void __cdecl main(void)
{
//-------------------------------------------------------------------
// Pointer to a certificate.
PCCERT_CONTEXT pCertContext = NULL;
//-------------------------------------------------------------------
// Declare and Initialize variables
DWORD cbData = 0;
BYTE* pbData = NULL;
LPWSTR pwszMimeType = NULL;
//-------------------------------------------------------------------
// Use the helper function to get the certificate which has a logotype
// extension
pCertContext = MyGetCertificate();
if(pCertContext == NULL)
{
MyHandleError( L"The certificate with logotype extension not found.\n");
goto done;
}
//-------------------------------------------------------------------
// This API allocates memory for pbData and pwszMimeType which has to be freed
// by calling CryptMemFree()
if(!CertRetrieveLogoOrBiometricInfo(
pCertContext,
CERT_RETRIEVE_ISSUER_LOGO,
0, // Retrieval Flags
RETRIEVAL_TIMEOUT, // TimeOut in milliseconds
0, // dwFlags : reserved
NULL, // Reserved for future use
&pbData,
&cbData,
&pwszMimeType
))
{
MyHandleError( L"CertRetrieveLogoOrBiometricInfo failed.\n");
}
else
{
wprintf( L"Successfully retrieved logo information \n");
}
//-------------------------------------------------------------------
// Clean up.
done:
if(pwszMimeType)
CryptMemFree(pwszMimeType);
if(pbData)
CryptMemFree(pbData);
if(pCertContext)
CertFreeCertificateContext(pCertContext);
} //end Main
void WriteSignedAndEncryptedBlob(
DWORD cbBlob,
BYTE *pbBlob)
{
// Open an output file, write the file, and close the file.
// This function would be used to save the signed and encrypted
// message to a file that would be sent to the intended receiver.
// Note: The only receiver able to decrypt and verify this
// message will have access to the private key associated
// with the public key from the certificate used when
// the message was encrypted.
FILE *hOutputFile;
if( !(hOutputFile = _tfopen(TEXT("c:\\temp\\sandvout.txt"), TEXT("wb"))))
{
MyHandleError(TEXT("Output file was not opened.\n"));
}
// fwrite(
// &cbBlob,
// sizeof(DWORD),
// 1,
// hOutputFile);
//
// if(ferror(hOutputFile))
// {
// MyHandleError(
// TEXT("The size of the BLOB was not written.\n"));
// }
fwrite(
pbBlob,
cbBlob,
1,
hOutputFile);
if(ferror(hOutputFile))
{
MyHandleError(
TEXT("The bytes of the BLOB were not written.\n"));
}
else
{
_tprintf(TEXT("The BLOB has been written to the file.\n"));
}
fclose(hOutputFile);
} // End of WriteSignedAndEcryptedBlob.
/* init()
* Initialize the internal rc4 rng with KEYLENGTH bytes from either
* /dev/urandom - Linux
* CryptGenRandom - Windows
*/
void Random::init() {
char key[KEYLENGTH];
#ifdef _WINDOWS_
HCRYPTPROV hCryptProv;
if (CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) {
printf("CryptAcquireContext succeeded. \n");
} else
MyHandleError("Error during CryptAcquireContext!\n");
if (CryptGenRandom(hCryptProv, KEYLENGTH / 2, (BYTE*) key)) {
printf("Random sequence generated\n");
} else
MyHandleError("Error during CryptGenRandom.");
#endif //Windows
#ifdef _LINUX_
if ((FILE fUrandom = fopen("/dev/urandom", r)) != NULL)
fscanf(fUrandom, "%16c", pbData);
else
fprintf(stderr, "Error opening /dev/urandom: %d", errno);
#endif
//Initialize the internal state of the rc4 rng
for (int i = 0; i < 256; ++i)
_s[i] = i;
_j = 0;
for (int c = 0; c < 256; ++c) {
_j = (_j + _s[c] + key[c % KEYLENGTH]) % 256;
char temp = _s[_j];
_s[_j] = _s[c];
_s[c] = temp;
}
_i = 0;
_j = 0;
nextRound();
}
int _tmain(int argc, _TCHAR* argv[])
{
/*
if(argc < 3)
{
_tprintf(TEXT("Usage: <example.exe> <source file> ")
TEXT("<destination file> | <password>\n"));
_tprintf(TEXT("<password> is optional.\n"));
_tprintf(TEXT("Press any key to exit."));
_gettch();
return 1;
}
LPTSTR pszSource = argv[1];
LPTSTR pszDestination = argv[2];
LPTSTR pszPassword = NULL;
if(argc >= 4)
{
pszPassword = argv[3];
}
*/
LPTSTR pszPassword = TEXT("123456");
//---------------------------------------------------------------
// Call EncryptFile to do the actual encryption.
char *pbData = "hello";
DWORD dwDataLen = 5;
if(MyEncryptFile(pbData, dwDataLen, pszPassword))
{
_tprintf(
TEXT("Encryption of the file was successful. \n"));
_tprintf(
TEXT("The encrypted data is in file.\n"));
}
else
{
MyHandleError(
TEXT("Error encrypting file!\n"),
GetLastError());
}
_tprintf(TEXT("Press any key to exit."));
_gettch();
return 0;
}
int _tmain(int argc, _TCHAR* argv[])
{
if(argc < 3)
{
_tprintf(TEXT("Usage: <example.exe> <source file> ")
TEXT("<destination file> | <password>\n"));
_tprintf(TEXT("<password> is optional.\n"));
_tprintf(TEXT("Press any key to exit."));
_gettch();
return 1;
}
LPTSTR pszSource = argv[1];
LPTSTR pszDestination = argv[2];
LPTSTR pszPassword = NULL;
if(argc >= 4)
{
pszPassword = argv[3];
}
//---------------------------------------------------------------
// Call EncryptFile to do the actual encryption.
if(MyEncryptFile(pszSource, pszDestination, pszPassword))
{
_tprintf(
TEXT("Encryption of the file %s was successful. \n"),
pszSource);
_tprintf(
TEXT("The encrypted data is in file %s.\n"),
pszDestination);
}
else
{
MyHandleError(
TEXT("Error encrypting file!\n"),
GetLastError());
}
return 0;
}
BYTE* DecryptAndVerify(
BYTE *pbSignedAndEncryptedBlob,
DWORD cbSignedAndEncryptedBlob)
{
//---------------------------------------------------------------
// Declare and initialize local variables.
HCERTSTORE hCertStore;
CRYPT_DECRYPT_MESSAGE_PARA DecryptPara;
CRYPT_VERIFY_MESSAGE_PARA VerifyPara;
DWORD dwSignerIndex = 0;
BYTE *pbDecrypted;
DWORD cbDecrypted;
//---------------------------------------------------------------
// Open the certificate store.
if ( !( hCertStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
L"my")))
{
MyHandleError(TEXT("The MY store could not be opened."));
}
//---------------------------------------------------------------
// Initialize the needed data structures.
DecryptPara.cbSize = sizeof(CRYPT_DECRYPT_MESSAGE_PARA);
DecryptPara.dwMsgAndCertEncodingType = MY_ENCODING_TYPE;
DecryptPara.cCertStore = 1;
DecryptPara.rghCertStore = &hCertStore;
VerifyPara.cbSize = sizeof(CRYPT_VERIFY_MESSAGE_PARA);
VerifyPara.dwMsgAndCertEncodingType = MY_ENCODING_TYPE;
VerifyPara.hCryptProv = 0;
VerifyPara.pfnGetSignerCertificate = NULL;
VerifyPara.pvGetArg = NULL;
pbDecrypted = NULL;
cbDecrypted = 0;
//---------------------------------------------------------------
// Call CryptDecryptAndVerifyMessageSignature a first time
// to determine the needed size of the buffer to hold the
// decrypted message.
if(!(CryptDecryptAndVerifyMessageSignature(
&DecryptPara,
&VerifyPara,
dwSignerIndex,
pbSignedAndEncryptedBlob,
cbSignedAndEncryptedBlob,
NULL, // pbDecrypted
&cbDecrypted,
NULL,
NULL)))
{
DWORD const errcode = GetLastError();
std::wcerr << format_sys_message<TCHAR>(errcode) << TEXT("\n");
MyHandleError(TEXT("Failed getting size."));
}
//---------------------------------------------------------------
// Allocate memory for the buffer to hold the decrypted
// message.
if(!(pbDecrypted = (BYTE *)malloc(cbDecrypted)))
{
MyHandleError(TEXT("Memory allocation failed."));
}
if(!(CryptDecryptAndVerifyMessageSignature(
&DecryptPara,
&VerifyPara,
dwSignerIndex,
pbSignedAndEncryptedBlob,
cbSignedAndEncryptedBlob,
pbDecrypted,
&cbDecrypted,
NULL,
NULL)))
{
pbDecrypted = NULL;
}
//---------------------------------------------------------------
// Close the certificate store.
CertCloseStore(
hCertStore,
0);
//---------------------------------------------------------------
// Return the decrypted string or NULL.
return pbDecrypted;
} // End of DecryptandVerify.
//-------------------------------------------------------------------
// Code for the function MyEncryptFile called by main.
//-------------------------------------------------------------------
// Parameters passed are:
// pszSource, the name of the input, a plaintext file.
// pszDestination, the name of the output, an encrypted file to be
// created.
// pszPassword, either NULL if a password is not to be used or the
// string that is the password.
bool MyEncryptFile(
char* pbData,
DWORD dwDataLen,
LPTSTR pszPassword)
{
//---------------------------------------------------------------
// Declare and initialize local variables.
bool fReturn = false;
HCRYPTPROV hCryptProv = NULL;
HCRYPTKEY hKey = NULL;
HCRYPTKEY hXchgKey = NULL;
HCRYPTHASH hHash = NULL;
PBYTE pbKeyBlob = NULL;
//DWORD dwKeyBlobLen;
PBYTE pbBuffer = NULL;
DWORD dwBlockLen;
DWORD dwBufferLen;
DWORD dwCount;
//---------------------------------------------------------------
// Open the source file.
//---------------------------------------------------------------
// Open the destination file.
//---------------------------------------------------------------
// Get the handle to the default provider.
if(CryptAcquireContext(
&hCryptProv,
NULL,
MS_ENH_RSA_AES_PROV,
PROV_RSA_AES,
0))
{
_tprintf(
TEXT("A cryptographic provider has been acquired. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptAcquireContext!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//---------------------------------------------------------------
// Create the session key.
if(!pszPassword || !pszPassword[0])
{
//-----------------------------------------------------------
// No password was passed.
_tprintf(TEXT("Error: no password was provided. \n"));
goto Exit_MyEncryptFile;
}
else
{
//-----------------------------------------------------------
// The file will be encrypted with a session key derived
// from a password.
// The session key will be recreated when the file is
// decrypted only if the password used to create the key is
// available.
//-----------------------------------------------------------
// Create a hash object.
if(CryptCreateHash(
hCryptProv,
CALG_MD5,
0,
0,
&hHash))
{
_tprintf(TEXT("A hash object has been created. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptCreateHash!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// Hash the password.
if(CryptHashData(
hHash,
(BYTE *)pszPassword,
lstrlen(pszPassword),
0))
{
_tprintf(
TEXT("The password has been added to the hash. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptHashData. \n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// Derive a session key from the hash object.
if(CryptDeriveKey(
hCryptProv,
ENCRYPT_ALGORITHM,
hHash,
KEYLENGTH,
&hKey))
{
_tprintf(
TEXT("An encryption key is derived from the ")
TEXT("password hash. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptDeriveKey!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
}
//---------------------------------------------------------------
// The session key is now ready. If it is not a key derived from
// a password, the session key encrypted with the private key
// has been written to the destination file.
//---------------------------------------------------------------
// Determine the number of bytes to encrypt at a time.
// This must be a multiple of ENCRYPT_BLOCK_SIZE.
