| blob | c22b3dcaf1e93068a55d130997bda590139e39a5 |
1 /*
2 * dlls/rsaenh/rsaenh.c
3 * RSAENH - RSA encryption for Wine
4 *
5 * Copyright 2002 TransGaming Technologies (David Hammerton)
6 * Copyright 2004 Mike McCormack for CodeWeavers
7 * Copyright 2004, 2005 Michael Jung
8 * Copyright 2007 Vijay Kiran Kamuju
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 */
30 #include <stdarg.h>
31 #include <stdio.h>
47 /******************************************************************************
48 * CRYPTHASH - hash objects
49 */
50 #define RSAENH_MAGIC_HASH 0x85938417u
51 #define RSAENH_HASHSTATE_HASHING 1
52 #define RSAENH_HASHSTATE_FINISHED 2
54 {
55 CRYPT_DATA_BLOB blobLabel;
56 CRYPT_DATA_BLOB blobSeed;
60 {
61 OBJECTHDR header;
62 ALG_ID aiAlgid;
63 HCRYPTKEY hKey;
64 HCRYPTPROV hProv;
65 DWORD dwHashSize;
66 DWORD dwState;
67 HASH_CONTEXT context;
69 PHMAC_INFO pHMACInfo;
70 RSAENH_TLS1PRF_PARAMS tpPRFParams;
73 /******************************************************************************
74 * CRYPTKEY - key objects
75 */
76 #define RSAENH_MAGIC_KEY 0x73620457u
77 #define RSAENH_MAX_KEY_SIZE 64
78 #define RSAENH_MAX_BLOCK_SIZE 24
79 #define RSAENH_KEYSTATE_IDLE 0
80 #define RSAENH_KEYSTATE_ENCRYPTING 1
81 #define RSAENH_KEYSTATE_MASTERKEY 2
83 {
84 SCHANNEL_ALG saEncAlg;
85 SCHANNEL_ALG saMACAlg;
86 CRYPT_DATA_BLOB blobClientRandom;
87 CRYPT_DATA_BLOB blobServerRandom;
91 {
92 OBJECTHDR header;
93 ALG_ID aiAlgid;
94 HCRYPTPROV hProv;
95 DWORD dwMode;
96 DWORD dwModeBits;
97 DWORD dwPermissions;
98 DWORD dwKeyLen;
99 DWORD dwEffectiveKeyLen;
100 DWORD dwSaltLen;
101 DWORD dwBlockLen;
102 DWORD dwState;
103 KEY_CONTEXT context;
107 RSAENH_SCHANNEL_INFO siSChannelInfo;
108 CRYPT_DATA_BLOB blobHmacKey;
111 /******************************************************************************
112 * KEYCONTAINER - key containers
113 */
114 #define RSAENH_PERSONALITY_BASE 0u
115 #define RSAENH_PERSONALITY_STRONG 1u
116 #define RSAENH_PERSONALITY_ENHANCED 2u
117 #define RSAENH_PERSONALITY_SCHANNEL 3u
118 #define RSAENH_PERSONALITY_AES 4u
120 #define RSAENH_MAGIC_CONTAINER 0x26384993u
122 {
123 OBJECTHDR header;
124 DWORD dwFlags;
125 DWORD dwPersonality;
126 DWORD dwEnumAlgsCtr;
127 DWORD dwEnumContainersCtr;
130 HCRYPTKEY hKeyExchangeKeyPair;
131 HCRYPTKEY hSignatureKeyPair;
134 /******************************************************************************
135 * Some magic constants
136 */
137 #define RSAENH_ENCRYPT 1
138 #define RSAENH_DECRYPT 0
139 #define RSAENH_HMAC_DEF_IPAD_CHAR 0x36
140 #define RSAENH_HMAC_DEF_OPAD_CHAR 0x5c
141 #define RSAENH_HMAC_DEF_PAD_LEN 64
142 #define RSAENH_HMAC_BLOCK_LEN 64
143 #define RSAENH_DES_EFFECTIVE_KEYLEN 56
144 #define RSAENH_DES_STORAGE_KEYLEN 64
145 #define RSAENH_3DES112_EFFECTIVE_KEYLEN 112
146 #define RSAENH_3DES112_STORAGE_KEYLEN 128
147 #define RSAENH_3DES_EFFECTIVE_KEYLEN 168
148 #define RSAENH_3DES_STORAGE_KEYLEN 192
149 #define RSAENH_MAGIC_RSA2 0x32415352
150 #define RSAENH_MAGIC_RSA1 0x31415352
151 #define RSAENH_PKC_BLOCKTYPE 0x02
152 #define RSAENH_SSL3_VERSION_MAJOR 3
153 #define RSAENH_SSL3_VERSION_MINOR 0
154 #define RSAENH_TLS1_VERSION_MAJOR 3
155 #define RSAENH_TLS1_VERSION_MINOR 1
158 #define RSAENH_MIN(a,b) ((a)<(b)?(a):(b))
159 /******************************************************************************
160 * aProvEnumAlgsEx - Defines the capabilities of the CSP personalities.
161 */
162 #define RSAENH_MAX_ENUMALGS 24
163 #define RSAENH_PCT1_SSL2_SSL3_TLS1 (CRYPT_FLAG_PCT1|CRYPT_FLAG_SSL2|CRYPT_FLAG_SSL3|CRYPT_FLAG_TLS1)
164 #define S(s) sizeof(s), s
166 {
167 {
177 {CALG_RSA_SIGN, 512, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_SIGN"), S("RSA Signature")},
178 {CALG_RSA_KEYX, 512, 384, 1024, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_KEYX"), S("RSA Key Exchange")},
181 },
182 {
194 {CALG_RSA_SIGN, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_SIGN"), S("RSA Signature")},
195 {CALG_RSA_KEYX, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_KEYX"), S("RSA Key Exchange")},
198 },
199 {
211 {CALG_RSA_SIGN, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_SIGN"), S("RSA Signature")},
212 {CALG_RSA_KEYX, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_KEYX"), S("RSA Key Exchange")},
215 },
216 {
219 {CALG_DES, 56, 56, 56, RSAENH_PCT1_SSL2_SSL3_TLS1, S("DES"), S("Data Encryption Standard (DES)")},
220 {CALG_3DES_112, 112, 112, 112, RSAENH_PCT1_SSL2_SSL3_TLS1, S("3DES TWO KEY"), S("Two Key Triple DES")},
222 {CALG_SHA, 160, 160, 160, CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1, S("SHA-1"), S("Secure Hash Algorithm (SHA-1)")},
223 {CALG_MD5, 128, 128, 128, CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1, S("MD5"), S("Message Digest 5 (MD5)")},
226 {CALG_RSA_SIGN, 1024, 384, 16384, CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1, S("RSA_SIGN"), S("RSA Signature")},
227 {CALG_RSA_KEYX, 1024, 384, 16384, CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1, S("RSA_KEYX"), S("RSA Key Exchange")},
238 },
239 {
249 {CALG_SHA_256, 256, 256, 256, CRYPT_FLAG_SIGNING, S("SHA-256"), S("Secure Hash Algorithm (SHA-256)")},
250 {CALG_SHA_384, 384, 384, 384, CRYPT_FLAG_SIGNING, S("SHA-384"), S("Secure Hash Algorithm (SHA-384)")},
251 {CALG_SHA_512, 512, 512, 512, CRYPT_FLAG_SIGNING, S("SHA-512"), S("Secure Hash Algorithm (SHA-512)")},
257 {CALG_RSA_SIGN, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_SIGN"), S("RSA Signature")},
258 {CALG_RSA_KEYX, 1024, 384, 16384, CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC, S("RSA_KEYX"), S("RSA Key Exchange")},
261 }
262 };
263 #undef S
265 /******************************************************************************
266 * API forward declarations
267 */
268 BOOL WINAPI
270 HCRYPTPROV hProv,
271 HCRYPTKEY hKey,
272 DWORD dwParam,
275 DWORD dwFlags
276 );
278 BOOL WINAPI
280 HCRYPTPROV hProv,
281 HCRYPTKEY hKey,
282 HCRYPTHASH hHash,
283 BOOL Final,
284 DWORD dwFlags,
287 DWORD dwBufLen
288 );
290 BOOL WINAPI
292 HCRYPTPROV hProv,
293 ALG_ID Algid,
294 HCRYPTKEY hKey,
295 DWORD dwFlags,
296 HCRYPTHASH *phHash
297 );
299 BOOL WINAPI
301 HCRYPTPROV hProv,
302 HCRYPTHASH hHash,
303 DWORD dwParam,
305 );
307 BOOL WINAPI
309 HCRYPTPROV hProv,
310 HCRYPTHASH hHash,
311 DWORD dwParam,
314 DWORD dwFlags
315 );
317 BOOL WINAPI
319 HCRYPTPROV hProv,
320 HCRYPTHASH hHash
321 );
325 HCRYPTKEY hPubKey,
326 DWORD dwBlobType,
327 DWORD dwFlags,
328 BOOL force,
330 DWORD *pdwDataLen
331 );
334 HCRYPTPROV hProv,
336 DWORD dwDataLen,
337 HCRYPTKEY hPubKey,
338 DWORD dwFlags,
339 BOOL fStoreKey,
340 HCRYPTKEY *phKey
341 );
343 BOOL WINAPI
345 HCRYPTPROV hProv,
346 HCRYPTHASH hHash,
348 DWORD dwDataLen,
349 DWORD dwFlags
350 );
352 /******************************************************************************
353 * CSP's handle table (used by all acquired key containers)
354 */
357 /******************************************************************************
358 * DllMain (RSAENH.@)
359 *
360 * Initializes and destroys the handle table for the CSP's handles.
