Merge pull request #54 from TheManticoreProject/bcrypt-ecc-key

[enhancement] Implemented BCRYPT_ECC_KEY, fixes #47

Author: p0dalirius

windows/cng/bcrypt/keys/BCRYPT_ECC_PRIVATE_KEY.go

@@ -0,0 +1,135 @@
+package keys
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/TheManticoreProject/Manticore/windows/cng/bcrypt/keys/blob"
+	"github.com/TheManticoreProject/Manticore/windows/cng/bcrypt/keys/headers"
+	"github.com/TheManticoreProject/Manticore/windows/cng/bcrypt/keys/magic"
+)
+
+type BCRYPT_ECC_PRIVATE_KEY struct {
+	// Magic is the magic signature of the key.
+	Magic magic.BCRYPT_KEY_BLOB
+
+	// Header is the header of the key.
+	Header headers.BCRYPT_ECC_KEY_BLOB
+
+	// Content is the content of the key.
+	Content blob.BCRYPT_ECC_PRIVATE_BLOB
+}
+
+// Unmarshal parses the provided byte slice into the BCRYPT_ECC_PRIVATE_KEY structure.
+//
+// Parameters:
+// - value: A byte slice containing the raw ECC private key to be parsed.
+//
+// Returns:
+// - The number of bytes read from the byte slice.
+// - An error if the parsing fails, otherwise nil.
+//
+// Note:
+// The function expects the byte slice to follow the ECC private key format, starting with the BCRYPT_ECC_KEY_BLOB header.
+// It extracts the X, Y and D big-endian values from the byte slice and stores them in the BCRYPT_ECC_PRIVATE_KEY structure.
+func (k *BCRYPT_ECC_PRIVATE_KEY) Unmarshal(value []byte) (int, error) {
+	// Need at least 8 bytes for magic (4) + header (4)
+	if len(value) < 8 {
+		return 0, errors.New("buffer too small for BCRYPT_ECC_PRIVATE_KEY, header too short (at least 8 bytes are required)")
+	}
+
+	bytesRead := 0
+
+	// Unmarshalling magic
+	bytesReadMagic, err := k.Magic.Unmarshal(value[:4])
+	if err != nil {
+		return 0, err
+	}
+	if !isValidECCPrivateMagic(k.Magic.Magic) {
+		return 0, fmt.Errorf("invalid ECC private key magic: 0x%08x", k.Magic.Magic)
+	}
+	bytesRead += bytesReadMagic
+
+	// Unmarshalling header
+	bytesReadHeader, err := k.Header.Unmarshal(value[bytesRead:])
+	if err != nil {
+		return 0, err
+	}
+	bytesRead += bytesReadHeader
+
+	// Unmarshalling content
+	bytesReadContent, err := k.Content.Unmarshal(k.Header, value[bytesRead:])
+	if err != nil {
