wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-11-21 16:46:54 -08:00
Code Issues Packages Projects Releases Wiki Activity

Updated bcrypt-Improvements patchset

Browse Source
This commit is contained in:
Alistair Leslie-Hughes 2018-03-03 17:55:37 +11:00
parent 6d7bf6bd02
commit 4f315f2a10
26 changed files with 248 additions and 367 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
patches/bcrypt-Improvements/0011-bcrypt-tests-Add-tests-for-AES-GCM-mode.patch
View File

@ -1,4 +1,4 @@
From a19e65b706a6dc0ca59454375d8b33bcca0265ea Mon Sep 17 00:00:00 2001
From 47562c6e22ad737b206b5a5632ba4da83ad86fe4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 05:37:02 +0100
Subject: [PATCH 11/36] bcrypt/tests: Add tests for AES GCM mode.

2
patches/bcrypt-Improvements/0012-bcrypt-Pass-object-to-get_-alg-hash-_property-instea.patch
View File

@ -1,4 +1,4 @@
From a6e56ac8c6a42f4cf6008564c3b91c5868314b6b Mon Sep 17 00:00:00 2001
From bfaaaeedacdf5ee92bee8048c6bb6ac85be3ecd0 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 26 Dec 2016 06:18:01 +0100
Subject: [PATCH 12/36] bcrypt: Pass object to get_{alg,hash}_property instead

2
patches/bcrypt-Improvements/0013-bcrypt-Implement-BCryptSetProperty-for-algorithms.patch
View File

@ -1,4 +1,4 @@
From b27eaf2a7d4ca0811a7b8a7665b44a1b897ddbe3 Mon Sep 17 00:00:00 2001
From d0252a03c82c8b3c3e6bb8bed0007e844b10301c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 06:08:33 +0100
Subject: [PATCH 13/36] bcrypt: Implement BCryptSetProperty for algorithms.

2
patches/bcrypt-Improvements/0014-bcrypt-Implement-BCryptGetProperty-for-BCRYPT_CHAINI.patch
View File

@ -1,4 +1,4 @@
From 03f5aab7ed244185ec6af90d14213ffff3241536 Mon Sep 17 00:00:00 2001
From 6aa0794091b1ea7ef5f4bf686d4b7fbcab12d213 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 06:46:11 +0100
Subject: [PATCH 14/36] bcrypt: Implement BCryptGetProperty for

2
patches/bcrypt-Improvements/0015-bcrypt-Implement-BCryptGetProperty-for-BCRYPT_AUTH_T.patch
View File

@ -1,4 +1,4 @@
From 744b3c49bafcff56b8780666ed0da8cec97f4866 Mon Sep 17 00:00:00 2001
From 35d3ff46ea1c10f5c3d78ff4ea3abd91a6778bf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 06:50:28 +0100
Subject: [PATCH 15/36] bcrypt: Implement BCryptGetProperty for

2
patches/bcrypt-Improvements/0016-bcrypt-Fix-string-comparison-in-set_alg_property.patch
View File

@ -1,4 +1,4 @@
From 3ef6086a7db8a9d101ea763b3415a727ce2cf6a8 Mon Sep 17 00:00:00 2001
From 8959d51b23f1f001670662ea19bd5b65ed477719 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 26 Dec 2016 07:21:27 +0100
Subject: [PATCH 16/36] bcrypt: Fix string comparison in set_alg_property.

2
patches/bcrypt-Improvements/0017-bcrypt-Implement-BCryptEncrypt-for-AES-GCM-mode.patch
View File

@ -1,4 +1,4 @@
From ae6849dde0d3c7e125c9913f7bcde27e5c514304 Mon Sep 17 00:00:00 2001
From 23ce1e2c23629e0f406fad6cf5ff1855c379ad0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 07:46:57 +0100
Subject: [PATCH 17/36] bcrypt: Implement BCryptEncrypt for AES GCM mode.

2
patches/bcrypt-Improvements/0018-bcrypt-Implement-BCryptDecrypt-for-AES-GCM-mode.patch
View File

@ -1,4 +1,4 @@
From 94a36fa538e9ac90ba19e76a0be3f616b53e02fe Mon Sep 17 00:00:00 2001
From 4ec53bd02df73020b29b0a9fed5b0915d95a66e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 07:53:10 +0100
Subject: [PATCH 18/36] bcrypt: Implement BCryptDecrypt for AES GCM mode.

22
patches/bcrypt-Improvements/0019-bcrypt-Add-support-for-computing-comparing-cipher-ta.patch
View File

@ -1,4 +1,4 @@
From c7ce0b85b9d54ee608e0c2e70e6376c2f68d188e Mon Sep 17 00:00:00 2001
From f3115ed9d937156ec03bd00e136268a53a7b383e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 08:02:36 +0100
Subject: [PATCH 19/36] bcrypt: Add support for computing/comparing cipher tag.
@ -9,7 +9,7 @@ Subject: [PATCH 19/36] bcrypt: Add support for computing/comparing cipher tag.
2 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 17cc92dded..bdf02ca375 100644
index 17cc92dded..e518d315c3 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -50,6 +50,9 @@ static HINSTANCE instance;
@ -80,15 +80,7 @@ index 17cc92dded..bdf02ca375 100644
static NTSTATUS key_destroy( struct key *key )
{
ERR( "support for keys not available at build time\n" );
@@ -1283,6 +1316,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (key->mode == MODE_ID_GCM)
{
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
+ UCHAR tag[16];
if (!auth_info) return STATUS_INVALID_PARAMETER;
if (!auth_info->pbNonce) return STATUS_INVALID_PARAMETER;
@@ -1302,7 +1336,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1302,7 +1335,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if ((status = key_encrypt( key, input, input_len, output, output_len )))
return status;
@ -97,6 +89,14 @@ index 17cc92dded..bdf02ca375 100644
}
if ((status = key_set_params( key, iv, iv_len ))) return status;
@@ -1361,6 +1394,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (key->mode == MODE_ID_GCM)
{
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
+ UCHAR tag[16];
if (!auth_info) return STATUS_INVALID_PARAMETER;
if (!auth_info->pbNonce) return STATUS_INVALID_PARAMETER;
@@ -1378,6 +1412,11 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if ((status = key_decrypt( key, input, input_len, output, output_len )))
return status;

4
patches/bcrypt-Improvements/0020-bcrypt-Implement-BCryptDuplicateKey.patch
View File

@ -1,4 +1,4 @@
From 790c773742b2a0a4b4a8672de3bdfcbf539dc046 Mon Sep 17 00:00:00 2001
From 20c4886fc456f7994e96ac41759b0d22cabb0e0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 08:28:24 +0100
Subject: [PATCH 20/36] bcrypt: Implement BCryptDuplicateKey.
@ -23,7 +23,7 @@ index 21b54b4934..28c2394ce4 100644
@ stdcall BCryptEnumAlgorithms(long ptr ptr long)
@ stub BCryptEnumContextFunctionProviders
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index bdf02ca375..8d4b5ade64 100644
index e518d315c3..7111788b55 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -954,6 +954,24 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s

2
patches/bcrypt-Improvements/0021-bcrypt-tests-Add-tests-for-BCryptDuplicateKey.patch
View File

@ -1,4 +1,4 @@
From cf71e3c1c9bd50a1e1d3f9310c526844f65510c9 Mon Sep 17 00:00:00 2001
From 1eed1f80cd5b8fd8e77e02990ebcf3eb7a5bfda5 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 26 Dec 2016 08:30:43 +0100
Subject: [PATCH 21/36] bcrypt/tests: Add tests for BCryptDuplicateKey.

