search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
win32u: Avoid invalid access when registered device alloc failed. (Coverity).
[wine.git] / dlls / bcrypt / gnutls.c
blob9d52b7360cecaeb7841d2eb6195b3faf28921e4c
1 /*
2 * Copyright 2009 Henri Verbeet for CodeWeavers
3 * Copyright 2018 Hans Leidekker for CodeWeavers
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 *
19 */
20
21 #if 0
22 #pragma makedep unix
23 #endif
24
25 #include "config.h"
26
27 #ifdef HAVE_GNUTLS_CIPHER_INIT
28
29 #include <stdarg.h>
30 #include <stdlib.h>
31 #include <assert.h>
32 #include <sys/types.h>
33 #include <dlfcn.h>
34 #include <gnutls/gnutls.h>
35 #include <gnutls/crypto.h>
36 #include <gnutls/abstract.h>
37
38 #include "ntstatus.h"
39 #define WIN32_NO_STATUS
40 #include "windef.h"
41 #include "winbase.h"
42 #include "winternl.h"
43 #include "ntsecapi.h"
44 #include "wincrypt.h"
45 #include "bcrypt.h"
46
47 #include "bcrypt_internal.h"
48
49 #include "wine/debug.h"
50
51 WINE_DEFAULT_DEBUG_CHANNEL(bcrypt);
52 WINE_DECLARE_DEBUG_CHANNEL(winediag);
53
54 #if GNUTLS_VERSION_MAJOR < 3
55 #define GNUTLS_CIPHER_AES_192_CBC 92
56 #define GNUTLS_CIPHER_AES_128_GCM 93
57 #define GNUTLS_CIPHER_AES_256_GCM 94
58 #define GNUTLS_PK_ECC 4
59
60 #define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)(((unsigned int)1<<31)|((unsigned int)(curve)))
61
62 typedef enum
63 {
64 GNUTLS_ECC_CURVE_INVALID,
65 GNUTLS_ECC_CURVE_SECP224R1,
66 GNUTLS_ECC_CURVE_SECP256R1,
67 GNUTLS_ECC_CURVE_SECP384R1,
68 GNUTLS_ECC_CURVE_SECP521R1,
69 } gnutls_ecc_curve_t;
70 #endif
71
72 union key_data
73 {
74 gnutls_cipher_hd_t cipher;
75 struct
76 {
77 gnutls_privkey_t privkey;
78 gnutls_pubkey_t pubkey;
79 } a;
80 };
81 C_ASSERT( sizeof(union key_data) <= sizeof(((struct key *)0)->private) );
82
83 static union key_data *key_data( struct key *key )
84 {
85 return (union key_data *)key->private;
86 }
87
88 /* Not present in gnutls version < 3.0 */
89 static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t, void *, size_t);
90 static int (*pgnutls_cipher_add_auth)(gnutls_cipher_hd_t, const void *, size_t);
91 static gnutls_sign_algorithm_t (*pgnutls_pk_to_sign)(gnutls_pk_algorithm_t, gnutls_digest_algorithm_t);
92 static int (*pgnutls_pubkey_import_ecc_raw)(gnutls_pubkey_t, gnutls_ecc_curve_t,
93 const gnutls_datum_t *, const gnutls_datum_t *);
94 static int (*pgnutls_pubkey_export_ecc_raw)(gnutls_pubkey_t key, gnutls_ecc_curve_t *curve,
95 gnutls_datum_t *x, gnutls_datum_t *y);
96 static int (*pgnutls_privkey_import_ecc_raw)(gnutls_privkey_t, gnutls_ecc_curve_t, const gnutls_datum_t *,
97 const gnutls_datum_t *, const gnutls_datum_t *);
98 static int (*pgnutls_pubkey_verify_hash2)(gnutls_pubkey_t, gnutls_sign_algorithm_t, unsigned int,
99 const gnutls_datum_t *, const gnutls_datum_t *);
100 static int (*pgnutls_pubkey_encrypt_data)(gnutls_pubkey_t, unsigned int flags, const gnutls_datum_t *,
101 gnutls_datum_t *);
102
103 /* Not present in gnutls version < 2.11.0 */
104 static int (*pgnutls_pubkey_import_rsa_raw)(gnutls_pubkey_t, const gnutls_datum_t *, const gnutls_datum_t *);
105
106 /* Not present in gnutls version < 2.12.0 */
107 static int (*pgnutls_pubkey_import_dsa_raw)(gnutls_pubkey_t, const gnutls_datum_t *, const gnutls_datum_t *,
108 const gnutls_datum_t *, const gnutls_datum_t *);
109 static int (*pgnutls_pubkey_import_privkey)(gnutls_pubkey_t, gnutls_privkey_t, unsigned int, unsigned int);
110 static int (*pgnutls_privkey_decrypt_data)(gnutls_privkey_t, unsigned int flags, const gnutls_datum_t *,
111 gnutls_datum_t *);
112
113 /* Not present in gnutls version < 3.3.0 */
114 static int (*pgnutls_pubkey_export_dsa_raw)(gnutls_pubkey_t, gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *,
115 gnutls_datum_t *);
116 static int (*pgnutls_pubkey_export_rsa_raw)(gnutls_pubkey_t, gnutls_datum_t *, gnutls_datum_t *);
117 static int (*pgnutls_privkey_export_ecc_raw)(gnutls_privkey_t, gnutls_ecc_curve_t *,
118 gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *);
119 static int (*pgnutls_privkey_export_rsa_raw)(gnutls_privkey_t, gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *,
120 gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *,
121 gnutls_datum_t *);
122 static int (*pgnutls_privkey_export_dsa_raw)(gnutls_privkey_t, gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *,
123 gnutls_datum_t *, gnutls_datum_t *);
124 static int (*pgnutls_privkey_generate)(gnutls_privkey_t, gnutls_pk_algorithm_t, unsigned int, unsigned int);
125 static int (*pgnutls_privkey_import_rsa_raw)(gnutls_privkey_t, const gnutls_datum_t *, const gnutls_datum_t *,
126 const gnutls_datum_t *, const gnutls_datum_t *, const gnutls_datum_t *,
127 const gnutls_datum_t *, const gnutls_datum_t *, const gnutls_datum_t *);
128
129 /* Not present in gnutls version < 3.6.0 */
130 static int (*pgnutls_decode_rs_value)(const gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *);
131
132 static void *libgnutls_handle;
133 #define MAKE_FUNCPTR(f) static typeof(f) * p##f
134 MAKE_FUNCPTR(gnutls_cipher_decrypt2);
135 MAKE_FUNCPTR(gnutls_cipher_deinit);
136 MAKE_FUNCPTR(gnutls_cipher_encrypt2);
137 MAKE_FUNCPTR(gnutls_cipher_init);
138 MAKE_FUNCPTR(gnutls_global_deinit);
139 MAKE_FUNCPTR(gnutls_global_init);
140 MAKE_FUNCPTR(gnutls_global_set_log_function);
141 MAKE_FUNCPTR(gnutls_global_set_log_level);
142 MAKE_FUNCPTR(gnutls_perror);
143 MAKE_FUNCPTR(gnutls_privkey_decrypt_data);
144 MAKE_FUNCPTR(gnutls_privkey_deinit);
145 MAKE_FUNCPTR(gnutls_privkey_import_dsa_raw);
146 MAKE_FUNCPTR(gnutls_privkey_init);
147 MAKE_FUNCPTR(gnutls_privkey_sign_hash);
148 MAKE_FUNCPTR(gnutls_pubkey_deinit);
149 MAKE_FUNCPTR(gnutls_pubkey_encrypt_data);
150 MAKE_FUNCPTR(gnutls_pubkey_import_privkey);
151 MAKE_FUNCPTR(gnutls_pubkey_init);
152 #undef MAKE_FUNCPTR
153
154 static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
155 {
156 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
157 }
158
159 static int compat_gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size)
160 {
161 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
162 }
163
164 static int compat_gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t curve,
165 const gnutls_datum_t *x, const gnutls_datum_t *y)
166 {
167 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
168 }
169
170 static int compat_gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t *curve,
171 gnutls_datum_t *x, gnutls_datum_t *y)
172 {
173 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
174 }
175
176 static int compat_gnutls_pubkey_export_dsa_raw(gnutls_pubkey_t key, gnutls_datum_t *p, gnutls_datum_t *q,
177 gnutls_datum_t *g, gnutls_datum_t *y)
178 {
179 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
180 }
181
182 static int compat_gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key, gnutls_datum_t *m, gnutls_datum_t *e)
183 {
184 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
185 }
186
187 static int compat_gnutls_privkey_export_rsa_raw(gnutls_privkey_t key, gnutls_datum_t *m, gnutls_datum_t *e,
188 gnutls_datum_t *d, gnutls_datum_t *p, gnutls_datum_t *q,
189 gnutls_datum_t *u, gnutls_datum_t *e1, gnutls_datum_t *e2)
190 {
191 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
192 }
193
194 static int compat_gnutls_privkey_export_ecc_raw(gnutls_privkey_t key, gnutls_ecc_curve_t *curve,
195 gnutls_datum_t *x, gnutls_datum_t *y, gnutls_datum_t *k)
196 {
197 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
198 }
199
200 static int compat_gnutls_privkey_import_ecc_raw(gnutls_privkey_t key, gnutls_ecc_curve_t curve,
201 const gnutls_datum_t *x, const gnutls_datum_t *y,
202 const gnutls_datum_t *k)
203 {
204 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
205 }
206
207 static int compat_gnutls_privkey_export_dsa_raw(gnutls_privkey_t key, gnutls_datum_t *p, gnutls_datum_t *q,
208 gnutls_datum_t *g, gnutls_datum_t *y, gnutls_datum_t *x)
209 {
210 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
211 }
212
213 static gnutls_sign_algorithm_t compat_gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
214 {
215 return GNUTLS_SIGN_UNKNOWN;
216 }
217
218 static int compat_gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, gnutls_sign_algorithm_t algo,
219 unsigned int flags, const gnutls_datum_t *hash,
220 const gnutls_datum_t *signature)
221 {
222 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
223 }
224
225 static int compat_gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, const gnutls_datum_t *m, const gnutls_datum_t *e)
226 {
227 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
228 }
229
230 static int compat_gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, const gnutls_datum_t *p, const gnutls_datum_t *q,
231 const gnutls_datum_t *g, const gnutls_datum_t *y)
232 {
233 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
234 }
235
236 static int compat_gnutls_privkey_generate(gnutls_privkey_t key, gnutls_pk_algorithm_t algo, unsigned int bits,
237 unsigned int flags)
238 {
239 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
240 }
241
