| blob | d0fc5befd66f2f33cf74cdd56efb82cf4d241047 |
1 /*
2 * dlls/rsaenh/rsaenh.c
3 * RSAENH - RSA encryption for Wine
4 *
5 * Copyright 2002 TransGaming Technologies (David Hammerton)
6 * Copyright 2004 Mike McCormack for CodeWeavers
7 * Copyright 2004, 2005 Michael Jung
8 * Copyright 2007 Vijay Kiran Kamuju
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
23 */
30 #include <stdarg.h>
31 #include <stdio.h>
46 /******************************************************************************
47 * CRYPTHASH - hash objects
48 */
49 #define RSAENH_MAGIC_HASH 0x85938417u
50 #define RSAENH_MAX_HASH_SIZE 104
51 #define RSAENH_HASHSTATE_HASHING 1
52 #define RSAENH_HASHSTATE_FINISHED 2
54 {
55 CRYPT_DATA_BLOB blobLabel;
56 CRYPT_DATA_BLOB blobSeed;
60 {
61 OBJECTHDR header;
62 ALG_ID aiAlgid;
63 HCRYPTKEY hKey;
64 HCRYPTPROV hProv;
65 DWORD dwHashSize;
66 DWORD dwState;
67 HASH_CONTEXT context;
69 PHMAC_INFO pHMACInfo;
70 RSAENH_TLS1PRF_PARAMS tpPRFParams;
73 /******************************************************************************
74 * CRYPTKEY - key objects
75 */
76 #define RSAENH_MAGIC_KEY 0x73620457u
77 #define RSAENH_MAX_KEY_SIZE 64
78 #define RSAENH_MAX_BLOCK_SIZE 24
79 #define RSAENH_KEYSTATE_IDLE 0
80 #define RSAENH_KEYSTATE_ENCRYPTING 1
81 #define RSAENH_KEYSTATE_MASTERKEY 2
83 {
84 SCHANNEL_ALG saEncAlg;
85 SCHANNEL_ALG saMACAlg;
86 CRYPT_DATA_BLOB blobClientRandom;
87 CRYPT_DATA_BLOB blobServerRandom;
91 {
92 OBJECTHDR header;
93 ALG_ID aiAlgid;
94 HCRYPTPROV hProv;
95 DWORD dwMode;
96 DWORD dwModeBits;
97 DWORD dwPermissions;
98 DWORD dwKeyLen;
99 DWORD dwEffectiveKeyLen;
100 DWORD dwSaltLen;
101 DWORD dwBlockLen;
102 DWORD dwState;
103 KEY_CONTEXT context;
107 RSAENH_SCHANNEL_INFO siSChannelInfo;
108 CRYPT_DATA_BLOB blobHmacKey;
111 /******************************************************************************
112 * KEYCONTAINER - key containers
113 */
114 #define RSAENH_PERSONALITY_BASE 0u
115 #define RSAENH_PERSONALITY_STRONG 1u
116 #define RSAENH_PERSONALITY_ENHANCED 2u
117 #define RSAENH_PERSONALITY_SCHANNEL 3u
118 #define RSAENH_PERSONALITY_AES 4u
120 #define RSAENH_MAGIC_CONTAINER 0x26384993u
122 {
123 OBJECTHDR header;
124 DWORD dwFlags;
125 DWORD dwPersonality;
126 DWORD dwEnumAlgsCtr;
127 DWORD dwEnumContainersCtr;
130 HCRYPTKEY hKeyExchangeKeyPair;
131 HCRYPTKEY hSignatureKeyPair;
134 /******************************************************************************
135 * Some magic constants
136 */
137 #define RSAENH_ENCRYPT 1
138 #define RSAENH_DECRYPT 0
139 #define RSAENH_HMAC_DEF_IPAD_CHAR 0x36
140 #define RSAENH_HMAC_DEF_OPAD_CHAR 0x5c
141 #define RSAENH_HMAC_DEF_PAD_LEN 64
142 #define RSAENH_HMAC_BLOCK_LEN 64
143 #define RSAENH_DES_EFFECTIVE_KEYLEN 56
144 #define RSAENH_DES_STORAGE_KEYLEN 64
145 #define RSAENH_3DES112_EFFECTIVE_KEYLEN 112
146 #define RSAENH_3DES112_STORAGE_KEYLEN 128
147 #define RSAENH_3DES_EFFECTIVE_KEYLEN 168
148 #define RSAENH_3DES_STORAGE_KEYLEN 192
149 #define RSAENH_MAGIC_RSA2 0x32415352
150 #define RSAENH_MAGIC_RSA1 0x31415352
151 #define RSAENH_PKC_BLOCKTYPE 0x02
152 #define RSAENH_SSL3_VERSION_MAJOR 3
153 #define RSAENH_SSL3_VERSION_MINOR 0
154 #define RSAENH_TLS1_VERSION_MAJOR 3
155 #define RSAENH_TLS1_VERSION_MINOR 1
158 #define RSAENH_MIN(a,b) ((a)<(b)?(a):(b))
159 /******************************************************************************
160 * aProvEnumAlgsEx - Defines the capabilities of the CSP personalities.
161 */
162 #define RSAENH_MAX_ENUMALGS 24
163 #define RSAENH_PCT1_SSL2_SSL3_TLS1 (CRYPT_FLAG_PCT1|CRYPT_FLAG_SSL2|CRYPT_FLAG_SSL3|CRYPT_FLAG_TLS1)
165 {
166 {
176 {CALG_RSA_SIGN, 512,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
177 {CALG_RSA_KEYX, 512,384, 1024,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
180 },
181 {
193 {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
194 {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
197 },
198 {
210 {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
211 {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
214 },
215 {
218 {CALG_DES, 56, 56, 56,RSAENH_PCT1_SSL2_SSL3_TLS1, 4,"DES", 31,"Data Encryption Standard (DES)"},
219 {CALG_3DES_112, 112,112, 112,RSAENH_PCT1_SSL2_SSL3_TLS1,13,"3DES TWO KEY",19,"Two Key Triple DES"},
221 {CALG_SHA,160,160,160,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,6,"SHA-1",30,"Secure Hash Algorithm (SHA-1)"},
222 {CALG_MD5,128,128,128,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,4,"MD5",23,"Message Digest 5 (MD5)"},
225 {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,9,"RSA_SIGN",14,"RSA Signature"},
226 {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|RSAENH_PCT1_SSL2_SSL3_TLS1,9,"RSA_KEYX",17,"RSA Key Exchange"},
237 },
238 {
249 {CALG_SHA_256, 256,256, 256,CRYPT_FLAG_SIGNING, 6,"SHA-256", 30,"Secure Hash Algorithm (SHA-256)"},
250 {CALG_SHA_384, 384,384, 384,CRYPT_FLAG_SIGNING, 6,"SHA-384", 30,"Secure Hash Algorithm (SHA-284)"},
251 {CALG_SHA_512, 512,512, 512,CRYPT_FLAG_SIGNING, 6,"SHA-512", 30,"Secure Hash Algorithm (SHA-512)"},
257 {CALG_RSA_SIGN,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_SIGN",14,"RSA Signature"},
258 {CALG_RSA_KEYX,1024,384,16384,CRYPT_FLAG_SIGNING|CRYPT_FLAG_IPSEC,9,"RSA_KEYX",17,"RSA Key Exchange"},
261 }
262 };
264 /******************************************************************************
265 * API forward declarations
266 */
267 BOOL WINAPI
269 HCRYPTPROV hProv,
270 HCRYPTKEY hKey,
271 DWORD dwParam,
274 DWORD dwFlags
275 );
277 BOOL WINAPI
279 HCRYPTPROV hProv,
280 HCRYPTKEY hKey,
281 HCRYPTHASH hHash,
282 BOOL Final,
283 DWORD dwFlags,
286 DWORD dwBufLen
287 );
289 BOOL WINAPI
291 HCRYPTPROV hProv,
292 ALG_ID Algid,
293 HCRYPTKEY hKey,
294 DWORD dwFlags,
295 HCRYPTHASH *phHash
296 );
298 BOOL WINAPI
300 HCRYPTPROV hProv,
301 HCRYPTHASH hHash,
302 DWORD dwParam,
304 );
306 BOOL WINAPI
308 HCRYPTPROV hProv,
309 HCRYPTHASH hHash,
310 DWORD dwParam,
313 DWORD dwFlags
314 );
316 BOOL WINAPI
318 HCRYPTPROV hProv,
319 HCRYPTHASH hHash
320 );
324 HCRYPTKEY hPubKey,
325 DWORD dwBlobType,
326 DWORD dwFlags,
327 BOOL force,
329 DWORD *pdwDataLen
330 );
333 HCRYPTPROV hProv,
335 DWORD dwDataLen,
336 HCRYPTKEY hPubKey,
337 DWORD dwFlags,
338 BOOL fStoreKey,
339 HCRYPTKEY *phKey
340 );
342 BOOL WINAPI
344 HCRYPTPROV hProv,
345 HCRYPTHASH hHash,
347 DWORD dwDataLen,
348 DWORD dwFlags
349 );
351 /******************************************************************************
352 * CSP's handle table (used by all acquired key containers)
353 */
356 /******************************************************************************
357 * DllMain (RSAENH.@)
358 *
359 * Initializes and destroys the handle table for the CSP's handles.
