,
4019 0xc6,0xcb,0x45,0x5a,0x3e,0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x35,0x32,0x31,
4020 0x33,0x35,0x33,0x37,0x5a,0x30,0x21,0x02,0x10,0x4b,0xca,0xc3,0xab,0x0a,0xc5,
4021 0xcd,0x90,0xa2,0xbe,0x43,0xfe,0xdd,0x06,0xe1,0x45,0x17,0x0d,0x30,0x32,0x30,
4022 0x37,0x32,0x30,0x31,0x37,0x33,0x32,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x4c,
4023 0x00,0xcc,0x73,0xd5,0x74,0x61,0x62,0x92,0x52,0xff,0xde,0x5b,0xc1,0x55,0xbd,
4024 0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x36,0x31,0x34,0x30,0x31,0x35,0x31,0x5a,
4025 0x30,0x21,0x02,0x10,0x4c,0x59,0xc1,0xc3,0x56,0x40,0x27,0xd4,0x22,0x0e,0x37,
4026 0xf6,0x5f,0x26,0x50,0xc5,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x36,0x30,0x39,
4027 0x35,0x37,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,0x4c,0xca,0x12,0x59,0x46,0xf9,
4028 0x2b,0xc6,0x7d,0x33,0x78,0x40,0x2c,0x3b,0x7a,0x0c,0x17,0x0d,0x30,0x32,0x30,
4029 0x35,0x33,0x30,0x32,0x30,0x32,0x34,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x4d,
4030 0x57,0x51,0x35,0x9b,0xe5,0x41,0x2c,0x69,0x66,0xc7,0x21,0xec,0xc6,0x29,0x32,
4031 0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x36,0x30,0x34,0x33,0x35,0x35,0x36,0x5a,
4032 0x30,0x21,0x02,0x10,0x4e,0x85,0xab,0x9e,0x17,0x54,0xe7,0x42,0x0f,0x8c,0xa1,
4033 0x65,0x96,0x88,0x53,0x54,0x17,0x0d,0x30,0x32,0x30,0x33,0x32,0x38,0x30,0x30,
4034 0x31,0x38,0x35,0x33,0x5a,0x30,0x21,0x02,0x10,0x50,0x3d,0xed,0xac,0x21,0x86,
4035 0x66,0x5d,0xa5,0x1a,0x13,0xee,0xfc,0xa7,0x0b,0xc6,0x17,0x0d,0x30,0x32,0x30,
4036 0x32,0x31,0x38,0x31,0x33,0x35,0x35,0x34,0x39,0x5a,0x30,0x21,0x02,0x10,0x50,
4037 0xa3,0x81,0x9c,0xcb,0x22,0xe4,0x0f,0x80,0xcb,0x7a,0xec,0x35,0xf8,0x73,0x82,
4038 0x17,0x0d,0x30,0x32,0x31,0x30,0x30,0x35,0x31,0x36,0x35,0x39,0x35,0x39,0x5a,
4039 0x30,0x21,0x02,0x10,0x51,0x28,0x73,0x26,0x17,0xcf,0x10,0x6e,0xeb,0x4a,0x03,
4040 0x74,0xa3,0x35,0xe5,0x60,0x17,0x0d,0x30,0x33,0x30,0x36,0x31,0x33,0x31,0x30,
4041 0x30,0x39,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x51,0x52,0xff,0xdc,0x69,0x6b,
4042 0x1f,0x1f,0xff,0x7c,0xb1,0x7f,0x03,0x90,0xa9,0x6b,0x17,0x0d,0x30,0x32,0x30,
4043 0x36,0x31,0x34,0x31,0x36,0x30,0x34,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,0x52,
4044 0xd9,0x53,0x69,0x9f,0xec,0xab,0xdd,0x5d,0x2a,0x2f,0xaa,0x57,0x86,0xb9,0x1f,
4045 0x17,0x0d,0x30,0x32,0x30,0x38,0x33,0x30,0x32,0x33,0x34,0x36,0x34,0x33,0x5a,
4046 0x30,0x21,0x02,0x10,0x54,0x46,0xa8,0x8f,0x69,0x2e,0x02,0xf4,0xb4,0xb2,0x69,
4047 0xda,0xbd,0x40,0x02,0xe0,0x17,0x0d,0x30,0x32,0x30,0x33,0x32,0x36,0x30,0x31,
4048 0x35,0x36,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x54,0xb5,0x81,0x73,0xb5,0x7c,
4049 0x6d,0xba,0x5c,0x99,0x0d,0xff,0x0a,0x4d,0xee,0xef,0x17,0x0d,0x30,0x32,0x30,
4050 0x37,0x32,0x34,0x31,0x36,0x33,0x39,0x35,0x31,0x5a,0x30,0x21,0x02,0x10,0x57,
4051 0x91,0x41,0x20,0x9f,0x57,0x6f,0x42,0x53,0x4e,0x19,0xcc,0xe4,0xc8,0x52,0x4a,
4052 0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x38,0x32,0x33,0x32,0x34,0x30,0x30,0x5a,
4053 0x30,0x21,0x02,0x10,0x57,0xc6,0xdc,0xa0,0xed,0xbf,0x77,0xdd,0x7e,0x18,0x68,
4054 0x83,0x57,0x0c,0x2a,0x4f,0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x31,0x31,0x34,
4055 0x30,0x36,0x31,0x31,0x5a,0x30,0x21,0x02,0x10,0x57,0xed,0xe2,0x5b,0xe2,0x62,
4056 0x3f,0x98,0xe1,0xf5,0x4d,0x30,0xa4,0x0e,0xdf,0xdf,0x17,0x0d,0x30,0x32,0x30,
4057 0x36,0x30,0x39,0x30,0x31,0x34,0x37,0x31,0x38,0x5a,0x30,0x21,0x02,0x10,0x58,
4058 0x47,0xd9,0xbd,0x83,0x1a,0x63,0x6f,0xb7,0x63,0x7f,0x4a,0x56,0x5e,0x8e,0x4d,
4059 0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x35,0x31,0x37,0x32,0x33,0x30,0x33,0x5a,
4060 0x30,0x21,0x02,0x10,0x58,0xc6,0x62,0x99,0x80,0xe6,0x0c,0x4f,0x00,0x8b,0x25,
4061 0x38,0x93,0xe6,0x18,0x10,0x17,0x0d,0x30,0x32,0x30,0x36,0x30,0x36,0x30,0x37,
4062 0x30,0x39,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x59,0x52,0x09,0x0e,0x99,0xf3,
4063 0xa9,0xe5,0x2f,0xed,0xa9,0xb2,0xd8,0x61,0xe7,0xea,0x17,0x0d,0x30,0x32,0x30,
4064 0x36,0x32,0x36,0x31,0x34,0x31,0x38,0x33,0x36,0x5a,0x30,0x21,0x02,0x10,0x59,
4065 0x5c,0xaa,0xfb,0xbe,0xfb,0x73,0xd1,0xf4,0xab,0xc8,0xe3,0x3d,0x01,0x04,0xdd,
4066 0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x37,0x32,0x32,0x32,0x30,0x31,0x30,0x5a,
4067 0x30,0x21,0x02,0x10,0x59,0x97,0x59,0xa7,0x3d,0xb0,0xd9,0x7e,0xff,0x2a,0xcb,
4068 0x31,0xcc,0x66,0xf3,0x85,0x17,0x0d,0x30,0x32,0x30,0x38,0x32,0x32,0x30,0x30,
4069 0x35,0x35,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x59,0xdd,0x45,0x36,0x61,0xd9,
4070 0x3e,0xe9,0xff,0xbd,0xad,0x2e,0xbf,0x9a,0x5d,0x98,0x17,0x0d,0x30,0x32,0x30,
4071 0x37,0x30,0x32,0x32,0x30,0x34,0x30,0x30,0x33,0x5a,0x30,0x21,0x02,0x10,0x5a,
4072 0x4b,0x48,0x18,0xa9,0x2a,0x9c,0xd5,0x91,0x2f,0x4f,0xa4,0xf8,0xb3,0x1b,0x4d,
4073 0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x34,0x32,0x33,0x33,0x33,0x31,0x32,0x5a,
4074 0x30,0x21,0x02,0x10,0x5a,0xdf,0x32,0x0d,0x64,0xeb,0x9b,0xd2,0x11,0xe2,0x58,
4075 0x50,0xbe,0x93,0x0c,0x65,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x35,0x31,0x37,
4076 0x30,0x37,0x32,0x31,0x5a,0x30,0x21,0x02,0x10,0x5b,0x23,0xbf,0xbb,0xc4,0xb3,
4077 0xf4,0x02,0xe9,0xcb,0x10,0x9e,0xee,0xa5,0x3f,0xcd,0x17,0x0d,0x30,0x32,0x30,
4078 0x33,0x32,0x39,0x31,0x36,0x32,0x36,0x35,0x39,0x5a,0x30,0x21,0x02,0x10,0x5b,
4079 0x51,0xbc,0x38,0xbf,0xaf,0x9f,0x27,0xa9,0xc7,0xed,0x25,0xd0,0x8d,0xec,0x2e,
4080 0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x38,0x31,0x30,0x32,0x35,0x32,0x30,0x5a,
4081 0x30,0x21,0x02,0x10,0x5c,0x29,0x7f,0x46,0x61,0xdd,0x47,0x90,0x82,0x91,0xbd,
4082 0x79,0x22,0x6a,0x98,0x38,0x17,0x0d,0x30,0x32,0x31,0x31,0x30,0x38,0x31,0x35,
4083 0x35,0x34,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x5e,0x38,0xf7,0x5b,0x00,0xf1,
4084 0xef,0x1c,0xb6,0xff,0xd5,0x5c,0x74,0xfb,0x95,0x5d,0x17,0x0d,0x30,0x32,0x31,
4085 0x31,0x32,0x33,0x30,0x31,0x34,0x39,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x5e,
4086 0x88,0xbe,0xb6,0xb4,0xb2,0xaa,0xb0,0x92,0xf3,0xf6,0xc2,0xbc,0x72,0x21,0xca,
4087 0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x34,0x30,0x37,0x31,0x32,0x31,0x30,0x5a,
4088 0x30,0x21,0x02,0x10,0x5f,0x59,0xa0,0xbb,0xaf,0x26,0xc8,0xc1,0xb4,0x04,0x3a,
4089 0xbb,0xfc,0x4c,0x75,0xa5,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x36,0x31,0x35,
4090 0x35,0x31,0x32,0x33,0x5a,0x30,0x21,0x02,0x10,0x5f,0x81,0x08,0x0f,0xa0,0xcd,
4091 0x44,0x73,0x23,0x58,0x8e,0x49,0x9f,0xb5,0x08,0x35,0x17,0x0d,0x30,0x32,0x30,
4092 0x36,0x31,0x39,0x31,0x34,0x31,0x37,0x34,0x33,0x5a,0x30,0x21,0x02,0x10,0x5f,
4093 0xba,0x1f,0x8f,0xb2,0x23,0x56,0xdd,0xbc,0xa6,0x72,0xb0,0x99,0x13,0xb5,0xb2,
4094 0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x36,0x30,0x38,0x34,0x37,0x31,0x30,0x5a,
4095 0x30,0x21,0x02,0x10,0x60,0x09,0xd5,0xb7,0x6b,0xf1,0x16,0x4a,0xfa,0xd0,0xa5,
4096 0x4c,0x8e,0xdd,0x02,0xcb,0x17,0x0d,0x30,0x32,0x30,0x36,0x31,0x37,0x31,0x36,
4097 0x31,0x32,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x60,0x1d,0x19,0xd8,0x55,0xd5,
4098 0x14,0xd5,0xff,0x03,0x0d,0xad,0x5c,0x07,0x4c,0xe7,0x17,0x0d,0x30,0x32,0x30,
4099 0x37,0x31,0x35,0x32,0x33,0x30,0x31,0x31,0x31,0x5a,0x30,0x21,0x02,0x10,0x60,
4100 0x24,0x67,0xc3,0x0b,0xad,0x53,0x8f,0xce,0x89,0x05,0xb5,0x87,0xaf,0x7c,0xe4,
4101 0x17,0x0d,0x30,0x32,0x31,0x30,0x30,0x38,0x32,0x30,0x33,0x38,0x35,0x32,0x5a,
4102 0x30,0x21,0x02,0x10,0x60,0x5c,0xf3,0x3d,0x22,0x23,0x39,0x3f,0xe6,0x21,0x09,
4103 0xfd,0xdd,0x77,0xc2,0x8f,0x17,0x0d,0x30,0x32,0x30,0x37,0x30,0x32,0x31,0x37,
4104 0x32,0x37,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x60,0xa2,0x5e,0xbf,0x07,0x83,
4105 0xa3,0x18,0x56,0x18,0x48,0x63,0xa7,0xfd,0xc7,0x63,0x17,0x0d,0x30,0x32,0x30,
4106 0x35,0x30,0x39,0x31,0x39,0x35,0x32,0x32,0x37,0x5a,0x30,0x21,0x02,0x10,0x60,
4107 0xc2,0xad,0xa8,0x0e,0xf9,0x9a,0x66,0x5d,0xa2,0x75,0x04,0x5e,0x5c,0x71,0xc2,
4108 0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x32,0x31,0x33,0x33,0x36,0x31,0x37,0x5a,
4109 0x30,0x21,0x02,0x10,0x60,0xdb,0x1d,0x37,0x34,0xf6,0x02,0x9d,0x68,0x1b,0x70,
4110 0xf1,0x13,0x00,0x2f,0x80,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x38,0x30,0x39,
4111 0x35,0x35,0x33,0x33,0x5a,0x30,0x21,0x02,0x10,0x61,0xf0,0x38,0xea,0xbc,0x17,
4112 0x0d,0x11,0xd2,0x89,0xee,0x87,0x50,0x57,0xa0,0xed,0x17,0x0d,0x30,0x33,0x30,
4113 0x31,0x32,0x39,0x31,0x37,0x34,0x31,0x34,0x34,0x5a,0x30,0x21,0x02,0x10,0x61,
4114 0xfa,0x9b,0xeb,0x58,0xf9,0xe5,0xa5,0x9e,0x79,0xa8,0x3d,0x79,0xac,0x35,0x97,
4115 0x17,0x0d,0x30,0x32,0x31,0x30,0x31,0x30,0x32,0x30,0x31,0x36,0x33,0x37,0x5a,
4116 0x30,0x21,0x02,0x10,0x62,0x44,0x57,0x24,0x41,0xc0,0x89,0x3f,0x5b,0xd2,0xbd,
4117 0xe7,0x2f,0x75,0x41,0xfa,0x17,0x0d,0x30,0x32,0x30,0x38,0x30,0x38,0x31,0x38,
4118 0x33,0x30,0x31,0x35,0x5a,0x30,0x21,0x02,0x10,0x62,0x51,0x3a,0x2d,0x8d,0x82,
4119 0x39,0x65,0xfe,0xf6,0x8a,0xc8,0x4e,0x29,0x91,0xfd,0x17,0x0d,0x30,0x32,0x30,
4120 0x39,0x32,0x36,0x30,0x30,0x35,0x34,0x33,0x34,0x5a,0x30,0x21,0x02,0x10,0x62,
4121 0x52,0x49,0x49,0xf2,0x51,0x67,0x7a,0xe2,0xee,0xc9,0x0c,0x23,0x11,0x3d,0xb2,
4122 0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x37,0x31,0x38,0x30,0x36,0x35,0x35,0x5a,
4123 0x30,0x21,0x02,0x10,0x63,0x52,0xbd,0xdc,0xb7,0xbf,0xbb,0x90,0x6c,0x82,0xee,
4124 0xb5,0xa3,0x9f,0xd8,0xc9,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x31,0x31,0x36,
4125 0x33,0x30,0x35,0x38,0x5a,0x30,0x21,0x02,0x10,0x63,0x5e,0x6b,0xe9,0xea,0x3d,
4126 0xd6,0x3b,0xc3,0x4d,0x09,0xc3,0x13,0xdb,0xdd,0xbc,0x17,0x0d,0x30,0x33,0x30,
4127 0x36,0x30,0x32,0x31,0x34,0x34,0x37,0x33,0x36,0x5a,0x30,0x21,0x02,0x10,0x63,
4128 0xda,0x0b,0xd5,0x13,0x1e,0x98,0x83,0x32,0xa2,0x3a,0x4b,0xdf,0x8c,0x89,0x86,
4129 0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x35,0x30,0x38,0x30,0x38,0x31,0x33,0x5a,
4130 0x30,0x21,0x02,0x10,0x64,0xfe,0xf0,0x1a,0x3a,0xed,0x89,0xf8,0xb5,0x34,0xd3,
4131 0x1e,0x0f,0xce,0x0d,0xce,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x38,0x32,0x31,
4132 0x30,0x36,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x65,0xa7,0x49,0xd8,0x37,0x22,
4133 0x4b,0x4a,0xe5,0xcf,0xa3,0xfe,0xd6,0x3b,0xc0,0x67,0x17,0x0d,0x30,0x32,0x31,
4134 0x32,0x30,0x34,0x31,0x37,0x31,0x34,0x31,0x36,0x5a,0x30,0x21,0x02,0x10,0x65,
4135 0xc9,0x9e,0x47,0x76,0x98,0x0d,0x9e,0x57,0xe4,0xae,0xc5,0x1c,0x3e,0xf2,0xe7,
4136 0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x33,0x31,0x34,0x30,0x38,0x31,0x38,0x5a,
4137 0x30,0x21,0x02,0x10,0x65,0xe0,0x7b,0xc5,0x74,0xe4,0xab,0x01,0x4f,0xa3,0x5e,
4138 0xd6,0xeb,0xcd,0xd5,0x69,0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x33,0x31,0x37,
4139 0x32,0x34,0x30,0x36,0x5a,0x30,0x21,0x02,0x10,0x66,0x51,0xb7,0xe5,0x62,0xb7,
4140 0xe3,0x31,0xc0,0xee,0xf2,0xe8,0xfe,0x84,0x6a,0x4e,0x17,0x0d,0x30,0x32,0x30,
4141 0x39,0x30,0x36,0x31,0x33,0x32,0x33,0x33,0x33,0x5a,0x30,0x21,0x02,0x10,0x67,
4142 0x7c,0x76,0xac,0x66,0x5a,0x6b,0x41,0x5c,0x07,0x83,0x02,0xd6,0xd9,0x63,0xc0,
4143 0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x38,0x31,0x33,0x35,0x35,0x31,0x30,0x5a,
4144 0x30,0x21,0x02,0x10,0x68,0x67,0xde,0xb3,0xaa,0x20,0xcf,0x4b,0x34,0xa5,0xe0,
4145 0xc8,0xc0,0xc5,0xc9,0xa4,0x17,0x0d,0x30,0x32,0x30,0x33,0x31,0x32,0x30,0x31,
4146 0x30,0x39,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x69,0x23,0x34,0x5d,0x75,0x04,
4147 0xdc,0x99,0xbd,0xce,0x8d,0x21,0xb4,0x6b,0x10,0xfc,0x17,0x0d,0x30,0x32,0x30,
4148 0x39,0x30,0x33,0x31,0x33,0x31,0x39,0x32,0x30,0x5a,0x30,0x21,0x02,0x10,0x69,
4149 0x9f,0x20,0x31,0xd1,0x3f,0xfa,0x1e,0x70,0x2e,0x37,0xd5,0x9a,0x8c,0x0a,0x16,
4150 0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x30,0x30,0x39,0x30,0x31,0x33,0x35,0x5a,
4151 0x30,0x21,0x02,0x10,0x6a,0x94,0xd6,0x25,0xd0,0x67,0xe4,0x4d,0x79,0x2b,0xc6,
4152 0xd5,0xc9,0x4a,0x7f,0xc6,0x17,0x0d,0x30,0x32,0x30,0x32,0x31,0x31,0x31,0x39,
4153 0x31,0x35,0x34,0x30,0x5a,0x30,0x21,0x02,0x10,0x6b,0x5c,0xa4,0x45,0x5b,0xe9,
4154 0xcf,0xe7,0x3b,0x29,0xb1,0x32,0xd7,0xa1,0x04,0x3d,0x17,0x0d,0x30,0x32,0x31,
4155 0x30,0x31,0x38,0x31,0x35,0x34,0x33,0x34,0x38,0x5a,0x30,0x21,0x02,0x10,0x6b,
4156 0xc0,0x7d,0x4f,0x18,0xfe,0xb7,0x07,0xe8,0x56,0x9a,0x6c,0x40,0x0f,0x36,0x53,
4157 0x17,0x0d,0x30,0x32,0x30,0x39,0x32,0x36,0x32,0x31,0x30,0x31,0x32,0x36,0x5a,
4158 0x30,0x21,0x02,0x10,0x6b,0xe1,0xdd,0x36,0x3b,0xec,0xe0,0xa9,0xf5,0x92,0x7e,
4159 0x33,0xbf,0xed,0x48,0x46,0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x37,0x31,0x34,
4160 0x34,0x32,0x33,0x31,0x5a,0x30,0x21,0x02,0x10,0x6c,0xac,0xeb,0x37,0x2b,0x6a,
4161 0x42,0xe2,0xca,0xc8,0xd2,0xda,0xb8,0xb9,0x82,0x6a,0x17,0x0d,0x30,0x32,0x30,
4162 0x33,0x30,0x31,0x31,0x34,0x32,0x38,0x33,0x34,0x5a,0x30,0x21,0x02,0x10,0x6d,
4163 0x98,0x1b,0xb4,0x76,0xd1,0x62,0x59,0xa1,0x3c,0xee,0xd2,0x21,0xd8,0xdf,0x4c,
4164 0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x34,0x31,0x37,0x35,0x36,0x31,0x32,0x5a,
4165 0x30,0x21,0x02,0x10,0x6d,0xdd,0x0b,0x5a,0x3c,0x9c,0xab,0xd3,0x3b,0xd9,0x16,
4166 0xec,0x69,0x74,0xfb,0x9a,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x32,0x31,0x32,
4167 0x32,0x36,0x33,0x38,0x5a,0x30,0x21,0x02,0x10,0x6e,0xde,0xfd,0x89,0x36,0xae,
4168 0xa0,0x41,0x8d,0x5c,0xec,0x2e,0x90,0x31,0xf8,0x9a,0x17,0x0d,0x30,0x32,0x30,
4169 0x34,0x30,0x38,0x32,0x32,0x33,0x36,0x31,0x32,0x5a,0x30,0x21,0x02,0x10,0x6f,
4170 0xb2,0x6b,0x4c,0x48,0xca,0xfe,0xe6,0x69,0x9a,0x06,0x63,0xc4,0x32,0x96,0xc1,
4171 0x17,0x0d,0x30,0x33,0x30,0x31,0x31,0x37,0x31,0x37,0x32,0x37,0x32,0x35,0x5a,
4172 0x30,0x21,0x02,0x10,0x70,0x0b,0xe1,0xee,0x44,0x89,0x51,0x52,0x65,0x27,0x2c,
4173 0x2d,0x34,0x7c,0xe0,0x8d,0x17,0x0d,0x30,0x32,0x30,0x39,0x31,0x38,0x30,0x30,
4174 0x33,0x36,0x30,0x30,0x5a,0x30,0x21,0x02,0x10,0x70,0x2d,0xc0,0xa6,0xb8,0xa5,
4175 0xa0,0xda,0x48,0x59,0xb3,0x96,0x34,0x80,0xc8,0x25,0x17,0x0d,0x30,0x32,0x30,
4176 0x38,0x33,0x30,0x31,0x34,0x30,0x31,0x30,0x31,0x5a,0x30,0x21,0x02,0x10,0x70,
4177 0xe1,0xd9,0x92,0xcd,0x76,0x42,0x63,0x51,0x6e,0xcd,0x8c,0x09,0x29,0x17,0x48,
4178 0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x37,0x31,0x31,0x31,0x30,0x34,0x31,0x5a,
4179 0x30,0x21,0x02,0x10,0x72,0x38,0xe4,0x91,0x6a,0x7a,0x8a,0xf3,0xbf,0xf0,0xd8,
4180 0xe0,0xa4,0x70,0x8d,0xa8,0x17,0x0d,0x30,0x32,0x30,0x33,0x30,0x34,0x31,0x39,
4181 0x30,0x36,0x34,0x30,0x5a,0x30,0x21,0x02,0x10,0x72,0x97,0xa1,0xd8,0x9c,0x3b,
4182 0x00,0xc2,0xc4,0x26,0x2d,0x06,0x2b,0x29,0x76,0x4e,0x17,0x0d,0x30,0x32,0x30,
4183 0x36,0x31,0x38,0x31,0x35,0x30,0x39,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x72,
4184 0xd2,0x23,0x9b,0xf2,0x33,0xe9,0x7c,0xcf,0xb6,0xa9,0x41,0xd5,0x0e,0x5c,0x39,
4185 0x17,0x0d,0x30,0x33,0x30,0x34,0x30,0x39,0x31,0x37,0x30,0x32,0x32,0x39,0x5a,
4186 0x30,0x21,0x02,0x10,0x74,0x5c,0x9c,0xf9,0xaa,0xc3,0xfa,0x94,0x3c,0x25,0x39,
4187 0x65,0x44,0x95,0x13,0xf1,0x17,0x0d,0x30,0x32,0x30,0x37,0x30,0x39,0x32,0x33,
4188 0x35,0x33,0x32,0x30,0x5a,0x30,0x21,0x02,0x10,0x74,0x98,0x7f,0x68,0xad,0x17,
4189 0x92,0x93,0xf2,0x65,0x94,0x0c,0x33,0xe6,0xbd,0x49,0x17,0x0d,0x30,0x32,0x30,
4190 0x34,0x32,0x33,0x30,0x37,0x34,0x34,0x31,0x38,0x5a,0x30,0x21,0x02,0x10,0x75,
4191 0x0e,0x40,0xff,0x97,0xf0,0x47,0xed,0xf5,0x56,0xc7,0x08,0x4e,0xb1,0xab,0xfd,
4192 0x17,0x0d,0x30,0x31,0x30,0x31,0x33,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,
4193 0x30,0x21,0x02,0x10,0x75,0x26,0x51,0x59,0x65,0xb7,0x33,0x32,0x5f,0xe6,0xcd,
4194 0xaa,0x30,0x65,0x78,0xe0,0x17,0x0d,0x30,0x32,0x30,0x35,0x31,0x36,0x31,0x38,
4195 0x32,0x34,0x35,0x36,0x5a,0x30,0x21,0x02,0x10,0x76,0x13,0x6f,0xbf,0xc8,0xde,
4196 0xd9,0x36,0x30,0x39,0xcc,0x85,0x8f,0x00,0x2f,0x19,0x17,0x0d,0x30,0x32,0x30,
4197 0x33,0x31,0x34,0x30,0x39,0x34,0x38,0x32,0x34,0x5a,0x30,0x21,0x02,0x10,0x76,
4198 0x52,0x78,0x89,0x44,0xfa,0xc1,0xb3,0xd7,0xc9,0x4c,0xb3,0x32,0x95,0xaf,0x03,
4199 0x17,0x0d,0x30,0x32,0x31,0x31,0x31,0x34,0x31,0x39,0x31,0x35,0x34,0x33,0x5a,
4200 0x30,0x21,0x02,0x10,0x77,0x5d,0x4c,0x40,0xd9,0x8d,0xfa,0xc8,0x9a,0x24,0x8d,
4201 0x47,0x10,0x90,0x4a,0x0a,0x17,0x0d,0x30,0x32,0x30,0x35,0x30,0x39,0x30,0x31,
4202 0x31,0x33,0x30,0x32,0x5a,0x30,0x21,0x02,0x10,0x77,0xe6,0x5a,0x43,0x59,0x93,
4203 0x5d,0x5f,0x7a,0x75,0x80,0x1a,0xcd,0xad,0xc2,0x22,0x17,0x0d,0x30,0x30,0x30,
4204 0x38,0x33,0x31,0x31,0x38,0x32,0x32,0x35,0x30,0x5a,0x30,0x21,0x02,0x10,0x78,
4205 0x19,0xf1,0xb6,0x87,0x83,0xaf,0xdf,0x60,0x8d,0x9a,0x64,0x0d,0xec,0xe0,0x51,
4206 0x17,0x0d,0x30,0x32,0x30,0x35,0x32,0x30,0x31,0x37,0x32,0x38,0x31,0x36,0x5a,
4207 0x30,0x21,0x02,0x10,0x78,0x64,0x65,0x8f,0x82,0x79,0xdb,0xa5,0x1c,0x47,0x10,
4208 0x1d,0x72,0x23,0x66,0x52,0x17,0x0d,0x30,0x33,0x30,0x31,0x32,0x34,0x31,0x38,
4209 0x34,0x35,0x34,0x37,0x5a,0x30,0x21,0x02,0x10,0x78,0x64,0xe1,0xc0,0x69,0x8f,
4210 0x3a,0xc7,0x8b,0x23,0xe3,0x29,0xb1,0xee,0xa9,0x41,0x17,0x0d,0x30,0x32,0x30,
4211 0x35,0x30,0x38,0x31,0x37,0x34,0x36,0x32,0x36,0x5a,0x30,0x21,0x02,0x10,0x78,
4212 0x79,0x89,0x61,0x12,0x67,0x64,0x14,0xfd,0x08,0xcc,0xb3,0x05,0x55,0xc0,0x67,
4213 0x17,0x0d,0x30,0x32,0x30,0x34,0x30,0x32,0x31,0x33,0x31,0x38,0x35,0x33,0x5a,
4214 0x30,0x21,0x02,0x10,0x78,0x8a,0x56,0x22,0x08,0xce,0x42,0xee,0xd1,0xa3,0x79,
4215 0x10,0x14,0xfd,0x3a,0x36,0x17,0x0d,0x30,0x33,0x30,0x32,0x30,0x35,0x31,0x36,
4216 0x35,0x33,0x32,0x39,0x5a,0x30,0x21,0x02,0x10,0x7a,0xa0,0x6c,0xba,0x33,0x02,
4217 0xac,0x5f,0xf5,0x0b,0xb6,0x77,0x61,0xef,0x77,0x09,0x17,0x0d,0x30,0x32,0x30,
4218 0x32,0x32,0x38,0x31,0x37,0x35,0x35,0x31,0x31,0x5a,0x30,0x21,0x02,0x10,0x7b,
4219 0x91,0x33,0x66,0x6c,0xf0,0xd4,0xe3,0x9d,0xf6,0x88,0x29,0x9b,0xf7,0xd0,0xea,
4220 0x17,0x0d,0x30,0x32,0x31,0x31,0x32,0x30,0x32,0x32,0x31,0x36,0x34,0x39,0x5a,
4221 0x30,0x21,0x02,0x10,0x7c,0xef,0xf2,0x0a,0x08,0xae,0x10,0x57,0x1e,0xde,0xdc,
4222 0xd6,0x63,0x76,0xb0,0x5d,0x17,0x0d,0x30,0x32,0x30,0x32,0x32,0x36,0x31,0x30,
4223 0x32,0x32,0x33,0x30,0x5a,0x30,0x21,0x02,0x10,0x7f,0x76,0xef,0x69,0xeb,0xf5,
4224 0x3f,0x53,0x2e,0xaa,0xa5,0xed,0xde,0xc0,0xb4,0x06,0x17,0x0d,0x30,0x32,0x30,
4225 0x35,0x30,0x31,0x30,0x33,0x33,0x33,0x30,0x37,0x5a,0x30,0x21,0x02,0x10,0x7f,
4226 0xcb,0x6b,0x99,0x91,0xd0,0x76,0xe1,0x3c,0x0e,0x67,0x15,0xc4,0xd4,0x4d,0x7b,
4227 0x17,0x0d,0x30,0x32,0x30,0x34,0x31,0x30,0x32,0x31,0x31,0x38,0x34,0x30,0x5a,
4228 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04,0x05,0x00,