242 static int compat_gnutls_decode_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t * r, gnutls_datum_t * s)
243 {
244 return GNUTLS_E_INTERNAL_ERROR;
245 }
246
247 static int compat_gnutls_privkey_import_rsa_raw(gnutls_privkey_t key, const gnutls_datum_t *m, const gnutls_datum_t *e,
248 const gnutls_datum_t *d, const gnutls_datum_t *p, const gnutls_datum_t *q,
249 const gnutls_datum_t *u, const gnutls_datum_t *e1, const gnutls_datum_t *e2)
250 {
251 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
252 }
253
254 static int compat_gnutls_privkey_decrypt_data(gnutls_privkey_t key, unsigned int flags, const gnutls_datum_t *cipher_text,
255 gnutls_datum_t *plain_text)
256 {
257 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
258 }
259
260 static int compat_gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags, const gnutls_datum_t *cipher_text,
261 gnutls_datum_t *plain_text)
262 {
263 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
264 }
265
266 static void gnutls_log( int level, const char *msg )
267 {
268 TRACE( "<%d> %s", level, msg );
269 }
270
271 static NTSTATUS gnutls_process_attach( void *args )
272 {
273 const char *env_str;
274 int ret;
275
276 if ((env_str = getenv("GNUTLS_SYSTEM_PRIORITY_FILE")))
277 {
278 WARN("GNUTLS_SYSTEM_PRIORITY_FILE is %s.\n", debugstr_a(env_str));
279 }
280 else
281 {
282 WARN("Setting GNUTLS_SYSTEM_PRIORITY_FILE to \"/dev/null\".\n");
283 setenv("GNUTLS_SYSTEM_PRIORITY_FILE", "/dev/null", 0);
284 }
285
286 if (!(libgnutls_handle = dlopen( SONAME_LIBGNUTLS, RTLD_NOW )))
287 {
288 ERR_(winediag)( "failed to load libgnutls, no support for encryption\n" );
289 return STATUS_DLL_NOT_FOUND;
290 }
291
292 #define LOAD_FUNCPTR(f) \
293 if (!(p##f = dlsym( libgnutls_handle, #f ))) \
294 { \
295 ERR( "failed to load %s\n", #f ); \
296 goto fail; \
297 }
298
299 LOAD_FUNCPTR(gnutls_cipher_decrypt2)
300 LOAD_FUNCPTR(gnutls_cipher_deinit)
301 LOAD_FUNCPTR(gnutls_cipher_encrypt2)
302 LOAD_FUNCPTR(gnutls_cipher_init)
303 LOAD_FUNCPTR(gnutls_global_deinit)
304 LOAD_FUNCPTR(gnutls_global_init)
305 LOAD_FUNCPTR(gnutls_global_set_log_function)
306 LOAD_FUNCPTR(gnutls_global_set_log_level)
307 LOAD_FUNCPTR(gnutls_perror)
308 LOAD_FUNCPTR(gnutls_privkey_deinit);
309 LOAD_FUNCPTR(gnutls_privkey_import_dsa_raw);
310 LOAD_FUNCPTR(gnutls_privkey_init);
311 LOAD_FUNCPTR(gnutls_privkey_sign_hash);
312 LOAD_FUNCPTR(gnutls_pubkey_deinit);
313 LOAD_FUNCPTR(gnutls_pubkey_import_privkey);
314 LOAD_FUNCPTR(gnutls_pubkey_init);
315 #undef LOAD_FUNCPTR
316
317 #define LOAD_FUNCPTR_OPT(f) \
318 if (!(p##f = dlsym( libgnutls_handle, #f ))) \
319 { \
320 WARN( "failed to load %s\n", #f ); \
321 p##f = compat_##f; \
322 }
323
324 LOAD_FUNCPTR_OPT(gnutls_cipher_tag)
325 LOAD_FUNCPTR_OPT(gnutls_cipher_add_auth)
326 LOAD_FUNCPTR_OPT(gnutls_pubkey_export_dsa_raw)
327 LOAD_FUNCPTR_OPT(gnutls_pubkey_export_ecc_raw)
328 LOAD_FUNCPTR_OPT(gnutls_pubkey_export_rsa_raw)
329 LOAD_FUNCPTR_OPT(gnutls_pubkey_import_ecc_raw)
330 LOAD_FUNCPTR_OPT(gnutls_privkey_export_rsa_raw)
331 LOAD_FUNCPTR_OPT(gnutls_privkey_export_ecc_raw)
332 LOAD_FUNCPTR_OPT(gnutls_privkey_import_ecc_raw)
333 LOAD_FUNCPTR_OPT(gnutls_privkey_export_dsa_raw)
334 LOAD_FUNCPTR_OPT(gnutls_pk_to_sign)
335 LOAD_FUNCPTR_OPT(gnutls_pubkey_verify_hash2)
336 LOAD_FUNCPTR_OPT(gnutls_pubkey_import_rsa_raw)
337 LOAD_FUNCPTR_OPT(gnutls_pubkey_import_dsa_raw)
338 LOAD_FUNCPTR_OPT(gnutls_privkey_generate)
339 LOAD_FUNCPTR_OPT(gnutls_decode_rs_value)
340 LOAD_FUNCPTR_OPT(gnutls_privkey_import_rsa_raw)
341 LOAD_FUNCPTR_OPT(gnutls_privkey_decrypt_data)
342 LOAD_FUNCPTR_OPT(gnutls_pubkey_encrypt_data)
343 #undef LOAD_FUNCPTR_OPT
344
345 if ((ret = pgnutls_global_init()) != GNUTLS_E_SUCCESS)
346 {
347 pgnutls_perror( ret );
348 goto fail;
349 }
350
351 if (TRACE_ON( bcrypt ))
352 {
353 pgnutls_global_set_log_level( 4 );
354 pgnutls_global_set_log_function( gnutls_log );
355 }
356
357 return STATUS_SUCCESS;
358
359 fail:
360 dlclose( libgnutls_handle );
361 libgnutls_handle = NULL;
362 return STATUS_DLL_NOT_FOUND;
363 }
364
365 static NTSTATUS gnutls_process_detach( void *args )
366 {
367 if (libgnutls_handle)
368 {
369 pgnutls_global_deinit();
370 dlclose( libgnutls_handle );
371 libgnutls_handle = NULL;
372 }
373 return STATUS_SUCCESS;
374 }
375
376 struct buffer
377 {
378 BYTE *buffer;
379 DWORD length;
380 DWORD pos;
381 BOOL error;
382 };
383
384 static void buffer_init( struct buffer *buffer )
385 {
386 buffer->buffer = NULL;
387 buffer->length = 0;
388 buffer->pos = 0;
389 buffer->error = FALSE;
390 }
391
392 static void buffer_free( struct buffer *buffer )
393 {
394 free( buffer->buffer );
395 }
396
397 static void buffer_append( struct buffer *buffer, BYTE *data, DWORD len )
398 {
399 if (!len) return;
400
401 if (buffer->pos + len > buffer->length)
402 {
403 DWORD new_length = max( max( buffer->pos + len, buffer->length * 2 ), 64 );
404 BYTE *new_buffer;
405
406 if (!(new_buffer = realloc( buffer->buffer, new_length )))
407 {
408 ERR( "out of memory\n" );
409 buffer->error = TRUE;
410 return;
411 }
412
413 buffer->buffer = new_buffer;
414 buffer->length = new_length;
415 }
416
417 memcpy( &buffer->buffer[buffer->pos], data, len );
418 buffer->pos += len;
419 }
420
421 static void buffer_append_byte( struct buffer *buffer, BYTE value )
422 {
423 buffer_append( buffer, &value, sizeof(value) );
424 }
425
426 static void buffer_append_asn1_length( struct buffer *buffer, DWORD length )
427 {
428 DWORD num_bytes;
429
430 if (length < 128)
431 {
432 buffer_append_byte( buffer, length );
433 return;
434 }
435
436 if (length <= 0xff) num_bytes = 1;
437 else if (length <= 0xffff) num_bytes = 2;
438 else if (length <= 0xffffff) num_bytes = 3;
439 else num_bytes = 4;
440
441 buffer_append_byte( buffer, 0x80 | num_bytes );
442 while (num_bytes--) buffer_append_byte( buffer, length >> (num_bytes * 8) );
443 }
444
445 static void buffer_append_asn1_integer( struct buffer *buffer, BYTE *data, DWORD len )
446 {
447 DWORD leading_zero = (*data & 0x80) != 0;
448
449 buffer_append_byte( buffer, 0x02 ); /* tag */
450 buffer_append_asn1_length( buffer, len + leading_zero );
451 if (leading_zero) buffer_append_byte( buffer, 0 );
452 buffer_append( buffer, data, len );
453 }
454
455 static void buffer_append_asn1_sequence( struct buffer *buffer, struct buffer *content )
456 {
457 if (content->error)
458 {
459 buffer->error = TRUE;
460 return;
461 }
462
463 buffer_append_byte( buffer, 0x30 ); /* tag */
464 buffer_append_asn1_length( buffer, content->pos );
465 buffer_append( buffer, content->buffer, content->pos );
466 }
467
468 static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len, BYTE *s, DWORD s_len )
469 {
470 struct buffer value;
471
472 buffer_init( &value );
473 buffer_append_asn1_integer( &value, r, r_len );
474 buffer_append_asn1_integer( &value, s, s_len );
475 buffer_append_asn1_sequence( buffer, &value );
476 buffer_free( &value );
477 }
478
479 static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
480 {
481 switch (key->alg_id)
482 {
483 case ALG_ID_3DES:
484 WARN( "handle block size\n" );
485 switch (key->u.s.mode)
486 {
487 case MODE_ID_CBC:
488 return GNUTLS_CIPHER_3DES_CBC;
489 default:
490 break;
491 }
492 FIXME( "3DES mode %u with key length %u not supported\n", key->u.s.mode, key->u.s.secret_len );
493 return GNUTLS_CIPHER_UNKNOWN;
494
495 case ALG_ID_AES:
496 WARN( "handle block size\n" );
497 switch (key->u.s.mode)
498 {
499 case MODE_ID_GCM:
500 if (key->u.s.secret_len == 16) return GNUTLS_CIPHER_AES_128_GCM;
501 if (key->u.s.secret_len == 32) return GNUTLS_CIPHER_AES_256_GCM;
502 break;
503 case MODE_ID_ECB: /* can be emulated with CBC + empty IV */
504 case MODE_ID_CBC:
505 if (key->u.s.secret_len == 16) return GNUTLS_CIPHER_AES_128_CBC;
506 if (key->u.s.secret_len == 24) return GNUTLS_CIPHER_AES_192_CBC;
507 if (key->u.s.secret_len == 32) return GNUTLS_CIPHER_AES_256_CBC;
508 break;
509 case MODE_ID_CFB:
510 if (key->u.s.secret_len == 16) return GNUTLS_CIPHER_AES_128_CFB8;
511 if (key->u.s.secret_len == 24) return GNUTLS_CIPHER_AES_192_CFB8;
512 if (key->u.s.secret_len == 32) return GNUTLS_CIPHER_AES_256_CFB8;
513 break;
514 default:
515 break;
516 }
517 FIXME( "AES mode %u with key length %u not supported\n", key->u.s.mode, key->u.s.secret_len );
518 return GNUTLS_CIPHER_UNKNOWN;
519
520 default:
521 FIXME( "algorithm %u not supported\n", key->alg_id );
522 return GNUTLS_CIPHER_UNKNOWN;
523 }
524 }
525
526 static NTSTATUS key_symmetric_vector_reset( void *args )
527 {
528 struct key *key = args;
529
530 if (!key_data(key)->cipher) return STATUS_SUCCESS;
531 TRACE( "invalidating cipher handle\n" );
532 pgnutls_cipher_deinit( key_data(key)->cipher );
533 key_data(key)->cipher = NULL;
534 return STATUS_SUCCESS;
535 }
536
537 static NTSTATUS init_cipher_handle( struct key *key )
538 {
539 gnutls_cipher_algorithm_t cipher;
540 gnutls_datum_t secret, vector;
541 int ret;
542
543 if (key_data(key)->cipher) return STATUS_SUCCESS;
544 if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN) return STATUS_NOT_SUPPORTED;
545
546 secret.data = key->u.s.secret;
547 secret.size = key->u.s.secret_len;
