[PATCH v2 0/9] MR834: Bcrypt algorithm pseudo handles

List overview All Threads

newer

older

[PATCH 0/3] MR836: msdasql:...

[PATCH 0/9] MR834: Bcrypt...

Hans Leidekker (＠hans)

13 Sep 2022 13 Sep '22

8:02 a.m.

-- v2: rsaenh: Use BCrypt algorithm pseudo-handles. ncrypt: Use BCrypt algorithm pseudo-handles. fusion: Use BCrypt algorithm pseudo-handles. dssenh: Use BCrypt algorithm pseudo-handles. crypt32: Use BCrypt algorithm pseudo-handles. appwiz.cpl: Use BCryptHash(). appwiz.cpl: Use BCrypt algorithm pseudo-handles. bcrypt: Rename mode_id to chain_mode. bcrypt: Add full support for algorithm pseudo-handles.

https://gitlab.winehq.org/wine/wine/-/merge_requests/834

Show replies by date

Hans Leidekker

13 Sep 13 Sep

8:02 a.m.

New subject: [PATCH v2 1/9] bcrypt: Add full support for algorithm pseudo-handles.

From: Hans Leidekker hans@codeweavers.com

--- dlls/bcrypt/bcrypt_internal.h | 5 +- dlls/bcrypt/bcrypt_main.c | 441 +++++++++++++++++++++------------- dlls/bcrypt/tests/bcrypt.c | 86 ++++++- include/bcrypt.h | 61 ++++- 4 files changed, 420 insertions(+), 173 deletions(-)

diff --git a/dlls/bcrypt/bcrypt_internal.h b/dlls/bcrypt/bcrypt_internal.h index a418642382b..78c391d20ec 100644 --- a/dlls/bcrypt/bcrypt_internal.h +++ b/dlls/bcrypt/bcrypt_internal.h @@ -146,10 +146,11 @@ enum alg_id

enum mode_id { - MODE_ID_ECB, MODE_ID_CBC, - MODE_ID_GCM, + MODE_ID_ECB, MODE_ID_CFB, + MODE_ID_CCM, + MODE_ID_GCM, };

struct algorithm diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c index fde09904963..1cdc8bcf422 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -175,14 +175,103 @@ NTSTATUS WINAPI BCryptEnumAlgorithms( ULONG type, ULONG *ret_count, BCRYPT_ALGOR return STATUS_SUCCESS; }

-NTSTATUS WINAPI BCryptGenRandom(BCRYPT_ALG_HANDLE handle, UCHAR *buffer, ULONG count, ULONG flags) +static const struct algorithm pseudo_algorithms[] = +{ + {{ MAGIC_ALG }, ALG_ID_MD2 }, + {{ MAGIC_ALG }, ALG_ID_MD4 }, + {{ MAGIC_ALG }, ALG_ID_MD5 }, + {{ MAGIC_ALG }, ALG_ID_SHA1 }, + {{ MAGIC_ALG }, ALG_ID_SHA256 }, + {{ MAGIC_ALG }, ALG_ID_SHA384 }, + {{ MAGIC_ALG }, ALG_ID_SHA512 }, + {{ 0 }}, /* RC4 */ + {{ MAGIC_ALG }, ALG_ID_RNG }, + {{ MAGIC_ALG }, ALG_ID_MD5, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG }, + {{ MAGIC_ALG }, ALG_ID_SHA1, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG }, + {{ MAGIC_ALG }, ALG_ID_SHA256, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG }, + {{ MAGIC_ALG }, ALG_ID_SHA384, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG }, + {{ MAGIC_ALG }, ALG_ID_SHA512, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG }, + {{ MAGIC_ALG }, ALG_ID_RSA }, + {{ 0 }}, /* ECDSA */ + {{ 0 }}, /* AES_CMAC */ + {{ 0 }}, /* AES_GMAC */ + {{ MAGIC_ALG }, ALG_ID_MD2, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG }, + {{ MAGIC_ALG }, ALG_ID_MD4, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG }, + {{ MAGIC_ALG }, ALG_ID_3DES, MODE_ID_CBC }, + {{ MAGIC_ALG }, ALG_ID_3DES, MODE_ID_ECB }, + {{ MAGIC_ALG }, ALG_ID_3DES, MODE_ID_CFB }, + {{ 0 }}, /* 3DES_112_CBC */ + {{ 0 }}, /* 3DES_112_ECB */ + {{ 0 }}, /* 3DES_112_CFB */ + {{ MAGIC_ALG }, ALG_ID_AES, MODE_ID_CBC }, + {{ MAGIC_ALG }, ALG_ID_AES, MODE_ID_ECB }, + {{ MAGIC_ALG }, ALG_ID_AES, MODE_ID_CFB }, + {{ MAGIC_ALG }, ALG_ID_AES, MODE_ID_CCM }, + {{ MAGIC_ALG }, ALG_ID_AES, MODE_ID_GCM }, + {{ 0 }}, /* DES_CBC */ + {{ 0 }}, /* DES_ECB */ + {{ 0 }}, /* DES_CFB */ + {{ 0 }}, /* DESX_CBC */ + {{ 0 }}, /* DESX_ECB */ + {{ 0 }}, /* DESX_CFB */ + {{ 0 }}, /* RC2_CBC */ + {{ 0 }}, /* RC2_ECB */ + {{ 0 }}, /* RC2_CFB */ + {{ 0 }}, /* DH */ + {{ 0 }}, /* ECDH */ + {{ MAGIC_ALG }, ALG_ID_ECDH_P256 }, + {{ MAGIC_ALG }, ALG_ID_ECDH_P384 }, + {{ 0 }}, /* ECDH_P512 */ + {{ MAGIC_ALG }, ALG_ID_DSA }, + {{ MAGIC_ALG }, ALG_ID_ECDSA_P256 }, + {{ MAGIC_ALG }, ALG_ID_ECDSA_P384 }, + {{ 0 }}, /* ECDSA_P512 */ + {{ MAGIC_ALG }, ALG_ID_RSA_SIGN }, +}; + +/* Algorithm pseudo-handles are denoted by having the lowest bit set. + * An aligned algorithm pointer will never have this bit set. + */ +static inline BOOL is_alg_pseudo_handle( BCRYPT_ALG_HANDLE handle ) +{ + return (((ULONG_PTR)handle & 1) == 1); +} + +static struct object *get_object( BCRYPT_HANDLE handle, ULONG magic ) +{ + ULONG idx; + + if (!handle) return NULL; + + if (!is_alg_pseudo_handle( handle )) + { + struct object *obj = handle; + if (magic && obj->magic != magic) return NULL; + return obj; + } + + idx = (ULONG_PTR)handle >> 4; + if (idx > ARRAY_SIZE(pseudo_algorithms) || !pseudo_algorithms[idx].hdr.magic) + { + FIXME( "pseudo-handle %p not supported\n", handle ); + return NULL; + } + return (struct object *)&pseudo_algorithms[idx]; +} + +static inline struct algorithm *get_alg_object( BCRYPT_ALG_HANDLE handle ) +{ + return (struct algorithm *)get_object( handle, MAGIC_ALG ); +} + +NTSTATUS WINAPI BCryptGenRandom( BCRYPT_ALG_HANDLE handle, UCHAR *buffer, ULONG count, ULONG flags ) { const DWORD supported_flags = BCRYPT_USE_SYSTEM_PREFERRED_RNG; - struct algorithm *algorithm = handle; + struct algorithm *alg = get_alg_object( handle );

TRACE("%p, %p, %lu, %#lx - semi-stub\n", handle, buffer, count, flags);

- if (!algorithm) + if (!handle) { /* It's valid to call without an algorithm if BCRYPT_USE_SYSTEM_PREFERRED_RNG * is set. In this case the preferred system RNG is used. @@ -190,18 +279,12 @@ NTSTATUS WINAPI BCryptGenRandom(BCRYPT_ALG_HANDLE handle, UCHAR *buffer, ULONG c if (!(flags & BCRYPT_USE_SYSTEM_PREFERRED_RNG)) return STATUS_INVALID_HANDLE; } - else if (((ULONG_PTR)algorithm & 1) == 1) + else if (is_alg_pseudo_handle( handle ) && handle != BCRYPT_RNG_ALG_HANDLE) { - /* Pseudo algorithm handles are denoted by having the lowest bit set. - * An aligned algorithm pointer will never have this bit set. - */ - if (algorithm != BCRYPT_RNG_ALG_HANDLE) - { - FIXME("pseudo-handle algorithm %p not supported\n", algorithm); - return STATUS_NOT_IMPLEMENTED; - } + FIXME( "pseudo-handle %p not supported\n", handle ); + return STATUS_NOT_IMPLEMENTED; } - else if (algorithm->hdr.magic != MAGIC_ALG || algorithm->id != ALG_ID_RNG) + else if (!alg || alg->id != ALG_ID_RNG) return STATUS_INVALID_HANDLE;

if (!buffer) @@ -210,23 +293,33 @@ NTSTATUS WINAPI BCryptGenRandom(BCRYPT_ALG_HANDLE handle, UCHAR *buffer, ULONG c if (flags & ~supported_flags) FIXME("unsupported flags %#lx\n", flags & ~supported_flags);

- if (algorithm) + if (alg) FIXME("ignoring selected algorithm\n");

/* When zero bytes are requested the function returns success too. */ if (!count) return STATUS_SUCCESS;

- if (algorithm || (flags & BCRYPT_USE_SYSTEM_PREFERRED_RNG)) + if (alg || (flags & BCRYPT_USE_SYSTEM_PREFERRED_RNG)) { - if (RtlGenRandom(buffer, count)) - return STATUS_SUCCESS; + if (RtlGenRandom(buffer, count)) return STATUS_SUCCESS; }

FIXME("called with unsupported parameters, returning error\n"); return STATUS_NOT_IMPLEMENTED; }

+static struct algorithm *create_algorithm( enum alg_id id, enum mode_id mode, DWORD flags ) +{ + struct algorithm *ret; + if (!(ret = calloc( 1, sizeof(*ret) ))) return NULL; + ret->hdr.magic = MAGIC_ALG; + ret->id = id; + ret->mode = mode; + ret->flags = flags; + return ret; +} + NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, const WCHAR *id, const WCHAR *implementation, DWORD flags ) { @@ -264,25 +357,25 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, const WC return STATUS_NOT_IMPLEMENTED; }

- if (!(alg = malloc( sizeof(*alg) ))) return STATUS_NO_MEMORY; - alg->hdr.magic = MAGIC_ALG; - alg->id = alg_id; - alg->mode = MODE_ID_CBC; - alg->flags = flags; - + if (!(alg = create_algorithm( alg_id, 0, flags ))) return STATUS_NO_MEMORY; *handle = alg; return STATUS_SUCCESS; }

