2 * Copyright 2009 Henri Verbeet for CodeWeavers
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
24 #define WIN32_NO_STATUS
32 #include "wine/debug.h"
33 #include "bcrypt_internal.h"
35 WINE_DEFAULT_DEBUG_CHANNEL(bcrypt
);
37 #define UNIX_CALL( func, params ) WINE_UNIX_CALL( unix_ ## func, params )
40 NTSTATUS WINAPI
BCryptAddContextFunction( ULONG table
, const WCHAR
*ctx
, ULONG iface
, const WCHAR
*func
, ULONG pos
)
42 FIXME( "%#lx, %s, %#lx, %s, %lu: stub\n", table
, debugstr_w(ctx
), iface
, debugstr_w(func
), pos
);
43 return STATUS_SUCCESS
;
46 NTSTATUS WINAPI
BCryptAddContextFunctionProvider( ULONG table
, const WCHAR
*ctx
, ULONG iface
, const WCHAR
*func
,
47 const WCHAR
*provider
, ULONG pos
)
49 FIXME( "%#lx, %s, %#lx, %s, %s, %lu: stub\n", table
, debugstr_w(ctx
), iface
, debugstr_w(func
),
50 debugstr_w(provider
), pos
);
51 return STATUS_SUCCESS
;
54 NTSTATUS WINAPI
BCryptRemoveContextFunction( ULONG table
, const WCHAR
*ctx
, ULONG iface
, const WCHAR
*func
)
56 FIXME( "%#lx, %s, %#lx, %s: stub\n", table
, debugstr_w(ctx
), iface
, debugstr_w(func
) );
57 return STATUS_NOT_IMPLEMENTED
;
60 NTSTATUS WINAPI
BCryptRemoveContextFunctionProvider( ULONG table
, const WCHAR
*ctx
, ULONG iface
, const WCHAR
*func
,
61 const WCHAR
*provider
)
63 FIXME( "%#lx, %s, %#lx, %s, %s: stub\n", table
, debugstr_w(ctx
), iface
, debugstr_w(func
), debugstr_w(provider
) );
64 return STATUS_NOT_IMPLEMENTED
;
67 NTSTATUS WINAPI
BCryptEnumContextFunctions( ULONG table
, const WCHAR
*ctx
, ULONG iface
, ULONG
*buflen
,
68 CRYPT_CONTEXT_FUNCTIONS
**buffer
)
70 FIXME( "%#lx, %s, %#lx, %p, %p\n", table
, debugstr_w(ctx
), iface
, buflen
, buffer
);
71 return STATUS_NOT_IMPLEMENTED
;
74 void WINAPI
BCryptFreeBuffer( void *buffer
)
79 NTSTATUS WINAPI
BCryptRegisterProvider( const WCHAR
*provider
, ULONG flags
, CRYPT_PROVIDER_REG
*reg
)
81 FIXME( "%s, %#lx, %p: stub\n", debugstr_w(provider
), flags
, reg
);
82 return STATUS_SUCCESS
;
85 NTSTATUS WINAPI
BCryptUnregisterProvider( const WCHAR
*provider
)
87 FIXME( "%s: stub\n", debugstr_w(provider
) );
88 return STATUS_NOT_IMPLEMENTED
;
91 #define MAX_HASH_OUTPUT_BYTES 64
92 #define MAX_HASH_BLOCK_BITS 1024
94 /* ordered by class, keep in sync with enum alg_id */
103 builtin_algorithms
[] =
105 { BCRYPT_3DES_ALGORITHM
, BCRYPT_CIPHER_INTERFACE
, 522, 0, 0 },
106 { BCRYPT_AES_ALGORITHM
, BCRYPT_CIPHER_INTERFACE
, 654, 0, 0 },
107 { BCRYPT_RC4_ALGORITHM
, BCRYPT_CIPHER_INTERFACE
, 654, 0, 0 },
108 { BCRYPT_SHA256_ALGORITHM
, BCRYPT_HASH_INTERFACE
, 286, 32, 512 },
109 { BCRYPT_SHA384_ALGORITHM
, BCRYPT_HASH_INTERFACE
, 382, 48, 1024 },
110 { BCRYPT_SHA512_ALGORITHM
, BCRYPT_HASH_INTERFACE
, 382, 64, 1024 },
111 { BCRYPT_SHA1_ALGORITHM
, BCRYPT_HASH_INTERFACE
, 278, 20, 512 },
112 { BCRYPT_MD5_ALGORITHM
, BCRYPT_HASH_INTERFACE
, 274, 16, 512 },
113 { BCRYPT_MD4_ALGORITHM
, BCRYPT_HASH_INTERFACE
, 270, 16, 512 },
114 { BCRYPT_MD2_ALGORITHM
, BCRYPT_HASH_INTERFACE
, 270, 16, 128 },
115 { BCRYPT_RSA_ALGORITHM
, BCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE
, 0, 0, 0 },
116 { BCRYPT_ECDH_P256_ALGORITHM
, BCRYPT_SECRET_AGREEMENT_INTERFACE
, 0, 0, 0 },
117 { BCRYPT_ECDH_P384_ALGORITHM
, BCRYPT_SECRET_AGREEMENT_INTERFACE
, 0, 0, 0 },
118 { BCRYPT_RSA_SIGN_ALGORITHM
, BCRYPT_SIGNATURE_INTERFACE
, 0, 0, 0 },
119 { BCRYPT_ECDSA_P256_ALGORITHM
, BCRYPT_SIGNATURE_INTERFACE
, 0, 0, 0 },
120 { BCRYPT_ECDSA_P384_ALGORITHM
, BCRYPT_SIGNATURE_INTERFACE
, 0, 0, 0 },
121 { BCRYPT_DSA_ALGORITHM
, BCRYPT_SIGNATURE_INTERFACE
, 0, 0, 0 },
122 { BCRYPT_RNG_ALGORITHM
, BCRYPT_RNG_INTERFACE
, 0, 0, 0 },
125 static inline BOOL
is_symmetric_key( struct key
*key
)
127 return builtin_algorithms
[key
->alg_id
].class == BCRYPT_CIPHER_INTERFACE
;
130 static inline BOOL
is_asymmetric_encryption_key( struct key
*key
)
132 return builtin_algorithms
[key
->alg_id
].class == BCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE
;
135 static inline BOOL
is_agreement_key( struct key
*key
)
137 return builtin_algorithms
[key
->alg_id
].class == BCRYPT_SECRET_AGREEMENT_INTERFACE
;
140 static inline BOOL
is_signature_key( struct key
*key
)
142 return builtin_algorithms
[key
->alg_id
].class == BCRYPT_SIGNATURE_INTERFACE
|| key
->alg_id
== ALG_ID_RSA
;
145 static BOOL
match_operation_type( ULONG type
, ULONG
class )
147 if (!type
) return TRUE
;
150 case BCRYPT_CIPHER_INTERFACE
: return type
& BCRYPT_CIPHER_OPERATION
;
151 case BCRYPT_HASH_INTERFACE
: return type
& BCRYPT_HASH_OPERATION
;
152 case BCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE
: return type
& BCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION
;
153 case BCRYPT_SECRET_AGREEMENT_INTERFACE
: return type
& BCRYPT_SECRET_AGREEMENT_OPERATION
;
154 case BCRYPT_SIGNATURE_INTERFACE
: return type
& BCRYPT_SIGNATURE_OPERATION
;
155 case BCRYPT_RNG_INTERFACE
: return type
& BCRYPT_RNG_OPERATION
;
161 NTSTATUS WINAPI
BCryptEnumAlgorithms( ULONG type
, ULONG
*ret_count
, BCRYPT_ALGORITHM_IDENTIFIER
**ret_list
, ULONG flags
)
163 static const ULONG supported
= BCRYPT_CIPHER_OPERATION
|\
164 BCRYPT_HASH_OPERATION
|\
165 BCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION
|\
166 BCRYPT_SECRET_AGREEMENT_OPERATION
|\
167 BCRYPT_SIGNATURE_OPERATION
|\
168 BCRYPT_RNG_OPERATION
;
169 BCRYPT_ALGORITHM_IDENTIFIER
*list
;
170 ULONG i
, j
, count
= 0;
172 TRACE( "%#lx, %p, %p, %#lx\n", type
, ret_count
, ret_list
, flags
);
174 if (!ret_count
|| !ret_list
|| (type
& ~supported
)) return STATUS_INVALID_PARAMETER
;
176 for (i
= 0; i
< ARRAY_SIZE( builtin_algorithms
); i
++)
178 if (match_operation_type( type
, builtin_algorithms
[i
].class )) count
++;
181 if (!(list
= malloc( count
* sizeof(*list
) ))) return STATUS_NO_MEMORY
;
183 for (i
= 0, j
= 0; i
< ARRAY_SIZE( builtin_algorithms
); i
++)
185 if (!match_operation_type( type
, builtin_algorithms
[i
].class )) continue;
186 list
[j
].pszName
= (WCHAR
*)builtin_algorithms
[i
].name
;
187 list
[j
].dwClass
= builtin_algorithms
[i
].class;
194 return STATUS_SUCCESS
;
197 static const struct algorithm pseudo_algorithms
[] =
199 {{ MAGIC_ALG
}, ALG_ID_MD2
},
200 {{ MAGIC_ALG
}, ALG_ID_MD4
},
201 {{ MAGIC_ALG
}, ALG_ID_MD5
},
202 {{ MAGIC_ALG
}, ALG_ID_SHA1
},
203 {{ MAGIC_ALG
}, ALG_ID_SHA256
},
204 {{ MAGIC_ALG
}, ALG_ID_SHA384
},
205 {{ MAGIC_ALG
}, ALG_ID_SHA512
},
206 {{ MAGIC_ALG
}, ALG_ID_RC4
},
207 {{ MAGIC_ALG
}, ALG_ID_RNG
},
208 {{ MAGIC_ALG
}, ALG_ID_MD5
, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG
},
209 {{ MAGIC_ALG
}, ALG_ID_SHA1
, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG
},
210 {{ MAGIC_ALG
}, ALG_ID_SHA256
, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG
},
211 {{ MAGIC_ALG
}, ALG_ID_SHA384
, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG
},
212 {{ MAGIC_ALG
}, ALG_ID_SHA512
, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG
},
213 {{ MAGIC_ALG
}, ALG_ID_RSA
},
215 {{ 0 }}, /* AES_CMAC */
216 {{ 0 }}, /* AES_GMAC */
217 {{ MAGIC_ALG
}, ALG_ID_MD2
, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG
},
218 {{ MAGIC_ALG
}, ALG_ID_MD4
, 0, BCRYPT_ALG_HANDLE_HMAC_FLAG
},
219 {{ MAGIC_ALG
}, ALG_ID_3DES
, CHAIN_MODE_CBC
},
220 {{ MAGIC_ALG
}, ALG_ID_3DES
, CHAIN_MODE_ECB
},
221 {{ MAGIC_ALG
}, ALG_ID_3DES
, CHAIN_MODE_CFB
},
222 {{ 0 }}, /* 3DES_112_CBC */
223 {{ 0 }}, /* 3DES_112_ECB */
224 {{ 0 }}, /* 3DES_112_CFB */
225 {{ MAGIC_ALG
}, ALG_ID_AES
, CHAIN_MODE_CBC
},
226 {{ MAGIC_ALG
}, ALG_ID_AES
, CHAIN_MODE_ECB
},
227 {{ MAGIC_ALG
}, ALG_ID_AES
, CHAIN_MODE_CFB
},
228 {{ MAGIC_ALG
}, ALG_ID_AES
, CHAIN_MODE_CCM
},
229 {{ MAGIC_ALG
}, ALG_ID_AES
, CHAIN_MODE_GCM
},
230 {{ 0 }}, /* DES_CBC */
231 {{ 0 }}, /* DES_ECB */
232 {{ 0 }}, /* DES_CFB */
233 {{ 0 }}, /* DESX_CBC */
234 {{ 0 }}, /* DESX_ECB */
235 {{ 0 }}, /* DESX_CFB */
236 {{ 0 }}, /* RC2_CBC */
237 {{ 0 }}, /* RC2_ECB */
238 {{ 0 }}, /* RC2_CFB */
241 {{ MAGIC_ALG
}, ALG_ID_ECDH_P256
},
242 {{ MAGIC_ALG
}, ALG_ID_ECDH_P384
},
243 {{ 0 }}, /* ECDH_P512 */
244 {{ MAGIC_ALG
}, ALG_ID_DSA
},
245 {{ MAGIC_ALG
}, ALG_ID_ECDSA_P256
},
246 {{ MAGIC_ALG
}, ALG_ID_ECDSA_P384
},
247 {{ 0 }}, /* ECDSA_P512 */
248 {{ MAGIC_ALG
}, ALG_ID_RSA_SIGN
},
251 /* Algorithm pseudo-handles are denoted by having the lowest bit set.
252 * An aligned algorithm pointer will never have this bit set.