// ENCRYPT_BLOCK_SIZE is set by a #define statement.
dwBlockLen = 1000 - 1000 % ENCRYPT_BLOCK_SIZE;
//---------------------------------------------------------------
// Determine the block size. If a block cipher is used,
// it must have room for an extra block.
if(ENCRYPT_BLOCK_SIZE > 1)
{
dwBufferLen = dwBlockLen + ENCRYPT_BLOCK_SIZE;
}
else
{
dwBufferLen = dwBlockLen;
}
//---------------------------------------------------------------
// Allocate memory.
if(pbBuffer = (BYTE *)malloc(dwBufferLen))
{
_tprintf(
TEXT("Memory has been allocated for the buffer. \n"));
}
else
{
MyHandleError(TEXT("Out of memory. \n"), E_OUTOFMEMORY);
goto Exit_MyEncryptFile;
}
//---------------------------------------------------------------
// In a do loop, encrypt the source file,
// and write to the source file.
bool fEOF = FALSE;
do
{
//-----------------------------------------------------------
// Read up to dwBlockLen bytes from the source file.
if(dwDataLen < dwBlockLen)
{
fEOF = TRUE;
dwCount = dwDataLen;
}
else
{
dwCount = dwBlockLen;
}
if(!memcpy(
pbBuffer,
pbData,
dwCount))
{
MyHandleError(
TEXT("Error reading plaintext!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// Encrypt data.
if(!CryptEncrypt(
hKey,
NULL,
fEOF,
0,
pbBuffer,
&dwCount,
dwBufferLen))
{
MyHandleError(
TEXT("Error during CryptEncrypt. \n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// Write the encrypted data to the destination file.
PBYTE tmp = pbBuffer;
for(DWORD i=0;i<dwCount;i++)
{
_tprintf(TEXT("%x "), *tmp++);
}
_tprintf(TEXT("\n"));
//-----------------------------------------------------------
// End the do loop when the last block of the source file
// has been read, encrypted, and written to the destination
// file.
} while(!fEOF);
fReturn = true;
Exit_MyEncryptFile:
//---------------------------------------------------------------
//---------------------------------------------------------------
// Free memory.
if(pbBuffer)
{
free(pbBuffer);
}
//-----------------------------------------------------------
// Release the hash object.
if(hHash)
{
if(!(CryptDestroyHash(hHash)))
{
MyHandleError(
TEXT("Error during CryptDestroyHash.\n"),
GetLastError());
}
hHash = NULL;
}
//---------------------------------------------------------------
// Release the session key.
if(hKey)
{
if(!(CryptDestroyKey(hKey)))
{
MyHandleError(
TEXT("Error during CryptDestroyKey!\n"),
GetLastError());
}
}
//---------------------------------------------------------------
// Release the provider handle.
if(hCryptProv)
{
if(!(CryptReleaseContext(hCryptProv, 0)))
{
MyHandleError(
TEXT("Error during CryptReleaseContext!\n"),
GetLastError());
}
}
return fReturn;
} // End Encryptfile.
//-------------------------------------------------------------------
// Code for the function MyDecryptFile called by main.
//-------------------------------------------------------------------
// Parameters passed are:
// pszSource, the name of the input file, an encrypted file.
// pszDestination, the name of the output, a plaintext file to be
// created.
// pszPassword, either NULL if a password is not to be used or the
// string that is the password.
bool MyDecryptFile(
LPTSTR pszSourceFile,
LPTSTR pszDestinationFile,
LPTSTR pszPassword)
{
//---------------------------------------------------------------
// Declare and initialize local variables.
bool fReturn = false;
HANDLE hSourceFile = INVALID_HANDLE_VALUE;
HANDLE hDestinationFile = INVALID_HANDLE_VALUE;
HCRYPTKEY hKey = NULL;
HCRYPTHASH hHash = NULL;
HCRYPTPROV hCryptProv = NULL;
DWORD dwCount;
PBYTE pbBuffer = NULL;
DWORD dwBlockLen;
DWORD dwBufferLen;
//---------------------------------------------------------------
// Open the source file.
hSourceFile = CreateFile(
pszSourceFile,
FILE_READ_DATA,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(INVALID_HANDLE_VALUE != hSourceFile)
{
_tprintf(
TEXT("The source encrypted file, %s, is open. \n"),
pszSourceFile);
}
else
{
MyHandleError(
TEXT("Error opening source plaintext file!\n"),
GetLastError());
goto Exit_MyDecryptFile;
}
//---------------------------------------------------------------
// Open the destination file.
hDestinationFile = CreateFile(
pszDestinationFile,
FILE_WRITE_DATA,
FILE_SHARE_READ,
NULL,
OPEN_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(INVALID_HANDLE_VALUE != hDestinationFile)
{
_tprintf(
TEXT("The destination file, %s, is open. \n"),
pszDestinationFile);
}
else
{
MyHandleError(
TEXT("Error opening destination file!\n"),
GetLastError());
goto Exit_MyDecryptFile;
}
//---------------------------------------------------------------
// Get the handle to the default provider.
if(CryptAcquireContext(
&hCryptProv,
NULL,
MS_ENH_RSA_AES_PROV,
PROV_RSA_AES,
0))
{
_tprintf(
TEXT("A cryptographic provider has been acquired. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptAcquireContext!\n"),
GetLastError());
goto Exit_MyDecryptFile;
}
//---------------------------------------------------------------
// Create the session key.
if(!pszPassword || !pszPassword[0])
{
//-----------------------------------------------------------
// Decrypt the file with the saved session key.
DWORD dwKeyBlobLen;
PBYTE pbKeyBlob = NULL;
// Read the key BLOB length from the source file.
if(!ReadFile(
hSourceFile,
&dwKeyBlobLen,
sizeof(DWORD),
&dwCount,
NULL))
{
MyHandleError(
TEXT("Error reading key BLOB length!\n"),
GetLastError());
goto Exit_MyDecryptFile;
}
// Allocate a buffer for the key BLOB.
if(!(pbKeyBlob = (PBYTE)malloc(dwKeyBlobLen)))
{
MyHandleError(
TEXT("Memory allocation error.\n"),
E_OUTOFMEMORY);
}
//-----------------------------------------------------------
// Read the key BLOB from the source file.
if(!ReadFile(
hSourceFile,
pbKeyBlob,
dwKeyBlobLen,
&dwCount,
NULL))
{
MyHandleError(
TEXT("Error reading key BLOB length!\n"),
GetLastError());
goto Exit_MyDecryptFile;
}
//-----------------------------------------------------------
// Import the key BLOB into the CSP.
if(!CryptImportKey(
hCryptProv,
pbKeyBlob,
dwKeyBlobLen,
0,
0,
&hKey))
{
MyHandleError(
TEXT("Error during CryptImportKey!/n"),
GetLastError());
goto Exit_MyDecryptFile;
}
if(pbKeyBlob)
{
free(pbKeyBlob);
}
}
else
{
//-----------------------------------------------------------
// Decrypt the file with a session key derived from a
// password.
//-----------------------------------------------------------
// Create a hash object.
if(!CryptCreateHash(
hCryptProv,
CALG_MD5,
0,
0,
&hHash))
{
MyHandleError(
TEXT("Error during CryptCreateHash!\n"),
GetLastError());
goto Exit_MyDecryptFile;
}
//-----------------------------------------------------------
// Hash in the password data.
if(!CryptHashData(
hHash,
(BYTE *)pszPassword,
lstrlen(pszPassword),
0))
{
MyHandleError(
TEXT("Error during CryptHashData!\n"),
GetLastError());
goto Exit_MyDecryptFile;
}
//-----------------------------------------------------------
// Derive a session key from the hash object.
if(!CryptDeriveKey(
hCryptProv,
ENCRYPT_ALGORITHM,
hHash,
KEYLENGTH,
&hKey))
{
MyHandleError(
TEXT("Error during CryptDeriveKey!\n"),
GetLastError()) ;
goto Exit_MyDecryptFile;
}
}
//---------------------------------------------------------------
// The decryption key is now available, either having been
// imported from a BLOB read in from the source file or having
// been created by using the password. This point in the program
// is not reached if the decryption key is not available.
//---------------------------------------------------------------
// Determine the number of bytes to decrypt at a time.
// This must be a multiple of ENCRYPT_BLOCK_SIZE.
dwBlockLen = 1000 - 1000 % ENCRYPT_BLOCK_SIZE;
dwBufferLen = dwBlockLen;
//---------------------------------------------------------------
// Allocate memory for the file read buffer.
if(!(pbBuffer = (PBYTE)malloc(dwBufferLen)))
{
MyHandleError(TEXT("Out of memory!\n"), E_OUTOFMEMORY);
goto Exit_MyDecryptFile;
}
//---------------------------------------------------------------
// Decrypt the source file, and write to the destination file.
bool fEOF = false;
do
{
//-----------------------------------------------------------
// Read up to dwBlockLen bytes from the source file.
if(!ReadFile(
hSourceFile,
pbBuffer,
dwBlockLen,
&dwCount,
NULL))
{
MyHandleError(
TEXT("Error reading from source file!\n"),
GetLastError());
goto Exit_MyDecryptFile;
}
if(dwCount <= dwBlockLen)
{
fEOF = TRUE;
}
//-----------------------------------------------------------
// Decrypt the block of data.
if(!CryptDecrypt(
hKey,
0,
fEOF,
0,
pbBuffer,
&dwCount))
{
MyHandleError(
TEXT("Error during CryptDecrypt!\n"),
GetLastError());
goto Exit_MyDecryptFile;
}
//-----------------------------------------------------------
// Write the decrypted data to the destination file.
if(!WriteFile(
hDestinationFile,
pbBuffer,
dwCount,
&dwCount,
NULL))
{
MyHandleError(
TEXT("Error writing ciphertext.\n"),
GetLastError());
goto Exit_MyDecryptFile;
}
//-----------------------------------------------------------
// End the do loop when the last block of the source file
// has been read, encrypted, and written to the destination
// file.
}while(!fEOF);
fReturn = true;
Exit_MyDecryptFile:
//---------------------------------------------------------------
// Free the file read buffer.
if(pbBuffer)
{
free(pbBuffer);
}
//---------------------------------------------------------------
// Close files.
if(hSourceFile)
{
CloseHandle(hSourceFile);
}
if(hDestinationFile)
{
CloseHandle(hDestinationFile);
}
//-----------------------------------------------------------
// Release the hash object.
if(hHash)
{
if(!(CryptDestroyHash(hHash)))
{
MyHandleError(
TEXT("Error during CryptDestroyHash.\n"),
GetLastError());
}
hHash = NULL;
}
//---------------------------------------------------------------
// Release the session key.
if(hKey)
{
if(!(CryptDestroyKey(hKey)))
{
MyHandleError(
TEXT("Error during CryptDestroyKey!\n"),
GetLastError());
}
}
//---------------------------------------------------------------
// Release the provider handle.
if(hCryptProv)
{
if(!(CryptReleaseContext(hCryptProv, 0)))
{
MyHandleError(
TEXT("Error during CryptReleaseContext!\n"),
GetLastError());
}
}
return fReturn;
}
void main(void)
{
//-------------------------------------------------------------------
// Declare and initialize variables.