548
549 vector.data = key->u.s.vector;
550 vector.size = key->u.s.vector_len;
551
552 if ((ret = pgnutls_cipher_init( &key_data(key)->cipher, cipher, &secret, key->u.s.vector ? &vector : NULL )))
553 {
554 pgnutls_perror( ret );
555 return STATUS_INTERNAL_ERROR;
556 }
557
558 return STATUS_SUCCESS;
559 }
560
561 static NTSTATUS key_symmetric_set_auth_data( void *args )
562 {
563 const struct key_symmetric_set_auth_data_params *params = args;
564 NTSTATUS status;
565 int ret;
566
567 if (!params->auth_data) return STATUS_SUCCESS;
568 if ((status = init_cipher_handle( params->key ))) return status;
569
570 if ((ret = pgnutls_cipher_add_auth( key_data(params->key)->cipher, params->auth_data, params->len )))
571 {
572 pgnutls_perror( ret );
573 return STATUS_INTERNAL_ERROR;
574 }
575 return STATUS_SUCCESS;
576 }
577
578 static NTSTATUS key_symmetric_encrypt( void *args )
579 {
580 const struct key_symmetric_encrypt_params *params = args;
581 NTSTATUS status;
582 int ret;
583
584 if ((status = init_cipher_handle( params->key ))) return status;
585
586 if ((ret = pgnutls_cipher_encrypt2( key_data(params->key)->cipher, params->input, params->input_len,
587 params->output, params->output_len )))
588 {
589 pgnutls_perror( ret );
590 return STATUS_INTERNAL_ERROR;
591 }
592 return STATUS_SUCCESS;
593 }
594
595 static NTSTATUS key_symmetric_decrypt( void *args )
596 {
597 const struct key_symmetric_decrypt_params *params = args;
598 NTSTATUS status;
599 int ret;
600
601 if ((status = init_cipher_handle( params->key ))) return status;
602
603 if ((ret = pgnutls_cipher_decrypt2( key_data(params->key)->cipher, params->input, params->input_len,
604 params->output, params->output_len )))
605 {
606 pgnutls_perror( ret );
607 return STATUS_INTERNAL_ERROR;
608 }
609 return STATUS_SUCCESS;
610 }
611
612 static NTSTATUS key_symmetric_get_tag( void *args )
613 {
614 const struct key_symmetric_get_tag_params *params = args;
615 NTSTATUS status;
616 int ret;
617
618 if ((status = init_cipher_handle( params->key ))) return status;
619
620 if ((ret = pgnutls_cipher_tag( key_data(params->key)->cipher, params->tag, params->len )))
621 {
622 pgnutls_perror( ret );
623 return STATUS_INTERNAL_ERROR;
624 }
625 return STATUS_SUCCESS;
626 }
627
628 static NTSTATUS key_symmetric_destroy( void *args )
629 {
630 struct key *key = args;
631
632 if (key_data(key)->cipher) pgnutls_cipher_deinit( key_data(key)->cipher );
633 return STATUS_SUCCESS;
634 }
635
636 static ULONG export_gnutls_datum( UCHAR *buffer, ULONG buflen, gnutls_datum_t *d, BOOL zero_pad )
637 {
638 ULONG size = d->size;
639 UCHAR *src = d->data;
640 ULONG offset = 0;
641
642 assert( size <= buflen + 1 );
643 if (size == buflen + 1)
644 {
645 assert( !src[0] );
646 src++;
647 size--;
648 }
649 if (zero_pad)
650 {
651 offset = buflen - size;
652 if (buffer) memset( buffer, 0, offset );
653 size = buflen;
654 }
655
656 if (buffer) memcpy( buffer + offset, src, size );
657 return size;
658 }
659
660 #define EXPORT_SIZE(d,f,p) export_gnutls_datum( NULL, key->u.a.bitlen / f, &d, p )
661 static NTSTATUS key_export_rsa_public( struct key *key, UCHAR *buf, ULONG len, ULONG *ret_len )
662 {
663 BCRYPT_RSAKEY_BLOB *rsa_blob = (BCRYPT_RSAKEY_BLOB *)buf;
664 gnutls_datum_t m, e;
665 UCHAR *dst;
666 int ret;
667
668 if (key_data(key)->a.pubkey)
669 ret = pgnutls_pubkey_export_rsa_raw( key_data(key)->a.pubkey, &m, &e );
670 else if (key_data(key)->a.privkey)
671 ret = pgnutls_privkey_export_rsa_raw( key_data(key)->a.privkey, &m, &e, NULL, NULL, NULL, NULL, NULL, NULL );
672 else
673 return STATUS_INVALID_PARAMETER;
674
675 if (ret)
676 {
677 pgnutls_perror( ret );
678 return STATUS_INTERNAL_ERROR;
679 }
680
681 *ret_len = sizeof(*rsa_blob) + EXPORT_SIZE(e,8,0) + EXPORT_SIZE(m,8,1);
682 if (len >= *ret_len && buf)
683 {
684 dst = (UCHAR *)(rsa_blob + 1);
685 rsa_blob->cbPublicExp = export_gnutls_datum( dst, key->u.a.bitlen / 8, &e, 0 );
686
687 dst += rsa_blob->cbPublicExp;
688 rsa_blob->cbModulus = export_gnutls_datum( dst, key->u.a.bitlen / 8, &m, 1 );
689
690 rsa_blob->Magic = BCRYPT_RSAPUBLIC_MAGIC;
691 rsa_blob->BitLength = key->u.a.bitlen;
692 rsa_blob->cbPrime1 = 0;
693 rsa_blob->cbPrime2 = 0;
694 }
695
696 free( e.data ); free( m.data );
697 return STATUS_SUCCESS;
698 }
699
700 static NTSTATUS key_export_ecc_public( struct key *key, UCHAR *buf, ULONG len, ULONG *ret_len )
701 {
702 BCRYPT_ECCKEY_BLOB *ecc_blob = (BCRYPT_ECCKEY_BLOB *)buf;
703 gnutls_ecc_curve_t curve;
704 gnutls_datum_t x, y;
705 DWORD magic, size;
706 UCHAR *dst;
707 int ret;
708
709 switch (key->alg_id)
710 {
711 case ALG_ID_ECDH_P256:
712 magic = BCRYPT_ECDH_PUBLIC_P256_MAGIC;
713 size = 32;
714 break;
715 case ALG_ID_ECDSA_P256:
716 magic = BCRYPT_ECDSA_PUBLIC_P256_MAGIC;
717 size = 32;
718 break;
719 default:
720 FIXME( "algorithm %u not supported\n", key->alg_id );
721 return STATUS_NOT_IMPLEMENTED;
722 }
723
724 if (key_data(key)->a.pubkey)
725 ret = pgnutls_pubkey_export_ecc_raw( key_data(key)->a.pubkey, &curve, &x, &y );
726 else if (key_data(key)->a.privkey)
727 ret = pgnutls_privkey_export_ecc_raw( key_data(key)->a.privkey, &curve, &x, &y, NULL );
728 else
729 return STATUS_INVALID_PARAMETER;
730
731 if (ret)
732 {
733 pgnutls_perror( ret );
734 return STATUS_INTERNAL_ERROR;
735 }
736
737 if (curve != GNUTLS_ECC_CURVE_SECP256R1)
738 {
739 FIXME( "curve %u not supported\n", curve );
740 free( x.data ); free( y.data );
741 return STATUS_NOT_IMPLEMENTED;
742 }
743
744 *ret_len = sizeof(*ecc_blob) + size * 2;
745 if (len >= *ret_len && buf)
746 {
747 ecc_blob->dwMagic = magic;
748 ecc_blob->cbKey = size;
749
750 dst = (UCHAR *)(ecc_blob + 1);
751 export_gnutls_datum( dst, size, &x, 1 );
752
753 dst += size;
754 export_gnutls_datum( dst, size, &y, 1 );
755 }
756
757 free( x.data ); free( y.data );
758 return STATUS_SUCCESS;
759 }
760
761 static NTSTATUS key_export_dsa_public( struct key *key, UCHAR *buf, ULONG len, ULONG *ret_len )
762 {
763 BCRYPT_DSA_KEY_BLOB *dsa_blob = (BCRYPT_DSA_KEY_BLOB *)buf;
764 gnutls_datum_t p, q, g, y;
765 UCHAR *dst;
766 int ret;
767
768 if (key_data(key)->a.pubkey)
769 ret = pgnutls_pubkey_export_dsa_raw( key_data(key)->a.pubkey, &p, &q, &g, &y );
770 else if (key_data(key)->a.privkey)
771 ret = pgnutls_privkey_export_dsa_raw( key_data(key)->a.privkey, &p, &q, &g, &y, NULL );
772 else
773 return STATUS_INVALID_PARAMETER;
774
775 if (ret)
776 {
777 pgnutls_perror( ret );
778 return STATUS_INTERNAL_ERROR;
779 }
780
781 if (key->u.a.bitlen > 1024)
782 {
783 FIXME( "bitlen > 1024 not supported\n" );
784 return STATUS_NOT_IMPLEMENTED;
785 }
786
787 *ret_len = sizeof(*dsa_blob) + key->u.a.bitlen / 8 * 3;
788 if (len >= *ret_len && buf)
789 {
790 dst = (UCHAR *)(dsa_blob + 1);
791 export_gnutls_datum( dst, key->u.a.bitlen / 8, &p, 1 );
792
793 dst += key->u.a.bitlen / 8;
794 export_gnutls_datum( dst, key->u.a.bitlen / 8, &g, 1 );
795
796 dst += key->u.a.bitlen / 8;
797 export_gnutls_datum( dst, key->u.a.bitlen / 8, &y, 1 );
798
799 dst = dsa_blob->q;
800 export_gnutls_datum( dst, sizeof(dsa_blob->q), &q, 1 );
801
802 dsa_blob->dwMagic = BCRYPT_DSA_PUBLIC_MAGIC;
803 dsa_blob->cbKey = key->u.a.bitlen / 8;
804 memset( dsa_blob->Count, 0, sizeof(dsa_blob->Count) ); /* FIXME */
805 memset( dsa_blob->Seed, 0, sizeof(dsa_blob->Seed) ); /* FIXME */
806 }
807
808 free( p.data ); free( q.data ); free( g.data ); free( y.data );
809 return STATUS_SUCCESS;
810 }
811
812 static void reverse_bytes( UCHAR *buf, ULONG len )
813 {
814 unsigned int i;
815 UCHAR tmp;
816
817 for (i = 0; i < len / 2; ++i)
818 {
819 tmp = buf[i];
820 buf[i] = buf[len - i - 1];
821 buf[len - i - 1] = tmp;
822 }
823 }
824
825 #define Q_SIZE 20
826 static NTSTATUS key_export_dsa_capi_public( struct key *key, UCHAR *buf, ULONG len, ULONG *ret_len )
827 {
828 BLOBHEADER *hdr = (BLOBHEADER *)buf;
829 DSSPUBKEY *dsskey;
830 gnutls_datum_t p, q, g, y;
831 UCHAR *dst;
832 int ret, size = sizeof(*hdr) + sizeof(*dsskey) + sizeof(key->u.a.dss_seed);
833
834 if (key->u.a.bitlen > 1024)
835 {
836 FIXME( "bitlen > 1024 not supported\n" );
837 return STATUS_NOT_IMPLEMENTED;
838 }
839
840 if (key_data(key)->a.pubkey)
841 ret = pgnutls_pubkey_export_dsa_raw( key_data(key)->a.pubkey, &p, &q, &g, &y );
842 else if (key_data(key)->a.privkey)
843 ret = pgnutls_privkey_export_dsa_raw( key_data(key)->a.privkey, &p, &q, &g, &y, NULL );
844 else
845 return STATUS_INVALID_PARAMETER;
846
847 if (ret)
848 {
849 pgnutls_perror( ret );
850 return STATUS_INTERNAL_ERROR;
851 }
852
853 *ret_len = size + key->u.a.bitlen / 8 * 3 + Q_SIZE;
854 if (len >= *ret_len && buf)
855 {
856 hdr->bType = PUBLICKEYBLOB;
857 hdr->bVersion = 2;
858 hdr->reserved = 0;
859 hdr->aiKeyAlg = CALG_DSS_SIGN;
860
861 dsskey = (DSSPUBKEY *)(hdr + 1);
862 dsskey->magic = MAGIC_DSS1;
863 dsskey->bitlen = key->u.a.bitlen;
864
865 dst = (UCHAR *)(dsskey + 1);
866 export_gnutls_datum( dst, key->u.a.bitlen / 8, &p, 1 );
867 reverse_bytes( dst, key->u.a.bitlen / 8 );
868 dst += key->u.a.bitlen / 8;
869
870 export_gnutls_datum( dst, Q_SIZE, &q, 1 );
871 reverse_bytes( dst, Q_SIZE );
872 dst += Q_SIZE;
873