254 static inline BOOL
is_alg_pseudo_handle( BCRYPT_ALG_HANDLE handle
)
256 return (((ULONG_PTR
)handle
& 1) == 1);
259 static struct object
*get_object( BCRYPT_HANDLE handle
, ULONG magic
)
263 if (!handle
) return NULL
;
265 if (!is_alg_pseudo_handle( handle
))
267 struct object
*obj
= handle
;
268 if (magic
&& obj
->magic
!= magic
) return NULL
;
272 idx
= (ULONG_PTR
)handle
>> 4;
273 if (idx
> ARRAY_SIZE(pseudo_algorithms
) || !pseudo_algorithms
[idx
].hdr
.magic
)
275 FIXME( "pseudo-handle %p not supported\n", handle
);
278 return (struct object
*)&pseudo_algorithms
[idx
];
281 static inline struct algorithm
*get_alg_object( BCRYPT_ALG_HANDLE handle
)
283 return (struct algorithm
*)get_object( handle
, MAGIC_ALG
);
286 static inline struct hash
*get_hash_object( BCRYPT_HASH_HANDLE handle
)
288 return (struct hash
*)get_object( handle
, MAGIC_HASH
);
291 static inline struct key
*get_key_object( BCRYPT_KEY_HANDLE handle
)
293 return (struct key
*)get_object( handle
, MAGIC_KEY
);
296 static inline struct secret
*get_secret_object( BCRYPT_SECRET_HANDLE handle
)
298 return (struct secret
*)get_object( handle
, MAGIC_SECRET
);
301 NTSTATUS WINAPI
BCryptGenRandom( BCRYPT_ALG_HANDLE handle
, UCHAR
*buffer
, ULONG count
, ULONG flags
)
303 const DWORD supported_flags
= BCRYPT_USE_SYSTEM_PREFERRED_RNG
;
304 struct algorithm
*alg
= get_alg_object( handle
);
306 TRACE("%p, %p, %lu, %#lx - semi-stub\n", handle
, buffer
, count
, flags
);
310 /* It's valid to call without an algorithm if BCRYPT_USE_SYSTEM_PREFERRED_RNG
311 * is set. In this case the preferred system RNG is used.
313 if (!(flags
& BCRYPT_USE_SYSTEM_PREFERRED_RNG
))
314 return STATUS_INVALID_HANDLE
;
316 else if (is_alg_pseudo_handle( handle
) && handle
!= BCRYPT_RNG_ALG_HANDLE
)
318 FIXME( "pseudo-handle %p not supported\n", handle
);
319 return STATUS_NOT_IMPLEMENTED
;
321 else if (!alg
|| alg
->id
!= ALG_ID_RNG
)
322 return STATUS_INVALID_HANDLE
;
325 return STATUS_INVALID_PARAMETER
;
327 if (flags
& ~supported_flags
)
328 FIXME("unsupported flags %#lx\n", flags
& ~supported_flags
);
331 FIXME("ignoring selected algorithm\n");
333 /* When zero bytes are requested the function returns success too. */
335 return STATUS_SUCCESS
;
337 if (alg
|| (flags
& BCRYPT_USE_SYSTEM_PREFERRED_RNG
))
339 if (RtlGenRandom(buffer
, count
)) return STATUS_SUCCESS
;
342 FIXME("called with unsupported parameters, returning error\n");
343 return STATUS_NOT_IMPLEMENTED
;
346 static struct algorithm
*create_algorithm( enum alg_id id
, enum chain_mode mode
, DWORD flags
)
348 struct algorithm
*ret
;
349 if (!(ret
= calloc( 1, sizeof(*ret
) ))) return NULL
;
350 ret
->hdr
.magic
= MAGIC_ALG
;
357 NTSTATUS WINAPI
BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE
*handle
, const WCHAR
*id
, const WCHAR
*implementation
,
360 const DWORD supported_flags
= BCRYPT_ALG_HANDLE_HMAC_FLAG
| BCRYPT_HASH_REUSABLE_FLAG
;
361 struct algorithm
*alg
;
365 TRACE( "%p, %s, %s, %#lx\n", handle
, wine_dbgstr_w(id
), wine_dbgstr_w(implementation
), flags
);
367 if (!handle
|| !id
) return STATUS_INVALID_PARAMETER
;
368 if (flags
& ~supported_flags
)
370 FIXME( "unsupported flags %#lx\n", flags
& ~supported_flags
);
371 return STATUS_NOT_IMPLEMENTED
;
374 for (i
= 0; i
< ARRAY_SIZE( builtin_algorithms
); i
++)
376 if (!wcscmp( id
, builtin_algorithms
[i
].name
))
382 if (i
== ARRAY_SIZE( builtin_algorithms
))
384 FIXME( "algorithm %s not supported\n", debugstr_w(id
) );
385 return STATUS_NOT_IMPLEMENTED
;
388 if (implementation
&& wcscmp( implementation
, MS_PRIMITIVE_PROVIDER
))
390 FIXME( "implementation %s not supported\n", debugstr_w(implementation
) );
391 return STATUS_NOT_IMPLEMENTED
;
394 if (!(alg
= create_algorithm( alg_id
, 0, flags
))) return STATUS_NO_MEMORY
;
396 return STATUS_SUCCESS
;
399 static void destroy_object( struct object
*obj
)
401 SecureZeroMemory( &obj
->magic
, sizeof(obj
->magic
) );
405 NTSTATUS WINAPI
BCryptCloseAlgorithmProvider( BCRYPT_ALG_HANDLE handle
, DWORD flags
)
407 struct algorithm
*alg
= handle
;
409 TRACE( "%p, %#lx\n", handle
, flags
);
411 if (!handle
|| is_alg_pseudo_handle( handle
) || alg
->hdr
.magic
!= MAGIC_ALG
) return STATUS_INVALID_HANDLE
;
412 destroy_object( &alg
->hdr
);
413 return STATUS_SUCCESS
;
416 NTSTATUS WINAPI
BCryptGetFipsAlgorithmMode(BOOLEAN
*enabled
)
418 FIXME("%p - semi-stub\n", enabled
);
421 return STATUS_INVALID_PARAMETER
;
424 return STATUS_SUCCESS
;
440 static NTSTATUS
hash_init( struct hash_impl
*hash
, enum alg_id alg_id
)
445 md2_init( &hash
->u
.md2
);
449 MD4Init( &hash
->u
.md4
);
453 MD5Init( &hash
->u
.md5
);
457 A_SHAInit( &hash
->u
.sha1
);
461 sha256_init( &hash
->u
.sha256
);
465 sha384_init( &hash
->u
.sha512
);
469 sha512_init( &hash
->u
.sha512
);
473 ERR( "unhandled id %u\n", alg_id
);
474 return STATUS_NOT_IMPLEMENTED
;
476 return STATUS_SUCCESS
;
479 static NTSTATUS
hash_update( struct hash_impl
*hash
, enum alg_id alg_id
, UCHAR
*input
, ULONG size
)
484 md2_update( &hash
->u
.md2
, input
, size
);
488 MD4Update( &hash
->u
.md4
, input
, size
);
492 MD5Update( &hash
->u
.md5
, input
, size
);
496 A_SHAUpdate( &hash
->u
.sha1
, input
, size
);
500 sha256_update( &hash
->u
.sha256
, input
, size
);
504 sha384_update( &hash
->u
.sha512
, input
, size
);
508 sha512_update( &hash
->u
.sha512
, input
, size
);
512 ERR( "unhandled id %u\n", alg_id
);
513 return STATUS_NOT_IMPLEMENTED
;
515 return STATUS_SUCCESS
;
518 static NTSTATUS
hash_finish( struct hash_impl
*hash
, enum alg_id alg_id
, UCHAR
*output
)
523 md2_finalize( &hash
->u
.md2
, output
);
527 MD4Final( &hash
->u
.md4
);
528 memcpy( output
, hash
->u
.md4
.digest
, 16 );
532 MD5Final( &hash
->u
.md5
);
533 memcpy( output
, hash
->u
.md5
.digest
, 16 );
537 A_SHAFinal( &hash
->u
.sha1
, (ULONG
*)output
);
541 sha256_finalize( &hash
->u
.sha256
, output
);
545 sha384_finalize( &hash
->u
.sha512
, output
);
549 sha512_finalize( &hash
->u
.sha512
, output
);
553 ERR( "unhandled id %u\n", alg_id
);
554 return STATUS_NOT_IMPLEMENTED
;
556 return STATUS_SUCCESS
;
559 #define HASH_FLAG_HMAC 0x01
560 #define HASH_FLAG_REUSABLE 0x02
568 struct hash_impl outer
;
569 struct hash_impl inner
;
572 #define BLOCK_LENGTH_RC4 1
573 #define BLOCK_LENGTH_3DES 8
574 #define BLOCK_LENGTH_AES 16
576 static NTSTATUS
generic_alg_property( enum alg_id id
, const WCHAR
*prop
, UCHAR
*buf
, ULONG size
, ULONG
*ret_size
)
578 if (!wcscmp( prop
, BCRYPT_OBJECT_LENGTH
))
580 if (!builtin_algorithms
[id
].object_length
)
581 return STATUS_NOT_SUPPORTED
;
582 *ret_size
= sizeof(ULONG
);
583 if (size
< sizeof(ULONG
))
584 return STATUS_BUFFER_TOO_SMALL
;
586 *(ULONG
*)buf
= builtin_algorithms
[id
].object_length
;
587 return STATUS_SUCCESS
;
590 if (!wcscmp( prop
, BCRYPT_HASH_LENGTH
))
592 if (!builtin_algorithms
[id
].hash_length
)
593 return STATUS_NOT_SUPPORTED
;
594 *ret_size
= sizeof(ULONG
);
595 if (size
< sizeof(ULONG
))
596 return STATUS_BUFFER_TOO_SMALL
;
598 *(ULONG
*)buf
= builtin_algorithms
[id
].hash_length
;
599 return STATUS_SUCCESS
;
602 if (!wcscmp( prop
, BCRYPT_ALGORITHM_NAME
))
604 *ret_size
= (lstrlenW(builtin_algorithms
[id
].name
) + 1) * sizeof(WCHAR
);
605 if (size
< *ret_size
)
606 return STATUS_BUFFER_TOO_SMALL
;
608 memcpy(buf
, builtin_algorithms
[id
].name
, *ret_size
);
609 return STATUS_SUCCESS
;
612 return STATUS_NOT_IMPLEMENTED
;
615 static NTSTATUS
get_3des_property( enum chain_mode mode
, const WCHAR
*prop
, UCHAR
*buf
, ULONG size
, ULONG
*ret_size
)
617 if (!wcscmp( prop
, BCRYPT_BLOCK_LENGTH
))
619 *ret_size
= sizeof(ULONG
);
620 if (size
< sizeof(ULONG
)) return STATUS_BUFFER_TOO_SMALL
;
621 if (buf
) *(ULONG
*)buf
= BLOCK_LENGTH_3DES
;
622 return STATUS_SUCCESS
;
624 if (!wcscmp( prop
, BCRYPT_CHAINING_MODE
))
629 case CHAIN_MODE_CBC
: str
= BCRYPT_CHAIN_MODE_CBC
; break;
630 default: return STATUS_NOT_IMPLEMENTED
;
634 if (size
< *ret_size
) return STATUS_BUFFER_TOO_SMALL
;
635 memcpy( buf
, str
, (lstrlenW(str
) + 1) * sizeof(WCHAR
) );
636 return STATUS_SUCCESS
;
638 if (!wcscmp( prop
, BCRYPT_KEY_LENGTHS
))
640 BCRYPT_KEY_LENGTHS_STRUCT
*key_lengths
= (void *)buf
;
641 *ret_size
= sizeof(*key_lengths
);
642 if (key_lengths
&& size
< *ret_size
) return STATUS_BUFFER_TOO_SMALL
;
645 key_lengths
->dwMinLength
= 192;
646 key_lengths
->dwMaxLength
= 192;
647 key_lengths
->dwIncrement
= 0;
649 return STATUS_SUCCESS
;
651 FIXME( "unsupported property %s\n", debugstr_w(prop
) );
652 return STATUS_NOT_IMPLEMENTED
;
655 static NTSTATUS
get_aes_property( enum chain_mode mode
, const WCHAR
*prop
, UCHAR
*buf
, ULONG size
, ULONG
*ret_size
)
657 if (!wcscmp( prop
, BCRYPT_BLOCK_LENGTH
))
659 *ret_size
= sizeof(ULONG
);
660 if (size
< sizeof(ULONG
)) return STATUS_BUFFER_TOO_SMALL
;
661 if (buf
) *(ULONG
*)buf
= BLOCK_LENGTH_AES
;
662 return STATUS_SUCCESS
;
664 if (!wcscmp( prop
, BCRYPT_CHAINING_MODE
))
669 case CHAIN_MODE_ECB
: str
= BCRYPT_CHAIN_MODE_ECB
; break;
670 case CHAIN_MODE_CBC
: str
= BCRYPT_CHAIN_MODE_CBC
; break;
