From 4954f5c64c24a975ee40fa2a19109c64aaf5fca3 Mon Sep 17 00:00:00 2001 From: Alistair Leslie-Hughes Date: Sat, 24 Mar 2018 16:19:54 +1100 Subject: [PATCH] Rebase against 5946973021285dd6ecb8df224956fea4817f8fed --- ...sh-in-tests-when-compiling-without-g.patch | 10 +- ...Implement-support-for-ECB-chain-mode.patch | 379 ------------------ ...support-for-192-and-256-bit-aes-keys.patch | 98 ----- ...rypt-Preparation-for-asymmetric-keys.patch | 91 +++-- ...crypt-tests-Add-basic-test-for-ecdsa.patch | 109 ----- ...pt-Implement-importing-of-ecdsa-keys.patch | 35 +- ...-BCryptVerifySignature-for-ecdsa-sig.patch | 18 +- ...mplementation-for-RSA-key-import-and.patch | 32 +- ...bcrypt-tests-Add-simple-test-for-RSA.patch | 10 +- ...l-ECCKEY_BLOB-struct-in-BCryptImport.patch | 12 +- patches/patchinstall.sh | 8 +- 11 files changed, 100 insertions(+), 702 deletions(-) delete mode 100644 patches/bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch delete mode 100644 patches/bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch delete mode 100644 patches/bcrypt-Improvements/0032-bcrypt-tests-Add-basic-test-for-ecdsa.patch diff --git a/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch b/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch index a99f063f..e99b318d 100644 --- a/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch +++ b/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch @@ -1,4 +1,4 @@ -From facd838db32bcb086711fda48a7ae9d5419a2d3c Mon Sep 17 00:00:00 2001 +From fc180bdd73c68e855e82b2b285b9b4b16ec8ccad Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Mon, 26 Dec 2016 16:20:57 +0100 Subject: [PATCH] bcrypt: Avoid crash in tests when compiling without gnutls @@ -9,10 +9,10 @@ Subject: [PATCH] bcrypt: Avoid crash in tests when compiling without gnutls 1 file changed, 5 insertions(+) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index e05e94c..81dce08 100644 +index 69d5129a7d4..978a31fd48e 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c -@@ -1293,9 +1293,12 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ +@@ -1351,9 +1351,12 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ TRACE( "%p, %p, %p, %u, %p, %u, %08x\n", algorithm, handle, object, object_len, secret, secret_len, flags ); if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; @@ -25,7 +25,7 @@ index e05e94c..81dce08 100644 key->hdr.magic = MAGIC_KEY; if ((status = key_init( key, alg, secret, secret_len ))) -@@ -1383,6 +1386,8 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE +@@ -1441,6 +1444,8 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE if (!key_orig || key_orig->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE; if (!handle_copy) return STATUS_INVALID_PARAMETER; @@ -35,5 +35,5 @@ index e05e94c..81dce08 100644 if ((status = key_duplicate( key_orig, key_copy ))) -- -1.9.1 +2.16.2 diff --git a/patches/bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch b/patches/bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch deleted file mode 100644 index ff1ec18e..00000000 --- a/patches/bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch +++ /dev/null @@ -1,379 +0,0 @@ -From e0586d6d6fcfeb9e49e53eb3470678131bc0b469 Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Sun, 5 Mar 2017 23:18:03 +0100 -Subject: [PATCH 26/36] bcrypt: Implement support for ECB chain mode. - ---- - dlls/bcrypt/bcrypt_main.c | 43 ++++++++-- - dlls/bcrypt/tests/bcrypt.c | 210 +++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 244 insertions(+), 9 deletions(-) - -diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 1839edc..8dc1e7b 100644 ---- a/dlls/bcrypt/bcrypt_main.c -+++ b/dlls/bcrypt/bcrypt_main.c -@@ -225,6 +225,7 @@ enum alg_id - - enum mode_id - { -+ MODE_ID_ECB, - MODE_ID_CBC, - MODE_ID_GCM - }; -@@ -577,8 +578,9 @@ static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop - const WCHAR *mode; - switch (alg->mode) - { -- case MODE_ID_GCM: mode = BCRYPT_CHAIN_MODE_GCM; break; -+ case MODE_ID_ECB: mode = BCRYPT_CHAIN_MODE_ECB; break; - case MODE_ID_CBC: mode = BCRYPT_CHAIN_MODE_CBC; break; -+ case MODE_ID_GCM: mode = BCRYPT_CHAIN_MODE_GCM; break; - default: return STATUS_NOT_IMPLEMENTED; - } - -@@ -631,7 +633,12 @@ static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHA - case ALG_ID_AES: - if (!strcmpW( prop, BCRYPT_CHAINING_MODE )) - { -- if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size )) -+ if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB, size )) -+ { -+ alg->mode = MODE_ID_ECB; -+ return STATUS_SUCCESS; -+ } -+ else if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size )) - { - alg->mode = MODE_ID_CBC; - return STATUS_SUCCESS; -@@ -990,7 +997,12 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val - { - if (!strcmpW( prop, BCRYPT_CHAINING_MODE )) - { -- if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size )) -+ if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB, size )) -+ { -+ key->mode = MODE_ID_ECB; -+ return STATUS_SUCCESS; -+ } -+ else if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size )) - { - key->mode = MODE_ID_CBC; - return STATUS_SUCCESS; -@@ -1020,6 +1032,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) - switch (key->mode) - { - case MODE_ID_GCM: return GNUTLS_CIPHER_AES_128_GCM; -+ case MODE_ID_ECB: /* can be emulated with CBC + empty IV */ - case MODE_ID_CBC: - default: return GNUTLS_CIPHER_AES_128_CBC; - } -@@ -1031,6 +1044,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) - - static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) - { -+ static const UCHAR zero_iv[16]; - gnutls_cipher_algorithm_t cipher; - gnutls_datum_t secret, vector; - int ret; -@@ -1044,15 +1058,18 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) - if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN) - return STATUS_NOT_SUPPORTED; - -- secret.data = key->secret; -- secret.size = key->secret_len; -- if (iv) -+ if (!iv) - { -- vector.data = iv; -- vector.size = iv_len; -+ iv = (UCHAR *)zero_iv; -+ iv_len = sizeof(zero_iv); - } - -- if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, iv ? &vector : NULL ))) -+ secret.data = key->secret; -+ secret.size = key->secret_len; -+ vector.data = iv; -+ vector.size = iv_len; -+ -+ if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, &vector ))) - { - pgnutls_perror( ret ); - return STATUS_INTERNAL_ERROR; -@@ -1523,11 +1540,15 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp - if (!output) return STATUS_SUCCESS; - if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; - -+ if (key->mode == MODE_ID_ECB && iv) -+ return STATUS_INVALID_PARAMETER; -+ - src = input; - dst = output; - while (bytes_left >= key->block_size) - { - if ((status = key_encrypt( key, src, key->block_size, dst, key->block_size ))) return status; -+ if (key->mode == MODE_ID_ECB && (status = key_set_params( key, iv, iv_len ))) return status; - bytes_left -= key->block_size; - src += key->block_size; - dst += key->block_size; -@@ -1610,11 +1631,15 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp - else if (output_len < *ret_len) - return STATUS_BUFFER_TOO_SMALL; - -+ if (key->mode == MODE_ID_ECB && iv) -+ return STATUS_INVALID_PARAMETER; -+ - src = input; - dst = output; - while (bytes_left >= key->block_size) - { - if ((status = key_decrypt( key, src, key->block_size, dst, key->block_size ))) return status; -+ if (key->mode == MODE_ID_ECB && (status = key_set_params( key, iv, iv_len ))) return status; - bytes_left -= key->block_size; - src += key->block_size; - dst += key->block_size; -diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index bd22b80..81345a5 100644 ---- a/dlls/bcrypt/tests/bcrypt.c -+++ b/dlls/bcrypt/tests/bcrypt.c -@@ -634,6 +634,15 @@ static void test_BCryptEncrypt(void) - static UCHAR expected4[] = - {0xe1,0x82,0xc3,0xc0,0x24,0xfb,0x86,0x85,0xf3,0xf1,0x2b,0x7d,0x09,0xb4,0x73,0x67, - 0x86,0x64,0xc3,0xfe,0xa3,0x07,0x61,0xf8,0x16,0xc9,0x78,0x7f,0xe7,0xb1,0xc4,0x94}; -+ static UCHAR expected5[] = -+ {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a}; -+ static UCHAR expected6[] = -+ {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a, -+ 0x84,0x07,0x66,0xb7,0x49,0xc0,0x9b,0x49,0x74,0x28,0x8c,0x10,0xb9,0xc2,0x09,0x70}; -+ static UCHAR expected7[] = -+ {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a, -+ 0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99, -+ 0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99}; - static UCHAR expected_tag[] = - {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0}; - static UCHAR expected_tag2[] = -@@ -846,6 +855,97 @@ static void test_BCryptEncrypt(void) - ok(ret == STATUS_SUCCESS, "got %08x\n", ret); - HeapFree(GetProcessHeap(), 0, buf); - -+ /****************** -+ * AES - ECB mode * -+ ******************/ -+ -+ ret = BCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR*)BCRYPT_CHAIN_MODE_ECB, sizeof(BCRYPT_CHAIN_MODE_ECB), 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ -+ len = 0xdeadbeef; -+ size = sizeof(len); -+ ret = pBCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ -+ buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len); -+ ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret, sizeof(secret), 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ -+ /* initialization vector is not allowed */ -+ size = 0; -+ memcpy(ivbuf, iv, sizeof(iv)); -+ ret = pBCryptEncrypt(key, data, 16, NULL, ivbuf, 16, ciphertext, 16, &size, 0); -+ ok(ret == STATUS_INVALID_PARAMETER, "got %08x\n", ret); -+ ok(size == 16, "got %u\n", size); -+ -+ /* input size is a multiple of block size */ -+ size = 0; -+ ret = pBCryptEncrypt(key, data, 16, NULL, NULL, 16, NULL, 0, &size, 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 16, "got %u\n", size); -+ -+ size = 0; -+ memset(ciphertext, 0, sizeof(ciphertext)); -+ ret = pBCryptEncrypt(key, data, 16, NULL, NULL, 16, ciphertext, 16, &size, 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 16, "got %u\n", size); -+ ok(!memcmp(ciphertext, expected5, sizeof(expected5)), "wrong data\n"); -+ for (i = 0; i < 16; i++) -+ ok(ciphertext[i] == expected5[i], "%u: %02x != %02x\n", i, ciphertext[i], expected5[i]); -+ -+ /* input size is not a multiple of block size */ -+ size = 0; -+ ret = pBCryptEncrypt(key, data, 17, NULL, NULL, 16, NULL, 0, &size, 0); -+ ok(ret == STATUS_INVALID_BUFFER_SIZE, "got %08x\n", ret); -+ ok(size == 17, "got %u\n", size); -+ -+ /* input size is not a multiple of block size, block padding set */ -+ size = 0; -+ ret = pBCryptEncrypt(key, data, 17, NULL, NULL, 16, NULL, 0, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 32, "got %u\n", size); -+ -+ size = 0; -+ memset(ciphertext, 0, sizeof(ciphertext)); -+ ret = pBCryptEncrypt(key, data, 17, NULL, NULL, 16, ciphertext, 32, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 32, "got %u\n", size); -+ ok(!memcmp(ciphertext, expected6, sizeof(expected6)), "wrong data\n"); -+ for (i = 0; i < 32; i++) -+ ok(ciphertext[i] == expected6[i], "%u: %02x != %02x\n", i, ciphertext[i], expected6[i]); -+ -+ /* input size is a multiple of block size, block padding set */ -+ size = 0; -+ ret = pBCryptEncrypt(key, data2, 32, NULL, NULL, 16, NULL, 0, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 48, "got %u\n", size); -+ -+ size = 0; -+ memset(ciphertext, 0, sizeof(ciphertext)); -+ ret = pBCryptEncrypt(key, data2, 32, NULL, NULL, 16, ciphertext, 48, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 48, "got %u\n", size); -+ ok(!memcmp(ciphertext, expected7, sizeof(expected7)), "wrong data\n"); -+ for (i = 0; i < 48; i++) -+ ok(ciphertext[i] == expected7[i], "%u: %02x != %02x\n", i, ciphertext[i], expected7[i]); -+ -+ /* output size too small */ -+ size = 0; -+ memset(ciphertext, 0, sizeof(ciphertext)); -+ ret = pBCryptEncrypt(key, data, 17, NULL, NULL, 16, ciphertext, 31, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret); -+ ok(size == 32, "got %u\n", size); -+ -+ size = 0; -+ memset(ciphertext, 0, sizeof(ciphertext)); -+ ret = pBCryptEncrypt(key, data2, 32, NULL, NULL, 16, ciphertext, 32, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret); -+ ok(size == 48, "got %u\n", size); -+ -+ ret = pBCryptDestroyKey(key); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ HeapFree(GetProcessHeap(), 0, buf); -+ - ret = pBCryptCloseAlgorithmProvider(aes, 0); - ok(ret == STATUS_SUCCESS, "got %08x\n", ret); - } -@@ -880,6 +980,13 @@ static void test_BCryptDecrypt(void) - static UCHAR ciphertext4[] = - {0xe1,0x82,0xc3,0xc0,0x24,0xfb,0x86,0x85,0xf3,0xf1,0x2b,0x7d,0x09,0xb4,0x73,0x67, - 0x86,0x64,0xc3,0xfe,0xa3,0x07,0x61,0xf8,0x16,0xc9,0x78,0x7f,0xe7,0xb1,0xc4,0x94}; -+ static UCHAR ciphertext5[] = -+ {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a, -+ 0x84,0x07,0x66,0xb7,0x49,0xc0,0x9b,0x49,0x74,0x28,0x8c,0x10,0xb9,0xc2,0x09,0x70}; -+ static UCHAR ciphertext6[] = -+ {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a, -+ 0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99, -+ 0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99}; - static UCHAR tag[] = - {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0}; - static UCHAR tag2[] = -@@ -1058,6 +1165,109 @@ static void test_BCryptDecrypt(void) - ok(ret == STATUS_SUCCESS, "got %08x\n", ret); - HeapFree(GetProcessHeap(), 0, buf); - -+ /****************** -+ * AES - ECB mode * -+ ******************/ -+ -+ ret = BCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR*)BCRYPT_CHAIN_MODE_ECB, sizeof(BCRYPT_CHAIN_MODE_ECB), 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ -+ len = 0xdeadbeef; -+ size = sizeof(len); -+ ret = pBCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ -+ buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len); -+ ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret, sizeof(secret), 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ -+ /* initialization vector