4
patches/bcrypt-Improvements/0022-bcrypt-Allow-to-call-BCryptSetProperty-on-key-object.patch
View File

@ -1,4 +1,4 @@
From 99c36c1642f054366532902bb9a41bc264d06df6 Mon Sep 17 00:00:00 2001
From 8568e6743e9249a11584b7744df4f8ec116a100f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 08:41:31 +0100
Subject: [PATCH 22/36] bcrypt: Allow to call BCryptSetProperty on key objects.
@ -9,7 +9,7 @@ Subject: [PATCH 22/36] bcrypt: Allow to call BCryptSetProperty on key objects.
2 files changed, 40 insertions(+), 2 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 8d4b5ade64..5913d1283e 100644
index 7111788b55..dc6aa82b81 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -246,6 +246,9 @@ struct algorithm

42
patches/bcrypt-Improvements/0023-bcrypt-Add-support-for-auth-data-in-AES-GCM-mode.patch
View File

@ -1,45 +1,39 @@
From 71875d0a5fa90536bb48d83c3e9cf6163df370de Mon Sep 17 00:00:00 2001
From 7ecc8c3e96519eb53f0442981bd711b719cebfab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 15:01:19 +0100
Subject: [PATCH 23/36] bcrypt: Add support for auth data in AES GCM mode.
---
dlls/bcrypt/bcrypt_main.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)
dlls/bcrypt/bcrypt_main.c | 41 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 40 insertions(+), 1 deletion(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 5913d1283e..a9dfb00ab4 100644
index dc6aa82b81..e4ebcf91ed 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -53,6 +53,10 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag);
@@ -52,6 +52,7 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag);
/* Not present in gnutls version < 3.0 */
static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void * tag, size_t tag_size);
+/* Not present in gnutls version < 3.0 */
+static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void *tag, size_t tag_size);
+static int (*pgnutls_cipher_add_auth)(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size);
+
static void *libgnutls_handle;
#define MAKE_FUNCPTR(f) static typeof(f) * p##f
MAKE_FUNCPTR(gnutls_cipher_decrypt2);
@@ -77,6 +81,16 @@ static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void * tag, size_
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
@@ -72,7 +73,12 @@ MAKE_FUNCPTR(gnutls_perror);
#define GNUTLS_CIPHER_AES_256_GCM 94
#endif
-static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void * tag, size_t tag_size)
+static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
+{
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+}
+
+static int compat_gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size)
+{
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+}
+
static void gnutls_log( int level, const char *msg )
{
TRACE( "<%d> %s", level, msg );
@@ -127,6 +141,16 @@ static BOOL gnutls_initialize(void)
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
@@ -127,6 +133,16 @@ static BOOL gnutls_initialize(void)
pgnutls_global_set_log_level( 4 );
pgnutls_global_set_log_function( gnutls_log );
}
@ -56,7 +50,7 @@ index 5913d1283e..a9dfb00ab4 100644
return TRUE;
@@ -1050,6 +1074,19 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
@@ -1050,6 +1066,19 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_SUCCESS;
}
@ -76,7 +70,7 @@ index 5913d1283e..a9dfb00ab4 100644
static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
{
@@ -1221,6 +1258,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
@@ -1221,6 +1250,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_NOT_IMPLEMENTED;
}
@ -89,7 +83,7 @@ index 5913d1283e..a9dfb00ab4 100644
static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
{
@@ -1416,6 +1459,8 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1415,6 +1450,8 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
@ -98,7 +92,7 @@ index 5913d1283e..a9dfb00ab4 100644
if ((status = key_encrypt( key, input, input_len, output, output_len )))
return status;
@@ -1492,6 +1537,8 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1492,6 +1529,8 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;

2
patches/bcrypt-Improvements/0024-bcrypt-tests-Add-tests-for-auth-data-in-AES-GCM-mode.patch
View File

@ -1,4 +1,4 @@
From 66401fad72037ba43d5dcd9c457cdc9b4aef0498 Mon Sep 17 00:00:00 2001
From 7fd1604b8ca60711c6850fbc47189bc9a7fbaa06 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 26 Dec 2016 15:01:38 +0100
Subject: [PATCH 24/36] bcrypt/tests: Add tests for auth data in AES GCM mode.

8
patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch
View File

@ -1,4 +1,4 @@
From aad04c30ad73ffec87b46b59f65fc6d451138d0c Mon Sep 17 00:00:00 2001
From b9fd0d5d4e698d60126714217a950295914e6680 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 26 Dec 2016 16:20:57 +0100
Subject: [PATCH 25/36] bcrypt: Avoid crash in tests when compiling without
@ -9,10 +9,10 @@ Subject: [PATCH 25/36] bcrypt: Avoid crash in tests when compiling without
1 file changed, 11 insertions(+)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index a9dfb00ab4..79e62e33c9 100644
index e4ebcf91ed..98c49e7331 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1310,12 +1310,19 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
@@ -1302,12 +1302,19 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE;
if (object) FIXME( "ignoring object buffer\n" );
@ -32,7 +32,7 @@ index a9dfb00ab4..79e62e33c9 100644
return status;
}
@@ -1398,11 +1405,15 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
@@ -1390,11 +1397,15 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
if (!key_orig || key_orig->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
if (!handle_copy) return STATUS_INVALID_PARAMETER;
if (!(key_copy = HeapAlloc( GetProcessHeap(), 0, sizeof(*key_copy) )))

22
patches/bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch
View File

@ -1,4 +1,4 @@
From 344221b351b7dc15b9cd1e75b741e2dec978e744 Mon Sep 17 00:00:00 2001
From a58d04dc5cb0ee6344c596eb5b6ac99fb0dd6c7f Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Sun, 5 Mar 2017 23:18:03 +0100
Subject: [PATCH 26/36] bcrypt: Implement support for ECB chain mode.
@ -9,10 +9,10 @@ Subject: [PATCH 26/36] bcrypt: Implement support for ECB chain mode.
2 files changed, 244 insertions(+), 9 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 79e62e33c9..22a653f7f2 100644
index 98c49e7331..cbd38f57d6 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -238,6 +238,7 @@ enum alg_id
@@ -230,6 +230,7 @@ enum alg_id
enum mode_id
{
@ -20,7 +20,7 @@ index 79e62e33c9..22a653f7f2 100644
MODE_ID_CBC,
MODE_ID_GCM
};
@@ -590,8 +591,9 @@ static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop
@@ -582,8 +583,9 @@ static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop
const WCHAR *mode;
switch (alg->mode)
{
@ -31,7 +31,7 @@ index 79e62e33c9..22a653f7f2 100644
default: return STATUS_NOT_IMPLEMENTED;
}
@@ -644,7 +646,12 @@ static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHA
@@ -636,7 +638,12 @@ static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHA
case ALG_ID_AES:
if (!strcmpW( prop, BCRYPT_CHAINING_MODE ))
{
@ -45,7 +45,7 @@ index 79e62e33c9..22a653f7f2 100644
{
alg->mode = MODE_ID_CBC;
return STATUS_SUCCESS;
@@ -1003,7 +1010,12 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
@@ -995,7 +1002,12 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
{
if (!strcmpW( prop, BCRYPT_CHAINING_MODE ))
{
@ -59,7 +59,7 @@ index 79e62e33c9..22a653f7f2 100644
{
key->mode = MODE_ID_CBC;
return STATUS_SUCCESS;
@@ -1033,6 +1045,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
@@ -1025,6 +1037,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
switch (key->mode)
{
case MODE_ID_GCM: return GNUTLS_CIPHER_AES_128_GCM;
@ -67,7 +67,7 @@ index 79e62e33c9..22a653f7f2 100644
case MODE_ID_CBC:
default: return GNUTLS_CIPHER_AES_128_CBC;
}
@@ -1044,6 +1057,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
@@ -1036,6 +1049,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
{
@ -75,7 +75,7 @@ index 79e62e33c9..22a653f7f2 100644
gnutls_cipher_algorithm_t cipher;
gnutls_datum_t secret, vector;
int ret;
@@ -1057,15 +1071,18 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
@@ -1049,15 +1063,18 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN)
return STATUS_NOT_SUPPORTED;
@ -100,7 +100,7 @@ index 79e62e33c9..22a653f7f2 100644
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1490,11 +1507,15 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1481,11 +1498,15 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
@ -116,7 +116,7 @@ index 79e62e33c9..22a653f7f2 100644
bytes_left -= key->block_size;
src += key->block_size;
dst += key->block_size;
@@ -1576,11 +1597,15 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1568,11 +1589,15 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
else if (output_len < *ret_len)
return STATUS_BUFFER_TOO_SMALL;

