//Return random bytes
bool secureRand(char **output, const int size)
{
//Allocate bytes
*output = (char *) malloc(sizeof(char) * size);
#ifdef _WIN32
HCRYPTPROV hCryptProv = 0;
//Prepare CSPRNG
if (!CryptAcquireContextW
(&hCryptProv, 0, 0, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
fprintf(stderr,
"Error: secureRand: CryptAcquireContextW failed");
return 0;
}
//Generate bytes
if (!CryptGenRandom(hCryptProv, size, (unsigned char *) *output)) {
fprintf(stderr,
"Error: secureRand: CryptGenRandom failed");
return 0;
}
#else
//FIXME: read from /dev/urandom
for (int i = 0; i < size; i++) {
(*output)[i] = rand() % 256 - 128;
}
#endif
return 1;
}
String WebCore::signedPublicKeyAndChallengeString(unsigned index, const String& challenge, const KURL& url)
{
String keyString;
HCRYPTPROV hContext = 0;
HCRYPTKEY hKey = 0;
PCERT_PUBLIC_KEY_INFO pPubInfo = 0;
// Try to delete it if it exists already
CryptAcquireContextW(&hContext, L"keygen_container", MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_DELETEKEYSET);
do {
if (!CryptAcquireContextW(&hContext, L"keygen_container", MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET))
break;
DWORD dwPubInfoLength = 0;
if (!CryptGenKey(hContext, AT_KEYEXCHANGE, 0, &hKey) || !CryptExportPublicKeyInfo(hContext, AT_KEYEXCHANGE, X509_ASN_ENCODING, 0, &dwPubInfoLength))
break;
// Use malloc instead of new, because malloc guarantees to return a pointer aligned for all data types.
pPubInfo = reinterpret_cast<PCERT_PUBLIC_KEY_INFO>(fastMalloc(dwPubInfoLength));
if (!CryptExportPublicKeyInfo(hContext, AT_KEYEXCHANGE, X509_ASN_ENCODING, pPubInfo, &dwPubInfoLength))
break;
CERT_KEYGEN_REQUEST_INFO requestInfo = { 0 };
requestInfo.dwVersion = CERT_KEYGEN_REQUEST_V1;
requestInfo.pwszChallengeString = L"";
requestInfo.SubjectPublicKeyInfo = *pPubInfo;
String localChallenge = challenge;
// Windows API won't write to our buffer, although it's not declared with const.
requestInfo.pwszChallengeString = const_cast<wchar_t*>(localChallenge.charactersWithNullTermination());
CRYPT_ALGORITHM_IDENTIFIER signAlgo = { 0 };
signAlgo.pszObjId = szOID_RSA_SHA1RSA;
DWORD dwEncodedLength;
if (!CryptSignAndEncodeCertificate(hContext, AT_KEYEXCHANGE, X509_ASN_ENCODING, X509_KEYGEN_REQUEST_TO_BE_SIGNED, &requestInfo, &signAlgo, 0, 0, &dwEncodedLength))
break;
Vector<char> binary(dwEncodedLength);
if (!CryptSignAndEncodeCertificate(hContext, AT_KEYEXCHANGE, X509_ASN_ENCODING, X509_KEYGEN_REQUEST_TO_BE_SIGNED, &requestInfo, &signAlgo, 0, reinterpret_cast<LPBYTE>(binary.data()), &dwEncodedLength))
break;
keyString = base64Encode(binary);
} while(0);
if (pPubInfo)
fastFree(pPubInfo);
if (hKey)
CryptDestroyKey(hKey);
if (hContext)
CryptReleaseContext(hContext, 0);
return keyString;
}
/****************************************************************************++
Routine Description:
Deletes the key container and the keys
Arguments:
pwzContainer -
Notes:
-
Return Value:
- S_OK
- or -
- no other errors are expected
--*****************************************************************************/
HRESULT
DeleteKeys(
IN PCWSTR pwzContainer)
{
HRESULT hr = S_OK;
HCRYPTPROV hCryptProv = NULL;
BOOL fServiceAccount = FALSE;
hr = IsServiceAccount(&fServiceAccount);
if (FAILED(hr))
{
goto Cleanup;
}
//
// this is the most counter-intuitive API that i have seen in my life
// in order to delete the contanier and all the keys in it, i have to call CryptAcquireContext
//
if (!CryptAcquireContextW(&hCryptProv,
pwzContainer,
NULL,
DEFAULT_PROV_TYPE,
fServiceAccount ?
(CRYPT_DELETEKEYSET | CRYPT_MACHINE_KEYSET) :
(CRYPT_DELETEKEYSET)))
{
hr = HRESULT_FROM_WIN32(GetLastError());
}
Cleanup:
return hr;
}
/** Get 32 bytes of system entropy. */
static void GetOSRand(unsigned char *ent32)
{
#ifdef WIN32
HCRYPTPROV hProvider;
int ret = CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
if (!ret) {
RandFailure();
}
ret = CryptGenRandom(hProvider, 32, ent32);
if (!ret) {
RandFailure();
}
CryptReleaseContext(hProvider, 0);
#else
int f = open("/dev/urandom", O_RDONLY);
if (f == -1) {
RandFailure();
}
int have = 0;
do {
ssize_t n = read(f, ent32 + have, 32 - have);
if (n <= 0 || n + have > 32) {
RandFailure();
}
have += n;
} while (have < 32);
close(f);
#endif
}
/* good2() reverses the bodies in the if statement */
static void good2()
{
if(staticTrue)
{
{
HCRYPTPROV hCryptProv;
int data;
if (!CryptAcquireContextW(&hCryptProv, 0, 0, PROV_RSA_FULL, 0))
{
exit(1);
}
/* FIX: Use of CryptGenRandom() as a more secure PRNG */
if (!CryptGenRandom(hCryptProv, sizeof(data), (BYTE *) &data))
{
CryptReleaseContext(hCryptProv, 0);
exit(1);
}
if (hCryptProv)
{
CryptReleaseContext(hCryptProv, 0);
}
printIntLine(data);
}
}
}
/* good1() uses if(staticFalse) instead of if(staticTrue) */
static void good1()
{
if(staticFalse)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
{
HCRYPTPROV hCryptProv;
int data;
if (!CryptAcquireContextW(&hCryptProv, 0, 0, PROV_RSA_FULL, 0))
{
exit(1);
}
/* FIX: Use of CryptGenRandom() as a more secure PRNG */
if (!CryptGenRandom(hCryptProv, sizeof(data), (BYTE *) &data))
{
CryptReleaseContext(hCryptProv, 0);
exit(1);
}
if (hCryptProv)
{
CryptReleaseContext(hCryptProv, 0);
}
printIntLine(data);
}
}
}
/*!