HCRYPTPROV hProv;
BYTE *pbBuffer= (BYTE *)"The data that is to be hashed and signed.";
DWORD dwBufferLen = strlen((char *)pbBuffer)+1;
HCRYPTHASH hHash;
HCRYPTKEY hKey;
HCRYPTKEY hPubKey;
BYTE *pbKeyBlob;
BYTE *pbSignature;
DWORD dwSigLen;
DWORD dwBlobLen;
//-------------------------------------------------------------------
// Acquire a cryptographic provider context handle.
if(CryptAcquireContext(
&hProv,
NULL,
NULL,
PROV_RSA_FULL,
0))
{
printf("CSP context acquired.\n");
}
else
{
MyHandleError("Error during CryptAcquireContext.");
}
//-------------------------------------------------------------------
// Get the public at signature key. This is the public key
// that will be used by the receiver of the hash to verify
// the signature. In situations where the receiver could obtain the
// sender's public key from a certificate, this step would not be
// needed.
if(CryptGetUserKey(
hProv,
AT_SIGNATURE,
&hKey))
{
printf("The signature key has been acquired. \n");
}
else
{
MyHandleError("Error during CryptGetUserKey for signkey.");
}
//-------------------------------------------------------------------
// Export the public key. Here the public key is exported to a
// PUBLICKEYBOLB so that the receiver of the signed hash can
// verify the signature. This BLOB could be written to a file and
// sent to another user.
if(CryptExportKey(
hKey,
NULL,
PUBLICKEYBLOB,
0,
NULL,
&dwBlobLen))
{
printf("Size of the BLOB for the public key determined. \n");
}
else
{
MyHandleError("Error computing BLOB length.");
}
//-------------------------------------------------------------------
// Allocate memory for the pbKeyBlob.
if(pbKeyBlob = (BYTE*)malloc(dwBlobLen))
{
printf("Memory has been allocated for the BLOB. \n");
}
else
{
MyHandleError("Out of memory. \n");
}
//-------------------------------------------------------------------
// Do the actual exporting into the key BLOB.
if(CryptExportKey(
hKey,
NULL,
PUBLICKEYBLOB,
0,
pbKeyBlob,
&dwBlobLen))
{
printf("Contents have been written to the BLOB. \n");
}
else
{
MyHandleError("Error during CryptExportKey.");
}
//-------------------------------------------------------------------
// Create the hash object.
if(CryptCreateHash(
hProv,
CALG_MD5,
0,
0,
&hHash))
{
printf("Hash object created. \n");
}
else
{
MyHandleError("Error during CryptCreateHash.");
}
//-------------------------------------------------------------------
// Compute the cryptographic hash of the buffer.
if(CryptHashData(
hHash,
pbBuffer,
dwBufferLen,
0))
{
printf("The data buffer has been hashed.\n");
}
else
{
MyHandleError("Error during CryptHashData.");
}
//-------------------------------------------------------------------
// Determine the size of the signature and allocate memory.
dwSigLen= 0;
if(CryptSignHash(
hHash,
AT_SIGNATURE,
NULL,
0,
NULL,
&dwSigLen))
{
printf("Signature length %d found.\n",dwSigLen);
}
else
{
MyHandleError("Error during CryptSignHash.");
}
//-------------------------------------------------------------------
// Allocate memory for the signature buffer.
if(pbSignature = (BYTE *)malloc(dwSigLen))
{
printf("Memory allocated for the signature.\n");
}
else
{
MyHandleError("Out of memory.");
}
//-------------------------------------------------------------------
// Sign the hash object.
if(CryptSignHash(
hHash,
AT_SIGNATURE,
NULL,
0,
pbSignature,
&dwSigLen))
{
printf("pbSignature is the hash signature.\n");
}
else
{
MyHandleError("Error during CryptSignHash.");
}
//-------------------------------------------------------------------
// Destroy the hash object.
if(hHash)
CryptDestroyHash(hHash);
printf("The hash object has been destroyed.\n");
printf("The signing phase of this program is completed.\n\n");
//-------------------------------------------------------------------
// In the second phase, the hash signature is verified.
// This would most often be done by a different user in a
// separate program. The hash, signature, and the PUBLICKEYBLOB
// would be read from a file, an email message,
// or some other source.
// Here, the original pbBuffer, pbSignature, szDescription.
// pbKeyBlob, and their lengths are used.
// The contents of the pbBuffer must be the same data
// that was originally signed.
//-------------------------------------------------------------------
// Get the public key of the user who created the digital signature
// and import it into the CSP by using CryptImportKey. This returns
// a handle to the public key in hPubKey.
if(CryptImportKey(
hProv,
pbKeyBlob,
dwBlobLen,
0,
0,
&hPubKey))
{
printf("The key has been imported.\n");
}
else
{
MyHandleError("Public key import failed.");
}
//-------------------------------------------------------------------
// Create a new hash object.
if(CryptCreateHash(
hProv,
CALG_MD5,
0,
0,
&hHash))
{
printf("The hash object has been recreated. \n");
}
else
{
MyHandleError("Error during CryptCreateHash.");
}
//-------------------------------------------------------------------
// Compute the cryptographic hash of the buffer.
if(CryptHashData(
hHash,
pbBuffer,
dwBufferLen,
0))
{
printf("The new hash has been created.\n");
}
else
{
MyHandleError("Error during CryptHashData.");
}
//-------------------------------------------------------------------
// Validate the digital signature.
if(CryptVerifySignature(
hHash,
pbSignature,
dwSigLen,
hPubKey,
NULL,
0))
{
printf("The signature has been verified.\n");
}
else
{
printf("Signature not validated!\n");
}
//-------------------------------------------------------------------
// Free memory to be used to store signature.
if(pbSignature)
free(pbSignature);
//-------------------------------------------------------------------
// Destroy the hash object.
if(hHash)
CryptDestroyHash(hHash);
//-------------------------------------------------------------------
// Release the provider handle.
if(hProv)
CryptReleaseContext(hProv, 0);
} // End of main
int _tmain(int argc, _TCHAR* argv[])
{
// Handle for the cryptographic provider context.
HCRYPTPROV hCryptProv;
// The name of the container.
LPCTSTR pszContainerName = TEXT("My Sample Key Container");
//---------------------------------------------------------------
// Begin processing. Attempt to acquire a context by using the
// specified key container.
if(CryptAcquireContext(
&hCryptProv,
pszContainerName,
NULL,
PROV_RSA_FULL,
0))
{
_tprintf(
TEXT("A crypto context with the %s key container ")
TEXT("has been acquired.\n"),
pszContainerName);
}
else
{
//-----------------------------------------------------------
// Some sort of error occurred in acquiring the context.
// This is most likely due to the specified container
// not existing. Create a new key container.
if(GetLastError() == NTE_BAD_KEYSET)
{
if(CryptAcquireContext(
&hCryptProv,
pszContainerName,
NULL,
PROV_RSA_FULL,
CRYPT_NEWKEYSET))
{
_tprintf(TEXT("A new key container has been ")
TEXT("created.\n"));
}
else
{
MyHandleError(TEXT("Could not create a new key ")
TEXT("container.\n"));
}
}
else
{
MyHandleError(TEXT("CryptAcquireContext failed.\n"));
}
}
//---------------------------------------------------------------
// A context with a key container is available.
// Attempt to get the handle to the signature key.
// Public/private key handle.
HCRYPTKEY hKey;
if(CryptGetUserKey(
hCryptProv,
AT_SIGNATURE,
&hKey))
{
_tprintf(TEXT("A signature key is available.\n"));
}
else
{
_tprintf(TEXT("No signature key is available.\n"));
if(GetLastError() == NTE_NO_KEY)
{
//-------------------------------------------------------
// The error was that there is a container but no key.
// Create a signature key pair.
_tprintf(TEXT("The signature key does not exist.\n"));
_tprintf(TEXT("Create a signature key pair.\n"));
if(CryptGenKey(
hCryptProv,
AT_SIGNATURE,
0,
&hKey))
{
_tprintf(TEXT("Created a signature key pair.\n"));
}
else
{
MyHandleError(TEXT("Error occurred creating a ")
TEXT("signature key.\n"));
}
}
else
{
MyHandleError(TEXT("An error other than NTE_NO_KEY ")
TEXT("getting a signature key.\n"));
}
} // End if.
_tprintf(TEXT("A signature key pair existed, or one was ")
TEXT("created.\n\n"));
// Destroy the signature key.
if(hKey)
{
if(!(CryptDestroyKey(hKey)))
{
MyHandleError(TEXT("Error during CryptDestroyKey."));
}
hKey = NULL;
}
// Next, check the exchange key.
if(CryptGetUserKey(
hCryptProv,
AT_KEYEXCHANGE,
&hKey))
{
_tprintf(TEXT("An exchange key exists.\n"));
}
else
{
_tprintf(TEXT("No exchange key is available.\n"));
// Check to determine whether an exchange key
// needs to be created.
if(GetLastError() == NTE_NO_KEY)
{
// Create a key exchange key pair.
_tprintf(TEXT("The exchange key does not exist.\n"));
_tprintf(TEXT("Attempting to create an exchange key ")
TEXT("pair.\n"));
if(CryptGenKey(
hCryptProv,
AT_KEYEXCHANGE,
0,
&hKey))
{
_tprintf(TEXT("Exchange key pair created.\n"));
}
else
{
MyHandleError(TEXT("Error occurred attempting to ")
TEXT("create an exchange key.\n"));
}
}
else
{
MyHandleError(TEXT("An error other than NTE_NO_KEY ")
TEXT("occurred.\n"));
}
}
// Destroy the exchange key.
if(hKey)
{
if(!(CryptDestroyKey(hKey)))
{
MyHandleError(TEXT("Error during CryptDestroyKey."));
}
hKey = NULL;
}
// Release the CSP.
