search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
rsaenh: Use a macro to initialize the string sizes in aProvEnumAlgsEx.
[wine.git] / dlls / rsaenh / rsaenh.c
blobf2f5960fee98eadd395a1e809d04b59ecee248da
1 /*
2 * dlls/rsaenh/rsaenh.c
3 * RSAENH - RSA encryption for Wine
4 *
5 * Copyright 2002 TransGaming Technologies (David Hammerton)
6 * Copyright 2004 Mike McCormack for CodeWeavers
7 * Copyright 2004, 2005 Michael Jung
8 * Copyright 2007 Vijay Kiran Kamuju
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 */
24
25 #include "config.h"
26 #include "wine/port.h"
27 #include "wine/library.h"
28 #include "wine/debug.h"
29
30 #include <stdarg.h>
31 #include <stdio.h>
32
33 #include "windef.h"
34 #include "winbase.h"
35 #include "winreg.h"
36 #include "wincrypt.h"
37 #include "handle.h"
38 #include "implglue.h"
39 #include "objbase.h"
40 #include "rpcproxy.h"
41 #include "aclapi.h"
42
43 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
44
45 static HINSTANCE instance;
46
47 /******************************************************************************
48 * CRYPTHASH - hash objects
49 */
50 #define RSAENH_MAGIC_HASH 0x85938417u
51 #define RSAENH_HASHSTATE_HASHING 1
52 #define RSAENH_HASHSTATE_FINISHED 2
53 typedef struct _RSAENH_TLS1PRF_PARAMS
54 {
55 CRYPT_DATA_BLOB blobLabel;
56 CRYPT_DATA_BLOB blobSeed;
57 } RSAENH_TLS1PRF_PARAMS;
58
59 typedef struct tagCRYPTHASH
60 {
61 OBJECTHDR header;
62 ALG_ID aiAlgid;
63 HCRYPTKEY hKey;
64 HCRYPTPROV hProv;
65 DWORD dwHashSize;
66 DWORD dwState;
67 HASH_CONTEXT context;
68 BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
69 PHMAC_INFO pHMACInfo;
70 RSAENH_TLS1PRF_PARAMS tpPRFParams;
71 } CRYPTHASH;
72
73 /******************************************************************************
74 * CRYPTKEY - key objects
75 */
76 #define RSAENH_MAGIC_KEY 0x73620457u
77 #define RSAENH_MAX_KEY_SIZE 64
78 #define RSAENH_MAX_BLOCK_SIZE 24
79 #define RSAENH_KEYSTATE_IDLE 0
80 #define RSAENH_KEYSTATE_ENCRYPTING 1
81 #define RSAENH_KEYSTATE_MASTERKEY 2
82 typedef struct _RSAENH_SCHANNEL_INFO
83 {
84 SCHANNEL_ALG saEncAlg;
85 SCHANNEL_ALG saMACAlg;
86 CRYPT_DATA_BLOB blobClientRandom;
87 CRYPT_DATA_BLOB blobServerRandom;
88 } RSAENH_SCHANNEL_INFO;
89
90 typedef struct tagCRYPTKEY
91 {
92 OBJECTHDR header;
93 ALG_ID aiAlgid;
94 HCRYPTPROV hProv;
95 DWORD dwMode;
96 DWORD dwModeBits;
97 DWORD dwPermissions;
98 DWORD dwKeyLen;
99 DWORD dwEffectiveKeyLen;
100 DWORD dwSaltLen;
101 DWORD dwBlockLen;
102 DWORD dwState;
103 KEY_CONTEXT context;
104 BYTE abKeyValue[RSAENH_MAX_KEY_SIZE];
105 BYTE abInitVector[RSAENH_MAX_BLOCK_SIZE];
106 BYTE abChainVector[RSAENH_MAX_BLOCK_SIZE];
107 RSAENH_SCHANNEL_INFO siSChannelInfo;
108 CRYPT_DATA_BLOB blobHmacKey;
109 } CRYPTKEY;
110
111 /******************************************************************************
112 * KEYCONTAINER - key containers
113 */
114 #define RSAENH_PERSONALITY_BASE 0u
115 #define RSAENH_PERSONALITY_STRONG 1u
116 #define RSAENH_PERSONALITY_ENHANCED 2u
117 #define RSAENH_PERSONALITY_SCHANNEL 3u
118 #define RSAENH_PERSONALITY_AES 4u
119
120 #define RSAENH_MAGIC_CONTAINER 0x26384993u
121 typedef struct tagKEYCONTAINER
122 {
123 OBJECTHDR header;
124 DWORD dwFlags;
125 DWORD dwPersonality;
126 DWORD dwEnumAlgsCtr;
127 DWORD dwEnumContainersCtr;
128 CHAR szName[MAX_PATH];
129 CHAR szProvName[MAX_PATH];
130 HCRYPTKEY hKeyExchangeKeyPair;
131 HCRYPTKEY hSignatureKeyPair;
132 } KEYCONTAINER;
133
134 /******************************************************************************
135 * Some magic constants
136 */
137 #define RSAENH_ENCRYPT 1
138 #define RSAENH_DECRYPT 0
139 #define RSAENH_HMAC_DEF_IPAD_CHAR 0x36
140 #define RSAENH_HMAC_DEF_OPAD_CHAR 0x5c
141 #define RSAENH_HMAC_DEF_PAD_LEN 64
142 #define RSAENH_HMAC_BLOCK_LEN 64
143 #define RSAENH_DES_EFFECTIVE_KEYLEN 56
144 #define RSAENH_DES_STORAGE_KEYLEN 64
145 #define RSAENH_3DES112_EFFECTIVE_KEYLEN 112
146 #define RSAENH_3DES112_STORAGE_KEYLEN 128
147 #define RSAENH_3DES_EFFECTIVE_KEYLEN 168
148 #define RSAENH_3DES_STORAGE_KEYLEN 192
149 #define RSAENH_MAGIC_RSA2 0x32415352
150 #define RSAENH_MAGIC_RSA1 0x31415352
151 #define RSAENH_PKC_BLOCKTYPE 0x02
152 #define RSAENH_SSL3_VERSION_MAJOR 3
153 #define RSAENH_SSL3_VERSION_MINOR 0
154 #define RSAENH_TLS1_VERSION_MAJOR 3
155 #define RSAENH_TLS1_VERSION_MINOR 1
156 #define RSAENH_REGKEY "Software\\Wine\\Crypto\\RSA\\%s"
157
158 #define RSAENH_MIN(a,b) ((a)<(b)?(a):(b))
159 /******************************************************************************
160 * aProvEnumAlgsEx - Defines the capabilities of the CSP personalities.
161 */
162 #define RSAENH_MAX_ENUMALGS 24
163 #define RSAENH_PCT1_SSL2_SSL3_TLS1 (CRYPT_FLAG_PCT1|CRYPT_FLAG_SSL2|CRYPT_FLAG_SSL3|CRYPT_FLAG_TLS1)
164 #define S(s) sizeof(s), s
165 static const PROV_ENUMALGS_EX aProvEnumAlgsEx[5][RSAENH_MAX_ENUMALGS+1] =
166 {
167 {
168 {CALG_RC2, 40, 40, 56, 0, S("RC2"), S("RSA Data Security's RC2")},
169 {CALG_RC4, 40, 40, 56, 0, S("RC4"), S("RSA Data Security's RC4")},
170 {CALG_DES, 56, 56, 56, 0, S("DES"), S("Data Encryption Standard (DES)")},
171 {CALG_SHA, 160, 160, 160, CRYPT_FLAG_SIGNING, S("SHA-1"), S("Secure Hash Algorithm (SHA-1)")},
172 {CALG_MD2, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD2"), S("Message Digest 2 (MD2)")},
173 {CALG_MD4, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD4"), S("Message Digest 4 (MD4)")},
174 {CALG_MD5, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD5"), S("Message Digest 5 (MD5)")},
175 {CALG_SSL3_SHAMD5, 288, 288, 288, 0, S("SSL3 SHAMD5"), S("SSL3 SHAMD5")},
176 {CALG_MAC, 0, 0, 0, 0, S("MAC"), S("Message Authentication Code")},
177 {CALG_RSA_SIGN, 512, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_SIGN"), S("RSA Signature")},
178 {CALG_RSA_KEYX, 512, 384, 1024, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_KEYX"), S("RSA Key Exchange")},
179 {CALG_HMAC, 0, 0, 0, 0, S("HMAC"), S("Hugo's MAC (HMAC)")},
180 {0, 0, 0, 0, 0, S(""), S("")}
181 },
182 {
183 {CALG_RC2, 128, 40, 128, 0, S("RC2"), S("RSA Data Security's RC2")},
184 {CALG_RC4, 128, 40, 128, 0, S("RC4"), S("RSA Data Security's RC4")},
185 {CALG_DES, 56, 56, 56, 0, S("DES"), S("Data Encryption Standard (DES)")},
186 {CALG_3DES_112, 112, 112, 112, 0, S("3DES TWO KEY"), S("Two Key Triple DES")},
187 {CALG_3DES, 168, 168, 168, 0, S("3DES"), S("Three Key Triple DES")},
188 {CALG_SHA, 160, 160, 160, CRYPT_FLAG_SIGNING, S("SHA-1"), S("Secure Hash Algorithm (SHA-1)")},
189 {CALG_MD2, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD2"), S("Message Digest 2 (MD2)")},
190 {CALG_MD4, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD4"), S("Message Digest 4 (MD4)")},
191 {CALG_MD5, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD5"), S("Message Digest 5 (MD5)")},
192 {CALG_SSL3_SHAMD5, 288, 288, 288, 0, S("SSL3 SHAMD5"), S("SSL3 SHAMD5")},
193 {CALG_MAC, 0, 0, 0, 0, S("MAC"), S("Message Authentication Code")},
194 {CALG_RSA_SIGN, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_SIGN"), S("RSA Signature")},
195 {CALG_RSA_KEYX, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_KEYX"), S("RSA Key Exchange")},
196 {CALG_HMAC, 0, 0, 0, 0, S("HMAC"), S("Hugo's MAC (HMAC)")},
197 {0, 0, 0, 0, 0, S(""), S("")}
198 },
199 {
200 {CALG_RC2, 128, 40, 128, 0, S("RC2"), S("RSA Data Security's RC2")},
201 {CALG_RC4, 128, 40, 128, 0, S("RC4"), S("RSA Data Security's RC4")},
202 {CALG_DES, 56, 56, 56, 0, S("DES"), S("Data Encryption Standard (DES)")},
203 {CALG_3DES_112, 112, 112, 112, 0, S("3DES TWO KEY"), S("Two Key Triple DES")},
204 {CALG_3DES, 168, 168, 168, 0, S("3DES"), S("Three Key Triple DES")},
205 {CALG_SHA, 160, 160, 160, CRYPT_FLAG_SIGNING, S("SHA-1"), S("Secure Hash Algorithm (SHA-1)")},
206 {CALG_MD2, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD2"), S("Message Digest 2 (MD2)")},
207 {CALG_MD4, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD4"), S("Message Digest 4 (MD4)")},
208 {CALG_MD5, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD5"), S("Message Digest 5 (MD5)")},
209 {CALG_SSL3_SHAMD5, 288, 288, 288, 0, S("SSL3 SHAMD5"), S("SSL3 SHAMD5")},
210 {CALG_MAC, 0, 0, 0, 0, S("MAC"), S("Message Authentication Code")},
211 {CALG_RSA_SIGN, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_SIGN"), S("RSA Signature")},
212 {CALG_RSA_KEYX, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_KEYX"), S("RSA Key Exchange")},
213 {CALG_HMAC, 0, 0, 0, 0, S("HMAC"), S("Hugo's MAC (HMAC)")},
214 {0, 0, 0, 0, 0, S(""), S("")}
215 },
216 {
217 {CALG_RC2, 128, 40, 128, RSAENH_PCT1_SSL2_SSL3_TLS1, S("RC2"), S("RSA Data Security's RC2")},
218 {CALG_RC4, 128, 40, 128, RSAENH_PCT1_SSL2_SSL3_TLS1, S("RC4"), S("RSA Data Security's RC4")},
219 {CALG_DES, 56, 56, 56, RSAENH_PCT1_SSL2_SSL3_TLS1, S("DES"), S("Data Encryption Standard (DES)")},
220 {CALG_3DES_112, 112, 112, 112, RSAENH_PCT1_SSL2_SSL3_TLS1, S("3DES TWO KEY"), S("Two Key Triple DES")},
221 {CALG_3DES, 168, 168, 168, RSAENH_PCT1_SSL2_SSL3_TLS1, S("3DES"), S("Three Key Triple DES")},
222 {CALG_SHA, 160, 160, 160, CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1, S("SHA-1"), S("Secure Hash Algorithm (SHA-1)")},
223 {CALG_MD5, 128, 128, 128, CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1, S("MD5"), S("Message Digest 5 (MD5)")},
224 {CALG_SSL3_SHAMD5, 288, 288, 288, 0, S("SSL3 SHAMD5"), S("SSL3 SHAMD5")},
225 {CALG_MAC, 0, 0, 0, 0, S("MAC"), S("Message Authentication Code")},
226 {CALG_RSA_SIGN, 1024, 384, 16384, CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1, S("RSA_SIGN"), S("RSA Signature")},
227 {CALG_RSA_KEYX, 1024, 384, 16384, CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1, S("RSA_KEYX"), S("RSA Key Exchange")},
228 {CALG_HMAC, 0, 0, 0, 0, S("HMAC"), S("Hugo's MAC (HMAC)")},
229 {CALG_PCT1_MASTER, 128, 128, 128, CRYPT_FLAG_PCT1, S("PCT1 MASTER"), S("PCT1 Master")},
230 {CALG_SSL2_MASTER, 40, 40, 192, CRYPT_FLAG_SSL2, S("SSL2 MASTER"), S("SSL2 Master")},
231 {CALG_SSL3_MASTER, 384, 384, 384, CRYPT_FLAG_SSL3, S("SSL3 MASTER"), S("SSL3 Master")},
232 {CALG_TLS1_MASTER, 384, 384, 384, CRYPT_FLAG_TLS1, S("TLS1 MASTER"), S("TLS1 Master")},
233 {CALG_SCHANNEL_MASTER_HASH, 0, 0, -1, 0, S("SCH MASTER HASH"), S("SChannel Master Hash")},
234 {CALG_SCHANNEL_MAC_KEY, 0, 0, -1, 0, S("SCH MAC KEY"), S("SChannel MAC Key")},
235 {CALG_SCHANNEL_ENC_KEY, 0, 0, -1, 0, S("SCH ENC KEY"), S("SChannel Encryption Key")},
236 {CALG_TLS1PRF, 0, 0, -1, 0, S("TLS1 PRF"), S("TLS1 Pseudo Random Function")},
237 {0, 0, 0, 0, 0, S(""), S("")}
238 },
239 {
240 {CALG_RC2, 128, 40, 128, 0, S("RC2"), S("RSA Data Security's RC2")},
241 {CALG_RC4, 128, 40, 128, 0, S("RC4"), S("RSA Data Security's RC4")},
242 {CALG_DES, 56, 56, 56, 0, S("DES"), S("Data Encryption Standard (DES)")},
243 {CALG_3DES_112, 112, 112, 112, 0, S("3DES TWO KEY"), S("Two Key Triple DES")},
244 {CALG_3DES, 168, 168, 168, 0, S("3DES"), S("Three Key Triple DES")},
245 {CALG_AES, 128, 128, 128, 0, S("AES"), S("Advanced Encryption Standard (AES)")},
246 {CALG_AES_128, 128, 128, 128, 0, S("AES-128"), S("Advanced Encryption Standard (AES-128)")},
247 {CALG_AES_192, 192, 192, 192, 0, S("AES-192"), S("Advanced Encryption Standard (AES-192)")},
248 {CALG_AES_256, 256, 256, 256, 0, S("AES-256"), S("Advanced Encryption Standard (AES-256)")},
249 {CALG_SHA, 160, 160, 160, CRYPT_FLAG_SIGNING, S("SHA-1"), S("Secure Hash Algorithm (SHA-1)")},
250 {CALG_SHA_256, 256, 256, 256, CRYPT_FLAG_SIGNING, S("SHA-256"), S("Secure Hash Algorithm (SHA-256)")},
251 {CALG_SHA_384, 384, 384, 384, CRYPT_FLAG_SIGNING, S("SHA-384"), S("Secure Hash Algorithm (SHA-384)")},
252 {CALG_SHA_512, 512, 512, 512, CRYPT_FLAG_SIGNING, S("SHA-512"), S("Secure Hash Algorithm (SHA-512)")},
253 {CALG_MD2, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD2"), S("Message Digest 2 (MD2)")},
254 {CALG_MD4, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD4"), S("Message Digest 4 (MD4)")},
255 {CALG_MD5, 128, 128, 128, CRYPT_FLAG_SIGNING, S("MD5"), S("Message Digest 5 (MD5)")},
256 {CALG_SSL3_SHAMD5, 288, 288, 288, 0, S("SSL3 SHAMD5"), S("SSL3 SHAMD5")},
257 {CALG_MAC, 0, 0, 0, 0, S("MAC"), S("Message Authentication Code")},
258 {CALG_RSA_SIGN, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_SIGN"), S("RSA Signature")},
259 {CALG_RSA_KEYX, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_KEYX"), S("RSA Key Exchange")},
260 {CALG_HMAC, 0, 0, 0, 0, S("HMAC"), S("Hugo's MAC (HMAC)")},
261 {0, 0, 0, 0, 0, S(""), S("")}
262 }
263 };
264 #undef S
265
266 /******************************************************************************
267 * API forward declarations
268 */
269 BOOL WINAPI
270 RSAENH_CPGetKeyParam(
271 HCRYPTPROV hProv,
272 HCRYPTKEY hKey,
273 DWORD dwParam,
274 BYTE *pbData,
275 DWORD *pdwDataLen,
276 DWORD dwFlags
277 );
278
279 BOOL WINAPI
280 RSAENH_CPEncrypt(
281 HCRYPTPROV hProv,
282 HCRYPTKEY hKey,
283 HCRYPTHASH hHash,
284 BOOL Final,
285 DWORD dwFlags,
286 BYTE *pbData,
287 DWORD *pdwDataLen,
288 DWORD dwBufLen
289 );
290
291 BOOL WINAPI
292 RSAENH_CPCreateHash(
293 HCRYPTPROV hProv,
294 ALG_ID Algid,
295 HCRYPTKEY hKey,
296 DWORD dwFlags,
297 HCRYPTHASH *phHash
298 );
299
300 BOOL WINAPI
301 RSAENH_CPSetHashParam(
302 HCRYPTPROV hProv,
303 HCRYPTHASH hHash,
304 DWORD dwParam,
305 BYTE *pbData, DWORD dwFlags
306 );
307
308 BOOL WINAPI
309 RSAENH_CPGetHashParam(
310 HCRYPTPROV hProv,
311 HCRYPTHASH hHash,
312 DWORD dwParam,
313 BYTE *pbData,
314 DWORD *pdwDataLen,
315 DWORD dwFlags
316 );
317
318 BOOL WINAPI
319 RSAENH_CPDestroyHash(
320 HCRYPTPROV hProv,
321 HCRYPTHASH hHash
322 );
323
324 static BOOL crypt_export_key(
325 CRYPTKEY *pCryptKey,
326 HCRYPTKEY hPubKey,
327 DWORD dwBlobType,
328 DWORD dwFlags,
329 BOOL force,
330 BYTE *pbData,
331 DWORD *pdwDataLen
332 );
333
334 static BOOL import_key(
335 HCRYPTPROV hProv,
336 const BYTE *pbData,
337 DWORD dwDataLen,
338 HCRYPTKEY hPubKey,
339 DWORD dwFlags,
340 BOOL fStoreKey,
341 HCRYPTKEY *phKey
342 );
343
344 BOOL WINAPI
345 RSAENH_CPHashData(
346 HCRYPTPROV hProv,
347 HCRYPTHASH hHash,
348 const BYTE *pbData,
349 DWORD dwDataLen,
350 DWORD dwFlags
351 );
352
353 /******************************************************************************
354 * CSP's handle table (used by all acquired key containers)
355 */
356 static struct handle_table handle_table;
357
358 /******************************************************************************
359 * DllMain (RSAENH.@)
360 *
361 * Initializes and destroys the handle table for the CSP's handles.
362 */
363 BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD fdwReason, PVOID reserved)
364 {
365 switch (fdwReason)
366 {
367 case DLL_PROCESS_ATTACH:
368 instance = hInstance;
369 DisableThreadLibraryCalls(hInstance);
370 init_handle_table(&handle_table);
371 break;
372
373 case DLL_PROCESS_DETACH:
374 if (reserved) break;
375 destroy_handle_table(&handle_table);
376 break;
377 }
378 return TRUE;
379 }
380
381 /******************************************************************************
382 * copy_param [Internal]
383 *
384 * Helper function that supports the standard WINAPI protocol for querying data
385 * of dynamic size.
386 *
387 * PARAMS
388 * pbBuffer [O] Buffer where the queried parameter is copied to, if it is large enough.
389 * May be NUL if the required buffer size is to be queried only.
390 * pdwBufferSize [I/O] In: Size of the buffer at pbBuffer
391 * Out: Size of parameter pbParam
392 * pbParam [I] Parameter value.
393 * dwParamSize [I] Size of pbParam
394 *
395 * RETURN
396 * Success: TRUE (pbParam was copied into pbBuffer or pbBuffer is NULL)
397 * Failure: FALSE (pbBuffer is not large enough to hold pbParam). Last error: ERROR_MORE_DATA
398 */
399 static inline BOOL copy_param(BYTE *pbBuffer, DWORD *pdwBufferSize, const BYTE *pbParam,
400 DWORD dwParamSize)
401 {
402 if (pbBuffer)
403 {
404 if (dwParamSize > *pdwBufferSize)
405 {
406 SetLastError(ERROR_MORE_DATA);
407 *pdwBufferSize = dwParamSize;
408 return FALSE;
409 }
410 memcpy(pbBuffer, pbParam, dwParamSize);
411 }
412 *pdwBufferSize = dwParamSize;
413 return TRUE;
414 }
415
416 static inline KEYCONTAINER* get_key_container(HCRYPTPROV hProv)
417 {
418 KEYCONTAINER *pKeyContainer;
419
420 if (!lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER,
421 (OBJECTHDR**)&pKeyContainer))
422 {
423 SetLastError(NTE_BAD_UID);
424 return NULL;
425 }
426 return pKeyContainer;
427 }
428
429 /******************************************************************************
430 * get_algid_info [Internal]
431 *
432 * Query CSP capabilities for a given crypto algorithm.
433 *
434 * PARAMS
435 * hProv [I] Handle to a key container of the CSP whose capabilities are to be queried.
436 * algid [I] Identifier of the crypto algorithm about which information is requested.
437 *
438 * RETURNS
439 * Success: Pointer to a PROV_ENUMALGS_EX struct containing information about the crypto algorithm.
440 * Failure: NULL (algid not supported)
441 */
442 static inline const PROV_ENUMALGS_EX* get_algid_info(HCRYPTPROV hProv, ALG_ID algid) {
443 const PROV_ENUMALGS_EX *iterator;
444 KEYCONTAINER *pKeyContainer;
445
446 if (!(pKeyContainer = get_key_container(hProv))) return NULL;
447
448 for (iterator = aProvEnumAlgsEx[pKeyContainer->dwPersonality]; iterator->aiAlgid; iterator++) {
449 if (iterator->aiAlgid == algid) return iterator;
450 }
451
452 SetLastError(NTE_BAD_ALGID);
453 return NULL;
454 }
455
456 /******************************************************************************
457 * copy_data_blob [Internal]
458 *
459 * deeply copies a DATA_BLOB
460 *
461 * PARAMS
462 * dst [O] That's where the blob will be copied to
463 * src [I] Source blob
464 *
465 * RETURNS
466 * Success: TRUE
467 * Failure: FALSE (GetLastError() == NTE_NO_MEMORY
468 *
469 * NOTES
470 * Use free_data_blob to release resources occupied by copy_data_blob.
471 */
472 static inline BOOL copy_data_blob(PCRYPT_DATA_BLOB dst, const PCRYPT_DATA_BLOB src)
473 {
474 dst->pbData = HeapAlloc(GetProcessHeap(), 0, src->cbData);
475 if (!dst->pbData) {
476 SetLastError(NTE_NO_MEMORY);
477 return FALSE;
478 }
479 dst->cbData = src->cbData;
480 memcpy(dst->pbData, src->pbData, src->cbData);
481 return TRUE;
482 }
483
484 /******************************************************************************
485 * concat_data_blobs [Internal]
486 *
487 * Concatenates two blobs
488 *
489 * PARAMS
490 * dst [O] The new blob will be copied here
491 * src1 [I] Prefix blob
492 * src2 [I] Appendix blob
493 *
494 * RETURNS
495 * Success: TRUE
496 * Failure: FALSE (GetLastError() == NTE_NO_MEMORY)
497 *
498 * NOTES
499 * Release resources occupied by concat_data_blobs with free_data_blobs
500 */
501 static inline BOOL concat_data_blobs(PCRYPT_DATA_BLOB dst, const PCRYPT_DATA_BLOB src1,
502 const PCRYPT_DATA_BLOB src2)
503 {
504 dst->cbData = src1->cbData + src2->cbData;
505 dst->pbData = HeapAlloc(GetProcessHeap(), 0, dst->cbData);
506 if (!dst->pbData) {
507 SetLastError(NTE_NO_MEMORY);
508 return FALSE;
509 }
510 memcpy(dst->pbData, src1->pbData, src1->cbData);
511 memcpy(dst->pbData + src1->cbData, src2->pbData, src2->cbData);
512 return TRUE;
513 }
514
515 /******************************************************************************
516 * free_data_blob [Internal]
517 *
518 * releases resource occupied by a dynamically allocated CRYPT_DATA_BLOB
519 *
520 * PARAMS
521 * pBlob [I] Heap space occupied by pBlob->pbData is released
522 */
523 static inline void free_data_blob(PCRYPT_DATA_BLOB pBlob) {
524 HeapFree(GetProcessHeap(), 0, pBlob->pbData);
525 }
526
527 /******************************************************************************
528 * init_data_blob [Internal]
529 */
530 static inline void init_data_blob(PCRYPT_DATA_BLOB pBlob) {
531 pBlob->pbData = NULL;
532 pBlob->cbData = 0;
533 }
534
535 /******************************************************************************
536 * free_hmac_info [Internal]
537 *
538 * Deeply free an HMAC_INFO struct.
