static void init_environment(void)
{
HCRYPTPROV hProv;
/* Ensure that container "wine_test_keyset" does exist */
if (!pCryptAcquireContextA(&hProv, szKeySet, szRsaBaseProv, PROV_RSA_FULL, 0))
{
pCryptAcquireContextA(&hProv, szKeySet, szRsaBaseProv, PROV_RSA_FULL, CRYPT_NEWKEYSET);
}
pCryptReleaseContext(hProv, 0);
/* Ensure that container "wine_test_keyset" does exist in default PROV_RSA_FULL type provider */
if (!pCryptAcquireContextA(&hProv, szKeySet, NULL, PROV_RSA_FULL, 0))
{
pCryptAcquireContextA(&hProv, szKeySet, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET);
}
pCryptReleaseContext(hProv, 0);
/* Ensure that container "wine_test_bad_keyset" does not exist. */
if (pCryptAcquireContextA(&hProv, szBadKeySet, szRsaBaseProv, PROV_RSA_FULL, 0))
{
pCryptReleaseContext(hProv, 0);
pCryptAcquireContextA(&hProv, szBadKeySet, szRsaBaseProv, PROV_RSA_FULL, CRYPT_DELETEKEYSET);
}
}
static void test_acquire_context(void)
{
BOOL result;
HCRYPTPROV hProv;
DWORD GLE;
/* Provoke all kinds of error conditions (which are easy to provoke).
* The order of the error tests seems to match Windows XP's rsaenh.dll CSP,
* but since this is likely to change between CSP versions, we don't check
* this. Please don't change the order of tests. */
result = pCryptAcquireContextA(&hProv, NULL, NULL, 0, 0);
ok(!result && GetLastError()==NTE_BAD_PROV_TYPE, "%d\n", GetLastError());
result = pCryptAcquireContextA(&hProv, NULL, NULL, 1000, 0);
ok(!result && GetLastError()==NTE_BAD_PROV_TYPE, "%d\n", GetLastError());
result = pCryptAcquireContextA(&hProv, NULL, NULL, NON_DEF_PROV_TYPE, 0);
ok(!result && GetLastError()==NTE_PROV_TYPE_NOT_DEF, "%d\n", GetLastError());
result = pCryptAcquireContextA(&hProv, szKeySet, szNonExistentProv, PROV_RSA_FULL, 0);
ok(!result && GetLastError()==NTE_KEYSET_NOT_DEF, "%d\n", GetLastError());
result = pCryptAcquireContextA(&hProv, szKeySet, szRsaBaseProv, NON_DEF_PROV_TYPE, 0);
ok(!result && GetLastError()==NTE_PROV_TYPE_NO_MATCH, "%d\n", GetLastError());
/* This test fails under Win2k SP4:
result = TRUE, GetLastError() == ERROR_INVALID_PARAMETER
SetLastError(0xdeadbeef);
result = pCryptAcquireContextA(NULL, szKeySet, szRsaBaseProv, PROV_RSA_FULL, 0);
ok(!result && GetLastError()==ERROR_INVALID_PARAMETER, "%d/%d\n", result, GetLastError());
*/
/* Last not least, try to really acquire a context. */
hProv = 0;
SetLastError(0xdeadbeef);
result = pCryptAcquireContextA(&hProv, szKeySet, szRsaBaseProv, PROV_RSA_FULL, 0);
GLE = GetLastError();
ok(result && (GLE == ERROR_ENVVAR_NOT_FOUND ||
GLE == ERROR_SUCCESS ||
GLE == ERROR_RING2_STACK_IN_USE ||
GLE == NTE_FAIL ||
GLE == ERROR_NOT_LOGGED_ON), "%d/%d\n", result, GLE);
if (hProv)
pCryptReleaseContext(hProv, 0);
/* Try again, witch an empty ("\0") szProvider parameter */
hProv = 0;
SetLastError(0xdeadbeef);
result = pCryptAcquireContextA(&hProv, szKeySet, "", PROV_RSA_FULL, 0);
