search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bcrypt: Allow to call BCryptSetProperty on key objects.
[wine.git] / dlls / bcrypt / bcrypt_main.c
blobcd44bdf59cb15ca0cee2aaca553032a1369e5bb9
1 /*
2 * Copyright 2009 Henri Verbeet for CodeWeavers
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 */
19
20 #include "config.h"
21 #include "wine/port.h"
22
23 #include <stdarg.h>
24 #ifdef HAVE_COMMONCRYPTO_COMMONCRYPTOR_H
25 #include <AvailabilityMacros.h>
26 #include <CommonCrypto/CommonCryptor.h>
27 #elif defined(HAVE_GNUTLS_CIPHER_INIT)
28 #include <gnutls/gnutls.h>
29 #include <gnutls/crypto.h>
30 #endif
31
32 #include "ntstatus.h"
33 #define WIN32_NO_STATUS
34 #include "windef.h"
35 #include "winbase.h"
36 #include "ntsecapi.h"
37 #include "bcrypt.h"
38
39 #include "bcrypt_internal.h"
40
41 #include "wine/debug.h"
42 #include "wine/heap.h"
43 #include "wine/library.h"
44 #include "wine/unicode.h"
45
46 WINE_DEFAULT_DEBUG_CHANNEL(bcrypt);
47
48 static HINSTANCE instance;
49
50 #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
51 WINE_DECLARE_DEBUG_CHANNEL(winediag);
52
53 /* Not present in gnutls version < 3.0 */
54 static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void * tag, size_t tag_size);
55
56 static void *libgnutls_handle;
57 #define MAKE_FUNCPTR(f) static typeof(f) * p##f
58 MAKE_FUNCPTR(gnutls_cipher_decrypt2);
59 MAKE_FUNCPTR(gnutls_cipher_deinit);
60 MAKE_FUNCPTR(gnutls_cipher_encrypt2);
61 MAKE_FUNCPTR(gnutls_cipher_init);
62 MAKE_FUNCPTR(gnutls_global_deinit);
63 MAKE_FUNCPTR(gnutls_global_init);
64 MAKE_FUNCPTR(gnutls_global_set_log_function);
65 MAKE_FUNCPTR(gnutls_global_set_log_level);
66 MAKE_FUNCPTR(gnutls_perror);
67 #undef MAKE_FUNCPTR
68
69 #if GNUTLS_VERSION_MAJOR < 3
70 #define GNUTLS_CIPHER_AES_192_CBC 92
71 #define GNUTLS_CIPHER_AES_128_GCM 93
72 #define GNUTLS_CIPHER_AES_256_GCM 94
73 #endif
74
75 static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void * tag, size_t tag_size)
76 {
77 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
78 }
79
80 static void gnutls_log( int level, const char *msg )
81 {
82 TRACE( "<%d> %s", level, msg );
83 }
84
85 static BOOL gnutls_initialize(void)
86 {
87 int ret;
88
89 if (!(libgnutls_handle = wine_dlopen( SONAME_LIBGNUTLS, RTLD_NOW, NULL, 0 )))
90 {
91 ERR_(winediag)( "failed to load libgnutls, no support for encryption\n" );
92 return FALSE;
93 }
94
95 #define LOAD_FUNCPTR(f) \
96 if (!(p##f = wine_dlsym( libgnutls_handle, #f, NULL, 0 ))) \
97 { \
98 ERR( "failed to load %s\n", #f ); \
99 goto fail; \
100 }
101
102 LOAD_FUNCPTR(gnutls_cipher_decrypt2)
103 LOAD_FUNCPTR(gnutls_cipher_deinit)
104 LOAD_FUNCPTR(gnutls_cipher_encrypt2)
105 LOAD_FUNCPTR(gnutls_cipher_init)
106 LOAD_FUNCPTR(gnutls_global_deinit)
107 LOAD_FUNCPTR(gnutls_global_init)
108 LOAD_FUNCPTR(gnutls_global_set_log_function)
109 LOAD_FUNCPTR(gnutls_global_set_log_level)
110 LOAD_FUNCPTR(gnutls_perror)
111 #undef LOAD_FUNCPTR
112
113 if (!(pgnutls_cipher_tag = wine_dlsym( libgnutls_handle, "gnutls_cipher_tag", NULL, 0 )))
114 {
115 WARN("gnutls_cipher_tag not found\n");
116 pgnutls_cipher_tag = compat_gnutls_cipher_tag;
117 }
118
119 if ((ret = pgnutls_global_init()) != GNUTLS_E_SUCCESS)
120 {
121 pgnutls_perror( ret );
122 goto fail;
123 }
124
125 if (TRACE_ON( bcrypt ))
126 {
127 pgnutls_global_set_log_level( 4 );
128 pgnutls_global_set_log_function( gnutls_log );
129 }
130
131 return TRUE;
132
133 fail:
134 wine_dlclose( libgnutls_handle, NULL, 0 );
135 libgnutls_handle = NULL;
136 return FALSE;
137 }
138
139 static void gnutls_uninitialize(void)
140 {
141 pgnutls_global_deinit();
142 wine_dlclose( libgnutls_handle, NULL, 0 );
143 libgnutls_handle = NULL;
144 }
145 #endif /* HAVE_GNUTLS_CIPHER_INIT && !HAVE_COMMONCRYPTO_COMMONCRYPTOR_H */
146
147 NTSTATUS WINAPI BCryptAddContextFunction(ULONG table, LPCWSTR context, ULONG iface, LPCWSTR function, ULONG pos)
148 {
149 FIXME("%08x, %s, %08x, %s, %u: stub\n", table, debugstr_w(context), iface, debugstr_w(function), pos);
150 return STATUS_SUCCESS;
151 }
152
153 NTSTATUS WINAPI BCryptAddContextFunctionProvider(ULONG table, LPCWSTR context, ULONG iface, LPCWSTR function, LPCWSTR provider, ULONG pos)
154 {
155 FIXME("%08x, %s, %08x, %s, %s, %u: stub\n", table, debugstr_w(context), iface, debugstr_w(function), debugstr_w(provider), pos);
156 return STATUS_SUCCESS;
157 }
158
159 NTSTATUS WINAPI BCryptRemoveContextFunction(ULONG table, LPCWSTR context, ULONG iface, LPCWSTR function)
160 {
161 FIXME("%08x, %s, %08x, %s: stub\n", table, debugstr_w(context), iface, debugstr_w(function));
162 return STATUS_NOT_IMPLEMENTED;
163 }
164
165 NTSTATUS WINAPI BCryptRemoveContextFunctionProvider(ULONG table, LPCWSTR context, ULONG iface, LPCWSTR function, LPCWSTR provider)
166 {
167 FIXME("%08x, %s, %08x, %s, %s: stub\n", table, debugstr_w(context), iface, debugstr_w(function), debugstr_w(provider));
168 return STATUS_NOT_IMPLEMENTED;
169 }
170
171 NTSTATUS WINAPI BCryptRegisterProvider(LPCWSTR provider, ULONG flags, PCRYPT_PROVIDER_REG reg)
172 {
173 FIXME("%s, %08x, %p: stub\n", debugstr_w(provider), flags, reg);
174 return STATUS_SUCCESS;
175 }
176
177 NTSTATUS WINAPI BCryptUnregisterProvider(LPCWSTR provider)
178 {
179 FIXME("%s: stub\n", debugstr_w(provider));
180 return STATUS_NOT_IMPLEMENTED;
181 }
182
183 NTSTATUS WINAPI BCryptEnumAlgorithms(ULONG dwAlgOperations, ULONG *pAlgCount,
184 BCRYPT_ALGORITHM_IDENTIFIER **ppAlgList, ULONG dwFlags)
185 {
186 FIXME("%08x, %p, %p, %08x - stub\n", dwAlgOperations, pAlgCount, ppAlgList, dwFlags);
187
188 *ppAlgList=NULL;
189 *pAlgCount=0;
190