+static void destroy_object( struct object *obj ) +{ + obj->magic = 0; + free( obj ); +} + NTSTATUS WINAPI BCryptCloseAlgorithmProvider( BCRYPT_ALG_HANDLE handle, DWORD flags ) { struct algorithm *alg = handle;

TRACE( "%p, %#lx\n", handle, flags );

- if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; - alg->hdr.magic = 0; - free( alg ); + if (!handle || is_alg_pseudo_handle( handle ) || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; + destroy_object( &alg->hdr ); return STATUS_SUCCESS; }

@@ -349,8 +442,7 @@ static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id ) return STATUS_SUCCESS; }

-static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id, - UCHAR *input, ULONG size ) +static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id, UCHAR *input, ULONG size ) { switch (alg_id) { @@ -389,8 +481,7 @@ static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id, return STATUS_SUCCESS; }

-static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id, - UCHAR *output, ULONG size ) +static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id, UCHAR *output, ULONG size ) { switch (alg_id) { @@ -605,8 +696,8 @@ static NTSTATUS get_dsa_property( enum mode_id mode, const WCHAR *prop, UCHAR *b return STATUS_NOT_IMPLEMENTED; }

-static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop, - UCHAR *buf, ULONG size, ULONG *ret_size ) +static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop, UCHAR *buf, ULONG size, + ULONG *ret_size ) { NTSTATUS status;

@@ -766,7 +857,7 @@ static NTSTATUS get_key_property( const struct key *key, const WCHAR *prop, UCHA NTSTATUS WINAPI BCryptGetProperty( BCRYPT_HANDLE handle, const WCHAR *prop, UCHAR *buffer, ULONG count, ULONG *res, ULONG flags ) { - struct object *object = handle; + struct object *object = get_object( handle, 0 );

TRACE( "%p, %s, %p, %lu, %p, %#lx\n", handle, wine_dbgstr_w(prop), buffer, count, res, flags );

@@ -857,25 +948,26 @@ static NTSTATUS hash_create( const struct algorithm *alg, UCHAR *secret, ULONG s return STATUS_SUCCESS; }

-NTSTATUS WINAPI BCryptCreateHash( BCRYPT_ALG_HANDLE algorithm, BCRYPT_HASH_HANDLE *handle, UCHAR *object, +NTSTATUS WINAPI BCryptCreateHash( BCRYPT_ALG_HANDLE handle, BCRYPT_HASH_HANDLE *ret_handle, UCHAR *object, ULONG object_len, UCHAR *secret, ULONG secret_len, ULONG flags ) { - struct algorithm *alg = algorithm; + struct algorithm *alg = get_alg_object( handle ); struct hash *hash; NTSTATUS status;

- TRACE( "%p, %p, %p, %lu, %p, %lu, %#lx\n", algorithm, handle, object, object_len, secret, secret_len, flags ); + TRACE( "%p, %p, %p, %lu, %p, %lu, %#lx\n", handle, ret_handle, object, object_len, secret, secret_len, flags ); if (flags & ~BCRYPT_HASH_REUSABLE_FLAG) { FIXME( "unimplemented flags %#lx\n", flags ); return STATUS_NOT_IMPLEMENTED; } - - if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; if (object) FIXME( "ignoring object buffer\n" );

+ if (!alg) return STATUS_INVALID_HANDLE; + if (!ret_handle) return STATUS_INVALID_PARAMETER; + if ((status = hash_create( alg, secret, secret_len, flags, &hash ))) return status; - *handle = hash; + *ret_handle = hash; return STATUS_SUCCESS; }

@@ -908,9 +1000,8 @@ NTSTATUS WINAPI BCryptDuplicateHash( BCRYPT_HASH_HANDLE handle, BCRYPT_HASH_HAND static void hash_destroy( struct hash *hash ) { if (!hash) return; - hash->hdr.magic = 0; free( hash->secret ); - free( hash ); + destroy_object( &hash->hdr ); }

NTSTATUS WINAPI BCryptDestroyHash( BCRYPT_HASH_HANDLE handle ) @@ -970,16 +1061,16 @@ NTSTATUS WINAPI BCryptFinishHash( BCRYPT_HASH_HANDLE handle, UCHAR *output, ULON return hash_finalize( hash, output, size ); }

-NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE algorithm, UCHAR *secret, ULONG secret_len, +NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE handle, UCHAR *secret, ULONG secret_len, UCHAR *input, ULONG input_len, UCHAR *output, ULONG output_len ) { - struct algorithm *alg = algorithm; + struct algorithm *alg = get_alg_object( handle ); struct hash *hash; NTSTATUS status;

- TRACE( "%p, %p, %lu, %p, %lu, %p, %lu\n", algorithm, secret, secret_len, input, input_len, output, output_len ); + TRACE( "%p, %p, %lu, %p, %lu, %p, %lu\n", handle, secret, secret_len, input, input_len, output, output_len );

- if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; + if (!alg) return STATUS_INVALID_HANDLE;

if ((status = hash_create( alg, secret, secret_len, 0, &hash ))) return status; if ((status = hash_update( &hash->inner, hash->alg_id, input, input_len ))) @@ -1040,7 +1131,76 @@ static NTSTATUS key_symmetric_set_vector( struct key *key, UCHAR *vector, ULONG return STATUS_SUCCESS; }

-static NTSTATUS key_import( BCRYPT_ALG_HANDLE algorithm, const WCHAR *type, BCRYPT_KEY_HANDLE *key, UCHAR *object, +static struct key *create_symmetric_key( enum alg_id alg, enum mode_id mode, ULONG block_size, UCHAR *secret, + ULONG secret_len ) +{ + struct key *ret; + + if (!(ret = calloc( 1, sizeof(*ret) ))) return NULL; + InitializeCriticalSection( &ret->u.s.cs ); + ret->hdr.magic = MAGIC_KEY; + ret->alg_id = alg; + ret->u.s.mode = mode; + ret->u.s.block_size = block_size; + + if (!(ret->u.s.secret = malloc( secret_len ))) + { + DeleteCriticalSection( &ret->u.s.cs ); + free( ret ); + return NULL; + } + memcpy( ret->u.s.secret, secret, secret_len ); + ret->u.s.secret_len = secret_len; + + return ret; +} + +static ULONG get_block_size( struct algorithm *alg ) +{ + ULONG ret = 0, size = sizeof(ret); + get_alg_property( alg, BCRYPT_BLOCK_LENGTH, (UCHAR *)&ret, sizeof(ret), &size ); + return ret; +} + +static NTSTATUS generate_symmetric_key( struct algorithm *alg, BCRYPT_KEY_HANDLE *ret_handle, UCHAR *secret, + ULONG secret_len ) +{ + BCRYPT_KEY_LENGTHS_STRUCT key_lengths; + ULONG block_size, size; + struct key *key; + NTSTATUS status; + + if (!(block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER; + if (!get_alg_property( alg, BCRYPT_KEY_LENGTHS, (UCHAR *)&key_lengths, sizeof(key_lengths), &size )) + { + if (secret_len > (size = key_lengths.dwMaxLength / 8)) + { + WARN( "secret_len %lu exceeds key max length %lu, setting to maximum\n", secret_len, size ); + secret_len = size; + } + else if (secret_len < (size = key_lengths.dwMinLength / 8)) + { + WARN( "secret_len %lu is less than minimum key length %lu\n", secret_len, size ); + return STATUS_INVALID_PARAMETER; + } + else if (key_lengths.dwIncrement && (secret_len * 8 - key_lengths.dwMinLength) % key_lengths.dwIncrement) + { + WARN( "secret_len %lu is not a valid key length\n", secret_len ); + return STATUS_INVALID_PARAMETER; + } + } + + if (!(key = create_symmetric_key( alg->id, alg->mode, block_size, secret, secret_len ))) status = STATUS_NO_MEMORY; + else + { + *ret_handle = key; + status = STATUS_SUCCESS; + } + + return status; +} + +static NTSTATUS key_import( struct algorithm *alg, const WCHAR *type, BCRYPT_KEY_HANDLE *key, UCHAR *object, ULONG object_len, UCHAR *input, ULONG input_len ) { ULONG len; @@ -1059,7 +1219,7 @@ static NTSTATUS key_import( BCRYPT_ALG_HANDLE algorithm, const WCHAR *type, BCRY len = header->cbKeyData; if (len + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) > input_len) return STATUS_INVALID_PARAMETER;

- return BCryptGenerateSymmetricKey( algorithm, key, object, object_len, (UCHAR *)&header[1], len, 0 ); + return generate_symmetric_key( alg, key, (UCHAR *)&header[1], len ); } else if (!wcscmp( type, BCRYPT_OPAQUE_KEY_BLOB )) { @@ -1067,7 +1227,7 @@ static NTSTATUS key_import( BCRYPT_ALG_HANDLE algorithm, const WCHAR *type, BCRY len = *(ULONG *)input; if (len + sizeof(len) > input_len) return STATUS_INVALID_PARAMETER;

- return BCryptGenerateSymmetricKey( algorithm, key, object, object_len, input + sizeof(len), len, 0 ); + return generate_symmetric_key( alg, key, input + sizeof(len), len ); }

FIXME( "unsupported key type %s\n", debugstr_w(type) ); @@ -1338,8 +1498,7 @@ static void key_destroy( struct key *key ) else UNIX_CALL( key_asymmetric_destroy, key );

- key->hdr.magic = 0; - free( key ); + destroy_object( &key->hdr ); }

static NTSTATUS key_import_pair( struct algorithm *alg, const WCHAR *type, BCRYPT_KEY_HANDLE *ret_key, UCHAR *input, @@ -1599,87 +1758,38 @@ static NTSTATUS key_import_pair( struct algorithm *alg, const WCHAR *type, BCRYP return STATUS_NOT_SUPPORTED; }

-static ULONG get_block_size( struct algorithm *alg ) -{ - ULONG ret = 0, size = sizeof(ret); - get_alg_property( alg, BCRYPT_BLOCK_LENGTH, (UCHAR *)&ret, sizeof(ret), &size ); - return ret; -} - -NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE *handle, +NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE handle, BCRYPT_KEY_HANDLE *ret_handle, UCHAR *object, ULONG object_len, UCHAR *secret, ULONG secret_len, ULONG flags ) { - BCRYPT_KEY_LENGTHS_STRUCT key_lengths; - struct algorithm *alg = algorithm; - ULONG block_size, size; - struct key *key; + struct algorithm *alg = get_alg_object( handle );

- TRACE( "%p, %p, %p, %lu, %p, %lu, %#lx\n", algorithm, handle, object, object_len, secret, secret_len, flags ); - - if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; + TRACE( "%p, %p, %p, %lu, %p, %lu, %#lx\n", handle, ret_handle, object, object_len, secret, secret_len, flags ); if (object) FIXME( "ignoring object buffer\n" ); - if (!bcrypt_handle) { ERR( "no encryption support\n" ); return STATUS_NOT_IMPLEMENTED; }