GLE = GetLastError();
ok(result && (GLE == ERROR_ENVVAR_NOT_FOUND ||
GLE == ERROR_SUCCESS ||
GLE == ERROR_RING2_STACK_IN_USE ||
GLE == NTE_FAIL ||
GLE == ERROR_NOT_LOGGED_ON), "%d/%d\n", result, GetLastError());
if (hProv)
pCryptReleaseContext(hProv, 0);
}
static void clean_up_environment(void)
{
HCRYPTPROV hProv;
/* Remove container "wine_test_keyset" */
if (pCryptAcquireContextA(&hProv, szKeySet, szRsaBaseProv, PROV_RSA_FULL, 0))
{
pCryptReleaseContext(hProv, 0);
pCryptAcquireContextA(&hProv, szKeySet, szRsaBaseProv, PROV_RSA_FULL, CRYPT_DELETEKEYSET);
}
/* Remove container "wine_test_keyset" from default PROV_RSA_FULL type provider */
if (pCryptAcquireContextA(&hProv, szKeySet, NULL, PROV_RSA_FULL, 0))
{
pCryptReleaseContext(hProv, 0);
pCryptAcquireContextA(&hProv, szKeySet, NULL, PROV_RSA_FULL, CRYPT_DELETEKEYSET);
}
/* Remove container "wine_test_bad_keyset" */
if (pCryptAcquireContextA(&hProv, szBadKeySet, szRsaBaseProv, PROV_RSA_FULL, 0))
{
pCryptReleaseContext(hProv, 0);
pCryptAcquireContextA(&hProv, szBadKeySet, szRsaBaseProv, PROV_RSA_FULL, CRYPT_DELETEKEYSET);
}
}
BOOL DeleteKeySet(const char *csp_name, const char *cont_name, DWORD flag)
{
// 公開鍵の削除
#ifndef MS_DEF_PROV
typedef unsigned long HCRYPTPROV;
#define MS_DEF_PROV "Microsoft Base Cryptographic Provider v1.0"
#define MS_ENHANCED_PROV "Microsoft Enhanced Cryptographic Provider v1.0"
#define CRYPT_DELETEKEYSET 0x00000010
#define CRYPT_MACHINE_KEYSET 0x00000020
#define PROV_RSA_FULL 1
#endif
static HINSTANCE advdll;
static BOOL (WINAPI *pCryptAcquireContext)(HCRYPTPROV *, LPCSTR, LPCSTR, DWORD, DWORD);
static BOOL (WINAPI *pCryptReleaseContext)(HCRYPTPROV, DWORD);
if (!advdll) {
advdll = ::LoadLibrary("advapi32.dll");
pCryptAcquireContext = (BOOL (WINAPI *)(HCRYPTPROV *, LPCSTR, LPCSTR, DWORD, DWORD))
::GetProcAddress(advdll, "CryptAcquireContextA");
pCryptReleaseContext = (BOOL (WINAPI *)(HCRYPTPROV, DWORD))
::GetProcAddress(advdll, "CryptReleaseContext");
}
if (!pCryptAcquireContext || !pCryptReleaseContext) return TRUE;
HCRYPTPROV hCsp = NULL;
if (!pCryptAcquireContext(&hCsp, cont_name, csp_name, PROV_RSA_FULL, flag|CRYPT_DELETEKEYSET)) {
if (pCryptAcquireContext(&hCsp, cont_name, csp_name, PROV_RSA_FULL, flag)) {
pCryptReleaseContext(hCsp, 0);
return FALSE;
}
}
return TRUE;
}
static void test_machine_guid(void)
{
char originalGuid[40];
LONG r;
HKEY key;
DWORD size;
HCRYPTPROV hCryptProv;
BOOL restoreGuid = FALSE, ret;
r = RegOpenKeyExA(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Cryptography",
0, KEY_ALL_ACCESS, &key);
if (r != ERROR_SUCCESS)
{
skip("couldn't open HKLM\\Software\\Microsoft\\Cryptography\n");
return;
}
/* Cache existing MachineGuid, and delete it */
size = sizeof(originalGuid);
r = RegQueryValueExA(key, "MachineGuid", NULL, NULL, (BYTE *)originalGuid,
&size);
if (r == ERROR_SUCCESS)
{
