bcrypt: Fix RSA public key export when we don't have a private key handle.

Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Hans Leidekker 2022-03-24 10:35:57 +01:00 committed by Alexandre Julliard
parent e47fe70084
commit 5b860a44a0
2 changed files with 35 additions and 3 deletions

View File

@ -107,6 +107,7 @@ static int (*pgnutls_pubkey_import_dsa_raw)(gnutls_pubkey_t, const gnutls_datum_
static int (*pgnutls_pubkey_import_privkey)(gnutls_pubkey_t, gnutls_privkey_t, unsigned int, unsigned int); static int (*pgnutls_pubkey_import_privkey)(gnutls_pubkey_t, gnutls_privkey_t, unsigned int, unsigned int);
/* Not present in gnutls version < 3.3.0 */ /* Not present in gnutls version < 3.3.0 */
static int (*pgnutls_pubkey_export_rsa_raw)(gnutls_pubkey_t, gnutls_datum_t *, gnutls_datum_t *);
static int (*pgnutls_privkey_export_ecc_raw)(gnutls_privkey_t, gnutls_ecc_curve_t *, static int (*pgnutls_privkey_export_ecc_raw)(gnutls_privkey_t, gnutls_ecc_curve_t *,
gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *); gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *);
static int (*pgnutls_privkey_export_rsa_raw)(gnutls_privkey_t, gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *, static int (*pgnutls_privkey_export_rsa_raw)(gnutls_privkey_t, gnutls_datum_t *, gnutls_datum_t *, gnutls_datum_t *,
@ -166,6 +167,11 @@ static int compat_gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key, gnutls_ecc_c
return GNUTLS_E_UNKNOWN_PK_ALGORITHM; return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
} }
static int compat_gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key, gnutls_datum_t *m, gnutls_datum_t *e)
{
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
static int compat_gnutls_privkey_export_rsa_raw(gnutls_privkey_t key, gnutls_datum_t *m, gnutls_datum_t *e, static int compat_gnutls_privkey_export_rsa_raw(gnutls_privkey_t key, gnutls_datum_t *m, gnutls_datum_t *e,
gnutls_datum_t *d, gnutls_datum_t *p, gnutls_datum_t *q, gnutls_datum_t *d, gnutls_datum_t *p, gnutls_datum_t *q,
gnutls_datum_t *u, gnutls_datum_t *e1, gnutls_datum_t *e2) gnutls_datum_t *u, gnutls_datum_t *e1, gnutls_datum_t *e2)
@ -299,8 +305,9 @@ static NTSTATUS gnutls_process_attach( void *args )
LOAD_FUNCPTR_OPT(gnutls_cipher_tag) LOAD_FUNCPTR_OPT(gnutls_cipher_tag)
LOAD_FUNCPTR_OPT(gnutls_cipher_add_auth) LOAD_FUNCPTR_OPT(gnutls_cipher_add_auth)
LOAD_FUNCPTR_OPT(gnutls_pubkey_import_ecc_raw)
LOAD_FUNCPTR_OPT(gnutls_pubkey_export_ecc_raw) LOAD_FUNCPTR_OPT(gnutls_pubkey_export_ecc_raw)
LOAD_FUNCPTR_OPT(gnutls_pubkey_export_rsa_raw)
LOAD_FUNCPTR_OPT(gnutls_pubkey_import_ecc_raw)
LOAD_FUNCPTR_OPT(gnutls_privkey_export_rsa_raw) LOAD_FUNCPTR_OPT(gnutls_privkey_export_rsa_raw)
LOAD_FUNCPTR_OPT(gnutls_privkey_export_ecc_raw) LOAD_FUNCPTR_OPT(gnutls_privkey_export_ecc_raw)
LOAD_FUNCPTR_OPT(gnutls_privkey_import_ecc_raw) LOAD_FUNCPTR_OPT(gnutls_privkey_import_ecc_raw)
@ -633,7 +640,14 @@ static NTSTATUS key_export_rsa_public( struct key *key, UCHAR *buf, ULONG len, U
UCHAR *dst; UCHAR *dst;
int ret; int ret;
if ((ret = pgnutls_privkey_export_rsa_raw( key_data(key)->a.privkey, &m, &e, NULL, NULL, NULL, NULL, NULL, NULL ))) if (key_data(key)->a.pubkey)
ret = pgnutls_pubkey_export_rsa_raw( key_data(key)->a.pubkey, &m, &e );
else if (key_data(key)->a.privkey)
ret = pgnutls_privkey_export_rsa_raw( key_data(key)->a.privkey, &m, &e, NULL, NULL, NULL, NULL, NULL, NULL );
else
return STATUS_INVALID_PARAMETER;
if (ret)
{ {
pgnutls_perror( ret ); pgnutls_perror( ret );
return STATUS_INTERNAL_ERROR; return STATUS_INTERNAL_ERROR;
@ -1017,6 +1031,8 @@ static NTSTATUS key_export_rsa( struct key *key, ULONG flags, UCHAR *buf, ULONG
UCHAR *dst; UCHAR *dst;
int ret; int ret;
if (!key_data(key)->a.privkey) return STATUS_INVALID_PARAMETER;
if ((ret = pgnutls_privkey_export_rsa_raw( key_data(key)->a.privkey, &m, &e, &d, &p, &q, &u, &e1, &e2 ))) if ((ret = pgnutls_privkey_export_rsa_raw( key_data(key)->a.privkey, &m, &e, &d, &p, &q, &u, &e1, &e2 )))
{ {
pgnutls_perror( ret ); pgnutls_perror( ret );

