// Get entropy from the Windows crypto provider bool RandomNumbers::platformAddEntropy (Journal::Stream stream) { char name[512], rand[128]; DWORD count = 500; HCRYPTPROV cryptoHandle; if (!CryptGetDefaultProviderA (PROV_RSA_FULL, NULL, CRYPT_MACHINE_DEFAULT, name, &count)) { stream << "Unable to get default crypto provider"; return false; } if (!CryptAcquireContextA (&cryptoHandle, NULL, name, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { stream << "Unable to acquire crypto provider"; return false; } if (!CryptGenRandom (cryptoHandle, 128, reinterpret_cast<BYTE*> (rand))) { stream << "Unable to get entropy from crypto provider"; CryptReleaseContext (cryptoHandle, 0); return false; } CryptReleaseContext (cryptoHandle, 0); RAND_seed (rand, 128); return true; }
static void test_container_sd(void) { HCRYPTPROV prov; SECURITY_DESCRIPTOR *sd; DWORD len, err; BOOL ret; ret = CryptAcquireContextA(&prov, "winetest", "Microsoft Enhanced Cryptographic Provider v1.0", PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_NEWKEYSET); ok(ret, "got %u\n", GetLastError()); len = 0; SetLastError(0xdeadbeef); ret = CryptGetProvParam(prov, PP_KEYSET_SEC_DESCR, NULL, &len, OWNER_SECURITY_INFORMATION); err = GetLastError(); ok(ret, "got %u\n", err); ok(err == ERROR_INSUFFICIENT_BUFFER || broken(err == ERROR_INVALID_PARAMETER), "got %u\n", err); ok(len, "expected len > 0\n"); sd = HeapAlloc(GetProcessHeap(), 0, len); ret = CryptGetProvParam(prov, PP_KEYSET_SEC_DESCR, (BYTE *)sd, &len, OWNER_SECURITY_INFORMATION); ok(ret, "got %u\n", GetLastError()); HeapFree(GetProcessHeap(), 0, sd); ret = CryptReleaseContext(prov, 0); ok(ret, "got %u\n", GetLastError()); ret = CryptAcquireContextA(&prov, "winetest", "Microsoft Enhanced Cryptographic Provider v1.0", PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_DELETEKEYSET); ok(ret, "got %u\n", GetLastError()); }
static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec) { CAPI_KEY *key; key = OPENSSL_malloc(sizeof(CAPI_KEY)); CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", contname, provname, ptype); if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0)) { CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); capi_addlasterror(); goto err; } if (!CryptGetUserKey(key->hprov, keyspec, &key->key)) { CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR); capi_addlasterror(); CryptReleaseContext(key->hprov, 0); goto err; } key->keyspec = keyspec; key->pcert = NULL; return key; err: OPENSSL_free(key); return NULL; }
BOOL kull_m_crypto_close_hprov_delete_container(HCRYPTPROV hProv) { BOOL status = FALSE; DWORD provtype, szLen = 0; PSTR container, provider; if(CryptGetProvParam(hProv, PP_CONTAINER, NULL, &szLen, 0)) { if(container = (PSTR) LocalAlloc(LPTR, szLen)) { if(CryptGetProvParam(hProv, PP_CONTAINER, (LPBYTE) container, &szLen, 0)) { if(CryptGetProvParam(hProv, PP_NAME, NULL, &szLen, 0)) { if(provider = (PSTR) LocalAlloc(LPTR, szLen)) { if(CryptGetProvParam(hProv, PP_NAME, (LPBYTE) provider, &szLen, 0)) { szLen = sizeof(DWORD); if(CryptGetProvParam(hProv, PP_PROVTYPE, (LPBYTE) &provtype, &szLen, 0)) { CryptReleaseContext(hProv, 0); status = CryptAcquireContextA(&hProv, container, provider, provtype, CRYPT_DELETEKEYSET); } } LocalFree(provider); } } LocalFree(container); } } } return status; }
