search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
crypt32: Use 3DES to encrypt data.
[wine/gsoc_dplay.git] / dlls / crypt32 / protectdata.c
blobd5ec287c10cd87a02e291d68cf7fb0a7dcd89f8f
1 /*
2 * Copyright 2005 Kees Cook <kees@outflux.net>
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 */
18
19
20 /*
21 * The Win32 CryptProtectData and CryptUnprotectData functions are meant
22 * to provide a mechanism for encrypting data on a machine where other users
23 * of the system can't be trusted. It is used in many examples as a way
24 * to store username and password information to the registry, but store
25 * it not in the clear.
26 *
27 * The encryption is symmetric, but the method is unknown. However, since
28 * it is keyed to the machine and the user, it is unlikely that the values
29 * would be portable. Since programs must first call CryptProtectData to
30 * get a cipher text, the underlying system doesn't have to exactly
31 * match the real Windows version. However, attempts have been made to
32 * at least try to look like the Windows version, including guesses at the
33 * purpose of various portions of the "opaque data blob" that is used.
34 *
35 */
36
37 #include <stdarg.h>
38 #include <stdio.h>
39 #include <string.h>
40 #include <stdlib.h>
41
42 #include "windef.h"
43 #include "winbase.h"
44 #include "wincrypt.h"
45 #include "wine/debug.h"
46
47 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
48
49 #define CRYPT32_PROTECTDATA_PROV PROV_RSA_FULL
50 #define CRYPT32_PROTECTDATA_HASH_CALG CALG_SHA1
51 #define CRYPT32_PROTECTDATA_HASH_LEN 160
52 #define CRYPT32_PROTECTDATA_KEY_CALG CALG_3DES
53 #define CRYPT32_PROTECTDATA_KEY_LEN 168
54 #define CRYPT32_PROTECTDATA_SALT_LEN 16
55
56 static const BYTE crypt32_protectdata_secret[] = {
57 'I','\'','m',' ','h','u','n','t','i','n','g',' ',
58 'w','a','b','b','i','t','s',0
59 };
60
61 /*
62 * The data format returned by the real Windows CryptProtectData seems
63 * to be something like this:
64
65 DWORD count0; - how many "info0_*[16]" blocks follow (was always 1)
66 BYTE info0_0[16]; - unknown information - persistent across invocations,
67 ... reboots, password changes, and users
68 DWORD count1; - how many "info1_*[16]" blocks follow (was always 1)
69 BYTE info1_0[16]; - unknown information - unique to each user, but
70 ... persistent across reboots and password changes
71 DWORD null0; - NULL "end of records"?
72 DWORD str_len; - byte length of WCHAR string including term
73 BYTE str[str_len]; - The "dataDescription" value as a NULL-terminated
74 little-endian WCHAR string
75 ALG_ID cipher_alg; - cipher algo - was CALG_3DES
76 DWORD cipher_key_len; - cipher key bit length - was 0xa8==168
77 DWORD data_len; - length of data (was 16 in samples)
78 BYTE data[data_len]; - unknown data (fingerprint?)
79 DWORD null1; - NULL ?
80 ALG_ID hash_alg; - hash algo - was CALG_SHA1
81 DWORD hash_len; - bit length of hash - was 0xa0==160
82 DWORD salt_len; - length of salt(?) data
83 BYTE salt[salt_len]; - salt(?) for symmetric encryption
84 DWORD cipher_len; - length of cipher(?) data - was close to plain len
85 BYTE cipher[cipher_len]; - cipher text?
86 DWORD crc_len; - length of fingerprint(?) data - was 20 byte==160b SHA1
87 BYTE crc[crc_len]; - fingerprint of record?
88
89 * The data structures used in Wine are modelled after this guess.