6
patches/bcrypt-Improvements/0027-bcrypt-Fix-BCryptEncrypt-with-AES_GCM-and-no-input-a.patch
View File

@ -1,4 +1,4 @@
From c8316aa8c5543faf138c83b50c93be6d58c82d1c Mon Sep 17 00:00:00 2001
From ed34c7953eea6419df4fcde8b65ecfab6da2f476 Mon Sep 17 00:00:00 2001
From: Andrew Wesie <awesie@gmail.com>
Date: Mon, 1 May 2017 22:57:43 -0500
Subject: [PATCH 27/36] bcrypt: Fix BCryptEncrypt with AES_GCM and no input and
@ -11,10 +11,10 @@ Signed-off-by: Andrew Wesie <awesie@gmail.com>
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 22a653f7f2..95d21f7d0b 100644
index cbd38f57d6..f19a90e6bf 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1484,7 +1484,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1475,7 +1475,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
*ret_len = input_len;
if (flags & BCRYPT_BLOCK_PADDING) return STATUS_INVALID_PARAMETER;

6
patches/bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch
View File

@ -1,4 +1,4 @@
From e5bac5f440059f09e04faf552c973280b048dac2 Mon Sep 17 00:00:00 2001
From 236c6617a0142f7d7adae2683ece3789bb46782e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Sun, 13 Aug 2017 05:04:21 +0200
Subject: [PATCH 28/36] bcrypt: Add support for 192 and 256 bit aes keys.
@ -9,10 +9,10 @@ Subject: [PATCH 28/36] bcrypt: Add support for 192 and 256 bit aes keys.
2 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 95d21f7d0b..4faab160e7 100644
index f19a90e6bf..165718c63a 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1044,11 +1044,21 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
@@ -1036,11 +1036,21 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
WARN( "handle block size\n" );
switch (key->mode)
{

