int main(int argc, char * argv[]) { HCRYPTPROV hCryptProv; HCRYPTKEY hKey; if (CryptAcquireContext(&hCryptProv, CONTAINER_NAME, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { printf("Created a new key container and acquired context \n"); } else if (CryptAcquireContext(&hCryptProv, CONTAINER_NAME, MS_DEF_PROV, PROV_RSA_FULL, 0)) { printf("Acquired context \n"); } else { return error("acquiring context"); } if (CryptGenKey(hCryptProv, AT_KEYEXCHANGE, 0, &hKey)) { printf("Generated key for exchange \n"); } else { return error("generating exchange key"); } if (CryptGenKey(hCryptProv, AT_SIGNATURE, 0, &hKey)) { printf("Generated key for signing \n"); } else { return error("generating signing key"); } if (CryptReleaseContext(hCryptProv, 0)) { printf("Done."); } else { return error("releasing context"); } }
String WebCore::signedPublicKeyAndChallengeString(unsigned index, const String& challenge, const KURL& url) { String keyString; HCRYPTPROV hContext = 0; HCRYPTKEY hKey = 0; PCERT_PUBLIC_KEY_INFO pPubInfo = 0; // Try to delete it if it exists already CryptAcquireContextW(&hContext, L"keygen_container", MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_DELETEKEYSET); do { if (!CryptAcquireContextW(&hContext, L"keygen_container", MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) break; DWORD dwPubInfoLength = 0; if (!CryptGenKey(hContext, AT_KEYEXCHANGE, 0, &hKey) || !CryptExportPublicKeyInfo(hContext, AT_KEYEXCHANGE, X509_ASN_ENCODING, 0, &dwPubInfoLength)) break; // Use malloc instead of new, because malloc guarantees to return a pointer aligned for all data types. pPubInfo = reinterpret_cast<PCERT_PUBLIC_KEY_INFO>(fastMalloc(dwPubInfoLength)); if (!CryptExportPublicKeyInfo(hContext, AT_KEYEXCHANGE, X509_ASN_ENCODING, pPubInfo, &dwPubInfoLength)) break; CERT_KEYGEN_REQUEST_INFO requestInfo = { 0 }; requestInfo.dwVersion = CERT_KEYGEN_REQUEST_V1; requestInfo.pwszChallengeString = L""; requestInfo.SubjectPublicKeyInfo = *pPubInfo; String localChallenge = challenge; // Windows API won't write to our buffer, although it's not declared with const. requestInfo.pwszChallengeString = const_cast<wchar_t*>(localChallenge.charactersWithNullTermination()); CRYPT_ALGORITHM_IDENTIFIER signAlgo = { 0 }; signAlgo.pszObjId = szOID_RSA_SHA1RSA; DWORD dwEncodedLength; if (!CryptSignAndEncodeCertificate(hContext, AT_KEYEXCHANGE, X509_ASN_ENCODING, X509_KEYGEN_REQUEST_TO_BE_SIGNED, &requestInfo, &signAlgo, 0, 0, &dwEncodedLength)) break; Vector<char> binary(dwEncodedLength); if (!CryptSignAndEncodeCertificate(hContext, AT_KEYEXCHANGE, X509_ASN_ENCODING, X509_KEYGEN_REQUEST_TO_BE_SIGNED, &requestInfo, &signAlgo, 0, reinterpret_cast<LPBYTE>(binary.data()), &dwEncodedLength)) break; keyString = base64Encode(binary); } while(0); if (pPubInfo) fastFree(pPubInfo); if (hKey) CryptDestroyKey(hKey); if (hContext) CryptReleaseContext(hContext, 0); return keyString; }
void Widget::on_keyErr_clicked() { DWORD keyBlobLen, blockLen = 0; BYTE *keyBlob, *srcData, *newData, *blockData1, *blockData2; HCRYPTPROV hCryptProv; HCRYPTKEY hKey, dhKey; QVector<int> values; QFile myFile(fName); plot->clear(); if (myFile.exists()) myFile.open(QIODevice::ReadOnly); else { QMessageBox::critical(0, "Ошибка", "Файл не выбран", QMessageBox::Ok); return; } CryptAcquireContext(&hCryptProv, NULL, MS_DEF_RSA_SCHANNEL_PROV, PROV_RSA_SCHANNEL, CRYPT_VERIFYCONTEXT); CryptGenKey(hCryptProv, CALG_AES_256, 0, &hKey); CryptEncrypt(hKey, 0, true, 0, NULL, &blockLen, myFile.size()); srcData = new BYTE[block * blockLen]; newData = new BYTE[block * blockLen]; blockData1 = new BYTE[blockLen]; blockData2 = new BYTE[blockLen]; myFile.read((char*)srcData, block * blockLen); myFile.close(); memcpy((char*)newData, (char*)srcData, block * blockLen); newData[0] = -newData[0]; CryptDuplicateKey(hKey, NULL, 0, &dhKey); CryptExportKey(dhKey, 0, SIMPLEBLOB, 0, NULL, &keyBlobLen); keyBlob = new BYTE[keyBlobLen]; CryptExportKey(dhKey, 0, SIMPLEBLOB, 0, keyBlob, &keyBlobLen); keyBlob[0] = -keyBlob[0]; CryptImportKey(hCryptProv, keyBlob, keyBlobLen, 0, 0, &dhKey); for (uint i = 0; i < (block * blockLen); i++) { CryptEncrypt(hKey, 0, i < 2, 0, srcData + i, &blockLen, block * blockLen); CryptEncrypt(dhKey, 0, i < 2, 0, newData + i, &blockLen, block * blockLen); } for(uint i = 0; i < (block * blockLen); i += blockLen) { int k = 0; memcpy(blockData1, srcData + i, blockLen); memcpy(blockData2, newData + i, blockLen); for (uint j = i; j < (i + blockLen); j++) k += trueBitsCount(srcData[j] ^ newData[j]); values.push_back(k); } delete[] newData; delete[] srcData; delete[] blockData1; delete[] blockData2; delete[] keyBlob; CryptReleaseContext(hCryptProv, 0); CryptDestroyKey(hKey); CryptDestroyKey(dhKey); DrawPlot(plot, values); plot->show(); }
SessionKey::SessionKey() { // acquire cryptographic provider if (!CryptAcquireContextA(&m_provider.get_ref(), 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) throw SystemError(GetLastError()); // generate session key if (!CryptGenKey(m_provider.get(), CALG_RC2, 0, &m_key.get_ref())) throw SystemError(GetLastError()); }
int main(int argc, char* argv[]) { HCRYPTPROV hProv; HCRYPTKEY hKey; if (argc != 2) { fprintf(stderr, "Usage: CryptTest <data>\n"); exit(1); } char* plaintext = argv[1]; if (!CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { PrintError("CryptAcquireContext"); } while (1) { puts("Generating key..."); if (!CryptGenKey(hProv, CALG_RC2, 0x800000, &hKey)) { PrintError("CryptGenKey"); } puts("New key generated..."); DWORD plaintextSize = strlen(plaintext); DWORD cipherSize = plaintextSize; if (!CryptEncrypt(hKey, 0, 1, 0, 0, &cipherSize, 0)) { PrintError("CryptEncrypt[0]"); } BYTE* data = (BYTE*)malloc(cipherSize); strncpy_s(data, cipherSize, plaintext, plaintextSize); if (!CryptEncrypt(hKey, 0, 1, 0, data, &plaintextSize, cipherSize)) { PrintError("CryptEncrypt[0]"); } puts("Encrypted data:"); PrintHex(data, cipherSize); puts("\n\n"); if (!CryptDestroyKey(hKey)) { PrintError("CryptDestroyKey"); } Sleep(5000); } if (!CryptReleaseContext(hProv, 0)) { PrintError("CryptReleaseContext"); } getchar(); return 0; }
BOOL CreateKeyset(HCRYPTPROV *hProv) { HCRYPTKEY hXchgKey; LONG error; if(!CryptAcquireContext(hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) return FALSE; if(!CryptGenKey(*hProv,AT_SIGNATURE,0,&hXchgKey)) { error=GetLastError(); CryptReleaseContext(*hProv, 0); SetLastError(error); return FALSE; } CryptDestroyKey(hXchgKey); if(!CryptGenKey(*hProv,AT_KEYEXCHANGE,CRYPT_EXPORTABLE,&hXchgKey)) { error=GetLastError(); CryptReleaseContext(*hProv, 0); SetLastError(error); return FALSE; } CryptDestroyKey(hXchgKey); return TRUE; }
void Widget::on_srcTextErr_clicked() { DWORD blockLen = 32; // Хотя должно быть 16ж DWORD dataSize; HCRYPTPROV hCryptProv; HCRYPTKEY hKey; uchar srcData[blockLen]; uchar newData[blockLen]; QVector<int> values; QFile myFile(fName); plot->clear(); if (myFile.exists()) myFile.open(QIODevice::ReadOnly); else { QMessageBox::critical(0, "Ошибка", "Файл не выбран", QMessageBox::Ok); return; } CryptAcquireContext(&hCryptProv, NULL, MS_DEF_RSA_SCHANNEL_PROV, PROV_RSA_SCHANNEL, CRYPT_VERIFYCONTEXT); CryptGenKey(hCryptProv, CALG_AES_256, 0, &hKey); //CryptEncrypt(hKey, 0, true, 0, NULL, &blockLen, myFile.size()); //srcData = new uchar[blockLen]; //newData = new uchar[blockLen]; dataSize = myFile.read((char *)(&srcData[0]), blockLen); memcpy(&newData[0], &srcData[0], blockLen); newData[0] = -newData[0]; for (uint i = 0; i < block; i++) { int k = 0; CryptEncrypt(hKey, 0, i < 2, 0, &srcData[0], &dataSize, block*blockLen); CryptEncrypt(hKey, 0, i < 2, 0, &newData[0], &dataSize, block*blockLen); for (uint j = 0; j < blockLen; j++) k += trueBitsCount((uint)(srcData[j] ^ newData[j])); values.push_back(k); memset(&srcData[0], 0, blockLen); dataSize = myFile.read((char *)(&srcData[0]), blockLen); memcpy(&newData[0], &srcData[0], blockLen); } myFile.close(); CryptReleaseContext(hCryptProv, 0); CryptDestroyKey(hKey); //delete[] srcData; //srcData = 0; //delete[] newData; //newData = 0; DrawPlot(plot, values); plot->show(); }
