wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2025-09-12 18:50:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Rebase against afef57f872433bcd3032c2ccbc0453bef5b62178

Browse Source
This commit is contained in:
Alistair Leslie-Hughes
2018-03-23 08:37:51 +11:00
parent 3d050ca9b9
commit 4d7af4085f
20 changed files with 182 additions and 1538 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
patches/bcrypt-Improvements/0020-bcrypt-Implement-BCryptDuplicateKey.patch
View File

@@ -1,140 +0,0 @@
From 392198981958d9d2c76e22e27c1b704c7763971b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 08:28:24 +0100
Subject: [PATCH] bcrypt: Implement BCryptDuplicateKey.
---
dlls/bcrypt/bcrypt.spec | 2 +-
dlls/bcrypt/bcrypt_main.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++
dlls/ncrypt/ncrypt.spec | 2 +-
3 files changed, 70 insertions(+), 2 deletions(-)
diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
index 21b54b4..28c2394 100644
--- a/dlls/bcrypt/bcrypt.spec
+++ b/dlls/bcrypt/bcrypt.spec
@@ -12,7 +12,7 @@
@ stdcall BCryptDestroyKey(ptr)
@ stub BCryptDestroySecret
@ stdcall BCryptDuplicateHash(ptr ptr ptr long long)
-@ stub BCryptDuplicateKey
+@ stdcall BCryptDuplicateKey(ptr ptr ptr long long)
@ stdcall BCryptEncrypt(ptr ptr long ptr ptr long ptr long ptr long)
@ stdcall BCryptEnumAlgorithms(long ptr ptr long)
@ stub BCryptEnumContextFunctionProviders
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index cd44bdf..0d321d2 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -953,6 +953,24 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
return STATUS_NOT_IMPLEMENTED;
}
+static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
+{
+ UCHAR *buffer;
+
+ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->secret_len ))) return STATUS_NO_MEMORY;
+ memcpy( buffer, key_orig->secret, key_orig->secret_len );
+
+ key_copy->hdr = key_orig->hdr;
+ key_copy->alg_id = key_orig->alg_id;
+ key_copy->mode = key_orig->mode;
+ key_copy->block_size = key_orig->block_size;
+ key_copy->handle = NULL;
+ key_copy->secret = buffer;
+ key_copy->secret_len = key_orig->secret_len;
+
+ return STATUS_SUCCESS;
+}
+
static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
{
switch (key->alg_id)
@@ -1094,6 +1112,25 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
return STATUS_NOT_IMPLEMENTED;
}
+static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
+{
+ UCHAR *buffer;
+
+ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->secret_len ))) return STATUS_NO_MEMORY;
+ memcpy( buffer, key_orig->secret, key_orig->secret_len );
+
+ key_copy->hdr = key_orig->hdr;
+ key_copy->alg_id = key_orig->alg_id;
+ key_copy->mode = key_orig->mode;
+ key_copy->block_size = key_orig->block_size;
+ key_copy->ref_encrypt = NULL;
+ key_copy->ref_decrypt = NULL;
+ key_copy->secret = buffer;
+ key_copy->secret_len = key_orig->secret_len;
+
+ return STATUS_SUCCESS;
+}
+
static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
{
CCCryptorStatus status;
@@ -1182,6 +1219,13 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
return STATUS_NOT_IMPLEMENTED;
}
+static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
+{
+ ERR( "support for keys not available at build time\n" );
+ key_copy->mode = MODE_ID_CBC;
+ return STATUS_NOT_IMPLEMENTED;
+}
+
static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
{
ERR( "support for keys not available at build time\n" );
@@ -1310,6 +1354,30 @@ NTSTATUS WINAPI BCryptExportKey(BCRYPT_KEY_HANDLE export_key, BCRYPT_KEY_HANDLE
return key_export( key, type, output, output_len, size );
}
+NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE *handle_copy,
+ UCHAR *object, ULONG object_len, ULONG flags )
+{
+ struct key *key_orig = handle;
+ struct key *key_copy;
+ NTSTATUS status;
+
+ TRACE( "%p, %p, %p, %u, %08x\n", handle, handle_copy, object, object_len, flags );
+
+ if (!key_orig || key_orig->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
+ if (!handle_copy) return STATUS_INVALID_PARAMETER;
+ if (!(key_copy = HeapAlloc( GetProcessHeap(), 0, sizeof(*key_copy) )))
+ return STATUS_NO_MEMORY;
+
+ if ((status = key_duplicate( key_orig, key_copy )))
+ {
+ HeapFree( GetProcessHeap(), 0, key_copy );
+ return status;
+ }
+
+ *handle_copy = key_copy;
+ return STATUS_SUCCESS;
+}
+
NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle )
{
struct key *key = handle;
diff --git a/dlls/ncrypt/ncrypt.spec b/dlls/ncrypt/ncrypt.spec
index 5d5fae0..d0f0f56 100644
--- a/dlls/ncrypt/ncrypt.spec
+++ b/dlls/ncrypt/ncrypt.spec
@@ -14,7 +14,7 @@
@ stdcall BCryptDestroyKey(ptr) bcrypt.BCryptDestroyKey
@ stub BCryptDestroySecret
@ stdcall BCryptDuplicateHash(ptr ptr ptr long long) bcrypt.BCryptDuplicateHash
-@ stub BCryptDuplicateKey
+@ stdcall BCryptDuplicateKey(ptr ptr ptr long long) bcrypt.BCryptDuplicateKey
@ stdcall BCryptEncrypt(ptr ptr long ptr ptr long ptr long ptr long) bcrypt.BCryptEncrypt
@ stdcall BCryptEnumAlgorithms(long ptr ptr long) bcrypt.BCryptEnumAlgorithms
@ stub BCryptEnumContextFunctionProviders
--
1.9.1