360 */
362 {
364 {
375 }
377 }
379 /******************************************************************************
380 * copy_param [Internal]
381 *
382 * Helper function that supports the standard WINAPI protocol for querying data
383 * of dynamic size.
384 *
385 * PARAMS
386 * pbBuffer [O] Buffer where the queried parameter is copied to, if it is large enough.
387 * May be NUL if the required buffer size is to be queried only.
388 * pdwBufferSize [I/O] In: Size of the buffer at pbBuffer
389 * Out: Size of parameter pbParam
390 * pbParam [I] Parameter value.
391 * dwParamSize [I] Size of pbParam
392 *
393 * RETURN
394 * Success: TRUE (pbParam was copied into pbBuffer or pbBuffer is NULL)
395 * Failure: FALSE (pbBuffer is not large enough to hold pbParam). Last error: ERROR_MORE_DATA
396 */
399 {
401 {
403 {
407 }
409 }
412 }
414 /******************************************************************************
415 * get_algid_info [Internal]
416 *
417 * Query CSP capabilities for a given crypto algorithm.
418 *
419 * PARAMS
420 * hProv [I] Handle to a key container of the CSP whose capabilities are to be queried.
421 * algid [I] Identifier of the crypto algorithm about which information is requested.
422 *
423 * RETURNS
424 * Success: Pointer to a PROV_ENUMALGS_EX struct containing information about the crypto algorithm.
425 * Failure: NULL (algid not supported)
426 */
431 if (!lookup_handle(&handle_table, hProv, RSAENH_MAGIC_CONTAINER, (OBJECTHDR**)&pKeyContainer)) {
434 }
438 }
442 }
444 /******************************************************************************
445 * copy_data_blob [Internal]
446 *
447 * deeply copies a DATA_BLOB
448 *
449 * PARAMS
450 * dst [O] That's where the blob will be copied to
451 * src [I] Source blob
452 *
453 * RETURNS
454 * Success: TRUE
455 * Failure: FALSE (GetLastError() == NTE_NO_MEMORY
456 *
457 * NOTES
458 * Use free_data_blob to release resources occupied by copy_data_blob.
459 */
465 }
469 }
471 /******************************************************************************
472 * concat_data_blobs [Internal]
473 *
474 * Concatenates two blobs
475 *
476 * PARAMS
477 * dst [O] The new blob will be copied here
478 * src1 [I] Prefix blob
479 * src2 [I] Appendix blob
480 *
481 * RETURNS
482 * Success: TRUE
483 * Failure: FALSE (GetLastError() == NTE_NO_MEMORY)
484 *
485 * NOTES
486 * Release resources occupied by concat_data_blobs with free_data_blobs
487 */
489 CONST PCRYPT_DATA_BLOB src2)
490 {
496 }
500 }
502 /******************************************************************************
503 * free_data_blob [Internal]
504 *
505 * releases resource occupied by a dynamically allocated CRYPT_DATA_BLOB
506 *
507 * PARAMS
508 * pBlob [I] Heap space occupied by pBlob->pbData is released
509 */
512 }
514 /******************************************************************************
515 * init_data_blob [Internal]
516 */
520 }
522 /******************************************************************************
523 * free_hmac_info [Internal]
524 *
525 * Deeply free an HMAC_INFO struct.
526 *
527 * PARAMS
528 * hmac_info [I] Pointer to the HMAC_INFO struct to be freed.
529 *
530 * NOTES
531 * See Internet RFC 2104 for details on the HMAC algorithm.
532 */
538 }
540 /******************************************************************************
541 * copy_hmac_info [Internal]
542 *
543 * Deeply copy an HMAC_INFO struct
544 *
545 * PARAMS
546 * dst [O] Pointer to a location where the pointer to the HMAC_INFO copy will be stored.
547 * src [I] Pointer to the HMAC_INFO struct to be copied.
548 *
549 * RETURNS
550 * Success: TRUE
551 * Failure: FALSE
552 *
553 * NOTES
554 * See Internet RFC 2104 for details on the HMAC algorithm.
555 */
568 }
571 else
578 }
581 else
584 }
586 /******************************************************************************
587 * destroy_hash [Internal]
588 *
589 * Destructor for hash objects
590 *
591 * PARAMS
592 * pCryptHash [I] Pointer to the hash object to be destroyed.
593 * Will be invalid after function returns!
594 */
596 {
603 }
605 /******************************************************************************
606 * init_hash [Internal]
607 *
608 * Initialize (or reset) a hash object
609 *
610 * PARAMS
611 * pCryptHash [I] The hash object to be initialized.
612 */
614 DWORD dwLen;
617 {
629 }
641 }
642 }
644 /******************************************************************************
645 * update_hash [Internal]
646 *
647 * Hashes the given data and updates the hash object's state accordingly
648 *
649 * PARAMS
650 * pCryptHash [I] Hash object to be updated.
651 * pbData [I] Pointer to data stream to be hashed.
652 * dwDataLen [I] Length of data stream.
653 */
658 {
676 }
677 }
679 /******************************************************************************
680 * finalize_hash [Internal]
681 *
682 * Finalizes the hash, after all data has been hashed with update_hash.
683 * No additional data can be hashed afterwards until the hash gets initialized again.
684 *
685 * PARAMS
686 * pCryptHash [I] Hash object to be finalized.
687 */
689 DWORD dwDataLen;
692 {
708 }
719 }
720 }
722 /******************************************************************************
723 * destroy_key [Internal]
724 *
725 * Destructor for key objects
726 *
727 * PARAMS
728 * pCryptKey [I] Pointer to the key object to be destroyed.
729 * Will be invalid after function returns!
730 */
732 {
740 }
742 /******************************************************************************
743 * setup_key [Internal]
744 *
745 * Initialize (or reset) a key object
746 *
747 * PARAMS
748 * pCryptKey [I] The key object to be initialized.
749 */
756 }
758 /******************************************************************************
759 * new_key [Internal]
760 *
761 * Creates a new key object without assigning the actual binary key value.
762 * This is done by CPDeriveKey, CPGenKey or CPImportKey, which call this function.
763 *
764 * PARAMS
765 * hProv [I] Handle to the provider to which the created key will belong.
766 * aiAlgid [I] The new key shall use the crypto algorithm identified by aiAlgid.
767 * dwFlags [I] Upper 16 bits give the key length.
768 * Lower 16 bits: CRYPT_EXPORTABLE, CRYPT_CREATE_SALT,
769 * CRYPT_NO_SALT
770 * ppCryptKey [O] Pointer to the created key
771 *
772 * RETURNS
773 * Success: Handle to the created key.
774 * Failure: INVALID_HANDLE_VALUE
775 */
776 static HCRYPTKEY new_key(HCRYPTPROV hProv, ALG_ID aiAlgid, DWORD dwFlags, CRYPTKEY **ppCryptKey)
777 {
778 HCRYPTKEY hCryptKey;
785 /*
786 * Retrieve the CSP's capabilities for the given ALG_ID value
787 */
792 dwKeyLen);
793 /*
794 * Assume the default key length, if none is specified explicitly
795 */
798 /*
799 * Check if the requested key length is supported by the current CSP.
800 * Adjust key length's for DES algorithms.
801 */
806 }
810 }
816 }
820 }
826 }
830 }
834 /* Avoid the key length check for HMAC keys, which have unlimited
835 * length.