restoreGuid = TRUE;
r = RegDeleteValueA(key, "MachineGuid");
ok(!r, "RegDeleteValueA failed: %d\n", r);
}
else
ok(r == ERROR_FILE_NOT_FOUND, "expected ERROR_FILE_NOT_FOUND, got %d\n",
r);
/* Create and release a provider */
ret = pCryptAcquireContextA(&hCryptProv, szKeySet, NULL, PROV_RSA_FULL, 0);
ok(ret || broken(!ret && GetLastError() == NTE_KEYSET_ENTRY_BAD /* NT4 */),
"CryptAcquireContextA failed: %08x\n", GetLastError());
pCryptReleaseContext(hCryptProv, 0);
if (restoreGuid)
RegSetValueExA(key, "MachineGuid", 0, REG_SZ, (const BYTE *)originalGuid,
strlen(originalGuid)+1);
RegCloseKey(key);
}
static void test_rc2_keylen(void)
{
struct KeyBlob
{
BLOBHEADER header;
DWORD key_size;
BYTE key_data[2048];
} key_blob;
HCRYPTPROV provider;
HCRYPTKEY hkey = 0;
BOOL ret;
SetLastError(0xdeadbeef);
ret = pCryptAcquireContextA(&provider, NULL, NULL,
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
ok(ret, "CryptAcquireContext error %u\n", GetLastError());
if (ret)
{
key_blob.header.bType = PLAINTEXTKEYBLOB;
key_blob.header.bVersion = CUR_BLOB_VERSION;
key_blob.header.reserved = 0;
key_blob.header.aiKeyAlg = CALG_RC2;
key_blob.key_size = sizeof(key);
memcpy(key_blob.key_data, key, key_length);
/* Importing a 16-byte key works with the default provider. */
SetLastError(0xdeadbeef);
ret = pCryptImportKey(provider, (BYTE*)&key_blob,
sizeof(BLOBHEADER)+sizeof(DWORD)+key_blob.key_size,
0, CRYPT_IPSEC_HMAC_KEY, &hkey);
/* CRYPT_IPSEC_HMAC_KEY is not supported on W2K and lower */
ok(ret ||
broken(!ret && GetLastError() == NTE_BAD_FLAGS),
"CryptImportKey error %08x\n", GetLastError());
if (ret)
pCryptDestroyKey(hkey);
pCryptReleaseContext(provider, 0);
}
SetLastError(0xdeadbeef);
ret = pCryptAcquireContextA(&provider, NULL, MS_DEF_PROV,
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
ok(ret, "CryptAcquireContext error %08x\n", GetLastError());
if (ret)
{
/* Importing a 16-byte key doesn't work with the base provider.. */
SetLastError(0xdeadbeef);
ret = pCryptImportKey(provider, (BYTE*)&key_blob,
sizeof(BLOBHEADER)+sizeof(DWORD)+key_blob.key_size,
0, 0, &hkey);
ok(!ret && (GetLastError() == NTE_BAD_DATA ||
GetLastError() == NTE_BAD_LEN || /* Win7 */
GetLastError() == NTE_BAD_TYPE || /* W2K */
GetLastError() == NTE_PERM), /* Win9x, WinMe and NT4 */
"unexpected error %08x\n", GetLastError());
/* but importing an 56-bit (7-byte) key does.. */
key_blob.key_size = 7;
SetLastError(0xdeadbeef);
ret = pCryptImportKey(provider, (BYTE*)&key_blob,
sizeof(BLOBHEADER)+sizeof(DWORD)+key_blob.key_size,
0, 0, &hkey);
ok(ret ||
broken(!ret && GetLastError() == NTE_BAD_TYPE) || /* W2K */
broken(!ret && GetLastError() == NTE_PERM), /* Win9x, WinMe and NT4 */
"CryptAcquireContext error %08x\n", GetLastError());
if (ret)
pCryptDestroyKey(hkey);
/* as does importing a 16-byte key with the base provider when
* CRYPT_IPSEC_HMAC_KEY is specified.