SessionKey::SessionKey() { // acquire cryptographic provider if (!CryptAcquireContextA(&m_provider.get_ref(), 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) throw SystemError(GetLastError()); // generate session key if (!CryptGenKey(m_provider.get(), CALG_RC2, 0, &m_key.get_ref())) throw SystemError(GetLastError()); }
BOOL Init() { BOOL bResult; // eax@2 if ( g_hProv ) { bResult = TRUE; } else { if ( CryptAcquireContextA(&g_hProv, 0, "Microsoft Base Cryptographic Provider v1.0", 1u, 0) || CryptAcquireContextA(&g_hProv, 0, "Microsoft Base Cryptographic Provider v1.0", 1u, 8u) || (bResult = CryptAcquireContextA(&g_hProv, 0, "Microsoft Base Cryptographic Provider v1.0", 1u, 0xF0000000u)) != 0 ) bResult = TRUE; } return bResult; }
ULONG Utils::myRand() { CHAR ret[8]; PULONG up = (PULONG)ret; ZERO_(ret, 8); HCRYPTPROV hProv = NULL; CryptAcquireContextA(&hProv, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT); CryptGenRandom(hProv, 8, (BYTE*)ret); CryptReleaseContext(hProv, NULL); return *up; }
HRESULT CAssemblyStream::Init (LPCOLESTR pszPath, DWORD dwFormat) { HRESULT hr = S_OK; DWORD cwPath; BOOL bRet; _ASSERTE(pszPath); _dwFormat = dwFormat; cwPath = lstrlenW(pszPath) + 1; _ASSERTE(cwPath < MAX_PATH); memcpy(_szPath, pszPath, sizeof(TCHAR) * cwPath); _hf = WszCreateFile(pszPath, GENERIC_WRITE, 0 /* no sharing */, NULL, CREATE_NEW, FILE_FLAG_SEQUENTIAL_SCAN, NULL); if (_hf == INVALID_HANDLE_VALUE) { hr = HRESULT_FROM_WIN32(GetLastError()); ReleaseParent(hr); goto Exit; } if (!g_hProv) { HCRYPTPROV hProv; bRet = CryptAcquireContextA(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT); if (!bRet) { hr = HRESULT_FROM_WIN32(GetLastError()); ReleaseParent(hr); goto Exit; } if (InterlockedCompareExchangePointer((void **)&g_hProv, (void *)hProv, 0)) { // Lost the race. Release our provider. CryptReleaseContext(hProv, 0); } } bRet = CryptCreateHash(g_hProv, CALG_SHA1, 0, 0, &_hHash); if (!bRet) { hr = HRESULT_FROM_WIN32(GetLastError()); ReleaseParent(hr); goto Exit; } Exit: return hr; }
bool testAcquireContext( bool bVerbose ){ if (!CryptAcquireContextA(&hProv, NULL, "CSP Provider", 900, 0)) { if (bVerbose){ printf("CryptAcquireConext returned error %x\n", GetLastError()); printf("FAILED\n"); } return false; } else return true; }
static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check) { CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type); if (check) { HCRYPTPROV hprov; if (!CryptAcquireContextA(&hprov, NULL, pname, type, CRYPT_VERIFYCONTEXT)) { CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); capi_addlasterror(); return 0; } CryptReleaseContext(hprov, 0); } ctx->cspname = BUF_strdup(pname); ctx->csptype = type; return 1; }
impl(const std::string & token) : provider(token) { char buffer[80]; DWORD type; DWORD len; // Find the type of the provider for(DWORD i = 0; ; ++i) { len = sizeof(buffer); if(!CryptEnumProvidersA(i, NULL, 0, &type, buffer, &len)) { error("Could not find provider name"); } if(buffer == provider) { break; } } if(!CryptAcquireContextA(&hProv, NULL, provider.c_str(), type, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { error("Could not acquire CSP context"); } }