836 */
843 {
848 }
849 }
854 {
859 CRYPT_MAC;
866 else
877 {
913 }
916 }
919 }
921 /******************************************************************************
922 * map_key_spec_to_key_pair_name [Internal]
923 *
924 * Returns the name of the registry value associated with a key spec.
925 *
926 * PARAMS
927 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
928 *
929 * RETURNS
930 * Success: Name of registry value.
931 * Failure: NULL
932 */
934 {
935 LPCSTR szValueName;
938 {
948 }
950 }
952 /******************************************************************************
953 * store_key_pair [Internal]
954 *
955 * Stores a key pair to the registry
956 *
957 * PARAMS
958 * hCryptKey [I] Handle to the key to be stored
959 * hKey [I] Registry key where the key pair is to be stored
960 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
961 * dwFlags [I] Flags for protecting the key
962 */
964 {
965 LPCSTR szValueName;
968 DWORD dwLen;
975 {
977 {
980 {
983 {
989 {
993 }
994 }
996 }
997 }
998 }
999 }
1001 /******************************************************************************
1002 * map_key_spec_to_permissions_name [Internal]
1003 *
1004 * Returns the name of the registry value associated with the permissions for
1005 * a key spec.
1006 *
1007 * PARAMS
1008 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
1009 *
1010 * RETURNS
1011 * Success: Name of registry value.
1012 * Failure: NULL
1013 */
1015 {
1016 LPCSTR szValueName;
1019 {
1029 }
1031 }
1033 /******************************************************************************
1034 * store_key_permissions [Internal]
1035 *
1036 * Stores a key's permissions to the registry
1037 *
1038 * PARAMS
1039 * hCryptKey [I] Handle to the key whose permissions are to be stored
1040 * hKey [I] Registry key where the key permissions are to be stored
1041 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
1042 */
1044 {
1045 LPCSTR szValueName;
1055 }
1057 /******************************************************************************
1058 * create_container_key [Internal]
1059 *
1060 * Creates the registry key for a key container's persistent storage.
1061 *
1062 * PARAMS
1063 * pKeyContainer [I] Pointer to the key container
1064 * sam [I] Desired registry access
1065 * phKey [O] Returned key
1066 */
1068 {
1070 HKEY hRootKey;
1076 else
1079 /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
1080 /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
1084 }
1086 /******************************************************************************
1087 * open_container_key [Internal]
1088 *
1089 * Opens a key container's persistent storage for reading.
1090 *
1091 * PARAMS
1092 * pszContainerName [I] Name of the container to be opened. May be the empty
1093 * string if the parent key of all containers is to be
1094 * opened.
1095 * dwFlags [I] Flags indicating which keyset to be opened.
1096 * phKey [O] Returned key
1097 */
1099 {
1101 HKEY hRootKey;
1107 else
1110 /* @@ Wine registry key: HKLM\Software\Wine\Crypto\RSA */
1111 /* @@ Wine registry key: HKCU\Software\Wine\Crypto\RSA */
1113 ERROR_SUCCESS;
1114 }
1116 /******************************************************************************
1117 * delete_container_key [Internal]
1118 *
1119 * Deletes a key container's persistent storage.
1120 *
1121 * PARAMS
1122 * pszContainerName [I] Name of the container to be opened.
1123 * dwFlags [I] Flags indicating which keyset to be opened.
1124 */
1126 {
1133 HKEY hRootKey;
1136 else
1144 }
1145 }
1146 }
1148 /******************************************************************************
1149 * store_key_container_keys [Internal]
1150 *
1151 * Stores key container's keys in a persistent location.
1152 *
1153 * PARAMS
1154 * pKeyContainer [I] Pointer to the key container whose keys are to be saved
1155 */
1157 {
1158 HKEY hKey;
1159 DWORD dwFlags;
1161 /* On WinXP, persistent keys are stored in a file located at:
1162 * $AppData$\\Microsoft\\Crypto\\RSA\\$SID$\\some_hex_string
1163 */
1167 else
1171 {
1177 }
1178 }
1180 /******************************************************************************
1181 * store_key_container_permissions [Internal]
1182 *
1183 * Stores key container's key permissions in a persistent location.
1184 *
1185 * PARAMS
1186 * pKeyContainer [I] Pointer to the key container whose key permissions are to
1187 * be saved
1188 */
1190 {
1191 HKEY hKey;
1194 {
1196 AT_KEYEXCHANGE);
1198 AT_SIGNATURE);
1200 }
1201 }
1203 /******************************************************************************
1204 * release_key_container_keys [Internal]
1205 *
1206 * Releases key container's keys.
1207 *
1208 * PARAMS
1209 * pKeyContainer [I] Pointer to the key container whose keys are to be released.
1210 */
1212 {
1214 RSAENH_MAGIC_KEY);
1216 RSAENH_MAGIC_KEY);
1217 }
1219 /******************************************************************************
1220 * destroy_key_container [Internal]
1221 *
1222 * Destructor for key containers.
1223 *
1224 * PARAMS
1225 * pObjectHdr [I] Pointer to the key container to be destroyed.
1226 */
1228 {
1232 {
1236 }
1237 else
1240 }
1242 /******************************************************************************
1243 * new_key_container [Internal]
1244 *
1245 * Create a new key container. The personality (RSA Base, Strong or Enhanced CP)
1246 * of the CSP is determined via the pVTable->pszProvName string.
1247 *
1248 * PARAMS
1249 * pszContainerName [I] Name of the key container.
1250 * pVTable [I] Callback functions and context info provided by the OS
1251 *
1252 * RETURNS
1253 * Success: Handle to the new key container.
1254 * Failure: INVALID_HANDLE_VALUE
1255 */
1256 static HCRYPTPROV new_key_container(PCCH pszContainerName, DWORD dwFlags, const VTableProvStruc *pVTable)
1257 {
1259 HCRYPTPROV hKeyContainer;
1264 {
1282 }
1283 }
1285 /* The new key container has to be inserted into the CSP immediately
1286 * after creation to be available for CPGetProvParam's PP_ENUMCONTAINERS. */
1288 HKEY hKey;
1292 }
1293 }
1296 }
1298 /******************************************************************************
1299 * read_key_value [Internal]
1300 *
1301 * Reads a key pair value from the registry
1302 *
1303 * PARAMS
1304 * hKeyContainer [I] Crypt provider to use to import the key
1305 * hKey [I] Registry key from which to read the key pair
1306 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
1307 * dwFlags [I] Flags for unprotecting the key
1308 * phCryptKey [O] Returned key
1309 */
1310 static BOOL read_key_value(HCRYPTPROV hKeyContainer, HKEY hKey, DWORD dwKeySpec, DWORD dwFlags, HCRYPTKEY *phCryptKey)
1311 {
1312 LPCSTR szValueName;
1321 ERROR_SUCCESS)
1322 {
1325 {
1327 ERROR_SUCCESS)
1328 {
1334 {
1338 }
1339 }
1341 }
1342 }
1344 {
1349 {
1351 {
1355 }
1356 }
1357 }
1359 }
1361 /******************************************************************************
1362 * read_key_container [Internal]
1363 *
1364 * Tries to read the persistent state of the key container (mainly the signature
1365 * and key exchange private keys) given by pszContainerName.
1366 *
1367 * PARAMS
1368 * pszContainerName [I] Name of the key container to read from the registry
1369 * pVTable [I] Pointer to context data provided by the operating system
1370 *
1371 * RETURNS
1372 * Success: Handle to the key container read from the registry
1373 * Failure: INVALID_HANDLE_VALUE
1374 */
1375 static HCRYPTPROV read_key_container(PCHAR pszContainerName, DWORD dwFlags, const VTableProvStruc *pVTable)
1376 {
1377 HKEY hKey;
1379 HCRYPTPROV hKeyContainer;
1380 HCRYPTKEY hCryptKey;
1383 {
1386 }
1390 {
1398 /* read_key_value calls import_key, which calls import_private_key,
1399 * which implicitly installs the key value into the appropriate key
1400 * container key. Thus the ref count is incremented twice, once for
1401 * the output key value, and once for the implicit install, and needs
1402 * to be decremented to balance the two.
1403 */
1410 }
1413 }
1415 /******************************************************************************
1416 * build_hash_signature [Internal]
1417 *
1418 * Builds a padded version of a hash to match the length of the RSA key modulus.
1419 *
1420 * PARAMS
1421 * pbSignature [O] The padded hash object is stored here.