191 return STATUS_NOT_IMPLEMENTED;
192 }
193
194 #define MAGIC_ALG (('A' << 24) | ('L' << 16) | ('G' << 8) | '0')
195 #define MAGIC_HASH (('H' << 24) | ('A' << 16) | ('S' << 8) | 'H')
196 #define MAGIC_KEY (('K' << 24) | ('E' << 16) | ('Y' << 8) | '0')
197 struct object
198 {
199 ULONG magic;
200 };
201
202 enum alg_id
203 {
204 ALG_ID_AES,
205 ALG_ID_MD2,
206 ALG_ID_MD4,
207 ALG_ID_MD5,
208 ALG_ID_RNG,
209 ALG_ID_SHA1,
210 ALG_ID_SHA256,
211 ALG_ID_SHA384,
212 ALG_ID_SHA512
213 };
214
215 enum mode_id
216 {
217 MODE_ID_CBC,
218 MODE_ID_GCM
219 };
220
221 #define MAX_HASH_OUTPUT_BYTES 64
222 #define MAX_HASH_BLOCK_BITS 1024
223
224 static const struct {
225 ULONG object_length;
226 ULONG hash_length;
227 ULONG block_bits;
228 const WCHAR *alg_name;
229 } alg_props[] = {
230 /* ALG_ID_AES */ { 654, 0, 0, BCRYPT_AES_ALGORITHM },
231 /* ALG_ID_MD2 */ { 270, 16, 128, BCRYPT_MD2_ALGORITHM },
232 /* ALG_ID_MD4 */ { 270, 16, 512, BCRYPT_MD4_ALGORITHM },
233 /* ALG_ID_MD5 */ { 274, 16, 512, BCRYPT_MD5_ALGORITHM },
234 /* ALG_ID_RNG */ { 0, 0, 0, BCRYPT_RNG_ALGORITHM },
235 /* ALG_ID_SHA1 */ { 278, 20, 512, BCRYPT_SHA1_ALGORITHM },
236 /* ALG_ID_SHA256 */ { 286, 32, 512, BCRYPT_SHA256_ALGORITHM },
237 /* ALG_ID_SHA384 */ { 382, 48, 1024, BCRYPT_SHA384_ALGORITHM },
238 /* ALG_ID_SHA512 */ { 382, 64, 1024, BCRYPT_SHA512_ALGORITHM }
239 };
240
241 struct algorithm
242 {
243 struct object hdr;
244 enum alg_id id;
245 enum mode_id mode;
246 BOOL hmac;
247 };
248
249 NTSTATUS WINAPI BCryptGenRandom(BCRYPT_ALG_HANDLE handle, UCHAR *buffer, ULONG count, ULONG flags)
250 {
251 const DWORD supported_flags = BCRYPT_USE_SYSTEM_PREFERRED_RNG;
252 struct algorithm *algorithm = handle;
253
254 TRACE("%p, %p, %u, %08x - semi-stub\n", handle, buffer, count, flags);
255
256 if (!algorithm)
257 {
258 /* It's valid to call without an algorithm if BCRYPT_USE_SYSTEM_PREFERRED_RNG
259 * is set. In this case the preferred system RNG is used.
260 */
261 if (!(flags & BCRYPT_USE_SYSTEM_PREFERRED_RNG))
262 return STATUS_INVALID_HANDLE;
263 }
264 else if (algorithm->hdr.magic != MAGIC_ALG || algorithm->id != ALG_ID_RNG)
265 return STATUS_INVALID_HANDLE;
266
267 if (!buffer)
268 return STATUS_INVALID_PARAMETER;
269
270 if (flags & ~supported_flags)
271 FIXME("unsupported flags %08x\n", flags & ~supported_flags);
272
273 if (algorithm)
274 FIXME("ignoring selected algorithm\n");
275
276 /* When zero bytes are requested the function returns success too. */
277 if (!count)
278 return STATUS_SUCCESS;
279
280 if (algorithm || (flags & BCRYPT_USE_SYSTEM_PREFERRED_RNG))
281 {
282 if (RtlGenRandom(buffer, count))
283 return STATUS_SUCCESS;
284 }
285
286 FIXME("called with unsupported parameters, returning error\n");
287 return STATUS_NOT_IMPLEMENTED;
288 }
289
290 NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR id, LPCWSTR implementation, DWORD flags )
291 {
292 const DWORD supported_flags = BCRYPT_ALG_HANDLE_HMAC_FLAG;
293 struct algorithm *alg;
294 enum alg_id alg_id;
295
296 TRACE( "%p, %s, %s, %08x\n", handle, wine_dbgstr_w(id), wine_dbgstr_w(implementation), flags );
297
298 if (!handle || !id) return STATUS_INVALID_PARAMETER;
299 if (flags & ~supported_flags)
300 {
301 FIXME( "unsupported flags %08x\n", flags & ~supported_flags);
302 return STATUS_NOT_IMPLEMENTED;
303 }
304
305 if (!strcmpW( id, BCRYPT_AES_ALGORITHM )) alg_id = ALG_ID_AES;
306 else if (!strcmpW( id, BCRYPT_MD2_ALGORITHM )) alg_id = ALG_ID_MD2;
307 else if (!strcmpW( id, BCRYPT_MD4_ALGORITHM )) alg_id = ALG_ID_MD4;
308 else if (!strcmpW( id, BCRYPT_MD5_ALGORITHM )) alg_id = ALG_ID_MD5;
309 else if (!strcmpW( id, BCRYPT_RNG_ALGORITHM )) alg_id = ALG_ID_RNG;
310 else if (!strcmpW( id, BCRYPT_SHA1_ALGORITHM )) alg_id = ALG_ID_SHA1;
311 else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256;
312 else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384;
313 else if (!strcmpW( id, BCRYPT_SHA512_ALGORITHM )) alg_id = ALG_ID_SHA512;
314 else
315 {
316 FIXME( "algorithm %s not supported\n", debugstr_w(id) );
317 return STATUS_NOT_IMPLEMENTED;
318 }
319 if (implementation && strcmpW( implementation, MS_PRIMITIVE_PROVIDER ))
320 {
321 FIXME( "implementation %s not supported\n", debugstr_w(implementation) );
322 return STATUS_NOT_IMPLEMENTED;
323 }
324
325 if (!(alg = heap_alloc( sizeof(*alg) ))) return STATUS_NO_MEMORY;
326 alg->hdr.magic = MAGIC_ALG;
327 alg->id = alg_id;
328 alg->mode = MODE_ID_CBC;
329 alg->hmac = flags & BCRYPT_ALG_HANDLE_HMAC_FLAG;
330
331 *handle = alg;
332 return STATUS_SUCCESS;
333 }
334
335 NTSTATUS WINAPI BCryptCloseAlgorithmProvider( BCRYPT_ALG_HANDLE handle, DWORD flags )
336 {
337 struct algorithm *alg = handle;
338
339 TRACE( "%p, %08x\n", handle, flags );
340
341 if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE;
342 heap_free( alg );
343 return STATUS_SUCCESS;
344 }
345
346 NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *enabled)
347 {
348 FIXME("%p - semi-stub\n", enabled);
349
350 if (!enabled)
351 return STATUS_INVALID_PARAMETER;
352
353 *enabled = FALSE;
354 return STATUS_SUCCESS;
355 }
356
357 struct hash_impl
358 {
359 union
360 {
361 MD2_CTX md2;
362 MD4_CTX md4;
363 MD5_CTX md5;
364 SHA_CTX sha1;
365 SHA256_CTX sha256;
366 SHA512_CTX sha512;
367 } u;
368 };
369
370 static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
371 {
372 switch (alg_id)
373 {
374 case ALG_ID_MD2:
375 md2_init( &hash->u.md2 );
376 break;
377
378 case ALG_ID_MD4:
379 MD4Init( &hash->u.md4 );
380 break;
381
382 case ALG_ID_MD5:
383 MD5Init( &hash->u.md5 );
384 break;
385
386 case ALG_ID_SHA1:
387 A_SHAInit( &hash->u.sha1 );