671 case CHAIN_MODE_GCM
: str
= BCRYPT_CHAIN_MODE_GCM
; break;
672 case CHAIN_MODE_CFB
: str
= BCRYPT_CHAIN_MODE_CFB
; break;
673 default: return STATUS_NOT_IMPLEMENTED
;
677 if (size
< *ret_size
) return STATUS_BUFFER_TOO_SMALL
;
678 memcpy( buf
, str
, (lstrlenW(str
) + 1) * sizeof(WCHAR
) );
679 return STATUS_SUCCESS
;
681 if (!wcscmp( prop
, BCRYPT_KEY_LENGTHS
))
683 BCRYPT_KEY_LENGTHS_STRUCT
*key_lengths
= (void *)buf
;
684 *ret_size
= sizeof(*key_lengths
);
685 if (key_lengths
&& size
< *ret_size
) return STATUS_BUFFER_TOO_SMALL
;
688 key_lengths
->dwMinLength
= 128;
689 key_lengths
->dwMaxLength
= 256;
690 key_lengths
->dwIncrement
= 64;
692 return STATUS_SUCCESS
;
694 if (!wcscmp( prop
, BCRYPT_AUTH_TAG_LENGTH
))
696 BCRYPT_AUTH_TAG_LENGTHS_STRUCT
*tag_length
= (void *)buf
;
697 if (mode
!= CHAIN_MODE_GCM
) return STATUS_NOT_SUPPORTED
;
698 *ret_size
= sizeof(*tag_length
);
699 if (tag_length
&& size
< *ret_size
) return STATUS_BUFFER_TOO_SMALL
;
702 tag_length
->dwMinLength
= 12;
703 tag_length
->dwMaxLength
= 16;
704 tag_length
->dwIncrement
= 1;
706 return STATUS_SUCCESS
;
709 FIXME( "unsupported property %s\n", debugstr_w(prop
) );
710 return STATUS_NOT_IMPLEMENTED
;
713 static NTSTATUS
get_rc4_property( enum chain_mode mode
, const WCHAR
*prop
, UCHAR
*buf
, ULONG size
, ULONG
*ret_size
)
715 if (!wcscmp( prop
, BCRYPT_BLOCK_LENGTH
))
717 *ret_size
= sizeof(ULONG
);
718 if (size
< sizeof(ULONG
)) return STATUS_BUFFER_TOO_SMALL
;
719 if (buf
) *(ULONG
*)buf
= BLOCK_LENGTH_RC4
;
720 return STATUS_SUCCESS
;
723 FIXME( "unsupported property %s\n", debugstr_w(prop
) );
724 return STATUS_NOT_IMPLEMENTED
;
727 static NTSTATUS
get_rsa_property( enum chain_mode mode
, const WCHAR
*prop
, UCHAR
*buf
, ULONG size
, ULONG
*ret_size
)
729 if (!wcscmp( prop
, BCRYPT_PADDING_SCHEMES
))
731 *ret_size
= sizeof(ULONG
);
732 if (size
< sizeof(ULONG
)) return STATUS_BUFFER_TOO_SMALL
;
733 if (buf
) *(ULONG
*)buf
= BCRYPT_SUPPORTED_PAD_PKCS1_SIG
;
734 return STATUS_SUCCESS
;
737 FIXME( "unsupported property %s\n", debugstr_w(prop
) );
738 return STATUS_NOT_IMPLEMENTED
;
741 static NTSTATUS
get_dsa_property( enum chain_mode mode
, const WCHAR
*prop
, UCHAR
*buf
, ULONG size
, ULONG
*ret_size
)
743 if (!wcscmp( prop
, BCRYPT_PADDING_SCHEMES
)) return STATUS_NOT_SUPPORTED
;
744 FIXME( "unsupported property %s\n", debugstr_w(prop
) );
745 return STATUS_NOT_IMPLEMENTED
;
748 static NTSTATUS
get_alg_property( const struct algorithm
*alg
, const WCHAR
*prop
, UCHAR
*buf
, ULONG size
,
753 status
= generic_alg_property( alg
->id
, prop
, buf
, size
, ret_size
);
754 if (status
!= STATUS_NOT_IMPLEMENTED
)
760 return get_3des_property( alg
->mode
, prop
, buf
, size
, ret_size
);
763 return get_aes_property( alg
->mode
, prop
, buf
, size
, ret_size
);
766 return get_rc4_property( alg
->mode
, prop
, buf
, size
, ret_size
);
769 return get_rsa_property( alg
->mode
, prop
, buf
, size
, ret_size
);
772 return get_dsa_property( alg
->mode
, prop
, buf
, size
, ret_size
);
778 FIXME( "unsupported property %s algorithm %u\n", debugstr_w(prop
), alg
->id
);
779 return STATUS_NOT_IMPLEMENTED
;
782 static NTSTATUS
set_alg_property( struct algorithm
*alg
, const WCHAR
*prop
, UCHAR
*value
, ULONG size
, ULONG flags
)
787 if (!wcscmp( prop
, BCRYPT_CHAINING_MODE
))
789 if (!wcscmp( (WCHAR
*)value
, BCRYPT_CHAIN_MODE_CBC
))
791 alg
->mode
= CHAIN_MODE_CBC
;
792 return STATUS_SUCCESS
;
796 FIXME( "unsupported mode %s\n", debugstr_w((WCHAR
*)value
) );
797 return STATUS_NOT_SUPPORTED
;
800 FIXME( "unsupported 3des algorithm property %s\n", debugstr_w(prop
) );
801 return STATUS_NOT_IMPLEMENTED
;
804 if (!wcscmp( prop
, BCRYPT_CHAINING_MODE
))
806 if (!wcscmp( (WCHAR
*)value
, BCRYPT_CHAIN_MODE_ECB
))
808 alg
->mode
= CHAIN_MODE_ECB
;
809 return STATUS_SUCCESS
;
811 else if (!wcscmp( (WCHAR
*)value
, BCRYPT_CHAIN_MODE_CBC
))
813 alg
->mode
= CHAIN_MODE_CBC
;
814 return STATUS_SUCCESS
;
816 else if (!wcscmp( (WCHAR
*)value
, BCRYPT_CHAIN_MODE_GCM
))
818 alg
->mode
= CHAIN_MODE_GCM
;
819 return STATUS_SUCCESS
;
821 else if (!wcscmp( (WCHAR
*)value
, BCRYPT_CHAIN_MODE_CFB
))
823 alg
->mode
= CHAIN_MODE_CFB
;
824 return STATUS_SUCCESS
;
828 FIXME( "unsupported mode %s\n", debugstr_w((WCHAR
*)value
) );
829 return STATUS_NOT_IMPLEMENTED
;
832 FIXME( "unsupported aes algorithm property %s\n", debugstr_w(prop
) );
833 return STATUS_NOT_IMPLEMENTED
;
836 if (!wcscmp( prop
, BCRYPT_CHAINING_MODE
))
838 if (!wcscmp( (WCHAR
*)value
, BCRYPT_CHAIN_MODE_NA
)) return STATUS_SUCCESS
;
840 FIXME( "unsupported mode %s\n", debugstr_w((WCHAR
*)value
) );
841 return STATUS_NOT_IMPLEMENTED
;
843 FIXME( "unsupported rc4 algorithm property %s\n", debugstr_w(prop
) );
844 return STATUS_NOT_IMPLEMENTED
;
847 FIXME( "unsupported algorithm %u\n", alg
->id
);
848 return STATUS_NOT_IMPLEMENTED
;
852 static NTSTATUS
set_key_property( struct key
*key
, const WCHAR
*prop
, UCHAR
*value
, ULONG size
, ULONG flags
)
854 if (!wcscmp( prop
, BCRYPT_CHAINING_MODE
))
856 if (!wcscmp( (WCHAR
*)value
, BCRYPT_CHAIN_MODE_ECB
))
858 key
->u
.s
.mode
= CHAIN_MODE_ECB
;
859 return STATUS_SUCCESS
;
861 else if (!wcscmp( (WCHAR
*)value
, BCRYPT_CHAIN_MODE_CBC
))
863 key
->u
.s
.mode
= CHAIN_MODE_CBC
;
864 return STATUS_SUCCESS
;
866 else if (!wcscmp( (WCHAR
*)value
, BCRYPT_CHAIN_MODE_GCM
))
868 key
->u
.s
.mode
= CHAIN_MODE_GCM
;
869 return STATUS_SUCCESS
;
871 else if (!wcscmp( (WCHAR
*)value
, BCRYPT_CHAIN_MODE_CFB
))
873 key
->u
.s
.mode
= CHAIN_MODE_CFB
;
874 return STATUS_SUCCESS
;
878 FIXME( "unsupported mode %s\n", debugstr_w((WCHAR
*)value
) );
879 return STATUS_NOT_IMPLEMENTED
;
882 else if (!wcscmp( prop
, BCRYPT_KEY_LENGTH
))
884 if (size
< sizeof(DWORD
)) return STATUS_INVALID_PARAMETER
;
885 key
->u
.a
.bitlen
= *(DWORD
*)value
;
886 return STATUS_SUCCESS
;
889 FIXME( "unsupported key property %s\n", debugstr_w(prop
) );
890 return STATUS_NOT_IMPLEMENTED
;
893 static NTSTATUS
get_hash_property( const struct hash
*hash
, const WCHAR
*prop
, UCHAR
*buf
, ULONG size
, ULONG
*ret_size
)
897 status
= generic_alg_property( hash
->alg_id
, prop
, buf
, size
, ret_size
);
898 if (status
== STATUS_NOT_IMPLEMENTED
)
899 FIXME( "unsupported property %s\n", debugstr_w(prop
) );
903 static NTSTATUS
get_key_property( const struct key
*key
, const WCHAR
*prop
, UCHAR
*buf
, ULONG size
, ULONG
*ret_size
)
908 return get_3des_property( key
->u
.s
.mode
, prop
, buf
, size
, ret_size
);
911 if (!wcscmp( prop
, BCRYPT_AUTH_TAG_LENGTH
)) return STATUS_NOT_SUPPORTED
;
912 return get_aes_property( key
->u
.s
.mode
, prop
, buf
, size
, ret_size
);
915 FIXME( "unsupported algorithm %u\n", key
->alg_id
);
916 return STATUS_NOT_IMPLEMENTED
;
920 NTSTATUS WINAPI
BCryptGetProperty( BCRYPT_HANDLE handle
, const WCHAR
*prop
, UCHAR
*buffer
, ULONG count
, ULONG
*res
,
923 struct object
*object
= get_object( handle
, 0 );
925 TRACE( "%p, %s, %p, %lu, %p, %#lx\n", handle
, wine_dbgstr_w(prop
), buffer
, count
, res
, flags
);
927 if (!object
) return STATUS_INVALID_HANDLE
;
928 if (!prop
|| !res
) return STATUS_INVALID_PARAMETER
;
930 switch (object
->magic
)
934 const struct algorithm
*alg
= (const struct algorithm
*)object
;
935 return get_alg_property( alg
, prop
, buffer
, count
, res
);
939 const struct key
*key
= (const struct key
*)object
;
940 return get_key_property( key
, prop
, buffer
, count
, res
);
944 const struct hash
*hash
= (const struct hash
*)object
;
945 return get_hash_property( hash
, prop
, buffer
, count
, res
);
948 WARN( "unknown magic %#lx\n", object
->magic
);
949 return STATUS_INVALID_HANDLE
;
953 static NTSTATUS
hash_prepare( struct hash
*hash
)
955 UCHAR buffer
[MAX_HASH_BLOCK_BITS
/ 8] = {0};
959 /* initialize hash */
960 if ((status
= hash_init( &hash
->inner
, hash
->alg_id
))) return status
;
961 if (!(hash
->flags
& HASH_FLAG_HMAC
)) return STATUS_SUCCESS
;
963 /* initialize hmac */
964 if ((status
= hash_init( &hash
->outer
, hash
->alg_id
))) return status
;
965 block_bytes
= builtin_algorithms
[hash
->alg_id
].block_bits
/ 8;
966 if (hash
->secret_len
> block_bytes
)
968 struct hash_impl temp
;
969 if ((status
= hash_init( &temp
, hash
->alg_id
))) return status
;
970 if ((status
= hash_update( &temp
, hash
->alg_id
, hash
->secret
, hash
->secret_len
))) return status
;
971 if ((status
= hash_finish( &temp
, hash
->alg_id
, buffer
))) return status
;
973 else memcpy( buffer
, hash
->secret
, hash
->secret_len
);
975 for (i
= 0; i
< block_bytes
; i
++) buffer
[i
] ^= 0x5c;
976 if ((status
= hash_update( &hash
->outer
, hash
->alg_id
, buffer
, block_bytes
))) return status
;
977 for (i
= 0; i
< block_bytes
; i
++) buffer
[i
] ^= (0x5c ^ 0x36);
978 return hash_update( &hash
->inner
, hash
->alg_id
, buffer
, block_bytes
);
981 static NTSTATUS
hash_create( const struct algorithm
*alg
, UCHAR
*secret
, ULONG secret_len
, ULONG flags
,
982 struct hash
**ret_hash
)
987 if (!(hash
= calloc( 1, sizeof(*hash
) ))) return STATUS_NO_MEMORY
;
988 hash