* \brief ハッシュ計算実行
*/
void SHA256::execute(const char* message, int32_t size)
{
#if defined(_WINDOWS)
HCRYPTPROV hProv = NULL;
HCRYPTHASH hHash = NULL;
do
{
if (CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT) == FALSE)
break;
if (CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash) == FALSE)
break;
if (CryptHashData(hHash, (uint8_t*)message, size, 0) == FALSE)
break;
int32_t hashSize = getHashSize();
CryptGetHashParam(hHash, HP_HASHVAL, mData->mMessageDigest, (DWORD*)&hashSize, 0);
}
while (false);
if (hHash)
CryptDestroyHash(hHash);
if (hProv)
CryptReleaseContext(hProv, 0);
#else
SHA256_CTX context;
SHA256_Init( &context);
SHA256_Update(&context, message, size);
SHA256_Final(mData->mMessageDigest, &context);
#endif
}
// from tweetnacl
__declspec(dllexport) void randombytes(unsigned char *x,int xlen)
{
HCRYPTPROV prov = 0;
CryptAcquireContextW(&prov, NULL, NULL,PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
CryptGenRandom(prov, xlen, x);
CryptReleaseContext(prov, 0);
}
HCRYPTPROV CRYPT_GetDefaultProvider(void)
{
if (!hDefProv)
CryptAcquireContextW(&hDefProv, NULL, MS_ENHANCED_PROV_W,
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
return hDefProv;
}
int RAND_poll(void)
{
MEMORYSTATUS mst;
# ifndef RAND_WINDOWS_USE_BCRYPT
HCRYPTPROV hProvider;
# endif
DWORD w;
BYTE buf[64];
# ifdef RAND_WINDOWS_USE_BCRYPT
if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) {
RAND_add(buf, sizeof(buf), sizeof(buf));
}
# else
/* poll the CryptoAPI PRNG */
/* The CryptoAPI returns sizeof(buf) bytes of randomness */
if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
RAND_add(buf, sizeof(buf), sizeof(buf));
}
CryptReleaseContext(hProvider, 0);
}
/* poll the Pentium PRG with CryptoAPI */
if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) {
RAND_add(buf, sizeof(buf), sizeof(buf));
}
CryptReleaseContext(hProvider, 0);
}
# endif
/* timer data */
readtimer();
/* memory usage statistics */
GlobalMemoryStatus(&mst);
RAND_add(&mst, sizeof(mst), 1);
/* process ID */
w = GetCurrentProcessId();
RAND_add(&w, sizeof(w), 1);
return (1);
}
/***********************************************************************
* CryptCATAdminCalcHashFromFileHandle (WINTRUST.@)
*/
BOOL WINAPI CryptCATAdminCalcHashFromFileHandle(HANDLE hFile, DWORD* pcbHash,
BYTE* pbHash, DWORD dwFlags )
{
BOOL ret = FALSE;
TRACE("%p %p %p %x\n", hFile, pcbHash, pbHash, dwFlags);
if (!hFile || !pcbHash || dwFlags)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
if (*pcbHash < 20)
{
*pcbHash = 20;
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return TRUE;
}
*pcbHash = 20;
if (pbHash)
{
HCRYPTPROV prov;
HCRYPTHASH hash;
DWORD bytes_read;
BYTE *buffer;
if (!(buffer = HeapAlloc(GetProcessHeap(), 0, 4096)))
{
SetLastError(ERROR_OUTOFMEMORY);
return FALSE;
}
ret = CryptAcquireContextW(&prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
if (!ret)
{
HeapFree(GetProcessHeap(), 0, buffer);
return FALSE;
}
ret = CryptCreateHash(prov, CALG_SHA1, 0, 0, &hash);
if (!ret)
{
HeapFree(GetProcessHeap(), 0, buffer);
CryptReleaseContext(prov, 0);
return FALSE;
}
while ((ret = ReadFile(hFile, buffer, 4096, &bytes_read, NULL)) && bytes_read)
{
CryptHashData(hash, buffer, bytes_read, 0);
}
if (ret) ret = CryptGetHashParam(hash, HP_HASHVAL, pbHash, pcbHash, 0);
HeapFree(GetProcessHeap(), 0, buffer);
CryptDestroyHash(hash);
CryptReleaseContext(prov, 0);
}
return ret;
}
BOOL aes_decrypt(BYTE *inbuf, BYTE *outbuf, size_t buf_size, LPCWSTR key_str, size_t key_len)
{
if (inbuf == NULL || outbuf == NULL) return FALSE;
BOOL dwStatus = FALSE;
BOOL bResult = FALSE;
wchar_t info[] = L"Microsoft Enhanced RSA and AES Cryptographic Provider";
HCRYPTPROV hProv;
if (!CryptAcquireContextW(&hProv, NULL, info, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)){
dwStatus = GetLastError();
printf("CryptAcquireContext failed: %x\n", dwStatus);
CryptReleaseContext(hProv, 0);
return dwStatus;
}
HCRYPTHASH hHash;
if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)){
dwStatus = GetLastError();
printf("CryptCreateHash failed: %x\n", dwStatus);
CryptReleaseContext(hProv, 0);
return dwStatus;
}
if (!CryptHashData(hHash, (BYTE*)key_str, key_len, 0)) {
DWORD err = GetLastError();
printf ("CryptHashData Failed : %#x\n", err);
return dwStatus;
}
HCRYPTKEY hKey;
if (!CryptDeriveKey(hProv, CALG_AES_128, hHash, 0,&hKey)){
dwStatus = GetLastError();
printf("CryptDeriveKey failed: %x\n", dwStatus);
CryptReleaseContext(hProv, 0);
return dwStatus;
}
const size_t chunk_size = BLOCK_LEN;
DWORD read = 0;
DWORD written = 0;
DWORD ciphertextLen = BLOCK_LEN;
memcpy(outbuf, inbuf, chunk_size);
if (CryptDecrypt(hKey, NULL, FALSE, 0,outbuf, &ciphertextLen)) {
//printf ("[+] crypt OK!\n");
dwStatus = TRUE;
}
CryptReleaseContext(hProv, 0);
CryptDestroyKey(hKey);
CryptDestroyHash(hHash);
return dwStatus;
}
int main(int argc, char* argv[]) {
HCRYPTPROV hProv;
HCRYPTKEY hKey;
if (argc != 2) {
fprintf(stderr, "Usage: CryptTest <data>\n");
exit(1);
}
char* plaintext = argv[1];
if (!CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT)) {
PrintError("CryptAcquireContext");
}
while (1) {
puts("Generating key...");
if (!CryptGenKey(hProv, CALG_RC2, 0x800000, &hKey)) {
PrintError("CryptGenKey");
}
puts("New key generated...");
DWORD plaintextSize = strlen(plaintext);
DWORD cipherSize = plaintextSize;
if (!CryptEncrypt(hKey, 0, 1, 0, 0, &cipherSize, 0)) {
PrintError("CryptEncrypt[0]");
}
BYTE* data = (BYTE*)malloc(cipherSize);
strncpy_s(data, cipherSize, plaintext, plaintextSize);
if (!CryptEncrypt(hKey, 0, 1, 0, data, &plaintextSize, cipherSize)) {
PrintError("CryptEncrypt[0]");
}
puts("Encrypted data:");
PrintHex(data, cipherSize);
puts("\n\n");
if (!CryptDestroyKey(hKey)) {
PrintError("CryptDestroyKey");
}
Sleep(5000);
}
if (!CryptReleaseContext(hProv, 0)) {
PrintError("CryptReleaseContext");
}
getchar();
return 0;
}
static int gg_rand(void *buff, size_t len)
{
#ifdef _WIN32
HCRYPTPROV hProvider = 0;
int res = 0;
if (!CryptAcquireContextW(&hProvider, 0, 0, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
{
gg_debug(GG_DEBUG_MISC | GG_DEBUG_ERROR, "// gg_rand() "
"couldn't acquire crypto context\n");
return -1;
}
if (!CryptGenRandom(hProvider, len, buff)) {
gg_debug(GG_DEBUG_MISC | GG_DEBUG_ERROR, "// gg_rand() "
"couldn't fill random buffer\n");
res = -1;
}
CryptReleaseContext(hProvider, 0);
return res;
#else
uint8_t *buff_b = buff;
int fd = open("/dev/random", O_RDONLY);
if (fd < 0)
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0) {
gg_debug(GG_DEBUG_MISC | GG_DEBUG_ERROR, "// gg_rand() "
"couldn't open random device\n");
return -1;
}
while (len > 0) {
/* TODO: handle EINTR */
ssize_t got_data = read(fd, buff_b, len);
if (got_data < 0) {
gg_debug(GG_DEBUG_MISC | GG_DEBUG_ERROR, "// gg_rand() "
"couldn't read from random device\n");
close(fd);
return -1;
}
buff_b += got_data;
len -= got_data;
}
close(fd);
return 0;
#endif
}
