[PATCH 5/6] ncrypt: Implement NCryptFinalizeKey.

Wed Mar 2 03:28:56 CST 2022

On Tue, 2022-03-01 at 19:34 -0300, Santino Mazza wrote:
Signed-off-by: Santino Mazza <mazzasantino1206 at gmail.com>
---
 dlls/ncrypt/main.c            | 57 ++++++++++++++++++++++++++++++-----
 dlls/ncrypt/ncrypt_internal.h |  7 +++++
 dlls/ncrypt/tests/ncrypt.c    |  4 +--
 3 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/dlls/ncrypt/main.c b/dlls/ncrypt/main.c
index 43eff5974ca..958f6924c18 100644
--- a/dlls/ncrypt/main.c
+++ b/dlls/ncrypt/main.c
@@ -66,12 +66,6 @@ SECURITY_STATUS WINAPI NCryptEnumKeys(NCRYPT_PROV_HANDLE provider, const WCHAR *
     return NTE_NOT_SUPPORTED;
 }
 

-SECURITY_STATUS WINAPI NCryptFinalizeKey(NCRYPT_KEY_HANDLE key, DWORD flags)
-{
-    FIXME("(%#Ix, %#lx): stub\n", key, flags);
-    return NTE_NOT_SUPPORTED;
-}
-
 SECURITY_STATUS WINAPI NCryptFreeBuffer(PVOID buf)
 {
     FIXME("(%p): stub\n", buf);
@@ -282,9 +276,10 @@ SECURITY_STATUS WINAPI NCryptImportKey(NCRYPT_PROV_HANDLE provider, NCRYPT_KEY_H
         if(ret != ERROR_SUCCESS)
         {
             ERR("Error importing keypair with bcrypt %#lx\n", ret);
-            return NTE_INTERNAL_ERROR;
+            return NTE_BAD_DATA;

This doesn't belong in this patch.

         }
 
+        key_object->key.type = ASYMMETRIC;

Or this.

>          set_object_property(key_object, NCRYPT_PROVIDER_HANDLE_PROPERTY, (BYTE *)&provider, sizeof(NCRYPT_PROV_HANDLE));
         set_object_property(key_object, NCRYPT_ALGORITHM_GROUP_PROPERTY, (BYTE *)BCRYPT_RSA_ALGORITHM, sizeof(BCRYPT_RSA_ALGORITHM));
         set_object_property(key_object, NCRYPT_LENGTH_PROPERTY, (BYTE *)&rsablob->BitLength, sizeof(rsablob->BitLength));
@@ -377,6 +372,7 @@ SECURITY_STATUS WINAPI NCryptCreatePersistedKey(NCRYPT_PROV_HANDLE provider, NCR
             return NTE_INTERNAL_ERROR;
         }
 

+        key_object->key.type = ASYMMETRIC;
         set_object_property(key_object, NCRYPT_PROVIDER_HANDLE_PROPERTY, (BYTE *)&provider, sizeof(NCRYPT_PROV_HANDLE));
         set_object_property(key_object, NCRYPT_ALGORITHM_GROUP_PROPERTY, (BYTE *)BCRYPT_RSA_ALGORITHM, sizeof(BCRYPT_RSA_ALGORITHM));
         set_object_property(key_object, NCRYPT_LENGTH_PROPERTY, (BYTE *)&default_bitlength, sizeof(default_bitlength));
@@ -391,6 +387,53 @@ SECURITY_STATUS WINAPI NCryptCreatePersistedKey(NCRYPT_PROV_HANDLE provider, NCR
     return ERROR_SUCCESS;
 }
 

+SECURITY_STATUS WINAPI NCryptFinalizeKey(NCRYPT_KEY_HANDLE key, DWORD flags)
+{
+    struct object *key_object = (struct object*)key;
+    DWORD key_length;
+    struct object_property *prop;
+    NTSTATUS ret;
+
+    TRACE("(%#Ix, %#lx): stub\n", key, flags);
+
+    if(!key) return NTE_INVALID_HANDLE;
+    if(key_object->key.finalized_key) return NTE_INVALID_HANDLE;
+
+    prop = get_object_property(key_object, NCRYPT_LENGTH_PROPERTY);
+    if(!prop) return NTE_INVALID_HANDLE;
+
+    key_length = *(DWORD *)prop->value;
+    if(key_object->key.type == ASYMMETRIC)
+    {
+        ret = BCryptGenerateKeyPair(key_object->key.alg_prov, &key_object->key.bcrypt_key, key_length, 0);
+        if(ret != ERROR_SUCCESS)
+        {
+            ERR("Error generating key pair\n");
+            return NTE_INTERNAL_ERROR;
+        }
+

It may be better to call BCryptGenerateKeyPair() when the key is created, to catch errors
early. This needs some tests.

+        ret = BCryptFinalizeKeyPair(key_object->key.bcrypt_key, 0);
+        if(ret != ERROR_SUCCESS)
+        {
+            ERR("Error finalizing key pair\n");
+            return NTE_INTERNAL_ERROR;
+        }
+    }
+    else if(key_object->key.type == SYMMETRIC)
+    {
+        FIXME("Symmetric keys not implemented\n");

Does native support symmetric keys?

+        return NTE_NOT_SUPPORTED;
+    }
+    else
+    {
+        ERR("Got handle with invalid key type");
+        return NTE_INVALID_HANDLE;
+    }
+
+    key_object->key.finalized_key = 1;
+    return ERROR_SUCCESS;
+}
+
 SECURITY_STATUS WINAPI NCryptVerifySignature(NCRYPT_KEY_HANDLE handle, void *padding, BYTE *hash, DWORD hash_size,
                                              BYTE *signature, DWORD signature_size, DWORD flags)
 {
diff --git a/dlls/ncrypt/ncrypt_internal.h b/dlls/ncrypt/ncrypt_internal.h
index 2d916d4fbd8..1163277ccaa 100644
--- a/dlls/ncrypt/ncrypt_internal.h
+++ b/dlls/ncrypt/ncrypt_internal.h
@@ -19,8 +19,15 @@
 #include <ncrypt.h>
 #include <bcrypt.h>
 

+enum key_type {
+    SYMMETRIC,
+    ASYMMETRIC
+};
+
 struct key
 {
+    enum key_type type;
+    DWORD finalized_key;
     NCRYPT_PROV_HANDLE storage_prov;
     BCRYPT_ALG_HANDLE alg_prov;
     BCRYPT_KEY_HANDLE bcrypt_key;
diff --git a/dlls/ncrypt/tests/ncrypt.c b/dlls/ncrypt/tests/ncrypt.c
index e6473cd1e31..926efc0370a 100644
--- a/dlls/ncrypt/tests/ncrypt.c
+++ b/dlls/ncrypt/tests/ncrypt.c
@@ -310,8 +310,6 @@ static void test_finalize_key(void)
     ret = NCryptCreatePersistedKey(prov, &key, BCRYPT_RSA_ALGORITHM, NULL, 0, 0);
     ok(ret == ERROR_SUCCESS, "got %#lx\n", ret);
 

-    todo_wine
-    {
     ret = NCryptFinalizeKey(key, 0);
     ok(ret == ERROR_SUCCESS, "got %#lx\n", ret);
 

@@ -320,7 +318,7 @@ static void test_finalize_key(void)
 

     ret = NCryptFinalizeKey(0, 0);
     ok(ret == NTE_INVALID_HANDLE, "got %#lx\n", ret);
-    }
+
     NCryptFreeObject(key);
 }
 




