From d854a14e641aca1d580f85a95dd1b287489b312a Mon Sep 17 00:00:00 2001 From: Zebediah Figura Date: Sat, 3 Mar 2018 14:17:08 -0600 Subject: [PATCH] bcrypt-Improvements: Fix Mac build. Also fix some test failures. --- ...ct-to-get_-alg-hash-_property-instea.patch | 28 +- ...ement-BCryptEncrypt-for-AES-GCM-mode.patch | 67 ++++- ...rt-for-computing-comparing-cipher-ta.patch | 33 ++- ...-bcrypt-Implement-BCryptDuplicateKey.patch | 44 ++- ...call-BCryptSetProperty-on-key-object.patch | 27 +- ...upport-for-auth-data-in-AES-GCM-mode.patch | 46 ++-- ...sh-in-tests-when-compiling-without-g.patch | 17 +- ...Implement-support-for-ECB-chain-mode.patch | 28 +- ...support-for-192-and-256-bit-aes-keys.patch | 14 +- ...rypt-Preparation-for-asymmetric-keys.patch | 256 ++++++++++++++---- ...pt-Implement-importing-of-ecdsa-keys.patch | 86 +++--- ...-BCryptVerifySignature-for-ecdsa-sig.patch | 34 ++- 12 files changed, 487 insertions(+), 193 deletions(-) diff --git a/patches/bcrypt-Improvements/0012-bcrypt-Pass-object-to-get_-alg-hash-_property-instea.patch b/patches/bcrypt-Improvements/0012-bcrypt-Pass-object-to-get_-alg-hash-_property-instea.patch index d4728975..67106cda 100644 --- a/patches/bcrypt-Improvements/0012-bcrypt-Pass-object-to-get_-alg-hash-_property-instea.patch +++ b/patches/bcrypt-Improvements/0012-bcrypt-Pass-object-to-get_-alg-hash-_property-instea.patch @@ -1,15 +1,15 @@ -From bfaaaeedacdf5ee92bee8048c6bb6ac85be3ecd0 Mon Sep 17 00:00:00 2001 +From 2d4fc0dc7d0c64fb45683af54d659832493e2a7e Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Mon, 26 Dec 2016 06:18:01 +0100 Subject: [PATCH 12/36] bcrypt: Pass object to get_{alg,hash}_property instead of alg_id. --- - dlls/bcrypt/bcrypt_main.c | 42 ++++++++++++++++++++++-------------------- - 1 file changed, 22 insertions(+), 20 deletions(-) + dlls/bcrypt/bcrypt_main.c | 40 ++++++++++++++++++++-------------------- + 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 6e47349de4..73a5c36fed 100644 +index 6e47349..8af43c8 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -510,15 +510,15 @@ static NTSTATUS generic_alg_property( enum alg_id id, const WCHAR *prop, UCHAR * @@ -60,13 +60,7 @@ index 6e47349de4..73a5c36fed 100644 } default: WARN( "unknown magic %08x\n", object->magic ); -@@ -794,11 +794,13 @@ struct key - { - struct object hdr; - ULONG block_size; -+ UCHAR *secret; -+ ULONG secret_len; - }; +@@ -798,7 +798,7 @@ struct key #endif #if defined(HAVE_GNUTLS_CIPHER_INIT) || defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 @@ -75,7 +69,7 @@ index 6e47349de4..73a5c36fed 100644 { ULONG ret = 0, size = sizeof(ret); get_alg_property( alg, BCRYPT_BLOCK_LENGTH, (UCHAR *)&ret, sizeof(ret), &size ); -@@ -827,27 +829,27 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U +@@ -827,27 +827,27 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U #endif #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) @@ -108,7 +102,7 @@ index 6e47349de4..73a5c36fed 100644 key->handle = 0; /* initialized on first use */ key->secret = buffer; key->secret_len = secret_len; -@@ -937,25 +939,25 @@ static NTSTATUS key_destroy( struct key *key ) +@@ -937,25 +937,25 @@ static NTSTATUS key_destroy( struct key *key ) return STATUS_SUCCESS; } #elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 @@ -130,7 +124,7 @@ index 6e47349de4..73a5c36fed 100644 } - if (!(key->block_size = get_block_size( id ))) return STATUS_INVALID_PARAMETER; -+ if (!(key->block_size = get_block_size( arg ))) return STATUS_INVALID_PARAMETER; ++ if (!(key->block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER; if (!(buffer = heap_alloc( secret_len ))) return STATUS_NO_MEMORY; memcpy( buffer, secret, secret_len ); @@ -139,7 +133,7 @@ index 6e47349de4..73a5c36fed 100644 key->ref_encrypt = NULL; /* initialized on first use */ key->ref_decrypt = NULL; key->secret = buffer; -@@ -1034,7 +1036,7 @@ static NTSTATUS key_destroy( struct key *key ) +@@ -1034,7 +1034,7 @@ static NTSTATUS key_destroy( struct key *key ) return STATUS_SUCCESS; } #else @@ -148,7 +142,7 @@ index 6e47349de4..73a5c36fed 100644 { ERR( "support for keys not available at build time\n" ); return STATUS_NOT_IMPLEMENTED; -@@ -1089,7 +1091,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ +@@ -1089,7 +1089,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ if (!(key = heap_alloc( sizeof(*key) ))) return STATUS_NO_MEMORY; key->hdr.magic = MAGIC_KEY; @@ -158,5 +152,5 @@ index 6e47349de4..73a5c36fed 100644 heap_free( key ); return status; -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0017-bcrypt-Implement-BCryptEncrypt-for-AES-GCM-mode.patch b/patches/bcrypt-Improvements/0017-bcrypt-Implement-BCryptEncrypt-for-AES-GCM-mode.patch index bf8dcbd8..2cb0ecfe 100644 --- a/patches/bcrypt-Improvements/0017-bcrypt-Implement-BCryptEncrypt-for-AES-GCM-mode.patch +++ b/patches/bcrypt-Improvements/0017-bcrypt-Implement-BCryptEncrypt-for-AES-GCM-mode.patch @@ -1,15 +1,15 @@ -From 23ce1e2c23629e0f406fad6cf5ff1855c379ad0c Mon Sep 17 00:00:00 2001 +From d056be40dd9cd96ec2ef6efa85fe9a630948a305 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Mon, 26 Dec 2016 07:46:57 +0100 Subject: [PATCH 17/36] bcrypt: Implement BCryptEncrypt for AES GCM mode. --- - dlls/bcrypt/bcrypt_main.c | 48 ++++++++++++++++++++++++++++++++++++++-------- - dlls/bcrypt/tests/bcrypt.c | 18 ++++++++--------- - 2 files changed, 49 insertions(+), 17 deletions(-) + dlls/bcrypt/bcrypt_main.c | 60 +++++++++++++++++++++++++++++++++++++++------- + dlls/bcrypt/tests/bcrypt.c | 18 +++++++------- + 2 files changed, 61 insertions(+), 17 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 9e9e357634..387f448516 100644 +index fa80318..dfdb7b2 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -63,6 +63,12 @@ MAKE_FUNCPTR(gnutls_global_set_log_level); @@ -33,7 +33,23 @@ index 9e9e357634..387f448516 100644 ULONG block_size; gnutls_cipher_hd_t handle; UCHAR *secret; -@@ -925,6 +932,7 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s +@@ -858,6 +865,7 @@ struct key + { + struct object hdr; + enum alg_id alg_id; ++ enum mode_id mode; + ULONG block_size; + CCCryptorRef ref_encrypt; + CCCryptorRef ref_decrypt; +@@ -868,6 +876,7 @@ struct key + struct key + { + struct object hdr; ++ enum mode_id mode; + ULONG block_size; + }; + #endif +@@ -923,6 +932,7 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s memcpy( buffer, secret, secret_len ); key->alg_id = alg->id; @@ -41,7 +57,7 @@ index 9e9e357634..387f448516 100644 key->handle = 0; /* initialized on first use */ key->secret = buffer; key->secret_len = secret_len; -@@ -937,9 +945,13 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) +@@ -935,9 +945,13 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) switch (key->alg_id) { case ALG_ID_AES: @@ -58,7 +74,38 @@ index 9e9e357634..387f448516 100644 default: FIXME( "algorithm %u not supported\n", key->alg_id ); return GNUTLS_CIPHER_UNKNOWN; -@@ -1262,17 +1274,37 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1019,6 +1033,14 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s + switch (alg->id) + { + case ALG_ID_AES: ++ switch (alg->mode) ++ { ++ case MODE_ID_CBC: ++ break; ++ default: ++ FIXME( "mode %u not supported\n", alg->mode ); ++ return STATUS_NOT_SUPPORTED; ++ } + break; + + default: +@@ -1031,6 +1053,7 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s + memcpy( buffer, secret, secret_len ); + + key->alg_id = alg->id; ++ key->mode = alg->mode; + key->ref_encrypt = NULL; /* initialized on first use */ + key->ref_decrypt = NULL; + key->secret = buffer; +@@ -1112,6 +1135,7 @@ static NTSTATUS key_destroy( struct key *key ) + static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len ) + { + ERR( "support for keys not available at build time\n" ); ++ key->mode = MODE_ID_CBC; + return STATUS_NOT_IMPLEMENTED; + } + +@@ -1260,17 +1284,37 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp padding, iv, iv_len, output, output_len, ret_len, flags ); if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE; @@ -102,7 +149,7 @@ index 9e9e357634..387f448516 100644 *ret_len = input_len; diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index 70d9e0c246..355a414bca 100644 +index 70d9e0c..355a414 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c @@ -751,12 +751,12 @@ static void test_BCryptEncrypt(void) @@ -149,5 +196,5 @@ index 70d9e0c246..355a414bca 100644 ret = pBCryptDestroyKey(key); ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0019-bcrypt-Add-support-for-computing-comparing-cipher-ta.patch b/patches/bcrypt-Improvements/0019-bcrypt-Add-support-for-computing-comparing-cipher-ta.patch index cddfd34d..7e907d3c 100644 --- a/patches/bcrypt-Improvements/0019-bcrypt-Add-support-for-computing-comparing-cipher-ta.patch +++ b/patches/bcrypt-Improvements/0019-bcrypt-Add-support-for-computing-comparing-cipher-ta.patch @@ -1,15 +1,15 @@ -From f3115ed9d937156ec03bd00e136268a53a7b383e Mon Sep 17 00:00:00 2001 +From a511e42c71c2c04ee257f78cece073d08a51d32d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Mon, 26 Dec 2016 08:02:36 +0100 Subject: [PATCH 19/36] bcrypt: Add support for computing/comparing cipher tag. --- - dlls/bcrypt/bcrypt_main.c | 41 ++++++++++++++++++++++++++++++++++++++++- + dlls/bcrypt/bcrypt_main.c | 47 +++++++++++++++++++++++++++++++++++++++++++++- dlls/bcrypt/tests/bcrypt.c | 10 +++++----- - 2 files changed, 45 insertions(+), 6 deletions(-) + 2 files changed, 51 insertions(+), 6 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 17cc92dded..e518d315c3 100644 +index 02a0106..5daddff 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -50,6 +50,9 @@ static HINSTANCE instance; @@ -67,7 +67,20 @@ index 17cc92dded..e518d315c3 100644 static NTSTATUS key_destroy( struct key *key ) { if (key->handle) pgnutls_cipher_deinit( key->handle ); -@@ -1149,6 +1176,12 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le +@@ -1123,6 +1150,12 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le + return STATUS_SUCCESS; + } + ++static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) ++{ ++ FIXME( "not implemented on Mac\n" ); ++ return STATUS_NOT_IMPLEMENTED; ++} ++ + static NTSTATUS key_destroy( struct key *key ) + { + if (key->ref_encrypt) CCCryptorRelease( key->ref_encrypt ); +@@ -1159,6 +1192,12 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le return STATUS_NOT_IMPLEMENTED; } @@ -80,7 +93,7 @@ index 17cc92dded..e518d315c3 100644 static NTSTATUS key_destroy( struct key *key ) { ERR( "support for keys not available at build time\n" ); -@@ -1302,7 +1335,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1312,7 +1351,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if ((status = key_encrypt( key, input, input_len, output, output_len ))) return status; @@ -89,7 +102,7 @@ index 17cc92dded..e518d315c3 100644 } if ((status = key_set_params( key, iv, iv_len ))) return status; -@@ -1361,6 +1394,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1371,6 +1410,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (key->mode == MODE_ID_GCM) { BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding; @@ -97,7 +110,7 @@ index 17cc92dded..e518d315c3 100644 if (!auth_info) return STATUS_INVALID_PARAMETER; if (!auth_info->pbNonce) return STATUS_INVALID_PARAMETER; -@@ -1378,6 +1412,11 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1388,6 +1428,11 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if ((status = key_decrypt( key, input, input_len, output, output_len ))) return status; @@ -110,7 +123,7 @@ index 17cc92dded..e518d315c3 100644 } diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index 89a3c40850..18cd2a2713 100644 +index 89a3c40..18cd2a2 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c @@ -754,11 +754,11 @@ static void test_BCryptEncrypt(void) @@ -151,5 +164,5 @@ index 89a3c40850..18cd2a2713 100644 ret = pBCryptDestroyKey(key); -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0020-bcrypt-Implement-BCryptDuplicateKey.patch b/patches/bcrypt-Improvements/0020-bcrypt-Implement-BCryptDuplicateKey.patch index 4ffc474d..fd86728b 100644 --- a/patches/bcrypt-Improvements/0020-bcrypt-Implement-BCryptDuplicateKey.patch +++ b/patches/bcrypt-Improvements/0020-bcrypt-Implement-BCryptDuplicateKey.patch @@ -1,16 +1,16 @@ -From 20c4886fc456f7994e96ac41759b0d22cabb0e0a Mon Sep 17 00:00:00 2001 +From 622e4b47bdabcdae3deab7347a73d0b3ea804fca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Mon, 26 Dec 2016 08:28:24 +0100 Subject: [PATCH 20/36] bcrypt: Implement BCryptDuplicateKey. --- dlls/bcrypt/bcrypt.spec | 2 +- - dlls/bcrypt/bcrypt_main.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++ + dlls/bcrypt/bcrypt_main.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++ dlls/ncrypt/ncrypt.spec | 2 +- - 3 files changed, 51 insertions(+), 2 deletions(-) + 3 files changed, 70 insertions(+), 2 deletions(-) diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec -index 21b54b4934..28c2394ce4 100644 +index 21b54b4..28c2394 100644 --- a/dlls/bcrypt/bcrypt.spec +++ b/dlls/bcrypt/bcrypt.spec @@ -12,7 +12,7 @@ @@ -23,7 +23,7 @@ index 21b54b4934..28c2394ce4 100644 @ stdcall BCryptEnumAlgorithms(long ptr ptr long) @ stub BCryptEnumContextFunctionProviders diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index e518d315c3..7111788b55 100644 +index 5daddff..e72a8fd 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -954,6 +954,24 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s @@ -51,7 +51,33 @@ index e518d315c3..7111788b55 100644 static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) { switch (key->alg_id) -@@ -1156,6 +1174,13 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s +@@ -1089,6 +1107,25 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s + return STATUS_SUCCESS; + } + ++static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) ++{ ++ UCHAR *buffer; ++ ++ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->secret_len ))) return STATUS_NO_MEMORY; ++ memcpy( buffer, key_orig->secret, key_orig->secret_len ); ++ ++ key_copy->hdr = key_orig->hdr; ++ key_copy->alg_id = key_orig->alg_id; ++ key_copy->mode = key_orig->mode; ++ key_copy->block_size = key_orig->block_size; ++ key_copy->ref_encrypt = NULL; ++ key_copy->ref_decrypt = NULL; ++ key_copy->secret = buffer; ++ key_copy->secret_len = key_orig->secret_len; ++ ++ return STATUS_SUCCESS; ++} ++ + static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) + { + CCCryptorStatus status; +@@ -1172,6 +1209,13 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s return STATUS_NOT_IMPLEMENTED; } @@ -65,7 +91,7 @@ index e518d315c3..7111788b55 100644 static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) { ERR( "support for keys not available at build time\n" ); -@@ -1284,6 +1309,30 @@ NTSTATUS WINAPI BCryptExportKey(BCRYPT_KEY_HANDLE export_key, BCRYPT_KEY_HANDLE +@@ -1300,6 +1344,30 @@ NTSTATUS WINAPI BCryptExportKey(BCRYPT_KEY_HANDLE export_key, BCRYPT_KEY_HANDLE return key_export( key, type, output, output_len, size ); } @@ -97,7 +123,7 @@ index e518d315c3..7111788b55 100644 { struct key *key = handle; diff --git a/dlls/ncrypt/ncrypt.spec b/dlls/ncrypt/ncrypt.spec -index 5d5fae0b5c..d0f0f56cc4 100644 +index 5d5fae0..d0f0f56 100644 --- a/dlls/ncrypt/ncrypt.spec +++ b/dlls/ncrypt/ncrypt.spec @@ -14,7 +14,7 @@ @@ -110,5 +136,5 @@ index 5d5fae0b5c..d0f0f56cc4 100644 @ stdcall BCryptEnumAlgorithms(long ptr ptr long) bcrypt.BCryptEnumAlgorithms @ stub BCryptEnumContextFunctionProviders -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0022-bcrypt-Allow-to-call-BCryptSetProperty-on-key-object.patch b/patches/bcrypt-Improvements/0022-bcrypt-Allow-to-call-BCryptSetProperty-on-key-object.patch index cda53a92..81ccdd9a 100644 --- a/patches/bcrypt-Improvements/0022-bcrypt-Allow-to-call-BCryptSetProperty-on-key-object.patch +++ b/patches/bcrypt-Improvements/0022-bcrypt-Allow-to-call-BCryptSetProperty-on-key-object.patch @@ -1,15 +1,15 @@ -From 8568e6743e9249a11584b7744df4f8ec116a100f Mon Sep 17 00:00:00 2001 +From b41fdf5830cdaf31108cbdf82585f130882a0fb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Mon, 26 Dec 2016 08:41:31 +0100 Subject: [PATCH 22/36] bcrypt: Allow to call BCryptSetProperty on key objects. --- - dlls/bcrypt/bcrypt_main.c | 38 ++++++++++++++++++++++++++++++++++++-- + dlls/bcrypt/bcrypt_main.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- dlls/bcrypt/tests/bcrypt.c | 4 ++++ - 2 files changed, 40 insertions(+), 2 deletions(-) + 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 7111788b55..dc6aa82b81 100644 +index e72a8fd..f027eea 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -246,6 +246,9 @@ struct algorithm @@ -65,7 +65,20 @@ index 7111788b55..dc6aa82b81 100644 static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) { switch (key->alg_id) -@@ -1181,6 +1209,12 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) +@@ -1126,6 +1154,12 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) + return STATUS_SUCCESS; + } + ++static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags ) ++{ ++ FIXME( "not implemented on Mac\n" ); ++ return STATUS_NOT_IMPLEMENTED; ++} ++ + static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) + { + CCCryptorStatus status; +@@ -1216,6 +1250,12 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) return STATUS_NOT_IMPLEMENTED; } @@ -79,7 +92,7 @@ index 7111788b55..dc6aa82b81 100644 { ERR( "support for keys not available at build time\n" ); diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index 6ec429e309..baf5b638f9 100644 +index 6ec429e..baf5b63 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c @@ -526,6 +526,10 @@ static void test_BCryptGenerateSymmetricKey(void) @@ -94,5 +107,5 @@ index 6ec429e309..baf5b638f9 100644 ret = pBCryptEncrypt(key, NULL, 0, NULL, NULL, 0, NULL, 0, &size, 0); ok(ret == STATUS_SUCCESS, "got %08x\n", ret); -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0023-bcrypt-Add-support-for-auth-data-in-AES-GCM-mode.patch b/patches/bcrypt-Improvements/0023-bcrypt-Add-support-for-auth-data-in-AES-GCM-mode.patch index 072283de..b294fd2c 100644 --- a/patches/bcrypt-Improvements/0023-bcrypt-Add-support-for-auth-data-in-AES-GCM-mode.patch +++ b/patches/bcrypt-Improvements/0023-bcrypt-Add-support-for-auth-data-in-AES-GCM-mode.patch @@ -1,14 +1,14 @@ -From 7ecc8c3e96519eb53f0442981bd711b719cebfab Mon Sep 17 00:00:00 2001 +From d11095de823d25cd44a80bbdab2745c560db9521 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Mon, 26 Dec 2016 15:01:19 +0100 Subject: [PATCH 23/36] bcrypt: Add support for auth data in AES GCM mode. --- - dlls/bcrypt/bcrypt_main.c | 41 ++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 40 insertions(+), 1 deletion(-) + dlls/bcrypt/bcrypt_main.c | 42 +++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index dc6aa82b81..e4ebcf91ed 100644 +index f027eea..da9cb02 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -52,6 +52,7 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag); @@ -33,24 +33,19 @@ index dc6aa82b81..e4ebcf91ed 100644 { return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } -@@ -127,6 +133,16 @@ static BOOL gnutls_initialize(void) - pgnutls_global_set_log_level( 4 ); - pgnutls_global_set_log_function( gnutls_log ); +@@ -115,6 +121,11 @@ static BOOL gnutls_initialize(void) + WARN("gnutls_cipher_tag not found\n"); + pgnutls_cipher_tag = compat_gnutls_cipher_tag; } -+ if (!(pgnutls_cipher_tag = wine_dlsym( libgnutls_handle, "gnutls_cipher_tag", NULL, 0 ))) -+ { -+ WARN("gnutls_cipher_tag not found\n"); -+ pgnutls_cipher_tag = compat_gnutls_cipher_tag; -+ } + if (!(pgnutls_cipher_add_auth = wine_dlsym( libgnutls_handle, "gnutls_cipher_add_auth", NULL, 0 ))) + { + WARN("gnutls_cipher_add_auth not found\n"); + pgnutls_cipher_add_auth = compat_gnutls_cipher_add_auth; + } - return TRUE; - -@@ -1050,6 +1066,19 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) + if ((ret = pgnutls_global_init()) != GNUTLS_E_SUCCESS) + { +@@ -1050,6 +1061,19 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) return STATUS_SUCCESS; } @@ -70,7 +65,20 @@ index dc6aa82b81..e4ebcf91ed 100644 static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, ULONG output_len ) { -@@ -1221,6 +1250,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) +@@ -1193,6 +1217,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) + return STATUS_SUCCESS; + } + ++static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len ) ++{ ++ FIXME( "not implemented on Mac\n" ); ++ return STATUS_NOT_IMPLEMENTED; ++} ++ + static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, + ULONG output_len ) + { +@@ -1262,6 +1292,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) return STATUS_NOT_IMPLEMENTED; } @@ -83,7 +91,7 @@ index dc6aa82b81..e4ebcf91ed 100644 static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, ULONG output_len ) { -@@ -1415,6 +1450,8 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1456,6 +1492,8 