90 */
91
92 struct protect_data_t
93 {
94 DWORD count0;
95 DATA_BLOB info0; /* using this to hold crypt_magic_str */
96 DWORD count1;
97 DATA_BLOB info1;
98 DWORD null0;
99 WCHAR * szDataDescr; /* serialized differently than the DATA_BLOBs */
100 ALG_ID cipher_alg;
101 DWORD cipher_key_len;
102 DATA_BLOB data0;
103 DWORD null1;
104 ALG_ID hash_alg;
105 DWORD hash_len;
106 DATA_BLOB salt;
107 DATA_BLOB cipher;
108 DATA_BLOB fingerprint;
109 };
110
111 /* this is used to check if an incoming structure was built by Wine */
112 static const char crypt_magic_str[] = "Wine Crypt32 ok";
113
114 /* debugging tool to print strings of hex chars */
115 static const char *
116 hex_str(const unsigned char *p, int n)
117 {
118 const char * ptr;
119 char report[80];
120 int r=-1;
121 report[0]='\0';
122 ptr = wine_dbg_sprintf("%s","");
123 while (--n >= 0)
124 {
125 if (r++ % 20 == 19)
126 {
127 ptr = wine_dbg_sprintf("%s%s",ptr,report);
128 report[0]='\0';
129 }
130 sprintf(report+strlen(report),"%s%02x", r ? "," : "", *p++);
131 }
132 return wine_dbg_sprintf("%s%s",ptr,report);
133 }
134
135 #define TRACE_DATA_BLOB(blob) do { \
136 TRACE("%s cbData: %u\n", #blob ,(unsigned int)((blob)->cbData)); \
137 TRACE("%s pbData @ %p:%s\n", #blob ,(blob)->pbData, \
138 hex_str((blob)->pbData, (blob)->cbData)); \
139 } while (0)
140
141 static
142 void serialize_dword(DWORD value,BYTE ** ptr)
143 {
144 /*TRACE("called\n");*/
145
146 memcpy(*ptr,&value,sizeof(DWORD));
147 *ptr+=sizeof(DWORD);
148 }
149
150 static
151 void serialize_string(const BYTE *str, BYTE **ptr, DWORD len, DWORD width,
152 BOOL prepend_len)
153 {
154 /*TRACE("called %ux%u\n",(unsigned int)len,(unsigned int)width);*/
155
156 if (prepend_len)
157 {
158 serialize_dword(len,ptr);
159 }
160 memcpy(*ptr,str,len*width);
161 *ptr+=len*width;
162 }
163
164 static
165 BOOL unserialize_dword(const BYTE *ptr, DWORD *index, DWORD size, DWORD *value)
166 {
167 /*TRACE("called\n");*/
168
169 if (!ptr || !index || !value) return FALSE;
170
171 if (*index+sizeof(DWORD)>size)
172 {
173 return FALSE;
174 }
175
176 memcpy(value,&(ptr[*index]),sizeof(DWORD));
177 *index+=sizeof(DWORD);
178
179 return TRUE;
180 }
181
182 static
183 BOOL unserialize_string(const BYTE *ptr, DWORD *index, DWORD size,
184 DWORD len, DWORD width, BOOL inline_len,
185 BYTE ** data, DWORD * stored)
186 {
187 /*TRACE("called\n");*/
188
189 if (!ptr || !data) return FALSE;
190
191 if (inline_len) {
192 if (!unserialize_dword(ptr,index,size,&len))
193 return FALSE;
194 }
195
196 if (*index+len*width>size)
197 {
198 return FALSE;
199 }
200
201 if (!(*data = CryptMemAlloc( len*width)))
202 {
203 return FALSE;
204 }
205
206 memcpy(*data,&(ptr[*index]),len*width);
207 if (stored)
208 {
209 *stored = len;
210 }
211 *index+=len*width;
212
213 return TRUE;
214 }
215
216 static
217 BOOL serialize(const struct protect_data_t *pInfo, DATA_BLOB *pSerial)
218 {
219 BYTE * ptr;
220 DWORD dwStrLen;
221 DWORD dwStruct;
222
223 TRACE("called\n");
224
225 if (!pInfo || !pInfo->szDataDescr || !pSerial ||
226 !pInfo->info0.pbData || !pInfo->info1.pbData ||
227 !pInfo->data0.pbData || !pInfo->salt.pbData ||
228 !pInfo->cipher.pbData || !pInfo->fingerprint.pbData)
229 {
230 return FALSE;
231 }
232
233 if (pInfo->info0.cbData!=16)
234 {
235 ERR("protect_data_t info0 not 16 bytes long\n");
236 }
237
238 if (pInfo->info1.cbData!=16)
239 {
240 ERR("protect_data_t info1 not 16 bytes long\n");
241 }
242
243 dwStrLen=lstrlenW(pInfo->szDataDescr);
244
245 pSerial->cbData=0;
246 pSerial->cbData+=sizeof(DWORD)*8; /* 8 raw DWORDs */
247 pSerial->cbData+=sizeof(DWORD)*4; /* 4 BLOBs with size */
248 pSerial->cbData+=pInfo->info0.cbData;
249 pSerial->cbData+=pInfo->info1.cbData;
250 pSerial->cbData+=(dwStrLen+1)*sizeof(WCHAR) + 4; /* str, null, size */
251 pSerial->cbData+=pInfo->data0.cbData;
252 pSerial->cbData+=pInfo->salt.cbData;
253 pSerial->cbData+=pInfo->cipher.cbData;
254 pSerial->cbData+=pInfo->fingerprint.cbData;
255
256 /* save the actual structure size */
257 dwStruct = pSerial->cbData;