77
patches/bcrypt-Improvements/0021-bcrypt-tests-Add-tests-for-BCryptDuplicateKey.patch
View File

@@ -1,77 +0,0 @@
From 1eed1f80cd5b8fd8e77e02990ebcf3eb7a5bfda5 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 26 Dec 2016 08:30:43 +0100
Subject: [PATCH 21/36] bcrypt/tests: Add tests for BCryptDuplicateKey.
---
dlls/bcrypt/tests/bcrypt.c | 33 ++++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index 18cd2a2713..6ec429e309 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -45,6 +45,7 @@ static NTSTATUS (WINAPI *pBCryptEncrypt)(BCRYPT_KEY_HANDLE, PUCHAR, ULONG, VOID
ULONG *, ULONG);
static NTSTATUS (WINAPI *pBCryptDecrypt)(BCRYPT_KEY_HANDLE, PUCHAR, ULONG, VOID *, PUCHAR, ULONG, PUCHAR, ULONG,
ULONG *, ULONG);
+static NTSTATUS (WINAPI *pBCryptDuplicateKey)(BCRYPT_KEY_HANDLE, BCRYPT_KEY_HANDLE *, UCHAR *, ULONG, ULONG);
static NTSTATUS (WINAPI *pBCryptDestroyKey)(BCRYPT_KEY_HANDLE);
static NTSTATUS (WINAPI *pBCryptImportKey)(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, BCRYPT_KEY_HANDLE *,
PUCHAR, ULONG, PUCHAR, ULONG, ULONG);
@@ -503,7 +504,7 @@ static void test_BCryptGenerateSymmetricKey(void)
static UCHAR expected[] =
{0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79};
BCRYPT_ALG_HANDLE aes;
- BCRYPT_KEY_HANDLE key;
+ BCRYPT_KEY_HANDLE key, key2;
UCHAR *buf, ciphertext[16], plaintext[16], ivbuf[16];
ULONG size, len, i;
NTSTATUS ret;
@@ -546,6 +547,35 @@ static void test_BCryptGenerateSymmetricKey(void)
for (i = 0; i < 16; i++)
ok(ciphertext[i] == expected[i], "%u: %02x != %02x\n", i, ciphertext[i], expected[i]);
+ ret = pBCryptDuplicateKey(NULL, &key2, NULL, 0, 0);
+ ok(ret == STATUS_INVALID_HANDLE, "got %08x\n", ret);
+
+ if (0) /* crashes on some Windows versions */
+ {
+ ret = pBCryptDuplicateKey(key, NULL, NULL, 0, 0);
+ ok(ret == STATUS_INVALID_PARAMETER, "got %08x\n", ret);
+ }
+
+ key2 = (void *)0xdeadbeef;
+ ret = pBCryptDuplicateKey(key, &key2, NULL, 0, 0);
+ ok(ret == STATUS_SUCCESS || broken(ret == STATUS_INVALID_PARAMETER), "got %08x\n", ret);
+
+ if (ret == STATUS_SUCCESS)
+ {
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ memset(ciphertext, 0, sizeof(ciphertext));
+ ret = pBCryptEncrypt(key2, data, 16, NULL, ivbuf, 16, ciphertext, 16, &size, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 16, "got %u\n", size);
+ ok(!memcmp(ciphertext, expected, sizeof(expected)), "wrong data\n");
+ for (i = 0; i < 16; i++)
+ ok(ciphertext[i] == expected[i], "%u: %02x != %02x\n", i, ciphertext[i], expected[i]);
+
+ ret = pBCryptDestroyKey(key2);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ }
+
size = 0xdeadbeef;
ret = pBCryptDecrypt(key, NULL, 0, NULL, NULL, 0, NULL, 0, &size, 0);
ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
@@ -1059,6 +1089,7 @@ START_TEST(bcrypt)
pBCryptGenerateSymmetricKey = (void *)GetProcAddress(module, "BCryptGenerateSymmetricKey");
pBCryptEncrypt = (void *)GetProcAddress(module, "BCryptEncrypt");
pBCryptDecrypt = (void *)GetProcAddress(module, "BCryptDecrypt");
+ pBCryptDuplicateKey = (void *)GetProcAddress(module, "BCryptDuplicateKey");
pBCryptDestroyKey = (void *)GetProcAddress(module, "BCryptDestroyKey");
pBCryptImportKey = (void *)GetProcAddress(module, "BCryptImportKey");
pBCryptExportKey = (void *)GetProcAddress(module, "BCryptExportKey");
--
2.16.1

114
patches/bcrypt-Improvements/0023-bcrypt-Add-support-for-auth-data-in-AES-GCM-mode.patch
View File