874 export_gnutls_datum( dst, key->u.a.bitlen / 8, &g, 1 );
875 reverse_bytes( dst, key->u.a.bitlen / 8 );
876 dst += key->u.a.bitlen / 8;
877
878 export_gnutls_datum( dst, key->u.a.bitlen / 8, &y, 1 );
879 reverse_bytes( dst, key->u.a.bitlen / 8 );
880 dst += key->u.a.bitlen / 8;
881
882 memcpy( dst, &key->u.a.dss_seed, sizeof(key->u.a.dss_seed) );
883 }
884
885 free( p.data ); free( q.data ); free( g.data ); free( y.data );
886 return STATUS_SUCCESS;
887 }
888
889 static NTSTATUS key_asymmetric_generate( void *args )
890 {
891 struct key *key = args;
892 gnutls_pk_algorithm_t pk_alg;
893 gnutls_privkey_t privkey;
894 gnutls_pubkey_t pubkey;
895 unsigned int bitlen;
896 int ret;
897
898 if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
899 if (key_data(key)->a.privkey) return STATUS_INVALID_HANDLE;
900
901 switch (key->alg_id)
902 {
903 case ALG_ID_RSA:
904 case ALG_ID_RSA_SIGN:
905 pk_alg = GNUTLS_PK_RSA;
906 bitlen = key->u.a.bitlen;
907 break;
908
909 case ALG_ID_DSA:
910 pk_alg = GNUTLS_PK_DSA;
911 bitlen = key->u.a.bitlen;
912 break;
913
914 case ALG_ID_ECDH_P256:
915 case ALG_ID_ECDSA_P256:
916 pk_alg = GNUTLS_PK_ECC; /* compatible with ECDSA and ECDH */
917 bitlen = GNUTLS_CURVE_TO_BITS( GNUTLS_ECC_CURVE_SECP256R1 );
918 break;
919
920 default:
921 FIXME( "algorithm %u not supported\n", key->alg_id );
922 return STATUS_NOT_SUPPORTED;
923 }
924
925 if ((ret = pgnutls_privkey_init( &privkey )))
926 {
927 pgnutls_perror( ret );
928 return STATUS_INTERNAL_ERROR;
929 }
930 if ((ret = pgnutls_pubkey_init( &pubkey )))
931 {
932 pgnutls_perror( ret );
933 pgnutls_privkey_deinit( privkey );
934 return STATUS_INTERNAL_ERROR;
935 }
936
937 if ((ret = pgnutls_privkey_generate( privkey, pk_alg, bitlen, 0 )))
938 {
939 pgnutls_perror( ret );
940 pgnutls_privkey_deinit( privkey );
941 pgnutls_pubkey_deinit( pubkey );
942 return STATUS_INTERNAL_ERROR;
943 }
944 if ((ret = pgnutls_pubkey_import_privkey( pubkey, privkey, 0, 0 )))
945 {
946 pgnutls_perror( ret );
947 pgnutls_privkey_deinit( privkey );
948 pgnutls_pubkey_deinit( pubkey );
949 return STATUS_INTERNAL_ERROR;
950 }
951
952 key_data(key)->a.privkey = privkey;
953 key_data(key)->a.pubkey = pubkey;
954 return STATUS_SUCCESS;
955 }
956
957 static NTSTATUS key_export_ecc( struct key *key, UCHAR *buf, ULONG len, ULONG *ret_len )
958 {
959 BCRYPT_ECCKEY_BLOB *ecc_blob;
960 gnutls_ecc_curve_t curve;
961 gnutls_datum_t x, y, d;
962 DWORD magic, size;
963 UCHAR *dst;
964 int ret;
965
966 switch (key->alg_id)
967 {
968 case ALG_ID_ECDH_P256:
969 magic = BCRYPT_ECDH_PRIVATE_P256_MAGIC;
970 size = 32;
971 break;
972 case ALG_ID_ECDSA_P256:
973 magic = BCRYPT_ECDSA_PRIVATE_P256_MAGIC;
974 size = 32;
975 break;
976
977 default:
978 FIXME( "algorithm %u does not yet support exporting ecc blob\n", key->alg_id );
979 return STATUS_NOT_IMPLEMENTED;
980 }
981
982 if (!key_data(key)->a.privkey) return STATUS_INVALID_PARAMETER;
983
984 if ((ret = pgnutls_privkey_export_ecc_raw( key_data(key)->a.privkey, &curve, &x, &y, &d )))
985 {
986 pgnutls_perror( ret );
987 return STATUS_INTERNAL_ERROR;
988 }
989
990 if (curve != GNUTLS_ECC_CURVE_SECP256R1)
991 {
992 FIXME( "curve %u not supported\n", curve );
993 free( x.data ); free( y.data ); free( d.data );
994 return STATUS_NOT_IMPLEMENTED;
995 }
996
997 *ret_len = sizeof(*ecc_blob) + size * 3;
998 if (len >= *ret_len && buf)
999 {
1000 ecc_blob = (BCRYPT_ECCKEY_BLOB *)buf;
1001 ecc_blob->dwMagic = magic;
1002 ecc_blob->cbKey = size;
1003
1004 dst = (UCHAR *)(ecc_blob + 1);
1005 export_gnutls_datum( dst, size, &x, 1 );
1006 dst += size;
1007
1008 export_gnutls_datum( dst, size, &y, 1 );
1009 dst += size;
1010
1011 export_gnutls_datum( dst, size, &d, 1 );
1012 }
1013
1014 free( x.data ); free( y.data ); free( d.data );
1015 return STATUS_SUCCESS;
1016 }
1017
1018 static NTSTATUS key_import_ecc( struct key *key, UCHAR *buf, ULONG len )
1019 {
1020 BCRYPT_ECCKEY_BLOB *ecc_blob;
1021 gnutls_ecc_curve_t curve;
1022 gnutls_privkey_t handle;
1023 gnutls_datum_t x, y, k;
1024 int ret;
1025
1026 switch (key->alg_id)
1027 {
1028 case ALG_ID_ECDH_P256:
1029 case ALG_ID_ECDSA_P256:
1030 curve = GNUTLS_ECC_CURVE_SECP256R1;
1031 break;
1032
1033 default:
1034 FIXME( "algorithm %u not yet supported\n", key->alg_id );
1035 return STATUS_NOT_IMPLEMENTED;
1036 }
1037
1038 if ((ret = pgnutls_privkey_init( &handle )))
1039 {
1040 pgnutls_perror( ret );
1041 return STATUS_INTERNAL_ERROR;
1042 }
1043
1044 ecc_blob = (BCRYPT_ECCKEY_BLOB *)buf;
1045 x.data = (unsigned char *)(ecc_blob + 1);
1046 x.size = ecc_blob->cbKey;
1047 y.data = x.data + ecc_blob->cbKey;
1048 y.size = ecc_blob->cbKey;
1049 k.data = y.data + ecc_blob->cbKey;
1050 k.size = ecc_blob->cbKey;
1051
1052 if ((ret = pgnutls_privkey_import_ecc_raw( handle, curve, &x, &y, &k )))
1053 {
1054 pgnutls_perror( ret );
1055 pgnutls_privkey_deinit( handle );
1056 return STATUS_INTERNAL_ERROR;
1057 }
1058
1059 if (key_data(key)->a.privkey) pgnutls_privkey_deinit( key_data(key)->a.privkey );
1060 key_data(key)->a.privkey = handle;
1061 return STATUS_SUCCESS;
1062 }
1063
1064 static NTSTATUS key_export_rsa( struct key *key, ULONG flags, UCHAR *buf, ULONG len, ULONG *ret_len )
1065 {
1066 BCRYPT_RSAKEY_BLOB *rsa_blob;
1067 gnutls_datum_t m, e, d, p, q, u, e1, e2;
1068 ULONG bitlen = key->u.a.bitlen;
1069 BOOL full = (flags & KEY_EXPORT_FLAG_RSA_FULL);
1070 UCHAR *dst;
1071 int ret;
1072
1073 if (!key_data(key)->a.privkey) return STATUS_INVALID_PARAMETER;
1074
1075 if ((ret = pgnutls_privkey_export_rsa_raw( key_data(key)->a.privkey, &m, &e, &d, &p, &q, &u, &e1, &e2 )))
1076 {
1077 pgnutls_perror( ret );
1078 return STATUS_INTERNAL_ERROR;
1079 }
1080
1081 *ret_len = sizeof(*rsa_blob) + EXPORT_SIZE(e,8,0) + EXPORT_SIZE(m,8,1) + EXPORT_SIZE(p,16,1) + EXPORT_SIZE(q,16,1);
1082 if (full) *ret_len += EXPORT_SIZE(e1,16,1) + EXPORT_SIZE(e2,16,1) + EXPORT_SIZE(u,16,1) + EXPORT_SIZE(d,8,1);
1083
1084 if (len >= *ret_len && buf)
1085 {
1086 rsa_blob = (BCRYPT_RSAKEY_BLOB *)buf;
1087 rsa_blob->Magic = full ? BCRYPT_RSAFULLPRIVATE_MAGIC : BCRYPT_RSAPRIVATE_MAGIC;
1088 rsa_blob->BitLength = bitlen;
1089
1090 dst = (UCHAR *)(rsa_blob + 1);
1091 rsa_blob->cbPublicExp = export_gnutls_datum( dst, bitlen / 8, &e, 0 );
1092
1093 dst += rsa_blob->cbPublicExp;
1094 rsa_blob->cbModulus = export_gnutls_datum( dst, bitlen / 8, &m, 1 );
1095
1096 dst += rsa_blob->cbModulus;
1097 rsa_blob->cbPrime1 = export_gnutls_datum( dst, bitlen / 16, &p, 1 );
1098
1099 dst += rsa_blob->cbPrime1;
1100 rsa_blob->cbPrime2 = export_gnutls_datum( dst, bitlen / 16, &q, 1 );
1101
1102 if (full)
1103 {
1104 dst += rsa_blob->cbPrime2;
1105 export_gnutls_datum( dst, bitlen / 16, &e1, 1 );
1106
1107 dst += rsa_blob->cbPrime1;
1108 export_gnutls_datum( dst, bitlen / 16, &e2, 1 );
1109
1110 dst += rsa_blob->cbPrime2;
1111 export_gnutls_datum( dst, bitlen / 16, &u, 1 );
1112
1113 dst += rsa_blob->cbPrime1;
1114 export_gnutls_datum( dst, bitlen / 8, &d, 1 );
1115 }
1116 }
1117
1118 free( m.data ); free( e.data ); free( d.data ); free( p.data ); free( q.data ); free( u.data );
1119 free( e1.data ); free( e2.data );
1120 return STATUS_SUCCESS;
1121 }
1122
1123 static NTSTATUS key_import_rsa( struct key *key, UCHAR *buf, ULONG len )
1124 {
1125 BCRYPT_RSAKEY_BLOB *rsa_blob = (BCRYPT_RSAKEY_BLOB *)buf;
1126 gnutls_datum_t m, e, p, q;
1127 gnutls_privkey_t handle;
1128 int ret;
1129
1130 if ((ret = pgnutls_privkey_init( &handle )))
1131 {
1132 pgnutls_perror( ret );
1133 return STATUS_INTERNAL_ERROR;
1134 }
1135
1136 e.data = (unsigned char *)(rsa_blob + 1);
1137 e.size = rsa_blob->cbPublicExp;
1138 m.data = e.data + e.size;
1139 m.size = rsa_blob->cbModulus;
1140 p.data = m.data + m.size;
1141 p.size = rsa_blob->cbPrime1;
1142 q.data = p.data + p.size;
1143 q.size = rsa_blob->cbPrime2;
1144
1145 if ((ret = pgnutls_privkey_import_rsa_raw( handle, &m, &e, NULL, &p, &q, NULL, NULL, NULL )))
1146 {
1147 pgnutls_perror( ret );
1148 pgnutls_privkey_deinit( handle );
1149 return STATUS_INTERNAL_ERROR;
1150 }
1151
1152 if (key_data(key)->a.privkey) pgnutls_privkey_deinit( key_data(key)->a.privkey );
1153 key_data(key)->a.privkey = handle;
1154 return STATUS_SUCCESS;
1155 }
1156
1157 static NTSTATUS key_export_dsa_capi( struct key *key, UCHAR *buf, ULONG len, ULONG *ret_len )
1158 {
1159 BLOBHEADER *hdr;
1160 DSSPUBKEY *pubkey;
1161 gnutls_datum_t p, q, g, y, x;
1162 UCHAR *dst;
1163 int ret, size;
1164
1165 if (!key_data(key)->a.privkey) return STATUS_INVALID_PARAMETER;
1166
1167 if ((ret = pgnutls_privkey_export_dsa_raw( key_data(key)->a.privkey, &p, &q, &g, &y, &x )))
1168 {
1169 pgnutls_perror( ret );
1170 return STATUS_INTERNAL_ERROR;
1171 }
1172
1173 if (q.size > 21 || x.size > 21)
1174 {
1175 ERR( "can't export key in this format\n" );
1176 free( p.data ); free( q.data ); free( g.data ); free( y.data ); free( x.data );
1177 return STATUS_NOT_SUPPORTED;
1178 }
1179
1180 size = key->u.a.bitlen / 8;
1181 *ret_len = sizeof(*hdr) + sizeof(*pubkey) + size * 2 + 40 + sizeof(key->u.a.dss_seed);
1182 if (len >= *ret_len && buf)
1183 {
1184 hdr = (BLOBHEADER *)buf;
1185 hdr->bType = PRIVATEKEYBLOB;