+		return 0, err
+	}
+	bytesRead += bytesReadContent
+
+	return bytesRead, nil
+}
+
+// Marshal returns the raw bytes of the BCRYPT_ECC_PRIVATE_KEY structure.
+//
+// Returns:
+// - A byte slice representing the raw bytes of the BCRYPT_ECC_PRIVATE_KEY structure.
+func (k *BCRYPT_ECC_PRIVATE_KEY) Marshal() ([]byte, error) {
+	if !isValidECCPrivateMagic(k.Magic.Magic) {
+		return nil, fmt.Errorf("invalid ECC private key magic for marshal: 0x%08x", k.Magic.Magic)
+	}
+
+	marshalledData := []byte{}
+
+	// Marshalling magic (kept as-is; caller must select appropriate curve/type magic)
+	marshalledMagic, err := k.Magic.Marshal()
+	if err != nil {
+		return nil, err
+	}
+	marshalledData = append(marshalledData, marshalledMagic...)
+
+	// Marshalling header
+	marshalledHeader, err := k.Header.Marshal()
+	if err != nil {
+		return nil, err
+	}
+	marshalledData = append(marshalledData, marshalledHeader...)
+
+	// Marshalling content
+	marshalledContent, err := k.Content.Marshal()
+	if err != nil {
+		return nil, err
+	}
+	marshalledData = append(marshalledData, marshalledContent...)
+
+	return marshalledData, nil
+}
+
+// Describe prints a detailed description of the BCRYPT_ECC_PRIVATE_KEY structure.
+//
+// Parameters:
+// - indent: An integer representing the indentation level for the printed output.
+//
+// Note:
+// The function prints the Header and Data of the BCRYPT_ECC_PRIVATE_KEY structure.
+// The output is formatted with the specified indentation level to improve readability.
+func (k *BCRYPT_ECC_PRIVATE_KEY) Describe(indent int) {
+	indentPrompt := strings.Repeat(" │ ", indent)
+	fmt.Printf("%s<\x1b[93mBCRYPT_ECC_PRIVATE_KEY\x1b[0m>\n", indentPrompt)
+	k.Magic.Describe(indent + 1)
+	k.Header.Describe(indent + 1)
+	k.Content.Describe(indent + 1)
+	fmt.Printf("%s└───\n", indentPrompt)
+}
+
+func isValidECCPrivateMagic(m uint32) bool {
+	switch m {
+	case magic.BCRYPT_ECDH_PRIVATE_P256_MAGIC,
+		magic.BCRYPT_ECDH_PRIVATE_P384_MAGIC,
+		magic.BCRYPT_ECDH_PRIVATE_P521_MAGIC,
+		magic.BCRYPT_ECDSA_PRIVATE_P256_MAGIC,
+		magic.BCRYPT_ECDSA_PRIVATE_P384_MAGIC,
+		magic.BCRYPT_ECDSA_PRIVATE_P521_MAGIC:
+		return true
+	default:
+		return false
+	}
+}