@@ -1,114 +0,0 @@
From d11095de823d25cd44a80bbdab2745c560db9521 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 15:01:19 +0100
Subject: [PATCH 23/36] bcrypt: Add support for auth data in AES GCM mode.
---
dlls/bcrypt/bcrypt_main.c | 42 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 41 insertions(+), 1 deletion(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index f027eea..da9cb02 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -52,6 +52,7 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag);
/* Not present in gnutls version < 3.0 */
static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void * tag, size_t tag_size);
+static int (*pgnutls_cipher_add_auth)(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size);
static void *libgnutls_handle;
#define MAKE_FUNCPTR(f) static typeof(f) * p##f
@@ -72,7 +73,12 @@ MAKE_FUNCPTR(gnutls_perror);
#define GNUTLS_CIPHER_AES_256_GCM 94
#endif
-static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void * tag, size_t tag_size)
+static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
+{
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+}
+
+static int compat_gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size)
{
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
@@ -115,6 +121,11 @@ static BOOL gnutls_initialize(void)
WARN("gnutls_cipher_tag not found\n");
pgnutls_cipher_tag = compat_gnutls_cipher_tag;
}
+ if (!(pgnutls_cipher_add_auth = wine_dlsym( libgnutls_handle, "gnutls_cipher_add_auth", NULL, 0 )))
+ {
+ WARN("gnutls_cipher_add_auth not found\n");
+ pgnutls_cipher_add_auth = compat_gnutls_cipher_add_auth;
+ }
if ((ret = pgnutls_global_init()) != GNUTLS_E_SUCCESS)
{
@@ -1050,6 +1061,19 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_SUCCESS;
}
+static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len )
+{
+ int ret;
+
+ if ((ret = pgnutls_cipher_add_auth( key->handle, auth_data, len )))
+ {
+ pgnutls_perror( ret );
+ return STATUS_INTERNAL_ERROR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
{
@@ -1193,6 +1217,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_SUCCESS;
}
+static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len )
+{
+ FIXME( "not implemented on Mac\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
{
@@ -1262,6 +1292,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_NOT_IMPLEMENTED;
}
+static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
{
@@ -1456,6 +1492,8 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+ if (auth_info->pbAuthData && (status = key_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData )))
+ return status;
if ((status = key_encrypt( key, input, input_len, output, output_len )))
return status;
@@ -1533,6 +1571,8 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+ if (auth_info->pbAuthData && (status = key_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData )))
+ return status;
if ((status = key_decrypt( key, input, input_len, output, output_len )))
return status;
--
2.7.4

102
patches/bcrypt-Improvements/0024-bcrypt-tests-Add-tests-for-auth-data-in-AES-GCM-mode.patch
View File

@@ -1,102 +0,0 @@
From 7fd1604b8ca60711c6850fbc47189bc9a7fbaa06 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 26 Dec 2016 15:01:38 +0100
Subject: [PATCH 24/36] bcrypt/tests: Add tests for auth data in AES GCM mode.
---
dlls/bcrypt/tests/bcrypt.c | 44 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 42 insertions(+), 2 deletions(-)
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index baf5b638f9..bd22b80d9a 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -610,7 +610,9 @@ static void test_BCryptGenerateSymmetricKey(void)
static void test_BCryptEncrypt(void)
{
static UCHAR nonce[] =
- {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x10, 0x20, 0x30, 0x40, 0x50, 0x60};
+ {0x10,0x20,0x30,0x40,0x50,0x60,0x10,0x20,0x30,0x40,0x50,0x60};
+ static UCHAR auth_data[] =
+ {0x60,0x50,0x40,0x30,0x20,0x10,0x60,0x50,0x40,0x30,0x20,0x10};
static UCHAR secret[] =
{0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
static UCHAR iv[] =
@@ -636,6 +638,8 @@ static void test_BCryptEncrypt(void)
{0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0};
static UCHAR expected_tag2[] =
{0x9a,0x92,0x32,0x2c,0x61,0x2a,0xae,0xef,0x66,0x2a,0xfb,0x55,0xe9,0x48,0xdf,0xbd};
+ static UCHAR expected_tag3[] =
+ {0x17,0x9d,0xc0,0x7a,0xf0,0xcf,0xaa,0xd5,0x1c,0x11,0xc4,0x4b,0xd6,0xa3,0x3e,0x77};
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO auth_info;
UCHAR *buf, ciphertext[48], ivbuf[16], tag[16];
BCRYPT_AUTH_TAG_LENGTHS_STRUCT tag_length;
@@ -809,6 +813,24 @@ static void test_BCryptEncrypt(void)
for (i = 0; i < 16; i++)
ok(tag[i] == expected_tag2[i], "%u: %02x != %02x\n", i, tag[i], expected_tag2[i]);
+ /* test with auth data */
+ auth_info.pbAuthData = auth_data;
+ auth_info.cbAuthData = sizeof(auth_data);
+
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ memset(ciphertext, 0xff, sizeof(ciphertext));
+ memset(tag, 0xff, sizeof(tag));
+ ret = pBCryptEncrypt(key, data2, 32, &auth_info, ivbuf, 16, ciphertext, 32, &size, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 32, "got %u\n", size);
+ ok(!memcmp(ciphertext, expected4, sizeof(expected4)), "wrong data\n");
+ ok(!memcmp(tag, expected_tag3, sizeof(expected_tag3)), "wrong tag\n");
+ for (i = 0; i < 32; i++)
+ ok(ciphertext[i] == expected4[i], "%u: %02x != %02x\n", i, ciphertext[i], expected4[i]);
+ for (i = 0; i < 16; i++)
+ ok(tag[i] == expected_tag3[i], "%u: %02x != %02x\n", i, tag[i], expected_tag3[i]);
+
/* test with padding */
memcpy(ivbuf, iv, sizeof(iv));
memset(ciphertext, 0, sizeof(ciphertext));
@@ -831,7 +853,9 @@ static void test_BCryptEncrypt(void)
static void test_BCryptDecrypt(void)
{
static UCHAR nonce[] =
- {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x10, 0x20, 0x30, 0x40, 0x50, 0x60};
+ {0x10,0x20,0x30,0x40,0x50,0x60,0x10,0x20,0x30,0x40,0x50,0x60};
+ static UCHAR auth_data[] =
+ {0x60,0x50,0x40,0x30,0x20,0x10,0x60,0x50,0x40,0x30,0x20,0x10};
static UCHAR secret[] =
{0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
static UCHAR iv[] =
@@ -858,6 +882,8 @@ static void test_BCryptDecrypt(void)
0x86,0x64,0xc3,0xfe,0xa3,0x07,0x61,0xf8,0x16,0xc9,0x78,0x7f,0xe7,0xb1,0xc4,0x94};
static UCHAR tag[] =
{0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0};
+ static UCHAR tag2[] =
+ {0x17,0x9d,0xc0,0x7a,0xf0,0xcf,0xaa,0xd5,0x1c,0x11,0xc4,0x4b,0xd6,0xa3,0x3e,0x77};
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO auth_info;
BCRYPT_KEY_LENGTHS_STRUCT key_lengths;
BCRYPT_ALG_HANDLE aes;
@@ -1007,6 +1033,20 @@ static void test_BCryptDecrypt(void)
ok(size == 32, "got %u\n", size);
ok(!memcmp(plaintext, expected3, sizeof(expected3)), "wrong data\n");
+ /* test with auuth data */
+ auth_info.pbAuthData = auth_data;
+ auth_info.cbAuthData = sizeof(auth_data);
+ auth_info.pbTag = tag2;
+ auth_info.cbTag = sizeof(tag2);
+
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ memset(plaintext, 0, sizeof(plaintext));
+ ret = pBCryptDecrypt(key, ciphertext4, 32, &auth_info, ivbuf, 16, plaintext, 32, &size, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 32, "got %u\n", size);
+ ok(!memcmp(plaintext, expected3, sizeof(expected3)), "wrong data\n");
+
/* test with wrong tag */
memcpy(ivbuf, iv, sizeof(iv));
auth_info.pbTag = iv; /* wrong tag */
--
2.16.1