258 /* There may be a 256 byte minimum, but I can't prove it. */
259 /*if (pSerial->cbData<256) pSerial->cbData=256;*/
260
261 pSerial->pbData=LocalAlloc(LPTR,pSerial->cbData);
262 if (!pSerial->pbData) return FALSE;
263
264 ptr=pSerial->pbData;
265
266 /* count0 */
267 serialize_dword(pInfo->count0,&ptr);
268 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
269
270 /* info0 */
271 serialize_string(pInfo->info0.pbData,&ptr,
272 pInfo->info0.cbData,sizeof(BYTE),FALSE);
273 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
274
275 /* count1 */
276 serialize_dword(pInfo->count1,&ptr);
277 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
278
279 /* info1 */
280 serialize_string(pInfo->info1.pbData,&ptr,
281 pInfo->info1.cbData,sizeof(BYTE),FALSE);
282 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
283
284 /* null0 */
285 serialize_dword(pInfo->null0,&ptr);
286 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
287
288 /* szDataDescr */
289 serialize_string((BYTE*)pInfo->szDataDescr,&ptr,
290 (dwStrLen+1)*sizeof(WCHAR),sizeof(BYTE),TRUE);
291 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
292
293 /* cipher_alg */
294 serialize_dword(pInfo->cipher_alg,&ptr);
295 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
296 /* cipher_key_len */
297 serialize_dword(pInfo->cipher_key_len,&ptr);
298 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
299
300 /* data0 */
301 serialize_string(pInfo->data0.pbData,&ptr,
302 pInfo->data0.cbData,sizeof(BYTE),TRUE);
303 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
304
305 /* null1 */
306 serialize_dword(pInfo->null1,&ptr);
307 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
308
309 /* hash_alg */
310 serialize_dword(pInfo->hash_alg,&ptr);
311 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
312 /* hash_len */
313 serialize_dword(pInfo->hash_len,&ptr);
314 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
315
316 /* salt */
317 serialize_string(pInfo->salt.pbData,&ptr,
318 pInfo->salt.cbData,sizeof(BYTE),TRUE);
319 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
320
321 /* cipher */
322 serialize_string(pInfo->cipher.pbData,&ptr,
323 pInfo->cipher.cbData,sizeof(BYTE),TRUE);
324 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
325
326 /* fingerprint */
327 serialize_string(pInfo->fingerprint.pbData,&ptr,
328 pInfo->fingerprint.cbData,sizeof(BYTE),TRUE);
329 /*TRACE("used %u\n",ptr-pSerial->pbData);*/
330
331 if (ptr - pSerial->pbData != dwStruct)
332 {
333 ERR("struct size changed!? %u != expected %u\n",
334 ptr - pSerial->pbData, (unsigned int)dwStruct);
335 LocalFree(pSerial->pbData);
336 pSerial->pbData=NULL;
337 pSerial->cbData=0;
338 return FALSE;
339 }
340
341 return TRUE;
342 }
343
344 static
345 BOOL unserialize(const DATA_BLOB *pSerial, struct protect_data_t *pInfo)
346 {
347 BYTE * ptr;
348 DWORD index;
349 DWORD size;
350 BOOL status=TRUE;
351
352 TRACE("called\n");
353
354 if (!pInfo || !pSerial || !pSerial->pbData)
355 return FALSE;
356
357 index=0;
358 ptr=pSerial->pbData;
359 size=pSerial->cbData;
360
361 /* count0 */
362 if (!unserialize_dword(ptr,&index,size,&pInfo->count0))
363 {
364 ERR("reading count0 failed!\n");
365 return FALSE;
366 }
367
368 /* info0 */
369 if (!unserialize_string(ptr,&index,size,16,sizeof(BYTE),FALSE,
370 &pInfo->info0.pbData, &pInfo->info0.cbData))
371 {
372 ERR("reading info0 failed!\n");
373 return FALSE;
374 }
375
376 /* count1 */
377 if (!unserialize_dword(ptr,&index,size,&pInfo->count1))
378 {
379 ERR("reading count1 failed!\n");
380 return FALSE;
381 }
382
383 /* info1 */
384 if (!unserialize_string(ptr,&index,size,16,sizeof(BYTE),FALSE,
385 &pInfo->info1.pbData, &pInfo->info1.cbData))
386 {
387 ERR("reading info1 failed!\n");
388 return FALSE;
389 }
390
391 /* null0 */
392 if (!unserialize_dword(ptr,&index,size,&pInfo->null0))
393 {
394 ERR("reading null0 failed!\n");
395 return FALSE;
396 }
397
398 /* szDataDescr */
399 if (!unserialize_string(ptr,&index,size,0,sizeof(BYTE),TRUE,
400 (BYTE**)&pInfo->szDataDescr, NULL))
401 {
402 ERR("reading szDataDescr failed!\n");
