[PATCH v2 0/2] MR1820: bcrypt: Use privkey if pubkey is absent in key_asymmetric_encrypt().
-- v2: bcrypt/tests: Test BCRYPT_PAD_NONE encryption result in test_rsa_encrypt(). bcrypt: Use privkey if pubkey is absent in key_asymmetric_encrypt().
From: Paul Gofman pgofman@codeweavers.com
--- dlls/bcrypt/gnutls.c | 25 ++++++++++++++++++++++++- dlls/bcrypt/tests/bcrypt.c | 2 +- 2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c index bb79e885652..d3f91608ad9 100644 --- a/dlls/bcrypt/gnutls.c +++ b/dlls/bcrypt/gnutls.c @@ -2203,11 +2203,34 @@ static NTSTATUS key_asymmetric_encrypt( void *args ) const struct key_asymmetric_encrypt_params *params = args; gnutls_datum_t d, e = { 0 }; NTSTATUS status = STATUS_SUCCESS; + gnutls_pubkey_t pubkey; int ret;
d.data = params->input; d.size = params->input_len; - if ((ret = pgnutls_pubkey_encrypt_data(key_data(params->key)->a.pubkey, 0, &d, &e))) + + if (!(pubkey = key_data(params->key)->a.pubkey)) + { + if (!key_data(params->key)->a.privkey) return STATUS_INVALID_HANDLE; + + if ((ret = pgnutls_pubkey_init( &pubkey ))) + { + pgnutls_perror( ret ); + return STATUS_INTERNAL_ERROR; + } + if ((ret = pgnutls_pubkey_import_privkey( pubkey, key_data(params->key)->a.privkey, 0, 0 ))) + { + pgnutls_perror( ret ); + pgnutls_pubkey_deinit( pubkey ); + return STATUS_INTERNAL_ERROR; + } + } + + ret = pgnutls_pubkey_encrypt_data(pubkey, 0, &d, &e); + if (pubkey != key_data(params->key)->a.pubkey) + pgnutls_pubkey_deinit( pubkey ); + + if (ret) { pgnutls_perror( ret ); return STATUS_INTERNAL_ERROR; diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c index 39cdd015c90..3bcdda0cf47 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c @@ -2284,12 +2284,12 @@ static void test_rsa_encrypt(void) ret = BCryptGenerateKeyPair(rsa, &key, 512, 0); ok(ret == STATUS_SUCCESS, "got %lx\n", ret);
- todo_wine { /* Not finalized key */ ret = BCryptEncrypt(key, input, sizeof(input), NULL, NULL, 0, NULL, 0, &encrypted_size, 0); ok(ret == STATUS_INVALID_HANDLE, "got %lx\n", ret); BCryptFinalizeKeyPair(key, 0);
+ todo_wine { /* No padding */ memset(input_no_padding, 0, sizeof(input_no_padding)); strcpy((char *)input_no_padding, "Hello World");
From: Paul Gofman pgofman@codeweavers.com
--- dlls/bcrypt/tests/bcrypt.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c index 3bcdda0cf47..26a89542a9d 100644 --- a/dlls/bcrypt/tests/bcrypt.c +++ b/dlls/bcrypt/tests/bcrypt.c @@ -2262,6 +2262,14 @@ static UCHAR rsaPublicBlobWithInvalidPublicExpSize[] = 0x87, 0x75, 0x33, 0x15, 0xb8, 0xde, 0x32, 0x30, 0xb4, 0x5e, 0xfd };
