// Get entropy from the Windows crypto provider
bool RandomNumbers::platformAddEntropy (Journal::Stream stream)
{
char name[512], rand[128];
DWORD count = 500;
HCRYPTPROV cryptoHandle;
if (!CryptGetDefaultProviderA (PROV_RSA_FULL, NULL, CRYPT_MACHINE_DEFAULT, name, &count))
{
stream << "Unable to get default crypto provider";
return false;
}
if (!CryptAcquireContextA (&cryptoHandle, NULL, name, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
{
stream << "Unable to acquire crypto provider";
return false;
}
if (!CryptGenRandom (cryptoHandle, 128, reinterpret_cast<BYTE*> (rand)))
{
stream << "Unable to get entropy from crypto provider";
CryptReleaseContext (cryptoHandle, 0);
return false;
}
CryptReleaseContext (cryptoHandle, 0);
RAND_seed (rand, 128);
return true;
}
static void test_container_sd(void)
{
HCRYPTPROV prov;
SECURITY_DESCRIPTOR *sd;
DWORD len, err;
BOOL ret;
ret = CryptAcquireContextA(&prov, "winetest", "Microsoft Enhanced Cryptographic Provider v1.0",
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_NEWKEYSET);
ok(ret, "got %u\n", GetLastError());
len = 0;
SetLastError(0xdeadbeef);
ret = CryptGetProvParam(prov, PP_KEYSET_SEC_DESCR, NULL, &len, OWNER_SECURITY_INFORMATION);
err = GetLastError();
ok(ret, "got %u\n", err);
ok(err == ERROR_INSUFFICIENT_BUFFER || broken(err == ERROR_INVALID_PARAMETER), "got %u\n", err);
ok(len, "expected len > 0\n");
sd = HeapAlloc(GetProcessHeap(), 0, len);
ret = CryptGetProvParam(prov, PP_KEYSET_SEC_DESCR, (BYTE *)sd, &len, OWNER_SECURITY_INFORMATION);
ok(ret, "got %u\n", GetLastError());
HeapFree(GetProcessHeap(), 0, sd);
ret = CryptReleaseContext(prov, 0);
ok(ret, "got %u\n", GetLastError());
ret = CryptAcquireContextA(&prov, "winetest", "Microsoft Enhanced Cryptographic Provider v1.0",
PROV_RSA_FULL, CRYPT_MACHINE_KEYSET|CRYPT_DELETEKEYSET);
ok(ret, "got %u\n", GetLastError());
}
static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
{
CAPI_KEY *key;
key = OPENSSL_malloc(sizeof(CAPI_KEY));
CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
contname, provname, ptype);
if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
{
CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
capi_addlasterror();
goto err;
}
if (!CryptGetUserKey(key->hprov, keyspec, &key->key))
{
CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
capi_addlasterror();
CryptReleaseContext(key->hprov, 0);
goto err;
}
key->keyspec = keyspec;
key->pcert = NULL;
return key;
err:
OPENSSL_free(key);
return NULL;
}
BOOL kull_m_crypto_close_hprov_delete_container(HCRYPTPROV hProv)
{
BOOL status = FALSE;
DWORD provtype, szLen = 0;
PSTR container, provider;
if(CryptGetProvParam(hProv, PP_CONTAINER, NULL, &szLen, 0))
{
if(container = (PSTR) LocalAlloc(LPTR, szLen))
{
if(CryptGetProvParam(hProv, PP_CONTAINER, (LPBYTE) container, &szLen, 0))
{
if(CryptGetProvParam(hProv, PP_NAME, NULL, &szLen, 0))
{
if(provider = (PSTR) LocalAlloc(LPTR, szLen))
{
if(CryptGetProvParam(hProv, PP_NAME, (LPBYTE) provider, &szLen, 0))
{
szLen = sizeof(DWORD);
if(CryptGetProvParam(hProv, PP_PROVTYPE, (LPBYTE) &provtype, &szLen, 0))
{
CryptReleaseContext(hProv, 0);
status = CryptAcquireContextA(&hProv, container, provider, provtype, CRYPT_DELETEKEYSET);
}
}
LocalFree(provider);
}
}
LocalFree(container);
}