403 return FALSE;
404 }
405
406 /* cipher_alg */
407 if (!unserialize_dword(ptr,&index,size,&pInfo->cipher_alg))
408 {
409 ERR("reading cipher_alg failed!\n");
410 return FALSE;
411 }
412
413 /* cipher_key_len */
414 if (!unserialize_dword(ptr,&index,size,&pInfo->cipher_key_len))
415 {
416 ERR("reading cipher_key_len failed!\n");
417 return FALSE;
418 }
419
420 /* data0 */
421 if (!unserialize_string(ptr,&index,size,0,sizeof(BYTE),TRUE,
422 &pInfo->data0.pbData, &pInfo->data0.cbData))
423 {
424 ERR("reading data0 failed!\n");
425 return FALSE;
426 }
427
428 /* null1 */
429 if (!unserialize_dword(ptr,&index,size,&pInfo->null1))
430 {
431 ERR("reading null1 failed!\n");
432 return FALSE;
433 }
434
435 /* hash_alg */
436 if (!unserialize_dword(ptr,&index,size,&pInfo->hash_alg))
437 {
438 ERR("reading hash_alg failed!\n");
439 return FALSE;
440 }
441
442 /* hash_len */
443 if (!unserialize_dword(ptr,&index,size,&pInfo->hash_len))
444 {
445 ERR("reading hash_len failed!\n");
446 return FALSE;
447 }
448
449 /* salt */
450 if (!unserialize_string(ptr,&index,size,0,sizeof(BYTE),TRUE,
451 &pInfo->salt.pbData, &pInfo->salt.cbData))
452 {
453 ERR("reading salt failed!\n");
454 return FALSE;
455 }
456
457 /* cipher */
458 if (!unserialize_string(ptr,&index,size,0,sizeof(BYTE),TRUE,
459 &pInfo->cipher.pbData, &pInfo->cipher.cbData))
460 {
461 ERR("reading cipher failed!\n");
462 return FALSE;
463 }
464
465 /* fingerprint */
466 if (!unserialize_string(ptr,&index,size,0,sizeof(BYTE),TRUE,
467 &pInfo->fingerprint.pbData, &pInfo->fingerprint.cbData))
468 {
469 ERR("reading fingerprint failed!\n");
470 return FALSE;
471 }
472
473 /* allow structure size to be too big (since some applications
474 * will pad this up to 256 bytes, it seems) */
475 if (index>size)
476 {
477 /* this is an impossible-to-reach test, but if the padding
478 * issue is ever understood, this may become more useful */
479 ERR("loaded corrupt structure! (used %u expected %u)\n",
480 (unsigned int)index, (unsigned int)size);
481 status=FALSE;
482 }
483
484 return status;
485 }
486
487 /* perform sanity checks */
488 static
489 BOOL valid_protect_data(const struct protect_data_t *pInfo)
490 {
491 BOOL status=TRUE;
492
493 TRACE("called\n");
494
495 if (pInfo->count0 != 0x0001)
496 {
497 ERR("count0 != 0x0001 !\n");
498 status=FALSE;
499 }
500 if (pInfo->count1 != 0x0001)
501 {
502 ERR("count0 != 0x0001 !\n");
503 status=FALSE;
504 }
505 if (pInfo->null0 != 0x0000)
506 {
507 ERR("null0 != 0x0000 !\n");
508 status=FALSE;
509 }
510 if (pInfo->null1 != 0x0000)
511 {
512 ERR("null1 != 0x0000 !\n");
513 status=FALSE;
514 }
515 /* since we have no idea what info0 is used for, and it seems
516 * rather constant, we can test for a Wine-specific magic string
517 * there to be reasonably sure we're using data created by the Wine
518 * implementation of CryptProtectData.
519 */
520 if (pInfo->info0.cbData!=strlen(crypt_magic_str)+1 ||
521 strcmp( (LPCSTR)pInfo->info0.pbData,crypt_magic_str) != 0)
522 {
523 ERR("info0 magic value not matched !\n");
524 status=FALSE;
525 }
526
527 if (!status)
528 {
529 ERR("unrecognized CryptProtectData block\n");
530 }
531
532 return status;
533 }
534
535 static
536 void free_protect_data(struct protect_data_t * pInfo)
537 {
538 TRACE("called\n");
539
540 if (!pInfo) return;
541
542 CryptMemFree(pInfo->info0.pbData);
543 CryptMemFree(pInfo->info1.pbData);
544 CryptMemFree(pInfo->szDataDescr);
545 CryptMemFree(pInfo->data0.pbData);
546 CryptMemFree(pInfo->salt.pbData);
547 CryptMemFree(pInfo->cipher.pbData);
548 CryptMemFree(pInfo->fingerprint.pbData);
549 }
550
551 /* copies a string into a data blob */
552 static
553 BYTE *convert_str_to_blob(LPCSTR str, DATA_BLOB *blob)
554 {
555 if (!str || !blob) return NULL;
556
557 blob->cbData=strlen(str)+1;
558 if (!(blob->pbData=CryptMemAlloc(blob->cbData)))
559 {
560 blob->cbData=0;
561 }
562 else {
563 strcpy((LPSTR)blob->pbData, str);
564 }
565
566 return blob->pbData;
567 }
568
569 /*
570 * Populates everything except "cipher" and "fingerprint".