- if (!(block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER; - - if (!get_alg_property( alg, BCRYPT_KEY_LENGTHS, (UCHAR*)&key_lengths, sizeof(key_lengths), &size )) - { - if (secret_len > (size = key_lengths.dwMaxLength / 8)) - { - WARN( "secret_len %lu exceeds key max length %lu, setting to maximum\n", secret_len, size ); - secret_len = size; - } - else if (secret_len < (size = key_lengths.dwMinLength / 8)) - { - WARN( "secret_len %lu is less than minimum key length %lu\n", secret_len, size ); - return STATUS_INVALID_PARAMETER; - } - else if (key_lengths.dwIncrement && (secret_len * 8 - key_lengths.dwMinLength) % key_lengths.dwIncrement) - { - WARN( "secret_len %lu is not a valid key length\n", secret_len ); - return STATUS_INVALID_PARAMETER; - } - } - - if (!(key = calloc( 1, sizeof(*key) ))) return STATUS_NO_MEMORY; - InitializeCriticalSection( &key->u.s.cs ); - key->hdr.magic = MAGIC_KEY; - key->alg_id = alg->id; - key->u.s.mode = alg->mode; - key->u.s.block_size = block_size; - - if (!(key->u.s.secret = malloc( secret_len ))) - { - free( key ); - return STATUS_NO_MEMORY; - } - memcpy( key->u.s.secret, secret, secret_len ); - key->u.s.secret_len = secret_len; - - *handle = key; - return STATUS_SUCCESS; + if (!alg) return STATUS_INVALID_HANDLE; + return generate_symmetric_key( alg, ret_handle, secret, secret_len ); }

-NTSTATUS WINAPI BCryptGenerateKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE *handle, ULONG key_len, +NTSTATUS WINAPI BCryptGenerateKeyPair( BCRYPT_ALG_HANDLE handle, BCRYPT_KEY_HANDLE *ret_handle, ULONG key_len, ULONG flags ) { - struct algorithm *alg = algorithm; + struct algorithm *alg = get_alg_object( handle ); struct key *key; NTSTATUS status;

- TRACE( "%p, %p, %lu, %#lx\n", algorithm, handle, key_len, flags ); + TRACE( "%p, %p, %lu, %#lx\n", handle, ret_handle, key_len, flags );

- if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; - if (!handle) return STATUS_INVALID_PARAMETER; + if (!alg) return STATUS_INVALID_HANDLE; + if (!ret_handle) return STATUS_INVALID_PARAMETER;

if ((status = key_asymmetric_create( alg->id, key_len, &key ))) return status; - *handle = key; + *ret_handle = key; return STATUS_SUCCESS; }

@@ -1693,25 +1803,24 @@ NTSTATUS WINAPI BCryptFinalizeKeyPair( BCRYPT_KEY_HANDLE handle, ULONG flags ) return UNIX_CALL( key_asymmetric_generate, key ); }

-NTSTATUS WINAPI BCryptImportKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE decrypt_key, const WCHAR *type, - BCRYPT_KEY_HANDLE *key, UCHAR *object, ULONG object_len, UCHAR *input, +NTSTATUS WINAPI BCryptImportKey( BCRYPT_ALG_HANDLE handle, BCRYPT_KEY_HANDLE decrypt_key, const WCHAR *type, + BCRYPT_KEY_HANDLE *ret_handle, UCHAR *object, ULONG object_len, UCHAR *input, ULONG input_len, ULONG flags ) { - struct algorithm *alg = algorithm; + struct algorithm *alg = get_alg_object( handle );

- TRACE( "%p, %p, %s, %p, %p, %lu, %p, %lu, %#lx\n", algorithm, decrypt_key, debugstr_w(type), key, object, + TRACE( "%p, %p, %s, %p, %p, %lu, %p, %lu, %#lx\n", handle, decrypt_key, debugstr_w(type), ret_handle, object, object_len, input, input_len, flags );

- if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; - if (!key || !type || !input) return STATUS_INVALID_PARAMETER; - + if (!alg) return STATUS_INVALID_HANDLE; + if (!ret_handle || !type || !input) return STATUS_INVALID_PARAMETER; if (decrypt_key) { FIXME( "decryption of key not yet supported\n" ); return STATUS_NOT_IMPLEMENTED; }

- return key_import( algorithm, type, key, object, object_len, input, input_len ); + return key_import( alg, type, ret_handle, object, object_len, input, input_len ); }

NTSTATUS WINAPI BCryptExportKey( BCRYPT_KEY_HANDLE export_key, BCRYPT_KEY_HANDLE encrypt_key, const WCHAR *type, @@ -1793,52 +1902,52 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE return STATUS_SUCCESS; }

-NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE decrypt_key, const WCHAR *type, - BCRYPT_KEY_HANDLE *ret_key, UCHAR *input, ULONG input_len, ULONG flags ) +static const WCHAR *resolve_blob_type( const WCHAR *type, UCHAR *input, ULONG input_len ) { - struct algorithm *alg = algorithm; + BCRYPT_KEY_BLOB *blob = (BCRYPT_KEY_BLOB *)input;

- TRACE( "%p, %p, %s, %p, %p, %lu, %#lx\n", algorithm, decrypt_key, debugstr_w(type), ret_key, input, - input_len, flags ); + if (!type) return NULL; + if (wcscmp( type, BCRYPT_PUBLIC_KEY_BLOB )) return type; + if (input_len < sizeof(*blob)) return NULL;

- if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; - if (!ret_key || !type || !input) return STATUS_INVALID_PARAMETER; - if (decrypt_key) + switch (blob->Magic) { - FIXME( "decryption of key not yet supported\n" ); - return STATUS_NOT_IMPLEMENTED; - } + case BCRYPT_ECDH_PUBLIC_P256_MAGIC: + case BCRYPT_ECDH_PUBLIC_P384_MAGIC: + case BCRYPT_ECDSA_PUBLIC_P256_MAGIC: + case BCRYPT_ECDSA_PUBLIC_P384_MAGIC: + return BCRYPT_ECCPUBLIC_BLOB;

- if (!wcscmp( type, BCRYPT_PUBLIC_KEY_BLOB )) - { - BCRYPT_KEY_BLOB *key_blob = (BCRYPT_KEY_BLOB *)input; + case BCRYPT_RSAPUBLIC_MAGIC: + return BCRYPT_RSAPUBLIC_BLOB;

- if (input_len < sizeof(*key_blob)) return STATUS_INVALID_PARAMETER; + case BCRYPT_DSA_PUBLIC_MAGIC: + return BCRYPT_DSA_PUBLIC_BLOB;

- switch (key_blob->Magic) - { - case BCRYPT_ECDH_PUBLIC_P256_MAGIC: - case BCRYPT_ECDH_PUBLIC_P384_MAGIC: - case BCRYPT_ECDSA_PUBLIC_P256_MAGIC: - case BCRYPT_ECDSA_PUBLIC_P384_MAGIC: - type = BCRYPT_ECCPUBLIC_BLOB; - break; + default: + FIXME( "unsupported key magic %#lx\n", blob->Magic ); + return NULL; + } +}

- case BCRYPT_RSAPUBLIC_MAGIC: - type = BCRYPT_RSAPUBLIC_BLOB; - break; +NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE handle, BCRYPT_KEY_HANDLE decrypt_key, const WCHAR *type, + BCRYPT_KEY_HANDLE *ret_handle, UCHAR *input, ULONG input_len, ULONG flags ) +{ + struct algorithm *alg = get_alg_object( handle );

- case BCRYPT_DSA_PUBLIC_MAGIC: - type = BCRYPT_DSA_PUBLIC_BLOB; - break; + TRACE( "%p, %p, %s, %p, %p, %lu, %#lx\n", handle, decrypt_key, debugstr_w(type), ret_handle, input, + input_len, flags );

- default: - FIXME( "unsupported key magic %#lx\n", key_blob->Magic ); - return STATUS_NOT_SUPPORTED; - } + if (!alg) return STATUS_INVALID_HANDLE; + if (!ret_handle || !input || !(type = resolve_blob_type( type, input, input_len ))) + return STATUS_INVALID_PARAMETER; + if (decrypt_key) + { + FIXME( "decryption of key not yet supported\n" ); + return STATUS_NOT_IMPLEMENTED; }

- return key_import_pair( alg, type, ret_key, input, input_len ); + return key_import_pair( alg, type, ret_handle, input, input_len ); }

NTSTATUS WINAPI BCryptSignHash( BCRYPT_KEY_HANDLE handle, void *padding, UCHAR *input, ULONG input_len, @@ -1993,7 +2102,8 @@ NTSTATUS WINAPI BCryptSetProperty( BCRYPT_HANDLE handle, const WCHAR *prop, UCHA

TRACE( "%p, %s, %p, %lu, %#lx\n", handle, debugstr_w(prop), value, size, flags );

- if (!object) return STATUS_INVALID_HANDLE; + if (!handle) return STATUS_INVALID_HANDLE; + if (is_alg_pseudo_handle( handle )) return STATUS_ACCESS_DENIED;

switch (object->magic) { @@ -2107,20 +2217,14 @@ static NTSTATUS pbkdf2( struct hash *hash, UCHAR *pwd, ULONG pwd_len, UCHAR *sal return status; }

-NTSTATUS WINAPI BCryptDeriveKeyPBKDF2( BCRYPT_ALG_HANDLE handle, UCHAR *pwd, ULONG pwd_len, UCHAR *salt, ULONG salt_len, - ULONGLONG iterations, UCHAR *dk, ULONG dk_len, ULONG flags ) +static NTSTATUS derive_key_pbkdf2( struct algorithm *alg, UCHAR *pwd, ULONG pwd_len, UCHAR *salt, ULONG salt_len, + ULONGLONG iterations, UCHAR *dk, ULONG dk_len ) { - struct algorithm *alg = handle; ULONG hash_len, block_count, bytes_left, i; struct hash *hash; UCHAR *partial; NTSTATUS status;

- TRACE( "%p, %p, %lu, %p, %lu, %s, %p, %lu, %#lx\n", handle, pwd, pwd_len, salt, salt_len, - wine_dbgstr_longlong(iterations), dk, dk_len, flags ); - - if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; - hash_len = builtin_algorithms[alg->id].hash_length; if (dk_len <= 0 || dk_len > ((((ULONGLONG)1) << 32) - 1) * hash_len) return STATUS_INVALID_PARAMETER;

@@ -2159,6 +2263,18 @@ NTSTATUS WINAPI BCryptDeriveKeyPBKDF2( BCRYPT_ALG_HANDLE handle, UCHAR *pwd, ULO return STATUS_SUCCESS; }