361 */
363 {
365 {
376 }
378 }
380 /******************************************************************************
381 * copy_param [Internal]
382 *
383 * Helper function that supports the standard WINAPI protocol for querying data
384 * of dynamic size.
385 *
386 * PARAMS
387 * pbBuffer [O] Buffer where the queried parameter is copied to, if it is large enough.
388 * May be NUL if the required buffer size is to be queried only.
389 * pdwBufferSize [I/O] In: Size of the buffer at pbBuffer
390 * Out: Size of parameter pbParam
391 * pbParam [I] Parameter value.
392 * dwParamSize [I] Size of pbParam
393 *
394 * RETURN
395 * Success: TRUE (pbParam was copied into pbBuffer or pbBuffer is NULL)
396 * Failure: FALSE (pbBuffer is not large enough to hold pbParam). Last error: ERROR_MORE_DATA
397 */
399 DWORD dwParamSize)
400 {
402 {
404 {
408 }
410 }
413 }
416 {
421 {
424 }
426 }
428 /******************************************************************************
429 * get_algid_info [Internal]
430 *
431 * Query CSP capabilities for a given crypto algorithm.
432 *
433 * PARAMS
434 * hProv [I] Handle to a key container of the CSP whose capabilities are to be queried.
435 * algid [I] Identifier of the crypto algorithm about which information is requested.
436 *
437 * RETURNS
438 * Success: Pointer to a PROV_ENUMALGS_EX struct containing information about the crypto algorithm.
439 * Failure: NULL (algid not supported)
440 */
449 }
453 }
455 /******************************************************************************
456 * copy_data_blob [Internal]
457 *
458 * deeply copies a DATA_BLOB
459 *
460 * PARAMS
461 * dst [O] That's where the blob will be copied to
462 * src [I] Source blob
463 *
464 * RETURNS
465 * Success: TRUE
466 * Failure: FALSE (GetLastError() == NTE_NO_MEMORY
467 *
468 * NOTES
469 * Use free_data_blob to release resources occupied by copy_data_blob.
470 */
472 {
477 }
481 }
483 /******************************************************************************
484 * concat_data_blobs [Internal]
485 *
486 * Concatenates two blobs
487 *
488 * PARAMS
489 * dst [O] The new blob will be copied here
490 * src1 [I] Prefix blob
491 * src2 [I] Appendix blob
492 *
493 * RETURNS
494 * Success: TRUE
495 * Failure: FALSE (GetLastError() == NTE_NO_MEMORY)
496 *
497 * NOTES
498 * Release resources occupied by concat_data_blobs with free_data_blobs
499 */
502 {
508 }
512 }
514 /******************************************************************************
515 * free_data_blob [Internal]
516 *
517 * releases resource occupied by a dynamically allocated CRYPT_DATA_BLOB
518 *
519 * PARAMS
520 * pBlob [I] Heap space occupied by pBlob->pbData is released
521 */
524 }
526 /******************************************************************************
527 * init_data_blob [Internal]
528 */
532 }
534 /******************************************************************************
535 * free_hmac_info [Internal]
536 *
537 * Deeply free an HMAC_INFO struct.
538 *
539 * PARAMS
540 * hmac_info [I] Pointer to the HMAC_INFO struct to be freed.
541 *
542 * NOTES
543 * See Internet RFC 2104 for details on the HMAC algorithm.
544 */
550 }
552 /******************************************************************************
553 * copy_hmac_info [Internal]
554 *
555 * Deeply copy an HMAC_INFO struct
556 *
557 * PARAMS
558 * dst [O] Pointer to a location where the pointer to the HMAC_INFO copy will be stored.
559 * src [I] Pointer to the HMAC_INFO struct to be copied.
560 *
561 * RETURNS
562 * Success: TRUE
563 * Failure: FALSE
564 *
565 * NOTES
566 * See Internet RFC 2104 for details on the HMAC algorithm.
567 */
580 }
583 else
590 }
593 else
596 }
598 /******************************************************************************
599 * destroy_hash [Internal]
600 *
601 * Destructor for hash objects
602 *
603 * PARAMS
604 * pCryptHash [I] Pointer to the hash object to be destroyed.
605 * Will be invalid after function returns!
606 */
608 {
615 }
617 /******************************************************************************
618 * init_hash [Internal]
619 *
620 * Initialize (or reset) a hash object
621 *
622 * PARAMS
623 * pCryptHash [I] The hash object to be initialized.
624 */
626 DWORD dwLen;
629 {
641 }
653 }
654 }
656 /******************************************************************************
657 * update_hash [Internal]
658 *
659 * Hashes the given data and updates the hash object's state accordingly
660 *
661 * PARAMS
662 * pCryptHash [I] Hash object to be updated.
663 * pbData [I] Pointer to data stream to be hashed.
664 * dwDataLen [I] Length of data stream.
665 */
667 {
671 {
688 }
689 }
691 /******************************************************************************
692 * finalize_hash [Internal]
693 *
694 * Finalizes the hash, after all data has been hashed with update_hash.
695 * No additional data can be hashed afterwards until the hash gets initialized again.
696 *
697 * PARAMS
698 * pCryptHash [I] Hash object to be finalized.
699 */
701 DWORD dwDataLen;
704 {
718 }
729 }
730 }
732 /******************************************************************************
733 * destroy_key [Internal]
734 *
735 * Destructor for key objects
736 *
737 * PARAMS
738 * pCryptKey [I] Pointer to the key object to be destroyed.
739 * Will be invalid after function returns!
740 */
742 {
750 }
752 /******************************************************************************
753 * setup_key [Internal]
754 *
755 * Initialize (or reset) a key object
756 *
757 * PARAMS
758 * pCryptKey [I] The key object to be initialized.
759 */
766 }
768 /******************************************************************************
769 * new_key [Internal]
770 *
771 * Creates a new key object without assigning the actual binary key value.
772 * This is done by CPDeriveKey, CPGenKey or CPImportKey, which call this function.
773 *
774 * PARAMS
775 * hProv [I] Handle to the provider to which the created key will belong.
776 * aiAlgid [I] The new key shall use the crypto algorithm identified by aiAlgid.
777 * dwFlags [I] Upper 16 bits give the key length.
778 * Lower 16 bits: CRYPT_EXPORTABLE, CRYPT_CREATE_SALT,
779 * CRYPT_NO_SALT
780 * ppCryptKey [O] Pointer to the created key
781 *
782 * RETURNS
783 * Success: Handle to the created key.
784 * Failure: INVALID_HANDLE_VALUE
785 */
786 static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTKEY **ppCryptKey)
787 {
788 HCRYPTKEY hCryptKey;
795 /*
796 * Retrieve the CSP's capabilities for the given ALG_ID value
797 */
802 dwKeyLen);
803 /*
804 * Assume the default key length, if none is specified explicitly
805 */
808 /*
809 * Check if the requested key length is supported by the current CSP.
810 * Adjust key length's for DES algorithms.
811 */
816 }
820 }
826 }
830 }
836 }
840 }
844 /* Avoid the key length check for HMAC keys, which have unlimited
845 * length.
846 */
853 {
858 }
859 }
864 {
870 CRYPT_MAC;
876 /*
877 * For compatibility reasons a 40 bit key on the Enhanced
878 * provider will not have salt
879 */
886 else
897 {
932 }
935 }
938 }
940 /******************************************************************************
941 * map_key_spec_to_key_pair_name [Internal]
942 *
943 * Returns the name of the registry value associated with a key spec.
944 *
945 * PARAMS
946 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
947 *
948 * RETURNS
949 * Success: Name of registry value.
950 * Failure: NULL
951 */
953 {
954 LPCSTR szValueName;
957 {
967 }
969 }
971 /******************************************************************************
972 * store_key_pair [Internal]
973 *
974 * Stores a key pair to the registry
975 *
976 * PARAMS
977 * hCryptKey [I] Handle to the key to be stored
978 * hKey [I] Registry key where the key pair is to be stored
979 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
980 * dwFlags [I] Flags for protecting the key
981 */
983 {
984 LPCSTR szValueName;
987 DWORD dwLen;
994 {
996 {
999 {
1002 {
1008 {
1012 }
1013 }
1015 }
1016 }
1017 }
1018 }
1020 /******************************************************************************
1021 * map_key_spec_to_permissions_name [Internal]
1022 *
1023 * Returns the name of the registry value associated with the permissions for
1024 * a key spec.
1025 *
1026 * PARAMS
1027 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
1028 *
1029 * RETURNS
1030 * Success: Name of registry value.
1031 * Failure: NULL
1032 */
1034 {
1035 LPCSTR szValueName;
1038 {
1048 }
1050 }
1052 /******************************************************************************
1053 * store_key_permissions [Internal]
1054 *
1055 * Stores a key's permissions to the registry
1056 *
1057 * PARAMS
1058 * hCryptKey [I] Handle to the key whose permissions are to be stored
1059 * hKey [I] Registry key where the key permissions are to be stored
1060 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
1061 */
1063 {
1064 LPCSTR szValueName;
1074 }
1076 /******************************************************************************
1077 * create_container_key [Internal]
1078 *
1079 * Creates the registry key for a key container's persistent storage.