bool Crypt::GeneratePrivateKey() { // Acquire a provider handle for party 1. BOOL fReturn = CryptAcquireContext( &m_ProvParty, NULL, MS_ENH_DSS_DH_PROV, PROV_DSS_DH, CRYPT_VERIFYCONTEXT ); if ( !fReturn ) { ReleaseResources(); return false; } // Create an ephemeral private key for party 1. // 임시 비밀 키 생성 fReturn = CryptGenKey( m_ProvParty, CALG_DH_EPHEM, DHKEYSIZE << 16 | CRYPT_EXPORTABLE | CRYPT_PREGEN, &m_PrivateKey ); if ( !fReturn ) { ReleaseResources(); return false; } // Set the prime for party 1's private key. // P값 설정 fReturn = CryptSetKeyParam( m_PrivateKey, KP_P, (PBYTE)&m_P, 0 ); if ( !fReturn ) { ReleaseResources(); return false; } // Set the generator for party 1's private key. // 비밀 키 생성기 장착 fReturn = CryptSetKeyParam( m_PrivateKey, KP_G, (PBYTE)&m_G, 0 ); if ( !fReturn ) { ReleaseResources(); return false; } // Generate the secret values for party 1's private key. // 비밀 키 생성 fReturn = CryptSetKeyParam( m_PrivateKey, KP_X, NULL, 0 ); if ( !fReturn ) { ReleaseResources(); return false; } return true; }
HCRYPTKEY GenKey(HCRYPTPROV hCrProv, QString keyText, QByteArray* key, DWORD& keyBlobLen, bool flag) { HCRYPTKEY hKey = 0; HCRYPTHASH hHash = 0; if (flag) { CryptGenKey(hCrProv, CALG_AES_256, CRYPT_EXPORTABLE, &hKey); } else { CryptCreateHash(hCrProv, CALG_MD5, 0, 0, &hHash); CryptHashData(hHash, (BYTE *)keyText.toUtf8().constData(), keyText.length(), 0); CryptDeriveKey(hCrProv, CALG_AES_256, hHash, 0, &hKey); } CryptExportKey(hKey, 0, PLAINTEXTKEYBLOB, 0, NULL, &keyBlobLen); key->resize(keyBlobLen); CryptExportKey(hKey, 0, PLAINTEXTKEYBLOB, 0, (BYTE*)key->data(), &keyBlobLen); return hKey; }
/** * Generates an RSA private key with the given exponent and number of bits * and writes it into the specified key container */ RSA_key_t gen_RSA_key(int bits, int exponent, const char *container) { int idx, found, flags; const char *_container; // First find available private key slot for (idx = 0, found = 0; (idx < MAXLIST) && (!found); idx++) { if (private_key_list[idx].provider == 0) { found = 1; } } if (!found) { log0(0, 0, 0, "Couldn't find empty key slot for private key"); return 0; } idx--; if (!container || !strcmp(container, "")) { _container = NULL; flags = machine_keyset | CRYPT_VERIFYCONTEXT; } else { _container = container; flags = machine_keyset; } if (!CryptAcquireContext(&private_key_list[idx].provider, _container, NULL, prov_type, flags)) { if (!CryptAcquireContext(&private_key_list[idx].provider, _container, NULL, prov_type, CRYPT_NEWKEYSET | flags)) { mserror("CryptAcquireContext failed"); return 0; } } if (!CryptGenKey(private_key_list[idx].provider, AT_KEYEXCHANGE, ((bits ? bits : DEF_RSA_LEN) << 16) | CRYPT_EXPORTABLE, &private_key_list[idx].key)) { mserror("CryptGenKey failed"); return 0; } return private_key_list[idx].key; }
// generate public/private key pair for digital signatures void genkeys(void) { if (open_crypt()) { if (CryptGenKey(hProv, AT_SIGNATURE, keylen << 16 | CRYPT_EXPORTABLE, &hKey)) { // export as C array and binary export_key(PUBLICKEYBLOB, DSA_PUBLIC_H, DSA_C_ARRAY); export_key(PUBLICKEYBLOB, DSA_PUBLIC_BIN, DSA_BINARY); export_key(PRIVATEKEYBLOB, DSA_PRIVATE_H, DSA_C_ARRAY); export_key(PRIVATEKEYBLOB, DSA_PRIVATE_BIN, DSA_BINARY); close_key(); } else { xstrerror("CryptGenKey(%i)", keylen); } close_crypt(); } else { xstrerror("CryptAcquireContext()"); } }
inline cryptkey_ptr_t generate_cryptkey_ptr(HCRYPTPROV hProv, ALG_ID Algid, DWORD dwFlags) { HCRYPTKEY tmp; if( !CryptGenKey(hProv, Algid, dwFlags, &tmp ) ) { DWORD const errc = GetLastError(); STCRYPT_THROW_EXCEPTION( exception::cryptoapi_error() << exception::cryptoapi_einfo(errc) ); } std::auto_ptr<HCRYPTKEY> HCRYPTKEY_mem; try { HCRYPTKEY_mem.reset(new HCRYPTKEY(tmp)); }catch(...){ BOOL const r = CryptDestroyKey(tmp); assert(r); throw; } return cryptkey_ptr_t ( HCRYPTKEY_mem.release(), delete_HCRYPTKEY ); }
// http://code.google.com/p/drmemory/issues/detail?id=412 TEST(CryptoTests, CryptoBasic) { BOOL success; HCRYPTPROV provider; success = CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_AES, 0); // Ask for a new keyset if this one doesn't exist. if (!success && GetLastError() == NTE_BAD_KEYSET) { success = CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_AES, CRYPT_NEWKEYSET); } ASSERT_TRUE(success) << "CryptAcquireContext failed: " << GetLastError(); HCRYPTKEY key; success = CryptGenKey(provider, CALG_AES_256, CRYPT_EXPORTABLE, &key); ASSERT_TRUE(success) << "CryptGenKey failed: " << GetLastError(); // Get the key size. DWORD buffer_size = 0; success = CryptExportKey(key, 0, PLAINTEXTKEYBLOB, 0, NULL, &buffer_size); ASSERT_TRUE(success) << "CryptExportKey 1 failed: " << GetLastError(); // Export the key. BYTE *buffer = new BYTE[buffer_size]; success = CryptExportKey(key, 0, PLAINTEXTKEYBLOB, 0, buffer, &buffer_size); ASSERT_TRUE(success) << "CryptExportKey 2 failed: " << GetLastError(); plaintext_blob_t *blob = (plaintext_blob_t*)buffer; ASSERT_EQ(buffer_size - offsetof(plaintext_blob_t, rgbKeyData), blob->cbKeySize); // Check that the rest of it is initialized. Copy the buffer and compare it // against itself to trigger the uninit checks. BYTE *key_copy = new BYTE[blob->cbKeySize]; memcpy(key_copy, blob->rgbKeyData, blob->cbKeySize); ASSERT_EQ(0, memcmp(blob->rgbKeyData, key_copy, blob->cbKeySize)); delete [] key_copy; delete [] buffer; CryptDestroyKey(key); CryptReleaseContext(provider, 0); }
BOOL CreateExchangeKeyPair(HCRYPTPROV hProv, HCRYPTKEY* phKey) { HCRYPTKEY hKey = NULL; BOOL bResult = FALSE; ; bResult = CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey); if(!bResult) goto onCleanup; ; if(phKey) { *phKey = hKey; hKey = NULL; }; ; onCleanup: DWORD dwError = bResult ? 0 : GetLastError(); if(hKey) CryptDestroyKey(hKey); SetLastError(dwError); return bResult; };
/** * * generate new key pair of keyLen-bits * */ int rsa_genkey(RSA* rsa, int keyLen) { BOOL ok = FALSE; if (rsa == NULL) return 0; // release public if (rsa->pubkey != 0) { CryptDestroyKey(rsa->pubkey); rsa->pubkey = 0; } // release private if (rsa->privkey != 0) { CryptDestroyKey(rsa->privkey); rsa->privkey = 0; } // generate key pair for signing ok = CryptGenKey(rsa->prov, AT_KEYEXCHANGE, (keyLen << 16) | CRYPT_EXPORTABLE, &rsa->privkey); return ok; }
BOOL xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey, ALG_ID dwAlgId, LPBYTE pbKeyMaterial, DWORD dwKeyMaterial, BOOL bCheckKeyLength, HCRYPTKEY *hSessionKey) { ALG_ID dwPrivKeyAlg; LPBYTE keyBlob = NULL; DWORD keyBlobLen, rndBlobSize, dwSize, n; PUBLICKEYSTRUC* pubKeyStruc; ALG_ID* algId; DWORD dwPublicKeySize; DWORD dwProvSessionKeySize = 0; LPBYTE pbPtr; DWORD dwFlags; PROV_ENUMALGS_EX ProvEnum; HCRYPTKEY hTempKey = 0; BOOL fFound; BOOL res = FALSE; xmlSecAssert2(hProv != 0, FALSE); xmlSecAssert2(hPrivateKey != 0, FALSE); xmlSecAssert2(pbKeyMaterial != NULL, FALSE); xmlSecAssert2(dwKeyMaterial > 0, FALSE); xmlSecAssert2(hSessionKey != NULL, FALSE); /* Double check to see if this provider supports this algorithm and key size */ fFound = FALSE; dwFlags = CRYPT_FIRST; dwSize = sizeof(ProvEnum); while(CryptGetProvParam(hProv, PP_ENUMALGS_EX, (LPBYTE)&ProvEnum, &dwSize, dwFlags)) { if (ProvEnum.aiAlgid == dwAlgId) { fFound = TRUE; break; } dwSize = sizeof(ProvEnum); dwFlags = 0; } if(!fFound) { xmlSecMSCryptoError2("CryptGetProvParam", NULL, "algId=%ld is not supported", (long int)dwAlgId); goto done; } if(bCheckKeyLength) { /* We have to get the key size(including padding) from an HCRYPTKEY handle. * PP_ENUMALGS_EX contains the key size without the padding so we can't use it. */ if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) { xmlSecMSCryptoError2("CryptGenKey", NULL, "algId=%ld", (long