if(hCryptProv)
{
if(!(CryptReleaseContext(hCryptProv, 0)))
{
MyHandleError(TEXT("Error during CryptReleaseContext."));
}
}
_tprintf(TEXT("Everything is okay. A signature key "));
_tprintf(TEXT("pair and an exchange key exist in "));
_tprintf(TEXT("the %s key container.\n"), pszContainerName);
getchar();
return 0;
}
BOOL DoAuthentication (void)
{
SECURITY_STATUS ss;
DWORD cbIn;
DWORD cbOut;
DWORD g_cbMaxMessage;
BOOL done = FALSE;
BOOL fDone = FALSE;
BOOL fNewConversation = TRUE;
TimeStamp Lifetime;
PSecPkgInfoA pkgInfo;
CredHandle hcred;
CredHandle hCcred;
struct _SecHandle hctxt;
struct _SecHandle hCctxt;
PBYTE g_pInBuf = NULL;
PBYTE g_pOutBuf = NULL;
SEC_CHAR g_lpPackageName[1024];
PBYTE nonce, clientnonce, lmhash, nthash;
PCHAR pUserName = NULL;
DWORD cbUserName = 0;
lstrcpynA (g_lpPackageName, "NTLM",5);
ss = QuerySecurityPackageInfoA ( g_lpPackageName, &pkgInfo);
if (!SEC_SUCCESS(ss)) MyHandleError("Could not query package");
g_cbMaxMessage = pkgInfo->cbMaxToken;
FreeContextBuffer(pkgInfo);
g_pInBuf = (PBYTE) malloc (g_cbMaxMessage);
g_pOutBuf = (PBYTE) malloc (g_cbMaxMessage);
if (NULL == g_pInBuf || NULL == g_pOutBuf) MyHandleError("Memory allocation");
ss = AcquireCredentialsHandleA (NULL, g_lpPackageName, SECPKG_CRED_INBOUND, NULL, NULL, NULL, NULL, &hcred, &Lifetime);
if (!SEC_SUCCESS (ss)) MyHandleError("AcquireCreds failed");
cbOut = g_cbMaxMessage;
if (!GenClientContext ( NULL, 0, g_pOutBuf, &cbOut, &fDone, "NTLM", &hCcred, &hCctxt))
MyHandleError("Cant't generate client context");
printf ("Type%hhd message (%lu bytes):\n",g_pOutBuf[8], cbOut);//type1
PrintHexDump (cbOut, (PBYTE)g_pOutBuf);
memcpy(g_pInBuf,g_pOutBuf, cbOut);
cbIn = cbOut;
cbOut = g_cbMaxMessage;
if (!GenServerContext (g_pInBuf, cbIn, g_pOutBuf, &cbOut, &done, fNewConversation, &hcred, &hctxt))
MyHandleError("GenServerContext failed");
fNewConversation = FALSE;
printf ("Type%hhd message (%lu bytes):\n",g_pOutBuf[8], cbOut); //type2
PrintHexDump (cbOut, (PBYTE)g_pOutBuf);
memcpy(g_pInBuf,g_pOutBuf, cbOut);
cbIn = cbOut;
cbOut = g_cbMaxMessage;
nonce = (PBYTE) malloc (16);
memcpy (nonce, (void *)&g_pOutBuf[24], 8);
if (!GenClientContext (g_pInBuf, cbIn, g_pOutBuf, &cbOut, &fDone, "NTLM", &hCcred, &hCctxt))
MyHandleError("GenClientContext failed");
printf ("Type%hhd message (%lu bytes):\n",g_pOutBuf[8], cbOut);//type3
PrintHexDump (cbOut, (PBYTE)g_pOutBuf);
GetUserNameExA(NameSamCompatible, pUserName, &cbUserName);
pUserName = (PCHAR) malloc (cbUserName);
GetUserNameExA(NameSamCompatible, pUserName, &cbUserName);
cbUserName = (DWORD)((int)strchr(pUserName,'\\'));
*(char *)cbUserName = 0;
printf("g_pOutBuf[22]=%d\n",g_pOutBuf[22]);
if (g_pOutBuf[22] > 24)
{
printf("NTLMv2\n");
nthash = (PBYTE) malloc (16);
cbIn = g_pOutBuf[24] + (g_pOutBuf[25] << 8);
memcpy (nthash, (void *)&g_pOutBuf[cbIn], 16);
cbIn += 16;
clientnonce = (PBYTE) malloc (cbOut - cbIn - 16);
//memcpy (clientnonce, (void *)&g_pOutBuf[cbIn], 84);
memcpy (clientnonce, (void *)&g_pOutBuf[cbIn], cbOut - cbIn - 16);
printf("Nonce: ");
PrintHex (8, nonce);
printf("\nClientNonce: ");
PrintHex (cbOut - cbIn - 16, clientnonce);
printf("\nNThash: ");
PrintHex (16, nthash);
printf("\n");
printf("\nJTR: %s::%s", (unsigned char *)((int)cbUserName+1), (unsigned char *)pUserName);
printf(":");
PrintHex (8, nonce);
printf(":");
PrintHex (16, nthash);
printf(":");
PrintHex (cbOut - cbIn - 16, clientnonce);
printf("\n");
}
else if (g_pOutBuf[22] == 24)
{
printf("NTLM\n");
lmhash = (PBYTE) malloc (24);
cbIn = g_pOutBuf[16] + (g_pOutBuf[17] << 8);
memcpy (lmhash, (void *)&g_pOutBuf[cbIn], 24);
nthash = (PBYTE) malloc (24);
cbIn = g_pOutBuf[24] + (g_pOutBuf[25] << 8);
memcpy (nthash, (void *)&g_pOutBuf[cbIn], 24);
printf("\nNonce: ");
PrintHex (8, nonce);
printf("\nLMhash: ");
PrintHex (24, lmhash);
printf("\nNThash: ");
PrintHex (24, nthash);
printf("\nJTR: %s::%s", (unsigned char *)((int)cbUserName+1), (unsigned char *)pUserName);
printf(":");
PrintHex (24, lmhash);
printf(":");
PrintHex (24, nthash);
printf(":");
PrintHex (8, nonce);
printf("\n");
}
else
{
printf("Unknown hashtype");
}
return(TRUE);
}
void DecodeMessage(PCRYPT_DATA_BLOB pEncodedBlob,
LPWSTR pwszSignerName)
{
//---------------------------------------------------------------
// Buffer to hold the name of the subject of a certificate.
wchar_t pszNameString[MAX_NAME];
//---------------------------------------------------------------
// The following variables are used only in the decoding phase.
HCRYPTMSG hMsg;
HCERTSTORE hStoreHandle; // certificate store handle
DWORD cbData = sizeof(DWORD);
DWORD cbDecoded;
BYTE *pbDecoded;
DWORD cbSignerCertInfo;
PCERT_INFO pSignerCertInfo;
PCCERT_CONTEXT pSignerCertContext;
/*---------------------------------------------------------------
The following code decodes the message and verifies the
message signature. This code would normally be in a
stand-alone program that would read the signed and encoded
message and its length from a file from an email message,
or from some other source.
---------------------------------------------------------------*/
//---------------------------------------------------------------
// Open a message for decoding.
if(hMsg = CryptMsgOpenToDecode(
MY_ENCODING_TYPE, // encoding type
0, // flags
0, // use the default message type
// the message type is
// listed in the message header
NULL, // cryptographic provider
// use NULL for the default provider
NULL, // recipient information
NULL)) // stream information
{
printf("The message to decode is open. \n");
}
else
{
MyHandleError("OpenToDecode failed");
}
//---------------------------------------------------------------
// Update the message with an encoded BLOB.
if(CryptMsgUpdate(
hMsg, // handle to the message
pEncodedBlob->pbData, // pointer to the encoded BLOB
pEncodedBlob->cbData, // size of the encoded BLOB
TRUE)) // last call
{
printf("The encoded BLOB has been added to the message. \n");
}
else
{
MyHandleError("Decode MsgUpdate failed");
}
//---------------------------------------------------------------
// Get the number of bytes needed for a buffer
// to hold the decoded message.
if(CryptMsgGetParam(
hMsg, // handle to the message
CMSG_CONTENT_PARAM, // parameter type
0, // index
NULL,
&cbDecoded)) // size of the returned information
{
printf("The message parameter has been acquired. \n");
}
else
{
MyHandleError("Decode CMSG_CONTENT_PARAM failed.");
}
//---------------------------------------------------------------
// Allocate memory.
if(!(pbDecoded = (BYTE *) malloc(cbDecoded)))
{
MyHandleError("Decode memory allocation failed.");
}
//---------------------------------------------------------------
// Copy the content to the buffer.
if(CryptMsgGetParam(
hMsg, // handle to the message
CMSG_CONTENT_PARAM, // parameter type
0, // index
pbDecoded, // address for returned information
&cbDecoded)) // size of the returned information
{
printf("The decoded message is =>\n%s\n\n",
(LPSTR)pbDecoded);
}
else
{
MyHandleError("Decode CMSG_CONTENT_PARAM #2 failed");
}
//---------------------------------------------------------------
// Verify the signature.
// First, get the signer CERT_INFO from the message.
//---------------------------------------------------------------
// Get the size of memory required for the certificate.
if(CryptMsgGetParam(
hMsg, // handle to the message
CMSG_SIGNER_CERT_INFO_PARAM, // parameter type
0, // index
NULL,
&cbSignerCertInfo)) // size of the returned
// information
{
printf("%d bytes needed for the buffer.\n",
cbSignerCertInfo);
}
else
{
MyHandleError("Verify SIGNER_CERT_INFO #1 failed.");
}
//---------------------------------------------------------------
// Allocate memory.
if(!(pSignerCertInfo = (PCERT_INFO) malloc(cbSignerCertInfo)))
{
MyHandleError("Verify memory allocation failed.");
}
//---------------------------------------------------------------
// Get the message certificate information (CERT_INFO
// structure).
if(!(CryptMsgGetParam(
hMsg, // handle to the message
CMSG_SIGNER_CERT_INFO_PARAM, // parameter type
0, // index
pSignerCertInfo, // address for returned
// information
&cbSignerCertInfo))) // size of the returned
// information
{
MyHandleError("Verify SIGNER_CERT_INFO #2 failed");
}
//---------------------------------------------------------------
// Open a certificate store in memory using CERT_STORE_PROV_MSG,
// which initializes it with the certificates from the message.
if(hStoreHandle = CertOpenStore(
CERT_STORE_PROV_MSG, // store provider type
MY_ENCODING_TYPE, // encoding type
NULL, // cryptographic provider
// use NULL for the default
0, // flags
hMsg)) // handle to the message
{
printf("The certificate store to be used for message " \
"verification has been opened.\n");
}
else
{
MyHandleError("Verify open store failed");
}
//---------------------------------------------------------------
// Find the signer's certificate in the store.
if(pSignerCertContext = CertGetSubjectCertificateFromStore(
hStoreHandle, // handle to the store
MY_ENCODING_TYPE, // encoding type
pSignerCertInfo)) // pointer to retrieved CERT_CONTEXT
{
if(CertGetNameString(
pSignerCertContext,
CERT_NAME_SIMPLE_DISPLAY_TYPE,
0,
NULL,
pszNameString,
MAX_NAME) > 1)
{
wprintf(L"The message signer is %s \n",pszNameString);
}
else
{
MyHandleError("Getting the signer's name failed.\n");
}
}
else
{
MyHandleError("Verify GetSubjectCert failed");
}
//---------------------------------------------------------------
// Use the CERT_INFO from the signer certificate to verify
// the signature.
if(CryptMsgControl(
hMsg,
0,
CMSG_CTRL_VERIFY_SIGNATURE,
pSignerCertContext->pCertInfo))
{
printf("Verify signature succeeded. \n");
}
else
{
printf("The signature was not verified. \n");
DWORD const errcode = GetLastError();
std::wcerr << format_sys_message<TCHAR>(errcode) << TEXT("\n");
ReportFailure();
}
//---------------------------------------------------------------
// Clean up.
if(pEncodedBlob->pbData)
{
free(pEncodedBlob->pbData);
pEncodedBlob->pbData = NULL;
}
if(pbDecoded)
{
free(pbDecoded);
}
if(pSignerCertInfo)
{
free(pSignerCertInfo);
}
if(pSignerCertContext)
{
CertFreeCertificateContext(pSignerCertContext);
}
if(hStoreHandle)
{
CertCloseStore(hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG);
}
if(hMsg)
{
CryptMsgClose(hMsg);
}
}
BOOL EncodeMessage(PCRYPT_DATA_BLOB pEncodedBlob,
LPWSTR pwszSignerName)
{
/*---------------------------------------------------------------
Declare and initialize variables. This includes getting a
pointer to the message content. This sample creates
the message content and gets a pointer to it. In most
situations, the content will exist somewhere, and a
pointer to it will get passed to the application.
---------------------------------------------------------------*/
HCERTSTORE hSystemStoreHandle;
CRYPT_SIGN_MESSAGE_PARA SignMessagePara;
//---------------------------------------------------------------
// The message to be signed and encoded.
BYTE* pbContent = (BYTE*) "The quick brown fox jumped over " \
"the lazy dog.";
/*---------------------------------------------------------------
The length of the message. This must be one more than the
value returned by strlen() to include the terminal NULL
character.
---------------------------------------------------------------*/
DWORD cbContent = lstrlenA((char *) pbContent) + 1;
//---------------------------------------------------------------
// Arrays to hold the message to be signed and its length.
const BYTE *rgpbToBeSigned[1] ;
DWORD rgcbToBeSigned[1];
//---------------------------------------------------------------
// The signer's certificate.
PCCERT_CONTEXT pSignerCert;
//---------------------------------------------------------------
// Buffer to hold the name of the subject of a certificate.
wchar_t pszNameString[MAX_NAME];
//---------------------------------------------------------------
// The following variables are used only in the decoding phase.
DWORD cbData = sizeof(DWORD);
//---------------------------------------------------------------
// Begin processing. Display the original message.
rgpbToBeSigned[0] = pbContent;
rgcbToBeSigned[0] = cbContent;
printf("The original message = \n%s\n\n",
rgpbToBeSigned[0]);
//---------------------------------------------------------------
// Open a certificate store.
if(hSystemStoreHandle = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
CERTIFICATE_STORE_NAME))
{
printf("The certificate store is open. \n");
}
else
{
MyHandleError( "Error Getting Store Handle");
}
/*---------------------------------------------------------------
Find a certificate in the store. This certificate will be
used to sign the message. To sign the message, the
certificate must have a private key accessible.