388 break;
389
390 case ALG_ID_SHA256:
391 sha256_init( &hash->u.sha256 );
392 break;
393
394 case ALG_ID_SHA384:
395 sha384_init( &hash->u.sha512 );
396 break;
397
398 case ALG_ID_SHA512:
399 sha512_init( &hash->u.sha512 );
400 break;
401
402 default:
403 ERR( "unhandled id %u\n", alg_id );
404 return STATUS_NOT_IMPLEMENTED;
405 }
406 return STATUS_SUCCESS;
407 }
408
409 static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
410 UCHAR *input, ULONG size )
411 {
412 switch (alg_id)
413 {
414 case ALG_ID_MD2:
415 md2_update( &hash->u.md2, input, size );
416 break;
417
418 case ALG_ID_MD4:
419 MD4Update( &hash->u.md4, input, size );
420 break;
421
422 case ALG_ID_MD5:
423 MD5Update( &hash->u.md5, input, size );
424 break;
425
426 case ALG_ID_SHA1:
427 A_SHAUpdate( &hash->u.sha1, input, size );
428 break;
429
430 case ALG_ID_SHA256:
431 sha256_update( &hash->u.sha256, input, size );
432 break;
433
434 case ALG_ID_SHA384:
435 sha384_update( &hash->u.sha512, input, size );
436 break;
437
438 case ALG_ID_SHA512:
439 sha512_update( &hash->u.sha512, input, size );
440 break;
441
442 default:
443 ERR( "unhandled id %u\n", alg_id );
444 return STATUS_NOT_IMPLEMENTED;
445 }
446 return STATUS_SUCCESS;
447 }
448
449 static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
450 UCHAR *output, ULONG size )
451 {
452 switch (alg_id)
453 {
454 case ALG_ID_MD2:
455 md2_finalize( &hash->u.md2, output );
456 break;
457
458 case ALG_ID_MD4:
459 MD4Final( &hash->u.md4 );
460 memcpy( output, hash->u.md4.digest, 16 );
461 break;
462
463 case ALG_ID_MD5:
464 MD5Final( &hash->u.md5 );
465 memcpy( output, hash->u.md5.digest, 16 );
466 break;
467
468 case ALG_ID_SHA1:
469 A_SHAFinal( &hash->u.sha1, (ULONG *)output );
470 break;
471
472 case ALG_ID_SHA256:
473 sha256_finalize( &hash->u.sha256, output );
474 break;
475
476 case ALG_ID_SHA384:
477 sha384_finalize( &hash->u.sha512, output );
478 break;
479
480 case ALG_ID_SHA512:
481 sha512_finalize( &hash->u.sha512, output );
482 break;
483
484 default:
485 ERR( "unhandled id %u\n", alg_id );
486 return STATUS_NOT_IMPLEMENTED;
487 }
488 return STATUS_SUCCESS;
489 }
490
491 struct hash
492 {
493 struct object hdr;
494 enum alg_id alg_id;
495 BOOL hmac;
496 struct hash_impl outer;
497 struct hash_impl inner;
498 };
499
500 #define BLOCK_LENGTH_AES 16
501
502 static NTSTATUS generic_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
503 {
504 if (!strcmpW( prop, BCRYPT_OBJECT_LENGTH ))
505 {
506 if (!alg_props[id].object_length)
507 return STATUS_NOT_SUPPORTED;
508 *ret_size = sizeof(ULONG);
509 if (size < sizeof(ULONG))
510 return STATUS_BUFFER_TOO_SMALL;
511 if (buf)
512 *(ULONG *)buf = alg_props[id].object_length;
513 return STATUS_SUCCESS;
514 }
515
516 if (!strcmpW( prop, BCRYPT_HASH_LENGTH ))
517 {
518 if (!alg_props[id].hash_length)
519 return STATUS_NOT_SUPPORTED;
520 *ret_size = sizeof(ULONG);
521 if (size < sizeof(ULONG))
522 return STATUS_BUFFER_TOO_SMALL;
523 if(buf)
524 *(ULONG*)buf = alg_props[id].hash_length;
525 return STATUS_SUCCESS;
526 }
527
528 if (!strcmpW( prop, BCRYPT_ALGORITHM_NAME ))
529 {
530 *ret_size = (strlenW(alg_props[id].alg_name)+1)*sizeof(WCHAR);
531 if (size < *ret_size)
532 return STATUS_BUFFER_TOO_SMALL;
533 if(buf)
534 memcpy(buf, alg_props[id].alg_name, *ret_size);
535 return STATUS_SUCCESS;
536 }
537
538 return STATUS_NOT_IMPLEMENTED;
539 }
540
541 static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
542 {
543 NTSTATUS status;
544
545 status = generic_alg_property( alg->id, prop, buf, size, ret_size );
546 if (status != STATUS_NOT_IMPLEMENTED)
547 return status;
548
549 switch (alg->id)
550 {
551 case ALG_ID_AES:
552 if (!strcmpW( prop, BCRYPT_BLOCK_LENGTH ))
553 {
554 *ret_size = sizeof(ULONG);
555 if (size < sizeof(ULONG))
556 return STATUS_BUFFER_TOO_SMALL;
557 if (buf)
558 *(ULONG *)buf = BLOCK_LENGTH_AES;
559 return STATUS_SUCCESS;
560 }
561 if (!strcmpW( prop, BCRYPT_CHAINING_MODE ))
562 {
563 const WCHAR *mode;
564 switch (alg->mode)
565 {
566 case MODE_ID_GCM: mode = BCRYPT_CHAIN_MODE_GCM; break;
567 case MODE_ID_CBC: mode = BCRYPT_CHAIN_MODE_CBC; break;
568 default: return STATUS_NOT_IMPLEMENTED;
569 }
570
571 *ret_size = 64;
572 if (size < *ret_size) return STATUS_BUFFER_TOO_SMALL;
573 memcpy( buf, mode, (strlenW(mode) + 1) * sizeof(WCHAR) );
574 return STATUS_SUCCESS;
575 }
576 if (!strcmpW( prop, BCRYPT_KEY_LENGTHS ))
577 {
578 BCRYPT_KEY_LENGTHS_STRUCT *key_lengths = (void *)buf;
579 *ret_size = sizeof(*key_lengths);
580 if (key_lengths && size < *ret_size) return STATUS_BUFFER_TOO_SMALL;
581 if (key_lengths)
582 {
583 key_lengths->dwMinLength = 128;
584 key_lengths->dwMaxLength = 256;
585 key_lengths->dwIncrement = 64;
586 }
587 return STATUS_SUCCESS;
588 }
589 if (!strcmpW( prop, BCRYPT_AUTH_TAG_LENGTH ))
590 {
591 BCRYPT_AUTH_TAG_LENGTHS_STRUCT *tag_length = (void *)buf;
592 if (alg->mode != MODE_ID_GCM) return STATUS_NOT_SUPPORTED;
593 *ret_size = sizeof(*tag_length);
594 if (tag_length && size < *ret_size) return STATUS_BUFFER_TOO_SMALL;
595 if (tag_length)
596 {
597 tag_length->dwMinLength = 12;
598 tag_length->dwMaxLength = 16;
599 tag_length->dwIncrement = 1;
600 }
601 return STATUS_SUCCESS;
602 }
603 break;
604
605 default:
606 break;
607 }
608
609 FIXME( "unsupported property %s\n", debugstr_w(prop) );
610 return STATUS_NOT_IMPLEMENTED;
611 }
612
613 static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
614 {
615 switch (alg->id)
616 {
617 case ALG_ID_AES:
618 if (!strcmpW( prop, BCRYPT_CHAINING_MODE ))
619 {
620 if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size ))
621 {