1186 hdr->bVersion = 2;
1187 hdr->reserved = 0;
1188 hdr->aiKeyAlg = CALG_DSS_SIGN;
1189
1190 pubkey = (DSSPUBKEY *)(hdr + 1);
1191 pubkey->magic = MAGIC_DSS2;
1192 pubkey->bitlen = key->u.a.bitlen;
1193
1194 dst = (UCHAR *)(pubkey + 1);
1195 export_gnutls_datum( dst, size, &p, 1 );
1196 reverse_bytes( dst, size );
1197 dst += size;
1198
1199 export_gnutls_datum( dst, 20, &q, 1 );
1200 reverse_bytes( dst, 20 );
1201 dst += 20;
1202
1203 export_gnutls_datum( dst, size, &g, 1 );
1204 reverse_bytes( dst, size );
1205 dst += size;
1206
1207 export_gnutls_datum( dst, 20, &x, 1 );
1208 reverse_bytes( dst, 20 );
1209 dst += 20;
1210
1211 memcpy( dst, &key->u.a.dss_seed, sizeof(key->u.a.dss_seed) );
1212 }
1213
1214 free( p.data ); free( q.data ); free( g.data ); free( y.data ); free( x.data );
1215 return STATUS_SUCCESS;
1216 }
1217
1218 static NTSTATUS key_import_dsa_capi( struct key *key, UCHAR *buf, ULONG len )
1219 {
1220 BLOBHEADER *hdr = (BLOBHEADER *)buf;
1221 DSSPUBKEY *pubkey;
1222 gnutls_privkey_t handle;
1223 gnutls_datum_t p, q, g, x;
1224 unsigned char *data, p_data[128], q_data[20], g_data[128], x_data[20];
1225 int i, ret, size;
1226
1227 if ((ret = pgnutls_privkey_init( &handle )))
1228 {
1229 pgnutls_perror( ret );
1230 return STATUS_INTERNAL_ERROR;
1231 }
1232
1233 pubkey = (DSSPUBKEY *)(hdr + 1);
1234 if ((size = pubkey->bitlen / 8) > sizeof(p_data))
1235 {
1236 FIXME( "size %u not supported\n", size );
1237 pgnutls_privkey_deinit( handle );
1238 return STATUS_NOT_SUPPORTED;
1239 }
1240 data = (unsigned char *)(pubkey + 1);
1241
1242 p.data = p_data;
1243 p.size = size;
1244 for (i = 0; i < p.size; i++) p.data[i] = data[p.size - i - 1];
1245 data += p.size;
1246
1247 q.data = q_data;
1248 q.size = sizeof(q_data);
1249 for (i = 0; i < q.size; i++) q.data[i] = data[q.size - i - 1];
1250 data += q.size;
1251
1252 g.data = g_data;
1253 g.size = size;
1254 for (i = 0; i < g.size; i++) g.data[i] = data[g.size - i - 1];
1255 data += g.size;
1256
1257 x.data = x_data;
1258 x.size = sizeof(x_data);
1259 for (i = 0; i < x.size; i++) x.data[i] = data[x.size - i - 1];
1260 data += x.size;
1261
1262 if ((ret = pgnutls_privkey_import_dsa_raw( handle, &p, &q, &g, NULL, &x )))
1263 {
1264 pgnutls_perror( ret );
1265 pgnutls_privkey_deinit( handle );
1266 return STATUS_INTERNAL_ERROR;
1267 }
1268
1269 memcpy( &key->u.a.dss_seed, data, sizeof(key->u.a.dss_seed) );
1270
1271 if (key_data(key)->a.privkey) pgnutls_privkey_deinit( key_data(key)->a.privkey );
1272 key_data(key)->a.privkey = handle;
1273 return STATUS_SUCCESS;
1274 }
1275
1276 static NTSTATUS key_import_ecc_public( struct key *key, UCHAR *buf, ULONG len )
1277 {
1278 BCRYPT_ECCKEY_BLOB *ecc_blob;
1279 gnutls_ecc_curve_t curve;
1280 gnutls_datum_t x, y;
1281 gnutls_pubkey_t handle;
1282 int ret;
1283
1284 switch (key->alg_id)
1285 {
1286 case ALG_ID_ECDH_P256:
1287 case ALG_ID_ECDSA_P256: curve = GNUTLS_ECC_CURVE_SECP256R1; break;
1288 case ALG_ID_ECDSA_P384: curve = GNUTLS_ECC_CURVE_SECP384R1; break;
1289
1290 default:
1291 FIXME( "algorithm %u not yet supported\n", key->alg_id );
1292 return STATUS_NOT_IMPLEMENTED;
1293 }
1294
1295 if ((ret = pgnutls_pubkey_init( &handle )))
1296 {
1297 pgnutls_perror( ret );
1298 return STATUS_INTERNAL_ERROR;
1299 }
1300
1301 ecc_blob = (BCRYPT_ECCKEY_BLOB *)buf;
1302 x.data = buf + sizeof(*ecc_blob);
1303 x.size = ecc_blob->cbKey;
1304 y.data = buf + sizeof(*ecc_blob) + ecc_blob->cbKey;
1305 y.size = ecc_blob->cbKey;
1306
1307 if ((ret = pgnutls_pubkey_import_ecc_raw( handle, curve, &x, &y )))
1308 {
1309 pgnutls_perror( ret );
1310 pgnutls_pubkey_deinit( handle );
1311 return STATUS_INTERNAL_ERROR;
1312 }
1313
1314 if (key_data(key)->a.pubkey) pgnutls_pubkey_deinit( key_data(key)->a.pubkey );
1315 key_data(key)->a.pubkey = handle;
1316 return STATUS_SUCCESS;
1317 }
1318
1319 static NTSTATUS key_import_rsa_public( struct key *key, UCHAR *buf, ULONG len )
1320 {
1321 BCRYPT_RSAKEY_BLOB *rsa_blob;
1322 gnutls_pubkey_t handle;
1323 gnutls_datum_t m, e;
1324 int ret;
1325
1326 if ((ret = pgnutls_pubkey_init( &handle )))
1327 {
1328 pgnutls_perror( ret );
1329 return STATUS_INTERNAL_ERROR;
1330 }
1331
1332 rsa_blob = (BCRYPT_RSAKEY_BLOB *)buf;
1333 e.data = buf + sizeof(*rsa_blob);
1334 e.size = rsa_blob->cbPublicExp;
1335 m.data = buf + sizeof(*rsa_blob) + rsa_blob->cbPublicExp;
1336 m.size = rsa_blob->cbModulus;
1337
1338 if ((ret = pgnutls_pubkey_import_rsa_raw( handle, &m, &e )))
1339 {
1340 pgnutls_perror( ret );
1341 pgnutls_pubkey_deinit( handle );
1342 return STATUS_INTERNAL_ERROR;
1343 }
1344
1345 if (key_data(key)->a.pubkey) pgnutls_pubkey_deinit( key_data(key)->a.pubkey );
1346 key_data(key)->a.pubkey = handle;
1347 return STATUS_SUCCESS;
1348 }
1349
1350 static NTSTATUS key_import_dsa_public( struct key *key, UCHAR *buf, ULONG len )
1351 {
1352 BCRYPT_DSA_KEY_BLOB *dsa_blob;
1353 gnutls_datum_t p, q, g, y;
1354 gnutls_pubkey_t handle;
1355 int ret;
1356
1357 if ((ret = pgnutls_pubkey_init( &handle )))
1358 {
1359 pgnutls_perror( ret );
1360 return STATUS_INTERNAL_ERROR;
1361 }
1362
1363 dsa_blob = (BCRYPT_DSA_KEY_BLOB *)buf;
1364 p.data = buf + sizeof(*dsa_blob);
1365 p.size = dsa_blob->cbKey;
1366 q.data = dsa_blob->q;
1367 q.size = sizeof(dsa_blob->q);
1368 g.data = buf + sizeof(*dsa_blob) + dsa_blob->cbKey;
1369 g.size = dsa_blob->cbKey;
1370 y.data = buf + sizeof(*dsa_blob) + dsa_blob->cbKey * 2;
1371 y.size = dsa_blob->cbKey;
1372
1373 if ((ret = pgnutls_pubkey_import_dsa_raw( handle, &p, &q, &g, &y )))
1374 {
1375 pgnutls_perror( ret );
1376 pgnutls_pubkey_deinit( handle );
1377 return STATUS_INTERNAL_ERROR;
1378 }
1379
1380 if (key_data(key)->a.pubkey) pgnutls_pubkey_deinit( key_data(key)->a.pubkey );
1381 key_data(key)->a.pubkey = handle;
1382 return STATUS_SUCCESS;
1383 }
1384
1385 static NTSTATUS key_import_dsa_capi_public( struct key *key, UCHAR *buf, ULONG len )
1386 {
1387 BLOBHEADER *hdr;
1388 DSSPUBKEY *pubkey;
1389 gnutls_datum_t p, q, g, y;
1390 gnutls_pubkey_t handle;
1391 unsigned char *data, p_data[128], q_data[20], g_data[128], y_data[128];
1392 int i, ret, size;
1393
1394 if ((ret = pgnutls_pubkey_init( &handle )))
1395 {
1396 pgnutls_perror( ret );
1397 return STATUS_INTERNAL_ERROR;
1398 }
1399
1400 hdr = (BLOBHEADER *)buf;
1401 pubkey = (DSSPUBKEY *)(hdr + 1);
1402 size = pubkey->bitlen / 8;
1403 data = (unsigned char *)(pubkey + 1);
1404
1405 p.data = p_data;
1406 p.size = size;
1407 for (i = 0; i < p.size; i++) p.data[i] = data[p.size - i - 1];
1408 data += p.size;
1409
1410 q.data = q_data;
1411 q.size = sizeof(q_data);
1412 for (i = 0; i < q.size; i++) q.data[i] = data[q.size - i - 1];
1413 data += q.size;
1414
1415 g.data = g_data;
1416 g.size = size;
1417 for (i = 0; i < g.size; i++) g.data[i] = data[g.size - i - 1];
1418 data += g.size;
1419
1420 y.data = y_data;
1421 y.size = sizeof(y_data);
1422 for (i = 0; i < y.size; i++) y.data[i] = data[y.size - i - 1];
1423
1424 if ((ret = pgnutls_pubkey_import_dsa_raw( handle, &p, &q, &g, &y )))
1425 {
1426 pgnutls_perror( ret );
1427 pgnutls_pubkey_deinit( handle );
1428 return STATUS_INTERNAL_ERROR;
1429 }
1430
1431 if (key_data(key)->a.pubkey) pgnutls_pubkey_deinit( key_data(key)->a.pubkey );
1432 key_data(key)->a.pubkey = handle;
1433 return STATUS_SUCCESS;
1434 }
1435
1436 static NTSTATUS key_asymmetric_export( void *args )
1437 {
1438 const struct key_asymmetric_export_params *params = args;
1439 struct key *key = params->key;
1440 unsigned flags = params->flags;
1441
1442 switch (key->alg_id)
1443 {
1444 case ALG_ID_ECDH_P256:
1445 case ALG_ID_ECDSA_P256:
1446 case ALG_ID_ECDSA_P384:
1447 if (flags & KEY_EXPORT_FLAG_PUBLIC)
1448 return key_export_ecc_public( key, params->buf, params->len, params->ret_len );
1449 return key_export_ecc( key, params->buf, params->len, params->ret_len );
1450
1451 case ALG_ID_RSA:
1452 case ALG_ID_RSA_SIGN:
1453 if (flags & KEY_EXPORT_FLAG_PUBLIC)
1454 return key_export_rsa_public( key, params->buf, params->len, params->ret_len );
1455 return key_export_rsa( key, flags, params->buf, params->len, params->ret_len );
1456
1457 case ALG_ID_DSA:
1458 if (flags & KEY_EXPORT_FLAG_PUBLIC)
1459 {
1460 if (key->u.a.flags & KEY_FLAG_LEGACY_DSA_V2)
1461 return key_export_dsa_capi_public( key, params->buf, params->len, params->ret_len );
1462 return key_export_dsa_public( key, params->buf, params->len, params->ret_len );
1463 }
1464 if (key->u.a.flags & KEY_FLAG_LEGACY_DSA_V2)
1465 return key_export_dsa_capi( key, params->buf, params->len, params->ret_len );
1466 return STATUS_NOT_IMPLEMENTED;
1467
1468 default:
1469 FIXME( "algorithm %u not yet supported\n", key->alg_id );
1470 return STATUS_NOT_IMPLEMENTED;
1471 }
1472 }
1473
1474 static NTSTATUS key_asymmetric_import( void *args )
1475 {
1476 const struct key_asymmetric_import_params *params = args;
1477 struct key *key = params->key;
1478 unsigned flags = params->flags;
1479
1480 switch (key->alg_id)
1481 {
1482 case ALG_ID_ECDH_P256:
1483 case ALG_ID_ECDSA_P256:
1484 case ALG_ID_ECDSA_P384:
1485 if (flags & KEY_IMPORT_FLAG_PUBLIC)
1486 return key_import_ecc_public( key, params->buf, params->len );