->hdr
.magic
= MAGIC_HASH
;
989 hash
->alg_id
= alg
->id
;
990 if (alg
->flags
& BCRYPT_ALG_HANDLE_HMAC_FLAG
) hash
->flags
= HASH_FLAG_HMAC
;
991 if ((alg
->flags
& BCRYPT_HASH_REUSABLE_FLAG
) || (flags
& BCRYPT_HASH_REUSABLE_FLAG
))
992 hash
->flags
|= HASH_FLAG_REUSABLE
;
994 if (secret_len
&& !(hash
->secret
= malloc( secret_len
)))
997 return STATUS_NO_MEMORY
;
999 memcpy( hash
->secret
, secret
, secret_len
);
1000 hash
->secret_len
= secret_len
;
1002 if ((status
= hash_prepare( hash
)))
1004 free( hash
->secret
);
1010 return STATUS_SUCCESS
;
1013 NTSTATUS WINAPI
BCryptCreateHash( BCRYPT_ALG_HANDLE handle
, BCRYPT_HASH_HANDLE
*ret_handle
, UCHAR
*object
,
1014 ULONG object_len
, UCHAR
*secret
, ULONG secret_len
, ULONG flags
)
1016 struct algorithm
*alg
= get_alg_object( handle
);
1020 TRACE( "%p, %p, %p, %lu, %p, %lu, %#lx\n", handle
, ret_handle
, object
, object_len
, secret
, secret_len
, flags
);
1021 if (flags
& ~BCRYPT_HASH_REUSABLE_FLAG
)
1023 FIXME( "unimplemented flags %#lx\n", flags
);
1024 return STATUS_NOT_IMPLEMENTED
;
1026 if (object
) FIXME( "ignoring object buffer\n" );
1028 if (!alg
) return STATUS_INVALID_HANDLE
;
1029 if (!ret_handle
) return STATUS_INVALID_PARAMETER
;
1031 if ((status
= hash_create( alg
, secret
, secret_len
, flags
, &hash
))) return status
;
1033 return STATUS_SUCCESS
;
1036 NTSTATUS WINAPI
BCryptDuplicateHash( BCRYPT_HASH_HANDLE handle
, BCRYPT_HASH_HANDLE
*handle_copy
,
1037 UCHAR
*object
, ULONG objectlen
, ULONG flags
)
1039 struct hash
*hash_orig
= get_hash_object( handle
);
1040 struct hash
*hash_copy
;
1042 TRACE( "%p, %p, %p, %lu, %#lx\n", handle
, handle_copy
, object
, objectlen
, flags
);
1044 if (!hash_orig
) return STATUS_INVALID_HANDLE
;
1045 if (!handle_copy
) return STATUS_INVALID_PARAMETER
;
1046 if (object
) FIXME( "ignoring object buffer\n" );
1048 if (!(hash_copy
= malloc( sizeof(*hash_copy
) ))) return STATUS_NO_MEMORY
;
1050 memcpy( hash_copy
, hash_orig
, sizeof(*hash_orig
) );
1051 if (hash_orig
->secret
&& !(hash_copy
->secret
= malloc( hash_orig
->secret_len
)))
1054 return STATUS_NO_MEMORY
;
1056 memcpy( hash_copy
->secret
, hash_orig
->secret
, hash_orig
->secret_len
);
1058 *handle_copy
= hash_copy
;
1059 return STATUS_SUCCESS
;
1062 static void hash_destroy( struct hash
*hash
)
1065 free( hash
->secret
);
1066 destroy_object( &hash
->hdr
);
1069 NTSTATUS WINAPI
BCryptDestroyHash( BCRYPT_HASH_HANDLE handle
)
1071 struct hash
*hash
= get_hash_object( handle
);
1073 TRACE( "%p\n", handle
);
1075 if (!hash
) return STATUS_INVALID_PARAMETER
;
1076 hash_destroy( hash
);
1077 return STATUS_SUCCESS
;
1080 NTSTATUS WINAPI
BCryptHashData( BCRYPT_HASH_HANDLE handle
, UCHAR
*input
, ULONG size
, ULONG flags
)
1082 struct hash
*hash
= get_hash_object( handle
);
1084 TRACE( "%p, %p, %lu, %#lx\n", handle
, input
, size
, flags
);
1086 if (!hash
) return STATUS_INVALID_HANDLE
;
1087 if (!input
) return STATUS_SUCCESS
;
1089 return hash_update( &hash
->inner
, hash
->alg_id
, input
, size
);
1092 static NTSTATUS
hash_finalize( struct hash
*hash
, UCHAR
*output
)
1094 UCHAR buffer
[MAX_HASH_OUTPUT_BYTES
];
1095 ULONG hash_length
= builtin_algorithms
[hash
->alg_id
].hash_length
;
1098 if (!(hash
->flags
& HASH_FLAG_HMAC
))
1100 if ((status
= hash_finish( &hash
->inner
, hash
->alg_id
, output
))) return status
;
1101 if (hash
->flags
& HASH_FLAG_REUSABLE
) return hash_prepare( hash
);
1102 return STATUS_SUCCESS
;
1105 if ((status
= hash_finish( &hash
->inner
, hash
->alg_id
, buffer
))) return status
;
1106 if ((status
= hash_update( &hash
->outer
, hash
->alg_id
, buffer
, hash_length
))) return status
;
1107 if ((status
= hash_finish( &hash
->outer
, hash
->alg_id
, output
))) return status
;
1109 if (hash
->flags
& HASH_FLAG_REUSABLE
) return hash_prepare( hash
);
1110 return STATUS_SUCCESS
;
1113 NTSTATUS WINAPI
BCryptFinishHash( BCRYPT_HASH_HANDLE handle
, UCHAR
*output
, ULONG size
, ULONG flags
)
1115 struct hash
*hash
= get_hash_object( handle
);
1117 TRACE( "%p, %p, %lu, %#lx\n", handle
, output
, size
, flags
);
1119 if (!hash
) return STATUS_INVALID_HANDLE
;
1120 if (!output
|| size
!= builtin_algorithms
[hash
->alg_id
].hash_length
) return STATUS_INVALID_PARAMETER
;
1122 return hash_finalize( hash
, output
);
1125 NTSTATUS WINAPI
BCryptHash( BCRYPT_ALG_HANDLE handle
, UCHAR
*secret
, ULONG secret_len
,
1126 UCHAR
*input
, ULONG input_len
, UCHAR
*output
, ULONG output_len
)
1128 struct algorithm
*alg
= get_alg_object( handle
);
1132 TRACE( "%p, %p, %lu, %p, %lu, %p, %lu\n", handle
, secret
, secret_len
, input
, input_len
, output
, output_len
);
1134 if (!alg
) return STATUS_INVALID_HANDLE
;
1135 if (!output
) return STATUS_INVALID_PARAMETER
;
1137 if ((status
= hash_create( alg
, secret
, secret_len
, 0, &hash
))) return status
;
1138 if (output_len
!= builtin_algorithms
[hash
->alg_id
].hash_length
)
1140 hash_destroy( hash
);
1141 return STATUS_INVALID_PARAMETER
;
1143 if ((status
= hash_update( &hash
->inner
, hash
->alg_id
, input
, input_len
)))
1145 hash_destroy( hash
);
1148 status
= hash_finalize( hash
, output
);
1149 hash_destroy( hash
);
1153 static NTSTATUS
key_asymmetric_create( enum alg_id alg_id
, ULONG bitlen
, struct key
**ret_key
)
1157 if (!__wine_unixlib_handle
)
1159 ERR( "no encryption support\n" );
1160 return STATUS_NOT_IMPLEMENTED
;
1163 if (!(key
= calloc( 1, sizeof(*key
) ))) return STATUS_NO_MEMORY
;
1164 key
->hdr
.magic
= MAGIC_KEY
;
1165 key
->alg_id
= alg_id
;
1166 key
->u
.a
.bitlen
= bitlen
;
1169 return STATUS_SUCCESS
;
1172 static BOOL
is_equal_vector( const UCHAR
*vector
, ULONG len
, const UCHAR
*vector2
, ULONG len2
)
1174 if (!vector
&& !vector2
) return TRUE
;
1175 if (len
!= len2
) return FALSE
;
1176 return !memcmp( vector
, vector2
, len
);
1179 static NTSTATUS
key_symmetric_set_vector( struct key
*key
, UCHAR
*vector
, ULONG vector_len
, BOOL force_reset
)
1181 BOOL needs_reset
= force_reset
|| !is_equal_vector( key
->u
.s
.vector
, key
->u
.s
.vector_len
, vector
, vector_len
);
1184 free( key
->u
.s
.vector
);
1185 key
->u
.s
.vector
= NULL
;
1186 key
->u
.s
.vector_len
= 0;
1188 if (!(key
->u
.s
.vector
= malloc( vector_len
))) return STATUS_NO_MEMORY
;
1189 memcpy( key
->u
.s
.vector
, vector
, vector_len
);
1190 key
->u
.s
.vector_len
= vector_len
;
1192 if (needs_reset
) UNIX_CALL( key_symmetric_vector_reset
, key
);
1193 return STATUS_SUCCESS
;
1196 static struct key
*create_symmetric_key( enum alg_id alg
, enum chain_mode mode
, ULONG block_size
, UCHAR
*secret
,
1201 if (!(ret
= calloc( 1, sizeof(*ret
) ))) return NULL
;
1202 InitializeCriticalSection( &ret
->u
.s
.cs
);
1203 ret
->hdr
.magic
= MAGIC_KEY
;
1205 ret
->u
.s
.mode
= mode
;
1206 ret
->u
.s
.block_size
= block_size
;
1208 if (!(ret
->u
.s
.secret
= malloc( secret_len
)))
1210 DeleteCriticalSection( &ret
->u
.s
.cs
);
1214 memcpy( ret
->u
.s
.secret
, secret
, secret_len
);
1215 ret
->u
.s
.secret_len
= secret_len
;
1220 static ULONG
get_block_size( struct algorithm
*alg
)
1222 ULONG ret
= 0, size
= sizeof(ret
);
1223 get_alg_property( alg
, BCRYPT_BLOCK_LENGTH
, (UCHAR
*)&ret
, sizeof(ret
), &size
);
1227 static NTSTATUS
generate_symmetric_key( struct algorithm
*alg
, BCRYPT_KEY_HANDLE
*ret_handle
, UCHAR
*secret
,
1230 BCRYPT_KEY_LENGTHS_STRUCT key_lengths
;
1231 ULONG block_size
, size
;
1235 if (!(block_size
= get_block_size( alg
))) return STATUS_INVALID_PARAMETER
;
1236 if (!get_alg_property( alg
, BCRYPT_KEY_LENGTHS
, (UCHAR
*)&key_lengths
, sizeof(key_lengths
), &size
))
1238 if (secret_len
> (size
= key_lengths
.dwMaxLength
/ 8))
1240 WARN( "secret_len %lu exceeds key max length %lu, setting to maximum\n", secret_len
, size
);
1243 else if (secret_len
< (size
= key_lengths
.dwMinLength
/ 8))
1245 WARN( "secret_len %lu is less than minimum key length %lu\n", secret_len
, size
);
1246 return STATUS_INVALID_PARAMETER
;
1248 else if (key_lengths
.dwIncrement
&& (secret_len
* 8 - key_lengths
.dwMinLength
) % key_lengths
.dwIncrement
)
1250 WARN( "secret_len %lu is not a valid key length\n", secret_len
);
1251 return STATUS_INVALID_PARAMETER
;
1255 if (!(key
= create_symmetric_key( alg
->id
, alg
->mode
, block_size
, secret
, secret_len
))) status
= STATUS_NO_MEMORY
;
1259 status
= STATUS_SUCCESS
;
1265 static NTSTATUS
key_import( struct algorithm
*alg
, const WCHAR
*type
, BCRYPT_KEY_HANDLE
*key
, UCHAR
*object
,
1266 ULONG object_len
, UCHAR
*input
, ULONG input_len
)
1270 if (!wcscmp( type
, BCRYPT_KEY_DATA_BLOB
))
1272 BCRYPT_KEY_DATA_BLOB_HEADER
*header
= (BCRYPT_KEY_DATA_BLOB_HEADER
*)input
;
1274 if (input_len
< sizeof(BCRYPT_KEY_DATA_BLOB_HEADER
)) return STATUS_BUFFER_TOO_SMALL
;
1275 if (header
->dwMagic
!= BCRYPT_KEY_DATA_BLOB_MAGIC
) return STATUS_INVALID_PARAMETER
;
1276 if (header
->dwVersion
!= BCRYPT_KEY_DATA_BLOB_VERSION1
)
1278 FIXME( "unknown key data blob version %lu\n", header
->dwVersion
);
1279 return STATUS_INVALID_PARAMETER
;
1281 len
= header
->cbKeyData
;
1282 if (len