622 alg->mode = MODE_ID_CBC;
623 return STATUS_SUCCESS;
624 }
625 else if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_GCM, size ))
626 {
627 alg->mode = MODE_ID_GCM;
628 return STATUS_SUCCESS;
629 }
630 else
631 {
632 FIXME( "unsupported mode %s\n", debugstr_wn( (WCHAR *)value, size ) );
633 return STATUS_NOT_IMPLEMENTED;
634 }
635 }
636 FIXME( "unsupported aes algorithm property %s\n", debugstr_w(prop) );
637 return STATUS_NOT_IMPLEMENTED;
638
639 default:
640 FIXME( "unsupported algorithm %u\n", alg->id );
641 return STATUS_NOT_IMPLEMENTED;
642 }
643 }
644
645 static NTSTATUS get_hash_property( const struct hash *hash, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
646 {
647 NTSTATUS status;
648
649 status = generic_alg_property( hash->alg_id, prop, buf, size, ret_size );
650 if (status == STATUS_NOT_IMPLEMENTED)
651 FIXME( "unsupported property %s\n", debugstr_w(prop) );
652 return status;
653 }
654
655 NTSTATUS WINAPI BCryptGetProperty( BCRYPT_HANDLE handle, LPCWSTR prop, UCHAR *buffer, ULONG count, ULONG *res, ULONG flags )
656 {
657 struct object *object = handle;
658
659 TRACE( "%p, %s, %p, %u, %p, %08x\n", handle, wine_dbgstr_w(prop), buffer, count, res, flags );
660
661 if (!object) return STATUS_INVALID_HANDLE;
662 if (!prop || !res) return STATUS_INVALID_PARAMETER;
663
664 switch (object->magic)
665 {
666 case MAGIC_ALG:
667 {
668 const struct algorithm *alg = (const struct algorithm *)object;
669 return get_alg_property( alg, prop, buffer, count, res );
670 }
671 case MAGIC_HASH:
672 {
673 const struct hash *hash = (const struct hash *)object;
674 return get_hash_property( hash, prop, buffer, count, res );
675 }
676 default:
677 WARN( "unknown magic %08x\n", object->magic );
678 return STATUS_INVALID_HANDLE;
679 }
680 }
681
682 NTSTATUS WINAPI BCryptCreateHash( BCRYPT_ALG_HANDLE algorithm, BCRYPT_HASH_HANDLE *handle, UCHAR *object, ULONG objectlen,
683 UCHAR *secret, ULONG secretlen, ULONG flags )
684 {
685 struct algorithm *alg = algorithm;
686 UCHAR buffer[MAX_HASH_BLOCK_BITS / 8] = {0};
687 struct hash *hash;
688 int block_bytes;
689 NTSTATUS status;
690 int i;
691
692 TRACE( "%p, %p, %p, %u, %p, %u, %08x - stub\n", algorithm, handle, object, objectlen,
693 secret, secretlen, flags );
694 if (flags)
695 {
696 FIXME( "unimplemented flags %08x\n", flags );
697 return STATUS_NOT_IMPLEMENTED;
698 }
699
700 if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE;
701 if (object) FIXME( "ignoring object buffer\n" );
702
703 if (!(hash = heap_alloc( sizeof(*hash) ))) return STATUS_NO_MEMORY;
704 hash->hdr.magic = MAGIC_HASH;
705 hash->alg_id = alg->id;
706 hash->hmac = alg->hmac;
707
708 /* initialize hash */
709 if ((status = hash_init( &hash->inner, hash->alg_id ))) goto end;
710 if (!hash->hmac) goto end;
711
712 /* initialize hmac */
713 if ((status = hash_init( &hash->outer, hash->alg_id ))) goto end;
714 block_bytes = alg_props[hash->alg_id].block_bits / 8;
715 if (secretlen > block_bytes)
716 {
717 struct hash_impl temp;
718 if ((status = hash_init( &temp, hash->alg_id ))) goto end;
719 if ((status = hash_update( &temp, hash->alg_id, secret, secretlen ))) goto end;
720 if ((status = hash_finish( &temp, hash->alg_id, buffer,
721 alg_props[hash->alg_id].hash_length ))) goto end;
722 }
723 else
724 {
725 memcpy( buffer, secret, secretlen );
726 }
727 for (i = 0; i < block_bytes; i++) buffer[i] ^= 0x5c;
728 if ((status = hash_update( &hash->outer, hash->alg_id, buffer, block_bytes ))) goto end;
729 for (i = 0; i < block_bytes; i++) buffer[i] ^= (0x5c ^ 0x36);
730 status = hash_update( &hash->inner, hash->alg_id, buffer, block_bytes );
731
732 end:
733 if (status != STATUS_SUCCESS)
734 {
735 heap_free( hash );
736 return status;
737 }
738
739 *handle = hash;
740 return STATUS_SUCCESS;
741 }
742
743 NTSTATUS WINAPI BCryptDuplicateHash( BCRYPT_HASH_HANDLE handle, BCRYPT_HASH_HANDLE *handle_copy,
744 UCHAR *object, ULONG objectlen, ULONG flags )
745 {
746 struct hash *hash_orig = handle;
747 struct hash *hash_copy;
748
749 TRACE( "%p, %p, %p, %u, %u\n", handle, handle_copy, object, objectlen, flags );
750
751 if (!hash_orig || hash_orig->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
752 if (!handle_copy) return STATUS_INVALID_PARAMETER;
753 if (object) FIXME( "ignoring object buffer\n" );
754
755 if (!(hash_copy = heap_alloc( sizeof(*hash_copy) )))
756 return STATUS_NO_MEMORY;
757
758 memcpy( hash_copy, hash_orig, sizeof(*hash_orig) );
759
760 *handle_copy = hash_copy;
761 return STATUS_SUCCESS;
762 }
763
764 NTSTATUS WINAPI BCryptDestroyHash( BCRYPT_HASH_HANDLE handle )
765 {
766 struct hash *hash = handle;
767
768 TRACE( "%p\n", handle );
769
770 if (!hash || hash->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
771 heap_free( hash );
772 return STATUS_SUCCESS;
773 }
774
775 NTSTATUS WINAPI BCryptHashData( BCRYPT_HASH_HANDLE handle, UCHAR *input, ULONG size, ULONG flags )
776 {
777 struct hash *hash = handle;
778
779 TRACE( "%p, %p, %u, %08x\n", handle, input, size, flags );
780
781 if (!hash || hash->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
782 if (!input) return STATUS_SUCCESS;
783
784 return hash_update( &hash->inner, hash->alg_id, input, size );
785 }
786
787 NTSTATUS WINAPI BCryptFinishHash( BCRYPT_HASH_HANDLE handle, UCHAR *output, ULONG size, ULONG flags )
788 {
789 UCHAR buffer[MAX_HASH_OUTPUT_BYTES];
790 struct hash *hash = handle;
791 NTSTATUS status;
792 int hash_length;
793
794 TRACE( "%p, %p, %u, %08x\n", handle, output, size, flags );
795
796 if (!hash || hash->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