49
patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch
View File

@@ -1,54 +1,39 @@
From 0fbdf39c6714848c3186882ef01111c08174afa1 Mon Sep 17 00:00:00 2001
From facd838db32bcb086711fda48a7ae9d5419a2d3c Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 26 Dec 2016 16:20:57 +0100
Subject: [PATCH 25/36] bcrypt: Avoid crash in tests when compiling without
gnutls support.
Subject: [PATCH] bcrypt: Avoid crash in tests when compiling without gnutls
support.
---
dlls/bcrypt/bcrypt_main.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
dlls/bcrypt/bcrypt_main.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index da9cb02..1839edc 100644
index e05e94c..81dce08 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1344,12 +1344,19 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
@@ -1293,9 +1293,12 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
TRACE( "%p, %p, %p, %u, %p, %u, %08x\n", algorithm, handle, object, object_len, secret, secret_len, flags );
if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE;
+ if (!handle) return STATUS_INVALID_PARAMETER;
if (object) FIXME( "ignoring object buffer\n" );
- if (!(key = heap_alloc( sizeof(*key) ))) return STATUS_NO_MEMORY;
+
+ if (!(key = heap_alloc( sizeof(*key) )))
+ {
+ *handle = NULL;
+ return STATUS_NO_MEMORY;
+ }
+ *handle = NULL;
if (!(key = heap_alloc( sizeof(*key) ))) return STATUS_NO_MEMORY;
+
key->hdr.magic = MAGIC_KEY;
if ((status = key_init( key, alg, secret, secret_len )))
{
heap_free( key );
+ *handle = NULL;
return status;
}
@@ -1383,6 +1386,8 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
@@ -1432,11 +1439,15 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
if (!key_orig || key_orig->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
if (!handle_copy) return STATUS_INVALID_PARAMETER;
if (!(key_copy = HeapAlloc( GetProcessHeap(), 0, sizeof(*key_copy) )))
+ {
+ *handle_copy = NULL;
return STATUS_NO_MEMORY;
+ }
+
+ *handle_copy = NULL;
if (!(key_copy = heap_alloc( sizeof(*key_copy) ))) return STATUS_NO_MEMORY;
if ((status = key_duplicate( key_orig, key_copy )))
{
HeapFree( GetProcessHeap(), 0, key_copy );
+ *handle_copy = NULL;
return status;
}
--
2.7.4
1.9.1

64
patches/bcrypt-Improvements/0027-bcrypt-Fix-BCryptEncrypt-with-AES_GCM-and-no-input-a.patch
View File