4229 0x03,0x81,0x81,0x00,0x5c,0xb9,0xb3,0xbe,0xd3,0xd6,0x73,0xa3,0xfe,0x4a,0xb2,
4230 0x21,0x80,0xea,0xaa,0x05,0x61,0x14,0x1d,0x67,0xb1,0xdf,0xa6,0xf9,0x42,0x08,
4231 0x0d,0x59,0x62,0x9c,0x11,0x5f,0x0e,0x92,0xc5,0xc6,0xae,0x74,0x64,0xc7,0x84,
4232 0x3e,0x64,0x43,0xd2,0xec,0xbb,0xe1,0x9b,0x52,0x74,0x57,0xcf,0x96,0xef,0x68,
4233 0x02,0x7a,0x7b,0x36,0xb7,0xc6,0x9a,0x5f,0xca,0x9c,0x37,0x47,0xc8,0x3a,0x5c,
4234 0x34,0x35,0x3b,0x4b,0xca,0x20,0x77,0x44,0x68,0x07,0x02,0x34,0x46,0xaa,0x0f,
4235 0xd0,0x4d,0xd9,0x47,0xf4,0xb3,0x2d,0xb1,0x44,0xa5,0x69,0xa9,0x85,0x13,0x43,
4236 0xcd,0xcc,0x1d,0x9a,0xe6,0x2d,0xfd,0x9f,0xdc,0x2f,0x83,0xbb,0x8c,0xe2,0x8c,
4237 0x61,0xc0,0x99,0x16,0x71,0x05,0xb6,0x25,0x14,0x64,0x4f,0x30 };
4238
4239 static void test_decodeCRLToBeSigned(DWORD dwEncoding)
4240 {
4241 static const BYTE *corruptCRLs[] = { v1CRL, v2CRL };
4242 BOOL ret;
4243 BYTE *buf = NULL;
4244 DWORD size = 0, i;
4245
4246 for (i = 0; i < sizeof(corruptCRLs) / sizeof(corruptCRLs[0]); i++)
4247 {
4248 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4249 corruptCRLs[i], corruptCRLs[i][1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
4250 (BYTE *)&buf, &size);
4251 ok(!ret && (GetLastError() == CRYPT_E_ASN1_CORRUPT),
4252 "Expected CRYPT_E_ASN1_CORRUPT, got %08x\n", GetLastError());
4253 }
4254 /* at a minimum, a CRL must contain an issuer: */
4255 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4256 v1CRLWithIssuer, v1CRLWithIssuer[1] + 2, CRYPT_DECODE_ALLOC_FLAG, NULL,
4257 (BYTE *)&buf, &size);
4258 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4259 if (buf)
4260 {
4261 CRL_INFO *info = (CRL_INFO *)buf;
4262
4263 ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
4264 ok(info->cCRLEntry == 0, "Expected 0 CRL entries, got %d\n",
4265 info->cCRLEntry);
4266 ok(info->Issuer.cbData == sizeof(encodedCommonName),
4267 "Wrong issuer size %d\n", info->Issuer.cbData);
4268 ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
4269 "Unexpected issuer\n");
4270 LocalFree(buf);
4271 }
4272 /* check decoding with an empty CRL entry */
4273 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4274 v1CRLWithIssuerAndEmptyEntry, v1CRLWithIssuerAndEmptyEntry[1] + 2,
4275 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4276 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
4277 "Expected CRYPT_E_ASN1_CORRUPT, got %08x\n", GetLastError());
4278 /* with a real CRL entry */
4279 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4280 v1CRLWithIssuerAndEntry, v1CRLWithIssuerAndEntry[1] + 2,
4281 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4282 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4283 if (buf)
4284 {
4285 CRL_INFO *info = (CRL_INFO *)buf;
4286 CRL_ENTRY *entry;
4287
4288 ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
4289 ok(info->cCRLEntry == 1, "Expected 1 CRL entries, got %d\n",
4290 info->cCRLEntry);
4291 ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
4292 entry = info->rgCRLEntry;
4293 ok(entry->SerialNumber.cbData == 1,
4294 "Expected serial number size 1, got %d\n",
4295 entry->SerialNumber.cbData);
4296 ok(*entry->SerialNumber.pbData == *serialNum,
4297 "Expected serial number %d, got %d\n", *serialNum,
4298 *entry->SerialNumber.pbData);
4299 ok(info->Issuer.cbData == sizeof(encodedCommonName),
4300 "Wrong issuer size %d\n", info->Issuer.cbData);
4301 ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
4302 "Unexpected issuer\n");
4303 LocalFree(buf);
4304 }
4305 /* a real CRL from verisign that has extensions */
4306 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4307 verisignCRL, sizeof(verisignCRL), CRYPT_DECODE_ALLOC_FLAG,
4308 NULL, (BYTE *)&buf, &size);
4309 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4310 if (buf)
4311 {
4312 CRL_INFO *info = (CRL_INFO *)buf;
4313 CRL_ENTRY *entry;
4314
4315 ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
4316 ok(info->cCRLEntry == 3, "Expected 3 CRL entries, got %d\n",
4317 info->cCRLEntry);
4318 ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
4319 entry = info->rgCRLEntry;
4320 ok(info->cExtension == 2, "Expected 2 extensions, got %d\n",
4321 info->cExtension);
4322 LocalFree(buf);
4323 }
4324 /* another real CRL from verisign that has lots of entries */
4325 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4326 verisignCRLWithLotsOfEntries, sizeof(verisignCRLWithLotsOfEntries),
4327 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4328 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4329 if (buf)
4330 {
4331 CRL_INFO *info = (CRL_INFO *)buf;
4332
4333 ok(size >= sizeof(CRL_INFO), "Got size %d\n", size);
4334 ok(info->cCRLEntry == 209, "Expected 209 CRL entries, got %d\n",
4335 info->cCRLEntry);
4336 ok(info->cExtension == 0, "Expected 0 extensions, got %d\n",
4337 info->cExtension);
4338 LocalFree(buf);
4339 }
4340 /* and finally, with an extension */
4341 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4342 v1CRLWithExt, sizeof(v1CRLWithExt), CRYPT_DECODE_ALLOC_FLAG,
4343 NULL, (BYTE *)&buf, &size);
4344 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4345 if (buf)
4346 {
4347 CRL_INFO *info = (CRL_INFO *)buf;
4348 CRL_ENTRY *entry;
4349
4350 ok(size >= sizeof(CRL_INFO), "Wrong size %d\n", size);
4351 ok(info->cCRLEntry == 1, "Expected 1 CRL entries, got %d\n",
4352 info->cCRLEntry);
4353 ok(info->rgCRLEntry != NULL, "Expected a valid CRL entry array\n");
4354 entry = info->rgCRLEntry;
4355 ok(entry->SerialNumber.cbData == 1,
4356 "Expected serial number size 1, got %d\n",
4357 entry->SerialNumber.cbData);
4358 ok(*entry->SerialNumber.pbData == *serialNum,
4359 "Expected serial number %d, got %d\n", *serialNum,
4360 *entry->SerialNumber.pbData);
4361 ok(info->Issuer.cbData == sizeof(encodedCommonName),
4362 "Wrong issuer size %d\n", info->Issuer.cbData);
4363 ok(!memcmp(info->Issuer.pbData, encodedCommonName, info->Issuer.cbData),
4364 "Unexpected issuer\n");
4365 ok(info->cExtension == 1, "Expected 1 extensions, got %d\n",
4366 info->cExtension);
4367 LocalFree(buf);
4368 }
4369 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4370 v2CRLWithExt, sizeof(v2CRLWithExt), CRYPT_DECODE_ALLOC_FLAG,
4371 NULL, (BYTE *)&buf, &size);
4372 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4373 if (buf)
4374 {
4375 CRL_INFO *info = (CRL_INFO *)buf;
4376
4377 ok(info->cExtension == 1, "Expected 1 extensions, got %d\n",
4378 info->cExtension);
4379 LocalFree(buf);
4380 }
4381 /* And again, with an issuing dist point */
4382 ret = pCryptDecodeObjectEx(dwEncoding, X509_CERT_CRL_TO_BE_SIGNED,
4383 v2CRLWithIssuingDistPoint, sizeof(v2CRLWithIssuingDistPoint),
4384 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4385 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4386 if (buf)
4387 {
4388 CRL_INFO *info = (CRL_INFO *)buf;
4389
4390 ok(info->cExtension == 1, "Expected 1 extensions, got %d\n",
4391 info->cExtension);
4392 LocalFree(buf);
4393 }
4394 }
4395
4396 static const LPCSTR keyUsages[] = { szOID_PKIX_KP_CODE_SIGNING,
4397 szOID_PKIX_KP_CLIENT_AUTH, szOID_RSA_RSA };
4398 static const BYTE encodedUsage[] = {
4399 0x30, 0x1f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03,
4400 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x09,
4401 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };
4402
4403 static void test_encodeEnhancedKeyUsage(DWORD dwEncoding)
4404 {
4405 BOOL ret;
4406 BYTE *buf = NULL;
4407 DWORD size = 0;
4408 CERT_ENHKEY_USAGE usage;
4409
4410 /* Test with empty usage */
4411 usage.cUsageIdentifier = 0;
4412 ret = pCryptEncodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE, &usage,
4413 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4414 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4415 if (buf)
4416 {
4417 ok(size == sizeof(emptySequence), "Wrong size %d\n", size);
4418 ok(!memcmp(buf, emptySequence, size), "Got unexpected value\n");
4419 LocalFree(buf);
4420 }
4421 /* Test with a few usages */
4422 usage.cUsageIdentifier = sizeof(keyUsages) / sizeof(keyUsages[0]);
4423 usage.rgpszUsageIdentifier = (LPSTR *)keyUsages;
4424 ret = pCryptEncodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE, &usage,
4425 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4426 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4427 if (buf)
4428 {
4429 ok(size == sizeof(encodedUsage), "Wrong size %d\n", size);
4430 ok(!memcmp(buf, encodedUsage, size), "Got unexpected value\n");
4431 LocalFree(buf);
4432 }
4433 }
4434
4435 static void test_decodeEnhancedKeyUsage(DWORD dwEncoding)
4436 {
4437 BOOL ret;
4438 LPBYTE buf = NULL;
4439 DWORD size = 0;
4440
4441 ret = pCryptDecodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE,
4442 emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
4443 (BYTE *)&buf, &size);
4444 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4445 if (buf)
4446 {
4447 CERT_ENHKEY_USAGE *usage = (CERT_ENHKEY_USAGE *)buf;
4448
4449 ok(size >= sizeof(CERT_ENHKEY_USAGE),
4450 "Wrong size %d\n", size);
4451 ok(usage->cUsageIdentifier == 0, "Expected 0 CRL entries, got %d\n",
4452 usage->cUsageIdentifier);
4453 LocalFree(buf);
4454 }
4455 ret = pCryptDecodeObjectEx(dwEncoding, X509_ENHANCED_KEY_USAGE,
4456 encodedUsage, sizeof(encodedUsage), CRYPT_DECODE_ALLOC_FLAG, NULL,
4457 (BYTE *)&buf, &size);
4458 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4459 if (buf)
4460 {
4461 CERT_ENHKEY_USAGE *usage = (CERT_ENHKEY_USAGE *)buf;
4462 DWORD i;
4463
4464 ok(size >= sizeof(CERT_ENHKEY_USAGE),
4465 "Wrong size %d\n", size);
4466 ok(usage->cUsageIdentifier == sizeof(keyUsages) / sizeof(keyUsages[0]),
4467 "Wrong CRL entries count %d\n", usage->cUsageIdentifier);
4468 for (i = 0; i < usage->cUsageIdentifier; i++)
4469 ok(!strcmp(usage->rgpszUsageIdentifier[i], keyUsages[i]),
4470 "Expected OID %s, got %s\n", keyUsages[i],
4471 usage->rgpszUsageIdentifier[i]);
4472 LocalFree(buf);
4473 }
4474 }
4475
4476 static BYTE keyId[] = { 1,2,3,4 };
4477 static const BYTE authorityKeyIdWithId[] = {
4478 0x30,0x06,0x80,0x04,0x01,0x02,0x03,0x04 };
4479 static const BYTE authorityKeyIdWithIssuer[] = { 0x30,0x19,0xa1,0x17,0x30,0x15,
4480 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,
4481 0x20,0x4c,0x61,0x6e,0x67,0x00 };
4482 static const BYTE authorityKeyIdWithSerial[] = { 0x30,0x03,0x82,0x01,0x01 };
4483
4484 static void test_encodeAuthorityKeyId(DWORD dwEncoding)
4485 {
4486 CERT_AUTHORITY_KEY_ID_INFO info = { { 0 } };
4487 BOOL ret;
4488 BYTE *buf = NULL;
4489 DWORD size = 0;
4490
4491 /* Test with empty id */
4492 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4493 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4494 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4495 if (buf)
4496 {
4497 ok(size == sizeof(emptySequence), "Unexpected size %d\n", size);
4498 ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
4499 LocalFree(buf);
4500 }
4501 /* With just a key id */
4502 info.KeyId.cbData = sizeof(keyId);
4503 info.KeyId.pbData = keyId;
4504 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4505 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4506 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4507 if (buf)
4508 {
4509 ok(size == sizeof(authorityKeyIdWithId), "Unexpected size %d\n", size);
4510 ok(!memcmp(buf, authorityKeyIdWithId, size), "Unexpected value\n");
4511 LocalFree(buf);
4512 }
4513 /* With just an issuer */
4514 info.KeyId.cbData = 0;
4515 info.CertIssuer.cbData = sizeof(encodedCommonName);
4516 info.CertIssuer.pbData = (BYTE *)encodedCommonName;
4517 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4518 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4519 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4520 if (buf)
4521 {
4522 ok(size == sizeof(authorityKeyIdWithIssuer), "Unexpected size %d\n",
4523 size);
4524 ok(!memcmp(buf, authorityKeyIdWithIssuer, size), "Unexpected value\n");
4525 LocalFree(buf);
4526 }
4527 /* With just a serial number */
4528 info.CertIssuer.cbData = 0;
4529 info.CertSerialNumber.cbData = sizeof(serialNum);
4530 info.CertSerialNumber.pbData = (BYTE *)serialNum;
4531 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID, &info,
4532 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4533 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4534 if (buf)
4535 {
4536 ok(size == sizeof(authorityKeyIdWithSerial), "Unexpected size %d\n",
4537 size);
4538 ok(!memcmp(buf, authorityKeyIdWithSerial, size), "Unexpected value\n");
4539 LocalFree(buf);
4540 }
4541 }
4542
4543 static void test_decodeAuthorityKeyId(DWORD dwEncoding)
4544 {
4545 BOOL ret;
4546 LPBYTE buf = NULL;
4547 DWORD size = 0;
4548
4549 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4550 emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
4551 (BYTE *)&buf, &size);
4552 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4553 if (buf)
4554 {
4555 CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;
4556
4557 ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4558 size);
4559 ok(info->KeyId.cbData == 0, "Expected no key id\n");
4560 ok(info->CertIssuer.cbData == 0, "Expected no issuer name\n");
4561 ok(info->CertSerialNumber.cbData == 0, "Expected no serial number\n");
4562 LocalFree(buf);
4563 }
4564 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4565 authorityKeyIdWithId, sizeof(authorityKeyIdWithId),
4566 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4567 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4568 if (buf)
4569 {
4570 CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;
4571
4572 ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4573 size);
4574 ok(info->KeyId.cbData == sizeof(keyId), "Unexpected key id len\n");
4575 ok(!memcmp(info->KeyId.pbData, keyId, sizeof(keyId)),
4576 "Unexpected key id\n");
4577 ok(info->CertIssuer.cbData == 0, "Expected no issuer name\n");
4578 ok(info->CertSerialNumber.cbData == 0, "Expected no serial number\n");
4579 LocalFree(buf);
4580 }
4581 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4582 authorityKeyIdWithIssuer, sizeof(authorityKeyIdWithIssuer),
4583 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4584 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4585 if (buf)
4586 {
4587 CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;
4588
4589 ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4590 size);
4591 ok(info->KeyId.cbData == 0, "Expected no key id\n");
4592 ok(info->CertIssuer.cbData == sizeof(encodedCommonName),
4593 "Unexpected issuer len\n");
4594 ok(!memcmp(info->CertIssuer.pbData, encodedCommonName,
4595 sizeof(encodedCommonName)), "Unexpected issuer\n");
4596 ok(info->CertSerialNumber.cbData == 0, "Expected no serial number\n");
4597 LocalFree(buf);
4598 }
4599 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID,
4600 authorityKeyIdWithSerial, sizeof(authorityKeyIdWithSerial),
4601 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4602 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4603 if (buf)
4604 {
4605 CERT_AUTHORITY_KEY_ID_INFO *info = (CERT_AUTHORITY_KEY_ID_INFO *)buf;
4606
4607 ok(size >= sizeof(CERT_AUTHORITY_KEY_ID_INFO), "Unexpected size %d\n",
4608 size);
4609 ok(info->KeyId.cbData == 0, "Expected no key id\n");
4610 ok(info->CertIssuer.cbData == 0, "Expected no issuer name\n");
4611 ok(info->CertSerialNumber.cbData == sizeof(serialNum),
4612 "Unexpected serial number len\n");
4613 ok(!memcmp(info->CertSerialNumber.pbData, serialNum, sizeof(serialNum)),
4614 "Unexpected serial number\n");
4615 LocalFree(buf);
4616 }
4617 }
4618
4619 static const BYTE authorityKeyIdWithIssuerUrl[] = { 0x30,0x15,0xa1,0x13,0x86,
4620 0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,
4621 0x6f,0x72,0x67 };
4622
4623 static void test_encodeAuthorityKeyId2(DWORD dwEncoding)
4624 {
4625 CERT_AUTHORITY_KEY_ID2_INFO info = { { 0 } };
4626 CERT_ALT_NAME_ENTRY entry = { 0 };
4627 BOOL ret;
4628 BYTE *buf = NULL;
4629 DWORD size = 0;
4630
4631 /* Test with empty id */
4632 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4633 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4634 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4635 if (buf)
4636 {
4637 ok(size == sizeof(emptySequence), "Unexpected size %d\n", size);
4638 ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
4639 LocalFree(buf);
4640 }
4641 /* With just a key id */
4642 info.KeyId.cbData = sizeof(keyId);
4643 info.KeyId.pbData = keyId;
4644 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4645 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4646 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4647 if (buf)
4648 {
4649 ok(size == sizeof(authorityKeyIdWithId), "Unexpected size %d\n",
4650 size);
4651 ok(!memcmp(buf, authorityKeyIdWithId, size), "Unexpected value\n");
4652 LocalFree(buf);
4653 }
4654 /* With a bogus issuer name */
4655 info.KeyId.cbData = 0;
4656 info.AuthorityCertIssuer.cAltEntry = 1;
4657 info.AuthorityCertIssuer.rgAltEntry = &entry;
4658 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4659 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4660 ok(!ret && GetLastError() == E_INVALIDARG,
4661 "Expected E_INVALIDARG, got %08x\n", GetLastError());
4662 /* With an issuer name */
4663 entry.dwAltNameChoice = CERT_ALT_NAME_URL;
4664 U(entry).pwszURL = (LPWSTR)url;
4665 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4666 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4667 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4668 if (buf)
4669 {
4670 ok(size == sizeof(authorityKeyIdWithIssuerUrl), "Unexpected size %d\n",
4671 size);
4672 ok(!memcmp(buf, authorityKeyIdWithIssuerUrl, size),
4673 "Unexpected value\n");
4674 LocalFree(buf);
4675 }
4676 /* With just a serial number */
4677 info.AuthorityCertIssuer.cAltEntry = 0;