797 if (!output) return STATUS_INVALID_PARAMETER;
798
799 if (!hash->hmac)
800 return hash_finish( &hash->inner, hash->alg_id, output, size );
801
802 hash_length = alg_props[hash->alg_id].hash_length;
803 if ((status = hash_finish( &hash->inner, hash->alg_id, buffer, hash_length ))) return status;
804 if ((status = hash_update( &hash->outer, hash->alg_id, buffer, hash_length ))) return status;
805 return hash_finish( &hash->outer, hash->alg_id, output, size );
806 }
807
808 NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE algorithm, UCHAR *secret, ULONG secretlen,
809 UCHAR *input, ULONG inputlen, UCHAR *output, ULONG outputlen )
810 {
811 NTSTATUS status;
812 BCRYPT_HASH_HANDLE handle;
813
814 TRACE( "%p, %p, %u, %p, %u, %p, %u\n", algorithm, secret, secretlen,
815 input, inputlen, output, outputlen );
816
817 status = BCryptCreateHash( algorithm, &handle, NULL, 0, secret, secretlen, 0);
818 if (status != STATUS_SUCCESS)
819 {
820 return status;
821 }
822
823 status = BCryptHashData( handle, input, inputlen, 0 );
824 if (status != STATUS_SUCCESS)
825 {
826 BCryptDestroyHash( handle );
827 return status;
828 }
829
830 status = BCryptFinishHash( handle, output, outputlen, 0 );
831 if (status != STATUS_SUCCESS)
832 {
833 BCryptDestroyHash( handle );
834 return status;
835 }
836
837 return BCryptDestroyHash( handle );
838 }
839
840 #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
841 struct key
842 {
843 struct object hdr;
844 enum alg_id alg_id;
845 enum mode_id mode;
846 ULONG block_size;
847 gnutls_cipher_hd_t handle;
848 UCHAR *secret;
849 ULONG secret_len;
850 };
851 #elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
852 struct key
853 {
854 struct object hdr;
855 enum alg_id alg_id;
856 enum mode_id mode;
857 ULONG block_size;
858 CCCryptorRef ref_encrypt;
859 CCCryptorRef ref_decrypt;
860 UCHAR *secret;
861 ULONG secret_len;
862 };
863 #else
864 struct key
865 {
866 struct object hdr;
867 enum mode_id mode;
868 ULONG block_size;
869 };
870 #endif
871
872 #if defined(HAVE_GNUTLS_CIPHER_INIT) || defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
873 static ULONG get_block_size( struct algorithm *alg )
874 {
875 ULONG ret = 0, size = sizeof(ret);
876 get_alg_property( alg, BCRYPT_BLOCK_LENGTH, (UCHAR *)&ret, sizeof(ret), &size );
877 return ret;
878 }
879 static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, ULONG output_len, ULONG *size )
880 {
881 if (!strcmpW( type, BCRYPT_KEY_DATA_BLOB ))
882 {
883 BCRYPT_KEY_DATA_BLOB_HEADER *header = (BCRYPT_KEY_DATA_BLOB_HEADER *)output;
884 ULONG req_size = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + key->secret_len;
885
886 *size = req_size;
887 if (output_len < req_size) return STATUS_BUFFER_TOO_SMALL;
888
889 header->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC;
890 header->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1;
891 header->cbKeyData = key->secret_len;
892 memcpy( &header[1], key->secret, key->secret_len );
893 return STATUS_SUCCESS;
894 }
895
896 FIXME( "unsupported key type %s\n", debugstr_w(type) );
897 return STATUS_NOT_IMPLEMENTED;
898 }
899 #endif
900
901 #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
902 static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len )
903 {
904 UCHAR *buffer;
905
906 if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
907
908 switch (alg->id)
909 {
910 case ALG_ID_AES:
911 break;
912
913 default:
914 FIXME( "algorithm %u not supported\n", alg->id );
915 return STATUS_NOT_SUPPORTED;
916 }
917
918 if (!(key->block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER;
919 if (!(buffer = heap_alloc( secret_len ))) return STATUS_NO_MEMORY;
920 memcpy( buffer, secret, secret_len );
921
922 key->alg_id = alg->id;
923 key->mode = alg->mode;
924 key->handle = 0; /* initialized on first use */
925 key->secret = buffer;
926 key->secret_len = secret_len;
927
928 return STATUS_SUCCESS;
929 }
930
931 static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
932 {
933 if (!strcmpW( prop, BCRYPT_CHAINING_MODE ))
934 {
935 if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size ))
936 {
937 key->mode = MODE_ID_CBC;
938 return STATUS_SUCCESS;
939 }
940 else if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_GCM, size ))
941 {
942 key->mode = MODE_ID_GCM;
943 return STATUS_SUCCESS;
944 }
945 else
946 {
947 FIXME( "unsupported mode %s\n", debugstr_wn( (WCHAR *)value, size ) );
948 return STATUS_NOT_IMPLEMENTED;
949 }
950 }
951
952 FIXME( "unsupported key property %s\n", debugstr_w(prop) );
953 return STATUS_NOT_IMPLEMENTED;
954 }
955
956 static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
957 {
958 switch (key->alg_id)
959 {
960 case ALG_ID_AES:
961 WARN( "handle block size\n" );
962 switch (key->mode)
963 {
964 case MODE_ID_GCM: return GNUTLS_CIPHER_AES_128_GCM;
965 case MODE_ID_CBC:
966 default: return GNUTLS_CIPHER_AES_128_CBC;
967 }
968 default:
969 FIXME( "algorithm %u not supported\n", key->alg_id );
970 return GNUTLS_CIPHER_UNKNOWN;
971 }
972 }
973
974 static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
975 {
976 gnutls_cipher_algorithm_t cipher;
977 gnutls_datum_t secret, vector;
978 int ret;
979
980 if (key->handle)
981 {
982 pgnutls_cipher_deinit( key->handle );
983 key->handle = NULL;
984 }
985
986 if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN)
987 return STATUS_NOT_SUPPORTED;
988
989 secret.data = key->secret;
990 secret.size = key->secret_len;
991 if (iv)
992 {
993 vector.data = iv;
994 vector.size = iv_len;
995 }
996
997 if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, iv ? &vector : NULL )))
998 {
