[PATCH 3/6] bcrypt: Add support for auth data in AES GCM mode.
Alistair Leslie-Hughes
leslie_alistair at hotmail.com
Wed Mar 21 22:01:10 CDT 2018
From: Michael Müller <michael at fds-team.de>
Signed-off-by: Alistair Leslie-Hughes <leslie_alistair at hotmail.com>
---
dlls/bcrypt/bcrypt_main.c | 42 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 41 insertions(+), 1 deletion(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index c571db7..68bee84 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -52,6 +52,7 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag);
/* Not present in gnutls version < 3.0 */
static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void * tag, size_t tag_size);
+static int (*pgnutls_cipher_add_auth)(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size);
static void *libgnutls_handle;
#define MAKE_FUNCPTR(f) static typeof(f) * p##f
@@ -72,7 +73,12 @@ MAKE_FUNCPTR(gnutls_perror);
#define GNUTLS_CIPHER_AES_256_GCM 94
#endif
-static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void * tag, size_t tag_size)
+static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
+{
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+}
+
+static int compat_gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size)
{
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
@@ -115,6 +121,11 @@ static BOOL gnutls_initialize(void)
WARN("gnutls_cipher_tag not found\n");
pgnutls_cipher_tag = compat_gnutls_cipher_tag;
}
+ if (!(pgnutls_cipher_add_auth = wine_dlsym( libgnutls_handle, "gnutls_cipher_add_auth", NULL, 0 )))
+ {
+ WARN("gnutls_cipher_add_auth not found\n");
+ pgnutls_cipher_add_auth = compat_gnutls_cipher_add_auth;
+ }
if ((ret = pgnutls_global_init()) != GNUTLS_E_SUCCESS)
{
@@ -1021,6 +1032,19 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_SUCCESS;
}
+static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len )
+{
+ int ret;
+
+ if ((ret = pgnutls_cipher_add_auth( key->handle, auth_data, len )))
+ {
+ pgnutls_perror( ret );
+ return STATUS_INTERNAL_ERROR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
{
@@ -1164,6 +1188,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_SUCCESS;
}
+static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len )
+{
+ FIXME( "not implemented on Mac\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
{
@@ -1231,6 +1261,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
return STATUS_NOT_IMPLEMENTED;
}
+static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
ULONG output_len )
{
@@ -1425,6 +1461,8 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+ if (auth_info->pbAuthData && (status = key_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData )))
+ return status;
if ((status = key_encrypt( key, input, input_len, output, output_len )))
return status;
@@ -1502,6 +1540,8 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+ if (auth_info->pbAuthData && (status = key_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData )))
+ return status;
if ((status = key_decrypt( key, input, input_len, output, output_len )))
return status;
--
1.9.1
More information about the wine-devel
mailing list