303
patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch
View File

@ -1,29 +1,17 @@
From 2206bf14a18b797e0b9eb6eca0828feba58c118e Mon Sep 17 00:00:00 2001
From d0f72018a4759730734560b2c9aebf5733123166 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Fri, 29 Sep 2017 18:31:55 +0200
Subject: [PATCH 29/36] bcrypt: Preparation for asymmetric keys.
---
dlls/bcrypt/bcrypt_main.c | 334 ++++++++++++++++++++++++++++++----------------
1 file changed, 216 insertions(+), 118 deletions(-)
dlls/bcrypt/bcrypt_main.c | 269 ++++++++++++++++++++++++++++------------------
1 file changed, 165 insertions(+), 104 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 4faab160e7..f81597e2c6 100644
index 165718c63a..5d4a5b5992 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -81,11 +81,6 @@ static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void * tag, size_
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
-static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
-{
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
-}
-
static int compat_gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size)
{
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
@@ -251,16 +246,17 @@ static const struct {
@@ -243,16 +243,17 @@ static const struct {
ULONG hash_length;
ULONG block_bits;
const WCHAR *alg_name;
@ -50,7 +38,7 @@ index 4faab160e7..f81597e2c6 100644
};
struct algorithm
@@ -898,35 +894,59 @@ NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE algorithm, UCHAR *secret, ULONG se
@@ -890,27 +891,45 @@ NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE algorithm, UCHAR *secret, ULONG se
}
#if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
@ -66,6 +54,7 @@ index 4faab160e7..f81597e2c6 100644
ULONG secret_len;
};
-#elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
+
struct key
{
- struct object hdr;
@ -77,6 +66,7 @@ index 4faab160e7..f81597e2c6 100644
+ struct key_symmetric s;
+ } u;
+};
+
+#elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
+struct key_symmetric
+{
@ -87,61 +77,23 @@ index 4faab160e7..f81597e2c6 100644
UCHAR *secret;
ULONG secret_len;
};
-#else
struct key
{
- struct object hdr;
+ struct object hdr;
+ enum alg_id alg_id;
+ union
+ {
+ struct key_symmetric s;
+ } u;
+};
+#else
+struct key_symmetric
+{
+ enum mode_id mode;
ULONG block_size;
UCHAR *secret;
ULONG secret_len;
};
+
+struct key
+{
+ struct object hdr;
+ enum alg_id alg_id;
+ struct object hdr;
+ enum alg_id alg_id;
+ union
+ {
+ struct key_symmetric s;
+ } u;
+};
+}
#else
struct key
{
@@ -922,6 +941,28 @@ struct key
#endif
#if defined(HAVE_GNUTLS_CIPHER_INIT) || defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
@@ -941,15 +961,15 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
if (!strcmpW( type, BCRYPT_KEY_DATA_BLOB ))
{
BCRYPT_KEY_DATA_BLOB_HEADER *header = (BCRYPT_KEY_DATA_BLOB_HEADER *)output;
- ULONG req_size = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + key->secret_len;
+ ULONG req_size = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + key->u.s.secret_len;
*size = req_size;
if (output_len < req_size) return STATUS_BUFFER_TOO_SMALL;
header->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC;
header->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1;
- header->cbKeyData = key->secret_len;
- memcpy( &header[1], key->secret, key->secret_len );
+ header->cbKeyData = key->u.s.secret_len;
+ memcpy( &header[1], key->u.s.secret, key->u.s.secret_len );
return STATUS_SUCCESS;
}
@@ -959,7 +979,29 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
#endif
#if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
-static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len )
+static inline BOOL key_is_symmetric( struct key *key )
+{
+ return alg_props[key->alg_id].symmetric;
@ -164,11 +116,38 @@ index 4faab160e7..f81597e2c6 100644
+ return STATUS_SUCCESS;
+}
+
static ULONG get_block_size( struct algorithm *alg )
{
ULONG ret = 0, size = sizeof(ret);
@@ -933,15 +974,15 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
if (!strcmpW( type, BCRYPT_KEY_DATA_BLOB ))
{
BCRYPT_KEY_DATA_BLOB_HEADER *header = (BCRYPT_KEY_DATA_BLOB_HEADER *)output;
- ULONG req_size = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + key->secret_len;
+ ULONG req_size = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + key->u.s.secret_len;
*size = req_size;
if (output_len < req_size) return STATUS_BUFFER_TOO_SMALL;
header->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC;
header->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1;
- header->cbKeyData = key->secret_len;
- memcpy( &header[1], key->secret, key->secret_len );
+ header->cbKeyData = key->u.s.secret_len;
+ memcpy( &header[1], key->u.s.secret, key->u.s.secret_len );
return STATUS_SUCCESS;
}
@@ -951,7 +992,7 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
#endif
#if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
-static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len )
+static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len )
{
UCHAR *buffer;
@@ -975,15 +1017,15 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s
@@ -967,15 +1008,15 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s
return STATUS_NOT_SUPPORTED;
}
@ -177,11 +156,12 @@ index 4faab160e7..f81597e2c6 100644
if (!(buffer = heap_alloc( secret_len ))) return STATUS_NO_MEMORY;
memcpy( buffer, secret, secret_len );
key->alg_id = alg->id;
- key->alg_id = alg->id;
- key->mode = alg->mode;
- key->handle = 0; /* initialized on first use */
- key->secret = buffer;
- key->secret_len = secret_len;
+ key->alg_id = alg->id;
+ key->u.s.mode = alg->mode;
+ key->u.s.handle = 0; /* initialized on first use */
+ key->u.s.secret = buffer;
@ -189,14 +169,19 @@ index 4faab160e7..f81597e2c6 100644
return STATUS_SUCCESS;
}
@@ -992,37 +1034,48 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
@@ -984,16 +1025,24 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
{
UCHAR *buffer;
- if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->secret_len ))) return STATUS_NO_MEMORY;
- memcpy( buffer, key_orig->secret, key_orig->secret_len );
+ key_copy->hdr = key_orig->hdr;
+ key_copy->alg_id = key_orig->alg_id;
+ key_copy->hdr = key_orig->hdr;
+ key_copy->alg_id = key_orig->alg_id;
+
+ if (key_is_symmetric(key_orig))
+ {
+ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->u.s.secret_len ))) return STATUS_NO_MEMORY;
+ memcpy( buffer, key_orig->u.s.secret, key_orig->u.s.secret_len );
- key_copy->hdr = key_orig->hdr;
- key_copy->alg_id = key_orig->alg_id;
@ -205,33 +190,21 @@ index 4faab160e7..f81597e2c6 100644
- key_copy->handle = NULL;
- key_copy->secret = buffer;
- key_copy->secret_len = key_orig->secret_len;
+ if (key_is_symmetric(key_orig))
+ {
+ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->u.s.secret_len ))) return STATUS_NO_MEMORY;
+ memcpy( buffer, key_orig->u.s.secret, key_orig->u.s.secret_len );
- return STATUS_SUCCESS;
+ key_copy->u.s.mode = key_orig->u.s.mode;
+ key_copy->u.s.block_size = key_orig->u.s.block_size;
+ key_copy->u.s.handle = NULL;
+ key_copy->u.s.secret = buffer;
+ key_copy->u.s.secret_len = key_orig->u.s.secret_len;
+
+ return STATUS_SUCCESS;
+ }
+ else
+ {
+ return STATUS_NOT_IMPLEMENTED;
+ }
}
static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
{
if (!strcmpW( prop, BCRYPT_CHAINING_MODE ))
return STATUS_SUCCESS;
}
@@ -1004,17 +1053,17 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
{
+ if (!key_is_symmetric(key))
+ return STATUS_NOT_SUPPORTED;
+
if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB, size ))
{
- key->mode = MODE_ID_ECB;
@ -251,7 +224,7 @@ index 4faab160e7..f81597e2c6 100644
return STATUS_SUCCESS;
}
else
@@ -1042,22 +1095,22 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
@@ -1034,22 +1083,22 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
{
case ALG_ID_AES:
WARN( "handle block size\n" );
@ -281,7 +254,7 @@ index 4faab160e7..f81597e2c6 100644
return GNUTLS_CIPHER_UNKNOWN;
default:
FIXME( "algorithm %u not supported\n", key->alg_id );
@@ -1065,17 +1118,17 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
@@ -1057,17 +1106,17 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
}
}
@ -303,7 +276,7 @@ index 4faab160e7..f81597e2c6 100644
}
if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN)
@@ -1087,12 +1140,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
@@ -1079,12 +1128,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
iv_len = sizeof(zero_iv);
}
@ -319,7 +292,7 @@ index 4faab160e7..f81597e2c6 100644
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1101,11 +1154,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
@@ -1093,11 +1142,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_SUCCESS;
}
@ -329,11 +302,11 @@ index 4faab160e7..f81597e2c6 100644
int ret;
- if ((ret = pgnutls_cipher_add_auth( key->handle, auth_data, len )))
+ if ((ret = pgnutls_cipher_add_auth( key->u.s.handle , auth_data, len )))
+ if ((ret = pgnutls_cipher_add_auth( key->u.s.handle, auth_data, len )))
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1114,12 +1167,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len
@@ -1106,12 +1155,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len
return STATUS_SUCCESS;
}
@ -348,13 +321,7 @@ index 4faab160e7..f81597e2c6 100644
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1128,12 +1181,12 @@ static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_le
return STATUS_SUCCESS;
}
-static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
+static NTSTATUS key_symmetric_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
@@ -1125,7 +1174,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
{
int ret;
@ -363,7 +330,7 @@ index 4faab160e7..f81597e2c6 100644
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1146,7 +1199,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
@@ -1138,7 +1187,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
{
int ret;
@ -372,7 +339,7 @@ index 4faab160e7..f81597e2c6 100644
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
@@ -1157,13 +1210,34 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
@@ -1149,13 +1198,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
static NTSTATUS key_destroy( struct key *key )
