[PATCH v3 5/5] ncrypt: Implement NCryptFinalizeKey

Tue Mar 8 04:17:47 CST 2022

On Mon, 2022-03-07 at 20:57 -0300, Santino Mazza wrote:
> Signed-off-by: Santino Mazza <mazzasantino1206 at gmail.com>
> ---
>  dlls/ncrypt/main.c            | 48 ++++++++++++++++++++++++++++++-----
>  dlls/ncrypt/ncrypt_internal.h |  1 +
>  dlls/ncrypt/tests/ncrypt.c    | 25 ++++++++++++++++++
>  3 files changed, 68 insertions(+), 6 deletions(-)
> 
> diff --git a/dlls/ncrypt/main.c b/dlls/ncrypt/main.c
> index d4248e76c45..81dca4196e0 100644
> --- a/dlls/ncrypt/main.c
> +++ b/dlls/ncrypt/main.c
> @@ -66,12 +66,6 @@ SECURITY_STATUS WINAPI NCryptEnumKeys(NCRYPT_PROV_HANDLE provider, const WCHAR *
>      return NTE_NOT_SUPPORTED;
>  }
>  
> -SECURITY_STATUS WINAPI NCryptFinalizeKey(NCRYPT_KEY_HANDLE key, DWORD flags)
> -{
> -    FIXME("(%#Ix, %#lx): stub\n", key, flags);
> -    return NTE_NOT_SUPPORTED;
> -}
> -
>  SECURITY_STATUS WINAPI NCryptFreeBuffer(PVOID buf)
>  {
>      FIXME("(%p): stub\n", buf);
> @@ -403,6 +397,48 @@ SECURITY_STATUS WINAPI NCryptCreatePersistedKey(NCRYPT_PROV_HANDLE provider, NCR
>      return ERROR_SUCCESS;
>  }
> 
>  
> +SECURITY_STATUS WINAPI NCryptFinalizeKey(NCRYPT_KEY_HANDLE key, DWORD flags)
> +{
> +    struct object *key_object = (struct object*)key;
> +    DWORD key_length;
> +    struct object_property *prop;
> +    NTSTATUS ret;
> +
> +    TRACE("(%#Ix, %#lx): stub\n", key, flags);
> +
> +    if (!key) return NTE_INVALID_HANDLE;
> +    if (key_object->key.finalized_key) return NTE_INVALID_HANDLE;
> +
> +    if (key_object->key.type == ASYMMETRIC)
> +    {
> +        prop = get_object_property(key_object, NCRYPT_LENGTH_PROPERTY);
> +        if (!prop) return NTE_INVALID_HANDLE;
> +
> +        key_length = *(DWORD *)prop->value;
> +        BCryptSetProperty(key_object->key.bcrypt_key, BCRYPT_KEY_LENGTH, (UCHAR*)&key_length, sizeof(key_length), 0);
> +
> +        ret = BCryptFinalizeKeyPair(key_object->key.bcrypt_key, 0);
> +        if (ret != ERROR_SUCCESS)
> +        {
> +            ERR("Error finalizing key pair\n");
> +            return NTE_INTERNAL_ERROR;
> +        }
> +    }
> +    else if (key_object->key.type == SYMMETRIC)
> +    {
> +        FIXME("Symmetric keys not implemented\n");
> +        return NTE_NOT_SUPPORTED;
> +    }
> +    else
> +    {
> +        ERR("Got handle with invalid key type");
> +        return NTE_INVALID_HANDLE;
> +    }
> +
> +    key_object->key.finalized_key = 1;
> +    return ERROR_SUCCESS;
> +}
> +

There's no need to move this function. Do you really need finalized_key? If
BCryptFinalizeKeyPair() fails when called a second time we should implement
that and rely on it here.