uint Advapi32_CryptAcquireContextW(Processor *cpu)
{
RET_VALUE = (u32) CryptAcquireContextW(
(HCRYPTPROV *) PARAM_PTR(0),
(LPCWSTR) PARAM_PTR(1),
(LPCWSTR) PARAM_PTR(2),
(DWORD) PARAM(3),
(DWORD) PARAM(4)
);
RET_PARAMS(5);
}
unsigned char* MsDrbg::get_entropy(const size_t length)
{
HCRYPTPROV hProvider = NULL;
CryptAcquireContextW(&hProvider, nullptr, nullptr, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
unsigned char* entropy_input = new unsigned char[length];
CryptGenRandom(hProvider, static_cast<DWORD>(length), entropy_input);
CryptReleaseContext(hProvider, NULL);
return entropy_input;
}
int RAND_poll(void)
{
MEMORYSTATUS mst;
HCRYPTPROV hProvider = 0;
DWORD w;
BYTE buf[64];
/* poll the CryptoAPI PRNG */
/* The CryptoAPI returns sizeof(buf) bytes of randomness */
if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
RAND_add(buf, sizeof(buf), sizeof(buf));
}
CryptReleaseContext(hProvider, 0);
}
/* poll the Pentium PRG with CryptoAPI */
if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
if (CryptGenRandom(hProvider, sizeof(buf), buf) != 0) {
RAND_add(buf, sizeof(buf), sizeof(buf));
}
CryptReleaseContext(hProvider, 0);
}
/* timer data */
readtimer();
/* memory usage statistics */
GlobalMemoryStatus(&mst);
RAND_add(&mst, sizeof(mst), 1);
/* process ID */
w = GetCurrentProcessId();
RAND_add(&w, sizeof(w), 1);
return (1);
}
EXTERN_C
BOOL
PALAPI
CryptAcquireContextA(
HCRYPTPROV *phProv,
LPCSTR szContainer,
LPCSTR szProvider,
DWORD dwProvType,
DWORD dwFlags)
{
_ASSERTE(szContainer == NULL);
_ASSERTE(szProvider == NULL);
return CryptAcquireContextW(phProv, NULL, NULL, dwProvType, dwFlags);
}
HCRYPTPROV CRYPT_GetDefaultProvider(void)
{
if (!hDefProv)
{
HCRYPTPROV prov;
if (!CryptAcquireContextW(&prov, NULL, MS_ENH_RSA_AES_PROV_W,
PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
return hDefProv;
InterlockedCompareExchangePointer((PVOID *)&hDefProv, (PVOID)prov,
NULL);
if (hDefProv != prov)
CryptReleaseContext(prov, 0);
}
return hDefProv;
}
static BOOL compare_sha1(void *data, unsigned int pitch, unsigned int bpp,
unsigned int w, unsigned int h, const char *ref_sha1)
{
static const char hex_chars[] = "0123456789abcdef";
HCRYPTPROV provider;
BYTE hash_data[20];
HCRYPTHASH hash;
unsigned int i;
char sha1[41];
BOOL ret;
ret = CryptAcquireContextW(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
ok(ret, "Failed to acquire crypt context.\n");
ret = CryptCreateHash(provider, CALG_SHA1, 0, 0, &hash);
ok(ret, "Failed to create hash.\n");
for (i = 0; i < h; ++i)
{
if (!(ret = CryptHashData(hash, (BYTE *)data + pitch * i, w * bpp, 0)))
break;
}
ok(ret, "Failed to hash data.\n");
i = sizeof(hash_data);
ret = CryptGetHashParam(hash, HP_HASHVAL, hash_data, &i, 0);
ok(ret, "Failed to get hash value.\n");
ok(i == sizeof(hash_data), "Got unexpected hash size %u.\n", i);
ret = CryptDestroyHash(hash);
ok(ret, "Failed to destroy hash.\n");
ret = CryptReleaseContext(provider, 0);
ok(ret, "Failed to release crypt context.\n");
for (i = 0; i < 20; ++i)
{
sha1[i * 2] = hex_chars[hash_data[i] >> 4];
sha1[i * 2 + 1] = hex_chars[hash_data[i] & 0xf];
}
sha1[40] = 0;
return !strcmp(ref_sha1, (char *)sha1);
}
TokenData QCSP::selectCert( const QString &cn, SslCertificate::KeyUsage usage )
{
TokenData t;
t.setCard( cn );
if( d->h )
CryptReleaseContext( d->h, 0 );
QPair<QString,QString> c = d->certs.value( cn );
if( !CryptAcquireContextW( &d->h, LPCWSTR(c.second.utf16()), LPCWSTR(c.first.utf16()), PROV_RSA_FULL, 0 ) )
return t;
HCRYPTKEY key = 0;
if( !CryptGetUserKey( d->h, usage == SslCertificate::NonRepudiation ? AT_SIGNATURE : AT_KEYEXCHANGE, &key ) )
return t;
SslCertificate cert = QSslCertificate( d->keyParam( key, KP_CERTIFICATE, 0 ), QSsl::Der );
CryptDestroyKey( key );
if( cert.keyUsage().keys().contains( usage ) )
t.setCert( cert );
return t;
}
int RAND_poll(void)
{
MEMORYSTATUS m;
HCRYPTPROV hProvider = 0;
DWORD w;
int good = 0;
/* Determine the OS version we are on so we can turn off things
* that do not work properly.
*/
OSVERSIONINFO osverinfo ;
osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
GetVersionEx( &osverinfo ) ;
#if defined(OPENSSL_SYS_WINCE)
# if defined(_WIN32_WCE) && _WIN32_WCE>=300
/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
* in commonly available implementations prior 300... */
{
BYTE buf[64];
/* poll the CryptoAPI PRNG */
/* The CryptoAPI returns sizeof(buf) bytes of randomness */
if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
{
if (CryptGenRandom(hProvider, sizeof(buf), buf))
RAND_add(buf, sizeof(buf), sizeof(buf));
CryptReleaseContext(hProvider, 0);
}
}
# endif
#else /* OPENSSL_SYS_WINCE */
/*
* None of below libraries are present on Windows CE, which is
* why we #ifndef the whole section. This also excuses us from
* handling the GetProcAddress issue. The trouble is that in
* real Win32 API GetProcAddress is available in ANSI flavor
* only. In WinCE on the other hand GetProcAddress is a macro
* most commonly defined as GetProcAddressW, which accepts
* Unicode argument. If we were to call GetProcAddress under
* WinCE, I'd recommend to either redefine GetProcAddress as
* GetProcAddressA (there seem to be one in common CE spec) or
* implement own shim routine, which would accept ANSI argument
* and expand it to Unicode.
*/
{
/* load functions dynamically - not available on all systems */
HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
HMODULE user = NULL;
HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
CRYPTACQUIRECONTEXTW acquire = NULL;
CRYPTGENRANDOM gen = NULL;
CRYPTRELEASECONTEXT release = NULL;
NETSTATGET netstatget = NULL;
NETFREE netfree = NULL;
BYTE buf[64];
if (netapi)
{
netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
}
if (netstatget && netfree)
{
LPBYTE outbuf;
/* NetStatisticsGet() is a Unicode only function
* STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
* contains 17 fields. We treat each field as a source of
* one byte of entropy.
*/
if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
{
RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
netfree(outbuf);
}
if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
{
RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
netfree(outbuf);
}
}
if (netapi)
FreeLibrary(netapi);
/* It appears like this can cause an exception deep within ADVAPI32.DLL
* at random times on Windows 2000. Reported by Jeffrey Altman.
* Only use it on NT.
*/
/* Wolfgang Marczy <*****@*****.**> reports that
* the RegQueryValueEx call below can hang on NT4.0 (SP6).
* So we don't use this at all for now. */
#if 0
if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
osverinfo.dwMajorVersion < 5)
{
/* Read Performance Statistics from NT/2000 registry
* The size of the performance data can vary from call
* to call so we must guess the size of the buffer to use
* and increase its size if we get an ERROR_MORE_DATA
* return instead of ERROR_SUCCESS.