571 */
572 static
573 BOOL fill_protect_data(struct protect_data_t * pInfo, LPCWSTR szDataDescr,
574 HCRYPTPROV hProv)
575 {
576 DWORD dwStrLen;
577
578 TRACE("called\n");
579
580 if (!pInfo) return FALSE;
581
582 dwStrLen=lstrlenW(szDataDescr);
583
584 memset(pInfo,0,sizeof(*pInfo));
585
586 pInfo->count0=0x0001;
587
588 convert_str_to_blob(crypt_magic_str, &pInfo->info0);
589
590 pInfo->count1=0x0001;
591
592 convert_str_to_blob(crypt_magic_str, &pInfo->info1);
593
594 pInfo->null0=0x0000;
595
596 if ((pInfo->szDataDescr=CryptMemAlloc((dwStrLen+1)*sizeof(WCHAR))))
597 {
598 memcpy(pInfo->szDataDescr,szDataDescr,(dwStrLen+1)*sizeof(WCHAR));
599 }
600
601 pInfo->cipher_alg=CRYPT32_PROTECTDATA_KEY_CALG;
602 pInfo->cipher_key_len=CRYPT32_PROTECTDATA_KEY_LEN;
603
604 convert_str_to_blob(crypt_magic_str, &pInfo->data0);
605
606 pInfo->null1=0x0000;
607 pInfo->hash_alg=CRYPT32_PROTECTDATA_HASH_CALG;
608 pInfo->hash_len=CRYPT32_PROTECTDATA_HASH_LEN;
609
610 /* allocate memory to hold a salt */
611 pInfo->salt.cbData=CRYPT32_PROTECTDATA_SALT_LEN;
612 if ((pInfo->salt.pbData=CryptMemAlloc(pInfo->salt.cbData)))
613 {
614 /* generate random salt */
615 if (!CryptGenRandom(hProv, pInfo->salt.cbData, pInfo->salt.pbData))
616 {
617 ERR("CryptGenRandom\n");
618 free_protect_data(pInfo);
619 return FALSE;
620 }
621 }
622
623 /* debug: show our salt */
624 TRACE_DATA_BLOB(&pInfo->salt);
625
626 pInfo->cipher.cbData=0;
627 pInfo->cipher.pbData=NULL;
628
629 pInfo->fingerprint.cbData=0;
630 pInfo->fingerprint.pbData=NULL;
631
632 /* check all the allocations at once */
633 if (!pInfo->info0.pbData ||
634 !pInfo->info1.pbData ||
635 !pInfo->szDataDescr ||
636 !pInfo->data0.pbData ||
637 !pInfo->salt.pbData
638 )
639 {
640 ERR("could not allocate protect_data structures\n");
641 free_protect_data(pInfo);
642 return FALSE;
643 }
644
645 return TRUE;
646 }
647
648 static
649 BOOL convert_hash_to_blob(HCRYPTHASH hHash, DATA_BLOB * blob)
650 {
651 DWORD dwSize;
652
653 TRACE("called\n");
654
655 if (!blob) return FALSE;
656
657 dwSize=sizeof(DWORD);
658 if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE*)&blob->cbData,
659 &dwSize, 0))
660 {
661 ERR("failed to get hash size\n");
662 return FALSE;
663 }
664
665 if (!(blob->pbData=CryptMemAlloc(blob->cbData)))
666 {
667 ERR("failed to allocate blob memory\n");
668 return FALSE;
669 }
670
671 dwSize=blob->cbData;
672 if (!CryptGetHashParam(hHash, HP_HASHVAL, blob->pbData, &dwSize, 0))
673 {
674 ERR("failed to get hash value\n");
675 CryptMemFree(blob->pbData);
676 blob->pbData=NULL;
677 blob->cbData=0;
678 return FALSE;
679 }
680
681 return TRUE;
682 }
683
684 /* test that a given hash matches an exported-to-blob hash value */
685 static
686 BOOL hash_matches_blob(HCRYPTHASH hHash, const DATA_BLOB *two)
687 {
688 BOOL rc = FALSE;
689 DATA_BLOB one;
690
691 if (!two || !two->pbData) return FALSE;
692
693 if (!convert_hash_to_blob(hHash,&one)) {
694 return FALSE;
695 }
696
697 if ( one.cbData == two->cbData &&
698 memcmp( one.pbData, two->pbData, one.cbData ) == 0 )
699 {
700 rc = TRUE;
701 }
702
703 CryptMemFree(one.pbData);
704 return rc;
705 }
706
707 /* create an encryption key from a given salt and optional entropy */
708 static
709 BOOL load_encryption_key(HCRYPTPROV hProv, DWORD key_len, const DATA_BLOB *salt,
710 const DATA_BLOB *pOptionalEntropy, HCRYPTKEY *phKey)
711 {
712 BOOL rc = TRUE;
713 HCRYPTHASH hSaltHash;
714 char * szUsername = NULL;
715 DWORD dwUsernameLen;