1422 * dwLen [I] Length of the pbSignature buffer.
1423 * aiAlgid [I] Algorithm identifier of the hash to be padded.
1424 * abHashValue [I] The value of the hash object.
1425 * dwHashLen [I] Length of the hash value.
1426 * dwFlags [I] Selection of padding algorithm.
1427 *
1428 * RETURNS
1429 * Success: TRUE
1430 * Failure: FALSE (NTE_BAD_ALGID)
1431 */
1434 {
1435 /* These prefixes are meant to be concatenated with hash values of the
1436 * respective kind to form a PKCS #7 DigestInfo. */
1438 ALG_ID aiAlgid;
1439 DWORD dwLen;
1461 };
1466 }
1471 }
1473 /* Build the padded signature */
1478 }
1482 }
1491 }
1496 }
1500 }
1501 }
1504 }
1505 }
1508 }
1510 /******************************************************************************
1511 * tls1_p [Internal]
1512 *
1513 * This is an implementation of the 'P_hash' helper function for TLS1's PRF.
1514 * It is used exclusively by tls1_prf. For details see RFC 2246, chapter 5.
1515 * The pseudo random stream generated by this function is exclusive or'ed with
1516 * the data in pbBuffer.
1517 *
1518 * PARAMS
1519 * hHMAC [I] HMAC object, which will be used in pseudo random generation
1520 * pblobSeed [I] Seed value
1521 * pbBuffer [I/O] Pseudo random stream will be xor'ed to the provided data
1522 * dwBufferLen [I] Number of pseudo random bytes desired
1523 *
1524 * RETURNS
1525 * Success: TRUE
1526 * Failure: FALSE
1527 */
1528 static BOOL tls1_p(HCRYPTHASH hHMAC, CONST PCRYPT_DATA_BLOB pblobSeed, PBYTE pbBuffer, DWORD dwBufferLen)
1529 {
1537 }
1539 /* compute A_1 = HMAC(seed) */
1546 /* compute HMAC(A_i + seed) */
1552 /* pseudo random stream := CONCAT_{i=1..n} ( HMAC(A_i + seed) ) */
1556 i++;
1559 /* compute A_{i+1} = HMAC(A_i) */
1567 }
1569 /******************************************************************************
1570 * tls1_prf [Internal]
1571 *
1572 * TLS1 pseudo random function as specified in RFC 2246, chapter 5
1573 *
1574 * PARAMS
1575 * hProv [I] Key container used to compute the pseudo random stream
1576 * hSecret [I] Key that holds the (pre-)master secret
1577 * pblobLabel [I] Descriptive label
1578 * pblobSeed [I] Seed value
1579 * pbBuffer [O] Pseudo random numbers will be stored here
1580 * dwBufferLen [I] Number of pseudo random bytes desired
1581 *
1582 * RETURNS
1583 * Success: TRUE
1584 * Failure: FALSE
1585 */
1588 {
1593 DWORD dwHalfSecretLen;
1595 CRYPT_DATA_BLOB blobLabelSeed;
1597 TRACE("(hProv=%08lx, hSecret=%08lx, pblobLabel=%p, pblobSeed=%p, pbBuffer=%p, dwBufferLen=%d)\n",
1603 }
1607 /* concatenation of the label and the seed */
1610 /* zero out the buffer, since two random streams will be xor'ed into it. */
1613 /* build a 'fake' key, to hold the secret. CALG_SSL2_MASTER is used since it provides
1614 * the biggest range of valid key lengths. */
1618 /* Derive an HMAC_MD5 hash and call the helper function. */
1625 /* Reconfigure to HMAC_SHA hash and call helper function again. */
1632 exit:
1637 }
1639 /******************************************************************************
1640 * pad_data [Internal]
1641 *
1642 * Helper function for data padding according to PKCS1 #2
1643 *
1644 * PARAMS
1645 * abData [I] The data to be padded
1646 * dwDataLen [I] Length of the data
1647 * abBuffer [O] Padded data will be stored here
1648 * dwBufferLen [I] Length of the buffer (also length of padded data)
1649 * dwFlags [I] Padding format (CRYPT_SSL2_FALLBACK)
1650 *
1651 * RETURN
1652 * Success: TRUE
1653 * Failure: FALSE (NTE_BAD_LEN, too much data to pad)
1654 */
1656 DWORD dwFlags)
1657 {
1658 DWORD i;
1660 /* Ensure there is enough space for PKCS1 #2 padding */
1664 }
1678 }
1680 /******************************************************************************
1681 * unpad_data [Internal]
1682 *
1683 * Remove the PKCS1 padding from RSA decrypted data
1684 *
1685 * PARAMS
1686 * abData [I] The padded data
1687 * dwDataLen [I] Length of the padded data
1688 * abBuffer [O] Data without padding will be stored here
1689 * dwBufferLen [I/O] I: Length of the buffer, O: Length of unpadded data
1690 * dwFlags [I] Currently none defined
1691 *
1692 * RETURNS
1693 * Success: TRUE
1694 * Failure: FALSE, (NTE_BAD_DATA, no valid PKCS1 padding or buffer too small)
1695 */
1696 static BOOL unpad_data(CONST BYTE *abData, DWORD dwDataLen, BYTE *abBuffer, DWORD *dwBufferLen,
1697 DWORD dwFlags)
1698 {
1699 DWORD i;
1702 {
1705 }
1712 {
1715 }
1720 }
1722 /******************************************************************************
1723 * CPAcquireContext (RSAENH.@)
1724 *
1725 * Acquire a handle to the key container specified by pszContainer
1726 *
1727 * PARAMS
1728 * phProv [O] Pointer to the location the acquired handle will be written to.
1729 * pszContainer [I] Name of the desired key container. See Notes
1730 * dwFlags [I] Flags. See Notes.
1731 * pVTable [I] Pointer to a PVTableProvStruct containing callbacks.
1732 *
1733 * RETURNS
1734 * Success: TRUE
1735 * Failure: FALSE
1736 *
1737 * NOTES
1738 * If pszContainer is NULL or points to a zero length string the user's login
1739 * name will be used as the key container name.
1740 *
1741 * If the CRYPT_NEW_KEYSET flag is set in dwFlags a new keyset will be created.
1742 * If a keyset with the given name already exists, the function fails and sets
1743 * last error to NTE_EXISTS. If CRYPT_NEW_KEYSET is not set and the specified
1744 * key container does not exist, function fails and sets last error to
1745 * NTE_BAD_KEYSET.
1746 */
1749 {
1756 {
1758 }
1759 else
1760 {
1763 }
1766 {
1777 {
1782 }
1792 }
1800 }
1807 }
1808 }
1810 /******************************************************************************
1811 * CPCreateHash (RSAENH.@)
1812 *
1813 * CPCreateHash creates and initializes a new hash object.
1814 *
1815 * PARAMS
1816 * hProv [I] Handle to the key container to which the new hash will belong.
1817 * Algid [I] Identifies the hash algorithm, which will be used for the hash.
1818 * hKey [I] Handle to a session key applied for keyed hashes.
1819 * dwFlags [I] Currently no flags defined. Must be zero.
1820 * phHash [O] Points to the location where a handle to the new hash will be stored.
1821 *
1822 * RETURNS
1823 * Success: TRUE
1824 * Failure: FALSE
1825 *
1826 * NOTES
1827 * hKey is a handle to a session key applied in keyed hashes like MAC and HMAC.
1828 * If a normal hash object is to be created (like e.g. MD2 or SHA1) hKey must be zero.
1829 */
1832 {
1844 {
1847 }
1851 {
1855 }
1860 }
1864 {
1867 }
1871 {
1874 }
1879 }
1880 }
1910 /* See RFC 2246, chapter 8.1 */
1914 {
1916 }
1921 }
1923 /* See RFC 2246, chapter 6.3 */
1927 {
1929 }
1931 RSAENH_MAX_HASH_SIZE);
1933 }
1936 }
1938 /******************************************************************************
1939 * CPDestroyHash (RSAENH.@)
1940 *
1941 * Releases the handle to a hash object. The object is destroyed if its reference
1942 * count reaches zero.
1943 *
1944 * PARAMS
1945 * hProv [I] Handle to the key container to which the hash object belongs.
1946 * hHash [I] Handle to the hash object to be released.