@@ -1,64 +0,0 @@
From ed34c7953eea6419df4fcde8b65ecfab6da2f476 Mon Sep 17 00:00:00 2001
From: Andrew Wesie <awesie@gmail.com>
Date: Mon, 1 May 2017 22:57:43 -0500
Subject: [PATCH 27/36] bcrypt: Fix BCryptEncrypt with AES_GCM and no input and
no output.
Signed-off-by: Andrew Wesie <awesie@gmail.com>
---
dlls/bcrypt/bcrypt_main.c | 2 +-
dlls/bcrypt/tests/bcrypt.c | 18 ++++++++++++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index cbd38f57d6..f19a90e6bf 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1475,7 +1475,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
*ret_len = input_len;
if (flags & BCRYPT_BLOCK_PADDING) return STATUS_INVALID_PARAMETER;
- if (!output) return STATUS_SUCCESS;
+ if (input && !output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
if (auth_info->pbAuthData && (status = key_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData )))
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index ade8058724..159be44714 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -649,6 +649,9 @@ static void test_BCryptEncrypt(void)
{0x9a,0x92,0x32,0x2c,0x61,0x2a,0xae,0xef,0x66,0x2a,0xfb,0x55,0xe9,0x48,0xdf,0xbd};
static UCHAR expected_tag3[] =
{0x17,0x9d,0xc0,0x7a,0xf0,0xcf,0xaa,0xd5,0x1c,0x11,0xc4,0x4b,0xd6,0xa3,0x3e,0x77};
+ static UCHAR expected_tag4[] =
+ {0x4c,0x42,0x83,0x9e,0x8d,0x40,0xf1,0x19,0xd6,0x2b,0x1c,0x66,0x03,0x2b,0x39,0x63};
+
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO auth_info;
UCHAR *buf, ciphertext[48], ivbuf[16], tag[16];
BCRYPT_AUTH_TAG_LENGTHS_STRUCT tag_length;
@@ -840,6 +843,21 @@ static void test_BCryptEncrypt(void)
for (i = 0; i < 16; i++)
ok(tag[i] == expected_tag3[i], "%u: %02x != %02x\n", i, tag[i], expected_tag3[i]);
+ memset(tag, 0xff, sizeof(tag));
+ ret = pBCryptEncrypt(key, data2, 0, &auth_info, ivbuf, 16, NULL, 0, &size, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 0, "got %u\n", size);
+ for (i = 0; i < 16; i++)
+ ok(tag[i] == 0xff, "%u: %02x != %02x\n", i, tag[i], 0xff);
+
+ memset(tag, 0xff, sizeof(tag));
+ ret = pBCryptEncrypt(key, NULL, 0, &auth_info, ivbuf, 16, NULL, 0, &size, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 0, "got %u\n", size);
+ ok(!memcmp(tag, expected_tag4, sizeof(expected_tag4)), "wrong tag\n");
+ for (i = 0; i < 16; i++)
+ ok(tag[i] == expected_tag4[i], "%u: %02x != %02x\n", i, tag[i], expected_tag4[i]);
+
/* test with padding */
memcpy(ivbuf, iv, sizeof(iv));
memset(ciphertext, 0, sizeof(ciphertext));
--
2.16.1

