[PATCH 2/2] bcrypt: Implement BCryptSignHash.
Hans Leidekker
hans at codeweavers.com
Mon Sep 23 08:48:52 CDT 2019
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
dlls/bcrypt/bcrypt.spec | 2 +-
dlls/bcrypt/bcrypt_internal.h | 1 +
dlls/bcrypt/bcrypt_main.c | 25 +++++++
dlls/bcrypt/gnutls.c | 51 +++++++++++++
dlls/bcrypt/macos.c | 7 ++
dlls/bcrypt/tests/bcrypt.c | 131 +++++++++++++++++++++++++++++++++-
6 files changed, 213 insertions(+), 4 deletions(-)
diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
index 1ea3760ba2..95bec876b9 100644
--- a/dlls/bcrypt/bcrypt.spec
+++ b/dlls/bcrypt/bcrypt.spec
@@ -48,7 +48,7 @@
@ stub BCryptSetAuditingInterface
@ stub BCryptSetContextFunctionProperty
@ stdcall BCryptSetProperty(ptr wstr ptr long long)
-@ stub BCryptSignHash
+@ stdcall BCryptSignHash(ptr ptr ptr long ptr long ptr long)
@ stub BCryptUnregisterConfigChangeNotify
@ stdcall BCryptUnregisterProvider(wstr)
@ stdcall BCryptVerifySignature(ptr ptr ptr long ptr long long)
diff --git a/dlls/bcrypt/bcrypt_internal.h b/dlls/bcrypt/bcrypt_internal.h
index ee16762593..bc1bdc2e53 100644
--- a/dlls/bcrypt/bcrypt_internal.h
+++ b/dlls/bcrypt/bcrypt_internal.h
@@ -229,6 +229,7 @@ NTSTATUS key_symmetric_decrypt( struct key *, const UCHAR *, ULONG, UCHAR *, ULO
NTSTATUS key_symmetric_get_tag( struct key *, UCHAR *, ULONG ) DECLSPEC_HIDDEN;
NTSTATUS key_asymmetric_init( struct key *, struct algorithm *, ULONG, const UCHAR *, ULONG ) DECLSPEC_HIDDEN;
NTSTATUS key_asymmetric_generate( struct key * ) DECLSPEC_HIDDEN;
+NTSTATUS key_asymmetric_sign( struct key *, void *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG *, ULONG ) DECLSPEC_HIDDEN;
NTSTATUS key_asymmetric_verify( struct key *, void *, UCHAR *, ULONG, UCHAR *, ULONG, DWORD ) DECLSPEC_HIDDEN;
NTSTATUS key_destroy( struct key * ) DECLSPEC_HIDDEN;
BOOL key_is_symmetric( struct key * ) DECLSPEC_HIDDEN;
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 369e445db0..647b46cb29 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1213,6 +1213,13 @@ NTSTATUS key_asymmetric_generate( struct key *key )
return STATUS_NOT_IMPLEMENTED;
}
+NTSTATUS key_asymmetric_sign( struct key *key, void *padding, UCHAR *input, ULONG input_len, UCHAR *output,
+ ULONG output_len, ULONG *ret_len, ULONG flags )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *hash, ULONG hash_len, UCHAR *signature,
ULONG signature_len, DWORD flags )
{
@@ -1417,6 +1424,24 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
return key_import_pair( alg, type, ret_key, input, input_len );
}
+NTSTATUS WINAPI BCryptSignHash( BCRYPT_KEY_HANDLE handle, void *padding, UCHAR *input, ULONG input_len,
+ UCHAR *output, ULONG output_len, ULONG *ret_len, ULONG flags )
+{
+ struct key *key = handle;
+