}
}
return status;
}
SessionKey::SessionKey()
{
// acquire cryptographic provider
if (!CryptAcquireContextA(&m_provider.get_ref(), 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
throw SystemError(GetLastError());
// generate session key
if (!CryptGenKey(m_provider.get(), CALG_RC2, 0, &m_key.get_ref()))
throw SystemError(GetLastError());
}
BOOL Init()
{
BOOL bResult; // eax@2
if ( g_hProv )
{
bResult = TRUE;
}
else
{
if ( CryptAcquireContextA(&g_hProv, 0, "Microsoft Base Cryptographic Provider v1.0", 1u, 0)
|| CryptAcquireContextA(&g_hProv, 0, "Microsoft Base Cryptographic Provider v1.0", 1u, 8u)
|| (bResult = CryptAcquireContextA(&g_hProv, 0, "Microsoft Base Cryptographic Provider v1.0", 1u, 0xF0000000u)) != 0 )
bResult = TRUE;
}
return bResult;
}
ULONG Utils::myRand() {
CHAR ret[8];
PULONG up = (PULONG)ret;
ZERO_(ret, 8);
HCRYPTPROV hProv = NULL;
CryptAcquireContextA(&hProv, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
CryptGenRandom(hProv, 8, (BYTE*)ret);
CryptReleaseContext(hProv, NULL);
return *up;
}
HRESULT CAssemblyStream::Init (LPCOLESTR pszPath, DWORD dwFormat)
{
HRESULT hr = S_OK;
DWORD cwPath;
BOOL bRet;
_ASSERTE(pszPath);
_dwFormat = dwFormat;
cwPath = lstrlenW(pszPath) + 1;
_ASSERTE(cwPath < MAX_PATH);
memcpy(_szPath, pszPath, sizeof(TCHAR) * cwPath);
_hf = WszCreateFile(pszPath, GENERIC_WRITE, 0 /* no sharing */,
NULL, CREATE_NEW, FILE_FLAG_SEQUENTIAL_SCAN, NULL);
if (_hf == INVALID_HANDLE_VALUE) {
hr = HRESULT_FROM_WIN32(GetLastError());
ReleaseParent(hr);
goto Exit;
}
if (!g_hProv) {
HCRYPTPROV hProv;
bRet = CryptAcquireContextA(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
if (!bRet) {
hr = HRESULT_FROM_WIN32(GetLastError());
ReleaseParent(hr);
goto Exit;
}
if (InterlockedCompareExchangePointer((void **)&g_hProv, (void *)hProv, 0)) {
// Lost the race. Release our provider.
CryptReleaseContext(hProv, 0);
}
}
bRet = CryptCreateHash(g_hProv, CALG_SHA1, 0, 0, &_hHash);
if (!bRet) {
hr = HRESULT_FROM_WIN32(GetLastError());
ReleaseParent(hr);
goto Exit;
}
Exit:
return hr;
}
bool testAcquireContext( bool bVerbose ){
if (!CryptAcquireContextA(&hProv, NULL,
"CSP Provider", 900, 0))
{
if (bVerbose){
printf("CryptAcquireConext returned error %x\n", GetLastError());
printf("FAILED\n");
}
return false;
}
else
return true;
}
static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check)
{
CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
if (check)
{
HCRYPTPROV hprov;
if (!CryptAcquireContextA(&hprov, NULL, pname, type,
CRYPT_VERIFYCONTEXT))
{
CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
capi_addlasterror();
return 0;
}
CryptReleaseContext(hprov, 0);
}
ctx->cspname = BUF_strdup(pname);
ctx->csptype = type;
return 1;
}
impl(const std::string & token) : provider(token) {
char buffer[80];
DWORD type;
DWORD len;
// Find the type of the provider
for(DWORD i = 0; ; ++i) {
len = sizeof(buffer);
if(!CryptEnumProvidersA(i, NULL, 0, &type, buffer, &len)) {
error("Could not find provider name");
}
if(buffer == provider) {
break;
}
}
if(!CryptAcquireContextA(&hProv, NULL, provider.c_str(), type,
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
error("Could not acquire CSP context");
}
}
LPSTR Utils::myRandomStringA(char* out, int outSize) {//size must be in chars.