716 DWORD dwError;
717
718 /* create hash for salt */
719 if (!salt || !phKey ||
720 !CryptCreateHash(hProv,CRYPT32_PROTECTDATA_HASH_CALG,0,0,&hSaltHash))
721 {
722 ERR("CryptCreateHash\n");
723 return FALSE;
724 }
725
726 /* This should be the "logon credentials" instead of username */
727 dwError=GetLastError();
728 dwUsernameLen = 0;
729 if (!GetUserNameA(NULL,&dwUsernameLen) &&
730 GetLastError()==ERROR_MORE_DATA && dwUsernameLen &&
731 (szUsername = CryptMemAlloc(dwUsernameLen)))
732 {
733 szUsername[0]='\0';
734 GetUserNameA( szUsername, &dwUsernameLen );
735 }
736 SetLastError(dwError);
737
738 /* salt the hash with:
739 * - the user id
740 * - an "internal secret"
741 * - randomness (from the salt)
742 * - user-supplied entropy
743 */
744 if ((szUsername && !CryptHashData(hSaltHash,(LPBYTE)szUsername,dwUsernameLen,0)) ||
745 !CryptHashData(hSaltHash,crypt32_protectdata_secret,
746 sizeof(crypt32_protectdata_secret)-1,0) ||
747 !CryptHashData(hSaltHash,salt->pbData,salt->cbData,0) ||
748 (pOptionalEntropy && !CryptHashData(hSaltHash,
749 pOptionalEntropy->pbData,
750 pOptionalEntropy->cbData,0)))
751 {
752 ERR("CryptHashData\n");
753 rc = FALSE;
754 }
755
756 /* produce a symmetric key */
757 if (rc && !CryptDeriveKey(hProv,CRYPT32_PROTECTDATA_KEY_CALG,
758 hSaltHash,key_len << 16 | CRYPT_EXPORTABLE,phKey))
759 {
760 ERR("CryptDeriveKey\n");
761 rc = FALSE;
762 }
763
764 /* clean up */
765 CryptDestroyHash(hSaltHash);
766 CryptMemFree(szUsername);
767
768 return rc;
769 }
770
771 /* debugging tool to print the structures of a ProtectData call */
772 static void
773 report(const DATA_BLOB* pDataIn, const DATA_BLOB* pOptionalEntropy,
774 CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct, DWORD dwFlags)
775 {
776 TRACE("pPromptStruct: %p\n", pPromptStruct);
777 if (pPromptStruct)
778 {
779 TRACE(" cbSize: 0x%x\n",(unsigned int)pPromptStruct->cbSize);
780 TRACE(" dwPromptFlags: 0x%x\n",(unsigned int)pPromptStruct->dwPromptFlags);
781 TRACE(" hwndApp: %p\n", pPromptStruct->hwndApp);
782 TRACE(" szPrompt: %p %s\n",
783 pPromptStruct->szPrompt,
784 pPromptStruct->szPrompt ? debugstr_w(pPromptStruct->szPrompt)
785 : "");
786 }
787 TRACE("dwFlags: 0x%04x\n",(unsigned int)dwFlags);
788 TRACE_DATA_BLOB(pDataIn);
789 if (pOptionalEntropy)
790 {
791 TRACE_DATA_BLOB(pOptionalEntropy);
792 TRACE(" %s\n",debugstr_an((LPCSTR)pOptionalEntropy->pbData,pOptionalEntropy->cbData));
793 }
794
795 }
796
797
798 /***************************************************************************
799 * CryptProtectData [CRYPT32.@]
800 *
801 * Generate Cipher data from given Plain and Entropy data.
802 *
803 * PARAMS
804 * pDataIn [I] Plain data to be enciphered
805 * szDataDescr [I] Optional Unicode string describing the Plain data
806 * pOptionalEntropy [I] Optional entropy data to adjust cipher, can be NULL
807 * pvReserved [I] Reserved, must be NULL
808 * pPromptStruct [I] Structure describing if/how to prompt during ciphering
809 * dwFlags [I] Flags describing options to the ciphering
810 * pDataOut [O] Resulting Cipher data, for calls to CryptUnprotectData
811 *
812 * RETURNS
813 * TRUE If a Cipher was generated.
814 * FALSE If something failed and no Cipher is available.
815 *
816 * FIXME
817 * The true Windows encryption and keying mechanisms are unknown.
818 *
819 * dwFlags and pPromptStruct are currently ignored.
820 *
821 * NOTES
822 * Memory allocated in pDataOut must be freed with LocalFree.