+ sizeof(BCRYPT_KEY_DATA_BLOB_HEADER
) > input_len
) return STATUS_INVALID_PARAMETER
;
1284 return generate_symmetric_key( alg
, key
, (UCHAR
*)&header
[1], len
);
1286 else if (!wcscmp( type
, BCRYPT_OPAQUE_KEY_BLOB
))
1288 if (input_len
< sizeof(len
)) return STATUS_BUFFER_TOO_SMALL
;
1289 len
= *(ULONG
*)input
;
1290 if (len
+ sizeof(len
) > input_len
) return STATUS_INVALID_PARAMETER
;
1292 return generate_symmetric_key( alg
, key
, input
+ sizeof(len
), len
);
1295 FIXME( "unsupported key type %s\n", debugstr_w(type
) );
1296 return STATUS_NOT_IMPLEMENTED
;
1299 static NTSTATUS
key_export( struct key
*key
, const WCHAR
*type
, UCHAR
*output
, ULONG output_len
, ULONG
*size
)
1301 struct key_asymmetric_export_params params
;
1303 if (!wcscmp( type
, BCRYPT_KEY_DATA_BLOB
))
1305 BCRYPT_KEY_DATA_BLOB_HEADER
*header
= (BCRYPT_KEY_DATA_BLOB_HEADER
*)output
;
1306 ULONG req_size
= sizeof(BCRYPT_KEY_DATA_BLOB_HEADER
) + key
->u
.s
.secret_len
;
1309 if (output_len
< req_size
) return STATUS_BUFFER_TOO_SMALL
;
1312 header
->dwMagic
= BCRYPT_KEY_DATA_BLOB_MAGIC
;
1313 header
->dwVersion
= BCRYPT_KEY_DATA_BLOB_VERSION1
;
1314 header
->cbKeyData
= key
->u
.s
.secret_len
;
1315 memcpy( &header
[1], key
->u
.s
.secret
, key
->u
.s
.secret_len
);
1317 return STATUS_SUCCESS
;
1319 else if (!wcscmp( type
, BCRYPT_OPAQUE_KEY_BLOB
))
1321 ULONG len
, req_size
= sizeof(len
) + key
->u
.s
.secret_len
;
1324 if (output_len
< req_size
) return STATUS_BUFFER_TOO_SMALL
;
1327 *(ULONG
*)output
= key
->u
.s
.secret_len
;
1328 memcpy( output
+ sizeof(len
), key
->u
.s
.secret
, key
->u
.s
.secret_len
);
1330 return STATUS_SUCCESS
;
1332 else if (!wcscmp( type
, BCRYPT_DSA_PRIVATE_BLOB
) || !wcscmp( type
, LEGACY_DSA_V2_PRIVATE_BLOB
) ||
1333 !wcscmp( type
, BCRYPT_ECCPRIVATE_BLOB
))
1337 params
.buf
= output
;
1338 params
.len
= output_len
;
1339 params
.ret_len
= size
;
1340 return UNIX_CALL( key_asymmetric_export
, ¶ms
);
1342 else if (!wcscmp( type
, BCRYPT_RSAPRIVATE_BLOB
) || !wcscmp( type
, BCRYPT_RSAFULLPRIVATE_BLOB
))
1345 params
.flags
= (wcscmp( type
, BCRYPT_RSAPRIVATE_BLOB
)) ? KEY_EXPORT_FLAG_RSA_FULL
: 0;
1346 params
.buf
= output
;
1347 params
.len
= output_len
;
1348 params
.ret_len
= size
;
1349 return UNIX_CALL( key_asymmetric_export
, ¶ms
);
1351 else if (!wcscmp( type
, BCRYPT_DSA_PUBLIC_BLOB
) || !wcscmp( type
, LEGACY_DSA_V2_PUBLIC_BLOB
) ||
1352 !wcscmp( type
, BCRYPT_ECCPUBLIC_BLOB
) || !wcscmp( type
, BCRYPT_RSAPUBLIC_BLOB
))
1355 params
.flags
= KEY_EXPORT_FLAG_PUBLIC
;
1356 params
.buf
= output
;
1357 params
.len
= output_len
;
1358 params
.ret_len
= size
;
1359 return UNIX_CALL( key_asymmetric_export
, ¶ms
);
1362 FIXME( "unsupported key type %s\n", debugstr_w(type
) );
1363 return STATUS_NOT_IMPLEMENTED
;
1366 static NTSTATUS
key_symmetric_encrypt( struct key
*key
, UCHAR
*input
, ULONG input_len
, void *padding
, UCHAR
*iv
,
1367 ULONG iv_len
, UCHAR
*output
, ULONG output_len
, ULONG
*ret_len
, ULONG flags
)
1369 struct key_symmetric_set_auth_data_params auth_params
;
1370 struct key_symmetric_encrypt_params encrypt_params
;
1371 struct key_symmetric_get_tag_params tag_params
;
1372 ULONG bytes_left
= input_len
;
1376 if (key
->u
.s
.mode
== CHAIN_MODE_GCM
)
1378 BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
*auth_info
= padding
;
1380 if (!auth_info
) return STATUS_INVALID_PARAMETER
;
1381 if (!auth_info
->pbNonce
) return STATUS_INVALID_PARAMETER
;
1382 if (!auth_info
->pbTag
) return STATUS_INVALID_PARAMETER
;
1383 if (auth_info
->cbTag
< 12 || auth_info
->cbTag
> 16) return STATUS_INVALID_PARAMETER
;
1384 if (auth_info
->dwFlags
& BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
)
1385 FIXME( "call chaining not implemented\n" );
1387 if ((status
= key_symmetric_set_vector( key
, auth_info
->pbNonce
, auth_info
->cbNonce
, TRUE
)))
1390 *ret_len
= input_len
;
1391 if (flags
& BCRYPT_BLOCK_PADDING
) return STATUS_INVALID_PARAMETER
;
1392 if (input
&& !output
) return STATUS_SUCCESS
;
1393 if (output_len
< *ret_len
) return STATUS_BUFFER_TOO_SMALL
;
1395 auth_params
.key
= key
;
1396 auth_params
.auth_data
= auth_info
->pbAuthData
;
1397 auth_params
.len
= auth_info
->cbAuthData
;
1398 if ((status
= UNIX_CALL( key_symmetric_set_auth_data
, &auth_params
))) return status
;
1400 encrypt_params
.key
= key
;
1401 encrypt_params
.input
= input
;
1402 encrypt_params
.input_len
= input_len
;
1403 encrypt_params
.output
= output
;
1404 encrypt_params
.output_len
= output_len
;
1405 if ((status
= UNIX_CALL( key_symmetric_encrypt
, &encrypt_params
))) return status
;
1407 tag_params
.key
= key
;
1408 tag_params
.tag
= auth_info
->pbTag
;
1409 tag_params
.len
= auth_info
->cbTag
;
1410 return UNIX_CALL( key_symmetric_get_tag
, &tag_params
);
1413 *ret_len
= input_len
;
1415 if (flags
& BCRYPT_BLOCK_PADDING
)
1416 *ret_len
= (input_len
+ key
->u
.s
.block_size
) & ~(key
->u
.s
.block_size
- 1);
1417 else if (input_len
& (key
->u
.s
.block_size
- 1))
1418 return STATUS_INVALID_BUFFER_SIZE
;
1420 if (!output
) return STATUS_SUCCESS
;
1421 if (output_len
< *ret_len
) return STATUS_BUFFER_TOO_SMALL
;
1422 if (key
->u
.s
.mode
== CHAIN_MODE_ECB
&& iv
) return STATUS_INVALID_PARAMETER
;
1423 if ((status
= key_symmetric_set_vector( key
, iv
, iv_len
, flags
& BCRYPT_BLOCK_PADDING
))) return status
;
1425 encrypt_params
.key
= key
;
1426 encrypt_params
.input
= input
;
1427 encrypt_params
.input_len
= key
->u
.s
.block_size
;
1428 encrypt_params
.output
= output
;
1429 encrypt_params
.output_len
= key
->u
.s
.block_size
;
1430 while (bytes_left
>= key
->u
.s
.block_size
)
1432 if ((status
= UNIX_CALL( key_symmetric_encrypt
, &encrypt_params
)))
1434 if (key
->u
.s
.mode
== CHAIN_MODE_ECB
&& (status
= key_symmetric_set_vector( key
, NULL
, 0, TRUE
)))
1436 bytes_left
-= key
->u
.s
.block_size
;
1437 encrypt_params
.input
+= key
->u
.s
.block_size
;
1438 encrypt_params
.output
+= key
->u
.s
.block_size
;
1441 if (flags
& BCRYPT_BLOCK_PADDING
)
1443 if (!(buf
= malloc( key
->u
.s
.block_size
))) return STATUS_NO_MEMORY
;
1444 memcpy( buf
, encrypt_params
.input
, bytes_left
);
1445 memset( buf
+ bytes_left
, key
->u
.s
.block_size
- bytes_left
, key
->u
.s
.block_size
- bytes_left
);
1446 encrypt_params
.input
= buf
;
1447 status
= UNIX_CALL( key_symmetric_encrypt
, &encrypt_params
);
1453 if (key
->u
.s
.vector
&& *ret_len
>= key
->u
.s
.vector_len
)
1455 memcpy( key
->u
.s
.vector
, output
+ *ret_len
- key
->u
.s
.vector_len
, key
->u
.s
.vector_len
);
1456 if (iv
) memcpy( iv
, key
->u
.s
.vector
, min( iv_len
, key
->u
.s
.vector_len
));
1458 else FIXME( "Unexpected vector len %lu, *ret_len %lu.\n", key
->u
.s
.vector_len
, *ret_len
);
1464 static NTSTATUS
key_symmetric_decrypt( struct key
*key
, UCHAR
*input
, ULONG input_len
, void *padding
, UCHAR
*iv
,
1465 ULONG iv_len
, UCHAR
*output
, ULONG output_len
, ULONG
*ret_len
, ULONG flags
)
1467 struct key_symmetric_set_auth_data_params auth_params
;
1468 struct key_symmetric_decrypt_params decrypt_params
;
1469 struct key_symmetric_get_tag_params tag_params
;
1470 ULONG bytes_left
= input_len
;
1473 if (key
->u
.s
.mode
== CHAIN_MODE_GCM
)
1475 BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
*auth_info
= padding
;
1478 if (!auth_info
) return STATUS_INVALID_PARAMETER
;
1479 if (!auth_info
->pbNonce
) return STATUS_INVALID_PARAMETER
;
1480 if (!auth_info
->pbTag
) return STATUS_INVALID_PARAMETER
;
1481 if (auth_info
->cbTag
< 12 || auth_info
->cbTag
> 16) return STATUS_INVALID_PARAMETER
;
1483 if ((status
= key_symmetric_set_vector( key
, auth_info
->pbNonce
, auth_info
->cbNonce
, TRUE
)))
1486 *ret_len
= input_len
;
1487 if (flags
& BCRYPT_BLOCK_PADDING
) return STATUS_INVALID_PARAMETER
;
1488 if (!output
) return STATUS_SUCCESS
;
1489 if (output_len
< *ret_len
) return STATUS_BUFFER_TOO_SMALL
;
1491 auth_params
.key
= key
;
1492 auth_params
.auth_data
= auth_info
->pbAuthData
;
1493 auth_params
.len
= auth_info
->cbAuthData
;
1494 if ((status
= UNIX_CALL( key_symmetric_set_auth_data
, &auth_params
))) return status
;
1496 decrypt_params
.key
= key
;
1497 decrypt_params
.input
= input
;
1498 decrypt_params
.input_len
= input_len
;
1499 decrypt_params
.output
= output
;
1500 decrypt_params
.output_len
= output_len
;
1501 if ((status
= UNIX_CALL( key_symmetric_decrypt
, &decrypt_params
))) return status
;
1503 tag_params
.key
= key
;
1504 tag_params
.tag
= tag
;
1505 tag_params
.len
= sizeof(tag
);
1506 if ((status
= UNIX_CALL( key_symmetric_get_tag
, &tag_params
))) return status
;
1507 if (memcmp( tag
, auth_info
->pbTag
, auth_info
->cbTag
)) return STATUS_AUTH_TAG_MISMATCH
;
1509 return STATUS_SUCCESS
;
1512 *ret_len
= input_len
;
1514 if (input_len
& (key
->u
.s
.block_size
- 1)) return STATUS_INVALID_BUFFER_SIZE
;
1515 if (!output
) return STATUS_SUCCESS
;
1516 if (flags
& BCRYPT_BLOCK_PADDING
)
1518 if (output_len
+ key
->u
.s
.block_size
< *ret_len
) return STATUS_BUFFER_TOO_SMALL
;
1519 if (input_len
< key
->u
.s
.block_size