HCRYPTPROV hProv = NULL;
ZERO_(out, outSize);
CryptAcquireContextA(&hProv, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
CryptGenRandom(hProv, outSize, (BYTE*)out);
CryptReleaseContext(hProv, NULL);
//static const char alphanum[] = "hoisvA*YNnm@aebTl1J96dU04WuFLkQGO&qMDPzC$wxrXRKjyZc^g2!BtI5SE%78pf#3VH";
static const char alphanum[] = "0123456789";
const int stringLength = lstrlenA(alphanum) - sizeof(char);
BYTE t = NULL;
DWORD res = NULL;
for (int i = 0; i < outSize; ++i)
{
t = out[i];
res = t % stringLength;
out[i] = alphanum[res];
}
return out;
}
static void setup_x509_schannel_create_mocks(void)
{
STRICT_EXPECTED_CALL(gballoc_malloc(IGNORED_NUM_ARG)); /*this is creating the handle storage space*/
STRICT_EXPECTED_CALL(CryptStringToBinaryA("certificate", 0, CRYPT_STRING_ANY, NULL, IGNORED_PTR_ARG, NULL, NULL)); /*this is asking for "how big is the certificate binary size?"*/
STRICT_EXPECTED_CALL(gballoc_malloc(IGNORED_NUM_ARG)); /*this is creating the binary storage for the certificate*/
STRICT_EXPECTED_CALL(CryptStringToBinaryA("certificate", 0, CRYPT_STRING_ANY, IGNORED_PTR_ARG, IGNORED_PTR_ARG, NULL, NULL)); /*this is asking for "fill in the certificate in this binary buffer"*/
STRICT_EXPECTED_CALL(CryptStringToBinaryA("private key", 0, CRYPT_STRING_ANY, NULL, IGNORED_PTR_ARG, NULL, NULL)); /*this is asking for "how big is the private key binary size?"*/
STRICT_EXPECTED_CALL(gballoc_malloc(IGNORED_NUM_ARG)); /*this is creating the binary storage for the private key*/
STRICT_EXPECTED_CALL(CryptStringToBinaryA("private key", 0, CRYPT_STRING_ANY, IGNORED_PTR_ARG, IGNORED_PTR_ARG, NULL, NULL)); /*this is asking for "fill in the private key in this binary buffer"*/
STRICT_EXPECTED_CALL(CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, IGNORED_PTR_ARG, IGNORED_NUM_ARG, 0, NULL, NULL, IGNORED_PTR_ARG)); /*this is asking "how big is the decoded private key? (from binary)*/
STRICT_EXPECTED_CALL(gballoc_malloc(IGNORED_NUM_ARG)); /*this is allocating space for the decoded private key*/
STRICT_EXPECTED_CALL(CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, IGNORED_PTR_ARG, IGNORED_NUM_ARG, 0, NULL, IGNORED_PTR_ARG, IGNORED_PTR_ARG)); /*this is asking "how big is the decoded private key? (from binary)*/
STRICT_EXPECTED_CALL(CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, IGNORED_PTR_ARG, IGNORED_NUM_ARG)); /*create a certificate context from an encoded certificate*/
STRICT_EXPECTED_CALL(CryptAcquireContextA(IGNORED_PTR_ARG, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)); /*this is acquire a handle to a key container within a cryptographic service provider*/
STRICT_EXPECTED_CALL(CryptImportKey((HCRYPTPROV)IGNORED_PTR_ARG, IGNORED_PTR_ARG, IGNORED_NUM_ARG, (HCRYPTKEY)NULL, 0, IGNORED_PTR_ARG)) /*tranferring the key from the blob to the cryptrographic key provider*/
.IgnoreArgument_hProv();
STRICT_EXPECTED_CALL(CertSetCertificateContextProperty(IGNORED_PTR_ARG, CERT_KEY_PROV_HANDLE_PROP_ID, 0, IGNORED_PTR_ARG)); /*give the private key*/
STRICT_EXPECTED_CALL(gballoc_free(IGNORED_PTR_ARG));
STRICT_EXPECTED_CALL(gballoc_free(IGNORED_PTR_ARG));
STRICT_EXPECTED_CALL(gballoc_free(IGNORED_PTR_ARG));
}
static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
{
int ret = 1;
HCRYPTPROV hprov;
DWORD err, idx, flags, buflen = 0, clen;
LPSTR cname;
CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype);
if (!CryptAcquireContextA(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
{
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