int)dwAlgId); goto done; } dwSize = sizeof(DWORD); if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) { xmlSecMSCryptoError2("CryptGetKeyParam(KP_KEYLEN)", NULL, "algId=%ld", (long int)dwAlgId); goto done; } CryptDestroyKey(hTempKey); hTempKey = 0; /* yell if key is too big */ if ((dwKeyMaterial * 8) > dwProvSessionKeySize) { xmlSecInvalidSizeMoreThanError("Key value (bits)", (dwKeyMaterial * 8), dwProvSessionKeySize, NULL); goto done; } } else { dwProvSessionKeySize = dwKeyMaterial * 8; } /* Get private key's algorithm */ dwSize = sizeof(ALG_ID); if(!CryptGetKeyParam(hPrivateKey, KP_ALGID, (LPBYTE)&dwPrivKeyAlg, &dwSize, 0)) { xmlSecMSCryptoError2("CryptGetKeyParam(KP_ALGID)", NULL, "algId=%ld", (long int)dwAlgId); goto done; } /* Get private key's length in bits */ dwSize = sizeof(DWORD); if(!CryptGetKeyParam(hPrivateKey, KP_KEYLEN, (LPBYTE)&dwPublicKeySize, &dwSize, 0)) { xmlSecMSCryptoError2("CryptGetKeyParam(KP_KEYLEN)", NULL, "algId=%ld", (long int)dwAlgId); goto done; } /* 3 is for the first reserved byte after the key material and the 2 reserved bytes at the end. */ if(dwPublicKeySize / 8 < dwKeyMaterial + 3) { xmlSecInvalidSizeLessThanError("Key value", dwPublicKeySize / 8, dwKeyMaterial + 3, NULL); goto done; } rndBlobSize = dwPublicKeySize / 8 - (dwKeyMaterial + 3); /* Simple key BLOBs, type SIMPLEBLOB, are used to store and transport session keys outside a CSP. * Base provider simple-key BLOBs are always encrypted with a key exchange public key. The pbData * member of the SIMPLEBLOB is a sequence of bytes in the following format: * * PUBLICKEYSTRUC publickeystruc ; * ALG_ID algid; * BYTE encryptedkey[rsapubkey.bitlen/8]; */ /* calculate Simple blob's length */ keyBlobLen = sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID) + (dwPublicKeySize / 8); /* allocate simple blob buffer */ keyBlob = (LPBYTE)xmlMalloc(sizeof(BYTE) * keyBlobLen); if(keyBlob == NULL) { xmlSecMallocError(sizeof(BYTE) * keyBlobLen, NULL); goto done; } memset(keyBlob, 0, keyBlobLen); /* initialize PUBLICKEYSTRUC */ pubKeyStruc = (PUBLICKEYSTRUC*)(keyBlob); pubKeyStruc->bType = SIMPLEBLOB; pubKeyStruc->bVersion = 0x02; pubKeyStruc->reserved = 0; pubKeyStruc->aiKeyAlg = dwAlgId; /* Copy private key algorithm to buffer */ algId = (ALG_ID*)(keyBlob + sizeof(PUBLICKEYSTRUC)); (*algId) = dwPrivKeyAlg; /* Place the key material in reverse order */ pbPtr = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID)); for (n = 0; n < dwKeyMaterial; n++) { pbPtr[n] = pbKeyMaterial[dwKeyMaterial - n - 1]; } pbPtr += dwKeyMaterial; /* skip reserved byte */ pbPtr += 1; /* Generate random data for the rest of the buffer */ if((rndBlobSize > 0) && !CryptGenRandom(hProv, rndBlobSize, pbPtr)) { xmlSecMSCryptoError2("CryptGenRandom", NULL, "rndBlobSize=%ld", (long int)rndBlobSize); goto done; } /* aleksey: why are we doing this? */ for (n = 0; n < rndBlobSize; n++) { if (pbPtr[n] == 0) pbPtr[n] = 1; } /* set magic number at the end */ keyBlob[keyBlobLen - 2] = 2; if(!CryptImportKey(hProv, keyBlob , keyBlobLen, hPrivateKey, CRYPT_EXPORTABLE, hSessionKey)) { xmlSecMSCryptoError2("CryptImportKey", NULL, "algId=%ld", (long int)dwAlgId); goto done; } /* success */ res = TRUE; done: if(hTempKey != 0) { CryptDestroyKey(hTempKey); } if(keyBlob != NULL) { xmlFree(keyBlob); } return(res); }
BOOL CCrypto::Initialize(CHAR* szKeyFile) { DWORD dwResult; errno_t err; FILE* fp; m_cbBlob = file_length(szKeyFile); m_pbBlob = (BYTE*)malloc(m_cbBlob + 1); memset(m_pbBlob, 0, m_cbBlob + 1); err = fopen_s(&fp, szKeyFile, "rb"); if (err == 0) { fread(m_pbBlob, 1, m_cbBlob, fp); fclose(fp); } else { free(m_pbBlob); m_pbBlob = NULL; } if (!CryptAcquireContext(&m_hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, 0)) { dwResult = GetLastError(); if (dwResult == NTE_BAD_KEYSET) { if (!CryptAcquireContext(&m_hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { dwResult = GetLastError(); //MessageBox(_T("Error [0x%x]: CryptAcquireContext() failed."), _T("Information"), MB_OK); return FALSE; } } else { dwResult = GetLastError(); return FALSE; } } if (m_pbBlob) { if (!CryptImportKey(m_hProv, m_pbBlob, m_cbBlob, 0, 0, &m_hSessionKey)) { dwResult = GetLastError(); //MessageBox(_T("Error [0x%x]: CryptImportKey() failed."), "Information", MB_OK); return FALSE; } } else { if (!CryptImportKey(m_hProv, PrivateKeyWithExponentOfOne, sizeof(PrivateKeyWithExponentOfOne), 0, 0, &m_hKey)) { dwResult = GetLastError(); //MessageBox(_T("Error CryptImportKey() failed."), _T("Information"), MB_OK); return FALSE; } if (!CryptGenKey(m_hProv, CALG_RC4, CRYPT_EXPORTABLE, &m_hSessionKey)) { dwResult = GetLastError(); //MessageBox(_T("Error CryptGenKey() failed."), _T("Information"), MB_OK); return FALSE; } } return TRUE; }
void CKeyPair::GenerateKey() { // Generate a key pair HCRYPTPROV hCryptProv = m_pContext->GetProvider(); CryptGenKey(hCryptProv, AT_SIGNATURE, (ms_dwRSAKeySize << 16) | CRYPT_EXPORTABLE, &m_hCryptKey); }
/* * '_sspiGetCredentials()' - Retrieve an SSL/TLS certificate from the system store * If one cannot be found, one is created. */ BOOL /* O - 1 on success, 0 on failure */ _sspiGetCredentials(_sspi_struct_t *conn, /* I - Client connection */ const LPWSTR container, /* I - Cert container name */ const TCHAR *cn, /* I - Common name of certificate */ BOOL isServer) /* I - Is caller a server? */ { HCERTSTORE store = NULL; /* Certificate store */ PCCERT_CONTEXT storedContext = NULL; /* Context created from the store */ PCCERT_CONTEXT createdContext = NULL; /* Context created by us */ DWORD dwSize = 0; /* 32 bit size */ PBYTE p = NULL; /* Temporary storage */ HCRYPTPROV hProv = (HCRYPTPROV) NULL; /* Handle to a CSP */ CERT_NAME_BLOB sib; /* Arbitrary array of bytes */ SCHANNEL_CRED SchannelCred; /* Schannel credential data */ TimeStamp tsExpiry; /* Time stamp */ SECURITY_STATUS Status; /* Status */ HCRYPTKEY hKey = (HCRYPTKEY) NULL; /* Handle to crypto key */ CRYPT_KEY_PROV_INFO kpi; /* Key container info */ SYSTEMTIME et; /* System time */ CERT_EXTENSIONS exts; /* Array of cert extensions */ CRYPT_KEY_PROV_INFO ckp; /* Handle to crypto key */ BOOL ok = TRUE; /* Return value */ DEBUG_printf(("_sspiGetCredentials(conn=%p, container=%p, cn=\"%s\", isServer=%d)", conn, container, cn, isServer)); if (!conn) return (FALSE); if (!cn) return (FALSE); if (!CryptAcquireContextW(&hProv, (LPWSTR) container, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET)) { if (GetLastError() == NTE_EXISTS) { if (!CryptAcquireContextW(&hProv, (LPWSTR) container, MS_DEF_PROV_W, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET)) { DEBUG_printf(("_sspiGetCredentials: CryptAcquireContext failed: %x\n", GetLastError())); ok = FALSE; goto cleanup; } } } store = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, hProv, CERT_SYSTEM_STORE_LOCAL_MACHINE | CERT_STORE_NO_CRYPT_RELEASE_FLAG | CERT_STORE_OPEN_EXISTING_FLAG, L"MY"); if (!store) { DEBUG_printf(("_sspiGetCredentials: CertOpenSystemStore failed: %x\n", GetLastError())); ok = FALSE; goto cleanup; } dwSize = 0; if (!CertStrToName(X509_ASN_ENCODING, cn, CERT_OID_NAME_STR, NULL, NULL, &dwSize, NULL)) { DEBUG_printf(("_sspiGetCredentials: CertStrToName failed: %x\n", GetLastError())); ok = FALSE; goto cleanup; } p = (PBYTE) malloc(dwSize); if (!p) { DEBUG_printf(("_sspiGetCredentials: malloc failed for %d bytes", dwSize)); ok = FALSE; goto cleanup; } if (!CertStrToName(X509_ASN_ENCODING, cn, CERT_OID_NAME_STR, NULL, p, &dwSize, NULL)) { DEBUG_printf(("_sspiGetCredentials: CertStrToName failed: %x", GetLastError())); ok = FALSE; goto cleanup; } sib.cbData = dwSize; sib.pbData = p; storedContext = CertFindCertificateInStore(store, X509_ASN_ENCODING|PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_NAME, &sib, NULL); if (!storedContext) { /* * If we couldn't find the context, then we'll * create a new one */ if (!