1947 *
1948 * RETURNS
1949 * Success: TRUE
1950 * Failure: FALSE
1951 */
1953 {
1957 {
1960 }
1963 {
1966 }
1969 }
1971 /******************************************************************************
1972 * CPDestroyKey (RSAENH.@)
1973 *
1974 * Releases the handle to a key object. The object is destroyed if its reference
1975 * count reaches zero.
1976 *
1977 * PARAMS
1978 * hProv [I] Handle to the key container to which the key object belongs.
1979 * hKey [I] Handle to the key object to be released.
1980 *
1981 * RETURNS
1982 * Success: TRUE
1983 * Failure: FALSE
1984 */
1986 {
1990 {
1993 }
1996 {
1999 }
2002 }
2004 /******************************************************************************
2005 * CPDuplicateHash (RSAENH.@)
2006 *
2007 * Clones a hash object including its current state.
2008 *
2009 * PARAMS
2010 * hUID [I] Handle to the key container the hash belongs to.
2011 * hHash [I] Handle to the hash object to be cloned.
2012 * pdwReserved [I] Reserved. Must be NULL.
2013 * dwFlags [I] No flags are currently defined. Must be 0.
2014 * phHash [O] Handle to the cloned hash object.
2015 *
2016 * RETURNS
2017 * Success: TRUE.
2018 * Failure: FALSE.
2019 */
2022 {
2029 {
2032 }
2035 {
2038 }
2041 {
2044 }
2049 {
2055 }
2058 }
2060 /******************************************************************************
2061 * CPDuplicateKey (RSAENH.@)
2062 *
2063 * Clones a key object including its current state.
2064 *
2065 * PARAMS
2066 * hUID [I] Handle to the key container the hash belongs to.
2067 * hKey [I] Handle to the key object to be cloned.
2068 * pdwReserved [I] Reserved. Must be NULL.
2069 * dwFlags [I] No flags are currently defined. Must be 0.
2070 * phHash [O] Handle to the cloned key object.
2071 *
2072 * RETURNS
2073 * Success: TRUE.
2074 * Failure: FALSE.
2075 */
2078 {
2085 {
2088 }
2091 {
2094 }
2097 {
2100 }
2105 {
2113 }
2114 else
2115 {
2117 }
2118 }
2120 /******************************************************************************
2121 * CPEncrypt (RSAENH.@)
2122 *
2123 * Encrypt data.
2124 *
2125 * PARAMS
2126 * hProv [I] The key container hKey and hHash belong to.
2127 * hKey [I] The key used to encrypt the data.
2128 * hHash [I] An optional hash object for parallel hashing. See notes.
2129 * Final [I] Indicates if this is the last block of data to encrypt.
2130 * dwFlags [I] Currently no flags defined. Must be zero.
2131 * pbData [I/O] Pointer to the data to encrypt. Encrypted data will also be stored there.
2132 * pdwDataLen [I/O] I: Length of data to encrypt, O: Length of encrypted data.
2133 * dwBufLen [I] Size of the buffer at pbData.
2134 *
2135 * RETURNS
2136 * Success: TRUE.
2137 * Failure: FALSE.
2138 *
2139 * NOTES
2140 * If a hash object handle is provided in hHash, it will be updated with the plaintext.
2141 * This is useful for message signatures.
2142 *
2143 * This function uses the standard WINAPI protocol for querying data of dynamic length.
2144 */
2147 {
2154 dwBufLen);
2157 {
2160 }
2163 {
2166 }
2169 {
2172 }
2178 {
2181 }
2185 }
2191 }
2198 }
2203 }
2205 /* Pad final block with length bytes */
2213 RSAENH_ENCRYPT);
2219 RSAENH_ENCRYPT);
2231 }
2237 }
2239 }
2244 }
2250 }
2254 }
2258 }
2260 encrypt_block_impl(pCryptKey->aiAlgid, PK_PUBLIC, &pCryptKey->context, pbData, pbData, RSAENH_ENCRYPT);
2266 }
2271 }
2273 /******************************************************************************
2274 * CPDecrypt (RSAENH.@)
2275 *
2276 * Decrypt data.
2277 *
2278 * PARAMS
2279 * hProv [I] The key container hKey and hHash belong to.
2280 * hKey [I] The key used to decrypt the data.
2281 * hHash [I] An optional hash object for parallel hashing. See notes.
2282 * Final [I] Indicates if this is the last block of data to decrypt.
2283 * dwFlags [I] Currently no flags defined. Must be zero.
2284 * pbData [I/O] Pointer to the data to decrypt. Plaintext will also be stored there.
2285 * pdwDataLen [I/O] I: Length of ciphertext, O: Length of plaintext.
2286 *
2287 * RETURNS
2288 * Success: TRUE.
2289 * Failure: FALSE.
2290 *
2291 * NOTES
2292 * If a hash object handle is provided in hHash, it will be updated with the plaintext.
2293 * This is useful for message signatures.
2294 *
2295 * This function uses the standard WINAPI protocol for querying data of dynamic length.
2296 */
2299 {
2303 DWORD dwMax;
2309 {
2312 }
2315 {
2318 }
2321 {
2324 }
2330 {
2333 }
2342 RSAENH_DECRYPT);
2347 RSAENH_DECRYPT);
2360 }
2366 }
2368 }
2375 /* check that every bad byte has the same value */
2384 }
2385 }
2389 }
2390 }
2398 }
2399 encrypt_block_impl(pCryptKey->aiAlgid, PK_PRIVATE, &pCryptKey->context, pbData, pbData, RSAENH_DECRYPT);
2405 }
2412 }
2415 }
2419 {
2422 DWORD dwDataLen;
2427 }
2435 }
2446 {
2448 }
2452 }
2455 }
2459 {
2462 DWORD dwDataLen;
2467 }
2475 }
2487 }
2490 }
2494 {
2497 DWORD dwDataLen;
2502 }
2504 {
2507 }
2516 }
2528 }
2531 }
2535 {
2539 DWORD dwDataLen;
2547 }
2556 }
2559 }
2560 /******************************************************************************
2561 * crypt_export_key [Internal]
2562 *
2563 * Export a key into a binary large object (BLOB). Called by CPExportKey and
2564 * by store_key_pair.
2565 *
2566 * PARAMS
2567 * pCryptKey [I] Key to be exported.
2568 * hPubKey [I] Key used to encrypt sensitive BLOB data.
2569 * dwBlobType [I] SIMPLEBLOB, PUBLICKEYBLOB or PRIVATEKEYBLOB.
2570 * dwFlags [I] Currently none defined.
2571 * force [I] If TRUE, the key is written no matter what the key's
2572 * permissions are. Otherwise the key's permissions are
2573 * checked before exporting.
2574 * pbData [O] Pointer to a buffer where the BLOB will be written to.
2575 * pdwDataLen [I/O] I: Size of buffer at pbData, O: Size of BLOB
2576 *
2577 * RETURNS
2578 * Success: TRUE.
2579 * Failure: FALSE.
2580 */
2584 {
2591 }
2592 }
2595 {
2600 }
2602 pdwDataLen);
2608 }
2621 }
2622 }
2624 /******************************************************************************
2625 * CPExportKey (RSAENH.@)
2626 *
2627 * Export a key into a binary large object (BLOB).
2628 *
2629 * PARAMS
2630 * hProv [I] Key container from which a key is to be exported.
2631 * hKey [I] Key to be exported.
2632 * hPubKey [I] Key used to encrypt sensitive BLOB data.
2633 * dwBlobType [I] SIMPLEBLOB, PUBLICKEYBLOB or PRIVATEKEYBLOB.
2634 * dwFlags [I] Currently none defined.
2635 * pbData [O] Pointer to a buffer where the BLOB will be written to.
2636 * pdwDataLen [I/O] I: Size of buffer at pbData, O: Size of BLOB
2637 *
2638 * RETURNS
2639 * Success: TRUE.
2640 * Failure: FALSE.
2641 */
2644 {
2651 {
2654 }
2657 {
2660 }
2664 }
2666 /******************************************************************************
2667 * release_and_install_key [Internal]
2668 *
2669 * Release an existing key, if present, and replaces it with a new one.
2670 *
2671 * PARAMS
2672 * hProv [I] Key container into which the key is to be imported.
2673 * src [I] Key which will replace *dest
2674 * dest [I] Points to key to be released and replaced with src
2675 * fStoreKey [I] If TRUE, the newly installed key is stored to the registry.