+NTSTATUS WINAPI BCryptDeriveKeyPBKDF2( BCRYPT_ALG_HANDLE handle, UCHAR *pwd, ULONG pwd_len, UCHAR *salt, ULONG salt_len, + ULONGLONG iterations, UCHAR *dk, ULONG dk_len, ULONG flags ) +{ + struct algorithm *alg = get_alg_object( handle ); + + TRACE( "%p, %p, %lu, %p, %lu, %s, %p, %lu, %#lx\n", handle, pwd, pwd_len, salt, salt_len, + wine_dbgstr_longlong(iterations), dk, dk_len, flags ); + + if (!alg) return STATUS_INVALID_HANDLE; + return derive_key_pbkdf2( alg, pwd, pwd_len, salt, salt_len, iterations, dk, dk_len ); +} + NTSTATUS WINAPI BCryptSecretAgreement( BCRYPT_KEY_HANDLE privatekey, BCRYPT_KEY_HANDLE publickey, BCRYPT_SECRET_HANDLE *handle, ULONG flags ) { @@ -2186,8 +2302,7 @@ NTSTATUS WINAPI BCryptDestroySecret(BCRYPT_SECRET_HANDLE handle) FIXME( "%p\n", handle );

if (!secret || secret->hdr.magic != MAGIC_SECRET) return STATUS_INVALID_HANDLE; - secret->hdr.magic = 0; - free( secret ); + destroy_object( &secret->hdr ); return STATUS_SUCCESS; }

diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c index 95a09b9395f..d30e8888e49 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c @@ -63,8 +63,12 @@ static void test_BCryptGenRandom(void) { ret = BCryptGenRandom(BCRYPT_RNG_ALG_HANDLE, buffer, sizeof(buffer), 0); ok(ret == STATUS_SUCCESS, "Expected success, got %#lx\n", ret); + + ret = BCryptCloseAlgorithmProvider(BCRYPT_RNG_ALG_HANDLE, 0); + ok(ret == STATUS_INVALID_HANDLE, "got %#lx\n", ret); } else win_skip("BCryptGenRandom pseudo handles are not available\n"); + }

static void test_BCryptGetFipsAlgorithmMode(void) @@ -323,6 +327,14 @@ static void test_hash(const struct hash_test *test)

ret = BCryptCloseAlgorithmProvider(alg, 0); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + + if (pBCryptHash) + { + ret = BCryptCreateHash(BCRYPT_SHA1_ALG_HANDLE, &hash, NULL, 0, NULL, 0, 0); + ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + ret = BCryptDestroyHash(hash); + ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + } }

static void test_hashes(void) @@ -433,6 +445,15 @@ static void test_BcryptHash(void)

ret = BCryptCloseAlgorithmProvider(alg, 0); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + + if (pBCryptHash) + { + memset(md5, 0, sizeof(md5)); + ret = pBCryptHash(BCRYPT_MD5_ALG_HANDLE, NULL, 0, (UCHAR *)"test", sizeof("test"), md5, sizeof(md5)); + ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + format_hash( md5, sizeof(md5), str ); + ok(!strcmp(str, expected), "got %s\n", str); + } }

/* test vectors from RFC 6070 */ @@ -502,6 +523,13 @@ static void test_BcryptDeriveKeyPBKDF2(void)

ret = BCryptCloseAlgorithmProvider(alg, 0); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + + if (pBCryptHash) + { + ret = BCryptDeriveKeyPBKDF2(BCRYPT_HMAC_SHA1_ALG_HANDLE, rfc6070[0].pwd, rfc6070[0].pwd_len, rfc6070[0].salt, + rfc6070[0].salt_len, 1, buf, rfc6070[0].dk_len, 0); + ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + } }

static void test_rng(void) @@ -610,6 +638,19 @@ static void test_aes(void)

ret = BCryptCloseAlgorithmProvider(alg, 0); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + + if (pBCryptHash) + { + ret = BCryptSetProperty(BCRYPT_AES_CBC_ALG_HANDLE, BCRYPT_CHAINING_MODE, (UCHAR *)BCRYPT_CHAIN_MODE_GCM, 0, 0); + ok(ret == STATUS_ACCESS_DENIED, "got %#lx\n", ret); + + size = 0; + memset(mode, 0, sizeof(mode)); + ret = BCryptGetProperty(BCRYPT_AES_CBC_ALG_HANDLE, BCRYPT_CHAINING_MODE, mode, sizeof(mode), &size, 0); + ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + ok(!lstrcmpW((const WCHAR *)mode, BCRYPT_CHAIN_MODE_CBC), "got %s\n", wine_dbgstr_w((const WCHAR *)mode)); + ok(size == 64, "got %lu\n", size); + } }

static void test_3des(void) @@ -687,7 +728,7 @@ static void test_BCryptGenerateSymmetricKey(void) BCRYPT_KEY_HANDLE key, key2; UCHAR *buf, ciphertext[16], plaintext[16], ivbuf[16], mode[64]; BCRYPT_KEY_LENGTHS_STRUCT key_lengths; - ULONG size, len, i; + ULONG size, len, len2, i; NTSTATUS ret; DWORD keylen;

@@ -697,6 +738,7 @@ static void test_BCryptGenerateSymmetricKey(void) len = size = 0xdeadbeef; ret = BCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + len2 = len;

key = (void *)0xdeadbeef; ret = BCryptGenerateSymmetricKey(NULL, &key, NULL, 0, secret, sizeof(secret), 0); @@ -848,8 +890,16 @@ static void test_BCryptGenerateSymmetricKey(void)

ret = BCryptDestroyKey(key); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); - free(buf);

+ if (pBCryptHash) + { + ret = BCryptGenerateSymmetricKey(BCRYPT_AES_CBC_ALG_HANDLE, &key, buf, len2, secret, sizeof(secret), 0); + ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + ret = BCryptDestroyKey(key); + ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + } + + free(buf); ret = BCryptCloseAlgorithmProvider(aes, 0); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); } @@ -1949,11 +1999,18 @@ static void test_key_import_export(void) ret = BCryptImportKey(aes, NULL, BCRYPT_OPAQUE_KEY_BLOB, &key, NULL, 0, buf, size, 0); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); ok(key != NULL, "key not set\n"); - free(buf);

ret = BCryptDestroyKey(key); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret);

+ if (pBCryptHash) + { + ret = BCryptImportKey(BCRYPT_AES_CBC_ALG_HANDLE, NULL, BCRYPT_OPAQUE_KEY_BLOB, &key, NULL, 0, buf, size, 0); + ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); + BCryptDestroyKey(key); + } + + free(buf); ret = BCryptCloseAlgorithmProvider(aes, 0); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); } @@ -2029,6 +2086,14 @@ static void test_ECDSA(void) ok(!status, "BCryptImportKeyPair failed: %#lx\n", status); BCryptDestroyKey(key);

+ if (pBCryptHash) + { + status = BCryptImportKeyPair(BCRYPT_ECDSA_P256_ALG_HANDLE, NULL, BCRYPT_PUBLIC_KEY_BLOB, &key, buffer, + size, 0); + ok(!status, "BCryptImportKeyPair failed: %#lx\n", status); + BCryptDestroyKey(key); + } + status = BCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, &key, buffer, size, 0); ok(!status, "BCryptImportKeyPair failed: %#lx\n", status);

@@ -2208,14 +2273,15 @@ static void test_rsa_encrypt(void) oaep_pad.pbLabel = (PUCHAR)"test"; oaep_pad.cbLabel = 5;

- BCryptOpenAlgorithmProvider(&rsa, BCRYPT_RSA_ALGORITHM, NULL, 0); - BCryptGenerateKeyPair(rsa, &key, 512, 0); + ret = BCryptOpenAlgorithmProvider(&rsa, BCRYPT_RSA_ALGORITHM, NULL, 0); + ok(ret == STATUS_SUCCESS, "got %lx\n", ret); + ret = BCryptGenerateKeyPair(rsa, &key, 512, 0); + ok(ret == STATUS_SUCCESS, "got %lx\n", ret);

todo_wine { /* Not finalized key */ ret = BCryptEncrypt(key, input, sizeof(input), NULL, NULL, 0, NULL, 0, &encrypted_size, 0); ok(ret == STATUS_INVALID_HANDLE, "got %lx\n", ret); - BCryptFinalizeKeyPair(key, 0);

/* No padding */ @@ -2300,6 +2366,14 @@ static void test_rsa_encrypt(void)

free(encrypted_a); free(encrypted_b); + BCryptDestroyKey(key); + + if (pBCryptHash) + { + ret = BCryptGenerateKeyPair(BCRYPT_RSA_ALG_HANDLE, &key, 512, 0); + ok(ret == STATUS_SUCCESS, "got %lx\n", ret); + BCryptDestroyKey(key); + } }

static void test_RSA(void) diff --git a/include/bcrypt.h b/include/bcrypt.h index de31ca358ae..52cb3d21bb3 100644 --- a/include/bcrypt.h +++ b/include/bcrypt.h @@ -401,8 +401,65 @@ typedef PVOID BCRYPT_HANDLE; typedef PVOID BCRYPT_HASH_HANDLE; typedef PVOID BCRYPT_SECRET_HANDLE;

-/* Pseudo handles for BCryptGenRandom */ -#define BCRYPT_RNG_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000081) +/* Pseudo handles */ +#define BCRYPT_MD2_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000001) +#define BCRYPT_MD4_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000011) +#define BCRYPT_MD5_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000021) +#define BCRYPT_SHA1_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000031) +#define BCRYPT_SHA256_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000041) +#define BCRYPT_SHA384_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000051) +#define BCRYPT_SHA512_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000061) +#define BCRYPT_RC4_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000071) +#define BCRYPT_RNG_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000081) +#define BCRYPT_HMAC_MD5_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000091) +#define BCRYPT_HMAC_SHA1_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000000a1) +#define BCRYPT_HMAC_SHA256_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000000b1) +#define BCRYPT_HMAC_SHA384_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000000c1) +#define BCRYPT_HMAC_SHA512_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000000d1) +#define BCRYPT_RSA_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000000e1) +#define BCRYPT_ECDSA_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000000f1) +#define BCRYPT_AES_CMAC_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000101) +#define BCRYPT_AES_GMAC_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000111) +#define BCRYPT_HMAC_MD2_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000121) +#define BCRYPT_HMAC_MD4_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000131) +#define BCRYPT_3DES_CBC_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000141) +#define BCRYPT_3DES_ECB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000151) +#define BCRYPT_3DES_CFB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000161) +#define BCRYPT_3DES_112_CBC_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000171) +#define BCRYPT_3DES_112_ECB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000181) +#define BCRYPT_3DES_112_CFB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000191) +#define BCRYPT_AES_CBC_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000001a1) +#define BCRYPT_AES_ECB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000001b1) +#define BCRYPT_AES_CFB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000001c1) +#define BCRYPT_AES_CCM_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000001d1) +#define BCRYPT_AES_GCM_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000001e1) +#define BCRYPT_DES_CBC_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000001f1) +#define BCRYPT_DES_ECB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000201) +#define BCRYPT_DES_CFB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000211) +#define BCRYPT_DESX_CBC_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000221) +#define BCRYPT_DESX_ECB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000231) +#define BCRYPT_DESX_CFB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000241) +#define BCRYPT_RC2_CBC_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000251) +#define BCRYPT_RC2_ECB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000261) +#define BCRYPT_RC2_CFB_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000271) +#define BCRYPT_DH_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000281) +#define BCRYPT_ECDH_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000291) +#define BCRYPT_ECDH_P256_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000002a1) +#define BCRYPT_ECDH_P384_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000002b1) +#define BCRYPT_ECDH_P521_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000002c1) +#define BCRYPT_DSA_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000002d1) +#define BCRYPT_ECDSA_P256_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000002e1) +#define BCRYPT_ECDSA_P384_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x000002f1) +#define BCRYPT_ECDSA_P521_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000301) +#define BCRYPT_RSA_SIGN_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000311) +#define BCRYPT_CAPI_KDF_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000321) +#define BCRYPT_PBKDF2_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000331) +#define BCRYPT_SP800108_CTR_HMAC_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000341) +#define BCRYPT_SP80056A_CONCAT_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000351) +#define BCRYPT_TLS1_1_KDF_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000361) +#define BCRYPT_TLS1_2_KDF_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000371) +#define BCRYPT_XTS_AES_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000381) +#define BCRYPT_HKDF_ALG_HANDLE ((BCRYPT_ALG_HANDLE)0x00000391)