+static const UCHAR rsa_encrypted_no_padding[] = +{ + 0x4a, 0xc1, 0xfa, 0x4f, 0xe0, 0x3f, 0x36, 0x9a, 0x64, 0xbf, 0x2e, 0x00, 0xb4, 0xb5, 0x40, 0xbe, + 0x2d, 0x9a, 0x14, 0xf6, 0x8f, 0xa5, 0xc2, 0xe2, 0x20, 0xaf, 0x21, 0x79, 0xc6, 0x32, 0x7e, 0xea, + 0x73, 0x00, 0x01, 0xbb, 0x9a, 0x19, 0x73, 0x41, 0x96, 0xae, 0x88, 0x6e, 0x36, 0x56, 0xe9, 0x9c, + 0xac, 0x04, 0x82, 0xa8, 0x00, 0xdb, 0x4e, 0x29, 0x61, 0x7e, 0xaf, 0x64, 0xdb, 0xa2, 0x70, 0x0f, +}; + static void test_rsa_encrypt(void) { static UCHAR input[] = "Hello World!"; @@ -2287,7 +2295,10 @@ static void test_rsa_encrypt(void) /* Not finalized key */ ret = BCryptEncrypt(key, input, sizeof(input), NULL, NULL, 0, NULL, 0, &encrypted_size, 0); ok(ret == STATUS_INVALID_HANDLE, "got %lx\n", ret); - BCryptFinalizeKeyPair(key, 0); + BCryptDestroyKey(key); + + ret = BCryptImportKeyPair(rsa, NULL, BCRYPT_RSAPRIVATE_BLOB, &key, rsaPrivateBlob, sizeof(rsaPrivateBlob), 0); + ok(ret == STATUS_SUCCESS, "got %#lx\n", ret);
todo_wine { /* No padding */ @@ -2313,6 +2324,7 @@ static void test_rsa_encrypt(void) ret = BCryptEncrypt(key, input_no_padding, sizeof(input_no_padding), NULL, NULL, 0, encrypted_b, encrypted_size, &encrypted_size, BCRYPT_PAD_NONE); ok(ret == STATUS_SUCCESS, "got %lx\n", ret); ok(!memcmp(encrypted_a, encrypted_b, encrypted_size), "Both outputs should be the same\n"); + ok(!memcmp(encrypted_b, rsa_encrypted_no_padding, encrypted_size), "Data mismatch.\n");
BCryptDecrypt(key, encrypted_a, encrypted_size, NULL, NULL, 0, NULL, 0, &decrypted_size, BCRYPT_PAD_NONE); decrypted = malloc(decrypted_size);
Hans Leidekker (@hans) commented about dlls/bcrypt/gnutls.c:
if ((ret = pgnutls_pubkey_init( &pubkey ))){pgnutls_perror( ret );return STATUS_INTERNAL_ERROR;}if ((ret = pgnutls_pubkey_import_privkey( pubkey, key_data(params->key)->a.privkey, 0, 0 ))){pgnutls_perror( ret );pgnutls_pubkey_deinit( pubkey );return STATUS_INTERNAL_ERROR;}- }
- ret = pgnutls_pubkey_encrypt_data(pubkey, 0, &d, &e);
- if (pubkey != key_data(params->key)->a.pubkey)
pgnutls_pubkey_deinit( pubkey );
Why not store the public key? That would be more efficient if key_asymmetric_encrypt() is called more than once.
Maybe even just create public key upon import and generate? Then export also can deal with public key only.
On 15 Dec 2022, at 03:18, Hans Leidekker (@hans) wine@gitlab.winehq.org wrote:
Hans Leidekker (@hans) commented about dlls/bcrypt/gnutls.c:
if ((ret = pgnutls_pubkey_init( &pubkey ))){pgnutls_perror( ret );return STATUS_INTERNAL_ERROR;}if ((ret = pgnutls_pubkey_import_privkey( pubkey, key_data(params->key)->a.privkey, 0, 0 ))){pgnutls_perror( ret );pgnutls_pubkey_deinit( pubkey );return STATUS_INTERNAL_ERROR;}- }
- ret = pgnutls_pubkey_encrypt_data(pubkey, 0, &d, &e);
- if (pubkey != key_data(params->key)->a.pubkey)
pgnutls_pubkey_deinit( pubkey );Why not store the public key? That would be more efficient if key_asymmetric_encrypt() is called more than once.
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/1820#note_19671
On Thu Dec 15 12:55:08 2022 +0000, **** wrote:
Paul Gofman replied on the mailing list:
Maybe even just create public key upon import and generate? Then export also can deal with public key only.
On import would be even better, generate already does that.
-
Hans Leidekker (@hans) -
Paul Gofman
-
Paul Gofman -
Paul Gofman (@gofman)