{
@ -385,32 +352,11 @@ index 4faab160e7..f81597e2c6 100644
}
#elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
-static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len )
+static inline BOOL key_is_symmetric( struct key *key )
+{
+ return alg_props[key->alg_id].symmetric;
+}
+
+static inline BOOL key_is_asymmetric( struct key *key )
+{
+ return !alg_props[key->alg_id].symmetric;
+}
+
+static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode )
+{
+ *mode = key->u.s.mode;
+ return STATUS_SUCCESS;
+}
+
+static NTSTATUS key_symmetric_get_blocksize( struct key *key, ULONG *size )
+{
+ *size = key->u.s.block_size;
+ return STATUS_SUCCESS;
+}
+static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len )
{
UCHAR *buffer;
@@ -1190,7 +1264,7 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s
@@ -1182,7 +1231,7 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s
return STATUS_SUCCESS;
}
@ -419,7 +365,7 @@ index 4faab160e7..f81597e2c6 100644
{
CCCryptorStatus status;
@@ -1223,7 +1297,7 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
@@ -1215,7 +1264,7 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_SUCCESS;
}
@ -428,16 +374,7 @@ index 4faab160e7..f81597e2c6 100644
ULONG output_len )
{
CCCryptorStatus status;
@@ -1237,7 +1311,7 @@ static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_le
return STATUS_SUCCESS;
}
-static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
+static NTSTATUS key_symmetric_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
{
CCCryptorStatus status;
@@ -1260,7 +1334,7 @@ static NTSTATUS key_destroy( struct key *key )
@@ -1252,7 +1301,7 @@ static NTSTATUS key_destroy( struct key *key )
return STATUS_SUCCESS;
}
#else
@ -446,7 +383,7 @@ index 4faab160e7..f81597e2c6 100644
{
ERR( "support for keys not available at build time\n" );
return STATUS_NOT_IMPLEMENTED;
@@ -1279,26 +1353,26 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
@@ -1271,19 +1320,19 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
return STATUS_NOT_IMPLEMENTED;
}
@ -469,15 +406,7 @@ index 4faab160e7..f81597e2c6 100644
ULONG output_len )
{
ERR( "support for keys not available at build time\n" );
return STATUS_NOT_IMPLEMENTED;
}
-static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
+static NTSTATUS key_symmetric_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
{
ERR( "support for keys not available at build time\n" );
@@ -1346,7 +1420,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
@@ -1338,7 +1387,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
key->hdr.magic = MAGIC_KEY;
@ -486,7 +415,7 @@ index 4faab160e7..f81597e2c6 100644
{
heap_free( key );
*handle = NULL;
@@ -1465,22 +1539,32 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1457,19 +1506,30 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
struct key *key = handle;
ULONG bytes_left = input_len;
UCHAR *buf, *src, *dst;
@ -517,11 +446,8 @@ index 4faab160e7..f81597e2c6 100644
+ if (mode == MODE_ID_GCM)
{
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
- UCHAR tag[16];
if (!auth_info) return STATUS_INVALID_PARAMETER;
if (!auth_info->pbNonce) return STATUS_INVALID_PARAMETER;
@@ -1489,7 +1573,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1480,7 +1540,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (auth_info->dwFlags & BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG)
FIXME( "call chaining not implemented\n" );
@ -530,7 +456,7 @@ index 4faab160e7..f81597e2c6 100644
return status;
*ret_len = input_len;
@@ -1497,46 +1581,47 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1488,46 +1548,47 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (input && !output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
@ -553,18 +479,16 @@ index 4faab160e7..f81597e2c6 100644
if (flags & BCRYPT_BLOCK_PADDING)
- *ret_len = (input_len + key->block_size) & ~(key->block_size - 1);
- else if (input_len & (key->block_size - 1))
- return STATUS_INVALID_BUFFER_SIZE;
+ *ret_len = (input_len + block_size) & ~(block_size - 1);
+ else if (input_len & (block_size - 1))
+ return STATUS_INVALID_BUFFER_SIZE;
return STATUS_INVALID_BUFFER_SIZE;
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
- if (key->mode == MODE_ID_ECB && iv)
- return STATUS_INVALID_PARAMETER;
+ if (mode == MODE_ID_ECB && iv)
+ return STATUS_INVALID_PARAMETER;
return STATUS_INVALID_PARAMETER;
src = input;
dst = output;
@ -595,41 +519,16 @@ index 4faab160e7..f81597e2c6 100644
heap_free( buf );
}
@@ -1550,28 +1635,40 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
struct key *key = handle;
ULONG bytes_left = input_len;
UCHAR *buf, *src, *dst;
+ enum mode_id mode;
+ ULONG block_size;
NTSTATUS status;
TRACE( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
padding, iv, iv_len, output, output_len, ret_len, flags );
if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
+
+ if (!key_is_symmetric(key))
+ {
+ FIXME( "decryption with asymmetric keys not yet supported\n");
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
if (flags & ~BCRYPT_BLOCK_PADDING)
{
FIXME( "flags %08x not supported\n", flags );
@@ -1553,7 +1614,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
return STATUS_NOT_IMPLEMENTED;
}
- if (key->mode == MODE_ID_GCM)
+ if ((status = key_symmetric_get_mode( key, &mode ))) return status;
+
+ if (mode == MODE_ID_GCM)
+ if (key->u.s.mode == MODE_ID_GCM)
{
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
+ UCHAR tag[16];
if (!auth_info) return STATUS_INVALID_PARAMETER;
if (!auth_info->pbNonce) return STATUS_INVALID_PARAMETER;
UCHAR tag[16];
@@ -1563,7 +1624,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!auth_info->pbTag) return STATUS_INVALID_PARAMETER;
if (auth_info->cbTag < 12 || auth_info->cbTag > 16) return STATUS_INVALID_PARAMETER;
@ -638,62 +537,58 @@ index 4faab160e7..f81597e2c6 100644
return status;
*ret_len = input_len;
@@ -1579,9 +1676,9 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1571,7 +1632,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
- if (auth_info->pbAuthData && (status = key_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData )))
+ if (auth_info->pbAuthData && (status = key_symmetric_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData )))
return status;
- if ((status = key_decrypt( key, input, input_len, output, output_len )))
+ if ((status = key_symmetric_decrypt( key, input, input_len, output, output_len )))
if ((status = key_decrypt( key, input, input_len, output, output_len )))
return status;
if ((status = key_get_tag( key, tag, sizeof(tag) )))
@@ -1592,44 +1689,45 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1584,44 +1645,44 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
return STATUS_SUCCESS;
}
- if ((status = key_set_params( key, iv, iv_len ))) return status;
+ if ((status = key_symmetric_set_params( key, iv, iv_len ))) return status;
+ if ((status = key_symmetric_get_blocksize( key, &block_size ))) return status;
*ret_len = input_len;
- if (input_len & (key->block_size - 1)) return STATUS_INVALID_BUFFER_SIZE;
+ if (input_len & (block_size - 1)) return STATUS_INVALID_BUFFER_SIZE;
+ if (input_len & (key->u.s.block_size - 1)) return STATUS_INVALID_BUFFER_SIZE;
if (!output) return STATUS_SUCCESS;
if (flags & BCRYPT_BLOCK_PADDING)
{
- if (output_len + key->block_size < *ret_len) return STATUS_BUFFER_TOO_SMALL;
- if (input_len < key->block_size) return STATUS_BUFFER_TOO_SMALL;
- bytes_left -= key->block_size;
+ if (output_len + block_size < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+ if (input_len < block_size) return STATUS_BUFFER_TOO_SMALL;
+ bytes_left -= block_size;
+ if (output_len + key->u.s.block_size < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+ if (input_len < key->u.s.block_size) return STATUS_BUFFER_TOO_SMALL;
+ bytes_left -= key->u.s.block_size;
}
else if (output_len < *ret_len)
return STATUS_BUFFER_TOO_SMALL;
- if (key->mode == MODE_ID_ECB && iv)
+ if (mode == MODE_ID_ECB && iv)
+ if (key->u.s.mode == MODE_ID_ECB && iv)
return STATUS_INVALID_PARAMETER;
src = input;
dst = output;
- while (bytes_left >= key->block_size)
+ while (bytes_left >= block_size)
+ while (bytes_left >= key->u.s.block_size)
{
- if ((status = key_decrypt( key, src, key->block_size, dst, key->block_size ))) return status;
- if (key->mode == MODE_ID_ECB && (status = key_set_params( key, iv, iv_len ))) return status;
- bytes_left -= key->block_size;
- src += key->block_size;
- dst += key->block_size;
+ if ((status = key_symmetric_decrypt( key, src, block_size, dst, block_size ))) return status;
+ if (mode == MODE_ID_ECB && (status = key_symmetric_set_params( key, iv, iv_len ))) return status;
+ bytes_left -= block_size;
+ src += block_size;
+ dst += block_size;
+ if ((status = key_decrypt( key, src, key->u.s.block_size, dst, key->u.s.block_size ))) return status;
+ if (key->u.s.mode == MODE_ID_ECB && (status = key_symmetric_set_params( key, iv, iv_len ))) return status;
+ bytes_left -= key->u.s.block_size;
+ src += key->u.s.block_size;
+ dst += key->u.s.block_size;
}
if (flags & BCRYPT_BLOCK_PADDING)
@ -701,15 +596,15 @@ index 4faab160e7..f81597e2c6 100644
- if (!(buf = heap_alloc( key->block_size ))) return STATUS_NO_MEMORY;
- status = key_decrypt( key, src, key->block_size, buf, key->block_size );
- if (!status && buf[ key->block_size - 1 ] <= key->block_size)
+ if (!(buf = heap_alloc( block_size ))) return STATUS_NO_MEMORY;
+ status = key_symmetric_decrypt( key, src, block_size, buf, block_size );
+ if (!status && buf[ block_size - 1 ] <= block_size)
+ if (!(buf = heap_alloc( key->u.s.block_size ))) return STATUS_NO_MEMORY;
+ status = key_decrypt( key, src, key->u.s.block_size, buf, key->u.s.block_size );
+ if (!status && buf[ key->u.s.block_size - 1 ] <= key->u.s.block_size)
{
- *ret_len -= buf[ key->block_size - 1 ];
+ *ret_len -= buf[ block_size - 1 ];
+ *ret_len -= buf[ key->u.s.block_size - 1 ];
if (output_len < *ret_len) status = STATUS_BUFFER_TOO_SMALL;
- else memcpy( dst, buf, key->block_size - buf[ key->block_size - 1 ] );
+ else memcpy( dst, buf, block_size - buf[ block_size - 1 ] );
+ else memcpy( dst, buf, key->u.s.block_size - buf[ key->u.s.block_size - 1 ] );
}
else
status = STATUS_UNSUCCESSFUL; /* FIXME: invalid padding */