1080 *
1081 * PARAMS
1082 * pKeyContainer [I] Pointer to the key container
1083 * sam [I] Desired registry access
1084 * phKey [O] Returned key
1085 */
1087 {
1089 HKEY hRootKey;
1095 else
1098 /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
1099 /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
1103 }
1105 /******************************************************************************
1106 * open_container_key [Internal]
1107 *
1108 * Opens a key container's persistent storage for reading.
1109 *
1110 * PARAMS
1111 * pszContainerName [I] Name of the container to be opened. May be the empty
1112 * string if the parent key of all containers is to be
1113 * opened.
1114 * dwFlags [I] Flags indicating which keyset to be opened.
1115 * phKey [O] Returned key
1116 */
1117 static BOOL open_container_key(LPCSTR pszContainerName, DWORD dwFlags, REGSAM access, HKEY *phKey)
1118 {
1120 HKEY hRootKey;
1126 else
1129 /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
1130 /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
1132 ERROR_SUCCESS;
1133 }
1135 /******************************************************************************
1136 * delete_container_key [Internal]
1137 *
1138 * Deletes a key container's persistent storage.
1139 *
1140 * PARAMS
1141 * pszContainerName [I] Name of the container to be opened.
1142 * dwFlags [I] Flags indicating which keyset to be opened.
1143 */
1145 {
1147 HKEY hRootKey;
1153 else
1161 }
1162 }
1164 /******************************************************************************
1165 * store_key_container_keys [Internal]
1166 *
1167 * Stores key container's keys in a persistent location.
1168 *
1169 * PARAMS
1170 * pKeyContainer [I] Pointer to the key container whose keys are to be saved
1171 */
1173 {
1174 HKEY hKey;
1175 DWORD dwFlags;
1177 /* On WinXP, persistent keys are stored in a file located at:
1178 * $AppData$\\Microsoft\\Crypto\\RSA\\$SID$\\some_hex_string
1179 */
1183 else
1187 {
1193 }
1194 }
1196 /******************************************************************************
1197 * store_key_container_permissions [Internal]
1198 *
1199 * Stores key container's key permissions in a persistent location.
1200 *
1201 * PARAMS
1202 * pKeyContainer [I] Pointer to the key container whose key permissions are to
1203 * be saved
1204 */
1206 {
1207 HKEY hKey;
1210 {
1212 AT_KEYEXCHANGE);
1214 AT_SIGNATURE);
1216 }
1217 }
1219 /******************************************************************************
1220 * release_key_container_keys [Internal]
1221 *
1222 * Releases key container's keys.
1223 *
1224 * PARAMS
1225 * pKeyContainer [I] Pointer to the key container whose keys are to be released.
1226 */
1228 {
1230 RSAENH_MAGIC_KEY);
1232 RSAENH_MAGIC_KEY);
1233 }
1235 /******************************************************************************
1236 * destroy_key_container [Internal]
1237 *
1238 * Destructor for key containers.
1239 *
1240 * PARAMS
1241 * pObjectHdr [I] Pointer to the key container to be destroyed.
1242 */
1244 {
1248 {
1252 }
1253 else
1256 }
1258 /******************************************************************************
1259 * new_key_container [Internal]
1260 *
1261 * Create a new key container. The personality (RSA Base, Strong or Enhanced CP)
1262 * of the CSP is determined via the pVTable->pszProvName string.
1263 *
1264 * PARAMS
1265 * pszContainerName [I] Name of the key container.
1266 * pVTable [I] Callback functions and context info provided by the OS
1267 *
1268 * RETURNS
1269 * Success: Handle to the new key container.
1270 * Failure: INVALID_HANDLE_VALUE
1271 */
1272 static HCRYPTPROV new_key_container(PCCH pszContainerName, DWORD dwFlags, const VTableProvStruc *pVTable)
1273 {
1275 HCRYPTPROV hKeyContainer;
1280 {
1299 }
1300 }
1302 /* The new key container has to be inserted into the CSP immediately
1303 * after creation to be available for CPGetProvParam's PP_ENUMCONTAINERS. */
1305 HKEY hKey;
1309 }
1310 }
1313 }
1315 /******************************************************************************
1316 * read_key_value [Internal]
1317 *
1318 * Reads a key pair value from the registry
1319 *
1320 * PARAMS
1321 * hKeyContainer [I] Crypt provider to use to import the key
1322 * hKey [I] Registry key from which to read the key pair
1323 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
1324 * dwFlags [I] Flags for unprotecting the key
1325 * phCryptKey [O] Returned key
1326 */
1327 static BOOL read_key_value(HCRYPTPROV hKeyContainer, HKEY hKey, DWORD dwKeySpec, DWORD dwFlags, HCRYPTKEY *phCryptKey)
1328 {
1329 LPCSTR szValueName;
1338 ERROR_SUCCESS)
1339 {
1342 {
1344 ERROR_SUCCESS)
1345 {
1351 {
1355 }
1356 }
1358 }
1359 }
1361 {
1366 {
1368 {
1372 }
1373 }
1374 }
1376 }
1378 /******************************************************************************
1379 * read_key_container [Internal]
1380 *
1381 * Tries to read the persistent state of the key container (mainly the signature
1382 * and key exchange private keys) given by pszContainerName.
1383 *
1384 * PARAMS
1385 * pszContainerName [I] Name of the key container to read from the registry
1386 * pVTable [I] Pointer to context data provided by the operating system
1387 *
1388 * RETURNS
1389 * Success: Handle to the key container read from the registry
1390 * Failure: INVALID_HANDLE_VALUE
1391 */
1392 static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, const VTableProvStruc *pVTable)
1393 {
1394 HKEY hKey;
1396 HCRYPTPROV hKeyContainer;
1397 HCRYPTKEY hCryptKey;
1400 {
1403 }
1407 {
1415 /* read_key_value calls import_key, which calls import_private_key,
1416 * which implicitly installs the key value into the appropriate key
1417 * container key. Thus the ref count is incremented twice, once for
1418 * the output key value, and once for the implicit install, and needs
1419 * to be decremented to balance the two.
1420 */
1427 }
1430 }
1432 /******************************************************************************
1433 * build_hash_signature [Internal]
1434 *
1435 * Builds a padded version of a hash to match the length of the RSA key modulus.
1436 *
1437 * PARAMS
1438 * pbSignature [O] The padded hash object is stored here.
1439 * dwLen [I] Length of the pbSignature buffer.
1440 * aiAlgid [I] Algorithm identifier of the hash to be padded.
1441 * abHashValue [I] The value of the hash object.
1442 * dwHashLen [I] Length of the hash value.
1443 * dwFlags [I] Selection of padding algorithm.
1444 *
1445 * RETURNS
1446 * Success: TRUE
1447 * Failure: FALSE (NTE_BAD_ALGID)
1448 */
1451 {
1452 /* These prefixes are meant to be concatenated with hash values of the
1453 * respective kind to form a PKCS #7 DigestInfo. */
1455 ALG_ID aiAlgid;
1456 DWORD dwLen;
1478 };
1483 }
1488 }
1490 /* Build the padded signature */
1495 }
1499 }
1508 }
1513 }
1517 }
1518 }
1521 }
1522 }
1525 }
1527 /******************************************************************************
1528 * tls1_p [Internal]
1529 *
1530 * This is an implementation of the 'P_hash' helper function for TLS1's PRF.
1531 * It is used exclusively by tls1_prf. For details see RFC 2246, chapter 5.
1532 * The pseudo random stream generated by this function is exclusive or'ed with
1533 * the data in pbBuffer.