*/
LONG rc=ERROR_MORE_DATA;
char * buf=NULL;
DWORD bufsz=0;
DWORD length;
while (rc == ERROR_MORE_DATA)
{
buf = realloc(buf,bufsz+8192);
if (!buf)
break;
bufsz += 8192;
length = bufsz;
rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
NULL, NULL, buf, &length);
}
if (rc == ERROR_SUCCESS)
{
/* For entropy count assume only least significant
* byte of each DWORD is random.
*/
RAND_add(&length, sizeof(length), 0);
RAND_add(buf, length, length / 4.0);
/* Close the Registry Key to allow Windows to cleanup/close
* the open handle
* Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
* when the RegQueryValueEx above is done. However, if
* it is not explicitly closed, it can cause disk
* partition manipulation problems.
*/
RegCloseKey(HKEY_PERFORMANCE_DATA);
}
if (buf)
free(buf);
}
#endif
if (advapi)
{
/*
* If it's available, then it's available in both ANSI
* and UNICODE flavors even in Win9x, documentation says.
* We favor Unicode...
*/
acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
"CryptAcquireContextW");
gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
"CryptGenRandom");
release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
"CryptReleaseContext");
}
if (acquire && gen && release)
{
/* poll the CryptoAPI PRNG */
/* The CryptoAPI returns sizeof(buf) bytes of randomness */
if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
{
if (gen(hProvider, sizeof(buf), buf) != 0)
{
RAND_add(buf, sizeof(buf), 0);
good = 1;
#if 0
printf("randomness from PROV_RSA_FULL\n");
#endif
}
release(hProvider, 0);
}
/* poll the Pentium PRG with CryptoAPI */
if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
{
if (gen(hProvider, sizeof(buf), buf) != 0)
{
RAND_add(buf, sizeof(buf), sizeof(buf));
good = 1;
#if 0
printf("randomness from PROV_INTEL_SEC\n");
#endif
}
release(hProvider, 0);
}
}
if (advapi)
FreeLibrary(advapi);
if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||
!OPENSSL_isservice()) &&
(user = LoadLibrary(TEXT("USER32.DLL"))))
{
GETCURSORINFO cursor;
GETFOREGROUNDWINDOW win;
GETQUEUESTATUS queue;
win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
if (win)
{
/* window handle */
HWND h = win();
RAND_add(&h, sizeof(h), 0);
}
if (cursor)
{
/* unfortunately, its not safe to call GetCursorInfo()
* on NT4 even though it exists in SP3 (or SP6) and
* higher.
*/
if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
osverinfo.dwMajorVersion < 5)
cursor = 0;
}
if (cursor)
{
/* cursor position */
/* assume 2 bytes of entropy */
CURSORINFO ci;
ci.cbSize = sizeof(CURSORINFO);
if (cursor(&ci))
RAND_add(&ci, ci.cbSize, 2);
}
if (queue)
{
/* message queue status */
/* assume 1 byte of entropy */
w = queue(QS_ALLEVENTS);
RAND_add(&w, sizeof(w), 1);
}
FreeLibrary(user);
}
/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
* http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
* (Win 9x and 2000 only, not available on NT)
*
* This seeding method was proposed in Peter Gutmann, Software
* Generation of Practically Strong Random Numbers,
* http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
* (The assignment of entropy estimates below is arbitrary, but based
* on Peter's analysis the full poll appears to be safe. Additional
* interactive seeding is encouraged.)
*/
if (kernel)
{
CREATETOOLHELP32SNAPSHOT snap;
CLOSETOOLHELP32SNAPSHOT close_snap;
HANDLE handle;
HEAP32FIRST heap_first;
HEAP32NEXT heap_next;
HEAP32LIST heaplist_first, heaplist_next;
PROCESS32 process_first, process_next;
THREAD32 thread_first, thread_next;
MODULE32 module_first, module_next;
HEAPLIST32 hlist;
HEAPENTRY32 hentry;
PROCESSENTRY32 p;
THREADENTRY32 t;
MODULEENTRY32 m;
DWORD starttime = 0;
snap = (CREATETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, "CreateToolhelp32Snapshot");
close_snap = (CLOSETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, "CloseToolhelp32Snapshot");
heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
if (snap && heap_first && heap_next && heaplist_first &&
heaplist_next && process_first && process_next &&
thread_first && thread_next && module_first &&
module_next && (handle = snap(TH32CS_SNAPALL,0))
!= INVALID_HANDLE_VALUE)
{
/* heap list and heap walking */
/* HEAPLIST32 contains 3 fields that will change with
* each entry. Consider each field a source of 1 byte
* of entropy.
* HEAPENTRY32 contains 5 fields that will change with
* each entry. Consider each field a source of 1 byte
* of entropy.
*/
ZeroMemory(&hlist, sizeof(HEAPLIST32));
hlist.dwSize = sizeof(HEAPLIST32);
if (good) starttime = GetTickCount();
#ifdef _MSC_VER
if (heaplist_first(handle, &hlist))
{
/*
following discussion on dev ML, exception on WinCE (or other Win
platform) is theoretically of unknown origin; prevent infinite
loop here when this theoretical case occurs; otherwise cope with
the expected (MSDN documented) exception-throwing behaviour of
Heap32Next() on WinCE.
based on patch in original message by Tanguy Fautré (2009/03/02)
Subject: RAND_poll() and CreateToolhelp32Snapshot() stability
*/
int ex_cnt_limit = 42;
do
{
RAND_add(&hlist, hlist.dwSize, 3);
__try
{
ZeroMemory(&hentry, sizeof(HEAPENTRY32));
hentry.dwSize = sizeof(HEAPENTRY32);
if (heap_first(&hentry,
hlist.th32ProcessID,
hlist.th32HeapID))
{
int entrycnt = 80;
do
RAND_add(&hentry,
hentry.dwSize, 5);
while (heap_next(&hentry)
&& (!good || (GetTickCount()-starttime)<MAXDELAY)
&& --entrycnt > 0);
}
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
/* ignore access violations when walking the heap list */
ex_cnt_limit--;
}
} while (heaplist_next(handle, &hlist)
&& (!good || (GetTickCount()-starttime)<MAXDELAY)
&& ex_cnt_limit > 0);
}
#else
if (heaplist_first(handle, &hlist))
{
do
{
RAND_add(&hlist, hlist.dwSize, 3);
hentry.dwSize = sizeof(HEAPENTRY32);
if (heap_first(&hentry,
hlist.th32ProcessID,
hlist.th32HeapID))
{
int entrycnt = 80;
do
RAND_add(&hentry,
hentry.dwSize, 5);
while (heap_next(&hentry)
&& --entrycnt > 0);
}
} while (heaplist_next(handle, &hlist)
&& (!good || (GetTickCount()-starttime)<MAXDELAY));
}
#endif
/* process walking */
/* PROCESSENTRY32 contains 9 fields that will change
* with each entry. Consider each field a source of
* 1 byte of entropy.
*/
p.dwSize = sizeof(PROCESSENTRY32);
if (good) starttime = GetTickCount();
if (process_first(handle, &p))
do
RAND_add(&p, p.dwSize, 9);
while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY));
/* thread walking */
/* THREADENTRY32 contains 6 fields that will change
* with each entry. Consider each field a source of
* 1 byte of entropy.
*/
t.dwSize = sizeof(THREADENTRY32);
if (good) starttime = GetTickCount();
if (thread_first(handle, &t))
do
RAND_add(&t, t.dwSize, 6);
while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY));
/* module walking */
/* MODULEENTRY32 contains 9 fields that will change
* with each entry. Consider each field a source of
* 1 byte of entropy.
