From 485e2fdb3b970e95d83c14ddece4d734b1e08e94 Mon Sep 17 00:00:00 2001 From: CertoToStore Team Date: Mon, 3 May 2021 09:07:34 -0700 Subject: [PATCH] Associate BCRYPT_ECDSA_PUBLIC_GENERIC_MAGIC with the P256 curve (the only EC key type we generate now). It is a temporary fix for, most likely, an PCP/ncrypt bug where for generating ECDSA P256 an ECCPUBLICBLOB with BCRYPT_ECDSA_PUBLIC_GENERIC_MAGIC is returned. Tested on Win 10 Ent 10.0.19042 Build 19042 with bcrypt/ncrypt 10.0.19041.662. PiperOrigin-RevId: 371708930 --- certtostore_windows.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/certtostore_windows.go b/certtostore_windows.go index 8ac2c04..48be28b 100644 --- a/certtostore_windows.go +++ b/certtostore_windows.go @@ -72,6 +72,7 @@ const ( ecs1Magic = 0x31534345 // "ECS1" BCRYPT_ECDSA_PUBLIC_P256_MAGIC ecs3Magic = 0x33534345 // "ECS3" BCRYPT_ECDSA_PUBLIC_P384_MAGIC ecs5Magic = 0x35534345 // "ECS5" BCRYPT_ECDSA_PUBLIC_P521_MAGIC + ecdpMagic = 0x50444345 // "ECDP" BCRYPT_ECDSA_PUBLIC_GENERIC_MAGIC // ncrypt.h constants ncryptPersistFlag = 0x80000000 // NCRYPT_PERSIST_FLAG @@ -117,6 +118,10 @@ var ( ecs1Magic: elliptic.P256(), // BCRYPT_ECDSA_PUBLIC_P256_MAGIC ecs3Magic: elliptic.P384(), // BCRYPT_ECDSA_PUBLIC_P384_MAGIC ecs5Magic: elliptic.P521(), // BCRYPT_ECDSA_PUBLIC_P521_MAGIC + // TODO: for now interpret the generic magic as P256, as we + // hardcode P256 key generation. With more curves supported, we may need to + // match the curve based on the response size. + ecdpMagic: elliptic.P256(), // BCRYPT_ECDSA_PUBLIC_GENERIC_MAGIC } // algIDs maps crypto.Hash values to bcrypt.h constants.