1534 *
1535 * PARAMS
1536 * hHMAC [I] HMAC object, which will be used in pseudo random generation
1537 * pblobSeed [I] Seed value
1538 * pbBuffer [I/O] Pseudo random stream will be xor'ed to the provided data
1539 * dwBufferLen [I] Number of pseudo random bytes desired
1540 *
1541 * RETURNS
1542 * Success: TRUE
1543 * Failure: FALSE
1544 */
1546 DWORD dwBufferLen)
1547 {
1555 }
1557 /* compute A_1 = HMAC(seed) */
1564 /* compute HMAC(A_i + seed) */
1570 /* pseudo random stream := CONCAT_{i=1..n} ( HMAC(A_i + seed) ) */
1574 i++;
1577 /* compute A_{i+1} = HMAC(A_i) */
1585 }
1587 /******************************************************************************
1588 * tls1_prf [Internal]
1589 *
1590 * TLS1 pseudo random function as specified in RFC 2246, chapter 5
1591 *
1592 * PARAMS
1593 * hProv [I] Key container used to compute the pseudo random stream
1594 * hSecret [I] Key that holds the (pre-)master secret
1595 * pblobLabel [I] Descriptive label
1596 * pblobSeed [I] Seed value
1597 * pbBuffer [O] Pseudo random numbers will be stored here
1598 * dwBufferLen [I] Number of pseudo random bytes desired
1599 *
1600 * RETURNS
1601 * Success: TRUE
1602 * Failure: FALSE
1603 */
1606 {
1611 DWORD dwHalfSecretLen;
1613 CRYPT_DATA_BLOB blobLabelSeed;
1615 TRACE("(hProv=%08lx, hSecret=%08lx, pblobLabel=%p, pblobSeed=%p, pbBuffer=%p, dwBufferLen=%d)\n",
1621 }
1625 /* concatenation of the label and the seed */
1628 /* zero out the buffer, since two random streams will be xor'ed into it. */
1631 /* build a 'fake' key, to hold the secret. CALG_SSL2_MASTER is used since it provides
1632 * the biggest range of valid key lengths. */
1636 /* Derive an HMAC_MD5 hash and call the helper function. */
1643 /* Reconfigure to HMAC_SHA hash and call helper function again. */
1650 exit:
1655 }
1657 /******************************************************************************
1658 * pad_data_pkcs1 [Internal]
1659 *
1660 * Helper function for data padding according to PKCS1 #2
1661 *
1662 * PARAMS
1663 * abData [I] The data to be padded
1664 * dwDataLen [I] Length of the data
1665 * abBuffer [O] Padded data will be stored here
1666 * dwBufferLen [I] Length of the buffer (also length of padded data)
1667 * dwFlags [I] Padding format (CRYPT_SSL2_FALLBACK)
1668 *
1669 * RETURN
1670 * Success: TRUE
1671 * Failure: FALSE (NTE_BAD_LEN, too much data to pad)
1672 */
1673 static BOOL pad_data_pkcs1(const BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD dwBufferLen, DWORD dwFlags)
1674 {
1675 DWORD i;
1677 /* Ensure there is enough space for PKCS1 #2 padding */
1681 }
1695 }
1697 /******************************************************************************
1698 * pkcs1_mgf1 [Internal]
1699 *
1700 * MGF function for RSA EM-OAEP as specified in RFC 8017 PKCS #1 V2.2, Appendix B.2.1. MGF1
1701 *
1702 * PARAMS
1703 * hProv [I] Cryptographic provider handle
1704 * pbSeed [I] Seed from which mask is generated
1705 * dwSeedLength [I] Length of pbSeed
1706 * dwLength [I] Intended length in octets of the mask
1707 * pbMask [O] Generated mask if success. Caller is responsible for freeing the mask when it's done
1708 *
1709 * RETURNS
1710 * Success: TRUE
1711 * Failure: FALSE
1712 */
1713 static BOOL pkcs1_mgf1(HCRYPTPROV hProv, const BYTE *pbSeed, DWORD dwSeedLength, DWORD dwLength, PCRYPT_DATA_BLOB pbMask)
1714 {
1715 HCRYPTHASH hHash;
1717 DWORD dwCounter;
1726 /* Allocate multiples of hash value */
1727 pbMask->pbData = HeapAlloc(GetProcessHeap(), 0, (dwLength + dwHashLen - 1) / dwHashLen * dwHashLen);
1729 {
1732 }
1737 {
1741 }
1747 {
1754 /* pbMask->pbData = old pbMask->pbData || Hash(Seed || Counter) */
1755 RSAENH_CPGetHashParam(hProv, hHash, HP_HASHVAL, pbMask->pbData + dwCounter * dwHashLen, &dwLen, 0);
1757 }
1761 }
1763 /******************************************************************************
1764 * pad_data_oaep [Internal]
1765 *
1766 * Helper function for data OAEP padding scheme according to RFC 8017 PKCS #1 V2.2
1767 *
1768 * PARAMS
1769 * hProv [I] Cryptographic provider handle
1770 * abData [I] The data to be padded
1771 * dwDataLen [I] Length of the data
1772 * abBuffer [O] Padded data will be stored here
1773 * dwBufferLen [I] Length of the buffer (also length of padded data)
1774 * dwFlags [I] Currently only CRYPT_OAEP is defined
1775 *
1776 * RETURN
1777 * Success: TRUE
1778 * Failure: FALSE
1779 */
1780 static BOOL pad_data_oaep(HCRYPTPROV hProv, const BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD dwBufferLen,
1781 DWORD dwFlags)
1782 {
1784 HCRYPTHASH hHash;
1789 DWORD i;
1792 /* Empty label */
1798 {
1801 }
1804 {
1807 }
1811 {
1814 }
1816 /* EM = 00 || maskedSeed || maskedDB */
1823 /* DB = pHash || PS || 01 || M */
1824 /* Set pHash in DB */
1827 /* Set PS(zeros) in DB */
1829 /* Set 01 in DB */
1831 /* Set M in DB */
1834 /* Get seed */
1836 /* Get masked DB */
1841 /* Get masked seed */
1848 done:
1854 }
1856 /******************************************************************************
1857 * pad_data [Internal]
1858 *
1859 * Helper function for data padding according to padding format
1860 *
1861 * PARAMS
1862 * hProv [I] Cryptographic provider handle
1863 * abData [I] The data to be padded
1864 * dwDataLen [I] Length of the data
1865 * abBuffer [O] Padded data will be stored here
1866 * dwBufferLen [I] Length of the buffer (also length of padded data)
1867 * dwFlags [I] 0, CRYPT_SSL2_FALLBACK or CRYPT_OAEP
1868 *
1869 * RETURN
1870 * Success: TRUE
1871 * Failure: FALSE
1872 */
1873 static BOOL pad_data(HCRYPTPROV hProv, const BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD dwBufferLen,
1874 DWORD dwFlags)
1875 {
1878 else
1880 }
1882 /******************************************************************************
1883 * unpad_data_pkcs1 [Internal]
1884 *
1885 * Remove the PKCS1 padding from RSA decrypted data
1886 *
1887 * PARAMS
1888 * abData [I] The padded data
1889 * dwDataLen [I] Length of the padded data
1890 * abBuffer [O] Data without padding will be stored here
1891 * dwBufferLen [I/O] I: Length of the buffer, O: Length of unpadded data
1892 * dwFlags [I] Currently none defined
1893 *
1894 * RETURNS
1895 * Success: TRUE
1896 * Failure: FALSE, (NTE_BAD_DATA, no valid PKCS1 padding or buffer too small)
1897 */
1898 static BOOL unpad_data_pkcs1(const BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD *dwBufferLen, DWORD dwFlags)
1899 {
1900 DWORD i;
1903 {
1906 }
1913 {
1916 }
1921 }
1923 /******************************************************************************
1924 * unpad_data_oaep [Internal]
1925 *
1926 * Remove the OAEP padding from RSA decrypted data
1927 *
1928 * PARAMS
1929 * hProv [I] Cryptographic provider handle
1930 * abData [I] The padded data
1931 * dwDataLen [I] Length of the padded data
1932 * abBuffer [O] Data without padding will be stored here
1933 * dwBufferLen [I/O] I: Length of the buffer, O: Length of unpadded data
1934 * dwFlags [I] Currently only CRYPT_OAEP is defined
1935 *
1936 * RETURNS
1937 * Success: TRUE
1938 * Failure: FALSE
1939 */
1940 static BOOL unpad_data_oaep(HCRYPTPROV hProv, const BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD *dwBufferLen,
1941 DWORD dwFlags)
1942 {
1944 HCRYPTHASH hHash;
1952 DWORD i;
1959 {
1962 }
1964 /* Get default hash value */
1967 {
1970 }
1974 /* Store seed and DB */
1977 {
1980 }
1989 /* Get unpadded seed */
1994 /* Get unpadded DB */
1999 /* Compare hash in DB */
2002 /* Get count of zero paddings(PS) */
2004 while (dwHashLen + dwZeroCount + 1 <= dwDbLen && pbUnpaddedDb[dwHashLen + dwZeroCount] == 0) dwZeroCount++;
2007 if (dwHashLen + dwZeroCount + 1 > dwDbLen || abData[0] || result || pbUnpaddedDb[dwHashLen + dwZeroCount] != 1
2009 {
2012 }
2017 done:
2024 }
2026 /******************************************************************************
2027 * unpad_data [Internal]
2028 *
2029 * Remove the padding from RSA decrypted data according to padding format
2030 *
2031 * PARAMS
2032 * hProv [I] Cryptographic provider handle
2033 * abData [I] The padded data
2034 * dwDataLen [I] Length of the padded data
2035 * abBuffer [O] Data without padding will be stored here
2036 * dwBufferLen [I/O] I: Length of the buffer, O: Length of unpadded data
2037 * dwFlags [I] 0 or CRYPT_OAEP
2038 *
2039 * RETURNS
2040 * Success: TRUE
2041 * Failure: FALSE
2042 */
2043 static BOOL unpad_data(HCRYPTPROV hProv, const BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD *dwBufferLen,
2044 DWORD dwFlags)
2045 {
2048 else
2050 }
2052 /******************************************************************************
2053 * CPAcquireContext (RSAENH.@)
2054 *
2055 * Acquire a handle to the key container specified by pszContainer
2056 *
2057 * PARAMS
2058 * phProv [O] Pointer to the location the acquired handle will be written to.
2059 * pszContainer [I] Name of the desired key container. See Notes
2060 * dwFlags [I] Flags. See Notes.
2061 * pVTable [I] Pointer to a PVTableProvStruct containing callbacks.
2062 *
2063 * RETURNS
2064 * Success: TRUE
2065 * Failure: FALSE
2066 *
2067 * NOTES
2068 * If pszContainer is NULL or points to a zero length string the user's login
2069 * name will be used as the key container name.