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey)) { DEBUG_printf(("_sspiGetCredentials: CryptGenKey failed: %x", GetLastError())); ok = FALSE; goto cleanup; } ZeroMemory(&kpi, sizeof(kpi)); kpi.pwszContainerName = (LPWSTR) container; kpi.pwszProvName = MS_DEF_PROV_W; kpi.dwProvType = PROV_RSA_FULL; kpi.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID; kpi.dwKeySpec = AT_KEYEXCHANGE; GetSystemTime(&et); et.wYear += 10; ZeroMemory(&exts, sizeof(exts)); createdContext = CertCreateSelfSignCertificate(hProv, &sib, 0, &kpi, NULL, NULL, &et, &exts); if (!createdContext) { DEBUG_printf(("_sspiGetCredentials: CertCreateSelfSignCertificate failed: %x", GetLastError())); ok = FALSE; goto cleanup; } if (!CertAddCertificateContextToStore(store, createdContext, CERT_STORE_ADD_REPLACE_EXISTING, &storedContext)) { DEBUG_printf(("_sspiGetCredentials: CertAddCertificateContextToStore failed: %x", GetLastError())); ok = FALSE; goto cleanup; } ZeroMemory(&ckp, sizeof(ckp)); ckp.pwszContainerName = (LPWSTR) container; ckp.pwszProvName = MS_DEF_PROV_W; ckp.dwProvType = PROV_RSA_FULL; ckp.dwFlags = CRYPT_MACHINE_KEYSET; ckp.dwKeySpec = AT_KEYEXCHANGE; if (!CertSetCertificateContextProperty(storedContext, CERT_KEY_PROV_INFO_PROP_ID, 0, &ckp)) { DEBUG_printf(("_sspiGetCredentials: CertSetCertificateContextProperty failed: %x", GetLastError())); ok = FALSE; goto cleanup; } } ZeroMemory(&SchannelCred, sizeof(SchannelCred)); SchannelCred.dwVersion = SCHANNEL_CRED_VERSION; SchannelCred.cCreds = 1; SchannelCred.paCred = &storedContext; /* * SSPI doesn't seem to like it if grbitEnabledProtocols * is set for a client */ if (isServer) SchannelCred.grbitEnabledProtocols = SP_PROT_SSL3TLS1; /* * Create an SSPI credential. */ Status = AcquireCredentialsHandle(NULL, UNISP_NAME, isServer ? SECPKG_CRED_INBOUND:SECPKG_CRED_OUTBOUND, NULL, &SchannelCred, NULL, NULL, &conn->creds, &tsExpiry); if (Status != SEC_E_OK) { DEBUG_printf(("_sspiGetCredentials: AcquireCredentialsHandle failed: %x", Status)); ok = FALSE; goto cleanup; } cleanup: /* * Cleanup */ if (hKey) CryptDestroyKey(hKey); if (createdContext) CertFreeCertificateContext(createdContext); if (storedContext) CertFreeCertificateContext(storedContext); if (p) free(p); if (store) CertCloseStore(store, 0); if (hProv) CryptReleaseContext(hProv, 0); return (ok); }
::PCCERT_CONTEXT acquire () { HRESULT hr = 0; HCRYPTPROV hProv = NULL; PCCERT_CONTEXT p = 0; HCRYPTKEY hKey = 0; CERT_NAME_BLOB sib = { 0 }; BOOL AX = 0; try { char cb[1000] = {0}; sib.pbData = (BYTE*)cb; sib.cbData = 1000; wchar_t* szSubject= L"CN=Certificate"; if (!CertStrToNameW(CRYPT_ASN_ENCODING, szSubject,0,0,sib.pbData,&sib.cbData,NULL)) throw; wchar_t* pszKeyContainerName = L"Container"; if (!CryptAcquireContextW(&hProv,pszKeyContainerName,MS_DEF_PROV_W,PROV_RSA_FULL,CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET)) { hr = GetLastError(); if (GetLastError() == NTE_EXISTS) { if (!CryptAcquireContextW(&hProv,pszKeyContainerName,MS_DEF_PROV_W,PROV_RSA_FULL,CRYPT_MACHINE_KEYSET)) { throw; } } else throw; } if (!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey)) throw; CRYPT_KEY_PROV_INFO kpi = {0}; kpi.pwszContainerName = pszKeyContainerName; kpi.pwszProvName = MS_DEF_PROV_W; kpi.dwProvType = PROV_RSA_FULL; kpi.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID; kpi.dwKeySpec = AT_KEYEXCHANGE; SYSTEMTIME et; GetSystemTime(&et); et.wYear += 1; CERT_EXTENSIONS exts = {0}; p = CertCreateSelfSignCertificate(hProv,&sib,0,&kpi,NULL,NULL,&et,&exts); AX = CryptFindCertificateKeyProvInfo(p,CRYPT_FIND_MACHINE_KEYSET_FLAG,NULL) ; } catch(...) { } // cleanup. if (hKey) CryptDestroyKey(hKey); hKey = 0; if (hProv) CryptReleaseContext(hProv,0); hProv = 0; // return certificate. return (p); }
void gen_aes256_key_iv() { HCRYPTPROV provider = NULL; HCRYPTKEY hKey = NULL; HCRYPTKEY newHKey = NULL; DWORD ivLen, blockLen = 0; BYTE* iv = NULL; BYTE* buffer = NULL; char* cipherText = NULL; unsigned long cLen; char* cipherText2 = NULL; unsigned long cLen2; char* cipherText3 = NULL; unsigned long cLen3; char* cipherText4 = NULL; unsigned long cLen4; if (!OpenCryptContext(&provider)) { printf("CryptAcquireContext() failed:"); goto Exit0; } // 生成随机密钥 // 还可以从通过给定密码 HASH 后获取 AES 密钥 if (!CryptGenKey(provider, CALG_AES_256, CRYPT_EXPORTABLE, &hKey)) { goto Exit0; } // Get the key size. DWORD buffer_size = 0; if (!CryptExportKey(hKey, 0, PLAINTEXTKEYBLOB, 0, NULL, &buffer_size)) { printf("CryptExportKey failed.\n"); goto Exit0; } // Export the key. buffer = new BYTE[buffer_size]; if (!CryptExportKey(hKey, 0, PLAINTEXTKEYBLOB, 0, buffer, &buffer_size)) { printf("CryptExportKey2 failed.\n"); goto Exit0; } plaintext_blob_t* blob = (plaintext_blob_t*)buffer; printf("aes Key:\n"); printf("\nchar aes256_key[]=\n{"); print_bin2c(blob->rgbKeyData, blob->cbKeySize); printf("};"); printf("\n\n"); // base64 编码 if (!Base64EncodeA(&cipherText, &cLen, blob->rgbKeyData, blob->cbKeySize)) { //xfree(encrypted); xstrerror("Base64EncodeA()"); goto Exit0; } printf("aes base64 Key:\n"); printf(cipherText); printf("\n\n"); // Hex 编码 if (!Bin2Hex(&cipherText3, &cLen3, blob->rgbKeyData, blob->cbKeySize)) { xstrerror("Bin2Hex()"); goto Exit0; } printf("aes hex Key:\n"); printf(cipherText3); printf("\n\n"); // 从随机密钥获取 IV 长度 if (!CryptGetKeyParam(hKey, KP_IV, NULL, &ivLen, 0)) { goto Exit0; } iv = new BYTE[ivLen]; ZeroMemory(iv, ivLen); if (!CryptGenRandom(provider, ivLen, iv)) { goto Exit0; } printf("aes IV:\n"); printf("\nchar aes256_iv[]=\n{"); print_bin2c(iv, ivLen); printf("};"); printf("\n\n"); if (!Base64EncodeA(&cipherText2, &cLen2, iv, ivLen)) { xstrerror("Base64EncodeA()"); goto Exit0; } printf("aes base64 iv:\n"); printf(cipherText2); printf("\n\n"); // Hex 编码 if (!Bin2Hex(&cipherText4, &cLen4, iv, ivLen)) { xstrerror("Bin2Hex()"); goto Exit0; } printf("aes hex iv:\n"); printf(cipherText4); printf("\n\n"); DWORD LenBlockAES = 0; DWORD dwCount = sizeof(DWORD); if (!CryptGetKeyParam(hKey, KP_BLOCKLEN, (BYTE*)&LenBlockAES, &dwCount, 0)) { goto Exit0; } printf("aes block data len: %d\n", LenBlockAES); Exit0: if (cipherText4) { xfree(cipherText4); cipherText4 = NULL; } if (cipherText3) { xfree(cipherText3); cipherText3 = NULL; } if (cipherText2) { xfree(cipherText2); cipherText2 = NULL; } if (cipherText) { xfree(cipherText); cipherText = NULL; } if (buffer) { delete[] buffer; buffer = NULL; } if (iv) { delete[] iv; iv = NULL; } if (hKey) { CryptDestroyKey(hKey); } if (provider) { CryptReleaseContext(provider, 0); } return; }
PCCERT_CONTEXT SSL_SOCKET :: CreateOurCertificate() { // CertCreateSelfSignCertificate(0,&SubjectName,0,0,0,0,0,0); HRESULT hr = 0; HCRYPTPROV hProv = NULL; PCCERT_CONTEXT p = 0; HCRYPTKEY hKey = 0; CERT_NAME_BLOB sib = { 0 }; BOOL AX = 0; // Step by step to create our own certificate try { // Create the subject char cb[1000] = {0}; sib.pbData = (BYTE*)cb; sib.cbData = 1000; wchar_t* szSubject= L"CN=Certificate"; if (!CertStrToName(CRYPT_ASN_ENCODING, szSubject,0,0,sib.pbData,&sib.cbData,NULL)) throw; // Acquire Context wchar_t* pszKeyContainerName = L"Container"; if (!CryptAcquireContext(&hProv,pszKeyContainerName,MS_DEF_PROV,PROV_RSA_FULL,CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET)) { hr = GetLastError(); if (GetLastError() == NTE_EXISTS) { if (!CryptAcquireContext(&hProv,pszKeyContainerName,MS_DEF_PROV,PROV_RSA_FULL,CRYPT_MACHINE_KEYSET)) { throw; } } else throw; } // Generate KeyPair if (!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey)) throw; // Generate the certificate CRYPT_KEY_PROV_INFO kpi = {0}; kpi.pwszContainerName = pszKeyContainerName; kpi.pwszProvName = MS_DEF_PROV; kpi.dwProvType = PROV_RSA_FULL; kpi.dwFlags = CERT_SET_KEY_CONTEXT_PROP_ID; kpi.dwKeySpec = AT_KEYEXCHANGE; SYSTEMTIME et; GetSystemTime(&et); et.wYear += 1; CERT_EXTENSIONS exts = {0}; p = CertCreateSelfSignCertificate(hProv,&sib,0,&kpi,NULL,NULL,&et,&exts); AX = CryptFindCertificateKeyProvInfo(p,CRYPT_FIND_MACHINE_KEYSET_FLAG,NULL) ; /* hCS = CertOpenStore(CERT_STORE_PROV_MEMORY,0,0,CERT_STORE_CREATE_NEW_FLAG,0); AX = CertAddCertificateContextToStore(hCS,p,CERT_STORE_ADD_NEW,0); AX = CryptFindCertificateKeyProvInfo(p,CRYPT_FIND_MACHINE_KEYSET_FLAG,NULL);*/ } catch(...) { } if (hKey) CryptDestroyKey(hKey); hKey = 0; if (hProv) CryptReleaseContext(hProv,0); hProv = 0; return p; }