1487 return key_import_ecc( key, params->buf, params->len );
1488
1489 case ALG_ID_RSA:
1490 case ALG_ID_RSA_SIGN:
1491 if (flags & KEY_IMPORT_FLAG_PUBLIC)
1492 return key_import_rsa_public( key, params->buf, params->len );
1493 return key_import_rsa( key, params->buf, params->len );
1494
1495 case ALG_ID_DSA:
1496 if (flags & KEY_IMPORT_FLAG_PUBLIC)
1497 {
1498 if (key->u.a.flags & KEY_FLAG_LEGACY_DSA_V2)
1499 return key_import_dsa_capi_public( key, params->buf, params->len );
1500 return key_import_dsa_public( key, params->buf, params->len );
1501 }
1502 if (key->u.a.flags & KEY_FLAG_LEGACY_DSA_V2)
1503 return key_import_dsa_capi( key, params->buf, params->len );
1504 FIXME( "DSA private key not supported\n" );
1505 return STATUS_NOT_IMPLEMENTED;
1506
1507 default:
1508 FIXME( "algorithm %u not yet supported\n", key->alg_id );
1509 return STATUS_NOT_IMPLEMENTED;
1510 }
1511 }
1512
1513 static NTSTATUS prepare_gnutls_signature_dsa( struct key *key, UCHAR *signature, ULONG signature_len,
1514 gnutls_datum_t *gnutls_signature )
1515 {
1516 struct buffer buffer;
1517 DWORD r_len = signature_len / 2;
1518 DWORD s_len = r_len;
1519 BYTE *r = signature;
1520 BYTE *s = signature + r_len;
1521
1522 buffer_init( &buffer );
1523 buffer_append_asn1_r_s( &buffer, r, r_len, s, s_len );
1524 if (buffer.error)
1525 {
1526 buffer_free( &buffer );
1527 return STATUS_NO_MEMORY;
1528 }
1529
1530 gnutls_signature->data = buffer.buffer;
1531 gnutls_signature->size = buffer.pos;
1532 return STATUS_SUCCESS;
1533 }
1534
1535 static NTSTATUS prepare_gnutls_signature_rsa( struct key *key, UCHAR *signature, ULONG signature_len,
1536 gnutls_datum_t *gnutls_signature )
1537 {
1538 gnutls_signature->data = signature;
1539 gnutls_signature->size = signature_len;
1540 return STATUS_SUCCESS;
1541 }
1542
1543 static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULONG signature_len,
1544 gnutls_datum_t *gnutls_signature )
1545 {
1546 switch (key->alg_id)
1547 {
1548 case ALG_ID_ECDSA_P256:
1549 case ALG_ID_ECDSA_P384:
1550 case ALG_ID_DSA:
1551 return prepare_gnutls_signature_dsa( key, signature, signature_len, gnutls_signature );
1552
1553 case ALG_ID_RSA:
1554 case ALG_ID_RSA_SIGN:
1555 return prepare_gnutls_signature_rsa( key, signature, signature_len, gnutls_signature );
1556
1557 default:
1558 FIXME( "algorithm %u not yet supported\n", key->alg_id );
1559 return STATUS_NOT_IMPLEMENTED;
1560 }
1561 }
1562
1563 static gnutls_digest_algorithm_t get_digest_from_id( const WCHAR *alg_id )
1564 {
1565 if (!wcscmp( alg_id, BCRYPT_SHA1_ALGORITHM )) return GNUTLS_DIG_SHA1;
1566 if (!wcscmp( alg_id, BCRYPT_SHA256_ALGORITHM )) return GNUTLS_DIG_SHA256;
1567 if (!wcscmp( alg_id, BCRYPT_SHA384_ALGORITHM )) return GNUTLS_DIG_SHA384;
1568 if (!wcscmp( alg_id, BCRYPT_SHA512_ALGORITHM )) return GNUTLS_DIG_SHA512;
1569 if (!wcscmp( alg_id, BCRYPT_MD2_ALGORITHM )) return GNUTLS_DIG_MD2;
1570 if (!wcscmp( alg_id, BCRYPT_MD5_ALGORITHM )) return GNUTLS_DIG_MD5;
1571 return GNUTLS_DIG_UNKNOWN;
1572 }
1573
1574 static NTSTATUS key_asymmetric_verify( void *args )
1575 {
1576 const struct key_asymmetric_verify_params *params = args;
1577 struct key *key = params->key;
1578 unsigned flags = params->flags;
1579 gnutls_digest_algorithm_t hash_alg;
1580 gnutls_sign_algorithm_t sign_alg;
1581 gnutls_datum_t gnutls_hash, gnutls_signature;
1582 gnutls_pk_algorithm_t pk_alg;
1583 NTSTATUS status;
1584 int ret;
1585
1586 switch (key->alg_id)
1587 {
1588 case ALG_ID_ECDSA_P256:
1589 case ALG_ID_ECDSA_P384:
1590 {
1591 if (flags) FIXME( "flags %#x not supported\n", flags );
1592
1593 /* only the hash size must match, not the actual hash function */
1594 switch (params->hash_len)
1595 {
1596 case 20: hash_alg = GNUTLS_DIG_SHA1; break;
1597 case 32: hash_alg = GNUTLS_DIG_SHA256; break;
1598 case 48: hash_alg = GNUTLS_DIG_SHA384; break;
1599
1600 default:
1601 FIXME( "hash size %u not yet supported\n", params->hash_len );
1602 return STATUS_INVALID_SIGNATURE;
1603 }
1604 pk_alg = GNUTLS_PK_ECC;
1605 break;
1606 }
1607 case ALG_ID_RSA:
1608 case ALG_ID_RSA_SIGN:
1609 {
1610 BCRYPT_PKCS1_PADDING_INFO *info = params->padding;
1611
1612 if (!(flags & BCRYPT_PAD_PKCS1) || !info) return STATUS_INVALID_PARAMETER;
1613 if (!info->pszAlgId) return STATUS_INVALID_SIGNATURE;
1614
1615 if ((hash_alg = get_digest_from_id(info->pszAlgId)) == GNUTLS_DIG_UNKNOWN)
1616 {
1617 FIXME( "hash algorithm %s not supported\n", debugstr_w(info->pszAlgId) );
1618 return STATUS_NOT_SUPPORTED;
1619 }
1620 pk_alg = GNUTLS_PK_RSA;
1621 break;
1622 }
1623 case ALG_ID_DSA:
1624 {
1625 if (flags) FIXME( "flags %#x not supported\n", flags );
1626 if (params->hash_len != 20)
1627 {
1628 FIXME( "hash size %u not supported\n", params->hash_len );
1629 return STATUS_INVALID_PARAMETER;
1630 }
1631 hash_alg = GNUTLS_DIG_SHA1;
1632 pk_alg = GNUTLS_PK_DSA;
1633 break;
1634 }
1635 default:
1636 FIXME( "algorithm %u not yet supported\n", key->alg_id );
1637 return STATUS_NOT_IMPLEMENTED;
1638 }
1639
1640 if ((sign_alg = pgnutls_pk_to_sign( pk_alg, hash_alg )) == GNUTLS_SIGN_UNKNOWN)
1641 {
1642 FIXME("GnuTLS does not support algorithm %u with hash len %u\n", key->alg_id, params->hash_len );
1643 return STATUS_NOT_IMPLEMENTED;
1644 }
1645
1646 if ((status = prepare_gnutls_signature( key, params->signature, params->signature_len, &gnutls_signature )))
1647 return status;
1648
1649 gnutls_hash.data = params->hash;
1650 gnutls_hash.size = params->hash_len;
1651 ret = pgnutls_pubkey_verify_hash2( key_data(key)->a.pubkey, sign_alg, 0, &gnutls_hash, &gnutls_signature );
1652
1653 if (gnutls_signature.data != params->signature) free( gnutls_signature.data );
1654 return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS;
1655 }
1656
1657 static unsigned int get_signature_length( enum alg_id id )
1658 {
1659 switch (id)
1660 {
1661 case ALG_ID_ECDSA_P256: return 64;
1662 case ALG_ID_ECDSA_P384: return 96;
1663 case ALG_ID_DSA: return 40;
1664 default:
1665 FIXME( "unhandled algorithm %u\n", id );
1666 return 0;
1667 }
1668 }
1669
1670 static NTSTATUS format_gnutls_signature( enum alg_id type, gnutls_datum_t signature,
1671 UCHAR *output, ULONG output_len, ULONG *ret_len )
1672 {
1673 switch (type)
1674 {
1675 case ALG_ID_RSA:
1676 case ALG_ID_RSA_SIGN:
1677 {
1678 *ret_len = signature.size;
1679 if (output_len < signature.size) return STATUS_BUFFER_TOO_SMALL;
1680 if (output) memcpy( output, signature.data, signature.size );
1681 return STATUS_SUCCESS;
1682 }
1683 case ALG_ID_ECDSA_P256:
1684 case ALG_ID_ECDSA_P384:
1685 case ALG_ID_DSA:
1686 {
1687 int err;
1688 unsigned int sig_len = get_signature_length( type );
1689 gnutls_datum_t r, s; /* format as r||s */
1690
1691 if ((err = pgnutls_decode_rs_value( &signature, &r, &s )))
1692 {
1693 pgnutls_perror( err );
1694 return STATUS_INTERNAL_ERROR;
1695 }
1696
1697 *ret_len = sig_len;
1698 if (output_len < sig_len) return STATUS_BUFFER_TOO_SMALL;
1699
1700 if (r.size > sig_len / 2 + 1 || s.size > sig_len / 2 + 1)
1701 {
1702 ERR( "we didn't get a correct signature\n" );
1703 return STATUS_INTERNAL_ERROR;
1704 }
1705
1706 if (output)
1707 {
1708 export_gnutls_datum( output, sig_len / 2, &r, 1 );
1709 export_gnutls_datum( output + sig_len / 2, sig_len / 2, &s, 1 );
1710 }
1711
1712 free( r.data ); free( s.data );
1713 return STATUS_SUCCESS;
1714 }
1715 default:
1716 return STATUS_INTERNAL_ERROR;
1717 }
1718 }
1719
1720 static NTSTATUS key_asymmetric_sign( void *args )
1721 {
1722 const struct key_asymmetric_sign_params *params = args;
1723 struct key *key = params->key;
1724 unsigned flags = params->flags;
1725 BCRYPT_PKCS1_PADDING_INFO *pad = params->padding;
1726 gnutls_datum_t hash, signature;
1727 gnutls_digest_algorithm_t hash_alg;
1728 NTSTATUS status;
1729 int ret;
1730
1731 if (key->alg_id == ALG_ID_ECDSA_P256 || key->alg_id == ALG_ID_ECDSA_P384)
1732 {
1733 /* With ECDSA, we find the digest algorithm from the hash length, and verify it */
1734 switch (params->input_len)
1735 {
1736 case 20: hash_alg = GNUTLS_DIG_SHA1; break;
1737 case 32: hash_alg = GNUTLS_DIG_SHA256; break;
1738 case 48: hash_alg = GNUTLS_DIG_SHA384; break;
1739 case 64: hash_alg = GNUTLS_DIG_SHA512; break;
1740
1741 default:
1742 FIXME( "hash size %u not yet supported\n", params->input_len );
1743 return STATUS_INVALID_PARAMETER;
1744 }
1745
1746 if (flags == BCRYPT_PAD_PKCS1 && pad && pad->pszAlgId && get_digest_from_id( pad->pszAlgId ) != hash_alg)
1747 {
1748 WARN( "incorrect hashing algorithm %s, expected %u\n", debugstr_w(pad->pszAlgId), hash_alg );
1749 return STATUS_INVALID_PARAMETER;
1750 }
1751 }
1752 else if (key->alg_id == ALG_ID_DSA)
1753 {
1754 if (flags) FIXME( "flags %#x not supported\n", flags );
1755 if (params->input_len != 20)
1756 {
1757 FIXME( "hash size %u not supported\n", params->input_len );
1758 return STATUS_INVALID_PARAMETER;
1759 }
1760 hash_alg = GNUTLS_DIG_SHA1;
1761 }
1762 else if (flags == BCRYPT_PAD_PKCS1)
1763 {
1764 if (!pad || !pad->pszAlgId)
1765 {
1766 WARN( "padding info not found\n" );
1767 return STATUS_INVALID_PARAMETER;
1768 }
1769