windows/cng/bcrypt/keys/BCRYPT_ECC_PUBLIC_KEY.go

@@ -0,0 +1,135 @@
+package keys
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/TheManticoreProject/Manticore/windows/cng/bcrypt/keys/blob"
+	"github.com/TheManticoreProject/Manticore/windows/cng/bcrypt/keys/headers"
+	"github.com/TheManticoreProject/Manticore/windows/cng/bcrypt/keys/magic"
+)
+
+type BCRYPT_ECC_PUBLIC_KEY struct {
+	// Magic is the magic signature of the key.
+	Magic magic.BCRYPT_KEY_BLOB
+
+	// Header is the header of the key.
+	Header headers.BCRYPT_ECC_KEY_BLOB
+
+	// Content is the content of the key.
+	Content blob.BCRYPT_ECC_PUBLIC_BLOB
+}
+
+// Unmarshal parses the provided byte slice into the BCRYPT_ECC_PUBLIC_KEY structure.
+//
+// Parameters:
+// - value: A byte slice containing the raw ECC public key to be parsed.
+//
+// Returns:
+// - The number of bytes read from the byte slice.
+// - An error if the parsing fails, otherwise nil.
+//
+// Note:
+// The function expects the byte slice to follow the ECC public key format, starting with the BCRYPT_ECC_KEY_BLOB header.
+// It extracts the X and Y big-endian values from the byte slice and stores them in the BCRYPT_ECC_PUBLIC_KEY structure.
+func (k *BCRYPT_ECC_PUBLIC_KEY) Unmarshal(value []byte) (int, error) {
+	// Need at least 8 bytes for magic (4) + header (4)
+	if len(value) < 8 {
+		return 0, errors.New("buffer too small for BCRYPT_ECC_PUBLIC_KEY, header too short (at least 8 bytes are required)")
+	}
+
+	bytesRead := 0
+
+	// Unmarshalling magic
+	bytesReadMagic, err := k.Magic.Unmarshal(value[:4])
+	if err != nil {
+		return 0, err
+	}
+	if !isValidECCPublicMagic(k.Magic.Magic) {
+		return 0, fmt.Errorf("invalid ECC public key magic: 0x%08x", k.Magic.Magic)
+	}
+	bytesRead += bytesReadMagic
+
+	// Unmarshalling header
+	bytesReadHeader, err := k.Header.Unmarshal(value[bytesRead:])
+	if err != nil {
+		return 0, err
+	}
+	bytesRead += bytesReadHeader
+
+	// Unmarshalling content
+	bytesReadContent, err := k.Content.Unmarshal(k.Header, value[bytesRead:])
+	if err != nil {
+		return 0, err
+	}
+	bytesRead += bytesReadContent
+
+	return bytesRead, nil
+}
+
+// Marshal returns the raw bytes of the BCRYPT_ECC_PUBLIC_KEY structure.
+//
+// Returns:
+// - A byte slice representing the raw bytes of the BCRYPT_ECC_PUBLIC_KEY structure.
+func (k *BCRYPT_ECC_PUBLIC_KEY) Marshal() ([]byte, error) {
+	if !isValidECCPublicMagic(k.Magic.Magic) {
+		return nil, fmt.Errorf("invalid ECC public key magic for marshal: 0x%08x", k.Magic.Magic)
+	}
+
+	marshalledData := []byte{}
+
+	// Marshalling magic (kept as-is; caller must select appropriate curve/type magic)
+	marshalledMagic, err := k.Magic.Marshal()
+	if err != nil {
+		return nil, err
+	}
+	marshalledData = append(marshalledData, marshalledMagic...)
+
+	// Marshalling header
+	marshalledHeader, err := k.Header.Marshal()
+	if err != nil {
+		return nil, err
+	}
+	marshalledData = append(marshalledData, marshalledHeader...)
+
+	// Marshalling content
+	marshalledContent, err := k.Content.Marshal()
+	if err != nil {
+		return nil, err
+	}
+	marshalledData = append(marshalledData, marshalledContent...)
+
+	return marshalledData, nil
+}
+
+// Describe prints a detailed description of the BCRYPT_ECC_PUBLIC_KEY structure.
+//
+// Parameters:
+// - indent: An integer representing the indentation level for the printed output.
+//
+// Note:
+// The function prints the Header and Data of the BCRYPT_ECC_PUBLIC_KEY structure.
+// The output is formatted with the specified indentation level to improve readability.
+func (k *BCRYPT_ECC_PUBLIC_KEY) Describe(indent int) {
+	indentPrompt := strings.Repeat(" │ ", indent)
+	fmt.Printf("%s<\x1b[93mBCRYPT_ECC_PUBLIC_KEY\x1b[0m>\n", indentPrompt)
+	k.Magic.Describe(indent + 1)
+	k.Header.Describe(indent + 1)
+	k.Content.Describe(indent + 1)
+	fmt.Printf("%s└───\n", indentPrompt)
+}
+
+func isValidECCPublicMagic(m uint32) bool {
+	switch m {
+	case magic.BCRYPT_ECDH_PUBLIC_P256_MAGIC,
+		magic.BCRYPT_ECDH_PUBLIC_P384_MAGIC,
+		magic.BCRYPT_ECDH_PUBLIC_P521_MAGIC,
+		magic.BCRYPT_ECDSA_PUBLIC_P256_MAGIC,
+		magic.BCRYPT_ECDSA_PUBLIC_P384_MAGIC,
+		magic.BCRYPT_ECDSA_PUBLIC_P521_MAGIC:
+		return true
+	default:
+		return false
+	}
+}