BOOL EncryptDecryptFile(LPTSTR lpszCertificateName, LPTSTR lpszCertificateStoreName, DWORD dwCertStoreOpenFlags, LPTSTR lpszInputFileName, LPTSTR lpszOutputFileName, BOOL fEncrypt) { BOOL fResult = FALSE; HCRYPTPROV hProv = NULL; HCRYPTKEY hRSAKey = NULL; HCRYPTKEY hSessionKey = NULL; HANDLE hInFile = INVALID_HANDLE_VALUE; HANDLE hOutFile = INVALID_HANDLE_VALUE; BOOL finished = FALSE; BYTE pbBuffer[OUT_BUFFER_SIZE]; DWORD dwByteCount = 0; DWORD dwBytesRead = 0; DWORD dwBytesWritten = 0; LPBYTE pbSessionKeyBlob = NULL; DWORD dwSessionKeyBlob = 0; BOOL fCallerFreeProv = FALSE; PCCERT_CONTEXT pCertContext = NULL; BOOL fSuccess = FALSE; __try { pCertContext = GetCertificateContextFromName(lpszCertificateName, lpszCertificateStoreName, dwCertStoreOpenFlags); if (pCertContext == NULL) { __leave; } fResult = AcquireAndGetRSAKey(pCertContext, &hProv, &hRSAKey, fEncrypt, &fCallerFreeProv); if (fResult == FALSE) { __leave; } // Open the input file to be encrypted or decrypted hInFile = CreateFile(lpszInputFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hInFile == INVALID_HANDLE_VALUE) { MyPrintf(_T("CreateFile failed with %d\n"), GetLastError()); __leave; } // Open the output file to write the encrypted or decrypted data hOutFile = CreateFile(lpszOutputFileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if (hOutFile == INVALID_HANDLE_VALUE) { MyPrintf(_T("CreateFile failed with %d\n"), GetLastError()); __leave; } if (fEncrypt) { fResult = CryptGenKey(hProv, CALG_RC4, CRYPT_EXPORTABLE, &hSessionKey); if (!fResult) { MyPrintf(_T("CryptGenKey failed with %X\n"), GetLastError()); __leave; } // The first call to ExportKey with NULL gets the key size. dwSessionKeyBlob = 0; fResult = CryptExportKey(hSessionKey, hRSAKey, SIMPLEBLOB, 0, NULL, &dwSessionKeyBlob); if (!fResult) { MyPrintf(_T("CryptExportKey failed with %X\n"), GetLastError()); __leave; } // Allocate memory for Encrypted Session key blob pbSessionKeyBlob = (LPBYTE)LocalAlloc(LPTR, dwSessionKeyBlob); if (!pbSessionKeyBlob) { MyPrintf(_T("LocalAlloc failed with %d\n"), GetLastError()); __leave; } fResult = CryptExportKey(hSessionKey, hRSAKey, SIMPLEBLOB, 0, pbSessionKeyBlob, &dwSessionKeyBlob); if (!fResult) { MyPrintf(_T("CryptExportKey failed with %X\n"), GetLastError()); __leave; } // Write the size of key blob, then the key blob itself, to output file. fResult = WriteFile(hOutFile, &dwSessionKeyBlob, sizeof(dwSessionKeyBlob), &dwBytesWritten, NULL); if (!fResult) { MyPrintf(_T("WriteFile failed with %d\n"), GetLastError()); __leave; } fResult = WriteFile(hOutFile, pbSessionKeyBlob, dwSessionKeyBlob, &dwBytesWritten, NULL); if (!fResult) { MyPrintf(_T("WriteFile failed with %d\n"), GetLastError()); __leave; } } else { // Read in key block size, then key blob itself from input file. fResult = ReadFile(hInFile, &dwByteCount, sizeof(dwByteCount), &dwBytesRead, NULL); if (!fResult) { MyPrintf(_T("ReadFile failed with %d\n"), GetLastError()); __leave; } fResult = ReadFile(hInFile, pbBuffer, dwByteCount, &dwBytesRead, NULL); if (!fResult) { MyPrintf(_T("ReadFile failed with %d\n"), GetLastError()); __leave; } // import key blob into "CSP" fResult = CryptImportKey(hProv, pbBuffer, dwByteCount, hRSAKey, 0, &hSessionKey); if (!fResult) { MyPrintf(_T("CryptImportKey failed with %X\n"), GetLastError()); __leave; } } do { dwByteCount = 0; // Now read data from the input file 64K bytes at a time. fResult = ReadFile(hInFile, pbBuffer, IN_BUFFER_SIZE, &dwByteCount, NULL); // If the file size is exact multiple of 64K, dwByteCount will be zero after // all the data has been read from the input file. In this case, simply break // from the while loop. The check to do this is below if (dwByteCount == 0) break; if (!fResult) { MyPrintf(_T("ReadFile failed with %d\n"), GetLastError()); __leave; } finished = (dwByteCount < IN_BUFFER_SIZE); // Encrypt/Decrypt depending on the required action. if (fEncrypt) { fResult = CryptEncrypt(hSessionKey, 0, finished, 0, pbBuffer, &dwByteCount, OUT_BUFFER_SIZE); if (!fResult) { MyPrintf(_T("CryptEncrypt failed with %X\n"), GetLastError()); __leave; } } else { fResult = CryptDecrypt(hSessionKey, 0, finished, 0, pbBuffer, &dwByteCount); if (!fResult) { MyPrintf(_T("CryptDecrypt failed with %X\n"), GetLastError()); __leave; } } // Write the encrypted/decrypted data to the output file. fResult = WriteFile(hOutFile, pbBuffer, dwByteCount, &dwBytesWritten, NULL); if (!fResult) { MyPrintf(_T("WriteFile failed with %d\n"), GetLastError()); __leave; } } while (!finished); if (fEncrypt) MyPrintf(_T("File %s is encrypted successfully!\n"), lpszInputFileName); else MyPrintf(_T("File %s is decrypted successfully!\n"), lpszInputFileName); fSuccess = TRUE; } __finally { /* Cleanup */ CheckAndLocalFree(pbSessionKeyBlob); if (pCertContext != NULL) CertFreeCertificateContext(pCertContext); if (hRSAKey != NULL) CryptDestroyKey(hRSAKey); if (hSessionKey != NULL) CryptDestroyKey(hSessionKey); if (fCallerFreeProv && hProv != NULL) CryptReleaseContext(hProv, 0); if (hInFile != INVALID_HANDLE_VALUE) CloseHandle(hInFile); if (hOutFile != INVALID_HANDLE_VALUE) CloseHandle(hOutFile); } return fSuccess; }
bool testCrypt(const unsigned uiVerboseLevel){ HCRYPTKEY hKey = NULL; if ( !CryptGenKey( hProv, CALG_GOST_CRYPT, 0, &hKey) ) { if ( uiVerboseLevel > 0 ) std::cout << "CryptGenKey failed" << std::endl; return false; } const DWORD cdwPlainTextLen = 70; const DWORD cdwBufLen = 170; DWORD dwDataLen = cdwPlainTextLen; BYTE *pbData = new BYTE[cdwBufLen]; BYTE *pbDataCopy = new BYTE[dwDataLen]; if ( !CryptGenRandom( hProv, dwDataLen, pbData) ) { if ( uiVerboseLevel > 0 ) std::cout << "CryptGenRandom failed" << std::endl; return false; } memcpy( pbDataCopy, pbData, dwDataLen ); if ( uiVerboseLevel > 1 ){ print( std::cout, pbData, dwDataLen ); } if ( !CryptEncrypt( hKey, 0, TRUE, 0, pbData, &dwDataLen, cdwBufLen)) { if ( uiVerboseLevel > 0 ) std::cout << "CryptEncrypt failed" << std::endl; return false; } if ( uiVerboseLevel > 1 ){ print( std::cout, pbData, dwDataLen ); } if ( !CryptDecrypt( hKey, 0, TRUE, 0, pbData, &dwDataLen)) { if ( uiVerboseLevel > 0 ) std::cout << "CryptDecrypt failed" << std::endl; return false; } if ( uiVerboseLevel > 1 ){ print( std::cout, pbData, dwDataLen ); } /*if ( dwDataLen != cdwPlainTextLen ){ if ( uiVerboseLevel > 0 ) std::cout << "Length of decrypted text is not equal length of plaintext" << std::endl; return false; }*/ if ( memcmp( pbData, pbDataCopy, cdwPlainTextLen ) != 0 ){ if ( uiVerboseLevel > 0 ) std::cout << "Decrypted text and plaintext do not match" << std::endl; return false; } return true; }