823 *
824 */
825 BOOL WINAPI CryptProtectData(DATA_BLOB* pDataIn,
826 LPCWSTR szDataDescr,
827 DATA_BLOB* pOptionalEntropy,
828 PVOID pvReserved,
829 CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
830 DWORD dwFlags,
831 DATA_BLOB* pDataOut)
832 {
833 static const WCHAR empty_str[1];
834 BOOL rc = FALSE;
835 HCRYPTPROV hProv;
836 struct protect_data_t protect_data;
837 HCRYPTHASH hHash;
838 HCRYPTKEY hKey;
839 DWORD dwLength;
840
841 TRACE("called\n");
842
843 SetLastError(ERROR_SUCCESS);
844
845 if (!pDataIn || !pDataOut)
846 {
847 SetLastError(ERROR_INVALID_PARAMETER);
848 goto finished;
849 }
850
851 /* debug: show our arguments */
852 report(pDataIn,pOptionalEntropy,pPromptStruct,dwFlags);
853 TRACE("\tszDataDescr: %p %s\n", szDataDescr,
854 szDataDescr ? debugstr_w(szDataDescr) : "");
855
856 /* Windows appears to create an empty szDataDescr instead of maintaining
857 * a NULL */
858 if (!szDataDescr)
859 szDataDescr = empty_str;
860
861 /* get crypt context */
862 if (!CryptAcquireContextW(&hProv,NULL,MS_ENHANCED_PROV_W,CRYPT32_PROTECTDATA_PROV,CRYPT_VERIFYCONTEXT))
863 {
864 ERR("CryptAcquireContextW failed\n");
865 goto finished;
866 }
867
868 /* populate our structure */
869 if (!fill_protect_data(&protect_data,szDataDescr,hProv))
870 {
871 ERR("fill_protect_data\n");
872 goto free_context;
873 }
874
875 /* load key */
876 if (!load_encryption_key(hProv,protect_data.cipher_key_len,&protect_data.salt,pOptionalEntropy,&hKey))
877 {
878 goto free_protect_data;
879 }
880
881 /* create a hash for the encryption validation */
882 if (!CryptCreateHash(hProv,CRYPT32_PROTECTDATA_HASH_CALG,0,0,&hHash))
883 {
884 ERR("CryptCreateHash\n");
885 goto free_key;
886 }
887
888 /* calculate storage required */
889 dwLength=pDataIn->cbData;
890 if (CryptEncrypt(hKey, 0, TRUE, 0, pDataIn->pbData, &dwLength, 0) ||
891 GetLastError()!=ERROR_MORE_DATA)
892 {
893 ERR("CryptEncrypt\n");
894 goto free_hash;
895 }
896 TRACE("required encrypted storage: %u\n",(unsigned int)dwLength);
897
898 /* copy plain text into cipher area for CryptEncrypt call */
899 protect_data.cipher.cbData=dwLength;
900 if (!(protect_data.cipher.pbData=CryptMemAlloc(
901 protect_data.cipher.cbData)))
902 {
903 ERR("CryptMemAlloc\n");
904 goto free_hash;
905 }
906 memcpy(protect_data.cipher.pbData,pDataIn->pbData,pDataIn->cbData);
907
908 /* encrypt! */
909 dwLength=pDataIn->cbData;
910 if (!CryptEncrypt(hKey, hHash, TRUE, 0, protect_data.cipher.pbData,
911 &dwLength, protect_data.cipher.cbData))
912 {
913 ERR("CryptEncrypt %u\n",(unsigned int)GetLastError());
914 goto free_hash;
915 }
916 protect_data.cipher.cbData=dwLength;
917
918 /* debug: show the cipher */
919 TRACE_DATA_BLOB(&protect_data.cipher);
920
921 /* attach our fingerprint */
922 if (!convert_hash_to_blob(hHash, &protect_data.fingerprint))
923 {
924 ERR("convert_hash_to_blob\n");
925 goto free_hash;
926 }
927
928 /* serialize into an opaque blob */
929 if (!serialize(&protect_data, pDataOut))
930 {
931 ERR("serialize\n");
932 goto free_hash;
933 }
934
935 /* success! */
936 rc=TRUE;
937
938 free_hash:
939 CryptDestroyHash(hHash);
940 free_key:
941 CryptDestroyKey(hKey);
942 free_protect_data:
943 free_protect_data(&protect_data);
944 free_context:
945 CryptReleaseContext(hProv,0);
946 finished:
947 /* If some error occurred, and no error code was set, force one. */
948 if (!rc && GetLastError()==ERROR_SUCCESS)
949 {
950 SetLastError(ERROR_INVALID_DATA);
951 }
952
953 if (rc)
954 {
955 SetLastError(ERROR_SUCCESS);
956
957 TRACE_DATA_BLOB(pDataOut);
958 }
959
960 TRACE("returning %s\n", rc ? "ok" : "FAIL");
961
962 return rc;
963 }
964
965
966 /***************************************************************************
967 * CryptUnprotectData [CRYPT32.@]
968 *
969 * Generate Plain data and Description from given Cipher and Entropy data.
970 *
971 * PARAMS
972 * pDataIn [I] Cipher data to be decoded
973 * ppszDataDescr [O] Optional Unicode string describing the Plain data
974 * pOptionalEntropy [I] Optional entropy data to adjust cipher, can be NULL
975 * pvReserved [I] Reserved, must be NULL
976 * pPromptStruct [I] Structure describing if/how to prompt during decoding
977 * dwFlags [I] Flags describing options to the decoding
978 * pDataOut [O] Resulting Plain data, from calls to CryptProtectData
979 *
980 * RETURNS
981 * TRUE If a Plain was generated.
982 * FALSE If something failed and no Plain is available.
983 *
984 * FIXME
985 * The true Windows encryption and keying mechanisms are unknown.
986 *
987 * dwFlags and pPromptStruct are currently ignored.
988 *
989 * NOTES
990 * Memory allocated in pDataOut and non-NULL ppszDataDescr must be freed
991 * with LocalFree.