*/
key_blob.key_size = sizeof(key);
SetLastError(0xdeadbeef);
ret = pCryptImportKey(provider, (BYTE*)&key_blob,
sizeof(BLOBHEADER)+sizeof(DWORD)+key_blob.key_size,
0, CRYPT_IPSEC_HMAC_KEY, &hkey);
/* CRYPT_IPSEC_HMAC_KEY is not supported on W2K and lower */
ok(ret ||
broken(!ret && GetLastError() == NTE_BAD_FLAGS),
"CryptImportKey error %08x\n", GetLastError());
if (ret)
pCryptDestroyKey(hkey);
pCryptReleaseContext(provider, 0);
}
key_blob.key_size = sizeof(key);
SetLastError(0xdeadbeef);
ret = pCryptAcquireContextA(&provider, NULL, NULL,
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
ok(ret, "CryptAcquireContext error %08x\n", GetLastError());
if (ret)
{
/* Importing a 16-byte key also works with the default provider when
* CRYPT_IPSEC_HMAC_KEY is specified.
*/
SetLastError(0xdeadbeef);
ret = pCryptImportKey(provider, (BYTE*)&key_blob,
sizeof(BLOBHEADER)+sizeof(DWORD)+key_blob.key_size,
0, CRYPT_IPSEC_HMAC_KEY, &hkey);
ok(ret ||
broken(!ret && GetLastError() == NTE_BAD_FLAGS),
"CryptImportKey error %08x\n", GetLastError());
if (ret)
pCryptDestroyKey(hkey);
/* There is no apparent limit to the size of the input key when
* CRYPT_IPSEC_HMAC_KEY is specified.
*/
key_blob.key_size = sizeof(key_blob.key_data);
SetLastError(0xdeadbeef);
ret = pCryptImportKey(provider, (BYTE*)&key_blob,
sizeof(BLOBHEADER)+sizeof(DWORD)+key_blob.key_size,
0, CRYPT_IPSEC_HMAC_KEY, &hkey);
ok(ret ||
broken(!ret && GetLastError() == NTE_BAD_FLAGS),
"CryptImportKey error %08x\n", GetLastError());
if (ret)
pCryptDestroyKey(hkey);
pCryptReleaseContext(provider, 0);
}
}
static void test_verify_sig(void)
{
BOOL ret;
HCRYPTPROV prov;
HCRYPTKEY key;
HCRYPTHASH hash;
BYTE bogus[] = { 0 };
if (!pCryptVerifySignatureW)
{
win_skip("CryptVerifySignatureW is not available\n");
return;
}
SetLastError(0xdeadbeef);
ret = pCryptVerifySignatureW(0, NULL, 0, 0, NULL, 0);
if (!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
{
win_skip("CryptVerifySignatureW is not implemented\n");
return;
}
ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
"Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
ret = pCryptAcquireContextA(&prov, szKeySet, NULL, PROV_RSA_FULL,
CRYPT_NEWKEYSET);
if (!ret && GetLastError() == NTE_EXISTS)
ret = pCryptAcquireContextA(&prov, szKeySet, NULL, PROV_RSA_FULL, 0);
ok(ret, "CryptAcquireContextA failed: %08x\n", GetLastError());
ret = pCryptImportKey(prov, (LPBYTE)privKey, sizeof(privKey), 0, 0, &key);
ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
ret = pCryptCreateHash(prov, CALG_MD5, 0, 0, &hash);
ok(ret, "CryptCreateHash failed: %08x\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pCryptVerifySignatureW(hash, NULL, 0, 0, NULL, 0);
ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
"Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pCryptVerifySignatureW(0, NULL, 0, key, NULL, 0);
ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER,
"Expected ERROR_INVALID_PARAMETER, got %08x\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pCryptVerifySignatureW(hash, NULL, 0, key, NULL, 0);
ok(!ret && (GetLastError() == NTE_BAD_SIGNATURE ||
GetLastError() == ERROR_INVALID_PARAMETER),
"Expected NTE_BAD_SIGNATURE or ERROR_INVALID_PARAMETER, got %08x\n",
GetLastError());
SetLastError(0xdeadbeef);
ret = pCryptVerifySignatureW(hash, NULL, sizeof(bogus), key, NULL, 0);
ok(!ret && (GetLastError() == NTE_BAD_SIGNATURE ||
GetLastError() == ERROR_INVALID_PARAMETER),
"Expected NTE_BAD_SIGNATURE or ERROR_INVALID_PARAMETER, got %08x\n",
GetLastError());
SetLastError(0xdeadbeef);
ret = pCryptVerifySignatureW(hash, bogus, 0, key, NULL, 0);
ok(!ret && GetLastError() == NTE_BAD_SIGNATURE,
"Expected NTE_BAD_SIGNATURE, got %08x\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pCryptVerifySignatureW(hash, bogus, sizeof(bogus), key, NULL, 0);
ok(!ret && GetLastError() == NTE_BAD_SIGNATURE,
"Expected NTE_BAD_SIGNATURE, got %08x\n", GetLastError());
pCryptDestroyKey(key);
pCryptDestroyHash(hash);
pCryptReleaseContext(prov, 0);
}
static void test_incorrect_api_usage(void)
{
BOOL result;
HCRYPTPROV hProv, hProv2;
HCRYPTHASH hHash, hHash2;
HCRYPTKEY hKey, hKey2;
BYTE temp;
DWORD dwLen, dwTemp;
/* This is to document incorrect api usage in the
* "Uru - Ages beyond Myst Demo" installer as reported by Paul Vriens.