/* Flags for BCryptGenRandom */ #define BCRYPT_RNG_USE_ENTROPY_IN_BUFFER 0x00000001

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/834

Hans Leidekker

8:02 a.m.

New subject: [PATCH v2 2/9] bcrypt: Rename mode_id to chain_mode.

From: Hans Leidekker hans@codeweavers.com

--- dlls/bcrypt/bcrypt_internal.h | 32 ++++++++-------- dlls/bcrypt/bcrypt_main.c | 70 +++++++++++++++++------------------ dlls/bcrypt/gnutls.c | 24 ++++++------ 3 files changed, 63 insertions(+), 63 deletions(-)

diff --git a/dlls/bcrypt/bcrypt_internal.h b/dlls/bcrypt/bcrypt_internal.h index 78c391d20ec..98223e90ac6 100644 --- a/dlls/bcrypt/bcrypt_internal.h +++ b/dlls/bcrypt/bcrypt_internal.h @@ -144,31 +144,31 @@ enum alg_id ALG_ID_RNG, };

-enum mode_id +enum chain_mode { - MODE_ID_CBC, - MODE_ID_ECB, - MODE_ID_CFB, - MODE_ID_CCM, - MODE_ID_GCM, + CHAIN_MODE_CBC, + CHAIN_MODE_ECB, + CHAIN_MODE_CFB, + CHAIN_MODE_CCM, + CHAIN_MODE_GCM, };

struct algorithm { - struct object hdr; - enum alg_id id; - enum mode_id mode; - unsigned flags; + struct object hdr; + enum alg_id id; + enum chain_mode mode; + unsigned flags; };

struct key_symmetric { - enum mode_id mode; - ULONG block_size; - UCHAR *vector; - ULONG vector_len; - UCHAR *secret; - unsigned secret_len; + enum chain_mode mode; + ULONG block_size; + UCHAR *vector; + ULONG vector_len; + UCHAR *secret; + unsigned secret_len; CRITICAL_SECTION cs; };

diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c index 1cdc8bcf422..133c674e27c 100644 --- a/dlls/bcrypt/bcrypt_main.c +++ b/dlls/bcrypt/bcrypt_main.c @@ -197,17 +197,17 @@ static const struct algorithm pseudo_algorithms[] = {{ 0 }}, /* AES_GMAC */ {{ MAGIC_ALG }, ALG_ID_MD2, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG }, {{ MAGIC_ALG }, ALG_ID_MD4, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG }, - {{ MAGIC_ALG }, ALG_ID_3DES, MODE_ID_CBC }, - {{ MAGIC_ALG }, ALG_ID_3DES, MODE_ID_ECB }, - {{ MAGIC_ALG }, ALG_ID_3DES, MODE_ID_CFB }, + {{ MAGIC_ALG }, ALG_ID_3DES, CHAIN_MODE_CBC }, + {{ MAGIC_ALG }, ALG_ID_3DES, CHAIN_MODE_ECB }, + {{ MAGIC_ALG }, ALG_ID_3DES, CHAIN_MODE_CFB }, {{ 0 }}, /* 3DES_112_CBC */ {{ 0 }}, /* 3DES_112_ECB */ {{ 0 }}, /* 3DES_112_CFB */ - {{ MAGIC_ALG }, ALG_ID_AES, MODE_ID_CBC }, - {{ MAGIC_ALG }, ALG_ID_AES, MODE_ID_ECB }, - {{ MAGIC_ALG }, ALG_ID_AES, MODE_ID_CFB }, - {{ MAGIC_ALG }, ALG_ID_AES, MODE_ID_CCM }, - {{ MAGIC_ALG }, ALG_ID_AES, MODE_ID_GCM }, + {{ MAGIC_ALG }, ALG_ID_AES, CHAIN_MODE_CBC }, + {{ MAGIC_ALG }, ALG_ID_AES, CHAIN_MODE_ECB }, + {{ MAGIC_ALG }, ALG_ID_AES, CHAIN_MODE_CFB }, + {{ MAGIC_ALG }, ALG_ID_AES, CHAIN_MODE_CCM }, + {{ MAGIC_ALG }, ALG_ID_AES, CHAIN_MODE_GCM }, {{ 0 }}, /* DES_CBC */ {{ 0 }}, /* DES_ECB */ {{ 0 }}, /* DES_CFB */ @@ -309,7 +309,7 @@ NTSTATUS WINAPI BCryptGenRandom( BCRYPT_ALG_HANDLE handle, UCHAR *buffer, ULONG return STATUS_NOT_IMPLEMENTED; }

-static struct algorithm *create_algorithm( enum alg_id id, enum mode_id mode, DWORD flags ) +static struct algorithm *create_algorithm( enum alg_id id, enum chain_mode mode, DWORD flags ) { struct algorithm *ret; if (!(ret = calloc( 1, sizeof(*ret) ))) return NULL; @@ -577,7 +577,7 @@ static NTSTATUS generic_alg_property( enum alg_id id, const WCHAR *prop, UCHAR * return STATUS_NOT_IMPLEMENTED; }

-static NTSTATUS get_3des_property( enum mode_id mode, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size ) +static NTSTATUS get_3des_property( enum chain_mode mode, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size ) { if (!wcscmp( prop, BCRYPT_BLOCK_LENGTH )) { @@ -591,7 +591,7 @@ static NTSTATUS get_3des_property( enum mode_id mode, const WCHAR *prop, UCHAR * const WCHAR *str; switch (mode) { - case MODE_ID_CBC: str = BCRYPT_CHAIN_MODE_CBC; break; + case CHAIN_MODE_CBC: str = BCRYPT_CHAIN_MODE_CBC; break; default: return STATUS_NOT_IMPLEMENTED; }

@@ -617,7 +617,7 @@ static NTSTATUS get_3des_property( enum mode_id mode, const WCHAR *prop, UCHAR * return STATUS_NOT_IMPLEMENTED; }

-static NTSTATUS get_aes_property( enum mode_id mode, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size ) +static NTSTATUS get_aes_property( enum chain_mode mode, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size ) { if (!wcscmp( prop, BCRYPT_BLOCK_LENGTH )) { @@ -631,10 +631,10 @@ static NTSTATUS get_aes_property( enum mode_id mode, const WCHAR *prop, UCHAR *b const WCHAR *str; switch (mode) { - case MODE_ID_ECB: str = BCRYPT_CHAIN_MODE_ECB; break; - case MODE_ID_CBC: str = BCRYPT_CHAIN_MODE_CBC; break; - case MODE_ID_GCM: str = BCRYPT_CHAIN_MODE_GCM; break; - case MODE_ID_CFB: str = BCRYPT_CHAIN_MODE_CFB; break; + case CHAIN_MODE_ECB: str = BCRYPT_CHAIN_MODE_ECB; break; + case CHAIN_MODE_CBC: str = BCRYPT_CHAIN_MODE_CBC; break; + case CHAIN_MODE_GCM: str = BCRYPT_CHAIN_MODE_GCM; break; + case CHAIN_MODE_CFB: str = BCRYPT_CHAIN_MODE_CFB; break; default: return STATUS_NOT_IMPLEMENTED; }

@@ -659,7 +659,7 @@ static NTSTATUS get_aes_property( enum mode_id mode, const WCHAR *prop, UCHAR *b if (!wcscmp( prop, BCRYPT_AUTH_TAG_LENGTH )) { BCRYPT_AUTH_TAG_LENGTHS_STRUCT *tag_length = (void *)buf; - if (mode != MODE_ID_GCM) return STATUS_NOT_SUPPORTED; + if (mode != CHAIN_MODE_GCM) return STATUS_NOT_SUPPORTED; *ret_size = sizeof(*tag_length); if (tag_length && size < *ret_size) return STATUS_BUFFER_TOO_SMALL; if (tag_length) @@ -675,7 +675,7 @@ static NTSTATUS get_aes_property( enum mode_id mode, const WCHAR *prop, UCHAR *b return STATUS_NOT_IMPLEMENTED; }

-static NTSTATUS get_rsa_property( enum mode_id mode, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size ) +static NTSTATUS get_rsa_property( enum chain_mode mode, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size ) { if (!wcscmp( prop, BCRYPT_PADDING_SCHEMES )) { @@ -689,7 +689,7 @@ static NTSTATUS get_rsa_property( enum mode_id mode, const WCHAR *prop, UCHAR *b return STATUS_NOT_IMPLEMENTED; }