539 *
540 * PARAMS
541 * hmac_info [I] Pointer to the HMAC_INFO struct to be freed.
542 *
543 * NOTES
544 * See Internet RFC 2104 for details on the HMAC algorithm.
545 */
546 static inline void free_hmac_info(PHMAC_INFO hmac_info) {
547 if (!hmac_info) return;
548 HeapFree(GetProcessHeap(), 0, hmac_info->pbInnerString);
549 HeapFree(GetProcessHeap(), 0, hmac_info->pbOuterString);
550 HeapFree(GetProcessHeap(), 0, hmac_info);
551 }
552
553 /******************************************************************************
554 * copy_hmac_info [Internal]
555 *
556 * Deeply copy an HMAC_INFO struct
557 *
558 * PARAMS
559 * dst [O] Pointer to a location where the pointer to the HMAC_INFO copy will be stored.
560 * src [I] Pointer to the HMAC_INFO struct to be copied.
561 *
562 * RETURNS
563 * Success: TRUE
564 * Failure: FALSE
565 *
566 * NOTES
567 * See Internet RFC 2104 for details on the HMAC algorithm.
568 */
569 static BOOL copy_hmac_info(PHMAC_INFO *dst, const HMAC_INFO *src) {
570 if (!src) return FALSE;
571 *dst = HeapAlloc(GetProcessHeap(), 0, sizeof(HMAC_INFO));
572 if (!*dst) return FALSE;
573 **dst = *src;
574 (*dst)->pbInnerString = NULL;
575 (*dst)->pbOuterString = NULL;
576 if ((*dst)->cbInnerString == 0) (*dst)->cbInnerString = RSAENH_HMAC_DEF_PAD_LEN;
577 (*dst)->pbInnerString = HeapAlloc(GetProcessHeap(), 0, (*dst)->cbInnerString);
578 if (!(*dst)->pbInnerString) {
579 free_hmac_info(*dst);
580 return FALSE;
581 }
582 if (src->cbInnerString)
583 memcpy((*dst)->pbInnerString, src->pbInnerString, src->cbInnerString);
584 else
585 memset((*dst)->pbInnerString, RSAENH_HMAC_DEF_IPAD_CHAR, RSAENH_HMAC_DEF_PAD_LEN);
586 if ((*dst)->cbOuterString == 0) (*dst)->cbOuterString = RSAENH_HMAC_DEF_PAD_LEN;
587 (*dst)->pbOuterString = HeapAlloc(GetProcessHeap(), 0, (*dst)->cbOuterString);
588 if (!(*dst)->pbOuterString) {
589 free_hmac_info(*dst);
590 return FALSE;
591 }
592 if (src->cbOuterString)
593 memcpy((*dst)->pbOuterString, src->pbOuterString, src->cbOuterString);
594 else
595 memset((*dst)->pbOuterString, RSAENH_HMAC_DEF_OPAD_CHAR, RSAENH_HMAC_DEF_PAD_LEN);
596 return TRUE;
597 }
598
599 /******************************************************************************
600 * destroy_hash [Internal]
601 *
602 * Destructor for hash objects
603 *
604 * PARAMS
605 * pCryptHash [I] Pointer to the hash object to be destroyed.
606 * Will be invalid after function returns!
607 */
608 static void destroy_hash(OBJECTHDR *pObject)
609 {
610 CRYPTHASH *pCryptHash = (CRYPTHASH*)pObject;
611
612 free_hmac_info(pCryptHash->pHMACInfo);
613 free_data_blob(&pCryptHash->tpPRFParams.blobLabel);
614 free_data_blob(&pCryptHash->tpPRFParams.blobSeed);
615 HeapFree(GetProcessHeap(), 0, pCryptHash);
616 }
617
618 /******************************************************************************
619 * init_hash [Internal]
620 *
621 * Initialize (or reset) a hash object
622 *
623 * PARAMS
624 * pCryptHash [I] The hash object to be initialized.
625 */
626 static inline BOOL init_hash(CRYPTHASH *pCryptHash) {
627 DWORD dwLen;
628
629 switch (pCryptHash->aiAlgid)
630 {
631 case CALG_HMAC:
632 if (pCryptHash->pHMACInfo) {
633 const PROV_ENUMALGS_EX *pAlgInfo;
634
635 pAlgInfo = get_algid_info(pCryptHash->hProv, pCryptHash->pHMACInfo->HashAlgid);
636 if (!pAlgInfo) return FALSE;
637 pCryptHash->dwHashSize = pAlgInfo->dwDefaultLen >> 3;
638 init_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context);
639 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
640 pCryptHash->pHMACInfo->pbInnerString,
641 pCryptHash->pHMACInfo->cbInnerString);
642 }
643 return TRUE;
644
645 case CALG_MAC:
646 dwLen = sizeof(DWORD);
647 RSAENH_CPGetKeyParam(pCryptHash->hProv, pCryptHash->hKey, KP_BLOCKLEN,
648 (BYTE*)&pCryptHash->dwHashSize, &dwLen, 0);
649 pCryptHash->dwHashSize >>= 3;
650 return TRUE;
651
652 default:
653 return init_hash_impl(pCryptHash->aiAlgid, &pCryptHash->context);
654 }
655 }
656
657 /******************************************************************************
658 * update_hash [Internal]
659 *
660 * Hashes the given data and updates the hash object's state accordingly
661 *
662 * PARAMS
663 * pCryptHash [I] Hash object to be updated.
664 * pbData [I] Pointer to data stream to be hashed.
665 * dwDataLen [I] Length of data stream.
666 */
667 static inline void update_hash(CRYPTHASH *pCryptHash, const BYTE *pbData, DWORD dwDataLen)
668 {
669 BYTE *pbTemp;
670
671 switch (pCryptHash->aiAlgid)
672 {
673 case CALG_HMAC:
674 if (pCryptHash->pHMACInfo)
675 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
676 pbData, dwDataLen);
677 break;
678
679 case CALG_MAC:
680 pbTemp = HeapAlloc(GetProcessHeap(), 0, dwDataLen);
681 if (!pbTemp) return;
682 memcpy(pbTemp, pbData, dwDataLen);
683 RSAENH_CPEncrypt(pCryptHash->hProv, pCryptHash->hKey, 0, FALSE, 0,
684 pbTemp, &dwDataLen, dwDataLen);
685 HeapFree(GetProcessHeap(), 0, pbTemp);
686 break;
687
688 default:
689 update_hash_impl(pCryptHash->aiAlgid, &pCryptHash->context, pbData, dwDataLen);
690 }
691 }
692
693 /******************************************************************************
694 * finalize_hash [Internal]
695 *
696 * Finalizes the hash, after all data has been hashed with update_hash.
697 * No additional data can be hashed afterwards until the hash gets initialized again.
698 *
699 * PARAMS
700 * pCryptHash [I] Hash object to be finalized.
701 */
702 static inline void finalize_hash(CRYPTHASH *pCryptHash) {
703 DWORD dwDataLen;
704
705 switch (pCryptHash->aiAlgid)
706 {
707 case CALG_HMAC:
708 if (pCryptHash->pHMACInfo) {
709 BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
710
711 finalize_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
712 pCryptHash->abHashValue);
713 memcpy(abHashValue, pCryptHash->abHashValue, pCryptHash->dwHashSize);
714 init_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context);
715 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
716 pCryptHash->pHMACInfo->pbOuterString,
717 pCryptHash->pHMACInfo->cbOuterString);
718 update_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
719 abHashValue, pCryptHash->dwHashSize);
720 finalize_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->context,
721 pCryptHash->abHashValue);
722 }
723 break;
724
725 case CALG_MAC:
726 dwDataLen = 0;
727 RSAENH_CPEncrypt(pCryptHash->hProv, pCryptHash->hKey, 0, TRUE, 0,
728 pCryptHash->abHashValue, &dwDataLen, pCryptHash->dwHashSize);
729 break;
730
731 default:
732 finalize_hash_impl(pCryptHash->aiAlgid, &pCryptHash->context, pCryptHash->abHashValue);
733 }
734 }
735
736 /******************************************************************************
737 * destroy_key [Internal]
738 *
739 * Destructor for key objects
740 *
741 * PARAMS
742 * pCryptKey [I] Pointer to the key object to be destroyed.
743 * Will be invalid after function returns!
744 */
745 static void destroy_key(OBJECTHDR *pObject)
746 {
747 CRYPTKEY *pCryptKey = (CRYPTKEY*)pObject;
748
749 free_key_impl(pCryptKey->aiAlgid, &pCryptKey->context);
750 free_data_blob(&pCryptKey->siSChannelInfo.blobClientRandom);
751 free_data_blob(&pCryptKey->siSChannelInfo.blobServerRandom);
752 free_data_blob(&pCryptKey->blobHmacKey);
753 HeapFree(GetProcessHeap(), 0, pCryptKey);
754 }
755
756 /******************************************************************************
757 * setup_key [Internal]
758 *
759 * Initialize (or reset) a key object
760 *
761 * PARAMS
762 * pCryptKey [I] The key object to be initialized.
763 */
764 static inline void setup_key(CRYPTKEY *pCryptKey) {
765 pCryptKey->dwState = RSAENH_KEYSTATE_IDLE;
766 memcpy(pCryptKey->abChainVector, pCryptKey->abInitVector, sizeof(pCryptKey->abChainVector));
767 setup_key_impl(pCryptKey->aiAlgid, &pCryptKey->context, pCryptKey->dwKeyLen,
768 pCryptKey->dwEffectiveKeyLen, pCryptKey->dwSaltLen,
769 pCryptKey->abKeyValue);
770 }
771
772 /******************************************************************************
773 * new_key [Internal]
774 *
775 * Creates a new key object without assigning the actual binary key value.
776 * This is done by CPDeriveKey, CPGenKey or CPImportKey, which call this function.
777 *
778 * PARAMS
779 * hProv [I] Handle to the provider to which the created key will belong.
780 * aiAlgid [I] The new key shall use the crypto algorithm identified by aiAlgid.
781 * dwFlags [I] Upper 16 bits give the key length.
782 * Lower 16 bits: CRYPT_EXPORTABLE, CRYPT_CREATE_SALT,
783 * CRYPT_NO_SALT
784 * ppCryptKey [O] Pointer to the created key
785 *
786 * RETURNS
787 * Success: Handle to the created key.
788 * Failure: INVALID_HANDLE_VALUE
789 */
790 static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTKEY **ppCryptKey)
791 {
792 HCRYPTKEY hCryptKey;
793 CRYPTKEY *pCryptKey;
794 DWORD dwKeyLen = HIWORD(dwFlags), bKeyLen = dwKeyLen;
795 const PROV_ENUMALGS_EX *peaAlgidInfo;
796
797 *ppCryptKey = NULL;
798
799 /*
800 * Retrieve the CSP's capabilities for the given ALG_ID value
801 */
802 peaAlgidInfo = get_algid_info(hProv, aiAlgid);
803 if (!peaAlgidInfo) return (HCRYPTKEY)INVALID_HANDLE_VALUE;
804
805 TRACE("alg = %s, dwKeyLen = %d\n", debugstr_a(peaAlgidInfo->szName),
806 dwKeyLen);
807 /*
808 * Assume the default key length, if none is specified explicitly
809 */
810 if (dwKeyLen == 0) dwKeyLen = peaAlgidInfo->dwDefaultLen;
811
812 /*
813 * Check if the requested key length is supported by the current CSP.
814 * Adjust key length's for DES algorithms.
815 */
816 switch (aiAlgid) {
817 case CALG_DES:
818 if (dwKeyLen == RSAENH_DES_EFFECTIVE_KEYLEN) {
819 dwKeyLen = RSAENH_DES_STORAGE_KEYLEN;
820 }
821 if (dwKeyLen != RSAENH_DES_STORAGE_KEYLEN) {
822 SetLastError(NTE_BAD_FLAGS);
823 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
824 }
825 break;
826
827 case CALG_3DES_112:
828 if (dwKeyLen == RSAENH_3DES112_EFFECTIVE_KEYLEN) {
829 dwKeyLen = RSAENH_3DES112_STORAGE_KEYLEN;
830 }
831 if (dwKeyLen != RSAENH_3DES112_STORAGE_KEYLEN) {
832 SetLastError(NTE_BAD_FLAGS);
833 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
834 }
835 break;
836
837 case CALG_3DES:
838 if (dwKeyLen == RSAENH_3DES_EFFECTIVE_KEYLEN) {
839 dwKeyLen = RSAENH_3DES_STORAGE_KEYLEN;
840 }
841 if (dwKeyLen != RSAENH_3DES_STORAGE_KEYLEN) {
842 SetLastError(NTE_BAD_FLAGS);
843 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
844 }
845 break;
846
847 case CALG_HMAC:
848 /* Avoid the key length check for HMAC keys, which have unlimited
849 * length.
850 */
851 break;
852
853 case CALG_AES:
854 if (!bKeyLen)
855 {
856 TRACE("missing key len for CALG_AES\n");
857 SetLastError(NTE_BAD_ALGID);
858 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
859 }
860 /* fall through */
861 default:
862 if (dwKeyLen % 8 ||
863 dwKeyLen > peaAlgidInfo->dwMaxLen ||
864 dwKeyLen < peaAlgidInfo->dwMinLen)
865 {
866 TRACE("key len %d out of bounds (%d, %d)\n", dwKeyLen,
867 peaAlgidInfo->dwMinLen, peaAlgidInfo->dwMaxLen);
868 SetLastError(NTE_BAD_DATA);
869 return (HCRYPTKEY)INVALID_HANDLE_VALUE;
870 }
871 }
872
873 hCryptKey = new_object(&handle_table, sizeof(CRYPTKEY), RSAENH_MAGIC_KEY,
874 destroy_key, (OBJECTHDR**)&pCryptKey);
875 if (hCryptKey != (HCRYPTKEY)INVALID_HANDLE_VALUE)
876 {
877 KEYCONTAINER *pKeyContainer = get_key_container(hProv);
878 pCryptKey->aiAlgid = aiAlgid;
879 pCryptKey->hProv = hProv;
880 pCryptKey->dwModeBits = 0;
881 pCryptKey->dwPermissions = CRYPT_ENCRYPT | CRYPT_DECRYPT | CRYPT_READ | CRYPT_WRITE |
882 CRYPT_MAC;
883 if (dwFlags & CRYPT_EXPORTABLE)
884 pCryptKey->dwPermissions |= CRYPT_EXPORT;
885 pCryptKey->dwKeyLen = dwKeyLen >> 3;
886 pCryptKey->dwEffectiveKeyLen = 0;
887
888 /*
889 * For compatibility reasons a 40 bit key on the Enhanced
890 * provider will not have salt
891 */
892 if (pKeyContainer->dwPersonality == RSAENH_PERSONALITY_ENHANCED
893 && (aiAlgid == CALG_RC2 || aiAlgid == CALG_RC4)
894 && (dwFlags & CRYPT_CREATE_SALT) && dwKeyLen == 40)
895 pCryptKey->dwSaltLen = 0;
896 else if ((dwFlags & CRYPT_CREATE_SALT) || (dwKeyLen == 40 && !(dwFlags & CRYPT_NO_SALT)))
897 pCryptKey->dwSaltLen = 16 /*FIXME*/ - pCryptKey->dwKeyLen;
898 else
899 pCryptKey->dwSaltLen = 0;
900 memset(pCryptKey->abKeyValue, 0, sizeof(pCryptKey->abKeyValue));
901 memset(pCryptKey->abInitVector, 0, sizeof(pCryptKey->abInitVector));
902 memset(&pCryptKey->siSChannelInfo.saEncAlg, 0, sizeof(pCryptKey->siSChannelInfo.saEncAlg));
903 memset(&pCryptKey->siSChannelInfo.saMACAlg, 0, sizeof(pCryptKey->siSChannelInfo.saMACAlg));
904 init_data_blob(&pCryptKey->siSChannelInfo.blobClientRandom);
905 init_data_blob(&pCryptKey->siSChannelInfo.blobServerRandom);
906 init_data_blob(&pCryptKey->blobHmacKey);
907
908 switch(aiAlgid)
909 {
910 case CALG_PCT1_MASTER:
911 case CALG_SSL2_MASTER:
912 case CALG_SSL3_MASTER:
913 case CALG_TLS1_MASTER:
914 case CALG_RC4:
915 pCryptKey->dwBlockLen = 0;
916 pCryptKey->dwMode = 0;
917 break;
918
919 case CALG_RC2:
920 case CALG_DES:
921 case CALG_3DES_112:
922 case CALG_3DES:
923 pCryptKey->dwBlockLen = 8;
924 pCryptKey->dwMode = CRYPT_MODE_CBC;
925 break;
926
927 case CALG_AES:
928 case CALG_AES_128:
929 case CALG_AES_192:
930 case CALG_AES_256:
931 pCryptKey->dwBlockLen = 16;
932 pCryptKey->dwMode = CRYPT_MODE_CBC;
933 break;
934
935 case CALG_RSA_KEYX:
936 case CALG_RSA_SIGN:
937 pCryptKey->dwBlockLen = dwKeyLen >> 3;
938 pCryptKey->dwMode = 0;
939 break;
940
941 case CALG_HMAC:
942 pCryptKey->dwBlockLen = 0;
943 pCryptKey->dwMode = 0;
944 break;
945 }
946
947 *ppCryptKey = pCryptKey;
948 }
949
950 return hCryptKey;
951 }
952
953 /******************************************************************************
954 * map_key_spec_to_key_pair_name [Internal]
955 *
956 * Returns the name of the registry value associated with a key spec.
957 *
958 * PARAMS
959 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
960 *
961 * RETURNS
962 * Success: Name of registry value.
963 * Failure: NULL
964 */
965 static LPCSTR map_key_spec_to_key_pair_name(DWORD dwKeySpec)
966 {
967 LPCSTR szValueName;
968
969 switch (dwKeySpec)
970 {
971 case AT_KEYEXCHANGE:
972 szValueName = "KeyExchangeKeyPair";
973 break;
974 case AT_SIGNATURE:
975 szValueName = "SignatureKeyPair";
976 break;
977 default:
978 WARN("invalid key spec %d\n", dwKeySpec);
979 szValueName = NULL;
980 }
981 return szValueName;
982 }
983
984 /******************************************************************************
985 * store_key_pair [Internal]
986 *
987 * Stores a key pair to the registry
988 *
989 * PARAMS
990 * hCryptKey [I] Handle to the key to be stored
991 * hKey [I] Registry key where the key pair is to be stored
992 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
993 * dwFlags [I] Flags for protecting the key
994 */
995 static void store_key_pair(HCRYPTKEY hCryptKey, HKEY hKey, DWORD dwKeySpec, DWORD dwFlags)
996 {
997 LPCSTR szValueName;
998 DATA_BLOB blobIn, blobOut;
999 CRYPTKEY *pKey;
1000 DWORD dwLen;
1001 BYTE *pbKey;
1002
1003 if (!(szValueName = map_key_spec_to_key_pair_name(dwKeySpec)))
1004 return;
1005 if (lookup_handle(&handle_table, hCryptKey, RSAENH_MAGIC_KEY,
1006 (OBJECTHDR**)&pKey))
1007 {
1008 if (crypt_export_key(pKey, 0, PRIVATEKEYBLOB, 0, TRUE, 0, &dwLen))
1009 {
1010 pbKey = HeapAlloc(GetProcessHeap(), 0, dwLen);
1011 if (pbKey)
1012 {
1013 if (crypt_export_key(pKey, 0, PRIVATEKEYBLOB, 0, TRUE, pbKey,
1014 &dwLen))
1015 {
1016 blobIn.pbData = pbKey;
1017 blobIn.cbData = dwLen;
1018
1019 if (CryptProtectData(&blobIn, NULL, NULL, NULL, NULL,
1020 dwFlags, &blobOut))
1021 {
1022 RegSetValueExA(hKey, szValueName, 0, REG_BINARY,
1023 blobOut.pbData, blobOut.cbData);
1024 LocalFree(blobOut.pbData);
1025 }
1026 }
1027 HeapFree(GetProcessHeap(), 0, pbKey);
1028 }
1029 }
1030 }
1031 }
1032
1033 /******************************************************************************
1034 * map_key_spec_to_permissions_name [Internal]
1035 *
1036 * Returns the name of the registry value associated with the permissions for
1037 * a key spec.
1038 *
1039 * PARAMS
1040 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
1041 *
1042 * RETURNS
1043 * Success: Name of registry value.
1044 * Failure: NULL
1045 */
1046 static LPCSTR map_key_spec_to_permissions_name(DWORD dwKeySpec)
1047 {
1048 LPCSTR szValueName;
1049
1050 switch (dwKeySpec)
1051 {
1052 case AT_KEYEXCHANGE:
1053 szValueName = "KeyExchangePermissions";
1054 break;
1055 case AT_SIGNATURE:
1056 szValueName = "SignaturePermissions";
1057 break;
1058 default:
1059 WARN("invalid key spec %d\n", dwKeySpec);
1060 szValueName = NULL;
1061 }
1062 return szValueName;
1063 }
1064
1065 /******************************************************************************
1066 * store_key_permissions [Internal]
1067 *
1068 * Stores a key's permissions to the registry
1069 *
1070 * PARAMS
1071 * hCryptKey [I] Handle to the key whose permissions are to be stored
1072 * hKey [I] Registry key where the key permissions are to be stored
1073 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
1074 */
1075 static void store_key_permissions(HCRYPTKEY hCryptKey, HKEY hKey, DWORD dwKeySpec)
1076 {
1077 LPCSTR szValueName;
1078 CRYPTKEY *pKey;
1079
1080 if (!(szValueName = map_key_spec_to_permissions_name(dwKeySpec)))
1081 return;
1082 if (lookup_handle(&handle_table, hCryptKey, RSAENH_MAGIC_KEY,
1083 (OBJECTHDR**)&pKey))
1084 RegSetValueExA(hKey, szValueName, 0, REG_DWORD,
1085 (BYTE *)&pKey->dwPermissions,
1086 sizeof(pKey->dwPermissions));
1087 }
1088
1089 /******************************************************************************
1090 * create_container_key [Internal]
1091 *
1092 * Creates the registry key for a key container's persistent storage.
1093 *
1094 * PARAMS
1095 * pKeyContainer [I] Pointer to the key container
1096 * sam [I] Desired registry access
1097 * phKey [O] Returned key
1098 */
1099 static BOOL create_container_key(KEYCONTAINER *pKeyContainer, REGSAM sam, HKEY *phKey)
1100 {
1101 CHAR szRSABase[sizeof(RSAENH_REGKEY) + MAX_PATH];
1102 HKEY hRootKey;
1103
1104 sprintf(szRSABase, RSAENH_REGKEY, pKeyContainer->szName);
1105
1106 if (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET)
1107 hRootKey = HKEY_LOCAL_MACHINE;
1108 else
1109 hRootKey = HKEY_CURRENT_USER;
1110
1111 /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
1112 /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
1113 return RegCreateKeyExA(hRootKey, szRSABase, 0, NULL,
1114 REG_OPTION_NON_VOLATILE, sam, NULL, phKey, NULL)
1115 == ERROR_SUCCESS;
1116 }
1117
1118 /******************************************************************************
1119 * open_container_key [Internal]
1120 *
1121 * Opens a key container's persistent storage for reading.
1122 *
1123 * PARAMS
1124 * pszContainerName [I] Name of the container to be opened. May be the empty
1125 * string if the parent key of all containers is to be
1126 * opened.
1127 * dwFlags [I] Flags indicating which keyset to be opened.
1128 * phKey [O] Returned key
1129 */
1130 static BOOL open_container_key(LPCSTR pszContainerName, DWORD dwFlags, REGSAM access, HKEY *phKey)
1131 {
1132 CHAR szRSABase[sizeof(RSAENH_REGKEY) + MAX_PATH];
1133 HKEY hRootKey;
1134
1135 sprintf(szRSABase, RSAENH_REGKEY, pszContainerName);
1136
1137 if (dwFlags & CRYPT_MACHINE_KEYSET)
1138 hRootKey = HKEY_LOCAL_MACHINE;
1139 else
1140 hRootKey = HKEY_CURRENT_USER;
1141
1142 /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
1143 /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
1144 return RegOpenKeyExA(hRootKey, szRSABase, 0, access, phKey) ==
1145 ERROR_SUCCESS;
1146 }
1147
1148 /******************************************************************************
1149 * delete_container_key [Internal]
1150 *
1151 * Deletes a key container's persistent storage.
1152 *
1153 * PARAMS
1154 * pszContainerName [I] Name of the container to be opened.
1155 * dwFlags [I] Flags indicating which keyset to be opened.