4678 info.AuthorityCertSerialNumber.cbData = sizeof(serialNum);
4679 info.AuthorityCertSerialNumber.pbData = (BYTE *)serialNum;
4680 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2, &info,
4681 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4682 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4683 if (buf)
4684 {
4685 ok(size == sizeof(authorityKeyIdWithSerial), "Unexpected size %d\n",
4686 size);
4687 ok(!memcmp(buf, authorityKeyIdWithSerial, size), "Unexpected value\n");
4688 LocalFree(buf);
4689 }
4690 }
4691
4692 static void test_decodeAuthorityKeyId2(DWORD dwEncoding)
4693 {
4694 BOOL ret;
4695 LPBYTE buf = NULL;
4696 DWORD size = 0;
4697
4698 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
4699 emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
4700 (BYTE *)&buf, &size);
4701 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4702 if (buf)
4703 {
4704 CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;
4705
4706 ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
4707 size);
4708 ok(info->KeyId.cbData == 0, "Expected no key id\n");
4709 ok(info->AuthorityCertIssuer.cAltEntry == 0,
4710 "Expected no issuer name entries\n");
4711 ok(info->AuthorityCertSerialNumber.cbData == 0,
4712 "Expected no serial number\n");
4713 LocalFree(buf);
4714 }
4715 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
4716 authorityKeyIdWithId, sizeof(authorityKeyIdWithId),
4717 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4718 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4719 if (buf)
4720 {
4721 CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;
4722
4723 ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
4724 size);
4725 ok(info->KeyId.cbData == sizeof(keyId), "Unexpected key id len\n");
4726 ok(!memcmp(info->KeyId.pbData, keyId, sizeof(keyId)),
4727 "Unexpected key id\n");
4728 ok(info->AuthorityCertIssuer.cAltEntry == 0,
4729 "Expected no issuer name entries\n");
4730 ok(info->AuthorityCertSerialNumber.cbData == 0,
4731 "Expected no serial number\n");
4732 LocalFree(buf);
4733 }
4734 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
4735 authorityKeyIdWithIssuerUrl, sizeof(authorityKeyIdWithIssuerUrl),
4736 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4737 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4738 if (buf)
4739 {
4740 CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;
4741
4742 ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
4743 size);
4744 ok(info->KeyId.cbData == 0, "Expected no key id\n");
4745 ok(info->AuthorityCertIssuer.cAltEntry == 1,
4746 "Expected 1 issuer entry, got %d\n",
4747 info->AuthorityCertIssuer.cAltEntry);
4748 ok(info->AuthorityCertIssuer.rgAltEntry[0].dwAltNameChoice ==
4749 CERT_ALT_NAME_URL, "Expected CERT_ALT_NAME_URL, got %d\n",
4750 info->AuthorityCertIssuer.rgAltEntry[0].dwAltNameChoice);
4751 ok(!lstrcmpW(U(info->AuthorityCertIssuer.rgAltEntry[0]).pwszURL,
4752 url), "Unexpected URL\n");
4753 ok(info->AuthorityCertSerialNumber.cbData == 0,
4754 "Expected no serial number\n");
4755 LocalFree(buf);
4756 }
4757 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_KEY_ID2,
4758 authorityKeyIdWithSerial, sizeof(authorityKeyIdWithSerial),
4759 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4760 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
4761 if (buf)
4762 {
4763 CERT_AUTHORITY_KEY_ID2_INFO *info = (CERT_AUTHORITY_KEY_ID2_INFO *)buf;
4764
4765 ok(size >= sizeof(CERT_AUTHORITY_KEY_ID2_INFO), "Unexpected size %d\n",
4766 size);
4767 ok(info->KeyId.cbData == 0, "Expected no key id\n");
4768 ok(info->AuthorityCertIssuer.cAltEntry == 0,
4769 "Expected no issuer name entries\n");
4770 ok(info->AuthorityCertSerialNumber.cbData == sizeof(serialNum),
4771 "Unexpected serial number len\n");
4772 ok(!memcmp(info->AuthorityCertSerialNumber.pbData, serialNum,
4773 sizeof(serialNum)), "Unexpected serial number\n");
4774 LocalFree(buf);
4775 }
4776 }
4777
4778 static const BYTE authorityInfoAccessWithUrl[] = {
4779 0x30,0x19,0x30,0x17,0x06,0x02,0x2a,0x03,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,
4780 0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
4781 static const BYTE authorityInfoAccessWithUrlAndIPAddr[] = {
4782 0x30,0x29,0x30,0x17,0x06,0x02,0x2a,0x03,0x86,0x11,0x68,0x74,0x74,0x70,0x3a,
4783 0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67,0x30,0x0e,0x06,
4784 0x02,0x2d,0x06,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,0x01 };
4785
4786 static void test_encodeAuthorityInfoAccess(DWORD dwEncoding)
4787 {
4788 static char oid1[] = "1.2.3";
4789 static char oid2[] = "1.5.6";
4790 BOOL ret;
4791 BYTE *buf = NULL;
4792 DWORD size = 0;
4793 CERT_ACCESS_DESCRIPTION accessDescription[2];
4794 CERT_AUTHORITY_INFO_ACCESS aia;
4795
4796 memset(accessDescription, 0, sizeof(accessDescription));
4797 aia.cAccDescr = 0;
4798 aia.rgAccDescr = NULL;
4799 /* Having no access descriptions is allowed */
4800 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
4801 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4802 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4803 if (buf)
4804 {
4805 ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
4806 ok(!memcmp(buf, emptySequence, size), "unexpected value\n");
4807 LocalFree(buf);
4808 buf = NULL;
4809 }
4810 /* It can't have an empty access method */
4811 aia.cAccDescr = 1;
4812 aia.rgAccDescr = accessDescription;
4813 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
4814 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4815 ok(!ret && GetLastError() == E_INVALIDARG,
4816 "expected E_INVALIDARG, got %08x\n", GetLastError());
4817 /* It can't have an empty location */
4818 accessDescription[0].pszAccessMethod = oid1;
4819 SetLastError(0xdeadbeef);
4820 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
4821 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4822 ok(!ret && GetLastError() == E_INVALIDARG,
4823 "expected E_INVALIDARG, got %08x\n", GetLastError());
4824 accessDescription[0].AccessLocation.dwAltNameChoice = CERT_ALT_NAME_URL;
4825 U(accessDescription[0].AccessLocation).pwszURL = (LPWSTR)url;
4826 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
4827 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4828 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4829 if (buf)
4830 {
4831 ok(size == sizeof(authorityInfoAccessWithUrl), "unexpected size %d\n",
4832 size);
4833 ok(!memcmp(buf, authorityInfoAccessWithUrl, size),
4834 "unexpected value\n");
4835 LocalFree(buf);
4836 buf = NULL;
4837 }
4838 accessDescription[1].pszAccessMethod = oid2;
4839 accessDescription[1].AccessLocation.dwAltNameChoice =
4840 CERT_ALT_NAME_IP_ADDRESS;
4841 U(accessDescription[1].AccessLocation).IPAddress.cbData =
4842 sizeof(encodedIPAddr);
4843 U(accessDescription[1].AccessLocation).IPAddress.pbData =
4844 (LPBYTE)encodedIPAddr;
4845 aia.cAccDescr = 2;
4846 ret = pCryptEncodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS, &aia,
4847 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4848 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
4849 if (buf)
4850 {
4851 ok(size == sizeof(authorityInfoAccessWithUrlAndIPAddr),
4852 "unexpected size %d\n", size);
4853 ok(!memcmp(buf, authorityInfoAccessWithUrlAndIPAddr, size),
4854 "unexpected value\n");
4855 LocalFree(buf);
4856 buf = NULL;
4857 }
4858 }
4859
4860 static void compareAuthorityInfoAccess(LPCSTR header,
4861 const CERT_AUTHORITY_INFO_ACCESS *expected,
4862 const CERT_AUTHORITY_INFO_ACCESS *got)
4863 {
4864 DWORD i;
4865
4866 ok(expected->cAccDescr == got->cAccDescr,
4867 "%s: expected %d access descriptions, got %d\n", header,
4868 expected->cAccDescr, got->cAccDescr);
4869 for (i = 0; i < expected->cAccDescr; i++)
4870 {
4871 ok(!strcmp(expected->rgAccDescr[i].pszAccessMethod,
4872 got->rgAccDescr[i].pszAccessMethod), "%s[%d]: expected %s, got %s\n",
4873 header, i, expected->rgAccDescr[i].pszAccessMethod,
4874 got->rgAccDescr[i].pszAccessMethod);
4875 compareAltNameEntry(&expected->rgAccDescr[i].AccessLocation,
4876 &got->rgAccDescr[i].AccessLocation);
4877 }
4878 }
4879
4880 static void test_decodeAuthorityInfoAccess(DWORD dwEncoding)
4881 {
4882 static char oid1[] = "1.2.3";
4883 static char oid2[] = "1.5.6";
4884 BOOL ret;
4885 LPBYTE buf = NULL;
4886 DWORD size = 0;
4887
4888 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
4889 emptySequence, sizeof(emptySequence), CRYPT_DECODE_ALLOC_FLAG, NULL,
4890 (BYTE *)&buf, &size);
4891 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
4892 if (buf)
4893 {
4894 CERT_AUTHORITY_INFO_ACCESS aia = { 0, NULL };
4895
4896 compareAuthorityInfoAccess("empty AIA", &aia,
4897 (CERT_AUTHORITY_INFO_ACCESS *)buf);
4898 LocalFree(buf);
4899 buf = NULL;
4900 }
4901 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
4902 authorityInfoAccessWithUrl, sizeof(authorityInfoAccessWithUrl),
4903 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
4904 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
4905 if (buf)
4906 {
4907 CERT_ACCESS_DESCRIPTION accessDescription;
4908 CERT_AUTHORITY_INFO_ACCESS aia;
4909
4910 accessDescription.pszAccessMethod = oid1;
4911 accessDescription.AccessLocation.dwAltNameChoice = CERT_ALT_NAME_URL;
4912 U(accessDescription.AccessLocation).pwszURL = (LPWSTR)url;
4913 aia.cAccDescr = 1;
4914 aia.rgAccDescr = &accessDescription;
4915 compareAuthorityInfoAccess("AIA with URL", &aia,
4916 (CERT_AUTHORITY_INFO_ACCESS *)buf);
4917 LocalFree(buf);
4918 buf = NULL;
4919 }
4920 ret = pCryptDecodeObjectEx(dwEncoding, X509_AUTHORITY_INFO_ACCESS,
4921 authorityInfoAccessWithUrlAndIPAddr,
4922 sizeof(authorityInfoAccessWithUrlAndIPAddr), CRYPT_DECODE_ALLOC_FLAG,
4923 NULL, (BYTE *)&buf, &size);
4924 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
4925 if (buf)
4926 {
4927 CERT_ACCESS_DESCRIPTION accessDescription[2];
4928 CERT_AUTHORITY_INFO_ACCESS aia;
4929
4930 accessDescription[0].pszAccessMethod = oid1;
4931 accessDescription[0].AccessLocation.dwAltNameChoice = CERT_ALT_NAME_URL;
4932 U(accessDescription[0].AccessLocation).pwszURL = (LPWSTR)url;
4933 accessDescription[1].pszAccessMethod = oid2;
4934 accessDescription[1].AccessLocation.dwAltNameChoice =
4935 CERT_ALT_NAME_IP_ADDRESS;
4936 U(accessDescription[1].AccessLocation).IPAddress.cbData =
4937 sizeof(encodedIPAddr);
4938 U(accessDescription[1].AccessLocation).IPAddress.pbData =
4939 (LPBYTE)encodedIPAddr;
4940 aia.cAccDescr = 2;
4941 aia.rgAccDescr = accessDescription;
4942 compareAuthorityInfoAccess("AIA with URL and IP addr", &aia,
4943 (CERT_AUTHORITY_INFO_ACCESS *)buf);
4944 LocalFree(buf);
4945 buf = NULL;
4946 }
4947 }
4948
4949 static const BYTE emptyCTL[] = {
4950 0x30,0x17,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
4951 0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
4952 static const BYTE emptyCTLWithVersion1[] = {
4953 0x30,0x1a,0x02,0x01,0x01,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
4954 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
4955 static const BYTE ctlWithUsageIdentifier[] = {
4956 0x30,0x1b,0x30,0x04,0x06,0x02,0x2a,0x03,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,
4957 0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
4958 static const BYTE ctlWithListIdentifier[] = {
4959 0x30,0x1a,0x30,0x00,0x04,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
4960 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
4961 static const BYTE ctlWithSequenceNumber[] = {
4962 0x30,0x1a,0x30,0x00,0x02,0x01,0x01,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,
4963 0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
4964 static const BYTE ctlWithThisUpdate[] = {
4965 0x30,0x15,0x30,0x00,0x17,0x0d,0x30,0x35,0x30,0x36,0x30,0x36,0x31,0x36,0x31,
4966 0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
4967 static const BYTE ctlWithThisAndNextUpdate[] = {
4968 0x30,0x24,0x30,0x00,0x17,0x0d,0x30,0x35,0x30,0x36,0x30,0x36,0x31,0x36,0x31,
4969 0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x35,0x30,0x36,0x30,0x36,0x31,0x36,0x31,
4970 0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00 };
4971 static const BYTE ctlWithAlgId[] = {
4972 0x30,0x1b,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
4973 0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x06,0x06,0x02,0x2d,0x06,0x05,0x00 };
4974 static const BYTE ctlWithBogusEntry[] = {
4975 0x30,0x29,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
4976 0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00,0x30,0x10,0x30,0x0e,0x04,
4977 0x01,0x01,0x31,0x09,0x30,0x07,0x06,0x02,0x2a,0x03,0x31,0x01,0x01 };
4978 static const BYTE ctlWithOneEntry[] = {
4979 0x30,0x2a,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
4980 0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00,0x30,0x11,0x30,0x0f,0x04,
4981 0x01,0x01,0x31,0x0a,0x30,0x08,0x06,0x02,0x2a,0x03,0x31,0x02,0x30,0x00 };
4982 static const BYTE ctlWithTwoEntries[] = {
4983 0x30,0x41,0x30,0x00,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
4984 0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x02,0x06,0x00,0x30,0x28,0x30,0x0f,0x04,
4985 0x01,0x01,0x31,0x0a,0x30,0x08,0x06,0x02,0x2a,0x03,0x31,0x02,0x30,0x00,0x30,
4986 0x15,0x04,0x01,0x01,0x31,0x10,0x30,0x0e,0x06,0x02,0x2d,0x06,0x31,0x08,0x30,
4987 0x06,0x87,0x04,0x7f,0x00,0x00,0x01 };
4988
4989 static void test_encodeCTL(DWORD dwEncoding)
4990 {
4991 static char oid1[] = "1.2.3";
4992 static char oid2[] = "1.5.6";
4993 char *pOid1 = oid1;
4994 BOOL ret;
4995 BYTE *buf = NULL;
4996 DWORD size = 0;
4997 CTL_INFO info;
4998 SYSTEMTIME thisUpdate = { 2005, 6, 1, 6, 16, 10, 0, 0 };
4999 CTL_ENTRY ctlEntry[2];
5000 CRYPT_ATTRIBUTE attr1, attr2;
5001 CRYPT_ATTR_BLOB value1, value2;
5002
5003 memset(&info, 0, sizeof(info));
5004 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5005 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5006 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5007 if (buf)
5008 {
5009 ok(size == sizeof(emptyCTL), "unexpected size %d\n", size);
5010 ok(!memcmp(buf, emptyCTL, size), "unexpected value\n");
5011 LocalFree(buf);
5012 buf = NULL;
5013 }
5014 info.dwVersion = 1;
5015 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5016 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5017 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5018 if (buf)
5019 {
5020 ok(size == sizeof(emptyCTLWithVersion1), "unexpected size %d\n", size);
5021 ok(!memcmp(buf, emptyCTLWithVersion1, size), "unexpected value\n");
5022 LocalFree(buf);
5023 buf = NULL;
5024 }
5025 info.dwVersion = 0;
5026 info.SubjectUsage.cUsageIdentifier = 1;
5027 info.SubjectUsage.rgpszUsageIdentifier = &pOid1;
5028 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5029 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5030 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5031 if (buf)
5032 {
5033 ok(size == sizeof(ctlWithUsageIdentifier), "unexpected size %d\n",
5034 size);
5035 ok(!memcmp(buf, ctlWithUsageIdentifier, size), "unexpected value\n");
5036 LocalFree(buf);
5037 buf = NULL;
5038 }
5039 info.SubjectUsage.cUsageIdentifier = 0;
5040 info.ListIdentifier.cbData = sizeof(serialNum);
5041 info.ListIdentifier.pbData = (LPBYTE)serialNum;
5042 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5043 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5044 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5045 if (buf)
5046 {
5047 ok(size == sizeof(ctlWithListIdentifier), "unexpected size %d\n", size);
5048 ok(!memcmp(buf, ctlWithListIdentifier, size), "unexpected value\n");
5049 LocalFree(buf);
5050 buf = NULL;
5051 }
5052 info.ListIdentifier.cbData = 0;
5053 info.SequenceNumber.cbData = sizeof(serialNum);
5054 info.SequenceNumber.pbData = (LPBYTE)serialNum;
5055 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5056 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5057 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5058 if (buf)
5059 {
5060 ok(size == sizeof(ctlWithSequenceNumber), "unexpected size %d\n",
5061 size);
5062 ok(!memcmp(buf, ctlWithSequenceNumber, size), "unexpected value\n");
5063 LocalFree(buf);
5064 buf = NULL;
5065 }
5066 info.SequenceNumber.cbData = 0;
5067 SystemTimeToFileTime(&thisUpdate, &info.ThisUpdate);
5068 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5069 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5070 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5071 if (buf)
5072 {
5073 ok(size == sizeof(ctlWithThisUpdate), "unexpected size %d\n", size);
5074 ok(!memcmp(buf, ctlWithThisUpdate, size), "unexpected value\n");
5075 LocalFree(buf);
5076 buf = NULL;
5077 }
5078 SystemTimeToFileTime(&thisUpdate, &info.NextUpdate);
5079 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5080 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5081 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5082 if (buf)
5083 {
5084 ok(size == sizeof(ctlWithThisAndNextUpdate), "unexpected size %d\n",
5085 size);
5086 ok(!memcmp(buf, ctlWithThisAndNextUpdate, size), "unexpected value\n");
5087 LocalFree(buf);
5088 buf = NULL;
5089 }
5090 info.ThisUpdate.dwLowDateTime = info.ThisUpdate.dwHighDateTime = 0;
5091 info.NextUpdate.dwLowDateTime = info.NextUpdate.dwHighDateTime = 0;
5092 info.SubjectAlgorithm.pszObjId = oid2;
5093 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5094 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5095 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5096 if (buf)
5097 {
5098 ok(size == sizeof(ctlWithAlgId), "unexpected size %d\n", size);
5099 ok(!memcmp(buf, ctlWithAlgId, size), "unexpected value\n");
5100 LocalFree(buf);
5101 buf = NULL;
5102 }
5103 /* The value is supposed to be asn.1 encoded, so this'll fail to decode
5104 * (see tests below) but it'll encode fine.