212
patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch
View File

@@ -1,25 +1,16 @@
From 70501f83e7effe724e09263791e99c494ecfbe3d Mon Sep 17 00:00:00 2001
From b3c2814f36f027657feb2ceb6abf1142ab7062b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Fri, 29 Sep 2017 18:31:55 +0200
Subject: [PATCH] bcrypt: Preparation for asymmetric keys.
---
dlls/bcrypt/bcrypt_main.c | 367 ++++++++++++++++++++++++++++------------------
1 file changed, 226 insertions(+), 141 deletions(-)
dlls/bcrypt/bcrypt_main.c | 346 +++++++++++++++++++++++++++++-----------------
1 file changed, 217 insertions(+), 129 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 2e6ed8b..0791cf3 100644
index c20abb8..2dd839f 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -19,7 +19,7 @@
#include "config.h"
#include "wine/port.h"
-
+#undef HAVE_GNUTLS_CIPHER_INIT
#include <stdarg.h>
#ifdef HAVE_COMMONCRYPTO_COMMONCRYPTOR_H
#include <AvailabilityMacros.h>
@@ -238,16 +238,17 @@ static const struct {
ULONG hash_length;
ULONG block_bits;
@@ -141,7 +132,7 @@ index 2e6ed8b..0791cf3 100644
static ULONG get_block_size( struct algorithm *alg )
{
ULONG ret = 0, size = sizeof(ret);
@@ -899,25 +947,43 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
@@ -900,15 +948,15 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
if (!strcmpW( type, BCRYPT_KEY_DATA_BLOB ))
{
BCRYPT_KEY_DATA_BLOB_HEADER *header = (BCRYPT_KEY_DATA_BLOB_HEADER *)output;
@@ -160,27 +151,42 @@ index 2e6ed8b..0791cf3 100644
return STATUS_SUCCESS;
}
FIXME( "unsupported key type %s\n", debugstr_w(type) );
return STATUS_NOT_IMPLEMENTED;
@@ -920,23 +968,33 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
{
UCHAR *buffer;
- if (!(buffer = heap_alloc( key_orig->secret_len ))) return STATUS_NO_MEMORY;
- memcpy( buffer, key_orig->secret, key_orig->secret_len );
+ key_copy->hdr = key_orig->hdr;
+ key_copy->alg_id = key_orig->alg_id;
- memset( key_copy, 0, sizeof(*key_copy) );
- key_copy->hdr = key_orig->hdr;
- key_copy->alg_id = key_orig->alg_id;
- key_copy->mode = key_orig->mode;
- key_copy->block_size = key_orig->block_size;
- key_copy->secret = buffer;
- key_copy->secret_len = key_orig->secret_len;
+ if (key_is_symmetric(key_orig))
+ {
+ if (!(buffer = heap_alloc( key_orig->u.s.secret_len ))) return STATUS_NO_MEMORY;
+ memcpy( buffer, key_orig->u.s.secret, key_orig->u.s.secret_len );
+
+ memset( key_copy, 0, sizeof(*key_copy) );
+ key_copy->hdr = key_orig->hdr;
+ key_copy->alg_id = key_orig->alg_id;
+ key_copy->u.s.mode = key_orig->u.s.mode;
+ key_copy->u.s.block_size = key_orig->u.s.block_size;
+ key_copy->u.s.secret = buffer;
+ key_copy->u.s.secret_len = key_orig->u.s.secret_len;
+ }
+ else
+ {
+ return STATUS_NOT_IMPLEMENTED;
+ }
return STATUS_SUCCESS;
}
+#else
+static inline BOOL key_is_symmetric( struct key *key )
+{
+ ERR( "support for keys not available at build time\n" );
+ return FALSE;
+}
+
+static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode )
+{
+ *mode = key->u.s.mode;
+ return STATUS_SUCCESS;
+}
+
+static NTSTATUS key_symmetric_get_blocksize( struct key *key, ULONG *size )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
#endif
#if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
@@ -189,7 +195,7 @@ index 2e6ed8b..0791cf3 100644
{
UCHAR *buffer;
@@ -933,15 +999,15 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s
@@ -952,15 +1010,15 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s
return STATUS_NOT_SUPPORTED;
}
@@ -211,7 +217,7 @@ index 2e6ed8b..0791cf3 100644
return STATUS_SUCCESS;
}
@@ -952,17 +1018,17 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
@@ -971,17 +1029,17 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
{
if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB, size ))
{
@@ -232,41 +238,7 @@ index 2e6ed8b..0791cf3 100644
return STATUS_SUCCESS;
}
else
@@ -980,16 +1046,24 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
{
UCHAR *buffer;
- if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->secret_len ))) return STATUS_NO_MEMORY;
- memcpy( buffer, key_orig->secret, key_orig->secret_len );
+ key_copy->hdr = key_orig->hdr;
+ key_copy->alg_id = key_orig->alg_id;
- key_copy->hdr = key_orig->hdr;
- key_copy->alg_id = key_orig->alg_id;
- key_copy->mode = key_orig->mode;
- key_copy->block_size = key_orig->block_size;
- key_copy->handle = NULL;
- key_copy->secret = buffer;
- key_copy->secret_len = key_orig->secret_len;
+ if (key_is_symmetric(key_orig))
+ {
+ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->u.s.secret_len ))) return STATUS_NO_MEMORY;
+ memcpy( buffer, key_orig->u.s.secret, key_orig->u.s.secret_len );
+
+ key_copy->u.s.mode = key_orig->u.s.mode;
+ key_copy->u.s.block_size = key_orig->u.s.block_size;
+ key_copy->u.s.handle = NULL;
+ key_copy->u.s.secret = buffer;
+ key_copy->u.s.secret_len = key_orig->u.s.secret_len;
+ }
+ else
+ {
+ return STATUS_NOT_IMPLEMENTED;
+ }
return STATUS_SUCCESS;
}
@@ -1000,22 +1074,22 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
@@ -1001,22 +1059,22 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
{
case ALG_ID_AES:
WARN( "handle block size\n" );
@@ -296,7 +268,7 @@ index 2e6ed8b..0791cf3 100644
return GNUTLS_CIPHER_UNKNOWN;
default:
FIXME( "algorithm %u not supported\n", key->alg_id );
@@ -1023,17 +1097,17 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
@@ -1024,17 +1082,17 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
}
}
@@ -318,7 +290,7 @@ index 2e6ed8b..0791cf3 100644
}
if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN)
@@ -1045,12 +1119,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
@@ -1046,12 +1104,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
iv_len = sizeof(zero_iv);
}
@@ -334,7 +306,7 @@ index 2e6ed8b..0791cf3 100644
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1059,11 +1133,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
@@ -1060,11 +1118,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_SUCCESS;
}
@@ -348,7 +320,7 @@ index 2e6ed8b..0791cf3 100644
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1072,12 +1146,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len
@@ -1073,12 +1131,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len
return STATUS_SUCCESS;
}
@@ -363,7 +335,7 @@ index 2e6ed8b..0791cf3 100644
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1091,7 +1165,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
