Re: [PATCH 0/4] MR7732: bcrypt: Add support for BCRYPT_AES_WRAP_KEY_BLOB.

3 Apr 2025


      Dmitry Timoshkov (@dmitry) commented about dlls/bcrypt/bcrypt_main.c:
...
     return key_symmetric_generate( alg, key, input + sizeof(len), len );
 }


else if (!wcscmp( type, BCRYPT_AES_WRAP_KEY_BLOB ))
{
   UCHAR output[BLOCK_LENGTH_AES];


   if (!decrypt_key || input_len < 8) return STATUS_INVALID_PARAMETER;


   len = input_len - 8;


   if (len < BLOCK_LENGTH_AES || len & (BLOCK_LENGTH_AES - 1) || len > sizeof(output))


       return STATUS_INVALID_PARAMETER;


   if ((status = aes_unwrap( decrypt_key->u.s.secret, decrypt_key->u.s.secret_len, input, output )))


aes_unwrap() should be able to decrypt all possible AES key lengths (128, 192, 256 bits), to do so it needs to know the wrapped blob length. Your implementation uses the decryption key length instead, which is incorrect.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/7732#note_99829

2025

2024

2023

2022

Re: [PATCH 0/4] MR7732: bcrypt: Add support for BCRYPT_AES_WRAP_KEY_BLOB.