is not allowed */ -+ size = 0; -+ memcpy(ivbuf, iv, sizeof(iv)); -+ ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, ivbuf, 16, plaintext, 32, &size, 0); -+ ok(ret == STATUS_INVALID_PARAMETER, "got %08x\n", ret); -+ ok(size == 32, "got %u\n", size); -+ -+ /* input size is a multiple of block size */ -+ size = 0; -+ ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, NULL, 0, &size, 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 32, "got %u\n", size); -+ -+ size = 0; -+ memset(plaintext, 0, sizeof(plaintext)); -+ ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, plaintext, 32, &size, 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 32, "got %u\n", size); -+ ok(!memcmp(plaintext, expected, sizeof(expected)), "wrong data\n"); -+ -+ /* test with padding smaller than block size */ -+ size = 0; -+ ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, NULL, 0, &size, 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 32, "got %u\n", size); -+ -+ size = 0; -+ memset(plaintext, 0, sizeof(plaintext)); -+ ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, plaintext, 17, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 17, "got %u\n", size); -+ ok(!memcmp(plaintext, expected2, sizeof(expected2)), "wrong data\n"); -+ -+ /* test with padding of block size */ -+ size = 0; -+ ret = pBCryptDecrypt(key, ciphertext6, 48, NULL, NULL, 16, NULL, 0, &size, 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 48, "got %u\n", size); -+ -+ size = 0; -+ memset(plaintext, 0, sizeof(plaintext)); -+ ret = pBCryptDecrypt(key, ciphertext6, 48, NULL, NULL, 16, plaintext, 32, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 32, "got %u\n", size); -+ ok(!memcmp(plaintext, expected3, sizeof(expected3)), "wrong data\n"); -+ -+ /* output size too small */ -+ size = 0; -+ ret = pBCryptDecrypt(key, ciphertext4, 32, NULL, NULL, 16, plaintext, 31, &size, 0); -+ ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret); -+ ok(size == 32, "got %u\n", size); -+ -+ size = 0; -+ ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, plaintext, 15, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret); -+ ok(size == 32, "got %u\n", size); -+ -+ size = 0; -+ ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, plaintext, 16, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret); -+ ok(size == 17, "got %u\n", size); -+ -+ size = 0; -+ ret = pBCryptDecrypt(key, ciphertext6, 48, NULL, NULL, 16, plaintext, 31, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret); -+ ok(size == 48, "got %u\n", size); -+ -+ /* input size is not a multiple of block size */ -+ size = 0; -+ ret = pBCryptDecrypt(key, ciphertext4, 17, NULL, NULL, 16, NULL, 0, &size, 0); -+ ok(ret == STATUS_INVALID_BUFFER_SIZE, "got %08x\n", ret); -+ ok(size == 17 || broken(size == 0 /* Win < 7 */), "got %u\n", size); -+ -+ /* input size is not a multiple of block size, block padding set */ -+ size = 0; -+ ret = pBCryptDecrypt(key, ciphertext4, 17, NULL, NULL, 16, NULL, 0, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_INVALID_BUFFER_SIZE, "got %08x\n", ret); -+ ok(size == 17 || broken(size == 0 /* Win < 7 */), "got %u\n", size); -+ -+ ret = pBCryptDestroyKey(key); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ HeapFree(GetProcessHeap(), 0, buf); -+ -+ ret = pBCryptDestroyKey(key); -+ ok(ret == STATUS_INVALID_HANDLE, "got %08x\n", ret); -+ HeapFree(GetProcessHeap(), 0, buf); -+ - ret = pBCryptCloseAlgorithmProvider(aes, 0); - ok(ret == STATUS_SUCCESS, "got %08x\n", ret); - } --- -2.7.4 - diff --git a/patches/bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch b/patches/bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch deleted file mode 100644 index 071ebd21..00000000 --- a/patches/bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 6bd98b26d6448c2a0cddd934f91bad42fe0fc9a0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Sun, 13 Aug 2017 05:04:21 +0200 -Subject: [PATCH] bcrypt: Add support for 192 and 256 bit aes keys. - ---- - dlls/bcrypt/bcrypt_main.c | 14 ++++++++++++-- - dlls/bcrypt/tests/bcrypt.c | 32 ++++++++++++++++++++++++++++++++ - 2 files changed, 44 insertions(+), 2 deletions(-) - -diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 9fb2268..2e6ed8b 100644 ---- a/dlls/bcrypt/bcrypt_main.c -+++ b/dlls/bcrypt/bcrypt_main.c -@@ -1002,11 +1002,21 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) - WARN( "handle block size\n" ); - switch (key->mode) - { -- case MODE_ID_GCM: return GNUTLS_CIPHER_AES_128_GCM; -+ case MODE_ID_GCM: -+ if (key->secret_len == 16) return GNUTLS_CIPHER_AES_128_GCM; -+ if (key->secret_len == 32) return GNUTLS_CIPHER_AES_256_GCM; -+ break; - case MODE_ID_ECB: /* can be emulated with CBC + empty IV */ - case MODE_ID_CBC: -- default: return GNUTLS_CIPHER_AES_128_CBC; -+ if (key->secret_len == 16) return GNUTLS_CIPHER_AES_128_CBC; -+ if (key->secret_len == 24) return GNUTLS_CIPHER_AES_192_CBC; -+ if (key->secret_len == 32) return GNUTLS_CIPHER_AES_256_CBC; -+ break; -+ default: -+ break; - } -+ FIXME( "aes mode %u with key length %u not supported\n", key->mode, key->secret_len ); -+ return GNUTLS_CIPHER_UNKNOWN; - default: - FIXME( "algorithm %u not supported\n", key->alg_id ); - return GNUTLS_CIPHER_UNKNOWN; -diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index 30fdb60..ac5fc36 100644 ---- a/dlls/bcrypt/tests/bcrypt.c -+++ b/dlls/bcrypt/tests/bcrypt.c -@@ -615,6 +615,9 @@ static void test_BCryptEncrypt(void) - {0x60,0x50,0x40,0x30,0x20,0x10,0x60,0x50,0x40,0x30,0x20,0x10}; - static UCHAR secret[] = - {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f}; -+ static UCHAR secret256[] = -+ {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, -+ 0x0f,0x0e,0x0d,0x0c,0x0b,0x0a,0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0x00}; - static UCHAR iv[] = - {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f}; - static UCHAR data[] = -@@ -643,6 +646,10 @@ static void test_BCryptEncrypt(void) - {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a, - 0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99, - 0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99}; -+ static UCHAR expected8[] = -+ {0x66,0xb8,0xbd,0xe5,0x90,0x6c,0xec,0xdf,0xfa,0x8a,0xb2,0xfd,0x92,0x84,0xeb,0xf0, -+ 0x95,0xc4,0xdf,0xa7,0x7a,0x62,0xe4,0xab,0xd4,0x0e,0x94,0x4e,0xd7,0x6e,0xa1,0x47, -+ 0x29,0x4b,0x37,0xfe,0x28,0x6d,0x5f,0x69,0x46,0x30,0x73,0xc0,0xaa,0x42,0xe4,0x46}; - static UCHAR expected_tag[] = - {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0}; - static UCHAR expected_tag2[] = -@@ -753,6 +760,31 @@ static void test_BCryptEncrypt(void) - ok(ret == STATUS_SUCCESS, "got %08x\n", ret); - HeapFree(GetProcessHeap(), 0, buf); - -+ /* 256 bit key */ -+ buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len); -+ ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret256, sizeof(secret256), 0); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ -+ size = 0; -+ memcpy(ivbuf, iv, sizeof(iv)); -+ ret = pBCryptEncrypt(key, data2, 32, NULL, ivbuf, 16, NULL, 0, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 48, "got %u\n", size); -+ -+ size = 0; -+ memcpy(ivbuf, iv, sizeof(iv)); -+ memset(ciphertext, 0, sizeof(ciphertext)); -+ ret = pBCryptEncrypt(key, data2, 32, NULL, ivbuf, 16, ciphertext, 48, &size, BCRYPT_BLOCK_PADDING); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ ok(size == 48, "got %u\n", size); -+ ok(!memcmp(ciphertext, expected8, sizeof(expected8)), "wrong data\n"); -+ for (i = 0; i < 48; i++) -+ ok(ciphertext[i] == expected8[i], "%u: %02x != %02x\n", i, ciphertext[i], expected8[i]); -+ -+ ret = pBCryptDestroyKey(key); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -+ HeapFree(GetProcessHeap(), 0, buf); -+ - /****************** - * AES - GCM mode * - ******************/ --- -1.9.1 - diff --git a/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch b/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch index 1c61834a..fe0c5f82 100644 --- a/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch +++ b/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch @@ -1,4 +1,4 @@ -From b3c2814f36f027657feb2ceb6abf1142ab7062b7 Mon Sep 17 00:00:00 2001 +From 1f6a9a71c832ecb076604f15abdfa502af37d4dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Fri, 29 Sep 2017 18:31:55 +0200 Subject: [PATCH] bcrypt: Preparation for asymmetric keys. @@ -8,7 +8,7 @@ Subject: [PATCH] bcrypt: Preparation for asymmetric keys. 1 file changed, 217 insertions(+), 129 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index c20abb8..2dd839f 100644 +index 978a31fd48e..b1f79d830c2 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -238,16 +238,17 @@ static const struct { @@ -268,14 +268,13 @@ index c20abb8..2dd839f 100644 return GNUTLS_CIPHER_UNKNOWN; default: FIXME( "algorithm %u not supported\n", key->alg_id ); -@@ -1024,17 +1082,17 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) +@@ -1024,30 +1082,30 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) } } -static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) +static NTSTATUS key_symmetric_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) { - static const UCHAR zero_iv[16]; gnutls_cipher_algorithm_t cipher; gnutls_datum_t secret, vector; int ret; @@ -290,23 +289,24 @@ index c20abb8..2dd839f 100644 } if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN) -@@ -1046,12 +1104,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) - iv_len = sizeof(zero_iv); - } + return STATUS_NOT_SUPPORTED; - secret.data = key->secret; - secret.size = key->secret_len; + secret.data = key->u.s.secret; + secret.size = key->u.s.secret_len; - vector.data = iv; - vector.size = iv_len; + if (iv) + { + vector.data = iv; + vector.size = iv_len; + } -- if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, &vector ))) +- if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, iv ? &vector : NULL ))) + if ((ret = pgnutls_cipher_init( &key->u.s.handle, cipher, &secret, &vector ))) { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1060,11 +1118,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) +@@ -1056,11 +1114,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) return STATUS_SUCCESS; } @@ -320,7 +320,7 @@ index c20abb8..2dd839f 100644 { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1073,12 +1131,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len +@@ -1069,12 +1127,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len return STATUS_SUCCESS; } @@ -335,7 +335,7 @@ index c20abb8..2dd839f 100644 { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1092,7 +1150,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le +@@ -1088,7 +1146,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le { int ret; @@ -344,7 +344,7 @@ index c20abb8..2dd839f 100644 { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1105,7 +1163,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1101,7 +1159,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) { int ret; @@ -353,7 +353,7 @@ index c20abb8..2dd839f 100644 { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1116,13 +1174,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1112,13 +1170,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) static NTSTATUS key_destroy( struct key *key ) { @@ -370,7 +370,7 @@ index c20abb8..2dd839f 100644 { UCHAR *buffer; -@@ -1144,16 +1202,16 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s +@@ -1141,16 +1199,16 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s return STATUS_NOT_SUPPORTED; } @@ -394,14 +394,17 @@ index c20abb8..2dd839f 100644 return STATUS_SUCCESS; } -@@ -1164,51 +1222,51 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val - return STATUS_NOT_IMPLEMENTED; +@@ -1192,54 +1250,54 @@ static CCMode get_cryptor_mode( struct key *key ) + } } -static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) +static NTSTATUS key_symmetric_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) { CCCryptorStatus status; + CCMode mode; + + if (!(mode = get_cryptor_mode( key ))) return STATUS_NOT_SUPPORTED; - if (key->ref_encrypt) + if (key->u.s.ref_encrypt) @@ -420,15 +423,15 @@ index c20abb8..2dd839f 100644 + key->u.s.ref_decrypt = NULL; } - if ((status = CCCryptorCreateWithMode( kCCEncrypt, kCCModeCBC, kCCAlgorithmAES128, ccNoPadding, iv, -- key->secret, key->secret_len, NULL, 0, 0, 0, &key->ref_encrypt )) != kCCSuccess) + if ((status = CCCryptorCreateWithMode( kCCEncrypt, mode, kCCAlgorithmAES128, ccNoPadding, iv, key->secret, +- key->secret_len, NULL, 0, 0, 0, &key->ref_encrypt )) != kCCSuccess) + key->u.s.secret, key->u.s.secret_len, NULL, 0, 0, 0, &key->u.s.ref_encrypt )) != kCCSuccess) { WARN( "CCCryptorCreateWithMode failed %d\n", status ); return STATUS_INTERNAL_ERROR; } - if ((status = CCCryptorCreateWithMode( kCCDecrypt, kCCModeCBC, kCCAlgorithmAES128, ccNoPadding, iv, -- key->secret, key->secret_len, NULL, 0, 0, 0, &key->ref_decrypt )) != kCCSuccess) + if ((status = CCCryptorCreateWithMode( kCCDecrypt, mode, kCCAlgorithmAES128, ccNoPadding, iv, key->secret, +- key->secret_len, NULL, 0, 0, 0, &key->ref_decrypt )) != kCCSuccess) + key->u.s.secret, key->u.s.secret_len, NULL, 0, 0, 0, &key->u.s.ref_decrypt )) != kCCSuccess) { WARN( "CCCryptorCreateWithMode failed %d\n", status ); @@ -460,7 +463,7 @@ index c20abb8..2dd839f 100644 { WARN( "CCCryptorUpdate failed %d\n", status ); return STATUS_INTERNAL_ERROR; -@@ -1222,7 +1280,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le +@@ -1253,7 +1311,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le { CCCryptorStatus status; @@ -469,7 +472,7 @@ index c20abb8..2dd839f 100644 { WARN( "CCCryptorUpdate failed %d\n", status ); return STATUS_INTERNAL_ERROR; -@@ -1239,14 +1297,14 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1270,14 +1328,14 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) static NTSTATUS key_destroy( struct key *key ) { @@ -488,7 +491,7 @@ index c20abb8..2dd839f 100644 { ERR( "support for keys not available at build time\n" ); return STATUS_NOT_IMPLEMENTED; -@@ -1264,19 +1322,19 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) +@@ -1295,19 +1353,19 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) return STATUS_NOT_IMPLEMENTED; } @@ -511,7 +514,7 @@ index c20abb8..2dd839f 100644 ULONG output_len ) { ERR( "support for keys not available at build time\n" ); -@@ -1307,6 +1365,24 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U +@@ -1338,6 +1396,24 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U ERR( "support for keys not available at build time\n" ); return STATUS_NOT_IMPLEMENTED; } @@ -536,7 +539,7 @@ index c20abb8..2dd839f 100644 #endif NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE *handle, -@@ -1328,7 +1404,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ +@@ -1359,7 +1435,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ key->hdr.magic = MAGIC_KEY; @@ -545,7 +548,7 @@ index c20abb8..2dd839f 100644 { heap_free( key ); return status; -@@ -1444,19 +1520,30 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1475,19 +1551,30 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp struct key *key = handle; ULONG bytes_left = input_len; UCHAR *buf, *src, *dst; @@ -577,7 +580,7 @@ index c20abb8..2dd839f 100644 { BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding; -@@ -1467,7 +1554,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1498,7 +1585,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (auth_info->dwFlags & BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG) FIXME( "call chaining not implemented\n" ); @@ -586,7 +589,7 @@ index c20abb8..2dd839f 100644 return status; *ret_len = input_len; -@@ -1475,46 +1562,47 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1506,44 +1593,45 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (input && !output) return STATUS_SUCCESS; if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; @@ -615,10 +618,8 @@ index c20abb8..2dd839f 100644 if (!output) return STATUS_SUCCESS; if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; - -- if (key->mode == MODE_ID_ECB && iv) -+ if (mode == MODE_ID_ECB && iv) - return STATUS_INVALID_PARAMETER; +- if (key->mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER; ++ if (mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER; src = input; dst = output; @@ -626,7 +627,7 @@ index c20abb8..2dd839f 100644 + while (bytes_left >= block_size) { - if ((status = key_encrypt( key, src, key->block_size, dst, key->block_size ))) return status; -- if (key->mode == MODE_ID_ECB && (status = key_set_params( key, iv, iv_len ))) return status; +- if (key->mode == MODE_ID_ECB && (status = key_set_params( key, NULL, 0 ))) return status; - bytes_left -= key->block_size; - src += key->block_size; - dst += key->block_size; @@ -649,7 +650,7 @@ index c20abb8..2dd839f 100644 heap_free( buf ); } -@@ -1540,7 +1628,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1569,7 +1657,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp return STATUS_NOT_IMPLEMENTED; } @@ -658,7 +659,7 @@ index c20abb8..2dd839f 100644 { BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding; UCHAR tag[16]; -@@ -1550,7 +1638,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1579,7 +1667,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (!auth_info->pbTag) return STATUS_INVALID_PARAMETER; if (auth_info->cbTag < 12 || auth_info->cbTag > 16) return STATUS_INVALID_PARAMETER; @@ -667,7 +668,7 @@ index c20abb8..2dd839f 100644 return status; *ret_len = input_len; -@@ -1558,7 +1646,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1587,7 +1675,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (!output) return STATUS_SUCCESS; if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; @@ -676,7 +677,7 @@ index c20abb8..2dd839f 100644 return status; if ((status = key_decrypt( key, input, input_len, output, output_len ))) return status; -@@ -1571,44 +1659,44 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1600,42 +1688,42 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp return STATUS_SUCCESS; } @@ -697,12 +698,10 @@ index c20abb8..2dd839f 100644 + if (input_len < key->u.s.block_size) return STATUS_BUFFER_TOO_SMALL; + bytes_left -= key->u.s.block_size; } - else if (output_len < *ret_len) - return STATUS_BUFFER_TOO_SMALL; + else if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; -- if (key->mode == MODE_ID_ECB && iv) -+ if (key->u.s.mode == MODE_ID_ECB && iv) - return STATUS_INVALID_PARAMETER; +- if (key->mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER; ++ if (key->u.s.mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER; src = input; dst = output; @@ -710,7 +709,7 @@ index c20abb8..2dd839f 100644 + while (bytes_left >= key->u.s.block_size) { - if ((status = key_decrypt( key, src, key->block_size, dst, key->block_size ))) return status; -- if (key->mode == MODE_ID_ECB && (status = key_set_params( key, iv, iv_len ))) return status; +- if (key->mode == MODE_ID_ECB && (status = key_set_params( key, NULL, 0 ))) return status; - bytes_left -= key->block_size; - src += key->block_size; - dst += key->block_size; @@ -739,5 +738,5 @@ index c20abb8..2dd839f 100644 else status = STATUS_UNSUCCESSFUL; /* FIXME: invalid padding */ -- -1.9.1 +2.16.2 diff --git a/patches/bcrypt-Improvements/0032-bcrypt-tests-Add-basic-test-for-ecdsa.patch b/patches/bcrypt-Improvements/0032-bcrypt-tests-Add-basic-test-for-ecdsa.patch deleted file mode 100644 index 339292c9..00000000 --- a/patches/bcrypt-Improvements/0032-bcrypt-tests-Add-basic-test-for-ecdsa.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 095c654875966c29472ceb56be564f689ad4f22c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Fri, 29 Sep 2017 18:50:04 +0200 -Subject: [PATCH] bcrypt/tests: Add basic test for ecdsa. - ---- - dlls/bcrypt/tests/bcrypt.