2
patches/bcrypt-Improvements/0031-include-Add-ecdsa-and-asymmetric-key-related-bcrypt-.patch
View File

@ -1,4 +1,4 @@
From f21b177f19edb6610ce460bc09cf6cfe2318e96c Mon Sep 17 00:00:00 2001
From 6cc2de819b2d72c282b130304f266fe37229c957 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Fri, 29 Sep 2017 18:49:09 +0200
Subject: [PATCH 30/36] include: Add ecdsa and asymmetric key related bcrypt

2
patches/bcrypt-Improvements/0032-bcrypt-tests-Add-basic-test-for-ecdsa.patch
View File

@ -1,4 +1,4 @@
From a3604695d31100eabebdbe41a1f0d89837599697 Mon Sep 17 00:00:00 2001
From 4bdabbed491daddcfe5b29c61843f18fb08f0d0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Fri, 29 Sep 2017 18:50:04 +0200
Subject: [PATCH 31/36] bcrypt/tests: Add basic test for ecdsa.

74
patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch
View File

@ -1,4 +1,4 @@
From 8e5b9a28a3a15c84ff061b4f9981a07973460396 Mon Sep 17 00:00:00 2001
From 291dbb0125d68f708ed5ff575281d4104b6ddc62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Fri, 29 Sep 2017 19:18:58 +0200
Subject: [PATCH 32/36] bcrypt: Implement importing of ecdsa keys.
@ -8,7 +8,7 @@ Subject: [PATCH 32/36] bcrypt: Implement importing of ecdsa keys.
dlls/bcrypt/bcrypt_main.c | 161 +++++++++++++++++++++++++++++++++++++++++++--
dlls/bcrypt/tests/bcrypt.c | 6 +-
include/bcrypt.h | 2 +
4 files changed, 163 insertions(+), 10 deletions(-)
4 files changed, 162 insertions(+), 11 deletions(-)
diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
index 28c2394ce4..78824d73b3 100644
@ -33,10 +33,10 @@ index 28c2394ce4..78824d73b3 100644
@ stub GetCipherInterface
@ stub GetHashInterface
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index f81597e2c6..503712b4c3 100644
index 5d4a5b5992..edea4571b0 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -228,7 +228,9 @@ enum alg_id
@@ -225,7 +225,9 @@ enum alg_id
ALG_ID_SHA1,
ALG_ID_SHA256,
ALG_ID_SHA384,
@ -47,7 +47,7 @@ index f81597e2c6..503712b4c3 100644
};
enum mode_id
@@ -256,7 +258,9 @@ static const struct {
@@ -253,7 +255,9 @@ static const struct {
/* ALG_ID_SHA1 */ { 278, 20, 512, BCRYPT_SHA1_ALGORITHM, FALSE },
/* ALG_ID_SHA256 */ { 286, 32, 512, BCRYPT_SHA256_ALGORITHM, FALSE },
/* ALG_ID_SHA384 */ { 382, 48, 1024, BCRYPT_SHA384_ALGORITHM, FALSE },
@ -58,7 +58,7 @@ index f81597e2c6..503712b4c3 100644
};
struct algorithm
@@ -335,6 +339,8 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR
@@ -332,6 +336,8 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR
else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256;
else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384;
else if (!strcmpW( id, BCRYPT_SHA512_ALGORITHM )) alg_id = ALG_ID_SHA512;
@ -67,67 +67,49 @@ index f81597e2c6..503712b4c3 100644
else
{
FIXME( "algorithm %s not supported\n", debugstr_w(id) );
@@ -902,6 +908,11 @@ struct key_symmetric
UCHAR *secret;
@@ -900,6 +906,12 @@ struct key_symmetric
ULONG secret_len;
};
+struct key_asymmetric
+{
+ UCHAR *pubkey;
+ ULONG pubkey_len;
+};
+
struct key
{
struct object hdr;
@@ -909,6 +920,7 @@ struct key
@@ -907,6 +919,7 @@ struct key
union
{
struct key_symmetric s;
+ struct key_asymmetric a;
} u;
};
#elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
@@ -921,6 +933,11 @@ struct key_symmetric
UCHAR *secret;
@@ -921,6 +934,12 @@ struct key_symmetric
ULONG secret_len;
};
+struct key_asymmetric
+{
+ UCHAR *pubkey;
+ ULONG pubkey_len;
+};
+
struct key
{
struct object hdr;
@@ -928,6 +945,7 @@ struct key
struct object hdr;
@@ -928,6 +947,7 @@ struct key
union
{
struct key_symmetric s;
+ struct key_asymmetric a;
} u;
};
}
#else
@@ -938,6 +956,11 @@ struct key_symmetric
UCHAR *secret;
ULONG secret_len;
};
+struct key_asymmetric
+{
+ UCHAR *pubkey;
+ ULONG pubkey_len;
+};
struct key
{
struct object hdr;
@@ -945,6 +968,7 @@ struct key
union
{
struct key_symmetric s;
+ struct key_asymmetric a;
} u;
};
#endif
@@ -976,6 +1000,33 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
@@ -989,6 +1009,33 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
FIXME( "unsupported key type %s\n", debugstr_w(type) );
return STATUS_NOT_IMPLEMENTED;
}
@ -161,7 +143,7 @@ index f81597e2c6..503712b4c3 100644
#endif
#if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
@@ -1052,7 +1103,13 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
@@ -1041,7 +1088,13 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
}
else
{
@ -174,21 +156,25 @@ index f81597e2c6..503712b4c3 100644
+
+ return STATUS_SUCCESS;
}
}
@@ -1211,7 +1268,10 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
return STATUS_SUCCESS;
@@ -1198,8 +1251,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
static NTSTATUS key_destroy( struct key *key )
{
if (key->u.s.handle) pgnutls_cipher_deinit( key->u.s.handle );
- if (key->u.s.handle) pgnutls_cipher_deinit( key->u.s.handle );
- heap_free( key->u.s.secret );
+ if(key_is_symmetric(key))
+ {
+ if (key->u.s.handle) pgnutls_cipher_deinit( key->u.s.handle );
+ heap_free( key->u.s.secret );
+ else
+ }
+ else
+ heap_free( key->u.a.pubkey );
heap_free( key );
return STATUS_SUCCESS;
}
@@ -1329,7 +1389,10 @@ static NTSTATUS key_destroy( struct key *key )
@@ -1296,7 +1354,10 @@ static NTSTATUS key_destroy( struct key *key )
{
if (key->ref_encrypt) CCCryptorRelease( key->ref_encrypt );
if (key->ref_decrypt) CCCryptorRelease( key->ref_decrypt );
@ -200,7 +186,7 @@ index f81597e2c6..503712b4c3 100644
heap_free( key );
return STATUS_SUCCESS;
}
@@ -1340,6 +1403,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons
@@ -1307,6 +1368,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons
return STATUS_NOT_IMPLEMENTED;
}
@ -213,7 +199,7 @@ index f81597e2c6..503712b4c3 100644
static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
{
ERR( "support for keys not available at build time\n" );
@@ -1522,6 +1591,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
@@ -1489,6 +1556,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
return STATUS_SUCCESS;
}