*/
m.dwSize = sizeof(MODULEENTRY32);
if (good) starttime = GetTickCount();
if (module_first(handle, &m))
do
RAND_add(&m, m.dwSize, 9);
while (module_next(handle, &m)
&& (!good || (GetTickCount()-starttime)<MAXDELAY));
if (close_snap)
close_snap(handle);
else
CloseHandle(handle);
}
FreeLibrary(kernel);
}
BOOL aes_decrypt_file(LPWSTR filename, LPWSTR filename2, LPCWSTR key_str, size_t key_len)
{
if (filename == NULL || filename2 == NULL) return FALSE;
BOOL dwStatus = FALSE;
printf("Key: %S\n", key_str);
printf("Key len: %#x\n", key_len);
printf("Input File: %S\n", filename);
printf("Output File: %S\n", filename2);
printf("----\n");
wchar_t info[] = L"Microsoft Enhanced RSA and AES Cryptographic Provider";
HCRYPTPROV hProv;
if (!CryptAcquireContextW(&hProv, NULL, info, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)){
dwStatus = GetLastError();
printf("CryptAcquireContext failed: %x\n", dwStatus);
CryptReleaseContext(hProv, 0);
return dwStatus;
}
HCRYPTHASH hHash;
if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)){
dwStatus = GetLastError();
printf("CryptCreateHash failed: %x\n", dwStatus);
CryptReleaseContext(hProv, 0);
return dwStatus;
}
if (!CryptHashData(hHash, (BYTE*)key_str, key_len, 0)) {
DWORD err = GetLastError();
printf ("CryptHashData Failed : %#x\n", err);
return dwStatus;
}
HCRYPTKEY hKey;
if (!CryptDeriveKey(hProv, CALG_AES_128, hHash, 0,&hKey)){
dwStatus = GetLastError();
printf("CryptDeriveKey failed: %x\n", dwStatus);
CryptReleaseContext(hProv, 0);
return dwStatus;
}
const size_t chunk_size = BLOCK_LEN;
BYTE chunk[chunk_size];
DWORD read = 0;
DWORD written = 0;
HANDLE hInpFile = CreateFileW(filename, GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_FLAG_SEQUENTIAL_SCAN,NULL);
HANDLE hOutFile = CreateFileW(filename2, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (hInpFile == NULL) {
printf("Cannot open input file!\n");
return dwStatus;
}
if (hOutFile == NULL) {
printf("Cannot open output file!\n");
return dwStatus;
}
while (ReadFile(hInpFile, chunk, chunk_size, &read, NULL)) {
if (0 == read){
break;
}
DWORD ciphertextLen = BLOCK_LEN;
if (!CryptDecrypt(hKey, NULL, FALSE, 0,chunk, &ciphertextLen)) {
printf("failed!\n");
dwStatus = FALSE;
break;
} else {
dwStatus = TRUE;
}
if (!WriteFile(hOutFile, chunk, ciphertextLen, &written, NULL)) {
printf("writing failed!\n");
break;
}
memset(chunk, 0, chunk_size);
}
CryptReleaseContext(hProv, 0);
CryptDestroyKey(hKey);
CryptDestroyHash(hHash);
CloseHandle(hInpFile);
CloseHandle(hOutFile);
return dwStatus;
}
QStringList QCSP::containers( SslCertificate::KeyUsage usage )
{
qWarning() << "Start enumerationg providers";
QHash<QString,QPair<QString,QString> > certs;
HCRYPTPROV h = 0;
DWORD index = 0, type = 0, size = 0;
while( CryptEnumProvidersW( index, 0, 0, &type, 0, &size ) )
{
QString provider( size / sizeof(wchar_t) - 1, 0 );
if( !CryptEnumProvidersW( index++, 0, 0, &type, LPWSTR(provider.data()), &size ) )
continue;
qWarning() << "Found provider" << provider << "type" << type;
if( type != PROV_RSA_FULL )
continue;
// its broken and does not play well with pkcs11
if( provider.toLower().contains( "esteid" ) )
continue;
qWarning() << "Acquiring provider" << provider << "context";
if( h )
CryptReleaseContext( h, 0 );
h = 0;
if( !CryptAcquireContextW( &h, 0, LPCWSTR(provider.utf16()), type, CRYPT_SILENT ) )
continue;
qWarning() << "Checking if provider" << provider << "is HW";
QByteArray imptype = QCSPPrivate::provParam( h, PP_IMPTYPE );
if( imptype.isEmpty() || !(imptype[0] & CRYPT_IMPL_HARDWARE) )
continue;
qWarning() << "Enumerating provider " << provider << "containers";
QStringList containers;
QByteArray container = QCSPPrivate::provParam( h, PP_ENUMCONTAINERS, CRYPT_FIRST );
while( !container.isEmpty() )
{
containers << container;
container = QCSPPrivate::provParam( h, PP_ENUMCONTAINERS, CRYPT_NEXT );
}
qWarning() << "Provider" << provider << "containers" << containers;
Q_FOREACH( const QString &container, containers )
{
if( h )
CryptReleaseContext( h, 0 );
h = 0;
qWarning() << "Acquiring provider" << provider << "container" << container << "context";
if( !CryptAcquireContextW( &h, LPCWSTR(container.utf16()), LPCWSTR(provider.utf16()), type, CRYPT_SILENT ) )
continue;
qWarning() << "Geting provider" << provider << "container" << container << "key";
HCRYPTKEY key = 0;
if( !CryptGetUserKey( h, usage == SslCertificate::NonRepudiation ? AT_SIGNATURE : AT_KEYEXCHANGE, &key ) )
continue;
qWarning() << "Reading provider" << provider << "container" << container << "cert";
QSslCertificate cert( QCSPPrivate::keyParam( key, KP_CERTIFICATE, 0 ), QSsl::Der );
CryptDestroyKey( key );
if( cert.isNull() )
continue;
qWarning() << "Adding provider" << provider << "container" << container << "list";
certs.insert( cert.subjectInfo( QSslCertificate::CommonName ), QPair<QString,QString>( provider, container ) );
}
}
if( h )
CryptReleaseContext( h, 0 );
qWarning() << "End enumerationg providers";
d->certs = certs;
return d->certs.keys();
}
void CAPICertificate::setUri (const std::string& capiUri) {
valid_ = false;
/* Syntax: "certstore:" <cert_store> ":" <hash> ":" <hash_of_cert> */
if (!boost::iequals(capiUri.substr(0, 10), "certstore:")) {
return;
}
/* Substring of subject: uses "storename" */
std::string capiIdentity = capiUri.substr(10);
std::string newCertStoreName;
size_t pos = capiIdentity.find_first_of (':');
if (pos == std::string::npos) {
/* Using the default certificate store */
newCertStoreName = "MY";
certName_ = capiIdentity;
}
else {
newCertStoreName = capiIdentity.substr(0, pos);
certName_ = capiIdentity.substr(pos + 1);
}
if (certStoreHandle_ != NULL) {
if (newCertStoreName != certStore_) {
CertCloseStore(certStoreHandle_, 0);
certStoreHandle_ = NULL;
}
}
if (certStoreHandle_ == NULL) {
certStoreHandle_ = CertOpenSystemStore(0, newCertStoreName.c_str());
if (!certStoreHandle_) {
return;
}
}
certStore_ = newCertStoreName;
PCCERT_CONTEXT certContext = findCertificateInStore (certStoreHandle_, certName_);
if (!certContext) {
return;
}
/* Now verify that we can have access to the corresponding private key */
DWORD len;
CRYPT_KEY_PROV_INFO *pinfo;
HCRYPTPROV hprov;
HCRYPTKEY key;
if (!CertGetCertificateContextProperty(certContext,
CERT_KEY_PROV_INFO_PROP_ID,
NULL,
&len)) {
CertFreeCertificateContext(certContext);
return;
}
pinfo = static_cast<CRYPT_KEY_PROV_INFO *>(malloc(len));
if (!pinfo) {
CertFreeCertificateContext(certContext);
return;
}
if (!CertGetCertificateContextProperty(certContext, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len)) {
CertFreeCertificateContext(certContext);
free(pinfo);
return;
}
CertFreeCertificateContext(certContext);
// Now verify if we have access to the private key
if (!CryptAcquireContextW(&hprov, pinfo->pwszContainerName, pinfo->pwszProvName, pinfo->dwProvType, 0)) {
free(pinfo);
return;
}
char smartCardReader[1024];
DWORD bufferLength = sizeof(smartCardReader);
if (!CryptGetProvParam(hprov, PP_SMARTCARD_READER, (BYTE *)&smartCardReader, &bufferLength, 0)) {
DWORD error = GetLastError();
smartCardReaderName_ = "";
}
else {
smartCardReaderName_ = smartCardReader;
LONG result = SCardEstablishContext(SCARD_SCOPE_USER, NULL, NULL, &scardContext_);
if (SCARD_S_SUCCESS == result) {
// Initiate monitoring for smartcard ejection
smartCardTimer_ = timerFactory_->createTimer(SMARTCARD_EJECTION_CHECK_FREQUENCY_MILLISECONDS);
}
else {
///Need to handle an error here
}
}
if (!CryptGetUserKey(hprov, pinfo->dwKeySpec, &key)) {
CryptReleaseContext(hprov, 0);