capi_addlasterror();
return 0;
}
if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST))
{
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
capi_addlasterror();
return 0;
}
CAPI_trace(ctx, "Got max container len %d\n", buflen);
if (buflen == 0)
buflen = 1024;
cname = OPENSSL_malloc(buflen);
if (!cname)
{
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
goto err;
}
for (idx = 0;;idx++)
{
clen = buflen;
cname[0] = 0;
if (idx == 0)
flags = CRYPT_FIRST;
else
flags = 0;
if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags))
{
err = GetLastError();
if (err == ERROR_NO_MORE_ITEMS)
goto done;
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
capi_adderror(err);
goto err;
}
CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags);
if (!cname[0] && (clen == buflen))
{
CAPI_trace(ctx, "Enumerate bug: using workaround\n");
goto done;
}
BIO_printf(out, "%d. %s\n", idx, cname);
}
err:
ret = 0;
done:
if (cname)
OPENSSL_free(cname);
CryptReleaseContext(hprov, 0);
return ret;
}
HRESULT assembly_get_pubkey_token(ASSEMBLY *assembly, LPWSTR *token)
{
ULONG i, size;
LONG offset;
BYTE *hashdata, *pubkey, *ptr;
HCRYPTPROV crypt;
HCRYPTHASH hash;
BYTE tokbytes[BYTES_PER_TOKEN];
HRESULT hr = E_FAIL;
LPWSTR tok;
DWORD idx;
*token = NULL;
offset = assembly->tables[TableFromToken(mdtAssembly)].offset;
if (offset == -1)
return E_FAIL;
ptr = assembly_data_offset(assembly, offset);
if (!ptr)
return E_FAIL;
ptr += FIELD_OFFSET(ASSEMBLYTABLE, PublicKey);
if (assembly->blobsz == sizeof(DWORD))
idx = *(DWORD *)ptr;
else
idx = *(WORD *)ptr;
pubkey = assembly_get_blob(assembly, idx, &size);
if (!CryptAcquireContextA(&crypt, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT))
return E_FAIL;
if (!CryptCreateHash(crypt, CALG_SHA1, 0, 0, &hash))
return E_FAIL;
if (!CryptHashData(hash, pubkey, size, 0))
return E_FAIL;
size = 0;
if (!CryptGetHashParam(hash, HP_HASHVAL, NULL, &size, 0))
return E_FAIL;
hashdata = HeapAlloc(GetProcessHeap(), 0, size);
if (!hashdata)
{
hr = E_OUTOFMEMORY;
goto done;
}
if (!CryptGetHashParam(hash, HP_HASHVAL, hashdata, &size, 0))
goto done;
for (i = size - 1; i >= size - 8; i--)
tokbytes[size - i - 1] = hashdata[i];
tok = HeapAlloc(GetProcessHeap(), 0, (TOKEN_LENGTH + 1) * sizeof(WCHAR));
if (!tok)
{
hr = E_OUTOFMEMORY;
goto done;
}
token_to_str(tokbytes, tok);
*token = tok;
hr = S_OK;
done:
HeapFree(GetProcessHeap(), 0, hashdata);
CryptDestroyHash(hash);
CryptReleaseContext(crypt, 0);
return hr;
}
int main (int argc, char *argv[])
{
DWORD dwProvType = 75;
DWORD data_len = 0;
BYTE *oid = NULL;
DWORD dwBlobLen = 0;
DWORD cAlg = (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | 31);
LPCSTR SourceName = NULL;
LPCSTR Psdw = NULL;
HANDLE hCurrProc = GetCurrentProcess();
char patch[] = {0x80,0xbd,0x1c,0x00,0x00,0x00,0x98,0x75,0x07,0xc6,0x85,0x1c,0x00,0x00,0x00,0x9c,0x90,0x90,0x90,0x90,0x90,0x90}; ///!!!
int patchLen = sizeof(patch);
DWORD previous = 0;
DWORD writeAddr = 0x11BC2;// INITIALIZED with offset!!! //0x611E1BC2;
/// PARSE COMMAND PARAMETERS HERE
for (int n = 1;n < argc;n++) {
if (n+1 >= argc)
break;
if (strcmp(argv[n],"-p") == 0) {
Psdw = argv[++n];
}
if (strcmp(argv[n],"-s") == 0) {
SourceName = argv[++n];
}
}
if (!Psdw || !SourceName) {
printf("[!] Dude, u specified incorrect parameters :/\n\tUsage: %s -s <source container name> -p <container password>",argv[0]);
exit(1);
}
if(!CryptAcquireContextA(
&hProvResponder,
"\\\\.\\Registry\\DestCopy", //Hardcoded name for container we create!!!