+ TRACE( "%p, %p, %p, %u, %p, %u, %p, %08x\n", handle, padding, input, input_len, output, output_len,
+ ret_len, flags );
+
+ if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
+ if (key_is_symmetric( key ))
+ {
+ FIXME( "signing with symmetric keys not yet supported\n" );
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
+ return key_asymmetric_sign( key, padding, input, input_len, output, output_len, ret_len, flags );
+}
+
NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding, UCHAR *hash, ULONG hash_len,
UCHAR *signature, ULONG signature_len, ULONG flags )
{
diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c
index 8b2cc8b316..5b59b617aa 100644
--- a/dlls/bcrypt/gnutls.c
+++ b/dlls/bcrypt/gnutls.c
@@ -99,6 +99,7 @@ MAKE_FUNCPTR(gnutls_global_set_log_level);
MAKE_FUNCPTR(gnutls_perror);
MAKE_FUNCPTR(gnutls_privkey_deinit);
MAKE_FUNCPTR(gnutls_privkey_init);
+MAKE_FUNCPTR(gnutls_privkey_sign_hash);
MAKE_FUNCPTR(gnutls_pubkey_deinit);
MAKE_FUNCPTR(gnutls_pubkey_init);
#undef MAKE_FUNCPTR
@@ -195,6 +196,7 @@ BOOL gnutls_initialize(void)
LOAD_FUNCPTR(gnutls_perror)
LOAD_FUNCPTR(gnutls_privkey_deinit);
LOAD_FUNCPTR(gnutls_privkey_init);
+ LOAD_FUNCPTR(gnutls_privkey_sign_hash);
LOAD_FUNCPTR(gnutls_pubkey_deinit);
LOAD_FUNCPTR(gnutls_pubkey_init);
#undef LOAD_FUNCPTR
@@ -1067,6 +1069,55 @@ NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *hash, ULO
return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS;
}
+NTSTATUS key_asymmetric_sign( struct key *key, void *padding, UCHAR *input, ULONG input_len, UCHAR *output,
+ ULONG output_len, ULONG *ret_len, ULONG flags )
+{
+ BCRYPT_PKCS1_PADDING_INFO *pad = padding;
+ gnutls_datum_t hash, signature;
+ int ret;
+
+ if (key->alg_id != ALG_ID_RSA)
+ {
+ FIXME( "algorithm %u not supported\n", key->alg_id );
+ return STATUS_NOT_IMPLEMENTED;
+ }
+ if (flags != BCRYPT_PAD_PKCS1)
+ {
+ FIXME( "flags %08x not implemented\n", flags );
+ return STATUS_NOT_IMPLEMENTED;
+ }
+ if (!pad || !pad->pszAlgId || lstrcmpiW(pad->pszAlgId, BCRYPT_SHA1_ALGORITHM))
+ {
+ FIXME( "%s padding not implemented\n", debugstr_w(pad ? pad->pszAlgId : NULL) );
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
+ if (!input)
+ {
+ *ret_len = key->u.a.bitlen / 8;
+ return STATUS_SUCCESS;
+ }
+ if (!key->u.a.handle) return STATUS_INVALID_PARAMETER;
+
+ hash.data = input;
+ hash.size = input_len;
+
+ signature.data = NULL;
+ signature.size = 0;
+
+ if ((ret = pgnutls_privkey_sign_hash( key->u.a.handle, GNUTLS_DIG_SHA1, 0, &hash, &signature )))
+ {
+ pgnutls_perror( ret );
+ return STATUS_INTERNAL_ERROR;
+ }
+
+ if (output_len >= signature.size) memcpy( output, signature.data, signature.size );
+ *ret_len = signature.size;
+
+ free( signature.data );
+ return STATUS_SUCCESS;
+}
+
NTSTATUS key_destroy( struct key *key )