1156 */
1157 static BOOL delete_container_key(LPCSTR pszContainerName, DWORD dwFlags)
1158 {
1159 CHAR szRegKey[sizeof(RSAENH_REGKEY) + MAX_PATH];
1160 HKEY hRootKey;
1161
1162 sprintf(szRegKey, RSAENH_REGKEY, pszContainerName);
1163
1164 if (dwFlags & CRYPT_MACHINE_KEYSET)
1165 hRootKey = HKEY_LOCAL_MACHINE;
1166 else
1167 hRootKey = HKEY_CURRENT_USER;
1168 if (!RegDeleteKeyA(hRootKey, szRegKey)) {
1169 SetLastError(ERROR_SUCCESS);
1170 return TRUE;
1171 } else {
1172 SetLastError(NTE_BAD_KEYSET);
1173 return FALSE;
1174 }
1175 }
1176
1177 /******************************************************************************
1178 * store_key_container_keys [Internal]
1179 *
1180 * Stores key container's keys in a persistent location.
1181 *
1182 * PARAMS
1183 * pKeyContainer [I] Pointer to the key container whose keys are to be saved
1184 */
1185 static void store_key_container_keys(KEYCONTAINER *pKeyContainer)
1186 {
1187 HKEY hKey;
1188 DWORD dwFlags;
1189
1190 /* On WinXP, persistent keys are stored in a file located at:
1191 * $AppData$\\Microsoft\\Crypto\\RSA\\$SID$\\some_hex_string
1192 */
1193
1194 if (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET)
1195 dwFlags = CRYPTPROTECT_LOCAL_MACHINE;
1196 else
1197 dwFlags = 0;
1198
1199 if (create_container_key(pKeyContainer, KEY_WRITE, &hKey))
1200 {
1201 store_key_pair(pKeyContainer->hKeyExchangeKeyPair, hKey,
1202 AT_KEYEXCHANGE, dwFlags);
1203 store_key_pair(pKeyContainer->hSignatureKeyPair, hKey,
1204 AT_SIGNATURE, dwFlags);
1205 RegCloseKey(hKey);
1206 }
1207 }
1208
1209 /******************************************************************************
1210 * store_key_container_permissions [Internal]
1211 *
1212 * Stores key container's key permissions in a persistent location.
1213 *
1214 * PARAMS
1215 * pKeyContainer [I] Pointer to the key container whose key permissions are to
1216 * be saved
1217 */
1218 static void store_key_container_permissions(KEYCONTAINER *pKeyContainer)
1219 {
1220 HKEY hKey;
1221
1222 if (create_container_key(pKeyContainer, KEY_WRITE, &hKey))
1223 {
1224 store_key_permissions(pKeyContainer->hKeyExchangeKeyPair, hKey,
1225 AT_KEYEXCHANGE);
1226 store_key_permissions(pKeyContainer->hSignatureKeyPair, hKey,
1227 AT_SIGNATURE);
1228 RegCloseKey(hKey);
1229 }
1230 }
1231
1232 /******************************************************************************
1233 * release_key_container_keys [Internal]
1234 *
1235 * Releases key container's keys.
1236 *
1237 * PARAMS
1238 * pKeyContainer [I] Pointer to the key container whose keys are to be released.
1239 */
1240 static void release_key_container_keys(KEYCONTAINER *pKeyContainer)
1241 {
1242 release_handle(&handle_table, pKeyContainer->hKeyExchangeKeyPair,
1243 RSAENH_MAGIC_KEY);
1244 release_handle(&handle_table, pKeyContainer->hSignatureKeyPair,
1245 RSAENH_MAGIC_KEY);
1246 }
1247
1248 /******************************************************************************
1249 * destroy_key_container [Internal]
1250 *
1251 * Destructor for key containers.
1252 *
1253 * PARAMS
1254 * pObjectHdr [I] Pointer to the key container to be destroyed.
1255 */
1256 static void destroy_key_container(OBJECTHDR *pObjectHdr)
1257 {
1258 KEYCONTAINER *pKeyContainer = (KEYCONTAINER*)pObjectHdr;
1259
1260 if (!(pKeyContainer->dwFlags & CRYPT_VERIFYCONTEXT))
1261 {
1262 store_key_container_keys(pKeyContainer);
1263 store_key_container_permissions(pKeyContainer);
1264 release_key_container_keys(pKeyContainer);
1265 }
1266 else
1267 release_key_container_keys(pKeyContainer);
1268 HeapFree( GetProcessHeap(), 0, pKeyContainer );
1269 }
1270
1271 /******************************************************************************
1272 * new_key_container [Internal]
1273 *
1274 * Create a new key container. The personality (RSA Base, Strong or Enhanced CP)
1275 * of the CSP is determined via the pVTable->pszProvName string.
1276 *
1277 * PARAMS
1278 * pszContainerName [I] Name of the key container.
1279 * pVTable [I] Callback functions and context info provided by the OS
1280 *
1281 * RETURNS
1282 * Success: Handle to the new key container.
1283 * Failure: INVALID_HANDLE_VALUE
1284 */
1285 static HCRYPTPROV new_key_container(PCCH pszContainerName, DWORD dwFlags, const VTableProvStruc *pVTable)
1286 {
1287 KEYCONTAINER *pKeyContainer;
1288 HCRYPTPROV hKeyContainer;
1289
1290 hKeyContainer = new_object(&handle_table, sizeof(KEYCONTAINER), RSAENH_MAGIC_CONTAINER,
1291 destroy_key_container, (OBJECTHDR**)&pKeyContainer);
1292 if (hKeyContainer != (HCRYPTPROV)INVALID_HANDLE_VALUE)
1293 {
1294 lstrcpynA(pKeyContainer->szName, pszContainerName, MAX_PATH);
1295 pKeyContainer->dwFlags = dwFlags;
1296 pKeyContainer->dwEnumAlgsCtr = 0;
1297 pKeyContainer->hKeyExchangeKeyPair = (HCRYPTKEY)INVALID_HANDLE_VALUE;
1298 pKeyContainer->hSignatureKeyPair = (HCRYPTKEY)INVALID_HANDLE_VALUE;
1299 if (pVTable && pVTable->pszProvName) {
1300 lstrcpynA(pKeyContainer->szProvName, pVTable->pszProvName, MAX_PATH);
1301 if (!strcmp(pVTable->pszProvName, MS_DEF_PROV_A)) {
1302 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_BASE;
1303 } else if (!strcmp(pVTable->pszProvName, MS_ENHANCED_PROV_A)) {
1304 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_ENHANCED;
1305 } else if (!strcmp(pVTable->pszProvName, MS_DEF_RSA_SCHANNEL_PROV_A)) {
1306 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_SCHANNEL;
1307 } else if (!strcmp(pVTable->pszProvName, MS_ENH_RSA_AES_PROV_A) ||
1308 !strcmp(pVTable->pszProvName, MS_ENH_RSA_AES_PROV_XP_A)) {
1309 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_AES;
1310 } else {
1311 pKeyContainer->dwPersonality = RSAENH_PERSONALITY_STRONG;
1312 }
1313 }
1314
1315 /* The new key container has to be inserted into the CSP immediately
1316 * after creation to be available for CPGetProvParam's PP_ENUMCONTAINERS. */
1317 if (!(dwFlags & CRYPT_VERIFYCONTEXT)) {
1318 HKEY hKey;
1319
1320 if (create_container_key(pKeyContainer, KEY_WRITE, &hKey))
1321 RegCloseKey(hKey);
1322 }
1323 }
1324
1325 return hKeyContainer;
1326 }
1327
1328 /******************************************************************************
1329 * read_key_value [Internal]
1330 *
1331 * Reads a key pair value from the registry
1332 *
1333 * PARAMS
1334 * hKeyContainer [I] Crypt provider to use to import the key
1335 * hKey [I] Registry key from which to read the key pair
1336 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
1337 * dwFlags [I] Flags for unprotecting the key
1338 * phCryptKey [O] Returned key
1339 */
1340 static BOOL read_key_value(HCRYPTPROV hKeyContainer, HKEY hKey, DWORD dwKeySpec, DWORD dwFlags, HCRYPTKEY *phCryptKey)
1341 {
1342 LPCSTR szValueName;
1343 DWORD dwValueType, dwLen;
1344 BYTE *pbKey;
1345 DATA_BLOB blobIn, blobOut;
1346 BOOL ret = FALSE;
1347
1348 if (!(szValueName = map_key_spec_to_key_pair_name(dwKeySpec)))
1349 return FALSE;
1350 if (RegQueryValueExA(hKey, szValueName, 0, &dwValueType, NULL, &dwLen) ==
1351 ERROR_SUCCESS)
1352 {
1353 pbKey = HeapAlloc(GetProcessHeap(), 0, dwLen);
1354 if (pbKey)
1355 {
1356 if (RegQueryValueExA(hKey, szValueName, 0, &dwValueType, pbKey, &dwLen) ==
1357 ERROR_SUCCESS)
1358 {
1359 blobIn.pbData = pbKey;
1360 blobIn.cbData = dwLen;
1361
1362 if (CryptUnprotectData(&blobIn, NULL, NULL, NULL, NULL,
1363 dwFlags, &blobOut))
1364 {
1365 ret = import_key(hKeyContainer, blobOut.pbData, blobOut.cbData, 0, 0,
1366 FALSE, phCryptKey);
1367 LocalFree(blobOut.pbData);
1368 }
1369 }
1370 HeapFree(GetProcessHeap(), 0, pbKey);
1371 }
1372 }
1373 if (ret)
1374 {
1375 CRYPTKEY *pKey;
1376
1377 if (lookup_handle(&handle_table, *phCryptKey, RSAENH_MAGIC_KEY,
1378 (OBJECTHDR**)&pKey))
1379 {
1380 if ((szValueName = map_key_spec_to_permissions_name(dwKeySpec)))
1381 {
1382 dwLen = sizeof(pKey->dwPermissions);
1383 RegQueryValueExA(hKey, szValueName, 0, NULL,
1384 (BYTE *)&pKey->dwPermissions, &dwLen);
1385 }
1386 }
1387 }
1388 return ret;
1389 }
1390
1391 /******************************************************************************
1392 * read_key_container [Internal]
1393 *
1394 * Tries to read the persistent state of the key container (mainly the signature
1395 * and key exchange private keys) given by pszContainerName.
1396 *
1397 * PARAMS
1398 * pszContainerName [I] Name of the key container to read from the registry
1399 * pVTable [I] Pointer to context data provided by the operating system
1400 *
1401 * RETURNS
1402 * Success: Handle to the key container read from the registry
1403 * Failure: INVALID_HANDLE_VALUE
1404 */
1405 static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, const VTableProvStruc *pVTable)
1406 {
1407 HKEY hKey;
1408 KEYCONTAINER *pKeyContainer;
1409 HCRYPTPROV hKeyContainer;
1410 HCRYPTKEY hCryptKey;
1411
1412 if (!open_container_key(pszContainerName, dwFlags, KEY_READ, &hKey))
1413 {
1414 SetLastError(NTE_BAD_KEYSET);
1415 return (HCRYPTPROV)INVALID_HANDLE_VALUE;
1416 }
1417
1418 hKeyContainer = new_key_container(pszContainerName, dwFlags, pVTable);
1419 if (hKeyContainer != (HCRYPTPROV)INVALID_HANDLE_VALUE)
1420 {
1421 DWORD dwProtectFlags = (dwFlags & CRYPT_MACHINE_KEYSET) ?
1422 CRYPTPROTECT_LOCAL_MACHINE : 0;
1423
1424 if (!lookup_handle(&handle_table, hKeyContainer, RSAENH_MAGIC_CONTAINER,
1425 (OBJECTHDR**)&pKeyContainer))
1426 return (HCRYPTPROV)INVALID_HANDLE_VALUE;
1427
1428 /* read_key_value calls import_key, which calls import_private_key,
1429 * which implicitly installs the key value into the appropriate key
1430 * container key. Thus the ref count is incremented twice, once for
1431 * the output key value, and once for the implicit install, and needs
1432 * to be decremented to balance the two.
1433 */
1434 if (read_key_value(hKeyContainer, hKey, AT_KEYEXCHANGE,
1435 dwProtectFlags, &hCryptKey))
1436 release_handle(&handle_table, hCryptKey, RSAENH_MAGIC_KEY);
1437 if (read_key_value(hKeyContainer, hKey, AT_SIGNATURE,
1438 dwProtectFlags, &hCryptKey))
1439 release_handle(&handle_table, hCryptKey, RSAENH_MAGIC_KEY);
1440 }
1441
1442 return hKeyContainer;
1443 }
1444
1445 /******************************************************************************
1446 * build_hash_signature [Internal]
1447 *
1448 * Builds a padded version of a hash to match the length of the RSA key modulus.
1449 *
1450 * PARAMS
1451 * pbSignature [O] The padded hash object is stored here.
1452 * dwLen [I] Length of the pbSignature buffer.
1453 * aiAlgid [I] Algorithm identifier of the hash to be padded.
1454 * abHashValue [I] The value of the hash object.
1455 * dwHashLen [I] Length of the hash value.
1456 * dwFlags [I] Selection of padding algorithm.
1457 *
1458 * RETURNS
1459 * Success: TRUE
1460 * Failure: FALSE (NTE_BAD_ALGID)
1461 */
1462 static BOOL build_hash_signature(BYTE *pbSignature, DWORD dwLen, ALG_ID aiAlgid,
1463 const BYTE *abHashValue, DWORD dwHashLen, DWORD dwFlags)
1464 {
1465 /* These prefixes are meant to be concatenated with hash values of the
1466 * respective kind to form a PKCS #7 DigestInfo. */
1467 static const struct tagOIDDescriptor {
1468 ALG_ID aiAlgid;
1469 DWORD dwLen;
1470 const BYTE abOID[19];
1471 } aOIDDescriptor[] = {
1472 { CALG_MD2, 18, { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48,
1473 0x86, 0xf7, 0x0d, 0x02, 0x02, 0x05, 0x00, 0x04, 0x10 } },
1474 { CALG_MD4, 18, { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48,
1475 0x86, 0xf7, 0x0d, 0x02, 0x04, 0x05, 0x00, 0x04, 0x10 } },
1476 { CALG_MD5, 18, { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48,
1477 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 } },
1478 { CALG_SHA, 15, { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
1479 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 } },
1480 { CALG_SHA_256, 19, { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
1481 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
1482 0x05, 0x00, 0x04, 0x20 } },
1483 { CALG_SHA_384, 19, { 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
1484 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
1485 0x05, 0x00, 0x04, 0x30 } },
1486 { CALG_SHA_512, 19, { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
1487 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
1488 0x05, 0x00, 0x04, 0x40 } },
1489 { CALG_SSL3_SHAMD5, 0, { 0 } },
1490 { 0, 0, { 0 } }
1491 };
1492 DWORD dwIdxOID, i, j;
1493
1494 for (dwIdxOID = 0; aOIDDescriptor[dwIdxOID].aiAlgid; dwIdxOID++) {
1495 if (aOIDDescriptor[dwIdxOID].aiAlgid == aiAlgid) break;
1496 }
1497
1498 if (!aOIDDescriptor[dwIdxOID].aiAlgid) {
1499 SetLastError(NTE_BAD_ALGID);
1500 return FALSE;
1501 }
1502
1503 /* Build the padded signature */
1504 if (dwFlags & CRYPT_X931_FORMAT) {
1505 pbSignature[0] = 0x6b;
1506 for (i=1; i < dwLen - dwHashLen - 3; i++) {
1507 pbSignature[i] = 0xbb;
1508 }
1509 pbSignature[i++] = 0xba;
1510 for (j=0; j < dwHashLen; j++, i++) {
1511 pbSignature[i] = abHashValue[j];
1512 }
1513 pbSignature[i++] = 0x33;
1514 pbSignature[i++] = 0xcc;
1515 } else {
1516 pbSignature[0] = 0x00;
1517 pbSignature[1] = 0x01;
1518 if (dwFlags & CRYPT_NOHASHOID) {
1519 for (i=2; i < dwLen - 1 - dwHashLen; i++) {
1520 pbSignature[i] = 0xff;
1521 }
1522 pbSignature[i++] = 0x00;
1523 } else {
1524 for (i=2; i < dwLen - 1 - aOIDDescriptor[dwIdxOID].dwLen - dwHashLen; i++) {
1525 pbSignature[i] = 0xff;
1526 }
1527 pbSignature[i++] = 0x00;
1528 for (j=0; j < aOIDDescriptor[dwIdxOID].dwLen; j++) {
1529 pbSignature[i++] = aOIDDescriptor[dwIdxOID].abOID[j];
1530 }
1531 }
1532 for (j=0; j < dwHashLen; j++) {
1533 pbSignature[i++] = abHashValue[j];
1534 }
1535 }
1536
1537 return TRUE;
1538 }
1539
1540 /******************************************************************************
1541 * tls1_p [Internal]
1542 *
1543 * This is an implementation of the 'P_hash' helper function for TLS1's PRF.
1544 * It is used exclusively by tls1_prf. For details see RFC 2246, chapter 5.
1545 * The pseudo random stream generated by this function is exclusive or'ed with
1546 * the data in pbBuffer.
1547 *
1548 * PARAMS
1549 * hHMAC [I] HMAC object, which will be used in pseudo random generation
1550 * pblobSeed [I] Seed value
1551 * pbBuffer [I/O] Pseudo random stream will be xor'ed to the provided data
1552 * dwBufferLen [I] Number of pseudo random bytes desired
1553 *
1554 * RETURNS
1555 * Success: TRUE
1556 * Failure: FALSE
1557 */
1558 static BOOL tls1_p(HCRYPTHASH hHMAC, const PCRYPT_DATA_BLOB pblobSeed, BYTE *pbBuffer,
1559 DWORD dwBufferLen)
1560 {
1561 CRYPTHASH *pHMAC;
1562 BYTE abAi[RSAENH_MAX_HASH_SIZE];
1563 DWORD i = 0;
1564
1565 if (!lookup_handle(&handle_table, hHMAC, RSAENH_MAGIC_HASH, (OBJECTHDR**)&pHMAC)) {
1566 SetLastError(NTE_BAD_HASH);
1567 return FALSE;
1568 }
1569
1570 /* compute A_1 = HMAC(seed) */
1571 init_hash(pHMAC);
1572 update_hash(pHMAC, pblobSeed->pbData, pblobSeed->cbData);
1573 finalize_hash(pHMAC);
1574 memcpy(abAi, pHMAC->abHashValue, pHMAC->dwHashSize);
1575
1576 do {
1577 /* compute HMAC(A_i + seed) */
1578 init_hash(pHMAC);
1579 update_hash(pHMAC, abAi, pHMAC->dwHashSize);
1580 update_hash(pHMAC, pblobSeed->pbData, pblobSeed->cbData);
1581 finalize_hash(pHMAC);
1582
1583 /* pseudo random stream := CONCAT_{i=1..n} ( HMAC(A_i + seed) ) */
1584 do {
1585 if (i >= dwBufferLen) break;
1586 pbBuffer[i] ^= pHMAC->abHashValue[i % pHMAC->dwHashSize];
1587 i++;
1588 } while (i % pHMAC->dwHashSize);
1589
1590 /* compute A_{i+1} = HMAC(A_i) */
1591 init_hash(pHMAC);
1592 update_hash(pHMAC, abAi, pHMAC->dwHashSize);
1593 finalize_hash(pHMAC);
1594 memcpy(abAi, pHMAC->abHashValue, pHMAC->dwHashSize);
1595 } while (i < dwBufferLen);
1596
1597 return TRUE;
1598 }
1599
1600 /******************************************************************************
1601 * tls1_prf [Internal]
1602 *
1603 * TLS1 pseudo random function as specified in RFC 2246, chapter 5
1604 *
1605 * PARAMS
1606 * hProv [I] Key container used to compute the pseudo random stream
1607 * hSecret [I] Key that holds the (pre-)master secret
1608 * pblobLabel [I] Descriptive label
1609 * pblobSeed [I] Seed value
1610 * pbBuffer [O] Pseudo random numbers will be stored here
1611 * dwBufferLen [I] Number of pseudo random bytes desired
1612 *
1613 * RETURNS
1614 * Success: TRUE
1615 * Failure: FALSE
1616 */
1617 static BOOL tls1_prf(HCRYPTPROV hProv, HCRYPTPROV hSecret, const PCRYPT_DATA_BLOB pblobLabel,
1618 const PCRYPT_DATA_BLOB pblobSeed, BYTE *pbBuffer, DWORD dwBufferLen)
1619 {
1620 HMAC_INFO hmacInfo = { 0, NULL, 0, NULL, 0 };
1621 HCRYPTHASH hHMAC = (HCRYPTHASH)INVALID_HANDLE_VALUE;
1622 HCRYPTKEY hHalfSecret = (HCRYPTKEY)INVALID_HANDLE_VALUE;
1623 CRYPTKEY *pHalfSecret, *pSecret;
1624 DWORD dwHalfSecretLen;
1625 BOOL result = FALSE;
1626 CRYPT_DATA_BLOB blobLabelSeed;
1627
1628 TRACE("(hProv=%08lx, hSecret=%08lx, pblobLabel=%p, pblobSeed=%p, pbBuffer=%p, dwBufferLen=%d)\n",
1629 hProv, hSecret, pblobLabel, pblobSeed, pbBuffer, dwBufferLen);
1630
1631 if (!lookup_handle(&handle_table, hSecret, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pSecret)) {
1632 SetLastError(NTE_FAIL);
1633 return FALSE;
1634 }
1635
1636 dwHalfSecretLen = (pSecret->dwKeyLen+1)/2;
1637
1638 /* concatenation of the label and the seed */
1639 if (!concat_data_blobs(&blobLabelSeed, pblobLabel, pblobSeed)) goto exit;
1640
1641 /* zero out the buffer, since two random streams will be xor'ed into it. */
1642 memset(pbBuffer, 0, dwBufferLen);
1643
1644 /* build a 'fake' key, to hold the secret. CALG_SSL2_MASTER is used since it provides
1645 * the biggest range of valid key lengths. */
1646 hHalfSecret = new_key(hProv, CALG_SSL2_MASTER, MAKELONG(0,dwHalfSecretLen*8), &pHalfSecret);
1647 if (hHalfSecret == (HCRYPTKEY)INVALID_HANDLE_VALUE) goto exit;
1648
1649 /* Derive an HMAC_MD5 hash and call the helper function. */
1650 memcpy(pHalfSecret->abKeyValue, pSecret->abKeyValue, dwHalfSecretLen);
1651 if (!RSAENH_CPCreateHash(hProv, CALG_HMAC, hHalfSecret, 0, &hHMAC)) goto exit;
1652 hmacInfo.HashAlgid = CALG_MD5;
1653 if (!RSAENH_CPSetHashParam(hProv, hHMAC, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0)) goto exit;
1654 if (!tls1_p(hHMAC, &blobLabelSeed, pbBuffer, dwBufferLen)) goto exit;
1655
1656 /* Reconfigure to HMAC_SHA hash and call helper function again. */
1657 memcpy(pHalfSecret->abKeyValue, pSecret->abKeyValue + (pSecret->dwKeyLen/2), dwHalfSecretLen);
1658 hmacInfo.HashAlgid = CALG_SHA;
1659 if (!RSAENH_CPSetHashParam(hProv, hHMAC, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0)) goto exit;
1660 if (!tls1_p(hHMAC, &blobLabelSeed, pbBuffer, dwBufferLen)) goto exit;
1661
1662 result = TRUE;
1663 exit:
1664 release_handle(&handle_table, hHalfSecret, RSAENH_MAGIC_KEY);
1665 if (hHMAC != (HCRYPTHASH)INVALID_HANDLE_VALUE) RSAENH_CPDestroyHash(hProv, hHMAC);
1666 free_data_blob(&blobLabelSeed);
1667 return result;
1668 }
1669
1670 /******************************************************************************
1671 * pad_data [Internal]
1672 *
1673 * Helper function for data padding according to PKCS1 #2
1674 *
1675 * PARAMS
1676 * abData [I] The data to be padded
1677 * dwDataLen [I] Length of the data
1678 * abBuffer [O] Padded data will be stored here
1679 * dwBufferLen [I] Length of the buffer (also length of padded data)
1680 * dwFlags [I] Padding format (CRYPT_SSL2_FALLBACK)
1681 *
1682 * RETURN
1683 * Success: TRUE
1684 * Failure: FALSE (NTE_BAD_LEN, too much data to pad)
1685 */
1686 static BOOL pad_data(const BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD dwBufferLen,
1687 DWORD dwFlags)
1688 {
1689 DWORD i;
1690
1691 /* Ensure there is enough space for PKCS1 #2 padding */
1692 if (dwDataLen > dwBufferLen-11) {
1693 SetLastError(NTE_BAD_LEN);
1694 return FALSE;
1695 }
1696
1697 memmove(abBuffer + dwBufferLen - dwDataLen, abData, dwDataLen);
1698
1699 abBuffer[0] = 0x00;
1700 abBuffer[1] = RSAENH_PKC_BLOCKTYPE;
1701 for (i=2; i < dwBufferLen - dwDataLen - 1; i++)
1702 do gen_rand_impl(&abBuffer[i], 1); while (!abBuffer[i]);
1703 if (dwFlags & CRYPT_SSL2_FALLBACK)
1704 for (i-=8; i < dwBufferLen - dwDataLen - 1; i++)
1705 abBuffer[i] = 0x03;
1706 abBuffer[i] = 0x00;
1707
1708 return TRUE;
1709 }
1710
1711 /******************************************************************************
1712 * unpad_data [Internal]
1713 *
1714 * Remove the PKCS1 padding from RSA decrypted data
1715 *
1716 * PARAMS
1717 * abData [I] The padded data
1718 * dwDataLen [I] Length of the padded data
1719 * abBuffer [O] Data without padding will be stored here
1720 * dwBufferLen [I/O] I: Length of the buffer, O: Length of unpadded data
1721 * dwFlags [I] Currently none defined
1722 *
1723 * RETURNS
1724 * Success: TRUE
1725 * Failure: FALSE, (NTE_BAD_DATA, no valid PKCS1 padding or buffer too small)
1726 */
1727 static BOOL unpad_data(const BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD *dwBufferLen,
1728 DWORD dwFlags)
1729 {
1730 DWORD i;
1731
1732 if (dwDataLen < 3)
1733 {
1734 SetLastError(NTE_BAD_DATA);
1735 return FALSE;
1736 }
1737 for (i=2; i<dwDataLen; i++)
1738 if (!abData[i])
1739 break;
1740
1741 if ((i == dwDataLen) || (*dwBufferLen < dwDataLen - i - 1) ||
1742 (abData[0] != 0x00) || (abData[1] != RSAENH_PKC_BLOCKTYPE))
1743 {
1744 SetLastError(NTE_BAD_DATA);
1745 return FALSE;
1746 }
1747
1748 *dwBufferLen = dwDataLen - i - 1;
1749 memmove(abBuffer, abData + i + 1, *dwBufferLen);
1750 return TRUE;
1751 }
1752
1753 /******************************************************************************
1754 * CPAcquireContext (RSAENH.@)
1755 *
1756 * Acquire a handle to the key container specified by pszContainer
1757 *
1758 * PARAMS
1759 * phProv [O] Pointer to the location the acquired handle will be written to.