@@ -1092,7 +1150,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
{
int ret;
@@ -372,7 +344,7 @@ index 2e6ed8b..0791cf3 100644
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1104,7 +1178,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
@@ -1105,7 +1163,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
{
int ret;
@@ -381,7 +353,7 @@ index 2e6ed8b..0791cf3 100644
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1115,13 +1189,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
@@ -1116,13 +1174,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
static NTSTATUS key_destroy( struct key *key )
{
@@ -398,7 +370,7 @@ index 2e6ed8b..0791cf3 100644
{
UCHAR *buffer;
@@ -1143,16 +1217,16 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s
@@ -1144,16 +1202,16 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s
return STATUS_NOT_SUPPORTED;
}
@@ -422,33 +394,8 @@ index 2e6ed8b..0791cf3 100644
return STATUS_SUCCESS;
}
@@ -1167,66 +1241,66 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
{
UCHAR *buffer;
- if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->secret_len ))) return STATUS_NO_MEMORY;
- memcpy( buffer, key_orig->secret, key_orig->secret_len );
+ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->u.s.secret_len ))) return STATUS_NO_MEMORY;
+ memcpy( buffer, key_orig->u.s.secret, key_orig->u.s.secret_len );
- key_copy->hdr = key_orig->hdr;
- key_copy->alg_id = key_orig->alg_id;
- key_copy->mode = key_orig->mode;
- key_copy->block_size = key_orig->block_size;
- key_copy->ref_encrypt = NULL;
- key_copy->ref_decrypt = NULL;
- key_copy->secret = buffer;
- key_copy->secret_len = key_orig->secret_len;
+ key_copy->hdr = key_orig->hdr;
+ key_copy->alg_id = key_orig->alg_id;
+ key_copy->u.s.mode = key_orig->u.s.mode;
+ key_copy->u.s.block_size = key_orig->u.s.block_size;
+ key_copy->u.s.ref_encrypt = NULL;
+ key_copy->u.s.ref_decrypt = NULL;
+ key_copy->u.s.secret = buffer;
+ key_copy->u.s.secret_len = key_orig->u.s.secret_len;
return STATUS_SUCCESS;
@@ -1164,51 +1222,51 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
return STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
@@ -513,7 +460,7 @@ index 2e6ed8b..0791cf3 100644
{
WARN( "CCCryptorUpdate failed %d\n", status );
return STATUS_INTERNAL_ERROR;
@@ -1240,7 +1314,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
@@ -1222,7 +1280,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
{
CCCryptorStatus status;
@@ -522,7 +469,7 @@ index 2e6ed8b..0791cf3 100644
{
WARN( "CCCryptorUpdate failed %d\n", status );
return STATUS_INTERNAL_ERROR;
@@ -1257,14 +1331,14 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
@@ -1239,14 +1297,14 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
static NTSTATUS key_destroy( struct key *key )
{
@@ -541,11 +488,7 @@ index 2e6ed8b..0791cf3 100644
{
ERR( "support for keys not available at build time\n" );
return STATUS_NOT_IMPLEMENTED;
@@ -1279,23 +1353,22 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
{
ERR( "support for keys not available at build time\n" );
- key_copy->mode = MODE_ID_CBC;
@@ -1264,19 +1322,19 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
return STATUS_NOT_IMPLEMENTED;
}
@@ -568,7 +511,32 @@ index 2e6ed8b..0791cf3 100644
ULONG output_len )
{
ERR( "support for keys not available at build time\n" );
@@ -1350,7 +1423,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
@@ -1307,6 +1365,24 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
ERR( "support for keys not available at build time\n" );
return STATUS_NOT_IMPLEMENTED;
}
+
+static inline BOOL key_is_symmetric( struct key *key )
+{
+ ERR( "support for keys not available at build time\n" );
+ return FALSE;
+}
+
+static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode )
+{
+ *mode = key->u.s.mode;
+ return STATUS_SUCCESS;
+}
+
+static NTSTATUS key_symmetric_get_blocksize( struct key *key, ULONG *size )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
#endif
NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE *handle,
@@ -1328,7 +1404,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
key->hdr.magic = MAGIC_KEY;
@@ -576,8 +544,8 @@ index 2e6ed8b..0791cf3 100644
+ if ((status = key_symmetric_init( key, alg, secret, secret_len )))
{
heap_free( key );
*handle = NULL;
@@ -1469,19 +1542,30 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
return status;
@@ -1444,19 +1520,30 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
struct key *key = handle;
ULONG bytes_left = input_len;
UCHAR *buf, *src, *dst;
@@ -609,7 +577,7 @@ index 2e6ed8b..0791cf3 100644
{
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
@@ -1492,7 +1576,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1467,7 +1554,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (auth_info->dwFlags & BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG)
FIXME( "call chaining not implemented\n" );
@@ -618,7 +586,7 @@ index 2e6ed8b..0791cf3 100644
return status;
*ret_len = input_len;
@@ -1500,46 +1584,47 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1475,46 +1562,47 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (input && !output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
@@ -681,7 +649,7 @@ index 2e6ed8b..0791cf3 100644
heap_free( buf );
}
@@ -1565,7 +1650,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1540,7 +1628,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
return STATUS_NOT_IMPLEMENTED;
}
@@ -690,7 +658,7 @@ index 2e6ed8b..0791cf3 100644
{
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
UCHAR tag[16];
@@ -1575,7 +1660,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1550,7 +1638,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!auth_info->pbTag) return STATUS_INVALID_PARAMETER;
if (auth_info->cbTag < 12 || auth_info->cbTag > 16) return STATUS_INVALID_PARAMETER;
@@ -699,7 +667,7 @@ index 2e6ed8b..0791cf3 100644
return status;
*ret_len = input_len;
@@ -1583,7 +1668,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1558,7 +1646,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
@@ -708,7 +676,7 @@ index 2e6ed8b..0791cf3 100644
return status;
if ((status = key_decrypt( key, input, input_len, output, output_len )))
return status;
@@ -1596,44 +1681,44 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1571,44 +1659,44 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
return STATUS_SUCCESS;
}