{
if (key_is_symmetric( key ))
diff --git a/dlls/bcrypt/macos.c b/dlls/bcrypt/macos.c
index 0dd1066130..0f7b14ff95 100644
--- a/dlls/bcrypt/macos.c
+++ b/dlls/bcrypt/macos.c
@@ -199,6 +199,13 @@ NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, ULONG bitl
return STATUS_NOT_IMPLEMENTED;
}
+NTSTATUS key_asymmetric_sign( struct key *key, void *padding, UCHAR *input, ULONG input_len, UCHAR *output,
+ ULONG output_len, ULONG *ret_len )
+{
+ FIXME( "not implemented on Mac\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *hash, ULONG hash_len, UCHAR *signature,
ULONG signature_len, DWORD flags )
{
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index b8678a520d..8975800f43 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -59,6 +59,7 @@ static NTSTATUS (WINAPI *pBCryptImportKeyPair)(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HAN
UCHAR *, ULONG, ULONG);
static NTSTATUS (WINAPI *pBCryptOpenAlgorithmProvider)(BCRYPT_ALG_HANDLE *, LPCWSTR, LPCWSTR, ULONG);
static NTSTATUS (WINAPI *pBCryptSetProperty)(BCRYPT_HANDLE, LPCWSTR, PUCHAR, ULONG, ULONG);
+static NTSTATUS (WINAPI *pBCryptSignHash)(BCRYPT_KEY_HANDLE, void *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG *, ULONG);
static NTSTATUS (WINAPI *pBCryptVerifySignature)(BCRYPT_KEY_HANDLE, VOID *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG);
static void test_BCryptGenRandom(void)
@@ -1783,10 +1784,16 @@ static UCHAR rsaSignature[] =
static void test_RSA(void)
{
+ static UCHAR hash[] =
+ {0x7e,0xe3,0x74,0xe7,0xc5,0x0b,0x6b,0x70,0xdb,0xab,0x32,0x6d,0x1d,0x51,0xd6,0x74,0x79,0x8e,0x5b,0x4b};
BCRYPT_PKCS1_PADDING_INFO pad;
- BCRYPT_ALG_HANDLE alg = NULL;
- BCRYPT_KEY_HANDLE key = NULL;
+ BCRYPT_ALG_HANDLE alg;
+ BCRYPT_KEY_HANDLE key;
+ BCRYPT_RSAKEY_BLOB *rsablob;
+ UCHAR sig[64];
+ ULONG len, size;
NTSTATUS ret;
+ BYTE *buf;
ret = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_RSA_ALGORITHM, NULL, 0);
if (ret)
@@ -1823,8 +1830,48 @@ static void test_RSA(void)
ret = pBCryptDestroyKey(key);
ok(!ret, "pBCryptDestroyKey failed: %08x\n", ret);
+ /* sign/verify with export/import round-trip */
+ ret = pBCryptGenerateKeyPair(alg, &key, 512, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+
+ ret = pBCryptFinalizeKeyPair(key, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+
+ pad.pszAlgId = BCRYPT_SHA1_ALGORITHM;
+ memset(sig, 0, sizeof(sig));
+ ret = pBCryptSignHash(key, &pad, hash, sizeof(hash), sig, sizeof(sig), &len, BCRYPT_PAD_PKCS1);
+ ok(!ret, "got %08x\n", ret);
+
+ size = 0;
+ ret = pBCryptExportKey(key, NULL, BCRYPT_RSAPUBLIC_BLOB, NULL, 0, &size, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size, "size not set\n");
+
+ buf = HeapAlloc(GetProcessHeap(), 0, size);