-static NTSTATUS get_dsa_property( enum mode_id mode, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size ) +static NTSTATUS get_dsa_property( enum chain_mode mode, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size ) { if (!wcscmp( prop, BCRYPT_PADDING_SCHEMES )) return STATUS_NOT_SUPPORTED; FIXME( "unsupported property %s\n", debugstr_w(prop) ); @@ -736,7 +736,7 @@ static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHA { if (!wcscmp( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC )) { - alg->mode = MODE_ID_CBC; + alg->mode = CHAIN_MODE_CBC; return STATUS_SUCCESS; } else @@ -753,22 +753,22 @@ static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHA { if (!wcscmp( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB )) { - alg->mode = MODE_ID_ECB; + alg->mode = CHAIN_MODE_ECB; return STATUS_SUCCESS; } else if (!wcscmp( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC )) { - alg->mode = MODE_ID_CBC; + alg->mode = CHAIN_MODE_CBC; return STATUS_SUCCESS; } else if (!wcscmp( (WCHAR *)value, BCRYPT_CHAIN_MODE_GCM )) { - alg->mode = MODE_ID_GCM; + alg->mode = CHAIN_MODE_GCM; return STATUS_SUCCESS; } else if (!wcscmp( (WCHAR *)value, BCRYPT_CHAIN_MODE_CFB )) { - alg->mode = MODE_ID_CFB; + alg->mode = CHAIN_MODE_CFB; return STATUS_SUCCESS; } else @@ -792,22 +792,22 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val { if (!wcscmp( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB )) { - key->u.s.mode = MODE_ID_ECB; + key->u.s.mode = CHAIN_MODE_ECB; return STATUS_SUCCESS; } else if (!wcscmp( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC )) { - key->u.s.mode = MODE_ID_CBC; + key->u.s.mode = CHAIN_MODE_CBC; return STATUS_SUCCESS; } else if (!wcscmp( (WCHAR *)value, BCRYPT_CHAIN_MODE_GCM )) { - key->u.s.mode = MODE_ID_GCM; + key->u.s.mode = CHAIN_MODE_GCM; return STATUS_SUCCESS; } else if (!wcscmp( (WCHAR *)value, BCRYPT_CHAIN_MODE_CFB )) { - key->u.s.mode = MODE_ID_CFB; + key->u.s.mode = CHAIN_MODE_CFB; return STATUS_SUCCESS; } else @@ -1131,7 +1131,7 @@ static NTSTATUS key_symmetric_set_vector( struct key *key, UCHAR *vector, ULONG return STATUS_SUCCESS; }

-static struct key *create_symmetric_key( enum alg_id alg, enum mode_id mode, ULONG block_size, UCHAR *secret, +static struct key *create_symmetric_key( enum alg_id alg, enum chain_mode mode, ULONG block_size, UCHAR *secret, ULONG secret_len ) { struct key *ret; @@ -1311,7 +1311,7 @@ static NTSTATUS key_symmetric_encrypt( struct key *key, UCHAR *input, ULONG inp UCHAR *buf; NTSTATUS status;

- if (key->u.s.mode == MODE_ID_GCM) + if (key->u.s.mode == CHAIN_MODE_GCM) { BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;

@@ -1357,7 +1357,7 @@ static NTSTATUS key_symmetric_encrypt( struct key *key, UCHAR *input, ULONG inp

if (!output) return STATUS_SUCCESS; if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; - if (key->u.s.mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER; + if (key->u.s.mode == CHAIN_MODE_ECB && iv) return STATUS_INVALID_PARAMETER; if ((status = key_symmetric_set_vector( key, iv, iv_len, flags & BCRYPT_BLOCK_PADDING ))) return status;

encrypt_params.key = key; @@ -1369,7 +1369,7 @@ static NTSTATUS key_symmetric_encrypt( struct key *key, UCHAR *input, ULONG inp { if ((status = UNIX_CALL( key_symmetric_encrypt, &encrypt_params ))) return status; - if (key->u.s.mode == MODE_ID_ECB && (status = key_symmetric_set_vector( key, NULL, 0, TRUE ))) + if (key->u.s.mode == CHAIN_MODE_ECB && (status = key_symmetric_set_vector( key, NULL, 0, TRUE ))) return status; bytes_left -= key->u.s.block_size; encrypt_params.input += key->u.s.block_size; @@ -1398,7 +1398,7 @@ static NTSTATUS key_symmetric_decrypt( struct key *key, UCHAR *input, ULONG inpu ULONG bytes_left = input_len; NTSTATUS status;

- if (key->u.s.mode == MODE_ID_GCM) + if (key->u.s.mode == CHAIN_MODE_GCM) { BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding; UCHAR tag[16]; @@ -1449,7 +1449,7 @@ static NTSTATUS key_symmetric_decrypt( struct key *key, UCHAR *input, ULONG inpu } else if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;

- if (key->u.s.mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER; + if (key->u.s.mode == CHAIN_MODE_ECB && iv) return STATUS_INVALID_PARAMETER; if ((status = key_symmetric_set_vector( key, iv, iv_len, flags & BCRYPT_BLOCK_PADDING ))) return status;

decrypt_params.key = key; @@ -1460,7 +1460,7 @@ static NTSTATUS key_symmetric_decrypt( struct key *key, UCHAR *input, ULONG inpu while (bytes_left >= key->u.s.block_size) { if ((status = UNIX_CALL( key_symmetric_decrypt, &decrypt_params ))) return status; - if (key->u.s.mode == MODE_ID_ECB && (status = key_symmetric_set_vector( key, NULL, 0, TRUE ))) + if (key->u.s.mode == CHAIN_MODE_ECB && (status = key_symmetric_set_vector( key, NULL, 0, TRUE ))) return status; bytes_left -= key->u.s.block_size; decrypt_params.input += key->u.s.block_size; diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c index f06f39559dc..5c88a4c2a3e 100644 --- a/dlls/bcrypt/gnutls.c +++ b/dlls/bcrypt/gnutls.c @@ -490,7 +490,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) WARN( "handle block size\n" ); switch (key->u.s.mode) { - case MODE_ID_CBC: + case CHAIN_MODE_CBC: return GNUTLS_CIPHER_3DES_CBC; default: break; @@ -502,17 +502,17 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) WARN( "handle block size\n" ); switch (key->u.s.mode) { - case MODE_ID_GCM: + case CHAIN_MODE_GCM: if (key->u.s.secret_len == 16) return GNUTLS_CIPHER_AES_128_GCM; if (key->u.s.secret_len == 32) return GNUTLS_CIPHER_AES_256_GCM; break; - case MODE_ID_ECB: /* can be emulated with CBC + empty IV */ - case MODE_ID_CBC: + case CHAIN_MODE_ECB: /* can be emulated with CBC + empty IV */ + case CHAIN_MODE_CBC: if (key->u.s.secret_len == 16) return GNUTLS_CIPHER_AES_128_CBC; if (key->u.s.secret_len == 24) return GNUTLS_CIPHER_AES_192_CBC; if (key->u.s.secret_len == 32) return GNUTLS_CIPHER_AES_256_CBC; break; - case MODE_ID_CFB: + case CHAIN_MODE_CFB: if (key->u.s.secret_len == 16) return GNUTLS_CIPHER_AES_128_CFB8; if (key->u.s.secret_len == 24) return GNUTLS_CIPHER_AES_192_CFB8; if (key->u.s.secret_len == 32) return GNUTLS_CIPHER_AES_256_CFB8; @@ -2041,13 +2041,13 @@ typedef ULONG PTR32;

struct key_symmetric32 { - enum mode_id mode; - ULONG block_size; - PTR32 vector; - ULONG vector_len; - PTR32 secret; - ULONG secret_len; - ULONG __cs[6]; + enum chain_mode mode; + ULONG block_size; + PTR32 vector; + ULONG vector_len; + PTR32 secret; + ULONG secret_len; + ULONG __cs[6]; };

struct key_asymmetric32

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/834

Hans Leidekker

8:02 a.m.

New subject: [PATCH v2 3/9] appwiz.cpl: Use BCrypt algorithm pseudo-handles.

From: Hans Leidekker hans@codeweavers.com

--- dlls/appwiz.cpl/addons.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/dlls/appwiz.cpl/addons.c b/dlls/appwiz.cpl/addons.c index cdc5141bd33..a59002259dc 100644 --- a/dlls/appwiz.cpl/addons.c +++ b/dlls/appwiz.cpl/addons.c @@ -120,7 +120,6 @@ static BOOL sha_check(const WCHAR *file_name) HANDLE file, map; DWORD size, i; BCRYPT_HASH_HANDLE hash = NULL; - BCRYPT_ALG_HANDLE alg = NULL; UCHAR sha[32]; char buf[1024]; BOOL ret = FALSE; @@ -143,9 +142,7 @@ static BOOL sha_check(const WCHAR *file_name) if(!file_map) return FALSE;

- if(BCryptOpenAlgorithmProvider(&alg, BCRYPT_SHA256_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0)) - goto end; - if(BCryptCreateHash(alg, &hash, NULL, 0, NULL, 0, 0)) + if(BCryptCreateHash(BCRYPT_SHA256_ALG_HANDLE, &hash, NULL, 0, NULL, 0, 0)) goto end; if(BCryptHashData(hash, (UCHAR *)file_map, size, 0)) goto end; @@ -162,7 +159,6 @@ static BOOL sha_check(const WCHAR *file_name) end: UnmapViewOfFile(file_map); if(hash) BCryptDestroyHash(hash); - if(alg) BCryptCloseAlgorithmProvider(alg, 0); return ret; }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/834

Hans Leidekker

8:02 a.m.

New subject: [PATCH v2 4/9] appwiz.cpl: Use BCryptHash().

From: Hans Leidekker hans@codeweavers.com

--- dlls/appwiz.cpl/addons.c | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/dlls/appwiz.cpl/addons.c b/dlls/appwiz.cpl/addons.c index a59002259dc..88a830de2eb 100644 --- a/dlls/appwiz.cpl/addons.c +++ b/dlls/appwiz.cpl/addons.c @@ -119,7 +119,6 @@ static BOOL sha_check(const WCHAR *file_name) const unsigned char *file_map; HANDLE file, map; DWORD size, i; - BCRYPT_HASH_HANDLE hash = NULL; UCHAR sha[32]; char buf[1024]; BOOL ret = FALSE; @@ -142,23 +141,16 @@ static BOOL sha_check(const WCHAR *file_name) if(!file_map) return FALSE;

- if(BCryptCreateHash(BCRYPT_SHA256_ALG_HANDLE, &hash, NULL, 0, NULL, 0, 0)) - goto end; - if(BCryptHashData(hash, (UCHAR *)file_map, size, 0)) - goto end; - if(BCryptFinishHash(hash, sha, sizeof(sha), 0)) - goto end; + if(!BCryptHash(BCRYPT_SHA256_ALG_HANDLE, NULL, 0, (UCHAR *)file_map, size, sha, sizeof(sha))) { + for(i=0; i < sizeof(sha); i++) + sprintf(buf + i * 2, "%02x", sha[i]);

- for(i=0; i < sizeof(sha); i++) - sprintf(buf + i * 2, "%02x", sha[i]); - - ret = !strcmp(buf, addon->sha); - if(!ret) - WARN("Got %s, expected %s\n", buf, addon->sha); + ret = !strcmp(buf, addon->sha); + if(!ret) + WARN("Got %s, expected %s\n", buf, addon->sha); + }

-end: UnmapViewOfFile(file_map); - if(hash) BCryptDestroyHash(hash); return ret; }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/834

Hans Leidekker

8:02 a.m.

New subject: [PATCH v2 5/9] crypt32: Use BCrypt algorithm pseudo-handles.