5105 */
5106 info.SubjectAlgorithm.pszObjId = NULL;
5107 value1.cbData = sizeof(serialNum);
5108 value1.pbData = (LPBYTE)serialNum;
5109 attr1.pszObjId = oid1;
5110 attr1.cValue = 1;
5111 attr1.rgValue = &value1;
5112 ctlEntry[0].SubjectIdentifier.cbData = sizeof(serialNum);
5113 ctlEntry[0].SubjectIdentifier.pbData = (LPBYTE)serialNum;
5114 ctlEntry[0].cAttribute = 1;
5115 ctlEntry[0].rgAttribute = &attr1;
5116 info.cCTLEntry = 1;
5117 info.rgCTLEntry = ctlEntry;
5118 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5119 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5120 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5121 if (buf)
5122 {
5123 ok(size == sizeof(ctlWithBogusEntry), "unexpected size %d\n", size);
5124 ok(!memcmp(buf, ctlWithBogusEntry, size), "unexpected value\n");
5125 LocalFree(buf);
5126 buf = NULL;
5127 }
5128 value1.cbData = sizeof(emptySequence);
5129 value1.pbData = (LPBYTE)emptySequence;
5130 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5131 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5132 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5133 if (buf)
5134 {
5135 ok(size == sizeof(ctlWithOneEntry), "unexpected size %d\n", size);
5136 ok(!memcmp(buf, ctlWithOneEntry, size), "unexpected value\n");
5137 LocalFree(buf);
5138 buf = NULL;
5139 }
5140 value2.cbData = sizeof(encodedIPAddr);
5141 value2.pbData = (LPBYTE)encodedIPAddr;
5142 attr2.pszObjId = oid2;
5143 attr2.cValue = 1;
5144 attr2.rgValue = &value2;
5145 ctlEntry[1].SubjectIdentifier.cbData = sizeof(serialNum);
5146 ctlEntry[1].SubjectIdentifier.pbData = (LPBYTE)serialNum;
5147 ctlEntry[1].cAttribute = 1;
5148 ctlEntry[1].rgAttribute = &attr2;
5149 info.cCTLEntry = 2;
5150 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CTL, &info,
5151 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5152 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5153 if (buf)
5154 {
5155 ok(size == sizeof(ctlWithTwoEntries), "unexpected size %d\n", size);
5156 ok(!memcmp(buf, ctlWithTwoEntries, size), "unexpected value\n");
5157 LocalFree(buf);
5158 buf = NULL;
5159 }
5160 }
5161
5162 static void compareCTLInfo(LPCSTR header, const CTL_INFO *expected,
5163 const CTL_INFO *got)
5164 {
5165 DWORD i, j, k;
5166
5167 ok(expected->dwVersion == got->dwVersion,
5168 "%s: expected version %d, got %d\n", header, expected->dwVersion,
5169 got->dwVersion);
5170 ok(expected->SubjectUsage.cUsageIdentifier ==
5171 got->SubjectUsage.cUsageIdentifier,
5172 "%s: expected %d usage identifiers, got %d\n", header,
5173 expected->SubjectUsage.cUsageIdentifier,
5174 got->SubjectUsage.cUsageIdentifier);
5175 for (i = 0; i < expected->SubjectUsage.cUsageIdentifier; i++)
5176 ok(!strcmp(expected->SubjectUsage.rgpszUsageIdentifier[i],
5177 got->SubjectUsage.rgpszUsageIdentifier[i]),
5178 "%s[%d]: expected %s, got %s\n", header, i,
5179 expected->SubjectUsage.rgpszUsageIdentifier[i],
5180 got->SubjectUsage.rgpszUsageIdentifier[i]);
5181 ok(expected->ListIdentifier.cbData == got->ListIdentifier.cbData,
5182 "%s: expected list identifier of %d bytes, got %d\n", header,
5183 expected->ListIdentifier.cbData, got->ListIdentifier.cbData);
5184 if (expected->ListIdentifier.cbData)
5185 ok(!memcmp(expected->ListIdentifier.pbData, got->ListIdentifier.pbData,
5186 expected->ListIdentifier.cbData),
5187 "%s: unexpected list identifier value\n", header);
5188 ok(expected->SequenceNumber.cbData == got->SequenceNumber.cbData,
5189 "%s: expected sequence number of %d bytes, got %d\n", header,
5190 expected->SequenceNumber.cbData, got->SequenceNumber.cbData);
5191 if (expected->SequenceNumber.cbData)
5192 ok(!memcmp(expected->SequenceNumber.pbData, got->SequenceNumber.pbData,
5193 expected->SequenceNumber.cbData),
5194 "%s: unexpected sequence number value\n", header);
5195 ok(!memcmp(&expected->ThisUpdate, &got->ThisUpdate, sizeof(FILETIME)),
5196 "%s: expected this update = (%d, %d), got (%d, %d)\n", header,
5197 expected->ThisUpdate.dwLowDateTime, expected->ThisUpdate.dwHighDateTime,
5198 got->ThisUpdate.dwLowDateTime, got->ThisUpdate.dwHighDateTime);
5199 ok(!memcmp(&expected->NextUpdate, &got->NextUpdate, sizeof(FILETIME)),
5200 "%s: expected next update = (%d, %d), got (%d, %d)\n", header,
5201 expected->NextUpdate.dwLowDateTime, expected->NextUpdate.dwHighDateTime,
5202 got->NextUpdate.dwLowDateTime, got->NextUpdate.dwHighDateTime);
5203 if (expected->SubjectAlgorithm.pszObjId &&
5204 *expected->SubjectAlgorithm.pszObjId && !got->SubjectAlgorithm.pszObjId)
5205 ok(0, "%s: expected subject algorithm %s, got NULL\n", header,
5206 expected->SubjectAlgorithm.pszObjId);
5207 if (expected->SubjectAlgorithm.pszObjId && got->SubjectAlgorithm.pszObjId)
5208 ok(!strcmp(expected->SubjectAlgorithm.pszObjId,
5209 got->SubjectAlgorithm.pszObjId),
5210 "%s: expected subject algorithm %s, got %s\n", header,
5211 expected->SubjectAlgorithm.pszObjId, got->SubjectAlgorithm.pszObjId);
5212 ok(expected->SubjectAlgorithm.Parameters.cbData ==
5213 got->SubjectAlgorithm.Parameters.cbData,
5214 "%s: expected subject algorithm parameters of %d bytes, got %d\n", header,
5215 expected->SubjectAlgorithm.Parameters.cbData,
5216 got->SubjectAlgorithm.Parameters.cbData);
5217 if (expected->SubjectAlgorithm.Parameters.cbData)
5218 ok(!memcmp(expected->SubjectAlgorithm.Parameters.pbData,
5219 got->SubjectAlgorithm.Parameters.pbData,
5220 expected->SubjectAlgorithm.Parameters.cbData),
5221 "%s: unexpected subject algorithm parameter value\n", header);
5222 ok(expected->cCTLEntry == got->cCTLEntry,
5223 "%s: expected %d CTL entries, got %d\n", header, expected->cCTLEntry,
5224 got->cCTLEntry);
5225 for (i = 0; i < expected->cCTLEntry; i++)
5226 {
5227 ok(expected->rgCTLEntry[i].SubjectIdentifier.cbData ==
5228 got->rgCTLEntry[i].SubjectIdentifier.cbData,
5229 "%s[%d]: expected subject identifier of %d bytes, got %d\n",
5230 header, i, expected->rgCTLEntry[i].SubjectIdentifier.cbData,
5231 got->rgCTLEntry[i].SubjectIdentifier.cbData);
5232 if (expected->rgCTLEntry[i].SubjectIdentifier.cbData)
5233 ok(!memcmp(expected->rgCTLEntry[i].SubjectIdentifier.pbData,
5234 got->rgCTLEntry[i].SubjectIdentifier.pbData,
5235 expected->rgCTLEntry[i].SubjectIdentifier.cbData),
5236 "%s[%d]: unexpected subject identifier value\n",
5237 header, i);
5238 for (j = 0; j < expected->rgCTLEntry[i].cAttribute; j++)
5239 {
5240 ok(!strcmp(expected->rgCTLEntry[i].rgAttribute[j].pszObjId,
5241 got->rgCTLEntry[i].rgAttribute[j].pszObjId),
5242 "%s[%d][%d]: expected attribute OID %s, got %s\n", header, i, j,
5243 expected->rgCTLEntry[i].rgAttribute[j].pszObjId,
5244 got->rgCTLEntry[i].rgAttribute[j].pszObjId);
5245 for (k = 0; k < expected->rgCTLEntry[i].rgAttribute[j].cValue; k++)
5246 {
5247 ok(expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData ==
5248 got->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData,
5249 "%s[%d][%d][%d]: expected value of %d bytes, got %d\n",
5250 header, i, j, k,
5251 expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData,
5252 got->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData);
5253 if (expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData)
5254 ok(!memcmp(
5255 expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].pbData,
5256 got->rgCTLEntry[i].rgAttribute[j].rgValue[k].pbData,
5257 expected->rgCTLEntry[i].rgAttribute[j].rgValue[k].cbData),
5258 "%s[%d][%d][%d]: unexpected value\n",
5259 header, i, j, k);
5260 }
5261 }
5262 }
5263 ok(expected->cExtension == got->cExtension,
5264 "%s: expected %d extensions, got %d\n", header, expected->cExtension,
5265 got->cExtension);
5266 for (i = 0; i < expected->cExtension; i++)
5267 {
5268 ok(!strcmp(expected->rgExtension[i].pszObjId,
5269 got->rgExtension[i].pszObjId), "%s[%d]: expected %s, got %s\n",
5270 header, i, expected->rgExtension[i].pszObjId,
5271 got->rgExtension[i].pszObjId);
5272 ok(expected->rgExtension[i].fCritical == got->rgExtension[i].fCritical,
5273 "%s[%d]: expected fCritical = %d, got %d\n", header, i,
5274 expected->rgExtension[i].fCritical, got->rgExtension[i].fCritical);
5275 ok(expected->rgExtension[i].Value.cbData ==
5276 got->rgExtension[i].Value.cbData,
5277 "%s[%d]: expected extension value to have %d bytes, got %d\n",
5278 header, i, expected->rgExtension[i].Value.cbData,
5279 got->rgExtension[i].Value.cbData);
5280 if (expected->rgExtension[i].Value.cbData)
5281 ok(!memcmp(expected->rgExtension[i].Value.pbData,
5282 got->rgExtension[i].Value.pbData,
5283 expected->rgExtension[i].Value.cbData),
5284 "%s[%d]: unexpected extension value\n", header, i);
5285 }
5286 }
5287
5288 static const BYTE signedCTL[] = {
5289 0x30,0x81,0xc7,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,0xa0,
5290 0x81,0xb9,0x30,0x81,0xb6,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,0x08,0x2a,
5291 0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x28,0x06,0x09,0x2a,0x86,
5292 0x48,0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x1b,0x04,0x19,0x30,0x17,0x30,0x00,
5293 0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
5294 0x30,0x5a,0x30,0x02,0x06,0x00,0x31,0x77,0x30,0x75,0x02,0x01,0x01,0x30,0x1a,
5295 0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,
5296 0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,
5297 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x04,0x06,0x00,0x05,
5298 0x00,0x04,0x40,0xca,0xd8,0x32,0xd1,0xbd,0x97,0x61,0x54,0xd6,0x80,0xcf,0x0d,
5299 0xbd,0xa2,0x42,0xc7,0xca,0x37,0x91,0x7d,0x9d,0xac,0x8c,0xdf,0x05,0x8a,0x39,
5300 0xc6,0x07,0xc1,0x37,0xe6,0xb9,0xd1,0x0d,0x26,0xec,0xa5,0xb0,0x8a,0x51,0x26,
5301 0x2b,0x4f,0x73,0x44,0x86,0x83,0x5e,0x2b,0x6e,0xcc,0xf8,0x1b,0x85,0x53,0xe9,
5302 0x7a,0x80,0x8f,0x6b,0x42,0x19,0x93 };
5303 static const BYTE signedCTLWithCTLInnerContent[] = {
5304 0x30,0x82,0x01,0x0f,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,
5305 0xa0,0x82,0x01,0x00,0x30,0x81,0xfd,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,
5306 0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x30,0x06,0x09,
5307 0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x0a,0x01,0xa0,0x23,0x30,0x21,0x30,0x00,
5308 0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,
5309 0x30,0x5a,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,
5310 0x00,0x31,0x81,0xb5,0x30,0x81,0xb2,0x02,0x01,0x01,0x30,0x1a,0x30,0x15,0x31,
5311 0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,
5312 0x4c,0x61,0x6e,0x67,0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,
5313 0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0xa0,0x3b,0x30,0x18,0x06,0x09,0x2a,0x86,
5314 0x48,0x86,0xf7,0x0d,0x01,0x09,0x03,0x31,0x0b,0x06,0x09,0x2b,0x06,0x01,0x04,
5315 0x01,0x82,0x37,0x0a,0x01,0x30,0x1f,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
5316 0x01,0x09,0x04,0x31,0x12,0x04,0x10,0x54,0x71,0xbc,0xe1,0x56,0x31,0xa2,0xf9,
5317 0x65,0x70,0x34,0xf8,0xe2,0xe9,0xb4,0xf4,0x30,0x04,0x06,0x00,0x05,0x00,0x04,
5318 0x40,0x2f,0x1b,0x9f,0x5a,0x4a,0x15,0x73,0xfa,0xb1,0x93,0x3d,0x09,0x52,0xdf,
5319 0x6b,0x98,0x4b,0x13,0x5e,0xe7,0xbf,0x65,0xf4,0x9c,0xc2,0xb1,0x77,0x09,0xb1,
5320 0x66,0x4d,0x72,0x0d,0xb1,0x1a,0x50,0x20,0xe0,0x57,0xa2,0x39,0xc7,0xcd,0x7f,
5321 0x8e,0xe7,0x5f,0x76,0x2b,0xd1,0x6a,0x82,0xb3,0x30,0x25,0x61,0xf6,0x25,0x23,
5322 0x57,0x6c,0x0b,0x47,0xb8 };
5323
5324 static void test_decodeCTL(DWORD dwEncoding)
5325 {
5326 static char oid1[] = "1.2.3";
5327 static char oid2[] = "1.5.6";
5328 static BYTE nullData[] = { 5,0 };
5329 char *pOid1 = oid1;
5330 BOOL ret;
5331 BYTE *buf = NULL;
5332 DWORD size = 0;
5333 CTL_INFO info;
5334 SYSTEMTIME thisUpdate = { 2005, 6, 1, 6, 16, 10, 0, 0 };
5335 CTL_ENTRY ctlEntry[2];
5336 CRYPT_ATTRIBUTE attr1, attr2;
5337 CRYPT_ATTR_BLOB value1, value2;
5338
5339 memset(&info, 0, sizeof(info));
5340 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, emptyCTL, sizeof(emptyCTL),
5341 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5342 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5343 if (buf)
5344 {
5345 compareCTLInfo("empty CTL", &info, (CTL_INFO *)buf);
5346 LocalFree(buf);
5347 buf = NULL;
5348 }
5349 info.dwVersion = 1;
5350 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, emptyCTLWithVersion1,
5351 sizeof(emptyCTLWithVersion1), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf,
5352 &size);
5353 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5354 if (buf)
5355 {
5356 compareCTLInfo("v1 CTL", &info, (CTL_INFO *)buf);
5357 LocalFree(buf);
5358 buf = NULL;
5359 }
5360 info.dwVersion = 0;
5361 info.SubjectUsage.cUsageIdentifier = 1;
5362 info.SubjectUsage.rgpszUsageIdentifier = &pOid1;
5363 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithUsageIdentifier,
5364 sizeof(ctlWithUsageIdentifier), CRYPT_DECODE_ALLOC_FLAG, NULL,
5365 (BYTE *)&buf, &size);
5366 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5367 if (buf)
5368 {
5369 compareCTLInfo("CTL with usage identifier", &info, (CTL_INFO *)buf);
5370 LocalFree(buf);
5371 buf = NULL;
5372 }
5373 info.SubjectUsage.cUsageIdentifier = 0;
5374 info.ListIdentifier.cbData = sizeof(serialNum);
5375 info.ListIdentifier.pbData = (LPBYTE)serialNum;
5376 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithListIdentifier,
5377 sizeof(ctlWithListIdentifier), CRYPT_DECODE_ALLOC_FLAG, NULL,
5378 (BYTE *)&buf, &size);
5379 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5380 if (buf)
5381 {
5382 compareCTLInfo("CTL with list identifier", &info, (CTL_INFO *)buf);
5383 LocalFree(buf);
5384 buf = NULL;
5385 }
5386 info.ListIdentifier.cbData = 0;
5387 info.SequenceNumber.cbData = sizeof(serialNum);
5388 info.SequenceNumber.pbData = (LPBYTE)serialNum;
5389 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithSequenceNumber,
5390 sizeof(ctlWithSequenceNumber), CRYPT_DECODE_ALLOC_FLAG, NULL,
5391 (BYTE *)&buf, &size);
5392 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5393 if (buf)
5394 {
5395 compareCTLInfo("CTL with sequence number", &info, (CTL_INFO *)buf);
5396 LocalFree(buf);
5397 buf = NULL;
5398 }
5399 info.SequenceNumber.cbData = 0;
5400 SystemTimeToFileTime(&thisUpdate, &info.ThisUpdate);
5401 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithThisUpdate,
5402 sizeof(ctlWithThisUpdate), CRYPT_DECODE_ALLOC_FLAG, NULL,
5403 (BYTE *)&buf, &size);
5404 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5405 if (buf)
5406 {
5407 compareCTLInfo("CTL with this update", &info, (CTL_INFO *)buf);
5408 LocalFree(buf);
5409 buf = NULL;
5410 }
5411 SystemTimeToFileTime(&thisUpdate, &info.NextUpdate);
5412 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithThisAndNextUpdate,
5413 sizeof(ctlWithThisAndNextUpdate), CRYPT_DECODE_ALLOC_FLAG, NULL,