2070 *
2071 * If the CRYPT_NEW_KEYSET flag is set in dwFlags a new keyset will be created.
2072 * If a keyset with the given name already exists, the function fails and sets
2073 * last error to NTE_EXISTS. If CRYPT_NEW_KEYSET is not set and the specified
2074 * key container does not exist, function fails and sets last error to
2075 * NTE_BAD_KEYSET.
2076 */
2079 {
2086 {
2088 }
2089 else
2090 {
2093 }
2096 {
2107 {
2112 }
2122 }
2130 }
2137 }
2138 }
2140 /******************************************************************************
2141 * CPCreateHash (RSAENH.@)
2142 *
2143 * CPCreateHash creates and initializes a new hash object.
2144 *
2145 * PARAMS
2146 * hProv [I] Handle to the key container to which the new hash will belong.
2147 * Algid [I] Identifies the hash algorithm, which will be used for the hash.
2148 * hKey [I] Handle to a session key applied for keyed hashes.
2149 * dwFlags [I] Currently no flags defined. Must be zero.
2150 * phHash [O] Points to the location where a handle to the new hash will be stored.
2151 *
2152 * RETURNS
2153 * Success: TRUE
2154 * Failure: FALSE
2155 *
2156 * NOTES
2157 * hKey is a handle to a session key applied in keyed hashes like MAC and HMAC.
2158 * If a normal hash object is to be created (like e.g. MD2 or SHA1) hKey must be zero.
2159 */
2162 {
2174 {
2177 }
2181 {
2185 }
2190 }
2194 {
2197 }
2201 {
2204 }
2209 }
2210 }
2240 /* See RFC 2246, chapter 8.1 */
2244 {
2246 }
2251 }
2253 /* See RFC 2246, chapter 6.3 */
2257 {
2259 }
2261 RSAENH_MAX_HASH_SIZE);
2263 }
2266 }
2268 /******************************************************************************
2269 * CPDestroyHash (RSAENH.@)
2270 *
2271 * Releases the handle to a hash object. The object is destroyed if its reference
2272 * count reaches zero.
2273 *
2274 * PARAMS
2275 * hProv [I] Handle to the key container to which the hash object belongs.
2276 * hHash [I] Handle to the hash object to be released.
2277 *
2278 * RETURNS
2279 * Success: TRUE
2280 * Failure: FALSE
2281 */
2283 {
2287 {
2290 }
2293 {
2296 }
2299 }
2301 /******************************************************************************
2302 * CPDestroyKey (RSAENH.@)
2303 *
2304 * Releases the handle to a key object. The object is destroyed if its reference
2305 * count reaches zero.
2306 *
2307 * PARAMS
2308 * hProv [I] Handle to the key container to which the key object belongs.
2309 * hKey [I] Handle to the key object to be released.
2310 *
2311 * RETURNS
2312 * Success: TRUE
2313 * Failure: FALSE
2314 */
2316 {
2320 {
2323 }
2326 {
2329 }
2332 }
2334 /******************************************************************************
2335 * CPDuplicateHash (RSAENH.@)
2336 *
2337 * Clones a hash object including its current state.
2338 *
2339 * PARAMS
2340 * hUID [I] Handle to the key container the hash belongs to.
2341 * hHash [I] Handle to the hash object to be cloned.
2342 * pdwReserved [I] Reserved. Must be NULL.
2343 * dwFlags [I] No flags are currently defined. Must be 0.
2344 * phHash [O] Handle to the cloned hash object.
2345 *
2346 * RETURNS
2347 * Success: TRUE.
2348 * Failure: FALSE.
2349 */
2352 {
2359 {
2362 }
2365 {
2368 }
2371 {
2374 }
2379 {
2385 }
2388 }
2390 /******************************************************************************
2391 * CPDuplicateKey (RSAENH.@)
2392 *
2393 * Clones a key object including its current state.
2394 *
2395 * PARAMS
2396 * hUID [I] Handle to the key container the hash belongs to.
2397 * hKey [I] Handle to the key object to be cloned.
2398 * pdwReserved [I] Reserved. Must be NULL.
2399 * dwFlags [I] No flags are currently defined. Must be 0.
2400 * phHash [O] Handle to the cloned key object.
2401 *
2402 * RETURNS
2403 * Success: TRUE.
2404 * Failure: FALSE.
2405 */
2408 {
2415 {
2418 }
2421 {
2424 }
2427 {
2430 }
2435 {
2443 }
2444 else
2445 {
2447 }
2448 }
2450 /******************************************************************************
2451 * CPEncrypt (RSAENH.@)
2452 *
2453 * Encrypt data.
2454 *
2455 * PARAMS
2456 * hProv [I] The key container hKey and hHash belong to.
2457 * hKey [I] The key used to encrypt the data.
2458 * hHash [I] An optional hash object for parallel hashing. See notes.
2459 * Final [I] Indicates if this is the last block of data to encrypt.
2460 * dwFlags [I] Must be zero or CRYPT_OAEP
2461 * pbData [I/O] Pointer to the data to encrypt. Encrypted data will also be stored there.
2462 * pdwDataLen [I/O] I: Length of data to encrypt, O: Length of encrypted data.
2463 * dwBufLen [I] Size of the buffer at pbData.
2464 *
2465 * RETURNS
2466 * Success: TRUE.
2467 * Failure: FALSE.
2468 *
2469 * NOTES
2470 * If a hash object handle is provided in hHash, it will be updated with the plaintext.
2471 * This is useful for message signatures.
2472 *
2473 * This function uses the standard WINAPI protocol for querying data of dynamic length.
2474 */
2477 {
2484 dwBufLen);
2487 {
2490 }
2493 {
2496 }
2499 {
2502 }
2508 {
2511 }
2515 }
2521 }
2528 }
2533 }
2535 /* Pad final block with length bytes */
2543 RSAENH_ENCRYPT);
2549 RSAENH_ENCRYPT);
2561 }
2567 }
2569 }
2574 }
2580 }
2584 }
2588 }
2589 if (!pad_data(hProv, pbData, *pdwDataLen, pbData, pCryptKey->dwBlockLen, dwFlags)) return FALSE;
2590 encrypt_block_impl(pCryptKey->aiAlgid, PK_PUBLIC, &pCryptKey->context, pbData, pbData, RSAENH_ENCRYPT);
2596 }
2601 }
2603 /******************************************************************************
2604 * CPDecrypt (RSAENH.@)
2605 *
2606 * Decrypt data.
2607 *
2608 * PARAMS
2609 * hProv [I] The key container hKey and hHash belong to.
2610 * hKey [I] The key used to decrypt the data.
2611 * hHash [I] An optional hash object for parallel hashing. See notes.
2612 * Final [I] Indicates if this is the last block of data to decrypt.
2613 * dwFlags [I] Must be zero or CRYPT_OAEP
2614 * pbData [I/O] Pointer to the data to decrypt. Plaintext will also be stored there.
2615 * pdwDataLen [I/O] I: Length of ciphertext, O: Length of plaintext.
2616 *
2617 * RETURNS
2618 * Success: TRUE.
2619 * Failure: FALSE.
2620 *
2621 * NOTES
2622 * If a hash object handle is provided in hHash, it will be updated with the plaintext.
2623 * This is useful for message signatures.
2624 *
2625 * This function uses the standard WINAPI protocol for querying data of dynamic length.
2626 */
2629 {
2633 DWORD dwMax;
2639 {
2642 }
2645 {
2648 }
2651 {
2654 }
2660 {
2663 }
2672 RSAENH_DECRYPT);
2677 RSAENH_DECRYPT);
2690 }
2696 }
2698 }
2705 /* check that every bad byte has the same value */
2715 }
2716 }
2721 }
2722 }
2730 }
2731 encrypt_block_impl(pCryptKey->aiAlgid, PK_PRIVATE, &pCryptKey->context, pbData, pbData, RSAENH_DECRYPT);
2732 if (!unpad_data(hProv, pbData, pCryptKey->dwBlockLen, pbData, pdwDataLen, dwFlags)) return FALSE;
2737 }
2744 }
2747 }
2751 {
2754 DWORD dwDataLen;
2759 }
2767 }
2778 {
2780 }
2784 }
2787 }
2791 {
2794 DWORD dwDataLen;
2799 }
2807 }
2819 }
2822 }
2826 {
2829 DWORD dwDataLen;
2834 }
2836 {
2839 }
2848 }
2860 }
2863 }
2867 {
2871 DWORD dwDataLen;
2879 }
2888 }
2891 }
2892 /******************************************************************************
2893 * crypt_export_key [Internal]
2894 *
2895 * Export a key into a binary large object (BLOB). Called by CPExportKey and
2896 * by store_key_pair.
2897 *
2898 * PARAMS
2899 * pCryptKey [I] Key to be exported.
2900 * hPubKey [I] Key used to encrypt sensitive BLOB data.
2901 * dwBlobType [I] SIMPLEBLOB, PUBLICKEYBLOB or PRIVATEKEYBLOB.
2902 * dwFlags [I] Currently none defined.
2903 * force [I] If TRUE, the key is written no matter what the key's
2904 * permissions are. Otherwise the key's permissions are
2905 * checked before exporting.