1760 * pszContainer [I] Name of the desired key container. See Notes
1761 * dwFlags [I] Flags. See Notes.
1762 * pVTable [I] Pointer to a PVTableProvStruct containing callbacks.
1763 *
1764 * RETURNS
1765 * Success: TRUE
1766 * Failure: FALSE
1767 *
1768 * NOTES
1769 * If pszContainer is NULL or points to a zero length string the user's login
1770 * name will be used as the key container name.
1771 *
1772 * If the CRYPT_NEW_KEYSET flag is set in dwFlags a new keyset will be created.
1773 * If a keyset with the given name already exists, the function fails and sets
1774 * last error to NTE_EXISTS. If CRYPT_NEW_KEYSET is not set and the specified
1775 * key container does not exist, function fails and sets last error to
1776 * NTE_BAD_KEYSET.
1777 */
1778 BOOL WINAPI RSAENH_CPAcquireContext(HCRYPTPROV *phProv, LPSTR pszContainer,
1779 DWORD dwFlags, PVTableProvStruc pVTable)
1780 {
1781 CHAR szKeyContainerName[MAX_PATH];
1782
1783 TRACE("(phProv=%p, pszContainer=%s, dwFlags=%08x, pVTable=%p)\n", phProv,
1784 debugstr_a(pszContainer), dwFlags, pVTable);
1785
1786 if (pszContainer && *pszContainer)
1787 {
1788 lstrcpynA(szKeyContainerName, pszContainer, MAX_PATH);
1789 }
1790 else
1791 {
1792 DWORD dwLen = sizeof(szKeyContainerName);
1793 if (!GetUserNameA(szKeyContainerName, &dwLen)) return FALSE;
1794 }
1795
1796 switch (dwFlags & (CRYPT_NEWKEYSET|CRYPT_VERIFYCONTEXT|CRYPT_DELETEKEYSET))
1797 {
1798 case 0:
1799 *phProv = read_key_container(szKeyContainerName, dwFlags, pVTable);
1800 break;
1801
1802 case CRYPT_DELETEKEYSET:
1803 return delete_container_key(szKeyContainerName, dwFlags);
1804
1805 case CRYPT_NEWKEYSET:
1806 *phProv = read_key_container(szKeyContainerName, dwFlags, pVTable);
1807 if (*phProv != (HCRYPTPROV)INVALID_HANDLE_VALUE)
1808 {
1809 release_handle(&handle_table, *phProv, RSAENH_MAGIC_CONTAINER);
1810 TRACE("Can't create new keyset, already exists\n");
1811 SetLastError(NTE_EXISTS);
1812 return FALSE;
1813 }
1814 *phProv = new_key_container(szKeyContainerName, dwFlags, pVTable);
1815 break;
1816
1817 case CRYPT_VERIFYCONTEXT|CRYPT_NEWKEYSET:
1818 case CRYPT_VERIFYCONTEXT:
1819 if (pszContainer && *pszContainer) {
1820 TRACE("pszContainer should be empty\n");
1821 SetLastError(NTE_BAD_FLAGS);
1822 return FALSE;
1823 }
1824 *phProv = new_key_container("", dwFlags, pVTable);
1825 break;
1826
1827 default:
1828 *phProv = (HCRYPTPROV)INVALID_HANDLE_VALUE;
1829 SetLastError(NTE_BAD_FLAGS);
1830 return FALSE;
1831 }
1832
1833 if (*phProv != (HCRYPTPROV)INVALID_HANDLE_VALUE) {
1834 SetLastError(ERROR_SUCCESS);
1835 return TRUE;
1836 } else {
1837 return FALSE;
1838 }
1839 }
1840
1841 /******************************************************************************
1842 * CPCreateHash (RSAENH.@)
1843 *
1844 * CPCreateHash creates and initializes a new hash object.
1845 *
1846 * PARAMS
1847 * hProv [I] Handle to the key container to which the new hash will belong.
1848 * Algid [I] Identifies the hash algorithm, which will be used for the hash.
1849 * hKey [I] Handle to a session key applied for keyed hashes.
1850 * dwFlags [I] Currently no flags defined. Must be zero.
1851 * phHash [O] Points to the location where a handle to the new hash will be stored.
1852 *
1853 * RETURNS
1854 * Success: TRUE
1855 * Failure: FALSE
1856 *
1857 * NOTES
1858 * hKey is a handle to a session key applied in keyed hashes like MAC and HMAC.
1859 * If a normal hash object is to be created (like e.g. MD2 or SHA1) hKey must be zero.
1860 */
1861 BOOL WINAPI RSAENH_CPCreateHash(HCRYPTPROV hProv, ALG_ID Algid, HCRYPTKEY hKey, DWORD dwFlags,
1862 HCRYPTHASH *phHash)
1863 {
1864 CRYPTKEY *pCryptKey;
1865 CRYPTHASH *pCryptHash;
1866 const PROV_ENUMALGS_EX *peaAlgidInfo;
1867
1868 TRACE("(hProv=%08lx, Algid=%08x, hKey=%08lx, dwFlags=%08x, phHash=%p)\n", hProv, Algid, hKey,
1869 dwFlags, phHash);
1870
1871 peaAlgidInfo = get_algid_info(hProv, Algid);
1872 if (!peaAlgidInfo) return FALSE;
1873
1874 if (dwFlags)
1875 {
1876 SetLastError(NTE_BAD_FLAGS);
1877 return FALSE;
1878 }
1879
1880 if (Algid == CALG_MAC || Algid == CALG_HMAC || Algid == CALG_SCHANNEL_MASTER_HASH ||
1881 Algid == CALG_TLS1PRF)
1882 {
1883 if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey)) {
1884 SetLastError(NTE_BAD_KEY);
1885 return FALSE;
1886 }
1887
1888 if ((Algid == CALG_MAC) && (GET_ALG_TYPE(pCryptKey->aiAlgid) != ALG_TYPE_BLOCK)) {
1889 SetLastError(NTE_BAD_KEY);
1890 return FALSE;
1891 }
1892
1893 if ((Algid == CALG_SCHANNEL_MASTER_HASH || Algid == CALG_TLS1PRF) &&
1894 (pCryptKey->aiAlgid != CALG_TLS1_MASTER))
1895 {
1896 SetLastError(NTE_BAD_KEY);
1897 return FALSE;
1898 }
1899 if (Algid == CALG_SCHANNEL_MASTER_HASH &&
1900 ((!pCryptKey->siSChannelInfo.blobClientRandom.cbData) ||
1901 (!pCryptKey->siSChannelInfo.blobServerRandom.cbData)))
1902 {
1903 SetLastError(ERROR_INVALID_PARAMETER);
1904 return FALSE;
1905 }
1906
1907 if ((Algid == CALG_TLS1PRF) && (pCryptKey->dwState != RSAENH_KEYSTATE_MASTERKEY)) {
1908 SetLastError(NTE_BAD_KEY_STATE);
1909 return FALSE;
1910 }
1911 }
1912
1913 *phHash = new_object(&handle_table, sizeof(CRYPTHASH), RSAENH_MAGIC_HASH,
1914 destroy_hash, (OBJECTHDR**)&pCryptHash);
1915 if (!pCryptHash) return FALSE;
1916
1917 pCryptHash->aiAlgid = Algid;
1918 pCryptHash->hKey = hKey;
1919 pCryptHash->hProv = hProv;
1920 pCryptHash->dwState = RSAENH_HASHSTATE_HASHING;
1921 pCryptHash->pHMACInfo = NULL;
1922 pCryptHash->dwHashSize = peaAlgidInfo->dwDefaultLen >> 3;
1923 init_data_blob(&pCryptHash->tpPRFParams.blobLabel);
1924 init_data_blob(&pCryptHash->tpPRFParams.blobSeed);
1925
1926 if (Algid == CALG_SCHANNEL_MASTER_HASH) {
1927 static const char keyex[] = "key expansion";
1928 BYTE key_expansion[sizeof keyex];
1929 CRYPT_DATA_BLOB blobRandom, blobKeyExpansion = { 13, key_expansion };
1930
1931 memcpy( key_expansion, keyex, sizeof keyex );
1932
1933 if (pCryptKey->dwState != RSAENH_KEYSTATE_MASTERKEY) {
1934 static const char msec[] = "master secret";
1935 BYTE master_secret[sizeof msec];
1936 CRYPT_DATA_BLOB blobLabel = { 13, master_secret };
1937 BYTE abKeyValue[48];
1938
1939 memcpy( master_secret, msec, sizeof msec );
1940
1941 /* See RFC 2246, chapter 8.1 */
1942 if (!concat_data_blobs(&blobRandom,
1943 &pCryptKey->siSChannelInfo.blobClientRandom,
1944 &pCryptKey->siSChannelInfo.blobServerRandom))
1945 {
1946 return FALSE;
1947 }
1948 tls1_prf(hProv, hKey, &blobLabel, &blobRandom, abKeyValue, 48);
1949 pCryptKey->dwState = RSAENH_KEYSTATE_MASTERKEY;
1950 memcpy(pCryptKey->abKeyValue, abKeyValue, 48);
1951 free_data_blob(&blobRandom);
1952 }
1953
1954 /* See RFC 2246, chapter 6.3 */
1955 if (!concat_data_blobs(&blobRandom,
1956 &pCryptKey->siSChannelInfo.blobServerRandom,
1957 &pCryptKey->siSChannelInfo.blobClientRandom))
1958 {
1959 return FALSE;
1960 }
1961 tls1_prf(hProv, hKey, &blobKeyExpansion, &blobRandom, pCryptHash->abHashValue,
1962 RSAENH_MAX_HASH_SIZE);
1963 free_data_blob(&blobRandom);
1964 }
1965
1966 return init_hash(pCryptHash);
1967 }
1968
1969 /******************************************************************************
1970 * CPDestroyHash (RSAENH.@)
1971 *
1972 * Releases the handle to a hash object. The object is destroyed if its reference
1973 * count reaches zero.
1974 *
1975 * PARAMS
1976 * hProv [I] Handle to the key container to which the hash object belongs.
1977 * hHash [I] Handle to the hash object to be released.
1978 *
1979 * RETURNS
1980 * Success: TRUE
1981 * Failure: FALSE
1982 */
1983 BOOL WINAPI RSAENH_CPDestroyHash(HCRYPTPROV hProv, HCRYPTHASH hHash)
1984 {
1985 TRACE("(hProv=%08lx, hHash=%08lx)\n", hProv, hHash);
1986
1987 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
1988 {
1989 SetLastError(NTE_BAD_UID);
1990 return FALSE;
1991 }
1992
1993 if (!release_handle(&handle_table, hHash, RSAENH_MAGIC_HASH))
1994 {
1995 SetLastError(NTE_BAD_HASH);
1996 return FALSE;
1997 }
1998
1999 return TRUE;
2000 }
2001
2002 /******************************************************************************
2003 * CPDestroyKey (RSAENH.@)
2004 *
2005 * Releases the handle to a key object. The object is destroyed if its reference
2006 * count reaches zero.
2007 *
2008 * PARAMS
2009 * hProv [I] Handle to the key container to which the key object belongs.
2010 * hKey [I] Handle to the key object to be released.
2011 *
2012 * RETURNS
2013 * Success: TRUE
2014 * Failure: FALSE
2015 */
2016 BOOL WINAPI RSAENH_CPDestroyKey(HCRYPTPROV hProv, HCRYPTKEY hKey)
2017 {
2018 TRACE("(hProv=%08lx, hKey=%08lx)\n", hProv, hKey);
2019
2020 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
2021 {
2022 SetLastError(NTE_BAD_UID);
2023 return FALSE;
2024 }
2025
2026 if (!release_handle(&handle_table, hKey, RSAENH_MAGIC_KEY))
2027 {
2028 SetLastError(NTE_BAD_KEY);
2029 return FALSE;
2030 }
2031
2032 return TRUE;
2033 }
2034
2035 /******************************************************************************
2036 * CPDuplicateHash (RSAENH.@)
2037 *
2038 * Clones a hash object including its current state.
2039 *
2040 * PARAMS
2041 * hUID [I] Handle to the key container the hash belongs to.
2042 * hHash [I] Handle to the hash object to be cloned.
2043 * pdwReserved [I] Reserved. Must be NULL.
2044 * dwFlags [I] No flags are currently defined. Must be 0.
2045 * phHash [O] Handle to the cloned hash object.
2046 *
2047 * RETURNS
2048 * Success: TRUE.
2049 * Failure: FALSE.
2050 */
2051 BOOL WINAPI RSAENH_CPDuplicateHash(HCRYPTPROV hUID, HCRYPTHASH hHash, DWORD *pdwReserved,
2052 DWORD dwFlags, HCRYPTHASH *phHash)
2053 {
2054 CRYPTHASH *pSrcHash, *pDestHash;
2055
2056 TRACE("(hUID=%08lx, hHash=%08lx, pdwReserved=%p, dwFlags=%08x, phHash=%p)\n", hUID, hHash,
2057 pdwReserved, dwFlags, phHash);
2058
2059 if (!is_valid_handle(&handle_table, hUID, RSAENH_MAGIC_CONTAINER))
2060 {
2061 SetLastError(NTE_BAD_UID);
2062 return FALSE;
2063 }
2064
2065 if (!lookup_handle(&handle_table, hHash, RSAENH_MAGIC_HASH, (OBJECTHDR**)&pSrcHash))
2066 {
2067 SetLastError(NTE_BAD_HASH);
2068 return FALSE;
2069 }
2070
2071 if (!phHash || pdwReserved || dwFlags)
2072 {
2073 SetLastError(ERROR_INVALID_PARAMETER);
2074 return FALSE;
2075 }
2076
2077 *phHash = new_object(&handle_table, sizeof(CRYPTHASH), RSAENH_MAGIC_HASH,
2078 destroy_hash, (OBJECTHDR**)&pDestHash);
2079 if (*phHash != (HCRYPTHASH)INVALID_HANDLE_VALUE)
2080 {
2081 *pDestHash = *pSrcHash;
2082 duplicate_hash_impl(pSrcHash->aiAlgid, &pSrcHash->context, &pDestHash->context);
2083 copy_hmac_info(&pDestHash->pHMACInfo, pSrcHash->pHMACInfo);
2084 copy_data_blob(&pDestHash->tpPRFParams.blobLabel, &pSrcHash->tpPRFParams.blobLabel);
2085 copy_data_blob(&pDestHash->tpPRFParams.blobSeed, &pSrcHash->tpPRFParams.blobSeed);
2086 }
2087
2088 return *phHash != (HCRYPTHASH)INVALID_HANDLE_VALUE;
2089 }
2090
2091 /******************************************************************************
2092 * CPDuplicateKey (RSAENH.@)
2093 *
2094 * Clones a key object including its current state.
2095 *
2096 * PARAMS
2097 * hUID [I] Handle to the key container the hash belongs to.
2098 * hKey [I] Handle to the key object to be cloned.
2099 * pdwReserved [I] Reserved. Must be NULL.
2100 * dwFlags [I] No flags are currently defined. Must be 0.
2101 * phHash [O] Handle to the cloned key object.
2102 *
2103 * RETURNS
2104 * Success: TRUE.
2105 * Failure: FALSE.
2106 */
2107 BOOL WINAPI RSAENH_CPDuplicateKey(HCRYPTPROV hUID, HCRYPTKEY hKey, DWORD *pdwReserved,
2108 DWORD dwFlags, HCRYPTKEY *phKey)
2109 {
2110 CRYPTKEY *pSrcKey, *pDestKey;
2111
2112 TRACE("(hUID=%08lx, hKey=%08lx, pdwReserved=%p, dwFlags=%08x, phKey=%p)\n", hUID, hKey,
2113 pdwReserved, dwFlags, phKey);
2114
2115 if (!is_valid_handle(&handle_table, hUID, RSAENH_MAGIC_CONTAINER))
2116 {
2117 SetLastError(NTE_BAD_UID);
2118 return FALSE;
2119 }
2120
2121 if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pSrcKey))
2122 {
2123 SetLastError(NTE_BAD_KEY);
2124 return FALSE;
2125 }
2126
2127 if (!phKey || pdwReserved || dwFlags)
2128 {
2129 SetLastError(ERROR_INVALID_PARAMETER);
2130 return FALSE;
2131 }
2132
2133 *phKey = new_object(&handle_table, sizeof(CRYPTKEY), RSAENH_MAGIC_KEY, destroy_key,
2134 (OBJECTHDR**)&pDestKey);
2135 if (*phKey != (HCRYPTKEY)INVALID_HANDLE_VALUE)
2136 {
2137 *pDestKey = *pSrcKey;
2138 copy_data_blob(&pDestKey->siSChannelInfo.blobServerRandom,
2139 &pSrcKey->siSChannelInfo.blobServerRandom);
2140 copy_data_blob(&pDestKey->siSChannelInfo.blobClientRandom,
2141 &pSrcKey->siSChannelInfo.blobClientRandom);
2142 duplicate_key_impl(pSrcKey->aiAlgid, &pSrcKey->context, &pDestKey->context);
2143 return TRUE;
2144 }
2145 else
2146 {
2147 return FALSE;
2148 }
2149 }
2150
2151 /******************************************************************************
2152 * CPEncrypt (RSAENH.@)
2153 *
2154 * Encrypt data.
2155 *
2156 * PARAMS
2157 * hProv [I] The key container hKey and hHash belong to.
2158 * hKey [I] The key used to encrypt the data.
2159 * hHash [I] An optional hash object for parallel hashing. See notes.
2160 * Final [I] Indicates if this is the last block of data to encrypt.
2161 * dwFlags [I] Currently no flags defined. Must be zero.
2162 * pbData [I/O] Pointer to the data to encrypt. Encrypted data will also be stored there.
2163 * pdwDataLen [I/O] I: Length of data to encrypt, O: Length of encrypted data.
2164 * dwBufLen [I] Size of the buffer at pbData.
2165 *
2166 * RETURNS
2167 * Success: TRUE.
2168 * Failure: FALSE.
2169 *
2170 * NOTES
2171 * If a hash object handle is provided in hHash, it will be updated with the plaintext.
2172 * This is useful for message signatures.
2173 *
2174 * This function uses the standard WINAPI protocol for querying data of dynamic length.
2175 */
2176 BOOL WINAPI RSAENH_CPEncrypt(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final,
2177 DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen, DWORD dwBufLen)
2178 {
2179 CRYPTKEY *pCryptKey;
2180 BYTE *in, out[RSAENH_MAX_BLOCK_SIZE], o[RSAENH_MAX_BLOCK_SIZE];
2181 DWORD dwEncryptedLen, i, j, k;
2182
2183 TRACE("(hProv=%08lx, hKey=%08lx, hHash=%08lx, Final=%d, dwFlags=%08x, pbData=%p, "
2184 "pdwDataLen=%p, dwBufLen=%d)\n", hProv, hKey, hHash, Final, dwFlags, pbData, pdwDataLen,
2185 dwBufLen);
2186
2187 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
2188 {
2189 SetLastError(NTE_BAD_UID);
2190 return FALSE;
2191 }
2192
2193 if (dwFlags)
2194 {
2195 SetLastError(NTE_BAD_FLAGS);
2196 return FALSE;
2197 }
2198
2199 if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
2200 {
2201 SetLastError(NTE_BAD_KEY);
2202 return FALSE;
2203 }
2204
2205 if (pCryptKey->dwState == RSAENH_KEYSTATE_IDLE)
2206 pCryptKey->dwState = RSAENH_KEYSTATE_ENCRYPTING;
2207
2208 if (pCryptKey->dwState != RSAENH_KEYSTATE_ENCRYPTING)
2209 {
2210 SetLastError(NTE_BAD_DATA);
2211 return FALSE;
2212 }
2213
2214 if (is_valid_handle(&handle_table, hHash, RSAENH_MAGIC_HASH)) {
2215 if (!RSAENH_CPHashData(hProv, hHash, pbData, *pdwDataLen, 0)) return FALSE;
2216 }
2217
2218 if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_BLOCK) {
2219 if (!Final && (*pdwDataLen % pCryptKey->dwBlockLen)) {
2220 SetLastError(NTE_BAD_DATA);
2221 return FALSE;
2222 }
2223
2224 dwEncryptedLen = (*pdwDataLen/pCryptKey->dwBlockLen+(Final?1:0))*pCryptKey->dwBlockLen;
2225
2226 if (pbData == NULL) {
2227 *pdwDataLen = dwEncryptedLen;
2228 return TRUE;
2229 }
2230 else if (dwEncryptedLen > dwBufLen) {
2231 *pdwDataLen = dwEncryptedLen;
2232 SetLastError(ERROR_MORE_DATA);
2233 return FALSE;
2234 }
2235
2236 /* Pad final block with length bytes */
2237 for (i=*pdwDataLen; i<dwEncryptedLen; i++) pbData[i] = dwEncryptedLen - *pdwDataLen;
2238 *pdwDataLen = dwEncryptedLen;
2239
2240 for (i=0, in=pbData; i<*pdwDataLen; i+=pCryptKey->dwBlockLen, in+=pCryptKey->dwBlockLen) {
2241 switch (pCryptKey->dwMode) {
2242 case CRYPT_MODE_ECB:
2243 encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context, in, out,
2244 RSAENH_ENCRYPT);
2245 break;
2246
2247 case CRYPT_MODE_CBC:
2248 for (j=0; j<pCryptKey->dwBlockLen; j++) in[j] ^= pCryptKey->abChainVector[j];
2249 encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context, in, out,
2250 RSAENH_ENCRYPT);
2251 memcpy(pCryptKey->abChainVector, out, pCryptKey->dwBlockLen);
2252 break;
2253
2254 case CRYPT_MODE_CFB:
2255 for (j=0; j<pCryptKey->dwBlockLen; j++) {
2256 encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context,
2257 pCryptKey->abChainVector, o, RSAENH_ENCRYPT);
2258 out[j] = in[j] ^ o[0];
2259 for (k=0; k<pCryptKey->dwBlockLen-1; k++)
2260 pCryptKey->abChainVector[k] = pCryptKey->abChainVector[k+1];
2261 pCryptKey->abChainVector[k] = out[j];
2262 }
2263 break;
2264
2265 default:
2266 SetLastError(NTE_BAD_ALGID);
2267 return FALSE;
2268 }
2269 memcpy(in, out, pCryptKey->dwBlockLen);
2270 }
2271 } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_STREAM) {
2272 if (pbData == NULL) {
2273 *pdwDataLen = dwBufLen;
2274 return TRUE;
2275 }
2276 encrypt_stream_impl(pCryptKey->aiAlgid, &pCryptKey->context, pbData, *pdwDataLen);
2277 } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_RSA) {
2278 if (pCryptKey->aiAlgid == CALG_RSA_SIGN) {
2279 SetLastError(NTE_BAD_KEY);
2280 return FALSE;
2281 }
2282 if (!pbData) {
2283 *pdwDataLen = pCryptKey->dwBlockLen;
2284 return TRUE;
2285 }
2286 if (dwBufLen < pCryptKey->dwBlockLen) {
2287 SetLastError(ERROR_MORE_DATA);
2288 return FALSE;
2289 }
2290 if (!pad_data(pbData, *pdwDataLen, pbData, pCryptKey->dwBlockLen, dwFlags)) return FALSE;
2291 encrypt_block_impl(pCryptKey->aiAlgid, PK_PUBLIC, &pCryptKey->context, pbData, pbData, RSAENH_ENCRYPT);
2292 *pdwDataLen = pCryptKey->dwBlockLen;
2293 Final = TRUE;
2294 } else {
2295 SetLastError(NTE_BAD_TYPE);
2296 return FALSE;
2297 }
2298
2299 if (Final) setup_key(pCryptKey);
2300
2301 return TRUE;
2302 }
2303
2304 /******************************************************************************
2305 * CPDecrypt (RSAENH.@)
2306 *
2307 * Decrypt data.