5414 (BYTE *)&buf, &size);
5415 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5416 if (buf)
5417 {
5418 compareCTLInfo("CTL with this and next update", &info, (CTL_INFO *)buf);
5419 LocalFree(buf);
5420 buf = NULL;
5421 }
5422 info.ThisUpdate.dwLowDateTime = info.ThisUpdate.dwHighDateTime = 0;
5423 info.NextUpdate.dwLowDateTime = info.NextUpdate.dwHighDateTime = 0;
5424 info.SubjectAlgorithm.pszObjId = oid2;
5425 info.SubjectAlgorithm.Parameters.cbData = sizeof(nullData);
5426 info.SubjectAlgorithm.Parameters.pbData = nullData;
5427 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithAlgId,
5428 sizeof(ctlWithAlgId), CRYPT_DECODE_ALLOC_FLAG, NULL,
5429 (BYTE *)&buf, &size);
5430 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5431 if (buf)
5432 {
5433 compareCTLInfo("CTL with algorithm identifier", &info, (CTL_INFO *)buf);
5434 LocalFree(buf);
5435 buf = NULL;
5436 }
5437 SetLastError(0xdeadbeef);
5438 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithBogusEntry,
5439 sizeof(ctlWithBogusEntry), CRYPT_DECODE_ALLOC_FLAG, NULL,
5440 (BYTE *)&buf, &size);
5441 ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD || CRYPT_E_ASN1_CORRUPT),
5442 "expected CRYPT_E_ASN1_EOD or CRYPT_E_ASN1_CORRUPT, got %08x\n",
5443 GetLastError());
5444 info.SubjectAlgorithm.Parameters.cbData = 0;
5445 info.ThisUpdate.dwLowDateTime = info.ThisUpdate.dwHighDateTime = 0;
5446 info.NextUpdate.dwLowDateTime = info.NextUpdate.dwHighDateTime = 0;
5447 info.SubjectAlgorithm.pszObjId = oid2;
5448 info.SubjectAlgorithm.pszObjId = NULL;
5449 value1.cbData = sizeof(emptySequence);
5450 value1.pbData = (LPBYTE)emptySequence;
5451 attr1.pszObjId = oid1;
5452 attr1.cValue = 1;
5453 attr1.rgValue = &value1;
5454 ctlEntry[0].SubjectIdentifier.cbData = sizeof(serialNum);
5455 ctlEntry[0].SubjectIdentifier.pbData = (LPBYTE)serialNum;
5456 ctlEntry[0].cAttribute = 1;
5457 ctlEntry[0].rgAttribute = &attr1;
5458 info.cCTLEntry = 1;
5459 info.rgCTLEntry = ctlEntry;
5460 SetLastError(0xdeadbeef);
5461 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithOneEntry,
5462 sizeof(ctlWithOneEntry), CRYPT_DECODE_ALLOC_FLAG, NULL,
5463 (BYTE *)&buf, &size);
5464 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5465 if (buf)
5466 {
5467 compareCTLInfo("CTL with one entry", &info, (CTL_INFO *)buf);
5468 LocalFree(buf);
5469 buf = NULL;
5470 }
5471 value2.cbData = sizeof(encodedIPAddr);
5472 value2.pbData = (LPBYTE)encodedIPAddr;
5473 attr2.pszObjId = oid2;
5474 attr2.cValue = 1;
5475 attr2.rgValue = &value2;
5476 ctlEntry[1].SubjectIdentifier.cbData = sizeof(serialNum);
5477 ctlEntry[1].SubjectIdentifier.pbData = (LPBYTE)serialNum;
5478 ctlEntry[1].cAttribute = 1;
5479 ctlEntry[1].rgAttribute = &attr2;
5480 info.cCTLEntry = 2;
5481 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, ctlWithTwoEntries,
5482 sizeof(ctlWithTwoEntries), CRYPT_DECODE_ALLOC_FLAG, NULL,
5483 (BYTE *)&buf, &size);
5484 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5485 if (buf)
5486 {
5487 compareCTLInfo("CTL with two entries", &info, (CTL_INFO *)buf);
5488 LocalFree(buf);
5489 buf = NULL;
5490 }
5491 /* A signed CTL isn't decodable, even if the inner content is a CTL */
5492 SetLastError(0xdeadbeef);
5493 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL, signedCTL,
5494 sizeof(signedCTL), CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5495 ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
5496 "expected CRYPT_E_ASN1_BADTAG, got %08x\n", GetLastError());
5497 SetLastError(0xdeadbeef);
5498 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CTL,
5499 signedCTLWithCTLInnerContent, sizeof(signedCTLWithCTLInnerContent),
5500 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5501 ok(!ret && GetLastError() == CRYPT_E_ASN1_BADTAG,
5502 "expected CRYPT_E_ASN1_BADTAG, got %08x\n", GetLastError());
5503 }
5504
5505 static const BYTE emptyPKCSContentInfo[] = { 0x30,0x04,0x06,0x02,0x2a,0x03 };
5506 static const BYTE emptyPKCSContentInfoExtraBytes[] = { 0x30,0x04,0x06,0x02,0x2a,
5507 0x03,0,0,0,0,0,0 };
5508 static const BYTE bogusPKCSContentInfo[] = { 0x30,0x07,0x06,0x02,0x2a,0x03,
5509 0xa0,0x01,0x01 };
5510 static const BYTE intPKCSContentInfo[] = { 0x30,0x09,0x06,0x02,0x2a,0x03,0xa0,
5511 0x03,0x02,0x01,0x01 };
5512 static BYTE bogusDER[] = { 1 };
5513
5514 static void test_encodePKCSContentInfo(DWORD dwEncoding)
5515 {
5516 BOOL ret;
5517 BYTE *buf = NULL;
5518 DWORD size = 0;
5519 CRYPT_CONTENT_INFO info = { 0 };
5520 char oid1[] = "1.2.3";
5521
5522 SetLastError(0xdeadbeef);
5523 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, NULL,
5524 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5525 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
5526 "Expected STATUS_ACCESS_VIOLATION, got %x\n", GetLastError());
5527 SetLastError(0xdeadbeef);
5528 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5529 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5530 ok(!ret && GetLastError() == E_INVALIDARG,
5531 "Expected E_INVALIDARG, got %x\n", GetLastError());
5532 info.pszObjId = oid1;
5533 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5534 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5535 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
5536 if (buf)
5537 {
5538 ok(size == sizeof(emptyPKCSContentInfo), "Unexpected size %d\n", size);
5539 ok(!memcmp(buf, emptyPKCSContentInfo, size), "Unexpected value\n");
5540 LocalFree(buf);
5541 }
5542 info.Content.pbData = bogusDER;
5543 info.Content.cbData = sizeof(bogusDER);
5544 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5545 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5546 ok(ret, "CryptEncodeObjectEx failed; %x\n", GetLastError());
5547 if (buf)
5548 {
5549 ok(size == sizeof(bogusPKCSContentInfo), "Unexpected size %d\n", size);
5550 ok(!memcmp(buf, bogusPKCSContentInfo, size), "Unexpected value\n");
5551 LocalFree(buf);
5552 }
5553 info.Content.pbData = (BYTE *)ints[0].encoded;
5554 info.Content.cbData = ints[0].encoded[1] + 2;
5555 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_CONTENT_INFO, &info,
5556 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5557 if (buf)
5558 {
5559 ok(size == sizeof(intPKCSContentInfo), "Unexpected size %d\n", size);
5560 ok(!memcmp(buf, intPKCSContentInfo, size), "Unexpected value\n");
5561 LocalFree(buf);
5562 }
5563 }
5564
5565 static const BYTE indefiniteSignedPKCSContent[] = {
5566 0x30,0x80,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02,0xa0,0x80,
5567 0x30,0x80,0x02,0x01,0x01,0x31,0x0e,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,
5568 0xf7,0x0d,0x02,0x05,0x05,0x00,0x30,0x80,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
5569 0x0d,0x01,0x07,0x01,0xa0,0x80,0x24,0x80,0x04,0x04,0x01,0x02,0x03,0x04,0x04,
5570 0x04,0x01,0x02,0x03,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0xa0,0x81,0xd2,0x30,
5571 0x81,0xcf,0x02,0x01,0x01,0x30,0x02,0x06,0x00,0x30,0x15,0x31,0x13,0x30,0x11,
5572 0x06,0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
5573 0x67,0x00,0x30,0x22,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,0x31,0x30,
5574 0x30,0x30,0x30,0x30,0x30,0x5a,0x18,0x0f,0x31,0x36,0x30,0x31,0x30,0x31,0x30,
5575 0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
5576 0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
5577 0x00,0x30,0x5c,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,
5578 0x01,0x05,0x00,0x03,0x4b,0x00,0x30,0x48,0x02,0x41,0x00,0xe2,0x54,0x3a,0xa7,
5579 0x83,0xb1,0x27,0x14,0x3e,0x59,0xbb,0xb4,0x53,0xe6,0x1f,0xe7,0x5d,0xf1,0x21,
5580 0x68,0xad,0x85,0x53,0xdb,0x6b,0x1e,0xeb,0x65,0x97,0x03,0x86,0x60,0xde,0xf3,
5581 0x6c,0x38,0x75,0xe0,0x4c,0x61,0xbb,0xbc,0x62,0x17,0xa9,0xcd,0x79,0x3f,0x21,
5582 0x4e,0x96,0xcb,0x0e,0xdc,0x61,0x94,0x30,0x18,0x10,0x6b,0xd0,0x1c,0x10,0x79,
5583 0x02,0x03,0x01,0x00,0x01,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,
5584 0x13,0x01,0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x01,0x31,
5585 0x77,0x30,0x75,0x02,0x01,0x01,0x30,0x1a,0x30,0x15,0x31,0x13,0x30,0x11,0x06,
5586 0x03,0x55,0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,
5587 0x00,0x02,0x01,0x01,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,
5588 0x05,0x05,0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x04,0x40,0x57,0xba,0xe0,0xad,
5589 0xfe,0x36,0x8d,0xb3,0x88,0xa2,0x8d,0x84,0x82,0x52,0x09,0x09,0xd9,0xf0,0xb8,
5590 0x04,0xfa,0xb5,0x51,0x0b,0x2b,0x2e,0xd5,0x72,0x3e,0x3d,0x13,0x8a,0x51,0xc3,
5591 0x71,0x65,0x9a,0x52,0xf2,0x8f,0xb2,0x5b,0x39,0x28,0xb3,0x29,0x36,0xa5,0x8d,
5592 0xe3,0x55,0x71,0x91,0xf9,0x2a,0xd1,0xb8,0xaa,0x52,0xb8,0x22,0x3a,0xeb,0x61,
5593 0x00,0x00,0x00,0x00,0x00,0x00 };
5594
5595 static void test_decodePKCSContentInfo(DWORD dwEncoding)
5596 {
5597 BOOL ret;
5598 LPBYTE buf = NULL;
5599 DWORD size = 0;
5600 CRYPT_CONTENT_INFO *info;
5601
5602 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5603 emptyPKCSContentInfo, sizeof(emptyPKCSContentInfo),
5604 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5605 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5606 if (buf)
5607 {
5608 info = (CRYPT_CONTENT_INFO *)buf;
5609
5610 ok(!strcmp(info->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
5611 info->pszObjId);
5612 ok(info->Content.cbData == 0, "Expected no data, got %d\n",
5613 info->Content.cbData);
5614 LocalFree(buf);
5615 }
5616 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5617 emptyPKCSContentInfoExtraBytes, sizeof(emptyPKCSContentInfoExtraBytes),
5618 0, NULL, NULL, &size);
5619 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5620 SetLastError(0xdeadbeef);
5621 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5622 bogusPKCSContentInfo, sizeof(bogusPKCSContentInfo),
5623 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5624 /* Native fails with CRYPT_E_ASN1_EOD, accept also CRYPT_E_ASN1_CORRUPT as
5625 * I doubt an app depends on that.
5626 */
5627 ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
5628 GetLastError() == CRYPT_E_ASN1_CORRUPT),
5629 "Expected CRYPT_E_ASN1_EOD or CRYPT_E_ASN1_CORRUPT, got %x\n",
5630 GetLastError());
5631 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5632 intPKCSContentInfo, sizeof(intPKCSContentInfo),
5633 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5634 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5635 if (buf)
5636 {
5637 info = (CRYPT_CONTENT_INFO *)buf;
5638
5639 ok(!strcmp(info->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
5640 info->pszObjId);
5641 ok(info->Content.cbData == ints[0].encoded[1] + 2,
5642 "Unexpected size %d\n", info->Content.cbData);
5643 ok(!memcmp(info->Content.pbData, ints[0].encoded,
5644 info->Content.cbData), "Unexpected value\n");
5645 LocalFree(buf);
5646 }
5647 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_CONTENT_INFO,
5648 indefiniteSignedPKCSContent, sizeof(indefiniteSignedPKCSContent),
5649 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5650 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5651 if (buf)
5652 {
5653 info = (CRYPT_CONTENT_INFO *)buf;
5654
5655 ok(!strcmp(info->pszObjId, szOID_RSA_signedData),
5656 "Expected %s, got %s\n", szOID_RSA_signedData, info->pszObjId);
5657 ok(info->Content.cbData == 392, "Expected 392, got %d\n",
5658 info->Content.cbData);
5659 LocalFree(buf);
5660 }
5661 }
5662
5663 static const BYTE emptyPKCSAttr[] = { 0x30,0x06,0x06,0x02,0x2a,0x03,0x31,
5664 0x00 };
5665 static const BYTE bogusPKCSAttr[] = { 0x30,0x07,0x06,0x02,0x2a,0x03,0x31,0x01,
5666 0x01 };
5667 static const BYTE intPKCSAttr[] = { 0x30,0x09,0x06,0x02,0x2a,0x03,0x31,0x03,
5668 0x02,0x01,0x01 };
5669
5670 static void test_encodePKCSAttribute(DWORD dwEncoding)
5671 {
5672 CRYPT_ATTRIBUTE attr = { 0 };
5673 BOOL ret;
5674 LPBYTE buf = NULL;
5675 DWORD size = 0;
5676 CRYPT_ATTR_BLOB blob;
5677 char oid[] = "1.2.3";
5678
5679 SetLastError(0xdeadbeef);
5680 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, NULL,
5681 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5682 ok(!ret && GetLastError() == STATUS_ACCESS_VIOLATION,
5683 "Expected STATUS_ACCESS_VIOLATION, got %x\n", GetLastError());
5684 SetLastError(0xdeadbeef);
5685 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
5686 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5687 ok(!ret && GetLastError() == E_INVALIDARG,
5688 "Expected E_INVALIDARG, got %x\n", GetLastError());
5689 attr.pszObjId = oid;
5690 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
5691 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5692 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
5693 if (buf)
5694 {
5695 ok(size == sizeof(emptyPKCSAttr), "Unexpected size %d\n", size);
5696 ok(!memcmp(buf, emptyPKCSAttr, size), "Unexpected value\n");
5697 LocalFree(buf);
5698 }
5699 blob.cbData = sizeof(bogusDER);
5700 blob.pbData = bogusDER;
5701 attr.cValue = 1;
5702 attr.rgValue = &blob;
5703 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
5704 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5705 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
5706 if (buf)
5707 {
5708 ok(size == sizeof(bogusPKCSAttr), "Unexpected size %d\n", size);
5709 ok(!memcmp(buf, bogusPKCSAttr, size), "Unexpected value\n");
5710 LocalFree(buf);
5711 }
5712 blob.pbData = (BYTE *)ints[0].encoded;
5713 blob.cbData = ints[0].encoded[1] + 2;
5714 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTE, &attr,
5715 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5716 if (buf)
5717 {
5718 ok(size == sizeof(intPKCSAttr), "Unexpected size %d\n", size);
5719 ok(!memcmp(buf, intPKCSAttr, size), "Unexpected value\n");
5720 LocalFree(buf);
5721 }
5722 }
5723
5724 static void test_decodePKCSAttribute(DWORD dwEncoding)
5725 {
5726 BOOL ret;
5727 LPBYTE buf = NULL;
5728 DWORD size = 0;
5729 CRYPT_ATTRIBUTE *attr;
5730
5731 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTE,
5732 emptyPKCSAttr, sizeof(emptyPKCSAttr),
5733 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5734 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5735 if (buf)
5736 {
5737 attr = (CRYPT_ATTRIBUTE *)buf;
5738
5739 ok(!strcmp(attr->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
5740 attr->pszObjId);
5741 ok(attr->cValue == 0, "Expected no value, got %d\n", attr->cValue);
5742 LocalFree(buf);
5743 }
5744 SetLastError(0xdeadbeef);
5745 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTE,
5746 bogusPKCSAttr, sizeof(bogusPKCSAttr),
5747 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5748 /* Native fails with CRYPT_E_ASN1_EOD, accept also CRYPT_E_ASN1_CORRUPT as
5749 * I doubt an app depends on that.