1770 if ((hash_alg = get_digest_from_id( pad->pszAlgId )) == GNUTLS_DIG_UNKNOWN)
1771 {
1772 FIXME( "hash algorithm %s not recognized\n", debugstr_w(pad->pszAlgId) );
1773 return STATUS_NOT_SUPPORTED;
1774 }
1775 }
1776 else if (!flags)
1777 {
1778 WARN( "invalid flags %#x\n", flags );
1779 return STATUS_INVALID_PARAMETER;
1780 }
1781 else
1782 {
1783 FIXME( "flags %#x not implemented\n", flags );
1784 return STATUS_NOT_IMPLEMENTED;
1785 }
1786
1787 if (!params->output)
1788 {
1789 *params->ret_len = key->u.a.bitlen / 8;
1790 return STATUS_SUCCESS;
1791 }
1792 if (!key_data(key)->a.privkey) return STATUS_INVALID_PARAMETER;
1793
1794 hash.data = params->input;
1795 hash.size = params->input_len;
1796
1797 signature.data = NULL;
1798 signature.size = 0;
1799
1800 if ((ret = pgnutls_privkey_sign_hash( key_data(key)->a.privkey, hash_alg, 0, &hash, &signature )))
1801 {
1802 pgnutls_perror( ret );
1803 return STATUS_INTERNAL_ERROR;
1804 }
1805
1806 status = format_gnutls_signature( key->alg_id, signature, params->output, params->output_len, params->ret_len );
1807 free( signature.data );
1808 return status;
1809 }
1810
1811 static NTSTATUS key_asymmetric_destroy( void *args )
1812 {
1813 struct key *key = args;
1814
1815 if (key_data(key)->a.privkey) pgnutls_privkey_deinit( key_data(key)->a.privkey );
1816 if (key_data(key)->a.pubkey) pgnutls_pubkey_deinit( key_data(key)->a.pubkey );
1817 return STATUS_SUCCESS;
1818 }
1819
1820 static NTSTATUS key_asymmetric_duplicate( void *args )
1821 {
1822 const struct key_asymmetric_duplicate_params *params = args;
1823 struct key *key_orig = params->key_orig;
1824 struct key *key_copy = params->key_copy;
1825 gnutls_privkey_t privkey;
1826 gnutls_pubkey_t pubkey;
1827 int ret;
1828
1829 if (!key_data(key_orig)->a.privkey) return STATUS_SUCCESS;
1830
1831 if ((ret = pgnutls_privkey_init( &privkey )))
1832 {
1833 pgnutls_perror( ret );
1834 return STATUS_INTERNAL_ERROR;
1835 }
1836
1837 switch (key_orig->alg_id)
1838 {
1839 case ALG_ID_RSA:
1840 case ALG_ID_RSA_SIGN:
1841 {
1842 gnutls_datum_t m, e, d, p, q, u, e1, e2;
1843 if ((ret = pgnutls_privkey_export_rsa_raw( key_data(key_orig)->a.privkey, &m, &e, &d, &p, &q, &u, &e1, &e2 )))
1844 {
1845 pgnutls_perror( ret );
1846 return STATUS_INTERNAL_ERROR;
1847 }
1848 ret = pgnutls_privkey_import_rsa_raw( privkey, &m, &e, &d, &p, &q, &u, &e1, &e2 );
1849 free( m.data ); free( e.data ); free( d.data ); free( p.data ); free( q.data ); free( u.data );
1850 free( e1.data ); free( e2.data );
1851 if (ret)
1852 {
1853 pgnutls_perror( ret );
1854 return STATUS_INTERNAL_ERROR;
1855 }
1856 break;
1857 }
1858 case ALG_ID_DSA:
1859 {
1860 gnutls_datum_t p, q, g, y, x;
1861 if ((ret = pgnutls_privkey_export_dsa_raw( key_data(key_orig)->a.privkey, &p, &q, &g, &y, &x )))
1862 {
1863 pgnutls_perror( ret );
1864 return STATUS_INTERNAL_ERROR;
1865 }
1866 ret = pgnutls_privkey_import_dsa_raw( privkey, &p, &q, &g, &y, &x );
1867 free( p.data ); free( q.data ); free( g.data ); free( y.data ); free( x.data );
1868 if (ret)
1869 {
1870 pgnutls_perror( ret );
1871 return STATUS_INTERNAL_ERROR;
1872 }
1873 key_copy->u.a.dss_seed = key_orig->u.a.dss_seed;
1874 break;
1875 }
1876 case ALG_ID_ECDH_P256:
1877 case ALG_ID_ECDSA_P256:
1878 case ALG_ID_ECDSA_P384:
1879 {
1880 gnutls_ecc_curve_t curve;
1881 gnutls_datum_t x, y, k;
1882 if ((ret = pgnutls_privkey_export_ecc_raw( key_data(key_orig)->a.privkey, &curve, &x, &y, &k )))
1883 {
1884 pgnutls_perror( ret );
1885 return STATUS_INTERNAL_ERROR;
1886 }
1887 ret = pgnutls_privkey_import_ecc_raw( privkey, curve, &x, &y, &k );
1888 free( x.data ); free( y.data ); free( k.data );
1889 if (ret)
1890 {
1891 pgnutls_perror( ret );
1892 return STATUS_INTERNAL_ERROR;
1893 }
1894 break;
1895 }
1896 default:
1897 ERR( "unhandled algorithm %u\n", key_orig->alg_id );
1898 return STATUS_INTERNAL_ERROR;
1899 }
1900
1901 if (key_data(key_orig)->a.pubkey)
1902 {
1903 if ((ret = pgnutls_pubkey_init( &pubkey )))
1904 {
1905 pgnutls_perror( ret );
1906 pgnutls_privkey_deinit( privkey );
1907 return STATUS_INTERNAL_ERROR;
1908 }
1909 if ((ret = pgnutls_pubkey_import_privkey( pubkey, key_data(key_orig)->a.privkey, 0, 0 )))
1910 {
1911 pgnutls_perror( ret );
1912 pgnutls_pubkey_deinit( pubkey );
1913 pgnutls_privkey_deinit( privkey );
1914 return STATUS_INTERNAL_ERROR;
1915 }
1916 key_data(key_copy)->a.pubkey = pubkey;
1917 }
1918
1919 key_data(key_copy)->a.privkey = privkey;
1920 return STATUS_SUCCESS;
1921 }
1922
1923 static NTSTATUS key_asymmetric_decrypt( void *args )
1924 {
1925 const struct key_asymmetric_decrypt_params *params = args;
1926 gnutls_datum_t e, d = { 0 };
1927 NTSTATUS status = STATUS_SUCCESS;
1928 int ret;
1929
1930 e.data = params->input;
1931 e.size = params->input_len;
1932 if ((ret = pgnutls_privkey_decrypt_data( key_data(params->key)->a.privkey, 0, &e, &d )))
1933 {
1934 pgnutls_perror( ret );
1935 return STATUS_INTERNAL_ERROR;
1936 }
1937
1938 *params->ret_len = d.size;
1939 if (params->output_len >= d.size) memcpy( params->output, d.data, *params->ret_len );
1940 else status = STATUS_BUFFER_TOO_SMALL;
1941
1942 free( d.data );
1943 return status;
1944 }
1945
1946 static NTSTATUS key_asymmetric_encrypt( void *args )
1947 {
1948 const struct key_asymmetric_encrypt_params *params = args;
1949 gnutls_datum_t d, e = { 0 };
1950 NTSTATUS status = STATUS_SUCCESS;
1951 int ret;
1952
1953 d.data = params->input;
1954 d.size = params->input_len;
1955 if ((ret = pgnutls_pubkey_encrypt_data(key_data(params->key)->a.pubkey, 0, &d, &e)))
1956 {
1957 pgnutls_perror( ret );
1958 return STATUS_INTERNAL_ERROR;
1959 }
1960
1961 *params->ret_len = e.size;
1962 if (params->output_len >= e.size) memcpy( params->output, e.data, *params->ret_len );
1963 else if (params->output_len == 0) status = STATUS_SUCCESS;
1964 else status = STATUS_BUFFER_TOO_SMALL;
1965
1966 free( e.data );
1967 return status;
1968 }
1969
1970 const unixlib_entry_t __wine_unix_call_funcs[] =
1971 {
1972 gnutls_process_attach,
1973 gnutls_process_detach,
1974 key_symmetric_vector_reset,
1975 key_symmetric_set_auth_data,
1976 key_symmetric_encrypt,
1977 key_symmetric_decrypt,
1978 key_symmetric_get_tag,
1979 key_symmetric_destroy,
1980 key_asymmetric_generate,
1981 key_asymmetric_decrypt,
1982 key_asymmetric_encrypt,
1983 key_asymmetric_duplicate,
1984 key_asymmetric_sign,
1985 key_asymmetric_verify,
1986 key_asymmetric_destroy,
1987 key_asymmetric_export,
1988 key_asymmetric_import
1989 };
1990
1991 #ifdef _WIN64
1992
1993 typedef ULONG PTR32;
1994
1995 struct key_symmetric32
1996 {
1997 enum mode_id mode;
1998 ULONG block_size;
1999 PTR32 vector;
2000 ULONG vector_len;
2001 PTR32 secret;
2002 ULONG secret_len;
2003 ULONG __cs[6];
2004 };
2005
2006 struct key_asymmetric32
2007 {
2008 ULONG bitlen; /* ignored for ECC keys */
2009 ULONG flags;
2010 PTR32 pubkey;
2011 ULONG pubkey_len;
2012 DSSSEED dss_seed;
2013 };
2014
2015 struct key32
2016 {
2017 struct object hdr;
2018 enum alg_id alg_id;
2019 UINT64 private[2]; /* private data for backend */
2020 union
2021 {
2022 struct key_symmetric32 s;
2023 struct key_asymmetric32 a;
2024 } u;
2025 };
2026
2027 static struct key *get_symmetric_key( struct key32 *key32, struct key *key )
2028 {
2029 key->hdr = key32->hdr;
2030 key->alg_id = key32->alg_id;
2031 key->private[0] = key32->private[0];
2032 key->private[1] = key32->private[1];
2033 key->u.s.mode = key32->u.s.mode;
2034 key->u.s.block_size = key32->u.s.block_size;
2035 key->u.s.vector = ULongToPtr(key32->u.s.vector);
2036 key->u.s.vector_len = key32->u.s.vector_len;
2037 key->u.s.secret = ULongToPtr(key32->u.s.secret);
2038 key->u.s.secret_len = key32->u.s.secret_len;
2039 return key;
2040 }
2041
2042 static struct key *get_asymmetric_key( struct key32 *key32, struct key *key )
2043 {
2044 key->hdr = key32->hdr;
2045 key->alg_id = key32->alg_id;
2046 key->private[0] = key32->private[0];
2047 key->private[1] = key32->private[1];
2048 key->u.a.bitlen = key32->u.a.bitlen;
2049 key->u.a.flags = key32->u.a.flags;
2050 key->u.a.dss_seed = key32->u.a.dss_seed;
2051 return key;
2052 }
2053
2054 static void put_symmetric_key32( struct key *key, struct key32 *key32 )
2055 {
2056 key32->private[0] = key->private[0];
2057 key32->private[1] = key->private[1];
2058 }
2059
2060 static void put_asymmetric_key32( struct key *key, struct key32 *key32 )
2061 {
2062 key32->private[0] = key->private[0];
2063 key32->private[1] = key->private[1];
2064 key32->u.a.flags = key->u.a.flags;
2065 key32->u.a.dss_seed = key->u.a.dss_seed;
2066 }
2067
2068 static NTSTATUS wow64_key_symmetric_vector_reset( void *args )
2069 {
2070 NTSTATUS ret;
2071 struct key key;
2072 struct key32 *key32 = args;
2073
2074 ret = key_symmetric_vector_reset( get_symmetric_key( key32, &key ));
2075 put_symmetric_key32( &key, key32 );
2076 return ret;
2077 }
2078
2079 static NTSTATUS wow64_key_symmetric_set_auth_data( void *args )
2080 {
2081 struct
2082 {
2083 PTR32 key;
2084 PTR32 auth_data;
2085 ULONG len;
2086 } const *params32 = args;
2087
2088 NTSTATUS ret;
2089 struct key key;
2090 struct key32 *key32 = ULongToPtr( params32->key );