) return STATUS_BUFFER_TOO_SMALL
;
1520 bytes_left
-= key
->u
.s
.block_size
;
1522 else if (output_len
< *ret_len
) return STATUS_BUFFER_TOO_SMALL
;
1524 if (key
->u
.s
.mode
== CHAIN_MODE_ECB
&& iv
) return STATUS_INVALID_PARAMETER
;
1525 if ((status
= key_symmetric_set_vector( key
, iv
, iv_len
, flags
& BCRYPT_BLOCK_PADDING
))) return status
;
1527 decrypt_params
.key
= key
;
1528 decrypt_params
.input
= input
;
1529 decrypt_params
.input_len
= key
->u
.s
.block_size
;
1530 decrypt_params
.output
= output
;
1531 decrypt_params
.output_len
= key
->u
.s
.block_size
;
1532 while (bytes_left
>= key
->u
.s
.block_size
)
1534 if ((status
= UNIX_CALL( key_symmetric_decrypt
, &decrypt_params
))) return status
;
1535 if (key
->u
.s
.mode
== CHAIN_MODE_ECB
&& (status
= key_symmetric_set_vector( key
, NULL
, 0, TRUE
)))
1537 bytes_left
-= key
->u
.s
.block_size
;
1538 decrypt_params
.input
+= key
->u
.s
.block_size
;
1539 decrypt_params
.output
+= key
->u
.s
.block_size
;
1542 if (flags
& BCRYPT_BLOCK_PADDING
)
1544 UCHAR
*buf
, *dst
= decrypt_params
.output
;
1545 if (!(buf
= malloc( key
->u
.s
.block_size
))) return STATUS_NO_MEMORY
;
1546 decrypt_params
.output
= buf
;
1547 status
= UNIX_CALL( key_symmetric_decrypt
, &decrypt_params
);
1548 if (!status
&& buf
[ key
->u
.s
.block_size
- 1 ] <= key
->u
.s
.block_size
)
1550 *ret_len
-= buf
[ key
->u
.s
.block_size
- 1 ];
1551 if (output_len
< *ret_len
) status
= STATUS_BUFFER_TOO_SMALL
;
1552 else memcpy( dst
, buf
, key
->u
.s
.block_size
- buf
[ key
->u
.s
.block_size
- 1 ] );
1554 else status
= STATUS_UNSUCCESSFUL
; /* FIXME: invalid padding */
1560 if (key
->u
.s
.vector
&& input_len
>= key
->u
.s
.vector_len
)
1562 memcpy( key
->u
.s
.vector
, input
+ input_len
- key
->u
.s
.vector_len
, key
->u
.s
.vector_len
);
1563 if (iv
) memcpy( iv
, key
->u
.s
.vector
, min( iv_len
, key
->u
.s
.vector_len
));
1565 else FIXME( "Unexpected vector len %lu, *ret_len %lu.\n", key
->u
.s
.vector_len
, *ret_len
);
1571 static void key_destroy( struct key
*key
)
1573 if (is_symmetric_key( key
))
1575 UNIX_CALL( key_symmetric_destroy
, key
);
1576 free( key
->u
.s
.vector
);
1577 free( key
->u
.s
.secret
);
1578 DeleteCriticalSection( &key
->u
.s
.cs
);
1581 UNIX_CALL( key_asymmetric_destroy
, key
);
1583 destroy_object( &key
->hdr
);
1586 static NTSTATUS
key_import_pair( struct algorithm
*alg
, const WCHAR
*type
, BCRYPT_KEY_HANDLE
*ret_key
, UCHAR
*input
,
1589 struct key_asymmetric_import_params params
;
1594 if (!wcscmp( type
, BCRYPT_ECCPUBLIC_BLOB
))
1596 BCRYPT_ECCKEY_BLOB
*ecc_blob
= (BCRYPT_ECCKEY_BLOB
*)input
;
1597 DWORD key_size
, magic
;
1599 if (input_len
< sizeof(*ecc_blob
)) return STATUS_INVALID_PARAMETER
;
1603 case ALG_ID_ECDH_P256
:
1605 magic
= BCRYPT_ECDH_PUBLIC_P256_MAGIC
;
1608 case ALG_ID_ECDH_P384
:
1610 magic
= BCRYPT_ECDH_PUBLIC_P384_MAGIC
;
1613 case ALG_ID_ECDSA_P256
:
1615 magic
= BCRYPT_ECDSA_PUBLIC_P256_MAGIC
;
1618 case ALG_ID_ECDSA_P384
:
1620 magic
= BCRYPT_ECDSA_PUBLIC_P384_MAGIC
;
1624 FIXME( "algorithm %u does not yet support importing blob of type %s\n", alg
->id
, debugstr_w(type
) );
1625 return STATUS_NOT_SUPPORTED
;
1628 if (ecc_blob
->dwMagic
!= magic
) return STATUS_INVALID_PARAMETER
;
1629 if (ecc_blob
->cbKey
!= key_size
|| input_len
< sizeof(*ecc_blob
) + ecc_blob
->cbKey
* 2)
1630 return STATUS_INVALID_PARAMETER
;
1632 if ((status
= key_asymmetric_create( alg
->id
, key_size
* 8, &key
))) return status
;
1634 params
.flags
= KEY_IMPORT_FLAG_PUBLIC
;
1636 params
.len
= input_len
;
1637 if ((status
= UNIX_CALL( key_asymmetric_import
, ¶ms
)))
1644 return STATUS_SUCCESS
;
1646 else if (!wcscmp( type
, BCRYPT_ECCPRIVATE_BLOB
))
1648 BCRYPT_ECCKEY_BLOB
*ecc_blob
= (BCRYPT_ECCKEY_BLOB
*)input
;
1649 DWORD key_size
, magic
;
1651 if (input_len
< sizeof(*ecc_blob
)) return STATUS_INVALID_PARAMETER
;
1655 case ALG_ID_ECDH_P256
:
1657 magic
= BCRYPT_ECDH_PRIVATE_P256_MAGIC
;
1660 case ALG_ID_ECDH_P384
:
1662 magic
= BCRYPT_ECDH_PRIVATE_P384_MAGIC
;
1665 case ALG_ID_ECDSA_P256
:
1667 magic
= BCRYPT_ECDSA_PRIVATE_P256_MAGIC
;
1671 FIXME( "algorithm %u does not yet support importing blob of type %s\n", alg
->id
, debugstr_w(type
) );
1672 return STATUS_NOT_SUPPORTED
;
1675 if (ecc_blob
->dwMagic
!= magic
) return STATUS_INVALID_PARAMETER
;
1676 if (ecc_blob
->cbKey
!= key_size
|| input_len
< sizeof(*ecc_blob
) + ecc_blob
->cbKey
* 3)
1677 return STATUS_INVALID_PARAMETER
;
1679 if ((status
= key_asymmetric_create( alg
->id
, key_size
* 8, &key
))) return status
;
1683 params
.len
= input_len
;
1684 if ((status
= UNIX_CALL( key_asymmetric_import
, ¶ms
)))
1691 return STATUS_SUCCESS
;
1693 else if (!wcscmp( type
, BCRYPT_RSAPUBLIC_BLOB
))
1695 BCRYPT_RSAKEY_BLOB
*rsa_blob
= (BCRYPT_RSAKEY_BLOB
*)input
;
1697 if (input_len
< sizeof(*rsa_blob
)) return STATUS_INVALID_PARAMETER
;
1698 if ((alg
->id
!= ALG_ID_RSA
&& alg
->id
!= ALG_ID_RSA_SIGN
) || rsa_blob
->Magic
!= BCRYPT_RSAPUBLIC_MAGIC
)
1699 return STATUS_NOT_SUPPORTED
;
1701 size
= sizeof(*rsa_blob
) + rsa_blob
->cbPublicExp
+ rsa_blob
->cbModulus
;
1702 if (size
!= input_len
) return NTE_BAD_DATA
;
1704 if ((status
= key_asymmetric_create( alg
->id
, rsa_blob
->BitLength
, &key
))) return status
;
1706 params
.flags
= KEY_IMPORT_FLAG_PUBLIC
;
1708 params
.len
= input_len
;
1709 if ((status
= UNIX_CALL( key_asymmetric_import
, ¶ms
)))
1716 return STATUS_SUCCESS
;
1718 else if (!wcscmp( type
, BCRYPT_RSAPRIVATE_BLOB
) || !wcscmp( type
, BCRYPT_RSAFULLPRIVATE_BLOB
))
1720 BCRYPT_RSAKEY_BLOB
*rsa_blob
= (BCRYPT_RSAKEY_BLOB
*)input
;
1722 if (input_len
< sizeof(*rsa_blob
)) return STATUS_INVALID_PARAMETER
;
1723 if (alg
->id
!= ALG_ID_RSA
|| (rsa_blob
->Magic
!= BCRYPT_RSAPRIVATE_MAGIC
&&
1724 rsa_blob
->Magic
!= BCRYPT_RSAFULLPRIVATE_MAGIC
)) return STATUS_NOT_SUPPORTED
;
1726 if ((status
= key_asymmetric_create( alg
->id
, rsa_blob
->BitLength
, &key
))) return status
;
1730 params
.len
= input_len
;
1731 if ((status
= UNIX_CALL( key_asymmetric_import
, ¶ms
)))
1738 return STATUS_SUCCESS
;
1740 else if (!wcscmp( type
, BCRYPT_DSA_PUBLIC_BLOB
))
1742 BCRYPT_DSA_KEY_BLOB
*dsa_blob
= (BCRYPT_DSA_KEY_BLOB
*)input
;
1744 if (input_len
< sizeof(*dsa_blob
)) return STATUS_INVALID_PARAMETER
;
1745 if ((alg
->id
!= ALG_ID_DSA
) || dsa_blob
->dwMagic
!= BCRYPT_DSA_PUBLIC_MAGIC
)
1746 return STATUS_NOT_SUPPORTED
;
1748 if ((status
= key_asymmetric_create( alg
->id
, dsa_blob
->cbKey
* 8, &key
))) return status
;
1750 params
.flags
= KEY_IMPORT_FLAG_PUBLIC
;
1752 params
.len
= input_len
;
1753 if ((status
= UNIX_CALL( key_asymmetric_import
, ¶ms
)))
1760 return STATUS_SUCCESS
;
1762 else if (!wcscmp( type
, LEGACY_DSA_V2_PRIVATE_BLOB
))
1764 BLOBHEADER
*hdr
= (BLOBHEADER
*)input
;
1767 if (input_len
< sizeof(*hdr
)) return STATUS_INVALID_PARAMETER
;
1769 if (hdr
->bType
!= PRIVATEKEYBLOB
&& hdr
->bVersion
!= 2 && hdr
->aiKeyAlg
!= CALG_DSS_SIGN
)
1771 FIXME( "blob type %u version %u alg id %u not supported\n", hdr
->bType
, hdr
->bVersion
, hdr
->aiKeyAlg
);
1772 return STATUS_NOT_SUPPORTED
;
1774 if (alg
->id
!= ALG_ID_DSA
)
1776 FIXME( "algorithm %u does not support importing blob of type %s\n", alg
->id
, debugstr_w(type
) );
1777 return STATUS_NOT_SUPPORTED
;
1780 if (input_len
< sizeof(*hdr
) + sizeof(*pubkey
)) return STATUS_INVALID_PARAMETER
;
1781 pubkey
= (DSSPUBKEY
*)(hdr
+ 1);
1782 if (pubkey
->magic
!= MAGIC_DSS2
) return STATUS_NOT_SUPPORTED
;
1784 if (input_len
< sizeof(*hdr
) + sizeof(*pubkey
) + (pubkey
->bitlen
/ 8) * 2 + 40 + sizeof(DSSSEED
))
1785 return STATUS_INVALID_PARAMETER
;
1787 if ((status
= key_asymmetric_create( alg
->id
, pubkey
->bitlen
, &key
))) return status
;
1788 key
->u
.a
.flags
|= KEY_FLAG_LEGACY_DSA_V2
;
1792 params
.len
= input_len
;
1793 if ((status
= UNIX_CALL( key_asymmetric_import
, ¶ms
)))
1800 return STATUS_SUCCESS
;
1802 else if (!wcscmp( type
, LEGACY_DSA_V2_PUBLIC_BLOB
)) /* not supported on native */
1804 BLOBHEADER
*hdr
= (BLOBHEADER
*)input
;
1807 if (alg
->id
!= ALG_ID_DSA
) return STATUS_NOT_SUPPORTED
;
1808 if (input_len
< sizeof(*hdr
)) return STATUS_INVALID_PARAMETER
;
1810 if (hdr
->bType
!= PUBLICKEYBLOB
&& hdr
->bVersion
!= 2 && hdr
->aiKeyAlg
!= CALG_DSS_SIGN
)
1812 FIXME( "blob type %u version %u alg id %u not supported\n", hdr
->bType
, hdr
->bVersion
, hdr
->aiKeyAlg
);
1813 return STATUS_NOT_SUPPORTED
;
1816 if (input_len
< sizeof(*hdr
) + sizeof(*pubkey
)) return STATUS_INVALID_PARAMETER
;
1817 pubkey
= (DSSPUBKEY
*)(hdr
+ 1);
1818 if (pubkey
->magic
!= MAGIC_DSS1
) return STATUS_NOT_SUPPORTED
;
1820 size
= sizeof(*hdr
) + sizeof(*pubkey
) + (pubkey
->bitlen
/ 8) * 3 + 20 + sizeof(DSSSEED
);
1821 if (input_len
< size
) return STATUS_INVALID_PARAMETER
;
1823 if ((status
= key_asymmetric_create( alg
->id
, pubkey
->bitlen
, &key
))) return status
;
1824 key
->u
.a
.flags
|= KEY_FLAG_LEGACY_DSA_V2
;
1826 params
.flags
= KEY_IMPORT_FLAG_PUBLIC
;
1828 params
.len
= input_len
;
1829 if ((status
= UNIX_CALL( key_asymmetric_import