NULL,
dwProvType,
CRYPT_NEWKEYSET | CRYPT_SILENT))
{
HandleError("Error during CryptAcquireContext");
}
if(!CryptAcquireContextA(
&hProvSender,
SourceName,
NULL,
dwProvType,
0))
{
HandleError("Error during CryptAcquireContext");
}
/// FIND ADDRESS TO PATCH
HMODULE hModules[1024];
DWORD needed;
if (EnumProcessModules(hCurrProc,hModules,1024,&needed)) {
for (int i = 0; i < (needed / sizeof(HMODULE)); i++ )
{
char szModName[1024];
if ( GetModuleFileNameA( hModules[i], szModName, sizeof(szModName)))
{
if (StrStrA(szModName, "cpcspi.dll")) {
writeAddr += (DWORD)hModules[i];
printf("[+] Address in memory for patching is '%08X'.\n",writeAddr);
break;
}
}
}
}
/// !!!
printf("[+] Now we patch process memory, patch size is '%i' bytes...",patchLen);
VirtualProtectEx(hCurrProc, (void*)writeAddr, 2, PAGE_EXECUTE_READWRITE, &previous);
WriteProcessMemory(hCurrProc, (void*)writeAddr, &patch, patchLen, NULL);
printf("Ok\n");
printf("[+] Now we export container '%s'...\n",SourceName);
if(!CryptGetProvParam(
hProvSender,
92,
NULL,
&data_len,
0))
{
HandleError("Error computing buffer length");
}
oid = (BYTE *)malloc( data_len );
if( !oid )
HandleError("Out of memory.");
if(!CryptGetProvParam(
hProvSender,
92,
oid,
&data_len,
0))
{
HandleError("Error during CryptGetProvParam");
}
if(!CryptSetProvParam(
hProvResponder,
92,
oid,
0 ))
{
free( oid );
HandleError("Error during CryptSetProvParam");
}
free( oid );
data_len = 0;
if(!CryptGetProvParam(
hProvSender,
93,
NULL,
&data_len,
0))
{
HandleError("Error computing buffer length");
}
/// SPECIFY PASSWORD FOR CONTAINER HERE
if(!CryptSetProvParam( hProvSender,PP_SIGNATURE_PIN,(LPBYTE)Psdw,0))
{
HandleError("Error during CryptSetProvParam");
}
oid = (BYTE *)malloc( data_len );
if( !oid )
HandleError("Out of memory");
if(!CryptGetProvParam(
hProvSender,
93,
oid,
&data_len,
0))
{
free( oid );
HandleError("Error during CryptGetProvParam");
}
if(!CryptSetProvParam(
hProvResponder,
93,
oid,
0 ))
{
free( oid );
HandleError("Error during CryptSetProvParam");
}
free( oid );
if(!CryptGetUserKey(
hProvSender,
AT_KEYEXCHANGE,
&hSenderKey ))
{
HandleError("Error during CryptGetUserKey private key");
}
if(!CryptGenKey(
hProvSender,
(ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | 37),
CRYPT_EXPORTABLE,
&hSenderEphemKey))
{
HandleError("ERROR -- CryptGenKey");
}
if(!CryptGenKey(
hProvResponder,
(ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | 37),
CRYPT_EXPORTABLE | CRYPT_PREGEN,
&hResponderEphemKey))
{
HandleError("ERROR -- CryptGenKey");
}
if(!CryptGetKeyParam(
hSenderEphemKey,
106,
NULL,
&dwBlobLen,
0))
{
HandleError("Error computing BLOB length");
}
pbKeyBlob = (BYTE*)malloc(dwBlobLen);
if(!pbKeyBlob)
HandleError("Out of memory");
if(!CryptGetKeyParam(
hSenderEphemKey,
106,
pbKeyBlob,