999 pgnutls_perror( ret );
1000 return STATUS_INTERNAL_ERROR;
1001 }
1002
1003 return STATUS_SUCCESS;
1004 }
1005
1006 static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
1007 ULONG output_len )
1008 {
1009 int ret;
1010
1011 if ((ret = pgnutls_cipher_encrypt2( key->handle, input, input_len, output, output_len )))
1012 {
1013 pgnutls_perror( ret );
1014 return STATUS_INTERNAL_ERROR;
1015 }
1016
1017 return STATUS_SUCCESS;
1018 }
1019
1020 static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
1021 ULONG output_len )
1022 {
1023 int ret;
1024
1025 if ((ret = pgnutls_cipher_decrypt2( key->handle, input, input_len, output, output_len )))
1026 {
1027 pgnutls_perror( ret );
1028 return STATUS_INTERNAL_ERROR;
1029 }
1030
1031 return STATUS_SUCCESS;
1032 }
1033
1034 static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
1035 {
1036 int ret;
1037
1038 if ((ret = pgnutls_cipher_tag( key->handle, tag, len )))
1039 {
1040 pgnutls_perror( ret );
1041 return STATUS_INTERNAL_ERROR;
1042 }
1043
1044 return STATUS_SUCCESS;
1045 }
1046
1047 static NTSTATUS key_destroy( struct key *key )
1048 {
1049 if (key->handle) pgnutls_cipher_deinit( key->handle );
1050 heap_free( key->secret );
1051 heap_free( key );
1052 return STATUS_SUCCESS;
1053 }
1054 #elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
1055 static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len )
1056 {
1057 UCHAR *buffer;
1058
1059 switch (alg->id)
1060 {
1061 case ALG_ID_AES:
1062 switch (alg->mode)
1063 {
1064 case MODE_ID_CBC:
1065 break;
1066 default:
1067 FIXME( "mode %u not supported\n", alg->mode );
1068 return STATUS_NOT_SUPPORTED;
1069 }
1070 break;
1071
1072 default:
1073 FIXME( "algorithm %u not supported\n", alg->id );
1074 return STATUS_NOT_SUPPORTED;
1075 }
1076
1077 if (!(key->block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER;
1078 if (!(buffer = heap_alloc( secret_len ))) return STATUS_NO_MEMORY;
1079 memcpy( buffer, secret, secret_len );
1080
1081 key->alg_id = alg->id;
1082 key->mode = alg->mode;
1083 key->ref_encrypt = NULL; /* initialized on first use */
1084 key->ref_decrypt = NULL;
1085 key->secret = buffer;
1086 key->secret_len = secret_len;
1087
1088 return STATUS_SUCCESS;
1089 }
1090
1091 static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
1092 {
1093 FIXME( "not implemented on Mac\n" );
1094 return STATUS_NOT_IMPLEMENTED;
1095 }
1096
1097 static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
1098 {
1099 CCCryptorStatus status;
1100
1101 if (key->ref_encrypt)
1102 {
1103 CCCryptorRelease( key->ref_encrypt );
1104 key->ref_encrypt = NULL;
1105 }
1106 if (key->ref_decrypt)
1107 {
1108 CCCryptorRelease( key->ref_decrypt );
1109 key->ref_decrypt = NULL;
1110 }
1111
1112 if ((status = CCCryptorCreateWithMode( kCCEncrypt, kCCModeCBC, kCCAlgorithmAES128, ccNoPadding, iv,
1113 key->secret, key->secret_len, NULL, 0, 0, 0, &key->ref_encrypt )) != kCCSuccess)
1114 {
1115 WARN( "CCCryptorCreateWithMode failed %d\n", status );
1116 return STATUS_INTERNAL_ERROR;
1117 }
1118 if ((status = CCCryptorCreateWithMode( kCCDecrypt, kCCModeCBC, kCCAlgorithmAES128, ccNoPadding, iv,
1119 key->secret, key->secret_len, NULL, 0, 0, 0, &key->ref_decrypt )) != kCCSuccess)
1120 {
1121 WARN( "CCCryptorCreateWithMode failed %d\n", status );
1122 CCCryptorRelease( key->ref_encrypt );
1123 key->ref_encrypt = NULL;
1124 return STATUS_INTERNAL_ERROR;
1125 }
1126
1127 return STATUS_SUCCESS;
1128 }
1129
1130 static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
1131 ULONG output_len )
1132 {
1133 CCCryptorStatus status;
1134
1135 if ((status = CCCryptorUpdate( key->ref_encrypt, input, input_len, output, output_len, NULL )) != kCCSuccess)
1136 {
1137 WARN( "CCCryptorUpdate failed %d\n", status );
1138 return STATUS_INTERNAL_ERROR;
1139 }
1140
1141 return STATUS_SUCCESS;
1142 }
1143
1144 static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
1145 ULONG output_len )
1146 {
1147 CCCryptorStatus status;
1148
1149 if ((status = CCCryptorUpdate( key->ref_decrypt, input, input_len, output, output_len, NULL )) != kCCSuccess)
1150 {
1151 WARN( "CCCryptorUpdate failed %d\n", status );
1152 return STATUS_INTERNAL_ERROR;
1153 }
1154
1155 return STATUS_SUCCESS;
1156 }
1157
1158 static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
1159 {
1160 FIXME( "not implemented on Mac\n" );
1161 return STATUS_NOT_IMPLEMENTED;
1162 }
1163
1164 static NTSTATUS key_destroy( struct key *key )
1165 {
1166 if (key->ref_encrypt) CCCryptorRelease( key->ref_encrypt );
1167 if (key->ref_decrypt) CCCryptorRelease( key->ref_decrypt );
1168 heap_free( key->secret );
1169 heap_free( key );
1170 return STATUS_SUCCESS;
1171 }
1172 #else
1173 static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len )
1174 {
1175 ERR( "support for keys not available at build time\n" );
1176 return STATUS_NOT_IMPLEMENTED;
1177 }
1178
1179 static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
1180 {
1181 ERR( "support for keys not available at build time\n" );
1182 return STATUS_NOT_IMPLEMENTED;
1183 }
1184
1185 static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
1186 {
1187 ERR( "support for keys not available at build time\n" );
1188 return STATUS_NOT_IMPLEMENTED;
1189 }
1190
1191 static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
1192 ULONG output_len )
1193 {
1194 ERR( "support for keys not available at build time\n" );
1195 return STATUS_NOT_IMPLEMENTED;
1196 }
1197
1198 static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
1199 ULONG output_len )
1200 {
1201 ERR( "support for keys not available at build time\n" );
