bcrypt: Reimplement DH using libgmp instead of private gnutls functions.

ValveSoftware · Feb 15, 2024 · ca71621 · ca71621
1 parent cc6c777
commit ca71621
Show file tree

Hide file tree

Showing 6 changed files with 576 additions and 262 deletions.
diff --git a/configure.ac b/configure.ac
@@ -1496,6 +1496,14 @@ WINE_PACKAGE_FLAGS(DRMAMDGPU,[libdrm_amdgpu],,,,
     [AC_CHECK_HEADERS([amdgpu_drm.h],
         [WINE_CHECK_SONAME(drm_amdgpu,amdgpu_query_info,,,[$DRMAMDGPU_LIBS])])])
 
+dnl **** Check for libgmp ****
+if test "x$with_gnutls" != "xno"
+then
+    WINE_PACKAGE_FLAGS(GMP,[gmp],[-lgmp],,,
+        [AC_CHECK_HEADERS([gmp.h],
+            [WINE_CHECK_SONAME(gmp,__gmpz_init,,[GMP_CFLAGS=""],[$GMP_LIBS],[[libgmp-*]])])])
+fi
+
 dnl **** Check for SANE ****
 if test "x$with_sane" != "xno"
 then

diff --git a/dlls/bcrypt/Makefile.in b/dlls/bcrypt/Makefile.in
@@ -2,7 +2,7 @@ MODULE    = bcrypt.dll
 IMPORTS   = advapi32
 IMPORTLIB = bcrypt
 UNIXLIB   = bcrypt.so
-UNIX_CFLAGS = $(GNUTLS_CFLAGS)
+UNIX_CFLAGS = $(GNUTLS_CFLAGS) $(GMP_CFLAGS)
 
 SOURCES = \
 	bcrypt_main.c \

diff --git a/dlls/bcrypt/bcrypt_internal.h b/dlls/bcrypt/bcrypt_internal.h
@@ -175,6 +175,8 @@ struct key_symmetric
 };
 
 #define KEY_FLAG_LEGACY_DSA_V2  0x00000001
+#define KEY_FLAG_DH_PARAMS_SET  0x00000002
+#define KEY_FLAG_FINALIZED      0x00000004
 
 struct key_asymmetric
 {
@@ -285,6 +287,8 @@ struct key_asymmetric_verify_params
 
 #define KEY_EXPORT_FLAG_PUBLIC   0x00000001
 #define KEY_EXPORT_FLAG_RSA_FULL 0x00000002
+#define KEY_EXPORT_FLAG_DH_PARAMETERS 0x00000004
+
 struct key_asymmetric_export_params
 {
     struct key  *key;
@@ -295,6 +299,7 @@ struct key_asymmetric_export_params
 };
 
 #define KEY_IMPORT_FLAG_PUBLIC   0x00000001
+#define KEY_IMPORT_FLAG_DH_PARAMETERS 0x00000002
 struct key_asymmetric_import_params
 {
     struct key  *key;

diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
@@ -853,6 +853,21 @@ static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHA
 
 static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
 {
+    if (key->alg_id == ALG_ID_DH)
+    {
+        if (!lstrcmpW( prop, BCRYPT_DH_PARAMETERS ))
+        {
+            struct key_asymmetric_import_params params;
+
+            params.key   = key;
+            params.flags = KEY_IMPORT_FLAG_DH_PARAMETERS;
+            params.buf   = value;
+            params.len   = size;
+            return UNIX_CALL( key_asymmetric_import, &params );
+        }
+        return STATUS_NOT_IMPLEMENTED;
+    }
+
     if (!wcscmp( prop, BCRYPT_CHAINING_MODE ))
     {
         if (!wcscmp( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB ))
@@ -902,6 +917,20 @@ static NTSTATUS get_hash_property( const struct hash *hash, const WCHAR *prop, U
     return status;
 }
 
+static NTSTATUS get_dh_property( const struct key *key, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
+{
+    struct key_asymmetric_export_params params;
+
+    if (wcscmp( prop, BCRYPT_DH_PARAMETERS )) return STATUS_NOT_SUPPORTED;
+
+    params.key     = (struct key *)key;
+    params.flags   = KEY_EXPORT_FLAG_DH_PARAMETERS;
+    params.buf     = buf;
+    params.len     = size;
+    params.ret_len = ret_size;
+    return UNIX_CALL( key_asymmetric_export, &params );
+}
+
 static NTSTATUS get_key_property( const struct key *key, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
 {
     if (!wcscmp( prop, BCRYPT_KEY_STRENGTH ))
@@ -925,6 +954,9 @@ static NTSTATUS get_key_property( const struct key *key, const WCHAR *prop, UCHA
         if (!wcscmp( prop, BCRYPT_AUTH_TAG_LENGTH )) return STATUS_NOT_SUPPORTED;
         return get_aes_property( key->u.s.mode, prop, buf, size, ret_size );
 
+    case ALG_ID_DH:
+        return get_dh_property( key, prop, buf, size, ret_size );
+
     default:
         FIXME( "unsupported algorithm %u\n", key->alg_id );
         return STATUS_NOT_IMPLEMENTED;
@@ -1176,6 +1208,8 @@ static NTSTATUS key_asymmetric_create( enum alg_id alg_id, ULONG bitlen, struct
         return STATUS_NOT_IMPLEMENTED;
     }
 
+    if (alg_id == ALG_ID_DH && bitlen < 512) return STATUS_INVALID_PARAMETER;
+
     if (!(key = calloc( 1, sizeof(*key) ))) return STATUS_NO_MEMORY;
     key->hdr.magic  = MAGIC_KEY;
     key->alg_id     = alg_id;
@@ -2488,6 +2522,9 @@ NTSTATUS WINAPI BCryptSecretAgreement( BCRYPT_KEY_HANDLE privkey_handle, BCRYPT_
     if (!privkey || !pubkey) return STATUS_INVALID_HANDLE;
     if (!is_agreement_key( privkey ) || !is_agreement_key( pubkey )) return STATUS_NOT_SUPPORTED;
     if (!ret_handle) return STATUS_INVALID_PARAMETER;
+    if (privkey->alg_id != pubkey->alg_id) return STATUS_INVALID_PARAMETER;
+    if (privkey->alg_id == ALG_ID_DH && !(privkey->u.a.flags & pubkey->u.a.flags & KEY_FLAG_FINALIZED)) return STATUS_INVALID_PARAMETER;
+    if (privkey->u.a.bitlen != pubkey->u.a.bitlen) return STATUS_INVALID_PARAMETER;
 
     if (!(secret = calloc( 1, sizeof(*secret) ))) return STATUS_NO_MEMORY;
     secret->hdr.magic = MAGIC_SECRET;