windows/cng/bcrypt/keys/blob/BCRYPT_ECC_PRIVATE_BLOB.go

@@ -0,0 +1,105 @@
+package blob
+
+import (
+	"bytes"
+	"encoding/hex"
+	"fmt"
+	"strings"
+
+	"github.com/TheManticoreProject/Manticore/windows/cng/bcrypt/keys/headers"
+)
+
+// BCRYPT_ECC_PRIVATE_BLOB represents the content of an ECC private key BLOB in memory.
+//
+// Layout in memory (following the BCRYPT_ECC_KEY_BLOB header):
+//
+//	BCRYPT_ECC_KEY_BLOB
+//	BYTE X[cbKey] // Big-endian.
+//	BYTE Y[cbKey] // Big-endian.
+//	BYTE d[cbKey] // Big-endian.
+//
+// See:
+// https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_ecckey_blob
+type BCRYPT_ECC_PRIVATE_BLOB struct {
+	// X is the X coordinate of the public point. Big-endian.
+	X []byte
+
+	// Y is the Y coordinate of the public point. Big-endian.
+	Y []byte
+
+	// D is the private scalar. Big-endian.
+	D []byte
+}
+
+// Unmarshal parses the provided byte slice into the BCRYPT_ECC_PRIVATE_BLOB structure.
+//
+// Parameters:
+//   - keyHeader: The already-parsed BCRYPT_ECC_KEY_BLOB header, providing cbKey.
+//   - value: A byte slice containing the raw ECC private key BLOB content to be parsed,
+//     starting immediately after the header.
+//
+// Returns:
+// - The number of bytes read from the byte slice.
+// - An error if the parsing fails, otherwise nil.
+func (b *BCRYPT_ECC_PRIVATE_BLOB) Unmarshal(keyHeader headers.BCRYPT_ECC_KEY_BLOB, value []byte) (int, error) {
+	bytesRead := 0
+	cbKey := int(keyHeader.KeySize)
+
+	if cbKey > len(value)-bytesRead {
+		return 0, fmt.Errorf("buffer too small for BCRYPT_ECC_PRIVATE_BLOB, not enough bytes for unmarshalling X")
+	}
+	b.X = value[bytesRead : bytesRead+cbKey]
+	bytesRead += cbKey
+
+	if cbKey > len(value)-bytesRead {
+		return 0, fmt.Errorf("buffer too small for BCRYPT_ECC_PRIVATE_BLOB, not enough bytes for unmarshalling Y")
+	}
+	b.Y = value[bytesRead : bytesRead+cbKey]
+	bytesRead += cbKey
+
+	if cbKey > len(value)-bytesRead {
+		return 0, fmt.Errorf("buffer too small for BCRYPT_ECC_PRIVATE_BLOB, not enough bytes for unmarshalling D")
+	}
+	b.D = value[bytesRead : bytesRead+cbKey]
+	bytesRead += cbKey
+
+	return bytesRead, nil
+}
+
+// Marshal returns the raw bytes of the BCRYPT_ECC_PRIVATE_BLOB structure.
+//
+// Returns:
+// - A byte slice representing the raw bytes of the BCRYPT_ECC_PRIVATE_BLOB structure.
+func (b *BCRYPT_ECC_PRIVATE_BLOB) Marshal() ([]byte, error) {
+	marshalledData := []byte{}
+
+	marshalledData = append(marshalledData, b.X...)
+	marshalledData = append(marshalledData, b.Y...)
+	marshalledData = append(marshalledData, b.D...)
+
+	return marshalledData, nil
+}
+
+// Describe prints the BCRYPT_ECC_PRIVATE_BLOB structure to the console.
+//
+// Parameters:
+// - indent: The number of spaces to indent the output.
+func (b *BCRYPT_ECC_PRIVATE_BLOB) Describe(indent int) {
+	indentPrompt := strings.Repeat(" │ ", indent)
+	fmt.Printf("%s<\x1b[93mBCRYPT_ECC_PRIVATE_BLOB (content)\x1b[0m>\n", indentPrompt)
+	fmt.Printf("%s │ \x1b[93mX\x1b[0m: 0x%s\n", indentPrompt, hex.EncodeToString(b.X))
+	fmt.Printf("%s │ \x1b[93mY\x1b[0m: 0x%s\n", indentPrompt, hex.EncodeToString(b.Y))
+	fmt.Printf("%s │ \x1b[93mD\x1b[0m: 0x%s\n", indentPrompt, hex.EncodeToString(b.D))
+	fmt.Printf("%s └───\n", indentPrompt)
+}
+
+// Equal checks if two BCRYPT_ECC_PRIVATE_BLOB structures are equal.
+//
+// Parameters:
+// - other: The BCRYPT_ECC_PRIVATE_BLOB structure to compare to.
+//
+// Returns:
+// - True if the two BCRYPT_ECC_PRIVATE_BLOB structures are equal, false otherwise.
+func (b *BCRYPT_ECC_PRIVATE_BLOB) Equal(other *BCRYPT_ECC_PRIVATE_BLOB) bool {
+	return bytes.Equal(b.X, other.X) && bytes.Equal(b.Y, other.Y) && bytes.Equal(b.D, other.D)
+}