+ ret = pBCryptExportKey(key, NULL, BCRYPT_RSAPUBLIC_BLOB, buf, size, &size, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ rsablob = (BCRYPT_RSAKEY_BLOB *)buf;
+ ok(rsablob->Magic == BCRYPT_RSAPUBLIC_MAGIC, "got %08x\n", rsablob->Magic);
+ ok(rsablob->BitLength == 512, "got %u\n", rsablob->BitLength);
+ ok(rsablob->cbPublicExp == 3, "got %u\n", rsablob->cbPublicExp);
+ ok(rsablob->cbModulus == 64, "got %u\n", rsablob->cbModulus);
+ ok(!rsablob->cbPrime1, "got %u\n", rsablob->cbPrime1);
+ ok(!rsablob->cbPrime2, "got %u\n", rsablob->cbPrime2);
+ ok(size == sizeof(*rsablob) + rsablob->cbPublicExp + rsablob->cbModulus, "got %u\n", size);
+ ret = pBCryptDestroyKey(key);
+ ok(!ret, "got %08x\n", ret);
+
+ ret = pBCryptImportKeyPair(alg, NULL, BCRYPT_RSAPUBLIC_BLOB, &key, buf, size, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ HeapFree(GetProcessHeap(), 0, buf);
+
+ ret = pBCryptVerifySignature(key, &pad, hash, sizeof(hash), sig, len, BCRYPT_PAD_PKCS1);
+ ok(!ret, "got %08x\n", ret);
+ ret = pBCryptDestroyKey(key);
+ ok(!ret, "got %08x\n", ret);
+
ret = pBCryptCloseAlgorithmProvider(alg, 0);
- ok(!ret, "pBCryptCloseAlgorithmProvider failed: %08x\n", ret);
+ ok(!ret, "got %08x\n", ret);
}
static void test_RSA_SIGN(void)
@@ -1977,6 +2024,82 @@ static void test_BCryptEnumContextFunctions(void)
if (status == STATUS_SUCCESS) pBCryptFreeBuffer( buffer );
}
+static BYTE rsapublic[] =
+{
+ 0x52, 0x53, 0x41, 0x31, 0x00, 0x08, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0xd5, 0xfe, 0xf6, 0x7a, 0x9a, 0xa1, 0x2d, 0xcf, 0x98,
+ 0x60, 0xca, 0x38, 0x60, 0x0b, 0x74, 0x4c, 0x7e, 0xa1, 0x42, 0x64, 0xad, 0x05, 0xa5, 0x29, 0x25, 0xcb, 0xd5,
+ 0x9c, 0xaf, 0x6f, 0x63, 0x85, 0x6d, 0x5b, 0x59, 0xe5, 0x17, 0x8f, 0xf9, 0x18, 0x90, 0xa7, 0x63, 0xae, 0xe0,
+ 0x3a, 0x62, 0xf7, 0x98, 0x57, 0xe9, 0x91, 0xda, 0xfb, 0xd9, 0x36, 0x45, 0xe4, 0x9e, 0x75, 0xf6, 0x73, 0xc4,
+ 0x99, 0x23, 0x21, 0x1b, 0x3d, 0xe1, 0xe0, 0xa6, 0xa0, 0x4a, 0x50, 0x2a, 0xcb, 0x2a, 0x50, 0xf0, 0x8b, 0x70,
+ 0x9c, 0xe4, 0x1a, 0x14, 0x3b, 0xbe, 0x35, 0xa5, 0x5a, 0x91, 0xa3, 0xa1, 0x82, 0xea, 0x84, 0x4d, 0xe8, 0x62,
+ 0x3b, 0x11, 0xec, 0x61, 0x09, 0x6c, 0xfe, 0xb2, 0xcc, 0x4b, 0xa8, 0xff, 0xaf, 0x73, 0x72, 0x05, 0x4e, 0x7e,
+ 0xe5, 0x73, 0xdf, 0x24, 0xcf, 0x7f, 0x5d, 0xaf, 0x8a, 0xf0, 0xd8, 0xcb, 0x08, 0x1e, 0xf2, 0x36, 0x70, 0x8d,
+ 0x1b, 0x9e, 0xc8, 0x98, 0x60, 0x54, 0xeb, 0x45, 0x34, 0x21, 0x43, 0x4d, 0x42, 0x0a, 0x3a, 0x2d, 0x0f, 0x0e,
+ 0xd6, 0x0d, 0xe4, 0x2e, 0x8c, 0x31, 0x87, 0xa8, 0x09, 0x89, 0x61, 0x16, 0xca, 0x5b, 0xbe, 0x76, 0x69, 0xbb,
+ 0xfd, 0x91, 0x63, 0xd2, 0x66, 0x57, 0x08, 0xef, 0xe2, 0x40, 0x67, 0xd7, 0x7f, 0x50, 0x15, 0x42, 0x33, 0x97,
+ 0x54, 0x73, 0x47, 0xe7, 0x9c, 0x14, 0xa8, 0xb0, 0x3d, 0xc9, 0x23, 0xb0, 0x27, 0x3b, 0xe7, 0xdd, 0x5f, 0xd1,