&dwBlobLen,
0))
{
HandleError("Error during CryptGetProvParam");
}
if(!CryptSetKeyParam(
hResponderEphemKey,
106,
pbKeyBlob,
0))
{
HandleError("Error during CryptSetProvParam");
}
free(pbKeyBlob);
pbKeyBlob = NULL;
dwBlobLen = 0;
if(!CryptSetKeyParam(
hResponderEphemKey,
KP_X,
NULL,
0))
{
HandleError("Error during CryptSetKeyParam");
}
if(!CryptExportKey(
hSenderEphemKey,
0,
PUBLICKEYBLOB,
0,
NULL,
&dwBlobLen ))
{
HandleError("Error computing BLOB length");
}
pbKeyBlob = (BYTE*)malloc(dwBlobLen);
if(!pbKeyBlob)
HandleError("Out of memory");
if(!CryptExportKey(
hSenderEphemKey,
0,
PUBLICKEYBLOB,
0,
pbKeyBlob,
&dwBlobLen ))
{
HandleError("Error during CryptExportKey");
}
if(!CryptImportKey(
hProvResponder,
pbKeyBlob,
dwBlobLen,
hResponderEphemKey,
0,
&hResponderAgreeKey))
{
HandleError("Error during CryptImportKey ephemeral key");
}
free(pbKeyBlob);
pbKeyBlob = NULL;
dwBlobLen = 0;
if(!CryptExportKey(
hResponderEphemKey,
0,
PUBLICKEYBLOB,
0,
NULL,
&dwBlobLen ))
{
HandleError("Error computing BLOB length");
}
pbKeyBlob = (BYTE*)malloc(dwBlobLen);
if(!pbKeyBlob)
HandleError("Out of memory");
if(!CryptExportKey(
hResponderEphemKey,
0,
PUBLICKEYBLOB,
0,
pbKeyBlob,
&dwBlobLen ))
{
HandleError("Error during CryptExportKey");
}
if(!CryptImportKey(
hProvSender,
pbKeyBlob,
dwBlobLen,
hSenderEphemKey,
0,
&hSenderAgreeKey))
{
HandleError("Error during CryptImportKey ephemeral key");
}
free(pbKeyBlob);
pbKeyBlob = NULL;
dwBlobLen = 0;
if(!CryptSetKeyParam(
hSenderAgreeKey,
KP_ALGID,
(BYTE*)&cAlg,
0 ))
{
HandleError("Error during CryptSetKeyParam agree key");
}
if(!CryptSetKeyParam(
hResponderAgreeKey,
KP_ALGID,
(BYTE*)&cAlg,
0 ))
{
HandleError("Error during CryptSetKeyParam agree key");
}
if(!CryptExportKey(
hSenderKey,
hSenderAgreeKey,
PRIVATEKEYBLOB,
0,
NULL,
&dwBlobLen ))
{
HandleError("Error computing BLOB length");
}
pbKeyBlob = (BYTE*)malloc(dwBlobLen);
if(!pbKeyBlob)
HandleError("Out of memory");
if(!CryptExportKey(
hSenderKey,
hSenderAgreeKey,
PRIVATEKEYBLOB,
0,
pbKeyBlob,
&dwBlobLen ))
{
HandleError("Error during CryptExportKey");
}
if(!CryptImportKey(
hProvResponder,
pbKeyBlob,
dwBlobLen,
hResponderAgreeKey,
0,
&hResponderKey))
{
HandleError("Error during CryptImportKey private key");
}
free(pbKeyBlob);
pbKeyBlob = NULL;
dwBlobLen = 0;
if(!CryptGetKeyParam(
hSenderKey,
KP_CERTIFICATE,
NULL,
&dwBlobLen,
0))
{
HandleError("Error computing BLOB length");
}
pbKeyBlob = (BYTE*)malloc(dwBlobLen);
if(!pbKeyBlob)
{
HandleError("Out of memory");
}
if(!CryptGetKeyParam(
hSenderKey,
KP_CERTIFICATE,
pbKeyBlob,
&dwBlobLen,
0))
{
HandleError("Error during CryptGetProvParam");
}
if(!CryptSetKeyParam(
hResponderKey,
KP_CERTIFICATE,
pbKeyBlob,
0))
{
HandleError("Error during CryptSetProvParam");
}
printf("[+] D0n3!!!\n");
CleanUp();
return 0;
}