free(pinfo);
return;
}
CryptDestroyKey(key);
CryptReleaseContext(hprov, 0);
free(pinfo);
if (smartCardTimer_) {
smartCardTimer_->onTick.connect(boost::bind(&CAPICertificate::handleSmartCardTimerTick, this));
smartCardTimer_->start();
}
valid_ = true;
}
static void testAcquireSecurityContext(void)
{
BOOL has_schannel = FALSE;
SecPkgInfoA *package_info;
ULONG i;
SECURITY_STATUS st;
CredHandle cred;
SecPkgCredentials_NamesA names;
TimeStamp exp;
SCHANNEL_CRED schanCred;
PCCERT_CONTEXT certs[2];
HCRYPTPROV csp;
WCHAR ms_def_prov_w[MAX_PATH];
BOOL ret;
HCRYPTKEY key;
CRYPT_KEY_PROV_INFO keyProvInfo;
if (!pAcquireCredentialsHandleA ||
!pEnumerateSecurityPackagesA || !pFreeContextBuffer ||
!pFreeCredentialsHandle)
{
win_skip("Needed functions are not available\n");
return;
}
if (SUCCEEDED(pEnumerateSecurityPackagesA(&i, &package_info)))
{
while(i--)
{
if (!strcmp(package_info[i].Name, unisp_name_a))
{
has_schannel = TRUE;
break;
}
}
pFreeContextBuffer(package_info);
}
if (!has_schannel)
{
skip("Schannel not available\n");
return;
}
lstrcpyW(ms_def_prov_w, MS_DEF_PROV_W);
keyProvInfo.pwszContainerName = cspNameW;
keyProvInfo.pwszProvName = ms_def_prov_w;
keyProvInfo.dwProvType = PROV_RSA_FULL;
keyProvInfo.dwFlags = 0;
keyProvInfo.cProvParam = 0;
keyProvInfo.rgProvParam = NULL;
keyProvInfo.dwKeySpec = AT_SIGNATURE;
certs[0] = CertCreateCertificateContext(X509_ASN_ENCODING, bigCert, sizeof(bigCert));
certs[1] = CertCreateCertificateContext(X509_ASN_ENCODING, selfSignedCert, sizeof(selfSignedCert));
SetLastError(0xdeadbeef);
ret = CryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_DELETEKEYSET);
if (!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
{
/* WinMe would crash on some tests */
win_skip("CryptAcquireContextW is not implemented\n");
return;
}
st = pAcquireCredentialsHandleA(NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL,
NULL);
ok(st == SEC_E_SECPKG_NOT_FOUND,
"Expected SEC_E_SECPKG_NOT_FOUND, got %08x\n", st);
if (0)
{
/* Crashes on Win2K */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, 0, NULL, NULL, NULL,
NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
/* Crashes on WinNT */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_BOTH, NULL,
NULL, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, NULL, NULL, NULL, NULL, NULL);
ok(st == SEC_E_NO_CREDENTIALS, "Expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
/* Crashes */
pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, NULL, NULL);
}
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
if(st == SEC_E_OK)
pFreeCredentialsHandle(&cred);
memset(&cred, 0, sizeof(cred));
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, NULL, NULL, NULL, &cred, &exp);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
/* expriy is indeterminate in win2k3 */
trace("expiry: %08x%08x\n", exp.HighPart, exp.LowPart);
st = pQueryCredentialsAttributesA(&cred, SECPKG_CRED_ATTR_NAMES, &names);
ok(st == SEC_E_NO_CREDENTIALS || st == SEC_E_UNSUPPORTED_FUNCTION /* before Vista */, "expected SEC_E_NO_CREDENTIALS, got %08x\n", st);
pFreeCredentialsHandle(&cred);
/* Bad version in SCHANNEL_CRED */
memset(&schanCred, 0, sizeof(schanCred));
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */ ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
/* No cert in SCHANNEL_CRED succeeds for outbound.. */
schanCred.dwVersion = SCHANNEL_CRED_VERSION;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
/* but fails for inbound. */
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_OK /* Vista/win2k8 */,
"Expected SEC_E_NO_CREDENTIALS or SEC_E_OK, got %08x\n", st);
if (0)
{
/* Crashes with bad paCred pointer */
schanCred.cCreds = 1;
pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
}
/* Bogus cert in SCHANNEL_CRED. Windows fails with
* SEC_E_UNKNOWN_CREDENTIALS, but I'll accept SEC_E_NO_CREDENTIALS too.
*/
schanCred.cCreds = 1;
schanCred.paCred = &certs[0];
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
/* Good cert, but missing private key. Windows fails with
* SEC_E_NO_CREDENTIALS, but I'll accept SEC_E_UNKNOWN_CREDENTIALS too.
*/
schanCred.cCreds = 1;
schanCred.paCred = &certs[1];
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INTERNAL_ERROR, /* win2k */
"Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
"or SEC_E_INTERNAL_ERROR, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INTERNAL_ERROR, /* win2k */
"Expected SEC_E_UNKNOWN_CREDENTIALS, SEC_E_NO_CREDENTIALS "
"or SEC_E_INTERNAL_ERROR, got %08x\n", st);
/* Good cert, with CRYPT_KEY_PROV_INFO set before it's had a key loaded. */
ret = CertSetCertificateContextProperty(certs[1],
CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo);
schanCred.dwVersion = SCH_CRED_V3;
ok(ret, "CertSetCertificateContextProperty failed: %08x\n", GetLastError());
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS || st == SEC_E_INTERNAL_ERROR /* WinNT */,
"Expected SEC_E_UNKNOWN_CREDENTIALS or SEC_E_INTERNAL_ERROR, got %08x\n", st);
ret = CryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL,
CRYPT_NEWKEYSET);
ok(ret, "CryptAcquireContextW failed: %08x\n", GetLastError());
ret = 0;
ret = CryptImportKey(csp, privKey, sizeof(privKey), 0, 0, &key);
ok(ret, "CryptImportKey failed: %08x\n", GetLastError());
if (ret)
{
PCCERT_CONTEXT tmp;
if (0)
{
/* Crashes */
pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, NULL, NULL);
/* Crashes on WinNT */
/* Good cert with private key, bogus version */
schanCred.dwVersion = SCH_CRED_V1;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
schanCred.dwVersion = SCH_CRED_V2;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_INTERNAL_ERROR ||
st == SEC_E_UNKNOWN_CREDENTIALS /* Vista/win2k8 */,
"Expected SEC_E_INTERNAL_ERROR or SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
}
/* Succeeds on V3 or higher */
schanCred.dwVersion = SCH_CRED_V3;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK ||
st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
"AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
schanCred.dwVersion = SCHANNEL_CRED_VERSION;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK, "AcquireCredentialsHandleA failed: %08x\n", st);
pFreeCredentialsHandle(&cred);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_OK ||
st == SEC_E_UNKNOWN_CREDENTIALS, /* win2k3 */
"AcquireCredentialsHandleA failed: %08x\n", st);
if (st == SEC_E_OK) test_strength(&cred);
pFreeCredentialsHandle(&cred);
/* How about more than one cert? */
schanCred.cCreds = 2;
schanCred.paCred = certs;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS /* Vista/win2k8 */ ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
tmp = certs[0];
certs[0] = certs[1];
certs[1] = tmp;
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_OUTBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS ||
st == SEC_E_NO_CREDENTIALS ||
st == SEC_E_INVALID_TOKEN /* WinNT */, "st = %08x\n", st);
st = pAcquireCredentialsHandleA(NULL, unisp_name_a, SECPKG_CRED_INBOUND,
NULL, &schanCred, NULL, NULL, &cred, NULL);
ok(st == SEC_E_UNKNOWN_CREDENTIALS,
"Expected SEC_E_UNKNOWN_CREDENTIALS, got %08x\n", st);
/* FIXME: what about two valid certs? */
CryptDestroyKey(key);
}
CryptReleaseContext(csp, 0);
CryptAcquireContextW(&csp, cspNameW, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_DELETEKEYSET);
CertFreeCertificateContext(certs[0]);
CertFreeCertificateContext(certs[1]);
}
/*
* '_sspiGetCredentials()' - Retrieve an SSL/TLS certificate from the system store
* If one cannot be found, one is created.
