bcrypt rsa private key import in kernel

Mak

I tried to use the rsa bcrypt decrypt inside a kernel module and get the hresult of 0xd00000bb(HR_STATUS_NOT_SUPPORTED ) from BCryptImportKeyPair.
I first tested the routine in a user mode app and here it works fine.

I tried also BCRYPT_RSAPRIVATE_BLOB instead of LEGACY_RSAPRIVATE_BLOB but here it is not clear how the fields must be set.
If we use BCRYPT_RSAPRIVATE_BLOB we must build the struct of BCRYPT_RSAKEY_BLOB from (in my example) "privateBlobKey" below.

....
pRsaBlob->Magic = BCRYPT_RSAPRIVATE_MAGIC;
pRsaBlob->BitLength = pKey->rsapubkey.bitlen;
pRsaBlob->cbPublicExp = cbExp;
pRsaBlob->cbModulus = cbModulus;
pRsaBlob->cbPrime1 = 0;
pRsaBlob->cbPrime2 = 0;

What is the way that the Decrypt can work in the kernel?

---

I do it in the following way:

if (!SUCCEEDED(hr = HRESULT_FROM_NT(
    BCryptOpenAlgorithmProvider(
        &hAlgorithm,
        BCRYPT_RSA_ALGORITHM,
        MS_PRIMITIVE_PROVIDER, // MS_PLATFORM_CRYPTO_PROVIDER MS_PRIMITIVE_PROVIDER
        0)))) {
    goto cleanup;
}

hr = HRESULT_FROM_NT(BCryptImportKeyPair(
hAlgorithm,
NULL,
LEGACY_RSAPRIVATE_BLOB, // BCRYPT_RSAPRIVATE_BLOB
&hKey,
(PUCHAR)privateBlobKey,
sizeof(privateBlobKey),
0
));

The blob comes from a struct
BYTE privateBlobKey[] =
{ 0x07,0x02,0x00,0x00,0x0
...
};

Peter_Viscarola_(OSR)

I'm no crypto-geek, but I do seem to recall that setting these things up is never trivial. Some of these fields need to be passed-in big endian, do they not?

Peter

Tim_Roberts

Mak wrote:
> I tried to use the rsa bcrypt decrypt inside a kernel module and get the hresult of 0xd00000bb(HR_STATUS_NOT_SUPPORTED ) from BCryptImportKeyPair.

How did you even get that far?  bcrypt.dll is a user-mode DLL that links
to a number of user-mode APIs.  It shouldn't even have loaded in kernel
mode.  Is there a separate bcrypt.dll for kernel use?

Peter_Viscarola_(OSR)

Is there a separate bcrypt.dll for kernel use

I dunno. But you certain can use the bcrypt library in kernel mode. It's part of CNG and you link against CNG.LIB, IIRC.

Peter

Mak

On the microsoft site is stated that for bcrypt a special driver exists which name is "ksecdd.sys".

To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). For more information, see WDK and Developer Tools.Windows Server 2008 and Windows Vista: To call this function in kernel mode, use Ksecdd.lib.

Mak

I get it running. Yes, it is a little bit tricky. First the right format from the Pem must be created and then each field: modulo, private exponent and the primes must be correctly set in Big Endian format.

rstruempf

All you do to run it in kernel mode is link to cng.lib instead of bcrypt.lib. I've used bcrypt from kernel mode extensively, but I've never used the RSA features. I have wrapped a key using bcrypt and then reimported the wrapped key, which is similar to what you are doing.

I can answer general questions, but I do not have a solution to your specific problem.

Let's start with, are you linking to cng.lib? That causes it to link to ksecdd.sys instead of the user mode dlls

Mak

rstruempf: No, if you read on ms it is said that you should link against "Ksecdd.lib". I do this and it works.
For each function from bcrypt it is also exactly said in which level you can call which bcrypt function (DISPATCH or other). I think you should notice that.
The calls to cng.lib are not supported, I think.
Why do think you can link against cng.lib or bcrypt.lib. Have you done it? I think not.

Mak

rstruempf: Sorry, I dont read your post completely.
My orginal question was specific to RSA but as I mentioned above I have solved that.
I looked inside the Ksecdd.sys with dependency walker and there are all bcrypt functions exported. It can be that ms route directly to bcrypt.dll but it also can be that they do some driver specific things before they do that.

rstruempf

bcrypt.lib is an import library that links the bcrypt primitives to the usermode bcrypt.dll (and I think bcryptprimitives.dll). cng.lib is an import library that links the same bcrypt primitives to ksecdd.sys, a kernel mode "dll". Just check out the Remarks section of any of the BCrypt primitive functions on docs.microsoft.com for information on using them in kernel mode (https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/nf-bcrypt-bcryptgenrandom).

I did not catch the first time that you had solved your issues by correcting the blob format. Good luck.