[PATCH v2 2/2] bcrypt: Export ECDSA/ECDH blobs with the correct header magic.
Hans Leidekker
hans at codeweavers.com
Wed Sep 2 02:59:47 CDT 2020
From: Rémi Bernon <rbernon at codeweavers.com>
This fixes Flight Simulator XAL authentication error message.
v2: Apply the same fix to public keys.
Signed-off-by: Rémi Bernon <rbernon at codeweavers.com>
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
dlls/bcrypt/gnutls.c | 54 ++++++++++++++++++++++++++------------
dlls/bcrypt/tests/bcrypt.c | 8 ++++++
2 files changed, 45 insertions(+), 17 deletions(-)
diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c
index a80bce47f95..7acf8198626 100644
--- a/dlls/bcrypt/gnutls.c
+++ b/dlls/bcrypt/gnutls.c
@@ -680,7 +680,8 @@ static NTSTATUS export_gnutls_pubkey_rsa( gnutls_privkey_t gnutls_key, ULONG bit
return STATUS_SUCCESS;
}
-static NTSTATUS export_gnutls_pubkey_ecc( gnutls_privkey_t gnutls_key, UCHAR **pubkey, ULONG *pubkey_len )
+static NTSTATUS export_gnutls_pubkey_ecc( gnutls_privkey_t gnutls_key, enum alg_id alg_id, UCHAR **pubkey,
+ ULONG *pubkey_len )
{
BCRYPT_ECCKEY_BLOB *ecc_blob;
gnutls_ecc_curve_t curve;
@@ -689,20 +690,29 @@ static NTSTATUS export_gnutls_pubkey_ecc( gnutls_privkey_t gnutls_key, UCHAR **p
UCHAR *src, *dst;
int ret;
+ switch (alg_id)
+ {
+ case ALG_ID_ECDH_P256:
+ magic = BCRYPT_ECDH_PUBLIC_P256_MAGIC;
+ size = 32;
+ break;
+ case ALG_ID_ECDSA_P256:
+ magic = BCRYPT_ECDSA_PUBLIC_P256_MAGIC;
+ size = 32;
+ break;
+ default:
+ FIXME( "algorithm %u not supported\n", alg_id );
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
if ((ret = pgnutls_privkey_export_ecc_raw( gnutls_key, &curve, &x, &y, NULL )))
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
}
- switch (curve)
+ if (curve != GNUTLS_ECC_CURVE_SECP256R1)
{
- case GNUTLS_ECC_CURVE_SECP256R1:
- magic = BCRYPT_ECDH_PUBLIC_P256_MAGIC;
- size = 32;
- break;
-
- default:
FIXME( "curve %u not supported\n", curve );
free( x.data ); free( y.data );
return STATUS_NOT_IMPLEMENTED;
@@ -863,7 +873,7 @@ NTSTATUS key_asymmetric_generate( struct key *key )
break;
case GNUTLS_PK_ECC:
- status = export_gnutls_pubkey_ecc( handle, &key->u.a.pubkey, &key->u.a.pubkey_len );
+ status = export_gnutls_pubkey_ecc( handle, key->alg_id, &key->u.a.pubkey, &key->u.a.pubkey_len );
break;
case GNUTLS_PK_DSA:
@@ -894,20 +904,30 @@ NTSTATUS key_export_ecc( struct key *key, UCHAR *buf, ULONG len, ULONG *ret_len
UCHAR *src, *dst;
int ret;
+ switch (key->alg_id)
+ {
+ case ALG_ID_ECDH_P256:
+ magic = BCRYPT_ECDH_PRIVATE_P256_MAGIC;
+ size = 32;
+ break;
+ case ALG_ID_ECDSA_P256:
+ magic = BCRYPT_ECDSA_PRIVATE_P256_MAGIC;
+ size = 32;
+ break;
+
+ default:
+ FIXME( "algorithm %u does not yet support exporting ecc blob\n", key->alg_id );
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
if ((ret = pgnutls_privkey_export_ecc_raw( key->u.a.handle, &curve, &x, &y, &d )))
{
pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR;
}
- switch (curve)
+ if (curve != GNUTLS_ECC_CURVE_SECP256R1)
{
- case GNUTLS_ECC_CURVE_SECP256R1:
- magic = BCRYPT_ECDH_PRIVATE_P256_MAGIC;
- size = 32;
- break;
-
- default:
FIXME( "curve %u not supported\n", curve );
free( x.data ); free( y.data ); free( d.data );
return STATUS_NOT_IMPLEMENTED;
@@ -982,7 +1002,7 @@ NTSTATUS key_import_ecc( struct key *key, UCHAR *buf, ULONG len )
return STATUS_INTERNAL_ERROR;
}
- if ((status = export_gnutls_pubkey_ecc( handle, &key->u.a.pubkey, &key->u.a.pubkey_len )))
+ if ((status = export_gnutls_pubkey_ecc( handle, key->alg_id, &key->u.a.pubkey, &key->u.a.pubkey_len )))
{
pgnutls_privkey_deinit( handle );
return status;
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index 3e5d5cf17f8..7fdc0ac7fb2 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -1765,6 +1765,14 @@ static void test_ECDSA(void)
status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPRIVATE_BLOB, &key, buffer, size, 0);
ok(!status, "BCryptImportKeyPair failed: %08x\n", status);
+ memset( buffer, 0, sizeof(buffer) );
+ status = pBCryptExportKey(key, NULL, BCRYPT_ECCPRIVATE_BLOB, buffer, size, &size, 0);
+ ok(status == STATUS_SUCCESS, "got %08x\n", status);
+ ecckey = (BCRYPT_ECCKEY_BLOB *)buffer;
+ ok(ecckey->dwMagic == BCRYPT_ECDSA_PRIVATE_P256_MAGIC, "got %08x\n", ecckey->dwMagic);
+ ok(ecckey->cbKey == 32, "got %u\n", ecckey->cbKey);
+ ok(size == sizeof(*ecckey) + ecckey->cbKey * 3, "got %u\n", size);
+
pBCryptDestroyKey(key);
pBCryptCloseAlgorithmProvider(alg, 0);
}
--
2.20.1
More information about the wine-devel
mailing list