---------------------------------------------------------------*/
if(pSignerCert = CertFindCertificateInStore(
hSystemStoreHandle,
MY_ENCODING_TYPE,
0,
CERT_FIND_SUBJECT_STR,
pwszSignerName,
NULL))
{
//-----------------------------------------------------------
// Get and print the name of the subject of the certificate.
if(CertGetNameString(
pSignerCert,
CERT_NAME_SIMPLE_DISPLAY_TYPE,
0,
NULL,
pszNameString,
MAX_NAME) > 1)
{
wprintf(L"The message signer is %s \n",pszNameString);
}
else
{
MyHandleError("Getting the name of the signer " \
"failed.\n");
}
}
else
{
MyHandleError("Signer certificate not found.");
}
/*---------------------------------------------------------------
Initialize the CRYPT_SIGN_MESSAGE_PARA structure. First, use
memset to set all members to zero or NULL. Then set the values of
all members that must be nonzero.
---------------------------------------------------------------*/
memset(&SignMessagePara, 0, sizeof(CRYPT_SIGN_MESSAGE_PARA));
SignMessagePara.cbSize = sizeof(CRYPT_SIGN_MESSAGE_PARA);
SignMessagePara.HashAlgorithm.pszObjId = szOID_RSA_MD2;
SignMessagePara.pSigningCert = pSignerCert;
SignMessagePara.dwMsgEncodingType = MY_ENCODING_TYPE;
SignMessagePara.cMsgCert = 1;
SignMessagePara.rgpMsgCert = &pSignerCert;
/*---------------------------------------------------------------
In two steps, sign and encode the message. First, get the
number of bytes required for the buffer to hold the signed
and encoded message.
---------------------------------------------------------------*/
if( CryptSignMessage(
&SignMessagePara,
FALSE,
1,
rgpbToBeSigned,
rgcbToBeSigned,
NULL,
&pEncodedBlob->cbData))
{
printf("The needed length is %d \n", pEncodedBlob->cbData);
}
else
{
MyHandleError("Getting the length failed.\n");
}
//---------------------------------------------------------------
// Allocate memory for the required buffer.
pEncodedBlob->pbData = (BYTE *)malloc(pEncodedBlob->cbData);
if(!pEncodedBlob->pbData)
{
MyHandleError("Memory allocation failed.");
}
//---------------------------------------------------------------
// Call CryptSignMessage a second time to
// copy the signed and encoded message to the buffer.
if( CryptSignMessage(
&SignMessagePara,
FALSE,
1,
rgpbToBeSigned,
rgcbToBeSigned,
pEncodedBlob->pbData,
&pEncodedBlob->cbData))
{
printf("Signing worked \n");
}
else
{
MyHandleError("Signing failed.\n");
}
//---------------------------------------------------------------
// Clean up after signing and encoding.
if(pSignerCert)
{
CertFreeCertificateContext(pSignerCert);
}
if(hSystemStoreHandle)
{
CertCloseStore(hSystemStoreHandle,
CERT_CLOSE_STORE_FORCE_FLAG);
}
return TRUE;
}
bool StandardEncryption::EncryptFile(PCHAR szSource, PCHAR szDestination, PCHAR szPassword, bool bEncrypt) {
//-------------------------------------------------------------------
// Parameters passed are:
// szSource, the name of the input, a plaintext file.
// szDestination, the name of the output, an encrypted file to be
// created.
// szPassword, either NULL if a password is not to be used or the
// string that is the password.
//-------------------------------------------------------------------
// Declare and initialize local variables.
FILE *hSource;
FILE *hDestination;
HCRYPTPROV hCryptProv;
HCRYPTKEY hKey;
HCRYPTKEY hXchgKey;
HCRYPTHASH hHash;
PBYTE pbKeyBlob;
DWORD dwKeyBlobLen;
PBYTE pbBuffer;
DWORD dwBlockLen;
DWORD dwBufferLen;
DWORD dwCount;
unsigned long ltemp = 0;
char szSpeed[SIZE_STRING];
char szAverage[SIZE_STRING];
//-------------------------------------------------------------------
// Open source file.
if(hSource = fopen(szSource,"rb")) {
//printf("The source plaintext file, %s, is open. \n", szSource);
} else {
MyHandleError("Error opening source plaintext file!");
return false;
}
//-------------------------------------------------------------------
// Open destination file.
if(hDestination = fopen(szDestination,"wb")) {
//printf("Destination file %s is open. \n", szDestination);
} else {
MyHandleError("Error opening destination ciphertext file!");
return false;
}
// Get the handle to the default provider.
if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_AES , CRYPT_VERIFYCONTEXT)) {
//if(CryptAcquireContext(&hCryptProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL , 0)) {
//printf("A cryptographic provider has been acquired. \n");
} else {
MyHandleError("Error during CryptAcquireContext!");
return false;
}
//-------------------------------------------------------------------
// Create the session key.
if(!szPassword ) {
return false;
} else {
//-------------------------------------------------------------------
// The file will be encrypted with a session key derived from a
// password.
// The session key will be recreated when the file is decrypted
// only if the password used to create the key is available.
//-------------------------------------------------------------------
// Create a hash object.
if(CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hHash)) {
//printf("A hash object has been created. \n");
} else {
MyHandleError("Error during CryptCreateHash!");
return false;
}
//-------------------------------------------------------------------
// Hash the password.
if(CryptHashData(hHash, (BYTE *)szPassword, strlen(szPassword), 0)) {
//printf("The password has been added to the hash. \n");
} else {
MyHandleError("Error during CryptHashData.");
return false;
}
//-------------------------------------------------------------------
// Derive a session key from the hash object.
if(CryptDeriveKey(hCryptProv, ENCRYPT_ALGORITHM, hHash, KEYLENGTH, &hKey)) {
//printf("An encryption key is derived from the password hash. \n");
} else {
MyHandleError("Error during CryptDeriveKey!");
return false;
}
//-------------------------------------------------------------------
// Destroy hash object.
if(hHash) {
if(!(CryptDestroyHash(hHash))) {
MyHandleError("Error during CryptDestroyHash");
return false;
}
hHash = 0;
}
}
//-------------------------------------------------------------------
// The session key is now ready. If it is not a key derived from a
// password, the session key encrypted with the encrypter's private
// key has been written to the destination file.
//-------------------------------------------------------------------
// Determine the number of bytes to encrypt at a time.
// This must be a multiple of ENCRYPT_BLOCK_SIZE.
// ENCRYPT_BLOCK_SIZE is set by a #define statement.
dwBlockLen = 1000 - 1000 % ENCRYPT_BLOCK_SIZE;
//-------------------------------------------------------------------
// Determine the block size. If a block cipher is used,
// it must have room for an extra block.
if(ENCRYPT_BLOCK_SIZE > 1)
dwBufferLen = dwBlockLen + ENCRYPT_BLOCK_SIZE;
else
dwBufferLen = dwBlockLen;
//-------------------------------------------------------------------
// Allocate memory.
if(pbBuffer = (BYTE *)malloc(dwBufferLen)) {
//printf("Memory has been allocated for the buffer. \n");
} else {
MyHandleError("Out of memory.");
return false;
}
// Write / Read the header information from the file.
// If we are encrypting then we need to write header information
// if decrypting we need to skip past the header information providing
// header information exists.
if (bEncrypt == true) {
fwrite (&m_lMagicone, 1, sizeof (unsigned long), hDestination);
fwrite (&m_lMagictwo, 1, sizeof (unsigned long), hDestination);
fwrite (&m_lMagicthree, 1, sizeof (unsigned long), hDestination);
fwrite (&m_lMagicfour, 1, sizeof (unsigned long), hDestination);
} else {
ltemp = 0;
fread (<emp, 1, sizeof (unsigned long), hSource);
fread (<emp, 1, sizeof (unsigned long), hSource);
fread (<emp, 1, sizeof (unsigned long), hSource);
fread (<emp, 1, sizeof (unsigned long), hSource);
}
//-------------------------------------------------------------------
// In a do loop, encrypt the source file,
// and write to the source file.
m_lastprogressvalue = 0;
m_bmaxprogressredone = false;
m_ispeedtrigger = 0;
unsigned long ltimereading = 0;
unsigned long long lbytesreading = 0;
int ispeed = 0;
int iaverage = 0;
m_lastbytesreading = 0;
m_lasttimereading = 0;
do
{
//-------------------------------------------------------------------
// Read up to dwBlockLen bytes from the source file.
dwCount = fread(pbBuffer, 1, dwBlockLen, hSource);
if(ferror(hSource)) {
MyHandleError("Error reading plaintext!");
return false;
}
//-------------------------------------------------------------------
// Encrypt / Decrypt data.
if (bEncrypt == true) {
if(!CryptEncrypt(hKey, 0, feof(hSource), 0, pbBuffer, &dwCount, dwBufferLen)) {
MyHandleError("Error during Encrypt.");
return false;
}
} else {
if(!CryptDecrypt(hKey, 0, feof(hSource), 0, pbBuffer, &dwCount)) {
MyHandleError("Error during Decrypt.");
return false;
}
}
//-------------------------------------------------------------------
// Write data to the destination file.