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (!output) return STATUS_SUCCESS; if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; @@ -92,7 +100,7 @@ index dc6aa82b81..e4ebcf91ed 100644 if ((status = key_encrypt( key, input, input_len, output, output_len ))) return status; -@@ -1492,6 +1529,8 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1533,6 +1571,8 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (!output) return STATUS_SUCCESS; if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; @@ -102,5 +110,5 @@ index dc6aa82b81..e4ebcf91ed 100644 return status; -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch b/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch index 4d63830d..c7ffade5 100644 --- a/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch +++ b/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch @@ -1,23 +1,24 @@ -From b9fd0d5d4e698d60126714217a950295914e6680 Mon Sep 17 00:00:00 2001 +From 0fbdf39c6714848c3186882ef01111c08174afa1 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Mon, 26 Dec 2016 16:20:57 +0100 Subject: [PATCH 25/36] bcrypt: Avoid crash in tests when compiling without gnutls support. --- - dlls/bcrypt/bcrypt_main.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) + dlls/bcrypt/bcrypt_main.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index e4ebcf91ed..98c49e7331 100644 +index da9cb02..1839edc 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c -@@ -1302,12 +1302,19 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ +@@ -1344,12 +1344,19 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; if (object) FIXME( "ignoring object buffer\n" ); +- if (!(key = heap_alloc( sizeof(*key) ))) return STATUS_NO_MEMORY; + - if (!(key = heap_alloc( sizeof(*key) ))) return STATUS_NO_MEMORY; ++ if (!(key = heap_alloc( sizeof(*key) ))) + { + *handle = NULL; + return STATUS_NO_MEMORY; @@ -32,7 +33,7 @@ index e4ebcf91ed..98c49e7331 100644 return status; } -@@ -1390,11 +1397,15 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE +@@ -1432,11 +1439,15 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE if (!key_orig || key_orig->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE; if (!handle_copy) return STATUS_INVALID_PARAMETER; if (!(key_copy = HeapAlloc( GetProcessHeap(), 0, sizeof(*key_copy) ))) @@ -49,5 +50,5 @@ index e4ebcf91ed..98c49e7331 100644 } -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch b/patches/bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch index 2725c133..ff1ec18e 100644 --- a/patches/bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch +++ b/patches/bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch @@ -1,4 +1,4 @@ -From a58d04dc5cb0ee6344c596eb5b6ac99fb0dd6c7f Mon Sep 17 00:00:00 2001 +From e0586d6d6fcfeb9e49e53eb3470678131bc0b469 Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Sun, 5 Mar 2017 23:18:03 +0100 Subject: [PATCH 26/36] bcrypt: Implement support for ECB chain mode. @@ -9,10 +9,10 @@ Subject: [PATCH 26/36] bcrypt: Implement support for ECB chain mode. 2 files changed, 244 insertions(+), 9 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 98c49e7331..cbd38f57d6 100644 +index 1839edc..8dc1e7b 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c -@@ -230,6 +230,7 @@ enum alg_id +@@ -225,6 +225,7 @@ enum alg_id enum mode_id { @@ -20,7 +20,7 @@ index 98c49e7331..cbd38f57d6 100644 MODE_ID_CBC, MODE_ID_GCM }; -@@ -582,8 +583,9 @@ static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop +@@ -577,8 +578,9 @@ static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop const WCHAR *mode; switch (alg->mode) { @@ -31,7 +31,7 @@ index 98c49e7331..cbd38f57d6 100644 default: return STATUS_NOT_IMPLEMENTED; } -@@ -636,7 +638,12 @@ static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHA +@@ -631,7 +633,12 @@ static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHA case ALG_ID_AES: if (!strcmpW( prop, BCRYPT_CHAINING_MODE )) { @@ -45,7 +45,7 @@ index 98c49e7331..cbd38f57d6 100644 { alg->mode = MODE_ID_CBC; return STATUS_SUCCESS; -@@ -995,7 +1002,12 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val +@@ -990,7 +997,12 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val { if (!strcmpW( prop, BCRYPT_CHAINING_MODE )) { @@ -59,7 +59,7 @@ index 98c49e7331..cbd38f57d6 100644 { key->mode = MODE_ID_CBC; return STATUS_SUCCESS; -@@ -1025,6 +1037,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) +@@ -1020,6 +1032,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) switch (key->mode) { case MODE_ID_GCM: return GNUTLS_CIPHER_AES_128_GCM; @@ -67,7 +67,7 @@ index 98c49e7331..cbd38f57d6 100644 case MODE_ID_CBC: default: return GNUTLS_CIPHER_AES_128_CBC; } -@@ -1036,6 +1049,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) +@@ -1031,6 +1044,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) { @@ -75,7 +75,7 @@ index 98c49e7331..cbd38f57d6 100644 gnutls_cipher_algorithm_t cipher; gnutls_datum_t secret, vector; int ret; -@@ -1049,15 +1063,18 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) +@@ -1044,15 +1058,18 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN) return STATUS_NOT_SUPPORTED; @@ -100,7 +100,7 @@ index 98c49e7331..cbd38f57d6 100644 { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1481,11 +1498,15 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1523,11 +1540,15 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (!output) return STATUS_SUCCESS; if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; @@ -116,7 +116,7 @@ index 98c49e7331..cbd38f57d6 100644 bytes_left -= key->block_size; src += key->block_size; dst += key->block_size; -@@ -1568,11 +1589,15 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1610,11 +1631,15 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp else if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; @@ -133,7 +133,7 @@ index 98c49e7331..cbd38f57d6 100644 src += key->block_size; dst += key->block_size; diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index bd22b80d9a..ade8058724 100644 +index bd22b80..81345a5 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c @@ -634,6 +634,15 @@ static void test_BCryptEncrypt(void) @@ -368,12 +368,12 @@ index bd22b80d9a..ade8058724 100644 + HeapFree(GetProcessHeap(), 0, buf); + + ret = pBCryptDestroyKey(key); -+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret); ++ ok(ret == STATUS_INVALID_HANDLE, "got %08x\n", ret); + HeapFree(GetProcessHeap(), 0, buf); + ret = pBCryptCloseAlgorithmProvider(aes, 0); ok(ret == STATUS_SUCCESS, "got %08x\n", ret); } -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch b/patches/bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch index 5187e7b2..c960bcf5 100644 --- a/patches/bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch +++ b/patches/bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch @@ -1,4 +1,4 @@ -From 236c6617a0142f7d7adae2683ece3789bb46782e Mon Sep 17 00:00:00 2001 +From da83888b40c6a37740e3ff3ba1b0f2d3e2b9008c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Sun, 13 Aug 2017 05:04:21 +0200 Subject: [PATCH 28/36] bcrypt: Add support for 192 and 256 bit aes keys. @@ -9,10 +9,10 @@ Subject: [PATCH 28/36] bcrypt: Add support for 192 and 256 bit aes keys. 