2308 *
2309 * PARAMS
2310 * hProv [I] The key container hKey and hHash belong to.
2311 * hKey [I] The key used to decrypt the data.
2312 * hHash [I] An optional hash object for parallel hashing. See notes.
2313 * Final [I] Indicates if this is the last block of data to decrypt.
2314 * dwFlags [I] Currently no flags defined. Must be zero.
2315 * pbData [I/O] Pointer to the data to decrypt. Plaintext will also be stored there.
2316 * pdwDataLen [I/O] I: Length of ciphertext, O: Length of plaintext.
2317 *
2318 * RETURNS
2319 * Success: TRUE.
2320 * Failure: FALSE.
2321 *
2322 * NOTES
2323 * If a hash object handle is provided in hHash, it will be updated with the plaintext.
2324 * This is useful for message signatures.
2325 *
2326 * This function uses the standard WINAPI protocol for querying data of dynamic length.
2327 */
2328 BOOL WINAPI RSAENH_CPDecrypt(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final,
2329 DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
2330 {
2331 CRYPTKEY *pCryptKey;
2332 BYTE *in, out[RSAENH_MAX_BLOCK_SIZE], o[RSAENH_MAX_BLOCK_SIZE];
2333 DWORD i, j, k;
2334 DWORD dwMax;
2335
2336 TRACE("(hProv=%08lx, hKey=%08lx, hHash=%08lx, Final=%d, dwFlags=%08x, pbData=%p, "
2337 "pdwDataLen=%p)\n", hProv, hKey, hHash, Final, dwFlags, pbData, pdwDataLen);
2338
2339 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
2340 {
2341 SetLastError(NTE_BAD_UID);
2342 return FALSE;
2343 }
2344
2345 if (dwFlags)
2346 {
2347 SetLastError(NTE_BAD_FLAGS);
2348 return FALSE;
2349 }
2350
2351 if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
2352 {
2353 SetLastError(NTE_BAD_KEY);
2354 return FALSE;
2355 }
2356
2357 if (pCryptKey->dwState == RSAENH_KEYSTATE_IDLE)
2358 pCryptKey->dwState = RSAENH_KEYSTATE_ENCRYPTING;
2359
2360 if (pCryptKey->dwState != RSAENH_KEYSTATE_ENCRYPTING)
2361 {
2362 SetLastError(NTE_BAD_DATA);
2363 return FALSE;
2364 }
2365
2366 dwMax=*pdwDataLen;
2367
2368 if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_BLOCK) {
2369 for (i=0, in=pbData; i<*pdwDataLen; i+=pCryptKey->dwBlockLen, in+=pCryptKey->dwBlockLen) {
2370 switch (pCryptKey->dwMode) {
2371 case CRYPT_MODE_ECB:
2372 encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context, in, out,
2373 RSAENH_DECRYPT);
2374 break;
2375
2376 case CRYPT_MODE_CBC:
2377 encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context, in, out,
2378 RSAENH_DECRYPT);
2379 for (j=0; j<pCryptKey->dwBlockLen; j++) out[j] ^= pCryptKey->abChainVector[j];
2380 memcpy(pCryptKey->abChainVector, in, pCryptKey->dwBlockLen);
2381 break;
2382
2383 case CRYPT_MODE_CFB:
2384 for (j=0; j<pCryptKey->dwBlockLen; j++) {
2385 encrypt_block_impl(pCryptKey->aiAlgid, 0, &pCryptKey->context,
2386 pCryptKey->abChainVector, o, RSAENH_ENCRYPT);
2387 out[j] = in[j] ^ o[0];
2388 for (k=0; k<pCryptKey->dwBlockLen-1; k++)
2389 pCryptKey->abChainVector[k] = pCryptKey->abChainVector[k+1];
2390 pCryptKey->abChainVector[k] = in[j];
2391 }
2392 break;
2393
2394 default:
2395 SetLastError(NTE_BAD_ALGID);
2396 return FALSE;
2397 }
2398 memcpy(in, out, pCryptKey->dwBlockLen);
2399 }
2400 if (Final) {
2401 if (pbData[*pdwDataLen-1] &&
2402 pbData[*pdwDataLen-1] <= pCryptKey->dwBlockLen &&
2403 pbData[*pdwDataLen-1] <= *pdwDataLen) {
2404 BOOL padOkay = TRUE;
2405
2406 /* check that every bad byte has the same value */
2407 for (i = 1; padOkay && i < pbData[*pdwDataLen-1]; i++)
2408 if (pbData[*pdwDataLen - i - 1] != pbData[*pdwDataLen - 1])
2409 padOkay = FALSE;
2410 if (padOkay)
2411 *pdwDataLen -= pbData[*pdwDataLen-1];
2412 else {
2413 SetLastError(NTE_BAD_DATA);
2414 setup_key(pCryptKey);
2415 return FALSE;
2416 }
2417 }
2418 else {
2419 SetLastError(NTE_BAD_DATA);
2420 setup_key(pCryptKey);
2421 return FALSE;
2422 }
2423 }
2424
2425 } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_STREAM) {
2426 encrypt_stream_impl(pCryptKey->aiAlgid, &pCryptKey->context, pbData, *pdwDataLen);
2427 } else if (GET_ALG_TYPE(pCryptKey->aiAlgid) == ALG_TYPE_RSA) {
2428 if (pCryptKey->aiAlgid == CALG_RSA_SIGN) {
2429 SetLastError(NTE_BAD_KEY);
2430 return FALSE;
2431 }
2432 encrypt_block_impl(pCryptKey->aiAlgid, PK_PRIVATE, &pCryptKey->context, pbData, pbData, RSAENH_DECRYPT);
2433 if (!unpad_data(pbData, pCryptKey->dwBlockLen, pbData, pdwDataLen, dwFlags)) return FALSE;
2434 Final = TRUE;
2435 } else {
2436 SetLastError(NTE_BAD_TYPE);
2437 return FALSE;
2438 }
2439
2440 if (Final) setup_key(pCryptKey);
2441
2442 if (is_valid_handle(&handle_table, hHash, RSAENH_MAGIC_HASH)) {
2443 if (*pdwDataLen>dwMax ||
2444 !RSAENH_CPHashData(hProv, hHash, pbData, *pdwDataLen, 0)) return FALSE;
2445 }
2446
2447 return TRUE;
2448 }
2449
2450 static BOOL crypt_export_simple(CRYPTKEY *pCryptKey, CRYPTKEY *pPubKey,
2451 DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
2452 {
2453 BLOBHEADER *pBlobHeader = (BLOBHEADER*)pbData;
2454 ALG_ID *pAlgid = (ALG_ID*)(pBlobHeader+1);
2455 DWORD dwDataLen;
2456
2457 if (!(GET_ALG_CLASS(pCryptKey->aiAlgid)&(ALG_CLASS_DATA_ENCRYPT|ALG_CLASS_MSG_ENCRYPT))) {
2458 SetLastError(NTE_BAD_KEY); /* FIXME: error code? */
2459 return FALSE;
2460 }
2461
2462 dwDataLen = sizeof(BLOBHEADER) + sizeof(ALG_ID) + pPubKey->dwBlockLen;
2463 if (pbData) {
2464 if (*pdwDataLen < dwDataLen) {
2465 SetLastError(ERROR_MORE_DATA);
2466 *pdwDataLen = dwDataLen;
2467 return FALSE;
2468 }
2469
2470 pBlobHeader->bType = SIMPLEBLOB;
2471 pBlobHeader->bVersion = CUR_BLOB_VERSION;
2472 pBlobHeader->reserved = 0;
2473 pBlobHeader->aiKeyAlg = pCryptKey->aiAlgid;
2474
2475 *pAlgid = pPubKey->aiAlgid;
2476
2477 if (!pad_data(pCryptKey->abKeyValue, pCryptKey->dwKeyLen, (BYTE*)(pAlgid+1),
2478 pPubKey->dwBlockLen, dwFlags))
2479 {
2480 return FALSE;
2481 }
2482
2483 encrypt_block_impl(pPubKey->aiAlgid, PK_PUBLIC, &pPubKey->context, (BYTE*)(pAlgid+1),
2484 (BYTE*)(pAlgid+1), RSAENH_ENCRYPT);
2485 }
2486 *pdwDataLen = dwDataLen;
2487 return TRUE;
2488 }
2489
2490 static BOOL crypt_export_public_key(CRYPTKEY *pCryptKey, BYTE *pbData,
2491 DWORD *pdwDataLen)
2492 {
2493 BLOBHEADER *pBlobHeader = (BLOBHEADER*)pbData;
2494 RSAPUBKEY *pRSAPubKey = (RSAPUBKEY*)(pBlobHeader+1);
2495 DWORD dwDataLen;
2496
2497 if ((pCryptKey->aiAlgid != CALG_RSA_KEYX) && (pCryptKey->aiAlgid != CALG_RSA_SIGN)) {
2498 SetLastError(NTE_BAD_KEY);
2499 return FALSE;
2500 }
2501
2502 dwDataLen = sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + pCryptKey->dwKeyLen;
2503 if (pbData) {
2504 if (*pdwDataLen < dwDataLen) {
2505 SetLastError(ERROR_MORE_DATA);
2506 *pdwDataLen = dwDataLen;
2507 return FALSE;
2508 }
2509
2510 pBlobHeader->bType = PUBLICKEYBLOB;
2511 pBlobHeader->bVersion = CUR_BLOB_VERSION;
2512 pBlobHeader->reserved = 0;
2513 pBlobHeader->aiKeyAlg = pCryptKey->aiAlgid;
2514
2515 pRSAPubKey->magic = RSAENH_MAGIC_RSA1;
2516 pRSAPubKey->bitlen = pCryptKey->dwKeyLen << 3;
2517
2518 export_public_key_impl((BYTE*)(pRSAPubKey+1), &pCryptKey->context,
2519 pCryptKey->dwKeyLen, &pRSAPubKey->pubexp);
2520 }
2521 *pdwDataLen = dwDataLen;
2522 return TRUE;
2523 }
2524
2525 static BOOL crypt_export_private_key(CRYPTKEY *pCryptKey, BOOL force,
2526 BYTE *pbData, DWORD *pdwDataLen)
2527 {
2528 BLOBHEADER *pBlobHeader = (BLOBHEADER*)pbData;
2529 RSAPUBKEY *pRSAPubKey = (RSAPUBKEY*)(pBlobHeader+1);
2530 DWORD dwDataLen;
2531
2532 if ((pCryptKey->aiAlgid != CALG_RSA_KEYX) && (pCryptKey->aiAlgid != CALG_RSA_SIGN)) {
2533 SetLastError(NTE_BAD_KEY);
2534 return FALSE;
2535 }
2536 if (!force && !(pCryptKey->dwPermissions & CRYPT_EXPORT))
2537 {
2538 SetLastError(NTE_BAD_KEY_STATE);
2539 return FALSE;
2540 }
2541
2542 dwDataLen = sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) +
2543 2 * pCryptKey->dwKeyLen + 5 * ((pCryptKey->dwKeyLen + 1) >> 1);
2544 if (pbData) {
2545 if (*pdwDataLen < dwDataLen) {
2546 SetLastError(ERROR_MORE_DATA);
2547 *pdwDataLen = dwDataLen;
2548 return FALSE;
2549 }
2550
2551 pBlobHeader->bType = PRIVATEKEYBLOB;
2552 pBlobHeader->bVersion = CUR_BLOB_VERSION;
2553 pBlobHeader->reserved = 0;
2554 pBlobHeader->aiKeyAlg = pCryptKey->aiAlgid;
2555
2556 pRSAPubKey->magic = RSAENH_MAGIC_RSA2;
2557 pRSAPubKey->bitlen = pCryptKey->dwKeyLen << 3;
2558
2559 export_private_key_impl((BYTE*)(pRSAPubKey+1), &pCryptKey->context,
2560 pCryptKey->dwKeyLen, &pRSAPubKey->pubexp);
2561 }
2562 *pdwDataLen = dwDataLen;
2563 return TRUE;
2564 }
2565
2566 static BOOL crypt_export_plaintext_key(CRYPTKEY *pCryptKey, BYTE *pbData,
2567 DWORD *pdwDataLen)
2568 {
2569 BLOBHEADER *pBlobHeader = (BLOBHEADER*)pbData;
2570 DWORD *pKeyLen = (DWORD*)(pBlobHeader+1);
2571 BYTE *pbKey = (BYTE*)(pKeyLen+1);
2572 DWORD dwDataLen;
2573
2574 dwDataLen = sizeof(BLOBHEADER) + sizeof(DWORD) + pCryptKey->dwKeyLen;
2575 if (pbData) {
2576 if (*pdwDataLen < dwDataLen) {
2577 SetLastError(ERROR_MORE_DATA);
2578 *pdwDataLen = dwDataLen;
2579 return FALSE;
2580 }
2581
2582 pBlobHeader->bType = PLAINTEXTKEYBLOB;
2583 pBlobHeader->bVersion = CUR_BLOB_VERSION;
2584 pBlobHeader->reserved = 0;
2585 pBlobHeader->aiKeyAlg = pCryptKey->aiAlgid;
2586
2587 *pKeyLen = pCryptKey->dwKeyLen;
2588 memcpy(pbKey, pCryptKey->abKeyValue, pCryptKey->dwKeyLen);
2589 }
2590 *pdwDataLen = dwDataLen;
2591 return TRUE;
2592 }
2593 /******************************************************************************
2594 * crypt_export_key [Internal]
2595 *
2596 * Export a key into a binary large object (BLOB). Called by CPExportKey and
2597 * by store_key_pair.
2598 *
2599 * PARAMS
2600 * pCryptKey [I] Key to be exported.
2601 * hPubKey [I] Key used to encrypt sensitive BLOB data.
2602 * dwBlobType [I] SIMPLEBLOB, PUBLICKEYBLOB or PRIVATEKEYBLOB.
2603 * dwFlags [I] Currently none defined.
2604 * force [I] If TRUE, the key is written no matter what the key's
2605 * permissions are. Otherwise the key's permissions are
2606 * checked before exporting.
2607 * pbData [O] Pointer to a buffer where the BLOB will be written to.
2608 * pdwDataLen [I/O] I: Size of buffer at pbData, O: Size of BLOB
2609 *
2610 * RETURNS
2611 * Success: TRUE.
2612 * Failure: FALSE.
2613 */
2614 static BOOL crypt_export_key(CRYPTKEY *pCryptKey, HCRYPTKEY hPubKey,
2615 DWORD dwBlobType, DWORD dwFlags, BOOL force,
2616 BYTE *pbData, DWORD *pdwDataLen)
2617 {
2618 CRYPTKEY *pPubKey;
2619
2620 if (dwFlags & CRYPT_SSL2_FALLBACK) {
2621 if (pCryptKey->aiAlgid != CALG_SSL2_MASTER) {
2622 SetLastError(NTE_BAD_KEY);
2623 return FALSE;
2624 }
2625 }
2626
2627 switch ((BYTE)dwBlobType)
2628 {
2629 case SIMPLEBLOB:
2630 if (!lookup_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pPubKey)){
2631 SetLastError(NTE_BAD_PUBLIC_KEY); /* FIXME: error_code? */
2632 return FALSE;
2633 }
2634 return crypt_export_simple(pCryptKey, pPubKey, dwFlags, pbData,
2635 pdwDataLen);
2636
2637 case PUBLICKEYBLOB:
2638 if (is_valid_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY)) {
2639 SetLastError(NTE_BAD_KEY); /* FIXME: error code? */
2640 return FALSE;
2641 }
2642
2643 return crypt_export_public_key(pCryptKey, pbData, pdwDataLen);
2644
2645 case PRIVATEKEYBLOB:
2646 return crypt_export_private_key(pCryptKey, force, pbData, pdwDataLen);
2647
2648 case PLAINTEXTKEYBLOB:
2649 return crypt_export_plaintext_key(pCryptKey, pbData, pdwDataLen);
2650
2651 default:
2652 SetLastError(NTE_BAD_TYPE); /* FIXME: error code? */
2653 return FALSE;
2654 }
2655 }
2656
2657 /******************************************************************************
2658 * CPExportKey (RSAENH.@)
2659 *
2660 * Export a key into a binary large object (BLOB).
2661 *
2662 * PARAMS
2663 * hProv [I] Key container from which a key is to be exported.
2664 * hKey [I] Key to be exported.
2665 * hPubKey [I] Key used to encrypt sensitive BLOB data.
2666 * dwBlobType [I] SIMPLEBLOB, PUBLICKEYBLOB or PRIVATEKEYBLOB.
2667 * dwFlags [I] Currently none defined.
2668 * pbData [O] Pointer to a buffer where the BLOB will be written to.
2669 * pdwDataLen [I/O] I: Size of buffer at pbData, O: Size of BLOB
2670 *
2671 * RETURNS
2672 * Success: TRUE.
2673 * Failure: FALSE.
2674 */
2675 BOOL WINAPI RSAENH_CPExportKey(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTKEY hPubKey,
2676 DWORD dwBlobType, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen)
2677 {
2678 CRYPTKEY *pCryptKey;
2679
2680 TRACE("(hProv=%08lx, hKey=%08lx, hPubKey=%08lx, dwBlobType=%08x, dwFlags=%08x, pbData=%p,"
2681 "pdwDataLen=%p)\n", hProv, hKey, hPubKey, dwBlobType, dwFlags, pbData, pdwDataLen);
2682
2683 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
2684 {
2685 SetLastError(NTE_BAD_UID);
2686 return FALSE;
2687 }
2688
2689 if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
2690 {
2691 SetLastError(NTE_BAD_KEY);
2692 return FALSE;
2693 }
2694
2695 return crypt_export_key(pCryptKey, hPubKey, dwBlobType, dwFlags, FALSE,
2696 pbData, pdwDataLen);
2697 }
2698
2699 /******************************************************************************
2700 * release_and_install_key [Internal]
2701 *
2702 * Release an existing key, if present, and replaces it with a new one.
2703 *
2704 * PARAMS
2705 * hProv [I] Key container into which the key is to be imported.
2706 * src [I] Key which will replace *dest
2707 * dest [I] Points to key to be released and replaced with src
2708 * fStoreKey [I] If TRUE, the newly installed key is stored to the registry.
2709 */
2710 static void release_and_install_key(HCRYPTPROV hProv, HCRYPTKEY src,
2711 HCRYPTKEY *dest, DWORD fStoreKey)
2712 {
2713 RSAENH_CPDestroyKey(hProv, *dest);
2714 copy_handle(&handle_table, src, RSAENH_MAGIC_KEY, dest);
2715 if (fStoreKey)
2716 {
2717 KEYCONTAINER *pKeyContainer;
2718
2719 if ((pKeyContainer = get_key_container(hProv)))
2720 {
2721 store_key_container_keys(pKeyContainer);
2722 store_key_container_permissions(pKeyContainer);
2723 }
2724 }
2725 }
2726
2727 /******************************************************************************
2728 * import_private_key [Internal]
2729 *
2730 * Import a BLOB'ed private key into a key container.
2731 *
2732 * PARAMS
2733 * hProv [I] Key container into which the private key is to be imported.
2734 * pbData [I] Pointer to a buffer which holds the private key BLOB.
2735 * dwDataLen [I] Length of data in buffer at pbData.
2736 * dwFlags [I] One of:
2737 * CRYPT_EXPORTABLE: the imported key is marked exportable
2738 * fStoreKey [I] If TRUE, the imported key is stored to the registry.
2739 * phKey [O] Handle to the imported key.
2740 *
2741 *
2742 * NOTES
2743 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2744 * it's a PRIVATEKEYBLOB.
2745 *
2746 * RETURNS
2747 * Success: TRUE.
2748 * Failure: FALSE.
2749 */
2750 static BOOL import_private_key(HCRYPTPROV hProv, const BYTE *pbData, DWORD dwDataLen,
2751 DWORD dwFlags, BOOL fStoreKey, HCRYPTKEY *phKey)
2752 {
2753 KEYCONTAINER *pKeyContainer;
2754 CRYPTKEY *pCryptKey;
2755 const BLOBHEADER *pBlobHeader = (const BLOBHEADER*)pbData;
2756 const RSAPUBKEY *pRSAPubKey = (const RSAPUBKEY*)(pBlobHeader+1);
2757 BOOL ret;
2758
2759 if (dwFlags & CRYPT_IPSEC_HMAC_KEY)
2760 {
2761 FIXME("unimplemented for CRYPT_IPSEC_HMAC_KEY\n");
2762 SetLastError(NTE_BAD_FLAGS);
2763 return FALSE;
2764 }
2765 if (!(pKeyContainer = get_key_container(hProv)))
2766 return FALSE;
2767
2768 if ((dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY)))
2769 {
2770 ERR("datalen %d not long enough for a BLOBHEADER + RSAPUBKEY\n",
2771 dwDataLen);
2772 SetLastError(NTE_BAD_DATA);
2773 return FALSE;
2774 }
2775 if (pRSAPubKey->magic != RSAENH_MAGIC_RSA2)
2776 {
2777 ERR("unexpected magic %08x\n", pRSAPubKey->magic);
2778 SetLastError(NTE_BAD_DATA);
2779 return FALSE;
2780 }
2781 if ((dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) +
2782 (pRSAPubKey->bitlen >> 3) + (5 * ((pRSAPubKey->bitlen+8)>>4))))
2783 {
2784 DWORD expectedLen = sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) +
2785 (pRSAPubKey->bitlen >> 3) + (5 * ((pRSAPubKey->bitlen+8)>>4));
2786
2787 ERR("blob too short for pub key: expect %d, got %d\n",
2788 expectedLen, dwDataLen);
2789 SetLastError(NTE_BAD_DATA);
2790 return FALSE;
2791 }
2792
2793 *phKey = new_key(hProv, pBlobHeader->aiKeyAlg, MAKELONG(0,pRSAPubKey->bitlen), &pCryptKey);
2794 if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
2795 setup_key(pCryptKey);
2796 ret = import_private_key_impl((const BYTE*)(pRSAPubKey+1), &pCryptKey->context,
2797 pRSAPubKey->bitlen/8, dwDataLen, pRSAPubKey->pubexp);
2798 if (ret) {
2799 if (dwFlags & CRYPT_EXPORTABLE)
2800 pCryptKey->dwPermissions |= CRYPT_EXPORT;
2801 switch (pBlobHeader->aiKeyAlg)
2802 {
2803 case AT_SIGNATURE:
2804 case CALG_RSA_SIGN:
2805 TRACE("installing signing key\n");
2806 release_and_install_key(hProv, *phKey, &pKeyContainer->hSignatureKeyPair,
2807 fStoreKey);
2808 break;
2809 case AT_KEYEXCHANGE:
2810 case CALG_RSA_KEYX:
2811 TRACE("installing key exchange key\n");
2812 release_and_install_key(hProv, *phKey, &pKeyContainer->hKeyExchangeKeyPair,
2813 fStoreKey);
2814 break;
2815 }
2816 }
2817 return ret;
2818 }
2819
2820 /******************************************************************************
2821 * import_public_key [Internal]
2822 *
2823 * Import a BLOB'ed public key.
2824 *
2825 * PARAMS
2826 * hProv [I] A CSP.
2827 * pbData [I] Pointer to a buffer which holds the public key BLOB.
2828 * dwDataLen [I] Length of data in buffer at pbData.
2829 * dwFlags [I] One of:
2830 * CRYPT_EXPORTABLE: the imported key is marked exportable
2831 * phKey [O] Handle to the imported key.
2832 *
2833 *
2834 * NOTES
2835 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2836 * it's a PUBLICKEYBLOB.
2837 *
2838 * RETURNS
2839 * Success: TRUE.
2840 * Failure: FALSE.
2841 */
2842 static BOOL import_public_key(HCRYPTPROV hProv, const BYTE *pbData, DWORD dwDataLen,
2843 DWORD dwFlags, HCRYPTKEY *phKey)
2844 {
2845 CRYPTKEY *pCryptKey;
2846 const BLOBHEADER *pBlobHeader = (const BLOBHEADER*)pbData;
2847 const RSAPUBKEY *pRSAPubKey = (const RSAPUBKEY*)(pBlobHeader+1);
2848 ALG_ID algID;
2849 BOOL ret;
2850
2851 if (dwFlags & CRYPT_IPSEC_HMAC_KEY)
2852 {
2853 FIXME("unimplemented for CRYPT_IPSEC_HMAC_KEY\n");
2854 SetLastError(NTE_BAD_FLAGS);
2855 return FALSE;
2856 }
2857
2858 if ((dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY)) ||
2859 (pRSAPubKey->magic != RSAENH_MAGIC_RSA1) ||
2860 (dwDataLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + (pRSAPubKey->bitlen >> 3)))
2861 {
2862 SetLastError(NTE_BAD_DATA);
2863 return FALSE;
2864 }
2865
2866 /* Since this is a public key blob, only the public key is
2867 * available, so only signature verification is possible.
2868 */
2869 algID = pBlobHeader->aiKeyAlg;
2870 *phKey = new_key(hProv, algID, MAKELONG(0,pRSAPubKey->bitlen), &pCryptKey);
2871 if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
2872 setup_key(pCryptKey);
2873 ret = import_public_key_impl((const BYTE*)(pRSAPubKey+1), &pCryptKey->context,
2874 pRSAPubKey->bitlen >> 3, pRSAPubKey->pubexp);
2875 if (ret) {
2876 if (dwFlags & CRYPT_EXPORTABLE)
2877 pCryptKey->dwPermissions |= CRYPT_EXPORT;
2878 }
2879 return ret;
2880 }
2881
2882 /******************************************************************************
2883 * import_symmetric_key [Internal]
2884 *
2885 * Import a BLOB'ed symmetric key into a key container.