2906 * pbData [O] Pointer to a buffer where the BLOB will be written to.
2907 * pdwDataLen [I/O] I: Size of buffer at pbData, O: Size of BLOB
2908 *
2909 * RETURNS
2910 * Success: TRUE.
2911 * Failure: FALSE.
2912 */
2916 {
2923 }
2924 }
2927 {
2932 }
2934 pdwDataLen);
2940 }
2953 }
2954 }
2956 /******************************************************************************
2957 * CPExportKey (RSAENH.@)
2958 *
2959 * Export a key into a binary large object (BLOB).
2960 *
2961 * PARAMS
2962 * hProv [I] Key container from which a key is to be exported.
2963 * hKey [I] Key to be exported.
2964 * hPubKey [I] Key used to encrypt sensitive BLOB data.
2965 * dwBlobType [I] SIMPLEBLOB, PUBLICKEYBLOB or PRIVATEKEYBLOB.
2966 * dwFlags [I] Currently none defined.
2967 * pbData [O] Pointer to a buffer where the BLOB will be written to.
2968 * pdwDataLen [I/O] I: Size of buffer at pbData, O: Size of BLOB
2969 *
2970 * RETURNS
2971 * Success: TRUE.
2972 * Failure: FALSE.
2973 */
2976 {
2983 {
2986 }
2989 {
2992 }
2996 }
2998 /******************************************************************************
2999 * release_and_install_key [Internal]
3000 *
3001 * Release an existing key, if present, and replaces it with a new one.
3002 *
3003 * PARAMS
3004 * hProv [I] Key container into which the key is to be imported.
3005 * src [I] Key which will replace *dest
3006 * dest [I] Points to key to be released and replaced with src
3007 * fStoreKey [I] If TRUE, the newly installed key is stored to the registry.
3008 */
3011 {
3015 {
3019 {
3022 }
3023 }
3024 }
3026 /******************************************************************************
3027 * import_private_key [Internal]
3028 *
3029 * Import a BLOB'ed private key into a key container.
3030 *
3031 * PARAMS
3032 * hProv [I] Key container into which the private key is to be imported.
3033 * pbData [I] Pointer to a buffer which holds the private key BLOB.
3034 * dwDataLen [I] Length of data in buffer at pbData.
3035 * dwFlags [I] One of:
3036 * CRYPT_EXPORTABLE: the imported key is marked exportable
3037 * fStoreKey [I] If TRUE, the imported key is stored to the registry.
3038 * phKey [O] Handle to the imported key.
3039 *
3040 *
3041 * NOTES
3042 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
3043 * it's a PRIVATEKEYBLOB.
3044 *
3045 * RETURNS
3046 * Success: TRUE.
3047 * Failure: FALSE.
3048 */
3051 {
3056 BOOL ret;
3059 {
3063 }
3068 {
3070 dwDataLen);
3073 }
3075 {
3079 }
3082 {
3090 }
3101 {
3106 fStoreKey);
3112 fStoreKey);
3114 }
3115 }
3117 }
3119 /******************************************************************************
3120 * import_public_key [Internal]
3121 *
3122 * Import a BLOB'ed public key.
3123 *
3124 * PARAMS
3125 * hProv [I] A CSP.
3126 * pbData [I] Pointer to a buffer which holds the public key BLOB.
3127 * dwDataLen [I] Length of data in buffer at pbData.
3128 * dwFlags [I] One of:
3129 * CRYPT_EXPORTABLE: the imported key is marked exportable
3130 * phKey [O] Handle to the imported key.
3131 *
3132 *
3133 * NOTES
3134 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
3135 * it's a PUBLICKEYBLOB.
3136 *
3137 * RETURNS
3138 * Success: TRUE.
3139 * Failure: FALSE.
3140 */
3143 {
3147 ALG_ID algID;
3148 BOOL ret;
3151 {
3155 }
3160 {
3163 }
3165 /* Since this is a public key blob, only the public key is
3166 * available, so only signature verification is possible.
3167 */
3177 }
3179 }
3181 /******************************************************************************
3182 * import_symmetric_key [Internal]
3183 *
3184 * Import a BLOB'ed symmetric key into a key container.
3185 *
3186 * PARAMS
3187 * hProv [I] Key container into which the symmetric key is to be imported.
3188 * pbData [I] Pointer to a buffer which holds the symmetric key BLOB.
3189 * dwDataLen [I] Length of data in buffer at pbData.
3190 * hPubKey [I] Key used to decrypt sensitive BLOB data.
3191 * dwFlags [I] One of:
3192 * CRYPT_EXPORTABLE: the imported key is marked exportable
3193 * phKey [O] Handle to the imported key.
3194 *
3195 *
3196 * NOTES
3197 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
3198 * it's a SIMPLEBLOB.
3199 *
3200 * RETURNS
3201 * Success: TRUE.
3202 * Failure: FALSE.
3203 */
3206 {
3212 DWORD dwKeyLen;
3215 {
3219 }
3222 {
3225 }
3228 {
3231 }
3236 RSAENH_DECRYPT);
3242 }
3246 {
3249 }
3256 }
3258 /******************************************************************************
3259 * import_plaintext_key [Internal]
3260 *
3261 * Import a plaintext key into a key container.
3262 *
3263 * PARAMS
3264 * hProv [I] Key container into which the symmetric key is to be imported.
3265 * pbData [I] Pointer to a buffer which holds the plaintext key BLOB.
3266 * dwDataLen [I] Length of data in buffer at pbData.
3267 * dwFlags [I] One of:
3268 * CRYPT_EXPORTABLE: the imported key is marked exportable
3269 * phKey [O] Handle to the imported key.
3270 *
3271 *
3272 * NOTES
3273 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
3274 * it's a PLAINTEXTKEYBLOB.
3275 *
3276 * RETURNS
3277 * Success: TRUE.
3278 * Failure: FALSE.
3279 */
3282 {
3289 {
3292 }
3295 {
3300 {
3303 }
3304 else
3305 {
3308 /* In order to initialize an HMAC key, the key material is hashed,
3309 * and the output of the hash function is used as the key material.
3310 * Unfortunately, the way the Crypto API is designed, we don't know
3311 * the hash algorithm yet, so we have to copy the entire key
3312 * material.
3313 */
3315 {
3319 }
3320 }
3324 }
3325 else
3326 {
3334 }
3336 }
3338 /******************************************************************************
3339 * import_key [Internal]
3340 *
3341 * Import a BLOB'ed key into a key container, optionally storing the key's
3342 * value to the registry.
3343 *
3344 * PARAMS
3345 * hProv [I] Key container into which the key is to be imported.
3346 * pbData [I] Pointer to a buffer which holds the BLOB.
3347 * dwDataLen [I] Length of data in buffer at pbData.
3348 * hPubKey [I] Key used to decrypt sensitive BLOB data.
3349 * dwFlags [I] One of:
3350 * CRYPT_EXPORTABLE: the imported key is marked exportable
3351 * fStoreKey [I] If TRUE, the imported key is stored to the registry.
3352 * phKey [O] Handle to the imported key.
3353 *
3354 * RETURNS
3355 * Success: TRUE.
3356 * Failure: FALSE.
3357 */
3358 static BOOL import_key(HCRYPTPROV hProv, const BYTE *pbData, DWORD dwDataLen, HCRYPTKEY hPubKey,
3360 {
3370 {
3375 }
3377 /* If this is a verify-only context, the key is not persisted regardless of
3378 * fStoreKey's original value.
3379 */
3383 {
3390 phKey);
3398 phKey);
3403 }
3404 }
3406 /******************************************************************************
3407 * CPImportKey (RSAENH.@)
3408 *
3409 * Import a BLOB'ed key into a key container.
3410 *
3411 * PARAMS
3412 * hProv [I] Key container into which the key is to be imported.
3413 * pbData [I] Pointer to a buffer which holds the BLOB.
3414 * dwDataLen [I] Length of data in buffer at pbData.
3415 * hPubKey [I] Key used to decrypt sensitive BLOB data.
3416 * dwFlags [I] One of:
3417 * CRYPT_EXPORTABLE: the imported key is marked exportable
3418 * phKey [O] Handle to the imported key.
3419 *
3420 * RETURNS
3421 * Success: TRUE.
3422 * Failure: FALSE.
3423 */
3426 {
3431 }
3433 /******************************************************************************
3434 * CPGenKey (RSAENH.@)
3435 *
3436 * Generate a key in the key container
3437 *
3438 * PARAMS
3439 * hProv [I] Key container for which a key is to be generated.
3440 * Algid [I] Crypto algorithm identifier for the key to be generated.
3441 * dwFlags [I] Upper 16 bits: Binary length of key. Lower 16 bits: Flags. See Notes
3442 * phKey [O] Handle to the generated key.
3443 *
3444 * RETURNS
3445 * Success: TRUE.
3446 * Failure: FALSE.
3447 *
3448 * FIXME
3449 * Flags currently not considered.
3450 *
3451 * NOTES
3452 * Private key-exchange- and signature-keys can be generated with Algid AT_KEYEXCHANGE
3453 * and AT_SIGNATURE values.