fwrite(pbBuffer, 1, dwCount, hDestination);
ltotalbytesprocessed+=dwCount;
//OutputInt ("ltotalprocessed: ", ltotalbytesprocessed);
int idivvalue = 1000;
if (ltotalbytes > 0 && ltotalbytes <= 1000) {
idivvalue = 1;
}
if (ltotalbytes > 1000 && ltotalbytes <= 10000) {
idivvalue = 10;
}
if (ltotalbytes > 10000 && ltotalbytes <= 100000) {
idivvalue = 100;
}
if (ltotalbytes > 100000 && ltotalbytes <= 1000000) {
idivvalue = 1000;
}
if (ltotalbytes > 1000000 && ltotalbytes <= 10000000) {
idivvalue = 10000;
}
if (ltotalbytes > 10000000 && ltotalbytes <= 100000000) {
idivvalue = 100000;
}
if (ltotalbytes > 100000000 && ltotalbytes <= 1000000000) {
idivvalue = 1000000;
}
if (ltotalbytes > 1000000000 && ltotalbytes <= 10000000000) {
idivvalue = 10000000;
}
if (ltotalbytes > 10000000000 && ltotalbytes <= 100000000000) {
idivvalue = 100000000;
}
if (ltotalbytes > 100000000000 && ltotalbytes <= 1000000000000) {
idivvalue = 1000000000;
}
if (ltotalbytes > 1000000000000 && ltotalbytes <= 10000000000000) {
idivvalue = 10000000000;
}
if (ltotalbytes > 10000000000000 && ltotalbytes <= 100000000000000) {
idivvalue = 100000000000;
}
if (ltotalbytes > 100000000000000 && ltotalbytes <= 1000000000000000) {
idivvalue = 1000000000000;
}
unsigned int progressvalue = (40000 / (ltotalbytes / idivvalue)) * ((ltotalbytesprocessed) / idivvalue);
//if (m_bmaxprogressredone == false) {
// if ((progressvalue-m_lastprogressvalue) > 0) {
// SendMessage(m_hwndprogress, PBM_SETRANGE, 0L, MAKELONG (0, 40000-((progressvalue-m_lastprogressvalue)*20)));
// m_bmaxprogressredone = true;
// //OutputInt ("max progress now at: ", 40000-((progressvalue-m_lastprogressvalue)*20));
// }
//}
if (progressvalue != m_lastprogressvalue) {
//OutputInt ("progressvalue: ", progressvalue);
SendMessage (m_hwndprogress, PBM_SETPOS, progressvalue, 0L);
}
m_lastprogressvalue = progressvalue;
//m_ispeedtrigger++;
if ((GetTickCount () - m_lasttickcount) > 100) {
//m_ispeedtrigger = 0;
m_lasttickcount = GetTickCount ();
ltimereading = GetTickCount ();
lbytesreading = ltotalbytesprocessed;
if ((ltimereading-m_lasttimereading) < 1000) {
ispeed = (1000000 / ((ltimereading-m_lasttimereading)*1000)) * (ltotalbytesprocessed-m_lastbytesreading);
ZeroMemory (szSpeed, SIZE_STRING);
if (ispeed > 0 && ispeed <= 1000) {
sprintf_s (szSpeed, "Speed: %i Bytes/sec (%i %% complete)", ispeed, ((100*progressvalue) / 40000));
}
if (ispeed > 1000 && ispeed <= 1000000) {
sprintf_s (szSpeed, "Speed: %i KB/sec (%i %% complete)", ispeed / 1000, ((100*progressvalue) / 40000));
}
if (ispeed > 1000000) {
sprintf_s (szSpeed, "Speed: %i MB/sec (%i %% complete)", ispeed / 1000000, ((100*progressvalue) / 40000));
}
m_addedspeed+=ispeed;
m_iaveragetrigger++;
if (m_iaveragetrigger > 120) {
iaverage = m_addedspeed / m_iaveragetrigger;
m_addedspeed = 0;
m_iaveragetrigger = 0;
ZeroMemory (szAverage, SIZE_STRING);
if (iaverage > 0 && iaverage <= 1000) {
if ((((ltotalbytes-ltotalbytesprocessed) / iaverage) / 60) == 0) {
sprintf_s (szAverage, " Average Speed: %i Bytes/sec Time Remaining: Less than a minute", iaverage);
} else {
sprintf_s (szAverage, " Average Speed: %i Bytes/sec Time Remaining: %i mins", iaverage, ((ltotalbytes-ltotalbytesprocessed) / iaverage) / 60);
}
}
if (iaverage > 1000 && iaverage <= 1000000) {
if ((((ltotalbytes-ltotalbytesprocessed) / iaverage) / 60) == 0) {
sprintf_s (szAverage, " Average Speed: %i KB/sec Time Remaining: Less than a minute", iaverage / 1000);
} else {
sprintf_s (szAverage, " Average Speed: %i KB/sec Time Remaining: %i mins", iaverage / 1000, ((ltotalbytes-ltotalbytesprocessed) / iaverage) / 60);
}
}
if (iaverage > 1000000) {
if ((((ltotalbytes-ltotalbytesprocessed) / iaverage) / 60) == 0) {
sprintf_s (szAverage, " Average Speed: %i MB/sec Time Remaining: Less than a minute", iaverage / 1000000);
} else {
sprintf_s (szAverage, " Average Speed: %i MB/sec Time Remaining: %i mins", iaverage / 1000000, ((ltotalbytes-ltotalbytesprocessed) / iaverage) / 60);
}
}
ZeroMemory (m_szLastaverage, SIZE_STRING);
strcpy_s (m_szLastaverage, SIZE_STRING, szAverage);
}
strcat_s (szSpeed, SIZE_STRING, m_szLastaverage);
SetDlgItemText (m_hwndspeed, ID_LBLSPEED, szSpeed);
} else {
//SetDlgItemText (m_hwndspeed, ID_LBLSPEED, "Calculating speed...");
}
m_lastbytesreading = ltotalbytesprocessed;
m_lasttimereading = ltimereading;
}
if(ferror(hDestination)) {
//MyHandleError("Error writing ciphertext.");
return false;
}
}
while(!feof(hSource));
//-------------------------------------------------------------------
// End the do loop when the last block of the source file has been
// read, encrypted, and written to the destination file.
//-------------------------------------------------------------------
// Close files.
//SendMessage (m_hwndprogress, PBM_SETPOS, 40000, 0L);
if(hSource)
{
if(fclose(hSource)) {
MyHandleError("Error closing source file");
return false;
}
}
if(hDestination)
{
if(fclose(hDestination)) {
MyHandleError("Error closing destination file");
return false;
}
}
//-------------------------------------------------------------------
// Free memory.
if(pbBuffer) {
free(pbBuffer);
}
//-------------------------------------------------------------------
// Destroy the session key.
if(hKey)
{
if(!(CryptDestroyKey(hKey))) {
MyHandleError("Error during CryptDestroyKey");
return false;
}
}
//-------------------------------------------------------------------
// Release the provider handle.
if(hCryptProv)
{
if(!(CryptReleaseContext(hCryptProv, 0))) {
MyHandleError("Error during CryptReleaseContext");
return false;
}
}
return true;
} // end Encryptfile
BYTE* SignAndEncrypt(
wchar_t const*const signer_name,
const BYTE *pbToBeSignedAndEncrypted,
DWORD cbToBeSignedAndEncrypted,
DWORD *pcbSignedAndEncryptedBlob)
{
//---------------------------------------------------------------
// Declare and initialize local variables.
FILE *hToSave;
HCERTSTORE hCertStore;
//---------------------------------------------------------------
// pSignerCertContext will be the certificate of
// the message signer.
PCCERT_CONTEXT pSignerCertContext ;
//---------------------------------------------------------------
// pReceiverCertContext will be the certificate of the
// message receiver.
PCCERT_CONTEXT pReceiverCertContext;
TCHAR pszNameString[256];
CRYPT_SIGN_MESSAGE_PARA SignPara;
CRYPT_ENCRYPT_MESSAGE_PARA EncryptPara;
DWORD cRecipientCert;
PCCERT_CONTEXT rgpRecipientCert[5];
BYTE *pbSignedAndEncryptedBlob = NULL;
//CERT_NAME_BLOB Subject_Blob;
BYTE *pbDataIn;
DWORD dwKeySpec;
NCRYPT_KEY_HANDLE hCryptProv;
//---------------------------------------------------------------
// Open the MY certificate store.
// For more information, see the CertOpenStore function
// PSDK reference page.
// Note: Case is not significant in certificate store names.
if ( !( hCertStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
L"my")))
{
MyHandleError(TEXT("The MY store could not be opened."));
}
//---------------------------------------------------------------
// Get the certificate for the signer.
if(!(pSignerCertContext = CertFindCertificateInStore(
hCertStore,
MY_ENCODING_TYPE,
0,
CERT_FIND_SUBJECT_STR,
signer_name,
NULL)))
{
MyHandleError(TEXT("Cert not found.\n"));
}
//---------------------------------------------------------------
// Get and print the name of the message signer.
// The following two calls to CertGetNameString with different
// values for the second parameter get two different forms of
// the certificate subject's name.
if(CertGetNameString(
pSignerCertContext ,
CERT_NAME_SIMPLE_DISPLAY_TYPE,
0,
NULL,
pszNameString,
MAX_NAME) > 1)
{
_tprintf(
TEXT("The SIMPLE_DISPLAY_TYPE message signer's name is ")
TEXT("%s \n"),
pszNameString);
}
else
{
MyHandleError(
TEXT("Getting the name of the signer failed.\n"));
}
if(CertGetNameString(
pSignerCertContext,
CERT_NAME_RDN_TYPE,
0,
NULL,
pszNameString,
MAX_NAME) > 1)
{
_tprintf(
TEXT("The RDM_TYPE message signer's name is %s \n"),
pszNameString);
}
else
{
MyHandleError(
TEXT("Getting the name of the signer failed.\n"));
}
if(!( CryptAcquireCertificatePrivateKey(
pSignerCertContext,
CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG,
NULL,
&hCryptProv,
&dwKeySpec,
NULL)))
{
DWORD const errcode = GetLastError();
std::wcerr << format_sys_message<TCHAR>(errcode) << TEXT("\n");
MyHandleError(TEXT("CryptAcquireCertificatePrivateKey.\n"));
}
pReceiverCertContext = pSignerCertContext; // send to self
//---------------------------------------------------------------
// Get and print the subject name from the receiver's
// certificate.
if(CertGetNameString(
pReceiverCertContext ,
CERT_NAME_SIMPLE_DISPLAY_TYPE,
0,
NULL,
pszNameString,
MAX_NAME) > 1)
{
_tprintf(TEXT("The message receiver is %s \n"),
pszNameString);
}
else
{
MyHandleError(
TEXT("Getting the name of the receiver failed.\n"));
}
//---------------------------------------------------------------
// Initialize variables and data structures
// for the call to CryptSignAndEncryptMessage.
SignPara.cbSize = sizeof(CRYPT_SIGN_MESSAGE_PARA);
SignPara.dwMsgEncodingType = MY_ENCODING_TYPE;
SignPara.pSigningCert = pSignerCertContext ;
SignPara.HashAlgorithm.pszObjId = OID_HASH_G34311;
SignPara.HashAlgorithm.Parameters.cbData = 0;
SignPara.pvHashAuxInfo = NULL;
SignPara.cMsgCert = 1;
SignPara.rgpMsgCert = &pSignerCertContext ;
SignPara.cMsgCrl = 0;
SignPara.rgpMsgCrl = NULL;
SignPara.cAuthAttr = 0;
SignPara.rgAuthAttr = NULL;
SignPara.cUnauthAttr = 0;
SignPara.rgUnauthAttr = NULL;
SignPara.dwFlags = 0;
SignPara.dwInnerContentType = 0;
EncryptPara.cbSize = sizeof(CRYPT_ENCRYPT_MESSAGE_PARA);
EncryptPara.dwMsgEncodingType = MY_ENCODING_TYPE;
EncryptPara.hCryptProv = 0;
EncryptPara.ContentEncryptionAlgorithm.pszObjId = OID_G28147_89_GAMMA_CBC; //szOID_RSA_RC4;
EncryptPara.ContentEncryptionAlgorithm.Parameters.cbData = 0;
EncryptPara.pvEncryptionAuxInfo = NULL;
EncryptPara.dwFlags = 0;
EncryptPara.dwInnerContentType = 0;
cRecipientCert = 1;
rgpRecipientCert[0] = pReceiverCertContext;
*pcbSignedAndEncryptedBlob = 0;
pbSignedAndEncryptedBlob = NULL;
if( CryptSignAndEncryptMessage(
&SignPara,
&EncryptPara,
cRecipientCert,
rgpRecipientCert,
pbToBeSignedAndEncrypted,
cbToBeSignedAndEncrypted,
NULL, // the pbSignedAndEncryptedBlob
pcbSignedAndEncryptedBlob))
{
_tprintf(TEXT("%d bytes for the buffer .\n"),
*pcbSignedAndEncryptedBlob);
}
else
{
DWORD const errcode = GetLastError();
std::wcerr << format_sys_message<TCHAR>(errcode) << TEXT("\n");
MyHandleError(TEXT("Getting the buffer length failed."));
}
//---------------------------------------------------------------
// Allocate memory for the buffer.
if(!(pbSignedAndEncryptedBlob =
(unsigned char *)malloc(*pcbSignedAndEncryptedBlob)))
{
MyHandleError(TEXT("Memory allocation failed."));
}
//---------------------------------------------------------------
// Call the function a second time to copy the signed and
// encrypted message into the buffer.
if( CryptSignAndEncryptMessage(
&SignPara,
&EncryptPara,
cRecipientCert,
rgpRecipientCert,
pbToBeSignedAndEncrypted,
cbToBeSignedAndEncrypted,
pbSignedAndEncryptedBlob,
pcbSignedAndEncryptedBlob))
{
_tprintf(TEXT("The message is signed and encrypted.\n"));
}
else
{
MyHandleError(
TEXT("The message failed to sign and encrypt."));
}
//---------------------------------------------------------------
// Clean up.
if(pSignerCertContext )
{
CertFreeCertificateContext(pSignerCertContext);
}
// send to self so the same cert is used
// if(pReceiverCertContext )
// {
// CertFreeCertificateContext(pReceiverCertContext);
// }
CertCloseStore(hCertStore, 0);
//---------------------------------------------------------------
// Return the signed and encrypted message.
return pbSignedAndEncryptedBlob;
} // End SignAndEncrypt.