+ 0x4f, 0x31, 0x10, 0x7d, 0xdd, 0x69, 0x8e, 0xde, 0xa3, 0xe8, 0x92, 0x00, 0xfa, 0xa5, 0xa4, 0x40, 0x51, 0x23,
+ 0x82, 0x84, 0xc7, 0xce, 0x19, 0x61, 0x26, 0xf1, 0xae, 0xf3, 0x90, 0x93, 0x98, 0x56, 0x23, 0x9a, 0xd1, 0xbd,
+ 0xf2, 0xdf, 0xfd, 0x13, 0x9c, 0x30, 0x07, 0xf9, 0x5a, 0x2e, 0x00, 0xc6, 0x1f
+};
+
+static void test_BCryptSignHash(void)
+{
+ static UCHAR hash[] =
+ {0x7e,0xe3,0x74,0xe7,0xc5,0x0b,0x6b,0x70,0xdb,0xab,0x32,0x6d,0x1d,0x51,0xd6,0x74,0x79,0x8e,0x5b,0x4b};
+ BCRYPT_PKCS1_PADDING_INFO pad;
+ BCRYPT_ALG_HANDLE alg;
+ BCRYPT_KEY_HANDLE key;
+ UCHAR sig[256];
+ NTSTATUS ret;
+ ULONG len;
+
+ ret = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_RSA_ALGORITHM, NULL, 0);
+ if (ret)
+ {
+ win_skip("failed to open RSA provider: %08x\n", ret);
+ return;
+ }
+
+ /* public key */
+ ret = pBCryptImportKeyPair(alg, NULL, BCRYPT_RSAPUBLIC_BLOB, &key, rsapublic, sizeof(rsapublic), 0);
+ ok(!ret, "got %08x\n", ret);
+
+ len = 0;
+ pad.pszAlgId = BCRYPT_SHA1_ALGORITHM;
+ ret = pBCryptSignHash(key, &pad, NULL, 0, NULL, 0, &len, BCRYPT_PAD_PKCS1);
+ ok(!ret, "got %08x\n", ret);
+ ok(len == 256, "got %u\n", len);
+
+ len = 0;
+ ret = pBCryptSignHash(key, &pad, hash, sizeof(hash), sig, sizeof(sig), &len, BCRYPT_PAD_PKCS1);
+ ok(ret == STATUS_INVALID_PARAMETER || broken(ret == STATUS_INTERNAL_ERROR) /* < win7 */, "got %08x\n", ret);
+ ret = pBCryptDestroyKey(key);
+ ok(!ret, "got %08x\n", ret);
+
+ ret = pBCryptGenerateKeyPair(alg, &key, 512, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+
+ ret = pBCryptFinalizeKeyPair(key, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+
+ len = 0;
+ memset(sig, 0, sizeof(sig));
+ ret = pBCryptSignHash(key, &pad, hash, sizeof(hash), sig, sizeof(sig), &len, BCRYPT_PAD_PKCS1);
+ ok(!ret, "got %08x\n", ret);
+ ok(len == 64, "got %u\n", len);
+
+ ret = pBCryptVerifySignature(key, &pad, hash, sizeof(hash), sig, len, BCRYPT_PAD_PKCS1);
+ ok(!ret, "got %08x\n", ret);
+
+ ret = pBCryptDestroyKey(key);
+ ok(!ret, "got %08x\n", ret);
+
+ ret = pBCryptCloseAlgorithmProvider(alg, 0);
+ ok(!ret, "got %08x\n", ret);
+}
+
START_TEST(bcrypt)
{
HMODULE module;
@@ -2013,6 +2136,7 @@ START_TEST(bcrypt)
pBCryptImportKeyPair = (void *)GetProcAddress(module, "BCryptImportKeyPair");
pBCryptOpenAlgorithmProvider = (void *)GetProcAddress(module, "BCryptOpenAlgorithmProvider");
pBCryptSetProperty = (void *)GetProcAddress(module, "BCryptSetProperty");
+ pBCryptSignHash = (void *)GetProcAddress(module, "BCryptSignHash");
pBCryptVerifySignature = (void *)GetProcAddress(module, "BCryptVerifySignature");
test_BCryptGenRandom();
@@ -2031,6 +2155,7 @@ START_TEST(bcrypt)
test_RSA_SIGN();
test_ECDH();
test_BCryptEnumContextFunctions();
+ test_BCryptSignHash();
FreeLibrary(module);
}
--
2.20.1
More information about the wine-devel
mailing list