100
patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch
View File

@@ -1,14 +1,14 @@
From a1c152388920e9a6b3cafc840df1e28822f52180 Mon Sep 17 00:00:00 2001
From 6879933e1a7630c2b8d22f2c0e0d2519c8416d5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Fri, 29 Sep 2017 19:18:58 +0200
Subject: [PATCH] bcrypt: Implement importing of ecdsa keys.
---
dlls/bcrypt/bcrypt.spec | 4 +-
dlls/bcrypt/bcrypt_main.c | 168 +++++++++++++++++++++++++++++++++++++++++++--
dlls/bcrypt/bcrypt_main.c | 160 +++++++++++++++++++++++++++++++++++++++++++--
dlls/bcrypt/tests/bcrypt.c | 6 +-
include/bcrypt.h | 2 +
4 files changed, 170 insertions(+), 10 deletions(-)
4 files changed, 162 insertions(+), 10 deletions(-)
diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
index 28c2394..78824d7 100644
@@ -33,7 +33,7 @@ index 28c2394..78824d7 100644
@ stub GetCipherInterface
@ stub GetHashInterface
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 0791cf3..c1a5114 100644
index 2dd839f..b1736fa 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -220,7 +220,9 @@ enum alg_id
@@ -109,23 +109,21 @@ index 0791cf3..c1a5114 100644
} u;
};
#else
@@ -969,6 +989,12 @@ static inline BOOL key_is_symmetric( struct key *key )
return FALSE;
}
+static inline BOOL key_is_asymmetric( struct key *key )
+{
+ ERR( "support for keys not available at build time\n" );
+ return FALSE;
+}
@@ -986,11 +1006,42 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
}
else
{
- return STATUS_NOT_IMPLEMENTED;
+ if (!(buffer = heap_alloc( key_orig->u.a.pubkey_len ))) return STATUS_NO_MEMORY;
+ memcpy( buffer, key_orig->u.a.pubkey, key_orig->u.a.pubkey_len );
+
static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode )
{
*mode = key->u.s.mode;
@@ -1042,6 +1068,33 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
return STATUS_NOT_IMPLEMENTED;
}
+ key_copy->u.a.pubkey = buffer;
+ key_copy->u.a.pubkey_len = key_orig->u.a.pubkey_len;
}
return STATUS_SUCCESS;
}
+
+static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, const UCHAR *pubkey, ULONG pubkey_len )
+{
+ UCHAR *buffer;
@@ -152,26 +150,10 @@ index 0791cf3..c1a5114 100644
+
+ return STATUS_SUCCESS;
+}
+
static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
{
UCHAR *buffer;
@@ -1062,7 +1115,13 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
}
else
{
- return STATUS_NOT_IMPLEMENTED;
+ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->u.a.pubkey_len ))) return STATUS_NO_MEMORY;
+ memcpy( buffer, key_orig->u.a.pubkey, key_orig->u.a.pubkey_len );
+
+ key_copy->u.a.pubkey = buffer;
+ key_copy->u.a.pubkey_len = key_orig->u.a.pubkey_len;
+
+ return STATUS_SUCCESS;
}
#endif
return STATUS_SUCCESS;
@@ -1189,8 +1248,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
#if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
@@ -1174,8 +1225,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
static NTSTATUS key_destroy( struct key *key )
{
@@ -187,7 +169,7 @@ index 0791cf3..c1a5114 100644
heap_free( key );
return STATUS_SUCCESS;
}
@@ -1237,6 +1301,12 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
@@ -1310,6 +1366,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons
return STATUS_NOT_IMPLEMENTED;
}
@@ -197,23 +179,23 @@ index 0791cf3..c1a5114 100644
+ return STATUS_NOT_IMPLEMENTED;
+}
+
static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
{
UCHAR *buffer;
@@ -1350,6 +1420,12 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
return STATUS_NOT_IMPLEMENTED;
}
+static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, const UCHAR *pubkey, ULONG pubkey_len )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
{
ERR( "support for keys not available at build time\n" );
@@ -1525,6 +1601,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
@@ -1372,6 +1434,12 @@ static inline BOOL key_is_symmetric( struct key *key )
return FALSE;
}
+static inline BOOL key_is_asymmetric( struct key *key )
+{
+ ERR( "support for keys not available at build time\n" );
+ return FALSE;
+}
+
static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode )
{
*mode = key->u.s.mode;
@@ -1503,6 +1571,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
return STATUS_SUCCESS;
}
@@ -267,13 +249,13 @@ index 0791cf3..c1a5114 100644
+ if (ecc_blob->cbKey != key_size)
+ return STATUS_INVALID_PARAMETER;
+
+ if (!(key = HeapAlloc( GetProcessHeap(), 0, sizeof(*key) )))
+ if (!(key = heap_alloc( sizeof(*key) )))
+ return STATUS_NO_MEMORY;
+
+ key->hdr.magic = MAGIC_KEY;
+ if ((status = key_asymmetric_init( key, alg, (BYTE *)(ecc_blob + 1), ecc_blob->cbKey * 2 )))
+ {
+ HeapFree( GetProcessHeap(), 0, key );
+ heap_free( key );
+ return status;
+ }
+
@@ -303,10 +285,10 @@ index 0791cf3..c1a5114 100644
{
struct key *key = handle;
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index 22a0ffe..73d3325 100644
index a262251..d5f08be 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -1404,7 +1404,7 @@ static void test_ECDSA(void)
@@ -1419,7 +1419,7 @@ static void test_ECDSA(void)
status = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_ECDSA_P256_ALGORITHM, NULL, 0);
if (status)
{
@@ -315,7 +297,7 @@ index 22a0ffe..73d3325 100644
return;
}
@@ -1420,10 +1420,10 @@ static void test_ECDSA(void)
@@ -1435,10 +1435,10 @@ static void test_ECDSA(void)
ok(!status, "BCryptImportKeyPair failed: %08x\n", status);
status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0);

12
patches/bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch
View File

@@ -1,4 +1,4 @@
From f986cac5710ee6bbf96aae2cdefea4f8eb49653e Mon Sep 17 00:00:00 2001
From 8a9bfbd2670fb200c280a73addc0fb012f5576ce Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Sat, 14 Oct 2017 22:44:13 +0200
Subject: [PATCH] bcrypt: Store full ECCKEY_BLOB struct in BCryptImportKeyPair.
@@ -8,10 +8,10 @@ Subject: [PATCH] bcrypt: Store full ECCKEY_BLOB struct in BCryptImportKeyPair.
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index f858bec..c2300b4 100644
index 131082a..9443d04 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1428,6 +1428,7 @@ static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len,
@@ -1405,6 +1405,7 @@ static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len,
static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnutls_key )
{
@@ -19,7 +19,7 @@ index f858bec..c2300b4 100644
gnutls_ecc_curve_t curve;
gnutls_datum_t x, y;
int ret;
@@ -1448,10 +1449,11 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut
@@ -1425,10 +1426,11 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut
return STATUS_INTERNAL_ERROR;
}
@@ -35,14 +35,14 @@ index f858bec..c2300b4 100644
if ((ret = pgnutls_pubkey_import_ecc_raw( *gnutls_key, curve, &x, &y )))
{
@@ -2062,7 +2064,7 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
@@ -2032,7 +2034,7 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
return STATUS_NO_MEMORY;
key->hdr.magic = MAGIC_KEY;
- if ((status = key_asymmetric_init( key, alg, (BYTE *)(ecc_blob + 1), ecc_blob->cbKey * 2 )))
+ if ((status = key_asymmetric_init( key, alg, (BYTE *)ecc_blob, sizeof(*ecc_blob) + ecc_blob->cbKey * 2 )))
{
HeapFree( GetProcessHeap(), 0, key );
heap_free( key );
return status;
--
1.9.1