992 *
993 */
994 BOOL WINAPI CryptUnprotectData(DATA_BLOB* pDataIn,
995 LPWSTR * ppszDataDescr,
996 DATA_BLOB* pOptionalEntropy,
997 PVOID pvReserved,
998 CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
999 DWORD dwFlags,
1000 DATA_BLOB* pDataOut)
1001 {
1002 BOOL rc = FALSE;
1003
1004 HCRYPTPROV hProv;
1005 struct protect_data_t protect_data;
1006 HCRYPTHASH hHash;
1007 HCRYPTKEY hKey;
1008 DWORD dwLength;
1009
1010 const char * announce_bad_opaque_data = "CryptUnprotectData received a DATA_BLOB that seems to have NOT been generated by Wine. Please enable tracing ('export WINEDEBUG=crypt') to see details.";
1011
1012 TRACE("called\n");
1013
1014 SetLastError(ERROR_SUCCESS);
1015
1016 if (!pDataIn || !pDataOut)
1017 {
1018 SetLastError(ERROR_INVALID_PARAMETER);
1019 goto finished;
1020 }
1021 if (!pDataIn->cbData)
1022 {
1023 SetLastError(ERROR_INVALID_DATA);
1024 goto finished;
1025 }
1026
1027 /* debug: show our arguments */
1028 report(pDataIn,pOptionalEntropy,pPromptStruct,dwFlags);
1029 TRACE("\tppszDataDescr: %p\n", ppszDataDescr);
1030
1031 /* take apart the opaque blob */
1032 if (!unserialize(pDataIn, &protect_data))
1033 {
1034 SetLastError(ERROR_INVALID_DATA);
1035 FIXME("%s\n",announce_bad_opaque_data);
1036 goto finished;
1037 }
1038
1039 /* perform basic validation on the resulting structure */
1040 if (!valid_protect_data(&protect_data))
1041 {
1042 SetLastError(ERROR_INVALID_DATA);
1043 FIXME("%s\n",announce_bad_opaque_data);
1044 goto free_protect_data;
1045 }
1046
1047 /* get a crypt context */
1048 if (!CryptAcquireContextW(&hProv,NULL,MS_ENHANCED_PROV_W,CRYPT32_PROTECTDATA_PROV,CRYPT_VERIFYCONTEXT))
1049 {
1050 ERR("CryptAcquireContextW failed\n");
1051 goto free_protect_data;
1052 }
1053
1054 /* load key */
1055 if (!load_encryption_key(hProv,protect_data.cipher_key_len,&protect_data.salt,pOptionalEntropy,&hKey))
1056 {
1057 goto free_context;
1058 }
1059
1060 /* create a hash for the decryption validation */
1061 if (!CryptCreateHash(hProv,CRYPT32_PROTECTDATA_HASH_CALG,0,0,&hHash))
1062 {
1063 ERR("CryptCreateHash\n");
1064 goto free_key;
1065 }
1066
1067 /* prepare for plaintext */
1068 pDataOut->cbData=protect_data.cipher.cbData;
1069 if (!(pDataOut->pbData=LocalAlloc( LPTR, pDataOut->cbData)))
1070 {
1071 ERR("CryptMemAlloc\n");
1072 goto free_hash;
1073 }
1074 memcpy(pDataOut->pbData,protect_data.cipher.pbData,protect_data.cipher.cbData);
1075
1076 /* decrypt! */
1077 if (!CryptDecrypt(hKey, hHash, TRUE, 0, pDataOut->pbData,
1078 &pDataOut->cbData) ||
1079 /* check the hash fingerprint */
1080 pDataOut->cbData > protect_data.cipher.cbData ||
1081 !hash_matches_blob(hHash, &protect_data.fingerprint))
1082 {
1083 SetLastError(ERROR_INVALID_DATA);
1084
1085 LocalFree( pDataOut->pbData );
1086 pDataOut->pbData = NULL;
1087 pDataOut->cbData = 0;
1088
1089 goto free_hash;
1090 }
1091
1092 /* Copy out the description */
1093 dwLength = (lstrlenW(protect_data.szDataDescr)+1) * sizeof(WCHAR);
1094 if (ppszDataDescr)
1095 {
1096 if (!(*ppszDataDescr = LocalAlloc(LPTR,dwLength)))
1097 {
1098 ERR("LocalAlloc (ppszDataDescr)\n");
1099 goto free_hash;
1100 }
1101 else {
1102 memcpy(*ppszDataDescr,protect_data.szDataDescr,dwLength);
1103 }
1104 }
1105
1106 /* success! */
1107 rc = TRUE;
1108
1109 free_hash:
1110 CryptDestroyHash(hHash);
1111 free_key:
1112 CryptDestroyKey(hKey);
1113 free_context:
1114 CryptReleaseContext(hProv,0);
1115 free_protect_data:
1116 free_protect_data(&protect_data);
1117 finished:
1118 /* If some error occurred, and no error code was set, force one. */
1119 if (!rc && GetLastError()==ERROR_SUCCESS)
1120 {
1121 SetLastError(ERROR_INVALID_DATA);
1122 }
1123
1124 if (rc) {
1125 SetLastError(ERROR_SUCCESS);
1126
1127 if (ppszDataDescr)
1128 {
1129 TRACE("szDataDescr: %s\n",debugstr_w(*ppszDataDescr));
1130 }
1131 TRACE_DATA_BLOB(pDataOut);
1132 }
1133
1134 TRACE("returning %s\n", rc ? "ok" : "FAIL");
1135
1136 return rc;
1137 }
DirectPlay implementation for GSoC