2886 *
2887 * PARAMS
2888 * hProv [I] Key container into which the symmetric key is to be imported.
2889 * pbData [I] Pointer to a buffer which holds the symmetric key BLOB.
2890 * dwDataLen [I] Length of data in buffer at pbData.
2891 * hPubKey [I] Key used to decrypt sensitive BLOB data.
2892 * dwFlags [I] One of:
2893 * CRYPT_EXPORTABLE: the imported key is marked exportable
2894 * phKey [O] Handle to the imported key.
2895 *
2896 *
2897 * NOTES
2898 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2899 * it's a SIMPLEBLOB.
2900 *
2901 * RETURNS
2902 * Success: TRUE.
2903 * Failure: FALSE.
2904 */
2905 static BOOL import_symmetric_key(HCRYPTPROV hProv, const BYTE *pbData, DWORD dwDataLen,
2906 HCRYPTKEY hPubKey, DWORD dwFlags, HCRYPTKEY *phKey)
2907 {
2908 CRYPTKEY *pCryptKey, *pPubKey;
2909 const BLOBHEADER *pBlobHeader = (const BLOBHEADER*)pbData;
2910 const ALG_ID *pAlgid = (const ALG_ID*)(pBlobHeader+1);
2911 const BYTE *pbKeyStream = (const BYTE*)(pAlgid + 1);
2912 BYTE *pbDecrypted;
2913 DWORD dwKeyLen;
2914
2915 if (dwFlags & CRYPT_IPSEC_HMAC_KEY)
2916 {
2917 FIXME("unimplemented for CRYPT_IPSEC_HMAC_KEY\n");
2918 SetLastError(NTE_BAD_FLAGS);
2919 return FALSE;
2920 }
2921 if (!lookup_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pPubKey) ||
2922 pPubKey->aiAlgid != CALG_RSA_KEYX)
2923 {
2924 SetLastError(NTE_BAD_PUBLIC_KEY); /* FIXME: error code? */
2925 return FALSE;
2926 }
2927
2928 if (dwDataLen < sizeof(BLOBHEADER)+sizeof(ALG_ID)+pPubKey->dwBlockLen)
2929 {
2930 SetLastError(NTE_BAD_DATA); /* FIXME: error code */
2931 return FALSE;
2932 }
2933
2934 pbDecrypted = HeapAlloc(GetProcessHeap(), 0, pPubKey->dwBlockLen);
2935 if (!pbDecrypted) return FALSE;
2936 encrypt_block_impl(pPubKey->aiAlgid, PK_PRIVATE, &pPubKey->context, pbKeyStream, pbDecrypted,
2937 RSAENH_DECRYPT);
2938
2939 dwKeyLen = RSAENH_MAX_KEY_SIZE;
2940 if (!unpad_data(pbDecrypted, pPubKey->dwBlockLen, pbDecrypted, &dwKeyLen, dwFlags)) {
2941 HeapFree(GetProcessHeap(), 0, pbDecrypted);
2942 return FALSE;
2943 }
2944
2945 *phKey = new_key(hProv, pBlobHeader->aiKeyAlg, dwKeyLen<<19, &pCryptKey);
2946 if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE)
2947 {
2948 HeapFree(GetProcessHeap(), 0, pbDecrypted);
2949 return FALSE;
2950 }
2951 memcpy(pCryptKey->abKeyValue, pbDecrypted, dwKeyLen);
2952 HeapFree(GetProcessHeap(), 0, pbDecrypted);
2953 setup_key(pCryptKey);
2954 if (dwFlags & CRYPT_EXPORTABLE)
2955 pCryptKey->dwPermissions |= CRYPT_EXPORT;
2956 return TRUE;
2957 }
2958
2959 /******************************************************************************
2960 * import_plaintext_key [Internal]
2961 *
2962 * Import a plaintext key into a key container.
2963 *
2964 * PARAMS
2965 * hProv [I] Key container into which the symmetric key is to be imported.
2966 * pbData [I] Pointer to a buffer which holds the plaintext key BLOB.
2967 * dwDataLen [I] Length of data in buffer at pbData.
2968 * dwFlags [I] One of:
2969 * CRYPT_EXPORTABLE: the imported key is marked exportable
2970 * phKey [O] Handle to the imported key.
2971 *
2972 *
2973 * NOTES
2974 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2975 * it's a PLAINTEXTKEYBLOB.
2976 *
2977 * RETURNS
2978 * Success: TRUE.
2979 * Failure: FALSE.
2980 */
2981 static BOOL import_plaintext_key(HCRYPTPROV hProv, const BYTE *pbData, DWORD dwDataLen,
2982 DWORD dwFlags, HCRYPTKEY *phKey)
2983 {
2984 CRYPTKEY *pCryptKey;
2985 const BLOBHEADER *pBlobHeader = (const BLOBHEADER*)pbData;
2986 const DWORD *pKeyLen = (const DWORD *)(pBlobHeader + 1);
2987 const BYTE *pbKeyStream = (const BYTE*)(pKeyLen + 1);
2988
2989 if (dwDataLen < sizeof(BLOBHEADER)+sizeof(DWORD)+*pKeyLen)
2990 {
2991 SetLastError(NTE_BAD_DATA); /* FIXME: error code */
2992 return FALSE;
2993 }
2994
2995 if (dwFlags & CRYPT_IPSEC_HMAC_KEY)
2996 {
2997 *phKey = new_key(hProv, CALG_HMAC, 0, &pCryptKey);
2998 if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE)
2999 return FALSE;
3000 if (*pKeyLen <= RSAENH_MIN(sizeof(pCryptKey->abKeyValue), RSAENH_HMAC_BLOCK_LEN))
3001 {
3002 memcpy(pCryptKey->abKeyValue, pbKeyStream, *pKeyLen);
3003 pCryptKey->dwKeyLen = *pKeyLen;
3004 }
3005 else
3006 {
3007 CRYPT_DATA_BLOB blobHmacKey = { *pKeyLen, (BYTE *)pbKeyStream };
3008
3009 /* In order to initialize an HMAC key, the key material is hashed,
3010 * and the output of the hash function is used as the key material.
3011 * Unfortunately, the way the Crypto API is designed, we don't know
3012 * the hash algorithm yet, so we have to copy the entire key
3013 * material.
3014 */
3015 if (!copy_data_blob(&pCryptKey->blobHmacKey, &blobHmacKey))
3016 {
3017 release_handle(&handle_table, *phKey, RSAENH_MAGIC_KEY);
3018 *phKey = (HCRYPTKEY)INVALID_HANDLE_VALUE;
3019 return FALSE;
3020 }
3021 }
3022 setup_key(pCryptKey);
3023 if (dwFlags & CRYPT_EXPORTABLE)
3024 pCryptKey->dwPermissions |= CRYPT_EXPORT;
3025 }
3026 else
3027 {
3028 *phKey = new_key(hProv, pBlobHeader->aiKeyAlg, *pKeyLen<<19, &pCryptKey);
3029 if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE)
3030 return FALSE;
3031 memcpy(pCryptKey->abKeyValue, pbKeyStream, *pKeyLen);
3032 setup_key(pCryptKey);
3033 if (dwFlags & CRYPT_EXPORTABLE)
3034 pCryptKey->dwPermissions |= CRYPT_EXPORT;
3035 }
3036 return TRUE;
3037 }
3038
3039 /******************************************************************************
3040 * import_key [Internal]
3041 *
3042 * Import a BLOB'ed key into a key container, optionally storing the key's
3043 * value to the registry.
3044 *
3045 * PARAMS
3046 * hProv [I] Key container into which the key is to be imported.
3047 * pbData [I] Pointer to a buffer which holds the BLOB.
3048 * dwDataLen [I] Length of data in buffer at pbData.
3049 * hPubKey [I] Key used to decrypt sensitive BLOB data.
3050 * dwFlags [I] One of:
3051 * CRYPT_EXPORTABLE: the imported key is marked exportable
3052 * fStoreKey [I] If TRUE, the imported key is stored to the registry.
3053 * phKey [O] Handle to the imported key.
3054 *
3055 * RETURNS
3056 * Success: TRUE.
3057 * Failure: FALSE.
3058 */
3059 static BOOL import_key(HCRYPTPROV hProv, const BYTE *pbData, DWORD dwDataLen, HCRYPTKEY hPubKey,
3060 DWORD dwFlags, BOOL fStoreKey, HCRYPTKEY *phKey)
3061 {
3062 KEYCONTAINER *pKeyContainer;
3063 const BLOBHEADER *pBlobHeader = (const BLOBHEADER*)pbData;
3064
3065 if (!(pKeyContainer = get_key_container(hProv)))
3066 return FALSE;
3067
3068 if (dwDataLen < sizeof(BLOBHEADER) ||
3069 pBlobHeader->bVersion != CUR_BLOB_VERSION ||
3070 pBlobHeader->reserved != 0)
3071 {
3072 TRACE("bVersion = %d, reserved = %d\n", pBlobHeader->bVersion,
3073 pBlobHeader->reserved);
3074 SetLastError(NTE_BAD_DATA);
3075 return FALSE;
3076 }
3077
3078 /* If this is a verify-only context, the key is not persisted regardless of
3079 * fStoreKey's original value.
3080 */
3081 fStoreKey = fStoreKey && !(dwFlags & CRYPT_VERIFYCONTEXT);
3082 TRACE("blob type: %x\n", pBlobHeader->bType);
3083 switch (pBlobHeader->bType)
3084 {
3085 case PRIVATEKEYBLOB:
3086 return import_private_key(hProv, pbData, dwDataLen, dwFlags,
3087 fStoreKey, phKey);
3088
3089 case PUBLICKEYBLOB:
3090 return import_public_key(hProv, pbData, dwDataLen, dwFlags,
3091 phKey);
3092
3093 case SIMPLEBLOB:
3094 return import_symmetric_key(hProv, pbData, dwDataLen, hPubKey,
3095 dwFlags, phKey);
3096
3097 case PLAINTEXTKEYBLOB:
3098 return import_plaintext_key(hProv, pbData, dwDataLen, dwFlags,
3099 phKey);
3100
3101 default:
3102 SetLastError(NTE_BAD_TYPE); /* FIXME: error code? */
3103 return FALSE;
3104 }
3105 }
3106
3107 /******************************************************************************
3108 * CPImportKey (RSAENH.@)
3109 *
3110 * Import a BLOB'ed key into a key container.
3111 *
3112 * PARAMS
3113 * hProv [I] Key container into which the key is to be imported.
3114 * pbData [I] Pointer to a buffer which holds the BLOB.
3115 * dwDataLen [I] Length of data in buffer at pbData.
3116 * hPubKey [I] Key used to decrypt sensitive BLOB data.
3117 * dwFlags [I] One of:
3118 * CRYPT_EXPORTABLE: the imported key is marked exportable
3119 * phKey [O] Handle to the imported key.
3120 *
3121 * RETURNS
3122 * Success: TRUE.
3123 * Failure: FALSE.
3124 */
3125 BOOL WINAPI RSAENH_CPImportKey(HCRYPTPROV hProv, const BYTE *pbData, DWORD dwDataLen,
3126 HCRYPTKEY hPubKey, DWORD dwFlags, HCRYPTKEY *phKey)
3127 {
3128 TRACE("(hProv=%08lx, pbData=%p, dwDataLen=%d, hPubKey=%08lx, dwFlags=%08x, phKey=%p)\n",
3129 hProv, pbData, dwDataLen, hPubKey, dwFlags, phKey);
3130
3131 return import_key(hProv, pbData, dwDataLen, hPubKey, dwFlags, TRUE, phKey);
3132 }
3133
3134 /******************************************************************************
3135 * CPGenKey (RSAENH.@)
3136 *
3137 * Generate a key in the key container
3138 *
3139 * PARAMS
3140 * hProv [I] Key container for which a key is to be generated.
3141 * Algid [I] Crypto algorithm identifier for the key to be generated.
3142 * dwFlags [I] Upper 16 bits: Binary length of key. Lower 16 bits: Flags. See Notes
3143 * phKey [O] Handle to the generated key.
3144 *
3145 * RETURNS
3146 * Success: TRUE.
3147 * Failure: FALSE.
3148 *
3149 * FIXME
3150 * Flags currently not considered.
3151 *
3152 * NOTES
3153 * Private key-exchange- and signature-keys can be generated with Algid AT_KEYEXCHANGE
3154 * and AT_SIGNATURE values.
3155 */
3156 BOOL WINAPI RSAENH_CPGenKey(HCRYPTPROV hProv, ALG_ID Algid, DWORD dwFlags, HCRYPTKEY *phKey)
3157 {
3158 KEYCONTAINER *pKeyContainer;
3159 CRYPTKEY *pCryptKey;
3160
3161 TRACE("(hProv=%08lx, aiAlgid=%d, dwFlags=%08x, phKey=%p)\n", hProv, Algid, dwFlags, phKey);
3162
3163 if (!(pKeyContainer = get_key_container(hProv)))
3164 {
3165 /* MSDN: hProv not containing valid context handle */
3166 return FALSE;
3167 }
3168
3169 switch (Algid)
3170 {
3171 case AT_SIGNATURE:
3172 case CALG_RSA_SIGN:
3173 *phKey = new_key(hProv, CALG_RSA_SIGN, dwFlags, &pCryptKey);
3174 if (pCryptKey) {
3175 new_key_impl(pCryptKey->aiAlgid, &pCryptKey->context, pCryptKey->dwKeyLen);
3176 setup_key(pCryptKey);
3177 release_and_install_key(hProv, *phKey,
3178 &pKeyContainer->hSignatureKeyPair,
3179 FALSE);
3180 }
3181 break;
3182
3183 case AT_KEYEXCHANGE:
3184 case CALG_RSA_KEYX:
3185 *phKey = new_key(hProv, CALG_RSA_KEYX, dwFlags, &pCryptKey);
3186 if (pCryptKey) {
3187 new_key_impl(pCryptKey->aiAlgid, &pCryptKey->context, pCryptKey->dwKeyLen);
3188 setup_key(pCryptKey);
3189 release_and_install_key(hProv, *phKey,
3190 &pKeyContainer->hKeyExchangeKeyPair,
3191 FALSE);
3192 }
3193 break;
3194
3195 case CALG_RC2:
3196 case CALG_RC4:
3197 case CALG_DES:
3198 case CALG_3DES_112:
3199 case CALG_3DES:
3200 case CALG_AES:
3201 case CALG_AES_128:
3202 case CALG_AES_192:
3203 case CALG_AES_256:
3204 case CALG_PCT1_MASTER:
3205 case CALG_SSL2_MASTER:
3206 case CALG_SSL3_MASTER:
3207 case CALG_TLS1_MASTER:
3208 *phKey = new_key(hProv, Algid, dwFlags, &pCryptKey);
3209 if (pCryptKey) {
3210 gen_rand_impl(pCryptKey->abKeyValue, RSAENH_MAX_KEY_SIZE);
3211 switch (Algid) {
3212 case CALG_SSL3_MASTER:
3213 pCryptKey->abKeyValue[0] = RSAENH_SSL3_VERSION_MAJOR;
3214 pCryptKey->abKeyValue[1] = RSAENH_SSL3_VERSION_MINOR;
3215 break;
3216
3217 case CALG_TLS1_MASTER:
3218 pCryptKey->abKeyValue[0] = RSAENH_TLS1_VERSION_MAJOR;
3219 pCryptKey->abKeyValue[1] = RSAENH_TLS1_VERSION_MINOR;
3220 break;
3221 }
3222 setup_key(pCryptKey);
3223 }
3224 break;
3225
3226 default:
3227 /* MSDN: Algorithm not supported specified by Algid */
3228 SetLastError(NTE_BAD_ALGID);
3229 return FALSE;
3230 }
3231
3232 return *phKey != (HCRYPTKEY)INVALID_HANDLE_VALUE;
3233 }
3234
3235 /******************************************************************************
3236 * CPGenRandom (RSAENH.@)
3237 *
3238 * Generate a random byte stream.
3239 *
3240 * PARAMS
3241 * hProv [I] Key container that is used to generate random bytes.
3242 * dwLen [I] Specifies the number of requested random data bytes.
3243 * pbBuffer [O] Random bytes will be stored here.
3244 *
3245 * RETURNS
3246 * Success: TRUE
3247 * Failure: FALSE
3248 */
3249 BOOL WINAPI RSAENH_CPGenRandom(HCRYPTPROV hProv, DWORD dwLen, BYTE *pbBuffer)
3250 {
3251 TRACE("(hProv=%08lx, dwLen=%d, pbBuffer=%p)\n", hProv, dwLen, pbBuffer);
3252
3253 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3254 {
3255 /* MSDN: hProv not containing valid context handle */
3256 SetLastError(NTE_BAD_UID);
3257 return FALSE;
3258 }
3259
3260 return gen_rand_impl(pbBuffer, dwLen);
3261 }
3262
3263 /******************************************************************************
3264 * CPGetHashParam (RSAENH.@)
3265 *
3266 * Query parameters of an hash object.
3267 *
3268 * PARAMS
3269 * hProv [I] The kea container, which the hash belongs to.
3270 * hHash [I] The hash object that is to be queried.
3271 * dwParam [I] Specifies the parameter that is to be queried.
3272 * pbData [I] Pointer to the buffer where the parameter value will be stored.
3273 * pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3274 * dwFlags [I] None currently defined.
3275 *
3276 * RETURNS
3277 * Success: TRUE
3278 * Failure: FALSE
3279 *
3280 * NOTES
3281 * Valid dwParams are: HP_ALGID, HP_HASHSIZE, HP_HASHVALUE. The hash will be
3282 * finalized if HP_HASHVALUE is queried.
3283 */
3284 BOOL WINAPI RSAENH_CPGetHashParam(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwParam, BYTE *pbData,
3285 DWORD *pdwDataLen, DWORD dwFlags)
3286 {
3287 CRYPTHASH *pCryptHash;
3288
3289 TRACE("(hProv=%08lx, hHash=%08lx, dwParam=%08x, pbData=%p, pdwDataLen=%p, dwFlags=%08x)\n",
3290 hProv, hHash, dwParam, pbData, pdwDataLen, dwFlags);
3291
3292 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3293 {
3294 SetLastError(NTE_BAD_UID);
3295 return FALSE;
3296 }
3297
3298 if (dwFlags)
3299 {
3300 SetLastError(NTE_BAD_FLAGS);
3301 return FALSE;
3302 }
3303
3304 if (!lookup_handle(&handle_table, hHash, RSAENH_MAGIC_HASH,
3305 (OBJECTHDR**)&pCryptHash))
3306 {
3307 SetLastError(NTE_BAD_HASH);
3308 return FALSE;
3309 }
3310
3311 if (!pdwDataLen)
3312 {
3313 SetLastError(ERROR_INVALID_PARAMETER);
3314 return FALSE;
3315 }
3316
3317 switch (dwParam)
3318 {
3319 case HP_ALGID:
3320 return copy_param(pbData, pdwDataLen, (const BYTE*)&pCryptHash->aiAlgid,
3321 sizeof(ALG_ID));
3322
3323 case HP_HASHSIZE:
3324 return copy_param(pbData, pdwDataLen, (const BYTE*)&pCryptHash->dwHashSize,
3325 sizeof(DWORD));
3326
3327 case HP_HASHVAL:
3328 if (pCryptHash->aiAlgid == CALG_TLS1PRF) {
3329 return tls1_prf(hProv, pCryptHash->hKey, &pCryptHash->tpPRFParams.blobLabel,
3330 &pCryptHash->tpPRFParams.blobSeed, pbData, *pdwDataLen);
3331 }
3332
3333 if ( pbData == NULL ) {
3334 *pdwDataLen = pCryptHash->dwHashSize;
3335 return TRUE;
3336 }
3337
3338 if (pbData && (pCryptHash->dwState != RSAENH_HASHSTATE_FINISHED))
3339 {
3340 finalize_hash(pCryptHash);
3341 pCryptHash->dwState = RSAENH_HASHSTATE_FINISHED;
3342 }
3343
3344 return copy_param(pbData, pdwDataLen, pCryptHash->abHashValue,
3345 pCryptHash->dwHashSize);
3346
3347 default:
3348 SetLastError(NTE_BAD_TYPE);
3349 return FALSE;
3350 }
3351 }
3352
3353 /******************************************************************************
3354 * CPSetKeyParam (RSAENH.@)
3355 *
3356 * Set a parameter of a key object
3357 *
3358 * PARAMS
3359 * hProv [I] The key container to which the key belongs.
3360 * hKey [I] The key for which a parameter is to be set.
3361 * dwParam [I] Parameter type. See Notes.
3362 * pbData [I] Pointer to the parameter value.
3363 * dwFlags [I] Currently none defined.
3364 *
3365 * RETURNS
3366 * Success: TRUE.
3367 * Failure: FALSE.
3368 *
3369 * NOTES:
3370 * Defined dwParam types are:
3371 * - KP_MODE: Values MODE_CBC, MODE_ECB, MODE_CFB.
3372 * - KP_MODE_BITS: Shift width for cipher feedback mode. (Currently ignored by MS CSP's)
3373 * - KP_PERMISSIONS: Or'ed combination of CRYPT_ENCRYPT, CRYPT_DECRYPT,
3374 * CRYPT_EXPORT, CRYPT_READ, CRYPT_WRITE, CRYPT_MAC
3375 * - KP_IV: Initialization vector
3376 */
3377 BOOL WINAPI RSAENH_CPSetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam, BYTE *pbData,
3378 DWORD dwFlags)
3379 {
3380 CRYPTKEY *pCryptKey;
3381
3382 TRACE("(hProv=%08lx, hKey=%08lx, dwParam=%08x, pbData=%p, dwFlags=%08x)\n", hProv, hKey,
3383 dwParam, pbData, dwFlags);
3384
3385 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3386 {
3387 SetLastError(NTE_BAD_UID);
3388 return FALSE;
3389 }
3390
3391 if (dwFlags) {
3392 SetLastError(NTE_BAD_FLAGS);
3393 return FALSE;
3394 }
3395
3396 if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
3397 {
3398 SetLastError(NTE_BAD_KEY);
3399 return FALSE;
3400 }
3401
3402 switch (dwParam) {
3403 case KP_PADDING:
3404 /* The MS providers only support PKCS5_PADDING */
3405 if (*(DWORD *)pbData != PKCS5_PADDING) {
3406 SetLastError(NTE_BAD_DATA);
3407 return FALSE;
3408 }
3409 return TRUE;
3410
3411 case KP_MODE:
3412 pCryptKey->dwMode = *(DWORD*)pbData;
3413 return TRUE;
3414
3415 case KP_MODE_BITS:
3416 pCryptKey->dwModeBits = *(DWORD*)pbData;
3417 return TRUE;
3418
3419 case KP_PERMISSIONS:
3420 {
3421 DWORD perms = *(DWORD *)pbData;
3422
3423 if ((perms & CRYPT_EXPORT) &&
3424 !(pCryptKey->dwPermissions & CRYPT_EXPORT))
3425 {
3426 SetLastError(NTE_BAD_DATA);
3427 return FALSE;
3428 }
3429 else if (!(perms & CRYPT_EXPORT) &&
3430 (pCryptKey->dwPermissions & CRYPT_EXPORT))
3431 {
3432 /* Clearing the export permission appears to be ignored,
3433 * see tests.
3434 */
3435 perms |= CRYPT_EXPORT;
3436 }
3437 pCryptKey->dwPermissions = perms;
3438 return TRUE;
3439 }
3440
3441 case KP_IV:
3442 memcpy(pCryptKey->abInitVector, pbData, pCryptKey->dwBlockLen);
3443 setup_key(pCryptKey);
3444 return TRUE;
3445
3446 case KP_SALT:
3447 switch (pCryptKey->aiAlgid) {
3448 case CALG_RC2:
3449 case CALG_RC4:
3450 {
3451 KEYCONTAINER *pKeyContainer = get_key_container(pCryptKey->hProv);
3452 if (!pbData)
3453 {
3454 SetLastError(ERROR_INVALID_PARAMETER);
3455 return FALSE;
3456 }
3457 /* MSDN: the base provider always sets eleven bytes of
3458 * salt value.
3459 */
3460 memcpy(pCryptKey->abKeyValue + pCryptKey->dwKeyLen,
3461 pbData, 11);
3462 pCryptKey->dwSaltLen = 11;
3463 setup_key(pCryptKey);
3464 /* After setting the salt value if the provider is not base or
3465 * strong the salt length will be reset. */
3466 if (pKeyContainer->dwPersonality != RSAENH_PERSONALITY_BASE &&
3467 pKeyContainer->dwPersonality != RSAENH_PERSONALITY_STRONG)
3468 pCryptKey->dwSaltLen = 0;
3469 break;
3470 }
3471 default:
3472 SetLastError(NTE_BAD_KEY);
3473 return FALSE;
3474 }
3475 return TRUE;
3476
3477 case KP_SALT_EX:
3478 {
3479 CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)pbData;
3480
3481 /* salt length can't be greater than 184 bits = 24 bytes */
3482 if (blob->cbData > 24)
3483 {
3484 SetLastError(NTE_BAD_DATA);
3485 return FALSE;
3486 }
3487 memcpy(pCryptKey->abKeyValue + pCryptKey->dwKeyLen, blob->pbData,
3488 blob->cbData);
3489 pCryptKey->dwSaltLen = blob->cbData;
3490 setup_key(pCryptKey);
3491 return TRUE;
3492 }
3493
3494 case KP_EFFECTIVE_KEYLEN:
3495 switch (pCryptKey->aiAlgid) {
3496 case CALG_RC2:
3497 {
3498 DWORD keylen, deflen;
3499 BOOL ret = TRUE;
3500 KEYCONTAINER *pKeyContainer = get_key_container(pCryptKey->hProv);
3501
3502 if (!pbData)
3503 {
3504 SetLastError(ERROR_INVALID_PARAMETER);
3505 return FALSE;
3506 }
3507 keylen = *(DWORD *)pbData;
3508 if (!keylen || keylen > 1024)
3509 {
3510 SetLastError(NTE_BAD_DATA);
3511 return FALSE;
3512 }
3513
3514 /*
3515 * The Base provider will force the key length to default
3516 * and set an error state if a key length different from
3517 * the default is tried.