3454 */
3456 {
3463 {
3464 /* MSDN: hProv not containing valid context handle */
3466 }
3469 {
3478 FALSE);
3479 }
3490 FALSE);
3491 }
3519 }
3521 }
3525 /* MSDN: Algorithm not supported specified by Algid */
3528 }
3531 }
3533 /******************************************************************************
3534 * CPGenRandom (RSAENH.@)
3535 *
3536 * Generate a random byte stream.
3537 *
3538 * PARAMS
3539 * hProv [I] Key container that is used to generate random bytes.
3540 * dwLen [I] Specifies the number of requested random data bytes.
3541 * pbBuffer [O] Random bytes will be stored here.
3542 *
3543 * RETURNS
3544 * Success: TRUE
3545 * Failure: FALSE
3546 */
3548 {
3552 {
3553 /* MSDN: hProv not containing valid context handle */
3556 }
3559 }
3561 /******************************************************************************
3562 * CPGetHashParam (RSAENH.@)
3563 *
3564 * Query parameters of an hash object.
3565 *
3566 * PARAMS
3567 * hProv [I] The kea container, which the hash belongs to.
3568 * hHash [I] The hash object that is to be queried.
3569 * dwParam [I] Specifies the parameter that is to be queried.
3570 * pbData [I] Pointer to the buffer where the parameter value will be stored.
3571 * pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3572 * dwFlags [I] None currently defined.
3573 *
3574 * RETURNS
3575 * Success: TRUE
3576 * Failure: FALSE
3577 *
3578 * NOTES
3579 * Valid dwParams are: HP_ALGID, HP_HASHSIZE, HP_HASHVALUE. The hash will be
3580 * finalized if HP_HASHVALUE is queried.
3581 */
3582 BOOL WINAPI RSAENH_CPGetHashParam(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwParam, BYTE *pbData,
3584 {
3591 {
3594 }
3597 {
3600 }
3604 {
3607 }
3610 {
3613 }
3616 {
3629 }
3632 {
3635 }
3638 {
3641 }
3649 }
3650 }
3652 /******************************************************************************
3653 * CPSetKeyParam (RSAENH.@)
3654 *
3655 * Set a parameter of a key object
3656 *
3657 * PARAMS
3658 * hProv [I] The key container to which the key belongs.
3659 * hKey [I] The key for which a parameter is to be set.
3660 * dwParam [I] Parameter type. See Notes.
3661 * pbData [I] Pointer to the parameter value.
3662 * dwFlags [I] Currently none defined.
3663 *
3664 * RETURNS
3665 * Success: TRUE.
3666 * Failure: FALSE.
3667 *
3668 * NOTES:
3669 * Defined dwParam types are:
3670 * - KP_MODE: Values MODE_CBC, MODE_ECB, MODE_CFB.
3671 * - KP_MODE_BITS: Shift width for cipher feedback mode. (Currently ignored by MS CSP's)
3672 * - KP_PERMISSIONS: Or'ed combination of CRYPT_ENCRYPT, CRYPT_DECRYPT,
3673 * CRYPT_EXPORT, CRYPT_READ, CRYPT_WRITE, CRYPT_MAC
3674 * - KP_IV: Initialization vector
3675 */
3676 BOOL WINAPI RSAENH_CPSetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam, BYTE *pbData,
3677 DWORD dwFlags)
3678 {
3685 {
3688 }
3693 }
3696 {
3699 }
3703 /* The MS providers only support PKCS5_PADDING */
3707 }
3719 {
3724 {
3727 }
3730 {
3731 /* Clearing the export permission appears to be ignored,
3732 * see tests.
3733 */
3735 }
3738 }
3749 {
3752 {
3755 }
3756 /* MSDN: the base provider always sets eleven bytes of
3757 * salt value.
3758 */
3763 /* After setting the salt value if the provider is not base or
3764 * strong the salt length will be reset. */
3769 }
3773 }
3777 {
3780 /* salt length can't be greater than 184 bits = 24 bytes */
3782 {
3785 }
3791 }
3796 {
3802 {
3805 }
3808 {
3811 }
3813 /*
3814 * The Base provider will force the key length to default
3815 * and set an error state if a key length different from
3816 * the default is tried.
3817 */
3821 {
3825 }
3829 }
3833 }
3849 }
3861 }
3862 }
3864 /******************************************************************************
3865 * CPGetKeyParam (RSAENH.@)
3866 *
3867 * Query a key parameter.
3868 *
3869 * PARAMS
3870 * hProv [I] The key container, which the key belongs to.
3871 * hHash [I] The key object that is to be queried.
3872 * dwParam [I] Specifies the parameter that is to be queried.
3873 * pbData [I] Pointer to the buffer where the parameter value will be stored.
3874 * pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3875 * dwFlags [I] None currently defined.
3876 *
3877 * RETURNS
3878 * Success: TRUE
3879 * Failure: FALSE
3880 *
3881 * NOTES
3882 * Defined dwParam types are:
3883 * - KP_MODE: Values MODE_CBC, MODE_ECB, MODE_CFB.
3884 * - KP_MODE_BITS: Shift width for cipher feedback mode.
3885 * (Currently ignored by MS CSP's - always eight)
3886 * - KP_PERMISSIONS: Or'ed combination of CRYPT_ENCRYPT, CRYPT_DECRYPT,
3887 * CRYPT_EXPORT, CRYPT_READ, CRYPT_WRITE, CRYPT_MAC
3888 * - KP_IV: Initialization vector.
3889 * - KP_KEYLEN: Bitwidth of the key.
3890 * - KP_BLOCKLEN: Size of a block cipher block.
3891 * - KP_SALT: Salt value.
3892 */
3893 BOOL WINAPI RSAENH_CPGetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam, BYTE *pbData,
3895 {
3897 DWORD dwValue;
3903 {
3906 }
3911 }
3914 {
3917 }
3920 {
3935 }
3948 else
3973 }
3974 }
3976 /******************************************************************************
3977 * CPGetProvParam (RSAENH.@)
3978 *
3979 * Query a CSP parameter.
3980 *
3981 * PARAMS
3982 * hProv [I] The key container that is to be queried.
3983 * dwParam [I] Specifies the parameter that is to be queried.
3984 * pbData [I] Pointer to the buffer where the parameter value will be stored.
3985 * pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3986 * dwFlags [I] CRYPT_FIRST: Start enumeration (for PP_ENUMALGS{_EX}).
3987 *
3988 * RETURNS
3989 * Success: TRUE
3990 * Failure: FALSE
3991 * NOTES:
3992 * Defined dwParam types:
3993 * - PP_CONTAINER: Name of the key container.
3994 * - PP_NAME: Name of the cryptographic service provider.
3995 * - PP_SIG_KEYSIZE_INC: RSA signature keywidth granularity in bits.
3996 * - PP_KEYX_KEYSIZE_INC: RSA key-exchange keywidth granularity in bits.
3997 * - PP_ENUMALGS{_EX}: Query provider capabilities.
3998 * - PP_KEYSET_SEC_DESCR: Retrieve security descriptor on container.
3999 */
4002 {
4004 PROV_ENUMALGS provEnumalgs;
4005 DWORD dwTemp;
4006 HKEY hKey;
4008 /* This is for dwParam PP_CRYPT_COUNT_KEY_USE.
4009 * IE6 SP1 asks for it in the 'About' dialog.
4010 * Returning this BLOB seems to satisfy IE. The marked 0x00 seem
4011 * to be 'don't care's. If you know anything more specific about
4012 * this provider parameter, please report to wine-devel@winehq.org */
4026 };
4034 }
4037 {
4038 /* MSDN: hProv not containing valid context handle */
4040 }
4043 {
4088 }
4091 {
4094 }
4099 {
4113 }
4121 {
4124 }
4152 }
4158 {
4163 {
4166 }
4171 {
4174 }
4183 }
4186 /* MSDN: Unknown parameter number in dwParam */
4189 }
4190 }
4192 /******************************************************************************
4193 * CPDeriveKey (RSAENH.@)
4194 *
4195 * Derives a key from a hash value.
4196 *
4197 * PARAMS
4198 * hProv [I] Key container for which a key is to be generated.
4199 * Algid [I] Crypto algorithm identifier for the key to be generated.
4200 * hBaseData [I] Hash from whose value the key will be derived.
4201 * dwFlags [I] See Notes.
4202 * phKey [O] The generated key.
4203 *
4204 * RETURNS
4205 * Success: TRUE
4206 * Failure: FALSE
4207 *
4208 * NOTES
4209 * Defined flags:
4210 * - CRYPT_EXPORTABLE: Key can be exported.
4211 * - CRYPT_NO_SALT: No salt is used for 40 bit keys.
4212 * - CRYPT_CREATE_SALT: Use remaining bits as salt value.
4213 */
4216 {
4220 DWORD dwLen;
4226 {
4229 }
4233 {
4236 }
4239 {
4242 }
4245 {
4247 {
4252 /*
4253 * We derive the key material from the hash.
4254 * If the hash value is not large enough for the claimed key, we have to construct
4255 * a larger binary value based on the hash. This is documented in MSDN: CryptDeriveKey.
4256 */
4260 /*
4261 * The usage of padding seems to vary from algorithm to algorithm.
4262 * For now the only different case found was for AES with 128 bit key.
4263 */
4265 {
4267 /* To reduce the chance of regressions we will only deviate
4268 * from the old behavior for the tested hash lengths */
4270 {
4273 }
4276 }
4280 {
4283 DWORD i;
4290 }
4304 }
4305 /*
4306 * Padding was not required, we have more hash than needed.