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 65 insertions(+) - -diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index ac5fc36..22a0ffe 100644 ---- a/dlls/bcrypt/tests/bcrypt.c -+++ b/dlls/bcrypt/tests/bcrypt.c -@@ -50,6 +50,8 @@ static NTSTATUS (WINAPI *pBCryptDestroyKey)(BCRYPT_KEY_HANDLE); - static NTSTATUS (WINAPI *pBCryptImportKey)(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, BCRYPT_KEY_HANDLE *, - PUCHAR, ULONG, PUCHAR, ULONG, ULONG); - static NTSTATUS (WINAPI *pBCryptExportKey)(BCRYPT_KEY_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, PUCHAR, ULONG, ULONG *, ULONG); -+static NTSTATUS (WINAPI *pBCryptImportKeyPair)(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, BCRYPT_KEY_HANDLE *, UCHAR *, ULONG, ULONG); -+static NTSTATUS (WINAPI *pBCryptVerifySignature)(BCRYPT_KEY_HANDLE, VOID *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG); - - static void test_BCryptGenRandom(void) - { -@@ -1367,6 +1369,66 @@ static void test_key_import_export(void) - ok(ret == STATUS_SUCCESS, "got %08x\n", ret); - } - -+static BYTE eccPubkey[] = -+{ -+ /* X */ -+ 0x3b, 0x3c, 0x34, 0xc8, 0x3f, 0x15, 0xea, 0x02, 0x68, 0x46, 0x69, 0xdf, 0x0c, 0xa6, 0xee, 0x7a, -+ 0xd9, 0x82, 0x08, 0x9b, 0x37, 0x53, 0x42, 0xf3, 0x13, 0x63, 0xda, 0x65, 0x79, 0xe8, 0x04, 0x9e, -+ /* Y */ -+ 0x8c, 0x77, 0xc4, 0x33, 0x77, 0xd9, 0x5a, 0x7f, 0x60, 0x7b, 0x98, 0xce, 0xf3, 0x96, 0x56, 0xd6, -+ 0xb5, 0x8d, 0x87, 0x7a, 0x00, 0x2b, 0xf3, 0x70, 0xb3, 0x90, 0x73, 0xa0, 0x56, 0x06, 0x3b, 0x22, -+}; -+static BYTE certHash[] = -+{ -+ 0x28, 0x19, 0x0f, 0x15, 0x6d, 0x75, 0xcc, 0xcf, 0x62, 0xf1, 0x5e, 0xe6, 0x8a, 0xc3, 0xf0, 0x5d, -+ 0x89, 0x28, 0x2d, 0x48, 0xd8, 0x73, 0x7c, 0x05, 0x05, 0x8e, 0xbc, 0xce, 0x28, 0xb7, 0xba, 0xc9, -+}; -+static BYTE certSignature[] = -+{ -+ /* r */ -+ 0xd7, 0x29, 0xce, 0x5a, 0xef, 0x74, 0x85, 0xd1, 0x18, 0x5f, 0x6e, 0xf1, 0xba, 0x53, 0xd4, 0xcd, -+ 0xdd, 0xe0, 0x5d, 0xf1, 0x5e, 0x48, 0x51, 0xea, 0x63, 0xc0, 0xe8, 0xe2, 0xf6, 0xfa, 0x4c, 0xaf, -+ /* s */ -+ 0xe3, 0x94, 0x15, 0x3b, 0x6c, 0x71, 0x6e, 0x44, 0x22, 0xcb, 0xa0, 0x88, 0xcd, 0x0a, 0x5a, 0x50, -+ 0x29, 0x7c, 0x5c, 0xd6, 0x6c, 0xd2, 0xe0, 0x7f, 0xcd, 0x02, 0x92, 0x21, 0x4c, 0x2c, 0x92, 0xee, -+}; -+ -+static void test_ECDSA(void) -+{ -+ BYTE buffer[sizeof(BCRYPT_ECCKEY_BLOB) + sizeof(eccPubkey)]; -+ BCRYPT_ECCKEY_BLOB *ecckey = (void *)buffer; -+ BCRYPT_ALG_HANDLE alg = NULL; -+ BCRYPT_KEY_HANDLE key = NULL; -+ NTSTATUS status; -+ -+ status = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_ECDSA_P256_ALGORITHM, NULL, 0); -+ if (status) -+ { -+ todo_wine win_skip("Failed to open ECDSA provider: %08x, skipping test\n", status); -+ return; -+ } -+ -+ ecckey->dwMagic = BCRYPT_ECDSA_PUBLIC_P256_MAGIC; -+ memcpy(ecckey + 1, eccPubkey, sizeof(eccPubkey)); -+ -+ ecckey->cbKey = 2; -+ status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, &key, buffer, sizeof(buffer), 0); -+ ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", status); -+ -+ ecckey->cbKey = sizeof(eccPubkey) / 2; -+ status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, &key, buffer, sizeof(buffer), 0); -+ ok(!status, "BCryptImportKeyPair failed: %08x\n", status); -+ -+ status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0); -+ ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status); -+ -+ status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash), certSignature, sizeof(certSignature), 0); -+ ok(!status, "BCryptVerifySignature failed: %08x\n", status); -+ -+ pBCryptDestroyKey(key); -+ pBCryptCloseAlgorithmProvider(alg, 0); -+} -+ - START_TEST(bcrypt) - { - HMODULE module; -@@ -1397,6 +1459,8 @@ START_TEST(bcrypt) - pBCryptDestroyKey = (void *)GetProcAddress(module, "BCryptDestroyKey"); - pBCryptImportKey = (void *)GetProcAddress(module, "BCryptImportKey"); - pBCryptExportKey = (void *)GetProcAddress(module, "BCryptExportKey"); -+ pBCryptImportKeyPair = (void *)GetProcAddress(module, "BCryptImportKeyPair"); -+ pBCryptVerifySignature = (void *)GetProcAddress(module, "BCryptVerifySignature"); - - test_BCryptGenRandom(); - test_BCryptGetFipsAlgorithmMode(); -@@ -1407,6 +1471,7 @@ START_TEST(bcrypt) - test_BCryptEncrypt(); - test_BCryptDecrypt(); - test_key_import_export(); -+ test_ECDSA(); - - if (pBCryptHash) /* >= Win 10 */ - test_BcryptHash(); --- -1.9.1 - diff --git a/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch b/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch index cbc3436a..04e8fad7 100644 --- a/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch +++ b/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch @@ -1,4 +1,4 @@ -From 6879933e1a7630c2b8d22f2c0e0d2519c8416d5b Mon Sep 17 00:00:00 2001 +From 02f9996f8a3ebcff59cc3993c579ffc36eafa53f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Fri, 29 Sep 2017 19:18:58 +0200 Subject: [PATCH] bcrypt: Implement importing of ecdsa keys. @@ -6,12 +6,12 @@ Subject: [PATCH] bcrypt: Implement importing of ecdsa keys. --- dlls/bcrypt/bcrypt.spec | 4 +- dlls/bcrypt/bcrypt_main.c | 160 +++++++++++++++++++++++++++++++++++++++++++-- - dlls/bcrypt/tests/bcrypt.c | 6 +- + dlls/bcrypt/tests/bcrypt.c | 4 +- include/bcrypt.h | 2 + - 4 files changed, 162 insertions(+), 10 deletions(-) + 4 files changed, 161 insertions(+), 9 deletions(-) diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec -index 28c2394..78824d7 100644 +index 28c2394ce45..78824d73b39 100644 --- a/dlls/bcrypt/bcrypt.spec +++ b/dlls/bcrypt/bcrypt.spec @@ -32,7 +32,7 @@ @@ -33,7 +33,7 @@ index 28c2394..78824d7 100644 @ stub GetCipherInterface @ stub GetHashInterface diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 2dd839f..b1736fa 100644 +index b1f79d830c2..bae9a4b2663 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -220,7 +220,9 @@ enum alg_id @@ -153,7 +153,7 @@ index 2dd839f..b1736fa 100644 #endif #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) -@@ -1174,8 +1225,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1170,8 +1221,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) static NTSTATUS key_destroy( struct key *key ) { @@ -169,7 +169,7 @@ index 2dd839f..b1736fa 100644 heap_free( key ); return STATUS_SUCCESS; } -@@ -1310,6 +1366,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons +@@ -1341,6 +1397,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons return STATUS_NOT_IMPLEMENTED; } @@ -182,7 +182,7 @@ index 2dd839f..b1736fa 100644 static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags ) { ERR( "support for keys not available at build time\n" ); -@@ -1372,6 +1434,12 @@ static inline BOOL key_is_symmetric( struct key *key ) +@@ -1403,6 +1465,12 @@ static inline BOOL key_is_symmetric( struct key *key ) return FALSE; } @@ -195,7 +195,7 @@ index 2dd839f..b1736fa 100644 static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode ) { *mode = key->u.s.mode; -@@ -1503,6 +1571,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE +@@ -1534,6 +1602,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE return STATUS_SUCCESS; } @@ -285,19 +285,10 @@ index 2dd839f..b1736fa 100644 { struct key *key = handle; diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index a262251..d5f08be 100644 +index 57d04882b54..fa244d19249 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c -@@ -1419,7 +1419,7 @@ static void test_ECDSA(void) - status = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_ECDSA_P256_ALGORITHM, NULL, 0); - if (status) - { -- todo_wine win_skip("Failed to open ECDSA provider: %08x, skipping test\n", status); -+ win_skip("Failed to open ECDSA provider: %08x, skipping test\n", status); - return; - } - -@@ -1435,10 +1435,10 @@ static void test_ECDSA(void) +@@ -1486,10 +1486,10 @@ static void test_ECDSA(void) ok(!status, "BCryptImportKeyPair failed: %08x\n", status); status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0); @@ -311,7 +302,7 @@ index a262251..d5f08be 100644 pBCryptDestroyKey(key); pBCryptCloseAlgorithmProvider(alg, 0); diff --git a/include/bcrypt.h b/include/bcrypt.h -index 717d77c..f28b0d3 100644 +index 717d77c7319..f28b0d395d1 100644 --- a/include/bcrypt.h +++ b/include/bcrypt.h @@ -211,8 +211,10 @@ NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *); @@ -326,5 +317,5 @@ index 717d77c..f28b0d3 100644 #endif /* __WINE_BCRYPT_H */ -- -1.9.1 +2.16.2 diff --git a/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch b/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch index 52db47fb..0b305be7 100644 --- a/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch +++ b/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch @@ -1,4 +1,4 @@ -From 6b19309d0496fef0d87553b074bd80a487d9cac1 Mon Sep 17 00:00:00 2001 +From 6960c89a6bf588d483211ee16014d6753d682d0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Fri, 29 Sep 2017 20:31:00 +0200 Subject: [PATCH] bcrypt: Implement BCryptVerifySignature for ecdsa signatures. @@ -9,7 +9,7 @@ Subject: [PATCH] bcrypt: Implement BCryptVerifySignature for ecdsa signatures. 