int _tmain(int argc, _TCHAR* argv[]) { // Handle for the cryptographic provider context. HCRYPTPROV hCryptProv; // The name of the container. LPCTSTR pszContainerName = TEXT("My Sample Key Container"); //--------------------------------------------------------------- // Begin processing. Attempt to acquire a context by using the // specified key container. if(CryptAcquireContext( &hCryptProv, pszContainerName, NULL, PROV_RSA_FULL, 0)) { _tprintf( TEXT("A crypto context with the %s key container ") TEXT("has been acquired.\n"), pszContainerName); } else { //----------------------------------------------------------- // Some sort of error occurred in acquiring the context. // This is most likely due to the specified container // not existing. Create a new key container. if(GetLastError() == NTE_BAD_KEYSET) { if(CryptAcquireContext( &hCryptProv, pszContainerName, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { _tprintf(TEXT("A new key container has been ") TEXT("created.\n")); } else { MyHandleError(TEXT("Could not create a new key ") TEXT("container.\n")); } } else { MyHandleError(TEXT("CryptAcquireContext failed.\n")); } } //--------------------------------------------------------------- // A context with a key container is available. // Attempt to get the handle to the signature key. // Public/private key handle. HCRYPTKEY hKey; if(CryptGetUserKey( hCryptProv, AT_SIGNATURE, &hKey)) { _tprintf(TEXT("A signature key is available.\n")); } else { _tprintf(TEXT("No signature key is available.\n")); if(GetLastError() == NTE_NO_KEY) { //------------------------------------------------------- // The error was that there is a container but no key. // Create a signature key pair. _tprintf(TEXT("The signature key does not exist.\n")); _tprintf(TEXT("Create a signature key pair.\n")); if(CryptGenKey( hCryptProv, AT_SIGNATURE, 0, &hKey)) { _tprintf(TEXT("Created a signature key pair.\n")); } else { MyHandleError(TEXT("Error occurred creating a ") TEXT("signature key.\n")); } } else { MyHandleError(TEXT("An error other than NTE_NO_KEY ") TEXT("getting a signature key.\n")); } } // End if. _tprintf(TEXT("A signature key pair existed, or one was ") TEXT("created.\n\n")); // Destroy the signature key. if(hKey) { if(!(CryptDestroyKey(hKey))) { MyHandleError(TEXT("Error during CryptDestroyKey.")); } hKey = NULL; } // Next, check the exchange key. if(CryptGetUserKey( hCryptProv, AT_KEYEXCHANGE, &hKey)) { _tprintf(TEXT("An exchange key exists.\n")); } else { _tprintf(TEXT("No exchange key is available.\n")); // Check to determine whether an exchange key // needs to be created. if(GetLastError() == NTE_NO_KEY) { // Create a key exchange key pair. _tprintf(TEXT("The exchange key does not exist.\n")); _tprintf(TEXT("Attempting to create an exchange key ") TEXT("pair.\n")); if(CryptGenKey( hCryptProv, AT_KEYEXCHANGE, 0, &hKey)) { _tprintf(TEXT("Exchange key pair created.\n")); } else { MyHandleError(TEXT("Error occurred attempting to ") TEXT("create an exchange key.\n")); } } else { MyHandleError(TEXT("An error other than NTE_NO_KEY ") TEXT("occurred.\n")); } } // Destroy the exchange key. if(hKey) { if(!(CryptDestroyKey(hKey))) { MyHandleError(TEXT("Error during CryptDestroyKey.")); } hKey = NULL; } // Release the CSP. if(hCryptProv) { if(!(CryptReleaseContext(hCryptProv, 0))) { MyHandleError(TEXT("Error during CryptReleaseContext.")); } } _tprintf(TEXT("Everything is okay. A signature key ")); _tprintf(TEXT("pair and an exchange key exist in ")); _tprintf(TEXT("the %s key container.\n"), pszContainerName); getchar(); return 0; }
INT ProtectDataCAPI(const char* szKeyName, const void* pData, size_t nData, void** ppData, size_t* pnData) { USES_CONVERSION; ; HCRYPTPROV hProv=NULL; BOOL bResult = FALSE; ; HCRYPTKEY hExchangeKey = NULL; HCRYPTKEY hSessionKey = NULL; void* pTempBuffer = NULL; DWORD dwTempBuffer = 0; void* pSessionKeyBlob = NULL; DWORD dwSessionKeyBlob = 0; void* pResultBuffer = NULL; size_t nResultBuffer = 0; { if(!(bResult = CryptAcquireContext( &hProv, A2CT(szKeyName), MS_DEF_PROV, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET))) { DWORD dwError = GetLastError(); if(dwError == NTE_BAD_KEYSET || dwError == NTE_KEYSET_NOT_DEF) { bResult = CreateContainer(A2CT(szKeyName), &hProv); if(!bResult) goto onCleanup; } else goto onCleanup; }; ; if(!(bResult = CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hExchangeKey))) { DWORD dwError = GetLastError(); if(dwError == NTE_NO_KEY) { bResult = CreateExchangeKeyPair(hProv, &hExchangeKey); if(!bResult) goto onCleanup; } else goto onCleanup; }; ; bResult = CryptGenKey(hProv, CALG_RC4, CRYPT_EXPORTABLE, &hSessionKey); if(!bResult) goto onCleanup; ; //determining size of output buffer is redundant because RC4 is a stream cipher but as general it's required DWORD dwTempBufferSize = nData; bResult = CryptEncrypt(hSessionKey, NULL, TRUE, 0, NULL, &dwTempBufferSize, dwTempBufferSize); if(!bResult) goto onCleanup; pTempBuffer = malloc(dwTempBufferSize); dwTempBuffer = nData; memcpy(pTempBuffer, pData, nData); bResult = CryptEncrypt(hSessionKey, NULL, TRUE, 0, (PBYTE)pTempBuffer, &dwTempBuffer, dwTempBufferSize); if(!bResult) goto onCleanup; ; bResult = CryptExportKey(hSessionKey, hExchangeKey, SIMPLEBLOB, 0, NULL, &dwSessionKeyBlob); if(!bResult) goto onCleanup; pSessionKeyBlob = malloc(dwSessionKeyBlob); bResult = CryptExportKey(hSessionKey, hExchangeKey, SIMPLEBLOB, 0, (PBYTE)pSessionKeyBlob, &dwSessionKeyBlob); if(!bResult) goto onCleanup; ; nResultBuffer = dwTempBuffer + dwSessionKeyBlob + sizeof(dwSessionKeyBlob) + sizeof(dwTempBuffer); pResultBuffer = malloc(nResultBuffer); PBYTE p = (PBYTE)pResultBuffer; memcpy(p, &dwSessionKeyBlob, sizeof(dwSessionKeyBlob)); p += sizeof(dwSessionKeyBlob); memcpy(p, pSessionKeyBlob, dwSessionKeyBlob); p += dwSessionKeyBlob; memcpy(p, &dwTempBuffer, sizeof(dwTempBuffer)); p += sizeof(dwTempBuffer); memcpy(p, pTempBuffer, dwTempBuffer); p += dwTempBuffer; _ASSERTE(p == nResultBuffer + PBYTE(pResultBuffer)); *ppData = pResultBuffer; *pnData = nResultBuffer; pResultBuffer = NULL; }; onCleanup: DWORD dwError = bResult ? 0 : GetLastError(); if(hSessionKey) CryptDestroyKey(hSessionKey); if(hExchangeKey) CryptDestroyKey(hExchangeKey); if(hProv) CryptReleaseContext(hProv, 0); Free(pTempBuffer, dwTempBuffer); Free(pSessionKeyBlob, dwSessionKeyBlob); Free(pResultBuffer, nResultBuffer); return (int)dwError; };
//------------------------------------------------------------------- // Code for the function MyEncryptFile called by main. //------------------------------------------------------------------- // Parameters passed are: // pszSource, the name of the input, a plaintext file. // pszDestination, the name of the output, an encrypted file to be // created. // pszPassword, either NULL if a password is not to be used or the // string that is the password. bool MyEncryptFile( LPTSTR pszSourceFile, LPTSTR pszDestinationFile, LPTSTR pszPassword) { //--------------------------------------------------------------- // Declare and initialize local variables. bool fReturn = false; HANDLE hSourceFile = INVALID_HANDLE_VALUE; HANDLE hDestinationFile = INVALID_HANDLE_VALUE; HCRYPTPROV hCryptProv = NULL; HCRYPTKEY hKey = NULL; HCRYPTKEY hXchgKey = NULL; HCRYPTHASH hHash = NULL; PBYTE pbKeyBlob = NULL; DWORD dwKeyBlobLen; PBYTE pbBuffer = NULL; DWORD dwBlockLen; DWORD dwBufferLen; DWORD dwCount; //--------------------------------------------------------------- // Open the source file. hSourceFile = CreateFile( pszSourceFile, FILE_READ_DATA, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(INVALID_HANDLE_VALUE != hSourceFile) { _tprintf( TEXT("The source plaintext file, %s, is open. \n"), pszSourceFile); } else { MyHandleError( TEXT("Error opening source plaintext file!\n"), GetLastError()); goto Exit_MyEncryptFile; } //--------------------------------------------------------------- // Open the destination file. hDestinationFile = CreateFile( pszDestinationFile, FILE_WRITE_DATA, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if(INVALID_HANDLE_VALUE != hDestinationFile) { _tprintf( TEXT("The destination file, %s, is open. \n"), pszDestinationFile); } else { MyHandleError( TEXT("Error opening destination file!\n"), GetLastError()); goto Exit_MyEncryptFile; } //--------------------------------------------------------------- // Get the handle to the default provider. if(CryptAcquireContext( &hCryptProv, NULL, MS_ENH_RSA_AES_PROV, PROV_RSA_AES, 0)) { _tprintf( TEXT("A cryptographic provider has been acquired. \n")); } else { MyHandleError( TEXT("Error during CryptAcquireContext!