From: Hans Leidekker hans@codeweavers.com

--- dlls/crypt32/cert.c | 43 ++++++++++++------------------------------- 1 file changed, 12 insertions(+), 31 deletions(-)

diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c index b57cc685212..a0b5747f2d3 100644 --- a/dlls/crypt32/cert.c +++ b/dlls/crypt32/cert.c @@ -2620,9 +2620,8 @@ done: static BOOL CNG_ImportECCPubKey(CERT_PUBLIC_KEY_INFO *pubKeyInfo, BCRYPT_KEY_HANDLE *key) { DWORD blob_magic, ecckey_len, size; - BCRYPT_ALG_HANDLE alg = NULL; + BCRYPT_ALG_HANDLE alg_handle; BCRYPT_ECCKEY_BLOB *ecckey; - const WCHAR *sign_algo; char **ecc_curve; NTSTATUS status;

@@ -2645,47 +2644,39 @@ static BOOL CNG_ImportECCPubKey(CERT_PUBLIC_KEY_INFO *pubKeyInfo, BCRYPT_KEY_HAN

if (!strcmp(*ecc_curve, szOID_ECC_CURVE_P256)) { - sign_algo = BCRYPT_ECDSA_P256_ALGORITHM; + alg_handle = BCRYPT_ECDSA_P256_ALG_HANDLE; blob_magic = BCRYPT_ECDSA_PUBLIC_P256_MAGIC; } else if (!strcmp(*ecc_curve, szOID_ECC_CURVE_P384)) { - sign_algo = BCRYPT_ECDSA_P384_ALGORITHM; + alg_handle = BCRYPT_ECDSA_P384_ALG_HANDLE; blob_magic = BCRYPT_ECDSA_PUBLIC_P384_MAGIC; } else { FIXME("Unsupported ecc curve type: %s\n", *ecc_curve); - sign_algo = NULL; + alg_handle = NULL; blob_magic = 0; } LocalFree(ecc_curve);

- if (!sign_algo) + if (!alg_handle) { SetLastError(NTE_BAD_ALGID); return FALSE; }

- if ((status = BCryptOpenAlgorithmProvider(&alg, sign_algo, NULL, 0))) - goto done; - ecckey_len = sizeof(BCRYPT_ECCKEY_BLOB) + pubKeyInfo->PublicKey.cbData - 1; if (!(ecckey = CryptMemAlloc(ecckey_len))) - { - status = STATUS_NO_MEMORY; - goto done; - } + return STATUS_NO_MEMORY;

ecckey->dwMagic = blob_magic; ecckey->cbKey = (pubKeyInfo->PublicKey.cbData - 1) / 2; memcpy(ecckey + 1, pubKeyInfo->PublicKey.pbData + 1, pubKeyInfo->PublicKey.cbData - 1);

- status = BCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, key, (BYTE*)ecckey, ecckey_len, 0); + status = BCryptImportKeyPair(alg_handle, NULL, BCRYPT_ECCPUBLIC_BLOB, key, (BYTE*)ecckey, ecckey_len, 0); CryptMemFree(ecckey);

-done: - if (alg) BCryptCloseAlgorithmProvider(alg, 0); if (status) SetLastError(RtlNtStatusToDosError(status)); return !status; } @@ -2695,8 +2686,7 @@ static BOOL CNG_ImportRSAPubKey(CERT_PUBLIC_KEY_INFO *info, BCRYPT_KEY_HANDLE *k DWORD size, modulus_len, i; BLOBHEADER *hdr; RSAPUBKEY *rsapubkey; - const WCHAR *rsa_algo; - BCRYPT_ALG_HANDLE alg = NULL; + BCRYPT_ALG_HANDLE alg_handle; BCRYPT_RSAKEY_BLOB *rsakey; BYTE *s, *d; NTSTATUS status; @@ -2715,9 +2705,9 @@ static BOOL CNG_ImportRSAPubKey(CERT_PUBLIC_KEY_INFO *info, BCRYPT_KEY_HANDLE *k }

if (hdr->aiKeyAlg == CALG_RSA_KEYX) - rsa_algo = BCRYPT_RSA_ALGORITHM; + alg_handle = BCRYPT_RSA_ALG_HANDLE; else if (hdr->aiKeyAlg == CALG_RSA_SIGN) - rsa_algo = BCRYPT_RSA_SIGN_ALGORITHM; + alg_handle = BCRYPT_RSA_SIGN_ALG_HANDLE; else { FIXME("Unsupported RSA algorithm: %#x\n", hdr->aiKeyAlg); @@ -2726,9 +2716,6 @@ static BOOL CNG_ImportRSAPubKey(CERT_PUBLIC_KEY_INFO *info, BCRYPT_KEY_HANDLE *k return FALSE; }

- if ((status = BCryptOpenAlgorithmProvider(&alg, rsa_algo, NULL, 0))) - goto done; - rsapubkey = (RSAPUBKEY *)(hdr + 1);

modulus_len = size - sizeof(*hdr) - sizeof(*rsapubkey); @@ -2736,12 +2723,8 @@ static BOOL CNG_ImportRSAPubKey(CERT_PUBLIC_KEY_INFO *info, BCRYPT_KEY_HANDLE *k FIXME("RSA pubkey has wrong modulus_len %lu\n", modulus_len);

size = sizeof(*rsakey) + sizeof(ULONG) + modulus_len; - if (!(rsakey = CryptMemAlloc(size))) - { - status = STATUS_NO_MEMORY; - goto done; - } + return STATUS_NO_MEMORY;

rsakey->Magic = BCRYPT_RSAPUBLIC_MAGIC; rsakey->BitLength = rsapubkey->bitlen; @@ -2759,12 +2742,10 @@ static BOOL CNG_ImportRSAPubKey(CERT_PUBLIC_KEY_INFO *info, BCRYPT_KEY_HANDLE *k for (i = 0; i < modulus_len; i++) d[i] = s[modulus_len - i - 1];

- status = BCryptImportKeyPair(alg, NULL, BCRYPT_RSAPUBLIC_BLOB, key, (BYTE *)rsakey, size, 0); + status = BCryptImportKeyPair(alg_handle, NULL, BCRYPT_RSAPUBLIC_BLOB, key, (BYTE *)rsakey, size, 0); CryptMemFree(rsakey);

-done: LocalFree(hdr); - if (alg) BCryptCloseAlgorithmProvider(alg, 0); if (status) SetLastError(RtlNtStatusToDosError(status)); return !status; }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/834

Hans Leidekker

8:02 a.m.

New subject: [PATCH v2 6/9] dssenh: Use BCrypt algorithm pseudo-handles.

From: Hans Leidekker hans@codeweavers.com

--- dlls/dssenh/main.c | 32 +++++++------------------------- 1 file changed, 7 insertions(+), 25 deletions(-)

diff --git a/dlls/dssenh/main.c b/dlls/dssenh/main.c index 5f179a3c82b..887319d0a9d 100644 --- a/dlls/dssenh/main.c +++ b/dlls/dssenh/main.c @@ -40,7 +40,6 @@ struct key DWORD magic; DWORD algid; DWORD flags; - BCRYPT_ALG_HANDLE alg_handle; BCRYPT_KEY_HANDLE handle; };

@@ -139,13 +138,11 @@ static const WCHAR *map_keyspec_to_keypair_name( DWORD keyspec ) static struct key *create_key( ALG_ID algid, DWORD flags ) { struct key *ret; - const WCHAR *alg;

switch (algid) { case AT_SIGNATURE: case CALG_DSS_SIGN: - alg = BCRYPT_DSA_ALGORITHM; break;

default: @@ -158,11 +155,6 @@ static struct key *create_key( ALG_ID algid, DWORD flags ) ret->magic = MAGIC_KEY; ret->algid = algid; ret->flags = flags; - if (BCryptOpenAlgorithmProvider( &ret->alg_handle, alg, MS_PRIMITIVE_PROVIDER, 0 )) - { - free( ret ); - return NULL; - } return ret; }

@@ -170,7 +162,6 @@ static void destroy_key( struct key *key ) { if (!key) return; BCryptDestroyKey( key->handle ); - BCryptCloseAlgorithmProvider( key->alg_handle, 0 ); key->magic = 0; free( key ); } @@ -181,7 +172,7 @@ static struct key *import_key( DWORD keyspec, BYTE *data, DWORD len )

if (!(ret = create_key( keyspec, 0 ))) return NULL;

- if (BCryptImportKeyPair( ret->alg_handle, NULL, LEGACY_DSA_V2_PRIVATE_BLOB, &ret->handle, data, len, 0 )) + if (BCryptImportKeyPair( BCRYPT_DSA_ALG_HANDLE, NULL, LEGACY_DSA_V2_PRIVATE_BLOB, &ret->handle, data, len, 0 )) { WARN( "failed to import key\n" ); destroy_key( ret ); @@ -404,7 +395,7 @@ static BOOL generate_key( struct container *container, ALG_ID algid, DWORD bitle

if (!(key = create_key( algid, flags ))) return FALSE;

- if ((status = BCryptGenerateKeyPair( key->alg_handle, &key->handle, bitlen, 0 ))) + if ((status = BCryptGenerateKeyPair( BCRYPT_DSA_ALG_HANDLE, &key->handle, bitlen, 0 ))) { ERR( "failed to generate key %08lx\n", status ); destroy_key( key ); @@ -517,7 +508,7 @@ static BOOL import_key_dss2( struct container *container, ALG_ID algid, const BY

if (!(key = create_key( CALG_DSS_SIGN, flags ))) return FALSE;

- if ((status = BCryptImportKeyPair( key->alg_handle, NULL, type, &key->handle, (UCHAR *)data, len, 0 ))) + if ((status = BCryptImportKeyPair( BCRYPT_DSA_ALG_HANDLE, NULL, type, &key->handle, (UCHAR *)data, len, 0 ))) { TRACE( "failed to import key %08lx\n", status ); destroy_key( key ); @@ -624,8 +615,8 @@ static BOOL import_key_dss3( struct container *container, ALG_ID algid, const BY dst += blob->cbKey; for (i = 0; i < blob->cbKey; i++) dst[i] = src[blob->cbKey - i - 1];

- if ((status = BCryptImportKeyPair( key->alg_handle, NULL, BCRYPT_DSA_PUBLIC_BLOB, &key->handle, (UCHAR *)blob, - size, 0 ))) + if ((status = BCryptImportKeyPair( BCRYPT_DSA_ALG_HANDLE, NULL, BCRYPT_DSA_PUBLIC_BLOB, &key->handle, + (UCHAR *)blob, size, 0 ))) { WARN( "failed to import key %08lx\n", status ); destroy_key( key ); @@ -771,18 +762,17 @@ static struct hash *create_hash( ALG_ID algid ) { struct hash *ret; BCRYPT_ALG_HANDLE alg_handle; - const WCHAR *alg; DWORD len;

switch (algid) { case CALG_MD5: - alg = BCRYPT_MD5_ALGORITHM; + alg_handle = BCRYPT_MD5_ALG_HANDLE; len = 16; break;

case CALG_SHA1: - alg = BCRYPT_SHA1_ALGORITHM; + alg_handle = BCRYPT_SHA1_ALG_HANDLE; len = 20; break;

@@ -795,19 +785,11 @@ static struct hash *create_hash( ALG_ID algid )

ret->magic = MAGIC_HASH; ret->len = len; - if (BCryptOpenAlgorithmProvider( &alg_handle, alg, MS_PRIMITIVE_PROVIDER, 0 )) - { - free( ret ); - return NULL; - } if (BCryptCreateHash( alg_handle, &ret->handle, NULL, 0, NULL, 0, 0 )) { - BCryptCloseAlgorithmProvider( alg_handle, 0 ); free( ret ); return NULL; } - - BCryptCloseAlgorithmProvider( alg_handle, 0 ); return ret; }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/834

Hans Leidekker

8:02 a.m.