View File

@ -2212,7 +2212,7 @@ static void test_RSA_SIGN(void)
BCRYPT_RSAKEY_BLOB *rsablob; BCRYPT_RSAKEY_BLOB *rsablob;
NTSTATUS ret; NTSTATUS ret;
ULONG size, size2; ULONG size, size2;
BYTE *buf; BYTE *buf, buf2[sizeof(BCRYPT_RSAKEY_BLOB) + sizeof(rsaPublicBlob)];
ret = BCryptOpenAlgorithmProvider(&alg, BCRYPT_RSA_SIGN_ALGORITHM, NULL, 0); ret = BCryptOpenAlgorithmProvider(&alg, BCRYPT_RSA_SIGN_ALGORITHM, NULL, 0);
if (ret) if (ret)
@ -2224,6 +2224,22 @@ static void test_RSA_SIGN(void)
ret = BCryptImportKeyPair(alg, NULL, BCRYPT_RSAPUBLIC_BLOB, &key, rsaPublicBlob, sizeof(rsaPublicBlob), 0); ret = BCryptImportKeyPair(alg, NULL, BCRYPT_RSAPUBLIC_BLOB, &key, rsaPublicBlob, sizeof(rsaPublicBlob), 0);
ok(!ret, "BCryptImportKeyPair failed: %#lx\n", ret); ok(!ret, "BCryptImportKeyPair failed: %#lx\n", ret);
memset(buf2, 0xcc, sizeof(buf2));
ret = BCryptExportKey(key, NULL, BCRYPT_RSAPUBLIC_BLOB, buf2, sizeof(buf2), &size, 0);
ok(!ret, "got %#lx\n", ret);
rsablob = (BCRYPT_RSAKEY_BLOB *)buf2;
ok(rsablob->Magic == BCRYPT_RSAPUBLIC_MAGIC, "got %#lx\n", rsablob->Magic);
ok(rsablob->BitLength == 2048, "got %lu\n", rsablob->BitLength);
ok(rsablob->cbPublicExp == 3, "got %lu\n", rsablob->cbPublicExp);
ok(rsablob->cbModulus == 256, "got %lu\n", rsablob->cbModulus);
ok(rsablob->cbPrime1 == 0, "got %lu\n", rsablob->cbPrime1);
ok(rsablob->cbPrime2 == 0, "got %lu\n", rsablob->cbPrime2);
size2 = sizeof(*rsablob) + rsablob->cbPublicExp + rsablob->cbModulus + rsablob->cbPrime1 + rsablob->cbPrime2;
ok(size == size2, "got %lu expected %lu\n", size2, size);
ret = BCryptExportKey(key, NULL, BCRYPT_RSAPRIVATE_BLOB, buf2, sizeof(buf2), &size, 0);
ok(ret == STATUS_INVALID_PARAMETER, "got %#lx\n", ret);
pad.pszAlgId = BCRYPT_SHA1_ALGORITHM; pad.pszAlgId = BCRYPT_SHA1_ALGORITHM;
ret = BCryptVerifySignature(key, &pad, rsaHash, sizeof(rsaHash), rsaSignature, sizeof(rsaSignature), BCRYPT_PAD_PKCS1); ret = BCryptVerifySignature(key, &pad, rsaHash, sizeof(rsaHash), rsaSignature, sizeof(rsaSignature), BCRYPT_PAD_PKCS1);
ok(!ret, "BCryptVerifySignature failed: %#lx\n", ret); ok(!ret, "BCryptVerifySignature failed: %#lx\n", ret);