*/
BOOL /* O - 1 on success, 0 on failure */
_sspiGetCredentials(_sspi_struct_t *conn,
/* I - Client connection */
const LPWSTR container,
/* I - Cert container name */
const TCHAR *cn, /* I - Common name of certificate */
BOOL isServer)
/* I - Is caller a server? */
{
HCERTSTORE store = NULL; /* Certificate store */
PCCERT_CONTEXT storedContext = NULL;
/* Context created from the store */
PCCERT_CONTEXT createdContext = NULL;
/* Context created by us */
DWORD dwSize = 0; /* 32 bit size */
PBYTE p = NULL; /* Temporary storage */
HCRYPTPROV hProv = (HCRYPTPROV) NULL;
/* Handle to a CSP */
CERT_NAME_BLOB sib; /* Arbitrary array of bytes */
SCHANNEL_CRED SchannelCred; /* Schannel credential data */
TimeStamp tsExpiry; /* Time stamp */
SECURITY_STATUS Status; /* Status */
HCRYPTKEY hKey = (HCRYPTKEY) NULL;
/* Handle to crypto key */
CRYPT_KEY_PROV_INFO kpi; /* Key container info */
SYSTEMTIME et; /* System time */
CERT_EXTENSIONS exts; /* Array of cert extensions */
CRYPT_KEY_PROV_INFO ckp; /* Handle to crypto key */
BOOL ok = TRUE; /* Return value */
DEBUG_printf(("_sspiGetCredentials(conn=%p, container=%p, cn=\"%s\", isServer=%d)", conn, container, cn, isServer));
if (!conn)
return (FALSE);
if (!cn)
return (FALSE);
if (!CryptAcquireContextW(&hProv, (LPWSTR) container, MS_DEF_PROV_W,
PROV_RSA_FULL,
CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET))
{
if (GetLastError() == NTE_EXISTS)
{
if (!CryptAcquireContextW(&hProv, (LPWSTR) container, MS_DEF_PROV_W,
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))
{
DEBUG_printf(("_sspiGetCredentials: CryptAcquireContext failed: %x\n",
GetLastError()));
ok = FALSE;
goto cleanup;
}
}
}
store = CertOpenStore(CERT_STORE_PROV_SYSTEM,
X509_ASN_ENCODING|PKCS_7_ASN_ENCODING,
hProv,
CERT_SYSTEM_STORE_LOCAL_MACHINE |
CERT_STORE_NO_CRYPT_RELEASE_FLAG |
CERT_STORE_OPEN_EXISTING_FLAG,
L"MY");
if (!store)
{
DEBUG_printf(("_sspiGetCredentials: CertOpenSystemStore failed: %x\n",
GetLastError()));
ok = FALSE;
goto cleanup;
}
dwSize = 0;
if (!CertStrToName(X509_ASN_ENCODING, cn, CERT_OID_NAME_STR,
NULL, NULL, &dwSize, NULL))
{
DEBUG_printf(("_sspiGetCredentials: CertStrToName failed: %x\n",
GetLastError()));
ok = FALSE;
goto cleanup;
}
p = (PBYTE) malloc(dwSize);
if (!p)
{
DEBUG_printf(("_sspiGetCredentials: malloc failed for %d bytes", dwSize));
ok = FALSE;
goto cleanup;
}
if (!CertStrToName(X509_ASN_ENCODING, cn, CERT_OID_NAME_STR, NULL,
p, &dwSize, NULL))
{
DEBUG_printf(("_sspiGetCredentials: CertStrToName failed: %x",
GetLastError()));
ok = FALSE;
goto cleanup;
}
sib.cbData = dwSize;
sib.pbData = p;
storedContext = CertFindCertificateInStore(store, X509_ASN_ENCODING|PKCS_7_ASN_ENCODING,
0, CERT_FIND_SUBJECT_NAME, &sib, NULL);
if (!storedContext)
{
/*
* If we couldn't find the context, then we'll
* create a new one
*/
if (!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey))
{
DEBUG_printf(("_sspiGetCredentials: CryptGenKey failed: %x",
GetLastError()));
ok = FALSE;
goto cleanup;
}
ZeroMemory(&kpi, sizeof(kpi));
kpi.pwszContainerName = (LPWSTR) container;
kpi.pwszProvName = MS_DEF_PROV_W;
kpi.dwProvType = PROV_RSA_FULL;
kpi.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID;
kpi.dwKeySpec = AT_KEYEXCHANGE;
GetSystemTime(&et);
et.wYear += 10;
ZeroMemory(&exts, sizeof(exts));
createdContext = CertCreateSelfSignCertificate(hProv, &sib, 0, &kpi, NULL, NULL,
&et, &exts);
if (!createdContext)
{
DEBUG_printf(("_sspiGetCredentials: CertCreateSelfSignCertificate failed: %x",
GetLastError()));
ok = FALSE;
goto cleanup;
}
if (!CertAddCertificateContextToStore(store, createdContext,
CERT_STORE_ADD_REPLACE_EXISTING,
&storedContext))
{
DEBUG_printf(("_sspiGetCredentials: CertAddCertificateContextToStore failed: %x",
GetLastError()));
ok = FALSE;
goto cleanup;
}
ZeroMemory(&ckp, sizeof(ckp));
ckp.pwszContainerName = (LPWSTR) container;
ckp.pwszProvName = MS_DEF_PROV_W;
ckp.dwProvType = PROV_RSA_FULL;
ckp.dwFlags = CRYPT_MACHINE_KEYSET;
ckp.dwKeySpec = AT_KEYEXCHANGE;
if (!CertSetCertificateContextProperty(storedContext,
CERT_KEY_PROV_INFO_PROP_ID,
0, &ckp))
{
DEBUG_printf(("_sspiGetCredentials: CertSetCertificateContextProperty failed: %x",
GetLastError()));
ok = FALSE;
goto cleanup;
}
}
ZeroMemory(&SchannelCred, sizeof(SchannelCred));
SchannelCred.dwVersion = SCHANNEL_CRED_VERSION;
SchannelCred.cCreds = 1;
SchannelCred.paCred = &storedContext;
/*
* SSPI doesn't seem to like it if grbitEnabledProtocols
* is set for a client
*/
if (isServer)
SchannelCred.grbitEnabledProtocols = SP_PROT_SSL3TLS1;
/*
* Create an SSPI credential.