*
* The installer destroys a hash object after having released the context
* with which the hash was created. This is not allowed according to MSDN,
* since CryptReleaseContext destroys all hash and key objects belonging to
* the respective context. However, while wine used to crash, Windows is more
* robust here and returns an ERROR_INVALID_PARAMETER code.
*/
result = pCryptAcquireContextA(&hProv, szBadKeySet, szRsaBaseProv,
PROV_RSA_FULL, CRYPT_NEWKEYSET);
ok (result, "%08x\n", GetLastError());
if (!result) return;
result = pCryptCreateHash(hProv, CALG_SHA, 0, 0, &hHash);
ok (result, "%d\n", GetLastError());
if (!result) return;
pCryptDestroyHash(hHash);
result = pCryptGenKey(hProv, CALG_RC4, 0, &hKey);
ok (result, "%d\n", GetLastError());
if (!result) return;
result = pCryptGenKey(hProv, CALG_RC4, 0, &hKey2);
ok (result, "%d\n", GetLastError());
if (!result) return;
result = pCryptDestroyKey(hKey2);
ok (result, "%d\n", GetLastError());
dwTemp = CRYPT_MODE_ECB;
result = pCryptSetKeyParam(hKey2, KP_MODE, (BYTE*)&dwTemp, sizeof(DWORD));
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptAcquireContextA(&hProv2, szBadKeySet, NULL, PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
ok (result, "%d\n", GetLastError());
if (!result) return;
result = pCryptReleaseContext(hProv, 0);
ok (result, "%d\n", GetLastError());
if (!result) return;
result = pCryptReleaseContext(hProv, 0);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptGenRandom(hProv, 1, &temp);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
#ifdef CRASHES_ON_NT40
result = pCryptContextAddRef(hProv, NULL, 0);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
#endif
result = pCryptCreateHash(hProv, CALG_SHA, 0, 0, &hHash2);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
dwLen = 1;
result = pCryptDecrypt(hKey, 0, TRUE, 0, &temp, &dwLen);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
dwLen = 1;
result = pCryptEncrypt(hKey, 0, TRUE, 0, &temp, &dwLen, 1);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptDeriveKey(hProv, CALG_RC4, hHash, 0, &hKey2);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
#ifdef CRASHES_ON_NT40
result = pCryptDuplicateHash(hHash, NULL, 0, &hHash2);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptDuplicateKey(hKey, NULL, 0, &hKey2);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
#endif
dwLen = 1;
result = pCryptExportKey(hKey, 0, 0, 0, &temp, &dwLen);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptGenKey(hProv, CALG_RC4, 0, &hKey2);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
dwLen = 1;
result = pCryptGetHashParam(hHash, 0, &temp, &dwLen, 0);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
dwLen = 1;
result = pCryptGetKeyParam(hKey, 0, &temp, &dwLen, 0);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
dwLen = 1;
result = pCryptGetProvParam(hProv, 0, &temp, &dwLen, 0);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptGetUserKey(hProv, 0, &hKey2);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptHashData(hHash, &temp, 1, 0);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptHashSessionKey(hHash, hKey, 0);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptImportKey(hProv, &temp, 1, 0, 0, &hKey2);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
if (pCryptSignHashW)
{
dwLen = 1;
result = pCryptSignHashW(hHash, 0, NULL, 0, &temp, &dwLen);
ok (!result && (GetLastError() == ERROR_INVALID_PARAMETER ||
GetLastError() == ERROR_CALL_NOT_IMPLEMENTED), "%d\n", GetLastError());
}
else
win_skip("CryptSignHashW is not available\n");
result = pCryptSetKeyParam(hKey, 0, &temp, 1);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptSetHashParam(hHash, 0, &temp, 1);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptSetProvParam(hProv, 0, &temp, 1);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