2 files changed, 337 insertions(+), 10 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index c1a5114..057a27d 100644 +index bae9a4b2663..593a806c612 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -27,6 +27,7 @@ @@ -125,7 +125,7 @@ index c1a5114..057a27d 100644 if (TRACE_ON( bcrypt )) { -@@ -1246,6 +1300,264 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1219,6 +1273,264 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) return STATUS_SUCCESS; } @@ -390,7 +390,7 @@ index c1a5114..057a27d 100644 static NTSTATUS key_destroy( struct key *key ) { if(key_is_symmetric(key)) -@@ -1399,6 +1711,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1382,6 +1694,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) return STATUS_NOT_IMPLEMENTED; } @@ -404,7 +404,7 @@ index c1a5114..057a27d 100644 static NTSTATUS key_destroy( struct key *key ) { iif (key->u.s.ref_encrypt) CCCryptorRelease( key->u.s.ref_encrypt ); -@@ -1464,6 +1783,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1447,6 +1766,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) return STATUS_NOT_IMPLEMENTED; } @@ -418,7 +418,7 @@ index c1a5114..057a27d 100644 static NTSTATUS key_destroy( struct key *key ) { ERR( "support for keys not available at build time\n" ); -@@ -1674,13 +2000,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding, +@@ -1675,13 +2001,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding, { struct key *key = handle; @@ -436,10 +436,10 @@ index c1a5114..057a27d 100644 NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle ) diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index 73d3325..d0bc52d 100644 +index fa244d19249..57d04882b54 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c -@@ -1420,10 +1420,10 @@ static void test_ECDSA(void) +@@ -1486,10 +1486,10 @@ static void test_ECDSA(void) ok(!status, "BCryptImportKeyPair failed: %08x\n", status); status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0); @@ -453,5 +453,5 @@ index 73d3325..d0bc52d 100644 pBCryptDestroyKey(key); pBCryptCloseAlgorithmProvider(alg, 0); -- -1.9.1 +2.16.2 diff --git a/patches/bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch b/patches/bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch index 99963922..b78bf467 100644 --- a/patches/bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch +++ b/patches/bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch @@ -1,4 +1,4 @@ -From 53cb3911bc744414e3f0dce3e33ccad2bbd507e7 Mon Sep 17 00:00:00 2001 +From 26c14820b2293bf466191b655a515ddfb0814f55 Mon Sep 17 00:00:00 2001 From: Kimmo Myllyvirta Date: Tue, 10 Oct 2017 16:40:41 +0300 Subject: [PATCH] bcrypt: Initial implementation for RSA key import and @@ -10,7 +10,7 @@ Subject: [PATCH] bcrypt: Initial implementation for RSA key import and 2 files changed, 135 insertions(+), 10 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 057a27d..f858bec 100644 +index 593a806c612..e30e52b8b68 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -77,6 +77,9 @@ static int (*pgnutls_pubkey_verify_hash2)(gnutls_pubkey_t key, gnutls_sign_algor @@ -71,7 +71,7 @@ index 057a27d..f858bec 100644 else if (!strcmpW( id, BCRYPT_SHA1_ALGORITHM )) alg_id = ALG_ID_SHA1; else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256; else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384; -@@ -1132,6 +1148,7 @@ static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, con +@@ -1080,6 +1096,7 @@ static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, con { case ALG_ID_ECDSA_P256: case ALG_ID_ECDSA_P384: @@ -79,7 +79,7 @@ index 057a27d..f858bec 100644 break; default: -@@ -1446,6 +1463,34 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut +@@ -1419,6 +1436,34 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut return STATUS_SUCCESS; } @@ -114,7 +114,7 @@ index 057a27d..f858bec 100644 static NTSTATUS import_gnutls_pubkey( struct key *key, gnutls_pubkey_t *gnutls_key) { switch (key->alg_id) -@@ -1453,6 +1498,8 @@ static NTSTATUS import_gnutls_pubkey( struct key *key, gnutls_pubkey_t *gnutls_ +@@ -1426,6 +1471,8 @@ static NTSTATUS import_gnutls_pubkey( struct key *key, gnutls_pubkey_t *gnutls_ case ALG_ID_ECDSA_P256: case ALG_ID_ECDSA_P384: return import_gnutls_pubkey_ecc( key, gnutls_key ); @@ -123,7 +123,7 @@ index 057a27d..f858bec 100644 default: FIXME("Algorithm %d not yet supported\n", key->alg_id); -@@ -1482,6 +1529,14 @@ static NTSTATUS prepare_gnutls_signature_ecc( struct key *key, UCHAR *signature, +@@ -1455,6 +1502,14 @@ static NTSTATUS prepare_gnutls_signature_ecc( struct key *key, UCHAR *signature, return STATUS_SUCCESS; } @@ -138,7 +138,7 @@ index 057a27d..f858bec 100644 static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULONG signature_len, gnutls_datum_t *gnutls_signature ) { -@@ -1490,6 +1545,8 @@ static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULO +@@ -1463,6 +1518,8 @@ static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULO case ALG_ID_ECDSA_P256: case ALG_ID_ECDSA_P384: return prepare_gnutls_signature_ecc( key, signature, signature_len, gnutls_signature ); @@ -147,7 +147,7 @@ index 057a27d..f858bec 100644 default: FIXME( "Algorithm %d not yet supported\n", key->alg_id ); -@@ -1508,18 +1565,38 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha +@@ -1481,18 +1538,38 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha NTSTATUS status; int ret; @@ -156,12 +156,12 @@ index 057a27d..f858bec 100644 + if (key->alg_id == ALG_ID_RSA) + { + BCRYPT_PKCS1_PADDING_INFO *pinfo = (BCRYPT_PKCS1_PADDING_INFO *)padding; ++ ++ if (!(flags & BCRYPT_PAD_PKCS1) || !pinfo) return STATUS_INVALID_PARAMETER; ++ if (!pinfo->pszAlgId) return STATUS_INVALID_SIGNATURE; - /* only the hash size must match, not the actual hash function */ - switch (hash_len) -+ if (!