2676 */
2679 {
2683 {
2688 {
2691 }
2692 }
2693 }
2695 /******************************************************************************
2696 * import_private_key [Internal]
2697 *
2698 * Import a BLOB'ed private key into a key container.
2699 *
2700 * PARAMS
2701 * hProv [I] Key container into which the private key is to be imported.
2702 * pbData [I] Pointer to a buffer which holds the private key BLOB.
2703 * dwDataLen [I] Length of data in buffer at pbData.
2704 * dwFlags [I] One of:
2705 * CRYPT_EXPORTABLE: the imported key is marked exportable
2706 * fStoreKey [I] If TRUE, the imported key is stored to the registry.
2707 * phKey [O] Handle to the imported key.
2708 *
2709 *
2710 * NOTES
2711 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2712 * it's a PRIVATEKEYBLOB.
2713 *
2714 * RETURNS
2715 * Success: TRUE.
2716 * Failure: FALSE.
2717 */
2720 {
2725 BOOL ret;
2728 {
2732 }
2735 {
2738 }
2741 {
2743 dwDataLen);
2746 }
2748 {
2752 }
2755 {
2763 }
2774 {
2779 fStoreKey);
2785 fStoreKey);
2787 }
2788 }
2790 }
2792 /******************************************************************************
2793 * import_public_key [Internal]
2794 *
2795 * Import a BLOB'ed public key into a key container.
2796 *
2797 * PARAMS
2798 * hProv [I] Key container into which the public key is to be imported.
2799 * pbData [I] Pointer to a buffer which holds the public key BLOB.
2800 * dwDataLen [I] Length of data in buffer at pbData.
2801 * dwFlags [I] One of:
2802 * CRYPT_EXPORTABLE: the imported key is marked exportable
2803 * fStoreKey [I] If TRUE, the imported key is stored to the registry.
2804 * phKey [O] Handle to the imported key.
2805 *
2806 *
2807 * NOTES
2808 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2809 * it's a PUBLICKEYBLOB.
2810 *
2811 * RETURNS
2812 * Success: TRUE.
2813 * Failure: FALSE.
2814 */
2817 {
2822 ALG_ID algID;
2823 BOOL ret;
2826 {
2830 }
2833 {
2836 }
2841 {
2844 }
2846 /* Since this is a public key blob, only the public key is
2847 * available, so only signature verification is possible.
2848 */
2859 {
2864 fStoreKey);
2866 }
2867 }
2869 }
2871 /******************************************************************************
2872 * import_symmetric_key [Internal]
2873 *
2874 * Import a BLOB'ed symmetric key into a key container.
2875 *
2876 * PARAMS
2877 * hProv [I] Key container into which the symmetric key is to be imported.
2878 * pbData [I] Pointer to a buffer which holds the symmetric key BLOB.
2879 * dwDataLen [I] Length of data in buffer at pbData.
2880 * hPubKey [I] Key used to decrypt sensitive BLOB data.
2881 * dwFlags [I] One of:
2882 * CRYPT_EXPORTABLE: the imported key is marked exportable
2883 * phKey [O] Handle to the imported key.
2884 *
2885 *
2886 * NOTES
2887 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2888 * it's a SIMPLEBLOB.
2889 *
2890 * RETURNS
2891 * Success: TRUE.
2892 * Failure: FALSE.
2893 */
2897 {
2903 DWORD dwKeyLen;
2906 {
2910 }
2913 {
2916 }
2919 {
2922 }
2927 RSAENH_DECRYPT);
2933 }
2937 {
2940 }
2947 }
2949 /******************************************************************************
2950 * import_plaintext_key [Internal]
2951 *
2952 * Import a plaintext key into a key container.
2953 *
2954 * PARAMS
2955 * hProv [I] Key container into which the symmetric key is to be imported.
2956 * pbData [I] Pointer to a buffer which holds the plaintext key BLOB.
2957 * dwDataLen [I] Length of data in buffer at pbData.
2958 * dwFlags [I] One of:
2959 * CRYPT_EXPORTABLE: the imported key is marked exportable
2960 * phKey [O] Handle to the imported key.
2961 *
2962 *
2963 * NOTES
2964 * Assumes the caller has already checked the BLOBHEADER at pbData to ensure
2965 * it's a PLAINTEXTKEYBLOB.
2966 *
2967 * RETURNS
2968 * Success: TRUE.
2969 * Failure: FALSE.
2970 */
2974 {
2981 {
2984 }
2987 {
2992 {
2995 }
2996 else
2997 {
3000 /* In order to initialize an HMAC key, the key material is hashed,
3001 * and the output of the hash function is used as the key material.
3002 * Unfortunately, the way the Crypto API is designed, we don't know
3003 * the hash algorithm yet, so we have to copy the entire key
3004 * material.
3005 */
3007 {
3011 }
3012 }
3016 }
3017 else
3018 {
3026 }
3028 }
3030 /******************************************************************************
3031 * import_key [Internal]
3032 *
3033 * Import a BLOB'ed key into a key container, optionally storing the key's
3034 * value to the registry.
3035 *
3036 * PARAMS
3037 * hProv [I] Key container into which the key is to be imported.
3038 * pbData [I] Pointer to a buffer which holds the BLOB.
3039 * dwDataLen [I] Length of data in buffer at pbData.
3040 * hPubKey [I] Key used to decrypt sensitive BLOB data.
3041 * dwFlags [I] One of:
3042 * CRYPT_EXPORTABLE: the imported key is marked exportable
3043 * fStoreKey [I] If TRUE, the imported key is stored to the registry.
3044 * phKey [O] Handle to the imported key.
3045 *
3046 * RETURNS
3047 * Success: TRUE.
3048 * Failure: FALSE.
3049 */
3053 {
3059 {
3062 }
3067 {
3072 }
3074 /* If this is a verify-only context, the key is not persisted regardless of
3075 * fStoreKey's original value.
3076 */
3080 {
3095 phKey);
3100 }
3101 }
3103 /******************************************************************************
3104 * CPImportKey (RSAENH.@)
3105 *
3106 * Import a BLOB'ed key into a key container.
3107 *
3108 * PARAMS
3109 * hProv [I] Key container into which the key is to be imported.
3110 * pbData [I] Pointer to a buffer which holds the BLOB.
3111 * dwDataLen [I] Length of data in buffer at pbData.
3112 * hPubKey [I] Key used to decrypt sensitive BLOB data.
3113 * dwFlags [I] One of:
3114 * CRYPT_EXPORTABLE: the imported key is marked exportable
3115 * phKey [O] Handle to the imported key.
3116 *
3117 * RETURNS
3118 * Success: TRUE.
3119 * Failure: FALSE.
3120 */
3123 {
3128 }
3130 /******************************************************************************
3131 * CPGenKey (RSAENH.@)
3132 *
3133 * Generate a key in the key container
3134 *
3135 * PARAMS
3136 * hProv [I] Key container for which a key is to be generated.
3137 * Algid [I] Crypto algorithm identifier for the key to be generated.
3138 * dwFlags [I] Upper 16 bits: Binary length of key. Lower 16 bits: Flags. See Notes
3139 * phKey [O] Handle to the generated key.
3140 *
3141 * RETURNS
3142 * Success: TRUE.
3143 * Failure: FALSE.
3144 *
3145 * FIXME
3146 * Flags currently not considered.
3147 *
3148 * NOTES
3149 * Private key-exchange- and signature-keys can be generated with Algid AT_KEYEXCHANGE
3150 * and AT_SIGNATURE values.
3151 */
3153 {
3161 {
3162 /* MSDN: hProv not containing valid context handle */
3165 }
3168 {
3177 FALSE);
3178 }
3189 FALSE);
3190 }
3219 }
3221 }
3225 /* MSDN: Algorithm not supported specified by Algid */
3228 }
3231 }
3233 /******************************************************************************
3234 * CPGenRandom (RSAENH.@)
3235 *
3236 * Generate a random byte stream.
3237 *
3238 * PARAMS
3239 * hProv [I] Key container that is used to generate random bytes.
3240 * dwLen [I] Specifies the number of requested random data bytes.
3241 * pbBuffer [O] Random bytes will be stored here.
3242 *
3243 * RETURNS
3244 * Success: TRUE
3245 * Failure: FALSE
3246 */
3248 {
3252 {
3253 /* MSDN: hProv not containing valid context handle */
3256 }
3259 }
3261 /******************************************************************************
3262 * CPGetHashParam (RSAENH.@)
3263 *
3264 * Query parameters of an hash object.