if (pCryptVerifySignatureW)
{
result = pCryptVerifySignatureW(hHash, &temp, 1, hKey, NULL, 0);
ok (!result && (GetLastError() == ERROR_INVALID_PARAMETER ||
GetLastError() == ERROR_CALL_NOT_IMPLEMENTED), "%d\n", GetLastError());
}
else
win_skip("CryptVerifySignatureW is not available\n");
result = pCryptDestroyHash(hHash);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
result = pCryptDestroyKey(hKey);
ok (!result && GetLastError() == ERROR_INVALID_PARAMETER, "%d\n", GetLastError());
}
static void testAcquireSecurityContext(void)
{
SECURITY_STATUS st;
CredHandle cred;
TimeStamp exp;
SCHANNEL_CRED schanCred;
PCCERT_CONTEXT certs[2];
HCRYPTPROV csp;
static CHAR unisp_name_a[] = UNISP_NAME_A;
WCHAR ms_def_prov_w[MAX_PATH];
BOOL ret;
HCRYPTKEY key;
CRYPT_KEY_PROV_INFO keyProvInfo;
if (!pAcquireCredentialsHandleA || !pCertCreateCertificateContext ||
!pFreeCredentialsHandle || !pCryptAcquireContextW)
{
skip("Needed functions are not available\n");
return;
}
lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
keyProvInfo.pwszContainerName = cspNameW;
keyProvInfo.pwszProvName = ms_def_prov_w;
keyProvInfo.dwProvType = PROV_RSA_FULL;
keyProvInfo.dwFlags = 0;
keyProvInfo.cProvParam = 0;
keyProvInfo.rgProvParam = NULL;
keyProvInfo.dwKeySpec = AT_SIGNATURE;
certs[0] = pCertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
sizeof(bigCert));
certs[1] = pCertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert,
sizeof(selfSignedCert));
pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
st = pAcquireCredentialsHandleA(NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL,
NULL);
ok(st == SEC_E_SECPKG_NOT_FOUND,
"Expected SEC_E_SECPKG_NOT_FOUND, got %08x\n", st);
if (0)
{
/* Crashes on Win2K */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, 0, NULL, NULL, NULL,
NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
st);
}
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_BOTH, NULL,
NULL, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, NULL, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
st);
if (0)
{
/* Crashes */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, NULL, NULL);
}
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
memset(&cred, 0, sizeof(cred));
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, &cred, &exp);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
/* expriy is indeterminate in win2k3 */
trace("expiry: %08lx%08lx\n", exp.HighPart, exp.LowPart);
pFreeCredentialsHandle(&cred);
/* Bad version in SCHANNEL_CRED */
memset(&schanCred, 0, sizeof(schanCred));
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_INTERNAL_ERROR, "Expected SEC_E_INTERNAL_ERROR, got %08x\n",
st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_INTERNAL_ERROR, "Expected SEC_E_INTERNAL_ERROR, got %08x\n",
st);
/* No cert in SCHANNEL_CRED succeeds for outbound.. */
schanCred.dwVersion = SCHANNEL_CRED_VERSION;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
/* but fails for inbound. */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n",
st);
if (0)
{
/* Crashes with bad paCred pointer */
schanCred.cCreds = 1;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
}
/* Bogus cert in SCHANNEL_CRED. Windows fails with
* SEC_E_UNKNOWN_CREDENTIALS, but I'll accept SEC_E_NO_CREDENTIALS too.
*/
schanCred.cCreds = 1;
schanCred.paCred = &certs[0];
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || SEC_E_NO_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n",
st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || SEC_E_NO_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n",
st);
/* Good cert, but missing private key. Windows fails with
* SEC_E_NO_CREDENTIALS, but I'll accept SEC_E_UNKNOWN_CREDENTIALS too.