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index f19a90e6bf..165718c63a 100644 +index dbd8152..227c007 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c -@@ -1036,11 +1036,21 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) +@@ -1031,11 +1031,21 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) WARN( "handle block size\n" ); switch (key->mode) { @@ -37,7 +37,7 @@ index f19a90e6bf..165718c63a 100644 FIXME( "algorithm %u not supported\n", key->alg_id ); return GNUTLS_CIPHER_UNKNOWN; diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index 159be44714..a0906e9904 100644 +index 2381fdf..2bf8b1b 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c @@ -615,6 +615,9 @@ static void test_BCryptEncrypt(void) @@ -61,7 +61,7 @@ index 159be44714..a0906e9904 100644 static UCHAR expected_tag[] = {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0}; static UCHAR expected_tag2[] = -@@ -873,6 +880,31 @@ static void test_BCryptEncrypt(void) +@@ -753,6 +760,31 @@ static void test_BCryptEncrypt(void) ok(ret == STATUS_SUCCESS, "got %08x\n", ret); HeapFree(GetProcessHeap(), 0, buf); @@ -91,8 +91,8 @@ index 159be44714..a0906e9904 100644 + HeapFree(GetProcessHeap(), 0, buf); + /****************** - * AES - ECB mode * + * AES - GCM mode * ******************/ -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch b/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch index 55c0a74c..b21b3de1 100644 --- a/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch +++ b/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch @@ -1,17 +1,17 @@ -From d0f72018a4759730734560b2c9aebf5733123166 Mon Sep 17 00:00:00 2001 +From d4255af99adc2fb09940feae4a7836fdd7e45a8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Fri, 29 Sep 2017 18:31:55 +0200 Subject: [PATCH 29/36] bcrypt: Preparation for asymmetric keys. --- - dlls/bcrypt/bcrypt_main.c | 269 ++++++++++++++++++++++++++++------------------ - 1 file changed, 165 insertions(+), 104 deletions(-) + dlls/bcrypt/bcrypt_main.c | 368 ++++++++++++++++++++++++++++------------------ + 1 file changed, 227 insertions(+), 141 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 165718c63a..5d4a5b5992 100644 +index 227c007..9b1ac80 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c -@@ -243,16 +243,17 @@ static const struct { +@@ -238,16 +238,17 @@ static const struct { ULONG hash_length; ULONG block_bits; const WCHAR *alg_name; @@ -38,7 +38,7 @@ index 165718c63a..5d4a5b5992 100644 }; struct algorithm -@@ -890,27 +891,45 @@ NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE algorithm, UCHAR *secret, ULONG se +@@ -885,21 +886,28 @@ NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE algorithm, UCHAR *secret, ULONG se } #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) @@ -70,27 +70,40 @@ index 165718c63a..5d4a5b5992 100644 +#elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 +struct key_symmetric +{ -+ enum mode_id mode; + enum mode_id mode; ULONG block_size; CCCryptorRef ref_encrypt; - CCCryptorRef ref_decrypt; +@@ -907,16 +915,56 @@ struct key UCHAR *secret; ULONG secret_len; }; +-#else + -+struct key -+{ + struct key + { +- struct object hdr; + struct object hdr; + enum alg_id alg_id; + union + { + struct key_symmetric s; + } u; -+} - #else - struct key - { -@@ -922,6 +941,28 @@ struct key ++}; ++#else ++struct key_symmetric ++{ + enum mode_id mode; + ULONG block_size; + }; ++ ++struct key ++{ ++ struct object hdr; ++ union ++ { ++ struct key_symmetric s; ++ } u; ++}; #endif #if defined(HAVE_GNUTLS_CIPHER_INIT) || defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 @@ -119,7 +132,7 @@ index 165718c63a..5d4a5b5992 100644 static ULONG get_block_size( struct algorithm *alg ) { ULONG ret = 0, size = sizeof(ret); -@@ -933,15 +974,15 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U +@@ -928,25 +976,43 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U if (!strcmpW( type, BCRYPT_KEY_DATA_BLOB )) { BCRYPT_KEY_DATA_BLOB_HEADER *header = (BCRYPT_KEY_DATA_BLOB_HEADER *)output; @@ -138,7 +151,27 @@ index 165718c63a..5d4a5b5992 100644 return STATUS_SUCCESS; } -@@ -951,7 +992,7 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U + FIXME( "unsupported key type %s\n", debugstr_w(type) ); + return STATUS_NOT_IMPLEMENTED; + } ++#else ++static inline BOOL key_is_symmetric( struct key *key ) ++{ ++ ERR( "support for keys not available at build time\n" ); ++ return FALSE; ++} ++ ++static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode ) ++{ ++ *mode = key->u.s.mode; ++ return STATUS_SUCCESS; ++} ++ ++static NTSTATUS key_symmetric_get_blocksize( struct key *key, ULONG *size ) ++{ ++ ERR( "support for keys not available at build time\n" ); ++ return STATUS_NOT_IMPLEMENTED; ++} #endif #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) @@ -147,7 +180,7 @@ index 165718c63a..5d4a5b5992 100644 { UCHAR *buffer; -@@ -967,15 +1008,15 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s +@@ -962,15 +1028,15 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s return STATUS_NOT_SUPPORTED; } @@ -169,7 +202,7 @@ index 165718c63a..5d4a5b5992 100644 return STATUS_SUCCESS; } -@@ -984,16 +1025,24 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) +@@ -979,16 +1045,24 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) { UCHAR *buffer; @@ -177,11 +210,6 @@ index 165718c63a..5d4a5b5992 100644 - memcpy( buffer, key_orig->secret, key_orig->secret_len ); + key_copy->hdr = key_orig->hdr; + key_copy->alg_id = key_orig->alg_id; -+ -+ if (key_is_symmetric(key_orig)) -+ { -+ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->u.s.secret_len ))) return STATUS_NO_MEMORY; -+ memcpy( buffer, key_orig->u.s.secret, key_orig->u.s.secret_len ); - key_copy->hdr = key_orig->hdr; - key_copy->alg_id = key_orig->alg_id; @@ -190,6 +218,11 @@ index 165718c63a..5d4a5b5992 100644 - key_copy->handle = NULL; - key_copy->secret = buffer; - key_copy->secret_len = key_orig->secret_len; ++ if (key_is_symmetric(key_orig)) ++ { ++ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->u.s.secret_len ))) return STATUS_NO_MEMORY; ++ memcpy( buffer, key_orig->u.s.secret, key_orig->u.s.secret_len ); ++ + key_copy->u.s.mode = key_orig->u.s.mode; + key_copy->u.s.block_size = key_orig->u.s.block_size; + key_copy->u.s.handle = NULL; @@ -203,7 +236,7 @@ index 165718c63a..5d4a5b5992 100644 return STATUS_SUCCESS; } -@@ -1004,17 +1053,17 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val +@@ -999,17 +1073,17 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val { if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB, size )) { @@ -224,7 +257,7 @@ index 165718c63a..5d4a5b5992 100644 return STATUS_SUCCESS; } else -@@ -1034,22 +1083,22 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) +@@ -1029,22 +1103,22 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) { case ALG_ID_AES: WARN( "handle block size\n" ); @@ -254,7 +287,7 @@ index 165718c63a..5d4a5b5992 100644 return GNUTLS_CIPHER_UNKNOWN; default: FIXME( "algorithm %u not supported\n", key->alg_id ); -@@ -1057,17 +1106,17 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) +@@ -1052,17 +1126,17 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) } } @@ -276,7 +309,7 @@ index 165718c63a..5d4a5b5992 100644 } if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN) -@@ -1079,12 +1128,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) +@@ -1074,12 +1148,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) iv_len = sizeof(zero_iv); } @@ -292,7 +325,7 @@ index 165718c63a..5d4a5b5992 100644 { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1093,11 +1142,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) +@@ -1088,11 +1162,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) return STATUS_SUCCESS; } @@ -306,7 +339,7 @@ index 165718c63a..5d4a5b5992 100644 { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1106,12 +1155,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len +@@ -1101,12 +1175,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len return STATUS_SUCCESS; } @@ -321,7 +354,7 @@ index 165718c63a..5d4a5b5992 100644 { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1125,7 +1174,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le +@@ -1120,7 +1194,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le { int ret; @@ -330,7 +363,7 @@ index 165718c63a..5d4a5b5992 100644 { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1138,7 +1187,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1133,7 +1207,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) { int ret; @@ -339,7 +372,7 @@ index 165718c63a..5d4a5b5992 100644 { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; -@@ -1149,13 +1198,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1144,13 +1218,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) static NTSTATUS key_destroy( struct key *key ) { @@ -356,25 +389,144 @@ index 165718c63a..5d4a5b5992 100644 { UCHAR *buffer; -@@ -1182,7 +1231,7 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s +@@ -1172,16 +1246,16 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s + return STATUS_NOT_SUPPORTED; + } + +- if (!(key->block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER; ++ if (!(key->u.s.block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER; + if (!(buffer = heap_alloc( secret_len ))) return STATUS_NO_MEMORY; + memcpy( buffer, secret, secret_len ); + +- key->alg_id = alg->id; +- key->mode = alg->mode; +- key->ref_encrypt = NULL; /* initialized on first use */ +- key->ref_decrypt = NULL; +- key->secret = buffer; +- key->secret_len = secret_len; ++ key->alg_id = alg->id; ++ key->u.s.mode = alg->mode; ++ key->u.s.ref_encrypt = NULL; /* initialized on first use */ ++ key->u.s.ref_decrypt = NULL; ++ key->u.s.secret = buffer; ++ key->u.s.secret_len = secret_len; + return STATUS_SUCCESS; } +@@ -1190,17 +1264,17 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) + { + UCHAR *buffer; + +- if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->secret_len ))) return STATUS_NO_MEMORY; +- memcpy( buffer, key_orig->secret, key_orig->secret_len ); ++ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->u.s.secret_len ))) return STATUS_NO_MEMORY; ++ memcpy( buffer, key_orig->u.s.secret, key_orig->u.s.secret_len ); + +- key_copy->hdr = key_orig->hdr; +- key_copy->alg_id = key_orig->alg_id; +- key_copy->mode = key_orig->mode; +- key_copy->block_size = key_orig->block_size; +- key_copy->ref_encrypt = NULL; +- key_copy->ref_decrypt = NULL; +- key_copy->secret = buffer; +- key_copy->secret_len = key_orig->secret_len; ++ key_copy->hdr = key_orig->hdr; ++ key_copy->alg_id = key_orig->alg_id; ++ key_copy->u.s.mode = key_orig->u.s.mode; ++ key_copy->u.s.block_size = key_orig->u.s.block_size; ++ key_copy->u.s.ref_encrypt = NULL; ++ key_copy->u.s.ref_decrypt = NULL; ++ key_copy->u.s.secret = buffer; ++ key_copy->u.s.secret_len = key_orig->u.s.secret_len; + + return STATUS_SUCCESS; + } +@@ -1211,51 +1285,51 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val + return STATUS_NOT_IMPLEMENTED; + } -static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) +static NTSTATUS key_symmetric_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) { CCCryptorStatus status; -@@ -1215,7 +1264,7 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) +- if (key->ref_encrypt) ++ if (key->u.s.ref_encrypt) + { +- CCCryptorRelease( key->ref_encrypt ); +- key->ref_encrypt = NULL; ++ CCCryptorRelease( key->u.s.ref_encrypt ); ++ key->u.s.ref_encrypt = NULL; + } +- if (key->ref_decrypt) ++ if (key->u.s.ref_decrypt) + { +- CCCryptorRelease( key->ref_decrypt ); +- key->ref_decrypt = NULL; ++ CCCryptorRelease( key->u.s.ref_decrypt ); ++ key->u.s.ref_decrypt = NULL; + } + + if ((status = CCCryptorCreateWithMode( kCCEncrypt, kCCModeCBC, kCCAlgorithmAES128, ccNoPadding, iv, +- key->secret, key->secret_len, NULL, 0, 0, 0, &key->ref_encrypt )) != kCCSuccess) ++ key->u.s.secret, key->u.s.secret_len, NULL, 0, 0, 0, &key->u.s.ref_encrypt )) != kCCSuccess) + { + WARN( "CCCryptorCreateWithMode failed %d\n", status ); + return STATUS_INTERNAL_ERROR; + } + if ((status = CCCryptorCreateWithMode( kCCDecrypt, kCCModeCBC, kCCAlgorithmAES128, ccNoPadding, iv, +- key->secret, key->secret_len, NULL, 0, 0, 0, &key->ref_decrypt )) != kCCSuccess) ++ key->u.s.secret, key->u.s.secret_len, NULL, 0, 0, 0, &key->u.s.ref_decrypt )) != kCCSuccess) + { + WARN( "CCCryptorCreateWithMode failed %d\n", status ); +- CCCryptorRelease( key->ref_encrypt ); +- key->ref_encrypt = NULL; ++ CCCryptorRelease( key->u.s.ref_encrypt ); ++ key->u.s.ref_encrypt = NULL; + return STATUS_INTERNAL_ERROR; + } + return STATUS_SUCCESS; } +-static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len ) ++static NTSTATUS key_symmetric_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len ) + { + FIXME( "not implemented on Mac\n" ); + return STATUS_NOT_IMPLEMENTED; + } + -static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, +static NTSTATUS key_symmetric_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, ULONG output_len ) { CCCryptorStatus status; -@@ -1252,7 +1301,7 @@ static NTSTATUS key_destroy( struct key *key ) + +- if ((status = CCCryptorUpdate( key->ref_encrypt, input, input_len, output, output_len, NULL )) != kCCSuccess) ++ if ((status = CCCryptorUpdate( key->u.s.ref_encrypt, input, input_len, output, output_len, NULL )) != kCCSuccess) + { + WARN( "CCCryptorUpdate failed %d\n", status ); + return STATUS_INTERNAL_ERROR; +@@ -1269,7 +1343,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le + { + CCCryptorStatus status; + +- if ((status = CCCryptorUpdate( key->ref_decrypt, input, input_len, output, output_len, NULL )) != kCCSuccess) ++ if ((status = CCCryptorUpdate( key->u.s.ref_decrypt, input, input_len, output, output_len, NULL )) != kCCSuccess) + { + WARN( "CCCryptorUpdate failed %d\n", status ); + return STATUS_INTERNAL_ERROR; +@@ -1286,24 +1360,24 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) + + static NTSTATUS key_destroy( struct key *key ) + { +- if (key->ref_encrypt) CCCryptorRelease( key->ref_encrypt ); +- if (key->ref_decrypt) CCCryptorRelease( key->ref_decrypt ); +- heap_free( key->secret ); ++ if (key->u.s.ref_encrypt) CCCryptorRelease( key->u.s.ref_encrypt ); ++ if (key->u.s.ref_decrypt) CCCryptorRelease( key->u.s.ref_decrypt ); ++ heap_free( key->u.s.secret ); + heap_free( key ); return STATUS_SUCCESS; } #else @@ -382,8 +534,20 @@ index 165718c63a..5d4a5b5992 100644 +static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len ) { ERR( "support for keys not available at build time\n" ); +- key->mode = MODE_ID_CBC; ++ key->u.s.mode = MODE_ID_CBC; return STATUS_NOT_IMPLEMENTED; -@@ -1271,19 +1320,19 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val + } + + static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) + { + ERR( "support for keys not available at build time\n" ); +- key_copy->mode = MODE_ID_CBC; ++ key_copy->u.s.mode = MODE_ID_CBC; + return STATUS_NOT_IMPLEMENTED; + } + +@@ -1313,19 +1387,19 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val return STATUS_NOT_IMPLEMENTED; } @@ -406,7 +570,7 @@ index 165718c63a..5d4a5b5992 100644 ULONG output_len ) { ERR( "support for keys not available at build time\n" ); -@@ -1338,7 +1387,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ +@@ -1380,7 +1454,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ key->hdr.magic = MAGIC_KEY; @@ -415,7 +579,7 @@ index 165718c63a..5d4a5b5992 100644 { heap_free( key ); *handle = NULL; -@@ -1457,19 +1506,30 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1499,19 +1573,30 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp struct key *key = handle; ULONG bytes_left = input_len; UCHAR *buf, *src, *dst; @@ -447,7 +611,7 @@ index 165718c63a..5d4a5b5992 100644 { BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding; -@@ -1480,7 +1540,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1522,7 +1607,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (auth_info->dwFlags & BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG) FIXME( "call chaining not implemented\n" ); @@ -456,7 +620,7 @@ index 165718c63a..5d4a5b5992 100644 return status; *ret_len = input_len; -@@ -1488,46 +1548,47 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1530,46 +1615,47 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (input && !output) return STATUS_SUCCESS; if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; @@ -519,7 +683,7 @@ index 165718c63a..5d4a5b5992 100644 heap_free( buf ); } -@@ -1553,7 +1614,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1595,7 +1681,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp return STATUS_NOT_IMPLEMENTED; } @@ -528,7 +692,7 @@ index 165718c63a..5d4a5b5992 100644 { BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding; UCHAR tag[16]; -@@ -1563,7 +1624,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1605,7 +1691,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (!auth_info->pbTag) return STATUS_INVALID_PARAMETER; if (auth_info->cbTag < 12 || auth_info->cbTag > 16) return STATUS_INVALID_PARAMETER; @@ -537,7 +701,7 @@ index 165718c63a..5d4a5b5992 100644 return status; *ret_len = input_len; -@@ -1571,7 +1632,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1613,7 +1699,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp if (!output) return STATUS_SUCCESS; if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; @@ -546,7 +710,7 @@ index 165718c63a..5d4a5b5992 100644 return status; if ((status = key_decrypt( key, input, input_len, output, output_len ))) return status; -@@ -1584,44 +1645,44 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp +@@ -1626,44 +1712,44 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp return STATUS_SUCCESS; } @@ -609,5 +773,5 @@ index 165718c63a..5d4a5b5992 100644 else status = STATUS_UNSUCCESSFUL; /* FIXME: invalid padding */ -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch b/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch index 394cb5fe..8f30f603 100644 --- a/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch +++ b/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch @@ -1,17 +1,17 @@ -From 291dbb0125d68f708ed5ff575281d4104b6ddc62 Mon Sep 17 00:00:00 2001 +From 6bd5e33916b76195ecf5ce743de346bb9874295b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Fri, 29 Sep 2017 19:18:58 +0200 Subject: [PATCH 32/36] bcrypt: Implement importing of ecdsa keys. --- dlls/bcrypt/bcrypt.spec | 4 +- - dlls/bcrypt/bcrypt_main.c | 161 +++++++++++++++++++++++++++++++++++++++++++-- + dlls/bcrypt/bcrypt_main.c | 168 +++++++++++++++++++++++++++++++++++++++++++-- dlls/bcrypt/tests/bcrypt.c | 6 +- include/bcrypt.h | 2 + - 4 files changed, 162 insertions(+), 11 deletions(-) + 4 files changed, 170 insertions(+), 10 deletions(-) diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec -index 28c2394ce4..78824d73b3 100644 +index 28c2394..78824d7 100644 --- a/dlls/bcrypt/bcrypt.spec +++ b/dlls/bcrypt/bcrypt.spec @@ -32,7 +32,7 @@ @@ -33,10 +33,10 @@ index 28c2394ce4..78824d73b3 100644 @ stub GetCipherInterface @ stub GetHashInterface diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 5d4a5b5992..edea4571b0 100644 +index 9b1ac80..9efa132 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c -@@ -225,7 +225,9 @@ enum alg_id +@@ -220,7 +220,9 @@ enum alg_id ALG_ID_SHA1, ALG_ID_SHA256, ALG_ID_SHA384, @@ -47,7 +47,7 @@ index 5d4a5b5992..edea4571b0 100644 }; enum mode_id -@@ -253,7 +255,9 @@ static const struct { +@@ -248,7 +250,9 @@ static const struct { /* ALG_ID_SHA1 */ { 278, 20, 512, BCRYPT_SHA1_ALGORITHM, FALSE }, /* ALG_ID_SHA256 */ { 286, 32, 512, BCRYPT_SHA256_ALGORITHM, FALSE }, /* ALG_ID_SHA384 */ { 382, 48, 1024, BCRYPT_SHA384_ALGORITHM, FALSE }, @@ -58,7 +58,7 @@ index 5d4a5b5992..edea4571b0 100644 }; struct algorithm -@@ -332,6 +336,8 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR +@@ -327,6 +331,8 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256; else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384; else if (!strcmpW( id, BCRYPT_SHA512_ALGORITHM )) alg_id = ALG_ID_SHA512; @@ -67,7 +67,7 @@ index 5d4a5b5992..edea4571b0 100644 else { FIXME( "algorithm %s not supported\n", debugstr_w(id) ); -@@ -900,6 +906,12 @@ struct key_symmetric +@@ -895,6 +901,12 @@ struct key_symmetric ULONG secret_len; }; @@ -80,7 +80,7 @@ index 5d4a5b5992..edea4571b0 100644 struct key { struct object hdr; -@@ -907,6 +919,7 @@ struct key +@@ -902,6 +914,7 @@ struct key union { struct key_symmetric s; @@ -88,7 +88,7 @@ index 5d4a5b5992..edea4571b0 100644 } u; }; -@@ -921,6 +934,12 @@ struct key_symmetric +@@ -916,6 +929,12 @@ struct key_symmetric ULONG secret_len; }; @@ -101,19 +101,31 @@ index 