3265 *
3266 * PARAMS
3267 * hProv [I] The kea container, which the hash belongs to.
3268 * hHash [I] The hash object that is to be queried.
3269 * dwParam [I] Specifies the parameter that is to be queried.
3270 * pbData [I] Pointer to the buffer where the parameter value will be stored.
3271 * pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3272 * dwFlags [I] None currently defined.
3273 *
3274 * RETURNS
3275 * Success: TRUE
3276 * Failure: FALSE
3277 *
3278 * NOTES
3279 * Valid dwParams are: HP_ALGID, HP_HASHSIZE, HP_HASHVALUE. The hash will be
3280 * finalized if HP_HASHVALUE is queried.
3281 */
3282 BOOL WINAPI RSAENH_CPGetHashParam(HCRYPTPROV hProv, HCRYPTHASH hHash, DWORD dwParam, BYTE *pbData,
3284 {
3291 {
3294 }
3297 {
3300 }
3304 {
3307 }
3310 {
3313 }
3316 {
3329 }
3334 }
3337 {
3340 }
3348 }
3349 }
3351 /******************************************************************************
3352 * CPSetKeyParam (RSAENH.@)
3353 *
3354 * Set a parameter of a key object
3355 *
3356 * PARAMS
3357 * hProv [I] The key container to which the key belongs.
3358 * hKey [I] The key for which a parameter is to be set.
3359 * dwParam [I] Parameter type. See Notes.
3360 * pbData [I] Pointer to the parameter value.
3361 * dwFlags [I] Currently none defined.
3362 *
3363 * RETURNS
3364 * Success: TRUE.
3365 * Failure: FALSE.
3366 *
3367 * NOTES:
3368 * Defined dwParam types are:
3369 * - KP_MODE: Values MODE_CBC, MODE_ECB, MODE_CFB.
3370 * - KP_MODE_BITS: Shift width for cipher feedback mode. (Currently ignored by MS CSP's)
3371 * - KP_PERMISSIONS: Or'ed combination of CRYPT_ENCRYPT, CRYPT_DECRYPT,
3372 * CRYPT_EXPORT, CRYPT_READ, CRYPT_WRITE, CRYPT_MAC
3373 * - KP_IV: Initialization vector
3374 */
3375 BOOL WINAPI RSAENH_CPSetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam, BYTE *pbData,
3376 DWORD dwFlags)
3377 {
3384 {
3387 }
3392 }
3395 {
3398 }
3402 /* The MS providers only support PKCS5_PADDING */
3406 }
3418 {
3423 {
3426 }
3429 {
3430 /* Clearing the export permission appears to be ignored,
3431 * see tests.
3432 */
3434 }
3437 }
3449 {
3452 }
3453 /* MSDN: the base provider always sets eleven bytes of
3454 * salt value.
3455 */
3460 /* Strange but true: salt length reset to 0 after setting
3461 * it via KP_SALT.
3462 */
3468 }
3472 {
3475 /* salt length can't be greater than 184 bits = 24 bytes */
3477 {
3480 }
3486 }
3492 {
3495 }
3497 {
3500 }
3501 else
3502 {
3505 }
3510 }
3526 }
3538 }
3539 }
3541 /******************************************************************************
3542 * CPGetKeyParam (RSAENH.@)
3543 *
3544 * Query a key parameter.
3545 *
3546 * PARAMS
3547 * hProv [I] The key container, which the key belongs to.
3548 * hHash [I] The key object that is to be queried.
3549 * dwParam [I] Specifies the parameter that is to be queried.
3550 * pbData [I] Pointer to the buffer where the parameter value will be stored.
3551 * pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3552 * dwFlags [I] None currently defined.
3553 *
3554 * RETURNS
3555 * Success: TRUE
3556 * Failure: FALSE
3557 *
3558 * NOTES
3559 * Defined dwParam types are:
3560 * - KP_MODE: Values MODE_CBC, MODE_ECB, MODE_CFB.
3561 * - KP_MODE_BITS: Shift width for cipher feedback mode.
3562 * (Currently ignored by MS CSP's - always eight)
3563 * - KP_PERMISSIONS: Or'ed combination of CRYPT_ENCRYPT, CRYPT_DECRYPT,
3564 * CRYPT_EXPORT, CRYPT_READ, CRYPT_WRITE, CRYPT_MAC
3565 * - KP_IV: Initialization vector.
3566 * - KP_KEYLEN: Bitwidth of the key.
3567 * - KP_BLOCKLEN: Size of a block cipher block.
3568 * - KP_SALT: Salt value.
3569 */
3570 BOOL WINAPI RSAENH_CPGetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam, BYTE *pbData,
3572 {
3574 DWORD dwValue;
3580 {
3583 }
3588 }
3591 {
3594 }
3597 {
3612 }
3625 else
3650 }
3651 }
3653 /******************************************************************************
3654 * CPGetProvParam (RSAENH.@)
3655 *
3656 * Query a CSP parameter.
3657 *
3658 * PARAMS
3659 * hProv [I] The key container that is to be queried.
3660 * dwParam [I] Specifies the parameter that is to be queried.
3661 * pbData [I] Pointer to the buffer where the parameter value will be stored.
3662 * pdwDataLen [I/O] I: Buffer length at pbData, O: Length of the parameter value.
3663 * dwFlags [I] CRYPT_FIRST: Start enumeration (for PP_ENUMALGS{_EX}).
3664 *
3665 * RETURNS
3666 * Success: TRUE
3667 * Failure: FALSE
3668 * NOTES:
3669 * Defined dwParam types:
3670 * - PP_CONTAINER: Name of the key container.
3671 * - PP_NAME: Name of the cryptographic service provider.
3672 * - PP_SIG_KEYSIZE_INC: RSA signature keywidth granularity in bits.
3673 * - PP_KEYX_KEYSIZE_INC: RSA key-exchange keywidth granularity in bits.
3674 * - PP_ENUMALGS{_EX}: Query provider capabilities.
3675 */
3678 {
3680 PROV_ENUMALGS provEnumalgs;
3681 DWORD dwTemp;
3682 HKEY hKey;
3684 /* This is for dwParam PP_CRYPT_COUNT_KEY_USE.
3685 * IE6 SP1 asks for it in the 'About' dialog.
3686 * Returning this BLOB seems to satisfy IE. The marked 0x00 seem
3687 * to be 'don't care's. If you know anything more specific about
3688 * this provider parameter, please report to wine-devel@winehq.org */
3702 };
3710 }
3714 {
3715 /* MSDN: hProv not containing valid context handle */
3718 }
3721 {
3766 }
3769 {
3772 }
3777 {
3791 }
3799 {
3802 }
3830 }
3836 /* MSDN: Unknown parameter number in dwParam */
3839 }
3840 }
3842 /******************************************************************************
3843 * CPDeriveKey (RSAENH.@)
3844 *
3845 * Derives a key from a hash value.
3846 *
3847 * PARAMS
3848 * hProv [I] Key container for which a key is to be generated.
3849 * Algid [I] Crypto algorithm identifier for the key to be generated.
3850 * hBaseData [I] Hash from whose value the key will be derived.
3851 * dwFlags [I] See Notes.
3852 * phKey [O] The generated key.
3853 *
3854 * RETURNS
3855 * Success: TRUE
3856 * Failure: FALSE
3857 *
3858 * NOTES
3859 * Defined flags:
3860 * - CRYPT_EXPORTABLE: Key can be exported.
3861 * - CRYPT_NO_SALT: No salt is used for 40 bit keys.
3862 * - CRYPT_CREATE_SALT: Use remaining bits as salt value.
3863 */
3866 {
3870 DWORD dwLen;
3876 {
3879 }
3883 {
3886 }
3889 {
3892 }
3895 {
3900 /*
3901 * We derive the key material from the hash.
3902 * If the hash value is not large enough for the claimed key, we have to construct
3903 * a larger binary value based on the hash. This is documented in MSDN: CryptDeriveKey.
3904 */
3911 DWORD i;
3918 }
3932 }
3941 {
3944 }
3947 {
3948 /* See RFC 2246, chapter 6.3 Key calculation */
3952 {
3955 }
3988 }
3994 }
3998 }
4000 /******************************************************************************
4001 * CPGetUserKey (RSAENH.@)
4002 *
4003 * Returns a handle to the user's private key-exchange- or signature-key.