3518 */
3519 deflen = aProvEnumAlgsEx[pKeyContainer->dwPersonality]->dwDefaultLen;
3520 if (pKeyContainer->dwPersonality == RSAENH_PERSONALITY_BASE
3521 && keylen != deflen)
3522 {
3523 keylen = deflen;
3524 SetLastError(NTE_BAD_DATA);
3525 ret = FALSE;
3526 }
3527 pCryptKey->dwEffectiveKeyLen = keylen;
3528 setup_key(pCryptKey);
3529 return ret;
3530 }
3531 default:
3532 SetLastError(NTE_BAD_TYPE);
3533 return FALSE;
3534 }
3535 return TRUE;
3536
3537 case KP_SCHANNEL_ALG:
3538 switch (((PSCHANNEL_ALG)pbData)->dwUse) {
3539 case SCHANNEL_ENC_KEY:
3540 memcpy(&pCryptKey->siSChannelInfo.saEncAlg, pbData, sizeof(SCHANNEL_ALG));
3541 break;
3542
3543 case SCHANNEL_MAC_KEY:
3544 memcpy(&pCryptKey->siSChannelInfo.saMACAlg, pbData, sizeof(SCHANNEL_ALG));
3545 break;
3546
3547 default:
3548 SetLastError(NTE_FAIL); /* FIXME: error code */
3549 return FALSE;
3550 }
3551 return TRUE;
3552
3553 case KP_CLIENT_RANDOM:
3554 return copy_data_blob(&pCryptKey->siSChannelInfo.blobClientRandom, (PCRYPT_DATA_BLOB)pbData);
3555
3556 case KP_SERVER_RANDOM:
3557 return copy_data_blob(&pCryptKey->siSChannelInfo.blobServerRandom, (PCRYPT_DATA_BLOB)pbData);
3558
3559 default:
3560 SetLastError(NTE_BAD_TYPE);
3561 return FALSE;
3562 }
3563 }
3564
3565 /******************************************************************************
3566 * CPGetKeyParam (RSAENH.@)
3567 *
3568 * Query a key parameter.
3569 *
3570 * PARAMS
3571 * hProv [I] The key container, which the key belongs to.
3572 * hHash [I] The key object that is to be queried.
3573 * dwParam [I] Specifies the parameter that is to be queried.
3574 * pbData [I] Pointer to the buffer where the parameter value will be stored.
3575 * pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3576 * dwFlags [I] None currently defined.
3577 *
3578 * RETURNS
3579 * Success: TRUE
3580 * Failure: FALSE
3581 *
3582 * NOTES
3583 * Defined dwParam types are:
3584 * - KP_MODE: Values MODE_CBC, MODE_ECB, MODE_CFB.
3585 * - KP_MODE_BITS: Shift width for cipher feedback mode.
3586 * (Currently ignored by MS CSP's - always eight)
3587 * - KP_PERMISSIONS: Or'ed combination of CRYPT_ENCRYPT, CRYPT_DECRYPT,
3588 * CRYPT_EXPORT, CRYPT_READ, CRYPT_WRITE, CRYPT_MAC
3589 * - KP_IV: Initialization vector.
3590 * - KP_KEYLEN: Bitwidth of the key.
3591 * - KP_BLOCKLEN: Size of a block cipher block.
3592 * - KP_SALT: Salt value.
3593 */
3594 BOOL WINAPI RSAENH_CPGetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam, BYTE *pbData,
3595 DWORD *pdwDataLen, DWORD dwFlags)
3596 {
3597 CRYPTKEY *pCryptKey;
3598 DWORD dwValue;
3599
3600 TRACE("(hProv=%08lx, hKey=%08lx, dwParam=%08x, pbData=%p, pdwDataLen=%p dwFlags=%08x)\n",
3601 hProv, hKey, dwParam, pbData, pdwDataLen, dwFlags);
3602
3603 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3604 {
3605 SetLastError(NTE_BAD_UID);
3606 return FALSE;
3607 }
3608
3609 if (dwFlags) {
3610 SetLastError(NTE_BAD_FLAGS);
3611 return FALSE;
3612 }
3613
3614 if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pCryptKey))
3615 {
3616 SetLastError(NTE_BAD_KEY);
3617 return FALSE;
3618 }
3619
3620 switch (dwParam)
3621 {
3622 case KP_IV:
3623 return copy_param(pbData, pdwDataLen, pCryptKey->abInitVector,
3624 pCryptKey->dwBlockLen);
3625
3626 case KP_SALT:
3627 switch (pCryptKey->aiAlgid) {
3628 case CALG_RC2:
3629 case CALG_RC4:
3630 return copy_param(pbData, pdwDataLen,
3631 &pCryptKey->abKeyValue[pCryptKey->dwKeyLen],
3632 pCryptKey->dwSaltLen);
3633 default:
3634 SetLastError(NTE_BAD_KEY);
3635 return FALSE;
3636 }
3637
3638 case KP_PADDING:
3639 dwValue = PKCS5_PADDING;
3640 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwValue, sizeof(DWORD));
3641
3642 case KP_KEYLEN:
3643 dwValue = pCryptKey->dwKeyLen << 3;
3644 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwValue, sizeof(DWORD));
3645
3646 case KP_EFFECTIVE_KEYLEN:
3647 if (pCryptKey->dwEffectiveKeyLen)
3648 dwValue = pCryptKey->dwEffectiveKeyLen;
3649 else
3650 dwValue = pCryptKey->dwKeyLen << 3;
3651 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwValue, sizeof(DWORD));
3652
3653 case KP_BLOCKLEN:
3654 dwValue = pCryptKey->dwBlockLen << 3;
3655 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwValue, sizeof(DWORD));
3656
3657 case KP_MODE:
3658 return copy_param(pbData, pdwDataLen, (const BYTE*)&pCryptKey->dwMode, sizeof(DWORD));
3659
3660 case KP_MODE_BITS:
3661 return copy_param(pbData, pdwDataLen, (const BYTE*)&pCryptKey->dwModeBits,
3662 sizeof(DWORD));
3663
3664 case KP_PERMISSIONS:
3665 return copy_param(pbData, pdwDataLen, (const BYTE*)&pCryptKey->dwPermissions,
3666 sizeof(DWORD));
3667
3668 case KP_ALGID:
3669 return copy_param(pbData, pdwDataLen, (const BYTE*)&pCryptKey->aiAlgid, sizeof(DWORD));
3670
3671 default:
3672 SetLastError(NTE_BAD_TYPE);
3673 return FALSE;
3674 }
3675 }
3676
3677 /******************************************************************************
3678 * CPGetProvParam (RSAENH.@)
3679 *
3680 * Query a CSP parameter.
3681 *
3682 * PARAMS
3683 * hProv [I] The key container that is to be queried.
3684 * dwParam [I] Specifies the parameter that is to be queried.
3685 * pbData [I] Pointer to the buffer where the parameter value will be stored.
3686 * pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3687 * dwFlags [I] CRYPT_FIRST: Start enumeration (for PP_ENUMALGS{_EX}).
3688 *
3689 * RETURNS
3690 * Success: TRUE
3691 * Failure: FALSE
3692 * NOTES:
3693 * Defined dwParam types:
3694 * - PP_CONTAINER: Name of the key container.
3695 * - PP_NAME: Name of the cryptographic service provider.
3696 * - PP_SIG_KEYSIZE_INC: RSA signature keywidth granularity in bits.
3697 * - PP_KEYX_KEYSIZE_INC: RSA key-exchange keywidth granularity in bits.
3698 * - PP_ENUMALGS{_EX}: Query provider capabilities.
3699 * - PP_KEYSET_SEC_DESCR: Retrieve security descriptor on container.
3700 */
3701 BOOL WINAPI RSAENH_CPGetProvParam(HCRYPTPROV hProv, DWORD dwParam, BYTE *pbData,
3702 DWORD *pdwDataLen, DWORD dwFlags)
3703 {
3704 KEYCONTAINER *pKeyContainer;
3705 PROV_ENUMALGS provEnumalgs;
3706 DWORD dwTemp;
3707 HKEY hKey;
3708
3709 /* This is for dwParam PP_CRYPT_COUNT_KEY_USE.
3710 * IE6 SP1 asks for it in the 'About' dialog.
3711 * Returning this BLOB seems to satisfy IE. The marked 0x00 seem
3712 * to be 'don't care's. If you know anything more specific about
3713 * this provider parameter, please report to wine-devel@winehq.org */
3714 static const BYTE abWTF[96] = {
3715 0xb0, 0x25, 0x63, 0x86, 0x9c, 0xab, 0xb6, 0x37,
3716 0xe8, 0x82, /**/0x00,/**/ 0x72, 0x06, 0xb2, /**/0x00,/**/ 0x3b,
3717 0x60, 0x35, /**/0x00,/**/ 0x3b, 0x88, 0xce, /**/0x00,/**/ 0x82,
3718 0xbc, 0x7a, /**/0x00,/**/ 0xb7, 0x4f, 0x7e, /**/0x00,/**/ 0xde,
3719 0x92, 0xf1, /**/0x00,/**/ 0x83, 0xea, 0x5e, /**/0x00,/**/ 0xc8,
3720 0x12, 0x1e, 0xd4, 0x06, 0xf7, 0x66, /**/0x00,/**/ 0x01,
3721 0x29, 0xa4, /**/0x00,/**/ 0xf8, 0x24, 0x0c, /**/0x00,/**/ 0x33,
3722 0x06, 0x80, /**/0x00,/**/ 0x02, 0x46, 0x0b, /**/0x00,/**/ 0x6d,
3723 0x5b, 0xca, /**/0x00,/**/ 0x9a, 0x10, 0xf0, /**/0x00,/**/ 0x05,
3724 0x19, 0xd0, /**/0x00,/**/ 0x2c, 0xf6, 0x27, /**/0x00,/**/ 0xaa,
3725 0x7c, 0x6f, /**/0x00,/**/ 0xb9, 0xd8, 0x72, /**/0x00,/**/ 0x03,
3726 0xf3, 0x81, /**/0x00,/**/ 0xfa, 0xe8, 0x26, /**/0x00,/**/ 0xca
3727 };
3728
3729 TRACE("(hProv=%08lx, dwParam=%08x, pbData=%p, pdwDataLen=%p, dwFlags=%08x)\n",
3730 hProv, dwParam, pbData, pdwDataLen, dwFlags);
3731
3732 if (!pdwDataLen) {
3733 SetLastError(ERROR_INVALID_PARAMETER);
3734 return FALSE;
3735 }
3736
3737 if (!(pKeyContainer = get_key_container(hProv)))
3738 {
3739 /* MSDN: hProv not containing valid context handle */
3740 return FALSE;
3741 }
3742
3743 switch (dwParam)
3744 {
3745 case PP_CONTAINER:
3746 case PP_UNIQUE_CONTAINER:/* MSDN says we can return the same value as PP_CONTAINER */
3747 return copy_param(pbData, pdwDataLen, (const BYTE*)pKeyContainer->szName,
3748 strlen(pKeyContainer->szName)+1);
3749
3750 case PP_NAME:
3751 return copy_param(pbData, pdwDataLen, (const BYTE*)pKeyContainer->szProvName,
3752 strlen(pKeyContainer->szProvName)+1);
3753
3754 case PP_PROVTYPE:
3755 dwTemp = PROV_RSA_FULL;
3756 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwTemp, sizeof(dwTemp));
3757
3758 case PP_KEYSPEC:
3759 dwTemp = AT_SIGNATURE | AT_KEYEXCHANGE;
3760 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwTemp, sizeof(dwTemp));
3761
3762 case PP_KEYSET_TYPE:
3763 dwTemp = pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET;
3764 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwTemp, sizeof(dwTemp));
3765
3766 case PP_KEYSTORAGE:
3767 dwTemp = CRYPT_SEC_DESCR;
3768 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwTemp, sizeof(dwTemp));
3769
3770 case PP_SIG_KEYSIZE_INC:
3771 case PP_KEYX_KEYSIZE_INC:
3772 dwTemp = 8;
3773 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwTemp, sizeof(dwTemp));
3774
3775 case PP_IMPTYPE:
3776 dwTemp = CRYPT_IMPL_SOFTWARE;
3777 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwTemp, sizeof(dwTemp));
3778
3779 case PP_VERSION:
3780 dwTemp = 0x00000200;
3781 return copy_param(pbData, pdwDataLen, (const BYTE*)&dwTemp, sizeof(dwTemp));
3782
3783 case PP_ENUMCONTAINERS:
3784 if ((dwFlags & CRYPT_FIRST) == CRYPT_FIRST) pKeyContainer->dwEnumContainersCtr = 0;
3785
3786 if (!pbData) {
3787 *pdwDataLen = (DWORD)MAX_PATH + 1;
3788 return TRUE;
3789 }
3790
3791 if (!open_container_key("", dwFlags, KEY_READ, &hKey))
3792 {
3793 SetLastError(ERROR_NO_MORE_ITEMS);
3794 return FALSE;
3795 }
3796
3797 dwTemp = *pdwDataLen;
3798 switch (RegEnumKeyExA(hKey, pKeyContainer->dwEnumContainersCtr, (LPSTR)pbData, &dwTemp,
3799 NULL, NULL, NULL, NULL))
3800 {
3801 case ERROR_MORE_DATA:
3802 *pdwDataLen = (DWORD)MAX_PATH + 1;
3803
3804 case ERROR_SUCCESS:
3805 pKeyContainer->dwEnumContainersCtr++;
3806 RegCloseKey(hKey);
3807 return TRUE;
3808
3809 case ERROR_NO_MORE_ITEMS:
3810 default:
3811 SetLastError(ERROR_NO_MORE_ITEMS);
3812 RegCloseKey(hKey);
3813 return FALSE;
3814 }
3815
3816 case PP_ENUMALGS:
3817 case PP_ENUMALGS_EX:
3818 if (((pKeyContainer->dwEnumAlgsCtr >= RSAENH_MAX_ENUMALGS-1) ||
3819 (!aProvEnumAlgsEx[pKeyContainer->dwPersonality]
3820 [pKeyContainer->dwEnumAlgsCtr+1].aiAlgid)) &&
3821 ((dwFlags & CRYPT_FIRST) != CRYPT_FIRST))
3822 {
3823 SetLastError(ERROR_NO_MORE_ITEMS);
3824 return FALSE;
3825 }
3826
3827 if (dwParam == PP_ENUMALGS) {
3828 if (pbData && (*pdwDataLen >= sizeof(PROV_ENUMALGS)))
3829 pKeyContainer->dwEnumAlgsCtr = ((dwFlags & CRYPT_FIRST) == CRYPT_FIRST) ?
3830 0 : pKeyContainer->dwEnumAlgsCtr+1;
3831
3832 provEnumalgs.aiAlgid = aProvEnumAlgsEx
3833 [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].aiAlgid;
3834 provEnumalgs.dwBitLen = aProvEnumAlgsEx
3835 [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].dwDefaultLen;
3836 provEnumalgs.dwNameLen = aProvEnumAlgsEx
3837 [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].dwNameLen;
3838 memcpy(provEnumalgs.szName, aProvEnumAlgsEx
3839 [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr].szName,
3840 20*sizeof(CHAR));
3841
3842 return copy_param(pbData, pdwDataLen, (const BYTE*)&provEnumalgs,
3843 sizeof(PROV_ENUMALGS));
3844 } else {
3845 if (pbData && (*pdwDataLen >= sizeof(PROV_ENUMALGS_EX)))
3846 pKeyContainer->dwEnumAlgsCtr = ((dwFlags & CRYPT_FIRST) == CRYPT_FIRST) ?
3847 0 : pKeyContainer->dwEnumAlgsCtr+1;
3848
3849 return copy_param(pbData, pdwDataLen,
3850 (const BYTE*)&aProvEnumAlgsEx
3851 [pKeyContainer->dwPersonality][pKeyContainer->dwEnumAlgsCtr],
3852 sizeof(PROV_ENUMALGS_EX));
3853 }
3854
3855 case PP_CRYPT_COUNT_KEY_USE: /* Asked for by IE About dialog */
3856 return copy_param(pbData, pdwDataLen, abWTF, sizeof(abWTF));
3857
3858 case PP_KEYSET_SEC_DESCR:
3859 {
3860 SECURITY_DESCRIPTOR *sd;
3861 DWORD err, len, flags = (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET);
3862
3863 if (!open_container_key(pKeyContainer->szName, flags, KEY_READ, &hKey))
3864 {
3865 SetLastError(NTE_BAD_KEYSET);
3866 return FALSE;
3867 }
3868
3869 err = GetSecurityInfo(hKey, SE_REGISTRY_KEY, dwFlags, NULL, NULL, NULL, NULL, (void **)&sd);
3870 RegCloseKey(hKey);
3871 if (err)
3872 {
3873 SetLastError(err);
3874 return FALSE;
3875 }
3876
3877 len = GetSecurityDescriptorLength(sd);
3878 if (*pdwDataLen >= len) memcpy(pbData, sd, len);
3879 else SetLastError(ERROR_INSUFFICIENT_BUFFER);
3880 *pdwDataLen = len;
3881
3882 LocalFree(sd);
3883 return TRUE;
3884 }
3885
3886 default:
3887 /* MSDN: Unknown parameter number in dwParam */
3888 SetLastError(NTE_BAD_TYPE);
3889 return FALSE;
3890 }
3891 }
3892
3893 /******************************************************************************
3894 * CPDeriveKey (RSAENH.@)
3895 *
3896 * Derives a key from a hash value.
3897 *
3898 * PARAMS
3899 * hProv [I] Key container for which a key is to be generated.
3900 * Algid [I] Crypto algorithm identifier for the key to be generated.
3901 * hBaseData [I] Hash from whose value the key will be derived.
3902 * dwFlags [I] See Notes.
3903 * phKey [O] The generated key.
3904 *
3905 * RETURNS
3906 * Success: TRUE
3907 * Failure: FALSE
3908 *
3909 * NOTES
3910 * Defined flags:
3911 * - CRYPT_EXPORTABLE: Key can be exported.
3912 * - CRYPT_NO_SALT: No salt is used for 40 bit keys.
3913 * - CRYPT_CREATE_SALT: Use remaining bits as salt value.
3914 */
3915 BOOL WINAPI RSAENH_CPDeriveKey(HCRYPTPROV hProv, ALG_ID Algid, HCRYPTHASH hBaseData,
3916 DWORD dwFlags, HCRYPTKEY *phKey)
3917 {
3918 CRYPTKEY *pCryptKey, *pMasterKey;
3919 CRYPTHASH *pCryptHash;
3920 BYTE abHashValue[RSAENH_MAX_HASH_SIZE*2];
3921 DWORD dwLen;
3922
3923 TRACE("(hProv=%08lx, Algid=%d, hBaseData=%08lx, dwFlags=%08x phKey=%p)\n", hProv, Algid,
3924 hBaseData, dwFlags, phKey);
3925
3926 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
3927 {
3928 SetLastError(NTE_BAD_UID);
3929 return FALSE;
3930 }
3931
3932 if (!lookup_handle(&handle_table, hBaseData, RSAENH_MAGIC_HASH,
3933 (OBJECTHDR**)&pCryptHash))
3934 {
3935 SetLastError(NTE_BAD_HASH);
3936 return FALSE;
3937 }
3938
3939 if (!phKey)
3940 {
3941 SetLastError(ERROR_INVALID_PARAMETER);
3942 return FALSE;
3943 }
3944
3945 switch (GET_ALG_CLASS(Algid))
3946 {
3947 case ALG_CLASS_DATA_ENCRYPT:
3948 {
3949 int need_padding, copy_len;
3950 *phKey = new_key(hProv, Algid, dwFlags, &pCryptKey);
3951 if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
3952
3953 /*
3954 * We derive the key material from the hash.
3955 * If the hash value is not large enough for the claimed key, we have to construct
3956 * a larger binary value based on the hash. This is documented in MSDN: CryptDeriveKey.
3957 */
3958 dwLen = RSAENH_MAX_HASH_SIZE;
3959 RSAENH_CPGetHashParam(pCryptHash->hProv, hBaseData, HP_HASHVAL, abHashValue, &dwLen, 0);
3960
3961 /*
3962 * The usage of padding seems to vary from algorithm to algorithm.
3963 * For now the only different case found was for AES with 128 bit key.
3964 */
3965 switch(Algid)
3966 {
3967 case CALG_AES_128:
3968 /* To reduce the chance of regressions we will only deviate
3969 * from the old behavior for the tested hash lengths */
3970 if (dwLen == 16 || dwLen == 20)
3971 {
3972 need_padding = 1;
3973 break;
3974 }
3975 default:
3976 need_padding = dwLen < pCryptKey->dwKeyLen;
3977 }
3978
3979 copy_len = pCryptKey->dwKeyLen;
3980 if (need_padding)
3981 {
3982 BYTE pad1[RSAENH_HMAC_DEF_PAD_LEN], pad2[RSAENH_HMAC_DEF_PAD_LEN];
3983 BYTE old_hashval[RSAENH_MAX_HASH_SIZE];
3984 DWORD i;
3985
3986 memcpy(old_hashval, pCryptHash->abHashValue, RSAENH_MAX_HASH_SIZE);
3987
3988 for (i=0; i<RSAENH_HMAC_DEF_PAD_LEN; i++) {
3989 pad1[i] = RSAENH_HMAC_DEF_IPAD_CHAR ^ (i<dwLen ? abHashValue[i] : 0);
3990 pad2[i] = RSAENH_HMAC_DEF_OPAD_CHAR ^ (i<dwLen ? abHashValue[i] : 0);
3991 }
3992
3993 init_hash(pCryptHash);
3994 update_hash(pCryptHash, pad1, RSAENH_HMAC_DEF_PAD_LEN);
3995 finalize_hash(pCryptHash);
3996 memcpy(abHashValue, pCryptHash->abHashValue, pCryptHash->dwHashSize);
3997
3998 init_hash(pCryptHash);
3999 update_hash(pCryptHash, pad2, RSAENH_HMAC_DEF_PAD_LEN);
4000 finalize_hash(pCryptHash);
4001 memcpy(abHashValue+pCryptHash->dwHashSize, pCryptHash->abHashValue,
4002 pCryptHash->dwHashSize);
4003
4004 memcpy(pCryptHash->abHashValue, old_hashval, RSAENH_MAX_HASH_SIZE);
4005 }
4006 /*
4007 * Padding was not required, we have more hash than needed.
4008 * Do we need to use the remaining hash as salt?
4009 */
4010 else if((dwFlags & CRYPT_CREATE_SALT) &&
4011 (Algid == CALG_RC2 || Algid == CALG_RC4))
4012 {
4013 copy_len += pCryptKey->dwSaltLen;
4014 }
4015
4016 memcpy(pCryptKey->abKeyValue, abHashValue,
4017 RSAENH_MIN(copy_len, sizeof(pCryptKey->abKeyValue)));
4018 break;
4019 }
4020 case ALG_CLASS_MSG_ENCRYPT:
4021 if (!lookup_handle(&handle_table, pCryptHash->hKey, RSAENH_MAGIC_KEY,
4022 (OBJECTHDR**)&pMasterKey))
4023 {
4024 SetLastError(NTE_FAIL); /* FIXME error code */
4025 return FALSE;
4026 }
4027
4028 switch (Algid)
4029 {
4030 /* See RFC 2246, chapter 6.3 Key calculation */
4031 case CALG_SCHANNEL_ENC_KEY:
4032 if (!pMasterKey->siSChannelInfo.saEncAlg.Algid ||
4033 !pMasterKey->siSChannelInfo.saEncAlg.cBits)
4034 {
4035 SetLastError(NTE_BAD_FLAGS);
4036 return FALSE;
4037 }
4038 *phKey = new_key(hProv, pMasterKey->siSChannelInfo.saEncAlg.Algid,
4039 MAKELONG(LOWORD(dwFlags),pMasterKey->siSChannelInfo.saEncAlg.cBits),
4040 &pCryptKey);
4041 if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
4042 memcpy(pCryptKey->abKeyValue,
4043 pCryptHash->abHashValue + (
4044 2 * (pMasterKey->siSChannelInfo.saMACAlg.cBits / 8) +
4045 ((dwFlags & CRYPT_SERVER) ?
4046 (pMasterKey->siSChannelInfo.saEncAlg.cBits / 8) : 0)),
4047 pMasterKey->siSChannelInfo.saEncAlg.cBits / 8);
4048 memcpy(pCryptKey->abInitVector,
4049 pCryptHash->abHashValue + (
4050 2 * (pMasterKey->siSChannelInfo.saMACAlg.cBits / 8) +
4051 2 * (pMasterKey->siSChannelInfo.saEncAlg.cBits / 8) +
4052 ((dwFlags & CRYPT_SERVER) ? pCryptKey->dwBlockLen : 0)),
4053 pCryptKey->dwBlockLen);
4054 break;
4055
4056 case CALG_SCHANNEL_MAC_KEY:
4057 *phKey = new_key(hProv, Algid,
4058 MAKELONG(LOWORD(dwFlags),pMasterKey->siSChannelInfo.saMACAlg.cBits),
4059 &pCryptKey);
4060 if (*phKey == (HCRYPTKEY)INVALID_HANDLE_VALUE) return FALSE;
4061 memcpy(pCryptKey->abKeyValue,
4062 pCryptHash->abHashValue + ((dwFlags & CRYPT_SERVER) ?