\n"), GetLastError()); goto Exit_MyEncryptFile; } //--------------------------------------------------------------- // Create the session key. if(!pszPassword || !pszPassword[0]) { //----------------------------------------------------------- // No password was passed. // Encrypt the file with a random session key, and write the // key to a file. //----------------------------------------------------------- // Create a random session key. if(CryptGenKey( hCryptProv, ENCRYPT_ALGORITHM, KEYLENGTH | CRYPT_EXPORTABLE, &hKey)) { _tprintf(TEXT("A session key has been created. \n")); } else { MyHandleError( TEXT("Error during CryptGenKey. \n"), GetLastError()); goto Exit_MyEncryptFile; } //----------------------------------------------------------- // Get the handle to the exchange public key. if(CryptGetUserKey( hCryptProv, AT_KEYEXCHANGE, &hXchgKey)) { _tprintf( TEXT("The user public key has been retrieved. \n")); } else { if(NTE_NO_KEY == GetLastError()) { // No exchange key exists. Try to create one. if(!CryptGenKey( hCryptProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hXchgKey)) { MyHandleError( TEXT("Could not create a user public key.\n"), GetLastError()); goto Exit_MyEncryptFile; } } else { MyHandleError( TEXT("User public key is not available and may ") TEXT("not exist.\n"), GetLastError()); goto Exit_MyEncryptFile; } } //----------------------------------------------------------- // Determine size of the key BLOB, and allocate memory. if(CryptExportKey( hKey, hXchgKey, SIMPLEBLOB, 0, NULL, &dwKeyBlobLen)) { _tprintf( TEXT("The key BLOB is %d bytes long. \n"), dwKeyBlobLen); } else { MyHandleError( TEXT("Error computing BLOB length! \n"), GetLastError()); goto Exit_MyEncryptFile; } if(pbKeyBlob = (BYTE *)malloc(dwKeyBlobLen)) { _tprintf( TEXT("Memory is allocated for the key BLOB. \n")); } else { MyHandleError(TEXT("Out of memory. \n"), E_OUTOFMEMORY); goto Exit_MyEncryptFile; } //----------------------------------------------------------- // Encrypt and export the session key into a simple key // BLOB. if(CryptExportKey( hKey, hXchgKey, SIMPLEBLOB, 0, pbKeyBlob, &dwKeyBlobLen)) { _tprintf(TEXT("The key has been exported. \n")); } else { MyHandleError( TEXT("Error during CryptExportKey!\n"), GetLastError()); goto Exit_MyEncryptFile; } //----------------------------------------------------------- // Release the key exchange key handle. if(hXchgKey) { if(!(CryptDestroyKey(hXchgKey))) { MyHandleError( TEXT("Error during CryptDestroyKey.\n"), GetLastError()); goto Exit_MyEncryptFile; } hXchgKey = 0; } //----------------------------------------------------------- // Write the size of the key BLOB to the destination file. if(!WriteFile( hDestinationFile, &dwKeyBlobLen, sizeof(DWORD), &dwCount, NULL)) { MyHandleError( TEXT("Error writing header.\n"), GetLastError()); goto Exit_MyEncryptFile; } else { _tprintf(TEXT("A file header has been written. \n")); } //----------------------------------------------------------- // Write the key BLOB to the destination file. if(!WriteFile( hDestinationFile, pbKeyBlob, dwKeyBlobLen, &dwCount, NULL)) { MyHandleError( TEXT("Error writing header.\n"), GetLastError()); goto Exit_MyEncryptFile; } else { _tprintf( TEXT("The key BLOB has been written to the ") TEXT("file. \n")); } // Free memory. free(pbKeyBlob); } else { //----------------------------------------------------------- // The file will be encrypted with a session key derived // from a password. // The session key will be recreated when the file is // decrypted only if the password used to create the key is // available. //----------------------------------------------------------- // Create a hash object. if(CryptCreateHash( hCryptProv, CALG_MD5, 0, 0, &hHash)) { _tprintf(TEXT("A hash object has been created. \n")); } else { MyHandleError( TEXT("Error during CryptCreateHash!\n"), GetLastError()); goto Exit_MyEncryptFile; } //----------------------------------------------------------- // Hash the password. if(CryptHashData( hHash, (BYTE *)pszPassword, lstrlen(pszPassword), 0)) { _tprintf( TEXT("The password has been added to the hash. \n")); } else { MyHandleError( TEXT("Error during CryptHashData. \n"), GetLastError()); goto Exit_MyEncryptFile; } //----------------------------------------------------------- // Derive a session key from the hash object. if(CryptDeriveKey( hCryptProv, ENCRYPT_ALGORITHM, hHash, KEYLENGTH, &hKey)) { _tprintf( TEXT("An encryption key is derived from the ") TEXT("password hash. \n")); } else { MyHandleError( TEXT("Error during CryptDeriveKey!\n"), GetLastError()); goto Exit_MyEncryptFile; } } //--------------------------------------------------------------- // The session key is now ready. If it is not a key derived from // a password, the session key encrypted with the private key // has been written to the destination file. //--------------------------------------------------------------- // Determine the number of bytes to encrypt at a time. // This must be a multiple of ENCRYPT_BLOCK_SIZE. // ENCRYPT_BLOCK_SIZE is set by a #define statement. dwBlockLen = 1000 - 1000 % ENCRYPT_BLOCK_SIZE; //--------------------------------------------------------------- // Determine the block size. If a block cipher is used, // it must have room for an extra block. if(ENCRYPT_BLOCK_SIZE > 1) { dwBufferLen = dwBlockLen + ENCRYPT_BLOCK_SIZE; } else { dwBufferLen = dwBlockLen; } //--------------------------------------------------------------- // Allocate memory. if(pbBuffer = (BYTE *)malloc(dwBufferLen)) { _tprintf( TEXT("Memory has been allocated for the buffer. \n")); } else { MyHandleError(TEXT("Out of memory. \n"), E_OUTOFMEMORY); goto Exit_MyEncryptFile; } //--------------------------------------------------------------- // In a do loop, encrypt the source file, // and write to the source file. bool fEOF = FALSE; do { //----------------------------------------------------------- // Read up to dwBlockLen bytes from the source file. if(!ReadFile( hSourceFile, pbBuffer, dwBlockLen, &dwCount, NULL)) { MyHandleError( TEXT("Error reading plaintext!\n"), GetLastError()); goto Exit_MyEncryptFile; } if(dwCount < dwBlockLen) { fEOF = TRUE; } //----------------------------------------------------------- // Encrypt data. if(!CryptEncrypt( hKey, NULL, fEOF, 0, pbBuffer, &dwCount, dwBufferLen)) { MyHandleError( TEXT("Error during CryptEncrypt. \n"), GetLastError()); goto Exit_MyEncryptFile; } //----------------------------------------------------------- // Write the encrypted data to the destination file. if(!WriteFile( hDestinationFile, pbBuffer, dwCount, &dwCount, NULL)) { MyHandleError( TEXT("Error writing ciphertext.\n"), GetLastError()); goto Exit_MyEncryptFile; } //----------------------------------------------------------- // End the do loop when the last block of the source file // has been read, encrypted, and written to the destination // file. } while(!fEOF); fReturn = true; Exit_MyEncryptFile: //--------------------------------------------------------------- // Close files. if(hSourceFile) { CloseHandle(hSourceFile); } if(hDestinationFile) { CloseHandle(hDestinationFile); } //--------------------------------------------------------------- // Free memory. if(pbBuffer) { free(pbBuffer); } //----------------------------------------------------------- // Release the hash object. if(hHash) { if(!(CryptDestroyHash(hHash))) { MyHandleError( TEXT("Error during CryptDestroyHash.\n"), GetLastError()); } hHash = NULL; } //--------------------------------------------------------------- // Release the session key. if(hKey) { if(!(CryptDestroyKey(hKey))) { MyHandleError( TEXT("Error during CryptDestroyKey!\n"), GetLastError()); } } //--------------------------------------------------------------- // Release the provider handle. if(hCryptProv) { if(!(CryptReleaseContext(hCryptProv, 0))) { MyHandleError( TEXT("Error during CryptReleaseContext!\n"), GetLastError()); } } return fReturn; } // End Encryptfile.