4004 *
4005 * PARAMS
4006 * hProv [I] The key container from which a user key is requested.
4007 * dwKeySpec [I] AT_KEYEXCHANGE or AT_SIGNATURE
4008 * phUserKey [O] Handle to the requested key or INVALID_HANDLE_VALUE in case of failure.
4009 *
4010 * RETURNS
4011 * Success: TRUE.
4012 * Failure: FALSE.
4013 *
4014 * NOTE
4015 * A newly created key container does not contain private user key. Create them with CPGenKey.
4016 */
4018 {
4025 {
4026 /* MSDN: hProv not containing valid context handle */
4029 }
4032 {
4035 phUserKey);
4040 phUserKey);
4045 }
4048 {
4049 /* MSDN: dwKeySpec parameter specifies nonexistent key */
4052 }
4055 }
4057 /******************************************************************************
4058 * CPHashData (RSAENH.@)
4059 *
4060 * Updates a hash object with the given data.
4061 *
4062 * PARAMS
4063 * hProv [I] Key container to which the hash object belongs.
4064 * hHash [I] Hash object which is to be updated.
4065 * pbData [I] Pointer to data with which the hash object is to be updated.
4066 * dwDataLen [I] Length of the data.
4067 * dwFlags [I] Currently none defined.
4068 *
4069 * RETURNS
4070 * Success: TRUE.
4071 * Failure: FALSE.
4072 *
4073 * NOTES
4074 * The actual hash value is queried with CPGetHashParam, which will finalize
4075 * the hash. Updating a finalized hash will fail with a last error NTE_BAD_HASH_STATE.
4076 */
4079 {
4086 {
4089 }
4093 {
4096 }
4099 {
4102 }
4105 {
4108 }
4112 }
4114 /******************************************************************************
4115 * CPHashSessionKey (RSAENH.@)
4116 *
4117 * Updates a hash object with the binary representation of a symmetric key.
4118 *
4119 * PARAMS
4120 * hProv [I] Key container to which the hash object belongs.
4121 * hHash [I] Hash object which is to be updated.
4122 * hKey [I] The symmetric key, whose binary value will be added to the hash.
4123 * dwFlags [I] CRYPT_LITTLE_ENDIAN, if the binary key value shall be interpreted as little endian.
4124 *
4125 * RETURNS
4126 * Success: TRUE.
4127 * Failure: FALSE.
4128 */
4130 DWORD dwFlags)
4131 {
4134 DWORD i;
4140 {
4143 }
4148 }
4156 }
4157 }
4160 }
4162 /******************************************************************************
4163 * CPReleaseContext (RSAENH.@)
4164 *
4165 * Release a key container.
4166 *
4167 * PARAMS
4168 * hProv [I] Key container to be released.
4169 * dwFlags [I] Currently none defined.
4170 *
4171 * RETURNS
4172 * Success: TRUE
4173 * Failure: FALSE
4174 */
4176 {
4180 {
4181 /* MSDN: hProv not containing valid context handle */
4184 }
4189 }
4192 }
4194 /******************************************************************************
4195 * CPSetHashParam (RSAENH.@)
4196 *
4197 * Set a parameter of a hash object
4198 *
4199 * PARAMS
4200 * hProv [I] The key container to which the key belongs.
4201 * hHash [I] The hash object for which a parameter is to be set.
4202 * dwParam [I] Parameter type. See Notes.
4203 * pbData [I] Pointer to the parameter value.
4204 * dwFlags [I] Currently none defined.
4205 *
4206 * RETURNS
4207 * Success: TRUE.
4208 * Failure: FALSE.
4209 *
4210 * NOTES
4211 * Currently only the HP_HMAC_INFO dwParam type is defined.
4212 * The HMAC_INFO struct will be deep copied into the hash object.
4213 * See Internet RFC 2104 for details on the HMAC algorithm.
4214 */
4217 {
4220 DWORD i;
4226 {
4229 }
4234 }
4238 {
4241 }
4250 {
4253 }
4256 HCRYPTHASH hKeyHash;
4257 DWORD keyLen;
4264 {
4267 }
4271 {
4274 }
4277 }
4280 }
4283 }
4302 }
4303 }
4305 /******************************************************************************
4306 * CPSetProvParam (RSAENH.@)
4307 */
4308 BOOL WINAPI RSAENH_CPSetProvParam(HCRYPTPROV hProv, DWORD dwParam, BYTE *pbData, DWORD dwFlags)
4309 {
4312 }
4314 /******************************************************************************
4315 * CPSignHash (RSAENH.@)
4316 *
4317 * Sign a hash object
4318 *
4319 * PARAMS
4320 * hProv [I] The key container, to which the hash object belongs.
4321 * hHash [I] The hash object to be signed.
4322 * dwKeySpec [I] AT_SIGNATURE or AT_KEYEXCHANGE: Key used to generate the signature.
4323 * sDescription [I] Should be NULL for security reasons.
4324 * dwFlags [I] 0, CRYPT_NOHASHOID or CRYPT_X931_FORMAT: Format of the signature.
4325 * pbSignature [O] Buffer, to which the signature will be stored. May be NULL to query SigLen.
4326 * pdwSigLen [I/O] Size of the buffer (in), Length of the signature (out)
4327 *
4328 * RETURNS
4329 * Success: TRUE
4330 * Failure: FALSE
4331 */
4335 {
4338 DWORD dwHashLen;
4340 ALG_ID aiAlgid;
4350 }
4356 {
4359 }
4365 }
4367 {
4371 }
4377 {
4379 }
4380 }
4389 if (!build_hash_signature(pbSignature, *pdwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags)) {
4391 }
4393 ret = encrypt_block_impl(pCryptKey->aiAlgid, PK_PRIVATE, &pCryptKey->context, pbSignature, pbSignature, RSAENH_ENCRYPT);
4394 out:
4397 }
4399 /******************************************************************************
4400 * CPVerifySignature (RSAENH.@)
4401 *
4402 * Verify the signature of a hash object.
4403 *
4404 * PARAMS
4405 * hProv [I] The key container, to which the hash belongs.
4406 * hHash [I] The hash for which the signature is verified.
4407 * pbSignature [I] The binary signature.
4408 * dwSigLen [I] Length of the signature BLOB.
4409 * hPubKey [I] Public key used to verify the signature.
4410 * sDescription [I] Should be NULL for security reasons.
4411 * dwFlags [I] 0, CRYPT_NOHASHOID or CRYPT_X931_FORMAT: Format of the signature.
4412 *
4413 * RETURNS
4414 * Success: TRUE (Signature is valid)
4415 * Failure: FALSE (GetLastError() == NTE_BAD_SIGNATURE, if signature is invalid)
4416 */
4417 BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST BYTE *pbSignature,
4419 DWORD dwFlags)
4420 {
4423 DWORD dwHashLen;
4424 ALG_ID aiAlgid;
4428 TRACE("(hProv=%08lx, hHash=%08lx, pbSignature=%p, dwSigLen=%d, hPubKey=%08lx, sDescription=%s, "
4430 dwFlags);
4435 }
4438 {
4441 }
4445 {
4448 }
4450 /* in Microsoft implementation, the signature length is checked before
4451 * the signature pointer.
4452 */
4454 {
4457 }
4460 {
4463 }
4468 {
4470 }
4471 }
4474 if (!RSAENH_CPGetHashParam(hProv, hHash, HP_ALGID, (BYTE*)&aiAlgid, &dwHashLen, 0)) return FALSE;
4477 if (!RSAENH_CPGetHashParam(hProv, hHash, HP_HASHVAL, abHashValue, &dwHashLen, 0)) return FALSE;
4483 }
4489 }
4491 if (!encrypt_block_impl(pCryptKey->aiAlgid, PK_PUBLIC, &pCryptKey->context, pbSignature, pbDecrypted,
4492 RSAENH_DECRYPT))
4493 {
4495 }
4501 }
4504 build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags|CRYPT_NOHASHOID) &&
4508 }
4512 cleanup:
4516 }
4518 /******************************************************************************
4519 * DllRegisterServer (RSAENH.@)
4520 */
4522 {
4524 }
4526 /******************************************************************************
4527 * DllUnregisterServer (RSAENH.@)
4528 */
4530 {
4532 }