1202 return STATUS_NOT_IMPLEMENTED;
1203 }
1204
1205 static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
1206 {
1207 ERR( "support for keys not available at build time\n" );
1208 return STATUS_NOT_IMPLEMENTED;
1209 }
1210
1211 static NTSTATUS key_destroy( struct key *key )
1212 {
1213 ERR( "support for keys not available at build time\n" );
1214 return STATUS_NOT_IMPLEMENTED;
1215 }
1216
1217 static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, ULONG output_len, ULONG *size )
1218 {
1219 ERR( "support for keys not available at build time\n" );
1220 return STATUS_NOT_IMPLEMENTED;
1221 }
1222 #endif
1223
1224 NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE *handle,
1225 UCHAR *object, ULONG object_len, UCHAR *secret, ULONG secret_len,
1226 ULONG flags )
1227 {
1228 struct algorithm *alg = algorithm;
1229 struct key *key;
1230 NTSTATUS status;
1231
1232 TRACE( "%p, %p, %p, %u, %p, %u, %08x\n", algorithm, handle, object, object_len, secret, secret_len, flags );
1233
1234 if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE;
1235 if (object) FIXME( "ignoring object buffer\n" );
1236
1237 if (!(key = heap_alloc( sizeof(*key) ))) return STATUS_NO_MEMORY;
1238 key->hdr.magic = MAGIC_KEY;
1239
1240 if ((status = key_init( key, alg, secret, secret_len )))
1241 {
1242 heap_free( key );
1243 return status;
1244 }
1245
1246 *handle = key;
1247 return STATUS_SUCCESS;
1248 }
1249
1250 NTSTATUS WINAPI BCryptImportKey(BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE decrypt_key, LPCWSTR type,
1251 BCRYPT_KEY_HANDLE *key, PUCHAR object, ULONG object_len, PUCHAR input,
1252 ULONG input_len, ULONG flags)
1253 {
1254 struct algorithm *alg = algorithm;
1255
1256 TRACE("%p, %p, %s, %p, %p, %u, %p, %u, %u\n", algorithm, decrypt_key, debugstr_w(type), key, object,
1257 object_len, input, input_len, flags);
1258
1259 if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE;
1260 if (!key || !type || !input) return STATUS_INVALID_PARAMETER;
1261
1262 if (decrypt_key)
1263 {
1264 FIXME("Decrypting of key not yet supported\n");
1265 return STATUS_NO_MEMORY;
1266 }
1267
1268 if (!strcmpW(type, BCRYPT_KEY_DATA_BLOB))
1269 {
1270 BCRYPT_KEY_DATA_BLOB_HEADER *key_header = (BCRYPT_KEY_DATA_BLOB_HEADER*)input;
1271
1272 if (input_len < sizeof(BCRYPT_KEY_DATA_BLOB_HEADER))
1273 return STATUS_BUFFER_TOO_SMALL;
1274
1275 if (key_header->dwMagic != BCRYPT_KEY_DATA_BLOB_MAGIC)
1276 return STATUS_INVALID_PARAMETER;
1277
1278 if (key_header->dwVersion != BCRYPT_KEY_DATA_BLOB_VERSION1)
1279 {
1280 FIXME("Unknown key data blob version: %d\n", key_header->dwVersion);
1281 return STATUS_INVALID_PARAMETER;
1282 }
1283
1284 if (key_header->cbKeyData + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) > input_len)
1285 return STATUS_INVALID_PARAMETER;
1286
1287 return BCryptGenerateSymmetricKey(algorithm, key, object, object_len, (UCHAR*)&key_header[1], key_header->cbKeyData, 0);
1288 }
1289
1290 FIXME("Unsupported key type: %s\n", debugstr_w(type));
1291 return STATUS_INVALID_PARAMETER;
1292 }
1293
1294 NTSTATUS WINAPI BCryptExportKey(BCRYPT_KEY_HANDLE export_key, BCRYPT_KEY_HANDLE encrypt_key, LPCWSTR type,
1295 PUCHAR output, ULONG output_len, ULONG *size, ULONG flags)
1296 {
1297 struct key *key = export_key;
1298
1299 TRACE("%p, %p, %s, %p, %u, %p, %u\n", key, encrypt_key, debugstr_w(type), output, output_len, size, flags);
1300
1301 if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
1302 if (!output || !output_len || !size) return STATUS_INVALID_PARAMETER;
1303
1304 if (encrypt_key)
1305 {
1306 FIXME("Encryption of key not yet supported\n");
1307 return STATUS_NO_MEMORY;
1308 }
1309
1310 return key_export( key, type, output, output_len, size );
1311 }
1312
1313 NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle )
1314 {
1315 struct key *key = handle;
1316
1317 TRACE( "%p\n", handle );
1318
1319 if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
1320 return key_destroy( key );
1321 }
1322
1323 NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG input_len,
1324 void *padding, UCHAR *iv, ULONG iv_len, UCHAR *output,
1325 ULONG output_len, ULONG *ret_len, ULONG flags )
1326 {
1327 struct key *key = handle;
1328 ULONG bytes_left = input_len;
1329 UCHAR *buf, *src, *dst;
1330 NTSTATUS status;
1331
1332 TRACE( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
1333 padding, iv, iv_len, output, output_len, ret_len, flags );
1334
1335 if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
1336 if (flags & ~BCRYPT_BLOCK_PADDING)
1337 {
1338 FIXME( "flags %08x not implemented\n", flags );
1339 return STATUS_NOT_IMPLEMENTED;
1340 }
1341
1342 if (key->mode == MODE_ID_GCM)
1343 {
1344 BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
1345
1346 if (!auth_info) return STATUS_INVALID_PARAMETER;
1347 if (!auth_info->pbNonce) return STATUS_INVALID_PARAMETER;
1348 if (!auth_info->pbTag) return STATUS_INVALID_PARAMETER;
1349 if (auth_info->cbTag < 12 || auth_info->cbTag > 16) return STATUS_INVALID_PARAMETER;
1350 if (auth_info->dwFlags & BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG)
1351 FIXME( "call chaining not implemented\n" );
1352
1353 if ((status = key_set_params( key, auth_info->pbNonce, auth_info->cbNonce )))
1354 return status;
1355
1356 *ret_len = input_len;
1357 if (flags & BCRYPT_BLOCK_PADDING) return STATUS_INVALID_PARAMETER;
1358 if (!output) return STATUS_SUCCESS;
1359 if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
1360
1361 if ((status = key_encrypt( key, input, input_len, output, output_len )))
1362 return status;
1363
1364 return key_get_tag( key, auth_info->pbTag, auth_info->cbTag );