LPSTR Utils::myRandomStringA(char* out, int outSize) {//size must be in chars. HCRYPTPROV hProv = NULL; ZERO_(out, outSize); CryptAcquireContextA(&hProv, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT); CryptGenRandom(hProv, outSize, (BYTE*)out); CryptReleaseContext(hProv, NULL); //static const char alphanum[] = "hoisvA*YNnm@aebTl1J96dU04WuFLkQGO&qMDPzC$wxrXRKjyZc^g2!BtI5SE%78pf#3VH"; static const char alphanum[] = "0123456789"; const int stringLength = lstrlenA(alphanum) - sizeof(char); BYTE t = NULL; DWORD res = NULL; for (int i = 0; i < outSize; ++i) { t = out[i]; res = t % stringLength; out[i] = alphanum[res]; } return out; }
static void setup_x509_schannel_create_mocks(void) { STRICT_EXPECTED_CALL(gballoc_malloc(IGNORED_NUM_ARG)); /*this is creating the handle storage space*/ STRICT_EXPECTED_CALL(CryptStringToBinaryA("certificate", 0, CRYPT_STRING_ANY, NULL, IGNORED_PTR_ARG, NULL, NULL)); /*this is asking for "how big is the certificate binary size?"*/ STRICT_EXPECTED_CALL(gballoc_malloc(IGNORED_NUM_ARG)); /*this is creating the binary storage for the certificate*/ STRICT_EXPECTED_CALL(CryptStringToBinaryA("certificate", 0, CRYPT_STRING_ANY, IGNORED_PTR_ARG, IGNORED_PTR_ARG, NULL, NULL)); /*this is asking for "fill in the certificate in this binary buffer"*/ STRICT_EXPECTED_CALL(CryptStringToBinaryA("private key", 0, CRYPT_STRING_ANY, NULL, IGNORED_PTR_ARG, NULL, NULL)); /*this is asking for "how big is the private key binary size?"*/ STRICT_EXPECTED_CALL(gballoc_malloc(IGNORED_NUM_ARG)); /*this is creating the binary storage for the private key*/ STRICT_EXPECTED_CALL(CryptStringToBinaryA("private key", 0, CRYPT_STRING_ANY, IGNORED_PTR_ARG, IGNORED_PTR_ARG, NULL, NULL)); /*this is asking for "fill in the private key in this binary buffer"*/ STRICT_EXPECTED_CALL(CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, IGNORED_PTR_ARG, IGNORED_NUM_ARG, 0, NULL, NULL, IGNORED_PTR_ARG)); /*this is asking "how big is the decoded private key? (from binary)*/ STRICT_EXPECTED_CALL(gballoc_malloc(IGNORED_NUM_ARG)); /*this is allocating space for the decoded private key*/ STRICT_EXPECTED_CALL(CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, IGNORED_PTR_ARG, IGNORED_NUM_ARG, 0, NULL, IGNORED_PTR_ARG, IGNORED_PTR_ARG)); /*this is asking "how big is the decoded private key? (from binary)*/ STRICT_EXPECTED_CALL(CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, IGNORED_PTR_ARG, IGNORED_NUM_ARG)); /*create a certificate context from an encoded certificate*/ STRICT_EXPECTED_CALL(CryptAcquireContextA(IGNORED_PTR_ARG, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)); /*this is acquire a handle to a key container within a cryptographic service provider*/ STRICT_EXPECTED_CALL(CryptImportKey((HCRYPTPROV)IGNORED_PTR_ARG, IGNORED_PTR_ARG, IGNORED_NUM_ARG, (HCRYPTKEY)NULL, 0, IGNORED_PTR_ARG)) /*tranferring the key from the blob to the cryptrographic key provider*/ .IgnoreArgument_hProv(); STRICT_EXPECTED_CALL(CertSetCertificateContextProperty(IGNORED_PTR_ARG, CERT_KEY_PROV_HANDLE_PROP_ID, 0, IGNORED_PTR_ARG)); /*give the private key*/ STRICT_EXPECTED_CALL(gballoc_free(IGNORED_PTR_ARG)); STRICT_EXPECTED_CALL(gballoc_free(IGNORED_PTR_ARG)); STRICT_EXPECTED_CALL(gballoc_free(IGNORED_PTR_ARG)); }