2091 struct key_symmetric_set_auth_data_params params =
2092 {
2093 get_symmetric_key( key32, &key ),
2094 ULongToPtr(params32->auth_data),
2095 params32->len
2096 };
2097
2098 ret = key_symmetric_set_auth_data( &params );
2099 put_symmetric_key32( &key, key32 );
2100 return ret;
2101 }
2102
2103 static NTSTATUS wow64_key_symmetric_encrypt( void *args )
2104 {
2105 struct
2106 {
2107 PTR32 key;
2108 PTR32 input;
2109 ULONG input_len;
2110 PTR32 output;
2111 ULONG output_len;
2112 } const *params32 = args;
2113
2114 NTSTATUS ret;
2115 struct key key;
2116 struct key32 *key32 = ULongToPtr( params32->key );
2117 struct key_symmetric_encrypt_params params =
2118 {
2119 get_symmetric_key( key32, &key ),
2120 ULongToPtr(params32->input),
2121 params32->input_len,
2122 ULongToPtr(params32->output),
2123 params32->output_len
2124 };
2125
2126 ret = key_symmetric_encrypt( &params );
2127 put_symmetric_key32( &key, key32 );
2128 return ret;
2129 }
2130
2131 static NTSTATUS wow64_key_symmetric_decrypt( void *args )
2132 {
2133 struct
2134 {
2135 PTR32 key;
2136 PTR32 input;
2137 ULONG input_len;
2138 PTR32 output;
2139 ULONG output_len;
2140 } const *params32 = args;
2141
2142 NTSTATUS ret;
2143 struct key key;
2144 struct key32 *key32 = ULongToPtr( params32->key );
2145 struct key_symmetric_decrypt_params params =
2146 {
2147 get_symmetric_key( key32, &key ),
2148 ULongToPtr(params32->input),
2149 params32->input_len,
2150 ULongToPtr(params32->output),
2151 params32->output_len
2152 };
2153
2154 ret = key_symmetric_decrypt( &params );
2155 put_symmetric_key32( &key, key32 );
2156 return ret;
2157 }
2158
2159 static NTSTATUS wow64_key_symmetric_get_tag( void *args )
2160 {
2161 struct
2162 {
2163 PTR32 key;
2164 PTR32 tag;
2165 ULONG len;
2166 } const *params32 = args;
2167
2168 NTSTATUS ret;
2169 struct key key;
2170 struct key32 *key32 = ULongToPtr( params32->key );
2171 struct key_symmetric_get_tag_params params =
2172 {
2173 get_symmetric_key( key32, &key ),
2174 ULongToPtr(params32->tag),
2175 params32->len
2176 };
2177
2178 ret = key_symmetric_get_tag( &params );
2179 put_symmetric_key32( &key, key32 );
2180 return ret;
2181 }
2182
2183 static NTSTATUS wow64_key_symmetric_destroy( void *args )
2184 {
2185 struct key32 *key32 = args;
2186 struct key key;
2187
2188 return key_symmetric_destroy( get_symmetric_key( key32, &key ));
2189 }
2190
2191 static NTSTATUS wow64_key_asymmetric_generate( void *args )
2192 {
2193 struct key32 *key32 = args;
2194 struct key key;
2195 NTSTATUS ret;
2196
2197 ret = key_asymmetric_generate( get_asymmetric_key( key32, &key ));
2198 put_asymmetric_key32( &key, key32 );
2199 return ret;
2200 }
2201
2202 static NTSTATUS wow64_key_asymmetric_decrypt( void *args )
2203 {
2204 struct
2205 {
2206 PTR32 key;
2207 PTR32 input;
2208 ULONG input_len;
2209 PTR32 output;
2210 ULONG output_len;
2211 PTR32 ret_len;
2212 } const *params32 = args;
2213
2214 NTSTATUS ret;
2215 struct key key;
2216 struct key32 *key32 = ULongToPtr( params32->key );
2217 struct key_asymmetric_decrypt_params params =
2218 {
2219 get_asymmetric_key( key32, &key ),
2220 ULongToPtr(params32->input),
2221 params32->input_len,
2222 ULongToPtr(params32->output),
2223 params32->output_len,
2224 ULongToPtr(params32->ret_len)
2225 };
2226
2227 ret = key_asymmetric_decrypt( &params );
2228 put_asymmetric_key32( &key, key32 );
2229 return ret;
2230 }
2231
2232 static NTSTATUS wow64_key_asymmetric_encrypt( void *args )
2233 {
2234 struct
2235 {
2236 PTR32 key;
2237 PTR32 input;
2238 ULONG input_len;
2239 PTR32 output;
2240 ULONG output_len;
2241 PTR32 ret_len;
2242 } const *params32 = args;
2243
2244 NTSTATUS ret;
2245 struct key key;
2246 struct key32 *key32 = ULongToPtr( params32->key );
2247 struct key_asymmetric_encrypt_params params =
2248 {
2249 get_asymmetric_key( key32, &key ),
2250 ULongToPtr(params32->input),
2251 params32->input_len,
2252 ULongToPtr(params32->output),
2253 params32->output_len,
2254 ULongToPtr(params32->ret_len)
2255 };
2256
2257 ret = key_asymmetric_encrypt( &params );
2258 put_asymmetric_key32( &key, key32 );
2259 return ret;
2260 }
2261
2262 static NTSTATUS wow64_key_asymmetric_duplicate( void *args )
2263 {
2264 struct
2265 {
2266 PTR32 key_orig;
2267 PTR32 key_copy;
2268 } const *params32 = args;
2269
2270 NTSTATUS ret;
2271 struct key key_orig, key_copy;
2272 struct key32 *key_orig32 = ULongToPtr( params32->key_orig );
2273 struct key32 *key_copy32 = ULongToPtr( params32->key_copy );
2274 struct key_asymmetric_duplicate_params params =
2275 {
2276 get_asymmetric_key( key_orig32, &key_orig ),
2277 get_asymmetric_key( key_copy32, &key_copy )
2278 };
2279
2280 ret = key_asymmetric_duplicate( &params );
2281 put_asymmetric_key32( &key_copy, key_copy32 );
2282 return ret;
2283 }
2284
2285 static NTSTATUS wow64_key_asymmetric_sign( void *args )
2286 {
2287 struct
2288 {
2289 PTR32 key;
2290 PTR32 padding;
2291 PTR32 input;
2292 ULONG input_len;
2293 PTR32 output;
2294 ULONG output_len;
2295 PTR32 ret_len;
2296 ULONG flags;
2297 } const *params32 = args;
2298
2299 NTSTATUS ret;
2300 struct key key;
2301 BCRYPT_PKCS1_PADDING_INFO padding;
2302 struct key32 *key32 = ULongToPtr( params32->key );
2303 struct key_asymmetric_sign_params params =
2304 {
2305 get_asymmetric_key( key32, &key ),
2306 NULL, /* padding */
2307 ULongToPtr(params32->input),
2308 params32->input_len,
2309 ULongToPtr(params32->output),
2310 params32->output_len,
2311 ULongToPtr(params32->ret_len),
2312 params32->flags
2313 };
2314
2315 if (params32->flags & BCRYPT_PAD_PKCS1)
2316 {
2317 PTR32 *info = ULongToPtr( params32->padding );
2318 if (!info) return STATUS_INVALID_PARAMETER;
2319 padding.pszAlgId = ULongToPtr( *info );
2320 params.padding = &padding;
2321 }
2322
2323 ret = key_asymmetric_sign( &params );
2324 put_asymmetric_key32( &key, key32 );
2325 return ret;
2326 }
2327
2328 static NTSTATUS wow64_key_asymmetric_verify( void *args )
2329 {
2330 struct
2331 {
2332 PTR32 key;
2333 PTR32 padding;
2334 PTR32 hash;
2335 ULONG hash_len;
2336 PTR32 signature;
2337 ULONG signature_len;
2338 ULONG flags;
2339 } const *params32 = args;
2340
2341 NTSTATUS ret;
2342 struct key key;
2343 BCRYPT_PKCS1_PADDING_INFO padding;
2344 struct key32 *key32 = ULongToPtr( params32->key );
2345 struct key_asymmetric_verify_params params =
2346 {
2347 get_asymmetric_key( key32, &key ),
2348 NULL, /* padding */
2349 ULongToPtr(params32->hash),
2350 params32->hash_len,
2351 ULongToPtr(params32->signature),
2352 params32->signature_len,
2353 params32->flags
2354 };
2355
2356 if (params32->flags & BCRYPT_PAD_PKCS1)
2357 {
2358 PTR32 *info = ULongToPtr( params32->padding );
2359 if (!info) return STATUS_INVALID_PARAMETER;
2360 padding.pszAlgId = ULongToPtr( *info );
2361 params.padding = &padding;
2362 }
2363
2364 ret = key_asymmetric_verify( &params );
2365 put_asymmetric_key32( &key, key32 );
2366 return ret;
2367 }
2368
2369 static NTSTATUS wow64_key_asymmetric_destroy( void *args )
2370 {
2371 struct key32 *key32 = args;
2372 struct key key;
2373
2374 return key_asymmetric_destroy( get_asymmetric_key( key32, &key ));
2375 }
2376
2377 static NTSTATUS wow64_key_asymmetric_export( void *args )
2378 {
2379 struct
2380 {
2381 PTR32 key;
2382 ULONG flags;
2383 PTR32 buf;
2384 ULONG len;
2385 PTR32 ret_len;
2386 } const *params32 = args;
2387
2388 NTSTATUS ret;
2389 struct key key;
2390 struct key32 *key32 = ULongToPtr( params32->key );
2391 struct key_asymmetric_export_params params =
2392 {
2393 get_asymmetric_key( key32, &key ),
2394 params32->flags,
2395 ULongToPtr(params32->buf),
2396 params32->len,
2397 ULongToPtr(params32->ret_len),
2398 };
2399
2400 ret = key_asymmetric_export( &params );
2401 put_asymmetric_key32( &key, key32 );
2402 return ret;
2403 }
2404
2405 static NTSTATUS wow64_key_asymmetric_import( void *args )
2406 {
2407 struct
2408 {
2409 PTR32 key;
2410 ULONG flags;
2411 PTR32 buf;
2412 ULONG len;
2413 } const *params32 = args;
2414
2415 NTSTATUS ret;
2416 struct key key;
2417 struct key32 *key32 = ULongToPtr( params32->key );
2418 struct key_asymmetric_import_params params =
2419 {
2420 get_asymmetric_key( key32, &key ),
2421 params32->flags,
2422 ULongToPtr(params32->buf),
2423 params32->len
2424 };
2425
2426 ret = key_asymmetric_import( &params );
2427 put_asymmetric_key32( &key, key32 );
2428 return ret;
2429 }
2430
2431 const unixlib_entry_t __wine_unix_call_wow64_funcs[] =
2432 {
2433 gnutls_process_attach,
2434 gnutls_process_detach,
2435 wow64_key_symmetric_vector_reset,
2436 wow64_key_symmetric_set_auth_data,
2437 wow64_key_symmetric_encrypt,
2438 wow64_key_symmetric_decrypt,
2439 wow64_key_symmetric_get_tag,
2440 wow64_key_symmetric_destroy,
2441 wow64_key_asymmetric_generate,
2442 wow64_key_asymmetric_decrypt,
2443 wow64_key_asymmetric_encrypt,
2444 wow64_key_asymmetric_duplicate,
2445 wow64_key_asymmetric_sign,
2446 wow64_key_asymmetric_verify,
2447 wow64_key_asymmetric_destroy,
2448 wow64_key_asymmetric_export,
2449 wow64_key_asymmetric_import
2450 };
2451
2452 #endif /* _WIN64 */
2453
2454 #endif /* HAVE_GNUTLS_CIPHER_INIT */
Windows API implementation