From: Dmitry Timoshkov Subject: [PATCH 2/2] crypt32: Add support for importing RSA public keys with BCrypt. Message-Id: <20210409205649.fe0dbd97fae9af0aca008607@baikal.ru> Date: Fri, 9 Apr 2021 20:56:49 +0300 Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=50925 Signed-off-by: Dmitry Timoshkov --- dlls/crypt32/cert.c | 71 +++++++++++++++++++++++++++++++++++++ dlls/crypt32/tests/encode.c | 13 ++++++- 2 files changed, 83 insertions(+), 1 deletion(-) diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c index 95e2746a7d5..b8c3d0b8dba 100644 --- a/dlls/crypt32/cert.c +++ b/dlls/crypt32/cert.c @@ -2689,11 +2689,82 @@ done: return !status; } +static BOOL CNG_ImportRSAPubKey(CERT_PUBLIC_KEY_INFO *info, BCRYPT_KEY_HANDLE *key) +{ + DWORD rsakey_len, size; + BLOBHEADER *hdr; + RSAPUBKEY *rsapubkey; + const WCHAR *rsa_algo; + BCRYPT_ALG_HANDLE alg = NULL; + BCRYPT_RSAKEY_BLOB *rsakey; + NTSTATUS status; + + if (!info->PublicKey.cbData) + { + SetLastError(NTE_BAD_ALGID); + return FALSE; + } + + if (!CryptDecodeObjectEx(X509_ASN_ENCODING, RSA_CSP_PUBLICKEYBLOB, info->PublicKey.pbData, + info->PublicKey.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &hdr, &size)) + { + WARN("CryptDecodeObjectEx failed\n"); + return FALSE; + } + + if (hdr->aiKeyAlg == CALG_RSA_KEYX) + rsa_algo = BCRYPT_RSA_ALGORITHM; + else if (hdr->aiKeyAlg == CALG_RSA_SIGN) + rsa_algo = BCRYPT_RSA_SIGN_ALGORITHM; + else + { + FIXME("Unsupported RSA algorithm: %#x\n", hdr->aiKeyAlg); + CryptMemFree(hdr); + SetLastError(NTE_BAD_ALGID); + return FALSE; + } + + if ((status = BCryptOpenAlgorithmProvider(&alg, rsa_algo, NULL, 0))) + goto done; + + rsakey_len = sizeof(*rsakey) + size; + + if (!(rsakey = CryptMemAlloc(rsakey_len))) + { + status = STATUS_NO_MEMORY; + goto done; + } + + rsapubkey = (RSAPUBKEY *)(hdr + 1); + + rsakey->Magic = BCRYPT_RSAPUBLIC_MAGIC; + rsakey->BitLength = rsapubkey->bitlen; + rsakey->cbPublicExp = size - rsapubkey->bitlen / 8; + rsakey->cbModulus = rsapubkey->bitlen / 8; + rsakey->cbPrime1 = 0; + rsakey->cbPrime2 = 0; + + memcpy(rsakey + 1, rsapubkey, size); + + status = BCryptImportKeyPair(alg, NULL, BCRYPT_RSAPUBLIC_BLOB, key, (BYTE *)rsakey, rsakey_len, 0); + CryptMemFree(rsakey); + +done: + CryptMemFree(hdr); + if (alg) BCryptCloseAlgorithmProvider(alg, 0); + if (status) SetLastError(RtlNtStatusToDosError(status)); + return !status; +} + BOOL CNG_ImportPubKey(CERT_PUBLIC_KEY_INFO *pubKeyInfo, BCRYPT_KEY_HANDLE *key) { if (!strcmp(pubKeyInfo->Algorithm.pszObjId, szOID_ECC_PUBLIC_KEY)) return CNG_ImportECCPubKey(pubKeyInfo, key); + + if (!strcmp(pubKeyInfo->Algorithm.pszObjId, szOID_RSA_RSA)) + return CNG_ImportRSAPubKey(pubKeyInfo, key); + FIXME("Unsupported public key type: %s\n", debugstr_a(pubKeyInfo->Algorithm.pszObjId)); SetLastError(NTE_BAD_ALGID); return FALSE; diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c index 38d2f84db14..7c72eba1b9b 100644 --- a/dlls/crypt32/tests/encode.c +++ b/dlls/crypt32/tests/encode.c @@ -30,6 +30,7 @@ static BOOL (WINAPI *pCryptDecodeObjectEx)(DWORD,LPCSTR,const BYTE*,DWORD,DWORD,PCRYPT_DECODE_PARA,void*,DWORD*); static BOOL (WINAPI *pCryptEncodeObjectEx)(DWORD,LPCSTR,const void*,DWORD,PCRYPT_ENCODE_PARA,void*,DWORD*); +static DWORD (WINAPI *pBCryptDestroyKey)(BCRYPT_KEY_HANDLE); struct encodedInt { @@ -8400,6 +8401,7 @@ static void testImportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO info) { BOOL ret; HCRYPTKEY key; + BCRYPT_KEY_HANDLE key2; PCCERT_CONTEXT context; DWORD dwSize; ALG_ID ai; @@ -8469,6 +8471,12 @@ static void testImportPublicKey(HCRYPTPROV csp, PCERT_PUBLIC_KEY_INFO info) &context->pCertInfo->SubjectPublicKeyInfo, 0, 0, NULL, &key); ok(ret, "CryptImportPublicKeyInfoEx failed: %08x\n", GetLastError()); CryptDestroyKey(key); + + ret = CryptImportPublicKeyInfoEx2(X509_ASN_ENCODING, + &context->pCertInfo->SubjectPublicKeyInfo, 0, NULL, &key2); + ok(ret, "CryptImportPublicKeyInfoEx2 failed: %08x\n", GetLastError()); + if (pBCryptDestroyKey) pBCryptDestroyKey(key2); + CertFreeCertificateContext(context); } } @@ -8502,7 +8510,7 @@ START_TEST(encode) { static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING }; - HMODULE hCrypt32; + HMODULE hCrypt32, hBcrypt; DWORD i; hCrypt32 = GetModuleHandleA("crypt32.dll"); @@ -8514,6 +8522,9 @@ START_TEST(encode) return; } + hBcrypt = GetModuleHandleA("bcrypt.dll"); + pBCryptDestroyKey = (void*)GetProcAddress(hBcrypt, "BCryptDestroyKey"); + for (i = 0; i < ARRAY_SIZE(encodings); i++) { test_encodeInt(encodings[i]); -- 2.30.2