4063 pMasterKey->siSChannelInfo.saMACAlg.cBits / 8 : 0),
4064 pMasterKey->siSChannelInfo.saMACAlg.cBits / 8);
4065 break;
4066
4067 default:
4068 SetLastError(NTE_BAD_ALGID);
4069 return FALSE;
4070 }
4071 break;
4072
4073 default:
4074 SetLastError(NTE_BAD_ALGID);
4075 return FALSE;
4076 }
4077
4078 setup_key(pCryptKey);
4079 return TRUE;
4080 }
4081
4082 /******************************************************************************
4083 * CPGetUserKey (RSAENH.@)
4084 *
4085 * Returns a handle to the user's private key-exchange- or signature-key.
4086 *
4087 * PARAMS
4088 * hProv [I] The key container from which a user key is requested.
4089 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
4090 * phUserKey [O] Handle to the requested key or INVALID_HANDLE_VALUE in case of failure.
4091 *
4092 * RETURNS
4093 * Success: TRUE.
4094 * Failure: FALSE.
4095 *
4096 * NOTE
4097 * A newly created key container does not contain private user key. Create them with CPGenKey.
4098 */
4099 BOOL WINAPI RSAENH_CPGetUserKey(HCRYPTPROV hProv, DWORD dwKeySpec, HCRYPTKEY *phUserKey)
4100 {
4101 KEYCONTAINER *pKeyContainer;
4102
4103 TRACE("(hProv=%08lx, dwKeySpec=%08x, phUserKey=%p)\n", hProv, dwKeySpec, phUserKey);
4104
4105 if (!(pKeyContainer = get_key_container(hProv)))
4106 {
4107 /* MSDN: hProv not containing valid context handle */
4108 return FALSE;
4109 }
4110
4111 switch (dwKeySpec)
4112 {
4113 case AT_KEYEXCHANGE:
4114 copy_handle(&handle_table, pKeyContainer->hKeyExchangeKeyPair, RSAENH_MAGIC_KEY,
4115 phUserKey);
4116 break;
4117
4118 case AT_SIGNATURE:
4119 copy_handle(&handle_table, pKeyContainer->hSignatureKeyPair, RSAENH_MAGIC_KEY,
4120 phUserKey);
4121 break;
4122
4123 default:
4124 *phUserKey = (HCRYPTKEY)INVALID_HANDLE_VALUE;
4125 }
4126
4127 if (*phUserKey == (HCRYPTKEY)INVALID_HANDLE_VALUE)
4128 {
4129 /* MSDN: dwKeySpec parameter specifies nonexistent key */
4130 SetLastError(NTE_NO_KEY);
4131 return FALSE;
4132 }
4133
4134 return TRUE;
4135 }
4136
4137 /******************************************************************************
4138 * CPHashData (RSAENH.@)
4139 *
4140 * Updates a hash object with the given data.
4141 *
4142 * PARAMS
4143 * hProv [I] Key container to which the hash object belongs.
4144 * hHash [I] Hash object which is to be updated.
4145 * pbData [I] Pointer to data with which the hash object is to be updated.
4146 * dwDataLen [I] Length of the data.
4147 * dwFlags [I] Currently none defined.
4148 *
4149 * RETURNS
4150 * Success: TRUE.
4151 * Failure: FALSE.
4152 *
4153 * NOTES
4154 * The actual hash value is queried with CPGetHashParam, which will finalize
4155 * the hash. Updating a finalized hash will fail with a last error NTE_BAD_HASH_STATE.
4156 */
4157 BOOL WINAPI RSAENH_CPHashData(HCRYPTPROV hProv, HCRYPTHASH hHash, const BYTE *pbData,
4158 DWORD dwDataLen, DWORD dwFlags)
4159 {
4160 CRYPTHASH *pCryptHash;
4161
4162 TRACE("(hProv=%08lx, hHash=%08lx, pbData=%p, dwDataLen=%d, dwFlags=%08x)\n",
4163 hProv, hHash, pbData, dwDataLen, dwFlags);
4164
4165 if (dwFlags & ~CRYPT_USERDATA)
4166 {
4167 SetLastError(NTE_BAD_FLAGS);
4168 return FALSE;
4169 }
4170
4171 if (!lookup_handle(&handle_table, hHash, RSAENH_MAGIC_HASH,
4172 (OBJECTHDR**)&pCryptHash))
4173 {
4174 SetLastError(NTE_BAD_HASH);
4175 return FALSE;
4176 }
4177
4178 if (!get_algid_info(hProv, pCryptHash->aiAlgid) || pCryptHash->aiAlgid == CALG_SSL3_SHAMD5)
4179 {
4180 SetLastError(NTE_BAD_ALGID);
4181 return FALSE;
4182 }
4183
4184 if (pCryptHash->dwState != RSAENH_HASHSTATE_HASHING)
4185 {
4186 SetLastError(NTE_BAD_HASH_STATE);
4187 return FALSE;
4188 }
4189
4190 update_hash(pCryptHash, pbData, dwDataLen);
4191 return TRUE;
4192 }
4193
4194 /******************************************************************************
4195 * CPHashSessionKey (RSAENH.@)
4196 *
4197 * Updates a hash object with the binary representation of a symmetric key.
4198 *
4199 * PARAMS
4200 * hProv [I] Key container to which the hash object belongs.
4201 * hHash [I] Hash object which is to be updated.
4202 * hKey [I] The symmetric key, whose binary value will be added to the hash.
4203 * dwFlags [I] CRYPT_LITTLE_ENDIAN, if the binary key value shall be interpreted as little endian.
4204 *
4205 * RETURNS
4206 * Success: TRUE.
4207 * Failure: FALSE.
4208 */
4209 BOOL WINAPI RSAENH_CPHashSessionKey(HCRYPTPROV hProv, HCRYPTHASH hHash, HCRYPTKEY hKey,
4210 DWORD dwFlags)
4211 {
4212 BYTE abKeyValue[RSAENH_MAX_KEY_SIZE], bTemp;
4213 CRYPTKEY *pKey;
4214 DWORD i;
4215
4216 TRACE("(hProv=%08lx, hHash=%08lx, hKey=%08lx, dwFlags=%08x)\n", hProv, hHash, hKey, dwFlags);
4217
4218 if (!lookup_handle(&handle_table, hKey, RSAENH_MAGIC_KEY, (OBJECTHDR**)&pKey) ||
4219 (GET_ALG_CLASS(pKey->aiAlgid) != ALG_CLASS_DATA_ENCRYPT))
4220 {
4221 SetLastError(NTE_BAD_KEY);
4222 return FALSE;
4223 }
4224
4225 if (dwFlags & ~CRYPT_LITTLE_ENDIAN) {
4226 SetLastError(NTE_BAD_FLAGS);
4227 return FALSE;
4228 }
4229
4230 memcpy(abKeyValue, pKey->abKeyValue, pKey->dwKeyLen);
4231 if (!(dwFlags & CRYPT_LITTLE_ENDIAN)) {
4232 for (i=0; i<pKey->dwKeyLen/2; i++) {
4233 bTemp = abKeyValue[i];
4234 abKeyValue[i] = abKeyValue[pKey->dwKeyLen-i-1];
4235 abKeyValue[pKey->dwKeyLen-i-1] = bTemp;
4236 }
4237 }
4238
4239 return RSAENH_CPHashData(hProv, hHash, abKeyValue, pKey->dwKeyLen, 0);
4240 }
4241
4242 /******************************************************************************
4243 * CPReleaseContext (RSAENH.@)
4244 *
4245 * Release a key container.
4246 *
4247 * PARAMS
4248 * hProv [I] Key container to be released.
4249 * dwFlags [I] Currently none defined.
4250 *
4251 * RETURNS
4252 * Success: TRUE
4253 * Failure: FALSE
4254 */
4255 BOOL WINAPI RSAENH_CPReleaseContext(HCRYPTPROV hProv, DWORD dwFlags)
4256 {
4257 TRACE("(hProv=%08lx, dwFlags=%08x)\n", hProv, dwFlags);
4258
4259 if (!release_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
4260 {
4261 /* MSDN: hProv not containing valid context handle */
4262 SetLastError(NTE_BAD_UID);
4263 return FALSE;
4264 }
4265
4266 if (dwFlags) {
4267 SetLastError(NTE_BAD_FLAGS);
4268 return FALSE;
4269 }
4270
4271 return TRUE;
4272 }
4273
4274 /******************************************************************************
4275 * CPSetHashParam (RSAENH.@)
4276 *
4277 * Set a parameter of a hash object
4278 *
4279 * PARAMS
4280 * hProv [I] The key container to which the key belongs.
4281 * hHash [I] The hash object for which a parameter is to be set.
4282 * dwParam [I] Parameter type. See Notes.
4283 * pbData [I] Pointer to the parameter value.
4284 * dwFlags [I] Currently none defined.
4285 *
4286 * RETURNS
4287 * Success: TRUE.
4288 * Failure: FALSE.
4289 *
4290 * NOTES
4291 * Currently only the HP_HMAC_INFO dwParam type is defined.
4292 * The HMAC_INFO struct will be deep copied into the hash object.
4293 * See Internet RFC 2104 for details on the HMAC algorithm.
4294 */
4295 BOOL WINAPI RSAENH_CPSetHashParam(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwParam,
4296 BYTE *pbData, DWORD dwFlags)
4297 {
4298 CRYPTHASH *pCryptHash;
4299 CRYPTKEY *pCryptKey;
4300 DWORD i;
4301
4302 TRACE("(hProv=%08lx, hHash=%08lx, dwParam=%08x, pbData=%p, dwFlags=%08x)\n",
4303 hProv, hHash, dwParam, pbData, dwFlags);
4304
4305 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
4306 {
4307 SetLastError(NTE_BAD_UID);
4308 return FALSE;
4309 }
4310
4311 if (dwFlags) {
4312 SetLastError(NTE_BAD_FLAGS);
4313 return FALSE;
4314 }
4315
4316 if (!lookup_handle(&handle_table, hHash, RSAENH_MAGIC_HASH,
4317 (OBJECTHDR**)&pCryptHash))
4318 {
4319 SetLastError(NTE_BAD_HASH);
4320 return FALSE;
4321 }
4322
4323 switch (dwParam) {
4324 case HP_HMAC_INFO:
4325 free_hmac_info(pCryptHash->pHMACInfo);
4326 if (!copy_hmac_info(&pCryptHash->pHMACInfo, (PHMAC_INFO)pbData)) return FALSE;
4327
4328 if (!lookup_handle(&handle_table, pCryptHash->hKey, RSAENH_MAGIC_KEY,
4329 (OBJECTHDR**)&pCryptKey))
4330 {
4331 SetLastError(NTE_FAIL); /* FIXME: correct error code? */
4332 return FALSE;
4333 }
4334
4335 if (pCryptKey->aiAlgid == CALG_HMAC && !pCryptKey->dwKeyLen) {
4336 HCRYPTHASH hKeyHash;
4337 DWORD keyLen;
4338
4339 if (!RSAENH_CPCreateHash(hProv, ((PHMAC_INFO)pbData)->HashAlgid, 0, 0,
4340 &hKeyHash))
4341 return FALSE;
4342 if (!RSAENH_CPHashData(hProv, hKeyHash, pCryptKey->blobHmacKey.pbData,
4343 pCryptKey->blobHmacKey.cbData, 0))
4344 {
4345 RSAENH_CPDestroyHash(hProv, hKeyHash);
4346 return FALSE;
4347 }
4348 keyLen = sizeof(pCryptKey->abKeyValue);
4349 if (!RSAENH_CPGetHashParam(hProv, hKeyHash, HP_HASHVAL, pCryptKey->abKeyValue,
4350 &keyLen, 0))
4351 {
4352 RSAENH_CPDestroyHash(hProv, hKeyHash);
4353 return FALSE;
4354 }
4355 pCryptKey->dwKeyLen = keyLen;
4356 RSAENH_CPDestroyHash(hProv, hKeyHash);
4357 }
4358 for (i=0; i<RSAENH_MIN(pCryptKey->dwKeyLen,pCryptHash->pHMACInfo->cbInnerString); i++) {
4359 pCryptHash->pHMACInfo->pbInnerString[i] ^= pCryptKey->abKeyValue[i];
4360 }
4361 for (i=0; i<RSAENH_MIN(pCryptKey->dwKeyLen,pCryptHash->pHMACInfo->cbOuterString); i++) {
4362 pCryptHash->pHMACInfo->pbOuterString[i] ^= pCryptKey->abKeyValue[i];
4363 }
4364
4365 init_hash(pCryptHash);
4366 return TRUE;
4367
4368 case HP_HASHVAL:
4369 memcpy(pCryptHash->abHashValue, pbData, pCryptHash->dwHashSize);
4370 pCryptHash->dwState = RSAENH_HASHSTATE_FINISHED;
4371 return TRUE;
4372
4373 case HP_TLS1PRF_SEED:
4374 return copy_data_blob(&pCryptHash->tpPRFParams.blobSeed, (PCRYPT_DATA_BLOB)pbData);
4375
4376 case HP_TLS1PRF_LABEL:
4377 return copy_data_blob(&pCryptHash->tpPRFParams.blobLabel, (PCRYPT_DATA_BLOB)pbData);
4378
4379 default:
4380 SetLastError(NTE_BAD_TYPE);
4381 return FALSE;
4382 }
4383 }
4384
4385 /******************************************************************************
4386 * CPSetProvParam (RSAENH.@)
4387 */
4388 BOOL WINAPI RSAENH_CPSetProvParam(HCRYPTPROV hProv, DWORD dwParam, BYTE *pbData, DWORD dwFlags)
4389 {
4390 KEYCONTAINER *pKeyContainer;
4391 HKEY hKey;
4392
4393 TRACE("(hProv=%08lx, dwParam=%08x, pbData=%p, dwFlags=%08x)\n", hProv, dwParam, pbData, dwFlags);
4394
4395 if (!(pKeyContainer = get_key_container(hProv)))
4396 return FALSE;
4397
4398 switch (dwParam)
4399 {
4400 case PP_KEYSET_SEC_DESCR:
4401 {
4402 SECURITY_DESCRIPTOR *sd = (SECURITY_DESCRIPTOR *)pbData;
4403 DWORD err, flags = (pKeyContainer->dwFlags & CRYPT_MACHINE_KEYSET);
4404 BOOL def, present;
4405 REGSAM access = WRITE_DAC | WRITE_OWNER | ACCESS_SYSTEM_SECURITY;
4406 PSID owner = NULL, group = NULL;
4407 PACL dacl = NULL, sacl = NULL;
4408
4409 if (!open_container_key(pKeyContainer->szName, flags, access, &hKey))
4410 {
4411 SetLastError(NTE_BAD_KEYSET);
4412 return FALSE;
4413 }
4414
4415 if ((dwFlags & OWNER_SECURITY_INFORMATION && !GetSecurityDescriptorOwner(sd, &owner, &def)) ||
4416 (dwFlags & GROUP_SECURITY_INFORMATION && !GetSecurityDescriptorGroup(sd, &group, &def)) ||
4417 (dwFlags & DACL_SECURITY_INFORMATION && !GetSecurityDescriptorDacl(sd, &present, &dacl, &def)) ||
4418 (dwFlags & SACL_SECURITY_INFORMATION && !GetSecurityDescriptorSacl(sd, &present, &sacl, &def)))
4419 {
4420 RegCloseKey(hKey);
4421 return FALSE;
4422 }
4423
4424 err = SetSecurityInfo(hKey, SE_REGISTRY_KEY, dwFlags, owner, group, dacl, sacl);
4425 RegCloseKey(hKey);
4426 if (err)
4427 {
4428 SetLastError(err);
4429 return FALSE;
4430 }
4431 return TRUE;
4432 }
4433 default:
4434 FIXME("unimplemented parameter %08x\n", dwParam);
4435 return FALSE;
4436 }
4437 }
4438
4439 /******************************************************************************
4440 * CPSignHash (RSAENH.@)
4441 *
4442 * Sign a hash object
4443 *
4444 * PARAMS
4445 * hProv [I] The key container, to which the hash object belongs.
4446 * hHash [I] The hash object to be signed.
4447 * dwKeySpec [I] AT_SIGNATURE or AT_KEYEXCHANGE: Key used to generate the signature.
4448 * sDescription [I] Should be NULL for security reasons.
4449 * dwFlags [I] 0, CRYPT_NOHASHOID or CRYPT_X931_FORMAT: Format of the signature.
4450 * pbSignature [O] Buffer, to which the signature will be stored. May be NULL to query SigLen.
4451 * pdwSigLen [I/O] Size of the buffer (in), Length of the signature (out)
4452 *
4453 * RETURNS
4454 * Success: TRUE
4455 * Failure: FALSE
4456 */
4457 BOOL WINAPI RSAENH_CPSignHash(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwKeySpec,
4458 LPCWSTR sDescription, DWORD dwFlags, BYTE *pbSignature,
4459 DWORD *pdwSigLen)
4460 {
4461 HCRYPTKEY hCryptKey = (HCRYPTKEY)INVALID_HANDLE_VALUE;
4462 CRYPTKEY *pCryptKey;
4463 DWORD dwHashLen;
4464 BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
4465 ALG_ID aiAlgid;
4466 BOOL ret = FALSE;
4467
4468 TRACE("(hProv=%08lx, hHash=%08lx, dwKeySpec=%08x, sDescription=%s, dwFlags=%08x, "
4469 "pbSignature=%p, pdwSigLen=%p)\n", hProv, hHash, dwKeySpec, debugstr_w(sDescription),
4470 dwFlags, pbSignature, pdwSigLen);
4471
4472 if (dwFlags & ~(CRYPT_NOHASHOID|CRYPT_X931_FORMAT)) {
4473 SetLastError(NTE_BAD_FLAGS);
4474 return FALSE;
4475 }
4476
4477 if (!RSAENH_CPGetUserKey(hProv, dwKeySpec, &hCryptKey)) return FALSE;
4478
4479 if (!lookup_handle(&handle_table, hCryptKey, RSAENH_MAGIC_KEY,
4480 (OBJECTHDR**)&pCryptKey))
4481 {
4482 SetLastError(NTE_NO_KEY);
4483 goto out;
4484 }
4485
4486 if (!pbSignature) {
4487 *pdwSigLen = pCryptKey->dwKeyLen;
4488 ret = TRUE;
4489 goto out;
4490 }
4491 if (pCryptKey->dwKeyLen > *pdwSigLen)
4492 {
4493 SetLastError(ERROR_MORE_DATA);
4494 *pdwSigLen = pCryptKey->dwKeyLen;
4495 goto out;
4496 }
4497 *pdwSigLen = pCryptKey->dwKeyLen;
4498
4499 if (sDescription) {
4500 if (!RSAENH_CPHashData(hProv, hHash, (const BYTE*)sDescription,
4501 (DWORD)lstrlenW(sDescription)*sizeof(WCHAR), 0))
4502 {
4503 goto out;
4504 }
4505 }
4506
4507 dwHashLen = sizeof(DWORD);
4508 if (!RSAENH_CPGetHashParam(hProv, hHash, HP_ALGID, (BYTE*)&aiAlgid, &dwHashLen, 0)) goto out;
4509
4510 dwHashLen = RSAENH_MAX_HASH_SIZE;
4511 if (!RSAENH_CPGetHashParam(hProv, hHash, HP_HASHVAL, abHashValue, &dwHashLen, 0)) goto out;
4512
4513
4514 if (!build_hash_signature(pbSignature, *pdwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags)) {
4515 goto out;
4516 }
4517
4518 ret = encrypt_block_impl(pCryptKey->aiAlgid, PK_PRIVATE, &pCryptKey->context, pbSignature, pbSignature, RSAENH_ENCRYPT);
4519 out:
4520 RSAENH_CPDestroyKey(hProv, hCryptKey);
4521 return ret;
4522 }
4523
4524 /******************************************************************************
4525 * CPVerifySignature (RSAENH.@)
4526 *
4527 * Verify the signature of a hash object.
4528 *
4529 * PARAMS
4530 * hProv [I] The key container, to which the hash belongs.
4531 * hHash [I] The hash for which the signature is verified.
4532 * pbSignature [I] The binary signature.
4533 * dwSigLen [I] Length of the signature BLOB.
4534 * hPubKey [I] Public key used to verify the signature.
4535 * sDescription [I] Should be NULL for security reasons.
4536 * dwFlags [I] 0, CRYPT_NOHASHOID or CRYPT_X931_FORMAT: Format of the signature.
4537 *
4538 * RETURNS
4539 * Success: TRUE (Signature is valid)
4540 * Failure: FALSE (GetLastError() == NTE_BAD_SIGNATURE, if signature is invalid)
4541 */
4542 BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, const BYTE *pbSignature,
4543 DWORD dwSigLen, HCRYPTKEY hPubKey, LPCWSTR sDescription,
4544 DWORD dwFlags)
4545 {
4546 BYTE *pbConstructed = NULL, *pbDecrypted = NULL;
4547 CRYPTKEY *pCryptKey;
4548 DWORD dwHashLen;
4549 ALG_ID aiAlgid;
4550 BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
4551 BOOL res = FALSE;
4552
4553 TRACE("(hProv=%08lx, hHash=%08lx, pbSignature=%p, dwSigLen=%d, hPubKey=%08lx, sDescription=%s, "
4554 "dwFlags=%08x)\n", hProv, hHash, pbSignature, dwSigLen, hPubKey, debugstr_w(sDescription),
4555 dwFlags);
4556
4557 if (dwFlags & ~(CRYPT_NOHASHOID|CRYPT_X931_FORMAT)) {
4558 SetLastError(NTE_BAD_FLAGS);
4559 return FALSE;
4560 }
4561
4562 if (!is_valid_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER))
4563 {
4564 SetLastError(NTE_BAD_UID);
4565 return FALSE;
4566 }
4567
4568 if (!lookup_handle(&handle_table, hPubKey, RSAENH_MAGIC_KEY,
4569 (OBJECTHDR**)&pCryptKey))
4570 {
4571 SetLastError(NTE_BAD_KEY);
4572 return FALSE;
4573 }
4574
4575 /* in Microsoft implementation, the signature length is checked before
4576 * the signature pointer.
4577 */
4578 if (dwSigLen != pCryptKey->dwKeyLen)
4579 {
4580 SetLastError(NTE_BAD_SIGNATURE);
4581 return FALSE;
4582 }
4583
4584 if (!hHash || !pbSignature)
4585 {
4586 SetLastError(ERROR_INVALID_PARAMETER);
4587 return FALSE;
4588 }
4589
4590 if (sDescription) {
4591 if (!RSAENH_CPHashData(hProv, hHash, (const BYTE*)sDescription,
4592 (DWORD)lstrlenW(sDescription)*sizeof(WCHAR), 0))
4593 {
4594 return FALSE;
4595 }
4596 }
4597
4598 dwHashLen = sizeof(DWORD);
4599 if (!RSAENH_CPGetHashParam(hProv, hHash, HP_ALGID, (BYTE*)&aiAlgid, &dwHashLen, 0)) return FALSE;
4600
4601 dwHashLen = RSAENH_MAX_HASH_SIZE;
4602 if (!RSAENH_CPGetHashParam(hProv, hHash, HP_HASHVAL, abHashValue, &dwHashLen, 0)) return FALSE;
4603
4604 pbConstructed = HeapAlloc(GetProcessHeap(), 0, dwSigLen);
4605 if (!pbConstructed) {
4606 SetLastError(NTE_NO_MEMORY);
4607 goto cleanup;
4608 }
4609
4610 pbDecrypted = HeapAlloc(GetProcessHeap(), 0, dwSigLen);
4611 if (!pbDecrypted) {
4612 SetLastError(NTE_NO_MEMORY);
4613 goto cleanup;
4614 }
4615
4616 if (!encrypt_block_impl(pCryptKey->aiAlgid, PK_PUBLIC, &pCryptKey->context, pbSignature, pbDecrypted,
4617 RSAENH_DECRYPT))
4618 {
4619 goto cleanup;
4620 }
4621
4622 if (build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags) &&
4623 !memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
4624 res = TRUE;
4625 goto cleanup;
4626 }
4627
4628 if (!(dwFlags & CRYPT_NOHASHOID) &&
4629 build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags|CRYPT_NOHASHOID) &&
4630 !memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
4631 res = TRUE;
4632 goto cleanup;
4633 }
4634
4635 SetLastError(NTE_BAD_SIGNATURE);
4636
4637 cleanup:
4638 HeapFree(GetProcessHeap(), 0, pbConstructed);
4639 HeapFree(GetProcessHeap(), 0, pbDecrypted);
4640 return res;
4641 }
4642
4643 /******************************************************************************
4644 * DllRegisterServer (RSAENH.@)
4645 */
4646 HRESULT WINAPI DllRegisterServer(void)
4647 {
4648 return __wine_register_resources( instance );
4649 }
4650
4651 /******************************************************************************
4652 * DllUnregisterServer (RSAENH.@)
4653 */
4654 HRESULT WINAPI DllUnregisterServer(void)
4655 {
4656 return __wine_unregister_resources( instance );
4657 }
Windows API implementation