New subject: [PATCH v2 7/9] fusion: Use BCrypt algorithm pseudo-handles.

From: Hans Leidekker hans@codeweavers.com

--- dlls/fusion/assembly.c | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-)

diff --git a/dlls/fusion/assembly.c b/dlls/fusion/assembly.c index 48d5308dd4b..433e30a5399 100644 --- a/dlls/fusion/assembly.c +++ b/dlls/fusion/assembly.c @@ -809,10 +809,8 @@ HRESULT assembly_get_pubkey_token(ASSEMBLY *assembly, LPWSTR *token) ULONG i, size; LONG offset; BYTE hashdata[20], *pubkey, *ptr; - BCRYPT_ALG_HANDLE alg; BYTE tokbytes[BYTES_PER_TOKEN]; - HRESULT hr = E_FAIL; - LPWSTR tok; + WCHAR *tok; DWORD idx;

*token = NULL; @@ -833,33 +831,20 @@ HRESULT assembly_get_pubkey_token(ASSEMBLY *assembly, LPWSTR *token)

pubkey = assembly_get_blob(assembly, idx, &size);

- if (BCryptOpenAlgorithmProvider(&alg, BCRYPT_SHA1_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0) != STATUS_SUCCESS) + if (BCryptHash(BCRYPT_SHA1_ALG_HANDLE, NULL, 0, pubkey, size, hashdata, sizeof(hashdata)) != STATUS_SUCCESS) return E_FAIL;

- if (BCryptHash(alg, NULL, 0, pubkey, size, hashdata, sizeof(hashdata)) != STATUS_SUCCESS) - { - hr = E_FAIL; - goto done; - } - size = sizeof(hashdata); for (i = size - 1; i >= size - 8; i--) tokbytes[size - i - 1] = hashdata[i];

if (!(tok = malloc((TOKEN_LENGTH + 1) * sizeof(WCHAR)))) - { - hr = E_OUTOFMEMORY; - goto done; - } + return E_OUTOFMEMORY;

token_to_str(tokbytes, tok);

*token = tok; - hr = S_OK; - -done: - BCryptCloseAlgorithmProvider(alg, 0); - return hr; + return S_OK; }

HRESULT assembly_get_runtime_version(ASSEMBLY *assembly, LPSTR *version)

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/834

Hans Leidekker

8:02 a.m.

New subject: [PATCH v2 8/9] ncrypt: Use BCrypt algorithm pseudo-handles.

From: Hans Leidekker hans@codeweavers.com

--- dlls/ncrypt/main.c | 32 +++++--------------------------- dlls/ncrypt/ncrypt_internal.h | 1 - 2 files changed, 5 insertions(+), 28 deletions(-)

diff --git a/dlls/ncrypt/main.c b/dlls/ncrypt/main.c index 9f859acfdf9..89fbfcb795a 100644 --- a/dlls/ncrypt/main.c +++ b/dlls/ncrypt/main.c @@ -130,38 +130,21 @@ static SECURITY_STATUS set_object_property(struct object *object, const WCHAR *n static struct object *create_key_object(enum algid algid, NCRYPT_PROV_HANDLE provider) { struct object *object; - NTSTATUS status; - - if (!(object = allocate_object(KEY))) - { - ERR("Error allocating memory\n"); - return NULL; - }

switch (algid) { case RSA: - { - status = BCryptOpenAlgorithmProvider(&object->key.bcrypt_alg, BCRYPT_RSA_ALGORITHM, NULL, 0); - if (status != STATUS_SUCCESS) - { - ERR("Error opening algorithm provider %#lx\n", status); - free(object); - return NULL; - } + if (!(object = allocate_object(KEY))) return NULL;

object->key.algid = RSA; set_object_property(object, NCRYPT_ALGORITHM_GROUP_PROPERTY, (BYTE *)BCRYPT_RSA_ALGORITHM, sizeof(BCRYPT_RSA_ALGORITHM)); break; - } + default: - { ERR("Invalid algid %#x\n", algid); - free(object); return NULL; } - }

set_object_property(object, NCRYPT_PROVIDER_HANDLE_PROPERTY, (BYTE *)&provider, sizeof(provider)); return object; @@ -190,11 +173,10 @@ SECURITY_STATUS WINAPI NCryptCreatePersistedKey(NCRYPT_PROV_HANDLE provider, NCR return NTE_NO_MEMORY; }

- status = BCryptGenerateKeyPair(object->key.bcrypt_alg, &object->key.bcrypt_key, default_bitlen, 0); + status = BCryptGenerateKeyPair(BCRYPT_RSA_ALG_HANDLE, &object->key.bcrypt_key, default_bitlen, 0); if (status != STATUS_SUCCESS) { ERR("Error generating key pair %#lx\n", status); - BCryptCloseAlgorithmProvider(object->key.bcrypt_alg, 0); free(object); return map_ntstatus(status); } @@ -304,10 +286,7 @@ SECURITY_STATUS WINAPI NCryptFreeBuffer(PVOID buf)

static SECURITY_STATUS free_key_object(struct key *key) { - NTSTATUS status, status2; - status = BCryptDestroyKey(key->bcrypt_key); - if ((status2 = BCryptCloseAlgorithmProvider(key->bcrypt_alg, 0))) return map_ntstatus(status2); - return status ? map_ntstatus(status) : ERROR_SUCCESS; + return map_ntstatus( BCryptDestroyKey(key->bcrypt_key) ); }

SECURITY_STATUS WINAPI NCryptFreeObject(NCRYPT_HANDLE handle) @@ -414,11 +393,10 @@ SECURITY_STATUS WINAPI NCryptImportKey(NCRYPT_PROV_HANDLE provider, NCRYPT_KEY_H return NTE_NO_MEMORY; }

- status = BCryptImportKeyPair(object->key.bcrypt_alg, NULL, type, &object->key.bcrypt_key, data, datasize, 0); + status = BCryptImportKeyPair(BCRYPT_RSA_ALG_HANDLE, NULL, type, &object->key.bcrypt_key, data, datasize, 0); if (status != STATUS_SUCCESS) { WARN("Error importing key pair %#lx\n", status); - BCryptCloseAlgorithmProvider(object->key.bcrypt_alg, 0); free(object); return map_ntstatus(status); } diff --git a/dlls/ncrypt/ncrypt_internal.h b/dlls/ncrypt/ncrypt_internal.h index 0ab20de14ad..effb75df45f 100644 --- a/dlls/ncrypt/ncrypt_internal.h +++ b/dlls/ncrypt/ncrypt_internal.h @@ -31,7 +31,6 @@ enum algid struct key { enum algid algid; - BCRYPT_ALG_HANDLE bcrypt_alg; BCRYPT_KEY_HANDLE bcrypt_key; };

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/834

Hans Leidekker

8:02 a.m.

New subject: [PATCH v2 9/9] rsaenh: Use BCrypt algorithm pseudo-handles.

From: Hans Leidekker hans@codeweavers.com

--- dlls/rsaenh/implglue.c | 54 +++++++++++++++--------------------------- 1 file changed, 19 insertions(+), 35 deletions(-)

diff --git a/dlls/rsaenh/implglue.c b/dlls/rsaenh/implglue.c index 2bdbf3d7daf..b4fe985af9b 100644 --- a/dlls/rsaenh/implglue.c +++ b/dlls/rsaenh/implglue.c @@ -36,48 +36,32 @@ BOOL WINAPI SystemFunction036(PVOID pbBuffer, ULONG dwLen);

BOOL init_hash_impl(ALG_ID aiAlgid, BCRYPT_HASH_HANDLE *hash_handle) { - BCRYPT_ALG_HANDLE provider; - NTSTATUS status; - - switch (aiAlgid) + switch (aiAlgid) { - case CALG_MD2: - status = BCryptOpenAlgorithmProvider(&provider, BCRYPT_MD2_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0); - break; - - case CALG_MD4: - status = BCryptOpenAlgorithmProvider(&provider, BCRYPT_MD4_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0); - break; - - case CALG_MD5: - status = BCryptOpenAlgorithmProvider(&provider, BCRYPT_MD5_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0); - break; - - case CALG_SHA: - status = BCryptOpenAlgorithmProvider(&provider, BCRYPT_SHA1_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0); - break; + case CALG_MD2: + return !BCryptCreateHash(BCRYPT_MD2_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);

- case CALG_SHA_256: - status = BCryptOpenAlgorithmProvider(&provider, BCRYPT_SHA256_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0); - break; + case CALG_MD4: + return !BCryptCreateHash(BCRYPT_MD4_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);

- case CALG_SHA_384: - status = BCryptOpenAlgorithmProvider(&provider, BCRYPT_SHA384_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0); - break; + case CALG_MD5: + return !BCryptCreateHash(BCRYPT_MD5_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);

- case CALG_SHA_512: - status = BCryptOpenAlgorithmProvider(&provider, BCRYPT_SHA512_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0); - break; + case CALG_SHA: + return !BCryptCreateHash(BCRYPT_SHA1_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);

- default: - return TRUE; - } + case CALG_SHA_256: + return !BCryptCreateHash(BCRYPT_SHA256_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);

- if (status) return FALSE; + case CALG_SHA_384: + return !BCryptCreateHash(BCRYPT_SHA384_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);

- status = BCryptCreateHash(provider, hash_handle, NULL, 0, NULL, 0, 0); - BCryptCloseAlgorithmProvider(provider, 0); - return !status; + case CALG_SHA_512: + return !BCryptCreateHash(BCRYPT_SHA512_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0); + + default: + return TRUE; + } }

BOOL update_hash_impl(BCRYPT_HASH_HANDLE hash_handle, const BYTE *pbData, DWORD dwDataLen)

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/834

881

Age (days ago)

881

Last active (days ago)

wine-gitlab@winehq.org

9 comments

2 participants

tags (0)

participants (2)

Hans Leidekker
Hans Leidekker (＠hans)