5750 */
5751 ok(!ret && (GetLastError() == CRYPT_E_ASN1_EOD ||
5752 GetLastError() == CRYPT_E_ASN1_CORRUPT),
5753 "Expected CRYPT_E_ASN1_EOD or CRYPT_E_ASN1_CORRUPT, got %x\n",
5754 GetLastError());
5755 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTE,
5756 intPKCSAttr, sizeof(intPKCSAttr),
5757 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5758 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5759 if (buf)
5760 {
5761 attr = (CRYPT_ATTRIBUTE *)buf;
5762
5763 ok(!strcmp(attr->pszObjId, "1.2.3"), "Expected 1.2.3, got %s\n",
5764 attr->pszObjId);
5765 ok(attr->cValue == 1, "Expected 1 value, got %d\n", attr->cValue);
5766 ok(attr->rgValue[0].cbData == ints[0].encoded[1] + 2,
5767 "Unexpected size %d\n", attr->rgValue[0].cbData);
5768 ok(!memcmp(attr->rgValue[0].pbData, ints[0].encoded,
5769 attr->rgValue[0].cbData), "Unexpected value\n");
5770 LocalFree(buf);
5771 }
5772 }
5773
5774 static const BYTE emptyPKCSAttributes[] = { 0x31,0x00 };
5775 static const BYTE singlePKCSAttributes[] = { 0x31,0x08,0x30,0x06,0x06,0x02,
5776 0x2a,0x03,0x31,0x00 };
5777 static const BYTE doublePKCSAttributes[] = { 0x31,0x13,0x30,0x06,0x06,0x02,
5778 0x2a,0x03,0x31,0x00,0x30,0x09,0x06,0x02,0x2d,0x06,0x31,0x03,0x02,0x01,0x01 };
5779
5780 static void test_encodePKCSAttributes(DWORD dwEncoding)
5781 {
5782 CRYPT_ATTRIBUTES attributes = { 0 };
5783 CRYPT_ATTRIBUTE attr[2] = { { 0 } };
5784 CRYPT_ATTR_BLOB blob;
5785 BOOL ret;
5786 LPBYTE buf = NULL;
5787 DWORD size = 0;
5788 char oid1[] = "1.2.3", oid2[] = "1.5.6";
5789
5790 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
5791 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5792 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
5793 if (buf)
5794 {
5795 ok(size == sizeof(emptyPKCSAttributes), "Unexpected size %d\n", size);
5796 ok(!memcmp(buf, emptyPKCSAttributes, size), "Unexpected value\n");
5797 LocalFree(buf);
5798 }
5799 attributes.cAttr = 1;
5800 attributes.rgAttr = attr;
5801 SetLastError(0xdeadbeef);
5802 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
5803 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5804 ok(!ret && GetLastError() == E_INVALIDARG,
5805 "Expected E_INVALIDARG, got %x\n", GetLastError());
5806 attr[0].pszObjId = oid1;
5807 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
5808 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5809 if (buf)
5810 {
5811 ok(size == sizeof(singlePKCSAttributes), "Unexpected size %d\n", size);
5812 ok(!memcmp(buf, singlePKCSAttributes, size), "Unexpected value\n");
5813 LocalFree(buf);
5814 }
5815 attr[1].pszObjId = oid2;
5816 attr[1].cValue = 1;
5817 attr[1].rgValue = &blob;
5818 blob.pbData = (BYTE *)ints[0].encoded;
5819 blob.cbData = ints[0].encoded[1] + 2;
5820 attributes.cAttr = 2;
5821 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_ATTRIBUTES, &attributes,
5822 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5823 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
5824 if (buf)
5825 {
5826 ok(size == sizeof(doublePKCSAttributes), "Unexpected size %d\n", size);
5827 ok(!memcmp(buf, doublePKCSAttributes, size), "Unexpected value\n");
5828 LocalFree(buf);
5829 }
5830 }
5831
5832 static void test_decodePKCSAttributes(DWORD dwEncoding)
5833 {
5834 BOOL ret;
5835 LPBYTE buf = NULL;
5836 DWORD size = 0;
5837 CRYPT_ATTRIBUTES *attributes;
5838
5839 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
5840 emptyPKCSAttributes, sizeof(emptyPKCSAttributes),
5841 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5842 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5843 if (buf)
5844 {
5845 attributes = (CRYPT_ATTRIBUTES *)buf;
5846 ok(attributes->cAttr == 0, "Expected no attributes, got %d\n",
5847 attributes->cAttr);
5848 LocalFree(buf);
5849 }
5850 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
5851 singlePKCSAttributes, sizeof(singlePKCSAttributes),
5852 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5853 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5854 if (buf)
5855 {
5856 attributes = (CRYPT_ATTRIBUTES *)buf;
5857 ok(attributes->cAttr == 1, "Expected 1 attribute, got %d\n",
5858 attributes->cAttr);
5859 ok(!strcmp(attributes->rgAttr[0].pszObjId, "1.2.3"),
5860 "Expected 1.2.3, got %s\n", attributes->rgAttr[0].pszObjId);
5861 ok(attributes->rgAttr[0].cValue == 0,
5862 "Expected no attributes, got %d\n", attributes->rgAttr[0].cValue);
5863 LocalFree(buf);
5864 }
5865 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_ATTRIBUTES,
5866 doublePKCSAttributes, sizeof(doublePKCSAttributes),
5867 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5868 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
5869 if (buf)
5870 {
5871 attributes = (CRYPT_ATTRIBUTES *)buf;
5872 ok(attributes->cAttr == 2, "Expected 2 attributes, got %d\n",
5873 attributes->cAttr);
5874 ok(!strcmp(attributes->rgAttr[0].pszObjId, "1.2.3"),
5875 "Expected 1.2.3, got %s\n", attributes->rgAttr[0].pszObjId);
5876 ok(attributes->rgAttr[0].cValue == 0,
5877 "Expected no attributes, got %d\n", attributes->rgAttr[0].cValue);
5878 ok(!strcmp(attributes->rgAttr[1].pszObjId, "1.5.6"),
5879 "Expected 1.5.6, got %s\n", attributes->rgAttr[1].pszObjId);
5880 ok(attributes->rgAttr[1].cValue == 1,
5881 "Expected 1 attribute, got %d\n", attributes->rgAttr[1].cValue);
5882 ok(attributes->rgAttr[1].rgValue[0].cbData == ints[0].encoded[1] + 2,
5883 "Unexpected size %d\n", attributes->rgAttr[1].rgValue[0].cbData);
5884 ok(!memcmp(attributes->rgAttr[1].rgValue[0].pbData, ints[0].encoded,
5885 attributes->rgAttr[1].rgValue[0].cbData), "Unexpected value\n");
5886 LocalFree(buf);
5887 }
5888 }
5889
5890 static const BYTE singleCapability[] = {
5891 0x30,0x06,0x30,0x04,0x06,0x02,0x2d,0x06 };
5892 static const BYTE twoCapabilities[] = {
5893 0x30,0x0c,0x30,0x04,0x06,0x02,0x2d,0x06,0x30,0x04,0x06,0x02,0x2a,0x03 };
5894 static const BYTE singleCapabilitywithNULL[] = {
5895 0x30,0x08,0x30,0x06,0x06,0x02,0x2d,0x06,0x05,0x00 };
5896
5897 static void test_encodePKCSSMimeCapabilities(DWORD dwEncoding)
5898 {
5899 static char oid1[] = "1.5.6", oid2[] = "1.2.3";
5900 BOOL ret;
5901 LPBYTE buf = NULL;
5902 DWORD size = 0;
5903 CRYPT_SMIME_CAPABILITY capability[2];
5904 CRYPT_SMIME_CAPABILITIES capabilities;
5905
5906 /* An empty capabilities is allowed */
5907 capabilities.cCapability = 0;
5908 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
5909 &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5910 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5911 if (buf)
5912 {
5913 ok(size == sizeof(emptySequence), "unexpected size %d\n", size);
5914 ok(!memcmp(buf, emptySequence, size), "unexpected value\n");
5915 LocalFree(buf);
5916 }
5917 /* A non-empty capabilities with an empty capability (lacking an OID) is
5918 * not allowed
5919 */
5920 capability[0].pszObjId = NULL;
5921 capability[0].Parameters.cbData = 0;
5922 capabilities.cCapability = 1;
5923 capabilities.rgCapability = capability;
5924 SetLastError(0xdeadbeef);
5925 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
5926 &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5927 ok(!ret && GetLastError() == E_INVALIDARG,
5928 "expected E_INVALIDARG, got %08x\n", GetLastError());
5929 capability[0].pszObjId = oid1;
5930 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
5931 &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5932 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5933 if (buf)
5934 {
5935 ok(size == sizeof(singleCapability), "unexpected size %d\n", size);
5936 ok(!memcmp(buf, singleCapability, size), "unexpected value\n");
5937 LocalFree(buf);
5938 }
5939 capability[1].pszObjId = oid2;
5940 capability[1].Parameters.cbData = 0;
5941 capabilities.cCapability = 2;
5942 ret = pCryptEncodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
5943 &capabilities, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
5944 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
5945 if (buf)
5946 {
5947 ok(size == sizeof(twoCapabilities), "unexpected size %d\n", size);
5948 ok(!memcmp(buf, twoCapabilities, size), "unexpected value\n");
5949 LocalFree(buf);
5950 }
5951 }
5952
5953 static void compareSMimeCapabilities(LPCSTR header,
5954 const CRYPT_SMIME_CAPABILITIES *expected, const CRYPT_SMIME_CAPABILITIES *got)
5955 {
5956 DWORD i;
5957
5958 ok(got->cCapability == expected->cCapability,
5959 "%s: expected %d capabilities, got %d\n", header, expected->cCapability,
5960 got->cCapability);
5961 for (i = 0; i < expected->cCapability; i++)
5962 {
5963 ok(!strcmp(expected->rgCapability[i].pszObjId,
5964 got->rgCapability[i].pszObjId), "%s[%d]: expected %s, got %s\n",
5965 header, i, expected->rgCapability[i].pszObjId,
5966 got->rgCapability[i].pszObjId);
5967 ok(expected->rgCapability[i].Parameters.cbData ==
5968 got->rgCapability[i].Parameters.cbData,
5969 "%s[%d]: expected %d bytes, got %d\n", header, i,
5970 expected->rgCapability[i].Parameters.cbData,
5971 got->rgCapability[i].Parameters.cbData);
5972 if (expected->rgCapability[i].Parameters.cbData)
5973 ok(!memcmp(expected->rgCapability[i].Parameters.pbData,
5974 got->rgCapability[i].Parameters.pbData,
5975 expected->rgCapability[i].Parameters.cbData),
5976 "%s[%d]: unexpected value\n", header, i);
5977 }
5978 }
5979
5980 static void test_decodePKCSSMimeCapabilities(DWORD dwEncoding)
5981 {
5982 static char oid1[] = "1.5.6", oid2[] = "1.2.3";
5983 BOOL ret;
5984 DWORD size = 0;
5985 CRYPT_SMIME_CAPABILITY capability[2];
5986 CRYPT_SMIME_CAPABILITIES capabilities, *ptr;
5987
5988 SetLastError(0xdeadbeef);
5989 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
5990 emptySequence, sizeof(emptySequence),
5991 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&ptr, &size);
5992 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
5993 if (ret)
5994 {
5995 capabilities.cCapability = 0;
5996 compareSMimeCapabilities("empty capabilities", &capabilities, ptr);
5997 LocalFree(ptr);
5998 }
5999 SetLastError(0xdeadbeef);
6000 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6001 singleCapability, sizeof(singleCapability), CRYPT_DECODE_ALLOC_FLAG, NULL,
6002 (BYTE *)&ptr, &size);
6003 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
6004 if (ret)
6005 {
6006 capability[0].pszObjId = oid1;
6007 capability[0].Parameters.cbData = 0;
6008 capabilities.cCapability = 1;
6009 capabilities.rgCapability = capability;
6010 compareSMimeCapabilities("single capability", &capabilities, ptr);
6011 LocalFree(ptr);
6012 }
6013 SetLastError(0xdeadbeef);
6014 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6015 singleCapabilitywithNULL, sizeof(singleCapabilitywithNULL),
6016 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&ptr, &size);
6017 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
6018 if (ret)
6019 {
6020 BYTE NULLparam[] = {0x05, 0x00};
6021 capability[0].pszObjId = oid1;
6022 capability[0].Parameters.cbData = 2;
6023 capability[0].Parameters.pbData = NULLparam;
6024 capabilities.cCapability = 1;
6025 capabilities.rgCapability = capability;
6026 compareSMimeCapabilities("single capability with NULL", &capabilities,
6027 ptr);
6028 LocalFree(ptr);
6029 }
6030 SetLastError(0xdeadbeef);
6031 ret = pCryptDecodeObjectEx(dwEncoding, PKCS_SMIME_CAPABILITIES,
6032 twoCapabilities, sizeof(twoCapabilities), CRYPT_DECODE_ALLOC_FLAG, NULL,
6033 (BYTE *)&ptr, &size);
6034 ok(ret, "CryptDecodeObjectEx failed: %08x\n", GetLastError());
6035 if (ret)
6036 {
6037 capability[0].Parameters.cbData = 0;
6038 capability[1].pszObjId = oid2;
6039 capability[1].Parameters.cbData = 0;
6040 capabilities.cCapability = 2;
6041 compareSMimeCapabilities("two capabilities", &capabilities, ptr);
6042 LocalFree(ptr);
6043 }
6044 }
6045
6046 static BYTE encodedCommonNameNoNull[] = { 0x30,0x14,0x31,0x12,0x30,0x10,
6047 0x06,0x03,0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,
6048 0x67 };
6049 static const BYTE minimalPKCSSigner[] = {
6050 0x30,0x2b,0x02,0x01,0x00,0x30,0x18,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
6051 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
6052 0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x04,0x00 };
6053 static const BYTE PKCSSignerWithSerial[] = {
6054 0x30,0x2c,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
6055 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
6056 0x01,0x01,0x30,0x04,0x06,0x00,0x05,0x00,0x30,0x04,0x06,0x00,0x05,0x00,0x04,
6057 0x00 };
6058 static const BYTE PKCSSignerWithHashAlgo[] = {
6059 0x30,0x2e,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
6060 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
6061 0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x30,0x04,0x06,0x00,0x05,
6062 0x00,0x04,0x00 };
6063 static const BYTE PKCSSignerWithHashAndEncryptionAlgo[] = {
6064 0x30,0x30,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
6065 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
6066 0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x30,0x06,0x06,0x02,0x2d,
6067 0x06,0x05,0x00,0x04,0x00 };
6068 static const BYTE PKCSSignerWithHash[] = {
6069 0x30,0x40,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
6070 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
6071 0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0x30,0x06,0x06,0x02,0x2d,
6072 0x06,0x05,0x00,0x04,0x10,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
6073 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
6074 static const BYTE PKCSSignerWithAuthAttr[] = {
6075 0x30,0x62,0x02,0x01,0x00,0x30,0x19,0x30,0x14,0x31,0x12,0x30,0x10,0x06,0x03,
6076 0x55,0x04,0x03,0x13,0x09,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x02,
6077 0x01,0x01,0x30,0x06,0x06,0x02,0x2a,0x03,0x05,0x00,0xa0,0x20,0x30,0x1e,0x06,
6078 0x03,0x55,0x04,0x03,0x31,0x17,0x30,0x15,0x31,0x13,0x30,0x11,0x06,0x03,0x55,
6079 0x04,0x03,0x13,0x0a,0x4a,0x75,0x61,0x6e,0x20,0x4c,0x61,0x6e,0x67,0x00,0x30,
6080 0x06,0x06,0x02,0x2d,0x06,0x05,0x00,0x04,0x10,0x00,0x01,0x02,0x03,0x04,0x05,
6081 0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
6082
6083 static void test_encodePKCSSignerInfo(DWORD dwEncoding)
6084 {
6085 static char oid1[] = "1.2.3", oid2[] = "1.5.6";
6086 BOOL ret;
6087 LPBYTE buf = NULL;
6088 DWORD size = 0;
6089 CMSG_SIGNER_INFO info = { 0 };
6090 char oid_common_name[] = szOID_COMMON_NAME;
6091 CRYPT_ATTR_BLOB commonName = { sizeof(encodedCommonName),
6092 (LPBYTE)encodedCommonName };
6093 CRYPT_ATTRIBUTE attr = { oid_common_name, 1, &commonName };
6094
6095 SetLastError(0xdeadbeef);
6096 ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6097 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6098 if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
6099 {
6100 skip("no PKCS7_SIGNER_INFO encode support\n");
6101 return;
6102 }
6103 ok(!ret && GetLastError() == E_INVALIDARG,
6104 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6105 /* To be encoded, a signer must have an issuer at least, and the encoding
6106 * must include PKCS_7_ASN_ENCODING. (That isn't enough to be decoded,
6107 * see decoding tests.)
6108 */
6109 info.Issuer.cbData = sizeof(encodedCommonNameNoNull);
6110 info.Issuer.pbData = encodedCommonNameNoNull;
6111 SetLastError(0xdeadbeef);
6112 ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6113 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6114 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6115 ok(!ret && GetLastError() == E_INVALIDARG,
6116 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6117 else
6118 {
6119 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6120 if (buf)
6121 {
6122 ok(size == sizeof(minimalPKCSSigner), "Unexpected size %d\n", size);
6123 if (size == sizeof(minimalPKCSSigner))
6124 ok(!memcmp(buf, minimalPKCSSigner, size), "Unexpected value\n");
6125 else
6126 ok(0, "Unexpected value\n");
6127 LocalFree(buf);
6128 }
6129 }
6130 info.SerialNumber.cbData = sizeof(serialNum);
6131 info.SerialNumber.pbData = (BYTE *)serialNum;
6132 SetLastError(0xdeadbeef);
6133 ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6134 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6135 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6136 ok(!ret && GetLastError() == E_INVALIDARG,
6137 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6138 else
6139 {
6140 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6141 if (buf)
6142 {
6143 ok(size == sizeof(PKCSSignerWithSerial), "Unexpected size %d\n",
6144 size);
6145 if (size == sizeof(PKCSSignerWithSerial))
6146 ok(!memcmp(buf, PKCSSignerWithSerial, size),
6147 "Unexpected value\n");
6148 else
6149 ok(0, "Unexpected value\n");
6150 LocalFree(buf);
6151 }
6152 }
6153 info.HashAlgorithm.pszObjId = oid1;
6154 SetLastError(0xdeadbeef);
6155 ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6156 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6157 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6158 ok(!ret && GetLastError() == E_INVALIDARG,
6159 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6160 else
6161 {
6162 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6163 if (buf)
6164 {
6165 ok(size == sizeof(PKCSSignerWithHashAlgo), "Unexpected size %d\n",
6166 size);
6167 if (size == sizeof(PKCSSignerWithHashAlgo))
6168 ok(!memcmp(buf, PKCSSignerWithHashAlgo, size),
6169 "Unexpected value\n");
6170 else
6171 ok(0, "Unexpected value\n");
6172 LocalFree(buf);
6173 }
6174 }
6175 info.HashEncryptionAlgorithm.pszObjId = oid2;
6176 SetLastError(0xdeadbeef);
6177 ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6178 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6179 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6180 ok(!ret && GetLastError() == E_INVALIDARG,
6181 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6182 else
6183 {
6184 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6185 if (buf)
6186 {
6187 ok(size == sizeof(PKCSSignerWithHashAndEncryptionAlgo),
6188 "Unexpected size %d\n", size);
6189 if (size == sizeof(PKCSSignerWithHashAndEncryptionAlgo))
6190 ok(!memcmp(buf, PKCSSignerWithHashAndEncryptionAlgo, size),
6191 "Unexpected value\n");
6192 else
6193 ok(0, "Unexpected value\n");
6194 LocalFree(buf);
6195 }
6196 }
6197 info.EncryptedHash.cbData = sizeof(hash);
6198 info.EncryptedHash.pbData = (BYTE *)hash;
6199 SetLastError(0xdeadbeef);
6200 ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6201 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6202 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6203 ok(!ret && GetLastError() == E_INVALIDARG,
6204 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6205 else
6206 {
6207 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6208 if (buf)
6209 {
6210 ok(size == sizeof(PKCSSignerWithHash), "Unexpected size %d\n",
6211 size);
6212 if (size == sizeof(PKCSSignerWithHash))
6213 ok(!memcmp(buf, PKCSSignerWithHash, size),
6214 "Unexpected value\n");
6215 else
6216 ok(0, "Unexpected value\n");
6217 LocalFree(buf);
6218 }
6219 }
6220 info.AuthAttrs.cAttr = 1;
6221 info.AuthAttrs.rgAttr = &attr;
6222 SetLastError(0xdeadbeef);
6223 ret = pCryptEncodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO, &info,
6224 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6225 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6226 ok(!ret && GetLastError() == E_INVALIDARG,
6227 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6228 else
6229 {
6230 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6231 if (buf)
6232 {
6233 ok(size == sizeof(PKCSSignerWithAuthAttr), "Unexpected size %d\n",
6234 size);
6235 if (size == sizeof(PKCSSignerWithAuthAttr))
6236 ok(!memcmp(buf, PKCSSignerWithAuthAttr, size),
6237 "Unexpected value\n");
6238 else
6239 ok(0, "Unexpected value\n");
6240 LocalFree(buf);
6241 }
6242 }
6243 }
6244
6245 static void test_decodePKCSSignerInfo(DWORD dwEncoding)
6246 {
6247 BOOL ret;
6248 LPBYTE buf = NULL;
6249 DWORD size = 0;
6250 CMSG_SIGNER_INFO *info;
6251
6252 /* A PKCS signer can't be decoded without a serial number. */
6253 SetLastError(0xdeadbeef);
6254 ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6255 minimalPKCSSigner, sizeof(minimalPKCSSigner),
6256 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6257 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
6258 "Expected CRYPT_E_ASN1_CORRUPT, got %x\n", GetLastError());
6259 ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6260 PKCSSignerWithSerial, sizeof(PKCSSignerWithSerial),
6261 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6262 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6263 if (buf)
6264 {
6265 info = (CMSG_SIGNER_INFO *)buf;
6266 ok(info->dwVersion == 0, "Expected version 0, got %d\n",
6267 info->dwVersion);
6268 ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
6269 "Unexpected size %d\n", info->Issuer.cbData);
6270 ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
6271 info->Issuer.cbData), "Unexpected value\n");
6272 ok(info->SerialNumber.cbData == sizeof(serialNum),
6273 "Unexpected size %d\n", info->SerialNumber.cbData);
6274 ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
6275 "Unexpected value\n");
6276 LocalFree(buf);
6277 }
6278 ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6279 PKCSSignerWithHashAlgo, sizeof(PKCSSignerWithHashAlgo),
6280 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6281 if (buf)
6282 {
6283 info = (CMSG_SIGNER_INFO *)buf;
6284 ok(info->dwVersion == 0, "Expected version 0, got %d\n",
6285 info->dwVersion);
6286 ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
6287 "Unexpected size %d\n", info->Issuer.cbData);
6288 ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
6289 info->Issuer.cbData), "Unexpected value\n");
6290 ok(info->SerialNumber.cbData == sizeof(serialNum),
6291 "Unexpected size %d\n", info->SerialNumber.cbData);
6292 ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
6293 "Unexpected value\n");
6294 ok(!strcmp(info->HashAlgorithm.pszObjId, "1.2.3"),
6295 "Expected 1.2.3, got %s\n", info->HashAlgorithm.pszObjId);
6296 LocalFree(buf);
6297 }
6298 ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6299 PKCSSignerWithHashAndEncryptionAlgo,
6300 sizeof(PKCSSignerWithHashAndEncryptionAlgo), CRYPT_DECODE_ALLOC_FLAG,
6301 NULL, (BYTE *)&buf, &size);
6302 if (buf)
6303 {
6304 info = (CMSG_SIGNER_INFO *)buf;
6305 ok(info->dwVersion == 0, "Expected version 0, got %d\n",
6306 info->dwVersion);
6307 ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
6308 "Unexpected size %d\n", info->Issuer.cbData);
6309 ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
6310 info->Issuer.cbData), "Unexpected value\n");
6311 ok(info->SerialNumber.cbData == sizeof(serialNum),
6312 "Unexpected size %d\n", info->SerialNumber.cbData);
6313 ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
6314 "Unexpected value\n");
6315 ok(!strcmp(info->HashAlgorithm.pszObjId, "1.2.3"),
6316 "Expected 1.2.3, got %s\n", info->HashAlgorithm.pszObjId);
6317 ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, "1.5.6"),
6318 "Expected 1.5.6, got %s\n", info->HashEncryptionAlgorithm.pszObjId);
6319 LocalFree(buf);
6320 }
6321 ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6322 PKCSSignerWithHash, sizeof(PKCSSignerWithHash),
6323 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6324 if (buf)
6325 {
6326 info = (CMSG_SIGNER_INFO *)buf;
6327 ok(info->dwVersion == 0, "Expected version 0, got %d\n",
6328 info->dwVersion);
6329 ok(info->Issuer.cbData == sizeof(encodedCommonNameNoNull),
6330 "Unexpected size %d\n", info->Issuer.cbData);
6331 ok(!memcmp(info->Issuer.pbData, encodedCommonNameNoNull,
6332 info->Issuer.cbData), "Unexpected value\n");
6333 ok(info->SerialNumber.cbData == sizeof(serialNum),
6334 "Unexpected size %d\n", info->SerialNumber.cbData);
6335 ok(!memcmp(info->SerialNumber.pbData, serialNum, sizeof(serialNum)),
6336 "Unexpected value\n");
6337 ok(!strcmp(info->HashAlgorithm.pszObjId, "1.2.3"),
6338 "Expected 1.2.3, got %s\n", info->HashAlgorithm.pszObjId);
6339 ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, "1.5.6"),
6340 "Expected 1.5.6, got %s\n", info->HashEncryptionAlgorithm.pszObjId);
6341 ok(info->EncryptedHash.cbData == sizeof(hash), "Unexpected size %d\n",
6342 info->EncryptedHash.cbData);
6343 ok(!memcmp(info->EncryptedHash.pbData, hash, sizeof(hash)),
6344 "Unexpected value\n");
6345 LocalFree(buf);
6346 }
6347 ret = pCryptDecodeObjectEx(dwEncoding, PKCS7_SIGNER_INFO,
6348 PKCSSignerWithAuthAttr, sizeof(PKCSSignerWithAuthAttr),
6349 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6350 if (buf)
6351 {
6352 info = (CMSG_SIGNER_INFO *)buf;
6353 ok(info->AuthAttrs.cAttr == 1, "Expected 1 attribute, got %d\n",
6354 info->AuthAttrs.cAttr);
6355 ok(!strcmp(info->AuthAttrs.rgAttr[0].pszObjId, szOID_COMMON_NAME),
6356 "Expected %s, got %s\n", szOID_COMMON_NAME,
6357 info->AuthAttrs.rgAttr[0].pszObjId);
6358 ok(info->AuthAttrs.rgAttr[0].cValue == 1, "Expected 1 value, got %d\n",
6359 info->AuthAttrs.rgAttr[0].cValue);
6360 ok(info->AuthAttrs.rgAttr[0].rgValue[0].cbData ==
6361 sizeof(encodedCommonName), "Unexpected size %d\n",
6362 info->AuthAttrs.rgAttr[0].rgValue[0].cbData);
6363 ok(!memcmp(info->AuthAttrs.rgAttr[0].rgValue[0].pbData,
6364 encodedCommonName, sizeof(encodedCommonName)), "Unexpected value\n");
6365 LocalFree(buf);
6366 }
6367 }
6368
6369 static const BYTE CMSSignerWithKeyId[] = {
6370 0x30,0x14,0x02,0x01,0x00,0x80,0x01,0x01,0x30,0x04,0x06,0x00,0x05,0x00,0x30,
6371 0x04,0x06,0x00,0x05,0x00,0x04,0x00 };
6372
6373 static void test_encodeCMSSignerInfo(DWORD dwEncoding)
6374 {
6375 BOOL ret;
6376 LPBYTE buf = NULL;
6377 DWORD size = 0;
6378 CMSG_CMS_SIGNER_INFO info = { 0 };
6379 static char oid1[] = "1.2.3", oid2[] = "1.5.6";
6380
6381 SetLastError(0xdeadbeef);
6382 ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6383 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6384 ok(!ret && GetLastError() == E_INVALIDARG,
6385 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6386 info.SignerId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
6387 SetLastError(0xdeadbeef);
6388 ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6389 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6390 ok(!ret, "Expected failure, got %d\n", ret);
6391 ok(GetLastError() == E_INVALIDARG,
6392 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6393 /* To be encoded, a signer must have a valid cert ID, where a valid ID may
6394 * be a key id or a issuer serial number with at least the issuer set, and
6395 * the encoding must include PKCS_7_ASN_ENCODING.