4307 * Do we need to use the remaining hash as salt?
4308 */
4311 {
4313 }
4318 }
4322 {
4325 }
4328 {
4329 /* See RFC 2246, chapter 6.3 Key calculation */
4333 {
4336 }
4369 }
4375 }
4379 }
4381 /******************************************************************************
4382 * CPGetUserKey (RSAENH.@)
4383 *
4384 * Returns a handle to the user's private key-exchange- or signature-key.
4385 *
4386 * PARAMS
4387 * hProv [I] The key container from which a user key is requested.
4388 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
4389 * phUserKey [O] Handle to the requested key or INVALID_HANDLE_VALUE in case of failure.
4390 *
4391 * RETURNS
4392 * Success: TRUE.
4393 * Failure: FALSE.
4394 *
4395 * NOTE
4396 * A newly created key container does not contain private user key. Create them with CPGenKey.
4397 */
4399 {
4405 {
4406 /* MSDN: hProv not containing valid context handle */
4408 }
4411 {
4414 phUserKey);
4419 phUserKey);
4424 }
4427 {
4428 /* MSDN: dwKeySpec parameter specifies nonexistent key */
4431 }
4434 }
4436 /******************************************************************************
4437 * CPHashData (RSAENH.@)
4438 *
4439 * Updates a hash object with the given data.
4440 *
4441 * PARAMS
4442 * hProv [I] Key container to which the hash object belongs.
4443 * hHash [I] Hash object which is to be updated.
4444 * pbData [I] Pointer to data with which the hash object is to be updated.
4445 * dwDataLen [I] Length of the data.
4446 * dwFlags [I] Currently none defined.
4447 *
4448 * RETURNS
4449 * Success: TRUE.
4450 * Failure: FALSE.
4451 *
4452 * NOTES
4453 * The actual hash value is queried with CPGetHashParam, which will finalize
4454 * the hash. Updating a finalized hash will fail with a last error NTE_BAD_HASH_STATE.
4455 */
4458 {
4465 {
4468 }
4472 {
4475 }
4478 {
4481 }
4484 {
4487 }
4491 }
4493 /******************************************************************************
4494 * CPHashSessionKey (RSAENH.@)
4495 *
4496 * Updates a hash object with the binary representation of a symmetric key.
4497 *
4498 * PARAMS
4499 * hProv [I] Key container to which the hash object belongs.
4500 * hHash [I] Hash object which is to be updated.
4501 * hKey [I] The symmetric key, whose binary value will be added to the hash.
4502 * dwFlags [I] CRYPT_LITTLE_ENDIAN, if the binary key value shall be interpreted as little endian.
4503 *
4504 * RETURNS
4505 * Success: TRUE.
4506 * Failure: FALSE.
4507 */
4509 DWORD dwFlags)
4510 {
4513 DWORD i;
4519 {
4522 }
4527 }
4535 }
4536 }
4539 }
4541 /******************************************************************************
4542 * CPReleaseContext (RSAENH.@)
4543 *
4544 * Release a key container.
4545 *
4546 * PARAMS
4547 * hProv [I] Key container to be released.
4548 * dwFlags [I] Currently none defined.
4549 *
4550 * RETURNS
4551 * Success: TRUE
4552 * Failure: FALSE
4553 */
4555 {
4559 {
4560 /* MSDN: hProv not containing valid context handle */
4563 }
4568 }
4571 }
4573 /******************************************************************************
4574 * CPSetHashParam (RSAENH.@)
4575 *
4576 * Set a parameter of a hash object
4577 *
4578 * PARAMS
4579 * hProv [I] The key container to which the key belongs.
4580 * hHash [I] The hash object for which a parameter is to be set.
4581 * dwParam [I] Parameter type. See Notes.
4582 * pbData [I] Pointer to the parameter value.
4583 * dwFlags [I] Currently none defined.
4584 *
4585 * RETURNS
4586 * Success: TRUE.
4587 * Failure: FALSE.
4588 *
4589 * NOTES
4590 * Currently only the HP_HMAC_INFO dwParam type is defined.
4591 * The HMAC_INFO struct will be deep copied into the hash object.
4592 * See Internet RFC 2104 for details on the HMAC algorithm.
4593 */
4596 {
4599 DWORD i;
4605 {
4608 }
4613 }
4617 {
4620 }
4629 {
4632 }
4635 HCRYPTHASH hKeyHash;
4636 DWORD keyLen;
4643 {
4646 }
4650 {
4653 }
4656 }
4659 }
4662 }
4681 }
4682 }
4684 /******************************************************************************
4685 * CPSetProvParam (RSAENH.@)
4686 */
4687 BOOL WINAPI RSAENH_CPSetProvParam(HCRYPTPROV hProv, DWORD dwParam, BYTE *pbData, DWORD dwFlags)
4688 {
4690 HKEY hKey;
4692 TRACE("(hProv=%08lx, dwParam=%08x, pbData=%p, dwFlags=%08x)\n", hProv, dwParam, pbData, dwFlags);
4698 {
4700 {
4709 {
4712 }
4716 (dwFlags & DACL_SECURITY_INFORMATION && !GetSecurityDescriptorDacl(sd, &present, &dacl, &def)) ||
4717 (dwFlags & SACL_SECURITY_INFORMATION && !GetSecurityDescriptorSacl(sd, &present, &sacl, &def)))
4718 {
4721 }
4726 {
4729 }
4731 }
4735 }
4736 }
4738 /******************************************************************************
4739 * CPSignHash (RSAENH.@)
4740 *
4741 * Sign a hash object
4742 *
4743 * PARAMS
4744 * hProv [I] The key container, to which the hash object belongs.
4745 * hHash [I] The hash object to be signed.
4746 * dwKeySpec [I] AT_SIGNATURE or AT_KEYEXCHANGE: Key used to generate the signature.
4747 * sDescription [I] Should be NULL for security reasons.
4748 * dwFlags [I] 0, CRYPT_NOHASHOID or CRYPT_X931_FORMAT: Format of the signature.
4749 * pbSignature [O] Buffer, to which the signature will be stored. May be NULL to query SigLen.
4750 * pdwSigLen [I/O] Size of the buffer (in), Length of the signature (out)
4751 *
4752 * RETURNS
4753 * Success: TRUE
4754 * Failure: FALSE
4755 */
4759 {
4762 DWORD dwHashLen;
4764 ALG_ID aiAlgid;
4774 }
4780 {
4783 }
4789 }
4791 {
4795 }
4801 {
4803 }
4804 }
4813 if (!build_hash_signature(pbSignature, *pdwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags)) {
4815 }
4817 ret = encrypt_block_impl(pCryptKey->aiAlgid, PK_PRIVATE, &pCryptKey->context, pbSignature, pbSignature, RSAENH_ENCRYPT);
4818 out:
4821 }
4823 /******************************************************************************
4824 * CPVerifySignature (RSAENH.@)
4825 *
4826 * Verify the signature of a hash object.
4827 *
4828 * PARAMS
4829 * hProv [I] The key container, to which the hash belongs.
4830 * hHash [I] The hash for which the signature is verified.
4831 * pbSignature [I] The binary signature.
4832 * dwSigLen [I] Length of the signature BLOB.
4833 * hPubKey [I] Public key used to verify the signature.
4834 * sDescription [I] Should be NULL for security reasons.
4835 * dwFlags [I] 0, CRYPT_NOHASHOID or CRYPT_X931_FORMAT: Format of the signature.
4836 *
4837 * RETURNS
4838 * Success: TRUE (Signature is valid)
4839 * Failure: FALSE (GetLastError() == NTE_BAD_SIGNATURE, if signature is invalid)
4840 */
4841 BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, const BYTE *pbSignature,
4843 DWORD dwFlags)
4844 {
4847 DWORD dwHashLen;
4848 ALG_ID aiAlgid;
4852 TRACE("(hProv=%08lx, hHash=%08lx, pbSignature=%p, dwSigLen=%d, hPubKey=%08lx, sDescription=%s, "
4854 dwFlags);
4859 }
4862 {
4865 }
4869 {
4872 }
4874 /* in Microsoft implementation, the signature length is checked before
4875 * the signature pointer.
4876 */
4878 {
4881 }
4884 {
4887 }
4892 {
4894 }
4895 }
4898 if (!RSAENH_CPGetHashParam(hProv, hHash, HP_ALGID, (BYTE*)&aiAlgid, &dwHashLen, 0)) return FALSE;
4901 if (!RSAENH_CPGetHashParam(hProv, hHash, HP_HASHVAL, abHashValue, &dwHashLen, 0)) return FALSE;
4907 }
4913 }
4915 if (!encrypt_block_impl(pCryptKey->aiAlgid, PK_PUBLIC, &pCryptKey->context, pbSignature, pbDecrypted,
4916 RSAENH_DECRYPT))
4917 {
4919 }
4925 }
4928 build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags|CRYPT_NOHASHOID) &&
4932 }
4936 cleanup:
4940 }
4942 /******************************************************************************
4943 * DllRegisterServer (RSAENH.@)
4944 */
4946 {
4948 }
4950 /******************************************************************************
4951 * DllUnregisterServer (RSAENH.@)
4952 */
4954 {
4956 }