*/
schanCred.cCreds = 1;
schanCred.paCred = &certs[1];
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || SEC_E_NO_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n",
st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || SEC_E_NO_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_NO_CREDENTIALS, got %08x\n",
st);
/* Good cert, with CRYPT_KEY_PROV_INFO set before it's had a key loaded. */
if (pCertSetCertificateContextProperty)
{
ret = pCertSetCertificateContextProperty(certs[1],
CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo);
schanCred.dwVersion = SCH_CRED_V3;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
}
ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_NEWKEYSET);
ok(ret, "CryptAcquireContextW failed: %08x\n", GetLastError());
ret = 0;
if (pCryptImportKey)
{
ret = pCryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
}
if (ret)
{
PCCERT_CONTEXT tmp;
if (0)
{
/* Crashes */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
}
/* Good cert with private key, bogus version */
schanCred.dwVersion = SCH_CRED_V1;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR,
"Expected SEC_E_INTERNAL_ERROR, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR,
"Expected SEC_E_INTERNAL_ERROR, got %08x\n", st);
schanCred.dwVersion = SCH_CRED_V2;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR,
"Expected SEC_E_INTERNAL_ERROR, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR,
"Expected SEC_E_INTERNAL_ERROR, got %08x\n", st);
/* Succeeds on V3 or higher */
schanCred.dwVersion = SCH_CRED_V3;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK ||
st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
"AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
schanCred.dwVersion = SCHANNEL_CRED_VERSION;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK ||
st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
"AcquireCredentialsHandleA failed: %08x\n", st);
if (st == SEC_E_OK) test_strength(&cred);
pFreeCredentialsHandle(&cred);
/* How about more than one cert? */
schanCred.cCreds = 2;
schanCred.paCred = certs;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
tmp = certs[0];
certs[0] = certs[1];
certs[1] = tmp;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
/* FIXME: what about two valid certs? */
if (pCryptDestroyKey)
pCryptDestroyKey(key);
}
if (pCryptReleaseContext)
pCryptReleaseContext(csp, 0);
pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
if (pCertFreeCertificateContext)
{
pCertFreeCertificateContext(certs[0]);
pCertFreeCertificateContext(certs[1]);
}
}
TDigest::~TDigest()
{
if (hHash) pCryptDestroyHash(hHash);
if (hProv) pCryptReleaseContext(hProv, 0);
}
static void testAcquireSecurityContext(void)
{
BOOL has_schannel = FALSE;
SecPkgInfoA *package_info;
ULONG i;
SECURITY_STATUS st;
CredHandle cred;
SecPkgCredentials_NamesA names;
TimeStamp exp;
SCHANNEL_CRED schanCred;
PCCERT_CONTEXT certs[2];
HCRYPTPROV csp;
WCHAR ms_def_prov_w[MAX_PATH];
BOOL ret;
HCRYPTKEY key;
CRYPT_KEY_PROV_INFO keyProvInfo;
if (!pAcquireCredentialsHandleA || !pCertCreateCertificateContext ||
!pEnumerateSecurityPackagesA || !pFreeContextBuffer ||
!pFreeCredentialsHandle || !pCryptAcquireContextW)
{
win_skip("Needed functions are not available\n");
return;
}
if (SUCCEEDED(pEnumerateSecurityPackagesA(&i, &package_info)))
{
while(i--)
{
if (!strcmp(package_info[i].Name, unisp_name_a))
{
has_schannel = TRUE;
break;
}
}
pFreeContextBuffer(package_info);
}
if (!has_schannel)
{
skip("Schannel not available\n");
return;
}
lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
keyProvInfo.pwszContainerName = cspNameW;
keyProvInfo.pwszProvName = ms_def_prov_w;
keyProvInfo.dwProvType = PROV_RSA_FULL;
keyProvInfo.dwFlags = 0;
keyProvInfo.cProvParam = 0;
keyProvInfo.rgProvParam = NULL;
keyProvInfo.dwKeySpec = AT_SIGNATURE;
certs[0] = pCertCreateCertificateContext(X509_ASN_ENCODING, bigCert,
sizeof(bigCert));
certs[1] = pCertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert,
sizeof(selfSignedCert));
SetLastError(0xdeadbeef);
ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
if (!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
{
/* WinMe would crash on some tests */
win_skip("CryptAcquireContextW is not implemented\n");
return;
}
st = pAcquireCredentialsHandleA(NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL,
NULL);
ok(st == SEC_E_SECPKG_NOT_FOUND,
"Expected SEC_E_SECPKG_NOT_FOUND, got %08x\n", st);
if (0)
{