, ¶ms
)))
1836 return STATUS_SUCCESS
;
1839 FIXME( "unsupported key type %s\n", debugstr_w(type
) );
1840 return STATUS_NOT_SUPPORTED
;
1843 NTSTATUS WINAPI
BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE handle
, BCRYPT_KEY_HANDLE
*ret_handle
,
1844 UCHAR
*object
, ULONG object_len
, UCHAR
*secret
, ULONG secret_len
,
1847 struct algorithm
*alg
= get_alg_object( handle
);
1849 TRACE( "%p, %p, %p, %lu, %p, %lu, %#lx\n", handle
, ret_handle
, object
, object_len
, secret
, secret_len
, flags
);
1850 if (object
) FIXME( "ignoring object buffer\n" );
1851 if (!__wine_unixlib_handle
)
1853 ERR( "no encryption support\n" );
1854 return STATUS_NOT_IMPLEMENTED
;
1857 if (!alg
) return STATUS_INVALID_HANDLE
;
1858 return generate_symmetric_key( alg
, ret_handle
, secret
, secret_len
);
1861 NTSTATUS WINAPI
BCryptGenerateKeyPair( BCRYPT_ALG_HANDLE handle
, BCRYPT_KEY_HANDLE
*ret_handle
, ULONG key_len
,
1864 struct algorithm
*alg
= get_alg_object( handle
);
1868 TRACE( "%p, %p, %lu, %#lx\n", handle
, ret_handle
, key_len
, flags
);
1870 if (!alg
) return STATUS_INVALID_HANDLE
;
1871 if (!ret_handle
) return STATUS_INVALID_PARAMETER
;
1873 if ((status
= key_asymmetric_create( alg
->id
, key_len
, &key
))) return status
;
1875 return STATUS_SUCCESS
;
1878 NTSTATUS WINAPI
BCryptFinalizeKeyPair( BCRYPT_KEY_HANDLE handle
, ULONG flags
)
1880 struct key
*key
= get_key_object( handle
);
1882 TRACE( "%p, %#lx\n", key
, flags
);
1884 if (!key
) return STATUS_INVALID_HANDLE
;
1885 return UNIX_CALL( key_asymmetric_generate
, key
);
1888 NTSTATUS WINAPI
BCryptImportKey( BCRYPT_ALG_HANDLE handle
, BCRYPT_KEY_HANDLE decrypt_key
, const WCHAR
*type
,
1889 BCRYPT_KEY_HANDLE
*ret_handle
, UCHAR
*object
, ULONG object_len
, UCHAR
*input
,
1890 ULONG input_len
, ULONG flags
)
1892 struct algorithm
*alg
= get_alg_object( handle
);
1894 TRACE( "%p, %p, %s, %p, %p, %lu, %p, %lu, %#lx\n", handle
, decrypt_key
, debugstr_w(type
), ret_handle
, object
,
1895 object_len
, input
, input_len
, flags
);
1897 if (!alg
) return STATUS_INVALID_HANDLE
;
1898 if (!ret_handle
|| !type
|| !input
) return STATUS_INVALID_PARAMETER
;
1901 FIXME( "decryption of key not yet supported\n" );
1902 return STATUS_NOT_IMPLEMENTED
;
1905 return key_import( alg
, type
, ret_handle
, object
, object_len
, input
, input_len
);
1908 NTSTATUS WINAPI
BCryptExportKey( BCRYPT_KEY_HANDLE export_key_handle
, BCRYPT_KEY_HANDLE encrypt_key_handle
,
1909 const WCHAR
*type
, UCHAR
*output
, ULONG output_len
, ULONG
*size
, ULONG flags
)
1911 struct key
*key
= get_key_object( export_key_handle
);
1913 TRACE( "%p, %p, %s, %p, %lu, %p, %#lx\n", export_key_handle
, encrypt_key_handle
, debugstr_w(type
), output
,
1914 output_len
, size
, flags
);
1916 if (!key
) return STATUS_INVALID_HANDLE
;
1917 if (!type
|| !size
) return STATUS_INVALID_PARAMETER
;
1918 if (encrypt_key_handle
)
1920 FIXME( "encryption of key not yet supported\n" );
1921 return STATUS_NOT_IMPLEMENTED
;
1924 return key_export( key
, type
, output
, output_len
, size
);
1927 static NTSTATUS
key_duplicate( struct key
*key_orig
, struct key
*key_copy
)
1932 memset( key_copy
, 0, sizeof(*key_copy
) );
1933 key_copy
->hdr
= key_orig
->hdr
;
1934 key_copy
->alg_id
= key_orig
->alg_id
;
1936 if (is_symmetric_key( key_orig
))
1938 if (!(buffer
= malloc( key_orig
->u
.s
.secret_len
))) return STATUS_NO_MEMORY
;
1939 memcpy( buffer
, key_orig
->u
.s
.secret
, key_orig
->u
.s
.secret_len
);
1941 key_copy
->u
.s
.mode
= key_orig
->u
.s
.mode
;
1942 key_copy
->u
.s
.block_size
= key_orig
->u
.s
.block_size
;
1943 key_copy
->u
.s
.secret
= buffer
;
1944 key_copy
->u
.s
.secret_len
= key_orig
->u
.s
.secret_len
;
1945 InitializeCriticalSection( &key_copy
->u
.s
.cs
);
1949 struct key_asymmetric_duplicate_params params
;
1951 key_copy
->u
.a
.bitlen
= key_orig
->u
.a
.bitlen
;
1952 key_copy
->u
.a
.flags
= key_orig
->u
.a
.flags
;
1953 key_copy
->u
.a
.dss_seed
= key_orig
->u
.a
.dss_seed
;
1955 params
.key_orig
= key_orig
;
1956 params
.key_copy
= key_copy
;
1957 if ((status
= UNIX_CALL( key_asymmetric_duplicate
, ¶ms
))) return status
;
1960 return STATUS_SUCCESS
;
1963 NTSTATUS WINAPI
BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle
, BCRYPT_KEY_HANDLE
*handle_copy
,
1964 UCHAR
*object
, ULONG object_len
, ULONG flags
)
1966 struct key
*key_orig
= get_key_object( handle
);
1967 struct key
*key_copy
;
1970 TRACE( "%p, %p, %p, %lu, %#lx\n", handle
, handle_copy
, object
, object_len
, flags
);
1971 if (object
) FIXME( "ignoring object buffer\n" );
1973 if (!key_orig
) return STATUS_INVALID_HANDLE
;
1974 if (!handle_copy
) return STATUS_INVALID_PARAMETER
;
1975 if (!(key_copy
= malloc( sizeof(*key_copy
) ))) return STATUS_NO_MEMORY
;
1977 if ((status
= key_duplicate( key_orig
, key_copy
)))
1979 key_destroy( key_copy
);
1983 *handle_copy
= key_copy
;
1984 return STATUS_SUCCESS
;
1987 static const WCHAR
*resolve_blob_type( const WCHAR
*type
, UCHAR
*input
, ULONG input_len
)
1989 BCRYPT_KEY_BLOB
*blob
= (BCRYPT_KEY_BLOB
*)input
;
1991 if (!type
) return NULL
;
1992 if (wcscmp( type
, BCRYPT_PUBLIC_KEY_BLOB
)) return type
;
1993 if (input_len
< sizeof(*blob
)) return NULL
;
1995 switch (blob
->Magic
)
1997 case BCRYPT_ECDH_PUBLIC_P256_MAGIC
:
1998 case BCRYPT_ECDH_PUBLIC_P384_MAGIC
:
1999 case BCRYPT_ECDSA_PUBLIC_P256_MAGIC
:
2000 case BCRYPT_ECDSA_PUBLIC_P384_MAGIC
:
2001 return BCRYPT_ECCPUBLIC_BLOB
;
2003 case BCRYPT_RSAPUBLIC_MAGIC
:
2004 return BCRYPT_RSAPUBLIC_BLOB
;
2006 case BCRYPT_DSA_PUBLIC_MAGIC
:
2007 return BCRYPT_DSA_PUBLIC_BLOB
;
2010 FIXME( "unsupported key magic %#lx\n", blob
->Magic
);
2015 NTSTATUS WINAPI
BCryptImportKeyPair( BCRYPT_ALG_HANDLE handle
, BCRYPT_KEY_HANDLE decrypt_key_handle
, const WCHAR
*type
,
2016 BCRYPT_KEY_HANDLE
*ret_handle
, UCHAR
*input
, ULONG input_len
, ULONG flags
)
2018 struct algorithm
*alg
= get_alg_object( handle
);
2020 TRACE( "%p, %p, %s, %p, %p, %lu, %#lx\n", handle
, decrypt_key_handle
, debugstr_w(type
), ret_handle
, input
,
2023 if (!alg
) return STATUS_INVALID_HANDLE
;
2024 if (!ret_handle
|| !input
|| !(type
= resolve_blob_type( type
, input
, input_len
)))
2025 return STATUS_INVALID_PARAMETER
;
2026 if (decrypt_key_handle
)
2028 FIXME( "decryption of key not yet supported\n" );
2029 return STATUS_NOT_IMPLEMENTED
;
2032 return key_import_pair( alg
, type
, ret_handle
, input
, input_len
);
2035 NTSTATUS WINAPI
BCryptSignHash( BCRYPT_KEY_HANDLE handle
, void *padding
, UCHAR
*input
, ULONG input_len
,
2036 UCHAR
*output
, ULONG output_len
, ULONG
*ret_len
, ULONG flags
)
2038 struct key_asymmetric_sign_params params
;
2039 struct key
*key
= get_key_object( handle
);
2041 TRACE( "%p, %p, %p, %lu, %p, %lu, %p, %#lx\n", handle
, padding
, input
, input_len
, output
, output_len
,
2044 if (!key
) return STATUS_INVALID_HANDLE
;
2045 if (!is_signature_key( key
)) return STATUS_NOT_SUPPORTED
;
2048 params
.padding
= padding
;
2049 params
.input
= input
;
2050 params
.input_len
= input_len
;
2051 params
.output
= output
;
2052 params
.output_len
= output_len
;
2053 params
.ret_len
= ret_len
;
2054 params
.flags
= flags
;
2055 return UNIX_CALL( key_asymmetric_sign
, ¶ms
);
2058 NTSTATUS WINAPI
BCryptVerifySignature( BCRYPT_KEY_HANDLE handle
, void *padding
, UCHAR
*hash
, ULONG hash_len
,
2059 UCHAR
*signature
, ULONG signature_len
, ULONG flags
)
2061 struct key_asymmetric_verify_params params
;
2062 struct key
*key
= get_key_object( handle
);
2064 TRACE( "%p, %p, %p, %lu, %p, %lu, %#lx\n", handle
, padding
, hash
, hash_len
, signature
, signature_len
, flags
);
2066 if (!key
) return STATUS_INVALID_HANDLE
;
2067 if (!is_signature_key( key
)) return STATUS_NOT_SUPPORTED
;
2068 if (!hash
|| !hash_len
|| !signature
|| !signature_len
) return STATUS_INVALID_PARAMETER
;
2071 params
.padding
= padding
;
2073 params
.hash_len
= hash_len
;
2074 params
.signature
= signature
;
2075 params
.signature_len
= signature_len
;
2076 params
.flags
= flags
;
2077 return UNIX_CALL( key_asymmetric_verify
, ¶ms
);
2080 NTSTATUS WINAPI
BCryptDestroyKey( BCRYPT_KEY_HANDLE handle
)
2082 struct key
*key
= get_key_object( handle
);
2084 TRACE( "%p\n", handle
);
2086 if (!key
) return STATUS_INVALID_HANDLE
;
2088 return STATUS_SUCCESS
;
2091 NTSTATUS WINAPI
BCryptEncrypt( BCRYPT_KEY_HANDLE handle
, UCHAR
*input
, ULONG input_len
, void *padding
, UCHAR
*iv
,
2092 ULONG iv_len
, UCHAR
*output
, ULONG output_len
, ULONG
*ret_len
, ULONG flags
)
2094 struct key
*key
= get_key_object( handle
);
2095 struct key_asymmetric_encrypt_params asymmetric_params
;
2098 TRACE( "%p, %p, %lu, %p, %p, %lu, %p, %lu, %p, %#lx\n", handle
, input
, input_len
, padding
, iv
, iv_len
, output
,
2099 output_len
, ret_len
, flags
);
2101 if (!key
) return STATUS_INVALID_HANDLE
;
2103 if (is_symmetric_key( key
))
2105 if (flags
& ~BCRYPT_BLOCK_PADDING
)
2107 FIXME( "flags %#lx not implemented\n", flags
);
2108 return STATUS_NOT_IMPLEMENTED
;
2110 EnterCriticalSection( &key
->u
.s
.cs
);
2111 ret