/****************************************************************************++ Routine Description: Creates a handle to the CSP Arguments: pwzContainerName - name of the container to be created. if NULL, GUID is generated for the name of the container fCreateNewKeys - forces new keys to be created phCryptProv - pointer to the location, where handle should be returned Notes: - Return Value: - S_OK - or - - CAPI error returned by CryptAcquireContextW --*****************************************************************************/ HRESULT CreateCryptProv( IN PCWSTR pwzContainerName, IN BOOL fCreateNewKeys, OUT HCRYPTPROV* phCryptProv) { HRESULT hr = S_OK; HCRYPTKEY hKey = NULL; RPC_STATUS status = RPC_S_OK; BOOL fCreatedContainer = FALSE; WCHAR* pwzNewContainerName = NULL; *phCryptProv = NULL; if (NULL == pwzContainerName) { UUID uuid; BOOL fServiceAccount = FALSE; // // generate container name from the UUID // status = UuidCreate(&uuid); hr = HRESULT_FROM_RPCSTATUS(status); if (FAILED(hr)) { goto Cleanup; } status = UuidToStringW(&uuid, (unsigned short**)&pwzNewContainerName); hr = HRESULT_FROM_RPCSTATUS(status); if (FAILED(hr)) { goto Cleanup; } pwzContainerName = pwzNewContainerName; hr = IsServiceAccount(&fServiceAccount); if (FAILED(hr)) { goto Cleanup; } // // open the clean key container // // note: CRYPT_NEW_KEYSET is not creating new keys, it just // creates new key container. duh. // if (!CryptAcquireContextW(phCryptProv, pwzNewContainerName, NULL, // default provider name DEFAULT_PROV_TYPE, fServiceAccount ? (CRYPT_SILENT | CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET) : (CRYPT_SILENT | CRYPT_NEWKEYSET))) { hr = HRESULT_FROM_WIN32(GetLastError()); // // we are seeing that CryptAcquireContextW returns NTE_FAIL under low // memory condition, so we just mask the error // if (NTE_FAIL == hr) { hr = E_OUTOFMEMORY; } goto Cleanup; } fCreatedContainer = TRUE; } else { BOOL fServiceAccount = FALSE; hr = IsServiceAccount(&fServiceAccount); if (FAILED(hr)) { goto Cleanup; } // // open the provider first, create the keys too // if (!CryptAcquireContextW(phCryptProv, pwzContainerName, NULL, // default provider name DEFAULT_PROV_TYPE, fServiceAccount ? (CRYPT_SILENT | CRYPT_MACHINE_KEYSET) : (CRYPT_SILENT))) { hr = HRESULT_FROM_WIN32(GetLastError()); // // we are seeing that CryptAcquireContextW returns NTE_FAIL under low // memory condition, so we just mask the error // if (NTE_FAIL == hr) { hr = E_OUTOFMEMORY; } goto Cleanup; } } if (fCreateNewKeys) { // // make sure keys exist // if (!CryptGetUserKey(*phCryptProv, DEFAULT_KEY_SPEC, &hKey)) { hr = HRESULT_FROM_WIN32(GetLastError()); // if key does not exist, create it if (HRESULT_FROM_WIN32((unsigned long)NTE_NO_KEY) == hr) { hr = S_OK; if (!CryptGenKey(*phCryptProv, DEFAULT_KEY_SPEC, CRYPT_EXPORTABLE, &hKey)) { hr = HRESULT_FROM_WIN32(GetLastError()); // // we are seeing that CryptGenKey returns ERROR_CANTOPEN under low // memory condition, so we just mask the error // if (HRESULT_FROM_WIN32(ERROR_CANTOPEN) == hr) { hr = E_OUTOFMEMORY; } goto Cleanup; } } else { // failed to get user key by some misterious reason, so bail out goto Cleanup; } } } Cleanup: DestroyKey(hKey); if (FAILED(hr)) { // // release the context // ReleaseCryptProv(*phCryptProv); *phCryptProv = NULL; // // delete the keys, if we created them // if (fCreatedContainer) { DeleteKeys(pwzContainerName); } } if (NULL != pwzNewContainerName) { // this always returns RPC_S_OK status = RpcStringFreeW((unsigned short**)&pwzNewContainerName); USES(status); } return hr; }
void _cdecl main(void) { INT iReturn = 0; HCRYPTPROV hProv = 0; LPSTR pszContainerName = NULL; DWORD cbContainerName = 0; HCRYPTKEY hKey; // Attempt to acquire a handle to the default key container. if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) { if(GetLastError() != NTE_BAD_KEYSET) { // Some sort of error occured. printf("Error opening default key container!\n"); goto Error; } // Create default key container. if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { printf("Error creating default key container!\n"); goto Error; } // Get size of the name of the default key container name. if(CryptGetProvParam(hProv, PP_CONTAINER, NULL, &cbContainerName, 0)) { // Allocate buffer to receive default key container name. pszContainerName = malloc(cbContainerName); if(pszContainerName) { // Get name of default key container name. if(!CryptGetProvParam(hProv, PP_CONTAINER, (PBYTE)pszContainerName, &cbContainerName, 0)) { // Error getting default key container name. pszContainerName[0] = 0; } } } printf("Create key container '%s'\n", pszContainerName ? pszContainerName : ""); // Free container name buffer (if created) if(pszContainerName) { free(pszContainerName); } } // Attempt to get handle to signature key. if(!CryptGetUserKey(hProv, AT_SIGNATURE, &hKey)) { if(GetLastError() != NTE_NO_KEY) { printf("Error %x during CryptGetUserKey!\n", GetLastError()); goto Error; } // Create signature key pair. printf("Create signature key pair\n"); if(!CryptGenKey(hProv, AT_SIGNATURE, 0, &hKey)) { printf("Error %x during CryptGenKey!\n", GetLastError()); goto Error; } } // Close key handle CryptDestroyKey(hKey); // Attempt to get handle to exchange key. if(!CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hKey)) { if(GetLastError() != NTE_NO_KEY) { printf("Error %x during CryptGetUserKey!\n", GetLastError()); goto Error; } // Create key exchange key pair. printf("Create key exchange key pair\n"); if(!CryptGenKey(hProv, AT_KEYEXCHANGE, 0, &hKey)) { printf("Error %x during CryptGenKey!\n", GetLastError()); goto Error; } } // Close key handle CryptDestroyKey(hKey); printf("OK\n"); Exit: // Close the context (if open) if(hProv) { CryptReleaseContext(hProv, 0); } exit(iReturn); Error: iReturn = 1; goto Exit; }
BOOL SetupCryptoClient() { // Ensure that the default cryptographic client is set up. HCRYPTPROV hProv; HCRYPTKEY hKey; int nError; // Attempt to acquire a handle to the default key container. //if (!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, 0)) if (!CryptAcquireContext(&hProv, "MPICH", MS_DEF_PROV, PROV_RSA_FULL, 0)) { // Some sort of error occured, create default key container. //if (!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) if (!CryptAcquireContext(&hProv, "MPICH", MS_DEF_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { // Error creating key container! nError = GetLastError(); printf("SetupCryptoClient:CryptAcquireContext(...) failed, error: %d\n", nError); return FALSE; } } // Attempt to get handle to signature key. if (!CryptGetUserKey(hProv, AT_SIGNATURE, &hKey)) { if ((nError = GetLastError()) == NTE_NO_KEY) { // Create signature key pair. if (!CryptGenKey(hProv, AT_SIGNATURE, 0, &hKey)) { // Error during CryptGenKey! nError = GetLastError(); CryptReleaseContext(hProv, 0); printf("SetupCryptoClient:CryptGenKey(...) failed, error: %d\n", nError); return FALSE; } else { CryptDestroyKey(hKey); } } else { // Error during CryptGetUserKey! CryptReleaseContext(hProv, 0); printf("SetupCryptoClient:CryptGetUserKey(...) failed, error: %d\n", nError); return FALSE; } } // Attempt to get handle to exchange key. if (!CryptGetUserKey(hProv,AT_KEYEXCHANGE,&hKey)) { if ((nError = GetLastError()) == NTE_NO_KEY) { // Create key exchange key pair. if (!CryptGenKey(hProv,AT_KEYEXCHANGE,0,&hKey)) { // Error during CryptGenKey! nError = GetLastError(); CryptReleaseContext(hProv, 0); printf("SetupCryptoClient:CryptGenKey(...) failed, error: %d\n", nError); return FALSE; } else { CryptDestroyKey(hKey); } } else { // Error during CryptGetUserKey! CryptReleaseContext(hProv, 0); printf("SetupCryptoClient:CryptGetUserKey(...) failed, error: %d\n", nError); return FALSE; } } CryptReleaseContext(hProv, 0); return TRUE; }