6396 * (That isn't enough to be decoded, see decoding tests.)
6397 */
6398 U(info.SignerId).IssuerSerialNumber.Issuer.cbData =
6399 sizeof(encodedCommonNameNoNull);
6400 U(info.SignerId).IssuerSerialNumber.Issuer.pbData = encodedCommonNameNoNull;
6401 SetLastError(0xdeadbeef);
6402 ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6403 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6404 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6405 ok(!ret && GetLastError() == E_INVALIDARG,
6406 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6407 else
6408 {
6409 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6410 if (buf)
6411 {
6412 ok(size == sizeof(minimalPKCSSigner), "Unexpected size %d\n", size);
6413 ok(!memcmp(buf, minimalPKCSSigner, size), "Unexpected value\n");
6414 LocalFree(buf);
6415 }
6416 }
6417 U(info.SignerId).IssuerSerialNumber.SerialNumber.cbData = sizeof(serialNum);
6418 U(info.SignerId).IssuerSerialNumber.SerialNumber.pbData = (BYTE *)serialNum;
6419 SetLastError(0xdeadbeef);
6420 ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6421 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6422 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6423 ok(!ret && GetLastError() == E_INVALIDARG,
6424 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6425 else
6426 {
6427 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6428 if (buf)
6429 {
6430 ok(size == sizeof(PKCSSignerWithSerial), "Unexpected size %d\n",
6431 size);
6432 ok(!memcmp(buf, PKCSSignerWithSerial, size), "Unexpected value\n");
6433 LocalFree(buf);
6434 }
6435 }
6436 info.SignerId.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
6437 U(info.SignerId).KeyId.cbData = sizeof(serialNum);
6438 U(info.SignerId).KeyId.pbData = (BYTE *)serialNum;
6439 SetLastError(0xdeadbeef);
6440 ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6441 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6442 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6443 ok(!ret && GetLastError() == E_INVALIDARG,
6444 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6445 else
6446 {
6447 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6448 if (buf)
6449 {
6450 ok(size == sizeof(CMSSignerWithKeyId), "Unexpected size %d\n",
6451 size);
6452 ok(!memcmp(buf, CMSSignerWithKeyId, size), "Unexpected value\n");
6453 LocalFree(buf);
6454 }
6455 }
6456 /* While a CERT_ID can have a hash type, that's not allowed in CMS, where
6457 * only the IssuerAndSerialNumber and SubjectKeyIdentifier types are allowed
6458 * (see RFC 3852, section 5.3.)
6459 */
6460 info.SignerId.dwIdChoice = CERT_ID_SHA1_HASH;
6461 U(info.SignerId).HashId.cbData = sizeof(hash);
6462 U(info.SignerId).HashId.pbData = (BYTE *)hash;
6463 SetLastError(0xdeadbeef);
6464 ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6465 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6466 ok(!ret && GetLastError() == E_INVALIDARG,
6467 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6468 /* Now with a hash algo */
6469 info.SignerId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
6470 U(info.SignerId).IssuerSerialNumber.Issuer.cbData =
6471 sizeof(encodedCommonNameNoNull);
6472 U(info.SignerId).IssuerSerialNumber.Issuer.pbData = encodedCommonNameNoNull;
6473 info.HashAlgorithm.pszObjId = oid1;
6474 SetLastError(0xdeadbeef);
6475 ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6476 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6477 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6478 ok(!ret && GetLastError() == E_INVALIDARG,
6479 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6480 else
6481 {
6482 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6483 if (buf)
6484 {
6485 ok(size == sizeof(PKCSSignerWithHashAlgo), "Unexpected size %d\n",
6486 size);
6487 ok(!memcmp(buf, PKCSSignerWithHashAlgo, size),
6488 "Unexpected value\n");
6489 LocalFree(buf);
6490 }
6491 }
6492 info.HashEncryptionAlgorithm.pszObjId = oid2;
6493 SetLastError(0xdeadbeef);
6494 ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6495 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6496 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6497 ok(!ret && GetLastError() == E_INVALIDARG,
6498 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6499 else
6500 {
6501 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6502 if (buf)
6503 {
6504 ok(size == sizeof(PKCSSignerWithHashAndEncryptionAlgo),
6505 "Unexpected size %d\n", size);
6506 ok(!memcmp(buf, PKCSSignerWithHashAndEncryptionAlgo, size),
6507 "Unexpected value\n");
6508 LocalFree(buf);
6509 }
6510 }
6511 info.EncryptedHash.cbData = sizeof(hash);
6512 info.EncryptedHash.pbData = (BYTE *)hash;
6513 SetLastError(0xdeadbeef);
6514 ret = pCryptEncodeObjectEx(dwEncoding, CMS_SIGNER_INFO, &info,
6515 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6516 if (!(dwEncoding & PKCS_7_ASN_ENCODING))
6517 ok(!ret && GetLastError() == E_INVALIDARG,
6518 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6519 else
6520 {
6521 ok(ret, "CryptEncodeObjectEx failed: %x\n", GetLastError());
6522 if (buf)
6523 {
6524 ok(size == sizeof(PKCSSignerWithHash), "Unexpected size %d\n",
6525 size);
6526 ok(!memcmp(buf, PKCSSignerWithHash, size), "Unexpected value\n");
6527 LocalFree(buf);
6528 }
6529 }
6530 }
6531
6532 static void test_decodeCMSSignerInfo(DWORD dwEncoding)
6533 {
6534 BOOL ret;
6535 LPBYTE buf = NULL;
6536 DWORD size = 0;
6537 CMSG_CMS_SIGNER_INFO *info;
6538 static char oid1[] = "1.2.3", oid2[] = "1.5.6";
6539
6540 /* A CMS signer can't be decoded without a serial number. */
6541 SetLastError(0xdeadbeef);
6542 ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6543 minimalPKCSSigner, sizeof(minimalPKCSSigner),
6544 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6545 ok(!ret && GetLastError() == CRYPT_E_ASN1_CORRUPT,
6546 "Expected CRYPT_E_ASN1_CORRUPT, got %x\n", GetLastError());
6547 ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6548 PKCSSignerWithSerial, sizeof(PKCSSignerWithSerial),
6549 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6550 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6551 if (buf)
6552 {
6553 info = (CMSG_CMS_SIGNER_INFO *)buf;
6554 ok(info->dwVersion == 0, "Expected version 0, got %d\n",
6555 info->dwVersion);
6556 ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
6557 "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
6558 info->SignerId.dwIdChoice);
6559 ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6560 sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6561 U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
6562 ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6563 encodedCommonNameNoNull,
6564 U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
6565 "Unexpected value\n");
6566 ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
6567 sizeof(serialNum), "Unexpected size %d\n",
6568 U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
6569 ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
6570 serialNum, sizeof(serialNum)), "Unexpected value\n");
6571 LocalFree(buf);
6572 }
6573 ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6574 PKCSSignerWithHashAlgo, sizeof(PKCSSignerWithHashAlgo),
6575 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6576 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6577 if (buf)
6578 {
6579 info = (CMSG_CMS_SIGNER_INFO *)buf;
6580 ok(info->dwVersion == 0, "Expected version 0, got %d\n",
6581 info->dwVersion);
6582 ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
6583 "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
6584 info->SignerId.dwIdChoice);
6585 ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6586 sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6587 U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
6588 ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6589 encodedCommonNameNoNull,
6590 U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
6591 "Unexpected value\n");
6592 ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
6593 sizeof(serialNum), "Unexpected size %d\n",
6594 U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
6595 ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
6596 serialNum, sizeof(serialNum)), "Unexpected value\n");
6597 ok(!strcmp(info->HashAlgorithm.pszObjId, oid1),
6598 "Expected %s, got %s\n", oid1, info->HashAlgorithm.pszObjId);
6599 LocalFree(buf);
6600 }
6601 ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6602 PKCSSignerWithHashAndEncryptionAlgo,
6603 sizeof(PKCSSignerWithHashAndEncryptionAlgo), CRYPT_DECODE_ALLOC_FLAG,
6604 NULL, (BYTE *)&buf, &size);
6605 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6606 if (buf)
6607 {
6608 info = (CMSG_CMS_SIGNER_INFO *)buf;
6609 ok(info->dwVersion == 0, "Expected version 0, got %d\n",
6610 info->dwVersion);
6611 ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
6612 "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
6613 info->SignerId.dwIdChoice);
6614 ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6615 sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6616 U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
6617 ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6618 encodedCommonNameNoNull,
6619 U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
6620 "Unexpected value\n");
6621 ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
6622 sizeof(serialNum), "Unexpected size %d\n",
6623 U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
6624 ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
6625 serialNum, sizeof(serialNum)), "Unexpected value\n");
6626 ok(!strcmp(info->HashAlgorithm.pszObjId, oid1),
6627 "Expected %s, got %s\n", oid1, info->HashAlgorithm.pszObjId);
6628 ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, oid2),
6629 "Expected %s, got %s\n", oid2, info->HashEncryptionAlgorithm.pszObjId);
6630 LocalFree(buf);
6631 }
6632 ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6633 PKCSSignerWithHash, sizeof(PKCSSignerWithHash),
6634 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6635 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6636 if (buf)
6637 {
6638 info = (CMSG_CMS_SIGNER_INFO *)buf;
6639 ok(info->dwVersion == 0, "Expected version 0, got %d\n",
6640 info->dwVersion);
6641 ok(info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER,
6642 "Expected CERT_ID_ISSUER_SERIAL_NUMBER, got %d\n",
6643 info->SignerId.dwIdChoice);
6644 ok(U(info->SignerId).IssuerSerialNumber.Issuer.cbData ==
6645 sizeof(encodedCommonNameNoNull), "Unexpected size %d\n",
6646 U(info->SignerId).IssuerSerialNumber.Issuer.cbData);
6647 ok(!memcmp(U(info->SignerId).IssuerSerialNumber.Issuer.pbData,
6648 encodedCommonNameNoNull,
6649 U(info->SignerId).IssuerSerialNumber.Issuer.cbData),
6650 "Unexpected value\n");
6651 ok(U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData ==
6652 sizeof(serialNum), "Unexpected size %d\n",
6653 U(info->SignerId).IssuerSerialNumber.SerialNumber.cbData);
6654 ok(!memcmp(U(info->SignerId).IssuerSerialNumber.SerialNumber.pbData,
6655 serialNum, sizeof(serialNum)), "Unexpected value\n");
6656 ok(!strcmp(info->HashAlgorithm.pszObjId, oid1),
6657 "Expected %s, got %s\n", oid1, info->HashAlgorithm.pszObjId);
6658 ok(!strcmp(info->HashEncryptionAlgorithm.pszObjId, oid2),
6659 "Expected %s, got %s\n", oid2, info->HashEncryptionAlgorithm.pszObjId);
6660 ok(info->EncryptedHash.cbData == sizeof(hash), "Unexpected size %d\n",
6661 info->EncryptedHash.cbData);
6662 ok(!memcmp(info->EncryptedHash.pbData, hash, sizeof(hash)),
6663 "Unexpected value\n");
6664 LocalFree(buf);
6665 }
6666 ret = pCryptDecodeObjectEx(dwEncoding, CMS_SIGNER_INFO,
6667 CMSSignerWithKeyId, sizeof(CMSSignerWithKeyId),
6668 CRYPT_DECODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6669 ok(ret, "CryptDecodeObjectEx failed: %x\n", GetLastError());
6670 if (buf)
6671 {
6672 info = (CMSG_CMS_SIGNER_INFO *)buf;
6673 ok(info->dwVersion == 0, "Expected version 0, got %d\n",
6674 info->dwVersion);
6675 ok(info->SignerId.dwIdChoice == CERT_ID_KEY_IDENTIFIER,
6676 "Expected CERT_ID_KEY_IDENTIFIER, got %d\n",
6677 info->SignerId.dwIdChoice);
6678 ok(U(info->SignerId).KeyId.cbData == sizeof(serialNum),
6679 "Unexpected size %d\n", U(info->SignerId).KeyId.cbData);
6680 ok(!memcmp(U(info->SignerId).KeyId.pbData, serialNum, sizeof(serialNum)),
6681 "Unexpected value\n");
6682 LocalFree(buf);
6683 }
6684 }
6685
6686 static BYTE emptyDNSPermittedConstraints[] = {
6687 0x30,0x06,0xa0,0x04,0x30,0x02,0x82,0x00 };
6688 static BYTE emptyDNSExcludedConstraints[] = {
6689 0x30,0x06,0xa1,0x04,0x30,0x02,0x82,0x00 };
6690 static BYTE DNSExcludedConstraints[] = {
6691 0x30,0x17,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,
6692 0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
6693 static BYTE permittedAndExcludedConstraints[] = {
6694 0x30,0x25,0xa0,0x0c,0x30,0x0a,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,
6695 0x01,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x77,
6696 0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
6697 static BYTE permittedAndExcludedWithMinConstraints[] = {
6698 0x30,0x28,0xa0,0x0f,0x30,0x0d,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,
6699 0x01,0x80,0x01,0x05,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,0x74,0x70,0x3a,
6700 0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
6701 static BYTE permittedAndExcludedWithMinMaxConstraints[] = {
6702 0x30,0x2b,0xa0,0x12,0x30,0x10,0x87,0x08,0x30,0x06,0x87,0x04,0x7f,0x00,0x00,
6703 0x01,0x80,0x01,0x05,0x81,0x01,0x03,0xa1,0x15,0x30,0x13,0x82,0x11,0x68,0x74,
6704 0x74,0x70,0x3a,0x2f,0x2f,0x77,0x69,0x6e,0x65,0x68,0x71,0x2e,0x6f,0x72,0x67 };
6705
6706 static void test_encodeNameConstraints(DWORD dwEncoding)
6707 {
6708 BOOL ret;
6709 CERT_NAME_CONSTRAINTS_INFO constraints = { 0 };
6710 CERT_GENERAL_SUBTREE permitted = { { 0 } };
6711 CERT_GENERAL_SUBTREE excluded = { { 0 } };
6712 LPBYTE buf;
6713 DWORD size;
6714
6715 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
6716 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6717 if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
6718 {
6719 skip("no X509_NAME_CONSTRAINTS encode support\n");
6720 return;
6721 }
6722 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6723 if (ret)
6724 {
6725 ok(size == sizeof(emptySequence), "Unexpected size\n");
6726 ok(!memcmp(buf, emptySequence, size), "Unexpected value\n");
6727 LocalFree(buf);
6728 }
6729 constraints.cPermittedSubtree = 1;
6730 constraints.rgPermittedSubtree = &permitted;
6731 SetLastError(0xdeadbeef);
6732 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
6733 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6734 ok(!ret && GetLastError() == E_INVALIDARG,
6735 "Expected E_INVALIDARG, got %08x\n", GetLastError());
6736 permitted.Base.dwAltNameChoice = CERT_ALT_NAME_DNS_NAME;
6737 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
6738 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6739 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6740 if (ret)
6741 {
6742 ok(size == sizeof(emptyDNSPermittedConstraints), "Unexpected size\n");
6743 ok(!memcmp(buf, emptyDNSPermittedConstraints, size),
6744 "Unexpected value\n");
6745 LocalFree(buf);
6746 }
6747 constraints.cPermittedSubtree = 0;
6748 constraints.cExcludedSubtree = 1;
6749 constraints.rgExcludedSubtree = &excluded;
6750 excluded.Base.dwAltNameChoice = CERT_ALT_NAME_DNS_NAME;
6751 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
6752 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6753 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6754 if (ret)
6755 {
6756 ok(size == sizeof(emptyDNSExcludedConstraints), "Unexpected size\n");
6757 ok(!memcmp(buf, emptyDNSExcludedConstraints, size),
6758 "Unexpected value\n");
6759 LocalFree(buf);
6760 }
6761 U(excluded.Base).pwszURL = (LPWSTR)url;
6762 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
6763 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6764 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6765 if (ret)
6766 {
6767 ok(size == sizeof(DNSExcludedConstraints), "Unexpected size\n");
6768 ok(!memcmp(buf, DNSExcludedConstraints, size),
6769 "Unexpected value\n");
6770 LocalFree(buf);
6771 }
6772 permitted.Base.dwAltNameChoice = CERT_ALT_NAME_IP_ADDRESS;
6773 U(permitted.Base).IPAddress.cbData = sizeof(encodedIPAddr);
6774 U(permitted.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
6775 constraints.cPermittedSubtree = 1;
6776 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
6777 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6778 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6779 if (ret)
6780 {
6781 ok(size == sizeof(permittedAndExcludedConstraints),
6782 "Unexpected size\n");
6783 ok(!memcmp(buf, permittedAndExcludedConstraints, size),