static int capi_list_containers(CAPI_CTX *ctx, BIO *out) { int ret = 1; HCRYPTPROV hprov; DWORD err, idx, flags, buflen = 0, clen; LPSTR cname; CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype); if (!CryptAcquireContextA(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT)) { CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); capi_addlasterror(); return 0; } if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST)) { CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR); capi_addlasterror(); return 0; } CAPI_trace(ctx, "Got max container len %d\n", buflen); if (buflen == 0) buflen = 1024; cname = OPENSSL_malloc(buflen); if (!cname) { CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE); goto err; } for (idx = 0;;idx++) { clen = buflen; cname[0] = 0; if (idx == 0) flags = CRYPT_FIRST; else flags = 0; if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags)) { err = GetLastError(); if (err == ERROR_NO_MORE_ITEMS) goto done; CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR); capi_adderror(err); goto err; } CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags); if (!cname[0] && (clen == buflen)) { CAPI_trace(ctx, "Enumerate bug: using workaround\n"); goto done; } BIO_printf(out, "%d. %s\n", idx, cname); } err: ret = 0; done: if (cname) OPENSSL_free(cname); CryptReleaseContext(hprov, 0); return ret; }
HRESULT assembly_get_pubkey_token(ASSEMBLY *assembly, LPWSTR *token) { ULONG i, size; LONG offset; BYTE *hashdata, *pubkey, *ptr; HCRYPTPROV crypt; HCRYPTHASH hash; BYTE tokbytes[BYTES_PER_TOKEN]; HRESULT hr = E_FAIL; LPWSTR tok; DWORD idx; *token = NULL; offset = assembly->tables[TableFromToken(mdtAssembly)].offset; if (offset == -1) return E_FAIL; ptr = assembly_data_offset(assembly, offset); if (!ptr) return E_FAIL; ptr += FIELD_OFFSET(ASSEMBLYTABLE, PublicKey); if (assembly->blobsz == sizeof(DWORD)) idx = *(DWORD *)ptr; else idx = *(WORD *)ptr; pubkey = assembly_get_blob(assembly, idx, &size); if (!CryptAcquireContextA(&crypt, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) return E_FAIL; if (!CryptCreateHash(crypt, CALG_SHA1, 0, 0, &hash)) return E_FAIL; if (!CryptHashData(hash, pubkey, size, 0)) return E_FAIL; size = 0; if (!CryptGetHashParam(hash, HP_HASHVAL, NULL, &size, 0)) return E_FAIL; hashdata = HeapAlloc(GetProcessHeap(), 0, size); if (!hashdata) { hr = E_OUTOFMEMORY; goto done; } if (!CryptGetHashParam(hash, HP_HASHVAL, hashdata, &size, 0)) goto done; for (i = size - 1; i >= size - 8; i--) tokbytes[size - i - 1] = hashdata[i]; tok = HeapAlloc(GetProcessHeap(), 0, (TOKEN_LENGTH + 1) * sizeof(WCHAR)); if (!tok) { hr = E_OUTOFMEMORY; goto done; } token_to_str(tokbytes, tok); *token = tok; hr = S_OK; done: HeapFree(GetProcessHeap(), 0, hashdata); CryptDestroyHash(hash); CryptReleaseContext(crypt, 0); return hr; }