(flags & BCRYPT_PAD_PKCS1) || !pinfo) return STATUS_INVALID_PARAMETER; -+ if (!pinfo->pszAlgId) return STATUS_INVALID_SIGNATURE; -+ + if (!strcmpW( pinfo->pszAlgId, BCRYPT_SHA1_ALGORITHM )) hash_algo = GNUTLS_DIG_SHA1; + else if (!strcmpW( pinfo->pszAlgId, BCRYPT_SHA256_ALGORITHM )) hash_algo = GNUTLS_DIG_SHA256; + else if (!strcmpW( pinfo->pszAlgId, BCRYPT_SHA384_ALGORITHM )) hash_algo = GNUTLS_DIG_SHA384; @@ -195,7 +195,7 @@ index 057a27d..f858bec 100644 } switch (key->alg_id) -@@ -1528,6 +1605,9 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha +@@ -1501,6 +1578,9 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha case ALG_ID_ECDSA_P384: pk_algo = GNUTLS_PK_ECC; break; @@ -205,7 +205,7 @@ index 057a27d..f858bec 100644 default: FIXME( "Algorithm %d not yet supported\n", key->alg_id ); -@@ -1553,7 +1633,8 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha +@@ -1526,7 +1606,8 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha gnutls_hash.size = hash_len; ret = pgnutls_pubkey_verify_hash2( gnutls_key, sign_algo, 0, &gnutls_hash, &gnutls_signature ); @@ -215,7 +215,7 @@ index 057a27d..f858bec 100644 pgnutls_pubkey_deinit( gnutls_key ); return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS; } -@@ -1990,6 +2071,33 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN +@@ -1991,6 +2072,33 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN *ret_key = key; return STATUS_SUCCESS; } @@ -250,7 +250,7 @@ index 057a27d..f858bec 100644 FIXME( "unsupported key type %s\n", debugstr_w(type) ); return STATUS_NOT_SUPPORTED; diff --git a/include/bcrypt.h b/include/bcrypt.h -index f28b0d3..df54f62 100644 +index f28b0d395d1..df54f621fa7 100644 --- a/include/bcrypt.h +++ b/include/bcrypt.h @@ -63,6 +63,8 @@ typedef LONG NTSTATUS; @@ -292,5 +292,5 @@ index f28b0d3..df54f62 100644 { LPCWSTR pszAlgId; -- -1.9.1 +2.16.2 diff --git a/patches/bcrypt-Improvements/0036-bcrypt-tests-Add-simple-test-for-RSA.patch b/patches/bcrypt-Improvements/0036-bcrypt-tests-Add-simple-test-for-RSA.patch index 7f213cf2..b07d7aae 100644 --- a/patches/bcrypt-Improvements/0036-bcrypt-tests-Add-simple-test-for-RSA.patch +++ b/patches/bcrypt-Improvements/0036-bcrypt-tests-Add-simple-test-for-RSA.patch @@ -1,4 +1,4 @@ -From 40c9ce94bf6975c77741669a86136935303a138e Mon Sep 17 00:00:00 2001 +From fef95e1d96adc99a5767328c4b0b85f68a1e9af3 Mon Sep 17 00:00:00 2001 From: Kimmo Myllyvirta Date: Tue, 10 Oct 2017 16:41:09 +0300 Subject: [PATCH] bcrypt/tests: Add simple test for RSA. @@ -12,10 +12,10 @@ Based on patch from Bernhard Übelacker. 1 file changed, 95 insertions(+) diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index d0bc52d..feb74c4 100644 +index 57d04882b54..7d59f6d4c1d 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c -@@ -1429,6 +1429,100 @@ static void test_ECDSA(void) +@@ -1495,6 +1495,100 @@ static void test_ECDSA(void) pBCryptCloseAlgorithmProvider(alg, 0); } @@ -116,7 +116,7 @@ index d0bc52d..feb74c4 100644 START_TEST(bcrypt) { HMODULE module; -@@ -1472,6 +1566,7 @@ START_TEST(bcrypt) +@@ -1538,6 +1632,7 @@ START_TEST(bcrypt) test_BCryptDecrypt(); test_key_import_export(); test_ECDSA(); @@ -125,5 +125,5 @@ index d0bc52d..feb74c4 100644 if (pBCryptHash) /* >= Win 10 */ test_BcryptHash(); -- -1.9.1 +2.16.2 diff --git a/patches/bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch b/patches/bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch index 65922b09..1e3530e1 100644 --- a/patches/bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch +++ b/patches/bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch @@ -1,4 +1,4 @@ -From 8a9bfbd2670fb200c280a73addc0fb012f5576ce Mon Sep 17 00:00:00 2001 +From 951414bb416ebf3858ec79df87441025d842bf47 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Sat, 14 Oct 2017 22:44:13 +0200 Subject: [PATCH] bcrypt: Store full ECCKEY_BLOB struct in BCryptImportKeyPair. @@ -8,10 +8,10 @@ Subject: [PATCH] bcrypt: Store full ECCKEY_BLOB struct in BCryptImportKeyPair. 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 131082a..9443d04 100644 +index e30e52b8b68..733e608e1ee 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c -@@ -1405,6 +1405,7 @@ static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len, +@@ -1401,6 +1401,7 @@ static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len, static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnutls_key ) { @@ -19,7 +19,7 @@ index 131082a..9443d04 100644 gnutls_ecc_curve_t curve; gnutls_datum_t x, y; int ret; -@@ -1425,10 +1426,11 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut +@@ -1421,10 +1422,11 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut return STATUS_INTERNAL_ERROR; } @@ -35,7 +35,7 @@ index 131082a..9443d04 100644 if ((ret = pgnutls_pubkey_import_ecc_raw( *gnutls_key, curve, &x, &y ))) { -@@ -2032,7 +2034,7 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN +@@ -2063,7 +2065,7 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN return STATUS_NO_MEMORY; key->hdr.magic = MAGIC_KEY; @@ -45,5 +45,5 @@ index 131082a..9443d04 100644 heap_free( key ); return status; -- -1.9.1 +2.16.2 diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index ce05b77c..8d523290 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -52,7 +52,7 @@ usage() # Get the upstream commit sha upstream_commit() { - echo "afef57f872433bcd3032c2ccbc0453bef5b62178" + echo "5946973021285dd6ecb8df224956fea4817f8fed" } # Show version information @@ -2982,10 +2982,7 @@ fi # | if test "$enable_bcrypt_Improvements" -eq 1; then patch_apply bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch - patch_apply bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch - patch_apply bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch patch_apply bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch - patch_apply bcrypt-Improvements/0032-bcrypt-tests-Add-basic-test-for-ecdsa.patch patch_apply bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch patch_apply bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch patch_apply bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch @@ -2993,10 +2990,7 @@ if test "$enable_bcrypt_Improvements" -eq 1; then patch_apply bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch ( printf '%s\n' '+ { "Sebastian Lackner", "bcrypt: Avoid crash in tests when compiling without gnutls support.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "bcrypt: Implement support for ECB chain mode.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "bcrypt: Add support for 192 and 256 bit aes keys.", 1 },'; printf '%s\n' '+ { "Michael Müller", "bcrypt: Preparation for asymmetric keys.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "bcrypt/tests: Add basic test for ecdsa.", 1 },'; printf '%s\n' '+ { "Michael Müller", "bcrypt: Implement importing of ecdsa keys.", 1 },'; printf '%s\n' '+ { "Michael Müller", "bcrypt: Implement BCryptVerifySignature for ecdsa signatures.", 1 },'; printf '%s\n' '+ { "Kimmo Myllyvirta", "bcrypt: Initial implementation for RSA key import and signature verification.", 1 },';