6784 "Unexpected value\n");
6785 LocalFree(buf);
6786 }
6787 permitted.dwMinimum = 5;
6788 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
6789 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6790 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6791 if (ret)
6792 {
6793 ok(size == sizeof(permittedAndExcludedWithMinConstraints),
6794 "Unexpected size\n");
6795 ok(!memcmp(buf, permittedAndExcludedWithMinConstraints, size),
6796 "Unexpected value\n");
6797 LocalFree(buf);
6798 }
6799 permitted.fMaximum = TRUE;
6800 permitted.dwMaximum = 3;
6801 SetLastError(0xdeadbeef);
6802 ret = pCryptEncodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS, &constraints,
6803 CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&buf, &size);
6804 ok(ret, "CryptEncodeObjectEx failed: %08x\n", GetLastError());
6805 if (ret)
6806 {
6807 ok(size == sizeof(permittedAndExcludedWithMinMaxConstraints),
6808 "Unexpected size\n");
6809 ok(!memcmp(buf, permittedAndExcludedWithMinMaxConstraints, size),
6810 "Unexpected value\n");
6811 LocalFree(buf);
6812 }
6813 }
6814
6815 struct EncodedNameConstraints
6816 {
6817 CRYPT_DATA_BLOB encoded;
6818 CERT_NAME_CONSTRAINTS_INFO constraints;
6819 };
6820
6821 static CERT_GENERAL_SUBTREE emptyDNSSubtree = {
6822 { CERT_ALT_NAME_DNS_NAME, { 0 } }, 0 };
6823 static CERT_GENERAL_SUBTREE DNSSubtree = {
6824 { CERT_ALT_NAME_DNS_NAME, { 0 } }, 0 };
6825 static CERT_GENERAL_SUBTREE IPAddressSubtree = {
6826 { CERT_ALT_NAME_IP_ADDRESS, { 0 } }, 0 };
6827 static CERT_GENERAL_SUBTREE IPAddressWithMinSubtree = {
6828 { CERT_ALT_NAME_IP_ADDRESS, { 0 } }, 5, 0 };
6829 static CERT_GENERAL_SUBTREE IPAddressWithMinMaxSubtree = {
6830 { CERT_ALT_NAME_IP_ADDRESS, { 0 } }, 5, TRUE, 3 };
6831
6832 struct EncodedNameConstraints encodedNameConstraints[] = {
6833 { { sizeof(emptySequence), (LPBYTE)emptySequence }, { 0 } },
6834 { { sizeof(emptyDNSPermittedConstraints), emptyDNSPermittedConstraints },
6835 { 1, &emptyDNSSubtree, 0, NULL } },
6836 { { sizeof(emptyDNSExcludedConstraints), emptyDNSExcludedConstraints },
6837 { 0, NULL, 1, &emptyDNSSubtree } },
6838 { { sizeof(DNSExcludedConstraints), DNSExcludedConstraints },
6839 { 0, NULL, 1, &DNSSubtree } },
6840 { { sizeof(permittedAndExcludedConstraints), permittedAndExcludedConstraints },
6841 { 1, &IPAddressSubtree, 1, &DNSSubtree } },
6842 { { sizeof(permittedAndExcludedWithMinConstraints),
6843 permittedAndExcludedWithMinConstraints },
6844 { 1, &IPAddressWithMinSubtree, 1, &DNSSubtree } },
6845 { { sizeof(permittedAndExcludedWithMinMaxConstraints),
6846 permittedAndExcludedWithMinMaxConstraints },
6847 { 1, &IPAddressWithMinMaxSubtree, 1, &DNSSubtree } },
6848 };
6849
6850 static void test_decodeNameConstraints(DWORD dwEncoding)
6851 {
6852 BOOL ret;
6853 DWORD i;
6854 CERT_NAME_CONSTRAINTS_INFO *constraints;
6855
6856 U(DNSSubtree.Base).pwszURL = (LPWSTR)url;
6857 U(IPAddressSubtree.Base).IPAddress.cbData = sizeof(encodedIPAddr);
6858 U(IPAddressSubtree.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
6859 U(IPAddressWithMinSubtree.Base).IPAddress.cbData = sizeof(encodedIPAddr);
6860 U(IPAddressWithMinSubtree.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
6861 U(IPAddressWithMinMaxSubtree.Base).IPAddress.cbData = sizeof(encodedIPAddr);
6862 U(IPAddressWithMinMaxSubtree.Base).IPAddress.pbData = (LPBYTE)encodedIPAddr;
6863 for (i = 0;
6864 i < sizeof(encodedNameConstraints) / sizeof(encodedNameConstraints[0]);
6865 i++)
6866 {
6867 DWORD size;
6868
6869 ret = pCryptDecodeObjectEx(dwEncoding, X509_NAME_CONSTRAINTS,
6870 encodedNameConstraints[i].encoded.pbData,
6871 encodedNameConstraints[i].encoded.cbData,
6872 CRYPT_DECODE_ALLOC_FLAG, NULL, &constraints, &size);
6873 if (!ret && GetLastError() == ERROR_FILE_NOT_FOUND)
6874 {
6875 skip("no X509_NAME_CONSTRAINTS decode support\n");
6876 return;
6877 }
6878 ok(ret, "%d: CryptDecodeObjectEx failed: %08x\n", i, GetLastError());
6879 if (ret)
6880 {
6881 DWORD j;
6882
6883 if (constraints->cPermittedSubtree !=
6884 encodedNameConstraints[i].constraints.cPermittedSubtree)
6885 fprintf(stderr, "%d: expected %d permitted, got %d\n", i,
6886 encodedNameConstraints[i].constraints.cPermittedSubtree,
6887 constraints->cPermittedSubtree);
6888 if (constraints->cPermittedSubtree ==
6889 encodedNameConstraints[i].constraints.cPermittedSubtree)
6890 {
6891 for (j = 0; j < constraints->cPermittedSubtree; j++)
6892 {
6893 compareAltNameEntry(&constraints->rgPermittedSubtree[j].Base,
6894 &encodedNameConstraints[i].constraints.rgPermittedSubtree[j].Base);
6895 }
6896 }
6897 if (constraints->cExcludedSubtree !=
6898 encodedNameConstraints[i].constraints.cExcludedSubtree)
6899 fprintf(stderr, "%d: expected %d excluded, got %d\n", i,
6900 encodedNameConstraints[i].constraints.cExcludedSubtree,
6901 constraints->cExcludedSubtree);
6902 if (constraints->cExcludedSubtree ==
6903 encodedNameConstraints[i].constraints.cExcludedSubtree)
6904 {
6905 for (j = 0; j < constraints->cExcludedSubtree; j++)
6906 {
6907 compareAltNameEntry(&constraints->rgExcludedSubtree[j].Base,
6908 &encodedNameConstraints[i].constraints.rgExcludedSubtree[j].Base);
6909 }
6910 }
6911 LocalFree(constraints);
6912 }
6913 }
6914 }
6915
6916 /* Free *pInfo with HeapFree */
6917 static void testExportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO *pInfo)
6918 {
6919 BOOL ret;
6920 DWORD size = 0;
6921 HCRYPTKEY key;
6922
6923 /* This crashes
6924 ret = CryptExportPublicKeyInfoEx(0, 0, 0, NULL, 0, NULL, NULL, NULL);
6925 */
6926 ret = CryptExportPublicKeyInfoEx(0, 0, 0, NULL, 0, NULL, NULL, &size);
6927 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
6928 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
6929 ret = CryptExportPublicKeyInfoEx(0, AT_SIGNATURE, 0, NULL, 0, NULL, NULL,
6930 &size);
6931 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
6932 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
6933 ret = CryptExportPublicKeyInfoEx(0, 0, X509_ASN_ENCODING, NULL, 0, NULL,
6934 NULL, &size);
6935 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
6936 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
6937 ret = CryptExportPublicKeyInfoEx(0, AT_SIGNATURE, X509_ASN_ENCODING, NULL,
6938 0, NULL, NULL, &size);
6939 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
6940 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
6941 /* Test with no key */
6942 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING, NULL,
6943 0, NULL, NULL, &size);
6944 ok(!ret && GetLastError() == NTE_NO_KEY, "Expected NTE_NO_KEY, got %08x\n",
6945 GetLastError());
6946 ret = CryptGenKey(csp, AT_SIGNATURE, 0, &key);
6947 ok(ret, "CryptGenKey failed: %08x\n", GetLastError());
6948 if (ret)
6949 {
6950 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE, X509_ASN_ENCODING,
6951 NULL, 0, NULL, NULL, &size);
6952 ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n", GetLastError());
6953 *pInfo = HeapAlloc(GetProcessHeap(), 0, size);
6954 if (*pInfo)
6955 {
6956 ret = CryptExportPublicKeyInfoEx(csp, AT_SIGNATURE,
6957 X509_ASN_ENCODING, NULL, 0, NULL, *pInfo, &size);
6958 ok(ret, "CryptExportPublicKeyInfoEx failed: %08x\n",
6959 GetLastError());
6960 if (ret)
6961 {
6962 /* By default (we passed NULL as the OID) the OID is
6963 * szOID_RSA_RSA.
6964 */
6965 ok(!strcmp((*pInfo)->Algorithm.pszObjId, szOID_RSA_RSA),
6966 "Expected %s, got %s\n", szOID_RSA_RSA,
6967 (*pInfo)->Algorithm.pszObjId);
6968 }
6969 }
6970 }
6971 CryptDestroyKey(key);
6972 }
6973
6974 static const BYTE expiredCert[] = { 0x30, 0x82, 0x01, 0x33, 0x30, 0x81, 0xe2,
6975 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0xc4, 0xd7, 0x7f, 0x0e, 0x6f, 0xa6,
6976 0x8c, 0xaa, 0x47, 0x47, 0x40, 0xe7, 0xb7, 0x0b, 0x4a, 0x7f, 0x30, 0x09, 0x06,
6977 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, 0x30, 0x1f, 0x31, 0x1d, 0x30,
6978 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
6979 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
6980 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x36, 0x39, 0x30, 0x31, 0x30, 0x31, 0x30,
6981 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30,
6982 0x31, 0x30, 0x36, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x1f, 0x31, 0x1d, 0x30,
6983 0x1b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x14, 0x61, 0x72, 0x69, 0x63, 0x40,
6984 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63,
6985 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
6986 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41,
6987 0x00, 0xa1, 0xaf, 0x4a, 0xea, 0xa7, 0x83, 0x57, 0xc0, 0x37, 0x33, 0x7e, 0x29,
6988 0x5e, 0x0d, 0xfc, 0x44, 0x74, 0x3a, 0x1d, 0xc3, 0x1b, 0x1d, 0x96, 0xed, 0x4e,
6989 0xf4, 0x1b, 0x98, 0xec, 0x69, 0x1b, 0x04, 0xea, 0x25, 0xcf, 0xb3, 0x2a, 0xf5,
6990 0xd9, 0x22, 0xd9, 0x8d, 0x08, 0x39, 0x81, 0xc6, 0xe0, 0x4f, 0x12, 0x37, 0x2a,
6991 0x3f, 0x80, 0xa6, 0x6c, 0x67, 0x43, 0x3a, 0xdd, 0x95, 0x0c, 0xbb, 0x2f, 0x6b,
6992 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
6993 0x1d, 0x05, 0x00, 0x03, 0x41, 0x00, 0x8f, 0xa2, 0x5b, 0xd6, 0xdf, 0x34, 0xd0,
6994 0xa2, 0xa7, 0x47, 0xf1, 0x13, 0x79, 0xd3, 0xf3, 0x39, 0xbd, 0x4e, 0x2b, 0xa3,
6995 0xf4, 0x63, 0x37, 0xac, 0x5a, 0x0c, 0x5e, 0x4d, 0x0d, 0x54, 0x87, 0x4f, 0x31,
6996 0xfb, 0xa0, 0xce, 0x8f, 0x9a, 0x2f, 0x4d, 0x48, 0xc6, 0x84, 0x8d, 0xf5, 0x70,
6997 0x74, 0x17, 0xa5, 0xf3, 0x66, 0x47, 0x06, 0xd6, 0x64, 0x45, 0xbc, 0x52, 0xef,
6998 0x49, 0xe5, 0xf9, 0x65, 0xf3 };
6999
7000 static void testImportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO info)
7001 {
7002 BOOL ret;
7003 HCRYPTKEY key;
7004 PCCERT_CONTEXT context;
7005 DWORD dwSize;
7006 ALG_ID ai;
7007
7008 /* These crash
7009 ret = CryptImportPublicKeyInfoEx(0, 0, NULL, 0, 0, NULL, NULL);
7010 ret = CryptImportPublicKeyInfoEx(0, 0, NULL, 0, 0, NULL, &key);
7011 ret = CryptImportPublicKeyInfoEx(0, 0, info, 0, 0, NULL, NULL);
7012 ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, 0, 0, NULL,
7013 NULL);
7014 */
7015 ret = CryptImportPublicKeyInfoEx(0, 0, info, 0, 0, NULL, &key);
7016 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
7017 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
7018 ret = CryptImportPublicKeyInfoEx(csp, 0, info, 0, 0, NULL, &key);
7019 ok(!ret && GetLastError() == ERROR_FILE_NOT_FOUND,
7020 "Expected ERROR_FILE_NOT_FOUND, got %08x\n", GetLastError());
7021 ret = CryptImportPublicKeyInfoEx(0, X509_ASN_ENCODING, info, 0, 0, NULL,
7022 &key);
7023 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
7024 "Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
7025
7026 /* Export key with standard algorithm (CALG_RSA_KEYX) */
7027 ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, 0, 0, NULL,
7028 &key);
7029 ok(ret, "CryptImportPublicKeyInfoEx failed: %08x\n", GetLastError());
7030
7031 dwSize = sizeof(ai);
7032 CryptGetKeyParam(key, KP_ALGID, (LPVOID)&ai, &dwSize, 0);
7033 ok(ret, "CryptGetKeyParam failed: %08x\n", GetLastError());
7034 if(ret)
7035 {
7036 ok(dwSize == sizeof(ai), "CryptGetKeyParam returned size %d\n",dwSize);
7037 ok(ai == CALG_RSA_KEYX, "Default ALG_ID is %04x (expected CALG_RSA_KEYX)\n", ai);
7038 }
7039
7040 CryptDestroyKey(key);
7041
7042 /* Repeat with forced algorithm */
7043 ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING, info, CALG_RSA_SIGN, 0, NULL,
7044 &key);
7045 ok(ret, "CryptImportPublicKeyInfoEx failed: %08x\n", GetLastError());
7046
7047 dwSize = sizeof(ai);
7048 CryptGetKeyParam(key, KP_ALGID, (LPVOID)&ai, &dwSize, 0);
7049 ok(ret, "CryptGetKeyParam failed: %08x\n", GetLastError());
7050 if(ret)
7051 {
7052 ok(dwSize == sizeof(ai), "CryptGetKeyParam returned size %d\n",dwSize);
7053 ok(ai == CALG_RSA_SIGN, "ALG_ID is %04x (expected CALG_RSA_SIGN)\n", ai);
7054 }
7055
7056 CryptDestroyKey(key);
7057
7058 /* Test importing a public key from a certificate context */
7059 context = CertCreateCertificateContext(X509_ASN_ENCODING, expiredCert,
7060 sizeof(expiredCert));
7061 ok(context != NULL, "CertCreateCertificateContext failed: %08x\n",
7062 GetLastError());
7063 if (context)
7064 {
7065 ok(!strcmp(szOID_RSA_RSA,
7066 context->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId),
7067 "Expected %s, got %s\n", szOID_RSA_RSA,
7068 context->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId);
7069 ret = CryptImportPublicKeyInfoEx(csp, X509_ASN_ENCODING,
7070 &context->pCertInfo->SubjectPublicKeyInfo, 0, 0, NULL, &key);
7071 ok(ret, "CryptImportPublicKeyInfoEx failed: %08x\n", GetLastError());
7072 CryptDestroyKey(key);
7073 CertFreeCertificateContext(context);
7074 }
7075 }
7076
7077 static const char cspName[] = "WineCryptTemp";
7078
7079 static void testPortPublicKeyInfo(void)
7080 {
7081 HCRYPTPROV csp;
7082 BOOL ret;
7083 PCERT_PUBLIC_KEY_INFO info = NULL;
7084
7085 /* Just in case a previous run failed, delete this thing */
7086 CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
7087 CRYPT_DELETEKEYSET);
7088 ret = CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
7089 CRYPT_NEWKEYSET);
7090
7091 testExportPublicKey(csp, &info);
7092 testImportPublicKey(csp, info);
7093
7094 HeapFree(GetProcessHeap(), 0, info);
7095 CryptReleaseContext(csp, 0);
7096 ret = CryptAcquireContextA(&csp, cspName, MS_DEF_PROV, PROV_RSA_FULL,
7097 CRYPT_DELETEKEYSET);
7098 }
7099
7100 START_TEST(encode)
7101 {
7102 static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING,
7103 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING };
7104 HMODULE hCrypt32;
7105 DWORD i;
7106
7107 hCrypt32 = GetModuleHandleA("crypt32.dll");
7108 pCryptDecodeObjectEx = (void*)GetProcAddress(hCrypt32, "CryptDecodeObjectEx");
7109 pCryptEncodeObjectEx = (void*)GetProcAddress(hCrypt32, "CryptEncodeObjectEx");
7110 if (!pCryptDecodeObjectEx || !pCryptEncodeObjectEx)
7111 {
7112 skip("CryptDecodeObjectEx() is not available\n");
7113 return;
7114 }
7115
7116 for (i = 0; i < sizeof(encodings) / sizeof(encodings[0]); i++)
7117 {
7118 test_encodeInt(encodings[i]);
7119 test_decodeInt(encodings[i]);
7120 test_encodeEnumerated(encodings[i]);
7121 test_decodeEnumerated(encodings[i]);
7122 test_encodeFiletime(encodings[i]);
7123 test_decodeFiletime(encodings[i]);
7124 test_encodeName(encodings[i]);
7125 test_decodeName(encodings[i]);
7126 test_encodeUnicodeName(encodings[i]);
7127 test_decodeUnicodeName(encodings[i]);
7128 test_encodeNameValue(encodings[i]);
7129 test_decodeNameValue(encodings[i]);
7130 test_encodeUnicodeNameValue(encodings[i]);
7131 test_decodeUnicodeNameValue(encodings[i]);
7132 test_encodeAltName(encodings[i]);
7133 test_decodeAltName(encodings[i]);
7134 test_encodeOctets(encodings[i]);
7135 test_decodeOctets(encodings[i]);
7136 test_encodeBits(encodings[i]);
7137 test_decodeBits(encodings[i]);
7138 test_encodeBasicConstraints(encodings[i]);
7139 test_decodeBasicConstraints(encodings[i]);
7140 test_encodeRsaPublicKey(encodings[i]);
7141 test_decodeRsaPublicKey(encodings[i]);
7142 test_encodeSequenceOfAny(encodings[i]);
7143 test_decodeSequenceOfAny(encodings[i]);
7144 test_encodeExtensions(encodings[i]);
7145 test_decodeExtensions(encodings[i]);
7146 test_encodePublicKeyInfo(encodings[i]);
7147 test_decodePublicKeyInfo(encodings[i]);
7148 test_encodeCertToBeSigned(encodings[i]);
7149 test_decodeCertToBeSigned(encodings[i]);
7150 test_encodeCert(encodings[i]);
7151 test_decodeCert(encodings[i]);
7152 test_encodeCRLDistPoints(encodings[i]);
7153 test_decodeCRLDistPoints(encodings[i]);
7154 test_encodeCRLIssuingDistPoint(encodings[i]);
7155 test_decodeCRLIssuingDistPoint(encodings[i]);
7156 test_encodeCRLToBeSigned(encodings[i]);
7157 test_decodeCRLToBeSigned(encodings[i]);
7158 test_encodeEnhancedKeyUsage(encodings[i]);
7159 test_decodeEnhancedKeyUsage(encodings[i]);
7160 test_encodeAuthorityKeyId(encodings[i]);
7161 test_decodeAuthorityKeyId(encodings[i]);
7162 test_encodeAuthorityKeyId2(encodings[i]);
7163 test_decodeAuthorityKeyId2(encodings[i]);
7164 test_encodeAuthorityInfoAccess(encodings[i]);
7165 test_decodeAuthorityInfoAccess(encodings[i]);
7166 test_encodeCTL(encodings[i]);
7167 test_decodeCTL(encodings[i]);
7168 test_encodePKCSContentInfo(encodings[i]);
7169 test_decodePKCSContentInfo(encodings[i]);
7170 test_encodePKCSAttribute(encodings[i]);
7171 test_decodePKCSAttribute(encodings[i]);
7172 test_encodePKCSAttributes(encodings[i]);
7173 test_decodePKCSAttributes(encodings[i]);
7174 test_encodePKCSSMimeCapabilities(encodings[i]);
7175 test_decodePKCSSMimeCapabilities(encodings[i]);
7176 test_encodePKCSSignerInfo(encodings[i]);
7177 test_decodePKCSSignerInfo(encodings[i]);
7178 test_encodeCMSSignerInfo(encodings[i]);
7179 test_decodeCMSSignerInfo(encodings[i]);
7180 test_encodeNameConstraints(encodings[i]);
7181 test_decodeNameConstraints(encodings[i]);
7182 }
7183 testPortPublicKeyInfo();
7184 }
useful hacks and other patches not (yet) suitable for mainline