5d4a5b5992..edea4571b0 100644 struct key { struct object hdr; -@@ -928,6 +947,7 @@ struct key +@@ -923,6 +942,7 @@ struct key union { struct key_symmetric s; + struct key_asymmetric a; } u; - } + }; #else -@@ -989,6 +1009,33 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U - FIXME( "unsupported key type %s\n", debugstr_w(type) ); - return STATUS_NOT_IMPLEMENTED; +@@ -998,6 +1018,12 @@ static inline BOOL key_is_symmetric( struct key *key ) + return FALSE; } + ++static inline BOOL key_is_asymmetric( struct key *key ) ++{ ++ ERR( "support for keys not available at build time\n" ); ++ return FALSE; ++} + + static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode ) + { + *mode = key->u.s.mode; +@@ -1041,6 +1067,33 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons + return STATUS_SUCCESS; + } + +static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, const UCHAR *pubkey, ULONG pubkey_len ) +{ + UCHAR *buffer; @@ -140,10 +152,11 @@ index 5d4a5b5992..edea4571b0 100644 + + return STATUS_SUCCESS; +} - #endif - - #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) -@@ -1041,7 +1088,13 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) ++ + static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) + { + UCHAR *buffer; +@@ -1061,7 +1114,13 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) } else { @@ -158,7 +171,7 @@ index 5d4a5b5992..edea4571b0 100644 } return STATUS_SUCCESS; -@@ -1198,8 +1251,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1218,8 +1277,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) static NTSTATUS key_destroy( struct key *key ) { @@ -174,19 +187,20 @@ index 5d4a5b5992..edea4571b0 100644 heap_free( key ); return STATUS_SUCCESS; } -@@ -1296,7 +1354,10 @@ static NTSTATUS key_destroy( struct key *key ) - { - if (key->ref_encrypt) CCCryptorRelease( key->ref_encrypt ); - if (key->ref_decrypt) CCCryptorRelease( key->ref_decrypt ); -- heap_free( key->secret ); -+ if(key_is_symmetric(key)) -+ heap_free( key->u.s.secret ); -+ else -+ heap_free( key->u.a.pubkey ); - heap_free( key ); +@@ -1260,6 +1324,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons return STATUS_SUCCESS; } -@@ -1307,6 +1368,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons + ++static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, const UCHAR *pubkey, ULONG pubkey_len ) ++{ ++ FIXME( "not implemented on Mac\n" ); ++ return STATUS_NOT_IMPLEMENTED; ++} ++ + static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) + { + UCHAR *buffer; +@@ -1374,6 +1444,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons return STATUS_NOT_IMPLEMENTED; } @@ -199,7 +213,7 @@ index 5d4a5b5992..edea4571b0 100644 static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) { ERR( "support for keys not available at build time\n" ); -@@ -1489,6 +1556,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE +@@ -1556,6 +1632,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE return STATUS_SUCCESS; } @@ -289,7 +303,7 @@ index 5d4a5b5992..edea4571b0 100644 { struct key *key = handle; diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index 9b04f62df2..3525fd9913 100644 +index 1c2700d..aaa187e 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c @@ -1404,7 +1404,7 @@ static void test_ECDSA(void) @@ -315,7 +329,7 @@ index 9b04f62df2..3525fd9913 100644 pBCryptDestroyKey(key); pBCryptCloseAlgorithmProvider(alg, 0); diff --git a/include/bcrypt.h b/include/bcrypt.h -index bf47576ab0..6804f2bff5 100644 +index bf47576..6804f2b 100644 --- a/include/bcrypt.h +++ b/include/bcrypt.h @@ -210,8 +210,10 @@ NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *); @@ -330,5 +344,5 @@ index bf47576ab0..6804f2bff5 100644 #endif /* __WINE_BCRYPT_H */ -- -2.16.1 +2.7.4 diff --git a/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch b/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch index 7d3d5285..dc88a416 100644 --- a/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch +++ b/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch @@ -1,16 +1,16 @@ -From bfcb00982177dd52b1727c0b6e32ed7297883f8b Mon Sep 17 00:00:00 2001 +From d10899e701ce7fd4463b30c90ad8c2656a6adead Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Fri, 29 Sep 2017 20:31:00 +0200 Subject: [PATCH 33/36] bcrypt: Implement BCryptVerifySignature for ecdsa signatures. --- - dlls/bcrypt/bcrypt_main.c | 336 +++++++++++++++++++++++++++++++++++++++++++-- + dlls/bcrypt/bcrypt_main.c | 343 +++++++++++++++++++++++++++++++++++++++++++-- dlls/bcrypt/tests/bcrypt.c | 4 +- - 2 files changed, 330 insertions(+), 10 deletions(-) + 2 files changed, 337 insertions(+), 10 deletions(-) diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index edea4571b0..d7a6435581 100644 +index 9efa132..082474b 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -27,6 +27,7 @@ @@ -104,7 +104,7 @@ index edea4571b0..d7a6435581 100644 #undef LOAD_FUNCPTR if (!(pgnutls_cipher_tag = wine_dlsym( libgnutls_handle, "gnutls_cipher_tag", NULL, 0 ))) -@@ -127,6 +166,21 @@ static BOOL gnutls_initialize(void) +@@ -132,6 +171,21 @@ static BOOL gnutls_initialize(void) pgnutls_perror( ret ); goto fail; } @@ -126,7 +126,7 @@ index edea4571b0..d7a6435581 100644 if (TRACE_ON( bcrypt )) { -@@ -1249,6 +1303,264 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1275,6 +1329,264 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) return STATUS_SUCCESS; } @@ -391,7 +391,21 @@ index edea4571b0..d7a6435581 100644 static NTSTATUS key_destroy( struct key *key ) { if(key_is_symmetric(key)) -@@ -1419,6 +1731,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) +@@ -1428,6 +1740,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) + return STATUS_NOT_IMPLEMENTED; + } + ++static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *hash, ULONG hash_len, ++ UCHAR *signature, ULONG signature_len, DWORD flags ) ++{ ++ FIXME( "not implemented on Mac\n" ); ++ return STATUS_NOT_IMPLEMENTED; ++} ++ + static NTSTATUS key_destroy( struct key *key ) + { + if (key->u.s.ref_encrypt) CCCryptorRelease( key->u.s.ref_encrypt ); +@@ -1495,6 +1814,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) return STATUS_NOT_IMPLEMENTED; } @@ -405,7 +419,7 @@ index edea4571b0..d7a6435581 100644 static NTSTATUS key_destroy( struct key *key ) { ERR( "support for keys not available at build time\n" ); -@@ -1629,13 +1948,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding, +@@ -1705,13 +2031,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding, { struct key *key = handle; @@ -423,7 +437,7 @@ index edea4571b0..d7a6435581 100644 NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle ) diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index 3525fd9913..047ffb4e6f 100644 +index aaa187e..6b62fb3 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c @@ -1420,10 +1420,10 @@ static void test_ECDSA(void) @@ -440,5 +454,5 @@ index 3525fd9913..047ffb4e6f 100644 pBCryptDestroyKey(key); pBCryptCloseAlgorithmProvider(alg, 0); -- -2.16.1 +2.7.4