*/
Status = AcquireCredentialsHandle(NULL, UNISP_NAME,
isServer ? SECPKG_CRED_INBOUND:SECPKG_CRED_OUTBOUND,
NULL, &SchannelCred, NULL, NULL, &conn->creds,
&tsExpiry);
if (Status != SEC_E_OK)
{
DEBUG_printf(("_sspiGetCredentials: AcquireCredentialsHandle failed: %x", Status));
ok = FALSE;
goto cleanup;
}
cleanup:
/*
* Cleanup
*/
if (hKey)
CryptDestroyKey(hKey);
if (createdContext)
CertFreeCertificateContext(createdContext);
if (storedContext)
CertFreeCertificateContext(storedContext);
if (p)
free(p);
if (store)
CertCloseStore(store, 0);
if (hProv)
CryptReleaseContext(hProv, 0);
return (ok);
}
/***********************************************************************
* CryptCATAdminEnumCatalogFromHash (WINTRUST.@)
*/
HCATINFO WINAPI CryptCATAdminEnumCatalogFromHash(HCATADMIN hCatAdmin, BYTE* pbHash,
DWORD cbHash, DWORD dwFlags,
HCATINFO* phPrevCatInfo )
{
static const WCHAR slashW[] = {'\\',0};
static const WCHAR globW[] = {'\\','*','.','c','a','t',0};
struct catadmin *ca = hCatAdmin;
WIN32_FIND_DATAW data;
HCATINFO prev = NULL;
HCRYPTPROV prov;
DWORD size;
BOOL ret;
TRACE("%p %p %d %x %p\n", hCatAdmin, pbHash, cbHash, dwFlags, phPrevCatInfo);
if (!ca || ca->magic != CATADMIN_MAGIC || !pbHash || cbHash != 20 || dwFlags)
{
SetLastError(ERROR_INVALID_PARAMETER);
return NULL;
}
if (phPrevCatInfo) prev = *phPrevCatInfo;
ret = CryptAcquireContextW(&prov, NULL, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
if (!ret) return NULL;
if (!prev)
{
WCHAR *path;
size = strlenW(ca->path) * sizeof(WCHAR) + sizeof(globW);
if (!(path = HeapAlloc(GetProcessHeap(), 0, size)))
{
CryptReleaseContext(prov, 0);
SetLastError(ERROR_OUTOFMEMORY);
return NULL;
}
strcpyW(path, ca->path);
strcatW(path, globW);
FindClose(ca->find);
ca->find = FindFirstFileW(path, &data);
HeapFree(GetProcessHeap(), 0, path);
if (ca->find == INVALID_HANDLE_VALUE)
{
CryptReleaseContext(prov, 0);
return NULL;
}
}
else if (!FindNextFileW(ca->find, &data))
{
CryptCATAdminReleaseCatalogContext(hCatAdmin, prev, 0);
CryptReleaseContext(prov, 0);
return NULL;
}
while (1)
{
WCHAR *filename;
CRYPTCATMEMBER *member = NULL;
struct catinfo *ci;
HANDLE hcat;
size = (strlenW(ca->path) + strlenW(data.cFileName) + 2) * sizeof(WCHAR);
if (!(filename = HeapAlloc(GetProcessHeap(), 0, size)))
{
SetLastError(ERROR_OUTOFMEMORY);
return NULL;
}
strcpyW(filename, ca->path);
strcatW(filename, slashW);
strcatW(filename, data.cFileName);
hcat = CryptCATOpen(filename, CRYPTCAT_OPEN_EXISTING, prov, 0, 0);
if (hcat == INVALID_HANDLE_VALUE)
{
WARN("couldn't open %s (%u)\n", debugstr_w(filename), GetLastError());
continue;
}
while ((member = CryptCATEnumerateMember(hcat, member)))
{
if (member->pIndirectData->Digest.cbData != cbHash)
{
WARN("amount of hash bytes differs: %u/%u\n", member->pIndirectData->Digest.cbData, cbHash);
continue;
}
if (!memcmp(member->pIndirectData->Digest.pbData, pbHash, cbHash))
{
TRACE("file %s matches\n", debugstr_w(data.cFileName));
CryptCATClose(hcat);
CryptReleaseContext(prov, 0);
if (!phPrevCatInfo)
{
FindClose(ca->find);
ca->find = INVALID_HANDLE_VALUE;
}
ci = create_catinfo(filename);
HeapFree(GetProcessHeap(), 0, filename);
return ci;
}
}
CryptCATClose(hcat);
HeapFree(GetProcessHeap(), 0, filename);
if (!FindNextFileW(ca->find, &data))
{
FindClose(ca->find);
ca->find = INVALID_HANDLE_VALUE;
CryptReleaseContext(prov, 0);
return NULL;
}
}
return NULL;
}
#include "stdafx.h"
#include "newsha256.h"
#include <wincrypt.h>
#include <Windows.h>
HRESULT SHA256HashData(__in_bcount(cbHashDataLength) BYTE *pbHashData, __in DWORD cbHashDataLength, __out SHA256_HASHVAL *pHashValue)
{
HCRYPTPROV hcryptprov;
BOOL fReturn = TRUE;
fReturn = CryptAcquireContextW(&hcryptprov, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT);
HRESULT hr = E_FAIL;
if (hcryptprov != NULL && fReturn == TRUE)
{
HCRYPTHASH hash = NULL;
if (CryptCreateHash(hcryptprov, CALG_SHA_256, 0, 0, &hash))
{
if (CryptHashData(hash, pbHashData, cbHashDataLength, 0))
{
DWORD dwHashValSize = sizeof(pHashValue->data);
if (CryptGetHashParam(hash, HP_HASHVAL, pHashValue->data, &dwHashValSize, 0))
{
hr = S_OK;
}
else
{
hr = HRESULT_FROM_WIN32(GetLastError());
}
}
else
{
hr = HRESULT_FROM_WIN32(GetLastError());
void CWE328_Reversible_One_Way_Hash__w32_MD2_15_bad()
{
switch(6)
{
case 6:
{
HCRYPTPROV hCryptProv;
HCRYPTHASH hHash;
FILE *pFile = NULL;
char password[PASSWORD_INPUT_SIZE];
UCHAR savedHash[MD2_SUM_SIZE], calcHash[MD2_SUM_SIZE];
DWORD hashSize;
char *replace;
size_t i;
pFile = fopen("password.txt", "r");
if (pFile == NULL)
{
exit(1);
}
for (i = 0; i < MD2_SUM_SIZE; i++)
{
ULONG val;
if (fscanf(pFile, "%02x", &val) != 1)
{
fclose(pFile);
exit(1);
}
if (val > 0xff) /* EXPECTED INCIDENTAL: Reliance on data memory layout, we assume char is at least 8 bits */
{
fclose(pFile);
exit(1);
}
savedHash[i] = (UCHAR)val;
}
if (pFile)
{
fclose(pFile);
}
if (fgets(password, PASSWORD_INPUT_SIZE, stdin) == NULL)
{
exit(1);
}
replace = strchr(password, '\r');
if (replace)
{
*replace = '\0';
}
replace = strchr(password, '\n');
if (replace)
{
*replace = '\0';
}
if (!CryptAcquireContextW(&hCryptProv, 0, 0, PROV_RSA_FULL, 0))
{
exit(1);
}
/* FLAW: Use a reversible hash (MD2) */
if (!CryptCreateHash(hCryptProv, CALG_MD2, 0, 0, &hHash))
{
CryptReleaseContext(hCryptProv, 0);
exit(1);
}
/* EXPECTED INCIDENTAL: We did not salt the password, that may raise flags,
* the password hash was not securely transmitted (via one form or another),
* that may raise flags
*/
if (!CryptHashData(hHash, (BYTE*)password, strlen(password), 0))
{
CryptDestroyHash(hHash);
CryptReleaseContext(hCryptProv, 0);
exit(1);
}
hashSize = MD2_SUM_SIZE;
if (!CryptGetHashParam(hHash, HP_HASHVAL, (BYTE*)calcHash, &hashSize, 0))
{
CryptDestroyHash(hHash);
CryptReleaseContext(hCryptProv, 0);
exit(1);
}
if (memcmp(savedHash, calcHash, MD2_SUM_SIZE * sizeof(UCHAR)) == 0)
{
printLine("Access granted");
}
else
{
printLine("Access denied");
}
if (hHash)
{
CryptDestroyHash(hHash);
}
if (hCryptProv)
{
CryptReleaseContext(hCryptProv, 0);
}
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
break;
}
}