int main (int argc, char *argv[]) { DWORD dwProvType = 75; DWORD data_len = 0; BYTE *oid = NULL; DWORD dwBlobLen = 0; DWORD cAlg = (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | 31); LPCSTR SourceName = NULL; LPCSTR Psdw = NULL; HANDLE hCurrProc = GetCurrentProcess(); char patch[] = {0x80,0xbd,0x1c,0x00,0x00,0x00,0x98,0x75,0x07,0xc6,0x85,0x1c,0x00,0x00,0x00,0x9c,0x90,0x90,0x90,0x90,0x90,0x90}; ///!!! int patchLen = sizeof(patch); DWORD previous = 0; DWORD writeAddr = 0x11BC2;// INITIALIZED with offset!!! //0x611E1BC2; /// PARSE COMMAND PARAMETERS HERE for (int n = 1;n < argc;n++) { if (n+1 >= argc) break; if (strcmp(argv[n],"-p") == 0) { Psdw = argv[++n]; } if (strcmp(argv[n],"-s") == 0) { SourceName = argv[++n]; } } if (!Psdw || !SourceName) { printf("[!] Dude, u specified incorrect parameters :/\n\tUsage: %s -s <source container name> -p <container password>",argv[0]); exit(1); } if(!CryptAcquireContextA( &hProvResponder, "\\\\.\\Registry\\DestCopy", //Hardcoded name for container we create!!! NULL, dwProvType, CRYPT_NEWKEYSET | CRYPT_SILENT)) { HandleError("Error during CryptAcquireContext"); } if(!CryptAcquireContextA( &hProvSender, SourceName, NULL, dwProvType, 0)) { HandleError("Error during CryptAcquireContext"); } /// FIND ADDRESS TO PATCH HMODULE hModules[1024]; DWORD needed; if (EnumProcessModules(hCurrProc,hModules,1024,&needed)) { for (int i = 0; i < (needed / sizeof(HMODULE)); i++ ) { char szModName[1024]; if ( GetModuleFileNameA( hModules[i], szModName, sizeof(szModName))) { if (StrStrA(szModName, "cpcspi.dll")) { writeAddr += (DWORD)hModules[i]; printf("[+] Address in memory for patching is '%08X'.\n",writeAddr); break; } } } } /// !!! printf("[+] Now we patch process memory, patch size is '%i' bytes...",patchLen); VirtualProtectEx(hCurrProc, (void*)writeAddr, 2, PAGE_EXECUTE_READWRITE, &previous); WriteProcessMemory(hCurrProc, (void*)writeAddr, &patch, patchLen, NULL); printf("Ok\n"); printf("[+] Now we export container '%s'...\n",SourceName); if(!CryptGetProvParam( hProvSender, 92, NULL, &data_len, 0)) { HandleError("Error computing buffer length"); } oid = (BYTE *)malloc( data_len ); if( !oid ) HandleError("Out of memory."); if(!CryptGetProvParam( hProvSender, 92, oid, &data_len, 0)) { HandleError("Error during CryptGetProvParam"); } if(!CryptSetProvParam( hProvResponder, 92, oid, 0 )) { free( oid ); HandleError("Error during CryptSetProvParam"); } free( oid ); data_len = 0; if(!CryptGetProvParam( hProvSender, 93, NULL, &data_len, 0)) { HandleError("Error computing buffer length"); } /// SPECIFY PASSWORD FOR CONTAINER HERE if(!CryptSetProvParam( hProvSender,PP_SIGNATURE_PIN,(LPBYTE)Psdw,0)) { HandleError("Error during CryptSetProvParam"); } oid = (BYTE *)malloc( data_len ); if( !oid ) HandleError("Out of memory"); if(!CryptGetProvParam( hProvSender, 93, oid, &data_len, 0)) { free( oid ); HandleError("Error during CryptGetProvParam"); } if(!CryptSetProvParam( hProvResponder, 93, oid, 0 )) { free( oid ); HandleError("Error during CryptSetProvParam"); } free( oid ); if(!CryptGetUserKey( hProvSender, AT_KEYEXCHANGE, &hSenderKey )) { HandleError("Error during CryptGetUserKey private key"); } if(!CryptGenKey( hProvSender, (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | 37), CRYPT_EXPORTABLE, &hSenderEphemKey)) { HandleError("ERROR -- CryptGenKey"); } if(!CryptGenKey( hProvResponder, (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | 37), CRYPT_EXPORTABLE | CRYPT_PREGEN, &hResponderEphemKey)) { HandleError("ERROR -- CryptGenKey"); } if(!CryptGetKeyParam( hSenderEphemKey, 106, NULL, &dwBlobLen, 0)) { HandleError("Error computing BLOB length"); } pbKeyBlob = (BYTE*)malloc(dwBlobLen); if(!pbKeyBlob) HandleError("Out of memory"); if(!CryptGetKeyParam( hSenderEphemKey, 106, pbKeyBlob, &dwBlobLen, 0)) { HandleError("Error during CryptGetProvParam"); } if(!CryptSetKeyParam( hResponderEphemKey, 106, pbKeyBlob, 0)) { HandleError("Error during CryptSetProvParam"); } free(pbKeyBlob); pbKeyBlob = NULL; dwBlobLen = 0; if(!CryptSetKeyParam( hResponderEphemKey, KP_X, NULL, 0)) { HandleError("Error during CryptSetKeyParam"); } if(!CryptExportKey( hSenderEphemKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen )) { HandleError("Error computing BLOB length"); } pbKeyBlob = (BYTE*)malloc(dwBlobLen); if(!pbKeyBlob) HandleError("Out of memory"); if(!CryptExportKey( hSenderEphemKey, 0, PUBLICKEYBLOB, 0, pbKeyBlob, &dwBlobLen )) { HandleError("Error during CryptExportKey"); } if(!CryptImportKey( hProvResponder, pbKeyBlob, dwBlobLen, hResponderEphemKey, 0, &hResponderAgreeKey)) { HandleError("Error during CryptImportKey ephemeral key"); } free(pbKeyBlob); pbKeyBlob = NULL; dwBlobLen = 0; if(!CryptExportKey( hResponderEphemKey, 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen )) { HandleError("Error computing BLOB length"); } pbKeyBlob = (BYTE*)malloc(dwBlobLen); if(!pbKeyBlob) HandleError("Out of memory"); if(!CryptExportKey( hResponderEphemKey, 0, PUBLICKEYBLOB, 0, pbKeyBlob, &dwBlobLen )) { HandleError("Error during CryptExportKey"); } if(!CryptImportKey( hProvSender, pbKeyBlob, dwBlobLen, hSenderEphemKey, 0, &hSenderAgreeKey)) { HandleError("Error during CryptImportKey ephemeral key"); } free(pbKeyBlob); pbKeyBlob = NULL; dwBlobLen = 0; if(!CryptSetKeyParam( hSenderAgreeKey, KP_ALGID, (BYTE*)&cAlg, 0 )) { HandleError("Error during CryptSetKeyParam agree key"); } if(!CryptSetKeyParam( hResponderAgreeKey, KP_ALGID, (BYTE*)&cAlg, 0 )) { HandleError("Error during CryptSetKeyParam agree key"); } if(!CryptExportKey( hSenderKey, hSenderAgreeKey, PRIVATEKEYBLOB, 0, NULL, &dwBlobLen )) { HandleError("Error computing BLOB length"); } pbKeyBlob = (BYTE*)malloc(dwBlobLen); if(!pbKeyBlob) HandleError("Out of memory"); if(!CryptExportKey( hSenderKey, hSenderAgreeKey, PRIVATEKEYBLOB, 0, pbKeyBlob, &dwBlobLen )) { HandleError("Error during CryptExportKey"); } if(!CryptImportKey( hProvResponder, pbKeyBlob, dwBlobLen, hResponderAgreeKey, 0, &hResponderKey)) { HandleError("Error during CryptImportKey private key"); } free(pbKeyBlob); pbKeyBlob = NULL; dwBlobLen = 0; if(!CryptGetKeyParam( hSenderKey, KP_CERTIFICATE, NULL, &dwBlobLen, 0)) { HandleError("Error computing BLOB length"); } pbKeyBlob = (BYTE*)malloc(dwBlobLen); if(!pbKeyBlob) { HandleError("Out of memory"); } if(!CryptGetKeyParam( hSenderKey, KP_CERTIFICATE, pbKeyBlob, &dwBlobLen, 0)) { HandleError("Error during CryptGetProvParam"); } if(!CryptSetKeyParam( hResponderKey, KP_CERTIFICATE, pbKeyBlob, 0)) { HandleError("Error during CryptSetProvParam"); } printf("[+] D0n3!!!\n"); CleanUp(); return 0; }