1365 }
1366
1367 if ((status = key_set_params( key, iv, iv_len ))) return status;
1368
1369 *ret_len = input_len;
1370
1371 if (flags & BCRYPT_BLOCK_PADDING)
1372 *ret_len = (input_len + key->block_size) & ~(key->block_size - 1);
1373 else if (input_len & (key->block_size - 1))
1374 return STATUS_INVALID_BUFFER_SIZE;
1375
1376 if (!output) return STATUS_SUCCESS;
1377 if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
1378
1379 src = input;
1380 dst = output;
1381 while (bytes_left >= key->block_size)
1382 {
1383 if ((status = key_encrypt( key, src, key->block_size, dst, key->block_size ))) return status;
1384 bytes_left -= key->block_size;
1385 src += key->block_size;
1386 dst += key->block_size;
1387 }
1388
1389 if (flags & BCRYPT_BLOCK_PADDING)
1390 {
1391 if (!(buf = heap_alloc( key->block_size ))) return STATUS_NO_MEMORY;
1392 memcpy( buf, src, bytes_left );
1393 memset( buf + bytes_left, key->block_size - bytes_left, key->block_size - bytes_left );
1394 status = key_encrypt( key, buf, key->block_size, dst, key->block_size );
1395 heap_free( buf );
1396 }
1397
1398 return status;
1399 }
1400
1401 NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG input_len,
1402 void *padding, UCHAR *iv, ULONG iv_len, UCHAR *output,
1403 ULONG output_len, ULONG *ret_len, ULONG flags )
1404 {
1405 struct key *key = handle;
1406 ULONG bytes_left = input_len;
1407 UCHAR *buf, *src, *dst;
1408 NTSTATUS status;
1409
1410 TRACE( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
1411 padding, iv, iv_len, output, output_len, ret_len, flags );
1412
1413 if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
1414 if (flags & ~BCRYPT_BLOCK_PADDING)
1415 {
1416 FIXME( "flags %08x not supported\n", flags );
1417 return STATUS_NOT_IMPLEMENTED;
1418 }
1419
1420 if (key->mode == MODE_ID_GCM)
1421 {
1422 BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
1423 UCHAR tag[16];
1424
1425 if (!auth_info) return STATUS_INVALID_PARAMETER;
1426 if (!auth_info->pbNonce) return STATUS_INVALID_PARAMETER;
1427 if (!auth_info->pbTag) return STATUS_INVALID_PARAMETER;
1428 if (auth_info->cbTag < 12 || auth_info->cbTag > 16) return STATUS_INVALID_PARAMETER;
1429
1430 if ((status = key_set_params( key, auth_info->pbNonce, auth_info->cbNonce )))
1431 return status;
1432
1433 *ret_len = input_len;
1434 if (flags & BCRYPT_BLOCK_PADDING) return STATUS_INVALID_PARAMETER;
1435 if (!output) return STATUS_SUCCESS;
1436 if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
1437
1438 if ((status = key_decrypt( key, input, input_len, output, output_len )))
1439 return status;
1440
1441 if ((status = key_get_tag( key, tag, sizeof(tag) )))
1442 return status;
1443 if (memcmp( tag, auth_info->pbTag, auth_info->cbTag ))
1444 return STATUS_AUTH_TAG_MISMATCH;
1445
1446 return STATUS_SUCCESS;
1447 }
1448
1449 if ((status = key_set_params( key, iv, iv_len ))) return status;
1450
1451 *ret_len = input_len;
1452
1453 if (input_len & (key->block_size - 1)) return STATUS_INVALID_BUFFER_SIZE;
1454 if (!output) return STATUS_SUCCESS;
1455 if (flags & BCRYPT_BLOCK_PADDING)
1456 {
1457 if (output_len + key->block_size < *ret_len) return STATUS_BUFFER_TOO_SMALL;
1458 if (input_len < key->block_size) return STATUS_BUFFER_TOO_SMALL;
1459 bytes_left -= key->block_size;
1460 }
1461 else if (output_len < *ret_len)
1462 return STATUS_BUFFER_TOO_SMALL;
1463
1464 src = input;
1465 dst = output;
1466 while (bytes_left >= key->block_size)
1467 {
1468 if ((status = key_decrypt( key, src, key->block_size, dst, key->block_size ))) return status;
1469 bytes_left -= key->block_size;
1470 src += key->block_size;
1471 dst += key->block_size;
1472 }
1473
1474 if (flags & BCRYPT_BLOCK_PADDING)
1475 {
1476 if (!(buf = heap_alloc( key->block_size ))) return STATUS_NO_MEMORY;
1477 status = key_decrypt( key, src, key->block_size, buf, key->block_size );
1478 if (!status && buf[ key->block_size - 1 ] <= key->block_size)
1479 {
1480 *ret_len -= buf[ key->block_size - 1 ];
1481 if (output_len < *ret_len) status = STATUS_BUFFER_TOO_SMALL;
1482 else memcpy( dst, buf, key->block_size - buf[ key->block_size - 1 ] );
1483 }
1484 else
1485 status = STATUS_UNSUCCESSFUL; /* FIXME: invalid padding */
1486 heap_free( buf );
1487 }
1488
1489 return status;
1490 }
1491
1492 NTSTATUS WINAPI BCryptSetProperty( BCRYPT_HANDLE handle, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
1493 {
1494 struct object *object = handle;
1495
1496 TRACE( "%p, %s, %p, %u, %08x\n", handle, debugstr_w(prop), value, size, flags );
1497
1498 if (!object) return STATUS_INVALID_HANDLE;
1499
1500 switch (object->magic)
1501 {
1502 case MAGIC_ALG:
1503 {
1504 struct algorithm *alg = (struct algorithm *)object;
1505 return set_alg_property( alg, prop, value, size, flags );
1506 }
1507 case MAGIC_KEY:
1508 {
1509 struct key *key = (struct key *)object;
1510 return set_key_property( key, prop, value, size, flags );
1511 }
1512 default:
1513 WARN( "unknown magic %08x\n", object->magic );
1514 return STATUS_INVALID_HANDLE;
1515 }
1516 }
1517
1518 BOOL WINAPI DllMain( HINSTANCE hinst, DWORD reason, LPVOID reserved )
1519 {
1520 switch (reason)
1521 {
1522 case DLL_PROCESS_ATTACH:
1523 instance = hinst;
1524 DisableThreadLibraryCalls( hinst );
1525 #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
1526 gnutls_initialize();
1527 #endif
1528 break;
1529
1530 case DLL_PROCESS_DETACH:
1531 if (reserved) break;
1532 #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
1533 gnutls_uninitialize();
1534 #endif
1535 break;
1536 }
1537 return TRUE;
1538 }
Windows API implementation