54
patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch
View File

@ -1,16 +1,16 @@
From 20c72ec69349ff8ccc898f1a0e14dca808459f8f Mon Sep 17 00:00:00 2001
From bfcb00982177dd52b1727c0b6e32ed7297883f8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Fri, 29 Sep 2017 20:31:00 +0200
Subject: [PATCH 33/36] bcrypt: Implement BCryptVerifySignature for ecdsa
signatures.
---
dlls/bcrypt/bcrypt_main.c | 326 ++++++++++++++++++++++++++++++++++++++++++++-
dlls/bcrypt/bcrypt_main.c | 336 +++++++++++++++++++++++++++++++++++++++++++--
dlls/bcrypt/tests/bcrypt.c | 4 +-
2 files changed, 326 insertions(+), 4 deletions(-)
2 files changed, 330 insertions(+), 10 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 503712b4c3..3f4e3b665a 100644
index edea4571b0..d7a6435581 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -27,6 +27,7 @@
@ -21,11 +21,16 @@ index 503712b4c3..3f4e3b665a 100644
#endif
#include "ntstatus.h"
@@ -53,9 +54,26 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag);
/* Not present in gnutls version < 3.0 */
static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void * tag, size_t tag_size);
@@ -50,9 +51,31 @@ static HINSTANCE instance;
#if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
WINE_DECLARE_DEBUG_CHANNEL(winediag);
+#if GNUTLS_VERSION_MAJOR < 3
+#define GNUTLS_CIPHER_AES_192_CBC 92
+#define GNUTLS_CIPHER_AES_128_GCM 93
+#define GNUTLS_CIPHER_AES_256_GCM 94
+#define GNUTLS_PK_ECC 4
+
+typedef enum
+{
+ GNUTLS_ECC_CURVE_INVALID = 0,
@ -37,7 +42,7 @@ index 503712b4c3..3f4e3b665a 100644
+#endif
+
/* Not present in gnutls version < 3.0 */
static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void *tag, size_t tag_size);
static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void * tag, size_t tag_size);
static int (*pgnutls_cipher_add_auth)(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size);
+static int (*pgnutls_pubkey_import_ecc_raw)(gnutls_pubkey_t key, gnutls_ecc_curve_t curve,
+ const gnutls_datum_t *x, const gnutls_datum_t *y);
@ -48,7 +53,7 @@ index 503712b4c3..3f4e3b665a 100644
static void *libgnutls_handle;
#define MAKE_FUNCPTR(f) static typeof(f) * p##f
@@ -68,12 +86,15 @@ MAKE_FUNCPTR(gnutls_global_init);
@@ -65,14 +88,10 @@ MAKE_FUNCPTR(gnutls_global_init);
MAKE_FUNCPTR(gnutls_global_set_log_function);
MAKE_FUNCPTR(gnutls_global_set_log_level);
MAKE_FUNCPTR(gnutls_perror);
@ -56,15 +61,16 @@ index 503712b4c3..3f4e3b665a 100644
+MAKE_FUNCPTR(gnutls_pubkey_deinit);
#undef MAKE_FUNCPTR
#if GNUTLS_VERSION_MAJOR < 3
#define GNUTLS_CIPHER_AES_192_CBC 92
#define GNUTLS_CIPHER_AES_128_GCM 93
#define GNUTLS_CIPHER_AES_256_GCM 94
+#define GNUTLS_PK_ECC 4
#endif
static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void * tag, size_t tag_size)
@@ -86,6 +107,24 @@ static int compat_gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *
-#if GNUTLS_VERSION_MAJOR < 3
-#define GNUTLS_CIPHER_AES_192_CBC 92
-#define GNUTLS_CIPHER_AES_128_GCM 93
-#define GNUTLS_CIPHER_AES_256_GCM 94
-#endif
-
static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
{
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
@@ -83,6 +102,24 @@ static int compat_gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
@ -89,7 +95,7 @@ index 503712b4c3..3f4e3b665a 100644
static void gnutls_log( int level, const char *msg )
{
TRACE( "<%d> %s", level, msg );
@@ -117,6 +156,8 @@ static BOOL gnutls_initialize(void)
@@ -114,6 +151,8 @@ static BOOL gnutls_initialize(void)
LOAD_FUNCPTR(gnutls_global_set_log_function)
LOAD_FUNCPTR(gnutls_global_set_log_level)
LOAD_FUNCPTR(gnutls_perror)
@ -98,7 +104,7 @@ index 503712b4c3..3f4e3b665a 100644
#undef LOAD_FUNCPTR
if (!(pgnutls_cipher_tag = wine_dlsym( libgnutls_handle, "gnutls_cipher_tag", NULL, 0 )))
@@ -130,6 +171,21 @@ static BOOL gnutls_initialize(void)
@@ -127,6 +166,21 @@ static BOOL gnutls_initialize(void)
pgnutls_perror( ret );
goto fail;
}
@ -120,7 +126,7 @@ index 503712b4c3..3f4e3b665a 100644
if (TRACE_ON( bcrypt ))
{
@@ -1265,6 +1321,264 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
@@ -1249,6 +1303,264 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
return STATUS_SUCCESS;
}
@ -384,8 +390,8 @@ index 503712b4c3..3f4e3b665a 100644
+
static NTSTATUS key_destroy( struct key *key )
{
if (key->u.s.handle) pgnutls_cipher_deinit( key->u.s.handle );
@@ -1454,6 +1768,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
if(key_is_symmetric(key))
@@ -1419,6 +1731,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
return STATUS_NOT_IMPLEMENTED;
}
@ -399,7 +405,7 @@ index 503712b4c3..3f4e3b665a 100644
static NTSTATUS key_destroy( struct key *key )
{
ERR( "support for keys not available at build time\n" );
@@ -1664,13 +1985,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding,
@@ -1629,13 +1948,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding,
{
struct key *key = handle;