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
CHAR *pszTarget,
CredHandle *hCred,
struct _SecHandle *hcText)
{
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff;
ULONG ContextAttributes;
static TCHAR lpPackageName[1024];
if( NULL == pIn )
{
strcpy_s(lpPackageName, 1024 * sizeof(TCHAR), "Negotiate");
ss = AcquireCredentialsHandle (
NULL,
lpPackageName,
SECPKG_CRED_OUTBOUND,
NULL,
NULL,
NULL,
NULL,
hCred,
&Lifetime);
if (!(SEC_SUCCESS (ss)))
{
MyHandleError("AcquireCreds failed ");
}
}
//--------------------------------------------------------------------
// Prepare the buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
//-------------------------------------------------------------------
// The input buffer is created only if a message has been received
// from the server.
if (pIn)
{
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = &InSecBuff;
InSecBuff.cbBuffer = cbIn;
InSecBuff.BufferType = SECBUFFER_TOKEN;
InSecBuff.pvBuffer = pIn;
ss = InitializeSecurityContext (
hCred,
hcText,
pszTarget,
MessageAttribute,
0,
SECURITY_NATIVE_DREP,
&InBuffDesc,
0,
hcText,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
}
else
{
ss = InitializeSecurityContext (
hCred,
NULL,
pszTarget,
MessageAttribute,
0,
SECURITY_NATIVE_DREP,
NULL,
0,
hcText,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
}
if (!SEC_SUCCESS (ss))
{
MyHandleError ("InitializeSecurityContext failed " );
}
//-------------------------------------------------------------------
// If necessary, complete the token.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
{
ss = CompleteAuthToken (hcText, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
{
fprintf (stderr, "complete failed: 0x%08x\n", ss);
return FALSE;
}
}
*pcbOut = OutSecBuff.cbBuffer;
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss) ||
(SEC_I_COMPLETE_AND_CONTINUE == ss));
printf ("Token buffer generated (%lu bytes):\n", OutSecBuff.cbBuffer);
PrintHexDump (OutSecBuff.cbBuffer, (PBYTE)OutSecBuff.pvBuffer);
return TRUE;
}
bool StandardEncryption::EncryptBuffer (MemoryBuffer *memSource, PCHAR szPassword, bool bEncrypt)
{
HCRYPTPROV hCryptProv;
HCRYPTHASH hHash;
HCRYPTKEY hKey;
DWORD dwBufferlen;
DWORD dwBufsize;
MemoryBuffer memOutput;
// Get the handle to the default provider.
if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROVIDER , 0)) {
//printf("A cryptographic provider has been acquired. \n");
} else {
MyHandleError("Error during CryptAcquireContext!");
return false;
}
if(!szPassword ) {
return false;
} else {
// Create a hash object.
if(CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hHash)) {
//printf("A hash object has been created. \n");
} else {
MyHandleError("Error during CryptCreateHash!");
return false;
}
//-------------------------------------------------------------------
// Hash the password.
if(CryptHashData(hHash, (BYTE *)szPassword, strlen(szPassword), 0)) {
//printf("The password has been added to the hash. \n");
} else {
MyHandleError("Error during CryptHashData.");
return false;
}
//-------------------------------------------------------------------
// Derive a session key from the hash object.
if(CryptDeriveKey(hCryptProv, m_Currentalg, hHash, m_dwKeylength, &hKey)) {
//printf("An encryption key is derived from the password hash. \n");
} else {
MyHandleError("Error during CryptDeriveKey!");
return false;
}
//-------------------------------------------------------------------
// Destroy hash object.
if(hHash) {
if(!(CryptDestroyHash(hHash))) {
MyHandleError("Error during CryptDestroyHash");
return false;
}
hHash = 0;
}
// Encrypt / Decrypt data.
if (bEncrypt == true) {
// First get the size of the buffer needed.
dwBufferlen = memSource->GetSize ();
dwBufsize = memSource->GetSize ();
CryptEncrypt (hKey, 0, TRUE, 0, NULL, &dwBufferlen, dwBufsize);
if (dwBufferlen > 0) {
dwBufsize = dwBufferlen;
memOutput.SetSize (dwBufferlen);
memOutput.Write (memSource->GetBuffer (), 0, memSource->GetSize ());
if (!CryptEncrypt (hKey, 0, FALSE, 0, (BYTE *) memOutput.GetBuffer (), &dwBufferlen, dwBufsize)) {
MyHandleError ("Error during Encrypt.");
return false;
} else {
memSource->Clear ();
memSource->SetSize (memOutput.GetSize ());
memSource->Write (memOutput.GetBuffer (), 0, memOutput.GetSize ());
memOutput.Clear ();
}
} else {
OutputText ("Unable to obtain encrypted buffer size.");
return false;
}
} else {
dwBufferlen = memSource->GetSize ();
memOutput.SetSize (dwBufferlen);
memOutput.Write (memSource->GetBuffer (), 0, memSource->GetSize ());
if (!CryptDecrypt (hKey, 0, FALSE, 0, (BYTE *) memOutput.GetBuffer (), &dwBufferlen)) {
MyHandleError ("Error during Decrypt.");
return false;
} else {
memSource->Clear ();
memSource->SetSize (dwBufferlen);
memSource->Write (memOutput.GetBuffer (), 0, dwBufferlen);
memOutput.Clear ();
}
}
//-------------------------------------------------------------------
// Destroy the session key.
if(hKey)
{
if(!(CryptDestroyKey(hKey))) {
MyHandleError("Error during CryptDestroyKey");
return false;
}
}
//-------------------------------------------------------------------
// Release the provider handle.
if(hCryptProv)
{
if(!(CryptReleaseContext(hCryptProv, 0))) {
MyHandleError("Error during CryptReleaseContext");
return false;
}
}
return true;
}
}
void main()
{
SOCKET Client_Socket;
BYTE Data[BIG_BUFF];
PCHAR pMessage;
WSADATA wsaData;
CredHandle hCred;
struct _SecHandle hCtxt;
SECURITY_STATUS ss;
DWORD cbRead;
ULONG cbMaxSignature;
ULONG cbSecurityTrailer;
SecPkgContext_Sizes SecPkgContextSizes;
SecPkgContext_NegotiationInfo SecPkgNegInfo;
BOOL DoAuthentication (SOCKET s);
//-------------------------------------------------------------------
// Initialize the socket and the SSP security package.
if(WSAStartup (0x0101, &wsaData))
{
MyHandleError("Could not initialize winsock ");
}
//--------------------------------------------------------------------
// Connect to a server.
if (!ConnectAuthSocket (
&Client_Socket,
&hCred,
&hCtxt))
{
MyHandleError("Authenticated server connection ");
}
//--------------------------------------------------------------------
// An authenticated session with a server has been established.
// Receive and manage a message from the server.
// First, find and display the name of the negotiated
// SSP and the size of the signature and the encryption
// trailer blocks for this SSP.
ss = QueryContextAttributes(
&hCtxt,
SECPKG_ATTR_NEGOTIATION_INFO,
&SecPkgNegInfo );
if (!SEC_SUCCESS(ss))
{
MyHandleError("QueryContextAttributes failed ");
}
else
{
printf("Package Name: %s\n", SecPkgNegInfo.PackageInfo->Name);
}
ss = QueryContextAttributes(
&hCtxt,
SECPKG_ATTR_SIZES,
&SecPkgContextSizes );
if (!SEC_SUCCESS(ss))
{
MyHandleError("Query context ");
}
cbMaxSignature = SecPkgContextSizes.cbMaxSignature;
cbSecurityTrailer = SecPkgContextSizes.cbSecurityTrailer;
printf("InitializeSecurityContext result = 0x%08x\n", ss);
//--------------------------------------------------------------------
// Decrypt and display the message from the server.
if (!ReceiveBytes(
Client_Socket,
Data,
BIG_BUFF,
&cbRead))
{
MyHandleError("No response from server ");
}
if (0 == cbRead)
{
MyHandleError("Zero bytes received ");
}
pMessage = (PCHAR) DecryptThis(
Data,
&cbRead,
&hCtxt,
cbSecurityTrailer);
printf ("The message from the server is \n -> %.*s \n",
cbRead, pMessage);
//--------------------------------------------------------------------
// Terminate socket and security package.
DeleteSecurityContext (&hCtxt);
FreeCredentialHandle (&hCred);
shutdown (Client_Socket, 2);
closesocket (Client_Socket);
if (SOCKET_ERROR == WSACleanup ())
{
MyHandleError("Problem with socket cleanup ");
}
exit (EXIT_SUCCESS);
} // end main
BOOL DoAuthentication (SOCKET s)
{
BOOL fDone = FALSE;
DWORD cbOut = 0;
DWORD cbIn = 0;
PBYTE pInBuf;
PBYTE pOutBuf;
if(!(pInBuf = (PBYTE) malloc(cbMaxMessage)))
{
MyHandleError("Memory allocation ");
}
if(!(pOutBuf = (PBYTE) malloc(cbMaxMessage)))
{
MyHandleError("Memory allocation ");
}
cbOut = cbMaxMessage;
if (!GenClientContext (
NULL,
0,
pOutBuf,
&cbOut,
&fDone,
TargetName,
hCred,
hcText
))
{
return(FALSE);
}
if (!SendMsg (s, pOutBuf, cbOut ))
{
MyHandleError("Send message failed ");
}
while (!fDone)
{
if (!ReceiveMsg (
s,
pInBuf,
cbMaxMessage,
&cbIn))
{
MyHandleError("Receive message failed ");
}
cbOut = cbMaxMessage;
if (!GenClientContext (
pInBuf,
cbIn,
pOutBuf,
&cbOut,
&fDone,
TargetName,
hCred,
hcText))
{
MyHandleError("GenClientContext failed");
}
if (!SendMsg (
s,
pOutBuf,
cbOut))
{
MyHandleError("Send message 2 failed ");
}
}
free(pInBuf);
free(pOutBuf);
return(TRUE);
}
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *hCred,
struct _SecHandle *hcText)
{
unsigned long ulAddress;
struct hostent *pHost;
SOCKADDR_IN sin;
//--------------------------------------------------------------------
// Lookup the server's address.
ulAddress = inet_addr (ServerName);
if (INADDR_NONE == ulAddress)
{
pHost = gethostbyname (ServerName);
if (NULL == pHost)
{
MyHandleError("Unable to resolve host name ");
}
memcpy((char FAR *)&ulAddress, pHost->h_addr, pHost->h_length);
}
//--------------------------------------------------------------------
// Create the socket.
*s = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == *s)
{
MyHandleError("Unable to create socket");
}
else
{
printf("Socket created.\n");
}
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = ulAddress;
sin.sin_port = htons (g_usPort);
//--------------------------------------------------------------------
// Connect to the server.
if (connect (*s, (LPSOCKADDR) &sin, sizeof (sin)))
{
closesocket (*s);
MyHandleError( "Connect failed ");
}
//--------------------------------------------------------------------
// Authenticate the connection.
if (!DoAuthentication (*s))
{
closesocket (*s);
MyHandleError("Authentication ");
}
return(TRUE);
} // end ConnectAuthSocket
//-------------------------------------------------------------------
// Code for the function MyEncryptFile called by main.
//-------------------------------------------------------------------
// Parameters passed are:
// pszSource, the name of the input, a plaintext file.
// pszDestination, the name of the output, an encrypted file to be
// created.