/* Crashes on Win2K */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, 0, NULL, NULL, NULL,
NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
/* Crashes on WinNT */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_BOTH, NULL,
NULL, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, NULL, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
/* Crashes */
pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, NULL, NULL);
}
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
if(st == SEC_E_OK)
pFreeCredentialsHandle(&cred);
memset(&cred, 0, sizeof(cred));
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, &cred, &exp);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
/* expriy is indeterminate in win2k3 */
trace("expiry: %08x%08x\n", exp.HighPart, exp.LowPart);
st = pQueryCredentialsAttributesA(&cred, SECPKG_CRED_ATTR_NAMES, &names);
ok(st == SEC_E_NO_CREDENTIALS || st == SEC_E_UNSUPPORTED_FUNCTION /* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
pFreeCredentialsHandle(&cred);
/* Bad version in SCHANNEL_CRED */
memset(&schanCred, 0, sizeof(schanCred));
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
/* No cert in SCHANNEL_CRED succeeds for outbound.. */
schanCred.dwVersion = SCHANNEL_CRED_VERSION;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
/* but fails for inbound. */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_OK /* Vista/win2k8 */,
"Expected SEC_E_NO_CREDENTIALS or SEC_E_OK, got %08x\n", st);
if (0)
{
/* Crashes with bad paCred pointer */
schanCred.cCreds = 1;
pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
}
/* Bogus cert in SCHANNEL_CRED. Windows fails with
* SEC_E_UNKNOWN_CREDENTIALS, but I'll accept SEC_E_NO_CREDENTIALS too.
*/
schanCred.cCreds = 1;
schanCred.paCred = &certs[0];
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
/* Good cert, but missing private key. Windows fails with
* SEC_E_NO_CREDENTIALS, but I'll accept SEC_E_UNKNOWN_CREDENTIALS too.
*/
schanCred.cCreds = 1;
schanCred.paCred = &certs[1];
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INTERNAL_ERROR, /* win2k */
"Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
"or SEC_E_INTERNAL_ERROR, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INTERNAL_ERROR, /* win2k */
"Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
"or SEC_E_INTERNAL_ERROR, got %08x\n", st);
/* Good cert, with CRYPT_KEY_PROV_INFO set before it's had a key loaded. */
if (pCertSetCertificateContextProperty)
{
ret = pCertSetCertificateContextProperty(certs[1],
CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo);
schanCred.dwVersion = SCH_CRED_V3;
ok(ret, "CertSetCertificateContextProperty failed: %08x\n", GetLastError());
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
}
ret = pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_NEWKEYSET);
ok(ret, "CryptAcquireContextW failed: %08x\n", GetLastError());
ret = 0;
if (pCryptImportKey)
{
ret = pCryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
}
if (ret)
{
PCCERT_CONTEXT tmp;
if (0)
{
/* Crashes */
pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
/* Crashes on WinNT */
/* Good cert with private key, bogus version */
schanCred.dwVersion = SCH_CRED_V1;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
schanCred.dwVersion = SCH_CRED_V2;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
}
/* Succeeds on V3 or higher */
schanCred.dwVersion = SCH_CRED_V3;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK ||
st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
"AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
schanCred.dwVersion = SCHANNEL_CRED_VERSION;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK ||
st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
"AcquireCredentialsHandleA failed: %08x\n", st);
if (st == SEC_E_OK) test_strength(&cred);
pFreeCredentialsHandle(&cred);
/* How about more than one cert? */
schanCred.cCreds = 2;
schanCred.paCred = certs;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS /* Vista/win2k8 */ ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
tmp = certs[0];
certs[0] = certs[1];
certs[1] = tmp;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
/* FIXME: what about two valid certs? */
if (pCryptDestroyKey)
pCryptDestroyKey(key);
}
if (pCryptReleaseContext)
pCryptReleaseContext(csp, 0);
pCryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
if (pCertFreeCertificateContext)
{
pCertFreeCertificateContext(certs[0]);
pCertFreeCertificateContext(certs[1]);
}
}