34
patches/bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch
View File

@ -1,4 +1,4 @@
From 618918fc23fdcbdcf07204043ea468f6111d592a Mon Sep 17 00:00:00 2001
From d9e0c414c53eb664791de70e5eb2b03e2c8ccb66 Mon Sep 17 00:00:00 2001
From: Kimmo Myllyvirta <kimmo.myllyvirta@gmail.com>
Date: Tue, 10 Oct 2017 16:40:41 +0300
Subject: [PATCH 34/36] bcrypt: Initial implementation for RSA key import and
@ -10,10 +10,10 @@ Subject: [PATCH 34/36] bcrypt: Initial implementation for RSA key import and
2 files changed, 135 insertions(+), 10 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 3f4e3b665a..212b802ac1 100644
index d7a6435581..4f7e7636ca 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -75,6 +75,9 @@ static int (*pgnutls_pubkey_verify_hash2)(gnutls_pubkey_t key, gnutls_sign_algor
@@ -77,6 +77,9 @@ static int (*pgnutls_pubkey_verify_hash2)(gnutls_pubkey_t key, gnutls_sign_algor
unsigned int flags, const gnutls_datum_t *hash,
const gnutls_datum_t *signature);
@ -23,7 +23,7 @@ index 3f4e3b665a..212b802ac1 100644
static void *libgnutls_handle;
#define MAKE_FUNCPTR(f) static typeof(f) * p##f
MAKE_FUNCPTR(gnutls_cipher_decrypt2);
@@ -125,6 +128,11 @@ static int compat_gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, gnutls_sign_al
@@ -120,6 +123,11 @@ static int compat_gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, gnutls_sign_al
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
@ -35,7 +35,7 @@ index 3f4e3b665a..212b802ac1 100644
static void gnutls_log( int level, const char *msg )
{
TRACE( "<%d> %s", level, msg );
@@ -186,6 +194,11 @@ static BOOL gnutls_initialize(void)
@@ -181,6 +189,11 @@ static BOOL gnutls_initialize(void)
WARN("gnutls_pubkey_verify_hash2 not found\n");
pgnutls_pubkey_verify_hash2 = compat_gnutls_pubkey_verify_hash2;
}
@ -47,7 +47,7 @@ index 3f4e3b665a..212b802ac1 100644
if (TRACE_ON( bcrypt ))
{
@@ -281,6 +294,7 @@ enum alg_id
@@ -276,6 +289,7 @@ enum alg_id
ALG_ID_MD4,
ALG_ID_MD5,
ALG_ID_RNG,
@ -55,7 +55,7 @@ index 3f4e3b665a..212b802ac1 100644
ALG_ID_SHA1,
ALG_ID_SHA256,
ALG_ID_SHA384,
@@ -311,6 +325,7 @@ static const struct {
@@ -306,6 +320,7 @@ static const struct {
/* ALG_ID_MD4 */ { 270, 16, 512, BCRYPT_MD4_ALGORITHM, FALSE },
/* ALG_ID_MD5 */ { 274, 16, 512, BCRYPT_MD5_ALGORITHM, FALSE },
/* ALG_ID_RNG */ { 0, 0, 0, BCRYPT_RNG_ALGORITHM, FALSE },
@ -63,7 +63,7 @@ index 3f4e3b665a..212b802ac1 100644
/* ALG_ID_SHA1 */ { 278, 20, 512, BCRYPT_SHA1_ALGORITHM, FALSE },
/* ALG_ID_SHA256 */ { 286, 32, 512, BCRYPT_SHA256_ALGORITHM, FALSE },
/* ALG_ID_SHA384 */ { 382, 48, 1024, BCRYPT_SHA384_ALGORITHM, FALSE },
@@ -391,6 +406,7 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR
@@ -386,6 +401,7 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR
else if (!strcmpW( id, BCRYPT_MD4_ALGORITHM )) alg_id = ALG_ID_MD4;
else if (!strcmpW( id, BCRYPT_MD5_ALGORITHM )) alg_id = ALG_ID_MD5;
else if (!strcmpW( id, BCRYPT_RNG_ALGORITHM )) alg_id = ALG_ID_RNG;
@ -71,7 +71,7 @@ index 3f4e3b665a..212b802ac1 100644
else if (!strcmpW( id, BCRYPT_SHA1_ALGORITHM )) alg_id = ALG_ID_SHA1;
else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256;
else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384;
@@ -1067,6 +1083,7 @@ static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, con
@@ -1074,6 +1090,7 @@ static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, con
{
case ALG_ID_ECDSA_P256:
case ALG_ID_ECDSA_P384:
@ -79,7 +79,7 @@ index 3f4e3b665a..212b802ac1 100644
break;
default:
@@ -1467,6 +1484,34 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut
@@ -1449,6 +1466,34 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut
return STATUS_SUCCESS;
}
@ -114,7 +114,7 @@ index 3f4e3b665a..212b802ac1 100644
static NTSTATUS import_gnutls_pubkey( struct key *key, gnutls_pubkey_t *gnutls_key)
{
switch (key->alg_id)
@@ -1474,6 +1519,8 @@ static NTSTATUS import_gnutls_pubkey( struct key *key, gnutls_pubkey_t *gnutls_
@@ -1456,6 +1501,8 @@ static NTSTATUS import_gnutls_pubkey( struct key *key, gnutls_pubkey_t *gnutls_
case ALG_ID_ECDSA_P256:
case ALG_ID_ECDSA_P384:
return import_gnutls_pubkey_ecc( key, gnutls_key );
@ -123,7 +123,7 @@ index 3f4e3b665a..212b802ac1 100644
default:
FIXME("Algorithm %d not yet supported\n", key->alg_id);
@@ -1503,6 +1550,14 @@ static NTSTATUS prepare_gnutls_signature_ecc( struct key *key, UCHAR *signature,
@@ -1485,6 +1532,14 @@ static NTSTATUS prepare_gnutls_signature_ecc( struct key *key, UCHAR *signature,
return STATUS_SUCCESS;
}
@ -138,7 +138,7 @@ index 3f4e3b665a..212b802ac1 100644
static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULONG signature_len,
gnutls_datum_t *gnutls_signature )
{
@@ -1511,6 +1566,8 @@ static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULO
@@ -1493,6 +1548,8 @@ static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULO
case ALG_ID_ECDSA_P256:
case ALG_ID_ECDSA_P384:
return prepare_gnutls_signature_ecc( key, signature, signature_len, gnutls_signature );
@ -147,7 +147,7 @@ index 3f4e3b665a..212b802ac1 100644
default:
FIXME( "Algorithm %d not yet supported\n", key->alg_id );
@@ -1529,18 +1586,38 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
@@ -1511,18 +1568,38 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
NTSTATUS status;
int ret;
@ -195,7 +195,7 @@ index 3f4e3b665a..212b802ac1 100644
}
switch (key->alg_id)
@@ -1549,6 +1626,9 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
@@ -1531,6 +1608,9 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
case ALG_ID_ECDSA_P384:
pk_algo = GNUTLS_PK_ECC;
break;
@ -205,7 +205,7 @@ index 3f4e3b665a..212b802ac1 100644
default:
FIXME( "Algorithm %d not yet supported\n", key->alg_id );
@@ -1574,7 +1654,8 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
@@ -1556,7 +1636,8 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
gnutls_hash.size = hash_len;
ret = pgnutls_pubkey_verify_hash2( gnutls_key, sign_algo, 0, &gnutls_hash, &gnutls_signature );
@ -215,7 +215,7 @@ index 3f4e3b665a..212b802ac1 100644
pgnutls_pubkey_deinit( gnutls_key );
return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS;
}
@@ -1975,6 +2056,33 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
@@ -1938,6 +2019,33 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
*ret_key = key;
return STATUS_SUCCESS;
}

2
patches/bcrypt-Improvements/0036-bcrypt-tests-Add-simple-test-for-RSA.patch
View File

@ -1,4 +1,4 @@
From 7532a9e64de3932bd9ec7c781170f6d6e4af6781 Mon Sep 17 00:00:00 2001
From 198271bfc6e17cb7be8f2296ea2375eb3a441db1 Mon Sep 17 00:00:00 2001
From: Kimmo Myllyvirta <kimmo.myllyvirta@gmail.com>
Date: Tue, 10 Oct 2017 16:41:09 +0300
Subject: [PATCH 35/36] bcrypt/tests: Add simple test for RSA.

10
patches/bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch
View File

@ -1,4 +1,4 @@
From 432d0e95d84ade8b992e36a2935519d391826b86 Mon Sep 17 00:00:00 2001
From 139caeb5c401db46fc11cd8de60791f035852cbd Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Sat, 14 Oct 2017 22:44:13 +0200
Subject: [PATCH 36/36] bcrypt: Store full ECCKEY_BLOB struct in
@ -9,10 +9,10 @@ Subject: [PATCH 36/36] bcrypt: Store full ECCKEY_BLOB struct in
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 212b802ac1..d683fca45b 100644
index 4f7e7636ca..695c49acd1 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1449,6 +1449,7 @@ static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len,
@@ -1431,6 +1431,7 @@ static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len,
static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnutls_key )
{
@ -20,7 +20,7 @@ index 212b802ac1..d683fca45b 100644
gnutls_ecc_curve_t curve;
gnutls_datum_t x, y;
int ret;
@@ -1469,10 +1470,11 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut
@@ -1451,10 +1452,11 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut
return STATUS_INTERNAL_ERROR;
}
@ -36,7 +36,7 @@ index 212b802ac1..d683fca45b 100644
if ((ret = pgnutls_pubkey_import_ecc_raw( *gnutls_key, curve, &x, &y )))
{
@@ -2047,7 +2049,7 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
@@ -2010,7 +2012,7 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
return STATUS_NO_MEMORY;
key->hdr.magic = MAGIC_KEY;