// pszPassword, either NULL if a password is not to be used or the
// string that is the password.
bool MyEncryptFile(
LPTSTR pszSourceFile,
LPTSTR pszDestinationFile,
LPTSTR pszPassword)
{
//---------------------------------------------------------------
// Declare and initialize local variables.
bool fReturn = false;
HANDLE hSourceFile = INVALID_HANDLE_VALUE;
HANDLE hDestinationFile = INVALID_HANDLE_VALUE;
HCRYPTPROV hCryptProv = NULL;
HCRYPTKEY hKey = NULL;
HCRYPTKEY hXchgKey = NULL;
HCRYPTHASH hHash = NULL;
PBYTE pbKeyBlob = NULL;
DWORD dwKeyBlobLen;
PBYTE pbBuffer = NULL;
DWORD dwBlockLen;
DWORD dwBufferLen;
DWORD dwCount;
//---------------------------------------------------------------
// Open the source file.
hSourceFile = CreateFile(
pszSourceFile,
FILE_READ_DATA,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(INVALID_HANDLE_VALUE != hSourceFile)
{
_tprintf(
TEXT("The source plaintext file, %s, is open. \n"),
pszSourceFile);
}
else
{
MyHandleError(
TEXT("Error opening source plaintext file!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//---------------------------------------------------------------
// Open the destination file.
hDestinationFile = CreateFile(
pszDestinationFile,
FILE_WRITE_DATA,
FILE_SHARE_READ,
NULL,
OPEN_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(INVALID_HANDLE_VALUE != hDestinationFile)
{
_tprintf(
TEXT("The destination file, %s, is open. \n"),
pszDestinationFile);
}
else
{
MyHandleError(
TEXT("Error opening destination file!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//---------------------------------------------------------------
// Get the handle to the default provider.
if(CryptAcquireContext(
&hCryptProv,
NULL,
MS_ENH_RSA_AES_PROV,
PROV_RSA_AES,
0))
{
_tprintf(
TEXT("A cryptographic provider has been acquired. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptAcquireContext!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//---------------------------------------------------------------
// Create the session key.
if(!pszPassword || !pszPassword[0])
{
//-----------------------------------------------------------
// No password was passed.
// Encrypt the file with a random session key, and write the
// key to a file.
//-----------------------------------------------------------
// Create a random session key.
if(CryptGenKey(
hCryptProv,
ENCRYPT_ALGORITHM,
KEYLENGTH | CRYPT_EXPORTABLE,
&hKey))
{
_tprintf(TEXT("A session key has been created. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptGenKey. \n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// Get the handle to the exchange public key.
if(CryptGetUserKey(
hCryptProv,
AT_KEYEXCHANGE,
&hXchgKey))
{
_tprintf(
TEXT("The user public key has been retrieved. \n"));
}
else
{
if(NTE_NO_KEY == GetLastError())
{
// No exchange key exists. Try to create one.
if(!CryptGenKey(
hCryptProv,
AT_KEYEXCHANGE,
CRYPT_EXPORTABLE,
&hXchgKey))
{
MyHandleError(
TEXT("Could not create a user public key.\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
}
else
{
MyHandleError(
TEXT("User public key is not available and may ")
TEXT("not exist.\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
}
//-----------------------------------------------------------
// Determine size of the key BLOB, and allocate memory.
if(CryptExportKey(
hKey,
hXchgKey,
SIMPLEBLOB,
0,
NULL,
&dwKeyBlobLen))
{
_tprintf(
TEXT("The key BLOB is %d bytes long. \n"),
dwKeyBlobLen);
}
else
{
MyHandleError(
TEXT("Error computing BLOB length! \n"),
GetLastError());
goto Exit_MyEncryptFile;
}
if(pbKeyBlob = (BYTE *)malloc(dwKeyBlobLen))
{
_tprintf(
TEXT("Memory is allocated for the key BLOB. \n"));
}
else
{
MyHandleError(TEXT("Out of memory. \n"), E_OUTOFMEMORY);
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// Encrypt and export the session key into a simple key
// BLOB.
if(CryptExportKey(
hKey,
hXchgKey,
SIMPLEBLOB,
0,
pbKeyBlob,
&dwKeyBlobLen))
{
_tprintf(TEXT("The key has been exported. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptExportKey!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// Release the key exchange key handle.
if(hXchgKey)
{
if(!(CryptDestroyKey(hXchgKey)))
{
MyHandleError(
TEXT("Error during CryptDestroyKey.\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
hXchgKey = 0;
}
//-----------------------------------------------------------
// Write the size of the key BLOB to the destination file.
if(!WriteFile(
hDestinationFile,
&dwKeyBlobLen,
sizeof(DWORD),
&dwCount,
NULL))
{
MyHandleError(
TEXT("Error writing header.\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
else
{
_tprintf(TEXT("A file header has been written. \n"));
}
//-----------------------------------------------------------
// Write the key BLOB to the destination file.
if(!WriteFile(
hDestinationFile,
pbKeyBlob,
dwKeyBlobLen,
&dwCount,
NULL))
{
MyHandleError(
TEXT("Error writing header.\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
else
{
_tprintf(
TEXT("The key BLOB has been written to the ")
TEXT("file. \n"));
}
// Free memory.
free(pbKeyBlob);
}
else
{
//-----------------------------------------------------------
// The file will be encrypted with a session key derived
// from a password.
// The session key will be recreated when the file is
// decrypted only if the password used to create the key is
// available.
//-----------------------------------------------------------
// Create a hash object.
if(CryptCreateHash(
hCryptProv,
CALG_MD5,
0,
0,
&hHash))
{
_tprintf(TEXT("A hash object has been created. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptCreateHash!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// Hash the password.
if(CryptHashData(
hHash,
(BYTE *)pszPassword,
lstrlen(pszPassword),
0))
{
_tprintf(
TEXT("The password has been added to the hash. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptHashData. \n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// Derive a session key from the hash object.
if(CryptDeriveKey(
hCryptProv,
ENCRYPT_ALGORITHM,
hHash,
KEYLENGTH,
&hKey))
{
_tprintf(
TEXT("An encryption key is derived from the ")
TEXT("password hash. \n"));
}
else
{
MyHandleError(
TEXT("Error during CryptDeriveKey!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
}
//---------------------------------------------------------------
// The session key is now ready. If it is not a key derived from
// a password, the session key encrypted with the private key
// has been written to the destination file.
//---------------------------------------------------------------
// Determine the number of bytes to encrypt at a time.
// This must be a multiple of ENCRYPT_BLOCK_SIZE.
// ENCRYPT_BLOCK_SIZE is set by a #define statement.
dwBlockLen = 1000 - 1000 % ENCRYPT_BLOCK_SIZE;
//---------------------------------------------------------------
// Determine the block size. If a block cipher is used,
// it must have room for an extra block.
if(ENCRYPT_BLOCK_SIZE > 1)
{
dwBufferLen = dwBlockLen + ENCRYPT_BLOCK_SIZE;
}
else
{
dwBufferLen = dwBlockLen;
}
//---------------------------------------------------------------
// Allocate memory.
if(pbBuffer = (BYTE *)malloc(dwBufferLen))
{
_tprintf(
TEXT("Memory has been allocated for the buffer. \n"));
}
else
{
MyHandleError(TEXT("Out of memory. \n"), E_OUTOFMEMORY);
goto Exit_MyEncryptFile;
}
//---------------------------------------------------------------
// In a do loop, encrypt the source file,
// and write to the source file.
bool fEOF = FALSE;
do
{
//-----------------------------------------------------------
// Read up to dwBlockLen bytes from the source file.
if(!ReadFile(
hSourceFile,
pbBuffer,
dwBlockLen,
&dwCount,
NULL))
{
MyHandleError(
TEXT("Error reading plaintext!\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
if(dwCount < dwBlockLen)
{
fEOF = TRUE;
}
//-----------------------------------------------------------
// Encrypt data.
if(!CryptEncrypt(
hKey,
NULL,
fEOF,
0,
pbBuffer,
&dwCount,
dwBufferLen))
{
MyHandleError(
TEXT("Error during CryptEncrypt. \n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// Write the encrypted data to the destination file.
if(!WriteFile(
hDestinationFile,
pbBuffer,
dwCount,
&dwCount,
NULL))
{
MyHandleError(
TEXT("Error writing ciphertext.\n"),
GetLastError());
goto Exit_MyEncryptFile;
}
//-----------------------------------------------------------
// End the do loop when the last block of the source file
// has been read, encrypted, and written to the destination
// file.
} while(!fEOF);
fReturn = true;
Exit_MyEncryptFile:
//---------------------------------------------------------------
// Close files.
if(hSourceFile)
{
CloseHandle(hSourceFile);
}
if(hDestinationFile)
{
CloseHandle(hDestinationFile);
}
//---------------------------------------------------------------
// Free memory.
if(pbBuffer)
{
free(pbBuffer);
}
//-----------------------------------------------------------
// Release the hash object.
if(hHash)
{
if(!(CryptDestroyHash(hHash)))
{
MyHandleError(
TEXT("Error during CryptDestroyHash.\n"),
GetLastError());
}
hHash = NULL;
}
//---------------------------------------------------------------
// Release the session key.
if(hKey)
{
if(!(CryptDestroyKey(hKey)))
{
MyHandleError(
TEXT("Error during CryptDestroyKey!\n"),
GetLastError());
}
}
//---------------------------------------------------------------
// Release the provider handle.
if(hCryptProv)
{
if(!(CryptReleaseContext(hCryptProv, 0)))
{
MyHandleError(
TEXT("Error during CryptReleaseContext!\n"),
GetLastError());
}
}
return fReturn;
} // End Encryptfile.
BOOL GenClientContext (BYTE *pIn, DWORD cbIn, BYTE *pOut, DWORD *pcbOut, BOOL *pfDone, SEC_CHAR *pszTarget, CredHandle *hCred, struct _SecHandle *hCtxt)
{
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff;
ULONG ContextAttributes;
SEC_CHAR lpPackageName[1024];
_SEC_WINNT_AUTH_IDENTITY auth_data;
PCHAR pUserName = NULL;
DWORD cbUserName = 0;
DWORD dw;
if( NULL == pIn )
{
GetUserNameExA(NameSamCompatible, pUserName, &cbUserName);
pUserName = (PCHAR) malloc (cbUserName);
GetUserNameExA(NameSamCompatible, pUserName, &cbUserName);
cbUserName = (DWORD)((int)strchr(pUserName,'\\'));
*(char *)cbUserName = 0;
auth_data.Domain = (unsigned char *)pUserName;
auth_data.User = (unsigned char *)((int)cbUserName+1);
printf("%s@%s\n",(char *)auth_data.User,(char *)auth_data.Domain);
auth_data.UserLength = strlen((char *)auth_data.User);
auth_data.DomainLength = strlen((char *)auth_data.Domain);
auth_data.Password = NULL;
auth_data.PasswordLength = 0;
auth_data.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
lstrcpynA (lpPackageName, "NTLM", 5);
ss = AcquireCredentialsHandleA (NULL, lpPackageName, SECPKG_CRED_OUTBOUND, NULL, &auth_data, NULL, NULL, hCred, &Lifetime);
if (!(SEC_SUCCESS (ss))) MyHandleError("AcquireCreds failed ");
}
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
if (pIn)
{
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = &InSecBuff;
InSecBuff.cbBuffer = cbIn;
InSecBuff.BufferType = SECBUFFER_TOKEN;
InSecBuff.pvBuffer = pIn;
ss = InitializeSecurityContextA (hCred, hCtxt, pszTarget, ISC_REQ_CONFIDENTIALITY, 0, SECURITY_NATIVE_DREP, &InBuffDesc, 0, hCtxt, &OutBuffDesc, &ContextAttributes, &Lifetime);
}
else
{
ss = InitializeSecurityContextA (hCred, NULL, pszTarget, ISC_REQ_CONFIDENTIALITY, 0, SECURITY_NATIVE_DREP, NULL, 0, hCtxt, &OutBuffDesc, &ContextAttributes, &Lifetime);
}
if (!SEC_SUCCESS (ss)) MyHandleError ("InitializeSecurityContext failed " );
*pcbOut = OutSecBuff.cbBuffer;
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss) ||(SEC_I_COMPLETE_AND_CONTINUE == ss));
return TRUE;
}