= key_symmetric_encrypt( key
, input
, input_len
, padding
, iv
, iv_len
, output
, output_len
, ret_len
, flags
);
2112 LeaveCriticalSection( &key
->u
.s
.cs
);
2116 if (flags
& BCRYPT_PAD_NONE
|| flags
& BCRYPT_PAD_OAEP
)
2118 FIXME( "flags %#lx not implemented\n", flags
);
2119 return STATUS_NOT_IMPLEMENTED
;
2121 if (!is_asymmetric_encryption_key( key
)) return STATUS_NOT_SUPPORTED
;
2123 asymmetric_params
.input
= input
;
2124 asymmetric_params
.input_len
= input_len
;
2125 asymmetric_params
.key
= key
;
2126 asymmetric_params
.output
= output
;
2127 asymmetric_params
.output_len
= output_len
;
2128 asymmetric_params
.ret_len
= ret_len
;
2129 ret
= UNIX_CALL(key_asymmetric_encrypt
, &asymmetric_params
);
2135 NTSTATUS WINAPI
BCryptDecrypt( BCRYPT_KEY_HANDLE handle
, UCHAR
*input
, ULONG input_len
, void *padding
, UCHAR
*iv
,
2136 ULONG iv_len
, UCHAR
*output
, ULONG output_len
, ULONG
*ret_len
, ULONG flags
)
2138 struct key
*key
= get_key_object( handle
);
2139 struct key_asymmetric_decrypt_params params
;
2142 TRACE( "%p, %p, %lu, %p, %p, %lu, %p, %lu, %p, %#lx\n", handle
, input
, input_len
, padding
, iv
, iv_len
, output
,
2143 output_len
, ret_len
, flags
);
2145 if (!key
) return STATUS_INVALID_HANDLE
;
2147 if (is_symmetric_key( key
))
2149 if (flags
& ~BCRYPT_BLOCK_PADDING
)
2151 FIXME( "flags %#lx not supported\n", flags
);
2152 return STATUS_NOT_IMPLEMENTED
;
2155 EnterCriticalSection( &key
->u
.s
.cs
);
2156 ret
= key_symmetric_decrypt( key
, input
, input_len
, padding
, iv
, iv_len
, output
, output_len
, ret_len
, flags
);
2157 LeaveCriticalSection( &key
->u
.s
.cs
);
2161 if (flags
& BCRYPT_PAD_NONE
|| flags
& BCRYPT_PAD_OAEP
)
2163 FIXME( "flags %#lx not implemented\n", flags
);
2164 return STATUS_NOT_IMPLEMENTED
;
2166 if (!is_asymmetric_encryption_key( key
)) return STATUS_NOT_SUPPORTED
;
2169 params
.input
= input
;
2170 params
.input_len
= input_len
;
2171 params
.output
= output
;
2172 params
.output_len
= output_len
;
2173 params
.ret_len
= ret_len
;
2174 ret
= UNIX_CALL(key_asymmetric_decrypt
, ¶ms
);
2180 NTSTATUS WINAPI
BCryptSetProperty( BCRYPT_HANDLE handle
, const WCHAR
*prop
, UCHAR
*value
, ULONG size
, ULONG flags
)
2182 struct object
*object
= get_object( handle
, 0 );
2184 TRACE( "%p, %s, %p, %lu, %#lx\n", handle
, debugstr_w(prop
), value
, size
, flags
);
2186 if (!handle
) return STATUS_INVALID_HANDLE
;
2187 if (is_alg_pseudo_handle( handle
)) return STATUS_ACCESS_DENIED
;
2189 switch (object
->magic
)
2193 struct algorithm
*alg
= (struct algorithm
*)object
;
2194 return set_alg_property( alg
, prop
, value
, size
, flags
);
2198 struct key
*key
= (struct key
*)object
;
2199 return set_key_property( key
, prop
, value
, size
, flags
);
2202 WARN( "unknown magic %#lx\n", object
->magic
);
2203 return STATUS_INVALID_HANDLE
;
2207 #define HMAC_PAD_LEN 64
2208 NTSTATUS WINAPI
BCryptDeriveKeyCapi( BCRYPT_HASH_HANDLE handle
, BCRYPT_ALG_HANDLE halg
, UCHAR
*key
, ULONG keylen
, ULONG flags
)
2210 struct hash
*hash
= get_hash_object( handle
);
2211 UCHAR buf
[MAX_HASH_OUTPUT_BYTES
* 2];
2215 TRACE( "%p, %p, %p, %lu, %#lx\n", handle
, halg
, key
, keylen
, flags
);
2217 if (!hash
) return STATUS_INVALID_HANDLE
;
2218 if (!key
|| !keylen
) return STATUS_INVALID_PARAMETER
;
2219 if (keylen
> builtin_algorithms
[hash
->alg_id
].hash_length
* 2) return STATUS_INVALID_PARAMETER
;
2222 FIXME( "algorithm handle not supported\n" );
2223 return STATUS_NOT_IMPLEMENTED
;
2226 if ((status
= hash_finalize( hash
, buf
))) return status
;
2228 len
= builtin_algorithms
[hash
->alg_id
].hash_length
;
2231 UCHAR pad1
[HMAC_PAD_LEN
], pad2
[HMAC_PAD_LEN
];
2234 for (i
= 0; i
< sizeof(pad1
); i
++)
2236 pad1
[i
] = 0x36 ^ (i
< len
? buf
[i
] : 0);
2237 pad2
[i
] = 0x5c ^ (i
< len
? buf
[i
] : 0);
2240 if ((status
= hash_prepare( hash
)) ||
2241 (status
= hash_update( &hash
->inner
, hash
->alg_id
, pad1
, sizeof(pad1
) )) ||
2242 (status
= hash_finalize( hash
, buf
))) return status
;
2244 if ((status
= hash_prepare( hash
)) ||
2245 (status
= hash_update( &hash
->inner
, hash
->alg_id
, pad2
, sizeof(pad2
) )) ||
2246 (status
= hash_finalize( hash
, buf
+ len
))) return status
;
2249 memcpy( key
, buf
, keylen
);
2250 return STATUS_SUCCESS
;
2253 static NTSTATUS
pbkdf2( struct hash
*hash
, UCHAR
*pwd
, ULONG pwd_len
, UCHAR
*salt
, ULONG salt_len
,
2254 ULONGLONG iterations
, ULONG i
, UCHAR
*dst
, ULONG hash_len
)
2256 NTSTATUS status
= STATUS_INVALID_PARAMETER
;
2257 UCHAR bytes
[4], *buf
;
2260 if (!(buf
= malloc( hash_len
))) return STATUS_NO_MEMORY
;
2262 for (j
= 0; j
< iterations
; j
++)
2266 /* use salt || INT(i) */
2267 if ((status
= hash_update( &hash
->inner
, hash
->alg_id
, salt
, salt_len
)))
2272 bytes
[0] = (i
>> 24) & 0xff;
2273 bytes
[1] = (i
>> 16) & 0xff;
2274 bytes
[2] = (i
>> 8) & 0xff;
2275 bytes
[3] = i
& 0xff;
2276 status
= hash_update( &hash
->inner
, hash
->alg_id
, bytes
, 4 );
2278 else status
= hash_update( &hash
->inner
, hash
->alg_id
, buf
, hash_len
); /* use U_j */
2286 if ((status
= hash_finalize( hash
, buf
)))
2292 if (j
== 0) memcpy( dst
, buf
, hash_len
);
2293 else for (k
= 0; k
< hash_len
; k
++) dst
[k
] ^= buf
[k
];
2300 static NTSTATUS
derive_key_pbkdf2( struct algorithm
*alg
, UCHAR
*pwd
, ULONG pwd_len
, UCHAR
*salt
, ULONG salt_len
,
2301 ULONGLONG iterations
, UCHAR
*dk
, ULONG dk_len
)
2303 ULONG hash_len
, block_count
, bytes_left
, i
;
2308 hash_len
= builtin_algorithms
[alg
->id
].hash_length
;
2309 if (dk_len
<= 0 || dk_len
> ((((ULONGLONG
)1) << 32) - 1) * hash_len
) return STATUS_INVALID_PARAMETER
;
2311 block_count
= 1 + ((dk_len
- 1) / hash_len
); /* ceil(dk_len / hash_len) */
2312 bytes_left
= dk_len
- (block_count
- 1) * hash_len
;
2314 if ((status
= hash_create( alg
, pwd
, pwd_len
, BCRYPT_HASH_REUSABLE_FLAG
, &hash
))) return status
;
2317 for (i
= 1; i
< block_count
; i
++)
2319 if ((status
= pbkdf2( hash
, pwd
, pwd_len
, salt
, salt_len
, iterations
, i
, dk
+ ((i
- 1) * hash_len
), hash_len
)))
2321 hash_destroy( hash
);
2326 /* final partial block */
2327 if (!(partial
= malloc( hash_len
)))
2329 hash_destroy( hash
);
2330 return STATUS_NO_MEMORY
;
2333 if ((status
= pbkdf2( hash
, pwd
, pwd_len
, salt
, salt_len
, iterations
, block_count
, partial
, hash_len
)))
2335 hash_destroy( hash
);
2339 memcpy( dk
+ ((block_count
- 1) * hash_len
), partial
, bytes_left
);
2341 hash_destroy( hash
);
2343 return STATUS_SUCCESS
;
2346 NTSTATUS WINAPI
BCryptDeriveKeyPBKDF2( BCRYPT_ALG_HANDLE handle
, UCHAR
*pwd
, ULONG pwd_len
, UCHAR
*salt
, ULONG salt_len
,
2347 ULONGLONG iterations
, UCHAR
*dk
, ULONG dk_len
, ULONG flags
)
2349 struct algorithm
*alg
= get_alg_object( handle
);
2351 TRACE( "%p, %p, %lu, %p, %lu, %s, %p, %lu, %#lx\n", handle
, pwd
, pwd_len
, salt
, salt_len
,
2352 wine_dbgstr_longlong(iterations
), dk
, dk_len
, flags
);
2354 if (!alg
) return STATUS_INVALID_HANDLE
;
2355 return derive_key_pbkdf2( alg
, pwd
, pwd_len
, salt
, salt_len
, iterations
, dk
, dk_len
);
2358 NTSTATUS WINAPI
BCryptSecretAgreement( BCRYPT_KEY_HANDLE privkey_handle
, BCRYPT_KEY_HANDLE pubkey_handle
,
2359 BCRYPT_SECRET_HANDLE
*ret_handle
, ULONG flags
)
2361 struct key
*privkey
= get_key_object( privkey_handle
);
2362 struct key
*pubkey
= get_key_object( pubkey_handle
);
2363 struct secret
*secret
;
2365 FIXME( "%p, %p, %p, %#lx\n", privkey_handle
, pubkey_handle
, ret_handle
, flags
);
2367 if (!privkey
|| !pubkey
) return STATUS_INVALID_HANDLE
;
2368 if (!is_agreement_key( privkey
) || !is_agreement_key( pubkey
)) return STATUS_NOT_SUPPORTED
;
2369 if (!ret_handle
) return STATUS_INVALID_PARAMETER
;
2371 if (!(secret
= calloc( 1, sizeof(*secret
) ))) return STATUS_NO_MEMORY
;
2372 secret
->hdr
.magic
= MAGIC_SECRET
;
2374 *ret_handle
= secret
;
2375 return STATUS_SUCCESS
;
2378 NTSTATUS WINAPI
BCryptDestroySecret( BCRYPT_SECRET_HANDLE handle
)
2380 struct secret
*secret
= get_secret_object( handle
);
2382 FIXME( "%p\n", handle
);
2384 if (!secret
) return STATUS_INVALID_HANDLE
;
2385 destroy_object( &secret
->hdr
);
2386 return STATUS_SUCCESS
;
2389 NTSTATUS WINAPI
BCryptDeriveKey( BCRYPT_SECRET_HANDLE handle
, const WCHAR
*kdf
, BCryptBufferDesc
*parameter
,
2390 UCHAR
*derived
, ULONG derived_size
, ULONG
*result
, ULONG flags
)
2392 struct secret
*secret
= get_secret_object( handle
);
2394 FIXME( "%p, %s, %p, %p, %lu, %p, %#lx\n", secret
, debugstr_w(kdf
), parameter
, derived
, derived_size
, result
, flags
);
2396 if (!secret
) return STATUS_INVALID_HANDLE
;
2397 if (!kdf
) return STATUS_INVALID_PARAMETER
;
2399 return STATUS_INTERNAL_ERROR
;
2402 BOOL WINAPI
DllMain( HINSTANCE hinst
, DWORD reason
, LPVOID reserved
)
2406 case DLL_PROCESS_ATTACH
:
2407 DisableThreadLibraryCalls( hinst
);
2408 if (!__wine_init_unix_call())
2410 if (UNIX_CALL( process_attach
, NULL
)) __wine_unixlib_handle
= 0;
2413 case DLL_PROCESS_DETACH
:
2414 if (reserved
) break;
2415 if (__wine_unixlib_handle
) UNIX_CALL( process_detach
, NULL
);